diff --git a/api/v1beta1/artifact_types.go b/api/v1beta1/artifact_types.go index 3fd0d2dfe..db5dc87f4 100644 --- a/api/v1beta1/artifact_types.go +++ b/api/v1beta1/artifact_types.go @@ -26,20 +26,30 @@ import ( // Artifact represents the output of a source synchronisation. type Artifact struct { // Path is the relative file path of this artifact. + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=253 + // +kubebuilder:validation:Pattern=`^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$` // +required Path string `json:"path"` // URL is the HTTP address of this artifact. + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=2048 + // +kubebuilder:validation:Pattern="^(http|https|ssh)://.*$" // +required URL string `json:"url"` // Revision is a human readable identifier traceable in the origin source // system. It can be a Git commit SHA, Git tag, a Helm index timestamp, a Helm // chart version, etc. + // +kubebuilder:validation:MaxLength=65 + // +kubebuilder:validation:Pattern=`^[A-Za-z0-9]{65}$` // +optional Revision string `json:"revision"` // Checksum is the SHA256 checksum of the artifact. + // +kubebuilder:validation:MaxLength=65 + // +kubebuilder:validation:Pattern=`^[A-Za-z0-9]{65}$` // +optional Checksum string `json:"checksum"` diff --git a/api/v1beta1/bucket_types.go b/api/v1beta1/bucket_types.go index 0d5f3de81..073914825 100644 --- a/api/v1beta1/bucket_types.go +++ b/api/v1beta1/bucket_types.go @@ -38,10 +38,16 @@ type BucketSpec struct { Provider string `json:"provider,omitempty"` // The bucket name. + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=63 + // +kubebuilder:validation:Pattern=`^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$` // +required BucketName string `json:"bucketName"` // The bucket endpoint address. + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=250 + // +kubebuilder:validation:Pattern=`^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$` // +required Endpoint string `json:"endpoint"` @@ -50,6 +56,8 @@ type BucketSpec struct { Insecure bool `json:"insecure,omitempty"` // The bucket region. + // +kubebuilder:validation:MaxLength=63 + // +kubebuilder:validation:Pattern=`^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$` // +optional Region string `json:"region,omitempty"` @@ -70,6 +78,7 @@ type BucketSpec struct { // Ignore overrides the set of excluded patterns in the .sourceignore format // (which is the same as .gitignore). If not provided, a default will be used, // consult the documentation for your version to find out what those are. + // +kubebuilder:validation:MaxLength=5119 // +optional Ignore *string `json:"ignore,omitempty"` @@ -99,6 +108,8 @@ type BucketStatus struct { Conditions []metav1.Condition `json:"conditions,omitempty"` // URL is the download link for the artifact output of the last Bucket sync. + // +kubebuilder:validation:MaxLength=2048 + // +kubebuilder:validation:Pattern="^(http|https|ssh)://.*$" // +optional URL string `json:"url,omitempty"` @@ -206,7 +217,8 @@ type Bucket struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` - Spec BucketSpec `json:"spec,omitempty"` + // +kubebuilder:validation:required + Spec BucketSpec `json:"spec"` // +kubebuilder:default={"observedGeneration":-1} Status BucketStatus `json:"status,omitempty"` } diff --git a/api/v1beta1/gitrepository_types.go b/api/v1beta1/gitrepository_types.go index c84055e03..89a3056ae 100644 --- a/api/v1beta1/gitrepository_types.go +++ b/api/v1beta1/gitrepository_types.go @@ -37,6 +37,9 @@ const ( // GitRepositorySpec defines the desired state of a Git repository. type GitRepositorySpec struct { // The repository URL, can be a HTTP/S or SSH address. + + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=2048 // +kubebuilder:validation:Pattern="^(http|https|ssh)://.*$" // +required URL string `json:"url"` @@ -70,6 +73,8 @@ type GitRepositorySpec struct { // Ignore overrides the set of excluded patterns in the .sourceignore format // (which is the same as .gitignore). If not provided, a default will be used, // consult the documentation for your version to find out what those are. + // +kubebuilder:validation:MaxLength=5119 + // +kubebuilder:validation:Pattern=`^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$` // +optional Ignore *string `json:"ignore,omitempty"` @@ -115,10 +120,14 @@ type GitRepositoryInclude struct { GitRepositoryRef meta.LocalObjectReference `json:"repository"` // The path to copy contents from, defaults to the root directory. + // +kubebuilder:validation:MaxLength=253 + // +kubebuilder:validation:Pattern=`^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$` // +optional FromPath string `json:"fromPath"` // The path to copy contents to, defaults to the name of the source ref. + // +kubebuilder:validation:MaxLength=253 + // +kubebuilder:validation:Pattern=`^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$` // +optional ToPath string `json:"toPath"` } @@ -126,18 +135,26 @@ type GitRepositoryInclude struct { // GitRepositoryRef defines the Git ref used for pull and checkout operations. type GitRepositoryRef struct { // The Git branch to checkout, defaults to master. + // +kubebuilder:validation:MaxLength=244 + // +kubebuilder:validation:Pattern=`^[\-._a-zA-Z0-9]+$` // +optional Branch string `json:"branch,omitempty"` // The Git tag to checkout, takes precedence over Branch. + // +kubebuilder:validation:MaxLength=253 + // +kubebuilder:validation:Pattern=`^[\-._0-9]+$` // +optional Tag string `json:"tag,omitempty"` // The Git tag semver expression, takes precedence over Tag. + // +kubebuilder:validation:MaxLength=63 + // +kubebuilder:validation:Pattern=`^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$` // +optional SemVer string `json:"semver,omitempty"` // The Git commit SHA to checkout, if specified Tag filters will be ignored. + // +kubebuilder:validation:MaxLength=65 + // +kubebuilder:validation:Pattern=`^[A-Za-z0-9]{65}$` // +optional Commit string `json:"commit,omitempty"` } @@ -164,6 +181,8 @@ type GitRepositoryStatus struct { // URL is the download link for the artifact output of the last repository // sync. + // +kubebuilder:validation:MaxLength=2048 + // +kubebuilder:validation:Pattern="^(http|https|ssh)://.*$" // +optional URL string `json:"url,omitempty"` @@ -279,7 +298,8 @@ type GitRepository struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` - Spec GitRepositorySpec `json:"spec,omitempty"` + // +kubebuilder:validation:required + Spec GitRepositorySpec `json:"spec"` // +kubebuilder:default={"observedGeneration":-1} Status GitRepositoryStatus `json:"status,omitempty"` } diff --git a/api/v1beta1/helmchart_types.go b/api/v1beta1/helmchart_types.go index 8d4c0a02d..74dc794c2 100644 --- a/api/v1beta1/helmchart_types.go +++ b/api/v1beta1/helmchart_types.go @@ -30,12 +30,17 @@ const HelmChartKind = "HelmChart" // HelmChartSpec defines the desired state of a Helm chart. type HelmChartSpec struct { // The name or path the Helm chart is available at in the SourceRef. + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=253 + // +kubebuilder:validation:Pattern=`^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$` // +required Chart string `json:"chart"` // The chart version semver expression, ignored for charts from GitRepository // and Bucket sources. Defaults to latest when omitted. // +kubebuilder:default:=* + // +kubebuilder:validation:MaxLength=2048 + // +kubebuilder:validation:Pattern=`^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$` // +optional Version string `json:"version,omitempty"` @@ -92,6 +97,8 @@ const ( // the typed referenced object at namespace level. type LocalHelmChartSourceReference struct { // APIVersion of the referent. + // +kubebuilder:validation:MaxLength=2048 + // +kubebuilder:validation:Pattern=`^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$` // +optional APIVersion string `json:"apiVersion,omitempty"` @@ -102,6 +109,9 @@ type LocalHelmChartSourceReference struct { Kind string `json:"kind"` // Name of the referent. + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=253 + // +kubebuilder:validation:Pattern=`^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$` // +required Name string `json:"name"` } @@ -117,6 +127,8 @@ type HelmChartStatus struct { Conditions []metav1.Condition `json:"conditions,omitempty"` // URL is the download link for the last chart pulled. + // +kubebuilder:validation:MaxLength=2048 + // +kubebuilder:validation:Pattern="^(http|https|ssh)://.