// ValidateReplicationControllerSpec tests if required fields in the replication controller spec are set. func ValidateReplicationControllerSpec(spec *api.ReplicationControllerSpec) errs.ValidationErrorList { allErrs := errs.ValidationErrorList{} selector := labels.Set(spec.Selector).AsSelector() if selector.Empty() { allErrs = append(allErrs, errs.NewFieldRequired("selector", spec.Selector)) } if spec.Replicas < 0 { allErrs = append(allErrs, errs.NewFieldInvalid("replicas", spec.Replicas, "")) } if spec.Template == nil { allErrs = append(allErrs, errs.NewFieldRequired("template", spec.Template)) } else { labels := labels.Set(spec.Template.Labels) if !selector.Matches(labels) { allErrs = append(allErrs, errs.NewFieldInvalid("template.labels", spec.Template.Labels, "selector does not match template")) } allErrs = append(allErrs, ValidatePodTemplateSpec(spec.Template).Prefix("template")...) // RestartPolicy has already been first-order validated as per ValidatePodTemplateSpec(). if spec.Template.Spec.RestartPolicy.Always == nil { // TODO: should probably be Unsupported // TODO: api.RestartPolicy should have a String() method for nicer printing allErrs = append(allErrs, errs.NewFieldInvalid("template.restartPolicy", spec.Template.Spec.RestartPolicy, "must be Always")) } } return allErrs }
func validateContainers(containers []api.Container, volumes util.StringSet) errs.ErrorList { allErrs := errs.ErrorList{} allNames := util.StringSet{} for i := range containers { cErrs := errs.ErrorList{} ctr := &containers[i] // so we can set default values if len(ctr.Name) == 0 { cErrs = append(cErrs, errs.NewFieldRequired("name", ctr.Name)) } else if !util.IsDNSLabel(ctr.Name) { cErrs = append(cErrs, errs.NewFieldInvalid("name", ctr.Name)) } else if allNames.Has(ctr.Name) { cErrs = append(cErrs, errs.NewFieldDuplicate("name", ctr.Name)) } else { allNames.Insert(ctr.Name) } if len(ctr.Image) == 0 { cErrs = append(cErrs, errs.NewFieldRequired("image", ctr.Image)) } cErrs = append(cErrs, validatePorts(ctr.Ports).Prefix("ports")...) cErrs = append(cErrs, validateEnv(ctr.Env).Prefix("env")...) cErrs = append(cErrs, validateVolumeMounts(ctr.VolumeMounts, volumes).Prefix("volumeMounts")...) allErrs = append(allErrs, cErrs.PrefixIndex(i)...) } // Check for colliding ports across all containers. // TODO(thockin): This really is dependent on the network config of the host (IP per pod?) // and the config of the new manifest. But we have not specced that out yet, so we'll just // make some assumptions for now. As of now, pods share a network namespace, which means that // every Port.HostPort across the whole pod must be unique. allErrs = append(allErrs, checkHostPortConflicts(containers)...) return allErrs }
// ValidateReplicationControllerSpec tests if required fields in the replication controller spec are set. func ValidateReplicationControllerSpec(spec *api.ReplicationControllerSpec) errs.ValidationErrorList { allErrs := errs.ValidationErrorList{} selector := labels.Set(spec.Selector).AsSelector() if selector.Empty() { allErrs = append(allErrs, errs.NewFieldRequired("selector")) } if spec.Replicas < 0 { allErrs = append(allErrs, errs.NewFieldInvalid("replicas", spec.Replicas, isNegativeErrorMsg)) } if spec.Template == nil { allErrs = append(allErrs, errs.NewFieldRequired("template")) } else { labels := labels.Set(spec.Template.Labels) if !selector.Matches(labels) { allErrs = append(allErrs, errs.NewFieldInvalid("template.labels", spec.Template.Labels, "selector does not match template")) } allErrs = append(allErrs, ValidatePodTemplateSpec(spec.Template, spec.Replicas).Prefix("template")...) // RestartPolicy has already been first-order validated as per ValidatePodTemplateSpec(). if spec.Template.Spec.RestartPolicy != api.RestartPolicyAlways { allErrs = append(allErrs, errs.NewFieldNotSupported("template.restartPolicy", spec.Template.Spec.RestartPolicy)) } } return allErrs }
