Merge pull request #124 from gkarthiks/master

Validate anchor names are RFC 1123 labels

Author: k8s-ci-robot

internal/anchor/validator.go

@@ -3,10 +3,12 @@ package anchor
 import (
 	"context"
 	"fmt"
+	"strings"
 
 	"github.com/go-logr/logr"
 	k8sadm "k8s.io/api/admission/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/util/validation"
 	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
 
 	api "sigs.k8s.io/hierarchical-namespaces/api/v1alpha2"
@@ -77,6 +79,12 @@ func (v *Validator) handle(req *anchorRequest) admission.Response {
 	cnm := req.anchor.Name
 	cns := v.Forest.Get(cnm)
 
+	errStrs := validation.IsDNS1123Label(cnm)
+	if len(errStrs) != 0 {
+		msg := fmt.Sprintf("Subnamespace %s is not a valid namespace name: %s", cnm, strings.Join(errStrs, "; "))
+		return webhooks.Deny(metav1.StatusReasonInvalid, msg)
+	}
+
 	switch req.op {
 	case k8sadm.Create:
 		// Can't create subnamespaces in unmanaged namespaces

internal/anchor/validator_test.go

@@ -31,6 +31,7 @@ func TestCreateSubnamespaces(t *testing.T) {
 		{name: "with an existing ns name (the ns is not a subnamespace of it)", pnm: "c", cnm: "b", fail: true},
 		{name: "for existing non-subns child", pnm: "a", cnm: "c", fail: true},
 		{name: "for existing subns", pnm: "a", cnm: "b"},
+		{name: "for non DNS label compliant child", pnm: "a", cnm: "child.01", fail: true},
 	}
 	for _, tc := range tests {
 		t.Run(tc.name, func(t *testing.T) {