Skip to content

Commit 612fa13

Browse files
enxebreenxebre
committed
Add max length validation for apiserver namedCertificates
The addition of maxLength check is a fix itself. In addition this will help hcp validations to contain cel validation budget
1 parent f5e205b commit 612fa13

12 files changed

+652
-0
lines changed

config/v1/tests/apiservers.config.openshift.io/APIServerServingCerts.yaml

Lines changed: 630 additions & 0 deletions
Large diffs are not rendered by default.

config/v1/types_apiserver.go

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -155,6 +155,7 @@ type APIServerServingCerts struct {
155155
// the defaultServingCertificate will be used.
156156
// +optional
157157
// +listType=atomic
158+
// +kubebuilder:validation:MaxItems=100
158159
NamedCertificates []APIServerNamedServingCert `json:"namedCertificates,omitempty"`
159160
}
160161

@@ -165,6 +166,7 @@ type APIServerNamedServingCert struct {
165166
// Exact names trump over wildcard names. Explicit names defined here trump over extracted implicit names.
166167
// +optional
167168
// +listType=atomic
169+
// +kubebuilder:validation:MaxItems=100
168170
Names []string `json:"names,omitempty"`
169171
// servingCertificate references a kubernetes.io/tls type secret containing the TLS cert info for serving secure traffic.
170172
// The secret must exist in the openshift-config namespace and contain the following required fields:

config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-CustomNoUpgrade.crd.yaml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -270,6 +270,7 @@ spec:
270270
Exact names trump over wildcard names. Explicit names defined here trump over extracted implicit names.
271271
items:
272272
type: string
273+
maxItems: 100
273274
type: array
274275
x-kubernetes-list-type: atomic
275276
servingCertificate:
@@ -287,6 +288,7 @@ spec:
287288
- name
288289
type: object
289290
type: object
291+
maxItems: 100
290292
type: array
291293
x-kubernetes-list-type: atomic
292294
type: object

config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-Default.crd.yaml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -201,6 +201,7 @@ spec:
201201
Exact names trump over wildcard names. Explicit names defined here trump over extracted implicit names.
202202
items:
203203
type: string
204+
maxItems: 100
204205
type: array
205206
x-kubernetes-list-type: atomic
206207
servingCertificate:
@@ -218,6 +219,7 @@ spec:
218219
- name
219220
type: object
220221
type: object
222+
maxItems: 100
221223
type: array
222224
x-kubernetes-list-type: atomic
223225
type: object

config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-DevPreviewNoUpgrade.crd.yaml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -270,6 +270,7 @@ spec:
270270
Exact names trump over wildcard names. Explicit names defined here trump over extracted implicit names.
271271
items:
272272
type: string
273+
maxItems: 100
273274
type: array
274275
x-kubernetes-list-type: atomic
275276
servingCertificate:
@@ -287,6 +288,7 @@ spec:
287288
- name
288289
type: object
289290
type: object
291+
maxItems: 100
290292
type: array
291293
x-kubernetes-list-type: atomic
292294
type: object

config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-TechPreviewNoUpgrade.crd.yaml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -270,6 +270,7 @@ spec:
270270
Exact names trump over wildcard names. Explicit names defined here trump over extracted implicit names.
271271
items:
272272
type: string
273+
maxItems: 100
273274
type: array
274275
x-kubernetes-list-type: atomic
275276
servingCertificate:
@@ -287,6 +288,7 @@ spec:
287288
- name
288289
type: object
289290
type: object
291+
maxItems: 100
290292
type: array
291293
x-kubernetes-list-type: atomic
292294
type: object

config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/AAA_ungated.yaml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -201,6 +201,7 @@ spec:
201201
Exact names trump over wildcard names. Explicit names defined here trump over extracted implicit names.
202202
items:
203203
type: string
204+
maxItems: 100
204205
type: array
205206
x-kubernetes-list-type: atomic
206207
servingCertificate:
@@ -218,6 +219,7 @@ spec:
218219
- name
219220
type: object
220221
type: object
222+
maxItems: 100
221223
type: array
222224
x-kubernetes-list-type: atomic
223225
type: object

config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/KMSEncryptionProvider.yaml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -270,6 +270,7 @@ spec:
270270
Exact names trump over wildcard names. Explicit names defined here trump over extracted implicit names.
271271
items:
272272
type: string
273+
maxItems: 100
273274
type: array
274275
x-kubernetes-list-type: atomic
275276
servingCertificate:
@@ -287,6 +288,7 @@ spec:
287288
- name
288289
type: object
289290
type: object
291+
maxItems: 100
290292
type: array
291293
x-kubernetes-list-type: atomic
292294
type: object

payload-manifests/crds/0000_10_config-operator_01_apiservers-CustomNoUpgrade.crd.yaml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -270,6 +270,7 @@ spec:
270270
Exact names trump over wildcard names. Explicit names defined here trump over extracted implicit names.
271271
items:
272272
type: string
273+
maxItems: 100
273274
type: array
274275
x-kubernetes-list-type: atomic
275276
servingCertificate:
@@ -287,6 +288,7 @@ spec:
287288
- name
288289
type: object
289290
type: object
291+
maxItems: 100
290292
type: array
291293
x-kubernetes-list-type: atomic
292294
type: object

payload-manifests/crds/0000_10_config-operator_01_apiservers-Default.crd.yaml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -201,6 +201,7 @@ spec:
201201
Exact names trump over wildcard names. Explicit names defined here trump over extracted implicit names.
202202
items:
203203
type: string
204+
maxItems: 100
204205
type: array
205206
x-kubernetes-list-type: atomic
206207
servingCertificate:
@@ -218,6 +219,7 @@ spec:
218219
- name
219220
type: object
220221
type: object
222+
maxItems: 100
221223
type: array
222224
x-kubernetes-list-type: atomic
223225
type: object

payload-manifests/crds/0000_10_config-operator_01_apiservers-DevPreviewNoUpgrade.crd.yaml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -270,6 +270,7 @@ spec:
270270
Exact names trump over wildcard names. Explicit names defined here trump over extracted implicit names.
271271
items:
272272
type: string
273+
maxItems: 100
273274
type: array
274275
x-kubernetes-list-type: atomic
275276
servingCertificate:
@@ -287,6 +288,7 @@ spec:
287288
- name
288289
type: object
289290
type: object
291+
maxItems: 100
290292
type: array
291293
x-kubernetes-list-type: atomic
292294
type: object

payload-manifests/crds/0000_10_config-operator_01_apiservers-TechPreviewNoUpgrade.crd.yaml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -270,6 +270,7 @@ spec:
270270
Exact names trump over wildcard names. Explicit names defined here trump over extracted implicit names.
271271
items:
272272
type: string
273+
maxItems: 100
273274
type: array
274275
x-kubernetes-list-type: atomic
275276
servingCertificate:
@@ -287,6 +288,7 @@ spec:
287288
- name
288289
type: object
289290
type: object
291+
maxItems: 100
290292
type: array
291293
x-kubernetes-list-type: atomic
292294
type: object

0 commit comments

Comments
 (0)