Skip to content

Instantly share code, notes, and snippets.

@baijum
Created Jul 21, 2022
Embed
What would you like to do?
package secret
import (
"encoding/base64"
"github.com/asaskevich/govalidator"
corev1 "k8s.io/api/core/v1"
)
func decode(msg []byte) string {
decoded, _ := base64.StdEncoding.DecodeString(string(msg))
return string(decoded)
}
// ValidateWellKnownEntries validate the well-known Secret entries
func ValidateWellKnownEntries(sec *corev1.Secret) bool {
valid := true
for key, value := range sec.Data {
switch v := decode(value); key {
case "host":
if !govalidator.IsDNSName(v) {
valid = false
}
case "port":
if !govalidator.IsPort(v) {
valid = false
}
case "uri":
if !govalidator.IsURL(v) {
valid = false
}
case "username", "password":
if !govalidator.IsUTFLetterNumeric(v) {
valid = false
}
case "certificates", "private-key":
if !govalidator.IsPrintableASCII(v) {
valid = false
}
}
}
return valid
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment