Merge branch 'master' into JENKINS-50392-exit-code

Author: carlossg

CHANGELOG.md

@@ -7,6 +7,10 @@ Known issues
 
 See the full list of issues at [JIRA](https://issues.jenkins-ci.org/issues/?filter=15575)
 
+1.8.0
+-----
+* Validate label and container names with regex [#332](https://github.com/jenkinsci/kubernetes-plugin/pull/332) [#343](https://github.com/jenkinsci/kubernetes-plugin/pull/343) [JENKINS-51248](https://issues.jenkins-ci.org/browse/JENKINS-51248)
+
 1.7.1
 -----
 * Do not print credentials in build output or logs. Only affects certain pipeline steps like `withDockerRegistry`. `sh` step is not affected [SECURITY-883](https://issues.jenkins-ci.org/browse/SECURITY-883)

pom.xml

@@ -40,7 +40,7 @@
   <properties>
     <!-- in minikube
     minikube ip | sed -e 's/\([0-9]*\.[0-9]*\.[0-9]*\).*/\1.1/' -->
-    <connectorHost>192.168.64.1</connectorHost>
+    <connectorHost></connectorHost>
     <java.level>8</java.level>
 
     <!-- dependency versions -->

src/main/java/org/csanchez/jenkins/plugins/kubernetes/ContainerTemplate.java

@@ -21,7 +21,9 @@
 import hudson.model.AbstractDescribableImpl;
 import hudson.model.Descriptor;
 import hudson.model.DescriptorVisibilityFilter;
+import hudson.util.FormValidation;
 import jenkins.model.Jenkins;
+import org.kohsuke.stapler.QueryParameter;
 
 public class ContainerTemplate extends AbstractDescribableImpl<ContainerTemplate> implements Serializable {
 
@@ -262,6 +264,13 @@ public String getDisplayName() {
         public List<? extends Descriptor> getEnvVarsDescriptors() {
             return DescriptorVisibilityFilter.apply(null, Jenkins.getInstance().getDescriptorList(TemplateEnvVar.class));
         }
+
+        public FormValidation doCheckName(@QueryParameter String value) {
+            if(!PodTemplateUtils.validateContainerName(value)) {
+                return FormValidation.error(Messages.RFC1123_error(value));
+            }
+            return FormValidation.ok();
+        }
     }
 
     @Override

src/main/java/org/csanchez/jenkins/plugins/kubernetes/PodTemplate.java

@@ -629,8 +629,8 @@ protected Object readResolve() {
 
     /**
      * Build a Pod object from a PodTemplate
-     * 
-     * @param client 
+     *
+     * @param client
      * @param slave
      */
     public Pod build(KubernetesClient client, KubernetesSlave slave) {
@@ -684,6 +684,7 @@ public String getDisplayName() {
         public List<? extends Descriptor> getEnvVarsDescriptors() {
             return DescriptorVisibilityFilter.apply(null, Jenkins.getInstance().getDescriptorList(TemplateEnvVar.class));
         }
+        
     }
 
     @Override
@@ -718,7 +719,7 @@ public String toString() {
                 (annotations == null || annotations.isEmpty() ? "" : ", annotations=" + annotations) +
                 (imagePullSecrets == null || imagePullSecrets.isEmpty() ? "" : ", imagePullSecrets=" + imagePullSecrets) +
                 (nodeProperties == null || nodeProperties.isEmpty() ? "" : ", nodeProperties=" + nodeProperties) +
-                (yaml == null ? "" : ", yaml=" + yaml) +                
+                (yaml == null ? "" : ", yaml=" + yaml) +
                 '}';
     }
 }

src/main/java/org/csanchez/jenkins/plugins/kubernetes/PodTemplateBuilder.java

@@ -24,11 +24,9 @@
 
 package org.csanchez.jenkins.plugins.kubernetes;
 
-import static java.nio.charset.StandardCharsets.*;
 import static org.csanchez.jenkins.plugins.kubernetes.KubernetesCloud.*;
 import static org.csanchez.jenkins.plugins.kubernetes.PodTemplateUtils.*;
 
