OCM-18900 | fix: Improve proxy validation error messages for special characters in passwords

Author: olucasfreitas

cmd/list/dnsdomains/cmd.go

@@ -70,14 +70,19 @@ func run(_ *cobra.Command, _ []string) {
 	r := rosa.NewRuntime().WithOCM()
 	defer r.Cleanup()
 
-	r.Reporter.Debugf("Loading dns domains for current org id")
-	search := "user_defined='true'"
+	organizationID, _, err := r.OCMClient.GetCurrentOrganization()
+	if err != nil {
+		_ = r.Reporter.Errorf("Failed to get current organization: %v", err)
+		os.Exit(1)
+	}
+
+	search := fmt.Sprintf("user_defined='true' and organization.id='%s'", organizationID)
 	if args.all {
-		search = ""
+		search = "user_defined='true'"
 	}
 	dnsDomains, err := r.OCMClient.ListDNSDomains(search)
 	if err != nil {
-		r.Reporter.Errorf("Failed to list DNS Domains: %v", err)
+		_ = r.Reporter.Errorf("Failed to list DNS Domains: %v", err)
 		os.Exit(1)
 	}
 
@@ -88,7 +93,7 @@ func run(_ *cobra.Command, _ []string) {
 	if output.HasFlag() {
 		err = output.Print(dnsDomains)
 		if err != nil {
-			r.Reporter.Errorf("%s", err)
+			_ = r.Reporter.Errorf("%s", err)
 			os.Exit(1)
 		}
 		os.Exit(0)

pkg/ocm/helpers.go

@@ -139,12 +139,24 @@ func ValidateHTTPProxy(val interface{}) error {
 		if httpProxy == "" {
 			return nil
 		}
-		url, err := url.ParseRequestURI(httpProxy)
+
+		// Encode password in place
+		if i := strings.LastIndex(httpProxy, "@"); i > 0 {
+			if j := strings.LastIndex(httpProxy[:i], ":"); j > 0 {
+				httpProxy = httpProxy[:j+1] + url.QueryEscape(httpProxy[j+1:i]) + httpProxy[i:]
+			}
+		}
+
+		parsedURL, err := url.ParseRequestURI(httpProxy)
 		if err != nil {
-			return fmt.Errorf("Invalid http-proxy value '%s'", httpProxy)
+			return fmt.Errorf("Invalid http-proxy value '%s': %s", httpProxy, err)
 		}
-		if url.Scheme != "http" {
-			return errors.Errorf("%s", "Expected http-proxy to have an http:// scheme")
+
+		if parsedURL.Scheme != "http" {
+			if parsedURL.Scheme == "https" {
+				return errors.Errorf("Invalid http-proxy value '%s': use --https-proxy for HTTPS proxies", httpProxy)
+			}
+			return errors.Errorf("Expected http-proxy to have an http:// scheme")
 		}
 		return nil
 	}

pkg/ocm/helpers_test.go

@@ -695,3 +695,47 @@ var _ = Describe("GetAutoNodeRoleArn", func() {
 		Expect(exists).To(BeTrue())
 	})
 })
+
+var _ = Describe("ValidateHTTPProxy", func() {
+	It("accepts valid proxy URL with authentication", func() {
+		err := ValidateHTTPProxy("http://user:[email protected]:8080")
+		Expect(err).NotTo(HaveOccurred())
+	})
+
+	It("accepts valid proxy URL without authentication", func() {
+		err := ValidateHTTPProxy("http://proxy.example.com:8080")
+		Expect(err).NotTo(HaveOccurred())
+	})
+
+	It("accepts empty string", func() {
+		err := ValidateHTTPProxy("")
+		Expect(err).NotTo(HaveOccurred())
+	})
+
+	It("auto-encodes password with forward slash", func() {
+		err := ValidateHTTPProxy("http://proxyuser:QvoZjyy/[email protected]:8080")
+		Expect(err).NotTo(HaveOccurred())
+	})
+
+	It("auto-encodes password with special characters", func() {
+		err := ValidateHTTPProxy("http://user:pass@[email protected]:8080")
+		Expect(err).NotTo(HaveOccurred())
+	})
+
+	It("accepts password with URL-encoded forward slash", func() {
+		err := ValidateHTTPProxy("http://proxyuser:QvoZjyy%[email protected]:8080")
+		Expect(err).NotTo(HaveOccurred())
+	})
+
+	It("rejects HTTPS scheme and suggests using --https-proxy", func() {
+		err := ValidateHTTPProxy("https://proxy.example.com:8080")
+		Expect(err).To(HaveOccurred())
+		Expect(err.Error()).To(ContainSubstring("use --https-proxy"))
+	})
+
+	It("rejects missing protocol scheme", func() {
+		err := ValidateHTTPProxy("proxy.example.com:8080")
+		Expect(err).To(HaveOccurred())
+		Expect(err.Error()).To(ContainSubstring("http:// scheme"))
+	})
+})