Skip to content

fix(vd,vi): prevent empty storage class in allowedStorageClassSelector #1422

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 12 commits into
base: main
Choose a base branch
from
Open

fix(vd,vi): prevent empty storage class in allowedStorageClassSelector #1422

wants to merge 12 commits into from

Conversation

loktev-d
Copy link
Contributor

@loktev-d loktev-d commented Sep 2, 2025
edited
Loading

Description

Added validation to prevent empty strings in allowedStorageClassSelector.matchNames configuration for VirtualDisks and VirtualImages. The fix includes:

  • OpenAPI schema validation with minLength: 1 for array items
  • Runtime validation in controller startup that fails fast if empty env vars are detected

Why do we need it, and what problem does it solve?

When allowedStorageClassSelector.matchNames: [""] was configured in ModuleConfig the restriction didn't work, allowing creation of disks with any storage class

What is the expected result?

Checklist

  • The code is covered by unit tests.
  • e2e tests passed.
  • Documentation updated according to the changes.
  • Changes were tested in the Kubernetes cluster manually.

Changelog entries

section: vd,vi
type: fix
summary: Prevent empty strings in allowedStorageClassSelector configuration for VirtualDisks and VirtualImage

@loktev-d
wip
81d3cf2 
Signed-off-by: Daniil Loktev <[email protected]>
@loktev-d loktev-d added this to the v0.26.0 milestone Sep 2, 2025
@loktev-d
wip
687fb6e 
Signed-off-by: Daniil Loktev <[email protected]>
@loktev-d loktev-d marked this pull request as draft September 2, 2025 13:21
@loktev-d
wip
6d4c369 
Signed-off-by: Daniil Loktev <[email protected]>
@loktev-d
wip
0b6c18f 
Signed-off-by: Daniil Loktev <[email protected]>
@loktev-d
wip
5f47654 
Signed-off-by: Daniil Loktev <[email protected]>
@loktev-d
wip
5d36394 
Signed-off-by: Daniil Loktev <[email protected]>
@loktev-d
wip
8c0bb58 
Signed-off-by: Daniil Loktev <[email protected]>
@loktev-d loktev-d added the e2e/run Run e2e test on cluster of PR author label Sep 4, 2025
@deckhouse-BOaTswain
Copy link
Contributor

deckhouse-BOaTswain commented Sep 4, 2025
edited
Loading

Workflow has started.
Follow the progress here: Workflow Run

The target step completed with status: failure.

@deckhouse-BOaTswain deckhouse-BOaTswain removed the e2e/run Run e2e test on cluster of PR author label Sep 4, 2025
@loktev-d loktev-d added the e2e/run Run e2e test on cluster of PR author label Sep 4, 2025
@deckhouse-BOaTswain
Copy link
Contributor

deckhouse-BOaTswain commented Sep 4, 2025
edited
Loading

Workflow has started.
Follow the progress here: Workflow Run

The target step completed with status: failure.

@deckhouse-BOaTswain deckhouse-BOaTswain removed the e2e/run Run e2e test on cluster of PR author label Sep 4, 2025
@loktev-d loktev-d added the e2e/run Run e2e test on cluster of PR author label Sep 5, 2025
@deckhouse-BOaTswain
Copy link
Contributor

deckhouse-BOaTswain commented Sep 5, 2025
edited
Loading

Workflow has started.
Follow the progress here: Workflow Run

The target step completed with status: cancelled.

@loktev-d
wip
7c85b69 
Signed-off-by: Daniil Loktev <[email protected]>
@deckhouse-BOaTswain deckhouse-BOaTswain removed the e2e/run Run e2e test on cluster of PR author label Sep 5, 2025
@loktev-d loktev-d added the e2e/run Run e2e test on cluster of PR author label Sep 5, 2025
@deckhouse-BOaTswain
Copy link
Contributor

deckhouse-BOaTswain commented Sep 5, 2025
edited
Loading

Workflow has started.
Follow the progress here: Workflow Run

The target step completed with status: cancelled.

@deckhouse-BOaTswain deckhouse-BOaTswain removed the e2e/run Run e2e test on cluster of PR author label Sep 5, 2025
@loktev-d loktev-d added the e2e/run Run e2e test on cluster of PR author label Sep 5, 2025
@deckhouse-BOaTswain
Copy link
Contributor

deckhouse-BOaTswain commented Sep 5, 2025
edited
Loading

Workflow has started.
Follow the progress here: Workflow Run

The target step completed with status: failure.

