refactor!: Add Host type. Fix S3 structs to have mandatory fields

Author: sbernauer

crates/stackable-operator/CHANGELOG.md

@@ -7,6 +7,7 @@ All notable changes to this project will be documented in this file.
 ### Added
 
 - Add `Hostname` and `KerberosRealmName` types extracted from secret-operator ([#851]).
+- BREAKING: Add `Host` type and use it within LDAP and OIDC AuthenticationClass as well as S3Connection ([#XXX]).
 - Add support for listener volume scopes to `SecretOperatorVolumeSourceBuilder` ([#858]).
 
 ### Changed
@@ -15,6 +16,7 @@ All notable changes to this project will be documented in this file.
 
 ### Fixed
 
+- BREAKING: The fields on `S3BucketSpec`, `InlinedS3BucketSpec` and `S3ConnectionSpec` are now mandatory (as they should be) ([#XXX]).
 - Fix the CRD description of `ClientAuthenticationDetails` to not contain internal Rust doc, but a public CRD description ([#846]).
 - `StackableAffinity` fields are no longer erroneously marked as required ([#855]).
 

crates/stackable-operator/src/commons/authentication/ldap.rs

@@ -11,6 +11,7 @@ use crate::{
             tls::{TlsClientDetails, TlsClientDetailsError},
             SECRET_BASE_PATH,
         },
+        networking::Host,
         secret_class::{SecretClassVolume, SecretClassVolumeError},
     },
 };
@@ -36,8 +37,8 @@ pub enum Error {
 )]
 #[serde(rename_all = "camelCase")]
 pub struct AuthenticationProvider {
-    /// Hostname of the LDAP server, for example: `my.ldap.server`.
-    pub hostname: String,
+    /// Host of the LDAP server, for example: `my.ldap.server`.
+    pub hostname: Host,
 
     /// Port of the LDAP server. If TLS is used defaults to 636 otherwise to 389.
     port: Option<u16>,

crates/stackable-operator/src/commons/authentication/oidc.rs

@@ -11,7 +11,10 @@ use url::{ParseError, Url};
 
 #[cfg(doc)]
 use crate::commons::authentication::AuthenticationClass;
-use crate::commons::authentication::{tls::TlsClientDetails, SECRET_BASE_PATH};
+use crate::commons::{
+    authentication::{tls::TlsClientDetails, SECRET_BASE_PATH},
+    networking::Host,
+};
 
 pub type Result<T, E = Error> = std::result::Result<T, E>;
 
@@ -40,8 +43,8 @@ pub enum Error {
 )]
 #[serde(rename_all = "camelCase")]
 pub struct AuthenticationProvider {
-    /// Hostname of the identity provider, e.g. `my.keycloak.corp`.
-    hostname: String,
+    /// Host of the identity provider, e.g. `my.keycloak.corp`.
+    hostname: Host,
 
     /// Port of the identity provider. If TLS is used defaults to 443,
     /// otherwise to 80.
@@ -90,7 +93,7 @@ fn default_root_path() -> String {
 
 impl AuthenticationProvider {
     pub fn new(
-        hostname: String,
+        hostname: Host,
         port: Option<u16>,
         root_path: String,
         tls: TlsClientDetails,
@@ -113,8 +116,12 @@ impl AuthenticationProvider {
     /// configuration path, use `url.join()`. This module provides the default
     /// path at [`DEFAULT_OIDC_WELLKNOWN_PATH`].
     pub fn endpoint_url(&self) -> Result<Url> {
-        let mut url = Url::parse(&format!("http://{}:{}", self.hostname, self.port()))
-            .context(ParseOidcEndpointUrlSnafu)?;
+        let mut url = Url::parse(&format!(
+            "http://{}:{}",
+            self.hostname.as_url_host(),
+            self.port()
+        ))
+        .context(ParseOidcEndpointUrlSnafu)?;
 
         if self.tls.uses_tls() {
             url.set_scheme("https").map_err(|_| {
@@ -317,7 +324,7 @@ mod test {
     fn test_oidc_ipv6_endpoint_url() {
         let oidc = serde_yaml::from_str::<AuthenticationProvider>(
             "
-            hostname: '[2606:2800:220:1:248:1893:25c8:1946]'
+            hostname: 2606:2800:220:1:248:1893:25c8:1946
             rootPath: my-root-path
             port: 12345
             scopes: [openid]

crates/stackable-operator/src/commons/networking.rs

@@ -1,21 +1,31 @@
-use std::{fmt::Display, ops::Deref};
+use std::{fmt::Display, net::IpAddr, ops::Deref, str::FromStr};
 
 use schemars::JsonSchema;
 use serde::{Deserialize, Serialize};
 
 use crate::validation;
 
