utilize new address type in pgv for better errors #7823
Conversation
this utilizes the new "address" validation type for better error messages when validating configuration of the "address" type. Signed-off-by: Cynthia Coan <ccoan@instructure.com>
|
Looks like some tests, define invalid addresses. Like: |
Signed-off-by: Cynthia Coan <ccoan@instructure.com>
|
Okay, I've fixed those addresses to be values. However, it looks like the I can imagine a couple fixes:
|
There was a problem hiding this comment.
Question from @envoyproxy/api-shepherds perspective: how does this interact with address resolvers?
Today, we can do resolver plugins that can take the address and reinterpret, and they may not be subject to the same restrictions as hostnames or IP addresses. I'd like this kind of detailed error validation for regular addresses but not sure if we can break the existing users of resolvers who don't play by these rules.
|
@htuch I believe custom resolvers fit in along the same line of the LDS Tests (which I tried to detail above, which is hopefully coherent). To be more specific, it would break if a custom resolver is using a non socket address in the socket address field. This can be something simple like: If that is also something being supported, then I feel like option #4 detailed above might be best. (i.e. not rolling forward with this change, and instead fixing the case of the bad error message in this single caller we discovered). If it's something we don't wanna support that's probably a much larger discussion than what was supposed to be a small PR, and it's probably best to close this, and open up a more formal issue (perhaps fixing the one caller in the meantime). |
|
@securityinsanity I'm not sure if we need to support The main issue here is that I know we have internally discussed having resolvers from a similar form, e.g. FWIW, in UDPA (next gen xDS), we will have an opportunity to revisit fields and we might want to support IP addresses as first class, distinct from resolvable, in which case we can use these stricter annotations. Ideally we would have cross-field annotations in the form of CEL or something in PGV, which would allow this even today (i.e. "if the resolver is default, apply the host name / IP address restriction"). |
|
@htuch Thanks for that context. This all makes sense, taking this into account. I'm going to close this PR. Then open up another one to fix this particular |
|
Yep, thanks. Apologies for not spotting this earlier. |
|
No worries at all. |
revival of envoyproxy#7823 this fixes a particular exception case where an end-user configures a socket address to point at: `https://google.com` instead of just the hostname: `google.com`. instead of throwing an (stoi) error. because it can't turn: `//google.com` into a port. we now through a slightly more sane: `malformed url`. it isn't as good as a protoc-gen-validate message since it's not clear why: `tcp://` gets prepended, but I think it's digestable enough to know, you shouldn't be putting https there. not to mention it is a step forward from: `stoi`. Signed-off-by: Cynthia Coan <ccoan@instructure.com>
revival of #7823 this fixes a particular exception case where an end-user configures a socket address to point at: `https://google.com` instead of just the hostname: `google.com`. instead of throwing an (stoi) error. because it can't turn: `//google.com` into a port. we now through a slightly more sane: `malformed url`. it isn't as good as a protoc-gen-validate message since it's not clear why: `tcp://` gets prepended, but I think it's digestable enough to know, you shouldn't be putting https there. not to mention it is a step forward from: `stoi`. Risk Level: Low Testing: Not only are there unit tests, but you can run through the following configurations and see the new error messages. Docs Changes: None Release Notes: None Signed-off-by: Cynthia Coan <ccoan@instructure.com>
Description:
Utilize the "address" type string validation that has been added to newer versions of protoc-gen-validate. This can help fix error messages that are poor (stoi), and give you an actual: "this is an invalid address" type flag.
Risk Level: Medium.
This should cover all the same address types. I set the risk level to medium though because the chance is always there. PGV doesn't check unix domain sockets, but my understanding is those use a seperate protobuf:
Pipetype.It'd be nice if people were able to run their configs through it too though.
Testing:
I've prepared some example configs (using the original config we found the issue with, which uses some deprecated fields, as well as a config that isn't deprecated): HERE.
If you run these configs through
--mode validate. You will see before this patchset they unhelpfully give an error message of:stoi(this is because it tries to split:https://google.com, and turn://google.cominto a port, which fails).Now with this patch included you will instead see a more reasonable message of:
The end containing the actual error message (
value must be an ip address, or a hostname).Ideally you have some configs you can run through to ensure no false positives if tests don't cover those.
Docs Changes: None should be needed since it's the same field, just a better error message.
Release Notes: N/A