fix: enforce sanitization on names generated for k8s and images

scc-digitalhub · Jul 11, 2024 · 159e5c2 · 159e5c2
1 parent 35f0dba
commit 159e5c2
Show file tree

Hide file tree

Showing 4 changed files with 36 additions and 7 deletions.
diff --git a/...main/java/it/smartcommunitylabdhub/framework/k8s/infrastructure/k8s/K8sBaseFramework.java b/...main/java/it/smartcommunitylabdhub/framework/k8s/infrastructure/k8s/K8sBaseFramework.java
@@ -354,14 +354,13 @@ protected Map<String, String> buildLabels(T runnable) {
         // Create labels for job
         Map<String, String> labels = Map.of(
             "app.kubernetes.io/instance",
-            applicationProperties.getName() + "-" + runnable.getId(),
+            K8sBuilderHelper.sanitizeNames(applicationProperties.getName() + "-" + runnable.getId()),
             "app.kubernetes.io/version",
             runnable.getId(),
             "app.kubernetes.io/part-of",
-            //TODO add function name in place of runId
-            applicationProperties.getName() + "-" + runnable.getProject() + "-" + runnable.getId(),
+            K8sBuilderHelper.sanitizeNames(applicationProperties.getName() + "-" + runnable.getProject()),
             "app.kubernetes.io/managed-by",
-            applicationProperties.getName()
+            K8sBuilderHelper.sanitizeNames(applicationProperties.getName())
         );
         if (runnable.getLabels() != null && !runnable.getLabels().isEmpty()) {
             labels = new HashMap<>(labels);

diff --git a/...k8s/src/main/java/it/smartcommunitylabdhub/framework/k8s/kubernetes/K8sBuilderHelper.java b/...k8s/src/main/java/it/smartcommunitylabdhub/framework/k8s/kubernetes/K8sBuilderHelper.java
@@ -32,6 +32,7 @@
 import java.util.stream.Collectors;
 import java.util.stream.Stream;
 import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.lang3.RandomStringUtils;
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
@@ -47,6 +48,8 @@
 @ConditionalOnKubernetes
 public class K8sBuilderHelper implements InitializingBean {
 
+    public static final int K8S_NAME_MAX_LENGTH = 62;
+
     @Autowired
     ApiClient apiClient;
 
@@ -264,7 +267,16 @@ public static String sanitizeNames(String name) {
             return null;
         } else {
             //use only allowed chars in k8s resource names!
-            return name.replaceAll("[^a-zA-Z0-9._-]+", "-");
+            String value = name.toLowerCase().replaceAll("[^a-zA-Z0-9._-]+", "-");
+            if (value.length() > K8S_NAME_MAX_LENGTH) {
+                return (
+                    value.substring(0, K8S_NAME_MAX_LENGTH - 7) +
+                    "-" +
+                    RandomStringUtils.randomAlphabetic(5).toLowerCase()
+                );
+            }
+
+            return value;
         }
     }
 }
diff --git a/...rc/main/java/it/smartcommunitylabdhub/runtime/container/runners/ContainerBuildRunner.java b/...rc/main/java/it/smartcommunitylabdhub/runtime/container/runners/ContainerBuildRunner.java
@@ -6,6 +6,7 @@
 import it.smartcommunitylabdhub.commons.models.entities.run.Run;
 import it.smartcommunitylabdhub.commons.models.enums.State;
 import it.smartcommunitylabdhub.commons.models.utils.RunUtils;
+import it.smartcommunitylabdhub.framework.k8s.kubernetes.K8sBuilderHelper;
 import it.smartcommunitylabdhub.framework.k8s.objects.CoreEnv;
 import it.smartcommunitylabdhub.framework.kaniko.infrastructure.docker.DockerfileGenerator;
 import it.smartcommunitylabdhub.framework.kaniko.infrastructure.docker.DockerfileGeneratorFactory;
@@ -97,7 +98,17 @@ public K8sKanikoRunnable produce(Run run) {
             .task(TASK)
             .state(State.READY.name())
             // Base
-            .image(runSpecAccessor.getProject() + "-" + runSpecAccessor.getFunction())
+            .image(
+                StringUtils.hasText(functionSpec.getImage())
+                    ? functionSpec.getImage()
+                    : K8sBuilderHelper.sanitizeNames(
+                        runSpecAccessor.getProject() +
+                        "-" +
+                        runSpecAccessor.getFunction() +
+                        ":" +
+                        run.getId().substring(0, 5)
+                    )
+            )
             .envs(coreEnvList)
             .secrets(groupedSecrets)
             .resources(taskSpec.getResources())

diff --git a/...thon/src/main/java/it/smartcommunitylabdhub/runtime/python/runners/PythonBuildRunner.java b/...thon/src/main/java/it/smartcommunitylabdhub/runtime/python/runners/PythonBuildRunner.java
@@ -5,6 +5,7 @@
 import it.smartcommunitylabdhub.commons.models.entities.run.Run;
 import it.smartcommunitylabdhub.commons.models.enums.State;
 import it.smartcommunitylabdhub.commons.models.utils.RunUtils;
+import it.smartcommunitylabdhub.framework.k8s.kubernetes.K8sBuilderHelper;
 import it.smartcommunitylabdhub.framework.k8s.model.ContextRef;
 import it.smartcommunitylabdhub.framework.k8s.model.ContextSource;
 import it.smartcommunitylabdhub.framework.k8s.objects.CoreEnv;
@@ -197,7 +198,13 @@ public K8sKanikoRunnable produce(Run run) {
             .image(
                 StringUtils.hasText(functionSpec.getImage())
                     ? functionSpec.getImage()
-                    : runSpecAccessor.getProject() + "-" + runSpecAccessor.getFunction()
+                    : K8sBuilderHelper.sanitizeNames(
+                        runSpecAccessor.getProject() +
+                        "-" +
+                        runSpecAccessor.getFunction() +
+                        ":" +
+                        run.getId().substring(0, 5)
+                    )
             )
             .contextRefs(contextRefs)
             .contextSources(contextSources)