Clean up and document validation strings
Also add a detail string for Required and Forbidden. Fix tests.
This commit is contained in:
Tim Hockin
parent
27fc14000d
commit
43ed74748e
@ -76,6 +76,7 @@ using resources with kubectl can be found in [Working with resources](../user-gu
|
||||
- [Naming conventions](#naming-conventions)
|
||||
- [Label, selector, and annotation conventions](#label-selector-and-annotation-conventions)
|
||||
- [WebSockets and SPDY](#websockets-and-spdy)
|
||||
- [Validation](#validation)
|
||||
|
||||
<!-- END MUNGE: GENERATED_TOC -->
|
||||
|
||||
@ -787,6 +788,35 @@ There are two primary protocols in use today:
|
||||
Clients should use the SPDY protocols if their clients have native support, or WebSockets as a fallback. Note that WebSockets is susceptible to Head-of-Line blocking and so clients must read and process each message sequentionally. In the future, an HTTP/2 implementation will be exposed that deprecates SPDY.
|
||||
|
||||
|
||||
## Validation
|
||||
|
||||
API objects are validated upon receipt by the apiserver. Validation errors are
|
||||
flagged and returned to the caller in a `Failure` status with `reason` set to
|
||||
`Invalid`. In order to facilitate consistent error messages, we ask that
|
||||
validation logic adheres to the following guidelines whenever possible (though
|
||||
exceptional cases will exist).
|
||||
|
||||
* Be as precise as possible.
|
||||
* Telling users what they CAN do is more useful than telling them what they
|
||||
CANNOT do.
|
||||
* When asserting a requirement in the positive, use "must". Examples: "must be
|
||||
greater than 0", "must match regex '[a-z]+'". Words like "should" imply that
|
||||
the assertion is optional, and must be avoided.
|
||||
* When asserting a formatting requirement in the negative, use "must not".
|
||||
Example: "must not contain '..'". Words like "should not" imply that the
|
||||
assertion is optional, and must be avoided.
|
||||
* When asserting a behavioral requirement in the negative, use "may not".
|
||||
Examples: "may not be specified when otherField is empty", "only `name` may be
|
||||
specified".
|
||||
* When referencing a literal string value, indicate the literal in
|
||||
single-quotes. Example: "must not contain '..'".
|
||||
* When referencing another field name, indicate the name in back-quotes.
|
||||
Example: "must be greater than `request`".
|
||||
* When specifying inequalities, use words rather than symbols. Examples: "must
|
||||
be less than 256", "must be greater than or equal to 0". Do not use words
|
||||
like "larger than", "bigger than", "more than", "higher than", etc.
|
||||
* When specifying numeric ranges, use inclusive ranges when possible.
|
||||
|
||||
<!-- BEGIN MUNGE: GENERATED_ANALYTICS -->
|
||||
[]()
|
||||
<!-- END MUNGE: GENERATED_ANALYTICS -->
|
||||
|
||||
@ -980,7 +980,7 @@ __EOF__
|
||||
# Pre-condition: use --name flag
|
||||
output_message=$(! kubectl expose -f hack/testdata/pod-with-large-name.yaml --name=invalid-large-service-name --port=8081 2>&1 "${kube_flags[@]}")
|
||||
# Post-condition: should fail due to invalid name
|
||||
kube::test::if_has_string "${output_message}" 'metadata.name: invalid value'
|
||||
kube::test::if_has_string "${output_message}" 'metadata.name: Invalid value'
|
||||
# Pre-condition: default run without --name flag; should succeed by truncating the inherited name
|
||||
output_message=$(kubectl expose -f hack/testdata/pod-with-large-name.yaml --port=8081 2>&1 "${kube_flags[@]}")
|
||||
# Post-condition: inherited name from pod has been truncated
|
||||
|
||||
@ -137,7 +137,7 @@ func TestNewInvalid(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
field.Required(field.NewPath("field[0].name")),
|
||||
field.Required(field.NewPath("field[0].name"), ""),
|
||||
&unversioned.StatusDetails{
|
||||
Kind: "Kind",
|
||||
Name: "name",
|
||||
|
||||
@ -42,7 +42,7 @@ import (
|
||||
// fields by default.
|
||||
var RepairMalformedUpdates bool = true
|
||||
|
||||
const isNegativeErrorMsg string = `must be non-negative`
|
||||
const isNegativeErrorMsg string = `must be greater than or equal to 0`
|
||||
const fieldImmutableErrorMsg string = `field is immutable`
|
||||
const cIdentifierErrorMsg string = `must be a C identifier (matching regex ` + validation.CIdentifierFmt + `): e.g. "my_name" or "MyName"`
|
||||
const isNotIntegerErrorMsg string = `must be an integer`
|
||||
@ -259,26 +259,24 @@ func ValidateObjectMeta(meta *api.ObjectMeta, requiresNamespace bool, nameFn Val
|
||||
// report it here. This may confuse users, but indicates a programming bug and still must be validated.
|
||||
// If there are multiple fields out of which one is required then add a or as a separator
|
||||
if len(meta.Name) == 0 {
|
||||
requiredErr := field.Required(fldPath.Child("name"))
|
||||
requiredErr.Detail = "name or generateName is required"
|
||||
allErrs = append(allErrs, requiredErr)
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("name"), "name or generateName is required"))
|
||||
} else {
|
||||
if ok, qualifier := nameFn(meta.Name, false); !ok {
|
||||
allErrs = append(allErrs, field.Invalid(fldPath.Child("name"), meta.Name, qualifier))
|
||||
}
|
||||
}
|
||||
allErrs = append(allErrs, ValidatePositiveField(meta.Generation, fldPath.Child("generation"))...)
|
||||
if requiresNamespace {
|
||||
if len(meta.Namespace) == 0 {
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("namespace")))
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("namespace"), ""))
|
||||
} else if ok, _ := ValidateNamespaceName(meta.Namespace, false); !ok {
|
||||
allErrs = append(allErrs, field.Invalid(fldPath.Child("namespace"), meta.Namespace, DNS1123LabelErrorMsg))
|
||||
}
|
||||
} else {
|
||||
if len(meta.Namespace) != 0 {
|
||||
allErrs = append(allErrs, field.Invalid(fldPath.Child("namespace"), meta.Namespace, "not allowed on this type"))
|
||||
allErrs = append(allErrs, field.Forbidden(fldPath, "not allowed on this type"))
|
||||
}
|
||||
}
|
||||
allErrs = append(allErrs, ValidatePositiveField(meta.Generation, fldPath.Child("generation"))...)
|
||||
allErrs = append(allErrs, ValidateLabels(meta.Labels, fldPath.Child("labels"))...)
|
||||
allErrs = append(allErrs, ValidateAnnotations(meta.Annotations, fldPath.Child("annotations"))...)
|
||||
|
||||
@ -343,7 +341,7 @@ func validateVolumes(volumes []api.Volume, fldPath *field.Path) (sets.String, fi
|
||||
idxPath := fldPath.Index(i)
|
||||
el := validateVolumeSource(&vol.VolumeSource, idxPath)
|
||||
if len(vol.Name) == 0 {
|
||||
el = append(el, field.Required(idxPath.Child("name")))
|
||||
el = append(el, field.Required(idxPath.Child("name"), ""))
|
||||
} else if !validation.IsDNS1123Label(vol.Name) {
|
||||
el = append(el, field.Invalid(idxPath.Child("name"), vol.Name, DNS1123LabelErrorMsg))
|
||||
} else if allNames.Has(vol.Name) {
|
||||
@ -426,8 +424,10 @@ func validateVolumeSource(source *api.VolumeSource, fldPath *field.Path) field.E
|
||||
numVolumes++
|
||||
allErrs = append(allErrs, validateFCVolumeSource(source.FC, fldPath.Child("fc"))...)
|
||||
}
|
||||
if numVolumes != 1 {
|
||||
allErrs = append(allErrs, field.Invalid(fldPath, source, "exactly 1 volume type is required"))
|
||||
if numVolumes == 0 {
|
||||
allErrs = append(allErrs, field.Required(fldPath, "must specify a volume type"))
|
||||
} else if numVolumes > 1 {
|
||||
allErrs = append(allErrs, field.Invalid(fldPath, source, "may not specify more than 1 volume type"))
|
||||
}
|
||||
|
||||
return allErrs
|
||||
@ -436,7 +436,7 @@ func validateVolumeSource(source *api.VolumeSource, fldPath *field.Path) field.E
|
||||
func validateHostPathVolumeSource(hostPath *api.HostPathVolumeSource, fldPath *field.Path) field.ErrorList {
|
||||
allErrs := field.ErrorList{}
|
||||
if len(hostPath.Path) == 0 {
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("path")))
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("path"), ""))
|
||||
}
|
||||
return allErrs
|
||||
}
|
||||
@ -444,7 +444,7 @@ func validateHostPathVolumeSource(hostPath *api.HostPathVolumeSource, fldPath *f
|
||||
func validateGitRepoVolumeSource(gitRepo *api.GitRepoVolumeSource, fldPath *field.Path) field.ErrorList {
|
||||
allErrs := field.ErrorList{}
|
||||
if len(gitRepo.Repository) == 0 {
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("repository")))
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("repository"), ""))
|
||||
}
|
||||
|
||||
pathErrs := validateVolumeSourcePath(gitRepo.Directory, fldPath.Child("directory"))
|
||||
@ -455,13 +455,13 @@ func validateGitRepoVolumeSource(gitRepo *api.GitRepoVolumeSource, fldPath *fiel
|
||||
func validateISCSIVolumeSource(iscsi *api.ISCSIVolumeSource, fldPath *field.Path) field.ErrorList {
|
||||
allErrs := field.ErrorList{}
|
||||
if len(iscsi.TargetPortal) == 0 {
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("targetPortal")))
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("targetPortal"), ""))
|
||||
}
|
||||
if len(iscsi.IQN) == 0 {
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("iqn")))
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("iqn"), ""))
|
||||
}
|
||||
if len(iscsi.FSType) == 0 {
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("fsType")))
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("fsType"), ""))
|
||||
}
|
||||
if iscsi.Lun < 0 || iscsi.Lun > 255 {
|
||||
allErrs = append(allErrs, field.Invalid(fldPath.Child("lun"), iscsi.Lun, InclusiveRangeErrorMsg(0, 255)))
|
||||
@ -472,15 +472,15 @@ func validateISCSIVolumeSource(iscsi *api.ISCSIVolumeSource, fldPath *field.Path
|
||||
func validateFCVolumeSource(fc *api.FCVolumeSource, fldPath *field.Path) field.ErrorList {
|
||||
allErrs := field.ErrorList{}
|
||||
if len(fc.TargetWWNs) < 1 {
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("targetWWNs")))
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("targetWWNs"), ""))
|
||||
}
|
||||
|
||||
if len(fc.FSType) == 0 {
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("fsType")))
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("fsType"), ""))
|
||||
}
|
||||
|
||||
if fc.Lun == nil {
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("lun")))
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("lun"), ""))
|
||||
} else {
|
||||
if *fc.Lun < 0 || *fc.Lun > 255 {
|
||||
allErrs = append(allErrs, field.Invalid(fldPath.Child("lun"), fc.Lun, InclusiveRangeErrorMsg(0, 255)))
|
||||
@ -492,10 +492,10 @@ func validateFCVolumeSource(fc *api.FCVolumeSource, fldPath *field.Path) field.E
|
||||
func validateGCEPersistentDiskVolumeSource(pd *api.GCEPersistentDiskVolumeSource, fldPath *field.Path) field.ErrorList {
|
||||
allErrs := field.ErrorList{}
|
||||
if len(pd.PDName) == 0 {
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("pdName")))
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("pdName"), ""))
|
||||
}
|
||||
if len(pd.FSType) == 0 {
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("fsType")))
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("fsType"), ""))
|
||||
}
|
||||
if pd.Partition < 0 || pd.Partition > 255 {
|
||||
allErrs = append(allErrs, field.Invalid(fldPath.Child("partition"), pd.Partition, pdPartitionErrorMsg))
|
||||
@ -506,10 +506,10 @@ func validateGCEPersistentDiskVolumeSource(pd *api.GCEPersistentDiskVolumeSource
|
||||
func validateAWSElasticBlockStoreVolumeSource(PD *api.AWSElasticBlockStoreVolumeSource, fldPath *field.Path) field.ErrorList {
|
||||
allErrs := field.ErrorList{}
|
||||
if len(PD.VolumeID) == 0 {
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("volumeID")))
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("volumeID"), ""))
|
||||
}
|
||||
if len(PD.FSType) == 0 {
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("fsType")))
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("fsType"), ""))
|
||||
}
|
||||
if PD.Partition < 0 || PD.Partition > 255 {
|
||||
allErrs = append(allErrs, field.Invalid(fldPath.Child("partition"), PD.Partition, pdPartitionErrorMsg))
|
||||
@ -520,7 +520,7 @@ func validateAWSElasticBlockStoreVolumeSource(PD *api.AWSElasticBlockStoreVolume
|
||||
func validateSecretVolumeSource(secretSource *api.SecretVolumeSource, fldPath *field.Path) field.ErrorList {
|
||||
allErrs := field.ErrorList{}
|
||||
if len(secretSource.SecretName) == 0 {
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("secretName")))
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("secretName"), ""))
|
||||
}
|
||||
return allErrs
|
||||
}
|
||||
@ -528,7 +528,7 @@ func validateSecretVolumeSource(secretSource *api.SecretVolumeSource, fldPath *f
|
||||
func validatePersistentClaimVolumeSource(claim *api.PersistentVolumeClaimVolumeSource, fldPath *field.Path) field.ErrorList {
|
||||
allErrs := field.ErrorList{}
|
||||
if len(claim.ClaimName) == 0 {
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("claimName")))
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("claimName"), ""))
|
||||
}
|
||||
return allErrs
|
||||
}
|
||||
@ -536,10 +536,10 @@ func validatePersistentClaimVolumeSource(claim *api.PersistentVolumeClaimVolumeS
|
||||
func validateNFSVolumeSource(nfs *api.NFSVolumeSource, fldPath *field.Path) field.ErrorList {
|
||||
allErrs := field.ErrorList{}
|
||||
if len(nfs.Server) == 0 {
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("server")))
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("server"), ""))
|
||||
}
|
||||
if len(nfs.Path) == 0 {
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("path")))
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("path"), ""))
|
||||
}
|
||||
if !path.IsAbs(nfs.Path) {
|
||||
allErrs = append(allErrs, field.Invalid(fldPath.Child("path"), nfs.Path, "must be an absolute path"))
|
||||
@ -550,10 +550,10 @@ func validateNFSVolumeSource(nfs *api.NFSVolumeSource, fldPath *field.Path) fiel
|
||||
func validateGlusterfs(glusterfs *api.GlusterfsVolumeSource, fldPath *field.Path) field.ErrorList {
|
||||
allErrs := field.ErrorList{}
|
||||
if len(glusterfs.EndpointsName) == 0 {
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("endpoints")))
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("endpoints"), ""))
|
||||
}
|
||||
if len(glusterfs.Path) == 0 {
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("path")))
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("path"), ""))
|
||||
}
|
||||
return allErrs
|
||||
}
|
||||
@ -561,7 +561,7 @@ func validateGlusterfs(glusterfs *api.GlusterfsVolumeSource, fldPath *field.Path
|
||||
func validateFlockerVolumeSource(flocker *api.FlockerVolumeSource, fldPath *field.Path) field.ErrorList {
|
||||
allErrs := field.ErrorList{}
|
||||
if len(flocker.DatasetName) == 0 {
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("datasetName")))
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("datasetName"), ""))
|
||||
}
|
||||
if strings.Contains(flocker.DatasetName, "/") {
|
||||
allErrs = append(allErrs, field.Invalid(fldPath.Child("datasetName"), flocker.DatasetName, "must not contain '/'"))
|
||||
@ -575,7 +575,7 @@ func validateDownwardAPIVolumeSource(downwardAPIVolume *api.DownwardAPIVolumeSou
|
||||
allErrs := field.ErrorList{}
|
||||
for _, downwardAPIVolumeFile := range downwardAPIVolume.Items {
|
||||
if len(downwardAPIVolumeFile.Path) == 0 {
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("path")))
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("path"), ""))
|
||||
}
|
||||
allErrs = append(allErrs, validateVolumeSourcePath(downwardAPIVolumeFile.Path, fldPath.Child("path"))...)
