func (r *REST) Create(ctx kapi.Context, obj runtime.Object) (runtime.Object, error) {
if err := rest.BeforeCreate(projectrequestregistry.Strategy, ctx, obj); err != nil {
return nil, err
}
projectRequest := obj.(*projectapi.ProjectRequest)
if _, err := r.openshiftClient.Projects().Get(projectRequest.Name); err == nil {
return nil, kapierror.NewAlreadyExists("project", projectRequest.Name)
}
projectName := projectRequest.Name
projectAdmin := ""
if userInfo, exists := kapi.UserFrom(ctx); exists {
projectAdmin = userInfo.GetName()
}
template, err := r.getTemplate()
if err != nil {
return nil, err
}
for i := range template.Parameters {
switch template.Parameters[i].Name {
case ProjectAdminUserParam:
template.Parameters[i].Value = projectAdmin
case ProjectDescriptionParam:
template.Parameters[i].Value = projectRequest.Description
case ProjectDisplayNameParam:
template.Parameters[i].Value = projectRequest.DisplayName
case ProjectNameParam:
template.Parameters[i].Value = projectName
}
}
list, err := r.openshiftClient.TemplateConfigs(kapi.NamespaceDefault).Create(template)
if err != nil {
return nil, err
}
if err := utilerrors.NewAggregate(runtime.DecodeList(list.Objects, kapi.Scheme)); err != nil {
return nil, err
}
bulk := configcmd.Bulk{
Mapper: latest.RESTMapper,
Typer: kapi.Scheme,
RESTClientFactory: func(mapping *meta.RESTMapping) (resource.RESTClient, error) {
return r.openshiftClient, nil
},
}
if err := utilerrors.NewAggregate(bulk.Create(&kapi.List{Items: list.Objects}, projectName)); err != nil {
return nil, err
}
return r.openshiftClient.Projects().Get(projectName)
}
// Create registers a given new ResourceAccessReview instance to r.registry.
func (r *REST) Create(ctx kapi.Context, obj runtime.Object) (runtime.Object, error) {
resourceAccessReview, ok := obj.(*authorizationapi.ResourceAccessReview)
if !ok {
return nil, errors.NewBadRequest(fmt.Sprintf("not a resourceAccessReview: %#v", obj))
}
if err := kutilerrors.NewAggregate(authorizationvalidation.ValidateResourceAccessReview(resourceAccessReview)); err != nil {
return nil, err
}
namespace := kapi.NamespaceValue(ctx)
attributes := &authorizer.DefaultAuthorizationAttributes{
Verb: resourceAccessReview.Verb,
Resource: resourceAccessReview.Resource,
}
users, groups, err := r.authorizer.GetAllowedSubjects(ctx, attributes)
if err != nil {
return nil, err
}
response := &authorizationapi.ResourceAccessReviewResponse{
Namespace: namespace,
Users: users,
Groups: groups,
}
return response, nil
}
// ConfirmUsable looks a particular context and determines if that particular part of the config is useable. There might still be errors in the config,
// but no errors in the sections requested or referenced. It does not return early so that it can find as many errors as possible.
func (config DirectClientConfig) ConfirmUsable() error {
validationErrors := make([]error, 0)
validationErrors = append(validationErrors, validateAuthInfo(config.getAuthInfoName(), config.getAuthInfo())...)
validationErrors = append(validationErrors, validateClusterInfo(config.getClusterName(), config.getCluster())...)
