Skip to content

runtime/secrets: validate proxy URL scheme and length#1038

Merged
matheuscscp merged 2 commits intofluxcd:mainfrom
cappyzawa:validate-proxy-url
Oct 6, 2025
Merged

runtime/secrets: validate proxy URL scheme and length#1038
matheuscscp merged 2 commits intofluxcd:mainfrom
cappyzawa:validate-proxy-url

Conversation

@cappyzawa
Copy link
Member

@cappyzawa cappyzawa commented Oct 6, 2025

ref: fluxcd/notification-controller#1190

While reviewing the negative diff in that PR, I noticed that the address key in the secret referenced by proxySecretRef is missing some validations.

@cappyzawa
runtime/secrets: validate proxy URL scheme and length
c1274b1 
Add validation to ProxyURLFromSecret to enforce scheme and length
restrictions that were previously enforced by CRD validation in
notification-controller's deprecated spec.proxy field.

The validation ensures:
- Only http or https schemes are accepted
- URL length does not exceed 2048 characters

The 2048 character limit matches the validation used in
notification-controller's spec.address field.

Signed-off-by: cappyzawa <[email protected]>
@cappyzawa
Prepare for release
3e994a9 
Signed-off-by: cappyzawa <[email protected]>
@cappyzawa cappyzawa marked this pull request as ready for review October 6, 2025 17:08
@cappyzawa cappyzawa requested review from a team, hiddeco and stefanprodan as code owners October 6, 2025 17:08
matheuscscp
matheuscscp approved these changes Oct 6, 2025
View reviewed changes
Copy link
Member

@matheuscscp matheuscscp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! 🚀

@matheuscscp matheuscscp merged commit d56c6f4 into fluxcd:main Oct 6, 2025
11 checks passed
@matheuscscp
Copy link
Member

matheuscscp commented Oct 6, 2025

@cappyzawa runtime/v0.87.0 is released 👌

@maboehm maboehm mentioned this pull request Oct 9, 2025
Closed
@cappyzawa cappyzawa deleted the validate-proxy-url branch November 12, 2025 15:01
@cappyzawa cappyzawa mentioned this pull request Nov 12, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@matheuscscp matheuscscp matheuscscp approved these changes

@hiddeco hiddeco Awaiting requested review from hiddeco hiddeco is a code owner

@stefanprodan stefanprodan Awaiting requested review from stefanprodan stefanprodan is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@cappyzawa @matheuscscp