github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-07 11:13:48 +00:00
Code Issues Projects Releases Wiki Activity

pod spec must validate envFrom

Browse Source
This commit is contained in:
Derek Carr 2017-06-03 11:43:46 -04:00
parent 0cff839317
commit a1d52a7430
2 changed files with 88 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
pkg/api/validation/validation.go
View File

@ -1483,6 +1483,7 @@ func validateContainerPorts(ports []api.ContainerPort, fldPath *field.Path) fiel
return allErrs return allErrs
} }
// ValidateEnv validates env vars
func ValidateEnv(vars []api.EnvVar, fldPath *field.Path) field.ErrorList { func ValidateEnv(vars []api.EnvVar, fldPath *field.Path) field.ErrorList {
allErrs := field.ErrorList{} allErrs := field.ErrorList{}
@ -1653,8 +1654,9 @@ func validateContainerResourceDivisor(rName string, divisor resource.Quantity, f
func validateConfigMapKeySelector(s *api.ConfigMapKeySelector, fldPath *field.Path) field.ErrorList { func validateConfigMapKeySelector(s *api.ConfigMapKeySelector, fldPath *field.Path) field.ErrorList {
allErrs := field.ErrorList{} allErrs := field.ErrorList{}
if len(s.Name) == 0 { nameFn := ValidateNameFunc(ValidateSecretName)
allErrs = append(allErrs, field.Required(fldPath.Child("name"), "")) for _, msg := range nameFn(s.Name, false) {
allErrs = append(allErrs, field.Invalid(fldPath.Child("name"), s.Name, msg))
} }
if len(s.Key) == 0 { if len(s.Key) == 0 {
allErrs = append(allErrs, field.Required(fldPath.Child("key"), "")) allErrs = append(allErrs, field.Required(fldPath.Child("key"), ""))
@ -1670,8 +1672,9 @@ func validateConfigMapKeySelector(s *api.ConfigMapKeySelector, fldPath *field.Pa
func validateSecretKeySelector(s *api.SecretKeySelector, fldPath *field.Path) field.ErrorList { func validateSecretKeySelector(s *api.SecretKeySelector, fldPath *field.Path) field.ErrorList {
allErrs := field.ErrorList{} allErrs := field.ErrorList{}
if len(s.Name) == 0 { nameFn := ValidateNameFunc(ValidateSecretName)
allErrs = append(allErrs, field.Required(fldPath.Child("name"), "")) for _, msg := range nameFn(s.Name, false) {
allErrs = append(allErrs, field.Invalid(fldPath.Child("name"), s.Name, msg))
} }
if len(s.Key) == 0 { if len(s.Key) == 0 {
allErrs = append(allErrs, field.Required(fldPath.Child("key"), "")) allErrs = append(allErrs, field.Required(fldPath.Child("key"), ""))
@ -1940,6 +1943,7 @@ func validateContainers(containers []api.Container, volumes sets.String, fldPath
allErrs = append(allErrs, validateProbe(ctr.ReadinessProbe, idxPath.Child("readinessProbe"))...) allErrs = append(allErrs, validateProbe(ctr.ReadinessProbe, idxPath.Child("readinessProbe"))...)
allErrs = append(allErrs, validateContainerPorts(ctr.Ports, idxPath.Child("ports"))...) allErrs = append(allErrs, validateContainerPorts(ctr.Ports, idxPath.Child("ports"))...)
allErrs = append(allErrs, ValidateEnv(ctr.Env, idxPath.Child("env"))...) allErrs = append(allErrs, ValidateEnv(ctr.Env, idxPath.Child("env"))...)
allErrs = append(allErrs, ValidateEnvFrom(ctr.EnvFrom, idxPath.Child("envFrom"))...)
allErrs = append(allErrs, ValidateVolumeMounts(ctr.VolumeMounts, volumes, idxPath.Child("volumeMounts"))...) allErrs = append(allErrs, ValidateVolumeMounts(ctr.VolumeMounts, volumes, idxPath.Child("volumeMounts"))...)
allErrs = append(allErrs, validatePullPolicy(ctr.ImagePullPolicy, idxPath.Child("imagePullPolicy"))...) allErrs = append(allErrs, validatePullPolicy(ctr.ImagePullPolicy, idxPath.Child("imagePullPolicy"))...)
allErrs = append(allErrs, ValidateResourceRequirements(&ctr.Resources, idxPath.Child("resources"))...) allErrs = append(allErrs, ValidateResourceRequirements(&ctr.Resources, idxPath.Child("resources"))...)