// ValidateObjectMeta validates an object's metadata on creation. It expects that name generation has already // been performed. func ValidateObjectMeta(meta *api.ObjectMeta, requiresNamespace bool, nameFn ValidateNameFunc) errs.ValidationErrorList { allErrs := errs.ValidationErrorList{} if len(meta.GenerateName) != 0 { if ok, qualifier := nameFn(meta.GenerateName, true); !ok { allErrs = append(allErrs, errs.NewFieldInvalid("generateName", meta.GenerateName, qualifier)) } } // if the generated name validates, but the calculated value does not, it's a problem with generation, and we // report it here. This may confuse users, but indicates a programming bug and still must be validated. if len(meta.Name) == 0 { allErrs = append(allErrs, errs.NewFieldRequired("name", meta.Name)) } else { if ok, qualifier := nameFn(meta.Name, false); !ok { allErrs = append(allErrs, errs.NewFieldInvalid("name", meta.Name, qualifier)) } } if requiresNamespace { if len(meta.Namespace) == 0 { allErrs = append(allErrs, errs.NewFieldRequired("namespace", meta.Namespace)) } else if !util.IsDNSSubdomain(meta.Namespace) { allErrs = append(allErrs, errs.NewFieldInvalid("namespace", meta.Namespace, dnsSubdomainErrorMsg)) } } else { if len(meta.Namespace) != 0 { allErrs = append(allErrs, errs.NewFieldInvalid("namespace", meta.Namespace, "namespace is not allowed on this type")) } } allErrs = append(allErrs, ValidateLabels(meta.Labels, "labels")...) allErrs = append(allErrs, ValidateAnnotations(meta.Annotations, "annotations")...) return allErrs }
// ValidateService tests if required fields in the service are set. func ValidateService(service *api.Service) errs.ValidationErrorList { allErrs := errs.ValidationErrorList{} allErrs = append(allErrs, ValidateObjectMeta(&service.ObjectMeta, true, ValidateServiceName).Prefix("metadata")...) if !util.IsValidPortNum(service.Spec.Port) { allErrs = append(allErrs, errs.NewFieldInvalid("spec.port", service.Spec.Port, portRangeErrorMsg)) } if len(service.Spec.Protocol) == 0 { allErrs = append(allErrs, errs.NewFieldRequired("spec.protocol", service.Spec.Protocol)) } else if !supportedPortProtocols.Has(strings.ToUpper(string(service.Spec.Protocol))) { allErrs = append(allErrs, errs.NewFieldNotSupported("spec.protocol", service.Spec.Protocol)) } if service.Spec.Selector != nil { allErrs = append(allErrs, ValidateLabels(service.Spec.Selector, "spec.selector")...) } if service.Spec.SessionAffinity == "" { allErrs = append(allErrs, errs.NewFieldRequired("spec.sessionAffinity", service.Spec.SessionAffinity)) } else if !supportedSessionAffinityType.Has(string(service.Spec.SessionAffinity)) { allErrs = append(allErrs, errs.NewFieldNotSupported("spec.sessionAffinity", service.Spec.SessionAffinity)) } return allErrs }
func validateHTTPGetAction(http *api.HTTPGetAction) errs.ValidationErrorList { allErrors := errs.ValidationErrorList{} if len(http.Path) == 0 { allErrors = append(allErrors, errs.NewFieldRequired("path")) } if http.Port.Kind == util.IntstrInt && !util.IsValidPortNum(http.Port.IntVal) { allErrors = append(allErrors, errs.NewFieldInvalid("port", http.Port, portRangeErrorMsg)) } else if http.Port.Kind == util.IntstrString && len(http.Port.StrVal) == 0 { allErrors = append(allErrors, errs.NewFieldRequired("port")) } return allErrors }
