upstream/kubernetes
1
0
Fork 0
mirror of https://github.com/kubernetes/kubernetes.git synced 2026-04-23 07:10:53 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
kubernetes/pkg/api/validation/validation_test.go

8493 lines
237 KiB
Go
Raw Normal View History

First piece of validation I'm adding pieces incrementally to make sure we get full testing of each piece. Make syncLoop() private
2014-07-01 16:01:39 -04:00
/*
Remove "All rights reserved" from all the headers.
2016-06-02 20:25:58 -04:00
Copyright 2014 The Kubernetes Authors.
First piece of validation I'm adding pieces incrementally to make sure we get full testing of each piece. Make syncLoop() private
2014-07-01 16:01:39 -04:00
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
Split api into api, api/common, api/validation & apitools
2014-08-29 18:48:41 -04:00
package validation
First piece of validation I'm adding pieces incrementally to make sure we get full testing of each piece. Make syncLoop() private
2014-07-01 16:01:39 -04:00
import (
Updating namespaces to be DNS labels instead of DNS names.
2015-05-12 18:13:03 -04:00
"math/rand"
Add liveness/readiness probe parameters - PeriodSeconds - How often to probe - SuccessThreshold - Number of successful probes to go from failure to success state - FailureThreshold - Number of failing probes to go from success to failure state This commit includes to changes in behavior: 1. InitialDelaySeconds now defaults to 10 seconds, rather than the kubelet sync interval (although that also defaults to 10 seconds). 2. Prober only retries on probe error, not failure. To compensate, the default FailureThreshold is set to the maxRetries, 3.
2015-11-05 18:38:46 -05:00
"reflect"
First piece of validation I'm adding pieces incrementally to make sure we get full testing of each piece. Make syncLoop() private
2014-07-01 16:01:39 -04:00
"strings"
"testing"
Ignore changes to creation timestamp from clients on update CreationTimestamp is not an authoritative field (like UID) so mismatches can be safely ignored.
2015-03-09 12:04:35 -04:00
"time"
Add basic validation of Containers
2014-07-01 18:14:25 -04:00
rewrite go imports
2015-08-05 18:03:47 -04:00
"k8s.io/kubernetes/pkg/api"
"k8s.io/kubernetes/pkg/api/resource"
LB Source Ranges: Move validation into API layer Had to move other things around too to avoid a weird api -> cloudprovider dependency. Also adding fixes per code reviews. (This is a squash of the previously approved commits)
2016-02-29 20:56:39 -05:00
"k8s.io/kubernetes/pkg/api/service"
Move pkg/util.Time to pkg/api/unversioned.Time Along with our time.Duration wrapper, as suggested by @lavalamp.
2015-09-17 18:21:55 -04:00
"k8s.io/kubernetes/pkg/api/unversioned"
remove testapi.Default.GroupVersion
2016-10-04 17:20:07 -04:00
"k8s.io/kubernetes/pkg/apimachinery/registered"
rewrite go imports
2015-08-05 18:03:47 -04:00
"k8s.io/kubernetes/pkg/capabilities"
Validate AppArmor annotations in the API server
2016-08-16 19:41:05 -04:00
"k8s.io/kubernetes/pkg/security/apparmor"
Refactor IntOrString into a new pkg pkg/util/intstr is a cleaner encapsulation for this type and supporting functions. No behavioral change.
2015-11-10 01:28:45 -05:00
"k8s.io/kubernetes/pkg/util/intstr"
Move util.StringSet into its own package A lot of packages use StringSet, but they don't use anything else from the util package. Moving StringSet into another package will shrink their dependency trees significantly.
2015-09-09 13:45:01 -04:00
"k8s.io/kubernetes/pkg/util/sets"
Move FieldPath and errors to a sub-package This makes the naming and reading a lot simpler.
2015-11-06 18:30:52 -05:00
"k8s.io/kubernetes/pkg/util/validation/field"
First piece of validation I'm adding pieces incrementally to make sure we get full testing of each piece. Make syncLoop() private
2014-07-01 16:01:39 -04:00
)
Move FieldPath and errors to a sub-package This makes the naming and reading a lot simpler.
2015-11-06 18:30:52 -05:00
func expectPrefix(t *testing.T, prefix string, errs field.ErrorList) {
Convert field errors into a selector for the object Satisfies the "Field" condition for a Cause. Also addresses parts of #914.
2014-08-19 23:54:20 -04:00
for i := range errs {
Stronger typing for validation ErrorList
2015-11-03 19:08:20 -05:00
if f, p := errs[i].Field, prefix; !strings.HasPrefix(f, p) {
fix error message in validation test
2014-10-07 16:54:41 -04:00
t.Errorf("expected prefix '%s' for field '%s' (%v)", p, f, errs[i])
Convert field errors into a selector for the object Satisfies the "Field" condition for a Cause. Also addresses parts of #914.
2014-08-19 23:54:20 -04:00
}
}
}
Add name generation and normalize common create flows Adds `ObjectMeta.GenerateName`, an optional string field that defines name generation behavior if a Name is not provided. Adds `pkg/api/rest`, which defines the default Kubernetes API pattern for creation (and will cover update as well). Will allow registries and REST objects to be merged by moving logic on api out of those places. Add `pkg/api/rest/resttest`, which will be the test suite that verifies a RESTStorage object follows the Kubernetes API conventions and begin reducing our duplicated tests.
2015-01-27 18:56:38 -05:00
// Ensure custom name functions are allowed
func TestValidateObjectMetaCustomName(t *testing.T) {
Convert validation to use FieldPath Before this change we have a mish-mash of ways to pass field names around for error generation. Sometimes string fieldnames, sometimes .Prefix(), sometimes neither, often wrong names or not indexed when it should be. Instead of that mess, this is part one of a couple of commits that will make it more strongly typed and hopefully encourage correct behavior. At least you will have to think about field names, which is better than nothing. It turned out to be really hard to do this incrementally.
2015-11-04 16:52:14 -05:00
errs := ValidateObjectMeta(
&api.ObjectMeta{Name: "test", GenerateName: "foo"},
false,
Make name validators return string slices
2015-12-16 01:03:20 -05:00
func(s string, prefix bool) []string {
Convert validation to use FieldPath Before this change we have a mish-mash of ways to pass field names around for error generation. Sometimes string fieldnames, sometimes .Prefix(), sometimes neither, often wrong names or not indexed when it should be. Instead of that mess, this is part one of a couple of commits that will make it more strongly typed and hopefully encourage correct behavior. At least you will have to think about field names, which is better than nothing. It turned out to be really hard to do this incrementally.
2015-11-04 16:52:14 -05:00
if s == "test" {
Make name validators return string slices
2015-12-16 01:03:20 -05:00
return nil
Convert validation to use FieldPath Before this change we have a mish-mash of ways to pass field names around for error generation. Sometimes string fieldnames, sometimes .Prefix(), sometimes neither, often wrong names or not indexed when it should be. Instead of that mess, this is part one of a couple of commits that will make it more strongly typed and hopefully encourage correct behavior. At least you will have to think about field names, which is better than nothing. It turned out to be really hard to do this incrementally.
2015-11-04 16:52:14 -05:00
}
Make name validators return string slices
2015-12-16 01:03:20 -05:00
return []string{"name-gen"}
Convert validation to use FieldPath Before this change we have a mish-mash of ways to pass field names around for error generation. Sometimes string fieldnames, sometimes .Prefix(), sometimes neither, often wrong names or not indexed when it should be. Instead of that mess, this is part one of a couple of commits that will make it more strongly typed and hopefully encourage correct behavior. At least you will have to think about field names, which is better than nothing. It turned out to be really hard to do this incrementally.
2015-11-04 16:52:14 -05:00
},
Move FieldPath and errors to a sub-package This makes the naming and reading a lot simpler.
2015-11-06 18:30:52 -05:00
field.NewPath("field"))
Add name generation and normalize common create flows Adds `ObjectMeta.GenerateName`, an optional string field that defines name generation behavior if a Name is not provided. Adds `pkg/api/rest`, which defines the default Kubernetes API pattern for creation (and will cover update as well). Will allow registries and REST objects to be merged by moving logic on api out of those places. Add `pkg/api/rest/resttest`, which will be the test suite that verifies a RESTStorage object follows the Kubernetes API conventions and begin reducing our duplicated tests.
2015-01-27 18:56:38 -05:00
if len(errs) != 1 {
t.Fatalf("unexpected errors: %v", errs)
}
if !strings.Contains(errs[0].Error(), "name-gen") {
t.Errorf("unexpected error message: %v", errs)
}
}
Updating namespaces to be DNS labels instead of DNS names.
2015-05-12 18:13:03 -04:00
// Ensure namespace names follow dns label format
func TestValidateObjectMetaNamespaces(t *testing.T) {
Convert validation to use FieldPath Before this change we have a mish-mash of ways to pass field names around for error generation. Sometimes string fieldnames, sometimes .Prefix(), sometimes neither, often wrong names or not indexed when it should be. Instead of that mess, this is part one of a couple of commits that will make it more strongly typed and hopefully encourage correct behavior. At least you will have to think about field names, which is better than nothing. It turned out to be really hard to do this incrementally.
2015-11-04 16:52:14 -05:00
errs := ValidateObjectMeta(
&api.ObjectMeta{Name: "test", Namespace: "foo.bar"},
Clean up and document validation strings Also add a detail string for Required and Forbidden. Fix tests.
2015-11-14 15:26:04 -05:00
true,
Make name validators return string slices
2015-12-16 01:03:20 -05:00
func(s string, prefix bool) []string {
return nil
Convert validation to use FieldPath Before this change we have a mish-mash of ways to pass field names around for error generation. Sometimes string fieldnames, sometimes .Prefix(), sometimes neither, often wrong names or not indexed when it should be. Instead of that mess, this is part one of a couple of commits that will make it more strongly typed and hopefully encourage correct behavior. At least you will have to think about field names, which is better than nothing. It turned out to be really hard to do this incrementally.
2015-11-04 16:52:14 -05:00
},
Move FieldPath and errors to a sub-package This makes the naming and reading a lot simpler.
2015-11-06 18:30:52 -05:00
field.NewPath("field"))
Updating namespaces to be DNS labels instead of DNS names.
2015-05-12 18:13:03 -04:00
if len(errs) != 1 {
t.Fatalf("unexpected errors: %v", errs)
}
Change how one-of blocks are validated I took a hard look at error output and played until I was happier. This now prints JSON for structs in the error, rather than go's format. Also made the error message easier to read. Fixed tests.
2015-11-15 01:36:25 -05:00
if !strings.Contains(errs[0].Error(), `Invalid value: "foo.bar"`) {
Updating namespaces to be DNS labels instead of DNS names.
2015-05-12 18:13:03 -04:00
t.Errorf("unexpected error message: %v", errs)
}
maxLength := 63
letters := []rune("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789")
b := make([]rune, maxLength+1)
for i := range b {
b[i] = letters[rand.Intn(len(letters))]
}
Convert validation to use FieldPath Before this change we have a mish-mash of ways to pass field names around for error generation. Sometimes string fieldnames, sometimes .Prefix(), sometimes neither, often wrong names or not indexed when it should be. Instead of that mess, this is part one of a couple of commits that will make it more strongly typed and hopefully encourage correct behavior. At least you will have to think about field names, which is better than nothing. It turned out to be really hard to do this incrementally.
2015-11-04 16:52:14 -05:00
errs = ValidateObjectMeta(
&api.ObjectMeta{Name: "test", Namespace: string(b)},
Clean up and document validation strings Also add a detail string for Required and Forbidden. Fix tests.
2015-11-14 15:26:04 -05:00
true,
Make name validators return string slices
2015-12-16 01:03:20 -05:00
func(s string, prefix bool) []string {
return nil
Convert validation to use FieldPath Before this change we have a mish-mash of ways to pass field names around for error generation. Sometimes string fieldnames, sometimes .Prefix(), sometimes neither, often wrong names or not indexed when it should be. Instead of that mess, this is part one of a couple of commits that will make it more strongly typed and hopefully encourage correct behavior. At least you will have to think about field names, which is better than nothing. It turned out to be really hard to do this incrementally.
2015-11-04 16:52:14 -05:00
},
Move FieldPath and errors to a sub-package This makes the naming and reading a lot simpler.
2015-11-06 18:30:52 -05:00
field.NewPath("field"))
Make IsDNS1123Label return error strings
2015-12-16 02:49:58 -05:00
if len(errs) != 2 {
Updating namespaces to be DNS labels instead of DNS names.
2015-05-12 18:13:03 -04:00
t.Fatalf("unexpected errors: %v", errs)
}
Make IsDNS1123Label return error strings
2015-12-16 02:49:58 -05:00
if !strings.Contains(errs[0].Error(), "Invalid value") || !strings.Contains(errs[1].Error(), "Invalid value") {
Updating namespaces to be DNS labels instead of DNS names.
2015-05-12 18:13:03 -04:00
t.Errorf("unexpected error message: %v", errs)
}
}
API changes for finalizers and system-wide garbage collector
2016-04-06 13:16:15 -04:00
func TestValidateObjectMetaOwnerReferences(t *testing.T) {
Add Controller field to OwnerReference
2016-05-11 07:42:17 -04:00
trueVar := true
falseVar := false
API changes for finalizers and system-wide garbage collector
2016-04-06 13:16:15 -04:00
testCases := []struct {
Add Controller field to OwnerReference
2016-05-11 07:42:17 -04:00
description string
ownerReferences []api.OwnerReference
expectError bool
expectedErrorMessage string
API changes for finalizers and system-wide garbage collector
2016-04-06 13:16:15 -04:00
}{
{
Add Controller field to OwnerReference
2016-05-11 07:42:17 -04:00
description: "simple success - third party extension.",
ownerReferences: []api.OwnerReference{
API changes for finalizers and system-wide garbage collector
2016-04-06 13:16:15 -04:00
{
APIVersion: "thirdpartyVersion",
Kind: "thirdpartyKind",
Name: "name",
UID: "1",
},
},
Add Controller field to OwnerReference
2016-05-11 07:42:17 -04:00
expectError: false,
expectedErrorMessage: "",
API changes for finalizers and system-wide garbage collector
2016-04-06 13:16:15 -04:00
},
{
Add Controller field to OwnerReference
2016-05-11 07:42:17 -04:00
description: "simple failures - event shouldn't be set as an owner",
ownerReferences: []api.OwnerReference{
API changes for finalizers and system-wide garbage collector
2016-04-06 13:16:15 -04:00
{
APIVersion: "v1",
Kind: "Event",
Name: "name",
UID: "1",
},
},
Add Controller field to OwnerReference
2016-05-11 07:42:17 -04:00
expectError: true,
expectedErrorMessage: "is disallowed from being an owner",
},
{
description: "simple controller ref success - one reference with Controller set",
ownerReferences: []api.OwnerReference{
{
APIVersion: "thirdpartyVersion",
Kind: "thirdpartyKind",
Name: "name",
UID: "1",
Controller: &falseVar,
},
{
APIVersion: "thirdpartyVersion",
Kind: "thirdpartyKind",
Name: "name",
UID: "2",
Controller: &trueVar,
},
{
APIVersion: "thirdpartyVersion",
Kind: "thirdpartyKind",
Name: "name",
UID: "3",
Controller: &falseVar,
},
{
APIVersion: "thirdpartyVersion",
Kind: "thirdpartyKind",
Name: "name",
UID: "4",
},
},
expectError: false,
expectedErrorMessage: "",
},
{
description: "simple controller ref failure - two references with Controller set",
ownerReferences: []api.OwnerReference{
{
APIVersion: "thirdpartyVersion",
Kind: "thirdpartyKind",
Name: "name",
UID: "1",
Controller: &falseVar,
},
{
APIVersion: "thirdpartyVersion",
Kind: "thirdpartyKind",
Name: "name",
UID: "2",
Controller: &trueVar,
},
{
APIVersion: "thirdpartyVersion",
Kind: "thirdpartyKind",
Name: "name",
UID: "3",
Controller: &trueVar,
},
{
APIVersion: "thirdpartyVersion",
Kind: "thirdpartyKind",
Name: "name",
UID: "4",
},
},
expectError: true,
expectedErrorMessage: "Only one reference can have Controller set to true",
API changes for finalizers and system-wide garbage collector
2016-04-06 13:16:15 -04:00
},
}
for _, tc := range testCases {
errs := ValidateObjectMeta(
&api.ObjectMeta{Name: "test", Namespace: "test", OwnerReferences: tc.ownerReferences},
true,
Make name validators return string slices
2015-12-16 01:03:20 -05:00
func(s string, prefix bool) []string {
return nil
API changes for finalizers and system-wide garbage collector
2016-04-06 13:16:15 -04:00
},
field.NewPath("field"))
if len(errs) != 0 && !tc.expectError {
Add Controller field to OwnerReference
2016-05-11 07:42:17 -04:00
t.Errorf("unexpected error: %v in test case %v", errs, tc.description)
API changes for finalizers and system-wide garbage collector
2016-04-06 13:16:15 -04:00
}
if len(errs) == 0 && tc.expectError {
Add Controller field to OwnerReference
2016-05-11 07:42:17 -04:00
t.Errorf("expect error in test case %v", tc.description)
API changes for finalizers and system-wide garbage collector
2016-04-06 13:16:15 -04:00
}
Add Controller field to OwnerReference
2016-05-11 07:42:17 -04:00
if len(errs) != 0 && !strings.Contains(errs[0].Error(), tc.expectedErrorMessage) {
t.Errorf("unexpected error message: %v in test case %v", errs, tc.description)
API changes for finalizers and system-wide garbage collector
2016-04-06 13:16:15 -04:00
}
}
}
Ignore changes to creation timestamp from clients on update CreationTimestamp is not an authoritative field (like UID) so mismatches can be safely ignored.
2015-03-09 12:04:35 -04:00
func TestValidateObjectMetaUpdateIgnoresCreationTimestamp(t *testing.T) {
if errs := ValidateObjectMetaUpdate(
Give better error message for PUTs with no resource version
2015-03-19 20:51:07 -04:00
&api.ObjectMeta{Name: "test", ResourceVersion: "1"},
Move pkg/util.Time to pkg/api/unversioned.Time Along with our time.Duration wrapper, as suggested by @lavalamp.
2015-09-17 18:21:55 -04:00
&api.ObjectMeta{Name: "test", ResourceVersion: "1", CreationTimestamp: unversioned.NewTime(time.Unix(10, 0))},
Move FieldPath and errors to a sub-package This makes the naming and reading a lot simpler.
2015-11-06 18:30:52 -05:00
field.NewPath("field"),
Ignore changes to creation timestamp from clients on update CreationTimestamp is not an authoritative field (like UID) so mismatches can be safely ignored.
2015-03-09 12:04:35 -04:00
); len(errs) != 0 {
t.Fatalf("unexpected errors: %v", errs)
}
if errs := ValidateObjectMetaUpdate(
Move pkg/util.Time to pkg/api/unversioned.Time Along with our time.Duration wrapper, as suggested by @lavalamp.
2015-09-17 18:21:55 -04:00
&api.ObjectMeta{Name: "test", ResourceVersion: "1", CreationTimestamp: unversioned.NewTime(time.Unix(10, 0))},
Improve signature consistency for ValidateObjectMetaUpdate Fixes #9340 Signed-off-by: Jason Sommer <jsdirv@gmail.com>
2015-06-08 03:56:22 -04:00
&api.ObjectMeta{Name: "test", ResourceVersion: "1"},
Move FieldPath and errors to a sub-package This makes the naming and reading a lot simpler.
2015-11-06 18:30:52 -05:00
field.NewPath("field"),
Ignore changes to creation timestamp from clients on update CreationTimestamp is not an authoritative field (like UID) so mismatches can be safely ignored.
2015-03-09 12:04:35 -04:00
); len(errs) != 0 {
t.Fatalf("unexpected errors: %v", errs)
}
if errs := ValidateObjectMetaUpdate(
Move pkg/util.Time to pkg/api/unversioned.Time Along with our time.Duration wrapper, as suggested by @lavalamp.
2015-09-17 18:21:55 -04:00
&api.ObjectMeta{Name: "test", ResourceVersion: "1", CreationTimestamp: unversioned.NewTime(time.Unix(10, 0))},
&api.ObjectMeta{Name: "test", ResourceVersion: "1", CreationTimestamp: unversioned.NewTime(time.Unix(11, 0))},
Move FieldPath and errors to a sub-package This makes the naming and reading a lot simpler.
2015-11-06 18:30:52 -05:00
field.NewPath("field"),
Ignore changes to creation timestamp from clients on update CreationTimestamp is not an authoritative field (like UID) so mismatches can be safely ignored.
2015-03-09 12:04:35 -04:00
); len(errs) != 0 {
t.Fatalf("unexpected errors: %v", errs)
}
}
add validation rule to prevent adding finalizers if the object is being deleted
2016-09-09 02:32:32 -04:00
func TestValidateFinalizersUpdate(t *testing.T) {
testcases := map[string]struct {
Old api.ObjectMeta
New api.ObjectMeta
ExpectedErr string
}{
"invalid adding finalizers": {
Old: api.ObjectMeta{Name: "test", ResourceVersion: "1", DeletionTimestamp: &unversioned.Time{}, Finalizers: []string{"x/a"}},
New: api.ObjectMeta{Name: "test", ResourceVersion: "1", DeletionTimestamp: &unversioned.Time{}, Finalizers: []string{"x/a", "y/b"}},
ExpectedErr: "y/b",
},
"invalid changing finalizers": {
Old: api.ObjectMeta{Name: "test", ResourceVersion: "1", DeletionTimestamp: &unversioned.Time{}, Finalizers: []string{"x/a"}},
New: api.ObjectMeta{Name: "test", ResourceVersion: "1", DeletionTimestamp: &unversioned.Time{}, Finalizers: []string{"x/b"}},
ExpectedErr: "x/b",
},
"valid removing finalizers": {
Old: api.ObjectMeta{Name: "test", ResourceVersion: "1", DeletionTimestamp: &unversioned.Time{}, Finalizers: []string{"x/a", "y/b"}},
New: api.ObjectMeta{Name: "test", ResourceVersion: "1", DeletionTimestamp: &unversioned.Time{}, Finalizers: []string{"x/a"}},
ExpectedErr: "",
},
"valid adding finalizers for objects not being deleted": {
Old: api.ObjectMeta{Name: "test", ResourceVersion: "1", Finalizers: []string{"x/a"}},
New: api.ObjectMeta{Name: "test", ResourceVersion: "1", Finalizers: []string{"x/a", "y/b"}},
ExpectedErr: "",
},
}
for name, tc := range testcases {
errs := ValidateObjectMetaUpdate(&tc.New, &tc.Old, field.NewPath("field"))
if len(errs) == 0 {
if len(tc.ExpectedErr) != 0 {
t.Errorf("case: %q, expected error to contain %q", name, tc.ExpectedErr)
}
} else if e, a := tc.ExpectedErr, errs.ToAggregate().Error(); !strings.Contains(a, e) {
t.Errorf("case: %q, expected error to contain %q, got error %q", name, e, a)
}
}
}
Validate deletion timestamp doesn't change on update
2016-04-28 11:50:48 -04:00
func TestValidateObjectMetaUpdatePreventsDeletionFieldMutation(t *testing.T) {
now := unversioned.NewTime(time.Unix(1000, 0).UTC())
later := unversioned.NewTime(time.Unix(2000, 0).UTC())
gracePeriodShort := int64(30)
gracePeriodLong := int64(40)
testcases := map[string]struct {
Old api.ObjectMeta
New api.ObjectMeta
ExpectedNew api.ObjectMeta
ExpectedErrs []string
}{
"valid without deletion fields": {
Old: api.ObjectMeta{Name: "test", ResourceVersion: "1"},
New: api.ObjectMeta{Name: "test", ResourceVersion: "1"},
ExpectedNew: api.ObjectMeta{Name: "test", ResourceVersion: "1"},
ExpectedErrs: []string{},
},
"valid with deletion fields": {
Old: api.ObjectMeta{Name: "test", ResourceVersion: "1", DeletionTimestamp: &now, DeletionGracePeriodSeconds: &gracePeriodShort},
New: api.ObjectMeta{Name: "test", ResourceVersion: "1", DeletionTimestamp: &now, DeletionGracePeriodSeconds: &gracePeriodShort},
ExpectedNew: api.ObjectMeta{Name: "test", ResourceVersion: "1", DeletionTimestamp: &now, DeletionGracePeriodSeconds: &gracePeriodShort},
ExpectedErrs: []string{},
},
"invalid set deletionTimestamp": {
Old: api.ObjectMeta{Name: "test", ResourceVersion: "1"},
New: api.ObjectMeta{Name: "test", ResourceVersion: "1", DeletionTimestamp: &now},
ExpectedNew: api.ObjectMeta{Name: "test", ResourceVersion: "1", DeletionTimestamp: &now},
ExpectedErrs: []string{"field.deletionTimestamp: Invalid value: \"1970-01-01T00:16:40Z\": field is immutable; may only be changed via deletion"},
},
"invalid clear deletionTimestamp": {
Old: api.ObjectMeta{Name: "test", ResourceVersion: "1", DeletionTimestamp: &now},
New: api.ObjectMeta{Name: "test", ResourceVersion: "1"},
ExpectedNew: api.ObjectMeta{Name: "test", ResourceVersion: "1", DeletionTimestamp: &now},
ExpectedErrs: []string{}, // no errors, validation copies the old value
},
"invalid change deletionTimestamp": {
Old: api.ObjectMeta{Name: "test", ResourceVersion: "1", DeletionTimestamp: &now},
New: api.ObjectMeta{Name: "test", ResourceVersion: "1", DeletionTimestamp: &later},
ExpectedNew: api.ObjectMeta{Name: "test", ResourceVersion: "1", DeletionTimestamp: &now},
ExpectedErrs: []string{}, // no errors, validation copies the old value
},
"invalid set deletionGracePeriodSeconds": {
Old: api.ObjectMeta{Name: "test", ResourceVersion: "1"},
New: api.ObjectMeta{Name: "test", ResourceVersion: "1", DeletionGracePeriodSeconds: &gracePeriodShort},
ExpectedNew: api.ObjectMeta{Name: "test", ResourceVersion: "1", DeletionGracePeriodSeconds: &gracePeriodShort},
ExpectedErrs: []string{"field.deletionGracePeriodSeconds: Invalid value: 30: field is immutable; may only be changed via deletion"},
},
"invalid clear deletionGracePeriodSeconds": {
Old: api.ObjectMeta{Name: "test", ResourceVersion: "1", DeletionGracePeriodSeconds: &gracePeriodShort},
New: api.ObjectMeta{Name: "test", ResourceVersion: "1"},
ExpectedNew: api.ObjectMeta{Name: "test", ResourceVersion: "1", DeletionGracePeriodSeconds: &gracePeriodShort},
ExpectedErrs: []string{}, // no errors, validation copies the old value
},
"invalid change deletionGracePeriodSeconds": {
Old: api.ObjectMeta{Name: "test", ResourceVersion: "1", DeletionGracePeriodSeconds: &gracePeriodShort},
New: api.ObjectMeta{Name: "test", ResourceVersion: "1", DeletionGracePeriodSeconds: &gracePeriodLong},
ExpectedNew: api.ObjectMeta{Name: "test", ResourceVersion: "1", DeletionGracePeriodSeconds: &gracePeriodLong},
ExpectedErrs: []string{"field.deletionGracePeriodSeconds: Invalid value: 40: field is immutable; may only be changed via deletion"},
},
}
for k, tc := range testcases {
errs := ValidateObjectMetaUpdate(&tc.New, &tc.Old, field.NewPath("field"))
if len(errs) != len(tc.ExpectedErrs) {
t.Logf("%s: Expected: %#v", k, tc.ExpectedErrs)
t.Logf("%s: Got: %#v", k, errs)
t.Errorf("%s: expected %d errors, got %d", k, len(tc.ExpectedErrs), len(errs))
continue
}
for i := range errs {
if errs[i].Error() != tc.ExpectedErrs[i] {
t.Errorf("%s: error #%d: expected %q, got %q", k, i, tc.ExpectedErrs[i], errs[i].Error())
}
}
if !reflect.DeepEqual(tc.New, tc.ExpectedNew) {
t.Errorf("%s: Expected after validation:\n%#v\ngot\n%#v", k, tc.ExpectedNew, tc.New)
}
}
}
api: validate generation updates
2016-05-02 05:31:52 -04:00
func TestObjectMetaGenerationUpdate(t *testing.T) {
testcases := map[string]struct {
Old api.ObjectMeta
New api.ObjectMeta
ExpectedErrs []string
}{
"invalid generation change - decremented": {
Old: api.ObjectMeta{Name: "test", ResourceVersion: "1", Generation: 5},
New: api.ObjectMeta{Name: "test", ResourceVersion: "1", Generation: 4},
ExpectedErrs: []string{"field.generation: Invalid value: 4: must not be decremented"},
},
"valid generation change - incremented by one": {
Old: api.ObjectMeta{Name: "test", ResourceVersion: "1", Generation: 1},
New: api.ObjectMeta{Name: "test", ResourceVersion: "1", Generation: 2},
ExpectedErrs: []string{},
},
"valid generation field - not updated": {
Old: api.ObjectMeta{Name: "test", ResourceVersion: "1", Generation: 5},
New: api.ObjectMeta{Name: "test", ResourceVersion: "1", Generation: 5},
ExpectedErrs: []string{},
},
}
for k, tc := range testcases {
errList := []string{}
errs := ValidateObjectMetaUpdate(&tc.New, &tc.Old, field.NewPath("field"))
if len(errs) != len(tc.ExpectedErrs) {
t.Logf("%s: Expected: %#v", k, tc.ExpectedErrs)
for _, err := range errs {
errList = append(errList, err.Error())
}
t.Logf("%s: Got: %#v", k, errList)
t.Errorf("%s: expected %d errors, got %d", k, len(tc.ExpectedErrs), len(errs))
continue
}
for i := range errList {
if errList[i] != tc.ExpectedErrs[i] {
t.Errorf("%s: error #%d: expected %q, got %q", k, i, tc.ExpectedErrs[i], errList[i])
}
}
}
}
Add name generation and normalize common create flows Adds `ObjectMeta.GenerateName`, an optional string field that defines name generation behavior if a Name is not provided. Adds `pkg/api/rest`, which defines the default Kubernetes API pattern for creation (and will cover update as well). Will allow registries and REST objects to be merged by moving logic on api out of those places. Add `pkg/api/rest/resttest`, which will be the test suite that verifies a RESTStorage object follows the Kubernetes API conventions and begin reducing our duplicated tests.
2015-01-27 18:56:38 -05:00
// Ensure trailing slash is allowed in generate name
func TestValidateObjectMetaTrimsTrailingSlash(t *testing.T) {
Convert validation to use FieldPath Before this change we have a mish-mash of ways to pass field names around for error generation. Sometimes string fieldnames, sometimes .Prefix(), sometimes neither, often wrong names or not indexed when it should be. Instead of that mess, this is part one of a couple of commits that will make it more strongly typed and hopefully encourage correct behavior. At least you will have to think about field names, which is better than nothing. It turned out to be really hard to do this incrementally.
2015-11-04 16:52:14 -05:00
errs := ValidateObjectMeta(
&api.ObjectMeta{Name: "test", GenerateName: "foo-"},
false,
NameIsDNSSubdomain,
Move FieldPath and errors to a sub-package This makes the naming and reading a lot simpler.
2015-11-06 18:30:52 -05:00
field.NewPath("field"))
Add name generation and normalize common create flows Adds `ObjectMeta.GenerateName`, an optional string field that defines name generation behavior if a Name is not provided. Adds `pkg/api/rest`, which defines the default Kubernetes API pattern for creation (and will cover update as well). Will allow registries and REST objects to be merged by moving logic on api out of those places. Add `pkg/api/rest/resttest`, which will be the test suite that verifies a RESTStorage object follows the Kubernetes API conventions and begin reducing our duplicated tests.
2015-01-27 18:56:38 -05:00
if len(errs) != 0 {
t.Fatalf("unexpected errors: %v", errs)
}
}
Slightly relax annotation validation The more aggressive validation on annotations broke openshift (and backwards compat for our data). This change relaxes to allow mixed case so we can continue working in the short term, try to see if we can agree on relaxation, and if we can't, apply the stronger validation here.
2015-02-01 19:03:04 -05:00
func TestValidateAnnotations(t *testing.T) {
successCases := []map[string]string{
{"simple": "bar"},
{"now-with-dashes": "bar"},
{"1-starts-with-num": "bar"},
{"1234": "bar"},
{"simple/simple": "bar"},
{"now-with-dashes/simple": "bar"},
{"now-with-dashes/now-with-dashes": "bar"},
{"now.with.dots/simple": "bar"},
{"now-with.dashes-and.dots/simple": "bar"},
{"1-num.2-num/3-num": "bar"},
{"1234/5678": "bar"},
{"1.2.3.4/5678": "bar"},
{"UpperCase123": "bar"},
Increase the annotation size limit to 256k
2015-10-21 18:22:47 -04:00
{"a": strings.Repeat("b", totalAnnotationSizeLimitB-1)},
apply comments
2015-03-02 08:41:13 -05:00
{
Increase the annotation size limit to 256k
2015-10-21 18:22:47 -04:00
"a": strings.Repeat("b", totalAnnotationSizeLimitB/2-1),
"c": strings.Repeat("d", totalAnnotationSizeLimitB/2-1),
apply comments
2015-03-02 08:41:13 -05:00
},
Slightly relax annotation validation The more aggressive validation on annotations broke openshift (and backwards compat for our data). This change relaxes to allow mixed case so we can continue working in the short term, try to see if we can agree on relaxation, and if we can't, apply the stronger validation here.
2015-02-01 19:03:04 -05:00
}
for i := range successCases {
Move FieldPath and errors to a sub-package This makes the naming and reading a lot simpler.
2015-11-06 18:30:52 -05:00
errs := ValidateAnnotations(successCases[i], field.NewPath("field"))
Slightly relax annotation validation The more aggressive validation on annotations broke openshift (and backwards compat for our data). This change relaxes to allow mixed case so we can continue working in the short term, try to see if we can agree on relaxation, and if we can't, apply the stronger validation here.
2015-02-01 19:03:04 -05:00
if len(errs) != 0 {
t.Errorf("case[%d] expected success, got %#v", i, errs)
}
}
apply comments
2015-03-02 08:41:13 -05:00
Make IsQualifiedName return error strings
2015-12-16 00:28:42 -05:00
nameErrorCases := []struct {
annotations map[string]string
expect string
}{
{map[string]string{"nospecialchars^=@": "bar"}, "must match the regex"},
{map[string]string{"cantendwithadash-": "bar"}, "must match the regex"},
{map[string]string{"only/one/slash": "bar"}, "must match the regex"},
{map[string]string{strings.Repeat("a", 254): "bar"}, "must be no more than"},
Slightly relax annotation validation The more aggressive validation on annotations broke openshift (and backwards compat for our data). This change relaxes to allow mixed case so we can continue working in the short term, try to see if we can agree on relaxation, and if we can't, apply the stronger validation here.
2015-02-01 19:03:04 -05:00
}
Loosen label and annotation validation and related tests
2015-02-27 10:08:02 -05:00
for i := range nameErrorCases {
Make IsQualifiedName return error strings
2015-12-16 00:28:42 -05:00
errs := ValidateAnnotations(nameErrorCases[i].annotations, field.NewPath("field"))
Loosen label and annotation validation and related tests
2015-02-27 10:08:02 -05:00
if len(errs) != 1 {
Make IsQualifiedName return error strings
2015-12-16 00:28:42 -05:00
t.Errorf("case[%d]: expected failure", i)
} else {
if !strings.Contains(errs[0].Detail, nameErrorCases[i].expect) {
t.Errorf("case[%d]: error details do not include %q: %q", i, nameErrorCases[i].expect, errs[0].Detail)
}
Loosen label and annotation validation and related tests
2015-02-27 10:08:02 -05:00
}
}
apply comments
2015-03-02 08:41:13 -05:00
totalSizeErrorCases := []map[string]string{
Increase the annotation size limit to 256k
2015-10-21 18:22:47 -04:00
{"a": strings.Repeat("b", totalAnnotationSizeLimitB)},
apply comments
2015-03-02 08:41:13 -05:00
{
Increase the annotation size limit to 256k
2015-10-21 18:22:47 -04:00
"a": strings.Repeat("b", totalAnnotationSizeLimitB/2),
"c": strings.Repeat("d", totalAnnotationSizeLimitB/2),
apply comments
2015-03-02 08:41:13 -05:00
},
Loosen label and annotation validation and related tests
2015-02-27 10:08:02 -05:00
}
apply comments
2015-03-02 08:41:13 -05:00
for i := range totalSizeErrorCases {
Move FieldPath and errors to a sub-package This makes the naming and reading a lot simpler.
2015-11-06 18:30:52 -05:00
errs := ValidateAnnotations(totalSizeErrorCases[i], field.NewPath("field"))
Slightly relax annotation validation The more aggressive validation on annotations broke openshift (and backwards compat for our data). This change relaxes to allow mixed case so we can continue working in the short term, try to see if we can agree on relaxation, and if we can't, apply the stronger validation here.
2015-02-01 19:03:04 -05:00
if len(errs) != 1 {
t.Errorf("case[%d] expected failure", i)
}
}
}
PersistentVolume & PersistentVolumeClaim API types
2015-03-23 14:18:11 -04:00
func testVolume(name string, namespace string, spec api.PersistentVolumeSpec) *api.PersistentVolume {
objMeta := api.ObjectMeta{Name: name}
if namespace != "" {
objMeta.Namespace = namespace
}
return &api.PersistentVolume{
ObjectMeta: objMeta,
Spec: spec,
}
}
func TestValidatePersistentVolumes(t *testing.T) {
scenarios := map[string]struct {
isExpectedFailure bool
volume *api.PersistentVolume
}{
"good-volume": {
isExpectedFailure: false,
volume: testVolume("foo", "", api.PersistentVolumeSpec{
Capacity: api.ResourceList{
api.ResourceName(api.ResourceStorage): resource.MustParse("10G"),
},
Rename AccessMode to PersistentVolumeAccessMode
2015-05-18 16:22:30 -04:00
AccessModes: []api.PersistentVolumeAccessMode{api.ReadWriteOnce},
PersistentVolume & PersistentVolumeClaim API types
2015-03-23 14:18:11 -04:00
PersistentVolumeSource: api.PersistentVolumeSource{
HostPath: &api.HostPathVolumeSource{Path: "/foo"},
},
}),
},
Add unit test for bad ReclaimPolicy and valid ReclaimPolicy in /pkg/api/validation_test.go
2016-09-01 15:12:13 -04:00
"good-volume-with-retain-policy": {
isExpectedFailure: false,
volume: testVolume("foo", "", api.PersistentVolumeSpec{
Capacity: api.ResourceList{
api.ResourceName(api.ResourceStorage): resource.MustParse("10G"),
},
AccessModes: []api.PersistentVolumeAccessMode{api.ReadWriteOnce},
PersistentVolumeSource: api.PersistentVolumeSource{
HostPath: &api.HostPathVolumeSource{Path: "/foo"},
},
PersistentVolumeReclaimPolicy: api.PersistentVolumeReclaimRetain,
}),
},
added validation for AccessModes
2015-07-24 15:55:54 -04:00
"invalid-accessmode": {
isExpectedFailure: true,
volume: testVolume("foo", "", api.PersistentVolumeSpec{
Capacity: api.ResourceList{
api.ResourceName(api.ResourceStorage): resource.MustParse("10G"),
},
AccessModes: []api.PersistentVolumeAccessMode{"fakemode"},
PersistentVolumeSource: api.PersistentVolumeSource{
HostPath: &api.HostPathVolumeSource{Path: "/foo"},
},
}),
},
Add unit test for bad ReclaimPolicy and valid ReclaimPolicy in /pkg/api/validation_test.go
2016-09-01 15:12:13 -04:00
"invalid-reclaimpolicy": {
isExpectedFailure: true,
volume: testVolume("foo", "", api.PersistentVolumeSpec{
Capacity: api.ResourceList{
api.ResourceName(api.ResourceStorage): resource.MustParse("10G"),
},
AccessModes: []api.PersistentVolumeAccessMode{api.ReadWriteOnce},
PersistentVolumeSource: api.PersistentVolumeSource{
HostPath: &api.HostPathVolumeSource{Path: "/foo"},
},
PersistentVolumeReclaimPolicy: "fakeReclaimPolicy",
}),
},
PersistentVolume & PersistentVolumeClaim API types
2015-03-23 14:18:11 -04:00
"unexpected-namespace": {
isExpectedFailure: true,
volume: testVolume("foo", "unexpected-namespace", api.PersistentVolumeSpec{
Capacity: api.ResourceList{
api.ResourceName(api.ResourceStorage): resource.MustParse("10G"),
},
Rename AccessMode to PersistentVolumeAccessMode
2015-05-18 16:22:30 -04:00
AccessModes: []api.PersistentVolumeAccessMode{api.ReadWriteOnce},
PersistentVolume & PersistentVolumeClaim API types
2015-03-23 14:18:11 -04:00
PersistentVolumeSource: api.PersistentVolumeSource{
HostPath: &api.HostPathVolumeSource{Path: "/foo"},
},
}),
},
"bad-name": {
isExpectedFailure: true,
volume: testVolume("123*Bad(Name", "unexpected-namespace", api.PersistentVolumeSpec{
Capacity: api.ResourceList{
api.ResourceName(api.ResourceStorage): resource.MustParse("10G"),
},
Rename AccessMode to PersistentVolumeAccessMode
2015-05-18 16:22:30 -04:00
AccessModes: []api.PersistentVolumeAccessMode{api.ReadWriteOnce},
PersistentVolume & PersistentVolumeClaim API types
2015-03-23 14:18:11 -04:00
PersistentVolumeSource: api.PersistentVolumeSource{
HostPath: &api.HostPathVolumeSource{Path: "/foo"},
},
Bi-directional bind between pv.Spec.ClaimRef and pvc.Spec.VolumeName
2015-05-12 20:44:29 -04:00
}),
PersistentVolume & PersistentVolumeClaim API types
2015-03-23 14:18:11 -04:00
},
"missing-name": {
isExpectedFailure: true,
volume: testVolume("", "", api.PersistentVolumeSpec{
Capacity: api.ResourceList{
api.ResourceName(api.ResourceStorage): resource.MustParse("10G"),
},
Rename AccessMode to PersistentVolumeAccessMode
2015-05-18 16:22:30 -04:00
AccessModes: []api.PersistentVolumeAccessMode{api.ReadWriteOnce},
PersistentVolume & PersistentVolumeClaim API types
2015-03-23 14:18:11 -04:00
}),
},
"missing-capacity": {
isExpectedFailure: true,
volume: testVolume("foo", "", api.PersistentVolumeSpec{}),
},
Bi-directional bind between pv.Spec.ClaimRef and pvc.Spec.VolumeName
2015-05-12 20:44:29 -04:00
"missing-accessmodes": {
isExpectedFailure: true,
volume: testVolume("goodname", "missing-accessmodes", api.PersistentVolumeSpec{
Capacity: api.ResourceList{
api.ResourceName(api.ResourceStorage): resource.MustParse("10G"),
},
PersistentVolumeSource: api.PersistentVolumeSource{
HostPath: &api.HostPathVolumeSource{Path: "/foo"},
},
}),
},
PersistentVolume & PersistentVolumeClaim API types
2015-03-23 14:18:11 -04:00
"too-many-sources": {
isExpectedFailure: true,
volume: testVolume("", "", api.PersistentVolumeSpec{
Capacity: api.ResourceList{
api.ResourceName(api.ResourceStorage): resource.MustParse("5G"),
},
PersistentVolumeSource: api.PersistentVolumeSource{
HostPath: &api.HostPathVolumeSource{Path: "/foo"},
GCEPersistentDisk: &api.GCEPersistentDiskVolumeSource{PDName: "foo", FSType: "ext4"},
},
}),
},
Add validation preventing recycle of / in a hostPath PV
2016-08-22 14:45:46 -04:00
"host mount of / with recycle reclaim policy": {
isExpectedFailure: true,
volume: testVolume("bad-recycle-do-not-want", "", api.PersistentVolumeSpec{
Capacity: api.ResourceList{
api.ResourceName(api.ResourceStorage): resource.MustParse("10G"),
},
AccessModes: []api.PersistentVolumeAccessMode{api.ReadWriteOnce},
PersistentVolumeSource: api.PersistentVolumeSource{
HostPath: &api.HostPathVolumeSource{Path: "/"},
},
PersistentVolumeReclaimPolicy: api.PersistentVolumeReclaimRecycle,
}),
},
"host mount of / with recycle reclaim policy 2": {
isExpectedFailure: true,
volume: testVolume("bad-recycle-do-not-want", "", api.PersistentVolumeSpec{
Capacity: api.ResourceList{
api.ResourceName(api.ResourceStorage): resource.MustParse("10G"),
},
AccessModes: []api.PersistentVolumeAccessMode{api.ReadWriteOnce},
PersistentVolumeSource: api.PersistentVolumeSource{
HostPath: &api.HostPathVolumeSource{Path: "/a/.."},
},
PersistentVolumeReclaimPolicy: api.PersistentVolumeReclaimRecycle,
}),
},
PersistentVolume & PersistentVolumeClaim API types
2015-03-23 14:18:11 -04:00
}
for name, scenario := range scenarios {
errs := ValidatePersistentVolume(scenario.volume)
if len(errs) == 0 && scenario.isExpectedFailure {
t.Errorf("Unexpected success for scenario: %s", name)
}
if len(errs) > 0 && !scenario.isExpectedFailure {
t.Errorf("Unexpected failure for scenario: %s - %+v", name, errs)
}
}
}
func testVolumeClaim(name string, namespace string, spec api.PersistentVolumeClaimSpec) *api.PersistentVolumeClaim {
return &api.PersistentVolumeClaim{
ObjectMeta: api.ObjectMeta{Name: name, Namespace: namespace},
Spec: spec,
}
}
func TestValidatePersistentVolumeClaim(t *testing.T) {
scenarios := map[string]struct {
isExpectedFailure bool
claim *api.PersistentVolumeClaim
}{
"good-claim": {
isExpectedFailure: false,
claim: testVolumeClaim("foo", "ns", api.PersistentVolumeClaimSpec{
Add selector to PersistentVolumeClaim
2016-05-06 23:18:54 -04:00
Selector: &unversioned.LabelSelector{
MatchExpressions: []unversioned.LabelSelectorRequirement{
{
Key: "key2",
Operator: "Exists",
},
},
},
AccessModes: []api.PersistentVolumeAccessMode{
api.ReadWriteOnce,
api.ReadOnlyMany,
},
Resources: api.ResourceRequirements{
Requests: api.ResourceList{
api.ResourceName(api.ResourceStorage): resource.MustParse("10G"),
},
},
}),
},
"invalid-label-selector": {
isExpectedFailure: true,
claim: testVolumeClaim("foo", "ns", api.PersistentVolumeClaimSpec{
Selector: &unversioned.LabelSelector{
MatchExpressions: []unversioned.LabelSelectorRequirement{
{
Key: "key2",
Operator: "InvalidOp",
Values: []string{"value1", "value2"},
},
},
},
Rename AccessMode to PersistentVolumeAccessMode
2015-05-18 16:22:30 -04:00
AccessModes: []api.PersistentVolumeAccessMode{
PersistentVolume & PersistentVolumeClaim API types
2015-03-23 14:18:11 -04:00
api.ReadWriteOnce,
api.ReadOnlyMany,
},
Resources: api.ResourceRequirements{
Requests: api.ResourceList{
added validation for AccessModes
2015-07-24 15:55:54 -04:00
api.ResourceName(api.ResourceStorage): resource.MustParse("10G"),
},
},
}),
},
"invalid-accessmode": {
isExpectedFailure: true,
claim: testVolumeClaim("foo", "ns", api.PersistentVolumeClaimSpec{
AccessModes: []api.PersistentVolumeAccessMode{"fakemode"},
Resources: api.ResourceRequirements{
Requests: api.ResourceList{
PersistentVolume & PersistentVolumeClaim API types
2015-03-23 14:18:11 -04:00
api.ResourceName(api.ResourceStorage): resource.MustParse("10G"),
},
},
}),
},
"missing-namespace": {
isExpectedFailure: true,
claim: testVolumeClaim("foo", "", api.PersistentVolumeClaimSpec{
Rename AccessMode to PersistentVolumeAccessMode
2015-05-18 16:22:30 -04:00
AccessModes: []api.PersistentVolumeAccessMode{
PersistentVolume & PersistentVolumeClaim API types
2015-03-23 14:18:11 -04:00
api.ReadWriteOnce,
api.ReadOnlyMany,
},
Resources: api.ResourceRequirements{
Requests: api.ResourceList{
api.ResourceName(api.ResourceStorage): resource.MustParse("10G"),
},
},
}),
},
"no-access-modes": {
isExpectedFailure: true,
claim: testVolumeClaim("foo", "ns", api.PersistentVolumeClaimSpec{
Resources: api.ResourceRequirements{
Requests: api.ResourceList{
api.ResourceName(api.ResourceStorage): resource.MustParse("10G"),
},
},
}),
},
"no-resource-requests": {
isExpectedFailure: true,
claim: testVolumeClaim("foo", "ns", api.PersistentVolumeClaimSpec{
Rename AccessMode to PersistentVolumeAccessMode
2015-05-18 16:22:30 -04:00
AccessModes: []api.PersistentVolumeAccessMode{
PersistentVolume & PersistentVolumeClaim API types
2015-03-23 14:18:11 -04:00
api.ReadWriteOnce,
},
}),
},
changed claimed validation from length check to specific storage check
2015-03-31 11:37:09 -04:00
"invalid-resource-requests": {
isExpectedFailure: true,
claim: testVolumeClaim("foo", "ns", api.PersistentVolumeClaimSpec{
Rename AccessMode to PersistentVolumeAccessMode
2015-05-18 16:22:30 -04:00
AccessModes: []api.PersistentVolumeAccessMode{
changed claimed validation from length check to specific storage check
2015-03-31 11:37:09 -04:00
api.ReadWriteOnce,
},
Resources: api.ResourceRequirements{
Requests: api.ResourceList{
api.ResourceName(api.ResourceMemory): resource.MustParse("10G"),
},
},
}),
},
Fix pvc requests.storage validation
2016-08-10 14:18:37 -04:00
"negative-storage-request": {
isExpectedFailure: true,
claim: testVolumeClaim("foo", "ns", api.PersistentVolumeClaimSpec{
Selector: &unversioned.LabelSelector{
MatchExpressions: []unversioned.LabelSelectorRequirement{
{
Key: "key2",
Operator: "Exists",
},
},
},
AccessModes: []api.PersistentVolumeAccessMode{
api.ReadWriteOnce,
api.ReadOnlyMany,
},
Resources: api.ResourceRequirements{
Requests: api.ResourceList{
api.ResourceName(api.ResourceStorage): resource.MustParse("-10G"),
},
},
}),
},
PersistentVolume & PersistentVolumeClaim API types
2015-03-23 14:18:11 -04:00
}
for name, scenario := range scenarios {
errs := ValidatePersistentVolumeClaim(scenario.claim)
if len(errs) == 0 && scenario.isExpectedFailure {
t.Errorf("Unexpected success for scenario: %s", name)
}
if len(errs) > 0 && !scenario.isExpectedFailure {
t.Errorf("Unexpected failure for scenario: %s - %+v", name, errs)
}
}
}
Improve persistent volume claim validation
2016-02-09 15:28:37 -05:00
func TestValidatePersistentVolumeClaimUpdate(t *testing.T) {
validClaim := testVolumeClaim("foo", "ns", api.PersistentVolumeClaimSpec{
AccessModes: []api.PersistentVolumeAccessMode{
api.ReadWriteOnce,
api.ReadOnlyMany,
},
Resources: api.ResourceRequirements{
Requests: api.ResourceList{
api.ResourceName(api.ResourceStorage): resource.MustParse("10G"),
},
},
})
validUpdateClaim := testVolumeClaim("foo", "ns", api.PersistentVolumeClaimSpec{
AccessModes: []api.PersistentVolumeAccessMode{
api.ReadWriteOnce,
api.ReadOnlyMany,
},
Resources: api.ResourceRequirements{
Requests: api.ResourceList{
api.ResourceName(api.ResourceStorage): resource.MustParse("10G"),
},
},
VolumeName: "volume",
})
invalidUpdateClaimResources := testVolumeClaim("foo", "ns", api.PersistentVolumeClaimSpec{
AccessModes: []api.PersistentVolumeAccessMode{
api.ReadWriteOnce,
api.ReadOnlyMany,
},
Resources: api.ResourceRequirements{
Requests: api.ResourceList{
api.ResourceName(api.ResourceStorage): resource.MustParse("20G"),
},
},
VolumeName: "volume",
})
invalidUpdateClaimAccessModes := testVolumeClaim("foo", "ns", api.PersistentVolumeClaimSpec{
AccessModes: []api.PersistentVolumeAccessMode{
api.ReadWriteOnce,
},
Resources: api.ResourceRequirements{
Requests: api.ResourceList{
api.ResourceName(api.ResourceStorage): resource.MustParse("10G"),
},
},
VolumeName: "volume",
})
scenarios := map[string]struct {
isExpectedFailure bool
oldClaim *api.PersistentVolumeClaim
newClaim *api.PersistentVolumeClaim
}{
make PVCs immutable (except volumeName) post-creation
2016-07-08 12:08:15 -04:00
"valid-update-volumeName-only": {
Improve persistent volume claim validation
2016-02-09 15:28:37 -05:00
isExpectedFailure: false,
oldClaim: validClaim,
newClaim: validUpdateClaim,
},
make PVCs immutable (except volumeName) post-creation
2016-07-08 12:08:15 -04:00
"valid-no-op-update": {
isExpectedFailure: false,
oldClaim: validUpdateClaim,
newClaim: validUpdateClaim,
},
Improve persistent volume claim validation
2016-02-09 15:28:37 -05:00
"invalid-update-change-resources-on-bound-claim": {
isExpectedFailure: true,
oldClaim: validUpdateClaim,
newClaim: invalidUpdateClaimResources,
},
"invalid-update-change-access-modes-on-bound-claim": {
isExpectedFailure: true,
oldClaim: validUpdateClaim,
newClaim: invalidUpdateClaimAccessModes,
},
}
for name, scenario := range scenarios {
// ensure we have a resource version specified for updates
scenario.oldClaim.ResourceVersion = "1"
scenario.newClaim.ResourceVersion = "1"
errs := ValidatePersistentVolumeClaimUpdate(scenario.newClaim, scenario.oldClaim)
if len(errs) == 0 && scenario.isExpectedFailure {
t.Errorf("Unexpected success for scenario: %s", name)
}
if len(errs) > 0 && !scenario.isExpectedFailure {
t.Errorf("Unexpected failure for scenario: %s - %+v", name, errs)
}
}
}
Validate that projected files do not contain .. This was checked in the kubelet, but not at the API.
2016-07-30 01:41:20 -04:00
func TestValidateKeyToPath(t *testing.T) {
testCases := []struct {
kp api.KeyToPath
ok bool
errtype field.ErrorType
}{
{
kp: api.KeyToPath{Key: "k", Path: "p"},
ok: true,
},
{
kp: api.KeyToPath{Key: "k", Path: "p/p/p/p"},
ok: true,
},
{
kp: api.KeyToPath{Key: "k", Path: "p/..p/p../p..p"},
ok: true,
},
Add mode permission bits to configmap, secrets and downwardAPI This implements the proposal in: docs/proposals/secret-configmap-downwarapi-file-mode.md Fixes: #28317. The mounttest image is updated so it returns the permissions of the linked file and not the symlink itself.
2016-07-10 20:48:28 -04:00
{
kp: api.KeyToPath{Key: "k", Path: "p", Mode: newInt32(0644)},
ok: true,
},
Validate that projected files do not contain .. This was checked in the kubelet, but not at the API.
2016-07-30 01:41:20 -04:00
{
kp: api.KeyToPath{Key: "", Path: "p"},
ok: false,
errtype: field.ErrorTypeRequired,
},
{
kp: api.KeyToPath{Key: "k", Path: ""},
ok: false,
errtype: field.ErrorTypeRequired,
},
{
kp: api.KeyToPath{Key: "k", Path: "..p"},
ok: false,
errtype: field.ErrorTypeInvalid,
},
{
kp: api.KeyToPath{Key: "k", Path: "../p"},
ok: false,
errtype: field.ErrorTypeInvalid,
},
{
kp: api.KeyToPath{Key: "k", Path: "p/../p"},
ok: false,
errtype: field.ErrorTypeInvalid,
},
{
kp: api.KeyToPath{Key: "k", Path: "p/.."},
ok: false,
errtype: field.ErrorTypeInvalid,
},
Add mode permission bits to configmap, secrets and downwardAPI This implements the proposal in: docs/proposals/secret-configmap-downwarapi-file-mode.md Fixes: #28317. The mounttest image is updated so it returns the permissions of the linked file and not the symlink itself.
2016-07-10 20:48:28 -04:00
{
kp: api.KeyToPath{Key: "k", Path: "p", Mode: newInt32(01000)},
ok: false,
errtype: field.ErrorTypeInvalid,
},
{
kp: api.KeyToPath{Key: "k", Path: "p", Mode: newInt32(-1)},
ok: false,
errtype: field.ErrorTypeInvalid,
},
Add validation of Volumes
2014-07-01 17:40:36 -04:00
}
Validate that projected files do not contain .. This was checked in the kubelet, but not at the API.
