upstream/kubernetes
1
0
Fork 0
mirror of https://github.com/kubernetes/kubernetes.git synced 2026-04-21 14:18:21 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
kubernetes/pkg/api/validation/validation_test.go

10704 lines
309 KiB
Go
Raw Normal View History

First piece of validation I'm adding pieces incrementally to make sure we get full testing of each piece. Make syncLoop() private
2014-07-01 16:01:39 -04:00
/*
Remove "All rights reserved" from all the headers.
2016-06-02 20:25:58 -04:00
Copyright 2014 The Kubernetes Authors.
First piece of validation I'm adding pieces incrementally to make sure we get full testing of each piece. Make syncLoop() private
2014-07-01 16:01:39 -04:00
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
Split api into api, api/common, api/validation & apitools
2014-08-29 18:48:41 -04:00
package validation
First piece of validation I'm adding pieces incrementally to make sure we get full testing of each piece. Make syncLoop() private
2014-07-01 16:01:39 -04:00
import (
Active deadline seconds validation improvements
2017-05-30 14:57:06 -04:00
"math"
Add liveness/readiness probe parameters - PeriodSeconds - How often to probe - SuccessThreshold - Number of successful probes to go from failure to success state - FailureThreshold - Number of failing probes to go from success to failure state This commit includes to changes in behavior: 1. InitialDelaySeconds now defaults to 10 seconds, rather than the kubelet sync interval (although that also defaults to 10 seconds). 2. Prober only retries on probe error, not failure. To compensate, the default FailureThreshold is set to the maxRetries, 3.
2015-11-05 18:38:46 -05:00
"reflect"
First piece of validation I'm adding pieces incrementally to make sure we get full testing of each piece. Make syncLoop() private
2014-07-01 16:01:39 -04:00
"strings"
"testing"
Add basic validation of Containers
2014-07-01 18:14:25 -04:00
run hack/update-all
2017-06-22 14:24:23 -04:00
"k8s.io/api/core/v1"
pkg/api/resource: move to apimachinery
2017-01-25 08:13:07 -05:00
"k8s.io/apimachinery/pkg/api/resource"
start the apimachinery repo
2017-01-11 09:09:48 -05:00
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
move util/intstr to apimachinery
2017-01-27 15:42:17 -05:00
"k8s.io/apimachinery/pkg/util/intstr"
start the apimachinery repo
2017-01-11 09:09:48 -05:00
"k8s.io/apimachinery/pkg/util/sets"
FC plugin: Support WWID for volume identifier This PR adds World Wide Identifier (WWID) parameter to FCVolumeSource as an unique volume identifier. fixes #48639
2017-07-10 19:51:24 -04:00
"k8s.io/apimachinery/pkg/util/validation"
start the apimachinery repo
2017-01-11 09:09:48 -05:00
"k8s.io/apimachinery/pkg/util/validation/field"
Add unit tests when the feature AffinityInAnnotations is disabled.
2017-04-13 15:03:30 -04:00
utilfeature "k8s.io/apiserver/pkg/util/feature"
rewrite go imports
2015-08-05 18:03:47 -04:00
"k8s.io/kubernetes/pkg/api"
move helpers.go to helper
2017-04-10 13:49:54 -04:00
"k8s.io/kubernetes/pkg/api/helper"
Remove kubectl's dependence on schema file in pkg/api/validation. **What this PR does / why we need it**: Makes functions in validation/schema.go private to kubectl, further isolating kubectl. **Which issue this PR fixes** Part of a series of PRs to address kubernetes/community#598 **Release note**: ```release-note NONE ```
2017-05-23 13:29:19 -04:00
_ "k8s.io/kubernetes/pkg/api/testapi"
rewrite go imports
2015-08-05 18:03:47 -04:00
"k8s.io/kubernetes/pkg/capabilities"
Validate AppArmor annotations in the API server
2016-08-16 19:41:05 -04:00
"k8s.io/kubernetes/pkg/security/apparmor"
First piece of validation I'm adding pieces incrementally to make sure we get full testing of each piece. Make syncLoop() private
2014-07-01 16:01:39 -04:00
)
Improve error message for name/label validation. This patch added user readable naming rules to the output of the error messages for name/label validation.
2016-12-01 23:32:41 -05:00
const (
Don't blame DNS spec on Kubernetes requirement for lower-case DNS labels.
2017-01-13 08:40:19 -05:00
dnsLabelErrMsg = "a DNS-1123 label must consist of"
dnsSubdomainLabelErrMsg = "a DNS-1123 subdomain"
Relax restrictions on environment variable names. The POSIX standard restricts environment variable names to uppercase letters, digits, and the underscore character in shell contexts only. For generic application usage, it is stated that all other characters shall be tolerated. This change relaxes the rules to some degree. Namely, we stop requiring environment variable names to be strict C_IDENTIFIERS and start permitting lowercase, dot, and dash characters. Public container images using environment variable names beyond the shell-only context can benefit from this relaxation. Elasticsearch is one popular example.
2017-06-17 18:34:22 -04:00
envVarNameErrMsg = "a valid environment variable name must consist of"
Improve error message for name/label validation. This patch added user readable naming rules to the output of the error messages for name/label validation.
2016-12-01 23:32:41 -05:00
)
implement proposal 34058: hostPath volume type
2017-06-07 01:10:09 -04:00
func newHostPathType(pathType string) *api.HostPathType {
hostPathType := new(api.HostPathType)
*hostPathType = api.HostPathType(pathType)
return hostPathType
}
PersistentVolume & PersistentVolumeClaim API types
2015-03-23 14:18:11 -04:00
func testVolume(name string, namespace string, spec api.PersistentVolumeSpec) *api.PersistentVolume {
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
objMeta := metav1.ObjectMeta{Name: name}
PersistentVolume & PersistentVolumeClaim API types
2015-03-23 14:18:11 -04:00
if namespace != "" {
objMeta.Namespace = namespace
}
return &api.PersistentVolume{
ObjectMeta: objMeta,
Spec: spec,
}
}
API changes for persistent local volumes. Includes: - A new volume type, LocalVolumeSource. This only supports file-based local volumes for now. - New alpha annotation in PV: NodeAffinity - Validation + tests for specifying LocalVolumeSource and PV NodeAffinity - Alpha feature gate
2017-04-18 01:24:24 -04:00
func testVolumeWithNodeAffinity(t *testing.T, name string, namespace string, affinity *api.NodeAffinity, spec api.PersistentVolumeSpec) *api.PersistentVolume {
objMeta := metav1.ObjectMeta{Name: name}
if namespace != "" {
objMeta.Namespace = namespace
}
objMeta.Annotations = map[string]string{}
err := helper.StorageNodeAffinityToAlphaAnnotation(objMeta.Annotations, affinity)
if err != nil {
t.Fatalf("Failed to get node affinity annotation: %v", err)
}
return &api.PersistentVolume{
ObjectMeta: objMeta,
Spec: spec,
}
}
PersistentVolume & PersistentVolumeClaim API types
2015-03-23 14:18:11 -04:00
func TestValidatePersistentVolumes(t *testing.T) {
scenarios := map[string]struct {
isExpectedFailure bool
volume *api.PersistentVolume
}{
"good-volume": {
isExpectedFailure: false,
volume: testVolume("foo", "", api.PersistentVolumeSpec{
Capacity: api.ResourceList{
api.ResourceName(api.ResourceStorage): resource.MustParse("10G"),
},
Rename AccessMode to PersistentVolumeAccessMode
2015-05-18 16:22:30 -04:00
AccessModes: []api.PersistentVolumeAccessMode{api.ReadWriteOnce},
PersistentVolume & PersistentVolumeClaim API types
2015-03-23 14:18:11 -04:00
PersistentVolumeSource: api.PersistentVolumeSource{
implement proposal 34058: hostPath volume type
2017-06-07 01:10:09 -04:00
HostPath: &api.HostPathVolumeSource{
Path: "/foo",
Type: newHostPathType(string(api.HostPathDirectory)),
},
PersistentVolume & PersistentVolumeClaim API types
2015-03-23 14:18:11 -04:00
},
Add StorageClassName validation
2017-03-02 04:23:57 -05:00
StorageClassName: "valid",
PersistentVolume & PersistentVolumeClaim API types
2015-03-23 14:18:11 -04:00
}),
},
Add unit test for bad ReclaimPolicy and valid ReclaimPolicy in /pkg/api/validation_test.go
2016-09-01 15:12:13 -04:00
"good-volume-with-retain-policy": {
isExpectedFailure: false,
volume: testVolume("foo", "", api.PersistentVolumeSpec{
Capacity: api.ResourceList{
api.ResourceName(api.ResourceStorage): resource.MustParse("10G"),
},
AccessModes: []api.PersistentVolumeAccessMode{api.ReadWriteOnce},
PersistentVolumeSource: api.PersistentVolumeSource{
implement proposal 34058: hostPath volume type
2017-06-07 01:10:09 -04:00
HostPath: &api.HostPathVolumeSource{
Path: "/foo",
Type: newHostPathType(string(api.HostPathDirectory)),
},
Add unit test for bad ReclaimPolicy and valid ReclaimPolicy in /pkg/api/validation_test.go
2016-09-01 15:12:13 -04:00
},
PersistentVolumeReclaimPolicy: api.PersistentVolumeReclaimRetain,
}),
},
added validation for AccessModes
2015-07-24 15:55:54 -04:00
"invalid-accessmode": {
isExpectedFailure: true,
volume: testVolume("foo", "", api.PersistentVolumeSpec{
Capacity: api.ResourceList{
api.ResourceName(api.ResourceStorage): resource.MustParse("10G"),
},
AccessModes: []api.PersistentVolumeAccessMode{"fakemode"},
PersistentVolumeSource: api.PersistentVolumeSource{
implement proposal 34058: hostPath volume type
2017-06-07 01:10:09 -04:00
HostPath: &api.HostPathVolumeSource{
Path: "/foo",
Type: newHostPathType(string(api.HostPathDirectory)),
},
added validation for AccessModes
2015-07-24 15:55:54 -04:00
},
}),
},
Add unit test for bad ReclaimPolicy and valid ReclaimPolicy in /pkg/api/validation_test.go
2016-09-01 15:12:13 -04:00
"invalid-reclaimpolicy": {
isExpectedFailure: true,
volume: testVolume("foo", "", api.PersistentVolumeSpec{
Capacity: api.ResourceList{
api.ResourceName(api.ResourceStorage): resource.MustParse("10G"),
},
AccessModes: []api.PersistentVolumeAccessMode{api.ReadWriteOnce},
PersistentVolumeSource: api.PersistentVolumeSource{
implement proposal 34058: hostPath volume type
2017-06-07 01:10:09 -04:00
HostPath: &api.HostPathVolumeSource{
Path: "/foo",
Type: newHostPathType(string(api.HostPathDirectory)),
},
Add unit test for bad ReclaimPolicy and valid ReclaimPolicy in /pkg/api/validation_test.go
2016-09-01 15:12:13 -04:00
},
PersistentVolumeReclaimPolicy: "fakeReclaimPolicy",
}),
},
PersistentVolume & PersistentVolumeClaim API types
2015-03-23 14:18:11 -04:00
"unexpected-namespace": {
isExpectedFailure: true,
volume: testVolume("foo", "unexpected-namespace", api.PersistentVolumeSpec{
Capacity: api.ResourceList{
api.ResourceName(api.ResourceStorage): resource.MustParse("10G"),
},
Rename AccessMode to PersistentVolumeAccessMode
2015-05-18 16:22:30 -04:00
AccessModes: []api.PersistentVolumeAccessMode{api.ReadWriteOnce},
PersistentVolume & PersistentVolumeClaim API types
2015-03-23 14:18:11 -04:00
PersistentVolumeSource: api.PersistentVolumeSource{
implement proposal 34058: hostPath volume type
2017-06-07 01:10:09 -04:00
HostPath: &api.HostPathVolumeSource{
Path: "/foo",
Type: newHostPathType(string(api.HostPathDirectory)),
},
PersistentVolume & PersistentVolumeClaim API types
2015-03-23 14:18:11 -04:00
},
}),
},
"bad-name": {
isExpectedFailure: true,
volume: testVolume("123*Bad(Name", "unexpected-namespace", api.PersistentVolumeSpec{
Capacity: api.ResourceList{
api.ResourceName(api.ResourceStorage): resource.MustParse("10G"),
},
Rename AccessMode to PersistentVolumeAccessMode
2015-05-18 16:22:30 -04:00
AccessModes: []api.PersistentVolumeAccessMode{api.ReadWriteOnce},
PersistentVolume & PersistentVolumeClaim API types
2015-03-23 14:18:11 -04:00
PersistentVolumeSource: api.PersistentVolumeSource{
implement proposal 34058: hostPath volume type
2017-06-07 01:10:09 -04:00
HostPath: &api.HostPathVolumeSource{
Path: "/foo",
Type: newHostPathType(string(api.HostPathDirectory)),
},
PersistentVolume & PersistentVolumeClaim API types
2015-03-23 14:18:11 -04:00
},
Bi-directional bind between pv.Spec.ClaimRef and pvc.Spec.VolumeName
2015-05-12 20:44:29 -04:00
}),
PersistentVolume & PersistentVolumeClaim API types
2015-03-23 14:18:11 -04:00
},
"missing-name": {
isExpectedFailure: true,
volume: testVolume("", "", api.PersistentVolumeSpec{
Capacity: api.ResourceList{
api.ResourceName(api.ResourceStorage): resource.MustParse("10G"),
},
Rename AccessMode to PersistentVolumeAccessMode
2015-05-18 16:22:30 -04:00
AccessModes: []api.PersistentVolumeAccessMode{api.ReadWriteOnce},
PersistentVolume & PersistentVolumeClaim API types
2015-03-23 14:18:11 -04:00
}),
},
"missing-capacity": {
isExpectedFailure: true,
volume: testVolume("foo", "", api.PersistentVolumeSpec{}),
},
Bi-directional bind between pv.Spec.ClaimRef and pvc.Spec.VolumeName
2015-05-12 20:44:29 -04:00
"missing-accessmodes": {
isExpectedFailure: true,
volume: testVolume("goodname", "missing-accessmodes", api.PersistentVolumeSpec{
Capacity: api.ResourceList{
api.ResourceName(api.ResourceStorage): resource.MustParse("10G"),
},
PersistentVolumeSource: api.PersistentVolumeSource{
implement proposal 34058: hostPath volume type
2017-06-07 01:10:09 -04:00
HostPath: &api.HostPathVolumeSource{
Path: "/foo",
Type: newHostPathType(string(api.HostPathDirectory)),
},
Bi-directional bind between pv.Spec.ClaimRef and pvc.Spec.VolumeName
2015-05-12 20:44:29 -04:00
},
}),
},
PersistentVolume & PersistentVolumeClaim API types
2015-03-23 14:18:11 -04:00
"too-many-sources": {
isExpectedFailure: true,
volume: testVolume("", "", api.PersistentVolumeSpec{
Capacity: api.ResourceList{
api.ResourceName(api.ResourceStorage): resource.MustParse("5G"),
},
PersistentVolumeSource: api.PersistentVolumeSource{
implement proposal 34058: hostPath volume type
2017-06-07 01:10:09 -04:00
HostPath: &api.HostPathVolumeSource{
Path: "/foo",
Type: newHostPathType(string(api.HostPathDirectory)),
},
PersistentVolume & PersistentVolumeClaim API types
2015-03-23 14:18:11 -04:00
GCEPersistentDisk: &api.GCEPersistentDiskVolumeSource{PDName: "foo", FSType: "ext4"},
},
}),
},
Add validation preventing recycle of / in a hostPath PV
2016-08-22 14:45:46 -04:00
"host mount of / with recycle reclaim policy": {
isExpectedFailure: true,
volume: testVolume("bad-recycle-do-not-want", "", api.PersistentVolumeSpec{
Capacity: api.ResourceList{
api.ResourceName(api.ResourceStorage): resource.MustParse("10G"),
},
AccessModes: []api.PersistentVolumeAccessMode{api.ReadWriteOnce},
PersistentVolumeSource: api.PersistentVolumeSource{
implement proposal 34058: hostPath volume type
2017-06-07 01:10:09 -04:00
HostPath: &api.HostPathVolumeSource{
Path: "/",
Type: newHostPathType(string(api.HostPathDirectory)),
},
Add validation preventing recycle of / in a hostPath PV
2016-08-22 14:45:46 -04:00
},
PersistentVolumeReclaimPolicy: api.PersistentVolumeReclaimRecycle,
}),
},
"host mount of / with recycle reclaim policy 2": {
isExpectedFailure: true,
volume: testVolume("bad-recycle-do-not-want", "", api.PersistentVolumeSpec{
Capacity: api.ResourceList{
api.ResourceName(api.ResourceStorage): resource.MustParse("10G"),
},
AccessModes: []api.PersistentVolumeAccessMode{api.ReadWriteOnce},
PersistentVolumeSource: api.PersistentVolumeSource{
implement proposal 34058: hostPath volume type
2017-06-07 01:10:09 -04:00
HostPath: &api.HostPathVolumeSource{
Path: "/a/..",
Type: newHostPathType(string(api.HostPathDirectory)),
},
Add validation preventing recycle of / in a hostPath PV
2016-08-22 14:45:46 -04:00
},
PersistentVolumeReclaimPolicy: api.PersistentVolumeReclaimRecycle,
}),
},
Add StorageClassName validation
2017-03-02 04:23:57 -05:00
"invalid-storage-class-name": {
isExpectedFailure: true,
volume: testVolume("invalid-storage-class-name", "", api.PersistentVolumeSpec{
Capacity: api.ResourceList{
api.ResourceName(api.ResourceStorage): resource.MustParse("10G"),
},
AccessModes: []api.PersistentVolumeAccessMode{api.ReadWriteOnce},
PersistentVolumeSource: api.PersistentVolumeSource{
implement proposal 34058: hostPath volume type
2017-06-07 01:10:09 -04:00
HostPath: &api.HostPathVolumeSource{
Path: "/foo",
Type: newHostPathType(string(api.HostPathDirectory)),
},
Add StorageClassName validation
2017-03-02 04:23:57 -05:00
},
StorageClassName: "-invalid-",
}),
},
API changes for persistent local volumes. Includes: - A new volume type, LocalVolumeSource. This only supports file-based local volumes for now. - New alpha annotation in PV: NodeAffinity - Validation + tests for specifying LocalVolumeSource and PV NodeAffinity - Alpha feature gate
2017-04-18 01:24:24 -04:00
// LocalVolume alpha feature disabled
// TODO: remove when no longer alpha
"alpha disabled valid local volume": {
isExpectedFailure: true,
volume: testVolumeWithNodeAffinity(
t,
"valid-local-volume",
"",
&api.NodeAffinity{
RequiredDuringSchedulingIgnoredDuringExecution: &api.NodeSelector{
NodeSelectorTerms: []api.NodeSelectorTerm{
{
MatchExpressions: []api.NodeSelectorRequirement{
{
Key: "test-label-key",
Operator: api.NodeSelectorOpIn,
Values: []string{"test-label-value"},
},
},
},
},
},
},
api.PersistentVolumeSpec{
Capacity: api.ResourceList{
api.ResourceName(api.ResourceStorage): resource.MustParse("10G"),
},
AccessModes: []api.PersistentVolumeAccessMode{api.ReadWriteOnce},
PersistentVolumeSource: api.PersistentVolumeSource{
Local: &api.LocalVolumeSource{
Path: "/foo",
},
},
StorageClassName: "test-storage-class",
}),
},
do not allow backsteps in host volume plugin Fixes #47107
2017-06-10 09:48:42 -04:00
"bad-hostpath-volume-backsteps": {
isExpectedFailure: true,
volume: testVolume("foo", "", api.PersistentVolumeSpec{
Capacity: api.ResourceList{
api.ResourceName(api.ResourceStorage): resource.MustParse("10G"),
},
AccessModes: []api.PersistentVolumeAccessMode{api.ReadWriteOnce},
PersistentVolumeSource: api.PersistentVolumeSource{
implement proposal 34058: hostPath volume type
2017-06-07 01:10:09 -04:00
HostPath: &api.HostPathVolumeSource{
Path: "/foo/..",
Type: newHostPathType(string(api.HostPathDirectory)),
},
do not allow backsteps in host volume plugin Fixes #47107
2017-06-10 09:48:42 -04:00
},
StorageClassName: "backstep-hostpath",
}),
},
not allow backsteps in local volume plugin
2017-06-17 00:57:01 -04:00
"bad-local-volume-backsteps": {
isExpectedFailure: true,
volume: testVolume("foo", "", api.PersistentVolumeSpec{
Capacity: api.ResourceList{
api.ResourceName(api.ResourceStorage): resource.MustParse("10G"),
},
AccessModes: []api.PersistentVolumeAccessMode{api.ReadWriteOnce},
PersistentVolumeSource: api.PersistentVolumeSource{
Local: &api.LocalVolumeSource{
Path: "/foo/..",
},
},
StorageClassName: "backstep-local",
}),
},
PersistentVolume & PersistentVolumeClaim API types
2015-03-23 14:18:11 -04:00
}
for name, scenario := range scenarios {
errs := ValidatePersistentVolume(scenario.volume)
if len(errs) == 0 && scenario.isExpectedFailure {
t.Errorf("Unexpected success for scenario: %s", name)
}
if len(errs) > 0 && !scenario.isExpectedFailure {
t.Errorf("Unexpected failure for scenario: %s - %+v", name, errs)
}
}
}
API changes for persistent local volumes. Includes: - A new volume type, LocalVolumeSource. This only supports file-based local volumes for now. - New alpha annotation in PV: NodeAffinity - Validation + tests for specifying LocalVolumeSource and PV NodeAffinity - Alpha feature gate
2017-04-18 01:24:24 -04:00
func TestValidateLocalVolumes(t *testing.T) {
scenarios := map[string]struct {
isExpectedFailure bool
volume *api.PersistentVolume
}{
"valid local volume": {
isExpectedFailure: false,
volume: testVolumeWithNodeAffinity(
t,
"valid-local-volume",
"",
&api.NodeAffinity{
RequiredDuringSchedulingIgnoredDuringExecution: &api.NodeSelector{
NodeSelectorTerms: []api.NodeSelectorTerm{
{
MatchExpressions: []api.NodeSelectorRequirement{
{
Key: "test-label-key",
Operator: api.NodeSelectorOpIn,
Values: []string{"test-label-value"},
},
},
},
},
},
},
api.PersistentVolumeSpec{
Capacity: api.ResourceList{
api.ResourceName(api.ResourceStorage): resource.MustParse("10G"),
},
AccessModes: []api.PersistentVolumeAccessMode{api.ReadWriteOnce},
PersistentVolumeSource: api.PersistentVolumeSource{
Local: &api.LocalVolumeSource{
Path: "/foo",
},
},
StorageClassName: "test-storage-class",
}),
},
"invalid local volume nil annotations": {
isExpectedFailure: true,
volume: testVolume(
"invalid-local-volume-nil-annotations",
"",
api.PersistentVolumeSpec{
Capacity: api.ResourceList{
api.ResourceName(api.ResourceStorage): resource.MustParse("10G"),
},
AccessModes: []api.PersistentVolumeAccessMode{api.ReadWriteOnce},
PersistentVolumeSource: api.PersistentVolumeSource{
Local: &api.LocalVolumeSource{
Path: "/foo",
},
},
StorageClassName: "test-storage-class",
}),
},
"invalid local volume empty affinity": {
isExpectedFailure: true,
volume: testVolumeWithNodeAffinity(
t,
"invalid-local-volume-empty-affinity",
"",
&api.NodeAffinity{},
api.PersistentVolumeSpec{
Capacity: api.ResourceList{
api.ResourceName(api.ResourceStorage): resource.MustParse("10G"),
},
AccessModes: []api.PersistentVolumeAccessMode{api.ReadWriteOnce},
PersistentVolumeSource: api.PersistentVolumeSource{
Local: &api.LocalVolumeSource{
Path: "/foo",
},
},
StorageClassName: "test-storage-class",
}),
},
"invalid local volume preferred affinity": {
isExpectedFailure: true,
volume: testVolumeWithNodeAffinity(
t,
"invalid-local-volume-preferred-affinity",
"",
&api.NodeAffinity{
RequiredDuringSchedulingIgnoredDuringExecution: &api.NodeSelector{
NodeSelectorTerms: []api.NodeSelectorTerm{
{
MatchExpressions: []api.NodeSelectorRequirement{
{
Key: "test-label-key",
Operator: api.NodeSelectorOpIn,
Values: []string{"test-label-value"},
},
},
},
},
},
PreferredDuringSchedulingIgnoredDuringExecution: []api.PreferredSchedulingTerm{
{
Weight: 10,
Preference: api.NodeSelectorTerm{
MatchExpressions: []api.NodeSelectorRequirement{
{
Key: "test-label-key",
Operator: api.NodeSelectorOpIn,
Values: []string{"test-label-value"},
},
},
},
},
},
},
api.PersistentVolumeSpec{
Capacity: api.ResourceList{
api.ResourceName(api.ResourceStorage): resource.MustParse("10G"),
},
AccessModes: []api.PersistentVolumeAccessMode{api.ReadWriteOnce},
PersistentVolumeSource: api.PersistentVolumeSource{
Local: &api.LocalVolumeSource{
Path: "/foo",
},
},
StorageClassName: "test-storage-class",
}),
},
"invalid local volume empty path": {
isExpectedFailure: true,
volume: testVolumeWithNodeAffinity(
t,
"invalid-local-volume-empty-path",
"",
&api.NodeAffinity{
RequiredDuringSchedulingIgnoredDuringExecution: &api.NodeSelector{
NodeSelectorTerms: []api.NodeSelectorTerm{
{
MatchExpressions: []api.NodeSelectorRequirement{
{
Key: "test-label-key",
Operator: api.NodeSelectorOpIn,
Values: []string{"test-label-value"},
},
},
},
},
},
},
api.PersistentVolumeSpec{
Capacity: api.ResourceList{
api.ResourceName(api.ResourceStorage): resource.MustParse("10G"),
},
AccessModes: []api.PersistentVolumeAccessMode{api.ReadWriteOnce},
PersistentVolumeSource: api.PersistentVolumeSource{
Local: &api.LocalVolumeSource{},
},
StorageClassName: "test-storage-class",
}),
},
}
err := utilfeature.DefaultFeatureGate.Set("PersistentLocalVolumes=true")
if err != nil {
t.Errorf("Failed to enable feature gate for LocalPersistentVolumes: %v", err)
return
}
for name, scenario := range scenarios {
errs := ValidatePersistentVolume(scenario.volume)
if len(errs) == 0 && scenario.isExpectedFailure {
t.Errorf("Unexpected success for scenario: %s", name)
}
if len(errs) > 0 && !scenario.isExpectedFailure {
t.Errorf("Unexpected failure for scenario: %s - %+v", name, errs)
}
}
}
PersistentVolume & PersistentVolumeClaim API types
2015-03-23 14:18:11 -04:00
func testVolumeClaim(name string, namespace string, spec api.PersistentVolumeClaimSpec) *api.PersistentVolumeClaim {
return &api.PersistentVolumeClaim{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{Name: name, Namespace: namespace},
PersistentVolume & PersistentVolumeClaim API types
2015-03-23 14:18:11 -04:00
Spec: spec,
}
}
Make pvc storage class annotation immutable after create
2016-11-04 14:06:34 -04:00
func testVolumeClaimStorageClass(name string, namespace string, annval string, spec api.PersistentVolumeClaimSpec) *api.PersistentVolumeClaim {
annotations := map[string]string{
Move PV/PVC annotations to PV/PVC types. They aren't part of storage.k8s.io/v1 or v1beta1 API. Also move associated *GetClass functions.
2017-03-02 04:23:55 -05:00
v1.BetaStorageClassAnnotation: annval,
Make pvc storage class annotation immutable after create
2016-11-04 14:06:34 -04:00
}
return &api.PersistentVolumeClaim{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Make pvc storage class annotation immutable after create
2016-11-04 14:06:34 -04:00
Name: name,
Namespace: namespace,
Annotations: annotations,
},
Spec: spec,
}
}
func testVolumeClaimAnnotation(name string, namespace string, ann string, annval string, spec api.PersistentVolumeClaimSpec) *api.PersistentVolumeClaim {
annotations := map[string]string{
ann: annval,
}
return &api.PersistentVolumeClaim{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Make pvc storage class annotation immutable after create
2016-11-04 14:06:34 -04:00
Name: name,
Namespace: namespace,
Annotations: annotations,
},
Spec: spec,
}
}
PersistentVolume & PersistentVolumeClaim API types
2015-03-23 14:18:11 -04:00
func TestValidatePersistentVolumeClaim(t *testing.T) {
Add StorageClassName validation
2017-03-02 04:23:57 -05:00
invalidClassName := "-invalid-"
validClassName := "valid"
PersistentVolume & PersistentVolumeClaim API types
2015-03-23 14:18:11 -04:00
scenarios := map[string]struct {
isExpectedFailure bool
claim *api.PersistentVolumeClaim
}{
"good-claim": {
isExpectedFailure: false,
claim: testVolumeClaim("foo", "ns", api.PersistentVolumeClaimSpec{
refactor: generated
2016-12-03 13:57:26 -05:00
Selector: &metav1.LabelSelector{
MatchExpressions: []metav1.LabelSelectorRequirement{
Add selector to PersistentVolumeClaim
2016-05-06 23:18:54 -04:00
{
Key: "key2",
Operator: "Exists",
},
},
},
AccessModes: []api.PersistentVolumeAccessMode{
api.ReadWriteOnce,
api.ReadOnlyMany,
},
Resources: api.ResourceRequirements{
Requests: api.ResourceList{
api.ResourceName(api.ResourceStorage): resource.MustParse("10G"),
},
},
Add StorageClassName validation
2017-03-02 04:23:57 -05:00
StorageClassName: &validClassName,
Add selector to PersistentVolumeClaim
2016-05-06 23:18:54 -04:00
}),
},
"invalid-label-selector": {
isExpectedFailure: true,
claim: testVolumeClaim("foo", "ns", api.PersistentVolumeClaimSpec{
refactor: generated
2016-12-03 13:57:26 -05:00
Selector: &metav1.LabelSelector{
MatchExpressions: []metav1.LabelSelectorRequirement{
Add selector to PersistentVolumeClaim
2016-05-06 23:18:54 -04:00
{
Key: "key2",
Operator: "InvalidOp",
Values: []string{"value1", "value2"},
},
},
},
Rename AccessMode to PersistentVolumeAccessMode
2015-05-18 16:22:30 -04:00
AccessModes: []api.PersistentVolumeAccessMode{
PersistentVolume & PersistentVolumeClaim API types
2015-03-23 14:18:11 -04:00
api.ReadWriteOnce,
api.ReadOnlyMany,
},
Resources: api.ResourceRequirements{
Requests: api.ResourceList{
added validation for AccessModes
2015-07-24 15:55:54 -04:00
api.ResourceName(api.ResourceStorage): resource.MustParse("10G"),
},
},
}),
},
"invalid-accessmode": {
isExpectedFailure: true,
claim: testVolumeClaim("foo", "ns", api.PersistentVolumeClaimSpec{
AccessModes: []api.PersistentVolumeAccessMode{"fakemode"},
Resources: api.ResourceRequirements{
Requests: api.ResourceList{
PersistentVolume & PersistentVolumeClaim API types
2015-03-23 14:18:11 -04:00
api.ResourceName(api.ResourceStorage): resource.MustParse("10G"),
},
},
}),
},
"missing-namespace": {
isExpectedFailure: true,
claim: testVolumeClaim("foo", "", api.PersistentVolumeClaimSpec{
Rename AccessMode to PersistentVolumeAccessMode
2015-05-18 16:22:30 -04:00
AccessModes: []api.PersistentVolumeAccessMode{
PersistentVolume & PersistentVolumeClaim API types
2015-03-23 14:18:11 -04:00
api.ReadWriteOnce,
api.ReadOnlyMany,
},
Resources: api.ResourceRequirements{
Requests: api.ResourceList{
api.ResourceName(api.ResourceStorage): resource.MustParse("10G"),
},
},
}),
},
"no-access-modes": {
isExpectedFailure: true,
claim: testVolumeClaim("foo", "ns", api.PersistentVolumeClaimSpec{
Resources: api.ResourceRequirements{
Requests: api.ResourceList{
api.ResourceName(api.ResourceStorage): resource.MustParse("10G"),
},
},
}),
},
"no-resource-requests": {
isExpectedFailure: true,
claim: testVolumeClaim("foo", "ns", api.PersistentVolumeClaimSpec{
Rename AccessMode to PersistentVolumeAccessMode
2015-05-18 16:22:30 -04:00
AccessModes: []api.PersistentVolumeAccessMode{
PersistentVolume & PersistentVolumeClaim API types
2015-03-23 14:18:11 -04:00
api.ReadWriteOnce,
},
}),
},
changed claimed validation from length check to specific storage check
2015-03-31 11:37:09 -04:00
"invalid-resource-requests": {
isExpectedFailure: true,
claim: testVolumeClaim("foo", "ns", api.PersistentVolumeClaimSpec{
Rename AccessMode to PersistentVolumeAccessMode
2015-05-18 16:22:30 -04:00
AccessModes: []api.PersistentVolumeAccessMode{
changed claimed validation from length check to specific storage check
2015-03-31 11:37:09 -04:00
api.ReadWriteOnce,
},
Resources: api.ResourceRequirements{
Requests: api.ResourceList{
api.ResourceName(api.ResourceMemory): resource.MustParse("10G"),
},
},
}),
},
Fix pvc requests.storage validation
2016-08-10 14:18:37 -04:00
"negative-storage-request": {
isExpectedFailure: true,
claim: testVolumeClaim("foo", "ns", api.PersistentVolumeClaimSpec{
refactor: generated
2016-12-03 13:57:26 -05:00
Selector: &metav1.LabelSelector{
MatchExpressions: []metav1.LabelSelectorRequirement{
Fix pvc requests.storage validation
2016-08-10 14:18:37 -04:00
{
Key: "key2",
Operator: "Exists",
},
},
},
AccessModes: []api.PersistentVolumeAccessMode{
api.ReadWriteOnce,
api.ReadOnlyMany,
},
Resources: api.ResourceRequirements{
Requests: api.ResourceList{
api.ResourceName(api.ResourceStorage): resource.MustParse("-10G"),
},
},
}),
},
Add StorageClassName validation
2017-03-02 04:23:57 -05:00
"invalid-storage-class-name": {
isExpectedFailure: true,
claim: testVolumeClaim("foo", "ns", api.PersistentVolumeClaimSpec{
Selector: &metav1.LabelSelector{
MatchExpressions: []metav1.LabelSelectorRequirement{
{
Key: "key2",
Operator: "Exists",
},
},
},
AccessModes: []api.PersistentVolumeAccessMode{
api.ReadWriteOnce,
api.ReadOnlyMany,
},
Resources: api.ResourceRequirements{
Requests: api.ResourceList{
api.ResourceName(api.ResourceStorage): resource.MustParse("10G"),
},
},
StorageClassName: &invalidClassName,
}),
},
PersistentVolume & PersistentVolumeClaim API types
2015-03-23 14:18:11 -04:00
}
for name, scenario := range scenarios {
errs := ValidatePersistentVolumeClaim(scenario.claim)
if len(errs) == 0 && scenario.isExpectedFailure {
t.Errorf("Unexpected success for scenario: %s", name)
}
if len(errs) > 0 && !scenario.isExpectedFailure {
t.Errorf("Unexpected failure for scenario: %s - %+v", name, errs)
}
}
}
Improve persistent volume claim validation
2016-02-09 15:28:37 -05:00
func TestValidatePersistentVolumeClaimUpdate(t *testing.T) {
validClaim := testVolumeClaim("foo", "ns", api.PersistentVolumeClaimSpec{
AccessModes: []api.PersistentVolumeAccessMode{
api.ReadWriteOnce,
api.ReadOnlyMany,
},
Resources: api.ResourceRequirements{
Requests: api.ResourceList{
api.ResourceName(api.ResourceStorage): resource.MustParse("10G"),
},
},
})
Make pvc storage class annotation immutable after create
2016-11-04 14:06:34 -04:00
validClaimStorageClass := testVolumeClaimStorageClass("foo", "ns", "fast", api.PersistentVolumeClaimSpec{
AccessModes: []api.PersistentVolumeAccessMode{
api.ReadOnlyMany,
},
Resources: api.ResourceRequirements{
Requests: api.ResourceList{
api.ResourceName(api.ResourceStorage): resource.MustParse("10G"),
},
},
})
validClaimAnnotation := testVolumeClaimAnnotation("foo", "ns", "description", "foo-description", api.PersistentVolumeClaimSpec{
AccessModes: []api.PersistentVolumeAccessMode{
api.ReadOnlyMany,
},
Resources: api.ResourceRequirements{
Requests: api.ResourceList{
api.ResourceName(api.ResourceStorage): resource.MustParse("10G"),
},
},
})
Improve persistent volume claim validation
2016-02-09 15:28:37 -05:00
validUpdateClaim := testVolumeClaim("foo", "ns", api.PersistentVolumeClaimSpec{
AccessModes: []api.PersistentVolumeAccessMode{
api.ReadWriteOnce,
api.ReadOnlyMany,
},
Resources: api.ResourceRequirements{
Requests: api.ResourceList{
api.ResourceName(api.ResourceStorage): resource.MustParse("10G"),
},
},
VolumeName: "volume",
})
invalidUpdateClaimResources := testVolumeClaim("foo", "ns", api.PersistentVolumeClaimSpec{
AccessModes: []api.PersistentVolumeAccessMode{
api.ReadWriteOnce,
api.ReadOnlyMany,
},
Resources: api.ResourceRequirements{
Requests: api.ResourceList{
api.ResourceName(api.ResourceStorage): resource.MustParse("20G"),
},
},
VolumeName: "volume",
})
invalidUpdateClaimAccessModes := testVolumeClaim("foo", "ns", api.PersistentVolumeClaimSpec{
AccessModes: []api.PersistentVolumeAccessMode{
api.ReadWriteOnce,
},
Resources: api.ResourceRequirements{
Requests: api.ResourceList{
api.ResourceName(api.ResourceStorage): resource.MustParse("10G"),
},
},
VolumeName: "volume",
})
Make pvc storage class annotation immutable after create
2016-11-04 14:06:34 -04:00
invalidUpdateClaimStorageClass := testVolumeClaimStorageClass("foo", "ns", "fast2", api.PersistentVolumeClaimSpec{
AccessModes: []api.PersistentVolumeAccessMode{
api.ReadOnlyMany,
},
Resources: api.ResourceRequirements{
Requests: api.ResourceList{
api.ResourceName(api.ResourceStorage): resource.MustParse("10G"),
},
},
VolumeName: "volume",
})
validUpdateClaimMutableAnnotation := testVolumeClaimAnnotation("foo", "ns", "description", "updated-or-added-foo-description", api.PersistentVolumeClaimSpec{
AccessModes: []api.PersistentVolumeAccessMode{
api.ReadOnlyMany,
},
Resources: api.ResourceRequirements{
Requests: api.ResourceList{
api.ResourceName(api.ResourceStorage): resource.MustParse("10G"),
},
},
VolumeName: "volume",
})
validAddClaimAnnotation := testVolumeClaimAnnotation("foo", "ns", "description", "updated-or-added-foo-description", api.PersistentVolumeClaimSpec{
AccessModes: []api.PersistentVolumeAccessMode{
api.ReadWriteOnce,
api.ReadOnlyMany,
},
Resources: api.ResourceRequirements{
Requests: api.ResourceList{
api.ResourceName(api.ResourceStorage): resource.MustParse("10G"),
},
},
VolumeName: "volume",
})
Improve persistent volume claim validation
2016-02-09 15:28:37 -05:00
scenarios := map[string]struct {
isExpectedFailure bool
oldClaim *api.PersistentVolumeClaim
newClaim *api.PersistentVolumeClaim
}{
make PVCs immutable (except volumeName) post-creation
2016-07-08 12:08:15 -04:00
"valid-update-volumeName-only": {
Improve persistent volume claim validation
2016-02-09 15:28:37 -05:00
isExpectedFailure: false,
oldClaim: validClaim,
newClaim: validUpdateClaim,
},
make PVCs immutable (except volumeName) post-creation
2016-07-08 12:08:15 -04:00
"valid-no-op-update": {
isExpectedFailure: false,
oldClaim: validUpdateClaim,
newClaim: validUpdateClaim,
},
Improve persistent volume claim validation
2016-02-09 15:28:37 -05:00
"invalid-update-change-resources-on-bound-claim": {
isExpectedFailure: true,
oldClaim: validUpdateClaim,
newClaim: invalidUpdateClaimResources,
},
"invalid-update-change-access-modes-on-bound-claim": {
isExpectedFailure: true,
oldClaim: validUpdateClaim,
newClaim: invalidUpdateClaimAccessModes,
},
Make pvc storage class annotation immutable after create
2016-11-04 14:06:34 -04:00
"invalid-update-change-storage-class-annotation-after-creation": {
isExpectedFailure: true,
oldClaim: validClaimStorageClass,
newClaim: invalidUpdateClaimStorageClass,
},
"valid-update-mutable-annotation": {
isExpectedFailure: false,
oldClaim: validClaimAnnotation,
newClaim: validUpdateClaimMutableAnnotation,
},
"valid-update-add-annotation": {
isExpectedFailure: false,
oldClaim: validClaim,
newClaim: validAddClaimAnnotation,
},
Improve persistent volume claim validation
2016-02-09 15:28:37 -05:00
}
for name, scenario := range scenarios {
// ensure we have a resource version specified for updates
scenario.oldClaim.ResourceVersion = "1"
scenario.newClaim.ResourceVersion = "1"
errs := ValidatePersistentVolumeClaimUpdate(scenario.newClaim, scenario.oldClaim)
if len(errs) == 0 && scenario.isExpectedFailure {
t.Errorf("Unexpected success for scenario: %s", name)
}
if len(errs) > 0 && !scenario.isExpectedFailure {
t.Errorf("Unexpected failure for scenario: %s - %+v", name, errs)
}
}
}
Validate that projected files do not contain .. This was checked in the kubelet, but not at the API.