return errors.NewAggregate(validationErrors)
}
// validate converts all of the arguments on the config into references to objects, or returns an error
func (c *AppConfig) validate() (app.ComponentReferences, app.SourceRepositories, cmdutil.Environment, cmdutil.Environment, error) {
b := c.refBuilder
b.AddComponents(c.DockerImages, func(input *app.ComponentInput) app.ComponentReference {
input.Argument = fmt.Sprintf("--docker-image=%q", input.From)
input.Resolver = c.dockerResolver
return input
})
b.AddComponents(c.ImageStreams, func(input *app.ComponentInput) app.ComponentReference {
input.Argument = fmt.Sprintf("--image=%q", input.From)
input.Resolver = c.imageStreamResolver
return input
})
b.AddComponents(c.Templates, func(input *app.ComponentInput) app.ComponentReference {
input.Argument = fmt.Sprintf("--template=%q", input.From)
input.Resolver = c.templateResolver
return input
})
b.AddComponents(c.TemplateFiles, func(input *app.ComponentInput) app.ComponentReference {
input.Argument = fmt.Sprintf("--file=%q", input.From)
input.Resolver = c.templateFileResolver
return input
})
b.AddComponents(c.Components, func(input *app.ComponentInput) app.ComponentReference {
input.Resolver = app.PerfectMatchWeightedResolver{
app.WeightedResolver{Resolver: c.imageStreamResolver, Weight: 0.0},
app.WeightedResolver{Resolver: c.templateResolver, Weight: 0.0},
app.WeightedResolver{Resolver: c.templateFileResolver, Weight: 0.0},
app.WeightedResolver{Resolver: c.dockerResolver, Weight: 2.0},
}
return input
})
b.AddGroups(c.Groups)
refs, repos, errs := b.Result()
if len(repos) > 0 {
repos[0].SetContextDir(c.ContextDir)
if len(repos) > 1 {
glog.Warningf("You have specified more than one source repository and a context directory. "+
"The context directory will be applied to the first repository: %q", repos[0])
}
}
if len(c.Strategy) != 0 && len(repos) == 0 {
errs = append(errs, fmt.Errorf("when --strategy is specified you must provide at least one source code location"))
}
env, duplicateEnv, envErrs := cmdutil.ParseEnvironmentArguments(c.Environment)
for _, s := range duplicateEnv {
glog.V(1).Infof("The environment variable %q was overwritten", s)
}
errs = append(errs, envErrs...)
parms, duplicateParms, parmsErrs := cmdutil.ParseEnvironmentArguments(c.TemplateParameters)
for _, s := range duplicateParms {
glog.V(1).Infof("The template parameter %q was overwritten", s)
}
errs = append(errs, parmsErrs...)
return refs, repos, env, parms, errors.NewAggregate(errs)
}
// GetEffectivePolicyRules returns the list of rules that apply to a given user in a given namespace and error. If an error is returned, the slice of
// PolicyRules may not be complete, but it contains all retrievable rules. This is done because policy rules are purely additive and policy determinations
// can be made on the basis of those rules that are found.
func (a *DefaultRuleResolver) GetEffectivePolicyRules(ctx kapi.Context) ([]authorizationapi.PolicyRule, error) {
roleBindings, err := a.GetRoleBindings(ctx)
if err != nil {
return nil, err
}
user, exists := kapi.UserFrom(ctx)
if !exists {
return nil, errors.New("user missing from context")
}
errs := []error{}
rules := make([]authorizationapi.PolicyRule, 0, len(roleBindings))
for _, roleBinding := range roleBindings {
if !appliesToUser(roleBinding.Users(), roleBinding.Groups(), user) {
continue
}
role, err := a.GetRole(roleBinding)
if err != nil {
errs = append(errs, err)
continue
}
for _, curr := range role.Rules() {
rules = append(rules, curr)
}
}
return rules, kerrors.NewAggregate(errs)
}
func (v FlattenListVisitor) Visit(fn VisitorFunc) error {
return v.Visitor.Visit(func(info *Info) error {
if info.Object == nil {
return fn(info)
}
items, err := runtime.ExtractList(info.Object)
if err != nil {
return fn(info)
}
if errs := runtime.DecodeList(items, struct {
runtime.ObjectTyper
runtime.Decoder
}{v.Mapper, info.Mapping.Codec}); len(errs) > 0 {
return errors.NewAggregate(errs)
}
for i := range items {
item, err := v.InfoForObject(items[i])
if err != nil {
return err
}
if len(info.ResourceVersion) != 0 {
item.ResourceVersion = info.ResourceVersion
}
if err := fn(item); err != nil {
return err
}
}
return nil
})
}
// InitPlugins initializes each plugin. All plugins must have unique names.
