Skip to content

Commit

Permalink
fix: limit length of ExpansionTemplate names to <64 (#3078)
Browse files Browse the repository at this point in the history
Signed-off-by: davis-haba <davishaba@google.com>
Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
Signed-off-by: Sertaç Özercan <852750+sozercan@users.noreply.github.com>
Co-authored-by: alex <8968914+acpana@users.noreply.github.com>
Co-authored-by: Rita Zhang <rita.z.zhang@gmail.com>
Co-authored-by: Sertaç Özercan <852750+sozercan@users.noreply.github.com>
  • Loading branch information
4 people authored Oct 24, 2023
1 parent 1f6cd33 commit 9f2e69f
Show file tree
Hide file tree
Showing 5 changed files with 35 additions and 0 deletions.
6 changes: 6 additions & 0 deletions config/crd/kustomization.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,12 @@ patchesJson6902:
kind: CustomResourceDefinition
name: assignimage.mutations.gatekeeper.sh
path: patches/max_name_size.yaml
- target:
group: apiextensions.k8s.io
version: v1
kind: CustomResourceDefinition
name: expansiontemplate.expansion.gatekeeper.sh
path: patches/max_name_size.yaml

patchesStrategicMerge:
#- patches/max_name_size_for_modifyset.yaml
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,10 @@ spec:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
properties:
name:
maxLength: 63
type: string
type: object
spec:
description: ExpansionTemplateSpec defines the desired state of ExpansionTemplate.
Expand Down
4 changes: 4 additions & 0 deletions manifest_staging/deploy/gatekeeper.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2311,6 +2311,10 @@ spec:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
properties:
name:
maxLength: 63
type: string
type: object
spec:
description: ExpansionTemplateSpec defines the desired state of ExpansionTemplate.
Expand Down
3 changes: 3 additions & 0 deletions pkg/expansion/system.go
Original file line number Diff line number Diff line change
Expand Up @@ -85,6 +85,9 @@ func ValidateTemplate(template *expansionunversioned.ExpansionTemplate) error {
if k == "" {
return fmt.Errorf("ExpansionTemplate has empty name field")
}
if len(k) >= 64 {
return fmt.Errorf("ExpansionTemplate name must be less than 64 characters")
}
if template.Spec.TemplateSource == "" {
return fmt.Errorf("ExpansionTemplate %s has empty source field", k)
}
Expand Down
18 changes: 18 additions & 0 deletions pkg/expansion/system_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -336,6 +336,24 @@ func TestValidateTemplate(t *testing.T) {
}),
errFn: matchErr("empty name"),
},
{
name: "name too long",
temp: *fixtures.NewTemplate(&fixtures.TemplateData{
Name: "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
Apply: []match.ApplyTo{{
Groups: []string{"apps"},
Kinds: []string{"Deployment"},
Versions: []string{"v1"},
}},
Source: "spec.template",
GenGVK: expansionunversioned.GeneratedGVK{
Group: "",
Version: "v1",
Kind: "Pod",
},
}),
errFn: matchErr("less than 64"),
},
{
name: "missing source",
temp: *fixtures.NewTemplate(&fixtures.TemplateData{
Expand Down

0 comments on commit 9f2e69f

Please sign in to comment.