CR-8730 ingress host validation (#206)

* ingress host validation

* bump

* add insecure-ingress-host flag

* insecure-ingress-host flag in store and added on config flags

* docs

* typo fix

* handle error types

* wip

* check certificate for http ingress

* wip

* bump go-sdk

* ensureIngressHost

* improve error

* fixed a typo

* print error

* added logs

* add log

* true, nil

* do not validate http

* improve errors

Co-authored-by: Noam Gal <noam.gal@codefresh.io>

Author: rotem-codefresh

Makefile

@@ -1,4 +1,4 @@
-VERSION=v0.0.196
+VERSION=v0.0.197
 
 OUT_DIR=dist
 YEAR?=$(shell date +"%Y")

cmd/commands/common.go

@@ -30,11 +30,16 @@ package commands
 
 import (
 	"context"
+	"crypto/tls"
+	"crypto/x509"
 	_ "embed"
 	"fmt"
+	"net/http"
+	"net/url"
 	"os"
 	"regexp"
 	"strings"
+	"time"
 
 	"github.com/argoproj-labs/argocd-autopilot/pkg/git"
 	"github.com/codefresh-io/cli-v2/pkg/config"
@@ -90,6 +95,10 @@ func IsValidName(s string) (bool, error) {
 	return regexp.MatchString(`^[a-z]([-a-z0-9]{0,61}[a-z0-9])?$`, s)
 }
 
+func IsValidIngressHost(ingress string) (bool, error) {
+	return regexp.MatchString(`^(http|https)://`, ingress)
+}
+
 func askUserIfToInstallDemoResources(cmd *cobra.Command, sampleInstall *bool) error {
 	if !store.Get().Silent && !cmd.Flags().Changed("sample-install") {
 		templates := &promptui.SelectTemplates{
@@ -360,3 +369,94 @@ func getIngressHostFromUserInput(cmd *cobra.Command, ingressHost *string) error
 
 	return nil
 }
+
+func checkIngressHostCertificate(ctx context.Context, ingress string) (bool, error) {
+	var err error
+	match, _ := regexp.MatchString(`^http://`, ingress)
+	if match { //if user provided http ingress
+		log.G(ctx).Warn("The ingress host uses an insecure protocol. The browser may block subsequent runtime requests from the UI unless explicitly approved.")
+
+		return true, nil
+	}
+
+	res, err := http.Get(ingress)
+
+	if err == nil {
+		res.Body.Close()
+		return true, nil
+	}
+
+	urlErr, ok := err.(*url.Error)
+	if !ok {
+		return false, err
+	}
+	_, ok1 := urlErr.Err.(x509.CertificateInvalidError)
+	_, ok2 := urlErr.Err.(x509.SystemRootsError)
+	_, ok3 := urlErr.Err.(x509.UnknownAuthorityError)
+	_, ok4 := urlErr.Err.(x509.ConstraintViolationError)
+	_, ok5 := urlErr.Err.(x509.HostnameError)
+
+	certErr := ok1 || ok2 || ok3 || ok4 || ok5
+	if !certErr {
+		return false, fmt.Errorf("failed with non-certificate error: %w", err)
+	}
+
+	insecureOk := checkIngressHostWithInsecure(ingress)
+	if !insecureOk {
+		return false, fmt.Errorf("insecure call failed: %w", err)
+	}
+	
+	return false, nil
+}
+
+func checkIngressHostWithInsecure(ingress string) bool {
+	httpClient := &http.Client{}
+	httpClient.Timeout = 10 * time.Second
+	customTransport := http.DefaultTransport.(*http.Transport).Clone()
+	customTransport.TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
+	httpClient.Transport = customTransport
+	req, err := http.NewRequest("GET", ingress, nil)
+	if err != nil {
+		return false
+	}
+	res, err := httpClient.Do(req)
+	if err != nil {
+		return false
+	}
+	res.Body.Close()
+	return true
+}
+
+func askUserIfToProceedWithInsecure(ctx context.Context) error {
+	if store.Get().InsecureIngressHost {
+		return nil
+	}
+	if store.Get().Silent {
+		return fmt.Errorf("cancelled installation due to invalid ingress host certificate")
+	}
+
+	templates := &promptui.SelectTemplates{
+		Selected: "{{ . | yellow }} ",
+	}
+
+	log.G(ctx).Warnf("The provided ingressHost does not have a valid certificate.")
+	labelStr := fmt.Sprintf("%vDo you wish to continue the installation with insecure ingress host mode?%v", CYAN, COLOR_RESET)
+
+	prompt := promptui.Select{
+		Label:     labelStr,
+		Items:     []string{"Yes", "Cancel installation"},
+		Templates: templates,
+	}
+
+	_, result, err := prompt.Run()
+	if err != nil {
+		return fmt.Errorf("Prompt error: %w", err)
+	}
+
+	if result == "Yes" {
+		store.Get().InsecureIngressHost = true
+	} else {
+		return fmt.Errorf("cancelled installation due to invalid ingress host certificate")
+	}
+	return nil
+}

