Details
-
Bug
-
Resolution: Unresolved
-
Normal
-
4.13.z, 4.12.z, 4.14.z
Description
Description of problem:
1) Customer tag a image which including # (Hashtag) in the tag name
uk302-img-app-j:v0.6.12-build0000#000
2)When customer using OADP to backup images , they got below error
error excuting custom action(groupResource=imagestream.image.openshift.io namespace=dbp-p0010001, name=uk302-image-app-j): rpc error: code= Unknown= Invalid destination name udistribution-s3-c9814a92-67a4-4251-bd0d-142dfc4d3c80://dbp-p0010001/uk302-image-app-j:v0.6.12-build0000#00: invalid reference format
3) when check the source code below, we found that there are check towards tag name , seems # (Hashtag) is not allowed in regexp check
func copyImage(log logr.Logger, src, dest string, copyOptions *copy.Options) ([]byte, error) { policyContext, err := getPolicyContext() if err != nil { return []byte{}, fmt.Errorf("Error loading trust policy: %v", err) } defer policyContext.Destroy() srcRef, err := alltransports.ParseImageName(src) if err != nil { return []byte{}, fmt.Errorf("Invalid source name %s: %v", src, err) } destRef, err := alltransports.ParseImageName(dest) if err != nil { return []byte{}, fmt.Errorf("Invalid destination name %s: %v", dest, err) }
https://github.com/containers/image/blob/main/docker/reference/regexp.go#L111
const ( // alphaNumeric defines the alpha numeric atom, typically a // component of names. This only allows lower case characters and digits. alphaNumeric = `[a-z0-9]+` // separator defines the separators allowed to be embedded in name // components. This allow one period, one or two underscore and multiple // dashes. Repeated dashes and underscores are intentionally treated // differently. In order to support valid hostnames as name components, // supporting repeated dash was added. Additionally double underscore is // now allowed as a separator to loosen the restriction for previously // supported names. separator = `(?:[._]|__|[-]*)` // repository name to start with a component as defined by DomainRegexp // and followed by an optional port. domainComponent = `(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])` // The string counterpart for TagRegexp. tag = `[\w][\w.-]{0,127}` // The string counterpart for DigestRegexp. digestPat = `[A-Za-z][A-Za-z0-9]*(?:[-_+.][A-Za-z][A-Za-z0-9]*)*[:][[:xdigit:]]{32,}` // The string counterpart for IdentifierRegexp. identifier = `([a-f0-9]{64})` // The string counterpart for ShortIdentifierRegexp. shortIdentifier = `([a-f0-9]{6,64})`
Expected results: Customer want to know if this should be a bug that , when doing {code:java} oc tag
We should have some checking towards the tag name to prevent the #(Hashtag) or other non allowed code been setting in the image tag which causing unexpected issue like in using OADP or other tools.
please have a check , thank you!
Regards
Jacob
Attachments
Issue Links
- links to
-
RHEA-2024:0041
OpenShift Container Platform 4.16.z bug fix update