2016-07-30 01:41:20 -04:00
for i, tc := range testCases {
errs := validateKeyToPath(&tc.kp, field.NewPath("field"))
if tc.ok && len(errs) > 0 {
t.Errorf("[%d] unexpected errors: %v", i, errs)
} else if !tc.ok && len(errs) == 0 {
t.Errorf("[%d] expected error type %v", i, tc.errtype)
} else if len(errs) > 1 {
t.Errorf("[%d] expected only one error, got %d", i, len(errs))
} else if !tc.ok {
if errs[0].Type != tc.errtype {
t.Errorf("[%d] expected error type %v, got %v", i, tc.errtype, errs[0].Type)
}
}
Add validation of Volumes
2014-07-01 17:40:36 -04:00
}
Validate that projected files do not contain .. This was checked in the kubelet, but not at the API.
2016-07-30 01:41:20 -04:00
}
Clean up the ugliest unit test ever This volume-validation test was a disaster. Better now, if longer to scroll-through.
2016-07-30 02:52:25 -04:00
// helper
func newInt32(val int) *int32 {
p := new(int32)
*p = int32(val)
return p
}
// This test is a little too top-to-bottom. Ideally we would test each volume
// type on its own, but we want to also make sure that the logic works through
// the one-of wrapper, so we just do it all in one place.
Add validation of Volumes
2014-07-01 17:40:36 -04:00
func TestValidateVolumes(t *testing.T) {
Clean up the ugliest unit test ever This volume-validation test was a disaster. Better now, if longer to scroll-through.
2016-07-30 02:52:25 -04:00
testCases := []struct {
name string
vol api.Volume
errtype field.ErrorType
errfield string
errdetail string
Convert field errors into a selector for the object Satisfies the "Field" condition for a Cause. Also addresses parts of #914.
2014-08-19 23:54:20 -04:00
}{
Clean up the ugliest unit test ever This volume-validation test was a disaster. Better now, if longer to scroll-through.
2016-07-30 02:52:25 -04:00
// EmptyDir and basic volume names
{
name: "valid alpha name",
vol: api.Volume{
Name: "empty",
VolumeSource: api.VolumeSource{
EmptyDir: &api.EmptyDirVolumeSource{},
},
},
},
{
name: "valid num name",
vol: api.Volume{
Name: "123",
VolumeSource: api.VolumeSource{
EmptyDir: &api.EmptyDirVolumeSource{},
},
},
},
{
name: "valid alphanum name",
vol: api.Volume{
Name: "empty-123",
VolumeSource: api.VolumeSource{
EmptyDir: &api.EmptyDirVolumeSource{},
},
},
},
{
name: "valid numalpha name",
vol: api.Volume{
Name: "123-empty",
VolumeSource: api.VolumeSource{
EmptyDir: &api.EmptyDirVolumeSource{},
},
},
},
{
name: "zero-length name",
vol: api.Volume{
Name: "",
VolumeSource: api.VolumeSource{EmptyDir: &api.EmptyDirVolumeSource{}},
},
errtype: field.ErrorTypeRequired,
errfield: "name",
},
{
name: "name > 63 characters",
vol: api.Volume{
Name: strings.Repeat("a", 64),
VolumeSource: api.VolumeSource{EmptyDir: &api.EmptyDirVolumeSource{}},
},
errtype: field.ErrorTypeInvalid,
errfield: "name",
errdetail: "must be no more than",
},
{
name: "name not a DNS label",
vol: api.Volume{
Name: "a.b.c",
VolumeSource: api.VolumeSource{EmptyDir: &api.EmptyDirVolumeSource{}},
},
errtype: field.ErrorTypeInvalid,
errfield: "name",
errdetail: "must match the regex",
},
// More than one source field specified.
{
name: "more than one source",
vol: api.Volume{
Name: "dups",
VolumeSource: api.VolumeSource{
EmptyDir: &api.EmptyDirVolumeSource{},
HostPath: &api.HostPathVolumeSource{
Path: "/mnt/path",
},
},
},
errtype: field.ErrorTypeForbidden,
errfield: "hostPath",
errdetail: "may not specify more than 1 volume",
},
// HostPath
{
name: "valid HostPath",
vol: api.Volume{
Name: "hostpath",
VolumeSource: api.VolumeSource{
HostPath: &api.HostPathVolumeSource{
Path: "/mnt/path",
},
},
},
},
// GcePersistentDisk
{
name: "valid GcePersistentDisk",
vol: api.Volume{
Name: "gce-pd",
VolumeSource: api.VolumeSource{
GCEPersistentDisk: &api.GCEPersistentDiskVolumeSource{
PDName: "my-PD",
FSType: "ext4",
Partition: 1,
ReadOnly: false,
},
},
},
},
// AWSElasticBlockStore
{
name: "valid AWSElasticBlockStore",
vol: api.Volume{
Name: "aws-ebs",
VolumeSource: api.VolumeSource{
AWSElasticBlockStore: &api.AWSElasticBlockStoreVolumeSource{
VolumeID: "my-PD",
FSType: "ext4",
Partition: 1,
ReadOnly: false,
},
},
},
},
// GitRepo
{
name: "valid GitRepo",
vol: api.Volume{
Name: "git-repo",
VolumeSource: api.VolumeSource{
GitRepo: &api.GitRepoVolumeSource{
Repository: "my-repo",
Revision: "hashstring",
Directory: "target",
},
},
},
},
{
name: "valid GitRepo in .",
vol: api.Volume{
Name: "git-repo-dot",
VolumeSource: api.VolumeSource{
GitRepo: &api.GitRepoVolumeSource{
Repository: "my-repo",
Directory: ".",
},
},
},
},
{
name: "valid GitRepo with .. in name",
vol: api.Volume{
Name: "git-repo-dot-dot-foo",
VolumeSource: api.VolumeSource{
GitRepo: &api.GitRepoVolumeSource{
Repository: "my-repo",
Directory: "..foo",
},
},
},
},
{
name: "GitRepo starts with ../",
vol: api.Volume{
Name: "gitrepo",
VolumeSource: api.VolumeSource{
GitRepo: &api.GitRepoVolumeSource{
Repository: "foo",
Directory: "../dots/bar",
},
},
},
errtype: field.ErrorTypeInvalid,
errfield: "gitRepo.directory",
errdetail: `must not contain '..'`,
},
{
name: "GitRepo contains ..",
vol: api.Volume{
Name: "gitrepo",
VolumeSource: api.VolumeSource{
GitRepo: &api.GitRepoVolumeSource{
Repository: "foo",
Directory: "dots/../bar",
},
},
},
errtype: field.ErrorTypeInvalid,
errfield: "gitRepo.directory",
errdetail: `must not contain '..'`,
},
{
name: "GitRepo absolute target",
vol: api.Volume{
Name: "gitrepo",
VolumeSource: api.VolumeSource{
GitRepo: &api.GitRepoVolumeSource{
Repository: "foo",
Directory: "/abstarget",
},
},
},
errtype: field.ErrorTypeInvalid,
errfield: "gitRepo.directory",
},
// ISCSI
{
name: "valid ISCSI",
vol: api.Volume{
Name: "iscsi",
VolumeSource: api.VolumeSource{
ISCSI: &api.ISCSIVolumeSource{
TargetPortal: "127.0.0.1",
IQN: "iqn.2015-02.example.com:test",
Lun: 1,
FSType: "ext4",
ReadOnly: false,
},
},
},
},
{
name: "empty portal",
vol: api.Volume{
Name: "iscsi",
VolumeSource: api.VolumeSource{
ISCSI: &api.ISCSIVolumeSource{
TargetPortal: "",
IQN: "iqn.2015-02.example.com:test",
Lun: 1,
FSType: "ext4",
ReadOnly: false,
},
},
},
errtype: field.ErrorTypeRequired,
errfield: "iscsi.targetPortal",
},
{
name: "empty iqn",
vol: api.Volume{
Name: "iscsi",
VolumeSource: api.VolumeSource{
ISCSI: &api.ISCSIVolumeSource{
TargetPortal: "127.0.0.1",
IQN: "",
Lun: 1,
FSType: "ext4",
ReadOnly: false,
},
},
},
errtype: field.ErrorTypeRequired,
errfield: "iscsi.iqn",
},
// Secret
{
name: "valid Secret",
vol: api.Volume{
Name: "secret",
VolumeSource: api.VolumeSource{
Secret: &api.SecretVolumeSource{
SecretName: "my-secret",
},
},
},
},
{
Add mode permission bits to configmap, secrets and downwardAPI This implements the proposal in: docs/proposals/secret-configmap-downwarapi-file-mode.md Fixes: #28317. The mounttest image is updated so it returns the permissions of the linked file and not the symlink itself.
2016-07-10 20:48:28 -04:00
name: "valid Secret with defaultMode",
vol: api.Volume{
Name: "secret",
VolumeSource: api.VolumeSource{
Secret: &api.SecretVolumeSource{
SecretName: "my-secret",
DefaultMode: newInt32(0644),
},
},
},
},
{
name: "valid Secret with projection and mode",
Clean up the ugliest unit test ever This volume-validation test was a disaster. Better now, if longer to scroll-through.
2016-07-30 02:52:25 -04:00
vol: api.Volume{
Name: "secret",
VolumeSource: api.VolumeSource{
Secret: &api.SecretVolumeSource{
SecretName: "my-secret",
Items: []api.KeyToPath{{
Key: "key",
Path: "filename",
Add mode permission bits to configmap, secrets and downwardAPI This implements the proposal in: docs/proposals/secret-configmap-downwarapi-file-mode.md Fixes: #28317. The mounttest image is updated so it returns the permissions of the linked file and not the symlink itself.
2016-07-10 20:48:28 -04:00
Mode: newInt32(0644),
Clean up the ugliest unit test ever This volume-validation test was a disaster. Better now, if longer to scroll-through.
2016-07-30 02:52:25 -04:00
}},
},
},
},
},
{
name: "valid Secret with subdir projection",
vol: api.Volume{
Name: "secret",
VolumeSource: api.VolumeSource{
Secret: &api.SecretVolumeSource{
SecretName: "my-secret",
Items: []api.KeyToPath{{
Key: "key",
Path: "dir/filename",
}},
},
},
},
},
{
name: "secret with missing path",
vol: api.Volume{
Name: "secret",
VolumeSource: api.VolumeSource{
Secret: &api.SecretVolumeSource{
SecretName: "s",
Items: []api.KeyToPath{{Key: "key", Path: ""}},
},
},
},
errtype: field.ErrorTypeRequired,
errfield: "secret.items[0].path",
},
{
name: "secret with leading ..",
vol: api.Volume{
Name: "secret",
VolumeSource: api.VolumeSource{
Secret: &api.SecretVolumeSource{
SecretName: "s",
Items: []api.KeyToPath{{Key: "key", Path: "../foo"}},
},
},
},
errtype: field.ErrorTypeInvalid,
errfield: "secret.items[0].path",
},
{
name: "secret with .. inside",
vol: api.Volume{
Name: "secret",
VolumeSource: api.VolumeSource{
Secret: &api.SecretVolumeSource{
SecretName: "s",
Items: []api.KeyToPath{{Key: "key", Path: "foo/../bar"}},
},
},
},
errtype: field.ErrorTypeInvalid,
errfield: "secret.items[0].path",
},
Add mode permission bits to configmap, secrets and downwardAPI This implements the proposal in: docs/proposals/secret-configmap-downwarapi-file-mode.md Fixes: #28317. The mounttest image is updated so it returns the permissions of the linked file and not the symlink itself.
2016-07-10 20:48:28 -04:00
{
name: "secret with invalid positive defaultMode",
vol: api.Volume{
Name: "secret",
VolumeSource: api.VolumeSource{
Secret: &api.SecretVolumeSource{
SecretName: "s",
DefaultMode: newInt32(01000),
},
},
},
errtype: field.ErrorTypeInvalid,
errfield: "secret.defaultMode",
},
{
name: "secret with invalid negative defaultMode",
vol: api.Volume{
Name: "secret",
VolumeSource: api.VolumeSource{
Secret: &api.SecretVolumeSource{
SecretName: "s",
DefaultMode: newInt32(-1),
},
},
},
errtype: field.ErrorTypeInvalid,
errfield: "secret.defaultMode",
},
Clean up the ugliest unit test ever This volume-validation test was a disaster. Better now, if longer to scroll-through.
2016-07-30 02:52:25 -04:00
// ConfigMap
{
name: "valid ConfigMap",
vol: api.Volume{
Name: "cfgmap",
VolumeSource: api.VolumeSource{
ConfigMap: &api.ConfigMapVolumeSource{
LocalObjectReference: api.LocalObjectReference{
Name: "my-cfgmap",
},
},
},
},
},
{
Add mode permission bits to configmap, secrets and downwardAPI This implements the proposal in: docs/proposals/secret-configmap-downwarapi-file-mode.md Fixes: #28317. The mounttest image is updated so it returns the permissions of the linked file and not the symlink itself.
2016-07-10 20:48:28 -04:00
name: "valid ConfigMap with defaultMode",
vol: api.Volume{
Name: "cfgmap",
VolumeSource: api.VolumeSource{
ConfigMap: &api.ConfigMapVolumeSource{
LocalObjectReference: api.LocalObjectReference{
Name: "my-cfgmap",
},
DefaultMode: newInt32(0644),
},
},
},
},
{
name: "valid ConfigMap with projection and mode",
Clean up the ugliest unit test ever This volume-validation test was a disaster. Better now, if longer to scroll-through.
2016-07-30 02:52:25 -04:00
vol: api.Volume{
Name: "cfgmap",
VolumeSource: api.VolumeSource{
ConfigMap: &api.ConfigMapVolumeSource{
LocalObjectReference: api.LocalObjectReference{
Name: "my-cfgmap"},
Items: []api.KeyToPath{{
Key: "key",
Path: "filename",
Add mode permission bits to configmap, secrets and downwardAPI This implements the proposal in: docs/proposals/secret-configmap-downwarapi-file-mode.md Fixes: #28317. The mounttest image is updated so it returns the permissions of the linked file and not the symlink itself.
2016-07-10 20:48:28 -04:00
Mode: newInt32(0644),
Clean up the ugliest unit test ever This volume-validation test was a disaster. Better now, if longer to scroll-through.
2016-07-30 02:52:25 -04:00
}},
},
},
},
},
{
name: "valid ConfigMap with subdir projection",
vol: api.Volume{
Name: "cfgmap",
VolumeSource: api.VolumeSource{
ConfigMap: &api.ConfigMapVolumeSource{
LocalObjectReference: api.LocalObjectReference{
Name: "my-cfgmap"},
Items: []api.KeyToPath{{
Key: "key",
Path: "dir/filename",
}},
},
},
},
},
{
name: "configmap with missing path",
vol: api.Volume{
Name: "cfgmap",
VolumeSource: api.VolumeSource{
ConfigMap: &api.ConfigMapVolumeSource{
LocalObjectReference: api.LocalObjectReference{Name: "c"},
Items: []api.KeyToPath{{Key: "key", Path: ""}},
},
},
},
errtype: field.ErrorTypeRequired,
errfield: "configMap.items[0].path",
},
{
name: "configmap with leading ..",
vol: api.Volume{
Name: "cfgmap",
VolumeSource: api.VolumeSource{
ConfigMap: &api.ConfigMapVolumeSource{
LocalObjectReference: api.LocalObjectReference{Name: "c"},
Items: []api.KeyToPath{{Key: "key", Path: "../foo"}},
},
},
},
errtype: field.ErrorTypeInvalid,
errfield: "configMap.items[0].path",
},
{
name: "configmap with .. inside",
vol: api.Volume{
Name: "cfgmap",
VolumeSource: api.VolumeSource{
ConfigMap: &api.ConfigMapVolumeSource{
LocalObjectReference: api.LocalObjectReference{Name: "c"},
Items: []api.KeyToPath{{Key: "key", Path: "foo/../bar"}},
},
},
},
errtype: field.ErrorTypeInvalid,
errfield: "configMap.items[0].path",
},
Add mode permission bits to configmap, secrets and downwardAPI This implements the proposal in: docs/proposals/secret-configmap-downwarapi-file-mode.md Fixes: #28317. The mounttest image is updated so it returns the permissions of the linked file and not the symlink itself.
2016-07-10 20:48:28 -04:00
{
name: "configmap with invalid positive defaultMode",
vol: api.Volume{
Name: "cfgmap",
VolumeSource: api.VolumeSource{
ConfigMap: &api.ConfigMapVolumeSource{
LocalObjectReference: api.LocalObjectReference{Name: "c"},
DefaultMode: newInt32(01000),
},
},
},
errtype: field.ErrorTypeInvalid,
errfield: "configMap.defaultMode",
},
{
name: "configmap with invalid negative defaultMode",
vol: api.Volume{
Name: "cfgmap",
VolumeSource: api.VolumeSource{
ConfigMap: &api.ConfigMapVolumeSource{
LocalObjectReference: api.LocalObjectReference{Name: "c"},
DefaultMode: newInt32(-1),
},
},
},
errtype: field.ErrorTypeInvalid,
errfield: "configMap.defaultMode",
},
Clean up the ugliest unit test ever This volume-validation test was a disaster. Better now, if longer to scroll-through.
2016-07-30 02:52:25 -04:00
// Glusterfs
{
name: "valid Glusterfs",
vol: api.Volume{
Name: "glusterfs",
VolumeSource: api.VolumeSource{
Glusterfs: &api.GlusterfsVolumeSource{
EndpointsName: "host1",
Path: "path",
ReadOnly: false,
},
},
},
},
{
name: "empty hosts",
vol: api.Volume{
Name: "glusterfs",
VolumeSource: api.VolumeSource{
Glusterfs: &api.GlusterfsVolumeSource{
EndpointsName: "",
Path: "path",
ReadOnly: false,
},
},
},
errtype: field.ErrorTypeRequired,
errfield: "glusterfs.endpoints",
},
{
name: "empty path",
vol: api.Volume{
Name: "glusterfs",
VolumeSource: api.VolumeSource{
Glusterfs: &api.GlusterfsVolumeSource{
EndpointsName: "host",
Path: "",
ReadOnly: false,
},
},
},
errtype: field.ErrorTypeRequired,
errfield: "glusterfs.path",
},
// Flocker
{
Adds datasetUUID for referencing flocker datasets * flocker datasets should be attached using an unique identifier. This is not the case for the name metadata used by datasetName * allow only one of datasetUUID / datasetName specified
2016-08-01 06:45:03 -04:00
name: "valid Flocker -- datasetUUID",
vol: api.Volume{
Name: "flocker",
VolumeSource: api.VolumeSource{
Flocker: &api.FlockerVolumeSource{
DatasetUUID: "d846b09d-223d-43df-ab5b-d6db2206a0e4",
},
},
},
},
{
name: "valid Flocker -- datasetName",
Clean up the ugliest unit test ever This volume-validation test was a disaster. Better now, if longer to scroll-through.
2016-07-30 02:52:25 -04:00
vol: api.Volume{
Name: "flocker",
VolumeSource: api.VolumeSource{
Flocker: &api.FlockerVolumeSource{
DatasetName: "datasetName",
},
},
},
},
{
Adds datasetUUID for referencing flocker datasets * flocker datasets should be attached using an unique identifier. This is not the case for the name metadata used by datasetName * allow only one of datasetUUID / datasetName specified
2016-08-01 06:45:03 -04:00
name: "both empty",
Clean up the ugliest unit test ever This volume-validation test was a disaster. Better now, if longer to scroll-through.
2016-07-30 02:52:25 -04:00
vol: api.Volume{
Name: "flocker",
VolumeSource: api.VolumeSource{
Flocker: &api.FlockerVolumeSource{
DatasetName: "",
},
},
},
errtype: field.ErrorTypeRequired,
Adds datasetUUID for referencing flocker datasets * flocker datasets should be attached using an unique identifier. This is not the case for the name metadata used by datasetName * allow only one of datasetUUID / datasetName specified
2016-08-01 06:45:03 -04:00
errfield: "flocker",
},
{
name: "both specified",
vol: api.Volume{
Name: "flocker",
VolumeSource: api.VolumeSource{
Flocker: &api.FlockerVolumeSource{
DatasetName: "datasetName",
DatasetUUID: "d846b09d-223d-43df-ab5b-d6db2206a0e4",
},
},
},
errtype: field.ErrorTypeInvalid,
errfield: "flocker",
Clean up the ugliest unit test ever This volume-validation test was a disaster. Better now, if longer to scroll-through.
2016-07-30 02:52:25 -04:00
},
{
name: "slash in flocker datasetName",
vol: api.Volume{
Name: "flocker",
VolumeSource: api.VolumeSource{
Flocker: &api.FlockerVolumeSource{
DatasetName: "foo/bar",
},
},
},
errtype: field.ErrorTypeInvalid,
errfield: "flocker.datasetName",
errdetail: "must not contain '/'",
},
// RBD
{
name: "valid RBD",
vol: api.Volume{
Name: "rbd",
VolumeSource: api.VolumeSource{
RBD: &api.RBDVolumeSource{
CephMonitors: []string{"foo"},
RBDImage: "bar",
FSType: "ext4",
},
},
},
},
{
name: "empty rbd monitors",
vol: api.Volume{
Name: "rbd",
VolumeSource: api.VolumeSource{
RBD: &api.RBDVolumeSource{
CephMonitors: []string{},
RBDImage: "bar",
FSType: "ext4",
},
},
},
errtype: field.ErrorTypeRequired,
errfield: "rbd.monitors",
},
{
name: "empty image",
vol: api.Volume{
Name: "rbd",
VolumeSource: api.VolumeSource{
RBD: &api.RBDVolumeSource{
CephMonitors: []string{"foo"},
RBDImage: "",
FSType: "ext4",
},
},
},
errtype: field.ErrorTypeRequired,
errfield: "rbd.image",
},
// Cinder
{
name: "valid Cinder",
vol: api.Volume{
Name: "cinder",
VolumeSource: api.VolumeSource{
Cinder: &api.CinderVolumeSource{
VolumeID: "29ea5088-4f60-4757-962e-dba678767887",
FSType: "ext4",
ReadOnly: false,
},
},
},
},
// CephFS
{
name: "valid CephFS",
vol: api.Volume{
Name: "cephfs",
VolumeSource: api.VolumeSource{
CephFS: &api.CephFSVolumeSource{
Monitors: []string{"foo"},
},
},
},
},
{
name: "empty cephfs monitors",
vol: api.Volume{
Name: "cephfs",
VolumeSource: api.VolumeSource{
CephFS: &api.CephFSVolumeSource{
Monitors: []string{},
},
},
},
errtype: field.ErrorTypeRequired,
errfield: "cephfs.monitors",
},
// DownwardAPI
{
name: "valid DownwardAPI",
vol: api.Volume{
Name: "downwardapi",
VolumeSource: api.VolumeSource{
DownwardAPI: &api.DownwardAPIVolumeSource{
Items: []api.DownwardAPIVolumeFile{
{
Path: "labels",
FieldRef: &api.ObjectFieldSelector{
APIVersion: "v1",
FieldPath: "metadata.labels",
},
},
{
Path: "annotations",
FieldRef: &api.ObjectFieldSelector{
APIVersion: "v1",
FieldPath: "metadata.annotations",
},
},
{
Path: "namespace",
FieldRef: &api.ObjectFieldSelector{
APIVersion: "v1",
FieldPath: "metadata.namespace",
},
},
{
Path: "name",
FieldRef: &api.ObjectFieldSelector{
APIVersion: "v1",
FieldPath: "metadata.name",
},
},
{
Path: "path/with/subdirs",
FieldRef: &api.ObjectFieldSelector{
APIVersion: "v1",
FieldPath: "metadata.labels",
},
},
{
Path: "path/./withdot",
FieldRef: &api.ObjectFieldSelector{
APIVersion: "v1",
FieldPath: "metadata.labels",
},
},
{
Path: "path/with/embedded..dotdot",
FieldRef: &api.ObjectFieldSelector{
APIVersion: "v1",
FieldPath: "metadata.labels",
},
},
{
Path: "path/with/leading/..dotdot",
FieldRef: &api.ObjectFieldSelector{
APIVersion: "v1",
FieldPath: "metadata.labels",
},
},
{
Path: "cpu_limit",
ResourceFieldRef: &api.ResourceFieldSelector{
ContainerName: "test-container",
Resource: "limits.cpu",
},
},
{
Path: "cpu_request",
ResourceFieldRef: &api.ResourceFieldSelector{
ContainerName: "test-container",
Resource: "requests.cpu",
},
},
{
Path: "memory_limit",
ResourceFieldRef: &api.ResourceFieldSelector{
ContainerName: "test-container",
Resource: "limits.memory",
},
},
{
Path: "memory_request",
ResourceFieldRef: &api.ResourceFieldSelector{
ContainerName: "test-container",
Resource: "requests.memory",
},
},
},
},
},
},
},
Add mode permission bits to configmap, secrets and downwardAPI This implements the proposal in: docs/proposals/secret-configmap-downwarapi-file-mode.md Fixes: #28317. The mounttest image is updated so it returns the permissions of the linked file and not the symlink itself.
2016-07-10 20:48:28 -04:00
{
name: "downapi valid defaultMode",
vol: api.Volume{
Name: "downapi",
VolumeSource: api.VolumeSource{
DownwardAPI: &api.DownwardAPIVolumeSource{
DefaultMode: newInt32(0644),
},
},
},
},
{
name: "downapi valid item mode",
vol: api.Volume{
Name: "downapi",
VolumeSource: api.VolumeSource{
DownwardAPI: &api.DownwardAPIVolumeSource{
Items: []api.DownwardAPIVolumeFile{{
Mode: newInt32(0644),
Path: "path",
FieldRef: &api.ObjectFieldSelector{
APIVersion: "v1",
FieldPath: "metadata.labels",
},
}},
},
},
},
},
{
name: "downapi invalid positive item mode",
vol: api.Volume{
Name: "downapi",
VolumeSource: api.VolumeSource{
DownwardAPI: &api.DownwardAPIVolumeSource{
Items: []api.DownwardAPIVolumeFile{{
Mode: newInt32(01000),
Path: "path",
FieldRef: &api.ObjectFieldSelector{
APIVersion: "v1",
FieldPath: "metadata.labels",
},
}},
},
},
},
errtype: field.ErrorTypeInvalid,
errfield: "downwardAPI.mode",
},
{
name: "downapi invalid negative item mode",
vol: api.Volume{
Name: "downapi",
VolumeSource: api.VolumeSource{
DownwardAPI: &api.DownwardAPIVolumeSource{
Items: []api.DownwardAPIVolumeFile{{
Mode: newInt32(-1),
Path: "path",
FieldRef: &api.ObjectFieldSelector{
APIVersion: "v1",
FieldPath: "metadata.labels",
},
}},
},
},
},
errtype: field.ErrorTypeInvalid,
errfield: "downwardAPI.mode",
},
Clean up the ugliest unit test ever This volume-validation test was a disaster. Better now, if longer to scroll-through.
2016-07-30 02:52:25 -04:00
{
name: "downapi empty metatada path",
vol: api.Volume{
Name: "downapi",
VolumeSource: api.VolumeSource{
DownwardAPI: &api.DownwardAPIVolumeSource{
Items: []api.DownwardAPIVolumeFile{{
Path: "",
FieldRef: &api.ObjectFieldSelector{
APIVersion: "v1",
FieldPath: "metadata.labels",
},
}},
},
},
},
errtype: field.ErrorTypeRequired,
errfield: "downwardAPI.path",
},
{
name: "downapi absolute path",
vol: api.Volume{
Name: "downapi",
VolumeSource: api.VolumeSource{
DownwardAPI: &api.DownwardAPIVolumeSource{
Items: []api.DownwardAPIVolumeFile{{
Path: "/absolutepath",
FieldRef: &api.ObjectFieldSelector{
APIVersion: "v1",
FieldPath: "metadata.labels",
},
}},
},
},
},
errtype: field.ErrorTypeInvalid,
errfield: "downwardAPI.path",
},
{
name: "downapi dot dot path",
vol: api.Volume{
Name: "downapi",
VolumeSource: api.VolumeSource{
DownwardAPI: &api.DownwardAPIVolumeSource{
Items: []api.DownwardAPIVolumeFile{{
Path: "../../passwd",
FieldRef: &api.ObjectFieldSelector{
APIVersion: "v1",
FieldPath: "metadata.labels",
},
}},
},
},
},
errtype: field.ErrorTypeInvalid,
errfield: "downwardAPI.path",
errdetail: `must not contain '..'`,
},
{
name: "downapi dot dot file name",
vol: api.Volume{
Name: "downapi",
VolumeSource: api.VolumeSource{
DownwardAPI: &api.DownwardAPIVolumeSource{
Items: []api.DownwardAPIVolumeFile{{
Path: "..badFileName",
FieldRef: &api.ObjectFieldSelector{
APIVersion: "v1",
FieldPath: "metadata.labels",
},
}},
},
},
},
errtype: field.ErrorTypeInvalid,
errfield: "downwardAPI.path",
errdetail: `must not start with '..'`,
},
{
name: "downapi dot dot first level dirent",
vol: api.Volume{
Name: "downapi",
VolumeSource: api.VolumeSource{
DownwardAPI: &api.DownwardAPIVolumeSource{
Items: []api.DownwardAPIVolumeFile{{
Path: "..badDirName/goodFileName",
FieldRef: &api.ObjectFieldSelector{
APIVersion: "v1",
FieldPath: "metadata.labels",
},
}},
},
},
},
errtype: field.ErrorTypeInvalid,
errfield: "downwardAPI.path",
errdetail: `must not start with '..'`,
},
{
name: "downapi fieldRef and ResourceFieldRef together",
vol: api.Volume{
Name: "downapi",
VolumeSource: api.VolumeSource{
DownwardAPI: &api.DownwardAPIVolumeSource{
Items: []api.DownwardAPIVolumeFile{{
Path: "test",
FieldRef: &api.ObjectFieldSelector{
APIVersion: "v1",
FieldPath: "metadata.labels",
},
ResourceFieldRef: &api.ResourceFieldSelector{
ContainerName: "test-container",
Resource: "requests.memory",
},
}},
},
},
},
errtype: field.ErrorTypeInvalid,
errfield: "downwardAPI",
errdetail: "fieldRef and resourceFieldRef can not be specified simultaneously",
},
Add mode permission bits to configmap, secrets and downwardAPI This implements the proposal in: docs/proposals/secret-configmap-downwarapi-file-mode.md Fixes: #28317. The mounttest image is updated so it returns the permissions of the linked file and not the symlink itself.
2016-07-10 20:48:28 -04:00
{
name: "downapi invalid positive defaultMode",
vol: api.Volume{
Name: "downapi",
VolumeSource: api.VolumeSource{
DownwardAPI: &api.DownwardAPIVolumeSource{
DefaultMode: newInt32(01000),
},
},
},
errtype: field.ErrorTypeInvalid,
errfield: "downwardAPI.defaultMode",
},
{
name: "downapi invalid negative defaultMode",
vol: api.Volume{
Name: "downapi",
VolumeSource: api.VolumeSource{
DownwardAPI: &api.DownwardAPIVolumeSource{
DefaultMode: newInt32(-1),
},
},
},
errtype: field.ErrorTypeInvalid,
errfield: "downwardAPI.defaultMode",
},
Clean up the ugliest unit test ever This volume-validation test was a disaster. Better now, if longer to scroll-through.
2016-07-30 02:52:25 -04:00
// FC
{
name: "valid FC",
vol: api.Volume{
Name: "fc",
VolumeSource: api.VolumeSource{
FC: &api.FCVolumeSource{
TargetWWNs: []string{"some_wwn"},
Lun: newInt32(1),
FSType: "ext4",
ReadOnly: false,
},
},
},
},
{
name: "fc empty wwn",
vol: api.Volume{
Name: "fc",
VolumeSource: api.VolumeSource{
FC: &api.FCVolumeSource{
TargetWWNs: []string{},
Lun: newInt32(1),
FSType: "ext4",
ReadOnly: false,
},
},
},
errtype: field.ErrorTypeRequired,
errfield: "fc.targetWWNs",
},
{
name: "fc empty lun",
vol: api.Volume{
Name: "fc",
VolumeSource: api.VolumeSource{
FC: &api.FCVolumeSource{
TargetWWNs: []string{"wwn"},
Lun: nil,
FSType: "ext4",
ReadOnly: false,
},
},
},
errtype: field.ErrorTypeRequired,
errfield: "fc.lun",
},
// FlexVolume
{
name: "valid FlexVolume",
vol: api.Volume{
Name: "flex-volume",
VolumeSource: api.VolumeSource{
FlexVolume: &api.FlexVolumeSource{
Driver: "kubernetes.io/blue",
FSType: "ext4",
},
},
},
},
// AzureFile
{
name: "valid AzureFile",
vol: api.Volume{
Name: "azure-file",
VolumeSource: api.VolumeSource{
AzureFile: &api.AzureFileVolumeSource{
SecretName: "key",
ShareName: "share",
ReadOnly: false,
},
},
},
},
{
name: "AzureFile empty secret",
vol: api.Volume{
Name: "azure-file",
VolumeSource: api.VolumeSource{
AzureFile: &api.AzureFileVolumeSource{
SecretName: "",
ShareName: "share",
ReadOnly: false,
},
},
},
errtype: field.ErrorTypeRequired,
errfield: "azureFile.secretName",
},
{
name: "AzureFile empty share",
vol: api.Volume{
Name: "azure-file",
VolumeSource: api.VolumeSource{
AzureFile: &api.AzureFileVolumeSource{
SecretName: "name",
ShareName: "",
ReadOnly: false,
},
},
},
errtype: field.ErrorTypeRequired,
errfield: "azureFile.shareName",
Downward API implementation for resources limits and requests
2016-05-23 18:08:22 -04:00
},
Initial Quobyte support
2016-04-20 04:38:19 -04:00
// Quobyte
{
name: "valid Quobyte",
vol: api.Volume{
Name: "quobyte",
VolumeSource: api.VolumeSource{
Quobyte: &api.QuobyteVolumeSource{
Registry: "registry:7861",
Volume: "volume",
ReadOnly: false,
User: "root",
Group: "root",
},
},
},
},
{
name: "empty registry quobyte",
vol: api.Volume{
Name: "quobyte",
VolumeSource: api.VolumeSource{
Quobyte: &api.QuobyteVolumeSource{
Volume: "/test",
},
},
},
errtype: field.ErrorTypeRequired,
errfield: "quobyte.registry",
},
{
name: "wrong format registry quobyte",
vol: api.Volume{
Name: "quobyte",
VolumeSource: api.VolumeSource{
Quobyte: &api.QuobyteVolumeSource{
Registry: "registry7861",
Volume: "/test",
},
},
},
errtype: field.ErrorTypeInvalid,
errfield: "quobyte.registry",
},
{
name: "wrong format multiple registries quobyte",
vol: api.Volume{
Name: "quobyte",
VolumeSource: api.VolumeSource{
Quobyte: &api.QuobyteVolumeSource{
Registry: "registry:7861,reg2",
Volume: "/test",
},
},
},
errtype: field.ErrorTypeInvalid,
errfield: "quobyte.registry",
},
{
name: "empty volume quobyte",
vol: api.Volume{
Name: "quobyte",
VolumeSource: api.VolumeSource{
Quobyte: &api.QuobyteVolumeSource{
Registry: "registry:7861",
},
},
},
errtype: field.ErrorTypeRequired,
errfield: "quobyte.volume",
},
support Azure data disk volume Signed-off-by: Huamin Chen <hchen@redhat.com>
2016-07-27 14:07:34 -04:00
// AzureDisk
{
name: "valid AzureDisk",
vol: api.Volume{
Name: "azure-disk",
VolumeSource: api.VolumeSource{
AzureDisk: &api.AzureDiskVolumeSource{
DiskName: "foo",
DataDiskURI: "https://blob/vhds/bar.vhd",
},
},
},
},
{
name: "AzureDisk empty disk name",
vol: api.Volume{
Name: "azure-disk",
VolumeSource: api.VolumeSource{
AzureDisk: &api.AzureDiskVolumeSource{
DiskName: "",
DataDiskURI: "https://blob/vhds/bar.vhd",
},
},
},
errtype: field.ErrorTypeRequired,
errfield: "azureDisk.diskName",
},
{
name: "AzureDisk empty disk uri",
vol: api.Volume{
Name: "azure-disk",
VolumeSource: api.VolumeSource{
AzureDisk: &api.AzureDiskVolumeSource{
DiskName: "foo",
DataDiskURI: "",
},
},
},
errtype: field.ErrorTypeRequired,
errfield: "azureDisk.diskURI",
},
Add validation of Volumes
2014-07-01 17:40:36 -04:00
}
Clean up the ugliest unit test ever This volume-validation test was a disaster. Better now, if longer to scroll-through.
2016-07-30 02:52:25 -04:00
for i, tc := range testCases {
names, errs := validateVolumes([]api.Volume{tc.vol}, field.NewPath("field"))
if len(errs) > 0 && tc.errtype == "" {
t.Errorf("[%d: %q] unexpected error(s): %v", i, tc.name, errs)
} else if len(errs) > 1 {
t.Errorf("[%d: %q] expected 1 error, got %d: %v", i, tc.name, len(errs), errs)
} else if len(errs) == 0 && tc.errtype != "" {
t.Errorf("[%d: %q] expected error type %v", i, tc.name, tc.errtype)
} else if len(errs) == 1 {
if errs[0].Type != tc.errtype {
t.Errorf("[%d: %q] expected error type %v, got %v", i, tc.name, tc.errtype, errs[0].Type)
} else if !strings.HasSuffix(errs[0].Field, "."+tc.errfield) {
t.Errorf("[%d: %q] expected error on field %q, got %q", i, tc.name, tc.errfield, errs[0].Field)
} else if !strings.Contains(errs[0].Detail, tc.errdetail) {
t.Errorf("[%d: %q] expected error detail %q, got %q", i, tc.name, tc.errdetail, errs[0].Detail)
Convert field errors into a selector for the object Satisfies the "Field" condition for a Cause. Also addresses parts of #914.
2014-08-19 23:54:20 -04:00
}
Clean up the ugliest unit test ever This volume-validation test was a disaster. Better now, if longer to scroll-through.
2016-07-30 02:52:25 -04:00
} else {
if len(names) != 1 || !names.Has(tc.vol.Name) {
t.Errorf("[%d: %q] wrong names result: %v", i, tc.name, names)
Add more information to Validator error messages.
2015-02-04 19:36:27 -05:00
}
Add validation for Container.Env This includes backwards compat with the older "key" field.
2014-07-01 18:56:30 -04:00
}
}
Clean up the ugliest unit test ever This volume-validation test was a disaster. Better now, if longer to scroll-through.
2016-07-30 02:52:25 -04:00
dupsCase := []api.Volume{
{Name: "abc", VolumeSource: api.VolumeSource{EmptyDir: &api.EmptyDirVolumeSource{}}},
{Name: "abc", VolumeSource: api.VolumeSource{EmptyDir: &api.EmptyDirVolumeSource{}}},
}
_, errs := validateVolumes(dupsCase, field.NewPath("field"))
if len(errs) == 0 {
t.Errorf("expected error")
} else if len(errs) != 1 {
t.Errorf("expected 1 error, got %d: %v", len(errs), errs)
} else if errs[0].Type != field.ErrorTypeDuplicate {
t.Errorf("expected error type %v, got %v", field.ErrorTypeDuplicate, errs[0].Type)
}
Add validation for Container.Env This includes backwards compat with the older "key" field.
2014-07-01 18:56:30 -04:00
}
Add validation of Ports Also do caseless compares for "enum" strings.
2014-07-08 00:32:56 -04:00
func TestValidatePorts(t *testing.T) {
Rename type Port to ContainerPort Sadly I had to do this by hand - I just could not get gorename to fix up users of it.
2015-02-23 17:25:56 -05:00
successCase := []api.ContainerPort{
Add validation of Ports Also do caseless compares for "enum" strings.
2014-07-08 00:32:56 -04:00
{Name: "abc", ContainerPort: 80, HostPort: 80, Protocol: "TCP"},
{Name: "easy", ContainerPort: 82, Protocol: "TCP"},
{Name: "as", ContainerPort: 83, Protocol: "UDP"},
Factor out API defaulting from validation logic Currently, the validation logic validates fields in an object and supply default values wherever applies. This change factors out defaulting to a set of defaulting callback functions for decoding (see #1502 for more discussion). * This change is based on pull request 2587. * Most defaulting has been migrated to defaults.go where the defaulting functions are added. * validation_test.go and converter_test.go have been adapted to not testing the default values. * Fixed all tests with that create invalid objects with the absence of defaulting logic.
2015-01-26 12:52:50 -05:00
{Name: "do-re-me", ContainerPort: 84, Protocol: "UDP"},
{ContainerPort: 85, Protocol: "TCP"},
Add validation of Ports Also do caseless compares for "enum" strings.
2014-07-08 00:32:56 -04:00
}
Move FieldPath and errors to a sub-package This makes the naming and reading a lot simpler.
2015-11-06 18:30:52 -05:00
if errs := validateContainerPorts(successCase, field.NewPath("field")); len(errs) != 0 {
Accumulate validation errors Rather than report the first error, accumulate all errors and report them all at once.
2014-07-08 02:20:30 -04:00
t.Errorf("expected success: %v", errs)
Add validation of Ports Also do caseless compares for "enum" strings.
2014-07-08 00:32:56 -04:00
}
Rename type Port to ContainerPort Sadly I had to do this by hand - I just could not get gorename to fix up users of it.
2015-02-23 17:25:56 -05:00
nonCanonicalCase := []api.ContainerPort{
Factor out API defaulting from validation logic Currently, the validation logic validates fields in an object and supply default values wherever applies. This change factors out defaulting to a set of defaulting callback functions for decoding (see #1502 for more discussion). * This change is based on pull request 2587. * Most defaulting has been migrated to defaults.go where the defaulting functions are added. * validation_test.go and converter_test.go have been adapted to not testing the default values. * Fixed all tests with that create invalid objects with the absence of defaulting logic.
2015-01-26 12:52:50 -05:00
{ContainerPort: 80, Protocol: "TCP"},
Add validation of Ports Also do caseless compares for "enum" strings.
2014-07-08 00:32:56 -04:00
}
Move FieldPath and errors to a sub-package This makes the naming and reading a lot simpler.
2015-11-06 18:30:52 -05:00
if errs := validateContainerPorts(nonCanonicalCase, field.NewPath("field")); len(errs) != 0 {
Accumulate validation errors Rather than report the first error, accumulate all errors and report them all at once.
2014-07-08 02:20:30 -04:00
t.Errorf("expected success: %v", errs)
Add validation of Ports Also do caseless compares for "enum" strings.
2014-07-08 00:32:56 -04:00
}
Convert field errors into a selector for the object Satisfies the "Field" condition for a Cause. Also addresses parts of #914.
2014-08-19 23:54:20 -04:00
errorCases := map[string]struct {
Rename type Port to ContainerPort Sadly I had to do this by hand - I just could not get gorename to fix up users of it.
2015-02-23 17:25:56 -05:00
P []api.ContainerPort
Move FieldPath and errors to a sub-package This makes the naming and reading a lot simpler.
2015-11-06 18:30:52 -05:00
T field.ErrorType
Convert field errors into a selector for the object Satisfies the "Field" condition for a Cause. Also addresses parts of #914.
2014-08-19 23:54:20 -04:00
F string
Add more information to Validator error messages.
2015-02-04 19:36:27 -05:00
D string
Convert field errors into a selector for the object Satisfies the "Field" condition for a Cause. Also addresses parts of #914.
2014-08-19 23:54:20 -04:00
}{
Convert validation to use FieldPath Before this change we have a mish-mash of ways to pass field names around for error generation. Sometimes string fieldnames, sometimes .Prefix(), sometimes neither, often wrong names or not indexed when it should be. Instead of that mess, this is part one of a couple of commits that will make it more strongly typed and hopefully encourage correct behavior. At least you will have to think about field names, which is better than nothing. It turned out to be really hard to do this incrementally.
2015-11-04 16:52:14 -05:00
"name > 15 characters": {
[]api.ContainerPort{{Name: strings.Repeat("a", 16), ContainerPort: 80, Protocol: "TCP"}},
Move FieldPath and errors to a sub-package This makes the naming and reading a lot simpler.
2015-11-06 18:30:52 -05:00
field.ErrorTypeInvalid,
Make IsValidPortNum/Name return error strings
2016-01-04 11:33:26 -05:00
"name", "15",
Convert validation to use FieldPath Before this change we have a mish-mash of ways to pass field names around for error generation. Sometimes string fieldnames, sometimes .Prefix(), sometimes neither, often wrong names or not indexed when it should be. Instead of that mess, this is part one of a couple of commits that will make it more strongly typed and hopefully encourage correct behavior. At least you will have to think about field names, which is better than nothing. It turned out to be really hard to do this incrementally.
2015-11-04 16:52:14 -05:00
},
Make IsValidPortNum/Name return error strings
2016-01-04 11:33:26 -05:00
"name contains invalid characters": {
Convert validation to use FieldPath Before this change we have a mish-mash of ways to pass field names around for error generation. Sometimes string fieldnames, sometimes .Prefix(), sometimes neither, often wrong names or not indexed when it should be. Instead of that mess, this is part one of a couple of commits that will make it more strongly typed and hopefully encourage correct behavior. At least you will have to think about field names, which is better than nothing. It turned out to be really hard to do this incrementally.
2015-11-04 16:52:14 -05:00
[]api.ContainerPort{{Name: "a.b.c", ContainerPort: 80, Protocol: "TCP"}},
Move FieldPath and errors to a sub-package This makes the naming and reading a lot simpler.
2015-11-06 18:30:52 -05:00
field.ErrorTypeInvalid,
Make IsValidPortNum/Name return error strings
2016-01-04 11:33:26 -05:00
"name", "alpha-numeric",
Convert validation to use FieldPath Before this change we have a mish-mash of ways to pass field names around for error generation. Sometimes string fieldnames, sometimes .Prefix(), sometimes neither, often wrong names or not indexed when it should be. Instead of that mess, this is part one of a couple of commits that will make it more strongly typed and hopefully encourage correct behavior. At least you will have to think about field names, which is better than nothing. It turned out to be really hard to do this incrementally.
2015-11-04 16:52:14 -05:00
},
Make IsValidPortNum/Name return error strings
2016-01-04 11:33:26 -05:00
"name is a number": {
Convert validation to use FieldPath Before this change we have a mish-mash of ways to pass field names around for error generation. Sometimes string fieldnames, sometimes .Prefix(), sometimes neither, often wrong names or not indexed when it should be. Instead of that mess, this is part one of a couple of commits that will make it more strongly typed and hopefully encourage correct behavior. At least you will have to think about field names, which is better than nothing. It turned out to be really hard to do this incrementally.
2015-11-04 16:52:14 -05:00
[]api.ContainerPort{{Name: "80", ContainerPort: 80, Protocol: "TCP"}},
Move FieldPath and errors to a sub-package This makes the naming and reading a lot simpler.
2015-11-06 18:30:52 -05:00
field.ErrorTypeInvalid,
Make IsValidPortNum/Name return error strings
2016-01-04 11:33:26 -05:00
"name", "at least one letter",
Convert validation to use FieldPath Before this change we have a mish-mash of ways to pass field names around for error generation. Sometimes string fieldnames, sometimes .Prefix(), sometimes neither, often wrong names or not indexed when it should be. Instead of that mess, this is part one of a couple of commits that will make it more strongly typed and hopefully encourage correct behavior. At least you will have to think about field names, which is better than nothing. It turned out to be really hard to do this incrementally.
2015-11-04 16:52:14 -05:00
},
"name not unique": {
[]api.ContainerPort{
{Name: "abc", ContainerPort: 80, Protocol: "TCP"},
{Name: "abc", ContainerPort: 81, Protocol: "TCP"},
},
Move FieldPath and errors to a sub-package This makes the naming and reading a lot simpler.
2015-11-06 18:30:52 -05:00
field.ErrorTypeDuplicate,
Convert validation to use FieldPath Before this change we have a mish-mash of ways to pass field names around for error generation. Sometimes string fieldnames, sometimes .Prefix(), sometimes neither, often wrong names or not indexed when it should be. Instead of that mess, this is part one of a couple of commits that will make it more strongly typed and hopefully encourage correct behavior. At least you will have to think about field names, which is better than nothing. It turned out to be really hard to do this incrementally.
2015-11-04 16:52:14 -05:00
"[1].name", "",
},
"zero container port": {
[]api.ContainerPort{{ContainerPort: 0, Protocol: "TCP"}},
Make IsValidPortNum/Name return error strings
2016-01-04 11:33:26 -05:00
field.ErrorTypeRequired,
"containerPort", "",
Convert validation to use FieldPath Before this change we have a mish-mash of ways to pass field names around for error generation. Sometimes string fieldnames, sometimes .Prefix(), sometimes neither, often wrong names or not indexed when it should be. Instead of that mess, this is part one of a couple of commits that will make it more strongly typed and hopefully encourage correct behavior. At least you will have to think about field names, which is better than nothing. It turned out to be really hard to do this incrementally.
2015-11-04 16:52:14 -05:00
},
"invalid container port": {
[]api.ContainerPort{{ContainerPort: 65536, Protocol: "TCP"}},
Move FieldPath and errors to a sub-package This makes the naming and reading a lot simpler.
2015-11-06 18:30:52 -05:00
field.ErrorTypeInvalid,
Make IsValidPortNum/Name return error strings
2016-01-04 11:33:26 -05:00
"containerPort", "between",
Convert validation to use FieldPath Before this change we have a mish-mash of ways to pass field names around for error generation. Sometimes string fieldnames, sometimes .Prefix(), sometimes neither, often wrong names or not indexed when it should be. Instead of that mess, this is part one of a couple of commits that will make it more strongly typed and hopefully encourage correct behavior. At least you will have to think about field names, which is better than nothing. It turned out to be really hard to do this incrementally.
2015-11-04 16:52:14 -05:00
},
"invalid host port": {
[]api.ContainerPort{{ContainerPort: 80, HostPort: 65536, Protocol: "TCP"}},
Move FieldPath and errors to a sub-package This makes the naming and reading a lot simpler.
2015-11-06 18:30:52 -05:00
field.ErrorTypeInvalid,
Make IsValidPortNum/Name return error strings
2016-01-04 11:33:26 -05:00
"hostPort", "between",
Convert validation to use FieldPath Before this change we have a mish-mash of ways to pass field names around for error generation. Sometimes string fieldnames, sometimes .Prefix(), sometimes neither, often wrong names or not indexed when it should be. Instead of that mess, this is part one of a couple of commits that will make it more strongly typed and hopefully encourage correct behavior. At least you will have to think about field names, which is better than nothing. It turned out to be really hard to do this incrementally.
2015-11-04 16:52:14 -05:00
},
"invalid protocol case": {
[]api.ContainerPort{{ContainerPort: 80, Protocol: "tcp"}},
Move FieldPath and errors to a sub-package This makes the naming and reading a lot simpler.
2015-11-06 18:30:52 -05:00
field.ErrorTypeNotSupported,
Convert validation to use FieldPath Before this change we have a mish-mash of ways to pass field names around for error generation. Sometimes string fieldnames, sometimes .Prefix(), sometimes neither, often wrong names or not indexed when it should be. Instead of that mess, this is part one of a couple of commits that will make it more strongly typed and hopefully encourage correct behavior. At least you will have to think about field names, which is better than nothing. It turned out to be really hard to do this incrementally.
2015-11-04 16:52:14 -05:00
"protocol", "supported values: TCP, UDP",
},
"invalid protocol": {
[]api.ContainerPort{{ContainerPort: 80, Protocol: "ICMP"}},
Move FieldPath and errors to a sub-package This makes the naming and reading a lot simpler.
2015-11-06 18:30:52 -05:00
field.ErrorTypeNotSupported,
Convert validation to use FieldPath Before this change we have a mish-mash of ways to pass field names around for error generation. Sometimes string fieldnames, sometimes .Prefix(), sometimes neither, often wrong names or not indexed when it should be. Instead of that mess, this is part one of a couple of commits that will make it more strongly typed and hopefully encourage correct behavior. At least you will have to think about field names, which is better than nothing. It turned out to be really hard to do this incrementally.
2015-11-04 16:52:14 -05:00
"protocol", "supported values: TCP, UDP",
},
"protocol required": {
[]api.ContainerPort{{Name: "abc", ContainerPort: 80}},
Move FieldPath and errors to a sub-package This makes the naming and reading a lot simpler.
2015-11-06 18:30:52 -05:00
field.ErrorTypeRequired,
Convert validation to use FieldPath Before this change we have a mish-mash of ways to pass field names around for error generation. Sometimes string fieldnames, sometimes .Prefix(), sometimes neither, often wrong names or not indexed when it should be. Instead of that mess, this is part one of a couple of commits that will make it more strongly typed and hopefully encourage correct behavior. At least you will have to think about field names, which is better than nothing. It turned out to be really hard to do this incrementally.
2015-11-04 16:52:14 -05:00
"protocol", "",
},
Add validation of Ports Also do caseless compares for "enum" strings.
2014-07-08 00:32:56 -04:00
}
for k, v := range errorCases {
Move FieldPath and errors to a sub-package This makes the naming and reading a lot simpler.
2015-11-06 18:30:52 -05:00
errs := validateContainerPorts(v.P, field.NewPath("field"))
Convert field errors into a selector for the object Satisfies the "Field" condition for a Cause. Also addresses parts of #914.
2014-08-19 23:54:20 -04:00
if len(errs) == 0 {
Add validation of Ports Also do caseless compares for "enum" strings.
2014-07-08 00:32:56 -04:00
t.Errorf("expected failure for %s", k)
}
Convert field errors into a selector for the object Satisfies the "Field" condition for a Cause. Also addresses parts of #914.
2014-08-19 23:54:20 -04:00
for i := range errs {
Stronger typing for validation ErrorList
2015-11-03 19:08:20 -05:00
if errs[i].Type != v.T {
Convert validation to use FieldPath Before this change we have a mish-mash of ways to pass field names around for error generation. Sometimes string fieldnames, sometimes .Prefix(), sometimes neither, often wrong names or not indexed when it should be. Instead of that mess, this is part one of a couple of commits that will make it more strongly typed and hopefully encourage correct behavior. At least you will have to think about field names, which is better than nothing. It turned out to be really hard to do this incrementally.
2015-11-04 16:52:14 -05:00
t.Errorf("%s: expected error to have type %q: %q", k, v.T, errs[i].Type)
Convert field errors into a selector for the object Satisfies the "Field" condition for a Cause. Also addresses parts of #914.
2014-08-19 23:54:20 -04:00
}
Convert validation to use FieldPath Before this change we have a mish-mash of ways to pass field names around for error generation. Sometimes string fieldnames, sometimes .Prefix(), sometimes neither, often wrong names or not indexed when it should be. Instead of that mess, this is part one of a couple of commits that will make it more strongly typed and hopefully encourage correct behavior. At least you will have to think about field names, which is better than nothing. It turned out to be really hard to do this incrementally.
2015-11-04 16:52:14 -05:00
if !strings.Contains(errs[i].Field, v.F) {
t.Errorf("%s: expected error field %q: %q", k, v.F, errs[i].Field)
Convert field errors into a selector for the object Satisfies the "Field" condition for a Cause. Also addresses parts of #914.
2014-08-19 23:54:20 -04:00
}
Convert validation to use FieldPath Before this change we have a mish-mash of ways to pass field names around for error generation. Sometimes string fieldnames, sometimes .Prefix(), sometimes neither, often wrong names or not indexed when it should be. Instead of that mess, this is part one of a couple of commits that will make it more strongly typed and hopefully encourage correct behavior. At least you will have to think about field names, which is better than nothing. It turned out to be really hard to do this incrementally.
2015-11-04 16:52:14 -05:00
if !strings.Contains(errs[i].Detail, v.D) {
t.Errorf("%s: expected error detail %q, got %q", k, v.D, errs[i].Detail)
Add more information to Validator error messages.
2015-02-04 19:36:27 -05:00
}
Convert field errors into a selector for the object Satisfies the "Field" condition for a Cause. Also addresses parts of #914.
2014-08-19 23:54:20 -04:00
}
Add validation of Ports Also do caseless compares for "enum" strings.
2014-07-08 00:32:56 -04:00
}
}
Add validation for Container.Env This includes backwards compat with the older "key" field.
2014-07-01 18:56:30 -04:00
func TestValidateEnv(t *testing.T) {
Make validation work when not in the api package.
2014-08-29 21:20:27 -04:00
successCase := []api.EnvVar{
Add validation for Container.Env This includes backwards compat with the older "key" field.
2014-07-01 18:56:30 -04:00
{Name: "abc", Value: "value"},
{Name: "ABC", Value: "value"},
{Name: "AbC_123", Value: "value"},
{Name: "abc", Value: ""},
Add downward API for environment vars
2015-04-23 16:57:30 -04:00
{
Name: "abc",
ValueFrom: &api.EnvVarSource{
Change EnvVarSource.FieldPath -> FieldRef and add example
2015-05-04 13:31:36 -04:00
FieldRef: &api.ObjectFieldSelector{
remove testapi.Default.GroupVersion
2016-10-04 17:20:07 -04:00
APIVersion: registered.GroupOrDie(api.GroupName).GroupVersion.String(),
Add downward API for environment vars
2015-04-23 16:57:30 -04:00
FieldPath: "metadata.name",
},
},
},
Add spec.nodeName and spec.serviceAccountName to downward env var The serviceAccountName is occasionally useful for clients running on Kube that need to know who they are when talking to other components. The nodeName is useful for PetSet or DaemonSet pods that need to make calls back to the API to fetch info about their node. Both fields are immutable, and cannot easily be retrieved in another way.