|
||||
allErrs = append(allErrs, validateObjectFieldSelector(&downwardAPIVolumeFile.FieldRef, &validDownwardAPIFieldPathExpressions, fldPath.Child("fieldRef"))...)
|
||||
@ -590,7 +590,7 @@ func validateDownwardAPIVolumeSource(downwardAPIVolume *api.DownwardAPIVolumeSou
|
||||
func validateVolumeSourcePath(targetPath string, fldPath *field.Path) field.ErrorList {
|
||||
allErrs := field.ErrorList{}
|
||||
if path.IsAbs(targetPath) {
|
||||
allErrs = append(allErrs, field.Forbidden(fldPath, "must not be an absolute path"))
|
||||
allErrs = append(allErrs, field.Invalid(fldPath, targetPath, "must be a relative path"))
|
||||
}
|
||||
// TODO assume OS of api server & nodes are the same for now
|
||||
items := strings.Split(targetPath, string(os.PathSeparator))
|
||||
@ -609,13 +609,13 @@ func validateVolumeSourcePath(targetPath string, fldPath *field.Path) field.Erro
|
||||
func validateRBDVolumeSource(rbd *api.RBDVolumeSource, fldPath *field.Path) field.ErrorList {
|
||||
allErrs := field.ErrorList{}
|
||||
if len(rbd.CephMonitors) == 0 {
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("monitors")))
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("monitors"), ""))
|
||||
}
|
||||
if len(rbd.RBDImage) == 0 {
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("image")))
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("image"), ""))
|
||||
}
|
||||
if len(rbd.FSType) == 0 {
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("fsType")))
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("fsType"), ""))
|
||||
}
|
||||
return allErrs
|
||||
}
|
||||
@ -623,10 +623,10 @@ func validateRBDVolumeSource(rbd *api.RBDVolumeSource, fldPath *field.Path) fiel
|
||||
func validateCinderVolumeSource(cd *api.CinderVolumeSource, fldPath *field.Path) field.ErrorList {
|
||||
allErrs := field.ErrorList{}
|
||||
if len(cd.VolumeID) == 0 {
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("volumeID")))
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("volumeID"), ""))
|
||||
}
|
||||
if len(cd.FSType) == 0 || (cd.FSType != "ext3" && cd.FSType != "ext4") {
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("fsType")))
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("fsType"), ""))
|
||||
}
|
||||
return allErrs
|
||||
}
|
||||
@ -634,7 +634,7 @@ func validateCinderVolumeSource(cd *api.CinderVolumeSource, fldPath *field.Path)
|
||||
func validateCephFSVolumeSource(cephfs *api.CephFSVolumeSource, fldPath *field.Path) field.ErrorList {
|
||||
allErrs := field.ErrorList{}
|
||||
if len(cephfs.Monitors) == 0 {
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("monitors")))
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("monitors"), ""))
|
||||
}
|
||||
return allErrs
|
||||
}
|
||||
@ -650,7 +650,7 @@ func ValidatePersistentVolume(pv *api.PersistentVolume) field.ErrorList {
|
||||
|
||||
specPath := field.NewPath("spec")
|
||||
if len(pv.Spec.AccessModes) == 0 {
|
||||
allErrs = append(allErrs, field.Required(specPath.Child("accessModes")))
|
||||
allErrs = append(allErrs, field.Required(specPath.Child("accessModes"), ""))
|
||||
}
|
||||
for _, mode := range pv.Spec.AccessModes {
|
||||
if !supportedAccessModes.Has(string(mode)) {
|
||||
@ -659,7 +659,7 @@ func ValidatePersistentVolume(pv *api.PersistentVolume) field.ErrorList {
|
||||
}
|
||||
|
||||
if len(pv.Spec.Capacity) == 0 {
|
||||
allErrs = append(allErrs, field.Required(specPath.Child("capacity")))
|
||||
allErrs = append(allErrs, field.Required(specPath.Child("capacity"), ""))
|
||||
}
|
||||
|
||||
if _, ok := pv.Spec.Capacity[api.ResourceStorage]; !ok || len(pv.Spec.Capacity) > 1 {
|
||||
@ -715,8 +715,10 @@ func ValidatePersistentVolume(pv *api.PersistentVolume) field.ErrorList {
|
||||
numVolumes++
|
||||
allErrs = append(allErrs, validateFCVolumeSource(pv.Spec.FC, specPath.Child("fc"))...)
|
||||
}
|
||||
if numVolumes != 1 {
|
||||
allErrs = append(allErrs, field.Invalid(specPath, pv.Spec.PersistentVolumeSource, "exactly 1 volume type is required"))
|
||||
if numVolumes == 0 {
|
||||
allErrs = append(allErrs, field.Required(specPath, "must specify a volume type"))
|
||||
} else if numVolumes > 1 {
|
||||
allErrs = append(allErrs, field.Invalid(specPath, pv.Spec.PersistentVolumeSource, "may not specify more than 1 volume type"))
|
||||
}
|
||||
return allErrs
|
||||
}
|
||||
@ -735,7 +737,7 @@ func ValidatePersistentVolumeUpdate(newPv, oldPv *api.PersistentVolume) field.Er
|
||||
func ValidatePersistentVolumeStatusUpdate(newPv, oldPv *api.PersistentVolume) field.ErrorList {
|
||||
allErrs := ValidateObjectMetaUpdate(&newPv.ObjectMeta, &oldPv.ObjectMeta, field.NewPath("metadata"))
|
||||
if len(newPv.ResourceVersion) == 0 {
|
||||
allErrs = append(allErrs, field.Required(field.NewPath("resourceVersion")))
|
||||
allErrs = append(allErrs, field.Required(field.NewPath("resourceVersion"), ""))
|
||||
}
|
||||
newPv.Spec = oldPv.Spec
|
||||
return allErrs
|
||||
@ -745,7 +747,7 @@ func ValidatePersistentVolumeClaim(pvc *api.PersistentVolumeClaim) field.ErrorLi
|
||||
allErrs := ValidateObjectMeta(&pvc.ObjectMeta, true, ValidatePersistentVolumeName, field.NewPath("metadata"))
|
||||
specPath := field.NewPath("spec")
|
||||
if len(pvc.Spec.AccessModes) == 0 {
|
||||
allErrs = append(allErrs, field.Invalid(specPath.Child("accessModes"), pvc.Spec.AccessModes, "at least 1 accessMode is required"))
|
||||
allErrs = append(allErrs, field.Required(specPath.Child("accessModes"), "at least 1 accessMode is required"))
|
||||
}
|
||||
for _, mode := range pvc.Spec.AccessModes {
|
||||
if mode != api.ReadWriteOnce && mode != api.ReadOnlyMany && mode != api.ReadWriteMany {
|
||||
@ -753,7 +755,7 @@ func ValidatePersistentVolumeClaim(pvc *api.PersistentVolumeClaim) field.ErrorLi
|
||||
}
|
||||
}
|
||||
if _, ok := pvc.Spec.Resources.Requests[api.ResourceStorage]; !ok {
|
||||
allErrs = append(allErrs, field.Required(specPath.Child("resources").Key(string(api.ResourceStorage))))
|
||||
allErrs = append(allErrs, field.Required(specPath.Child("resources").Key(string(api.ResourceStorage)), ""))
|
||||
}
|
||||
return allErrs
|
||||
}
|
||||
@ -768,10 +770,10 @@ func ValidatePersistentVolumeClaimUpdate(newPvc, oldPvc *api.PersistentVolumeCla
|
||||
func ValidatePersistentVolumeClaimStatusUpdate(newPvc, oldPvc *api.PersistentVolumeClaim) field.ErrorList {
|
||||
allErrs := ValidateObjectMetaUpdate(&newPvc.ObjectMeta, &oldPvc.ObjectMeta, field.NewPath("metadata"))
|
||||
if len(newPvc.ResourceVersion) == 0 {
|
||||
allErrs = append(allErrs, field.Required(field.NewPath("resourceVersion")))
|
||||
allErrs = append(allErrs, field.Required(field.NewPath("resourceVersion"), ""))
|
||||
}
|
||||
if len(newPvc.Spec.AccessModes) == 0 {
|
||||
allErrs = append(allErrs, field.Required(field.NewPath("Spec", "accessModes")))
|
||||
allErrs = append(allErrs, field.Required(field.NewPath("Spec", "accessModes"), ""))
|
||||
}
|
||||
capPath := field.NewPath("status", "capacity")
|
||||
for r, qty := range newPvc.Status.Capacity {
|
||||
@ -807,7 +809,7 @@ func validateContainerPorts(ports []api.ContainerPort, fldPath *field.Path) fiel
|
||||
allErrs = append(allErrs, field.Invalid(idxPath.Child("hostPort"), port.HostPort, PortRangeErrorMsg))
|
||||
}
|
||||
if len(port.Protocol) == 0 {
|
||||
allErrs = append(allErrs, field.Required(idxPath.Child("protocol")))
|
||||
allErrs = append(allErrs, field.Required(idxPath.Child("protocol"), ""))
|
||||
} else if !supportedPortProtocols.Has(string(port.Protocol)) {
|
||||
allErrs = append(allErrs, field.NotSupported(idxPath.Child("protocol"), port.Protocol, supportedPortProtocols.List()))
|
||||
}
|
||||
@ -821,7 +823,7 @@ func validateEnv(vars []api.EnvVar, fldPath *field.Path) field.ErrorList {
|
||||
for i, ev := range vars {
|
||||
idxPath := fldPath.Index(i)
|
||||
if len(ev.Name) == 0 {
|
||||
allErrs = append(allErrs, field.Required(idxPath.Child("name")))
|
||||
allErrs = append(allErrs, field.Required(idxPath.Child("name"), ""))
|
||||
} else if !validation.IsCIdentifier(ev.Name) {
|
||||
allErrs = append(allErrs, field.Invalid(idxPath.Child("name"), ev.Name, cIdentifierErrorMsg))
|
||||
}
|
||||
@ -848,7 +850,7 @@ func validateEnvVarValueFrom(ev api.EnvVar, fldPath *field.Path) field.ErrorList
|
||||
}
|
||||
|
||||
if len(ev.Value) != 0 && numSources != 0 {
|
||||
allErrs = append(allErrs, field.Invalid(fldPath, "", "sources cannot be specified when value is not empty"))
|
||||
allErrs = append(allErrs, field.Invalid(fldPath, "", "may not be specified when `value` is not empty"))
|
||||
}
|
||||
|
||||
return allErrs
|
||||
@ -858,9 +860,9 @@ func validateObjectFieldSelector(fs *api.ObjectFieldSelector, expressions *sets.
