Refactor of label validation function

This moves the function to a common area in the API code and adds
some much needed testing to it.

Author: Jonathan S. Katz

internal/apiserver/common.go

@@ -26,6 +26,7 @@ import (
 	kerrors "k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/api/resource"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/util/validation"
 )
 
 const (
@@ -44,6 +45,8 @@ var (
 	// ErrDBContainerNotFound is an error that indicates that a "database" container
 	// could not be found in a specific pod
 	ErrDBContainerNotFound = errors.New("\"database\" container not found in pod")
+	// ErrLabelInvalid indicates that a label is invalid
+	ErrLabelInvalid = errors.New("invalid label")
 	// ErrStandbyNotAllowed contains the error message returned when an API call is not
 	// permitted because it involves a cluster that is in standby mode
 	ErrStandbyNotAllowed = errors.New("Action not permitted because standby mode is enabled")
@@ -109,6 +112,60 @@ func IsValidPVC(pvcName, ns string) bool {
 	return pvc != nil
 }
 
+// ValidateLabel is derived from a legacy method and validates if the input is a
+// valid Kubernetes label.
+//
+// A label is composed of a key and value.
+//
+// The key can either be a name or have an optional prefix that i
+// terminated by a "/", e.g. "prefix/name"
+//
+// The name must be a valid DNS 1123 value
+// THe prefix must be a valid DNS 1123 subdomain
+//
+// The value can be validated by machinery provided by Kubenretes
+//
+// Ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
+func ValidateLabel(labelStr string) (map[string]string, error) {
+	labelMap := map[string]string{}
+
+	for _, v := range strings.Split(labelStr, ",") {
+		pair := strings.Split(v, "=")
+		if len(pair) != 2 {
+			return labelMap, fmt.Errorf("%w: label format incorrect, requires key=value", ErrLabelInvalid)
+		}
+
+		// first handle the key
+		keyParts := strings.Split(pair[0], "/")
+
+		switch len(keyParts) {
+		default:
+			return labelMap, fmt.Errorf("%w: invalid key for "+v, ErrLabelInvalid)
+		case 2:
+			if errs := validation.IsDNS1123Subdomain(keyParts[0]); len(errs) > 0 {
+				return labelMap, fmt.Errorf("%w: invalid key for %s: %s", ErrLabelInvalid, v, strings.Join(errs, ","))
+			}
+
+			if errs := validation.IsDNS1123Label(keyParts[1]); len(errs) > 0 {
+				return labelMap, fmt.Errorf("%w: invalid key for %s: %s", ErrLabelInvalid, v, strings.Join(errs, ","))
+			}
+		case 1:
+			if errs := validation.IsDNS1123Label(keyParts[0]); len(errs) > 0 {
+				return labelMap, fmt.Errorf("%w: invalid key for %s: %s", ErrLabelInvalid, v, strings.Join(errs, ","))
+			}
+		}
+
+		// handle the value
+		if errs := validation.IsValidLabelValue(pair[1]); len(errs) > 0 {
+			return labelMap, fmt.Errorf("%w: invalid value for %s: %s", ErrLabelInvalid, v, strings.Join(errs, ","))
+		}
+
+		labelMap[pair[0]] = pair[1]
+	}
+
+	return labelMap, nil
+}
+
 // ValidateResourceRequestLimit validates that a Kubernetes Requests/Limit pair
 // is valid, both by validating the values are valid quantity values, and then
 // by checking that the limit >= request. This also needs to check against the

internal/apiserver/common_test.go

@@ -16,11 +16,74 @@ limitations under the License.
 */
 
 import (
+	"errors"
+	"fmt"
+	"strings"
 	"testing"
 
 	"k8s.io/apimachinery/pkg/api/resource"
 )
 
+func TestValidateLabel(t *testing.T) {
+	t.Run("valid", func(t *testing.T) {
+		inputs := []map[string]string{
+			map[string]string{"key": "value"},
+			map[string]string{"example.com/key": "value"},
+			map[string]string{"key1": "value1", "key2": "value2"},
+		}
+
+		for _, input := range inputs {
+			labelStr := ""
+
+			for k, v := range input {
+				labelStr += fmt.Sprintf("%s=%s,", k, v)
+			}
+
+			labelStr = strings.Trim(labelStr, ",")
+
+			t.Run(labelStr, func(*testing.T) {
+				labels, err := ValidateLabel(labelStr)
+
+				if err != nil {
+					t.Fatalf("expected no error, got: %s", err.Error())
+				}
+
+				for k := range labels {
+					if v, ok := input[k]; !(ok || v == labels[k]) {
+						t.Fatalf("label values do not matched (%s vs. %s)", input[k], labels[k])
+					}
+				}
+			})
+		}
+	})
+
+	t.Run("invalid", func(t *testing.T) {
+		inputs := []string{
+			"key",
+			"key=value=value",
+			"key=value,",
+			"b@d=value",
+			"b@d-prefix/key=value",
+			"really/bad/prefix/key=value",
+			"key=v\\alue",
+		}
+
+		for _, input := range inputs {
+			t.Run(input, func(t *testing.T) {
+				_, err := ValidateLabel(input)
+
+				if err == nil {
+					t.Fatalf("expected an invalid input error.")
+				}
+
+				if !errors.Is(err, ErrLabelInvalid) {
+					t.Fatalf("expected an ErrLabelInvalid error.")
+				}
+			})
+		}
+	})
+}
+
 func TestValidateResourceRequestLimit(t *testing.T) {
 	t.Run("valid", func(t *testing.T) {
 		resources := []struct{ request, limit, defaultRequest string }{