cmd/commands/integrations.go

@@ -36,6 +36,7 @@ import (
 	"strings"
 
 	"github.com/codefresh-io/cli-v2/pkg/log"
+	"github.com/codefresh-io/cli-v2/pkg/store"
 	"github.com/codefresh-io/cli-v2/pkg/util"
 	sdk "github.com/codefresh-io/go-sdk/pkg/codefresh"
 	model "github.com/codefresh-io/go-sdk/pkg/codefresh/model/app-proxy"
@@ -401,7 +402,7 @@ func getAppProxyClient(runtime *string, client *sdk.AppProxyAPI) func(*cobra.Com
 			*runtime = cur.DefaultRuntime
 		}
 
-		appProxy, err := cfConfig.NewClient().AppProxy(cmd.Context(), *runtime)
+		appProxy, err := cfConfig.NewClient().AppProxy(cmd.Context(), *runtime, store.Get().InsecureIngressHost)
 		if err != nil {
 			return err
 		}

cmd/commands/runtime.go

@@ -268,7 +268,7 @@ func runtimeInstallCommandPreRunHandler(cmd *cobra.Command, opts *RuntimeInstall
 		return err
 	}
 
-	if err := getIngressHostFromUserInput(cmd, &opts.IngressHost); err != nil {
+	if err := ensureIngressHost(cmd, opts); err != nil {
 		return err
 	}
 
@@ -298,6 +298,32 @@ func runtimeInstallCommandPreRunHandler(cmd *cobra.Command, opts *RuntimeInstall
 	return nil
 }
 
+func ensureIngressHost(cmd *cobra.Command, opts *RuntimeInstallOptions) error {
+	if err := getIngressHostFromUserInput(cmd, &opts.IngressHost); err != nil {
+		return err
+	}
+
+	isValid, err := IsValidIngressHost(opts.IngressHost)
+	if err != nil {
+		log.G(cmd.Context()).Fatal("failed to check the validity of the ingress host")
+	} else if !isValid {
+		log.G(cmd.Context()).Fatal("ingress host must begin with a protocol http:// or https://")
+	}
+
+	certValid, err := checkIngressHostCertificate(cmd.Context(), opts.IngressHost)
+	if err != nil {
+		log.G(cmd.Context()).Fatalf("failed to check ingress host: %v", err)
+	}
+	
+	if !certValid {
+		if err = askUserIfToProceedWithInsecure(cmd.Context()); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
 func getComponents(rt *runtime.Runtime, opts *RuntimeInstallOptions) []string {
 	var componentNames []string
 	for _, component := range rt.Spec.Components {
@@ -343,7 +369,7 @@ func RunRuntimeInstall(ctx context.Context, opts *RuntimeInstallOptions) error {
 	}
 
 	rt, err := runtime.Download(opts.Version, opts.RuntimeName)
-	appendLogToSummary("Dowmloading runtime definition", err)
+	appendLogToSummary("Downloading runtime definition", err)
 	if err != nil {
 		return fmt.Errorf("failed to download runtime definition: %w", err)
 	}
@@ -490,7 +516,7 @@ func RunRuntimeInstall(ctx context.Context, opts *RuntimeInstallOptions) error {
 }
 