|
||||
allErrs := field.ErrorList{}
|
||||
|
||||
if len(fs.APIVersion) == 0 {
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("apiVersion")))
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("apiVersion"), ""))
|
||||
} else if len(fs.FieldPath) == 0 {
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("fieldPath")))
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("fieldPath"), ""))
|
||||
} else {
|
||||
internalFieldPath, _, err := api.Scheme.ConvertFieldLabel(fs.APIVersion, "Pod", fs.FieldPath, "")
|
||||
if err != nil {
|
||||
@ -879,12 +881,12 @@ func validateVolumeMounts(mounts []api.VolumeMount, volumes sets.String, fldPath
|
||||
for i, mnt := range mounts {
|
||||
idxPath := fldPath.Index(i)
|
||||
if len(mnt.Name) == 0 {
|
||||
allErrs = append(allErrs, field.Required(idxPath.Child("name")))
|
||||
allErrs = append(allErrs, field.Required(idxPath.Child("name"), ""))
|
||||
} else if !volumes.Has(mnt.Name) {
|
||||
allErrs = append(allErrs, field.NotFound(idxPath.Child("name"), mnt.Name))
|
||||
}
|
||||
if len(mnt.MountPath) == 0 {
|
||||
allErrs = append(allErrs, field.Required(idxPath.Child("mountPath")))
|
||||
allErrs = append(allErrs, field.Required(idxPath.Child("mountPath"), ""))
|
||||
}
|
||||
}
|
||||
return allErrs
|
||||
@ -941,7 +943,7 @@ func checkHostPortConflicts(containers []api.Container, fldPath *field.Path) fie
|
||||
func validateExecAction(exec *api.ExecAction, fldPath *field.Path) field.ErrorList {
|
||||
allErrors := field.ErrorList{}
|
||||
if len(exec.Command) == 0 {
|
||||
allErrors = append(allErrors, field.Required(fldPath.Child("command")))
|
||||
allErrors = append(allErrors, field.Required(fldPath.Child("command"), ""))
|
||||
}
|
||||
return allErrors
|
||||
}
|
||||
@ -949,7 +951,7 @@ func validateExecAction(exec *api.ExecAction, fldPath *field.Path) field.ErrorLi
|
||||
func validateHTTPGetAction(http *api.HTTPGetAction, fldPath *field.Path) field.ErrorList {
|
||||
allErrors := field.ErrorList{}
|
||||
if len(http.Path) == 0 {
|
||||
allErrors = append(allErrors, field.Required(fldPath.Child("path")))
|
||||
allErrors = append(allErrors, field.Required(fldPath.Child("path"), ""))
|
||||
}
|
||||
if http.Port.Type == intstr.Int && !validation.IsValidPortNum(http.Port.IntValue()) {
|
||||
allErrors = append(allErrors, field.Invalid(fldPath.Child("port"), http.Port, PortRangeErrorMsg))
|
||||
@ -988,8 +990,10 @@ func validateHandler(handler *api.Handler, fldPath *field.Path) field.ErrorList
|
||||
numHandlers++
|
||||
allErrors = append(allErrors, validateTCPSocketAction(handler.TCPSocket, fldPath.Child("tcpSocket"))...)
|
||||
}
|
||||
if numHandlers != 1 {
|
||||
allErrors = append(allErrors, field.Invalid(fldPath, handler, "exactly 1 handler type is required"))
|
||||
if numHandlers == 0 {
|
||||
allErrors = append(allErrors, field.Required(fldPath, "must specify a handler type"))
|
||||
} else if numHandlers > 1 {
|
||||
allErrors = append(allErrors, field.Invalid(fldPath, handler, "may not specify more than 1 handler type"))
|
||||
}
|
||||
return allErrors
|
||||
}
|
||||
@ -1014,7 +1018,7 @@ func validatePullPolicy(policy api.PullPolicy, fldPath *field.Path) field.ErrorL
|
||||
case api.PullAlways, api.PullIfNotPresent, api.PullNever:
|
||||
break
|
||||
case "":
|
||||
allErrors = append(allErrors, field.Required(fldPath))
|
||||
allErrors = append(allErrors, field.Required(fldPath, ""))
|
||||
default:
|
||||
allErrors = append(allErrors, field.NotSupported(fldPath, policy, supportedPullPolicies.List()))
|
||||
}
|
||||
@ -1026,14 +1030,14 @@ func validateContainers(containers []api.Container, volumes sets.String, fldPath
|
||||
allErrs := field.ErrorList{}
|
||||
|
||||
if len(containers) == 0 {
|
||||
return append(allErrs, field.Required(fldPath))
|
||||
return append(allErrs, field.Required(fldPath, ""))
|
||||
}
|
||||
|
||||
allNames := sets.String{}
|
||||
for i, ctr := range containers {
|
||||
idxPath := fldPath.Index(i)
|
||||
if len(ctr.Name) == 0 {
|
||||
allErrs = append(allErrs, field.Required(idxPath.Child("name")))
|
||||
allErrs = append(allErrs, field.Required(idxPath.Child("name"), ""))
|
||||
} else if !validation.IsDNS1123Label(ctr.Name) {
|
||||
allErrs = append(allErrs, field.Invalid(idxPath.Child("name"), ctr.Name, DNS1123LabelErrorMsg))
|
||||
} else if allNames.Has(ctr.Name) {
|
||||
@ -1042,7 +1046,7 @@ func validateContainers(containers []api.Container, volumes sets.String, fldPath
|
||||
allNames.Insert(ctr.Name)
|
||||
}
|
||||
if len(ctr.Image) == 0 {
|
||||
allErrs = append(allErrs, field.Required(idxPath.Child("image")))
|
||||
allErrs = append(allErrs, field.Required(idxPath.Child("image"), ""))
|
||||
}
|
||||
if ctr.Lifecycle != nil {
|
||||
allErrs = append(allErrs, validateLifecycle(ctr.Lifecycle, idxPath.Child("lifecycle"))...)
|
||||
@ -1050,7 +1054,7 @@ func validateContainers(containers []api.Container, volumes sets.String, fldPath
|
||||
allErrs = append(allErrs, validateProbe(ctr.LivenessProbe, idxPath.Child("livenessProbe"))...)
|
||||
// Liveness-specific validation
|
||||
if ctr.LivenessProbe != nil && ctr.LivenessProbe.SuccessThreshold != 1 {
|
||||
allErrs = append(allErrs, field.Forbidden(idxPath.Child("livenessProbe", "successThreshold"), "must be 1"))
|
||||
allErrs = append(allErrs, field.Invalid(idxPath.Child("livenessProbe", "successThreshold"), ctr.LivenessProbe.SuccessThreshold, "must be 1"))
|
||||
}
|
||||
|
||||
allErrs = append(allErrs, validateProbe(ctr.ReadinessProbe, idxPath.Child("readinessProbe"))...)
|
||||
@ -1073,7 +1077,7 @@ func validateRestartPolicy(restartPolicy *api.RestartPolicy, fldPath *field.Path
|
||||
case api.RestartPolicyAlways, api.RestartPolicyOnFailure, api.RestartPolicyNever:
|
||||
break
|
||||
case "":
|
||||
allErrors = append(allErrors, field.Required(fldPath))
|
||||
allErrors = append(allErrors, field.Required(fldPath, ""))
|
||||
default:
|
||||
validValues := []string{string(api.RestartPolicyAlways), string(api.RestartPolicyOnFailure), string(api.RestartPolicyNever)}
|
||||
allErrors = append(allErrors, field.NotSupported(fldPath, *restartPolicy, validValues))
|
||||
@ -1088,7 +1092,7 @@ func validateDNSPolicy(dnsPolicy *api.DNSPolicy, fldPath *field.Path) field.Erro
|
||||
case api.DNSClusterFirst, api.DNSDefault:
|
||||
break
|
||||
case "":
|
||||
allErrors = append(allErrors, field.Required(fldPath))
|
||||
allErrors = append(allErrors, field.Required(fldPath, ""))
|
||||
default:
|
||||
validValues := []string{string(api.DNSClusterFirst), string(api.DNSDefault)}
|
||||
allErrors = append(allErrors, field.NotSupported(fldPath, dnsPolicy, validValues))
|
||||
@ -1104,7 +1108,7 @@ func validateHostNetwork(hostNetwork bool, containers []api.Container, fldPath *
|
||||
for i, port := range container.Ports {
|
||||
idxPath := portsPath.Index(i)
|
||||
if port.HostPort != port.ContainerPort {
|
||||
allErrors = append(allErrors, field.Invalid(idxPath.Child("containerPort"), port.ContainerPort, "must match hostPort when hostNetwork is set to true"))
|
||||
allErrors = append(allErrors, field.Invalid(idxPath.Child("containerPort"), port.ContainerPort, "must match `hostPort` when `hostNetwork` is true"))
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -1189,7 +1193,7 @@ func ValidatePodUpdate(newPod, oldPod *api.Pod) field.ErrorList {
|
||||
specPath := field.NewPath("spec")
|
||||
if len(newPod.Spec.Containers) != len(oldPod.Spec.Containers) {
|
||||
//TODO: Pinpoint the specific container that causes the invalid error after we have strategic merge diff
|
||||
allErrs = append(allErrs, field.Invalid(specPath.Child("containers"), "contents not printed here, please refer to the \"details\"", "may not add or remove containers"))
|
||||
allErrs = append(allErrs, field.Forbidden(specPath.Child("containers"), "pod updates may not add or remove containers"))
|
||||
return allErrs
|
||||
}
|
||||
pod := *newPod
|
||||
@ -1202,7 +1206,7 @@ func ValidatePodUpdate(newPod, oldPod *api.Pod) field.ErrorList {
|
||||
pod.Spec.Containers = newContainers
|
||||
if !api.Semantic.DeepEqual(pod.Spec, oldPod.Spec) {
|
||||
//TODO: Pinpoint the specific field that causes the invalid error after we have strategic merge diff
|
||||
allErrs = append(allErrs, field.Invalid(specPath, "contents not printed here, please refer to the \"details\"", "may not update fields other than container.image"))
|
||||
allErrs = append(allErrs, field.Forbidden(specPath, "pod updates may not change fields other than `containers[*].image`"))
|
||||
}
|
||||
|
||||
newPod.Status = oldPod.Status
|
||||
@ -1216,7 +1220,7 @@ func ValidatePodStatusUpdate(newPod, oldPod *api.Pod) field.ErrorList {
|
||||
|
||||
// TODO: allow change when bindings are properly decoupled from pods
|
||||
if newPod.Spec.NodeName != oldPod.Spec.NodeName {
|
||||
allErrs = append(allErrs, field.Invalid(field.NewPath("status", "nodeName"), newPod.Spec.NodeName, "cannot be changed directly"))
|
||||
allErrs = append(allErrs, field.Forbidden(field.NewPath("status", "nodeName"), "may not be changed directly"))
|
||||
}
|
||||
|
||||
// For status update we ignore changes to pod spec.
|
||||
@ -1235,7 +1239,7 @@ func ValidatePodBinding(binding *api.Binding) field.ErrorList {
|
||||
}
|
||||
if len(binding.Target.Name) == 0 {
|
||||
// TODO: When validation becomes versioned, this gets more complicated.
|
||||
allErrs = append(allErrs, field.Required(field.NewPath("target", "name")))
|
||||
allErrs = append(allErrs, field.Required(field.NewPath("target", "name"), ""))
|
||||
}
|
||||
|
||||
return allErrs
|
||||
@ -1266,14 +1270,17 @@ func ValidateService(service *api.Service) field.ErrorList {
|
||||
|
||||
specPath := field.NewPath("spec")
|
||||
if len(service.Spec.Ports) == 0 && service.Spec.ClusterIP != api.ClusterIPNone {
|
||||
allErrs = append(allErrs, field.Required(specPath.Child("ports")))
|
||||
allErrs = append(allErrs, field.Required(specPath.Child("ports"), ""))
|
||||
}
|
||||
if service.Spec.Type == api.ServiceTypeLoadBalancer {
|
||||
for ix := range service.Spec.Ports {
|
||||
port := &service.Spec.Ports[ix]
|
||||
// This is a workaround for broken cloud environments that
|
||||
// over-open firewalls. Hopefully it can go away when more clouds
|
||||
// understand containers better.
