Add additional validation to otel endpoint

javorszky · javorszky · commit 46c725cb3b78 · 2025-06-17T13:25:14.000+01:00
diff --git a/internal/configs/configmaps.go b/internal/configs/configmaps.go
@@ -754,6 +754,11 @@ func parseConfigMapOpenTelemetry(l *slog.Logger, cfgm *v1.ConfigMap, cfgParams *
 	if otelExporterEndpoint, exists := cfgm.Data["otel-exporter-endpoint"]; exists {
 		otelExporterEndpoint = strings.TrimSpace(otelExporterEndpoint)
 		if otelExporterEndpoint != "" {
+			if err := validation.ValidateHost(otelExporterEndpoint); err != nil {
+				nl.Warn(l, err)
+				eventLog.Event(cfgm, v1.EventTypeWarning, nl.EventReasonInvalidValue, err.Error())
+				return nil, err
+			}
 			cfgParams.MainOtelExporterEndpoint = otelExporterEndpoint
 		}
 	}
diff --git a/internal/configs/configmaps_test.go b/internal/configs/configmaps_test.go
@@ -1403,6 +1403,34 @@ func TestOpenTelemetryConfigurationSuccess(t *testing.T) {
 			expectedServiceName:         "nginx-ingress-controller:nginx",
 			msg:                         "endpoint set, minimal config",
 		},
+		{
+			configMap: &v1.ConfigMap{
+				Data: map[string]string{
+					"otel-exporter-endpoint": "subdomain.goes.on.and.on.and.on.and.on.example.com",
+				},
+			},
+			expectedLoadModule:          true,
+			expectedExporterEndpoint:    "subdomain.goes.on.and.on.and.on.and.on.example.com",
+			expectedExporterHeaderName:  "",
+			expectedExporterHeaderValue: "",
+			expectedServiceName:         "",
+			expectedTraceInHTTP:         false,
+			msg:                         "endpoint set, complicated long subdomain",
+		},
+		{
+			configMap: &v1.ConfigMap{
+				Data: map[string]string{
+					"otel-exporter-endpoint": "localhost:9933",
+				},
+			},
+			expectedLoadModule:          true,
+			expectedExporterEndpoint:    "localhost:9933",
+			expectedExporterHeaderName:  "",
+			expectedExporterHeaderValue: "",
+			expectedServiceName:         "",
+			expectedTraceInHTTP:         false,
+			msg:                         "endpoint set, hostname and port no scheme",
+		},
 		{
 			configMap: &v1.ConfigMap{
 				Data: map[string]string{
@@ -1595,6 +1623,76 @@ func TestOpenTelemetryConfigurationInvalid(t *testing.T) {
 			expectedTraceInHTTP:         true,
 			msg:                         "partially invalid, header name missing, trace in http set",
 		},
+		{
+			configMap: &v1.ConfigMap{
+				Data: map[string]string{
+					"otel-exporter-endpoint": "something?invalid*30here",
+				},
+			},
+			expectedLoadModule:          false,
+			expectedExporterEndpoint:    "",
+			expectedExporterHeaderName:  "",
+			expectedExporterHeaderValue: "",
+			expectedServiceName:         "",
+			expectedTraceInHTTP:         false,
+			msg:                         "invalid, endpoint does not look like a host",
+		},
+		{
+			configMap: &v1.ConfigMap{
+				Data: map[string]string{
+					"otel-exporter-endpoint": "localhost:0",
+				},
+			},
+			expectedLoadModule:          false,
+			expectedExporterEndpoint:    "localhost:0",
+			expectedExporterHeaderName:  "",
+			expectedExporterHeaderValue: "",
+			expectedServiceName:         "",
+			expectedTraceInHTTP:         false,
+			msg:                         "invalid, port is outside of range down",
+		},
+		{
+			configMap: &v1.ConfigMap{
+				Data: map[string]string{
+					"otel-exporter-endpoint": "localhost:99999",
+				},
+			},
+			expectedLoadModule:          false,
+			expectedExporterEndpoint:    "",
+			expectedExporterHeaderName:  "",
+			expectedExporterHeaderValue: "",
+			expectedServiceName:         "",
+			expectedTraceInHTTP:         false,
+			msg:                         "invalid, port is outside of range up",
+		},
+		{
+			configMap: &v1.ConfigMap{
+				Data: map[string]string{
+					"otel-exporter-endpoint": "fe80::1",
+				},
+			},
+			expectedLoadModule:          false,
+			expectedExporterEndpoint:    "",
+			expectedExporterHeaderName:  "",
+			expectedExporterHeaderValue: "",
+			expectedServiceName:         "",
+			expectedTraceInHTTP:         false,
+			msg:                         "invalid, endpoint is an ipv6 address",
+		},
+		{
+			configMap: &v1.ConfigMap{
+				Data: map[string]string{
+					"otel-exporter-endpoint": "thisisaverylongsubdomainthatexceedsatotalofsixtythreecharactersz.example.com",
+				},
+			},
+			expectedLoadModule:          false,
+			expectedExporterEndpoint:    "",
+			expectedExporterHeaderName:  "",
+			expectedExporterHeaderValue: "",
+			expectedServiceName:         "",
+			expectedTraceInHTTP:         false,
+			msg:                         "invalid, subdomain is more than 63 characters long",
+		},
 	}
 
 	isPlus := false

Original file line number	Diff line number	Diff line change
`@@ -754,6 +754,11 @@ func parseConfigMapOpenTelemetry(l slog.Logger, cfgm v1.ConfigMap, cfgParams *`
`754`	`754`	`if otelExporterEndpoint, exists := cfgm.Data["otel-exporter-endpoint"]; exists {`
`755`	`755`	`otelExporterEndpoint = strings.TrimSpace(otelExporterEndpoint)`
`756`	`756`	`if otelExporterEndpoint != "" {`
	`757`	`+ if err := validation.ValidateHost(otelExporterEndpoint); err != nil {`
	`758`	`+ nl.Warn(l, err)`
	`759`	`+ eventLog.Event(cfgm, v1.EventTypeWarning, nl.EventReasonInvalidValue, err.Error())`
	`760`	`+ return nil, err`
	`761`	`+ }`
`757`	`762`	`cfgParams.MainOtelExporterEndpoint = otelExporterEndpoint`
`758`	`763`	`}`
`759`	`764`	`}`