Ensure BMH name is a valid DNS hostname

Signed-off-by: Didrik Frimann Barroso Koren <[email protected]>

Author: nerok

internal/webhooks/metal3.io/v1alpha1/baremetalhost_validation.go

@@ -20,7 +20,6 @@ import (
 	"fmt"
 	"net"
 	"net/url"
-	"regexp"
 	"slices"
 	"strings"
 
@@ -30,6 +29,7 @@ import (
 	corev1 "k8s.io/api/core/v1"
 	k8serrors "k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/runtime/schema"
+	k8svalidation "k8s.io/apimachinery/pkg/util/validation"
 )
 
 var (
@@ -61,7 +61,7 @@ func (webhook *BareMetalHost) validateHost(host *metal3api.BareMetalHost) []erro
 	errs = append(errs, validateBMCAccess(host.Spec, bmcAccess)...)
 
 	if err := validateBMHName(host.Name); err != nil {
-		errs = append(errs, err)
+		errs = append(errs, err...)
 	}
 
 	if err := validateDNSName(host.Spec.BMC.Address); err != nil {
@@ -183,18 +183,20 @@ func validateRAID(r *metal3api.RAIDConfig) []error {
 	return errs
 }
 
-func validateBMHName(bmhname string) error {
-	invalidname, _ := regexp.MatchString(`[^A-Za-z0-9\.\-\_]`, bmhname)
-	if invalidname {
-		return errors.New("BareMetalHost resource name cannot contain characters other than [A-Za-z0-9._-]")
-	}
-
+func validateBMHName(bmhname string) []error {
+	errorStrings := k8svalidation.IsDNS1123Label(bmhname)
 	_, err := uuid.Parse(bmhname)
+
+	errs := make([]error, 0, len(errorStrings)+1)
+
 	if err == nil {
-		return errors.New("BareMetalHost resource name cannot be a UUID")
+		errs = []error{errors.New("BareMetalHost resource name cannot be a UUID")}
+	}
+	for i := range errorStrings {
+		errs = append(errs, errors.New(errorStrings[i]))
 	}
 
-	return nil
+	return errs
 }
 
 func validateDNSName(hostaddress string) error {

internal/webhooks/metal3.io/v1alpha1/baremetalhost_validation_test.go

@@ -50,6 +50,11 @@ func TestValidateCreate(t *testing.T) {
 		Namespace: "test-namespace",
 	}
 
+	om2 := metav1.ObjectMeta{
+		Name:      "test-name",
+		Namespace: "test-namespace",
+	}
+
 	inom := metav1.ObjectMeta{
 		Name:      "test~",
 		Namespace: "test-namespace",
@@ -60,6 +65,26 @@ func TestValidateCreate(t *testing.T) {
 		Namespace: "test-namespace",
 	}
 
+	inom3 := metav1.ObjectMeta{
+		Name:      "-test",
+		Namespace: "test-namespace",
+	}
+
+	inom4 := metav1.ObjectMeta{
+		Name:      "test-",
+		Namespace: "test-namespace",
+	}
+
+	inom5 := metav1.ObjectMeta{
+		Name:      "CapitalizedTest",
+		Namespace: "test-namespace",
+	}
+
+	inom6 := metav1.ObjectMeta{
+		Name:      "verylongnamewhichshouldreachjustpastthelengthlimitof63characters",
+		Namespace: "test-namespace",
+	}
+
 	enable := true
 
 	// for RAID validation test cases
@@ -77,6 +102,12 @@ func TestValidateCreate(t *testing.T) {
 			oldBMH:    nil,
 			wantedErr: "",
 		},
+		{
+			name:      "valid2",
+			newBMH:    &metal3api.BareMetalHost{TypeMeta: tm, ObjectMeta: om2, Spec: metal3api.BareMetalHostSpec{}},
+			oldBMH:    nil,
+			wantedErr: "",
+		},
 		{
 			name:      "validExternallyProvisioned",
 			newBMH:    &metal3api.BareMetalHost{TypeMeta: tm, ObjectMeta: om, Spec: metal3api.BareMetalHostSpec{ExternallyProvisioned: true}},
@@ -86,14 +117,38 @@ func TestValidateCreate(t *testing.T) {
 			name:      "invalidName",
 			newBMH:    &metal3api.BareMetalHost{TypeMeta: tm, ObjectMeta: inom, Spec: metal3api.BareMetalHostSpec{}},
 			oldBMH:    nil,
-			wantedErr: "BareMetalHost resource name cannot contain characters other than [A-Za-z0-9._-]",
+			wantedErr: "a lowercase RFC 1123 label must consist of lower case alphanumeric characters or '-', and must start and end with an alphanumeric character (e.g. 'my-name',  or '123-abc', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?')",
 		},
 		{
 			name:      "invalidName2",
 			newBMH:    &metal3api.BareMetalHost{TypeMeta: tm, ObjectMeta: inom2, Spec: metal3api.BareMetalHostSpec{}},
 			oldBMH:    nil,
 			wantedErr: "BareMetalHost resource name cannot be a UUID",
 		},
+		{
+			name:      "invalidName3LeadingHyphen",
+			newBMH:    &metal3api.BareMetalHost{TypeMeta: tm, ObjectMeta: inom3, Spec: metal3api.BareMetalHostSpec{}},
+			oldBMH:    nil,
+			wantedErr: "a lowercase RFC 1123 label must consist of lower case alphanumeric characters or '-', and must start and end with an alphanumeric character (e.g. 'my-name',  or '123-abc', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?')",
+		},
+		{
+			name:      "invalidName4TrailingHyphen",
+			newBMH:    &metal3api.BareMetalHost{TypeMeta: tm, ObjectMeta: inom4, Spec: metal3api.BareMetalHostSpec{}},
+			oldBMH:    nil,
+			wantedErr: "a lowercase RFC 1123 label must consist of lower case alphanumeric characters or '-', and must start and end with an alphanumeric character (e.g. 'my-name',  or '123-abc', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?')",
+		},
+		{
+			name:      "invalidName5CapitalChars",
+			newBMH:    &metal3api.BareMetalHost{TypeMeta: tm, ObjectMeta: inom5, Spec: metal3api.BareMetalHostSpec{}},
+			oldBMH:    nil,
+			wantedErr: "a lowercase RFC 1123 label must consist of lower case alphanumeric characters or '-', and must start and end with an alphanumeric character (e.g. 'my-name',  or '123-abc', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?')",
+		},
+		{
+			name:      "invalidName6LengthLimitOf63",
+			newBMH:    &metal3api.BareMetalHost{TypeMeta: tm, ObjectMeta: inom6, Spec: metal3api.BareMetalHostSpec{}},
+			oldBMH:    nil,
+			wantedErr: "must be no more than 63 characters",
+		},
 		{
 			name: "invalidRAID",
 			newBMH: &metal3api.BareMetalHost{
@@ -863,6 +918,8 @@ func TestValidateCreate(t *testing.T) {
 		{
 			name: "disablePowerOff",
 			newBMH: &metal3api.BareMetalHost{
+				TypeMeta:   tm,
+				ObjectMeta: om,
 				Spec: metal3api.BareMetalHostSpec{
 					DisablePowerOff: true,
 					Online:          true,