Skip to content

Commit

Permalink
Fix validation for annotations (kubermatic#6880)
Browse files Browse the repository at this point in the history 
Signed-off-by: Waleed Malik <[email protected]>
  • Loading branch information
@ahmedwaleedmalik
ahmedwaleedmalik authored Sep 25, 2024
1 parent ba64ad2 commit 95591cc
Show file tree
Hide file tree
Showing 7 changed files with 20 additions and 8 deletions.
2 changes: 1 addition & 1 deletion modules/api/go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -69,7 +69,7 @@ require (
google.golang.org/api v0.197.0
gopkg.in/yaml.v3 v3.0.1
k8c.io/kubeone v1.7.3
k8c.io/kubermatic/v2 v2.26.0-beta.1.0.20240919150623-b92c4ba58bd1
k8c.io/kubermatic/v2 v2.26.0-beta.2
k8c.io/machine-controller v1.59.1-0.20240913134034-7f090ad5fc65
k8c.io/operating-system-manager v1.5.1-0.20240822183214-db378951daf3
k8c.io/reconciler v0.5.0
Expand Down
4 changes: 2 additions & 2 deletions modules/api/go.sum
View file
Original file line number Diff line number Diff line change
Expand Up @@ -948,8 +948,8 @@ honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWh
honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
k8c.io/kubeone v1.7.3 h1:KZ2Q6LQMxoiFf9UQ3ugqjid39NccduhJ50bdbP5tdIU=
k8c.io/kubeone v1.7.3/go.mod h1:9v2VFz/+l36cW65kd5YufEYHunbKlJ6P8SBakj05xgM=
k8c.io/kubermatic/v2 v2.26.0-beta.1.0.20240919150623-b92c4ba58bd1 h1:5g6Kjkf3aCDW2XOBjWGuEtItG50Dpd1NW8RzOiXnVrw=
k8c.io/kubermatic/v2 v2.26.0-beta.1.0.20240919150623-b92c4ba58bd1/go.mod h1:NgOHBH0tiXyslq5hO95B1Wv0Q/2YKg9WYzTCAT3UyNg=
k8c.io/kubermatic/v2 v2.26.0-beta.2 h1:uncGmMpw4E48BRA/FJgXUaS+OWAJ2mmdiQjY38qU0Pg=
k8c.io/kubermatic/v2 v2.26.0-beta.2/go.mod h1:NgOHBH0tiXyslq5hO95B1Wv0Q/2YKg9WYzTCAT3UyNg=
k8c.io/machine-controller v1.59.1-0.20240913134034-7f090ad5fc65 h1:aCWLkD64iRco4OrwXDjGYTniubd2OoieZCw4Gmw/gjI=
k8c.io/machine-controller v1.59.1-0.20240913134034-7f090ad5fc65/go.mod h1:j9SHRLpzFj5wOMlhdPJL+ub08P8rvVvQOFtg7JaLYb4=
k8c.io/operating-system-manager v1.5.1-0.20240822183214-db378951daf3 h1:A9V4pXMVwWpmcyX6vq/B81rxIf/BeIjcv09K9z35A+0=
Expand Down
1 change: 1 addition & 0 deletions modules/api/pkg/handler/v1/admin/settings.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -231,5 +231,6 @@ func addDefaultAnnotations(annotations *kubermaticv1.AnnotationSettings) {
annotations.HiddenAnnotations = append(annotations.HiddenAnnotations, corev1.LastAppliedConfigAnnotation)
annotations.HiddenAnnotations = append(annotations.HiddenAnnotations, kubermaticv1.InitialApplicationInstallationsRequestAnnotation)
annotations.HiddenAnnotations = append(annotations.HiddenAnnotations, kubermaticv1.InitialMachineDeploymentRequestAnnotation)
annotations.HiddenAnnotations = append(annotations.HiddenAnnotations, kubermaticv1.InitialCNIValuesRequestAnnotation)
}
}
8 changes: 4 additions & 4 deletions modules/api/pkg/handler/v1/admin/settings_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,15 +43,15 @@ func TestGetGlobalSettings(t *testing.T) {
// scenario 1
{
name: "scenario 1: user gets settings first time",
expectedResponse: `{"customLinks":[],"defaultNodeCount":2,"displayDemoInfo":false,"displayAPIDocs":false,"displayTermsOfService":false,"enableDashboard":true,"enableOIDCKubeconfig":false,"userProjectsLimit":0,"restrictProjectCreation":false,"restrictProjectDeletion":false,"enableExternalClusterImport":true,"cleanupOptions":{},"opaOptions":{},"mlaOptions":{},"mlaAlertmanagerPrefix":"","mlaGrafanaPrefix":"","notifications":{},"providerConfiguration":{"openStack":{},"vmwareCloudDirector":{}},"webTerminalOptions":{"enabled":false},"machineDeploymentVMResourceQuota":{"minCPU":2,"maxCPU":32,"minRAM":2,"maxRAM":128,"enableGPU":false},"machineDeploymentOptions":{},"annotations":{"hiddenAnnotations":["kubectl.kubernetes.io/last-applied-configuration","kubermatic.io/initial-application-installations-request","kubermatic.io/initial-machinedeployment-request"],"protectedAnnotations":["presetName"]}}`,
