mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-08-11 21:12:07 +00:00
Do service.spec.LoadBalancerSourceRanges validation inline
Inline the LoadBalancerSourceRanges parsing to make it more obvious what it's requiring (and more importantly, *not* requiring), and change it to use IsValidCIDR as well.
This commit is contained in:
Dan Winship
parent
d930215794
commit
593b1c6c63
@ -5450,24 +5450,32 @@ func ValidateService(service *core.Service) field.ErrorList {
|
|||||||
ports[key] = true
|
ports[key] = true
|
||||||
}
|
}
|
||||||
|
|
||||||
// Validate SourceRange field and annotation
|
// Validate SourceRanges field or annotation.
|
||||||
_, ok := service.Annotations[core.AnnotationLoadBalancerSourceRangesKey]
|
if len(service.Spec.LoadBalancerSourceRanges) > 0 {
|
||||||
if len(service.Spec.LoadBalancerSourceRanges) > 0 || ok {
|
fieldPath := specPath.Child("LoadBalancerSourceRanges")
|
||||||
var fieldPath *field.Path
|
|
||||||
var val string
|
|
||||||
if len(service.Spec.LoadBalancerSourceRanges) > 0 {
|
|
||||||
fieldPath = specPath.Child("LoadBalancerSourceRanges")
|
|
||||||
val = fmt.Sprintf("%v", service.Spec.LoadBalancerSourceRanges)
|
|
||||||
} else {
|
|
||||||
fieldPath = field.NewPath("metadata", "annotations").Key(core.AnnotationLoadBalancerSourceRangesKey)
|
|
||||||
val = service.Annotations[core.AnnotationLoadBalancerSourceRangesKey]
|
|
||||||
}
|
|
||||||
if service.Spec.Type != core.ServiceTypeLoadBalancer {
|
if service.Spec.Type != core.ServiceTypeLoadBalancer {
|
||||||
allErrs = append(allErrs, field.Forbidden(fieldPath, "may only be used when `type` is 'LoadBalancer'"))
|
allErrs = append(allErrs, field.Forbidden(fieldPath, "may only be used when `type` is 'LoadBalancer'"))
|
||||||
}
|
}
|
||||||
_, err := apiservice.GetLoadBalancerSourceRanges(service)
|
for idx, value := range service.Spec.LoadBalancerSourceRanges {
|
||||||
if err != nil {
|
// Note: due to a historical accident around transition from the
|
||||||
allErrs = append(allErrs, field.Invalid(fieldPath, val, "must be a list of IP ranges. For example, 10.240.0.0/24,10.250.0.0/24 "))
|
// annotation value, these values are allowed to be space-padded.
|
||||||
|
value = strings.TrimSpace(value)
|
||||||
|
allErrs = append(allErrs, validation.IsValidCIDR(fieldPath.Index(idx), value)...)
|
||||||
|
}
|
||||||
|
} else if val, annotationSet := service.Annotations[core.AnnotationLoadBalancerSourceRangesKey]; annotationSet {
|
||||||
|
fieldPath := field.NewPath("metadata", "annotations").Key(core.AnnotationLoadBalancerSourceRangesKey)
|
||||||
|
if service.Spec.Type != core.ServiceTypeLoadBalancer {
|
||||||
|
allErrs = append(allErrs, field.Forbidden(fieldPath, "may only be used when `type` is 'LoadBalancer'"))
|
||||||
|
}
|
||||||
|
|
||||||
|
val = strings.TrimSpace(val)
|
||||||
|
if val != "" {
|
||||||
|
cidrs := strings.Split(val, ",")
|
||||||
|
for _, value := range cidrs {
|
||||||
|
value = strings.TrimSpace(value)
|
||||||
|
allErrs = append(allErrs, validation.IsValidCIDR(fieldPath, value)...)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user