kubernetes
/
kubectl
mirror of https://github.com/kubernetes/kubectl.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Move pkg/kubectl/validation to staging 

Kubernetes-commit: 5eac54e755b47f145a6c76c2242b4ef8a469a850
This commit is contained in:
Sean Sullivan 2019-06-26 12:56:28 -07:00 committed by Kubernetes Publisher
parent 01460b105e
commit 48d0bc9f5c
8 changed files with 374 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

103
pkg/validation/schema.go Normal file
View File

@ -0,0 +1,103 @@
/*
Copyright 2014 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package validation
import (
"bytes"
"encoding/json"
"fmt"
ejson "github.com/exponent-io/jsonpath"
utilerrors "k8s.io/apimachinery/pkg/util/errors"
)
// Schema is an interface that knows how to validate an API object serialized to a byte array.
type Schema interface {
ValidateBytes(data []byte) error
}
// NullSchema always validates bytes.
type NullSchema struct{}
// ValidateBytes never fails for NullSchema.
func (NullSchema) ValidateBytes(data []byte) error { return nil }
// NoDoubleKeySchema is a schema that disallows double keys.
type NoDoubleKeySchema struct{}
// ValidateBytes validates bytes.
func (NoDoubleKeySchema) ValidateBytes(data []byte) error {
var list []error
if err := validateNoDuplicateKeys(data, "metadata", "labels"); err != nil {
list = append(list, err)
}
if err := validateNoDuplicateKeys(data, "metadata", "annotations"); err != nil {
list = append(list, err)
}
return utilerrors.NewAggregate(list)
}
func validateNoDuplicateKeys(data []byte, path ...string) error {
r := ejson.NewDecoder(bytes.NewReader(data))
// This is Go being unfriendly. The 'path ...string' comes in as a
// []string, and SeekTo takes ...interface{}, so we can't just pass
// the path straight in, we have to copy it. *sigh*
ifacePath := []interface{}{}
for ix := range path {
ifacePath = append(ifacePath, path[ix])
}
found, err := r.SeekTo(ifacePath...)
if err != nil {
return err
}
if !found {
return nil
}
seen := map[string]bool{}
for {
tok, err := r.Token()
if err != nil {
return err
}
switch t := tok.(type) {
case json.Delim:
if t.String() == "}" {
return nil
}
case ejson.KeyString:
if seen[string(t)] {
return fmt.Errorf("duplicate key: %s", string(t))
}
seen[string(t)] = true
}
}
}
// ConjunctiveSchema encapsulates a schema list.
type ConjunctiveSchema []Schema
// ValidateBytes validates bytes per a ConjunctiveSchema.
func (c ConjunctiveSchema) ValidateBytes(data []byte) error {
var list []error
schemas := []Schema(c)
for ix := range schemas {
if err := schemas[ix].ValidateBytes(data); err != nil {
list = append(list, err)
}
}
return utilerrors.NewAggregate(list)
}

