mirror of
https://github.com/kubernetes-sigs/node-feature-discovery.git
synced 2025-03-17 05:48:21 +00:00
Merge pull request #1233 from marquiz/release-0.13
[release-0.13] nfd-master: add validation of label names and values
This commit is contained in:
commit
4f4cd46f13
2 changed files with 17 additions and 2 deletions
|
@ -367,8 +367,10 @@ func TestSetLabels(t *testing.T) {
|
||||||
"random.denied.ns/feature-3": "val-3",
|
"random.denied.ns/feature-3": "val-3",
|
||||||
"kubernetes.io/feature-4": "val-4",
|
"kubernetes.io/feature-4": "val-4",
|
||||||
"sub.ns.kubernetes.io/feature-5": "val-5",
|
"sub.ns.kubernetes.io/feature-5": "val-5",
|
||||||
vendorFeatureLabel: " val-6",
|
vendorFeatureLabel: "val-6",
|
||||||
vendorProfileLabel: " val-7"}
|
vendorProfileLabel: "val-7",
|
||||||
|
"--invalid-name--": "valid-val",
|
||||||
|
"valid-name": "--invalid-val--"}
|
||||||
expectedPatches := []apihelper.JsonPatch{
|
expectedPatches := []apihelper.JsonPatch{
|
||||||
apihelper.NewJsonPatch("add", "/metadata/annotations", instance+"."+nfdv1alpha1.WorkerVersionAnnotation, workerVer),
|
apihelper.NewJsonPatch("add", "/metadata/annotations", instance+"."+nfdv1alpha1.WorkerVersionAnnotation, workerVer),
|
||||||
apihelper.NewJsonPatch("add", "/metadata/annotations",
|
apihelper.NewJsonPatch("add", "/metadata/annotations",
|
||||||
|
|
|
@ -39,6 +39,7 @@ import (
|
||||||
corev1 "k8s.io/api/core/v1"
|
corev1 "k8s.io/api/core/v1"
|
||||||
k8sQuantity "k8s.io/apimachinery/pkg/api/resource"
|
k8sQuantity "k8s.io/apimachinery/pkg/api/resource"
|
||||||
k8sLabels "k8s.io/apimachinery/pkg/labels"
|
k8sLabels "k8s.io/apimachinery/pkg/labels"
|
||||||
|
k8svalidation "k8s.io/apimachinery/pkg/util/validation"
|
||||||
"k8s.io/client-go/kubernetes"
|
"k8s.io/client-go/kubernetes"
|
||||||
restclient "k8s.io/client-go/rest"
|
restclient "k8s.io/client-go/rest"
|
||||||
"k8s.io/klog/v2"
|
"k8s.io/klog/v2"
|
||||||
|
@ -462,6 +463,12 @@ func (m *nfdMaster) filterFeatureLabels(labels Labels) (Labels, ExtendedResource
|
||||||
// Add possibly missing default ns
|
// Add possibly missing default ns
|
||||||
label := addNs(label, nfdv1alpha1.FeatureLabelNs)
|
label := addNs(label, nfdv1alpha1.FeatureLabelNs)
|
||||||
|
|
||||||
|
//Validate label name
|
||||||
|
if errs := k8svalidation.IsQualifiedName(label); len(errs) > 0 {
|
||||||
|
klog.Errorf("ignoring label %q, invalid name: %s", label, strings.Join(errs, "; "))
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
|
||||||
ns, name := splitNs(label)
|
ns, name := splitNs(label)
|
||||||
|
|
||||||
// Check label namespace, filter out if ns is not whitelisted
|
// Check label namespace, filter out if ns is not whitelisted
|
||||||
|
@ -481,6 +488,12 @@ func (m *nfdMaster) filterFeatureLabels(labels Labels) (Labels, ExtendedResource
|
||||||
klog.Errorf("%s (%s) does not match the whitelist (%s) and will not be published.", name, label, m.config.LabelWhiteList.Regexp.String())
|
klog.Errorf("%s (%s) does not match the whitelist (%s) and will not be published.", name, label, m.config.LabelWhiteList.Regexp.String())
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Validate the label value
|
||||||
|
if errs := k8svalidation.IsValidLabelValue(value); len(errs) > 0 {
|
||||||
|
klog.Errorf("ignoring label %q, invalid value %q: %s", label, value, strings.Join(errs, "; "))
|
||||||
|
continue
|
||||||
|
}
|
||||||
outLabels[label] = value
|
outLabels[label] = value
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Add table
Reference in a new issue