-import java.io.ByteArrayInputStream;
 import java.nio.file.Paths;
 import java.util.ArrayList;
 import java.util.Collection;
@@ -61,20 +59,16 @@
 import io.fabric8.kubernetes.api.model.EnvVar;
 import io.fabric8.kubernetes.api.model.ExecAction;
 import io.fabric8.kubernetes.api.model.LocalObjectReference;
-import io.fabric8.kubernetes.api.model.ObjectMeta;
 import io.fabric8.kubernetes.api.model.Pod;
 import io.fabric8.kubernetes.api.model.PodBuilder;
 import io.fabric8.kubernetes.api.model.PodFluent.MetadataNested;
 import io.fabric8.kubernetes.api.model.PodFluent.SpecNested;
-import io.fabric8.kubernetes.api.model.PodSpec;
 import io.fabric8.kubernetes.api.model.Probe;
 import io.fabric8.kubernetes.api.model.ProbeBuilder;
 import io.fabric8.kubernetes.api.model.Quantity;
 import io.fabric8.kubernetes.api.model.Volume;
 import io.fabric8.kubernetes.api.model.VolumeBuilder;
 import io.fabric8.kubernetes.api.model.VolumeMount;
-import io.fabric8.kubernetes.client.DefaultKubernetesClient;
-import io.fabric8.kubernetes.client.KubernetesClient;
 
 /**
  * Helper class to build Pods from PodTemplates
@@ -201,19 +195,8 @@ public Pod build() {
         // merge with the yaml
         String yaml = template.getYaml();
         if (!StringUtils.isBlank(yaml)) {
-            try (KubernetesClient client = new DefaultKubernetesClient()) {
-                Pod podFromYaml = client.pods()
-                        .load(new ByteArrayInputStream((yaml == null ? "" : yaml).getBytes(UTF_8))).get();
-                LOGGER.log(Level.FINEST, "Parsed pod template from yaml: {0}", podFromYaml);
-                // yaml can be just a fragment, avoid NPEs
-                if (podFromYaml.getMetadata() == null) {
-                    podFromYaml.setMetadata(new ObjectMeta());
-                }
-                if (podFromYaml.getSpec() == null) {
-                    podFromYaml.setSpec(new PodSpec());
-                }
-                pod = combine(podFromYaml, pod);
-            }
+            Pod podFromYaml = parseFromYaml(yaml);
+            pod = combine(podFromYaml, pod);
         }
 
         // Apply defaults

src/main/java/org/csanchez/jenkins/plugins/kubernetes/PodTemplateUtils.java

@@ -1,11 +1,14 @@
 package org.csanchez.jenkins.plugins.kubernetes;
 
 import static hudson.Util.*;
+import static java.nio.charset.StandardCharsets.*;
 import static java.util.stream.Collectors.*;
 import static org.csanchez.jenkins.plugins.kubernetes.ContainerTemplate.*;
 
+import java.io.ByteArrayInputStream;
 import java.util.ArrayList;
 import java.util.Collection;
+import java.util.Collections;
 import java.util.HashMap;
 import java.util.LinkedHashSet;
 import java.util.List;
@@ -15,11 +18,14 @@
 import java.util.function.Function;
 import java.util.logging.Level;
 import java.util.logging.Logger;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
 import java.util.stream.Collectors;
 
 import javax.annotation.CheckForNull;
 import javax.annotation.Nonnull;
 
+import org.apache.commons.lang.StringUtils;
 import org.csanchez.jenkins.plugins.kubernetes.model.TemplateEnvVar;
 import org.csanchez.jenkins.plugins.kubernetes.volumes.PodVolume;
 import org.csanchez.jenkins.plugins.kubernetes.volumes.workspace.WorkspaceVolume;
@@ -37,20 +43,26 @@
 import io.fabric8.kubernetes.api.model.ContainerBuilder;
 import io.fabric8.kubernetes.api.model.EnvVar;
 import io.fabric8.kubernetes.api.model.LocalObjectReference;
+import io.fabric8.kubernetes.api.model.ObjectMeta;
 import io.fabric8.kubernetes.api.model.Pod;
 import io.fabric8.kubernetes.api.model.PodBuilder;
 import io.fabric8.kubernetes.api.model.PodFluent.MetadataNested;
 import io.fabric8.kubernetes.api.model.PodFluent.SpecNested;
+import io.fabric8.kubernetes.api.model.PodSpec;
 import io.fabric8.kubernetes.api.model.Quantity;
 import io.fabric8.kubernetes.api.model.ResourceRequirements;
 import io.fabric8.kubernetes.api.model.Toleration;
 import io.fabric8.kubernetes.api.model.Volume;
 import io.fabric8.kubernetes.api.model.VolumeMount;
+import io.fabric8.kubernetes.client.DefaultKubernetesClient;
+import io.fabric8.kubernetes.client.KubernetesClient;
 
 public class PodTemplateUtils {
 
     private static final Logger LOGGER = Logger.getLogger(PodTemplateUtils.class.getName());
 
