mirror of
https://github.com/optim-enterprises-bv/kubernetes.git
synced 2025-10-30 17:58:14 +00:00
ba189de78f
Because it used both IsValidIPv4Address and ValidateEndpointIP, EndpointSlice validation produced duplicate error messages when given an invalid IP. Fix this by calling IsValidIP first, and only doing the other checks if that one fails. Also, since no one else was using the IsValidIPv4Address and IsValidIPv6Address methods anyway, just inline them into the EndpointSlice validation, so we don't have to worry about "should they do legacy or strict validation" later.
228 lines
8.2 KiB
Go
228 lines
8.2 KiB
Go
/*
|
|
Copyright 2019 The Kubernetes Authors.
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
you may not use this file except in compliance with the License.
|
|
You may obtain a copy of the License at
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
See the License for the specific language governing permissions and
|
|
limitations under the License.
|
|
*/
|
|
|
|
package validation
|
|
|
|
import (
|
|
"fmt"
|
|
|
|
corev1 "k8s.io/api/core/v1"
|
|
apimachineryvalidation "k8s.io/apimachinery/pkg/api/validation"
|
|
metavalidation "k8s.io/apimachinery/pkg/apis/meta/v1/validation"
|
|
"k8s.io/apimachinery/pkg/util/sets"
|
|
"k8s.io/apimachinery/pkg/util/validation"
|
|
"k8s.io/apimachinery/pkg/util/validation/field"
|
|
api "k8s.io/kubernetes/pkg/apis/core"
|
|
apivalidation "k8s.io/kubernetes/pkg/apis/core/validation"
|
|
"k8s.io/kubernetes/pkg/apis/discovery"
|
|
netutils "k8s.io/utils/net"
|
|
)
|
|
|
|
var (
|
|
supportedAddressTypes = sets.NewString(
|
|
string(discovery.AddressTypeIPv4),
|
|
string(discovery.AddressTypeIPv6),
|
|
string(discovery.AddressTypeFQDN),
|
|
)
|
|
supportedPortProtocols = sets.NewString(
|
|
string(api.ProtocolTCP),
|
|
string(api.ProtocolUDP),
|
|
string(api.ProtocolSCTP),
|
|
)
|
|
maxTopologyLabels = 16
|
|
maxAddresses = 100
|
|
maxPorts = 20000
|
|
maxEndpoints = 1000
|
|
maxZoneHints = 8
|
|
)
|
|
|
|
// ValidateEndpointSliceName can be used to check whether the given endpoint
|
|
// slice name is valid. Prefix indicates this name will be used as part of
|
|
// generation, in which case trailing dashes are allowed.
|
|
var ValidateEndpointSliceName = apimachineryvalidation.NameIsDNSSubdomain
|
|
|
|
// ValidateEndpointSlice validates an EndpointSlice.
|
|
func ValidateEndpointSlice(endpointSlice *discovery.EndpointSlice) field.ErrorList {
|
|
allErrs := apivalidation.ValidateObjectMeta(&endpointSlice.ObjectMeta, true, ValidateEndpointSliceName, field.NewPath("metadata"))
|
|
allErrs = append(allErrs, validateAddressType(endpointSlice.AddressType)...)
|
|
allErrs = append(allErrs, validateEndpoints(endpointSlice.Endpoints, endpointSlice.AddressType, field.NewPath("endpoints"))...)
|
|
allErrs = append(allErrs, validatePorts(endpointSlice.Ports, field.NewPath("ports"))...)
|
|
|
|
return allErrs
|
|
}
|
|
|
|
// ValidateEndpointSliceCreate validates an EndpointSlice when it is created.
|
|
func ValidateEndpointSliceCreate(endpointSlice *discovery.EndpointSlice) field.ErrorList {
|
|
return ValidateEndpointSlice(endpointSlice)
|
|
}
|
|
|
|
// ValidateEndpointSliceUpdate validates an EndpointSlice when it is updated.
