MGMT-24487: Allow https scheme in HTTPS proxy URL#10589
Conversation
Update the https_proxy field description in all 4 swagger definitions (cluster-create-params, v2-cluster-update-params, cluster, proxy) to document that both http:// and https:// schemes are valid, aligning with OCP docs since 4.9.
…on update Auto-generated by skipper make generate.
|
@yoavsc0302: This pull request references MGMT-24487 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the bug to target the "5.0.0" version, but no target version was set. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Repository: openshift/coderabbit/.coderabbit.yaml Review profile: CHILL Plan: Enterprise Run ID: 📒 Files selected for processing (4)
🚧 Files skipped from review as they are similar to previous changes (3)
WalkthroughThis PR adds HTTPS proxy URL validation, updates inventory validation to use it, adds coverage for valid HTTPS proxy settings, and documents HTTP/HTTPS formats in model comments and API specifications. ChangesHTTPS proxy validation
Estimated code review effort: 2 (Simple) | ~10 minutes 🚥 Pre-merge checks | ✅ 15✅ Passed checks (15 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Warning There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure. 🔧 ast-grep (0.44.1)internal/bminventory/inventory_test.goast-grep timed out on this file Comment |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: yoavsc0302 The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
/retest |
2 similar comments
|
/retest |
|
/retest |
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #10589 +/- ##
=======================================
Coverage 44.48% 44.48%
=======================================
Files 423 423
Lines 73327 73331 +4
=======================================
+ Hits 32617 32622 +5
+ Misses 37801 37800 -1
Partials 2909 2909
🚀 New features to boost your workflow:
|
|
/retest |
| } | ||
| if httpsProxy != nil && *httpsProxy != "" { | ||
| if err := pkgvalidations.ValidateHTTPProxyFormat(*httpsProxy); err != nil { | ||
| if err := pkgvalidations.ValidateHTTPSProxyFormat(*httpsProxy); err != nil { |
There was a problem hiding this comment.
Now that this calls ValidateHTTPSProxyFormat, it would be good to add an integration-level test that sends an https:// URL as httpsProxy through one of the API handlers (e.g., V2UpdateCluster or RegisterInfraEnv) and asserts success.
Currently all the tests that exercise validateProxySettings pass http:// or empty string for httpsProxy. The existing https://proxy.proxy fixtures at lines 3722 and 5412 in inventory_test.go write directly to the DB, bypassing validation entirely. Without a test going through the API path, a future revert of this line would go undetected.
| @@ -113,6 +113,21 @@ func ValidateHTTPProxyFormat(proxyURL string) error { | |||
| return nil | |||
| } | |||
There was a problem hiding this comment.
nit: The comment on ValidateHTTPProxyFormat above (line 98) still says "validates the HTTP Proxy and HTTPS Proxy format" — now that HTTPS proxy validation has its own function, this comment is stale. Should be updated to just "validates the HTTP Proxy URL format" or similar.
| if u.Scheme != "http" && u.Scheme != "https" { | ||
| return errors.Errorf("The URL scheme must be http or https and specified in the URL: '%s'", proxyURL) | ||
| } | ||
| return nil |
There was a problem hiding this comment.
nit: This is almost identical to ValidateHTTPProxyFormat — both share the govalidator.IsURL check, url.Parse, and error formatting. The only difference is the scheme check. Could consider extracting a small helper like:
func validateProxyURLFormat(proxyURL string, allowedSchemes ...string) error {and having both functions call it. Not a blocker, just something to keep in mind if more proxy variants appear.
There was a problem hiding this comment.
I agree. I addressed your comments and pushed the changes. Thanks!
Add ValidateHTTPSProxyFormat that accepts both http:// and https:// schemes for the https_proxy field. Extract shared validation logic into validateProxyURLFormat helper with variadic allowedSchemes parameter. Add integration tests for https:// proxy through V2UpdateCluster and UpdateInfraEnv API handlers.
6212cfd to
0cea09d
Compare
|
/retest |
|
/override ci/prow/edge-e2e-ai-operator-disconnected-capi |
|
/retest |
|
@gamli75: Overrode contexts on behalf of gamli75: ci/prow/edge-e2e-ai-operator-disconnected-capi DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
@yoavsc0302: The following tests failed, say
Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
Allow
https://scheme in thehttps_proxyproxy URL field. Previously, thehttps_proxyfield only acceptedhttp://URLs. This change enables users to configure HTTPS-based proxy servers for their clusters.https_proxyfield description to document bothhttp://andhttps://schemesskipper make generate— regenerate models and embedded specValidateHTTPSProxyFormatforhttpsProxyvalidationList all the issues related to this PR
What environments does this code impact?
How was this code tested?
Checklist
docs, README, etc)Reviewers Checklist
Summary by CodeRabbit
http://andhttps://proxy URL formats where applicable.https_proxycan be provided as eitherhttp://...orhttps://....