// ValidateBuild tests required fields for a Build. func ValidateBuild(build *buildapi.Build) fielderrors.ValidationErrorList { allErrs := fielderrors.ValidationErrorList{} allErrs = append(allErrs, validation.ValidateObjectMeta(&build.ObjectMeta, true, validation.NameIsDNSSubdomain).Prefix("metadata")...) allErrs = append(allErrs, validateBuildSpec(&build.Spec).Prefix("spec")...) return allErrs }
func ValidatePolicyBinding(policyBinding *authorizationapi.PolicyBinding, isNamespaced bool) fielderrors.ValidationErrorList { allErrs := fielderrors.ValidationErrorList{} allErrs = append(allErrs, validation.ValidateObjectMeta(&policyBinding.ObjectMeta, isNamespaced, PolicyBindingNameValidator(policyBinding.PolicyRef.Namespace)).Prefix("metadata")...) if !isNamespaced { if len(policyBinding.PolicyRef.Namespace) > 0 { allErrs = append(allErrs, fielderrors.NewFieldInvalid("policyRef.namespace", policyBinding.PolicyRef.Namespace, "may not reference another namespace")) } } for roleBindingKey, roleBinding := range policyBinding.RoleBindings { if roleBinding == nil { allErrs = append(allErrs, fielderrors.NewFieldRequired("roleBindings."+roleBindingKey)) } if roleBinding.RoleRef.Namespace != policyBinding.PolicyRef.Namespace { allErrs = append(allErrs, fielderrors.NewFieldInvalid("roleBindings."+roleBindingKey+".roleRef.namespace", policyBinding.PolicyRef.Namespace, "must be "+policyBinding.PolicyRef.Namespace)) } if roleBindingKey != roleBinding.Name { allErrs = append(allErrs, fielderrors.NewFieldInvalid("roleBindings."+roleBindingKey+".metadata.name", roleBinding.Name, "must be "+roleBindingKey)) } allErrs = append(allErrs, ValidateRoleBinding(roleBinding, isNamespaced).Prefix("roleBindings."+roleBindingKey)...) } return allErrs }
// ValidateImageStreamMapping tests required fields for an ImageStreamMapping. func ValidateImageStreamMapping(mapping *api.ImageStreamMapping) fielderrors.ValidationErrorList { result := fielderrors.ValidationErrorList{} result = append(result, validation.ValidateObjectMeta(&mapping.ObjectMeta, true, oapi.MinimalNameRequirements).Prefix("metadata")...) hasRepository := len(mapping.DockerImageRepository) != 0 hasName := len(mapping.Name) != 0 switch { case hasRepository: if _, err := api.ParseDockerImageReference(mapping.DockerImageRepository); err != nil { result = append(result, fielderrors.NewFieldInvalid("dockerImageRepository", mapping.DockerImageRepository, err.Error())) } case hasName: default: result = append(result, fielderrors.NewFieldRequired("name")) result = append(result, fielderrors.NewFieldRequired("dockerImageRepository")) } if ok, msg := validation.ValidateNamespaceName(mapping.Namespace, false); !ok { result = append(result, fielderrors.NewFieldInvalid("namespace", mapping.Namespace, msg)) } if len(mapping.Tag) == 0 { result = append(result, fielderrors.NewFieldRequired("tag")) } if errs := ValidateImage(&mapping.Image).Prefix("image"); len(errs) != 0 { result = append(result, errs...) } return result }