+    private static final Pattern LABEL_VALIDATION = Pattern.compile("[a-zA-Z0-9]([_\\.\\-a-zA-Z0-9]*[a-zA-Z0-9])?");
+
     /**
      * Combines a {@link ContainerTemplate} with its parent.
      * @param parent        The parent container template (nullable).
@@ -95,7 +107,7 @@ public static ContainerTemplate combine(@CheckForNull ContainerTemplate parent,
 
     /**
      * Combines a Container with its parent.
-     * 
+     *
      * @param parent
      *            The parent container (nullable).
      * @param template
@@ -204,7 +216,7 @@ public static Pod combine(Pod parent, Pod template) {
         List<Volume> combinedVolumes = Lists.newLinkedList();
         Optional.ofNullable(parent.getSpec().getVolumes()).ifPresent(combinedVolumes::addAll);
         Optional.ofNullable(template.getSpec().getVolumes()).ifPresent(combinedVolumes::addAll);
-        
+
         // Tolerations
         List<Toleration> combinedTolerations = Lists.newLinkedList();
         Optional.ofNullable(parent.getSpec().getTolerations()).ifPresent(combinedTolerations::addAll);
@@ -310,26 +322,26 @@ public static PodTemplate combine(PodTemplate parent, PodTemplate template) {
         podTemplate.setAnnotations(new ArrayList<>(podAnnotations));
         podTemplate.setNodeProperties(toolLocationNodeProperties);
         podTemplate.setNodeUsageMode(nodeUsageMode);
-        podTemplate.setInheritFrom(!Strings.isNullOrEmpty(template.getInheritFrom()) ? 
+        podTemplate.setInheritFrom(!Strings.isNullOrEmpty(template.getInheritFrom()) ?
                                    template.getInheritFrom() : parent.getInheritFrom());
-        
-        podTemplate.setInstanceCap(template.getInstanceCap() != Integer.MAX_VALUE ? 
+
+        podTemplate.setInstanceCap(template.getInstanceCap() != Integer.MAX_VALUE ?
                                    template.getInstanceCap() : parent.getInstanceCap());
-        
-        podTemplate.setSlaveConnectTimeout(template.getSlaveConnectTimeout() != PodTemplate.DEFAULT_SLAVE_JENKINS_CONNECTION_TIMEOUT ? 
+
+        podTemplate.setSlaveConnectTimeout(template.getSlaveConnectTimeout() != PodTemplate.DEFAULT_SLAVE_JENKINS_CONNECTION_TIMEOUT ?
                                            template.getSlaveConnectTimeout() : parent.getSlaveConnectTimeout());
 
-        podTemplate.setIdleMinutes(template.getIdleMinutes() != 0 ? 
-                                   template.getIdleMinutes() : parent.getIdleMinutes()); 
+        podTemplate.setIdleMinutes(template.getIdleMinutes() != 0 ?
+                                   template.getIdleMinutes() : parent.getIdleMinutes());
 
         podTemplate.setActiveDeadlineSeconds(template.getActiveDeadlineSeconds() != 0 ?
-                                             template.getActiveDeadlineSeconds() : parent.getActiveDeadlineSeconds()); 
+                                             template.getActiveDeadlineSeconds() : parent.getActiveDeadlineSeconds());
+
 
-            
-        podTemplate.setServiceAccount(!Strings.isNullOrEmpty(template.getServiceAccount()) ? 
+        podTemplate.setServiceAccount(!Strings.isNullOrEmpty(template.getServiceAccount()) ?
                                       template.getServiceAccount() : parent.getServiceAccount());
 
-        podTemplate.setCustomWorkspaceVolumeEnabled(template.isCustomWorkspaceVolumeEnabled() ? 
+        podTemplate.setCustomWorkspaceVolumeEnabled(template.isCustomWorkspaceVolumeEnabled() ?
                                                     template.isCustomWorkspaceVolumeEnabled() : parent.isCustomWorkspaceVolumeEnabled());
 
         podTemplate.setYaml(template.getYaml() == null ? parent.getYaml() : template.getYaml());
@@ -466,6 +478,55 @@ public static String substitute(String s, Map<String, String> properties, String
         return Strings.isNullOrEmpty(s) ? defaultValue : replaceMacro(s, properties);
     }
 
