From 3a320c1d10078b1d2dfa91bcc8d053d19e68eebf Mon Sep 17 00:00:00 2001 From: Gavin Date: Thu, 7 Sep 2017 15:06:29 +0800 Subject: [PATCH] validate federation cluster spec CIDR --- federation/apis/federation/validation/BUILD | 1 + .../apis/federation/validation/validation.go | 12 ++ .../federation/validation/validation_test.go | 113 ++++++++++++++++++ 3 files changed, 126 insertions(+) diff --git a/federation/apis/federation/validation/BUILD b/federation/apis/federation/validation/BUILD index 58ba2b9ff0f..f99d8b682f4 100644 --- a/federation/apis/federation/validation/BUILD +++ b/federation/apis/federation/validation/BUILD @@ -24,6 +24,7 @@ go_test( "//federation/apis/federation:go_default_library", "//pkg/api:go_default_library", "//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library", + "//vendor/k8s.io/apimachinery/pkg/util/validation/field:go_default_library", ], ) diff --git a/federation/apis/federation/validation/validation.go b/federation/apis/federation/validation/validation.go index a9ff0ebadb9..8db2ff48580 100644 --- a/federation/apis/federation/validation/validation.go +++ b/federation/apis/federation/validation/validation.go @@ -17,6 +17,9 @@ limitations under the License. package validation import ( + "fmt" + "net" + "k8s.io/apimachinery/pkg/util/validation/field" "k8s.io/kubernetes/federation/apis/federation" "k8s.io/kubernetes/pkg/api/validation" @@ -27,6 +30,15 @@ func ValidateClusterSpec(spec *federation.ClusterSpec, fieldPath *field.Path) fi // address is required. if len(spec.ServerAddressByClientCIDRs) == 0 { allErrs = append(allErrs, field.Required(fieldPath.Child("serverAddressByClientCIDRs"), "")) + } else { + for i, address := range spec.ServerAddressByClientCIDRs { + idxPath := fieldPath.Child("serverAddressByClientCIDRs").Index(i) + if len(address.ClientCIDR) > 0 { + if _, _, err := net.ParseCIDR(address.ClientCIDR); err != nil { + allErrs = append(allErrs, field.Invalid(idxPath.Child("clientCIDR"), address.ClientCIDR, fmt.Sprintf("must be a valid CIDR: %v", err))) + } + } + } } return allErrs } diff --git a/federation/apis/federation/validation/validation_test.go b/federation/apis/federation/validation/validation_test.go index cf1d57b4b45..10054bf2945 100644 --- a/federation/apis/federation/validation/validation_test.go +++ b/federation/apis/federation/validation/validation_test.go @@ -20,10 +20,123 @@ import ( "testing" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/util/validation/field" "k8s.io/kubernetes/federation/apis/federation" "k8s.io/kubernetes/pkg/api" ) +func TestValidateClusterSpec(t *testing.T) { + type validateClusterSpecTest struct { + testName string + spec *federation.ClusterSpec + path *field.Path + } + + successCases := []validateClusterSpecTest{ + { + testName: "normal CIDR", + spec: &federation.ClusterSpec{ + ServerAddressByClientCIDRs: []federation.ServerAddressByClientCIDR{ + { + ClientCIDR: "0.0.0.0/0", + ServerAddress: "localhost:8888", + }, + }, + }, + path: field.NewPath("spec"), + }, + { + testName: "missing CIDR", + spec: &federation.ClusterSpec{ + ServerAddressByClientCIDRs: []federation.ServerAddressByClientCIDR{ + { + ClientCIDR: "", + ServerAddress: "localhost:8888", + }, + }, + }, + path: field.NewPath("spec"), + }, + { + testName: "no host in CIDR", + spec: &federation.ClusterSpec{ + ServerAddressByClientCIDRs: []federation.ServerAddressByClientCIDR{ + { + ClientCIDR: "0.0.0.0/32", + ServerAddress: "localhost:8888", + }, + }, + }, + path: field.NewPath("spec"), + }, + } + for _, successCase := range successCases { + errs := ValidateClusterSpec(successCase.spec, successCase.path) + if len(errs) != 0 { + t.Errorf("expect success for testname: %q but got: %v", successCase.testName, errs) + } + } + + errorCases := []validateClusterSpecTest{ + { + testName: "invalid CIDR : network missing", + spec: &federation.ClusterSpec{ + ServerAddressByClientCIDRs: []federation.ServerAddressByClientCIDR{ + { + ClientCIDR: "0.0.0.0", + ServerAddress: "localhost:8888", + }, + }, + }, + path: field.NewPath("spec"), + }, + { + testName: "invalid CIDR : invalid address value", + spec: &federation.ClusterSpec{ + ServerAddressByClientCIDRs: []federation.ServerAddressByClientCIDR{ + { + ClientCIDR: "256.0.0.0/16", + ServerAddress: "localhost:8888", + }, + }, + }, + path: field.NewPath("spec"), + }, + { + testName: "invalid CIDR : invalid address formation", + spec: &federation.ClusterSpec{ + ServerAddressByClientCIDRs: []federation.ServerAddressByClientCIDR{ + { + ClientCIDR: "0.0.0/16", + ServerAddress: "localhost:8888", + }, + }, + }, + path: field.NewPath("spec"), + }, + { + testName: "invalid CIDR : invalid network num", + spec: &federation.ClusterSpec{ + ServerAddressByClientCIDRs: []federation.ServerAddressByClientCIDR{ + { + ClientCIDR: "0.0.0.0/33", + ServerAddress: "localhost:8888", + }, + }, + }, + path: field.NewPath("spec"), + }, + } + + for _, errorCase := range errorCases { + errs := ValidateClusterSpec(errorCase.spec, errorCase.path) + if len(errs) == 0 { + t.Errorf("expect failure for testname : %q", errorCase.testName) + } + } + +} + func TestValidateCluster(t *testing.T) { successCases := []federation.Cluster{ {