security_groups/dynamic_asgs.go fails due hardcoded ASG private network ranges

[renelehmann]

Issue While executing the test for enabled dynamic ASG it creates an ASG with fixed private network ranges and checks the connection to cc via https://cloud-controller-ng.service.cf.internal:9024/v2/info. It does not cover foundations using other IP ranges than these hardcoded private network ranges.

Context cats version: 16.2.0, 16.3.0, latest 16.4.0 With commit https://github.com/cloudfoundry/cf-acceptance-tests/commit/7f50d0b86824dd69ed565c6bf98e03fc0165eac5 the ASG was redefined and the destination 10.0.0.0/0 (which covered our used IPs for cc) has been replaced with 10.0.0./8.

security_groups/dynamic_asgs.go (ASG covers private network ranges only): https://github.com/cloudfoundry/cf-acceptance-tests/blob/v16.4.0/security_groups/dynamic_asgs.go#L153-L166

Possible Fix Please revert this ASG definition to the destination 10.0.0.0/0 like it was before or even more open with 0.0.0.0 without any CIDR. But a better approach would be either:

1. get the used IPs of all the cc endpoints and define this specific IP destinations on the ASG (e.g. with net.LookupIP and loop trough the range).

or

2. Introducing a cats-config.json property to define or overwrite the ASG destination range.