scottk/kubernetes
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/kubernetes.git synced 2025-11-04 04:08:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

Validate kubernetes.io/dockerconfigjson secrets

Browse Source 
Added unit test.
This commit is contained in:
Eric Tune
2015-12-16 14:13:18 -08:00
parent 810544633e
commit 4a3d4defdf
2 changed files with 37 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
pkg/api/validation/validation.go
View File

@@ -1916,6 +1916,17 @@ func ValidateSecret(secret *api.Secret) field.ErrorList {
if err := json.Unmarshal(dockercfgBytes, &map[string]interface{}{}); err != nil { if err := json.Unmarshal(dockercfgBytes, &map[string]interface{}{}); err != nil {
allErrs = append(allErrs, field.Invalid(dataPath.Key(api.DockerConfigKey), "<secret contents redacted>", err.Error())) allErrs = append(allErrs, field.Invalid(dataPath.Key(api.DockerConfigKey), "<secret contents redacted>", err.Error()))
} }
case api.SecretTypeDockerConfigJson:
dockerConfigJsonBytes, exists := secret.Data[api.DockerConfigJsonKey]
if !exists {
allErrs = append(allErrs, field.Required(dataPath.Key(api.DockerConfigJsonKey), ""))
break
}
// make sure that the content is well-formed json.
if err := json.Unmarshal(dockerConfigJsonBytes, &map[string]interface{}{}); err != nil {
allErrs = append(allErrs, field.Invalid(dataPath.Key(api.DockerConfigJsonKey), "<secret contents redacted>", err.Error()))
}
default: default:
// no-op // no-op

21
pkg/api/validation/validation_test.go
View File

@@ -3958,25 +3958,44 @@ func TestValidateDockerConfigSecret(t *testing.T) {
}, },
} }
} }
validDockerSecret2 := func() api.Secret {
return api.Secret{
ObjectMeta: api.ObjectMeta{Name: "foo", Namespace: "bar"},
Type: api.SecretTypeDockerConfigJson,
Data: map[string][]byte{
api.DockerConfigJsonKey: []byte(`{"auths":{"https://index.docker.io/v1/": {"auth": "Y2x1ZWRyb29sZXIwMDAxOnBhc3N3b3Jk","email": "fake@example.com"}}}`),
},
}
}
var ( var (
missingDockerConfigKey = validDockerSecret() missingDockerConfigKey = validDockerSecret()
emptyDockerConfigKey = validDockerSecret() emptyDockerConfigKey = validDockerSecret()
invalidDockerConfigKey = validDockerSecret() invalidDockerConfigKey = validDockerSecret()
missingDockerConfigKey2 = validDockerSecret2()
emptyDockerConfigKey2 = validDockerSecret2()
invalidDockerConfigKey2 = validDockerSecret2()
) )
delete(missingDockerConfigKey.Data, api.DockerConfigKey) delete(missingDockerConfigKey.Data, api.DockerConfigKey)
emptyDockerConfigKey.Data[api.DockerConfigKey] = []byte("") emptyDockerConfigKey.Data[api.DockerConfigKey] = []byte("")
invalidDockerConfigKey.Data[api.DockerConfigKey] = []byte("bad") invalidDockerConfigKey.Data[api.DockerConfigKey] = []byte("bad")
delete(missingDockerConfigKey2.Data, api.DockerConfigJsonKey)
emptyDockerConfigKey2.Data[api.DockerConfigJsonKey] = []byte("")
invalidDockerConfigKey2.Data[api.DockerConfigJsonKey] = []byte("bad")
tests := map[string]struct { tests := map[string]struct {
secret api.Secret secret api.Secret
valid bool valid bool
}{ }{
"valid": {validDockerSecret(), true}, "valid dockercfg": {validDockerSecret(), true},
"missing dockercfg": {missingDockerConfigKey, false}, "missing dockercfg": {missingDockerConfigKey, false},
"empty dockercfg": {emptyDockerConfigKey, false}, "empty dockercfg": {emptyDockerConfigKey, false},
"invalid dockercfg": {invalidDockerConfigKey, false}, "invalid dockercfg": {invalidDockerConfigKey, false},
"valid config.json": {validDockerSecret2(), true},
"missing config.json": {missingDockerConfigKey2, false},
"empty config.json": {emptyDockerConfigKey2, false},
"invalid config.json": {invalidDockerConfigKey2, false},
} }
for name, tc := range tests { for name, tc := range tests {