From 4c1bc47fe6ea0803f6472d8ff84f38c48ebfabfe Mon Sep 17 00:00:00 2001 From: wjun Date: Wed, 18 Jul 2018 18:56:43 +0800 Subject: [PATCH] Loose http_proxy and https_proxy check --- cmd/vic-machine/common/proxy.go | 22 ++++--- cmd/vic-machine/common/proxy_test.go | 58 +++++++++++++++++++ .../23-03-VCH-Create.robot | 18 ------ .../Group6-VIC-Machine/6-16-Config.robot | 24 ++++++++ 4 files changed, 96 insertions(+), 26 deletions(-) create mode 100644 cmd/vic-machine/common/proxy_test.go diff --git a/cmd/vic-machine/common/proxy.go b/cmd/vic-machine/common/proxy.go index f9fa11e776..a678ff0f29 100644 --- a/cmd/vic-machine/common/proxy.go +++ b/cmd/vic-machine/common/proxy.go @@ -52,19 +52,25 @@ func (p *Proxies) ProcessProxies() (hproxy, sproxy *url.URL, err error) { p.IsSet = true } if p.HTTPProxy != nil && *p.HTTPProxy != "" { - hproxy, err = url.Parse(*p.HTTPProxy) - if err != nil || hproxy.Host == "" || hproxy.Scheme != "http" { - err = cli.NewExitError(fmt.Sprintf("Could not parse HTTP proxy - expected format http://fqnd_or_ip:port: %s", *p.HTTPProxy), 1) + hproxy, err = p.validate(*p.HTTPProxy) + if err != nil { return } } if p.HTTPSProxy != nil && *p.HTTPSProxy != "" { - sproxy, err = url.Parse(*p.HTTPSProxy) - if err != nil || sproxy.Host == "" || sproxy.Scheme != "https" { - err = cli.NewExitError(fmt.Sprintf("Could not parse HTTPS proxy - expected format https://fqnd_or_ip:port: %s", *p.HTTPSProxy), 1) - return - } + sproxy, err = p.validate(*p.HTTPSProxy) + } + return +} + +func (p *Proxies) validate(ref string) (proxy *url.URL, err error) { + proxy, err = url.Parse(ref) + if err != nil { + return + } + if proxy.Host == "" || (proxy.Scheme != "http" && proxy.Scheme != "https") { + err = cli.NewExitError(fmt.Sprintf("Could not parse HTTP(S) proxy - expected format http(s)://fqnd_or_ip:port: %s", ref), 1) } return } diff --git a/cmd/vic-machine/common/proxy_test.go b/cmd/vic-machine/common/proxy_test.go new file mode 100644 index 0000000000..c1e1aea863 --- /dev/null +++ b/cmd/vic-machine/common/proxy_test.go @@ -0,0 +1,58 @@ +// Copyright 2018 VMware, Inc. All Rights Reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package common + +import ( + "testing" + "github.com/stretchr/testify/assert" +) + +func TestProcessProxies(t *testing.T) { + urls := [...]string { + "https://fully.qualified.domain.name", + "https://fully.qualified.domain.name:443", + "http://fully.qualified.domain.name", + "http://fully.qualified.domain.name:80", + "fully.qualified.domain.name", + "fully.qualified.domain.name:80", + "raw-host", + "raw-host:80", + } + + gproxies := [...]Proxies { + {HTTPProxy: &urls[0], HTTPSProxy: &urls[0]}, + {HTTPProxy: &urls[1], HTTPSProxy: &urls[1]}, + {HTTPProxy: &urls[2], HTTPSProxy: &urls[2]}, + {HTTPProxy: &urls[3], HTTPSProxy: &urls[3]}, + } + + for _, gproxy := range gproxies { + _, _, err := gproxy.ProcessProxies() + assert.NoError(t, err) + assert.True(t, gproxy.IsSet) + } + + bproxies := [...]Proxies { + {HTTPProxy: &urls[4], HTTPSProxy: &urls[4]}, + {HTTPProxy: &urls[5], HTTPSProxy: &urls[5]}, + {HTTPProxy: &urls[6], HTTPSProxy: &urls[6]}, + {HTTPProxy: &urls[7], HTTPSProxy: &urls[7]}, + } + + for _, bproxy := range bproxies { + _, _, err := bproxy.ProcessProxies() + assert.Error(t, err) + } +} diff --git a/tests/test-cases/Group23-VIC-Machine-Service/23-03-VCH-Create.robot b/tests/test-cases/Group23-VIC-Machine-Service/23-03-VCH-Create.robot index 3110e37ca0..6f0b4c3bff 100644 --- a/tests/test-cases/Group23-VIC-Machine-Service/23-03-VCH-Create.robot +++ b/tests/test-cases/Group23-VIC-Machine-Service/23-03-VCH-Create.robot @@ -418,24 +418,6 @@ Fail to create a VCH specifying an ID # Delete Path Under Target vch/${id} -Fail to create VCH where http != https (on http key/pair) in image_fetch_proxy - registry settings - Create VCH '{"name":"%{VCH-NAME}-invalid_registry","compute":{"resource":{"name":"%{TEST_RESOURCE}"}},"storage":{"image_stores":["ds://%{TEST_DATASTORE}"]},"network":{"bridge":{"ip_range":"172.16.0.0/12","port_group":{"name":"%{BRIDGE_NETWORK}"}},"public":{"port_group":{"name":"${PUBLIC_NETWORK}"}}},"registry":{"image_fetch_proxy":{"http":"https://example.com","https":"https://example.com"},"insecure":["https://insecure.example.com"],"whitelist":["10.0.0.0/8"]},"auth":{"server":{"generate":{"cname":"vch.example.com","organization":["VMware, Inc."],"size":{"value":2048,"units":"bits"}}},"client":{"no_tls_verify": true}}}' - - Verify Return Code - Verify Status Bad Request - - Output Should Contain error processing proxies: Could not parse HTTP proxy - - -Fail to create VCH where https != http (on https key/pair) in image_fetch_proxy - registry settings - Create VCH '{"name":"%{VCH-NAME}-invalid_registry","compute":{"resource":{"name":"%{TEST_RESOURCE}"}},"storage":{"image_stores":["ds://%{TEST_DATASTORE}"]},"network":{"bridge":{"ip_range":"172.16.0.0/12","port_group":{"name":"%{BRIDGE_NETWORK}"}},"public":{"port_group":{"name":"${PUBLIC_NETWORK}"}}},"registry":{"image_fetch_proxy":{"http":"http://example.com","https":"http://example.com"},"insecure":["https://insecure.example.com"],"whitelist":["10.0.0.0/8"]},"auth":{"server":{"generate":{"cname":"vch.example.com","organization":["VMware, Inc."],"size":{"value":2048,"units":"bits"}}},"client":{"no_tls_verify": true}}}' - - Verify Return Code - Verify Status Bad Request - - Output Should Contain error processing proxies: Could not parse HTTPS proxy - - Fail to create VCH where whitelist contains an int and not string - registry settings Create VCH '{"name":"%{VCH-NAME}-invalid_registry","compute":{"resource":{"name":"%{TEST_RESOURCE}"}},"storage":{"image_stores":["ds://%{TEST_DATASTORE}"]},"network":{"bridge":{"ip_range":"172.16.0.0/12","port_group":{"name":"%{BRIDGE_NETWORK}"}},"public":{"port_group":{"name":"${PUBLIC_NETWORK}"}}},"registry":{"image_fetch_proxy":{"http":"http://example.com","https":"https://example.com"},"insecure":["https://insecure.example.com"],"whitelist":[100008]},"auth":{"server":{"generate":{"cname":"vch.example.com","organization":["VMware, Inc."],"size":{"value":2048,"units":"bits"}}},"client":{"no_tls_verify": true}}}' diff --git a/tests/test-cases/Group6-VIC-Machine/6-16-Config.robot b/tests/test-cases/Group6-VIC-Machine/6-16-Config.robot index