Ejemplo n.º 1
0
func ValidateTokenName(name string, prefix bool) (bool, string) {
	if ok, reason := oapi.MinimalNameRequirements(name, prefix); !ok {
		return ok, reason
	}

	if len(name) < MinTokenLength {
		return false, fmt.Sprintf("must be at least %d characters long", MinTokenLength)
	}
	return true, ""
}
Ejemplo n.º 2
0
func ValidateIdentityProviderName(name string) (bool, string) {
	if ok, reason := oapi.MinimalNameRequirements(name, false); !ok {
		return ok, reason
	}

	if strings.Contains(name, ":") {
		return false, `may not contain ":"`
	}
	return true, ""
}
Ejemplo n.º 3
0
func ValidatePolicyName(name string, prefix bool) (bool, string) {
	if ok, reason := oapi.MinimalNameRequirements(name, prefix); !ok {
		return ok, reason
	}

	if name != authorizationapi.PolicyName {
		return false, "name must be " + authorizationapi.PolicyName
	}

	return true, ""
}
Ejemplo n.º 4
0
func ValidateImageStreamName(name string, prefix bool) (bool, string) {
	if ok, reason := oapi.MinimalNameRequirements(name, prefix); !ok {
		return ok, reason
	}

	if len(name) < v2.RepositoryNameComponentMinLength {
		return false, fmt.Sprintf("must be at least %d characters long", v2.RepositoryNameComponentMinLength)
	}
	if !v2.RepositoryNameComponentAnchoredRegexp.MatchString(name) {
		return false, fmt.Sprintf("must match %q", v2.RepositoryNameComponentRegexp.String())
	}
	return true, ""
}
Ejemplo n.º 5
0
func ValidateGroupName(name string, _ bool) (bool, string) {
	if ok, reason := oapi.MinimalNameRequirements(name, false); !ok {
		return ok, reason
	}

	if strings.Contains(name, ":") {
		return false, `may not contain ":"`
	}
	if name == "~" {
		return false, `may not equal "~"`
	}
	return true, ""
}
Ejemplo n.º 6
0
func PolicyBindingNameValidator(policyRefNamespace string) validation.ValidateNameFunc {
	return func(name string, prefix bool) (bool, string) {
		if ok, reason := oapi.MinimalNameRequirements(name, prefix); !ok {
			return ok, reason
		}

		if name != authorizationapi.GetPolicyBindingName(policyRefNamespace) {
			return false, "name must be " + authorizationapi.GetPolicyBindingName(policyRefNamespace)
		}

		return true, ""
	}
}
Ejemplo n.º 7
0
func ValidateProjectName(name string, prefix bool) (bool, string) {
	if ok, reason := oapi.MinimalNameRequirements(name, prefix); !ok {
		return ok, reason
	}

	if len(name) < 2 {
		return false, "must be at least 2 characters long"
	}

	if ok, msg := validation.ValidateNamespaceName(name, false); !ok {
		return ok, msg
	}

	return true, ""
}
Ejemplo n.º 8
0
func ValidateIdentityName(name string, _ bool) (bool, string) {
	if ok, reason := oapi.MinimalNameRequirements(name, false); !ok {
		return ok, reason
	}

	parts := strings.Split(name, ":")
	if len(parts) != 2 {
		return false, `must be in the format <providerName>:<providerUserName>`
	}
	if len(parts[0]) == 0 {
		return false, `must be in the format <providerName>:<providerUserName> with a non-empty providerName`
	}
	if len(parts[1]) == 0 {
		return false, `must be in the format <providerName>:<providerUserName> with a non-empty providerUserName`
	}
	return true, ""
}
Ejemplo n.º 9
0
func ValidateClientAuthorizationName(name string, prefix bool) (bool, string) {
	if ok, reason := oapi.MinimalNameRequirements(name, prefix); !ok {
		return ok, reason
	}

	parts := strings.Split(name, ":")
	if len(parts) != 2 {
		return false, "must be in the format <userName>:<clientName>"
	}

	userName := parts[0]
	clientName := parts[1]
	if len(userName) == 0 || len(clientName) == 0 {
		return false, "must be in the format <userName>:<clientName>"
	}

	return true, ""
}
Ejemplo n.º 10
0
func ValidateRoleBinding(roleBinding *authorizationapi.RoleBinding, isNamespaced bool) fielderrors.ValidationErrorList {
	allErrs := fielderrors.ValidationErrorList{}
	allErrs = append(allErrs, validation.ValidateObjectMeta(&roleBinding.ObjectMeta, isNamespaced, oapi.MinimalNameRequirements).Prefix("metadata")...)

	// roleRef namespace is empty when referring to global policy.
	if (len(roleBinding.RoleRef.Namespace) > 0) && !util.IsDNS1123Subdomain(roleBinding.RoleRef.Namespace) {
		allErrs = append(allErrs, fielderrors.NewFieldInvalid("roleRef.namespace", roleBinding.RoleRef.Namespace, "roleRef.namespace must be a valid subdomain"))
	}

	if len(roleBinding.RoleRef.Name) == 0 {
		allErrs = append(allErrs, fielderrors.NewFieldRequired("roleRef.name"))
	} else {
		if valid, err := oapi.MinimalNameRequirements(roleBinding.RoleRef.Name, false); !valid {
			allErrs = append(allErrs, fielderrors.NewFieldInvalid("roleRef.name", roleBinding.RoleRef.Name, err))
		}
	}

	return allErrs
}