Clean up and document validation strings
Also add a detail string for Required and Forbidden. Fix tests.
This commit is contained in:
Tim Hockin
@@ -42,7 +42,7 @@ import (
|
||||
// fields by default.
|
||||
var RepairMalformedUpdates bool = true
|
||||
|
||||
const isNegativeErrorMsg string = `must be non-negative`
|
||||
const isNegativeErrorMsg string = `must be greater than or equal to 0`
|
||||
const fieldImmutableErrorMsg string = `field is immutable`
|
||||
const cIdentifierErrorMsg string = `must be a C identifier (matching regex ` + validation.CIdentifierFmt + `): e.g. "my_name" or "MyName"`
|
||||
const isNotIntegerErrorMsg string = `must be an integer`
|
||||
@@ -259,26 +259,24 @@ func ValidateObjectMeta(meta *api.ObjectMeta, requiresNamespace bool, nameFn Val
|
||||
// report it here. This may confuse users, but indicates a programming bug and still must be validated.
|
||||
// If there are multiple fields out of which one is required then add a or as a separator
|
||||
if len(meta.Name) == 0 {
|
||||
requiredErr := field.Required(fldPath.Child("name"))
|
||||
requiredErr.Detail = "name or generateName is required"
|
||||
allErrs = append(allErrs, requiredErr)
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("name"), "name or generateName is required"))
|
||||
} else {
|
||||
if ok, qualifier := nameFn(meta.Name, false); !ok {
|
||||
allErrs = append(allErrs, field.Invalid(fldPath.Child("name"), meta.Name, qualifier))
|
||||
}
|
||||
}
|
||||
allErrs = append(allErrs, ValidatePositiveField(meta.Generation, fldPath.Child("generation"))...)
|
||||
if requiresNamespace {
|
||||
if len(meta.Namespace) == 0 {
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("namespace")))
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("namespace"), ""))
|
||||
} else if ok, _ := ValidateNamespaceName(meta.Namespace, false); !ok {
|
||||
allErrs = append(allErrs, field.Invalid(fldPath.Child("namespace"), meta.Namespace, DNS1123LabelErrorMsg))
|
||||
}
|
||||
} else {
|
||||
if len(meta.Namespace) != 0 {
|
||||
allErrs = append(allErrs, field.Invalid(fldPath.Child("namespace"), meta.Namespace, "not allowed on this type"))
|
||||
allErrs = append(allErrs, field.Forbidden(fldPath, "not allowed on this type"))
|
||||
}
|
||||
}
|
||||
allErrs = append(allErrs, ValidatePositiveField(meta.Generation, fldPath.Child("generation"))...)
|
||||
allErrs = append(allErrs, ValidateLabels(meta.Labels, fldPath.Child("labels"))...)
|
||||
allErrs = append(allErrs, ValidateAnnotations(meta.Annotations, fldPath.Child("annotations"))...)
|
||||
|
||||
@@ -343,7 +341,7 @@ func validateVolumes(volumes []api.Volume, fldPath *field.Path) (sets.String, fi
|
||||
idxPath := fldPath.Index(i)
|
||||
el := validateVolumeSource(&vol.VolumeSource, idxPath)
|
||||
if len(vol.Name) == 0 {
|
||||
el = append(el, field.Required(idxPath.Child("name")))
|
||||
el = append(el, field.Required(idxPath.Child("name"), ""))
|
||||
} else if !validation.IsDNS1123Label(vol.Name) {
|
||||
el = append(el, field.Invalid(idxPath.Child("name"), vol.Name, DNS1123LabelErrorMsg))
|
||||
} else if allNames.Has(vol.Name) {
|
||||
@@ -426,8 +424,10 @@ func validateVolumeSource(source *api.VolumeSource, fldPath *field.Path) field.E
|
||||
numVolumes++
|
||||
allErrs = append(allErrs, validateFCVolumeSource(source.FC, fldPath.Child("fc"))...)
|
||||
}
|
||||
if numVolumes != 1 {
|
||||
allErrs = append(allErrs, field.Invalid(fldPath, source, "exactly 1 volume type is required"))
|
||||
if numVolumes == 0 {
|
||||
allErrs = append(allErrs, field.Required(fldPath, "must specify a volume type"))
|
||||
} else if numVolumes > 1 {
|
||||
allErrs = append(allErrs, field.Invalid(fldPath, source, "may not specify more than 1 volume type"))
|
||||
}
|
||||
|
||||
return allErrs
|
||||
@@ -436,7 +436,7 @@ func validateVolumeSource(source *api.VolumeSource, fldPath *field.Path) field.E
|
||||
func validateHostPathVolumeSource(hostPath *api.HostPathVolumeSource, fldPath *field.Path) field.ErrorList {
|
||||
allErrs := field.ErrorList{}
|
||||
if len(hostPath.Path) == 0 {
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("path")))
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("path"), ""))
|
||||
}
|
||||
return allErrs
|
||||
}
|
||||
@@ -444,7 +444,7 @@ func validateHostPathVolumeSource(hostPath *api.HostPathVolumeSource, fldPath *f
|
||||
func validateGitRepoVolumeSource(gitRepo *api.GitRepoVolumeSource, fldPath *field.Path) field.ErrorList {
|
||||
allErrs := field.ErrorList{}
|
||||
if len(gitRepo.Repository) == 0 {
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("repository")))
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("repository"), ""))
|
||||
}
|
||||
|
||||
pathErrs := validateVolumeSourcePath(gitRepo.Directory, fldPath.Child("directory"))
|
||||
@@ -455,13 +455,13 @@ func validateGitRepoVolumeSource(gitRepo *api.GitRepoVolumeSource, fldPath *fiel
|
||||
func validateISCSIVolumeSource(iscsi *api.ISCSIVolumeSource, fldPath *field.Path) field.ErrorList {
|
||||
allErrs := field.ErrorList{}
|
||||
if len(iscsi.TargetPortal) == 0 {
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("targetPortal")))
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("targetPortal"), ""))
|
||||
}
|
||||
if len(iscsi.IQN) == 0 {
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("iqn")))
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("iqn"), ""))
|
||||
}
|
||||
if len(iscsi.FSType) == 0 {
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("fsType")))
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("fsType"), ""))
|
||||
}
|
||||
if iscsi.Lun < 0 || iscsi.Lun > 255 {
|
||||
allErrs = append(allErrs, field.Invalid(fldPath.Child("lun"), iscsi.Lun, InclusiveRangeErrorMsg(0, 255)))
|
||||
@@ -472,15 +472,15 @@ func validateISCSIVolumeSource(iscsi *api.ISCSIVolumeSource, fldPath *field.Path
|
||||
func validateFCVolumeSource(fc *api.FCVolumeSource, fldPath *field.Path) field.ErrorList {
|
||||
allErrs := field.ErrorList{}
