mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-30 06:54:01 +00:00
Merge pull request #98726 from cpanato/followup-endport
networking/validation: add endport range validation
This commit is contained in:
commit
91e4b9dd7d
@ -68,8 +68,13 @@ func ValidateNetworkPolicyPort(port *networking.NetworkPolicyPort, portPath *fie
|
||||
for _, msg := range validation.IsValidPortNum(int(port.Port.IntVal)) {
|
||||
allErrs = append(allErrs, field.Invalid(portPath.Child("port"), port.Port.IntVal, msg))
|
||||
}
|
||||
if port.EndPort != nil && *port.EndPort < port.Port.IntVal {
|
||||
allErrs = append(allErrs, field.Invalid(portPath.Child("endPort"), port.Port.IntVal, "must be greater than or equal to `port`"))
|
||||
if port.EndPort != nil {
|
||||
if *port.EndPort < port.Port.IntVal {
|
||||
allErrs = append(allErrs, field.Invalid(portPath.Child("endPort"), port.Port.IntVal, "must be greater than or equal to `port`"))
|
||||
}
|
||||
for _, msg := range validation.IsValidPortNum(int(*port.EndPort)) {
|
||||
allErrs = append(allErrs, field.Invalid(portPath.Child("endPort"), *port.EndPort, msg))
|
||||
}
|
||||
}
|
||||
} else {
|
||||
if port.EndPort != nil {
|
||||
|
@ -1018,6 +1018,32 @@ func TestValidateNetworkPolicy(t *testing.T) {
|
||||
},
|
||||
},
|
||||
},
|
||||
"invalid endport range defined": {
|
||||
ObjectMeta: metav1.ObjectMeta{Name: "foo", Namespace: "bar"},
|
||||
Spec: networking.NetworkPolicySpec{
|
||||
PodSelector: metav1.LabelSelector{
|
||||
MatchLabels: map[string]string{"a": "b"},
|
||||
},
|
||||
Egress: []networking.NetworkPolicyEgressRule{
|
||||
{
|
||||
To: []networking.NetworkPolicyPeer{
|
||||
{
|
||||
NamespaceSelector: &metav1.LabelSelector{
|
||||
MatchLabels: map[string]string{"c": "d"},
|
||||
},
|
||||
},
|
||||
},
|
||||
Ports: []networking.NetworkPolicyPort{
|
||||
{
|
||||
Protocol: nil,
|
||||
Port: &intstr.IntOrString{Type: intstr.Int, IntVal: 30000},
|
||||
EndPort: utilpointer.Int32Ptr(65537),
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
// Error cases are not expected to pass validation.
|
||||
|
Loading…
Reference in New Issue
Block a user