Priority
(Medium) I'm annoyed but I'll live
Description
The OCI image-replication regex in internal/ocimirror/ociref.go:13 treats any YAML key named image: as a container reference. Because \s+ consumes newlines and [^\s"']+ doesn't exclude :, an image: key opening a nested YAML map captures the next key as the "reference":
container:
properties:
image:
properties:
name: { type: keyword }
This happens with any chart shipping a CRD that declares image as a field name, e.g. an OpenSearchCluster indexTemplates mapping describing OTLP container.image.{name,tag} fields.
Reproduction steps
1. Deploy a Plugin whose chart renders a CRD with image as a field name in a nested map (no inline value), e.g. OpenSearchCluster indexTemplates with OTLP container.image.* mapping.
2. Trigger a reconcile
3. Observe Plugin.status.statusConditions[type=HelmReleaseCreated].status: False with
ImageReplicationFailedReason. Helm release does not upgrade.
Manifests
apiVersion: greenhouse.sap/v1alpha1
kind: Plugin
spec:
pluginDefinition: opensearch
optionValues:
- name: cluster.indexTemplates
value:
- name: logs-index-template
templateSpec:
mappings:
properties:
container:
properties:
image:
properties:
name: { type: keyword }
tag: { type: keyword }Screenshots
Priority
(Medium) I'm annoyed but I'll live
Description
The OCI image-replication regex in internal/ocimirror/ociref.go:13 treats any YAML key named
image:as a container reference. Because\s+consumes newlines and[^\s"']+doesn't exclude:, an image: key opening a nested YAML map captures the next key as the "reference":This happens with any chart shipping a CRD that declares image as a field name, e.g. an OpenSearchCluster indexTemplates mapping describing OTLP container.image.{name,tag} fields.
Reproduction steps
Manifests
Screenshots