|
||||
if port.Port == 10250 {
|
||||
portPath := specPath.Child("ports").Index(ix)
|
||||
allErrs = append(allErrs, field.Invalid(portPath, port.Port, "can not expose port 10250 externally since it is used by kubelet"))
|
||||
allErrs = append(allErrs, field.Invalid(portPath, port.Port, "may not expose port 10250 externally since it is used by kubelet"))
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -1291,7 +1298,7 @@ func ValidateService(service *api.Service) field.ErrorList {
|
||||
}
|
||||
|
||||
if len(service.Spec.SessionAffinity) == 0 {
|
||||
allErrs = append(allErrs, field.Required(specPath.Child("sessionAffinity")))
|
||||
allErrs = append(allErrs, field.Required(specPath.Child("sessionAffinity"), ""))
|
||||
} else if !supportedSessionAffinityType.Has(string(service.Spec.SessionAffinity)) {
|
||||
allErrs = append(allErrs, field.NotSupported(specPath.Child("sessionAffinity"), service.Spec.SessionAffinity, supportedSessionAffinityType.List()))
|
||||
}
|
||||
@ -1306,13 +1313,13 @@ func ValidateService(service *api.Service) field.ErrorList {
|
||||
for i, ip := range service.Spec.ExternalIPs {
|
||||
idxPath := ipPath.Index(i)
|
||||
if ip == "0.0.0.0" {
|
||||
allErrs = append(allErrs, field.Invalid(idxPath, ip, "is not an IP address"))
|
||||
allErrs = append(allErrs, field.Invalid(idxPath, ip, "must be a valid IP address"))
|
||||
}
|
||||
allErrs = append(allErrs, validateIpIsNotLinkLocalOrLoopback(ip, idxPath)...)
|
||||
}
|
||||
|
||||
if len(service.Spec.Type) == 0 {
|
||||
allErrs = append(allErrs, field.Required(specPath.Child("type")))
|
||||
allErrs = append(allErrs, field.Required(specPath.Child("type"), ""))
|
||||
} else if !supportedServiceType.Has(string(service.Spec.Type)) {
|
||||
allErrs = append(allErrs, field.NotSupported(specPath.Child("type"), service.Spec.Type, supportedServiceType.List()))
|
||||
}
|
||||
@ -1322,7 +1329,7 @@ func ValidateService(service *api.Service) field.ErrorList {
|
||||
for i := range service.Spec.Ports {
|
||||
portPath := portsPath.Index(i)
|
||||
if service.Spec.Ports[i].Protocol != api.ProtocolTCP {
|
||||
allErrs = append(allErrs, field.Invalid(portPath.Child("protocol"), service.Spec.Ports[i].Protocol, "cannot create an external load balancer with non-TCP ports"))
|
||||
allErrs = append(allErrs, field.Invalid(portPath.Child("protocol"), service.Spec.Ports[i].Protocol, "may not use protocols other than 'TCP' when `type` is 'LoadBalancer'"))
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -1332,7 +1339,7 @@ func ValidateService(service *api.Service) field.ErrorList {
|
||||
for i := range service.Spec.Ports {
|
||||
portPath := portsPath.Index(i)
|
||||
if service.Spec.Ports[i].NodePort != 0 {
|
||||
allErrs = append(allErrs, field.Invalid(portPath.Child("nodePort"), service.Spec.Ports[i].NodePort, "cannot specify a node port with services of type ClusterIP"))
|
||||
allErrs = append(allErrs, field.Invalid(portPath.Child("nodePort"), service.Spec.Ports[i].NodePort, "may not be used when `type` is 'ClusterIP'"))
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -1351,7 +1358,7 @@ func ValidateService(service *api.Service) field.ErrorList {
|
||||
key.NodePort = port.NodePort
|
||||
_, found := nodePorts[key]
|
||||
if found {
|
||||
allErrs = append(allErrs, field.Invalid(portPath.Child("nodePort"), port.NodePort, "duplicate nodePort specified"))
|
||||
allErrs = append(allErrs, field.Duplicate(portPath.Child("nodePort"), port.NodePort))
|
||||
}
|
||||
nodePorts[key] = true
|
||||
}
|
||||
@ -1363,7 +1370,7 @@ func validateServicePort(sp *api.ServicePort, requireName, isHeadlessService boo
|
||||
allErrs := field.ErrorList{}
|
||||
|
||||
if requireName && len(sp.Name) == 0 {
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("name")))
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("name"), ""))
|
||||
} else if len(sp.Name) != 0 {
|
||||
if !validation.IsDNS1123Label(sp.Name) {
|
||||
allErrs = append(allErrs, field.Invalid(fldPath.Child("name"), sp.Name, DNS1123LabelErrorMsg))
|
||||
@ -1379,7 +1386,7 @@ func validateServicePort(sp *api.ServicePort, requireName, isHeadlessService boo
|
||||
}
|
||||
|
||||
if len(sp.Protocol) == 0 {
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("protocol")))
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("protocol"), ""))
|
||||
} else if !supportedPortProtocols.Has(string(sp.Protocol)) {
|
||||
allErrs = append(allErrs, field.NotSupported(fldPath.Child("protocol"), sp.Protocol, supportedPortProtocols.List()))
|
||||
}
|
||||
@ -1440,7 +1447,7 @@ func ValidateNonEmptySelector(selectorMap map[string]string, fldPath *field.Path
|
||||
allErrs := field.ErrorList{}
|
||||
selector := labels.Set(selectorMap).AsSelector()
|
||||
if selector.Empty() {
|
||||
allErrs = append(allErrs, field.Required(fldPath))
|
||||
allErrs = append(allErrs, field.Required(fldPath, ""))
|
||||
}
|
||||
return allErrs
|
||||
}
|
||||
@ -1449,14 +1456,14 @@ func ValidateNonEmptySelector(selectorMap map[string]string, fldPath *field.Path
|
||||
func ValidatePodTemplateSpecForRC(template *api.PodTemplateSpec, selectorMap map[string]string, replicas int, fldPath *field.Path) field.ErrorList {
|
||||
allErrs := field.ErrorList{}
|
||||
if template == nil {
|
||||
allErrs = append(allErrs, field.Required(fldPath))
|
||||
allErrs = append(allErrs, field.Required(fldPath, ""))
|
||||
} else {
|
||||
selector := labels.Set(selectorMap).AsSelector()
|
||||
if !selector.Empty() {
|
||||
// Verify that the RC selector matches the labels in template.
|
||||
labels := labels.Set(template.Labels)
|
||||
if !selector.Matches(labels) {
|
||||
allErrs = append(allErrs, field.Invalid(fldPath.Child("metadata", "labels"), template.Labels, "selector does not match labels in "+fldPath.String()))
|
||||
allErrs = append(allErrs, field.Invalid(fldPath.Child("metadata", "labels"), template.Labels, "`selector` does not match template `labels`"))
|
||||
}
|
||||
}
|
||||
allErrs = append(allErrs, ValidatePodTemplateSpec(template, fldPath)...)
|
||||
@ -1496,7 +1503,7 @@ func ValidateReadOnlyPersistentDisks(volumes []api.Volume, fldPath *field.Path)
|
||||
idxPath := fldPath.Index(i)
|
||||
if vol.GCEPersistentDisk != nil {
|
||||
if vol.GCEPersistentDisk.ReadOnly == false {
|
||||
allErrs = append(allErrs, field.Invalid(idxPath.Child("gcePersistentDisk", "readOnly"), false, "must be true for replicated pods > 1, as GCE PD can only be mounted on multiple machines if it is read-only."))
|
||||
allErrs = append(allErrs, field.Invalid(idxPath.Child("gcePersistentDisk", "readOnly"), false, "must be true for replicated pods > 1; GCE PD can only be mounted on multiple machines if it is read-only"))
|
||||
}
|
||||
}
|
||||
// TODO: What to do for AWS? It doesn't support replicas
|
||||
@ -1512,7 +1519,7 @@ func ValidateNode(node *api.Node) field.ErrorList {
|
||||
|
||||
// external ID is required.
|
||||
if len(node.Spec.ExternalID) == 0 {
|
||||
allErrs = append(allErrs, field.Required(field.NewPath("spec", "externalID")))
|
||||
allErrs = append(allErrs, field.Required(field.NewPath("spec", "externalID"), ""))
|
||||
}
|
||||
|
||||
// TODO(rjnagal): Ignore PodCIDR till its completely implemented.
|
||||
@ -1553,7 +1560,7 @@ func ValidateNodeUpdate(node, oldNode *api.Node) field.ErrorList {
|
||||
// TODO: Add a 'real' error type for this error and provide print actual diffs.
|
||||
if !api.Semantic.DeepEqual(oldNode, node) {
|
||||
glog.V(4).Infof("Update failed validation %#v vs %#v", oldNode, node)
|
||||
allErrs = append(allErrs, field.Forbidden(field.NewPath(""), "update contains more than labels or capacity changes"))
|
||||
allErrs = append(allErrs, field.Forbidden(field.NewPath(""), "node updates may only change labels or capacity"))
|
||||
}
|
||||
|
||||
return allErrs
|
||||
@ -1564,12 +1571,12 @@ func ValidateNodeUpdate(node, oldNode *api.Node) field.ErrorList {
|
||||
func validateResourceName(value string, fldPath *field.Path) field.ErrorList {
|
||||
allErrs := field.ErrorList{}
|
||||
if !validation.IsQualifiedName(value) {
|
||||
return append(allErrs, field.Invalid(fldPath, value, "resource typename: "+qualifiedNameErrorMsg))
|
||||
return append(allErrs, field.Invalid(fldPath, value, qualifiedNameErrorMsg))
|
||||
}
|
||||
|
||||
if len(strings.Split(value, "/")) == 1 {
|
||||
if !api.IsStandardResourceName(value) {
|
||||
return append(allErrs, field.Invalid(fldPath, value, "is neither a standard resource type nor is fully qualified"))
|
||||
return append(allErrs, field.Invalid(fldPath, value, "must be a standard resource type or fully qualified"))
|
||||
}
|
||||
}
|
||||
|
||||
@ -1612,10 +1619,10 @@ func ValidateLimitRange(limitRange *api.LimitRange) field.ErrorList {
|
||||
|
||||
if limit.Type == api.LimitTypePod {
|
||||
if len(limit.Default) > 0 {
|
||||
allErrs = append(allErrs, field.Invalid(idxPath.Child("default"), limit.Default, "not supported when limit type is Pod"))
|
||||
allErrs = append(allErrs, field.Forbidden(idxPath.Child("default"), "may not be specified when `type` is 'Pod'"))
|
||||
}
|
||||
if len(limit.DefaultRequest) > 0 {
|
||||
allErrs = append(allErrs, field.Invalid(idxPath.Child("defaultRequest"), limit.DefaultRequest, "not supported when limit type is Pod"))
|
||||
allErrs = append(allErrs, field.Forbidden(idxPath.Child("defaultRequest"), "may not be specified when `type` is 'Pod'"))
|
||||
}
|
||||
} else {
|
||||
for k, q := range limit.Default {
|
||||
@ -1733,14 +1740,14 @@ func ValidateSecret(secret *api.Secret) field.ErrorList {
|
||||
// Only require Annotations[kubernetes.io/service-account.name]
|
||||
// Additional fields (like Annotations[kubernetes.io/service-account.uid] and Data[token]) might be contributed later by a controller loop
|
||||
if value := secret.Annotations[api.ServiceAccountNameKey]; len(value) == 0 {
|
||||
allErrs = append(allErrs, field.Required(field.NewPath("metadata", "annotations").Key(api.ServiceAccountNameKey)))
|
||||
allErrs = append(allErrs, field.Required(field.NewPath("metadata", "annotations").Key(api.ServiceAccountNameKey), ""))
|
||||
}
|
||||
case api.SecretTypeOpaque, "":
|
||||
// no-op
|
||||
case api.SecretTypeDockercfg:
|
||||
dockercfgBytes, exists := secret.Data[api.DockerConfigKey]
|
||||
if !exists {
|
||||
allErrs = append(allErrs, field.Required(dataPath.Key(api.DockerConfigKey)))
|
||||
allErrs = append(allErrs, field.Required(dataPath.Key(api.DockerConfigKey), ""))
|
||||
break
|
||||
}
|
||||
|
||||
@ -1800,7 +1807,7 @@ func ValidateResourceRequirements(requirements *api.ResourceRequirements, fldPat
|
||||
limitValue = quantity.MilliValue()
|
||||
}
|
||||
if limitValue < requestValue {
|
||||
allErrs = append(allErrs, field.Invalid(fldPath, quantity.String(), "cannot be smaller than request"))
|
||||
allErrs = append(allErrs, field.Invalid(fldPath, quantity.String(), "must be greater than or equal to request"))
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -1872,7 +1879,7 @@ func ValidateResourceQuotaUpdate(newResourceQuota, oldResourceQuota *api.Resourc
|
||||
func ValidateResourceQuotaStatusUpdate(newResourceQuota, oldResourceQuota *api.ResourceQuota) field.ErrorList {
|
||||
allErrs := ValidateObjectMetaUpdate(&newResourceQuota.ObjectMeta, &oldResourceQuota.ObjectMeta, field.NewPath("metadata"))
|
||||
if len(newResourceQuota.ResourceVersion) == 0 {
|
||||
allErrs = append(allErrs, field.Required(field.NewPath("resourceVersion")))
|
||||
allErrs = append(allErrs, field.Required(field.NewPath("resourceVersion"), ""))
|
||||
}
|
||||
fldPath := field.NewPath("status", "hard")
|
||||
for k, v := range newResourceQuota.Status.Hard {
|
||||
@ -1931,11 +1938,11 @@ func ValidateNamespaceStatusUpdate(newNamespace, oldNamespace *api.Namespace) fi
|
||||
newNamespace.Spec = oldNamespace.Spec
|
||||
if newNamespace.DeletionTimestamp.IsZero() {
|
||||
if newNamespace.Status.Phase != api.NamespaceActive {
|
||||
allErrs = append(allErrs, field.Invalid(field.NewPath("status", "Phase"), newNamespace.Status.Phase, "may only be in active status if it does not have a deletion timestamp."))
