Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Validate user provided hostnames do not contain any illegal characters #128

Merged
merged 4 commits into from
Oct 29, 2021
Merged

Validate user provided hostnames do not contain any illegal characters #128

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
17c4197
Add valid hostname checks for provided hostnames
YrrepNoj Oct 27, 2021
3f20e24
Add e2e test to check for failure when given bad hostname
YrrepNoj Oct 27, 2021
9a3927e
Remove default hostname when regenerating pki and changed to a prompt
YrrepNoj Oct 27, 2021
96ad933
Add e2e test for underscore in hostname
YrrepNoj Oct 29, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 5 additions & 1 deletion cli/cmd/initialize.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,10 @@ import (
"path/filepath"

"github.com/defenseunicorns/zarf/cli/internal/k3s"
"github.com/defenseunicorns/zarf/cli/internal/utils"

"github.com/AlecAivazis/survey/v2"
"github.com/sirupsen/logrus"
"github.com/spf13/cobra"
)

Expand All @@ -23,7 +25,6 @@ var initCmd = &cobra.Command{
}

func handleTLSOptions() {

// Check to see if the certpaths or host entries are set as flags first
if initOptions.PKI.CertPublicPath == "" && initOptions.PKI.Host == "" {

Expand Down Expand Up @@ -63,6 +64,9 @@ func handleTLSOptions() {
_ = survey.AskOne(prompt, &initOptions.PKI.CertPrivatePath, survey.WithValidator(survey.Required))
}
}
if !utils.CheckHostName(initOptions.PKI.Host) {
logrus.Fatalf("The hostname provided (%v) was not a valid hostname. The hostname can only contain: 'a-z', 'A-Z', '0-9', '-', and '.' characters.\n", initOptions.PKI.Host)
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I thought about passing the regex into the error message but I decided against it in favor of the simple can only contain ... Since Zarf is a tool to simplify setting up clusters/packages some of the people might not be technical enough to decode a regex (I had to use an online tool just to double check it was doing what I though) and I wanted the error message to be simple but clear.

Any other opinions on what might be better?

}
}

func init() {
Expand Down
18 changes: 16 additions & 2 deletions cli/cmd/pki.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,9 @@
package cmd

import (
"github.com/AlecAivazis/survey/v2"
"github.com/defenseunicorns/zarf/cli/internal/utils"
"github.com/sirupsen/logrus"
"github.com/spf13/cobra"
)

Expand All @@ -16,6 +18,19 @@ var pkiRegenerate = &cobra.Command{
Use: "regenerate",
Short: "Regenerate the pki certs for the cluster ingress",
Run: func(cmd *cobra.Command, args []string) {
// Prompt for a hostname if it wasn't provided as a command flag
if pkiOptions.Host == "" {
prompt := &survey.Input{
Message: "Enter a host DNS entry or IP Address for the gitops service ingress",
}
_ = survey.AskOne(prompt, &pkiOptions.Host, survey.WithValidator(survey.Required))
}

// Verify the hostname provided is valid
if !utils.CheckHostName(pkiOptions.Host) {
logrus.Fatalf("The hostname provided (%v) was not a valid hostname. The hostname can only contain: 'a-z', 'A-Z', '0-9', '-', and '.' characters.\n", pkiOptions.Host)
}

utils.GeneratePKI(pkiOptions)
},
}
Expand All @@ -33,8 +48,7 @@ func init() {
pkiCmd.AddCommand(pkiRegenerate)
pkiCmd.AddCommand(pkiImport)

pkiRegenerate.Flags().StringVar(&pkiOptions.Host, "host", "zarf-server", "Specify the host or IP for the gitops service ingress")
_ = pkiRegenerate.MarkFlagRequired("host")
pkiRegenerate.Flags().StringVar(&pkiOptions.Host, "host", "", "Specify the host or IP for the gitops service ingress")

pkiImport.Flags().StringVar(&pkiOptions.CertPublicPath, "server-crt", "", "Path to the server public key if not generating unique PKI")
pkiImport.Flags().StringVar(&pkiOptions.CertPrivatePath, "server-key", "", "Path to the server private key if not generating unique PKI")
Expand Down
8 changes: 8 additions & 0 deletions test/e2e/e2e_general_cli_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -83,4 +83,12 @@ func testGeneralCliStuff(t *testing.T, terraformOptions *terraform.Options, keyP
// Test for expected failure when given a bad component input
output, err = ssh.CheckSshCommandE(t, publicHost, fmt.Sprintf("cd /home/%s/build && ./zarf init --components management,foo,logging", username))
require.Error(t, err, output)

// Test for expected failure when given invalid hostnames
output, err = ssh.CheckSshCommandE(t, publicHost, fmt.Sprintf("cd /home/%s/build && ./zarf init --host bad!hostname", username))
require.Error(t, err, output)
output, err = ssh.CheckSshCommandE(t, publicHost, fmt.Sprintf("cd /home/%s/build && ./zarf pki regenerate --host zarf@server", username))
require.Error(t, err, output)
output, err = ssh.CheckSshCommandE(t, publicHost, fmt.Sprintf("cd /home/%s/build && ./zarf pki regenerate --host some_unique_server", username))
require.Error(t, err, output)
}