fix: schema validation for registry and mirror URL

supershal · supershal · commit f38fafb135d3 · 2024-01-26T12:05:36.000-08:00
diff --git a/api/v1alpha1/clusterconfig_types.go b/api/v1alpha1/clusterconfig_types.go
@@ -266,7 +266,7 @@ func (ImageCredentials) VariableSchema() clusterv1.VariableSchema {
 						},
 						"namespace": {
 							Description: "The namespace of the Secret containing the registry credentials. " +
-								"Defaults to the namespace of the KubeadmControlPlaneTemplate and KubeadmConfigTemplate" +
+								"Defaults to the namespace of the KubeadmControlPlaneTemplate and KubeadmConfigTemplate " +
 								"that reference this variable.",
 							Type: "string",
 						},
@@ -295,6 +295,8 @@ func (GlobalImageRegistryMirror) VariableSchema() clusterv1.VariableSchema {
 				"url": {
 					Description: "Registry mirror URL.",
 					Type:        "string",
+					Format:      "uri",
+					Pattern:     "^https?://",
 				},
 				"credentials": ImageCredentials{}.VariableSchema().OpenAPIV3Schema,
 			},
@@ -320,6 +322,8 @@ func (ImageRegistry) VariableSchema() clusterv1.VariableSchema {
 				"url": {
 					Description: "Registry URL.",
 					Type:        "string",
+					Format:      "uri",
+					Pattern:     "^https?://",
 				},
 				"credentials": ImageCredentials{}.VariableSchema().OpenAPIV3Schema,
 			},
diff --git a/docs/content/customization/generic/global-mirror.md b/docs/content/customization/generic/global-mirror.md
@@ -17,7 +17,7 @@ If your registry mirror requires a private or self-signed CA certificate,
 create a Kubernetes Secret with the `ca.crt` key populated with the CA certificate in PEM format:
 
 ```shell
-kubectl create secret generic my-mirror-ca-cert-secret \
+kubectl create secret generic my-mirror-ca-cert \
   --from-file=ca.crt=registry-ca.crt
 ```
 
@@ -35,7 +35,7 @@ spec:
             url: https://my-mirror.io
             credentials:
               secretRef:
-                name: my-mirror-ca-cert-secret
+                name: my-mirror-ca-cert
 ```
 
 Applying this configuration will result in following new files on the
diff --git a/pkg/handlers/generic/mutation/imageregistries/credentials/inject.go b/pkg/handlers/generic/mutation/imageregistries/credentials/inject.go
@@ -84,7 +84,8 @@ func (h *imageRegistriesPatchHandler) Mutate(
 
 	// TODO: Add support for multiple registries.
 	if len(imageRegistries) > 1 {
-		return fmt.Errorf("multiple Image Registry are not supported at this time")
+		return fmt.Errorf("multiple Image Registry are not supported at this time. "+
+			"Provide a single registry entry for %s variable", imageregistries.VariableName)
 	}
 
 	imageRegistry := imageRegistries[0]
diff --git a/pkg/handlers/generic/mutation/imageregistries/credentials/variables_test.go b/pkg/handlers/generic/mutation/imageregistries/credentials/variables_test.go
@@ -36,7 +36,7 @@ func TestVariableValidation(t *testing.T) {
 			Vals: v1alpha1.GenericClusterConfig{
 				ImageRegistries: []v1alpha1.ImageRegistry{
 					{
-						URL: "http://a.b.c.example.com",
+						URL: "https://a.b.c.example.com/a/b/c",
 						Credentials: &v1alpha1.ImageCredentials{
 							SecretRef: &corev1.ObjectReference{
 								Name: "a.b.c.example.com-creds",
@@ -46,5 +46,27 @@ func TestVariableValidation(t *testing.T) {
 				},
 			},
 		},
+		capitest.VariableTestDef{
+			Name: "invalid registry URL",
+			Vals: v1alpha1.GenericClusterConfig{
+				ImageRegistries: []v1alpha1.ImageRegistry{
+					{
+						URL: "unsupportedformat://a.b.c.example.com",
+					},
+				},
+			},
+			ExpectError: true,
+		},
+		capitest.VariableTestDef{
+			Name: "registry URL without format",
+			Vals: v1alpha1.GenericClusterConfig{
+				ImageRegistries: []v1alpha1.ImageRegistry{
+					{
+						URL: "a.b.c.example.com/a/b/c",
+					},
+				},
+			},
+			ExpectError: true,
+		},
 	)
 }
diff --git a/pkg/handlers/generic/mutation/mirrors/variables_test.go b/pkg/handlers/generic/mutation/mirrors/variables_test.go
@@ -42,5 +42,23 @@ func TestVariableValidation(t *testing.T) {
 				},
 			},
 		},
+		capitest.VariableTestDef{
+			Name: "invalid mirror registry URL",
+			Vals: v1alpha1.GenericClusterConfig{
+				GlobalImageRegistryMirror: &v1alpha1.GlobalImageRegistryMirror{
+					URL: "unsupportedformat://a.b.c.example.com",
+				},
+			},
+			ExpectError: true,
+		},
+		capitest.VariableTestDef{
+			Name: "mirror URL without format",
+			Vals: v1alpha1.GenericClusterConfig{
+				GlobalImageRegistryMirror: &v1alpha1.GlobalImageRegistryMirror{
+					URL: "a.b.c.example.com/a/b/c",
+				},
+			},
+			ExpectError: true,
+		},
 	)
 }

Original file line number	Diff line number	Diff line change
`@@ -84,7 +84,8 @@ func (h *imageRegistriesPatchHandler) Mutate(`
`84`	`84`
`85`	`85`	`// TODO: Add support for multiple registries.`
`86`	`86`	`if len(imageRegistries) > 1 {`
`87`		`- return fmt.Errorf("multiple Image Registry are not supported at this time")`
	`87`	`+ return fmt.Errorf("multiple Image Registry are not supported at this time. "+`
	`88`	`+ "Provide a single registry entry for %s variable", imageregistries.VariableName)`
`88`	`89`	`}`
`89`	`90`
`90`	`91`	`imageRegistry := imageRegistries[0]`