func ValidateIdentityProviderName(name string) []string { if reasons := oapi.MinimalNameRequirements(name, false); len(reasons) != 0 { return reasons } if strings.Contains(name, ":") { return []string{`may not contain ":"`} } return nil }
func ValidateIdentityProviderName(name string) (bool, string) { if ok, reason := oapi.MinimalNameRequirements(name, false); !ok { return ok, reason } if strings.Contains(name, ":") { return false, `may not contain ":"` } return true, "" }
func ValidateImageStreamName(name string, prefix bool) (bool, string) { if ok, reason := oapi.MinimalNameRequirements(name, prefix); !ok { return ok, reason } if !RepositoryNameComponentAnchoredRegexp.MatchString(name) { return false, fmt.Sprintf("must match %q", RepositoryNameComponentRegexp.String()) } return true, "" }
func ValidateImageStreamName(name string, prefix bool) []string { if reasons := oapi.MinimalNameRequirements(name, prefix); len(reasons) != 0 { return reasons } if !RepositoryNameComponentAnchoredRegexp.MatchString(name) { return []string{fmt.Sprintf("must match %q", RepositoryNameComponentRegexp.String())} } return nil }
func ValidateTokenName(name string, prefix bool) (bool, string) { if ok, reason := oapi.MinimalNameRequirements(name, prefix); !ok { return ok, reason } if len(name) < MinTokenLength { return false, fmt.Sprintf("must be at least %d characters long", MinTokenLength) } return true, "" }
func ValidateTokenName(name string, prefix bool) []string { if reasons := oapi.MinimalNameRequirements(name, prefix); len(reasons) != 0 { return reasons } if len(name) < MinTokenLength { return []string{fmt.Sprintf("must be at least %d characters long", MinTokenLength)} } return nil }
func ValidateApplicationName(name string, prefix bool) (bool, string) { if ok, reason := oapi.MinimalNameRequirements(name, prefix); !ok { return ok, reason } if len(name) < 2 { return false, "must be at least 2 characters long" } return true, "" }
func ValidatePolicyName(name string, prefix bool) []string { if reasons := oapi.MinimalNameRequirements(name, prefix); len(reasons) != 0 { return reasons } if name != authorizationapi.PolicyName { return []string{"name must be " + authorizationapi.PolicyName} } return nil }
func ValidatePolicyName(name string, prefix bool) (bool, string) { if ok, reason := oapi.MinimalNameRequirements(name, prefix); !ok { return ok, reason } if name != authorizationapi.PolicyName { return false, "name must be " + authorizationapi.PolicyName } return true, "" }
func BackingServiceInstanceName(name string, prefix bool) (bool, string) { if ok, reason := oapi.MinimalNameRequirements(name, prefix); !ok { return ok, reason } if len(name) < 2 { return false, "must be at least 2 characters long" } return true, "" }
func ValidateClientAuthorizationName(name string, prefix bool) (bool, string) { if ok, reason := oapi.MinimalNameRequirements(name, prefix); !ok { return ok, reason } lastColon := strings.Index(name, ":") if lastColon <= 0 || lastColon >= len(name)-1 { return false, "must be in the format <userName>:<clientName>" } return true, "" }
func ValidateClientAuthorizationName(name string, prefix bool) []string { if reasons := oapi.MinimalNameRequirements(name, prefix); len(reasons) != 0 { return reasons } lastColon := strings.Index(name, ":") if lastColon <= 0 || lastColon >= len(name)-1 { return []string{"must be in the format <userName>:<clientName>"} } return nil }
func ValidateGroupName(name string, _ bool) []string { if reasons := oapi.MinimalNameRequirements(name, false); len(reasons) != 0 { return reasons } if strings.Contains(name, ":") { return []string{`may not contain ":"`} } if name == "~" { return []string{`may not equal "~"`} } return nil }
func PolicyBindingNameValidator(policyRefNamespace string) validation.ValidateNameFunc { return func(name string, prefix bool) []string { if reasons := oapi.MinimalNameRequirements(name, prefix); len(reasons) != 0 { return reasons } if name != authorizationapi.GetPolicyBindingName(policyRefNamespace) { return []string{"name must be " + authorizationapi.GetPolicyBindingName(policyRefNamespace)} } return nil } }