2016-07-30 01:41:20 -04:00
func TestValidateKeyToPath(t *testing.T) {
testCases := []struct {
kp api.KeyToPath
ok bool
errtype field.ErrorType
}{
{
kp: api.KeyToPath{Key: "k", Path: "p"},
ok: true,
},
{
kp: api.KeyToPath{Key: "k", Path: "p/p/p/p"},
ok: true,
},
{
kp: api.KeyToPath{Key: "k", Path: "p/..p/p../p..p"},
ok: true,
},
Add mode permission bits to configmap, secrets and downwardAPI This implements the proposal in: docs/proposals/secret-configmap-downwarapi-file-mode.md Fixes: #28317. The mounttest image is updated so it returns the permissions of the linked file and not the symlink itself.
2016-07-10 20:48:28 -04:00
{
kp: api.KeyToPath{Key: "k", Path: "p", Mode: newInt32(0644)},
ok: true,
},
Validate that projected files do not contain .. This was checked in the kubelet, but not at the API.
2016-07-30 01:41:20 -04:00
{
kp: api.KeyToPath{Key: "", Path: "p"},
ok: false,
errtype: field.ErrorTypeRequired,
},
{
kp: api.KeyToPath{Key: "k", Path: ""},
ok: false,
errtype: field.ErrorTypeRequired,
},
{
kp: api.KeyToPath{Key: "k", Path: "..p"},
ok: false,
errtype: field.ErrorTypeInvalid,
},
{
kp: api.KeyToPath{Key: "k", Path: "../p"},
ok: false,
errtype: field.ErrorTypeInvalid,
},
{
kp: api.KeyToPath{Key: "k", Path: "p/../p"},
ok: false,
errtype: field.ErrorTypeInvalid,
},
{
kp: api.KeyToPath{Key: "k", Path: "p/.."},
ok: false,
errtype: field.ErrorTypeInvalid,
},
Add mode permission bits to configmap, secrets and downwardAPI This implements the proposal in: docs/proposals/secret-configmap-downwarapi-file-mode.md Fixes: #28317. The mounttest image is updated so it returns the permissions of the linked file and not the symlink itself.
2016-07-10 20:48:28 -04:00
{
kp: api.KeyToPath{Key: "k", Path: "p", Mode: newInt32(01000)},
ok: false,
errtype: field.ErrorTypeInvalid,
},
{
kp: api.KeyToPath{Key: "k", Path: "p", Mode: newInt32(-1)},
ok: false,
errtype: field.ErrorTypeInvalid,
},
Add validation of Volumes
2014-07-01 17:40:36 -04:00
}
Validate that projected files do not contain .. This was checked in the kubelet, but not at the API.
2016-07-30 01:41:20 -04:00
for i, tc := range testCases {
errs := validateKeyToPath(&tc.kp, field.NewPath("field"))
if tc.ok && len(errs) > 0 {
t.Errorf("[%d] unexpected errors: %v", i, errs)
} else if !tc.ok && len(errs) == 0 {
t.Errorf("[%d] expected error type %v", i, tc.errtype)
} else if len(errs) > 1 {
t.Errorf("[%d] expected only one error, got %d", i, len(errs))
} else if !tc.ok {
if errs[0].Type != tc.errtype {
t.Errorf("[%d] expected error type %v, got %v", i, tc.errtype, errs[0].Type)
}
}
Add validation of Volumes
2014-07-01 17:40:36 -04:00
}
Validate that projected files do not contain .. This was checked in the kubelet, but not at the API.
2016-07-30 01:41:20 -04:00
}
add test for validation NFS and GlusterFS
2017-05-27 10:37:56 -04:00
func TestValidateNFSVolumeSource(t *testing.T) {
testCases := []struct {
name string
nfs *api.NFSVolumeSource
errtype field.ErrorType
errfield string
errdetail string
}{
{
name: "missing server",
nfs: &api.NFSVolumeSource{Server: "", Path: "/tmp"},
errtype: field.ErrorTypeRequired,
errfield: "server",
},
{
name: "missing path",
nfs: &api.NFSVolumeSource{Server: "my-server", Path: ""},
errtype: field.ErrorTypeRequired,
errfield: "path",
},
{
name: "abs path",
nfs: &api.NFSVolumeSource{Server: "my-server", Path: "tmp"},
errtype: field.ErrorTypeInvalid,
errfield: "path",
errdetail: "must be an absolute path",
},
}
for i, tc := range testCases {
errs := validateNFSVolumeSource(tc.nfs, field.NewPath("field"))
if len(errs) > 0 && tc.errtype == "" {
t.Errorf("[%d: %q] unexpected error(s): %v", i, tc.name, errs)
} else if len(errs) == 0 && tc.errtype != "" {
t.Errorf("[%d: %q] expected error type %v", i, tc.name, tc.errtype)
} else if len(errs) >= 1 {
if errs[0].Type != tc.errtype {
t.Errorf("[%d: %q] expected error type %v, got %v", i, tc.name, tc.errtype, errs[0].Type)
} else if !strings.HasSuffix(errs[0].Field, "."+tc.errfield) {
t.Errorf("[%d: %q] expected error on field %q, got %q", i, tc.name, tc.errfield, errs[0].Field)
} else if !strings.Contains(errs[0].Detail, tc.errdetail) {
t.Errorf("[%d: %q] expected error detail %q, got %q", i, tc.name, tc.errdetail, errs[0].Detail)
}
}
}
}
func TestValidateGlusterfs(t *testing.T) {
testCases := []struct {
name string
gfs *api.GlusterfsVolumeSource
errtype field.ErrorType
errfield string
}{
{
name: "missing endpointname",
gfs: &api.GlusterfsVolumeSource{EndpointsName: "", Path: "/tmp"},
errtype: field.ErrorTypeRequired,
errfield: "endpoints",
},
{
name: "missing path",
gfs: &api.GlusterfsVolumeSource{EndpointsName: "my-endpoint", Path: ""},
errtype: field.ErrorTypeRequired,
errfield: "path",
},
{
name: "missing endpintname and path",
gfs: &api.GlusterfsVolumeSource{EndpointsName: "", Path: ""},
errtype: field.ErrorTypeRequired,
errfield: "endpoints",
},
}
for i, tc := range testCases {
Replace validateGlusterfs() with validateGlusterfsVolumeSource for consistency. Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
2017-08-22 05:11:25 -04:00
errs := validateGlusterfsVolumeSource(tc.gfs, field.NewPath("field"))
add test for validation NFS and GlusterFS
2017-05-27 10:37:56 -04:00
if len(errs) > 0 && tc.errtype == "" {
t.Errorf("[%d: %q] unexpected error(s): %v", i, tc.name, errs)
} else if len(errs) == 0 && tc.errtype != "" {
t.Errorf("[%d: %q] expected error type %v", i, tc.name, tc.errtype)
} else if len(errs) >= 1 {
if errs[0].Type != tc.errtype {
t.Errorf("[%d: %q] expected error type %v, got %v", i, tc.name, tc.errtype, errs[0].Type)
} else if !strings.HasSuffix(errs[0].Field, "."+tc.errfield) {
t.Errorf("[%d: %q] expected error on field %q, got %q", i, tc.name, tc.errfield, errs[0].Field)
}
}
}
}
Clean up the ugliest unit test ever This volume-validation test was a disaster. Better now, if longer to scroll-through.
2016-07-30 02:52:25 -04:00
// helper
func newInt32(val int) *int32 {
p := new(int32)
*p = int32(val)
return p
}
// This test is a little too top-to-bottom. Ideally we would test each volume
// type on its own, but we want to also make sure that the logic works through
// the one-of wrapper, so we just do it all in one place.
Add validation of Volumes
2014-07-01 17:40:36 -04:00
func TestValidateVolumes(t *testing.T) {
iSCSI volume plugin: iSCSI initiatorname support This PR adds iSCSI initiatorname parameter to ISCSIVolumeSource to enable automatic configuration of initiator name per volume. This would allow for more fine grained configuration, and remove the need to configure the initiator name on the host by administrator. fixes: #47311
2017-07-11 23:37:48 -04:00
validInitiatorName := "iqn.2015-02.example.com:init"
invalidInitiatorName := "2015-02.example.com:init"
Clean up the ugliest unit test ever This volume-validation test was a disaster. Better now, if longer to scroll-through.
2016-07-30 02:52:25 -04:00
testCases := []struct {
name string
vol api.Volume
errtype field.ErrorType
errfield string
errdetail string
Convert field errors into a selector for the object Satisfies the "Field" condition for a Cause. Also addresses parts of #914.
2014-08-19 23:54:20 -04:00
}{
Clean up the ugliest unit test ever This volume-validation test was a disaster. Better now, if longer to scroll-through.
2016-07-30 02:52:25 -04:00
// EmptyDir and basic volume names
{
name: "valid alpha name",
vol: api.Volume{
Name: "empty",
VolumeSource: api.VolumeSource{
EmptyDir: &api.EmptyDirVolumeSource{},
},
},
},
{
name: "valid num name",
vol: api.Volume{
Name: "123",
VolumeSource: api.VolumeSource{
EmptyDir: &api.EmptyDirVolumeSource{},
},
},
},
{
name: "valid alphanum name",
vol: api.Volume{
Name: "empty-123",
VolumeSource: api.VolumeSource{
EmptyDir: &api.EmptyDirVolumeSource{},
},
},
},
{
name: "valid numalpha name",
vol: api.Volume{
Name: "123-empty",
VolumeSource: api.VolumeSource{
EmptyDir: &api.EmptyDirVolumeSource{},
},
},
},
{
name: "zero-length name",
vol: api.Volume{
Name: "",
VolumeSource: api.VolumeSource{EmptyDir: &api.EmptyDirVolumeSource{}},
},
errtype: field.ErrorTypeRequired,
errfield: "name",
},
{
name: "name > 63 characters",
vol: api.Volume{
Name: strings.Repeat("a", 64),
VolumeSource: api.VolumeSource{EmptyDir: &api.EmptyDirVolumeSource{}},
},
errtype: field.ErrorTypeInvalid,
errfield: "name",
errdetail: "must be no more than",
},
{
name: "name not a DNS label",
vol: api.Volume{
Name: "a.b.c",
VolumeSource: api.VolumeSource{EmptyDir: &api.EmptyDirVolumeSource{}},
},
errtype: field.ErrorTypeInvalid,
errfield: "name",
Improve error message for name/label validation. This patch added user readable naming rules to the output of the error messages for name/label validation.
2016-12-01 23:32:41 -05:00
errdetail: dnsLabelErrMsg,
Clean up the ugliest unit test ever This volume-validation test was a disaster. Better now, if longer to scroll-through.
2016-07-30 02:52:25 -04:00
},
// More than one source field specified.
{
name: "more than one source",
vol: api.Volume{
Name: "dups",
VolumeSource: api.VolumeSource{
EmptyDir: &api.EmptyDirVolumeSource{},
HostPath: &api.HostPathVolumeSource{
Path: "/mnt/path",
implement proposal 34058: hostPath volume type
2017-06-07 01:10:09 -04:00
Type: newHostPathType(string(api.HostPathDirectory)),
Clean up the ugliest unit test ever This volume-validation test was a disaster. Better now, if longer to scroll-through.
2016-07-30 02:52:25 -04:00
},
},
},
errtype: field.ErrorTypeForbidden,
errfield: "hostPath",
errdetail: "may not specify more than 1 volume",
},
implement proposal 34058: hostPath volume type
2017-06-07 01:10:09 -04:00
// HostPath Default
{
name: "default HostPath",
vol: api.Volume{
Name: "hostpath",
VolumeSource: api.VolumeSource{
HostPath: &api.HostPathVolumeSource{
Path: "/mnt/path",
Type: newHostPathType(string(api.HostPathDirectory)),
},
},
},
},
// HostPath Supported
Clean up the ugliest unit test ever This volume-validation test was a disaster. Better now, if longer to scroll-through.
2016-07-30 02:52:25 -04:00
{
name: "valid HostPath",
vol: api.Volume{
Name: "hostpath",
VolumeSource: api.VolumeSource{
HostPath: &api.HostPathVolumeSource{
Path: "/mnt/path",
implement proposal 34058: hostPath volume type
2017-06-07 01:10:09 -04:00
Type: newHostPathType(string(api.HostPathSocket)),
},
},
},
},
// HostPath Invalid
{
name: "invalid HostPath",
vol: api.Volume{
Name: "hostpath",
VolumeSource: api.VolumeSource{
HostPath: &api.HostPathVolumeSource{
Path: "/mnt/path",
Type: newHostPathType("invalid"),
Clean up the ugliest unit test ever This volume-validation test was a disaster. Better now, if longer to scroll-through.
2016-07-30 02:52:25 -04:00
},
},
},
implement proposal 34058: hostPath volume type
2017-06-07 01:10:09 -04:00
errtype: field.ErrorTypeNotSupported,
errfield: "type",
Clean up the ugliest unit test ever This volume-validation test was a disaster. Better now, if longer to scroll-through.
2016-07-30 02:52:25 -04:00
},
do not allow backsteps in host volume plugin Fixes #47107
2017-06-10 09:48:42 -04:00
{
name: "invalid HostPath backsteps",
vol: api.Volume{
Name: "hostpath",
VolumeSource: api.VolumeSource{
HostPath: &api.HostPathVolumeSource{
Path: "/mnt/path/..",
implement proposal 34058: hostPath volume type
2017-06-07 01:10:09 -04:00
Type: newHostPathType(string(api.HostPathDirectory)),
do not allow backsteps in host volume plugin Fixes #47107
2017-06-10 09:48:42 -04:00
},
},
},
errtype: field.ErrorTypeInvalid,
errfield: "path",
errdetail: "must not contain '..'",
},
Clean up the ugliest unit test ever This volume-validation test was a disaster. Better now, if longer to scroll-through.
2016-07-30 02:52:25 -04:00
// GcePersistentDisk
{
name: "valid GcePersistentDisk",
vol: api.Volume{
Name: "gce-pd",
VolumeSource: api.VolumeSource{
GCEPersistentDisk: &api.GCEPersistentDiskVolumeSource{
PDName: "my-PD",
FSType: "ext4",
Partition: 1,
ReadOnly: false,
},
},
},
},
// AWSElasticBlockStore
{
name: "valid AWSElasticBlockStore",
vol: api.Volume{
Name: "aws-ebs",
VolumeSource: api.VolumeSource{
AWSElasticBlockStore: &api.AWSElasticBlockStoreVolumeSource{
VolumeID: "my-PD",
FSType: "ext4",
Partition: 1,
ReadOnly: false,
},
},
},
},
// GitRepo
{
name: "valid GitRepo",
vol: api.Volume{
Name: "git-repo",
VolumeSource: api.VolumeSource{
GitRepo: &api.GitRepoVolumeSource{
Repository: "my-repo",
Revision: "hashstring",
Directory: "target",
},
},
},
},
{
name: "valid GitRepo in .",
vol: api.Volume{
Name: "git-repo-dot",
VolumeSource: api.VolumeSource{
GitRepo: &api.GitRepoVolumeSource{
Repository: "my-repo",
Directory: ".",
},
},
},
},
{
name: "valid GitRepo with .. in name",
vol: api.Volume{
Name: "git-repo-dot-dot-foo",
VolumeSource: api.VolumeSource{
GitRepo: &api.GitRepoVolumeSource{
Repository: "my-repo",
Directory: "..foo",
},
},
},
},
{
name: "GitRepo starts with ../",
vol: api.Volume{
Name: "gitrepo",
VolumeSource: api.VolumeSource{
GitRepo: &api.GitRepoVolumeSource{
Repository: "foo",
Directory: "../dots/bar",
},
},
},
errtype: field.ErrorTypeInvalid,
errfield: "gitRepo.directory",
errdetail: `must not contain '..'`,
},
{
name: "GitRepo contains ..",
vol: api.Volume{
Name: "gitrepo",
VolumeSource: api.VolumeSource{
GitRepo: &api.GitRepoVolumeSource{
Repository: "foo",
Directory: "dots/../bar",
},
},
},
errtype: field.ErrorTypeInvalid,
errfield: "gitRepo.directory",
errdetail: `must not contain '..'`,
},
{
name: "GitRepo absolute target",
vol: api.Volume{
Name: "gitrepo",
VolumeSource: api.VolumeSource{
GitRepo: &api.GitRepoVolumeSource{
Repository: "foo",
Directory: "/abstarget",
},
},
},
errtype: field.ErrorTypeInvalid,
errfield: "gitRepo.directory",
},
// ISCSI
{
name: "valid ISCSI",
vol: api.Volume{
Name: "iscsi",
VolumeSource: api.VolumeSource{
ISCSI: &api.ISCSIVolumeSource{
TargetPortal: "127.0.0.1",
IQN: "iqn.2015-02.example.com:test",
Lun: 1,
FSType: "ext4",
ReadOnly: false,
},
},
},
},
iSCSI volume plugin: iSCSI initiatorname support This PR adds iSCSI initiatorname parameter to ISCSIVolumeSource to enable automatic configuration of initiator name per volume. This would allow for more fine grained configuration, and remove the need to configure the initiator name on the host by administrator. fixes: #47311
2017-07-11 23:37:48 -04:00
{
name: "valid IQN: eui format",
vol: api.Volume{
Name: "iscsi",
VolumeSource: api.VolumeSource{
ISCSI: &api.ISCSIVolumeSource{
TargetPortal: "127.0.0.1",
IQN: "eui.0123456789ABCDEF",
Lun: 1,
FSType: "ext4",
ReadOnly: false,
},
},
},
},
{
name: "valid IQN: naa format",
vol: api.Volume{
Name: "iscsi",
VolumeSource: api.VolumeSource{
ISCSI: &api.ISCSIVolumeSource{
TargetPortal: "127.0.0.1",
IQN: "naa.62004567BA64678D0123456789ABCDEF",
Lun: 1,
FSType: "ext4",
ReadOnly: false,
},
},
},
},
Clean up the ugliest unit test ever This volume-validation test was a disaster. Better now, if longer to scroll-through.
2016-07-30 02:52:25 -04:00
{
name: "empty portal",
vol: api.Volume{
Name: "iscsi",
VolumeSource: api.VolumeSource{
ISCSI: &api.ISCSIVolumeSource{
TargetPortal: "",
IQN: "iqn.2015-02.example.com:test",
Lun: 1,
FSType: "ext4",
ReadOnly: false,
},
},
},
errtype: field.ErrorTypeRequired,
errfield: "iscsi.targetPortal",
},
{
name: "empty iqn",
vol: api.Volume{
Name: "iscsi",
VolumeSource: api.VolumeSource{
ISCSI: &api.ISCSIVolumeSource{
TargetPortal: "127.0.0.1",
IQN: "",
Lun: 1,
FSType: "ext4",
ReadOnly: false,
},
},
},
errtype: field.ErrorTypeRequired,
errfield: "iscsi.iqn",
},
iSCSI volume plugin: iSCSI initiatorname support This PR adds iSCSI initiatorname parameter to ISCSIVolumeSource to enable automatic configuration of initiator name per volume. This would allow for more fine grained configuration, and remove the need to configure the initiator name on the host by administrator. fixes: #47311
2017-07-11 23:37:48 -04:00
{
name: "invalid IQN: iqn format",
vol: api.Volume{
Name: "iscsi",
VolumeSource: api.VolumeSource{
ISCSI: &api.ISCSIVolumeSource{
TargetPortal: "127.0.0.1",
IQN: "iqn.2015-02.example.com:test;ls;",
Lun: 1,
FSType: "ext4",
ReadOnly: false,
},
},
},
errtype: field.ErrorTypeInvalid,
errfield: "iscsi.iqn",
},
{
name: "invalid IQN: eui format",
vol: api.Volume{
Name: "iscsi",
VolumeSource: api.VolumeSource{
ISCSI: &api.ISCSIVolumeSource{
TargetPortal: "127.0.0.1",
IQN: "eui.0123456789ABCDEFGHIJ",
Lun: 1,
FSType: "ext4",
ReadOnly: false,
},
},
},
errtype: field.ErrorTypeInvalid,
errfield: "iscsi.iqn",
},
{
name: "invalid IQN: naa format",
vol: api.Volume{
Name: "iscsi",
VolumeSource: api.VolumeSource{
ISCSI: &api.ISCSIVolumeSource{
TargetPortal: "127.0.0.1",
IQN: "naa.62004567BA_4-78D.123456789ABCDEF",
Lun: 1,
FSType: "ext4",
ReadOnly: false,
},
},
},
errtype: field.ErrorTypeInvalid,
errfield: "iscsi.iqn",
},
{
name: "valid initiatorName",
vol: api.Volume{
Name: "iscsi",
VolumeSource: api.VolumeSource{
ISCSI: &api.ISCSIVolumeSource{
TargetPortal: "127.0.0.1",
IQN: "iqn.2015-02.example.com:test",
Lun: 1,
InitiatorName: &validInitiatorName,
FSType: "ext4",
ReadOnly: false,
},
},
},
},
{
name: "invalid initiatorName",
vol: api.Volume{
Name: "iscsi",
VolumeSource: api.VolumeSource{
ISCSI: &api.ISCSIVolumeSource{
TargetPortal: "127.0.0.1",
IQN: "iqn.2015-02.example.com:test",
Lun: 1,
InitiatorName: &invalidInitiatorName,
FSType: "ext4",
ReadOnly: false,
},
},
},
errtype: field.ErrorTypeInvalid,
errfield: "iscsi.initiatorname",
},
add iSCSI CHAP API Signed-off-by: Huamin Chen <hchen@redhat.com>
2017-03-17 15:50:39 -04:00
{
name: "empty secret",
vol: api.Volume{
Name: "iscsi",
VolumeSource: api.VolumeSource{
ISCSI: &api.ISCSIVolumeSource{
TargetPortal: "127.0.0.1",
IQN: "iqn.2015-02.example.com:test",
Lun: 1,
FSType: "ext4",
ReadOnly: false,
DiscoveryCHAPAuth: true,
},
},
},
errtype: field.ErrorTypeRequired,
errfield: "iscsi.secretRef",
},
{
name: "empty secret",
vol: api.Volume{
Name: "iscsi",
VolumeSource: api.VolumeSource{
ISCSI: &api.ISCSIVolumeSource{
TargetPortal: "127.0.0.1",
IQN: "iqn.2015-02.example.com:test",
Lun: 1,
FSType: "ext4",
ReadOnly: false,
SessionCHAPAuth: true,
},
},
},
errtype: field.ErrorTypeRequired,
errfield: "iscsi.secretRef",
},
Clean up the ugliest unit test ever This volume-validation test was a disaster. Better now, if longer to scroll-through.
2016-07-30 02:52:25 -04:00
// Secret
{
name: "valid Secret",
vol: api.Volume{
Name: "secret",
VolumeSource: api.VolumeSource{
Secret: &api.SecretVolumeSource{
SecretName: "my-secret",
},
},
},
},
{
Add mode permission bits to configmap, secrets and downwardAPI This implements the proposal in: docs/proposals/secret-configmap-downwarapi-file-mode.md Fixes: #28317. The mounttest image is updated so it returns the permissions of the linked file and not the symlink itself.
2016-07-10 20:48:28 -04:00
name: "valid Secret with defaultMode",
vol: api.Volume{
Name: "secret",
VolumeSource: api.VolumeSource{
Secret: &api.SecretVolumeSource{
SecretName: "my-secret",
DefaultMode: newInt32(0644),
},
},
},
},
{
name: "valid Secret with projection and mode",
Clean up the ugliest unit test ever This volume-validation test was a disaster. Better now, if longer to scroll-through.
2016-07-30 02:52:25 -04:00
vol: api.Volume{
Name: "secret",
VolumeSource: api.VolumeSource{
Secret: &api.SecretVolumeSource{
SecretName: "my-secret",
Items: []api.KeyToPath{{
Key: "key",
Path: "filename",
Add mode permission bits to configmap, secrets and downwardAPI This implements the proposal in: docs/proposals/secret-configmap-downwarapi-file-mode.md Fixes: #28317. The mounttest image is updated so it returns the permissions of the linked file and not the symlink itself.
2016-07-10 20:48:28 -04:00
Mode: newInt32(0644),
Clean up the ugliest unit test ever This volume-validation test was a disaster. Better now, if longer to scroll-through.
2016-07-30 02:52:25 -04:00
}},
},
},
},
},
{
name: "valid Secret with subdir projection",
vol: api.Volume{
Name: "secret",
VolumeSource: api.VolumeSource{
Secret: &api.SecretVolumeSource{
SecretName: "my-secret",
Items: []api.KeyToPath{{
Key: "key",
Path: "dir/filename",
}},
},
},
},
},
{
name: "secret with missing path",
vol: api.Volume{
Name: "secret",
VolumeSource: api.VolumeSource{
Secret: &api.SecretVolumeSource{
SecretName: "s",
Items: []api.KeyToPath{{Key: "key", Path: ""}},
},
},
},
errtype: field.ErrorTypeRequired,
errfield: "secret.items[0].path",
},
{
name: "secret with leading ..",
vol: api.Volume{
Name: "secret",
VolumeSource: api.VolumeSource{
Secret: &api.SecretVolumeSource{
SecretName: "s",
Items: []api.KeyToPath{{Key: "key", Path: "../foo"}},
},
},
},
errtype: field.ErrorTypeInvalid,
errfield: "secret.items[0].path",
},
{
name: "secret with .. inside",
vol: api.Volume{
Name: "secret",
VolumeSource: api.VolumeSource{
Secret: &api.SecretVolumeSource{
SecretName: "s",
Items: []api.KeyToPath{{Key: "key", Path: "foo/../bar"}},
},
},
},
errtype: field.ErrorTypeInvalid,
errfield: "secret.items[0].path",
},
Add mode permission bits to configmap, secrets and downwardAPI This implements the proposal in: docs/proposals/secret-configmap-downwarapi-file-mode.md Fixes: #28317. The mounttest image is updated so it returns the permissions of the linked file and not the symlink itself.
2016-07-10 20:48:28 -04:00
{
name: "secret with invalid positive defaultMode",
vol: api.Volume{
Name: "secret",
VolumeSource: api.VolumeSource{
Secret: &api.SecretVolumeSource{
SecretName: "s",
DefaultMode: newInt32(01000),
},
},
},
errtype: field.ErrorTypeInvalid,
errfield: "secret.defaultMode",
},
{
name: "secret with invalid negative defaultMode",
vol: api.Volume{
Name: "secret",
VolumeSource: api.VolumeSource{
Secret: &api.SecretVolumeSource{
SecretName: "s",
DefaultMode: newInt32(-1),
},
},
},
errtype: field.ErrorTypeInvalid,
errfield: "secret.defaultMode",
},
Clean up the ugliest unit test ever This volume-validation test was a disaster. Better now, if longer to scroll-through.
2016-07-30 02:52:25 -04:00
// ConfigMap
{
name: "valid ConfigMap",
vol: api.Volume{
Name: "cfgmap",
VolumeSource: api.VolumeSource{
ConfigMap: &api.ConfigMapVolumeSource{
LocalObjectReference: api.LocalObjectReference{
Name: "my-cfgmap",
},
},
},
},
},
{
Add mode permission bits to configmap, secrets and downwardAPI This implements the proposal in: docs/proposals/secret-configmap-downwarapi-file-mode.md Fixes: #28317. The mounttest image is updated so it returns the permissions of the linked file and not the symlink itself.
2016-07-10 20:48:28 -04:00
name: "valid ConfigMap with defaultMode",
vol: api.Volume{
Name: "cfgmap",
VolumeSource: api.VolumeSource{
ConfigMap: &api.ConfigMapVolumeSource{
LocalObjectReference: api.LocalObjectReference{
Name: "my-cfgmap",
},
DefaultMode: newInt32(0644),
},
},
},
},
{
name: "valid ConfigMap with projection and mode",
Clean up the ugliest unit test ever This volume-validation test was a disaster. Better now, if longer to scroll-through.
2016-07-30 02:52:25 -04:00
vol: api.Volume{
Name: "cfgmap",
VolumeSource: api.VolumeSource{
ConfigMap: &api.ConfigMapVolumeSource{
LocalObjectReference: api.LocalObjectReference{
Name: "my-cfgmap"},
Items: []api.KeyToPath{{
Key: "key",
Path: "filename",
Add mode permission bits to configmap, secrets and downwardAPI This implements the proposal in: docs/proposals/secret-configmap-downwarapi-file-mode.md Fixes: #28317. The mounttest image is updated so it returns the permissions of the linked file and not the symlink itself.
2016-07-10 20:48:28 -04:00
Mode: newInt32(0644),
Clean up the ugliest unit test ever This volume-validation test was a disaster. Better now, if longer to scroll-through.
2016-07-30 02:52:25 -04:00
}},
},
},
},
},
{
name: "valid ConfigMap with subdir projection",
vol: api.Volume{
Name: "cfgmap",
VolumeSource: api.VolumeSource{
ConfigMap: &api.ConfigMapVolumeSource{
LocalObjectReference: api.LocalObjectReference{
Name: "my-cfgmap"},
Items: []api.KeyToPath{{
Key: "key",
Path: "dir/filename",
}},
},
},
},
},
{
name: "configmap with missing path",
vol: api.Volume{
Name: "cfgmap",
VolumeSource: api.VolumeSource{
ConfigMap: &api.ConfigMapVolumeSource{
LocalObjectReference: api.LocalObjectReference{Name: "c"},
Items: []api.KeyToPath{{Key: "key", Path: ""}},
},
},
},
errtype: field.ErrorTypeRequired,
errfield: "configMap.items[0].path",
},
{
name: "configmap with leading ..",
vol: api.Volume{
Name: "cfgmap",
VolumeSource: api.VolumeSource{
ConfigMap: &api.ConfigMapVolumeSource{
LocalObjectReference: api.LocalObjectReference{Name: "c"},
Items: []api.KeyToPath{{Key: "key", Path: "../foo"}},
},
},
},
errtype: field.ErrorTypeInvalid,
errfield: "configMap.items[0].path",
},
{
name: "configmap with .. inside",
vol: api.Volume{
Name: "cfgmap",
VolumeSource: api.VolumeSource{
ConfigMap: &api.ConfigMapVolumeSource{
LocalObjectReference: api.LocalObjectReference{Name: "c"},
Items: []api.KeyToPath{{Key: "key", Path: "foo/../bar"}},
},
},
},
errtype: field.ErrorTypeInvalid,
errfield: "configMap.items[0].path",
},
Add mode permission bits to configmap, secrets and downwardAPI This implements the proposal in: docs/proposals/secret-configmap-downwarapi-file-mode.md Fixes: #28317. The mounttest image is updated so it returns the permissions of the linked file and not the symlink itself.
2016-07-10 20:48:28 -04:00
{
name: "configmap with invalid positive defaultMode",
vol: api.Volume{
Name: "cfgmap",
VolumeSource: api.VolumeSource{
ConfigMap: &api.ConfigMapVolumeSource{
LocalObjectReference: api.LocalObjectReference{Name: "c"},
DefaultMode: newInt32(01000),
},
},
},
errtype: field.ErrorTypeInvalid,
errfield: "configMap.defaultMode",
},
{
name: "configmap with invalid negative defaultMode",
vol: api.Volume{
Name: "cfgmap",
VolumeSource: api.VolumeSource{
ConfigMap: &api.ConfigMapVolumeSource{
LocalObjectReference: api.LocalObjectReference{Name: "c"},
DefaultMode: newInt32(-1),
},
},
},
errtype: field.ErrorTypeInvalid,
errfield: "configMap.defaultMode",
},
Clean up the ugliest unit test ever This volume-validation test was a disaster. Better now, if longer to scroll-through.
2016-07-30 02:52:25 -04:00
// Glusterfs
{
name: "valid Glusterfs",
vol: api.Volume{
Name: "glusterfs",
VolumeSource: api.VolumeSource{
Glusterfs: &api.GlusterfsVolumeSource{
EndpointsName: "host1",
Path: "path",
ReadOnly: false,
},
},
},
},
{
name: "empty hosts",
vol: api.Volume{
Name: "glusterfs",
VolumeSource: api.VolumeSource{
Glusterfs: &api.GlusterfsVolumeSource{
EndpointsName: "",
Path: "path",
ReadOnly: false,
},
},
},
errtype: field.ErrorTypeRequired,
errfield: "glusterfs.endpoints",
},
{
name: "empty path",
vol: api.Volume{
Name: "glusterfs",
VolumeSource: api.VolumeSource{
Glusterfs: &api.GlusterfsVolumeSource{
EndpointsName: "host",
Path: "",
ReadOnly: false,
},
},
},
errtype: field.ErrorTypeRequired,
errfield: "glusterfs.path",
},
// Flocker
{
Adds datasetUUID for referencing flocker datasets * flocker datasets should be attached using an unique identifier. This is not the case for the name metadata used by datasetName * allow only one of datasetUUID / datasetName specified
2016-08-01 06:45:03 -04:00
name: "valid Flocker -- datasetUUID",
vol: api.Volume{
Name: "flocker",
VolumeSource: api.VolumeSource{
Flocker: &api.FlockerVolumeSource{
DatasetUUID: "d846b09d-223d-43df-ab5b-d6db2206a0e4",
},
},
},
},
{
name: "valid Flocker -- datasetName",
Clean up the ugliest unit test ever This volume-validation test was a disaster. Better now, if longer to scroll-through.
2016-07-30 02:52:25 -04:00
vol: api.Volume{
Name: "flocker",
VolumeSource: api.VolumeSource{
Flocker: &api.FlockerVolumeSource{
DatasetName: "datasetName",
},
},
},
},
{
Adds datasetUUID for referencing flocker datasets * flocker datasets should be attached using an unique identifier. This is not the case for the name metadata used by datasetName * allow only one of datasetUUID / datasetName specified
2016-08-01 06:45:03 -04:00
name: "both empty",
Clean up the ugliest unit test ever This volume-validation test was a disaster. Better now, if longer to scroll-through.
2016-07-30 02:52:25 -04:00
vol: api.Volume{
Name: "flocker",
VolumeSource: api.VolumeSource{
Flocker: &api.FlockerVolumeSource{
DatasetName: "",
},
},
},
errtype: field.ErrorTypeRequired,
Adds datasetUUID for referencing flocker datasets * flocker datasets should be attached using an unique identifier. This is not the case for the name metadata used by datasetName * allow only one of datasetUUID / datasetName specified
2016-08-01 06:45:03 -04:00
errfield: "flocker",
},
{
name: "both specified",
vol: api.Volume{
Name: "flocker",
VolumeSource: api.VolumeSource{
Flocker: &api.FlockerVolumeSource{
DatasetName: "datasetName",
DatasetUUID: "d846b09d-223d-43df-ab5b-d6db2206a0e4",
},
},
},
errtype: field.ErrorTypeInvalid,
errfield: "flocker",
Clean up the ugliest unit test ever This volume-validation test was a disaster. Better now, if longer to scroll-through.
2016-07-30 02:52:25 -04:00
},
{
name: "slash in flocker datasetName",
vol: api.Volume{
Name: "flocker",
VolumeSource: api.VolumeSource{
Flocker: &api.FlockerVolumeSource{
DatasetName: "foo/bar",
},
},
},
errtype: field.ErrorTypeInvalid,
errfield: "flocker.datasetName",
errdetail: "must not contain '/'",
},
// RBD
{
name: "valid RBD",
vol: api.Volume{
Name: "rbd",
VolumeSource: api.VolumeSource{
RBD: &api.RBDVolumeSource{
CephMonitors: []string{"foo"},
RBDImage: "bar",
FSType: "ext4",
},
},
},
},
{
name: "empty rbd monitors",
vol: api.Volume{
Name: "rbd",
VolumeSource: api.VolumeSource{
RBD: &api.RBDVolumeSource{
CephMonitors: []string{},
RBDImage: "bar",
FSType: "ext4",
},
},
},
errtype: field.ErrorTypeRequired,
errfield: "rbd.monitors",
},
{
name: "empty image",
vol: api.Volume{
Name: "rbd",
VolumeSource: api.VolumeSource{
RBD: &api.RBDVolumeSource{
CephMonitors: []string{"foo"},
RBDImage: "",
FSType: "ext4",
},
},
},
errtype: field.ErrorTypeRequired,
errfield: "rbd.image",
},
// Cinder
{
name: "valid Cinder",
vol: api.Volume{
Name: "cinder",
VolumeSource: api.VolumeSource{
Cinder: &api.CinderVolumeSource{
VolumeID: "29ea5088-4f60-4757-962e-dba678767887",
FSType: "ext4",
ReadOnly: false,
},
},
},
},
// CephFS
{
name: "valid CephFS",
vol: api.Volume{
Name: "cephfs",
VolumeSource: api.VolumeSource{
CephFS: &api.CephFSVolumeSource{
Monitors: []string{"foo"},
},
},
},
},
{
name: "empty cephfs monitors",
vol: api.Volume{
Name: "cephfs",
VolumeSource: api.VolumeSource{
CephFS: &api.CephFSVolumeSource{
Monitors: []string{},
},
},
},
errtype: field.ErrorTypeRequired,
errfield: "cephfs.monitors",
},
// DownwardAPI
{
name: "valid DownwardAPI",
vol: api.Volume{
Name: "downwardapi",
VolumeSource: api.VolumeSource{
DownwardAPI: &api.DownwardAPIVolumeSource{
Items: []api.DownwardAPIVolumeFile{
{
Path: "labels",
FieldRef: &api.ObjectFieldSelector{
APIVersion: "v1",
FieldPath: "metadata.labels",
},
},
{
Path: "annotations",
FieldRef: &api.ObjectFieldSelector{
APIVersion: "v1",
FieldPath: "metadata.annotations",
},
},
{
Path: "namespace",
FieldRef: &api.ObjectFieldSelector{
APIVersion: "v1",
FieldPath: "metadata.namespace",
},
},
{
Path: "name",
FieldRef: &api.ObjectFieldSelector{
APIVersion: "v1",
FieldPath: "metadata.name",
},
},
{
Path: "path/with/subdirs",
FieldRef: &api.ObjectFieldSelector{
APIVersion: "v1",
FieldPath: "metadata.labels",
},
},
{
Path: "path/./withdot",
FieldRef: &api.ObjectFieldSelector{
APIVersion: "v1",
FieldPath: "metadata.labels",
},
},
{
Path: "path/with/embedded..dotdot",
FieldRef: &api.ObjectFieldSelector{
APIVersion: "v1",
FieldPath: "metadata.labels",
},
},
{
Path: "path/with/leading/..dotdot",
FieldRef: &api.ObjectFieldSelector{
APIVersion: "v1",
FieldPath: "metadata.labels",
},
},
{
Path: "cpu_limit",
ResourceFieldRef: &api.ResourceFieldSelector{
ContainerName: "test-container",
Resource: "limits.cpu",
},
},
{
Path: "cpu_request",
ResourceFieldRef: &api.ResourceFieldSelector{
ContainerName: "test-container",
Resource: "requests.cpu",
},
},
{
Path: "memory_limit",
ResourceFieldRef: &api.ResourceFieldSelector{
ContainerName: "test-container",
Resource: "limits.memory",
},
},
{
Path: "memory_request",
ResourceFieldRef: &api.ResourceFieldSelector{
ContainerName: "test-container",
Resource: "requests.memory",
},
},
},
},
},
},
},
Add mode permission bits to configmap, secrets and downwardAPI This implements the proposal in: docs/proposals/secret-configmap-downwarapi-file-mode.md Fixes: #28317. The mounttest image is updated so it returns the permissions of the linked file and not the symlink itself.
2016-07-10 20:48:28 -04:00
{
name: "downapi valid defaultMode",
vol: api.Volume{
Name: "downapi",
VolumeSource: api.VolumeSource{
DownwardAPI: &api.DownwardAPIVolumeSource{
DefaultMode: newInt32(0644),
},
},
},
},
{
name: "downapi valid item mode",
vol: api.Volume{
Name: "downapi",
VolumeSource: api.VolumeSource{
DownwardAPI: &api.DownwardAPIVolumeSource{
Items: []api.DownwardAPIVolumeFile{{
Mode: newInt32(0644),
Path: "path",
FieldRef: &api.ObjectFieldSelector{
APIVersion: "v1",
FieldPath: "metadata.labels",
},
}},
},
},
},
},
{
name: "downapi invalid positive item mode",
vol: api.Volume{
Name: "downapi",
VolumeSource: api.VolumeSource{
DownwardAPI: &api.DownwardAPIVolumeSource{
Items: []api.DownwardAPIVolumeFile{{
Mode: newInt32(01000),
Path: "path",
FieldRef: &api.ObjectFieldSelector{
APIVersion: "v1",
FieldPath: "metadata.labels",
},
}},
},
},
},
errtype: field.ErrorTypeInvalid,
errfield: "downwardAPI.mode",
},
{
name: "downapi invalid negative item mode",
vol: api.Volume{
Name: "downapi",
VolumeSource: api.VolumeSource{
DownwardAPI: &api.DownwardAPIVolumeSource{
Items: []api.DownwardAPIVolumeFile{{
Mode: newInt32(-1),
Path: "path",
FieldRef: &api.ObjectFieldSelector{
APIVersion: "v1",
FieldPath: "metadata.labels",
},
}},
},
},
},
errtype: field.ErrorTypeInvalid,
errfield: "downwardAPI.mode",
},
Clean up the ugliest unit test ever This volume-validation test was a disaster. Better now, if longer to scroll-through.
