From 18856dace935db46d3ba84374ce23438922e272b Mon Sep 17 00:00:00 2001
From: Kenjiro Nakayama <nakayamakenjiro@gmail.com>
Date: Wed, 15 Apr 2020 21:04:02 +0900
Subject: [PATCH] Add DNS1123Label validation to IsFullyQualifiedDomainName
 func

This patch adds IsDNS1123Label validation to
IsFullyQualifiedDomainName func.

Even when one label is longer than 64 characters, the current
validation  does not validate it. Hence this patch adds the label
check and do not allow invalid domain.
---
 .../k8s.io/apimachinery/pkg/util/validation/validation.go   | 5 +++++
 .../apimachinery/pkg/util/validation/validation_test.go     | 6 ++++--
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/staging/src/k8s.io/apimachinery/pkg/util/validation/validation.go b/staging/src/k8s.io/apimachinery/pkg/util/validation/validation.go
index 915231f2e75..4752b29a960 100644
--- a/staging/src/k8s.io/apimachinery/pkg/util/validation/validation.go
+++ b/staging/src/k8s.io/apimachinery/pkg/util/validation/validation.go
@@ -106,6 +106,11 @@ func IsFullyQualifiedDomainName(fldPath *field.Path, name string) field.ErrorLis
 	if len(strings.Split(name, ".")) < 2 {
 		return append(allErrors, field.Invalid(fldPath, name, "should be a domain with at least two segments separated by dots"))
 	}
+	for _, label := range strings.Split(name, ".") {
+		if errs := IsDNS1123Label(label); len(errs) > 0 {
+			return append(allErrors, field.Invalid(fldPath, label, strings.Join(errs, ",")))
+		}
+	}
 	return allErrors
 }
 
diff --git a/staging/src/k8s.io/apimachinery/pkg/util/validation/validation_test.go b/staging/src/k8s.io/apimachinery/pkg/util/validation/validation_test.go
index cf6fc4a151a..522bf4ec916 100644
--- a/staging/src/k8s.io/apimachinery/pkg/util/validation/validation_test.go
+++ b/staging/src/k8s.io/apimachinery/pkg/util/validation/validation_test.go
@@ -557,7 +557,8 @@ func TestIsFullyQualifiedDomainName(t *testing.T) {
 		"bbc.co.uk",
 		"10.0.0.1", // DNS labels can start with numbers and there is no requirement for letters.
 		"hyphens-are-good.k8s.io",
-		strings.Repeat("a", 246) + ".k8s.io",
+		strings.Repeat("a", 63) + ".k8s.io",
+		strings.Repeat("a", 63) + "." + strings.Repeat("b", 63) + "." + strings.Repeat("c", 63) + "." + strings.Repeat("d", 54) + ".k8s.io",
 	}
 	for _, val := range goodValues {
 		if err := IsFullyQualifiedDomainName(field.NewPath(""), val).ToAggregate(); err != nil {
@@ -579,7 +580,8 @@ func TestIsFullyQualifiedDomainName(t *testing.T) {
 		"underscores_are_bad.k8s.io",
 		"foo@bar.example.com",
 		"http://foo.example.com",
-		strings.Repeat("a", 247) + ".k8s.io",
+		strings.Repeat("a", 64) + ".k8s.io",
+		strings.Repeat("a", 63) + "." + strings.Repeat("b", 63) + "." + strings.Repeat("c", 63) + "." + strings.Repeat("d", 55) + ".k8s.io",
 	}
 	for _, val := range badValues {
 		if err := IsFullyQualifiedDomainName(field.NewPath(""), val).ToAggregate(); err == nil {