fixup! fixup! fixes

Signed-off-by: Oleksii Kurinnyi <[email protected]>

Author: akurinnoy

controllers/workspace/devworkspace_controller.go

@@ -18,6 +18,7 @@ package controllers
 import (
 	"context"
 	"fmt"
+	"regexp"
 	"strconv"
 	"strings"
 	"time"
@@ -127,8 +128,8 @@ func validateNoAdvancedFields(c corev1.Container) error {
 
 // validateHomeInitContainer validates all aspects of the init-persistent-home container.
 func validateHomeInitContainer(c corev1.Container) error {
-	if strings.ContainsAny(c.Image, "\n\r\t ") {
-		return fmt.Errorf("invalid image reference for %s: image reference contains invalid whitespace characters", constants.HomeInitComponentName)
+	if err := validateImageReference(c.Image); err != nil {
+		return fmt.Errorf("invalid image reference for %s: %w", constants.HomeInitComponentName, err)
 	}
 
 	if len(c.Command) != 2 || c.Command[0] != "/bin/sh" || c.Command[1] != "-c" {
@@ -150,6 +151,50 @@ func validateHomeInitContainer(c corev1.Container) error {
 	return nil
 }
 
+func validateImageReference(image string) error {
+	if image == "" {
+		return fmt.Errorf("image reference cannot be empty")
+	}
+
+	// whitespace and control characters
+	if strings.ContainsAny(image, "\n\r\t ") {
+		return fmt.Errorf("contains invalid whitespace characters")
+	}
+
+	// other control characters
+	for _, r := range image {
+		if r < 0x20 || r == 0x7F {
+			return fmt.Errorf("contains invalid control characters")
+		}
+	}
+
+	// format: [registry[:port]/]repository[:tag][@digest]
+	imagePattern := regexp.MustCompile(`^([a-zA-Z0-9]([a-zA-Z0-9._-]*[a-zA-Z0-9])*|\[?[0-9a-fA-F:]+]?)(:\d{1,5})?(/[a-zA-Z0-9]([a-zA-Z0-9._/-]*[a-zA-Z0-9])*)*(:[a-zA-Z0-9_.-]+)?(@sha256:[a-f0-9]{64})?$`)
+	if !imagePattern.MatchString(image) {
+		return fmt.Errorf("invalid format: should match regex: %s", imagePattern.String())
+	}
+
+	// port range
+	portMatch := regexp.MustCompile(`:(\d{1,5})(/|:|@|$)`)
+	matches := portMatch.FindStringSubmatch(image)
+	if len(matches) > 1 {
+		port, err := strconv.Atoi(matches[1])
+		if err != nil {
+			return fmt.Errorf("invalid port format: %w", err)
+		}
+		if port < 1 || port > 65535 {
+			return fmt.Errorf("invalid port number: %d (must be 1-65535)", port)
+		}
+	}
+
+	// length check
+	if len(image) > 4096 {
+		return fmt.Errorf("length exceeds 4096 characters")
+	}
+
+	return nil
+}
+
 // ensureHomeInitContainerFields ensures that an init-persistent-home container has
 // the correct Command, Args, and VolumeMounts.
 func ensureHomeInitContainerFields(c *corev1.Container) error {

controllers/workspace/init_container_validation_test.go

@@ -16,6 +16,7 @@
 package controllers
 
 import (
+	"strings"
 	"testing"
 
