Unify pulp_labels key validation to allow hyphens, spaces, and dots

The three places validating label keys (pulp_labels_validator,
SetLabelSerializer/UnsetLabelSerializer, and LabelFilter) each allowed
different characters, making it possible to create labels that couldn't
be modified or filtered. Unify them all to accept alphanumerics,
underscores, spaces, hyphens, and dots.

closes #6456

Assisted-by: Claude-Opus-4.6 (Cursor)

Author: gerrod3

CHANGES/6456.bugfix

@@ -0,0 +1 @@
+Unified `pulp_labels` key validation across create/update, `set_label`/`unset_label`, and label filters to consistently allow alphanumerics, underscores, spaces, hyphens, and dots.

pulpcore/app/serializers/base.py

@@ -564,16 +564,22 @@ class SetLabelSerializer(serializers.Serializer):
     Serializer for synchronously setting a label.
     """
 
-    key = serializers.SlugField(required=True)
+    key = serializers.CharField(required=True)
     value = serializers.CharField(required=True, allow_null=True, allow_blank=True)
 
+    def validate(self, data):
+        from pulpcore.app.serializers.fields import pulp_labels_validator
+
+        pulp_labels_validator({data["key"]: data["value"]})
+        return super().validate(data)
+
 
 class UnsetLabelSerializer(serializers.Serializer):
     """
     Serializer for synchronously UNsetting a label.
     """
 
-    key = serializers.SlugField(required=True)
+    key = serializers.CharField(required=True)
     value = serializers.CharField(read_only=True)
 
     def validate_key(self, value):

pulpcore/app/serializers/fields.py

@@ -11,6 +11,7 @@
 from rest_framework.fields import empty
 
 from pulpcore.app import models
+from pulpcore.constants import LABEL_KEY_REGEX
 from pulpcore.app.serializers import DetailIdentityField, IdentityField, RelatedField
 from pulpcore.app.util import reverse
 
@@ -427,8 +428,13 @@ def pulp_labels_validator(value):
         value = json.loads(value)
 
     for k, v in value.items():
-        if not re.match(r"^[\w ]+$", k):
-            raise serializers.ValidationError(_("Key '{}' contains non-alphanumerics.").format(k))
+        if not re.match(LABEL_KEY_REGEX, k):
+            raise serializers.ValidationError(
+                _(
+                    "Key '{}' contains invalid characters. Only alphanumerics, underscores,"
+                    " spaces, hyphens, and dots are allowed."
+                ).format(k)
+            )
         if v is not None and re.search(r"[,()]", v):
             raise serializers.ValidationError(
                 _("Key '{}' contains value with comma or parenthesis.").format(k)

pulpcore/app/viewsets/custom_filters.py

@@ -9,6 +9,7 @@
 from gettext import gettext as _
 
 from django.conf import settings
+from pulpcore.constants import LABEL_KEY_CHARS
 from django.db.models import ObjectDoesNotExist
 from django_filters import BaseInFilter, CharFilter, Filter
 from drf_spectacular.types import OpenApiTypes
@@ -313,7 +314,7 @@ def filter(self, qs, value):
             return qs
 
         for term in value.split(","):
-            match = re.match(r"(!?[\w\s]+)(=|!=|~)?(.*)?", term)
+            match = re.match(rf"(!?{LABEL_KEY_CHARS}+)(=|!=|~)?(.*)?", term)
             if not match:
                 raise DRFValidationError(_("Invalid search term: '{}'.").format(term))
             key, op, val = match.groups()

pulpcore/constants.py

@@ -129,6 +129,10 @@
 ORPHAN_PROTECTION_TIME_LOWER_BOUND = 0
 ORPHAN_PROTECTION_TIME_UPPER_BOUND = 4294967295  # (2^32)-1
 
+# Valid characters for pulp_labels keys: alphanumerics, underscores, spaces, hyphens, and dots.
+LABEL_KEY_CHARS = r"[\w .\-]"
+LABEL_KEY_REGEX = rf"^{LABEL_KEY_CHARS}+$"
+
 # VULNERABILITY REPORT CONSTANTS
 # OSV API URL
 OSV_QUERY_URL = "https://api.osv.dev/v1/query"

pulpcore/tests/unit/serializers/test_fields.py

@@ -8,25 +8,32 @@
 @pytest.mark.parametrize(
     "labels",
     [
-        {"key": "value"},
-        {"key": ""},
-        {"key": None},
-        {"key1": "value", "key2": None, "key3": ""},
+        pytest.param({"key": "value"}, id="normal"),
+        pytest.param({"key": ""}, id="empty-value"),
+        pytest.param({"key": None}, id="none-value"),
+        pytest.param({"key1": "value", "key2": None, "key3": ""}, id="multiple-keys"),
+        pytest.param({"my-key": "value"}, id="dash-key"),
+        pytest.param({"my.key": "value"}, id="dotted-key"),
+        pytest.param({"my key": "value"}, id="spaced-key"),
+        pytest.param({"my-dotted.key": "value"}, id="dotted-dash-key"),
+        pytest.param({"spaced key-with.mixed_chars": "value"}, id="all-key"),
     ],
 )
 def test_pulp_labels_validator_valid(labels):
-    """Valid label values including None should pass validation."""
+    """Valid label keys and values should pass validation."""
     result = pulp_labels_validator(labels)
     assert result == labels
 
 
 @pytest.mark.parametrize(
     "labels",
     [
-        {"key": "val,ue"},
-        {"key": "val(ue"},
-        {"key": "val)ue"},
-        {"bad!key": "value"},
+        pytest.param({"key": "val,ue"}, id="comma-value"),
+        pytest.param({"key": "val(ue"}, id="open-parenthesis-value"),
+        pytest.param({"key": "val)ue"}, id="close-parenthesis-value"),
+        pytest.param({"bad!key": "value"}, id="exclamation-key"),
+        pytest.param({"bad:key": "value"}, id="colon-key"),
+        pytest.param({"bad@key": "value"}, id="at-sign-key"),
     ],
 )
 def test_pulp_labels_validator_invalid(labels):