// This must be called exactly once before any New* methods are called on any
// plugins.
func (pm *VolumePluginMgr) InitPlugins(plugins []VolumePlugin, host VolumeHost) error {
pm.mutex.Lock()
defer pm.mutex.Unlock()
if pm.plugins == nil {
pm.plugins = map[string]VolumePlugin{}
}
allErrs := []error{}
for _, plugin := range plugins {
name := plugin.Name()
if !util.IsQualifiedName(name) {
allErrs = append(allErrs, fmt.Errorf("volume plugin has invalid name: %#v", plugin))
continue
}
if _, found := pm.plugins[name]; found {
allErrs = append(allErrs, fmt.Errorf("volume plugin %q was registered more than once", name))
continue
}
plugin.Init(host)
pm.plugins[name] = plugin
glog.V(1).Infof("Loaded volume plugin %q", name)
}
return errors.NewAggregate(allErrs)
}
// validate converts all of the arguments on the config into references to objects, or returns an error
func (c *AppConfig) validate() (app.ComponentReferences, app.SourceRepositories, cmdutil.Environment, cmdutil.Environment, error) {
b := c.refBuilder
c.addReferenceBuilderComponents(b)
b.AddGroups(c.Groups)
refs, repos, errs := b.Result()
if len(repos) > 0 {
repos[0].SetContextDir(c.ContextDir)
if len(repos) > 1 {
glog.Warningf("You have specified more than one source repository and a context directory. "+
"The context directory will be applied to the first repository: %q", repos[0])
}
}
if len(c.Strategy) != 0 && len(repos) == 0 {
errs = append(errs, fmt.Errorf("when --strategy is specified you must provide at least one source code location"))
}
env, duplicateEnv, envErrs := cmdutil.ParseEnvironmentArguments(c.Environment)
for _, s := range duplicateEnv {
glog.V(1).Infof("The environment variable %q was overwritten", s)
}
errs = append(errs, envErrs...)
parms, duplicateParms, parmsErrs := cmdutil.ParseEnvironmentArguments(c.TemplateParameters)
for _, s := range duplicateParms {
glog.V(1).Infof("The template parameter %q was overwritten", s)
}
errs = append(errs, parmsErrs...)
return refs, repos, env, parms, errors.NewAggregate(errs)
}
// resolve the references to ensure they are all valid, and identify any images that don't match user input.
func (c *AppConfig) resolve(components app.ComponentReferences) error {
errs := []error{}
for _, ref := range components {
if err := ref.Resolve(); err != nil {
errs = append(errs, err)
continue
}
switch input := ref.Input(); {
case !input.ExpectToBuild && input.ResolvedMatch.Builder:
if c.Strategy != "docker" {
glog.Infof("Image %q is a builder, so a repository will be expected unless you also specify --strategy=docker", input)
input.ExpectToBuild = true
}
case input.ExpectToBuild && input.ResolvedMatch.IsTemplate():
// TODO: harder - break the template pieces and check if source code can be attached (look for a build config, build image, etc)
errs = append(errs, fmt.Errorf("template with source code explicitly attached is not supported - you must either specify the template and source code separately or attach an image to the source code using the '[image]~[code]' form"))
continue
case input.ExpectToBuild && !input.ResolvedMatch.Builder && !input.Uses.IsDockerBuild():
if len(c.Strategy) == 0 {
errs = append(errs, fmt.Errorf("none of the images that match %q can build source code - check whether this is the image you want to use, then use --strategy=source to build using source or --strategy=docker to treat this as a Docker base image and set up a layered Docker build", ref))
continue
}
}
}
return errors.NewAggregate(errs)
}
// MakeGraph will create the graph of all build configurations and the image streams
// they point to via image change triggers in the provided namespace(s)
func (d *ChainDescriber) MakeGraph() (osgraph.Graph, error) {
g := osgraph.New()
loaders := []GraphLoader{}
for namespace := range d.namespaces {
glog.V(4).Infof("Loading build configurations from %q", namespace)
loaders = append(loaders, &bcLoader{namespace: namespace, lister: d.c})
}
loadingFuncs := []func() error{}
for _, loader := range loaders {
loadingFuncs = append(loadingFuncs, loader.Load)
}
if errs := parallel.Run(loadingFuncs...); len(errs) > 0 {
return g, utilerrors.NewAggregate(errs)
}
for _, loader := range loaders {
loader.AddToGraph(g)
}
buildedges.AddAllInputOutputEdges(g)
return g, nil
}
// buildTemplates converts a set of resolved, valid references into references to template objects.
