Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Reject invalid endpoint #320

Merged
merged 2 commits into from
Sep 4, 2024
Merged

Conversation

rmweir
Copy link
Contributor

@rmweir rmweir commented Sep 3, 2024

Problem:
Prior, a non-empty endpoint of the incorrect format would cause an embedded sqlite backend to be used. By passing a non-empty endpoint the user is intending to use an external backend.

Solution:
Now, the endpoint will be validated and passing a non-empty endpoint of an incorrect format will result in an error.

Issue:
#319

@rmweir rmweir requested a review from a team as a code owner September 3, 2024 18:37
@rmweir rmweir force-pushed the reject-invalid-endpoint branch from b37cc40 to 447c5fa Compare September 3, 2024 18:39
Copy link
Contributor

@galal-hussein galal-hussein left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@galal-hussein
Copy link
Contributor

galal-hussein commented Sep 3, 2024

@rmweir Looks like the test is failing tho in testing sqlite:

[sqlite] #- Tail: /tmp/GSt1E0/kine/1/logs/system.log
[sqlite] time="2024-09-03T18:48:42.444315289Z" level=fatal msg="parsing storage endpoint: invalid storage endpoint [sqlite]. Non-empty storage endpoint should be of the format <network>://<address>"

passing just an endpoint without a url should be allowed as well, like passing just sqlite https://github.com/k3s-io/kine/blob/master/scripts/test-run-sqlite#L3C23-L3C45

@rmweir
Copy link
Contributor Author

rmweir commented Sep 3, 2024

@galal-hussein can we either change the test or explicity check for "sqlite"? Because the value gets totally discarded, its not evaluated.

@rmweir
Copy link
Contributor Author

rmweir commented Sep 3, 2024

@galal-hussein I added an explicit check in a new commit so you can review it. If you're okay with that I can squash.

@rmweir rmweir requested a review from galal-hussein September 3, 2024 19:33
@rmweir rmweir force-pushed the reject-invalid-endpoint branch from ec630d7 to d00b612 Compare September 3, 2024 19:34
pkg/endpoint/endpoint.go Outdated Show resolved Hide resolved
pkg/endpoint/endpoint.go Outdated Show resolved Hide resolved
@brandond
Copy link
Member

brandond commented Sep 3, 2024

I would be willing to tighten this down to require a valid scheme. So if you want sqlite for example, you have to do at least sqlite:// instead of just sqlite. I don't think we have documented anywhere that we support sqlite, and if you want to pass any configuration to the sqlite backend you already have to use a proper URI, as seen at k3s-io/k3s#8234 (comment)

Also, please do use the proper RFC3986 labels for the URI components in the error, not network and address.

@rmweir
Copy link
Contributor Author

rmweir commented Sep 3, 2024

@brandond I think passing an empty storage endpoint is how one usually uses sqlite. I think expecting either a valid DSN URI or empty to imply an embedded backend is required, makes enough sense. Can we go with that?

@brandond
Copy link
Member

brandond commented Sep 3, 2024

yeah thats what I meant. Either leave it empty, or pass a URI with a valid scheme and separator. The URI can have an empty authority/path/parameters to get whatever the defaults are for that backend.

@rmweir rmweir force-pushed the reject-invalid-endpoint branch from d6827f0 to 03a8ed2 Compare September 3, 2024 20:56
@rmweir
Copy link
Contributor Author

rmweir commented Sep 3, 2024

@brandond I just updated the latest commit to what I was thinking. Lmk if that's fine and I will squash. If you want me too add some option for "sqlite://" I can do that too but I think we're okay without it.

@brandond
Copy link
Member

brandond commented Sep 3, 2024

  1. looks like you need to sign off for DCO
  2. I think you'll need to fix the sqlite test that was linked above:
    KINE_IMAGE=$IMAGE KINE_ENDPOINT="sqlite" provision-kine

@rmweir rmweir force-pushed the reject-invalid-endpoint branch from 03a8ed2 to 37f8946 Compare September 3, 2024 21:16
Prior, a non-empty endpoint of the incorrect format would cause an
embedded sqlite backend to be used. By passing a non-empty endpoint
the user is intending to use an external backend. Now, the endpoint
will be validated and passing a non-empty endpoint of an incorrect
format will result in an error.

Signed-off-by: Ricardo Weir <[email protected]>
@rmweir rmweir force-pushed the reject-invalid-endpoint branch from 37f8946 to b3743bd Compare September 3, 2024 21:17
Copy link
Member

@brandond brandond left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm!

@rmweir
Copy link
Contributor Author

rmweir commented Sep 3, 2024

@brandond fixed test, also had to move validation to its own function as we use that network/address parsing function in multiple places where string could be empty, squashed all commits. Just take another pass on everything please as I don't want to sneak anything in.