*$" // +optional URL string `json:"url,omitempty"` @@ -248,7 +260,8 @@ type HelmChart struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` - Spec HelmChartSpec `json:"spec,omitempty"` + // +kubebuilder:validation:required + Spec HelmChartSpec `json:"spec"` // +kubebuilder:default={"observedGeneration":-1} Status HelmChartStatus `json:"status,omitempty"` } diff --git a/api/v1beta1/helmrepository_types.go b/api/v1beta1/helmrepository_types.go index 62b0e9a6d..46be64559 100644 --- a/api/v1beta1/helmrepository_types.go +++ b/api/v1beta1/helmrepository_types.go @@ -35,6 +35,9 @@ const ( // HelmRepositorySpec defines the reference to a Helm repository. type HelmRepositorySpec struct { // The Helm repository URL, a valid URL contains at least a protocol and host. + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=2048 + // +kubebuilder:validation:Pattern="^(http|https|ssh)://.*$" // +required URL string `json:"url"` @@ -85,6 +88,8 @@ type HelmRepositoryStatus struct { Conditions []metav1.Condition `json:"conditions,omitempty"` // URL is the download link for the last index fetched. + // +kubebuilder:validation:MaxLength=2048 + // +kubebuilder:validation:Pattern="^(http|https|ssh)://.*$" // +optional URL string `json:"url,omitempty"` @@ -195,7 +200,8 @@ type HelmRepository struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` - Spec HelmRepositorySpec `json:"spec,omitempty"` + // +kubebuilder:validation:required + Spec HelmRepositorySpec `json:"spec"` // +kubebuilder:default={"observedGeneration":-1} Status HelmRepositoryStatus `json:"status,omitempty"` } diff --git a/api/v1beta2/artifact_types.go b/api/v1beta2/artifact_types.go index 0832b6ce5..e098033e1 100644 --- a/api/v1beta2/artifact_types.go +++ b/api/v1beta2/artifact_types.go @@ -28,21 +28,30 @@ type Artifact struct { // Path is the relative file path of the Artifact. It can be used to locate // the file in the root of the Artifact storage on the local file system of // the controller managing the Source. + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=253 + // +kubebuilder:validation:Pattern=`^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$` // +required Path string `json:"path"` // URL is the HTTP address of the Artifact as exposed by the controller // managing the Source. It can be used to retrieve the Artifact for // consumption, e.g. by another controller applying the Artifact contents. + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=2048 + // +kubebuilder:validation:Pattern="^(http|https|ssh)://.*$" // +required URL string `json:"url"` // Revision is a human-readable identifier traceable in the origin source // system. It can be a Git commit SHA, Git tag, a Helm chart version, etc. + // +kubebuilder:validation:Pattern=`^[A-Za-z0-9]{65}$` // +optional Revision string `json:"revision"` // Checksum is the SHA256 checksum of the Artifact file. + // +kubebuilder:validation:MaxLength=65 + // +kubebuilder:validation:Pattern=`^[A-Za-z0-9]{65}$` // +optional Checksum string `json:"checksum"` diff --git a/api/v1beta2/bucket_types.go b/api/v1beta2/bucket_types.go index 2ea66e465..7c07373ee 100644 --- a/api/v1beta2/bucket_types.go +++ b/api/v1beta2/bucket_types.go @@ -57,10 +57,16 @@ type BucketSpec struct { Provider string `json:"provider,omitempty"` // BucketName is the name of the object storage bucket. + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=63 + // +kubebuilder:validation:Pattern=`^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$` // +required BucketName string `json:"bucketName"` // Endpoint is the object storage address the BucketName is located at. + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=250 + // +kubebuilder:validation:Pattern=`^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$` // +required Endpoint string `json:"endpoint"` @@ -69,6 +75,8 @@ type BucketSpec struct { Insecure bool `json:"insecure,omitempty"` // Region of the Endpoint where the BucketName is located in. + // +kubebuilder:validation:MaxLength=63 + // +kubebuilder:validation:Pattern=`^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$` // +optional Region string `json:"region,omitempty"` @@ -89,6 +97,7 @@ type BucketSpec struct { // Ignore overrides the set of excluded patterns in the .sourceignore format // (which is the same as .gitignore). If not provided, a default will be used, // consult the documentation for your version to find out what those are. + // +kubebuilder:validation:MaxLength=5119 // +optional Ignore *string `json:"ignore,omitempty"` @@ -117,6 +126,8 @@ type BucketStatus struct { // URL is the dynamic fetch link for the latest Artifact. // It is provided on a "best effort" basis, and using the precise // BucketStatus.Artifact data is recommended. + // +kubebuilder:validation:MaxLength=2048 + // +kubebuilder:validation:Pattern="^(http|https|ssh)://.*$" // +optional URL string `json:"url,omitempty"` @@ -172,7 +183,8 @@ type Bucket struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` - Spec BucketSpec `json:"spec,omitempty"` + // +kubebuilder:validation:required + Spec BucketSpec `json:"spec"` // +kubebuilder:default={"observedGeneration":-1} Status BucketStatus `json:"status,omitempty"` } diff --git a/api/v1beta2/gitrepository_types.go b/api/v1beta2/gitrepository_types.go index de736c861..e14295734 100644 --- a/api/v1beta2/gitrepository_types.go +++ b/api/v1beta2/gitrepository_types.go @@ -48,6 +48,8 @@ const ( // Artifact for a Git repository. type GitRepositorySpec struct { // URL specifies the Git repository URL, it can be an HTTP/S or SSH address. + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=2048 // +kubebuilder:validation:Pattern="^(http|https|ssh)://.