2016-07-30 02:52:25 -04:00
{
name: "downapi empty metatada path",
vol: api.Volume{
Name: "downapi",
VolumeSource: api.VolumeSource{
DownwardAPI: &api.DownwardAPIVolumeSource{
Items: []api.DownwardAPIVolumeFile{{
Path: "",
FieldRef: &api.ObjectFieldSelector{
APIVersion: "v1",
FieldPath: "metadata.labels",
},
}},
},
},
},
errtype: field.ErrorTypeRequired,
errfield: "downwardAPI.path",
},
{
name: "downapi absolute path",
vol: api.Volume{
Name: "downapi",
VolumeSource: api.VolumeSource{
DownwardAPI: &api.DownwardAPIVolumeSource{
Items: []api.DownwardAPIVolumeFile{{
Path: "/absolutepath",
FieldRef: &api.ObjectFieldSelector{
APIVersion: "v1",
FieldPath: "metadata.labels",
},
}},
},
},
},
errtype: field.ErrorTypeInvalid,
errfield: "downwardAPI.path",
},
{
name: "downapi dot dot path",
vol: api.Volume{
Name: "downapi",
VolumeSource: api.VolumeSource{
DownwardAPI: &api.DownwardAPIVolumeSource{
Items: []api.DownwardAPIVolumeFile{{
Path: "../../passwd",
FieldRef: &api.ObjectFieldSelector{
APIVersion: "v1",
FieldPath: "metadata.labels",
},
}},
},
},
},
errtype: field.ErrorTypeInvalid,
errfield: "downwardAPI.path",
errdetail: `must not contain '..'`,
},
{
name: "downapi dot dot file name",
vol: api.Volume{
Name: "downapi",
VolumeSource: api.VolumeSource{
DownwardAPI: &api.DownwardAPIVolumeSource{
Items: []api.DownwardAPIVolumeFile{{
Path: "..badFileName",
FieldRef: &api.ObjectFieldSelector{
APIVersion: "v1",
FieldPath: "metadata.labels",
},
}},
},
},
},
errtype: field.ErrorTypeInvalid,
errfield: "downwardAPI.path",
errdetail: `must not start with '..'`,
},
{
name: "downapi dot dot first level dirent",
vol: api.Volume{
Name: "downapi",
VolumeSource: api.VolumeSource{
DownwardAPI: &api.DownwardAPIVolumeSource{
Items: []api.DownwardAPIVolumeFile{{
Path: "..badDirName/goodFileName",
FieldRef: &api.ObjectFieldSelector{
APIVersion: "v1",
FieldPath: "metadata.labels",
},
}},
},
},
},
errtype: field.ErrorTypeInvalid,
errfield: "downwardAPI.path",
errdetail: `must not start with '..'`,
},
{
name: "downapi fieldRef and ResourceFieldRef together",
vol: api.Volume{
Name: "downapi",
VolumeSource: api.VolumeSource{
DownwardAPI: &api.DownwardAPIVolumeSource{
Items: []api.DownwardAPIVolumeFile{{
Path: "test",
FieldRef: &api.ObjectFieldSelector{
APIVersion: "v1",
FieldPath: "metadata.labels",
},
ResourceFieldRef: &api.ResourceFieldSelector{
ContainerName: "test-container",
Resource: "requests.memory",
},
}},
},
},
},
errtype: field.ErrorTypeInvalid,
errfield: "downwardAPI",
errdetail: "fieldRef and resourceFieldRef can not be specified simultaneously",
},
Add mode permission bits to configmap, secrets and downwardAPI This implements the proposal in: docs/proposals/secret-configmap-downwarapi-file-mode.md Fixes: #28317. The mounttest image is updated so it returns the permissions of the linked file and not the symlink itself.
2016-07-10 20:48:28 -04:00
{
name: "downapi invalid positive defaultMode",
vol: api.Volume{
Name: "downapi",
VolumeSource: api.VolumeSource{
DownwardAPI: &api.DownwardAPIVolumeSource{
DefaultMode: newInt32(01000),
},
},
},
errtype: field.ErrorTypeInvalid,
errfield: "downwardAPI.defaultMode",
},
{
name: "downapi invalid negative defaultMode",
vol: api.Volume{
Name: "downapi",
VolumeSource: api.VolumeSource{
DownwardAPI: &api.DownwardAPIVolumeSource{
DefaultMode: newInt32(-1),
},
},
},
errtype: field.ErrorTypeInvalid,
errfield: "downwardAPI.defaultMode",
},
Clean up the ugliest unit test ever This volume-validation test was a disaster. Better now, if longer to scroll-through.
2016-07-30 02:52:25 -04:00
// FC
{
FC plugin: Support WWID for volume identifier This PR adds World Wide Identifier (WWID) parameter to FCVolumeSource as an unique volume identifier. fixes #48639
2017-07-10 19:51:24 -04:00
name: "FC valid targetWWNs and lun",
Clean up the ugliest unit test ever This volume-validation test was a disaster. Better now, if longer to scroll-through.
2016-07-30 02:52:25 -04:00
vol: api.Volume{
Name: "fc",
VolumeSource: api.VolumeSource{
FC: &api.FCVolumeSource{
TargetWWNs: []string{"some_wwn"},
Lun: newInt32(1),
FSType: "ext4",
ReadOnly: false,
},
},
},
},
{
FC plugin: Support WWID for volume identifier This PR adds World Wide Identifier (WWID) parameter to FCVolumeSource as an unique volume identifier. fixes #48639
2017-07-10 19:51:24 -04:00
name: "FC valid wwids",
vol: api.Volume{
Name: "fc",
VolumeSource: api.VolumeSource{
FC: &api.FCVolumeSource{
WWIDs: []string{"some_wwid"},
FSType: "ext4",
ReadOnly: false,
},
},
},
},
{
name: "FC empty targetWWNs and wwids",
Clean up the ugliest unit test ever This volume-validation test was a disaster. Better now, if longer to scroll-through.
2016-07-30 02:52:25 -04:00
vol: api.Volume{
Name: "fc",
VolumeSource: api.VolumeSource{
FC: &api.FCVolumeSource{
TargetWWNs: []string{},
Lun: newInt32(1),
FC plugin: Support WWID for volume identifier This PR adds World Wide Identifier (WWID) parameter to FCVolumeSource as an unique volume identifier. fixes #48639
2017-07-10 19:51:24 -04:00
WWIDs: []string{},
Clean up the ugliest unit test ever This volume-validation test was a disaster. Better now, if longer to scroll-through.
2016-07-30 02:52:25 -04:00
FSType: "ext4",
ReadOnly: false,
},
},
},
FC plugin: Support WWID for volume identifier This PR adds World Wide Identifier (WWID) parameter to FCVolumeSource as an unique volume identifier. fixes #48639
2017-07-10 19:51:24 -04:00
errtype: field.ErrorTypeRequired,
errfield: "fc.targetWWNs",
errdetail: "must specify either targetWWNs or wwids",
},
{
name: "FC invalid: both targetWWNs and wwids simultaneously",
vol: api.Volume{
Name: "fc",
VolumeSource: api.VolumeSource{
FC: &api.FCVolumeSource{
TargetWWNs: []string{"some_wwn"},
Lun: newInt32(1),
WWIDs: []string{"some_wwid"},
FSType: "ext4",
ReadOnly: false,
},
},
},
errtype: field.ErrorTypeInvalid,
errfield: "fc.targetWWNs",
errdetail: "targetWWNs and wwids can not be specified simultaneously",
Clean up the ugliest unit test ever This volume-validation test was a disaster. Better now, if longer to scroll-through.
2016-07-30 02:52:25 -04:00
},
{
FC plugin: Support WWID for volume identifier This PR adds World Wide Identifier (WWID) parameter to FCVolumeSource as an unique volume identifier. fixes #48639
2017-07-10 19:51:24 -04:00
name: "FC valid targetWWNs and empty lun",
Clean up the ugliest unit test ever This volume-validation test was a disaster. Better now, if longer to scroll-through.
2016-07-30 02:52:25 -04:00
vol: api.Volume{
Name: "fc",
VolumeSource: api.VolumeSource{
FC: &api.FCVolumeSource{
TargetWWNs: []string{"wwn"},
Lun: nil,
FSType: "ext4",
ReadOnly: false,
},
},
},
FC plugin: Support WWID for volume identifier This PR adds World Wide Identifier (WWID) parameter to FCVolumeSource as an unique volume identifier. fixes #48639
2017-07-10 19:51:24 -04:00
errtype: field.ErrorTypeRequired,
errfield: "fc.lun",
errdetail: "lun is required if targetWWNs is specified",
},
{
name: "FC valid targetWWNs and invalid lun",
vol: api.Volume{
Name: "fc",
VolumeSource: api.VolumeSource{
FC: &api.FCVolumeSource{
TargetWWNs: []string{"wwn"},
Lun: newInt32(256),
FSType: "ext4",
ReadOnly: false,
},
},
},
errtype: field.ErrorTypeInvalid,
errfield: "fc.lun",
errdetail: validation.InclusiveRangeError(0, 255),
Clean up the ugliest unit test ever This volume-validation test was a disaster. Better now, if longer to scroll-through.
2016-07-30 02:52:25 -04:00
},
// FlexVolume
{
name: "valid FlexVolume",
vol: api.Volume{
Name: "flex-volume",
VolumeSource: api.VolumeSource{
FlexVolume: &api.FlexVolumeSource{
Driver: "kubernetes.io/blue",
FSType: "ext4",
},
},
},
},
// AzureFile
{
name: "valid AzureFile",
vol: api.Volume{
Name: "azure-file",
VolumeSource: api.VolumeSource{
AzureFile: &api.AzureFileVolumeSource{
SecretName: "key",
ShareName: "share",
ReadOnly: false,
},
},
},
},
{
name: "AzureFile empty secret",
vol: api.Volume{
Name: "azure-file",
VolumeSource: api.VolumeSource{
AzureFile: &api.AzureFileVolumeSource{
SecretName: "",
ShareName: "share",
ReadOnly: false,
},
},
},
errtype: field.ErrorTypeRequired,
errfield: "azureFile.secretName",
},
{
name: "AzureFile empty share",
vol: api.Volume{
Name: "azure-file",
VolumeSource: api.VolumeSource{
AzureFile: &api.AzureFileVolumeSource{
SecretName: "name",
ShareName: "",
ReadOnly: false,
},
},
},
errtype: field.ErrorTypeRequired,
errfield: "azureFile.shareName",
Downward API implementation for resources limits and requests
2016-05-23 18:08:22 -04:00
},
Initial Quobyte support
2016-04-20 04:38:19 -04:00
// Quobyte
{
name: "valid Quobyte",
vol: api.Volume{
Name: "quobyte",
VolumeSource: api.VolumeSource{
Quobyte: &api.QuobyteVolumeSource{
Registry: "registry:7861",
Volume: "volume",
ReadOnly: false,
User: "root",
Group: "root",
},
},
},
},
{
name: "empty registry quobyte",
vol: api.Volume{
Name: "quobyte",
VolumeSource: api.VolumeSource{
Quobyte: &api.QuobyteVolumeSource{
Volume: "/test",
},
},
},
errtype: field.ErrorTypeRequired,
errfield: "quobyte.registry",
},
{
name: "wrong format registry quobyte",
vol: api.Volume{
Name: "quobyte",
VolumeSource: api.VolumeSource{
Quobyte: &api.QuobyteVolumeSource{
Registry: "registry7861",
Volume: "/test",
},
},
},
errtype: field.ErrorTypeInvalid,
errfield: "quobyte.registry",
},
{
name: "wrong format multiple registries quobyte",
vol: api.Volume{
Name: "quobyte",
VolumeSource: api.VolumeSource{
Quobyte: &api.QuobyteVolumeSource{
Registry: "registry:7861,reg2",
Volume: "/test",
},
},
},
errtype: field.ErrorTypeInvalid,
errfield: "quobyte.registry",
},
{
name: "empty volume quobyte",
vol: api.Volume{
Name: "quobyte",
VolumeSource: api.VolumeSource{
Quobyte: &api.QuobyteVolumeSource{
Registry: "registry:7861",
},
},
},
errtype: field.ErrorTypeRequired,
errfield: "quobyte.volume",
},
support Azure data disk volume Signed-off-by: Huamin Chen <hchen@redhat.com>
2016-07-27 14:07:34 -04:00
// AzureDisk
{
name: "valid AzureDisk",
vol: api.Volume{
Name: "azure-disk",
VolumeSource: api.VolumeSource{
AzureDisk: &api.AzureDiskVolumeSource{
DiskName: "foo",
DataDiskURI: "https://blob/vhds/bar.vhd",
},
},
},
},
{
name: "AzureDisk empty disk name",
vol: api.Volume{
Name: "azure-disk",
VolumeSource: api.VolumeSource{
AzureDisk: &api.AzureDiskVolumeSource{
DiskName: "",
DataDiskURI: "https://blob/vhds/bar.vhd",
},
},
},
errtype: field.ErrorTypeRequired,
errfield: "azureDisk.diskName",
},
{
name: "AzureDisk empty disk uri",
vol: api.Volume{
Name: "azure-disk",
VolumeSource: api.VolumeSource{
AzureDisk: &api.AzureDiskVolumeSource{
DiskName: "foo",
DataDiskURI: "",
},
},
},
errtype: field.ErrorTypeRequired,
errfield: "azureDisk.diskURI",
},
Addition of ScaleIO Kubernetes Volume Plugin This commits implements the Kubernetes volume plugin allowing pods to seamlessly access and use data stored on ScaleIO volumes.
2016-11-19 15:46:23 -05:00
// ScaleIO
{
name: "valid scaleio volume",
vol: api.Volume{
Name: "scaleio-volume",
VolumeSource: api.VolumeSource{
ScaleIO: &api.ScaleIOVolumeSource{
Gateway: "http://abcd/efg",
System: "test-system",
VolumeName: "test-vol-1",
},
},
},
},
{
name: "ScaleIO with empty name",
vol: api.Volume{
Name: "scaleio-volume",
VolumeSource: api.VolumeSource{
ScaleIO: &api.ScaleIOVolumeSource{
Gateway: "http://abcd/efg",
System: "test-system",
VolumeName: "",
},
},
},
errtype: field.ErrorTypeRequired,
errfield: "scaleIO.volumeName",
},
{
name: "ScaleIO with empty gateway",
vol: api.Volume{
Name: "scaleio-volume",
VolumeSource: api.VolumeSource{
ScaleIO: &api.ScaleIOVolumeSource{
Gateway: "",
System: "test-system",
VolumeName: "test-vol-1",
},
},
},
errtype: field.ErrorTypeRequired,
errfield: "scaleIO.gateway",
},
{
name: "ScaleIO with empty system",
vol: api.Volume{
Name: "scaleio-volume",
VolumeSource: api.VolumeSource{
ScaleIO: &api.ScaleIOVolumeSource{
Gateway: "http://agc/efg/gateway",
System: "",
VolumeName: "test-vol-1",
},
},
},
errtype: field.ErrorTypeRequired,
errfield: "scaleIO.system",
},
Add validation of Volumes
2014-07-01 17:40:36 -04:00
}
Clean up the ugliest unit test ever This volume-validation test was a disaster. Better now, if longer to scroll-through.
2016-07-30 02:52:25 -04:00
for i, tc := range testCases {
Add settings API and admission controller export functions from pkg/api/validation add settings API add settings to pkg/registry add settings api to pkg/master/master.go add admission control plugin for pod preset add new admission control plugin to kube-apiserver add settings to import_known_versions.go add settings to codegen add validation tests add settings to client generation add protobufs generation for settings api update linted packages add settings to testapi add settings install to clientset add start of e2e add pod preset plugin to config-test.sh Signed-off-by: Jess Frazelle <acidburn@google.com>
2017-02-24 14:08:15 -05:00
names, errs := ValidateVolumes([]api.Volume{tc.vol}, field.NewPath("field"))
Clean up the ugliest unit test ever This volume-validation test was a disaster. Better now, if longer to scroll-through.
2016-07-30 02:52:25 -04:00
if len(errs) > 0 && tc.errtype == "" {
t.Errorf("[%d: %q] unexpected error(s): %v", i, tc.name, errs)
} else if len(errs) > 1 {
t.Errorf("[%d: %q] expected 1 error, got %d: %v", i, tc.name, len(errs), errs)
} else if len(errs) == 0 && tc.errtype != "" {
t.Errorf("[%d: %q] expected error type %v", i, tc.name, tc.errtype)
} else if len(errs) == 1 {
if errs[0].Type != tc.errtype {
t.Errorf("[%d: %q] expected error type %v, got %v", i, tc.name, tc.errtype, errs[0].Type)
} else if !strings.HasSuffix(errs[0].Field, "."+tc.errfield) {
t.Errorf("[%d: %q] expected error on field %q, got %q", i, tc.name, tc.errfield, errs[0].Field)
} else if !strings.Contains(errs[0].Detail, tc.errdetail) {
t.Errorf("[%d: %q] expected error detail %q, got %q", i, tc.name, tc.errdetail, errs[0].Detail)
Convert field errors into a selector for the object Satisfies the "Field" condition for a Cause. Also addresses parts of #914.
2014-08-19 23:54:20 -04:00
}
Clean up the ugliest unit test ever This volume-validation test was a disaster. Better now, if longer to scroll-through.
2016-07-30 02:52:25 -04:00
} else {
if len(names) != 1 || !names.Has(tc.vol.Name) {
t.Errorf("[%d: %q] wrong names result: %v", i, tc.name, names)
Add more information to Validator error messages.
2015-02-04 19:36:27 -05:00
}
Add validation for Container.Env This includes backwards compat with the older "key" field.
2014-07-01 18:56:30 -04:00
}
}
Clean up the ugliest unit test ever This volume-validation test was a disaster. Better now, if longer to scroll-through.
2016-07-30 02:52:25 -04:00
dupsCase := []api.Volume{
{Name: "abc", VolumeSource: api.VolumeSource{EmptyDir: &api.EmptyDirVolumeSource{}}},
{Name: "abc", VolumeSource: api.VolumeSource{EmptyDir: &api.EmptyDirVolumeSource{}}},
}
Add settings API and admission controller export functions from pkg/api/validation add settings API add settings to pkg/registry add settings api to pkg/master/master.go add admission control plugin for pod preset add new admission control plugin to kube-apiserver add settings to import_known_versions.go add settings to codegen add validation tests add settings to client generation add protobufs generation for settings api update linted packages add settings to testapi add settings install to clientset add start of e2e add pod preset plugin to config-test.sh Signed-off-by: Jess Frazelle <acidburn@google.com>
2017-02-24 14:08:15 -05:00
_, errs := ValidateVolumes(dupsCase, field.NewPath("field"))
Clean up the ugliest unit test ever This volume-validation test was a disaster. Better now, if longer to scroll-through.
2016-07-30 02:52:25 -04:00
if len(errs) == 0 {
t.Errorf("expected error")
} else if len(errs) != 1 {
t.Errorf("expected 1 error, got %d: %v", len(errs), errs)
} else if errs[0].Type != field.ErrorTypeDuplicate {
t.Errorf("expected error type %v, got %v", field.ErrorTypeDuplicate, errs[0].Type)
}
Add validation for Container.Env This includes backwards compat with the older "key" field.
2014-07-01 18:56:30 -04:00
}
Add storage isolation API This PR adds the new APIs to support storage capacity isolation as described in the proposal https://github.com/kubernetes/community/pull/306 1. Add SizeLimit for emptyDir volume 2. Add scratch and overlay storage type used by container level or node level
2017-05-25 16:53:40 -04:00
func TestAlphaLocalStorageCapacityIsolation(t *testing.T) {
testCases := []api.VolumeSource{
Change SizeLimit to a pointer This PR fixes issue #50121
2017-08-04 14:50:38 -04:00
{EmptyDir: &api.EmptyDirVolumeSource{SizeLimit: resource.NewQuantity(int64(5), resource.BinarySI)}},
Add storage isolation API This PR adds the new APIs to support storage capacity isolation as described in the proposal https://github.com/kubernetes/community/pull/306 1. Add SizeLimit for emptyDir volume 2. Add scratch and overlay storage type used by container level or node level
2017-05-25 16:53:40 -04:00
}
// Enable alpha feature LocalStorageCapacityIsolation
err := utilfeature.DefaultFeatureGate.Set("LocalStorageCapacityIsolation=true")
if err != nil {
t.Errorf("Failed to enable feature gate for LocalStorageCapacityIsolation: %v", err)
return
}
for _, tc := range testCases {
iSCSI volume plugin: iSCSI initiatorname support This PR adds iSCSI initiatorname parameter to ISCSIVolumeSource to enable automatic configuration of initiator name per volume. This would allow for more fine grained configuration, and remove the need to configure the initiator name on the host by administrator. fixes: #47311
2017-07-11 23:37:48 -04:00
if errs := validateVolumeSource(&tc, field.NewPath("spec"), "tmpvol"); len(errs) != 0 {
Add storage isolation API This PR adds the new APIs to support storage capacity isolation as described in the proposal https://github.com/kubernetes/community/pull/306 1. Add SizeLimit for emptyDir volume 2. Add scratch and overlay storage type used by container level or node level
2017-05-25 16:53:40 -04:00
t.Errorf("expected success: %v", errs)
}
}
// Disable alpha feature LocalStorageCapacityIsolation
err = utilfeature.DefaultFeatureGate.Set("LocalStorageCapacityIsolation=false")
if err != nil {
t.Errorf("Failed to disable feature gate for LocalStorageCapacityIsolation: %v", err)
return
}
for _, tc := range testCases {
iSCSI volume plugin: iSCSI initiatorname support This PR adds iSCSI initiatorname parameter to ISCSIVolumeSource to enable automatic configuration of initiator name per volume. This would allow for more fine grained configuration, and remove the need to configure the initiator name on the host by administrator. fixes: #47311
2017-07-11 23:37:48 -04:00
if errs := validateVolumeSource(&tc, field.NewPath("spec"), "tmpvol"); len(errs) == 0 {
Add storage isolation API This PR adds the new APIs to support storage capacity isolation as described in the proposal https://github.com/kubernetes/community/pull/306 1. Add SizeLimit for emptyDir volume 2. Add scratch and overlay storage type used by container level or node level
2017-05-25 16:53:40 -04:00
t.Errorf("expected failure: %v", errs)
}
}
containerLimitCase := api.ResourceRequirements{
Limits: api.ResourceList{
Change validation for local ephemeral storage
2017-08-24 00:43:06 -04:00
api.ResourceEphemeralStorage: *resource.NewMilliQuantity(
Add storage isolation API This PR adds the new APIs to support storage capacity isolation as described in the proposal https://github.com/kubernetes/community/pull/306 1. Add SizeLimit for emptyDir volume 2. Add scratch and overlay storage type used by container level or node level
2017-05-25 16:53:40 -04:00
int64(40000),
resource.BinarySI),
},
}
// Enable alpha feature LocalStorageCapacityIsolation
err = utilfeature.DefaultFeatureGate.Set("LocalStorageCapacityIsolation=true")
if err != nil {
t.Errorf("Failed to enable feature gate for LocalStorageCapacityIsolation: %v", err)
return
}
if errs := ValidateResourceRequirements(&containerLimitCase, field.NewPath("resources")); len(errs) != 0 {
t.Errorf("expected success: %v", errs)
}
// Disable alpha feature LocalStorageCapacityIsolation
err = utilfeature.DefaultFeatureGate.Set("LocalStorageCapacityIsolation=false")
if err != nil {
t.Errorf("Failed to disable feature gate for LocalStorageCapacityIsolation: %v", err)
return
}
if errs := ValidateResourceRequirements(&containerLimitCase, field.NewPath("resources")); len(errs) == 0 {
t.Errorf("expected failure: %v", errs)
}
}
Add feature gate for local storage quota
2017-08-15 22:29:29 -04:00
func TestValidateResourceQuotaWithAlphaLocalStorageCapacityIsolation(t *testing.T) {
spec := api.ResourceQuotaSpec{
Hard: api.ResourceList{
api.ResourceCPU: resource.MustParse("100"),
api.ResourceMemory: resource.MustParse("10000"),
api.ResourceRequestsCPU: resource.MustParse("100"),
api.ResourceRequestsMemory: resource.MustParse("10000"),
api.ResourceLimitsCPU: resource.MustParse("100"),
api.ResourceLimitsMemory: resource.MustParse("10000"),
api.ResourcePods: resource.MustParse("10"),
api.ResourceServices: resource.MustParse("0"),
api.ResourceReplicationControllers: resource.MustParse("10"),
api.ResourceQuotas: resource.MustParse("10"),
api.ResourceConfigMaps: resource.MustParse("10"),
api.ResourceSecrets: resource.MustParse("10"),
api.ResourceEphemeralStorage: resource.MustParse("10000"),
api.ResourceRequestsEphemeralStorage: resource.MustParse("10000"),
api.ResourceLimitsEphemeralStorage: resource.MustParse("10000"),
},
}
resourceQuota := &api.ResourceQuota{
ObjectMeta: metav1.ObjectMeta{
Name: "abc",
Namespace: "foo",
},
Spec: spec,
}
// Enable alpha feature LocalStorageCapacityIsolation
err := utilfeature.DefaultFeatureGate.Set("LocalStorageCapacityIsolation=true")
if err != nil {
t.Errorf("Failed to enable feature gate for LocalStorageCapacityIsolation: %v", err)
return
}
if errs := ValidateResourceQuota(resourceQuota); len(errs) != 0 {
t.Errorf("expected success: %v", errs)
}
// Disable alpha feature LocalStorageCapacityIsolation
err = utilfeature.DefaultFeatureGate.Set("LocalStorageCapacityIsolation=false")
if err != nil {
t.Errorf("Failed to disable feature gate for LocalStorageCapacityIsolation: %v", err)
return
}
errs := ValidateResourceQuota(resourceQuota)
if len(errs) == 0 {
t.Errorf("expected failure for %s", resourceQuota.Name)
}
expectedErrMes := "ResourceEphemeralStorage field disabled by feature-gate for ResourceQuota"
for i := range errs {
if !strings.Contains(errs[i].Detail, expectedErrMes) {
t.Errorf("[%s]: expected error detail either empty or %s, got %s", resourceQuota.Name, expectedErrMes, errs[i].Detail)
}
}
}
Add validation of Ports Also do caseless compares for "enum" strings.
2014-07-08 00:32:56 -04:00
func TestValidatePorts(t *testing.T) {
Rename type Port to ContainerPort Sadly I had to do this by hand - I just could not get gorename to fix up users of it.
2015-02-23 17:25:56 -05:00
successCase := []api.ContainerPort{
Add validation of Ports Also do caseless compares for "enum" strings.
2014-07-08 00:32:56 -04:00
{Name: "abc", ContainerPort: 80, HostPort: 80, Protocol: "TCP"},
{Name: "easy", ContainerPort: 82, Protocol: "TCP"},
{Name: "as", ContainerPort: 83, Protocol: "UDP"},
Factor out API defaulting from validation logic Currently, the validation logic validates fields in an object and supply default values wherever applies. This change factors out defaulting to a set of defaulting callback functions for decoding (see #1502 for more discussion). * This change is based on pull request 2587. * Most defaulting has been migrated to defaults.go where the defaulting functions are added. * validation_test.go and converter_test.go have been adapted to not testing the default values. * Fixed all tests with that create invalid objects with the absence of defaulting logic.
2015-01-26 12:52:50 -05:00
{Name: "do-re-me", ContainerPort: 84, Protocol: "UDP"},
{ContainerPort: 85, Protocol: "TCP"},
Add validation of Ports Also do caseless compares for "enum" strings.
2014-07-08 00:32:56 -04:00
}
Move FieldPath and errors to a sub-package This makes the naming and reading a lot simpler.
2015-11-06 18:30:52 -05:00
if errs := validateContainerPorts(successCase, field.NewPath("field")); len(errs) != 0 {
Accumulate validation errors Rather than report the first error, accumulate all errors and report them all at once.
2014-07-08 02:20:30 -04:00
t.Errorf("expected success: %v", errs)
Add validation of Ports Also do caseless compares for "enum" strings.
2014-07-08 00:32:56 -04:00
}
Rename type Port to ContainerPort Sadly I had to do this by hand - I just could not get gorename to fix up users of it.
2015-02-23 17:25:56 -05:00
nonCanonicalCase := []api.ContainerPort{
Factor out API defaulting from validation logic Currently, the validation logic validates fields in an object and supply default values wherever applies. This change factors out defaulting to a set of defaulting callback functions for decoding (see #1502 for more discussion). * This change is based on pull request 2587. * Most defaulting has been migrated to defaults.go where the defaulting functions are added. * validation_test.go and converter_test.go have been adapted to not testing the default values. * Fixed all tests with that create invalid objects with the absence of defaulting logic.
2015-01-26 12:52:50 -05:00
{ContainerPort: 80, Protocol: "TCP"},
Add validation of Ports Also do caseless compares for "enum" strings.
2014-07-08 00:32:56 -04:00
}
Move FieldPath and errors to a sub-package This makes the naming and reading a lot simpler.
2015-11-06 18:30:52 -05:00
if errs := validateContainerPorts(nonCanonicalCase, field.NewPath("field")); len(errs) != 0 {
Accumulate validation errors Rather than report the first error, accumulate all errors and report them all at once.
2014-07-08 02:20:30 -04:00
t.Errorf("expected success: %v", errs)
Add validation of Ports Also do caseless compares for "enum" strings.
2014-07-08 00:32:56 -04:00
}
Convert field errors into a selector for the object Satisfies the "Field" condition for a Cause. Also addresses parts of #914.
2014-08-19 23:54:20 -04:00
errorCases := map[string]struct {
Rename type Port to ContainerPort Sadly I had to do this by hand - I just could not get gorename to fix up users of it.
2015-02-23 17:25:56 -05:00
P []api.ContainerPort
Move FieldPath and errors to a sub-package This makes the naming and reading a lot simpler.
2015-11-06 18:30:52 -05:00
T field.ErrorType
Convert field errors into a selector for the object Satisfies the "Field" condition for a Cause. Also addresses parts of #914.
2014-08-19 23:54:20 -04:00
F string
Add more information to Validator error messages.
2015-02-04 19:36:27 -05:00
D string
Convert field errors into a selector for the object Satisfies the "Field" condition for a Cause. Also addresses parts of #914.
2014-08-19 23:54:20 -04:00
}{
Convert validation to use FieldPath Before this change we have a mish-mash of ways to pass field names around for error generation. Sometimes string fieldnames, sometimes .Prefix(), sometimes neither, often wrong names or not indexed when it should be. Instead of that mess, this is part one of a couple of commits that will make it more strongly typed and hopefully encourage correct behavior. At least you will have to think about field names, which is better than nothing. It turned out to be really hard to do this incrementally.
2015-11-04 16:52:14 -05:00
"name > 15 characters": {
[]api.ContainerPort{{Name: strings.Repeat("a", 16), ContainerPort: 80, Protocol: "TCP"}},
Move FieldPath and errors to a sub-package This makes the naming and reading a lot simpler.
2015-11-06 18:30:52 -05:00
field.ErrorTypeInvalid,
Make IsValidPortNum/Name return error strings
2016-01-04 11:33:26 -05:00
"name", "15",
Convert validation to use FieldPath Before this change we have a mish-mash of ways to pass field names around for error generation. Sometimes string fieldnames, sometimes .Prefix(), sometimes neither, often wrong names or not indexed when it should be. Instead of that mess, this is part one of a couple of commits that will make it more strongly typed and hopefully encourage correct behavior. At least you will have to think about field names, which is better than nothing. It turned out to be really hard to do this incrementally.
2015-11-04 16:52:14 -05:00
},
Make IsValidPortNum/Name return error strings
2016-01-04 11:33:26 -05:00
"name contains invalid characters": {
Convert validation to use FieldPath Before this change we have a mish-mash of ways to pass field names around for error generation. Sometimes string fieldnames, sometimes .Prefix(), sometimes neither, often wrong names or not indexed when it should be. Instead of that mess, this is part one of a couple of commits that will make it more strongly typed and hopefully encourage correct behavior. At least you will have to think about field names, which is better than nothing. It turned out to be really hard to do this incrementally.
2015-11-04 16:52:14 -05:00
[]api.ContainerPort{{Name: "a.b.c", ContainerPort: 80, Protocol: "TCP"}},
Move FieldPath and errors to a sub-package This makes the naming and reading a lot simpler.
2015-11-06 18:30:52 -05:00
field.ErrorTypeInvalid,
Make IsValidPortNum/Name return error strings
2016-01-04 11:33:26 -05:00
"name", "alpha-numeric",
Convert validation to use FieldPath Before this change we have a mish-mash of ways to pass field names around for error generation. Sometimes string fieldnames, sometimes .Prefix(), sometimes neither, often wrong names or not indexed when it should be. Instead of that mess, this is part one of a couple of commits that will make it more strongly typed and hopefully encourage correct behavior. At least you will have to think about field names, which is better than nothing. It turned out to be really hard to do this incrementally.
2015-11-04 16:52:14 -05:00
},
Make IsValidPortNum/Name return error strings
2016-01-04 11:33:26 -05:00
"name is a number": {
Convert validation to use FieldPath Before this change we have a mish-mash of ways to pass field names around for error generation. Sometimes string fieldnames, sometimes .Prefix(), sometimes neither, often wrong names or not indexed when it should be. Instead of that mess, this is part one of a couple of commits that will make it more strongly typed and hopefully encourage correct behavior. At least you will have to think about field names, which is better than nothing. It turned out to be really hard to do this incrementally.
2015-11-04 16:52:14 -05:00
[]api.ContainerPort{{Name: "80", ContainerPort: 80, Protocol: "TCP"}},
Move FieldPath and errors to a sub-package This makes the naming and reading a lot simpler.
2015-11-06 18:30:52 -05:00
field.ErrorTypeInvalid,
Make IsValidPortNum/Name return error strings
2016-01-04 11:33:26 -05:00
"name", "at least one letter",
Convert validation to use FieldPath Before this change we have a mish-mash of ways to pass field names around for error generation. Sometimes string fieldnames, sometimes .Prefix(), sometimes neither, often wrong names or not indexed when it should be. Instead of that mess, this is part one of a couple of commits that will make it more strongly typed and hopefully encourage correct behavior. At least you will have to think about field names, which is better than nothing. It turned out to be really hard to do this incrementally.
2015-11-04 16:52:14 -05:00
},
"name not unique": {
[]api.ContainerPort{
{Name: "abc", ContainerPort: 80, Protocol: "TCP"},
{Name: "abc", ContainerPort: 81, Protocol: "TCP"},
},
Move FieldPath and errors to a sub-package This makes the naming and reading a lot simpler.
2015-11-06 18:30:52 -05:00
field.ErrorTypeDuplicate,
Convert validation to use FieldPath Before this change we have a mish-mash of ways to pass field names around for error generation. Sometimes string fieldnames, sometimes .Prefix(), sometimes neither, often wrong names or not indexed when it should be. Instead of that mess, this is part one of a couple of commits that will make it more strongly typed and hopefully encourage correct behavior. At least you will have to think about field names, which is better than nothing. It turned out to be really hard to do this incrementally.
2015-11-04 16:52:14 -05:00
"[1].name", "",
},
"zero container port": {
[]api.ContainerPort{{ContainerPort: 0, Protocol: "TCP"}},
Make IsValidPortNum/Name return error strings
2016-01-04 11:33:26 -05:00
field.ErrorTypeRequired,
"containerPort", "",
Convert validation to use FieldPath Before this change we have a mish-mash of ways to pass field names around for error generation. Sometimes string fieldnames, sometimes .Prefix(), sometimes neither, often wrong names or not indexed when it should be. Instead of that mess, this is part one of a couple of commits that will make it more strongly typed and hopefully encourage correct behavior. At least you will have to think about field names, which is better than nothing. It turned out to be really hard to do this incrementally.
2015-11-04 16:52:14 -05:00
},
"invalid container port": {
[]api.ContainerPort{{ContainerPort: 65536, Protocol: "TCP"}},
Move FieldPath and errors to a sub-package This makes the naming and reading a lot simpler.
2015-11-06 18:30:52 -05:00
field.ErrorTypeInvalid,
Make IsValidPortNum/Name return error strings
2016-01-04 11:33:26 -05:00
"containerPort", "between",
Convert validation to use FieldPath Before this change we have a mish-mash of ways to pass field names around for error generation. Sometimes string fieldnames, sometimes .Prefix(), sometimes neither, often wrong names or not indexed when it should be. Instead of that mess, this is part one of a couple of commits that will make it more strongly typed and hopefully encourage correct behavior. At least you will have to think about field names, which is better than nothing. It turned out to be really hard to do this incrementally.
2015-11-04 16:52:14 -05:00
},
"invalid host port": {
[]api.ContainerPort{{ContainerPort: 80, HostPort: 65536, Protocol: "TCP"}},
Move FieldPath and errors to a sub-package This makes the naming and reading a lot simpler.
2015-11-06 18:30:52 -05:00
field.ErrorTypeInvalid,
Make IsValidPortNum/Name return error strings
2016-01-04 11:33:26 -05:00
"hostPort", "between",
Convert validation to use FieldPath Before this change we have a mish-mash of ways to pass field names around for error generation. Sometimes string fieldnames, sometimes .Prefix(), sometimes neither, often wrong names or not indexed when it should be. Instead of that mess, this is part one of a couple of commits that will make it more strongly typed and hopefully encourage correct behavior. At least you will have to think about field names, which is better than nothing. It turned out to be really hard to do this incrementally.
2015-11-04 16:52:14 -05:00
},
"invalid protocol case": {
[]api.ContainerPort{{ContainerPort: 80, Protocol: "tcp"}},
Move FieldPath and errors to a sub-package This makes the naming and reading a lot simpler.
2015-11-06 18:30:52 -05:00
field.ErrorTypeNotSupported,
Convert validation to use FieldPath Before this change we have a mish-mash of ways to pass field names around for error generation. Sometimes string fieldnames, sometimes .Prefix(), sometimes neither, often wrong names or not indexed when it should be. Instead of that mess, this is part one of a couple of commits that will make it more strongly typed and hopefully encourage correct behavior. At least you will have to think about field names, which is better than nothing. It turned out to be really hard to do this incrementally.
2015-11-04 16:52:14 -05:00
"protocol", "supported values: TCP, UDP",
},
"invalid protocol": {
[]api.ContainerPort{{ContainerPort: 80, Protocol: "ICMP"}},
Move FieldPath and errors to a sub-package This makes the naming and reading a lot simpler.
2015-11-06 18:30:52 -05:00
field.ErrorTypeNotSupported,
Convert validation to use FieldPath Before this change we have a mish-mash of ways to pass field names around for error generation. Sometimes string fieldnames, sometimes .Prefix(), sometimes neither, often wrong names or not indexed when it should be. Instead of that mess, this is part one of a couple of commits that will make it more strongly typed and hopefully encourage correct behavior. At least you will have to think about field names, which is better than nothing. It turned out to be really hard to do this incrementally.
2015-11-04 16:52:14 -05:00
"protocol", "supported values: TCP, UDP",
},
"protocol required": {
[]api.ContainerPort{{Name: "abc", ContainerPort: 80}},
Move FieldPath and errors to a sub-package This makes the naming and reading a lot simpler.
2015-11-06 18:30:52 -05:00
field.ErrorTypeRequired,
Convert validation to use FieldPath Before this change we have a mish-mash of ways to pass field names around for error generation. Sometimes string fieldnames, sometimes .Prefix(), sometimes neither, often wrong names or not indexed when it should be. Instead of that mess, this is part one of a couple of commits that will make it more strongly typed and hopefully encourage correct behavior. At least you will have to think about field names, which is better than nothing. It turned out to be really hard to do this incrementally.
2015-11-04 16:52:14 -05:00
"protocol", "",
},
Add validation of Ports Also do caseless compares for "enum" strings.
2014-07-08 00:32:56 -04:00
}
for k, v := range errorCases {
Move FieldPath and errors to a sub-package This makes the naming and reading a lot simpler.
2015-11-06 18:30:52 -05:00
errs := validateContainerPorts(v.P, field.NewPath("field"))
Convert field errors into a selector for the object Satisfies the "Field" condition for a Cause. Also addresses parts of #914.
2014-08-19 23:54:20 -04:00
if len(errs) == 0 {
Add validation of Ports Also do caseless compares for "enum" strings.
2014-07-08 00:32:56 -04:00
t.Errorf("expected failure for %s", k)
}
Convert field errors into a selector for the object Satisfies the "Field" condition for a Cause. Also addresses parts of #914.
2014-08-19 23:54:20 -04:00
for i := range errs {
Stronger typing for validation ErrorList
2015-11-03 19:08:20 -05:00
if errs[i].Type != v.T {
Convert validation to use FieldPath Before this change we have a mish-mash of ways to pass field names around for error generation. Sometimes string fieldnames, sometimes .Prefix(), sometimes neither, often wrong names or not indexed when it should be. Instead of that mess, this is part one of a couple of commits that will make it more strongly typed and hopefully encourage correct behavior. At least you will have to think about field names, which is better than nothing. It turned out to be really hard to do this incrementally.
2015-11-04 16:52:14 -05:00
t.Errorf("%s: expected error to have type %q: %q", k, v.T, errs[i].Type)
Convert field errors into a selector for the object Satisfies the "Field" condition for a Cause. Also addresses parts of #914.
2014-08-19 23:54:20 -04:00
}
Convert validation to use FieldPath Before this change we have a mish-mash of ways to pass field names around for error generation. Sometimes string fieldnames, sometimes .Prefix(), sometimes neither, often wrong names or not indexed when it should be. Instead of that mess, this is part one of a couple of commits that will make it more strongly typed and hopefully encourage correct behavior. At least you will have to think about field names, which is better than nothing. It turned out to be really hard to do this incrementally.
2015-11-04 16:52:14 -05:00
if !strings.Contains(errs[i].Field, v.F) {
t.Errorf("%s: expected error field %q: %q", k, v.F, errs[i].Field)
Convert field errors into a selector for the object Satisfies the "Field" condition for a Cause. Also addresses parts of #914.
2014-08-19 23:54:20 -04:00
}
Convert validation to use FieldPath Before this change we have a mish-mash of ways to pass field names around for error generation. Sometimes string fieldnames, sometimes .Prefix(), sometimes neither, often wrong names or not indexed when it should be. Instead of that mess, this is part one of a couple of commits that will make it more strongly typed and hopefully encourage correct behavior. At least you will have to think about field names, which is better than nothing. It turned out to be really hard to do this incrementally.
2015-11-04 16:52:14 -05:00
if !strings.Contains(errs[i].Detail, v.D) {
t.Errorf("%s: expected error detail %q, got %q", k, v.D, errs[i].Detail)
Add more information to Validator error messages.
2015-02-04 19:36:27 -05:00
}
Convert field errors into a selector for the object Satisfies the "Field" condition for a Cause. Also addresses parts of #914.
2014-08-19 23:54:20 -04:00
}
Add validation of Ports Also do caseless compares for "enum" strings.
2014-07-08 00:32:56 -04:00
}
}
Add local storage to downwards API
2017-08-10 03:26:07 -04:00
func TestLocalStorageEnvWithFeatureGate(t *testing.T) {
testCases := []api.EnvVar{
{
Name: "ephemeral-storage-limits",
ValueFrom: &api.EnvVarSource{
ResourceFieldRef: &api.ResourceFieldSelector{
ContainerName: "test-container",
Resource: "limits.ephemeral-storage",
},
},
},
{
Name: "ephemeral-storage-requests",
ValueFrom: &api.EnvVarSource{
ResourceFieldRef: &api.ResourceFieldSelector{
ContainerName: "test-container",
Resource: "requests.ephemeral-storage",
},
},
},
}
// Enable alpha feature LocalStorageCapacityIsolation
err := utilfeature.DefaultFeatureGate.Set("LocalStorageCapacityIsolation=true")
if err != nil {
t.Errorf("Failed to enable feature gate for LocalStorageCapacityIsolation: %v", err)
return
}
for _, testCase := range testCases {
if errs := validateEnvVarValueFrom(testCase, field.NewPath("field")); len(errs) != 0 {
t.Errorf("expected success, got: %v", errs)
}
}
// Disable alpha feature LocalStorageCapacityIsolation
err = utilfeature.DefaultFeatureGate.Set("LocalStorageCapacityIsolation=false")
if err != nil {
t.Errorf("Failed to disable feature gate for LocalStorageCapacityIsolation: %v", err)
return
}
for _, testCase := range testCases {
if errs := validateEnvVarValueFrom(testCase, field.NewPath("field")); len(errs) == 0 {
t.Errorf("expected failure for %v", testCase.Name)
}
}
}
Add validation for Container.Env This includes backwards compat with the older "key" field.
