1. origin
  2. Commit 2ee809f6b0e935a604bc043e5f6fe55ce2c5f08b
Browse code

Validate user and identity objects on update

Jordan Liggitt authored on 2015/05/15 16:52:29
Showing 2 changed files
pkg/user/api/validation/validation.go
History View file @ 2ee809f
... ... 
@@ -107,6 +107,10 @@ func ValidateUser(user *api.User) fielderrors.ValidationErrorList {
107 107 
 	}
108 108
109 109 
 	for index, group := range user.Groups {
110 
+		if len(group) == 0 {
111 
+			allErrs = append(allErrs, fielderrors.NewFieldInvalid(fmt.Sprintf("groups[%d]", index), group, "may not be empty"))
112 
+			continue
113 
+		}
110 114 
 		if ok, msg := ValidateGroupName(group, false); !ok {
111 115 
 			allErrs = append(allErrs, fielderrors.NewFieldInvalid(fmt.Sprintf("groups[%d]", index), group, msg))
112 116 
 		}
... ... 
@@ -118,6 +122,7 @@ func ValidateUser(user *api.User) fielderrors.ValidationErrorList {
118 118 
 func ValidateUserUpdate(user *api.User, old *api.User) fielderrors.ValidationErrorList {
119 119 
 	allErrs := fielderrors.ValidationErrorList{}
120 120 
 	allErrs = append(allErrs, kvalidation.ValidateObjectMetaUpdate(&old.ObjectMeta, &user.ObjectMeta).Prefix("metadata")...)
121 
+	allErrs = append(allErrs, ValidateUser(user)...)
121 122 
 	return allErrs
122 123 
 }
123 124
... ... 
@@ -160,6 +165,7 @@ func ValidateIdentityUpdate(identity *api.Identity, old *api.Identity) fielderro
160 160 
 	allErrs := fielderrors.ValidationErrorList{}
161 161
162 162 
 	allErrs = append(allErrs, kvalidation.ValidateObjectMetaUpdate(&old.ObjectMeta, &identity.ObjectMeta).Prefix("metadata")...)
163 
+	allErrs = append(allErrs, ValidateIdentity(identity)...)
163 164
164 165 
 	if identity.ProviderName != old.ProviderName {
165 166 
 		allErrs = append(allErrs, fielderrors.NewFieldInvalid("providerName", identity.ProviderName, "may not change providerName"))
... ... 
@@ -188,7 +194,7 @@ func ValidateUserIdentityMapping(mapping *api.UserIdentityMapping) fielderrors.V
188 188
189 189 
 func ValidateUserIdentityMappingUpdate(mapping *api.UserIdentityMapping, old *api.UserIdentityMapping) fielderrors.ValidationErrorList {
190 190 
 	allErrs := fielderrors.ValidationErrorList{}
191 
-	allErrs = append(allErrs, ValidateUserIdentityMapping(mapping)...)
192 191 
 	allErrs = append(allErrs, kvalidation.ValidateObjectMetaUpdate(&old.ObjectMeta, &mapping.ObjectMeta).Prefix("metadata")...)
192 
+	allErrs = append(allErrs, ValidateUserIdentityMapping(mapping)...)
193 193 
 	return allErrs
194 194 
 }
pkg/user/api/validation/validation_test.go
History View file @ 2ee809f
... ... 
