Reject invalid endpoint (#320)

* Reject invalid endpoint Prior, a non-empty endpoint of the incorrect format would cause an embedded sqlite backend to be used. By passing a non-empty endpoint the user is intending to use an external backend. Now, the endpoint will be validated and passing a non-empty endpoint of an incorrect format will result in an error. Signed-off-by: Ricardo Weir <ricardo.weir@loft.sh> * Update sqlite test Signed-off-by: Ricardo Weir <ricardo.weir@loft.sh> --------- Signed-off-by: Ricardo Weir <ricardo.weir@loft.sh>
k3s-io · Sep 4, 2024 · 70a99f8 · 70a99f8
1 parent cb8c874
commit 70a99f8
Show file tree

Hide file tree

Showing 3 changed files with 29 additions and 9 deletions.
diff --git a/pkg/endpoint/endpoint.go b/pkg/endpoint/endpoint.go
@@ -56,7 +56,11 @@ type ETCDConfig struct {
 }
 
 func Listen(ctx context.Context, config Config) (ETCDConfig, error) {
-	driver, dsn := ParseStorageEndpoint(config.Endpoint)
+	driver, dsn, err := ParseStorageEndpoint(config.Endpoint)
+	if err != nil {
+		return ETCDConfig{}, errors.Wrap(err, "parsing storage endpoint")
+	}
+
 	if driver == ETCDBackend {
 		return ETCDConfig{
 			Endpoints:   strings.Split(config.Endpoint, ","),
@@ -233,19 +237,35 @@ func getKineStorageBackend(ctx context.Context, driver, dsn string, cfg Config)
 }
 
 // ParseStorageEndpoint returns the driver name and endpoint string from a datastore endpoint URL.
-func ParseStorageEndpoint(storageEndpoint string) (string, string) {
+func ParseStorageEndpoint(storageEndpoint string) (string, string, error) {
+	if storageEndpoint == "" {
+		return SQLiteBackend, "", nil
+	}
+
+	if err := validateDSNuri(storageEndpoint); err != nil {
+		return "", "", err
+	}
+
 	network, address := networkAndAddress(storageEndpoint)
+
 	switch network {
-	case "":
-		return SQLiteBackend, ""
 	case "nats":
-		return NATSBackend, storageEndpoint
+		return NATSBackend, storageEndpoint, nil
 	case "http":
 		fallthrough
 	case "https":
-		return ETCDBackend, address
+		return ETCDBackend, address, nil
+	}
+	return network, address, nil
+}
+
+// validateDSNuri ensure that the given string is of that format <scheme://<authority>
+func validateDSNuri(str string) error {
+	parts := strings.SplitN(str, "://", 2)
+	if len(parts) > 1 {
+		return nil
 	}
-	return network, address
+	return errors.New("invalid datastore endpoint; endpoint should be a DSN URI in the format <scheme>://<authority>")
 }
 
 // networkAndAddress crudely splits a URL string into network (scheme) and address,

diff --git a/scripts/test-helpers b/scripts/test-helpers
@@ -251,7 +251,7 @@ provision-kine() {
         $KINE_ENV \
         $KINE_IMAGE \
         --watch-progress-notify-interval=5s \
-        --endpoint $KINE_ENDPOINT
+        --endpoint=$KINE_ENDPOINT
 
     local ip=$(docker container inspect --format '{{.NetworkSettings.IPAddress}}' $name | tee $TEST_DIR/kine/$count/metadata/ip)
     local port=$(docker container inspect --format '{{range $k, $v := .NetworkSettings.Ports}}{{printf "%s\n" $k}}{{end}}' $name | head -n 1 | cut -d/ -f1 | tee $TEST_DIR/kine/$count/metadata/port)

diff --git a/scripts/test-run-sqlite b/scripts/test-run-sqlite
@@ -1,6 +1,6 @@
 #!/bin/bash
 start-test() {
-    KINE_IMAGE=$IMAGE KINE_ENDPOINT="sqlite" provision-kine
+    KINE_IMAGE=$IMAGE KINE_ENDPOINT="" provision-kine
     local kine_url=$(cat $TEST_DIR/kine/*/metadata/url)
     K3S_DATASTORE_ENDPOINT=$kine_url provision-cluster
 }