From 7d10fd3591dedb3dc86b435fbc75374efefc0362 Mon Sep 17 00:00:00 2001 From: Jordan Liggitt Date: Mon, 30 Nov 2015 14:35:34 -0500 Subject: [PATCH] Validate pod spec.nodeName --- pkg/api/validation/validation.go | 6 ++++++ pkg/api/validation/validation_test.go | 7 +++++++ pkg/kubelet/client/kubelet_client.go | 5 +++++ pkg/kubelet/client/kubelet_client_test.go | 24 +++++++++++++++++++++++ 4 files changed, 42 insertions(+) diff --git a/pkg/api/validation/validation.go b/pkg/api/validation/validation.go index 5fc10f7de05..a16a2c8f2f5 100644 --- a/pkg/api/validation/validation.go +++ b/pkg/api/validation/validation.go @@ -1156,6 +1156,12 @@ func ValidatePodSpec(spec *api.PodSpec, fldPath *validation.FieldPath) validatio } } + if len(spec.NodeName) > 0 { + if ok, msg := ValidateNodeName(spec.NodeName, false); !ok { + allErrs = append(allErrs, validation.NewInvalidError(fldPath.Child("nodeName"), spec.NodeName, msg)) + } + } + if spec.ActiveDeadlineSeconds != nil { if *spec.ActiveDeadlineSeconds <= 0 { allErrs = append(allErrs, validation.NewInvalidError(fldPath.Child("activeDeadlineSeconds"), spec.ActiveDeadlineSeconds, "must be greater than 0")) diff --git a/pkg/api/validation/validation_test.go b/pkg/api/validation/validation_test.go index 9f00a184ad1..aba29176524 100644 --- a/pkg/api/validation/validation_test.go +++ b/pkg/api/validation/validation_test.go @@ -1507,6 +1507,13 @@ func TestValidatePodSpec(t *testing.T) { DNSPolicy: api.DNSClusterFirst, ActiveDeadlineSeconds: &activeDeadlineSeconds, }, + "bad nodeName": { + NodeName: "node name", + Volumes: []api.Volume{{Name: "vol", VolumeSource: api.VolumeSource{EmptyDir: &api.EmptyDirVolumeSource{}}}}, + Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent"}}, + RestartPolicy: api.RestartPolicyAlways, + DNSPolicy: api.DNSClusterFirst, + }, } for k, v := range failureCases { if errs := ValidatePodSpec(&v, validation.NewFieldPath("field")); len(errs) == 0 { diff --git a/pkg/kubelet/client/kubelet_client.go b/pkg/kubelet/client/kubelet_client.go index 03f063cbfd3..cba23668753 100644 --- a/pkg/kubelet/client/kubelet_client.go +++ b/pkg/kubelet/client/kubelet_client.go @@ -18,11 +18,13 @@ package client import ( "errors" + "fmt" "net" "net/http" "time" "k8s.io/kubernetes/pkg/api" + "k8s.io/kubernetes/pkg/api/validation" "k8s.io/kubernetes/pkg/client/transport" client "k8s.io/kubernetes/pkg/client/unversioned" "k8s.io/kubernetes/pkg/util" @@ -96,6 +98,9 @@ func NewStaticKubeletClient(config *KubeletClientConfig) (KubeletClient, error) // In default HTTPKubeletClient ctx is unused. func (c *HTTPKubeletClient) GetConnectionInfo(ctx api.Context, nodeName string) (string, uint, http.RoundTripper, error) { + if ok, msg := validation.ValidateNodeName(nodeName, false); !ok { + return "", 0, nil, fmt.Errorf("invalid node name: %s", msg) + } scheme := "http" if c.Config.EnableHttps { scheme = "https" diff --git a/pkg/kubelet/client/kubelet_client_test.go b/pkg/kubelet/client/kubelet_client_test.go index 7d178f4946f..c5a02528476 100644 --- a/pkg/kubelet/client/kubelet_client_test.go +++ b/pkg/kubelet/client/kubelet_client_test.go @@ -82,6 +82,7 @@ func TestNewKubeletClientTLSInvalid(t *testing.T) { func TestNewKubeletClientTLSValid(t *testing.T) { config := &KubeletClientConfig{ + Port: 1234, EnableHttps: true, TLSClientConfig: client.TLSClientConfig{ CertFile: "../../client/testdata/mycertvalid.cer", @@ -99,4 +100,27 @@ func TestNewKubeletClientTLSValid(t *testing.T) { if client == nil { t.Error("client should not be nil") } + + { + scheme, port, transport, err := client.GetConnectionInfo(nil, "foo") + if err != nil { + t.Errorf("Error getting info: %v", err) + } + if scheme != "https" { + t.Errorf("Expected https, got %s", scheme) + } + if port != 1234 { + t.Errorf("Expected 1234, got %d", port) + } + if transport == nil { + t.Errorf("Expected transport, got nil") + } + } + + { + _, _, _, err := client.GetConnectionInfo(nil, "foo bar") + if err == nil { + t.Errorf("Expected error getting connection info for invalid node name, got none") + } + } }