validation

piotrjanik · piotrjanik · commit 26f3bf2dd686 · 2026-04-10T00:08:24.000+02:00
Signed-off-by: Piotr Janik &lt;piotr.janik@sap.com&gt;
diff --git a/api/oci/config/httpconfig_test.go b/api/oci/config/httpconfig_test.go
@@ -128,21 +128,64 @@ configurations:
 				&config.HTTPConfig{HTTPSettings: cpi.HTTPSettings{IdleConnTimeout: dur("-5m")}}),
 		)
 
-		It("allows -1 tcpKeepAlive to disable keep-alive probes", func() {
+		It("allows negative tcpKeepAlive to disable keep-alive probes", func() {
 			ctx := cpi.New()
 			cfg := &config.HTTPConfig{HTTPSettings: cpi.HTTPSettings{TCPKeepAlive: dur("-1s")}}
 			Expect(cfg.ApplyTo(ctx.ConfigContext(), ctx)).To(Succeed())
 			g := MustGetHTTPSettings(ctx)
 			Expect(g.TCPKeepAlive.TimeDuration()).To(HaveValue(Equal(-1 * time.Second)))
 		})
 
-		It("rejects tcpKeepAlive values more negative than -1", func() {
-			ctx := cpi.New()
-			cfg := &config.HTTPConfig{HTTPSettings: cpi.HTTPSettings{TCPKeepAlive: dur("-2s")}}
-			Expect(cfg.ApplyTo(ctx.ConfigContext(), ctx)).To(MatchError(
-				ContainSubstring("invalid value for tcpKeepAlive"),
-			))
-		})
+		DescribeTable("accepts compound duration like 1h5s",
+			func(cfg *config.HTTPConfig) {
+				ctx := cpi.New()
+				Expect(cfg.ApplyTo(ctx.ConfigContext(), ctx)).To(Succeed())
+			},
+			Entry("timeout", &config.HTTPConfig{HTTPSettings: cpi.HTTPSettings{Timeout: dur("1h5s")}}),
+			Entry("tcpDialTimeout", &config.HTTPConfig{HTTPSettings: cpi.HTTPSettings{TCPDialTimeout: dur("1h5s")}}),
+			Entry("tcpKeepAlive", &config.HTTPConfig{HTTPSettings: cpi.HTTPSettings{TCPKeepAlive: dur("1h5s")}}),
+			Entry("tlsHandshakeTimeout", &config.HTTPConfig{HTTPSettings: cpi.HTTPSettings{TLSHandshakeTimeout: dur("1h5s")}}),
+			Entry("responseHeaderTimeout", &config.HTTPConfig{HTTPSettings: cpi.HTTPSettings{ResponseHeaderTimeout: dur("1h5s")}}),
+			Entry("idleConnTimeout", &config.HTTPConfig{HTTPSettings: cpi.HTTPSettings{IdleConnTimeout: dur("1h5s")}}),
+		)
+
+		DescribeTable("rejects negative compound duration -10h5m",
+			func(field string, cfg *config.HTTPConfig) {
+				ctx := cpi.New()
+				Expect(cfg.ApplyTo(ctx.ConfigContext(), ctx)).To(MatchError(
+					ContainSubstring("invalid value for " + field),
+				))
+			},
+			Entry("timeout", "timeout",
+				&config.HTTPConfig{HTTPSettings: cpi.HTTPSettings{Timeout: dur("-10h5m")}}),
+			Entry("tcpDialTimeout", "tcpDialTimeout",
+				&config.HTTPConfig{HTTPSettings: cpi.HTTPSettings{TCPDialTimeout: dur("-10h5m")}}),
+			Entry("tlsHandshakeTimeout", "tlsHandshakeTimeout",
+				&config.HTTPConfig{HTTPSettings: cpi.HTTPSettings{TLSHandshakeTimeout: dur("-10h5m")}}),
+			Entry("responseHeaderTimeout", "responseHeaderTimeout",
+				&config.HTTPConfig{HTTPSettings: cpi.HTTPSettings{ResponseHeaderTimeout: dur("-10h5m")}}),
+			Entry("idleConnTimeout", "idleConnTimeout",
+				&config.HTTPConfig{HTTPSettings: cpi.HTTPSettings{IdleConnTimeout: dur("-10h5m")}}),
+		)
+
+		DescribeTable("rejects -10s",
+			func(field string, cfg *config.HTTPConfig) {
+				ctx := cpi.New()
+				Expect(cfg.ApplyTo(ctx.ConfigContext(), ctx)).To(MatchError(
+					ContainSubstring("invalid value for " + field),
+				))
+			},
+			Entry("timeout", "timeout",
+				&config.HTTPConfig{HTTPSettings: cpi.HTTPSettings{Timeout: dur("-10s")}}),
+			Entry("tcpDialTimeout", "tcpDialTimeout",
+				&config.HTTPConfig{HTTPSettings: cpi.HTTPSettings{TCPDialTimeout: dur("-10s")}}),
+			Entry("tlsHandshakeTimeout", "tlsHandshakeTimeout",
+				&config.HTTPConfig{HTTPSettings: cpi.HTTPSettings{TLSHandshakeTimeout: dur("-10s")}}),
+			Entry("responseHeaderTimeout", "responseHeaderTimeout",
+				&config.HTTPConfig{HTTPSettings: cpi.HTTPSettings{ResponseHeaderTimeout: dur("-10s")}}),
+			Entry("idleConnTimeout", "idleConnTimeout",
+				&config.HTTPConfig{HTTPSettings: cpi.HTTPSettings{IdleConnTimeout: dur("-10s")}}),
+		)
 
