Charset for resources is too wide, validation is too weak for Mesh, MeshService and Zone

kumahq / kuma

🐻 The multi-zone service mesh for containers, Kubernetes and VMs. Built with Envoy. CNCF Sandbox Project.

https://kuma.io/install

Apache License 2.0

3.59k stars 329 forks source link

Charset for resources is too wide, validation is too weak for Mesh, MeshService and Zone #9246

Open slonka opened 6 months ago

slonka commented 6 months ago

What happened?

If you create a mesh with . in the name it will succeed but the DPs will fail to start.

lahabana commented 6 months ago

Doesn't look like it's done anywhere indeed: https://github.com/kumahq/kuma/blob/6858e83ea358fce6502ea7a05201294de50a0dae/pkg/core/resources/apis/mesh/meta_validator.go#L64-L75

lahabana commented 6 months ago

Ok it's broken for all resources on universal:

 ./build/artifacts-darwin-arm64/kumactl/kumactl get meshtrafficpermission foo.dwqdw -oyaml
creationTime: "2024-02-19T15:49:31.32399Z"
mesh: default
modificationTime: "2024-02-19T15:49:31.32399Z"
name: foo.dwqdw
type: MeshTrafficPermission
from:
- default:
    action: Allow
  targetRef:
    kind: Mesh
targetRef:
  kind: Mesh

lahabana commented 4 months ago

Let's disallow on Mesh and then check for impact on other resources. Should we disallow . in MeshService and Zone?