search

bsdci / libioc

A Python library to manage jails with ioc{age,ell}
https://bsd.ci/libioc
Other
38 stars 11 forks source link

enhance resource name validation #741

Closed gronke closed 5 years ago

gronke commented 5 years ago

addresses #483

gronke commented 5 years ago

@ Character

@urosgruber the @ character was not included in the permitted characters, because it is reserved to identify jail snapshots. Allowing the character would complicate the detection of snapshots, which becomes more important when supporting auto-completion.

Dots in jail names

The dot . character has also not been not permitted in jail names, because it is used by FreeBSD jails to express structures of nested jails. The only occasion where this becomes a problem for ioc is when assigning a name parameter to FreeBSD jails (currently ioc-<JAIL_NAME>) - without this human-readable identifier /usr/sbin/jls becomes less comfortable to use. This would also break compatibility with older iocage versions. (running jails are identified by this name)

I do understand that it is inviting to name jails after their domain name, but it comes with another disadvantage: the sorting order. Personally I prefer to name jails in reverse FQDN hierarchy (the domain subdomain.bsd.ci would turn into ci-bsd-subdomain.

The solution implemented in iocage (Python) https://github.com/iocage/iocage/pull/935/files is not acceptable, because it causes name collisions between jails. The two jails foo.bar and foo_bar would have the same jail identifier, which causes a race condition.

It could make sense to sacrifice the @ character as replacement for dot . in the jail identifier. @joachimmathes might suggest change to iocage. This is already a compatibility issue with latest iocgae that would be nice to resolve.

gronke commented 5 years ago

Update: dots in jail names are supported now, replacing the character in jail identifiers (Jail param name) with %, as it appears to be more useful for jail given names. Opinions welcome!

igalic commented 5 years ago

I do understand that it is inviting to name jails after their domain name, but it comes with another disadvantage: the sorting order. Personally I prefer to name jails in reverse FQDN hierarchy (the domain subdomain.bsd.ci would turn into ci-bsd-subdomain.

if you're making such opinionated decisions, it would be good to anchor them in the documentation (and ioc command help output)

gronke commented 5 years ago

Jail names may now contain dots (e.g. jail.example.com). The implementation deviates from python-iocage, which replaces dots in jail name parameters (used as identifier of managed jails) with dash (-). Because dash is allowed in regular jail names, the running state of two jails my.jail and my-jail would be confused. This implementation replaces dots in FreeBSD jail names with * - a character that is not allowed in ioc Jail names.