func (c *AppConfig) buildTemplates(components app.ComponentReferences, environment app.Environment) ([]runtime.Object, error) {
objects := []runtime.Object{}
for _, ref := range components {
tpl := ref.Input().ResolvedMatch.Template
glog.V(4).Infof("processing template %s/%s", c.originNamespace, tpl.Name)
for _, env := range environment.List() {
// only set environment values that match what's expected by the template.
if v := template.GetParameterByName(tpl, env.Name); v != nil {
v.Value = env.Value
v.Generate = ""
template.AddParameter(tpl, *v)
} else {
return nil, fmt.Errorf("unexpected parameter name %q", env.Name)
}
}
result, err := c.osclient.TemplateConfigs(c.originNamespace).Create(tpl)
if err != nil {
return nil, fmt.Errorf("error processing template %s/%s: %v", c.originNamespace, tpl.Name, err)
}
errs := runtime.DecodeList(result.Objects, kapi.Scheme)
if len(errs) > 0 {
err = errors.NewAggregate(errs)
return nil, fmt.Errorf("error processing template %s/%s: %v", c.originNamespace, tpl.Name, errs)
}
objects = append(objects, result.Objects...)
}
return objects, nil
}
func filterInvalidPods(pods []*api.Pod, source string, recorder record.EventRecorder) (filtered []*api.Pod) {
names := util.StringSet{}
for i, pod := range pods {
var errlist []error
if errs := validation.ValidatePod(pod); len(errs) != 0 {
errlist = append(errlist, errs...)
// If validation fails, don't trust it any further -
// even Name could be bad.
} else {
name := kubecontainer.GetPodFullName(pod)
if names.Has(name) {
errlist = append(errlist, fielderrors.NewFieldDuplicate("name", pod.Name))
} else {
names.Insert(name)
}
}
if len(errlist) > 0 {
name := bestPodIdentString(pod)
err := utilerrors.NewAggregate(errlist)
glog.Warningf("Pod[%d] (%s) from %s failed validation, ignoring: %v", i+1, name, source, err)
recorder.Eventf(pod, "failedValidation", "Error validating pod %s from %s, ignoring: %v", name, source, err)
continue
}
filtered = append(filtered, pod)
}
return
}
func (s *SwaggerSchema) ValidateBytes(data []byte) error {
var obj interface{}
out, err := yaml.ToJSON(data)
if err != nil {
return err
}
data = out
if err := json.Unmarshal(data, &obj); err != nil {
return err
}
fields, ok := obj.(map[string]interface{})
if !ok {
return fmt.Errorf("error in unmarshaling data %s", string(data))
}
apiVersion := fields["apiVersion"]
if apiVersion == nil {
return fmt.Errorf("apiVersion not set")
}
kind := fields["kind"]
if kind == nil {
return fmt.Errorf("kind not set")
}
allErrs := s.ValidateObject(obj, apiVersion.(string), "", apiVersion.(string)+"."+kind.(string))
if len(allErrs) == 1 {
return allErrs[0]
}
return errors.NewAggregate(allErrs)
}
func (l *ListPodsOptions) Run() error {
nodes, err := l.Options.GetNodes()
if err != nil {
return err
}
var printer kubectl.ResourcePrinter
if l.Options.CmdPrinterOutput {
printer = l.Options.CmdPrinter
} else {
printer, _, err = l.Options.GetPrintersByResource("pod")
if err != nil {
return err
}
}
errList := []error{}
for _, node := range nodes {
err := l.runListPods(node, printer)
if err != nil {
// Don't bail out if one node fails
errList = append(errList, err)
}
}
return kerrors.NewAggregate(errList)
}
func statusCausesToAggrError(scs []api.StatusCause) utilerrors.Aggregate {
errs := make([]error, len(scs))
for i, sc := range scs {
errs[i] = fmt.Errorf("%s: %s", sc.Field, sc.Message)
}
return utilerrors.NewAggregate(errs)
}
// AuthenticateRequest authenticates the request using presented client certificates
func (a *Authenticator) AuthenticateRequest(req *http.Request) (user.Info, bool, error) {
if req.TLS == nil {
return nil, false, nil
}
var errlist []error
for _, cert := range req.TLS.PeerCertificates {
chains, err := cert.Verify(a.opts)
if err != nil {
errlist = append(errlist, err)
continue
}
for _, chain := range chains {
user, ok, err := a.user.User(chain)
if err != nil {
errlist = append(errlist, err)
continue
}
if ok {
return user, ok, err
}
}
}
return nil, false, errors.NewAggregate(errlist)
}
// ConfirmUsable looks a particular context and determines if that particular part of the config is useable. There might still be errors in the config,
// but no errors in the sections requested or referenced. It does not return early so that it can find as many errors as possible.
