github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-04 09:49:50 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #9897 from derekwaynecarr/limit_range_validation

Browse Source 
Add LimitRange range validation
This commit is contained in:
Saad Ali 2015-06-17 17:20:18 -07:00
commit 9da215e085
2 changed files with 120 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
pkg/api/validation/validation.go
View File

@ -1315,15 +1315,64 @@ func ValidateLimitRange(limitRange *api.LimitRange) errs.ValidationErrorList {
allErrs = append(allErrs, ValidateObjectMeta(&limitRange.ObjectMeta, true, ValidateLimitRangeName).Prefix("metadata")...) allErrs = append(allErrs, ValidateObjectMeta(&limitRange.ObjectMeta, true, ValidateLimitRangeName).Prefix("metadata")...)
// ensure resource names are properly qualified per docs/resources.md // ensure resource names are properly qualified per docs/resources.md
limitTypeSet := map[api.LimitType]bool{}
for i := range limitRange.Spec.Limits { for i := range limitRange.Spec.Limits {
limit := limitRange.Spec.Limits[i] limit := limitRange.Spec.Limits[i]
_, found := limitTypeSet[limit.Type]
if found {
allErrs = append(allErrs, errs.NewFieldDuplicate(fmt.Sprintf("spec.limits[%d].type", i), limit.Type))
}
limitTypeSet[limit.Type] = true
keys := util.StringSet{}
min := map[string]int64{}
max := map[string]int64{}
defaults := map[string]int64{}
for k := range limit.Max { for k := range limit.Max {
allErrs = append(allErrs, validateResourceName(string(k), fmt.Sprintf("spec.limits[%d].max[%s]", i, k))...) allErrs = append(allErrs, validateResourceName(string(k), fmt.Sprintf("spec.limits[%d].max[%s]", i, k))...)
keys.Insert(string(k))
q := limit.Max[k]
max[string(k)] = q.Value()
} }
for k := range limit.Min { for k := range limit.Min {
allErrs = append(allErrs, validateResourceName(string(k), fmt.Sprintf("spec.limits[%d].min[%s]", i, k))...) allErrs = append(allErrs, validateResourceName(string(k), fmt.Sprintf("spec.limits[%d].min[%s]", i, k))...)
keys.Insert(string(k))
q := limit.Min[k]
min[string(k)] = q.Value()
}
for k := range limit.Default {
allErrs = append(allErrs, validateResourceName(string(k), fmt.Sprintf("spec.limits[%d].default[%s]", i, k))...)
keys.Insert(string(k))
q := limit.Default[k]
defaults[string(k)] = q.Value()
}
for k := range keys {
minValue, minValueFound := min[k]
maxValue, maxValueFound := max[k]
defaultValue, defaultValueFound := defaults[k]
if minValueFound && maxValueFound && minValue > maxValue {
minQuantity := limit.Min[api.ResourceName(k)]
maxQuantity := limit.Max[api.ResourceName(k)]
allErrs = append(allErrs, errs.NewFieldInvalid(fmt.Sprintf("spec.limits[%d].max[%s]", i, k), minValue, fmt.Sprintf("min value %s is greater than max value %s", minQuantity.String(), maxQuantity.String())))
}
if defaultValueFound && minValueFound && minValue > defaultValue {
minQuantity := limit.Min[api.ResourceName(k)]
defaultQuantity := limit.Default[api.ResourceName(k)]
allErrs = append(allErrs, errs.NewFieldInvalid(fmt.Sprintf("spec.limits[%d].max[%s]", i, k), minValue, fmt.Sprintf("min value %s is greater than default value %s", minQuantity.String(), defaultQuantity.String())))
}
if defaultValueFound && maxValueFound && defaultValue > maxValue {
maxQuantity := limit.Max[api.ResourceName(k)]
defaultQuantity := limit.Default[api.ResourceName(k)]
allErrs = append(allErrs, errs.NewFieldInvalid(fmt.Sprintf("spec.limits[%d].max[%s]", i, k), minValue, fmt.Sprintf("default value %s is greater than max value %s", defaultQuantity.String(), maxQuantity.String())))
}
} }
} }
return allErrs return allErrs
} }

