fix(ske): prevent usage of UUID for dns extension (#1025)

Signed-off-by: Alexander Dahmen <alexander.dahmen@inovex.de>
2025-10-10 14:24:29 +02:00 · 2025-10-10 14:24:29 +02:00 · 3769b43527
commit 3769b43527
parent 55a9a430fc
3 changed files with 65 additions and 0 deletions
--- a/stackit/internal/services/ske/cluster/resource.go
+++ b/stackit/internal/services/ske/cluster/resource.go
@ -12,6 +12,7 @@ import (
 	serviceenablementUtils "github.com/stackitcloud/terraform-provider-stackit/stackit/internal/services/serviceenablement/utils"
 	skeUtils "github.com/stackitcloud/terraform-provider-stackit/stackit/internal/services/ske/utils"

+	"github.com/hashicorp/terraform-plugin-framework-validators/listvalidator"
 	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
 	"github.com/hashicorp/terraform-plugin-framework/attr"
 	"github.com/hashicorp/terraform-plugin-framework/diag"
@ -660,6 +661,9 @@ func (r *clusterResource) Schema(_ context.Context, _ resource.SchemaRequest, re
 								PlanModifiers: []planmodifier.List{
 									listplanmodifier.UseStateForUnknown(),
 								},
+								Validators: []validator.List{
+									listvalidator.ValueStringsAre(validate.NoUUID()),
+								},
 							},
 						},
 					},
--- a/stackit/internal/validate/validate.go
+++ b/stackit/internal/validate/validate.go
@ -67,6 +67,23 @@ func UUID() *Validator {
 	}
 }

+func NoUUID() *Validator {
+	description := "value must not be an UUID"
+
+	return &Validator{
+		description: description,
+		validate: func(_ context.Context, req validator.StringRequest, resp *validator.StringResponse) {
+			if _, err := uuid.Parse(req.ConfigValue.ValueString()); err == nil {
+				resp.Diagnostics.Append(validatordiag.InvalidAttributeValueDiagnostic(
+					req.Path,
+					description,
+					req.ConfigValue.ValueString(),
+				))
+			}
+		},
+	}
+}
+
 // IP returns a validator that checks, if the given string is a valid IP address.
 // The allowZeroAddress parameter defines, if 0.0.0.0, resp. [::] should be considered valid.
 func IP(allowZeroAddress bool) *Validator {
--- a/stackit/internal/validate/validate_test.go
+++ b/stackit/internal/validate/validate_test.go
@ -55,6 +55,50 @@ func TestUUID(t *testing.T) {
 	}
 }

+func TestNoUUID(t *testing.T) {
+	tests := []struct {
+		description string
+		input       string
+		isValid     bool
+	}{
+		{
+			"UUID",
+			"cae27bba-c43d-498a-861e-d11d241c4ff8",
+			false,
+		},
+		{
+			"no UUID",
+			"a-b-c-d",
+			true,
+		},
+		{
+			"Empty",
+			"",
+			true,
+		},
+		{
+			"domain name",
+			"www.test.de",
+			true,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.description, func(t *testing.T) {
+			r := validator.StringResponse{}
+			NoUUID().ValidateString(context.Background(), validator.StringRequest{
+				ConfigValue: types.StringValue(tt.input),
+			}, &r)
+
+			if !tt.isValid && !r.Diagnostics.HasError() {
+				t.Fatalf("Should have failed")
+			}
+			if tt.isValid && r.Diagnostics.HasError() {
+				t.Fatalf("Should not have failed: %v", r.Diagnostics.Errors())
+			}
+		})
+	}
+}
+
 func TestIP(t *testing.T) {
 	tests := []struct {
 		description string