*$" // +required URL string `json:"url"` @@ -83,6 +85,8 @@ type GitRepositorySpec struct { // Ignore overrides the set of excluded patterns in the .sourceignore format // (which is the same as .gitignore). If not provided, a default will be used, // consult the documentation for your version to find out what those are. + // +kubebuilder:validation:MaxLength=5119 + // +kubebuilder:validation:Pattern=`^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$` // +optional Ignore *string `json:"ignore,omitempty"` @@ -124,11 +128,15 @@ type GitRepositoryInclude struct { // FromPath specifies the path to copy contents from, defaults to the root // of the Artifact. + // +kubebuilder:validation:MaxLength=253 + // +kubebuilder:validation:Pattern=`^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$` // +optional FromPath string `json:"fromPath"` // ToPath specifies the path to copy contents to, defaults to the name of // the GitRepositoryRef. + // +kubebuilder:validation:MaxLength=253 + // +kubebuilder:validation:Pattern=`^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$` // +optional ToPath string `json:"toPath"` } @@ -153,14 +161,20 @@ type GitRepositoryRef struct { // // When GitRepositorySpec.GitImplementation is set to 'go-git', a shallow // clone of the specified branch is performed. + // +kubebuilder:validation:MaxLength=244 + // +kubebuilder:validation:Pattern=`^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$` // +optional Branch string `json:"branch,omitempty"` // Tag to check out, takes precedence over Branch. + // +kubebuilder:validation:MaxLength=253 + // +kubebuilder:validation:Pattern=`^[\-._0-9]+$` // +optional Tag string `json:"tag,omitempty"` // SemVer tag expression to check out, takes precedence over Tag. + // +kubebuilder:validation:MaxLength=63 + // +kubebuilder:validation:Pattern=`^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$` // +optional SemVer string `json:"semver,omitempty"` @@ -169,6 +183,7 @@ type GitRepositoryRef struct { // When GitRepositorySpec.GitImplementation is set to 'go-git', this can be // combined with Branch to shallow clone the branch, in which the commit is // expected to exist. + // +kubebuilder:validation:Pattern=`^[A-Za-z0-9]{65}$` // +optional Commit string `json:"commit,omitempty"` } @@ -199,6 +214,8 @@ type GitRepositoryStatus struct { // URL is the dynamic fetch link for the latest Artifact. // It is provided on a "best effort" basis, and using the precise // GitRepositoryStatus.Artifact data is recommended. + // +kubebuilder:validation:MaxLength=2048 + // +kubebuilder:validation:Pattern="^(http|https|ssh)://.*$" // +optional URL string `json:"url,omitempty"` @@ -274,7 +291,8 @@ type GitRepository struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` - Spec GitRepositorySpec `json:"spec,omitempty"` + // +kubebuilder:validation:required + Spec GitRepositorySpec `json:"spec"` // +kubebuilder:default={"observedGeneration":-1} Status GitRepositoryStatus `json:"status,omitempty"` } diff --git a/api/v1beta2/helmchart_types.go b/api/v1beta2/helmchart_types.go index 2ce5a942f..fd8a28da5 100644 --- a/api/v1beta2/helmchart_types.go +++ b/api/v1beta2/helmchart_types.go @@ -32,12 +32,17 @@ const HelmChartKind = "HelmChart" type HelmChartSpec struct { // Chart is the name or path the Helm chart is available at in the // SourceRef. + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=253 + // +kubebuilder:validation:Pattern=`^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$` // +required Chart string `json:"chart"` // Version is the chart version semver expression, ignored for charts from // GitRepository and Bucket sources. Defaults to latest when omitted. // +kubebuilder:default:=* + // +kubebuilder:validation:MaxLength=2048 + // +kubebuilder:validation:Pattern=`^[\-._0-9]+$` // +optional Version string `json:"version,omitempty"` @@ -98,6 +103,8 @@ const ( // the typed referenced object at namespace level. type LocalHelmChartSourceReference struct { // APIVersion of the referent. + // +kubebuilder:validation:MaxLength=2048 + // +kubebuilder:validation:Pattern=`^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$` // +optional APIVersion string `json:"apiVersion,omitempty"` @@ -108,6 +115,9 @@ type LocalHelmChartSourceReference struct { Kind string `json:"kind"` // Name of the referent. + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=253 + // +kubebuilder:validation:Pattern=`^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$` // +required Name string `json:"name"` } @@ -121,11 +131,15 @@ type HelmChartStatus struct { // ObservedSourceArtifactRevision is the last observed Artifact.Revision // of the HelmChartSpec.SourceRef. + // +kubebuilder:validation:MaxLength=253 + // +kubebuilder:validation:Pattern=`^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$` // +optional ObservedSourceArtifactRevision string `json:"observedSourceArtifactRevision,omitempty"` // ObservedChartName is the last observed chart name as specified by the // resolved chart reference. + // +kubebuilder:validation:MaxLength=253 + // +kubebuilder:validation:Pattern=`^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$` // +optional ObservedChartName string `json:"observedChartName,omitempty"` @@ -136,6 +150,8 @@ type HelmChartStatus struct { // URL is the dynamic fetch link for the latest Artifact. // It is provided on a "best effort" basis, and using the precise // BucketStatus.Artifact data is recommended. + // +kubebuilder:validation:MaxLength=2048 + // +kubebuilder:validation:Pattern="^(http|https|ssh)://.*$" // +optional URL string `json:"url,omitempty"` @@ -208,7 +224,8 @@ type HelmChart struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` - Spec HelmChartSpec `json:"spec,omitempty"` + // +kubebuilder:validation:required + Spec HelmChartSpec `json:"spec"` // +kubebuilder:default={"observedGeneration":-1} Status HelmChartStatus `json:"status,omitempty"` } diff --git a/api/v1beta2/helmrepository_types.go b/api/v1beta2/helmrepository_types.go index d9d72b0b9..b7fd232d8 100644 --- a/api/v1beta2/helmrepository_types.go +++ b/api/v1beta2/helmrepository_types.go @@ -43,6 +43,9 @@ const ( type HelmRepositorySpec struct { // URL of the Helm repository, a valid URL contains at least a protocol and // host. + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=2048 + // +kubebuilder:validation:Pattern="^(http|https|ssh)://.*$" // +required URL string `json:"url"` @@ -115,6 +118,8 @@ type HelmRepositoryStatus struct { // URL is the dynamic fetch link for the latest Artifact. // It is provided on a "best effort" basis, and using the precise // HelmRepositoryStatus.Artifact data is recommended. + // +kubebuilder:validation:MaxLength=2048 + // +kubebuilder:validation:Pattern="^(http|https|ssh)://.*$" // +optional URL string `json:"url,omitempty"` @@ -169,7 +174,8 @@ type HelmRepository struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` - Spec HelmRepositorySpec `json:"spec,omitempty"` + // +kubebuilder:validation:required + Spec HelmRepositorySpec `json:"spec"` // +kubebuilder:default={"observedGeneration":-1} Status HelmRepositoryStatus `json:"status,omitempty"` } diff --git a/api/v1beta2/ocirepository_types.go b/api/v1beta2/ocirepository_types.go index 7e1e755ae..fc8ea7f18 100644 --- a/api/v1beta2/ocirepository_types.go +++ b/api/v1beta2/ocirepository_types.go @@ -51,6 +51,8 @@ const ( type OCIRepositorySpec struct { // URL is a reference to an OCI artifact repository hosted // on a remote container registry. + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=2048 // +kubebuilder:validation:Pattern="^oci://.