Remove special-case object name validation

This commit is contained in:
Sean Sullivan 2021-02-02 10:31:53 -08:00
parent 152b41c82b
commit 5af6137d68
2 changed files with 4 additions and 67 deletions

View File

@ -28,7 +28,6 @@ import (
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/runtime/schema"
"k8s.io/apimachinery/pkg/util/validation"
"k8s.io/cli-runtime/pkg/resource"
)
@ -72,11 +71,6 @@ func CreateObjMetadata(namespace string, name string, gk schema.GroupKind) (ObjM
if name == "" {
return ObjMetadata{}, fmt.Errorf("empty name for object")
}
// Manually validate name, since by the time k8s reports the error
// the invalid name has already been encoded into the inventory object.
if !validateNameChars(name, gk) {
return ObjMetadata{}, fmt.Errorf("invalid characters in object name: %s", name)
}
if gk.Empty() {
return ObjMetadata{}, fmt.Errorf("empty GroupKind for object")
}
@ -87,27 +81,6 @@ func CreateObjMetadata(namespace string, name string, gk schema.GroupKind) (ObjM
}, nil
}
// validateNameChars returns false if the passed name is not a valid
// resource name; true otherwise. For almost all resources, the following
// characters are allowed:
//
// Most resource types require a name that can be used as a DNS label name
// as defined in RFC 1123. This means the name must:
//
// * contain no more than 253 characters
// * contain only lowercase alphanumeric characters, '-'
// * start with an alphanumeric character
// * end with an alphanumeric character
//
// For RBAC resources we also allow the colon character.
func validateNameChars(name string, gk schema.GroupKind) bool {
if _, exists := RBACGroupKind[gk]; exists {
name = strings.ReplaceAll(name, ":", "")
}
errs := validation.IsDNS1123Subdomain(name)
return len(errs) == 0
}
// ParseObjMetadata takes a string, splits it into its four fields,
// and returns an ObjMetadata struct storing the four fields.
// Example inventory string:
@ -143,6 +116,10 @@ func ParseObjMetadata(s string) (ObjMetadata, error) {
// Finally, second field name. Name may contain colon transcoded as double underscore.
name := s[:index]
name = strings.ReplaceAll(name, colonTranscoded, ":")
// Check that there are no extra fields by search for fieldSeparator.
if strings.Contains(name, fieldSeparator) {
return ObjMetadata{}, fmt.Errorf("too many fields within: %s", s)
}
// Create the ObjMetadata object from the four parsed fields.
gk := schema.GroupKind{
Group: strings.TrimSpace(group),

View File

@ -56,36 +56,6 @@ func TestCreateObjMetadata(t *testing.T) {
expected: "",
isError: true,
},
"Underscore is invalid name character": {
namespace: "test-namespace",
name: "test_name", // Invalid "_" character
gk: schema.GroupKind{
Group: "apps",
Kind: "ReplicaSet",
},
expected: "",
isError: true,
},
"Name not starting with alphanumeric character is error": {
namespace: "test-namespace",
name: "-test",
gk: schema.GroupKind{
Group: "apps",
Kind: "ReplicaSet",
},
expected: "",
isError: true,
},
"Name not ending with alphanumeric character is error": {
namespace: "test-namespace",
name: "test-",
gk: schema.GroupKind{
Group: "apps",
Kind: "ReplicaSet",
},
expected: "",
isError: true,
},
"Colon is allowed in the name for RBAC resources": {
namespace: "test-namespace",
name: "system::kube-scheduler",
@ -96,16 +66,6 @@ func TestCreateObjMetadata(t *testing.T) {
expected: "test-namespace_system____kube-scheduler_rbac.authorization.k8s.io_Role",
isError: false,
},
"Colon is not allowed in the name for non-RBAC resources": {
namespace: "test-namespace",
name: "system::kube-scheduler",
gk: schema.GroupKind{
Group: "",
Kind: "Pod",
},
expected: "",
isError: true,
},
}
for name, tc := range tests {