Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add validation to TargetPath and ValuesKey #520

Merged
merged 1 commit into from
Aug 17, 2022
Merged

Add validation to TargetPath and ValuesKey #520

merged 1 commit into from
Aug 17, 2022

Conversation

pjbgf
Copy link
Member

@pjbgf pjbgf commented Aug 16, 2022
edited
Loading

Formalises the API requirements around TargetPath and ValuesKey,
which were the two fields missing validation within ValuesReference.
In both cases the validation was introduced at CRD level, so that
the apiserver will enforce it.

ValuesKey must be a valid Data Key. Therefore the same logic used by
upstream Kubernetes is reused here to ensure a valid key is being used.

For TargetPath a loose regex is being used to largely represent the
expected format. A max length of 250 is now being enforced.

This is a breaking change, as invalid TargetPath and ValuesKey will now
be rejected by the apiserver, instead of being accepted and potentially
failing at reconciliation time.

stefanprodan
stefanprodan reviewed Aug 16, 2022
View reviewed changes
controllers/helmrelease_controller.go Outdated
@@ -65,6 +67,11 @@ import (
"github.com/fluxcd/helm-controller/internal/util"
)

var (
targetPathMaxLen = 250
targetPathRegex = regexp.MustCompilePOSIX(`^([a-zA-Z0-9_.\\\/]|\[[0-9]{1,5}\])+$`)
Copy link
Member

@stefanprodan stefanprodan Aug 16, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We could set these in the CRD as kubebuilder annotations, for the Kubernetes API to perform the validation instead of us. If the validation fails for in-cluster objects, users could fix them in Git.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated the PR accordingly. The only downside of this approach is that existing objects which are made invalid by the new CRD will need to be abide by the new validation before the API Server allows them to be deleted.

That being said, the new rules are largely to formalise the expected format and length, and are not expected to break existing setups.

@stefanprodan
Copy link
Member

The kubeconfig.key could use the same validation.

@pjbgf
Copy link
Member Author

pjbgf commented Aug 16, 2022

The kubeconfig.key could use the same validation.

Let's do that as a separate PR.

@pjbgf pjbgf added this to the GA milestone Aug 17, 2022
makkes
makkes reviewed Aug 17, 2022
View reviewed changes
Copy link
Member

@makkes makkes left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks a lot for clarifying the context of this change!

stefanprodan
stefanprodan approved these changes Aug 17, 2022
View reviewed changes
Copy link
Member

@stefanprodan stefanprodan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Thanks @pjbgf

@pjbgf pjbgf mentioned this pull request Aug 17, 2022
Open
6 tasks
darkowlzz
darkowlzz reviewed Aug 17, 2022
View reviewed changes
controllers/helmrelease_controller_test.go Outdated
name string
resources []runtime.Object
references []v2.ValuesReference
values string
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It doesn't seem to be used in any of the cases below.

controllers/helmrelease_controller_test.go Outdated Show resolved Hide resolved
controllers/helmrelease_controller_test.go Outdated Show resolved Hide resolved
controllers/helmrelease_controller_test.go Outdated Show resolved Hide resolved
controllers/helmrelease_controller_test.go Show resolved Hide resolved
controllers/helmrelease_controller_test.go Show resolved Hide resolved
@pjbgf pjbgf force-pushed the test branch 2 times, most recently from 067854e to 451795a Compare August 17, 2022 13:22
Add validation to TargetPath and ValuesKey
3cd330c 
Formalises the API requirements around TargetPath and ValuesKey,
which were the two fields missing validation within ValuesReference.
In both cases the validation was introduced at CRD level, so that
the apiserver will enforce it.

ValuesKey must be a valid Data Key. Therefore the same logic used by
upstream Kubernetes is reused here to ensure a valid key is being used.

For TargetPath a loose regex is being used to largely represent the
expected format. A max length of 250 is now being enforced.

This is a breaking change, as invalid TargetPath and ValuesKey will now
be rejected by the apiserver, instead of being accepted and potentially
failing at reconciliation time.

Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
darkowlzz
darkowlzz approved these changes Aug 17, 2022
View reviewed changes
Copy link
Contributor

@darkowlzz darkowlzz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@pjbgf pjbgf merged commit 47320e9 into fluxcd:main Aug 17, 2022
@pjbgf pjbgf deleted the test branch August 17, 2022 13:45
@hiddeco hiddeco mentioned this pull request Oct 12, 2022
Closed
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@makkes makkes makkes approved these changes

@stefanprodan stefanprodan stefanprodan approved these changes

@darkowlzz darkowlzz darkowlzz approved these changes

Assignees
No one assigned
Labels
None yet
Projects
Maintainers' Focus
Status: Done
Milestone
Helm GA
Development

Successfully merging this pull request may close these issues.
4 participants
@pjbgf @stefanprodan @makkes @darkowlzz