Update FQDN validation (aerleon#300)

aerleon/lib/fqdn.py

@@ -8,7 +8,7 @@ class FQDN:
 
  # https://regexr.com/3g5j0
  fqdn_re = re.compile(
- r'^(?!:\/\/)(?=.{1,255}$)((.{1,63}\.){1,127}(?![0-9]*$)[a-z0-9-]+\.?)$', re.IGNORECASE
+ r'^(?!.*:\/\/)(?=.{1,255}$)((.{1,63}\.){1,127}(?![0-9]*$)[a-z0-9-]+\.?)$', re.IGNORECASE
  )
  fqdn: str
  text: str

aerleon/lib/naming.py

@@ -891,7 +891,7 @@ def _ParseYamlNetworks(self, file_data: Dict[str, Any], file_name: str) -> None:
  # 1. A string, understood as a network name reference
  # 2. A dictionary, with these fields:
  # 'address': A specific IP address or CIDR range
- # 'hostname': A FQDN for use in DNS filtering.
+ # 'fqdn': A FQDN for use in DNS filtering.
  # 'name': A network name reference
  # 'comment': An optional comment
  # 'address' or 'name' must be present in any dictionary item

schemas/aerleon-definitions.schema.json

@@ -34,6 +34,11 @@
  "description": "Specifies an IP address or CIDR IP address range expression.",
  "type": "string"
  },
+ "fqdn": {
+ "description": "Specifies a fully qualified domain name with two or more labels.",
+ "type": "string",
+ "pattern": "^(?!.*:https://)(?=.{1,255}$)((.{1,63}\\.){1,127}(?![0-9]*$)[a-z0-9-]+\\.?)$"
+ },
  "port": {
  "description": "Specifies a port or port range.",
  "oneOf": [
@@ -77,6 +82,15 @@
  },
  "additionalProperties": false
  },
+ {
+ "type": "object",
+ "required": ["fqdn"],
+ "properties": {
+ "fqdn": { "$ref": "#/$defs/fqdn" },
+ "comment": { "$ref": "#/$defs/comment" }
+ },
+ "additionalProperties": false
+ },
  {
  "type": "object",
  "title": "Network Reference",

tests/lib/fqdn_test.py

@@ -38,6 +38,7 @@ class FQDNTest(parameterized.TestCase):
  '',
  True,
  ),
+ ('URL scheme must not be included', 'https://foo.bar', '', '', True),
  )
  def testFQDNCreation(self, possible_fqdn: str, token: str, comment: str, error: Exception):