*$" // +required URL string `json:"url"` @@ -81,6 +83,8 @@ type OCIRepositorySpec struct { // ServiceAccountName is the name of the Kubernetes ServiceAccount used to authenticate // the image pull if the service account has attached pull secrets. For more information: // https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account + // +kubebuilder:validation:MaxLength=253 + // +kubebuilder:validation:Pattern=`^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$` // +optional ServiceAccountName string `json:"serviceAccountName,omitempty"` @@ -110,6 +114,7 @@ type OCIRepositorySpec struct { // Ignore overrides the set of excluded patterns in the .sourceignore format // (which is the same as .gitignore). If not provided, a default will be used, // consult the documentation for your version to find out what those are. + // +kubebuilder:validation:MaxLength=5119 // +optional Ignore *string `json:"ignore,omitempty"` @@ -126,15 +131,20 @@ type OCIRepositorySpec struct { type OCIRepositoryRef struct { // Digest is the image digest to pull, takes precedence over SemVer. // The value should be in the format 'sha256:'. + // +kubebuilder:validation:MaxLength=65 + // +kubebuilder:validation:Pattern=`^[A-Za-z0-9]{65}$` // +optional Digest string `json:"digest,omitempty"` // SemVer is the range of tags to pull selecting the latest within // the range, takes precedence over Tag. + // +kubebuilder:validation:Pattern=`^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$` // +optional SemVer string `json:"semver,omitempty"` // Tag is the image tag to pull, defaults to latest. + // +kubebuilder:validation:MaxLength=253 + // +kubebuilder:validation:Pattern=`^[\-._0-9]+$` // +optional Tag string `json:"tag,omitempty"` } @@ -170,6 +180,8 @@ type OCIRepositoryStatus struct { Conditions []metav1.Condition `json:"conditions,omitempty"` // URL is the download link for the artifact output of the last OCI Repository sync. + // +kubebuilder:validation:MaxLength=2048 + // +kubebuilder:validation:Pattern="^oci://.*$" // +optional URL string `json:"url,omitempty"` @@ -235,7 +247,8 @@ type OCIRepository struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` - Spec OCIRepositorySpec `json:"spec,omitempty"` + // +kubebuilder:validation:required + Spec OCIRepositorySpec `json:"spec"` // +kubebuilder:default={"observedGeneration":-1} Status OCIRepositoryStatus `json:"status,omitempty"` } diff --git a/config/crd/bases/source.toolkit.fluxcd.io_buckets.yaml b/config/crd/bases/source.toolkit.fluxcd.io_buckets.yaml index 23e1cada1..2d6403750 100644 --- a/config/crd/bases/source.toolkit.fluxcd.io_buckets.yaml +++ b/config/crd/bases/source.toolkit.fluxcd.io_buckets.yaml @@ -79,15 +79,22 @@ spec: type: object bucketName: description: The bucket name. + maxLength: 63 + minLength: 1 + pattern: ^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$ type: string endpoint: description: The bucket endpoint address. + maxLength: 250 + minLength: 1 + pattern: ^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$ type: string ignore: description: Ignore overrides the set of excluded patterns in the .sourceignore format (which is the same as .gitignore). If not provided, a default will be used, consult the documentation for your version to find out what those are. + maxLength: 5119 type: string insecure: description: Insecure allows connecting to a non-TLS S3 HTTP endpoint. @@ -105,6 +112,8 @@ spec: type: string region: description: The bucket region. + maxLength: 63 + pattern: ^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$ type: string secretRef: description: The name of the secret containing authentication credentials @@ -140,6 +149,8 @@ spec: properties: checksum: description: Checksum is the SHA256 checksum of the artifact. + maxLength: 65 + pattern: ^[A-Za-z0-9]{65}$ type: string lastUpdateTime: description: LastUpdateTime is the timestamp corresponding to @@ -148,14 +159,22 @@ spec: type: string path: description: Path is the relative file path of this artifact. + maxLength: 253 + minLength: 1 + pattern: ^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$ type: string revision: description: Revision is a human readable identifier traceable in the origin source system. It can be a Git commit SHA, Git tag, a Helm index timestamp, a Helm chart version, etc. + maxLength: 65 + pattern: ^[A-Za-z0-9]{65}$ type: string url: description: URL is the HTTP address of this artifact. + maxLength: 2048 + minLength: 1 + pattern: ^(http|https|ssh)://.*$ type: string required: - path @@ -244,8 +263,12 @@ spec: url: description: URL is the download link for the artifact output of the last Bucket sync. + maxLength: 2048 + pattern: ^(http|https|ssh)://.*$ type: string type: object + required: + - spec type: object served: true storage: false @@ -315,16 +338,23 @@ spec: type: object bucketName: description: BucketName is the name of the object storage bucket. + maxLength: 63 + minLength: 1 + pattern: ^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$ type: string endpoint: description: Endpoint is the object storage address the BucketName is located at. + maxLength: 250 + minLength: 1 + pattern: ^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$ type: string ignore: description: Ignore overrides the set of excluded patterns in the .sourceignore format (which is the same as .gitignore). If not provided, a default will be used, consult the documentation for your version to find out what those are. + maxLength: 5119 type: string insecure: description: Insecure allows connecting to a non-TLS HTTP Endpoint. @@ -345,6 +375,8 @@ spec: region: description: Region of the Endpoint where the BucketName is located in. + maxLength: 63 + pattern: ^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$ type: string secretRef: description: SecretRef specifies the Secret containing authentication @@ -379,6 +411,8 @@ spec: properties: checksum: description: Checksum is the SHA256 checksum of the Artifact file. + maxLength: 65 + pattern: ^[A-Za-z0-9]{65}$ type: string lastUpdateTime: description: LastUpdateTime is the timestamp corresponding to @@ -394,11 +428,15 @@ spec: description: Path is the relative file path of the Artifact. It can be used to locate the file in the root of the Artifact storage on the local file system of the controller managing the Source. + maxLength: 253 + minLength: 1 + pattern: ^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$ type: string revision: description: Revision is a human-readable identifier traceable in the origin source system. It can be a Git commit SHA, Git tag, a Helm chart version, etc. + pattern: ^[A-Za-z0-9]{65}$ type: string size: description: Size is the number of bytes in the file. @@ -409,6 +447,9 @@ spec: by the controller managing the Source. It can be used to retrieve the Artifact for consumption, e.g. by another controller applying the Artifact contents. + maxLength: 2048 + minLength: 1 + pattern: ^(http|https|ssh)://.*$ type: string required: - path @@ -499,8 +540,12 @@ spec: description: URL is the dynamic fetch link for the latest Artifact. It is provided on a "best effort" basis, and using the precise BucketStatus.Artifact data is recommended. + maxLength: 2048 + pattern: ^(http|https|ssh)://.