Skip to content

Commit

Permalink
🐛 Add regex validation for signer (#336)
Browse files Browse the repository at this point in the history
* Add regex validation for signer

Signed-off-by: Jian Qiu <[email protected]>

* do not allow start with -

Signed-off-by: Jian Qiu <[email protected]>

---------

Signed-off-by: Jian Qiu <[email protected]>
  • Loading branch information
qiujian16 authored Jun 13, 2024
1 parent f9e7f50 commit 60a6d04
Show file tree
Hide file tree
Showing 6 changed files with 42 additions and 2 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -314,6 +314,7 @@ spec:
will use to create csr.
maxLength: 571
minLength: 5
pattern: ^([a-z0-9][a-z0-9-]*[a-z0-9]\.)+[a-z]+\/[a-z0-9-\.]+$
type: string
subject:
description: 'subject is the user subject of the addon agent
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -330,6 +330,7 @@ spec:
agent will use to create csr.
maxLength: 571
minLength: 5
pattern: ^([a-z0-9][a-z0-9-]*[a-z0-9]\.)+[a-z]+\/[a-z0-9-\.]+$
type: string
signingCA:
description: 'SigningCA represents the reference of the
Expand Down
1 change: 1 addition & 0 deletions addon/v1alpha1/types_addontemplate.go
Original file line number Diff line number Diff line change
Expand Up @@ -157,6 +157,7 @@ type CustomSignerRegistrationConfig struct {
// +required
// +kubebuilder:validation:MaxLength=571
// +kubebuilder:validation:MinLength=5
// +kubebuilder:validation:Pattern=^([a-z0-9][a-z0-9-]*[a-z0-9]\.)+[a-z]+\/[a-z0-9-\.]+$
SignerName string `json:"signerName"`

// Subject is the user subject of the addon agent to be registered to the hub.
Expand Down
1 change: 1 addition & 0 deletions addon/v1alpha1/types_managedclusteraddon.go
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,7 @@ type RegistrationConfig struct {
// +required
// +kubebuilder:validation:MaxLength=571
// +kubebuilder:validation:MinLength=5
// +kubebuilder:validation:Pattern=^([a-z0-9][a-z0-9-]*[a-z0-9]\.)+[a-z]+\/[a-z0-9-\.]+$
SignerName string `json:"signerName"`

// subject is the user subject of the addon agent to be registered to the hub.
Expand Down
2 changes: 1 addition & 1 deletion test/integration-test.mk
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ TEST_TMP :=/tmp

export KUBEBUILDER_ASSETS ?=$(TEST_TMP)/kubebuilder/bin

K8S_VERSION ?=1.23.1
K8S_VERSION ?=1.29.3
GOHOSTOS ?=$(shell go env GOHOSTOS)
GOHOSTARCH =amd64
KB_TOOLS_ARCHIVE_NAME :=kubebuilder-tools-$(K8S_VERSION)-$(GOHOSTOS)-$(GOHOSTARCH).tar.gz
Expand Down
38 changes: 37 additions & 1 deletion test/integration/api/managedclusteraddon_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -107,7 +107,7 @@ var _ = ginkgo.Describe("ManagedClusterAddOn API test", func() {

mca.Status.Registrations = []addonv1alpha1.RegistrationConfig{
{
SignerName: "addontest",
SignerName: "open-cluster-management.io/addontest",
},
}

Expand All @@ -119,6 +119,42 @@ var _ = ginkgo.Describe("ManagedClusterAddOn API test", func() {
gomega.Expect(err).ToNot(gomega.HaveOccurred())
})

ginkgo.It("Update failed with wrong signer name in the ManagedClusterAddOn", func() {
managedClusterAddOn := &addonv1alpha1.ManagedClusterAddOn{
ObjectMeta: metav1.ObjectMeta{
Name: managedClusterAddOnName,
},
Spec: addonv1alpha1.ManagedClusterAddOnSpec{},
}

_, err := hubAddonClient.AddonV1alpha1().ManagedClusterAddOns(testNamespace).Create(
context.TODO(),
managedClusterAddOn,
metav1.CreateOptions{},
)
gomega.Expect(err).ToNot(gomega.HaveOccurred())

mca, err := hubAddonClient.AddonV1alpha1().ManagedClusterAddOns(testNamespace).Get(
context.TODO(),
managedClusterAddOnName,
metav1.GetOptions{},
)
gomega.Expect(err).ToNot(gomega.HaveOccurred())

mca.Status.Registrations = []addonv1alpha1.RegistrationConfig{
{
SignerName: "addontest",
},
}

_, err = hubAddonClient.AddonV1alpha1().ManagedClusterAddOns(testNamespace).UpdateStatus(
context.TODO(),
mca,
metav1.UpdateOptions{},
)
gomega.Expect(err).To(gomega.HaveOccurred())
})

ginkgo.It("Should update the ManagedClusterAddOn status with config", func() {
managedClusterAddOn := &addonv1alpha1.ManagedClusterAddOn{
ObjectMeta: metav1.ObjectMeta{
Expand Down

0 comments on commit 60a6d04

Please sign in to comment.