Skip to content

Commit

Permalink
fix: add name validation for custom resource templates
Browse files Browse the repository at this point in the history
This further propagates the label constraints of Linode resources to their
associated CustomResourceDefinition templates via the Kubernetes Validation
Rules feature.
  • Loading branch information
cbang-akamai committed Mar 28, 2024
1 parent d76d945 commit f53293a
Show file tree
Hide file tree
Showing 3 changed files with 51 additions and 0 deletions.
12 changes: 12 additions & 0 deletions config/crd/kustomization.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -43,12 +43,24 @@ patches:
kind: CustomResourceDefinition
name: linodeclusters.infrastructure.cluster.x-k8s.io
path: patches/validation_in_linodeclusters.yaml
- target:
group: apiextensions.k8s.io
version: v1
kind: CustomResourceDefinition
name: linodeclustertemplates.infrastructure.cluster.x-k8s.io
path: patches/validation_in_linodeclustertemplates.yaml
- target:
group: apiextensions.k8s.io
version: v1
kind: CustomResourceDefinition
name: linodemachines.infrastructure.cluster.x-k8s.io
path: patches/validation_in_linodemachines.yaml
- target:
group: apiextensions.k8s.io
version: v1
kind: CustomResourceDefinition
name: linodemachinetemplates.infrastructure.cluster.x-k8s.io
path: patches/validation_in_linodemachinetemplates.yaml
- target:
group: apiextensions.k8s.io
version: v1
Expand Down
12 changes: 12 additions & 0 deletions config/crd/patches/validation_in_linodeclustertemplates.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
# The following patch adds additional constraints after the built-in name validation for the CRD
- op: add
path: /spec/versions/0/schema/openAPIV3Schema/properties/metadata/properties
value:
name:
type: string
x-kubernetes-validations:
- rule: 3 <= size(self) && size(self) <= 26
message: >-
custom validation:
template: must be between 3..26 characters,
linode nodebalancer: labels must be between 3..32 characters
27 changes: 27 additions & 0 deletions config/crd/patches/validation_in_linodemachinetemplates.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
# The following patch adds additional constraints after the built-in name validation for the CRD
- op: add
path: /spec/versions/0/schema/openAPIV3Schema/properties/metadata/properties
value:
name:
type: string
x-kubernetes-validations:
- rule: 3 <= size(self) && size(self) <= 58
message: >-
custom validation:
template: must be between 3..58 characters,
linode instance: labels must be between 3..64 characters
- rule: self.matches('^[[:alnum:]]([-_.[:alnum:]]+[[:alnum:]])*$')
message: >-
custom validation:
linode instance: labels:
must begin and end with an alphanumeric character,
may only consist of alphanumeric characters, hyphens (-), underscores (_) or periods (.),
cannot have two hyphens (--), underscores (__) or periods (..) in a row,
regex used for validation is: '^[[:alnum:]]([-_.[:alnum:]]+[[:alnum:]])*$',
see: https://www.linode.com/docs/api/linode-instances/#linode-create
# TODO: Consider combining this into the regex above to minimize time complexity
# See: https://github.com/google/cel-spec/blob/master/doc/langdef.md#time-complexity
- rule: "!(self.contains('--') || self.contains('__') || self.contains('..'))"
message: >-
custom validation:
linode instance: labels cannot have two hyphens (--), underscores (__) or periods (..) in a row

0 comments on commit f53293a

Please sign in to comment.