 		It("default settings are nil", func() {
 			g := MustGetHTTPSettings(cpi.New())
diff --git a/api/oci/extensions/repositories/ocireg/timeout_integration_test.go b/api/oci/extensions/repositories/ocireg/timeout_integration_test.go
@@ -66,11 +66,11 @@ var _ = Describe("Registry timeout:", Ordered, func() {
 		Expect(err).To(Succeed(), "failed to start toxiproxy container")
 
 		host, port, err := toxiContainer.ProxiedEndpoint(8666)
-		Expect(err).To(Succeed())
+		Expect(err).ToNot(HaveOccurred())
 		proxyHost = fmt.Sprintf("%s:%s", host, port)
 
 		uri, err := toxiContainer.URI(ctx)
-		Expect(err).To(Succeed())
+		Expect(err).ToNot(HaveOccurred())
 		toxiClient := toxiproxy.NewClient(uri)
 		proxy, err = toxiClient.Proxy(proxyName)
 		Expect(err).To(Succeed(), "failed to get toxiproxy proxy")
@@ -218,7 +218,7 @@ func addLatency(proxy *toxiproxy.Proxy, latencyMs int, stream string) {
 	_, err := proxy.AddToxic("latency", "latency", stream, 1.0, toxiproxy.Attributes{
 		"latency": latencyMs,
 	})
-	Expect(err).To(Succeed())
+	Expect(err).ToNot(HaveOccurred())
 }
 
 func removeToxic(proxy *toxiproxy.Proxy, name string) {
diff --git a/api/oci/internal/httpsettings.go b/api/oci/internal/httpsettings.go
@@ -3,7 +3,6 @@ package internal
 import (
 	"encoding/json"
 	"fmt"
-	"strings"
 	"time"
 )
 
@@ -39,26 +38,16 @@ func (d *Duration) TimeDuration() (*time.Duration, error) {
 	return &pd, nil
 }
 
-// nonNegative requires the duration to be zero or positive.
-func nonNegative(d Duration) bool {
-	return !strings.HasPrefix(string(d), "-")
-}
-
-// nonNegativeOrMinusOne requires the duration to be zero, positive,
-// or -1 (to disable keep-alive probes).
-func nonNegativeOrMinusOne(d Duration) bool {
-	return !strings.HasPrefix(string(d), "-") || strings.HasPrefix(string(d), "-1")
-}
-
-func validateDuration(name string, d *Duration, valid func(Duration) bool) error {
+func validateNonNegative(name string, d *Duration) error {
 	if d == nil {
 		return nil
 	}
-	if _, err := d.TimeDuration(); err != nil {
+	td, err := d.TimeDuration()
+	if err != nil {
 		return err
 	}
-	if !valid(*d) {
-		return fmt.Errorf("invalid value for %s: %s", name, string(*d))
+	if td != nil && *td < 0 {
+		return fmt.Errorf("invalid value for %s: %s, must be zero or positive", name, string(*d))
 	}
 	return nil
 }
@@ -82,7 +71,8 @@ type HTTPSettings struct {
 	TCPDialTimeout *Duration `json:"tcpDialTimeout,omitempty"`
 
 	// TCPKeepAlive is the interval between TCP keep-alive probes.
-	// Use -1 to disable keep-alive probes.
+	// If zero, probes are sent with a default value (currently 15 seconds).
+	// If negative, keep-alive probes are disabled.
 	TCPKeepAlive *Duration `json:"tcpKeepAlive,omitempty"`
 
 	// TLSHandshakeTimeout is the maximum time to wait for a TLS handshake.
@@ -96,22 +86,20 @@ type HTTPSettings struct {
 }
 
 // Validate checks that timeout values are non-negative.
-// TCPKeepAlive additionally allows -1 to disable keep-alive probes
-// (consistent with Go's net.Dialer.KeepAlive).
+// TCPKeepAlive is not validated because any negative value
+// disables keep-alive probes (consistent with Go's net.Dialer.KeepAlive).
 func (s *HTTPSettings) Validate() error {
 	for _, check := range []struct {
-		name  string
-		val   *Duration
-		valid func(Duration) bool
+		name string
+		val  *Duration
 	}{
-		{"timeout", s.Timeout, nonNegative},
-		{"tcpDialTimeout", s.TCPDialTimeout, nonNegative},
-		{"tcpKeepAlive", s.TCPKeepAlive, nonNegativeOrMinusOne},
-		{"tlsHandshakeTimeout", s.TLSHandshakeTimeout, nonNegative},
-		{"responseHeaderTimeout", s.ResponseHeaderTimeout, nonNegative},
-		{"idleConnTimeout", s.IdleConnTimeout, nonNegative},
+		{"timeout", s.Timeout},
+		{"tcpDialTimeout", s.TCPDialTimeout},
+		{"tlsHandshakeTimeout", s.TLSHandshakeTimeout},
+		{"responseHeaderTimeout", s.ResponseHeaderTimeout},
+		{"idleConnTimeout", s.IdleConnTimeout},
 	} {
-		if err := validateDuration(check.name, check.val, check.valid); err != nil {
+		if err := validateNonNegative(check.name, check.val); err != nil {
 			return err
 		}
 	}
