From a7a03ab0b2d4b3aff39e91887b024dae2a14a94c Mon Sep 17 00:00:00 2001
From: Mikhail Vishnyakov <hornwind89@gmail.com>
Date: Wed, 10 Aug 2022 22:03:07 +0300
Subject: [PATCH] Fix postgresql CRD for more safely validation

This change will allow to immediately discard invalid values when parsing a logicalBackupSchedule string.

Previously used regular expression '^(\d+|\*)(/\d+)?(\s+(\d+|\*)(/\d+)?){4}$' may pass invalid values to cron, like "00 03 * * 7"
Although "00 03 * * 7" may be valid on some systems, but this value will throw an error when applied to kubernetes.
https://en.wikipedia.org/wiki/Cron

FYI: kubernetes uses cron implementation from go module "github.com/robfig/cron/v3"
https://github.com/robfig/cron/blob/v3/spec.go
https://github.com/robfig/cron/blob/v3/parser.go
---
 charts/postgres-operator/crds/postgresqls.yaml | 2 +-
 manifests/postgresql.crd.yaml                  | 2 +-
 pkg/apis/acid.zalan.do/v1/crds.go              | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/charts/postgres-operator/crds/postgresqls.yaml b/charts/postgres-operator/crds/postgresqls.yaml
index d2ad89da6..a2a2a5d00 100644
--- a/charts/postgres-operator/crds/postgresqls.yaml
+++ b/charts/postgres-operator/crds/postgresqls.yaml
@@ -217,7 +217,7 @@ spec:
                   x-kubernetes-preserve-unknown-fields: true
               logicalBackupSchedule:
                 type: string
-                pattern: '^(\d+|\*)(/\d+)?(\s+(\d+|\*)(/\d+)?){4}$'
+                pattern: '^((0?[0-9]|[1-5]?[0-9])|\*)(/(0?[0-9]|[1-5]?[0-9]))?(\s+(2[0-3]|1[0-9]|0?[0-9]|\*)(/(2[0-3]|1[0-9]|0?[0-9]))?)(\s+(3[01]|[12][0-9]|0?[1-9]|\*)(/(3[01]|[12][0-9]|0?[1-9]))?)(\s+(1[0-2]|0?[1-9]|\*)(/(1[0-2]|0?[1-9]))?)(\s+(0?[0-6]|\*)(/0?[0-6])?)$'
               maintenanceWindows:
                 type: array
                 items:
diff --git a/manifests/postgresql.crd.yaml b/manifests/postgresql.crd.yaml
index b113c849f..6d1bbbee1 100644
--- a/manifests/postgresql.crd.yaml
+++ b/manifests/postgresql.crd.yaml
@@ -215,7 +215,7 @@ spec:
                   x-kubernetes-preserve-unknown-fields: true
               logicalBackupSchedule:
                 type: string
-                pattern: '^(\d+|\*)(/\d+)?(\s+(\d+|\*)(/\d+)?){4}$'
+                pattern: '^((0?[0-9]|[1-5]?[0-9])|\*)(/(0?[0-9]|[1-5]?[0-9]))?(\s+(2[0-3]|1[0-9]|0?[0-9]|\*)(/(2[0-3]|1[0-9]|0?[0-9]))?)(\s+(3[01]|[12][0-9]|0?[1-9]|\*)(/(3[01]|[12][0-9]|0?[1-9]))?)(\s+(1[0-2]|0?[1-9]|\*)(/(1[0-2]|0?[1-9]))?)(\s+(0?[0-6]|\*)(/0?[0-6])?)$'
               maintenanceWindows:
                 type: array
                 items:
diff --git a/pkg/apis/acid.zalan.do/v1/crds.go b/pkg/apis/acid.zalan.do/v1/crds.go
index db11771e4..7afc822ea 100644
--- a/pkg/apis/acid.zalan.do/v1/crds.go
+++ b/pkg/apis/acid.zalan.do/v1/crds.go
@@ -344,7 +344,7 @@ var PostgresCRDResourceValidation = apiextv1.CustomResourceValidation{
 					},
 					"logicalBackupSchedule": {
 						Type:    "string",
-						Pattern: "^(\\d+|\\*)(/\\d+)?(\\s+(\\d+|\\*)(/\\d+)?){4}$",
+						Pattern: "^((0?[0-9]|[1-5]?[0-9])|\\*)(/(0?[0-9]|[1-5]?[0-9]))?(\\s+(2[0-3]|1[0-9]|0?[0-9]|\\*)(/(2[0-3]|1[0-9]|0?[0-9]))?)(\\s+(3[01]|[12][0-9]|0?[1-9]|\\*)(/(3[01]|[12][0-9]|0?[1-9]))?)(\\s+(1[0-2]|0?[1-9]|\\*)(/(1[0-2]|0?[1-9]))?)(\\s+(0?[0-6]|\\*)(/0?[0-6])?)$",
 					},
 					"maintenanceWindows": {
 						Type: "array",