Add validation to CSV name length (openshift#134)

dinhxuanvu · timflannagan · commit 65673206bbd2 · 2021-07-13T12:50:40.000-04:00
* Add validation to CSV name length

Given CSV's name is used as label for OLM, its length should be
validated to ensure it's not over the label character limit
which is currently set at 63 character.

This commit will enable CSV validation returning an error if CSV's
name is more than 63 characters.

Signed-off-by: Vu Dinh &lt;vudinh@outlook.com&gt;

* Add unit test for CSV with bad name

The unit test is targeted with CSV with name that is over 63
characters limit.

Signed-off-by: Vu Dinh &lt;vudinh@outlook.com&gt;

Upstream-repository: api
Upstream-commit: db8dead7a7c5091f2ce48fef369af973ee2a4f13
diff --git a/staging/api/pkg/validation/internal/csv.go b/staging/api/pkg/validation/internal/csv.go
@@ -32,11 +32,11 @@ func validateCSVs(objs ...interface{}) (results []errors.ManifestResult) {
 func validateCSV(csv *v1alpha1.ClusterServiceVersion) errors.ManifestResult {
 	result := errors.ManifestResult{Name: csv.GetName()}
 	// Ensure CSV names are of the correct format.
-	if err := parseCSVNameFormat(csv.GetName()); err != (errors.Error{}) {
+	if err := parseCSVNameFormat(csv.GetName()); err != nil {
 		result.Add(errors.ErrInvalidCSV(fmt.Sprintf("metadata.name %s", err), csv.GetName()))
 	}
 	if replaces := csv.Spec.Replaces; replaces != "" {
-		if err := parseCSVNameFormat(replaces); err != (errors.Error{}) {
+		if err := parseCSVNameFormat(replaces); err != nil {
 			result.Add(errors.ErrInvalidCSV(fmt.Sprintf("spec.replaces %s", err), csv.GetName()))
 		}
 	}
@@ -52,10 +52,15 @@ func validateCSV(csv *v1alpha1.ClusterServiceVersion) errors.ManifestResult {
 }
 
 func parseCSVNameFormat(name string) error {
-	if violations := k8svalidation.IsDNS1123Subdomain(name); len(violations) != 0 {
-		return fmt.Errorf("%q is invalid:\n%s", name, violations)
+	var errStrs []string
+	errStrs = append(errStrs, k8svalidation.IsDNS1123Subdomain(name)...)
+	// Give CSV name is used as label value, it should be validated
+	errStrs = append(errStrs, k8svalidation.IsValidLabelValue(name)...)
+
+	if len(errStrs) > 0 {
+		return fmt.Errorf("%q is invalid: %s", name, strings.Join(errStrs, ","))
 	}
-	return errors.Error{}
+	return nil
 }
 
