Skip to content

Raise an error when a component uses another component's name as library prefix#1320

Merged
simu merged 1 commit intomasterfrom
fix/component-lib-squatting
Mar 16, 2026
Merged

Raise an error when a component uses another component's name as library prefix#1320
simu merged 1 commit intomasterfrom
fix/component-lib-squatting

Conversation

@simu
Copy link
Member

@simu simu commented Mar 16, 2026
edited
Loading

Until now, Commodore's component library name validation only checked that each library is prefixed with the component's name. This isn't sufficient in some cases: for example if we have components foo and foo-operator, component foo was allowed to deploy a library foo-operator.libsonnet which could cause non-deterministic symlinking if component foo-operator also deployed the library foo-operator.libsonnet.

This PR introduces an additional check in the component library name validation which raises an error if a component deploys a library which is prefixed with another component's name.

Checklist

  • Keep pull requests small so they can be easily reviewed.
  • Update the documentation.
  • Update tests.
  • Categorize the PR by setting a good title and adding one of the labels:
    bug, enhancement, documentation, change, breaking, dependency, internal
    as they show up in the changelog

@simu simu requested a review from a team as a code owner March 16, 2026 09:29
@simu simu added the bug Something isn't working label Mar 16, 2026
@simu simu force-pushed the fix/component-lib-squatting branch from 94d7a17 to c057381 Compare March 16, 2026 09:32
@simu simu requested a review from a team March 16, 2026 09:32
@simu
Raise an error when a component uses another component's name as libr…
8a9fe85 
…ary prefix

Until now, Commodore's component library name validation only checked
that each library is prefixed with the component's name. This isn't
sufficient in some cases: for example if we have components `foo` and
`foo-operator`, component foo was allowed to deploy a library
`foo-operator.libsonnet` which could cause non-deterministic symlinking
if component `foo-operator` also deployed the library
`foo-operator.libsonnet`.

This commit introduces an additional check in the component library name
validation which raises an error if a component deploys a library which
is prefixed with another component's name.
@simu simu force-pushed the fix/component-lib-squatting branch from c057381 to 8a9fe85 Compare March 16, 2026 09:36
@simu simu merged commit a34edfb into master Mar 16, 2026
20 checks passed
@simu simu deleted the fix/component-lib-squatting branch March 16, 2026 10:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@DebakelOrakel DebakelOrakel DebakelOrakel approved these changes

Assignees

No one assigned

Labels

bug Something isn't working

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@simu @DebakelOrakel