github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Enabled discrimination on target namespace

Browse Source 
Generalized ResourcePolicyRule in API Priority and Fairness to be able
to discriminate on the target namespace (if any) specified in the
request.
This commit is contained in:
Mike Spreitzer
2019-11-06 22:14:15 -05:00
parent 85bc79d81f
commit 3b77bc8054
11 changed files with 526 additions and 161 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
pkg/apis/flowcontrol/validation/validation.go
View File

@@ -245,9 +245,31 @@ func ValidateFlowSchemaResourcePolicyRule(rule *flowcontrol.ResourcePolicyRule,
allErrs = append(allErrs, field.Invalid(fldPath.Child("resources"), rule.Resources, "if '*' is present, must not specify other resources"))
}
if len(rule.Namespaces) == 0 {
allErrs = append(allErrs, field.Required(fldPath.Child("namespaces"), "resource rules must supply at least one namespace"))
} else if memberInList(flowcontrol.NamespaceEvery, rule.Namespaces...) {
for _, tgtNS := range rule.Namespaces {
if tgtNS != flowcontrol.NamespaceEvery && tgtNS != flowcontrol.NamespaceClusterScope {
allErrs = append(allErrs, field.Invalid(fldPath.Child("namespaces"), rule.Namespaces, "'*' may be accompanied only by 'Cluster Scope'"))
break
}
}
} else {
for idx, tgtNS := range rule.Namespaces {
if tgtNS == flowcontrol.NamespaceClusterScope {
continue
}
for _, msg := range apimachineryvalidation.ValidateNamespaceName(tgtNS, false) {
allErrs = append(allErrs, field.Invalid(fldPath.Child("namespaces").Index(idx), tgtNS, nsErrIntro+msg))
}
}
}
return allErrs
}
const nsErrIntro = "each member of this list must be '*', 'Cluster Scope', or a DNS-1123 label; "
// ValidateFlowSchemaStatus validates status for the flow-schema.
func ValidateFlowSchemaStatus(status *flowcontrol.FlowSchemaStatus, fldPath *field.Path) field.ErrorList {
var allErrs field.ErrorList
@@ -424,8 +446,12 @@ func ValidateNonResourceURLPath(path string, fldPath *field.Path) *field.Error {
}
func hasWildcard(operations []string) bool {
for _, o := range operations {
if o == "*" {
return memberInList("*", operations...)
}
func memberInList(seek string, a ...string) bool {
for _, ai := range a {
if ai == seek {
return true
}
}