|
|
func ValidateEndpointSliceUpdate(newEndpointSlice, oldEndpointSlice *discovery.EndpointSlice) field.ErrorList {
|
|
allErrs := ValidateEndpointSlice(newEndpointSlice)
|
|
allErrs = append(allErrs, apivalidation.ValidateImmutableField(newEndpointSlice.AddressType, oldEndpointSlice.AddressType, field.NewPath("addressType"))...)
|
|
|
|
return allErrs
|
|
}
|
|
|
|
func validateEndpoints(endpoints []discovery.Endpoint, addrType discovery.AddressType, fldPath *field.Path) field.ErrorList {
|
|
allErrs := field.ErrorList{}
|
|
|
|
if len(endpoints) > maxEndpoints {
|
|
allErrs = append(allErrs, field.TooMany(fldPath, len(endpoints), maxEndpoints))
|
|
return allErrs
|
|
}
|
|
|
|
for i, endpoint := range endpoints {
|
|
idxPath := fldPath.Index(i)
|
|
addressPath := idxPath.Child("addresses")
|
|
|
|
if len(endpoint.Addresses) == 0 {
|
|
allErrs = append(allErrs, field.Required(addressPath, "must contain at least 1 address"))
|
|
} else if len(endpoint.Addresses) > maxAddresses {
|
|
allErrs = append(allErrs, field.TooMany(addressPath, len(endpoint.Addresses), maxAddresses))
|
|
}
|
|
|
|
for i, address := range endpoint.Addresses {
|
|
// This validates known address types, unknown types fall through
|
|
// and do not get validated.
|
|
switch addrType {
|
|
case discovery.AddressTypeIPv4:
|
|
ipErrs := validation.IsValidIP(addressPath.Index(i), address)
|
|
if len(ipErrs) > 0 {
|
|
allErrs = append(allErrs, ipErrs...)
|
|
} else {
|
|
if !netutils.IsIPv4String(address) {
|
|
allErrs = append(allErrs, field.Invalid(addressPath, address, "must be an IPv4 address"))
|
|
}
|
|
allErrs = append(allErrs, apivalidation.ValidateEndpointIP(address, addressPath.Index(i))...)
|
|
}
|
|
case discovery.AddressTypeIPv6:
|
|
ipErrs := validation.IsValidIP(addressPath.Index(i), address)
|
|
if len(ipErrs) > 0 {
|
|
allErrs = append(allErrs, ipErrs...)
|
|
} else {
|
|
if !netutils.IsIPv6String(address) {
|
|
allErrs = append(allErrs, field.Invalid(addressPath, address, "must be an IPv6 address"))
|
|
}
|
|
allErrs = append(allErrs, apivalidation.ValidateEndpointIP(address, addressPath.Index(i))...)
|
|
}
|
|
case discovery.AddressTypeFQDN:
|
|
allErrs = append(allErrs, validation.IsFullyQualifiedDomainName(addressPath.Index(i), address)...)
|
|
}
|
|
}
|
|
|
|
if endpoint.NodeName != nil {
|
|
nnPath := idxPath.Child("nodeName")
|
|
for _, msg := range apivalidation.ValidateNodeName(*endpoint.NodeName, false) {
|
|
allErrs = append(allErrs, field.Invalid(nnPath, *endpoint.NodeName, msg))
|
|
}
|
|
}
|
|
|
|
topologyPath := idxPath.Child("deprecatedTopology")
|
|
if len(endpoint.DeprecatedTopology) > maxTopologyLabels {
|
|
allErrs = append(allErrs, field.TooMany(topologyPath, len(endpoint.DeprecatedTopology), maxTopologyLabels))
|
|
}
|
|
allErrs = append(allErrs, metavalidation.ValidateLabels(endpoint.DeprecatedTopology, topologyPath)...)
|
|
if _, found := endpoint.DeprecatedTopology[corev1.LabelTopologyZone]; found {
|
|
allErrs = append(allErrs, field.InternalError(topologyPath.Key(corev1.LabelTopologyZone), fmt.Errorf("reserved key was not removed in conversion")))
|
|
}
|
|
|
|
if endpoint.Hostname != nil {
|
|
allErrs = append(allErrs, apivalidation.ValidateDNS1123Label(*endpoint.Hostname, idxPath.Child("hostname"))...)
