... | ... |
@@ -107,6 +107,10 @@ func ValidateUser(user *api.User) fielderrors.ValidationErrorList { |
107 | 107 |
} |
108 | 108 |
|
109 | 109 |
for index, group := range user.Groups { |
110 |
+ if len(group) == 0 { |
|
111 |
+ allErrs = append(allErrs, fielderrors.NewFieldInvalid(fmt.Sprintf("groups[%d]", index), group, "may not be empty")) |
|
112 |
+ continue |
|
113 |
+ } |
|
110 | 114 |
if ok, msg := ValidateGroupName(group, false); !ok { |
111 | 115 |
allErrs = append(allErrs, fielderrors.NewFieldInvalid(fmt.Sprintf("groups[%d]", index), group, msg)) |
112 | 116 |
} |
... | ... |
@@ -118,6 +122,7 @@ func ValidateUser(user *api.User) fielderrors.ValidationErrorList { |
118 | 118 |
func ValidateUserUpdate(user *api.User, old *api.User) fielderrors.ValidationErrorList { |
119 | 119 |
allErrs := fielderrors.ValidationErrorList{} |
120 | 120 |
allErrs = append(allErrs, kvalidation.ValidateObjectMetaUpdate(&old.ObjectMeta, &user.ObjectMeta).Prefix("metadata")...) |
121 |
+ allErrs = append(allErrs, ValidateUser(user)...) |
|
121 | 122 |
return allErrs |
122 | 123 |
} |
123 | 124 |
|
... | ... |
@@ -160,6 +165,7 @@ func ValidateIdentityUpdate(identity *api.Identity, old *api.Identity) fielderro |
160 | 160 |
allErrs := fielderrors.ValidationErrorList{} |
161 | 161 |
|
162 | 162 |
allErrs = append(allErrs, kvalidation.ValidateObjectMetaUpdate(&old.ObjectMeta, &identity.ObjectMeta).Prefix("metadata")...) |
163 |
+ allErrs = append(allErrs, ValidateIdentity(identity)...) |
|
163 | 164 |
|
164 | 165 |
if identity.ProviderName != old.ProviderName { |
165 | 166 |
allErrs = append(allErrs, fielderrors.NewFieldInvalid("providerName", identity.ProviderName, "may not change providerName")) |
... | ... |
@@ -188,7 +194,7 @@ func ValidateUserIdentityMapping(mapping *api.UserIdentityMapping) fielderrors.V |
188 | 188 |
|
189 | 189 |
func ValidateUserIdentityMappingUpdate(mapping *api.UserIdentityMapping, old *api.UserIdentityMapping) fielderrors.ValidationErrorList { |
190 | 190 |
allErrs := fielderrors.ValidationErrorList{} |
191 |
- allErrs = append(allErrs, ValidateUserIdentityMapping(mapping)...) |
|
192 | 191 |
allErrs = append(allErrs, kvalidation.ValidateObjectMetaUpdate(&old.ObjectMeta, &mapping.ObjectMeta).Prefix("metadata")...) |
192 |
+ allErrs = append(allErrs, ValidateUserIdentityMapping(mapping)...) |
|
193 | 193 |
return allErrs |
194 | 194 |
} |
... | ... |
@@ -1,13 +1,273 @@ |
1 | 1 |
package validation |
2 | 2 |
|
3 |
-import "testing" |
|
3 |
+import ( |
|
4 |
+ "testing" |
|
4 | 5 |
|
5 |
-func TestValidateUser(t *testing.T) {} |
|
6 |
+ kapi "github.com/GoogleCloudPlatform/kubernetes/pkg/api" |
|
7 |
+ "github.com/openshift/origin/pkg/user/api" |
|
8 |
+) |
|
6 | 9 |
|
7 |
-func TestValidateUserUpdate(t *testing.T) {} |
|
10 |
+func TestValidateUser(t *testing.T) { |
|
11 |
+ validObj := func() *api.User { |
|
12 |
+ return &api.User{ |
|
13 |
+ ObjectMeta: kapi.ObjectMeta{ |
|
14 |
+ Name: "myname", |
|
15 |
+ }, |
|
16 |
+ Identities: []string{"myprovider:mylogin"}, |
|
17 |
+ Groups: []string{"mygroup"}, |
|
18 |
+ } |
|
19 |
+ } |
|
8 | 20 |
|
9 |
-func TestValidateIdentity(t *testing.T) {} |
|
21 |
+ if errs := ValidateUser(validObj()); len(errs) > 0 { |
|
22 |
+ t.Errorf("Expected no errors, got %v", errs) |
|
23 |
+ } |
|
10 | 24 |
|