2016-06-22 12:27:17 -04:00
{
Name: "abc",
ValueFrom: &api.EnvVarSource{
FieldRef: &api.ObjectFieldSelector{
remove testapi.Default.GroupVersion
2016-10-04 17:20:07 -04:00
APIVersion: registered.GroupOrDie(api.GroupName).GroupVersion.String(),
Add spec.nodeName and spec.serviceAccountName to downward env var The serviceAccountName is occasionally useful for clients running on Kube that need to know who they are when talking to other components. The nodeName is useful for PetSet or DaemonSet pods that need to make calls back to the API to fetch info about their node. Both fields are immutable, and cannot easily be retrieved in another way.
2016-06-22 12:27:17 -04:00
FieldPath: "spec.nodeName",
},
},
},
{
Name: "abc",
ValueFrom: &api.EnvVarSource{
FieldRef: &api.ObjectFieldSelector{
remove testapi.Default.GroupVersion
2016-10-04 17:20:07 -04:00
APIVersion: registered.GroupOrDie(api.GroupName).GroupVersion.String(),
Add spec.nodeName and spec.serviceAccountName to downward env var The serviceAccountName is occasionally useful for clients running on Kube that need to know who they are when talking to other components. The nodeName is useful for PetSet or DaemonSet pods that need to make calls back to the API to fetch info about their node. Both fields are immutable, and cannot easily be retrieved in another way.
2016-06-22 12:27:17 -04:00
FieldPath: "spec.serviceAccountName",
},
},
},
Add validation for variant-type of EnvVarSource
2016-01-18 15:07:48 -05:00
{
Name: "secret_value",
ValueFrom: &api.EnvVarSource{
SecretKeyRef: &api.SecretKeySelector{
LocalObjectReference: api.LocalObjectReference{
Name: "some-secret",
},
Key: "secret-key",
},
},
},
Add validation for EnvVarSource variant
2016-01-18 22:31:29 -05:00
{
Name: "ENV_VAR_1",
ValueFrom: &api.EnvVarSource{
ConfigMapKeyRef: &api.ConfigMapKeySelector{
LocalObjectReference: api.LocalObjectReference{
Name: "some-config-map",
},
Key: "some-key",
},
},
},
Add validation for Container.Env This includes backwards compat with the older "key" field.
2014-07-01 18:56:30 -04:00
}
Move FieldPath and errors to a sub-package This makes the naming and reading a lot simpler.
2015-11-06 18:30:52 -05:00
if errs := validateEnv(successCase, field.NewPath("field")); len(errs) != 0 {
Accumulate validation errors Rather than report the first error, accumulate all errors and report them all at once.
2014-07-08 02:20:30 -04:00
t.Errorf("expected success: %v", errs)
Add validation for Container.Env This includes backwards compat with the older "key" field.
2014-07-01 18:56:30 -04:00
}
Add downward API for environment vars
2015-04-23 16:57:30 -04:00
errorCases := []struct {
name string
envs []api.EnvVar
expectedError string
}{
{
name: "zero-length name",
envs: []api.EnvVar{{Name: ""}},
Change how one-of blocks are validated I took a hard look at error output and played until I was happier. This now prints JSON for structs in the error, rather than go's format. Also made the error message easier to read. Fixed tests.
2015-11-15 01:36:25 -05:00
expectedError: "[0].name: Required value",
Add downward API for environment vars
2015-04-23 16:57:30 -04:00
},
{
name: "name not a C identifier",
envs: []api.EnvVar{{Name: "a.b.c"}},
Make CIdentifier return error strings
2015-12-20 01:52:48 -05:00
expectedError: `[0].name: Invalid value: "a.b.c": must match the regex`,
Add downward API for environment vars
2015-04-23 16:57:30 -04:00
},
{
name: "value and valueFrom specified",
envs: []api.EnvVar{{
Name: "abc",
Value: "foo",
ValueFrom: &api.EnvVarSource{
Change EnvVarSource.FieldPath -> FieldRef and add example
2015-05-04 13:31:36 -04:00
FieldRef: &api.ObjectFieldSelector{
remove testapi.Default.GroupVersion
2016-10-04 17:20:07 -04:00
APIVersion: registered.GroupOrDie(api.GroupName).GroupVersion.String(),
Add downward API for environment vars
2015-04-23 16:57:30 -04:00
FieldPath: "metadata.name",
},
},
}},
Change how one-of blocks are validated I took a hard look at error output and played until I was happier. This now prints JSON for structs in the error, rather than go's format. Also made the error message easier to read. Fixed tests.
2015-11-15 01:36:25 -05:00
expectedError: "[0].valueFrom: Invalid value: \"\": may not be specified when `value` is not empty",
Add downward API for environment vars
2015-04-23 16:57:30 -04:00
},
Add validation for variant-type of EnvVarSource
2016-01-18 15:07:48 -05:00
{
Add validation for EnvVarSource variant
2016-01-18 22:31:29 -05:00
name: "valueFrom.fieldRef and valueFrom.secretKeyRef specified",
Add validation for variant-type of EnvVarSource
2016-01-18 15:07:48 -05:00
envs: []api.EnvVar{{
Name: "abc",
ValueFrom: &api.EnvVarSource{
FieldRef: &api.ObjectFieldSelector{
remove testapi.Default.GroupVersion
2016-10-04 17:20:07 -04:00
APIVersion: registered.GroupOrDie(api.GroupName).GroupVersion.String(),
Add validation for variant-type of EnvVarSource
2016-01-18 15:07:48 -05:00
FieldPath: "metadata.name",
},
SecretKeyRef: &api.SecretKeySelector{
LocalObjectReference: api.LocalObjectReference{
Name: "a-secret",
},
Key: "a-key",
},
},
}},
expectedError: "[0].valueFrom: Invalid value: \"\": may not have more than one field specified at a time",
},
Add validation for EnvVarSource variant
2016-01-18 22:31:29 -05:00
{
name: "valueFrom.fieldRef and valueFrom.configMapKeyRef set",
envs: []api.EnvVar{{
Name: "some_var_name",
ValueFrom: &api.EnvVarSource{
FieldRef: &api.ObjectFieldSelector{
remove testapi.Default.GroupVersion
2016-10-04 17:20:07 -04:00
APIVersion: registered.GroupOrDie(api.GroupName).GroupVersion.String(),
Add validation for EnvVarSource variant
2016-01-18 22:31:29 -05:00
FieldPath: "metadata.name",
},
ConfigMapKeyRef: &api.ConfigMapKeySelector{
LocalObjectReference: api.LocalObjectReference{
Name: "some-config-map",
},
Key: "some-key",
},
},
}},
expectedError: `[0].valueFrom: Invalid value: "": may not have more than one field specified at a time`,
},
{
name: "valueFrom.fieldRef and valueFrom.secretKeyRef specified",
envs: []api.EnvVar{{
Name: "abc",
ValueFrom: &api.EnvVarSource{
FieldRef: &api.ObjectFieldSelector{
remove testapi.Default.GroupVersion
2016-10-04 17:20:07 -04:00
APIVersion: registered.GroupOrDie(api.GroupName).GroupVersion.String(),
Add validation for EnvVarSource variant
2016-01-18 22:31:29 -05:00
FieldPath: "metadata.name",
},
SecretKeyRef: &api.SecretKeySelector{
LocalObjectReference: api.LocalObjectReference{
Name: "a-secret",
},
Key: "a-key",
},
ConfigMapKeyRef: &api.ConfigMapKeySelector{
LocalObjectReference: api.LocalObjectReference{
Name: "some-config-map",
},
Key: "some-key",
},
},
}},
expectedError: `[0].valueFrom: Invalid value: "": may not have more than one field specified at a time`,
},
Add downward API for environment vars
2015-04-23 16:57:30 -04:00
{
name: "missing FieldPath on ObjectFieldSelector",
envs: []api.EnvVar{{
Name: "abc",
ValueFrom: &api.EnvVarSource{
Change EnvVarSource.FieldPath -> FieldRef and add example
2015-05-04 13:31:36 -04:00
FieldRef: &api.ObjectFieldSelector{
remove testapi.Default.GroupVersion
2016-10-04 17:20:07 -04:00
APIVersion: registered.GroupOrDie(api.GroupName).GroupVersion.String(),
Add downward API for environment vars
2015-04-23 16:57:30 -04:00
},
},
}},
Change how one-of blocks are validated I took a hard look at error output and played until I was happier. This now prints JSON for structs in the error, rather than go's format. Also made the error message easier to read. Fixed tests.
2015-11-15 01:36:25 -05:00
expectedError: `[0].valueFrom.fieldRef.fieldPath: Required value`,
Add downward API for environment vars
2015-04-23 16:57:30 -04:00
},
{
name: "missing APIVersion on ObjectFieldSelector",
envs: []api.EnvVar{{
Name: "abc",
ValueFrom: &api.EnvVarSource{
Change EnvVarSource.FieldPath -> FieldRef and add example
2015-05-04 13:31:36 -04:00
FieldRef: &api.ObjectFieldSelector{
Add downward API for environment vars
2015-04-23 16:57:30 -04:00
FieldPath: "metadata.name",
},
},
}},
Change how one-of blocks are validated I took a hard look at error output and played until I was happier. This now prints JSON for structs in the error, rather than go's format. Also made the error message easier to read. Fixed tests.
2015-11-15 01:36:25 -05:00
expectedError: `[0].valueFrom.fieldRef.apiVersion: Required value`,
Add downward API for environment vars
2015-04-23 16:57:30 -04:00
},
{
name: "invalid fieldPath",
envs: []api.EnvVar{{
Name: "abc",
ValueFrom: &api.EnvVarSource{
Change EnvVarSource.FieldPath -> FieldRef and add example
2015-05-04 13:31:36 -04:00
FieldRef: &api.ObjectFieldSelector{
Add downward API for environment vars
2015-04-23 16:57:30 -04:00
FieldPath: "metadata.whoops",
remove testapi.Default.GroupVersion
2016-10-04 17:20:07 -04:00
APIVersion: registered.GroupOrDie(api.GroupName).GroupVersion.String(),
Add downward API for environment vars
2015-04-23 16:57:30 -04:00
},
},
}},
Change how one-of blocks are validated I took a hard look at error output and played until I was happier. This now prints JSON for structs in the error, rather than go's format. Also made the error message easier to read. Fixed tests.
2015-11-15 01:36:25 -05:00
expectedError: `[0].valueFrom.fieldRef.fieldPath: Invalid value: "metadata.whoops": error converting fieldPath`,
Add downward API for environment vars
2015-04-23 16:57:30 -04:00
},
adding downward api volume plugin
2015-02-20 00:36:23 -05:00
{
name: "invalid fieldPath labels",
envs: []api.EnvVar{{
Name: "labels",
ValueFrom: &api.EnvVarSource{
FieldRef: &api.ObjectFieldSelector{
FieldPath: "metadata.labels",
APIVersion: "v1",
},
},
}},
Add spec.nodeName and spec.serviceAccountName to downward env var The serviceAccountName is occasionally useful for clients running on Kube that need to know who they are when talking to other components. The nodeName is useful for PetSet or DaemonSet pods that need to make calls back to the API to fetch info about their node. Both fields are immutable, and cannot easily be retrieved in another way.
2016-06-22 12:27:17 -04:00
expectedError: `[0].valueFrom.fieldRef.fieldPath: Unsupported value: "metadata.labels": supported values: metadata.name, metadata.namespace, spec.nodeName, spec.serviceAccountName, status.podIP`,
adding downward api volume plugin
2015-02-20 00:36:23 -05:00
},
{
name: "invalid fieldPath annotations",
envs: []api.EnvVar{{
Name: "abc",
ValueFrom: &api.EnvVarSource{
FieldRef: &api.ObjectFieldSelector{
FieldPath: "metadata.annotations",
APIVersion: "v1",
},
},
}},
Add spec.nodeName and spec.serviceAccountName to downward env var The serviceAccountName is occasionally useful for clients running on Kube that need to know who they are when talking to other components. The nodeName is useful for PetSet or DaemonSet pods that need to make calls back to the API to fetch info about their node. Both fields are immutable, and cannot easily be retrieved in another way.
2016-06-22 12:27:17 -04:00
expectedError: `[0].valueFrom.fieldRef.fieldPath: Unsupported value: "metadata.annotations": supported values: metadata.name, metadata.namespace, spec.nodeName, spec.serviceAccountName, status.podIP`,
adding downward api volume plugin
2015-02-20 00:36:23 -05:00
},
Add downward API for environment vars
2015-04-23 16:57:30 -04:00
{
name: "unsupported fieldPath",
envs: []api.EnvVar{{
Name: "abc",
ValueFrom: &api.EnvVarSource{
Change EnvVarSource.FieldPath -> FieldRef and add example
2015-05-04 13:31:36 -04:00
FieldRef: &api.ObjectFieldSelector{
Add downward API for environment vars
2015-04-23 16:57:30 -04:00
FieldPath: "status.phase",
remove testapi.Default.GroupVersion
2016-10-04 17:20:07 -04:00
APIVersion: registered.GroupOrDie(api.GroupName).GroupVersion.String(),
Add downward API for environment vars
2015-04-23 16:57:30 -04:00
},
},
}},
Add spec.nodeName and spec.serviceAccountName to downward env var The serviceAccountName is occasionally useful for clients running on Kube that need to know who they are when talking to other components. The nodeName is useful for PetSet or DaemonSet pods that need to make calls back to the API to fetch info about their node. Both fields are immutable, and cannot easily be retrieved in another way.
2016-06-22 12:27:17 -04:00
expectedError: `valueFrom.fieldRef.fieldPath: Unsupported value: "status.phase": supported values: metadata.name, metadata.namespace, spec.nodeName, spec.serviceAccountName, status.podIP`,
Add downward API for environment vars
2015-04-23 16:57:30 -04:00
},
Add validation for Container.Env This includes backwards compat with the older "key" field.
2014-07-01 18:56:30 -04:00
}
Add downward API for environment vars
2015-04-23 16:57:30 -04:00
for _, tc := range errorCases {
Move FieldPath and errors to a sub-package This makes the naming and reading a lot simpler.
2015-11-06 18:30:52 -05:00
if errs := validateEnv(tc.envs, field.NewPath("field")); len(errs) == 0 {
Add downward API for environment vars
2015-04-23 16:57:30 -04:00
t.Errorf("expected failure for %s", tc.name)
Add more information to Validator error messages.
2015-02-04 19:36:27 -05:00
} else {
for i := range errs {
Stronger typing for validation ErrorList
2015-11-03 19:08:20 -05:00
str := errs[i].Error()
Convert validation to use FieldPath Before this change we have a mish-mash of ways to pass field names around for error generation. Sometimes string fieldnames, sometimes .Prefix(), sometimes neither, often wrong names or not indexed when it should be. Instead of that mess, this is part one of a couple of commits that will make it more strongly typed and hopefully encourage correct behavior. At least you will have to think about field names, which is better than nothing. It turned out to be really hard to do this incrementally.
2015-11-04 16:52:14 -05:00
if str != "" && !strings.Contains(str, tc.expectedError) {
t.Errorf("%s: expected error detail either empty or %q, got %q", tc.name, tc.expectedError, str)
Add more information to Validator error messages.
2015-02-04 19:36:27 -05:00
}
}
Add validation of Volumes
2014-07-01 17:40:36 -04:00
}
}
}
Add validation of VolumeMounts
2014-07-04 22:46:56 -04:00
func TestValidateVolumeMounts(t *testing.T) {
Move util.StringSet into its own package A lot of packages use StringSet, but they don't use anything else from the util package. Moving StringSet into another package will shrink their dependency trees significantly.
2015-09-09 13:45:01 -04:00
volumes := sets.NewString("abc", "123", "abc-123")
Add validation of VolumeMounts
2014-07-04 22:46:56 -04:00
Make validation work when not in the api package.
2014-08-29 21:20:27 -04:00
successCase := []api.VolumeMount{
Add validation of VolumeMounts
2014-07-04 22:46:56 -04:00
{Name: "abc", MountPath: "/foo"},
Validate that volume mountpoints are unique
2016-03-17 23:52:34 -04:00
{Name: "123", MountPath: "/bar"},
{Name: "abc-123", MountPath: "/baz"},
Introduce subPath in VolumeMount
2016-03-04 20:40:15 -05:00
{Name: "abc-123", MountPath: "/baa", SubPath: ""},
{Name: "abc-123", MountPath: "/bab", SubPath: "baz"},
{Name: "abc-123", MountPath: "/bac", SubPath: ".baz"},
{Name: "abc-123", MountPath: "/bad", SubPath: "..baz"},
Add validation of VolumeMounts
2014-07-04 22:46:56 -04:00
}
Move FieldPath and errors to a sub-package This makes the naming and reading a lot simpler.
2015-11-06 18:30:52 -05:00
if errs := validateVolumeMounts(successCase, volumes, field.NewPath("field")); len(errs) != 0 {
Accumulate validation errors Rather than report the first error, accumulate all errors and report them all at once.
2014-07-08 02:20:30 -04:00
t.Errorf("expected success: %v", errs)
Add validation of VolumeMounts
2014-07-04 22:46:56 -04:00
}
Make validation work when not in the api package.
2014-08-29 21:20:27 -04:00
errorCases := map[string][]api.VolumeMount{
Validate that volume mountpoints are unique
2016-03-17 23:52:34 -04:00
"empty name": {{Name: "", MountPath: "/foo"}},
"name not found": {{Name: "", MountPath: "/foo"}},
"empty mountpath": {{Name: "abc", MountPath: ""}},
"colon mountpath": {{Name: "abc", MountPath: "foo:bar"}},
"mountpath collision": {{Name: "foo", MountPath: "/path/a"}, {Name: "bar", MountPath: "/path/a"}},
Introduce subPath in VolumeMount
2016-03-04 20:40:15 -05:00
"absolute subpath": {{Name: "abc", MountPath: "/bar", SubPath: "/baz"}},
"subpath in ..": {{Name: "abc", MountPath: "/bar", SubPath: "../baz"}},
"subpath contains ..": {{Name: "abc", MountPath: "/bar", SubPath: "baz/../bat"}},
"subpath ends in ..": {{Name: "abc", MountPath: "/bar", SubPath: "./.."}},
Add validation of VolumeMounts
2014-07-04 22:46:56 -04:00
}
for k, v := range errorCases {
Move FieldPath and errors to a sub-package This makes the naming and reading a lot simpler.
2015-11-06 18:30:52 -05:00
if errs := validateVolumeMounts(v, volumes, field.NewPath("field")); len(errs) == 0 {
Add validation of VolumeMounts
2014-07-04 22:46:56 -04:00
t.Errorf("expected failure for %s", k)
}
}
}
add validation for api.Probe
2015-02-15 02:02:07 -05:00
func TestValidateProbe(t *testing.T) {
handler := api.Handler{Exec: &api.ExecAction{Command: []string{"echo"}}}
Add liveness/readiness probe parameters - PeriodSeconds - How often to probe - SuccessThreshold - Number of successful probes to go from failure to success state - FailureThreshold - Number of failing probes to go from success to failure state This commit includes to changes in behavior: 1. InitialDelaySeconds now defaults to 10 seconds, rather than the kubelet sync interval (although that also defaults to 10 seconds). 2. Prober only retries on probe error, not failure. To compensate, the default FailureThreshold is set to the maxRetries, 3.
2015-11-05 18:38:46 -05:00
// These fields must be positive.
positiveFields := [...]string{"InitialDelaySeconds", "TimeoutSeconds", "PeriodSeconds", "SuccessThreshold", "FailureThreshold"}
successCases := []*api.Probe{nil}
for _, field := range positiveFields {
probe := &api.Probe{Handler: handler}
reflect.ValueOf(probe).Elem().FieldByName(field).SetInt(10)
successCases = append(successCases, probe)
add validation for api.Probe
2015-02-15 02:02:07 -05:00
}
Add liveness/readiness probe parameters - PeriodSeconds - How often to probe - SuccessThreshold - Number of successful probes to go from failure to success state - FailureThreshold - Number of failing probes to go from success to failure state This commit includes to changes in behavior: 1. InitialDelaySeconds now defaults to 10 seconds, rather than the kubelet sync interval (although that also defaults to 10 seconds). 2. Prober only retries on probe error, not failure. To compensate, the default FailureThreshold is set to the maxRetries, 3.
2015-11-05 18:38:46 -05:00
add validation for api.Probe
2015-02-15 02:02:07 -05:00
for _, p := range successCases {
Move FieldPath and errors to a sub-package This makes the naming and reading a lot simpler.
2015-11-06 18:30:52 -05:00
if errs := validateProbe(p, field.NewPath("field")); len(errs) != 0 {
add validation for api.Probe
2015-02-15 02:02:07 -05:00
t.Errorf("expected success: %v", errs)
}
}
Add liveness/readiness probe parameters - PeriodSeconds - How often to probe - SuccessThreshold - Number of successful probes to go from failure to success state - FailureThreshold - Number of failing probes to go from success to failure state This commit includes to changes in behavior: 1. InitialDelaySeconds now defaults to 10 seconds, rather than the kubelet sync interval (although that also defaults to 10 seconds). 2. Prober only retries on probe error, not failure. To compensate, the default FailureThreshold is set to the maxRetries, 3.
2015-11-05 18:38:46 -05:00
errorCases := []*api.Probe{{TimeoutSeconds: 10, InitialDelaySeconds: 10}}
for _, field := range positiveFields {
probe := &api.Probe{Handler: handler}
reflect.ValueOf(probe).Elem().FieldByName(field).SetInt(-10)
errorCases = append(errorCases, probe)
add validation for api.Probe
2015-02-15 02:02:07 -05:00
}
for _, p := range errorCases {
Move FieldPath and errors to a sub-package This makes the naming and reading a lot simpler.
2015-11-06 18:30:52 -05:00
if errs := validateProbe(p, field.NewPath("field")); len(errs) == 0 {
add validation for api.Probe
2015-02-15 02:02:07 -05:00
t.Errorf("expected failure for %v", p)
}
}
}
Add defaults for HTTGetAction.Path & test actions The comment says optional - this makes it optional. Test handler actions.
2015-02-27 20:33:58 -05:00
func TestValidateHandler(t *testing.T) {
successCases := []api.Handler{
{Exec: &api.ExecAction{Command: []string{"echo"}}},
Refactor IntOrString into a new pkg pkg/util/intstr is a cleaner encapsulation for this type and supporting functions. No behavioral change.
2015-11-10 01:28:45 -05:00
{HTTPGet: &api.HTTPGetAction{Path: "/", Port: intstr.FromInt(1), Host: "", Scheme: "HTTP"}},
{HTTPGet: &api.HTTPGetAction{Path: "/foo", Port: intstr.FromInt(65535), Host: "host", Scheme: "HTTP"}},
{HTTPGet: &api.HTTPGetAction{Path: "/", Port: intstr.FromString("port"), Host: "", Scheme: "HTTP"}},
fix go vet errors Signed-off-by: Jess Frazelle <jessfraz@google.com> fix composites Signed-off-by: Jess Frazelle <me@jessfraz.com>
2016-07-25 17:34:05 -04:00
{HTTPGet: &api.HTTPGetAction{Path: "/", Port: intstr.FromString("port"), Host: "", Scheme: "HTTP", HTTPHeaders: []api.HTTPHeader{{Name: "Host", Value: "foo.example.com"}}}},
{HTTPGet: &api.HTTPGetAction{Path: "/", Port: intstr.FromString("port"), Host: "", Scheme: "HTTP", HTTPHeaders: []api.HTTPHeader{{Name: "X-Forwarded-For", Value: "1.2.3.4"}, {Name: "X-Forwarded-For", Value: "5.6.7.8"}}}},
Add defaults for HTTGetAction.Path & test actions The comment says optional - this makes it optional. Test handler actions.
2015-02-27 20:33:58 -05:00
}
for _, h := range successCases {
Move FieldPath and errors to a sub-package This makes the naming and reading a lot simpler.
2015-11-06 18:30:52 -05:00
if errs := validateHandler(&h, field.NewPath("field")); len(errs) != 0 {
Add defaults for HTTGetAction.Path & test actions The comment says optional - this makes it optional. Test handler actions.
2015-02-27 20:33:58 -05:00
t.Errorf("expected success: %v", errs)
}
}
errorCases := []api.Handler{
{},
{Exec: &api.ExecAction{Command: []string{}}},
Refactor IntOrString into a new pkg pkg/util/intstr is a cleaner encapsulation for this type and supporting functions. No behavioral change.
2015-11-10 01:28:45 -05:00
{HTTPGet: &api.HTTPGetAction{Path: "", Port: intstr.FromInt(0), Host: ""}},
{HTTPGet: &api.HTTPGetAction{Path: "/foo", Port: intstr.FromInt(65536), Host: "host"}},
{HTTPGet: &api.HTTPGetAction{Path: "", Port: intstr.FromString(""), Host: ""}},
fix go vet errors Signed-off-by: Jess Frazelle <jessfraz@google.com> fix composites Signed-off-by: Jess Frazelle <me@jessfraz.com>
2016-07-25 17:34:05 -04:00
{HTTPGet: &api.HTTPGetAction{Path: "/", Port: intstr.FromString("port"), Host: "", Scheme: "HTTP", HTTPHeaders: []api.HTTPHeader{{Name: "Host:", Value: "foo.example.com"}}}},
{HTTPGet: &api.HTTPGetAction{Path: "/", Port: intstr.FromString("port"), Host: "", Scheme: "HTTP", HTTPHeaders: []api.HTTPHeader{{Name: "X_Forwarded_For", Value: "foo.example.com"}}}},
Add defaults for HTTGetAction.Path & test actions The comment says optional - this makes it optional. Test handler actions.
2015-02-27 20:33:58 -05:00
}
for _, h := range errorCases {
Move FieldPath and errors to a sub-package This makes the naming and reading a lot simpler.
2015-11-06 18:30:52 -05:00
if errs := validateHandler(&h, field.NewPath("field")); len(errs) == 0 {
Add defaults for HTTGetAction.Path & test actions The comment says optional - this makes it optional. Test handler actions.
2015-02-27 20:33:58 -05:00
t.Errorf("expected failure for %#v", h)
}
}
}
Introduce validatePullPolicyWithDefault to validation.
2015-01-16 18:02:36 -05:00
func TestValidatePullPolicy(t *testing.T) {
type T struct {
Container api.Container
ExpectedPolicy api.PullPolicy
}
testCases := map[string]T{
"NotPresent1": {
Change PullPolicy constants to match
2015-01-20 23:30:42 -05:00
api.Container{Name: "abc", Image: "image:latest", ImagePullPolicy: "IfNotPresent"},
Introduce validatePullPolicyWithDefault to validation.
2015-01-16 18:02:36 -05:00
api.PullIfNotPresent,
},
"NotPresent2": {
Change PullPolicy constants to match
2015-01-20 23:30:42 -05:00
api.Container{Name: "abc1", Image: "image", ImagePullPolicy: "IfNotPresent"},
Introduce validatePullPolicyWithDefault to validation.
2015-01-16 18:02:36 -05:00
api.PullIfNotPresent,
},
"Always1": {
Change PullPolicy constants to match
2015-01-20 23:30:42 -05:00
api.Container{Name: "123", Image: "image:latest", ImagePullPolicy: "Always"},
Introduce validatePullPolicyWithDefault to validation.
2015-01-16 18:02:36 -05:00
api.PullAlways,
},
"Always2": {
Change PullPolicy constants to match
2015-01-20 23:30:42 -05:00
api.Container{Name: "1234", Image: "image", ImagePullPolicy: "Always"},
Introduce validatePullPolicyWithDefault to validation.
2015-01-16 18:02:36 -05:00
api.PullAlways,
},
"Never1": {
Change PullPolicy constants to match
2015-01-20 23:30:42 -05:00
api.Container{Name: "abc-123", Image: "image:latest", ImagePullPolicy: "Never"},
Introduce validatePullPolicyWithDefault to validation.
2015-01-16 18:02:36 -05:00
api.PullNever,
},
"Never2": {
Change PullPolicy constants to match
2015-01-20 23:30:42 -05:00
api.Container{Name: "abc-1234", Image: "image", ImagePullPolicy: "Never"},
Introduce validatePullPolicyWithDefault to validation.
2015-01-16 18:02:36 -05:00
api.PullNever,
},
}
for k, v := range testCases {
ctr := &v.Container
Move FieldPath and errors to a sub-package This makes the naming and reading a lot simpler.
2015-11-06 18:30:52 -05:00
errs := validatePullPolicy(ctr.ImagePullPolicy, field.NewPath("field"))
Introduce validatePullPolicyWithDefault to validation.
2015-01-16 18:02:36 -05:00
if len(errs) != 0 {
t.Errorf("case[%s] expected success, got %#v", k, errs)
}
if ctr.ImagePullPolicy != v.ExpectedPolicy {
t.Errorf("case[%s] expected policy %v, got %v", k, v.ExpectedPolicy, ctr.ImagePullPolicy)
}
}
}
Adding ResourceRequirementSpec to v1beta1, v1beta2, and v1beta3 APIs. The old resource quantities 'CPU' and 'Memory' will be preserved until support for v1beta1 and v1beta2 APIs are dropped. Improved resource validation in the process.
2015-01-24 23:19:36 -05:00
func getResourceLimits(cpu, memory string) api.ResourceList {
res := api.ResourceList{}
res[api.ResourceCPU] = resource.MustParse(cpu)
res[api.ResourceMemory] = resource.MustParse(memory)
return res
}
Add basic validation of Containers
2014-07-01 18:14:25 -04:00
func TestValidateContainers(t *testing.T) {
Move util.StringSet into its own package A lot of packages use StringSet, but they don't use anything else from the util package. Moving StringSet into another package will shrink their dependency trees significantly.
2015-09-09 13:45:01 -04:00
volumes := sets.String{}
Refactor to clean up names.
2014-09-16 18:18:33 -04:00
capabilities.SetForTests(capabilities.Capabilities{
Add a flag to reject privileged containers in the apiserver.
2014-09-16 10:04:12 -04:00
AllowPrivileged: true,
})
Add basic validation of Containers
2014-07-01 18:14:25 -04:00
Make validation work when not in the api package.
2014-08-29 21:20:27 -04:00
successCase := []api.Container{
Factor out API defaulting from validation logic Currently, the validation logic validates fields in an object and supply default values wherever applies. This change factors out defaulting to a set of defaulting callback functions for decoding (see #1502 for more discussion). * This change is based on pull request 2587. * Most defaulting has been migrated to defaults.go where the defaulting functions are added. * validation_test.go and converter_test.go have been adapted to not testing the default values. * Fixed all tests with that create invalid objects with the absence of defaulting logic.
2015-01-26 12:52:50 -05:00
{Name: "abc", Image: "image", ImagePullPolicy: "IfNotPresent"},
{Name: "123", Image: "image", ImagePullPolicy: "IfNotPresent"},
{Name: "abc-123", Image: "image", ImagePullPolicy: "IfNotPresent"},
Add some lifecycle validation.
2014-09-12 19:04:10 -04:00
{
Name: "life-123",
Image: "image",
Lifecycle: &api.Lifecycle{
PreStop: &api.Handler{
Exec: &api.ExecAction{Command: []string{"ls", "-l"}},
},
},
Factor out API defaulting from validation logic Currently, the validation logic validates fields in an object and supply default values wherever applies. This change factors out defaulting to a set of defaulting callback functions for decoding (see #1502 for more discussion). * This change is based on pull request 2587. * Most defaulting has been migrated to defaults.go where the defaulting functions are added. * validation_test.go and converter_test.go have been adapted to not testing the default values. * Fixed all tests with that create invalid objects with the absence of defaulting logic.
2015-01-26 12:52:50 -05:00
ImagePullPolicy: "IfNotPresent",
Add some lifecycle validation.
2014-09-12 19:04:10 -04:00
},
Adding ResourceRequirementSpec to v1beta1, v1beta2, and v1beta3 APIs. The old resource quantities 'CPU' and 'Memory' will be preserved until support for v1beta1 and v1beta2 APIs are dropped. Improved resource validation in the process.
2015-01-24 23:19:36 -05:00
{
Name: "resources-test",
Image: "image",
Rename ResourceRequirementSpec to ResourceRequirements.
2015-02-09 17:44:32 -05:00
Resources: api.ResourceRequirements{
Adding ResourceRequirementSpec to v1beta1, v1beta2, and v1beta3 APIs. The old resource quantities 'CPU' and 'Memory' will be preserved until support for v1beta1 and v1beta2 APIs are dropped. Improved resource validation in the process.
2015-01-24 23:19:36 -05:00
Limits: api.ResourceList{
api.ResourceName(api.ResourceCPU): resource.MustParse("10"),
api.ResourceName(api.ResourceMemory): resource.MustParse("10G"),
api.ResourceName("my.org/resource"): resource.MustParse("10m"),
},
},
Factor out API defaulting from validation logic Currently, the validation logic validates fields in an object and supply default values wherever applies. This change factors out defaulting to a set of defaulting callback functions for decoding (see #1502 for more discussion). * This change is based on pull request 2587. * Most defaulting has been migrated to defaults.go where the defaulting functions are added. * validation_test.go and converter_test.go have been adapted to not testing the default values. * Fixed all tests with that create invalid objects with the absence of defaulting logic.
2015-01-26 12:52:50 -05:00
ImagePullPolicy: "IfNotPresent",
Adding ResourceRequirementSpec to v1beta1, v1beta2, and v1beta3 APIs. The old resource quantities 'CPU' and 'Memory' will be preserved until support for v1beta1 and v1beta2 APIs are dropped. Improved resource validation in the process.
2015-01-24 23:19:36 -05:00
},
WIP v0 NVIDIA GPU support Implements part of #24071 I am not familiar with the scheduler enough to know what to do with the scores. Punting for now. Missing items from the implementation plan: limitranger, rkt support, kubectl support and user docs
2016-04-26 20:54:19 -04:00
{
Fix GPU resource validation Because of defaulting, requests are always set if limits are. Thus, the check can never succeed. Instead, make sure that the two values are equal. Also, remove a few other error messages and remove unnecessary Sprintf calls.
2016-07-10 16:09:16 -04:00
Name: "resources-test-with-gpu-with-request",
Image: "image",
Resources: api.ResourceRequirements{
Requests: api.ResourceList{
api.ResourceName(api.ResourceCPU): resource.MustParse("10"),
api.ResourceName(api.ResourceMemory): resource.MustParse("10G"),
api.ResourceName(api.ResourceNvidiaGPU): resource.MustParse("1"),
},
Limits: api.ResourceList{
api.ResourceName(api.ResourceCPU): resource.MustParse("10"),
api.ResourceName(api.ResourceMemory): resource.MustParse("10G"),
api.ResourceName(api.ResourceNvidiaGPU): resource.MustParse("1"),
},
},
ImagePullPolicy: "IfNotPresent",
},
{
Name: "resources-test-with-gpu-without-request",
WIP v0 NVIDIA GPU support Implements part of #24071 I am not familiar with the scheduler enough to know what to do with the scores. Punting for now. Missing items from the implementation plan: limitranger, rkt support, kubectl support and user docs
2016-04-26 20:54:19 -04:00
Image: "image",
Resources: api.ResourceRequirements{
Requests: api.ResourceList{
api.ResourceName(api.ResourceCPU): resource.MustParse("10"),
api.ResourceName(api.ResourceMemory): resource.MustParse("10G"),
},
Limits: api.ResourceList{
api.ResourceName(api.ResourceCPU): resource.MustParse("10"),
api.ResourceName(api.ResourceMemory): resource.MustParse("10G"),
api.ResourceName(api.ResourceNvidiaGPU): resource.MustParse("1"),
},
},
ImagePullPolicy: "IfNotPresent",
},
Add support for request
2015-07-30 15:59:22 -04:00
{
Name: "resources-request-limit-simple",
Image: "image",
Resources: api.ResourceRequirements{
Requests: api.ResourceList{
api.ResourceName(api.ResourceCPU): resource.MustParse("8"),
},
Limits: api.ResourceList{
api.ResourceName(api.ResourceCPU): resource.MustParse("10"),
},
},
ImagePullPolicy: "IfNotPresent",
},
{
Name: "resources-request-limit-edge",
Image: "image",
Resources: api.ResourceRequirements{
Requests: api.ResourceList{
api.ResourceName(api.ResourceCPU): resource.MustParse("10"),
api.ResourceName(api.ResourceMemory): resource.MustParse("10G"),
api.ResourceName("my.org/resource"): resource.MustParse("10m"),
},
Limits: api.ResourceList{
api.ResourceName(api.ResourceCPU): resource.MustParse("10"),
api.ResourceName(api.ResourceMemory): resource.MustParse("10G"),
api.ResourceName("my.org/resource"): resource.MustParse("10m"),
},
},
ImagePullPolicy: "IfNotPresent",
},
{
Name: "resources-request-limit-partials",
Image: "image",
Resources: api.ResourceRequirements{
Requests: api.ResourceList{
api.ResourceName(api.ResourceCPU): resource.MustParse("9.5"),
api.ResourceName(api.ResourceMemory): resource.MustParse("10G"),
},
Limits: api.ResourceList{
api.ResourceName(api.ResourceCPU): resource.MustParse("10"),
api.ResourceName("my.org/resource"): resource.MustParse("10m"),
},
},
ImagePullPolicy: "IfNotPresent",
},
{
Name: "resources-request",
Image: "image",
Resources: api.ResourceRequirements{
Requests: api.ResourceList{
api.ResourceName(api.ResourceCPU): resource.MustParse("9.5"),
api.ResourceName(api.ResourceMemory): resource.MustParse("10G"),
},
},
ImagePullPolicy: "IfNotPresent",
},
Allow same-hostport-different-protocol
2015-05-19 01:18:40 -04:00
{
Name: "same-host-port-different-protocol",
Image: "image",
Ports: []api.ContainerPort{
{ContainerPort: 80, HostPort: 80, Protocol: "TCP"},
{ContainerPort: 80, HostPort: 80, Protocol: "UDP"},
},
ImagePullPolicy: "IfNotPresent",
},
Revert "Revert "Security context - types, kubelet, admission""
2015-05-05 19:02:13 -04:00
{Name: "abc-1234", Image: "image", ImagePullPolicy: "IfNotPresent", SecurityContext: fakeValidSecurityContext(true)},
Add basic validation of Containers
2014-07-01 18:14:25 -04:00
}
Move FieldPath and errors to a sub-package This makes the naming and reading a lot simpler.
2015-11-06 18:30:52 -05:00
if errs := validateContainers(successCase, volumes, field.NewPath("field")); len(errs) != 0 {
Accumulate validation errors Rather than report the first error, accumulate all errors and report them all at once.
2014-07-08 02:20:30 -04:00
t.Errorf("expected success: %v", errs)
Add basic validation of Containers
2014-07-01 18:14:25 -04:00
}
Refactor to clean up names.
2014-09-16 18:18:33 -04:00
capabilities.SetForTests(capabilities.Capabilities{
Add a flag to reject privileged containers in the apiserver.
2014-09-16 10:04:12 -04:00
AllowPrivileged: false,
})
Make validation work when not in the api package.
2014-08-29 21:20:27 -04:00
errorCases := map[string][]api.Container{
Fix tests in validation_test Some tests expect the error cases to fail for a specific reason, but they could fail for other reasons and still pass. This caused some changes to break the tests without noticing the breakage. Example are the recent defaulting PR This change fixes such tests and also updates some obsolete tests.
2015-02-04 18:44:46 -05:00
"zero-length name": {{Name: "", Image: "image", ImagePullPolicy: "IfNotPresent"}},
"name > 63 characters": {{Name: strings.Repeat("a", 64), Image: "image", ImagePullPolicy: "IfNotPresent"}},
"name not a DNS label": {{Name: "a.b.c", Image: "image", ImagePullPolicy: "IfNotPresent"}},
Add basic validation of Containers
2014-07-01 18:14:25 -04:00
"name not unique": {
Fix tests in validation_test Some tests expect the error cases to fail for a specific reason, but they could fail for other reasons and still pass. This caused some changes to break the tests without noticing the breakage. Example are the recent defaulting PR This change fixes such tests and also updates some obsolete tests.
2015-02-04 18:44:46 -05:00
{Name: "abc", Image: "image", ImagePullPolicy: "IfNotPresent"},
{Name: "abc", Image: "image", ImagePullPolicy: "IfNotPresent"},
Add basic validation of Containers
2014-07-01 18:14:25 -04:00
},
Fix tests in validation_test Some tests expect the error cases to fail for a specific reason, but they could fail for other reasons and still pass. This caused some changes to break the tests without noticing the breakage. Example are the recent defaulting PR This change fixes such tests and also updates some obsolete tests.
2015-02-04 18:44:46 -05:00
"zero-length image": {{Name: "abc", Image: "", ImagePullPolicy: "IfNotPresent"}},
Add validation of Ports Also do caseless compares for "enum" strings.
2014-07-08 00:32:56 -04:00
"host port not unique": {
Rename type Port to ContainerPort Sadly I had to do this by hand - I just could not get gorename to fix up users of it.
2015-02-23 17:25:56 -05:00
{Name: "abc", Image: "image", Ports: []api.ContainerPort{{ContainerPort: 80, HostPort: 80, Protocol: "TCP"}},
Fix tests in validation_test Some tests expect the error cases to fail for a specific reason, but they could fail for other reasons and still pass. This caused some changes to break the tests without noticing the breakage. Example are the recent defaulting PR This change fixes such tests and also updates some obsolete tests.
2015-02-04 18:44:46 -05:00
ImagePullPolicy: "IfNotPresent"},
Rename type Port to ContainerPort Sadly I had to do this by hand - I just could not get gorename to fix up users of it.
2015-02-23 17:25:56 -05:00
{Name: "def", Image: "image", Ports: []api.ContainerPort{{ContainerPort: 81, HostPort: 80, Protocol: "TCP"}},
Fix tests in validation_test Some tests expect the error cases to fail for a specific reason, but they could fail for other reasons and still pass. This caused some changes to break the tests without noticing the breakage. Example are the recent defaulting PR This change fixes such tests and also updates some obsolete tests.
2015-02-04 18:44:46 -05:00
ImagePullPolicy: "IfNotPresent"},
Add validation of Ports Also do caseless compares for "enum" strings.
2014-07-08 00:32:56 -04:00
},
Add validation for Container.Env This includes backwards compat with the older "key" field.
2014-07-01 18:56:30 -04:00
"invalid env var name": {
Fix tests in validation_test Some tests expect the error cases to fail for a specific reason, but they could fail for other reasons and still pass. This caused some changes to break the tests without noticing the breakage. Example are the recent defaulting PR This change fixes such tests and also updates some obsolete tests.
2015-02-04 18:44:46 -05:00
{Name: "abc", Image: "image", Env: []api.EnvVar{{Name: "ev.1"}}, ImagePullPolicy: "IfNotPresent"},
Add validation for Container.Env This includes backwards compat with the older "key" field.
2014-07-01 18:56:30 -04:00
},
Add validation of VolumeMounts
2014-07-04 22:46:56 -04:00
"unknown volume name": {
Fix tests in validation_test Some tests expect the error cases to fail for a specific reason, but they could fail for other reasons and still pass. This caused some changes to break the tests without noticing the breakage. Example are the recent defaulting PR This change fixes such tests and also updates some obsolete tests.
2015-02-04 18:44:46 -05:00
{Name: "abc", Image: "image", VolumeMounts: []api.VolumeMount{{Name: "anything", MountPath: "/foo"}},
ImagePullPolicy: "IfNotPresent"},
Add validation of VolumeMounts
2014-07-04 22:46:56 -04:00
},
Add some lifecycle validation.
2014-09-12 19:04:10 -04:00
"invalid lifecycle, no exec command.": {
{
Name: "life-123",
Image: "image",
Lifecycle: &api.Lifecycle{
PreStop: &api.Handler{
Exec: &api.ExecAction{},
},
},
Fix tests in validation_test Some tests expect the error cases to fail for a specific reason, but they could fail for other reasons and still pass. This caused some changes to break the tests without noticing the breakage. Example are the recent defaulting PR This change fixes such tests and also updates some obsolete tests.
2015-02-04 18:44:46 -05:00
ImagePullPolicy: "IfNotPresent",
Add some lifecycle validation.
2014-09-12 19:04:10 -04:00
},
},
"invalid lifecycle, no http path.": {
{
Name: "life-123",
Image: "image",
Lifecycle: &api.Lifecycle{
PreStop: &api.Handler{
HTTPGet: &api.HTTPGetAction{},
},
},
Fix tests in validation_test Some tests expect the error cases to fail for a specific reason, but they could fail for other reasons and still pass. This caused some changes to break the tests without noticing the breakage. Example are the recent defaulting PR This change fixes such tests and also updates some obsolete tests.
2015-02-04 18:44:46 -05:00
ImagePullPolicy: "IfNotPresent",
Add some lifecycle validation.
2014-09-12 19:04:10 -04:00
},
},
TCPSocket could not be used as it was not checked in validation Attempting to use it gave the error "must register one handler". Added more tests for it.
2015-02-26 22:20:34 -05:00
"invalid lifecycle, no tcp socket port.": {
{
Name: "life-123",
Image: "image",
Lifecycle: &api.Lifecycle{
PreStop: &api.Handler{
TCPSocket: &api.TCPSocketAction{},
},
},
ImagePullPolicy: "IfNotPresent",
},
},
"invalid lifecycle, zero tcp socket port.": {
{
Name: "life-123",
Image: "image",
Lifecycle: &api.Lifecycle{
PreStop: &api.Handler{
TCPSocket: &api.TCPSocketAction{
Refactor IntOrString into a new pkg pkg/util/intstr is a cleaner encapsulation for this type and supporting functions. No behavioral change.
2015-11-10 01:28:45 -05:00
Port: intstr.FromInt(0),
TCPSocket could not be used as it was not checked in validation Attempting to use it gave the error "must register one handler". Added more tests for it.
2015-02-26 22:20:34 -05:00
},
},
},
ImagePullPolicy: "IfNotPresent",
},
},
Add some lifecycle validation.
2014-09-12 19:04:10 -04:00
"invalid lifecycle, no action.": {
{
Name: "life-123",
Image: "image",
Lifecycle: &api.Lifecycle{
PreStop: &api.Handler{},
},
Fix tests in validation_test Some tests expect the error cases to fail for a specific reason, but they could fail for other reasons and still pass. This caused some changes to break the tests without noticing the breakage. Example are the recent defaulting PR This change fixes such tests and also updates some obsolete tests.
2015-02-04 18:44:46 -05:00
ImagePullPolicy: "IfNotPresent",
Add some lifecycle validation.
2014-09-12 19:04:10 -04:00
},
},
TCPSocket could not be used as it was not checked in validation Attempting to use it gave the error "must register one handler". Added more tests for it.
2015-02-26 22:20:34 -05:00
"invalid liveness probe, no tcp socket port.": {
{
Name: "life-123",
Image: "image",
LivenessProbe: &api.Probe{
Handler: api.Handler{
TCPSocket: &api.TCPSocketAction{},
},
},
ImagePullPolicy: "IfNotPresent",
},
},
"invalid liveness probe, no action.": {
{
Name: "life-123",
Image: "image",
LivenessProbe: &api.Probe{
Handler: api.Handler{},
},
ImagePullPolicy: "IfNotPresent",
},
},
Add a flag to reject privileged containers in the apiserver.
2014-09-16 10:04:12 -04:00
"privilege disabled": {
Revert "Revert "Security context - types, kubelet, admission""
2015-05-05 19:02:13 -04:00
{Name: "abc", Image: "image", SecurityContext: fakeValidSecurityContext(true)},
Add a flag to reject privileged containers in the apiserver.
2014-09-16 10:04:12 -04:00
},
Adding ResourceRequirementSpec to v1beta1, v1beta2, and v1beta3 APIs. The old resource quantities 'CPU' and 'Memory' will be preserved until support for v1beta1 and v1beta2 APIs are dropped. Improved resource validation in the process.
2015-01-24 23:19:36 -05:00
"invalid compute resource": {
{
Name: "abc-123",
Image: "image",
Rename ResourceRequirementSpec to ResourceRequirements.
2015-02-09 17:44:32 -05:00
Resources: api.ResourceRequirements{
Adding ResourceRequirementSpec to v1beta1, v1beta2, and v1beta3 APIs. The old resource quantities 'CPU' and 'Memory' will be preserved until support for v1beta1 and v1beta2 APIs are dropped. Improved resource validation in the process.
2015-01-24 23:19:36 -05:00
Limits: api.ResourceList{
"disk": resource.MustParse("10G"),
},
},
Fix tests in validation_test Some tests expect the error cases to fail for a specific reason, but they could fail for other reasons and still pass. This caused some changes to break the tests without noticing the breakage. Example are the recent defaulting PR This change fixes such tests and also updates some obsolete tests.
2015-02-04 18:44:46 -05:00
ImagePullPolicy: "IfNotPresent",
Adding ResourceRequirementSpec to v1beta1, v1beta2, and v1beta3 APIs. The old resource quantities 'CPU' and 'Memory' will be preserved until support for v1beta1 and v1beta2 APIs are dropped. Improved resource validation in the process.
2015-01-24 23:19:36 -05:00
},
},
"Resource CPU invalid": {
{
Name: "abc-123",
Image: "image",
Rename ResourceRequirementSpec to ResourceRequirements.
2015-02-09 17:44:32 -05:00
Resources: api.ResourceRequirements{
Adding ResourceRequirementSpec to v1beta1, v1beta2, and v1beta3 APIs. The old resource quantities 'CPU' and 'Memory' will be preserved until support for v1beta1 and v1beta2 APIs are dropped. Improved resource validation in the process.
2015-01-24 23:19:36 -05:00
Limits: getResourceLimits("-10", "0"),
},
Fix tests in validation_test Some tests expect the error cases to fail for a specific reason, but they could fail for other reasons and still pass. This caused some changes to break the tests without noticing the breakage. Example are the recent defaulting PR This change fixes such tests and also updates some obsolete tests.
2015-02-04 18:44:46 -05:00
ImagePullPolicy: "IfNotPresent",
Adding ResourceRequirementSpec to v1beta1, v1beta2, and v1beta3 APIs. The old resource quantities 'CPU' and 'Memory' will be preserved until support for v1beta1 and v1beta2 APIs are dropped. Improved resource validation in the process.
2015-01-24 23:19:36 -05:00
},
},
Improve container resource requirements validation
2015-04-20 14:56:15 -04:00
"Resource Requests CPU invalid": {
{
Name: "abc-123",
Image: "image",
Resources: api.ResourceRequirements{
Requests: getResourceLimits("-10", "0"),
},
ImagePullPolicy: "IfNotPresent",
},
},
Adding ResourceRequirementSpec to v1beta1, v1beta2, and v1beta3 APIs. The old resource quantities 'CPU' and 'Memory' will be preserved until support for v1beta1 and v1beta2 APIs are dropped. Improved resource validation in the process.
2015-01-24 23:19:36 -05:00
"Resource Memory invalid": {
{
Name: "abc-123",
Image: "image",
Rename ResourceRequirementSpec to ResourceRequirements.
2015-02-09 17:44:32 -05:00
Resources: api.ResourceRequirements{
Adding ResourceRequirementSpec to v1beta1, v1beta2, and v1beta3 APIs. The old resource quantities 'CPU' and 'Memory' will be preserved until support for v1beta1 and v1beta2 APIs are dropped. Improved resource validation in the process.
2015-01-24 23:19:36 -05:00
Limits: getResourceLimits("0", "-10"),
},
Fix tests in validation_test Some tests expect the error cases to fail for a specific reason, but they could fail for other reasons and still pass. This caused some changes to break the tests without noticing the breakage. Example are the recent defaulting PR This change fixes such tests and also updates some obsolete tests.
2015-02-04 18:44:46 -05:00
ImagePullPolicy: "IfNotPresent",
Adding ResourceRequirementSpec to v1beta1, v1beta2, and v1beta3 APIs. The old resource quantities 'CPU' and 'Memory' will be preserved until support for v1beta1 and v1beta2 APIs are dropped. Improved resource validation in the process.
2015-01-24 23:19:36 -05:00
},
},
Fix GPU resource validation Because of defaulting, requests are always set if limits are. Thus, the check can never succeed. Instead, make sure that the two values are equal. Also, remove a few other error messages and remove unnecessary Sprintf calls.
2016-07-10 16:09:16 -04:00
"Resource GPU limit must match request": {
WIP v0 NVIDIA GPU support Implements part of #24071 I am not familiar with the scheduler enough to know what to do with the scores. Punting for now. Missing items from the implementation plan: limitranger, rkt support, kubectl support and user docs
2016-04-26 20:54:19 -04:00
{
Fix GPU resource validation Because of defaulting, requests are always set if limits are. Thus, the check can never succeed. Instead, make sure that the two values are equal. Also, remove a few other error messages and remove unnecessary Sprintf calls.
2016-07-10 16:09:16 -04:00
Name: "gpu-resource-request-limit",
WIP v0 NVIDIA GPU support Implements part of #24071 I am not familiar with the scheduler enough to know what to do with the scores. Punting for now. Missing items from the implementation plan: limitranger, rkt support, kubectl support and user docs
2016-04-26 20:54:19 -04:00
Image: "image",
Resources: api.ResourceRequirements{
Requests: api.ResourceList{
api.ResourceName(api.ResourceCPU): resource.MustParse("10"),
api.ResourceName(api.ResourceMemory): resource.MustParse("10G"),
Fix GPU resource validation Because of defaulting, requests are always set if limits are. Thus, the check can never succeed. Instead, make sure that the two values are equal. Also, remove a few other error messages and remove unnecessary Sprintf calls.
2016-07-10 16:09:16 -04:00
api.ResourceName(api.ResourceNvidiaGPU): resource.MustParse("0"),
WIP v0 NVIDIA GPU support Implements part of #24071 I am not familiar with the scheduler enough to know what to do with the scores. Punting for now. Missing items from the implementation plan: limitranger, rkt support, kubectl support and user docs
2016-04-26 20:54:19 -04:00
},
Limits: api.ResourceList{
api.ResourceName(api.ResourceCPU): resource.MustParse("10"),
api.ResourceName(api.ResourceMemory): resource.MustParse("10G"),
api.ResourceName(api.ResourceNvidiaGPU): resource.MustParse("1"),
},
},
ImagePullPolicy: "IfNotPresent",
},
},
Add support for request
2015-07-30 15:59:22 -04:00
"Request limit simple invalid": {
{
Name: "abc-123",
Image: "image",
Resources: api.ResourceRequirements{
Limits: getResourceLimits("5", "3"),
Requests: getResourceLimits("6", "3"),
},
ImagePullPolicy: "IfNotPresent",
},
},
"Request limit multiple invalid": {
{
Name: "abc-123",
Image: "image",
Resources: api.ResourceRequirements{
Limits: getResourceLimits("5", "3"),
Requests: getResourceLimits("6", "4"),
},
ImagePullPolicy: "IfNotPresent",
},
},
Add basic validation of Containers
2014-07-01 18:14:25 -04:00
}
for k, v := range errorCases {
Move FieldPath and errors to a sub-package This makes the naming and reading a lot simpler.
2015-11-06 18:30:52 -05:00
if errs := validateContainers(v, volumes, field.NewPath("field")); len(errs) == 0 {
Add basic validation of Containers
2014-07-01 18:14:25 -04:00
t.Errorf("expected failure for %s", k)
}
}
}
Introduce the simplest RestartPolicy and handling.
2014-08-26 14:25:17 -04:00
func TestValidateRestartPolicy(t *testing.T) {
successCases := []api.RestartPolicy{
Convert RestartPolicy to string for v1beta3. Fixed #3607 and spiritually support #5475
2015-03-13 21:38:07 -04:00
api.RestartPolicyAlways,
api.RestartPolicyOnFailure,
api.RestartPolicyNever,
Introduce the simplest RestartPolicy and handling.
2014-08-26 14:25:17 -04:00
}
for _, policy := range successCases {
Move FieldPath and errors to a sub-package This makes the naming and reading a lot simpler.
2015-11-06 18:30:52 -05:00
if errs := validateRestartPolicy(&policy, field.NewPath("field")); len(errs) != 0 {
Introduce the simplest RestartPolicy and handling.
2014-08-26 14:25:17 -04:00
t.Errorf("expected success: %v", errs)
}
}
Convert RestartPolicy to string for v1beta3. Fixed #3607 and spiritually support #5475
2015-03-13 21:38:07 -04:00
errorCases := []api.RestartPolicy{"", "newpolicy"}
Introduce the simplest RestartPolicy and handling.
2014-08-26 14:25:17 -04:00
for k, policy := range errorCases {
Move FieldPath and errors to a sub-package This makes the naming and reading a lot simpler.
2015-11-06 18:30:52 -05:00
if errs := validateRestartPolicy(&policy, field.NewPath("field")); len(errs) == 0 {
Fix format specifiers in Printf-type functions.
2014-10-09 20:06:32 -04:00
t.Errorf("expected failure for %d", k)
Introduce the simplest RestartPolicy and handling.
2014-08-26 14:25:17 -04:00
}
}
Beef up validation tests
2015-01-06 14:11:52 -05:00
}
Introduce the simplest RestartPolicy and handling.