*$ type: string type: object + required: + - spec type: object served: true storage: true diff --git a/config/crd/bases/source.toolkit.fluxcd.io_gitrepositories.yaml b/config/crd/bases/source.toolkit.fluxcd.io_gitrepositories.yaml index ea3ca9b57..d0dc2db27 100644 --- a/config/crd/bases/source.toolkit.fluxcd.io_gitrepositories.yaml +++ b/config/crd/bases/source.toolkit.fluxcd.io_gitrepositories.yaml @@ -91,6 +91,8 @@ spec: .sourceignore format (which is the same as .gitignore). If not provided, a default will be used, consult the documentation for your version to find out what those are. + maxLength: 5119 + pattern: ^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$ type: string include: description: Extra git repositories to map into the repository @@ -101,6 +103,8 @@ spec: fromPath: description: The path to copy contents from, defaults to the root directory. + maxLength: 253 + pattern: ^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$ type: string repository: description: Reference to a GitRepository to include. @@ -114,6 +118,8 @@ spec: toPath: description: The path to copy contents to, defaults to the name of the source ref. + maxLength: 253 + pattern: ^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$ type: string required: - repository @@ -133,17 +139,25 @@ spec: properties: branch: description: The Git branch to checkout, defaults to master. + maxLength: 244 + pattern: ^[\-._a-zA-Z0-9]+$ type: string commit: description: The Git commit SHA to checkout, if specified Tag filters will be ignored. + maxLength: 65 + pattern: ^[A-Za-z0-9]{65}$ type: string semver: description: The Git tag semver expression, takes precedence over Tag. + maxLength: 63 + pattern: ^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$ type: string tag: description: The Git tag to checkout, takes precedence over Branch. + maxLength: 253 + pattern: ^[\-._0-9]+$ type: string type: object secretRef: @@ -168,7 +182,8 @@ spec: to 60s. type: string url: - description: The repository URL, can be a HTTP/S or SSH address. + maxLength: 2048 + minLength: 1 pattern: ^(http|https|ssh)://.*$ type: string verify: @@ -209,6 +224,8 @@ spec: properties: checksum: description: Checksum is the SHA256 checksum of the artifact. + maxLength: 65 + pattern: ^[A-Za-z0-9]{65}$ type: string lastUpdateTime: description: LastUpdateTime is the timestamp corresponding to @@ -217,14 +234,22 @@ spec: type: string path: description: Path is the relative file path of this artifact. + maxLength: 253 + minLength: 1 + pattern: ^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$ type: string revision: description: Revision is a human readable identifier traceable in the origin source system. It can be a Git commit SHA, Git tag, a Helm index timestamp, a Helm chart version, etc. + maxLength: 65 + pattern: ^[A-Za-z0-9]{65}$ type: string url: description: URL is the HTTP address of this artifact. + maxLength: 2048 + minLength: 1 + pattern: ^(http|https|ssh)://.*$ type: string required: - path @@ -309,6 +334,8 @@ spec: properties: checksum: description: Checksum is the SHA256 checksum of the artifact. + maxLength: 65 + pattern: ^[A-Za-z0-9]{65}$ type: string lastUpdateTime: description: LastUpdateTime is the timestamp corresponding to @@ -317,14 +344,22 @@ spec: type: string path: description: Path is the relative file path of this artifact. + maxLength: 253 + minLength: 1 + pattern: ^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$ type: string revision: description: Revision is a human readable identifier traceable in the origin source system. It can be a Git commit SHA, Git tag, a Helm index timestamp, a Helm chart version, etc. + maxLength: 65 + pattern: ^[A-Za-z0-9]{65}$ type: string url: description: URL is the HTTP address of this artifact. + maxLength: 2048 + minLength: 1 + pattern: ^(http|https|ssh)://.*$ type: string required: - path @@ -343,8 +378,12 @@ spec: url: description: URL is the download link for the artifact output of the last repository sync. + maxLength: 2048 + pattern: ^(http|https|ssh)://.*$ type: string type: object + required: + - spec type: object served: true storage: false @@ -426,6 +465,8 @@ spec: .sourceignore format (which is the same as .gitignore). If not provided, a default will be used, consult the documentation for your version to find out what those are. + maxLength: 5119 + pattern: ^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$ type: string include: description: Include specifies a list of GitRepository resources which @@ -438,6 +479,8 @@ spec: fromPath: description: FromPath specifies the path to copy contents from, defaults to the root of the Artifact. + maxLength: 253 + pattern: ^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$ type: string repository: description: GitRepositoryRef specifies the GitRepository which @@ -452,6 +495,8 @@ spec: toPath: description: ToPath specifies the path to copy contents to, defaults to the name of the GitRepositoryRef. + maxLength: 253 + pattern: ^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$ type: string required: - repository @@ -475,19 +520,26 @@ spec: other field is defined. \n When GitRepositorySpec.GitImplementation is set to 'go-git', a shallow clone of the specified branch is performed." + maxLength: 244 + pattern: ^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$ type: string commit: description: "Commit SHA to check out, takes precedence over all reference fields. \n When GitRepositorySpec.GitImplementation is set to 'go-git', this can be combined with Branch to shallow clone the branch, in which the commit is expected to exist." + pattern: ^[A-Za-z0-9]{65}$ type: string semver: description: SemVer tag expression to check out, takes precedence over Tag. + maxLength: 63 + pattern: ^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$ type: string tag: description: Tag to check out, takes precedence over Branch. + maxLength: 253 + pattern: ^[\-._0-9]+$ type: string type: object secretRef: @@ -514,6 +566,8 @@ spec: url: description: URL specifies the Git repository URL, it can be an HTTP/S or SSH address. + maxLength: 2048 + minLength: 1 pattern: ^(http|https|ssh)://.*$ type: string verify: @@ -554,6 +608,8 @@ spec: properties: checksum: description: Checksum is the SHA256 checksum of the Artifact file. + maxLength: 65 + pattern: ^[A-Za-z0-9]{65}$ type: string lastUpdateTime: description: LastUpdateTime is the timestamp corresponding to @@ -569,11 +625,15 @@ spec: description: Path is the relative file path of the Artifact. It can be used to locate the file in the root of the Artifact storage on the local file system of the controller managing the Source. + maxLength: 253 + minLength: 1 + pattern: ^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$ type: string revision: description: Revision is a human-readable identifier traceable in the origin source system. It can be a Git commit SHA, Git tag, a Helm chart version, etc. + pattern: ^[A-Za-z0-9]{65}$ type: string size: description: Size is the number of bytes in the file. @@ -584,6 +644,9 @@ spec: by the controller managing the Source. It can be used to retrieve the Artifact for consumption, e.g. by another controller applying the Artifact contents. + maxLength: 2048 + minLength: 1 + pattern: ^(http|https|ssh)://.*$ type: string required: - path @@ -678,6 +741,8 @@ spec: checksum: description: Checksum is the SHA256 checksum of the Artifact file. + maxLength: 65 + pattern: ^[A-Za-z0-9]{65}$ type: string lastUpdateTime: description: LastUpdateTime is the timestamp corresponding to @@ -695,11 +760,15 @@ spec: It can be used to locate the file in the root of the Artifact storage on the local file system of the controller managing the Source. + maxLength: 253 + minLength: 1 + pattern: ^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$ type: string revision: description: Revision is a human-readable identifier traceable in the origin source system. It can be a Git commit SHA, Git tag, a Helm chart version, etc. + pattern: ^[A-Za-z0-9]{65}$ type: string size: description: Size is the number of bytes in the file. @@ -710,6 +779,9 @@ spec: by the controller managing the Source. It can be used to retrieve the Artifact for consumption, e.g. by another controller applying the Artifact contents. + maxLength: 2048 + minLength: 1 + pattern: ^(http|https|ssh)://.