OCM-18900 | fix: Improve proxy validation error messages for special characters in passwords

[olucasfreitas]

Details

This PR fixes a usability issue where rosa create cluster --http-proxy was displaying unhelpful error messages when proxy passwords contained special characters like forward slashes, making it difficult for users to understand what was wrong with their input.

---

Fixed Behavior

1. Run the command with a proxy password containing a forward slash:

   ./rosa create cluster --http-proxy "http://proxyuser:QvoZjyy/trkCiY5@10.0.0.161:8080"

2. Now shows clear error message:

   E: Invalid http-proxy value 'http://proxyuser:QvoZjyy/trkCiY5@10.0.0.161:8080': 
      password contains special characters that need URL encoding
   

---

Additional Validations Added

1. Spaces in URL - Detects and rejects URLs with spaces:

   ./rosa create cluster --http-proxy "http://proxy.example.com :8080"

   Output:

   E: Invalid http-proxy value 'http://proxy.example.com :8080': URL cannot contain spaces
   

2. Invalid Port Range - Validates port numbers are between 1 and 65535:

   ./rosa create cluster --http-proxy "http://proxy.example.com:99999"

   Output:

   E: Invalid http-proxy value 'http://proxy.example.com:99999': port must be between 1 and 65535
   

3. Multiple @ Symbols - Detects unencoded @ in passwords:

   ./rosa create cluster --http-proxy "http://user:pass@word@proxy.example.com:8080"

   Output:

   E: Invalid http-proxy value 'http://user:pass@word@proxy.example.com:8080': 
      password contains special characters that need URL encoding
   

---

The --https-proxy Flag Behavior

Using HTTPS scheme with --http-proxy continues to show the existing error:

./rosa create cluster --http-proxy "https://proxy.example.com:8080"

Output:

E: Expected http-proxy to have an http:// scheme

---

Ticket

Closes OCM-18900

[codecov]

Codecov Report

❌ Patch coverage is 44.92754% with 38 lines in your changes missing coverage. Please review.
✅ Project coverage is 23.94%. Comparing base (c854a37) to head (770854f).
⚠️ Report is 10 commits behind head on master.

Files with missing lines	Patch %	Lines
pkg/helper/url/validation.go	0.00%	31 Missing ⚠️
pkg/ocm/helpers.go	88.57%	4 Missing ⚠️
cmd/create/cluster/cmd.go	0.00%	2 Missing ⚠️
cmd/edit/cluster/cmd.go	0.00%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #3052      +/-   ##
==========================================
+ Coverage   23.91%   23.94%   +0.03%     
==========================================
  Files         317      318       +1     
  Lines       35202    35238      +36     
==========================================
+ Hits         8418     8439      +21     
- Misses      26143    26159      +16     
+ Partials      641      640       -1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[olucasfreitas]

/retest-required

[olucasfreitas]

/retest-required

[olucasfreitas]

/retest-required

[hunterkepley]

The test case in the bug ticket does not seem to pass:

E: parse "http://proxyuser:QvoZjyy/trkCiY5@10.0.0.161:8080": invalid port ":QvoZjyy" after host

I think there may be a bug in the parse code

[olucasfreitas]

@hunterkepley I just did some tests here, and it seems to be working after the fix, did you test it with the branch locally ?

[olucasfreitas]

/retest-required

[olucasfreitas]

/retest-required

[hunterkepley]

/test all

[hunterkepley]

/test e2e-presubmits-pr-rosa-sts-advanced

[hunterkepley]

/test e2e-presubmits-pr-rosa-hcp-advanced

[hunterkepley]

Some reason the e2e tests didn't run, I manually ran them so we can verify this MR didn't break any

[olucasfreitas]

/retest

[olucasfreitas]

/retest

[olucasfreitas]

/retest

[hunterkepley]

/test e2e-presubmits-pr-rosa-hcp-advanced

[hunterkepley]

/test e2e-presubmits-pr-rosa-sts-advanced

[openshift-ci]

@olucasfreitas: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/coverage	2637639	link	true	/test coverage

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[olucasfreitas]

/retest

[hunterkepley]

Could you let me know why this is here?

[hunterkepley]

won't this panic if val is not a string?

[hunterkepley]

or a type which can be directly casted into one?

[hunterkepley]

I think there was some confusion on what I suggested in my comment here: #3052 (comment) because the guarding for it panicking was removed after

[hunterkepley]

won't this panic?

[hunterkepley]

Im not sure I understand, we return an empty validation error when there is no ://?

#3052 (comment)

It looks like that previously, this returned an error but didn't have enough information in it. Now it has no information, could you let me know what this block of code should be doing? I might be just confused on it

[hunterkepley]

Also when looking at the block of code above this one, I am even more confused on what this should be accomplishing

[hunterkepley]

When an @ is not found, we return an empty validation error

What does this result in when the final error is printed out?