2014-08-26 14:25:17 -04:00
Beef up validation tests
2015-01-06 14:11:52 -05:00
func TestValidateDNSPolicy(t *testing.T) {
Factor out API defaulting from validation logic Currently, the validation logic validates fields in an object and supply default values wherever applies. This change factors out defaulting to a set of defaulting callback functions for decoding (see #1502 for more discussion). * This change is based on pull request 2587. * Most defaulting has been migrated to defaults.go where the defaulting functions are added. * validation_test.go and converter_test.go have been adapted to not testing the default values. * Fixed all tests with that create invalid objects with the absence of defaulting logic.
2015-01-26 12:52:50 -05:00
successCases := []api.DNSPolicy{api.DNSClusterFirst, api.DNSDefault, api.DNSPolicy(api.DNSClusterFirst)}
Beef up validation tests
2015-01-06 14:11:52 -05:00
for _, policy := range successCases {
Move FieldPath and errors to a sub-package This makes the naming and reading a lot simpler.
2015-11-06 18:30:52 -05:00
if errs := validateDNSPolicy(&policy, field.NewPath("field")); len(errs) != 0 {
Beef up validation tests
2015-01-06 14:11:52 -05:00
t.Errorf("expected success: %v", errs)
}
}
errorCases := []api.DNSPolicy{api.DNSPolicy("invalid")}
for _, policy := range errorCases {
Move FieldPath and errors to a sub-package This makes the naming and reading a lot simpler.
2015-11-06 18:30:52 -05:00
if errs := validateDNSPolicy(&policy, field.NewPath("field")); len(errs) == 0 {
Beef up validation tests
2015-01-06 14:11:52 -05:00
t.Errorf("expected failure for %v", policy)
}
}
Introduce the simplest RestartPolicy and handling.
2014-08-26 14:25:17 -04:00
}
Beef up validation tests
2015-01-06 14:11:52 -05:00
func TestValidatePodSpec(t *testing.T) {
Kubelet kills a pod that exceeds ActiveDeadlineSeconds
2015-05-09 01:01:43 -04:00
activeDeadlineSeconds := int64(30)
Validate uids and gids for securitycontext
2015-11-19 21:42:02 -05:00
minID := int64(0)
maxID := int64(2147483647)
Beef up validation tests
2015-01-06 14:11:52 -05:00
successCases := []api.PodSpec{
{ // Populate basic fields, leave defaults for most.
Embed VolumeSource in v1beta3 and internal.
2015-03-03 17:48:55 -05:00
Volumes: []api.Volume{{Name: "vol", VolumeSource: api.VolumeSource{EmptyDir: &api.EmptyDirVolumeSource{}}}},
Factor out API defaulting from validation logic Currently, the validation logic validates fields in an object and supply default values wherever applies. This change factors out defaulting to a set of defaulting callback functions for decoding (see #1502 for more discussion). * This change is based on pull request 2587. * Most defaulting has been migrated to defaults.go where the defaulting functions are added. * validation_test.go and converter_test.go have been adapted to not testing the default values. * Fixed all tests with that create invalid objects with the absence of defaulting logic.
2015-01-26 12:52:50 -05:00
Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent"}},
Convert RestartPolicy to string for v1beta3. Fixed #3607 and spiritually support #5475
2015-03-13 21:38:07 -04:00
RestartPolicy: api.RestartPolicyAlways,
Factor out API defaulting from validation logic Currently, the validation logic validates fields in an object and supply default values wherever applies. This change factors out defaulting to a set of defaulting callback functions for decoding (see #1502 for more discussion). * This change is based on pull request 2587. * Most defaulting has been migrated to defaults.go where the defaulting functions are added. * validation_test.go and converter_test.go have been adapted to not testing the default values. * Fixed all tests with that create invalid objects with the absence of defaulting logic.
2015-01-26 12:52:50 -05:00
DNSPolicy: api.DNSClusterFirst,
Beef up validation tests
2015-01-06 14:11:52 -05:00
},
{ // Populate all fields.
Volumes: []api.Volume{
Embed VolumeSource in v1beta3 and internal.
2015-03-03 17:48:55 -05:00
{Name: "vol", VolumeSource: api.VolumeSource{EmptyDir: &api.EmptyDirVolumeSource{}}},
Beef up validation tests
2015-01-06 14:11:52 -05:00
},
Fix update validation for pods w/init containers.
2016-07-04 16:30:54 -04:00
Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent"}},
InitContainers: []api.Container{{Name: "ictr", Image: "iimage", ImagePullPolicy: "IfNotPresent"}},
RestartPolicy: api.RestartPolicyAlways,
Beef up validation tests
2015-01-06 14:11:52 -05:00
NodeSelector: map[string]string{
"key": "value",
Refactor tests to split ObjectMeta from TypeMeta
2014-10-23 16:51:34 -04:00
},
update PodSpec.Host to PodSpec.NodeName in /pkg/api/types.go and /pkg/api/v1beta3/types.go
2015-05-22 19:40:57 -04:00
NodeName: "foobar",
Kubelet kills a pod that exceeds ActiveDeadlineSeconds
2015-05-09 01:01:43 -04:00
DNSPolicy: api.DNSClusterFirst,
ActiveDeadlineSeconds: &activeDeadlineSeconds,
Rename pod.spec.serviceAccount -> pod.spec.serviceAccountName for v1
2015-06-18 22:35:42 -04:00
ServiceAccountName: "acct",
Beef up validation tests
2015-01-06 14:11:52 -05:00
},
Add HostNetworking container option to API. This allows a container to run within the same networking namespace as the host. This will be locked down by default using a flag on the master and nodes (similar to how privileged is handled today).
2015-03-23 19:34:35 -04:00
{ // Populate HostNetwork.
Containers: []api.Container{
{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent", Ports: []api.ContainerPort{
{HostPort: 8080, ContainerPort: 8080, Protocol: "TCP"}},
},
},
Add PodSecurityContext and backward compatibility tests
2015-09-14 17:56:51 -04:00
SecurityContext: &api.PodSecurityContext{
HostNetwork: true,
},
Add HostNetworking container option to API. This allows a container to run within the same networking namespace as the host. This will be locked down by default using a flag on the master and nodes (similar to how privileged is handled today).
2015-03-23 19:34:35 -04:00
RestartPolicy: api.RestartPolicyAlways,
DNSPolicy: api.DNSClusterFirst,
},
Validate uids and gids for securitycontext
2015-11-19 21:42:02 -05:00
{ // Populate RunAsUser SupplementalGroups FSGroup with minID 0
Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent"}},
SecurityContext: &api.PodSecurityContext{
SupplementalGroups: []int64{minID},
RunAsUser: &minID,
FSGroup: &minID,
},
RestartPolicy: api.RestartPolicyAlways,
DNSPolicy: api.DNSClusterFirst,
},
{ // Populate RunAsUser SupplementalGroups FSGroup with maxID 2147483647
Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent"}},
SecurityContext: &api.PodSecurityContext{
SupplementalGroups: []int64{maxID},
RunAsUser: &maxID,
FSGroup: &maxID,
},
RestartPolicy: api.RestartPolicyAlways,
DNSPolicy: api.DNSClusterFirst,
},
use infra container ns for ipc
2015-09-21 11:34:02 -04:00
{ // Populate HostIPC.
Add PodSecurityContext and backward compatibility tests
2015-09-14 17:56:51 -04:00
SecurityContext: &api.PodSecurityContext{
HostIPC: true,
},
use infra container ns for ipc
2015-09-21 11:34:02 -04:00
Volumes: []api.Volume{{Name: "vol", VolumeSource: api.VolumeSource{EmptyDir: &api.EmptyDirVolumeSource{}}}},
Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent"}},
RestartPolicy: api.RestartPolicyAlways,
DNSPolicy: api.DNSClusterFirst,
},
{ // Populate HostPID.
Add PodSecurityContext and backward compatibility tests
2015-09-14 17:56:51 -04:00
SecurityContext: &api.PodSecurityContext{
HostPID: true,
},
use infra container ns for ipc
2015-09-21 11:34:02 -04:00
Volumes: []api.Volume{{Name: "vol", VolumeSource: api.VolumeSource{EmptyDir: &api.EmptyDirVolumeSource{}}}},
Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent"}},
RestartPolicy: api.RestartPolicyAlways,
DNSPolicy: api.DNSClusterFirst,
},
implement Node affinity and NodeSelector
2016-01-26 18:03:18 -05:00
{ // Populate Affinity.
Volumes: []api.Volume{{Name: "vol", VolumeSource: api.VolumeSource{EmptyDir: &api.EmptyDirVolumeSource{}}}},
Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent"}},
RestartPolicy: api.RestartPolicyAlways,
DNSPolicy: api.DNSClusterFirst,
},
Beef up validation tests
2015-01-06 14:11:52 -05:00
}
for i := range successCases {
Move FieldPath and errors to a sub-package This makes the naming and reading a lot simpler.
2015-11-06 18:30:52 -05:00
if errs := ValidatePodSpec(&successCases[i], field.NewPath("field")); len(errs) != 0 {
Beef up validation tests
2015-01-06 14:11:52 -05:00
t.Errorf("expected success: %v", errs)
}
}
Kubelet kills a pod that exceeds ActiveDeadlineSeconds
2015-05-09 01:01:43 -04:00
activeDeadlineSeconds = int64(0)
Validate uids and gids for securitycontext
2015-11-19 21:42:02 -05:00
minID = int64(-1)
maxID = int64(2147483648)
Beef up validation tests
2015-01-06 14:11:52 -05:00
failureCases := map[string]api.PodSpec{
"bad volume": {
Fix tests in validation_test Some tests expect the error cases to fail for a specific reason, but they could fail for other reasons and still pass. This caused some changes to break the tests without noticing the breakage. Example are the recent defaulting PR This change fixes such tests and also updates some obsolete tests.
2015-02-04 18:44:46 -05:00
Volumes: []api.Volume{{}},
Convert RestartPolicy to string for v1beta3. Fixed #3607 and spiritually support #5475
2015-03-13 21:38:07 -04:00
RestartPolicy: api.RestartPolicyAlways,
Fix tests in validation_test Some tests expect the error cases to fail for a specific reason, but they could fail for other reasons and still pass. This caused some changes to break the tests without noticing the breakage. Example are the recent defaulting PR This change fixes such tests and also updates some obsolete tests.
2015-02-04 18:44:46 -05:00
DNSPolicy: api.DNSClusterFirst,
Validate that there is at least one container in the pod
2015-03-18 11:00:18 -04:00
Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent"}},
},
"no containers": {
RestartPolicy: api.RestartPolicyAlways,
DNSPolicy: api.DNSClusterFirst,
Add RestartPolicy to Pod and PodTemplate
2014-07-22 14:45:12 -04:00
},
Beef up validation tests
2015-01-06 14:11:52 -05:00
"bad container": {
Fix tests in validation_test Some tests expect the error cases to fail for a specific reason, but they could fail for other reasons and still pass. This caused some changes to break the tests without noticing the breakage. Example are the recent defaulting PR This change fixes such tests and also updates some obsolete tests.
2015-02-04 18:44:46 -05:00
Containers: []api.Container{{}},
Convert RestartPolicy to string for v1beta3. Fixed #3607 and spiritually support #5475
2015-03-13 21:38:07 -04:00
RestartPolicy: api.RestartPolicyAlways,
Fix tests in validation_test Some tests expect the error cases to fail for a specific reason, but they could fail for other reasons and still pass. This caused some changes to break the tests without noticing the breakage. Example are the recent defaulting PR This change fixes such tests and also updates some obsolete tests.
2015-02-04 18:44:46 -05:00
DNSPolicy: api.DNSClusterFirst,
Beef up validation tests
2015-01-06 14:11:52 -05:00
},
Fix update validation for pods w/init containers.
2016-07-04 16:30:54 -04:00
"bad init container": {
Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent"}},
InitContainers: []api.Container{{}},
RestartPolicy: api.RestartPolicyAlways,
DNSPolicy: api.DNSClusterFirst,
},
Beef up validation tests
2015-01-06 14:11:52 -05:00
"bad DNS policy": {
Fix tests in validation_test Some tests expect the error cases to fail for a specific reason, but they could fail for other reasons and still pass. This caused some changes to break the tests without noticing the breakage. Example are the recent defaulting PR This change fixes such tests and also updates some obsolete tests.
2015-02-04 18:44:46 -05:00
DNSPolicy: api.DNSPolicy("invalid"),
Convert RestartPolicy to string for v1beta3. Fixed #3607 and spiritually support #5475
2015-03-13 21:38:07 -04:00
RestartPolicy: api.RestartPolicyAlways,
Validate that there is at least one container in the pod
2015-03-18 11:00:18 -04:00
Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent"}},
Fix tests in validation_test Some tests expect the error cases to fail for a specific reason, but they could fail for other reasons and still pass. This caused some changes to break the tests without noticing the breakage. Example are the recent defaulting PR This change fixes such tests and also updates some obsolete tests.
2015-02-04 18:44:46 -05:00
},
Validate service account name in pod spec
2015-06-11 17:16:58 -04:00
"bad service account name": {
Rename pod.spec.serviceAccount -> pod.spec.serviceAccountName for v1
2015-06-18 22:35:42 -04:00
Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent"}},
RestartPolicy: api.RestartPolicyAlways,
DNSPolicy: api.DNSClusterFirst,
ServiceAccountName: "invalidName",
Validate service account name in pod spec
2015-06-11 17:16:58 -04:00
},
Fix tests in validation_test Some tests expect the error cases to fail for a specific reason, but they could fail for other reasons and still pass. This caused some changes to break the tests without noticing the breakage. Example are the recent defaulting PR This change fixes such tests and also updates some obsolete tests.
2015-02-04 18:44:46 -05:00
"bad restart policy": {
Convert RestartPolicy to string for v1beta3. Fixed #3607 and spiritually support #5475
2015-03-13 21:38:07 -04:00
RestartPolicy: "UnknowPolicy",
Fix tests in validation_test Some tests expect the error cases to fail for a specific reason, but they could fail for other reasons and still pass. This caused some changes to break the tests without noticing the breakage. Example are the recent defaulting PR This change fixes such tests and also updates some obsolete tests.
2015-02-04 18:44:46 -05:00
DNSPolicy: api.DNSClusterFirst,
Validate that there is at least one container in the pod
2015-03-18 11:00:18 -04:00
Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent"}},
Beef up validation tests
2015-01-06 14:11:52 -05:00
},
Add HostNetworking container option to API. This allows a container to run within the same networking namespace as the host. This will be locked down by default using a flag on the master and nodes (similar to how privileged is handled today).
2015-03-23 19:34:35 -04:00
"with hostNetwork hostPort not equal to containerPort": {
Containers: []api.Container{
{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent", Ports: []api.ContainerPort{
{HostPort: 8080, ContainerPort: 2600, Protocol: "TCP"}},
},
},
Add PodSecurityContext and backward compatibility tests
2015-09-14 17:56:51 -04:00
SecurityContext: &api.PodSecurityContext{
HostNetwork: true,
},
Add HostNetworking container option to API. This allows a container to run within the same networking namespace as the host. This will be locked down by default using a flag on the master and nodes (similar to how privileged is handled today).
2015-03-23 19:34:35 -04:00
RestartPolicy: api.RestartPolicyAlways,
DNSPolicy: api.DNSClusterFirst,
},
Validate uids and gids for securitycontext
2015-11-19 21:42:02 -05:00
"bad supplementalGroups large than math.MaxInt32": {
Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent"}},
SecurityContext: &api.PodSecurityContext{
HostNetwork: false,
SupplementalGroups: []int64{maxID, 1234},
},
RestartPolicy: api.RestartPolicyAlways,
DNSPolicy: api.DNSClusterFirst,
},
"bad supplementalGroups less than 0": {
Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent"}},
SecurityContext: &api.PodSecurityContext{
HostNetwork: false,
SupplementalGroups: []int64{minID, 1234},
},
RestartPolicy: api.RestartPolicyAlways,
DNSPolicy: api.DNSClusterFirst,
},
"bad runAsUser large than math.MaxInt32": {
Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent"}},
SecurityContext: &api.PodSecurityContext{
HostNetwork: false,
RunAsUser: &maxID,
},
RestartPolicy: api.RestartPolicyAlways,
DNSPolicy: api.DNSClusterFirst,
},
"bad runAsUser less than 0": {
Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent"}},
SecurityContext: &api.PodSecurityContext{
HostNetwork: false,
RunAsUser: &minID,
},
RestartPolicy: api.RestartPolicyAlways,
DNSPolicy: api.DNSClusterFirst,
},
"bad fsGroup large than math.MaxInt32": {
Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent"}},
SecurityContext: &api.PodSecurityContext{
HostNetwork: false,
FSGroup: &maxID,
},
RestartPolicy: api.RestartPolicyAlways,
DNSPolicy: api.DNSClusterFirst,
},
"bad fsGroup less than 0": {
Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent"}},
SecurityContext: &api.PodSecurityContext{
HostNetwork: false,
FSGroup: &minID,
},
RestartPolicy: api.RestartPolicyAlways,
DNSPolicy: api.DNSClusterFirst,
},
Kubelet kills a pod that exceeds ActiveDeadlineSeconds
2015-05-09 01:01:43 -04:00
"bad-active-deadline-seconds": {
Volumes: []api.Volume{
{Name: "vol", VolumeSource: api.VolumeSource{EmptyDir: &api.EmptyDirVolumeSource{}}},
},
Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent"}},
RestartPolicy: api.RestartPolicyAlways,
NodeSelector: map[string]string{
"key": "value",
},
update PodSpec.Host to PodSpec.NodeName in /pkg/api/types.go and /pkg/api/v1beta3/types.go
2015-05-22 19:40:57 -04:00
NodeName: "foobar",
Kubelet kills a pod that exceeds ActiveDeadlineSeconds
2015-05-09 01:01:43 -04:00
DNSPolicy: api.DNSClusterFirst,
ActiveDeadlineSeconds: &activeDeadlineSeconds,
},
Validate pod spec.nodeName
2015-11-30 14:35:34 -05:00
"bad nodeName": {
NodeName: "node name",
Volumes: []api.Volume{{Name: "vol", VolumeSource: api.VolumeSource{EmptyDir: &api.EmptyDirVolumeSource{}}}},
Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent"}},
RestartPolicy: api.RestartPolicyAlways,
DNSPolicy: api.DNSClusterFirst,
},
Beef up validation tests
2015-01-06 14:11:52 -05:00
}
for k, v := range failureCases {
Move FieldPath and errors to a sub-package This makes the naming and reading a lot simpler.
2015-11-06 18:30:52 -05:00
if errs := ValidatePodSpec(&v, field.NewPath("field")); len(errs) == 0 {
Beef up validation tests
2015-01-06 14:11:52 -05:00
t.Errorf("expected failure for %q", k)
}
}
}
func TestValidatePod(t *testing.T) {
Validate AppArmor annotations in the API server
2016-08-16 19:41:05 -04:00
validPodSpec := api.PodSpec{
Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent"}},
RestartPolicy: api.RestartPolicyAlways,
DNSPolicy: api.DNSClusterFirst,
}
Beef up validation tests
2015-01-06 14:11:52 -05:00
successCases := []api.Pod{
{ // Basic fields.
ObjectMeta: api.ObjectMeta{Name: "123", Namespace: "ns"},
Spec: api.PodSpec{
Embed VolumeSource in v1beta3 and internal.
2015-03-03 17:48:55 -05:00
Volumes: []api.Volume{{Name: "vol", VolumeSource: api.VolumeSource{EmptyDir: &api.EmptyDirVolumeSource{}}}},
Factor out API defaulting from validation logic Currently, the validation logic validates fields in an object and supply default values wherever applies. This change factors out defaulting to a set of defaulting callback functions for decoding (see #1502 for more discussion). * This change is based on pull request 2587. * Most defaulting has been migrated to defaults.go where the defaulting functions are added. * validation_test.go and converter_test.go have been adapted to not testing the default values. * Fixed all tests with that create invalid objects with the absence of defaulting logic.
2015-01-26 12:52:50 -05:00
Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent"}},
Convert RestartPolicy to string for v1beta3. Fixed #3607 and spiritually support #5475
2015-03-13 21:38:07 -04:00
RestartPolicy: api.RestartPolicyAlways,
Factor out API defaulting from validation logic Currently, the validation logic validates fields in an object and supply default values wherever applies. This change factors out defaulting to a set of defaulting callback functions for decoding (see #1502 for more discussion). * This change is based on pull request 2587. * Most defaulting has been migrated to defaults.go where the defaulting functions are added. * validation_test.go and converter_test.go have been adapted to not testing the default values. * Fixed all tests with that create invalid objects with the absence of defaulting logic.
2015-01-26 12:52:50 -05:00
DNSPolicy: api.DNSClusterFirst,
Introduce the simplest RestartPolicy and handling.
2014-08-26 14:25:17 -04:00
},
Add RestartPolicy to Pod and PodTemplate
2014-07-22 14:45:12 -04:00
},
Beef up validation tests
2015-01-06 14:11:52 -05:00
{ // Just about everything.
ObjectMeta: api.ObjectMeta{Name: "abc.123.do-re-mi", Namespace: "ns"},
Spec: api.PodSpec{
Volumes: []api.Volume{
Embed VolumeSource in v1beta3 and internal.
2015-03-03 17:48:55 -05:00
{Name: "vol", VolumeSource: api.VolumeSource{EmptyDir: &api.EmptyDirVolumeSource{}}},
Beef up validation tests
2015-01-06 14:11:52 -05:00
},
Factor out API defaulting from validation logic Currently, the validation logic validates fields in an object and supply default values wherever applies. This change factors out defaulting to a set of defaulting callback functions for decoding (see #1502 for more discussion). * This change is based on pull request 2587. * Most defaulting has been migrated to defaults.go where the defaulting functions are added. * validation_test.go and converter_test.go have been adapted to not testing the default values. * Fixed all tests with that create invalid objects with the absence of defaulting logic.
2015-01-26 12:52:50 -05:00
Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent"}},
Convert RestartPolicy to string for v1beta3. Fixed #3607 and spiritually support #5475
2015-03-13 21:38:07 -04:00
RestartPolicy: api.RestartPolicyAlways,
Beef up validation tests
2015-01-06 14:11:52 -05:00
DNSPolicy: api.DNSClusterFirst,
NodeSelector: map[string]string{
"key": "value",
},
update PodSpec.Host to PodSpec.NodeName in /pkg/api/types.go and /pkg/api/v1beta3/types.go
2015-05-22 19:40:57 -04:00
NodeName: "foobar",
Refactor tests to split ObjectMeta from TypeMeta
2014-10-23 16:51:34 -04:00
},
Add RestartPolicy to Pod and PodTemplate
2014-07-22 14:45:12 -04:00
},
implement Node affinity and NodeSelector
2016-01-26 18:03:18 -05:00
{ // Serialized affinity requirements in annotations.
ObjectMeta: api.ObjectMeta{
Name: "123",
Namespace: "ns",
Comment out NodeAffinity.RequiredDuringSchedulingRequiredDuringExecution because it is not yet implemented.
2016-02-11 02:06:33 -05:00
// TODO: Uncomment and move this block into Annotations map once
// RequiredDuringSchedulingRequiredDuringExecution is implemented
implement inter pod topological affinity and anti-affinity
2016-05-04 02:50:31 -04:00
// "requiredDuringSchedulingRequiredDuringExecution": {
// "nodeSelectorTerms": [{
// "matchExpressions": [{
// "key": "key1",
// "operator": "Exists"
// }]
// }]
// },
implement Node affinity and NodeSelector
2016-01-26 18:03:18 -05:00
Annotations: map[string]string{
api.AffinityAnnotationKey: `
{"nodeAffinity": {
"requiredDuringSchedulingIgnoredDuringExecution": {
"nodeSelectorTerms": [{
"matchExpressions": [{
"key": "key2",
"operator": "In",
"values": ["value1", "value2"]
}]
}]
},
"preferredDuringSchedulingIgnoredDuringExecution": [
{
"weight": 10,
"preference": {"matchExpressions": [
{
"key": "foo",
"operator": "In", "values": ["bar"]
}
]}
}
]
}}`,
},
},
Spec: api.PodSpec{
Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent"}},
RestartPolicy: api.RestartPolicyAlways,
DNSPolicy: api.DNSClusterFirst,
},
},
implement inter pod topological affinity and anti-affinity
2016-05-04 02:50:31 -04:00
{ // Serialized pod affinity in affinity requirements in annotations.
ObjectMeta: api.ObjectMeta{
Name: "123",
Namespace: "ns",
// TODO: Uncomment and move this block into Annotations map once
// RequiredDuringSchedulingRequiredDuringExecution is implemented
// "requiredDuringSchedulingRequiredDuringExecution": [{
// "labelSelector": {
// "matchExpressions": [{
// "key": "key2",
// "operator": "In",
// "values": ["value1", "value2"]
// }]
// },
// "namespaces":["ns"],
// "topologyKey": "zone"
// }]
Annotations: map[string]string{
api.AffinityAnnotationKey: `
{"podAffinity": {
"requiredDuringSchedulingIgnoredDuringExecution": [{
"labelSelector": {
"matchExpressions": [{
"key": "key2",
"operator": "In",
"values": ["value1", "value2"]
}]
},
"topologyKey": "zone",
"namespaces": ["ns"]
}],
"preferredDuringSchedulingIgnoredDuringExecution": [{
"weight": 10,
"podAffinityTerm": {
"labelSelector": {
"matchExpressions": [{
"key": "key2",
"operator": "NotIn",
"values": ["value1", "value2"]
}]
},
"namespaces": ["ns"],
"topologyKey": "region"
}
}]
}}`,
},
Fix tests in validation_test Some tests expect the error cases to fail for a specific reason, but they could fail for other reasons and still pass. This caused some changes to break the tests without noticing the breakage. Example are the recent defaulting PR This change fixes such tests and also updates some obsolete tests.
2015-02-04 18:44:46 -05:00
},
Validate AppArmor annotations in the API server
2016-08-16 19:41:05 -04:00
Spec: validPodSpec,
Fix tests in validation_test Some tests expect the error cases to fail for a specific reason, but they could fail for other reasons and still pass. This caused some changes to break the tests without noticing the breakage. Example are the recent defaulting PR This change fixes such tests and also updates some obsolete tests.
2015-02-04 18:44:46 -05:00
},
implement inter pod topological affinity and anti-affinity
2016-05-04 02:50:31 -04:00
{ // Serialized pod anti affinity with different Label Operators in affinity requirements in annotations.
Added validation for annotations
2015-01-24 09:36:22 -05:00
ObjectMeta: api.ObjectMeta{
implement inter pod topological affinity and anti-affinity
2016-05-04 02:50:31 -04:00
Name: "123",
Added validation for annotations
2015-01-24 09:36:22 -05:00
Namespace: "ns",
implement inter pod topological affinity and anti-affinity
2016-05-04 02:50:31 -04:00
// TODO: Uncomment and move this block into Annotations map once
// RequiredDuringSchedulingRequiredDuringExecution is implemented
// "requiredDuringSchedulingRequiredDuringExecution": [{
// "labelSelector": {
// "matchExpressions": [{
// "key": "key2",
// "operator": "In",
// "values": ["value1", "value2"]
// }]
// },
// "namespaces":["ns"],
// "topologyKey": "zone"
// }]
Annotations: map[string]string{
api.AffinityAnnotationKey: `
{"podAntiAffinity": {
"requiredDuringSchedulingIgnoredDuringExecution": [{
"labelSelector": {
"matchExpressions": [{
"key": "key2",
"operator": "Exists"
}]
},
"topologyKey": "zone",
"namespaces": ["ns"]
}],
"preferredDuringSchedulingIgnoredDuringExecution": [{
"weight": 10,
"podAffinityTerm": {
"labelSelector": {
"matchExpressions": [{
"key": "key2",
"operator": "DoesNotExist"
}]
},
"namespaces": ["ns"],
"topologyKey": "region"
}
}]
}}`,
Added validation for annotations
2015-01-24 09:36:22 -05:00
},
},
Validate AppArmor annotations in the API server
2016-08-16 19:41:05 -04:00
Spec: validPodSpec,
Added validation for annotations
2015-01-24 09:36:22 -05:00
},
implement taints and tolerations
2016-03-30 23:42:57 -04:00
{ // populate tolerations equal operator in annotations.
ObjectMeta: api.ObjectMeta{
Name: "123",
Namespace: "ns",
Annotations: map[string]string{
api.TolerationsAnnotationKey: `
[{
"key": "foo",
"operator": "Equal",
"value": "bar",
"effect": "NoSchedule"
}]`,
},
},
Validate AppArmor annotations in the API server
2016-08-16 19:41:05 -04:00
Spec: validPodSpec,
implement taints and tolerations
2016-03-30 23:42:57 -04:00
},
{ // populate tolerations exists operator in annotations.
ObjectMeta: api.ObjectMeta{
Name: "123",
Namespace: "ns",
Annotations: map[string]string{
api.TolerationsAnnotationKey: `
[{
"key": "foo",
"operator": "Exists",
"effect": "NoSchedule"
}]`,
},
},
Validate AppArmor annotations in the API server
2016-08-16 19:41:05 -04:00
Spec: validPodSpec,
implement taints and tolerations
2016-03-30 23:42:57 -04:00
},
{ // empty operator is ok for toleration
ObjectMeta: api.ObjectMeta{
Name: "123",
Namespace: "ns",
Annotations: map[string]string{
api.TolerationsAnnotationKey: `
[{
"key": "foo",
"value": "bar",
"effect": "NoSchedule"
}]`,
},
},
Validate AppArmor annotations in the API server
2016-08-16 19:41:05 -04:00
Spec: validPodSpec,
implement taints and tolerations
2016-03-30 23:42:57 -04:00
},
{ // empty efffect is ok for toleration
ObjectMeta: api.ObjectMeta{
Name: "123",
Namespace: "ns",
Annotations: map[string]string{
api.TolerationsAnnotationKey: `
[{
"key": "foo",
"operator": "Equal",
"value": "bar"
}]`,
},
},
Validate AppArmor annotations in the API server
2016-08-16 19:41:05 -04:00
Spec: validPodSpec,
implement taints and tolerations
2016-03-30 23:42:57 -04:00
},
Move seccomp annotation validation into api/validation
2016-06-10 04:02:36 -04:00
{ // docker default seccomp profile
ObjectMeta: api.ObjectMeta{
Name: "123",
Namespace: "ns",
Annotations: map[string]string{
api.SeccompPodAnnotationKey: "docker/default",
},
},
Validate AppArmor annotations in the API server
2016-08-16 19:41:05 -04:00
Spec: validPodSpec,
Move seccomp annotation validation into api/validation
2016-06-10 04:02:36 -04:00
},
{ // unconfined seccomp profile
ObjectMeta: api.ObjectMeta{
Name: "123",
Namespace: "ns",
Annotations: map[string]string{
api.SeccompPodAnnotationKey: "unconfined",
},
},
Validate AppArmor annotations in the API server
2016-08-16 19:41:05 -04:00
Spec: validPodSpec,
Move seccomp annotation validation into api/validation
2016-06-10 04:02:36 -04:00
},
{ // localhost seccomp profile
ObjectMeta: api.ObjectMeta{
Name: "123",
Namespace: "ns",
Annotations: map[string]string{
api.SeccompPodAnnotationKey: "localhost/foo",
},
},
Validate AppArmor annotations in the API server
2016-08-16 19:41:05 -04:00
Spec: validPodSpec,
Move seccomp annotation validation into api/validation
2016-06-10 04:02:36 -04:00
},
{ // localhost seccomp profile for a container
ObjectMeta: api.ObjectMeta{
Name: "123",
Namespace: "ns",
Annotations: map[string]string{
api.SeccompContainerAnnotationKeyPrefix + "foo": "localhost/foo",
},
},
Validate AppArmor annotations in the API server
2016-08-16 19:41:05 -04:00
Spec: validPodSpec,
},
{ // default AppArmor profile for a container
ObjectMeta: api.ObjectMeta{
Name: "123",
Namespace: "ns",
Annotations: map[string]string{
apparmor.ContainerAnnotationKeyPrefix + "ctr": apparmor.ProfileRuntimeDefault,
},
},
Spec: validPodSpec,
},
{ // default AppArmor profile for an init container
ObjectMeta: api.ObjectMeta{
Name: "123",
Namespace: "ns",
Annotations: map[string]string{
apparmor.ContainerAnnotationKeyPrefix + "init-ctr": apparmor.ProfileRuntimeDefault,
},
},
Move seccomp annotation validation into api/validation
2016-06-10 04:02:36 -04:00
Spec: api.PodSpec{
Validate AppArmor annotations in the API server
2016-08-16 19:41:05 -04:00
InitContainers: []api.Container{{Name: "init-ctr", Image: "image", ImagePullPolicy: "IfNotPresent"}},
Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent"}},
RestartPolicy: api.RestartPolicyAlways,
DNSPolicy: api.DNSClusterFirst,
},
},
{ // localhost AppArmor profile for a container
ObjectMeta: api.ObjectMeta{
Name: "123",
Namespace: "ns",
Annotations: map[string]string{
apparmor.ContainerAnnotationKeyPrefix + "ctr": apparmor.ProfileNamePrefix + "foo",
},
Move seccomp annotation validation into api/validation
2016-06-10 04:02:36 -04:00
},
Validate AppArmor annotations in the API server
2016-08-16 19:41:05 -04:00
Spec: validPodSpec,
Move seccomp annotation validation into api/validation
2016-06-10 04:02:36 -04:00
},
Add sysctl api, validation & Docker support
2016-06-14 09:09:53 -04:00
{ // syntactically valid sysctls
ObjectMeta: api.ObjectMeta{
Name: "123",
Namespace: "ns",
Annotations: map[string]string{
api.SysctlsPodAnnotationKey: "kernel.shmmni=32768,kernel.shmmax=1000000000",
api.UnsafeSysctlsPodAnnotationKey: "knet.ipv4.route.min_pmtu=1000",
},
},
Spec: validPodSpec,
},
implement inter pod topological affinity and anti-affinity
2016-05-04 02:50:31 -04:00
}
for _, pod := range successCases {
if errs := ValidatePod(&pod); len(errs) != 0 {
t.Errorf("expected success: %v", errs)
}
}
errorCases := map[string]api.Pod{
implement taints and tolerations
2016-03-30 23:42:57 -04:00
"bad name": {
ObjectMeta: api.ObjectMeta{Name: "", Namespace: "ns"},
Spec: api.PodSpec{
RestartPolicy: api.RestartPolicyAlways,
DNSPolicy: api.DNSClusterFirst,
Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent"}},
},
},
"bad namespace": {
ObjectMeta: api.ObjectMeta{Name: "abc", Namespace: ""},
Spec: api.PodSpec{
RestartPolicy: api.RestartPolicyAlways,
DNSPolicy: api.DNSClusterFirst,
Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent"}},
},
},
"bad spec": {
ObjectMeta: api.ObjectMeta{Name: "abc", Namespace: "ns"},
Spec: api.PodSpec{
Containers: []api.Container{{}},
},
},
"bad label": {
ObjectMeta: api.ObjectMeta{
Name: "abc",
Namespace: "ns",
Labels: map[string]string{
"NoUppercaseOrSpecialCharsLike=Equals": "bar",
},
},
Spec: api.PodSpec{
RestartPolicy: api.RestartPolicyAlways,
DNSPolicy: api.DNSClusterFirst,
Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent"}},
},
},
implement inter pod topological affinity and anti-affinity
2016-05-04 02:50:31 -04:00
"invalid json of node affinity in pod annotations": {
implement Node affinity and NodeSelector
2016-01-26 18:03:18 -05:00
ObjectMeta: api.ObjectMeta{
Name: "123",
Namespace: "ns",
Annotations: map[string]string{
api.AffinityAnnotationKey: `
{"nodeAffinity": {
Comment out NodeAffinity.RequiredDuringSchedulingRequiredDuringExecution because it is not yet implemented.
2016-02-11 02:06:33 -05:00
"requiredDuringSchedulingIgnoredDuringExecution": {
implement Node affinity and NodeSelector
2016-01-26 18:03:18 -05:00
"nodeSelectorTerms": [{
`,
},
},
Validate AppArmor annotations in the API server
2016-08-16 19:41:05 -04:00
Spec: validPodSpec,
implement Node affinity and NodeSelector
2016-01-26 18:03:18 -05:00
},
implement inter pod topological affinity and anti-affinity
2016-05-04 02:50:31 -04:00
"invalid node selector requirement in node affinity in pod annotations, operator can't be null": {
implement Node affinity and NodeSelector
2016-01-26 18:03:18 -05:00
ObjectMeta: api.ObjectMeta{
Name: "123",
Namespace: "ns",
Annotations: map[string]string{
api.AffinityAnnotationKey: `
Comment out NodeAffinity.RequiredDuringSchedulingRequiredDuringExecution because it is not yet implemented.
2016-02-11 02:06:33 -05:00
{"nodeAffinity": {"requiredDuringSchedulingIgnoredDuringExecution": {
implement Node affinity and NodeSelector
2016-01-26 18:03:18 -05:00
"nodeSelectorTerms": [{
"matchExpressions": [{
"key": "key1",
}]
}]
}}}`,
},
},
Validate AppArmor annotations in the API server
2016-08-16 19:41:05 -04:00
Spec: validPodSpec,
implement Node affinity and NodeSelector
2016-01-26 18:03:18 -05:00
},
implement inter pod topological affinity and anti-affinity
2016-05-04 02:50:31 -04:00
"invalid preferredSchedulingTerm in node affinity in pod annotations, weight should be in range 1-100": {
implement Node affinity and NodeSelector
2016-01-26 18:03:18 -05:00
ObjectMeta: api.ObjectMeta{
Name: "123",
Namespace: "ns",
Annotations: map[string]string{
api.AffinityAnnotationKey: `
{"nodeAffinity": {"preferredDuringSchedulingIgnoredDuringExecution": [
{
"weight": 199,
"preference": {"matchExpressions": [
{
"key": "foo",
"operator": "In",
"values": ["bar"]
}
]}
}
]}}`,
},
},
Validate AppArmor annotations in the API server
2016-08-16 19:41:05 -04:00
Spec: validPodSpec,
implement Node affinity and NodeSelector
2016-01-26 18:03:18 -05:00
},
Comment out NodeAffinity.RequiredDuringSchedulingRequiredDuringExecution because it is not yet implemented.
2016-02-11 02:06:33 -05:00
"invalid requiredDuringSchedulingIgnoredDuringExecution node selector, nodeSelectorTerms must have at least one term": {
implement Node affinity and NodeSelector
2016-01-26 18:03:18 -05:00
ObjectMeta: api.ObjectMeta{
Name: "123",
Namespace: "ns",
Annotations: map[string]string{
api.AffinityAnnotationKey: `
{"nodeAffinity": {
Comment out NodeAffinity.RequiredDuringSchedulingRequiredDuringExecution because it is not yet implemented.
2016-02-11 02:06:33 -05:00
"requiredDuringSchedulingIgnoredDuringExecution": {
implement Node affinity and NodeSelector
2016-01-26 18:03:18 -05:00
"nodeSelectorTerms": []
},
}}`,
},
},
Validate AppArmor annotations in the API server
2016-08-16 19:41:05 -04:00
Spec: validPodSpec,
implement Node affinity and NodeSelector
2016-01-26 18:03:18 -05:00
},
Comment out NodeAffinity.RequiredDuringSchedulingRequiredDuringExecution because it is not yet implemented.
2016-02-11 02:06:33 -05:00
"invalid requiredDuringSchedulingIgnoredDuringExecution node selector term, matchExpressions must have at least one node selector requirement": {
implement Node affinity and NodeSelector
2016-01-26 18:03:18 -05:00
ObjectMeta: api.ObjectMeta{
Name: "123",
Namespace: "ns",
Annotations: map[string]string{
api.AffinityAnnotationKey: `
{"nodeAffinity": {
Comment out NodeAffinity.RequiredDuringSchedulingRequiredDuringExecution because it is not yet implemented.
2016-02-11 02:06:33 -05:00
"requiredDuringSchedulingIgnoredDuringExecution": {
implement Node affinity and NodeSelector
2016-01-26 18:03:18 -05:00
"nodeSelectorTerms": [{
"matchExpressions": []
}]
},
}}`,
},
},
Validate AppArmor annotations in the API server
2016-08-16 19:41:05 -04:00
Spec: validPodSpec,
implement Node affinity and NodeSelector
2016-01-26 18:03:18 -05:00
},
implement inter pod topological affinity and anti-affinity
2016-05-04 02:50:31 -04:00
"invalid weight in preferredDuringSchedulingIgnoredDuringExecution in pod affinity annotations, weight should be in range 1-100": {
ObjectMeta: api.ObjectMeta{
Name: "123",
Namespace: "ns",
Annotations: map[string]string{
api.AffinityAnnotationKey: `
{"podAffinity": {"preferredDuringSchedulingIgnoredDuringExecution": [{
"weight": 109,
"podAffinityTerm":
{
"labelSelector": {
"matchExpressions": [{
"key": "key2",
"operator": "NotIn",
"values": ["value1", "value2"]
}]
},
"namespaces": ["ns"],
"topologyKey": "region"
}
}]}}`,
},
},
Validate AppArmor annotations in the API server
2016-08-16 19:41:05 -04:00
Spec: validPodSpec,
implement inter pod topological affinity and anti-affinity
2016-05-04 02:50:31 -04:00
},
"invalid labelSelector in preferredDuringSchedulingIgnoredDuringExecution in podaffinity annotations, values should be empty if the operator is Exists": {
ObjectMeta: api.ObjectMeta{
Name: "123",
Namespace: "ns",
Annotations: map[string]string{
api.AffinityAnnotationKey: `
{"podAffinity": {"preferredDuringSchedulingIgnoredDuringExecution": [{
"weight": 10,
"podAffinityTerm":
{
"labelSelector": {
"matchExpressions": [{
"key": "key2",
"operator": "Exists",
"values": ["value1", "value2"]
}]
},
"namespaces": ["ns"],
"topologyKey": "region"
}
}]}}`,
},
},
Validate AppArmor annotations in the API server
2016-08-16 19:41:05 -04:00
Spec: validPodSpec,
implement inter pod topological affinity and anti-affinity
2016-05-04 02:50:31 -04:00
},
"invalid name space in preferredDuringSchedulingIgnoredDuringExecution in podaffinity annotations, name space shouldbe valid": {
ObjectMeta: api.ObjectMeta{
Name: "123",
Namespace: "ns",
Annotations: map[string]string{
api.AffinityAnnotationKey: `
{"podAffinity": {"preferredDuringSchedulingIgnoredDuringExecution": [{
"weight": 10,
"podAffinityTerm":
{
"labelSelector": {
"matchExpressions": [{
"key": "key2",
"operator": "Exists",
"values": ["value1", "value2"]
}]
},
"namespaces": ["INVALID_NAMESPACE"],
"topologyKey": "region"
}
}]}}`,
},
},
Validate AppArmor annotations in the API server
2016-08-16 19:41:05 -04:00
Spec: validPodSpec,
implement inter pod topological affinity and anti-affinity
2016-05-04 02:50:31 -04:00
},
"invalid labelOperator in preferredDuringSchedulingIgnoredDuringExecution in podantiaffinity annotations, labelOperator should be proper": {
ObjectMeta: api.ObjectMeta{
Name: "123",
Namespace: "ns",
Annotations: map[string]string{
api.AffinityAnnotationKey: `
{"podAntiAffinity": {"preferredDuringSchedulingIgnoredDuringExecution": [{
"weight": 10,
"podAffinityTerm":
{
"labelSelector": {
"matchExpressions": [{
"key": "key2",
"operator": "WrongOp",
"values": ["value1", "value2"]
}]
},
"namespaces": ["ns"],
"topologyKey": "region"
}
}]}}`,
},
},
Validate AppArmor annotations in the API server
2016-08-16 19:41:05 -04:00
Spec: validPodSpec,
implement inter pod topological affinity and anti-affinity
2016-05-04 02:50:31 -04:00
},
"invalid pod affinity, empty topologyKey is not allowed for hard pod affinity": {
ObjectMeta: api.ObjectMeta{
Name: "123",
Namespace: "ns",
Annotations: map[string]string{
api.AffinityAnnotationKey: `
{"podAffinity": {"requiredDuringSchedulingIgnoredDuringExecution": [{
"weight": 10,
"podAffinityTerm":
{
"labelSelector": {
"matchExpressions": [{
"key": "key2",
"operator": "In",
"values": ["value1", "value2"]
}]
},
"namespaces": ["ns"],
"topologyKey": ""
}
}]}}`,
},
},
Validate AppArmor annotations in the API server
2016-08-16 19:41:05 -04:00
Spec: validPodSpec,
implement inter pod topological affinity and anti-affinity
2016-05-04 02:50:31 -04:00
},
"invalid pod anti-affinity, empty topologyKey is not allowed for hard pod anti-affinity": {
ObjectMeta: api.ObjectMeta{
Name: "123",
Namespace: "ns",
Annotations: map[string]string{
api.AffinityAnnotationKey: `
{"podAntiAffinity": {"requiredDuringSchedulingIgnoredDuringExecution": [{
"weight": 10,
"podAffinityTerm":
{
"labelSelector": {
"matchExpressions": [{
"key": "key2",
"operator": "In",
"values": ["value1", "value2"]
}]
},
"namespaces": ["ns"],
"topologyKey": ""
}
}]}}`,
},
},
Validate AppArmor annotations in the API server
2016-08-16 19:41:05 -04:00
Spec: validPodSpec,
implement inter pod topological affinity and anti-affinity
2016-05-04 02:50:31 -04:00
},
"invalid pod anti-affinity, empty topologyKey is not allowed for soft pod affinity": {
ObjectMeta: api.ObjectMeta{
Name: "123",
Namespace: "ns",
Annotations: map[string]string{
api.AffinityAnnotationKey: `
{"podAffinity": {"preferredDuringSchedulingIgnoredDuringExecution": [{
"weight": 10,
"podAffinityTerm":
{
"labelSelector": {
"matchExpressions": [{
"key": "key2",
"operator": "In",
"values": ["value1", "value2"]
}]
},
"namespaces": ["ns"],
"topologyKey": ""
}
}]}}`,
},
},
Validate AppArmor annotations in the API server
2016-08-16 19:41:05 -04:00
Spec: validPodSpec,
implement inter pod topological affinity and anti-affinity
2016-05-04 02:50:31 -04:00
},
implement taints and tolerations
2016-03-30 23:42:57 -04:00
"invalid toleration key": {
ObjectMeta: api.ObjectMeta{
Name: "123",
Namespace: "ns",
Annotations: map[string]string{
api.TolerationsAnnotationKey: `
[{
"key": "nospecialchars^=@",
"operator": "Equal",
"value": "bar",
"effect": "NoSchedule"
}]`,
},
},
Validate AppArmor annotations in the API server
2016-08-16 19:41:05 -04:00
Spec: validPodSpec,
implement taints and tolerations
2016-03-30 23:42:57 -04:00
},
"invalid toleration operator": {
ObjectMeta: api.ObjectMeta{
Name: "123",
Namespace: "ns",
Annotations: map[string]string{
api.TolerationsAnnotationKey: `
[{
"key": "foo",
"operator": "In",
"value": "bar",
"effect": "NoSchedule"
}]`,
},
},
Validate AppArmor annotations in the API server
2016-08-16 19:41:05 -04:00
Spec: validPodSpec,
implement taints and tolerations
2016-03-30 23:42:57 -04:00
},
"value must be empty when `operator` is 'Exists'": {
ObjectMeta: api.ObjectMeta{
Name: "123",
Namespace: "ns",
Annotations: map[string]string{
api.TolerationsAnnotationKey: `
[{
"key": "foo",
"operator": "Exists",
"value": "bar",
"effect": "NoSchedule"
}]`,
},
},
Validate AppArmor annotations in the API server
2016-08-16 19:41:05 -04:00
Spec: validPodSpec,
implement taints and tolerations
2016-03-30 23:42:57 -04:00
},
Move seccomp annotation validation into api/validation
2016-06-10 04:02:36 -04:00
"must be a valid pod seccomp profile": {
ObjectMeta: api.ObjectMeta{
Name: "123",
Namespace: "ns",
Annotations: map[string]string{
api.SeccompPodAnnotationKey: "foo",
},
},
Validate AppArmor annotations in the API server
2016-08-16 19:41:05 -04:00
Spec: validPodSpec,
Move seccomp annotation validation into api/validation
2016-06-10 04:02:36 -04:00
},
"must be a valid container seccomp profile": {
ObjectMeta: api.ObjectMeta{
Name: "123",
Namespace: "ns",
Annotations: map[string]string{
api.SeccompContainerAnnotationKeyPrefix + "foo": "foo",
},
},
Validate AppArmor annotations in the API server
2016-08-16 19:41:05 -04:00
Spec: validPodSpec,
Move seccomp annotation validation into api/validation
2016-06-10 04:02:36 -04:00
},
"must be a non-empty container name in seccomp annotation": {
ObjectMeta: api.ObjectMeta{
Name: "123",
Namespace: "ns",
Annotations: map[string]string{
api.SeccompContainerAnnotationKeyPrefix: "foo",
},
},
Validate AppArmor annotations in the API server
2016-08-16 19:41:05 -04:00
Spec: validPodSpec,
Move seccomp annotation validation into api/validation
2016-06-10 04:02:36 -04:00
},
"must be a non-empty container profile in seccomp annotation": {
ObjectMeta: api.ObjectMeta{
Name: "123",
Namespace: "ns",
Annotations: map[string]string{
api.SeccompContainerAnnotationKeyPrefix + "foo": "",
},
},
Validate AppArmor annotations in the API server
2016-08-16 19:41:05 -04:00
Spec: validPodSpec,
Move seccomp annotation validation into api/validation
2016-06-10 04:02:36 -04:00
},
"must be a relative path in a node-local seccomp profile annotation": {
ObjectMeta: api.ObjectMeta{
Name: "123",
Namespace: "ns",
Annotations: map[string]string{
api.SeccompPodAnnotationKey: "localhost//foo",
},
},
Validate AppArmor annotations in the API server
2016-08-16 19:41:05 -04:00
Spec: validPodSpec,
Move seccomp annotation validation into api/validation
2016-06-10 04:02:36 -04:00
},
"must not start with '../'": {
ObjectMeta: api.ObjectMeta{
Name: "123",
Namespace: "ns",
Annotations: map[string]string{
api.SeccompPodAnnotationKey: "localhost/../foo",
},
},
Validate AppArmor annotations in the API server
2016-08-16 19:41:05 -04:00
Spec: validPodSpec,
},
"AppArmor profile must apply to a container": {
ObjectMeta: api.ObjectMeta{
Name: "123",
Namespace: "ns",
Annotations: map[string]string{
apparmor.ContainerAnnotationKeyPrefix + "ctr": apparmor.ProfileRuntimeDefault,
apparmor.ContainerAnnotationKeyPrefix + "init-ctr": apparmor.ProfileRuntimeDefault,
apparmor.ContainerAnnotationKeyPrefix + "fake-ctr": apparmor.ProfileRuntimeDefault,
},
},
Move seccomp annotation validation into api/validation
2016-06-10 04:02:36 -04:00
Spec: api.PodSpec{
Validate AppArmor annotations in the API server
2016-08-16 19:41:05 -04:00
InitContainers: []api.Container{{Name: "init-ctr", Image: "image", ImagePullPolicy: "IfNotPresent"}},
Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent"}},
RestartPolicy: api.RestartPolicyAlways,
DNSPolicy: api.DNSClusterFirst,
},
},
"AppArmor profile format must be valid": {
ObjectMeta: api.ObjectMeta{
Name: "123",
Namespace: "ns",
Annotations: map[string]string{
apparmor.ContainerAnnotationKeyPrefix + "ctr": "bad-name",
},
},
Spec: validPodSpec,
},
"only default AppArmor profile may start with runtime/": {
ObjectMeta: api.ObjectMeta{
Name: "123",
Namespace: "ns",
Annotations: map[string]string{
apparmor.ContainerAnnotationKeyPrefix + "ctr": "runtime/foo",
},
Move seccomp annotation validation into api/validation
2016-06-10 04:02:36 -04:00
},
Validate AppArmor annotations in the API server
2016-08-16 19:41:05 -04:00
Spec: validPodSpec,
Move seccomp annotation validation into api/validation
2016-06-10 04:02:36 -04:00
},
Add sysctl api, validation & Docker support
2016-06-14 09:09:53 -04:00
"invalid sysctl annotation": {
ObjectMeta: api.ObjectMeta{
Name: "123",
Namespace: "ns",
Annotations: map[string]string{
api.SysctlsPodAnnotationKey: "foo:",
},
},
Spec: validPodSpec,
},
"invalid comma-separated sysctl annotation": {
ObjectMeta: api.ObjectMeta{
Name: "123",
Namespace: "ns",
Annotations: map[string]string{
api.SysctlsPodAnnotationKey: "kernel.msgmax,",
},
},
Spec: validPodSpec,
},
"invalid unsafe sysctl annotation": {
ObjectMeta: api.ObjectMeta{
Name: "123",
Namespace: "ns",
Annotations: map[string]string{
api.SysctlsPodAnnotationKey: "foo:",
},
},
Spec: validPodSpec,
},
"intersecting safe sysctls and unsafe sysctls annotations": {
ObjectMeta: api.ObjectMeta{
Name: "123",
Namespace: "ns",
Annotations: map[string]string{
api.SysctlsPodAnnotationKey: "kernel.shmmax=10000000",
api.UnsafeSysctlsPodAnnotationKey: "kernel.shmmax=10000000",
},
},
Spec: validPodSpec,
},
Beef up validation tests
2015-01-06 14:11:52 -05:00
}
for k, v := range errorCases {
if errs := ValidatePod(&v); len(errs) == 0 {
Validate that there is at least one container in the pod
2015-03-18 11:00:18 -04:00
t.Errorf("expected failure for %q", k)
Beef up validation tests
2015-01-06 14:11:52 -05:00
}
add RFC952 label validation
2014-10-23 16:14:13 -04:00
}
Add RestartPolicy to Pod and PodTemplate
2014-07-22 14:45:12 -04:00
}
Add update to the pod etcd handler.
2014-10-09 23:30:34 -04:00
func TestValidatePodUpdate(t *testing.T) {
Allow pod.Spec.ActiveDeadlineSeconds to be updateable
2016-01-26 15:52:14 -05:00
var (
activeDeadlineSecondsZero = int64(0)
activeDeadlineSecondsNegative = int64(-30)
activeDeadlineSecondsPositive = int64(30)
activeDeadlineSecondsLarger = int64(31)
now = unversioned.Now()
grace = int64(30)
grace2 = int64(31)
)
Add update to the pod etcd handler.
2014-10-09 23:30:34 -04:00
tests := []struct {
a api.Pod
b api.Pod
isValid bool
test string
}{
{api.Pod{}, api.Pod{}, true, "nothing"},
{
api.Pod{
Refactor tests to split ObjectMeta from TypeMeta
2014-10-23 16:51:34 -04:00
ObjectMeta: api.ObjectMeta{Name: "foo"},
Add update to the pod etcd handler.
2014-10-09 23:30:34 -04:00
},
api.Pod{
Refactor tests to split ObjectMeta from TypeMeta
2014-10-23 16:51:34 -04:00
ObjectMeta: api.ObjectMeta{Name: "bar"},
Add update to the pod etcd handler.
2014-10-09 23:30:34 -04:00
},
false,
"ids",
},
{
api.Pod{
Refactor tests to split ObjectMeta from TypeMeta
2014-10-23 16:51:34 -04:00
ObjectMeta: api.ObjectMeta{
Name: "foo",
Labels: map[string]string{
"foo": "bar",
},
Add update to the pod etcd handler.
2014-10-09 23:30:34 -04:00
},
},
api.Pod{
Refactor tests to split ObjectMeta from TypeMeta
2014-10-23 16:51:34 -04:00
ObjectMeta: api.ObjectMeta{
Name: "foo",
Labels: map[string]string{
"bar": "foo",
},
Add update to the pod etcd handler.
2014-10-09 23:30:34 -04:00
},
},
true,
"labels",
},
Added validation for annotations
2015-01-24 09:36:22 -05:00
{
api.Pod{
ObjectMeta: api.ObjectMeta{
Name: "foo",
Annotations: map[string]string{
"foo": "bar",
},
},
},
api.Pod{
ObjectMeta: api.ObjectMeta{
Name: "foo",
Annotations: map[string]string{
"bar": "foo",
},
},
},
true,
"annotations",
},
Add update to the pod etcd handler.
2014-10-09 23:30:34 -04:00
{
api.Pod{
Refactor tests to split ObjectMeta from TypeMeta
2014-10-23 16:51:34 -04:00
ObjectMeta: api.ObjectMeta{
Name: "foo",
},
v1beta3 Pod refactor
2014-11-13 10:52:13 -05:00
Spec: api.PodSpec{
Containers: []api.Container{
{
Image: "foo:V1",
Add update to the pod etcd handler.
2014-10-09 23:30:34 -04:00
},
},
},
},
api.Pod{
Refactor tests to split ObjectMeta from TypeMeta
2014-10-23 16:51:34 -04:00
ObjectMeta: api.ObjectMeta{Name: "foo"},
v1beta3 Pod refactor
2014-11-13 10:52:13 -05:00
Spec: api.PodSpec{
Containers: []api.Container{
{
Image: "foo:V2",
},
{
Image: "bar:V2",
Add update to the pod etcd handler.