|
||||
allErrs = append(allErrs, field.Invalid(field.NewPath("status", "Phase"), newNamespace.Status.Phase, "may only be 'Active' if `deletionTimestamp` is empty"))
|
||||
}
|
||||
} else {
|
||||
if newNamespace.Status.Phase != api.NamespaceTerminating {
|
||||
allErrs = append(allErrs, field.Invalid(field.NewPath("status", "Phase"), newNamespace.Status.Phase, "may only be in terminating status if it has a deletion timestamp."))
|
||||
allErrs = append(allErrs, field.Invalid(field.NewPath("status", "Phase"), newNamespace.Status.Phase, "may only be 'Terminating' if `deletionTimestamp` is not empty"))
|
||||
}
|
||||
}
|
||||
return allErrs
|
||||
@ -1971,10 +1978,10 @@ func validateEndpointSubsets(subsets []api.EndpointSubset, fldPath *field.Path)
|
||||
|
||||
if len(ss.Addresses) == 0 && len(ss.NotReadyAddresses) == 0 {
|
||||
//TODO: consider adding a RequiredOneOf() error for this and similar cases
|
||||
allErrs = append(allErrs, field.Required(idxPath.Child("addresses or notReadyAddresses")))
|
||||
allErrs = append(allErrs, field.Required(idxPath, "must specify `addresses` or `notReadyAddresses`"))
|
||||
}
|
||||
if len(ss.Ports) == 0 {
|
||||
allErrs = append(allErrs, field.Required(idxPath.Child("ports")))
|
||||
allErrs = append(allErrs, field.Required(idxPath.Child("ports"), ""))
|
||||
}
|
||||
for addr := range ss.Addresses {
|
||||
allErrs = append(allErrs, validateEndpointAddress(&ss.Addresses[addr], idxPath.Child("addresses").Index(addr))...)
|
||||
@ -1990,7 +1997,7 @@ func validateEndpointSubsets(subsets []api.EndpointSubset, fldPath *field.Path)
|
||||
func validateEndpointAddress(address *api.EndpointAddress, fldPath *field.Path) field.ErrorList {
|
||||
allErrs := field.ErrorList{}
|
||||
if !validation.IsValidIPv4(address.IP) {
|
||||
allErrs = append(allErrs, field.Invalid(fldPath.Child("ip"), address.IP, "invalid IPv4 address"))
|
||||
allErrs = append(allErrs, field.Invalid(fldPath.Child("ip"), address.IP, "must be a valid IPv4 address"))
|
||||
return allErrs
|
||||
}
|
||||
return validateIpIsNotLinkLocalOrLoopback(address.IP, fldPath.Child("ip"))
|
||||
@ -2002,7 +2009,7 @@ func validateIpIsNotLinkLocalOrLoopback(ipAddress string, fldPath *field.Path) f
|
||||
allErrs := field.ErrorList{}
|
||||
ip := net.ParseIP(ipAddress)
|
||||
if ip == nil {
|
||||
allErrs = append(allErrs, field.Invalid(fldPath, ipAddress, "not a valid IP address"))
|
||||
allErrs = append(allErrs, field.Invalid(fldPath, ipAddress, "must be a valid IP address"))
|
||||
return allErrs
|
||||
}
|
||||
if ip.IsLoopback() {
|
||||
@ -2020,7 +2027,7 @@ func validateIpIsNotLinkLocalOrLoopback(ipAddress string, fldPath *field.Path) f
|
||||
func validateEndpointPort(port *api.EndpointPort, requireName bool, fldPath *field.Path) field.ErrorList {
|
||||
allErrs := field.ErrorList{}
|
||||
if requireName && len(port.Name) == 0 {
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("name")))
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("name"), ""))
|
||||
} else if len(port.Name) != 0 {
|
||||
if !validation.IsDNS1123Label(port.Name) {
|
||||
allErrs = append(allErrs, field.Invalid(fldPath.Child("name"), port.Name, DNS1123LabelErrorMsg))
|
||||
@ -2030,7 +2037,7 @@ func validateEndpointPort(port *api.EndpointPort, requireName bool, fldPath *fie
|
||||
allErrs = append(allErrs, field.Invalid(fldPath.Child("port"), port.Port, PortRangeErrorMsg))
|
||||
}
|
||||
if len(port.Protocol) == 0 {
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("protocol")))
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("protocol"), ""))
|
||||
} else if !supportedPortProtocols.Has(string(port.Protocol)) {
|
||||
allErrs = append(allErrs, field.NotSupported(fldPath.Child("protocol"), port.Protocol, supportedPortProtocols.List()))
|
||||
}
|
||||
@ -2054,13 +2061,13 @@ func ValidateSecurityContext(sc *api.SecurityContext, fldPath *field.Path) field
|
||||
|
||||
if sc.Privileged != nil {
|
||||
if *sc.Privileged && !capabilities.Get().AllowPrivileged {
|
||||
allErrs = append(allErrs, field.Forbidden(fldPath.Child("privileged"), sc.Privileged))
|
||||
allErrs = append(allErrs, field.Forbidden(fldPath.Child("privileged"), "disallowed by policy"))
|
||||
}
|
||||
}
|
||||
|
||||
if sc.RunAsUser != nil {
|
||||
if *sc.RunAsUser < 0 {
|
||||
allErrs = append(allErrs, field.Invalid(fldPath.Child("runAsUser"), *sc.RunAsUser, "cannot be negative"))
|
||||
allErrs = append(allErrs, field.Invalid(fldPath.Child("runAsUser"), *sc.RunAsUser, isNegativeErrorMsg))
|
||||
}
|
||||
}
|
||||
return allErrs
|
||||
@ -2069,17 +2076,17 @@ func ValidateSecurityContext(sc *api.SecurityContext, fldPath *field.Path) field
|
||||
func ValidatePodLogOptions(opts *api.PodLogOptions) field.ErrorList {
|
||||
allErrs := field.ErrorList{}
|
||||
if opts.TailLines != nil && *opts.TailLines < 0 {
|
||||
allErrs = append(allErrs, field.Invalid(field.NewPath("tailLines"), *opts.TailLines, "must be a non-negative integer or nil"))
|
||||
allErrs = append(allErrs, field.Invalid(field.NewPath("tailLines"), *opts.TailLines, isNegativeErrorMsg))
|
||||
}
|
||||
if opts.LimitBytes != nil && *opts.LimitBytes < 1 {
|
||||
allErrs = append(allErrs, field.Invalid(field.NewPath("limitBytes"), *opts.LimitBytes, "must be a positive integer or nil"))
|
||||
allErrs = append(allErrs, field.Invalid(field.NewPath("limitBytes"), *opts.LimitBytes, "must be greater than 0"))
|
||||
}
|
||||
switch {
|
||||
case opts.SinceSeconds != nil && opts.SinceTime != nil:
|
||||
allErrs = append(allErrs, field.Invalid(field.NewPath(""), *opts.SinceSeconds, "only one of sinceTime or sinceSeconds can be provided"))
|
||||
allErrs = append(allErrs, field.Forbidden(field.NewPath(""), "at most one of `sinceTime` or `sinceSeconds` may be specified"))
|
||||
case opts.SinceSeconds != nil:
|
||||
if *opts.SinceSeconds < 1 {
|
||||
allErrs = append(allErrs, field.Invalid(field.NewPath("sinceSeconds"), *opts.SinceSeconds, "must be a positive integer"))
|
||||
allErrs = append(allErrs, field.Invalid(field.NewPath("sinceSeconds"), *opts.SinceSeconds, "must be greater than 0"))
|
||||
}
|
||||
}
|
||||
return allErrs
|
||||
@ -2092,7 +2099,7 @@ func ValidateLoadBalancerStatus(status *api.LoadBalancerStatus, fldPath *field.P
|
||||
idxPath := fldPath.Child("ingress").Index(i)
|
||||
if len(ingress.IP) > 0 {
|
||||
if isIP := (net.ParseIP(ingress.IP) != nil); !isIP {
|
||||
allErrs = append(allErrs, field.Invalid(idxPath.Child("ip"), ingress.IP, "must be an IP address"))
|
||||
allErrs = append(allErrs, field.Invalid(idxPath.Child("ip"), ingress.IP, "must be a valid IP address"))
|
||||
}
|
||||
}
|
||||
if len(ingress.Hostname) > 0 {
|
||||
|
||||
@ -65,7 +65,7 @@ func TestValidateObjectMetaCustomName(t *testing.T) {
|
||||
func TestValidateObjectMetaNamespaces(t *testing.T) {
|
||||
errs := ValidateObjectMeta(
|
||||
&api.ObjectMeta{Name: "test", Namespace: "foo.bar"},
|
||||
false,
|
||||
true,
|
||||
func(s string, prefix bool) (bool, string) {
|
||||
return true, ""
|
||||
},
|
||||
@ -84,7 +84,7 @@ func TestValidateObjectMetaNamespaces(t *testing.T) {
|
||||
}
|
||||
errs = ValidateObjectMeta(
|
||||
&api.ObjectMeta{Name: "test", Namespace: string(b)},
|
||||
false,
|
||||
true,
|
||||
func(s string, prefix bool) (bool, string) {
|
||||
return true, ""
|
||||
},
|
||||
@ -629,7 +629,7 @@ func TestValidateVolumes(t *testing.T) {
|
||||
},
|
||||
"absolute path": {
|
||||
[]api.Volume{{Name: "absolutepath", VolumeSource: absolutePathName}},
|
||||
field.ErrorTypeForbidden,
|
||||
field.ErrorTypeInvalid,
|
||||
"downwardAPI.path", "",
|
||||
},
|
||||
"dot dot path": {
|
||||
@ -674,7 +674,7 @@ func TestValidateVolumes(t *testing.T) {
|
||||
},
|
||||
"absolute target": {
|
||||
[]api.Volume{{Name: "absolutetarget", VolumeSource: absPath}},
|
||||
field.ErrorTypeForbidden,
|
||||
field.ErrorTypeInvalid,
|
||||
"gitRepo.directory", "",
|
||||
},
|
||||
}
|
||||
@ -843,7 +843,7 @@ func TestValidateEnv(t *testing.T) {
|
||||
},
|
||||
},
|
||||
}},
|
||||
expectedError: "[0].valueFrom: invalid value '', Details: sources cannot be specified when value is not empty",
|
||||
expectedError: "[0].valueFrom: invalid value '', Details: may not be specified when `value` is not empty",
|
||||
},
|
||||
{
|
||||
name: "missing FieldPath on ObjectFieldSelector",
|
||||
@ -3314,7 +3314,7 @@ func TestValidateLimitRange(t *testing.T) {
|
||||
},
|
||||
},
|
||||
}},
|
||||
"not supported when limit type is Pod",
|
||||
"may not be specified when `type` is 'Pod'",
|
||||
},
|
||||
"default-request-limit-type-pod": {
|
||||
api.LimitRange{ObjectMeta: api.ObjectMeta{Name: "abc", Namespace: "foo"}, Spec: api.LimitRangeSpec{
|
||||
@ -3327,7 +3327,7 @@ func TestValidateLimitRange(t *testing.T) {
|
||||
},
|
||||
},
|
||||
}},
|
||||
"not supported when limit type is Pod",
|
||||
"may not be specified when `type` is 'Pod'",
|
||||
},
|
||||
"min value 100m is greater than max value 10m": {
|
||||
api.LimitRange{ObjectMeta: api.ObjectMeta{Name: "abc", Namespace: "foo"}, Spec: api.LimitRangeSpec{
|
||||
@ -4002,7 +4002,7 @@ func TestValidateEndpoints(t *testing.T) {
|
||||
},
|
||||
},
|
||||
errorType: "FieldValueInvalid",
|
||||
errorDetail: "invalid IPv4 address",
|
||||
errorDetail: "must be a valid IPv4 address",
|
||||
},
|
||||
"Multiple ports, one without name": {
|
||||
endpoints: api.Endpoints{
|
||||
@ -4052,7 +4052,7 @@ func TestValidateEndpoints(t *testing.T) {
|
||||
},
|
||||
},
|
||||
errorType: "FieldValueInvalid",
|
||||
errorDetail: "invalid IPv4 address",
|
||||
errorDetail: "must be a valid IPv4 address",
|
||||
},
|
||||
"Port missing number": {
|
||||
endpoints: api.Endpoints{
|
||||
@ -4122,7 +4122,7 @@ func TestValidateEndpoints(t *testing.T) {
|
||||
|
||||
for k, v := range errorCases {
|
||||
if errs := ValidateEndpoints(&v.endpoints); len(errs) == 0 || errs[0].Type != v.errorType || !strings.Contains(errs[0].Detail, v.errorDetail) {
|
||||
t.Errorf("Expected error type %s with detail %s for %s, got %v", v.errorType, v.errorDetail, k, errs)
|
||||
t.Errorf("[%s] Expected error type %s with detail %q, got %v", k, v.errorType, v.errorDetail, errs)
