Tighten up validation of VolumeAttachment fields

2026-01-04 15:05:20 +00:00 · 2018-11-14 16:46:59 +01:00
parent 498cd61f41
commit 8cfce0af99
6 changed files with 213 additions and 23 deletions
--- a/pkg/apis/storage/validation/validation.go
+++ b/pkg/apis/storage/validation/validation.go
@@ -133,7 +133,7 @@ func validateAllowVolumeExpansion(allowExpand *bool, fldPath *field.Path) field.
 	return allErrs
 }

-// ValidateVolumeAttachment validates a VolumeAttachment.
+// ValidateVolumeAttachment validates a VolumeAttachment. This function is common for v1 and v1beta1 objects,
 func ValidateVolumeAttachment(volumeAttachment *storage.VolumeAttachment) field.ErrorList {
 	allErrs := apivalidation.ValidateObjectMeta(&volumeAttachment.ObjectMeta, false, apivalidation.ValidateClassName, field.NewPath("metadata"))
 	allErrs = append(allErrs, validateVolumeAttachmentSpec(&volumeAttachment.Spec, field.NewPath("spec"))...)
@@ -141,6 +141,20 @@ func ValidateVolumeAttachment(volumeAttachment *storage.VolumeAttachment) field.
 	return allErrs
 }

+// ValidateVolumeAttachmentV1 validates a v1/VolumeAttachment. It contains only extra checks missing in
+// ValidateVolumeAttachment.
+func ValidateVolumeAttachmentV1(volumeAttachment *storage.VolumeAttachment) field.ErrorList {
+	allErrs := apivalidation.ValidateCSIDriverName(volumeAttachment.Spec.Attacher, field.NewPath("spec.attacher"))
+
+	if volumeAttachment.Spec.Source.PersistentVolumeName != nil {
+		pvName := *volumeAttachment.Spec.Source.PersistentVolumeName
+		for _, msg := range apivalidation.ValidatePersistentVolumeName(pvName, false) {
+			allErrs = append(allErrs, field.Invalid(field.NewPath("spec.source.persistentVolumeName"), pvName, msg))
+		}
+	}
+	return allErrs
+}
+
 // ValidateVolumeAttachmentSpec tests that the specified VolumeAttachmentSpec
 // has valid data.
 func validateVolumeAttachmentSpec(
--- a/pkg/apis/storage/validation/validation_test.go
+++ b/pkg/apis/storage/validation/validation_test.go
@@ -224,14 +224,9 @@ func TestVolumeAttachmentValidation(t *testing.T) {
 			Spec: storage.VolumeAttachmentSpec{
 				Attacher: "",
 				NodeName: "mynode",
-			},
-		},
-		{
-			// Invalid attacher name
-			ObjectMeta: metav1.ObjectMeta{Name: "foo"},
-			Spec: storage.VolumeAttachmentSpec{
-				Attacher: "invalid!@#$%^&*()",
-				NodeName: "mynode",
+				Source: storage.VolumeAttachmentSource{
+					PersistentVolumeName: &volumeName,
+				},
 			},
 		},
 		{
@@ -240,6 +235,9 @@ func TestVolumeAttachmentValidation(t *testing.T) {
 			Spec: storage.VolumeAttachmentSpec{
 				Attacher: "myattacher",
 				NodeName: "",
+				Source: storage.VolumeAttachmentSource{
+					PersistentVolumeName: &volumeName,
+				},
 			},
 		},
 		{
@@ -378,7 +376,7 @@ func TestVolumeAttachmentUpdateValidation(t *testing.T) {

 	for _, volumeAttachment := range successCases {
 		if errs := ValidateVolumeAttachmentUpdate(&volumeAttachment, &old); len(errs) != 0 {
-			t.Errorf("expected success: %v", errs)
+			t.Errorf("expected success: %+v", errs)
 		}
 	}

@@ -445,7 +443,61 @@ func TestVolumeAttachmentUpdateValidation(t *testing.T) {

 	for _, volumeAttachment := range errorCases {
 		if errs := ValidateVolumeAttachmentUpdate(&volumeAttachment, &old); len(errs) == 0 {
-			t.Errorf("Expected failure for test: %v", volumeAttachment)
+			t.Errorf("Expected failure for test: %+v", volumeAttachment)
+		}
+	}
+}
+
+func TestVolumeAttachmentValidationV1(t *testing.T) {
+	volumeName := "pv-name"
+	invalidVolumeName := "-invalid-@#$%^&*()-"
+	successCases := []storage.VolumeAttachment{
+		{
+			ObjectMeta: metav1.ObjectMeta{Name: "foo"},
+			Spec: storage.VolumeAttachmentSpec{
+				Attacher: "myattacher",
+				Source: storage.VolumeAttachmentSource{
+					PersistentVolumeName: &volumeName,
+				},
+				NodeName: "mynode",
+			},
+		},
+	}
+
+	for _, volumeAttachment := range successCases {
+		if errs := ValidateVolumeAttachmentV1(&volumeAttachment); len(errs) != 0 {
+			t.Errorf("expected success: %+v", errs)
+		}
+	}
+
+	errorCases := []storage.VolumeAttachment{
+		{
+			// Invalid attacher name
+			ObjectMeta: metav1.ObjectMeta{Name: "foo"},
+			Spec: storage.VolumeAttachmentSpec{
+				Attacher: "invalid-@#$%^&*()",
+				NodeName: "mynode",
+				Source: storage.VolumeAttachmentSource{
+					PersistentVolumeName: &volumeName,
+				},
+			},
+		},
+		{
+			// Invalid PV name
+			ObjectMeta: metav1.ObjectMeta{Name: "foo"},
+			Spec: storage.VolumeAttachmentSpec{
+				Attacher: "myattacher",
+				NodeName: "mynode",
+				Source: storage.VolumeAttachmentSource{
+					PersistentVolumeName: &invalidVolumeName,
+				},
+			},
+		},
+	}
+
+	for _, volumeAttachment := range errorCases {
+		if errs := ValidateVolumeAttachmentV1(&volumeAttachment); len(errs) == 0 {
+			t.Errorf("Expected failure for test: %+v", volumeAttachment)
 		}
 	}
 }