 	dw "github.com/devfile/api/v2/pkg/apis/workspaces/v1alpha2"
@@ -301,3 +302,49 @@ func TestDefaultAndValidateHomeInitContainer_NoWorkspaceImage(t *testing.T) {
 	assert.Error(t, err)
 	assert.Contains(t, err.Error(), "unable to infer workspace image")
 }
+
+func TestValidateImageReference(t *testing.T) {
+	tests := []struct {
+		name        string
+		image       string
+		expectError bool
+		errorMsg    string
+	}{
+		// Valid images
+		{"simple image", "nginx", false, ""},
+		{"image with tag", "nginx:latest", false, ""},
+		{"image with version tag", "nginx:1.21", false, ""},
+		{"registry image", "docker.io/nginx", false, ""},
+		{"registry with tag", "docker.io/nginx:latest", false, ""},
+		{"registry with port", "localhost:5000/nginx", false, ""},
+		{"registry port with tag", "localhost:5000/nginx:latest", false, ""},
+		{"multi-level path", "registry.example.com/team/project/app", false, ""},
+		{"with digest", "nginx@sha256:abc123def4567890abcdef1234567890abcdef1234567890abcdef1234567890", false, ""},
+		{"full reference", "registry.example.com:8080/team/app:v1.2.3@sha256:abc123def4567890abcdef1234567890abcdef1234567890abcdef1234567890", false, ""},
+
+		// Invalid images
+		{"empty image", "", true, "cannot be empty"},
+		{"whitespace", "nginx latest", true, "whitespace"},
+		{"newline", "nginx\nlatest", true, "whitespace"},
+		{"tab", "nginx\tlatest", true, "whitespace"},
+		{"control char", "nginx\x00latest", true, "control characters"},
+		{"invalid port 0", "registry:0/image", true, "port number"},
+		{"invalid port 65536", "registry:65536/image", true, "port number"},
+		{"invalid format", "-nginx", true, "invalid format: should match regex: ^([a-zA-Z0-9]([a-zA-Z0-9._-]*[a-zA-Z0-9])*|\\[?[0-9a-fA-F:]+]?)(:\\d{1,5})?(/[a-zA-Z0-9]([a-zA-Z0-9._/-]*[a-zA-Z0-9])*)*(:[a-zA-Z0-9_.-]+)?(@sha256:[a-f0-9]{64})?$"},
+		{"too long", strings.Repeat("a", 4097), true, "exceeds 4096"},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			err := validateImageReference(tt.image)
+			if tt.expectError {
+				assert.Error(t, err)
+				if tt.errorMsg != "" {
+					assert.Contains(t, err.Error(), tt.errorMsg)
+				}
+			} else {
+				assert.NoError(t, err, "Image %q should be valid", tt.image)
+			}
+		})
+	}
+}

pkg/library/home/custom_init_test.go

@@ -19,13 +19,13 @@ import (
 	"testing"
 
 	dw "github.com/devfile/api/v2/pkg/apis/workspaces/v1alpha2"
-	attributes "github.com/devfile/api/v2/pkg/attributes"
+	"github.com/devfile/api/v2/pkg/attributes"
 	"github.com/devfile/devworkspace-operator/apis/controller/v1alpha1"
 	"github.com/devfile/devworkspace-operator/pkg/common"
 	"github.com/devfile/devworkspace-operator/pkg/constants"
 	"github.com/stretchr/testify/assert"
 	corev1 "k8s.io/api/core/v1"
-	"k8s.io/utils/pointer"
+	"k8s.io/utils/ptr"
 )
 
 func TestCustomInitPersistentHome(t *testing.T) {
@@ -61,7 +61,7 @@ func TestCustomInitPersistentHome(t *testing.T) {
 				Config: &v1alpha1.OperatorConfiguration{
 					Workspace: &v1alpha1.WorkspaceConfig{
 						PersistUserHome: &v1alpha1.PersistentHomeConfig{
-							Enabled: pointer.Bool(true),
+							Enabled: ptr.To(true),
 						},
 						InitContainers: []corev1.Container{
 							{
@@ -100,7 +100,7 @@ func TestCustomInitPersistentHome(t *testing.T) {
 				Config: &v1alpha1.OperatorConfiguration{
 					Workspace: &v1alpha1.WorkspaceConfig{
 						PersistUserHome: &v1alpha1.PersistentHomeConfig{
-							Enabled: pointer.Bool(true),
+							Enabled: ptr.To(true),
 						},
 						InitContainers: []corev1.Container{
 							{
@@ -140,8 +140,8 @@ func TestCustomInitPersistentHome(t *testing.T) {
 				Config: &v1alpha1.OperatorConfiguration{
 					Workspace: &v1alpha1.WorkspaceConfig{
 						PersistUserHome: &v1alpha1.PersistentHomeConfig{
-							Enabled:              pointer.Bool(true),
-							DisableInitContainer: pointer.Bool(false),
+							Enabled:              ptr.To(true),
+							DisableInitContainer: ptr.To(false),
 						},
 						InitContainers: []corev1.Container{},
 					},
@@ -175,8 +175,8 @@ func TestCustomInitPersistentHome(t *testing.T) {
 				Config: &v1alpha1.OperatorConfiguration{
 					Workspace: &v1alpha1.WorkspaceConfig{
 						PersistUserHome: &v1alpha1.PersistentHomeConfig{
-							Enabled:              pointer.Bool(true),
-							DisableInitContainer: pointer.Bool(true),
+							Enabled:              ptr.To(true),
+							DisableInitContainer: ptr.To(true),
 						},
 					},
 				},