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -4172,7 +4172,7 @@ func TestValidateSecurityContext(t *testing.T) {
|
||||
}
|
||||
for k, v := range successCases {
|
||||
if errs := ValidateSecurityContext(v.sc, field.NewPath("field")); len(errs) != 0 {
|
||||
t.Errorf("[%s Expected success, got %v", k, errs)
|
||||
t.Errorf("[%s] Expected success, got %v", k, errs)
|
||||
}
|
||||
}
|
||||
|
||||
@ -4192,12 +4192,12 @@ func TestValidateSecurityContext(t *testing.T) {
|
||||
"request privileged when capabilities forbids": {
|
||||
sc: privRequestWithGlobalDeny,
|
||||
errorType: "FieldValueForbidden",
|
||||
errorDetail: "",
|
||||
errorDetail: "disallowed by policy",
|
||||
},
|
||||
"negative RunAsUser": {
|
||||
sc: negativeRunAsUser,
|
||||
errorType: "FieldValueInvalid",
|
||||
errorDetail: "cannot be negative",
|
||||
errorDetail: isNegativeErrorMsg,
|
||||
},
|
||||
}
|
||||
for k, v := range errorCases {
|
||||
|
||||
@ -43,16 +43,16 @@ func ValidateHorizontalPodAutoscalerName(name string, prefix bool) (bool, string
|
||||
func validateHorizontalPodAutoscalerSpec(autoscaler extensions.HorizontalPodAutoscalerSpec, fldPath *field.Path) field.ErrorList {
|
||||
allErrs := field.ErrorList{}
|
||||
if autoscaler.MinReplicas != nil && *autoscaler.MinReplicas < 1 {
|
||||
allErrs = append(allErrs, field.Invalid(fldPath.Child("minReplicas"), autoscaler.MinReplicas, `must be greater than or equal to 1`))
|
||||
allErrs = append(allErrs, field.Invalid(fldPath.Child("minReplicas"), *autoscaler.MinReplicas, "must be greater than 0"))
|
||||
}
|
||||
if autoscaler.MaxReplicas < 1 {
|
||||
allErrs = append(allErrs, field.Invalid(fldPath.Child("maxReplicas"), autoscaler.MaxReplicas, `must be greater than or equal to 1`))
|
||||
allErrs = append(allErrs, field.Invalid(fldPath.Child("maxReplicas"), autoscaler.MaxReplicas, "must be greater than 0"))
|
||||
}
|
||||
if autoscaler.MinReplicas != nil && autoscaler.MaxReplicas < *autoscaler.MinReplicas {
|
||||
allErrs = append(allErrs, field.Invalid(fldPath.Child("maxReplicas"), autoscaler.MaxReplicas, `must be greater than or equal to minReplicas`))
|
||||
allErrs = append(allErrs, field.Invalid(fldPath.Child("maxReplicas"), autoscaler.MaxReplicas, "must be greater than or equal to `minReplicas`"))
|
||||
}
|
||||
if autoscaler.CPUUtilization != nil && autoscaler.CPUUtilization.TargetPercentage < 1 {
|
||||
allErrs = append(allErrs, field.Invalid(fldPath.Child("cpuUtilization", "targetPercentage"), autoscaler.CPUUtilization.TargetPercentage, `must be greater than or equal to 1`))
|
||||
allErrs = append(allErrs, field.Invalid(fldPath.Child("cpuUtilization", "targetPercentage"), autoscaler.CPUUtilization.TargetPercentage, "must be greater than 0"))
|
||||
}
|
||||
if refErrs := ValidateSubresourceReference(autoscaler.ScaleRef, fldPath.Child("scaleRef")); len(refErrs) > 0 {
|
||||
allErrs = append(allErrs, refErrs...)
|
||||
@ -65,19 +65,19 @@ func validateHorizontalPodAutoscalerSpec(autoscaler extensions.HorizontalPodAuto
|
||||
func ValidateSubresourceReference(ref extensions.SubresourceReference, fldPath *field.Path) field.ErrorList {
|
||||
allErrs := field.ErrorList{}
|
||||
if len(ref.Kind) == 0 {
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("kind")))
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("kind"), ""))
|
||||
} else if ok, msg := apivalidation.IsValidPathSegmentName(ref.Kind); !ok {
|
||||
allErrs = append(allErrs, field.Invalid(fldPath.Child("kind"), ref.Kind, msg))
|
||||
}
|
||||
|
||||
if len(ref.Name) == 0 {
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("name")))
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("name"), ""))
|
||||
} else if ok, msg := apivalidation.IsValidPathSegmentName(ref.Name); !ok {
|
||||
allErrs = append(allErrs, field.Invalid(fldPath.Child("name"), ref.Name, msg))
|
||||
}
|
||||
|
||||
if len(ref.Subresource) == 0 {
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("subresource")))
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("subresource"), ""))
|
||||
} else if ok, msg := apivalidation.IsValidPathSegmentName(ref.Subresource); !ok {
|
||||
allErrs = append(allErrs, field.Invalid(fldPath.Child("subresource"), ref.Subresource, msg))
|
||||
}
|
||||
@ -123,7 +123,7 @@ func ValidateThirdPartyResource(obj *extensions.ThirdPartyResource) field.ErrorL
|
||||
for ix := range obj.Versions {
|
||||
version := &obj.Versions[ix]
|
||||
if len(version.Name) == 0 {
|
||||
allErrs = append(allErrs, field.Invalid(field.NewPath("versions").Index(ix).Child("name"), version, "can not be empty"))
|
||||
allErrs = append(allErrs, field.Invalid(field.NewPath("versions").Index(ix).Child("name"), version, "must not be empty"))
|
||||
}
|
||||
if versions.Has(version.Name) {
|
||||
allErrs = append(allErrs, field.Duplicate(field.NewPath("versions").Index(ix).Child("name"), version))
|
||||
@ -174,7 +174,7 @@ func ValidateDaemonSetTemplateUpdate(podTemplate, oldPodTemplate *api.PodTemplat
|
||||
// In particular, we do not allow updates to container images at this point.
|
||||
if !api.Semantic.DeepEqual(oldPodTemplate.Spec, podSpec) {
|
||||
// TODO: Pinpoint the specific field that causes the invalid error after we have strategic merge diff
|
||||
allErrs = append(allErrs, field.Invalid(fldPath.Child("spec"), "content of spec is not printed out, please refer to the \"details\"", "may not update fields other than spec.nodeSelector"))
|
||||
allErrs = append(allErrs, field.Forbidden(fldPath.Child("spec"), "daemonSet updates may not change fields other than `nodeSelector`"))
|
||||
}
|
||||
return allErrs
|
||||
}
|
||||
@ -186,13 +186,13 @@ func ValidateDaemonSetSpec(spec *extensions.DaemonSetSpec, fldPath *field.Path)
|
||||
allErrs = append(allErrs, ValidateLabelSelector(spec.Selector, fldPath.Child("selector"))...)
|
||||
|
||||
if spec.Template == nil {
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("template")))
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("template"), ""))
|
||||
return allErrs
|
||||
}
|
||||
|
||||
selector, err := extensions.LabelSelectorAsSelector(spec.Selector)
|
||||
if err == nil && !selector.Matches(labels.Set(spec.Template.Labels)) {
|
||||
allErrs = append(allErrs, field.Invalid(fldPath.Child("template", "metadata", "labels"), spec.Template.Labels, "selector does not match template"))
|
||||
allErrs = append(allErrs, field.Invalid(fldPath.Child("template", "metadata", "labels"), spec.Template.Labels, "`selector` does not match template `labels`"))
|
||||
}
|
||||
|
||||
allErrs = append(allErrs, apivalidation.ValidatePodTemplateSpec(spec.Template, fldPath.Child("template"))...)
|
||||
@ -222,7 +222,7 @@ func ValidatePositiveIntOrPercent(intOrPercent intstr.IntOrString, fldPath *fiel
|
||||
allErrs := field.ErrorList{}
|
||||
if intOrPercent.Type == intstr.String {
|
||||
if !validation.IsValidPercent(intOrPercent.StrVal) {
|
||||
allErrs = append(allErrs, field.Invalid(fldPath, intOrPercent, "should be int(5) or percentage(5%)"))
|
||||
allErrs = append(allErrs, field.Invalid(fldPath, intOrPercent, "must be an integer or percentage (e.g '5%')"))
|
||||
}
|
||||
} else if intOrPercent.Type == intstr.Int {
|
||||
allErrs = append(allErrs, apivalidation.ValidatePositiveField(int64(intOrPercent.IntValue()), fldPath)...)
|
||||
@ -252,7 +252,7 @@ func IsNotMoreThan100Percent(intOrStringValue intstr.IntOrString, fldPath *field
|
||||
if !isPercent || value <= 100 {
|
||||
return nil
|
||||
}
|
||||
allErrs = append(allErrs, field.Invalid(fldPath, intOrStringValue, "should not be more than 100%"))
|
||||
allErrs = append(allErrs, field.Invalid(fldPath, intOrStringValue, "must not be greater than 100%"))
|
||||
return allErrs
|
||||
}
|
||||
|
||||
@ -262,7 +262,7 @@ func ValidateRollingUpdateDeployment(rollingUpdate *extensions.RollingUpdateDepl
|
||||
allErrs = append(allErrs, ValidatePositiveIntOrPercent(rollingUpdate.MaxSurge, fldPath.Child("maxSurge"))...)
|
||||
if getIntOrPercentValue(rollingUpdate.MaxUnavailable) == 0 && getIntOrPercentValue(rollingUpdate.MaxSurge) == 0 {
|
||||
// Both MaxSurge and MaxUnavailable cannot be zero.
|
||||
allErrs = append(allErrs, field.Invalid(fldPath.Child("maxUnavailable"), rollingUpdate.MaxUnavailable, "cannot be 0 when maxSurge is 0 as well"))
|
||||
allErrs = append(allErrs, field.Invalid(fldPath.Child("maxUnavailable"), rollingUpdate.MaxUnavailable, "may not be 0 when `maxSurge` is 0"))
|
||||
}
|
||||
// Validate that MaxUnavailable is not more than 100%.
|
||||
allErrs = append(allErrs, IsNotMoreThan100Percent(rollingUpdate.MaxUnavailable, fldPath.Child("maxUnavailable"))...)
|
||||
@ -277,7 +277,7 @@ func ValidateDeploymentStrategy(strategy *extensions.DeploymentStrategy, fldPath
|
||||
}
|
||||
switch strategy.Type {
|
||||
case extensions.RecreateDeploymentStrategyType:
|
||||
allErrs = append(allErrs, field.Forbidden(fldPath.Child("rollingUpdate"), "should be nil when strategy type is "+extensions.RecreateDeploymentStrategyType))
|
||||
allErrs = append(allErrs, field.Forbidden(fldPath.Child("rollingUpdate"), "may not be specified when strategy `type` is '"+string(extensions.RecreateDeploymentStrategyType+"'")))
|
||||
case extensions.RollingUpdateDeploymentStrategyType:
|
||||
allErrs = append(allErrs, ValidateRollingUpdateDeployment(strategy.RollingUpdate, fldPath.Child("rollingUpdate"))...)
|
||||
}
|
||||
@ -317,7 +317,7 @@ func ValidateThirdPartyResourceDataUpdate(update, old *extensions.ThirdPartyReso
|
||||
func ValidateThirdPartyResourceData(obj *extensions.ThirdPartyResourceData) field.ErrorList {
|
||||
allErrs := field.ErrorList{}
|
||||
if len(obj.Name) == 0 {
|
||||
allErrs = append(allErrs, field.Invalid(field.NewPath("name"), obj.Name, "must be non-empty"))
|
||||
allErrs = append(allErrs, field.Required(field.NewPath("name"), ""))
|
||||
}
|
||||
return allErrs
|
||||
}
|
||||
@ -342,7 +342,7 @@ func ValidateJobSpec(spec *extensions.JobSpec, fldPath *field.Path) field.ErrorL
|
||||
allErrs = append(allErrs, apivalidation.ValidatePositiveField(int64(*spec.ActiveDeadlineSeconds), fldPath.Child("activeDeadlineSeconds"))...)