|
||||
if len(fc.TargetWWNs) < 1 {
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("targetWWNs")))
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("targetWWNs"), ""))
|
||||
}
|
||||
|
||||
if len(fc.FSType) == 0 {
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("fsType")))
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("fsType"), ""))
|
||||
}
|
||||
|
||||
if fc.Lun == nil {
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("lun")))
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("lun"), ""))
|
||||
} else {
|
||||
if *fc.Lun < 0 || *fc.Lun > 255 {
|
||||
allErrs = append(allErrs, field.Invalid(fldPath.Child("lun"), fc.Lun, InclusiveRangeErrorMsg(0, 255)))
|
||||
@@ -492,10 +492,10 @@ func validateFCVolumeSource(fc *api.FCVolumeSource, fldPath *field.Path) field.E
|
||||
func validateGCEPersistentDiskVolumeSource(pd *api.GCEPersistentDiskVolumeSource, fldPath *field.Path) field.ErrorList {
|
||||
allErrs := field.ErrorList{}
|
||||
if len(pd.PDName) == 0 {
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("pdName")))
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("pdName"), ""))
|
||||
}
|
||||
if len(pd.FSType) == 0 {
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("fsType")))
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("fsType"), ""))
|
||||
}
|
||||
if pd.Partition < 0 || pd.Partition > 255 {
|
||||
allErrs = append(allErrs, field.Invalid(fldPath.Child("partition"), pd.Partition, pdPartitionErrorMsg))
|
||||
@@ -506,10 +506,10 @@ func validateGCEPersistentDiskVolumeSource(pd *api.GCEPersistentDiskVolumeSource
|
||||
func validateAWSElasticBlockStoreVolumeSource(PD *api.AWSElasticBlockStoreVolumeSource, fldPath *field.Path) field.ErrorList {
|
||||
allErrs := field.ErrorList{}
|
||||
if len(PD.VolumeID) == 0 {
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("volumeID")))
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("volumeID"), ""))
|
||||
}
|
||||
if len(PD.FSType) == 0 {
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("fsType")))
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("fsType"), ""))
|
||||
}
|
||||
if PD.Partition < 0 || PD.Partition > 255 {
|
||||
allErrs = append(allErrs, field.Invalid(fldPath.Child("partition"), PD.Partition, pdPartitionErrorMsg))
|
||||
@@ -520,7 +520,7 @@ func validateAWSElasticBlockStoreVolumeSource(PD *api.AWSElasticBlockStoreVolume
|
||||
func validateSecretVolumeSource(secretSource *api.SecretVolumeSource, fldPath *field.Path) field.ErrorList {
|
||||
allErrs := field.ErrorList{}
|
||||
if len(secretSource.SecretName) == 0 {
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("secretName")))
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("secretName"), ""))
|
||||
}
|
||||
return allErrs
|
||||
}
|
||||
@@ -528,7 +528,7 @@ func validateSecretVolumeSource(secretSource *api.SecretVolumeSource, fldPath *f
|
||||
func validatePersistentClaimVolumeSource(claim *api.PersistentVolumeClaimVolumeSource, fldPath *field.Path) field.ErrorList {
|
||||
allErrs := field.ErrorList{}
|
||||
if len(claim.ClaimName) == 0 {
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("claimName")))
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("claimName"), ""))
|
||||
}
|
||||
return allErrs
|
||||
}
|
||||
@@ -536,10 +536,10 @@ func validatePersistentClaimVolumeSource(claim *api.PersistentVolumeClaimVolumeS
|
||||
func validateNFSVolumeSource(nfs *api.NFSVolumeSource, fldPath *field.Path) field.ErrorList {
|
||||
allErrs := field.ErrorList{}
|
||||
if len(nfs.Server) == 0 {
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("server")))
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("server"), ""))
|
||||
}
|
||||
if len(nfs.Path) == 0 {
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("path")))
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("path"), ""))
|
||||
}
|
||||
if !path.IsAbs(nfs.Path) {
|
||||
allErrs = append(allErrs, field.Invalid(fldPath.Child("path"), nfs.Path, "must be an absolute path"))
|
||||
@@ -550,10 +550,10 @@ func validateNFSVolumeSource(nfs *api.NFSVolumeSource, fldPath *field.Path) fiel
|
||||
func validateGlusterfs(glusterfs *api.GlusterfsVolumeSource, fldPath *field.Path) field.ErrorList {
|
||||
allErrs := field.ErrorList{}
|
||||
if len(glusterfs.EndpointsName) == 0 {
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("endpoints")))
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("endpoints"), ""))
|
||||
}
|
||||
if len(glusterfs.Path) == 0 {
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("path")))
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("path"), ""))
|
||||
}
|
||||
return allErrs
|
||||
}
|
||||
@@ -561,7 +561,7 @@ func validateGlusterfs(glusterfs *api.GlusterfsVolumeSource, fldPath *field.Path
|
||||
func validateFlockerVolumeSource(flocker *api.FlockerVolumeSource, fldPath *field.Path) field.ErrorList {
|
||||
allErrs := field.ErrorList{}
|
||||
if len(flocker.DatasetName) == 0 {
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("datasetName")))
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("datasetName"), ""))
|
||||
}
|
||||
if strings.Contains(flocker.DatasetName, "/") {
|
||||
allErrs = append(allErrs, field.Invalid(fldPath.Child("datasetName"), flocker.DatasetName, "must not contain '/'"))
|
||||
@@ -575,7 +575,7 @@ func validateDownwardAPIVolumeSource(downwardAPIVolume *api.DownwardAPIVolumeSou
|
||||
allErrs := field.ErrorList{}
|
||||
for _, downwardAPIVolumeFile := range downwardAPIVolume.Items {
|
||||
if len(downwardAPIVolumeFile.Path) == 0 {
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("path")))
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("path"), ""))
|
||||
}
|
||||
allErrs = append(allErrs, validateVolumeSourcePath(downwardAPIVolumeFile.Path, fldPath.Child("path"))...)
|
||||
allErrs = append(allErrs, validateObjectFieldSelector(&downwardAPIVolumeFile.FieldRef, &validDownwardAPIFieldPathExpressions, fldPath.Child("fieldRef"))...)
