Skip to content

Commit

Permalink
An incorrect regex validation prevents
Browse files Browse the repository at this point in the history 
users from specifying AWS tag keys or
values that include spaces, which are
allowed by AWS's official regex:

https://docs.aws.amazon.com/directoryservice/latest/devguide/API_Tag.html

This also updates some further validations that were missing and adds
godoc text.
  • Loading branch information
@patrickdillon
patrickdillon committed Jan 10, 2025
1 parent c1a063b commit c7319b5
Show file tree
Hide file tree
Showing 41 changed files with 697 additions and 158 deletions.
11 changes: 7 additions & 4 deletions config/v1/types_infrastructure.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -528,18 +528,21 @@ type AWSPlatformStatus struct {

// AWSResourceTag is a tag to apply to AWS resources created for the cluster.
type AWSResourceTag struct {
// key is the key of the tag
// key sets the key of the AWS resource tag key-value pair. Key is required when defining an AWS resource tag.
// Length Constraints: Minimum length of 1. Maximum length of 128.
// The string can contain only the set of Unicode letters, digits, white-space, '_', '.', '/', '=', '+', '-', ':', '@' and cannot be prefixed with 'aws:'.
// +kubebuilder:validation:MinLength=1
// +kubebuilder:validation:MaxLength=128
// +kubebuilder:validation:Pattern=`^[0-9A-Za-z_.:/=+-@]+$`
// +kubebuilder:validation:XValidation:rule=`self.matches('^[0-9A-Za-z_.:/=+-@ ]+$')`,message="invalid AWS resource tag key. The string can contain only the set of Unicode letters, digits, white-space, '_', '.', '/', '=', '+', '-', ':', '@' and cannot be prefixed with 'aws:'"
// +required
Key string `json:"key"`
// value is the value of the tag.
// value sets the value of the AWS resource tag key-value pair. Value is required when defining an AWS resource tag.
// The string can contain only the set of Unicode letters, digits, white-space, '_', '.', '/', '=', '+', '-', ':','@'.
// Some AWS service do not support empty values. Since tags are added to resources in many services, the
// length of the tag value must meet the requirements of all services.
// +kubebuilder:validation:MinLength=1
// +kubebuilder:validation:MaxLength=256
// +kubebuilder:validation:Pattern=`^[0-9A-Za-z_.:/=+-@]+$`
// +kubebuilder:validation:XValidation:rule=`self.matches('^[0-9A-Za-z_.:/=+-@ ]+$')`,message="invalid AWS resource tag value. The string can contain only the set of Unicode letters, digits, white-space, '_', '.', '/', '=', '+', '-', ':', '@'"
// +required
Value string `json:"value"`
}
Expand Down
22 changes: 18 additions & 4 deletions ...nerated.crd-manifests/0000_10_config-operator_01_infrastructures-CustomNoUpgrade.crd.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1305,20 +1305,34 @@ spec:
created for the cluster.
properties:
key:
description: key is the key of the tag
description: |-
key sets the key of the AWS resource tag key-value pair. Key is required when defining an AWS resource tag.
Length Constraints: Minimum length of 1. Maximum length of 128.
The string can contain only the set of Unicode letters, digits, white-space, '_', '.', '/', '=', '+', '-', ':', '@' and cannot be prefixed with 'aws:'.
maxLength: 128
minLength: 1
pattern: ^[0-9A-Za-z_.:/=+-@]+$
type: string
x-kubernetes-validations:
- message: invalid AWS resource tag key. The string
can contain only the set of Unicode letters, digits,
white-space, '_', '.', '/', '=', '+', '-', ':',
'@' and cannot be prefixed with 'aws:'
rule: self.matches('^[0-9A-Za-z_.:/=+-@ ]+$')
value:
description: |-
value is the value of the tag.
value sets the value of the AWS resource tag key-value pair. Value is required when defining an AWS resource tag.
The string can contain only the set of Unicode letters, digits, white-space, '_', '.', '/', '=', '+', '-', ':','@'.
Some AWS service do not support empty values. Since tags are added to resources in many services, the
length of the tag value must meet the requirements of all services.
maxLength: 256
minLength: 1
pattern: ^[0-9A-Za-z_.:/=+-@]+$
type: string
x-kubernetes-validations:
- message: invalid AWS resource tag value. The string
can contain only the set of Unicode letters, digits,
white-space, '_', '.', '/', '=', '+', '-', ':',
'@'
rule: self.matches('^[0-9A-Za-z_.:/=+-@ ]+$')
required:
- key
- value
Expand Down
