Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add a new "Endpoint URL" field in AWS endpoints #3958

Merged
merged 6 commits into from
Jun 4, 2018
Merged

Add a new "Endpoint URL" field in AWS endpoints #3958

merged 6 commits into from
Jun 4, 2018

Conversation

AparnaKarve
Copy link
Contributor

@AparnaKarve AparnaKarve commented May 17, 2018
edited
Loading

Added a new Endpoint URL optional field in AWS endpoints as shown in the screenshot.

screen shot 2018-05-17 at 3 12 28 pm

Depends on ManageIQ/manageiq-providers-amazon#444

Fixes #3907

@djberg96
Copy link
Contributor

👍

@AparnaKarve AparnaKarve reopened this May 18, 2018
@AparnaKarve
Copy link
Contributor Author

@djberg96 There is an unrelated JS spec failure on travis currently - should be resolved soon hopefully.
( also seeing the same failure on a few other open PRs)

@AparnaKarve AparnaKarve reopened this May 18, 2018
AlexanderZagaynov
AlexanderZagaynov suggested changes May 24, 2018
View reviewed changes
app/controllers/mixins/ems_common_angular.rb Outdated
@@ -128,7 +128,8 @@ def get_task_args(ems)
connect_opts = [MiqPassword.encrypt(params[:amqp_password]), params.to_hash.symbolize_keys.slice(*OPENSTACK_AMQP_PARAMS)] if params[:cred_type] == "amqp"
connect_opts
when 'ManageIQ::Providers::Amazon::CloudManager'
[user, password, :EC2, params[:provider_region], ems.http_proxy_uri, true]
uri = URI.parse(params[:default_url])
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

incoming params should be escaped for safety
http://devdocs.io/ruby~2.3/uri#method-c-parse:
It's recommended to first ::escape the provided uri_str if there are any invalid URI characters.
http://devdocs.io/ruby~2.3/uri/escape#method-i-escape

Copy link

@AlexanderZagaynov AlexanderZagaynov May 24, 2018
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Related comment here: ManageIQ/manageiq-providers-amazon#444 (comment) (need to decide where escaping should be made)

app/controllers/mixins/ems_common_angular.rb Outdated
@@ -648,6 +650,11 @@ def set_ems_record_vars(ems, mode = nil)
default_endpoint = {:role => :default, :hostname => hostname, :port => port}
end

if ems.kind_of?(ManageIQ::Providers::Amazon::CloudManager)
uri = URI.parse(params[:default_url])
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

see above about escaping

@AlexanderZagaynov AlexanderZagaynov mentioned this pull request May 24, 2018
Merged
@AparnaKarve
Copy link
Contributor Author

@AlexanderZagaynov URI.escape seems to be obsolete (per above rubocop warnings)

@djberg96 and I were discussing if we need to escape at all...

Keeping URI.escape for now, but would need to address this by removing the escape or replacing it with CGI.escape

@AlexanderZagaynov
Copy link

I believe WEBrick::HTTPUtils.escape can be the best option:

URI.escape('http://example.com/abc|def?xyz 123?#$')
=> "http://example.com/abc%7Cdef?xyz%20123?%23$"

CGI.escape('http://example.com/abc|def?xyz 123?#$')
=> "http%3A%2F%2Fexample.com%2Fabc%7Cdef%3Fxyz+123%3F%23%24"

URI.encode_www_form(['http://example.com/abc|def?xyz 123?#$'])
=> "http%3A%2F%2Fexample.com%2Fabc%7Cdef%3Fxyz+123%3F%23%24"

URI.encode_www_form_component('http://example.com/abc|def?xyz 123?#$')
=> "http%3A%2F%2Fexample.com%2Fabc%7Cdef%3Fxyz+123%3F%23%24"

WEBrick::HTTPUtils.escape('http://example.com/abc|def?xyz 123?#$')
=> "http://example.com/abc%7Cdef?xyz%20123?%23$"

@AlexanderZagaynov
Copy link

AlexanderZagaynov commented May 25, 2018
edited
Loading

Also:

URI.parse('http://example.com/abc|def?xyz 123?#$')
URI::InvalidURIError: bad URI(is not URI?): http://example.com/abc|def?xyz 123?#$