|
||||
@@ -590,7 +590,7 @@ func validateDownwardAPIVolumeSource(downwardAPIVolume *api.DownwardAPIVolumeSou
|
||||
func validateVolumeSourcePath(targetPath string, fldPath *field.Path) field.ErrorList {
|
||||
allErrs := field.ErrorList{}
|
||||
if path.IsAbs(targetPath) {
|
||||
allErrs = append(allErrs, field.Forbidden(fldPath, "must not be an absolute path"))
|
||||
allErrs = append(allErrs, field.Invalid(fldPath, targetPath, "must be a relative path"))
|
||||
}
|
||||
// TODO assume OS of api server & nodes are the same for now
|
||||
items := strings.Split(targetPath, string(os.PathSeparator))
|
||||
@@ -609,13 +609,13 @@ func validateVolumeSourcePath(targetPath string, fldPath *field.Path) field.Erro
|
||||
func validateRBDVolumeSource(rbd *api.RBDVolumeSource, fldPath *field.Path) field.ErrorList {
|
||||
allErrs := field.ErrorList{}
|
||||
if len(rbd.CephMonitors) == 0 {
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("monitors")))
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("monitors"), ""))
|
||||
}
|
||||
if len(rbd.RBDImage) == 0 {
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("image")))
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("image"), ""))
|
||||
}
|
||||
if len(rbd.FSType) == 0 {
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("fsType")))
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("fsType"), ""))
|
||||
}
|
||||
return allErrs
|
||||
}
|
||||
@@ -623,10 +623,10 @@ func validateRBDVolumeSource(rbd *api.RBDVolumeSource, fldPath *field.Path) fiel
|
||||
func validateCinderVolumeSource(cd *api.CinderVolumeSource, fldPath *field.Path) field.ErrorList {
|
||||
allErrs := field.ErrorList{}
|
||||
if len(cd.VolumeID) == 0 {
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("volumeID")))
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("volumeID"), ""))
|
||||
}
|
||||
if len(cd.FSType) == 0 || (cd.FSType != "ext3" && cd.FSType != "ext4") {
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("fsType")))
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("fsType"), ""))
|
||||
}
|
||||
return allErrs
|
||||
}
|
||||
@@ -634,7 +634,7 @@ func validateCinderVolumeSource(cd *api.CinderVolumeSource, fldPath *field.Path)
|
||||
func validateCephFSVolumeSource(cephfs *api.CephFSVolumeSource, fldPath *field.Path) field.ErrorList {
|
||||
allErrs := field.ErrorList{}
|
||||
if len(cephfs.Monitors) == 0 {
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("monitors")))
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("monitors"), ""))
|
||||
}
|
||||
return allErrs
|
||||
}
|
||||
@@ -650,7 +650,7 @@ func ValidatePersistentVolume(pv *api.PersistentVolume) field.ErrorList {
|
||||
|
||||
specPath := field.NewPath("spec")
|
||||
if len(pv.Spec.AccessModes) == 0 {
|
||||
allErrs = append(allErrs, field.Required(specPath.Child("accessModes")))
|
||||
allErrs = append(allErrs, field.Required(specPath.Child("accessModes"), ""))
|
||||
}
|
||||
for _, mode := range pv.Spec.AccessModes {
|
||||
if !supportedAccessModes.Has(string(mode)) {
|
||||
@@ -659,7 +659,7 @@ func ValidatePersistentVolume(pv *api.PersistentVolume) field.ErrorList {
|
||||
}
|
||||
|
||||
if len(pv.Spec.Capacity) == 0 {
|
||||
allErrs = append(allErrs, field.Required(specPath.Child("capacity")))
|
||||
allErrs = append(allErrs, field.Required(specPath.Child("capacity"), ""))
|
||||
}
|
||||
|
||||
if _, ok := pv.Spec.Capacity[api.ResourceStorage]; !ok || len(pv.Spec.Capacity) > 1 {
|
||||
@@ -715,8 +715,10 @@ func ValidatePersistentVolume(pv *api.PersistentVolume) field.ErrorList {
|
||||
numVolumes++
|
||||
allErrs = append(allErrs, validateFCVolumeSource(pv.Spec.FC, specPath.Child("fc"))...)
|
||||
}
|
||||
if numVolumes != 1 {
|
||||
allErrs = append(allErrs, field.Invalid(specPath, pv.Spec.PersistentVolumeSource, "exactly 1 volume type is required"))
|
||||
if numVolumes == 0 {
|
||||
allErrs = append(allErrs, field.Required(specPath, "must specify a volume type"))
|
||||
} else if numVolumes > 1 {
|
||||
allErrs = append(allErrs, field.Invalid(specPath, pv.Spec.PersistentVolumeSource, "may not specify more than 1 volume type"))
|
||||
}
|
||||
return allErrs
|
||||
}
|
||||
@@ -735,7 +737,7 @@ func ValidatePersistentVolumeUpdate(newPv, oldPv *api.PersistentVolume) field.Er
|
||||
func ValidatePersistentVolumeStatusUpdate(newPv, oldPv *api.PersistentVolume) field.ErrorList {
|
||||
allErrs := ValidateObjectMetaUpdate(&newPv.ObjectMeta, &oldPv.ObjectMeta, field.NewPath("metadata"))
|
||||
if len(newPv.ResourceVersion) == 0 {
|
||||
allErrs = append(allErrs, field.Required(field.NewPath("resourceVersion")))
|
||||
allErrs = append(allErrs, field.Required(field.NewPath("resourceVersion"), ""))
|
||||
}
|
||||
newPv.Spec = oldPv.Spec
|
||||
return allErrs
|
||||
@@ -745,7 +747,7 @@ func ValidatePersistentVolumeClaim(pvc *api.PersistentVolumeClaim) field.ErrorLi
|
||||
allErrs := ValidateObjectMeta(&pvc.ObjectMeta, true, ValidatePersistentVolumeName, field.NewPath("metadata"))
|
||||
specPath := field.NewPath("spec")
|
||||
if len(pvc.Spec.AccessModes) == 0 {
|
||||
allErrs = append(allErrs, field.Invalid(specPath.Child("accessModes"), pvc.Spec.AccessModes, "at least 1 accessMode is required"))
|
||||
allErrs = append(allErrs, field.Required(specPath.Child("accessModes"), "at least 1 accessMode is required"))
|
||||
}
|
||||
for _, mode := range pvc.Spec.AccessModes {
|
||||
if mode != api.ReadWriteOnce && mode != api.ReadOnlyMany && mode != api.ReadWriteMany {
|
||||
@@ -753,7 +755,7 @@ func ValidatePersistentVolumeClaim(pvc *api.PersistentVolumeClaim) field.ErrorLi
|
||||
}
|
||||
}
|
||||
if _, ok := pvc.Spec.Resources.Requests[api.ResourceStorage]; !ok {
|
||||
allErrs = append(allErrs, field.Required(specPath.Child("resources").Key(string(api.ResourceStorage))))
|
||||
allErrs = append(allErrs, field.Required(specPath.Child("resources").Key(string(api.ResourceStorage)), ""))
|
||||
}
|
||||
return allErrs
|
||||
}
|
||||
@@ -768,10 +770,10 @@ func ValidatePersistentVolumeClaimUpdate(newPvc, oldPvc *api.PersistentVolumeCla
|
||||
func ValidatePersistentVolumeClaimStatusUpdate(newPvc, oldPvc *api.PersistentVolumeClaim) field.ErrorList {
|
||||
allErrs := ValidateObjectMetaUpdate(&newPvc.ObjectMeta, &oldPvc.ObjectMeta, field.NewPath("metadata"))
|
||||
if len(newPvc.ResourceVersion) == 0 {
|
||||
allErrs = append(allErrs, field.Required(field.NewPath("resourceVersion")))
|
||||
allErrs = append(allErrs, field.Required(field.NewPath("resourceVersion"), ""))
|
||||
}
|
||||
if len(newPvc.Spec.AccessModes) == 0 {
|
||||
allErrs = append(allErrs, field.Required(field.NewPath("Spec", "accessModes")))
|
||||
allErrs = append(allErrs, field.Required(field.NewPath("Spec", "accessModes"), ""))
|
||||
}
|
||||
capPath := field.NewPath("status", "capacity")
|
||||
for r, qty := range newPvc.Status.Capacity {
|
||||
@@ -807,7 +809,7 @@ func validateContainerPorts(ports []api.ContainerPort, fldPath *field.Path) fiel
|
||||
allErrs = append(allErrs, field.Invalid(idxPath.Child("hostPort"), port.HostPort, PortRangeErrorMsg))
|
||||
}
|
||||
if len(port.Protocol) == 0 {
|
||||
allErrs = append(allErrs, field.Required(idxPath.Child("protocol")))
|
||||
allErrs = append(allErrs, field.Required(idxPath.Child("protocol"), ""))
|
||||
} else if !supportedPortProtocols.Has(string(port.Protocol)) {
|
||||
allErrs = append(allErrs, field.NotSupported(idxPath.Child("protocol"), port.Protocol, supportedPortProtocols.List()))
|
||||
}
|
||||
@@ -821,7 +823,7 @@ func validateEnv(vars []api.EnvVar, fldPath *field.Path) field.ErrorList {
|
||||
for i, ev := range vars {
|
||||
idxPath := fldPath.Index(i)
|
||||
if len(ev.Name) == 0 {
|
||||
allErrs = append(allErrs, field.Required(idxPath.Child("name")))
|
||||
allErrs = append(allErrs, field.Required(idxPath.Child("name"), ""))
|
||||
} else if !validation.IsCIdentifier(ev.Name) {
|
||||
allErrs = append(allErrs, field.Invalid(idxPath.Child("name"), ev.Name, cIdentifierErrorMsg))
|
||||
}
|
||||
@@ -848,7 +850,7 @@ func validateEnvVarValueFrom(ev api.EnvVar, fldPath *field.Path) field.ErrorList
|
||||
}
|
||||
|
||||
if len(ev.Value) != 0 && numSources != 0 {
|
||||
allErrs = append(allErrs, field.Invalid(fldPath, "", "sources cannot be specified when value is not empty"))
|
||||
allErrs = append(allErrs, field.Invalid(fldPath, "", "may not be specified when `value` is not empty"))
|
||||
}
|
||||
|
||||
return allErrs
|
||||
@@ -858,9 +860,9 @@ func validateObjectFieldSelector(fs *api.ObjectFieldSelector, expressions *sets.