func ValidateImageStreamName(name string, prefix bool) (bool, string) { if ok, reason := oapi.MinimalNameRequirements(name, prefix); !ok { return ok, reason } if len(name) < v2.RepositoryNameComponentMinLength { return false, fmt.Sprintf("must be at least %d characters long", v2.RepositoryNameComponentMinLength) } if !v2.RepositoryNameComponentAnchoredRegexp.MatchString(name) { return false, fmt.Sprintf("must match %q", v2.RepositoryNameComponentRegexp.String()) } return true, "" }
func ValidateGroupName(name string, _ bool) (bool, string) { if ok, reason := oapi.MinimalNameRequirements(name, false); !ok { return ok, reason } if strings.Contains(name, ":") { return false, `may not contain ":"` } if name == "~" { return false, `may not equal "~"` } return true, "" }
func PolicyBindingNameValidator(policyRefNamespace string) validation.ValidateNameFunc { return func(name string, prefix bool) (bool, string) { if ok, reason := oapi.MinimalNameRequirements(name, prefix); !ok { return ok, reason } if name != authorizationapi.GetPolicyBindingName(policyRefNamespace) { return false, "name must be " + authorizationapi.GetPolicyBindingName(policyRefNamespace) } return true, "" } }
func ValidateProjectName(name string, prefix bool) []string { if reasons := oapi.MinimalNameRequirements(name, prefix); len(reasons) != 0 { return reasons } if len(name) < 2 { return []string{"must be at least 2 characters long"} } if reasons := validation.ValidateNamespaceName(name, false); len(reasons) != 0 { return reasons } return nil }
func ValidateProjectName(name string, prefix bool) (bool, string) { if ok, reason := oapi.MinimalNameRequirements(name, prefix); !ok { return ok, reason } if len(name) < 2 { return false, "must be at least 2 characters long" } if ok, msg := validation.ValidateNamespaceName(name, false); !ok { return ok, msg } return true, "" }
func ValidationApplicationItemKind(items applicationapi.ItemList) (bool, string) { for _, item := range items { if !applicationutil.Contains(applicationapi.ApplicationItemSupportKinds, item.Kind) { return false, fmt.Sprintf("item unsupport selected kind %s", item.Kind) } if len(item.Name) < 2 { return false, "item name must be at least 2 characters long" } if ok, reason := oapi.MinimalNameRequirements(item.Name, false); !ok { return ok, reason } } return true, "" }
func ValidateIdentityName(name string, _ bool) (bool, string) { if ok, reason := oapi.MinimalNameRequirements(name, false); !ok { return ok, reason } parts := strings.Split(name, ":") if len(parts) != 2 { return false, `must be in the format <providerName>:<providerUserName>` } if len(parts[0]) == 0 { return false, `must be in the format <providerName>:<providerUserName> with a non-empty providerName` } if len(parts[1]) == 0 { return false, `must be in the format <providerName>:<providerUserName> with a non-empty providerUserName` } return true, "" }
func ValidateIdentityName(name string, _ bool) []string { if reasons := oapi.MinimalNameRequirements(name, false); len(reasons) != 0 { return reasons } parts := strings.Split(name, ":") if len(parts) != 2 { return []string{`must be in the format <providerName>:<providerUserName>`} } if len(parts[0]) == 0 { return []string{`must be in the format <providerName>:<providerUserName> with a non-empty providerName`} } if len(parts[1]) == 0 { return []string{`must be in the format <providerName>:<providerUserName> with a non-empty providerUserName`} } return nil }
func ValidateClientAuthorizationName(name string, prefix bool) (bool, string) { if ok, reason := oapi.MinimalNameRequirements(name, prefix); !ok { return ok, reason } parts := strings.Split(name, ":") if len(parts) != 2 { return false, "must be in the format <userName>:<clientName>" } userName := parts[0] clientName := parts[1] if len(userName) == 0 || len(clientName) == 0 { return false, "must be in the format <userName>:<clientName>" } return true, "" }
