spacebar/kamal
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Validate that destination, role, and service are not set as labels on roles and accessories

Browse Source
This commit is contained in:
Nick Hammond
2025-06-09 19:08:20 -07:00
parent 344e2d7995
commit 1d88281fee
4 changed files with 16 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
lib/kamal/configuration/validator.rb
View File

@@ -169,6 +169,16 @@ class Kamal::Configuration::Validator
unknown_keys_error unknown_keys if unknown_keys.present? unknown_keys_error unknown_keys if unknown_keys.present?
end end
def validate_labels!(labels)
with_context("labels") do
labels.each do |key, _|
with_context(key) do
error "invalid label. destination, role, and service are reserved labels" if %w[destination role service].include?(key)
end
end
end
end
def validate_docker_options!(options) def validate_docker_options!(options)
if options if options
error "Cannot set restart policy in docker options, unless-stopped is required" if options["restart"] error "Cannot set restart policy in docker options, unless-stopped is required" if options["restart"]

2
lib/kamal/configuration/validator/accessory.rb
View File

@@ -6,6 +6,8 @@ class Kamal::Configuration::Validator::Accessory < Kamal::Configuration::Validat
error "specify one of `host`, `hosts`, `role`, `roles`, `tag` or `tags`" error "specify one of `host`, `hosts`, `role`, `roles`, `tag` or `tags`"
end end
validate_labels!(config["labels"]) if config.key?("labels")
validate_docker_options!(config["options"]) validate_docker_options!(config["options"])
end end
end end

2
lib/kamal/configuration/validator/role.rb
View File

@@ -2,6 +2,8 @@ class Kamal::Configuration::Validator::Role < Kamal::Configuration::Validator
def validate! def validate!
validate_type! config, Array, Hash validate_type! config, Array, Hash
validate_labels!(config["labels"]) if config.key?("labels")
if config.is_a?(Array) if config.is_a?(Array)
validate_servers!(config) validate_servers!(config)
else else

2
test/configuration/validation_test.rb
View File

@@ -42,6 +42,7 @@ class ConfigurationValidationTest < ActiveSupport::TestCase
assert_error "servers/web/options: should be a hash", servers: { "web" => { "options" => "" } } assert_error "servers/web/options: should be a hash", servers: { "web" => { "options" => "" } }
assert_error "servers/web/logging/options: should be a hash", servers: { "web" => { "logging" => { "options" => "" } } } assert_error "servers/web/logging/options: should be a hash", servers: { "web" => { "logging" => { "options" => "" } } }
assert_error "servers/web/logging/driver: should be a string", servers: { "web" => { "logging" => { "driver" => [] } } } assert_error "servers/web/logging/driver: should be a string", servers: { "web" => { "logging" => { "driver" => [] } } }
assert_error "servers/web/labels/service: invalid label. destination, role, and service are reserved labels", servers: { "web" => { "labels" => { "service" => "foo" } } }
assert_error "servers/web/labels: should be a hash", servers: { "web" => { "labels" => [] } } assert_error "servers/web/labels: should be a hash", servers: { "web" => { "labels" => [] } }
assert_error "servers/web/env: should be a hash", servers: { "web" => { "env" => [] } } assert_error "servers/web/env: should be a hash", servers: { "web" => { "env" => [] } }
assert_error "servers/web/env: tags are only allowed in the root env", servers: { "web" => { "hosts" => [ "1.1.1.1" ], "env" => { "tags" => {} } } } assert_error "servers/web/env: tags are only allowed in the root env", servers: { "web" => { "hosts" => [ "1.1.1.1" ], "env" => { "tags" => {} } } }
@@ -58,6 +59,7 @@ class ConfigurationValidationTest < ActiveSupport::TestCase
assert_error "accessories/accessory1: should be a hash", accessories: { "accessory1" => [] } assert_error "accessories/accessory1: should be a hash", accessories: { "accessory1" => [] }
assert_error "accessories/accessory1: unknown key: unknown", accessories: { "accessory1" => { "unknown" => "baz" } } assert_error "accessories/accessory1: unknown key: unknown", accessories: { "accessory1" => { "unknown" => "baz" } }
assert_error "accessories/accessory1/options: should be a hash", accessories: { "accessory1" => { "options" => [] } } assert_error "accessories/accessory1/options: should be a hash", accessories: { "accessory1" => { "options" => [] } }
assert_error "accessories/accessory1/labels/destination: invalid label. destination, role, and service are reserved labels", accessories: { "accessory1" => { "host" => "host", "labels" => { "destination" => "foo" } } }
assert_error "accessories/accessory1/host: should be a string", accessories: { "accessory1" => { "host" => [] } } assert_error "accessories/accessory1/host: should be a string", accessories: { "accessory1" => { "host" => [] } }
assert_error "accessories/accessory1/env: should be a hash", accessories: { "accessory1" => { "env" => [] } } assert_error "accessories/accessory1/env: should be a hash", accessories: { "accessory1" => { "env" => [] } }
assert_error "accessories/accessory1/env: tags are only allowed in the root env", accessories: { "accessory1" => { "host" => "host", "env" => { "tags" => {} } } } assert_error "accessories/accessory1/env: tags are only allowed in the root env", accessories: { "accessory1" => { "host" => "host", "env" => { "tags" => {} } } }