expectedResponse: `{"customLinks":[],"defaultNodeCount":2,"displayDemoInfo":false,"displayAPIDocs":false,"displayTermsOfService":false,"enableDashboard":true,"enableOIDCKubeconfig":false,"userProjectsLimit":0,"restrictProjectCreation":false,"restrictProjectDeletion":false,"enableExternalClusterImport":true,"cleanupOptions":{},"opaOptions":{},"mlaOptions":{},"mlaAlertmanagerPrefix":"","mlaGrafanaPrefix":"","notifications":{},"providerConfiguration":{"openStack":{},"vmwareCloudDirector":{}},"webTerminalOptions":{"enabled":false},"machineDeploymentVMResourceQuota":{"minCPU":2,"maxCPU":32,"minRAM":2,"maxRAM":128,"enableGPU":false},"machineDeploymentOptions":{},"annotations":{"hiddenAnnotations":["kubectl.kubernetes.io/last-applied-configuration","kubermatic.io/initial-application-installations-request","kubermatic.io/initial-machinedeployment-request","kubermatic.io/initial-cni-values-request"],"protectedAnnotations":["presetName"]}}`,
httpStatus: http.StatusOK,
existingKubermaticObjs: []ctrlruntimeclient.Object{genUser("Bob", "[email protected]", true)},
existingAPIUser: test.GenDefaultAPIUser(),
},
// scenario 2
{
name: "scenario 2: user gets existing global settings",
expectedResponse: `{"customLinks":[{"label":"label","url":"url:label","icon":"icon","location":"EU"}],"defaultNodeCount":5,"displayDemoInfo":true,"displayAPIDocs":true,"displayTermsOfService":true,"enableDashboard":false,"enableShareCluster":true,"enableOIDCKubeconfig":false,"enableEtcdBackup":true,"userProjectsLimit":0,"restrictProjectCreation":false,"restrictProjectDeletion":false,"enableExternalClusterImport":true,"cleanupOptions":{"enabled":true,"enforced":true},"opaOptions":{"enabled":true,"enforced":true},"mlaOptions":{"loggingEnabled":true,"loggingEnforced":true,"monitoringEnabled":true,"monitoringEnforced":true},"mlaAlertmanagerPrefix":"","mlaGrafanaPrefix":"","notifications":{},"providerConfiguration":{"openStack":{},"vmwareCloudDirector":{}},"defaultQuota":{"quota":{"cpu":2,"memory":5,"storage":10}},"machineDeploymentOptions":{},"annotations":{"hiddenAnnotations":["kubectl.kubernetes.io/last-applied-configuration","kubermatic.io/initial-application-installations-request","kubermatic.io/initial-machinedeployment-request"],"protectedAnnotations":["presetName"]}}`,
expectedResponse: `{"customLinks":[{"label":"label","url":"url:label","icon":"icon","location":"EU"}],"defaultNodeCount":5,"displayDemoInfo":true,"displayAPIDocs":true,"displayTermsOfService":true,"enableDashboard":false,"enableShareCluster":true,"enableOIDCKubeconfig":false,"enableEtcdBackup":true,"userProjectsLimit":0,"restrictProjectCreation":false,"restrictProjectDeletion":false,"enableExternalClusterImport":true,"cleanupOptions":{"enabled":true,"enforced":true},"opaOptions":{"enabled":true,"enforced":true},"mlaOptions":{"loggingEnabled":true,"loggingEnforced":true,"monitoringEnabled":true,"monitoringEnforced":true},"mlaAlertmanagerPrefix":"","mlaGrafanaPrefix":"","notifications":{},"providerConfiguration":{"openStack":{},"vmwareCloudDirector":{}},"defaultQuota":{"quota":{"cpu":2,"memory":5,"storage":10}},"machineDeploymentOptions":{},"annotations":{"hiddenAnnotations":["kubectl.kubernetes.io/last-applied-configuration","kubermatic.io/initial-application-installations-request","kubermatic.io/initial-machinedeployment-request","kubermatic.io/initial-cni-values-request"],"protectedAnnotations":["presetName"]}}`,
httpStatus: http.StatusOK,
existingKubermaticObjs: []ctrlruntimeclient.Object{genUser("Bob", "[email protected]", true),
test.GenDefaultGlobalSettings()},
Expand Down Expand Up @@ -107,7 +107,7 @@ func TestUpdateGlobalSettings(t *testing.T) {
{
name: "scenario 2: authorized user updates default settings",
body: `{"customLinks":[{"label":"label","url":"url:label","icon":"icon","location":"EU"}],"cleanupOptions":{"enabled":true,"enforced":true},"defaultNodeCount":100,"displayDemoInfo":false,"displayAPIDocs":false,"displayTermsOfService":true,"machineDeploymentOptions":{}}`,
expectedResponse: `{"customLinks":[{"label":"label","url":"url:label","icon":"icon","location":"EU"}],"defaultNodeCount":100,"displayDemoInfo":false,"displayAPIDocs":false,"displayTermsOfService":true,"enableDashboard":true,"enableOIDCKubeconfig":false,"userProjectsLimit":0,"restrictProjectCreation":false,"restrictProjectDeletion":false,"enableExternalClusterImport":true,"cleanupOptions":{"enabled":true,"enforced":true},"opaOptions":{},"mlaOptions":{},"mlaAlertmanagerPrefix":"","mlaGrafanaPrefix":"","notifications":{},"providerConfiguration":{"openStack":{},"vmwareCloudDirector":{}},"webTerminalOptions":{"enabled":false},"machineDeploymentVMResourceQuota":{"minCPU":2,"maxCPU":32,"minRAM":2,"maxRAM":128,"enableGPU":false},"machineDeploymentOptions":{},"annotations":{"hiddenAnnotations":["kubectl.kubernetes.io/last-applied-configuration","kubermatic.io/initial-application-installations-request","kubermatic.io/initial-machinedeployment-request"],"protectedAnnotations":["presetName"]}}`,
expectedResponse: `{"customLinks":[{"label":"label","url":"url:label","icon":"icon","location":"EU"}],"defaultNodeCount":100,"displayDemoInfo":false,"displayAPIDocs":false,"displayTermsOfService":true,"enableDashboard":true,"enableOIDCKubeconfig":false,"userProjectsLimit":0,"restrictProjectCreation":false,"restrictProjectDeletion":false,"enableExternalClusterImport":true,"cleanupOptions":{"enabled":true,"enforced":true},"opaOptions":{},"mlaOptions":{},"mlaAlertmanagerPrefix":"","mlaGrafanaPrefix":"","notifications":{},"providerConfiguration":{"openStack":{},"vmwareCloudDirector":{}},"webTerminalOptions":{"enabled":false},"machineDeploymentVMResourceQuota":{"minCPU":2,"maxCPU":32,"minRAM":2,"maxRAM":128,"enableGPU":false},"machineDeploymentOptions":{},"annotations":{"hiddenAnnotations":["kubectl.kubernetes.io/last-applied-configuration","kubermatic.io/initial-application-installations-request","kubermatic.io/initial-machinedeployment-request","kubermatic.io/initial-cni-values-request"],"protectedAnnotations":["presetName"]}}`,
httpStatus: http.StatusOK,
existingKubermaticObjs: []ctrlruntimeclient.Object{genUser("Bob", "[email protected]", true)},
existingAPIUser: test.GenDefaultAPIUser(),
Expand All @@ -116,7 +116,7 @@ func TestUpdateGlobalSettings(t *testing.T) {
{
name: "scenario 3: authorized user updates existing global settings",
body: `{"customLinks":[],"cleanupOptions":{"enabled":true,"enforced":true},"defaultNodeCount":100,"displayDemoInfo":false,"displayAPIDocs":false,"displayTermsOfService":true,"userProjectsLimit":10,"restrictProjectCreation":true,"restrictProjectDeletion":false,"defaultQuota":{"cpu":4,"storage":12},"machineDeploymentOptions":{}}`,
expectedResponse: `{"customLinks":[],"defaultNodeCount":100,"displayDemoInfo":false,"displayAPIDocs":false,"displayTermsOfService":true,"enableDashboard":false,"enableShareCluster":true,"enableOIDCKubeconfig":false,"enableEtcdBackup":true,"userProjectsLimit":10,"restrictProjectCreation":true,"restrictProjectDeletion":false,"enableExternalClusterImport":true,"cleanupOptions":{"enabled":true,"enforced":true},"opaOptions":{"enabled":true,"enforced":true},"mlaOptions":{"loggingEnabled":true,"loggingEnforced":true,"monitoringEnabled":true,"monitoringEnforced":true},"mlaAlertmanagerPrefix":"","mlaGrafanaPrefix":"","notifications":{},"providerConfiguration":{"openStack":{},"vmwareCloudDirector":{}},"defaultQuota":{"quota":{"cpu":2,"memory":5,"storage":10}},"machineDeploymentOptions":{},"annotations":{"hiddenAnnotations":["kubectl.kubernetes.io/last-applied-configuration","kubermatic.io/initial-application-installations-request","kubermatic.io/initial-machinedeployment-request"],"protectedAnnotations":["presetName"]}}`,
