Skip to content

Commit

Permalink
Merge pull request #353 from nolar/annotations-charsets
Browse files Browse the repository at this point in the history
Force annotations to end strictly with alphanumeric characters
  • Loading branch information
nolar authored Apr 28, 2020
2 parents 8439252 + 4fa7128 commit e81c109
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 10 deletions.
5 changes: 3 additions & 2 deletions kopf/storage/progress.py
Original file line number Diff line number Diff line change
Expand Up @@ -232,13 +232,14 @@ def make_key(self, key: Union[str, handlers.HandlerId], max_length: int = 63) ->

# K8s has a limitation of 63 chars per annotation/label key.
# Force it to 63 chars by replacing the tail with a consistent hash (with full alphabet).
# Force it to end with alnums instead of altchars or trailing chars (K8s requirement).
prefix = f'{self.prefix}/' if self.prefix else ''
if len(safe_key) <= max_length - len(prefix):
suffix = ''
else:
digest = hashlib.blake2b(safe_key.encode('utf-8'), digest_size=4).digest()
alnums = base64.b64encode(digest, altchars=b'-.').replace(b'=', b'-').decode('ascii')
suffix = f'-{alnums}'
alnums = base64.b64encode(digest, altchars=b'-.').decode('ascii')
suffix = f'-{alnums}'.rstrip('=-.')

full_key = f'{prefix}{safe_key[:max_length - len(prefix) - len(suffix)]}{suffix}'
return full_key
Expand Down
16 changes: 8 additions & 8 deletions tests/persistence/test_annotations_hashing.py
Original file line number Diff line number Diff line change
Expand Up @@ -32,19 +32,19 @@
# The suffix itself (if appended) takes 9, so it is 30 left. The same math for no prefix.
['my-operator.example.com', 'x', 'my-operator.example.com/x'],
['my-operator.example.com', 'x' * 39, 'my-operator.example.com/' + 'x' * 39],
['my-operator.example.com', 'x' * 40, 'my-operator.example.com/' + 'x' * 30 + '-tEokcg--'],
['my-operator.example.com', 'y' * 40, 'my-operator.example.com/' + 'y' * 30 + '-VZlvhw--'],
['my-operator.example.com', 'z' * 40, 'my-operator.example.com/' + 'z' * 30 + '-LlPQyA--'],
['my-operator.example.com', 'x' * 40, 'my-operator.example.com/' + 'x' * 30 + 'xx-tEokcg'],
['my-operator.example.com', 'y' * 40, 'my-operator.example.com/' + 'y' * 30 + 'yy-VZlvhw'],
['my-operator.example.com', 'z' * 40, 'my-operator.example.com/' + 'z' * 30 + 'zz-LlPQyA'],
[None, 'x', 'x'],
[None, 'x' * 63, 'x' * 63],
[None, 'x' * 64, 'x' * 54 + '-SItAqA--'],
[None, 'y' * 64, 'y' * 54 + '-0d251g--'],
[None, 'z' * 64, 'z' * 54 + '-E7wvIA--'],
[None, 'x' * 64, 'x' * 54 + 'xx-SItAqA'], # base64: SItAqA==
[None, 'y' * 64, 'y' * 54 + 'yy-0d251g'], # base64: 0d251g==
[None, 'z' * 64, 'z' * 54 + 'zz-E7wvIA'], # base64: E7wvIA==

# For special chars in base64 encoding ("+" and "/"), which are not compatible with K8s.
# The numbers are found empirically so that both "/" and "+" are found in the base64'ed digest.
['my-operator.example.com', 'fn' * 323, 'my-operator.example.com/' + 'fn' * 15 + '-Az-r.g--'],
[None, 'fn' * 323, 'fn' * 27 + '-Az-r.g--'],
['my-operator.example.com', 'fn' * 323, 'my-operator.example.com/' + 'fn' * 15 + 'fn-Az-r.g'],
[None, 'fn' * 323, 'fn' * 27 + 'fn-Az-r.g'], # base64: Az-r.g==

])

Expand Down

0 comments on commit e81c109

Please sign in to comment.