func ValidateUserNameField(value string, field string) fielderrors.ValidationErrorList {
if len(value) == 0 {
return fielderrors.ValidationErrorList{fielderrors.NewFieldRequired(field)}
} else if ok, msg := uservalidation.ValidateUserName(value, false); !ok {
return fielderrors.ValidationErrorList{fielderrors.NewFieldInvalid(field, value, msg)}
}
return fielderrors.ValidationErrorList{}
}
// Get retrieves the item from etcd.
func (r *REST) Get(ctx kapi.Context, name string) (runtime.Object, error) {
// "~" means the currently authenticated user
if name == "~" {
user, ok := kapi.UserFrom(ctx)
if !ok || user.GetName() == "" {
return nil, kerrs.NewForbidden("user", "~", errors.New("requests to ~ must be authenticated"))
}
name = user.GetName()
// remove the known virtual groups from the list if they are present
contextGroups := util.NewStringSet(user.GetGroups()...)
contextGroups.Delete(bootstrappolicy.UnauthenticatedGroup, bootstrappolicy.AuthenticatedGroup)
if ok, _ := validation.ValidateUserName(name, false); !ok {
// The user the authentication layer has identified cannot possibly be a persisted user
// Return an API representation of the virtual user
return &api.User{ObjectMeta: kapi.ObjectMeta{Name: name}, Groups: contextGroups.List()}, nil
}
obj, err := r.Etcd.Get(ctx, name)
if err == nil {
return obj, nil
}
if !kerrs.IsNotFound(err) {
return nil, err
}
return &api.User{ObjectMeta: kapi.ObjectMeta{Name: name}, Groups: contextGroups.List()}, nil
}
if ok, details := validation.ValidateUserName(name, false); !ok {
return nil, fielderrors.NewFieldInvalid("metadata.name", name, details)
}
return r.Etcd.Get(ctx, name)
}