func validateSecretVolumeSource(secretSource *api.SecretVolumeSource) errs.ValidationErrorList { allErrs := errs.ValidationErrorList{} if secretSource.Target.Name == "" { allErrs = append(allErrs, errs.NewFieldRequired("target.name", "")) } if secretSource.Target.Namespace == "" { allErrs = append(allErrs, errs.NewFieldRequired("target.namespace", "")) } if secretSource.Target.Kind != "Secret" { allErrs = append(allErrs, errs.NewFieldInvalid("target.kind", secretSource.Target.Kind, "Secret")) } return allErrs }
func validateGCEPersistentDiskVolumeSource(PD *api.GCEPersistentDiskVolumeSource) errs.ValidationErrorList { allErrs := errs.ValidationErrorList{} if PD.PDName == "" { allErrs = append(allErrs, errs.NewFieldRequired("pdName", PD.PDName)) } if PD.FSType == "" { allErrs = append(allErrs, errs.NewFieldRequired("fsType", PD.FSType)) } if PD.Partition < 0 || PD.Partition > 255 { allErrs = append(allErrs, errs.NewFieldInvalid("partition", PD.Partition, pdPartitionErrorMsg)) } return allErrs }
func validateGCEPersistentDisk(PD *api.GCEPersistentDisk) errs.ValidationErrorList { allErrs := errs.ValidationErrorList{} if PD.PDName == "" { allErrs = append(allErrs, errs.NewFieldRequired("PD.PDName", PD.PDName)) } if PD.FSType == "" { allErrs = append(allErrs, errs.NewFieldRequired("PD.FSType", PD.FSType)) } if PD.Partition < 0 || PD.Partition > 255 { allErrs = append(allErrs, errs.NewFieldInvalid("PD.Partition", PD.Partition, "")) } return allErrs }
func validateNFS(nfs *api.NFSVolumeSource) errs.ValidationErrorList { allErrs := errs.ValidationErrorList{} if nfs.Server == "" { allErrs = append(allErrs, errs.NewFieldRequired("server")) } if nfs.Path == "" { allErrs = append(allErrs, errs.NewFieldRequired("path")) } if !path.IsAbs(nfs.Path) { allErrs = append(allErrs, errs.NewFieldInvalid("path", nfs.Path, "must be an absolute path")) } return allErrs }
// ValidateImage tests required fields for an Image. func ValidateImage(image *api.Image) errors.ErrorList { result := errors.ErrorList{} if len(image.ID) == 0 { result = append(result, errors.NewFieldRequired("ID", image.ID)) } if len(image.DockerImageReference) == 0 { result = append(result, errors.NewFieldRequired("DockerImageReference", image.DockerImageReference)) } return result }
// ValidateService tests if required fields in the service are set. func ValidateService(service *api.Service) errs.ErrorList { allErrs := errs.ErrorList{} if len(service.ID) == 0 { allErrs = append(allErrs, errs.NewFieldRequired("id", service.ID)) } else if !util.IsDNS952Label(service.ID) { allErrs = append(allErrs, errs.NewFieldInvalid("id", service.ID)) } if !util.IsValidPortNum(service.Port) { allErrs = append(allErrs, errs.NewFieldInvalid("Service.Port", service.Port)) } if labels.Set(service.Selector).AsSelector().Empty() { allErrs = append(allErrs, errs.NewFieldRequired("selector", service.Selector)) } return allErrs }
// ValidateBoundPod tests if required fields on a bound pod are set. func ValidateBoundPod(pod *api.BoundPod) errs.ValidationErrorList { allErrs := errs.ValidationErrorList{} if len(pod.Name) == 0 { allErrs = append(allErrs, errs.NewFieldRequired("name", pod.Name)) } else if !util.IsDNSSubdomain(pod.Name) { allErrs = append(allErrs, errs.NewFieldInvalid("name", pod.Name, "")) } if len(pod.Namespace) == 0 { allErrs = append(allErrs, errs.NewFieldRequired("namespace", pod.Namespace)) } else if !util.IsDNSSubdomain(pod.Namespace) { allErrs = append(allErrs, errs.NewFieldInvalid("namespace", pod.Namespace, "")) } allErrs = append(allErrs, ValidatePodSpec(&pod.Spec).Prefix("spec")...) return allErrs }
