add validation to rbac group and apply small cleanups

pkg/apis/rbac/validation/validation.go

@@ -29,73 +29,65 @@ func minimalNameRequirements(name string, prefix bool) []string {
 	return validation.IsValidPathSegmentName(name)
 }
 
-func ValidateLocalRole(policy *rbac.Role) field.ErrorList {
-	return ValidateRole(policy, true)
+func ValidateRole(policy *rbac.Role) field.ErrorList {
+	return validateRole(policy, true)
 }
 
-func ValidateLocalRoleUpdate(policy *rbac.Role, oldRole *rbac.Role) field.ErrorList {
-	return ValidateRoleUpdate(policy, oldRole, true)
+func ValidateRoleUpdate(policy *rbac.Role, oldRole *rbac.Role) field.ErrorList {
+	return validateRoleUpdate(policy, oldRole, true)
 }
 
 func ValidateClusterRole(policy *rbac.ClusterRole) field.ErrorList {
-	return ValidateRole(toRole(policy), false)
+	return validateRole(toRole(policy), false)
 }
 
 func ValidateClusterRoleUpdate(policy *rbac.ClusterRole, oldRole *rbac.ClusterRole) field.ErrorList {
-	return ValidateRoleUpdate(toRole(policy), toRole(oldRole), false)
+	return validateRoleUpdate(toRole(policy), toRole(oldRole), false)
 }
 
-func ValidateRole(role *rbac.Role, isNamespaced bool) field.ErrorList {
-	return validateRole(role, isNamespaced, nil)
+func validateRole(role *rbac.Role, isNamespaced bool) field.ErrorList {
+	return validation.ValidateObjectMeta(&role.ObjectMeta, isNamespaced, minimalNameRequirements, field.NewPath("metadata"))
 }
 
-func validateRole(role *rbac.Role, isNamespaced bool, fldPath *field.Path) field.ErrorList {
-	return validation.ValidateObjectMeta(&role.ObjectMeta, isNamespaced, minimalNameRequirements, fldPath.Child("metadata"))
-}
-
-func ValidateRoleUpdate(role *rbac.Role, oldRole *rbac.Role, isNamespaced bool) field.ErrorList {
-	allErrs := ValidateRole(role, isNamespaced)
+func validateRoleUpdate(role *rbac.Role, oldRole *rbac.Role, isNamespaced bool) field.ErrorList {
+	allErrs := validateRole(role, isNamespaced)
 	allErrs = append(allErrs, validation.ValidateObjectMetaUpdate(&role.ObjectMeta, &oldRole.ObjectMeta, field.NewPath("metadata"))...)
 
 	return allErrs
 }
 
-func ValidateLocalRoleBinding(policy *rbac.RoleBinding) field.ErrorList {
-	return ValidateRoleBinding(policy, true)
+func ValidateRoleBinding(policy *rbac.RoleBinding) field.ErrorList {
+	return validateRoleBinding(policy, true)
 }
 
-func ValidateLocalRoleBindingUpdate(policy *rbac.RoleBinding, oldRoleBinding *rbac.RoleBinding) field.ErrorList {
-	return ValidateRoleBindingUpdate(policy, oldRoleBinding, true)
+func ValidateRoleBindingUpdate(policy *rbac.RoleBinding, oldRoleBinding *rbac.RoleBinding) field.ErrorList {
+	return validateRoleBindingUpdate(policy, oldRoleBinding, true)
 }
 
 func ValidateClusterRoleBinding(policy *rbac.ClusterRoleBinding) field.ErrorList {
-	return ValidateRoleBinding(toRoleBinding(policy), false)
+	return validateRoleBinding(toRoleBinding(policy), false)
 }
 
 func ValidateClusterRoleBindingUpdate(policy *rbac.ClusterRoleBinding, oldRoleBinding *rbac.ClusterRoleBinding) field.ErrorList {
-	return ValidateRoleBindingUpdate(toRoleBinding(policy), toRoleBinding(oldRoleBinding), false)
+	return validateRoleBindingUpdate(toRoleBinding(policy), toRoleBinding(oldRoleBinding), false)
 }
 
-func ValidateRoleBinding(roleBinding *rbac.RoleBinding, isNamespaced bool) field.ErrorList {
-	return validateRoleBinding(roleBinding, isNamespaced, nil)
-}
-
-func validateRoleBinding(roleBinding *rbac.RoleBinding, isNamespaced bool, fldPath *field.Path) field.ErrorList {
+func validateRoleBinding(roleBinding *rbac.RoleBinding, isNamespaced bool) field.ErrorList {
 	allErrs := field.ErrorList{}
-	allErrs = append(allErrs, validation.ValidateObjectMeta(&roleBinding.ObjectMeta, isNamespaced, minimalNameRequirements, fldPath.Child("metadata"))...)
+	allErrs = append(allErrs, validation.ValidateObjectMeta(&roleBinding.ObjectMeta, isNamespaced, minimalNameRequirements, field.NewPath("metadata"))...)
 
 	// roleRef namespace is empty when referring to global policy.
 	if len(roleBinding.RoleRef.Namespace) > 0 {
 		for _, msg := range validation.ValidateNamespaceName(roleBinding.RoleRef.Namespace, false) {
-			allErrs = append(allErrs, field.Invalid(fldPath.Child("roleRef", "namespace"), roleBinding.RoleRef.Namespace, msg))
+			allErrs = append(allErrs, field.Invalid(field.NewPath("roleRef", "namespace"), roleBinding.RoleRef.Namespace, msg))
 		}
 	}
 
 	if len(roleBinding.RoleRef.Name) == 0 {
-		allErrs = append(allErrs, field.Required(fldPath.Child("roleRef", "name"), ""))
+		allErrs = append(allErrs, field.Required(field.NewPath("roleRef", "name"), ""))
 	} else {
 		for _, msg := range minimalNameRequirements(roleBinding.RoleRef.Name, false) {
-			allErrs = append(allErrs, field.Invalid(fldPath.Child("roleRef", "name"), roleBinding.RoleRef.Name, msg))
+			allErrs = append(allErrs, field.Invalid(field.NewPath("roleRef", "name"), roleBinding.RoleRef.Name, msg))
 		}
 	}
 
@@ -147,8 +139,8 @@ func validateRoleBindingSubject(subject rbac.Subject, isNamespaced bool, fldPath
 	return allErrs
 }
 
-func ValidateRoleBindingUpdate(roleBinding *rbac.RoleBinding, oldRoleBinding *rbac.RoleBinding, isNamespaced bool) field.ErrorList {
-	allErrs := ValidateRoleBinding(roleBinding, isNamespaced)
+func validateRoleBindingUpdate(roleBinding *rbac.RoleBinding, oldRoleBinding *rbac.RoleBinding, isNamespaced bool) field.ErrorList {
+	allErrs := validateRoleBinding(roleBinding, isNamespaced)
 	allErrs = append(allErrs, validation.ValidateObjectMetaUpdate(&roleBinding.ObjectMeta, &oldRoleBinding.ObjectMeta, field.NewPath("metadata"))...)
 
 	if oldRoleBinding.RoleRef != roleBinding.RoleRef {