From f53293a616d58b54eda407f2caa4438a75a68176 Mon Sep 17 00:00:00 2001 From: Cindy Bang Date: Wed, 27 Mar 2024 14:00:00 -0400 Subject: [PATCH] fix: add name validation for custom resource templates This further propagates the label constraints of Linode resources to their associated CustomResourceDefinition templates via the Kubernetes Validation Rules feature. --- config/crd/kustomization.yaml | 12 +++++++++ .../validation_in_linodeclustertemplates.yaml | 12 +++++++++ .../validation_in_linodemachinetemplates.yaml | 27 +++++++++++++++++++ 3 files changed, 51 insertions(+) create mode 100644 config/crd/patches/validation_in_linodeclustertemplates.yaml create mode 100644 config/crd/patches/validation_in_linodemachinetemplates.yaml diff --git a/config/crd/kustomization.yaml b/config/crd/kustomization.yaml index b157b0957..c5cefd0e0 100644 --- a/config/crd/kustomization.yaml +++ b/config/crd/kustomization.yaml @@ -43,12 +43,24 @@ patches: kind: CustomResourceDefinition name: linodeclusters.infrastructure.cluster.x-k8s.io path: patches/validation_in_linodeclusters.yaml +- target: + group: apiextensions.k8s.io + version: v1 + kind: CustomResourceDefinition + name: linodeclustertemplates.infrastructure.cluster.x-k8s.io + path: patches/validation_in_linodeclustertemplates.yaml - target: group: apiextensions.k8s.io version: v1 kind: CustomResourceDefinition name: linodemachines.infrastructure.cluster.x-k8s.io path: patches/validation_in_linodemachines.yaml +- target: + group: apiextensions.k8s.io + version: v1 + kind: CustomResourceDefinition + name: linodemachinetemplates.infrastructure.cluster.x-k8s.io + path: patches/validation_in_linodemachinetemplates.yaml - target: group: apiextensions.k8s.io version: v1 diff --git a/config/crd/patches/validation_in_linodeclustertemplates.yaml b/config/crd/patches/validation_in_linodeclustertemplates.yaml new file mode 100644 index 000000000..a84f9c7cd --- /dev/null +++ b/config/crd/patches/validation_in_linodeclustertemplates.yaml @@ -0,0 +1,12 @@ +# The following patch adds additional constraints after the built-in name validation for the CRD +- op: add + path: /spec/versions/0/schema/openAPIV3Schema/properties/metadata/properties + value: + name: + type: string + x-kubernetes-validations: + - rule: 3 <= size(self) && size(self) <= 26 + message: >- + custom validation: + template: must be between 3..26 characters, + linode nodebalancer: labels must be between 3..32 characters diff --git a/config/crd/patches/validation_in_linodemachinetemplates.yaml b/config/crd/patches/validation_in_linodemachinetemplates.yaml new file mode 100644 index 000000000..8e8c75eac --- /dev/null +++ b/config/crd/patches/validation_in_linodemachinetemplates.yaml @@ -0,0 +1,27 @@ +# The following patch adds additional constraints after the built-in name validation for the CRD +- op: add + path: /spec/versions/0/schema/openAPIV3Schema/properties/metadata/properties + value: + name: + type: string + x-kubernetes-validations: + - rule: 3 <= size(self) && size(self) <= 58 + message: >- + custom validation: + template: must be between 3..58 characters, + linode instance: labels must be between 3..64 characters + - rule: self.matches('^[[:alnum:]]([-_.[:alnum:]]+[[:alnum:]])*$') + message: >- + custom validation: + linode instance: labels: + must begin and end with an alphanumeric character, + may only consist of alphanumeric characters, hyphens (-), underscores (_) or periods (.), + cannot have two hyphens (--), underscores (__) or periods (..) in a row, + regex used for validation is: '^[[:alnum:]]([-_.[:alnum:]]+[[:alnum:]])*$', + see: https://www.linode.com/docs/api/linode-instances/#linode-create + # TODO: Consider combining this into the regex above to minimize time complexity + # See: https://github.com/google/cel-spec/blob/master/doc/langdef.md#time-complexity + - rule: "!(self.contains('--') || self.contains('__') || self.contains('..'))" + message: >- + custom validation: + linode instance: labels cannot have two hyphens (--), underscores (__) or periods (..) in a row