Browse code
Fix validation messages for PodSecurityPolicy*Review objects
Maciej Szulik authored on 2016/10/10 20:24:09Showing 4 changed files
- pkg/security/api/validation/validation.go
- pkg/security/api/validation/validation_test.go
- pkg/security/registry/podsecuritypolicyreview/rest_test.go
- pkg/security/registry/podsecuritypolicysubjectreview/rest_test.go
| ... | ... |
@@ -18,7 +18,7 @@ func ValidatePodSecurityPolicySubjectReview(podSecurityPolicySubjectReview *secu |
| 18 | 18 |
|
| 19 | 19 |
func validatePodSecurityPolicySubjectReviewSpec(podSecurityPolicySubjectReviewSpec *securityapi.PodSecurityPolicySubjectReviewSpec, fldPath *field.Path) field.ErrorList {
|
| 20 | 20 |
allErrs := field.ErrorList{}
|
| 21 |
- allErrs = append(allErrs, kapivalidation.ValidatePodSpec(&podSecurityPolicySubjectReviewSpec.Template.Spec, fldPath.Child("podSpec"))...)
|
|
| 21 |
+ allErrs = append(allErrs, kapivalidation.ValidatePodSpec(&podSecurityPolicySubjectReviewSpec.Template.Spec, fldPath.Child("template", "spec"))...)
|
|
| 22 | 22 |
return allErrs |
| 23 | 23 |
} |
| 24 | 24 |
|
| ... | ... |
@@ -31,7 +31,7 @@ func ValidatePodSecurityPolicySelfSubjectReview(podSecurityPolicySelfSubjectRevi |
| 31 | 31 |
|
| 32 | 32 |
func validatePodSecurityPolicySelfSubjectReviewSpec(podSecurityPolicySelfSubjectReviewSpec *securityapi.PodSecurityPolicySelfSubjectReviewSpec, fldPath *field.Path) field.ErrorList {
|
| 33 | 33 |
allErrs := field.ErrorList{}
|
| 34 |
- allErrs = append(allErrs, kapivalidation.ValidatePodSpec(&podSecurityPolicySelfSubjectReviewSpec.Template.Spec, fldPath.Child("podSpec"))...)
|
|
| 34 |
+ allErrs = append(allErrs, kapivalidation.ValidatePodSpec(&podSecurityPolicySelfSubjectReviewSpec.Template.Spec, fldPath.Child("template", "spec"))...)
|
|
| 35 | 35 |
return allErrs |
| 36 | 36 |
} |
| 37 | 37 |
|
| ... | ... |
@@ -44,7 +44,7 @@ func ValidatePodSecurityPolicyReview(podSecurityPolicyReview *securityapi.PodSec |
| 44 | 44 |
|
| 45 | 45 |
func validatePodSecurityPolicyReviewSpec(podSecurityPolicyReviewSpec *securityapi.PodSecurityPolicyReviewSpec, fldPath *field.Path) field.ErrorList {
|
| 46 | 46 |
allErrs := field.ErrorList{}
|
| 47 |
- allErrs = append(allErrs, kapivalidation.ValidatePodSpec(&podSecurityPolicyReviewSpec.Template.Spec, fldPath.Child("podSpec"))...)
|
|
| 47 |
+ allErrs = append(allErrs, kapivalidation.ValidatePodSpec(&podSecurityPolicyReviewSpec.Template.Spec, fldPath.Child("template", "spec"))...)
|
|
| 48 | 48 |
allErrs = append(allErrs, validateServiceAccountNames(podSecurityPolicyReviewSpec.ServiceAccountNames, fldPath.Child("serviceAccountNames"))...)