func validatePorts(ports []api.Port) errs.ValidationErrorList { allErrs := errs.ValidationErrorList{} allNames := util.StringSet{} for i, port := range ports { pErrs := errs.ValidationErrorList{} if len(port.Name) > 0 { if len(port.Name) > util.DNS1123LabelMaxLength || !util.IsDNSLabel(port.Name) { pErrs = append(pErrs, errs.NewFieldInvalid("name", port.Name, dnsLabelErrorMsg)) } else if allNames.Has(port.Name) { pErrs = append(pErrs, errs.NewFieldDuplicate("name", port.Name)) } else { allNames.Insert(port.Name) } } if port.ContainerPort == 0 { pErrs = append(pErrs, errs.NewFieldInvalid("containerPort", port.ContainerPort, portRangeErrorMsg)) } else if !util.IsValidPortNum(port.ContainerPort) { pErrs = append(pErrs, errs.NewFieldInvalid("containerPort", port.ContainerPort, portRangeErrorMsg)) } if port.HostPort != 0 && !util.IsValidPortNum(port.HostPort) { pErrs = append(pErrs, errs.NewFieldInvalid("hostPort", port.HostPort, portRangeErrorMsg)) } if len(port.Protocol) == 0 { pErrs = append(pErrs, errs.NewFieldRequired("protocol", port.Protocol)) } else if !supportedPortProtocols.Has(strings.ToUpper(string(port.Protocol))) { pErrs = append(pErrs, errs.NewFieldNotSupported("protocol", port.Protocol)) } allErrs = append(allErrs, pErrs.PrefixIndex(i)...) } return allErrs }
func validateGitRepoVolumeSource(gitRepo *api.GitRepoVolumeSource) errs.ValidationErrorList { allErrs := errs.ValidationErrorList{} if gitRepo.Repository == "" { allErrs = append(allErrs, errs.NewFieldRequired("repository")) } return allErrs }
func validateVolumes(volumes []api.Volume) (util.StringSet, errs.ValidationErrorList) { allErrs := errs.ValidationErrorList{} allNames := util.StringSet{} for i := range volumes { vol := &volumes[i] // so we can set default values el := errs.ValidationErrorList{} if vol.Source == nil { // TODO: Enforce that a source is set once we deprecate the implied form. vol.Source = &api.VolumeSource{ EmptyDir: &api.EmptyDir{}, } } el = validateSource(vol.Source).Prefix("source") if len(vol.Name) == 0 { el = append(el, errs.NewFieldRequired("name", vol.Name)) } else if !util.IsDNSLabel(vol.Name) { el = append(el, errs.NewFieldInvalid("name", vol.Name, "")) } else if allNames.Has(vol.Name) { el = append(el, errs.NewFieldDuplicate("name", vol.Name)) } if len(el) == 0 { allNames.Insert(vol.Name) } else { allErrs = append(allErrs, el.PrefixIndex(i)...) } } return allNames, allErrs }
func validateHTTPGetAction(http *api.HTTPGetAction) errs.ValidationErrorList { allErrors := errs.ValidationErrorList{} if len(http.Path) == 0 { allErrors = append(allErrors, errs.NewFieldRequired("path", http.Path)) } return allErrors }
func validateGitRepo(gitRepo *api.GitRepo) errs.ValidationErrorList { allErrs := errs.ValidationErrorList{} if gitRepo.Repository == "" { allErrs = append(allErrs, errs.NewFieldRequired("gitRepo.Repository", gitRepo.Repository)) } return allErrs }
