github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Make IsValid{User,Group}Id return error strings

Browse Source
This commit is contained in:
Tim Hockin
2016-01-29 00:05:34 -08:00
parent bb208a02b3
commit 3ad6c397d7
3 changed files with 32 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
pkg/api/validation/validation.go
View File

@@ -19,7 +19,6 @@ package validation
import ( import (
"encoding/json" "encoding/json"
"fmt" "fmt"
"math"
"net" "net"
"os" "os"
"path" "path"
@@ -54,7 +53,6 @@ const fieldImmutableErrorMsg string = `field is immutable`
const isNotIntegerErrorMsg string = `must be an integer` const isNotIntegerErrorMsg string = `must be an integer`
var pdPartitionErrorMsg string = validation.InclusiveRangeError(1, 255) var pdPartitionErrorMsg string = validation.InclusiveRangeError(1, 255)
var IdRangeErrorMsg string = validation.InclusiveRangeError(0, math.MaxInt32)
const totalAnnotationSizeLimitB int = 256 * (1 << 10) // 256 kB const totalAnnotationSizeLimitB int = 256 * (1 << 10) // 256 kB
@@ -1889,16 +1887,19 @@ func ValidatePodSecurityContext(securityContext *api.PodSecurityContext, spec *a
if securityContext != nil { if securityContext != nil {
allErrs = append(allErrs, validateHostNetwork(securityContext.HostNetwork, spec.Containers, specPath.Child("containers"))...) allErrs = append(allErrs, validateHostNetwork(securityContext.HostNetwork, spec.Containers, specPath.Child("containers"))...)
if securityContext.FSGroup != nil && !validation.IsValidGroupId(*securityContext.FSGroup) { if securityContext.FSGroup != nil {
allErrs = append(allErrs, field.Invalid(fldPath.Child("fsGroup"), *(securityContext.FSGroup), IdRangeErrorMsg)) for _, msg := range validation.IsValidGroupId(*securityContext.FSGroup) {
allErrs = append(allErrs, field.Invalid(fldPath.Child("fsGroup"), *(securityContext.FSGroup), msg))
} }
if securityContext.RunAsUser != nil && !validation.IsValidUserId(*securityContext.RunAsUser) {
allErrs = append(allErrs, field.Invalid(fldPath.Child("runAsUser"), *(securityContext.RunAsUser), IdRangeErrorMsg))
} }
for i, gid := range securityContext.SupplementalGroups { if securityContext.RunAsUser != nil {
if !validation.IsValidGroupId(gid) { for _, msg := range validation.IsValidUserId(*securityContext.RunAsUser) {
supplementalGroup := fmt.Sprintf(`supplementalGroups[%d]`, i) allErrs = append(allErrs, field.Invalid(fldPath.Child("runAsUser"), *(securityContext.RunAsUser), msg))
allErrs = append(allErrs, field.Invalid(fldPath.Child(supplementalGroup), gid, IdRangeErrorMsg)) }
}
for g, gid := range securityContext.SupplementalGroups {
for _, msg := range validation.IsValidGroupId(gid) {
allErrs = append(allErrs, field.Invalid(fldPath.Child("supplementalGroups").Index(g), gid, msg))
} }
} }
} }

24
pkg/util/validation/validation.go
View File

@@ -154,10 +154,10 @@ func IsCIdentifier(value string) []string {
// IsValidPortNum tests that the argument is a valid, non-zero port number. // IsValidPortNum tests that the argument is a valid, non-zero port number.
func IsValidPortNum(port int) []string { func IsValidPortNum(port int) []string {
if port < 1 || port > 65535 { if 1 <= port && port <= 65535 {
return []string{InclusiveRangeError(1, 65535)}
}
return nil return nil
}
return []string{InclusiveRangeError(1, 65535)}
} }
// Now in libcontainer UID/GID limits is 0 ~ 1<<31 - 1 // Now in libcontainer UID/GID limits is 0 ~ 1<<31 - 1
@@ -169,14 +169,20 @@ const (
maxGroupID = math.MaxInt32 maxGroupID = math.MaxInt32
) )
// IsValidGroupId tests that the argument is a valid gids. // IsValidGroupId tests that the argument is a valid Unix GID.
func IsValidGroupId(gid int64) bool { func IsValidGroupId(gid int64) []string {
return minGroupID <= gid && gid <= maxGroupID if minGroupID <= gid && gid <= maxGroupID {
return nil
}
return []string{InclusiveRangeError(minGroupID, maxGroupID)}
} }
// IsValidUserId tests that the argument is a valid uids. // IsValidUserId tests that the argument is a valid Unix UID.
func IsValidUserId(uid int64) bool { func IsValidUserId(uid int64) []string {
return minUserID <= uid && uid <= maxUserID if minUserID <= uid && uid <= maxUserID {
return nil
}
return []string{InclusiveRangeError(minUserID, maxUserID)}
} }
var portNameCharsetRegex = regexp.MustCompile("^[-a-z0-9]+$") var portNameCharsetRegex = regexp.MustCompile("^[-a-z0-9]+$")

12
pkg/util/validation/validation_test.go
View File

@@ -157,14 +157,14 @@ func TestIsValidPortNum(t *testing.T) {
func TestIsValidGroupId(t *testing.T) { func TestIsValidGroupId(t *testing.T) {
goodValues := []int64{0, 1, 1000, 65535, 2147483647} goodValues := []int64{0, 1, 1000, 65535, 2147483647}
for _, val := range goodValues { for _, val := range goodValues {
if !IsValidGroupId(val) { if msgs := IsValidGroupId(val); len(msgs) != 0 {
t.Errorf("expected true for '%d'", val) t.Errorf("expected true for '%d': %v", val, msgs)
} }
} }
badValues := []int64{-1, -1003, 2147483648, 4147483647} badValues := []int64{-1, -1003, 2147483648, 4147483647}
for _, val := range badValues { for _, val := range badValues {
if IsValidGroupId(val) { if msgs := IsValidGroupId(val); len(msgs) == 0 {
t.Errorf("expected false for '%d'", val) t.Errorf("expected false for '%d'", val)
} }
} }
@@ -173,14 +173,14 @@ func TestIsValidGroupId(t *testing.T) {
func TestIsValidUserId(t *testing.T) { func TestIsValidUserId(t *testing.T) {
goodValues := []int64{0, 1, 1000, 65535, 2147483647} goodValues := []int64{0, 1, 1000, 65535, 2147483647}
for _, val := range goodValues { for _, val := range goodValues {
if !IsValidUserId(val) { if msgs := IsValidUserId(val); len(msgs) != 0 {
t.Errorf("expected true for '%d'", val) t.Errorf("expected true for '%d': %v", val, msgs)
} }
} }
badValues := []int64{-1, -1003, 2147483648, 4147483647} badValues := []int64{-1, -1003, 2147483648, 4147483647}
for _, val := range badValues { for _, val := range badValues {
if IsValidUserId(val) { if msgs := IsValidUserId(val); len(msgs) == 0 {
t.Errorf("expected false for '%d'", val) t.Errorf("expected false for '%d'", val)
} }
} }