Enchance validation of ClusterImagePolicy #1581
Comments
|
Another one we should do is validate the glob string. My understanding is that we only support 'one' trailing '*' character. Since parsing functions have traditionally been a source of confusion / bugs, I'd like to propose that we enforce it strictly so matching is easier to reason about. |
|
Thanks for creating the issue! Public keys, certs and regex/glob validations were the three we talked about.Do we need extra validations for the URL field? KMS field is still a string though. |
|
Also, when we add validation for inline data being a valid public key, we should also reuse that validation to address the public key we get from the secret. I have created this to track that work: Good question about the URL field. |
|
Regarding, the URL I believe a |
|
@vaikas Do we miss any work here ? If so we could create a new issue in the policy-controller repository. |
|
We should be all good here and any additional work should be tracked in policy-controller. |
As a follow on to #1548 @kkavitha and I chatted about some additional checks that we should be doing. For example, we should check the inline data to ensure inline data is a valid Public Key. There might be some additional ones as well. Just creating this to track that work here.
The text was updated successfully, but these errors were encountered: