Disallow performing CRUD on functions with invalid name (k8s naming c…

…onvention) (#1156)
nuclio · Feb 25, 2019 · bcd46ee · bcd46ee
1 parent e203693
commit bcd46ee
Show file tree

Hide file tree

Showing 3 changed files with 49 additions and 0 deletions.
diff --git a/pkg/dashboard/resource/function.go b/pkg/dashboard/resource/function.go
@@ -22,6 +22,7 @@ import (
 	"io/ioutil"
 	"net/http"
 	"runtime/debug"
+	"strings"
 	"time"
 
 	"github.com/nuclio/nuclio/pkg/dashboard"
@@ -31,6 +32,7 @@ import (
 	"github.com/nuclio/nuclio/pkg/restful"
 
 	"github.com/nuclio/nuclio-sdk-go"
+	"k8s.io/apimachinery/pkg/util/validation"
 )
 
 type functionResource struct {
@@ -336,6 +338,13 @@ func (fr *functionResource) getFunctionInfoFromRequest(request *http.Request) (*
 		return nil, nuclio.WrapErrBadRequest(err)
 	}
 
+	// validate function name is according to k8s convention
+	errorMessages := validation.IsQualifiedName(functionInfoInstance.Meta.Name)
+	if len(errorMessages) != 0 {
+		joinedErrorMessage := strings.Join(errorMessages, ", ")
+		return nil, nuclio.NewErrBadRequest("Function name doesn't conform to k8s naming convention. Errors: " + joinedErrorMessage)
+	}
+
 	// add project name label if given via header
 	projectName := request.Header.Get("x-nuclio-project-name")
 	if projectName != "" {

diff --git a/pkg/dashboard/test/server_test.go b/pkg/dashboard/test/server_test.go
@@ -540,6 +540,37 @@ func (suite *functionTestSuite) TestCreateWithExistingName() {
 	suite.sendRequestWithExistingName("POST")
 }
 
+func (suite *functionTestSuite) TestCreateFunctionWithInvalidName() {
+	body := `{
+	"metadata": {
+		"namespace": "f1Namespace",
+		"name": "!funcmylif&"
+	},
+	"spec": {
+		"resources": {},
+		"build": {},
+		"platform": {},
+		"runtime": "r1"
+	}
+}`
+	headers := map[string]string{
+		"x-nuclio-wait-function-action": "true",
+	}
+
+	expectedStatusCode := http.StatusBadRequest
+	ecv := restful.NewErrorContainsVerifier(suite.logger, []string{"Function name doesn't conform to k8s naming convention"})
+	requestBody := body
+
+	suite.sendRequest("POST",
+		"/api/functions",
+		headers,
+		bytes.NewBufferString(requestBody),
+		&expectedStatusCode,
+		ecv.Verify)
+
+	suite.mockPlatform.AssertExpectations(suite.T())
+}
+
 func (suite *functionTestSuite) TestUpdateSuccessful() {
 	suite.T().Skip("Update not supported")
 

diff --git a/pkg/platform/kube/controller/nucliofunction.go b/pkg/platform/kube/controller/nucliofunction.go
@@ -18,6 +18,7 @@ package controller
 
 import (
 	"context"
+	"strings"
 	"time"
 
 	"github.com/nuclio/nuclio/pkg/errors"
@@ -29,6 +30,7 @@ import (
 	"github.com/nuclio/logger"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/util/validation"
 	"k8s.io/apimachinery/pkg/watch"
 	"k8s.io/client-go/tools/cache"
 )
@@ -79,6 +81,13 @@ func (fo *functionOperator) CreateOrUpdate(ctx context.Context, object runtime.O
 		return fo.setFunctionError(nil, errors.New("Received unexpected object, expected function"))
 	}
 
+	// validate function name is according to k8s convention
+	errorMessages := validation.IsQualifiedName(function.Name)
+	if len(errorMessages) != 0 {
+		joinedErrorMessage := strings.Join(errorMessages, ", ")
+		return errors.New("Function name doesn't conform to k8s naming convention. Errors: " + joinedErrorMessage)
+	}
+
 	// only respond to functions which are either waiting for resource configuration or are ready. We respond to
 	// ready functions as part of controller resyncs, where we verify that a given function CRD has its resources
 	// properly configured