func filterInvalidPods(pods []*api.Pod, source string, recorder record.EventRecorder) (filtered []*api.Pod) {
names := sets.String{}
for i, pod := range pods {
var errlist field.ErrorList
if errs := validation.ValidatePod(pod); len(errs) != 0 {
errlist = append(errlist, errs...)
// If validation fails, don't trust it any further -
// even Name could be bad.
} else {
name := kubecontainer.GetPodFullName(pod)
if names.Has(name) {
// TODO: when validation becomes versioned, this gets a bit
// more complicated.
errlist = append(errlist, field.Duplicate(field.NewPath("metadata", "name"), pod.Name))
} else {
names.Insert(name)
}
}
if len(errlist) > 0 {
name := bestPodIdentString(pod)
err := errlist.ToAggregate()
glog.Warningf("Pod[%d] (%s) from %s failed validation, ignoring: %v", i+1, name, source, err)
recorder.Eventf(pod, api.EventTypeWarning, kubecontainer.FailedValidation, "Error validating pod %s from %s, ignoring: %v", name, source, err)
continue
}
filtered = append(filtered, pod)
}
return
}
// Validates that an update is valid by ensuring that no Revision exists and that it's not getting updated to blank
func (detailsStrategy) ValidateUpdate(ctx kapi.Context, obj, old runtime.Object) field.ErrorList {
newBuild := obj.(*api.Build)
oldBuild := old.(*api.Build)
errors := field.ErrorList{}
if oldBuild.Spec.Revision != nil {
// If there was already a revision, then return an error
errors = append(errors, field.Duplicate(field.NewPath("status", "revision"), oldBuild.Spec.Revision))
}
if newBuild.Spec.Revision == nil {
errors = append(errors, field.Invalid(field.NewPath("status", "revision"), nil, "cannot set an empty revision in build status"))
}
return errors
}
func ValidateThirdPartyResource(obj *extensions.ThirdPartyResource) field.ErrorList {
allErrs := field.ErrorList{}
allErrs = append(allErrs, apivalidation.ValidateObjectMeta(&obj.ObjectMeta, true, ValidateThirdPartyResourceName, field.NewPath("metadata"))...)
versions := sets.String{}
for ix := range obj.Versions {
version := &obj.Versions[ix]
if len(version.Name) == 0 {
allErrs = append(allErrs, field.Invalid(field.NewPath("versions").Index(ix).Child("name"), version, "must not be empty"))
}
if versions.Has(version.Name) {
allErrs = append(allErrs, field.Duplicate(field.NewPath("versions").Index(ix).Child("name"), version))
}
versions.Insert(version.Name)
}
return allErrs
}
func Validate(config *api.ImagePolicyConfig) field.ErrorList {
allErrs := field.ErrorList{}
if config == nil {
return allErrs
}
names := sets.NewString()
for i, rule := range config.ExecutionRules {
if names.Has(rule.Name) {
allErrs = append(allErrs, field.Duplicate(field.NewPath(api.PluginName, "executionRules").Index(i).Child("name"), rule.Name))
}
names.Insert(rule.Name)
for j, selector := range rule.MatchImageLabels {
_, err := unversioned.LabelSelectorAsSelector(&selector)
if err != nil {
allErrs = append(allErrs, field.Invalid(field.NewPath(api.PluginName, "executionRules").Index(i).Child("matchImageLabels").Index(j), nil, err.Error()))
}
}
}
return allErrs
}
func AccumulateUniqueHostPorts(containers []v1.Container, accumulator *sets.String, fldPath *field.Path) field.ErrorList {
allErrs := field.ErrorList{}
for ci, ctr := range containers {
idxPath := fldPath.Index(ci)
portsPath := idxPath.Child("ports")
for pi := range ctr.Ports {
idxPath := portsPath.Index(pi)
port := ctr.Ports[pi].HostPort
if port == 0 {
continue
}
str := fmt.Sprintf("%d/%s", port, ctr.Ports[pi].Protocol)
if accumulator.Has(str) {
allErrs = append(allErrs, field.Duplicate(idxPath.Child("hostPort"), str))
} else {
accumulator.Insert(str)
}
}
}
return allErrs
}
func ValidateThirdPartyResource(obj *extensions.ThirdPartyResource) field.ErrorList {
allErrs := field.ErrorList{}
allErrs = append(allErrs, apivalidation.ValidateObjectMeta(&obj.ObjectMeta, false, ValidateThirdPartyResourceName, field.NewPath("metadata"))...)
versions := sets.String{}
if len(obj.Versions) == 0 {
allErrs = append(allErrs, field.Required(field.NewPath("versions"), "must specify at least one version"))
}
for ix := range obj.Versions {
version := &obj.Versions[ix]
if len(version.Name) == 0 {
allErrs = append(allErrs, field.Invalid(field.NewPath("versions").Index(ix).Child("name"), version, "must not be empty"))
} else {
for _, msg := range validation.IsDNS1123Label(version.Name) {
allErrs = append(allErrs, field.Invalid(field.NewPath("versions").Index(ix).Child("name"), version, msg))
}
}
if versions.Has(version.Name) {
allErrs = append(allErrs, field.Duplicate(field.NewPath("versions").Index(ix).Child("name"), version))
}
versions.Insert(version.Name)
}
return allErrs
}
func Validate(config *api.ImagePolicyConfig) field.ErrorList {
allErrs := field.ErrorList{}
if config == nil {
return allErrs
}
names := sets.NewString()
for i, rule := range config.ExecutionRules {
if names.Has(rule.Name) {
allErrs = append(allErrs, field.Duplicate(field.NewPath(api.PluginName, "executionRules").Index(i).Child("name"), rule.Name))
}
names.Insert(rule.Name)
for j, selector := range rule.MatchImageLabels {
_, err := unversioned.LabelSelectorAsSelector(&selector)
if err != nil {
allErrs = append(allErrs, field.Invalid(field.NewPath(api.PluginName, "executionRules").Index(i).Child("matchImageLabels").Index(j), nil, err.Error()))
}
}
}
// if you don't attempt resolution, you'll never be able to pass any rule that logically requires it
if config.ResolveImages == api.DoNotAttempt {
for i, rule := range config.ExecutionRules {
if len(rule.MatchDockerImageLabels) > 0 {
allErrs = append(allErrs, field.Invalid(field.NewPath(api.PluginName, "executionRules").Index(i).Child("matchDockerImageLabels"), rule.MatchDockerImageLabels, "images are not being resolved, this condition will always fail"))
}
if len(rule.MatchImageLabels) > 0 {
allErrs = append(allErrs, field.Invalid(field.NewPath(api.PluginName, "executionRules").Index(i).Child("matchImageLabels"), rule.MatchImageLabels, "images are not being resolved, this condition will always fail"))
}
if len(rule.MatchImageAnnotations) > 0 {
allErrs = append(allErrs, field.Invalid(field.NewPath(api.PluginName, "executionRules").Index(i).Child("matchImageAnnotations"), rule.MatchImageAnnotations, "images are not being resolved, this condition will always fail"))
}
}
}
return allErrs
}
func TestNewInvalid(t *testing.T) {
testCases := []struct {
Err *field.Error
Details *unversioned.StatusDetails
}{
{
field.Duplicate(field.NewPath("field[0].name"), "bar"),
&unversioned.StatusDetails{
Kind: "kind",
Name: "name",
Causes: []unversioned.StatusCause{{
Type: unversioned.CauseTypeFieldValueDuplicate,
Field: "field[0].name",
}},
},
},
{
field.Invalid(field.NewPath("field[0].name"), "bar", "detail"),
&unversioned.StatusDetails{
Kind: "kind",
Name: "name",
Causes: []unversioned.StatusCause{{
Type: unversioned.CauseTypeFieldValueInvalid,
Field: "field[0].name",
}},
},
},
{
field.NotFound(field.NewPath("field[0].name"), "bar"),
&unversioned.StatusDetails{
Kind: "kind",
Name: "name",
Causes: []unversioned.StatusCause{{
Type: unversioned.CauseTypeFieldValueNotFound,
Field: "field[0].name",
}},
},
},
{
field.NotSupported(field.NewPath("field[0].name"), "bar", nil),
&unversioned.StatusDetails{
Kind: "kind",
Name: "name",
Causes: []unversioned.StatusCause{{
Type: unversioned.CauseTypeFieldValueNotSupported,
Field: "field[0].name",
}},
},
},
{
field.Required(field.NewPath("field[0].name")),
&unversioned.StatusDetails{
Kind: "kind",
Name: "name",
Causes: []unversioned.StatusCause{{
Type: unversioned.CauseTypeFieldValueRequired,
Field: "field[0].name",
}},
},
},
}
for i, testCase := range testCases {
vErr, expected := testCase.Err, testCase.Details
expected.Causes[0].Message = vErr.ErrorBody()
err := NewInvalid("kind", "name", field.ErrorList{vErr})
status := err.(*StatusError).ErrStatus
if status.Code != 422 || status.Reason != unversioned.StatusReasonInvalid {
t.Errorf("%d: unexpected status: %#v", i, status)
}
if !reflect.DeepEqual(expected, status.Details) {
t.Errorf("%d: expected %#v, got %#v", i, expected, status.Details)
}
}
}