Is there an existing issue for this?
Kubernetes Version
We observed that the Custom Resource Definition (CRD) does not sufficiently validate user-provided input for one or more label-related fields.
Specifically, the affected field accepts values that do not satisfy the expected label format because the CRD schema does not define an appropriate validation rule (e.g., a pattern constraint), and no admission validation logic rejects the invalid input (e.g., label: test-wec1, test-wec2). As a result, invalid label values can be successfully created and stored by the API server. These invalid values may later cause errors when the application or controller processes the affected fields, leading to reconciliation failures or unexpected runtime behavior.
Locations:
Shipwright Version
0.20.2
Current Behavior
The resource containing an invalid label value is accepted by the API server and successfully created.
Expected Behavior
The invalid label value should be rejected during resource creation or update.
This validation can be enforced by:
defining an appropriate validation rule (e.g., a pattern constraint) in the CRD schema, or
implementing admission validation logic (such as a validating admission webhook or equivalent internal validation) to reject invalid values before the resource is persisted.
Steps To Reproduce
- Install the CRD and the corresponding controller.
- Create a CR containing an invalid value for the label-related field.
- Apply the resource.
- Verify that the resource is successfully created.
Anything else?
No response
Is there an existing issue for this?
Kubernetes Version
We observed that the Custom Resource Definition (CRD) does not sufficiently validate user-provided input for one or more label-related fields.
Specifically, the affected field accepts values that do not satisfy the expected label format because the CRD schema does not define an appropriate validation rule (e.g., a pattern constraint), and no admission validation logic rejects the invalid input (e.g., label: test-wec1, test-wec2). As a result, invalid label values can be successfully created and stored by the API server. These invalid values may later cause errors when the application or controller processes the affected fields, leading to reconciliation failures or unexpected runtime behavior.
Locations:
build/deploy/crds/shipwright.io_buildruns.yaml
Line 7782 in 815da40
Shipwright Version
0.20.2
Current Behavior
The resource containing an invalid label value is accepted by the API server and successfully created.
Expected Behavior
The invalid label value should be rejected during resource creation or update.
This validation can be enforced by:
defining an appropriate validation rule (e.g., a pattern constraint) in the CRD schema, or
implementing admission validation logic (such as a validating admission webhook or equivalent internal validation) to reject invalid values before the resource is persisted.
Steps To Reproduce
Anything else?
No response