From 7a60388cbb71fddd84e750986bd30c0471f81b0b Mon Sep 17 00:00:00 2001 From: Mike Interlandi Date: Tue, 4 Feb 2025 14:06:08 -0500 Subject: [PATCH 1/8] fix typo Signed-off-by: Mike Interlandi --- cmd/nerdctl/namespace/namespace_update.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/cmd/nerdctl/namespace/namespace_update.go b/cmd/nerdctl/namespace/namespace_update.go index b390dc26792..51705204b6b 100644 --- a/cmd/nerdctl/namespace/namespace_update.go +++ b/cmd/nerdctl/namespace/namespace_update.go @@ -26,7 +26,7 @@ import ( ) func newNamespacelabelUpdateCommand() *cobra.Command { - namespaceLableCommand := &cobra.Command{ + namespaceLabelCommand := &cobra.Command{ Use: "update [flags] NAMESPACE", Short: "Update labels for a namespace", RunE: labelUpdateAction, @@ -34,8 +34,8 @@ func newNamespacelabelUpdateCommand() *cobra.Command { SilenceUsage: true, SilenceErrors: true, } - namespaceLableCommand.Flags().StringArrayP("label", "l", nil, "Set labels for a namespace") - return namespaceLableCommand + namespaceLabelCommand.Flags().StringArrayP("label", "l", nil, "Set labels for a namespace") + return namespaceLabelCommand } func processNamespaceUpdateCommandOption(cmd *cobra.Command) (types.NamespaceUpdateOptions, error) { From 3d9d7265dedacb70e86076c8ab79374940d41abd Mon Sep 17 00:00:00 2001 From: Mike Interlandi Date: Tue, 4 Feb 2025 14:29:49 -0500 Subject: [PATCH 2/8] enforce --label in namespace update Signed-off-by: Mike Interlandi --- cmd/nerdctl/namespace/namespace_update.go | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/cmd/nerdctl/namespace/namespace_update.go b/cmd/nerdctl/namespace/namespace_update.go index 51705204b6b..3aab2b117d1 100644 --- a/cmd/nerdctl/namespace/namespace_update.go +++ b/cmd/nerdctl/namespace/namespace_update.go @@ -17,6 +17,8 @@ package namespace import ( + "errors" + "github.com/spf13/cobra" "github.com/containerd/nerdctl/v2/cmd/nerdctl/helpers" @@ -34,7 +36,7 @@ func newNamespacelabelUpdateCommand() *cobra.Command { SilenceUsage: true, SilenceErrors: true, } - namespaceLabelCommand.Flags().StringArrayP("label", "l", nil, "Set labels for a namespace") + namespaceLabelCommand.Flags().StringArrayP("label", "l", nil, "Set labels for a namespace (required)") return namespaceLabelCommand } @@ -47,6 +49,11 @@ func processNamespaceUpdateCommandOption(cmd *cobra.Command) (types.NamespaceUpd if err != nil { return types.NamespaceUpdateOptions{}, err } + + if (len(labels) == 0) { + return types.NamespaceUpdateOptions{}, errors.New("use \"--label\" or \"-l\" to specify labels for namespace"); + } + return types.NamespaceUpdateOptions{ GOptions: globalOptions, Labels: labels, From 343d0a90b61ffd46f51d7306c5eaa4c43d25144f Mon Sep 17 00:00:00 2001 From: Mike Interlandi Date: Tue, 4 Feb 2025 16:15:05 -0500 Subject: [PATCH 3/8] add validateNamespaceName Signed-off-by: Mike Interlandi --- pkg/cmd/namespace/common.go | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/pkg/cmd/namespace/common.go b/pkg/cmd/namespace/common.go index e08939e0427..ce6b629f457 100644 --- a/pkg/cmd/namespace/common.go +++ b/pkg/cmd/namespace/common.go @@ -16,7 +16,11 @@ package namespace -import "strings" +import ( + "strings" + "unicode" + "errors" +) func objectWithLabelArgs(args []string) map[string]string { if len(args) >= 1 { @@ -39,3 +43,18 @@ func labelArgs(labelStrings []string) map[string]string { return labels } + +func validateNamespaceName(name string) error { + for _, c := range(name) { + if ( + c == ' ' || + unicode.IsLower(c) || + unicode.IsNumber(c)) { + continue + } + + return errors.New("invalid namespace name - use only lowercase alphanumeric characters and hyphens") + } + + return nil +} From a053f155b8881e6843bd61c03ccb8f5fb8e2fde5 Mon Sep 17 00:00:00 2001 From: Mike Interlandi Date: Tue, 4 Feb 2025 16:33:01 -0500 Subject: [PATCH 4/8] add name validation in namespace.Inspect Signed-off-by: Mike Interlandi --- pkg/cmd/namespace/inspect.