80
pkg/api/validation/validation_test.go
View File

@ -2706,6 +2706,34 @@ func TestValidateEnv(t *testing.T) {
}}, }},
expectedError: `[0].valueFrom: Invalid value: "": may not have more than one field specified at a time`, expectedError: `[0].valueFrom: Invalid value: "": may not have more than one field specified at a time`,
}, },
{
name: "valueFrom.secretKeyRef.name invalid",
envs: []api.EnvVar{{
Name: "abc",
ValueFrom: &api.EnvVarSource{
SecretKeyRef: &api.SecretKeySelector{
LocalObjectReference: api.LocalObjectReference{
Name: "$%^&*#",
},
Key: "a-key",
},
},
}},
},
{
name: "valueFrom.configMapKeyRef.name invalid",
envs: []api.EnvVar{{
Name: "abc",
ValueFrom: &api.EnvVarSource{
ConfigMapKeyRef: &api.ConfigMapKeySelector{
LocalObjectReference: api.LocalObjectReference{
Name: "$%^&*#",
},
Key: "some-key",
},
},
}},
},
{ {
name: "missing FieldPath on ObjectFieldSelector", name: "missing FieldPath on ObjectFieldSelector",
envs: []api.EnvVar{{ envs: []api.EnvVar{{
@ -2912,6 +2940,26 @@ func TestValidateEnvFrom(t *testing.T) {
}, },
expectedError: "field: Invalid value: \"\": may not have more than one field specified at a time", expectedError: "field: Invalid value: \"\": may not have more than one field specified at a time",
}, },
{
name: "invalid secret ref name",
envs: []api.EnvFromSource{
{
SecretRef: &api.SecretEnvSource{
LocalObjectReference: api.LocalObjectReference{Name: "$%^&*#"}},
},
},
expectedError: "field[0].secretRef.name: Invalid value: \"$%^&*#\": " + dnsSubdomainLabelErrMsg,
},
{
name: "invalid config ref name",
envs: []api.EnvFromSource{
{
ConfigMapRef: &api.ConfigMapEnvSource{
LocalObjectReference: api.LocalObjectReference{Name: "$%^&*#"}},
},
},
expectedError: "field[0].configMapRef.name: Invalid value: \"$%^&*#\": " + dnsSubdomainLabelErrMsg,
},
} }
for _, tc := range errorCases { for _, tc := range errorCases {
if errs := ValidateEnvFrom(tc.envs, field.NewPath("field")); len(errs) == 0 { if errs := ValidateEnvFrom(tc.envs, field.NewPath("field")); len(errs) == 0 {
@ -3223,6 +3271,21 @@ func TestValidateContainers(t *testing.T) {
ImagePullPolicy: "IfNotPresent", ImagePullPolicy: "IfNotPresent",
TerminationMessagePolicy: "File", TerminationMessagePolicy: "File",
}, },
{
Name: "env-from-source",
Image: "image",
ImagePullPolicy: "IfNotPresent",
TerminationMessagePolicy: "File",
EnvFrom: []api.EnvFromSource{
{
ConfigMapRef: &api.ConfigMapEnvSource{
LocalObjectReference: api.LocalObjectReference{
Name: "test",
},
},
},
},
},
{Name: "abc-1234", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File", SecurityContext: fakeValidSecurityContext(true)}, {Name: "abc-1234", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File", SecurityContext: fakeValidSecurityContext(true)},
} }
if errs := validateContainers(successCase, volumes, field.NewPath("field")); len(errs) != 0 { if errs := validateContainers(successCase, volumes, field.NewPath("field")); len(errs) != 0 {
@ -3452,6 +3515,23 @@ func TestValidateContainers(t *testing.T) {
TerminationMessagePolicy: "File", TerminationMessagePolicy: "File",
}, },
}, },
"Invalid env from": {
{
Name: "env-from-source",
Image: "image",
ImagePullPolicy: "IfNotPresent",
TerminationMessagePolicy: "File",
EnvFrom: []api.EnvFromSource{
{
ConfigMapRef: &api.ConfigMapEnvSource{
LocalObjectReference: api.LocalObjectReference{
Name: "$%^&*#",
},
},
},
},
},
},
} }
for k, v := range errorCases { for k, v := range errorCases {
if errs := validateContainers(v, volumes, field.NewPath("field")); len(errs) == 0 { if errs := validateContainers(v, volumes, field.NewPath("field")); len(errs) == 0 {