Validate K8s resource references against the RFC 1123 hostname JSON Schema format (#37)

* update to Quarkus 3.32.1 and update dependencies to latest versions

* validate K8s resource references against the RFC 1123 hostname format Kubernetes uses

* fix the test by having a own SchemaCustomizer for Kubernetes names

* do not short-circuit the PostgreSQLInstanceReadinessCheck check once one instance is down

* let the PostgreSQLContextFactory exception bubble up

* add explicit string max length check of 63

Author: ThoSap

operator/build.gradle.kts

@@ -20,6 +20,7 @@ dependencies {
      * Fabric8 Kubernetes Client
      */
     implementation("io.fabric8:generator-annotations")
+    implementation("io.fabric8:crd-generator-api-v2")
 
     /**
      * jOOQ

operator/src/main/java/it/aboutbits/postgresql/PostgreSQLInstanceReadinessCheck.java

@@ -30,10 +30,11 @@ public HealthCheckResponse call() {
         var connections = kubernetesClient.resources(ClusterConnection.class).list().getItems();
 
         boolean allUp = connections.stream()
-                .allMatch(connection -> checkInstance(
+                .map(connection -> checkInstance(
                         connection,
                         builder
-                ));
+                ))
+                .reduce(true, Boolean::logicalAnd);
 
         return builder.status(allUp).build();
     }

operator/src/main/java/it/aboutbits/postgresql/core/ClusterReference.java

@@ -1,7 +1,10 @@
 package it.aboutbits.postgresql.core;
 
+import io.fabric8.crdv2.generator.v1.SchemaCustomizer;
+import io.fabric8.generator.annotation.Max;
 import io.fabric8.generator.annotation.Required;
 import io.fabric8.generator.annotation.ValidationRule;
+import it.aboutbits.postgresql.core.schema_customizer.KubernetesNameCustomizer;
 import lombok.Getter;
 import lombok.Setter;
 import org.jspecify.annotations.NullMarked;
@@ -10,15 +13,18 @@
 @NullMarked
 @Getter
 @Setter
+@SchemaCustomizer(KubernetesNameCustomizer.class)
 public class ClusterReference {
     @Required
+    @Max(63)
     @ValidationRule(
             value = "self.trim().size() > 0",
             message = "The ClusterReference name must not be empty."
     )
     private String name = "";
 
     @Nullable
+    @Max(63)
     @io.fabric8.generator.annotation.Nullable
     private String namespace;
 }

operator/src/main/java/it/aboutbits/postgresql/core/PostgreSQLContextFactory.java

@@ -5,6 +5,7 @@
 import jakarta.enterprise.context.ApplicationScoped;
 import lombok.RequiredArgsConstructor;
 import org.jooq.CloseableDSLContext;
+import org.jooq.exception.DataAccessException;
 import org.jooq.impl.DSL;
 import org.jspecify.annotations.NullMarked;
 
@@ -21,7 +22,7 @@ public class PostgreSQLContextFactory {
     private final KubernetesClient kubernetesClient;
 
     /// Create a DSLContext with a JDBC connection to the PostgreSQL maintenance database.
-    public CloseableDSLContext getDSLContext(ClusterConnection clusterConnection) {
+    public CloseableDSLContext getDSLContext(ClusterConnection clusterConnection) throws DataAccessException {
         return getDSLContext(
                 clusterConnection,
                 clusterConnection.getSpec().getDatabase()
@@ -32,7 +33,7 @@ public CloseableDSLContext getDSLContext(ClusterConnection clusterConnection) {
     public CloseableDSLContext getDSLContext(
             ClusterConnection clusterConnection,
             String database
-    ) {
+    ) throws DataAccessException {
         var credentials = kubernetesService.getSecretRefCredentials(
                 kubernetesClient,
                 clusterConnection

operator/src/main/java/it/aboutbits/postgresql/core/SecretRef.java

@@ -1,7 +1,10 @@
 package it.aboutbits.postgresql.core;
 
+import io.fabric8.crdv2.generator.v1.SchemaCustomizer;
+import io.fabric8.generator.annotation.Max;
 import io.fabric8.generator.annotation.Required;
 import io.fabric8.generator.annotation.ValidationRule;
+import it.aboutbits.postgresql.core.schema_customizer.KubernetesNameCustomizer;
 import lombok.Getter;
 import lombok.Setter;
 import org.jspecify.annotations.NullMarked;
@@ -10,8 +13,10 @@
 @NullMarked
 @Getter
 @Setter
+@SchemaCustomizer(KubernetesNameCustomizer.class)
 public class SecretRef {
     @Required
+    @Max(63)
     @ValidationRule(
             value = "self.trim().size() > 0",
             message = "The SecretRef name must not be empty."
@@ -23,6 +28,7 @@ public class SecretRef {
      * If it is null, it means the Secret is in the same namespace as the resource referencing it.
      */
     @Nullable
+    @Max(63)
     @io.fabric8.generator.annotation.Nullable
     private String namespace;
 }

operator/src/main/java/it/aboutbits/postgresql/core/schema_customizer/HostCustomizer.java