11 |
-func TestValidateIdentityUpdate(t *testing.T) {} |
|
25 |
+ emptyIdentity := validObj() |
|
26 |
+ emptyIdentity.Identities = []string{""} |
|
27 |
+ if errs := ValidateUser(emptyIdentity); len(errs) == 0 { |
|
28 |
+ t.Errorf("Expected error, got none") |
|
29 |
+ } |
|
12 | 30 |
|
13 |
-func TestValidateUserIdentityMapping(t *testing.T) {} |
|
31 |
+ invalidIdentity := validObj() |
|
32 |
+ invalidIdentity.Identities = []string{"foo"} |
|
33 |
+ if errs := ValidateUser(invalidIdentity); len(errs) == 0 { |
|
34 |
+ t.Errorf("Expected error, got none") |
|
35 |
+ } |
|
36 |
+ |
|
37 |
+ emptyGroup := validObj() |
|
38 |
+ emptyGroup.Groups = []string{""} |
|
39 |
+ if errs := ValidateUser(emptyGroup); len(errs) == 0 { |
|
40 |
+ t.Errorf("Expected error, got none") |
|
41 |
+ } |
|
42 |
+ |
|
43 |
+ invalidGroup := validObj() |
|
44 |
+ invalidGroup.Groups = []string{"bad:group:name"} |
|
45 |
+ if errs := ValidateUser(invalidGroup); len(errs) == 0 { |
|
46 |
+ t.Errorf("Expected error, got none") |
|
47 |
+ } |
|
48 |
+} |
|
49 |
+ |
|
50 |
+func TestValidateUserUpdate(t *testing.T) { |
|
51 |
+ |
|
52 |
+ validObj := func() *api.User { |
|
53 |
+ return &api.User{ |
|
54 |
+ ObjectMeta: kapi.ObjectMeta{ |
|
55 |
+ Name: "myname", |
|
56 |
+ ResourceVersion: "1", |
|
57 |
+ }, |
|
58 |
+ Identities: []string{"myprovider:mylogin"}, |
|
59 |
+ Groups: []string{"mygroup"}, |
|
60 |
+ } |
|
61 |
+ } |
|
62 |
+ |
|
63 |
+ oldObj := validObj() |
|
64 |
+ |
|
65 |
+ if errs := ValidateUserUpdate(validObj(), oldObj); len(errs) > 0 { |
|
66 |
+ t.Errorf("Expected no errors, got %v", errs) |
|
67 |
+ } |
|
68 |
+ |
|
69 |
+ emptyIdentity := validObj() |
|
70 |
+ emptyIdentity.Identities = []string{""} |
|
71 |
+ if errs := ValidateUserUpdate(emptyIdentity, oldObj); len(errs) == 0 { |
|
72 |
+ t.Errorf("Expected error, got none") |
|
73 |
+ } |
|
74 |
+ |
|
75 |
+ invalidIdentity := validObj() |
|
76 |
+ invalidIdentity.Identities = []string{"foo"} |
|
77 |
+ if errs := ValidateUserUpdate(invalidIdentity, oldObj); len(errs) == 0 { |
|
78 |
+ t.Errorf("Expected error, got none") |
|
79 |
+ } |
|
80 |
+ |
|
81 |
+ emptyGroup := validObj() |
|
82 |
+ emptyGroup.Groups = []string{""} |
|
83 |
+ if errs := ValidateUserUpdate(emptyGroup, oldObj); len(errs) == 0 { |
|
84 |
+ t.Errorf("Expected error, got none") |
|
85 |
+ } |
|
86 |
+ |
|
87 |
+ invalidGroup := validObj() |
|
88 |
+ invalidGroup.Groups = []string{"bad:group:name"} |
|
89 |
+ if errs := ValidateUserUpdate(invalidGroup, oldObj); len(errs) == 0 { |
|
90 |
+ t.Errorf("Expected error, got none") |
|
91 |
+ } |
|
92 |
+ |
|
93 |
+} |
|
94 |
+ |
|
95 |
+func TestValidateIdentity(t *testing.T) { |
|
96 |
+ validObj := func() *api.Identity { |
|
97 |
+ return &api.Identity{ |
|
98 |
+ ObjectMeta: kapi.ObjectMeta{ |
|
99 |
+ Name: "myprovider:myproviderusername", |
|
100 |
+ }, |
|
101 |
+ ProviderName: "myprovider", |
|
102 |
+ ProviderUserName: "myproviderusername", |
|
103 |
+ User: kapi.ObjectReference{Name: "myuser", UID: "myuseruid"}, |
|
104 |
+ } |
|
105 |
+ } |
|
106 |
+ |
|
107 |
+ if errs := ValidateIdentity(validObj()); len(errs) > 0 { |
|
108 |
+ t.Errorf("Expected no errors, got %v", errs) |
|
109 |
+ } |
|
110 |
+ |
|
111 |
+ noUserUID := validObj() |
|
112 |
+ noUserUID.User.UID = "" |
|