|
||||
allErrs := field.ErrorList{}
|
||||
|
||||
if len(fs.APIVersion) == 0 {
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("apiVersion")))
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("apiVersion"), ""))
|
||||
} else if len(fs.FieldPath) == 0 {
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("fieldPath")))
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("fieldPath"), ""))
|
||||
} else {
|
||||
internalFieldPath, _, err := api.Scheme.ConvertFieldLabel(fs.APIVersion, "Pod", fs.FieldPath, "")
|
||||
if err != nil {
|
||||
@@ -879,12 +881,12 @@ func validateVolumeMounts(mounts []api.VolumeMount, volumes sets.String, fldPath
|
||||
for i, mnt := range mounts {
|
||||
idxPath := fldPath.Index(i)
|
||||
if len(mnt.Name) == 0 {
|
||||
allErrs = append(allErrs, field.Required(idxPath.Child("name")))
|
||||
allErrs = append(allErrs, field.Required(idxPath.Child("name"), ""))
|
||||
} else if !volumes.Has(mnt.Name) {
|
||||
allErrs = append(allErrs, field.NotFound(idxPath.Child("name"), mnt.Name))
|
||||
}
|
||||
if len(mnt.MountPath) == 0 {
|
||||
allErrs = append(allErrs, field.Required(idxPath.Child("mountPath")))
|
||||
allErrs = append(allErrs, field.Required(idxPath.Child("mountPath"), ""))
|
||||
}
|
||||
}
|
||||
return allErrs
|
||||
@@ -941,7 +943,7 @@ func checkHostPortConflicts(containers []api.Container, fldPath *field.Path) fie
|
||||
func validateExecAction(exec *api.ExecAction, fldPath *field.Path) field.ErrorList {
|
||||
allErrors := field.ErrorList{}
|
||||
if len(exec.Command) == 0 {
|
||||
allErrors = append(allErrors, field.Required(fldPath.Child("command")))
|
||||
allErrors = append(allErrors, field.Required(fldPath.Child("command"), ""))
|
||||
}
|
||||
return allErrors
|
||||
}
|
||||
@@ -949,7 +951,7 @@ func validateExecAction(exec *api.ExecAction, fldPath *field.Path) field.ErrorLi
|
||||
func validateHTTPGetAction(http *api.HTTPGetAction, fldPath *field.Path) field.ErrorList {
|
||||
allErrors := field.ErrorList{}
|
||||
if len(http.Path) == 0 {
|
||||
allErrors = append(allErrors, field.Required(fldPath.Child("path")))
|
||||
allErrors = append(allErrors, field.Required(fldPath.Child("path"), ""))
|
||||
}
|
||||
if http.Port.Type == intstr.Int && !validation.IsValidPortNum(http.Port.IntValue()) {
|
||||
allErrors = append(allErrors, field.Invalid(fldPath.Child("port"), http.Port, PortRangeErrorMsg))
|
||||
@@ -988,8 +990,10 @@ func validateHandler(handler *api.Handler, fldPath *field.Path) field.ErrorList
|
||||
numHandlers++
|
||||
allErrors = append(allErrors, validateTCPSocketAction(handler.TCPSocket, fldPath.Child("tcpSocket"))...)
|
||||
}
|
||||
if numHandlers != 1 {
|
||||
allErrors = append(allErrors, field.Invalid(fldPath, handler, "exactly 1 handler type is required"))
|
||||
if numHandlers == 0 {
|
||||
allErrors = append(allErrors, field.Required(fldPath, "must specify a handler type"))
|
||||
} else if numHandlers > 1 {
|
||||
allErrors = append(allErrors, field.Invalid(fldPath, handler, "may not specify more than 1 handler type"))
|
||||
}
|
||||
return allErrors
|
||||
}
|
||||
@@ -1014,7 +1018,7 @@ func validatePullPolicy(policy api.PullPolicy, fldPath *field.Path) field.ErrorL
|
||||
case api.PullAlways, api.PullIfNotPresent, api.PullNever:
|
||||
break
|
||||
case "":
|
||||
allErrors = append(allErrors, field.Required(fldPath))
|
||||
allErrors = append(allErrors, field.Required(fldPath, ""))
|
||||
default:
|
||||
allErrors = append(allErrors, field.NotSupported(fldPath, policy, supportedPullPolicies.List()))
|
||||
}
|
||||
@@ -1026,14 +1030,14 @@ func validateContainers(containers []api.Container, volumes sets.String, fldPath
|
||||
allErrs := field.ErrorList{}
|
||||
|
||||
if len(containers) == 0 {
|
||||
return append(allErrs, field.Required(fldPath))
|
||||
return append(allErrs, field.Required(fldPath, ""))
|
||||
}
|
||||
|
||||
allNames := sets.String{}
|
||||
for i, ctr := range containers {
|
||||
idxPath := fldPath.Index(i)
|
||||
if len(ctr.Name) == 0 {
|
||||
allErrs = append(allErrs, field.Required(idxPath.Child("name")))
|
||||
allErrs = append(allErrs, field.Required(idxPath.Child("name"), ""))
|
||||
} else if !validation.IsDNS1123Label(ctr.Name) {
|
||||
allErrs = append(allErrs, field.Invalid(idxPath.Child("name"), ctr.Name, DNS1123LabelErrorMsg))
|
||||
} else if allNames.Has(ctr.Name) {
|
||||
@@ -1042,7 +1046,7 @@ func validateContainers(containers []api.Container, volumes sets.String, fldPath
|
||||
allNames.Insert(ctr.Name)
|
||||
}
|
||||
if len(ctr.Image) == 0 {
|
||||
allErrs = append(allErrs, field.Required(idxPath.Child("image")))
|
||||
allErrs = append(allErrs, field.Required(idxPath.Child("image"), ""))
|
||||
}
|
||||
if ctr.Lifecycle != nil {
|
||||
allErrs = append(allErrs, validateLifecycle(ctr.Lifecycle, idxPath.Child("lifecycle"))...)
