github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
k3s/pkg/api/validation/validation.go

826 lines
31 KiB
Go
Raw Normal View History

First piece of validation I'm adding pieces incrementally to make sure we get full testing of each piece. Make syncLoop() private
2014-07-01 20:01:39 +00:00
/*
Copyright 2014 Google Inc. All rights reserved.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
Split api into api, api/common, api/validation & apitools
2014-08-29 22:48:41 +00:00
package validation
First piece of validation I'm adding pieces incrementally to make sure we get full testing of each piece. Make syncLoop() private
2014-07-01 20:01:39 +00:00
import (
Add some validation for externalized service ports.
2014-10-31 06:03:52 +00:00
"fmt"
Add validation of Ports Also do caseless compares for "enum" strings.
2014-07-08 04:32:56 +00:00
"strings"
First piece of validation I'm adding pieces incrementally to make sure we get full testing of each piece. Make syncLoop() private
2014-07-01 20:01:39 +00:00
Make validation work when not in the api package.
2014-08-30 01:20:27 +00:00
"github.com/GoogleCloudPlatform/kubernetes/pkg/api"
Use new api/errors, get rid of api.* error code
2014-08-14 20:46:22 +00:00
errs "github.com/GoogleCloudPlatform/kubernetes/pkg/api/errors"
Adding ResourceRequirementSpec to v1beta1, v1beta2, and v1beta3 APIs. The old resource quantities 'CPU' and 'Memory' will be preserved until support for v1beta1 and v1beta2 APIs are dropped. Improved resource validation in the process.
2015-01-25 04:19:36 +00:00
"github.com/GoogleCloudPlatform/kubernetes/pkg/api/resource"
Add a flag to reject privileged containers in the apiserver.
2014-09-16 14:04:12 +00:00
"github.com/GoogleCloudPlatform/kubernetes/pkg/capabilities"
Extend validation for ReplicationController Provide type safe checks for empty sets of selectors.
2014-07-25 16:15:17 +00:00
"github.com/GoogleCloudPlatform/kubernetes/pkg/labels"
First piece of validation I'm adding pieces incrementally to make sure we get full testing of each piece. Make syncLoop() private
2014-07-01 20:01:39 +00:00
"github.com/GoogleCloudPlatform/kubernetes/pkg/util"
Make it easier to update nodes, make it possible to update capacity.
2014-12-12 05:39:56 +00:00
"github.com/golang/glog"
First piece of validation I'm adding pieces incrementally to make sure we get full testing of each piece. Make syncLoop() private
2014-07-01 20:01:39 +00:00
)
Slightly relax annotation validation The more aggressive validation on annotations broke openshift (and backwards compat for our data). This change relaxes to allow mixed case so we can continue working in the short term, try to see if we can agree on relaxation, and if we can't, apply the stronger validation here.
2015-02-02 00:03:04 +00:00
// ValidateLabels validates that a set of labels are correctly defined.
func ValidateLabels(labels map[string]string, field string) errs.ValidationErrorList {
allErrs := errs.ValidationErrorList{}
for k := range labels {
if !util.IsQualifiedName(k) {
allErrs = append(allErrs, errs.NewFieldInvalid(field, k, ""))
}
}
return allErrs
}
// ValidateAnnotations validates that a set of annotations are correctly defined.
func ValidateAnnotations(annotations map[string]string, field string) errs.ValidationErrorList {
allErrs := errs.ValidationErrorList{}
for k := range annotations {
if !util.IsQualifiedName(strings.ToLower(k)) {
allErrs = append(allErrs, errs.NewFieldInvalid(field, k, ""))
}
}
return allErrs
}
Unify validation logic for create and update paths Ensure ObjectMeta is consistently validated on both create and update Make PortalIP uncleareable
2015-01-27 23:55:54 +00:00
// ValidateNameFunc validates that the provided name is valid for a given resource type.
Add name generation and normalize common create flows Adds `ObjectMeta.GenerateName`, an optional string field that defines name generation behavior if a Name is not provided. Adds `pkg/api/rest`, which defines the default Kubernetes API pattern for creation (and will cover update as well). Will allow registries and REST objects to be merged by moving logic on api out of those places. Add `pkg/api/rest/resttest`, which will be the test suite that verifies a RESTStorage object follows the Kubernetes API conventions and begin reducing our duplicated tests.
2015-01-27 23:56:38 +00:00
// Not all resources have the same validation rules for names. Prefix is true if the
// name will have a value appended to it.
type ValidateNameFunc func(name string, prefix bool) (bool, string)
// maskTrailingDash replaces the final character of a string with a subdomain safe
// value if is a dash.
func maskTrailingDash(name string) string {
if strings.HasSuffix(name, "-") {
return name[:len(name)-2] + "a"
}
return name
}
Unify validation logic for create and update paths Ensure ObjectMeta is consistently validated on both create and update Make PortalIP uncleareable
2015-01-27 23:55:54 +00:00
Use name generation on pods via replication controllers The generated name is '<controllerName>-%s', unless controllerName- would be long enough to cause a validation error.
2015-01-28 04:50:01 +00:00
// ValidatePodName can be used to check whether the given pod name is valid.
// Prefix indicates this name will be used as part of generation, in which case
// trailing dashes are allowed.
func ValidatePodName(name string, prefix bool) (bool, string) {
return nameIsDNSSubdomain(name, prefix)
}
// ValidateReplicationControllerName can be used to check whether the given replication
// controller name is valid.
// Prefix indicates this name will be used as part of generation, in which case
// trailing dashes are allowed.
func ValidateReplicationControllerName(name string, prefix bool) (bool, string) {
return nameIsDNSSubdomain(name, prefix)
}
// ValidateServiceName can be used to check whether the given service name is valid.
// Prefix indicates this name will be used as part of generation, in which case
// trailing dashes are allowed.
func ValidateServiceName(name string, prefix bool) (bool, string) {
return nameIsDNS952Label(name, prefix)
}
// ValidateNodeName can be used to check whether the given node name is valid.
// Prefix indicates this name will be used as part of generation, in which case
// trailing dashes are allowed.
func ValidateNodeName(name string, prefix bool) (bool, string) {
return nameIsDNSSubdomain(name, prefix)
}
Unify validation logic for create and update paths Ensure ObjectMeta is consistently validated on both create and update Make PortalIP uncleareable
2015-01-27 23:55:54 +00:00
// nameIsDNSSubdomain is a ValidateNameFunc for names that must be a DNS subdomain.
Add name generation and normalize common create flows Adds `ObjectMeta.GenerateName`, an optional string field that defines name generation behavior if a Name is not provided. Adds `pkg/api/rest`, which defines the default Kubernetes API pattern for creation (and will cover update as well). Will allow registries and REST objects to be merged by moving logic on api out of those places. Add `pkg/api/rest/resttest`, which will be the test suite that verifies a RESTStorage object follows the Kubernetes API conventions and begin reducing our duplicated tests.
2015-01-27 23:56:38 +00:00
func nameIsDNSSubdomain(name string, prefix bool) (bool, string) {
if prefix {
name = maskTrailingDash(name)
}
Unify validation logic for create and update paths Ensure ObjectMeta is consistently validated on both create and update Make PortalIP uncleareable
2015-01-27 23:55:54 +00:00
if util.IsDNSSubdomain(name) {
return true, ""
}
return false, "name must be lowercase letters and numbers, with inline dashes or periods"
}
// nameIsDNS952Label is a ValidateNameFunc for names that must be a DNS 952 label.
Add name generation and normalize common create flows Adds `ObjectMeta.GenerateName`, an optional string field that defines name generation behavior if a Name is not provided. Adds `pkg/api/rest`, which defines the default Kubernetes API pattern for creation (and will cover update as well). Will allow registries and REST objects to be merged by moving logic on api out of those places. Add `pkg/api/rest/resttest`, which will be the test suite that verifies a RESTStorage object follows the Kubernetes API conventions and begin reducing our duplicated tests.
2015-01-27 23:56:38 +00:00
func nameIsDNS952Label(name string, prefix bool) (bool, string) {
if prefix {
name = maskTrailingDash(name)
}
Unify validation logic for create and update paths Ensure ObjectMeta is consistently validated on both create and update Make PortalIP uncleareable
2015-01-27 23:55:54 +00:00
if util.IsDNS952Label(name) {
return true, ""
}
return false, "name must be lowercase letters, numbers, and dashes"
}
Add name generation and normalize common create flows Adds `ObjectMeta.GenerateName`, an optional string field that defines name generation behavior if a Name is not provided. Adds `pkg/api/rest`, which defines the default Kubernetes API pattern for creation (and will cover update as well). Will allow registries and REST objects to be merged by moving logic on api out of those places. Add `pkg/api/rest/resttest`, which will be the test suite that verifies a RESTStorage object follows the Kubernetes API conventions and begin reducing our duplicated tests.
2015-01-27 23:56:38 +00:00
// ValidateObjectMeta validates an object's metadata on creation. It expects that name generation has already
// been performed.
Unify validation logic for create and update paths Ensure ObjectMeta is consistently validated on both create and update Make PortalIP uncleareable
2015-01-27 23:55:54 +00:00
func ValidateObjectMeta(meta *api.ObjectMeta, requiresNamespace bool, nameFn ValidateNameFunc) errs.ValidationErrorList {
allErrs := errs.ValidationErrorList{}
Add name generation and normalize common create flows Adds `ObjectMeta.GenerateName`, an optional string field that defines name generation behavior if a Name is not provided. Adds `pkg/api/rest`, which defines the default Kubernetes API pattern for creation (and will cover update as well). Will allow registries and REST objects to be merged by moving logic on api out of those places. Add `pkg/api/rest/resttest`, which will be the test suite that verifies a RESTStorage object follows the Kubernetes API conventions and begin reducing our duplicated tests.
2015-01-27 23:56:38 +00:00
if len(meta.GenerateName) != 0 {
if ok, qualifier := nameFn(meta.GenerateName, true); !ok {
allErrs = append(allErrs, errs.NewFieldInvalid("generateName", meta.GenerateName, qualifier))
}
}
// if the generated name validates, but the calculated value does not, it's a problem with generation, and we
// report it here. This may confuse users, but indicates a programming bug and still must be validated.
Unify validation logic for create and update paths Ensure ObjectMeta is consistently validated on both create and update Make PortalIP uncleareable
2015-01-27 23:55:54 +00:00
if len(meta.Name) == 0 {
allErrs = append(allErrs, errs.NewFieldRequired("name", meta.Name))
} else {
Add name generation and normalize common create flows Adds `ObjectMeta.GenerateName`, an optional string field that defines name generation behavior if a Name is not provided. Adds `pkg/api/rest`, which defines the default Kubernetes API pattern for creation (and will cover update as well). Will allow registries and REST objects to be merged by moving logic on api out of those places. Add `pkg/api/rest/resttest`, which will be the test suite that verifies a RESTStorage object follows the Kubernetes API conventions and begin reducing our duplicated tests.
2015-01-27 23:56:38 +00:00
if ok, qualifier := nameFn(meta.Name, false); !ok {
Unify validation logic for create and update paths Ensure ObjectMeta is consistently validated on both create and update Make PortalIP uncleareable
2015-01-27 23:55:54 +00:00
allErrs = append(allErrs, errs.NewFieldInvalid("name", meta.Name, qualifier))
}
}
Add name generation and normalize common create flows Adds `ObjectMeta.GenerateName`, an optional string field that defines name generation behavior if a Name is not provided. Adds `pkg/api/rest`, which defines the default Kubernetes API pattern for creation (and will cover update as well). Will allow registries and REST objects to be merged by moving logic on api out of those places. Add `pkg/api/rest/resttest`, which will be the test suite that verifies a RESTStorage object follows the Kubernetes API conventions and begin reducing our duplicated tests.
