Merge pull request #29204 from aledbf/ingress-wildcard-hosts

Automatic merge from submit-queue

Allow leading * in ingress hostname

fixes #29043

pkg/util/validation/validation.go

@@ -139,6 +139,27 @@ func IsDNS1035Label(value string) []string {
 	return errs
 }
 
+// wildcard definition - RFC 1034 section 4.3.3.
+// examples:
+// - valid: *.bar.com, *.foo.bar.com
+// - invalid: *.*.bar.com, *.foo.*.com, *bar.com, f*.bar.com, *
+const wildcardDNF1123SubdomainFmt = "\\*\\." + dns1123SubdomainFmt
+
+// IsWildcardDNS1123Subdomain tests for a string that conforms to the definition of a
+// wildcard subdomain in DNS (RFC 1034 section 4.3.3).
+func IsWildcardDNS1123Subdomain(value string) []string {
+	wildcardDNS1123SubdomainRegexp := regexp.MustCompile("^\\*\\." + dns1123SubdomainFmt + "$")
+
+	var errs []string
+	if len(value) > DNS1123SubdomainMaxLength {
+		errs = append(errs, MaxLenError(DNS1123SubdomainMaxLength))
+	}
+	if !wildcardDNS1123SubdomainRegexp.MatchString(value) {
+		errs = append(errs, RegexError(wildcardDNF1123SubdomainFmt, "*.example.com"))
+	}
+	return errs
+}
+
 const cIdentifierFmt string = "[A-Za-z_][A-Za-z0-9_]*"
 
 var cIdentifierRegexp = regexp.MustCompile("^" + cIdentifierFmt + "$")

pkg/util/validation/validation_test.go

@@ -407,3 +407,29 @@ func TestIsConfigMapKey(t *testing.T) {
 		}
 	}
 }
+
+func TestIsWildcardDNS1123Subdomain(t *testing.T) {
+	goodValues := []string{
+		"*.example.com",
+		"*.bar.com",
+		"*.foo.bar.com",
+	}
+	for _, val := range goodValues {
+		if errs := IsWildcardDNS1123Subdomain(val); len(errs) != 0 {
+			t.Errorf("expected no errors for %q: %v", val, errs)
+		}
+	}
+
+	badValues := []string{
+		"*.*.bar.com",
+		"*.foo.*.com",
+		"*bar.com",
+		"f*.bar.com",
+		"*",
+	}
+	for _, val := range badValues {
+		if errs := IsWildcardDNS1123Subdomain(val); len(errs) == 0 {
+			t.Errorf("expected errors for %q", val)
+		}
+	}
+}