|
||||
@@ -1050,7 +1054,7 @@ func validateContainers(containers []api.Container, volumes sets.String, fldPath
|
||||
allErrs = append(allErrs, validateProbe(ctr.LivenessProbe, idxPath.Child("livenessProbe"))...)
|
||||
// Liveness-specific validation
|
||||
if ctr.LivenessProbe != nil && ctr.LivenessProbe.SuccessThreshold != 1 {
|
||||
allErrs = append(allErrs, field.Forbidden(idxPath.Child("livenessProbe", "successThreshold"), "must be 1"))
|
||||
allErrs = append(allErrs, field.Invalid(idxPath.Child("livenessProbe", "successThreshold"), ctr.LivenessProbe.SuccessThreshold, "must be 1"))
|
||||
}
|
||||
|
||||
allErrs = append(allErrs, validateProbe(ctr.ReadinessProbe, idxPath.Child("readinessProbe"))...)
|
||||
@@ -1073,7 +1077,7 @@ func validateRestartPolicy(restartPolicy *api.RestartPolicy, fldPath *field.Path
|
||||
case api.RestartPolicyAlways, api.RestartPolicyOnFailure, api.RestartPolicyNever:
|
||||
break
|
||||
case "":
|
||||
allErrors = append(allErrors, field.Required(fldPath))
|
||||
allErrors = append(allErrors, field.Required(fldPath, ""))
|
||||
default:
|
||||
validValues := []string{string(api.RestartPolicyAlways), string(api.RestartPolicyOnFailure), string(api.RestartPolicyNever)}
|
||||
allErrors = append(allErrors, field.NotSupported(fldPath, *restartPolicy, validValues))
|
||||
@@ -1088,7 +1092,7 @@ func validateDNSPolicy(dnsPolicy *api.DNSPolicy, fldPath *field.Path) field.Erro
|
||||
case api.DNSClusterFirst, api.DNSDefault:
|
||||
break
|
||||
case "":
|
||||
allErrors = append(allErrors, field.Required(fldPath))
|
||||
allErrors = append(allErrors, field.Required(fldPath, ""))
|
||||
default:
|
||||
validValues := []string{string(api.DNSClusterFirst), string(api.DNSDefault)}
|
||||
allErrors = append(allErrors, field.NotSupported(fldPath, dnsPolicy, validValues))
|
||||
@@ -1104,7 +1108,7 @@ func validateHostNetwork(hostNetwork bool, containers []api.Container, fldPath *
|
||||
for i, port := range container.Ports {
|
||||
idxPath := portsPath.Index(i)
|
||||
if port.HostPort != port.ContainerPort {
|
||||
allErrors = append(allErrors, field.Invalid(idxPath.Child("containerPort"), port.ContainerPort, "must match hostPort when hostNetwork is set to true"))
|
||||
allErrors = append(allErrors, field.Invalid(idxPath.Child("containerPort"), port.ContainerPort, "must match `hostPort` when `hostNetwork` is true"))
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -1189,7 +1193,7 @@ func ValidatePodUpdate(newPod, oldPod *api.Pod) field.ErrorList {
|
||||
specPath := field.NewPath("spec")
|
||||
if len(newPod.Spec.Containers) != len(oldPod.Spec.Containers) {
|
||||
//TODO: Pinpoint the specific container that causes the invalid error after we have strategic merge diff
|
||||
allErrs = append(allErrs, field.Invalid(specPath.Child("containers"), "contents not printed here, please refer to the \"details\"", "may not add or remove containers"))
|
||||
allErrs = append(allErrs, field.Forbidden(specPath.Child("containers"), "pod updates may not add or remove containers"))
|
||||
return allErrs
|
||||
}
|
||||
pod := *newPod
|
||||
@@ -1202,7 +1206,7 @@ func ValidatePodUpdate(newPod, oldPod *api.Pod) field.ErrorList {
|
||||
pod.Spec.Containers = newContainers
|
||||
if !api.Semantic.DeepEqual(pod.Spec, oldPod.Spec) {
|
||||
//TODO: Pinpoint the specific field that causes the invalid error after we have strategic merge diff
|
||||
allErrs = append(allErrs, field.Invalid(specPath, "contents not printed here, please refer to the \"details\"", "may not update fields other than container.image"))
|
||||
allErrs = append(allErrs, field.Forbidden(specPath, "pod updates may not change fields other than `containers[*].image`"))
|
||||
}
|
||||
|
||||
newPod.Status = oldPod.Status
|
||||
@@ -1216,7 +1220,7 @@ func ValidatePodStatusUpdate(newPod, oldPod *api.Pod) field.ErrorList {
|
||||
|
||||
// TODO: allow change when bindings are properly decoupled from pods
|
||||
if newPod.Spec.NodeName != oldPod.Spec.NodeName {
|
||||
allErrs = append(allErrs, field.Invalid(field.NewPath("status", "nodeName"), newPod.Spec.NodeName, "cannot be changed directly"))
|
||||
allErrs = append(allErrs, field.Forbidden(field.NewPath("status", "nodeName"), "may not be changed directly"))
|
||||
}
|
||||
|
||||
// For status update we ignore changes to pod spec.
|
||||
@@ -1235,7 +1239,7 @@ func ValidatePodBinding(binding *api.Binding) field.ErrorList {
|
||||
}
|
||||
if len(binding.Target.Name) == 0 {
|
||||
// TODO: When validation becomes versioned, this gets more complicated.
|
||||
allErrs = append(allErrs, field.Required(field.NewPath("target", "name")))
|
||||
allErrs = append(allErrs, field.Required(field.NewPath("target", "name"), ""))
|
||||
}
|
||||
|
||||
return allErrs
|
||||
@@ -1266,14 +1270,17 @@ func ValidateService(service *api.Service) field.ErrorList {
|
||||
|
||||
specPath := field.NewPath("spec")
|
||||
if len(service.Spec.Ports) == 0 && service.Spec.ClusterIP != api.ClusterIPNone {
|
||||
allErrs = append(allErrs, field.Required(specPath.Child("ports")))
|
||||
allErrs = append(allErrs, field.Required(specPath.Child("ports"), ""))
|
||||
}
|
||||
if service.Spec.Type == api.ServiceTypeLoadBalancer {
|
||||
for ix := range service.Spec.Ports {
|
||||
port := &service.Spec.Ports[ix]
|
||||
// This is a workaround for broken cloud environments that
|
||||
// over-open firewalls. Hopefully it can go away when more clouds
|
||||
// understand containers better.
