diff --git a/pkg/api/validation/genericvalidation/BUILD b/pkg/api/validation/genericvalidation/BUILD index b360c35d00b..570a67fb441 100644 --- a/pkg/api/validation/genericvalidation/BUILD +++ b/pkg/api/validation/genericvalidation/BUILD @@ -16,8 +16,6 @@ go_library( ], tags = ["automanaged"], deps = [ - "//pkg/api:go_default_library", - "//pkg/api/v1:go_default_library", "//vendor:k8s.io/apimachinery/pkg/api/equality", "//vendor:k8s.io/apimachinery/pkg/api/validation", "//vendor:k8s.io/apimachinery/pkg/apis/meta/v1", diff --git a/pkg/api/validation/genericvalidation/objectmeta.go b/pkg/api/validation/genericvalidation/objectmeta.go index 48cb0c90c80..95a0c2247d5 100644 --- a/pkg/api/validation/genericvalidation/objectmeta.go +++ b/pkg/api/validation/genericvalidation/objectmeta.go @@ -28,8 +28,6 @@ import ( "k8s.io/apimachinery/pkg/util/sets" "k8s.io/apimachinery/pkg/util/validation" "k8s.io/apimachinery/pkg/util/validation/field" - "k8s.io/kubernetes/pkg/api" - "k8s.io/kubernetes/pkg/api/v1" ) // TODO: delete this global variable when we enable the validation of common @@ -42,7 +40,7 @@ const totalAnnotationSizeLimitB int = 256 * (1 << 10) // 256 kB // BannedOwners is a black list of object that are not allowed to be owners. var BannedOwners = map[schema.GroupVersionKind]struct{}{ - v1.SchemeGroupVersion.WithKind("Event"): {}, + schema.GroupVersionKind{Group: "", Version: "v1", Kind: "Event"}: {}, } // ValidateClusterName can be used to check whether the given cluster name is valid. @@ -109,17 +107,8 @@ func ValidateFinalizerName(stringValue string, fldPath *field.Path) field.ErrorL for _, msg := range validation.IsQualifiedName(stringValue) { allErrs = append(allErrs, field.Invalid(fldPath, stringValue, msg)) } - if len(allErrs) != 0 { - return allErrs - } - if len(strings.Split(stringValue, "/")) == 1 { - if !api.IsStandardFinalizerName(stringValue) { - return append(allErrs, field.Invalid(fldPath, stringValue, "name is neither a standard finalizer name nor is it fully qualified")) - } - } - - return field.ErrorList{} + return allErrs } func ValidateNoNewFinalizers(newFinalizers []string, oldFinalizers []string, fldPath *field.Path) field.ErrorList { diff --git a/pkg/api/validation/validation.go b/pkg/api/validation/validation.go index 2c9b31a00f6..3dc0c14731f 100644 --- a/pkg/api/validation/validation.go +++ b/pkg/api/validation/validation.go @@ -293,12 +293,24 @@ func ValidateImmutableAnnotation(newVal string, oldVal string, annotation string // It doesn't return an error for rootscoped resources with namespace, because namespace should already be cleared before. // TODO: Remove calls to this method scattered in validations of specific resources, e.g., ValidatePodUpdate. func ValidateObjectMeta(meta *metav1.ObjectMeta, requiresNamespace bool, nameFn ValidateNameFunc, fldPath *field.Path) field.ErrorList { - return genericvalidation.ValidateObjectMeta(meta, requiresNamespace, apimachineryvalidation.ValidateNameFunc(nameFn), fldPath) + allErrs := genericvalidation.ValidateObjectMeta(meta, requiresNamespace, apimachineryvalidation.ValidateNameFunc(nameFn), fldPath) + // run additional checks for the finalizer name + for i := range meta.Finalizers { + allErrs = append(allErrs, validateKubeFinalizerName(string(meta.Finalizers[i]), fldPath.Child("finalizers").Index(i))...) + } + + return allErrs } // ValidateObjectMetaUpdate validates an object's metadata when updated func ValidateObjectMetaUpdate(newMeta, oldMeta *metav1.ObjectMeta, fldPath *field.Path) field.ErrorList { - return genericvalidation.ValidateObjectMetaUpdate(newMeta, oldMeta, fldPath) + allErrs := genericvalidation.ValidateObjectMetaUpdate(newMeta, oldMeta, fldPath) + // run additional checks for the finalizer name + for i := range newMeta.Finalizers { + allErrs = append(allErrs, validateKubeFinalizerName(string(newMeta.Finalizers[i]), fldPath.Child("finalizers").Index(i))...) + } + + return allErrs } func ValidateNoNewFinalizers(newFinalizers []string, oldFinalizers []string, fldPath *field.Path) field.ErrorList { @@ -3367,7 +3379,24 @@ func ValidateNamespace(namespace *api.Namespace) field.ErrorList { // Validate finalizer names func validateFinalizerName(stringValue string, fldPath *field.Path) field.ErrorList { - return genericvalidation.ValidateFinalizerName(stringValue, fldPath) + allErrs := genericvalidation.ValidateFinalizerName(stringValue, fldPath) + for _, err := range validateKubeFinalizerName(stringValue, fldPath) { + allErrs = append(allErrs, err) + } + + return allErrs +} + +// validateKubeFinalizerName checks for "standard" names of legacy finalizer +func validateKubeFinalizerName(stringValue string, fldPath *field.Path) field.ErrorList { + allErrs := field.ErrorList{} + if len(strings.Split(stringValue, "/")) == 1 { + if !api.IsStandardFinalizerName(stringValue) { + return append(allErrs, field.Invalid(fldPath, stringValue, "name is neither a standard finalizer name nor is it fully qualified")) + } + } + + return allErrs } // ValidateNamespaceUpdate tests to make sure a namespace update can be applied.