|
| 49 | 49 |
return allErrs |
| 50 | 50 |
} |
| ... | ... |
@@ -52,7 +52,7 @@ func TestValidatePodSecurityPolicySelfSubjectReview(t *testing.T) {
|
| 52 | 52 |
} |
| 53 | 53 |
|
| 54 | 54 |
koCases := map[string]securityapi.PodSecurityPolicySelfSubjectReview{
|
| 55 |
- "[spec.podSpec.containers[0].name: Required value, spec.podSpec.containers[0].image: Required value, spec.podSpec.containers[0].imagePullPolicy: Required value]": {
|
|
| 55 |
+ "[spec.template.spec.containers[0].name: Required value, spec.template.spec.containers[0].image: Required value, spec.template.spec.containers[0].imagePullPolicy: Required value]": {
|
|
| 56 | 56 |
Spec: securityapi.PodSecurityPolicySelfSubjectReviewSpec{
|
| 57 | 57 |
Template: kapi.PodTemplateSpec{
|
| 58 | 58 |
Spec: invalidPodSpec(), |
| ... | ... |
@@ -90,7 +90,7 @@ func TestValidatePodSecurityPolicySubjectReview(t *testing.T) {
|
| 90 | 90 |
} |
| 91 | 91 |
|
| 92 | 92 |
koCases := map[string]securityapi.PodSecurityPolicySubjectReview{
|
| 93 |
- "[spec.podSpec.containers[0].name: Required value, spec.podSpec.containers[0].image: Required value, spec.podSpec.containers[0].imagePullPolicy: Required value]": {
|
|
| 93 |
+ "[spec.template.spec.containers[0].name: Required value, spec.template.spec.containers[0].image: Required value, spec.template.spec.containers[0].imagePullPolicy: Required value]": {
|
|
| 94 | 94 |
Spec: securityapi.PodSecurityPolicySubjectReviewSpec{
|
| 95 | 95 |
Template: kapi.PodTemplateSpec{
|
| 96 | 96 |
Spec: invalidPodSpec(), |
| ... | ... |
@@ -136,7 +136,7 @@ func TestValidatePodSecurityPolicyReview(t *testing.T) {
|
| 136 | 136 |
} |
| 137 | 137 |
|
| 138 | 138 |
koCases := map[string]securityapi.PodSecurityPolicyReview{
|
| 139 |
- "[spec.podSpec.containers[0].name: Required value, spec.podSpec.containers[0].image: Required value, spec.podSpec.containers[0].imagePullPolicy: Required value]": {
|
|
| 139 |
+ "[spec.template.spec.containers[0].name: Required value, spec.template.spec.containers[0].image: Required value, spec.template.spec.containers[0].imagePullPolicy: Required value]": {
|
|
| 140 | 140 |
Spec: securityapi.PodSecurityPolicyReviewSpec{
|
| 141 | 141 |
Template: kapi.PodTemplateSpec{
|
| 142 | 142 |
Spec: invalidPodSpec(), |
| ... | ... |
@@ -178,7 +178,7 @@ func TestErrors(t *testing.T) {
|
| 178 | 178 |
}, |
| 179 | 179 |
}, |
| 180 | 180 |
serviceAccount: admissionttesting.CreateSAForTest(), |
| 181 |
- errorMessage: `PodSecurityPolicyReview "" is invalid: spec.podSpec.serviceAccountName: Invalid value: "A.B.C.D.E": must match the regex [a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)* (e.g. 'example.com')`, |
|
| 181 |
+ errorMessage: `PodSecurityPolicyReview "" is invalid: spec.template.spec.serviceAccountName: Invalid value: "A.B.C.D.E": must match the regex [a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)* (e.g. 'example.com')`, |
|
| 182 | 182 |
}, |
| 183 | 183 |
"no SA": {
|
| 184 | 184 |
request: &securityapi.PodSecurityPolicyReview{
|
| ... | ... |
@@ -170,7 +170,7 @@ func TestRequests(t *testing.T) {
|
| 170 | 170 |
Groups: []string{"bar", "baz"},
|
| 171 | 171 |
}, |
| 172 | 172 |
}, |
| 173 |
- errorMessage: `PodSecurityPolicySubjectReview "" is invalid: spec.podSpec.serviceAccountName: Invalid value: "A.B.C.D": must match the regex [a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)* (e.g. 'example.com')`, |
|
| 173 |
+ errorMessage: `PodSecurityPolicySubjectReview "" is invalid: spec.template.spec.serviceAccountName: Invalid value: "A.B.C.D": must match the regex [a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)* (e.g. 'example.com')`, |
|
| 174 | 174 |
}, |
| 175 | 175 |
"no provider": {
|
| 176 | 176 |
request: &securityapi.PodSecurityPolicySubjectReview{
|