*$ type: string required: - path @@ -730,8 +802,12 @@ spec: description: URL is the dynamic fetch link for the latest Artifact. It is provided on a "best effort" basis, and using the precise GitRepositoryStatus.Artifact data is recommended. + maxLength: 2048 + pattern: ^(http|https|ssh)://.*$ type: string type: object + required: + - spec type: object served: true storage: true diff --git a/config/crd/bases/source.toolkit.fluxcd.io_helmcharts.yaml b/config/crd/bases/source.toolkit.fluxcd.io_helmcharts.yaml index 68ae9b980..70f05b97a 100644 --- a/config/crd/bases/source.toolkit.fluxcd.io_helmcharts.yaml +++ b/config/crd/bases/source.toolkit.fluxcd.io_helmcharts.yaml @@ -90,6 +90,9 @@ spec: chart: description: The name or path the Helm chart is available at in the SourceRef. + maxLength: 253 + minLength: 1 + pattern: ^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$ type: string interval: description: The interval at which to check the Source for updates. @@ -109,6 +112,8 @@ spec: properties: apiVersion: description: APIVersion of the referent. + maxLength: 2048 + pattern: ^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$ type: string kind: description: Kind of the referent, valid values are ('HelmRepository', @@ -120,6 +125,9 @@ spec: type: string name: description: Name of the referent. + maxLength: 253 + minLength: 1 + pattern: ^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$ type: string required: - kind @@ -148,6 +156,8 @@ spec: default: '*' description: The chart version semver expression, ignored for charts from GitRepository and Bucket sources. Defaults to latest when omitted. + maxLength: 2048 + pattern: ^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$ type: string required: - chart @@ -165,6 +175,8 @@ spec: properties: checksum: description: Checksum is the SHA256 checksum of the artifact. + maxLength: 65 + pattern: ^[A-Za-z0-9]{65}$ type: string lastUpdateTime: description: LastUpdateTime is the timestamp corresponding to @@ -173,14 +185,22 @@ spec: type: string path: description: Path is the relative file path of this artifact. + maxLength: 253 + minLength: 1 + pattern: ^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$ type: string revision: description: Revision is a human readable identifier traceable in the origin source system. It can be a Git commit SHA, Git tag, a Helm index timestamp, a Helm chart version, etc. + maxLength: 65 + pattern: ^[A-Za-z0-9]{65}$ type: string url: description: URL is the HTTP address of this artifact. + maxLength: 2048 + minLength: 1 + pattern: ^(http|https|ssh)://.*$ type: string required: - path @@ -268,8 +288,12 @@ spec: type: integer url: description: URL is the download link for the last chart pulled. + maxLength: 2048 + pattern: ^(http|https|ssh)://.*$ type: string type: object + required: + - spec type: object served: true storage: false @@ -348,6 +372,9 @@ spec: chart: description: Chart is the name or path the Helm chart is available at in the SourceRef. + maxLength: 253 + minLength: 1 + pattern: ^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$ type: string interval: description: Interval is the interval at which to check the Source @@ -369,6 +396,8 @@ spec: properties: apiVersion: description: APIVersion of the referent. + maxLength: 2048 + pattern: ^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$ type: string kind: description: Kind of the referent, valid values are ('HelmRepository', @@ -380,6 +409,9 @@ spec: type: string name: description: Name of the referent. + maxLength: 253 + minLength: 1 + pattern: ^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$ type: string required: - kind @@ -410,6 +442,8 @@ spec: description: Version is the chart version semver expression, ignored for charts from GitRepository and Bucket sources. Defaults to latest when omitted. + maxLength: 2048 + pattern: ^[\-._0-9]+$ type: string required: - chart @@ -427,6 +461,8 @@ spec: properties: checksum: description: Checksum is the SHA256 checksum of the Artifact file. + maxLength: 65 + pattern: ^[A-Za-z0-9]{65}$ type: string lastUpdateTime: description: LastUpdateTime is the timestamp corresponding to @@ -442,11 +478,15 @@ spec: description: Path is the relative file path of the Artifact. It can be used to locate the file in the root of the Artifact storage on the local file system of the controller managing the Source. + maxLength: 253 + minLength: 1 + pattern: ^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$ type: string revision: description: Revision is a human-readable identifier traceable in the origin source system. It can be a Git commit SHA, Git tag, a Helm chart version, etc. + pattern: ^[A-Za-z0-9]{65}$ type: string size: description: Size is the number of bytes in the file. @@ -457,6 +497,9 @@ spec: by the controller managing the Source. It can be used to retrieve the Artifact for consumption, e.g. by another controller applying the Artifact contents. + maxLength: 2048 + minLength: 1 + pattern: ^(http|https|ssh)://.*$ type: string required: - path @@ -541,6 +584,8 @@ spec: observedChartName: description: ObservedChartName is the last observed chart name as specified by the resolved chart reference. + maxLength: 253 + pattern: ^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$ type: string observedGeneration: description: ObservedGeneration is the last observed generation of @@ -550,13 +595,19 @@ spec: observedSourceArtifactRevision: description: ObservedSourceArtifactRevision is the last observed Artifact.Revision of the HelmChartSpec.SourceRef. + maxLength: 253 + pattern: ^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$ type: string url: description: URL is the dynamic fetch link for the latest Artifact. It is provided on a "best effort" basis, and using the precise BucketStatus.Artifact data is recommended. + maxLength: 2048 + pattern: ^(http|https|ssh)://.*$ type: string type: object + required: + - spec type: object served: true storage: true diff --git a/config/crd/bases/source.toolkit.fluxcd.io_helmrepositories.yaml b/config/crd/bases/source.toolkit.fluxcd.io_helmrepositories.yaml index e25f48988..fe586ec6e 100644 --- a/config/crd/bases/source.toolkit.fluxcd.io_helmrepositories.yaml +++ b/config/crd/bases/source.toolkit.fluxcd.io_helmrepositories.yaml @@ -112,6 +112,9 @@ spec: url: description: The Helm repository URL, a valid URL contains at least a protocol and host. + maxLength: 2048 + minLength: 1 + pattern: ^(http|https|ssh)://.