2014-07-01 18:56:30 -04:00
func TestValidateEnv(t *testing.T) {
Make validation work when not in the api package.
2014-08-29 21:20:27 -04:00
successCase := []api.EnvVar{
Add validation for Container.Env This includes backwards compat with the older "key" field.
2014-07-01 18:56:30 -04:00
{Name: "abc", Value: "value"},
{Name: "ABC", Value: "value"},
{Name: "AbC_123", Value: "value"},
{Name: "abc", Value: ""},
Relax restrictions on environment variable names. The POSIX standard restricts environment variable names to uppercase letters, digits, and the underscore character in shell contexts only. For generic application usage, it is stated that all other characters shall be tolerated. This change relaxes the rules to some degree. Namely, we stop requiring environment variable names to be strict C_IDENTIFIERS and start permitting lowercase, dot, and dash characters. Public container images using environment variable names beyond the shell-only context can benefit from this relaxation. Elasticsearch is one popular example.
2017-06-17 18:34:22 -04:00
{Name: "a.b.c", Value: "value"},
{Name: "a-b-c", Value: "value"},
Add downward API for environment vars
2015-04-23 16:57:30 -04:00
{
Name: "abc",
ValueFrom: &api.EnvVarSource{
Change EnvVarSource.FieldPath -> FieldRef and add example
2015-05-04 13:31:36 -04:00
FieldRef: &api.ObjectFieldSelector{
mechanical repercussions
2017-01-12 13:17:43 -05:00
APIVersion: api.Registry.GroupOrDie(api.GroupName).GroupVersion.String(),
Add downward API for environment vars
2015-04-23 16:57:30 -04:00
FieldPath: "metadata.name",
},
},
},
Add Pod UID (metadata.uid) to downward API env var
2017-06-27 04:54:35 -04:00
{
Name: "abc",
ValueFrom: &api.EnvVarSource{
FieldRef: &api.ObjectFieldSelector{
APIVersion: api.Registry.GroupOrDie(api.GroupName).GroupVersion.String(),
FieldPath: "metadata.namespace",
},
},
},
{
Name: "abc",
ValueFrom: &api.EnvVarSource{
FieldRef: &api.ObjectFieldSelector{
APIVersion: api.Registry.GroupOrDie(api.GroupName).GroupVersion.String(),
FieldPath: "metadata.uid",
},
},
},
Add spec.nodeName and spec.serviceAccountName to downward env var The serviceAccountName is occasionally useful for clients running on Kube that need to know who they are when talking to other components. The nodeName is useful for PetSet or DaemonSet pods that need to make calls back to the API to fetch info about their node. Both fields are immutable, and cannot easily be retrieved in another way.
2016-06-22 12:27:17 -04:00
{
Name: "abc",
ValueFrom: &api.EnvVarSource{
FieldRef: &api.ObjectFieldSelector{
mechanical repercussions
2017-01-12 13:17:43 -05:00
APIVersion: api.Registry.GroupOrDie(api.GroupName).GroupVersion.String(),
Add spec.nodeName and spec.serviceAccountName to downward env var The serviceAccountName is occasionally useful for clients running on Kube that need to know who they are when talking to other components. The nodeName is useful for PetSet or DaemonSet pods that need to make calls back to the API to fetch info about their node. Both fields are immutable, and cannot easily be retrieved in another way.
2016-06-22 12:27:17 -04:00
FieldPath: "spec.nodeName",
},
},
},
{
Name: "abc",
ValueFrom: &api.EnvVarSource{
FieldRef: &api.ObjectFieldSelector{
mechanical repercussions
2017-01-12 13:17:43 -05:00
APIVersion: api.Registry.GroupOrDie(api.GroupName).GroupVersion.String(),
Add spec.nodeName and spec.serviceAccountName to downward env var The serviceAccountName is occasionally useful for clients running on Kube that need to know who they are when talking to other components. The nodeName is useful for PetSet or DaemonSet pods that need to make calls back to the API to fetch info about their node. Both fields are immutable, and cannot easily be retrieved in another way.
2016-06-22 12:27:17 -04:00
FieldPath: "spec.serviceAccountName",
},
},
},
support hostIP in downward API
2017-03-08 03:08:09 -05:00
{
Name: "abc",
ValueFrom: &api.EnvVarSource{
FieldRef: &api.ObjectFieldSelector{
APIVersion: api.Registry.GroupOrDie(api.GroupName).GroupVersion.String(),
FieldPath: "status.hostIP",
},
},
},
{
Name: "abc",
ValueFrom: &api.EnvVarSource{
FieldRef: &api.ObjectFieldSelector{
APIVersion: api.Registry.GroupOrDie(api.GroupName).GroupVersion.String(),
FieldPath: "status.podIP",
},
},
},
Add validation for variant-type of EnvVarSource
2016-01-18 15:07:48 -05:00
{
Name: "secret_value",
ValueFrom: &api.EnvVarSource{
SecretKeyRef: &api.SecretKeySelector{
LocalObjectReference: api.LocalObjectReference{
Name: "some-secret",
},
Key: "secret-key",
},
},
},
Add validation for EnvVarSource variant
2016-01-18 22:31:29 -05:00
{
Name: "ENV_VAR_1",
ValueFrom: &api.EnvVarSource{
ConfigMapKeyRef: &api.ConfigMapKeySelector{
LocalObjectReference: api.LocalObjectReference{
Name: "some-config-map",
},
Key: "some-key",
},
},
},
Add validation for Container.Env This includes backwards compat with the older "key" field.
2014-07-01 18:56:30 -04:00
}
Add settings API and admission controller export functions from pkg/api/validation add settings API add settings to pkg/registry add settings api to pkg/master/master.go add admission control plugin for pod preset add new admission control plugin to kube-apiserver add settings to import_known_versions.go add settings to codegen add validation tests add settings to client generation add protobufs generation for settings api update linted packages add settings to testapi add settings install to clientset add start of e2e add pod preset plugin to config-test.sh Signed-off-by: Jess Frazelle <acidburn@google.com>
2017-02-24 14:08:15 -05:00
if errs := ValidateEnv(successCase, field.NewPath("field")); len(errs) != 0 {
Add Pod UID (metadata.uid) to downward API env var
2017-06-27 04:54:35 -04:00
t.Errorf("expected success, got: %v", errs)
Add validation for Container.Env This includes backwards compat with the older "key" field.
2014-07-01 18:56:30 -04:00
}
Add downward API for environment vars
2015-04-23 16:57:30 -04:00
errorCases := []struct {
name string
envs []api.EnvVar
expectedError string
}{
{
name: "zero-length name",
envs: []api.EnvVar{{Name: ""}},
Change how one-of blocks are validated I took a hard look at error output and played until I was happier. This now prints JSON for structs in the error, rather than go's format. Also made the error message easier to read. Fixed tests.
2015-11-15 01:36:25 -05:00
expectedError: "[0].name: Required value",
Add downward API for environment vars
2015-04-23 16:57:30 -04:00
},
{
Relax restrictions on environment variable names. The POSIX standard restricts environment variable names to uppercase letters, digits, and the underscore character in shell contexts only. For generic application usage, it is stated that all other characters shall be tolerated. This change relaxes the rules to some degree. Namely, we stop requiring environment variable names to be strict C_IDENTIFIERS and start permitting lowercase, dot, and dash characters. Public container images using environment variable names beyond the shell-only context can benefit from this relaxation. Elasticsearch is one popular example.
2017-06-17 18:34:22 -04:00
name: "illegal character",
envs: []api.EnvVar{{Name: "a!b"}},
expectedError: `[0].name: Invalid value: "a!b": ` + envVarNameErrMsg,
},
{
name: "dot only",
envs: []api.EnvVar{{Name: "."}},
expectedError: `[0].name: Invalid value: ".": must not be`,
},
{
name: "double dots only",
envs: []api.EnvVar{{Name: ".."}},
expectedError: `[0].name: Invalid value: "..": must not be`,
},
{
name: "leading double dots",
envs: []api.EnvVar{{Name: "..abc"}},
expectedError: `[0].name: Invalid value: "..abc": must not start with`,
Add downward API for environment vars
2015-04-23 16:57:30 -04:00
},
{
name: "value and valueFrom specified",
envs: []api.EnvVar{{
Name: "abc",
Value: "foo",
ValueFrom: &api.EnvVarSource{
Change EnvVarSource.FieldPath -> FieldRef and add example
2015-05-04 13:31:36 -04:00
FieldRef: &api.ObjectFieldSelector{
mechanical repercussions
2017-01-12 13:17:43 -05:00
APIVersion: api.Registry.GroupOrDie(api.GroupName).GroupVersion.String(),
Add downward API for environment vars
2015-04-23 16:57:30 -04:00
FieldPath: "metadata.name",
},
},
}},
Change how one-of blocks are validated I took a hard look at error output and played until I was happier. This now prints JSON for structs in the error, rather than go's format. Also made the error message easier to read. Fixed tests.
2015-11-15 01:36:25 -05:00
expectedError: "[0].valueFrom: Invalid value: \"\": may not be specified when `value` is not empty",
Add downward API for environment vars
2015-04-23 16:57:30 -04:00
},
Improved validation error message when env.valueFrom contains no (or misspelled) ref
2016-11-08 11:48:12 -05:00
{
name: "valueFrom without a source",
envs: []api.EnvVar{{
Improved validation error message when env.valueFrom contains no (or misspelled) ref
2016-11-15 04:36:34 -05:00
Name: "abc",
ValueFrom: &api.EnvVarSource{},
Improved validation error message when env.valueFrom contains no (or misspelled) ref
2016-11-08 11:48:12 -05:00
}},
expectedError: "[0].valueFrom: Invalid value: \"\": must specify one of: `fieldRef`, `resourceFieldRef`, `configMapKeyRef` or `secretKeyRef`",
},
Add validation for variant-type of EnvVarSource
2016-01-18 15:07:48 -05:00
{
Add validation for EnvVarSource variant
2016-01-18 22:31:29 -05:00
name: "valueFrom.fieldRef and valueFrom.secretKeyRef specified",
Add validation for variant-type of EnvVarSource
2016-01-18 15:07:48 -05:00
envs: []api.EnvVar{{
Name: "abc",
ValueFrom: &api.EnvVarSource{
FieldRef: &api.ObjectFieldSelector{
mechanical repercussions
2017-01-12 13:17:43 -05:00
APIVersion: api.Registry.GroupOrDie(api.GroupName).GroupVersion.String(),
Add validation for variant-type of EnvVarSource
2016-01-18 15:07:48 -05:00
FieldPath: "metadata.name",
},
SecretKeyRef: &api.SecretKeySelector{
LocalObjectReference: api.LocalObjectReference{
Name: "a-secret",
},
Key: "a-key",
},
},
}},
expectedError: "[0].valueFrom: Invalid value: \"\": may not have more than one field specified at a time",
},
Add validation for EnvVarSource variant
2016-01-18 22:31:29 -05:00
{
name: "valueFrom.fieldRef and valueFrom.configMapKeyRef set",
envs: []api.EnvVar{{
Name: "some_var_name",
ValueFrom: &api.EnvVarSource{
FieldRef: &api.ObjectFieldSelector{
mechanical repercussions
2017-01-12 13:17:43 -05:00
APIVersion: api.Registry.GroupOrDie(api.GroupName).GroupVersion.String(),
Add validation for EnvVarSource variant
2016-01-18 22:31:29 -05:00
FieldPath: "metadata.name",
},
ConfigMapKeyRef: &api.ConfigMapKeySelector{
LocalObjectReference: api.LocalObjectReference{
Name: "some-config-map",
},
Key: "some-key",
},
},
}},
expectedError: `[0].valueFrom: Invalid value: "": may not have more than one field specified at a time`,
},
{
name: "valueFrom.fieldRef and valueFrom.secretKeyRef specified",
envs: []api.EnvVar{{
Name: "abc",
ValueFrom: &api.EnvVarSource{
FieldRef: &api.ObjectFieldSelector{
mechanical repercussions
2017-01-12 13:17:43 -05:00
APIVersion: api.Registry.GroupOrDie(api.GroupName).GroupVersion.String(),
Add validation for EnvVarSource variant
2016-01-18 22:31:29 -05:00
FieldPath: "metadata.name",
},
SecretKeyRef: &api.SecretKeySelector{
LocalObjectReference: api.LocalObjectReference{
Name: "a-secret",
},
Key: "a-key",
},
ConfigMapKeyRef: &api.ConfigMapKeySelector{
LocalObjectReference: api.LocalObjectReference{
Name: "some-config-map",
},
Key: "some-key",
},
},
}},
expectedError: `[0].valueFrom: Invalid value: "": may not have more than one field specified at a time`,
},
pod spec must validate envFrom
2017-06-03 11:43:46 -04:00
{
name: "valueFrom.secretKeyRef.name invalid",
envs: []api.EnvVar{{
Name: "abc",
ValueFrom: &api.EnvVarSource{
SecretKeyRef: &api.SecretKeySelector{
LocalObjectReference: api.LocalObjectReference{
Name: "$%^&*#",
},
Key: "a-key",
},
},
}},
},
{
name: "valueFrom.configMapKeyRef.name invalid",
envs: []api.EnvVar{{
Name: "abc",
ValueFrom: &api.EnvVarSource{
ConfigMapKeyRef: &api.ConfigMapKeySelector{
LocalObjectReference: api.LocalObjectReference{
Name: "$%^&*#",
},
Key: "some-key",
},
},
}},
},
Add downward API for environment vars
2015-04-23 16:57:30 -04:00
{
name: "missing FieldPath on ObjectFieldSelector",
envs: []api.EnvVar{{
Name: "abc",
ValueFrom: &api.EnvVarSource{
Change EnvVarSource.FieldPath -> FieldRef and add example
2015-05-04 13:31:36 -04:00
FieldRef: &api.ObjectFieldSelector{
mechanical repercussions
2017-01-12 13:17:43 -05:00
APIVersion: api.Registry.GroupOrDie(api.GroupName).GroupVersion.String(),
Add downward API for environment vars
2015-04-23 16:57:30 -04:00
},
},
}},
Change how one-of blocks are validated I took a hard look at error output and played until I was happier. This now prints JSON for structs in the error, rather than go's format. Also made the error message easier to read. Fixed tests.
2015-11-15 01:36:25 -05:00
expectedError: `[0].valueFrom.fieldRef.fieldPath: Required value`,
Add downward API for environment vars
2015-04-23 16:57:30 -04:00
},
{
name: "missing APIVersion on ObjectFieldSelector",
envs: []api.EnvVar{{
Name: "abc",
ValueFrom: &api.EnvVarSource{
Change EnvVarSource.FieldPath -> FieldRef and add example
2015-05-04 13:31:36 -04:00
FieldRef: &api.ObjectFieldSelector{
Add downward API for environment vars
2015-04-23 16:57:30 -04:00
FieldPath: "metadata.name",
},
},
}},
Change how one-of blocks are validated I took a hard look at error output and played until I was happier. This now prints JSON for structs in the error, rather than go's format. Also made the error message easier to read. Fixed tests.
2015-11-15 01:36:25 -05:00
expectedError: `[0].valueFrom.fieldRef.apiVersion: Required value`,
Add downward API for environment vars
2015-04-23 16:57:30 -04:00
},
{
name: "invalid fieldPath",
envs: []api.EnvVar{{
Name: "abc",
ValueFrom: &api.EnvVarSource{
Change EnvVarSource.FieldPath -> FieldRef and add example
2015-05-04 13:31:36 -04:00
FieldRef: &api.ObjectFieldSelector{
Add downward API for environment vars
2015-04-23 16:57:30 -04:00
FieldPath: "metadata.whoops",
mechanical repercussions
2017-01-12 13:17:43 -05:00
APIVersion: api.Registry.GroupOrDie(api.GroupName).GroupVersion.String(),
Add downward API for environment vars
2015-04-23 16:57:30 -04:00
},
},
}},
Change how one-of blocks are validated I took a hard look at error output and played until I was happier. This now prints JSON for structs in the error, rather than go's format. Also made the error message easier to read. Fixed tests.
2015-11-15 01:36:25 -05:00
expectedError: `[0].valueFrom.fieldRef.fieldPath: Invalid value: "metadata.whoops": error converting fieldPath`,
Add downward API for environment vars
2015-04-23 16:57:30 -04:00
},
adding downward api volume plugin
2015-02-20 00:36:23 -05:00
{
name: "invalid fieldPath labels",
envs: []api.EnvVar{{
Name: "labels",
ValueFrom: &api.EnvVarSource{
FieldRef: &api.ObjectFieldSelector{
FieldPath: "metadata.labels",
APIVersion: "v1",
},
},
}},
Add Pod UID (metadata.uid) to downward API env var
2017-06-27 04:54:35 -04:00
expectedError: `[0].valueFrom.fieldRef.fieldPath: Unsupported value: "metadata.labels": supported values: metadata.name, metadata.namespace, metadata.uid, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP`,
adding downward api volume plugin
2015-02-20 00:36:23 -05:00
},
{
name: "invalid fieldPath annotations",
envs: []api.EnvVar{{
Name: "abc",
ValueFrom: &api.EnvVarSource{
FieldRef: &api.ObjectFieldSelector{
FieldPath: "metadata.annotations",
APIVersion: "v1",
},
},
}},
Add Pod UID (metadata.uid) to downward API env var
2017-06-27 04:54:35 -04:00
expectedError: `[0].valueFrom.fieldRef.fieldPath: Unsupported value: "metadata.annotations": supported values: metadata.name, metadata.namespace, metadata.uid, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP`,
adding downward api volume plugin
2015-02-20 00:36:23 -05:00
},
Add downward API for environment vars
2015-04-23 16:57:30 -04:00
{
name: "unsupported fieldPath",
envs: []api.EnvVar{{
Name: "abc",
ValueFrom: &api.EnvVarSource{
Change EnvVarSource.FieldPath -> FieldRef and add example
2015-05-04 13:31:36 -04:00
FieldRef: &api.ObjectFieldSelector{
Add downward API for environment vars
2015-04-23 16:57:30 -04:00
FieldPath: "status.phase",
mechanical repercussions
2017-01-12 13:17:43 -05:00
APIVersion: api.Registry.GroupOrDie(api.GroupName).GroupVersion.String(),
Add downward API for environment vars
2015-04-23 16:57:30 -04:00
},
},
}},
Add Pod UID (metadata.uid) to downward API env var
2017-06-27 04:54:35 -04:00
expectedError: `valueFrom.fieldRef.fieldPath: Unsupported value: "status.phase": supported values: metadata.name, metadata.namespace, metadata.uid, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP`,
Add downward API for environment vars
2015-04-23 16:57:30 -04:00
},
Add validation for Container.Env This includes backwards compat with the older "key" field.
2014-07-01 18:56:30 -04:00
}
Add downward API for environment vars
2015-04-23 16:57:30 -04:00
for _, tc := range errorCases {
Add settings API and admission controller export functions from pkg/api/validation add settings API add settings to pkg/registry add settings api to pkg/master/master.go add admission control plugin for pod preset add new admission control plugin to kube-apiserver add settings to import_known_versions.go add settings to codegen add validation tests add settings to client generation add protobufs generation for settings api update linted packages add settings to testapi add settings install to clientset add start of e2e add pod preset plugin to config-test.sh Signed-off-by: Jess Frazelle <acidburn@google.com>
2017-02-24 14:08:15 -05:00
if errs := ValidateEnv(tc.envs, field.NewPath("field")); len(errs) == 0 {
Add downward API for environment vars
2015-04-23 16:57:30 -04:00
t.Errorf("expected failure for %s", tc.name)
Add more information to Validator error messages.
2015-02-04 19:36:27 -05:00
} else {
for i := range errs {
Stronger typing for validation ErrorList
2015-11-03 19:08:20 -05:00
str := errs[i].Error()
Convert validation to use FieldPath Before this change we have a mish-mash of ways to pass field names around for error generation. Sometimes string fieldnames, sometimes .Prefix(), sometimes neither, often wrong names or not indexed when it should be. Instead of that mess, this is part one of a couple of commits that will make it more strongly typed and hopefully encourage correct behavior. At least you will have to think about field names, which is better than nothing. It turned out to be really hard to do this incrementally.
2015-11-04 16:52:14 -05:00
if str != "" && !strings.Contains(str, tc.expectedError) {
t.Errorf("%s: expected error detail either empty or %q, got %q", tc.name, tc.expectedError, str)
Add more information to Validator error messages.
2015-02-04 19:36:27 -05:00
}
}
Add validation of Volumes
2014-07-01 17:40:36 -04:00
}
}
}
ConfigMaps populate environment variables
2016-11-29 21:57:35 -05:00
func TestValidateEnvFrom(t *testing.T) {
successCase := []api.EnvFromSource{
{
ConfigMapRef: &api.ConfigMapEnvSource{
LocalObjectReference: api.LocalObjectReference{Name: "abc"},
},
},
{
Prefix: "pre_",
ConfigMapRef: &api.ConfigMapEnvSource{
LocalObjectReference: api.LocalObjectReference{Name: "abc"},
},
},
Relax restrictions on environment variable names. The POSIX standard restricts environment variable names to uppercase letters, digits, and the underscore character in shell contexts only. For generic application usage, it is stated that all other characters shall be tolerated. This change relaxes the rules to some degree. Namely, we stop requiring environment variable names to be strict C_IDENTIFIERS and start permitting lowercase, dot, and dash characters. Public container images using environment variable names beyond the shell-only context can benefit from this relaxation. Elasticsearch is one popular example.
2017-06-17 18:34:22 -04:00
{
Prefix: "a.b",
ConfigMapRef: &api.ConfigMapEnvSource{
LocalObjectReference: api.LocalObjectReference{Name: "abc"},
},
},
Secrets can populate environment variables
2017-01-04 15:50:11 -05:00
{
SecretRef: &api.SecretEnvSource{
LocalObjectReference: api.LocalObjectReference{Name: "abc"},
},
},
{
Prefix: "pre_",
SecretRef: &api.SecretEnvSource{
LocalObjectReference: api.LocalObjectReference{Name: "abc"},
},
},
Relax restrictions on environment variable names. The POSIX standard restricts environment variable names to uppercase letters, digits, and the underscore character in shell contexts only. For generic application usage, it is stated that all other characters shall be tolerated. This change relaxes the rules to some degree. Namely, we stop requiring environment variable names to be strict C_IDENTIFIERS and start permitting lowercase, dot, and dash characters. Public container images using environment variable names beyond the shell-only context can benefit from this relaxation. Elasticsearch is one popular example.
2017-06-17 18:34:22 -04:00
{
Prefix: "a.b",
SecretRef: &api.SecretEnvSource{
LocalObjectReference: api.LocalObjectReference{Name: "abc"},
},
},
ConfigMaps populate environment variables
2016-11-29 21:57:35 -05:00
}
Add settings API and admission controller export functions from pkg/api/validation add settings API add settings to pkg/registry add settings api to pkg/master/master.go add admission control plugin for pod preset add new admission control plugin to kube-apiserver add settings to import_known_versions.go add settings to codegen add validation tests add settings to client generation add protobufs generation for settings api update linted packages add settings to testapi add settings install to clientset add start of e2e add pod preset plugin to config-test.sh Signed-off-by: Jess Frazelle <acidburn@google.com>
2017-02-24 14:08:15 -05:00
if errs := ValidateEnvFrom(successCase, field.NewPath("field")); len(errs) != 0 {
ConfigMaps populate environment variables
2016-11-29 21:57:35 -05:00
t.Errorf("expected success: %v", errs)
}
errorCases := []struct {
name string
envs []api.EnvFromSource
expectedError string
}{
{
name: "zero-length name",
envs: []api.EnvFromSource{
{
ConfigMapRef: &api.ConfigMapEnvSource{
LocalObjectReference: api.LocalObjectReference{Name: ""}},
},
},
expectedError: "field[0].configMapRef.name: Required value",
},
Validate ConfigMapRef and SecretRef name
2017-02-24 13:07:20 -05:00
{
name: "invalid name",
envs: []api.EnvFromSource{
{
ConfigMapRef: &api.ConfigMapEnvSource{
LocalObjectReference: api.LocalObjectReference{Name: "$"}},
},
},
expectedError: "field[0].configMapRef.name: Invalid value",
},
ConfigMaps populate environment variables
2016-11-29 21:57:35 -05:00
{
name: "invalid prefix",
envs: []api.EnvFromSource{
{
Relax restrictions on environment variable names. The POSIX standard restricts environment variable names to uppercase letters, digits, and the underscore character in shell contexts only. For generic application usage, it is stated that all other characters shall be tolerated. This change relaxes the rules to some degree. Namely, we stop requiring environment variable names to be strict C_IDENTIFIERS and start permitting lowercase, dot, and dash characters. Public container images using environment variable names beyond the shell-only context can benefit from this relaxation. Elasticsearch is one popular example.
2017-06-17 18:34:22 -04:00
Prefix: "a!b",
ConfigMaps populate environment variables
2016-11-29 21:57:35 -05:00
ConfigMapRef: &api.ConfigMapEnvSource{
LocalObjectReference: api.LocalObjectReference{Name: "abc"}},
},
},
Relax restrictions on environment variable names. The POSIX standard restricts environment variable names to uppercase letters, digits, and the underscore character in shell contexts only. For generic application usage, it is stated that all other characters shall be tolerated. This change relaxes the rules to some degree. Namely, we stop requiring environment variable names to be strict C_IDENTIFIERS and start permitting lowercase, dot, and dash characters. Public container images using environment variable names beyond the shell-only context can benefit from this relaxation. Elasticsearch is one popular example.
2017-06-17 18:34:22 -04:00
expectedError: `field[0].prefix: Invalid value: "a!b": ` + envVarNameErrMsg,
ConfigMaps populate environment variables
2016-11-29 21:57:35 -05:00
},
Secrets can populate environment variables
2017-01-04 15:50:11 -05:00
{
name: "zero-length name",
envs: []api.EnvFromSource{
{
SecretRef: &api.SecretEnvSource{
LocalObjectReference: api.LocalObjectReference{Name: ""}},
},
},
expectedError: "field[0].secretRef.name: Required value",
},
Validate ConfigMapRef and SecretRef name
2017-02-24 13:07:20 -05:00
{
name: "invalid name",
envs: []api.EnvFromSource{
{
SecretRef: &api.SecretEnvSource{
LocalObjectReference: api.LocalObjectReference{Name: "&"}},
},
},
expectedError: "field[0].secretRef.name: Invalid value",
},
Secrets can populate environment variables
2017-01-04 15:50:11 -05:00
{
name: "invalid prefix",
envs: []api.EnvFromSource{
{
Relax restrictions on environment variable names. The POSIX standard restricts environment variable names to uppercase letters, digits, and the underscore character in shell contexts only. For generic application usage, it is stated that all other characters shall be tolerated. This change relaxes the rules to some degree. Namely, we stop requiring environment variable names to be strict C_IDENTIFIERS and start permitting lowercase, dot, and dash characters. Public container images using environment variable names beyond the shell-only context can benefit from this relaxation. Elasticsearch is one popular example.
2017-06-17 18:34:22 -04:00
Prefix: "a!b",
Secrets can populate environment variables
2017-01-04 15:50:11 -05:00
SecretRef: &api.SecretEnvSource{
LocalObjectReference: api.LocalObjectReference{Name: "abc"}},
},
},
Relax restrictions on environment variable names. The POSIX standard restricts environment variable names to uppercase letters, digits, and the underscore character in shell contexts only. For generic application usage, it is stated that all other characters shall be tolerated. This change relaxes the rules to some degree. Namely, we stop requiring environment variable names to be strict C_IDENTIFIERS and start permitting lowercase, dot, and dash characters. Public container images using environment variable names beyond the shell-only context can benefit from this relaxation. Elasticsearch is one popular example.
2017-06-17 18:34:22 -04:00
expectedError: `field[0].prefix: Invalid value: "a!b": ` + envVarNameErrMsg,
Secrets can populate environment variables
2017-01-04 15:50:11 -05:00
},
{
name: "no refs",
envs: []api.EnvFromSource{
{},
},
expectedError: "field: Invalid value: \"\": must specify one of: `configMapRef` or `secretRef`",
},
{
name: "multiple refs",
envs: []api.EnvFromSource{
{
SecretRef: &api.SecretEnvSource{
LocalObjectReference: api.LocalObjectReference{Name: "abc"}},
ConfigMapRef: &api.ConfigMapEnvSource{
LocalObjectReference: api.LocalObjectReference{Name: "abc"}},
},
},
expectedError: "field: Invalid value: \"\": may not have more than one field specified at a time",
},
pod spec must validate envFrom
2017-06-03 11:43:46 -04:00
{
name: "invalid secret ref name",
envs: []api.EnvFromSource{
{
SecretRef: &api.SecretEnvSource{
LocalObjectReference: api.LocalObjectReference{Name: "$%^&*#"}},
},
},
expectedError: "field[0].secretRef.name: Invalid value: \"$%^&*#\": " + dnsSubdomainLabelErrMsg,
},
{
name: "invalid config ref name",
envs: []api.EnvFromSource{
{
ConfigMapRef: &api.ConfigMapEnvSource{
LocalObjectReference: api.LocalObjectReference{Name: "$%^&*#"}},
},
},
expectedError: "field[0].configMapRef.name: Invalid value: \"$%^&*#\": " + dnsSubdomainLabelErrMsg,
},
ConfigMaps populate environment variables
2016-11-29 21:57:35 -05:00
}
for _, tc := range errorCases {
Add settings API and admission controller export functions from pkg/api/validation add settings API add settings to pkg/registry add settings api to pkg/master/master.go add admission control plugin for pod preset add new admission control plugin to kube-apiserver add settings to import_known_versions.go add settings to codegen add validation tests add settings to client generation add protobufs generation for settings api update linted packages add settings to testapi add settings install to clientset add start of e2e add pod preset plugin to config-test.sh Signed-off-by: Jess Frazelle <acidburn@google.com>
2017-02-24 14:08:15 -05:00
if errs := ValidateEnvFrom(tc.envs, field.NewPath("field")); len(errs) == 0 {
ConfigMaps populate environment variables
2016-11-29 21:57:35 -05:00
t.Errorf("expected failure for %s", tc.name)
} else {
for i := range errs {
str := errs[i].Error()
if str != "" && !strings.Contains(str, tc.expectedError) {
t.Errorf("%s: expected error detail either empty or %q, got %q", tc.name, tc.expectedError, str)
}
}
}
}
}
Add validation of VolumeMounts
2014-07-04 22:46:56 -04:00
func TestValidateVolumeMounts(t *testing.T) {
Move util.StringSet into its own package A lot of packages use StringSet, but they don't use anything else from the util package. Moving StringSet into another package will shrink their dependency trees significantly.
2015-09-09 13:45:01 -04:00
volumes := sets.NewString("abc", "123", "abc-123")
Add API for mount propagation. In fact, this is one annotation + its parsing & validation. Appropriate kubelet logic that uses this annotation is in following patches.
2017-09-01 06:05:55 -04:00
container := api.Container{
SecurityContext: nil,
}
propagation := api.MountPropagationBidirectional
Add validation of VolumeMounts
2014-07-04 22:46:56 -04:00
Make validation work when not in the api package.
2014-08-29 21:20:27 -04:00
successCase := []api.VolumeMount{
Add validation of VolumeMounts
2014-07-04 22:46:56 -04:00
{Name: "abc", MountPath: "/foo"},
Validate that volume mountpoints are unique
2016-03-17 23:52:34 -04:00
{Name: "123", MountPath: "/bar"},
{Name: "abc-123", MountPath: "/baz"},
Introduce subPath in VolumeMount
2016-03-04 20:40:15 -05:00
{Name: "abc-123", MountPath: "/baa", SubPath: ""},
{Name: "abc-123", MountPath: "/bab", SubPath: "baz"},
{Name: "abc-123", MountPath: "/bac", SubPath: ".baz"},
{Name: "abc-123", MountPath: "/bad", SubPath: "..baz"},
Add validation of VolumeMounts
2014-07-04 22:46:56 -04:00
}
Add API for mount propagation. In fact, this is one annotation + its parsing & validation. Appropriate kubelet logic that uses this annotation is in following patches.
2017-09-01 06:05:55 -04:00
if errs := ValidateVolumeMounts(successCase, volumes, &container, field.NewPath("field")); len(errs) != 0 {
Accumulate validation errors Rather than report the first error, accumulate all errors and report them all at once.
2014-07-08 02:20:30 -04:00
t.Errorf("expected success: %v", errs)
Add validation of VolumeMounts
2014-07-04 22:46:56 -04:00
}
Make validation work when not in the api package.
2014-08-29 21:20:27 -04:00
errorCases := map[string][]api.VolumeMount{
Add API for mount propagation. In fact, this is one annotation + its parsing & validation. Appropriate kubelet logic that uses this annotation is in following patches.
2017-09-01 06:05:55 -04:00
"empty name": {{Name: "", MountPath: "/foo"}},
"name not found": {{Name: "", MountPath: "/foo"}},
"empty mountpath": {{Name: "abc", MountPath: ""}},
"relative mountpath": {{Name: "abc", MountPath: "bar"}},
"mountpath collision": {{Name: "foo", MountPath: "/path/a"}, {Name: "bar", MountPath: "/path/a"}},
"absolute subpath": {{Name: "abc", MountPath: "/bar", SubPath: "/baz"}},
"subpath in ..": {{Name: "abc", MountPath: "/bar", SubPath: "../baz"}},
"subpath contains ..": {{Name: "abc", MountPath: "/bar", SubPath: "baz/../bat"}},
"subpath ends in ..": {{Name: "abc", MountPath: "/bar", SubPath: "./.."}},
"disabled MountPropagation feature gate": {{Name: "abc", MountPath: "/bar", MountPropagation: &propagation}},
Add validation of VolumeMounts
2014-07-04 22:46:56 -04:00
}
for k, v := range errorCases {
Add API for mount propagation. In fact, this is one annotation + its parsing & validation. Appropriate kubelet logic that uses this annotation is in following patches.
2017-09-01 06:05:55 -04:00
if errs := ValidateVolumeMounts(v, volumes, &container, field.NewPath("field")); len(errs) == 0 {
Add validation of VolumeMounts
2014-07-04 22:46:56 -04:00
t.Errorf("expected failure for %s", k)
}
}
}
Add API for mount propagation. In fact, this is one annotation + its parsing & validation. Appropriate kubelet logic that uses this annotation is in following patches.
2017-09-01 06:05:55 -04:00
func TestValidateMountPropagation(t *testing.T) {
bTrue := true
bFalse := false
privilegedContainer := &api.Container{
SecurityContext: &api.SecurityContext{
Privileged: &bTrue,
},
}
nonPrivilegedContainer := &api.Container{
SecurityContext: &api.SecurityContext{
Privileged: &bFalse,
},
}
defaultContainer := &api.Container{}
propagationBidirectional := api.MountPropagationBidirectional
propagationHostToContainer := api.MountPropagationHostToContainer
propagationInvalid := api.MountPropagationMode("invalid")
tests := []struct {
mount api.VolumeMount
container *api.Container
expectError bool
}{
{
// implicitly non-privileged container + no propagation
api.VolumeMount{Name: "foo", MountPath: "/foo"},
defaultContainer,
false,
},
{
// implicitly non-privileged container + HostToContainer
api.VolumeMount{Name: "foo", MountPath: "/foo", MountPropagation: &propagationHostToContainer},
defaultContainer,
false,
},
{
// error: implicitly non-privileged container + Bidirectional
api.VolumeMount{Name: "foo", MountPath: "/foo", MountPropagation: &propagationBidirectional},
defaultContainer,
true,
},
{
// explicitly non-privileged container + no propagation
api.VolumeMount{Name: "foo", MountPath: "/foo"},
nonPrivilegedContainer,
false,
},
{
// explicitly non-privileged container + HostToContainer
api.VolumeMount{Name: "foo", MountPath: "/foo", MountPropagation: &propagationHostToContainer},
nonPrivilegedContainer,
false,
},
{
// explicitly non-privileged container + HostToContainer
api.VolumeMount{Name: "foo", MountPath: "/foo", MountPropagation: &propagationBidirectional},
nonPrivilegedContainer,
true,
},
{
// privileged container + no propagation
api.VolumeMount{Name: "foo", MountPath: "/foo"},
privilegedContainer,
false,
},
{
// privileged container + HostToContainer
api.VolumeMount{Name: "foo", MountPath: "/foo", MountPropagation: &propagationHostToContainer},
privilegedContainer,
false,
},
{
// privileged container + Bidirectional
api.VolumeMount{Name: "foo", MountPath: "/foo", MountPropagation: &propagationBidirectional},
privilegedContainer,
false,
},
{
// error: privileged container + invalid mount propagation
api.VolumeMount{Name: "foo", MountPath: "/foo", MountPropagation: &propagationInvalid},
privilegedContainer,
true,
},
{
// no container + Bidirectional
api.VolumeMount{Name: "foo", MountPath: "/foo", MountPropagation: &propagationBidirectional},
nil,
false,
},
}
// Enable MountPropagation for this test
priorityEnabled := utilfeature.DefaultFeatureGate.Enabled("MountPropagation")
defer func() {
var err error
// restoring the old value
if priorityEnabled {
err = utilfeature.DefaultFeatureGate.Set("MountPropagation=true")
} else {
err = utilfeature.DefaultFeatureGate.Set("MountPropagation=false")
}
if err != nil {
t.Errorf("Failed to restore feature gate for MountPropagation: %v", err)
}
}()
err := utilfeature.DefaultFeatureGate.Set("MountPropagation=true")
if err != nil {
t.Errorf("Failed to enable feature gate for MountPropagation: %v", err)
return
}
for i, test := range tests {
volumes := sets.NewString("foo")
errs := ValidateVolumeMounts([]api.VolumeMount{test.mount}, volumes, test.container, field.NewPath("field"))
if test.expectError && len(errs) == 0 {
t.Errorf("test %d expected error, got none", i)
}
if !test.expectError && len(errs) != 0 {
t.Errorf("test %d expected success, got error: %v", i, errs)
}
}
}
add validation for api.Probe
2015-02-15 02:02:07 -05:00
func TestValidateProbe(t *testing.T) {
handler := api.Handler{Exec: &api.ExecAction{Command: []string{"echo"}}}
Add liveness/readiness probe parameters - PeriodSeconds - How often to probe - SuccessThreshold - Number of successful probes to go from failure to success state - FailureThreshold - Number of failing probes to go from success to failure state This commit includes to changes in behavior: 1. InitialDelaySeconds now defaults to 10 seconds, rather than the kubelet sync interval (although that also defaults to 10 seconds). 2. Prober only retries on probe error, not failure. To compensate, the default FailureThreshold is set to the maxRetries, 3.
2015-11-05 18:38:46 -05:00
// These fields must be positive.
positiveFields := [...]string{"InitialDelaySeconds", "TimeoutSeconds", "PeriodSeconds", "SuccessThreshold", "FailureThreshold"}
successCases := []*api.Probe{nil}
for _, field := range positiveFields {
probe := &api.Probe{Handler: handler}
reflect.ValueOf(probe).Elem().FieldByName(field).SetInt(10)
successCases = append(successCases, probe)
add validation for api.Probe
2015-02-15 02:02:07 -05:00
}
Add liveness/readiness probe parameters - PeriodSeconds - How often to probe - SuccessThreshold - Number of successful probes to go from failure to success state - FailureThreshold - Number of failing probes to go from success to failure state This commit includes to changes in behavior: 1. InitialDelaySeconds now defaults to 10 seconds, rather than the kubelet sync interval (although that also defaults to 10 seconds). 2. Prober only retries on probe error, not failure. To compensate, the default FailureThreshold is set to the maxRetries, 3.
2015-11-05 18:38:46 -05:00
add validation for api.Probe
2015-02-15 02:02:07 -05:00
for _, p := range successCases {
Move FieldPath and errors to a sub-package This makes the naming and reading a lot simpler.
2015-11-06 18:30:52 -05:00
if errs := validateProbe(p, field.NewPath("field")); len(errs) != 0 {
add validation for api.Probe
2015-02-15 02:02:07 -05:00
t.Errorf("expected success: %v", errs)
}
}
Add liveness/readiness probe parameters - PeriodSeconds - How often to probe - SuccessThreshold - Number of successful probes to go from failure to success state - FailureThreshold - Number of failing probes to go from success to failure state This commit includes to changes in behavior: 1. InitialDelaySeconds now defaults to 10 seconds, rather than the kubelet sync interval (although that also defaults to 10 seconds). 2. Prober only retries on probe error, not failure. To compensate, the default FailureThreshold is set to the maxRetries, 3.
2015-11-05 18:38:46 -05:00
errorCases := []*api.Probe{{TimeoutSeconds: 10, InitialDelaySeconds: 10}}
for _, field := range positiveFields {
probe := &api.Probe{Handler: handler}
reflect.ValueOf(probe).Elem().FieldByName(field).SetInt(-10)
errorCases = append(errorCases, probe)
add validation for api.Probe
2015-02-15 02:02:07 -05:00
}
for _, p := range errorCases {
Move FieldPath and errors to a sub-package This makes the naming and reading a lot simpler.
2015-11-06 18:30:52 -05:00
if errs := validateProbe(p, field.NewPath("field")); len(errs) == 0 {
add validation for api.Probe
2015-02-15 02:02:07 -05:00
t.Errorf("expected failure for %v", p)
}
}
}
Add defaults for HTTGetAction.Path & test actions The comment says optional - this makes it optional. Test handler actions.
2015-02-27 20:33:58 -05:00
func TestValidateHandler(t *testing.T) {
successCases := []api.Handler{
{Exec: &api.ExecAction{Command: []string{"echo"}}},
Refactor IntOrString into a new pkg pkg/util/intstr is a cleaner encapsulation for this type and supporting functions. No behavioral change.
