Skip to content

Commit a3c1ee4

Browse files
ChandrikaHarishChandrikaHarish
committed
Add validation for encryptionKeyCRN for VPC Machine spec
1 parent abbe3ef commit a3c1ee4

File tree

2 files changed

+28
-1
lines changed

2 files changed

+28
-1
lines changed

internal/webhooks/common.go

Lines changed: 14 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,7 @@ limitations under the License.
1717
package webhooks
1818

1919
import (
20+
"regexp"
2021
"strconv"
2122

2223
"k8s.io/apimachinery/pkg/util/intstr"
@@ -25,6 +26,9 @@ import (
2526
infrav1 "sigs.k8s.io/cluster-api-provider-ibmcloud/api/v1beta2"
2627
)
2728

29+
// IBM Cloud CRN validation regex.
30+
var crnRegex = regexp.MustCompile(`^crn:v[0-9]+:[a-z0-9-]+:[a-z0-9-]+:[a-z0-9-]+:[a-z0-9-]*:([a-z]\/[a-z0-9-]+)?:[a-z0-9-]*:[a-z0-9-]*:[a-zA-Z0-9-_\.\/]*$`)
31+
2832
func defaultIBMPowerVSMachineSpec(spec *infrav1.IBMPowerVSMachineSpec) {
2933
if spec.MemoryGiB == 0 {
3034
spec.MemoryGiB = 2
@@ -97,7 +101,16 @@ func validateBootVolume(spec infrav1.IBMVPCMachineSpec) field.ErrorList {
97101
allErrs = append(allErrs, field.Invalid(field.NewPath("spec.bootVolume.iops"), spec, "iops applicable only to volumes using a profile of type `custom`"))
98102
}
99103

100-
//TODO: Add validation for the spec.BootVolume.EncryptionKeyCRN to ensure its in proper IBM Cloud CRN format
104+
// Add validation for the spec.BootVolume.EncryptionKeyCRN to ensure its in proper IBM Cloud CRN format
105+
106+
if spec.BootVolume.EncryptionKeyCRN != "" && !IsValidCRN(spec.BootVolume.EncryptionKeyCRN) {
107+
allErrs = append(allErrs, field.Invalid(field.NewPath("spec.bootVolume.encryptionKeyCRN"), spec, "encryptionKeyCRN not in proper IBM Cloud CRN format"))
108+
}
101109

102110
return allErrs
103111
}
112+
113+
// IsValidCRN checks whether the provided string is a valid IBM Cloud CRN.
114+
func IsValidCRN(crn string) bool {
115+
return crnRegex.MatchString(crn)
116+
}

internal/webhooks/common_test.go

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -160,6 +160,20 @@ func Test_validateBootVolume(t *testing.T) {
160160
},
161161
wantError: true,
162162
},
163+
{
164+
name: "Valid encryptionKeyCRN",
165+
spec: infrav1.IBMVPCMachineSpec{
166+
BootVolume: &infrav1.VPCVolume{SizeGiB: 20, EncryptionKeyCRN: "crn:v1:bluemix:public:kms:us-south:a/aa2432b1fa4d4ace891e9b80fc104e34:e4a29d1a-2ef0-42a6-8fd2-350deb1c647e:key:5437653b-c4b1-447f-9646-b2a2a4cd6179"},
167+
},
168+
wantError: false,
169+
},
170+
{
171+
name: "Invalid encryptionKeyCRN",
172+
spec: infrav1.IBMVPCMachineSpec{
173+
BootVolume: &infrav1.VPCVolume{EncryptionKeyCRN: "invalid-crn-format"},
174+
},
175+
wantError: true,
176+
},
163177
}
164178
for _, tt := range tests {
165179
t.Run(tt.name, func(t *testing.T) {

0 commit comments

Comments
 (0)