@deckhouse-BOaTswain deckhouse-BOaTswain removed the e2e/run Run e2e test on cluster of PR author label Sep 5, 2025
@loktev-d loktev-d added the e2e/run Run e2e test on cluster of PR author label Sep 5, 2025
@loktev-d loktev-d added the e2e/run Run e2e test on cluster of PR author label Sep 5, 2025
@deckhouse-BOaTswain
Copy link
Contributor

deckhouse-BOaTswain commented Sep 5, 2025
edited
Loading

Workflow has started.
Follow the progress here: Workflow Run

The target step completed with status: failure.

@deckhouse-BOaTswain deckhouse-BOaTswain removed the e2e/run Run e2e test on cluster of PR author label Sep 5, 2025
@loktev-d loktev-d added the e2e/run Run e2e test on cluster of PR author label Sep 8, 2025
@deckhouse-BOaTswain
Copy link
Contributor

deckhouse-BOaTswain commented Sep 8, 2025
edited
Loading

Workflow has started.
Follow the progress here: Workflow Run

The target step completed with status: cancelled.

@deckhouse-BOaTswain deckhouse-BOaTswain removed the e2e/run Run e2e test on cluster of PR author label Sep 8, 2025
@loktev-d loktev-d added the e2e/run Run e2e test on cluster of PR author label Sep 8, 2025
@deckhouse-BOaTswain
Copy link
Contributor

deckhouse-BOaTswain commented Sep 8, 2025
edited
Loading

Workflow has started.
Follow the progress here: Workflow Run

The target step completed with status: cancelled.

@deckhouse-BOaTswain deckhouse-BOaTswain removed the e2e/run Run e2e test on cluster of PR author label Sep 8, 2025
@loktev-d loktev-d added the e2e/run Run e2e test on cluster of PR author label Sep 9, 2025
@deckhouse-BOaTswain
Copy link
Contributor

deckhouse-BOaTswain commented Sep 9, 2025
edited
Loading

Workflow has started.
Follow the progress here: Workflow Run

The target step completed with status: failure.

@deckhouse-BOaTswain deckhouse-BOaTswain removed the e2e/run Run e2e test on cluster of PR author label Sep 9, 2025
@loktev-d loktev-d added the e2e/run Run e2e test on cluster of PR author label Sep 9, 2025
@deckhouse-BOaTswain
Copy link
Contributor

deckhouse-BOaTswain commented Sep 9, 2025
edited
Loading

Workflow has started.
Follow the progress here: Workflow Run

The target step completed with status: success.

@deckhouse-BOaTswain deckhouse-BOaTswain removed the e2e/run Run e2e test on cluster of PR author label Sep 9, 2025
@loktev-d loktev-d changed the title fix(vd,vi): enforce storage class restrictions in webhook validators fix(vd,vi): prevent empty storage class in allowedStorageClassSelector Sep 10, 2025
@loktev-d loktev-d marked this pull request as ready for review September 10, 2025 07:48
@loktev-d loktev-d marked this pull request as draft September 10, 2025 09:10
@nevermarine nevermarine modified the milestones: v1.0.0, v1.1.0 Sep 11, 2025
@loktev-d loktev-d added the e2e/run Run e2e test on cluster of PR author label Sep 12, 2025
@deckhouse-BOaTswain
Copy link
Contributor

deckhouse-BOaTswain commented Sep 12, 2025
edited
Loading

Workflow has started.
Follow the progress here: Workflow Run

The target step completed with status: success.

@deckhouse-BOaTswain deckhouse-BOaTswain removed the e2e/run Run e2e test on cluster of PR author label Sep 12, 2025
@loktev-d loktev-d marked this pull request as ready for review September 15, 2025 08:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Isteb4k Isteb4k Awaiting requested review from Isteb4k Isteb4k is a code owner

@yaroslavborbat yaroslavborbat Awaiting requested review from yaroslavborbat yaroslavborbat is a code owner

@fl64 fl64 Awaiting requested review from fl64 fl64 is a code owner

@z9r5 z9r5 Awaiting requested review from z9r5 z9r5 is a code owner

@goganat goganat Awaiting requested review from goganat goganat is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

@loktev-d loktev-d

Labels
None yet
Projects
None yet
Milestone
v1.1.0
Development

Successfully merging this pull request may close these issues.
3 participants
@loktev-d @deckhouse-BOaTswain @nevermarine