+    public static Pod parseFromYaml(String yaml) {
+        try (KubernetesClient client = new DefaultKubernetesClient()) {
+            Pod podFromYaml = client.pods().load(new ByteArrayInputStream((yaml == null ? "" : yaml).getBytes(UTF_8)))
+                    .get();
+            LOGGER.log(Level.FINEST, "Parsed pod template from yaml: {0}", podFromYaml);
+            // yaml can be just a fragment, avoid NPEs
+            if (podFromYaml.getMetadata() == null) {
+                podFromYaml.setMetadata(new ObjectMeta());
+            }
+            if (podFromYaml.getSpec() == null) {
+                podFromYaml.setSpec(new PodSpec());
+            }
+            return podFromYaml;
+        }
+    }
+
+    public static Collection<String> validateYamlContainerNames(String yaml) {
+        if (StringUtils.isBlank(yaml)) {
+            return Collections.emptyList();
+        }
+        Collection<String> errors = new ArrayList<>();
+        Pod pod = parseFromYaml(yaml);
+        List<Container> containers = pod.getSpec().getContainers();
+        if (containers != null) {
+            for (Container container : containers) {
+                if (!PodTemplateUtils.validateContainerName(container.getName())) {
+                    errors.add(container.getName());
+                }
+            }
+        }
+        return errors;
+    }
+
+    public static boolean validateContainerName(String name) {
+        if (name != null && !name.isEmpty()) {
+            Pattern p = Pattern.compile("[a-z0-9]([-a-z0-9]*[a-z0-9])?");
+            Matcher m = p.matcher(name);
+            return m.matches();
+        }
+        return true;
+    }
+
+    /*
+     * Pulled from https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#syntax-and-character-set
+     */
+    public static boolean validateLabel(String label) {
+        return StringUtils.isBlank(label) ? true : label.length() <= 63 && LABEL_VALIDATION.matcher(label).matches();
+    }
+
     private static List<EnvVar> combineEnvVars(Container parent, Container template) {
         List<EnvVar> combinedEnvVars = new ArrayList<>();
         combinedEnvVars.addAll(parent.getEnv());

src/main/java/org/csanchez/jenkins/plugins/kubernetes/pipeline/PodTemplateStepExecution.java

@@ -2,26 +2,30 @@
 
 import static java.util.stream.Collectors.*;
 
+import java.util.Collection;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 
 import edu.umd.cs.findbugs.annotations.CheckForNull;
-import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
 import org.apache.commons.lang.RandomStringUtils;
 import org.csanchez.jenkins.plugins.kubernetes.KubernetesCloud;
+import org.csanchez.jenkins.plugins.kubernetes.Messages;
 import org.csanchez.jenkins.plugins.kubernetes.PodImagePullSecret;
 import org.csanchez.jenkins.plugins.kubernetes.PodTemplate;
 import org.jenkinsci.plugins.workflow.steps.AbstractStepExecutionImpl;
 import org.jenkinsci.plugins.workflow.steps.BodyExecutionCallback;
 import org.jenkinsci.plugins.workflow.steps.StepContext;
 
 import com.google.common.base.Strings;
+import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
 
 import hudson.AbortException;
 import hudson.model.Run;
 import hudson.slaves.Cloud;
 import io.fabric8.kubernetes.client.KubernetesClient;
 import jenkins.model.Jenkins;
+import org.csanchez.jenkins.plugins.kubernetes.ContainerTemplate;
+import org.csanchez.jenkins.plugins.kubernetes.PodTemplateUtils;
 
 public class PodTemplateStepExecution extends AbstractStepExecutionImpl {
 
@@ -92,6 +96,20 @@ public boolean start() throws Exception {
             newTemplate.setActiveDeadlineSeconds(step.getActiveDeadlineSeconds());
         }
 
+        for (ContainerTemplate container : newTemplate.getContainers()) {
+            if (!PodTemplateUtils.validateContainerName(container.getName())) {
+                throw new AbortException(Messages.RFC1123_error(container.getName()));
+            }
+        }
+        Collection<String> errors = PodTemplateUtils.validateYamlContainerNames(newTemplate.getYaml());
+        if (!errors.isEmpty()) {
+            throw new AbortException(Messages.RFC1123_error(String.join(", ", errors)));
+        }
+
+        if (!PodTemplateUtils.validateLabel(newTemplate.getLabel())) {
+            throw new AbortException(Messages.label_error(newTemplate.getLabel()));
+        }
+
         kubernetesCloud.addDynamicTemplate(newTemplate);
         getContext().newBodyInvoker().withContext(step).withCallback(new PodTemplateCallback(newTemplate)).start();
 

src/main/resources/org/csanchez/jenkins/plugins/kubernetes/Messages.properties

@@ -1,3 +1,5 @@
 offline=Kubernetes agent is going offline
 NonConfigurableKubernetesCloud.displayName=Kubernetes (predefined settings)
 KubernetesSlave.AgentIsProvisionedFromTemplate=Agent {0} is provisioned from template {1}
+RFC1123.error=Container Names MUST match RFC 1123 - They can only contain lowercase letters, numbers or dashes: {0}
+label.error=Labels must follow required specs - https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#syntax-and-character-set: {0}