From cad9780266e6565e0dee877c2c67850b645f0489 Mon Sep 17 00:00:00 2001 From: den-rgb Date: Fri, 22 Nov 2024 15:59:19 +0000 Subject: [PATCH] OCM-12442 | feat: Added github hostname validation --- go.mod | 4 ++-- go.sum | 6 ++++-- provider/identityprovider/github.go | 23 ++++++++++++++++++++--- tests/e2e/idps_test.go | 20 ++++++++++++++++++++ 4 files changed, 46 insertions(+), 7 deletions(-) diff --git a/go.mod b/go.mod index 60718629..11e71107 100644 --- a/go.mod +++ b/go.mod @@ -24,7 +24,8 @@ require ( go.uber.org/mock v0.4.0 gopkg.in/yaml.v2 v2.4.0 gopkg.in/yaml.v3 v3.0.1 - k8s.io/apimachinery v0.29.3 + k8s.io/apimachinery v0.29.2 + k8s.io/utils v0.0.0-20230726121419-3b25d923346b sigs.k8s.io/yaml v1.3.0 ) @@ -62,7 +63,6 @@ require ( golang.org/x/sync v0.7.0 // indirect golang.org/x/sys v0.22.0 // indirect k8s.io/klog/v2 v2.110.1 // indirect - k8s.io/utils v0.0.0-20230726121419-3b25d923346b // indirect ) require ( diff --git a/go.sum b/go.sum index b92c8b66..f7efbeab 100644 --- a/go.sum +++ b/go.sum @@ -247,6 +247,7 @@ github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= @@ -261,6 +262,7 @@ github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hf github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 h1:K6RDEckDVWvDI9JAJYCmNdQXq6neHJOYx3V6jnqNEec= github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= +github.com/google/pprof v0.0.0-20240525223248-4bfdf5a9a2af/go.mod h1:K1liHPHnj73Fdn/EKuT8nrFqBihUSKXoLYU0BuatOYo= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= @@ -978,8 +980,8 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -k8s.io/apimachinery v0.29.3 h1:2tbx+5L7RNvqJjn7RIuIKu9XTsIZ9Z5wX2G22XAa5EU= -k8s.io/apimachinery v0.29.3/go.mod h1:hx/S4V2PNW4OMg3WizRrHutyB5la0iCUbZym+W0EQIU= +k8s.io/apimachinery v0.29.2 h1:EWGpfJ856oj11C52NRCHuU7rFDwxev48z+6DSlGNsV8= +k8s.io/apimachinery v0.29.2/go.mod h1:6HVkd1FwxIagpYrHSwJlQqZI3G9LfYWRPAkUvLnXTKU= k8s.io/klog/v2 v2.110.1 h1:U/Af64HJf7FcwMcXyKm2RPM22WZzyR7OSpYj5tg3cL0= k8s.io/klog/v2 v2.110.1/go.mod h1:YGtd1984u+GgbuZ7e08/yBuAfKLSO0+uR1Fhi6ExXjo= k8s.io/utils v0.0.0-20230726121419-3b25d923346b h1:sgn3ZU783SCgtaSJjpcVVlRqd6GSnlTLKgpAAttJvpI= diff --git a/provider/identityprovider/github.go b/provider/identityprovider/github.go index c15a5080..c315b6a6 100644 --- a/provider/identityprovider/github.go +++ b/provider/identityprovider/github.go @@ -12,6 +12,8 @@ import ( "github.com/hashicorp/terraform-plugin-framework/schema/validator" "github.com/hashicorp/terraform-plugin-framework/types" cmv1 "github.com/openshift-online/ocm-sdk-go/clustersmgmt/v1" + "k8s.io/apimachinery/pkg/util/validation" + netutils "k8s.io/utils/net" "github.com/terraform-redhat/terraform-provider-rhcs/provider/common" "github.com/terraform-redhat/terraform-provider-rhcs/provider/common/attrvalidators" @@ -88,14 +90,29 @@ func githubHostnameValidator() validator.String { hostname := req.ConfigValue // Validate hostname if !hostname.IsUnknown() && !hostname.IsNull() && len(hostname.ValueString()) > 0 { - _, err := url.ParseRequestURI(hostname.ValueString()) + hostnameStr := hostname.ValueString() + if hostnameStr == "" { + return + } + if hostnameStr == "github.com" || strings.HasSuffix(hostnameStr, ".github.com") { + resp.Diagnostics.AddAttributeError(req.Path, "invalid hostname", + fmt.Sprintf("'%s' hostname cannot be equal to [*.]github.com", hostnameStr), + ) + return + } + if !(len(validation.IsDNS1123Subdomain(hostnameStr)) == 0 || netutils.ParseIPSloppy(hostnameStr) != nil) { + resp.Diagnostics.AddAttributeError(req.Path, "invalid hostname", + fmt.Sprintf("'%s' hostname must be a valid DNS subdomain or IP address", hostnameStr), + ) + return + } + _, err := url.ParseRequestURI(hostnameStr) if err != nil { resp.Diagnostics.AddAttributeError(req.Path, "invalid hostname", - fmt.Sprintf("Expected a valid GitHub hostname. Got %v", hostname.ValueString()), + fmt.Sprintf("Expected a valid GitHub hostname. Got %v", hostnameStr), ) } } - }) } diff --git a/tests/e2e/idps_test.go b/tests/e2e/idps_test.go index 434b0060..11edc151 100644 --- a/tests/e2e/idps_test.go +++ b/tests/e2e/idps_test.go @@ -679,6 +679,26 @@ var _ = Describe("Identity Providers", ci.Day2, ci.FeatureIDP, func() { args = getDefaultGoogleArgs(idpName) args.ClientSecret = helper.EmptyStringPointer validateIDPArgAgainstErrorSubstrings(idpServices.google, args, "Attribute 'client_secret' is mandatory") + + By("Create github idp with invalid hostname") + args = getDefaultGitHubArgs(idpName) + args.HostedDomain = helper.StringPointer("github.com") + validateIDPArgAgainstErrorSubstrings(idpServices.github, args, "hostname cannot be equal to [*.]github.com") + + By("Create github idp with invalid hostname suffix") + args = getDefaultGitHubArgs(idpName) + args.HostedDomain = helper.StringPointer("example.github.com") + validateIDPArgAgainstErrorSubstrings(idpServices.github, args, "hostname cannot be equal to [*.]github.com") + + By("Create github idp with invalid hostname (not a DNS subdomain or IP address)") + args = getDefaultGitHubArgs(idpName) + args.HostedDomain = helper.StringPointer(" invalid hostname ") + validateIDPArgAgainstErrorSubstrings(idpServices.github, args, "hostname must be a valid DNS subdomain or IP address") + + By("Create github idp with empty hostname") + args = getDefaultGitHubArgs(idpName) + args.HostedDomain = helper.EmptyStringPointer + validateIDPArgAgainstErrorSubstrings(idpServices.github, args, "Attribute 'hostname' is mandatory") }) It("htpasswd with empty user-password list will fail - [id:66409]", ci.Medium, func() {