Relax restrictions on environment variable names.
The POSIX standard restricts environment variable names to uppercase letters, digits, and the underscore character in shell contexts only. For generic application usage, it is stated that all other characters shall be tolerated. This change relaxes the rules to some degree. Namely, we stop requiring environment variable names to be strict C_IDENTIFIERS and start permitting lowercase, dot, and dash characters. Public container images using environment variable names beyond the shell-only context can benefit from this relaxation. Elasticsearch is one popular example.
This commit is contained in:
Timo Reimann
@@ -43,7 +43,7 @@ const (
|
||||
maxLengthErrMsg = "must be no more than"
|
||||
namePartErrMsg = "name part must consist of"
|
||||
nameErrMsg = "a qualified name must consist of"
|
||||
idErrMsg = "a valid C identifier must"
|
||||
envVarNameErrMsg = "a valid environment variable name must consist of"
|
||||
)
|
||||
|
||||
func testVolume(name string, namespace string, spec api.PersistentVolumeSpec) *api.PersistentVolume {
|
||||
@@ -2575,6 +2575,8 @@ func TestValidateEnv(t *testing.T) {
|
||||
{Name: "ABC", Value: "value"},
|
||||
{Name: "AbC_123", Value: "value"},
|
||||
{Name: "abc", Value: ""},
|
||||
{Name: "a.b.c", Value: "value"},
|
||||
{Name: "a-b-c", Value: "value"},
|
||||
{
|
||||
Name: "abc",
|
||||
ValueFrom: &api.EnvVarSource{
|
||||
@@ -2676,9 +2678,24 @@ func TestValidateEnv(t *testing.T) {
|
||||
expectedError: "[0].name: Required value",
|
||||
},
|
||||
{
|
||||
name: "name not a C identifier",
|
||||
envs: []api.EnvVar{{Name: "a.b.c"}},
|
||||
expectedError: `[0].name: Invalid value: "a.b.c": ` + idErrMsg,
|
||||
name: "illegal character",
|
||||
envs: []api.EnvVar{{Name: "a!b"}},
|
||||
expectedError: `[0].name: Invalid value: "a!b": ` + envVarNameErrMsg,
|
||||
},
|
||||
{
|
||||
name: "dot only",
|
||||
envs: []api.EnvVar{{Name: "."}},
|
||||
expectedError: `[0].name: Invalid value: ".": must not be`,
|
||||
},
|
||||
{
|
||||
name: "double dots only",
|
||||
envs: []api.EnvVar{{Name: ".."}},
|
||||
expectedError: `[0].name: Invalid value: "..": must not be`,
|
||||
},
|
||||
{
|
||||
name: "leading double dots",
|
||||
envs: []api.EnvVar{{Name: "..abc"}},
|
||||
expectedError: `[0].name: Invalid value: "..abc": must not start with`,
|
||||
},
|
||||
{
|
||||
name: "value and valueFrom specified",
|
||||
@@ -2897,6 +2914,12 @@ func TestValidateEnvFrom(t *testing.T) {
|
||||
LocalObjectReference: api.LocalObjectReference{Name: "abc"},
|
||||
},
|
||||
},
|
||||
{
|
||||
Prefix: "a.b",
|
||||
ConfigMapRef: &api.ConfigMapEnvSource{
|
||||
LocalObjectReference: api.LocalObjectReference{Name: "abc"},
|
||||
},
|
||||
},
|
||||
{
|
||||
SecretRef: &api.SecretEnvSource{
|
||||
LocalObjectReference: api.LocalObjectReference{Name: "abc"},
|
||||
@@ -2908,6 +2931,12 @@ func TestValidateEnvFrom(t *testing.T) {
|
||||
LocalObjectReference: api.LocalObjectReference{Name: "abc"},
|
||||
},
|
||||
},
|
||||
{
|
||||
Prefix: "a.b",
|
||||
SecretRef: &api.SecretEnvSource{
|
||||
LocalObjectReference: api.LocalObjectReference{Name: "abc"},
|
||||
},
|
||||
},
|
||||
}
|
||||
if errs := ValidateEnvFrom(successCase, field.NewPath("field")); len(errs) != 0 {
|
||||
t.Errorf("expected success: %v", errs)
|
||||
@@ -2942,12 +2971,12 @@ func TestValidateEnvFrom(t *testing.T) {
|
||||
name: "invalid prefix",
|
||||
envs: []api.EnvFromSource{
|
||||
{
|
||||
Prefix: "a.b",
|
||||
Prefix: "a!b",
|
||||
ConfigMapRef: &api.ConfigMapEnvSource{
|
||||
LocalObjectReference: api.LocalObjectReference{Name: "abc"}},
|
||||
},
|
||||
},
|
||||
expectedError: `field[0].prefix: Invalid value: "a.b": ` + idErrMsg,
|
||||
expectedError: `field[0].prefix: Invalid value: "a!b": ` + envVarNameErrMsg,
|
||||
},
|
||||
{
|
||||
name: "zero-length name",
|
||||
@@ -2973,12 +3002,12 @@ func TestValidateEnvFrom(t *testing.T) {
|
||||
name: "invalid prefix",
|
||||
envs: []api.EnvFromSource{
|
||||
{
|
||||
Prefix: "a.b",
|
||||
Prefix: "a!b",
|
||||
SecretRef: &api.SecretEnvSource{
|
||||
LocalObjectReference: api.LocalObjectReference{Name: "abc"}},
|
||||
},
|
||||
},
|
||||
expectedError: `field[0].prefix: Invalid value: "a.b": ` + idErrMsg,
|
||||
expectedError: `field[0].prefix: Invalid value: "a!b": ` + envVarNameErrMsg,
|
||||
},
|
||||
{
|
||||
name: "no refs",
|
||||
@@ -3374,7 +3403,7 @@ func TestValidateContainers(t *testing.T) {
|
||||
ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File"},
|
||||
},
|
||||
"invalid env var name": {
|
||||
{Name: "abc", Image: "image", Env: []api.EnvVar{{Name: "ev.1"}}, ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File"},
|
||||
{Name: "abc", Image: "image", Env: []api.EnvVar{{Name: "ev!1"}}, ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File"},
|
||||
},
|
||||
"unknown volume name": {
|
||||
{Name: "abc", Image: "image", VolumeMounts: []api.VolumeMount{{Name: "anything", MountPath: "/foo"}},
|
||||
|
||||
Reference in New Issue
Block a user