func ConfirmUsable(config clientcmdapi.Config, passedContextName string) error {
validationErrors := make([]error, 0)
var contextName string
if len(passedContextName) != 0 {
contextName = passedContextName
} else {
contextName = config.CurrentContext
}
if len(contextName) == 0 {
return ErrNoContext
}
context, exists := config.Contexts[contextName]
if !exists {
validationErrors = append(validationErrors, &errContextNotFound{contextName})
}
if exists {
validationErrors = append(validationErrors, validateContext(contextName, context, config)...)
validationErrors = append(validationErrors, validateAuthInfo(context.AuthInfo, config.AuthInfos[context.AuthInfo])...)
validationErrors = append(validationErrors, validateClusterInfo(context.Cluster, config.Clusters[context.Cluster])...)
}
return utilerrors.NewAggregate(validationErrors)
}
func (o CreateMasterCertsOptions) CreateMasterCerts() error {
glog.V(4).Infof("Creating all certs with: %#v", o)
signerCertOptions := CreateSignerCertOptions{
CertFile: DefaultCertFilename(o.CertDir, CAFilePrefix),
KeyFile: DefaultKeyFilename(o.CertDir, CAFilePrefix),
SerialFile: DefaultSerialFilename(o.CertDir, CAFilePrefix),
Name: o.SignerName,
Overwrite: o.Overwrite,
Output: o.Output,
}
if err := signerCertOptions.Validate(nil); err != nil {
return err
}
if _, err := signerCertOptions.CreateSignerCert(); err != nil {
return err
}
// once we've minted the signer, don't overwrite it
getSignerCertOptions := GetSignerCertOptions{
CertFile: DefaultCertFilename(o.CertDir, CAFilePrefix),
KeyFile: DefaultKeyFilename(o.CertDir, CAFilePrefix),
SerialFile: DefaultSerialFilename(o.CertDir, CAFilePrefix),
}
errs := parallel.Run(
func() error { return o.createServerCerts(&getSignerCertOptions) },
func() error { return o.createAPIClients(&getSignerCertOptions) },
func() error { return o.createEtcdClientCerts(&getSignerCertOptions) },
func() error { return o.createKubeletClientCerts(&getSignerCertOptions) },
func() error { return o.createServiceAccountKeys() },
)
return utilerrors.NewAggregate(errs)
}
// RunSearch executes the provided config and returns the result of the resolution.
