Browse code
add validation
Michal Fojtik authored on 2016/09/30 19:32:08Showing 3 changed files
- pkg/api/validation/register.go
- pkg/authorization/api/v1/types.go
- pkg/authorization/api/validation/validation.go
| ... | ... |
@@ -42,6 +42,7 @@ func init() {
|
| 42 | 42 |
func registerAll() {
|
| 43 | 43 |
Validator.MustRegister(&authorizationapi.SelfSubjectRulesReview{}, authorizationvalidation.ValidateSelfSubjectRulesReview, nil)
|
| 44 | 44 |
Validator.MustRegister(&authorizationapi.SubjectAccessReview{}, authorizationvalidation.ValidateSubjectAccessReview, nil)
|
| 45 |
+ Validator.MustRegister(&authorizationapi.SubjectRulesReview{}, authorizationvalidation.ValidateSubjectRulesReview, nil)
|
|
| 45 | 46 |
Validator.MustRegister(&authorizationapi.ResourceAccessReview{}, authorizationvalidation.ValidateResourceAccessReview, nil)
|
| 46 | 47 |
Validator.MustRegister(&authorizationapi.LocalSubjectAccessReview{}, authorizationvalidation.ValidateLocalSubjectAccessReview, nil)
|
| 47 | 48 |
Validator.MustRegister(&authorizationapi.LocalResourceAccessReview{}, authorizationvalidation.ValidateLocalResourceAccessReview, nil)
|
| ... | ... |
@@ -171,7 +171,7 @@ type SubjectRulesReviewSpec struct {
|
| 171 | 171 |
// Groups is optional. Groups is the list of groups to which the User belongs. At least one of User and Groups must be specified. |
| 172 | 172 |
Groups []string `json:"groups" protobuf:"bytes,2,rep,name=groups"` |
| 173 | 173 |
// Scopes to use for the evaluation. Empty means "use the unscoped (full) permissions of the user/groups". |
| 174 |
- Scopes OptionalScopes `json:"scopes" protobuf:"bytes,3,rep,name=scopes"` |
|
| 174 |
+ Scopes OptionalScopes `json:"scopes" protobuf:"bytes,3,opt,name=scopes"` |
|
| 175 | 175 |
} |
| 176 | 176 |
|
| 177 | 177 |
// SubjectRulesReviewStatus is contains the result of a rules check |
| ... | ... |
@@ -18,6 +18,16 @@ func ValidateSelfSubjectRulesReview(review *authorizationapi.SelfSubjectRulesRev |
| 18 | 18 |
return field.ErrorList{}
|
| 19 | 19 |
} |
| 20 | 20 |
|
| 21 |
+func ValidateSubjectRulesReview(rules *authorizationapi.SubjectRulesReview) field.ErrorList {
|
|
| 22 |
+ allErrs := field.ErrorList{}
|
|
| 23 |
+ |
|
| 24 |
+ if len(rules.Spec.Groups) == 0 && len(rules.Spec.User) == 0 {
|
|
| 25 |
+ allErrs = append(allErrs, field.Required(field.NewPath("user"), "at least one of user and groups must be specified"))
|
|
| 26 |
+ } |
|
| 27 |
+ |
|
| 28 |
+ return allErrs |
|
| 29 |
+} |
|
| 30 |
+ |
|
| 21 | 31 |
func ValidateSubjectAccessReview(review *authorizationapi.SubjectAccessReview) field.ErrorList {
|
| 22 | 32 |
allErrs := field.ErrorList{}
|
| 23 | 33 |
|