func ValidateUserNameField(value string, field string) fielderrors.ValidationErrorList { if len(value) == 0 { return fielderrors.ValidationErrorList{fielderrors.NewFieldRequired(field)} } else if ok, msg := uservalidation.ValidateUserName(value, false); !ok { return fielderrors.ValidationErrorList{fielderrors.NewFieldInvalid(field, value, msg)} } return fielderrors.ValidationErrorList{} }
// Get retrieves the item from etcd. func (r *REST) Get(ctx kapi.Context, name string) (runtime.Object, error) { // "~" means the currently authenticated user if name == "~" { user, ok := kapi.UserFrom(ctx) if !ok || user.GetName() == "" { return nil, kerrs.NewForbidden("user", "~", errors.New("requests to ~ must be authenticated")) } name = user.GetName() // remove the known virtual groups from the list if they are present contextGroups := util.NewStringSet(user.GetGroups()...) contextGroups.Delete(bootstrappolicy.UnauthenticatedGroup, bootstrappolicy.AuthenticatedGroup) if ok, _ := validation.ValidateUserName(name, false); !ok { // The user the authentication layer has identified cannot possibly be a persisted user // Return an API representation of the virtual user return &api.User{ObjectMeta: kapi.ObjectMeta{Name: name}, Groups: contextGroups.List()}, nil } obj, err := r.Etcd.Get(ctx, name) if err == nil { return obj, nil } if !kerrs.IsNotFound(err) { return nil, err } return &api.User{ObjectMeta: kapi.ObjectMeta{Name: name}, Groups: contextGroups.List()}, nil } if ok, details := validation.ValidateUserName(name, false); !ok { return nil, fielderrors.NewFieldInvalid("metadata.name", name, details) } return r.Etcd.Get(ctx, name) }