@@ -1,13 +1,273 @@
1 1 
 package validation
2 2
3 
-import "testing"
3 
+import (
4 
+	"testing"
4 5
5 
-func TestValidateUser(t *testing.T) {}
6 
+	kapi "github.com/GoogleCloudPlatform/kubernetes/pkg/api"
7 
+	"github.com/openshift/origin/pkg/user/api"
8 
+)
6 9
7 
-func TestValidateUserUpdate(t *testing.T) {}
10 
+func TestValidateUser(t *testing.T) {
11 
+	validObj := func() *api.User {
12 
+		return &api.User{
13 
+			ObjectMeta: kapi.ObjectMeta{
14 
+				Name: "myname",
15 
+			},
16 
+			Identities: []string{"myprovider:mylogin"},
17 
+			Groups:     []string{"mygroup"},
18 
+		}
19 
+	}
8 20
9 
-func TestValidateIdentity(t *testing.T) {}
21 
+	if errs := ValidateUser(validObj()); len(errs) > 0 {
22 
+		t.Errorf("Expected no errors, got %v", errs)
23 
+	}
10 24
11 
-func TestValidateIdentityUpdate(t *testing.T) {}
25 
+	emptyIdentity := validObj()
26 
+	emptyIdentity.Identities = []string{""}
27 
+	if errs := ValidateUser(emptyIdentity); len(errs) == 0 {
28 
+		t.Errorf("Expected error, got none")
29 
+	}
12 30
13 
-func TestValidateUserIdentityMapping(t *testing.T) {}
31 
+	invalidIdentity := validObj()
32 
+	invalidIdentity.Identities = []string{"foo"}
33 
+	if errs := ValidateUser(invalidIdentity); len(errs) == 0 {
34 
+		t.Errorf("Expected error, got none")
35 
+	}
36 
+
37 
+	emptyGroup := validObj()
38 
+	emptyGroup.Groups = []string{""}
39 
+	if errs := ValidateUser(emptyGroup); len(errs) == 0 {
40 
+		t.Errorf("Expected error, got none")
41 
+	}
42 
+
43 
+	invalidGroup := validObj()
44 
+	invalidGroup.Groups = []string{"bad:group:name"}
45 
+	if errs := ValidateUser(invalidGroup); len(errs) == 0 {
46 
+		t.Errorf("Expected error, got none")
47 
+	}
48 
+}
49 
+
50 
+func TestValidateUserUpdate(t *testing.T) {
51 
+
52 
+	validObj := func() *api.User {
53 
+		return &api.User{
54 
+			ObjectMeta: kapi.ObjectMeta{
55 
+				Name:            "myname",
56 
+				ResourceVersion: "1",
57 
+			},
58 
+			Identities: []string{"myprovider:mylogin"},
59 
+			Groups:     []string{"mygroup"},
60 
+		}
61 
+	}
62 
+
63 
+	oldObj := validObj()
64 
+
65 
+	if errs := ValidateUserUpdate(validObj(), oldObj); len(errs) > 0 {
66 
+		t.Errorf("Expected no errors, got %v", errs)
67 
+	}
68 
+
69 
+	emptyIdentity := validObj()
70 
+	emptyIdentity.Identities = []string{""}
71 
+	if errs := ValidateUserUpdate(emptyIdentity, oldObj); len(errs) == 0 {
72 
+		t.Errorf("Expected error, got none")
73 
+	}
74 
+
75 
+	invalidIdentity := validObj()
76 
+	invalidIdentity.Identities = []string{"foo"}
77 
+	if errs := ValidateUserUpdate(invalidIdentity, oldObj); len(errs) == 0 {
78 
+		t.Errorf("Expected error, got none")
79 
+	}
80 
+
81 
+	emptyGroup := validObj()
82 
+	emptyGroup.Groups = []string{""}
83 
+	if errs := ValidateUserUpdate(emptyGroup, oldObj); len(errs) == 0 {
84 
+		t.Errorf("Expected error, got none")
85 
+	}
86 
+
87 
+	invalidGroup := validObj()
88 
+	invalidGroup.Groups = []string{"bad:group:name"}
89 
+	if errs := ValidateUserUpdate(invalidGroup, oldObj); len(errs) == 0 {
90 
+		t.Errorf("Expected error, got none")
91 
+	}
92 
+
93 
+}
94 
+
95 
+func TestValidateIdentity(t *testing.T) {
96 
+	validObj := func() *api.Identity {
97 
+		return &api.Identity{