76
pkg/api/validation/validation_test.go
View File

@ -2670,6 +2670,64 @@ func TestValidateLimitRange(t *testing.T) {
api.ResourceCPU: resource.MustParse("0"), api.ResourceCPU: resource.MustParse("0"),
api.ResourceMemory: resource.MustParse("100"), api.ResourceMemory: resource.MustParse("100"),
}, },
Default: api.ResourceList{
api.ResourceCPU: resource.MustParse("50"),
api.ResourceMemory: resource.MustParse("500"),
},
},
},
}
invalidSpecDuplicateType := api.LimitRangeSpec{
Limits: []api.LimitRangeItem{
{
Type: api.LimitTypePod,
Max: api.ResourceList{
api.ResourceCPU: resource.MustParse("100"),
api.ResourceMemory: resource.MustParse("10000"),
},
Min: api.ResourceList{
api.ResourceCPU: resource.MustParse("0"),
api.ResourceMemory: resource.MustParse("100"),
},
},
{
Type: api.LimitTypePod,
Min: api.ResourceList{
api.ResourceCPU: resource.MustParse("0"),
api.ResourceMemory: resource.MustParse("100"),
},
},
},
}
invalidSpecRangeMaxLessThanMin := api.LimitRangeSpec{
Limits: []api.LimitRangeItem{
{
Type: api.LimitTypePod,
Max: api.ResourceList{
api.ResourceCPU: resource.MustParse("10"),
},
Min: api.ResourceList{
api.ResourceCPU: resource.MustParse("1000"),
},
},
},
}
invalidSpecRangeDefaultOutsideRange := api.LimitRangeSpec{
Limits: []api.LimitRangeItem{
{
Type: api.LimitTypePod,
Max: api.ResourceList{
api.ResourceCPU: resource.MustParse("1000"),
},
Min: api.ResourceList{
api.ResourceCPU: resource.MustParse("100"),
},
Default: api.ResourceList{
api.ResourceCPU: resource.MustParse("2000"),
},
}, },
}, },
} }
@ -2710,6 +2768,18 @@ func TestValidateLimitRange(t *testing.T) {
api.LimitRange{ObjectMeta: api.ObjectMeta{Name: "abc", Namespace: "^Invalid"}, Spec: spec}, api.LimitRange{ObjectMeta: api.ObjectMeta{Name: "abc", Namespace: "^Invalid"}, Spec: spec},
dns1123LabelErrorMsg, dns1123LabelErrorMsg,
}, },
"duplicate limit type": {
api.LimitRange{ObjectMeta: api.ObjectMeta{Name: "abc", Namespace: "foo"}, Spec: invalidSpecDuplicateType},
"",
},
"min value 1k is greater than max value 10": {
api.LimitRange{ObjectMeta: api.ObjectMeta{Name: "abc", Namespace: "foo"}, Spec: invalidSpecRangeMaxLessThanMin},
"min value 1k is greater than max value 10",
},
"invalid spec default outside range": {
api.LimitRange{ObjectMeta: api.ObjectMeta{Name: "abc", Namespace: "foo"}, Spec: invalidSpecRangeDefaultOutsideRange},
"default value 2k is greater than max value 1k",
},
} }
for k, v := range errorCases { for k, v := range errorCases {
errs := ValidateLimitRange(&v.R) errs := ValidateLimitRange(&v.R)
@ -2717,11 +2787,7 @@ func TestValidateLimitRange(t *testing.T) {
t.Errorf("expected failure for %s", k) t.Errorf("expected failure for %s", k)
} }
for i := range errs { for i := range errs {
field := errs[i].(*errors.ValidationError).Field
detail := errs[i].(*errors.ValidationError).Detail detail := errs[i].(*errors.ValidationError).Detail
if field != "metadata.name" && field != "metadata.namespace" {
t.Errorf("%s: missing prefix for: %v", k, errs[i])
}
if detail != v.D { if detail != v.D {
t.Errorf("%s: expected error detail either empty or %s, got %s", k, v.D, detail) t.Errorf("%s: expected error detail either empty or %s, got %s", k, v.D, detail)
} }
@ -2787,7 +2853,7 @@ func TestValidateResourceQuota(t *testing.T) {
field := errs[i].(*errors.ValidationError).Field field := errs[i].(*errors.ValidationError).Field
detail := errs[i].(*errors.ValidationError).Detail detail := errs[i].(*errors.ValidationError).Detail
if field != "metadata.name" && field != "metadata.namespace" { if field != "metadata.name" && field != "metadata.namespace" {
t.Errorf("%s: missing prefix for: %v", k, errs[i]) t.Errorf("%s: missing prefix for: %v", k, field)
} }
if detail != v.D { if detail != v.D {
t.Errorf("%s: expected error detail either empty or %s, got %s", k, v.D, detail) t.Errorf("%s: expected error detail either empty or %s, got %s", k, v.D, detail)