func (c *AppConfig) RunSearch(out, errOut io.Writer) (*SearchResult, error) {
c.ensureDockerSearcher()
repositories, err := c.individualSourceRepositories()
if err != nil {
return nil, err
}
components, repositories, environment, parameters, err := c.validate()
if err != nil {
return nil, err
}
if len(repositories) == 0 && len(components) == 0 {
return nil, ErrNoInputs
}
errs := []error{}
if len(repositories) > 0 {
errs = append(errs, fmt.Errorf("--search can't be used with source code"))
}
if len(environment) > 0 {
errs = append(errs, fmt.Errorf("--search can't be used with --env"))
}
if len(parameters) > 0 {
errs = append(errs, fmt.Errorf("--search can't be used with --param"))
}
if len(errs) > 0 {
return nil, errors.NewAggregate(errs)
}
if err := c.search(components); err != nil {
return nil, err
}
glog.V(4).Infof("Code %v", repositories)
glog.V(4).Infof("Components %v", components)
matches := app.ComponentMatches{}
objects := app.Objects{}
for _, ref := range components {
for _, match := range ref.Input().SearchMatches {
matches = append(matches, match)
if match.IsTemplate() {
objects = append(objects, match.Template)
} else if match.IsImage() {
if match.ImageStream != nil {
objects = append(objects, match.ImageStream)
}
if match.Image != nil {
objects = append(objects, match.Image)
}
}
}
}
return &SearchResult{
Matches: matches,
List: &kapi.List{Items: objects},
}, nil
}
// Filter removes items from the ValidationErrorList that match the provided fns.
func (list ValidationErrorList) Filter(fns ...errors.Matcher) ValidationErrorList {
err := errors.FilterOut(errors.NewAggregate(list), fns...)
if err == nil {
return nil
}
// FilterOut that takes an Aggregate returns an Aggregate
agg := err.(errors.Aggregate)
return ValidationErrorList(agg.Errors())
}
func (d *ProjectStatusDescriber) MakeGraph(namespace string) (osgraph.Graph, util.StringSet, error) {
g := osgraph.New()
loaders := []GraphLoader{
&serviceLoader{namespace: namespace, lister: d.K},
&serviceAccountLoader{namespace: namespace, lister: d.K},
&secretLoader{namespace: namespace, lister: d.K},
&rcLoader{namespace: namespace, lister: d.K},
&podLoader{namespace: namespace, lister: d.K},
&bcLoader{namespace: namespace, lister: d.C},
&buildLoader{namespace: namespace, lister: d.C},
&isLoader{namespace: namespace, lister: d.C},
&dcLoader{namespace: namespace, lister: d.C},
}
loadingFuncs := []func() error{}
for _, loader := range loaders {
loadingFuncs = append(loadingFuncs, loader.Load)
}
forbiddenResources := util.StringSet{}
if errs := parallel.Run(loadingFuncs...); len(errs) > 0 {
actualErrors := []error{}
for _, err := range errs {
if kapierrors.IsForbidden(err) {
forbiddenErr := err.(*kapierrors.StatusError)
if (forbiddenErr.Status().Details != nil) && (len(forbiddenErr.Status().Details.Kind) > 0) {
forbiddenResources.Insert(forbiddenErr.Status().Details.Kind)
}
continue
}
actualErrors = append(actualErrors, err)
}
if len(actualErrors) > 0 {
return g, forbiddenResources, utilerrors.NewAggregate(actualErrors)
}
}
for _, loader := range loaders {
loader.AddToGraph(g)
}
kubeedges.AddAllExposedPodTemplateSpecEdges(g)
kubeedges.AddAllExposedPodEdges(g)
kubeedges.AddAllManagedByRCPodEdges(g)
kubeedges.AddAllRequestedServiceAccountEdges(g)
kubeedges.AddAllMountableSecretEdges(g)
kubeedges.AddAllMountedSecretEdges(g)
buildedges.AddAllInputOutputEdges(g)
buildedges.AddAllBuildEdges(g)
deployedges.AddAllTriggerEdges(g)
deployedges.AddAllDeploymentEdges(g)
imageedges.AddAllImageStreamRefEdges(g)
return g, forbiddenResources, nil
}
// searches on all references
func (c *AppConfig) search(components app.ComponentReferences) error {
errs := []error{}
for _, ref := range components {