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/pkg/cmd/namespace/inspect.go b/pkg/cmd/namespace/inspect.go index 3a7a4932815..e9ff77a616f 100644 --- a/pkg/cmd/namespace/inspect.go +++ b/pkg/cmd/namespace/inspect.go @@ -30,6 +30,10 @@ import ( func Inspect(ctx context.Context, client *containerd.Client, inspectedNamespaces []string, options types.NamespaceInspectOptions) error { result := make([]interface{}, len(inspectedNamespaces)) for index, ns := range inspectedNamespaces { + if err := validateNamespaceName(ns); err != nil { + return err + } + ctx = namespaces.WithNamespace(ctx, ns) labels, err := client.NamespaceService().Labels(ctx, ns) if err != nil { From ca23fc845af038442dd1810260a639be49d97dc2 Mon Sep 17 00:00:00 2001 From: Mike Interlandi Date: Tue, 4 Feb 2025 16:40:53 -0500 Subject: [PATCH 5/8] add name validation in namespace.Create Signed-off-by: Mike Interlandi --- pkg/cmd/namespace/create.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/pkg/cmd/namespace/create.go b/pkg/cmd/namespace/create.go index f07b9f007e6..6541cd85502 100644 --- a/pkg/cmd/namespace/create.go +++ b/pkg/cmd/namespace/create.go @@ -25,6 +25,10 @@ import ( ) func Create(ctx context.Context, client *containerd.Client, namespace string, options types.NamespaceCreateOptions) error { + if err := validateNamespaceName(namespace); err != nil { + return err + } + labelsArg := objectWithLabelArgs(options.Labels) namespaces := client.NamespaceService() return namespaces.Create(ctx, namespace, labelsArg) From b5b6a71632fb14f60235061fe6f2a082e23ee028 Mon Sep 17 00:00:00 2001 From: Mike Interlandi Date: Tue, 4 Feb 2025 16:44:06 -0500 Subject: [PATCH 6/8] add name validation in namespace.Update Signed-off-by: Mike Interlandi --- pkg/cmd/namespace/update.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/pkg/cmd/namespace/update.go b/pkg/cmd/namespace/update.go index 63d2d8a5971..881db23b6ff 100644 --- a/pkg/cmd/namespace/update.go +++ b/pkg/cmd/namespace/update.go @@ -25,6 +25,10 @@ import ( ) func Update(ctx context.Context, client *containerd.Client, namespace string, options types.NamespaceUpdateOptions) error { + if err := validateNamespaceName(namespace); err != nil { + return err + } + labelsArg := objectWithLabelArgs(options.Labels) namespaces := client.NamespaceService() for k, v := range labelsArg { From 1a3e07e58514944ee80fe5b6368fd945e5907725 Mon Sep 17 00:00:00 2001 From: Mike Interlandi Date: Tue, 4 Feb 2025 17:09:42 -0500 Subject: [PATCH 7/8] document validateNamespaceName Signed-off-by: Mike Interlandi --- pkg/cmd/namespace/common.go | 1 + 1 file changed, 1 insertion(+) diff --git a/pkg/cmd/namespace/common.go b/pkg/cmd/namespace/common.go index ce6b629f457..71063427ed0 100644 --- a/pkg/cmd/namespace/common.go +++ b/pkg/cmd/namespace/common.go @@ -44,6 +44,7 @@ func labelArgs(labelStrings []string) map[string]string { return labels } +// Returns an error if name is invalid. func validateNamespaceName(name string) error { for _, c := range(name) { if ( From d3454d4050f158e6b921267fec5ecea80e0eeb46 Mon Sep 17 00:00:00 2001 From: Mike Interlandi Date: Wed, 5 Feb 2025 15:03:03 -0500 Subject: [PATCH 8/8] format Signed-off-by: Mike Interlandi --- pkg/cmd/namespace/common.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkg/cmd/namespace/common.go b/pkg/cmd/namespace/common.go index 71063427ed0..2285dc30fdd 100644 --- a/pkg/cmd/namespace/common.go +++ b/pkg/cmd/namespace/common.go @@ -17,8 +17,8 @@ package namespace import ( - "strings" - "unicode" + "strings" + "unicode" "errors" )