2015-11-10 01:28:45 -05:00
{HTTPGet: &api.HTTPGetAction{Path: "/", Port: intstr.FromInt(1), Host: "", Scheme: "HTTP"}},
{HTTPGet: &api.HTTPGetAction{Path: "/foo", Port: intstr.FromInt(65535), Host: "host", Scheme: "HTTP"}},
{HTTPGet: &api.HTTPGetAction{Path: "/", Port: intstr.FromString("port"), Host: "", Scheme: "HTTP"}},
fix go vet errors Signed-off-by: Jess Frazelle <jessfraz@google.com> fix composites Signed-off-by: Jess Frazelle <me@jessfraz.com>
2016-07-25 17:34:05 -04:00
{HTTPGet: &api.HTTPGetAction{Path: "/", Port: intstr.FromString("port"), Host: "", Scheme: "HTTP", HTTPHeaders: []api.HTTPHeader{{Name: "Host", Value: "foo.example.com"}}}},
{HTTPGet: &api.HTTPGetAction{Path: "/", Port: intstr.FromString("port"), Host: "", Scheme: "HTTP", HTTPHeaders: []api.HTTPHeader{{Name: "X-Forwarded-For", Value: "1.2.3.4"}, {Name: "X-Forwarded-For", Value: "5.6.7.8"}}}},
Add defaults for HTTGetAction.Path & test actions The comment says optional - this makes it optional. Test handler actions.
2015-02-27 20:33:58 -05:00
}
for _, h := range successCases {
Move FieldPath and errors to a sub-package This makes the naming and reading a lot simpler.
2015-11-06 18:30:52 -05:00
if errs := validateHandler(&h, field.NewPath("field")); len(errs) != 0 {
Add defaults for HTTGetAction.Path & test actions The comment says optional - this makes it optional. Test handler actions.
2015-02-27 20:33:58 -05:00
t.Errorf("expected success: %v", errs)
}
}
errorCases := []api.Handler{
{},
{Exec: &api.ExecAction{Command: []string{}}},
Refactor IntOrString into a new pkg pkg/util/intstr is a cleaner encapsulation for this type and supporting functions. No behavioral change.
2015-11-10 01:28:45 -05:00
{HTTPGet: &api.HTTPGetAction{Path: "", Port: intstr.FromInt(0), Host: ""}},
{HTTPGet: &api.HTTPGetAction{Path: "/foo", Port: intstr.FromInt(65536), Host: "host"}},
{HTTPGet: &api.HTTPGetAction{Path: "", Port: intstr.FromString(""), Host: ""}},
fix go vet errors Signed-off-by: Jess Frazelle <jessfraz@google.com> fix composites Signed-off-by: Jess Frazelle <me@jessfraz.com>
2016-07-25 17:34:05 -04:00
{HTTPGet: &api.HTTPGetAction{Path: "/", Port: intstr.FromString("port"), Host: "", Scheme: "HTTP", HTTPHeaders: []api.HTTPHeader{{Name: "Host:", Value: "foo.example.com"}}}},
{HTTPGet: &api.HTTPGetAction{Path: "/", Port: intstr.FromString("port"), Host: "", Scheme: "HTTP", HTTPHeaders: []api.HTTPHeader{{Name: "X_Forwarded_For", Value: "foo.example.com"}}}},
Add defaults for HTTGetAction.Path & test actions The comment says optional - this makes it optional. Test handler actions.
2015-02-27 20:33:58 -05:00
}
for _, h := range errorCases {
Move FieldPath and errors to a sub-package This makes the naming and reading a lot simpler.
2015-11-06 18:30:52 -05:00
if errs := validateHandler(&h, field.NewPath("field")); len(errs) == 0 {
Add defaults for HTTGetAction.Path & test actions The comment says optional - this makes it optional. Test handler actions.
2015-02-27 20:33:58 -05:00
t.Errorf("expected failure for %#v", h)
}
}
}
Introduce validatePullPolicyWithDefault to validation.
2015-01-16 18:02:36 -05:00
func TestValidatePullPolicy(t *testing.T) {
type T struct {
Container api.Container
ExpectedPolicy api.PullPolicy
}
testCases := map[string]T{
"NotPresent1": {
Add TerminationMessagePolicy
2016-12-21 23:54:12 -05:00
api.Container{Name: "abc", Image: "image:latest", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File"},
Introduce validatePullPolicyWithDefault to validation.
2015-01-16 18:02:36 -05:00
api.PullIfNotPresent,
},
"NotPresent2": {
Add TerminationMessagePolicy
2016-12-21 23:54:12 -05:00
api.Container{Name: "abc1", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File"},
Introduce validatePullPolicyWithDefault to validation.
2015-01-16 18:02:36 -05:00
api.PullIfNotPresent,
},
"Always1": {
Change PullPolicy constants to match
2015-01-20 23:30:42 -05:00
api.Container{Name: "123", Image: "image:latest", ImagePullPolicy: "Always"},
Introduce validatePullPolicyWithDefault to validation.
2015-01-16 18:02:36 -05:00
api.PullAlways,
},
"Always2": {
Change PullPolicy constants to match
2015-01-20 23:30:42 -05:00
api.Container{Name: "1234", Image: "image", ImagePullPolicy: "Always"},
Introduce validatePullPolicyWithDefault to validation.
2015-01-16 18:02:36 -05:00
api.PullAlways,
},
"Never1": {
Change PullPolicy constants to match
2015-01-20 23:30:42 -05:00
api.Container{Name: "abc-123", Image: "image:latest", ImagePullPolicy: "Never"},
Introduce validatePullPolicyWithDefault to validation.
2015-01-16 18:02:36 -05:00
api.PullNever,
},
"Never2": {
Change PullPolicy constants to match
2015-01-20 23:30:42 -05:00
api.Container{Name: "abc-1234", Image: "image", ImagePullPolicy: "Never"},
Introduce validatePullPolicyWithDefault to validation.
2015-01-16 18:02:36 -05:00
api.PullNever,
},
}
for k, v := range testCases {
ctr := &v.Container
Move FieldPath and errors to a sub-package This makes the naming and reading a lot simpler.
2015-11-06 18:30:52 -05:00
errs := validatePullPolicy(ctr.ImagePullPolicy, field.NewPath("field"))
Introduce validatePullPolicyWithDefault to validation.
2015-01-16 18:02:36 -05:00
if len(errs) != 0 {
t.Errorf("case[%s] expected success, got %#v", k, errs)
}
if ctr.ImagePullPolicy != v.ExpectedPolicy {
t.Errorf("case[%s] expected policy %v, got %v", k, v.ExpectedPolicy, ctr.ImagePullPolicy)
}
}
}
Adding ResourceRequirementSpec to v1beta1, v1beta2, and v1beta3 APIs. The old resource quantities 'CPU' and 'Memory' will be preserved until support for v1beta1 and v1beta2 APIs are dropped. Improved resource validation in the process.
2015-01-24 23:19:36 -05:00
func getResourceLimits(cpu, memory string) api.ResourceList {
res := api.ResourceList{}
res[api.ResourceCPU] = resource.MustParse(cpu)
res[api.ResourceMemory] = resource.MustParse(memory)
return res
}
Add basic validation of Containers
2014-07-01 18:14:25 -04:00
func TestValidateContainers(t *testing.T) {
Move util.StringSet into its own package A lot of packages use StringSet, but they don't use anything else from the util package. Moving StringSet into another package will shrink their dependency trees significantly.
2015-09-09 13:45:01 -04:00
volumes := sets.String{}
Refactor to clean up names.
2014-09-16 18:18:33 -04:00
capabilities.SetForTests(capabilities.Capabilities{
Add a flag to reject privileged containers in the apiserver.
2014-09-16 10:04:12 -04:00
AllowPrivileged: true,
})
Add basic validation of Containers
2014-07-01 18:14:25 -04:00
Make validation work when not in the api package.
2014-08-29 21:20:27 -04:00
successCase := []api.Container{
Add TerminationMessagePolicy
2016-12-21 23:54:12 -05:00
{Name: "abc", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File"},
image name may not have leading or trailing whitespace
2017-06-14 19:52:31 -04:00
// backwards compatibility to ensure containers in pod template spec do not check for this
{Name: "def", Image: " ", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File"},
{Name: "ghi", Image: " some ", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File"},
Add TerminationMessagePolicy
2016-12-21 23:54:12 -05:00
{Name: "123", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File"},
{Name: "abc-123", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File"},
Add some lifecycle validation.
2014-09-12 19:04:10 -04:00
{
Name: "life-123",
Image: "image",
Lifecycle: &api.Lifecycle{
PreStop: &api.Handler{
Exec: &api.ExecAction{Command: []string{"ls", "-l"}},
},
},
Add TerminationMessagePolicy
2016-12-21 23:54:12 -05:00
ImagePullPolicy: "IfNotPresent",
TerminationMessagePolicy: "File",
Add some lifecycle validation.
2014-09-12 19:04:10 -04:00
},
Adding ResourceRequirementSpec to v1beta1, v1beta2, and v1beta3 APIs. The old resource quantities 'CPU' and 'Memory' will be preserved until support for v1beta1 and v1beta2 APIs are dropped. Improved resource validation in the process.
2015-01-24 23:19:36 -05:00
{
Name: "resources-test",
Image: "image",
Rename ResourceRequirementSpec to ResourceRequirements.
2015-02-09 17:44:32 -05:00
Resources: api.ResourceRequirements{
Adding ResourceRequirementSpec to v1beta1, v1beta2, and v1beta3 APIs. The old resource quantities 'CPU' and 'Memory' will be preserved until support for v1beta1 and v1beta2 APIs are dropped. Improved resource validation in the process.
2015-01-24 23:19:36 -05:00
Limits: api.ResourceList{
api.ResourceName(api.ResourceCPU): resource.MustParse("10"),
api.ResourceName(api.ResourceMemory): resource.MustParse("10G"),
OIR predicate includes namespaced resources.
2017-07-14 02:49:46 -04:00
api.ResourceName("my.org/resource"): resource.MustParse("10"),
Adding ResourceRequirementSpec to v1beta1, v1beta2, and v1beta3 APIs. The old resource quantities 'CPU' and 'Memory' will be preserved until support for v1beta1 and v1beta2 APIs are dropped. Improved resource validation in the process.
2015-01-24 23:19:36 -05:00
},
},
Add TerminationMessagePolicy
2016-12-21 23:54:12 -05:00
ImagePullPolicy: "IfNotPresent",
TerminationMessagePolicy: "File",
Adding ResourceRequirementSpec to v1beta1, v1beta2, and v1beta3 APIs. The old resource quantities 'CPU' and 'Memory' will be preserved until support for v1beta1 and v1beta2 APIs are dropped. Improved resource validation in the process.
2015-01-24 23:19:36 -05:00
},
WIP v0 NVIDIA GPU support Implements part of #24071 I am not familiar with the scheduler enough to know what to do with the scores. Punting for now. Missing items from the implementation plan: limitranger, rkt support, kubectl support and user docs
2016-04-26 20:54:19 -04:00
{
Fix GPU resource validation Because of defaulting, requests are always set if limits are. Thus, the check can never succeed. Instead, make sure that the two values are equal. Also, remove a few other error messages and remove unnecessary Sprintf calls.
2016-07-10 16:09:16 -04:00
Name: "resources-test-with-gpu-with-request",
Image: "image",
Resources: api.ResourceRequirements{
Requests: api.ResourceList{
api.ResourceName(api.ResourceCPU): resource.MustParse("10"),
api.ResourceName(api.ResourceMemory): resource.MustParse("10G"),
api.ResourceName(api.ResourceNvidiaGPU): resource.MustParse("1"),
},
Limits: api.ResourceList{
api.ResourceName(api.ResourceCPU): resource.MustParse("10"),
api.ResourceName(api.ResourceMemory): resource.MustParse("10G"),
api.ResourceName(api.ResourceNvidiaGPU): resource.MustParse("1"),
},
},
Add TerminationMessagePolicy
2016-12-21 23:54:12 -05:00
ImagePullPolicy: "IfNotPresent",
TerminationMessagePolicy: "File",
Fix GPU resource validation Because of defaulting, requests are always set if limits are. Thus, the check can never succeed. Instead, make sure that the two values are equal. Also, remove a few other error messages and remove unnecessary Sprintf calls.
2016-07-10 16:09:16 -04:00
},
{
Name: "resources-test-with-gpu-without-request",
WIP v0 NVIDIA GPU support Implements part of #24071 I am not familiar with the scheduler enough to know what to do with the scores. Punting for now. Missing items from the implementation plan: limitranger, rkt support, kubectl support and user docs
2016-04-26 20:54:19 -04:00
Image: "image",
Resources: api.ResourceRequirements{
Requests: api.ResourceList{
api.ResourceName(api.ResourceCPU): resource.MustParse("10"),
api.ResourceName(api.ResourceMemory): resource.MustParse("10G"),
},
Limits: api.ResourceList{
api.ResourceName(api.ResourceCPU): resource.MustParse("10"),
api.ResourceName(api.ResourceMemory): resource.MustParse("10G"),
api.ResourceName(api.ResourceNvidiaGPU): resource.MustParse("1"),
},
},
Add TerminationMessagePolicy
2016-12-21 23:54:12 -05:00
ImagePullPolicy: "IfNotPresent",
TerminationMessagePolicy: "File",
WIP v0 NVIDIA GPU support Implements part of #24071 I am not familiar with the scheduler enough to know what to do with the scores. Punting for now. Missing items from the implementation plan: limitranger, rkt support, kubectl support and user docs
2016-04-26 20:54:19 -04:00
},
Add support for request
2015-07-30 15:59:22 -04:00
{
Name: "resources-request-limit-simple",
Image: "image",
Resources: api.ResourceRequirements{
Requests: api.ResourceList{
api.ResourceName(api.ResourceCPU): resource.MustParse("8"),
},
Limits: api.ResourceList{
api.ResourceName(api.ResourceCPU): resource.MustParse("10"),
},
},
Add TerminationMessagePolicy
2016-12-21 23:54:12 -05:00
ImagePullPolicy: "IfNotPresent",
TerminationMessagePolicy: "File",
Add support for request
2015-07-30 15:59:22 -04:00
},
{
Name: "resources-request-limit-edge",
Image: "image",
Resources: api.ResourceRequirements{
Requests: api.ResourceList{
api.ResourceName(api.ResourceCPU): resource.MustParse("10"),
api.ResourceName(api.ResourceMemory): resource.MustParse("10G"),
OIR predicate includes namespaced resources.
2017-07-14 02:49:46 -04:00
api.ResourceName("my.org/resource"): resource.MustParse("10"),
Add support for request
2015-07-30 15:59:22 -04:00
},
Limits: api.ResourceList{
api.ResourceName(api.ResourceCPU): resource.MustParse("10"),
api.ResourceName(api.ResourceMemory): resource.MustParse("10G"),
OIR predicate includes namespaced resources.
2017-07-14 02:49:46 -04:00
api.ResourceName("my.org/resource"): resource.MustParse("10"),
Add support for request
2015-07-30 15:59:22 -04:00
},
},
Add TerminationMessagePolicy
2016-12-21 23:54:12 -05:00
ImagePullPolicy: "IfNotPresent",
TerminationMessagePolicy: "File",
Add support for request
2015-07-30 15:59:22 -04:00
},
{
Name: "resources-request-limit-partials",
Image: "image",
Resources: api.ResourceRequirements{
Requests: api.ResourceList{
api.ResourceName(api.ResourceCPU): resource.MustParse("9.5"),
api.ResourceName(api.ResourceMemory): resource.MustParse("10G"),
},
Limits: api.ResourceList{
api.ResourceName(api.ResourceCPU): resource.MustParse("10"),
OIR predicate includes namespaced resources.
2017-07-14 02:49:46 -04:00
api.ResourceName("my.org/resource"): resource.MustParse("10"),
Add support for request
2015-07-30 15:59:22 -04:00
},
},
Add TerminationMessagePolicy
2016-12-21 23:54:12 -05:00
ImagePullPolicy: "IfNotPresent",
TerminationMessagePolicy: "File",
Add support for request
2015-07-30 15:59:22 -04:00
},
{
Name: "resources-request",
Image: "image",
Resources: api.ResourceRequirements{
Requests: api.ResourceList{
api.ResourceName(api.ResourceCPU): resource.MustParse("9.5"),
api.ResourceName(api.ResourceMemory): resource.MustParse("10G"),
},
},
Add TerminationMessagePolicy
2016-12-21 23:54:12 -05:00
ImagePullPolicy: "IfNotPresent",
TerminationMessagePolicy: "File",
Add support for request
2015-07-30 15:59:22 -04:00
},
Allow same-hostport-different-protocol
2015-05-19 01:18:40 -04:00
{
Name: "same-host-port-different-protocol",
Image: "image",
Ports: []api.ContainerPort{
{ContainerPort: 80, HostPort: 80, Protocol: "TCP"},
{ContainerPort: 80, HostPort: 80, Protocol: "UDP"},
},
Add TerminationMessagePolicy
2016-12-21 23:54:12 -05:00
ImagePullPolicy: "IfNotPresent",
TerminationMessagePolicy: "File",
Allow same-hostport-different-protocol
2015-05-19 01:18:40 -04:00
},
Add TerminationMessagePolicy
2016-12-21 23:54:12 -05:00
{
Name: "fallback-to-logs-termination-message",
Image: "image",
ImagePullPolicy: "IfNotPresent",
TerminationMessagePolicy: "FallbackToLogsOnError",
},
{
Name: "file-termination-message",
Image: "image",
ImagePullPolicy: "IfNotPresent",
TerminationMessagePolicy: "File",
},
pod spec must validate envFrom
2017-06-03 11:43:46 -04:00
{
Name: "env-from-source",
Image: "image",
ImagePullPolicy: "IfNotPresent",
TerminationMessagePolicy: "File",
EnvFrom: []api.EnvFromSource{
{
ConfigMapRef: &api.ConfigMapEnvSource{
LocalObjectReference: api.LocalObjectReference{
Name: "test",
},
},
},
},
},
Add TerminationMessagePolicy
2016-12-21 23:54:12 -05:00
{Name: "abc-1234", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File", SecurityContext: fakeValidSecurityContext(true)},
Add basic validation of Containers
2014-07-01 18:14:25 -04:00
}
Move FieldPath and errors to a sub-package This makes the naming and reading a lot simpler.
2015-11-06 18:30:52 -05:00
if errs := validateContainers(successCase, volumes, field.NewPath("field")); len(errs) != 0 {
Accumulate validation errors Rather than report the first error, accumulate all errors and report them all at once.
2014-07-08 02:20:30 -04:00
t.Errorf("expected success: %v", errs)
Add basic validation of Containers
2014-07-01 18:14:25 -04:00
}
Refactor to clean up names.
2014-09-16 18:18:33 -04:00
capabilities.SetForTests(capabilities.Capabilities{
Add a flag to reject privileged containers in the apiserver.
2014-09-16 10:04:12 -04:00
AllowPrivileged: false,
})
Make validation work when not in the api package.
2014-08-29 21:20:27 -04:00
errorCases := map[string][]api.Container{
Add TerminationMessagePolicy
2016-12-21 23:54:12 -05:00
"zero-length name": {{Name: "", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File"}},
image name may not have leading or trailing whitespace
2017-06-14 19:52:31 -04:00
"zero-length-image": {{Name: "abc", Image: "", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File"}},
Add TerminationMessagePolicy
2016-12-21 23:54:12 -05:00
"name > 63 characters": {{Name: strings.Repeat("a", 64), Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File"}},
"name not a DNS label": {{Name: "a.b.c", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File"}},
Add basic validation of Containers
2014-07-01 18:14:25 -04:00
"name not unique": {
Add TerminationMessagePolicy
2016-12-21 23:54:12 -05:00
{Name: "abc", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File"},
{Name: "abc", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File"},
Add basic validation of Containers
2014-07-01 18:14:25 -04:00
},
Add TerminationMessagePolicy
2016-12-21 23:54:12 -05:00
"zero-length image": {{Name: "abc", Image: "", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File"}},
Add validation of Ports Also do caseless compares for "enum" strings.
2014-07-08 00:32:56 -04:00
"host port not unique": {
Rename type Port to ContainerPort Sadly I had to do this by hand - I just could not get gorename to fix up users of it.
2015-02-23 17:25:56 -05:00
{Name: "abc", Image: "image", Ports: []api.ContainerPort{{ContainerPort: 80, HostPort: 80, Protocol: "TCP"}},
Add TerminationMessagePolicy
2016-12-21 23:54:12 -05:00
ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File"},
Rename type Port to ContainerPort Sadly I had to do this by hand - I just could not get gorename to fix up users of it.
2015-02-23 17:25:56 -05:00
{Name: "def", Image: "image", Ports: []api.ContainerPort{{ContainerPort: 81, HostPort: 80, Protocol: "TCP"}},
Add TerminationMessagePolicy
2016-12-21 23:54:12 -05:00
ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File"},
Add validation of Ports Also do caseless compares for "enum" strings.
2014-07-08 00:32:56 -04:00
},
Add validation for Container.Env This includes backwards compat with the older "key" field.
2014-07-01 18:56:30 -04:00
"invalid env var name": {
Relax restrictions on environment variable names. The POSIX standard restricts environment variable names to uppercase letters, digits, and the underscore character in shell contexts only. For generic application usage, it is stated that all other characters shall be tolerated. This change relaxes the rules to some degree. Namely, we stop requiring environment variable names to be strict C_IDENTIFIERS and start permitting lowercase, dot, and dash characters. Public container images using environment variable names beyond the shell-only context can benefit from this relaxation. Elasticsearch is one popular example.
2017-06-17 18:34:22 -04:00
{Name: "abc", Image: "image", Env: []api.EnvVar{{Name: "ev!1"}}, ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File"},
Add validation for Container.Env This includes backwards compat with the older "key" field.
2014-07-01 18:56:30 -04:00
},
Add validation of VolumeMounts
2014-07-04 22:46:56 -04:00
"unknown volume name": {
Fix tests in validation_test Some tests expect the error cases to fail for a specific reason, but they could fail for other reasons and still pass. This caused some changes to break the tests without noticing the breakage. Example are the recent defaulting PR This change fixes such tests and also updates some obsolete tests.
2015-02-04 18:44:46 -05:00
{Name: "abc", Image: "image", VolumeMounts: []api.VolumeMount{{Name: "anything", MountPath: "/foo"}},
Add TerminationMessagePolicy
2016-12-21 23:54:12 -05:00
ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File"},
Add validation of VolumeMounts
2014-07-04 22:46:56 -04:00
},
Add some lifecycle validation.
2014-09-12 19:04:10 -04:00
"invalid lifecycle, no exec command.": {
{
Name: "life-123",
Image: "image",
Lifecycle: &api.Lifecycle{
PreStop: &api.Handler{
Exec: &api.ExecAction{},
},
},
Add TerminationMessagePolicy
2016-12-21 23:54:12 -05:00
ImagePullPolicy: "IfNotPresent",
TerminationMessagePolicy: "File",
Add some lifecycle validation.
2014-09-12 19:04:10 -04:00
},
},
"invalid lifecycle, no http path.": {
{
Name: "life-123",
Image: "image",
Lifecycle: &api.Lifecycle{
PreStop: &api.Handler{
HTTPGet: &api.HTTPGetAction{},
},
},
Add TerminationMessagePolicy
2016-12-21 23:54:12 -05:00
ImagePullPolicy: "IfNotPresent",
TerminationMessagePolicy: "File",
Add some lifecycle validation.
2014-09-12 19:04:10 -04:00
},
},
TCPSocket could not be used as it was not checked in validation Attempting to use it gave the error "must register one handler". Added more tests for it.
2015-02-26 22:20:34 -05:00
"invalid lifecycle, no tcp socket port.": {
{
Name: "life-123",
Image: "image",
Lifecycle: &api.Lifecycle{
PreStop: &api.Handler{
TCPSocket: &api.TCPSocketAction{},
},
},
Add TerminationMessagePolicy
2016-12-21 23:54:12 -05:00
ImagePullPolicy: "IfNotPresent",
TerminationMessagePolicy: "File",
TCPSocket could not be used as it was not checked in validation Attempting to use it gave the error "must register one handler". Added more tests for it.
2015-02-26 22:20:34 -05:00
},
},
"invalid lifecycle, zero tcp socket port.": {
{
Name: "life-123",
Image: "image",
Lifecycle: &api.Lifecycle{
PreStop: &api.Handler{
TCPSocket: &api.TCPSocketAction{
Refactor IntOrString into a new pkg pkg/util/intstr is a cleaner encapsulation for this type and supporting functions. No behavioral change.
2015-11-10 01:28:45 -05:00
Port: intstr.FromInt(0),
TCPSocket could not be used as it was not checked in validation Attempting to use it gave the error "must register one handler". Added more tests for it.
2015-02-26 22:20:34 -05:00
},
},
},
Add TerminationMessagePolicy
2016-12-21 23:54:12 -05:00
ImagePullPolicy: "IfNotPresent",
TerminationMessagePolicy: "File",
TCPSocket could not be used as it was not checked in validation Attempting to use it gave the error "must register one handler". Added more tests for it.
2015-02-26 22:20:34 -05:00
},
},
Add some lifecycle validation.
2014-09-12 19:04:10 -04:00
"invalid lifecycle, no action.": {
{
Name: "life-123",
Image: "image",
Lifecycle: &api.Lifecycle{
PreStop: &api.Handler{},
},
Add TerminationMessagePolicy
2016-12-21 23:54:12 -05:00
ImagePullPolicy: "IfNotPresent",
TerminationMessagePolicy: "File",
Add some lifecycle validation.
2014-09-12 19:04:10 -04:00
},
},
TCPSocket could not be used as it was not checked in validation Attempting to use it gave the error "must register one handler". Added more tests for it.
2015-02-26 22:20:34 -05:00
"invalid liveness probe, no tcp socket port.": {
{
Name: "life-123",
Image: "image",
LivenessProbe: &api.Probe{
Handler: api.Handler{
TCPSocket: &api.TCPSocketAction{},
},
},
Add TerminationMessagePolicy
2016-12-21 23:54:12 -05:00
ImagePullPolicy: "IfNotPresent",
TerminationMessagePolicy: "File",
TCPSocket could not be used as it was not checked in validation Attempting to use it gave the error "must register one handler". Added more tests for it.
2015-02-26 22:20:34 -05:00
},
},
"invalid liveness probe, no action.": {
{
Name: "life-123",
Image: "image",
LivenessProbe: &api.Probe{
Handler: api.Handler{},
},
Add TerminationMessagePolicy
2016-12-21 23:54:12 -05:00
ImagePullPolicy: "IfNotPresent",
TerminationMessagePolicy: "File",
},
},
"invalid message termination policy": {
{
Name: "life-123",
Image: "image",
ImagePullPolicy: "IfNotPresent",
TerminationMessagePolicy: "Unknown",
},
},
"empty message termination policy": {
{
Name: "life-123",
Image: "image",
ImagePullPolicy: "IfNotPresent",
TerminationMessagePolicy: "",
TCPSocket could not be used as it was not checked in validation Attempting to use it gave the error "must register one handler". Added more tests for it.
2015-02-26 22:20:34 -05:00
},
},
Add a flag to reject privileged containers in the apiserver.
2014-09-16 10:04:12 -04:00
"privilege disabled": {
Revert "Revert "Security context - types, kubelet, admission""
2015-05-05 19:02:13 -04:00
{Name: "abc", Image: "image", SecurityContext: fakeValidSecurityContext(true)},
Add a flag to reject privileged containers in the apiserver.
2014-09-16 10:04:12 -04:00
},
Adding ResourceRequirementSpec to v1beta1, v1beta2, and v1beta3 APIs. The old resource quantities 'CPU' and 'Memory' will be preserved until support for v1beta1 and v1beta2 APIs are dropped. Improved resource validation in the process.
2015-01-24 23:19:36 -05:00
"invalid compute resource": {
{
Name: "abc-123",
Image: "image",
Rename ResourceRequirementSpec to ResourceRequirements.
2015-02-09 17:44:32 -05:00
Resources: api.ResourceRequirements{
Adding ResourceRequirementSpec to v1beta1, v1beta2, and v1beta3 APIs. The old resource quantities 'CPU' and 'Memory' will be preserved until support for v1beta1 and v1beta2 APIs are dropped. Improved resource validation in the process.
2015-01-24 23:19:36 -05:00
Limits: api.ResourceList{
"disk": resource.MustParse("10G"),
},
},
Add TerminationMessagePolicy
2016-12-21 23:54:12 -05:00
ImagePullPolicy: "IfNotPresent",
TerminationMessagePolicy: "File",
Adding ResourceRequirementSpec to v1beta1, v1beta2, and v1beta3 APIs. The old resource quantities 'CPU' and 'Memory' will be preserved until support for v1beta1 and v1beta2 APIs are dropped. Improved resource validation in the process.
2015-01-24 23:19:36 -05:00
},
},
"Resource CPU invalid": {
{
Name: "abc-123",
Image: "image",
Rename ResourceRequirementSpec to ResourceRequirements.
2015-02-09 17:44:32 -05:00
Resources: api.ResourceRequirements{
Adding ResourceRequirementSpec to v1beta1, v1beta2, and v1beta3 APIs. The old resource quantities 'CPU' and 'Memory' will be preserved until support for v1beta1 and v1beta2 APIs are dropped. Improved resource validation in the process.
2015-01-24 23:19:36 -05:00
Limits: getResourceLimits("-10", "0"),
},
Add TerminationMessagePolicy
2016-12-21 23:54:12 -05:00
ImagePullPolicy: "IfNotPresent",
TerminationMessagePolicy: "File",
Adding ResourceRequirementSpec to v1beta1, v1beta2, and v1beta3 APIs. The old resource quantities 'CPU' and 'Memory' will be preserved until support for v1beta1 and v1beta2 APIs are dropped. Improved resource validation in the process.
2015-01-24 23:19:36 -05:00
},
},
Improve container resource requirements validation
2015-04-20 14:56:15 -04:00
"Resource Requests CPU invalid": {
{
Name: "abc-123",
Image: "image",
Resources: api.ResourceRequirements{
Requests: getResourceLimits("-10", "0"),
},
Add TerminationMessagePolicy
2016-12-21 23:54:12 -05:00
ImagePullPolicy: "IfNotPresent",
TerminationMessagePolicy: "File",
Improve container resource requirements validation
2015-04-20 14:56:15 -04:00
},
},
Adding ResourceRequirementSpec to v1beta1, v1beta2, and v1beta3 APIs. The old resource quantities 'CPU' and 'Memory' will be preserved until support for v1beta1 and v1beta2 APIs are dropped. Improved resource validation in the process.
2015-01-24 23:19:36 -05:00
"Resource Memory invalid": {
{
Name: "abc-123",
Image: "image",
Rename ResourceRequirementSpec to ResourceRequirements.
2015-02-09 17:44:32 -05:00
Resources: api.ResourceRequirements{
Adding ResourceRequirementSpec to v1beta1, v1beta2, and v1beta3 APIs. The old resource quantities 'CPU' and 'Memory' will be preserved until support for v1beta1 and v1beta2 APIs are dropped. Improved resource validation in the process.
2015-01-24 23:19:36 -05:00
Limits: getResourceLimits("0", "-10"),
},
Add TerminationMessagePolicy
2016-12-21 23:54:12 -05:00
ImagePullPolicy: "IfNotPresent",
TerminationMessagePolicy: "File",
Adding ResourceRequirementSpec to v1beta1, v1beta2, and v1beta3 APIs. The old resource quantities 'CPU' and 'Memory' will be preserved until support for v1beta1 and v1beta2 APIs are dropped. Improved resource validation in the process.
2015-01-24 23:19:36 -05:00
},
},
Fix GPU resource validation Because of defaulting, requests are always set if limits are. Thus, the check can never succeed. Instead, make sure that the two values are equal. Also, remove a few other error messages and remove unnecessary Sprintf calls.
2016-07-10 16:09:16 -04:00
"Resource GPU limit must match request": {
WIP v0 NVIDIA GPU support Implements part of #24071 I am not familiar with the scheduler enough to know what to do with the scores. Punting for now. Missing items from the implementation plan: limitranger, rkt support, kubectl support and user docs
2016-04-26 20:54:19 -04:00
{
Fix GPU resource validation Because of defaulting, requests are always set if limits are. Thus, the check can never succeed. Instead, make sure that the two values are equal. Also, remove a few other error messages and remove unnecessary Sprintf calls.
2016-07-10 16:09:16 -04:00
Name: "gpu-resource-request-limit",
WIP v0 NVIDIA GPU support Implements part of #24071 I am not familiar with the scheduler enough to know what to do with the scores. Punting for now. Missing items from the implementation plan: limitranger, rkt support, kubectl support and user docs
2016-04-26 20:54:19 -04:00
Image: "image",
Resources: api.ResourceRequirements{
Requests: api.ResourceList{
api.ResourceName(api.ResourceCPU): resource.MustParse("10"),
api.ResourceName(api.ResourceMemory): resource.MustParse("10G"),
Fix GPU resource validation Because of defaulting, requests are always set if limits are. Thus, the check can never succeed. Instead, make sure that the two values are equal. Also, remove a few other error messages and remove unnecessary Sprintf calls.
2016-07-10 16:09:16 -04:00
api.ResourceName(api.ResourceNvidiaGPU): resource.MustParse("0"),
WIP v0 NVIDIA GPU support Implements part of #24071 I am not familiar with the scheduler enough to know what to do with the scores. Punting for now. Missing items from the implementation plan: limitranger, rkt support, kubectl support and user docs
2016-04-26 20:54:19 -04:00
},
Limits: api.ResourceList{
api.ResourceName(api.ResourceCPU): resource.MustParse("10"),
api.ResourceName(api.ResourceMemory): resource.MustParse("10G"),
api.ResourceName(api.ResourceNvidiaGPU): resource.MustParse("1"),
},
},
Add TerminationMessagePolicy
2016-12-21 23:54:12 -05:00
TerminationMessagePolicy: "File",
ImagePullPolicy: "IfNotPresent",
WIP v0 NVIDIA GPU support Implements part of #24071 I am not familiar with the scheduler enough to know what to do with the scores. Punting for now. Missing items from the implementation plan: limitranger, rkt support, kubectl support and user docs
2016-04-26 20:54:19 -04:00
},
},
fix GPU resource validation incorrectly allows zero limits
2017-08-06 22:13:11 -04:00
"Resource GPU invalid setting only request": {
{
Name: "gpu-resource-request-limit",
Image: "image",
Resources: api.ResourceRequirements{
Requests: api.ResourceList{
api.ResourceName(api.ResourceCPU): resource.MustParse("10"),
api.ResourceName(api.ResourceMemory): resource.MustParse("10G"),
api.ResourceName(api.ResourceNvidiaGPU): resource.MustParse("1"),
},
},
TerminationMessagePolicy: "File",
ImagePullPolicy: "IfNotPresent",
},
},
Add support for request
2015-07-30 15:59:22 -04:00
"Request limit simple invalid": {
{
Name: "abc-123",
Image: "image",
Resources: api.ResourceRequirements{
Limits: getResourceLimits("5", "3"),
Requests: getResourceLimits("6", "3"),
},
Add TerminationMessagePolicy
2016-12-21 23:54:12 -05:00
ImagePullPolicy: "IfNotPresent",
TerminationMessagePolicy: "File",
Add support for request
2015-07-30 15:59:22 -04:00
},
},
"Request limit multiple invalid": {
{
Name: "abc-123",
Image: "image",
Resources: api.ResourceRequirements{
Limits: getResourceLimits("5", "3"),
Requests: getResourceLimits("6", "4"),
},
Add TerminationMessagePolicy
2016-12-21 23:54:12 -05:00
ImagePullPolicy: "IfNotPresent",
TerminationMessagePolicy: "File",
Add support for request
2015-07-30 15:59:22 -04:00
},
},
pod spec must validate envFrom
2017-06-03 11:43:46 -04:00
"Invalid env from": {
{
Name: "env-from-source",
Image: "image",
ImagePullPolicy: "IfNotPresent",
TerminationMessagePolicy: "File",
EnvFrom: []api.EnvFromSource{
{
ConfigMapRef: &api.ConfigMapEnvSource{
LocalObjectReference: api.LocalObjectReference{
Name: "$%^&*#",
},
},
},
},
},
},
Add basic validation of Containers
2014-07-01 18:14:25 -04:00
}
for k, v := range errorCases {
Move FieldPath and errors to a sub-package This makes the naming and reading a lot simpler.
2015-11-06 18:30:52 -05:00
if errs := validateContainers(v, volumes, field.NewPath("field")); len(errs) == 0 {
Add basic validation of Containers
2014-07-01 18:14:25 -04:00
t.Errorf("expected failure for %s", k)
}
}
}
Introduce the simplest RestartPolicy and handling.
2014-08-26 14:25:17 -04:00
func TestValidateRestartPolicy(t *testing.T) {
successCases := []api.RestartPolicy{
Convert RestartPolicy to string for v1beta3. Fixed #3607 and spiritually support #5475
2015-03-13 21:38:07 -04:00
api.RestartPolicyAlways,
api.RestartPolicyOnFailure,
api.RestartPolicyNever,
Introduce the simplest RestartPolicy and handling.
2014-08-26 14:25:17 -04:00
}
for _, policy := range successCases {
Move FieldPath and errors to a sub-package This makes the naming and reading a lot simpler.
2015-11-06 18:30:52 -05:00
if errs := validateRestartPolicy(&policy, field.NewPath("field")); len(errs) != 0 {
Introduce the simplest RestartPolicy and handling.
2014-08-26 14:25:17 -04:00
t.Errorf("expected success: %v", errs)
}
}
Convert RestartPolicy to string for v1beta3. Fixed #3607 and spiritually support #5475
2015-03-13 21:38:07 -04:00
errorCases := []api.RestartPolicy{"", "newpolicy"}
Introduce the simplest RestartPolicy and handling.
2014-08-26 14:25:17 -04:00
for k, policy := range errorCases {
Move FieldPath and errors to a sub-package This makes the naming and reading a lot simpler.
2015-11-06 18:30:52 -05:00
if errs := validateRestartPolicy(&policy, field.NewPath("field")); len(errs) == 0 {
Fix format specifiers in Printf-type functions.
2014-10-09 20:06:32 -04:00
t.Errorf("expected failure for %d", k)
Introduce the simplest RestartPolicy and handling.
2014-08-26 14:25:17 -04:00
}
}
Beef up validation tests
2015-01-06 14:11:52 -05:00
}
Introduce the simplest RestartPolicy and handling.
2014-08-26 14:25:17 -04:00
Beef up validation tests
2015-01-06 14:11:52 -05:00
func TestValidateDNSPolicy(t *testing.T) {
Factor out API defaulting from validation logic Currently, the validation logic validates fields in an object and supply default values wherever applies. This change factors out defaulting to a set of defaulting callback functions for decoding (see #1502 for more discussion). * This change is based on pull request 2587. * Most defaulting has been migrated to defaults.go where the defaulting functions are added. * validation_test.go and converter_test.go have been adapted to not testing the default values. * Fixed all tests with that create invalid objects with the absence of defaulting logic.
2015-01-26 12:52:50 -05:00
successCases := []api.DNSPolicy{api.DNSClusterFirst, api.DNSDefault, api.DNSPolicy(api.DNSClusterFirst)}
Beef up validation tests
2015-01-06 14:11:52 -05:00
for _, policy := range successCases {
Move FieldPath and errors to a sub-package This makes the naming and reading a lot simpler.
2015-11-06 18:30:52 -05:00
if errs := validateDNSPolicy(&policy, field.NewPath("field")); len(errs) != 0 {
Beef up validation tests
2015-01-06 14:11:52 -05:00
t.Errorf("expected success: %v", errs)
}
}
errorCases := []api.DNSPolicy{api.DNSPolicy("invalid")}
for _, policy := range errorCases {
Move FieldPath and errors to a sub-package This makes the naming and reading a lot simpler.
2015-11-06 18:30:52 -05:00
if errs := validateDNSPolicy(&policy, field.NewPath("field")); len(errs) == 0 {
Beef up validation tests
2015-01-06 14:11:52 -05:00
t.Errorf("expected failure for %v", policy)
}
}
Introduce the simplest RestartPolicy and handling.
2014-08-26 14:25:17 -04:00
}
Beef up validation tests
2015-01-06 14:11:52 -05:00
func TestValidatePodSpec(t *testing.T) {
Kubelet kills a pod that exceeds ActiveDeadlineSeconds
2015-05-09 01:01:43 -04:00
activeDeadlineSeconds := int64(30)
Fix cross-compile error
2017-05-31 16:10:22 -04:00
activeDeadlineSecondsMax := int64(math.MaxInt32)
Use dedicated Unix User and Group ID types
2017-04-20 06:57:07 -04:00
Remove all references to types.UnixUserID and types.UnixGroupID
2017-06-21 03:13:36 -04:00
minUserID := int64(0)
maxUserID := int64(2147483647)
minGroupID := int64(0)
maxGroupID := int64(2147483647)
Use dedicated Unix User and Group ID types
2017-04-20 06:57:07 -04:00
Add priority to Kubernetes API
2017-05-09 21:25:34 -04:00
priorityEnabled := utilfeature.DefaultFeatureGate.Enabled("PodPriority")
defer func() {
var err error
// restoring the old value
if priorityEnabled {
err = utilfeature.DefaultFeatureGate.Set("PodPriority=true")
} else {
err = utilfeature.DefaultFeatureGate.Set("PodPriority=false")
}
if err != nil {
t.Errorf("Failed to restore feature gate for PodPriority: %v", err)
}
}()
err := utilfeature.DefaultFeatureGate.Set("PodPriority=true")
if err != nil {
t.Errorf("Failed to enable feature gate for PodPriority: %v", err)
return
}
Beef up validation tests
2015-01-06 14:11:52 -05:00
successCases := []api.PodSpec{
{ // Populate basic fields, leave defaults for most.
Embed VolumeSource in v1beta3 and internal.
2015-03-03 17:48:55 -05:00
Volumes: []api.Volume{{Name: "vol", VolumeSource: api.VolumeSource{EmptyDir: &api.EmptyDirVolumeSource{}}}},
Add TerminationMessagePolicy
2016-12-21 23:54:12 -05:00
Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File"}},
Convert RestartPolicy to string for v1beta3. Fixed #3607 and spiritually support #5475
2015-03-13 21:38:07 -04:00
RestartPolicy: api.RestartPolicyAlways,
Factor out API defaulting from validation logic Currently, the validation logic validates fields in an object and supply default values wherever applies. This change factors out defaulting to a set of defaulting callback functions for decoding (see #1502 for more discussion). * This change is based on pull request 2587. * Most defaulting has been migrated to defaults.go where the defaulting functions are added. * validation_test.go and converter_test.go have been adapted to not testing the default values. * Fixed all tests with that create invalid objects with the absence of defaulting logic.