22 changes: 18 additions & 4 deletions ...v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-Default.crd.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1185,20 +1185,34 @@ spec:
created for the cluster.
properties:
key:
description: key is the key of the tag
description: |-
key sets the key of the AWS resource tag key-value pair. Key is required when defining an AWS resource tag.
Length Constraints: Minimum length of 1. Maximum length of 128.
The string can contain only the set of Unicode letters, digits, white-space, '_', '.', '/', '=', '+', '-', ':', '@' and cannot be prefixed with 'aws:'.
maxLength: 128
minLength: 1
pattern: ^[0-9A-Za-z_.:/=+-@]+$
type: string
x-kubernetes-validations:
- message: invalid AWS resource tag key. The string
can contain only the set of Unicode letters, digits,
white-space, '_', '.', '/', '=', '+', '-', ':',
'@' and cannot be prefixed with 'aws:'
rule: self.matches('^[0-9A-Za-z_.:/=+-@ ]+$')
value:
description: |-
value is the value of the tag.
value sets the value of the AWS resource tag key-value pair. Value is required when defining an AWS resource tag.
The string can contain only the set of Unicode letters, digits, white-space, '_', '.', '/', '=', '+', '-', ':','@'.
Some AWS service do not support empty values. Since tags are added to resources in many services, the
length of the tag value must meet the requirements of all services.
maxLength: 256
minLength: 1
pattern: ^[0-9A-Za-z_.:/=+-@]+$
type: string
x-kubernetes-validations:
- message: invalid AWS resource tag value. The string
can contain only the set of Unicode letters, digits,
white-space, '_', '.', '/', '=', '+', '-', ':',
'@'
rule: self.matches('^[0-9A-Za-z_.:/=+-@ ]+$')
required:
- key
- value
Expand Down
22 changes: 18 additions & 4 deletions ...ted.crd-manifests/0000_10_config-operator_01_infrastructures-DevPreviewNoUpgrade.crd.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1305,20 +1305,34 @@ spec:
created for the cluster.
properties:
key:
description: key is the key of the tag
description: |-
key sets the key of the AWS resource tag key-value pair. Key is required when defining an AWS resource tag.
Length Constraints: Minimum length of 1. Maximum length of 128.
The string can contain only the set of Unicode letters, digits, white-space, '_', '.', '/', '=', '+', '-', ':', '@' and cannot be prefixed with 'aws:'.
maxLength: 128
minLength: 1
pattern: ^[0-9A-Za-z_.:/=+-@]+$
type: string
x-kubernetes-validations:
- message: invalid AWS resource tag key. The string
can contain only the set of Unicode letters, digits,
white-space, '_', '.', '/', '=', '+', '-', ':',
'@' and cannot be prefixed with 'aws:'
rule: self.matches('^[0-9A-Za-z_.:/=+-@ ]+$')
value:
description: |-
value is the value of the tag.
value sets the value of the AWS resource tag key-value pair. Value is required when defining an AWS resource tag.
The string can contain only the set of Unicode letters, digits, white-space, '_', '.', '/', '=', '+', '-', ':','@'.
Some AWS service do not support empty values. Since tags are added to resources in many services, the
length of the tag value must meet the requirements of all services.
maxLength: 256
minLength: 1
pattern: ^[0-9A-Za-z_.:/=+-@]+$
type: string
x-kubernetes-validations:
- message: invalid AWS resource tag value. The string
can contain only the set of Unicode letters, digits,
white-space, '_', '.', '/', '=', '+', '-', ':',
'@'
rule: self.matches('^[0-9A-Za-z_.:/=+-@ ]+$')
required:
- key
- value
Expand Down
22 changes: 18 additions & 4 deletions ...ed.crd-manifests/0000_10_config-operator_01_infrastructures-TechPreviewNoUpgrade.crd.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1305,20 +1305,34 @@ spec:
created for the cluster.
properties:
key:
description: key is the key of the tag
description: |-
key sets the key of the AWS resource tag key-value pair. Key is required when defining an AWS resource tag.
Length Constraints: Minimum length of 1. Maximum length of 128.
The string can contain only the set of Unicode letters, digits, white-space, '_', '.', '/', '=', '+', '-', ':', '@' and cannot be prefixed with 'aws:'.
maxLength: 128
minLength: 1
pattern: ^[0-9A-Za-z_.:/=+-@]+$
type: string
x-kubernetes-validations:
- message: invalid AWS resource tag key. The string
can contain only the set of Unicode letters, digits,
white-space, '_', '.', '/', '=', '+', '-', ':',
'@' and cannot be prefixed with 'aws:'
rule: self.matches('^[0-9A-Za-z_.:/=+-@ ]+$')