 // checkFields runs checkEmptyFields and returns its errors.
diff --git a/staging/api/pkg/validation/internal/csv_test.go b/staging/api/pkg/validation/internal/csv_test.go
@@ -61,6 +61,16 @@ func TestValidateCSV(t *testing.T) {
 			},
 			filepath.Join("testdata", "badAnnotationNames.csv.yaml"),
 		},
+		{
+			validatorFuncTest{
+				description: "csv with name over 63 characters limit",
+				wantErr:     true,
+				errors: []errors.Error{
+					errors.ErrInvalidCSV(`metadata.name "someoperatorwithanextremelylongnamethatmakenosensewhatsoever.v999.999.999" is invalid: must be no more than 63 characters`, "someoperatorwithanextremelylongnamethatmakenosensewhatsoever.v999.999.999"),
+				},
+			},
+			filepath.Join("testdata", "badName.csv.yaml"),
+		},
 	}
 	for _, c := range cases {
 		b, err := ioutil.ReadFile(c.csvPath)
diff --git a/staging/api/pkg/validation/internal/testdata/badName.csv.yaml b/staging/api/pkg/validation/internal/testdata/badName.csv.yaml
@@ -0,0 +1,90 @@
+#! validate-crd: deploy/chart/templates/0000_30_02-clusterserviceversion.crd.yaml
+#! parse-kind: ClusterServiceVersion
+apiVersion: operators.coreos.com/v1alpha1
+kind: ClusterServiceVersion
+metadata:
+  name: someoperatorwithanextremelylongnamethatmakenosensewhatsoever.v999.999.999
+  namespace: placeholder
+  annotations:
+    capabilities: Full Lifecycle
+    tectonic-visibility: ocs
+    alm-examples: '[{"apiVersion":"etcd.database.coreos.com/v1beta2","kind":"EtcdCluster","metadata":{"name":"example","namespace":"default"},"spec":{"size":3,"version":"3.2.13"}},{"apiVersion":"etcd.database.coreos.com/v1beta2","kind":"EtcdRestore","metadata":{"name":"example-etcd-cluster"},"spec":{"etcdCluster":{"name":"example-etcd-cluster"},"backupStorageType":"S3","s3":{"path":"<full-s3-path>","awsSecret":"<aws-secret>"}}},{"apiVersion":"etcd.database.coreos.com/v1beta2","kind":"EtcdBackup","metadata":{"name":"example-etcd-cluster-backup"},"spec":{"etcdEndpoints":["<etcd-cluster-endpoints>"],"storageType":"S3","s3":{"path":"<full-s3-path>","awsSecret":"<aws-secret>"}}}]'
+    description: etcd is a distributed key value store providing a reliable way to store data across a cluster of machines.
+spec:
+  displayName: etcd
+  description: something
+  keywords: ['etcd', 'key value', 'database', 'coreos', 'open source']
+  version: 0.9.0
+  icon:
+  - base64data: N8AmEL9X4ABACNSKMHAgb34AAAAAElFTkSuQmCC
+    mediatype: image/png
+  installModes:
+  - type: OwnNamespace
+    supported: true
+  - type: SingleNamespace
+    supported: true
+  - type: MultiNamespace
+    supported: false
+  - type: AllNamespaces
+    supported: true
+  install:
+    strategy: deployment
+    spec:
+      permissions:
+      - serviceAccountName: etcd-operator
+        rules:
+        - apiGroups:
+          - etcd.database.coreos.com
+          resources:
+          - etcdclusters
+          - etcdbackups
+          - etcdrestores
+          verbs:
+          - "*"
+        - apiGroups:
+          - ""
+          resources:
+          - pods
+          - services
+          - endpoints
+          - persistentvolumeclaims
+          - events
+          verbs:
+          - "*"
+        - apiGroups:
+          - apps
+          resources:
+          - deployments
+          verbs:
+          - "*"
+        - apiGroups:
+          - ""
+          resources:
+          - secrets
+          verbs:
+          - get
+      deployments:
+      - name: etcd-operator
+        spec:
+          replicas: 1
+          selector:
+            matchLabels:
+              name: etcd-operator-alm-owned
+          template:
+            metadata:
+              name: etcd-operator-alm-owned
+              labels:
+                name: etcd-operator-alm-owned
+            spec:
+              serviceAccountName: etcd-operator
+  customresourcedefinitions:
+    owned:
+    - name: etcdclusters.etcd.database.coreos.com
+      version: v1beta2
+      kind: EtcdCluster
+    - name: etcdbackups.etcd.database.coreos.com
+      version: v1beta2
+      kind: EtcdBackup
+    - name: etcdrestores.etcd.database.coreos.com
+      version: v1beta2
+      kind: EtcdRestore

Original file line number	Diff line number	Diff line change
`@@ -32,11 +32,11 @@ func validateCSVs(objs ...interface{}) (results []errors.ManifestResult) {`
`32`	`32`	`func validateCSV(csv *v1alpha1.ClusterServiceVersion) errors.ManifestResult {`
`33`	`33`	`result := errors.ManifestResult{Name: csv.GetName()}`
`34`	`34`	`// Ensure CSV names are of the correct format.`
`35`		`- if err := parseCSVNameFormat(csv.GetName()); err != (errors.Error{}) {`
	`35`	`+ if err := parseCSVNameFormat(csv.GetName()); err != nil {`
`36`	`36`	`result.Add(errors.ErrInvalidCSV(fmt.Sprintf("metadata.name %s", err), csv.GetName()))`
`37`	`37`	`}`
`38`	`38`	`if replaces := csv.Spec.Replaces; replaces != "" {`
`39`		`- if err := parseCSVNameFormat(replaces); err != (errors.Error{}) {`
	`39`	`+ if err := parseCSVNameFormat(replaces); err != nil {`
`40`	`40`	`result.Add(errors.ErrInvalidCSV(fmt.Sprintf("spec.replaces %s", err), csv.GetName()))`
`41`	`41`	`}`
`42`	`42`	`}`
`@@ -52,10 +52,15 @@ func validateCSV(csv *v1alpha1.ClusterServiceVersion) errors.ManifestResult {`
`52`	`52`	`}`
`53`	`53`
`54`	`54`	`func parseCSVNameFormat(name string) error {`
`55`		`- if violations := k8svalidation.IsDNS1123Subdomain(name); len(violations) != 0 {`
`56`		`- return fmt.Errorf("%q is invalid:\n%s", name, violations)`
	`55`	`+ var errStrs []string`
	`56`	`+ errStrs = append(errStrs, k8svalidation.IsDNS1123Subdomain(name)...)`
	`57`	`+ // Give CSV name is used as label value, it should be validated`
	`58`	`+ errStrs = append(errStrs, k8svalidation.IsValidLabelValue(name)...)`
	`59`	`+`
	`60`	`+ if len(errStrs) > 0 {`
	`61`	`+ return fmt.Errorf("%q is invalid: %s", name, strings.Join(errStrs, ","))`
`57`	`62`	`}`
`58`		`- return errors.Error{}`
	`63`	`+ return nil`
`59`	`64`	`}`
`60`	`65`
`61`	`66`	`// checkFields runs checkEmptyFields and returns its errors.`