Skip to content

[BUG] We have noticed an instance of Incorrect Admission Validator in your repository. #2249

Description

@zyue110026

Is there an existing issue for this?

  • I have searched the existing issues

Kubernetes Version

We observed that the Custom Resource Definition (CRD) does not sufficiently validate user-provided input for one or more label-related fields.

Specifically, the affected field accepts values that do not satisfy the expected label format because the CRD schema does not define an appropriate validation rule (e.g., a pattern constraint), and no admission validation logic rejects the invalid input (e.g., label: test-wec1, test-wec2). As a result, invalid label values can be successfully created and stored by the API server. These invalid values may later cause errors when the application or controller processes the affected fields, leading to reconciliation failures or unexpected runtime behavior.

Locations:

Shipwright Version

0.20.2

Current Behavior

The resource containing an invalid label value is accepted by the API server and successfully created.

Expected Behavior

The invalid label value should be rejected during resource creation or update.

This validation can be enforced by:

defining an appropriate validation rule (e.g., a pattern constraint) in the CRD schema, or
implementing admission validation logic (such as a validating admission webhook or equivalent internal validation) to reject invalid values before the resource is persisted.

Steps To Reproduce

  1. Install the CRD and the corresponding controller.
  2. Create a CR containing an invalid value for the label-related field.
  3. Apply the resource.
  4. Verify that the resource is successfully created.

Anything else?

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    kind/bugCategorizes issue or PR as related to a bug.

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    Status
    No status

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions