Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix subdomain matching FIXMEs in commit 373440662 #1366

Closed
wants to merge 1 commit into from

Conversation

@lsm5 lsm5 force-pushed the wildcard-cert-fixes branch 5 times, most recently from d66525d to b5b7ba0 Compare August 30, 2021 14:42
@lsm5 lsm5 changed the title [DO NOT MERGE] Fix subdomain matching FIXMEs in commit 373440662 Fix subdomain matching FIXMEs in commit 373440662 Aug 30, 2021
@lsm5
Copy link
Member Author

lsm5 commented Aug 30, 2021

ready for review (afaict)

@lsm5 lsm5 force-pushed the wildcard-cert-fixes branch from b5b7ba0 to 207f85d Compare August 30, 2021 14:51
@vrothberg
Copy link
Member

Before I start looking at the changes: the commit message isn't really helpful since it merely points to 5 comments "somewhere". The reader has to put the puzzle pieces together of what the changes are intended to do but I really want the author to explain the changes in detail. Since there are 5 different comments, it may be worth splitting them into 5 different commits.

@@ -343,6 +343,21 @@ func (config *V1RegistriesConf) ConvertToV2() (*V2RegistriesConf, error) {
// anchoredDomainRegexp is an internal implementation detail of postProcess, defining the valid values of elements of UnqualifiedSearchRegistries.
var anchoredDomainRegexp = regexp.MustCompile("^" + reference.DomainRegexp.String() + "$")

// WildcardedPrefixCheck is the only place to check if a prefix contains "*."
func WildcardedPrefixCheck(prefix string) bool {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please make this private. We try to keep new public APIs at the bare minimum to prevent bumping the major version.

return prefix[:2] == "*."
}

func EmptyLocationWildcardedPrefixCheck(location string, prefix string) int {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same here. Please add a comment on the return value.

// https://github.com/containers/image/pull/1191#discussion_r610622495
if reg.Prefix[:2] != "*." && reg.Location == "" {
return &InvalidRegistries{s: "invalid condition: location is unset and prefix is not in the format: *.example.com"}
if reg.Location != "" {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks suspicious. Why are we allowing a config with an empty location?

If that's desired, we need tests for that case and probably some sanity checks and some massaging of the docs. For instance, unless it's blocked, it would require at least one mirror to make sense which in turn would bring up the question: why lift the requirement to specify a location,

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See all the “prefix is a wildcard” and “prefix is empty” conditions in https://github.com/openshift/runtime-utils/pull/11/files EditRegistriesConfig.

Right now, if the user wants to set properties (insecure/blocked/mirrors) on a registry without redirecting it, there are two different syntaxes: (prefix=*.domain, location="") or (prefix="", location="non-wildcard.domain/…"), with little reason to for the two to differ. It would conceptually be much simpler if we always required prefix to exist as a lookup key, and made location entirely optional for redirection only; we can’t do that any more due to compatibility, but at least allowing software that writes entries from scratch to always use prefix could simplify it.

@lsm5
Copy link
Member Author

lsm5 commented Aug 31, 2021

Before I start looking at the changes: the commit message isn't really helpful since it merely points to 5 comments "somewhere". The reader has to put the puzzle pieces together of what the changes are intended to do but I really want the author to explain the changes in detail. Since there are 5 different comments, it may be worth splitting them into 5 different commits.

sgtm, will do.

@@ -343,6 +343,21 @@ func (config *V1RegistriesConf) ConvertToV2() (*V2RegistriesConf, error) {
// anchoredDomainRegexp is an internal implementation detail of postProcess, defining the valid values of elements of UnqualifiedSearchRegistries.
var anchoredDomainRegexp = regexp.MustCompile("^" + reference.DomainRegexp.String() + "$")

// WildcardedPrefixCheck is the only place to check if a prefix contains "*."
func WildcardedPrefixCheck(prefix string) bool {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Typically (not quite always), it’s more readable if function names are either commands (saveFile) or predicates (isPrime).

return prefix[:2] == "*."
}

func EmptyLocationWildcardedPrefixCheck(location string, prefix string) int {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don’t think a comment is enough — it should either be structured in some completely different way, or use an enum, not hard-coded 0/1/-1.

if prefix[:2] != "*." {
return nil, fmt.Errorf("invalid prefix '%v' for empty location, should be in the format: *.example.com", prefix)
}
locationPrefixCheck := EmptyLocationWildcardedPrefixCheck(e.Location, prefix)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The FIXME was to drop the check for prefix starting with "*." in this location, (after ensuring postProcessRegistries enforces that constraint), not to keep exactly the same check and move it into a single-use function. That move, along with the undocumented 0/1/-1 values, just makes this harder to read with AFAICS no change to behavior.

// and does not prevent correct operation.
// https://github.com/containers/image/pull/1191#discussion_r610122617
//
// if trimmed == "" {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The request around #1191 (comment) was to reintroduce this check, and handle the cases that do allow "" into the callers . See more in there.

// parsePrefix parses the input string, performs some sanity checks and returns
// the sanitized input string. An error is returned if the input string is
// empty or if contains an "http{s,}://" prefix.
func parsePrefix(input string) (string, error) {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How does this differ from parseLocation now? Only in the error message? IIRC location was supposed to reject wildcards, and the like…

}

// make sure mirrors are valid
for _, mir := range reg.Mirrors {
if mir.Location == "" {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  • I don’t see that the caller of parseLocation should need to specifically reject ""
  • Moving the check for "" before parseLocation changes semantics; "/" was previously rejected, now it is allowed.

mir.Location, err = parseLocation(mir.Location)
if err != nil {
return err
}

//FIXME: unqualifiedSearchRegistries now also accepts empty values
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Has anything been done to fix that?

// https://github.com/containers/image/pull/1191#discussion_r610623829
for i := range res.partialV2.Registries {
prefix := res.partialV2.Registries[i].Prefix
if prefix[:2] == "*." && strings.ContainsAny(prefix, "/@:") {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What replaces the validation?

@lsm5
Copy link
Member Author

lsm5 commented Sep 1, 2021

Thanks for all the comments @mtrmac @vrothberg . Closing this. I'll open a separate PR for each FIXME. Starting with: #1368

@lsm5 lsm5 closed this Sep 1, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants