-
Notifications
You must be signed in to change notification settings - Fork 509
CNTRLPLANE-2782, CNTRLPLANE-2781: Document and validate Azure Marketplace image fields #8211
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: main
Are you sure you want to change the base?
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -131,7 +131,12 @@ type AzureVMImage struct { | |
| Type AzureVMImageType `json:"type"` | ||
|
|
||
| // imageID is the Azure resource ID of a VHD image to use to boot the Azure VMs from. | ||
| // TODO: What is the valid character set for this field? What about minimum and maximum lengths? | ||
| // The expected format is an Azure resource ID string. This can be a managed image or an | ||
| // Azure Compute Gallery image version, for example: | ||
| // /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/images/{imageName} | ||
| // /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/galleries/{galleryName}/images/{imageDefinitionName}/versions/{imageVersionName} | ||
| // See https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/resource-name-rules for | ||
| // Azure resource naming rules and restrictions. | ||
| // | ||
| // +optional | ||
| // +unionMember | ||
|
|
@@ -166,28 +171,38 @@ type AzureMarketplaceImage struct { | |
| ImageGeneration *AzureVMImageGeneration `json:"imageGeneration,omitempty"` | ||
|
|
||
| // publisher is the name of the organization that created the image. | ||
| // It must be between 3 and 50 characters in length, and consist of only lowercase letters, numbers, and hyphens (-) and underscores (_). | ||
| // It must start with a lowercase letter or a number. | ||
| // TODO: Can we explain where a user might find this value, or provide an example of one they might want to use | ||
| // For example, "azureopenshift", "canonical", or "redhat". | ||
| // It must be between 3 and 50 characters in length, and consist of only lowercase letters, numbers, hyphens (-), and underscores (_). | ||
|
Contributor
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. It also looks like this must start with a lowercase alphanumeric character. It also looks like ending with a hyphen/underscore would be allowed with the currently enforced regular expression. Is that actually valid?
Author
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Good catch on both points.
I'll make this fix — good eye. AI-assisted response via Claude Code |
||
| // It must start and end with a lowercase letter or a number. | ||
| // See https://learn.microsoft.com/en-us/azure/virtual-machines/linux/cli-ps-findimage for more | ||
| // information on Azure Marketplace image publishers. | ||
| // | ||
| // +kubebuilder:validation:Pattern=`^[a-z0-9][a-z0-9-_]{2,49}$` | ||
| // +kubebuilder:validation:Pattern=`^[a-z0-9][a-z0-9-_]*[a-z0-9]$` | ||
| // +kubebuilder:validation:MinLength=3 | ||
| // +kubebuilder:validation:MaxLength=50 | ||
| // +optional | ||
| Publisher string `json:"publisher,omitempty"` | ||
|
|
||
| // offer specifies the name of a group of related images created by the publisher. | ||
| // TODO: What is the valid character set for this field? What about minimum and maximum lengths? | ||
|
Contributor
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. It looks like the valid character set TODO here wasn't resolved. Is there a particular pattern that should be enforced here to ensure only inputs that resemble a valid offer name are provided?
Author
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Good point — the valid character set TODO wasn't fully resolved because Azure doesn't publish a strict regex for offer names, and the upstream CAPZ Looking at real Azure Marketplace offer names, they can include mixed-case letters — e.g., CAPZ's own examples are A reasonable approach would be to add a permissive pattern like I'll add a pattern that matches the known Azure conventions. Let me know if you'd prefer a specific approach. AI-assisted response via Claude Code |
||
| // | ||
| // For example, "RHEL", "WindowsServer", or "0001-com-ubuntu-server-jammy". | ||
| // The value must consist of only alphanumeric characters (a-z, A-Z, 0-9), | ||
| // hyphens (-), underscores (_), and periods (.). | ||
| // It must start with an alphanumeric character. | ||
| // See https://learn.microsoft.com/en-us/azure/virtual-machines/linux/cli-ps-findimage for more | ||
| // information on Azure Marketplace image offers. | ||
| // | ||
| // +kubebuilder:validation:XValidation:rule="self.matches('^[a-zA-Z0-9][a-zA-Z0-9._-]*$')",message="offer must consist of alphanumeric characters, hyphens, underscores, and periods, and must start with an alphanumeric character" | ||
| // +kubebuilder:validation:MinLength=1 | ||
| // +kubebuilder:validation:MaxLength=255 | ||
| // +optional | ||
| Offer string `json:"offer,omitempty"` | ||
|
|
||
| // sku specifies an instance of an offer, such as a major release of a distribution. | ||
| // For example, 22_04-lts-gen2, 8-lvm-gen2. | ||
| // The value must consist only of lowercase letters, numbers, and hyphens (-) and underscores (_). | ||
| // TODO: What about length limits? | ||
| // The value must be between 1 and 255 characters in length, and consist of only lowercase | ||
| // letters, numbers, hyphens (-), and underscores (_). | ||
| // See https://learn.microsoft.com/en-us/azure/virtual-machines/linux/cli-ps-findimage for more | ||
| // information on Azure Marketplace image SKUs. | ||
| // | ||
| // +kubebuilder:validation:Pattern=`^[a-z0-9-_]+$` | ||
| // +kubebuilder:validation:MinLength=1 | ||
|
|
||
|
Member
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
Author
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Done. Incorporated all changes from #8223 into this PR:
PR #8223 can be closed once this is merged. AI-assisted response via Claude Code
Member
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. hypershift you did not incorporate the changes here so you need to do that There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Done. Incorporated all changes from #8223:
AI-assisted response via Claude Code There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Done. All changes from #8223 are incorporated: imageID format docs, publisher examples and learn.microsoft.com links, offer CEL validation pattern, and SKU length documentation. Additionally, the publisher regex was tightened to require ending with alphanumeric ( AI-assisted response via Claude Code |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A real example would be helpful, maybe use quay.io/openshift-release-dev/ocp-release:4.21.10-x86_64
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done. Updated the publisher example from "redhat" to "azureopenshift", which is the publisher used for ARO (Azure Red Hat OpenShift) images throughout the codebase (e.g., in
hypershift-operator/controllers/nodepool/azure_test.goandtest/e2e/v2/tests/api_ux_validation_test.go).Note: the
quay.io/openshift-release-dev/ocp-release:4.21.10-x86_64reference is a container release image, not an Azure Marketplace publisher — so I used the real ARO marketplace publisher instead.AI-assisted response via Claude Code
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done. Updated the publisher example to
"azureopenshift"for Azure Red Hat OpenShift images (keeping"redhat"as a secondary example). These are real Azure Marketplace publisher names — thequay.io/openshift-release-dev/ocp-release:4.21.10-x86_64reference is the OCP release payload container image, which is a different concept from Azure Marketplace image URN components (publisher/offer/sku/version). Users can verify these values withaz vm image list-publishers --location <region>.AI-assisted response via Claude Code