Allow network ip addresses

Currently cloud environments uses heavily prefix /32 (/128) what makes
IPA validators to fail. IPA should not care if IP address is network or not.
This commit allows usage of network addresses in:
* host plugin
* dns plugin
* server-installer
* client-installer

https://fedorahosted.org/freeipa/ticket/5814

Reviewed-By: David Kupka <dkupka@redhat.com>

ipapython/ipautil.py

@@ -132,8 +132,8 @@ class CheckedIPAddress(UnsafeIPAddress):
     Reserved or link-local addresses are never accepted.
     """
     def __init__(self, addr, match_local=False, parse_netmask=True,
-                 allow_network=False, allow_loopback=False,
+                 allow_loopback=False, allow_broadcast=False,
-                 allow_broadcast=False, allow_multicast=False):
+                 allow_multicast=False):
 
         super(CheckedIPAddress, self).__init__(addr)
         if isinstance(addr, CheckedIPAddress):
@@ -199,14 +199,15 @@ class CheckedIPAddress(UnsafeIPAddress):
             elif self.version == 6:
                 self._net = netaddr.IPNetwork(str(self) + '/64')
 
-        if not allow_network and self == self._net.network:
-            raise ValueError("cannot use IP network address {}".format(addr))
         if not allow_broadcast and (self.version == 4 and
                                     self == self._net.broadcast):
             raise ValueError("cannot use broadcast IP address {}".format(addr))
 
         self.prefixlen = self._net.prefixlen
 
+    def is_network_addr(self):
+        return self == self._net.network
+
 
 def valid_ip(addr):
     return netaddr.valid_ipv4(addr) or netaddr.valid_ipv6(addr)

ipaserver/plugins/dns.py

@@ -413,8 +413,7 @@ def _validate_bind_aci(ugettext, bind_acis):
             bind_aci = bind_aci[1:]
 
         try:
-            ip = CheckedIPAddress(bind_aci, parse_netmask=True,
+            CheckedIPAddress(bind_aci, parse_netmask=True, allow_loopback=True)
-                                  allow_network=True, allow_loopback=True)
         except (netaddr.AddrFormatError, ValueError) as e:
             return unicode(e)
         except UnboundLocalError:
@@ -439,7 +438,7 @@ def _normalize_bind_aci(bind_acis):
 
         try:
             ip = CheckedIPAddress(bind_aci, parse_netmask=True,
-                                  allow_network=True, allow_loopback=True)
+                                  allow_loopback=True)
             if '/' in bind_aci:    # addr with netmask
                 netmask = "/%s" % ip.prefixlen
             else:

ipatests/test_ipapython/test_ipautil.py

@@ -44,6 +44,7 @@ def make_ipaddress_checker(addr, words=None, prefixlen=None):
 
 def test_ip_address():
     addrs = [
+        ('0.0.0.0/0',),
         ('10.11.12.13',     (10, 11, 12, 13),   8),
         ('10.11.12.13/14',  (10, 11, 12, 13),   14),
         ('10.11.12.13%zoneid',),
@@ -53,10 +54,11 @@ def test_ip_address():
         ('127.0.0.1',),
         ('241.1.2.3',),
         ('169.254.1.2',),
-        ('10.11.12.0/24',),
+        ('10.11.12.0/24',   (10, 11, 12, 0),   24),
         ('224.5.6.7',),
         ('10.11.12.255/24',),
 
+        ('::/0',),
         ('2001::1',         (0x2001, 0, 0, 0, 0, 0, 0, 1), 64),
         ('2001::1/72',      (0x2001, 0, 0, 0, 0, 0, 0, 1), 72),
         ('2001::1%zoneid',  (0x2001, 0, 0, 0, 0, 0, 0, 1), 64),
@@ -66,7 +68,7 @@ def test_ip_address():
         ('::1',),
         ('6789::1',),
         ('fe89::1',),
-        ('2001::/64',),
+        ('2001::/64',       (0x2001, 0, 0, 0, 0, 0, 0, 0), 64),
         ('ff01::1',),
 
         ('junk',)