Skip to content

Commit 9cf36c4

Browse files
kstrenkovakstrenkova
committed
Validate CR parameters in more detail
This patch enhances user parameter validation to improve code structure, clarify parameter input, and reduce security risks by restricting input to specific values.
1 parent 651b20d commit 9cf36c4

13 files changed

+164
-26
lines changed

api/bases/test.openstack.org_ansibletests.yaml

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -64,8 +64,8 @@ spec:
6464
description: AnsibleExtraVars - string to pass parameters to ansible
6565
type: string
6666
ansibleGitRepo:
67-
default: ""
6867
description: AnsibleGitRepo - git repo to clone into container
68+
format: uri
6969
type: string
7070
ansibleInventory:
7171
default: ""
@@ -94,6 +94,7 @@ spec:
9494
description: |-
9595
ComputeSSHKeySecretName is the name of the k8s secret that contains an ssh key for computes.
9696
The key is mounted to ~/.ssh/id_ecdsa in the ansible pod
97+
maxLength: 253
9798
type: string
9899
containerImage:
99100
default: ""
@@ -1346,6 +1347,7 @@ spec:
13461347
type: string
13471348
ansibleGitRepo:
13481349
description: AnsibleGitRepo - git repo to clone into container
1350+
format: uri
13491351
type: string
13501352
ansibleInventory:
13511353
description: AnsibleInventory - string that contains the inventory
@@ -1370,6 +1372,7 @@ spec:
13701372
description: |-
13711373
ComputeSSHKeySecretName is the name of the k8s secret that contains an ssh key for computes.
13721374
The key is mounted to ~/.ssh/id_ecdsa in the ansible pod
1375+
maxLength: 253
13731376
type: string
13741377
containerImage:
13751378
default: ""
@@ -1489,7 +1492,7 @@ spec:
14891492
description: |-
14901493
Name of a workflow step. The step name will be used for example to create
14911494
a logs directory.
1492-
maxLength: 100
1495+
pattern: ^[a-z0-9-]+$
14931496
type: string
14941497
storageClass:
14951498
description: StorageClass used to create any test-operator related
@@ -1540,6 +1543,7 @@ spec:
15401543
description: |-
15411544
WorkloadSSHKeySecretName is the name of the k8s secret that contains an ssh key for the ansible workload.
15421545
The key is mounted to ~/test_keypair.key in the ansible pod
1546+
maxLength: 253
15431547
type: string
15441548
required:
15451549
- stepName
@@ -1550,6 +1554,7 @@ spec:
15501554
description: |-
15511555
WorkloadSSHKeySecretName is the name of the k8s secret that contains an ssh key for the ansible workload.
15521556
The key is mounted to ~/test_keypair.key in the ansible pod
1557+
maxLength: 253
15531558
type: string
15541559
required:
15551560
- ansibleGitRepo

api/bases/test.openstack.org_horizontests.yaml

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -57,14 +57,19 @@ spec:
5757
default: admin
5858
description: AdminPassword is the password for the OpenStack admin
5959
user.
60+
maxLength: 253
61+
minLength: 1
6062
type: string
6163
adminUsername:
6264
default: admin
6365
description: AdminUsername is the username for the OpenStack admin
6466
user.
67+
maxLength: 253
68+
minLength: 1
6569
type: string
6670
authUrl:
6771
description: AuthUrl is the authentication URL for OpenStack.
72+
format: uri
6873
type: string
6974
backoffLimit:
7075
default: 0
@@ -79,6 +84,7 @@ spec:
7984
type: string
8085
dashboardUrl:
8186
description: DashboardUrl is the URL of the Horizon dashboard.
87+
format: uri
8288
type: string
8389
debug:
8490
default: false
@@ -1194,6 +1200,7 @@ spec:
11941200
imageUrl:
11951201
default: http://download.cirros-cloud.net/0.6.2/cirros-0.6.2-x86_64-disk.img
11961202
description: ImageUrl is the URL to download the Cirros image.
1203+
format: uri
11971204
type: string
11981205
kubeconfigSecretName:
11991206
description: |-
@@ -1220,6 +1227,7 @@ spec:
12201227
default: horizontest
12211228
description: Password is the password for the user running the Horizon
12221229
tests.
1230+
maxLength: 253
12231231
type: string
12241232
privileged:
12251233
default: false
@@ -1245,6 +1253,7 @@ spec:
12451253
repoUrl:
12461254
default: https://review.opendev.org/openstack/horizon
12471255
description: RepoUrl is the URL of the Horizon repository.
1256+
format: uri
12481257
type: string
12491258
resources:
12501259
default:
@@ -1360,6 +1369,7 @@ spec:
13601369
default: horizontest
13611370
description: User is the username under which the Horizon tests will
13621371
run.
1372+
maxLength: 253
13631373
type: string
13641374
required:
13651375
- adminPassword

