Add validation for vpcID in tgb spec

shraddhabang · Apr 18, 2024 · 4c38912 · 4c38912
1 parent fa60f1e
commit 4c38912
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/webhooks/elbv2/targetgroupbinding_validator.go b/webhooks/elbv2/targetgroupbinding_validator.go
@@ -2,6 +2,7 @@ package elbv2
 
 import (
 	"context"
+	"regexp"
 	"strings"
 
 	awssdk "github.com/aws/aws-sdk-go/aws"
@@ -20,6 +21,8 @@ import (
 
 const apiPathValidateELBv2TargetGroupBinding = "/validate-elbv2-k8s-aws-v1beta1-targetgroupbinding"
 
+var vpcIDPatternRegex = regexp.MustCompile("^(?:vpc-[0-9a-f]{8}|vpc-[0-9a-f]{17})$")
+
 // NewTargetGroupBindingValidator returns a validator for TargetGroupBinding CRD.
 func NewTargetGroupBindingValidator(k8sClient client.Client, elbv2Client services.ELBV2, vpcID string, logger logr.Logger) *targetGroupBindingValidator {
 	return &targetGroupBindingValidator{
@@ -165,6 +168,9 @@ func (v *targetGroupBindingValidator) checkTargetGroupVpcID(ctx context.Context,
 	if tgb.Spec.VpcID == "" {
 		return nil
 	}
+	if !vpcIDPatternRegex.MatchString(tgb.Spec.VpcID) {
+		return errors.Errorf("ValidationError: vpcID %v failed to satisfy constraint: VPC Id must begin with 'vpc-' followed by 8 or 17 lowercase letters (a-f) or numbers.", tgb.Spec.VpcID)
+	}
 	vpcID, err := v.getVpcIDFromAWS(ctx, tgb.Spec.TargetGroupARN)
 	if err != nil {
 		return errors.Wrap(err, "unable to get target group VpcID")