URI.parse(WEBrick::HTTPUtils.escape 'http://example.com/abc|def?xyz 123?#$').tap do |uri|
  ap uri.component.map { |component| [component, uri.public_send(component)] }.to_h
end

=>

{
  :scheme   => "http",
  :userinfo => nil,
  :host     => "example.com",
  :port     => 80,
  :path     => "/abc%7Cdef",
  :query    => "xyz%20123?%23$",
  :fragment => nil
}

@djberg96
Copy link
Contributor

djberg96 commented May 29, 2018
edited
Loading

@alexander-demichev @AparnaKarve Let's use Addressable::URI.escape if we're going to escape the field.

On second thought, let's just stick with the standard URI library since Addressable isn't in our Gemfile. I realize there are some edge cases that might break it, but I doubt you'll ever see them in practice. If someone does break it (other than QE), then we'll deal with it later.

@AparnaKarve
Copy link
Contributor Author

@djberg96 Should I revert 0e81618?

@djberg96
Copy link
Contributor

@AparnaKarve nope, actually, that's fine.

@djberg96
Copy link
Contributor

@AparnaKarve I vote to ignore the rubocop warning for now. Any of the options that @AlexanderZagaynov mentioned will require an explicit require statement anyway, so let's see if I can get the addressable gem accepted into the core repo.

@AparnaKarve
Copy link
Contributor Author

@djberg96 I have no issues ignoring rubocop for now.

Just one question to you and @AlexanderZagaynov - what do you think about CGI.escape -- what rubocop suggested?

@AlexanderZagaynov
Copy link

@AparnaKarve check examples above, you'll see the result of each option.
CGI.escape will not do what you need.

@AlexanderZagaynov
Copy link

AlexanderZagaynov commented May 31, 2018
edited
Loading

WEBrick::HTTPUtils only demands for require 'webrick/httputils',
which is part of the Ruby Std-lib (no additional gems needed): https://ruby-doc.org/stdlib-2.3.6/libdoc/webrick/rdoc/WEBrick/HTTPUtils.html
However I'm not sure will it cause any conflict with production web server (puma), but it should not, especially with requiring as I wrote here, that file contains just a module, and don't patch anything.

@AparnaKarve
Copy link
Contributor Author

@AlexanderZagaynov Thanks.
Sorry I completely missed looking at CGI.escape output.

@h-kataria h-kataria self-assigned this May 31, 2018
@miq-bot
Copy link
Member

miq-bot commented Jun 1, 2018

Checked commits AparnaKarve/manageiq-ui-classic@862788a~...9852eb2 with ruby 2.3.3, rubocop 0.52.1, haml-lint 0.20.0, and yamllint 1.10.0
5 files checked, 1 offense detected

**

  • 💣 💥 🔥 🚒 - Linter/Haml - Linter::Haml STDERR:
warning: parser/current is loading parser/ruby23, which recognizes
warning: 2.3.6-compliant syntax, but you are running 2.3.3.
warning: please see https://github.com/whitequark/parser#compatibility-with-ruby-mri.

@AparnaKarve
Copy link
Contributor Author

Changed the escape implementation per @AlexanderZagaynov 's suggestion.
Please review 9852eb2

@AlexanderZagaynov
Copy link

LGTM 👍

@djberg96
Copy link
Contributor

djberg96 commented Jun 1, 2018

👍

@h-kataria h-kataria added this to the Sprint 87 Ending Jun 4, 2018 milestone Jun 4, 2018
@h-kataria h-kataria merged commit 49cee7f into ManageIQ:master Jun 4, 2018
@AparnaKarve AparnaKarve deleted the add_url_to_amz_and_azure branch June 4, 2018 17:21
@AlexanderZagaynov AlexanderZagaynov mentioned this pull request May 21, 2019
Merged
@AlexanderZagaynov AlexanderZagaynov mentioned this pull request Sep 5, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@AlexanderZagaynov AlexanderZagaynov AlexanderZagaynov requested changes

Assignees

@h-kataria h-kataria

Labels
compute/cloud enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@AparnaKarve @djberg96 @AlexanderZagaynov @miq-bot @h-kataria @mzazrivec