-/// A validated hostname type, for use in CRDs.
-#[derive(Serialize, Deserialize, Clone, Debug, PartialEq, JsonSchema)]
+/// A validated hostname type conforming to RFC 1123, e.g. not an IPv6 address.
+#[derive(
+    Serialize, Deserialize, Clone, Debug, Eq, PartialEq, Hash, Ord, PartialOrd, JsonSchema,
+)]
 #[serde(try_from = "String", into = "String")]
 pub struct Hostname(#[validate(regex(path = "validation::RFC_1123_SUBDOMAIN_REGEX"))] String);
 
+impl FromStr for Hostname {
+    type Err = validation::Errors;
+
+    fn from_str(value: &str) -> Result<Self, Self::Err> {
+        validation::is_rfc_1123_subdomain(&value)?;
+        Ok(Hostname(value.to_owned()))
+    }
+}
+
 impl TryFrom<String> for Hostname {
     type Error = validation::Errors;
 
     fn try_from(value: String) -> Result<Self, Self::Error> {
-        validation::is_rfc_1123_subdomain(&value)?;
-        Ok(Hostname(value))
+        value.parse()
     }
 }
 
@@ -39,6 +49,68 @@ impl Deref for Hostname {
     }
 }
 
+/// A validated host (either a [`Hostname`] or IP address) type.
+#[derive(
+    Serialize, Deserialize, Clone, Debug, Eq, PartialEq, Hash, Ord, PartialOrd, JsonSchema,
+)]
+#[serde(try_from = "String", into = "String")]
+pub enum Host {
+    IpAddress(IpAddr),
+    Hostname(Hostname),
+}
+
+impl FromStr for Host {
+    type Err = validation::Error;
+
+    fn from_str(value: &str) -> Result<Self, Self::Err> {
+        if let Ok(ip) = value.parse::<IpAddr>() {
+            return Ok(Host::IpAddress(ip));
+        }
+
+        if let Ok(hostname) = value.parse() {
+            return Ok(Host::Hostname(hostname));
+        };
+
+        Err(validation::Error::NotAHost {})
+    }
+}
+
+impl TryFrom<String> for Host {
+    type Error = validation::Error;
+
+    fn try_from(value: String) -> Result<Self, Self::Error> {
+        value.parse()
+    }
+}
+
+impl From<Host> for String {
+    fn from(value: Host) -> Self {
+        format!("{value}")
+    }
+}
+
+impl Display for Host {
+    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+        match self {
+            Host::IpAddress(ip) => write!(f, "{ip}"),
+            Host::Hostname(hostname) => write!(f, "{hostname}"),
+        }
+    }
+}
+
+impl Host {
+    /// Formats the host in such a way that it can be used in URLs.
+    pub fn as_url_host(&self) -> String {
+        match self {
+            Host::IpAddress(ip) => match ip {
+                IpAddr::V4(ip) => ip.to_string(),
+                IpAddr::V6(ip) => format!("[{ip}]"),
+            },
+            Host::Hostname(hostname) => hostname.to_string(),
+        }
+    }
+}
+
 /// A validated kerberos realm name type, for use in CRDs.
 #[derive(Serialize, Deserialize, Clone, Debug, PartialEq, JsonSchema)]
 #[serde(try_from = "String", into = "String")]
@@ -74,3 +146,48 @@ impl Deref for KerberosRealmName {
         &self.0
     }
 }
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    use rstest::rstest;
+
+    #[rstest]
+    #[case("foo")]
+    #[case("foo.bar")]
+    // Well this is also a valid hostname I guess
+    #[case("1.2.3.4")]
+    fn test_host_and_hostname_parsing_success(#[case] hostname: String) {
+        let parsed_hostname: Hostname = hostname.parse().expect("hostname can not be parsed");
+        // Every host is also a valid hostname
+        let parsed_host: Host = hostname.parse().expect("host can not be parsed");
+
+        // Also test the round-trip
+        assert_eq!(parsed_hostname.to_string(), hostname);
+        assert_eq!(parsed_host.to_string(), hostname);
+    }
+
+    #[rstest]
+    #[case("")]
+    #[case("foo.bar:1234")]
+    #[case("fe80::1")]
+    fn test_hostname_parsing_invalid_input(#[case] hostname: &str) {
+        assert!(hostname.parse::<Hostname>().is_err());
+    }
+
+    #[rstest]
+    #[case("foo", "foo")]
+    #[case("foo.bar", "foo.bar")]
+    #[case("1.2.3.4", "1.2.3.4")]
+    #[case("fe80::1", "[fe80::1]")]
+    fn test_host_parsing_success(#[case] host: &str, #[case] expected_url_host: &str) {
+        // Every host is also a valid hostname
+        let parsed_host: Host = host.parse().expect("host can not be parsed");
+
+        // Also test the round-trip
+        assert_eq!(parsed_host.to_string(), host);
+
+        assert_eq!(parsed_host.as_url_host(), expected_url_host);
+    }
+}