|
|
}
|
|
|
|
if endpoint.Hints != nil {
|
|
allErrs = append(allErrs, validateHints(endpoint.Hints, idxPath.Child("hints"))...)
|
|
}
|
|
}
|
|
|
|
return allErrs
|
|
}
|
|
|
|
func validatePorts(endpointPorts []discovery.EndpointPort, fldPath *field.Path) field.ErrorList {
|
|
allErrs := field.ErrorList{}
|
|
|
|
if len(endpointPorts) > maxPorts {
|
|
allErrs = append(allErrs, field.TooMany(fldPath, len(endpointPorts), maxPorts))
|
|
return allErrs
|
|
}
|
|
|
|
portNames := sets.String{}
|
|
for i, endpointPort := range endpointPorts {
|
|
idxPath := fldPath.Index(i)
|
|
|
|
if len(*endpointPort.Name) > 0 {
|
|
allErrs = append(allErrs, apivalidation.ValidateDNS1123Label(*endpointPort.Name, idxPath.Child("name"))...)
|
|
}
|
|
|
|
if portNames.Has(*endpointPort.Name) {
|
|
allErrs = append(allErrs, field.Duplicate(idxPath.Child("name"), endpointPort.Name))
|
|
} else {
|
|
portNames.Insert(*endpointPort.Name)
|
|
}
|
|
|
|
if endpointPort.Protocol == nil {
|
|
allErrs = append(allErrs, field.Required(idxPath.Child("protocol"), ""))
|
|
} else if !supportedPortProtocols.Has(string(*endpointPort.Protocol)) {
|
|
allErrs = append(allErrs, field.NotSupported(idxPath.Child("protocol"), *endpointPort.Protocol, supportedPortProtocols.List()))
|
|
}
|
|
|
|
if endpointPort.AppProtocol != nil {
|
|
allErrs = append(allErrs, apivalidation.ValidateQualifiedName(*endpointPort.AppProtocol, idxPath.Child("appProtocol"))...)
|
|
}
|
|
}
|
|
|
|
return allErrs
|
|
}
|
|
|
|
func validateAddressType(addressType discovery.AddressType) field.ErrorList {
|
|
allErrs := field.ErrorList{}
|
|
|
|
if addressType == "" {
|
|
allErrs = append(allErrs, field.Required(field.NewPath("addressType"), ""))
|
|
} else if !supportedAddressTypes.Has(string(addressType)) {
|
|
allErrs = append(allErrs, field.NotSupported(field.NewPath("addressType"), addressType, supportedAddressTypes.List()))
|
|
}
|
|
|
|
return allErrs
|
|
}
|
|
|
|
func validateHints(endpointHints *discovery.EndpointHints, fldPath *field.Path) field.ErrorList {
|
|
allErrs := field.ErrorList{}
|
|
|
|
fzPath := fldPath.Child("forZones")
|
|
if len(endpointHints.ForZones) > maxZoneHints {
|
|
allErrs = append(allErrs, field.TooMany(fzPath, len(endpointHints.ForZones), maxZoneHints))
|
|
return allErrs
|
|
}
|
|
|
|
zoneNames := sets.String{}
|
|
for i, forZone := range endpointHints.ForZones {
|
|
zonePath := fzPath.Index(i).Child("name")
|
|
if zoneNames.Has(forZone.Name) {
|
|
allErrs = append(allErrs, field.Duplicate(zonePath, forZone.Name))
|
|
} else {
|
|
zoneNames.Insert(forZone.Name)
|
|
}
|
|
|
|
for _, msg := range validation.IsValidLabelValue(forZone.Name) {
|
|
allErrs = append(allErrs, field.Invalid(zonePath, forZone.Name, msg))
|
|
}
|
|
}
|
|
|
|
return allErrs
|
|
}
|