From 20bad760fcb8d37ba77b28a177dd6aab66427544 Mon Sep 17 00:00:00 2001 From: Mike Danese Date: Tue, 13 Nov 2018 17:22:19 -0800 Subject: [PATCH] cleanup error handling in apiserver opts validation --- cmd/kube-apiserver/app/options/validation.go | 84 ++++++++------------ 1 file changed, 33 insertions(+), 51 deletions(-) diff --git a/cmd/kube-apiserver/app/options/validation.go b/cmd/kube-apiserver/app/options/validation.go index 4ea411d41ba..d0b1bd0ada9 100644 --- a/cmd/kube-apiserver/app/options/validation.go +++ b/cmd/kube-apiserver/app/options/validation.go @@ -17,6 +17,7 @@ limitations under the License. package options import ( + "errors" "fmt" apiextensionsapiserver "k8s.io/apiextensions-apiserver/pkg/apiserver" @@ -28,31 +29,34 @@ import ( // TODO: Longer term we should read this from some config store, rather than a flag. func validateClusterIPFlags(options *ServerRunOptions) []error { - errors := []error{} + var errs []error + if options.ServiceClusterIPRange.IP == nil { - errors = append(errors, fmt.Errorf("no --service-cluster-ip-range specified")) + errs = append(errs, errors.New("no --service-cluster-ip-range specified")) } var ones, bits = options.ServiceClusterIPRange.Mask.Size() if bits-ones > 20 { - errors = append(errors, fmt.Errorf("specified --service-cluster-ip-range is too large")) + errs = append(errs, errors.New("specified --service-cluster-ip-range is too large")) } - return errors + + return errs } func validateServiceNodePort(options *ServerRunOptions) []error { - errors := []error{} + var errs []error + if options.KubernetesServiceNodePort < 0 || options.KubernetesServiceNodePort > 65535 { - errors = append(errors, fmt.Errorf("--kubernetes-service-node-port %v must be between 0 and 65535, inclusive. If 0, the Kubernetes master service will be of type ClusterIP", options.KubernetesServiceNodePort)) + errs = append(errs, fmt.Errorf("--kubernetes-service-node-port %v must be between 0 and 65535, inclusive. If 0, the Kubernetes master service will be of type ClusterIP", options.KubernetesServiceNodePort)) } if options.KubernetesServiceNodePort > 0 && !options.ServiceNodePortRange.Contains(options.KubernetesServiceNodePort) { - errors = append(errors, fmt.Errorf("kubernetes service port range %v doesn't contain %v", options.ServiceNodePortRange, (options.KubernetesServiceNodePort))) + errs = append(errs, fmt.Errorf("kubernetes service port range %v doesn't contain %v", options.ServiceNodePortRange, (options.KubernetesServiceNodePort))) } - return errors + return errs } func validateTokenRequest(options *ServerRunOptions) []error { - errors := []error{} + var errs []error enableAttempted := options.ServiceAccountSigningKeyFile != "" || options.Authentication.ServiceAccounts.Issuer != "" || @@ -61,63 +65,41 @@ func validateTokenRequest(options *ServerRunOptions) []error { enableSucceeded := options.ServiceAccountIssuer != nil if enableAttempted && !utilfeature.DefaultFeatureGate.Enabled(features.TokenRequest) { - errors = append(errors, fmt.Errorf("the TokenRequest feature is not enabled but --service-account-signing-key-file, --service-account-issuer and/or --api-audiences flags were passed")) + errs = append(errs, errors.New("the TokenRequest feature is not enabled but --service-account-signing-key-file, --service-account-issuer and/or --api-audiences flags were passed")) } if utilfeature.DefaultFeatureGate.Enabled(features.BoundServiceAccountTokenVolume) && !utilfeature.DefaultFeatureGate.Enabled(features.TokenRequest) { - errors = append(errors, fmt.Errorf("the BoundServiceAccountTokenVolume feature depends on the TokenRequest feature, but the TokenRequest features is not enabled")) + errs = append(errs, errors.New("the BoundServiceAccountTokenVolume feature depends on the TokenRequest feature, but the TokenRequest features is not enabled")) } if !enableAttempted && utilfeature.DefaultFeatureGate.Enabled(features.BoundServiceAccountTokenVolume) { - errors = append(errors, fmt.Errorf("--service-account-signing-key-file and --service-account-issuer are required flags")) + errs = append(errs, errors.New("--service-account-signing-key-file and --service-account-issuer are required flags")) } if enableAttempted && !enableSucceeded { - errors = append(errors, fmt.Errorf("--service-account-signing-key-file, --service-account-issuer, and --api-audiences should be specified together")) + errs = append(errs, errors.New("--service-account-signing-key-file, --service-account-issuer, and --api-audiences should be specified together")) } - return errors + return errs } -// Validate checks ServerRunOptions and return a slice of found errors. +// Validate checks ServerRunOptions and return a slice of found errs. func (s *ServerRunOptions) Validate() []error { - var errors []error - if errs := s.Etcd.Validate(); len(errs) > 0 { - errors = append(errors, errs...) - } - if errs := validateClusterIPFlags(s); len(errs) > 0 { - errors = append(errors, errs...) - } - if errs := validateServiceNodePort(s); len(errs) > 0 { - errors = append(errors, errs...) - } - if errs := s.SecureServing.Validate(); len(errs) > 0 { - errors = append(errors, errs...) - } - if errs := s.Authentication.Validate(); len(errs) > 0 { - errors = append(errors, errs...) - } - if errs := s.Authorization.Validate(); len(errs) > 0 { - errors = append(errors, errs...) - } - if errs := s.Audit.Validate(); len(errs) > 0 { - errors = append(errors, errs...) - } - if errs := s.Admission.Validate(); len(errs) > 0 { - errors = append(errors, errs...) - } - if errs := s.InsecureServing.Validate(); len(errs) > 0 { - errors = append(errors, errs...) - } + var errs []error if s.MasterCount <= 0 { - errors = append(errors, fmt.Errorf("--apiserver-count should be a positive number, but value '%d' provided", s.MasterCount)) - } - if errs := s.APIEnablement.Validate(legacyscheme.Scheme, apiextensionsapiserver.Scheme, aggregatorscheme.Scheme); len(errs) > 0 { - errors = append(errors, errs...) - } - if errs := validateTokenRequest(s); len(errs) > 0 { - errors = append(errors, errs...) + errs = append(errs, fmt.Errorf("--apiserver-count should be a positive number, but value '%d' provided", s.MasterCount)) } + errs = append(errs, s.Etcd.Validate()...) + errs = append(errs, validateClusterIPFlags(s)...) + errs = append(errs, validateServiceNodePort(s)...) + errs = append(errs, s.SecureServing.Validate()...) + errs = append(errs, s.Authentication.Validate()...) + errs = append(errs, s.Authorization.Validate()...) + errs = append(errs, s.Audit.Validate()...) + errs = append(errs, s.Admission.Validate()...) + errs = append(errs, s.InsecureServing.Validate()...) + errs = append(errs, s.APIEnablement.Validate(legacyscheme.Scheme, apiextensionsapiserver.Scheme, aggregatorscheme.Scheme)...) + errs = append(errs, validateTokenRequest(s)...) - return errors + return errs }