2015-01-26 12:52:50 -05:00
DNSPolicy: api.DNSClusterFirst,
Beef up validation tests
2015-01-06 14:11:52 -05:00
},
{ // Populate all fields.
Volumes: []api.Volume{
Embed VolumeSource in v1beta3 and internal.
2015-03-03 17:48:55 -05:00
{Name: "vol", VolumeSource: api.VolumeSource{EmptyDir: &api.EmptyDirVolumeSource{}}},
Beef up validation tests
2015-01-06 14:11:52 -05:00
},
Add TerminationMessagePolicy
2016-12-21 23:54:12 -05:00
Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File"}},
InitContainers: []api.Container{{Name: "ictr", Image: "iimage", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File"}},
Fix update validation for pods w/init containers.
2016-07-04 16:30:54 -04:00
RestartPolicy: api.RestartPolicyAlways,
Beef up validation tests
2015-01-06 14:11:52 -05:00
NodeSelector: map[string]string{
"key": "value",
Refactor tests to split ObjectMeta from TypeMeta
2014-10-23 16:51:34 -04:00
},
update PodSpec.Host to PodSpec.NodeName in /pkg/api/types.go and /pkg/api/v1beta3/types.go
2015-05-22 19:40:57 -04:00
NodeName: "foobar",
Kubelet kills a pod that exceeds ActiveDeadlineSeconds
2015-05-09 01:01:43 -04:00
DNSPolicy: api.DNSClusterFirst,
ActiveDeadlineSeconds: &activeDeadlineSeconds,
Rename pod.spec.serviceAccount -> pod.spec.serviceAccountName for v1
2015-06-18 22:35:42 -04:00
ServiceAccountName: "acct",
Beef up validation tests
2015-01-06 14:11:52 -05:00
},
Active deadline seconds validation improvements
2017-05-30 14:57:06 -04:00
{ // Populate all fields with larger active deadline.
Volumes: []api.Volume{
{Name: "vol", VolumeSource: api.VolumeSource{EmptyDir: &api.EmptyDirVolumeSource{}}},
},
Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File"}},
InitContainers: []api.Container{{Name: "ictr", Image: "iimage", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File"}},
RestartPolicy: api.RestartPolicyAlways,
NodeSelector: map[string]string{
"key": "value",
},
NodeName: "foobar",
DNSPolicy: api.DNSClusterFirst,
ActiveDeadlineSeconds: &activeDeadlineSecondsMax,
ServiceAccountName: "acct",
},
Add HostNetworking container option to API. This allows a container to run within the same networking namespace as the host. This will be locked down by default using a flag on the master and nodes (similar to how privileged is handled today).
2015-03-23 19:34:35 -04:00
{ // Populate HostNetwork.
Containers: []api.Container{
Add TerminationMessagePolicy
2016-12-21 23:54:12 -05:00
{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File",
Ports: []api.ContainerPort{
{HostPort: 8080, ContainerPort: 8080, Protocol: "TCP"}},
Add HostNetworking container option to API. This allows a container to run within the same networking namespace as the host. This will be locked down by default using a flag on the master and nodes (similar to how privileged is handled today).
2015-03-23 19:34:35 -04:00
},
},
Add PodSecurityContext and backward compatibility tests
2015-09-14 17:56:51 -04:00
SecurityContext: &api.PodSecurityContext{
HostNetwork: true,
},
Add HostNetworking container option to API. This allows a container to run within the same networking namespace as the host. This will be locked down by default using a flag on the master and nodes (similar to how privileged is handled today).
2015-03-23 19:34:35 -04:00
RestartPolicy: api.RestartPolicyAlways,
DNSPolicy: api.DNSClusterFirst,
},
Validate uids and gids for securitycontext
2015-11-19 21:42:02 -05:00
{ // Populate RunAsUser SupplementalGroups FSGroup with minID 0
Add TerminationMessagePolicy
2016-12-21 23:54:12 -05:00
Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File"}},
Validate uids and gids for securitycontext
2015-11-19 21:42:02 -05:00
SecurityContext: &api.PodSecurityContext{
Remove all references to types.UnixUserID and types.UnixGroupID
2017-06-21 03:13:36 -04:00
SupplementalGroups: []int64{minGroupID},
Use dedicated Unix User and Group ID types
2017-04-20 06:57:07 -04:00
RunAsUser: &minUserID,
FSGroup: &minGroupID,
Validate uids and gids for securitycontext
2015-11-19 21:42:02 -05:00
},
RestartPolicy: api.RestartPolicyAlways,
DNSPolicy: api.DNSClusterFirst,
},
{ // Populate RunAsUser SupplementalGroups FSGroup with maxID 2147483647
Add TerminationMessagePolicy
2016-12-21 23:54:12 -05:00
Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File"}},
Validate uids and gids for securitycontext
2015-11-19 21:42:02 -05:00
SecurityContext: &api.PodSecurityContext{
Remove all references to types.UnixUserID and types.UnixGroupID
2017-06-21 03:13:36 -04:00
SupplementalGroups: []int64{maxGroupID},
Use dedicated Unix User and Group ID types
2017-04-20 06:57:07 -04:00
RunAsUser: &maxUserID,
FSGroup: &maxGroupID,
Validate uids and gids for securitycontext
2015-11-19 21:42:02 -05:00
},
RestartPolicy: api.RestartPolicyAlways,
DNSPolicy: api.DNSClusterFirst,
},
use infra container ns for ipc
2015-09-21 11:34:02 -04:00
{ // Populate HostIPC.
Add PodSecurityContext and backward compatibility tests
2015-09-14 17:56:51 -04:00
SecurityContext: &api.PodSecurityContext{
HostIPC: true,
},
use infra container ns for ipc
2015-09-21 11:34:02 -04:00
Volumes: []api.Volume{{Name: "vol", VolumeSource: api.VolumeSource{EmptyDir: &api.EmptyDirVolumeSource{}}}},
Add TerminationMessagePolicy
2016-12-21 23:54:12 -05:00
Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File"}},
use infra container ns for ipc
2015-09-21 11:34:02 -04:00
RestartPolicy: api.RestartPolicyAlways,
DNSPolicy: api.DNSClusterFirst,
},
{ // Populate HostPID.
Add PodSecurityContext and backward compatibility tests
2015-09-14 17:56:51 -04:00
SecurityContext: &api.PodSecurityContext{
HostPID: true,
},
use infra container ns for ipc
2015-09-21 11:34:02 -04:00
Volumes: []api.Volume{{Name: "vol", VolumeSource: api.VolumeSource{EmptyDir: &api.EmptyDirVolumeSource{}}}},
Add TerminationMessagePolicy
2016-12-21 23:54:12 -05:00
Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File"}},
use infra container ns for ipc
2015-09-21 11:34:02 -04:00
RestartPolicy: api.RestartPolicyAlways,
DNSPolicy: api.DNSClusterFirst,
},
implement Node affinity and NodeSelector
2016-01-26 18:03:18 -05:00
{ // Populate Affinity.
Volumes: []api.Volume{{Name: "vol", VolumeSource: api.VolumeSource{EmptyDir: &api.EmptyDirVolumeSource{}}}},
Add TerminationMessagePolicy
2016-12-21 23:54:12 -05:00
Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File"}},
implement Node affinity and NodeSelector
2016-01-26 18:03:18 -05:00
RestartPolicy: api.RestartPolicyAlways,
DNSPolicy: api.DNSClusterFirst,
},
validate HostAliases have valid IP and hostnames
2017-04-26 16:22:09 -04:00
{ // Populate HostAliases.
HostAliases: []api.HostAlias{{IP: "12.34.56.78", Hostnames: []string{"host1", "host2"}}},
Volumes: []api.Volume{{Name: "vol", VolumeSource: api.VolumeSource{EmptyDir: &api.EmptyDirVolumeSource{}}}},
Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File"}},
RestartPolicy: api.RestartPolicyAlways,
DNSPolicy: api.DNSClusterFirst,
},
remove validation disallowing hostAlias with hostNetwork
2017-08-14 18:39:14 -04:00
{ // Populate HostAliases with `foo.bar` hostnames.
add test case for `foo.bar` instead of just `foo` hostnames for hostAlias validations
2017-06-01 19:45:42 -04:00
HostAliases: []api.HostAlias{{IP: "12.34.56.78", Hostnames: []string{"host1.foo", "host2.bar"}}},
Volumes: []api.Volume{{Name: "vol", VolumeSource: api.VolumeSource{EmptyDir: &api.EmptyDirVolumeSource{}}}},
Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File"}},
RestartPolicy: api.RestartPolicyAlways,
DNSPolicy: api.DNSClusterFirst,
},
remove validation disallowing hostAlias with hostNetwork
2017-08-14 18:39:14 -04:00
{ // Populate HostAliases with HostNetwork.
HostAliases: []api.HostAlias{{IP: "12.34.56.78", Hostnames: []string{"host1.foo", "host2.bar"}}},
Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File"}},
SecurityContext: &api.PodSecurityContext{
HostNetwork: true,
},
RestartPolicy: api.RestartPolicyAlways,
DNSPolicy: api.DNSClusterFirst,
},
Add priority to Kubernetes API
2017-05-09 21:25:34 -04:00
{ // Populate PriorityClassName.
Volumes: []api.Volume{{Name: "vol", VolumeSource: api.VolumeSource{EmptyDir: &api.EmptyDirVolumeSource{}}}},
Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File"}},
RestartPolicy: api.RestartPolicyAlways,
DNSPolicy: api.DNSClusterFirst,
PriorityClassName: "valid-name",
},
Beef up validation tests
2015-01-06 14:11:52 -05:00
}
for i := range successCases {
Move FieldPath and errors to a sub-package This makes the naming and reading a lot simpler.
2015-11-06 18:30:52 -05:00
if errs := ValidatePodSpec(&successCases[i], field.NewPath("field")); len(errs) != 0 {
Beef up validation tests
2015-01-06 14:11:52 -05:00
t.Errorf("expected success: %v", errs)
}
}
Kubelet kills a pod that exceeds ActiveDeadlineSeconds
2015-05-09 01:01:43 -04:00
activeDeadlineSeconds = int64(0)
Fix cross-compile error
2017-05-31 16:10:22 -04:00
activeDeadlineSecondsTooLarge := int64(math.MaxInt32 + 1)
Use dedicated Unix User and Group ID types
2017-04-20 06:57:07 -04:00
Remove all references to types.UnixUserID and types.UnixGroupID
2017-06-21 03:13:36 -04:00
minUserID = int64(-1)
maxUserID = int64(2147483648)
minGroupID = int64(-1)
maxGroupID = int64(2147483648)
Use dedicated Unix User and Group ID types
2017-04-20 06:57:07 -04:00
Beef up validation tests
2015-01-06 14:11:52 -05:00
failureCases := map[string]api.PodSpec{
"bad volume": {
Fix tests in validation_test Some tests expect the error cases to fail for a specific reason, but they could fail for other reasons and still pass. This caused some changes to break the tests without noticing the breakage. Example are the recent defaulting PR This change fixes such tests and also updates some obsolete tests.
2015-02-04 18:44:46 -05:00
Volumes: []api.Volume{{}},
Convert RestartPolicy to string for v1beta3. Fixed #3607 and spiritually support #5475
2015-03-13 21:38:07 -04:00
RestartPolicy: api.RestartPolicyAlways,
Fix tests in validation_test Some tests expect the error cases to fail for a specific reason, but they could fail for other reasons and still pass. This caused some changes to break the tests without noticing the breakage. Example are the recent defaulting PR This change fixes such tests and also updates some obsolete tests.
2015-02-04 18:44:46 -05:00
DNSPolicy: api.DNSClusterFirst,
Add TerminationMessagePolicy
2016-12-21 23:54:12 -05:00
Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File"}},
Validate that there is at least one container in the pod
2015-03-18 11:00:18 -04:00
},
"no containers": {
RestartPolicy: api.RestartPolicyAlways,
DNSPolicy: api.DNSClusterFirst,
Add RestartPolicy to Pod and PodTemplate
2014-07-22 14:45:12 -04:00
},
Beef up validation tests
2015-01-06 14:11:52 -05:00
"bad container": {
Fix tests in validation_test Some tests expect the error cases to fail for a specific reason, but they could fail for other reasons and still pass. This caused some changes to break the tests without noticing the breakage. Example are the recent defaulting PR This change fixes such tests and also updates some obsolete tests.
2015-02-04 18:44:46 -05:00
Containers: []api.Container{{}},
Convert RestartPolicy to string for v1beta3. Fixed #3607 and spiritually support #5475
2015-03-13 21:38:07 -04:00
RestartPolicy: api.RestartPolicyAlways,
Fix tests in validation_test Some tests expect the error cases to fail for a specific reason, but they could fail for other reasons and still pass. This caused some changes to break the tests without noticing the breakage. Example are the recent defaulting PR This change fixes such tests and also updates some obsolete tests.
2015-02-04 18:44:46 -05:00
DNSPolicy: api.DNSClusterFirst,
Beef up validation tests
2015-01-06 14:11:52 -05:00
},
Fix update validation for pods w/init containers.
2016-07-04 16:30:54 -04:00
"bad init container": {
Add TerminationMessagePolicy
2016-12-21 23:54:12 -05:00
Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File"}},
Fix update validation for pods w/init containers.
2016-07-04 16:30:54 -04:00
InitContainers: []api.Container{{}},
RestartPolicy: api.RestartPolicyAlways,
DNSPolicy: api.DNSClusterFirst,
},
Beef up validation tests
2015-01-06 14:11:52 -05:00
"bad DNS policy": {
Fix tests in validation_test Some tests expect the error cases to fail for a specific reason, but they could fail for other reasons and still pass. This caused some changes to break the tests without noticing the breakage. Example are the recent defaulting PR This change fixes such tests and also updates some obsolete tests.
2015-02-04 18:44:46 -05:00
DNSPolicy: api.DNSPolicy("invalid"),
Convert RestartPolicy to string for v1beta3. Fixed #3607 and spiritually support #5475
2015-03-13 21:38:07 -04:00
RestartPolicy: api.RestartPolicyAlways,
Add TerminationMessagePolicy
2016-12-21 23:54:12 -05:00
Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File"}},
Fix tests in validation_test Some tests expect the error cases to fail for a specific reason, but they could fail for other reasons and still pass. This caused some changes to break the tests without noticing the breakage. Example are the recent defaulting PR This change fixes such tests and also updates some obsolete tests.
2015-02-04 18:44:46 -05:00
},
Validate service account name in pod spec
2015-06-11 17:16:58 -04:00
"bad service account name": {
Add TerminationMessagePolicy
2016-12-21 23:54:12 -05:00
Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File"}},
Rename pod.spec.serviceAccount -> pod.spec.serviceAccountName for v1
2015-06-18 22:35:42 -04:00
RestartPolicy: api.RestartPolicyAlways,
DNSPolicy: api.DNSClusterFirst,
ServiceAccountName: "invalidName",
Validate service account name in pod spec
2015-06-11 17:16:58 -04:00
},
Fix tests in validation_test Some tests expect the error cases to fail for a specific reason, but they could fail for other reasons and still pass. This caused some changes to break the tests without noticing the breakage. Example are the recent defaulting PR This change fixes such tests and also updates some obsolete tests.
2015-02-04 18:44:46 -05:00
"bad restart policy": {
Convert RestartPolicy to string for v1beta3. Fixed #3607 and spiritually support #5475
2015-03-13 21:38:07 -04:00
RestartPolicy: "UnknowPolicy",
Fix tests in validation_test Some tests expect the error cases to fail for a specific reason, but they could fail for other reasons and still pass. This caused some changes to break the tests without noticing the breakage. Example are the recent defaulting PR This change fixes such tests and also updates some obsolete tests.
2015-02-04 18:44:46 -05:00
DNSPolicy: api.DNSClusterFirst,
Add TerminationMessagePolicy
2016-12-21 23:54:12 -05:00
Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File"}},
Beef up validation tests
2015-01-06 14:11:52 -05:00
},
Add HostNetworking container option to API. This allows a container to run within the same networking namespace as the host. This will be locked down by default using a flag on the master and nodes (similar to how privileged is handled today).
2015-03-23 19:34:35 -04:00
"with hostNetwork hostPort not equal to containerPort": {
Containers: []api.Container{
{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent", Ports: []api.ContainerPort{
{HostPort: 8080, ContainerPort: 2600, Protocol: "TCP"}},
},
},
Add PodSecurityContext and backward compatibility tests
2015-09-14 17:56:51 -04:00
SecurityContext: &api.PodSecurityContext{
HostNetwork: true,
},
Add HostNetworking container option to API. This allows a container to run within the same networking namespace as the host. This will be locked down by default using a flag on the master and nodes (similar to how privileged is handled today).
2015-03-23 19:34:35 -04:00
RestartPolicy: api.RestartPolicyAlways,
DNSPolicy: api.DNSClusterFirst,
},
validate HostAliases have valid IP and hostnames
2017-04-26 16:22:09 -04:00
"with hostAliases with invalid IP": {
SecurityContext: &api.PodSecurityContext{
HostNetwork: false,
},
HostAliases: []api.HostAlias{{IP: "999.999.999.999", Hostnames: []string{"host1", "host2"}}},
},
"with hostAliases with invalid hostname": {
SecurityContext: &api.PodSecurityContext{
HostNetwork: false,
},
HostAliases: []api.HostAlias{{IP: "12.34.56.78", Hostnames: []string{"@#$^#@#$"}}},
},
Validate uids and gids for securitycontext
2015-11-19 21:42:02 -05:00
"bad supplementalGroups large than math.MaxInt32": {
Add TerminationMessagePolicy
2016-12-21 23:54:12 -05:00
Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File"}},
Validate uids and gids for securitycontext
2015-11-19 21:42:02 -05:00
SecurityContext: &api.PodSecurityContext{
HostNetwork: false,
Remove all references to types.UnixUserID and types.UnixGroupID
2017-06-21 03:13:36 -04:00
SupplementalGroups: []int64{maxGroupID, 1234},
Validate uids and gids for securitycontext
2015-11-19 21:42:02 -05:00
},
RestartPolicy: api.RestartPolicyAlways,
DNSPolicy: api.DNSClusterFirst,
},
"bad supplementalGroups less than 0": {
Add TerminationMessagePolicy
2016-12-21 23:54:12 -05:00
Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File"}},
Validate uids and gids for securitycontext
2015-11-19 21:42:02 -05:00
SecurityContext: &api.PodSecurityContext{
HostNetwork: false,
Remove all references to types.UnixUserID and types.UnixGroupID
2017-06-21 03:13:36 -04:00
SupplementalGroups: []int64{minGroupID, 1234},
Validate uids and gids for securitycontext
2015-11-19 21:42:02 -05:00
},
RestartPolicy: api.RestartPolicyAlways,
DNSPolicy: api.DNSClusterFirst,
},
"bad runAsUser large than math.MaxInt32": {
Add TerminationMessagePolicy
2016-12-21 23:54:12 -05:00
Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File"}},
Validate uids and gids for securitycontext
2015-11-19 21:42:02 -05:00
SecurityContext: &api.PodSecurityContext{
HostNetwork: false,
Use dedicated Unix User and Group ID types
2017-04-20 06:57:07 -04:00
RunAsUser: &maxUserID,
Validate uids and gids for securitycontext
2015-11-19 21:42:02 -05:00
},
RestartPolicy: api.RestartPolicyAlways,
DNSPolicy: api.DNSClusterFirst,
},
"bad runAsUser less than 0": {
Add TerminationMessagePolicy
2016-12-21 23:54:12 -05:00
Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File"}},
Validate uids and gids for securitycontext
2015-11-19 21:42:02 -05:00
SecurityContext: &api.PodSecurityContext{
HostNetwork: false,
Use dedicated Unix User and Group ID types
2017-04-20 06:57:07 -04:00
RunAsUser: &minUserID,
Validate uids and gids for securitycontext
2015-11-19 21:42:02 -05:00
},
RestartPolicy: api.RestartPolicyAlways,
DNSPolicy: api.DNSClusterFirst,
},
"bad fsGroup large than math.MaxInt32": {
Add TerminationMessagePolicy
2016-12-21 23:54:12 -05:00
Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File"}},
Validate uids and gids for securitycontext
2015-11-19 21:42:02 -05:00
SecurityContext: &api.PodSecurityContext{
HostNetwork: false,
Use dedicated Unix User and Group ID types
2017-04-20 06:57:07 -04:00
FSGroup: &maxGroupID,
Validate uids and gids for securitycontext
2015-11-19 21:42:02 -05:00
},
RestartPolicy: api.RestartPolicyAlways,
DNSPolicy: api.DNSClusterFirst,
},
"bad fsGroup less than 0": {
Add TerminationMessagePolicy
2016-12-21 23:54:12 -05:00
Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File"}},
Validate uids and gids for securitycontext
2015-11-19 21:42:02 -05:00
SecurityContext: &api.PodSecurityContext{
HostNetwork: false,
Use dedicated Unix User and Group ID types
2017-04-20 06:57:07 -04:00
FSGroup: &minGroupID,
Validate uids and gids for securitycontext
2015-11-19 21:42:02 -05:00
},
RestartPolicy: api.RestartPolicyAlways,
DNSPolicy: api.DNSClusterFirst,
},
Kubelet kills a pod that exceeds ActiveDeadlineSeconds
2015-05-09 01:01:43 -04:00
"bad-active-deadline-seconds": {
Volumes: []api.Volume{
{Name: "vol", VolumeSource: api.VolumeSource{EmptyDir: &api.EmptyDirVolumeSource{}}},
},
Add TerminationMessagePolicy
2016-12-21 23:54:12 -05:00
Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File"}},
Kubelet kills a pod that exceeds ActiveDeadlineSeconds
2015-05-09 01:01:43 -04:00
RestartPolicy: api.RestartPolicyAlways,
NodeSelector: map[string]string{
"key": "value",
},
update PodSpec.Host to PodSpec.NodeName in /pkg/api/types.go and /pkg/api/v1beta3/types.go
2015-05-22 19:40:57 -04:00
NodeName: "foobar",
Kubelet kills a pod that exceeds ActiveDeadlineSeconds
2015-05-09 01:01:43 -04:00
DNSPolicy: api.DNSClusterFirst,
ActiveDeadlineSeconds: &activeDeadlineSeconds,
},
Active deadline seconds validation improvements
2017-05-30 14:57:06 -04:00
"active-deadline-seconds-too-large": {
Volumes: []api.Volume{
{Name: "vol", VolumeSource: api.VolumeSource{EmptyDir: &api.EmptyDirVolumeSource{}}},
},
Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File"}},
RestartPolicy: api.RestartPolicyAlways,
NodeSelector: map[string]string{
"key": "value",
},
NodeName: "foobar",
DNSPolicy: api.DNSClusterFirst,
ActiveDeadlineSeconds: &activeDeadlineSecondsTooLarge,
},
Validate pod spec.nodeName
2015-11-30 14:35:34 -05:00
"bad nodeName": {
NodeName: "node name",
Volumes: []api.Volume{{Name: "vol", VolumeSource: api.VolumeSource{EmptyDir: &api.EmptyDirVolumeSource{}}}},
Add TerminationMessagePolicy
2016-12-21 23:54:12 -05:00
Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File"}},
Validate pod spec.nodeName
2015-11-30 14:35:34 -05:00
RestartPolicy: api.RestartPolicyAlways,
DNSPolicy: api.DNSClusterFirst,
},
Add priority to Kubernetes API
2017-05-09 21:25:34 -04:00
"bad PriorityClassName": {
Volumes: []api.Volume{{Name: "vol", VolumeSource: api.VolumeSource{EmptyDir: &api.EmptyDirVolumeSource{}}}},
Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File"}},
RestartPolicy: api.RestartPolicyAlways,
DNSPolicy: api.DNSClusterFirst,
PriorityClassName: "InvalidName",
},
Beef up validation tests
2015-01-06 14:11:52 -05:00
}
for k, v := range failureCases {
Move FieldPath and errors to a sub-package This makes the naming and reading a lot simpler.
2015-11-06 18:30:52 -05:00
if errs := ValidatePodSpec(&v, field.NewPath("field")); len(errs) == 0 {
Beef up validation tests
2015-01-06 14:11:52 -05:00
t.Errorf("expected failure for %q", k)
}
}
Add priority to Kubernetes API
2017-05-09 21:25:34 -04:00
err = utilfeature.DefaultFeatureGate.Set("PodPriority=false")
if err != nil {
t.Errorf("Failed to disable feature gate for PodPriority: %v", err)
return
}
priority := int32(100)
featuregatedCases := map[string]api.PodSpec{
"set PriorityClassName": {
Volumes: []api.Volume{{Name: "vol", VolumeSource: api.VolumeSource{EmptyDir: &api.EmptyDirVolumeSource{}}}},
Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File"}},
RestartPolicy: api.RestartPolicyAlways,
DNSPolicy: api.DNSClusterFirst,
PriorityClassName: "valid-name",
},
"set Priority": {
Volumes: []api.Volume{{Name: "vol", VolumeSource: api.VolumeSource{EmptyDir: &api.EmptyDirVolumeSource{}}}},
Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File"}},
RestartPolicy: api.RestartPolicyAlways,
DNSPolicy: api.DNSClusterFirst,
Priority: &priority,
},
}
for k, v := range featuregatedCases {
if errs := ValidatePodSpec(&v, field.NewPath("field")); len(errs) == 0 {
t.Errorf("expected failure due to gated feature: %q", k)
}
}
Beef up validation tests
2015-01-06 14:11:52 -05:00
}
Update tests.
2017-02-07 09:08:45 -05:00
func extendPodSpecwithTolerations(in api.PodSpec, tolerations []api.Toleration) api.PodSpec {
var out api.PodSpec
out.Containers = in.Containers
out.RestartPolicy = in.RestartPolicy
out.DNSPolicy = in.DNSPolicy
out.Tolerations = tolerations
return out
}
Beef up validation tests
2015-01-06 14:11:52 -05:00
func TestValidatePod(t *testing.T) {
[scheduling] Moved pod affinity and anti-affinity from annotations to api fields. #25319
2016-12-08 10:14:21 -05:00
validPodSpec := func(affinity *api.Affinity) api.PodSpec {
spec := api.PodSpec{
Add TerminationMessagePolicy
2016-12-21 23:54:12 -05:00
Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File"}},
[scheduling] Moved pod affinity and anti-affinity from annotations to api fields. #25319
2016-12-08 10:14:21 -05:00
RestartPolicy: api.RestartPolicyAlways,
DNSPolicy: api.DNSClusterFirst,
}
if affinity != nil {
spec.Affinity = affinity
}
return spec
Validate AppArmor annotations in the API server
2016-08-16 19:41:05 -04:00
}
[scheduling] Moved pod affinity and anti-affinity from annotations to api fields. #25319
2016-12-08 10:14:21 -05:00
Beef up validation tests
2015-01-06 14:11:52 -05:00
successCases := []api.Pod{
{ // Basic fields.
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{Name: "123", Namespace: "ns"},
Beef up validation tests
2015-01-06 14:11:52 -05:00
Spec: api.PodSpec{
Embed VolumeSource in v1beta3 and internal.
2015-03-03 17:48:55 -05:00
Volumes: []api.Volume{{Name: "vol", VolumeSource: api.VolumeSource{EmptyDir: &api.EmptyDirVolumeSource{}}}},
Add TerminationMessagePolicy
2016-12-21 23:54:12 -05:00
Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File"}},
Convert RestartPolicy to string for v1beta3. Fixed #3607 and spiritually support #5475
2015-03-13 21:38:07 -04:00
RestartPolicy: api.RestartPolicyAlways,
Factor out API defaulting from validation logic Currently, the validation logic validates fields in an object and supply default values wherever applies. This change factors out defaulting to a set of defaulting callback functions for decoding (see #1502 for more discussion). * This change is based on pull request 2587. * Most defaulting has been migrated to defaults.go where the defaulting functions are added. * validation_test.go and converter_test.go have been adapted to not testing the default values. * Fixed all tests with that create invalid objects with the absence of defaulting logic.
2015-01-26 12:52:50 -05:00
DNSPolicy: api.DNSClusterFirst,
Introduce the simplest RestartPolicy and handling.
2014-08-26 14:25:17 -04:00
},
Add RestartPolicy to Pod and PodTemplate
2014-07-22 14:45:12 -04:00
},
Beef up validation tests
2015-01-06 14:11:52 -05:00
{ // Just about everything.
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{Name: "abc.123.do-re-mi", Namespace: "ns"},
Beef up validation tests
2015-01-06 14:11:52 -05:00
Spec: api.PodSpec{
Volumes: []api.Volume{
Embed VolumeSource in v1beta3 and internal.
2015-03-03 17:48:55 -05:00
{Name: "vol", VolumeSource: api.VolumeSource{EmptyDir: &api.EmptyDirVolumeSource{}}},
Beef up validation tests
2015-01-06 14:11:52 -05:00
},
Add TerminationMessagePolicy
2016-12-21 23:54:12 -05:00
Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File"}},
Convert RestartPolicy to string for v1beta3. Fixed #3607 and spiritually support #5475
2015-03-13 21:38:07 -04:00
RestartPolicy: api.RestartPolicyAlways,
Beef up validation tests
2015-01-06 14:11:52 -05:00
DNSPolicy: api.DNSClusterFirst,
NodeSelector: map[string]string{
"key": "value",
},
update PodSpec.Host to PodSpec.NodeName in /pkg/api/types.go and /pkg/api/v1beta3/types.go
2015-05-22 19:40:57 -04:00
NodeName: "foobar",
Refactor tests to split ObjectMeta from TypeMeta
2014-10-23 16:51:34 -04:00
},
Add RestartPolicy to Pod and PodTemplate
2014-07-22 14:45:12 -04:00
},
[scheduling] Moved node affinity from annotations to api fields. #35518
2016-11-30 11:51:12 -05:00
{ // Serialized node affinity requirements.
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
implement Node affinity and NodeSelector
2016-01-26 18:03:18 -05:00
Name: "123",
Namespace: "ns",
},
[scheduling] Moved pod affinity and anti-affinity from annotations to api fields. #25319
2016-12-08 10:14:21 -05:00
Spec: validPodSpec(
[scheduling] Moved node affinity from annotations to api fields. #35518
2016-11-30 11:51:12 -05:00
// TODO: Uncomment and move this block and move inside NodeAffinity once
// RequiredDuringSchedulingRequiredDuringExecution is implemented
// RequiredDuringSchedulingRequiredDuringExecution: &api.NodeSelector{
// NodeSelectorTerms: []api.NodeSelectorTerm{
// {
// MatchExpressions: []api.NodeSelectorRequirement{
// {
// Key: "key1",
// Operator: api.NodeSelectorOpExists
// },
// },
// },
// },
// },
[scheduling] Moved pod affinity and anti-affinity from annotations to api fields. #25319
2016-12-08 10:14:21 -05:00
&api.Affinity{
[scheduling] Moved node affinity from annotations to api fields. #35518
2016-11-30 11:51:12 -05:00
NodeAffinity: &api.NodeAffinity{
RequiredDuringSchedulingIgnoredDuringExecution: &api.NodeSelector{
NodeSelectorTerms: []api.NodeSelectorTerm{
{
MatchExpressions: []api.NodeSelectorRequirement{
{
Key: "key2",
Operator: api.NodeSelectorOpIn,
Values: []string{"value1", "value2"},
},
},
},
},
},
PreferredDuringSchedulingIgnoredDuringExecution: []api.PreferredSchedulingTerm{
{
Weight: 10,
Preference: api.NodeSelectorTerm{
MatchExpressions: []api.NodeSelectorRequirement{
{
Key: "foo",
Operator: api.NodeSelectorOpIn,
Values: []string{"bar"},
},
},
},
},
},
},
},
[scheduling] Moved pod affinity and anti-affinity from annotations to api fields. #25319
2016-12-08 10:14:21 -05:00
),
implement Node affinity and NodeSelector
2016-01-26 18:03:18 -05:00
},
implement inter pod topological affinity and anti-affinity
2016-05-04 02:50:31 -04:00
{ // Serialized pod affinity in affinity requirements in annotations.
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
implement inter pod topological affinity and anti-affinity
2016-05-04 02:50:31 -04:00
Name: "123",
Namespace: "ns",
// TODO: Uncomment and move this block into Annotations map once
// RequiredDuringSchedulingRequiredDuringExecution is implemented
// "requiredDuringSchedulingRequiredDuringExecution": [{
// "labelSelector": {
// "matchExpressions": [{
// "key": "key2",
// "operator": "In",
// "values": ["value1", "value2"]
// }]
// },
// "namespaces":["ns"],
// "topologyKey": "zone"
// }]
[scheduling] Moved pod affinity and anti-affinity from annotations to api fields. #25319
2016-12-08 10:14:21 -05:00
},
Spec: validPodSpec(&api.Affinity{
PodAffinity: &api.PodAffinity{
RequiredDuringSchedulingIgnoredDuringExecution: []api.PodAffinityTerm{
{
LabelSelector: &metav1.LabelSelector{
MatchExpressions: []metav1.LabelSelectorRequirement{
{
Key: "key2",
Operator: metav1.LabelSelectorOpIn,
Values: []string{"value1", "value2"},
},
},
implement inter pod topological affinity and anti-affinity
2016-05-04 02:50:31 -04:00
},
[scheduling] Moved pod affinity and anti-affinity from annotations to api fields. #25319
2016-12-08 10:14:21 -05:00
TopologyKey: "zone",
Namespaces: []string{"ns"},
},
},
PreferredDuringSchedulingIgnoredDuringExecution: []api.WeightedPodAffinityTerm{
{
Weight: 10,
PodAffinityTerm: api.PodAffinityTerm{
LabelSelector: &metav1.LabelSelector{
MatchExpressions: []metav1.LabelSelectorRequirement{
{
Key: "key2",
Operator: metav1.LabelSelectorOpNotIn,
Values: []string{"value1", "value2"},
},
},
implement inter pod topological affinity and anti-affinity
2016-05-04 02:50:31 -04:00
},
[scheduling] Moved pod affinity and anti-affinity from annotations to api fields. #25319
2016-12-08 10:14:21 -05:00
Namespaces: []string{"ns"},
TopologyKey: "region",
},
},
},
implement inter pod topological affinity and anti-affinity
2016-05-04 02:50:31 -04:00
},
[scheduling] Moved pod affinity and anti-affinity from annotations to api fields. #25319
2016-12-08 10:14:21 -05:00
}),
Fix tests in validation_test Some tests expect the error cases to fail for a specific reason, but they could fail for other reasons and still pass. This caused some changes to break the tests without noticing the breakage. Example are the recent defaulting PR This change fixes such tests and also updates some obsolete tests.
2015-02-04 18:44:46 -05:00
},
implement inter pod topological affinity and anti-affinity
2016-05-04 02:50:31 -04:00
{ // Serialized pod anti affinity with different Label Operators in affinity requirements in annotations.
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
implement inter pod topological affinity and anti-affinity
2016-05-04 02:50:31 -04:00
Name: "123",
Added validation for annotations
2015-01-24 09:36:22 -05:00
Namespace: "ns",
implement inter pod topological affinity and anti-affinity
2016-05-04 02:50:31 -04:00
// TODO: Uncomment and move this block into Annotations map once
// RequiredDuringSchedulingRequiredDuringExecution is implemented
// "requiredDuringSchedulingRequiredDuringExecution": [{
// "labelSelector": {
// "matchExpressions": [{
// "key": "key2",
// "operator": "In",
// "values": ["value1", "value2"]
// }]
// },
// "namespaces":["ns"],
// "topologyKey": "zone"
// }]
[scheduling] Moved pod affinity and anti-affinity from annotations to api fields. #25319
2016-12-08 10:14:21 -05:00
},
Spec: validPodSpec(&api.Affinity{
PodAntiAffinity: &api.PodAntiAffinity{
RequiredDuringSchedulingIgnoredDuringExecution: []api.PodAffinityTerm{
{
LabelSelector: &metav1.LabelSelector{
MatchExpressions: []metav1.LabelSelectorRequirement{
{
Key: "key2",
Operator: metav1.LabelSelectorOpExists,
},
},
implement inter pod topological affinity and anti-affinity
2016-05-04 02:50:31 -04:00
},
[scheduling] Moved pod affinity and anti-affinity from annotations to api fields. #25319
2016-12-08 10:14:21 -05:00
TopologyKey: "zone",
Namespaces: []string{"ns"},
},
},
PreferredDuringSchedulingIgnoredDuringExecution: []api.WeightedPodAffinityTerm{
{
Weight: 10,
PodAffinityTerm: api.PodAffinityTerm{
LabelSelector: &metav1.LabelSelector{
MatchExpressions: []metav1.LabelSelectorRequirement{
{
Key: "key2",
Operator: metav1.LabelSelectorOpDoesNotExist,
},
},
implement inter pod topological affinity and anti-affinity
2016-05-04 02:50:31 -04:00
},
[scheduling] Moved pod affinity and anti-affinity from annotations to api fields. #25319
2016-12-08 10:14:21 -05:00
Namespaces: []string{"ns"},
TopologyKey: "region",
},
},
},
Added validation for annotations
2015-01-24 09:36:22 -05:00
},
[scheduling] Moved pod affinity and anti-affinity from annotations to api fields. #25319
2016-12-08 10:14:21 -05:00
}),
Added validation for annotations
2015-01-24 09:36:22 -05:00
},
api changes of forgiveness phase1
2017-01-04 06:45:50 -05:00
{ // populate forgiveness tolerations with exists operator in annotations.
ObjectMeta: metav1.ObjectMeta{
Name: "123",
Namespace: "ns",
},
Update tests.
2017-02-07 09:08:45 -05:00
Spec: extendPodSpecwithTolerations(validPodSpec(nil), []api.Toleration{{Key: "foo", Operator: "Exists", Value: "", Effect: "NoExecute", TolerationSeconds: &[]int64{60}[0]}}),
api changes of forgiveness phase1
2017-01-04 06:45:50 -05:00
},
{ // populate forgiveness tolerations with equal operator in annotations.
ObjectMeta: metav1.ObjectMeta{
Name: "123",
Namespace: "ns",
},
Update tests.
2017-02-07 09:08:45 -05:00
Spec: extendPodSpecwithTolerations(validPodSpec(nil), []api.Toleration{{Key: "foo", Operator: "Equal", Value: "bar", Effect: "NoExecute", TolerationSeconds: &[]int64{60}[0]}}),
api changes of forgiveness phase1
2017-01-04 06:45:50 -05:00
},
implement taints and tolerations
2016-03-30 23:42:57 -04:00
{ // populate tolerations equal operator in annotations.
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
implement taints and tolerations
2016-03-30 23:42:57 -04:00
Name: "123",
Namespace: "ns",
},
Update tests.
2017-02-07 09:08:45 -05:00
Spec: extendPodSpecwithTolerations(validPodSpec(nil), []api.Toleration{{Key: "foo", Operator: "Equal", Value: "bar", Effect: "NoSchedule"}}),
implement taints and tolerations
2016-03-30 23:42:57 -04:00
},
{ // populate tolerations exists operator in annotations.
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
implement taints and tolerations
2016-03-30 23:42:57 -04:00
Name: "123",
Namespace: "ns",
},
[scheduling] Moved pod affinity and anti-affinity from annotations to api fields. #25319
2016-12-08 10:14:21 -05:00
Spec: validPodSpec(nil),
implement taints and tolerations
2016-03-30 23:42:57 -04:00
},
api changes of forgiveness phase1
2017-01-04 06:45:50 -05:00
{ // empty key with Exists operator is OK for toleration, empty toleration key means match all taint keys.
ObjectMeta: metav1.ObjectMeta{
Name: "123",
Namespace: "ns",
},
Update tests.
2017-02-07 09:08:45 -05:00
Spec: extendPodSpecwithTolerations(validPodSpec(nil), []api.Toleration{{Operator: "Exists", Effect: "NoSchedule"}}),
api changes of forgiveness phase1
2017-01-04 06:45:50 -05:00
},
{ // empty operator is OK for toleration, defaults to Equal.
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
implement taints and tolerations
2016-03-30 23:42:57 -04:00
Name: "123",
Namespace: "ns",
},
Update tests.
2017-02-07 09:08:45 -05:00
Spec: extendPodSpecwithTolerations(validPodSpec(nil), []api.Toleration{{Key: "foo", Value: "bar", Effect: "NoSchedule"}}),
implement taints and tolerations
2016-03-30 23:42:57 -04:00
},
api changes of forgiveness phase1
2017-01-04 06:45:50 -05:00
{ // empty effect is OK for toleration, empty toleration effect means match all taint effects.
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
implement taints and tolerations
2016-03-30 23:42:57 -04:00
Name: "123",
Namespace: "ns",
},
Update tests.
2017-02-07 09:08:45 -05:00
Spec: extendPodSpecwithTolerations(validPodSpec(nil), []api.Toleration{{Key: "foo", Operator: "Equal", Value: "bar"}}),
implement taints and tolerations
2016-03-30 23:42:57 -04:00
},
api changes of forgiveness phase1
2017-01-04 06:45:50 -05:00
{ // negative tolerationSeconds is OK for toleration.
ObjectMeta: metav1.ObjectMeta{
Name: "pod-forgiveness-invalid",
Namespace: "ns",
},
Update tests.