func validatePorts(ports []api.Port) errs.ValidationErrorList { allErrs := errs.ValidationErrorList{} allNames := util.StringSet{} for i := range ports { pErrs := errs.ValidationErrorList{} port := &ports[i] // so we can set default values if len(port.Name) > 0 { if len(port.Name) > 63 || !util.IsDNSLabel(port.Name) { pErrs = append(pErrs, errs.NewFieldInvalid("name", port.Name, "")) } else if allNames.Has(port.Name) { pErrs = append(pErrs, errs.NewFieldDuplicate("name", port.Name)) } else { allNames.Insert(port.Name) } } if port.ContainerPort == 0 { pErrs = append(pErrs, errs.NewFieldRequired("containerPort", port.ContainerPort)) } else if !util.IsValidPortNum(port.ContainerPort) { pErrs = append(pErrs, errs.NewFieldInvalid("containerPort", port.ContainerPort, "")) } if port.HostPort != 0 && !util.IsValidPortNum(port.HostPort) { pErrs = append(pErrs, errs.NewFieldInvalid("hostPort", port.HostPort, "")) } if len(port.Protocol) == 0 { port.Protocol = "TCP" } else if !supportedPortProtocols.Has(strings.ToUpper(string(port.Protocol))) { pErrs = append(pErrs, errs.NewFieldNotSupported("protocol", port.Protocol)) } allErrs = append(allErrs, pErrs.PrefixIndex(i)...) } return allErrs }
func validateExecAction(exec *api.ExecAction) errs.ValidationErrorList { allErrors := errs.ValidationErrorList{} if len(exec.Command) == 0 { allErrors = append(allErrors, errs.NewFieldRequired("command", exec.Command)) } return allErrors }
func validateHostPath(hostDir *api.HostPath) errs.ValidationErrorList { allErrs := errs.ValidationErrorList{} if hostDir.Path == "" { allErrs = append(allErrs, errs.NewFieldRequired("path", hostDir.Path)) } return allErrs }
func validateContainers(containers []api.Container, volumes util.StringSet) errs.ValidationErrorList { allErrs := errs.ValidationErrorList{} if len(containers) == 0 { return append(allErrs, errs.NewFieldRequired("")) } allNames := util.StringSet{} for i, ctr := range containers { cErrs := errs.ValidationErrorList{} capabilities := capabilities.Get() if len(ctr.Name) == 0 { cErrs = append(cErrs, errs.NewFieldRequired("name")) } else if !util.IsDNS1123Label(ctr.Name) { cErrs = append(cErrs, errs.NewFieldInvalid("name", ctr.Name, dns1123LabelErrorMsg)) } else if allNames.Has(ctr.Name) { cErrs = append(cErrs, errs.NewFieldDuplicate("name", ctr.Name)) } else if ctr.Privileged && !capabilities.AllowPrivileged { cErrs = append(cErrs, errs.NewFieldForbidden("privileged", ctr.Privileged)) } else { allNames.Insert(ctr.Name) } if len(ctr.Image) == 0 { cErrs = append(cErrs, errs.NewFieldRequired("image")) } if ctr.Lifecycle != nil { cErrs = append(cErrs, validateLifecycle(ctr.Lifecycle).Prefix("lifecycle")...) } cErrs = append(cErrs, validateProbe(ctr.LivenessProbe).Prefix("livenessProbe")...) cErrs = append(cErrs, validateProbe(ctr.ReadinessProbe).Prefix("readinessProbe")...) cErrs = append(cErrs, validatePorts(ctr.Ports).Prefix("ports")...) cErrs = append(cErrs, validateEnv(ctr.Env).Prefix("env")...) cErrs = append(cErrs, validateVolumeMounts(ctr.VolumeMounts, volumes).Prefix("volumeMounts")...) cErrs = append(cErrs, validatePullPolicy(&ctr).Prefix("pullPolicy")...) cErrs = append(cErrs, validateResourceRequirements(&ctr).Prefix("resources")...) allErrs = append(allErrs, cErrs.PrefixIndex(i)...) } // Check for colliding ports across all containers. // TODO(thockin): This really is dependent on the network config of the host (IP per pod?) // and the config of the new manifest. But we have not specced that out yet, so we'll just // make some assumptions for now. As of now, pods share a network namespace, which means that // every Port.HostPort across the whole pod must be unique. allErrs = append(allErrs, checkHostPortConflicts(containers)...) return allErrs }
// ValidatePod tests if required fields in the pod are set. func ValidatePod(pod *api.Pod) errs.ErrorList { allErrs := errs.ErrorList{} if len(pod.ID) == 0 { allErrs = append(allErrs, errs.NewFieldRequired("id", pod.ID)) } allErrs = append(allErrs, ValidatePodState(&pod.DesiredState).Prefix("desiredState")...) return allErrs }