func ValidateIdentity(identity *api.Identity) fielderrors.ValidationErrorList { allErrs := fielderrors.ValidationErrorList{} allErrs = append(allErrs, kvalidation.ValidateObjectMeta(&identity.ObjectMeta, false, ValidateIdentityName).Prefix("metadata")...) if len(identity.ProviderName) == 0 { allErrs = append(allErrs, fielderrors.NewFieldRequired("providerName")) } else if ok, msg := ValidateIdentityProviderName(identity.ProviderName); !ok { allErrs = append(allErrs, fielderrors.NewFieldInvalid("providerName", identity.ProviderName, msg)) } if len(identity.ProviderUserName) == 0 { allErrs = append(allErrs, fielderrors.NewFieldRequired("providerUserName")) } else if ok, msg := ValidateIdentityProviderName(identity.ProviderUserName); !ok { allErrs = append(allErrs, fielderrors.NewFieldInvalid("providerUserName", identity.ProviderUserName, msg)) } if len(identity.ProviderName) > 0 && len(identity.ProviderUserName) > 0 { expectedIdentityName := identity.ProviderName + ":" + identity.ProviderUserName if identity.Name != expectedIdentityName { allErrs = append(allErrs, fielderrors.NewFieldInvalid("user.name", identity.User.Name, fmt.Sprintf("must be %s", expectedIdentityName))) } } if ok, msg := ValidateUserName(identity.User.Name, false); !ok { allErrs = append(allErrs, fielderrors.NewFieldInvalid("user.name", identity.User.Name, msg)) } if len(identity.User.Name) == 0 && len(identity.User.UID) != 0 { allErrs = append(allErrs, fielderrors.NewFieldInvalid("user.uid", identity.User.UID, "may not be set if user.name is empty")) } if len(identity.User.Name) != 0 && len(identity.User.UID) == 0 { allErrs = append(allErrs, fielderrors.NewFieldRequired("user.uid")) } return allErrs }
// ValidateBuildConfig tests required fields for a Build. func ValidateBuildConfig(config *buildapi.BuildConfig) fielderrors.ValidationErrorList { allErrs := fielderrors.ValidationErrorList{} allErrs = append(allErrs, validation.ValidateObjectMeta(&config.ObjectMeta, true, validation.NameIsDNSSubdomain).Prefix("metadata")...) // image change triggers that refer fromRefs := map[string]struct{}{} for i, trg := range config.Spec.Triggers { allErrs = append(allErrs, validateTrigger(&trg).PrefixIndex(i).Prefix("triggers")...) if trg.Type != buildapi.ImageChangeBuildTriggerType || trg.ImageChange == nil { continue } from := trg.ImageChange.From if from == nil { from = buildutil.GetImageStreamForStrategy(config.Spec.Strategy) } fromKey := refKey(config.Namespace, from) _, exists := fromRefs[fromKey] if exists { allErrs = append(allErrs, fielderrors.NewFieldInvalid("triggers", config.Spec.Triggers, "multiple ImageChange triggers refer to the same image stream tag")) } fromRefs[fromKey] = struct{}{} } allErrs = append(allErrs, validateBuildSpec(&config.Spec.BuildSpec).Prefix("spec")...) return allErrs }
// ValidateRoute tests if required fields in the route are set. func ValidateRoute(route *routeapi.Route) fielderrors.ValidationErrorList { result := fielderrors.ValidationErrorList{} //ensure meta is set properly result = append(result, kval.ValidateObjectMeta(&route.ObjectMeta, true, oapi.GetNameValidationFunc(kval.ValidatePodName)).Prefix("metadata")...) //host is not required but if it is set ensure it meets DNS requirements if len(route.Host) > 0 { if !util.IsDNS1123Subdomain(route.Host) { result = append(result, fielderrors.NewFieldInvalid("host", route.Host, "host must conform to DNS 952 subdomain conventions")) } } if len(route.Path) > 0 && !strings.HasPrefix(route.Path, "/") { result = append(result, fielderrors.NewFieldInvalid("path", route.Path, "path must begin with /")) } if len(route.ServiceName) == 0 { result = append(result, fielderrors.NewFieldRequired("serviceName")) } if errs := validateTLS(route); len(errs) != 0 { result = append(result, errs.Prefix("tls")...) } return result }