113 |
+ if errs := ValidateIdentity(noUserUID); len(errs) == 0 { |
|
114 |
+ t.Errorf("Expected error, got none") |
|
115 |
+ } |
|
116 |
+ |
|
117 |
+ emptyProvider := validObj() |
|
118 |
+ emptyProvider.ProviderName = "" |
|
119 |
+ if errs := ValidateIdentity(emptyProvider); len(errs) == 0 { |
|
120 |
+ t.Errorf("Expected error, got none") |
|
121 |
+ } |
|
122 |
+ |
|
123 |
+ invalidProvider := validObj() |
|
124 |
+ invalidProvider.ProviderName = "foo:bar" |
|
125 |
+ if errs := ValidateIdentity(invalidProvider); len(errs) == 0 { |
|
126 |
+ t.Errorf("Expected error, got none") |
|
127 |
+ } |
|
128 |
+ |
|
129 |
+ emptyProviderUserName := validObj() |
|
130 |
+ emptyProviderUserName.ProviderUserName = "" |
|
131 |
+ if errs := ValidateIdentity(emptyProviderUserName); len(errs) == 0 { |
|
132 |
+ t.Errorf("Expected error, got none") |
|
133 |
+ } |
|
134 |
+ |
|
135 |
+ invalidProviderUserName := validObj() |
|
136 |
+ invalidProviderUserName.ProviderUserName = "user:name" |
|
137 |
+ if errs := ValidateIdentity(invalidProviderUserName); len(errs) == 0 { |
|
138 |
+ t.Errorf("Expected error, got none") |
|
139 |
+ } |
|
140 |
+ |
|
141 |
+ mismatchName := validObj() |
|
142 |
+ mismatchName.ProviderUserName = "myproviderusername2" |
|
143 |
+ if errs := ValidateIdentity(mismatchName); len(errs) == 0 { |
|
144 |
+ t.Errorf("Expected error, got none") |
|
145 |
+ } |
|
146 |
+} |
|
147 |
+ |
|
148 |
+func TestValidateIdentityUpdate(t *testing.T) { |
|
149 |
+ validObj := func() *api.Identity { |
|
150 |
+ return &api.Identity{ |
|
151 |
+ ObjectMeta: kapi.ObjectMeta{ |
|
152 |
+ Name: "myprovider:myproviderusername", |
|
153 |
+ ResourceVersion: "1", |
|
154 |
+ }, |
|
155 |
+ ProviderName: "myprovider", |
|
156 |
+ ProviderUserName: "myproviderusername", |
|
157 |
+ User: kapi.ObjectReference{Name: "myuser", UID: "myuseruid"}, |
|
158 |
+ } |
|
159 |
+ } |
|
160 |
+ |
|
161 |
+ oldObj := validObj() |
|
162 |
+ |
|
163 |
+ if errs := ValidateIdentityUpdate(validObj(), oldObj); len(errs) > 0 { |
|
164 |
+ t.Errorf("Expected no errors, got %v", errs) |
|
165 |
+ } |
|
166 |
+ |
|
167 |
+ noUserUID := validObj() |
|
168 |
+ noUserUID.User.UID = "" |
|
169 |
+ if errs := ValidateIdentityUpdate(noUserUID, oldObj); len(errs) == 0 { |
|
170 |
+ t.Errorf("Expected error, got none") |
|
171 |
+ } |
|
172 |
+ |
|
173 |
+ emptyProvider := validObj() |
|
174 |
+ emptyProvider.ProviderName = "" |
|
175 |
+ if errs := ValidateIdentityUpdate(emptyProvider, oldObj); len(errs) == 0 { |
|
176 |
+ t.Errorf("Expected error, got none") |
|
177 |
+ } |
|
178 |
+ |
|
179 |
+ invalidProvider := validObj() |
|
180 |
+ invalidProvider.ProviderName = "foo:bar" |
|
181 |
+ if errs := ValidateIdentityUpdate(invalidProvider, oldObj); len(errs) == 0 { |
|
182 |
+ t.Errorf("Expected error, got none") |
|
183 |
+ } |
|
184 |
+ |
|
185 |
+ emptyProviderUserName := validObj() |
|
186 |
+ emptyProviderUserName.ProviderUserName = "" |
|
187 |
+ if errs := ValidateIdentityUpdate(emptyProviderUserName, oldObj); len(errs) == 0 { |
|
188 |
+ t.Errorf("Expected error, got none") |
|
189 |
+ } |
|
190 |
+ |
|
191 |
+ invalidProviderUserName := validObj() |
|
192 |
+ invalidProviderUserName.ProviderUserName = "user:name" |
|
193 |
+ if errs := ValidateIdentityUpdate(invalidProviderUserName, oldObj); len(errs) == 0 { |
