github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-22 03:11:40 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #99528 from pandaamanda/apiserver_validation_code_optimization

Browse Source 
fix log message and optimize log format check logic
This commit is contained in:
Kubernetes Prow Robot 2021-04-08 14:28:34 -07:00 committed by GitHub
commit 26fba1403b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 12 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cmd/kube-apiserver/app/options/validation.go
View File

@ -104,7 +104,7 @@ func validateServiceNodePort(options *ServerRunOptions) []error {
}
if options.KubernetesServiceNodePort > 0 && !options.ServiceNodePortRange.Contains(options.KubernetesServiceNodePort) {
errs = append(errs, fmt.Errorf("kubernetes service port range %v doesn't contain %v", options.ServiceNodePortRange, (options.KubernetesServiceNodePort)))
errs = append(errs, fmt.Errorf("kubernetes service node port range %v doesn't contain %v", options.ServiceNodePortRange, options.KubernetesServiceNodePort))
}
return errs
}

2
pkg/kubeapiserver/options/admission.go
View File

@ -84,7 +84,7 @@ func (a *AdmissionOptions) Validate() []error {
if a == nil {
return nil
}
errs := []error{}
var errs []error
if a.PluginNames != nil &&
(a.GenericAdmission.EnablePlugins != nil || a.GenericAdmission.DisablePlugins != nil) {
errs = append(errs, fmt.Errorf("admission-control and enable-admission-plugins/disable-admission-plugins flags are mutually exclusive"))

4
pkg/kubeapiserver/options/authentication.go
View File

@ -185,7 +185,7 @@ func (o *BuiltInAuthenticationOptions) WithWebHook() *BuiltInAuthenticationOptio
// Validate checks invalid config combination
func (o *BuiltInAuthenticationOptions) Validate() []error {
allErrors := []error{}
var allErrors []error
if o.OIDC != nil && (len(o.OIDC.IssuerURL) > 0) != (len(o.OIDC.ClientID) > 0) {
allErrors = append(allErrors, fmt.Errorf("oidc-issuer-url and oidc-client-id should be specified together"))
@ -219,7 +219,7 @@ func (o *BuiltInAuthenticationOptions) Validate() []error {
if o.WebHook != nil {
retryBackoff := o.WebHook.RetryBackoff
if retryBackoff != nil && retryBackoff.Steps <= 0 {
allErrors = append(allErrors, fmt.Errorf("number of webhook retry attempts must be greater than 1, but is: %d", retryBackoff.Steps))
allErrors = append(allErrors, fmt.Errorf("number of webhook retry attempts must be greater than 0, but is: %d", retryBackoff.Steps))
}
}

16
pkg/kubeapiserver/options/authorization.go
View File

@ -61,7 +61,7 @@ func (o *BuiltInAuthorizationOptions) Validate() []error {
if o == nil {
return nil
}
allErrors := []error{}
var allErrors []error
if len(o.Modes) == 0 {
allErrors = append(allErrors, fmt.Errorf("at least one authorization-mode must be passed"))
@ -72,15 +72,11 @@ func (o *BuiltInAuthorizationOptions) Validate() []error {
if !authzmodes.IsValidAuthorizationMode(mode) {
allErrors = append(allErrors, fmt.Errorf("authorization-mode %q is not a valid mode", mode))
}
if mode == authzmodes.ModeABAC {
if o.PolicyFile == "" {
allErrors = append(allErrors, fmt.Errorf("authorization-mode ABAC's authorization policy file not passed"))
}
if mode == authzmodes.ModeABAC && o.PolicyFile == "" {
allErrors = append(allErrors, fmt.Errorf("authorization-mode ABAC's authorization policy file not passed"))
}
if mode == authzmodes.ModeWebhook {
if o.WebhookConfigFile == "" {
allErrors = append(allErrors, fmt.Errorf("authorization-mode Webhook's authorization config file not passed"))
}
if mode == authzmodes.ModeWebhook && o.WebhookConfigFile == "" {
allErrors = append(allErrors, fmt.Errorf("authorization-mode Webhook's authorization config file not passed"))
}
}
@ -97,7 +93,7 @@ func (o *BuiltInAuthorizationOptions) Validate() []error {
}
if o.WebhookRetryBackoff != nil && o.WebhookRetryBackoff.Steps <= 0 {
allErrors = append(allErrors, fmt.Errorf("number of webhook retry attempts must be greater than 1, but is: %d", o.WebhookRetryBackoff.Steps))
allErrors = append(allErrors, fmt.Errorf("number of webhook retry attempts must be greater than 0, but is: %d", o.WebhookRetryBackoff.Steps))
}
return allErrors

10
staging/src/k8s.io/apiserver/pkg/server/options/audit.go
View File

@ -29,6 +29,7 @@ import (
"k8s.io/apimachinery/pkg/runtime/schema"
utilnet "k8s.io/apimachinery/pkg/util/net"
"k8s.io/apimachinery/pkg/util/sets"
auditinternal "k8s.io/apiserver/pkg/apis/audit"
auditv1 "k8s.io/apiserver/pkg/apis/audit/v1"
auditv1alpha1 "k8s.io/apiserver/pkg/apis/audit/v1alpha1"
@ -478,14 +479,7 @@ func (o *AuditLogOptions) Validate() []error {
}
// Check log format
validFormat := false
for _, f := range pluginlog.AllowedFormats {
if f == o.Format {
validFormat = true
break
}
}
if !validFormat {
if !sets.NewString(pluginlog.AllowedFormats...).Has(o.Format) {
allErrors = append(allErrors, fmt.Errorf("invalid audit log format %s, allowed formats are %q", o.Format, strings.Join(pluginlog.AllowedFormats, ",")))
}