// ValidateBuildRequest validates a BuildRequest object func ValidateBuildRequest(request *buildapi.BuildRequest) fielderrors.ValidationErrorList { allErrs := fielderrors.ValidationErrorList{} allErrs = append(allErrs, validation.ValidateObjectMeta(&request.ObjectMeta, true, oapi.MinimalNameRequirements).Prefix("metadata")...) if request.Revision != nil { allErrs = append(allErrs, validateRevision(request.Revision).Prefix("revision")...) } return allErrs }
// ValidateProject tests required fields for a Project. // This should only be called when creating a project (not on update), // since its name validation is more restrictive than default namespace name validation func ValidateProject(project *api.Project) fielderrors.ValidationErrorList { result := fielderrors.ValidationErrorList{} result = append(result, validation.ValidateObjectMeta(&project.ObjectMeta, false, ValidateProjectName).Prefix("metadata")...) if !validateNoNewLineOrTab(project.Annotations[projectapi.ProjectDisplayName]) { result = append(result, fielderrors.NewFieldInvalid("metadata.annotations["+projectapi.ProjectDisplayName+"]", project.Annotations[projectapi.ProjectDisplayName], "may not contain a new line or tab")) } result = append(result, validateNodeSelector(project)...) return result }
func ValidateClient(client *api.OAuthClient) fielderrors.ValidationErrorList { allErrs := fielderrors.ValidationErrorList{} allErrs = append(allErrs, validation.ValidateObjectMeta(&client.ObjectMeta, false, validation.NameIsDNSSubdomain).Prefix("metadata")...) for i, redirect := range client.RedirectURIs { if ok, msg := ValidateRedirectURI(redirect); !ok { allErrs = append(allErrs, fielderrors.NewFieldInvalid(fmt.Sprintf("redirectURIs[%d]", i), redirect, msg)) } } return allErrs }
// ValidateHostSubnet tests fields for the host subnet, the host should be a network resolvable string, // and subnet should be a valid CIDR func ValidateHostSubnet(hs *sdnapi.HostSubnet) fielderrors.ValidationErrorList { allErrs := fielderrors.ValidationErrorList{} allErrs = append(allErrs, validation.ValidateObjectMeta(&hs.ObjectMeta, false, oapi.MinimalNameRequirements).Prefix("metadata")...) _, _, err := net.ParseCIDR(hs.Subnet) if err != nil { allErrs = append(allErrs, fielderrors.NewFieldInvalid("subnet", hs.Subnet, err.Error())) } if net.ParseIP(hs.HostIP) == nil { allErrs = append(allErrs, fielderrors.NewFieldInvalid("hostIP", hs.HostIP, "invalid IP address")) } return allErrs }
func ValidateUserIdentityMapping(mapping *api.UserIdentityMapping) fielderrors.ValidationErrorList { allErrs := fielderrors.ValidationErrorList{} allErrs = append(allErrs, kvalidation.ValidateObjectMeta(&mapping.ObjectMeta, false, ValidateIdentityName).Prefix("metadata")...) if len(mapping.Identity.Name) == 0 { allErrs = append(allErrs, fielderrors.NewFieldRequired("identity.name")) } if mapping.Identity.Name != mapping.Name { allErrs = append(allErrs, fielderrors.NewFieldInvalid("identity.name", mapping.Identity.Name, "must match metadata.name")) } if len(mapping.User.Name) == 0 { allErrs = append(allErrs, fielderrors.NewFieldRequired("user.name")) } return allErrs }