|
||||
}
|
||||
if spec.Selector == nil {
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("selector")))
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("selector"), ""))
|
||||
} else {
|
||||
allErrs = append(allErrs, ValidateLabelSelector(spec.Selector, fldPath.Child("selector"))...)
|
||||
}
|
||||
@ -350,7 +350,7 @@ func ValidateJobSpec(spec *extensions.JobSpec, fldPath *field.Path) field.ErrorL
|
||||
if selector, err := extensions.LabelSelectorAsSelector(spec.Selector); err == nil {
|
||||
labels := labels.Set(spec.Template.Labels)
|
||||
if !selector.Matches(labels) {
|
||||
allErrs = append(allErrs, field.Invalid(fldPath.Child("template", "metadata", "labels"), spec.Template.Labels, "selector does not match template"))
|
||||
allErrs = append(allErrs, field.Invalid(fldPath.Child("template", "metadata", "labels"), spec.Template.Labels, "`selector` does not match template `labels`"))
|
||||
}
|
||||
}
|
||||
|
||||
@ -417,7 +417,7 @@ func ValidateIngressSpec(spec *extensions.IngressSpec, fldPath *field.Path) fiel
|
||||
if spec.Backend != nil {
|
||||
allErrs = append(allErrs, validateIngressBackend(spec.Backend, fldPath.Child("backend"))...)
|
||||
} else if len(spec.Rules) == 0 {
|
||||
allErrs = append(allErrs, field.Invalid(fldPath, spec.Rules, "either a default backend or a set of host rules are required for ingress."))
|
||||
allErrs = append(allErrs, field.Invalid(fldPath, spec.Rules, "either `backend` or `rules` must be specified"))
|
||||
}
|
||||
if len(spec.Rules) > 0 {
|
||||
allErrs = append(allErrs, validateIngressRules(spec.Rules, fldPath.Child("rules"))...)
|
||||
@ -442,7 +442,7 @@ func ValidateIngressStatusUpdate(ingress, oldIngress *extensions.Ingress) field.
|
||||
func validateIngressRules(IngressRules []extensions.IngressRule, fldPath *field.Path) field.ErrorList {
|
||||
allErrs := field.ErrorList{}
|
||||
if len(IngressRules) == 0 {
|
||||
return append(allErrs, field.Required(fldPath))
|
||||
return append(allErrs, field.Required(fldPath, ""))
|
||||
}
|
||||
for i, ih := range IngressRules {
|
||||
if len(ih.Host) > 0 {
|
||||
@ -471,12 +471,12 @@ func validateIngressRuleValue(ingressRule *extensions.IngressRuleValue, fldPath
|
||||
func validateHTTPIngressRuleValue(httpIngressRuleValue *extensions.HTTPIngressRuleValue, fldPath *field.Path) field.ErrorList {
|
||||
allErrs := field.ErrorList{}
|
||||
if len(httpIngressRuleValue.Paths) == 0 {
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("paths")))
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("paths"), ""))
|
||||
}
|
||||
for i, rule := range httpIngressRuleValue.Paths {
|
||||
if len(rule.Path) > 0 {
|
||||
if !strings.HasPrefix(rule.Path, "/") {
|
||||
allErrs = append(allErrs, field.Invalid(fldPath.Child("paths").Index(i).Child("path"), rule.Path, "must begin with '/'"))
|
||||
allErrs = append(allErrs, field.Invalid(fldPath.Child("paths").Index(i).Child("path"), rule.Path, "must be an absolute path"))
|
||||
}
|
||||
// TODO: More draconian path regex validation.
|
||||
// Path must be a valid regex. This is the basic requirement.
|
||||
@ -503,7 +503,7 @@ func validateIngressBackend(backend *extensions.IngressBackend, fldPath *field.P
|
||||
|
||||
// All backends must reference a single local service by name, and a single service port by name or number.
|
||||
if len(backend.ServiceName) == 0 {
|
||||
return append(allErrs, field.Required(fldPath.Child("serviceName")))
|
||||
return append(allErrs, field.Required(fldPath.Child("serviceName"), ""))
|
||||
} else if ok, errMsg := apivalidation.ValidateServiceName(backend.ServiceName, false); !ok {
|
||||
allErrs = append(allErrs, field.Invalid(fldPath.Child("serviceName"), backend.ServiceName, errMsg))
|
||||
}
|
||||
@ -523,23 +523,23 @@ func validateIngressBackend(backend *extensions.IngressBackend, fldPath *field.P
|
||||
func validateClusterAutoscalerSpec(spec extensions.ClusterAutoscalerSpec, fldPath *field.Path) field.ErrorList {
|
||||
allErrs := field.ErrorList{}
|
||||
if spec.MinNodes < 0 {
|
||||
allErrs = append(allErrs, field.Invalid(fldPath.Child("minNodes"), spec.MinNodes, `must be non-negative`))
|
||||
allErrs = append(allErrs, field.Invalid(fldPath.Child("minNodes"), spec.MinNodes, "must be greater than or equal to 0"))
|
||||
}
|
||||
if spec.MaxNodes < spec.MinNodes {
|
||||
allErrs = append(allErrs, field.Invalid(fldPath.Child("maxNodes"), spec.MaxNodes, `must be greater than or equal to minNodes`))
|
||||
allErrs = append(allErrs, field.Invalid(fldPath.Child("maxNodes"), spec.MaxNodes, "must be greater than or equal to `minNodes`"))
|
||||
}
|
||||
if len(spec.TargetUtilization) == 0 {
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("targetUtilization")))
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("targetUtilization"), ""))
|
||||
}
|
||||
for _, target := range spec.TargetUtilization {
|
||||
if len(target.Resource) == 0 {
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("targetUtilization", "resource")))
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("targetUtilization", "resource"), ""))
|
||||
}
|
||||
if target.Value <= 0 {
|
||||
allErrs = append(allErrs, field.Invalid(fldPath.Child("targetUtilization", "value"), target.Value, "must be greater than 0"))
|
||||
}
|
||||
if target.Value > 1 {
|
||||
allErrs = append(allErrs, field.Invalid(fldPath.Child("targetUtilization", "value"), target.Value, "must be less or equal 1"))
|
||||
allErrs = append(allErrs, field.Invalid(fldPath.Child("targetUtilization", "value"), target.Value, "must be less than or equal to 1"))
|
||||
}
|
||||
}
|
||||
return allErrs
|
||||
@ -548,10 +548,10 @@ func validateClusterAutoscalerSpec(spec extensions.ClusterAutoscalerSpec, fldPat
|
||||
func ValidateClusterAutoscaler(autoscaler *extensions.ClusterAutoscaler) field.ErrorList {
|
||||
allErrs := field.ErrorList{}
|
||||
if autoscaler.Name != "ClusterAutoscaler" {
|
||||
allErrs = append(allErrs, field.Invalid(field.NewPath("metadata", "name"), autoscaler.Name, `must be ClusterAutoscaler`))
|
||||
allErrs = append(allErrs, field.Invalid(field.NewPath("metadata", "name"), autoscaler.Name, "must be 'ClusterAutoscaler'"))
|
||||
}
|
||||
if autoscaler.Namespace != api.NamespaceDefault {
|
||||
allErrs = append(allErrs, field.Invalid(field.NewPath("metadata", "namespace"), autoscaler.Namespace, `must be default`))
|
||||
allErrs = append(allErrs, field.Invalid(field.NewPath("metadata", "namespace"), autoscaler.Namespace, "must be 'default'"))
|
||||
}
|
||||
allErrs = append(allErrs, validateClusterAutoscalerSpec(autoscaler.Spec, field.NewPath("spec"))...)
|
||||
return allErrs
|
||||
@ -574,14 +574,14 @@ func ValidateLabelSelectorRequirement(sr extensions.LabelSelectorRequirement, fl
|
||||
switch sr.Operator {
|
||||
case extensions.LabelSelectorOpIn, extensions.LabelSelectorOpNotIn:
|
||||
if len(sr.Values) == 0 {
|
||||
allErrs = append(allErrs, field.Invalid(fldPath.Child("values"), sr.Values, "must be non-empty when operator is In or NotIn"))
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("values"), "must be specified when `operator` is 'In' or 'NotIn'"))
|
||||
}
|
||||
case extensions.LabelSelectorOpExists, extensions.LabelSelectorOpDoesNotExist:
|
||||
if len(sr.Values) > 0 {
|
||||
allErrs = append(allErrs, field.Invalid(fldPath.Child("values"), sr.Values, "must be empty when operator is Exists or DoesNotExist"))
|
||||
allErrs = append(allErrs, field.Forbidden(fldPath.Child("values"), "may not be specified when `operator` is 'Exists' or 'DoesNotExist'"))
|
||||
}
|
||||
default:
|
||||
allErrs = append(allErrs, field.Invalid(fldPath.Child("operator"), sr.Operator, "not a valid pod selector operator"))
|
||||
allErrs = append(allErrs, field.Invalid(fldPath.Child("operator"), sr.Operator, "not a valid selector operator"))
|
||||
}
|
||||
allErrs = append(allErrs, apivalidation.ValidateLabelName(sr.Key, fldPath.Child("key"))...)
|
||||
return allErrs
|
||||
@ -592,7 +592,7 @@ func ValidateScale(scale *extensions.Scale) field.ErrorList {
|
||||
allErrs = append(allErrs, apivalidation.ValidateObjectMeta(&scale.ObjectMeta, true, apivalidation.NameIsDNSSubdomain, field.NewPath("metadata"))...)
|
||||
|
||||
if scale.Spec.Replicas < 0 {
|
||||
allErrs = append(allErrs, field.Invalid(field.NewPath("spec", "replicas"), scale.Spec.Replicas, "must be non-negative"))
|
||||
allErrs = append(allErrs, field.Invalid(field.NewPath("spec", "replicas"), scale.Spec.Replicas, "must be greater than or equal to 0"))
|
||||
}
|
||||
|
||||
return allErrs
|
||||
|
||||
@ -168,7 +168,7 @@ func TestValidateHorizontalPodAutoscaler(t *testing.T) {
|
||||
MaxReplicas: 5,
|
||||
},
|
||||
},
|
||||
msg: "must be greater than or equal to 1",
|
||||
msg: "must be greater than 0",
|
||||
},
|
||||
{
|
||||
horizontalPodAutoscaler: extensions.HorizontalPodAutoscaler{
|
||||
@ -184,7 +184,7 @@ func TestValidateHorizontalPodAutoscaler(t *testing.T) {
|
||||
MaxReplicas: 5,
|
||||
},
|
||||
},
|
||||
msg: "must be greater than or equal to minReplicas",
|
||||
msg: "must be greater than or equal to `minReplicas`",
|
||||
},
|
||||
{
|
||||
horizontalPodAutoscaler: extensions.HorizontalPodAutoscaler{
|
||||
@ -201,7 +201,7 @@ func TestValidateHorizontalPodAutoscaler(t *testing.T) {
|
||||
CPUUtilization: &extensions.CPUTargetUtilization{TargetPercentage: -70},
|
||||
},
|
||||
},
|
||||
msg: "must be greater than or equal to 1",
|
||||
msg: "must be greater than 0",
|
||||
},
|
||||
}
|
||||
|
||||
@ -746,7 +746,7 @@ func TestValidateDeployment(t *testing.T) {
|
||||
invalidSelectorDeployment.Spec.Selector = map[string]string{
|
||||
"name": "def",
|
||||
}
|
||||
errorCases["selector does not match labels"] = invalidSelectorDeployment
|
||||
errorCases["`selector` does not match template `labels`"] = invalidSelectorDeployment
|
||||
|
||||
// RestartPolicy should be always.
|
||||
invalidRestartPolicyDeployment := validDeployment()
|
||||
@ -764,7 +764,7 @@ func TestValidateDeployment(t *testing.T) {
|
||||
Type: extensions.RecreateDeploymentStrategyType,
|
||||
RollingUpdate: &extensions.RollingUpdateDeployment{},
|
||||
}
|
||||
errorCases["should be nil when strategy type is Recreate"] = invalidRecreateDeployment
|
||||
errorCases["may not be specified when strategy `type` is 'Recreate'"] = invalidRecreateDeployment
|
||||
|
||||
// MaxSurge should be in the form of 20%.
|
||||
invalidMaxSurgeDeployment := validDeployment()
|
||||
@ -774,7 +774,7 @@ func TestValidateDeployment(t *testing.T) {
|
||||
MaxSurge: intstr.FromString("20Percent"),
|
||||
},
|
||||
}
|
||||
errorCases["should be int(5) or percentage(5%)"] = invalidMaxSurgeDeployment
|
||||
errorCases["must be an integer or percentage"] = invalidMaxSurgeDeployment
|
||||
|
||||
// MaxSurge and MaxUnavailable cannot both be zero.
|
||||
invalidRollingUpdateDeployment := validDeployment()
|
||||
@ -785,7 +785,7 @@ func TestValidateDeployment(t *testing.T) {
|
||||
MaxUnavailable: intstr.FromInt(0),
|
||||
},
|
||||
}
|
||||
errorCases["cannot be 0 when maxSurge is 0 as well"] = invalidRollingUpdateDeployment
|
||||
errorCases["may not be 0 when `maxSurge` is 0"] = invalidRollingUpdateDeployment
|
||||
|
||||
// MaxUnavailable should not be more than 100%.
