Truncate name size when the name is too long (#122)

* Truncate name size when the name is too long
giantswarm · Jul 24, 2024 · 43f639e · 43f639e
1 parent dd0d727
commit 43f639e
Show file tree

Hide file tree

Showing 3 changed files with 31 additions and 12 deletions.
diff --git a/go.mod b/go.mod
@@ -268,3 +268,5 @@ replace go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelg
 replace github.com/lestrrat-go/jwx/v2 v2.0.18 => github.com/lestrrat-go/jwx/v2 v2.0.19
 
 replace github.com/sigstore/cosign/v2 v2.2.2 => github.com/sigstore/cosign/v2 v2.2.4
+
+replace github.com/hashicorp/go-retryablehttp v0.7.5 => github.com/hashicorp/go-retryablehttp v0.7.7
diff --git a/go.sum b/go.sum
@@ -702,16 +702,15 @@ github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brv
 github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
 github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ=
 github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=
-github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ=
-github.com/hashicorp/go-hclog v1.5.0 h1:bI2ocEMgcVlz55Oj1xZNBsVi900c7II+fWDyV9o+13c=
-github.com/hashicorp/go-hclog v1.5.0/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M=
+github.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB11/k=
+github.com/hashicorp/go-hclog v1.6.3/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M=
 github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
 github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM=
 github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk=
 github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
 github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
-github.com/hashicorp/go-retryablehttp v0.7.5 h1:bJj+Pj19UZMIweq/iie+1u5YCdGrnxCT9yvm0e+Nd5M=
-github.com/hashicorp/go-retryablehttp v0.7.5/go.mod h1:Jy/gPYAdjqffZ/yFGCFV2doI5wjtH1ewM9u8iYVjtX8=
+github.com/hashicorp/go-retryablehttp v0.7.7 h1:C8hUCYzor8PIfXHa4UrZkU4VvK8o9ISHxT2Q8+VepXU=
+github.com/hashicorp/go-retryablehttp v0.7.7/go.mod h1:pkQpWZeYWskR+D1tR2O5OcBFOxfA7DoAO6xtkuQnHTk=
 github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU=
 github.com/hashicorp/go-rootcerts v1.0.2 h1:jzhAVGtqPKbwpyCPELlgNWhE1znq+qwJtW5Oi2viEzc=
 github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8=

diff --git a/internal/controller/utils.go b/internal/controller/utils.go
@@ -13,10 +13,10 @@ var DefaultRequeueDuration = (time.Minute * 5)
 const (
 	ComponentName = "kyverno-policy-operator"
 	ManagedBy     = "app.kubernetes.io/managed-by"
+	MaxNameLength = 58
 )
 
 // generateLabels generates the labels for the Kyverno Policy Exception.
-
 func generateLabels() map[string]string {
 	labels := map[string]string{
 		ManagedBy: ComponentName,
@@ -31,7 +31,7 @@ func translateTargetsToResourceFilters(targets []policyAPI.Target) kyvernov1.Res
 		translatedResourceFilter := kyvernov1.ResourceFilter{
 			ResourceDescription: kyvernov1.ResourceDescription{
 				Namespaces: target.Namespaces,
-				Names:      addNameWildcard(target.Names),
+				Names:      formatNames(target.Names),
 				Kinds:      generateExceptionKinds(target.Kind),
 			},
 		}
@@ -40,19 +40,37 @@ func translateTargetsToResourceFilters(targets []policyAPI.Target) kyvernov1.Res
 	return resourceFilters
 }
 
-// addNameWildcard appends a wildcard to a target name if it does not already have one.
-
-func addNameWildcard(names []string) []string {
+// formatName validates the names size and adds a wildcard if necessary
+func formatNames(names []string) []string {
 	newNames := []string{}
 	for _, name := range names {
-		if name[len(name)-1:] != "*" {
-			name = name + "*"
+		// Check if name will be truncated by Kubernetes
+		if len(name) > MaxNameLength {
+			// Truncate in advanced to avoid issues
+			name = truncateName(name)
 		}
+		// Append wildcard if needed
+		name = addNameWildcard(name)
+		// Append name to the newNames array
 		newNames = append(newNames, name)
 	}
 	return newNames
 }
 
+// truncateName truncates a string name to 58 characters to match Kubernetes limits on generated resources
+func truncateName(name string) string {
+	return name[:MaxNameLength]
+}
+
+// addNameWildcard appends a wildcard to a target name if it does not already have one.
+func addNameWildcard(name string) string {
+	if name[len(name)-1:] != "*" {
+		name = name + "*"
+	}
+
+	return name
+}
+
 // translatePoliciesToExceptions takes a Kyverno ClusterPolicy array and transforms it into a Kyverno Exception array
 func translatePoliciesToExceptions(policies []kyvernov1.ClusterPolicy) []kyvernov2alpha1.Exception {
 	var exceptionArray []kyvernov2alpha1.Exception
Original file line number	Diff line number	Diff line change
Expand Up		@@ -268,3 +268,5 @@ replace go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelg
		replace github.com/lestrrat-go/jwx/v2 v2.0.18 => github.com/lestrrat-go/jwx/v2 v2.0.19

		replace github.com/sigstore/cosign/v2 v2.2.2 => github.com/sigstore/cosign/v2 v2.2.4

		replace github.com/hashicorp/go-retryablehttp v0.7.5 => github.com/hashicorp/go-retryablehttp v0.7.7