func ValidateDeploymentConfig(config *deployapi.DeploymentConfig) fielderrors.ValidationErrorList { allErrs := fielderrors.ValidationErrorList{} allErrs = append(allErrs, validation.ValidateObjectMeta(&config.ObjectMeta, true, validation.NameIsDNSSubdomain).Prefix("metadata")...) for i := range config.Triggers { allErrs = append(allErrs, validateTrigger(&config.Triggers[i]).PrefixIndex(i).Prefix("triggers")...) } allErrs = append(allErrs, validateDeploymentStrategy(&config.Template.Strategy).Prefix("template.strategy")...) allErrs = append(allErrs, validation.ValidateReplicationControllerSpec(&config.Template.ControllerTemplate).Prefix("template.controllerTemplate")...) if config.LatestVersion < 0 { allErrs = append(allErrs, fielderrors.NewFieldInvalid("latestVersion", config.LatestVersion, "latestVersion cannot be negative")) } return allErrs }
// ValidateImage tests required fields for an Image. func ValidateImage(image *api.Image) fielderrors.ValidationErrorList { result := fielderrors.ValidationErrorList{} result = append(result, validation.ValidateObjectMeta(&image.ObjectMeta, false, oapi.MinimalNameRequirements).Prefix("metadata")...) if len(image.DockerImageReference) == 0 { result = append(result, fielderrors.NewFieldRequired("dockerImageReference")) } else { if _, err := api.ParseDockerImageReference(image.DockerImageReference); err != nil { result = append(result, fielderrors.NewFieldInvalid("dockerImageReference", image.DockerImageReference, err.Error())) } } return result }
func ValidateAuthorizeToken(authorizeToken *api.OAuthAuthorizeToken) fielderrors.ValidationErrorList { allErrs := fielderrors.ValidationErrorList{} allErrs = append(allErrs, validation.ValidateObjectMeta(&authorizeToken.ObjectMeta, false, ValidateTokenName).Prefix("metadata")...) allErrs = append(allErrs, ValidateClientNameField(authorizeToken.ClientName, "clientName")...) allErrs = append(allErrs, ValidateUserNameField(authorizeToken.UserName, "userName")...) if len(authorizeToken.UserUID) == 0 { allErrs = append(allErrs, fielderrors.NewFieldRequired("userUID")) } if ok, msg := ValidateRedirectURI(authorizeToken.RedirectURI); !ok { allErrs = append(allErrs, fielderrors.NewFieldInvalid("redirectURI", authorizeToken.RedirectURI, msg)) } return allErrs }
func ValidateGroup(group *api.Group) fielderrors.ValidationErrorList { allErrs := fielderrors.ValidationErrorList{} allErrs = append(allErrs, kvalidation.ValidateObjectMeta(&group.ObjectMeta, false, ValidateGroupName).Prefix("metadata")...) for index, user := range group.Users { if len(user) == 0 { allErrs = append(allErrs, fielderrors.NewFieldInvalid(fmt.Sprintf("users[%d]", index), user, "may not be empty")) continue } if ok, msg := ValidateUserName(user, false); !ok { allErrs = append(allErrs, fielderrors.NewFieldInvalid(fmt.Sprintf("users[%d]", index), user, msg)) } } return allErrs }
// ValidateClusterNetwork tests if required fields in the ClusterNetwork are set. func ValidateClusterNetwork(clusterNet *sdnapi.ClusterNetwork) fielderrors.ValidationErrorList { allErrs := fielderrors.ValidationErrorList{} allErrs = append(allErrs, validation.ValidateObjectMeta(&clusterNet.ObjectMeta, false, oapi.MinimalNameRequirements).Prefix("metadata")...) _, ipnet, err := net.ParseCIDR(clusterNet.Network) if err != nil { allErrs = append(allErrs, fielderrors.NewFieldInvalid("network", clusterNet.Network, err.Error())) } else { ones, bitSize := ipnet.Mask.Size() if (bitSize - ones) <= clusterNet.HostSubnetLength { allErrs = append(allErrs, fielderrors.NewFieldInvalid("hostSubnetLength", clusterNet.HostSubnetLength, "subnet length is greater than cluster Mask")) } } return allErrs }
