Don't allow dot at the end of domain name #359
Conversation
openshift-ci-robot
added
the
size/XS
pkg/types/config/validate.go
Outdated
There was a problem hiding this comment.
This is an improvement on the error message. However, if we can, we should improve the validation of the user input earlier to catch invalid bucket names. The current validation of the base domain currently allows a trailing dot. If a trailing dot results in an invalid S3 bucket name later, then either (1) we need to reject a base domain with a trailing dot or (2) we need to accommodate the trailing dot to make a valid S3 bucket name.
There was a problem hiding this comment.
This is an improvement on the error message. However...
@dak1n1, let me know if you want to pick these suggestions up or punt them to futute work. Theyre good suggestions, but I'm fine getting there in baby steps.
There was a problem hiding this comment.
@wking I like the idea of catching the error earlier. I'll be in the SFO office next week. This could be a good task for me to work on, since this is my very first golang commit.
|
I made the validation error happen much sooner than before. Here's the output now: |
|
I'm working on the failing unit test now... |
dak1n1
changed the title
openshift-ci-robot
added
the
do-not-merge/work-in-progress
pkg/types/config/validate.go
Outdated
There was a problem hiding this comment.
nit: '%s' -> %q to let Go quote for you ;).
pkg/types/config/validate.go
Outdated
There was a problem hiding this comment.
note to self: Comments are usually a hint that the initial dev felt this was surprising/important. But checking the Git logs, this is from d9359cb (coreos/tectonic-installer#3085), and neither the commit message nor PR discussion has anything to say about why they specifically allowed trailing dots then.
|
@wking is there a way I can run the unit tests manually before pushing? It's currently failing because I changed the error message from It's located here: pkg/types/config/validate_test.go |
On your branch in a checkout in my $ git checkout origin/pr/359
$ echo $GOPATH
/home/trking/.local/lib/go
$ pwd
/home/trking/.local/lib/go/src/github.com/openshift/installerRun the tests on everything under $ go test ./pkg/...
...
--- FAIL: TestDomainName (0.01s)
validate_test.go:680: For DomainName("."), expected "invalid domain name", got "invalid domain name: '\".\"'"
validate_test.go:680: For DomainName("日本語"), expected "invalid domain name", got "invalid domain name: '\"日本語\"'"
validate_test.go:680: For DomainName("日本語.com"), expected "invalid domain name", got "invalid domain name: '\"日本語.com\"'"
validate_test.go:680: For DomainName("abc.日本語.com"), expected "invalid domain name", got "invalid domain name: '\"abc.日本語.com\"'"
validate_test.go:680: For DomainName("a日本語a.com"), expected "invalid domain name", got "invalid domain name: '\"a日本語a.com\"'"
validate_test.go:680: For DomainName("1.2.3.4."), expected "", got "invalid domain name: '\"1.2.3.4.\"'"
validate_test.go:680: For DomainName("abc."), expected "", got "invalid domain name: '\"abc.\"'"
validate_test.go:680: For DomainName("abc.com."), expected "", got "invalid domain name: '\"abc.com.\"'"
validate_test.go:680: For DomainName(".abc"), expected "invalid domain name", got "invalid domain name: '\".abc\"'"
validate_test.go:680: For DomainName(".abc.com"), expected "invalid domain name", got "invalid domain name: '\".abc.com\"'"
validate_test.go:680: For DomainName(".abc.com"), expected "invalid domain name", got "invalid domain name: '\".abc.com\"'"
--- FAIL: TestEmail (0.00s)
validate_test.go:680: For Email("a@日本語.com"), expected "invalid domain name", got "invalid domain name: '\"日本語.com\"'"
validate_test.go:680: For Email("[email protected]"), expected "invalid domain name", got "invalid domain name: '\".com\"'"
FAIL
FAIL github.com/openshift/installer/pkg/types/config 0.110s
...In this case, you'll probably have to update those tests to look for "message starts with {regexp}" instead of "message exactly matches". |