expectedResponse: `{"customLinks":[],"defaultNodeCount":100,"displayDemoInfo":false,"displayAPIDocs":false,"displayTermsOfService":true,"enableDashboard":false,"enableShareCluster":true,"enableOIDCKubeconfig":false,"enableEtcdBackup":true,"userProjectsLimit":10,"restrictProjectCreation":true,"restrictProjectDeletion":false,"enableExternalClusterImport":true,"cleanupOptions":{"enabled":true,"enforced":true},"opaOptions":{"enabled":true,"enforced":true},"mlaOptions":{"loggingEnabled":true,"loggingEnforced":true,"monitoringEnabled":true,"monitoringEnforced":true},"mlaAlertmanagerPrefix":"","mlaGrafanaPrefix":"","notifications":{},"providerConfiguration":{"openStack":{},"vmwareCloudDirector":{}},"defaultQuota":{"quota":{"cpu":2,"memory":5,"storage":10}},"machineDeploymentOptions":{},"annotations":{"hiddenAnnotations":["kubectl.kubernetes.io/last-applied-configuration","kubermatic.io/initial-application-installations-request","kubermatic.io/initial-machinedeployment-request","kubermatic.io/initial-cni-values-request"],"protectedAnnotations":["presetName"]}}`,
httpStatus: http.StatusOK,
existingKubermaticObjs: []ctrlruntimeclient.Object{genUser("Bob", "[email protected]", true),
test.GenDefaultGlobalSettings()},
Expand Down
6 changes: 5 additions & 1 deletion modules/web/src/app/shared/components/annotation-form/component.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ import {
Validators,
} from '@angular/forms';
import {DialogModeService} from '@app/core/services/dialog-mode';
import {KUBERNETES_ANNOTATION_VALUE_PATTERN_VALIDATOR} from '@app/shared/validators/others';
import {SettingsService} from '@core/services/settings';
import _ from 'lodash';
import {Observable, of, Subject, takeUntil} from 'rxjs';
Expand Down Expand Up @@ -143,7 +144,10 @@ export class AnnotationFormComponent implements OnInit, ControlValueAccessor, As
this.keyValidator.bind(this),
]),
],
value: [{value: value, disabled: isProtected}, Validators.compose([LabelFormValidators.labelValuePattern])],
value: [
{value: value, disabled: isProtected},
Validators.compose([KUBERNETES_ANNOTATION_VALUE_PATTERN_VALIDATOR]),
],
protected: [isProtected],
})
);
Expand Down
3 changes: 3 additions & 0 deletions modules/web/src/app/shared/components/annotation-form/template.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,9 @@
<mat-error *ngIf="annotation.get('value').errors?.validLabelValuePattern">
{{annotation.get('value').value}} not allowed.
</mat-error>
<mat-error *ngIf="annotation.get('value').errors?.pattern">
Must not start with ( or [ or &#125; or ) or |
</mat-error>
<mat-error *ngIf="annotation.get('value').errors?.validLabelValueLength">
{{annotation.get('value').value}} is too long.
</mat-error>
Expand Down
4 changes: 4 additions & 0 deletions modules/web/src/app/shared/validators/others.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,3 +36,7 @@ export const URL_PATTERN_VALIDATOR = Validators.pattern(
);
export const CBSL_SYNC_PERIOD = Validators.pattern('^(0|([0-9]{1,2}m)?[0-9]{1,2}s)$');
export const Cluster_BACKUP_EXPIRES_IN = Validators.pattern('^(0|[0-9]{1,2}h?[0-9]{1,2}m?[0-9]{1,2}s)$');

// String shouldn't start with ( or [ or } or ) or |
export const KUBERNETES_ANNOTATION_VALUE_PATTERN = '^[^(})|\\[]*';
export const KUBERNETES_ANNOTATION_VALUE_PATTERN_VALIDATOR = Validators.pattern(KUBERNETES_ANNOTATION_VALUE_PATTERN);

0 comments on commit 95591cc

Please sign in to comment.