if err := ref.Search(); err != nil {
errs = append(errs, err)
continue
}
}
return errors.NewAggregate(errs)
}
func (c configValidationTest) testAuthInfo(authInfoName string, t *testing.T) {
errs := validateAuthInfo(authInfoName, c.config.AuthInfos[authInfoName])
if len(c.expectedErrorSubstring) != 0 {
if len(errs) == 0 {
t.Errorf("Expected error containing: %v", c.expectedErrorSubstring)
}
for _, curr := range c.expectedErrorSubstring {
if len(errs) != 0 && !strings.Contains(errors.NewAggregate(errs).Error(), curr) {
t.Errorf("Expected error containing: %v, but got %v", c.expectedErrorSubstring, errors.NewAggregate(errs))
}
}
} else {
if len(errs) != 0 {
t.Errorf("Unexpected error: %v", errors.NewAggregate(errs))
}
}
}
func TestValidateProcessTemplate(t *testing.T) {
var tests = []struct {
template *api.Template
isValidExpected bool
}{
{ // Empty Template, should pass
&api.Template{},
true,
},
{ // Template with name, should pass
&api.Template{
ObjectMeta: kapi.ObjectMeta{Name: "templateId"},
},
true,
},
{ // Template with invalid Parameter, should fail on Parameter name
&api.Template{
ObjectMeta: kapi.ObjectMeta{Name: "templateId"},
Parameters: []api.Parameter{
*(makeParameter("", "1")),
},
},
false,
},
{ // Template with valid Parameter, should pass
&api.Template{
ObjectMeta: kapi.ObjectMeta{Name: "templateId"},
Parameters: []api.Parameter{
*(makeParameter("VALname_NAME", "1")),
},
},
true,
},
{ // Template with Item of unknown Kind, should pass
&api.Template{
ObjectMeta: kapi.ObjectMeta{Name: "templateId"},
Parameters: []api.Parameter{
*(makeParameter("VALname_NAME", "1")),
},
Objects: []runtime.Object{},
},
true,
},
}
for i, test := range tests {
errs := ValidateProcessedTemplate(test.template)
if len(errs) != 0 && test.isValidExpected {
t.Errorf("%d: Unexpected non-empty error list: %v", i, errors.NewAggregate(errs))
}
if len(errs) == 0 && !test.isValidExpected {
t.Errorf("%d: Unexpected empty error list: %#v", i, errs)
}
}
}
// individualSourceRepositories collects the list of SourceRepositories specified in the
// command line that are not associated with a builder using a '~'.
func (c *AppConfig) individualSourceRepositories() (app.SourceRepositories, error) {
first := true
for _, s := range c.SourceRepositories {
if repo, ok := c.refBuilder.AddSourceRepository(s); ok && first {
repo.SetContextDir(c.ContextDir)
first = false
}
}
_, repos, errs := c.refBuilder.Result()
return repos, errors.NewAggregate(errs)
}
// Validate checks for errors in the Config
// It does not return early so that it can find as many errors as possible
func ValidatePolicy(policy schedulerapi.Policy) error {
validationErrors := make([]error, 0)
for _, priority := range policy.Priorities {
if priority.Weight <= 0 {
validationErrors = append(validationErrors, fmt.Errorf("Priority %s should have a positive weight applied to it", priority.Name))
}
}
return errors.NewAggregate(validationErrors)
}
// detectSource runs a code detector on the passed in repositories to obtain a SourceRepositoryInfo
func (c *AppConfig) detectSource(repositories []*app.SourceRepository) error {
errs := []error{}
for _, repo := range repositories {
err := repo.Detect(c.detector)
if err != nil {
errs = append(errs, err)
continue
}
}
return errors.NewAggregate(errs)
}
func (o *NewProjectOptions) Run(useNodeSelector bool) error {
if _, err := o.Client.Projects().Get(o.ProjectName); err != nil {
if !kerrors.IsNotFound(err) {
return err
}
} else {
return fmt.Errorf("project %v already exists", o.ProjectName)
}
project := &projectapi.Project{}
project.Name = o.ProjectName
project.Annotations = make(map[string]string)
project.Annotations[projectapi.ProjectDescription] = o.Description
