Merge pull request #1504 from eggfoobar/fix-fencing-redfish-parsing

OCPBUGS-63543: fix: update redfish url validation

Author: openshift-merge-bot[bot]

pkg/tnf/pkg/pcs/fencing.go

@@ -3,7 +3,7 @@ package pcs
 import (
 	"context"
 	"fmt"
-	"regexp"
+	"net/url"
 	"strings"
 
 	corev1 "k8s.io/api/core/v1"
@@ -15,10 +15,6 @@ import (
 	"github.com/openshift/cluster-etcd-operator/pkg/tnf/pkg/tools"
 )
 
-var (
-	addressRegEx = regexp.MustCompile(`.*//(.*):(.*)(/redfish.*)`)
-)
-
 const (
 	// defaultPcmkDelayBase is the delay applied to the first fence device to prevent simultaneous fencing
 	defaultPcmkDelayBase = "10s"
@@ -130,12 +126,28 @@ func getFencingConfig(nodeName string, secret *corev1.Secret) (*fencingConfig, e
 
 	// we need to parse ip, port and systems uri from the address like this:
 	// redfish+https://192.168.111.1:8000/redfish/v1/Systems/af2167e4-c13b-4941-b606-f912e9a86f4b
-	matches := addressRegEx.FindStringSubmatch(address)
-	if len(matches) != 4 {
+	parsedUrl, err := url.Parse(address)
+	if err != nil {
 		klog.Errorf("Failed to parse redfish address %s", address)
 		return nil, fmt.Errorf("failed to parse redfish address %s", address)
 	}
 
+	redfishHostname := parsedUrl.Hostname()
+	redfishPath := parsedUrl.Path
+	redfishPort := parsedUrl.Port()
+	// Try to infer standard schema ports for https/http, otherwise notify user port is needed.
+	if redfishPort == "" {
+		switch {
+		case strings.Contains(parsedUrl.Scheme, "https"):
+			redfishPort = "443"
+		case strings.Contains(parsedUrl.Scheme, "http"):
+			redfishPort = "80"
+		default:
+			klog.Errorf("Failed to parse redfish address, no port number found %s", address)
+			return nil, fmt.Errorf("failed to parse redfish address, no port number found %s", address)
+		}
+	}
+
 	username := string(secret.Data["username"])
 	if username == "" {
 		klog.Errorf("Secret %s does not contain username", secret.Name)
@@ -159,9 +171,9 @@ func getFencingConfig(nodeName string, secret *corev1.Secret) (*fencingConfig, e
 		FencingID:         fmt.Sprintf("%s_%s", nodeName, "redfish"),
 		FencingDeviceType: "fence_redfish",
 		FencingDeviceOptions: map[fencingOption]string{
-			Ip:         matches[1],
-			IpPort:     matches[2],
-			SystemsUri: matches[3],
+			Ip:         redfishHostname,
+			IpPort:     redfishPort,
+			SystemsUri: redfishPath,
 			Username:   username,
 			Password:   password,
 		},

pkg/tnf/pkg/pcs/fencing_test.go

@@ -65,6 +65,81 @@ func TestGetFencingConfig(t *testing.T) {
 				},
 			},
 		},
+		{
+			name:     "valid redfish config without port number on https",
+			nodeName: "node1",
+			secret: &corev1.Secret{
+				Data: map[string][]byte{
+					"address":                 []byte("redfish+https://192.168.111.1/redfish/v1/Systems/abc"),
+					"username":                []byte("admin"),
+					"password":                []byte("pass123"),
+					"certificateVerification": []byte("Enabled"),
+				},
+			},
+			wantErr: false,
+			expectedCfg: &fencingConfig{
+				NodeName:          "node1",
+				FencingID:         "node1_redfish",
+				FencingDeviceType: "fence_redfish",
+				FencingDeviceOptions: map[fencingOption]string{
+					Ip:         "192.168.111.1",
+					IpPort:     "443",
+					SystemsUri: "/redfish/v1/Systems/abc",
+					Username:   "admin",
+					Password:   "pass123",
+				},
+			},
+		},
+		{
+			name:     "valid redfish config without port number on http",
+			nodeName: "node1",
+			secret: &corev1.Secret{
+				Data: map[string][]byte{
+					"address":                 []byte("redfish+http://192.168.111.1/redfish/v1/Systems/abc"),
+					"username":                []byte("admin"),
+					"password":                []byte("pass123"),
+					"certificateVerification": []byte("Enabled"),
+				},
+			},
+			wantErr: false,
+			expectedCfg: &fencingConfig{
+				NodeName:          "node1",
+				FencingID:         "node1_redfish",
+				FencingDeviceType: "fence_redfish",
+				FencingDeviceOptions: map[fencingOption]string{
+					Ip:         "192.168.111.1",
+					IpPort:     "80",
+					SystemsUri: "/redfish/v1/Systems/abc",
+					Username:   "admin",
+					Password:   "pass123",
+				},
+			},
+		},
+		{
+			name:     "valid redfish config without port number on http ipv6",
+			nodeName: "node1",
+			secret: &corev1.Secret{
+				Data: map[string][]byte{
+					"address":                 []byte("redfish+http://[0000:0000:0000::0000]/redfish/v1/Systems/abc"),
+					"username":                []byte("admin"),
+					"password":                []byte("pass123"),
+					"certificateVerification": []byte("Enabled"),
+				},
+			},
+			wantErr: false,
+			expectedCfg: &fencingConfig{
+				NodeName:          "node1",
+				FencingID:         "node1_redfish",
+				FencingDeviceType: "fence_redfish",
+				FencingDeviceOptions: map[fencingOption]string{
+					Ip:         "0000:0000:0000::0000",
+					IpPort:     "80",
+					SystemsUri: "/redfish/v1/Systems/abc",
+					Username:   "admin",
+					Password:   "pass123",
+				},
+			},
+		},
 		{
 			name:     "invalid address format",
 			nodeName: "node1",
@@ -102,6 +177,18 @@ func TestGetFencingConfig(t *testing.T) {
 			},
 			wantErr: true,
 		},
+		{
+			name:     "missing port and no schema provided",
+			nodeName: "node1",
+			secret: &corev1.Secret{
+				Data: map[string][]byte{
+					"address":                 []byte("192.168.111.1/redfish/v1/Systems/abc"),
+					"username":                []byte("admin"),
+					"certificateVerification": []byte("Disabled"),
+				},
+			},
+			wantErr: true,
+		},
 	}
 
 	for _, tt := range tests {