2014-10-09 23:30:34 -04:00
},
},
},
},
false,
"more containers",
},
Fix update validation for pods w/init containers.
2016-07-04 16:30:54 -04:00
{
api.Pod{
ObjectMeta: api.ObjectMeta{
Name: "foo",
},
Spec: api.PodSpec{
InitContainers: []api.Container{
{
Image: "foo:V1",
},
},
},
},
api.Pod{
ObjectMeta: api.ObjectMeta{Name: "foo"},
Spec: api.PodSpec{
InitContainers: []api.Container{
{
Image: "foo:V2",
},
{
Image: "bar:V2",
},
},
},
},
false,
"more init containers",
},
Add update to the pod etcd handler.
2014-10-09 23:30:34 -04:00
{
api.Pod{
Validate deletion timestamp doesn't change on update
2016-04-28 11:50:48 -04:00
ObjectMeta: api.ObjectMeta{Name: "foo"},
Add TerminationGracePeriodSeconds to API Set defaulting for pod spec
2015-08-19 19:59:43 -04:00
Spec: api.PodSpec{Containers: []api.Container{{Image: "foo:V1"}}},
},
api.Pod{
Validate deletion timestamp doesn't change on update
2016-04-28 11:50:48 -04:00
ObjectMeta: api.ObjectMeta{Name: "foo", DeletionTimestamp: &now},
Add TerminationGracePeriodSeconds to API Set defaulting for pod spec
2015-08-19 19:59:43 -04:00
Spec: api.PodSpec{Containers: []api.Container{{Image: "foo:V1"}}},
},
true,
"deletion timestamp filled out",
},
{
api.Pod{
ObjectMeta: api.ObjectMeta{Name: "foo", DeletionTimestamp: &now, DeletionGracePeriodSeconds: &grace},
Spec: api.PodSpec{Containers: []api.Container{{Image: "foo:V1"}}},
},
api.Pod{
ObjectMeta: api.ObjectMeta{Name: "foo", DeletionTimestamp: &now, DeletionGracePeriodSeconds: &grace2},
Spec: api.PodSpec{Containers: []api.Container{{Image: "foo:V1"}}},
},
false,
"deletion grace period seconds cleared",
},
Add update to the pod etcd handler.
2014-10-09 23:30:34 -04:00
{
api.Pod{
Refactor tests to split ObjectMeta from TypeMeta
2014-10-23 16:51:34 -04:00
ObjectMeta: api.ObjectMeta{Name: "foo"},
v1beta3 Pod refactor
2014-11-13 10:52:13 -05:00
Spec: api.PodSpec{
Containers: []api.Container{
{
Image: "foo:V1",
Add update to the pod etcd handler.
2014-10-09 23:30:34 -04:00
},
},
},
},
api.Pod{
Refactor tests to split ObjectMeta from TypeMeta
2014-10-23 16:51:34 -04:00
ObjectMeta: api.ObjectMeta{Name: "foo"},
v1beta3 Pod refactor
2014-11-13 10:52:13 -05:00
Spec: api.PodSpec{
Containers: []api.Container{
{
Image: "foo:V2",
Add update to the pod etcd handler.
2014-10-09 23:30:34 -04:00
},
},
},
},
true,
"image change",
},
Fix update validation for pods w/init containers.
2016-07-04 16:30:54 -04:00
{
api.Pod{
ObjectMeta: api.ObjectMeta{Name: "foo"},
Spec: api.PodSpec{
InitContainers: []api.Container{
{
Image: "foo:V1",
},
},
},
},
api.Pod{
ObjectMeta: api.ObjectMeta{Name: "foo"},
Spec: api.PodSpec{
InitContainers: []api.Container{
{
Image: "foo:V2",
},
},
},
},
true,
"init container image change",
},
Allow pod.Spec.ActiveDeadlineSeconds to be updateable
2016-01-26 15:52:14 -05:00
{
api.Pod{
ObjectMeta: api.ObjectMeta{Name: "foo"},
Spec: api.PodSpec{
Containers: []api.Container{
{},
},
},
},
api.Pod{
ObjectMeta: api.ObjectMeta{Name: "foo"},
Spec: api.PodSpec{
Containers: []api.Container{
{
Image: "foo:V2",
},
},
},
},
false,
"image change to empty",
},
Fix update validation for pods w/init containers.
2016-07-04 16:30:54 -04:00
{
api.Pod{
ObjectMeta: api.ObjectMeta{Name: "foo"},
Spec: api.PodSpec{
InitContainers: []api.Container{
{},
},
},
},
api.Pod{
ObjectMeta: api.ObjectMeta{Name: "foo"},
Spec: api.PodSpec{
InitContainers: []api.Container{
{
Image: "foo:V2",
},
},
},
},
false,
"init container image change to empty",
},
Allow pod.Spec.ActiveDeadlineSeconds to be updateable
2016-01-26 15:52:14 -05:00
{
api.Pod{
Spec: api.PodSpec{},
},
api.Pod{
Spec: api.PodSpec{},
},
true,
"activeDeadlineSeconds no change, nil",
},
{
api.Pod{
Spec: api.PodSpec{
ActiveDeadlineSeconds: &activeDeadlineSecondsPositive,
},
},
api.Pod{
Spec: api.PodSpec{
ActiveDeadlineSeconds: &activeDeadlineSecondsPositive,
},
},
true,
"activeDeadlineSeconds no change, set",
},
{
api.Pod{
Spec: api.PodSpec{
ActiveDeadlineSeconds: &activeDeadlineSecondsPositive,
},
},
api.Pod{},
true,
"activeDeadlineSeconds change to positive from nil",
},
{
api.Pod{
Spec: api.PodSpec{
ActiveDeadlineSeconds: &activeDeadlineSecondsPositive,
},
},
api.Pod{
Spec: api.PodSpec{
ActiveDeadlineSeconds: &activeDeadlineSecondsLarger,
},
},
true,
"activeDeadlineSeconds change to smaller positive",
},
{
api.Pod{
Spec: api.PodSpec{
ActiveDeadlineSeconds: &activeDeadlineSecondsLarger,
},
},
api.Pod{
Spec: api.PodSpec{
ActiveDeadlineSeconds: &activeDeadlineSecondsPositive,
},
},
false,
"activeDeadlineSeconds change to larger positive",
},
{
api.Pod{
Spec: api.PodSpec{
ActiveDeadlineSeconds: &activeDeadlineSecondsNegative,
},
},
api.Pod{},
false,
"activeDeadlineSeconds change to negative from nil",
},
{
api.Pod{
Spec: api.PodSpec{
ActiveDeadlineSeconds: &activeDeadlineSecondsNegative,
},
},
api.Pod{
Spec: api.PodSpec{
ActiveDeadlineSeconds: &activeDeadlineSecondsPositive,
},
},
false,
"activeDeadlineSeconds change to negative from positive",
},
{
api.Pod{
Spec: api.PodSpec{
ActiveDeadlineSeconds: &activeDeadlineSecondsZero,
},
},
api.Pod{
Spec: api.PodSpec{
ActiveDeadlineSeconds: &activeDeadlineSecondsPositive,
},
},
true,
"activeDeadlineSeconds change to zero from positive",
},
{
api.Pod{
Spec: api.PodSpec{
ActiveDeadlineSeconds: &activeDeadlineSecondsZero,
},
},
api.Pod{},
true,
"activeDeadlineSeconds change to zero from nil",
},
{
api.Pod{},
api.Pod{
Spec: api.PodSpec{
ActiveDeadlineSeconds: &activeDeadlineSecondsPositive,
},
},
false,
"activeDeadlineSeconds change to nil from positive",
},
Add update to the pod etcd handler.
2014-10-09 23:30:34 -04:00
{
api.Pod{
Refactor tests to split ObjectMeta from TypeMeta
2014-10-23 16:51:34 -04:00
ObjectMeta: api.ObjectMeta{Name: "foo"},
v1beta3 Pod refactor
2014-11-13 10:52:13 -05:00
Spec: api.PodSpec{
Containers: []api.Container{
{
Image: "foo:V1",
Rename ResourceRequirementSpec to ResourceRequirements.
2015-02-09 17:44:32 -05:00
Resources: api.ResourceRequirements{
Adding ResourceRequirementSpec to v1beta1, v1beta2, and v1beta3 APIs. The old resource quantities 'CPU' and 'Memory' will be preserved until support for v1beta1 and v1beta2 APIs are dropped. Improved resource validation in the process.
2015-01-24 23:19:36 -05:00
Limits: getResourceLimits("100m", "0"),
},
Add update to the pod etcd handler.
2014-10-09 23:30:34 -04:00
},
},
},
},
api.Pod{
Refactor tests to split ObjectMeta from TypeMeta
2014-10-23 16:51:34 -04:00
ObjectMeta: api.ObjectMeta{Name: "foo"},
v1beta3 Pod refactor
2014-11-13 10:52:13 -05:00
Spec: api.PodSpec{
Containers: []api.Container{
{
Image: "foo:V2",
Rename ResourceRequirementSpec to ResourceRequirements.
2015-02-09 17:44:32 -05:00
Resources: api.ResourceRequirements{
Adding ResourceRequirementSpec to v1beta1, v1beta2, and v1beta3 APIs. The old resource quantities 'CPU' and 'Memory' will be preserved until support for v1beta1 and v1beta2 APIs are dropped. Improved resource validation in the process.
2015-01-24 23:19:36 -05:00
Limits: getResourceLimits("1000m", "0"),
},
Add update to the pod etcd handler.
2014-10-09 23:30:34 -04:00
},
},
},
},
false,
"cpu change",
},
{
api.Pod{
Refactor tests to split ObjectMeta from TypeMeta
2014-10-23 16:51:34 -04:00
ObjectMeta: api.ObjectMeta{Name: "foo"},
v1beta3 Pod refactor
2014-11-13 10:52:13 -05:00
Spec: api.PodSpec{
Containers: []api.Container{
{
Image: "foo:V1",
Rename type Port to ContainerPort Sadly I had to do this by hand - I just could not get gorename to fix up users of it.
2015-02-23 17:25:56 -05:00
Ports: []api.ContainerPort{
v1beta3 Pod refactor
2014-11-13 10:52:13 -05:00
{HostPort: 8080, ContainerPort: 80},
Add update to the pod etcd handler.
2014-10-09 23:30:34 -04:00
},
},
},
},
},
api.Pod{
Refactor tests to split ObjectMeta from TypeMeta
2014-10-23 16:51:34 -04:00
ObjectMeta: api.ObjectMeta{Name: "foo"},
v1beta3 Pod refactor
2014-11-13 10:52:13 -05:00
Spec: api.PodSpec{
Containers: []api.Container{
{
Image: "foo:V2",
Rename type Port to ContainerPort Sadly I had to do this by hand - I just could not get gorename to fix up users of it.
2015-02-23 17:25:56 -05:00
Ports: []api.ContainerPort{
v1beta3 Pod refactor
2014-11-13 10:52:13 -05:00
{HostPort: 8000, ContainerPort: 80},
Add update to the pod etcd handler.
2014-10-09 23:30:34 -04:00
},
},
},
},
},
false,
"port change",
},
Add a few extra test cases for API validation of labels that would have caught a bug that was in past versions. Also, copy the label key format requirements from the API types.go comments into the labels doc.
2015-02-04 17:21:34 -05:00
{
api.Pod{
ObjectMeta: api.ObjectMeta{
Name: "foo",
Labels: map[string]string{
"foo": "bar",
},
},
},
api.Pod{
ObjectMeta: api.ObjectMeta{
Name: "foo",
Labels: map[string]string{
"Bar": "foo",
},
},
},
true,
"bad label change",
},
Add update to the pod etcd handler.
2014-10-09 23:30:34 -04:00
}
for _, test := range tests {
Give better error message for PUTs with no resource version
2015-03-19 20:51:07 -04:00
test.a.ObjectMeta.ResourceVersion = "1"
test.b.ObjectMeta.ResourceVersion = "1"
Add update to the pod etcd handler.
2014-10-09 23:30:34 -04:00
errs := ValidatePodUpdate(&test.a, &test.b)
if test.isValid {
if len(errs) != 0 {
Allow pod.Spec.ActiveDeadlineSeconds to be updateable
2016-01-26 15:52:14 -05:00
t.Errorf("unexpected invalid: %s (%+v)\nA: %+v\nB: %+v", test.test, errs, test.a, test.b)
Add update to the pod etcd handler.
2014-10-09 23:30:34 -04:00
}
} else {
if len(errs) == 0 {
Allow pod.Spec.ActiveDeadlineSeconds to be updateable
2016-01-26 15:52:14 -05:00
t.Errorf("unexpected valid: %s\nA: %+v\nB: %+v", test.test, test.a, test.b)
Add update to the pod etcd handler.
2014-10-09 23:30:34 -04:00
}
}
}
}
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
func makeValidService() api.Service {
return api.Service{
ObjectMeta: api.ObjectMeta{
Name: "valid",
Namespace: "valid",
Labels: map[string]string{},
Annotations: map[string]string{},
ResourceVersion: "1",
},
Spec: api.ServiceSpec{
Selector: map[string]string{"key": "val"},
SessionAffinity: "None",
Add Type to ServiceSpec: ClusterIP or LoadBalancer
2015-05-22 17:49:26 -04:00
Type: api.ServiceTypeClusterIP,
Refactor IntOrString into a new pkg pkg/util/intstr is a cleaner encapsulation for this type and supporting functions. No behavioral change.
2015-11-10 01:28:45 -05:00
Ports: []api.ServicePort{{Name: "p", Protocol: "TCP", Port: 8675, TargetPort: intstr.FromInt(8675)}},
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
},
}
}
Add initial validation of Service objects
2014-07-10 15:45:01 -04:00
func TestValidateService(t *testing.T) {
make service validation test be table-driven
2014-09-10 12:41:31 -04:00
testCases := []struct {
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
name string
tweakSvc func(svc *api.Service) // given a basic valid service, each test case can customize it
numErrs int
make service validation test be table-driven
2014-09-10 12:41:31 -04:00
}{
{
Make testing service validation easier Part of multi-port services. If people like this, we could start to apply this pattern elsewhere. TL;DR: don't redefine objects over and over changing one thing each time. Instead provide a func that mutates a base object to test facets of validation. Much easier to read and to update.
2015-03-08 00:40:18 -05:00
name: "missing namespace",
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
tweakSvc: func(s *api.Service) {
Make testing service validation easier Part of multi-port services. If people like this, we could start to apply this pattern elsewhere. TL;DR: don't redefine objects over and over changing one thing each time. Instead provide a func that mutates a base object to test facets of validation. Much easier to read and to update.
2015-03-08 00:40:18 -05:00
s.Namespace = ""
Factor out API defaulting from validation logic Currently, the validation logic validates fields in an object and supply default values wherever applies. This change factors out defaulting to a set of defaulting callback functions for decoding (see #1502 for more discussion). * This change is based on pull request 2587. * Most defaulting has been migrated to defaults.go where the defaulting functions are added. * validation_test.go and converter_test.go have been adapted to not testing the default values. * Fixed all tests with that create invalid objects with the absence of defaulting logic.
2015-01-26 12:52:50 -05:00
},
numErrs: 1,
},
{
Make testing service validation easier Part of multi-port services. If people like this, we could start to apply this pattern elsewhere. TL;DR: don't redefine objects over and over changing one thing each time. Instead provide a func that mutates a base object to test facets of validation. Much easier to read and to update.
2015-03-08 00:40:18 -05:00
name: "invalid namespace",
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
tweakSvc: func(s *api.Service) {
Make testing service validation easier Part of multi-port services. If people like this, we could start to apply this pattern elsewhere. TL;DR: don't redefine objects over and over changing one thing each time. Instead provide a func that mutates a base object to test facets of validation. Much easier to read and to update.
2015-03-08 00:40:18 -05:00
s.Namespace = "-123"
Factor out API defaulting from validation logic Currently, the validation logic validates fields in an object and supply default values wherever applies. This change factors out defaulting to a set of defaulting callback functions for decoding (see #1502 for more discussion). * This change is based on pull request 2587. * Most defaulting has been migrated to defaults.go where the defaulting functions are added. * validation_test.go and converter_test.go have been adapted to not testing the default values. * Fixed all tests with that create invalid objects with the absence of defaulting logic.
2015-01-26 12:52:50 -05:00
},
numErrs: 1,
},
{
Make testing service validation easier Part of multi-port services. If people like this, we could start to apply this pattern elsewhere. TL;DR: don't redefine objects over and over changing one thing each time. Instead provide a func that mutates a base object to test facets of validation. Much easier to read and to update.
2015-03-08 00:40:18 -05:00
name: "missing name",
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
tweakSvc: func(s *api.Service) {
Make testing service validation easier Part of multi-port services. If people like this, we could start to apply this pattern elsewhere. TL;DR: don't redefine objects over and over changing one thing each time. Instead provide a func that mutates a base object to test facets of validation. Much easier to read and to update.
2015-03-08 00:40:18 -05:00
s.Name = ""
make service validation test be table-driven
2014-09-10 12:41:31 -04:00
},
numErrs: 1,
Add initial validation of Service objects
2014-07-10 15:45:01 -04:00
},
Update test cases to use default context
2014-09-29 17:18:18 -04:00
{
Make testing service validation easier Part of multi-port services. If people like this, we could start to apply this pattern elsewhere. TL;DR: don't redefine objects over and over changing one thing each time. Instead provide a func that mutates a base object to test facets of validation. Much easier to read and to update.
2015-03-08 00:40:18 -05:00
name: "invalid name",
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
tweakSvc: func(s *api.Service) {
Make testing service validation easier Part of multi-port services. If people like this, we could start to apply this pattern elsewhere. TL;DR: don't redefine objects over and over changing one thing each time. Instead provide a func that mutates a base object to test facets of validation. Much easier to read and to update.
2015-03-08 00:40:18 -05:00
s.Name = "-123"
Update test cases to use default context
2014-09-29 17:18:18 -04:00
},
numErrs: 1,
},
make service validation test be table-driven
2014-09-10 12:41:31 -04:00
{
Make testing service validation easier Part of multi-port services. If people like this, we could start to apply this pattern elsewhere. TL;DR: don't redefine objects over and over changing one thing each time. Instead provide a func that mutates a base object to test facets of validation. Much easier to read and to update.
2015-03-08 00:40:18 -05:00
name: "too long name",
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
tweakSvc: func(s *api.Service) {
Service names conform to RFC 1035
2016-07-24 13:01:38 -04:00
s.Name = strings.Repeat("a", 64)
make service validation test be table-driven
2014-09-10 12:41:31 -04:00
},
numErrs: 1,
Make validation check for legal serive port numbers.
2014-08-22 17:44:21 -04:00
},
Add name generation and normalize common create flows Adds `ObjectMeta.GenerateName`, an optional string field that defines name generation behavior if a Name is not provided. Adds `pkg/api/rest`, which defines the default Kubernetes API pattern for creation (and will cover update as well). Will allow registries and REST objects to be merged by moving logic on api out of those places. Add `pkg/api/rest/resttest`, which will be the test suite that verifies a RESTStorage object follows the Kubernetes API conventions and begin reducing our duplicated tests.
2015-01-27 18:56:38 -05:00
{
Make testing service validation easier Part of multi-port services. If people like this, we could start to apply this pattern elsewhere. TL;DR: don't redefine objects over and over changing one thing each time. Instead provide a func that mutates a base object to test facets of validation. Much easier to read and to update.
2015-03-08 00:40:18 -05:00
name: "invalid generateName",
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
tweakSvc: func(s *api.Service) {
Make testing service validation easier Part of multi-port services. If people like this, we could start to apply this pattern elsewhere. TL;DR: don't redefine objects over and over changing one thing each time. Instead provide a func that mutates a base object to test facets of validation. Much easier to read and to update.
2015-03-08 00:40:18 -05:00
s.GenerateName = "-123"
Add name generation and normalize common create flows Adds `ObjectMeta.GenerateName`, an optional string field that defines name generation behavior if a Name is not provided. Adds `pkg/api/rest`, which defines the default Kubernetes API pattern for creation (and will cover update as well). Will allow registries and REST objects to be merged by moving logic on api out of those places. Add `pkg/api/rest/resttest`, which will be the test suite that verifies a RESTStorage object follows the Kubernetes API conventions and begin reducing our duplicated tests.
2015-01-27 18:56:38 -05:00
},
numErrs: 1,
},
{
Make testing service validation easier Part of multi-port services. If people like this, we could start to apply this pattern elsewhere. TL;DR: don't redefine objects over and over changing one thing each time. Instead provide a func that mutates a base object to test facets of validation. Much easier to read and to update.
2015-03-08 00:40:18 -05:00
name: "too long generateName",
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
tweakSvc: func(s *api.Service) {
Service names conform to RFC 1035
2016-07-24 13:01:38 -04:00
s.GenerateName = strings.Repeat("a", 64)
Add name generation and normalize common create flows Adds `ObjectMeta.GenerateName`, an optional string field that defines name generation behavior if a Name is not provided. Adds `pkg/api/rest`, which defines the default Kubernetes API pattern for creation (and will cover update as well). Will allow registries and REST objects to be merged by moving logic on api out of those places. Add `pkg/api/rest/resttest`, which will be the test suite that verifies a RESTStorage object follows the Kubernetes API conventions and begin reducing our duplicated tests.
2015-01-27 18:56:38 -05:00
},
numErrs: 1,
},
make service validation test be table-driven
2014-09-10 12:41:31 -04:00
{
Make testing service validation easier Part of multi-port services. If people like this, we could start to apply this pattern elsewhere. TL;DR: don't redefine objects over and over changing one thing each time. Instead provide a func that mutates a base object to test facets of validation. Much easier to read and to update.
2015-03-08 00:40:18 -05:00
name: "invalid label",
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
tweakSvc: func(s *api.Service) {
Make testing service validation easier Part of multi-port services. If people like this, we could start to apply this pattern elsewhere. TL;DR: don't redefine objects over and over changing one thing each time. Instead provide a func that mutates a base object to test facets of validation. Much easier to read and to update.
2015-03-08 00:40:18 -05:00
s.Labels["NoUppercaseOrSpecialCharsLike=Equals"] = "bar"
make service validation test be table-driven
2014-09-10 12:41:31 -04:00
},
numErrs: 1,
},
{
Make testing service validation easier Part of multi-port services. If people like this, we could start to apply this pattern elsewhere. TL;DR: don't redefine objects over and over changing one thing each time. Instead provide a func that mutates a base object to test facets of validation. Much easier to read and to update.
2015-03-08 00:40:18 -05:00
name: "invalid annotation",
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
tweakSvc: func(s *api.Service) {
Make testing service validation easier Part of multi-port services. If people like this, we could start to apply this pattern elsewhere. TL;DR: don't redefine objects over and over changing one thing each time. Instead provide a func that mutates a base object to test facets of validation. Much easier to read and to update.
2015-03-08 00:40:18 -05:00
s.Annotations["NoSpecialCharsLike=Equals"] = "bar"
make service validation test be table-driven
2014-09-10 12:41:31 -04:00
},
numErrs: 1,
},
WIP: Implement multi-port Services
2015-03-13 11:16:41 -04:00
{
name: "nil selector",
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
tweakSvc: func(s *api.Service) {
WIP: Implement multi-port Services
2015-03-13 11:16:41 -04:00
s.Spec.Selector = nil
},
numErrs: 0,
},
add a 'protocol' field to api.Service
2014-09-10 12:53:40 -04:00
{
Make testing service validation easier Part of multi-port services. If people like this, we could start to apply this pattern elsewhere. TL;DR: don't redefine objects over and over changing one thing each time. Instead provide a func that mutates a base object to test facets of validation. Much easier to read and to update.
2015-03-08 00:40:18 -05:00
name: "invalid selector",
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
tweakSvc: func(s *api.Service) {
Make testing service validation easier Part of multi-port services. If people like this, we could start to apply this pattern elsewhere. TL;DR: don't redefine objects over and over changing one thing each time. Instead provide a func that mutates a base object to test facets of validation. Much easier to read and to update.
2015-03-08 00:40:18 -05:00
s.Spec.Selector["NoSpecialCharsLike=Equals"] = "bar"
add a 'protocol' field to api.Service
2014-09-10 12:53:40 -04:00
},
numErrs: 1,
},
make service validation test be table-driven
2014-09-10 12:41:31 -04:00
{
Make testing service validation easier Part of multi-port services. If people like this, we could start to apply this pattern elsewhere. TL;DR: don't redefine objects over and over changing one thing each time. Instead provide a func that mutates a base object to test facets of validation. Much easier to read and to update.
2015-03-08 00:40:18 -05:00
name: "missing session affinity",
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
tweakSvc: func(s *api.Service) {
Make testing service validation easier Part of multi-port services. If people like this, we could start to apply this pattern elsewhere. TL;DR: don't redefine objects over and over changing one thing each time. Instead provide a func that mutates a base object to test facets of validation. Much easier to read and to update.
2015-03-08 00:40:18 -05:00
s.Spec.SessionAffinity = ""
make service validation test be table-driven
2014-09-10 12:41:31 -04:00
},
Make testing service validation easier Part of multi-port services. If people like this, we could start to apply this pattern elsewhere. TL;DR: don't redefine objects over and over changing one thing each time. Instead provide a func that mutates a base object to test facets of validation. Much easier to read and to update.
2015-03-08 00:40:18 -05:00
numErrs: 1,
make service validation test be table-driven
2014-09-10 12:41:31 -04:00
},
Add Type to ServiceSpec: ClusterIP or LoadBalancer
2015-05-22 17:49:26 -04:00
{
name: "missing type",
tweakSvc: func(s *api.Service) {
s.Spec.Type = ""
},
numErrs: 1,
},
WIP: Implement multi-port Services
2015-03-13 11:16:41 -04:00
{
name: "missing ports",
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
tweakSvc: func(s *api.Service) {
WIP: Implement multi-port Services
2015-03-13 11:16:41 -04:00
s.Spec.Ports = nil
},
numErrs: 1,
},
Headless services should not need to declare ports
2015-11-06 12:53:57 -05:00
{
name: "missing ports but headless",
tweakSvc: func(s *api.Service) {
s.Spec.Ports = nil
s.Spec.ClusterIP = api.ClusterIPNone
},
numErrs: 0,
},
WIP: Implement multi-port Services
2015-03-13 11:16:41 -04:00
{
name: "empty port[0] name",
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
tweakSvc: func(s *api.Service) {
WIP: Implement multi-port Services
2015-03-13 11:16:41 -04:00
s.Spec.Ports[0].Name = ""
},
numErrs: 0,
},
{
name: "empty port[1] name",
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
tweakSvc: func(s *api.Service) {
Refactor IntOrString into a new pkg pkg/util/intstr is a cleaner encapsulation for this type and supporting functions. No behavioral change.
2015-11-10 01:28:45 -05:00
s.Spec.Ports = append(s.Spec.Ports, api.ServicePort{Name: "", Protocol: "TCP", Port: 12345, TargetPort: intstr.FromInt(12345)})
WIP: Implement multi-port Services
2015-03-13 11:16:41 -04:00
},
numErrs: 1,
},
Service port names are required for multi-port There is no provision for the first port to be unnamed. I think I initially allowed that, but then the Subset struct became a sorted struct, so the first-ness of the port got lost. If you have a Service with one named and one unnamed port, what happens is that the EndpointController fails to create Endpoints (validation error).
2015-05-05 14:51:51 -04:00
{
name: "empty multi-port port[0] name",
tweakSvc: func(s *api.Service) {
s.Spec.Ports[0].Name = ""
Refactor IntOrString into a new pkg pkg/util/intstr is a cleaner encapsulation for this type and supporting functions. No behavioral change.
2015-11-10 01:28:45 -05:00
s.Spec.Ports = append(s.Spec.Ports, api.ServicePort{Name: "p", Protocol: "TCP", Port: 12345, TargetPort: intstr.FromInt(12345)})
Service port names are required for multi-port There is no provision for the first port to be unnamed. I think I initially allowed that, but then the Subset struct became a sorted struct, so the first-ness of the port got lost. If you have a Service with one named and one unnamed port, what happens is that the EndpointController fails to create Endpoints (validation error).
2015-05-05 14:51:51 -04:00
},
numErrs: 1,
},
WIP: Implement multi-port Services
2015-03-13 11:16:41 -04:00
{
name: "invalid port name",
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
tweakSvc: func(s *api.Service) {
WIP: Implement multi-port Services
2015-03-13 11:16:41 -04:00
s.Spec.Ports[0].Name = "INVALID"
},
numErrs: 1,
},
make service validation test be table-driven
2014-09-10 12:41:31 -04:00
{
Make testing service validation easier Part of multi-port services. If people like this, we could start to apply this pattern elsewhere. TL;DR: don't redefine objects over and over changing one thing each time. Instead provide a func that mutates a base object to test facets of validation. Much easier to read and to update.
2015-03-08 00:40:18 -05:00
name: "missing protocol",
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
tweakSvc: func(s *api.Service) {
WIP: Implement multi-port Services
2015-03-13 11:16:41 -04:00
s.Spec.Ports[0].Protocol = ""
make service validation test be table-driven
2014-09-10 12:41:31 -04:00
},
Make testing service validation easier Part of multi-port services. If people like this, we could start to apply this pattern elsewhere. TL;DR: don't redefine objects over and over changing one thing each time. Instead provide a func that mutates a base object to test facets of validation. Much easier to read and to update.
2015-03-08 00:40:18 -05:00
numErrs: 1,
make service validation test be table-driven
2014-09-10 12:41:31 -04:00
},
{
Make testing service validation easier Part of multi-port services. If people like this, we could start to apply this pattern elsewhere. TL;DR: don't redefine objects over and over changing one thing each time. Instead provide a func that mutates a base object to test facets of validation. Much easier to read and to update.
2015-03-08 00:40:18 -05:00
name: "invalid protocol",
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
tweakSvc: func(s *api.Service) {
WIP: Implement multi-port Services
2015-03-13 11:16:41 -04:00
s.Spec.Ports[0].Protocol = "INVALID"
make service validation test be table-driven
2014-09-10 12:41:31 -04:00
},
Make testing service validation easier Part of multi-port services. If people like this, we could start to apply this pattern elsewhere. TL;DR: don't redefine objects over and over changing one thing each time. Instead provide a func that mutates a base object to test facets of validation. Much easier to read and to update.
2015-03-08 00:40:18 -05:00
numErrs: 1,
make service validation test be table-driven
2014-09-10 12:41:31 -04:00
},
Headless Services: Adding option to specify None for PortalIP
2015-03-16 17:36:30 -04:00
{
Rename 'portal IP' to 'cluster IP' most everywhere This covers obvious transforms, but not --portal_net, $PORTAL_NET and similar.
2015-05-23 16:41:11 -04:00
name: "invalid cluster ip",
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
tweakSvc: func(s *api.Service) {
Rename 'portal IP' to 'cluster IP' most everywhere This covers obvious transforms, but not --portal_net, $PORTAL_NET and similar.
2015-05-23 16:41:11 -04:00
s.Spec.ClusterIP = "invalid"
Headless Services: Adding option to specify None for PortalIP
2015-03-16 17:36:30 -04:00
},
numErrs: 1,
},
make service validation test be table-driven
2014-09-10 12:41:31 -04:00
{
Make testing service validation easier Part of multi-port services. If people like this, we could start to apply this pattern elsewhere. TL;DR: don't redefine objects over and over changing one thing each time. Instead provide a func that mutates a base object to test facets of validation. Much easier to read and to update.
2015-03-08 00:40:18 -05:00
name: "missing port",
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
tweakSvc: func(s *api.Service) {
WIP: Implement multi-port Services
2015-03-13 11:16:41 -04:00
s.Spec.Ports[0].Port = 0
make service validation test be table-driven
2014-09-10 12:41:31 -04:00
},
Make testing service validation easier Part of multi-port services. If people like this, we could start to apply this pattern elsewhere. TL;DR: don't redefine objects over and over changing one thing each time. Instead provide a func that mutates a base object to test facets of validation. Much easier to read and to update.
2015-03-08 00:40:18 -05:00
numErrs: 1,
Add initial validation of Service objects
2014-07-10 15:45:01 -04:00
},
Add some validation for externalized service ports.
2014-10-31 02:03:52 -04:00
{
Make testing service validation easier Part of multi-port services. If people like this, we could start to apply this pattern elsewhere. TL;DR: don't redefine objects over and over changing one thing each time. Instead provide a func that mutates a base object to test facets of validation. Much easier to read and to update.
2015-03-08 00:40:18 -05:00
name: "invalid port",
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
tweakSvc: func(s *api.Service) {
WIP: Implement multi-port Services
2015-03-13 11:16:41 -04:00
s.Spec.Ports[0].Port = 65536
Add some validation for externalized service ports.
2014-10-31 02:03:52 -04:00
},
Make testing service validation easier Part of multi-port services. If people like this, we could start to apply this pattern elsewhere. TL;DR: don't redefine objects over and over changing one thing each time. Instead provide a func that mutates a base object to test facets of validation. Much easier to read and to update.
2015-03-08 00:40:18 -05:00
numErrs: 1,
Add some validation for externalized service ports.
2014-10-31 02:03:52 -04:00
},
{
WIP: Implement multi-port Services
2015-03-13 11:16:41 -04:00
name: "invalid TargetPort int",
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
tweakSvc: func(s *api.Service) {
Refactor IntOrString into a new pkg pkg/util/intstr is a cleaner encapsulation for this type and supporting functions. No behavioral change.
2015-11-10 01:28:45 -05:00
s.Spec.Ports[0].TargetPort = intstr.FromInt(65536)
Add some validation for externalized service ports.
2014-10-31 02:03:52 -04:00
},
Make testing service validation easier Part of multi-port services. If people like this, we could start to apply this pattern elsewhere. TL;DR: don't redefine objects over and over changing one thing each time. Instead provide a func that mutates a base object to test facets of validation. Much easier to read and to update.
2015-03-08 00:40:18 -05:00
numErrs: 1,
},
Ensure headless service port equal to targetPort
2015-11-27 03:09:13 -05:00
{
name: "valid port headless",
tweakSvc: func(s *api.Service) {
s.Spec.Ports[0].Port = 11722
s.Spec.Ports[0].TargetPort = intstr.FromInt(11722)
s.Spec.ClusterIP = api.ClusterIPNone
},
numErrs: 0,
},
{
Restore service port validation compatibility with 1.0/1.1
2016-02-22 23:06:16 -05:00
name: "invalid port headless 1",
Ensure headless service port equal to targetPort
2015-11-27 03:09:13 -05:00
tweakSvc: func(s *api.Service) {
s.Spec.Ports[0].Port = 11722
s.Spec.Ports[0].TargetPort = intstr.FromInt(11721)
s.Spec.ClusterIP = api.ClusterIPNone
},
Restore service port validation compatibility with 1.0/1.1
2016-02-22 23:06:16 -05:00
// in the v1 API, targetPorts on headless services were tolerated.
// once we have version-specific validation, we can reject this on newer API versions, but until then, we have to tolerate it for compatibility.
// numErrs: 1,
numErrs: 0,
Ensure headless service port equal to targetPort
2015-11-27 03:09:13 -05:00
},
{
Restore service port validation compatibility with 1.0/1.1
2016-02-22 23:06:16 -05:00
name: "invalid port headless 2",
Ensure headless service port equal to targetPort
2015-11-27 03:09:13 -05:00
tweakSvc: func(s *api.Service) {
s.Spec.Ports[0].Port = 11722
s.Spec.Ports[0].TargetPort = intstr.FromString("target")
s.Spec.ClusterIP = api.ClusterIPNone
},
Restore service port validation compatibility with 1.0/1.1
2016-02-22 23:06:16 -05:00
// in the v1 API, targetPorts on headless services were tolerated.
// once we have version-specific validation, we can reject this on newer API versions, but until then, we have to tolerate it for compatibility.
// numErrs: 1,
numErrs: 0,
Ensure headless service port equal to targetPort
2015-11-27 03:09:13 -05:00
},
Validate Service.Spec.publicIPs to be a valid IP that is not a localhost
2015-03-16 10:03:05 -04:00
{
name: "invalid publicIPs localhost",
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
tweakSvc: func(s *api.Service) {
External IPs support.
2015-08-11 20:18:21 -04:00
s.Spec.ExternalIPs = []string{"127.0.0.1"}
Validate Service.Spec.publicIPs to be a valid IP that is not a localhost
2015-03-16 10:03:05 -04:00
},
numErrs: 1,
},
{
Make IsValidIP return error strings Also treat 0.0.0.0 as special, like loopback and multicast.
2016-01-04 12:49:39 -05:00
name: "invalid publicIPs unspecified",
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
tweakSvc: func(s *api.Service) {
External IPs support.
2015-08-11 20:18:21 -04:00
s.Spec.ExternalIPs = []string{"0.0.0.0"}
Validate Service.Spec.publicIPs to be a valid IP that is not a localhost
2015-03-16 10:03:05 -04:00
},
numErrs: 1,
},
Make IsValidIP return error strings Also treat 0.0.0.0 as special, like loopback and multicast.
2016-01-04 12:49:39 -05:00
{
name: "invalid publicIPs loopback",
tweakSvc: func(s *api.Service) {
s.Spec.ExternalIPs = []string{"127.0.0.1"}
},
numErrs: 1,
},
Validate Service.Spec.publicIPs to be a valid IP that is not a localhost
2015-03-16 10:03:05 -04:00
{
External IPs support.
2015-08-11 20:18:21 -04:00
name: "invalid publicIPs host",
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
tweakSvc: func(s *api.Service) {
External IPs support.
2015-08-11 20:18:21 -04:00
s.Spec.ExternalIPs = []string{"myhost.mydomain"}
Validate Service.Spec.publicIPs to be a valid IP that is not a localhost
2015-03-16 10:03:05 -04:00
},
External IPs support.
2015-08-11 20:18:21 -04:00
numErrs: 1,
Validate Service.Spec.publicIPs to be a valid IP that is not a localhost
2015-03-16 10:03:05 -04:00
},
Make testing service validation easier Part of multi-port services. If people like this, we could start to apply this pattern elsewhere. TL;DR: don't redefine objects over and over changing one thing each time. Instead provide a func that mutates a base object to test facets of validation. Much easier to read and to update.
2015-03-08 00:40:18 -05:00
{
WIP: Implement multi-port Services
2015-03-13 11:16:41 -04:00
name: "dup port name",
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
tweakSvc: func(s *api.Service) {
WIP: Implement multi-port Services
2015-03-13 11:16:41 -04:00
s.Spec.Ports[0].Name = "p"
Refactor IntOrString into a new pkg pkg/util/intstr is a cleaner encapsulation for this type and supporting functions. No behavioral change.
2015-11-10 01:28:45 -05:00
s.Spec.Ports = append(s.Spec.Ports, api.ServicePort{Name: "p", Port: 12345, Protocol: "TCP", TargetPort: intstr.FromInt(12345)})
Add some validation for externalized service ports.
2014-10-31 02:03:52 -04:00
},
WIP: Implement multi-port Services
2015-03-13 11:16:41 -04:00
numErrs: 1,
Add some validation for externalized service ports.
2014-10-31 02:03:52 -04:00
},
Move validation of load balancers only supporting TCP ports to validation.go.
2015-04-03 15:06:25 -04:00
{
* Added UDP LB support (for GCE)
2015-09-28 16:57:58 -04:00
name: "valid load balancer protocol UDP 1",
Move validation of load balancers only supporting TCP ports to validation.go.
2015-04-03 15:06:25 -04:00
tweakSvc: func(s *api.Service) {
Add Type to ServiceSpec: ClusterIP or LoadBalancer
2015-05-22 17:49:26 -04:00
s.Spec.Type = api.ServiceTypeLoadBalancer
Move validation of load balancers only supporting TCP ports to validation.go.
2015-04-03 15:06:25 -04:00
s.Spec.Ports[0].Protocol = "UDP"
},
* Added UDP LB support (for GCE)
2015-09-28 16:57:58 -04:00
numErrs: 0,
Move validation of load balancers only supporting TCP ports to validation.go.
2015-04-03 15:06:25 -04:00
},
{
* Added UDP LB support (for GCE)
2015-09-28 16:57:58 -04:00
name: "valid load balancer protocol UDP 2",
Move validation of load balancers only supporting TCP ports to validation.go.
2015-04-03 15:06:25 -04:00
tweakSvc: func(s *api.Service) {
Add Type to ServiceSpec: ClusterIP or LoadBalancer
2015-05-22 17:49:26 -04:00
s.Spec.Type = api.ServiceTypeLoadBalancer
add service validation for mix protocol
2016-02-03 17:54:32 -05:00
s.Spec.Ports[0] = api.ServicePort{Name: "q", Port: 12345, Protocol: "UDP", TargetPort: intstr.FromInt(12345)}
Move validation of load balancers only supporting TCP ports to validation.go.
2015-04-03 15:06:25 -04:00
},
* Added UDP LB support (for GCE)
2015-09-28 16:57:58 -04:00
numErrs: 0,
Move validation of load balancers only supporting TCP ports to validation.go.
2015-04-03 15:06:25 -04:00
},
add service validation for mix protocol
2016-02-03 17:54:32 -05:00
{
name: "invalid load balancer with mix protocol",
tweakSvc: func(s *api.Service) {
s.Spec.Type = api.ServiceTypeLoadBalancer
s.Spec.Ports = append(s.Spec.Ports, api.ServicePort{Name: "q", Port: 12345, Protocol: "UDP", TargetPort: intstr.FromInt(12345)})
},
numErrs: 1,
},
Add some validation for externalized service ports.
2014-10-31 02:03:52 -04:00
{
Make testing service validation easier Part of multi-port services. If people like this, we could start to apply this pattern elsewhere. TL;DR: don't redefine objects over and over changing one thing each time. Instead provide a func that mutates a base object to test facets of validation. Much easier to read and to update.
2015-03-08 00:40:18 -05:00
name: "valid 1",
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
tweakSvc: func(s *api.Service) {
Make testing service validation easier Part of multi-port services. If people like this, we could start to apply this pattern elsewhere. TL;DR: don't redefine objects over and over changing one thing each time. Instead provide a func that mutates a base object to test facets of validation. Much easier to read and to update.
2015-03-08 00:40:18 -05:00
// do nothing
Add some validation for externalized service ports.
2014-10-31 02:03:52 -04:00
},
numErrs: 0,
},
add RFC952 label validation
2014-10-23 16:14:13 -04:00
{
Make testing service validation easier Part of multi-port services. If people like this, we could start to apply this pattern elsewhere. TL;DR: don't redefine objects over and over changing one thing each time. Instead provide a func that mutates a base object to test facets of validation. Much easier to read and to update.
2015-03-08 00:40:18 -05:00
name: "valid 2",
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
tweakSvc: func(s *api.Service) {
WIP: Implement multi-port Services
2015-03-13 11:16:41 -04:00
s.Spec.Ports[0].Protocol = "UDP"
Refactor IntOrString into a new pkg pkg/util/intstr is a cleaner encapsulation for this type and supporting functions. No behavioral change.
2015-11-10 01:28:45 -05:00
s.Spec.Ports[0].TargetPort = intstr.FromInt(12345)
Allow an empty service
2014-11-18 12:49:00 -05:00
},
Make testing service validation easier Part of multi-port services. If people like this, we could start to apply this pattern elsewhere. TL;DR: don't redefine objects over and over changing one thing each time. Instead provide a func that mutates a base object to test facets of validation. Much easier to read and to update.
2015-03-08 00:40:18 -05:00
numErrs: 0,
Allow an empty service
2014-11-18 12:49:00 -05:00
},
{
Make testing service validation easier Part of multi-port services. If people like this, we could start to apply this pattern elsewhere. TL;DR: don't redefine objects over and over changing one thing each time. Instead provide a func that mutates a base object to test facets of validation. Much easier to read and to update.
2015-03-08 00:40:18 -05:00
name: "valid 3",
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
tweakSvc: func(s *api.Service) {
Refactor IntOrString into a new pkg pkg/util/intstr is a cleaner encapsulation for this type and supporting functions. No behavioral change.
2015-11-10 01:28:45 -05:00
s.Spec.Ports[0].TargetPort = intstr.FromString("http")
add RFC952 label validation
2014-10-23 16:14:13 -04:00
},
Make testing service validation easier Part of multi-port services. If people like this, we could start to apply this pattern elsewhere. TL;DR: don't redefine objects over and over changing one thing each time. Instead provide a func that mutates a base object to test facets of validation. Much easier to read and to update.
2015-03-08 00:40:18 -05:00
numErrs: 0,
add RFC952 label validation
2014-10-23 16:14:13 -04:00
},
Headless Services: Adding option to specify None for PortalIP
2015-03-16 17:36:30 -04:00
{
Rename 'portal IP' to 'cluster IP' most everywhere This covers obvious transforms, but not --portal_net, $PORTAL_NET and similar.
2015-05-23 16:41:11 -04:00
name: "valid cluster ip - none ",
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
tweakSvc: func(s *api.Service) {
Rename 'portal IP' to 'cluster IP' most everywhere This covers obvious transforms, but not --portal_net, $PORTAL_NET and similar.
2015-05-23 16:41:11 -04:00
s.Spec.ClusterIP = "None"
Headless Services: Adding option to specify None for PortalIP
2015-03-16 17:36:30 -04:00
},
numErrs: 0,
},
{
Rename 'portal IP' to 'cluster IP' most everywhere This covers obvious transforms, but not --portal_net, $PORTAL_NET and similar.
2015-05-23 16:41:11 -04:00
name: "valid cluster ip - empty",
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
tweakSvc: func(s *api.Service) {
Rename 'portal IP' to 'cluster IP' most everywhere This covers obvious transforms, but not --portal_net, $PORTAL_NET and similar.
2015-05-23 16:41:11 -04:00
s.Spec.ClusterIP = ""
Refactor IntOrString into a new pkg pkg/util/intstr is a cleaner encapsulation for this type and supporting functions. No behavioral change.
2015-11-10 01:28:45 -05:00
s.Spec.Ports[0].TargetPort = intstr.FromString("http")
Headless Services: Adding option to specify None for PortalIP
2015-03-16 17:36:30 -04:00
},
numErrs: 0,
},
Move validation of load balancers only supporting TCP ports to validation.go.
2015-04-03 15:06:25 -04:00
{
Add ServiceType = NodePort; wire everything up
2015-05-20 11:59:34 -04:00
name: "valid type - cluster",
Add Type to ServiceSpec: ClusterIP or LoadBalancer
2015-05-22 17:49:26 -04:00
tweakSvc: func(s *api.Service) {
s.Spec.Type = api.ServiceTypeClusterIP
},
numErrs: 0,
},
{
Add ServiceType = NodePort; wire everything up
2015-05-20 11:59:34 -04:00
name: "valid type - loadbalancer",
Add Type to ServiceSpec: ClusterIP or LoadBalancer
2015-05-22 17:49:26 -04:00
tweakSvc: func(s *api.Service) {
s.Spec.Type = api.ServiceTypeLoadBalancer
},
numErrs: 0,
},
{
name: "valid type loadbalancer 2 ports",
Move validation of load balancers only supporting TCP ports to validation.go.
2015-04-03 15:06:25 -04:00
tweakSvc: func(s *api.Service) {
Add Type to ServiceSpec: ClusterIP or LoadBalancer
2015-05-22 17:49:26 -04:00
s.Spec.Type = api.ServiceTypeLoadBalancer
Refactor IntOrString into a new pkg pkg/util/intstr is a cleaner encapsulation for this type and supporting functions. No behavioral change.
2015-11-10 01:28:45 -05:00
s.Spec.Ports = append(s.Spec.Ports, api.ServicePort{Name: "q", Port: 12345, Protocol: "TCP", TargetPort: intstr.FromInt(12345)})
Move validation of load balancers only supporting TCP ports to validation.go.
2015-04-03 15:06:25 -04:00
},
numErrs: 0,
},
{
name: "valid external load balancer 2 ports",
tweakSvc: func(s *api.Service) {
Add Type to ServiceSpec: ClusterIP or LoadBalancer
2015-05-22 17:49:26 -04:00
s.Spec.Type = api.ServiceTypeLoadBalancer
Refactor IntOrString into a new pkg pkg/util/intstr is a cleaner encapsulation for this type and supporting functions. No behavioral change.
2015-11-10 01:28:45 -05:00
s.Spec.Ports = append(s.Spec.Ports, api.ServicePort{Name: "q", Port: 12345, Protocol: "TCP", TargetPort: intstr.FromInt(12345)})
Move validation of load balancers only supporting TCP ports to validation.go.
2015-04-03 15:06:25 -04:00
},
numErrs: 0,
},
Add NodePort to ServicePort We prevent it from being set by validation
2015-05-22 17:54:19 -04:00
{
name: "duplicate nodeports",
tweakSvc: func(s *api.Service) {
Add ServiceType = NodePort; wire everything up
2015-05-20 11:59:34 -04:00
s.Spec.Type = api.ServiceTypeNodePort
Refactor IntOrString into a new pkg pkg/util/intstr is a cleaner encapsulation for this type and supporting functions. No behavioral change.
2015-11-10 01:28:45 -05:00
s.Spec.Ports = append(s.Spec.Ports, api.ServicePort{Name: "q", Port: 1, Protocol: "TCP", NodePort: 1, TargetPort: intstr.FromInt(1)})
s.Spec.Ports = append(s.Spec.Ports, api.ServicePort{Name: "r", Port: 2, Protocol: "TCP", NodePort: 1, TargetPort: intstr.FromInt(2)})
Add NodePort to ServicePort We prevent it from being set by validation
2015-05-22 17:54:19 -04:00
},
Add ServiceType = NodePort; wire everything up
2015-05-20 11:59:34 -04:00
numErrs: 1,
Add NodePort to ServicePort We prevent it from being set by validation
2015-05-22 17:54:19 -04:00
},
{
name: "duplicate nodeports (different protocols)",
tweakSvc: func(s *api.Service) {
Add ServiceType = NodePort; wire everything up
2015-05-20 11:59:34 -04:00
s.Spec.Type = api.ServiceTypeNodePort
Refactor IntOrString into a new pkg pkg/util/intstr is a cleaner encapsulation for this type and supporting functions. No behavioral change.
2015-11-10 01:28:45 -05:00
s.Spec.Ports = append(s.Spec.Ports, api.ServicePort{Name: "q", Port: 1, Protocol: "TCP", NodePort: 1, TargetPort: intstr.FromInt(1)})
s.Spec.Ports = append(s.Spec.Ports, api.ServicePort{Name: "r", Port: 2, Protocol: "UDP", NodePort: 1, TargetPort: intstr.FromInt(2)})
Add NodePort to ServicePort We prevent it from being set by validation
2015-05-22 17:54:19 -04:00
},
Add ServiceType = NodePort; wire everything up
2015-05-20 11:59:34 -04:00
numErrs: 0,
},
{
name: "valid type - cluster",
tweakSvc: func(s *api.Service) {
s.Spec.Type = api.ServiceTypeClusterIP
},
numErrs: 0,
},
{
name: "valid type - nodeport",
tweakSvc: func(s *api.Service) {
s.Spec.Type = api.ServiceTypeNodePort
},
numErrs: 0,
},
{
name: "valid type - loadbalancer",
tweakSvc: func(s *api.Service) {
s.Spec.Type = api.ServiceTypeLoadBalancer
},
numErrs: 0,
},
{
name: "valid type loadbalancer 2 ports",
tweakSvc: func(s *api.Service) {
s.Spec.Type = api.ServiceTypeLoadBalancer
Refactor IntOrString into a new pkg pkg/util/intstr is a cleaner encapsulation for this type and supporting functions. No behavioral change.
2015-11-10 01:28:45 -05:00
s.Spec.Ports = append(s.Spec.Ports, api.ServicePort{Name: "q", Port: 12345, Protocol: "TCP", TargetPort: intstr.FromInt(12345)})
Add ServiceType = NodePort; wire everything up
2015-05-20 11:59:34 -04:00
},
numErrs: 0,
},
{
name: "valid type loadbalancer with NodePort",
tweakSvc: func(s *api.Service) {
s.Spec.Type = api.ServiceTypeLoadBalancer
Refactor IntOrString into a new pkg pkg/util/intstr is a cleaner encapsulation for this type and supporting functions. No behavioral change.
2015-11-10 01:28:45 -05:00
s.Spec.Ports = append(s.Spec.Ports, api.ServicePort{Name: "q", Port: 12345, Protocol: "TCP", NodePort: 12345, TargetPort: intstr.FromInt(12345)})
Add ServiceType = NodePort; wire everything up
2015-05-20 11:59:34 -04:00
},
numErrs: 0,
},
{
name: "valid type=NodePort service with NodePort",
tweakSvc: func(s *api.Service) {
s.Spec.Type = api.ServiceTypeNodePort
Refactor IntOrString into a new pkg pkg/util/intstr is a cleaner encapsulation for this type and supporting functions. No behavioral change.
2015-11-10 01:28:45 -05:00
s.Spec.Ports = append(s.Spec.Ports, api.ServicePort{Name: "q", Port: 12345, Protocol: "TCP", NodePort: 12345, TargetPort: intstr.FromInt(12345)})
Add ServiceType = NodePort; wire everything up
2015-05-20 11:59:34 -04:00
},
numErrs: 0,
},
{
name: "valid type=NodePort service without NodePort",
tweakSvc: func(s *api.Service) {
s.Spec.Type = api.ServiceTypeNodePort
Refactor IntOrString into a new pkg pkg/util/intstr is a cleaner encapsulation for this type and supporting functions. No behavioral change.
2015-11-10 01:28:45 -05:00
s.Spec.Ports = append(s.Spec.Ports, api.ServicePort{Name: "q", Port: 12345, Protocol: "TCP", TargetPort: intstr.FromInt(12345)})
Add ServiceType = NodePort; wire everything up
2015-05-20 11:59:34 -04:00
},
numErrs: 0,
},
{
name: "valid cluster service without NodePort",
tweakSvc: func(s *api.Service) {
s.Spec.Type = api.ServiceTypeClusterIP
Refactor IntOrString into a new pkg pkg/util/intstr is a cleaner encapsulation for this type and supporting functions. No behavioral change.
2015-11-10 01:28:45 -05:00
s.Spec.Ports = append(s.Spec.Ports, api.ServicePort{Name: "q", Port: 12345, Protocol: "TCP", TargetPort: intstr.FromInt(12345)})
Add ServiceType = NodePort; wire everything up
2015-05-20 11:59:34 -04:00
},
numErrs: 0,
},
{
name: "invalid cluster service with NodePort",
tweakSvc: func(s *api.Service) {
s.Spec.Type = api.ServiceTypeClusterIP
Refactor IntOrString into a new pkg pkg/util/intstr is a cleaner encapsulation for this type and supporting functions. No behavioral change.
2015-11-10 01:28:45 -05:00
s.Spec.Ports = append(s.Spec.Ports, api.ServicePort{Name: "q", Port: 12345, Protocol: "TCP", NodePort: 12345, TargetPort: intstr.FromInt(12345)})
Add ServiceType = NodePort; wire everything up
2015-05-20 11:59:34 -04:00
},
numErrs: 1,
},
{
name: "invalid public service with duplicate NodePort",
tweakSvc: func(s *api.Service) {
s.Spec.Type = api.ServiceTypeNodePort
Refactor IntOrString into a new pkg pkg/util/intstr is a cleaner encapsulation for this type and supporting functions. No behavioral change.
2015-11-10 01:28:45 -05:00
s.Spec.Ports = append(s.Spec.Ports, api.ServicePort{Name: "p1", Port: 1, Protocol: "TCP", NodePort: 1, TargetPort: intstr.FromInt(1)})
s.Spec.Ports = append(s.Spec.Ports, api.ServicePort{Name: "p2", Port: 2, Protocol: "TCP", NodePort: 1, TargetPort: intstr.FromInt(2)})
Add ServiceType = NodePort; wire everything up
2015-05-20 11:59:34 -04:00
},
numErrs: 1,
},
{
name: "valid type=LoadBalancer",
tweakSvc: func(s *api.Service) {
s.Spec.Type = api.ServiceTypeLoadBalancer
Refactor IntOrString into a new pkg pkg/util/intstr is a cleaner encapsulation for this type and supporting functions. No behavioral change.
2015-11-10 01:28:45 -05:00
s.Spec.Ports = append(s.Spec.Ports, api.ServicePort{Name: "q", Port: 12345, Protocol: "TCP", TargetPort: intstr.FromInt(12345)})
Add ServiceType = NodePort; wire everything up
2015-05-20 11:59:34 -04:00
},
numErrs: 0,
Add NodePort to ServicePort We prevent it from being set by validation
2015-05-22 17:54:19 -04:00
},
Automatically open a firewall when creating a GCE load balancer.
2015-07-09 01:02:10 -04:00
{
// For now we open firewalls, and its insecure if we open 10250, remove this
// when we have better protections in place.
name: "invalid port type=LoadBalancer",
tweakSvc: func(s *api.Service) {
s.Spec.Type = api.ServiceTypeLoadBalancer
Refactor IntOrString into a new pkg pkg/util/intstr is a cleaner encapsulation for this type and supporting functions. No behavioral change.
2015-11-10 01:28:45 -05:00
s.Spec.Ports = append(s.Spec.Ports, api.ServicePort{Name: "kubelet", Port: 10250, Protocol: "TCP", TargetPort: intstr.FromInt(12345)})
Automatically open a firewall when creating a GCE load balancer.
