forked from openshift/origin
-
Notifications
You must be signed in to change notification settings - Fork 0
/
etcd.go
88 lines (73 loc) · 3.53 KB
/
etcd.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
package validation
import (
"fmt"
"strings"
"github.com/openshift/origin/pkg/cmd/server/api"
"k8s.io/kubernetes/pkg/util/sets"
"k8s.io/kubernetes/pkg/util/validation/field"
)
// ValidateEtcdConnectionInfo validates the connection info. If a server EtcdConfig is provided,
// it ensures the connection info includes a URL for it, and has a client cert/key if the server requires
// client certificate authentication
func ValidateEtcdConnectionInfo(config api.EtcdConnectionInfo, server *api.EtcdConfig, fldPath *field.Path) field.ErrorList {
allErrs := field.ErrorList{}
if len(config.URLs) == 0 {
allErrs = append(allErrs, field.Required(fldPath.Child("urls"), ""))
}
for i, u := range config.URLs {
_, urlErrs := ValidateURL(u, fldPath.Child("urls").Index(i))
if len(urlErrs) > 0 {
allErrs = append(allErrs, urlErrs...)
}
}
if len(config.CA) > 0 {
allErrs = append(allErrs, ValidateFile(config.CA, fldPath.Child("ca"))...)
}
allErrs = append(allErrs, ValidateCertInfo(config.ClientCert, false, fldPath)...)
// If we have server config info, make sure the client connection info will work with it
if server != nil {
var builtInAddress string
if api.UseTLS(server.ServingInfo) {
builtInAddress = fmt.Sprintf("https://%s", server.Address)
} else {
builtInAddress = fmt.Sprintf("http://%s", server.Address)
}
// Require a client cert to connect to an etcd that requires client certs
if len(server.ServingInfo.ClientCA) > 0 {
if len(config.ClientCert.CertFile) == 0 {
allErrs = append(allErrs, field.Required(fldPath.Child("certFile"), ""))
}
}
// Require the etcdClientInfo to include the address of the internal etcd
clientURLs := sets.NewString(config.URLs...)
if !clientURLs.Has(builtInAddress) {
allErrs = append(allErrs, field.Invalid(fldPath.Child("urls"), strings.Join(clientURLs.List(), ","), fmt.Sprintf("must include the etcd address %s", builtInAddress)))
}
}
return allErrs
}
func ValidateEtcdConfig(config *api.EtcdConfig, fldPath *field.Path) ValidationResults {
validationResults := ValidationResults{}
servingInfoPath := fldPath.Child("servingInfo")
validationResults.Append(ValidateServingInfo(config.ServingInfo, servingInfoPath))
if config.ServingInfo.BindNetwork == "tcp6" {
validationResults.AddErrors(field.Invalid(servingInfoPath.Child("bindNetwork"), config.ServingInfo.BindNetwork, "tcp6 is not a valid bindNetwork for etcd, must be tcp or tcp4"))
}
if len(config.ServingInfo.NamedCertificates) > 0 {
validationResults.AddErrors(field.Invalid(servingInfoPath.Child("namedCertificates"), "<not shown>", "namedCertificates are not supported for etcd"))
}
peerServingInfoPath := fldPath.Child("peerServingInfo")
validationResults.Append(ValidateServingInfo(config.PeerServingInfo, peerServingInfoPath))
if config.ServingInfo.BindNetwork == "tcp6" {
validationResults.AddErrors(field.Invalid(peerServingInfoPath.Child("bindNetwork"), config.ServingInfo.BindNetwork, "tcp6 is not a valid bindNetwork for etcd peers, must be tcp or tcp4"))
}
if len(config.ServingInfo.NamedCertificates) > 0 {
validationResults.AddErrors(field.Invalid(peerServingInfoPath.Child("namedCertificates"), "<not shown>", "namedCertificates are not supported for etcd"))
}
validationResults.AddErrors(ValidateHostPort(config.Address, fldPath.Child("address"))...)
validationResults.AddErrors(ValidateHostPort(config.PeerAddress, fldPath.Child("peerAddress"))...)
if len(config.StorageDir) == 0 {
validationResults.AddErrors(field.Required(fldPath.Child("storageDirectory"), ""))
}
return validationResults
}