fix: Enforce maximum constraint template name length of 63 chars #248
Conversation
maxsmythe
force-pushed
the
max-ct-name-length
branch
2 times, most recently
from
f75cc38
to
fefb11a
Compare
This is provided by controller runtime, but we want to double-check this doesn't regress. Fixes open-policy-agent#116 Signed-off-by: Max Smythe <smythe@google.com>
maxsmythe
force-pushed
the
max-ct-name-length
branch
from
fefb11a
to
85d1909
Compare
| @@ -294,6 +294,15 @@ func TestClient_AddTemplate(t *testing.T) { | |||
| wantHandled: map[string]bool{handlertest.TargetName: true}, | |||
| wantError: nil, | |||
| }, | |||
| { | |||
| name: "Long name", | |||
There was a problem hiding this comment.
You are adding a test here, where are you adding the validation?
If at most 63 characters, then ConstraintTemplateNames can be up to 253-63=190 characters long.
There was a problem hiding this comment.
The validation is already happening on K8's side, since CRD kinds have a maximum size limit. This is just double checking that the check remains in place.
There was a problem hiding this comment.
i.e. the apiextension validation code we're calling performs this check
There was a problem hiding this comment.
I thought Constraints have a maximum name length of 63 chars, not constraint template. This test is throwing an error if the template name is greater than 63 chars?
There was a problem hiding this comment.
They both need to have a max name length of 63 chars (this comes from the *PodStatus objects. Because constraint template names -> constraint CRD kinds, k8s is already enforcing this limit for us.
There was a problem hiding this comment.
Will's comment in the issue confused me
If at most 63 characters, then ConstraintTemplateNames can be up to 253-63=190 characters long.
There was a problem hiding this comment.
yeah, I don't think we knew the validation code was being activated regardless
Gatekeeper breaks with longer template names.
Fixes #116
Signed-off-by: Max Smythe smythe@google.com