Namespace validation now allows asterisks

Signed-off-by: F. Gold <fgold@vmware.com>
2026-01-08 14:21:18 +00:00 · 2021-10-18 16:45:23 -07:00
parent e1e6332e07
commit 54fa63939a
2 changed files with 23 additions and 14 deletions
--- a/pkg/util/collections/includes_excludes.go
+++ b/pkg/util/collections/includes_excludes.go
@@ -164,21 +164,13 @@ func ValidateNamespaceIncludesExcludes(includesList, excludesList []string) []er
 	excludes := sets.NewString(excludesList...)

 	for _, itm := range includes.List() {
-		// Although asterisks is not a valid Kubernetes namespace name, it is
-		// allowed here.
-		if itm != "*" {
-			if nsErrs := validateNamespaceName(itm); nsErrs != nil {
-				errs = append(errs, nsErrs...)
-			}
+		if nsErrs := validateNamespaceName(itm); nsErrs != nil {
+			errs = append(errs, nsErrs...)
 		}
 	}
-
 	for _, itm := range excludes.List() {
-		// Asterisks in excludes list have been checked previously.
-		if itm != "*" {
-			if nsErrs := validateNamespaceName(itm); nsErrs != nil {
-				errs = append(errs, nsErrs...)
-			}
+		if nsErrs := validateNamespaceName(itm); nsErrs != nil {
+			errs = append(errs, nsErrs...)
 		}
 	}

@@ -188,7 +180,12 @@ func ValidateNamespaceIncludesExcludes(includesList, excludesList []string) []er
 func validateNamespaceName(ns string) []error {
 	var errs []error

-	if errMsgs := validation.ValidateNamespaceName(ns, false); errMsgs != nil {
+	// Kubernetes does not allow asterisks in namespaces but Velero uses them as
+	// wildcards. Replace asterisks with an arbitrary letter to pass Kubernetes
+	// validation.
+	tmpNamespace := strings.ReplaceAll(ns, "*", "x")
+
+	if errMsgs := validation.ValidateNamespaceName(tmpNamespace, false); errMsgs != nil {
 		for _, msg := range errMsgs {
 			errs = append(errs, errors.Errorf("invalid namespace %q: %s", ns, msg))
 		}
--- a/pkg/util/collections/includes_excludes_test.go
+++ b/pkg/util/collections/includes_excludes_test.go
@@ -232,7 +232,7 @@ func TestValidateNamespaceIncludesExcludes(t *testing.T) {
 		{
 			name:     "special characters in name is invalid",
 			includes: []string{"foo?", "foo.bar", "bar_321"},
-			excludes: []string{"$foo", "foo*bar", "bar=321"},
+			excludes: []string{"$foo", "foo>bar", "bar=321"},
 			wantErr:  true,
 		},
 		{
@@ -245,6 +245,18 @@ func TestValidateNamespaceIncludesExcludes(t *testing.T) {
 			includes: []string{"*"},
 			wantErr:  false,
 		},
+		{
+			name:     "excludes can contain wildcard",
+			includes: []string{"foo", "bar"},
+			excludes: []string{"nginx-ingress-*", "*-bar", "*-ingress-*"},
+			wantErr:  false,
+		},
+		{
+			name:     "includes can contain wildcard",
+			includes: []string{"*-foo", "kube-*", "*kube*"},
+			excludes: []string{"bar"},
+			wantErr:  false,
+		},
 		{
 			name:     "include everything not allowed with other includes",
 			includes: []string{"*", "foo"},