internal/apiserver/labelservice/labelimpl.go

@@ -16,14 +16,7 @@ limitations under the License.
 */
 
 import (
-<<<<<<< HEAD
 	"encoding/json"
-	"errors"
-=======
-	"context"
-	"fmt"
->>>>>>> 5c56a341d... Update label validation to match Kubernetes rules
-	"strings"
 
 	"github.com/crunchydata/postgres-operator/internal/apiserver"
 	"github.com/crunchydata/postgres-operator/internal/config"
@@ -36,7 +29,6 @@ import (
 	"k8s.io/apimachinery/pkg/api/meta"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
-	"k8s.io/apimachinery/pkg/util/validation"
 )
 
 // Label ... 2 forms ...
@@ -56,7 +48,7 @@ func Label(request *msgs.LabelRequest, ns, pgouser string) msgs.LabelResponse {
 		return resp
 	}
 
-	labelsMap, err = validateLabel(request.LabelCmdLabel, ns)
+	labelsMap, err = apiserver.ValidateLabel(request.LabelCmdLabel)
 	if err != nil {
 		resp.Status.Code = msgs.Error
 		resp.Status.Msg = err.Error()
@@ -255,59 +247,6 @@ func PatchPgcluster(newLabels map[string]string, oldCRD crv1.Pgcluster, ns strin
 
 }
 
-// validateLabel validates if the input is a valid Kubernetes label
-//
-// A label is composed of a key and value.
-//
-// The key can either be a name or have an optional prefix that i
-// terminated by a "/", e.g. "prefix/name"
-//
-// The name must be a valid DNS 1123 value
-// THe prefix must be a valid DNS 1123 subdomain
-//
-// The value can be validated by machinery provided by Kubenretes
-//
-// Ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
-func validateLabel(LabelCmdLabel string) (map[string]string, error) {
-	labelMap := map[string]string{}
-
-	for _, v := range strings.Split(LabelCmdLabel, ",") {
-		pair := strings.Split(v, "=")
-		if len(pair) != 2 {
-			return labelMap, fmt.Errorf("label format incorrect, requires key=value")
-		}
-
-		// first handle the key
-		keyParts := strings.Split(pair[0], "/")
-
-		switch len(keyParts) {
-		default:
-			return labelMap, fmt.Errorf("invalid key for " + v)
-		case 2:
-			if errs := validation.IsDNS1123Subdomain(keyParts[0]); len(errs) > 0 {
-				return labelMap, fmt.Errorf("invalid key for %s: %s", v, strings.Join(errs, ","))
-			}
-
-			if errs := validation.IsDNS1123Label(keyParts[1]); len(errs) > 0 {
-				return labelMap, fmt.Errorf("invalid key for %s: %s", v, strings.Join(errs, ","))
-			}
-		case 1:
-			if errs := validation.IsDNS1123Label(keyParts[0]); len(errs) > 0 {
-				return labelMap, fmt.Errorf("invalid key for %s: %s", v, strings.Join(errs, ","))
-			}
-		}
-
-		// handle the value
-		if errs := validation.IsValidLabelValue(pair[1]); len(errs) > 0 {
-			return labelMap, fmt.Errorf("invalid value for %s: %s", v, strings.Join(errs, ","))
-		}
-
-		labelMap[pair[0]] = pair[1]
-	}
-
-	return labelMap, nil
-}
-
 // DeleteLabel ...
 // pgo delete label  mycluster yourcluster --label=env=prod
 // pgo delete label  --label=env=prod --selector=group=somegroup
@@ -325,7 +264,7 @@ func DeleteLabel(request *msgs.DeleteLabelRequest, ns string) msgs.LabelResponse
 		return resp
 	}
 
-	labelsMap, err = validateLabel(request.LabelCmdLabel, ns)
+	labelsMap, err = apiserver.ValidateLabel(request.LabelCmdLabel)
 	if err != nil {
 		resp.Status.Code = msgs.Error
 		resp.Status.Msg = "labels not formatted correctly"