The already-vendored |
openshift-ci-robot
added
size/S
|
I've been given some other tasks to work on this sprint, so I'm going to leave the regex stuff out for now. It looks like it's beyond my current ability to implement. But I hope to improve error messaging later. For now, I'll just proceed with the default error about the invalid domain. |
dak1n1
changed the title
openshift-ci-robot
removed
the
do-not-merge/work-in-progress
|
Technically, the trailing dot is valid (and in many cases it is preferred). We should probably just fix the creation of the S3 bucket since we no longer rely on CNAMEs (which required the S3 bucket to match the domain name). |
|
@crawford in that case, maybe I should change the way the S3 bucket name is generated? Because right now it uses the domain name to generate the S3 bucket name, which results in an invalid S3 bucket name. I could remove the trailing dot as part of constructing the S3 bucket name. Does that sound alright? |
|
@dak1n1 I would just drop the domain name from the bucket name. |
Why not just drop the bucket name entirely? Based on this example, we can use bucket IDs for a bucket-object's diff --git a/data/data/aws/bootstrap/variables.tf b/data/data/aws/bootstrap/variables.tf
index fd7b172..f775eeb 100644
--- a/data/data/aws/bootstrap/variables.tf
+++ b/data/data/aws/bootstrap/variables.tf
@@ -10,7 +10,7 @@ variable "associate_public_ip_address" {
variable "bucket" {
type = "string"
- description = "The S3 bucket name for bootstrap ignition file."
+ description = "The S3 bucket name or ID for bootstrap ignition file."
}
variable "cluster_name" {
diff --git a/data/data/aws/main.tf b/data/data/aws/main.tf
index d87c01a..d91715f 100644
--- a/data/data/aws/main.tf
+++ b/data/data/aws/main.tf
@@ -20,7 +20,7 @@ module "bootstrap" {
ami = "${var.tectonic_aws_ec2_ami_override}"
associate_public_ip_address = "${var.tectonic_aws_endpoints != "private"}"
- bucket = "${aws_s3_bucket.tectonic.bucket}"
+ bucket = "${aws_s3_bucket.bootstrap.id}"
cluster_name = "${var.tectonic_cluster_name}"
elbs = "${module.vpc.aws_lbs}"
elbs_length = "${module.vpc.aws_lbs_length}"
@@ -131,9 +131,7 @@ resource "aws_route53_zone" "tectonic_int" {
), var.tectonic_aws_extra_tags)}"
}
-resource "aws_s3_bucket" "tectonic" {
- bucket = "${lower(var.tectonic_cluster_name)}.${var.tectonic_base_domain}"
-
+resource "aws_s3_bucket" "bootstrap" {
acl = "private"
tags = "${merge(map(Then we could drop |
|
So I already have something that is working for this, but I'm open to changing it if it's not the direction you guys want to go. What I did is just drop the trailing dot on the S3 bucket name. This keeps the S3 name consistent with how it's been in the past (clustername + domain name). It's easy for an Ops person to visually identify and search for the bucket name, without knowing the cluster ID. And it's working in my testing. |
openshift-ci-robot
added
size/XS
When the user passes the installer a domain name ending in dot `.`, the S3 bucket name generated by the installer is invalid. This commit automatically drops the trailing dot to create valid S3 bucket names.
|
For what it's worth, we will delete this bucket shortly after cluster installation, so I don't think I would worry so much about day-2 operations. |
|
I'm fine punting larger name adjustments to follow-up work. /lgtm |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: dak1n1, wking The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci-robot
added
the
approved
Alex gave the history behind our previous bucket name [1]: We should probably just fix the creation of the S3 bucket since we no longer rely on CNAMEs (which required the S3 bucket to match the domain name). But now we can just let AWS pick a random bucket name for us. I've also dropped the no-longer-used S3Bucket validator. [1]: openshift#359 (comment)
6 participants
This will prevent errors when creating the S3 bucket,
since the S3 bucket name may not end in dot.