func ValidatePolicy(policy *authorizationapi.Policy, isNamespaced bool) fielderrors.ValidationErrorList { allErrs := fielderrors.ValidationErrorList{} allErrs = append(allErrs, validation.ValidateObjectMeta(&policy.ObjectMeta, isNamespaced, ValidatePolicyName).Prefix("metadata")...) for roleKey, role := range policy.Roles { if role == nil { allErrs = append(allErrs, fielderrors.NewFieldRequired("roles."+roleKey)) } if roleKey != role.Name { allErrs = append(allErrs, fielderrors.NewFieldInvalid("roles."+roleKey+".metadata.name", role.Name, "must be "+roleKey)) } allErrs = append(allErrs, ValidateRole(role, isNamespaced).Prefix("roles."+roleKey)...) } return allErrs }
// ValidateBuildConfig tests required fields for a Build. func ValidateBuildConfig(config *buildapi.BuildConfig) fielderrors.ValidationErrorList { allErrs := fielderrors.ValidationErrorList{} allErrs = append(allErrs, validation.ValidateObjectMeta(&config.ObjectMeta, true, validation.NameIsDNSSubdomain).Prefix("metadata")...) // allow only one ImageChangeTrigger for now ictCount := 0 for i, trg := range config.Triggers { allErrs = append(allErrs, validateTrigger(&trg).PrefixIndex(i).Prefix("triggers")...) if trg.Type == buildapi.ImageChangeBuildTriggerType { if ictCount++; ictCount > 1 { allErrs = append(allErrs, fielderrors.NewFieldInvalid("triggers", config.Triggers, "only one ImageChange trigger is allowed")) break } } } allErrs = append(allErrs, validateBuildParameters(&config.Parameters).Prefix("parameters")...) allErrs = append(allErrs, validateBuildConfigOutput(&config.Parameters.Output).Prefix("parameters.output")...) return allErrs }
func ValidateRoleBinding(roleBinding *authorizationapi.RoleBinding, isNamespaced bool) fielderrors.ValidationErrorList { allErrs := fielderrors.ValidationErrorList{} allErrs = append(allErrs, validation.ValidateObjectMeta(&roleBinding.ObjectMeta, isNamespaced, oapi.MinimalNameRequirements).Prefix("metadata")...) // roleRef namespace is empty when referring to global policy. if (len(roleBinding.RoleRef.Namespace) > 0) && !util.IsDNS1123Subdomain(roleBinding.RoleRef.Namespace) { allErrs = append(allErrs, fielderrors.NewFieldInvalid("roleRef.namespace", roleBinding.RoleRef.Namespace, "roleRef.namespace must be a valid subdomain")) } if len(roleBinding.RoleRef.Name) == 0 { allErrs = append(allErrs, fielderrors.NewFieldRequired("roleRef.name")) } else { if valid, err := oapi.MinimalNameRequirements(roleBinding.RoleRef.Name, false); !valid { allErrs = append(allErrs, fielderrors.NewFieldInvalid("roleRef.name", roleBinding.RoleRef.Name, err)) } } return allErrs }
func ValidateUser(user *api.User) fielderrors.ValidationErrorList { allErrs := fielderrors.ValidationErrorList{} allErrs = append(allErrs, kvalidation.ValidateObjectMeta(&user.ObjectMeta, false, ValidateUserName).Prefix("metadata")...) for index, identity := range user.Identities { if ok, msg := ValidateIdentityName(identity, false); !ok { allErrs = append(allErrs, fielderrors.NewFieldInvalid(fmt.Sprintf("identities[%d]", index), identity, msg)) } } for index, group := range user.Groups { if len(group) == 0 { allErrs = append(allErrs, fielderrors.NewFieldInvalid(fmt.Sprintf("groups[%d]", index), group, "may not be empty")) continue } if ok, msg := ValidateGroupName(group, false); !ok { allErrs = append(allErrs, fielderrors.NewFieldInvalid(fmt.Sprintf("groups[%d]", index), group, msg)) } } return allErrs }
