Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WIP: Remove incomplete validation from webhook #478

Closed
wants to merge 1 commit into from
Closed

WIP: Remove incomplete validation from webhook #478

wants to merge 1 commit into from

Conversation

erikgb
Copy link
Contributor

@erikgb erikgb commented Nov 17, 2024

While working on #475, I noticed this validation that seems wrong to me, at least incomplete. Why shouldn't a user be allowed to use the same key in source and target? This will only become a potential problem if the "trust namespace" is included as a target namespace. And why would you do that? And after #460, this check is definitely incomplete - which means we have to find a better way to exclude sources as targets in the controller.

@cert-manager-prow cert-manager-prow bot added the dco-signoff: yes Indicates that all commits in the pull request have the valid DCO sign-off message. label Nov 17, 2024
@cert-manager-prow
Copy link
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please ask for approval from erikgb. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@cert-manager-prow cert-manager-prow bot added the size/M Denotes a PR that changes 30-99 lines, ignoring generated files. label Nov 17, 2024
inteon
inteon reviewed Nov 21, 2024
View reviewed changes
pkg/webhook/validation.go
if target := bundle.Spec.Target.ConfigMap; target != nil {
path := path.Child("sources")
for i, source := range bundle.Spec.Sources {
if source.ConfigMap != nil && source.ConfigMap.Name == bundle.Name && source.ConfigMap.Key == target.Key {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We don't just check that the keys match, we also check that the bundle name matches the source config map name.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for pointing this out, @inteon. I will make an effort to fix the currently broken validation smarter.

@erikgb erikgb changed the title Remove incomplete validation from webhook WIP: Remove incomplete validation from webhook Nov 21, 2024
@cert-manager-prow cert-manager-prow bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Nov 21, 2024
@erikgb erikgb closed this Nov 22, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@inteon inteon inteon left review comments

Assignees
No one assigned
Labels
dco-signoff: yes Indicates that all commits in the pull request have the valid DCO sign-off message. do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@erikgb @inteon