func validateVolumeMounts(mounts []api.VolumeMount, volumes util.StringSet) errs.ValidationErrorList { allErrs := errs.ValidationErrorList{} for i, mnt := range mounts { mErrs := errs.ValidationErrorList{} if len(mnt.Name) == 0 { mErrs = append(mErrs, errs.NewFieldRequired("name", mnt.Name)) } else if !volumes.Has(mnt.Name) { mErrs = append(mErrs, errs.NewFieldNotFound("name", mnt.Name)) } if len(mnt.MountPath) == 0 { mErrs = append(mErrs, errs.NewFieldRequired("mountPath", mnt.MountPath)) } allErrs = append(allErrs, mErrs.PrefixIndex(i)...) } return allErrs }
// ValidateBoundPod tests if required fields on a bound pod are set. // TODO: to be removed. func ValidateBoundPod(pod *api.BoundPod) errs.ValidationErrorList { allErrs := errs.ValidationErrorList{} if len(pod.Name) == 0 { allErrs = append(allErrs, errs.NewFieldRequired("name", pod.Name)) } else { if ok, qualifier := nameIsDNSSubdomain(pod.Name, false); !ok { allErrs = append(allErrs, errs.NewFieldInvalid("name", pod.Name, qualifier)) } } if len(pod.Namespace) == 0 { allErrs = append(allErrs, errs.NewFieldRequired("namespace", pod.Namespace)) } else if !util.IsDNSSubdomain(pod.Namespace) { allErrs = append(allErrs, errs.NewFieldInvalid("namespace", pod.Namespace, dnsSubdomainErrorMsg)) } allErrs = append(allErrs, ValidatePodSpec(&pod.Spec).Prefix("spec")...) return allErrs }
// ValidateReplicationController tests if required fields in the replication controller are set. func ValidateReplicationController(controller *api.ReplicationController) errs.ErrorList { allErrs := errs.ErrorList{} if len(controller.ID) == 0 { allErrs = append(allErrs, errs.NewFieldRequired("id", controller.ID)) } allErrs = append(allErrs, ValidateReplicationControllerState(&controller.DesiredState).Prefix("desiredState")...) return allErrs }
// ValidateBuildConfig tests required fields for a Build. func ValidateBuildConfig(config *api.BuildConfig) errs.ErrorList { allErrs := errs.ErrorList{} if len(config.ID) == 0 { allErrs = append(allErrs, errs.NewFieldRequired("id", config.ID)) } allErrs = append(allErrs, validateBuildInput(&config.DesiredInput).Prefix("desiredInput")...) return allErrs }
// ValidateImageRepositoryMapping tests required fields for an ImageRepositoryMapping. func ValidateImageRepositoryMapping(mapping *api.ImageRepositoryMapping) errors.ErrorList { result := errors.ErrorList{} if len(mapping.DockerImageRepository) == 0 { result = append(result, errors.NewFieldRequired("DockerImageRepository", mapping.DockerImageRepository)) } if len(mapping.Tag) == 0 { result = append(result, errors.NewFieldRequired("Tag", mapping.Tag)) } for _, err := range ValidateImage(&mapping.Image).Prefix("image") { result = append(result, err) } return result }
// ValidateBuild tests required fields for a Build. func ValidateBuild(build *api.Build) errs.ErrorList { allErrs := errs.ErrorList{} if len(build.ID) == 0 { allErrs = append(allErrs, errs.NewFieldRequired("id", build.ID)) } allErrs = append(allErrs, validateBuildInput(&build.Input).Prefix("input")...) return allErrs }
func validateTCPSocketAction(tcp *api.TCPSocketAction) errs.ValidationErrorList { allErrors := errs.ValidationErrorList{} if tcp.Port.Kind == util.IntstrInt && !util.IsValidPortNum(tcp.Port.IntVal) { allErrors = append(allErrors, errs.NewFieldInvalid("port", tcp.Port, portRangeErrorMsg)) } else if tcp.Port.Kind == util.IntstrString && len(tcp.Port.StrVal) == 0 { allErrors = append(allErrors, errs.NewFieldRequired("port")) } return allErrors }