fix(nvswitch-redfish): bracket IPv6 BMC hosts in Redfish endpoint URLs#3013
fix(nvswitch-redfish): bracket IPv6 BMC hosts in Redfish endpoint URLs#3013CTOmari360 wants to merge 2 commits into
Conversation
RedfishClient.New built the gofish endpoint with a bare
fmt.Sprintf("https://%s:%d", b.IP.String(), port). For an IPv6 BMC the
unbracketed host yields an invalid URL authority -- e.g.
https://2001:db8::1:8443 (custom port) or https://2001:db8::1 (default
port) -- so gofish cannot connect to IPv6 NV-Switch BMCs.
Extract a pure buildEndpoint helper that brackets IPv6 literals:
net.JoinHostPort for the port case (which also leaves IPv4/hostnames
untouched), and an explicit bracket for the no-port (default 443) case.
IPv4 and hostname endpoints are unchanged. Also use the
bmc.DefaultBMCPort constant in place of the magic 443.
Add a table-driven TestBuildEndpoint; the two IPv6 cases fail pre-fix.
Part of NVIDIA#2237 (IPv6 Bug Scan Bucket).
Signed-off-by: Omar Refai <omar@refai.org>
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Enterprise Run ID: 📒 Files selected for processing (2)
🚧 Files skipped from review as they are similar to previous changes (2)
Summary by CodeRabbit
WalkthroughThe Redfish client now builds its HTTPS endpoint through an unexported ChangesIPv6-safe Redfish Endpoint Builder
Estimated code review effort🎯 2 (Simple) | ⏱️ ~10 minutes 🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
There was a problem hiding this comment.
🧹 Nitpick comments (1)
rest-api/nvswitch-manager/pkg/redfish/client_test.go (1)
6-9: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick winUse
testifyassertions here. Replace thet.Fatalf/t.Errorfchecks inTestBuildEndpointwithrequire/assertto match the rest ofrest-apitests and keep failures consistent.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@rest-api/nvswitch-manager/pkg/redfish/client_test.go` around lines 6 - 9, `TestBuildEndpoint` is using raw `t.Fatalf`/`t.Errorf` checks instead of the test helpers used elsewhere in rest-api. Update the assertions in `TestBuildEndpoint` to use testify’s `require` and `assert` packages, keeping the existing test logic intact while making failures consistent; this change should be localized in the test function that exercises `BuildEndpoint`.Source: Coding guidelines
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Nitpick comments:
In `@rest-api/nvswitch-manager/pkg/redfish/client_test.go`:
- Around line 6-9: `TestBuildEndpoint` is using raw `t.Fatalf`/`t.Errorf` checks
instead of the test helpers used elsewhere in rest-api. Update the assertions in
`TestBuildEndpoint` to use testify’s `require` and `assert` packages, keeping
the existing test logic intact while making failures consistent; this change
should be localized in the test function that exercises `BuildEndpoint`.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Enterprise
Run ID: cc4c7c5b-cbed-4ac1-992e-96635182e3f7
📒 Files selected for processing (2)
rest-api/nvswitch-manager/pkg/redfish/client.gorest-api/nvswitch-manager/pkg/redfish/client_test.go
|
/ok to test 046a5b7 |
|
@CTOmari360 isn't there a URI go library or something that'll do this for us? |
🔍 Container Scan Summary
Per-CVE detail lives in the per-service |
🔐 TruffleHog Secret Scan✅ No secrets or credentials found! Your code has been scanned for 700+ types of secrets and credentials. All clear! 🎉 🕐 Last updated: 2026-06-30 17:39:13 UTC | Commit: 046a5b7 |
…rl.URL Per review (ajf): collapse the endpoint construction to the canonical stdlib helpers instead of hand-bracketing. net.JoinHostPort brackets IPv6 literals (and leaves IPv4/hostnames untouched); url.URL assembles the string. Drops the manual strings.Contains bracketing and the default-port special case. Default-port endpoints are now explicit (https://host:443), which is equivalent to the bare-host form for HTTPS. Test expectations updated accordingly. Part of NVIDIA#2237 (IPv6 Bug Scan Bucket). Signed-off-by: Omar Refai <omar@refai.org>
|
Yep — the stdlib helper is Simplified it to lean entirely on the stdlib — just pushed: func buildEndpoint(ip net.IP, port int) string {
return (&url.URL{
Scheme: "https",
Host: net.JoinHostPort(ip.String(), strconv.Itoa(port)),
}).String()
}Only visible change is that default-port endpoints are now explicit ( |
Builds the gofish Redfish endpoint URL for NV-Switch BMCs with IPv6-safe host bracketing.
RedfishClient.Newbuilt the endpoint with a barefmt.Sprintf("https://%s:%d", b.IP.String(), port). Becauseb.IPis anet.IP, an IPv6 BMC'sString()is unbracketed, yielding an invalid URL authority:https://2001:db8::1:8443https://2001:db8::1gofish (and any URL parser) cannot resolve these, so the client cannot connect to IPv6 NV-Switch BMCs.
The endpoint logic is extracted into a pure
buildEndpoint(ip net.IP, port int) stringhelper that brackets IPv6 literals —net.JoinHostPortfor the port case (which also leaves IPv4/hostnames untouched), and an explicit bracket for the no-port (default443) case. IPv4 and hostname endpoints are unchanged; the magic443is replaced with the existingbmc.DefaultBMCPortconstant.This is the same IPv6-URL-bracketing bug class previously fixed in the nv-redfish client (#3008) and bmc-proxy (#3010), here in the distinct
rest-api/nvswitch-managercomponent.Related issues
Part of #2237 (IPv6 Bug Scan Bucket).
Type of Change
Breaking Changes
Testing
Added a table-driven
TestBuildEndpointcovering IPv4/IPv6 × default/custom port. The two IPv6 cases fail before the fix (https://2001:db8::1/https://2001:db8::1:8443) and pass after.go build ./nvswitch-manager/...,go vet, andgofmt -lare clean.Additional Notes
The endpoint string was previously inline inside
New()(which performs network I/O viagofish.ConnectContext); extracting the pure helper makes the URL construction unit-testable without a live BMC.