2015-01-27 23:56:38 +00:00
Unify validation logic for create and update paths Ensure ObjectMeta is consistently validated on both create and update Make PortalIP uncleareable
2015-01-27 23:55:54 +00:00
if requiresNamespace {
if len(meta.Namespace) == 0 {
allErrs = append(allErrs, errs.NewFieldRequired("namespace", meta.Namespace))
} else if !util.IsDNSSubdomain(meta.Namespace) {
allErrs = append(allErrs, errs.NewFieldInvalid("namespace", meta.Namespace, ""))
}
} else {
if len(meta.Namespace) != 0 {
allErrs = append(allErrs, errs.NewFieldInvalid("namespace", meta.Namespace, "namespace is not allowed on this type"))
}
}
allErrs = append(allErrs, ValidateLabels(meta.Labels, "labels")...)
Slightly relax annotation validation The more aggressive validation on annotations broke openshift (and backwards compat for our data). This change relaxes to allow mixed case so we can continue working in the short term, try to see if we can agree on relaxation, and if we can't, apply the stronger validation here.
2015-02-02 00:03:04 +00:00
allErrs = append(allErrs, ValidateAnnotations(meta.Annotations, "annotations")...)
Unify validation logic for create and update paths Ensure ObjectMeta is consistently validated on both create and update Make PortalIP uncleareable
2015-01-27 23:55:54 +00:00
return allErrs
}
// ValidateObjectMetaUpdate validates an object's metadata when updated
func ValidateObjectMetaUpdate(old, meta *api.ObjectMeta) errs.ValidationErrorList {
allErrs := errs.ValidationErrorList{}
// in the event it is left empty, set it, to allow clients more flexibility
if len(meta.UID) == 0 {
meta.UID = old.UID
}
if meta.CreationTimestamp.IsZero() {
meta.CreationTimestamp = old.CreationTimestamp
}
if old.Name != meta.Name {
allErrs = append(allErrs, errs.NewFieldInvalid("name", meta.Name, "field is immutable"))
}
if old.Namespace != meta.Namespace {
allErrs = append(allErrs, errs.NewFieldInvalid("namespace", meta.Namespace, "field is immutable"))
}
if old.UID != meta.UID {
allErrs = append(allErrs, errs.NewFieldInvalid("uid", meta.UID, "field is immutable"))
}
if old.CreationTimestamp != meta.CreationTimestamp {
allErrs = append(allErrs, errs.NewFieldInvalid("creationTimestamp", meta.CreationTimestamp, "field is immutable"))
}
allErrs = append(allErrs, ValidateLabels(meta.Labels, "labels")...)
Slightly relax annotation validation The more aggressive validation on annotations broke openshift (and backwards compat for our data). This change relaxes to allow mixed case so we can continue working in the short term, try to see if we can agree on relaxation, and if we can't, apply the stronger validation here.
2015-02-02 00:03:04 +00:00
allErrs = append(allErrs, ValidateAnnotations(meta.Annotations, "annotations")...)
Unify validation logic for create and update paths Ensure ObjectMeta is consistently validated on both create and update Make PortalIP uncleareable
2015-01-27 23:55:54 +00:00
return allErrs
Add some validation for externalized service ports.
2014-10-31 06:03:52 +00:00
}
Rename api ErrorList for clarity
2014-10-24 16:43:14 +00:00
func validateVolumes(volumes []api.Volume) (util.StringSet, errs.ValidationErrorList) {
allErrs := errs.ValidationErrorList{}
Accumulate validation errors Rather than report the first error, accumulate all errors and report them all at once.
2014-07-08 06:20:30 +00:00
Add validation of Volumes
2014-07-01 21:40:36 +00:00
allNames := util.StringSet{}
Factor out API defaulting from validation logic Currently, the validation logic validates fields in an object and supply default values wherever applies. This change factors out defaulting to a set of defaulting callback functions for decoding (see #1502 for more discussion). * This change is based on pull request 2587. * Most defaulting has been migrated to defaults.go where the defaulting functions are added. * validation_test.go and converter_test.go have been adapted to not testing the default values. * Fixed all tests with that create invalid objects with the absence of defaulting logic.
2015-01-26 17:52:50 +00:00
for i, vol := range volumes {
Make VolumeSource not be a pointer There's no reason for it to be a pointer.
2015-01-21 01:40:43 +00:00
el := validateSource(&vol.Source).Prefix("source")
Make the validation types match the pending ReasonCauses
2014-08-20 02:57:48 +00:00
if len(vol.Name) == 0 {
Errors should be part of api/errors, not apiserver Renames constructor methods to be errors.New<name> which changed a few places.
2014-09-03 21:16:00 +00:00
el = append(el, errs.NewFieldRequired("name", vol.Name))
Make the validation types match the pending ReasonCauses
2014-08-20 02:57:48 +00:00
} else if !util.IsDNSLabel(vol.Name) {
Add a Detail field to Validation Error
2014-11-20 22:24:10 +00:00
el = append(el, errs.NewFieldInvalid("name", vol.Name, ""))
Accumulate validation errors Rather than report the first error, accumulate all errors and report them all at once.
2014-07-08 06:20:30 +00:00
} else if allNames.Has(vol.Name) {
Errors should be part of api/errors, not apiserver Renames constructor methods to be errors.New<name> which changed a few places.
2014-09-03 21:16:00 +00:00
el = append(el, errs.NewFieldDuplicate("name", vol.Name))
API modified to use source; now supports EmptyDirectory API is now modified to use a Source struct to handle multiple volumes. Two volume types are supported now, HostDirectory and EmptyDirectory.
2014-07-16 19:32:59 +00:00
}
Use new api/errors, get rid of api.* error code
2014-08-14 20:46:22 +00:00
if len(el) == 0 {
Accumulate validation errors Rather than report the first error, accumulate all errors and report them all at once.
2014-07-08 06:20:30 +00:00
allNames.Insert(vol.Name)
API modified to use source; now supports EmptyDirectory API is now modified to use a Source struct to handle multiple volumes. Two volume types are supported now, HostDirectory and EmptyDirectory.
2014-07-16 19:32:59 +00:00
} else {
Convert field errors into a selector for the object Satisfies the "Field" condition for a Cause. Also addresses parts of #914.
2014-08-20 03:54:20 +00:00
allErrs = append(allErrs, el.PrefixIndex(i)...)
Add validation of Volumes
2014-07-01 21:40:36 +00:00
}
}
Accumulate validation errors Rather than report the first error, accumulate all errors and report them all at once.
2014-07-08 06:20:30 +00:00
return allNames, allErrs
Add validation of Volumes
2014-07-01 21:40:36 +00:00
}
Rename api ErrorList for clarity
2014-10-24 16:43:14 +00:00
func validateSource(source *api.VolumeSource) errs.ValidationErrorList {
API modified to use source; now supports EmptyDirectory API is now modified to use a Source struct to handle multiple volumes. Two volume types are supported now, HostDirectory and EmptyDirectory.
2014-07-16 19:32:59 +00:00
numVolumes := 0
Rename api ErrorList for clarity
2014-10-24 16:43:14 +00:00
allErrs := errs.ValidationErrorList{}
Rename HostDir to HostPath in v1beta3
2015-01-20 23:56:44 +00:00
if source.HostPath != nil {
API modified to use source; now supports EmptyDirectory API is now modified to use a Source struct to handle multiple volumes. Two volume types are supported now, HostDirectory and EmptyDirectory.
2014-07-16 19:32:59 +00:00
numVolumes++
Rename HostDir to HostPath in v1beta3
2015-01-20 23:56:44 +00:00
allErrs = append(allErrs, validateHostPath(source.HostPath).Prefix("hostPath")...)
API modified to use source; now supports EmptyDirectory API is now modified to use a Source struct to handle multiple volumes. Two volume types are supported now, HostDirectory and EmptyDirectory.
2014-07-16 19:32:59 +00:00
}
Directory renamed to Dir to match json property
2014-10-01 20:35:21 +00:00
if source.EmptyDir != nil {
API modified to use source; now supports EmptyDirectory API is now modified to use a Source struct to handle multiple volumes. Two volume types are supported now, HostDirectory and EmptyDirectory.
2014-07-16 19:32:59 +00:00
numVolumes++
gitrepo validation
2014-11-24 04:03:11 +00:00
// EmptyDirs have nothing to validate
}
if source.GitRepo != nil {
numVolumes++
Rename HostDir to HostPath in v1beta3
2015-01-20 23:56:44 +00:00
allErrs = append(allErrs, validateGitRepo(source.GitRepo).Prefix("gitRepo")...)
API modified to use source; now supports EmptyDirectory API is now modified to use a Source struct to handle multiple volumes. Two volume types are supported now, HostDirectory and EmptyDirectory.
2014-07-16 19:32:59 +00:00
}
Adds support for attaching GCEPersitentDisks Adds GCEPersistentDisk volume struct Adds gce-utils to attach disk to kubelet's VM. Updates config to give compute-rw to every minion. Adds GCEPersistentDisk to API Adds ability to mount attached disks Generalizes PD and adds tests. PD now uses an pluggable API interface. Unit Tests more cleanly separates TearDown and SetUp Modify boilerplate hook to omit build tags Adds Mounter interface; mount is now built by OS TearDown() for PD now detaches disk on final refcount Un-generalized PD; GCE calls moved to cloudprovider Address comments.
2014-08-05 17:58:43 +00:00
if source.GCEPersistentDisk != nil {
numVolumes++
Rename HostDir to HostPath in v1beta3
2015-01-20 23:56:44 +00:00
allErrs = append(allErrs, validateGCEPersistentDisk(source.GCEPersistentDisk).Prefix("persistentDisk")...)
Adds support for attaching GCEPersitentDisks Adds GCEPersistentDisk volume struct Adds gce-utils to attach disk to kubelet's VM. Updates config to give compute-rw to every minion. Adds GCEPersistentDisk to API Adds ability to mount attached disks Generalizes PD and adds tests. PD now uses an pluggable API interface. Unit Tests more cleanly separates TearDown and SetUp Modify boilerplate hook to omit build tags Adds Mounter interface; mount is now built by OS TearDown() for PD now detaches disk on final refcount Un-generalized PD; GCE calls moved to cloudprovider Address comments.
2014-08-05 17:58:43 +00:00
}
Factor out API defaulting from validation logic Currently, the validation logic validates fields in an object and supply default values wherever applies. This change factors out defaulting to a set of defaulting callback functions for decoding (see #1502 for more discussion). * This change is based on pull request 2587. * Most defaulting has been migrated to defaults.go where the defaulting functions are added. * validation_test.go and converter_test.go have been adapted to not testing the default values. * Fixed all tests with that create invalid objects with the absence of defaulting logic.
2015-01-26 17:52:50 +00:00
if numVolumes != 1 {
Add a Detail field to Validation Error
2014-11-20 22:24:10 +00:00
allErrs = append(allErrs, errs.NewFieldInvalid("", source, "exactly 1 volume type is required"))
API modified to use source; now supports EmptyDirectory API is now modified to use a Source struct to handle multiple volumes. Two volume types are supported now, HostDirectory and EmptyDirectory.
2014-07-16 19:32:59 +00:00
}
return allErrs
}
Rename HostDir to HostPath in v1beta3
2015-01-20 23:56:44 +00:00
func validateHostPath(hostDir *api.HostPath) errs.ValidationErrorList {
Rename api ErrorList for clarity
2014-10-24 16:43:14 +00:00
allErrs := errs.ValidationErrorList{}
Adds initial volumes package; Supports host-dirs Adds the framework for external volume mounts. Currently supports bare host directory mounts. Modifies the API to support host directory mounts from Volumes instead of VolumeMounts.
2014-07-15 01:39:30 +00:00
if hostDir.Path == "" {
Rename HostDir to HostPath in v1beta3
2015-01-20 23:56:44 +00:00
allErrs = append(allErrs, errs.NewFieldRequired("path", hostDir.Path))
Adds initial volumes package; Supports host-dirs Adds the framework for external volume mounts. Currently supports bare host directory mounts. Modifies the API to support host directory mounts from Volumes instead of VolumeMounts.
2014-07-15 01:39:30 +00:00
}
return allErrs
}
gitrepo validation
2014-11-24 04:03:11 +00:00
func validateGitRepo(gitRepo *api.GitRepo) errs.ValidationErrorList {
allErrs := errs.ValidationErrorList{}
if gitRepo.Repository == "" {
Rename HostDir to HostPath in v1beta3
2015-01-20 23:56:44 +00:00
allErrs = append(allErrs, errs.NewFieldRequired("repository", gitRepo.Repository))
gitrepo validation
2014-11-24 04:03:11 +00:00
}
return allErrs
}
Add validation of Ports Also do caseless compares for "enum" strings.
2014-07-08 04:32:56 +00:00
Rename api ErrorList for clarity
2014-10-24 16:43:14 +00:00
func validateGCEPersistentDisk(PD *api.GCEPersistentDisk) errs.ValidationErrorList {
allErrs := errs.ValidationErrorList{}
Adds support for attaching GCEPersitentDisks Adds GCEPersistentDisk volume struct Adds gce-utils to attach disk to kubelet's VM. Updates config to give compute-rw to every minion. Adds GCEPersistentDisk to API Adds ability to mount attached disks Generalizes PD and adds tests. PD now uses an pluggable API interface. Unit Tests more cleanly separates TearDown and SetUp Modify boilerplate hook to omit build tags Adds Mounter interface; mount is now built by OS TearDown() for PD now detaches disk on final refcount Un-generalized PD; GCE calls moved to cloudprovider Address comments.
2014-08-05 17:58:43 +00:00
if PD.PDName == "" {
Rename HostDir to HostPath in v1beta3
2015-01-20 23:56:44 +00:00
allErrs = append(allErrs, errs.NewFieldRequired("pdName", PD.PDName))
Adds support for attaching GCEPersitentDisks Adds GCEPersistentDisk volume struct Adds gce-utils to attach disk to kubelet's VM. Updates config to give compute-rw to every minion. Adds GCEPersistentDisk to API Adds ability to mount attached disks Generalizes PD and adds tests. PD now uses an pluggable API interface. Unit Tests more cleanly separates TearDown and SetUp Modify boilerplate hook to omit build tags Adds Mounter interface; mount is now built by OS TearDown() for PD now detaches disk on final refcount Un-generalized PD; GCE calls moved to cloudprovider Address comments.
2014-08-05 17:58:43 +00:00
}
if PD.FSType == "" {
Rename HostDir to HostPath in v1beta3
2015-01-20 23:56:44 +00:00
allErrs = append(allErrs, errs.NewFieldRequired("fsType", PD.FSType))
Adds support for attaching GCEPersitentDisks Adds GCEPersistentDisk volume struct Adds gce-utils to attach disk to kubelet's VM. Updates config to give compute-rw to every minion. Adds GCEPersistentDisk to API Adds ability to mount attached disks Generalizes PD and adds tests. PD now uses an pluggable API interface. Unit Tests more cleanly separates TearDown and SetUp Modify boilerplate hook to omit build tags Adds Mounter interface; mount is now built by OS TearDown() for PD now detaches disk on final refcount Un-generalized PD; GCE calls moved to cloudprovider Address comments.
2014-08-05 17:58:43 +00:00
}
if PD.Partition < 0 || PD.Partition > 255 {
Rename HostDir to HostPath in v1beta3
2015-01-20 23:56:44 +00:00
allErrs = append(allErrs, errs.NewFieldInvalid("partition", PD.Partition, ""))
Adds support for attaching GCEPersitentDisks Adds GCEPersistentDisk volume struct Adds gce-utils to attach disk to kubelet's VM. Updates config to give compute-rw to every minion. Adds GCEPersistentDisk to API Adds ability to mount attached disks Generalizes PD and adds tests. PD now uses an pluggable API interface. Unit Tests more cleanly separates TearDown and SetUp Modify boilerplate hook to omit build tags Adds Mounter interface; mount is now built by OS TearDown() for PD now detaches disk on final refcount Un-generalized PD; GCE calls moved to cloudprovider Address comments.
2014-08-05 17:58:43 +00:00
}
return allErrs
}
gitrepo validation
2014-11-24 04:03:11 +00:00
var supportedPortProtocols = util.NewStringSet(string(api.ProtocolTCP), string(api.ProtocolUDP))
Rename api ErrorList for clarity
2014-10-24 16:43:14 +00:00
func validatePorts(ports []api.Port) errs.ValidationErrorList {
allErrs := errs.ValidationErrorList{}
Accumulate validation errors Rather than report the first error, accumulate all errors and report them all at once.
2014-07-08 06:20:30 +00:00
Add validation of Ports Also do caseless compares for "enum" strings.
2014-07-08 04:32:56 +00:00
allNames := util.StringSet{}
Factor out API defaulting from validation logic Currently, the validation logic validates fields in an object and supply default values wherever applies. This change factors out defaulting to a set of defaulting callback functions for decoding (see #1502 for more discussion). * This change is based on pull request 2587. * Most defaulting has been migrated to defaults.go where the defaulting functions are added. * validation_test.go and converter_test.go have been adapted to not testing the default values. * Fixed all tests with that create invalid objects with the absence of defaulting logic.
2015-01-26 17:52:50 +00:00
for i, port := range ports {
Rename api ErrorList for clarity
2014-10-24 16:43:14 +00:00
pErrs := errs.ValidationErrorList{}
Add validation of Ports Also do caseless compares for "enum" strings.
2014-07-08 04:32:56 +00:00
if len(port.Name) > 0 {
if len(port.Name) > 63 || !util.IsDNSLabel(port.Name) {
Add a Detail field to Validation Error
2014-11-20 22:24:10 +00:00
pErrs = append(pErrs, errs.NewFieldInvalid("name", port.Name, ""))
Accumulate validation errors Rather than report the first error, accumulate all errors and report them all at once.
2014-07-08 06:20:30 +00:00
} else if allNames.Has(port.Name) {
Errors should be part of api/errors, not apiserver Renames constructor methods to be errors.New<name> which changed a few places.
2014-09-03 21:16:00 +00:00
pErrs = append(pErrs, errs.NewFieldDuplicate("name", port.Name))
Accumulate validation errors Rather than report the first error, accumulate all errors and report them all at once.
2014-07-08 06:20:30 +00:00
} else {
allNames.Insert(port.Name)
Add validation of Ports Also do caseless compares for "enum" strings.
2014-07-08 04:32:56 +00:00
}
}
Make the validation types match the pending ReasonCauses
2014-08-20 02:57:48 +00:00
if port.ContainerPort == 0 {
Errors should be part of api/errors, not apiserver Renames constructor methods to be errors.New<name> which changed a few places.
2014-09-03 21:16:00 +00:00
pErrs = append(pErrs, errs.NewFieldRequired("containerPort", port.ContainerPort))
Make the validation types match the pending ReasonCauses
2014-08-20 02:57:48 +00:00
} else if !util.IsValidPortNum(port.ContainerPort) {
Add a Detail field to Validation Error
2014-11-20 22:24:10 +00:00
pErrs = append(pErrs, errs.NewFieldInvalid("containerPort", port.ContainerPort, ""))
Add validation of Ports Also do caseless compares for "enum" strings.
2014-07-08 04:32:56 +00:00
}
Fix #926 Make HostPort a real option without being set to ContainerPort if absent.
2014-08-19 22:18:49 +00:00
if port.HostPort != 0 && !util.IsValidPortNum(port.HostPort) {
Add a Detail field to Validation Error
2014-11-20 22:24:10 +00:00
pErrs = append(pErrs, errs.NewFieldInvalid("hostPort", port.HostPort, ""))
Add validation of Ports Also do caseless compares for "enum" strings.
2014-07-08 04:32:56 +00:00
}
if len(port.Protocol) == 0 {
Factor out API defaulting from validation logic Currently, the validation logic validates fields in an object and supply default values wherever applies. This change factors out defaulting to a set of defaulting callback functions for decoding (see #1502 for more discussion). * This change is based on pull request 2587. * Most defaulting has been migrated to defaults.go where the defaulting functions are added. * validation_test.go and converter_test.go have been adapted to not testing the default values. * Fixed all tests with that create invalid objects with the absence of defaulting logic.
2015-01-26 17:52:50 +00:00
pErrs = append(pErrs, errs.NewFieldRequired("protocol", port.Protocol))
Make and use api.Protocol type
2014-09-28 03:31:37 +00:00
} else if !supportedPortProtocols.Has(strings.ToUpper(string(port.Protocol))) {
Errors should be part of api/errors, not apiserver Renames constructor methods to be errors.New<name> which changed a few places.
2014-09-03 21:16:00 +00:00
pErrs = append(pErrs, errs.NewFieldNotSupported("protocol", port.Protocol))
Add validation of Ports Also do caseless compares for "enum" strings.
2014-07-08 04:32:56 +00:00
}
Convert field errors into a selector for the object Satisfies the "Field" condition for a Cause. Also addresses parts of #914.
2014-08-20 03:54:20 +00:00
allErrs = append(allErrs, pErrs.PrefixIndex(i)...)
Add validation of Ports Also do caseless compares for "enum" strings.
2014-07-08 04:32:56 +00:00
}
Accumulate validation errors Rather than report the first error, accumulate all errors and report them all at once.
2014-07-08 06:20:30 +00:00
return allErrs
Add validation of Ports Also do caseless compares for "enum" strings.
2014-07-08 04:32:56 +00:00
}
Rename api ErrorList for clarity
2014-10-24 16:43:14 +00:00
func validateEnv(vars []api.EnvVar) errs.ValidationErrorList {
allErrs := errs.ValidationErrorList{}
Accumulate validation errors Rather than report the first error, accumulate all errors and report them all at once.
2014-07-08 06:20:30 +00:00
Factor out API defaulting from validation logic Currently, the validation logic validates fields in an object and supply default values wherever applies. This change factors out defaulting to a set of defaulting callback functions for decoding (see #1502 for more discussion). * This change is based on pull request 2587. * Most defaulting has been migrated to defaults.go where the defaulting functions are added. * validation_test.go and converter_test.go have been adapted to not testing the default values. * Fixed all tests with that create invalid objects with the absence of defaulting logic.
2015-01-26 17:52:50 +00:00
for i, ev := range vars {
Rename api ErrorList for clarity
2014-10-24 16:43:14 +00:00
vErrs := errs.ValidationErrorList{}
Add validation for Container.Env This includes backwards compat with the older "key" field.
2014-07-01 22:56:30 +00:00
if len(ev.Name) == 0 {
Errors should be part of api/errors, not apiserver Renames constructor methods to be errors.New<name> which changed a few places.
2014-09-03 21:16:00 +00:00
vErrs = append(vErrs, errs.NewFieldRequired("name", ev.Name))
Add validation for Container.Env This includes backwards compat with the older "key" field.
2014-07-01 22:56:30 +00:00
}
if !util.IsCIdentifier(ev.Name) {
Add a Detail field to Validation Error
2014-11-20 22:24:10 +00:00
vErrs = append(vErrs, errs.NewFieldInvalid("name", ev.Name, ""))
Add validation for Container.Env This includes backwards compat with the older "key" field.
2014-07-01 22:56:30 +00:00
}
Convert field errors into a selector for the object Satisfies the "Field" condition for a Cause. Also addresses parts of #914.
2014-08-20 03:54:20 +00:00
allErrs = append(allErrs, vErrs.PrefixIndex(i)...)
Add validation for Container.Env This includes backwards compat with the older "key" field.
2014-07-01 22:56:30 +00:00
}
Accumulate validation errors Rather than report the first error, accumulate all errors and report them all at once.
2014-07-08 06:20:30 +00:00
return allErrs
Add validation for Container.Env This includes backwards compat with the older "key" field.
2014-07-01 22:56:30 +00:00
}
Rename api ErrorList for clarity
2014-10-24 16:43:14 +00:00
func validateVolumeMounts(mounts []api.VolumeMount, volumes util.StringSet) errs.ValidationErrorList {
allErrs := errs.ValidationErrorList{}
Accumulate validation errors Rather than report the first error, accumulate all errors and report them all at once.
2014-07-08 06:20:30 +00:00
Factor out API defaulting from validation logic Currently, the validation logic validates fields in an object and supply default values wherever applies. This change factors out defaulting to a set of defaulting callback functions for decoding (see #1502 for more discussion). * This change is based on pull request 2587. * Most defaulting has been migrated to defaults.go where the defaulting functions are added. * validation_test.go and converter_test.go have been adapted to not testing the default values. * Fixed all tests with that create invalid objects with the absence of defaulting logic.
2015-01-26 17:52:50 +00:00
for i, mnt := range mounts {
Rename api ErrorList for clarity
2014-10-24 16:43:14 +00:00
mErrs := errs.ValidationErrorList{}
Add validation of VolumeMounts
2014-07-05 02:46:56 +00:00
if len(mnt.Name) == 0 {
Errors should be part of api/errors, not apiserver Renames constructor methods to be errors.New<name> which changed a few places.
2014-09-03 21:16:00 +00:00
mErrs = append(mErrs, errs.NewFieldRequired("name", mnt.Name))
Accumulate validation errors Rather than report the first error, accumulate all errors and report them all at once.
2014-07-08 06:20:30 +00:00
} else if !volumes.Has(mnt.Name) {
Update the validation logic to test PodTemplateSpec
2014-11-07 02:08:46 +00:00
mErrs = append(mErrs, errs.NewFieldNotFound("name", mnt.Name))
Add validation of VolumeMounts
2014-07-05 02:46:56 +00:00
}
if len(mnt.MountPath) == 0 {
Errors should be part of api/errors, not apiserver Renames constructor methods to be errors.New<name> which changed a few places.
2014-09-03 21:16:00 +00:00
mErrs = append(mErrs, errs.NewFieldRequired("mountPath", mnt.MountPath))
Adds initial volumes package; Supports host-dirs Adds the framework for external volume mounts. Currently supports bare host directory mounts. Modifies the API to support host directory mounts from Volumes instead of VolumeMounts.
2014-07-15 01:39:30 +00:00
}
Convert field errors into a selector for the object Satisfies the "Field" condition for a Cause. Also addresses parts of #914.
2014-08-20 03:54:20 +00:00
allErrs = append(allErrs, mErrs.PrefixIndex(i)...)
Add validation of VolumeMounts
2014-07-05 02:46:56 +00:00
}
Accumulate validation errors Rather than report the first error, accumulate all errors and report them all at once.
2014-07-08 06:20:30 +00:00
return allErrs
Add validation of VolumeMounts
2014-07-05 02:46:56 +00:00
}
Add validation of Ports Also do caseless compares for "enum" strings.
2014-07-08 04:32:56 +00:00
// AccumulateUniquePorts runs an extraction function on each Port of each Container,
// accumulating the results and returning an error if any ports conflict.
Rename api ErrorList for clarity
2014-10-24 16:43:14 +00:00
func AccumulateUniquePorts(containers []api.Container, accumulator map[int]bool, extract func(*api.Port) int) errs.ValidationErrorList {
allErrs := errs.ValidationErrorList{}
Accumulate validation errors Rather than report the first error, accumulate all errors and report them all at once.
2014-07-08 06:20:30 +00:00
Factor out API defaulting from validation logic Currently, the validation logic validates fields in an object and supply default values wherever applies. This change factors out defaulting to a set of defaulting callback functions for decoding (see #1502 for more discussion). * This change is based on pull request 2587. * Most defaulting has been migrated to defaults.go where the defaulting functions are added. * validation_test.go and converter_test.go have been adapted to not testing the default values. * Fixed all tests with that create invalid objects with the absence of defaulting logic.
2015-01-26 17:52:50 +00:00
for ci, ctr := range containers {
Rename api ErrorList for clarity
2014-10-24 16:43:14 +00:00
cErrs := errs.ValidationErrorList{}
Add validation of Ports Also do caseless compares for "enum" strings.
2014-07-08 04:32:56 +00:00
for pi := range ctr.Ports {
port := extract(&ctr.Ports[pi])
Fix #926 Make HostPort a real option without being set to ContainerPort if absent.
2014-08-19 22:18:49 +00:00
if port == 0 {
continue
}
Add validation of Ports Also do caseless compares for "enum" strings.
2014-07-08 04:32:56 +00:00
if accumulator[port] {
Some field names in validation.go not consistent Fields are (for now) JavaScript style field accessors
2014-10-03 03:41:02 +00:00
cErrs = append(cErrs, errs.NewFieldDuplicate("port", port))
Accumulate validation errors Rather than report the first error, accumulate all errors and report them all at once.
2014-07-08 06:20:30 +00:00
} else {
accumulator[port] = true
Add validation of Ports Also do caseless compares for "enum" strings.
2014-07-08 04:32:56 +00:00
}
}
Convert field errors into a selector for the object Satisfies the "Field" condition for a Cause. Also addresses parts of #914.
2014-08-20 03:54:20 +00:00
allErrs = append(allErrs, cErrs.PrefixIndex(ci)...)
Add validation of Ports Also do caseless compares for "enum" strings.
2014-07-08 04:32:56 +00:00
}
Accumulate validation errors Rather than report the first error, accumulate all errors and report them all at once.
2014-07-08 06:20:30 +00:00
return allErrs
Add validation of Ports Also do caseless compares for "enum" strings.
2014-07-08 04:32:56 +00:00
}
Unify Godoc formatting, fix various typos Signed-off-by: Vojtech Vitek (V-Teq) <vvitek@redhat.com>
2014-09-02 10:00:28 +00:00
// checkHostPortConflicts checks for colliding Port.HostPort values across
// a slice of containers.
Rename api ErrorList for clarity
2014-10-24 16:43:14 +00:00
func checkHostPortConflicts(containers []api.Container) errs.ValidationErrorList {
Add validation of Ports Also do caseless compares for "enum" strings.
2014-07-08 04:32:56 +00:00
allPorts := map[int]bool{}
Make validation work when not in the api package.
2014-08-30 01:20:27 +00:00
return AccumulateUniquePorts(containers, allPorts, func(p *api.Port) int { return p.HostPort })
Add validation of Ports Also do caseless compares for "enum" strings.
2014-07-08 04:32:56 +00:00
}
Rename api ErrorList for clarity
2014-10-24 16:43:14 +00:00
func validateExecAction(exec *api.ExecAction) errs.ValidationErrorList {
allErrors := errs.ValidationErrorList{}
Add some lifecycle validation.
2014-09-12 23:04:10 +00:00
if len(exec.Command) == 0 {
allErrors = append(allErrors, errs.NewFieldRequired("command", exec.Command))
}
return allErrors
}
Rename api ErrorList for clarity
2014-10-24 16:43:14 +00:00
func validateHTTPGetAction(http *api.HTTPGetAction) errs.ValidationErrorList {
allErrors := errs.ValidationErrorList{}
Add some lifecycle validation.
2014-09-12 23:04:10 +00:00
if len(http.Path) == 0 {
allErrors = append(allErrors, errs.NewFieldRequired("path", http.Path))
}
return allErrors
}
Rename api ErrorList for clarity
2014-10-24 16:43:14 +00:00
func validateHandler(handler *api.Handler) errs.ValidationErrorList {
Add a Detail field to Validation Error
2014-11-20 22:24:10 +00:00
numHandlers := 0
Rename api ErrorList for clarity
2014-10-24 16:43:14 +00:00
allErrors := errs.ValidationErrorList{}
Add some lifecycle validation.
2014-09-12 23:04:10 +00:00
if handler.Exec != nil {
Add a Detail field to Validation Error
2014-11-20 22:24:10 +00:00
numHandlers++
Add some lifecycle validation.
2014-09-12 23:04:10 +00:00
allErrors = append(allErrors, validateExecAction(handler.Exec).Prefix("exec")...)
Add a Detail field to Validation Error
2014-11-20 22:24:10 +00:00
}
if handler.HTTPGet != nil {
numHandlers++
Add some lifecycle validation.
2014-09-12 23:04:10 +00:00
allErrors = append(allErrors, validateHTTPGetAction(handler.HTTPGet).Prefix("httpGet")...)
Add a Detail field to Validation Error
2014-11-20 22:24:10 +00:00
}
if numHandlers != 1 {
allErrors = append(allErrors, errs.NewFieldInvalid("", handler, "exactly 1 handler type is required"))
Add some lifecycle validation.
2014-09-12 23:04:10 +00:00
}
return allErrors
}
Rename api ErrorList for clarity
2014-10-24 16:43:14 +00:00
func validateLifecycle(lifecycle *api.Lifecycle) errs.ValidationErrorList {
allErrs := errs.ValidationErrorList{}
Add some lifecycle validation.
2014-09-12 23:04:10 +00:00
if lifecycle.PostStart != nil {
allErrs = append(allErrs, validateHandler(lifecycle.PostStart).Prefix("postStart")...)
}
if lifecycle.PreStop != nil {
allErrs = append(allErrs, validateHandler(lifecycle.PreStop).Prefix("preStop")...)
}
return allErrs
}
Factor out API defaulting from validation logic Currently, the validation logic validates fields in an object and supply default values wherever applies. This change factors out defaulting to a set of defaulting callback functions for decoding (see #1502 for more discussion). * This change is based on pull request 2587. * Most defaulting has been migrated to defaults.go where the defaulting functions are added. * validation_test.go and converter_test.go have been adapted to not testing the default values. * Fixed all tests with that create invalid objects with the absence of defaulting logic.
2015-01-26 17:52:50 +00:00
func validatePullPolicy(ctr *api.Container) errs.ValidationErrorList {
Introduce validatePullPolicyWithDefault to validation.
2015-01-16 23:02:36 +00:00
allErrors := errs.ValidationErrorList{}
Using switch in validatePullPolicyWithDefault
2015-01-16 23:02:36 +00:00
switch ctr.ImagePullPolicy {
case api.PullAlways, api.PullIfNotPresent, api.PullNever:
break
Factor out API defaulting from validation logic Currently, the validation logic validates fields in an object and supply default values wherever applies. This change factors out defaulting to a set of defaulting callback functions for decoding (see #1502 for more discussion). * This change is based on pull request 2587. * Most defaulting has been migrated to defaults.go where the defaulting functions are added. * validation_test.go and converter_test.go have been adapted to not testing the default values. * Fixed all tests with that create invalid objects with the absence of defaulting logic.
2015-01-26 17:52:50 +00:00
case "":
allErrors = append(allErrors, errs.NewFieldRequired("", ctr.ImagePullPolicy))
Using switch in validatePullPolicyWithDefault
2015-01-16 23:02:36 +00:00
default:
Introduce validatePullPolicyWithDefault to validation.
2015-01-16 23:02:36 +00:00
allErrors = append(allErrors, errs.NewFieldNotSupported("", ctr.ImagePullPolicy))
}
return allErrors
}
Rename api ErrorList for clarity
2014-10-24 16:43:14 +00:00
func validateContainers(containers []api.Container, volumes util.StringSet) errs.ValidationErrorList {
allErrs := errs.ValidationErrorList{}
Accumulate validation errors Rather than report the first error, accumulate all errors and report them all at once.
2014-07-08 06:20:30 +00:00
Add basic validation of Containers
2014-07-01 22:14:25 +00:00
allNames := util.StringSet{}
Factor out API defaulting from validation logic Currently, the validation logic validates fields in an object and supply default values wherever applies. This change factors out defaulting to a set of defaulting callback functions for decoding (see #1502 for more discussion). * This change is based on pull request 2587. * Most defaulting has been migrated to defaults.go where the defaulting functions are added. * validation_test.go and converter_test.go have been adapted to not testing the default values. * Fixed all tests with that create invalid objects with the absence of defaulting logic.
2015-01-26 17:52:50 +00:00
for i, ctr := range containers {
Rename api ErrorList for clarity
2014-10-24 16:43:14 +00:00
cErrs := errs.ValidationErrorList{}
Refactor to clean up names.
2014-09-16 22:18:33 +00:00
capabilities := capabilities.Get()
Make the validation types match the pending ReasonCauses
2014-08-20 02:57:48 +00:00
if len(ctr.Name) == 0 {
Errors should be part of api/errors, not apiserver Renames constructor methods to be errors.New<name> which changed a few places.
2014-09-03 21:16:00 +00:00
cErrs = append(cErrs, errs.NewFieldRequired("name", ctr.Name))
Make the validation types match the pending ReasonCauses
2014-08-20 02:57:48 +00:00
} else if !util.IsDNSLabel(ctr.Name) {
Add a Detail field to Validation Error
2014-11-20 22:24:10 +00:00
cErrs = append(cErrs, errs.NewFieldInvalid("name", ctr.Name, ""))
Accumulate validation errors Rather than report the first error, accumulate all errors and report them all at once.
2014-07-08 06:20:30 +00:00
} else if allNames.Has(ctr.Name) {
Errors should be part of api/errors, not apiserver Renames constructor methods to be errors.New<name> which changed a few places.
2014-09-03 21:16:00 +00:00
cErrs = append(cErrs, errs.NewFieldDuplicate("name", ctr.Name))
Add a flag to reject privileged containers in the apiserver.
2014-09-16 14:04:12 +00:00
} else if ctr.Privileged && !capabilities.AllowPrivileged {
Use Forbidden valdiation error when no capability
2014-10-14 23:14:28 +00:00
cErrs = append(cErrs, errs.NewFieldForbidden("privileged", ctr.Privileged))
Accumulate validation errors Rather than report the first error, accumulate all errors and report them all at once.
2014-07-08 06:20:30 +00:00
} else {
allNames.Insert(ctr.Name)
Add basic validation of Containers
2014-07-01 22:14:25 +00:00
}
if len(ctr.Image) == 0 {
Errors should be part of api/errors, not apiserver Renames constructor methods to be errors.New<name> which changed a few places.
2014-09-03 21:16:00 +00:00
cErrs = append(cErrs, errs.NewFieldRequired("image", ctr.Image))
Add validation of VolumeMounts
2014-07-05 02:46:56 +00:00
}
Add some lifecycle validation.
2014-09-12 23:04:10 +00:00
if ctr.Lifecycle != nil {
cErrs = append(cErrs, validateLifecycle(ctr.Lifecycle).Prefix("lifecycle")...)
}
Convert field errors into a selector for the object Satisfies the "Field" condition for a Cause. Also addresses parts of #914.
2014-08-20 03:54:20 +00:00
cErrs = append(cErrs, validatePorts(ctr.Ports).Prefix("ports")...)
cErrs = append(cErrs, validateEnv(ctr.Env).Prefix("env")...)
cErrs = append(cErrs, validateVolumeMounts(ctr.VolumeMounts, volumes).Prefix("volumeMounts")...)
Factor out API defaulting from validation logic Currently, the validation logic validates fields in an object and supply default values wherever applies. This change factors out defaulting to a set of defaulting callback functions for decoding (see #1502 for more discussion). * This change is based on pull request 2587. * Most defaulting has been migrated to defaults.go where the defaulting functions are added. * validation_test.go and converter_test.go have been adapted to not testing the default values. * Fixed all tests with that create invalid objects with the absence of defaulting logic.
2015-01-26 17:52:50 +00:00
cErrs = append(cErrs, validatePullPolicy(&ctr).Prefix("pullPolicy")...)
cErrs = append(cErrs, validateResourceRequirements(&ctr).Prefix("resources")...)
Convert field errors into a selector for the object Satisfies the "Field" condition for a Cause. Also addresses parts of #914.
2014-08-20 03:54:20 +00:00
allErrs = append(allErrs, cErrs.PrefixIndex(i)...)
Add basic validation of Containers
2014-07-01 22:14:25 +00:00
}
Add validation of Ports Also do caseless compares for "enum" strings.
2014-07-08 04:32:56 +00:00
// Check for colliding ports across all containers.
// TODO(thockin): This really is dependent on the network config of the host (IP per pod?)
// and the config of the new manifest. But we have not specced that out yet, so we'll just
// make some assumptions for now. As of now, pods share a network namespace, which means that
// every Port.HostPort across the whole pod must be unique.
Change ErrorList.Append() to append()
2014-08-16 20:34:06 +00:00
allErrs = append(allErrs, checkHostPortConflicts(containers)...)
Define an errorList type and use it to accumulate
2014-07-09 00:33:15 +00:00
Fixes golint errors in pkg/api
2014-07-10 11:46:35 +00:00
return allErrs
Add basic validation of Containers
2014-07-01 22:14:25 +00:00
}
Fixes golint errors in pkg/api
2014-07-10 11:46:35 +00:00
var supportedManifestVersions = util.NewStringSet("v1beta1", "v1beta2")
Add validation of Ports Also do caseless compares for "enum" strings.
2014-07-08 04:32:56 +00:00
First piece of validation I'm adding pieces incrementally to make sure we get full testing of each piece. Make syncLoop() private
2014-07-01 20:01:39 +00:00
// ValidateManifest tests that the specified ContainerManifest has valid data.
// This includes checking formatting and uniqueness. It also canonicalizes the
// structure by setting default values and implementing any backwards-compatibility
// tricks.
Update the validation logic to test PodTemplateSpec
2014-11-07 02:08:46 +00:00
// TODO: replaced by ValidatePodSpec
Rename api ErrorList for clarity
2014-10-24 16:43:14 +00:00
func ValidateManifest(manifest *api.ContainerManifest) errs.ValidationErrorList {
allErrs := errs.ValidationErrorList{}
Accumulate validation errors Rather than report the first error, accumulate all errors and report them all at once.
2014-07-08 06:20:30 +00:00
First piece of validation I'm adding pieces incrementally to make sure we get full testing of each piece. Make syncLoop() private
2014-07-01 20:01:39 +00:00
if len(manifest.Version) == 0 {
Errors should be part of api/errors, not apiserver Renames constructor methods to be errors.New<name> which changed a few places.
2014-09-03 21:16:00 +00:00
allErrs = append(allErrs, errs.NewFieldRequired("version", manifest.Version))
Accumulate validation errors Rather than report the first error, accumulate all errors and report them all at once.
2014-07-08 06:20:30 +00:00
} else if !supportedManifestVersions.Has(strings.ToLower(manifest.Version)) {
Errors should be part of api/errors, not apiserver Renames constructor methods to be errors.New<name> which changed a few places.
2014-09-03 21:16:00 +00:00
allErrs = append(allErrs, errs.NewFieldNotSupported("version", manifest.Version))
First piece of validation I'm adding pieces incrementally to make sure we get full testing of each piece. Make syncLoop() private
2014-07-01 20:01:39 +00:00
}
Small clean up in validation. errs is used as import path alias in validation.go, but it is reused as a variable for validateVolume.
2014-09-09 23:08:21 +00:00
allVolumes, vErrs := validateVolumes(manifest.Volumes)
allErrs = append(allErrs, vErrs.Prefix("volumes")...)
Convert field errors into a selector for the object Satisfies the "Field" condition for a Cause. Also addresses parts of #914.
2014-08-20 03:54:20 +00:00
allErrs = append(allErrs, validateContainers(manifest.Containers, allVolumes).Prefix("containers")...)
Introduce the simplest RestartPolicy and handling.
2014-08-26 18:25:17 +00:00
allErrs = append(allErrs, validateRestartPolicy(&manifest.RestartPolicy).Prefix("restartPolicy")...)
Add kubelet DNS flags & api disable for DNS This adds --cluster_dns and --cluster_domain flags to kubelet. If non-empty, kubelet will set docker --dns and --dns-search flags based on these. It uses the cluster DNS and appends the hosts's DNS servers. Likewise for DNS search domains. This also adds API support to bypass cluster DNS entirely, needed to bootstrap DNS.
2014-11-12 05:21:40 +00:00
allErrs = append(allErrs, validateDNSPolicy(&manifest.DNSPolicy).Prefix("dnsPolicy")...)
All validations return ErrorList now
2014-08-16 20:48:48 +00:00
return allErrs
First piece of validation I'm adding pieces incrementally to make sure we get full testing of each piece. Make syncLoop() private
2014-07-01 20:01:39 +00:00
}
Add initial validation of Service objects
2014-07-10 19:45:01 +00:00
Rename api ErrorList for clarity
2014-10-24 16:43:14 +00:00
func validateRestartPolicy(restartPolicy *api.RestartPolicy) errs.ValidationErrorList {
Introduce the simplest RestartPolicy and handling.
2014-08-26 18:25:17 +00:00
numPolicies := 0
Rename api ErrorList for clarity
2014-10-24 16:43:14 +00:00
allErrors := errs.ValidationErrorList{}
Introduce the simplest RestartPolicy and handling.
2014-08-26 18:25:17 +00:00
if restartPolicy.Always != nil {
numPolicies++
}
if restartPolicy.OnFailure != nil {
numPolicies++
}
if restartPolicy.Never != nil {
numPolicies++
}
Factor out API defaulting from validation logic Currently, the validation logic validates fields in an object and supply default values wherever applies. This change factors out defaulting to a set of defaulting callback functions for decoding (see #1502 for more discussion). * This change is based on pull request 2587. * Most defaulting has been migrated to defaults.go where the defaulting functions are added. * validation_test.go and converter_test.go have been adapted to not testing the default values. * Fixed all tests with that create invalid objects with the absence of defaulting logic.
2015-01-26 17:52:50 +00:00
if numPolicies != 1 {
Add a Detail field to Validation Error
2014-11-20 22:24:10 +00:00
allErrors = append(allErrors, errs.NewFieldInvalid("", restartPolicy, "only 1 policy is allowed"))
Introduce the simplest RestartPolicy and handling.
2014-08-26 18:25:17 +00:00
}
return allErrors
}
Add RestartPolicy to Pod and PodTemplate
2014-07-22 18:45:12 +00:00
Add kubelet DNS flags & api disable for DNS This adds --cluster_dns and --cluster_domain flags to kubelet. If non-empty, kubelet will set docker --dns and --dns-search flags based on these. It uses the cluster DNS and appends the hosts's DNS servers. Likewise for DNS search domains. This also adds API support to bypass cluster DNS entirely, needed to bootstrap DNS.
2014-11-12 05:21:40 +00:00
func validateDNSPolicy(dnsPolicy *api.DNSPolicy) errs.ValidationErrorList {
allErrors := errs.ValidationErrorList{}
switch *dnsPolicy {
case api.DNSClusterFirst, api.DNSDefault:
break
Factor out API defaulting from validation logic Currently, the validation logic validates fields in an object and supply default values wherever applies. This change factors out defaulting to a set of defaulting callback functions for decoding (see #1502 for more discussion). * This change is based on pull request 2587. * Most defaulting has been migrated to defaults.go where the defaulting functions are added. * validation_test.go and converter_test.go have been adapted to not testing the default values. * Fixed all tests with that create invalid objects with the absence of defaulting logic.
2015-01-26 17:52:50 +00:00
case "":
allErrors = append(allErrors, errs.NewFieldRequired("", *dnsPolicy))
Add kubelet DNS flags & api disable for DNS This adds --cluster_dns and --cluster_domain flags to kubelet. If non-empty, kubelet will set docker --dns and --dns-search flags based on these. It uses the cluster DNS and appends the hosts's DNS servers. Likewise for DNS search domains. This also adds API support to bypass cluster DNS entirely, needed to bootstrap DNS.
2014-11-12 05:21:40 +00:00
default:
allErrors = append(allErrors, errs.NewFieldNotSupported("", dnsPolicy))
}
return allErrors
}
Unify Godoc formatting, fix various typos Signed-off-by: Vojtech Vitek (V-Teq) <vvitek@redhat.com>
2014-09-02 10:00:28 +00:00
// ValidatePod tests if required fields in the pod are set.
Rename api ErrorList for clarity
2014-10-24 16:43:14 +00:00
func ValidatePod(pod *api.Pod) errs.ValidationErrorList {
allErrs := errs.ValidationErrorList{}
Use name generation on pods via replication controllers The generated name is '<controllerName>-%s', unless controllerName- would be long enough to cause a validation error.
2015-01-28 04:50:01 +00:00
allErrs = append(allErrs, ValidateObjectMeta(&pod.ObjectMeta, true, ValidatePodName).Prefix("metadata")...)
v1beta3 Pod refactor
2014-11-13 15:52:13 +00:00
allErrs = append(allErrs, ValidatePodSpec(&pod.Spec).Prefix("spec")...)
Unify validation logic for create and update paths Ensure ObjectMeta is consistently validated on both create and update Make PortalIP uncleareable
2015-01-27 23:55:54 +00:00
add RFC952 label validation
2014-10-23 20:14:13 +00:00
return allErrs
}
Update the validation logic to test PodTemplateSpec
2014-11-07 02:08:46 +00:00
// ValidatePodSpec tests that the specified PodSpec has valid data.
// This includes checking formatting and uniqueness. It also canonicalizes the
// structure by setting default values and implementing any backwards-compatibility
// tricks.
func ValidatePodSpec(spec *api.PodSpec) errs.ValidationErrorList {
allErrs := errs.ValidationErrorList{}
allVolumes, vErrs := validateVolumes(spec.Volumes)
allErrs = append(allErrs, vErrs.Prefix("volumes")...)
allErrs = append(allErrs, validateContainers(spec.Containers, allVolumes).Prefix("containers")...)
allErrs = append(allErrs, validateRestartPolicy(&spec.RestartPolicy).Prefix("restartPolicy")...)
Add kubelet DNS flags & api disable for DNS This adds --cluster_dns and --cluster_domain flags to kubelet. If non-empty, kubelet will set docker --dns and --dns-search flags based on these. It uses the cluster DNS and appends the hosts's DNS servers. Likewise for DNS search domains. This also adds API support to bypass cluster DNS entirely, needed to bootstrap DNS.
2014-11-12 05:21:40 +00:00
allErrs = append(allErrs, validateDNSPolicy(&spec.DNSPolicy).Prefix("dnsPolicy")...)
Expose ValidateLabels in validation.go for reuse by other components Label validation is common to anyone building kube resources.
2015-01-20 03:32:39 +00:00
allErrs = append(allErrs, ValidateLabels(spec.NodeSelector, "nodeSelector")...)
Update the validation logic to test PodTemplateSpec
2014-11-07 02:08:46 +00:00
return allErrs
}
Add update to the pod etcd handler.
2014-10-10 03:30:34 +00:00
// ValidatePodUpdate tests to see if the update is legal
Rename api ErrorList for clarity
2014-10-24 16:43:14 +00:00
func ValidatePodUpdate(newPod, oldPod *api.Pod) errs.ValidationErrorList {
allErrs := errs.ValidationErrorList{}
Add update to the pod etcd handler.
2014-10-10 03:30:34 +00:00
Unify validation logic for create and update paths Ensure ObjectMeta is consistently validated on both create and update Make PortalIP uncleareable
2015-01-27 23:55:54 +00:00
allErrs = append(allErrs, ValidateObjectMetaUpdate(&oldPod.ObjectMeta, &newPod.ObjectMeta).Prefix("metadata")...)
Add an e2e test in go. Also adjust validation logic a little to make it more reasonable. Not integrated into existing e2e yet.
2014-10-14 19:28:45 +00:00
v1beta3 Pod refactor
2014-11-13 15:52:13 +00:00
if len(newPod.Spec.Containers) != len(oldPod.Spec.Containers) {
Add a Detail field to Validation Error
2014-11-20 22:24:10 +00:00
allErrs = append(allErrs, errs.NewFieldInvalid("spec.containers", newPod.Spec.Containers, "may not add or remove containers"))
Add update to the pod etcd handler.
2014-10-10 03:30:34 +00:00
return allErrs
}
pod := *newPod
// Tricky, we need to copy the container list so that we don't overwrite the update
var newContainers []api.Container
v1beta3 Pod refactor
2014-11-13 15:52:13 +00:00
for ix, container := range pod.Spec.Containers {
container.Image = oldPod.Spec.Containers[ix].Image
Add update to the pod etcd handler.
2014-10-10 03:30:34 +00:00
newContainers = append(newContainers, container)
}
v1beta3 Pod refactor
2014-11-13 15:52:13 +00:00
pod.Spec.Containers = newContainers
Make semantic deep equal public feature * Use semantic deep equal when validating * More test cases for deep equal
2015-01-05 21:38:39 +00:00
if !api.Semantic.DeepEqual(pod.Spec, oldPod.Spec) {
Add a Detail field to Validation Error
2014-11-20 22:24:10 +00:00
// TODO: a better error would include all immutable fields explicitly.
allErrs = append(allErrs, errs.NewFieldInvalid("spec.containers", newPod.Spec.Containers, "some fields are immutable"))
Add update to the pod etcd handler.
2014-10-10 03:30:34 +00:00
}
Unify validation logic for create and update paths Ensure ObjectMeta is consistently validated on both create and update Make PortalIP uncleareable
2015-01-27 23:55:54 +00:00
Add update to the pod etcd handler.
2014-10-10 03:30:34 +00:00
return allErrs
}
Updated types API to include session affinity. … - changed CLIENT-IP and NONE to be ClientIP and None respectively - updated conversions to support translating between api versions. - updated validations to validate session affinity type if specified.
2014-12-17 12:52:11 +00:00
var supportedSessionAffinityType = util.NewStringSet(string(api.AffinityTypeClientIP), string(api.AffinityTypeNone))
Fixes golint errors in pkg/api
2014-07-15 13:53:39 +00:00
// ValidateService tests if required fields in the service are set.
Unify validation logic for create and update paths Ensure ObjectMeta is consistently validated on both create and update Make PortalIP uncleareable
2015-01-27 23:55:54 +00:00
func ValidateService(service *api.Service) errs.ValidationErrorList {
Rename api ErrorList for clarity
2014-10-24 16:43:14 +00:00
allErrs := errs.ValidationErrorList{}
Use name generation on pods via replication controllers The generated name is '<controllerName>-%s', unless controllerName- would be long enough to cause a validation error.
2015-01-28 04:50:01 +00:00
allErrs = append(allErrs, ValidateObjectMeta(&service.ObjectMeta, true, ValidateServiceName).Prefix("metadata")...)
Unify validation logic for create and update paths Ensure ObjectMeta is consistently validated on both create and update Make PortalIP uncleareable
2015-01-27 23:55:54 +00:00
refactor services to v1beta3
2014-10-30 13:29:11 +00:00
if !util.IsValidPortNum(service.Spec.Port) {
Add a Detail field to Validation Error
2014-11-20 22:24:10 +00:00
allErrs = append(allErrs, errs.NewFieldInvalid("spec.port", service.Spec.Port, ""))
Make validation check for legal serive port numbers.
2014-08-22 21:44:21 +00:00
}
refactor services to v1beta3
2014-10-30 13:29:11 +00:00
if len(service.Spec.Protocol) == 0 {
Factor out API defaulting from validation logic Currently, the validation logic validates fields in an object and supply default values wherever applies. This change factors out defaulting to a set of defaulting callback functions for decoding (see #1502 for more discussion). * This change is based on pull request 2587. * Most defaulting has been migrated to defaults.go where the defaulting functions are added. * validation_test.go and converter_test.go have been adapted to not testing the default values. * Fixed all tests with that create invalid objects with the absence of defaulting logic.
2015-01-26 17:52:50 +00:00
allErrs = append(allErrs, errs.NewFieldRequired("spec.protocol", service.Spec.Protocol))
refactor services to v1beta3
2014-10-30 13:29:11 +00:00
} else if !supportedPortProtocols.Has(strings.ToUpper(string(service.Spec.Protocol))) {
allErrs = append(allErrs, errs.NewFieldNotSupported("spec.protocol", service.Spec.Protocol))
add a 'protocol' field to api.Service
2014-09-10 16:53:40 +00:00
}
Allow an empty service
2014-11-18 17:49:00 +00:00
if service.Spec.Selector != nil {
Expose ValidateLabels in validation.go for reuse by other components Label validation is common to anyone building kube resources.
2015-01-20 03:32:39 +00:00
allErrs = append(allErrs, ValidateLabels(service.Spec.Selector, "spec.selector")...)
Add initial validation of Service objects
2014-07-10 19:45:01 +00:00
}
Allow an empty service
2014-11-18 17:49:00 +00:00
Don't use pointers for session affinity
2014-12-29 22:39:09 +00:00
if service.Spec.SessionAffinity == "" {
Factor out API defaulting from validation logic Currently, the validation logic validates fields in an object and supply default values wherever applies. This change factors out defaulting to a set of defaulting callback functions for decoding (see #1502 for more discussion). * This change is based on pull request 2587. * Most defaulting has been migrated to defaults.go where the defaulting functions are added. * validation_test.go and converter_test.go have been adapted to not testing the default values. * Fixed all tests with that create invalid objects with the absence of defaulting logic.
2015-01-26 17:52:50 +00:00
allErrs = append(allErrs, errs.NewFieldRequired("spec.sessionAffinity", service.Spec.SessionAffinity))
Don't use pointers for session affinity
2014-12-29 22:39:09 +00:00
} else if !supportedSessionAffinityType.Has(string(service.Spec.SessionAffinity)) {
allErrs = append(allErrs, errs.NewFieldNotSupported("spec.sessionAffinity", service.Spec.SessionAffinity))
Updated types API to include session affinity. … - changed CLIENT-IP and NONE to be ClientIP and None respectively - updated conversions to support translating between api versions. - updated validations to validate session affinity type if specified.
2014-12-17 12:52:11 +00:00
}
All validations return ErrorList now
2014-08-16 20:48:48 +00:00
return allErrs
Add initial validation of Service objects
2014-07-10 19:45:01 +00:00
}
Extend validation for ReplicationController Provide type safe checks for empty sets of selectors.
2014-07-25 16:15:17 +00:00
Unify validation logic for create and update paths Ensure ObjectMeta is consistently validated on both create and update Make PortalIP uncleareable
2015-01-27 23:55:54 +00:00
// ValidateServiceUpdate tests if required fields in the service are set during an update
func ValidateServiceUpdate(oldService, service *api.Service) errs.ValidationErrorList {
allErrs := errs.ValidationErrorList{}
allErrs = append(allErrs, ValidateObjectMetaUpdate(&oldService.ObjectMeta, &service.ObjectMeta).Prefix("metadata")...)
// TODO: PortalIP should be a Status field, since the system can set a value != to the user's value
// PortalIP can only be set, not unset.
if oldService.Spec.PortalIP != "" && service.Spec.PortalIP != oldService.Spec.PortalIP {
allErrs = append(allErrs, errs.NewFieldInvalid("spec.portalIP", service.Spec.PortalIP, "field is immutable"))
}
return allErrs
}
Extend validation for ReplicationController Provide type safe checks for empty sets of selectors.
2014-07-25 16:15:17 +00:00
// ValidateReplicationController tests if required fields in the replication controller are set.
Rename api ErrorList for clarity
2014-10-24 16:43:14 +00:00
func ValidateReplicationController(controller *api.ReplicationController) errs.ValidationErrorList {
allErrs := errs.ValidationErrorList{}
Use name generation on pods via replication controllers The generated name is '<controllerName>-%s', unless controllerName- would be long enough to cause a validation error.
2015-01-28 04:50:01 +00:00
allErrs = append(allErrs, ValidateObjectMeta(&controller.ObjectMeta, true, ValidateReplicationControllerName).Prefix("metadata")...)
Update the validation logic to test PodTemplateSpec
2014-11-07 02:08:46 +00:00
allErrs = append(allErrs, ValidateReplicationControllerSpec(&controller.Spec).Prefix("spec")...)
Unify validation logic for create and update paths Ensure ObjectMeta is consistently validated on both create and update Make PortalIP uncleareable
2015-01-27 23:55:54 +00:00
return allErrs
}
// ValidateReplicationControllerUpdate tests if required fields in the replication controller are set.
func ValidateReplicationControllerUpdate(oldController, controller *api.ReplicationController) errs.ValidationErrorList {
allErrs := errs.ValidationErrorList{}
allErrs = append(allErrs, ValidateObjectMetaUpdate(&oldController.ObjectMeta, &controller.ObjectMeta).Prefix("metadata")...)
allErrs = append(allErrs, ValidateReplicationControllerSpec(&controller.Spec).Prefix("spec")...)
Expose validation method for ReplicationControllerState
2014-09-16 16:54:38 +00:00
return allErrs
}
Update the validation logic to test PodTemplateSpec
2014-11-07 02:08:46 +00:00
// ValidateReplicationControllerSpec tests if required fields in the replication controller spec are set.
func ValidateReplicationControllerSpec(spec *api.ReplicationControllerSpec) errs.ValidationErrorList {
Rename api ErrorList for clarity
2014-10-24 16:43:14 +00:00
allErrs := errs.ValidationErrorList{}
Update the validation logic to test PodTemplateSpec
2014-11-07 02:08:46 +00:00
selector := labels.Set(spec.Selector).AsSelector()
if selector.Empty() {
allErrs = append(allErrs, errs.NewFieldRequired("selector", spec.Selector))
Extend validation for ReplicationController Provide type safe checks for empty sets of selectors.
2014-07-25 16:15:17 +00:00
}
Update the validation logic to test PodTemplateSpec
2014-11-07 02:08:46 +00:00
if spec.Replicas < 0 {
Add a Detail field to Validation Error
2014-11-20 22:24:10 +00:00
allErrs = append(allErrs, errs.NewFieldInvalid("replicas", spec.Replicas, ""))
Add a validation that replicaSelector matches PodTemplate.Labels
2014-08-22 00:02:39 +00:00
}
Update the validation logic to test PodTemplateSpec
2014-11-07 02:08:46 +00:00
if spec.Template == nil {
allErrs = append(allErrs, errs.NewFieldRequired("template", spec.Template))
} else {
labels := labels.Set(spec.Template.Labels)
if !selector.Matches(labels) {
Add a Detail field to Validation Error
2014-11-20 22:24:10 +00:00
allErrs = append(allErrs, errs.NewFieldInvalid("template.labels", spec.Template.Labels, "selector does not match template"))
Update the validation logic to test PodTemplateSpec
2014-11-07 02:08:46 +00:00
}
Adjust replication controller validation to be more flexible about read/write volumes. Update docs to reflect reality as it is implemented.
2015-02-05 04:55:16 +00:00
allErrs = append(allErrs, ValidatePodTemplateSpec(spec.Template, spec.Replicas).Prefix("template")...)
Add a Detail field to Validation Error
2014-11-20 22:24:10 +00:00
// RestartPolicy has already been first-order validated as per ValidatePodTemplateSpec().
if spec.Template.Spec.RestartPolicy.Always == nil {
// TODO: should probably be Unsupported
// TODO: api.RestartPolicy should have a String() method for nicer printing
allErrs = append(allErrs, errs.NewFieldInvalid("template.restartPolicy", spec.Template.Spec.RestartPolicy, "must be Always"))
Add pod restart policy validation for replication controller.
2014-11-18 04:08:23 +00:00
}
Validate on replicas being non-negative
2014-08-04 19:02:51 +00:00
}
Adds support for attaching GCEPersitentDisks Adds GCEPersistentDisk volume struct Adds gce-utils to attach disk to kubelet's VM. Updates config to give compute-rw to every minion. Adds GCEPersistentDisk to API Adds ability to mount attached disks Generalizes PD and adds tests. PD now uses an pluggable API interface. Unit Tests more cleanly separates TearDown and SetUp Modify boilerplate hook to omit build tags Adds Mounter interface; mount is now built by OS TearDown() for PD now detaches disk on final refcount Un-generalized PD; GCE calls moved to cloudprovider Address comments.
2014-08-05 17:58:43 +00:00
return allErrs
}
Update the validation logic to test PodTemplateSpec
2014-11-07 02:08:46 +00:00
// ValidatePodTemplateSpec validates the spec of a pod template
Adjust replication controller validation to be more flexible about read/write volumes. Update docs to reflect reality as it is implemented.
2015-02-05 04:55:16 +00:00
func ValidatePodTemplateSpec(spec *api.PodTemplateSpec, replicas int) errs.ValidationErrorList {
Update the validation logic to test PodTemplateSpec
2014-11-07 02:08:46 +00:00
allErrs := errs.ValidationErrorList{}
Expose ValidateLabels in validation.go for reuse by other components Label validation is common to anyone building kube resources.
2015-01-20 03:32:39 +00:00
allErrs = append(allErrs, ValidateLabels(spec.Labels, "labels")...)
Slightly relax annotation validation The more aggressive validation on annotations broke openshift (and backwards compat for our data). This change relaxes to allow mixed case so we can continue working in the short term, try to see if we can agree on relaxation, and if we can't, apply the stronger validation here.
2015-02-02 00:03:04 +00:00
allErrs = append(allErrs, ValidateAnnotations(spec.Annotations, "annotations")...)
Update the validation logic to test PodTemplateSpec
2014-11-07 02:08:46 +00:00
allErrs = append(allErrs, ValidatePodSpec(&spec.Spec).Prefix("spec")...)
Adjust replication controller validation to be more flexible about read/write volumes. Update docs to reflect reality as it is implemented.
2015-02-05 04:55:16 +00:00
if replicas > 1 {
allErrs = append(allErrs, ValidateReadOnlyPersistentDisks(spec.Spec.Volumes).Prefix("spec.volumes")...)
}
Update the validation logic to test PodTemplateSpec
2014-11-07 02:08:46 +00:00
return allErrs
}
Rename api ErrorList for clarity
2014-10-24 16:43:14 +00:00
func ValidateReadOnlyPersistentDisks(volumes []api.Volume) errs.ValidationErrorList {
allErrs := errs.ValidationErrorList{}
Adds support for attaching GCEPersitentDisks Adds GCEPersistentDisk volume struct Adds gce-utils to attach disk to kubelet's VM. Updates config to give compute-rw to every minion. Adds GCEPersistentDisk to API Adds ability to mount attached disks Generalizes PD and adds tests. PD now uses an pluggable API interface. Unit Tests more cleanly separates TearDown and SetUp Modify boilerplate hook to omit build tags Adds Mounter interface; mount is now built by OS TearDown() for PD now detaches disk on final refcount Un-generalized PD; GCE calls moved to cloudprovider Address comments.
2014-08-05 17:58:43 +00:00
for _, vol := range volumes {
if vol.Source.GCEPersistentDisk != nil {
if vol.Source.GCEPersistentDisk.ReadOnly == false {
Adjust replication controller validation to be more flexible about read/write volumes. Update docs to reflect reality as it is implemented.
2015-02-05 04:55:16 +00:00
allErrs = append(allErrs, errs.NewFieldInvalid("GCEPersistentDisk.ReadOnly", false, "ReadOnly must be true for replicated pods > 1, as GCE PD can only be mounted on multiple machines if it is read-only."))
Adds support for attaching GCEPersitentDisks Adds GCEPersistentDisk volume struct Adds gce-utils to attach disk to kubelet's VM. Updates config to give compute-rw to every minion. Adds GCEPersistentDisk to API Adds ability to mount attached disks Generalizes PD and adds tests. PD now uses an pluggable API interface. Unit Tests more cleanly separates TearDown and SetUp Modify boilerplate hook to omit build tags Adds Mounter interface; mount is now built by OS TearDown() for PD now detaches disk on final refcount Un-generalized PD; GCE calls moved to cloudprovider Address comments.
2014-08-05 17:58:43 +00:00
}
}
}
All validations return ErrorList now
2014-08-16 20:48:48 +00:00
return allErrs
Extend validation for ReplicationController Provide type safe checks for empty sets of selectors.
2014-07-25 16:15:17 +00:00
}
Read BoundPods from etcd instead of ContainerManifestList There are three values that uniquely identify a pod on a host - the configuration source (etcd, file, http), the pod name, and the pod namespace. This change ensures that configuration properly makes those names unique by changing podFullName to contain both name (currently ID in v1beta1, Name in v1beta3) and namespace. The Kubelet does not properly handle information requests for pods not in the default namespace at this time.
2014-10-08 19:56:02 +00:00
// ValidateBoundPod tests if required fields on a bound pod are set.
Unify validation logic for create and update paths Ensure ObjectMeta is consistently validated on both create and update Make PortalIP uncleareable
2015-01-27 23:55:54 +00:00
// TODO: to be removed.
Fix validation for BoundPods to allow defaults Thunking to Manifest makes a copy of the input, which is not useful for defaulting.
2015-01-06 05:42:28 +00:00
func ValidateBoundPod(pod *api.BoundPod) errs.ValidationErrorList {
allErrs := errs.ValidationErrorList{}
if len(pod.Name) == 0 {
allErrs = append(allErrs, errs.NewFieldRequired("name", pod.Name))
Unify validation logic for create and update paths Ensure ObjectMeta is consistently validated on both create and update Make PortalIP uncleareable
2015-01-27 23:55:54 +00:00
} else {
Add name generation and normalize common create flows Adds `ObjectMeta.GenerateName`, an optional string field that defines name generation behavior if a Name is not provided. Adds `pkg/api/rest`, which defines the default Kubernetes API pattern for creation (and will cover update as well). Will allow registries and REST objects to be merged by moving logic on api out of those places. Add `pkg/api/rest/resttest`, which will be the test suite that verifies a RESTStorage object follows the Kubernetes API conventions and begin reducing our duplicated tests.
2015-01-27 23:56:38 +00:00
if ok, qualifier := nameIsDNSSubdomain(pod.Name, false); !ok {
Unify validation logic for create and update paths Ensure ObjectMeta is consistently validated on both create and update Make PortalIP uncleareable
2015-01-27 23:55:54 +00:00
allErrs = append(allErrs, errs.NewFieldInvalid("name", pod.Name, qualifier))
}
Read BoundPods from etcd instead of ContainerManifestList There are three values that uniquely identify a pod on a host - the configuration source (etcd, file, http), the pod name, and the pod namespace. This change ensures that configuration properly makes those names unique by changing podFullName to contain both name (currently ID in v1beta1, Name in v1beta3) and namespace. The Kubelet does not properly handle information requests for pods not in the default namespace at this time.
2014-10-08 19:56:02 +00:00
}
Fix wrong field check in validation
2015-01-10 04:30:50 +00:00
if len(pod.Namespace) == 0 {
Fix validation for BoundPods to allow defaults Thunking to Manifest makes a copy of the input, which is not useful for defaulting.
2015-01-06 05:42:28 +00:00
allErrs = append(allErrs, errs.NewFieldRequired("namespace", pod.Namespace))
} else if !util.IsDNSSubdomain(pod.Namespace) {
allErrs = append(allErrs, errs.NewFieldInvalid("namespace", pod.Namespace, ""))
Read BoundPods from etcd instead of ContainerManifestList There are three values that uniquely identify a pod on a host - the configuration source (etcd, file, http), the pod name, and the pod namespace. This change ensures that configuration properly makes those names unique by changing podFullName to contain both name (currently ID in v1beta1, Name in v1beta3) and namespace. The Kubelet does not properly handle information requests for pods not in the default namespace at this time.
2014-10-08 19:56:02 +00:00
}
Fix validation for BoundPods to allow defaults Thunking to Manifest makes a copy of the input, which is not useful for defaulting.
2015-01-06 05:42:28 +00:00
allErrs = append(allErrs, ValidatePodSpec(&pod.Spec).Prefix("spec")...)
return allErrs
Read BoundPods from etcd instead of ContainerManifestList There are three values that uniquely identify a pod on a host - the configuration source (etcd, file, http), the pod name, and the pod namespace. This change ensures that configuration properly makes those names unique by changing podFullName to contain both name (currently ID in v1beta1, Name in v1beta3) and namespace. The Kubelet does not properly handle information requests for pods not in the default namespace at this time.
2014-10-08 19:56:02 +00:00
}
Centralize minion validation
2014-11-12 17:38:15 +00:00
Unify validation logic for create and update paths Ensure ObjectMeta is consistently validated on both create and update Make PortalIP uncleareable
2015-01-27 23:55:54 +00:00
// ValidateMinion tests if required fields in the node are set.
func ValidateMinion(node *api.Node) errs.ValidationErrorList {
Centralize minion validation
2014-11-12 17:38:15 +00:00
allErrs := errs.ValidationErrorList{}
Use name generation on pods via replication controllers The generated name is '<controllerName>-%s', unless controllerName- would be long enough to cause a validation error.
2015-01-28 04:50:01 +00:00
allErrs = append(allErrs, ValidateObjectMeta(&node.ObjectMeta, false, ValidateNodeName).Prefix("metadata")...)
Centralize minion validation
2014-11-12 17:38:15 +00:00
return allErrs
}
Add more validation for updating node.
2014-11-17 18:22:27 +00:00
// ValidateMinionUpdate tests to make sure a minion update can be applied. Modifies oldMinion.
Internal rename api.Minion -> api.Node
2014-12-08 03:44:27 +00:00
func ValidateMinionUpdate(oldMinion *api.Node, minion *api.Node) errs.ValidationErrorList {
Add more validation for updating node.
2014-11-17 18:22:27 +00:00
allErrs := errs.ValidationErrorList{}
Unify validation logic for create and update paths Ensure ObjectMeta is consistently validated on both create and update Make PortalIP uncleareable
2015-01-27 23:55:54 +00:00
allErrs = append(allErrs, ValidateObjectMetaUpdate(&oldMinion.ObjectMeta, &minion.ObjectMeta).Prefix("metadata")...)
Make it easier to update nodes, make it possible to update capacity.
2014-12-12 05:39:56 +00:00
Sync node status from node controller to master.
2015-01-16 22:28:20 +00:00
// TODO: Enable the code once we have better api object.status update model. Currently,
// anyone can update node status.
// if !api.Semantic.DeepEqual(minion.Status, api.NodeStatus{}) {
// allErrs = append(allErrs, errs.NewFieldInvalid("status", minion.Status, "status must be empty"))
// }
Make it easier to update nodes, make it possible to update capacity.
2014-12-12 05:39:56 +00:00
Unify validation logic for create and update paths Ensure ObjectMeta is consistently validated on both create and update Make PortalIP uncleareable
2015-01-27 23:55:54 +00:00
// TODO: move reset function to its own location
// Ignore metadata changes now that they have been tested
oldMinion.ObjectMeta = minion.ObjectMeta
// Allow users to update capacity
Make it easier to update nodes, make it possible to update capacity.
2014-12-12 05:39:56 +00:00
oldMinion.Spec.Capacity = minion.Spec.Capacity
Clear node status before the validation check.
2014-12-22 19:04:57 +00:00
// Clear status
oldMinion.Status = minion.Status
Make it easier to update nodes, make it possible to update capacity.
2014-12-12 05:39:56 +00:00
Make semantic deep equal public feature * Use semantic deep equal when validating * More test cases for deep equal
2015-01-05 21:38:39 +00:00
if !api.Semantic.DeepEqual(oldMinion, minion) {
Make it easier to update nodes, make it possible to update capacity.
2014-12-12 05:39:56 +00:00
glog.V(4).Infof("Update failed validation %#v vs %#v", oldMinion, minion)
allErrs = append(allErrs, fmt.Errorf("update contains more than labels or capacity changes"))
Add more validation for updating node.
2014-11-17 18:22:27 +00:00
}
Unify validation logic for create and update paths Ensure ObjectMeta is consistently validated on both create and update Make PortalIP uncleareable
2015-01-27 23:55:54 +00:00
// TODO: validate Spec.Capacity
Add more validation for updating node.
2014-11-17 18:22:27 +00:00
return allErrs
}
Adding a 'Typename' strongtype for representing all compute resource types.
2015-01-17 00:34:47 +00:00
Adding ResourceRequirementSpec to v1beta1, v1beta2, and v1beta3 APIs. The old resource quantities 'CPU' and 'Memory' will be preserved until support for v1beta1 and v1beta2 APIs are dropped. Improved resource validation in the process.
2015-01-25 04:19:36 +00:00
// Validate compute resource typename.
Adding a 'Typename' strongtype for representing all compute resource types.
2015-01-17 00:34:47 +00:00
// Refer to docs/resources.md for more details.
Adding ResourceRequirementSpec to v1beta1, v1beta2, and v1beta3 APIs. The old resource quantities 'CPU' and 'Memory' will be preserved until support for v1beta1 and v1beta2 APIs are dropped. Improved resource validation in the process.
2015-01-25 04:19:36 +00:00
func validateResourceName(str string) errs.ValidationErrorList {
Adding a 'Typename' strongtype for representing all compute resource types.
2015-01-17 00:34:47 +00:00
if !util.IsQualifiedName(str) {
return errs.ValidationErrorList{fmt.Errorf("invalid compute resource typename format %q", str)}
}
Adding ResourceRequirementSpec to v1beta1, v1beta2, and v1beta3 APIs. The old resource quantities 'CPU' and 'Memory' will be preserved until support for v1beta1 and v1beta2 APIs are dropped. Improved resource validation in the process.
2015-01-25 04:19:36 +00:00
if len(strings.Split(str, "/")) == 1 {
if !api.IsStandardResourceName(str) {
Adding a 'Typename' strongtype for representing all compute resource types.
2015-01-17 00:34:47 +00:00
return errs.ValidationErrorList{fmt.Errorf("invalid compute resource typename. %q is neither a standard resource type nor is fully qualified", str)}
}
}
return errs.ValidationErrorList{}
}
Add a limit range resource
2015-01-22 21:52:40 +00:00
// ValidateLimitRange tests if required fields in the LimitRange are set.
func ValidateLimitRange(limitRange *api.LimitRange) errs.ValidationErrorList {
allErrs := errs.ValidationErrorList{}
if len(limitRange.Name) == 0 {
allErrs = append(allErrs, errs.NewFieldRequired("name", limitRange.Name))
} else if !util.IsDNSSubdomain(limitRange.Name) {
allErrs = append(allErrs, errs.NewFieldInvalid("name", limitRange.Name, ""))
}
if len(limitRange.Namespace) == 0 {
allErrs = append(allErrs, errs.NewFieldRequired("namespace", limitRange.Namespace))
} else if !util.IsDNSSubdomain(limitRange.Namespace) {
allErrs = append(allErrs, errs.NewFieldInvalid("namespace", limitRange.Namespace, ""))
}
// ensure resource names are properly qualified per docs/resources.md
for i := range limitRange.Spec.Limits {
limit := limitRange.Spec.Limits[i]
Validate limit.Min and limit.Max resource names using ValidateResourceName
2015-01-24 15:47:07 +00:00
for k := range limit.Max {
Adding ResourceRequirementSpec to v1beta1, v1beta2, and v1beta3 APIs. The old resource quantities 'CPU' and 'Memory' will be preserved until support for v1beta1 and v1beta2 APIs are dropped. Improved resource validation in the process.
2015-01-25 04:19:36 +00:00
allErrs = append(allErrs, validateResourceName(string(k))...)
Add a limit range resource
2015-01-22 21:52:40 +00:00
}
Validate limit.Min and limit.Max resource names using ValidateResourceName
2015-01-24 15:47:07 +00:00
for k := range limit.Min {
Adding ResourceRequirementSpec to v1beta1, v1beta2, and v1beta3 APIs. The old resource quantities 'CPU' and 'Memory' will be preserved until support for v1beta1 and v1beta2 APIs are dropped. Improved resource validation in the process.
2015-01-25 04:19:36 +00:00
allErrs = append(allErrs, validateResourceName(string(k))...)
}
}
return allErrs
}
func validateBasicResource(quantity resource.Quantity) errs.ValidationErrorList {
if quantity.Value() < 0 {
return errs.ValidationErrorList{fmt.Errorf("%v is not a valid resource quantity", quantity.Value())}
}
return errs.ValidationErrorList{}
}
// Validates resource requirement spec.
func validateResourceRequirements(container *api.Container) errs.ValidationErrorList {
allErrs := errs.ValidationErrorList{}
for resourceName, quantity := range container.Resources.Limits {
// Validate resource name.
errs := validateResourceName(resourceName.String())
if api.IsStandardResourceName(resourceName.String()) {
errs = append(errs, validateBasicResource(quantity).Prefix(fmt.Sprintf("Resource %s: ", resourceName))...)
Add a limit range resource
2015-01-22 21:52:40 +00:00
}
Adding ResourceRequirementSpec to v1beta1, v1beta2, and v1beta3 APIs. The old resource quantities 'CPU' and 'Memory' will be preserved until support for v1beta1 and v1beta2 APIs are dropped. Improved resource validation in the process.
2015-01-25 04:19:36 +00:00
allErrs = append(allErrs, errs...)
Add a limit range resource
2015-01-22 21:52:40 +00:00
}
Adding ResourceRequirementSpec to v1beta1, v1beta2, and v1beta3 APIs. The old resource quantities 'CPU' and 'Memory' will be preserved until support for v1beta1 and v1beta2 APIs are dropped. Improved resource validation in the process.
2015-01-25 04:19:36 +00:00
Add a limit range resource
2015-01-22 21:52:40 +00:00
return allErrs
}
Introduce a ResourceQuota object
2015-01-23 17:38:30 +00:00
// ValidateResourceQuota tests if required fields in the ResourceQuota are set.
func ValidateResourceQuota(resourceQuota *api.ResourceQuota) errs.ValidationErrorList {
allErrs := errs.ValidationErrorList{}
if len(resourceQuota.Name) == 0 {
allErrs = append(allErrs, errs.NewFieldRequired("name", resourceQuota.Name))
} else if !util.IsDNSSubdomain(resourceQuota.Name) {
allErrs = append(allErrs, errs.NewFieldInvalid("name", resourceQuota.Name, ""))
}
if len(resourceQuota.Namespace) == 0 {
allErrs = append(allErrs, errs.NewFieldRequired("namespace", resourceQuota.Namespace))
} else if !util.IsDNSSubdomain(resourceQuota.Namespace) {
allErrs = append(allErrs, errs.NewFieldInvalid("namespace", resourceQuota.Namespace, ""))
}
for k := range resourceQuota.Spec.Hard {
Adding ResourceRequirementSpec to v1beta1, v1beta2, and v1beta3 APIs. The old resource quantities 'CPU' and 'Memory' will be preserved until support for v1beta1 and v1beta2 APIs are dropped. Improved resource validation in the process.
2015-01-25 04:19:36 +00:00
allErrs = append(allErrs, validateResourceName(string(k))...)
Introduce a ResourceQuota object
2015-01-23 17:38:30 +00:00
}
for k := range resourceQuota.Status.Hard {
Adding ResourceRequirementSpec to v1beta1, v1beta2, and v1beta3 APIs. The old resource quantities 'CPU' and 'Memory' will be preserved until support for v1beta1 and v1beta2 APIs are dropped. Improved resource validation in the process.
2015-01-25 04:19:36 +00:00
allErrs = append(allErrs, validateResourceName(string(k))...)
Introduce a ResourceQuota object
2015-01-23 17:38:30 +00:00
}
for k := range resourceQuota.Status.Used {
Adding ResourceRequirementSpec to v1beta1, v1beta2, and v1beta3 APIs. The old resource quantities 'CPU' and 'Memory' will be preserved until support for v1beta1 and v1beta2 APIs are dropped. Improved resource validation in the process.
2015-01-25 04:19:36 +00:00
allErrs = append(allErrs, validateResourceName(string(k))...)
Introduce a ResourceQuota object
2015-01-23 17:38:30 +00:00
}
return allErrs
}