func ValidateTokenName(name string, prefix bool) (bool, string) {
if ok, reason := oapi.MinimalNameRequirements(name, prefix); !ok {
return ok, reason
}
if len(name) < MinTokenLength {
return false, fmt.Sprintf("must be at least %d characters long", MinTokenLength)
}
return true, ""
}
func ValidateIdentityProviderName(name string) (bool, string) {
if ok, reason := oapi.MinimalNameRequirements(name, false); !ok {
return ok, reason
}
if strings.Contains(name, ":") {
return false, `may not contain ":"`
}
return true, ""
}
func ValidatePolicyName(name string, prefix bool) (bool, string) {
if ok, reason := oapi.MinimalNameRequirements(name, prefix); !ok {
return ok, reason
}
if name != authorizationapi.PolicyName {
return false, "name must be " + authorizationapi.PolicyName
}
return true, ""
}
func ValidateImageStreamName(name string, prefix bool) (bool, string) {
if ok, reason := oapi.MinimalNameRequirements(name, prefix); !ok {
return ok, reason
}
if len(name) < v2.RepositoryNameComponentMinLength {
return false, fmt.Sprintf("must be at least %d characters long", v2.RepositoryNameComponentMinLength)
}
if !v2.RepositoryNameComponentAnchoredRegexp.MatchString(name) {
return false, fmt.Sprintf("must match %q", v2.RepositoryNameComponentRegexp.String())
}
return true, ""
}
func ValidateGroupName(name string, _ bool) (bool, string) {
if ok, reason := oapi.MinimalNameRequirements(name, false); !ok {
return ok, reason
}
if strings.Contains(name, ":") {
return false, `may not contain ":"`
}
if name == "~" {
return false, `may not equal "~"`
}
return true, ""
}
func PolicyBindingNameValidator(policyRefNamespace string) validation.ValidateNameFunc {
return func(name string, prefix bool) (bool, string) {
if ok, reason := oapi.MinimalNameRequirements(name, prefix); !ok {
return ok, reason
}
if name != authorizationapi.GetPolicyBindingName(policyRefNamespace) {
return false, "name must be " + authorizationapi.GetPolicyBindingName(policyRefNamespace)
}
return true, ""
}
}
func ValidateProjectName(name string, prefix bool) (bool, string) {
if ok, reason := oapi.MinimalNameRequirements(name, prefix); !ok {
return ok, reason
}
if len(name) < 2 {
return false, "must be at least 2 characters long"
}
if ok, msg := validation.ValidateNamespaceName(name, false); !ok {
return ok, msg
}
return true, ""
}
func ValidateIdentityName(name string, _ bool) (bool, string) {
if ok, reason := oapi.MinimalNameRequirements(name, false); !ok {
return ok, reason
}
parts := strings.Split(name, ":")
if len(parts) != 2 {
return false, `must be in the format <providerName>:<providerUserName>`
}
if len(parts[0]) == 0 {
return false, `must be in the format <providerName>:<providerUserName> with a non-empty providerName`
}
if len(parts[1]) == 0 {
return false, `must be in the format <providerName>:<providerUserName> with a non-empty providerUserName`
}
return true, ""
}
func ValidateClientAuthorizationName(name string, prefix bool) (bool, string) {
if ok, reason := oapi.MinimalNameRequirements(name, prefix); !ok {
return ok, reason
}
parts := strings.Split(name, ":")
if len(parts) != 2 {
return false, "must be in the format <userName>:<clientName>"
}
userName := parts[0]
clientName := parts[1]
if len(userName) == 0 || len(clientName) == 0 {
return false, "must be in the format <userName>:<clientName>"
}
return true, ""
}
func ValidateRoleBinding(roleBinding *authorizationapi.RoleBinding, isNamespaced bool) fielderrors.ValidationErrorList {
allErrs := fielderrors.ValidationErrorList{}
allErrs = append(allErrs, validation.ValidateObjectMeta(&roleBinding.ObjectMeta, isNamespaced, oapi.MinimalNameRequirements).Prefix("metadata")...)
// roleRef namespace is empty when referring to global policy.
if (len(roleBinding.RoleRef.Namespace) > 0) && !util.IsDNS1123Subdomain(roleBinding.RoleRef.Namespace) {
allErrs = append(allErrs, fielderrors.NewFieldInvalid("roleRef.namespace", roleBinding.RoleRef.Namespace, "roleRef.namespace must be a valid subdomain"))
}
if len(roleBinding.RoleRef.Name) == 0 {
allErrs = append(allErrs, fielderrors.NewFieldRequired("roleRef.name"))
} else {
if valid, err := oapi.MinimalNameRequirements(roleBinding.RoleRef.Name, false); !valid {
allErrs = append(allErrs, fielderrors.NewFieldInvalid("roleRef.name", roleBinding.RoleRef.Name, err))
}
}
return allErrs
}