2017-02-07 09:08:45 -05:00
Spec: extendPodSpecwithTolerations(validPodSpec(nil), []api.Toleration{{Key: "node.alpha.kubernetes.io/notReady", Operator: "Exists", Effect: "NoExecute", TolerationSeconds: &[]int64{-2}[0]}}),
api changes of forgiveness phase1
2017-01-04 06:45:50 -05:00
},
Move seccomp annotation validation into api/validation
2016-06-10 04:02:36 -04:00
{ // docker default seccomp profile
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Move seccomp annotation validation into api/validation
2016-06-10 04:02:36 -04:00
Name: "123",
Namespace: "ns",
Annotations: map[string]string{
api.SeccompPodAnnotationKey: "docker/default",
},
},
[scheduling] Moved pod affinity and anti-affinity from annotations to api fields. #25319
2016-12-08 10:14:21 -05:00
Spec: validPodSpec(nil),
Move seccomp annotation validation into api/validation
2016-06-10 04:02:36 -04:00
},
{ // unconfined seccomp profile
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Move seccomp annotation validation into api/validation
2016-06-10 04:02:36 -04:00
Name: "123",
Namespace: "ns",
Annotations: map[string]string{
api.SeccompPodAnnotationKey: "unconfined",
},
},
[scheduling] Moved pod affinity and anti-affinity from annotations to api fields. #25319
2016-12-08 10:14:21 -05:00
Spec: validPodSpec(nil),
Move seccomp annotation validation into api/validation
2016-06-10 04:02:36 -04:00
},
{ // localhost seccomp profile
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Move seccomp annotation validation into api/validation
2016-06-10 04:02:36 -04:00
Name: "123",
Namespace: "ns",
Annotations: map[string]string{
api.SeccompPodAnnotationKey: "localhost/foo",
},
},
[scheduling] Moved pod affinity and anti-affinity from annotations to api fields. #25319
2016-12-08 10:14:21 -05:00
Spec: validPodSpec(nil),
Move seccomp annotation validation into api/validation
2016-06-10 04:02:36 -04:00
},
{ // localhost seccomp profile for a container
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Move seccomp annotation validation into api/validation
2016-06-10 04:02:36 -04:00
Name: "123",
Namespace: "ns",
Annotations: map[string]string{
api.SeccompContainerAnnotationKeyPrefix + "foo": "localhost/foo",
},
},
[scheduling] Moved pod affinity and anti-affinity from annotations to api fields. #25319
2016-12-08 10:14:21 -05:00
Spec: validPodSpec(nil),
Validate AppArmor annotations in the API server
2016-08-16 19:41:05 -04:00
},
{ // default AppArmor profile for a container
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Validate AppArmor annotations in the API server
2016-08-16 19:41:05 -04:00
Name: "123",
Namespace: "ns",
Annotations: map[string]string{
apparmor.ContainerAnnotationKeyPrefix + "ctr": apparmor.ProfileRuntimeDefault,
},
},
[scheduling] Moved pod affinity and anti-affinity from annotations to api fields. #25319
2016-12-08 10:14:21 -05:00
Spec: validPodSpec(nil),
Validate AppArmor annotations in the API server
2016-08-16 19:41:05 -04:00
},
{ // default AppArmor profile for an init container
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Validate AppArmor annotations in the API server
2016-08-16 19:41:05 -04:00
Name: "123",
Namespace: "ns",
Annotations: map[string]string{
apparmor.ContainerAnnotationKeyPrefix + "init-ctr": apparmor.ProfileRuntimeDefault,
},
},
Move seccomp annotation validation into api/validation
2016-06-10 04:02:36 -04:00
Spec: api.PodSpec{
Add TerminationMessagePolicy
2016-12-21 23:54:12 -05:00
InitContainers: []api.Container{{Name: "init-ctr", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File"}},
Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File"}},
Validate AppArmor annotations in the API server
2016-08-16 19:41:05 -04:00
RestartPolicy: api.RestartPolicyAlways,
DNSPolicy: api.DNSClusterFirst,
},
},
{ // localhost AppArmor profile for a container
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Validate AppArmor annotations in the API server
2016-08-16 19:41:05 -04:00
Name: "123",
Namespace: "ns",
Annotations: map[string]string{
apparmor.ContainerAnnotationKeyPrefix + "ctr": apparmor.ProfileNamePrefix + "foo",
},
Move seccomp annotation validation into api/validation
2016-06-10 04:02:36 -04:00
},
[scheduling] Moved pod affinity and anti-affinity from annotations to api fields. #25319
2016-12-08 10:14:21 -05:00
Spec: validPodSpec(nil),
Move seccomp annotation validation into api/validation
2016-06-10 04:02:36 -04:00
},
Add sysctl api, validation & Docker support
2016-06-14 09:09:53 -04:00
{ // syntactically valid sysctls
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Add sysctl api, validation & Docker support
2016-06-14 09:09:53 -04:00
Name: "123",
Namespace: "ns",
Annotations: map[string]string{
api.SysctlsPodAnnotationKey: "kernel.shmmni=32768,kernel.shmmax=1000000000",
api.UnsafeSysctlsPodAnnotationKey: "knet.ipv4.route.min_pmtu=1000",
},
},
[scheduling] Moved pod affinity and anti-affinity from annotations to api fields. #25319
2016-12-08 10:14:21 -05:00
Spec: validPodSpec(nil),
Add sysctl api, validation & Docker support
2016-06-14 09:09:53 -04:00
},
Support opaque integer resource accounting. - Prevents kubelet from overwriting capacity during sync. - Handles opaque integer resources in the scheduler. - Adds scheduler predicate tests for opaque resources. - Validates opaque int resources: - Ensures supplied opaque int quantities in node capacity, node allocatable, pod request and pod limit are integers. - Adds tests for new validation logic (node update and pod spec). - Added e2e tests for opaque integer resources.
2016-09-26 11:11:31 -04:00
{ // valid opaque integer resources for init container
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{Name: "valid-opaque-int", Namespace: "ns"},
Support opaque integer resource accounting. - Prevents kubelet from overwriting capacity during sync. - Handles opaque integer resources in the scheduler. - Adds scheduler predicate tests for opaque resources. - Validates opaque int resources: - Ensures supplied opaque int quantities in node capacity, node allocatable, pod request and pod limit are integers. - Adds tests for new validation logic (node update and pod spec). - Added e2e tests for opaque integer resources.
2016-09-26 11:11:31 -04:00
Spec: api.PodSpec{
InitContainers: []api.Container{
{
Name: "valid-opaque-int",
Image: "image",
ImagePullPolicy: "IfNotPresent",
Resources: api.ResourceRequirements{
Requests: api.ResourceList{
move helpers.go to helper
2017-04-10 13:49:54 -04:00
helper.OpaqueIntResourceName("A"): resource.MustParse("10"),
Support opaque integer resource accounting. - Prevents kubelet from overwriting capacity during sync. - Handles opaque integer resources in the scheduler. - Adds scheduler predicate tests for opaque resources. - Validates opaque int resources: - Ensures supplied opaque int quantities in node capacity, node allocatable, pod request and pod limit are integers. - Adds tests for new validation logic (node update and pod spec). - Added e2e tests for opaque integer resources.
2016-09-26 11:11:31 -04:00
},
Limits: api.ResourceList{
move helpers.go to helper
2017-04-10 13:49:54 -04:00
helper.OpaqueIntResourceName("A"): resource.MustParse("20"),
Support opaque integer resource accounting. - Prevents kubelet from overwriting capacity during sync. - Handles opaque integer resources in the scheduler. - Adds scheduler predicate tests for opaque resources. - Validates opaque int resources: - Ensures supplied opaque int quantities in node capacity, node allocatable, pod request and pod limit are integers. - Adds tests for new validation logic (node update and pod spec). - Added e2e tests for opaque integer resources.
2016-09-26 11:11:31 -04:00
},
},
Add TerminationMessagePolicy
2016-12-21 23:54:12 -05:00
TerminationMessagePolicy: "File",
Support opaque integer resource accounting. - Prevents kubelet from overwriting capacity during sync. - Handles opaque integer resources in the scheduler. - Adds scheduler predicate tests for opaque resources. - Validates opaque int resources: - Ensures supplied opaque int quantities in node capacity, node allocatable, pod request and pod limit are integers. - Adds tests for new validation logic (node update and pod spec). - Added e2e tests for opaque integer resources.
2016-09-26 11:11:31 -04:00
},
},
Add TerminationMessagePolicy
2016-12-21 23:54:12 -05:00
Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File"}},
Support opaque integer resource accounting. - Prevents kubelet from overwriting capacity during sync. - Handles opaque integer resources in the scheduler. - Adds scheduler predicate tests for opaque resources. - Validates opaque int resources: - Ensures supplied opaque int quantities in node capacity, node allocatable, pod request and pod limit are integers. - Adds tests for new validation logic (node update and pod spec). - Added e2e tests for opaque integer resources.
2016-09-26 11:11:31 -04:00
RestartPolicy: api.RestartPolicyAlways,
DNSPolicy: api.DNSClusterFirst,
},
},
{ // valid opaque integer resources for regular container
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{Name: "valid-opaque-int", Namespace: "ns"},
Support opaque integer resource accounting. - Prevents kubelet from overwriting capacity during sync. - Handles opaque integer resources in the scheduler. - Adds scheduler predicate tests for opaque resources. - Validates opaque int resources: - Ensures supplied opaque int quantities in node capacity, node allocatable, pod request and pod limit are integers. - Adds tests for new validation logic (node update and pod spec). - Added e2e tests for opaque integer resources.
2016-09-26 11:11:31 -04:00
Spec: api.PodSpec{
Add TerminationMessagePolicy
2016-12-21 23:54:12 -05:00
InitContainers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File"}},
Support opaque integer resource accounting. - Prevents kubelet from overwriting capacity during sync. - Handles opaque integer resources in the scheduler. - Adds scheduler predicate tests for opaque resources. - Validates opaque int resources: - Ensures supplied opaque int quantities in node capacity, node allocatable, pod request and pod limit are integers. - Adds tests for new validation logic (node update and pod spec). - Added e2e tests for opaque integer resources.
2016-09-26 11:11:31 -04:00
Containers: []api.Container{
{
Name: "valid-opaque-int",
Image: "image",
ImagePullPolicy: "IfNotPresent",
Resources: api.ResourceRequirements{
Requests: api.ResourceList{
move helpers.go to helper
2017-04-10 13:49:54 -04:00
helper.OpaqueIntResourceName("A"): resource.MustParse("10"),
Support opaque integer resource accounting. - Prevents kubelet from overwriting capacity during sync. - Handles opaque integer resources in the scheduler. - Adds scheduler predicate tests for opaque resources. - Validates opaque int resources: - Ensures supplied opaque int quantities in node capacity, node allocatable, pod request and pod limit are integers. - Adds tests for new validation logic (node update and pod spec). - Added e2e tests for opaque integer resources.
2016-09-26 11:11:31 -04:00
},
Limits: api.ResourceList{
move helpers.go to helper
2017-04-10 13:49:54 -04:00
helper.OpaqueIntResourceName("A"): resource.MustParse("20"),
Support opaque integer resource accounting. - Prevents kubelet from overwriting capacity during sync. - Handles opaque integer resources in the scheduler. - Adds scheduler predicate tests for opaque resources. - Validates opaque int resources: - Ensures supplied opaque int quantities in node capacity, node allocatable, pod request and pod limit are integers. - Adds tests for new validation logic (node update and pod spec). - Added e2e tests for opaque integer resources.
2016-09-26 11:11:31 -04:00
},
},
Add TerminationMessagePolicy
2016-12-21 23:54:12 -05:00
TerminationMessagePolicy: "File",
Support opaque integer resource accounting. - Prevents kubelet from overwriting capacity during sync. - Handles opaque integer resources in the scheduler. - Adds scheduler predicate tests for opaque resources. - Validates opaque int resources: - Ensures supplied opaque int quantities in node capacity, node allocatable, pod request and pod limit are integers. - Adds tests for new validation logic (node update and pod spec). - Added e2e tests for opaque integer resources.
2016-09-26 11:11:31 -04:00
},
},
RestartPolicy: api.RestartPolicyAlways,
DNSPolicy: api.DNSClusterFirst,
},
},
implement inter pod topological affinity and anti-affinity
2016-05-04 02:50:31 -04:00
}
for _, pod := range successCases {
if errs := ValidatePod(&pod); len(errs) != 0 {
t.Errorf("expected success: %v", errs)
}
}
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
errorCases := map[string]struct {
spec api.Pod
expectedError string
}{
implement taints and tolerations
2016-03-30 23:42:57 -04:00
"bad name": {
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
expectedError: "metadata.name",
spec: api.Pod{
ObjectMeta: metav1.ObjectMeta{Name: "", Namespace: "ns"},
Spec: api.PodSpec{
RestartPolicy: api.RestartPolicyAlways,
DNSPolicy: api.DNSClusterFirst,
Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File"}},
},
implement taints and tolerations
2016-03-30 23:42:57 -04:00
},
},
image name may not have leading or trailing whitespace
2017-06-14 19:52:31 -04:00
"image whitespace": {
expectedError: "spec.containers[0].image",
spec: api.Pod{
ObjectMeta: metav1.ObjectMeta{Name: "abc", Namespace: "ns"},
Spec: api.PodSpec{
RestartPolicy: api.RestartPolicyAlways,
DNSPolicy: api.DNSClusterFirst,
Containers: []api.Container{{Name: "ctr", Image: " ", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File"}},
},
},
},
"image leading and trailing whitespace": {
expectedError: "spec.containers[0].image",
spec: api.Pod{
ObjectMeta: metav1.ObjectMeta{Name: "abc", Namespace: "ns"},
Spec: api.PodSpec{
RestartPolicy: api.RestartPolicyAlways,
DNSPolicy: api.DNSClusterFirst,
Containers: []api.Container{{Name: "ctr", Image: " something ", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File"}},
},
},
},
implement taints and tolerations
2016-03-30 23:42:57 -04:00
"bad namespace": {
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
expectedError: "metadata.namespace",
spec: api.Pod{
ObjectMeta: metav1.ObjectMeta{Name: "abc", Namespace: ""},
Spec: api.PodSpec{
RestartPolicy: api.RestartPolicyAlways,
DNSPolicy: api.DNSClusterFirst,
Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File"}},
},
implement taints and tolerations
2016-03-30 23:42:57 -04:00
},
},
"bad spec": {
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
expectedError: "spec.containers[0].name",
spec: api.Pod{
ObjectMeta: metav1.ObjectMeta{Name: "abc", Namespace: "ns"},
Spec: api.PodSpec{
Containers: []api.Container{{}},
},
implement taints and tolerations
2016-03-30 23:42:57 -04:00
},
},
"bad label": {
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
expectedError: "NoUppercaseOrSpecialCharsLike=Equals",
spec: api.Pod{
ObjectMeta: metav1.ObjectMeta{
Name: "abc",
Namespace: "ns",
Labels: map[string]string{
"NoUppercaseOrSpecialCharsLike=Equals": "bar",
},
},
Spec: api.PodSpec{
RestartPolicy: api.RestartPolicyAlways,
DNSPolicy: api.DNSClusterFirst,
Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File"}},
implement taints and tolerations
2016-03-30 23:42:57 -04:00
},
},
},
[scheduling] Moved node affinity from annotations to api fields. #35518
2016-11-30 11:51:12 -05:00
"invalid node selector requirement in node affinity, operator can't be null": {
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
expectedError: "spec.affinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].operator",
spec: api.Pod{
ObjectMeta: metav1.ObjectMeta{
Name: "123",
Namespace: "ns",
},
Spec: validPodSpec(&api.Affinity{
NodeAffinity: &api.NodeAffinity{
RequiredDuringSchedulingIgnoredDuringExecution: &api.NodeSelector{
NodeSelectorTerms: []api.NodeSelectorTerm{
{
MatchExpressions: []api.NodeSelectorRequirement{
{
Key: "key1",
},
[scheduling] Moved node affinity from annotations to api fields. #35518
2016-11-30 11:51:12 -05:00
},
},
},
},
},
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
}),
},
implement Node affinity and NodeSelector
2016-01-26 18:03:18 -05:00
},
[scheduling] Moved node affinity from annotations to api fields. #35518
2016-11-30 11:51:12 -05:00
"invalid preferredSchedulingTerm in node affinity, weight should be in range 1-100": {
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
expectedError: "must be in the range 1-100",
spec: api.Pod{
ObjectMeta: metav1.ObjectMeta{
Name: "123",
Namespace: "ns",
},
Spec: validPodSpec(&api.Affinity{
NodeAffinity: &api.NodeAffinity{
PreferredDuringSchedulingIgnoredDuringExecution: []api.PreferredSchedulingTerm{
{
Weight: 199,
Preference: api.NodeSelectorTerm{
MatchExpressions: []api.NodeSelectorRequirement{
{
Key: "foo",
Operator: api.NodeSelectorOpIn,
Values: []string{"bar"},
},
[scheduling] Moved node affinity from annotations to api fields. #35518
2016-11-30 11:51:12 -05:00
},
},
},
},
},
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
}),
},
implement Node affinity and NodeSelector
2016-01-26 18:03:18 -05:00
},
Comment out NodeAffinity.RequiredDuringSchedulingRequiredDuringExecution because it is not yet implemented.
2016-02-11 02:06:33 -05:00
"invalid requiredDuringSchedulingIgnoredDuringExecution node selector, nodeSelectorTerms must have at least one term": {
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
expectedError: "spec.affinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms",
spec: api.Pod{
ObjectMeta: metav1.ObjectMeta{
Name: "123",
Namespace: "ns",
implement Node affinity and NodeSelector
2016-01-26 18:03:18 -05:00
},
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
Spec: validPodSpec(&api.Affinity{
NodeAffinity: &api.NodeAffinity{
RequiredDuringSchedulingIgnoredDuringExecution: &api.NodeSelector{
NodeSelectorTerms: []api.NodeSelectorTerm{},
},
},
}),
},
implement Node affinity and NodeSelector
2016-01-26 18:03:18 -05:00
},
Comment out NodeAffinity.RequiredDuringSchedulingRequiredDuringExecution because it is not yet implemented.
2016-02-11 02:06:33 -05:00
"invalid requiredDuringSchedulingIgnoredDuringExecution node selector term, matchExpressions must have at least one node selector requirement": {
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
expectedError: "spec.affinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions",
spec: api.Pod{
ObjectMeta: metav1.ObjectMeta{
Name: "123",
Namespace: "ns",
},
Spec: validPodSpec(&api.Affinity{
NodeAffinity: &api.NodeAffinity{
RequiredDuringSchedulingIgnoredDuringExecution: &api.NodeSelector{
NodeSelectorTerms: []api.NodeSelectorTerm{
{
MatchExpressions: []api.NodeSelectorRequirement{},
},
[scheduling] Moved node affinity from annotations to api fields. #35518
2016-11-30 11:51:12 -05:00
},
implement Node affinity and NodeSelector
2016-01-26 18:03:18 -05:00
},
[scheduling] Moved node affinity from annotations to api fields. #35518
2016-11-30 11:51:12 -05:00
},
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
}),
},
implement Node affinity and NodeSelector
2016-01-26 18:03:18 -05:00
},
implement inter pod topological affinity and anti-affinity
2016-05-04 02:50:31 -04:00
"invalid weight in preferredDuringSchedulingIgnoredDuringExecution in pod affinity annotations, weight should be in range 1-100": {
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
expectedError: "must be in the range 1-100",
spec: api.Pod{
ObjectMeta: metav1.ObjectMeta{
Name: "123",
Namespace: "ns",
},
Spec: validPodSpec(&api.Affinity{
PodAffinity: &api.PodAffinity{
PreferredDuringSchedulingIgnoredDuringExecution: []api.WeightedPodAffinityTerm{
{
Weight: 109,
PodAffinityTerm: api.PodAffinityTerm{
LabelSelector: &metav1.LabelSelector{
MatchExpressions: []metav1.LabelSelectorRequirement{
{
Key: "key2",
Operator: metav1.LabelSelectorOpNotIn,
Values: []string{"value1", "value2"},
},
[scheduling] Moved pod affinity and anti-affinity from annotations to api fields. #25319
2016-12-08 10:14:21 -05:00
},
},
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
Namespaces: []string{"ns"},
TopologyKey: "region",
[scheduling] Moved pod affinity and anti-affinity from annotations to api fields. #25319
2016-12-08 10:14:21 -05:00
},
implement inter pod topological affinity and anti-affinity
2016-05-04 02:50:31 -04:00
},
[scheduling] Moved pod affinity and anti-affinity from annotations to api fields. #25319
2016-12-08 10:14:21 -05:00
},
},
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
}),
},
implement inter pod topological affinity and anti-affinity
2016-05-04 02:50:31 -04:00
},
"invalid labelSelector in preferredDuringSchedulingIgnoredDuringExecution in podaffinity annotations, values should be empty if the operator is Exists": {
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
expectedError: "spec.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[0].podAffinityTerm.matchExpressions.matchExpressions[0].values",
spec: api.Pod{
ObjectMeta: metav1.ObjectMeta{
Name: "123",
Namespace: "ns",
},
Spec: validPodSpec(&api.Affinity{
PodAntiAffinity: &api.PodAntiAffinity{
PreferredDuringSchedulingIgnoredDuringExecution: []api.WeightedPodAffinityTerm{
{
Weight: 10,
PodAffinityTerm: api.PodAffinityTerm{
LabelSelector: &metav1.LabelSelector{
MatchExpressions: []metav1.LabelSelectorRequirement{
{
Key: "key2",
Operator: metav1.LabelSelectorOpExists,
Values: []string{"value1", "value2"},
},
[scheduling] Moved pod affinity and anti-affinity from annotations to api fields. #25319
2016-12-08 10:14:21 -05:00
},
},
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
Namespaces: []string{"ns"},
TopologyKey: "region",
[scheduling] Moved pod affinity and anti-affinity from annotations to api fields. #25319
2016-12-08 10:14:21 -05:00
},
implement inter pod topological affinity and anti-affinity
2016-05-04 02:50:31 -04:00
},
[scheduling] Moved pod affinity and anti-affinity from annotations to api fields. #25319
2016-12-08 10:14:21 -05:00
},
},
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
}),
},
implement inter pod topological affinity and anti-affinity
2016-05-04 02:50:31 -04:00
},
"invalid name space in preferredDuringSchedulingIgnoredDuringExecution in podaffinity annotations, name space shouldbe valid": {
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
expectedError: "spec.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[0].podAffinityTerm.namespace",
spec: api.Pod{
ObjectMeta: metav1.ObjectMeta{
Name: "123",
Namespace: "ns",
},
Spec: validPodSpec(&api.Affinity{
PodAffinity: &api.PodAffinity{
PreferredDuringSchedulingIgnoredDuringExecution: []api.WeightedPodAffinityTerm{
{
Weight: 10,
PodAffinityTerm: api.PodAffinityTerm{
LabelSelector: &metav1.LabelSelector{
MatchExpressions: []metav1.LabelSelectorRequirement{
{
Key: "key2",
Operator: metav1.LabelSelectorOpExists,
},
[scheduling] Moved pod affinity and anti-affinity from annotations to api fields. #25319
2016-12-08 10:14:21 -05:00
},
},
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
Namespaces: []string{"INVALID_NAMESPACE"},
TopologyKey: "region",
[scheduling] Moved pod affinity and anti-affinity from annotations to api fields. #25319
2016-12-08 10:14:21 -05:00
},
implement inter pod topological affinity and anti-affinity
2016-05-04 02:50:31 -04:00
},
[scheduling] Moved pod affinity and anti-affinity from annotations to api fields. #25319
2016-12-08 10:14:21 -05:00
},
},
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
}),
},
implement inter pod topological affinity and anti-affinity
2016-05-04 02:50:31 -04:00
},
Do not allow empty topology key for pod affinities.
2017-08-01 15:03:51 -04:00
"invalid hard pod affinity, empty topologyKey is not allowed for hard pod affinity": {
expectedError: "can not be empty",
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
spec: api.Pod{
ObjectMeta: metav1.ObjectMeta{
Name: "123",
Namespace: "ns",
},
Spec: validPodSpec(&api.Affinity{
PodAffinity: &api.PodAffinity{
RequiredDuringSchedulingIgnoredDuringExecution: []api.PodAffinityTerm{
{
LabelSelector: &metav1.LabelSelector{
MatchExpressions: []metav1.LabelSelectorRequirement{
{
Key: "key2",
Operator: metav1.LabelSelectorOpIn,
Values: []string{"value1", "value2"},
},
[scheduling] Moved pod affinity and anti-affinity from annotations to api fields. #25319
2016-12-08 10:14:21 -05:00
},
},
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
Namespaces: []string{"ns"},
implement inter pod topological affinity and anti-affinity
2016-05-04 02:50:31 -04:00
},
[scheduling] Moved pod affinity and anti-affinity from annotations to api fields. #25319
2016-12-08 10:14:21 -05:00
},
},
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
}),
},
implement inter pod topological affinity and anti-affinity
2016-05-04 02:50:31 -04:00
},
Do not allow empty topology key for pod affinities.
2017-08-01 15:03:51 -04:00
"invalid hard pod anti-affinity, empty topologyKey is not allowed for hard pod anti-affinity": {
expectedError: "can not be empty",
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
spec: api.Pod{
ObjectMeta: metav1.ObjectMeta{
Name: "123",
Namespace: "ns",
implement inter pod topological affinity and anti-affinity
2016-05-04 02:50:31 -04:00
},
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
Spec: validPodSpec(&api.Affinity{
PodAntiAffinity: &api.PodAntiAffinity{
RequiredDuringSchedulingIgnoredDuringExecution: []api.PodAffinityTerm{
{
[scheduling] Moved pod affinity and anti-affinity from annotations to api fields. #25319
2016-12-08 10:14:21 -05:00
LabelSelector: &metav1.LabelSelector{
MatchExpressions: []metav1.LabelSelectorRequirement{
{
Key: "key2",
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
Operator: metav1.LabelSelectorOpIn,
[scheduling] Moved pod affinity and anti-affinity from annotations to api fields. #25319
2016-12-08 10:14:21 -05:00
Values: []string{"value1", "value2"},
},
},
},
Namespaces: []string{"ns"},
implement inter pod topological affinity and anti-affinity
2016-05-04 02:50:31 -04:00
},
[scheduling] Moved pod affinity and anti-affinity from annotations to api fields. #25319
2016-12-08 10:14:21 -05:00
},
},
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
}),
},
},
Do not allow empty topology key for pod affinities.
2017-08-01 15:03:51 -04:00
"invalid soft pod affinity, empty topologyKey is not allowed for soft pod affinity": {
expectedError: "can not be empty",
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
spec: api.Pod{
ObjectMeta: metav1.ObjectMeta{
Name: "123",
Namespace: "ns",
implement inter pod topological affinity and anti-affinity
2016-05-04 02:50:31 -04:00
},
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
Spec: validPodSpec(&api.Affinity{
PodAffinity: &api.PodAffinity{
PreferredDuringSchedulingIgnoredDuringExecution: []api.WeightedPodAffinityTerm{
{
Weight: 10,
PodAffinityTerm: api.PodAffinityTerm{
LabelSelector: &metav1.LabelSelector{
MatchExpressions: []metav1.LabelSelectorRequirement{
{
Key: "key2",
Operator: metav1.LabelSelectorOpNotIn,
Values: []string{"value1", "value2"},
},
},
},
Namespaces: []string{"ns"},
},
},
},
},
}),
},
implement inter pod topological affinity and anti-affinity
2016-05-04 02:50:31 -04:00
},
Do not allow empty topology key for pod affinities.
2017-08-01 15:03:51 -04:00
"invalid soft pod anti-affinity, empty topologyKey is not allowed for soft pod anti-affinity": {
expectedError: "can not be empty",
spec: api.Pod{
ObjectMeta: metav1.ObjectMeta{
Name: "123",
Namespace: "ns",
},
Spec: validPodSpec(&api.Affinity{
PodAntiAffinity: &api.PodAntiAffinity{
PreferredDuringSchedulingIgnoredDuringExecution: []api.WeightedPodAffinityTerm{
{
Weight: 10,
PodAffinityTerm: api.PodAffinityTerm{
LabelSelector: &metav1.LabelSelector{
MatchExpressions: []metav1.LabelSelectorRequirement{
{
Key: "key2",
Operator: metav1.LabelSelectorOpNotIn,
Values: []string{"value1", "value2"},
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
},
},
},
Namespaces: []string{"ns"},
},
},
},
},
}),
},
implement inter pod topological affinity and anti-affinity
2016-05-04 02:50:31 -04:00
},
implement taints and tolerations
2016-03-30 23:42:57 -04:00
"invalid toleration key": {
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
expectedError: "spec.tolerations[0].key",
spec: api.Pod{
ObjectMeta: metav1.ObjectMeta{
Name: "123",
Namespace: "ns",
},
Spec: extendPodSpecwithTolerations(validPodSpec(nil), []api.Toleration{{Key: "nospecialchars^=@", Operator: "Equal", Value: "bar", Effect: "NoSchedule"}}),
implement taints and tolerations
2016-03-30 23:42:57 -04:00
},
},
"invalid toleration operator": {
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
expectedError: "spec.tolerations[0].operator",
spec: api.Pod{
ObjectMeta: metav1.ObjectMeta{
Name: "123",
Namespace: "ns",
},
Spec: extendPodSpecwithTolerations(validPodSpec(nil), []api.Toleration{{Key: "foo", Operator: "In", Value: "bar", Effect: "NoSchedule"}}),
implement taints and tolerations
2016-03-30 23:42:57 -04:00
},
},
"value must be empty when `operator` is 'Exists'": {
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
expectedError: "spec.tolerations[0].operator",
spec: api.Pod{
ObjectMeta: metav1.ObjectMeta{
Name: "123",
Namespace: "ns",
},
Spec: extendPodSpecwithTolerations(validPodSpec(nil), []api.Toleration{{Key: "foo", Operator: "Exists", Value: "bar", Effect: "NoSchedule"}}),
implement taints and tolerations
2016-03-30 23:42:57 -04:00
},
},
api changes of forgiveness phase1
2017-01-04 06:45:50 -05:00
"operator must be 'Exists' when `key` is empty": {
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
expectedError: "spec.tolerations[0].operator",
spec: api.Pod{
ObjectMeta: metav1.ObjectMeta{
Name: "123",
Namespace: "ns",
},
Spec: extendPodSpecwithTolerations(validPodSpec(nil), []api.Toleration{{Operator: "Equal", Value: "bar", Effect: "NoSchedule"}}),
api changes of forgiveness phase1
2017-01-04 06:45:50 -05:00
},
},
"effect must be 'NoExecute' when `TolerationSeconds` is set": {
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
expectedError: "spec.tolerations[0].effect",
spec: api.Pod{
ObjectMeta: metav1.ObjectMeta{
Name: "pod-forgiveness-invalid",
Namespace: "ns",
},
Spec: extendPodSpecwithTolerations(validPodSpec(nil), []api.Toleration{{Key: "node.alpha.kubernetes.io/notReady", Operator: "Exists", Effect: "NoSchedule", TolerationSeconds: &[]int64{20}[0]}}),
api changes of forgiveness phase1
2017-01-04 06:45:50 -05:00
},
},
Move seccomp annotation validation into api/validation
2016-06-10 04:02:36 -04:00
"must be a valid pod seccomp profile": {
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
expectedError: "must be a valid seccomp profile",
spec: api.Pod{
ObjectMeta: metav1.ObjectMeta{
Name: "123",
Namespace: "ns",
Annotations: map[string]string{
api.SeccompPodAnnotationKey: "foo",
},
Move seccomp annotation validation into api/validation
2016-06-10 04:02:36 -04:00
},
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
Spec: validPodSpec(nil),
Move seccomp annotation validation into api/validation
2016-06-10 04:02:36 -04:00
},
},
"must be a valid container seccomp profile": {
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
expectedError: "must be a valid seccomp profile",
spec: api.Pod{
ObjectMeta: metav1.ObjectMeta{
Name: "123",
Namespace: "ns",
Annotations: map[string]string{
api.SeccompContainerAnnotationKeyPrefix + "foo": "foo",
},
Move seccomp annotation validation into api/validation
2016-06-10 04:02:36 -04:00
},
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
Spec: validPodSpec(nil),
Move seccomp annotation validation into api/validation
2016-06-10 04:02:36 -04:00
},
},
"must be a non-empty container name in seccomp annotation": {
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
expectedError: "name part must be non-empty",
spec: api.Pod{
ObjectMeta: metav1.ObjectMeta{
Name: "123",
Namespace: "ns",
Annotations: map[string]string{
api.SeccompContainerAnnotationKeyPrefix: "foo",
},
Move seccomp annotation validation into api/validation
2016-06-10 04:02:36 -04:00
},
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
Spec: validPodSpec(nil),
Move seccomp annotation validation into api/validation
2016-06-10 04:02:36 -04:00
},
},
"must be a non-empty container profile in seccomp annotation": {
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
expectedError: "must be a valid seccomp profile",
spec: api.Pod{
ObjectMeta: metav1.ObjectMeta{
Name: "123",
Namespace: "ns",
Annotations: map[string]string{
api.SeccompContainerAnnotationKeyPrefix + "foo": "",
},
Move seccomp annotation validation into api/validation
2016-06-10 04:02:36 -04:00
},
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
Spec: validPodSpec(nil),
Move seccomp annotation validation into api/validation
2016-06-10 04:02:36 -04:00
},
},
"must be a relative path in a node-local seccomp profile annotation": {
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
expectedError: "must be a relative path",
spec: api.Pod{
ObjectMeta: metav1.ObjectMeta{
Name: "123",
Namespace: "ns",
Annotations: map[string]string{
api.SeccompPodAnnotationKey: "localhost//foo",
},
Move seccomp annotation validation into api/validation
2016-06-10 04:02:36 -04:00
},
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
Spec: validPodSpec(nil),
Move seccomp annotation validation into api/validation
2016-06-10 04:02:36 -04:00
},
},
"must not start with '../'": {
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
expectedError: "must not contain '..'",
spec: api.Pod{
ObjectMeta: metav1.ObjectMeta{
Name: "123",
Namespace: "ns",
Annotations: map[string]string{
api.SeccompPodAnnotationKey: "localhost/../foo",
},
Move seccomp annotation validation into api/validation
2016-06-10 04:02:36 -04:00
},
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
Spec: validPodSpec(nil),
Move seccomp annotation validation into api/validation
2016-06-10 04:02:36 -04:00
},
Validate AppArmor annotations in the API server
2016-08-16 19:41:05 -04:00
},
"AppArmor profile must apply to a container": {
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
expectedError: "metadata.annotations[container.apparmor.security.beta.kubernetes.io/fake-ctr]",
spec: api.Pod{
ObjectMeta: metav1.ObjectMeta{
Name: "123",
Namespace: "ns",
Annotations: map[string]string{
apparmor.ContainerAnnotationKeyPrefix + "ctr": apparmor.ProfileRuntimeDefault,
apparmor.ContainerAnnotationKeyPrefix + "init-ctr": apparmor.ProfileRuntimeDefault,
apparmor.ContainerAnnotationKeyPrefix + "fake-ctr": apparmor.ProfileRuntimeDefault,
},
},
Spec: api.PodSpec{
InitContainers: []api.Container{{Name: "init-ctr", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File"}},
Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File"}},
RestartPolicy: api.RestartPolicyAlways,
DNSPolicy: api.DNSClusterFirst,
Validate AppArmor annotations in the API server
2016-08-16 19:41:05 -04:00
},
},
},
"AppArmor profile format must be valid": {
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
expectedError: "invalid AppArmor profile name",
spec: api.Pod{
ObjectMeta: metav1.ObjectMeta{
Name: "123",
Namespace: "ns",
Annotations: map[string]string{
apparmor.ContainerAnnotationKeyPrefix + "ctr": "bad-name",
},
Validate AppArmor annotations in the API server
2016-08-16 19:41:05 -04:00
},
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
Spec: validPodSpec(nil),
Validate AppArmor annotations in the API server
2016-08-16 19:41:05 -04:00
},
},
"only default AppArmor profile may start with runtime/": {
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
expectedError: "invalid AppArmor profile name",
spec: api.Pod{
ObjectMeta: metav1.ObjectMeta{
Name: "123",
Namespace: "ns",
Annotations: map[string]string{
apparmor.ContainerAnnotationKeyPrefix + "ctr": "runtime/foo",
},
Validate AppArmor annotations in the API server
2016-08-16 19:41:05 -04:00
},
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
Spec: validPodSpec(nil),
Move seccomp annotation validation into api/validation
2016-06-10 04:02:36 -04:00
},
},
Add sysctl api, validation & Docker support
2016-06-14 09:09:53 -04:00
"invalid sysctl annotation": {
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
expectedError: "metadata.annotations[security.alpha.kubernetes.io/sysctls]",
spec: api.Pod{
ObjectMeta: metav1.ObjectMeta{
Name: "123",
Namespace: "ns",
Annotations: map[string]string{
api.SysctlsPodAnnotationKey: "foo:",
},
Add sysctl api, validation & Docker support
2016-06-14 09:09:53 -04:00
},
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
Spec: validPodSpec(nil),
Add sysctl api, validation & Docker support
2016-06-14 09:09:53 -04:00
},
},
"invalid comma-separated sysctl annotation": {
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
expectedError: "not of the format sysctl_name=value",
spec: api.Pod{
ObjectMeta: metav1.ObjectMeta{
Name: "123",
Namespace: "ns",
Annotations: map[string]string{
api.SysctlsPodAnnotationKey: "kernel.msgmax,",
},
Add sysctl api, validation & Docker support
2016-06-14 09:09:53 -04:00
},
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
Spec: validPodSpec(nil),
Add sysctl api, validation & Docker support
2016-06-14 09:09:53 -04:00
},
},
"invalid unsafe sysctl annotation": {
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
expectedError: "metadata.annotations[security.alpha.kubernetes.io/sysctls]",
spec: api.Pod{
ObjectMeta: metav1.ObjectMeta{
Name: "123",
Namespace: "ns",
Annotations: map[string]string{
api.SysctlsPodAnnotationKey: "foo:",
},
Add sysctl api, validation & Docker support
2016-06-14 09:09:53 -04:00
},
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
Spec: validPodSpec(nil),
Add sysctl api, validation & Docker support
2016-06-14 09:09:53 -04:00
},
},
"intersecting safe sysctls and unsafe sysctls annotations": {
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
expectedError: "can not be safe and unsafe",
spec: api.Pod{
ObjectMeta: metav1.ObjectMeta{
Name: "123",
Namespace: "ns",
Annotations: map[string]string{
api.SysctlsPodAnnotationKey: "kernel.shmmax=10000000",
api.UnsafeSysctlsPodAnnotationKey: "kernel.shmmax=10000000",
},
Add sysctl api, validation & Docker support
2016-06-14 09:09:53 -04:00
},
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
Spec: validPodSpec(nil),
Add sysctl api, validation & Docker support
2016-06-14 09:09:53 -04:00
},
},
Support opaque integer resource accounting. - Prevents kubelet from overwriting capacity during sync. - Handles opaque integer resources in the scheduler. - Adds scheduler predicate tests for opaque resources. - Validates opaque int resources: - Ensures supplied opaque int quantities in node capacity, node allocatable, pod request and pod limit are integers. - Adds tests for new validation logic (node update and pod spec). - Added e2e tests for opaque integer resources.
2016-09-26 11:11:31 -04:00
"invalid opaque integer resource requirement: request must be <= limit": {
update testcase err msg
2017-08-09 23:45:09 -04:00
expectedError: "must be less than or equal to pod.alpha.kubernetes.io/opaque-int-resource-A",
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
spec: api.Pod{
ObjectMeta: metav1.ObjectMeta{Name: "123", Namespace: "ns"},
Spec: api.PodSpec{
Containers: []api.Container{
{
Name: "invalid",
Image: "image",
ImagePullPolicy: "IfNotPresent",
Resources: api.ResourceRequirements{
Requests: api.ResourceList{
helper.OpaqueIntResourceName("A"): resource.MustParse("2"),
},
Limits: api.ResourceList{
helper.OpaqueIntResourceName("A"): resource.MustParse("1"),
},
Support opaque integer resource accounting. - Prevents kubelet from overwriting capacity during sync. - Handles opaque integer resources in the scheduler. - Adds scheduler predicate tests for opaque resources. - Validates opaque int resources: - Ensures supplied opaque int quantities in node capacity, node allocatable, pod request and pod limit are integers. - Adds tests for new validation logic (node update and pod spec). - Added e2e tests for opaque integer resources.
2016-09-26 11:11:31 -04:00
},
},
},
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
RestartPolicy: api.RestartPolicyAlways,
DNSPolicy: api.DNSClusterFirst,
Support opaque integer resource accounting. - Prevents kubelet from overwriting capacity during sync. - Handles opaque integer resources in the scheduler. - Adds scheduler predicate tests for opaque resources. - Validates opaque int resources: - Ensures supplied opaque int quantities in node capacity, node allocatable, pod request and pod limit are integers. - Adds tests for new validation logic (node update and pod spec). - Added e2e tests for opaque integer resources.
2016-09-26 11:11:31 -04:00
},
},
},
"invalid fractional opaque integer resource in container request": {
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
expectedError: "must be an integer",
spec: api.Pod{
ObjectMeta: metav1.ObjectMeta{Name: "123", Namespace: "ns"},
Spec: api.PodSpec{
Containers: []api.Container{
{
Name: "invalid",
Image: "image",
ImagePullPolicy: "IfNotPresent",
Resources: api.ResourceRequirements{
Requests: api.ResourceList{
helper.OpaqueIntResourceName("A"): resource.MustParse("500m"),
},
Support opaque integer resource accounting. - Prevents kubelet from overwriting capacity during sync. - Handles opaque integer resources in the scheduler. - Adds scheduler predicate tests for opaque resources. - Validates opaque int resources: - Ensures supplied opaque int quantities in node capacity, node allocatable, pod request and pod limit are integers. - Adds tests for new validation logic (node update and pod spec). - Added e2e tests for opaque integer resources.
2016-09-26 11:11:31 -04:00
},
},
},
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
RestartPolicy: api.RestartPolicyAlways,
DNSPolicy: api.DNSClusterFirst,
Support opaque integer resource accounting. - Prevents kubelet from overwriting capacity during sync. - Handles opaque integer resources in the scheduler. - Adds scheduler predicate tests for opaque resources. - Validates opaque int resources: - Ensures supplied opaque int quantities in node capacity, node allocatable, pod request and pod limit are integers. - Adds tests for new validation logic (node update and pod spec). - Added e2e tests for opaque integer resources.
2016-09-26 11:11:31 -04:00
},
},
},
"invalid fractional opaque integer resource in init container request": {
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
expectedError: "must be an integer",
spec: api.Pod{
ObjectMeta: metav1.ObjectMeta{Name: "123", Namespace: "ns"},
Spec: api.PodSpec{
InitContainers: []api.Container{
{
Name: "invalid",
Image: "image",
ImagePullPolicy: "IfNotPresent",
Resources: api.ResourceRequirements{
Requests: api.ResourceList{
helper.OpaqueIntResourceName("A"): resource.MustParse("500m"),
},
Support opaque integer resource accounting. - Prevents kubelet from overwriting capacity during sync. - Handles opaque integer resources in the scheduler. - Adds scheduler predicate tests for opaque resources. - Validates opaque int resources: - Ensures supplied opaque int quantities in node capacity, node allocatable, pod request and pod limit are integers. - Adds tests for new validation logic (node update and pod spec). - Added e2e tests for opaque integer resources.
2016-09-26 11:11:31 -04:00
},
},
},
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File"}},
RestartPolicy: api.RestartPolicyAlways,
DNSPolicy: api.DNSClusterFirst,
Support opaque integer resource accounting. - Prevents kubelet from overwriting capacity during sync. - Handles opaque integer resources in the scheduler. - Adds scheduler predicate tests for opaque resources. - Validates opaque int resources: - Ensures supplied opaque int quantities in node capacity, node allocatable, pod request and pod limit are integers. - Adds tests for new validation logic (node update and pod spec). - Added e2e tests for opaque integer resources.
