OCM-18900 | fix: Improve proxy validation error messages for special characters in passwords

Author: olucasfreitas

cmd/list/dnsdomains/cmd.go

@@ -71,18 +71,19 @@ func run(_ *cobra.Command, _ []string) {
 	defer r.Cleanup()
 
 	r.Reporter.Debugf("Loading dns domains for current org id")
-	orgID, _, err := r.OCMClient.GetCurrentOrganization()
+	organizationID, _, err := r.OCMClient.GetCurrentOrganization()
 	if err != nil {
-		_ = r.Reporter.Errorf("Failed to get current organization: %s", err)
+		_ = r.Reporter.Errorf("Failed to get current organization: %v", err)
 		os.Exit(1)
 	}
-	search := fmt.Sprintf("user_defined='true' AND organization.id='%s'", orgID)
+
+	search := fmt.Sprintf("user_defined='true' and organization.id='%s'", organizationID)
 	if args.all {
-		search = ""
+		search = fmt.Sprintf("organization.id='%s'", organizationID)
 	}
 	dnsDomains, err := r.OCMClient.ListDNSDomains(search)
 	if err != nil {
-		r.Reporter.Errorf("Failed to list DNS Domains: %v", err)
+		_ = r.Reporter.Errorf("Failed to list DNS Domains: %v", err)
 		os.Exit(1)
 	}
 
@@ -93,7 +94,7 @@ func run(_ *cobra.Command, _ []string) {
 	if output.HasFlag() {
 		err = output.Print(dnsDomains)
 		if err != nil {
-			r.Reporter.Errorf("%s", err)
+			_ = r.Reporter.Errorf("%s", err)
 			os.Exit(1)
 		}
 		os.Exit(0)

pkg/ocm/helpers.go

@@ -139,12 +139,30 @@ func ValidateHTTPProxy(val interface{}) error {
 		if httpProxy == "" {
 			return nil
 		}
-		url, err := url.ParseRequestURI(httpProxy)
+
+		// Encode password in place
+		if schemeIdx := strings.Index(httpProxy, "://"); schemeIdx >= 0 {
+			afterScheme := httpProxy[schemeIdx+3:]
+			if atIdx := strings.LastIndex(afterScheme, "@"); atIdx >= 0 {
+				credentials := afterScheme[:atIdx]
+				if colonIdx := strings.Index(credentials, ":"); colonIdx >= 0 {
+					username := credentials[:colonIdx]
+					password := credentials[colonIdx+1:]
+					httpProxy = httpProxy[:schemeIdx+3] + username + ":" + url.QueryEscape(password) + "@" + afterScheme[atIdx+1:]
+				}
+			}
+		}
+
+		parsedURL, err := url.ParseRequestURI(httpProxy)
 		if err != nil {
-			return fmt.Errorf("Invalid http-proxy value '%s'", httpProxy)
+			return fmt.Errorf("Invalid http-proxy value '%s': %s", httpProxy, err)
 		}
-		if url.Scheme != "http" {
-			return errors.Errorf("%s", "Expected http-proxy to have an http:// scheme")
+
+		if parsedURL.Scheme != "http" {
+			if parsedURL.Scheme == "https" {
+				return errors.Errorf("Invalid http-proxy value '%s': use --https-proxy for HTTPS proxies", httpProxy)
+			}
+			return errors.Errorf("Expected http-proxy to have an http:// scheme")
 		}
 		return nil
 	}

pkg/ocm/helpers_test.go

@@ -695,3 +695,52 @@ var _ = Describe("GetAutoNodeRoleArn", func() {
 		Expect(exists).To(BeTrue())
 	})
 })
+
+var _ = Describe("ValidateHTTPProxy", func() {
+	It("accepts valid proxy URL with authentication", func() {
+		err := ValidateHTTPProxy("http://user:[email protected]:8080")
+		Expect(err).NotTo(HaveOccurred())
+	})
+
+	It("accepts valid proxy URL without authentication", func() {
+		err := ValidateHTTPProxy("http://proxy.example.com:8080")
+		Expect(err).NotTo(HaveOccurred())
+	})
+
+	It("accepts empty string", func() {
+		err := ValidateHTTPProxy("")
+		Expect(err).NotTo(HaveOccurred())
+	})
+
+	It("auto-encodes password with forward slash", func() {
+		err := ValidateHTTPProxy("http://proxyuser:QvoZjyy/[email protected]:8080")
+		Expect(err).NotTo(HaveOccurred())
+	})
+
+	It("auto-encodes password with @ character", func() {
+		err := ValidateHTTPProxy("http://user:p@[email protected]:8080")
+		Expect(err).NotTo(HaveOccurred())
+	})
+
+	It("auto-encodes password with : character", func() {
+		err := ValidateHTTPProxy("http://user:pa:[email protected]:8080")
+		Expect(err).NotTo(HaveOccurred())
+	})
+
+	It("accepts password with URL-encoded forward slash", func() {
+		err := ValidateHTTPProxy("http://proxyuser:QvoZjyy%[email protected]:8080")
+		Expect(err).NotTo(HaveOccurred())
+	})
+
+	It("rejects HTTPS scheme and suggests using --https-proxy", func() {
+		err := ValidateHTTPProxy("https://proxy.example.com:8080")
+		Expect(err).To(HaveOccurred())
+		Expect(err.Error()).To(ContainSubstring("use --https-proxy"))
+	})
+
+	It("rejects missing protocol scheme", func() {
+		err := ValidateHTTPProxy("proxy.example.com:8080")
+		Expect(err).To(HaveOccurred())
+		Expect(err.Error()).To(ContainSubstring("http:// scheme"))
+	})
+})