mirrors/node-feature-discovery
mirrors/node-feature-discovery
1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/node-feature-discovery.git synced 2025-03-16 21:38:23 +00:00
Code Activity

nfd-master: add validation of label names and values

Browse source 
Validate labels before trying to update the node. Makes us fail early
nad prevent useless retries in case invalid labels are tried.

(backported from commit 2a3c7e4c93)
This commit is contained in:
Markus Lehtonen 2023-05-31 14:30:44 +03:00
parent 22916e62ab
commit 5b58574100
2 changed files with 17 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
pkg/nfd-master/nfd-master-internal_test.go
View file

@ -367,8 +367,10 @@ func TestSetLabels(t *testing.T) {
"random.denied.ns/feature-3": "val-3", "random.denied.ns/feature-3": "val-3",
"kubernetes.io/feature-4": "val-4", "kubernetes.io/feature-4": "val-4",
"sub.ns.kubernetes.io/feature-5": "val-5", "sub.ns.kubernetes.io/feature-5": "val-5",
vendorFeatureLabel: " val-6", vendorFeatureLabel: "val-6",
vendorProfileLabel: " val-7"} vendorProfileLabel: "val-7",
"--invalid-name--": "valid-val",
"valid-name": "--invalid-val--"}
expectedPatches := []apihelper.JsonPatch{ expectedPatches := []apihelper.JsonPatch{
apihelper.NewJsonPatch("add", "/metadata/annotations", instance+"."+nfdv1alpha1.WorkerVersionAnnotation, workerVer), apihelper.NewJsonPatch("add", "/metadata/annotations", instance+"."+nfdv1alpha1.WorkerVersionAnnotation, workerVer),
apihelper.NewJsonPatch("add", "/metadata/annotations", apihelper.NewJsonPatch("add", "/metadata/annotations",

13
pkg/nfd-master/nfd-master.go
View file

@ -39,6 +39,7 @@ import (
corev1 "k8s.io/api/core/v1" corev1 "k8s.io/api/core/v1"
k8sQuantity "k8s.io/apimachinery/pkg/api/resource" k8sQuantity "k8s.io/apimachinery/pkg/api/resource"
k8sLabels "k8s.io/apimachinery/pkg/labels" k8sLabels "k8s.io/apimachinery/pkg/labels"
k8svalidation "k8s.io/apimachinery/pkg/util/validation"
"k8s.io/client-go/kubernetes" "k8s.io/client-go/kubernetes"
restclient "k8s.io/client-go/rest" restclient "k8s.io/client-go/rest"
"k8s.io/klog/v2" "k8s.io/klog/v2"
@ -462,6 +463,12 @@ func (m *nfdMaster) filterFeatureLabels(labels Labels) (Labels, ExtendedResource
// Add possibly missing default ns // Add possibly missing default ns
label := addNs(label, nfdv1alpha1.FeatureLabelNs) label := addNs(label, nfdv1alpha1.FeatureLabelNs)
//Validate label name
if errs := k8svalidation.IsQualifiedName(label); len(errs) > 0 {
klog.Errorf("ignoring label %q, invalid name: %s", label, strings.Join(errs, "; "))
continue
}
ns, name := splitNs(label) ns, name := splitNs(label)
// Check label namespace, filter out if ns is not whitelisted // Check label namespace, filter out if ns is not whitelisted
@ -481,6 +488,12 @@ func (m *nfdMaster) filterFeatureLabels(labels Labels) (Labels, ExtendedResource
klog.Errorf("%s (%s) does not match the whitelist (%s) and will not be published.", name, label, m.config.LabelWhiteList.Regexp.String()) klog.Errorf("%s (%s) does not match the whitelist (%s) and will not be published.", name, label, m.config.LabelWhiteList.Regexp.String())
continue continue
} }
// Validate the label value
if errs := k8svalidation.IsValidLabelValue(value); len(errs) > 0 {
klog.Errorf("ignoring label %q, invalid value %q: %s", label, value, strings.Join(errs, "; "))
continue
}
outLabels[label] = value outLabels[label] = value
} }