98 
+			ObjectMeta: kapi.ObjectMeta{
99 
+				Name: "myprovider:myproviderusername",
100 
+			},
101 
+			ProviderName:     "myprovider",
102 
+			ProviderUserName: "myproviderusername",
103 
+			User:             kapi.ObjectReference{Name: "myuser", UID: "myuseruid"},
104 
+		}
105 
+	}
106 
+
107 
+	if errs := ValidateIdentity(validObj()); len(errs) > 0 {
108 
+		t.Errorf("Expected no errors, got %v", errs)
109 
+	}
110 
+
111 
+	noUserUID := validObj()
112 
+	noUserUID.User.UID = ""
113 
+	if errs := ValidateIdentity(noUserUID); len(errs) == 0 {
114 
+		t.Errorf("Expected error, got none")
115 
+	}
116 
+
117 
+	emptyProvider := validObj()
118 
+	emptyProvider.ProviderName = ""
119 
+	if errs := ValidateIdentity(emptyProvider); len(errs) == 0 {
120 
+		t.Errorf("Expected error, got none")
121 
+	}
122 
+
123 
+	invalidProvider := validObj()
124 
+	invalidProvider.ProviderName = "foo:bar"
125 
+	if errs := ValidateIdentity(invalidProvider); len(errs) == 0 {
126 
+		t.Errorf("Expected error, got none")
127 
+	}
128 
+
129 
+	emptyProviderUserName := validObj()
130 
+	emptyProviderUserName.ProviderUserName = ""
131 
+	if errs := ValidateIdentity(emptyProviderUserName); len(errs) == 0 {
132 
+		t.Errorf("Expected error, got none")
133 
+	}
134 
+
135 
+	invalidProviderUserName := validObj()
136 
+	invalidProviderUserName.ProviderUserName = "user:name"
137 
+	if errs := ValidateIdentity(invalidProviderUserName); len(errs) == 0 {
138 
+		t.Errorf("Expected error, got none")
139 
+	}
140 
+
141 
+	mismatchName := validObj()
142 
+	mismatchName.ProviderUserName = "myproviderusername2"
143 
+	if errs := ValidateIdentity(mismatchName); len(errs) == 0 {
144 
+		t.Errorf("Expected error, got none")
145 
+	}
146 
+}
147 
+
148 
+func TestValidateIdentityUpdate(t *testing.T) {
149 
+	validObj := func() *api.Identity {
150 
+		return &api.Identity{
151 
+			ObjectMeta: kapi.ObjectMeta{
152 
+				Name:            "myprovider:myproviderusername",
153 
+				ResourceVersion: "1",
154 
+			},
155 
+			ProviderName:     "myprovider",
156 
+			ProviderUserName: "myproviderusername",
157 
+			User:             kapi.ObjectReference{Name: "myuser", UID: "myuseruid"},
158 
+		}
159 
+	}
160 
+
161 
+	oldObj := validObj()
162 
+
163 
+	if errs := ValidateIdentityUpdate(validObj(), oldObj); len(errs) > 0 {
164 
+		t.Errorf("Expected no errors, got %v", errs)
165 
+	}
166 
+
167 
+	noUserUID := validObj()
168 
+	noUserUID.User.UID = ""
169 
+	if errs := ValidateIdentityUpdate(noUserUID, oldObj); len(errs) == 0 {
170 
+		t.Errorf("Expected error, got none")
171 
+	}
172 
+
173 
+	emptyProvider := validObj()
174 
+	emptyProvider.ProviderName = ""
175 
+	if errs := ValidateIdentityUpdate(emptyProvider, oldObj); len(errs) == 0 {
176 
+		t.Errorf("Expected error, got none")
177 
+	}
178 
+
179 
+	invalidProvider := validObj()
180 
+	invalidProvider.ProviderName = "foo:bar"
181 
+	if errs := ValidateIdentityUpdate(invalidProvider, oldObj); len(errs) == 0 {
182 
+		t.Errorf("Expected error, got none")
183 
+	}
184 
+
185 
+	emptyProviderUserName := validObj()
186 
+	emptyProviderUserName.ProviderUserName = ""
187 
+	if errs := ValidateIdentityUpdate(emptyProviderUserName, oldObj); len(errs) == 0 {
