From 652d77c103702376a5a31c520f69d32fd860852c Mon Sep 17 00:00:00 2001
From: Ritesh H Shukla <ritesh@minio.io>
Date: Mon, 28 Sep 2020 23:24:30 -0700
Subject: [PATCH] Check for DNS complaince for bucker names

---
 pkg/controller/cluster/main-controller.go | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/pkg/controller/cluster/main-controller.go b/pkg/controller/cluster/main-controller.go
index 671cf557f39..2df0decc2a2 100644
--- a/pkg/controller/cluster/main-controller.go
+++ b/pkg/controller/cluster/main-controller.go
@@ -398,7 +398,11 @@ func (c *Controller) BucketSrvHandler(w http.ResponseWriter, r *http.Request) {
 		http.Error(w, err.Error(), http.StatusForbidden)
 		return
 	}
-
+	ok, error := validateBucketName(bucket)
+	if !ok {
+		http.Error(w, error.Error(), http.StatusBadRequest)
+		return
+	}
 	// Create the service for the bucket name
 	service := services.ServiceForBucket(tenant, bucket)
 	_, err = c.kubeClientSet.CoreV1().Services(namespace).Create(r.Context(), service, metav1.CreateOptions{})
@@ -415,6 +419,14 @@ func (c *Controller) BucketSrvHandler(w http.ResponseWriter, r *http.Request) {
 	}
 }
 
+func validateBucketName(bucket string) (bool, error) {
+	// Additional check on top of existing checks done by minio due to limitation of service creation in k8s
+	if strings.Contains(bucket, ".") {
+		return false, fmt.Errorf("invalid bucket name: . in bucket name: %s", bucket)
+	}
+	return true, nil
+}
+
 // GetenvHandler - GET /webhook/v1/getenv/{namespace}/{name}?key={env}
 func (c *Controller) GetenvHandler(w http.ResponseWriter, r *http.Request) {
 	vars := mux.Vars(r)