|
||||
if port.Port == 10250 {
|
||||
portPath := specPath.Child("ports").Index(ix)
|
||||
allErrs = append(allErrs, field.Invalid(portPath, port.Port, "can not expose port 10250 externally since it is used by kubelet"))
|
||||
allErrs = append(allErrs, field.Invalid(portPath, port.Port, "may not expose port 10250 externally since it is used by kubelet"))
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -1291,7 +1298,7 @@ func ValidateService(service *api.Service) field.ErrorList {
|
||||
}
|
||||
|
||||
if len(service.Spec.SessionAffinity) == 0 {
|
||||
allErrs = append(allErrs, field.Required(specPath.Child("sessionAffinity")))
|
||||
allErrs = append(allErrs, field.Required(specPath.Child("sessionAffinity"), ""))
|
||||
} else if !supportedSessionAffinityType.Has(string(service.Spec.SessionAffinity)) {
|
||||
allErrs = append(allErrs, field.NotSupported(specPath.Child("sessionAffinity"), service.Spec.SessionAffinity, supportedSessionAffinityType.List()))
|
||||
}
|
||||
@@ -1306,13 +1313,13 @@ func ValidateService(service *api.Service) field.ErrorList {
|
||||
for i, ip := range service.Spec.ExternalIPs {
|
||||
idxPath := ipPath.Index(i)
|
||||
if ip == "0.0.0.0" {
|
||||
allErrs = append(allErrs, field.Invalid(idxPath, ip, "is not an IP address"))
|
||||
allErrs = append(allErrs, field.Invalid(idxPath, ip, "must be a valid IP address"))
|
||||
}
|
||||
allErrs = append(allErrs, validateIpIsNotLinkLocalOrLoopback(ip, idxPath)...)
|
||||
}
|
||||
|
||||
if len(service.Spec.Type) == 0 {
|
||||
allErrs = append(allErrs, field.Required(specPath.Child("type")))
|
||||
allErrs = append(allErrs, field.Required(specPath.Child("type"), ""))
|
||||
} else if !supportedServiceType.Has(string(service.Spec.Type)) {
|
||||
allErrs = append(allErrs, field.NotSupported(specPath.Child("type"), service.Spec.Type, supportedServiceType.List()))
|
||||
}
|
||||
@@ -1322,7 +1329,7 @@ func ValidateService(service *api.Service) field.ErrorList {
|
||||
for i := range service.Spec.Ports {
|
||||
portPath := portsPath.Index(i)
|
||||
if service.Spec.Ports[i].Protocol != api.ProtocolTCP {
|
||||
allErrs = append(allErrs, field.Invalid(portPath.Child("protocol"), service.Spec.Ports[i].Protocol, "cannot create an external load balancer with non-TCP ports"))
|
||||
allErrs = append(allErrs, field.Invalid(portPath.Child("protocol"), service.Spec.Ports[i].Protocol, "may not use protocols other than 'TCP' when `type` is 'LoadBalancer'"))
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -1332,7 +1339,7 @@ func ValidateService(service *api.Service) field.ErrorList {
|
||||
for i := range service.Spec.Ports {
|
||||
portPath := portsPath.Index(i)
|
||||
if service.Spec.Ports[i].NodePort != 0 {
|
||||
allErrs = append(allErrs, field.Invalid(portPath.Child("nodePort"), service.Spec.Ports[i].NodePort, "cannot specify a node port with services of type ClusterIP"))
|
||||
allErrs = append(allErrs, field.Invalid(portPath.Child("nodePort"), service.Spec.Ports[i].NodePort, "may not be used when `type` is 'ClusterIP'"))
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -1351,7 +1358,7 @@ func ValidateService(service *api.Service) field.ErrorList {
|
||||
key.NodePort = port.NodePort
|
||||
_, found := nodePorts[key]
|
||||
if found {
|
||||
allErrs = append(allErrs, field.Invalid(portPath.Child("nodePort"), port.NodePort, "duplicate nodePort specified"))
|
||||
allErrs = append(allErrs, field.Duplicate(portPath.Child("nodePort"), port.NodePort))
|
||||
}
|
||||
nodePorts[key] = true
|
||||
}
|
||||
@@ -1363,7 +1370,7 @@ func validateServicePort(sp *api.ServicePort, requireName, isHeadlessService boo
|
||||
allErrs := field.ErrorList{}
|
||||
|
||||
if requireName && len(sp.Name) == 0 {
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("name")))
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("name"), ""))
|
||||
} else if len(sp.Name) != 0 {
|
||||
if !validation.IsDNS1123Label(sp.Name) {
|
||||
allErrs = append(allErrs, field.Invalid(fldPath.Child("name"), sp.Name, DNS1123LabelErrorMsg))
|
||||
@@ -1379,7 +1386,7 @@ func validateServicePort(sp *api.ServicePort, requireName, isHeadlessService boo
|
||||
}
|
||||
|
||||
if len(sp.Protocol) == 0 {
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("protocol")))
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("protocol"), ""))
|
||||
} else if !supportedPortProtocols.Has(string(sp.Protocol)) {
|
||||
allErrs = append(allErrs, field.NotSupported(fldPath.Child("protocol"), sp.Protocol, supportedPortProtocols.List()))
|
||||
}
|
||||
@@ -1440,7 +1447,7 @@ func ValidateNonEmptySelector(selectorMap map[string]string, fldPath *field.Path
|
||||
allErrs := field.ErrorList{}
|
||||
selector := labels.Set(selectorMap).AsSelector()
|
||||
if selector.Empty() {
|
||||
allErrs = append(allErrs, field.Required(fldPath))
|
||||
allErrs = append(allErrs, field.Required(fldPath, ""))
|
||||
}
|
||||
return allErrs
|
||||
}
|
||||
@@ -1449,14 +1456,14 @@ func ValidateNonEmptySelector(selectorMap map[string]string, fldPath *field.Path
|
||||
func ValidatePodTemplateSpecForRC(template *api.PodTemplateSpec, selectorMap map[string]string, replicas int, fldPath *field.Path) field.ErrorList {
|
||||
allErrs := field.ErrorList{}
|
||||
if template == nil {
|
||||
allErrs = append(allErrs, field.Required(fldPath))
|
||||
allErrs = append(allErrs, field.Required(fldPath, ""))
|
||||
} else {
|
||||
selector := labels.Set(selectorMap).AsSelector()
|
||||
if !selector.Empty() {
|
||||
// Verify that the RC selector matches the labels in template.
|
||||
labels := labels.Set(template.Labels)
|
||||
if !selector.Matches(labels) {
|
||||
allErrs = append(allErrs, field.Invalid(fldPath.Child("metadata", "labels"), template.Labels, "selector does not match labels in "+fldPath.String()))
|
||||
allErrs = append(allErrs, field.Invalid(fldPath.Child("metadata", "labels"), template.Labels, "`selector` does not match template `labels`"))
|
||||
}
|
||||
}
|
||||
allErrs = append(allErrs, ValidatePodTemplateSpec(template, fldPath)...)
|
||||
@@ -1496,7 +1503,7 @@ func ValidateReadOnlyPersistentDisks(volumes []api.Volume, fldPath *field.Path)
|
||||
idxPath := fldPath.Index(i)
|
||||
if vol.GCEPersistentDisk != nil {
|
||||
if vol.GCEPersistentDisk.ReadOnly == false {
|
||||
allErrs = append(allErrs, field.Invalid(idxPath.Child("gcePersistentDisk", "readOnly"), false, "must be true for replicated pods > 1, as GCE PD can only be mounted on multiple machines if it is read-only."))
|
||||
allErrs = append(allErrs, field.Invalid(idxPath.Child("gcePersistentDisk", "readOnly"), false, "must be true for replicated pods > 1; GCE PD can only be mounted on multiple machines if it is read-only"))
|
||||
}
|
||||
}
|
||||
// TODO: What to do for AWS? It doesn't support replicas
|
||||
@@ -1512,7 +1519,7 @@ func ValidateNode(node *api.Node) field.ErrorList {
|
||||
|
||||
// external ID is required.
