Merge pull request #47171 from xilabao/validate-nonResourceURL-in-create-clusterrole

Automatic merge from submit-queue (batch tested with PRs 51038, 50063, 51257, 47171, 51143) validate nonResourceURL in create clusterrole **Release note**: ```release-note NONE ```
2017-08-25 12:31:07 -07:00
parent cd908f3e59 42c41a07c8
commit 08c2071bec
2 changed files with 56 additions and 1 deletions
--- a/pkg/kubectl/cmd/create_clusterrole.go
+++ b/pkg/kubectl/cmd/create_clusterrole.go
@@ -19,6 +19,7 @@ package cmd
 import (
 	"fmt"
 	"io"
+	"strings"

 	"github.com/spf13/cobra"

@@ -133,6 +134,20 @@ func (c *CreateClusterRoleOptions) Validate() error {
 				return fmt.Errorf("invalid verb: '%s' for nonResourceURL", v)
 			}
 		}
+
+		for _, nonResourceURL := range c.NonResourceURLs {
+			if nonResourceURL == "*" {
+				continue
+			}
+
+			if nonResourceURL == "" || !strings.HasPrefix(nonResourceURL, "/") {
+				return fmt.Errorf("nonResourceURL should start with /")
+			}
+
+			if strings.ContainsRune(nonResourceURL[:len(nonResourceURL)-1], '*') {
+				return fmt.Errorf("nonResourceURL only supports wildcard matches when '*' is at the end")
+			}
+		}
 	}

 	return nil