2015-07-09 01:02:10 -04:00
},
numErrs: 1,
},
LB Source Ranges: Move validation into API layer Had to move other things around too to avoid a weird api -> cloudprovider dependency. Also adding fixes per code reviews. (This is a squash of the previously approved commits)
2016-02-29 20:56:39 -05:00
{
name: "valid LoadBalancer source range annotation",
tweakSvc: func(s *api.Service) {
promote sourceRange into service spec
2016-05-17 19:55:04 -04:00
s.Spec.Type = api.ServiceTypeLoadBalancer
LB Source Ranges: Move validation into API layer Had to move other things around too to avoid a weird api -> cloudprovider dependency. Also adding fixes per code reviews. (This is a squash of the previously approved commits)
2016-02-29 20:56:39 -05:00
s.Annotations[service.AnnotationLoadBalancerSourceRangesKey] = "1.2.3.4/8, 5.6.7.8/16"
},
numErrs: 0,
},
{
name: "empty LoadBalancer source range annotation",
tweakSvc: func(s *api.Service) {
promote sourceRange into service spec
2016-05-17 19:55:04 -04:00
s.Spec.Type = api.ServiceTypeLoadBalancer
LB Source Ranges: Move validation into API layer Had to move other things around too to avoid a weird api -> cloudprovider dependency. Also adding fixes per code reviews. (This is a squash of the previously approved commits)
2016-02-29 20:56:39 -05:00
s.Annotations[service.AnnotationLoadBalancerSourceRangesKey] = ""
},
numErrs: 0,
},
{
name: "invalid LoadBalancer source range annotation (hostname)",
tweakSvc: func(s *api.Service) {
s.Annotations[service.AnnotationLoadBalancerSourceRangesKey] = "foo.bar"
},
promote sourceRange into service spec
2016-05-17 19:55:04 -04:00
numErrs: 2,
LB Source Ranges: Move validation into API layer Had to move other things around too to avoid a weird api -> cloudprovider dependency. Also adding fixes per code reviews. (This is a squash of the previously approved commits)
2016-02-29 20:56:39 -05:00
},
{
name: "invalid LoadBalancer source range annotation (invalid CIDR)",
tweakSvc: func(s *api.Service) {
promote sourceRange into service spec
2016-05-17 19:55:04 -04:00
s.Spec.Type = api.ServiceTypeLoadBalancer
LB Source Ranges: Move validation into API layer Had to move other things around too to avoid a weird api -> cloudprovider dependency. Also adding fixes per code reviews. (This is a squash of the previously approved commits)
2016-02-29 20:56:39 -05:00
s.Annotations[service.AnnotationLoadBalancerSourceRangesKey] = "1.2.3.4/33"
},
numErrs: 1,
},
promote sourceRange into service spec
2016-05-17 19:55:04 -04:00
{
name: "invalid source range for non LoadBalancer type service",
tweakSvc: func(s *api.Service) {
s.Spec.LoadBalancerSourceRanges = []string{"1.2.3.4/8", "5.6.7.8/16"}
},
numErrs: 1,
},
{
name: "valid LoadBalancer source range",
tweakSvc: func(s *api.Service) {
s.Spec.Type = api.ServiceTypeLoadBalancer
s.Spec.LoadBalancerSourceRanges = []string{"1.2.3.4/8", "5.6.7.8/16"}
},
numErrs: 0,
},
{
name: "empty LoadBalancer source range",
tweakSvc: func(s *api.Service) {
s.Spec.Type = api.ServiceTypeLoadBalancer
s.Spec.LoadBalancerSourceRanges = []string{" "}
},
numErrs: 1,
},
{
name: "invalid LoadBalancer source range",
tweakSvc: func(s *api.Service) {
s.Spec.Type = api.ServiceTypeLoadBalancer
s.Spec.LoadBalancerSourceRanges = []string{"foo.bar"}
},
numErrs: 1,
},
Add ExternalName to ServiceSpec ExternalName allows kubedns to return CNAME records for external services. No proxying is involved. See original issue at https://github.com/kubernetes/kubernetes/issues/13748 Feature tracking at https://github.com/kubernetes/features/issues/33
2016-08-19 12:09:14 -04:00
{
name: "valid ExternalName",
tweakSvc: func(s *api.Service) {
s.Spec.Type = api.ServiceTypeExternalName
s.Spec.ClusterIP = ""
s.Spec.ExternalName = "foo.bar.example.com"
},
numErrs: 0,
},
{
name: "invalid ExternalName clusterIP (valid IP)",
tweakSvc: func(s *api.Service) {
s.Spec.Type = api.ServiceTypeExternalName
s.Spec.ClusterIP = "1.2.3.4"
s.Spec.ExternalName = "foo.bar.example.com"
},
numErrs: 1,
},
{
name: "invalid ExternalName clusterIP (None)",
tweakSvc: func(s *api.Service) {
s.Spec.Type = api.ServiceTypeExternalName
s.Spec.ClusterIP = "None"
s.Spec.ExternalName = "foo.bar.example.com"
},
numErrs: 1,
},
{
name: "invalid ExternalName (not a DNS name)",
tweakSvc: func(s *api.Service) {
s.Spec.Type = api.ServiceTypeExternalName
s.Spec.ClusterIP = ""
s.Spec.ExternalName = "-123"
},
numErrs: 1,
},
Validate None Service ClusterIP against LB type If the Service is a Load Balancer, it should not have None Cluster IP. If it does, Service validation fails.
2016-09-22 10:07:47 -04:00
{
name: "LoadBalancer type cannot have None ClusterIP",
tweakSvc: func(s *api.Service) {
s.Spec.ClusterIP = "None"
s.Spec.Type = api.ServiceTypeLoadBalancer
},
numErrs: 1,
},
Validation
2016-10-18 21:43:13 -04:00
{
name: "LoadBalancer disallows onlyLocal alpha annotations",
tweakSvc: func(s *api.Service) {
s.Annotations[service.AlphaAnnotationExternalTraffic] = service.AnnotationValueExternalTrafficLocal
},
numErrs: 1,
},
Add initial validation of Service objects
2014-07-10 15:45:01 -04:00
}
make service validation test be table-driven
2014-09-10 12:41:31 -04:00
for _, tc := range testCases {
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
svc := makeValidService()
tc.tweakSvc(&svc)
Make testing service validation easier Part of multi-port services. If people like this, we could start to apply this pattern elsewhere. TL;DR: don't redefine objects over and over changing one thing each time. Instead provide a func that mutates a base object to test facets of validation. Much easier to read and to update.
2015-03-08 00:40:18 -05:00
errs := ValidateService(&svc)
make service validation test be table-driven
2014-09-10 12:41:31 -04:00
if len(errs) != tc.numErrs {
Stronger typing for validation ErrorList
2015-11-03 19:08:20 -05:00
t.Errorf("Unexpected error list for case %q: %v", tc.name, errs.ToAggregate())
make service validation test be table-driven
2014-09-10 12:41:31 -04:00
}
Add initial validation of Service objects
2014-07-10 15:45:01 -04:00
}
}
Extend validation for ReplicationController Provide type safe checks for empty sets of selectors.
2014-07-25 12:15:17 -04:00
Add replication controller status subresource
2015-09-28 15:39:57 -04:00
func TestValidateReplicationControllerStatusUpdate(t *testing.T) {
validSelector := map[string]string{"a": "b"}
validPodTemplate := api.PodTemplate{
Template: api.PodTemplateSpec{
ObjectMeta: api.ObjectMeta{
Labels: validSelector,
},
Spec: api.PodSpec{
RestartPolicy: api.RestartPolicyAlways,
DNSPolicy: api.DNSClusterFirst,
Containers: []api.Container{{Name: "abc", Image: "image", ImagePullPolicy: "IfNotPresent"}},
},
},
}
type rcUpdateTest struct {
old api.ReplicationController
update api.ReplicationController
}
successCases := []rcUpdateTest{
{
old: api.ReplicationController{
ObjectMeta: api.ObjectMeta{Name: "abc", Namespace: api.NamespaceDefault},
Spec: api.ReplicationControllerSpec{
Selector: validSelector,
Template: &validPodTemplate.Template,
},
Status: api.ReplicationControllerStatus{
Replicas: 2,
},
},
update: api.ReplicationController{
ObjectMeta: api.ObjectMeta{Name: "abc", Namespace: api.NamespaceDefault},
Spec: api.ReplicationControllerSpec{
Replicas: 3,
Selector: validSelector,
Template: &validPodTemplate.Template,
},
Status: api.ReplicationControllerStatus{
Replicas: 4,
},
},
},
}
for _, successCase := range successCases {
successCase.old.ObjectMeta.ResourceVersion = "1"
successCase.update.ObjectMeta.ResourceVersion = "1"
Make order of fun consistent
2015-11-04 02:47:11 -05:00
if errs := ValidateReplicationControllerStatusUpdate(&successCase.update, &successCase.old); len(errs) != 0 {
Add replication controller status subresource
2015-09-28 15:39:57 -04:00
t.Errorf("expected success: %v", errs)
}
}
errorCases := map[string]rcUpdateTest{
"negative replicas": {
old: api.ReplicationController{
ObjectMeta: api.ObjectMeta{Name: "", Namespace: api.NamespaceDefault},
Spec: api.ReplicationControllerSpec{
Selector: validSelector,
Template: &validPodTemplate.Template,
},
Status: api.ReplicationControllerStatus{
Replicas: 3,
},
},
update: api.ReplicationController{
ObjectMeta: api.ObjectMeta{Name: "abc", Namespace: api.NamespaceDefault},
Spec: api.ReplicationControllerSpec{
Replicas: 2,
Selector: validSelector,
Template: &validPodTemplate.Template,
},
Status: api.ReplicationControllerStatus{
Replicas: -3,
},
},
},
}
for testName, errorCase := range errorCases {
Make order of fun consistent
2015-11-04 02:47:11 -05:00
if errs := ValidateReplicationControllerStatusUpdate(&errorCase.update, &errorCase.old); len(errs) == 0 {
Add replication controller status subresource
2015-09-28 15:39:57 -04:00
t.Errorf("expected failure: %s", testName)
}
}
}
Adjust replication controller validation to be more flexible about read/write volumes. Update docs to reflect reality as it is implemented.
2015-02-04 23:55:16 -05:00
func TestValidateReplicationControllerUpdate(t *testing.T) {
validSelector := map[string]string{"a": "b"}
validPodTemplate := api.PodTemplate{
Rename PodTemplate.Spec to PodTemplate.Template
2015-03-04 10:46:27 -05:00
Template: api.PodTemplateSpec{
Adjust replication controller validation to be more flexible about read/write volumes. Update docs to reflect reality as it is implemented.
2015-02-04 23:55:16 -05:00
ObjectMeta: api.ObjectMeta{
Labels: validSelector,
},
Spec: api.PodSpec{
Convert RestartPolicy to string for v1beta3. Fixed #3607 and spiritually support #5475
2015-03-13 21:38:07 -04:00
RestartPolicy: api.RestartPolicyAlways,
Adjust replication controller validation to be more flexible about read/write volumes. Update docs to reflect reality as it is implemented.
2015-02-04 23:55:16 -05:00
DNSPolicy: api.DNSClusterFirst,
Validate that there is at least one container in the pod
2015-03-18 11:00:18 -04:00
Containers: []api.Container{{Name: "abc", Image: "image", ImagePullPolicy: "IfNotPresent"}},
Adjust replication controller validation to be more flexible about read/write volumes. Update docs to reflect reality as it is implemented.
2015-02-04 23:55:16 -05:00
},
},
}
readWriteVolumePodTemplate := api.PodTemplate{
Rename PodTemplate.Spec to PodTemplate.Template
2015-03-04 10:46:27 -05:00
Template: api.PodTemplateSpec{
Adjust replication controller validation to be more flexible about read/write volumes. Update docs to reflect reality as it is implemented.
2015-02-04 23:55:16 -05:00
ObjectMeta: api.ObjectMeta{
Labels: validSelector,
},
Spec: api.PodSpec{
Convert RestartPolicy to string for v1beta3. Fixed #3607 and spiritually support #5475
2015-03-13 21:38:07 -04:00
RestartPolicy: api.RestartPolicyAlways,
Adjust replication controller validation to be more flexible about read/write volumes. Update docs to reflect reality as it is implemented.
2015-02-04 23:55:16 -05:00
DNSPolicy: api.DNSClusterFirst,
Validate that there is at least one container in the pod
2015-03-18 11:00:18 -04:00
Containers: []api.Container{{Name: "abc", Image: "image", ImagePullPolicy: "IfNotPresent"}},
Correcting all go vet errors
2015-08-07 21:52:23 -04:00
Volumes: []api.Volume{{Name: "gcepd", VolumeSource: api.VolumeSource{GCEPersistentDisk: &api.GCEPersistentDiskVolumeSource{PDName: "my-PD", FSType: "ext4", Partition: 1, ReadOnly: false}}}},
Adjust replication controller validation to be more flexible about read/write volumes. Update docs to reflect reality as it is implemented.
2015-02-04 23:55:16 -05:00
},
},
}
invalidSelector := map[string]string{"NoUppercaseOrSpecialCharsLike=Equals": "b"}
invalidPodTemplate := api.PodTemplate{
Rename PodTemplate.Spec to PodTemplate.Template
2015-03-04 10:46:27 -05:00
Template: api.PodTemplateSpec{
Adjust replication controller validation to be more flexible about read/write volumes. Update docs to reflect reality as it is implemented.
2015-02-04 23:55:16 -05:00
Spec: api.PodSpec{
Convert RestartPolicy to string for v1beta3. Fixed #3607 and spiritually support #5475
2015-03-13 21:38:07 -04:00
RestartPolicy: api.RestartPolicyAlways,
Adjust replication controller validation to be more flexible about read/write volumes. Update docs to reflect reality as it is implemented.
2015-02-04 23:55:16 -05:00
DNSPolicy: api.DNSClusterFirst,
},
ObjectMeta: api.ObjectMeta{
Labels: invalidSelector,
},
},
}
type rcUpdateTest struct {
old api.ReplicationController
update api.ReplicationController
}
successCases := []rcUpdateTest{
{
old: api.ReplicationController{
ObjectMeta: api.ObjectMeta{Name: "abc", Namespace: api.NamespaceDefault},
Spec: api.ReplicationControllerSpec{
Selector: validSelector,
Rename PodTemplate.Spec to PodTemplate.Template
2015-03-04 10:46:27 -05:00
Template: &validPodTemplate.Template,
Adjust replication controller validation to be more flexible about read/write volumes. Update docs to reflect reality as it is implemented.
2015-02-04 23:55:16 -05:00
},
},
update: api.ReplicationController{
ObjectMeta: api.ObjectMeta{Name: "abc", Namespace: api.NamespaceDefault},
Spec: api.ReplicationControllerSpec{
Replicas: 3,
Selector: validSelector,
Rename PodTemplate.Spec to PodTemplate.Template
2015-03-04 10:46:27 -05:00
Template: &validPodTemplate.Template,
Adjust replication controller validation to be more flexible about read/write volumes. Update docs to reflect reality as it is implemented.
2015-02-04 23:55:16 -05:00
},
},
},
{
old: api.ReplicationController{
ObjectMeta: api.ObjectMeta{Name: "abc", Namespace: api.NamespaceDefault},
Spec: api.ReplicationControllerSpec{
Selector: validSelector,
Rename PodTemplate.Spec to PodTemplate.Template
2015-03-04 10:46:27 -05:00
Template: &validPodTemplate.Template,
Adjust replication controller validation to be more flexible about read/write volumes. Update docs to reflect reality as it is implemented.
2015-02-04 23:55:16 -05:00
},
},
update: api.ReplicationController{
ObjectMeta: api.ObjectMeta{Name: "abc", Namespace: api.NamespaceDefault},
Spec: api.ReplicationControllerSpec{
Replicas: 1,
Selector: validSelector,
Rename PodTemplate.Spec to PodTemplate.Template
2015-03-04 10:46:27 -05:00
Template: &readWriteVolumePodTemplate.Template,
Adjust replication controller validation to be more flexible about read/write volumes. Update docs to reflect reality as it is implemented.
2015-02-04 23:55:16 -05:00
},
},
},
}
for _, successCase := range successCases {
Give better error message for PUTs with no resource version
2015-03-19 20:51:07 -04:00
successCase.old.ObjectMeta.ResourceVersion = "1"
successCase.update.ObjectMeta.ResourceVersion = "1"
Make order of fun consistent
2015-11-04 02:47:11 -05:00
if errs := ValidateReplicationControllerUpdate(&successCase.update, &successCase.old); len(errs) != 0 {
Adjust replication controller validation to be more flexible about read/write volumes. Update docs to reflect reality as it is implemented.
2015-02-04 23:55:16 -05:00
t.Errorf("expected success: %v", errs)
}
}
errorCases := map[string]rcUpdateTest{
"more than one read/write": {
old: api.ReplicationController{
ObjectMeta: api.ObjectMeta{Name: "", Namespace: api.NamespaceDefault},
Spec: api.ReplicationControllerSpec{
Selector: validSelector,
Rename PodTemplate.Spec to PodTemplate.Template
2015-03-04 10:46:27 -05:00
Template: &validPodTemplate.Template,
Adjust replication controller validation to be more flexible about read/write volumes. Update docs to reflect reality as it is implemented.
2015-02-04 23:55:16 -05:00
},
},
update: api.ReplicationController{
ObjectMeta: api.ObjectMeta{Name: "abc", Namespace: api.NamespaceDefault},
Spec: api.ReplicationControllerSpec{
Replicas: 2,
Selector: validSelector,
Rename PodTemplate.Spec to PodTemplate.Template
2015-03-04 10:46:27 -05:00
Template: &readWriteVolumePodTemplate.Template,
Adjust replication controller validation to be more flexible about read/write volumes. Update docs to reflect reality as it is implemented.
2015-02-04 23:55:16 -05:00
},
},
},
"invalid selector": {
old: api.ReplicationController{
ObjectMeta: api.ObjectMeta{Name: "", Namespace: api.NamespaceDefault},
Spec: api.ReplicationControllerSpec{
Selector: validSelector,
Rename PodTemplate.Spec to PodTemplate.Template
2015-03-04 10:46:27 -05:00
Template: &validPodTemplate.Template,
Adjust replication controller validation to be more flexible about read/write volumes. Update docs to reflect reality as it is implemented.
2015-02-04 23:55:16 -05:00
},
},
update: api.ReplicationController{
ObjectMeta: api.ObjectMeta{Name: "abc", Namespace: api.NamespaceDefault},
Spec: api.ReplicationControllerSpec{
Replicas: 2,
Selector: invalidSelector,
Rename PodTemplate.Spec to PodTemplate.Template
2015-03-04 10:46:27 -05:00
Template: &validPodTemplate.Template,
Adjust replication controller validation to be more flexible about read/write volumes. Update docs to reflect reality as it is implemented.
2015-02-04 23:55:16 -05:00
},
},
},
"invalid pod": {
old: api.ReplicationController{
ObjectMeta: api.ObjectMeta{Name: "", Namespace: api.NamespaceDefault},
Spec: api.ReplicationControllerSpec{
Selector: validSelector,
Rename PodTemplate.Spec to PodTemplate.Template
2015-03-04 10:46:27 -05:00
Template: &validPodTemplate.Template,
Adjust replication controller validation to be more flexible about read/write volumes. Update docs to reflect reality as it is implemented.
2015-02-04 23:55:16 -05:00
},
},
update: api.ReplicationController{
ObjectMeta: api.ObjectMeta{Name: "abc", Namespace: api.NamespaceDefault},
Spec: api.ReplicationControllerSpec{
Replicas: 2,
Selector: validSelector,
Rename PodTemplate.Spec to PodTemplate.Template
2015-03-04 10:46:27 -05:00
Template: &invalidPodTemplate.Template,
Adjust replication controller validation to be more flexible about read/write volumes. Update docs to reflect reality as it is implemented.
2015-02-04 23:55:16 -05:00
},
},
},
"negative replicas": {
old: api.ReplicationController{
ObjectMeta: api.ObjectMeta{Name: "abc", Namespace: api.NamespaceDefault},
Spec: api.ReplicationControllerSpec{
Selector: validSelector,
Rename PodTemplate.Spec to PodTemplate.Template
2015-03-04 10:46:27 -05:00
Template: &validPodTemplate.Template,
Adjust replication controller validation to be more flexible about read/write volumes. Update docs to reflect reality as it is implemented.
2015-02-04 23:55:16 -05:00
},
},
update: api.ReplicationController{
ObjectMeta: api.ObjectMeta{Name: "abc", Namespace: api.NamespaceDefault},
Spec: api.ReplicationControllerSpec{
Replicas: -1,
Selector: validSelector,
Rename PodTemplate.Spec to PodTemplate.Template
2015-03-04 10:46:27 -05:00
Template: &validPodTemplate.Template,
Adjust replication controller validation to be more flexible about read/write volumes. Update docs to reflect reality as it is implemented.
2015-02-04 23:55:16 -05:00
},
},
},
}
for testName, errorCase := range errorCases {
Make order of fun consistent
2015-11-04 02:47:11 -05:00
if errs := ValidateReplicationControllerUpdate(&errorCase.update, &errorCase.old); len(errs) == 0 {
Adjust replication controller validation to be more flexible about read/write volumes. Update docs to reflect reality as it is implemented.
2015-02-04 23:55:16 -05:00
t.Errorf("expected failure: %s", testName)
}
}
}
Extend validation for ReplicationController Provide type safe checks for empty sets of selectors.
2014-07-25 12:15:17 -04:00
func TestValidateReplicationController(t *testing.T) {
validSelector := map[string]string{"a": "b"}
Make validation work when not in the api package.
2014-08-29 21:20:27 -04:00
validPodTemplate := api.PodTemplate{
Rename PodTemplate.Spec to PodTemplate.Template
2015-03-04 10:46:27 -05:00
Template: api.PodTemplateSpec{
Update the validation logic to test PodTemplateSpec
2014-11-06 21:08:46 -05:00
ObjectMeta: api.ObjectMeta{
Labels: validSelector,
Extend validation for ReplicationController Provide type safe checks for empty sets of selectors.
2014-07-25 12:15:17 -04:00
},
Factor out API defaulting from validation logic Currently, the validation logic validates fields in an object and supply default values wherever applies. This change factors out defaulting to a set of defaulting callback functions for decoding (see #1502 for more discussion). * This change is based on pull request 2587. * Most defaulting has been migrated to defaults.go where the defaulting functions are added. * validation_test.go and converter_test.go have been adapted to not testing the default values. * Fixed all tests with that create invalid objects with the absence of defaulting logic.
2015-01-26 12:52:50 -05:00
Spec: api.PodSpec{
Convert RestartPolicy to string for v1beta3. Fixed #3607 and spiritually support #5475
2015-03-13 21:38:07 -04:00
RestartPolicy: api.RestartPolicyAlways,
Factor out API defaulting from validation logic Currently, the validation logic validates fields in an object and supply default values wherever applies. This change factors out defaulting to a set of defaulting callback functions for decoding (see #1502 for more discussion). * This change is based on pull request 2587. * Most defaulting has been migrated to defaults.go where the defaulting functions are added. * validation_test.go and converter_test.go have been adapted to not testing the default values. * Fixed all tests with that create invalid objects with the absence of defaulting logic.
2015-01-26 12:52:50 -05:00
DNSPolicy: api.DNSClusterFirst,
Validate that there is at least one container in the pod
2015-03-18 11:00:18 -04:00
Containers: []api.Container{{Name: "abc", Image: "image", ImagePullPolicy: "IfNotPresent"}},
Factor out API defaulting from validation logic Currently, the validation logic validates fields in an object and supply default values wherever applies. This change factors out defaulting to a set of defaulting callback functions for decoding (see #1502 for more discussion). * This change is based on pull request 2587. * Most defaulting has been migrated to defaults.go where the defaulting functions are added. * validation_test.go and converter_test.go have been adapted to not testing the default values. * Fixed all tests with that create invalid objects with the absence of defaulting logic.
2015-01-26 12:52:50 -05:00
},
Extend validation for ReplicationController Provide type safe checks for empty sets of selectors.
2014-07-25 12:15:17 -04:00
},
}
Adjust replication controller validation to be more flexible about read/write volumes. Update docs to reflect reality as it is implemented.
2015-02-04 23:55:16 -05:00
readWriteVolumePodTemplate := api.PodTemplate{
Rename PodTemplate.Spec to PodTemplate.Template
2015-03-04 10:46:27 -05:00
Template: api.PodTemplateSpec{
Adjust replication controller validation to be more flexible about read/write volumes. Update docs to reflect reality as it is implemented.
2015-02-04 23:55:16 -05:00
ObjectMeta: api.ObjectMeta{
Labels: validSelector,
},
Update the validation logic to test PodTemplateSpec
2014-11-06 21:08:46 -05:00
Spec: api.PodSpec{
Correcting all go vet errors
2015-08-07 21:52:23 -04:00
Volumes: []api.Volume{{Name: "gcepd", VolumeSource: api.VolumeSource{GCEPersistentDisk: &api.GCEPersistentDiskVolumeSource{PDName: "my-PD", FSType: "ext4", Partition: 1, ReadOnly: false}}}},
Convert RestartPolicy to string for v1beta3. Fixed #3607 and spiritually support #5475
2015-03-13 21:38:07 -04:00
RestartPolicy: api.RestartPolicyAlways,
Fix tests in validation_test Some tests expect the error cases to fail for a specific reason, but they could fail for other reasons and still pass. This caused some changes to break the tests without noticing the breakage. Example are the recent defaulting PR This change fixes such tests and also updates some obsolete tests.
2015-02-04 18:44:46 -05:00
DNSPolicy: api.DNSClusterFirst,
Validate that there is at least one container in the pod
2015-03-18 11:00:18 -04:00
Containers: []api.Container{{Name: "abc", Image: "image", ImagePullPolicy: "IfNotPresent"}},
Adds support for attaching GCEPersitentDisks Adds GCEPersistentDisk volume struct Adds gce-utils to attach disk to kubelet's VM. Updates config to give compute-rw to every minion. Adds GCEPersistentDisk to API Adds ability to mount attached disks Generalizes PD and adds tests. PD now uses an pluggable API interface. Unit Tests more cleanly separates TearDown and SetUp Modify boilerplate hook to omit build tags Adds Mounter interface; mount is now built by OS TearDown() for PD now detaches disk on final refcount Un-generalized PD; GCE calls moved to cloudprovider Address comments.
2014-08-05 13:58:43 -04:00
},
},
}
add RFC952 label validation
2014-10-23 16:14:13 -04:00
invalidSelector := map[string]string{"NoUppercaseOrSpecialCharsLike=Equals": "b"}
invalidPodTemplate := api.PodTemplate{
Rename PodTemplate.Spec to PodTemplate.Template
2015-03-04 10:46:27 -05:00
Template: api.PodTemplateSpec{
Add pod restart policy validation for replication controller.
2014-11-17 23:08:23 -05:00
Spec: api.PodSpec{
Convert RestartPolicy to string for v1beta3. Fixed #3607 and spiritually support #5475
2015-03-13 21:38:07 -04:00
RestartPolicy: api.RestartPolicyAlways,
Factor out API defaulting from validation logic Currently, the validation logic validates fields in an object and supply default values wherever applies. This change factors out defaulting to a set of defaulting callback functions for decoding (see #1502 for more discussion). * This change is based on pull request 2587. * Most defaulting has been migrated to defaults.go where the defaulting functions are added. * validation_test.go and converter_test.go have been adapted to not testing the default values. * Fixed all tests with that create invalid objects with the absence of defaulting logic.
2015-01-26 12:52:50 -05:00
DNSPolicy: api.DNSClusterFirst,
Add pod restart policy validation for replication controller.
2014-11-17 23:08:23 -05:00
},
Update the validation logic to test PodTemplateSpec
2014-11-06 21:08:46 -05:00
ObjectMeta: api.ObjectMeta{
Labels: invalidSelector,
add RFC952 label validation
2014-10-23 16:14:13 -04:00
},
},
}
Make validation work when not in the api package.
2014-08-29 21:20:27 -04:00
successCases := []api.ReplicationController{
Extend validation for ReplicationController Provide type safe checks for empty sets of selectors.
2014-07-25 12:15:17 -04:00
{
Refactor tests to split ObjectMeta from TypeMeta
2014-10-23 16:51:34 -04:00
ObjectMeta: api.ObjectMeta{Name: "abc", Namespace: api.NamespaceDefault},
Update the validation logic to test PodTemplateSpec
2014-11-06 21:08:46 -05:00
Spec: api.ReplicationControllerSpec{
Selector: validSelector,
Rename PodTemplate.Spec to PodTemplate.Template
2015-03-04 10:46:27 -05:00
Template: &validPodTemplate.Template,
Extend validation for ReplicationController Provide type safe checks for empty sets of selectors.
2014-07-25 12:15:17 -04:00
},
},
{
Refactor tests to split ObjectMeta from TypeMeta
2014-10-23 16:51:34 -04:00
ObjectMeta: api.ObjectMeta{Name: "abc-123", Namespace: api.NamespaceDefault},
Update the validation logic to test PodTemplateSpec
2014-11-06 21:08:46 -05:00
Spec: api.ReplicationControllerSpec{
Selector: validSelector,
Rename PodTemplate.Spec to PodTemplate.Template
2015-03-04 10:46:27 -05:00
Template: &validPodTemplate.Template,
Extend validation for ReplicationController Provide type safe checks for empty sets of selectors.
2014-07-25 12:15:17 -04:00
},
},
Adjust replication controller validation to be more flexible about read/write volumes. Update docs to reflect reality as it is implemented.
2015-02-04 23:55:16 -05:00
{
ObjectMeta: api.ObjectMeta{Name: "abc-123", Namespace: api.NamespaceDefault},
Spec: api.ReplicationControllerSpec{
Replicas: 1,
Selector: validSelector,
Rename PodTemplate.Spec to PodTemplate.Template
2015-03-04 10:46:27 -05:00
Template: &readWriteVolumePodTemplate.Template,
Adjust replication controller validation to be more flexible about read/write volumes. Update docs to reflect reality as it is implemented.
2015-02-04 23:55:16 -05:00
},
},
Extend validation for ReplicationController Provide type safe checks for empty sets of selectors.
2014-07-25 12:15:17 -04:00
}
for _, successCase := range successCases {
if errs := ValidateReplicationController(&successCase); len(errs) != 0 {
t.Errorf("expected success: %v", errs)
}
}
Make validation work when not in the api package.
2014-08-29 21:20:27 -04:00
errorCases := map[string]api.ReplicationController{
Extend validation for ReplicationController Provide type safe checks for empty sets of selectors.
2014-07-25 12:15:17 -04:00
"zero-length ID": {
Refactor tests to split ObjectMeta from TypeMeta
2014-10-23 16:51:34 -04:00
ObjectMeta: api.ObjectMeta{Name: "", Namespace: api.NamespaceDefault},
Update the validation logic to test PodTemplateSpec
2014-11-06 21:08:46 -05:00
Spec: api.ReplicationControllerSpec{
Selector: validSelector,
Rename PodTemplate.Spec to PodTemplate.Template
2015-03-04 10:46:27 -05:00
Template: &validPodTemplate.Template,
Update test cases to use default context
2014-09-29 17:18:18 -04:00
},
},
"missing-namespace": {
Refactor tests to split ObjectMeta from TypeMeta
2014-10-23 16:51:34 -04:00
ObjectMeta: api.ObjectMeta{Name: "abc-123"},
Update the validation logic to test PodTemplateSpec
2014-11-06 21:08:46 -05:00
Spec: api.ReplicationControllerSpec{
Selector: validSelector,
Rename PodTemplate.Spec to PodTemplate.Template
2015-03-04 10:46:27 -05:00
Template: &validPodTemplate.Template,
Extend validation for ReplicationController Provide type safe checks for empty sets of selectors.
2014-07-25 12:15:17 -04:00
},
},
"empty selector": {
Refactor tests to split ObjectMeta from TypeMeta
2014-10-23 16:51:34 -04:00
ObjectMeta: api.ObjectMeta{Name: "abc", Namespace: api.NamespaceDefault},
Update the validation logic to test PodTemplateSpec
2014-11-06 21:08:46 -05:00
Spec: api.ReplicationControllerSpec{
Rename PodTemplate.Spec to PodTemplate.Template
2015-03-04 10:46:27 -05:00
Template: &validPodTemplate.Template,
Extend validation for ReplicationController Provide type safe checks for empty sets of selectors.
2014-07-25 12:15:17 -04:00
},
},
Add a validation that replicaSelector matches PodTemplate.Labels
2014-08-21 20:02:39 -04:00
"selector_doesnt_match": {
Refactor tests to split ObjectMeta from TypeMeta
2014-10-23 16:51:34 -04:00
ObjectMeta: api.ObjectMeta{Name: "abc", Namespace: api.NamespaceDefault},
Update the validation logic to test PodTemplateSpec
2014-11-06 21:08:46 -05:00
Spec: api.ReplicationControllerSpec{
Selector: map[string]string{"foo": "bar"},
Rename PodTemplate.Spec to PodTemplate.Template
2015-03-04 10:46:27 -05:00
Template: &validPodTemplate.Template,
Add a validation that replicaSelector matches PodTemplate.Labels
2014-08-21 20:02:39 -04:00
},
},
Extend validation for ReplicationController Provide type safe checks for empty sets of selectors.
2014-07-25 12:15:17 -04:00
"invalid manifest": {
Refactor tests to split ObjectMeta from TypeMeta
2014-10-23 16:51:34 -04:00
ObjectMeta: api.ObjectMeta{Name: "abc", Namespace: api.NamespaceDefault},
Update the validation logic to test PodTemplateSpec
2014-11-06 21:08:46 -05:00
Spec: api.ReplicationControllerSpec{
Selector: validSelector,
Extend validation for ReplicationController Provide type safe checks for empty sets of selectors.
2014-07-25 12:15:17 -04:00
},
},
Adjust replication controller validation to be more flexible about read/write volumes. Update docs to reflect reality as it is implemented.
2015-02-04 23:55:16 -05:00
"read-write persistent disk with > 1 pod": {
Refactor tests to split ObjectMeta from TypeMeta
2014-10-23 16:51:34 -04:00
ObjectMeta: api.ObjectMeta{Name: "abc"},
Update the validation logic to test PodTemplateSpec
2014-11-06 21:08:46 -05:00
Spec: api.ReplicationControllerSpec{
Adjust replication controller validation to be more flexible about read/write volumes. Update docs to reflect reality as it is implemented.
2015-02-04 23:55:16 -05:00
Replicas: 2,
Update the validation logic to test PodTemplateSpec
2014-11-06 21:08:46 -05:00
Selector: validSelector,
Rename PodTemplate.Spec to PodTemplate.Template
2015-03-04 10:46:27 -05:00
Template: &readWriteVolumePodTemplate.Template,
Adds support for attaching GCEPersitentDisks Adds GCEPersistentDisk volume struct Adds gce-utils to attach disk to kubelet's VM. Updates config to give compute-rw to every minion. Adds GCEPersistentDisk to API Adds ability to mount attached disks Generalizes PD and adds tests. PD now uses an pluggable API interface. Unit Tests more cleanly separates TearDown and SetUp Modify boilerplate hook to omit build tags Adds Mounter interface; mount is now built by OS TearDown() for PD now detaches disk on final refcount Un-generalized PD; GCE calls moved to cloudprovider Address comments.
2014-08-05 13:58:43 -04:00
},
},
Validate on replicas being non-negative
2014-08-04 15:02:51 -04:00
"negative_replicas": {
Refactor tests to split ObjectMeta from TypeMeta
2014-10-23 16:51:34 -04:00
ObjectMeta: api.ObjectMeta{Name: "abc", Namespace: api.NamespaceDefault},
Update the validation logic to test PodTemplateSpec
2014-11-06 21:08:46 -05:00
Spec: api.ReplicationControllerSpec{
Replicas: -1,
Selector: validSelector,
Validate on replicas being non-negative
2014-08-04 15:02:51 -04:00
},
},
add RFC952 label validation
2014-10-23 16:14:13 -04:00
"invalid_label": {
ObjectMeta: api.ObjectMeta{
Name: "abc-123",
Namespace: api.NamespaceDefault,
Labels: map[string]string{
"NoUppercaseOrSpecialCharsLike=Equals": "bar",
},
},
Update the validation logic to test PodTemplateSpec
2014-11-06 21:08:46 -05:00
Spec: api.ReplicationControllerSpec{
Selector: validSelector,
Rename PodTemplate.Spec to PodTemplate.Template
2015-03-04 10:46:27 -05:00
Template: &validPodTemplate.Template,
add RFC952 label validation
2014-10-23 16:14:13 -04:00
},
},
"invalid_label 2": {
ObjectMeta: api.ObjectMeta{
Name: "abc-123",
Namespace: api.NamespaceDefault,
Labels: map[string]string{
"NoUppercaseOrSpecialCharsLike=Equals": "bar",
},
},
Update the validation logic to test PodTemplateSpec
2014-11-06 21:08:46 -05:00
Spec: api.ReplicationControllerSpec{
Rename PodTemplate.Spec to PodTemplate.Template
2015-03-04 10:46:27 -05:00
Template: &invalidPodTemplate.Template,
},
},
"invalid_annotation": {
ObjectMeta: api.ObjectMeta{
Name: "abc-123",
Namespace: api.NamespaceDefault,
Annotations: map[string]string{
"NoUppercaseOrSpecialCharsLike=Equals": "bar",
},
},
Spec: api.ReplicationControllerSpec{
Selector: validSelector,
Template: &validPodTemplate.Template,
add RFC952 label validation
2014-10-23 16:14:13 -04:00
},
},
Add pod restart policy validation for replication controller.
2014-11-17 23:08:23 -05:00
"invalid restart policy 1": {
ObjectMeta: api.ObjectMeta{
Name: "abc-123",
Namespace: api.NamespaceDefault,
},
Spec: api.ReplicationControllerSpec{
Selector: validSelector,
Template: &api.PodTemplateSpec{
Spec: api.PodSpec{
Convert RestartPolicy to string for v1beta3. Fixed #3607 and spiritually support #5475
2015-03-13 21:38:07 -04:00
RestartPolicy: api.RestartPolicyOnFailure,
DNSPolicy: api.DNSClusterFirst,
Validate that there is at least one container in the pod
2015-03-18 11:00:18 -04:00
Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent"}},
Add pod restart policy validation for replication controller.
2014-11-17 23:08:23 -05:00
},
ObjectMeta: api.ObjectMeta{
Labels: validSelector,
},
},
},
},
"invalid restart policy 2": {
ObjectMeta: api.ObjectMeta{
Name: "abc-123",
Namespace: api.NamespaceDefault,
},
Spec: api.ReplicationControllerSpec{
Selector: validSelector,
Template: &api.PodTemplateSpec{
Spec: api.PodSpec{
Convert RestartPolicy to string for v1beta3. Fixed #3607 and spiritually support #5475
2015-03-13 21:38:07 -04:00
RestartPolicy: api.RestartPolicyNever,
DNSPolicy: api.DNSClusterFirst,
Validate that there is at least one container in the pod
2015-03-18 11:00:18 -04:00
Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent"}},
Add pod restart policy validation for replication controller.
2014-11-17 23:08:23 -05:00
},
ObjectMeta: api.ObjectMeta{
Labels: validSelector,
},
},
},
},
Extend validation for ReplicationController Provide type safe checks for empty sets of selectors.
2014-07-25 12:15:17 -04:00
}
for k, v := range errorCases {
Convert field errors into a selector for the object Satisfies the "Field" condition for a Cause. Also addresses parts of #914.
2014-08-19 23:54:20 -04:00
errs := ValidateReplicationController(&v)
if len(errs) == 0 {
Extend validation for ReplicationController Provide type safe checks for empty sets of selectors.
2014-07-25 12:15:17 -04:00
t.Errorf("expected failure for %s", k)
}
Convert field errors into a selector for the object Satisfies the "Field" condition for a Cause. Also addresses parts of #914.
2014-08-19 23:54:20 -04:00
for i := range errs {
Stronger typing for validation ErrorList
2015-11-03 19:08:20 -05:00
field := errs[i].Field
Update the validation logic to test PodTemplateSpec
2014-11-06 21:08:46 -05:00
if !strings.HasPrefix(field, "spec.template.") &&
Limit field errors to a single field name
2015-08-12 11:26:23 -04:00
field != "metadata.name" &&
Unify validation logic for create and update paths Ensure ObjectMeta is consistently validated on both create and update Make PortalIP uncleareable
2015-01-27 18:55:54 -05:00
field != "metadata.namespace" &&
Update the validation logic to test PodTemplateSpec
2014-11-06 21:08:46 -05:00
field != "spec.selector" &&
field != "spec.template" &&
Adds support for attaching GCEPersitentDisks Adds GCEPersistentDisk volume struct Adds gce-utils to attach disk to kubelet's VM. Updates config to give compute-rw to every minion. Adds GCEPersistentDisk to API Adds ability to mount attached disks Generalizes PD and adds tests. PD now uses an pluggable API interface. Unit Tests more cleanly separates TearDown and SetUp Modify boilerplate hook to omit build tags Adds Mounter interface; mount is now built by OS TearDown() for PD now detaches disk on final refcount Un-generalized PD; GCE calls moved to cloudprovider Address comments.
2014-08-05 13:58:43 -04:00
field != "GCEPersistentDisk.ReadOnly" &&
Update the validation logic to test PodTemplateSpec
2014-11-06 21:08:46 -05:00
field != "spec.replicas" &&
clean up error message on labels validation errs
2014-11-20 00:55:45 -05:00
field != "spec.template.labels" &&
Unify validation logic for create and update paths Ensure ObjectMeta is consistently validated on both create and update Make PortalIP uncleareable
2015-01-27 18:55:54 -05:00
field != "metadata.annotations" &&
Add replication controller status subresource
2015-09-28 15:39:57 -04:00
field != "metadata.labels" &&
field != "status.replicas" {
Convert field errors into a selector for the object Satisfies the "Field" condition for a Cause. Also addresses parts of #914.
2014-08-19 23:54:20 -04:00
t.Errorf("%s: missing prefix for: %v", k, errs[i])
}
}
Extend validation for ReplicationController Provide type safe checks for empty sets of selectors.
2014-07-25 12:15:17 -04:00
}
}
Read BoundPods from etcd instead of ContainerManifestList There are three values that uniquely identify a pod on a host - the configuration source (etcd, file, http), the pod name, and the pod namespace. This change ensures that configuration properly makes those names unique by changing podFullName to contain both name (currently ID in v1beta1, Name in v1beta3) and namespace. The Kubelet does not properly handle information requests for pods not in the default namespace at this time.
2014-10-08 15:56:02 -04:00
Validate Node IPs; clean up validation code
2015-04-22 13:55:05 -04:00
func TestValidateNode(t *testing.T) {
Centralize minion validation
2014-11-12 12:38:15 -05:00
validSelector := map[string]string{"a": "b"}
invalidSelector := map[string]string{"NoUppercaseOrSpecialCharsLike=Equals": "b"}
Internal rename api.Minion -> api.Node
2014-12-07 22:44:27 -05:00
successCases := []api.Node{
Centralize minion validation
2014-11-12 12:38:15 -05:00
{
Move the internal minion representation to match v1beta3 Moves to 'Spec' and 'Status' internally and removes duplicate fields. Moves Capacity into Spec and drops use of NodeResources
2014-11-19 17:39:10 -05:00
ObjectMeta: api.ObjectMeta{
Name: "abc",
Labels: validSelector,
},
Status: api.NodeStatus{
Node addresses
2015-02-13 14:07:23 -05:00
Addresses: []api.NodeAddress{
{Type: api.NodeLegacyHostIP, Address: "something"},
},
Add validation for node creation.
2015-03-24 13:24:07 -04:00
Capacity: api.ResourceList{
api.ResourceName(api.ResourceCPU): resource.MustParse("10"),
api.ResourceName(api.ResourceMemory): resource.MustParse("10G"),
api.ResourceName("my.org/gpu"): resource.MustParse("10"),
},
},
Move Capacity from NodeSpec to NodeStatus
2015-03-25 09:44:40 -04:00
Spec: api.NodeSpec{
ExternalID: "external",
},
Centralize minion validation
2014-11-12 12:38:15 -05:00
},
{
Add name generation and normalize common create flows Adds `ObjectMeta.GenerateName`, an optional string field that defines name generation behavior if a Name is not provided. Adds `pkg/api/rest`, which defines the default Kubernetes API pattern for creation (and will cover update as well). Will allow registries and REST objects to be merged by moving logic on api out of those places. Add `pkg/api/rest/resttest`, which will be the test suite that verifies a RESTStorage object follows the Kubernetes API conventions and begin reducing our duplicated tests.
2015-01-27 18:56:38 -05:00
ObjectMeta: api.ObjectMeta{
Name: "abc",
},
Move the internal minion representation to match v1beta3 Moves to 'Spec' and 'Status' internally and removes duplicate fields. Moves Capacity into Spec and drops use of NodeResources
2014-11-19 17:39:10 -05:00
Status: api.NodeStatus{
Node addresses
2015-02-13 14:07:23 -05:00
Addresses: []api.NodeAddress{
{Type: api.NodeLegacyHostIP, Address: "something"},
},
Add validation for node creation.
2015-03-24 13:24:07 -04:00
Capacity: api.ResourceList{
api.ResourceName(api.ResourceCPU): resource.MustParse("10"),
api.ResourceName(api.ResourceMemory): resource.MustParse("0"),
},
},
Move Capacity from NodeSpec to NodeStatus
2015-03-25 09:44:40 -04:00
Spec: api.NodeSpec{
ExternalID: "external",
},
Centralize minion validation
2014-11-12 12:38:15 -05:00
},
implement taints and tolerations
2016-03-30 23:42:57 -04:00
{
ObjectMeta: api.ObjectMeta{
Name: "dedicated-node1",
// Add a valid taint to a node
Annotations: map[string]string{
api.TaintsAnnotationKey: `
[{
"key": "GPU",
"value": "true",
"effect": "NoSchedule"
}]`,
},
},
Status: api.NodeStatus{
Addresses: []api.NodeAddress{
{Type: api.NodeLegacyHostIP, Address: "something"},
},
Capacity: api.ResourceList{
api.ResourceName(api.ResourceCPU): resource.MustParse("10"),
api.ResourceName(api.ResourceMemory): resource.MustParse("0"),
},
},
Spec: api.NodeSpec{
ExternalID: "external",
},
},
Use PreferAvoidPods annotation to avoid pods being scheduled to specific node. 1. define PreferAvoidPods annotation 2. add PreferAvoidPodsPriority 3. validate AvoidPods in node annotations
2016-02-25 04:30:31 -05:00
{
ObjectMeta: api.ObjectMeta{
Name: "abc",
Annotations: map[string]string{
api.PreferAvoidPodsAnnotationKey: `
{
"preferAvoidPods": [
{
"podSignature": {
"podController": {
"apiVersion": "v1",
"kind": "ReplicationController",
"name": "foo",
"uid": "abcdef123456",
"controller": true
}
},
"reason": "some reason",
"message": "some message"
}
]
}`,
},
},
Status: api.NodeStatus{
Addresses: []api.NodeAddress{
{Type: api.NodeLegacyHostIP, Address: "something"},
},
Capacity: api.ResourceList{
api.ResourceName(api.ResourceCPU): resource.MustParse("10"),
api.ResourceName(api.ResourceMemory): resource.MustParse("0"),
},
},
Spec: api.NodeSpec{
ExternalID: "external",
},
},
Centralize minion validation
2014-11-12 12:38:15 -05:00
}
for _, successCase := range successCases {
Validate Node IPs; clean up validation code
2015-04-22 13:55:05 -04:00
if errs := ValidateNode(&successCase); len(errs) != 0 {
Centralize minion validation
2014-11-12 12:38:15 -05:00
t.Errorf("expected success: %v", errs)
}
}
Internal rename api.Minion -> api.Node
2014-12-07 22:44:27 -05:00
errorCases := map[string]api.Node{
Centralize minion validation
2014-11-12 12:38:15 -05:00
"zero-length Name": {
Move the internal minion representation to match v1beta3 Moves to 'Spec' and 'Status' internally and removes duplicate fields. Moves Capacity into Spec and drops use of NodeResources
2014-11-19 17:39:10 -05:00
ObjectMeta: api.ObjectMeta{
Name: "",
Labels: validSelector,
},
Status: api.NodeStatus{
Node addresses
2015-02-13 14:07:23 -05:00
Addresses: []api.NodeAddress{},
Add validation for node creation.
2015-03-24 13:24:07 -04:00
Capacity: api.ResourceList{
api.ResourceName(api.ResourceCPU): resource.MustParse("10"),
api.ResourceName(api.ResourceMemory): resource.MustParse("10G"),
},
},
Move Capacity from NodeSpec to NodeStatus
2015-03-25 09:44:40 -04:00
Spec: api.NodeSpec{
ExternalID: "external",
},
Centralize minion validation
2014-11-12 12:38:15 -05:00
},
"invalid-labels": {
Move the internal minion representation to match v1beta3 Moves to 'Spec' and 'Status' internally and removes duplicate fields. Moves Capacity into Spec and drops use of NodeResources
2014-11-19 17:39:10 -05:00
ObjectMeta: api.ObjectMeta{
Name: "abc-123",
Labels: invalidSelector,
},
Move Capacity from NodeSpec to NodeStatus
2015-03-25 09:44:40 -04:00
Status: api.NodeStatus{
Add validation for node creation.
2015-03-24 13:24:07 -04:00
Capacity: api.ResourceList{
api.ResourceName(api.ResourceCPU): resource.MustParse("10"),
api.ResourceName(api.ResourceMemory): resource.MustParse("10G"),
},
},
Move Capacity from NodeSpec to NodeStatus
2015-03-25 09:44:40 -04:00
Spec: api.NodeSpec{
ExternalID: "external",
},
Add validation for node creation.
2015-03-24 13:24:07 -04:00
},
"missing-external-id": {
ObjectMeta: api.ObjectMeta{
Name: "abc-123",
Labels: validSelector,
},
Move Capacity from NodeSpec to NodeStatus
2015-03-25 09:44:40 -04:00
Status: api.NodeStatus{
Add validation for node creation.
2015-03-24 13:24:07 -04:00
Capacity: api.ResourceList{
api.ResourceName(api.ResourceCPU): resource.MustParse("10"),
api.ResourceName(api.ResourceMemory): resource.MustParse("10G"),
},
},
},
implement taints and tolerations
2016-03-30 23:42:57 -04:00
"missing-taint-key": {
ObjectMeta: api.ObjectMeta{
Name: "dedicated-node1",
// Add a taint with an empty key to a node
Annotations: map[string]string{
api.TaintsAnnotationKey: `
[{
"key": "",
"value": "special-user-1",
"effect": "NoSchedule"
}]`,
},
},
Spec: api.NodeSpec{
ExternalID: "external",
},
},
"bad-taint-key": {
ObjectMeta: api.ObjectMeta{
Name: "dedicated-node1",
// Add a taint with an empty key to a node
Annotations: map[string]string{
api.TaintsAnnotationKey: `
[{
"key": "NoUppercaseOrSpecialCharsLike=Equals",
"value": "special-user-1",
"effect": "NoSchedule"
}]`,
},
},
Spec: api.NodeSpec{
ExternalID: "external",
},
},
"bad-taint-value": {
ObjectMeta: api.ObjectMeta{
Name: "dedicated-node2",
Annotations: map[string]string{
api.TaintsAnnotationKey: `
[{
"key": "dedicated",
"value": "some\\bad\\value",
"effect": "NoSchedule"
}]`,
},
},
Status: api.NodeStatus{
Addresses: []api.NodeAddress{
{Type: api.NodeLegacyHostIP, Address: "something"},
},
Capacity: api.ResourceList{
api.ResourceName(api.ResourceCPU): resource.MustParse("10"),
api.ResourceName(api.ResourceMemory): resource.MustParse("0"),
},
},
// Add a taint with an empty value to a node
Spec: api.NodeSpec{
ExternalID: "external",
},
},
"missing-taint-effect": {
ObjectMeta: api.ObjectMeta{
Name: "dedicated-node3",
// Add a taint with an empty effect to a node
Annotations: map[string]string{
api.TaintsAnnotationKey: `
[{
"key": "dedicated",
"value": "special-user-3",
"effect": ""
}]`,
},
},
Status: api.NodeStatus{
Addresses: []api.NodeAddress{
{Type: api.NodeLegacyHostIP, Address: "something"},
},
Capacity: api.ResourceList{
api.ResourceName(api.ResourceCPU): resource.MustParse("10"),
api.ResourceName(api.ResourceMemory): resource.MustParse("0"),
},
},
Spec: api.NodeSpec{
ExternalID: "external",
},
},
"invalide-taint-effect": {
ObjectMeta: api.ObjectMeta{
Name: "dedicated-node3",
// Add a taint with an empty effect to a node
Annotations: map[string]string{
api.TaintsAnnotationKey: `
[{
"key": "dedicated",
"value": "special-user-3",
"effect": "NoExecute"
}]`,
},
},
Status: api.NodeStatus{
Addresses: []api.NodeAddress{
{Type: api.NodeLegacyHostIP, Address: "something"},
},
Capacity: api.ResourceList{
api.ResourceName(api.ResourceCPU): resource.MustParse("10"),
api.ResourceName(api.ResourceMemory): resource.MustParse("0"),
},
},
Spec: api.NodeSpec{
ExternalID: "external",
},
},
make taints unique by <key, effect> on a node
2016-08-12 04:46:40 -04:00
"duplicated-taints-with-same-key-effect": {
ObjectMeta: api.ObjectMeta{
Name: "dedicated-node1",
// Add two taints to the node with the same key and effect; should be rejected.
Annotations: map[string]string{
api.TaintsAnnotationKey: `
[{
"key": "dedicated",
"value": "special-user-1",
"effect": "NoSchedule"
}, {
"key": "dedicated",
"value": "special-user-2",
"effect": "NoSchedule"
}]`,
},
},
Spec: api.NodeSpec{
ExternalID: "external",
},
},
Use PreferAvoidPods annotation to avoid pods being scheduled to specific node. 1. define PreferAvoidPods annotation 2. add PreferAvoidPodsPriority 3. validate AvoidPods in node annotations
2016-02-25 04:30:31 -05:00
"missing-podSignature": {
ObjectMeta: api.ObjectMeta{
Name: "abc-123",
Annotations: map[string]string{
api.PreferAvoidPodsAnnotationKey: `
{
"preferAvoidPods": [
{
"reason": "some reason",
"message": "some message"
}
]
}`,
},
},
Status: api.NodeStatus{
Addresses: []api.NodeAddress{},
Capacity: api.ResourceList{
api.ResourceName(api.ResourceCPU): resource.MustParse("10"),
api.ResourceName(api.ResourceMemory): resource.MustParse("0"),
},
},
Spec: api.NodeSpec{
ExternalID: "external",
},
},
"invalid-podController": {
ObjectMeta: api.ObjectMeta{
Name: "abc-123",
Annotations: map[string]string{
api.PreferAvoidPodsAnnotationKey: `
{
"preferAvoidPods": [
{
"podSignature": {
"podController": {
"apiVersion": "v1",
"kind": "ReplicationController",
"name": "foo",
"uid": "abcdef123456",
"controller": false
}
},
"reason": "some reason",
"message": "some message"
}
]
}`,
},
},
Status: api.NodeStatus{
Addresses: []api.NodeAddress{},
Capacity: api.ResourceList{
api.ResourceName(api.ResourceCPU): resource.MustParse("10"),
api.ResourceName(api.ResourceMemory): resource.MustParse("0"),
},
},
Spec: api.NodeSpec{
ExternalID: "external",
},
},
Centralize minion validation
2014-11-12 12:38:15 -05:00
}
for k, v := range errorCases {
Validate Node IPs; clean up validation code
2015-04-22 13:55:05 -04:00
errs := ValidateNode(&v)
Centralize minion validation
2014-11-12 12:38:15 -05:00
if len(errs) == 0 {
t.Errorf("expected failure for %s", k)
}
for i := range errs {
Stronger typing for validation ErrorList
2015-11-03 19:08:20 -05:00
field := errs[i].Field
Add validation for node creation.
2015-03-24 13:24:07 -04:00
expectedFields := map[string]bool{
Use PreferAvoidPods annotation to avoid pods being scheduled to specific node. 1. define PreferAvoidPods annotation 2. add PreferAvoidPodsPriority 3. validate AvoidPods in node annotations
2016-02-25 04:30:31 -05:00
"metadata.name": true,
"metadata.labels": true,
"metadata.annotations": true,
"metadata.namespace": true,
"spec.externalID": true,
"metadata.annotations.scheduler.alpha.kubernetes.io/taints[0].key": true,
"metadata.annotations.scheduler.alpha.kubernetes.io/taints[0].value": true,
"metadata.annotations.scheduler.alpha.kubernetes.io/taints[0].effect": true,
"metadata.annotations.scheduler.alpha.kubernetes.io/preferAvoidPods[0].PodSignature": true,
"metadata.annotations.scheduler.alpha.kubernetes.io/preferAvoidPods[0].PodSignature.PodController.Controller": true,
Add validation for node creation.
2015-03-24 13:24:07 -04:00
}
implement taints and tolerations
2016-03-30 23:42:57 -04:00
if val, ok := expectedFields[field]; ok {
if !val {
t.Errorf("%s: missing prefix for: %v", k, errs[i])
}
Centralize minion validation
2014-11-12 12:38:15 -05:00
}
}
}
}
Add more validation for updating node.
2014-11-17 13:22:27 -05:00
Validate Node IPs; clean up validation code
2015-04-22 13:55:05 -04:00
func TestValidateNodeUpdate(t *testing.T) {
Add more validation for updating node.