pkg/library/initcontainers/merge_test.go

@@ -28,7 +28,6 @@ func TestMergeInitContainers(t *testing.T) {
 		base    []corev1.Container
 		patches []corev1.Container
 		want    []corev1.Container
-		wantErr bool
 	}{
 		{
 			name: "empty base",
@@ -39,7 +38,6 @@ func TestMergeInitContainers(t *testing.T) {
 			want: []corev1.Container{
 				{Name: "new-container", Image: "new-image"},
 			},
-			wantErr: false,
 		},
 		{
 			name: "empty patches",
@@ -50,7 +48,6 @@ func TestMergeInitContainers(t *testing.T) {
 			want: []corev1.Container{
 				{Name: "base-container", Image: "base-image"},
 			},
-			wantErr: false,
 		},
 		{
 			name: "multiple containers",
@@ -69,7 +66,6 @@ func TestMergeInitContainers(t *testing.T) {
 				{Name: "third", Image: "third-image"},
 				{Name: "new-container", Image: "new-image"},
 			},
-			wantErr: false,
 		},
 		{
 			name: "partial field merge",
@@ -97,19 +93,52 @@ func TestMergeInitContainers(t *testing.T) {
 					Env:     []corev1.EnvVar{{Name: "BASE_VAR", Value: "base-value"}},
 				},
 			},
-			wantErr: false,
+		},
+		{
+			name: "preserve user-configured init-persistent-home content",
+			base: []corev1.Container{
+				{
+					Name:    "init-persistent-home",
+					Image:   "workspace-image:latest",
+					Command: []string{"/bin/sh", "-c"},
+					Args:    []string{"default stow script"},
+				},
+			},
+			patches: []corev1.Container{
+				{
+					Name:  "init-persistent-home",
+					Image: "custom-image:latest",
+					Args:  []string{"echo 'custom init'"},
+					Env: []corev1.EnvVar{
+						{
+							Name:  "CUSTOM_VAR",
+							Value: "custom-value",
+						},
+					},
+				},
+			},
+			want: []corev1.Container{
+				{
+					Name:    "init-persistent-home",
+					Image:   "custom-image:latest",
+					Command: []string{"/bin/sh", "-c"},
+					Args:    []string{"echo 'custom init'"},
+					Env: []corev1.EnvVar{
+						{
+							Name:  "CUSTOM_VAR",
+							Value: "custom-value",
+						},
+					},
+				},
+			},
 		},
 	}
 
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			got, err := MergeInitContainers(tt.base, tt.patches)
-			if tt.wantErr {
-				assert.Error(t, err, "should return error")
-			} else {
-				assert.NoError(t, err, "should not return error")
-				assert.Equal(t, tt.want, got, "should return merged containers")
-			}
+			assert.NoError(t, err, "should not return error")
+			assert.Equal(t, tt.want, got, "should return merged containers")
 		})
 	}
 }

test/e2e/pkg/client/oc.go

@@ -16,11 +16,15 @@
 package client
 
 import (
+	"context"
 	"fmt"
 	"log"
 	"os/exec"
 	"strings"
 	"time"
+
+	dw "github.com/devfile/api/v2/pkg/apis/workspaces/v1alpha2"
+	k8sErrors "k8s.io/apimachinery/pkg/api/errors"
 )
 
 func (w *K8sClient) OcApplyWorkspace(namespace string, filePath string) (commandResult string, err error) {
@@ -68,12 +72,15 @@ func (w *K8sClient) GetLogsForContainer(podName string, namespace, containerName
 	return string(outBytes), err
 }
 
+// function returns an empty string as `commandResult` to match the existing signature.
 func (w *K8sClient) OcDeleteWorkspace(name, namespace string) (commandResult string, err error) {
-	cmd := exec.Command("bash", "-c", fmt.Sprintf(
-		"KUBECONFIG=%s oc delete devworkspace %s -n %s --ignore-not-found=true",
-		w.kubeCfgFile,
-		name,
-		namespace))
-	outBytes, err := cmd.CombinedOutput()
-	return string(outBytes), err
+	workspace := &dw.DevWorkspace{}
+	workspace.ObjectMeta.Name = name
+	workspace.ObjectMeta.Namespace = namespace
+
+	err = w.crClient.Delete(context.TODO(), workspace)
+	if err != nil && !k8sErrors.IsNotFound(err) {
+		return "", err
+	}
+	return "", nil
 }