added validation of application names to prevent conflicts at a later

stage with genrated resource names. The Server resource names will use the -pNNNN suffix to indicates a linkerd Server resource for port NNNN
2025-01-19 17:08:12 +01:00 · 2025-01-19 17:08:12 +01:00 · c9022a8036
commit c9022a8036
parent 60ebbf0ef4
3 changed files with 32 additions and 6 deletions
--- a/cmd/policygen/config.go
+++ b/cmd/policygen/config.go
@ -4,7 +4,7 @@ import (
 	"bytes"
 	"errors"
 	"fmt"
-	"github.com/goccy/go-yaml"
+	yaml "github.com/goccy/go-yaml"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"net"
 	"os"
@ -49,7 +49,7 @@ type Port struct {

 // Network represents each network entry in the YAML
 type Network struct {
-	Name   string `yaml:"name" validate:"required"`
+	Name   string `yaml:"name" validate:"required,applicationName"`
 	CIDR   CIDR   `yaml:"cidr"`
 	Except []CIDR `yaml:"except,omitempty" validate:"dive,required"`
 	Ports  []Port `yaml:"ports,omitempty"  validate:"dive,required"`
@ -62,7 +62,7 @@ type MatchExpression struct {
 }

 type Application struct {
-	Name        string            `yaml:"name"`
+	Name        string            `yaml:"name" validate:"required,applicationName"`
 	Ports       []Port            `yaml:"ports,omitempty"`
 	MatchLabels map[string]string `yaml:"matchLabels"`
 	//MatchExpressions []MatchExpression `yaml:"matchExpressions" validate:"omitempty,dive"`
@ -80,7 +80,10 @@ func (a Application) Selector() *metav1.LabelSelector {

 type Namespace struct {
 	Name string `yaml:"name"`
+	// Open closed for network policies
 	Open bool `yaml:"open"`
+	// service mesh, authorized True or not (allow anything)
+	Authorized   bool           `yaml:"authorized"`
 	Capabilities []string       `yaml:"capabilities"`
 	Applications []*Application `yaml:"applications" validate:"dive,required"`
 }
--- a/cmd/policygen/validator.go
+++ b/cmd/policygen/validator.go
@ -4,8 +4,9 @@ import (
 	"fmt"
 	"github.com/go-playground/locales/en"
 	ut "github.com/go-playground/universal-translator"
-	"github.com/go-playground/validator/v10"
+	validator "github.com/go-playground/validator/v10"
 	en_translations "github.com/go-playground/validator/v10/translations/en"
+	"regexp"
 )

 type Validator struct {
@ -30,6 +31,12 @@ var translations = map[string]Translation{
 			return []any{fe.Namespace(), fe.Param(), fe.Value()}
 		},
 	},
+	"applicationName": {
+		"{0} must not end with -p[0-9]+$ to prevent conflicts with generated resource names",
+		func(fe validator.FieldError) []any {
+			return []any{fe.Namespace()}
+		},
+	},
 }

 type TranslatedFieldError struct {
@ -48,8 +55,21 @@ func (e TranslatedFieldError) Error() string {
 	return e.msg
 }

+func applicationNameValidator(fl validator.FieldLevel) bool {
+	// Get the field's value as string
+	value := fl.Field().String()
+	regexString := "-p[0-9]+$"
+	regex, err := regexp.Compile(regexString)
+	if err != nil {
+		// programming error
+		panic(err)
+	}
+	return !regex.MatchString(value)
+}
+
 func NewValidator() (*Validator, error) {
 	validate := validator.New(validator.WithRequiredStructEnabled())
+	validate.RegisterValidation("applicationName", applicationNameValidator)
 	language := en.New()
 	translator := ut.New(language, language)
 	trans, ok := translator.GetTranslator("en")
--- a/example/config.yaml
+++ b/example/config.yaml
@ -16,6 +16,9 @@ namespaces:
  - name: openns
    open: true
    applications:
+      - name: myapp
+        matchLabels:
+          app: myapp
      - name: openapp
        ports:
          - port: 100