2014-11-17 13:22:27 -05:00
tests := []struct {
Validate Node IPs; clean up validation code
2015-04-22 13:55:05 -04:00
oldNode api.Node
node api.Node
valid bool
Add more validation for updating node.
2014-11-17 13:22:27 -05:00
}{
Internal rename api.Minion -> api.Node
2014-12-07 22:44:27 -05:00
{api.Node{}, api.Node{}, true},
{api.Node{
Add more validation for updating node.
2014-11-17 13:22:27 -05:00
ObjectMeta: api.ObjectMeta{
Name: "foo"}},
Internal rename api.Minion -> api.Node
2014-12-07 22:44:27 -05:00
api.Node{
Add more validation for updating node.
2014-11-17 13:22:27 -05:00
ObjectMeta: api.ObjectMeta{
Name: "bar"},
}, false},
Internal rename api.Minion -> api.Node
2014-12-07 22:44:27 -05:00
{api.Node{
Add more validation for updating node.
2014-11-17 13:22:27 -05:00
ObjectMeta: api.ObjectMeta{
Name: "foo",
Labels: map[string]string{"foo": "bar"},
},
Internal rename api.Minion -> api.Node
2014-12-07 22:44:27 -05:00
}, api.Node{
Add more validation for updating node.
2014-11-17 13:22:27 -05:00
ObjectMeta: api.ObjectMeta{
Name: "foo",
Labels: map[string]string{"foo": "baz"},
},
}, true},
Internal rename api.Minion -> api.Node
2014-12-07 22:44:27 -05:00
{api.Node{
Add more validation for updating node.
2014-11-17 13:22:27 -05:00
ObjectMeta: api.ObjectMeta{
Name: "foo",
},
Internal rename api.Minion -> api.Node
2014-12-07 22:44:27 -05:00
}, api.Node{
Add more validation for updating node.
2014-11-17 13:22:27 -05:00
ObjectMeta: api.ObjectMeta{
Name: "foo",
Labels: map[string]string{"foo": "baz"},
},
}, true},
Internal rename api.Minion -> api.Node
2014-12-07 22:44:27 -05:00
{api.Node{
Add more validation for updating node.
2014-11-17 13:22:27 -05:00
ObjectMeta: api.ObjectMeta{
Name: "foo",
Labels: map[string]string{"bar": "foo"},
},
Internal rename api.Minion -> api.Node
2014-12-07 22:44:27 -05:00
}, api.Node{
Add more validation for updating node.
2014-11-17 13:22:27 -05:00
ObjectMeta: api.ObjectMeta{
Name: "foo",
Labels: map[string]string{"foo": "baz"},
},
}, true},
pod cidr validation
2016-01-30 22:49:31 -05:00
{api.Node{
ObjectMeta: api.ObjectMeta{
Name: "foo",
},
Spec: api.NodeSpec{
PodCIDR: "",
},
}, api.Node{
ObjectMeta: api.ObjectMeta{
Name: "foo",
},
Spec: api.NodeSpec{
PodCIDR: "192.168.0.0/16",
},
}, true},
{api.Node{
ObjectMeta: api.ObjectMeta{
Name: "foo",
},
Spec: api.NodeSpec{
PodCIDR: "192.123.0.0/16",
},
}, api.Node{
ObjectMeta: api.ObjectMeta{
Name: "foo",
},
Spec: api.NodeSpec{
PodCIDR: "192.168.0.0/16",
},
}, false},
Make it easier to update nodes, make it possible to update capacity.
2014-12-12 00:39:56 -05:00
{api.Node{
ObjectMeta: api.ObjectMeta{
Name: "foo",
},
Move Capacity from NodeSpec to NodeStatus
2015-03-25 09:44:40 -04:00
Status: api.NodeStatus{
Make it easier to update nodes, make it possible to update capacity.
2014-12-12 00:39:56 -05:00
Capacity: api.ResourceList{
ParseOrDie -> MustParse; stop returning pointer
2015-01-06 20:20:01 -05:00
api.ResourceCPU: resource.MustParse("10000"),
api.ResourceMemory: resource.MustParse("100"),
Make it easier to update nodes, make it possible to update capacity.
2014-12-12 00:39:56 -05:00
},
},
}, api.Node{
ObjectMeta: api.ObjectMeta{
Name: "foo",
},
Move Capacity from NodeSpec to NodeStatus
2015-03-25 09:44:40 -04:00
Status: api.NodeStatus{
Make it easier to update nodes, make it possible to update capacity.
2014-12-12 00:39:56 -05:00
Capacity: api.ResourceList{
ParseOrDie -> MustParse; stop returning pointer
2015-01-06 20:20:01 -05:00
api.ResourceCPU: resource.MustParse("100"),
api.ResourceMemory: resource.MustParse("10000"),
Make it easier to update nodes, make it possible to update capacity.
2014-12-12 00:39:56 -05:00
},
},
}, true},
{api.Node{
ObjectMeta: api.ObjectMeta{
Name: "foo",
Labels: map[string]string{"bar": "foo"},
},
Move Capacity from NodeSpec to NodeStatus
2015-03-25 09:44:40 -04:00
Status: api.NodeStatus{
Make it easier to update nodes, make it possible to update capacity.
2014-12-12 00:39:56 -05:00
Capacity: api.ResourceList{
ParseOrDie -> MustParse; stop returning pointer
2015-01-06 20:20:01 -05:00
api.ResourceCPU: resource.MustParse("10000"),
api.ResourceMemory: resource.MustParse("100"),
Make it easier to update nodes, make it possible to update capacity.
2014-12-12 00:39:56 -05:00
},
},
}, api.Node{
ObjectMeta: api.ObjectMeta{
Name: "foo",
Labels: map[string]string{"bar": "fooobaz"},
},
Move Capacity from NodeSpec to NodeStatus
2015-03-25 09:44:40 -04:00
Status: api.NodeStatus{
Make it easier to update nodes, make it possible to update capacity.
2014-12-12 00:39:56 -05:00
Capacity: api.ResourceList{
ParseOrDie -> MustParse; stop returning pointer
2015-01-06 20:20:01 -05:00
api.ResourceCPU: resource.MustParse("100"),
api.ResourceMemory: resource.MustParse("10000"),
Make it easier to update nodes, make it possible to update capacity.
2014-12-12 00:39:56 -05:00
},
},
}, true},
Clear node status before the validation check.
2014-12-22 14:04:57 -05:00
{api.Node{
ObjectMeta: api.ObjectMeta{
Name: "foo",
Labels: map[string]string{"bar": "foo"},
},
Status: api.NodeStatus{
Node addresses
2015-02-13 14:07:23 -05:00
Addresses: []api.NodeAddress{
{Type: api.NodeLegacyHostIP, Address: "1.2.3.4"},
},
Clear node status before the validation check.
2014-12-22 14:04:57 -05:00
},
}, api.Node{
ObjectMeta: api.ObjectMeta{
Name: "foo",
Labels: map[string]string{"bar": "fooobaz"},
},
}, true},
Add a few extra test cases for API validation of labels that would have caught a bug that was in past versions. Also, copy the label key format requirements from the API types.go comments into the labels doc.
2015-02-04 17:21:34 -05:00
{api.Node{
ObjectMeta: api.ObjectMeta{
Name: "foo",
Labels: map[string]string{"foo": "baz"},
},
}, api.Node{
ObjectMeta: api.ObjectMeta{
Name: "foo",
Labels: map[string]string{"Foo": "baz"},
},
Loosen label and annotation validation and related tests
2015-02-27 10:08:02 -05:00
}, true},
Allow admin user to explicitly unschedule the node Setting Unschedulable on the node will not touch any existing pods on the node but will block scheduling of new pods on the node.
2015-02-17 15:03:14 -05:00
{api.Node{
ObjectMeta: api.ObjectMeta{
Name: "foo",
},
Spec: api.NodeSpec{
Unschedulable: false,
},
}, api.Node{
ObjectMeta: api.ObjectMeta{
Name: "foo",
},
Spec: api.NodeSpec{
Unschedulable: true,
},
}, true},
Validate Node IPs; clean up validation code
2015-04-22 13:55:05 -04:00
{api.Node{
ObjectMeta: api.ObjectMeta{
Name: "foo",
},
Spec: api.NodeSpec{
Unschedulable: false,
},
}, api.Node{
ObjectMeta: api.ObjectMeta{
Name: "foo",
},
Status: api.NodeStatus{
Addresses: []api.NodeAddress{
{Type: api.NodeExternalIP, Address: "1.1.1.1"},
{Type: api.NodeExternalIP, Address: "1.1.1.1"},
},
},
}, false},
{api.Node{
ObjectMeta: api.ObjectMeta{
Name: "foo",
},
Spec: api.NodeSpec{
Unschedulable: false,
},
}, api.Node{
ObjectMeta: api.ObjectMeta{
Name: "foo",
},
Status: api.NodeStatus{
Addresses: []api.NodeAddress{
{Type: api.NodeExternalIP, Address: "1.1.1.1"},
{Type: api.NodeInternalIP, Address: "10.1.1.1"},
},
},
}, true},
Use PreferAvoidPods annotation to avoid pods being scheduled to specific node. 1. define PreferAvoidPods annotation 2. add PreferAvoidPodsPriority 3. validate AvoidPods in node annotations
2016-02-25 04:30:31 -05:00
{api.Node{
ObjectMeta: api.ObjectMeta{
Name: "foo",
},
}, api.Node{
ObjectMeta: api.ObjectMeta{
Name: "foo",
Annotations: map[string]string{
api.PreferAvoidPodsAnnotationKey: `
{
"preferAvoidPods": [
{
"podSignature": {
"podController": {
"apiVersion": "v1",
"kind": "ReplicationController",
"name": "foo",
"uid": "abcdef123456",
"controller": true
}
},
"reason": "some reason",
"message": "some message"
}
]
}`,
},
},
Spec: api.NodeSpec{
Unschedulable: false,
},
}, true},
{api.Node{
ObjectMeta: api.ObjectMeta{
Name: "foo",
},
}, api.Node{
ObjectMeta: api.ObjectMeta{
Name: "foo",
Annotations: map[string]string{
api.PreferAvoidPodsAnnotationKey: `
{
"preferAvoidPods": [
{
"reason": "some reason",
"message": "some message"
}
]
}`,
},
},
}, false},
{api.Node{
ObjectMeta: api.ObjectMeta{
Name: "foo",
},
}, api.Node{
ObjectMeta: api.ObjectMeta{
Name: "foo",
Annotations: map[string]string{
api.PreferAvoidPodsAnnotationKey: `
{
"preferAvoidPods": [
{
"podSignature": {
"podController": {
"apiVersion": "v1",
"kind": "ReplicationController",
"name": "foo",
"uid": "abcdef123456",
"controller": false
}
},
"reason": "some reason",
"message": "some message"
}
]
}`,
},
},
}, false},
Add more validation for updating node.
2014-11-17 13:22:27 -05:00
}
Unify validation logic for create and update paths Ensure ObjectMeta is consistently validated on both create and update Make PortalIP uncleareable
2015-01-27 18:55:54 -05:00
for i, test := range tests {
Validate Node IPs; clean up validation code
2015-04-22 13:55:05 -04:00
test.oldNode.ObjectMeta.ResourceVersion = "1"
test.node.ObjectMeta.ResourceVersion = "1"
Make order of fun consistent
2015-11-04 02:47:11 -05:00
errs := ValidateNodeUpdate(&test.node, &test.oldNode)
Add more validation for updating node.
2014-11-17 13:22:27 -05:00
if test.valid && len(errs) > 0 {
Unify validation logic for create and update paths Ensure ObjectMeta is consistently validated on both create and update Make PortalIP uncleareable
2015-01-27 18:55:54 -05:00
t.Errorf("%d: Unexpected error: %v", i, errs)
Validate Node IPs; clean up validation code
2015-04-22 13:55:05 -04:00
t.Logf("%#v vs %#v", test.oldNode.ObjectMeta, test.node.ObjectMeta)
Add more validation for updating node.
2014-11-17 13:22:27 -05:00
}
if !test.valid && len(errs) == 0 {
Unify validation logic for create and update paths Ensure ObjectMeta is consistently validated on both create and update Make PortalIP uncleareable
2015-01-27 18:55:54 -05:00
t.Errorf("%d: Unexpected non-error", i)
}
}
}
func TestValidateServiceUpdate(t *testing.T) {
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
testCases := []struct {
name string
tweakSvc func(oldSvc, newSvc *api.Service) // given basic valid services, each test case can customize them
numErrs int
Unify validation logic for create and update paths Ensure ObjectMeta is consistently validated on both create and update Make PortalIP uncleareable
2015-01-27 18:55:54 -05:00
}{
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
{
name: "no change",
tweakSvc: func(oldSvc, newSvc *api.Service) {
// do nothing
Unify validation logic for create and update paths Ensure ObjectMeta is consistently validated on both create and update Make PortalIP uncleareable
2015-01-27 18:55:54 -05:00
},
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
numErrs: 0,
},
{
name: "change name",
tweakSvc: func(oldSvc, newSvc *api.Service) {
newSvc.Name += "2"
Unify validation logic for create and update paths Ensure ObjectMeta is consistently validated on both create and update Make PortalIP uncleareable
2015-01-27 18:55:54 -05:00
},
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
numErrs: 1,
},
{
name: "change namespace",
tweakSvc: func(oldSvc, newSvc *api.Service) {
newSvc.Namespace += "2"
Unify validation logic for create and update paths Ensure ObjectMeta is consistently validated on both create and update Make PortalIP uncleareable
2015-01-27 18:55:54 -05:00
},
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
numErrs: 1,
},
{
name: "change label valid",
tweakSvc: func(oldSvc, newSvc *api.Service) {
newSvc.Labels["key"] = "other-value"
Unify validation logic for create and update paths Ensure ObjectMeta is consistently validated on both create and update Make PortalIP uncleareable
2015-01-27 18:55:54 -05:00
},
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
numErrs: 0,
},
{
name: "add label",
tweakSvc: func(oldSvc, newSvc *api.Service) {
newSvc.Labels["key2"] = "value2"
Unify validation logic for create and update paths Ensure ObjectMeta is consistently validated on both create and update Make PortalIP uncleareable
2015-01-27 18:55:54 -05:00
},
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
numErrs: 0,
},
{
Rename 'portal IP' to 'cluster IP' most everywhere This covers obvious transforms, but not --portal_net, $PORTAL_NET and similar.
2015-05-23 16:41:11 -04:00
name: "change cluster IP",
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
tweakSvc: func(oldSvc, newSvc *api.Service) {
Rename 'portal IP' to 'cluster IP' most everywhere This covers obvious transforms, but not --portal_net, $PORTAL_NET and similar.
2015-05-23 16:41:11 -04:00
oldSvc.Spec.ClusterIP = "1.2.3.4"
newSvc.Spec.ClusterIP = "8.6.7.5"
Unify validation logic for create and update paths Ensure ObjectMeta is consistently validated on both create and update Make PortalIP uncleareable
2015-01-27 18:55:54 -05:00
},
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
numErrs: 1,
},
{
Rename 'portal IP' to 'cluster IP' most everywhere This covers obvious transforms, but not --portal_net, $PORTAL_NET and similar.
2015-05-23 16:41:11 -04:00
name: "remove cluster IP",
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
tweakSvc: func(oldSvc, newSvc *api.Service) {
Rename 'portal IP' to 'cluster IP' most everywhere This covers obvious transforms, but not --portal_net, $PORTAL_NET and similar.
2015-05-23 16:41:11 -04:00
oldSvc.Spec.ClusterIP = "1.2.3.4"
newSvc.Spec.ClusterIP = ""
Unify validation logic for create and update paths Ensure ObjectMeta is consistently validated on both create and update Make PortalIP uncleareable
2015-01-27 18:55:54 -05:00
},
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
numErrs: 1,
},
{
name: "change affinity",
tweakSvc: func(oldSvc, newSvc *api.Service) {
newSvc.Spec.SessionAffinity = "ClientIP"
Unify validation logic for create and update paths Ensure ObjectMeta is consistently validated on both create and update Make PortalIP uncleareable
2015-01-27 18:55:54 -05:00
},
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
numErrs: 0,
},
{
name: "remove affinity",
tweakSvc: func(oldSvc, newSvc *api.Service) {
newSvc.Spec.SessionAffinity = ""
Add a few extra test cases for API validation of labels that would have caught a bug that was in past versions. Also, copy the label key format requirements from the API types.go comments into the labels doc.
2015-02-04 17:21:34 -05:00
},
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
numErrs: 1,
},
Add Type to ServiceSpec: ClusterIP or LoadBalancer
2015-05-22 17:49:26 -04:00
{
name: "change type",
tweakSvc: func(oldSvc, newSvc *api.Service) {
newSvc.Spec.Type = api.ServiceTypeLoadBalancer
},
numErrs: 0,
},
{
name: "remove type",
tweakSvc: func(oldSvc, newSvc *api.Service) {
newSvc.Spec.Type = ""
},
numErrs: 1,
},
Add ServiceType = NodePort; wire everything up
2015-05-20 11:59:34 -04:00
{
name: "change type -> nodeport",
tweakSvc: func(oldSvc, newSvc *api.Service) {
newSvc.Spec.Type = api.ServiceTypeNodePort
},
numErrs: 0,
},
disallow user to update loadbalancerSourceRanges
2016-09-22 20:41:25 -04:00
{
name: "add loadBalancerSourceRanges",
tweakSvc: func(oldSvc, newSvc *api.Service) {
oldSvc.Spec.Type = api.ServiceTypeLoadBalancer
newSvc.Spec.Type = api.ServiceTypeLoadBalancer
newSvc.Spec.LoadBalancerSourceRanges = []string{"10.0.0.0/8"}
},
numErrs: 1,
},
{
name: "update loadBalancerSourceRanges",
tweakSvc: func(oldSvc, newSvc *api.Service) {
oldSvc.Spec.Type = api.ServiceTypeLoadBalancer
oldSvc.Spec.LoadBalancerSourceRanges = []string{"10.0.0.0/8"}
newSvc.Spec.Type = api.ServiceTypeLoadBalancer
newSvc.Spec.LoadBalancerSourceRanges = []string{"10.180.0.0/16"}
},
numErrs: 1,
},
Validate None Service ClusterIP against LB type If the Service is a Load Balancer, it should not have None Cluster IP. If it does, Service validation fails.
2016-09-22 10:07:47 -04:00
{
name: "LoadBalancer type cannot have None ClusterIP",
tweakSvc: func(oldSvc, newSvc *api.Service) {
newSvc.Spec.ClusterIP = "None"
newSvc.Spec.Type = api.ServiceTypeLoadBalancer
},
numErrs: 1,
},
Validation
2016-10-18 21:43:13 -04:00
{
name: "Service disallows removing one onlyLocal alpha annotation",
tweakSvc: func(oldSvc, newSvc *api.Service) {
oldSvc.Annotations[service.AlphaAnnotationExternalTraffic] = service.AnnotationValueExternalTrafficLocal
oldSvc.Annotations[service.AlphaAnnotationHealthCheckNodePort] = "3001"
},
numErrs: 2,
},
{
name: "Service disallows modifying onlyLocal alpha annotations",
tweakSvc: func(oldSvc, newSvc *api.Service) {
oldSvc.Annotations[service.AlphaAnnotationExternalTraffic] = service.AnnotationValueExternalTrafficLocal
oldSvc.Annotations[service.AlphaAnnotationHealthCheckNodePort] = "3001"
newSvc.Annotations[service.AlphaAnnotationExternalTraffic] = service.AnnotationValueExternalTrafficGlobal
newSvc.Annotations[service.AlphaAnnotationHealthCheckNodePort] = oldSvc.Annotations[service.AlphaAnnotationHealthCheckNodePort]
},
numErrs: 1,
},
{
name: "Service disallows promoting one of the onlyLocal pair to beta",
tweakSvc: func(oldSvc, newSvc *api.Service) {
oldSvc.Annotations[service.AlphaAnnotationExternalTraffic] = service.AnnotationValueExternalTrafficLocal
oldSvc.Annotations[service.AlphaAnnotationHealthCheckNodePort] = "3001"
newSvc.Annotations[service.BetaAnnotationExternalTraffic] = service.AnnotationValueExternalTrafficGlobal
newSvc.Annotations[service.AlphaAnnotationHealthCheckNodePort] = oldSvc.Annotations[service.AlphaAnnotationHealthCheckNodePort]
},
numErrs: 1,
},
{
name: "Service allows changing both onlyLocal annotations from alpha to beta",
tweakSvc: func(oldSvc, newSvc *api.Service) {
oldSvc.Annotations[service.AlphaAnnotationExternalTraffic] = service.AnnotationValueExternalTrafficLocal
oldSvc.Annotations[service.AlphaAnnotationHealthCheckNodePort] = "3001"
newSvc.Annotations[service.BetaAnnotationExternalTraffic] = service.AnnotationValueExternalTrafficLocal
newSvc.Annotations[service.BetaAnnotationHealthCheckNodePort] = oldSvc.Annotations[service.AlphaAnnotationHealthCheckNodePort]
},
numErrs: 0,
},
Test cases for service ClusterIP updates Test cases from ClusterIP using types to other ClusterIP using types (ClusterIP, NodePort, LoadBalancer) added.
2016-10-13 04:17:44 -04:00
{
name: "`None` ClusterIP cannot be changed",
tweakSvc: func(oldSvc, newSvc *api.Service) {
oldSvc.Spec.ClusterIP = "None"
newSvc.Spec.ClusterIP = "1.2.3.4"
},
numErrs: 1,
},
{
name: "`None` ClusterIP cannot be removed",
tweakSvc: func(oldSvc, newSvc *api.Service) {
oldSvc.Spec.ClusterIP = "None"
newSvc.Spec.ClusterIP = ""
},
numErrs: 1,
},
{
name: "Service with ClusterIP type cannot change its set ClusterIP",
tweakSvc: func(oldSvc, newSvc *api.Service) {
oldSvc.Spec.Type = api.ServiceTypeClusterIP
newSvc.Spec.Type = api.ServiceTypeClusterIP
oldSvc.Spec.ClusterIP = "1.2.3.4"
newSvc.Spec.ClusterIP = "1.2.3.5"
},
numErrs: 1,
},
{
name: "Service with ClusterIP type can change its empty ClusterIP",
tweakSvc: func(oldSvc, newSvc *api.Service) {
oldSvc.Spec.Type = api.ServiceTypeClusterIP
newSvc.Spec.Type = api.ServiceTypeClusterIP
oldSvc.Spec.ClusterIP = ""
newSvc.Spec.ClusterIP = "1.2.3.5"
},
numErrs: 0,
},
{
name: "Service with ClusterIP type cannot change its set ClusterIP when changing type to NodePort",
tweakSvc: func(oldSvc, newSvc *api.Service) {
oldSvc.Spec.Type = api.ServiceTypeClusterIP
newSvc.Spec.Type = api.ServiceTypeNodePort
oldSvc.Spec.ClusterIP = "1.2.3.4"
newSvc.Spec.ClusterIP = "1.2.3.5"
},
numErrs: 1,
},
{
name: "Service with ClusterIP type can change its empty ClusterIP when changing type to NodePort",
tweakSvc: func(oldSvc, newSvc *api.Service) {
oldSvc.Spec.Type = api.ServiceTypeClusterIP
newSvc.Spec.Type = api.ServiceTypeNodePort
oldSvc.Spec.ClusterIP = ""
newSvc.Spec.ClusterIP = "1.2.3.5"
},
numErrs: 0,
},
{
name: "Service with ClusterIP type cannot change its ClusterIP when changing type to LoadBalancer",
tweakSvc: func(oldSvc, newSvc *api.Service) {
oldSvc.Spec.Type = api.ServiceTypeClusterIP
newSvc.Spec.Type = api.ServiceTypeLoadBalancer
oldSvc.Spec.ClusterIP = "1.2.3.4"
newSvc.Spec.ClusterIP = "1.2.3.5"
},
numErrs: 1,
},
{
name: "Service with ClusterIP type can change its empty ClusterIP when changing type to LoadBalancer",
tweakSvc: func(oldSvc, newSvc *api.Service) {
oldSvc.Spec.Type = api.ServiceTypeClusterIP
newSvc.Spec.Type = api.ServiceTypeLoadBalancer
oldSvc.Spec.ClusterIP = ""
newSvc.Spec.ClusterIP = "1.2.3.5"
},
numErrs: 0,
},
{
name: "Service with NodePort type cannot change its set ClusterIP",
tweakSvc: func(oldSvc, newSvc *api.Service) {
oldSvc.Spec.Type = api.ServiceTypeNodePort
newSvc.Spec.Type = api.ServiceTypeNodePort
oldSvc.Spec.ClusterIP = "1.2.3.4"
newSvc.Spec.ClusterIP = "1.2.3.5"
},
numErrs: 1,
},
{
name: "Service with NodePort type can change its empty ClusterIP",
tweakSvc: func(oldSvc, newSvc *api.Service) {
oldSvc.Spec.Type = api.ServiceTypeNodePort
newSvc.Spec.Type = api.ServiceTypeNodePort
oldSvc.Spec.ClusterIP = ""
newSvc.Spec.ClusterIP = "1.2.3.5"
},
numErrs: 0,
},
{
name: "Service with NodePort type cannot change its set ClusterIP when changing type to ClusterIP",
tweakSvc: func(oldSvc, newSvc *api.Service) {
oldSvc.Spec.Type = api.ServiceTypeNodePort
newSvc.Spec.Type = api.ServiceTypeClusterIP
oldSvc.Spec.ClusterIP = "1.2.3.4"
newSvc.Spec.ClusterIP = "1.2.3.5"
},
numErrs: 1,
},
{
name: "Service with NodePort type can change its empty ClusterIP when changing type to ClusterIP",
tweakSvc: func(oldSvc, newSvc *api.Service) {
oldSvc.Spec.Type = api.ServiceTypeNodePort
newSvc.Spec.Type = api.ServiceTypeClusterIP
oldSvc.Spec.ClusterIP = ""
newSvc.Spec.ClusterIP = "1.2.3.5"
},
numErrs: 0,
},
{
name: "Service with NodePort type cannot change its set ClusterIP when changing type to LoadBalancer",
tweakSvc: func(oldSvc, newSvc *api.Service) {
oldSvc.Spec.Type = api.ServiceTypeNodePort
newSvc.Spec.Type = api.ServiceTypeLoadBalancer
oldSvc.Spec.ClusterIP = "1.2.3.4"
newSvc.Spec.ClusterIP = "1.2.3.5"
},
numErrs: 1,
},
{
name: "Service with NodePort type can change its empty ClusterIP when changing type to LoadBalancer",
tweakSvc: func(oldSvc, newSvc *api.Service) {
oldSvc.Spec.Type = api.ServiceTypeNodePort
newSvc.Spec.Type = api.ServiceTypeLoadBalancer
oldSvc.Spec.ClusterIP = ""
newSvc.Spec.ClusterIP = "1.2.3.5"
},
numErrs: 0,
},
{
name: "Service with LoadBalancer type cannot change its set ClusterIP",
tweakSvc: func(oldSvc, newSvc *api.Service) {
oldSvc.Spec.Type = api.ServiceTypeLoadBalancer
newSvc.Spec.Type = api.ServiceTypeLoadBalancer
oldSvc.Spec.ClusterIP = "1.2.3.4"
newSvc.Spec.ClusterIP = "1.2.3.5"
},
numErrs: 1,
},
{
name: "Service with LoadBalancer type can change its empty ClusterIP",
tweakSvc: func(oldSvc, newSvc *api.Service) {
oldSvc.Spec.Type = api.ServiceTypeLoadBalancer
newSvc.Spec.Type = api.ServiceTypeLoadBalancer
oldSvc.Spec.ClusterIP = ""
newSvc.Spec.ClusterIP = "1.2.3.5"
},
numErrs: 0,
},
{
name: "Service with LoadBalancer type cannot change its set ClusterIP when changing type to ClusterIP",
tweakSvc: func(oldSvc, newSvc *api.Service) {
oldSvc.Spec.Type = api.ServiceTypeLoadBalancer
newSvc.Spec.Type = api.ServiceTypeClusterIP
oldSvc.Spec.ClusterIP = "1.2.3.4"
newSvc.Spec.ClusterIP = "1.2.3.5"
},
numErrs: 1,
},
{
name: "Service with LoadBalancer type can change its empty ClusterIP when changing type to ClusterIP",
tweakSvc: func(oldSvc, newSvc *api.Service) {
oldSvc.Spec.Type = api.ServiceTypeLoadBalancer
newSvc.Spec.Type = api.ServiceTypeClusterIP
oldSvc.Spec.ClusterIP = ""
newSvc.Spec.ClusterIP = "1.2.3.5"
},
numErrs: 0,
},
{
name: "Service with LoadBalancer type cannot change its set ClusterIP when changing type to NodePort",
tweakSvc: func(oldSvc, newSvc *api.Service) {
oldSvc.Spec.Type = api.ServiceTypeLoadBalancer
newSvc.Spec.Type = api.ServiceTypeNodePort
oldSvc.Spec.ClusterIP = "1.2.3.4"
newSvc.Spec.ClusterIP = "1.2.3.5"
},
numErrs: 1,
},
{
name: "Service with LoadBalancer type can change its empty ClusterIP when changing type to NodePort",
tweakSvc: func(oldSvc, newSvc *api.Service) {
oldSvc.Spec.Type = api.ServiceTypeLoadBalancer
newSvc.Spec.Type = api.ServiceTypeNodePort
oldSvc.Spec.ClusterIP = ""
newSvc.Spec.ClusterIP = "1.2.3.5"
},
numErrs: 0,
},
{
name: "Service with ExternalName type can change its empty ClusterIP when changing type to ClusterIP",
tweakSvc: func(oldSvc, newSvc *api.Service) {
oldSvc.Spec.Type = api.ServiceTypeExternalName
newSvc.Spec.Type = api.ServiceTypeClusterIP
oldSvc.Spec.ClusterIP = ""
newSvc.Spec.ClusterIP = "1.2.3.5"
},
numErrs: 0,
},
{
name: "Service with ExternalName type can change its set ClusterIP when changing type to ClusterIP",
tweakSvc: func(oldSvc, newSvc *api.Service) {
oldSvc.Spec.Type = api.ServiceTypeExternalName
newSvc.Spec.Type = api.ServiceTypeClusterIP
oldSvc.Spec.ClusterIP = "1.2.3.4"
newSvc.Spec.ClusterIP = "1.2.3.5"
},
numErrs: 0,
},
Unify validation logic for create and update paths Ensure ObjectMeta is consistently validated on both create and update Make PortalIP uncleareable
2015-01-27 18:55:54 -05:00
}
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
for _, tc := range testCases {
oldSvc := makeValidService()
newSvc := makeValidService()
tc.tweakSvc(&oldSvc, &newSvc)
Make order of fun consistent
2015-11-04 02:47:11 -05:00
errs := ValidateServiceUpdate(&newSvc, &oldSvc)
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
if len(errs) != tc.numErrs {
Stronger typing for validation ErrorList
2015-11-03 19:08:20 -05:00
t.Errorf("Unexpected error list for case %q: %v", tc.name, errs.ToAggregate())
Add more validation for updating node.
2014-11-17 13:22:27 -05:00
}
}
}
Adding a 'Typename' strongtype for representing all compute resource types.
2015-01-16 19:34:47 -05:00
func TestValidateResourceNames(t *testing.T) {
table := []struct {
input string
success bool
Make IsQualifiedName return error strings
2015-12-16 00:28:42 -05:00
expect string
Adding a 'Typename' strongtype for representing all compute resource types.
2015-01-16 19:34:47 -05:00
}{
Make IsQualifiedName return error strings
2015-12-16 00:28:42 -05:00
{"memory", true, ""},
{"cpu", true, ""},
requests.storage is a standard resource name
2016-10-10 20:49:05 -04:00
{"storage", true, ""},
{"requests.cpu", true, ""},
{"requests.memory", true, ""},
{"requests.storage", true, ""},
{"limits.cpu", true, ""},
{"limits.memory", true, ""},
Make IsQualifiedName return error strings
2015-12-16 00:28:42 -05:00
{"network", false, ""},
{"disk", false, ""},
{"", false, ""},
{".", false, ""},
{"..", false, ""},
{"my.favorite.app.co/12345", true, ""},
{"my.favorite.app.co/_12345", false, ""},
{"my.favorite.app.co/12345_", false, ""},
{"kubernetes.io/..", false, ""},
{"kubernetes.io/" + strings.Repeat("a", 63), true, ""},
{"kubernetes.io/" + strings.Repeat("a", 64), false, ""},
{"kubernetes.io//", false, ""},
{"kubernetes.io", false, ""},
{"kubernetes.io/will/not/work/", false, ""},
Adding a 'Typename' strongtype for representing all compute resource types.
2015-01-16 19:34:47 -05:00
}
Add more information to Validator error messages.
2015-02-04 19:36:27 -05:00
for k, item := range table {
Move FieldPath and errors to a sub-package This makes the naming and reading a lot simpler.
2015-11-06 18:30:52 -05:00
err := validateResourceName(item.input, field.NewPath("field"))
Adding a 'Typename' strongtype for representing all compute resource types.
2015-01-16 19:34:47 -05:00
if len(err) != 0 && item.success {
t.Errorf("expected no failure for input %q", item.input)
} else if len(err) == 0 && !item.success {
t.Errorf("expected failure for input %q", item.input)
Add more information to Validator error messages.
2015-02-04 19:36:27 -05:00
for i := range err {
Stronger typing for validation ErrorList
2015-11-03 19:08:20 -05:00
detail := err[i].Detail
Make IsQualifiedName return error strings
2015-12-16 00:28:42 -05:00
if detail != "" && !strings.Contains(detail, item.expect) {
t.Errorf("%d: expected error detail either empty or %s, got %s", k, item.expect, detail)
Add more information to Validator error messages.
2015-02-04 19:36:27 -05:00
}
}
Adding a 'Typename' strongtype for representing all compute resource types.
2015-01-16 19:34:47 -05:00
}
}
}
Add a limit range resource
2015-01-22 16:52:40 -05:00
Fix precision handling in validating LimitRange
2015-09-08 14:49:54 -04:00
func getResourceList(cpu, memory string) api.ResourceList {
res := api.ResourceList{}
if cpu != "" {
res[api.ResourceCPU] = resource.MustParse(cpu)
Add LimitRange range validation
2015-06-16 16:16:34 -04:00
}
Fix precision handling in validating LimitRange
2015-09-08 14:49:54 -04:00
if memory != "" {
res[api.ResourceMemory] = resource.MustParse(memory)
Revert "Revert "LimitRange updates for Resource Requirements Requests""
2015-08-28 12:26:36 -04:00
}
Fix precision handling in validating LimitRange
2015-09-08 14:49:54 -04:00
return res
}
Revert "Revert "LimitRange updates for Resource Requirements Requests""
2015-08-28 12:26:36 -04:00
Fix validation of resources (cpu, memory, storage) for limit range types.
2016-03-09 18:11:26 -05:00
func getStorageResourceList(storage string) api.ResourceList {
res := api.ResourceList{}
if storage != "" {
res[api.ResourceStorage] = resource.MustParse(storage)
}
return res
}
Fix precision handling in validating LimitRange
2015-09-08 14:49:54 -04:00
func TestValidateLimitRange(t *testing.T) {
successCases := []struct {
name string
spec api.LimitRangeSpec
}{
{
name: "all-fields-valid",
spec: api.LimitRangeSpec{
Limits: []api.LimitRangeItem{
{
Type: api.LimitTypePod,
Max: getResourceList("100m", "10000Mi"),
Min: getResourceList("5m", "100Mi"),
Validate LimitRange default and defaultRequest are not supported for limits of type Pod
2015-09-10 16:39:59 -04:00
MaxLimitRequestRatio: getResourceList("10", ""),
},
{
Type: api.LimitTypeContainer,
Max: getResourceList("100m", "10000Mi"),
Min: getResourceList("5m", "100Mi"),
Fix precision handling in validating LimitRange
2015-09-08 14:49:54 -04:00
Default: getResourceList("50m", "500Mi"),
DefaultRequest: getResourceList("10m", "200Mi"),
MaxLimitRequestRatio: getResourceList("10", ""),
},
add pvc storage to LimitRange
2016-08-15 10:19:15 -04:00
{
Type: api.LimitTypePersistentVolumeClaim,
Max: getStorageResourceList("10Gi"),
Min: getStorageResourceList("5Gi"),
},
Revert "Revert "LimitRange updates for Resource Requirements Requests""
2015-08-28 12:26:36 -04:00
},
},
},
Add a limit range resource
2015-01-22 16:52:40 -05:00
{
Fix precision handling in validating LimitRange
2015-09-08 14:49:54 -04:00
name: "all-fields-valid-big-numbers",
spec: api.LimitRangeSpec{
Limits: []api.LimitRangeItem{
{
Validate LimitRange default and defaultRequest are not supported for limits of type Pod
2015-09-10 16:39:59 -04:00
Type: api.LimitTypeContainer,
Fix precision handling in validating LimitRange
2015-09-08 14:49:54 -04:00
Max: getResourceList("100m", "10000T"),
Min: getResourceList("5m", "100Mi"),
Default: getResourceList("50m", "500Mi"),
DefaultRequest: getResourceList("10m", "200Mi"),
MaxLimitRequestRatio: getResourceList("10", ""),
},
},
Add a limit range resource
2015-01-22 16:52:40 -05:00
},
},
Fix validation of resources (cpu, memory, storage) for limit range types.
2016-03-09 18:11:26 -05:00
{
name: "thirdparty-fields-all-valid-standard-container-resources",
spec: api.LimitRangeSpec{
Limits: []api.LimitRangeItem{
{
Type: "thirdparty.com/foo",
Max: getResourceList("100m", "10000T"),
Min: getResourceList("5m", "100Mi"),
Default: getResourceList("50m", "500Mi"),
DefaultRequest: getResourceList("10m", "200Mi"),
MaxLimitRequestRatio: getResourceList("10", ""),
},
},
},
},
{
name: "thirdparty-fields-all-valid-storage-resources",
spec: api.LimitRangeSpec{
Limits: []api.LimitRangeItem{
{
Type: "thirdparty.com/foo",
Max: getStorageResourceList("10000T"),
Min: getStorageResourceList("100Mi"),
Default: getStorageResourceList("500Mi"),
DefaultRequest: getStorageResourceList("200Mi"),
MaxLimitRequestRatio: getStorageResourceList(""),
},
},
},
},
Add a limit range resource
2015-01-22 16:52:40 -05:00
}
Introduce a ResourceQuota object
2015-01-23 12:38:30 -05:00
Add a limit range resource
2015-01-22 16:52:40 -05:00
for _, successCase := range successCases {
Fix precision handling in validating LimitRange
2015-09-08 14:49:54 -04:00
limitRange := &api.LimitRange{ObjectMeta: api.ObjectMeta{Name: successCase.name, Namespace: "foo"}, Spec: successCase.spec}
if errs := ValidateLimitRange(limitRange); len(errs) != 0 {
t.Errorf("Case %v, unexpected error: %v", successCase.name, errs)
Add a limit range resource
2015-01-22 16:52:40 -05:00
}
}
Add more information to Validator error messages.
2015-02-04 19:36:27 -05:00
errorCases := map[string]struct {
R api.LimitRange
D string
}{
Fix precision handling in validating LimitRange
2015-09-08 14:49:54 -04:00
"zero-length-name": {
api.LimitRange{ObjectMeta: api.ObjectMeta{Name: "", Namespace: "foo"}, Spec: api.LimitRangeSpec{}},
Limit field errors to a single field name
2015-08-12 11:26:23 -04:00
"name or generateName is required",
Add a limit range resource
2015-01-22 16:52:40 -05:00
},
"zero-length-namespace": {
Fix precision handling in validating LimitRange
2015-09-08 14:49:54 -04:00
api.LimitRange{ObjectMeta: api.ObjectMeta{Name: "abc", Namespace: ""}, Spec: api.LimitRangeSpec{}},
Add more information to Validator error messages.
2015-02-04 19:36:27 -05:00
"",
},
Fix precision handling in validating LimitRange
2015-09-08 14:49:54 -04:00
"invalid-name": {
api.LimitRange{ObjectMeta: api.ObjectMeta{Name: "^Invalid", Namespace: "foo"}, Spec: api.LimitRangeSpec{}},
Make IsDNS1123Subdomain return error strings
2015-12-17 00:58:09 -05:00
"must match the regex",
Add more information to Validator error messages.
2015-02-04 19:36:27 -05:00
},
Fix precision handling in validating LimitRange
2015-09-08 14:49:54 -04:00
"invalid-namespace": {
api.LimitRange{ObjectMeta: api.ObjectMeta{Name: "abc", Namespace: "^Invalid"}, Spec: api.LimitRangeSpec{}},
Make IsDNS1123Label return error strings
2015-12-16 02:49:58 -05:00
"must match the regex",
Add a limit range resource
2015-01-22 16:52:40 -05:00
},
Fix precision handling in validating LimitRange
2015-09-08 14:49:54 -04:00
"duplicate-limit-type": {
api.LimitRange{ObjectMeta: api.ObjectMeta{Name: "abc", Namespace: "foo"}, Spec: api.LimitRangeSpec{
Limits: []api.LimitRangeItem{
{
Type: api.LimitTypePod,
Max: getResourceList("100m", "10000m"),
Min: getResourceList("0m", "100m"),
},
{
Type: api.LimitTypePod,
Min: getResourceList("0m", "100m"),
},
},
}},
Add LimitRange range validation
2015-06-16 16:16:34 -04:00
"",
},
Validate LimitRange default and defaultRequest are not supported for limits of type Pod
2015-09-10 16:39:59 -04:00
"default-limit-type-pod": {
api.LimitRange{ObjectMeta: api.ObjectMeta{Name: "abc", Namespace: "foo"}, Spec: api.LimitRangeSpec{
Limits: []api.LimitRangeItem{
{
Type: api.LimitTypePod,
Max: getResourceList("100m", "10000m"),
Min: getResourceList("0m", "100m"),
Default: getResourceList("10m", "100m"),
},
},
}},
Clean up and document validation strings Also add a detail string for Required and Forbidden. Fix tests.
2015-11-14 15:26:04 -05:00
"may not be specified when `type` is 'Pod'",
Validate LimitRange default and defaultRequest are not supported for limits of type Pod
2015-09-10 16:39:59 -04:00
},
"default-request-limit-type-pod": {
api.LimitRange{ObjectMeta: api.ObjectMeta{Name: "abc", Namespace: "foo"}, Spec: api.LimitRangeSpec{
Limits: []api.LimitRangeItem{
{
Type: api.LimitTypePod,
Max: getResourceList("100m", "10000m"),
Min: getResourceList("0m", "100m"),
DefaultRequest: getResourceList("10m", "100m"),
},
},
}},
Clean up and document validation strings Also add a detail string for Required and Forbidden. Fix tests.
2015-11-14 15:26:04 -05:00
"may not be specified when `type` is 'Pod'",
Validate LimitRange default and defaultRequest are not supported for limits of type Pod
2015-09-10 16:39:59 -04:00
},
Fix precision handling in validating LimitRange
2015-09-08 14:49:54 -04:00
"min value 100m is greater than max value 10m": {
api.LimitRange{ObjectMeta: api.ObjectMeta{Name: "abc", Namespace: "foo"}, Spec: api.LimitRangeSpec{
Limits: []api.LimitRangeItem{
{
Type: api.LimitTypePod,
Max: getResourceList("10m", ""),
Min: getResourceList("100m", ""),
},
},
}},
"min value 100m is greater than max value 10m",
Add LimitRange range validation
2015-06-16 16:16:34 -04:00
},
"invalid spec default outside range": {
Fix precision handling in validating LimitRange
2015-09-08 14:49:54 -04:00
api.LimitRange{ObjectMeta: api.ObjectMeta{Name: "abc", Namespace: "foo"}, Spec: api.LimitRangeSpec{
Limits: []api.LimitRangeItem{
{
Validate LimitRange default and defaultRequest are not supported for limits of type Pod
2015-09-10 16:39:59 -04:00
Type: api.LimitTypeContainer,
Fix precision handling in validating LimitRange
2015-09-08 14:49:54 -04:00
Max: getResourceList("1", ""),
Min: getResourceList("100m", ""),
Default: getResourceList("2000m", ""),
},
},
}},
"default value 2 is greater than max value 1",
Add LimitRange range validation
2015-06-16 16:16:34 -04:00
},
Revert "Revert "LimitRange updates for Resource Requirements Requests""
2015-08-28 12:26:36 -04:00
"invalid spec defaultrequest outside range": {
Fix precision handling in validating LimitRange
2015-09-08 14:49:54 -04:00
api.LimitRange{ObjectMeta: api.ObjectMeta{Name: "abc", Namespace: "foo"}, Spec: api.LimitRangeSpec{
Limits: []api.LimitRangeItem{
{
Validate LimitRange default and defaultRequest are not supported for limits of type Pod
2015-09-10 16:39:59 -04:00
Type: api.LimitTypeContainer,
Fix precision handling in validating LimitRange
2015-09-08 14:49:54 -04:00
Max: getResourceList("1", ""),
Min: getResourceList("100m", ""),
DefaultRequest: getResourceList("2000m", ""),
},
},
}},
"default request value 2 is greater than max value 1",
Revert "Revert "LimitRange updates for Resource Requirements Requests""
2015-08-28 12:26:36 -04:00
},
"invalid spec defaultrequest more than default": {
Fix precision handling in validating LimitRange
2015-09-08 14:49:54 -04:00
api.LimitRange{ObjectMeta: api.ObjectMeta{Name: "abc", Namespace: "foo"}, Spec: api.LimitRangeSpec{
Limits: []api.LimitRangeItem{
{
Type: api.LimitTypeContainer,
Max: getResourceList("2", ""),
Min: getResourceList("100m", ""),
Default: getResourceList("500m", ""),
DefaultRequest: getResourceList("800m", ""),
},
},
}},
"default request value 800m is greater than default limit value 500m",
Revert "Revert "LimitRange updates for Resource Requirements Requests""
2015-08-28 12:26:36 -04:00
},
Add validation to MaxLimitRequestRatio in LimitRange MaxLimitRequestRatio should >=1 MaxLimitRequestRatio should <= max/min(if both are specified)
2015-09-11 03:38:38 -04:00
"invalid spec maxLimitRequestRatio less than 1": {
api.LimitRange{ObjectMeta: api.ObjectMeta{Name: "abc", Namespace: "foo"}, Spec: api.LimitRangeSpec{
Limits: []api.LimitRangeItem{
{
Type: api.LimitTypePod,
MaxLimitRequestRatio: getResourceList("800m", ""),
},
},
}},
Convert validation to use FieldPath Before this change we have a mish-mash of ways to pass field names around for error generation. Sometimes string fieldnames, sometimes .Prefix(), sometimes neither, often wrong names or not indexed when it should be. Instead of that mess, this is part one of a couple of commits that will make it more strongly typed and hopefully encourage correct behavior. At least you will have to think about field names, which is better than nothing. It turned out to be really hard to do this incrementally.
2015-11-04 16:52:14 -05:00
"ratio 800m is less than 1",
Add validation to MaxLimitRequestRatio in LimitRange MaxLimitRequestRatio should >=1 MaxLimitRequestRatio should <= max/min(if both are specified)
2015-09-11 03:38:38 -04:00
},
"invalid spec maxLimitRequestRatio greater than max/min": {
api.LimitRange{ObjectMeta: api.ObjectMeta{Name: "abc", Namespace: "foo"}, Spec: api.LimitRangeSpec{
Limits: []api.LimitRangeItem{
{
Type: api.LimitTypeContainer,
Max: getResourceList("", "2Gi"),
Min: getResourceList("", "512Mi"),
MaxLimitRequestRatio: getResourceList("", "10"),
},
},
}},
Convert validation to use FieldPath Before this change we have a mish-mash of ways to pass field names around for error generation. Sometimes string fieldnames, sometimes .Prefix(), sometimes neither, often wrong names or not indexed when it should be. Instead of that mess, this is part one of a couple of commits that will make it more strongly typed and hopefully encourage correct behavior. At least you will have to think about field names, which is better than nothing. It turned out to be really hard to do this incrementally.
2015-11-04 16:52:14 -05:00
"ratio 10 is greater than max/min = 4.000000",
Add validation to MaxLimitRequestRatio in LimitRange MaxLimitRequestRatio should >=1 MaxLimitRequestRatio should <= max/min(if both are specified)
2015-09-11 03:38:38 -04:00
},
Fix validation of resources (cpu, memory, storage) for limit range types.
2016-03-09 18:11:26 -05:00
"invalid non standard limit type": {
api.LimitRange{ObjectMeta: api.ObjectMeta{Name: "abc", Namespace: "foo"}, Spec: api.LimitRangeSpec{
Limits: []api.LimitRangeItem{
{
Type: "foo",
Max: getStorageResourceList("10000T"),
Min: getStorageResourceList("100Mi"),
Default: getStorageResourceList("500Mi"),
DefaultRequest: getStorageResourceList("200Mi"),
MaxLimitRequestRatio: getStorageResourceList(""),
},
},
}},
"must be a standard limit type or fully qualified",
},
add pvc storage to LimitRange
2016-08-15 10:19:15 -04:00
"invalid missing required min field": {
api.LimitRange{ObjectMeta: api.ObjectMeta{Name: "abc", Namespace: "foo"}, Spec: api.LimitRangeSpec{
Limits: []api.LimitRangeItem{
{
Type: api.LimitTypePersistentVolumeClaim,
Max: getStorageResourceList("10000T"),
},
},
}},
"minimum storage value is required",
},
"invalid missing required max field": {
api.LimitRange{ObjectMeta: api.ObjectMeta{Name: "abc", Namespace: "foo"}, Spec: api.LimitRangeSpec{
Limits: []api.LimitRangeItem{
{
Type: api.LimitTypePersistentVolumeClaim,
Min: getStorageResourceList("10000T"),
},
},
}},
"maximum storage value is required",
},
"invalid min greater than max": {
api.LimitRange{ObjectMeta: api.ObjectMeta{Name: "abc", Namespace: "foo"}, Spec: api.LimitRangeSpec{
Limits: []api.LimitRangeItem{
{
Type: api.LimitTypePersistentVolumeClaim,
Min: getStorageResourceList("10Gi"),
Max: getStorageResourceList("1Gi"),
},
},
}},
"min value 10Gi is greater than max value 1Gi",
},
Add a limit range resource
2015-01-22 16:52:40 -05:00
}
Fix precision handling in validating LimitRange
2015-09-08 14:49:54 -04:00
Add a limit range resource
2015-01-22 16:52:40 -05:00
for k, v := range errorCases {
Add more information to Validator error messages.
2015-02-04 19:36:27 -05:00
errs := ValidateLimitRange(&v.R)
Add a limit range resource
2015-01-22 16:52:40 -05:00
if len(errs) == 0 {
t.Errorf("expected failure for %s", k)
}
for i := range errs {
Stronger typing for validation ErrorList
2015-11-03 19:08:20 -05:00
detail := errs[i].Detail
Make IsDNS1123Label return error strings
2015-12-16 02:49:58 -05:00
if !strings.Contains(detail, v.D) {
Convert validation to use FieldPath Before this change we have a mish-mash of ways to pass field names around for error generation. Sometimes string fieldnames, sometimes .Prefix(), sometimes neither, often wrong names or not indexed when it should be. Instead of that mess, this is part one of a couple of commits that will make it more strongly typed and hopefully encourage correct behavior. At least you will have to think about field names, which is better than nothing. It turned out to be really hard to do this incrementally.
2015-11-04 16:52:14 -05:00
t.Errorf("[%s]: expected error detail either empty or %q, got %q", k, v.D, detail)
Add more information to Validator error messages.
2015-02-04 19:36:27 -05:00
}
Add a limit range resource
2015-01-22 16:52:40 -05:00
}
}
Fix precision handling in validating LimitRange
2015-09-08 14:49:54 -04:00
Add a limit range resource
2015-01-22 16:52:40 -05:00
}
Introduce a ResourceQuota object
2015-01-23 12:38:30 -05:00
func TestValidateResourceQuota(t *testing.T) {
Add more information to Validator error messages.
2015-02-04 19:36:27 -05:00
spec := api.ResourceQuotaSpec{
Hard: api.ResourceList{
api.ResourceCPU: resource.MustParse("100"),
api.ResourceMemory: resource.MustParse("10000"),
ResourceQuota API validation for scopes and new resource types
2016-02-22 11:14:11 -05:00
api.ResourceRequestsCPU: resource.MustParse("100"),
api.ResourceRequestsMemory: resource.MustParse("10000"),
api.ResourceLimitsCPU: resource.MustParse("100"),
api.ResourceLimitsMemory: resource.MustParse("10000"),
Add more information to Validator error messages.
2015-02-04 19:36:27 -05:00
api.ResourcePods: resource.MustParse("10"),
Ensure ResourceQuota values are non-negative
2015-09-24 10:15:40 -04:00
api.ResourceServices: resource.MustParse("0"),
Add more information to Validator error messages.
2015-02-04 19:36:27 -05:00
api.ResourceReplicationControllers: resource.MustParse("10"),
api.ResourceQuotas: resource.MustParse("10"),
Add resource quota for ConfigMap
2016-02-29 12:02:05 -05:00
api.ResourceConfigMaps: resource.MustParse("10"),
api.ResourceSecrets: resource.MustParse("10"),
Add more information to Validator error messages.
2015-02-04 19:36:27 -05:00
},
}
ResourceQuota API validation for scopes and new resource types
2016-02-22 11:14:11 -05:00
terminatingSpec := api.ResourceQuotaSpec{
Hard: api.ResourceList{
api.ResourceCPU: resource.MustParse("100"),
api.ResourceLimitsCPU: resource.MustParse("200"),
},
Scopes: []api.ResourceQuotaScope{api.ResourceQuotaScopeTerminating},
}
nonTerminatingSpec := api.ResourceQuotaSpec{
Hard: api.ResourceList{
api.ResourceCPU: resource.MustParse("100"),
},
Scopes: []api.ResourceQuotaScope{api.ResourceQuotaScopeNotTerminating},
}
bestEffortSpec := api.ResourceQuotaSpec{
Hard: api.ResourceList{
api.ResourcePods: resource.MustParse("100"),
},
Scopes: []api.ResourceQuotaScope{api.ResourceQuotaScopeBestEffort},
}
nonBestEffortSpec := api.ResourceQuotaSpec{
Hard: api.ResourceList{
api.ResourceCPU: resource.MustParse("100"),
},
Scopes: []api.ResourceQuotaScope{api.ResourceQuotaScopeNotBestEffort},
}
// storage is not yet supported as a quota tracked resource
invalidQuotaResourceSpec := api.ResourceQuotaSpec{
Hard: api.ResourceList{
api.ResourceStorage: resource.MustParse("10"),
},
}
Ensure ResourceQuota values are non-negative
2015-09-24 10:15:40 -04:00
negativeSpec := api.ResourceQuotaSpec{
Hard: api.ResourceList{
api.ResourceCPU: resource.MustParse("-100"),
api.ResourceMemory: resource.MustParse("-10000"),
api.ResourcePods: resource.MustParse("-10"),
api.ResourceServices: resource.MustParse("-10"),
api.ResourceReplicationControllers: resource.MustParse("-10"),
api.ResourceQuotas: resource.MustParse("-10"),
Add resource quota for ConfigMap
2016-02-29 12:02:05 -05:00
api.ResourceConfigMaps: resource.MustParse("-10"),
api.ResourceSecrets: resource.MustParse("-10"),
Ensure ResourceQuota values are non-negative
2015-09-24 10:15:40 -04:00
},
}
Resource Quota should not let fractional values for API resources
2015-10-13 17:27:56 -04:00
fractionalComputeSpec := api.ResourceQuotaSpec{
Hard: api.ResourceList{
api.ResourceCPU: resource.MustParse("100m"),
},
}
fractionalPodSpec := api.ResourceQuotaSpec{
Hard: api.ResourceList{
api.ResourcePods: resource.MustParse(".1"),
api.ResourceServices: resource.MustParse(".5"),
api.ResourceReplicationControllers: resource.MustParse("1.25"),
api.ResourceQuotas: resource.MustParse("2.5"),
},
}
ResourceQuota API validation for scopes and new resource types
2016-02-22 11:14:11 -05:00
invalidTerminatingScopePairsSpec := api.ResourceQuotaSpec{
Hard: api.ResourceList{
api.ResourceCPU: resource.MustParse("100"),
},
Scopes: []api.ResourceQuotaScope{api.ResourceQuotaScopeTerminating, api.ResourceQuotaScopeNotTerminating},
}
invalidBestEffortScopePairsSpec := api.ResourceQuotaSpec{
Hard: api.ResourceList{
api.ResourcePods: resource.MustParse("100"),
},
Scopes: []api.ResourceQuotaScope{api.ResourceQuotaScopeBestEffort, api.ResourceQuotaScopeNotBestEffort},
}
invalidScopeNameSpec := api.ResourceQuotaSpec{
Hard: api.ResourceList{
api.ResourceCPU: resource.MustParse("100"),
},
Scopes: []api.ResourceQuotaScope{api.ResourceQuotaScope("foo")},
}
Introduce a ResourceQuota object
2015-01-23 12:38:30 -05:00
successCases := []api.ResourceQuota{
{
ObjectMeta: api.ObjectMeta{
Name: "abc",
Namespace: "foo",
},
Add more information to Validator error messages.