|
||||
invalidMaxUnavailableDeployment := validDeployment()
|
||||
@ -795,14 +795,14 @@ func TestValidateDeployment(t *testing.T) {
|
||||
MaxUnavailable: intstr.FromString("110%"),
|
||||
},
|
||||
}
|
||||
errorCases["should not be more than 100%"] = invalidMaxUnavailableDeployment
|
||||
errorCases["must not be greater than 100%"] = invalidMaxUnavailableDeployment
|
||||
|
||||
for k, v := range errorCases {
|
||||
errs := ValidateDeployment(v)
|
||||
if len(errs) == 0 {
|
||||
t.Errorf("expected failure for %s", k)
|
||||
t.Errorf("[%s] expected failure", k)
|
||||
} else if !strings.Contains(errs[0].Error(), k) {
|
||||
t.Errorf("unexpected error: %v, expected: %s", errs[0], k)
|
||||
t.Errorf("unexpected error: %v, expected: %q", errs[0], k)
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -841,7 +841,7 @@ func TestValidateJob(t *testing.T) {
|
||||
negative := -1
|
||||
negative64 := int64(-1)
|
||||
errorCases := map[string]extensions.Job{
|
||||
"spec.parallelism:must be non-negative": {
|
||||
"spec.parallelism:must be greater than or equal to 0": {
|
||||
ObjectMeta: api.ObjectMeta{
|
||||
Name: "myjob",
|
||||
Namespace: api.NamespaceDefault,
|
||||
@ -852,7 +852,7 @@ func TestValidateJob(t *testing.T) {
|
||||
Template: validPodTemplateSpec,
|
||||
},
|
||||
},
|
||||
"spec.completions:must be non-negative": {
|
||||
"spec.completions:must be greater than or equal to 0": {
|
||||
ObjectMeta: api.ObjectMeta{
|
||||
Name: "myjob",
|
||||
Namespace: api.NamespaceDefault,
|
||||
@ -863,7 +863,7 @@ func TestValidateJob(t *testing.T) {
|
||||
Template: validPodTemplateSpec,
|
||||
},
|
||||
},
|
||||
"spec.activeDeadlineSeconds:must be non-negative": {
|
||||
"spec.activeDeadlineSeconds:must be greater than or equal to 0": {
|
||||
ObjectMeta: api.ObjectMeta{
|
||||
Name: "myjob",
|
||||
Namespace: api.NamespaceDefault,
|
||||
@ -883,7 +883,7 @@ func TestValidateJob(t *testing.T) {
|
||||
Template: validPodTemplateSpec,
|
||||
},
|
||||
},
|
||||
"spec.template.metadata.labels: invalid value 'map[y:z]', Details: selector does not match template": {
|
||||
"spec.template.metadata.labels: invalid value 'map[y:z]', Details: selector does not match template `labels`": {
|
||||
ObjectMeta: api.ObjectMeta{
|
||||
Name: "myjob",
|
||||
Namespace: api.NamespaceDefault,
|
||||
@ -1155,7 +1155,7 @@ func TestValidateClusterAutoscaler(t *testing.T) {
|
||||
}
|
||||
|
||||
errorCases := map[string]extensions.ClusterAutoscaler{
|
||||
"must be ClusterAutoscaler": {
|
||||
"must be 'ClusterAutoscaler'": {
|
||||
ObjectMeta: api.ObjectMeta{
|
||||
Name: "TestClusterAutoscaler",
|
||||
Namespace: api.NamespaceDefault,
|
||||
@ -1171,7 +1171,7 @@ func TestValidateClusterAutoscaler(t *testing.T) {
|
||||
},
|
||||
},
|
||||
},
|
||||
"must be default": {
|
||||
"must be 'default'": {
|
||||
ObjectMeta: api.ObjectMeta{
|
||||
Name: "ClusterAutoscaler",
|
||||
Namespace: "test",
|
||||
@ -1188,7 +1188,7 @@ func TestValidateClusterAutoscaler(t *testing.T) {
|
||||
},
|
||||
},
|
||||
|
||||
`must be non-negative`: {
|
||||
`must be greater than or equal to 0`: {
|
||||
ObjectMeta: api.ObjectMeta{
|
||||
Name: "ClusterAutoscaler",
|
||||
Namespace: api.NamespaceDefault,
|
||||
@ -1204,7 +1204,7 @@ func TestValidateClusterAutoscaler(t *testing.T) {
|
||||
},
|
||||
},
|
||||
},
|
||||
`must be greater than or equal to minNodes`: {
|
||||
"must be greater than or equal to `minNodes`": {
|
||||
ObjectMeta: api.ObjectMeta{
|
||||
Name: "ClusterAutoscaler",
|
||||
Namespace: api.NamespaceDefault,
|
||||
@ -1236,9 +1236,9 @@ func TestValidateClusterAutoscaler(t *testing.T) {
|
||||
for k, v := range errorCases {
|
||||
errs := ValidateClusterAutoscaler(&v)
|
||||
if len(errs) == 0 {
|
||||
t.Errorf("expected failure for %s", k)
|
||||
t.Errorf("[%s] expected failure", k)
|
||||
} else if !strings.Contains(errs[0].Error(), k) {
|
||||
t.Errorf("unexpected error: %v, expected: %s", errs[0], k)
|
||||
t.Errorf("unexpected error: %v, expected: %q", errs[0], k)
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -1294,7 +1294,7 @@ func TestValidateScale(t *testing.T) {
|
||||
Replicas: -1,
|
||||
},
|
||||
},
|
||||
msg: "must be non-negative",
|
||||
msg: "must be greater than or equal to 0",
|
||||
},
|
||||
}
|
||||
|
||||
|
||||
@ -105,17 +105,17 @@ func TestValidateLogFlags(t *testing.T) {
|
||||
{
|
||||
name: "since & since-time",
|
||||
flags: map[string]string{"since": "1h", "since-time": "2006-01-02T15:04:05Z"},
|
||||
expected: "only one of sinceTime or sinceSeconds can be provided",
|
||||
expected: "at most one of `sinceTime` or `sinceSeconds` may be specified",
|
||||
},
|
||||
{
|
||||
name: "negative limit-bytes",
|
||||
flags: map[string]string{"limit-bytes": "-100"},
|
||||
expected: "limitBytes must be a positive integer or nil",
|
||||
expected: "must be greater than 0",
|
||||
},
|
||||
{
|
||||
name: "negative tail",
|
||||
flags: map[string]string{"tail": "-100"},
|
||||
expected: "tailLines must be a non-negative integer or nil",
|
||||
expected: "must be greater than or equal to 0",
|
||||
},
|
||||
}
|
||||
for _, test := range tests {
|
||||
|
||||
@ -47,7 +47,7 @@ func (v *Error) ErrorBody() string {
|
||||
var s string
|
||||
switch v.Type {
|
||||
case ErrorTypeRequired, ErrorTypeTooLong, ErrorTypeInternal:
|
||||
s = spew.Sprintf("%s", v.Type)
|
||||
s = fmt.Sprintf("%s", v.Type)
|
||||
default:
|
||||
s = spew.Sprintf("%s '%+v'", v.Type, v.BadValue)
|
||||
}
|
||||
@ -65,11 +65,11 @@ type ErrorType string
|
||||
// TODO: These values are duplicated in api/types.go, but there's a circular dep. Fix it.
|
||||
const (
|
||||
// ErrorTypeNotFound is used to report failure to find a requested value
|
||||
// (e.g. looking up an ID). See NewNotFoundError.
|
||||
// (e.g. looking up an ID). See NotFound().
|
||||
ErrorTypeNotFound ErrorType = "FieldValueNotFound"
|
||||
// ErrorTypeRequired is used to report required values that are not
|
||||
// provided (e.g. empty strings, null values, or empty arrays). See
|
||||
// NewRequiredError.
|
||||
// Required().
|
||||
ErrorTypeRequired ErrorType = "FieldValueRequired"
|
||||
// ErrorTypeDuplicate is used to report collisions of values that must be
|
||||
// unique (e.g. unique IDs). See Duplicate().
|
||||
@ -90,7 +90,7 @@ const (
|
||||
// too-long value. See TooLong().
|
||||
ErrorTypeTooLong ErrorType = "FieldValueTooLong"
|
||||
// ErrorTypeInternal is used to report other errors that are not related
|
||||
// to user input.
|
||||
// to user input. See InternalError().
|
||||
ErrorTypeInternal ErrorType = "InternalError"
|
||||
)
|
||||
|
||||
@ -119,32 +119,32 @@ func (t ErrorType) String() string {
|
||||
}
|
||||
}
|
||||
|
||||
// NewNotFoundError returns a *Error indicating "value not found". This is
|
||||
// NotFound returns a *Error indicating "value not found". This is
|
||||
// used to report failure to find a requested value (e.g. looking up an ID).
|
||||
func NotFound(field *Path, value interface{}) *Error {
|
||||
return &Error{ErrorTypeNotFound, field.String(), value, ""}
|
||||
}
|
||||
|
||||
// NewRequiredError returns a *Error indicating "value required". This is used
|
||||
// Required returns a *Error indicating "value required". This is used
|
||||
// to report required values that are not provided (e.g. empty strings, null
|
||||
// values, or empty arrays).
|
||||
func Required(field *Path) *Error {
|
||||
return &Error{ErrorTypeRequired, field.String(), "", ""}
|
||||
func Required(field *Path, detail string) *Error {
|
||||
return &Error{ErrorTypeRequired, field.String(), "", detail}
|
||||
}
|
||||
|
||||
// NewDuplicateError returns a *Error indicating "duplicate value". This is
|
||||
// Duplicate returns a *Error indicating "duplicate value". This is
|
||||
// used to report collisions of values that must be unique (e.g. names or IDs).
|
||||
func Duplicate(field *Path, value interface{}) *Error {
|
||||
return &Error{ErrorTypeDuplicate, field.String(), value, ""}
|
||||
}
|
||||
|
||||
// NewInvalidError returns a *Error indicating "invalid value". This is used
|
||||
// Invalid returns a *Error indicating "invalid value". This is used
|
||||
// to report malformed values (e.g. failed regex match, too long, out of bounds).
|
||||
func Invalid(field *Path, value interface{}, detail string) *Error {
|
||||
return &Error{ErrorTypeInvalid, field.String(), value, detail}
|
||||
}
|
||||
|
||||
// NewNotSupportedError returns a *Error indicating "unsupported value".
|
||||
// NotSupported returns a *Error indicating "unsupported value".
|
||||
// This is used to report unknown values for enumerated fields (e.g. a list of
|
||||
// valid values).
|
||||
func NotSupported(field *Path, value interface{}, validValues []string) *Error {
|
||||
@ -155,23 +155,23 @@ func NotSupported(field *Path, value interface{}, validValues []string) *Error {
|
||||
return &Error{ErrorTypeNotSupported, field.String(), value, detail}
|
||||
}
|
||||
|
||||
// NewForbiddenError returns a *Error indicating "forbidden". This is used to
|
||||
// Forbidden returns a *Error indicating "forbidden". This is used to
|
||||
// report valid (as per formatting rules) values which would be accepted under
|
||||
// some conditions, but which are not permitted by current conditions (e.g.
|
||||
// security policy).
|
||||
func Forbidden(field *Path, value interface{}) *Error {
|
||||
return &Error{ErrorTypeForbidden, field.String(), value, ""}
|
||||
func Forbidden(field *Path, detail string) *Error {
|
||||
return &Error{ErrorTypeForbidden, field.String(), "", detail}
|
||||
}
|
||||
|
||||
// NewTooLongError returns a *Error indicating "too long". This is used to
|
||||
// TooLong returns a *Error indicating "too long". This is used to
|
||||
// report that the given value is too long. This is similar to
|
||||
// NewInvalidError, but the returned error will not include the too-long
|
||||
// Invalid, but the returned error will not include the too-long
|
||||
// value.
|
||||
func TooLong(field *Path, value interface{}, maxLength int) *Error {
|
||||
return &Error{ErrorTypeTooLong, field.String(), value, fmt.Sprintf("must have at most %d characters", maxLength)}
|
||||
}
|
||||
|
||||
// NewInternalError returns a *Error indicating "internal error". This is used
|
||||
// InternalError returns a *Error indicating "internal error". This is used
|
||||
// to signal that an error was found that was not directly related to user
|
||||
// input. The err argument must be non-nil.
|
||||
func InternalError(field *Path, err error) *Error {
|
||||
|
||||
@ -44,7 +44,7 @@ func TestMakeFuncs(t *testing.T) {
|
||||
ErrorTypeNotFound,
|
||||
},
|
||||
{
|
||||
func() *Error { return Required(NewPath("f")) },
|
||||
func() *Error { return Required(NewPath("f"), "d") },
|
||||
ErrorTypeRequired,
|
||||
},
|
||||
{
|
||||
|
||||
Loading…
Reference in New Issue
Block a user