a3eaeaa6e4..45838e7a14 100644 --- a/tests/test-cases/Group6-VIC-Machine/6-16-Config.robot +++ b/tests/test-cases/Group6-VIC-Machine/6-16-Config.robot @@ -153,6 +153,18 @@ Configure VCH https-proxy Should Contain ${output} --http-proxy=http://proxy.vmware.com:3128 Should Not Contain ${output} --https-proxy + ${output}= Run bin/vic-machine-linux configure --name=%{VCH-NAME} --target=%{TEST_URL}%{TEST_DATACENTER} --thumbprint=%{TEST_THUMBPRINT} --user=%{TEST_USERNAME} --password=%{TEST_PASSWORD} --timeout %{TEST_TIMEOUT} --http-proxy https://proxy.vmware.com:3128 + Should Contain ${output} Completed successfully + ${rc} ${output}= Run And Return Rc And Output govc vm.info -e %{VCH-NAME} | grep HTTP_PROXY + Should Be Equal As Integers ${rc} 0 + Should Contain ${output} https://proxy.vmware.com:3128 + ${rc} ${output}= Run And Return Rc And Output govc vm.info -e %{VCH-NAME} | grep HTTPS_PROXY + Should Be Equal As Integers ${rc} 1 + Should Not Contain ${output} proxy.vmware.com:3128 + ${output}= Run bin/vic-machine-linux inspect config --name=%{VCH-NAME} --target="%{TEST_USERNAME}:%{TEST_PASSWORD}@%{TEST_URL}" --thumbprint=%{TEST_THUMBPRINT} + Should Contain ${output} --http-proxy=https://proxy.vmware.com:3128 + Should Not Contain ${output} --https-proxy + ${output}= Run bin/vic-machine-linux configure --name=%{VCH-NAME} --target=%{TEST_URL}%{TEST_DATACENTER} --thumbprint=%{TEST_THUMBPRINT} --user=%{TEST_USERNAME} --password=%{TEST_PASSWORD} --timeout %{TEST_TIMEOUT} --https-proxy https://proxy.vmware.com:3128 Should Contain ${output} Completed successfully ${rc} ${output}= Run And Return Rc And Output govc vm.info -e %{VCH-NAME} | grep HTTPS_PROXY @@ -165,6 +177,18 @@ Configure VCH https-proxy Should Contain ${output} --https-proxy=https://proxy.vmware.com:3128 Should Not Contain ${output} --http-proxy + ${output}= Run bin/vic-machine-linux configure --name=%{VCH-NAME} --target=%{TEST_URL}%{TEST_DATACENTER} --thumbprint=%{TEST_THUMBPRINT} --user=%{TEST_USERNAME} --password=%{TEST_PASSWORD} --timeout %{TEST_TIMEOUT} --https-proxy http://proxy.vmware.com:3128 + Should Contain ${output} Completed successfully + ${rc} ${output}= Run And Return Rc And Output govc vm.info -e %{VCH-NAME} | grep HTTPS_PROXY + Should Be Equal As Integers ${rc} 0 + Should Contain ${output} http://proxy.vmware.com:3128 + ${rc} ${output}= Run And Return Rc And Output govc vm.info -e %{VCH-NAME} | grep HTTP_PROXY + Should Be Equal As Integers ${rc} 1 + Should Not Contain ${output} proxy.vmware.com:3128 + ${output}= Run bin/vic-machine-linux inspect config --name=%{VCH-NAME} --target="%{TEST_USERNAME}:%{TEST_PASSWORD}@%{TEST_URL}" --thumbprint=%{TEST_THUMBPRINT} + Should Contain ${output} --https-proxy=http://proxy.vmware.com:3128 + Should Not Contain ${output} --http-proxy + Configure VCH ops user credentials and thumbprint ${output}= Run bin/vic-machine-linux configure --name=%{VCH-NAME} --target=%{TEST_URL} --thumbprint=%{TEST_THUMBPRINT} --user=%{TEST_USERNAME} --password=%{TEST_PASSWORD} --timeout %{TEST_TIMEOUT} --ops-user=%{TEST_USERNAME} --ops-password=%{TEST_PASSWORD} Should Contain ${output} Completed successfully