@@ -0,0 +1,98 @@
+package it.aboutbits.postgresql.core.schema_customizer;
+
+import io.fabric8.crdv2.generator.v1.SchemaCustomizer;
+import io.fabric8.kubernetes.api.model.apiextensions.v1.JSONSchemaProps;
+import io.fabric8.kubernetes.client.utils.KubernetesSerialization;
+import org.jspecify.annotations.NullMarked;
+
+import java.util.Arrays;
+import java.util.List;
+import java.util.Set;
+import java.util.stream.Collectors;
+
+/// A [SchemaCustomizer.Customizer] that sets the `format` of string properties
+/// to `{"anyOf":[{"format":"hostname"},{"format":"ipv4"},{"format":"ipv6"}]}`
+/// in the generated CRD JSON Schema.
+///
+/// This customizer is intended to be used with the
+/// [@SchemaCustomizer][SchemaCustomizer] annotation on a class whose properties
+/// should be validated to valid hosts defined.
+///
+/// ### Behavior
+///
+/// - If `input` is **blank** (the default), the `"hostname"` format
+///   is applied to **all** string properties of the annotated class.
+/// - If `input` contains a **comma-separated list** of field names,
+///   the format is applied **only** to the specified properties.
+///
+/// ### Usage examples
+///
+/// **Apply to all string properties:**
+///
+/// ```java
+/// @SchemaCustomizer(value = HostCustomizer.class)
+/// public class ClusterConnectionSpec {
+///     private String host = "";        // gets custom format
+///     private String anotherHost = ""; // gets custom format
+/// }
+/// ```
+///
+/// **Apply to specific properties only:**
+///
+/// ```java
+/// @SchemaCustomizer(value = HostCustomizer.class, input = "host,anotherHost")
+/// public class ClusterConnectionSpec {
+///     private String host = "";          // gets custom format
+///     private String anotherHost = "";   // gets custom format
+///     private String unchangedHost = ""; // unchanged
+/// }
+/// ```
+///
+/// @see SchemaCustomizer
+/// @see SchemaCustomizer.Customizer
+@NullMarked
+public class HostCustomizer implements SchemaCustomizer.Customizer {
+    @Override
+    public JSONSchemaProps apply(
+            JSONSchemaProps jsonSchemaProps,
+            String input,
+            KubernetesSerialization kubernetesSerialization
+    ) {
+        var properties = jsonSchemaProps.getProperties();
+        if (properties == null) {
+            return jsonSchemaProps;
+        }
+
+        var targetFields = input.isBlank()
+                ? Set.<String>of()
+                : Arrays.stream(input.split(","))
+                        .map(String::trim)
+                        .collect(Collectors.toSet());
+
+        for (var entry : properties.entrySet()) {
+            var prop = entry.getValue();
+            if ("string".equals(prop.getType())
+                    && (targetFields.isEmpty() || targetFields.contains(entry.getKey()))
+            ) {
+                prop.setFormat(null);
+
+                var hostnameProp = new JSONSchemaProps();
+                hostnameProp.setFormat("hostname");
+
+                var ipv4Prop = new JSONSchemaProps();
+                ipv4Prop.setFormat("ipv4");
+
+                var ipv6Prop = new JSONSchemaProps();
+                ipv6Prop.setFormat("ipv6");
+
+                prop.setAnyOf(List.of(
+                        hostnameProp,
+                        ipv4Prop,
+                        ipv6Prop
+                ));
+            }
+        }
+
+        return jsonSchemaProps;
+    }
+}

operator/src/main/java/it/aboutbits/postgresql/core/schema_customizer/KubernetesNameCustomizer.java

