Merge pull request #971 from b4ld/feature/validate-gitlab-provider

Network Connection and Validate Methods

pkg/provider/akeyless/akeyless.go

@@ -19,6 +19,7 @@ import (
 	"encoding/json"
 	"fmt"
 	"strconv"
+	"time"
 
 	"github.com/akeylesslabs/akeyless-go/v2"
 	"sigs.k8s.io/controller-runtime/pkg/client"
@@ -50,6 +51,7 @@ type akeylessBase struct {
 
 type Akeyless struct {
 	Client akeylessVaultInterface
+	url    string
 }
 
 type akeylessVaultInterface interface {
@@ -102,7 +104,7 @@ func newClient(_ context.Context, store esv1beta1.GenericStore, kube client.Clie
 
 	akl.akeylessGwAPIURL = akeylessGwAPIURL
 	akl.RestAPI = RestAPIClient
-	return &Akeyless{Client: akl}, nil
+	return &Akeyless{Client: akl, url: akeylessGwAPIURL}, nil
 }
 
 func (a *Akeyless) Close(ctx context.Context) error {
@@ -110,7 +112,10 @@ func (a *Akeyless) Close(ctx context.Context) error {
 }
 
 func (a *Akeyless) Validate() error {
-	return nil
+	timeout := 15 * time.Second
+	url := a.url
+
+	return utils.NetworkValidate(url, timeout)
 }
 
 // Implements store.Client.GetSecret Interface.

pkg/provider/alibaba/kms.go

@@ -18,6 +18,7 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
+	"time"
 
 	kmssdk "github.com/aliyun/alibaba-cloud-sdk-go/services/kms"
 	"github.com/tidwall/gjson"
@@ -57,6 +58,7 @@ var _ esv1beta1.Provider = &KeyManagementService{}
 
 type KeyManagementService struct {
 	Client SMInterface
+	url    string
 }
 
 type SMInterface interface {
@@ -187,6 +189,7 @@ func (kms *KeyManagementService) NewClient(ctx context.Context, store esv1beta1.
 		return nil, fmt.Errorf(errAlibabaClient, err)
 	}
 	kms.Client = keyManagementService
+	kms.url = alibabaSpec.Endpoint
 	return kms, nil
 }
 
@@ -195,7 +198,10 @@ func (kms *KeyManagementService) Close(ctx context.Context) error {
 }
 
 func (kms *KeyManagementService) Validate() error {
-	return nil
+	timeout := 15 * time.Second
+	url := kms.url
+
+	return utils.NetworkValidate(url, timeout)
 }
 
 func (kms *KeyManagementService) ValidateStore(store esv1beta1.GenericStore) error {

pkg/provider/gitlab/gitlab.go

@@ -18,6 +18,7 @@ import (
 	"encoding/json"
 	"fmt"
 	"strings"
+	"time"
 
 	"github.com/tidwall/gjson"
 	gitlab "github.com/xanzy/go-gitlab"
@@ -52,6 +53,7 @@ type Client interface {
 // Gitlab Provider struct with reference to a GitLab client and a projectID.
 type Gitlab struct {
 	client    Client
+	url       string
 	projectID interface{}
 }
 
@@ -146,6 +148,7 @@ func (g *Gitlab) NewClient(ctx context.Context, store esv1beta1.GenericStore, ku
 
 	g.client = gitlabClient.ProjectVariables
 	g.projectID = cliStore.store.ProjectID
+	g.url = cliStore.store.URL
 
 	return g, nil
 }
@@ -220,7 +223,10 @@ func (g *Gitlab) Close(ctx context.Context) error {
 }
 
 func (g *Gitlab) Validate() error {
-	return nil
+	timeout := 15 * time.Second
+	url := g.url
+
+	return utils.NetworkValidate(url, timeout)
 }
 
 func (g *Gitlab) ValidateStore(store esv1beta1.GenericStore) error {

pkg/provider/webhook/webhook.go

@@ -25,6 +25,7 @@ import (
 	"net/url"
 	"strings"
 	tpl "text/template"
+	"time"
 
 	"github.com/Masterminds/sprig/v3"
 	"github.com/PaesslerAG/jsonpath"
@@ -35,6 +36,7 @@ import (
 	esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1"
 	esmeta "github.com/external-secrets/external-secrets/apis/meta/v1"
 	"github.com/external-secrets/external-secrets/pkg/template/v2"
+	"github.com/external-secrets/external-secrets/pkg/utils"
 )
 
 // https://github.com/external-secrets/external-secrets/issues/644
@@ -50,6 +52,7 @@ type WebHook struct {
 	namespace string
 	storeKind string
 	http      *http.Client
+	url       string
 }
 
 func init() {
@@ -69,6 +72,8 @@ func (p *Provider) NewClient(ctx context.Context, store esv1beta1.GenericStore,
 	if err != nil {
 		return nil, err
 	}
+	whClient.url = provider.URL
+
 	whClient.http, err = whClient.getHTTPClient(provider)
 	if err != nil {
 		return nil, err
@@ -390,7 +395,10 @@ func (w *WebHook) Close(ctx context.Context) error {
 }
 
 func (w *WebHook) Validate() error {
-	return nil
+	timeout := 15 * time.Second
+	url := w.url
+
+	return utils.NetworkValidate(url, timeout)
 }
 
 func executeTemplateString(tmpl string, data map[string]map[string]string) (string, error) {

pkg/utils/utils.go

@@ -19,8 +19,11 @@ import (
 	// nolint:gosec
 	"crypto/md5"
 	"fmt"
+	"net"
+	"net/url"
 	"reflect"
 	"strings"
+	"time"
 	"unicode"
 
 	esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1"
@@ -134,3 +137,26 @@ func ValidateServiceAccountSelector(store esv1beta1.GenericStore, ref esmeta.Ser
 	}
 	return nil
 }
+
+func NetworkValidate(endpoint string, timeout time.Duration) error {
+	hostname, err := url.Parse(endpoint)
+
+	if err != nil {
+		return fmt.Errorf("could not parse url: %w", err)
+	}
+
+	host := hostname.Hostname()
+	port := hostname.Port()
+
+	if port == "" {
+		port = "443"
+	}
+
+	url := fmt.Sprintf("%v:%v", host, port)
+	conn, err := net.DialTimeout("tcp", url, timeout)
+	if err != nil {
+		return fmt.Errorf("error accessing external store: %w", err)
+	}
+	defer conn.Close()
+	return nil
+}

pkg/utils/utils_test.go

@@ -17,6 +17,7 @@ package utils
 import (
 	"reflect"
 	"testing"
+	"time"
 
 	vault "github.com/oracle/oci-go-sdk/v56/vault"
 	v1 "k8s.io/api/core/v1"
@@ -224,3 +225,10 @@ func TestConvertKeys(t *testing.T) {
 		})
 	}
 }
+
+func TestValidate(t *testing.T) {
+	err := NetworkValidate("http://google.com", 10*time.Second)
+	if err != nil {
+		t.Errorf("Connection problem: %v", err)
+	}
+}