fix: update redfish url validation

update validation for redfish url to give better error message when port number is not provided
changed from using regex to using url.Parse to avoid any unforseen cases and support ipv6
added unit tests to cover changes

Signed-off-by: ehila <[email protected]>

Author: eggfoobar

pkg/tnf/pkg/pcs/fencing.go

@@ -3,7 +3,7 @@ package pcs
 import (
 	"context"
 	"fmt"
-	"regexp"
+	"net/url"
 	"strings"
 
 	corev1 "k8s.io/api/core/v1"
@@ -15,10 +15,6 @@ import (
 	"github.com/openshift/cluster-etcd-operator/pkg/tnf/pkg/tools"
 )
 
-var (
-	addressRegEx = regexp.MustCompile(`.*//(.*):(.*)(/redfish.*)`)
-)
-
 const (
 	// defaultPcmkDelayBase is the delay applied to the first fence device to prevent simultaneous fencing
 	defaultPcmkDelayBase = "10s"
@@ -130,12 +126,28 @@ func getFencingConfig(nodeName string, secret *corev1.Secret) (*fencingConfig, e
 
 	// we need to parse ip, port and systems uri from the address like this:
 	// redfish+https://192.168.111.1:8000/redfish/v1/Systems/af2167e4-c13b-4941-b606-f912e9a86f4b
-	matches := addressRegEx.FindStringSubmatch(address)
-	if len(matches) != 4 {
+	parsedUrl, err := url.Parse(address)
+	if err != nil {
 		klog.Errorf("Failed to parse redfish address %s", address)
 		return nil, fmt.Errorf("failed to parse redfish address %s", address)
 	}
 
+	redfishHostname := parsedUrl.Hostname()
+	redfishPath := parsedUrl.Path
+	redfishPort := parsedUrl.Port()
+	// Try to infer standard schema ports for https/http, otherwise notify user port is needed.
+	if redfishPort == "" {
+		switch {
+		case strings.Contains(parsedUrl.Scheme, "https"):
+			redfishPort = "443"
+		case strings.Contains(parsedUrl.Scheme, "http"):
+			redfishPort = "80"
+		default:
+			klog.Errorf("Failed to parse redfish address, no port number found %s", address)
+			return nil, fmt.Errorf("failed to parse redfish address, no port number found %s", address)
+		}
+	}
+
 	username := string(secret.Data["username"])
 	if username == "" {
 		klog.Errorf("Secret %s does not contain username", secret.Name)
@@ -159,9 +171,9 @@ func getFencingConfig(nodeName string, secret *corev1.Secret) (*fencingConfig, e
 		FencingID:         fmt.Sprintf("%s_%s", nodeName, "redfish"),
 		FencingDeviceType: "fence_redfish",
 		FencingDeviceOptions: map[fencingOption]string{
-			Ip:         matches[1],
-			IpPort:     matches[2],
-			SystemsUri: matches[3],
+			Ip:         redfishHostname,
+			IpPort:     redfishPort,
+			SystemsUri: redfishPath,
 			Username:   username,
 			Password:   password,
 		},

pkg/tnf/pkg/pcs/fencing_test.go

@@ -65,6 +65,81 @@ func TestGetFencingConfig(t *testing.T) {
 				},
 			},
 		},
+		{
+			name:     "valid redfish config without port number on https",
+			nodeName: "node1",
+			secret: &corev1.Secret{
+				Data: map[string][]byte{
+					"address":                 []byte("redfish+https://192.168.111.1/redfish/v1/Systems/abc"),
+					"username":                []byte("admin"),
+					"password":                []byte("pass123"),
+					"certificateVerification": []byte("Enabled"),
+				},
+			},
+			wantErr: false,
+			expectedCfg: &fencingConfig{
+				NodeName:          "node1",
+				FencingID:         "node1_redfish",
+				FencingDeviceType: "fence_redfish",
+				FencingDeviceOptions: map[fencingOption]string{
+					Ip:         "192.168.111.1",
+					IpPort:     "443",
+					SystemsUri: "/redfish/v1/Systems/abc",
+					Username:   "admin",
+					Password:   "pass123",
+				},
+			},
+		},
+		{
+			name:     "valid redfish config without port number on http",
+			nodeName: "node1",
+			secret: &corev1.Secret{
+				Data: map[string][]byte{
+					"address":                 []byte("redfish+http://192.168.111.1/redfish/v1/Systems/abc"),
+					"username":                []byte("admin"),
+					"password":                []byte("pass123"),
+					"certificateVerification": []byte("Enabled"),
+				},
+			},
+			wantErr: false,
+			expectedCfg: &fencingConfig{
+				NodeName:          "node1",
+				FencingID:         "node1_redfish",
+				FencingDeviceType: "fence_redfish",
+				FencingDeviceOptions: map[fencingOption]string{
+					Ip:         "192.168.111.1",
+					IpPort:     "80",
+					SystemsUri: "/redfish/v1/Systems/abc",
+					Username:   "admin",
+					Password:   "pass123",
+				},
+			},
+		},
+		{
+			name:     "valid redfish config without port number on http ipv6",
+			nodeName: "node1",
+			secret: &corev1.Secret{
+				Data: map[string][]byte{
+					"address":                 []byte("redfish+http://[0000:0000:0000::0000]/redfish/v1/Systems/abc"),
+					"username":                []byte("admin"),
+					"password":                []byte("pass123"),
+					"certificateVerification": []byte("Enabled"),
+				},
+			},
+			wantErr: false,
+			expectedCfg: &fencingConfig{
+				NodeName:          "node1",
+				FencingID:         "node1_redfish",
+				FencingDeviceType: "fence_redfish",
+				FencingDeviceOptions: map[fencingOption]string{
+					Ip:         "0000:0000:0000::0000",
+					IpPort:     "80",
+					SystemsUri: "/redfish/v1/Systems/abc",
+					Username:   "admin",
+					Password:   "pass123",
+				},
+			},
+		},
 		{
 			name:     "invalid address format",
 			nodeName: "node1",
@@ -102,6 +177,18 @@ func TestGetFencingConfig(t *testing.T) {
 			},
 			wantErr: true,
 		},
+		{
+			name:     "missing port and no schema provided",
+			nodeName: "node1",
+			secret: &corev1.Secret{
+				Data: map[string][]byte{
+					"address":                 []byte("192.168.111.1/redfish/v1/Systems/abc"),
+					"username":                []byte("admin"),
+					"certificateVerification": []byte("Disabled"),
+				},
+			},
+			wantErr: true,
+		},
 	}
 
 	for _, tt := range tests {