func ValidateClientAuthorization(clientAuthorization *api.OAuthClientAuthorization) fielderrors.ValidationErrorList { allErrs := fielderrors.ValidationErrorList{} expectedName := fmt.Sprintf("%s:%s", clientAuthorization.UserName, clientAuthorization.ClientName) metadataErrs := validation.ValidateObjectMeta(&clientAuthorization.ObjectMeta, false, ValidateClientAuthorizationName).Prefix("metadata") if len(metadataErrs) > 0 { allErrs = append(allErrs, metadataErrs...) } else if clientAuthorization.Name != expectedName { allErrs = append(allErrs, fielderrors.NewFieldInvalid("metadata.name", clientAuthorization.Name, "must be in the format <userName>:<clientName>")) } allErrs = append(allErrs, ValidateClientNameField(clientAuthorization.ClientName, "clientName")...) allErrs = append(allErrs, ValidateUserNameField(clientAuthorization.UserName, "userName")...) if len(clientAuthorization.UserUID) == 0 { allErrs = append(allErrs, fielderrors.NewFieldRequired("useruid")) } return allErrs }
// ValidateImageStream tests required fields for an ImageStream. func ValidateImageStream(stream *api.ImageStream) fielderrors.ValidationErrorList { result := fielderrors.ValidationErrorList{} result = append(result, validation.ValidateObjectMeta(&stream.ObjectMeta, true, ValidateImageStreamName).Prefix("metadata")...) // Ensure we can generate a valid docker image repository from namespace/name if len(stream.Namespace) > 0 && len(stream.Namespace) < v2.RepositoryNameComponentMinLength { result = append(result, fielderrors.NewFieldInvalid("metadata.namespace", stream.Namespace, fmt.Sprintf("must be at least %d characters long", v2.RepositoryNameComponentMinLength))) } if len(stream.Namespace+"/"+stream.Name) > v2.RepositoryNameTotalLengthMax { result = append(result, fielderrors.NewFieldInvalid("metadata.name", stream.Name, fmt.Sprintf("'namespace/name' cannot be longer than %d characters", v2.RepositoryNameTotalLengthMax))) } if stream.Spec.Tags == nil { stream.Spec.Tags = make(map[string]api.TagReference) } if len(stream.Spec.DockerImageRepository) != 0 { if _, err := api.ParseDockerImageReference(stream.Spec.DockerImageRepository); err != nil { result = append(result, fielderrors.NewFieldInvalid("spec.dockerImageRepository", stream.Spec.DockerImageRepository, err.Error())) } } for tag, tagRef := range stream.Spec.Tags { if tagRef.From != nil { switch tagRef.From.Kind { case "DockerImage", "ImageStreamImage", "ImageStreamTag": default: result = append(result, fielderrors.NewFieldInvalid(fmt.Sprintf("spec.tags[%s].from.kind", tag), tagRef.From.Kind, "valid values are 'DockerImage', 'ImageStreamImage', 'ImageStreamTag'")) } } } for tag, history := range stream.Status.Tags { for i, tagEvent := range history.Items { if len(tagEvent.DockerImageReference) == 0 { result = append(result, fielderrors.NewFieldRequired(fmt.Sprintf("status.tags[%s].Items[%d].dockerImageReference", tag, i))) } } } return result }
func ValidateRole(role *authorizationapi.Role, isNamespaced bool) fielderrors.ValidationErrorList { allErrs := fielderrors.ValidationErrorList{} allErrs = append(allErrs, validation.ValidateObjectMeta(&role.ObjectMeta, isNamespaced, oapi.MinimalNameRequirements).Prefix("metadata")...) return allErrs }
// ValidateTemplate tests if required fields in the Template are set. func ValidateTemplate(template *api.Template) (allErrs fielderrors.ValidationErrorList) { allErrs = validation.ValidateObjectMeta(&template.ObjectMeta, true, oapi.GetNameValidationFunc(validation.ValidatePodName)).Prefix("metadata") allErrs = append(allErrs, validateTemplateBody(template)...) return }