|
||||
if len(node.Spec.ExternalID) == 0 {
|
||||
allErrs = append(allErrs, field.Required(field.NewPath("spec", "externalID")))
|
||||
allErrs = append(allErrs, field.Required(field.NewPath("spec", "externalID"), ""))
|
||||
}
|
||||
|
||||
// TODO(rjnagal): Ignore PodCIDR till its completely implemented.
|
||||
@@ -1553,7 +1560,7 @@ func ValidateNodeUpdate(node, oldNode *api.Node) field.ErrorList {
|
||||
// TODO: Add a 'real' error type for this error and provide print actual diffs.
|
||||
if !api.Semantic.DeepEqual(oldNode, node) {
|
||||
glog.V(4).Infof("Update failed validation %#v vs %#v", oldNode, node)
|
||||
allErrs = append(allErrs, field.Forbidden(field.NewPath(""), "update contains more than labels or capacity changes"))
|
||||
allErrs = append(allErrs, field.Forbidden(field.NewPath(""), "node updates may only change labels or capacity"))
|
||||
}
|
||||
|
||||
return allErrs
|
||||
@@ -1564,12 +1571,12 @@ func ValidateNodeUpdate(node, oldNode *api.Node) field.ErrorList {
|
||||
func validateResourceName(value string, fldPath *field.Path) field.ErrorList {
|
||||
allErrs := field.ErrorList{}
|
||||
if !validation.IsQualifiedName(value) {
|
||||
return append(allErrs, field.Invalid(fldPath, value, "resource typename: "+qualifiedNameErrorMsg))
|
||||
return append(allErrs, field.Invalid(fldPath, value, qualifiedNameErrorMsg))
|
||||
}
|
||||
|
||||
if len(strings.Split(value, "/")) == 1 {
|
||||
if !api.IsStandardResourceName(value) {
|
||||
return append(allErrs, field.Invalid(fldPath, value, "is neither a standard resource type nor is fully qualified"))
|
||||
return append(allErrs, field.Invalid(fldPath, value, "must be a standard resource type or fully qualified"))
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1612,10 +1619,10 @@ func ValidateLimitRange(limitRange *api.LimitRange) field.ErrorList {
|
||||
|
||||
if limit.Type == api.LimitTypePod {
|
||||
if len(limit.Default) > 0 {
|
||||
allErrs = append(allErrs, field.Invalid(idxPath.Child("default"), limit.Default, "not supported when limit type is Pod"))
|
||||
allErrs = append(allErrs, field.Forbidden(idxPath.Child("default"), "may not be specified when `type` is 'Pod'"))
|
||||
}
|
||||
if len(limit.DefaultRequest) > 0 {
|
||||
allErrs = append(allErrs, field.Invalid(idxPath.Child("defaultRequest"), limit.DefaultRequest, "not supported when limit type is Pod"))
|
||||
allErrs = append(allErrs, field.Forbidden(idxPath.Child("defaultRequest"), "may not be specified when `type` is 'Pod'"))
|
||||
}
|
||||
} else {
|
||||
for k, q := range limit.Default {
|
||||
@@ -1733,14 +1740,14 @@ func ValidateSecret(secret *api.Secret) field.ErrorList {
|
||||
// Only require Annotations[kubernetes.io/service-account.name]
|
||||
// Additional fields (like Annotations[kubernetes.io/service-account.uid] and Data[token]) might be contributed later by a controller loop
|
||||
if value := secret.Annotations[api.ServiceAccountNameKey]; len(value) == 0 {
|
||||
allErrs = append(allErrs, field.Required(field.NewPath("metadata", "annotations").Key(api.ServiceAccountNameKey)))
|
||||
allErrs = append(allErrs, field.Required(field.NewPath("metadata", "annotations").Key(api.ServiceAccountNameKey), ""))
|
||||
}
|
||||
case api.SecretTypeOpaque, "":
|
||||
// no-op
|
||||
case api.SecretTypeDockercfg:
|
||||
dockercfgBytes, exists := secret.Data[api.DockerConfigKey]
|
||||
if !exists {
|
||||
allErrs = append(allErrs, field.Required(dataPath.Key(api.DockerConfigKey)))
|
||||
allErrs = append(allErrs, field.Required(dataPath.Key(api.DockerConfigKey), ""))
|
||||
break
|
||||
}
|
||||
|
||||
@@ -1800,7 +1807,7 @@ func ValidateResourceRequirements(requirements *api.ResourceRequirements, fldPat
|
||||
limitValue = quantity.MilliValue()
|
||||
}
|
||||
if limitValue < requestValue {
|
||||
allErrs = append(allErrs, field.Invalid(fldPath, quantity.String(), "cannot be smaller than request"))
|
||||
allErrs = append(allErrs, field.Invalid(fldPath, quantity.String(), "must be greater than or equal to request"))
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -1872,7 +1879,7 @@ func ValidateResourceQuotaUpdate(newResourceQuota, oldResourceQuota *api.Resourc
|
||||
func ValidateResourceQuotaStatusUpdate(newResourceQuota, oldResourceQuota *api.ResourceQuota) field.ErrorList {
|
||||
allErrs := ValidateObjectMetaUpdate(&newResourceQuota.ObjectMeta, &oldResourceQuota.ObjectMeta, field.NewPath("metadata"))
|
||||
if len(newResourceQuota.ResourceVersion) == 0 {
|
||||
allErrs = append(allErrs, field.Required(field.NewPath("resourceVersion")))
|
||||
allErrs = append(allErrs, field.Required(field.NewPath("resourceVersion"), ""))
|
||||
}
|
||||
fldPath := field.NewPath("status", "hard")
|
||||
for k, v := range newResourceQuota.Status.Hard {
|
||||
@@ -1931,11 +1938,11 @@ func ValidateNamespaceStatusUpdate(newNamespace, oldNamespace *api.Namespace) fi
|
||||
newNamespace.Spec = oldNamespace.Spec
|
||||
if newNamespace.DeletionTimestamp.IsZero() {
|
||||
if newNamespace.Status.Phase != api.NamespaceActive {
|
||||
allErrs = append(allErrs, field.Invalid(field.NewPath("status", "Phase"), newNamespace.Status.Phase, "may only be in active status if it does not have a deletion timestamp."))
|
||||
allErrs = append(allErrs, field.Invalid(field.NewPath("status", "Phase"), newNamespace.Status.Phase, "may only be 'Active' if `deletionTimestamp` is empty"))
|
||||
}
|
||||
} else {
|
||||
if newNamespace.Status.Phase != api.NamespaceTerminating {
|
||||
allErrs = append(allErrs, field.Invalid(field.NewPath("status", "Phase"), newNamespace.Status.Phase, "may only be in terminating status if it has a deletion timestamp."))
|
||||
allErrs = append(allErrs, field.Invalid(field.NewPath("status", "Phase"), newNamespace.Status.Phase, "may only be 'Terminating' if `deletionTimestamp` is not empty"))
|
||||
}
|
||||
}
|
||||
return allErrs
|
||||
@@ -1971,10 +1978,10 @@ func validateEndpointSubsets(subsets []api.EndpointSubset, fldPath *field.Path)
|
||||
|
||||
if len(ss.Addresses) == 0 && len(ss.NotReadyAddresses) == 0 {
|
||||
//TODO: consider adding a RequiredOneOf() error for this and similar cases
|
||||
allErrs = append(allErrs, field.Required(idxPath.Child("addresses or notReadyAddresses")))
|
||||
allErrs = append(allErrs, field.Required(idxPath, "must specify `addresses` or `notReadyAddresses`"))
|
||||
}
|
||||
if len(ss.Ports) == 0 {
|
||||
allErrs = append(allErrs, field.Required(idxPath.Child("ports")))
|
||||
allErrs = append(allErrs, field.Required(idxPath.Child("ports"), ""))
|
||||
}
|
||||
for addr := range ss.Addresses {
|
||||
allErrs = append(allErrs, validateEndpointAddress(&ss.Addresses[addr], idxPath.Child("addresses").Index(addr))...)
