github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

allow leading dots in secret keys

Browse Source
This commit is contained in:
deads2k
2015-05-11 15:03:10 -04:00
parent efb42b302d
commit d404a17f0a
8 changed files with 50 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
pkg/api/validation/validation.go
View File

@@ -20,6 +20,7 @@ import (
"fmt"
"net"
"path"
"regexp"
"strings"
"github.com/GoogleCloudPlatform/kubernetes/pkg/api"
@@ -1257,6 +1258,16 @@ func ValidateServiceAccountUpdate(oldServiceAccount, newServiceAccount *api.Serv
return allErrs
}
const SecretKeyFmt string = "\\.?" + util.DNS1123LabelFmt + "(\\." + util.DNS1123LabelFmt + ")*"
var secretKeyRegexp = regexp.MustCompile("^" + SecretKeyFmt + "$")
// IsSecretKey tests for a string that conforms to the definition of a
// subdomain in DNS (RFC 1123), except that a leading dot is allowed
func IsSecretKey(value string) bool {
return len(value) <= util.DNS1123SubdomainMaxLength && secretKeyRegexp.MatchString(value)
}
// ValidateSecret tests if required fields in the Secret are set.
func ValidateSecret(secret *api.Secret) errs.ValidationErrorList {
allErrs := errs.ValidationErrorList{}
@@ -1264,8 +1275,8 @@ func ValidateSecret(secret *api.Secret) errs.ValidationErrorList {
totalSize := 0
for key, value := range secret.Data {
if !util.IsDNS1123Subdomain(key) {
allErrs = append(allErrs, errs.NewFieldInvalid(fmt.Sprintf("data[%s]", key), key, dnsSubdomainErrorMsg))
if !IsSecretKey(key) {
allErrs = append(allErrs, errs.NewFieldInvalid(fmt.Sprintf("data[%s]", key), key, fmt.Sprintf("must have at most %d characters and match regex %s", util.DNS1123SubdomainMaxLength, SecretKeyFmt)))
}
totalSize += len(value)