a4fadc596b
Now that we have most of the services required for use with containerd, it was found that common patterns were used throughout services. By defining a central `errdefs` package, we ensure that services will map errors to and from grpc consistently and cleanly. One can decorate an error with as much context as necessary, using `pkg/errors` and still have the error mapped correctly via grpc. We make a few sacrifices. At this point, the common errors we use across the repository all map directly to grpc error codes. While this seems positively crazy, it actually works out quite well. The error conditions that were specific weren't super necessary and the ones that were necessary now simply have better context information. We lose the ability to add new codes, but this constraint may not be a bad thing. Effectively, as long as one uses the errors defined in `errdefs`, the error class will be mapped correctly across the grpc boundary and everything will be good. If you don't use those definitions, the error maps to "unknown" and the error message is preserved. Signed-off-by: Stephen J Day <stephen.day@docker.com>
63 lines
1.9 KiB
Go
63 lines
1.9 KiB
Go
// Package identifiers provides common validation for identifiers, keys and ids
|
|
// across containerd.
|
|
//
|
|
// To allow such identifiers to be used across various contexts safely, the character
|
|
// set has been restricted to that defined for domains in RFC 1035, section
|
|
// 2.3.1. This will make identifiers safe for use across networks, filesystems
|
|
// and other media.
|
|
//
|
|
// The identifier specification departs from RFC 1035 in that it allows
|
|
// "labels" to start with number and only enforces a total length restriction
|
|
// of 76 characters.
|
|
//
|
|
// While the character set may be expanded in the future, identifiers are
|
|
// guaranteed to be safely used as filesystem path components.
|
|
package identifiers
|
|
|
|
import (
|
|
"regexp"
|
|
|
|
"github.com/containerd/containerd/errdefs"
|
|
"github.com/pkg/errors"
|
|
)
|
|
|
|
const (
|
|
maxLength = 76
|
|
charclass = `[A-Za-z0-9]+`
|
|
label = charclass + `(:?[-]+` + charclass + `)*`
|
|
)
|
|
|
|
var (
|
|
// identifierRe validates that a identifier matches valid identifiers.
|
|
//
|
|
// Rules for domains, defined in RFC 1035, section 2.3.1, are used for
|
|
// identifiers.
|
|
identifierRe = regexp.MustCompile(reAnchor(label + reGroup("[.]"+reGroup(label)) + "*"))
|
|
)
|
|
|
|
// Validate return nil if the string s is a valid identifier.
|
|
//
|
|
// identifiers must be valid domain identifiers according to RFC 1035, section 2.3.1. To
|
|
// enforce case insensitvity, all characters must be lower case.
|
|
//
|
|
// In general, identifiers that pass this validation, should be safe for use as
|
|
// a domain identifier or filesystem path component.
|
|
func Validate(s string) error {
|
|
if len(s) > maxLength {
|
|
return errors.Wrapf(errdefs.ErrInvalidArgument, "identifier %q greater than maximum length (%d characters)", s, maxLength)
|
|
}
|
|
|
|
if !identifierRe.MatchString(s) {
|
|
return errors.Wrapf(errdefs.ErrInvalidArgument, "identifier %q must match %v", s, identifierRe)
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func reGroup(s string) string {
|
|
return `(?:` + s + `)`
|
|
}
|
|
|
|
func reAnchor(s string) string {
|
|
return `^` + s + `$`
|
|
}
|