@@ -0,0 +1,90 @@
+package it.aboutbits.postgresql.core.schema_customizer;
+
+import io.fabric8.crdv2.generator.v1.SchemaCustomizer;
+import io.fabric8.kubernetes.api.model.apiextensions.v1.JSONSchemaProps;
+import io.fabric8.kubernetes.client.utils.KubernetesSerialization;
+import org.jspecify.annotations.NullMarked;
+
+import java.util.Arrays;
+import java.util.Set;
+import java.util.stream.Collectors;
+
+/// A [SchemaCustomizer.Customizer] that adds a Kubernetes name validation
+/// `pattern` (RFC 1123 DNS label) to string properties in the generated CRD
+/// JSON Schema.
+///
+/// The pattern enforces:
+/// - Contain at most 63 characters
+/// - Contain only lowercase alphanumeric characters or '-'
+/// - Start with an alphabetic character
+/// - End with an alphanumeric character
+///
+/// This customizer is intended to be used with the
+/// [@SchemaCustomizer][SchemaCustomizer] annotation on a class whose string
+/// properties represent Kubernetes resource names.
+///
+/// ### Behavior
+///
+/// - If `input` is **blank** (the default), the `"hostname"` format
+///   is applied to **all** string properties of the annotated class.
+/// - If `input` contains a **comma-separated list** of field names,
+///   the format is applied **only** to the specified properties.
+///
+/// ### Usage examples
+///
+/// **Apply to all string properties:**
+///
+/// ```java
+/// @SchemaCustomizer(KubernetesNameCustomizer.class)
+/// public class SecretRef {
+///     private String name = ""; // gets pattern: Kubernetes name regex
+///     private String namespace; // gets pattern: Kubernetes name regex
+/// }
+/// ```
+///
+/// **Apply to specific properties only:**
+///
+/// ```java
+/// @SchemaCustomizer(value = KubernetesNameCustomizer.class, input = "name,anotherName")
+/// public class SecretRef {
+///     private String name = "";        // gets pattern: Kubernetes name regex
+///     private String anotherName = ""; // gets pattern: Kubernetes name regex
+///     private String namespace;        // unchanged
+/// }
+/// ```
+///
+/// @see SchemaCustomizer
+/// @see SchemaCustomizer.Customizer
+@NullMarked
+public class KubernetesNameCustomizer implements SchemaCustomizer.Customizer {
+    static final String KUBERNETES_NAME_PATTERN = "^[a-z]([a-z0-9\\-]{0,61}[a-z0-9])?$";
+
+    @Override
+    public JSONSchemaProps apply(
+            JSONSchemaProps jsonSchemaProps,
+            String input,
+            KubernetesSerialization kubernetesSerialization
+    ) {
+        var properties = jsonSchemaProps.getProperties();
+        if (properties == null) {
+            return jsonSchemaProps;
+        }
+
+        var targetFields = input.isBlank()
+                ? Set.<String>of()
+                : Arrays.stream(input.split(","))
+                        .map(String::trim)
+                        .collect(Collectors.toSet());
+
+        for (var entry : properties.entrySet()) {
+            var prop = entry.getValue();
+            if ("string".equals(prop.getType())
+                    && (targetFields.isEmpty() || targetFields.contains(entry.getKey()))
+            ) {
+                prop.setPattern(KUBERNETES_NAME_PATTERN);
+            }
+        }
+
+        return jsonSchemaProps;
+    }
+}

operator/src/main/java/it/aboutbits/postgresql/crd/clusterconnection/ClusterConnectionSpec.java

@@ -1,10 +1,12 @@
 package it.aboutbits.postgresql.crd.clusterconnection;
 
+import io.fabric8.crdv2.generator.v1.SchemaCustomizer;
 import io.fabric8.generator.annotation.Max;
 import io.fabric8.generator.annotation.Min;
 import io.fabric8.generator.annotation.Required;
 import io.fabric8.generator.annotation.ValidationRule;
 import it.aboutbits.postgresql.core.SecretRef;
+import it.aboutbits.postgresql.core.schema_customizer.HostCustomizer;
 import lombok.Getter;
 import lombok.Setter;
 import org.jspecify.annotations.NullMarked;
@@ -15,6 +17,7 @@
 @NullMarked
 @Getter
 @Setter
+@SchemaCustomizer(value = HostCustomizer.class, input = "host")
 public class ClusterConnectionSpec {
     @Required
     @ValidationRule(

operator/src/test/java/it/aboutbits/postgresql/PostgreSQLInstanceReadinessCheckTest.java

@@ -11,6 +11,7 @@
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 
+import java.util.Map;
 import java.util.Objects;
 
 import static org.assertj.core.api.Assertions.assertThat;
@@ -67,13 +68,35 @@ void call_whenSomeConnectionsDown_shouldReturnDown() {
         given.one()
                 .clusterConnection()
                 .withName("db-1")
-                .returnFirst();
+                .apply();
 
         given.one()
                 .clusterConnection()
                 .withName("db-2")
-                .withHost("non-existent-host")
-                .returnFirst();
+                .withHost("localhost")
+                .withPort(2345) // Wrong port
+                .apply();
+
+        given.one()
+                .clusterConnection()
+                .withName("db-3")
+                .withHost("127.0.0.1")
+                .withPort(2345) // Wrong port
+                .apply();
+
+        given.one()
+                .clusterConnection()
+                .withName("db-4")
+                .withHost("::1")
+                .withPort(2345) // Wrong port
+                .apply();
+
+        given.one()
+                .clusterConnection()
+                .withName("db-5")
+                .withHost("0:0:0:0:0:0:0:1")
+                .withPort(2345) // Wrong port
+                .apply();
 
         var response = readinessCheck.call();
 
@@ -93,7 +116,12 @@ void call_whenSomeConnectionsDown_shouldReturnDown() {
 
                     assertThat(dbStatus.toString()).startsWith("UP (PostgreSQL");
 
-                    assertThat(data).containsEntry("db-2", "DOWN");
+                    assertThat(data).containsAllEntriesOf(Map.of(
+                            "db-2", "DOWN",
+                            "db-3", "DOWN",
+                            "db-4", "DOWN",
+                            "db-5", "DOWN"
+                    ));
                 });
     }
 }