2039256 – Domain validation fails when TLD contains a digit.

Bug 2039256 - Domain validation fails when TLD contains a digit.

Summary: Domain validation fails when TLD contains a digit.

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Networking
Sub Component:
Version:	4.9
Hardware:	Unspecified
OS:	All
Priority:	high
Severity:	high
Target Milestone:	---
Target Release:	4.11.0
Assignee:	Candace Holman
QA Contact:	Arvind iyengar
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	2049473 (view as bug list)
Depends On:
Blocks:	ocp-49-z-tracker 2009709 2072739
TreeView+	depends on / blocked

Reported:	2022-01-11 11:22 UTC by Joel Rosental R.
Modified:	2023-01-11 16:42 UTC (History)
CC List:	16 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	Cause: OpenShift 4.8 added an API for customizing platform routes, such as the routes for OpenShift console and OAuth. This API includes status and spec fields in the cluster ingress configuration for reporting the current host names of customizable routes as well as the user's desired host names for these routes, respectively. The API also defined constraints for these values. These constraints were overly restrictive and excluded some valid potential host names, such as host names with top-level domains (TLDs) that contained decimal digits. Consequence: The overly restrictive validation for the new API had two important consequences. First, the restriction on spec prevented users from specifying custom host names that should have been permitted. Second, the restriction on status prevented users from being able to install clusters with domains that should have been permitted, because the operators that report the status would fail when trying to update status. For example, installing a cluster with the domain m3558001.ocptest1 would fail because of the "1" in the TLD. Fix: The constraints on host names in the new API were relaxed to allow all host names that are valid for routes. Result: OpenShift once again allows users to use cluster domains with TLDs that contain decimal digits. OpenShift additionally allows users to customize the console and OAuth routes using any host names that are valid for routes.
Clone Of:
Clones:	2081457 (view as bug list)
Environment:
Last Closed:	2022-08-10 10:42:08 UTC
Target Upstream Version:
Embargoed:
Flags:	cholman: needinfo-

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Github	openshift cluster-config-operator pull 242	0	None	Merged	Revert config/v1/Node crd.yaml	2022-04-12 13:32:13 UTC
Red Hat Product Errata	RHSA-2022:5069	0	None	None	None	2022-08-10 10:42:38 UTC

Description Joel Rosental R. 2022-01-11 11:22:37 UTC

Description of problem:
When creating an Ingress object if it contains a digit in the TLD, e.g: something.domai2n, then validation fails.

OpenShift release version:
4.9.11

Cluster Platform:
OpenShift Container Platform (UPI installation)

How reproducible:
Always

Steps to Reproduce (in detail):
1. Create an Ingress object that contains a hostname with a number in the top-level-domain, e.g: something.domai2n:

apiVersion: config.openshift.io/v1
kind: Ingress
metadata:
  name: cluster
spec:
  componentRoutes:
  - hostname: something.domai2n
    name: test
    namespace: openshift-console
  domain: <removed>
status: {}


2. oc apply -f <file.yaml>
3.


Actual results:

The Ingress "cluster" is invalid: spec.componentRoutes.hostname: Invalid value: "something.domai2n": spec.componentRoutes.hostname in body must be of type hostname: "something.domai2n"

Expected results:

It should succeed as TLD has valid syntax.

Impact of the problem:

Currently stopping a customer delivery environment.

Comment 1 Miciah Dashiel Butler Masters 2022-01-11 17:12:50 UTC

Setting blocker- as this isn't a regression or upgrade blocker.  

Candace will check with the API team how we want to handle this.  

Related: https://stackoverflow.com/questions/9071279/number-in-the-top-level-domain

Comment 11 Candace Holman 2022-02-03 15:23:43 UTC

*** Bug 2049473 has been marked as a duplicate of this bug. ***

Comment 29 Arvind iyengar 2022-04-12 05:39:44 UTC

Based on C#28, Tested with the latest 4.11.0-0.nightly-2022-04-11-200046 nightly, the error no more occurs with component route containing numeric values in the hostname:
-------
oc get clusterversion                                 
NAME      VERSION                              AVAILABLE   PROGRESSING   SINCE   STATUS
version   4.11.0-0.nightly-2022-04-11-200046   True        False         76m     Cluster version is 4.11.0-0.nightly-2022-04-11-200046

# Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
#
apiVersion: config.openshift.io/v1
kind: Ingress
metadata:
  creationTimestamp: "2022-04-12T04:02:34Z"
  generation: 4
  name: cluster
  resourceVersion: "54152"
  uid: 52fc2920-532a-4839-877a-d3dbb388d75d
spec:
  componentRoutes:
  - hostname: custom-route-inval3d.doma2n
    name: downloads
    namespace: openshift-console
-------

Comment 33 Arvind iyengar 2022-04-13 03:59:29 UTC

With reference to C#29, marking this bug as "verified".

Comment 35 errata-xmlrpc 2022-08-10 10:42:08 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: OpenShift Container Platform 4.11.0 bug fix and security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:5069

Note You need to log in before you can comment on or make changes to this bug.