Move AppArmor profile validation to the API validation pkg

pkg/security/apparmor/validate.go

@@ -28,6 +28,7 @@ import (
 	v1 "k8s.io/api/core/v1"
 	utilfeature "k8s.io/apiserver/pkg/util/feature"
 	podutil "k8s.io/kubernetes/pkg/api/v1/pod"
+	"k8s.io/kubernetes/pkg/apis/core/validation"
 	"k8s.io/kubernetes/pkg/features"
 	utilpath "k8s.io/utils/path"
 )
@@ -75,12 +76,12 @@ func (v *validator) Validate(pod *v1.Pod) error {
 	var retErr error
 	podutil.VisitContainers(&pod.Spec, podutil.AllContainers, func(container *v1.Container, containerType podutil.ContainerType) bool {
 		profile := GetProfileName(pod, container.Name)
-		retErr = ValidateProfileFormat(profile)
+		retErr = validation.ValidateAppArmorProfileFormat(profile)
 		if retErr != nil {
 			return false
 		}
-		// TODO(#64841): This would ideally be part of ValidateProfileFormat, but that is called for
-		// API validation, and this is tightening validation.
+		// TODO(#64841): This would ideally be part of validation.ValidateAppArmorProfileFormat, but
+		// that is called for API validation, and this is tightening validation.
 		if strings.HasPrefix(profile, v1.AppArmorBetaProfileNamePrefix) {
 			if strings.TrimSpace(strings.TrimPrefix(profile, v1.AppArmorBetaProfileNamePrefix)) == "" {
 				retErr = fmt.Errorf("invalid empty AppArmor profile name: %q", profile)
@@ -117,17 +118,6 @@ func validateHost() error {
 	return nil
 }
 
-// ValidateProfileFormat checks the format of the profile.
-func ValidateProfileFormat(profile string) error {
-	if profile == "" || profile == v1.AppArmorBetaProfileRuntimeDefault || profile == v1.AppArmorBetaProfileNameUnconfined {
-		return nil
-	}
-	if !strings.HasPrefix(profile, v1.AppArmorBetaProfileNamePrefix) {
-		return fmt.Errorf("invalid AppArmor profile name: %q", profile)
-	}
-	return nil
-}
-
 func getAppArmorFS() (string, error) {
 	mountsFile, err := os.Open("/proc/mounts")
 	if err != nil {