 func addDefaultGitIntegration(ctx context.Context, runtime string, opts *apmodel.AddGitIntegrationArgs) error {
-	appProxyClient, err := cfConfig.NewClient().AppProxy(ctx, runtime)
+	appProxyClient, err := cfConfig.NewClient().AppProxy(ctx, runtime, store.Get().InsecureIngressHost)
 	if err != nil {
 		return fmt.Errorf("failed to build app-proxy client: %w", err)
 	}
@@ -1267,7 +1293,7 @@ func createReporter(ctx context.Context, cloneOpts *git.CloneOptions, opts *Runt
 		return err
 	}
 
-	log.G(ctx).Info("Pushing Codefresh ", strings.Title(reporterCreateOpts.reporterName), " mainifests")
+	log.G(ctx).Info("Pushing Codefresh ", strings.Title(reporterCreateOpts.reporterName), " manifests")
 
 	pushMessage := "Created Codefresh" + strings.Title(reporterCreateOpts.reporterName) + "Reporter"
 

docs/commands/cli-v2.md

@@ -26,6 +26,7 @@ cli-v2 [flags]
       --cfconfig string            Custom path for authentication contexts config file (default "/home/user")
   -h, --help                       help for cli-v2
       --insecure                   Disable certificate validation for TLS connections (e.g. to g.codefresh.io)
+      --insecure-ingress-host      Disable certificate validation of ingress host (default: false)
       --request-timeout duration   Request timeout (default 30s)
 ```
 

docs/commands/cli-v2_component.md

@@ -18,6 +18,7 @@ cli-v2 component [flags]
       --auth-context string        Run the next command using a specific authentication context
       --cfconfig string            Custom path for authentication contexts config file (default "/home/user")
       --insecure                   Disable certificate validation for TLS connections (e.g. to g.codefresh.io)
+      --insecure-ingress-host      Disable certificate validation of ingress host (default: false)
       --request-timeout duration   Request timeout (default 30s)
 ```
 

docs/commands/cli-v2_component_list.md

@@ -26,6 +26,7 @@ cli-v2 component list [runtime_name] [flags]
       --auth-context string        Run the next command using a specific authentication context
       --cfconfig string            Custom path for authentication contexts config file (default "/home/user")
       --insecure                   Disable certificate validation for TLS connections (e.g. to g.codefresh.io)
+      --insecure-ingress-host      Disable certificate validation of ingress host (default: false)
       --request-timeout duration   Request timeout (default 30s)
 ```
 

docs/commands/cli-v2_config.md

@@ -31,6 +31,7 @@ cli-v2 config [flags]
       --auth-context string        Run the next command using a specific authentication context
       --cfconfig string            Custom path for authentication contexts config file (default "/home/user")
       --insecure                   Disable certificate validation for TLS connections (e.g. to g.codefresh.io)
+      --insecure-ingress-host      Disable certificate validation of ingress host (default: false)
       --request-timeout duration   Request timeout (default 30s)
 ```
 

docs/commands/cli-v2_config_create-context.md

@@ -29,6 +29,7 @@ cli-v2 config create-context [flags]
       --auth-context string        Run the next command using a specific authentication context
       --cfconfig string            Custom path for authentication contexts config file (default "/home/user")
       --insecure                   Disable certificate validation for TLS connections (e.g. to g.codefresh.io)
+      --insecure-ingress-host      Disable certificate validation of ingress host (default: false)
       --request-timeout duration   Request timeout (default 30s)
 ```
 

docs/commands/cli-v2_config_current-context.md

@@ -27,6 +27,7 @@ cli-v2 config current-context [flags]
       --auth-context string        Run the next command using a specific authentication context
       --cfconfig string            Custom path for authentication contexts config file (default "/home/user")
       --insecure                   Disable certificate validation for TLS connections (e.g. to g.codefresh.io)
+      --insecure-ingress-host      Disable certificate validation of ingress host (default: false)
       --request-timeout duration   Request timeout (default 30s)
 ```