-
Notifications
You must be signed in to change notification settings - Fork 4.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
lib: add validation package + DNS label validation #12535
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Assuming validation
can grow to mean anything
maybe let's rename the file lib/validation/dns.go
?
I left a comment in the mirrored ent PR, I think it could be useful to merge this into the |
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for moving this! Have two small requests
"foo-": false, | ||
"-foo-": false, | ||
"-foo-bar-": false, | ||
"no spaces allowed": false, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can we add cases for names that are at the boundary length-wise? 64 chars invalid, 63 chars valid
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sure, sounds good.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hah, this is actually really interesting. I pulled the pattern from the existing code in Enterprise and looking at it more closely, it clearly allows 64 characters when it should only allow 63 according to the RFC.
So, we just fixed a very nuanced bug. Good catch!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed now, but I want to leave this comment exposed for posterity since it's so fun.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice, this is why we test :P
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM assuming CI passes
🍒 If backport labels were added before merging, cherry-picking will start automatically. To retroactively trigger a backport after merging, add backport labels and re-run https://circleci.com/gh/hashicorp/consul/608309. |
For future work with mesh federation, we want to validate peer names as valid RFC 1123 DNS labels. This validation already exists, but only in Enterprise and we need the functionality in both OSS and Enterprise. So, I pulled it out and put it into a standalone package under
lib
.Note: the regex and tests are the same from the original code in Enterprise.
Ask for reviewers: Is this an ok place to put this? I'm also open to renaming things if it makes sense. I'll also link to the PRs in Enterprise that make use of this package and refactor the previous call sites to use this interface.
Notes to reviewers:
IsValidDNSLabel
and aRequireValidDNSLabel
to a) preserve existingbool
return + error messages and b) also allow validation rule to be returned to callers if need be -- this is how the mesh federation code does it.