OCM-12442 | feat: Added github hostname validation

terraform-redhat · Nov 22, 2024 · ead1967 · ead1967
1 parent 67e4fc9
commit ead1967
Show file tree

Hide file tree

Showing 4 changed files with 46 additions and 7 deletions.
diff --git a/go.mod b/go.mod
@@ -24,7 +24,8 @@ require (
 	go.uber.org/mock v0.4.0
 	gopkg.in/yaml.v2 v2.4.0
 	gopkg.in/yaml.v3 v3.0.1
-	k8s.io/apimachinery v0.29.3
+	k8s.io/apimachinery v0.29.2
+	k8s.io/utils v0.0.0-20230726121419-3b25d923346b
 	sigs.k8s.io/yaml v1.3.0
 )
 
@@ -62,7 +63,6 @@ require (
 	golang.org/x/sync v0.7.0 // indirect
 	golang.org/x/sys v0.22.0 // indirect
 	k8s.io/klog/v2 v2.110.1 // indirect
-	k8s.io/utils v0.0.0-20230726121419-3b25d923346b // indirect
 )
 
 require (

diff --git a/go.sum b/go.sum
@@ -247,6 +247,7 @@ github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
 github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
@@ -261,6 +262,7 @@ github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hf
 github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
 github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 h1:K6RDEckDVWvDI9JAJYCmNdQXq6neHJOYx3V6jnqNEec=
 github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
+github.com/google/pprof v0.0.0-20240525223248-4bfdf5a9a2af/go.mod h1:K1liHPHnj73Fdn/EKuT8nrFqBihUSKXoLYU0BuatOYo=
 github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
 github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
@@ -978,8 +980,8 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh
 honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
 honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
 honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
-k8s.io/apimachinery v0.29.3 h1:2tbx+5L7RNvqJjn7RIuIKu9XTsIZ9Z5wX2G22XAa5EU=
-k8s.io/apimachinery v0.29.3/go.mod h1:hx/S4V2PNW4OMg3WizRrHutyB5la0iCUbZym+W0EQIU=
+k8s.io/apimachinery v0.29.2 h1:EWGpfJ856oj11C52NRCHuU7rFDwxev48z+6DSlGNsV8=
+k8s.io/apimachinery v0.29.2/go.mod h1:6HVkd1FwxIagpYrHSwJlQqZI3G9LfYWRPAkUvLnXTKU=
 k8s.io/klog/v2 v2.110.1 h1:U/Af64HJf7FcwMcXyKm2RPM22WZzyR7OSpYj5tg3cL0=
 k8s.io/klog/v2 v2.110.1/go.mod h1:YGtd1984u+GgbuZ7e08/yBuAfKLSO0+uR1Fhi6ExXjo=
 k8s.io/utils v0.0.0-20230726121419-3b25d923346b h1:sgn3ZU783SCgtaSJjpcVVlRqd6GSnlTLKgpAAttJvpI=

diff --git a/provider/identityprovider/github.go b/provider/identityprovider/github.go
@@ -12,6 +12,8 @@ import (
 	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
 	"github.com/hashicorp/terraform-plugin-framework/types"
 	cmv1 "github.com/openshift-online/ocm-sdk-go/clustersmgmt/v1"
+	"k8s.io/apimachinery/pkg/util/validation"
+	netutils "k8s.io/utils/net"
 
 	"github.com/terraform-redhat/terraform-provider-rhcs/provider/common"
 	"github.com/terraform-redhat/terraform-provider-rhcs/provider/common/attrvalidators"
@@ -88,14 +90,29 @@ func githubHostnameValidator() validator.String {
 		hostname := req.ConfigValue
 		// Validate hostname
 		if !hostname.IsUnknown() && !hostname.IsNull() && len(hostname.ValueString()) > 0 {
-			_, err := url.ParseRequestURI(hostname.ValueString())
+			hostnameStr := hostname.ValueString()
+			if hostnameStr == "" {
+				return
+			}
+			if hostnameStr == "github.com" || strings.HasSuffix(hostnameStr, ".github.com") {
+				resp.Diagnostics.AddAttributeError(req.Path, "invalid hostname",
+					fmt.Sprintf("'%s' hostname cannot be equal to [*.]github.com", hostnameStr),
+				)
+				return
+			}
+			if !(len(validation.IsDNS1123Subdomain(hostnameStr)) == 0 || netutils.ParseIPSloppy(hostnameStr) != nil) {
+				resp.Diagnostics.AddAttributeError(req.Path, "invalid hostname",
+					fmt.Sprintf("'%s' hostname must be a valid DNS subdomain or IP address", hostnameStr),
+				)
+				return
+			}
+			_, err := url.ParseRequestURI(hostnameStr)
 			if err != nil {
 				resp.Diagnostics.AddAttributeError(req.Path, "invalid hostname",
-					fmt.Sprintf("Expected a valid GitHub hostname. Got %v", hostname.ValueString()),
+					fmt.Sprintf("Expected a valid GitHub hostname. Got %v", hostnameStr),
 				)
 			}
 		}
-
 	})
 }
 

diff --git a/tests/e2e/idps_test.go b/tests/e2e/idps_test.go
@@ -679,6 +679,26 @@ var _ = Describe("Identity Providers", ci.Day2, ci.FeatureIDP, func() {
 			args = getDefaultGoogleArgs(idpName)
 			args.ClientSecret = helper.EmptyStringPointer
 			validateIDPArgAgainstErrorSubstrings(idpServices.google, args, "Attribute 'client_secret' is mandatory")
+
+			By("Create github idp with invalid hostname")
+			args = getDefaultGitHubArgs(idpName)
+			args.HostedDomain = helper.StringPointer("github.com")
+			validateIDPArgAgainstErrorSubstrings(idpServices.github, args, "hostname cannot be equal to [*.]github.com")
+
+			By("Create github idp with invalid hostname suffix")
+			args = getDefaultGitHubArgs(idpName)
+			args.HostedDomain = helper.StringPointer("example.github.com")
+			validateIDPArgAgainstErrorSubstrings(idpServices.github, args, "hostname cannot be equal to [*.]github.com")
+
+			By("Create github idp with invalid hostname (not a DNS subdomain or IP address)")
+			args = getDefaultGitHubArgs(idpName)
+			args.HostedDomain = helper.StringPointer(" invalid hostname ")
+			validateIDPArgAgainstErrorSubstrings(idpServices.github, args, "hostname must be a valid DNS subdomain or IP address")
+
+			By("Create github idp with empty hostname")
+			args = getDefaultGitHubArgs(idpName)
+			args.HostedDomain = helper.EmptyStringPointer
+			validateIDPArgAgainstErrorSubstrings(idpServices.github, args, "Attribute 'hostname' is mandatory")
 		})
 
 		It("htpasswd with empty user-password list will fail - [id:66409]", ci.Medium, func() {