*$ type: string required: - interval @@ -128,6 +131,8 @@ spec: properties: checksum: description: Checksum is the SHA256 checksum of the artifact. + maxLength: 65 + pattern: ^[A-Za-z0-9]{65}$ type: string lastUpdateTime: description: LastUpdateTime is the timestamp corresponding to @@ -136,14 +141,22 @@ spec: type: string path: description: Path is the relative file path of this artifact. + maxLength: 253 + minLength: 1 + pattern: ^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$ type: string revision: description: Revision is a human readable identifier traceable in the origin source system. It can be a Git commit SHA, Git tag, a Helm index timestamp, a Helm chart version, etc. + maxLength: 65 + pattern: ^[A-Za-z0-9]{65}$ type: string url: description: URL is the HTTP address of this artifact. + maxLength: 2048 + minLength: 1 + pattern: ^(http|https|ssh)://.*$ type: string required: - path @@ -231,8 +244,12 @@ spec: type: integer url: description: URL is the download link for the last index fetched. + maxLength: 2048 + pattern: ^(http|https|ssh)://.*$ type: string type: object + required: + - spec type: object served: true storage: false @@ -355,6 +372,9 @@ spec: url: description: URL of the Helm repository, a valid URL contains at least a protocol and host. + maxLength: 2048 + minLength: 1 + pattern: ^(http|https|ssh)://.*$ type: string required: - interval @@ -371,6 +391,8 @@ spec: properties: checksum: description: Checksum is the SHA256 checksum of the Artifact file. + maxLength: 65 + pattern: ^[A-Za-z0-9]{65}$ type: string lastUpdateTime: description: LastUpdateTime is the timestamp corresponding to @@ -386,11 +408,15 @@ spec: description: Path is the relative file path of the Artifact. It can be used to locate the file in the root of the Artifact storage on the local file system of the controller managing the Source. + maxLength: 253 + minLength: 1 + pattern: ^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$ type: string revision: description: Revision is a human-readable identifier traceable in the origin source system. It can be a Git commit SHA, Git tag, a Helm chart version, etc. + pattern: ^[A-Za-z0-9]{65}$ type: string size: description: Size is the number of bytes in the file. @@ -401,6 +427,9 @@ spec: by the controller managing the Source. It can be used to retrieve the Artifact for consumption, e.g. by another controller applying the Artifact contents. + maxLength: 2048 + minLength: 1 + pattern: ^(http|https|ssh)://.*$ type: string required: - path @@ -491,8 +520,12 @@ spec: description: URL is the dynamic fetch link for the latest Artifact. It is provided on a "best effort" basis, and using the precise HelmRepositoryStatus.Artifact data is recommended. + maxLength: 2048 + pattern: ^(http|https|ssh)://.*$ type: string type: object + required: + - spec type: object served: true storage: true diff --git a/config/crd/bases/source.toolkit.fluxcd.io_ocirepositories.yaml b/config/crd/bases/source.toolkit.fluxcd.io_ocirepositories.yaml index 30a16cf38..f9d098b67 100644 --- a/config/crd/bases/source.toolkit.fluxcd.io_ocirepositories.yaml +++ b/config/crd/bases/source.toolkit.fluxcd.io_ocirepositories.yaml @@ -71,6 +71,7 @@ spec: .sourceignore format (which is the same as .gitignore). If not provided, a default will be used, consult the documentation for your version to find out what those are. + maxLength: 5119 type: string insecure: description: Insecure allows connecting to a non-TLS HTTP container @@ -107,13 +108,18 @@ spec: digest: description: Digest is the image digest to pull, takes precedence over SemVer. The value should be in the format 'sha256:'. + maxLength: 65 + pattern: ^[A-Za-z0-9]{65}$ type: string semver: description: SemVer is the range of tags to pull selecting the latest within the range, takes precedence over Tag. + pattern: ^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$ type: string tag: description: Tag is the image tag to pull, defaults to latest. + maxLength: 253 + pattern: ^[\-._0-9]+$ type: string type: object secretRef: @@ -131,6 +137,8 @@ spec: description: 'ServiceAccountName is the name of the Kubernetes ServiceAccount used to authenticate the image pull if the service account has attached pull secrets. For more information: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account' + maxLength: 253 + pattern: ^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$ type: string suspend: description: This flag tells the controller to suspend the reconciliation @@ -144,6 +152,8 @@ spec: url: description: URL is a reference to an OCI artifact repository hosted on a remote container registry. + maxLength: 2048 + minLength: 1 pattern: ^oci://.*$ type: string required: @@ -161,6 +171,8 @@ spec: properties: checksum: description: Checksum is the SHA256 checksum of the Artifact file. + maxLength: 65 + pattern: ^[A-Za-z0-9]{65}$ type: string lastUpdateTime: description: LastUpdateTime is the timestamp corresponding to @@ -176,11 +188,15 @@ spec: description: Path is the relative file path of the Artifact. It can be used to locate the file in the root of the Artifact storage on the local file system of the controller managing the Source. + maxLength: 253 + minLength: 1 + pattern: ^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$ type: string revision: description: Revision is a human-readable identifier traceable in the origin source system. It can be a Git commit SHA, Git tag, a Helm chart version, etc. + pattern: ^[A-Za-z0-9]{65}$ type: string size: description: Size is the number of bytes in the file. @@ -191,6 +207,9 @@ spec: by the controller managing the Source. It can be used to retrieve the Artifact for consumption, e.g. by another controller applying the Artifact contents. + maxLength: 2048 + minLength: 1 + pattern: ^(http|https|ssh)://.*$ type: string required: - path @@ -279,8 +298,12 @@ spec: url: description: URL is the download link for the artifact output of the last OCI Repository sync. + maxLength: 2048 + pattern: ^oci://.*$ type: string type: object + required: + - spec type: object served: true storage: true diff --git a/controllers/ocirepository_controller_test.go b/controllers/ocirepository_controller_test.go index b08527bfd..fbede2bfb 100644 --- a/controllers/ocirepository_controller_test.go +++ b/controllers/ocirepository_controller_test.go @@ -5,7 +5,7 @@ Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 + http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, diff --git a/internal/cache/metrics.go b/internal/cache/metrics.go index dc5514c05..bf12e73de 100644 --- a/internal/cache/metrics.go +++ b/internal/cache/metrics.go @@ -40,6 +40,7 @@ type CacheRecorder struct { // - "miss" // - "hit" // - "update" +// // The name is the name of the reconciled resource. // The namespace is the namespace of the reconciled resource. func NewCacheRecorder() *CacheRecorder { diff --git a/internal/helm/chart/errors.go b/internal/helm/chart/errors.go index 5b3a5bec0..dedff9e37 100644 --- a/internal/helm/chart/errors.go +++ b/internal/helm/chart/errors.go @@ -53,8 +53,9 @@ func (e *BuildError) Error() string { // Is returns true if the Reason or Err equals target. // It can be used to programmatically place an arbitrary Err in the // context of the Builder: -// err := &BuildError{Reason: ErrChartPull, Err: errors.New("arbitrary transport error")} -// errors.Is(err, ErrChartPull) +// +// err := &BuildError{Reason: ErrChartPull, Err: errors.New("arbitrary transport error")} +// errors.Is(err, ErrChartPull) func (e *BuildError) Is(target error) bool { if e.Reason == target { return true diff --git a/internal/helm/chart/secureloader/ignore/doc.go b/internal/helm/chart/secureloader/ignore/doc.go index 4ca25c989..16c9a79e8 100644 --- a/internal/helm/chart/secureloader/ignore/doc.go +++ b/internal/helm/chart/secureloader/ignore/doc.go @@ -14,7 +14,8 @@ See the License for the specific language governing permissions and limitations under the License. */ -/*Package ignore provides tools for writing ignore files (a la .gitignore). +/* +Package ignore provides tools for writing ignore files (a la .gitignore). This provides both an ignore parser and a file-aware processor. @@ -23,19 +24,19 @@ format for .gitignore files (https://git-scm.com/docs/gitignore). The formatting rules are as follows: - - Parsing is line-by-line - - Empty lines are ignored - - Lines the begin with # (comments) will be ignored - - Leading and trailing spaces are always ignored - - Inline comments are NOT supported ('foo* # Any foo' does not contain a comment) - - There is no support for multi-line patterns - - Shell glob patterns are supported. See Go's "path/filepath".Match - - If a pattern begins with a leading !, the match will be negated. - - If a pattern begins with a leading /, only paths relatively rooted will match. - - If the pattern ends with a trailing /, only directories will match - - If a pattern contains no slashes, file basenames are tested (not paths) - - The pattern sequence "**", while legal in a glob, will cause an error here - (to indicate incompatibility with .gitignore). + - Parsing is line-by-line + - Empty lines are ignored + - Lines the begin with # (comments) will be ignored + - Leading and trailing spaces are always ignored + - Inline comments are NOT supported ('foo* # Any foo' does not contain a comment) + - There is no support for multi-line patterns + - Shell glob patterns are supported. See Go's "path/filepath".Match + - If a pattern begins with a leading !, the match will be negated. + - If a pattern begins with a leading /, only paths relatively rooted will match. + - If the pattern ends with a trailing /, only directories will match + - If a pattern contains no slashes, file basenames are tested (not paths) + - The pattern sequence "**", while legal in a glob, will cause an error here + (to indicate incompatibility with .gitignore). Example: @@ -58,10 +59,10 @@ Example: a[b-d].txt Notable differences from .gitignore: - - The '**' syntax is not supported. - - The globbing library is Go's 'filepath.Match', not fnmatch(3) - - Trailing spaces are always ignored (there is no supported escape sequence) - - The evaluation of escape sequences has not been tested for compatibility - - There is no support for '\!' as a special leading sequence. + - The '**' syntax is not supported. + - The globbing library is Go's 'filepath.Match', not fnmatch(3) + - Trailing spaces are always ignored (there is no supported escape sequence) + - The evaluation of escape sequences has not been tested for compatibility + - There is no support for '\!' as a special leading sequence. */ package ignore diff --git a/internal/reconcile/reconcile.go b/internal/reconcile/reconcile.go index 5e3b21e4c..3c25474d6 100644 --- a/internal/reconcile/reconcile.go +++ b/internal/reconcile/reconcile.go @@ -174,9 +174,10 @@ func ComputeReconcileResult(obj conditions.Setter, res Result, recErr error, rb // LowestRequeuingResult returns the ReconcileResult with the lowest requeue // period. // Weightage: -// ResultRequeue - immediate requeue (lowest) -// ResultSuccess - requeue at an interval -// ResultEmpty - no requeue +// +// ResultRequeue - immediate requeue (lowest) +// ResultSuccess - requeue at an interval +// ResultEmpty - no requeue func LowestRequeuingResult(i, j Result) Result { switch { case i == ResultEmpty: diff --git a/pkg/azure/blob.go b/pkg/azure/blob.go index d7c2a0652..b65ad2ad5 100644 --- a/pkg/azure/blob.go +++ b/pkg/azure/blob.go @@ -67,18 +67,18 @@ type BlobClient struct { // Bucket and Secret. It detects credentials in the Secret in the following // order: // -// - azidentity.ClientSecretCredential when `tenantId`, `clientId` and -// `clientSecret` fields are found. -// - azidentity.ClientCertificateCredential when `tenantId`, -// `clientCertificate` (and optionally `clientCertificatePassword`) fields -// are found. -// - azidentity.ManagedIdentityCredential for a User ID, when a `clientId` -// field but no `tenantId` is found. -// - azblob.SharedKeyCredential when an `accountKey` field is found. -// The account name is extracted from the endpoint specified on the Bucket -// object. -// - azidentity.ChainedTokenCredential with azidentity.EnvironmentCredential -// and azidentity.ManagedIdentityCredential. +// - azidentity.ClientSecretCredential when `tenantId`, `clientId` and +// `clientSecret` fields are found. +// - azidentity.ClientCertificateCredential when `tenantId`, +// `clientCertificate` (and optionally `clientCertificatePassword`) fields +// are found. +// - azidentity.ManagedIdentityCredential for a User ID, when a `clientId` +// field but no `tenantId` is found. +// - azblob.SharedKeyCredential when an `accountKey` field is found. +// The account name is extracted from the endpoint specified on the Bucket +// object. +// - azidentity.ChainedTokenCredential with azidentity.EnvironmentCredential +// and azidentity.ManagedIdentityCredential. // // If no credentials are found, and the azidentity.ChainedTokenCredential can // not be established. A simple client without credentials is returned. @@ -309,14 +309,14 @@ func (c *BlobClient) ObjectIsNotFound(err error) bool { // tokenCredentialsFromSecret attempts to create an azcore.TokenCredential // based on the data fields of the given Secret. It returns, in order: -// - azidentity.ClientSecretCredential when `tenantId`, `clientId` and -// `clientSecret` fields are found. -// - azidentity.ClientCertificateCredential when `tenantId`, -// `clientCertificate` (and optionally `clientCertificatePassword`) fields -// are found. -// - azidentity.ManagedIdentityCredential for a User ID, when a `clientId` -// field but no `tenantId` is found. -// - Nil, if no valid set of credential fields was found. +// - azidentity.ClientSecretCredential when `tenantId`, `clientId` and +// `clientSecret` fields are found. +// - azidentity.ClientCertificateCredential when `tenantId`, +// `clientCertificate` (and optionally `clientCertificatePassword`) fields +// are found. +// - azidentity.ManagedIdentityCredential for a User ID, when a `clientId` +// field but no `tenantId` is found. +// - Nil, if no valid set of credential fields was found. func tokenCredentialFromSecret(secret *corev1.Secret) (azcore.TokenCredential, error) { if secret == nil { return nil, nil @@ -407,11 +407,11 @@ func sasTokenFromSecret(ep string, secret *corev1.Secret) (string, error) { // azidentity.ChainedTokenCredential if at least one of the following tokens was // successfully created: // -// - azidentity.EnvironmentCredential with `authorityHost` from Secret, if -// provided. -// - azidentity.ManagedIdentityCredential with Client ID from AZURE_CLIENT_ID -// environment variable, if found. -// - azidentity.ManagedIdentityCredential with defaults. +// - azidentity.EnvironmentCredential with `authorityHost` from Secret, if +// provided. +// - azidentity.ManagedIdentityCredential with Client ID from AZURE_CLIENT_ID +// environment variable, if found. +// - azidentity.ManagedIdentityCredential with defaults. // // If no valid token is created, it returns nil. func chainCredentialWithSecret(secret *corev1.Secret) (azcore.TokenCredential, error) {