func ValidateRoleBinding(roleBinding *authorizationapi.RoleBinding, isNamespaced bool) fielderrors.ValidationErrorList { allErrs := fielderrors.ValidationErrorList{} allErrs = append(allErrs, validation.ValidateObjectMeta(&roleBinding.ObjectMeta, isNamespaced, oapi.MinimalNameRequirements).Prefix("metadata")...) // roleRef namespace is empty when referring to global policy. if (len(roleBinding.RoleRef.Namespace) > 0) && !util.IsDNS1123Subdomain(roleBinding.RoleRef.Namespace) { allErrs = append(allErrs, fielderrors.NewFieldInvalid("roleRef.namespace", roleBinding.RoleRef.Namespace, "roleRef.namespace must be a valid subdomain")) } if len(roleBinding.RoleRef.Name) == 0 { allErrs = append(allErrs, fielderrors.NewFieldRequired("roleRef.name")) } else { if valid, err := oapi.MinimalNameRequirements(roleBinding.RoleRef.Name, false); !valid { allErrs = append(allErrs, fielderrors.NewFieldInvalid("roleRef.name", roleBinding.RoleRef.Name, err)) } } return allErrs }
func validateRedirectReference(ref *api.RedirectReference) field.ErrorList { allErrs := field.ErrorList{} if len(ref.Name) == 0 { allErrs = append(allErrs, field.Required(field.NewPath("name"), "may not be empty")) } else { for _, msg := range oapi.MinimalNameRequirements(ref.Name, false) { allErrs = append(allErrs, field.Invalid(field.NewPath("name"), ref.Name, msg)) } } switch ref.Kind { case "": allErrs = append(allErrs, field.Required(field.NewPath("kind"), "may not be empty")) case "Route": // Valid, TODO add ingress once we support it and update error message default: allErrs = append(allErrs, field.Invalid(field.NewPath("kind"), ref.Kind, "must be Route")) } // TODO validate group once we start using it return allErrs }
func validateRoleBinding(roleBinding *authorizationapi.RoleBinding, isNamespaced bool, fldPath *field.Path) field.ErrorList { allErrs := field.ErrorList{} allErrs = append(allErrs, validation.ValidateObjectMeta(&roleBinding.ObjectMeta, isNamespaced, oapi.MinimalNameRequirements, fldPath.Child("metadata"))...) // roleRef namespace is empty when referring to global policy. if (len(roleBinding.RoleRef.Namespace) > 0) && len(kvalidation.IsDNS1123Subdomain(roleBinding.RoleRef.Namespace)) != 0 { allErrs = append(allErrs, field.Invalid(fldPath.Child("roleRef", "namespace"), roleBinding.RoleRef.Namespace, "roleRef.namespace must be a valid subdomain")) } if len(roleBinding.RoleRef.Name) == 0 { allErrs = append(allErrs, field.Required(fldPath.Child("roleRef", "name"), "")) } else { if reasons := oapi.MinimalNameRequirements(roleBinding.RoleRef.Name, false); len(reasons) != 0 { allErrs = append(allErrs, field.Invalid(fldPath.Child("roleRef", "name"), roleBinding.RoleRef.Name, strings.Join(reasons, ", "))) } } subjectsPath := field.NewPath("subjects") for i, subject := range roleBinding.Subjects { allErrs = append(allErrs, validateRoleBindingSubject(subject, isNamespaced, subjectsPath.Index(i))...) } return allErrs }
func TestNameFunc(t *testing.T) { const nameRulesMessage = `must match the regex [a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)* (e.g. 'example.com')` for apiType, validationInfo := range Validator.typeToValidator { if !validationInfo.HasObjectMeta { continue } apiValue := reflect.New(apiType.Elem()) apiObjectMeta := apiValue.Elem().FieldByName("ObjectMeta") // check for illegal names for _, illegalName := range api.NameMayNotBe { apiObjectMeta.Set(reflect.ValueOf(kapi.ObjectMeta{Name: illegalName})) errList := validationInfo.Validator.Validate(apiValue.Interface().(runtime.Object)) reasons := api.MinimalNameRequirements(illegalName, false) requiredMessage := strings.Join(reasons, ", ") if len(errList) == 0 { t.Errorf("expected error for %v in %v not found amongst %v. You probably need to add api.MinimalNameRequirements to your name validator..", illegalName, apiType.Elem(), errList) continue } foundExpectedError := false for _, err := range errList { validationError := err if validationError.Type != field.ErrorTypeInvalid || validationError.Field != "metadata.name" { continue } if validationError.Detail == requiredMessage { foundExpectedError = true break } // this message is from a stock name validation method in kube that covers our requirements in MinimalNameRequirements if validationError.Detail == nameRulesMessage { foundExpectedError = true break } } if !foundExpectedError { t.Errorf("expected error for %v in %v not found amongst %v. You probably need to add api.MinimalNameRequirements to your name validator.", illegalName, apiType.Elem(), errList) } } // check for illegal contents for _, illegalContent := range api.NameMayNotContain { illegalName := "a" + illegalContent + "b" apiObjectMeta.Set(reflect.ValueOf(kapi.ObjectMeta{Name: illegalName})) errList := validationInfo.Validator.Validate(apiValue.Interface().(runtime.Object)) reasons := api.MinimalNameRequirements(illegalName, false) requiredMessage := strings.Join(reasons, ", ") if len(errList) == 0 { t.Errorf("expected error for %v in %v not found amongst %v. You probably need to add api.MinimalNameRequirements to your name validator.", illegalName, apiType.Elem(), errList) continue } foundExpectedError := false for _, err := range errList { validationError := err if validationError.Type != field.ErrorTypeInvalid || validationError.Field != "metadata.name" { continue } if validationError.Detail == requiredMessage { foundExpectedError = true break } // this message is from a stock name validation method in kube that covers our requirements in MinimalNameRequirements if validationError.Detail == nameRulesMessage { foundExpectedError = true break } } if !foundExpectedError { t.Errorf("expected error for %v in %v not found amongst %v. You probably need to add api.MinimalNameRequirements to your name validator.", illegalName, apiType.Elem(), errList) } } } }
func TestNameFunc(t *testing.T) { for apiType, validationInfo := range Validator.typeToValidator { if !validationInfo.HasObjectMeta { continue } apiValue := reflect.New(apiType.Elem()) apiObjectMeta := apiValue.Elem().FieldByName("ObjectMeta") // check for illegal names for _, illegalName := range api.NameMayNotBe { apiObjectMeta.Set(reflect.ValueOf(kapi.ObjectMeta{Name: illegalName})) errList := validationInfo.Validator.Validate(apiValue.Interface().(runtime.Object)) _, requiredMessage := api.MinimalNameRequirements(illegalName, false) if len(errList) == 0 { t.Errorf("expected error for %v in %v not found amongst %v. You probably need to add api.MinimalNameRequirements to your name validator..", illegalName, apiType.Elem(), errList) continue } foundExpectedError := false for _, err := range errList { validationError, ok := err.(*fielderrors.ValidationError) if !ok || validationError.Type != fielderrors.ValidationErrorTypeInvalid || validationError.Field != "metadata.name" { continue } if validationError.Detail == requiredMessage { foundExpectedError = true break } // this message is from a stock name validation method in kube that covers our requirements in MinimalNameRequirements if validationError.Detail == validation.DNSSubdomainErrorMsg { foundExpectedError = true break } } if !foundExpectedError { t.Errorf("expected error for %v in %v not found amongst %v. You probably need to add api.MinimalNameRequirements to your name validator.", illegalName, apiType.Elem(), errList) } } // check for illegal contents for _, illegalContent := range api.NameMayNotContain { illegalName := "a" + illegalContent + "b" apiObjectMeta.Set(reflect.ValueOf(kapi.ObjectMeta{Name: illegalName})) errList := validationInfo.Validator.Validate(apiValue.Interface().(runtime.Object)) _, requiredMessage := api.MinimalNameRequirements(illegalName, false) if len(errList) == 0 { t.Errorf("expected error for %v in %v not found amongst %v. You probably need to add api.MinimalNameRequirements to your name validator.", illegalName, apiType.Elem(), errList) continue } foundExpectedError := false for _, err := range errList { validationError, ok := err.(*fielderrors.ValidationError) if !ok || validationError.Type != fielderrors.ValidationErrorTypeInvalid || validationError.Field != "metadata.name" { continue } if validationError.Detail == requiredMessage { foundExpectedError = true break } if validationError.Detail == validation.DNSSubdomainErrorMsg { foundExpectedError = true break } } if !foundExpectedError { t.Errorf("expected error for %v in %v not found amongst %v. You probably need to add api.MinimalNameRequirements to your name validator.", illegalName, apiType.Elem(), errList) } } } }