api/bases/test.openstack.org_tempests.yaml

Lines changed: 37 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1300,6 +1300,8 @@ spec:
13001300
default: 0
13011301
description: Concurrency value that is passed to tempest via --concurrency
13021302
format: int64
1303+
maximum: 128
1304+
minimum: 0
13031305
type: integer
13041306
excludeList:
13051307
description: A content of exclude.txt file that is passed to tempest
@@ -1325,16 +1327,19 @@ spec:
13251327
description: |-
13261328
ChangeRefspec specifies which change the remote repository should be
13271329
checked out to (ChangeRepository must be defined as well).
1330+
maxLength: 253
13281331
type: string
13291332
changeRepository:
13301333
description: |-
13311334
URL that points to a repository that contains a change that should be
13321335
applied to the repository defined by Repository (ChangeRefspec must be
13331336
defined as well).
1337+
format: uri
13341338
type: string
13351339
repository:
13361340
description: URL that points to a git repository containing
13371341
an external plugin.
1342+
format: uri
13381343
type: string
13391344
required:
13401345
- repository
@@ -1357,6 +1362,7 @@ spec:
13571362
URL:
13581363
description: URL that points to a location where the image
13591364
is located
1365+
format: uri
13601366
type: string
13611367
containerFormat:
13621368
default: '-'
@@ -1379,14 +1385,19 @@ spec:
13791385
description: How much RAM should be allocated when this
13801386
flavor is used
13811387
format: int64
1388+
minimum: 1
13821389
type: integer
13831390
disk:
13841391
description: How much disk space should be allocated
13851392
when this flavor is used
13861393
format: int64
1394+
minimum: 0
13871395
type: integer
13881396
name:
13891397
description: Name of the flavor that should be created
1398+
maxLength: 253
1399+
minLength: 1
1400+
pattern: ^[a-z0-9._-]+$
13901401
type: string
13911402
osCloud:
13921403
default: '-'
@@ -1396,6 +1407,7 @@ spec:
13961407
description: How many vcpus should be allocated when
13971408
this flavor is used
13981409
format: int64
1410+
minimum: 1
13991411
type: integer
14001412
required:
14011413
- RAM
@@ -1411,6 +1423,9 @@ spec:
14111423
type: integer
14121424
name:
14131425
description: Name of the image
1426+
maxLength: 253
1427+
minLength: 1
1428+
pattern: ^[a-z0-9._-]+$
14141429
type: string
14151430
osCloud:
14161431
default: '-'
@@ -1505,13 +1520,15 @@ spec:
15051520
The content of this variable will be passed to discover-tempest-config via
15061521
--flavor-min-disk
15071522
format: int64
1523+
minimum: 0
15081524
type: integer
15091525
flavorMinMem:
15101526
default: 0
15111527
description: |-
15121528
The content of this variable will be passed to discover-tempest-config via
15131529
--flavor-min-mem
15141530
format: int64
1531+
minimum: 0
15151532
type: integer
15161533
generateProfile:
15171534
default: ""
@@ -1592,6 +1609,7 @@ spec:
15921609
The content of this variable will be passed to discover-tempest-config via
15931610
--timeout
15941611
format: int64
1612+
minimum: 0
15951613
type: integer
15961614
verbose:
15971615
default: false
@@ -1805,8 +1823,7 @@ spec:
18051823
description: |-
18061824
Name of a workflow step. The step name will be used for example to create
18071825
a logs directory.
1808-
maxLength: 100
1809-
pattern: ^[a-z0-9]
1826+
pattern: ^[a-z0-9-]+$
18101827
type: string
18111828
storageClass:
18121829
description: StorageClass used to create any test-operator related
@@ -1822,6 +1839,8 @@ spec:
18221839
description: Concurrency value that is passed to tempest
18231840
via --concurrency
18241841
format: int64
1842+
maximum: 128
1843+
minimum: 0
18251844
type: integer
18261845
excludeList:
18271846
description: A content of exclude.txt file that is passed
@@ -1847,16 +1866,19 @@ spec:
