Merge pull request #99528 from pandaamanda/apiserver_validation_code_optimization

fix log message and optimize log format check logic
2025-07-22 11:21:47 +00:00 · 2021-04-08 14:28:34 -07:00 · 2021-04-08 14:28:34 -07:00 · 26fba1403b
commit 26fba1403b
parent ec672f3713 4a24a08f93
5 changed files with 12 additions and 22 deletions
--- a/cmd/kube-apiserver/app/options/validation.go
+++ b/cmd/kube-apiserver/app/options/validation.go
@ -104,7 +104,7 @@ func validateServiceNodePort(options *ServerRunOptions) []error {
 	}

 	if options.KubernetesServiceNodePort > 0 && !options.ServiceNodePortRange.Contains(options.KubernetesServiceNodePort) {
-		errs = append(errs, fmt.Errorf("kubernetes service port range %v doesn't contain %v", options.ServiceNodePortRange, (options.KubernetesServiceNodePort)))
+		errs = append(errs, fmt.Errorf("kubernetes service node port range %v doesn't contain %v", options.ServiceNodePortRange, options.KubernetesServiceNodePort))
 	}
 	return errs
 }
--- a/pkg/kubeapiserver/options/admission.go
+++ b/pkg/kubeapiserver/options/admission.go
@ -84,7 +84,7 @@ func (a *AdmissionOptions) Validate() []error {
 	if a == nil {
 		return nil
 	}
-	errs := []error{}
+	var errs []error
 	if a.PluginNames != nil &&
 		(a.GenericAdmission.EnablePlugins != nil || a.GenericAdmission.DisablePlugins != nil) {
 		errs = append(errs, fmt.Errorf("admission-control and enable-admission-plugins/disable-admission-plugins flags are mutually exclusive"))
--- a/pkg/kubeapiserver/options/authentication.go
+++ b/pkg/kubeapiserver/options/authentication.go
@ -185,7 +185,7 @@ func (o *BuiltInAuthenticationOptions) WithWebHook() *BuiltInAuthenticationOptio

 // Validate checks invalid config combination
 func (o *BuiltInAuthenticationOptions) Validate() []error {
-	allErrors := []error{}
+	var allErrors []error

 	if o.OIDC != nil && (len(o.OIDC.IssuerURL) > 0) != (len(o.OIDC.ClientID) > 0) {
 		allErrors = append(allErrors, fmt.Errorf("oidc-issuer-url and oidc-client-id should be specified together"))
@ -219,7 +219,7 @@ func (o *BuiltInAuthenticationOptions) Validate() []error {
 	if o.WebHook != nil {
 		retryBackoff := o.WebHook.RetryBackoff
 		if retryBackoff != nil && retryBackoff.Steps <= 0 {
-			allErrors = append(allErrors, fmt.Errorf("number of webhook retry attempts must be greater than 1, but is: %d", retryBackoff.Steps))
+			allErrors = append(allErrors, fmt.Errorf("number of webhook retry attempts must be greater than 0, but is: %d", retryBackoff.Steps))
 		}
 	}

--- a/pkg/kubeapiserver/options/authorization.go
+++ b/pkg/kubeapiserver/options/authorization.go
@ -61,7 +61,7 @@ func (o *BuiltInAuthorizationOptions) Validate() []error {
 	if o == nil {
 		return nil
 	}
-	allErrors := []error{}
+	var allErrors []error

 	if len(o.Modes) == 0 {
 		allErrors = append(allErrors, fmt.Errorf("at least one authorization-mode must be passed"))
@ -72,17 +72,13 @@ func (o *BuiltInAuthorizationOptions) Validate() []error {
 		if !authzmodes.IsValidAuthorizationMode(mode) {
 			allErrors = append(allErrors, fmt.Errorf("authorization-mode %q is not a valid mode", mode))
 		}
-		if mode == authzmodes.ModeABAC {
-			if o.PolicyFile == "" {
+		if mode == authzmodes.ModeABAC && o.PolicyFile == "" {
 			allErrors = append(allErrors, fmt.Errorf("authorization-mode ABAC's authorization policy file not passed"))
 		}
-		}
-		if mode == authzmodes.ModeWebhook {
-			if o.WebhookConfigFile == "" {
+		if mode == authzmodes.ModeWebhook && o.WebhookConfigFile == "" {
 			allErrors = append(allErrors, fmt.Errorf("authorization-mode Webhook's authorization config file not passed"))
 		}
 	}
-	}

 	if o.PolicyFile != "" && !modes.Has(authzmodes.ModeABAC) {
 		allErrors = append(allErrors, fmt.Errorf("cannot specify --authorization-policy-file without mode ABAC"))
@ -97,7 +93,7 @@ func (o *BuiltInAuthorizationOptions) Validate() []error {
 	}

 	if o.WebhookRetryBackoff != nil && o.WebhookRetryBackoff.Steps <= 0 {
-		allErrors = append(allErrors, fmt.Errorf("number of webhook retry attempts must be greater than 1, but is: %d", o.WebhookRetryBackoff.Steps))
+		allErrors = append(allErrors, fmt.Errorf("number of webhook retry attempts must be greater than 0, but is: %d", o.WebhookRetryBackoff.Steps))
 	}

 	return allErrors
--- a/staging/src/k8s.io/apiserver/pkg/server/options/audit.go
+++ b/staging/src/k8s.io/apiserver/pkg/server/options/audit.go
@ -29,6 +29,7 @@ import (

 	"k8s.io/apimachinery/pkg/runtime/schema"
 	utilnet "k8s.io/apimachinery/pkg/util/net"
+	"k8s.io/apimachinery/pkg/util/sets"
 	auditinternal "k8s.io/apiserver/pkg/apis/audit"
 	auditv1 "k8s.io/apiserver/pkg/apis/audit/v1"
 	auditv1alpha1 "k8s.io/apiserver/pkg/apis/audit/v1alpha1"
@ -478,14 +479,7 @@ func (o *AuditLogOptions) Validate() []error {
 	}

 	// Check log format
-	validFormat := false
-	for _, f := range pluginlog.AllowedFormats {
-		if f == o.Format {
-			validFormat = true
-			break
-		}
-	}
-	if !validFormat {
+	if !sets.NewString(pluginlog.AllowedFormats...).Has(o.Format) {
 		allErrors = append(allErrors, fmt.Errorf("invalid audit log format %s, allowed formats are %q", o.Format, strings.Join(pluginlog.AllowedFormats, ",")))
 	}