From e6bb041445011656b361c211dc7fa644b3ce0fcc Mon Sep 17 00:00:00 2001 From: Tim Hockin Date: Sun, 7 Jul 2024 10:50:17 -0700 Subject: [PATCH] Clarify errors in ProjectedVolume validation Also clarify API docs. --- api/openapi-spec/swagger.json | 4 ++-- api/openapi-spec/v3/api__v1_openapi.json | 4 ++-- api/openapi-spec/v3/apis__apps__v1_openapi.json | 4 ++-- api/openapi-spec/v3/apis__batch__v1_openapi.json | 4 ++-- pkg/apis/core/validation/validation.go | 4 ++-- pkg/generated/openapi/zz_generated.openapi.go | 4 ++-- staging/src/k8s.io/api/core/v1/generated.proto | 6 ++++-- staging/src/k8s.io/api/core/v1/types.go | 8 ++++---- .../src/k8s.io/api/core/v1/types_swagger_doc_generated.go | 4 ++-- 9 files changed, 22 insertions(+), 20 deletions(-) diff --git a/api/openapi-spec/swagger.json b/api/openapi-spec/swagger.json index f8106bd9892..c49e5f4971b 100644 --- a/api/openapi-spec/swagger.json +++ b/api/openapi-spec/swagger.json @@ -10054,7 +10054,7 @@ "type": "integer" }, "sources": { - "description": "sources is the list of volume projections", + "description": "sources is the list of volume projections. Each entry in this list handles one source.", "items": { "$ref": "#/definitions/io.k8s.api.core.v1.VolumeProjection" }, @@ -11841,7 +11841,7 @@ "type": "object" }, "io.k8s.api.core.v1.VolumeProjection": { - "description": "Projection that may be projected along with other supported volume types", + "description": "Projection that may be projected along with other supported volume types. Exactly one of these fields must be set.", "properties": { "clusterTrustBundle": { "$ref": "#/definitions/io.k8s.api.core.v1.ClusterTrustBundleProjection", diff --git a/api/openapi-spec/v3/api__v1_openapi.json b/api/openapi-spec/v3/api__v1_openapi.json index 5dbe3ec3604..d6db265791b 100644 --- a/api/openapi-spec/v3/api__v1_openapi.json +++ b/api/openapi-spec/v3/api__v1_openapi.json @@ -6133,7 +6133,7 @@ "type": "integer" }, "sources": { - "description": "sources is the list of volume projections", + "description": "sources is the list of volume projections. Each entry in this list handles one source.", "items": { "allOf": [ { @@ -8311,7 +8311,7 @@ "type": "object" }, "io.k8s.api.core.v1.VolumeProjection": { - "description": "Projection that may be projected along with other supported volume types", + "description": "Projection that may be projected along with other supported volume types. Exactly one of these fields must be set.", "properties": { "clusterTrustBundle": { "allOf": [ diff --git a/api/openapi-spec/v3/apis__apps__v1_openapi.json b/api/openapi-spec/v3/apis__apps__v1_openapi.json index 5d7ee38038f..19d1a74c8a1 100644 --- a/api/openapi-spec/v3/apis__apps__v1_openapi.json +++ b/api/openapi-spec/v3/apis__apps__v1_openapi.json @@ -4173,7 +4173,7 @@ "type": "integer" }, "sources": { - "description": "sources is the list of volume projections", + "description": "sources is the list of volume projections. Each entry in this list handles one source.", "items": { "allOf": [ { @@ -5190,7 +5190,7 @@ "type": "object" }, "io.k8s.api.core.v1.VolumeProjection": { - "description": "Projection that may be projected along with other supported volume types", + "description": "Projection that may be projected along with other supported volume types. Exactly one of these fields must be set.", "properties": { "clusterTrustBundle": { "allOf": [ diff --git a/api/openapi-spec/v3/apis__batch__v1_openapi.json b/api/openapi-spec/v3/apis__batch__v1_openapi.json index 7885d315946..cac63fb134d 100644 --- a/api/openapi-spec/v3/apis__batch__v1_openapi.json +++ b/api/openapi-spec/v3/apis__batch__v1_openapi.json @@ -3377,7 +3377,7 @@ "type": "integer" }, "sources": { - "description": "sources is the list of volume projections", + "description": "sources is the list of volume projections. Each entry in this list handles one source.", "items": { "allOf": [ { @@ -4394,7 +4394,7 @@ "type": "object" }, "io.k8s.api.core.v1.VolumeProjection": { - "description": "Projection that may be projected along with other supported volume types", + "description": "Projection that may be projected along with other supported volume types. Exactly one of these fields must be set.", "properties": { "clusterTrustBundle": { "allOf": [ diff --git a/pkg/apis/core/validation/validation.go b/pkg/apis/core/validation/validation.go index e0841d0c21b..c76d638068a 100644 --- a/pkg/apis/core/validation/validation.go +++ b/pkg/apis/core/validation/validation.go @@ -1157,7 +1157,7 @@ func validateProjectionSources(projection *core.ProjectedVolumeSource, projectio allErrs = append(allErrs, ValidateLocalNonReservedPath(source.ServiceAccountToken.Path, fldPath.Child("path"))...) } } - if projPath := srcPath.Child("clusterTrustBundlePEM"); source.ClusterTrustBundle != nil { + if projPath := srcPath.Child("clusterTrustBundle"); source.ClusterTrustBundle != nil { numSources++ usingName := source.ClusterTrustBundle.Name != nil @@ -1221,7 +1221,7 @@ func validateProjectionSources(projection *core.ProjectedVolumeSource, projectio } } if numSources > 1 { - allErrs = append(allErrs, field.Forbidden(srcPath, "may not specify more than 1 volume type")) + allErrs = append(allErrs, field.Forbidden(srcPath, "may not specify more than 1 volume type per source")) } } return allErrs diff --git a/pkg/generated/openapi/zz_generated.openapi.go b/pkg/generated/openapi/zz_generated.openapi.go index b9f01a3a04d..3b8f37cce77 100644 --- a/pkg/generated/openapi/zz_generated.openapi.go +++ b/pkg/generated/openapi/zz_generated.openapi.go @@ -28414,7 +28414,7 @@ func schema_k8sio_api_core_v1_ProjectedVolumeSource(ref common.ReferenceCallback }, }, SchemaProps: spec.SchemaProps{ - Description: "sources is the list of volume projections", + Description: "sources is the list of volume projections. Each entry in this list handles one source.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ @@ -31735,7 +31735,7 @@ func schema_k8sio_api_core_v1_VolumeProjection(ref common.ReferenceCallback) com return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "Projection that may be projected along with other supported volume types", + Description: "Projection that may be projected along with other supported volume types. Exactly one of these fields must be set.", Type: []string{"object"}, Properties: map[string]spec.Schema{ "secret": { diff --git a/staging/src/k8s.io/api/core/v1/generated.proto b/staging/src/k8s.io/api/core/v1/generated.proto index 1e10dad160d..7495822904a 100644 --- a/staging/src/k8s.io/api/core/v1/generated.proto +++ b/staging/src/k8s.io/api/core/v1/generated.proto @@ -4664,7 +4664,8 @@ message ProbeHandler { // Represents a projected volume source message ProjectedVolumeSource { - // sources is the list of volume projections + // sources is the list of volume projections. Each entry in this list + // handles one source. // +optional // +listType=atomic repeated VolumeProjection sources = 1; @@ -6373,7 +6374,8 @@ message VolumeNodeAffinity { optional NodeSelector required = 1; } -// Projection that may be projected along with other supported volume types +// Projection that may be projected along with other supported volume types. +// Exactly one of these fields must be set. message VolumeProjection { // secret information about the secret data to project // +optional diff --git a/staging/src/k8s.io/api/core/v1/types.go b/staging/src/k8s.io/api/core/v1/types.go index 0ef5fe6d62c..6a0e7b80d59 100644 --- a/staging/src/k8s.io/api/core/v1/types.go +++ b/staging/src/k8s.io/api/core/v1/types.go @@ -1911,7 +1911,8 @@ type ClusterTrustBundleProjection struct { // Represents a projected volume source type ProjectedVolumeSource struct { - // sources is the list of volume projections + // sources is the list of volume projections. Each entry in this list + // handles one source. // +optional // +listType=atomic Sources []VolumeProjection `json:"sources" protobuf:"bytes,1,rep,name=sources"` @@ -1925,10 +1926,9 @@ type ProjectedVolumeSource struct { DefaultMode *int32 `json:"defaultMode,omitempty" protobuf:"varint,2,opt,name=defaultMode"` } -// Projection that may be projected along with other supported volume types +// Projection that may be projected along with other supported volume types. +// Exactly one of these fields must be set. type VolumeProjection struct { - // all types below are the supported types for projection into the same volume - // secret information about the secret data to project // +optional Secret *SecretProjection `json:"secret,omitempty" protobuf:"bytes,1,opt,name=secret"` diff --git a/staging/src/k8s.io/api/core/v1/types_swagger_doc_generated.go b/staging/src/k8s.io/api/core/v1/types_swagger_doc_generated.go index 65d2a9fded9..0be96c6c64d 100644 --- a/staging/src/k8s.io/api/core/v1/types_swagger_doc_generated.go +++ b/staging/src/k8s.io/api/core/v1/types_swagger_doc_generated.go @@ -1956,7 +1956,7 @@ func (ProbeHandler) SwaggerDoc() map[string]string { var map_ProjectedVolumeSource = map[string]string{ "": "Represents a projected volume source", - "sources": "sources is the list of volume projections", + "sources": "sources is the list of volume projections. Each entry in this list handles one source.", "defaultMode": "defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", } @@ -2652,7 +2652,7 @@ func (VolumeNodeAffinity) SwaggerDoc() map[string]string { } var map_VolumeProjection = map[string]string{ - "": "Projection that may be projected along with other supported volume types", + "": "Projection that may be projected along with other supported volume types. Exactly one of these fields must be set.", "secret": "secret information about the secret data to project", "downwardAPI": "downwardAPI information about the downwardAPI data to project", "configMap": "configMap information about the configMap data to project",