project.Annotations[projectapi.ProjectDisplayName] = o.DisplayName
if useNodeSelector {
project.Annotations[projectapi.ProjectNodeSelector] = o.NodeSelector
}
project, err := o.Client.Projects().Create(project)
if err != nil {
return err
}
fmt.Printf("Created project %v\n", o.ProjectName)
errs := []error{}
if len(o.AdminUser) != 0 {
adduser := &policy.RoleModificationOptions{
RoleName: o.AdminRole,
RoleBindingAccessor: policy.NewLocalRoleBindingAccessor(project.Name, o.Client),
Users: []string{o.AdminUser},
}
if err := adduser.AddRole(); err != nil {
fmt.Printf("%v could not be added to the %v role: %v\n", o.AdminUser, o.AdminRole, err)
errs = append(errs, err)
}
}
for _, binding := range bootstrappolicy.GetBootstrapServiceAccountProjectRoleBindings(o.ProjectName) {
addRole := &policy.RoleModificationOptions{
RoleName: binding.RoleRef.Name,
RoleNamespace: binding.RoleRef.Namespace,
RoleBindingAccessor: policy.NewLocalRoleBindingAccessor(o.ProjectName, o.Client),
Users: binding.Users.List(),
Groups: binding.Groups.List(),
}
if err := addRole.AddRole(); err != nil {
fmt.Printf("Could not add service accounts to the %v role: %v\n", binding.RoleRef.Name, err)
errs = append(errs, err)
}
}
return errorsutil.NewAggregate(errs)
}
func (a *AddVolumeOptions) Validate(isAddOp bool) error {
errList := []error{}
if isAddOp {
if len(a.Type) == 0 && len(a.Source) == 0 {
errList = append(errList, errors.New("must provide --type or --source for --add operation"))
} else if a.TypeChanged && len(a.Source) > 0 {
errList = append(errList, errors.New("either specify --type or --source but not both for --add operation"))
}
if len(a.Type) > 0 {
switch strings.ToLower(a.Type) {
case "emptydir":
case "hostpath":
if len(a.Path) == 0 {
errList = append(errList, errors.New("must provide --path for --type=hostPath"))
}
case "secret":
if len(a.SecretName) == 0 {
errList = append(errList, errors.New("must provide --secret-name for --type=secret"))
}
case "persistentvolumeclaim":
if len(a.ClaimName) == 0 {
errList = append(errList, errors.New("must provide --claim-name for --type=persistentVolumeClaim"))
}
default:
errList = append(errList, errors.New("invalid volume type. Supported types: emptyDir, hostPath, secret, persistentVolumeClaim"))
}
} else if len(a.Path) > 0 || len(a.SecretName) > 0 || len(a.ClaimName) > 0 {
errList = append(errList, errors.New("--path|--secret-name|--claim-name are only valid for --type option"))
}
if len(a.Source) > 0 {
var source map[string]interface{}
err := json.Unmarshal([]byte(a.Source), &source)
if err != nil {
errList = append(errList, err)
}
if len(source) > 1 {
errList = append(errList, errors.New("must provide only one volume for --source"))
}
var vs kapi.VolumeSource
err = json.Unmarshal([]byte(a.Source), &vs)
if err != nil {
errList = append(errList, err)
}
}
} else if len(a.Source) > 0 || len(a.Path) > 0 || len(a.SecretName) > 0 || len(a.ClaimName) > 0 || a.Overwrite {
errList = append(errList, errors.New("--type|--path|--secret-name|--claim-name|--source|--overwrite are only valid for --add operation"))
}
return kerrors.NewAggregate(errList)
}
// collectData collects requested metadata in data map.
// Map's key is the requested name of file to dump
// Map's value is the (sorted) content of the field to be dumped in the file.
func (m *metadataVolume) collectData(data *map[string]string) error {
errlist := []error{}
for fieldReference, fileName := range m.fieldReferenceFileNames {
if values, err := fieldpath.ExtractFieldPathAsString(m.pod, fieldReference); err != nil {
glog.Error(err)
errlist = append(errlist, err)
} else {
(*data)[fileName] = sortLines(values)
}
}
return utilErrors.NewAggregate(errlist)
}