Handle vSphere usernames with URI-reserved chars

Note the backticks for the username with a backslash in it; this type of literal seems clearer than the \\ escaping. The & sign has no special meaning in go and can be a "normal" interpreted string literal.
pivotal-cf · Feb 14, 2023 · 7f9152c · 7f9152c
1 parent 1d3c3b6
commit 7f9152c
Show file tree

Hide file tree

Showing 2 changed files with 34 additions and 1 deletion.
diff --git a/vmlifecycle/configfetchers/initialize.go b/vmlifecycle/configfetchers/initialize.go
@@ -311,5 +311,5 @@ func buildURL(creds *Credentials) (string, error) {
 		return "", fmt.Errorf("the '--vsphere-url=%s' was not supplied a protocol (http or https), like https://vcenter.example.com", creds.VSphere.URL)
 	}
 
-	return fmt.Sprintf("%s://%s:%s@%s/sdk", parsedURL.Scheme, creds.VSphere.Username, url.QueryEscape(creds.VSphere.Password), parsedURL.Host), nil
+	return fmt.Sprintf("%s://%s:%s@%s/sdk", parsedURL.Scheme, url.QueryEscape(creds.VSphere.Username), url.QueryEscape(creds.VSphere.Password), parsedURL.Host), nil
 }
diff --git a/vmlifecycle/configfetchers/initialize_test.go b/vmlifecycle/configfetchers/initialize_test.go
@@ -280,6 +280,39 @@ var _ = Describe("selects the correct config fetcher based on the state file", f
 			})
 		})
 
+		When("the username and password include URI-reserved characters", func() {
+			It("URI-encodes them for use in requests in the fetcher", func() {
+				state := &vmmanagers.StateInfo{
+					IAAS: "vsphere",
+					ID:   "/DC0/vm/DC0_H0_VM0",
+				}
+
+				model := simulator.VPX()
+				err := model.Create()
+				Expect(err).ToNot(HaveOccurred())
+
+				model.Service.TLS = nil
+				s := model.Service.NewServer()
+				defer s.Close()
+
+				creds := &configfetchers.Credentials{
+					VSphere: &configfetchers.VCenterCredentialsWrapper{
+						VcenterCredential: vmmanagers.VcenterCredential{
+							URL:      s.URL.String(),
+							Username: `some\username`,
+							Password: "some-password-with-ampersand-&",
+						},
+						Insecure: true,
+					},
+				}
+
+				vSphereConfigFetcher, err := configfetchers.NewOpsmanConfigFetcher(state, creds)
+				Expect(err).ToNot(HaveOccurred())
+
+				Expect(reflect.TypeOf(vSphereConfigFetcher)).To(Equal(reflect.TypeOf(&configfetchers.VSphereConfigFetcher{})))
+			})
+		})
+
 		When("the insecure value is set to false and the server url is https", func() {
 			It("does not return an error", func() {
 				state := &vmmanagers.StateInfo{