Skip to content

🌱 Ensure BMH name is a valid DNS label #2636

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
nerok wants to merge 1 commit into
base: main
Choose a base branch
from
Open

🌱 Ensure BMH name is a valid DNS label #2636

nerok wants to merge 1 commit into from

Conversation

@nerok
Copy link
Contributor

@nerok nerok commented Aug 26, 2025

What this PR does / why we need it:
We don't want anyone to create a BMH with a name which isn't a compliant DNS hostname, that will cause issues.

Which issue(s) this PR fixes:
Fixes parts of #855

@metal3-io-bot
Copy link
Contributor

metal3-io-bot commented Aug 26, 2025

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign dtantsur for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@metal3-io-bot metal3-io-bot added the needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. label Aug 26, 2025
@metal3-io-bot
Copy link
Contributor

metal3-io-bot commented Aug 26, 2025

Hi @nerok. Thanks for your PR.

I'm waiting for a metal3-io member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@metal3-io-bot metal3-io-bot added the size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. label Aug 26, 2025
@nerok nerok mentioned this pull request Aug 26, 2025
Open
21 tasks
zaneb
zaneb reviewed Aug 26, 2025
View reviewed changes
internal/webhooks/metal3.io/v1alpha1/baremetalhost_validation.go Outdated

func validateBMHName(bmhname string) error {
invalidname, _ := regexp.MatchString(`[^A-Za-z0-9\.\-\_]`, bmhname)
invalidname, _ := regexp.MatchString(`[^A-Za-z0-9\-]`, bmhname)
Copy link
Member

@zaneb zaneb Aug 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is more to validating a DNS name than this; e.g. it cannot start or end with a -, should be no more than 63 characters.

I suggest calling this function to validate it.

Copy link
Contributor Author

@nerok nerok Aug 27, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changed to that function now, some tests needed changes, and otherwise I added (maybe too many) tests to validate that we check what we think we check.

@tuminoid
Copy link
Member

tuminoid commented Aug 27, 2025

/ok-to-test

@metal3-io-bot metal3-io-bot added ok-to-test Indicates a non-member PR verified by an org member that is safe to test. and removed needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Aug 27, 2025
@nerok nerok force-pushed the validate-dns-hostname branch from af3791d to 1949fc3 Compare August 27, 2025 17:56
@metal3-io-bot metal3-io-bot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. and removed size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Aug 27, 2025
@nerok nerok changed the title 🌱 Ensure BMH name is a valid DNS hostname 🌱 Ensure BMH name is a valid DNS label Aug 27, 2025
tuminoid
tuminoid reviewed Sep 3, 2025
View reviewed changes
Copy link
Member

@tuminoid tuminoid left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm
/cc @dtantsur @zaneb

Btw, can we break existing installations by validating and failing this now, or did we have some other runtime check doing the same?

@metal3-io-bot metal3-io-bot added the lgtm Indicates that a PR is ready to be merged. label Sep 3, 2025
@zaneb
Copy link
Member

zaneb commented Sep 3, 2025

Btw, can we break existing installations by validating and failing this now, or did we have some other runtime check doing the same?

CR names are actually already validated against IsDNS1123Subdomain(). And we already forbid .. So the only actual change is limiting the length to 63 I think?

Ideally we would only call this from ValidateCreate() though, so it would only affects new BMHs, not existing ones.
validateHost() is called from validateChanges() as well.

@nerok
Copy link
Contributor Author

nerok commented Sep 3, 2025

Should the length check be moved to ValidateCreate then, so it isn't ran on changes? Or should validateChanges pick that error out and rather log it? Those are the alternatives I could come up with

@zaneb
Copy link
Member

zaneb commented Sep 3, 2025

I think moving it to validateCreate makes sense

@nerok nerok force-pushed the validate-dns-hostname branch from 1949fc3 to f48f68c Compare September 10, 2025 18:11
@metal3-io-bot metal3-io-bot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed lgtm Indicates that a PR is ready to be merged. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Sep 10, 2025
@nerok nerok force-pushed the validate-dns-hostname branch from f48f68c to 3846355 Compare September 10, 2025 18:15
@nerok
Ensure BMH name is a valid DNS hostname
b1f82c9 
Signed-off-by: Didrik Frimann Barroso Koren <[email protected]>
@nerok nerok force-pushed the validate-dns-hostname branch from 3846355 to b1f82c9 Compare September 10, 2025 18:16
@nerok
Copy link
Contributor Author

nerok commented Sep 10, 2025

It got a lot more complicated to ignore or reimplement the validations, so I think this solution was simple enough.

tuminoid
tuminoid reviewed Sep 15, 2025
View reviewed changes
Copy link
Member

@tuminoid tuminoid left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm
/cc @zaneb

@metal3-io-bot metal3-io-bot added the lgtm Indicates that a PR is ready to be merged. label Sep 15, 2025
@MahnoorAsghar
Copy link
Contributor

MahnoorAsghar commented Sep 25, 2025

(LGTM)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tuminoid tuminoid tuminoid left review comments

@kashifest kashifest Awaiting requested review from kashifest

@dtantsur dtantsur Awaiting requested review from dtantsur

@zaneb zaneb Awaiting requested review from zaneb

+1 more reviewer

@MahnoorAsghar MahnoorAsghar MahnoorAsghar left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

lgtm Indicates that a PR is ready to be merged. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@nerok @metal3-io-bot @tuminoid @zaneb @MahnoorAsghar