141
pkg/validation/schema_test.go Normal file
View File

@ -0,0 +1,141 @@
/*
Copyright 2014 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package validation
import (
"fmt"
"testing"
)
func TestValidateDuplicateLabelsFailCases(t *testing.T) {
strs := []string{
`{
"metadata": {
"labels": {
"foo": "bar",
"foo": "baz"
}
}
}`,
`{
"metadata": {
"annotations": {
"foo": "bar",
"foo": "baz"
}
}
}`,
`{
"metadata": {
"labels": {
"foo": "blah"
},
"annotations": {
"foo": "bar",
"foo": "baz"
}
}
}`,
}
schema := NoDoubleKeySchema{}
for _, str := range strs {
err := schema.ValidateBytes([]byte(str))
if err == nil {
t.Errorf("Unexpected non-error %s", str)
}
}
}
func TestValidateDuplicateLabelsPassCases(t *testing.T) {
strs := []string{
`{
"metadata": {
"labels": {
"foo": "bar"
},
"annotations": {
"foo": "baz"
}
}
}`,
`{
"metadata": {}
}`,
`{
"metadata": {
"labels": {}
}
}`,
}
schema := NoDoubleKeySchema{}
for _, str := range strs {
err := schema.ValidateBytes([]byte(str))
if err != nil {
t.Errorf("Unexpected error: %v %s", err, str)
}
}
}
// AlwaysInvalidSchema is always invalid.
type AlwaysInvalidSchema struct{}
// ValidateBytes always fails to validate.
func (AlwaysInvalidSchema) ValidateBytes([]byte) error {
return fmt.Errorf("always invalid")
}
func TestConjunctiveSchema(t *testing.T) {
tests := []struct {
schemas []Schema
shouldPass bool
name string
}{
{
schemas: []Schema{NullSchema{}, NullSchema{}},
shouldPass: true,
name: "all pass",
},
{
schemas: []Schema{NullSchema{}, AlwaysInvalidSchema{}},
shouldPass: false,
name: "one fail",
},
{
schemas: []Schema{AlwaysInvalidSchema{}, AlwaysInvalidSchema{}},
shouldPass: false,
name: "all fail",
},
{
schemas: []Schema{},
shouldPass: true,
name: "empty",
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
schema := ConjunctiveSchema(tt.schemas)
err := schema.ValidateBytes([]byte{})
if err != nil && tt.shouldPass {
t.Errorf("Unexpected error: %v in %s", err, tt.name)
}
if err == nil && !tt.shouldPass {
t.Errorf("Unexpected non-error: %s", tt.name)
}
})
}
}

11
pkg/validation/testdata/v1/invalidPod.yaml vendored Normal file
View File

@ -0,0 +1,11 @@
apiVersion: v1
kind: Pod
metadata:
labels:
name: redis-master
name: name
spec:
containers:
- args: "this is a bad command"
image: gcr.io/fake_project/fake_image:fake_tag
name: master

19
pkg/validation/testdata/v1/invalidPod1.json vendored Normal file
View File

@ -0,0 +1,19 @@
{
"kind": "Pod",
"apiVersion": "v1",
"metadata": {
"name": "name",
"labels": {
"name": "redis-master"
}
},
"spec": {
"containers": [
{
"name": "master",
"image": "gcr.io/fake_project/fake_image:fake_tag",
"args": "this is a bad command"
}
]
}
}

35
pkg/validation/testdata/v1/invalidPod2.json vendored Normal file
View File

@ -0,0 +1,35 @@
{
"kind": "Pod",
"apiVersion": "v1",
"metadata": {
"name": "apache-php",
"labels": {
"name": "apache-php"
}
},
"spec": {
"volumes": [{
"name": "shared-disk"
}],
"containers": [
{
"name": "apache-php",
"image": "gcr.io/fake_project/fake_image:fake_tag",
"ports": [
{
"name": "apache",
"hostPort": "13380",
"containerPort": 80,
"protocol": "TCP"
}
],
"volumeMounts": [
{
"name": "shared-disk",
"mountPath": "/var/www/html"
}
]
}
]
}
}

35
pkg/validation/testdata/v1/invalidPod3.json vendored Normal file
View File

@ -0,0 +1,35 @@
{
"kind": "Pod",
"apiVersion": "v1",
"metadata": {
"name": "apache-php",
"labels": {
"name": "apache-php"
}
},
"spec": {
"volumes": [
"name": "shared-disk"
],
"containers": [
{
"name": "apache-php",
"image": "gcr.io/fake_project/fake_image:fake_tag",
"ports": [
{
"name": "apache",
"hostPort": 13380,
"containerPort": 80,
"protocol": "TCP"
}
],
"volumeMounts": [
{
"name": "shared-disk",
"mountPath": "/var/www/html"
}
]
}
]
}
}

14
pkg/validation/testdata/v1/invalidPod4.yaml vendored Normal file
View File

@ -0,0 +1,14 @@
apiVersion: v1
kind: Pod
metadata:
labels:
name: redis-master
name: name
spec:
containers:
- image: gcr.io/fake_project/fake_image:fake_tag
name: master
args:
-
command:
-

16
pkg/validation/testdata/v1/validPod.yaml vendored Normal file
View File

@ -0,0 +1,16 @@
apiVersion: v1
kind: Pod
metadata:
labels:
name: redis-master
name: name
spec:
containers:
- args:
- this
- is
- an
- ok
- command
image: gcr.io/fake_project/fake_image:fake_tag
name: master