From 60a6d0484b69332d0e1d86be62ec97655a287571 Mon Sep 17 00:00:00 2001 From: Jian Qiu Date: Thu, 13 Jun 2024 15:42:42 +0800 Subject: [PATCH] =?UTF-8?q?=F0=9F=90=9B=20Add=20regex=20validation=20for?= =?UTF-8?q?=20signer=20(#336)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Add regex validation for signer Signed-off-by: Jian Qiu * do not allow start with - Signed-off-by: Jian Qiu --------- Signed-off-by: Jian Qiu --- ...anagement.io_managedclusteraddons.crd.yaml | 1 + ...ster-management.io_addontemplates.crd.yaml | 1 + addon/v1alpha1/types_addontemplate.go | 1 + addon/v1alpha1/types_managedclusteraddon.go | 1 + test/integration-test.mk | 2 +- .../api/managedclusteraddon_test.go | 38 ++++++++++++++++++- 6 files changed, 42 insertions(+), 2 deletions(-) diff --git a/addon/v1alpha1/0000_01_addon.open-cluster-management.io_managedclusteraddons.crd.yaml b/addon/v1alpha1/0000_01_addon.open-cluster-management.io_managedclusteraddons.crd.yaml index cc9a3d052..5276acd65 100644 --- a/addon/v1alpha1/0000_01_addon.open-cluster-management.io_managedclusteraddons.crd.yaml +++ b/addon/v1alpha1/0000_01_addon.open-cluster-management.io_managedclusteraddons.crd.yaml @@ -314,6 +314,7 @@ spec: will use to create csr. maxLength: 571 minLength: 5 + pattern: ^([a-z0-9][a-z0-9-]*[a-z0-9]\.)+[a-z]+\/[a-z0-9-\.]+$ type: string subject: description: 'subject is the user subject of the addon agent diff --git a/addon/v1alpha1/0000_03_addon.open-cluster-management.io_addontemplates.crd.yaml b/addon/v1alpha1/0000_03_addon.open-cluster-management.io_addontemplates.crd.yaml index 898dadbab..c9aaf69c2 100644 --- a/addon/v1alpha1/0000_03_addon.open-cluster-management.io_addontemplates.crd.yaml +++ b/addon/v1alpha1/0000_03_addon.open-cluster-management.io_addontemplates.crd.yaml @@ -330,6 +330,7 @@ spec: agent will use to create csr. maxLength: 571 minLength: 5 + pattern: ^([a-z0-9][a-z0-9-]*[a-z0-9]\.)+[a-z]+\/[a-z0-9-\.]+$ type: string signingCA: description: 'SigningCA represents the reference of the diff --git a/addon/v1alpha1/types_addontemplate.go b/addon/v1alpha1/types_addontemplate.go index a373c6c36..bf9a7ef47 100644 --- a/addon/v1alpha1/types_addontemplate.go +++ b/addon/v1alpha1/types_addontemplate.go @@ -157,6 +157,7 @@ type CustomSignerRegistrationConfig struct { // +required // +kubebuilder:validation:MaxLength=571 // +kubebuilder:validation:MinLength=5 + // +kubebuilder:validation:Pattern=^([a-z0-9][a-z0-9-]*[a-z0-9]\.)+[a-z]+\/[a-z0-9-\.]+$ SignerName string `json:"signerName"` // Subject is the user subject of the addon agent to be registered to the hub. diff --git a/addon/v1alpha1/types_managedclusteraddon.go b/addon/v1alpha1/types_managedclusteraddon.go index 9d7b11d11..82ad206c5 100644 --- a/addon/v1alpha1/types_managedclusteraddon.go +++ b/addon/v1alpha1/types_managedclusteraddon.go @@ -56,6 +56,7 @@ type RegistrationConfig struct { // +required // +kubebuilder:validation:MaxLength=571 // +kubebuilder:validation:MinLength=5 + // +kubebuilder:validation:Pattern=^([a-z0-9][a-z0-9-]*[a-z0-9]\.)+[a-z]+\/[a-z0-9-\.]+$ SignerName string `json:"signerName"` // subject is the user subject of the addon agent to be registered to the hub. diff --git a/test/integration-test.mk b/test/integration-test.mk index 6794660e3..8c7b6540f 100644 --- a/test/integration-test.mk +++ b/test/integration-test.mk @@ -2,7 +2,7 @@ TEST_TMP :=/tmp export KUBEBUILDER_ASSETS ?=$(TEST_TMP)/kubebuilder/bin -K8S_VERSION ?=1.23.1 +K8S_VERSION ?=1.29.3 GOHOSTOS ?=$(shell go env GOHOSTOS) GOHOSTARCH =amd64 KB_TOOLS_ARCHIVE_NAME :=kubebuilder-tools-$(K8S_VERSION)-$(GOHOSTOS)-$(GOHOSTARCH).tar.gz diff --git a/test/integration/api/managedclusteraddon_test.go b/test/integration/api/managedclusteraddon_test.go index 3e9128324..576577594 100644 --- a/test/integration/api/managedclusteraddon_test.go +++ b/test/integration/api/managedclusteraddon_test.go @@ -107,7 +107,7 @@ var _ = ginkgo.Describe("ManagedClusterAddOn API test", func() { mca.Status.Registrations = []addonv1alpha1.RegistrationConfig{ { - SignerName: "addontest", + SignerName: "open-cluster-management.io/addontest", }, } @@ -119,6 +119,42 @@ var _ = ginkgo.Describe("ManagedClusterAddOn API test", func() { gomega.Expect(err).ToNot(gomega.HaveOccurred()) }) + ginkgo.It("Update failed with wrong signer name in the ManagedClusterAddOn", func() { + managedClusterAddOn := &addonv1alpha1.ManagedClusterAddOn{ + ObjectMeta: metav1.ObjectMeta{ + Name: managedClusterAddOnName, + }, + Spec: addonv1alpha1.ManagedClusterAddOnSpec{}, + } + + _, err := hubAddonClient.AddonV1alpha1().ManagedClusterAddOns(testNamespace).Create( + context.TODO(), + managedClusterAddOn, + metav1.CreateOptions{}, + ) + gomega.Expect(err).ToNot(gomega.HaveOccurred()) + + mca, err := hubAddonClient.AddonV1alpha1().ManagedClusterAddOns(testNamespace).Get( + context.TODO(), + managedClusterAddOnName, + metav1.GetOptions{}, + ) + gomega.Expect(err).ToNot(gomega.HaveOccurred()) + + mca.Status.Registrations = []addonv1alpha1.RegistrationConfig{ + { + SignerName: "addontest", + }, + } + + _, err = hubAddonClient.AddonV1alpha1().ManagedClusterAddOns(testNamespace).UpdateStatus( + context.TODO(), + mca, + metav1.UpdateOptions{}, + ) + gomega.Expect(err).To(gomega.HaveOccurred()) + }) + ginkgo.It("Should update the ManagedClusterAddOn status with config", func() { managedClusterAddOn := &addonv1alpha1.ManagedClusterAddOn{ ObjectMeta: metav1.ObjectMeta{