188 
+		t.Errorf("Expected error, got none")
189 
+	}
190 
+
191 
+	invalidProviderUserName := validObj()
192 
+	invalidProviderUserName.ProviderUserName = "user:name"
193 
+	if errs := ValidateIdentityUpdate(invalidProviderUserName, oldObj); len(errs) == 0 {
194 
+		t.Errorf("Expected error, got none")
195 
+	}
196 
+
197 
+	mismatchName := validObj()
198 
+	mismatchName.ProviderUserName = "myproviderusername2"
199 
+	if errs := ValidateIdentityUpdate(mismatchName, oldObj); len(errs) == 0 {
200 
+		t.Errorf("Expected error, got none")
201 
+	}
202 
+}
203 
+
204 
+func TestValidateUserIdentityMapping(t *testing.T) {
205 
+	validObj := func() *api.UserIdentityMapping {
206 
+		return &api.UserIdentityMapping{
207 
+			ObjectMeta: kapi.ObjectMeta{
208 
+				Name: "myprovider:myproviderusername",
209 
+			},
210 
+			Identity: kapi.ObjectReference{Name: "myprovider:myproviderusername"},
211 
+			User:     kapi.ObjectReference{Name: "myuser"},
212 
+		}
213 
+	}
214 
+
215 
+	if errs := ValidateUserIdentityMapping(validObj()); len(errs) > 0 {
216 
+		t.Errorf("Expected no errors, got %v", errs)
217 
+	}
218 
+
219 
+	mismatchName := validObj()
220 
+	mismatchName.Identity.Name = "myprovider:myproviderusername2"
221 
+	if errs := ValidateUserIdentityMapping(mismatchName); len(errs) == 0 {
222 
+		t.Errorf("Expected error, got none")
223 
+	}
224 
+
225 
+	emptyIdentityName := validObj()
226 
+	emptyIdentityName.Identity.Name = ""
227 
+	if errs := ValidateUserIdentityMapping(emptyIdentityName); len(errs) == 0 {
228 
+		t.Errorf("Expected error, got none")
229 
+	}
230 
+
231 
+	emptyUserName := validObj()
232 
+	emptyUserName.Identity.Name = ""
233 
+	if errs := ValidateUserIdentityMapping(emptyUserName); len(errs) == 0 {
234 
+		t.Errorf("Expected error, got none")
235 
+	}
236 
+}
237 
+
238 
+func TestValidateUserIdentityMappingUpdate(t *testing.T) {
239 
+	validObj := func() *api.UserIdentityMapping {
240 
+		return &api.UserIdentityMapping{
241 
+			ObjectMeta: kapi.ObjectMeta{
242 
+				Name:            "myprovider:myproviderusername",
243 
+				ResourceVersion: "1",
244 
+			},
245 
+			Identity: kapi.ObjectReference{Name: "myprovider:myproviderusername"},
246 
+			User:     kapi.ObjectReference{Name: "myuser"},
247 
+		}
248 
+	}
249 
+
250 
+	oldObj := validObj()
251 
+
252 
+	if errs := ValidateUserIdentityMappingUpdate(validObj(), oldObj); len(errs) > 0 {
253 
+		t.Errorf("Expected no errors, got %v", errs)
254 
+	}
255 
+
256 
+	mismatchName := validObj()
257 
+	mismatchName.Identity.Name = "myprovider:myproviderusername2"
258 
+	if errs := ValidateUserIdentityMappingUpdate(mismatchName, oldObj); len(errs) == 0 {
259 
+		t.Errorf("Expected error, got none")
260 
+	}
261 
+
262 
+	emptyIdentityName := validObj()
263 
+	emptyIdentityName.Identity.Name = ""
264 
+	if errs := ValidateUserIdentityMappingUpdate(emptyIdentityName, oldObj); len(errs) == 0 {
265 
+		t.Errorf("Expected error, got none")
266 
+	}
267 
+
268 
+	emptyUserName := validObj()
269 
+	emptyUserName.Identity.Name = ""
270 
+	if errs := ValidateUserIdentityMappingUpdate(emptyUserName, oldObj); len(errs) == 0 {
271 
+		t.Errorf("Expected error, got none")
272 
+	}
273 
+}