Merge pull request #3788 from markturansky/annotation_validation

Added validation for annotations

pkg/api/validation/validation.go

@@ -399,6 +399,7 @@ func ValidatePod(pod *api.Pod) errs.ValidationErrorList {
 	}
 	allErrs = append(allErrs, ValidatePodSpec(&pod.Spec).Prefix("spec")...)
 	allErrs = append(allErrs, ValidateLabels(pod.Labels, "labels")...)
+	allErrs = append(allErrs, ValidateLabels(pod.Annotations, "annotations")...)
 	return allErrs
 }
 
@@ -482,6 +483,7 @@ func ValidateService(service *api.Service, lister ServiceLister, ctx api.Context
 		allErrs = append(allErrs, ValidateLabels(service.Spec.Selector, "spec.selector")...)
 	}
 	allErrs = append(allErrs, ValidateLabels(service.Labels, "labels")...)
+	allErrs = append(allErrs, ValidateLabels(service.Annotations, "annotations")...)
 
 	if service.Spec.CreateExternalLoadBalancer {
 		services, err := lister.ListServices(ctx)
@@ -518,6 +520,7 @@ func ValidateReplicationController(controller *api.ReplicationController) errs.V
 	}
 	allErrs = append(allErrs, ValidateReplicationControllerSpec(&controller.Spec).Prefix("spec")...)
 	allErrs = append(allErrs, ValidateLabels(controller.Labels, "labels")...)
+	allErrs = append(allErrs, ValidateLabels(controller.Annotations, "annotations")...)
 	return allErrs
 }
 
@@ -540,6 +543,7 @@ func ValidateReplicationControllerSpec(spec *api.ReplicationControllerSpec) errs
 		if !selector.Matches(labels) {
 			allErrs = append(allErrs, errs.NewFieldInvalid("template.labels", spec.Template.Labels, "selector does not match template"))
 		}
+		allErrs = append(allErrs, ValidateLabels(spec.Template.Annotations, "annotations")...)
 		allErrs = append(allErrs, ValidatePodTemplateSpec(spec.Template).Prefix("template")...)
 		// RestartPolicy has already been first-order validated as per ValidatePodTemplateSpec().
 		if spec.Template.Spec.RestartPolicy.Always == nil {
@@ -555,6 +559,7 @@ func ValidateReplicationControllerSpec(spec *api.ReplicationControllerSpec) errs
 func ValidatePodTemplateSpec(spec *api.PodTemplateSpec) errs.ValidationErrorList {
 	allErrs := errs.ValidationErrorList{}
 	allErrs = append(allErrs, ValidateLabels(spec.Labels, "labels")...)
+	allErrs = append(allErrs, ValidateLabels(spec.Annotations, "annotations")...)
 	allErrs = append(allErrs, ValidatePodSpec(&spec.Spec).Prefix("spec")...)
 	allErrs = append(allErrs, ValidateReadOnlyPersistentDisks(spec.Spec.Volumes).Prefix("spec.volumes")...)
 	return allErrs
@@ -599,6 +604,7 @@ func ValidateMinion(minion *api.Node) errs.ValidationErrorList {
 		allErrs = append(allErrs, errs.NewFieldRequired("name", minion.Name))
 	}
 	allErrs = append(allErrs, ValidateLabels(minion.Labels, "labels")...)
+	allErrs = append(allErrs, ValidateLabels(minion.Annotations, "annotations")...)
 	return allErrs
 }
 

pkg/api/validation/validation_test.go

@@ -567,6 +567,24 @@ func TestValidatePod(t *testing.T) {
 				Containers: []api.Container{{}},
 			},
 		},
+		"bad label": {
+			ObjectMeta: api.ObjectMeta{
+				Name:      "abc",
+				Namespace: "ns",
+				Labels: map[string]string{
+					"NoUppercaseOrSpecialCharsLike=Equals": "bar",
+				},
+			},
+		},
+		"bad annotation": {
+			ObjectMeta: api.ObjectMeta{
+				Name:      "abc",
+				Namespace: "ns",
+				Annotations: map[string]string{
+					"NoUppercaseOrSpecialCharsLike=Equals": "bar",
+				},
+			},
+		},
 	}
 	for k, v := range errorCases {
 		if errs := ValidatePod(&v); len(errs) == 0 {
@@ -613,6 +631,26 @@ func TestValidatePodUpdate(t *testing.T) {
 			true,
 			"labels",
 		},
+		{
+			api.Pod{
+				ObjectMeta: api.ObjectMeta{
+					Name: "foo",
+					Annotations: map[string]string{
+						"foo": "bar",
+					},
+				},
+			},
+			api.Pod{
+				ObjectMeta: api.ObjectMeta{
+					Name: "foo",
+					Annotations: map[string]string{
+						"bar": "foo",
+					},
+				},
+			},
+			true,
+			"annotations",
+		},
 		{
 			api.Pod{
 				ObjectMeta: api.ObjectMeta{
@@ -1008,6 +1046,22 @@ func TestValidateService(t *testing.T) {
 			},
 			numErrs: 1,
 		},
+		{
+			name: "invalid annotation",
+			svc: api.Service{
+				ObjectMeta: api.ObjectMeta{
+					Name:      "abc123",
+					Namespace: api.NamespaceDefault,
+					Annotations: map[string]string{
+						"NoUppercaseOrSpecialCharsLike=Equals": "bar",
+					},
+				},
+				Spec: api.ServiceSpec{
+					Port: 8675,
+				},
+			},
+			numErrs: 1,
+		},
 		{
 			name: "invalid selector",
 			svc: api.Service{
@@ -1173,6 +1227,19 @@ func TestValidateReplicationController(t *testing.T) {
 				Template: &invalidPodTemplate.Spec,
 			},
 		},
+		"invalid_annotation": {
+			ObjectMeta: api.ObjectMeta{
+				Name:      "abc-123",
+				Namespace: api.NamespaceDefault,
+				Annotations: map[string]string{
+					"NoUppercaseOrSpecialCharsLike=Equals": "bar",
+				},
+			},
+			Spec: api.ReplicationControllerSpec{
+				Selector: validSelector,
+				Template: &validPodTemplate.Spec,
+			},
+		},
 		"invalid restart policy 1": {
 			ObjectMeta: api.ObjectMeta{
 				Name:      "abc-123",
@@ -1227,7 +1294,8 @@ func TestValidateReplicationController(t *testing.T) {
 				field != "GCEPersistentDisk.ReadOnly" &&
 				field != "spec.replicas" &&
 				field != "spec.template.labels" &&
-				field != "labels" {
+				field != "labels" &&
+				field != "annotations" {
 				t.Errorf("%s: missing prefix for: %v", k, errs[i])
 			}
 		}
@@ -1294,6 +1362,12 @@ func TestValidateMinion(t *testing.T) {
 				Labels: invalidSelector,
 			},
 		},
+		"invalid-annotations": {
+			ObjectMeta: api.ObjectMeta{
+				Name:        "abc-123",
+				Annotations: invalidSelector,
+			},
+		},
 	}
 	for k, v := range errorCases {
 		errs := ValidateMinion(&v)
@@ -1303,7 +1377,8 @@ func TestValidateMinion(t *testing.T) {
 		for i := range errs {
 			field := errs[i].(*errors.ValidationError).Field
 			if field != "name" &&
-				field != "labels" {
+				field != "labels" &&
+				field != "annotations" {
 				t.Errorf("%s: missing prefix for: %v", k, errs[i])
 			}
 		}