Merge pull request #128 from defenseunicorns/feature/hostname-validation

Validate user provided hostnames do not contain any illegal characters
zarf-dev · Oct 29, 2021 · 03e2e04 · 03e2e04
2 parents c0f09b4 + 96ad933
commit 03e2e04
Show file tree

Hide file tree

Showing 3 changed files with 29 additions and 3 deletions.
diff --git a/cli/cmd/initialize.go b/cli/cmd/initialize.go
@@ -4,8 +4,10 @@ import (
 	"path/filepath"
 
 	"github.com/defenseunicorns/zarf/cli/internal/k3s"
+	"github.com/defenseunicorns/zarf/cli/internal/utils"
 
 	"github.com/AlecAivazis/survey/v2"
+	"github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
 )
 
@@ -23,7 +25,6 @@ var initCmd = &cobra.Command{
 }
 
 func handleTLSOptions() {
-
 	// Check to see if the certpaths or host entries are set as flags first
 	if initOptions.PKI.CertPublicPath == "" && initOptions.PKI.Host == "" {
 
@@ -63,6 +64,9 @@ func handleTLSOptions() {
 			_ = survey.AskOne(prompt, &initOptions.PKI.CertPrivatePath, survey.WithValidator(survey.Required))
 		}
 	}
+	if !utils.CheckHostName(initOptions.PKI.Host) {
+		logrus.Fatalf("The hostname provided (%v) was not a valid hostname. The hostname can only contain: 'a-z', 'A-Z', '0-9', '-', and '.' characters.\n", initOptions.PKI.Host)
+	}
 }
 
 func init() {

diff --git a/cli/cmd/pki.go b/cli/cmd/pki.go
@@ -1,7 +1,9 @@
 package cmd
 
 import (
+	"github.com/AlecAivazis/survey/v2"
 	"github.com/defenseunicorns/zarf/cli/internal/utils"
+	"github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
 )
 
@@ -16,6 +18,19 @@ var pkiRegenerate = &cobra.Command{
 	Use:   "regenerate",
 	Short: "Regenerate the pki certs for the cluster ingress",
 	Run: func(cmd *cobra.Command, args []string) {
+		// Prompt for a hostname if it wasn't provided as a command flag
+		if pkiOptions.Host == "" {
+			prompt := &survey.Input{
+				Message: "Enter a host DNS entry or IP Address for the gitops service ingress",
+			}
+			_ = survey.AskOne(prompt, &pkiOptions.Host, survey.WithValidator(survey.Required))
+		}
+
+		// Verify the hostname provided is valid
+		if !utils.CheckHostName(pkiOptions.Host) {
+			logrus.Fatalf("The hostname provided (%v) was not a valid hostname. The hostname can only contain: 'a-z', 'A-Z', '0-9', '-', and '.' characters.\n", pkiOptions.Host)
+		}
+
 		utils.GeneratePKI(pkiOptions)
 	},
 }
@@ -33,8 +48,7 @@ func init() {
 	pkiCmd.AddCommand(pkiRegenerate)
 	pkiCmd.AddCommand(pkiImport)
 
-	pkiRegenerate.Flags().StringVar(&pkiOptions.Host, "host", "zarf-server", "Specify the host or IP for the gitops service ingress")
-	_ = pkiRegenerate.MarkFlagRequired("host")
+	pkiRegenerate.Flags().StringVar(&pkiOptions.Host, "host", "", "Specify the host or IP for the gitops service ingress")
 
 	pkiImport.Flags().StringVar(&pkiOptions.CertPublicPath, "server-crt", "", "Path to the server public key if not generating unique PKI")
 	pkiImport.Flags().StringVar(&pkiOptions.CertPrivatePath, "server-key", "", "Path to the server private key if not generating unique PKI")

diff --git a/test/e2e/e2e_general_cli_test.go b/test/e2e/e2e_general_cli_test.go
@@ -83,4 +83,12 @@ func testGeneralCliStuff(t *testing.T, terraformOptions *terraform.Options, keyP
   // Test for expected failure when given a bad component input
   output, err = ssh.CheckSshCommandE(t, publicHost, fmt.Sprintf("cd /home/%s/build && ./zarf init --components management,foo,logging", username))
   require.Error(t, err, output)
+
+  // Test for expected failure when given invalid hostnames
+  output, err = ssh.CheckSshCommandE(t, publicHost, fmt.Sprintf("cd /home/%s/build && ./zarf init --host bad!hostname", username))
+  require.Error(t, err, output)
+  output, err = ssh.CheckSshCommandE(t, publicHost, fmt.Sprintf("cd /home/%s/build && ./zarf pki regenerate --host zarf@server", username))
+  require.Error(t, err, output)
+  output, err = ssh.CheckSshCommandE(t, publicHost, fmt.Sprintf("cd /home/%s/build && ./zarf pki regenerate --host some_unique_server", username))
+  require.Error(t, err, output)
 }