|
||||
@@ -1990,7 +1997,7 @@ func validateEndpointSubsets(subsets []api.EndpointSubset, fldPath *field.Path)
|
||||
func validateEndpointAddress(address *api.EndpointAddress, fldPath *field.Path) field.ErrorList {
|
||||
allErrs := field.ErrorList{}
|
||||
if !validation.IsValidIPv4(address.IP) {
|
||||
allErrs = append(allErrs, field.Invalid(fldPath.Child("ip"), address.IP, "invalid IPv4 address"))
|
||||
allErrs = append(allErrs, field.Invalid(fldPath.Child("ip"), address.IP, "must be a valid IPv4 address"))
|
||||
return allErrs
|
||||
}
|
||||
return validateIpIsNotLinkLocalOrLoopback(address.IP, fldPath.Child("ip"))
|
||||
@@ -2002,7 +2009,7 @@ func validateIpIsNotLinkLocalOrLoopback(ipAddress string, fldPath *field.Path) f
|
||||
allErrs := field.ErrorList{}
|
||||
ip := net.ParseIP(ipAddress)
|
||||
if ip == nil {
|
||||
allErrs = append(allErrs, field.Invalid(fldPath, ipAddress, "not a valid IP address"))
|
||||
allErrs = append(allErrs, field.Invalid(fldPath, ipAddress, "must be a valid IP address"))
|
||||
return allErrs
|
||||
}
|
||||
if ip.IsLoopback() {
|
||||
@@ -2020,7 +2027,7 @@ func validateIpIsNotLinkLocalOrLoopback(ipAddress string, fldPath *field.Path) f
|
||||
func validateEndpointPort(port *api.EndpointPort, requireName bool, fldPath *field.Path) field.ErrorList {
|
||||
allErrs := field.ErrorList{}
|
||||
if requireName && len(port.Name) == 0 {
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("name")))
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("name"), ""))
|
||||
} else if len(port.Name) != 0 {
|
||||
if !validation.IsDNS1123Label(port.Name) {
|
||||
allErrs = append(allErrs, field.Invalid(fldPath.Child("name"), port.Name, DNS1123LabelErrorMsg))
|
||||
@@ -2030,7 +2037,7 @@ func validateEndpointPort(port *api.EndpointPort, requireName bool, fldPath *fie
|
||||
allErrs = append(allErrs, field.Invalid(fldPath.Child("port"), port.Port, PortRangeErrorMsg))
|
||||
}
|
||||
if len(port.Protocol) == 0 {
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("protocol")))
|
||||
allErrs = append(allErrs, field.Required(fldPath.Child("protocol"), ""))
|
||||
} else if !supportedPortProtocols.Has(string(port.Protocol)) {
|
||||
allErrs = append(allErrs, field.NotSupported(fldPath.Child("protocol"), port.Protocol, supportedPortProtocols.List()))
|
||||
}
|
||||
@@ -2054,13 +2061,13 @@ func ValidateSecurityContext(sc *api.SecurityContext, fldPath *field.Path) field
|
||||
|
||||
if sc.Privileged != nil {
|
||||
if *sc.Privileged && !capabilities.Get().AllowPrivileged {
|
||||
allErrs = append(allErrs, field.Forbidden(fldPath.Child("privileged"), sc.Privileged))
|
||||
allErrs = append(allErrs, field.Forbidden(fldPath.Child("privileged"), "disallowed by policy"))
|
||||
}
|
||||
}
|
||||
|
||||
if sc.RunAsUser != nil {
|
||||
if *sc.RunAsUser < 0 {
|
||||
allErrs = append(allErrs, field.Invalid(fldPath.Child("runAsUser"), *sc.RunAsUser, "cannot be negative"))
|
||||
allErrs = append(allErrs, field.Invalid(fldPath.Child("runAsUser"), *sc.RunAsUser, isNegativeErrorMsg))
|
||||
}
|
||||
}
|
||||
return allErrs
|
||||
@@ -2069,17 +2076,17 @@ func ValidateSecurityContext(sc *api.SecurityContext, fldPath *field.Path) field
|
||||
func ValidatePodLogOptions(opts *api.PodLogOptions) field.ErrorList {
|
||||
allErrs := field.ErrorList{}
|
||||
if opts.TailLines != nil && *opts.TailLines < 0 {
|
||||
allErrs = append(allErrs, field.Invalid(field.NewPath("tailLines"), *opts.TailLines, "must be a non-negative integer or nil"))
|
||||
allErrs = append(allErrs, field.Invalid(field.NewPath("tailLines"), *opts.TailLines, isNegativeErrorMsg))
|
||||
}
|
||||
if opts.LimitBytes != nil && *opts.LimitBytes < 1 {
|
||||
allErrs = append(allErrs, field.Invalid(field.NewPath("limitBytes"), *opts.LimitBytes, "must be a positive integer or nil"))
|
||||
allErrs = append(allErrs, field.Invalid(field.NewPath("limitBytes"), *opts.LimitBytes, "must be greater than 0"))
|
||||
}
|
||||
switch {
|
||||
case opts.SinceSeconds != nil && opts.SinceTime != nil:
|
||||
allErrs = append(allErrs, field.Invalid(field.NewPath(""), *opts.SinceSeconds, "only one of sinceTime or sinceSeconds can be provided"))
|
||||
allErrs = append(allErrs, field.Forbidden(field.NewPath(""), "at most one of `sinceTime` or `sinceSeconds` may be specified"))
|
||||
case opts.SinceSeconds != nil:
|
||||
if *opts.SinceSeconds < 1 {
|
||||
allErrs = append(allErrs, field.Invalid(field.NewPath("sinceSeconds"), *opts.SinceSeconds, "must be a positive integer"))
|
||||
allErrs = append(allErrs, field.Invalid(field.NewPath("sinceSeconds"), *opts.SinceSeconds, "must be greater than 0"))
|
||||
}
|
||||
}
|
||||
return allErrs
|
||||
@@ -2092,7 +2099,7 @@ func ValidateLoadBalancerStatus(status *api.LoadBalancerStatus, fldPath *field.P
|
||||
idxPath := fldPath.Child("ingress").Index(i)
|
||||
if len(ingress.IP) > 0 {
|
||||
if isIP := (net.ParseIP(ingress.IP) != nil); !isIP {
|
||||
allErrs = append(allErrs, field.Invalid(idxPath.Child("ip"), ingress.IP, "must be an IP address"))
|
||||
allErrs = append(allErrs, field.Invalid(idxPath.Child("ip"), ingress.IP, "must be a valid IP address"))
|
||||
}
|
||||
}
|
||||
if len(ingress.Hostname) > 0 {
|
||||
|
||||
Reference in New Issue
Block a user