@@ -1,6 +1,6 @@
#!/bin/bash
start-test() {
KINE_IMAGE=$IMAGE KINE_ENDPOINT="sqlite" provision-kine
KINE_IMAGE=$IMAGE KINE_ENDPOINT="" provision-kine
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[sqlite] time="2024-09-03T21:27:16Z" level=fatal msg="flag needs an argument: -endpoint"

You can leave --endpoint unset, but you can't currently set it to an empty string... so you should either fix the CLI flag, or explicitly set it.

Suggested change
KINE_IMAGE=$IMAGE KINE_ENDPOINT="" provision-kine
KINE_IMAGE=$IMAGE KINE_ENDPOINT="sqlite://" provision-kine

Copy link
Member

@brandond brandond Sep 3, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actually I suspect that when the var is empty the script is just running kine --endpoint instead of kine --endpoint "" so the CLI framework is complaining that the flag doesn't have a value - which is valid.

You could change this

--endpoint $KINE_ENDPOINT

to --endpoint=$KINE_ENDPOINT

Signed-off-by: Ricardo Weir <[email protected]>
@rmweir rmweir force-pushed the reject-invalid-endpoint branch from b3743bd to 40b2102 Compare September 3, 2024 22:49
@rmweir
Copy link
Contributor Author

rmweir commented Sep 3, 2024

@brandond @galal-hussein thanks for the fast replies! Will probably need someone to merge this for me as well once everything passes 😬.

@brandond
Copy link
Member

brandond commented Sep 4, 2024

I'll wait for @galal-hussein to review again, then either one of us can merge and tag!

@galal-hussein galal-hussein merged commit 70a99f8 into k3s-io:master Sep 4, 2024
3 checks passed
brandond added a commit to brandond/k3s that referenced this pull request Oct 2, 2024
Support for 'sqlite' as the endpoint was removed in
k3s-io/kine#320 and the constant removed in
k3s-io/kine#325

Signed-off-by: Brad Davidson <[email protected]>
brandond added a commit to k3s-io/k3s that referenced this pull request Oct 3, 2024
Support for 'sqlite' as the endpoint was removed in
k3s-io/kine#320 and the constant removed in
k3s-io/kine#325

Signed-off-by: Brad Davidson <[email protected]>
brandond added a commit to brandond/k3s that referenced this pull request Oct 9, 2024
Support for 'sqlite' as the endpoint was removed in
k3s-io/kine#320 and the constant removed in
k3s-io/kine#325

Signed-off-by: Brad Davidson <[email protected]>
(cherry picked from commit 0942e6a)
Signed-off-by: Brad Davidson <[email protected]>
brandond added a commit to brandond/k3s that referenced this pull request Oct 10, 2024
Support for 'sqlite' as the endpoint was removed in
k3s-io/kine#320 and the constant removed in
k3s-io/kine#325

Signed-off-by: Brad Davidson <[email protected]>
(cherry picked from commit 0942e6a)
Signed-off-by: Brad Davidson <[email protected]>
brandond added a commit to brandond/k3s that referenced this pull request Oct 10, 2024
Support for 'sqlite' as the endpoint was removed in
k3s-io/kine#320 and the constant removed in
k3s-io/kine#325

Signed-off-by: Brad Davidson <[email protected]>
(cherry picked from commit 0942e6a)
Signed-off-by: Brad Davidson <[email protected]>
brandond added a commit to brandond/k3s that referenced this pull request Oct 10, 2024
Support for 'sqlite' as the endpoint was removed in
k3s-io/kine#320 and the constant removed in
k3s-io/kine#325

Signed-off-by: Brad Davidson <[email protected]>
(cherry picked from commit 0942e6a)
Signed-off-by: Brad Davidson <[email protected]>
brandond added a commit to k3s-io/k3s that referenced this pull request Oct 10, 2024
Support for 'sqlite' as the endpoint was removed in
k3s-io/kine#320 and the constant removed in
k3s-io/kine#325

Signed-off-by: Brad Davidson <[email protected]>
(cherry picked from commit 0942e6a)
Signed-off-by: Brad Davidson <[email protected]>
brandond added a commit to k3s-io/k3s that referenced this pull request Oct 10, 2024
Support for 'sqlite' as the endpoint was removed in
k3s-io/kine#320 and the constant removed in
k3s-io/kine#325

Signed-off-by: Brad Davidson <[email protected]>
(cherry picked from commit 0942e6a)
Signed-off-by: Brad Davidson <[email protected]>
brandond added a commit to k3s-io/k3s that referenced this pull request Oct 10, 2024
Support for 'sqlite' as the endpoint was removed in
k3s-io/kine#320 and the constant removed in
k3s-io/kine#325

Signed-off-by: Brad Davidson <[email protected]>
(cherry picked from commit 0942e6a)
Signed-off-by: Brad Davidson <[email protected]>
brandond added a commit to k3s-io/k3s that referenced this pull request Oct 10, 2024
Support for 'sqlite' as the endpoint was removed in
k3s-io/kine#320 and the constant removed in
k3s-io/kine#325

Signed-off-by: Brad Davidson <[email protected]>
(cherry picked from commit 0942e6a)
Signed-off-by: Brad Davidson <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants