github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Active deadline seconds validation improvements

pull/6/head
Derek Carr 2017-05-30 14:57:06 -04:00
parent 657c01c695
commit 9d412210e9
2 changed files with 40 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
pkg/api/validation/validation.go
View File

@ -29,6 +29,8 @@ import (
"github.com/golang/glog" "github.com/golang/glog"
"math"
apiequality "k8s.io/apimachinery/pkg/api/equality" apiequality "k8s.io/apimachinery/pkg/api/equality"
"k8s.io/apimachinery/pkg/api/resource" "k8s.io/apimachinery/pkg/api/resource"
apimachineryvalidation "k8s.io/apimachinery/pkg/api/validation" apimachineryvalidation "k8s.io/apimachinery/pkg/api/validation"
@ -2188,8 +2190,11 @@ func ValidatePodSpec(spec *api.PodSpec, fldPath *field.Path) field.ErrorList {
} }
if spec.ActiveDeadlineSeconds != nil { if spec.ActiveDeadlineSeconds != nil {
if *spec.ActiveDeadlineSeconds <= 0 { if spec.ActiveDeadlineSeconds != nil {
allErrs = append(allErrs, field.Invalid(fldPath.Child("activeDeadlineSeconds"), spec.ActiveDeadlineSeconds, "must be greater than 0")) value := *spec.ActiveDeadlineSeconds
if value < 1 || value > math.MaxUint32 {
allErrs = append(allErrs, field.Invalid(fldPath.Child("activeDeadlineSeconds"), value, validation.InclusiveRangeError(1, math.MaxUint32)))
}
} }
} }
@ -2575,8 +2580,8 @@ func ValidatePodUpdate(newPod, oldPod *api.Pod) field.ErrorList {
// 2. from a positive value to a lesser, non-negative value // 2. from a positive value to a lesser, non-negative value
if newPod.Spec.ActiveDeadlineSeconds != nil { if newPod.Spec.ActiveDeadlineSeconds != nil {
newActiveDeadlineSeconds := *newPod.Spec.ActiveDeadlineSeconds newActiveDeadlineSeconds := *newPod.Spec.ActiveDeadlineSeconds
if newActiveDeadlineSeconds < 0 { if newActiveDeadlineSeconds < 0 || newActiveDeadlineSeconds > math.MaxUint32 {
allErrs = append(allErrs, field.Invalid(specPath.Child("activeDeadlineSeconds"), newActiveDeadlineSeconds, isNegativeErrorMsg)) allErrs = append(allErrs, field.Invalid(specPath.Child("activeDeadlineSeconds"), newActiveDeadlineSeconds, validation.InclusiveRangeError(0, math.MaxUint32)))
return allErrs return allErrs
} }
if oldPod.Spec.ActiveDeadlineSeconds != nil { if oldPod.Spec.ActiveDeadlineSeconds != nil {

31
pkg/api/validation/validation_test.go
View File

@ -17,6 +17,7 @@ limitations under the License.
package validation package validation
import ( import (
"math"
"reflect" "reflect"
"strings" "strings"
"testing" "testing"
@ -3350,6 +3351,7 @@ func TestValidateDNSPolicy(t *testing.T) {
func TestValidatePodSpec(t *testing.T) { func TestValidatePodSpec(t *testing.T) {
activeDeadlineSeconds := int64(30) activeDeadlineSeconds := int64(30)
activeDeadlineSecondsMax := int64(math.MaxUint32)
minUserID := types.UnixUserID(0) minUserID := types.UnixUserID(0)
maxUserID := types.UnixUserID(2147483647) maxUserID := types.UnixUserID(2147483647)
@ -3378,6 +3380,21 @@ func TestValidatePodSpec(t *testing.T) {
ActiveDeadlineSeconds: &activeDeadlineSeconds, ActiveDeadlineSeconds: &activeDeadlineSeconds,
ServiceAccountName: "acct", ServiceAccountName: "acct",
}, },
{ // Populate all fields with larger active deadline.
Volumes: []api.Volume{
{Name: "vol", VolumeSource: api.VolumeSource{EmptyDir: &api.EmptyDirVolumeSource{}}},
},
Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File"}},
InitContainers: []api.Container{{Name: "ictr", Image: "iimage", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File"}},
RestartPolicy: api.RestartPolicyAlways,
NodeSelector: map[string]string{
"key": "value",
},
NodeName: "foobar",
DNSPolicy: api.DNSClusterFirst,
ActiveDeadlineSeconds: &activeDeadlineSecondsMax,
ServiceAccountName: "acct",
},
{ // Populate HostNetwork. { // Populate HostNetwork.
Containers: []api.Container{ Containers: []api.Container{
{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File", {Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File",
@ -3450,6 +3467,7 @@ func TestValidatePodSpec(t *testing.T) {
} }
activeDeadlineSeconds = int64(0) activeDeadlineSeconds = int64(0)
activeDeadlineSecondsTooLarge := int64(math.MaxUint32 + 1)
minUserID = types.UnixUserID(-1) minUserID = types.UnixUserID(-1)
maxUserID = types.UnixUserID(2147483648) maxUserID = types.UnixUserID(2147483648)
@ -3591,6 +3609,19 @@ func TestValidatePodSpec(t *testing.T) {
DNSPolicy: api.DNSClusterFirst, DNSPolicy: api.DNSClusterFirst,
ActiveDeadlineSeconds: &activeDeadlineSeconds, ActiveDeadlineSeconds: &activeDeadlineSeconds,
}, },
"active-deadline-seconds-too-large": {
Volumes: []api.Volume{
{Name: "vol", VolumeSource: api.VolumeSource{EmptyDir: &api.EmptyDirVolumeSource{}}},
},
Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File"}},
RestartPolicy: api.RestartPolicyAlways,
NodeSelector: map[string]string{
"key": "value",
},
NodeName: "foobar",
DNSPolicy: api.DNSClusterFirst,
ActiveDeadlineSeconds: &activeDeadlineSecondsTooLarge,
},
"bad nodeName": { "bad nodeName": {
NodeName: "node name", NodeName: "node name",
Volumes: []api.Volume{{Name: "vol", VolumeSource: api.VolumeSource{EmptyDir: &api.EmptyDirVolumeSource{}}}}, Volumes: []api.Volume{{Name: "vol", VolumeSource: api.VolumeSource{EmptyDir: &api.EmptyDirVolumeSource{}}}},