value:
description: |-
value is the value of the tag.
value sets the value of the AWS resource tag key-value pair. Value is required when defining an AWS resource tag.
The string can contain only the set of Unicode letters, digits, white-space, '_', '.', '/', '=', '+', '-', ':','@'.
Some AWS service do not support empty values. Since tags are added to resources in many services, the
length of the tag value must meet the requirements of all services.
maxLength: 256
minLength: 1
pattern: ^[0-9A-Za-z_.:/=+-@]+$
type: string
x-kubernetes-validations:
- message: invalid AWS resource tag value. The string
can contain only the set of Unicode letters, digits,
white-space, '_', '.', '/', '=', '+', '-', ':',
'@'
rule: self.matches('^[0-9A-Za-z_.:/=+-@ ]+$')
required:
- key
- value
Expand Down
22 changes: 18 additions & 4 deletions ...generated.featuregated-crd-manifests/infrastructures.config.openshift.io/AAA_ungated.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1158,20 +1158,34 @@ spec:
created for the cluster.
properties:
key:
description: key is the key of the tag
description: |-
key sets the key of the AWS resource tag key-value pair. Key is required when defining an AWS resource tag.
Length Constraints: Minimum length of 1. Maximum length of 128.
The string can contain only the set of Unicode letters, digits, white-space, '_', '.', '/', '=', '+', '-', ':', '@' and cannot be prefixed with 'aws:'.
maxLength: 128
minLength: 1
pattern: ^[0-9A-Za-z_.:/=+-@]+$
type: string
x-kubernetes-validations:
- message: invalid AWS resource tag key. The string
can contain only the set of Unicode letters, digits,
white-space, '_', '.', '/', '=', '+', '-', ':',
'@' and cannot be prefixed with 'aws:'
rule: self.matches('^[0-9A-Za-z_.:/=+-@ ]+$')
value:
description: |-
value is the value of the tag.
value sets the value of the AWS resource tag key-value pair. Value is required when defining an AWS resource tag.
The string can contain only the set of Unicode letters, digits, white-space, '_', '.', '/', '=', '+', '-', ':','@'.
Some AWS service do not support empty values. Since tags are added to resources in many services, the
length of the tag value must meet the requirements of all services.
maxLength: 256
minLength: 1
pattern: ^[0-9A-Za-z_.:/=+-@]+$
type: string
x-kubernetes-validations:
- message: invalid AWS resource tag value. The string
can contain only the set of Unicode letters, digits,
white-space, '_', '.', '/', '=', '+', '-', ':',
'@'
rule: self.matches('^[0-9A-Za-z_.:/=+-@ ]+$')
required:
- key
- value
Expand Down
22 changes: 18 additions & 4 deletions ...d.featuregated-crd-manifests/infrastructures.config.openshift.io/AWSClusterHostedDNS.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1255,20 +1255,34 @@ spec:
created for the cluster.
properties:
key:
description: key is the key of the tag
description: |-
key sets the key of the AWS resource tag key-value pair. Key is required when defining an AWS resource tag.
Length Constraints: Minimum length of 1. Maximum length of 128.
The string can contain only the set of Unicode letters, digits, white-space, '_', '.', '/', '=', '+', '-', ':', '@' and cannot be prefixed with 'aws:'.
maxLength: 128
minLength: 1
pattern: ^[0-9A-Za-z_.:/=+-@]+$
type: string
x-kubernetes-validations:
- message: invalid AWS resource tag key. The string
can contain only the set of Unicode letters, digits,
white-space, '_', '.', '/', '=', '+', '-', ':',
'@' and cannot be prefixed with 'aws:'
rule: self.matches('^[0-9A-Za-z_.:/=+-@ ]+$')
value:
description: |-
value is the value of the tag.
value sets the value of the AWS resource tag key-value pair. Value is required when defining an AWS resource tag.
The string can contain only the set of Unicode letters, digits, white-space, '_', '.', '/', '=', '+', '-', ':','@'.
Some AWS service do not support empty values. Since tags are added to resources in many services, the
length of the tag value must meet the requirements of all services.
maxLength: 256
minLength: 1
pattern: ^[0-9A-Za-z_.:/=+-@]+$
type: string
x-kubernetes-validations:
- message: invalid AWS resource tag value. The string
can contain only the set of Unicode letters, digits,
white-space, '_', '.', '/', '=', '+', '-', ':',
'@'
rule: self.matches('^[0-9A-Za-z_.:/=+-@ ]+$')
required:
- key
- value
Expand Down
Loading

0 comments on commit c7319b5

Please sign in to comment.