2015-02-04 19:36:27 -05:00
Spec: spec,
Introduce a ResourceQuota object
2015-01-23 12:38:30 -05:00
},
Resource Quota should not let fractional values for API resources
2015-10-13 17:27:56 -04:00
{
ObjectMeta: api.ObjectMeta{
Name: "abc",
Namespace: "foo",
},
Spec: fractionalComputeSpec,
},
ResourceQuota API validation for scopes and new resource types
2016-02-22 11:14:11 -05:00
{
ObjectMeta: api.ObjectMeta{
Name: "abc",
Namespace: "foo",
},
Spec: terminatingSpec,
},
{
ObjectMeta: api.ObjectMeta{
Name: "abc",
Namespace: "foo",
},
Spec: nonTerminatingSpec,
},
{
ObjectMeta: api.ObjectMeta{
Name: "abc",
Namespace: "foo",
},
Spec: bestEffortSpec,
},
{
ObjectMeta: api.ObjectMeta{
Name: "abc",
Namespace: "foo",
},
Spec: nonBestEffortSpec,
},
Introduce a ResourceQuota object
2015-01-23 12:38:30 -05:00
}
for _, successCase := range successCases {
if errs := ValidateResourceQuota(&successCase); len(errs) != 0 {
t.Errorf("expected success: %v", errs)
}
}
Add more information to Validator error messages.
2015-02-04 19:36:27 -05:00
errorCases := map[string]struct {
R api.ResourceQuota
D string
}{
Introduce a ResourceQuota object
2015-01-23 12:38:30 -05:00
"zero-length Name": {
Add more information to Validator error messages.
2015-02-04 19:36:27 -05:00
api.ResourceQuota{ObjectMeta: api.ObjectMeta{Name: "", Namespace: "foo"}, Spec: spec},
Limit field errors to a single field name
2015-08-12 11:26:23 -04:00
"name or generateName is required",
Introduce a ResourceQuota object
2015-01-23 12:38:30 -05:00
},
Add more information to Validator error messages.
2015-02-04 19:36:27 -05:00
"zero-length Namespace": {
api.ResourceQuota{ObjectMeta: api.ObjectMeta{Name: "abc", Namespace: ""}, Spec: spec},
"",
},
"invalid Name": {
api.ResourceQuota{ObjectMeta: api.ObjectMeta{Name: "^Invalid", Namespace: "foo"}, Spec: spec},
Make IsDNS1123Subdomain return error strings
2015-12-17 00:58:09 -05:00
"must match the regex",
Add more information to Validator error messages.
2015-02-04 19:36:27 -05:00
},
"invalid Namespace": {
api.ResourceQuota{ObjectMeta: api.ObjectMeta{Name: "abc", Namespace: "^Invalid"}, Spec: spec},
Make IsDNS1123Label return error strings
2015-12-16 02:49:58 -05:00
"must match the regex",
Introduce a ResourceQuota object
2015-01-23 12:38:30 -05:00
},
Ensure ResourceQuota values are non-negative
2015-09-24 10:15:40 -04:00
"negative-limits": {
api.ResourceQuota{ObjectMeta: api.ObjectMeta{Name: "abc", Namespace: "foo"}, Spec: negativeSpec},
isNegativeErrorMsg,
},
Resource Quota should not let fractional values for API resources
2015-10-13 17:27:56 -04:00
"fractional-api-resource": {
api.ResourceQuota{ObjectMeta: api.ObjectMeta{Name: "abc", Namespace: "foo"}, Spec: fractionalPodSpec},
isNotIntegerErrorMsg,
},
ResourceQuota API validation for scopes and new resource types
2016-02-22 11:14:11 -05:00
"invalid-quota-resource": {
api.ResourceQuota{ObjectMeta: api.ObjectMeta{Name: "abc", Namespace: "foo"}, Spec: invalidQuotaResourceSpec},
isInvalidQuotaResource,
},
"invalid-quota-terminating-pair": {
api.ResourceQuota{ObjectMeta: api.ObjectMeta{Name: "abc", Namespace: "foo"}, Spec: invalidTerminatingScopePairsSpec},
"conflicting scopes",
},
"invalid-quota-besteffort-pair": {
api.ResourceQuota{ObjectMeta: api.ObjectMeta{Name: "abc", Namespace: "foo"}, Spec: invalidBestEffortScopePairsSpec},
"conflicting scopes",
},
"invalid-quota-scope-name": {
api.ResourceQuota{ObjectMeta: api.ObjectMeta{Name: "abc", Namespace: "foo"}, Spec: invalidScopeNameSpec},
"unsupported scope",
},
Introduce a ResourceQuota object
2015-01-23 12:38:30 -05:00
}
for k, v := range errorCases {
Add more information to Validator error messages.
2015-02-04 19:36:27 -05:00
errs := ValidateResourceQuota(&v.R)
Introduce a ResourceQuota object
2015-01-23 12:38:30 -05:00
if len(errs) == 0 {
t.Errorf("expected failure for %s", k)
}
for i := range errs {
Make IsDNS1123Label return error strings
2015-12-16 02:49:58 -05:00
if !strings.Contains(errs[i].Detail, v.D) {
Convert validation to use FieldPath Before this change we have a mish-mash of ways to pass field names around for error generation. Sometimes string fieldnames, sometimes .Prefix(), sometimes neither, often wrong names or not indexed when it should be. Instead of that mess, this is part one of a couple of commits that will make it more strongly typed and hopefully encourage correct behavior. At least you will have to think about field names, which is better than nothing. It turned out to be really hard to do this incrementally.
2015-11-04 16:52:14 -05:00
t.Errorf("[%s]: expected error detail either empty or %s, got %s", k, v.D, errs[i].Detail)
Add more information to Validator error messages.
2015-02-04 19:36:27 -05:00
}
Introduce a ResourceQuota object
2015-01-23 12:38:30 -05:00
}
}
}
Add support for Namespace as Kind Add example for using namespaces
2015-01-19 16:50:00 -05:00
func TestValidateNamespace(t *testing.T) {
validLabels := map[string]string{"a": "b"}
invalidLabels := map[string]string{"NoUppercaseOrSpecialCharsLike=Equals": "b"}
successCases := []api.Namespace{
{
ObjectMeta: api.ObjectMeta{Name: "abc", Labels: validLabels},
},
{
ObjectMeta: api.ObjectMeta{Name: "abc-123"},
Client must specifiy a resource version on finalize
2015-03-31 17:00:04 -04:00
Spec: api.NamespaceSpec{
Finalizers: []api.FinalizerName{"example.com/something", "example.com/other"},
},
Add support for Namespace as Kind Add example for using namespaces
2015-01-19 16:50:00 -05:00
},
}
for _, successCase := range successCases {
if errs := ValidateNamespace(&successCase); len(errs) != 0 {
t.Errorf("expected success: %v", errs)
}
}
errorCases := map[string]struct {
R api.Namespace
D string
}{
"zero-length name": {
api.Namespace{ObjectMeta: api.ObjectMeta{Name: ""}},
"",
},
"defined-namespace": {
api.Namespace{ObjectMeta: api.ObjectMeta{Name: "abc-123", Namespace: "makesnosense"}},
"",
},
"invalid-labels": {
api.Namespace{ObjectMeta: api.ObjectMeta{Name: "abc", Labels: invalidLabels}},
"",
},
}
for k, v := range errorCases {
errs := ValidateNamespace(&v.R)
if len(errs) == 0 {
t.Errorf("expected failure for %s", k)
}
}
}
Namespace.Spec.Finalizer support
2015-03-20 12:48:12 -04:00
func TestValidateNamespaceFinalizeUpdate(t *testing.T) {
tests := []struct {
oldNamespace api.Namespace
namespace api.Namespace
valid bool
}{
{api.Namespace{}, api.Namespace{}, true},
{api.Namespace{
ObjectMeta: api.ObjectMeta{
Name: "foo"}},
api.Namespace{
ObjectMeta: api.ObjectMeta{
Name: "foo"},
Spec: api.NamespaceSpec{
Finalizers: []api.FinalizerName{"Foo"},
},
}, false},
{api.Namespace{
ObjectMeta: api.ObjectMeta{
Name: "foo"},
Spec: api.NamespaceSpec{
Finalizers: []api.FinalizerName{"foo.com/bar"},
},
},
api.Namespace{
ObjectMeta: api.ObjectMeta{
Name: "foo"},
Spec: api.NamespaceSpec{
Finalizers: []api.FinalizerName{"foo.com/bar", "what.com/bar"},
},
}, true},
Client must specifiy a resource version on finalize
2015-03-31 17:00:04 -04:00
{api.Namespace{
ObjectMeta: api.ObjectMeta{
Name: "fooemptyfinalizer"},
Spec: api.NamespaceSpec{
Finalizers: []api.FinalizerName{"foo.com/bar"},
},
},
api.Namespace{
ObjectMeta: api.ObjectMeta{
Name: "fooemptyfinalizer"},
Spec: api.NamespaceSpec{
Finalizers: []api.FinalizerName{"", "foo.com/bar", "what.com/bar"},
},
}, false},
Namespace.Spec.Finalizer support
2015-03-20 12:48:12 -04:00
}
for i, test := range tests {
Give better error message for PUTs with no resource version
2015-03-19 20:51:07 -04:00
test.namespace.ObjectMeta.ResourceVersion = "1"
test.oldNamespace.ObjectMeta.ResourceVersion = "1"
Namespace.Spec.Finalizer support
2015-03-20 12:48:12 -04:00
errs := ValidateNamespaceFinalizeUpdate(&test.namespace, &test.oldNamespace)
if test.valid && len(errs) > 0 {
t.Errorf("%d: Unexpected error: %v", i, errs)
t.Logf("%#v vs %#v", test.oldNamespace, test.namespace)
}
if !test.valid && len(errs) == 0 {
t.Errorf("%d: Unexpected non-error", i)
}
}
}
func TestValidateNamespaceStatusUpdate(t *testing.T) {
Move pkg/util.Time to pkg/api/unversioned.Time Along with our time.Duration wrapper, as suggested by @lavalamp.
2015-09-17 18:21:55 -04:00
now := unversioned.Now()
Improve validation and fix not throwing an error during ns delete
2015-04-10 11:41:18 -04:00
Namespace.Spec.Finalizer support
2015-03-20 12:48:12 -04:00
tests := []struct {
oldNamespace api.Namespace
namespace api.Namespace
valid bool
}{
Improve validation and fix not throwing an error during ns delete
2015-04-10 11:41:18 -04:00
{api.Namespace{}, api.Namespace{
Status: api.NamespaceStatus{
Phase: api.NamespaceActive,
},
}, true},
Validate deletion timestamp doesn't change on update
2016-04-28 11:50:48 -04:00
// Cannot set deletionTimestamp via status update
Namespace.Spec.Finalizer support
2015-03-20 12:48:12 -04:00
{api.Namespace{
ObjectMeta: api.ObjectMeta{
Name: "foo"}},
api.Namespace{
ObjectMeta: api.ObjectMeta{
Improve validation and fix not throwing an error during ns delete
2015-04-10 11:41:18 -04:00
Name: "foo",
DeletionTimestamp: &now},
Namespace.Spec.Finalizer support
2015-03-20 12:48:12 -04:00
Status: api.NamespaceStatus{
Phase: api.NamespaceTerminating,
},
Validate deletion timestamp doesn't change on update
2016-04-28 11:50:48 -04:00
}, false},
// Can update phase via status update
{api.Namespace{
ObjectMeta: api.ObjectMeta{
Name: "foo",
DeletionTimestamp: &now}},
api.Namespace{
ObjectMeta: api.ObjectMeta{
Name: "foo",
DeletionTimestamp: &now},
Status: api.NamespaceStatus{
Phase: api.NamespaceTerminating,
},
Namespace.Spec.Finalizer support
2015-03-20 12:48:12 -04:00
}, true},
Improve validation and fix not throwing an error during ns delete
2015-04-10 11:41:18 -04:00
{api.Namespace{
ObjectMeta: api.ObjectMeta{
Name: "foo"}},
api.Namespace{
ObjectMeta: api.ObjectMeta{
Name: "foo"},
Status: api.NamespaceStatus{
Phase: api.NamespaceTerminating,
},
}, false},
Namespace.Spec.Finalizer support
2015-03-20 12:48:12 -04:00
{api.Namespace{
ObjectMeta: api.ObjectMeta{
Name: "foo"}},
api.Namespace{
ObjectMeta: api.ObjectMeta{
Name: "bar"},
Status: api.NamespaceStatus{
Phase: api.NamespaceTerminating,
},
}, false},
}
for i, test := range tests {
Give better error message for PUTs with no resource version
2015-03-19 20:51:07 -04:00
test.namespace.ObjectMeta.ResourceVersion = "1"
test.oldNamespace.ObjectMeta.ResourceVersion = "1"
Improve validation and fix not throwing an error during ns delete
2015-04-10 11:41:18 -04:00
errs := ValidateNamespaceStatusUpdate(&test.namespace, &test.oldNamespace)
Namespace.Spec.Finalizer support
2015-03-20 12:48:12 -04:00
if test.valid && len(errs) > 0 {
t.Errorf("%d: Unexpected error: %v", i, errs)
t.Logf("%#v vs %#v", test.oldNamespace.ObjectMeta, test.namespace.ObjectMeta)
}
if !test.valid && len(errs) == 0 {
t.Errorf("%d: Unexpected non-error", i)
}
}
}
Add support for Namespace as Kind Add example for using namespaces
2015-01-19 16:50:00 -05:00
func TestValidateNamespaceUpdate(t *testing.T) {
tests := []struct {
oldNamespace api.Namespace
namespace api.Namespace
valid bool
}{
{api.Namespace{}, api.Namespace{}, true},
{api.Namespace{
ObjectMeta: api.ObjectMeta{
Client must specifiy a resource version on finalize
2015-03-31 17:00:04 -04:00
Name: "foo1"}},
Add support for Namespace as Kind Add example for using namespaces
2015-01-19 16:50:00 -05:00
api.Namespace{
ObjectMeta: api.ObjectMeta{
Client must specifiy a resource version on finalize
2015-03-31 17:00:04 -04:00
Name: "bar1"},
Add support for Namespace as Kind Add example for using namespaces
2015-01-19 16:50:00 -05:00
}, false},
{api.Namespace{
ObjectMeta: api.ObjectMeta{
Client must specifiy a resource version on finalize
2015-03-31 17:00:04 -04:00
Name: "foo2",
Add support for Namespace as Kind Add example for using namespaces
2015-01-19 16:50:00 -05:00
Labels: map[string]string{"foo": "bar"},
},
}, api.Namespace{
ObjectMeta: api.ObjectMeta{
Client must specifiy a resource version on finalize
2015-03-31 17:00:04 -04:00
Name: "foo2",
Add support for Namespace as Kind Add example for using namespaces
2015-01-19 16:50:00 -05:00
Labels: map[string]string{"foo": "baz"},
},
}, true},
{api.Namespace{
ObjectMeta: api.ObjectMeta{
Client must specifiy a resource version on finalize
2015-03-31 17:00:04 -04:00
Name: "foo3",
Add support for Namespace as Kind Add example for using namespaces
2015-01-19 16:50:00 -05:00
},
}, api.Namespace{
ObjectMeta: api.ObjectMeta{
Client must specifiy a resource version on finalize
2015-03-31 17:00:04 -04:00
Name: "foo3",
Add support for Namespace as Kind Add example for using namespaces
2015-01-19 16:50:00 -05:00
Labels: map[string]string{"foo": "baz"},
},
}, true},
{api.Namespace{
ObjectMeta: api.ObjectMeta{
Client must specifiy a resource version on finalize
2015-03-31 17:00:04 -04:00
Name: "foo4",
Add support for Namespace as Kind Add example for using namespaces
2015-01-19 16:50:00 -05:00
Labels: map[string]string{"bar": "foo"},
},
}, api.Namespace{
ObjectMeta: api.ObjectMeta{
Client must specifiy a resource version on finalize
2015-03-31 17:00:04 -04:00
Name: "foo4",
Add support for Namespace as Kind Add example for using namespaces
2015-01-19 16:50:00 -05:00
Labels: map[string]string{"foo": "baz"},
},
}, true},
{api.Namespace{
ObjectMeta: api.ObjectMeta{
Client must specifiy a resource version on finalize
2015-03-31 17:00:04 -04:00
Name: "foo5",
Add support for Namespace as Kind Add example for using namespaces
2015-01-19 16:50:00 -05:00
Labels: map[string]string{"foo": "baz"},
},
}, api.Namespace{
ObjectMeta: api.ObjectMeta{
Client must specifiy a resource version on finalize
2015-03-31 17:00:04 -04:00
Name: "foo5",
Add support for Namespace as Kind Add example for using namespaces
2015-01-19 16:50:00 -05:00
Labels: map[string]string{"Foo": "baz"},
},
Loosen label and annotation validation and related tests
2015-02-27 10:08:02 -05:00
}, true},
Client must specifiy a resource version on finalize
2015-03-31 17:00:04 -04:00
{api.Namespace{
ObjectMeta: api.ObjectMeta{
Name: "foo6",
Labels: map[string]string{"foo": "baz"},
},
}, api.Namespace{
ObjectMeta: api.ObjectMeta{
Name: "foo6",
Labels: map[string]string{"Foo": "baz"},
},
Spec: api.NamespaceSpec{
Finalizers: []api.FinalizerName{"kubernetes"},
},
Status: api.NamespaceStatus{
Phase: api.NamespaceTerminating,
},
}, true},
Add support for Namespace as Kind Add example for using namespaces
2015-01-19 16:50:00 -05:00
}
for i, test := range tests {
Give better error message for PUTs with no resource version
2015-03-19 20:51:07 -04:00
test.namespace.ObjectMeta.ResourceVersion = "1"
test.oldNamespace.ObjectMeta.ResourceVersion = "1"
Client must specifiy a resource version on finalize
2015-03-31 17:00:04 -04:00
errs := ValidateNamespaceUpdate(&test.namespace, &test.oldNamespace)
Add support for Namespace as Kind Add example for using namespaces
2015-01-19 16:50:00 -05:00
if test.valid && len(errs) > 0 {
t.Errorf("%d: Unexpected error: %v", i, errs)
t.Logf("%#v vs %#v", test.oldNamespace.ObjectMeta, test.namespace.ObjectMeta)
}
if !test.valid && len(errs) == 0 {
t.Errorf("%d: Unexpected non-error", i)
}
}
}
Secret API resource
2015-02-17 20:24:50 -05:00
func TestValidateSecret(t *testing.T) {
Add ServiceAccountToken SecretType
2015-04-27 23:51:20 -04:00
// Opaque secret validation
Secret API resource
2015-02-17 20:24:50 -05:00
validSecret := func() api.Secret {
return api.Secret{
ObjectMeta: api.ObjectMeta{Name: "foo", Namespace: "bar"},
Data: map[string][]byte{
Add secret volume plugin and e2e test
2015-02-17 20:26:41 -05:00
"data-1": []byte("bar"),
Secret API resource
2015-02-17 20:24:50 -05:00
},
}
}
var (
allow leading dots in secret keys
2015-05-11 15:03:10 -04:00
emptyName = validSecret()
invalidName = validSecret()
emptyNs = validSecret()
invalidNs = validSecret()
overMaxSize = validSecret()
invalidKey = validSecret()
leadingDotKey = validSecret()
dotKey = validSecret()
doubleDotKey = validSecret()
Secret API resource
2015-02-17 20:24:50 -05:00
)
emptyName.Name = ""
invalidName.Name = "NoUppercaseOrSpecialCharsLike=Equals"
emptyNs.Namespace = ""
invalidNs.Namespace = "NoUppercaseOrSpecialCharsLike=Equals"
overMaxSize.Data = map[string][]byte{
"over": make([]byte, api.MaxSecretSize+1),
}
Allows Secret & ConfigMap Keys to look like Environment Variables This makes environment variable style keys (uppercase with underscores) valid in Secrets and ConfigMap.
2016-05-11 01:59:59 -04:00
invalidKey.Data["a*b"] = []byte("whoops")
allow leading dots in secret keys
2015-05-11 15:03:10 -04:00
leadingDotKey.Data[".key"] = []byte("bar")
dotKey.Data["."] = []byte("bar")
doubleDotKey.Data[".."] = []byte("bar")
Secret API resource
2015-02-17 20:24:50 -05:00
Add ServiceAccountToken SecretType
2015-04-27 23:51:20 -04:00
// kubernetes.io/service-account-token secret validation
validServiceAccountTokenSecret := func() api.Secret {
return api.Secret{
ObjectMeta: api.ObjectMeta{
Name: "foo",
Namespace: "bar",
Annotations: map[string]string{
api.ServiceAccountNameKey: "foo",
},
},
Type: api.SecretTypeServiceAccountToken,
Data: map[string][]byte{
"data-1": []byte("bar"),
},
}
}
var (
emptyTokenAnnotation = validServiceAccountTokenSecret()
missingTokenAnnotation = validServiceAccountTokenSecret()
missingTokenAnnotations = validServiceAccountTokenSecret()
)
emptyTokenAnnotation.Annotations[api.ServiceAccountNameKey] = ""
delete(missingTokenAnnotation.Annotations, api.ServiceAccountNameKey)
missingTokenAnnotations.Annotations = nil
Secret API resource
2015-02-17 20:24:50 -05:00
tests := map[string]struct {
secret api.Secret
valid bool
}{
allow leading dots in secret keys
2015-05-11 15:03:10 -04:00
"valid": {validSecret(), true},
"empty name": {emptyName, false},
"invalid name": {invalidName, false},
"empty namespace": {emptyNs, false},
"invalid namespace": {invalidNs, false},
"over max size": {overMaxSize, false},
"invalid key": {invalidKey, false},
Add ServiceAccountToken SecretType
2015-04-27 23:51:20 -04:00
"valid service-account-token secret": {validServiceAccountTokenSecret(), true},
"empty service-account-token annotation": {emptyTokenAnnotation, false},
"missing service-account-token annotation": {missingTokenAnnotation, false},
"missing service-account-token annotations": {missingTokenAnnotations, false},
allow leading dots in secret keys
2015-05-11 15:03:10 -04:00
"leading dot key": {leadingDotKey, true},
"dot key": {dotKey, false},
"double dot key": {doubleDotKey, false},
Secret API resource
2015-02-17 20:24:50 -05:00
}
for name, tc := range tests {
errs := ValidateSecret(&tc.secret)
add dockercfg secret types
2015-05-06 10:09:18 -04:00
if tc.valid && len(errs) > 0 {
t.Errorf("%v: Unexpected error: %v", name, errs)
}
if !tc.valid && len(errs) == 0 {
t.Errorf("%v: Unexpected non-error", name)
}
}
}
func TestValidateDockerConfigSecret(t *testing.T) {
validDockerSecret := func() api.Secret {
return api.Secret{
ObjectMeta: api.ObjectMeta{Name: "foo", Namespace: "bar"},
Type: api.SecretTypeDockercfg,
Data: map[string][]byte{
api.DockerConfigKey: []byte(`{"https://index.docker.io/v1/": {"auth": "Y2x1ZWRyb29sZXIwMDAxOnBhc3N3b3Jk","email": "fake@example.com"}}`),
},
}
}
Validate kubernetes.io/dockerconfigjson secrets Added unit test.
2015-12-16 17:13:18 -05:00
validDockerSecret2 := func() api.Secret {
return api.Secret{
ObjectMeta: api.ObjectMeta{Name: "foo", Namespace: "bar"},
Type: api.SecretTypeDockerConfigJson,
Data: map[string][]byte{
api.DockerConfigJsonKey: []byte(`{"auths":{"https://index.docker.io/v1/": {"auth": "Y2x1ZWRyb29sZXIwMDAxOnBhc3N3b3Jk","email": "fake@example.com"}}}`),
},
}
}
add dockercfg secret types
2015-05-06 10:09:18 -04:00
var (
Validate kubernetes.io/dockerconfigjson secrets Added unit test.
2015-12-16 17:13:18 -05:00
missingDockerConfigKey = validDockerSecret()
emptyDockerConfigKey = validDockerSecret()
invalidDockerConfigKey = validDockerSecret()
missingDockerConfigKey2 = validDockerSecret2()
emptyDockerConfigKey2 = validDockerSecret2()
invalidDockerConfigKey2 = validDockerSecret2()
add dockercfg secret types
2015-05-06 10:09:18 -04:00
)
delete(missingDockerConfigKey.Data, api.DockerConfigKey)
emptyDockerConfigKey.Data[api.DockerConfigKey] = []byte("")
invalidDockerConfigKey.Data[api.DockerConfigKey] = []byte("bad")
Validate kubernetes.io/dockerconfigjson secrets Added unit test.
2015-12-16 17:13:18 -05:00
delete(missingDockerConfigKey2.Data, api.DockerConfigJsonKey)
emptyDockerConfigKey2.Data[api.DockerConfigJsonKey] = []byte("")
invalidDockerConfigKey2.Data[api.DockerConfigJsonKey] = []byte("bad")
add dockercfg secret types
2015-05-06 10:09:18 -04:00
tests := map[string]struct {
secret api.Secret
valid bool
}{
Validate kubernetes.io/dockerconfigjson secrets Added unit test.
2015-12-16 17:13:18 -05:00
"valid dockercfg": {validDockerSecret(), true},
"missing dockercfg": {missingDockerConfigKey, false},
"empty dockercfg": {emptyDockerConfigKey, false},
"invalid dockercfg": {invalidDockerConfigKey, false},
"valid config.json": {validDockerSecret2(), true},
"missing config.json": {missingDockerConfigKey2, false},
"empty config.json": {emptyDockerConfigKey2, false},
"invalid config.json": {invalidDockerConfigKey2, false},
add dockercfg secret types
2015-05-06 10:09:18 -04:00
}
Additional SecretTypes
2015-09-10 11:30:58 -04:00
for name, tc := range tests {
errs := ValidateSecret(&tc.secret)
if tc.valid && len(errs) > 0 {
t.Errorf("%v: Unexpected error: %v", name, errs)
}
if !tc.valid && len(errs) == 0 {
t.Errorf("%v: Unexpected non-error", name)
}
}
}
func TestValidateBasicAuthSecret(t *testing.T) {
validBasicAuthSecret := func() api.Secret {
return api.Secret{
ObjectMeta: api.ObjectMeta{Name: "foo", Namespace: "bar"},
Type: api.SecretTypeBasicAuth,
Data: map[string][]byte{
api.BasicAuthUsernameKey: []byte("username"),
api.BasicAuthPasswordKey: []byte("password"),
},
}
}
var (
missingBasicAuthUsernamePasswordKeys = validBasicAuthSecret()
// invalidBasicAuthUsernamePasswordKey = validBasicAuthSecret()
// emptyBasicAuthUsernameKey = validBasicAuthSecret()
// emptyBasicAuthPasswordKey = validBasicAuthSecret()
)
delete(missingBasicAuthUsernamePasswordKeys.Data, api.BasicAuthUsernameKey)
delete(missingBasicAuthUsernamePasswordKeys.Data, api.BasicAuthPasswordKey)
// invalidBasicAuthUsernamePasswordKey.Data[api.BasicAuthUsernameKey] = []byte("bad")
// invalidBasicAuthUsernamePasswordKey.Data[api.BasicAuthPasswordKey] = []byte("bad")
// emptyBasicAuthUsernameKey.Data[api.BasicAuthUsernameKey] = []byte("")
// emptyBasicAuthPasswordKey.Data[api.BasicAuthPasswordKey] = []byte("")
tests := map[string]struct {
secret api.Secret
valid bool
}{
"valid": {validBasicAuthSecret(), true},
"missing username and password": {missingBasicAuthUsernamePasswordKeys, false},
// "invalid username and password": {invalidBasicAuthUsernamePasswordKey, false},
// "empty username": {emptyBasicAuthUsernameKey, false},
// "empty password": {emptyBasicAuthPasswordKey, false},
}
for name, tc := range tests {
errs := ValidateSecret(&tc.secret)
if tc.valid && len(errs) > 0 {
t.Errorf("%v: Unexpected error: %v", name, errs)
}
if !tc.valid && len(errs) == 0 {
t.Errorf("%v: Unexpected non-error", name)
}
}
}
func TestValidateSSHAuthSecret(t *testing.T) {
validSSHAuthSecret := func() api.Secret {
return api.Secret{
ObjectMeta: api.ObjectMeta{Name: "foo", Namespace: "bar"},
Type: api.SecretTypeSSHAuth,
Data: map[string][]byte{
api.SSHAuthPrivateKey: []byte("foo-bar-baz"),
},
}
}
missingSSHAuthPrivateKey := validSSHAuthSecret()
delete(missingSSHAuthPrivateKey.Data, api.SSHAuthPrivateKey)
tests := map[string]struct {
secret api.Secret
valid bool
}{
"valid": {validSSHAuthSecret(), true},
"missing private key": {missingSSHAuthPrivateKey, false},
}
add dockercfg secret types
2015-05-06 10:09:18 -04:00
for name, tc := range tests {
errs := ValidateSecret(&tc.secret)
Secret API resource
2015-02-17 20:24:50 -05:00
if tc.valid && len(errs) > 0 {
t.Errorf("%v: Unexpected error: %v", name, errs)
}
if !tc.valid && len(errs) == 0 {
t.Errorf("%v: Unexpected non-error", name)
}
}
}
Implement multi-port endpoints Instead of endpoints being a flat list, it is now a list of "subsets" where each is a struct of {Addresses, Ports}. To generate the list of endpoints you need to take union of the Cartesian products of the subsets. This is compact in the vast majority of cases, yet still represents named ports and corner cases (e.g. each pod has a different port number). This also stores subsets in a deterministic order (sorted by hash) to avoid spurious updates and comparison problems. This is a fully compatible change - old objects and clients will keepworking as long as they don't need the new functionality. This is the prep for multi-port Services, which will add API to produce endpoints in this new structure.
2015-03-20 17:24:43 -04:00
func TestValidateEndpoints(t *testing.T) {
Add validation for Endpoints
2015-03-20 10:40:20 -04:00
successCases := map[string]api.Endpoints{
"simple endpoint": {
ObjectMeta: api.ObjectMeta{Name: "mysvc", Namespace: "namespace"},
Subsets: []api.EndpointSubset{
{
Addresses: []api.EndpointAddress{{IP: "10.10.1.1"}, {IP: "10.10.2.2"}},
Ports: []api.EndpointPort{{Name: "a", Port: 8675, Protocol: "TCP"}, {Name: "b", Port: 309, Protocol: "TCP"}},
},
{
Addresses: []api.EndpointAddress{{IP: "10.10.3.3"}},
Ports: []api.EndpointPort{{Name: "a", Port: 93, Protocol: "TCP"}, {Name: "b", Port: 76, Protocol: "TCP"}},
},
},
},
"empty subsets": {
ObjectMeta: api.ObjectMeta{Name: "mysvc", Namespace: "namespace"},
},
"no name required for singleton port": {
ObjectMeta: api.ObjectMeta{Name: "mysvc", Namespace: "namespace"},
Subsets: []api.EndpointSubset{
{
Addresses: []api.EndpointAddress{{IP: "10.10.1.1"}},
Ports: []api.EndpointPort{{Port: 8675, Protocol: "TCP"}},
},
},
},
}
for k, v := range successCases {
if errs := ValidateEndpoints(&v); len(errs) != 0 {
t.Errorf("Expected success for %s, got %v", k, errs)
}
}
errorCases := map[string]struct {
endpoints api.Endpoints
Move FieldPath and errors to a sub-package This makes the naming and reading a lot simpler.
2015-11-06 18:30:52 -05:00
errorType field.ErrorType
Add validation for Endpoints
2015-03-20 10:40:20 -04:00
errorDetail string
}{
"missing namespace": {
endpoints: api.Endpoints{ObjectMeta: api.ObjectMeta{Name: "mysvc"}},
errorType: "FieldValueRequired",
},
"missing name": {
endpoints: api.Endpoints{ObjectMeta: api.ObjectMeta{Namespace: "namespace"}},
errorType: "FieldValueRequired",
},
"invalid namespace": {
endpoints: api.Endpoints{ObjectMeta: api.ObjectMeta{Name: "mysvc", Namespace: "no@#invalid.;chars\"allowed"}},
errorType: "FieldValueInvalid",
Make IsDNS1123Label return error strings
2015-12-16 02:49:58 -05:00
errorDetail: "must match the regex",
Add validation for Endpoints
2015-03-20 10:40:20 -04:00
},
"invalid name": {
endpoints: api.Endpoints{ObjectMeta: api.ObjectMeta{Name: "-_Invliad^&Characters", Namespace: "namespace"}},
errorType: "FieldValueInvalid",
Make IsDNS1123Subdomain return error strings
2015-12-17 00:58:09 -05:00
errorDetail: "must match the regex",
Add validation for Endpoints
2015-03-20 10:40:20 -04:00
},
"empty addresses": {
endpoints: api.Endpoints{
ObjectMeta: api.ObjectMeta{Name: "mysvc", Namespace: "namespace"},
Subsets: []api.EndpointSubset{
{
Ports: []api.EndpointPort{{Name: "a", Port: 93, Protocol: "TCP"}},
},
},
},
errorType: "FieldValueRequired",
},
"empty ports": {
endpoints: api.Endpoints{
ObjectMeta: api.ObjectMeta{Name: "mysvc", Namespace: "namespace"},
Subsets: []api.EndpointSubset{
{
Addresses: []api.EndpointAddress{{IP: "10.10.3.3"}},
},
},
},
errorType: "FieldValueRequired",
},
"invalid IP": {
endpoints: api.Endpoints{
ObjectMeta: api.ObjectMeta{Name: "mysvc", Namespace: "namespace"},
Subsets: []api.EndpointSubset{
{
Removing IPv4 enforcement on Endpoints Signed-off-by: André Martins <aanm90@gmail.com>
2016-03-22 00:54:32 -04:00
Addresses: []api.EndpointAddress{{IP: "[2001:0db8:85a3:0042:1000:8a2e:0370:7334]"}},
Add validation for Endpoints
2015-03-20 10:40:20 -04:00
Ports: []api.EndpointPort{{Name: "a", Port: 93, Protocol: "TCP"}},
},
},
},
errorType: "FieldValueInvalid",
Removing IPv4 enforcement on Endpoints Signed-off-by: André Martins <aanm90@gmail.com>
2016-03-22 00:54:32 -04:00
errorDetail: "must be a valid IP address",
Add validation for Endpoints
2015-03-20 10:40:20 -04:00
},
"Multiple ports, one without name": {
endpoints: api.Endpoints{
ObjectMeta: api.ObjectMeta{Name: "mysvc", Namespace: "namespace"},
Subsets: []api.EndpointSubset{
{
Addresses: []api.EndpointAddress{{IP: "10.10.1.1"}},
Ports: []api.EndpointPort{{Port: 8675, Protocol: "TCP"}, {Name: "b", Port: 309, Protocol: "TCP"}},
},
},
},
errorType: "FieldValueRequired",
},
"Invalid port number": {
endpoints: api.Endpoints{
ObjectMeta: api.ObjectMeta{Name: "mysvc", Namespace: "namespace"},
Subsets: []api.EndpointSubset{
{
Addresses: []api.EndpointAddress{{IP: "10.10.1.1"}},
Ports: []api.EndpointPort{{Name: "a", Port: 66000, Protocol: "TCP"}},
},
},
},
errorType: "FieldValueInvalid",
Make IsValidPortNum/Name return error strings
2016-01-04 11:33:26 -05:00
errorDetail: "between",
Add validation for Endpoints
2015-03-20 10:40:20 -04:00
},
"Invalid protocol": {
endpoints: api.Endpoints{
ObjectMeta: api.ObjectMeta{Name: "mysvc", Namespace: "namespace"},
Subsets: []api.EndpointSubset{
{
Addresses: []api.EndpointAddress{{IP: "10.10.1.1"}},
Ports: []api.EndpointPort{{Name: "a", Port: 93, Protocol: "Protocol"}},
},
},
},
errorType: "FieldValueNotSupported",
},
"Address missing IP": {
endpoints: api.Endpoints{
ObjectMeta: api.ObjectMeta{Name: "mysvc", Namespace: "namespace"},
Subsets: []api.EndpointSubset{
{
Addresses: []api.EndpointAddress{{}},
Ports: []api.EndpointPort{{Name: "a", Port: 93, Protocol: "TCP"}},
},
},
},
errorType: "FieldValueInvalid",
Removing IPv4 enforcement on Endpoints Signed-off-by: André Martins <aanm90@gmail.com>
2016-03-22 00:54:32 -04:00
errorDetail: "must be a valid IP address",
Add validation for Endpoints
2015-03-20 10:40:20 -04:00
},
"Port missing number": {
endpoints: api.Endpoints{
ObjectMeta: api.ObjectMeta{Name: "mysvc", Namespace: "namespace"},
Subsets: []api.EndpointSubset{
{
Addresses: []api.EndpointAddress{{IP: "10.10.1.1"}},
Ports: []api.EndpointPort{{Name: "a", Protocol: "TCP"}},
},
},
},
errorType: "FieldValueInvalid",
Make IsValidPortNum/Name return error strings
2016-01-04 11:33:26 -05:00
errorDetail: "between",
Add validation for Endpoints
2015-03-20 10:40:20 -04:00
},
"Port missing protocol": {
endpoints: api.Endpoints{
ObjectMeta: api.ObjectMeta{Name: "mysvc", Namespace: "namespace"},
Subsets: []api.EndpointSubset{
{
Addresses: []api.EndpointAddress{{IP: "10.10.1.1"}},
Ports: []api.EndpointPort{{Name: "a", Port: 93}},
},
},
},
errorType: "FieldValueRequired",
},
Check loopback and link-local multicast endpoints Previously we just disallowed link-local (unicast). This disallows loopback and link-local multicast.
2015-07-04 00:05:15 -04:00
"Address is loopback": {
endpoints: api.Endpoints{
ObjectMeta: api.ObjectMeta{Name: "mysvc", Namespace: "namespace"},
Subsets: []api.EndpointSubset{
{
Addresses: []api.EndpointAddress{{IP: "127.0.0.1"}},
Ports: []api.EndpointPort{{Name: "p", Port: 93, Protocol: "TCP"}},
},
},
},
errorType: "FieldValueInvalid",
errorDetail: "loopback",
},
Don't allow link-local Endpoints
2015-06-03 00:49:51 -04:00
"Address is link-local": {
endpoints: api.Endpoints{
ObjectMeta: api.ObjectMeta{Name: "mysvc", Namespace: "namespace"},
Subsets: []api.EndpointSubset{
{
Addresses: []api.EndpointAddress{{IP: "169.254.169.254"}},
Ports: []api.EndpointPort{{Name: "p", Port: 93, Protocol: "TCP"}},
},
},
},
errorType: "FieldValueInvalid",
errorDetail: "link-local",
},
Check loopback and link-local multicast endpoints Previously we just disallowed link-local (unicast). This disallows loopback and link-local multicast.
2015-07-04 00:05:15 -04:00
"Address is link-local multicast": {
endpoints: api.Endpoints{
ObjectMeta: api.ObjectMeta{Name: "mysvc", Namespace: "namespace"},
Subsets: []api.EndpointSubset{
{
Addresses: []api.EndpointAddress{{IP: "224.0.0.1"}},
Ports: []api.EndpointPort{{Name: "p", Port: 93, Protocol: "TCP"}},
},
},
},
errorType: "FieldValueInvalid",
errorDetail: "link-local multicast",
},
Add validation for Endpoints
2015-03-20 10:40:20 -04:00
}
for k, v := range errorCases {
Stronger typing for validation ErrorList
2015-11-03 19:08:20 -05:00
if errs := ValidateEndpoints(&v.endpoints); len(errs) == 0 || errs[0].Type != v.errorType || !strings.Contains(errs[0].Detail, v.errorDetail) {
Clean up and document validation strings Also add a detail string for Required and Forbidden. Fix tests.
2015-11-14 15:26:04 -05:00
t.Errorf("[%s] Expected error type %s with detail %q, got %v", k, v.errorType, v.errorDetail, errs)
Add validation for Endpoints
2015-03-20 10:40:20 -04:00
}
}
Implement multi-port endpoints Instead of endpoints being a flat list, it is now a list of "subsets" where each is a struct of {Addresses, Ports}. To generate the list of endpoints you need to take union of the Cartesian products of the subsets. This is compact in the vast majority of cases, yet still represents named ports and corner cases (e.g. each pod has a different port number). This also stores subsets in a deterministic order (sorted by hash) to avoid spurious updates and comparison problems. This is a fully compatible change - old objects and clients will keepworking as long as they don't need the new functionality. This is the prep for multi-port Services, which will add API to produce endpoints in this new structure.
2015-03-20 17:24:43 -04:00
}
Revert "Revert "Security context - types, kubelet, admission""
2015-05-05 19:02:13 -04:00
Basic TLS support.
2016-01-16 19:06:40 -05:00
func TestValidateTLSSecret(t *testing.T) {
successCases := map[string]api.Secret{
"emtpy certificate chain": {
ObjectMeta: api.ObjectMeta{Name: "tls-cert", Namespace: "namespace"},
Data: map[string][]byte{
api.TLSCertKey: []byte("public key"),
api.TLSPrivateKeyKey: []byte("private key"),
},
},
}
for k, v := range successCases {
if errs := ValidateSecret(&v); len(errs) != 0 {
t.Errorf("Expected success for %s, got %v", k, errs)
}
}
errorCases := map[string]struct {
secrets api.Secret
errorType field.ErrorType
errorDetail string
}{
"missing public key": {
secrets: api.Secret{
ObjectMeta: api.ObjectMeta{Name: "tls-cert"},
Data: map[string][]byte{
api.TLSCertKey: []byte("public key"),
},
},
errorType: "FieldValueRequired",
},
"missing private key": {
secrets: api.Secret{
ObjectMeta: api.ObjectMeta{Name: "tls-cert"},
Data: map[string][]byte{
api.TLSCertKey: []byte("public key"),
},
},
errorType: "FieldValueRequired",
},
}
for k, v := range errorCases {
if errs := ValidateSecret(&v.secrets); len(errs) == 0 || errs[0].Type != v.errorType || !strings.Contains(errs[0].Detail, v.errorDetail) {
t.Errorf("[%s] Expected error type %s with detail %q, got %v", k, v.errorType, v.errorDetail, errs)
}
}
}
Revert "Revert "Security context - types, kubelet, admission""
2015-05-05 19:02:13 -04:00
func TestValidateSecurityContext(t *testing.T) {
priv := false
var runAsUser int64 = 1
fullValidSC := func() *api.SecurityContext {
return &api.SecurityContext{
Privileged: &priv,
Capabilities: &api.Capabilities{
rename CapabilityType Capability
2015-05-18 16:37:10 -04:00
Add: []api.Capability{"foo"},
Drop: []api.Capability{"bar"},
Revert "Revert "Security context - types, kubelet, admission""
2015-05-05 19:02:13 -04:00
},
SELinuxOptions: &api.SELinuxOptions{
User: "user",
Role: "role",
Type: "type",
Level: "level",
},
RunAsUser: &runAsUser,
}
}
//setup data
allSettings := fullValidSC()
noCaps := fullValidSC()
noCaps.Capabilities = nil
noSELinux := fullValidSC()
noSELinux.SELinuxOptions = nil
noPrivRequest := fullValidSC()
noPrivRequest.Privileged = nil
noRunAsUser := fullValidSC()
noRunAsUser.RunAsUser = nil
successCases := map[string]struct {
sc *api.SecurityContext
}{
"all settings": {allSettings},
"no capabilities": {noCaps},
"no selinux": {noSELinux},
"no priv request": {noPrivRequest},
"no run as user": {noRunAsUser},
}
for k, v := range successCases {
Move FieldPath and errors to a sub-package This makes the naming and reading a lot simpler.
2015-11-06 18:30:52 -05:00
if errs := ValidateSecurityContext(v.sc, field.NewPath("field")); len(errs) != 0 {
Clean up and document validation strings Also add a detail string for Required and Forbidden. Fix tests.
2015-11-14 15:26:04 -05:00
t.Errorf("[%s] Expected success, got %v", k, errs)
Revert "Revert "Security context - types, kubelet, admission""
2015-05-05 19:02:13 -04:00
}
}
privRequestWithGlobalDeny := fullValidSC()
requestPrivileged := true
privRequestWithGlobalDeny.Privileged = &requestPrivileged
negativeRunAsUser := fullValidSC()
var negativeUser int64 = -1
negativeRunAsUser.RunAsUser = &negativeUser
errorCases := map[string]struct {
sc *api.SecurityContext
Move FieldPath and errors to a sub-package This makes the naming and reading a lot simpler.
2015-11-06 18:30:52 -05:00
errorType field.ErrorType
Revert "Revert "Security context - types, kubelet, admission""
2015-05-05 19:02:13 -04:00
errorDetail string
}{
"request privileged when capabilities forbids": {
sc: privRequestWithGlobalDeny,
errorType: "FieldValueForbidden",
Clean up and document validation strings Also add a detail string for Required and Forbidden. Fix tests.
2015-11-14 15:26:04 -05:00
errorDetail: "disallowed by policy",
Revert "Revert "Security context - types, kubelet, admission""
2015-05-05 19:02:13 -04:00
},
"negative RunAsUser": {
sc: negativeRunAsUser,
errorType: "FieldValueInvalid",
Clean up and document validation strings Also add a detail string for Required and Forbidden. Fix tests.
2015-11-14 15:26:04 -05:00
errorDetail: isNegativeErrorMsg,
Revert "Revert "Security context - types, kubelet, admission""
2015-05-05 19:02:13 -04:00
},
}
for k, v := range errorCases {
audit validation errors to not double-print field names
2015-11-14 11:44:50 -05:00
if errs := ValidateSecurityContext(v.sc, field.NewPath("field")); len(errs) == 0 || errs[0].Type != v.errorType || !strings.Contains(errs[0].Detail, v.errorDetail) {
t.Errorf("[%s] Expected error type %q with detail %q, got %v", k, v.errorType, v.errorDetail, errs)
Revert "Revert "Security context - types, kubelet, admission""
2015-05-05 19:02:13 -04:00
}
}
}
func fakeValidSecurityContext(priv bool) *api.SecurityContext {
return &api.SecurityContext{
Privileged: &priv,
}
}
Support extended pod logging options Increase the supported controls on pod logging. Add validaiton to pod log options. Ensure the Kubelet is using a consistent, structured way to process pod log arguments. Add ?sinceSeconds=<durationInSeconds>, &sinceTime=<RFC3339>, ?timestamps=<bool>, ?tailLines=<number>, and ?limitBytes=<number>
2015-09-09 23:46:11 -04:00
func TestValidPodLogOptions(t *testing.T) {
now := unversioned.Now()
negative := int64(-1)
zero := int64(0)
positive := int64(1)
tests := []struct {
opt api.PodLogOptions
errs int
}{
{api.PodLogOptions{}, 0},
{api.PodLogOptions{Previous: true}, 0},
{api.PodLogOptions{Follow: true}, 0},
{api.PodLogOptions{TailLines: &zero}, 0},
{api.PodLogOptions{TailLines: &negative}, 1},
{api.PodLogOptions{TailLines: &positive}, 0},
{api.PodLogOptions{LimitBytes: &zero}, 1},
{api.PodLogOptions{LimitBytes: &negative}, 1},
{api.PodLogOptions{LimitBytes: &positive}, 0},
{api.PodLogOptions{SinceSeconds: &negative}, 1},
{api.PodLogOptions{SinceSeconds: &positive}, 0},
{api.PodLogOptions{SinceSeconds: &zero}, 1},
{api.PodLogOptions{SinceTime: &now}, 0},
}
for i, test := range tests {
errs := ValidatePodLogOptions(&test.opt)
if test.errs != len(errs) {
t.Errorf("%d: Unexpected errors: %v", i, errs)
}
}
}
Move ConfigMap to main API
2016-01-15 11:48:36 -05:00
func TestValidateConfigMap(t *testing.T) {
newConfigMap := func(name, namespace string, data map[string]string) api.ConfigMap {
return api.ConfigMap{
ObjectMeta: api.ObjectMeta{
Name: name,
Namespace: namespace,
},
Data: data,
}
}
var (
validConfigMap = newConfigMap("validname", "validns", map[string]string{"key": "value"})
maxKeyLength = newConfigMap("validname", "validns", map[string]string{strings.Repeat("a", 253): "value"})
emptyName = newConfigMap("", "validns", nil)
invalidName = newConfigMap("NoUppercaseOrSpecialCharsLike=Equals", "validns", nil)
emptyNs = newConfigMap("validname", "", nil)
invalidNs = newConfigMap("validname", "NoUppercaseOrSpecialCharsLike=Equals", nil)
Allows Secret & ConfigMap Keys to look like Environment Variables This makes environment variable style keys (uppercase with underscores) valid in Secrets and ConfigMap.
2016-05-11 01:59:59 -04:00
invalidKey = newConfigMap("validname", "validns", map[string]string{"a*b": "value"})
Move ConfigMap to main API
2016-01-15 11:48:36 -05:00
leadingDotKey = newConfigMap("validname", "validns", map[string]string{".ab": "value"})
dotKey = newConfigMap("validname", "validns", map[string]string{".": "value"})
doubleDotKey = newConfigMap("validname", "validns", map[string]string{"..": "value"})
overMaxKeyLength = newConfigMap("validname", "validns", map[string]string{strings.Repeat("a", 254): "value"})
Add size limit for ConfigMap
2016-01-20 23:14:37 -05:00
overMaxSize = newConfigMap("validname", "validns", map[string]string{"key": strings.Repeat("a", api.MaxSecretSize+1)})
Move ConfigMap to main API
2016-01-15 11:48:36 -05:00
)
tests := map[string]struct {
cfg api.ConfigMap
isValid bool
}{
"valid": {validConfigMap, true},
"max key length": {maxKeyLength, true},
"leading dot key": {leadingDotKey, true},
"empty name": {emptyName, false},
"invalid name": {invalidName, false},
"invalid key": {invalidKey, false},
"empty namespace": {emptyNs, false},
"invalid namespace": {invalidNs, false},
"dot key": {dotKey, false},
"double dot key": {doubleDotKey, false},
"over max key length": {overMaxKeyLength, false},
Add size limit for ConfigMap
2016-01-20 23:14:37 -05:00
"over max size": {overMaxSize, false},
Move ConfigMap to main API
2016-01-15 11:48:36 -05:00
}
for name, tc := range tests {
errs := ValidateConfigMap(&tc.cfg)
if tc.isValid && len(errs) > 0 {
t.Errorf("%v: unexpected error: %v", name, errs)
}
if !tc.isValid && len(errs) == 0 {
t.Errorf("%v: unexpected non-error", name)
}
}
}
func TestValidateConfigMapUpdate(t *testing.T) {
newConfigMap := func(version, name, namespace string, data map[string]string) api.ConfigMap {
return api.ConfigMap{
ObjectMeta: api.ObjectMeta{
Name: name,
Namespace: namespace,
ResourceVersion: version,
},
Data: data,
}
}
var (
validConfigMap = newConfigMap("1", "validname", "validns", map[string]string{"key": "value"})
noVersion = newConfigMap("", "validname", "validns", map[string]string{"key": "value"})
)
cases := []struct {
name string
newCfg api.ConfigMap
oldCfg api.ConfigMap
isValid bool
}{
{
name: "valid",
newCfg: validConfigMap,
oldCfg: validConfigMap,
isValid: true,
},
{
name: "invalid",
newCfg: noVersion,
oldCfg: validConfigMap,
isValid: false,
},
}
for _, tc := range cases {
errs := ValidateConfigMapUpdate(&tc.newCfg, &tc.oldCfg)
if tc.isValid && len(errs) > 0 {
t.Errorf("%v: unexpected error: %v", tc.name, errs)
}
if !tc.isValid && len(errs) == 0 {
t.Errorf("%v: unexpected non-error", tc.name)
}
}
}
Add a validation helper function. I will use this in a subsequent PR as part of #12298
2016-02-12 17:38:22 -05:00
func TestValidateHasLabel(t *testing.T) {
successCase := api.ObjectMeta{
Name: "123",
Namespace: "ns",
Labels: map[string]string{
"other": "blah",
"foo": "bar",
},
}
if errs := ValidateHasLabel(successCase, field.NewPath("field"), "foo", "bar"); len(errs) != 0 {
t.Errorf("expected success: %v", errs)
}
missingCase := api.ObjectMeta{
Name: "123",
Namespace: "ns",
Labels: map[string]string{
"other": "blah",
},
}
if errs := ValidateHasLabel(missingCase, field.NewPath("field"), "foo", "bar"); len(errs) == 0 {
t.Errorf("expected failure")
}
wrongValueCase := api.ObjectMeta{
Name: "123",
Namespace: "ns",
Labels: map[string]string{
"other": "blah",
"foo": "notbar",
},
}
if errs := ValidateHasLabel(wrongValueCase, field.NewPath("field"), "foo", "bar"); len(errs) == 0 {
t.Errorf("expected failure")
}
}
Add sysctl api, validation & Docker support
2016-06-14 09:09:53 -04:00
func TestIsValidSysctlName(t *testing.T) {
valid := []string{
"a.b.c.d",
"a",
"a_b",
"a-b",
"abc",
"abc.def",
}
invalid := []string{
"",
"*",
"ä",
"a_",
"_",
"__",
"_a",
"_a._b",
"-",
".",
"a.",
".a",
"a.b.",
"a*.b",
"a*b",
"*a",
"a.*",
"*",
"abc*",
"a.abc*",
"a.b.*",
"Abc",
func(n int) string {
x := make([]byte, n)
for i := range x {
x[i] = byte('a')
}
return string(x)
}(256),
}
for _, s := range valid {
if !IsValidSysctlName(s) {
t.Errorf("%q expected to be a valid sysctl name", s)
}
}
for _, s := range invalid {
if IsValidSysctlName(s) {
t.Errorf("%q expected to be an invalid sysctl name", s)
}
}
}
func TestValidateSysctls(t *testing.T) {
valid := []string{
"net.foo.bar",
"kernel.shmmax",
}
invalid := []string{
"i..nvalid",
"_invalid",
}
sysctls := make([]api.Sysctl, len(valid))
for i, sysctl := range valid {
sysctls[i].Name = sysctl
}
errs := validateSysctls(sysctls, field.NewPath("foo"))
if len(errs) != 0 {
t.Errorf("unexpected validation errors: %v", errs)
}
sysctls = make([]api.Sysctl, len(invalid))
for i, sysctl := range invalid {
sysctls[i].Name = sysctl
}
errs = validateSysctls(sysctls, field.NewPath("foo"))
if len(errs) != 2 {
t.Errorf("expected 2 validation errors. Got: %v", errs)
} else {
if got, expected := errs[0].Error(), "foo"; !strings.Contains(got, expected) {
t.Errorf("unexpected errors: expected=%q, got=%q", expected, got)
}
if got, expected := errs[1].Error(), "foo"; !strings.Contains(got, expected) {
t.Errorf("unexpected errors: expected=%q, got=%q", expected, got)
}
}
}
Enforce EndpointAddress.NodeName validation + added unit tests
2016-08-24 12:57:38 -04:00
func newNodeNameEndpoint(nodeName string) *api.Endpoints {
ep := &api.Endpoints{
ObjectMeta: api.ObjectMeta{
Name: "foo",
Namespace: api.NamespaceDefault,
ResourceVersion: "1",
},
Subsets: []api.EndpointSubset{
{
NotReadyAddresses: []api.EndpointAddress{},
Ports: []api.EndpointPort{{Name: "https", Port: 443, Protocol: "TCP"}},
Addresses: []api.EndpointAddress{
{
IP: "8.8.8.8",
Hostname: "zookeeper1",
NodeName: &nodeName}}}}}
return ep
}
func TestEndpointAddressNodeNameUpdateRestrictions(t *testing.T) {
oldEndpoint := newNodeNameEndpoint("kubernetes-minion-setup-by-backend")
updatedEndpoint := newNodeNameEndpoint("kubernetes-changed-nodename")
// Check that NodeName cannot be changed during update (if already set)
errList := ValidateEndpoints(updatedEndpoint)
errList = append(errList, ValidateEndpointsUpdate(updatedEndpoint, oldEndpoint)...)
if len(errList) == 0 {
t.Error("Endpoint should not allow changing of Subset.Addresses.NodeName on update")
}
}
Allow IP addresses to be used as node names Fixes #32050
2016-09-04 19:23:03 -04:00
func TestEndpointAddressNodeNameInvalidDNSSubdomain(t *testing.T) {
Enforce EndpointAddress.NodeName validation + added unit tests
2016-08-24 12:57:38 -04:00
// Check NodeName DNS validation
Allow IP addresses to be used as node names Fixes #32050
2016-09-04 19:23:03 -04:00
endpoint := newNodeNameEndpoint("illegal*.nodename")
Enforce EndpointAddress.NodeName validation + added unit tests
2016-08-24 12:57:38 -04:00
errList := ValidateEndpoints(endpoint)
if len(errList) == 0 {
t.Error("Endpoint should reject invalid NodeName")
}
}
Allow IP addresses to be used as node names Fixes #32050
2016-09-04 19:23:03 -04:00
func TestEndpointAddressNodeNameCanBeAnIPAddress(t *testing.T) {
endpoint := newNodeNameEndpoint("10.10.1.1")
errList := ValidateEndpoints(endpoint)
if len(errList) != 0 {
t.Error("Endpoint should accept a NodeName that is an IP address")
}
}
Reference in a new issue Copy permalink