github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-10-08 23:13:42 +00:00
Code Issues Projects Releases Wiki Activity

Use dedicated Unix User and Group ID types

Browse Source
This commit is contained in:
Jamie Hannaford
2017-04-20 12:57:07 +02:00
parent ee39d359dd
commit 9440a68744
120 changed files with 4881 additions and 4396 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
pkg/apis/extensions/validation/validation.go
View File

@@ -750,7 +750,7 @@ func validatePSPRunAsUser(fldPath *field.Path, runAsUser *extensions.RunAsUserSt
// validate range settings
for idx, rng := range runAsUser.Ranges {
allErrs = append(allErrs, validateIDRanges(fldPath.Child("ranges").Index(idx), rng)...)
allErrs = append(allErrs, validateUserIDRange(fldPath.Child("ranges").Index(idx), rng)...)
}
return allErrs
@@ -769,7 +769,7 @@ func validatePSPFSGroup(fldPath *field.Path, groupOptions *extensions.FSGroupStr
}
for idx, rng := range groupOptions.Ranges {
allErrs = append(allErrs, validateIDRanges(fldPath.Child("ranges").Index(idx), rng)...)
allErrs = append(allErrs, validateGroupIDRange(fldPath.Child("ranges").Index(idx), rng)...)
}
return allErrs
}
@@ -787,7 +787,7 @@ func validatePSPSupplementalGroup(fldPath *field.Path, groupOptions *extensions.
}
for idx, rng := range groupOptions.Ranges {
allErrs = append(allErrs, validateIDRanges(fldPath.Child("ranges").Index(idx), rng)...)
allErrs = append(allErrs, validateGroupIDRange(fldPath.Child("ranges").Index(idx), rng)...)
}
return allErrs
}
@@ -837,20 +837,28 @@ func validatePodSecurityPolicySysctls(fldPath *field.Path, sysctls []string) fie
return allErrs
}
func validateUserIDRange(fldPath *field.Path, rng extensions.UserIDRange) field.ErrorList {
return validateIDRanges(fldPath, int64(rng.Min), int64(rng.Max))
}
func validateGroupIDRange(fldPath *field.Path, rng extensions.GroupIDRange) field.ErrorList {
return validateIDRanges(fldPath, int64(rng.Min), int64(rng.Max))
}
// validateIDRanges ensures the range is valid.
func validateIDRanges(fldPath *field.Path, rng extensions.IDRange) field.ErrorList {
func validateIDRanges(fldPath *field.Path, min, max int64) field.ErrorList {
allErrs := field.ErrorList{}
// if 0 <= Min <= Max then we do not need to validate max. It is always greater than or
// equal to 0 and Min.
if rng.Min < 0 {
allErrs = append(allErrs, field.Invalid(fldPath.Child("min"), rng.Min, "min cannot be negative"))
if min < 0 {
allErrs = append(allErrs, field.Invalid(fldPath.Child("min"), min, "min cannot be negative"))
}
if rng.Max < 0 {
allErrs = append(allErrs, field.Invalid(fldPath.Child("max"), rng.Max, "max cannot be negative"))
if max < 0 {
allErrs = append(allErrs, field.Invalid(fldPath.Child("max"), max, "max cannot be negative"))
}
if rng.Min > rng.Max {
allErrs = append(allErrs, field.Invalid(fldPath.Child("min"), rng.Min, "min cannot be greater than max"))
if min > max {
allErrs = append(allErrs, field.Invalid(fldPath.Child("min"), min, "min cannot be greater than max"))
}
return allErrs