|
194 |
+ t.Errorf("Expected error, got none") |
|
195 |
+ } |
|
196 |
+ |
|
197 |
+ mismatchName := validObj() |
|
198 |
+ mismatchName.ProviderUserName = "myproviderusername2" |
|
199 |
+ if errs := ValidateIdentityUpdate(mismatchName, oldObj); len(errs) == 0 { |
|
200 |
+ t.Errorf("Expected error, got none") |
|
201 |
+ } |
|
202 |
+} |
|
203 |
+ |
|
204 |
+func TestValidateUserIdentityMapping(t *testing.T) { |
|
205 |
+ validObj := func() *api.UserIdentityMapping { |
|
206 |
+ return &api.UserIdentityMapping{ |
|
207 |
+ ObjectMeta: kapi.ObjectMeta{ |
|
208 |
+ Name: "myprovider:myproviderusername", |
|
209 |
+ }, |
|
210 |
+ Identity: kapi.ObjectReference{Name: "myprovider:myproviderusername"}, |
|
211 |
+ User: kapi.ObjectReference{Name: "myuser"}, |
|
212 |
+ } |
|
213 |
+ } |
|
214 |
+ |
|
215 |
+ if errs := ValidateUserIdentityMapping(validObj()); len(errs) > 0 { |
|
216 |
+ t.Errorf("Expected no errors, got %v", errs) |
|
217 |
+ } |
|
218 |
+ |
|
219 |
+ mismatchName := validObj() |
|
220 |
+ mismatchName.Identity.Name = "myprovider:myproviderusername2" |
|
221 |
+ if errs := ValidateUserIdentityMapping(mismatchName); len(errs) == 0 { |
|
222 |
+ t.Errorf("Expected error, got none") |
|
223 |
+ } |
|
224 |
+ |
|
225 |
+ emptyIdentityName := validObj() |
|
226 |
+ emptyIdentityName.Identity.Name = "" |
|
227 |
+ if errs := ValidateUserIdentityMapping(emptyIdentityName); len(errs) == 0 { |
|
228 |
+ t.Errorf("Expected error, got none") |
|
229 |
+ } |
|
230 |
+ |
|
231 |
+ emptyUserName := validObj() |
|
232 |
+ emptyUserName.Identity.Name = "" |
|
233 |
+ if errs := ValidateUserIdentityMapping(emptyUserName); len(errs) == 0 { |
|
234 |
+ t.Errorf("Expected error, got none") |
|
235 |
+ } |
|
236 |
+} |
|
237 |
+ |
|
238 |
+func TestValidateUserIdentityMappingUpdate(t *testing.T) { |
|
239 |
+ validObj := func() *api.UserIdentityMapping { |
|
240 |
+ return &api.UserIdentityMapping{ |
|
241 |
+ ObjectMeta: kapi.ObjectMeta{ |
|
242 |
+ Name: "myprovider:myproviderusername", |
|
243 |
+ ResourceVersion: "1", |
|
244 |
+ }, |
|
245 |
+ Identity: kapi.ObjectReference{Name: "myprovider:myproviderusername"}, |
|
246 |
+ User: kapi.ObjectReference{Name: "myuser"}, |
|
247 |
+ } |
|
248 |
+ } |
|
249 |
+ |
|
250 |
+ oldObj := validObj() |
|
251 |
+ |
|
252 |
+ if errs := ValidateUserIdentityMappingUpdate(validObj(), oldObj); len(errs) > 0 { |
|
253 |
+ t.Errorf("Expected no errors, got %v", errs) |
|
254 |
+ } |
|
255 |
+ |
|
256 |
+ mismatchName := validObj() |
|
257 |
+ mismatchName.Identity.Name = "myprovider:myproviderusername2" |
|
258 |
+ if errs := ValidateUserIdentityMappingUpdate(mismatchName, oldObj); len(errs) == 0 { |
|
259 |
+ t.Errorf("Expected error, got none") |
|
260 |
+ } |
|
261 |
+ |
|
262 |
+ emptyIdentityName := validObj() |
|
263 |
+ emptyIdentityName.Identity.Name = "" |
|
264 |
+ if errs := ValidateUserIdentityMappingUpdate(emptyIdentityName, oldObj); len(errs) == 0 { |
|
265 |
+ t.Errorf("Expected error, got none") |
|
266 |
+ } |
|
267 |
+ |
|
268 |
+ emptyUserName := validObj() |
|
269 |
+ emptyUserName.Identity.Name = "" |
|
270 |
+ if errs := ValidateUserIdentityMappingUpdate(emptyUserName, oldObj); len(errs) == 0 { |
|
271 |
+ t.Errorf("Expected error, got none") |
|
272 |
+ } |
|
273 |
+} |