-
Notifications
You must be signed in to change notification settings - Fork 896
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: Add IPv6 support for signing HTTP request #2701
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the fix!!
bc13f0b
to
cdee612
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm!
7946f56
to
b87158a
Compare
ccf2ad2
to
53b2cad
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @yuyin002 , looks good. Can we just avoid adding the govalidator depenency?
6ed0ca1
to
aa73299
Compare
Add in a new function isIPv6() for IPv6 host check.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @yuyin002 !
PR vmware#2701 (ebeaa71) added IPv6 support for signing HTTP request, but was treating all IPs as v6.
PR vmware#2701 (ebeaa71) added IPv6 support for signing HTTP request, but was treating all IPs as v6.
Closes: #2696
Description
Hostname that's an IPv6 address is expected to be surrounded by square brackets (like in URL), however govmomi uses url.Hostname() which strips those square brackets: https://github.com/vmware/govmomi/blob/master/sts/signer.go#L281
https://pkg.go.dev/net/url#URL.Hostname says:
Hostname returns u.Host, stripping any valid port number if present.
If the result is enclosed in square brackets, as literal IPv6 addresses are, the square brackets are removed from the result.
This may lead to authentication failure for services that use govmomi. This change added the check for IPv6 host and add the brackets.
Type of change
Please mark options that are relevant:
not work as expected)
How Has This Been Tested?
Previously, vCenter deployed with pure IPv6 failed to authenticate dcli request; after this change, the dcli request can be successfully authenticated.
Please describe the tests that you ran to verify your changes. Provide
instructions so we can reproduce. If applicable, please also list any relevant
details for your test configuration.
Checklist:
this project
NA
Note: This test is failing before & after this change was made
NA