Fix URL and IP address validators

The current URL and IP address validators ported from config controller have some defficiencies. This commit leverages django URLValidator for URL validation and supplements the existing domain name/ip address validation with Ansible ipaddr filter test to catch missing/future formats. Verify the validation tasks with the following input - http://[2001:db8::1]:3128 - https://test.abc.com - ::1 - localhost - 127.0.0.1 - fe80::100/10 - 2001:db8:1::/64 - "[2001:db8::1]:8080" - 128.224.150.0/23 - test.abc.com - test.abc.com:3000 - 2001:db8:?::/32 (failed case) Closes-Bug: 1833710 Change-Id: Ib3345b41ab932cd434906725f709a8b9a0195e3f Signed-off-by: Tee Ngo <Tee.Ngo@windriver.com>
2019-06-21 11:00:24 -04:00 · 2019-06-21 11:00:24 -04:00 · 8fa6359ba0
commit 8fa6359ba0
parent 7a9bc2f330
3 changed files with 15 additions and 25 deletions
--- a/playbookconfig/centos/playbookconfig.spec
+++ b/playbookconfig/centos/playbookconfig.spec
@ -13,6 +13,7 @@ Requires: python-netaddr
 Requires: sshpass
 Requires: python2-ptyprocess
 Requires: python2-pexpect
+Requires: python2-django
 Requires: ansible

 %description
--- a/playbookconfig/playbookconfig/playbooks/bootstrap/roles/validate-config/tasks/validate_address.yml
+++ b/playbookconfig/playbookconfig/playbooks/bootstrap/roles/validate-config/tasks/validate_address.yml
@ -8,7 +8,7 @@
 #   Validate the format of docker registry/no-proxy address
 #

- name: Check if the supplied address is a valid domain name or ipv4 address
+- name: Check if the supplied address is a valid domain name or ip address
  vars:
    script_content: |
      # Use this utility to be consistent with the current config_controller
@ -20,24 +20,12 @@
  args:
    executable: /usr/bin/python
  failed_when: false
-  register: domain_name_ipv4_check
+  register: domain_name_ip_check

-  # The domain name check above should cover the domain name as well as
-  # IPv4 addressing with/without port. If it fails, check if it's ipv6 format
- block:
-  - name: Check if the supplied address is of ipv6 with port format
-    set_fact:
-      ipv6_with_port: true
-    when: input_address is search("\[") and input_address is search("\]")
-
-  - name: Fail if the supplied address is not a valid ipv6
-    fail:
-      msg: "{{ input_address }} is an invalid address!."
-    when: (not ipv6_with_port) and (input_address|ipv6 == false)
-
-  - name: Fail if the supplied address is not a valid ipv6 with port
-    fail:
-      msg: "{{ input_address }} is an invalid address!."
-    when: (ipv6_with_port) and
-          ((input_address.split('[')[1]).split(']')[0]|ipv6 == false)
-  when: domain_name_ipv4_check.rc != 0
+# Do the final catch-all check using Ansible ipaddr filter to pick up
+# addresses with CIDR notation and whatever future valid formats will be.
+- name: Fail if the supplied address is not a valid domain name or ip address
+  fail:
+    msg: "{{ input_address }} is an invalid address!."
+  when: (domain_name_ip_check.rc != 0) and
+        (input_address | ipaddr == false)
--- a/playbookconfig/playbookconfig/playbooks/bootstrap/roles/validate-config/tasks/validate_url.yml
+++ b/playbookconfig/playbookconfig/playbooks/bootstrap/roles/validate-config/tasks/validate_url.yml
@ -12,10 +12,11 @@
  - name: Check if the supplied proxy is a valid URL
    vars:
      script_content: |
-        # Use this utility to be consistent with the current config_controller
-        # and sysinv
-        from controllerconfig.utils import is_valid_url
-        if not is_valid_url( "{{ input_url }}" ):
+        # Make use of django URL Validator
+        from django.core.validators import URLValidator
+        try:
+          URLValidator()( "{{ input_url }}" )
+        except Exception:
          raise Exception("Invalid url format!")
    shell: "{{ script_content }}"
    args: