// ValidateImageStreamStatusUpdate tests required fields for an ImageStream status update.
func ValidateImageStreamStatusUpdate(newStream, oldStream *api.ImageStream) fielderrors.ValidationErrorList {
result := fielderrors.ValidationErrorList{}
result = append(result, validation.ValidateObjectMetaUpdate(&newStream.ObjectMeta, &oldStream.ObjectMeta).Prefix("metadata")...)
newStream.Spec.Tags = oldStream.Spec.Tags
newStream.Spec.DockerImageRepository = oldStream.Spec.DockerImageRepository
return result
}
func ValidateRouteUpdate(route *routeapi.Route, older *routeapi.Route) fielderrors.ValidationErrorList {
allErrs := fielderrors.ValidationErrorList{}
allErrs = append(allErrs, validation.ValidateObjectMetaUpdate(&route.ObjectMeta, &older.ObjectMeta).Prefix("metadata")...)
allErrs = append(allErrs, ValidateRoute(route)...)
return allErrs
}
func ValidateBuildConfigUpdate(config *buildapi.BuildConfig, older *buildapi.BuildConfig) fielderrors.ValidationErrorList {
allErrs := fielderrors.ValidationErrorList{}
allErrs = append(allErrs, validation.ValidateObjectMetaUpdate(&config.ObjectMeta, &older.ObjectMeta).Prefix("metadata")...)
allErrs = append(allErrs, ValidateBuildConfig(config)...)
return allErrs
}
func ValidateClientUpdate(client *api.OAuthClient, oldClient *api.OAuthClient) fielderrors.ValidationErrorList {
allErrs := fielderrors.ValidationErrorList{}
allErrs = append(allErrs, ValidateClient(client)...)
allErrs = append(allErrs, validation.ValidateObjectMetaUpdate(&client.ObjectMeta, &oldClient.ObjectMeta).Prefix("metadata")...)
return allErrs
}
func ValidateImageStreamUpdate(newStream, oldStream *api.ImageStream) fielderrors.ValidationErrorList {
result := fielderrors.ValidationErrorList{}
result = append(result, validation.ValidateObjectMetaUpdate(&newStream.ObjectMeta, &oldStream.ObjectMeta).Prefix("metadata")...)
result = append(result, ValidateImageStream(newStream)...)
return result
}
// ValidateProjectUpdate tests to make sure a project update can be applied. Modifies newProject with immutable fields.
func ValidateProjectUpdate(newProject *api.Project, oldProject *api.Project) fielderrors.ValidationErrorList {
allErrs := fielderrors.ValidationErrorList{}
allErrs = append(allErrs, validation.ValidateObjectMetaUpdate(&newProject.ObjectMeta, &oldProject.ObjectMeta).Prefix("metadata")...)
allErrs = append(allErrs, validateNodeSelector(newProject)...)
newProject.Spec.Finalizers = oldProject.Spec.Finalizers
newProject.Status = oldProject.Status
return allErrs
}
func ValidateRoleBindingUpdate(roleBinding *authorizationapi.RoleBinding, oldRoleBinding *authorizationapi.RoleBinding, isNamespaced bool) fielderrors.ValidationErrorList {
allErrs := ValidateRoleBinding(roleBinding, isNamespaced)
allErrs = append(allErrs, validation.ValidateObjectMetaUpdate(&roleBinding.ObjectMeta, &oldRoleBinding.ObjectMeta).Prefix("metadata")...)
if oldRoleBinding.RoleRef != roleBinding.RoleRef {
allErrs = append(allErrs, fielderrors.NewFieldInvalid("roleRef", roleBinding.RoleRef, "cannot change roleRef"))
}
return allErrs
}
func ValidatePolicyBindingUpdate(policyBinding *authorizationapi.PolicyBinding, oldPolicyBinding *authorizationapi.PolicyBinding, isNamespaced bool) fielderrors.ValidationErrorList {
allErrs := ValidatePolicyBinding(policyBinding, isNamespaced)
allErrs = append(allErrs, validation.ValidateObjectMetaUpdate(&policyBinding.ObjectMeta, &oldPolicyBinding.ObjectMeta).Prefix("metadata")...)
if oldPolicyBinding.PolicyRef.Namespace != policyBinding.PolicyRef.Namespace {
allErrs = append(allErrs, fielderrors.NewFieldInvalid("policyRef.namespace", policyBinding.PolicyRef.Namespace, "cannot change policyRef"))
}
return allErrs
}
func ValidateClusterNetworkUpdate(obj *sdnapi.ClusterNetwork, old *sdnapi.ClusterNetwork) fielderrors.ValidationErrorList {
allErrs := fielderrors.ValidationErrorList{}
allErrs = append(allErrs, validation.ValidateObjectMetaUpdate(&obj.ObjectMeta, &old.ObjectMeta).Prefix("metadata")...)
if obj.Network != old.Network {
allErrs = append(allErrs, fielderrors.NewFieldInvalid("Network", obj.Network, "cannot change the cluster's network CIDR midflight."))
}
return allErrs
}
func ValidateHostSubnetUpdate(obj *sdnapi.HostSubnet, old *sdnapi.HostSubnet) fielderrors.ValidationErrorList {
allErrs := fielderrors.ValidationErrorList{}
allErrs = append(allErrs, validation.ValidateObjectMetaUpdate(&obj.ObjectMeta, &old.ObjectMeta).Prefix("metadata")...)
if obj.Subnet != old.Subnet {
allErrs = append(allErrs, fielderrors.NewFieldInvalid("subnet", obj.Subnet, "cannot change the subnet lease midflight."))
}
return allErrs
}
func ValidateDeploymentConfigUpdate(newConfig *deployapi.DeploymentConfig, oldConfig *deployapi.DeploymentConfig) fielderrors.ValidationErrorList {
allErrs := fielderrors.ValidationErrorList{}
allErrs = append(allErrs, validation.ValidateObjectMetaUpdate(&newConfig.ObjectMeta, &oldConfig.ObjectMeta).Prefix("metadata")...)
allErrs = append(allErrs, ValidateDeploymentConfig(newConfig)...)
if newConfig.LatestVersion < oldConfig.LatestVersion {
allErrs = append(allErrs, fielderrors.NewFieldInvalid("latestVersion", newConfig.LatestVersion, "latestVersion cannot be decremented"))
} else if newConfig.LatestVersion > (oldConfig.LatestVersion + 1) {
allErrs = append(allErrs, fielderrors.NewFieldInvalid("latestVersion", newConfig.LatestVersion, "latestVersion can only be incremented by 1"))
}
return allErrs
}
func ValidateBuildUpdate(build *buildapi.Build, older *buildapi.Build) fielderrors.ValidationErrorList {
allErrs := fielderrors.ValidationErrorList{}
allErrs = append(allErrs, validation.ValidateObjectMetaUpdate(&build.ObjectMeta, &older.ObjectMeta).Prefix("metadata")...)
allErrs = append(allErrs, ValidateBuild(build)...)
if !kapi.Semantic.DeepEqual(build.Spec, older.Spec) {
allErrs = append(allErrs, fielderrors.NewFieldInvalid("spec", build.Spec, "spec is immutable"))
}
return allErrs
}
func ValidateIdentityUpdate(identity *api.Identity, old *api.Identity) fielderrors.ValidationErrorList {
allErrs := fielderrors.ValidationErrorList{}
allErrs = append(allErrs, kvalidation.ValidateObjectMetaUpdate(&identity.ObjectMeta, &old.ObjectMeta).Prefix("metadata")...)
allErrs = append(allErrs, ValidateIdentity(identity)...)
if identity.ProviderName != old.ProviderName {
allErrs = append(allErrs, fielderrors.NewFieldInvalid("providerName", identity.ProviderName, "may not change providerName"))
}
if identity.ProviderUserName != old.ProviderUserName {
allErrs = append(allErrs, fielderrors.NewFieldInvalid("providerUserName", identity.ProviderUserName, "may not change providerUserName"))
}
return allErrs
}
func ValidateClientAuthorizationUpdate(newAuth *api.OAuthClientAuthorization, oldAuth *api.OAuthClientAuthorization) fielderrors.ValidationErrorList {
allErrs := ValidateClientAuthorization(newAuth)
allErrs = append(allErrs, validation.ValidateObjectMetaUpdate(&newAuth.ObjectMeta, &oldAuth.ObjectMeta).Prefix("metadata")...)
if oldAuth.ClientName != newAuth.ClientName {
allErrs = append(allErrs, fielderrors.NewFieldInvalid("clientName", newAuth.ClientName, "clientName is not a mutable field"))
}
if oldAuth.UserName != newAuth.UserName {
allErrs = append(allErrs, fielderrors.NewFieldInvalid("userName", newAuth.UserName, "userName is not a mutable field"))
}
if oldAuth.UserUID != newAuth.UserUID {
allErrs = append(allErrs, fielderrors.NewFieldInvalid("userUID", newAuth.UserUID, "userUID is not a mutable field"))
}
return allErrs
}
// ValidateProjectUpdate tests to make sure a project update can be applied. Modifies newProject with immutable fields.
func ValidateProjectUpdate(newProject *api.Project, oldProject *api.Project) fielderrors.ValidationErrorList {
allErrs := fielderrors.ValidationErrorList{}
allErrs = append(allErrs, validation.ValidateObjectMetaUpdate(&newProject.ObjectMeta, &oldProject.ObjectMeta).Prefix("metadata")...)
allErrs = append(allErrs, ValidateProject(newProject)...)
if !reflect.DeepEqual(newProject.Spec.Finalizers, oldProject.Spec.Finalizers) {
allErrs = append(allErrs, fielderrors.NewFieldInvalid("spec.finalizers", oldProject.Spec.Finalizers, "field is immutable"))
}
if !reflect.DeepEqual(newProject.Status, oldProject.Status) {
allErrs = append(allErrs, fielderrors.NewFieldInvalid("status", oldProject.Spec.Finalizers, "field is immutable"))
}
// TODO this restriction exists because our authorizer/admission cannot properly express and restrict mutation on the field level.
for name, value := range newProject.Annotations {
if name == projectapi.ProjectDisplayName || name == projectapi.ProjectDescription {
continue
}
if value != oldProject.Annotations[name] {
allErrs = append(allErrs, fielderrors.NewFieldInvalid("metadata.annotations["+name+"]", value, "field is immutable, try updating the namespace"))
}
}
// check for deletions
for name, value := range oldProject.Annotations {
if name == projectapi.ProjectDisplayName || name == projectapi.ProjectDescription {
continue
}
if _, inNew := newProject.Annotations[name]; !inNew {
allErrs = append(allErrs, fielderrors.NewFieldInvalid("metadata.annotations["+name+"]", value, "field is immutable, try updating the namespace"))
}
}
for name, value := range newProject.Labels {
if value != oldProject.Labels[name] {
allErrs = append(allErrs, fielderrors.NewFieldInvalid("metadata.labels["+name+"]", value, "field is immutable, , try updating the namespace"))
}
}
for name, value := range oldProject.Labels {
if _, inNew := newProject.Labels[name]; !inNew {
allErrs = append(allErrs, fielderrors.NewFieldInvalid("metadata.labels["+name+"]", value, "field is immutable, try updating the namespace"))
}
}
return allErrs
}
func ValidateRoleUpdate(role *authorizationapi.Role, oldRole *authorizationapi.Role, isNamespaced bool) fielderrors.ValidationErrorList {
allErrs := ValidateRole(role, isNamespaced)
allErrs = append(allErrs, validation.ValidateObjectMetaUpdate(&role.ObjectMeta, &oldRole.ObjectMeta).Prefix("metadata")...)
return allErrs
}
func ValidatePolicyUpdate(policy *authorizationapi.Policy, oldPolicy *authorizationapi.Policy, isNamespaced bool) fielderrors.ValidationErrorList {
allErrs := ValidatePolicy(policy, isNamespaced)
allErrs = append(allErrs, validation.ValidateObjectMetaUpdate(&policy.ObjectMeta, &oldPolicy.ObjectMeta).Prefix("metadata")...)
return allErrs
}
// ValidateTemplateUpdate tests if required fields in the template are set during an update
func ValidateTemplateUpdate(template, oldTemplate *api.Template) fielderrors.ValidationErrorList {
allErrs := validation.ValidateObjectMetaUpdate(&template.ObjectMeta, &oldTemplate.ObjectMeta).Prefix("metadata")
return allErrs
}
func ValidateUserUpdate(user *api.User, old *api.User) fielderrors.ValidationErrorList {
allErrs := fielderrors.ValidationErrorList{}
allErrs = append(allErrs, kvalidation.ValidateObjectMetaUpdate(&user.ObjectMeta, &old.ObjectMeta).Prefix("metadata")...)
allErrs = append(allErrs, ValidateUser(user)...)
return allErrs
}
func ValidateUserIdentityMappingUpdate(mapping *api.UserIdentityMapping, old *api.UserIdentityMapping) fielderrors.ValidationErrorList {
allErrs := fielderrors.ValidationErrorList{}
allErrs = append(allErrs, kvalidation.ValidateObjectMetaUpdate(&mapping.ObjectMeta, &old.ObjectMeta).Prefix("metadata")...)
allErrs = append(allErrs, ValidateUserIdentityMapping(mapping)...)
return allErrs
}
func ValidateGroupUpdate(group *api.Group, old *api.Group) fielderrors.ValidationErrorList {
allErrs := fielderrors.ValidationErrorList{}
allErrs = append(allErrs, kvalidation.ValidateObjectMetaUpdate(&group.ObjectMeta, &old.ObjectMeta).Prefix("metadata")...)
allErrs = append(allErrs, ValidateGroup(group)...)
return allErrs
}
