fix(server): correct Kubernetes label key length validation

[zerone0x]

Summary

The _is_valid_label_key function in server/src/services/validators.py incorrectly rejected valid Kubernetes label keys when the total key length (prefix + / + name) exceeded 253 characters — even if the prefix alone was within the allowed 253-character limit.

Root Cause

The old guard condition:

if len(key) > 253 or "/" in key and len(key.split("/", 1)[0]) > 253:

was evaluated (due to Python operator precedence) as:

if (len(key) > 253) or ("/" in key and len(prefix) > 253):

The first clause len(key) > 253 applied to all keys, including prefixed ones. Because of this, a key whose prefix was valid (≤ 253 chars) but whose combined length exceeded 253 would be incorrectly rejected.

Fix

Per the Kubernetes label key specification:

• The prefix (DNS subdomain) may be at most 253 characters.
• The name segment may be at most 63 characters.
• The total combined key length has no specified upper bound (theoretical max: 253 + 1 + 63 = 317 chars).

The fix removes the total-length check and uses an explicit len(prefix) > 253 check instead.

Testing

All existing tests continue to pass. New regression tests are added for:

• A valid key with a 251-char prefix and total length > 253 (previously rejected — now correctly accepted).
• A prefix that exceeds 253 chars (correctly rejected).
• Other invalid key/value forms: invalid prefix format, name > 63 chars, value > 63 chars, non-string key, empty prefix.

uv run pytest tests/test_validators.py -v
# 54 passed

Checklist

• Bug fix (no breaking changes)
• Added regression tests
• All existing tests pass

[chatgpt-codex-connector]

Codex usage limits have been reached for code reviews. Please check with the admins of this repo to increase the limits by adding credits.
Credits must be used to enable repository wide code reviews.

[Copilot]

Pull request overview

Fixes Kubernetes label key validation to correctly allow label keys whose combined prefix/name length exceeds 253 characters, while still enforcing the prefix (DNS subdomain) ≤ 253 and name ≤ 63.

Changes:

• Remove incorrect total-length guard from _is_valid_label_key and validate prefix length explicitly.
• Add regression tests covering long-but-valid prefixed keys and multiple invalid key/value cases.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File	Description
server/src/services/validators.py	Corrects label key validation logic to align with Kubernetes spec (prefix length vs total key length).
server/tests/test_validators.py	Adds regression tests for long prefix/name combinations and invalid metadata label inputs.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Consider adding a direct assertion for the constructed prefix length (e.g., assert len(long_prefix) > 253 or == 314). It makes the intent of the test more self-documenting and guards against accidental edits to the construction logic.

Suggested change

	long_prefix = ".".join([label_part] * 5) # 62*5 + 4 = 314 chars
	long_prefix = ".".join([label_part] * 5) # 62*5 + 4 = 314 chars
	assert len(long_prefix) == 314

[Copilot]

Several new tests repeat the same pytest.raises(HTTPException) + status_code + detail['code'] assertions. Consider consolidating the invalid cases into a single @pytest.mark.parametrize test to reduce duplication and make it easier to extend the matrix of invalid inputs over time.

[CLAassistant]

All committers have signed the CLA.

[Pangjiping]

Thanks for fixes. Please sign CLA and I will review and merge those changes as soon as possible.

[zerone0x]

@Pangjiping already signed!