diff --git a/pkg/object/objmetadata.go b/pkg/object/objmetadata.go index 79c70c6..484ff96 100644 --- a/pkg/object/objmetadata.go +++ b/pkg/object/objmetadata.go @@ -28,7 +28,6 @@ import ( "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apimachinery/pkg/util/validation" "k8s.io/cli-runtime/pkg/resource" ) @@ -72,11 +71,6 @@ func CreateObjMetadata(namespace string, name string, gk schema.GroupKind) (ObjM if name == "" { return ObjMetadata{}, fmt.Errorf("empty name for object") } - // Manually validate name, since by the time k8s reports the error - // the invalid name has already been encoded into the inventory object. - if !validateNameChars(name, gk) { - return ObjMetadata{}, fmt.Errorf("invalid characters in object name: %s", name) - } if gk.Empty() { return ObjMetadata{}, fmt.Errorf("empty GroupKind for object") } @@ -87,27 +81,6 @@ func CreateObjMetadata(namespace string, name string, gk schema.GroupKind) (ObjM }, nil } -// validateNameChars returns false if the passed name is not a valid -// resource name; true otherwise. For almost all resources, the following -// characters are allowed: -// -// Most resource types require a name that can be used as a DNS label name -// as defined in RFC 1123. This means the name must: -// -// * contain no more than 253 characters -// * contain only lowercase alphanumeric characters, '-' -// * start with an alphanumeric character -// * end with an alphanumeric character -// -// For RBAC resources we also allow the colon character. -func validateNameChars(name string, gk schema.GroupKind) bool { - if _, exists := RBACGroupKind[gk]; exists { - name = strings.ReplaceAll(name, ":", "") - } - errs := validation.IsDNS1123Subdomain(name) - return len(errs) == 0 -} - // ParseObjMetadata takes a string, splits it into its four fields, // and returns an ObjMetadata struct storing the four fields. // Example inventory string: @@ -143,6 +116,10 @@ func ParseObjMetadata(s string) (ObjMetadata, error) { // Finally, second field name. Name may contain colon transcoded as double underscore. name := s[:index] name = strings.ReplaceAll(name, colonTranscoded, ":") + // Check that there are no extra fields by search for fieldSeparator. + if strings.Contains(name, fieldSeparator) { + return ObjMetadata{}, fmt.Errorf("too many fields within: %s", s) + } // Create the ObjMetadata object from the four parsed fields. gk := schema.GroupKind{ Group: strings.TrimSpace(group), diff --git a/pkg/object/objmetadata_test.go b/pkg/object/objmetadata_test.go index cf6c056..0555cc4 100644 --- a/pkg/object/objmetadata_test.go +++ b/pkg/object/objmetadata_test.go @@ -56,36 +56,6 @@ func TestCreateObjMetadata(t *testing.T) { expected: "", isError: true, }, - "Underscore is invalid name character": { - namespace: "test-namespace", - name: "test_name", // Invalid "_" character - gk: schema.GroupKind{ - Group: "apps", - Kind: "ReplicaSet", - }, - expected: "", - isError: true, - }, - "Name not starting with alphanumeric character is error": { - namespace: "test-namespace", - name: "-test", - gk: schema.GroupKind{ - Group: "apps", - Kind: "ReplicaSet", - }, - expected: "", - isError: true, - }, - "Name not ending with alphanumeric character is error": { - namespace: "test-namespace", - name: "test-", - gk: schema.GroupKind{ - Group: "apps", - Kind: "ReplicaSet", - }, - expected: "", - isError: true, - }, "Colon is allowed in the name for RBAC resources": { namespace: "test-namespace", name: "system::kube-scheduler", @@ -96,16 +66,6 @@ func TestCreateObjMetadata(t *testing.T) { expected: "test-namespace_system____kube-scheduler_rbac.authorization.k8s.io_Role", isError: false, }, - "Colon is not allowed in the name for non-RBAC resources": { - namespace: "test-namespace", - name: "system::kube-scheduler", - gk: schema.GroupKind{ - Group: "", - Kind: "Pod", - }, - expected: "", - isError: true, - }, } for name, tc := range tests {