Merge pull request #25007 from liggitt/third-party-resource-validation

Automatic merge from submit-queue validate third party resources addresses validation portion of https://github.com/kubernetes/kubernetes/issues/22768 * ThirdPartyResource: validates name (3 segment DNS subdomain) and version names (single segment DNS label) * ThirdPartyResourceData: validates objectmeta (name is validated as a DNS label) * removes ability to use GenerateName with thirdpartyresources (kind and api group should not be randomized, in my opinion) test improvements: * updates resttest to clean up after create tests (so the same valid object can be used) * updates resttest to take a name generator (in case "foo1" isn't a valid name for the object under test) action required for alpha thirdpartyresource users: * existing thirdpartyresource objects that do not match these validation rules will need to be removed/updated (after removing thirdpartyresourcedata objects stored under the disallowed versions, kind, or group names) * existing thirdpartyresourcedata objects that do not match the name validation rule will not be able to be updated, but can be removed
2016-05-15 03:38:29 -07:00
parent 59b7b1c550 6c323a4f72
commit 272674b2a6
5 changed files with 110 additions and 50 deletions
--- a/pkg/apis/extensions/validation/validation.go
+++ b/pkg/apis/extensions/validation/validation.go
@@ -44,7 +44,20 @@ func ValidateThirdPartyResourceUpdate(update, old *extensions.ThirdPartyResource
 }

 func ValidateThirdPartyResourceName(name string, prefix bool) (bool, string) {
-	return apivalidation.NameIsDNSSubdomain(name, prefix)
+	// Make sure it's a valid DNS subdomain
+	if ok, msg := apivalidation.NameIsDNSSubdomain(name, prefix); !ok {
+		return ok, msg
+	}
+
+	// Make sure it's at least three segments (kind + two-segment group name)
+	if !prefix {
+		parts := strings.Split(name, ".")
+		if len(parts) < 3 {
+			return false, "must be at least three segments long: <kind>.<domain>.<tld>"
+		}
+	}
+
+	return true, ""
 }

 func ValidateThirdPartyResource(obj *extensions.ThirdPartyResource) field.ErrorList {
@@ -56,6 +69,8 @@ func ValidateThirdPartyResource(obj *extensions.ThirdPartyResource) field.ErrorL
 		version := &obj.Versions[ix]
 		if len(version.Name) == 0 {
 			allErrs = append(allErrs, field.Invalid(field.NewPath("versions").Index(ix).Child("name"), version, "must not be empty"))
+		} else if !validation.IsDNS1123Label(version.Name) {
+			allErrs = append(allErrs, field.Invalid(field.NewPath("versions").Index(ix).Child("name"), version, apivalidation.DNS1123LabelErrorMsg))
 		}
 		if versions.Has(version.Name) {
 			allErrs = append(allErrs, field.Duplicate(field.NewPath("versions").Index(ix).Child("name"), version))
@@ -275,15 +290,11 @@ func ValidateDeploymentRollback(obj *extensions.DeploymentRollback) field.ErrorL
 }

 func ValidateThirdPartyResourceDataUpdate(update, old *extensions.ThirdPartyResourceData) field.ErrorList {
-	return ValidateThirdPartyResourceData(update)
+	return apivalidation.ValidateObjectMetaUpdate(&update.ObjectMeta, &old.ObjectMeta, field.NewPath("metadata"))
 }

 func ValidateThirdPartyResourceData(obj *extensions.ThirdPartyResourceData) field.ErrorList {
-	allErrs := field.ErrorList{}
-	if len(obj.Name) == 0 {
-		allErrs = append(allErrs, field.Required(field.NewPath("name"), ""))
-	}
-	return allErrs
+	return apivalidation.ValidateObjectMeta(&obj.ObjectMeta, true, apivalidation.NameIsDNSLabel, field.NewPath("metadata"))
 }

 // ValidateIngress tests if required fields in the Ingress are set.