18471866
description: |-
18481867
ChangeRefspec specifies which change the remote repository should be
18491868
checked out to (ChangeRepository must be defined as well).
1869+
maxLength: 253
18501870
type: string
18511871
changeRepository:
18521872
description: |-
18531873
URL that points to a repository that contains a change that should be
18541874
applied to the repository defined by Repository (ChangeRefspec must be
18551875
defined as well).
1876+
format: uri
18561877
type: string
18571878
repository:
18581879
description: URL that points to a git repository containing
18591880
an external plugin.
1881+
format: uri
18601882
type: string
18611883
required:
18621884
- repository
@@ -1879,6 +1901,7 @@ spec:
18791901
URL:
18801902
description: URL that points to a location where the
18811903
image is located
1904+
format: uri
18821905
type: string
18831906
containerFormat:
18841907
default: '-'
@@ -1901,15 +1924,20 @@ spec:
19011924
description: How much RAM should be allocated
19021925
when this flavor is used
19031926
format: int64
1927+
minimum: 1
19041928
type: integer
19051929
disk:
19061930
description: How much disk space should be allocated
19071931
when this flavor is used
19081932
format: int64
1933+
minimum: 0
19091934
type: integer
19101935
name:
19111936
description: Name of the flavor that should be
19121937
created
1938+
maxLength: 253
1939+
minLength: 1
1940+
pattern: ^[a-z0-9._-]+$
19131941
type: string
19141942
osCloud:
19151943
default: '-'
@@ -1919,6 +1947,7 @@ spec:
19191947
description: How many vcpus should be allocated
19201948
when this flavor is used
19211949
format: int64
1950+
minimum: 1
19221951
type: integer
19231952
required:
19241953
- RAM
@@ -1934,6 +1963,9 @@ spec:
19341963
type: integer
19351964
name:
19361965
description: Name of the image
1966+
maxLength: 253
1967+
minLength: 1
1968+
pattern: ^[a-z0-9._-]+$
19371969
type: string
19381970
osCloud:
19391971
default: '-'
@@ -2015,12 +2047,14 @@ spec:
20152047
The content of this variable will be passed to discover-tempest-config via
20162048
--flavor-min-disk
20172049
format: int64
2050+
minimum: 0
20182051
type: integer
20192052
flavorMinMem:
20202053
description: |-
20212054
The content of this variable will be passed to discover-tempest-config via
20222055
--flavor-min-mem
20232056
format: int64
2057+
minimum: 0
20242058
type: integer
20252059
generateProfile:
20262060
description: |-
@@ -2087,6 +2121,7 @@ spec:
20872121
The content of this variable will be passed to discover-tempest-config via
20882122
--timeout
20892123
format: int64
2124+
minimum: 0
20902125
type: integer
20912126
verbose:
20922127
description: Indicate whether discover-tempest-config should

api/bases/test.openstack.org_tobikoes.yaml

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1164,6 +1164,7 @@ spec:
11641164
description: |-
11651165
Name of a secret that contains a kubeconfig. The kubeconfig is mounted under /var/lib/tobiko/.kube/config
11661166
in the test pod.
1167+
maxLength: 253
11671168
type: string
11681169
networkAttachments:
11691170
description: |-
@@ -1388,6 +1389,7 @@ spec:
13881389
description: |-
13891390
Name of a secret that contains a kubeconfig. The kubeconfig is mounted under /var/lib/tobiko/.kube/config
13901391
in the test pod.
1392+
maxLength: 253
13911393
type: string
13921394
networkAttachments:
13931395
description: |-
@@ -1488,10 +1490,9 @@ spec:
14881490
type: object
14891491
type: object
14901492
stepName:
1491-
default: ""
14921493
description: A parameter that contains a definition of a single
14931494
workflow step.
1494-
maxLength: 100
1495+
pattern: ^[a-z0-9-]+$
14951496
type: string
14961497
storageClass:
14971498
description: StorageClass used to create any test-operator related

0 commit comments

Comments
 (0)