forked from openshift/origin
-
Notifications
You must be signed in to change notification settings - Fork 0
/
validation.go
116 lines (96 loc) · 4.39 KB
/
validation.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
package validation
import (
"reflect"
"strings"
"k8s.io/apimachinery/pkg/api/validation/path"
"k8s.io/apimachinery/pkg/util/validation/field"
"k8s.io/kubernetes/pkg/api/validation"
oapi "github.com/openshift/origin/pkg/api"
projectapi "github.com/openshift/origin/pkg/project/apis/project"
"github.com/openshift/origin/pkg/util/labelselector"
)
func ValidateProjectName(name string, prefix bool) []string {
if reasons := path.ValidatePathSegmentName(name, prefix); len(reasons) != 0 {
return reasons
}
if len(name) < 2 {
return []string{"must be at least 2 characters long"}
}
if reasons := validation.ValidateNamespaceName(name, false); len(reasons) != 0 {
return reasons
}
return nil
}
// ValidateProject tests required fields for a Project.
// This should only be called when creating a project (not on update),
// since its name validation is more restrictive than default namespace name validation
func ValidateProject(project *projectapi.Project) field.ErrorList {
result := validation.ValidateObjectMeta(&project.ObjectMeta, false, ValidateProjectName, field.NewPath("metadata"))
if !validateNoNewLineOrTab(project.Annotations[oapi.OpenShiftDisplayName]) {
result = append(result, field.Invalid(field.NewPath("metadata", "annotations").Key(oapi.OpenShiftDisplayName),
project.Annotations[oapi.OpenShiftDisplayName], "may not contain a new line or tab"))
}
result = append(result, validateNodeSelector(project)...)
return result
}
// validateNoNewLineOrTab ensures a string has no new-line or tab
func validateNoNewLineOrTab(s string) bool {
return !(strings.Contains(s, "\n") || strings.Contains(s, "\t"))
}
// ValidateProjectUpdate tests to make sure a project update can be applied. Modifies newProject with immutable fields.
func ValidateProjectUpdate(newProject *projectapi.Project, oldProject *projectapi.Project) field.ErrorList {
allErrs := validation.ValidateObjectMetaUpdate(&newProject.ObjectMeta, &oldProject.ObjectMeta, field.NewPath("metadata"))
allErrs = append(allErrs, ValidateProject(newProject)...)
if !reflect.DeepEqual(newProject.Spec.Finalizers, oldProject.Spec.Finalizers) {
allErrs = append(allErrs, field.Invalid(field.NewPath("spec", "finalizers"), oldProject.Spec.Finalizers, "field is immutable"))
}
if !reflect.DeepEqual(newProject.Status, oldProject.Status) {
allErrs = append(allErrs, field.Invalid(field.NewPath("status"), oldProject.Spec.Finalizers, "field is immutable"))
}
// TODO this restriction exists because our authorizer/admission cannot properly express and restrict mutation on the field level.
for name, value := range newProject.Annotations {
if name == oapi.OpenShiftDisplayName || name == oapi.OpenShiftDescription {
continue
}
if value != oldProject.Annotations[name] {
allErrs = append(allErrs, field.Invalid(field.NewPath("metadata", "annotations").Key(name), value, "field is immutable, try updating the namespace"))
}
}
// check for deletions
for name, value := range oldProject.Annotations {
if name == oapi.OpenShiftDisplayName || name == oapi.OpenShiftDescription {
continue
}
if _, inNew := newProject.Annotations[name]; !inNew {
allErrs = append(allErrs, field.Invalid(field.NewPath("metadata", "annotations").Key(name), value, "field is immutable, try updating the namespace"))
}
}
for name, value := range newProject.Labels {
if value != oldProject.Labels[name] {
allErrs = append(allErrs, field.Invalid(field.NewPath("metadata", "labels").Key(name), value, "field is immutable, , try updating the namespace"))
}
}
for name, value := range oldProject.Labels {
if _, inNew := newProject.Labels[name]; !inNew {
allErrs = append(allErrs, field.Invalid(field.NewPath("metadata", "labels").Key(name), value, "field is immutable, try updating the namespace"))
}
}
return allErrs
}
func ValidateProjectRequest(request *projectapi.ProjectRequest) field.ErrorList {
project := &projectapi.Project{}
project.ObjectMeta = request.ObjectMeta
return ValidateProject(project)
}
func validateNodeSelector(p *projectapi.Project) field.ErrorList {
allErrs := field.ErrorList{}
if len(p.Annotations) > 0 {
if selector, ok := p.Annotations[projectapi.ProjectNodeSelector]; ok {
if _, err := labelselector.Parse(selector); err != nil {
allErrs = append(allErrs, field.Invalid(field.NewPath("nodeSelector"),
p.Annotations[projectapi.ProjectNodeSelector], "must be a valid label selector"))
}
}
}
return allErrs
}