2016-09-26 11:11:31 -04:00
},
},
},
"invalid fractional opaque integer resource in container limit": {
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
expectedError: "must be an integer",
spec: api.Pod{
ObjectMeta: metav1.ObjectMeta{Name: "123", Namespace: "ns"},
Spec: api.PodSpec{
Containers: []api.Container{
{
Name: "invalid",
Image: "image",
ImagePullPolicy: "IfNotPresent",
Resources: api.ResourceRequirements{
Requests: api.ResourceList{
helper.OpaqueIntResourceName("A"): resource.MustParse("5"),
},
Limits: api.ResourceList{
helper.OpaqueIntResourceName("A"): resource.MustParse("2.5"),
},
Support opaque integer resource accounting. - Prevents kubelet from overwriting capacity during sync. - Handles opaque integer resources in the scheduler. - Adds scheduler predicate tests for opaque resources. - Validates opaque int resources: - Ensures supplied opaque int quantities in node capacity, node allocatable, pod request and pod limit are integers. - Adds tests for new validation logic (node update and pod spec). - Added e2e tests for opaque integer resources.
2016-09-26 11:11:31 -04:00
},
},
},
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
RestartPolicy: api.RestartPolicyAlways,
DNSPolicy: api.DNSClusterFirst,
Support opaque integer resource accounting. - Prevents kubelet from overwriting capacity during sync. - Handles opaque integer resources in the scheduler. - Adds scheduler predicate tests for opaque resources. - Validates opaque int resources: - Ensures supplied opaque int quantities in node capacity, node allocatable, pod request and pod limit are integers. - Adds tests for new validation logic (node update and pod spec). - Added e2e tests for opaque integer resources.
2016-09-26 11:11:31 -04:00
},
},
},
"invalid fractional opaque integer resource in init container limit": {
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
expectedError: "must be an integer",
spec: api.Pod{
ObjectMeta: metav1.ObjectMeta{Name: "123", Namespace: "ns"},
Spec: api.PodSpec{
InitContainers: []api.Container{
{
Name: "invalid",
Image: "image",
ImagePullPolicy: "IfNotPresent",
Resources: api.ResourceRequirements{
Requests: api.ResourceList{
helper.OpaqueIntResourceName("A"): resource.MustParse("5"),
},
Limits: api.ResourceList{
helper.OpaqueIntResourceName("A"): resource.MustParse("2.5"),
},
Support opaque integer resource accounting. - Prevents kubelet from overwriting capacity during sync. - Handles opaque integer resources in the scheduler. - Adds scheduler predicate tests for opaque resources. - Validates opaque int resources: - Ensures supplied opaque int quantities in node capacity, node allocatable, pod request and pod limit are integers. - Adds tests for new validation logic (node update and pod spec). - Added e2e tests for opaque integer resources.
2016-09-26 11:11:31 -04:00
},
},
},
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File"}},
RestartPolicy: api.RestartPolicyAlways,
DNSPolicy: api.DNSClusterFirst,
Support opaque integer resource accounting. - Prevents kubelet from overwriting capacity during sync. - Handles opaque integer resources in the scheduler. - Adds scheduler predicate tests for opaque resources. - Validates opaque int resources: - Ensures supplied opaque int quantities in node capacity, node allocatable, pod request and pod limit are integers. - Adds tests for new validation logic (node update and pod spec). - Added e2e tests for opaque integer resources.
2016-09-26 11:11:31 -04:00
},
},
},
Require nodeName for mirror pods, make mirror pod annotation immutable
2017-05-13 15:48:44 -04:00
"mirror-pod present without nodeName": {
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
expectedError: "mirror",
spec: api.Pod{
ObjectMeta: metav1.ObjectMeta{Name: "123", Namespace: "ns", Annotations: map[string]string{api.MirrorPodAnnotationKey: ""}},
Spec: api.PodSpec{
Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File"}},
RestartPolicy: api.RestartPolicyAlways,
DNSPolicy: api.DNSClusterFirst,
},
Require nodeName for mirror pods, make mirror pod annotation immutable
2017-05-13 15:48:44 -04:00
},
},
"mirror-pod populated without nodeName": {
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
expectedError: "mirror",
spec: api.Pod{
ObjectMeta: metav1.ObjectMeta{Name: "123", Namespace: "ns", Annotations: map[string]string{api.MirrorPodAnnotationKey: "foo"}},
Spec: api.PodSpec{
Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File"}},
RestartPolicy: api.RestartPolicyAlways,
DNSPolicy: api.DNSClusterFirst,
Support opaque integer resource accounting. - Prevents kubelet from overwriting capacity during sync. - Handles opaque integer resources in the scheduler. - Adds scheduler predicate tests for opaque resources. - Validates opaque int resources: - Ensures supplied opaque int quantities in node capacity, node allocatable, pod request and pod limit are integers. - Adds tests for new validation logic (node update and pod spec). - Added e2e tests for opaque integer resources.
2016-09-26 11:11:31 -04:00
},
},
},
Beef up validation tests
2015-01-06 14:11:52 -05:00
}
for k, v := range errorCases {
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
if errs := ValidatePod(&v.spec); len(errs) == 0 {
Validate that there is at least one container in the pod
2015-03-18 11:00:18 -04:00
t.Errorf("expected failure for %q", k)
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
} else if v.expectedError == "" {
t.Errorf("missing expectedError for %q, got %q", k, errs.ToAggregate().Error())
} else if actualError := errs.ToAggregate().Error(); !strings.Contains(actualError, v.expectedError) {
t.Errorf("expected error for %q to contain %q, got %q", k, v.expectedError, actualError)
Beef up validation tests
2015-01-06 14:11:52 -05:00
}
add RFC952 label validation
2014-10-23 16:14:13 -04:00
}
Add RestartPolicy to Pod and PodTemplate
2014-07-22 14:45:12 -04:00
}
Add update to the pod etcd handler.
2014-10-09 23:30:34 -04:00
func TestValidatePodUpdate(t *testing.T) {
Allow pod.Spec.ActiveDeadlineSeconds to be updateable
2016-01-26 15:52:14 -05:00
var (
activeDeadlineSecondsZero = int64(0)
activeDeadlineSecondsNegative = int64(-30)
activeDeadlineSecondsPositive = int64(30)
activeDeadlineSecondsLarger = int64(31)
refactor: generated
2016-12-03 13:57:26 -05:00
now = metav1.Now()
Allow pod.Spec.ActiveDeadlineSeconds to be updateable
2016-01-26 15:52:14 -05:00
grace = int64(30)
grace2 = int64(31)
)
Add update to the pod etcd handler.
2014-10-09 23:30:34 -04:00
tests := []struct {
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
a api.Pod
b api.Pod
err string
test string
Add update to the pod etcd handler.
2014-10-09 23:30:34 -04:00
}{
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
{api.Pod{}, api.Pod{}, "", "nothing"},
Add update to the pod etcd handler.
2014-10-09 23:30:34 -04:00
{
api.Pod{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{Name: "foo"},
Add update to the pod etcd handler.
2014-10-09 23:30:34 -04:00
},
api.Pod{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{Name: "bar"},
Add update to the pod etcd handler.
2014-10-09 23:30:34 -04:00
},
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
"metadata.name",
Add update to the pod etcd handler.
2014-10-09 23:30:34 -04:00
"ids",
},
{
api.Pod{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Refactor tests to split ObjectMeta from TypeMeta
2014-10-23 16:51:34 -04:00
Name: "foo",
Labels: map[string]string{
"foo": "bar",
},
Add update to the pod etcd handler.
2014-10-09 23:30:34 -04:00
},
},
api.Pod{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Refactor tests to split ObjectMeta from TypeMeta
2014-10-23 16:51:34 -04:00
Name: "foo",
Labels: map[string]string{
"bar": "foo",
},
Add update to the pod etcd handler.
2014-10-09 23:30:34 -04:00
},
},
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
"",
Add update to the pod etcd handler.
2014-10-09 23:30:34 -04:00
"labels",
},
Added validation for annotations
2015-01-24 09:36:22 -05:00
{
api.Pod{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Added validation for annotations
2015-01-24 09:36:22 -05:00
Name: "foo",
Annotations: map[string]string{
"foo": "bar",
},
},
},
api.Pod{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Added validation for annotations
2015-01-24 09:36:22 -05:00
Name: "foo",
Annotations: map[string]string{
"bar": "foo",
},
},
},
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
"",
Added validation for annotations
2015-01-24 09:36:22 -05:00
"annotations",
},
Add update to the pod etcd handler.
2014-10-09 23:30:34 -04:00
{
api.Pod{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Refactor tests to split ObjectMeta from TypeMeta
2014-10-23 16:51:34 -04:00
Name: "foo",
},
v1beta3 Pod refactor
2014-11-13 10:52:13 -05:00
Spec: api.PodSpec{
Containers: []api.Container{
{
Image: "foo:V1",
Add update to the pod etcd handler.
2014-10-09 23:30:34 -04:00
},
},
},
},
api.Pod{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{Name: "foo"},
v1beta3 Pod refactor
2014-11-13 10:52:13 -05:00
Spec: api.PodSpec{
Containers: []api.Container{
{
Image: "foo:V2",
},
{
Image: "bar:V2",
Add update to the pod etcd handler.
2014-10-09 23:30:34 -04:00
},
},
},
},
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
"may not add or remove containers",
Add update to the pod etcd handler.
2014-10-09 23:30:34 -04:00
"more containers",
},
Fix update validation for pods w/init containers.
2016-07-04 16:30:54 -04:00
{
api.Pod{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Fix update validation for pods w/init containers.
2016-07-04 16:30:54 -04:00
Name: "foo",
},
Spec: api.PodSpec{
InitContainers: []api.Container{
{
Image: "foo:V1",
},
},
},
},
api.Pod{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{Name: "foo"},
Fix update validation for pods w/init containers.
2016-07-04 16:30:54 -04:00
Spec: api.PodSpec{
InitContainers: []api.Container{
{
Image: "foo:V2",
},
{
Image: "bar:V2",
},
},
},
},
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
"may not add or remove containers",
Fix update validation for pods w/init containers.
2016-07-04 16:30:54 -04:00
"more init containers",
},
Add update to the pod etcd handler.
2014-10-09 23:30:34 -04:00
{
api.Pod{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{Name: "foo"},
Add TerminationGracePeriodSeconds to API Set defaulting for pod spec
2015-08-19 19:59:43 -04:00
Spec: api.PodSpec{Containers: []api.Container{{Image: "foo:V1"}}},
},
api.Pod{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{Name: "foo", DeletionTimestamp: &now},
Add TerminationGracePeriodSeconds to API Set defaulting for pod spec
2015-08-19 19:59:43 -04:00
Spec: api.PodSpec{Containers: []api.Container{{Image: "foo:V1"}}},
},
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
"",
Add TerminationGracePeriodSeconds to API Set defaulting for pod spec
2015-08-19 19:59:43 -04:00
"deletion timestamp filled out",
},
{
api.Pod{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{Name: "foo", DeletionTimestamp: &now, DeletionGracePeriodSeconds: &grace},
Add TerminationGracePeriodSeconds to API Set defaulting for pod spec
2015-08-19 19:59:43 -04:00
Spec: api.PodSpec{Containers: []api.Container{{Image: "foo:V1"}}},
},
api.Pod{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{Name: "foo", DeletionTimestamp: &now, DeletionGracePeriodSeconds: &grace2},
Add TerminationGracePeriodSeconds to API Set defaulting for pod spec
2015-08-19 19:59:43 -04:00
Spec: api.PodSpec{Containers: []api.Container{{Image: "foo:V1"}}},
},
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
"metadata.deletionGracePeriodSeconds",
Add TerminationGracePeriodSeconds to API Set defaulting for pod spec
2015-08-19 19:59:43 -04:00
"deletion grace period seconds cleared",
},
Add update to the pod etcd handler.
2014-10-09 23:30:34 -04:00
{
api.Pod{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{Name: "foo"},
v1beta3 Pod refactor
2014-11-13 10:52:13 -05:00
Spec: api.PodSpec{
Containers: []api.Container{
{
Image: "foo:V1",
Add update to the pod etcd handler.
2014-10-09 23:30:34 -04:00
},
},
},
},
api.Pod{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{Name: "foo"},
v1beta3 Pod refactor
2014-11-13 10:52:13 -05:00
Spec: api.PodSpec{
Containers: []api.Container{
{
Image: "foo:V2",
Add update to the pod etcd handler.
2014-10-09 23:30:34 -04:00
},
},
},
},
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
"",
Add update to the pod etcd handler.
2014-10-09 23:30:34 -04:00
"image change",
},
Fix update validation for pods w/init containers.
2016-07-04 16:30:54 -04:00
{
api.Pod{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{Name: "foo"},
Fix update validation for pods w/init containers.
2016-07-04 16:30:54 -04:00
Spec: api.PodSpec{
InitContainers: []api.Container{
{
Image: "foo:V1",
},
},
},
},
api.Pod{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{Name: "foo"},
Fix update validation for pods w/init containers.
2016-07-04 16:30:54 -04:00
Spec: api.PodSpec{
InitContainers: []api.Container{
{
Image: "foo:V2",
},
},
},
},
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
"",
Fix update validation for pods w/init containers.
2016-07-04 16:30:54 -04:00
"init container image change",
},
Allow pod.Spec.ActiveDeadlineSeconds to be updateable
2016-01-26 15:52:14 -05:00
{
api.Pod{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{Name: "foo"},
Allow pod.Spec.ActiveDeadlineSeconds to be updateable
2016-01-26 15:52:14 -05:00
Spec: api.PodSpec{
Containers: []api.Container{
{},
},
},
},
api.Pod{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{Name: "foo"},
Allow pod.Spec.ActiveDeadlineSeconds to be updateable
2016-01-26 15:52:14 -05:00
Spec: api.PodSpec{
Containers: []api.Container{
{
Image: "foo:V2",
},
},
},
},
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
"spec.containers[0].image",
Allow pod.Spec.ActiveDeadlineSeconds to be updateable
2016-01-26 15:52:14 -05:00
"image change to empty",
},
Fix update validation for pods w/init containers.
2016-07-04 16:30:54 -04:00
{
api.Pod{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{Name: "foo"},
Fix update validation for pods w/init containers.
2016-07-04 16:30:54 -04:00
Spec: api.PodSpec{
InitContainers: []api.Container{
{},
},
},
},
api.Pod{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{Name: "foo"},
Fix update validation for pods w/init containers.
2016-07-04 16:30:54 -04:00
Spec: api.PodSpec{
InitContainers: []api.Container{
{
Image: "foo:V2",
},
},
},
},
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
"spec.initContainers[0].image",
Fix update validation for pods w/init containers.
2016-07-04 16:30:54 -04:00
"init container image change to empty",
},
Allow pod.Spec.ActiveDeadlineSeconds to be updateable
2016-01-26 15:52:14 -05:00
{
api.Pod{
Spec: api.PodSpec{},
},
api.Pod{
Spec: api.PodSpec{},
},
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
"",
Allow pod.Spec.ActiveDeadlineSeconds to be updateable
2016-01-26 15:52:14 -05:00
"activeDeadlineSeconds no change, nil",
},
{
api.Pod{
Spec: api.PodSpec{
ActiveDeadlineSeconds: &activeDeadlineSecondsPositive,
},
},
api.Pod{
Spec: api.PodSpec{
ActiveDeadlineSeconds: &activeDeadlineSecondsPositive,
},
},
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
"",
Allow pod.Spec.ActiveDeadlineSeconds to be updateable
2016-01-26 15:52:14 -05:00
"activeDeadlineSeconds no change, set",
},
{
api.Pod{
Spec: api.PodSpec{
ActiveDeadlineSeconds: &activeDeadlineSecondsPositive,
},
},
api.Pod{},
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
"",
Allow pod.Spec.ActiveDeadlineSeconds to be updateable
2016-01-26 15:52:14 -05:00
"activeDeadlineSeconds change to positive from nil",
},
{
api.Pod{
Spec: api.PodSpec{
ActiveDeadlineSeconds: &activeDeadlineSecondsPositive,
},
},
api.Pod{
Spec: api.PodSpec{
ActiveDeadlineSeconds: &activeDeadlineSecondsLarger,
},
},
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
"",
Allow pod.Spec.ActiveDeadlineSeconds to be updateable
2016-01-26 15:52:14 -05:00
"activeDeadlineSeconds change to smaller positive",
},
{
api.Pod{
Spec: api.PodSpec{
ActiveDeadlineSeconds: &activeDeadlineSecondsLarger,
},
},
api.Pod{
Spec: api.PodSpec{
ActiveDeadlineSeconds: &activeDeadlineSecondsPositive,
},
},
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
"spec.activeDeadlineSeconds",
Allow pod.Spec.ActiveDeadlineSeconds to be updateable
2016-01-26 15:52:14 -05:00
"activeDeadlineSeconds change to larger positive",
},
{
api.Pod{
Spec: api.PodSpec{
ActiveDeadlineSeconds: &activeDeadlineSecondsNegative,
},
},
api.Pod{},
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
"spec.activeDeadlineSeconds",
Allow pod.Spec.ActiveDeadlineSeconds to be updateable
2016-01-26 15:52:14 -05:00
"activeDeadlineSeconds change to negative from nil",
},
{
api.Pod{
Spec: api.PodSpec{
ActiveDeadlineSeconds: &activeDeadlineSecondsNegative,
},
},
api.Pod{
Spec: api.PodSpec{
ActiveDeadlineSeconds: &activeDeadlineSecondsPositive,
},
},
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
"spec.activeDeadlineSeconds",
Allow pod.Spec.ActiveDeadlineSeconds to be updateable
2016-01-26 15:52:14 -05:00
"activeDeadlineSeconds change to negative from positive",
},
{
api.Pod{
Spec: api.PodSpec{
ActiveDeadlineSeconds: &activeDeadlineSecondsZero,
},
},
api.Pod{
Spec: api.PodSpec{
ActiveDeadlineSeconds: &activeDeadlineSecondsPositive,
},
},
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
"",
Allow pod.Spec.ActiveDeadlineSeconds to be updateable
2016-01-26 15:52:14 -05:00
"activeDeadlineSeconds change to zero from positive",
},
{
api.Pod{
Spec: api.PodSpec{
ActiveDeadlineSeconds: &activeDeadlineSecondsZero,
},
},
api.Pod{},
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
"",
Allow pod.Spec.ActiveDeadlineSeconds to be updateable
2016-01-26 15:52:14 -05:00
"activeDeadlineSeconds change to zero from nil",
},
{
api.Pod{},
api.Pod{
Spec: api.PodSpec{
ActiveDeadlineSeconds: &activeDeadlineSecondsPositive,
},
},
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
"spec.activeDeadlineSeconds",
Allow pod.Spec.ActiveDeadlineSeconds to be updateable
2016-01-26 15:52:14 -05:00
"activeDeadlineSeconds change to nil from positive",
},
Add update to the pod etcd handler.
2014-10-09 23:30:34 -04:00
{
api.Pod{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{Name: "foo"},
v1beta3 Pod refactor
2014-11-13 10:52:13 -05:00
Spec: api.PodSpec{
Containers: []api.Container{
{
Image: "foo:V1",
Rename ResourceRequirementSpec to ResourceRequirements.
2015-02-09 17:44:32 -05:00
Resources: api.ResourceRequirements{
Adding ResourceRequirementSpec to v1beta1, v1beta2, and v1beta3 APIs. The old resource quantities 'CPU' and 'Memory' will be preserved until support for v1beta1 and v1beta2 APIs are dropped. Improved resource validation in the process.
2015-01-24 23:19:36 -05:00
Limits: getResourceLimits("100m", "0"),
},
Add update to the pod etcd handler.
2014-10-09 23:30:34 -04:00
},
},
},
},
api.Pod{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{Name: "foo"},
v1beta3 Pod refactor
2014-11-13 10:52:13 -05:00
Spec: api.PodSpec{
Containers: []api.Container{
{
Image: "foo:V2",
Rename ResourceRequirementSpec to ResourceRequirements.
2015-02-09 17:44:32 -05:00
Resources: api.ResourceRequirements{
Adding ResourceRequirementSpec to v1beta1, v1beta2, and v1beta3 APIs. The old resource quantities 'CPU' and 'Memory' will be preserved until support for v1beta1 and v1beta2 APIs are dropped. Improved resource validation in the process.
2015-01-24 23:19:36 -05:00
Limits: getResourceLimits("1000m", "0"),
},
Add update to the pod etcd handler.
2014-10-09 23:30:34 -04:00
},
},
},
},
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
"spec: Forbidden: pod updates may not change fields",
Add update to the pod etcd handler.
2014-10-09 23:30:34 -04:00
"cpu change",
},
{
api.Pod{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{Name: "foo"},
v1beta3 Pod refactor
2014-11-13 10:52:13 -05:00
Spec: api.PodSpec{
Containers: []api.Container{
{
Image: "foo:V1",
Rename type Port to ContainerPort Sadly I had to do this by hand - I just could not get gorename to fix up users of it.
2015-02-23 17:25:56 -05:00
Ports: []api.ContainerPort{
v1beta3 Pod refactor
2014-11-13 10:52:13 -05:00
{HostPort: 8080, ContainerPort: 80},
Add update to the pod etcd handler.
2014-10-09 23:30:34 -04:00
},
},
},
},
},
api.Pod{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{Name: "foo"},
v1beta3 Pod refactor
2014-11-13 10:52:13 -05:00
Spec: api.PodSpec{
Containers: []api.Container{
{
Image: "foo:V2",
Rename type Port to ContainerPort Sadly I had to do this by hand - I just could not get gorename to fix up users of it.
2015-02-23 17:25:56 -05:00
Ports: []api.ContainerPort{
v1beta3 Pod refactor
2014-11-13 10:52:13 -05:00
{HostPort: 8000, ContainerPort: 80},
Add update to the pod etcd handler.
2014-10-09 23:30:34 -04:00
},
},
},
},
},
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
"spec: Forbidden: pod updates may not change fields",
Add update to the pod etcd handler.
2014-10-09 23:30:34 -04:00
"port change",
},
Add a few extra test cases for API validation of labels that would have caught a bug that was in past versions. Also, copy the label key format requirements from the API types.go comments into the labels doc.
2015-02-04 17:21:34 -05:00
{
api.Pod{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Add a few extra test cases for API validation of labels that would have caught a bug that was in past versions. Also, copy the label key format requirements from the API types.go comments into the labels doc.
2015-02-04 17:21:34 -05:00
Name: "foo",
Labels: map[string]string{
"foo": "bar",
},
},
},
api.Pod{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Add a few extra test cases for API validation of labels that would have caught a bug that was in past versions. Also, copy the label key format requirements from the API types.go comments into the labels doc.
2015-02-04 17:21:34 -05:00
Name: "foo",
Labels: map[string]string{
"Bar": "foo",
},
},
},
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
"",
Add a few extra test cases for API validation of labels that would have caught a bug that was in past versions. Also, copy the label key format requirements from the API types.go comments into the labels doc.
2015-02-04 17:21:34 -05:00
"bad label change",
},
Allow toleration updates via pod spec.
2017-02-21 13:03:13 -05:00
{
api.Pod{
ObjectMeta: metav1.ObjectMeta{
Name: "foo",
},
Spec: api.PodSpec{
NodeName: "node1",
Tolerations: []api.Toleration{{Key: "key1", Value: "value2"}},
},
},
api.Pod{
ObjectMeta: metav1.ObjectMeta{
Name: "foo",
},
Spec: api.PodSpec{
NodeName: "node1",
Tolerations: []api.Toleration{{Key: "key1", Value: "value1"}},
},
},
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
"spec.tolerations: Forbidden",
Allow toleration updates via pod spec.
2017-02-21 13:03:13 -05:00
"existing toleration value modified in pod spec updates",
},
{
api.Pod{
ObjectMeta: metav1.ObjectMeta{
Name: "foo",
},
Spec: api.PodSpec{
NodeName: "node1",
Tolerations: []api.Toleration{{Key: "key1", Value: "value2", Operator: "Equal", Effect: "NoExecute", TolerationSeconds: nil}},
},
},
api.Pod{
ObjectMeta: metav1.ObjectMeta{
Name: "foo",
},
Spec: api.PodSpec{
NodeName: "node1",
Tolerations: []api.Toleration{{Key: "key1", Value: "value1", Operator: "Equal", Effect: "NoExecute", TolerationSeconds: &[]int64{10}[0]}},
},
},
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
"spec.tolerations: Forbidden",
Allow toleration updates via pod spec.
2017-02-21 13:03:13 -05:00
"existing toleration value modified in pod spec updates with modified tolerationSeconds",
},
{
api.Pod{
ObjectMeta: metav1.ObjectMeta{
Name: "foo",
},
Spec: api.PodSpec{
NodeName: "node1",
Tolerations: []api.Toleration{{Key: "key1", Value: "value1", Operator: "Equal", Effect: "NoExecute", TolerationSeconds: &[]int64{10}[0]}},
},
},
api.Pod{
ObjectMeta: metav1.ObjectMeta{
Name: "foo",
},
Spec: api.PodSpec{
NodeName: "node1",
Tolerations: []api.Toleration{{Key: "key1", Value: "value1", Operator: "Equal", Effect: "NoExecute", TolerationSeconds: &[]int64{20}[0]}},
}},
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
"",
Allow toleration updates via pod spec.
2017-02-21 13:03:13 -05:00
"modified tolerationSeconds in existing toleration value in pod spec updates",
},
{
api.Pod{
ObjectMeta: metav1.ObjectMeta{
Name: "foo",
},
Spec: api.PodSpec{
Tolerations: []api.Toleration{{Key: "key1", Value: "value2"}},
},
},
api.Pod{
ObjectMeta: metav1.ObjectMeta{
Name: "foo",
},
Spec: api.PodSpec{
NodeName: "",
Tolerations: []api.Toleration{{Key: "key1", Value: "value1"}},
},
},
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
"spec.tolerations: Forbidden",
Allow toleration updates via pod spec.
2017-02-21 13:03:13 -05:00
"toleration modified in updates to an unscheduled pod",
},
{
api.Pod{
ObjectMeta: metav1.ObjectMeta{
Name: "foo",
},
Spec: api.PodSpec{
NodeName: "node1",
Tolerations: []api.Toleration{{Key: "key1", Value: "value1"}},
},
},
api.Pod{
ObjectMeta: metav1.ObjectMeta{
Name: "foo",
},
Spec: api.PodSpec{
NodeName: "node1",
Tolerations: []api.Toleration{{Key: "key1", Value: "value1"}},
},
},
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
"",
Allow toleration updates via pod spec.
2017-02-21 13:03:13 -05:00
"tolerations unmodified in updates to a scheduled pod",
},
{
api.Pod{
ObjectMeta: metav1.ObjectMeta{
Name: "foo",
},
Spec: api.PodSpec{
NodeName: "node1",
Tolerations: []api.Toleration{
{Key: "key1", Value: "value1", Operator: "Equal", Effect: "NoExecute", TolerationSeconds: &[]int64{20}[0]},
{Key: "key2", Value: "value2", Operator: "Equal", Effect: "NoExecute", TolerationSeconds: &[]int64{30}[0]},
},
}},
api.Pod{
ObjectMeta: metav1.ObjectMeta{
Name: "foo",
},
Spec: api.PodSpec{
NodeName: "node1",
Tolerations: []api.Toleration{{Key: "key1", Value: "value1", Operator: "Equal", Effect: "NoExecute", TolerationSeconds: &[]int64{10}[0]}},
},
},
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
"",
Allow toleration updates via pod spec.
2017-02-21 13:03:13 -05:00
"added valid new toleration to existing tolerations in pod spec updates",
},
{
api.Pod{
ObjectMeta: metav1.ObjectMeta{Name: "foo"}, Spec: api.PodSpec{
NodeName: "node1",
Tolerations: []api.Toleration{
{Key: "key1", Value: "value1", Operator: "Equal", Effect: "NoExecute", TolerationSeconds: &[]int64{20}[0]},
{Key: "key2", Value: "value2", Operator: "Equal", Effect: "NoSchedule", TolerationSeconds: &[]int64{30}[0]},
},
}},
api.Pod{
ObjectMeta: metav1.ObjectMeta{
Name: "foo",
},
Spec: api.PodSpec{
NodeName: "node1", Tolerations: []api.Toleration{{Key: "key1", Value: "value1", Operator: "Equal", Effect: "NoExecute", TolerationSeconds: &[]int64{10}[0]}},
}},
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
"spec.tolerations[1].effect",
Allow toleration updates via pod spec.
2017-02-21 13:03:13 -05:00
"added invalid new toleration to existing tolerations in pod spec updates",
},
Require nodeName for mirror pods, make mirror pod annotation immutable
2017-05-13 15:48:44 -04:00
{
api.Pod{ObjectMeta: metav1.ObjectMeta{Name: "foo"}, Spec: api.PodSpec{NodeName: "foo"}},
api.Pod{ObjectMeta: metav1.ObjectMeta{Name: "foo"}},
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
"spec: Forbidden: pod updates may not change fields",
Require nodeName for mirror pods, make mirror pod annotation immutable
2017-05-13 15:48:44 -04:00
"removed nodeName from pod spec",
},
{
api.Pod{ObjectMeta: metav1.ObjectMeta{Name: "foo", Annotations: map[string]string{api.MirrorPodAnnotationKey: ""}}, Spec: api.PodSpec{NodeName: "foo"}},
api.Pod{ObjectMeta: metav1.ObjectMeta{Name: "foo"}, Spec: api.PodSpec{NodeName: "foo"}},
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
"metadata.annotations[kubernetes.io/config.mirror]",
Require nodeName for mirror pods, make mirror pod annotation immutable
2017-05-13 15:48:44 -04:00
"removed mirror pod annotation",
},
{
api.Pod{ObjectMeta: metav1.ObjectMeta{Name: "foo"}, Spec: api.PodSpec{NodeName: "foo"}},
api.Pod{ObjectMeta: metav1.ObjectMeta{Name: "foo", Annotations: map[string]string{api.MirrorPodAnnotationKey: ""}}, Spec: api.PodSpec{NodeName: "foo"}},
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
"metadata.annotations[kubernetes.io/config.mirror]",
Require nodeName for mirror pods, make mirror pod annotation immutable
2017-05-13 15:48:44 -04:00
"added mirror pod annotation",
},
{
api.Pod{ObjectMeta: metav1.ObjectMeta{Name: "foo", Annotations: map[string]string{api.MirrorPodAnnotationKey: "foo"}}, Spec: api.PodSpec{NodeName: "foo"}},
api.Pod{ObjectMeta: metav1.ObjectMeta{Name: "foo", Annotations: map[string]string{api.MirrorPodAnnotationKey: "bar"}}, Spec: api.PodSpec{NodeName: "foo"}},
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
"metadata.annotations[kubernetes.io/config.mirror]",
Require nodeName for mirror pods, make mirror pod annotation immutable
2017-05-13 15:48:44 -04:00
"changed mirror pod annotation",
},
Add priority to Kubernetes API
2017-05-09 21:25:34 -04:00
{
api.Pod{
ObjectMeta: metav1.ObjectMeta{
Name: "foo",
},
Spec: api.PodSpec{
NodeName: "node1",
PriorityClassName: "bar-priority",
},
},
api.Pod{
ObjectMeta: metav1.ObjectMeta{
Name: "foo",
},
Spec: api.PodSpec{
NodeName: "node1",
PriorityClassName: "foo-priority",
},
},
"spec: Forbidden: pod updates",
"changed priority class name",
},
{
api.Pod{
ObjectMeta: metav1.ObjectMeta{
Name: "foo",
},
Spec: api.PodSpec{
NodeName: "node1",
PriorityClassName: "",
},
},
api.Pod{
ObjectMeta: metav1.ObjectMeta{
Name: "foo",
},
Spec: api.PodSpec{
NodeName: "node1",
PriorityClassName: "foo-priority",
},
},
"spec: Forbidden: pod updates",
"removed priority class name",
},
Add update to the pod etcd handler.
2014-10-09 23:30:34 -04:00
}
for _, test := range tests {
Give better error message for PUTs with no resource version
2015-03-19 20:51:07 -04:00
test.a.ObjectMeta.ResourceVersion = "1"
test.b.ObjectMeta.ResourceVersion = "1"
Add update to the pod etcd handler.
2014-10-09 23:30:34 -04:00
errs := ValidatePodUpdate(&test.a, &test.b)
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
if test.err == "" {
Add update to the pod etcd handler.
2014-10-09 23:30:34 -04:00
if len(errs) != 0 {
Allow pod.Spec.ActiveDeadlineSeconds to be updateable
2016-01-26 15:52:14 -05:00
t.Errorf("unexpected invalid: %s (%+v)\nA: %+v\nB: %+v", test.test, errs, test.a, test.b)
Add update to the pod etcd handler.
2014-10-09 23:30:34 -04:00
}
} else {
if len(errs) == 0 {
Allow pod.Spec.ActiveDeadlineSeconds to be updateable
2016-01-26 15:52:14 -05:00
t.Errorf("unexpected valid: %s\nA: %+v\nB: %+v", test.test, test.a, test.b)
Test specific errors in pod validation tests
2017-05-13 15:53:57 -04:00
} else if actualErr := errs.ToAggregate().Error(); !strings.Contains(actualErr, test.err) {
t.Errorf("unexpected error message: %s\nExpected error: %s\nActual error: %s", test.test, test.err, actualErr)
Add update to the pod etcd handler.
2014-10-09 23:30:34 -04:00
}
}
}
}
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
func makeValidService() api.Service {
return api.Service{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
Name: "valid",
Namespace: "valid",
Labels: map[string]string{},
Annotations: map[string]string{},
ResourceVersion: "1",
},
Spec: api.ServiceSpec{
Selector: map[string]string{"key": "val"},
SessionAffinity: "None",
Add Type to ServiceSpec: ClusterIP or LoadBalancer
2015-05-22 17:49:26 -04:00
Type: api.ServiceTypeClusterIP,
Refactor IntOrString into a new pkg pkg/util/intstr is a cleaner encapsulation for this type and supporting functions. No behavioral change.
2015-11-10 01:28:45 -05:00
Ports: []api.ServicePort{{Name: "p", Protocol: "TCP", Port: 8675, TargetPort: intstr.FromInt(8675)}},
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
},
}
}
Add initial validation of Service objects
2014-07-10 15:45:01 -04:00
func TestValidateService(t *testing.T) {
make service validation test be table-driven
2014-09-10 12:41:31 -04:00
testCases := []struct {
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
name string
tweakSvc func(svc *api.Service) // given a basic valid service, each test case can customize it
numErrs int
make service validation test be table-driven
2014-09-10 12:41:31 -04:00
}{
{
Make testing service validation easier Part of multi-port services. If people like this, we could start to apply this pattern elsewhere. TL;DR: don't redefine objects over and over changing one thing each time. Instead provide a func that mutates a base object to test facets of validation. Much easier to read and to update.
2015-03-08 00:40:18 -05:00
name: "missing namespace",
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
tweakSvc: func(s *api.Service) {
Make testing service validation easier Part of multi-port services. If people like this, we could start to apply this pattern elsewhere. TL;DR: don't redefine objects over and over changing one thing each time. Instead provide a func that mutates a base object to test facets of validation. Much easier to read and to update.
2015-03-08 00:40:18 -05:00
s.Namespace = ""
Factor out API defaulting from validation logic Currently, the validation logic validates fields in an object and supply default values wherever applies. This change factors out defaulting to a set of defaulting callback functions for decoding (see #1502 for more discussion). * This change is based on pull request 2587. * Most defaulting has been migrated to defaults.go where the defaulting functions are added. * validation_test.go and converter_test.go have been adapted to not testing the default values. * Fixed all tests with that create invalid objects with the absence of defaulting logic.
2015-01-26 12:52:50 -05:00
},
numErrs: 1,
},
{
Make testing service validation easier Part of multi-port services. If people like this, we could start to apply this pattern elsewhere. TL;DR: don't redefine objects over and over changing one thing each time. Instead provide a func that mutates a base object to test facets of validation. Much easier to read and to update.
2015-03-08 00:40:18 -05:00
name: "invalid namespace",
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
tweakSvc: func(s *api.Service) {
Make testing service validation easier Part of multi-port services. If people like this, we could start to apply this pattern elsewhere. TL;DR: don't redefine objects over and over changing one thing each time. Instead provide a func that mutates a base object to test facets of validation. Much easier to read and to update.
2015-03-08 00:40:18 -05:00
s.Namespace = "-123"
Factor out API defaulting from validation logic Currently, the validation logic validates fields in an object and supply default values wherever applies. This change factors out defaulting to a set of defaulting callback functions for decoding (see #1502 for more discussion). * This change is based on pull request 2587. * Most defaulting has been migrated to defaults.go where the defaulting functions are added. * validation_test.go and converter_test.go have been adapted to not testing the default values. * Fixed all tests with that create invalid objects with the absence of defaulting logic.
2015-01-26 12:52:50 -05:00
},
numErrs: 1,
},
{
Make testing service validation easier Part of multi-port services. If people like this, we could start to apply this pattern elsewhere. TL;DR: don't redefine objects over and over changing one thing each time. Instead provide a func that mutates a base object to test facets of validation. Much easier to read and to update.
2015-03-08 00:40:18 -05:00
name: "missing name",
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
tweakSvc: func(s *api.Service) {
Make testing service validation easier Part of multi-port services. If people like this, we could start to apply this pattern elsewhere. TL;DR: don't redefine objects over and over changing one thing each time. Instead provide a func that mutates a base object to test facets of validation. Much easier to read and to update.
2015-03-08 00:40:18 -05:00
s.Name = ""
make service validation test be table-driven
2014-09-10 12:41:31 -04:00
},
numErrs: 1,
Add initial validation of Service objects
2014-07-10 15:45:01 -04:00
},
Update test cases to use default context
2014-09-29 17:18:18 -04:00
{
Make testing service validation easier Part of multi-port services. If people like this, we could start to apply this pattern elsewhere. TL;DR: don't redefine objects over and over changing one thing each time. Instead provide a func that mutates a base object to test facets of validation. Much easier to read and to update.
2015-03-08 00:40:18 -05:00
name: "invalid name",
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
tweakSvc: func(s *api.Service) {
Make testing service validation easier Part of multi-port services. If people like this, we could start to apply this pattern elsewhere. TL;DR: don't redefine objects over and over changing one thing each time. Instead provide a func that mutates a base object to test facets of validation. Much easier to read and to update.
2015-03-08 00:40:18 -05:00
s.Name = "-123"
Update test cases to use default context
2014-09-29 17:18:18 -04:00
},
numErrs: 1,
},
make service validation test be table-driven
2014-09-10 12:41:31 -04:00
{
Make testing service validation easier Part of multi-port services. If people like this, we could start to apply this pattern elsewhere. TL;DR: don't redefine objects over and over changing one thing each time. Instead provide a func that mutates a base object to test facets of validation. Much easier to read and to update.
2015-03-08 00:40:18 -05:00
name: "too long name",
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
tweakSvc: func(s *api.Service) {
Service names conform to RFC 1035
2016-07-24 13:01:38 -04:00
s.Name = strings.Repeat("a", 64)
make service validation test be table-driven
2014-09-10 12:41:31 -04:00
},
numErrs: 1,
Make validation check for legal serive port numbers.
2014-08-22 17:44:21 -04:00
},
Add name generation and normalize common create flows Adds `ObjectMeta.GenerateName`, an optional string field that defines name generation behavior if a Name is not provided. Adds `pkg/api/rest`, which defines the default Kubernetes API pattern for creation (and will cover update as well). Will allow registries and REST objects to be merged by moving logic on api out of those places. Add `pkg/api/rest/resttest`, which will be the test suite that verifies a RESTStorage object follows the Kubernetes API conventions and begin reducing our duplicated tests.
2015-01-27 18:56:38 -05:00
{
Make testing service validation easier Part of multi-port services. If people like this, we could start to apply this pattern elsewhere. TL;DR: don't redefine objects over and over changing one thing each time. Instead provide a func that mutates a base object to test facets of validation. Much easier to read and to update.
2015-03-08 00:40:18 -05:00
name: "invalid generateName",
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
tweakSvc: func(s *api.Service) {
Make testing service validation easier Part of multi-port services. If people like this, we could start to apply this pattern elsewhere. TL;DR: don't redefine objects over and over changing one thing each time. Instead provide a func that mutates a base object to test facets of validation. Much easier to read and to update.
2015-03-08 00:40:18 -05:00
s.GenerateName = "-123"
Add name generation and normalize common create flows Adds `ObjectMeta.GenerateName`, an optional string field that defines name generation behavior if a Name is not provided. Adds `pkg/api/rest`, which defines the default Kubernetes API pattern for creation (and will cover update as well). Will allow registries and REST objects to be merged by moving logic on api out of those places. Add `pkg/api/rest/resttest`, which will be the test suite that verifies a RESTStorage object follows the Kubernetes API conventions and begin reducing our duplicated tests.
2015-01-27 18:56:38 -05:00
},
numErrs: 1,
},
{
Make testing service validation easier Part of multi-port services. If people like this, we could start to apply this pattern elsewhere. TL;DR: don't redefine objects over and over changing one thing each time. Instead provide a func that mutates a base object to test facets of validation. Much easier to read and to update.
2015-03-08 00:40:18 -05:00
name: "too long generateName",
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
tweakSvc: func(s *api.Service) {
Service names conform to RFC 1035
2016-07-24 13:01:38 -04:00
s.GenerateName = strings.Repeat("a", 64)
Add name generation and normalize common create flows Adds `ObjectMeta.GenerateName`, an optional string field that defines name generation behavior if a Name is not provided. Adds `pkg/api/rest`, which defines the default Kubernetes API pattern for creation (and will cover update as well). Will allow registries and REST objects to be merged by moving logic on api out of those places. Add `pkg/api/rest/resttest`, which will be the test suite that verifies a RESTStorage object follows the Kubernetes API conventions and begin reducing our duplicated tests.
2015-01-27 18:56:38 -05:00
},
numErrs: 1,
},
make service validation test be table-driven
2014-09-10 12:41:31 -04:00
{
Make testing service validation easier Part of multi-port services. If people like this, we could start to apply this pattern elsewhere. TL;DR: don't redefine objects over and over changing one thing each time. Instead provide a func that mutates a base object to test facets of validation. Much easier to read and to update.
2015-03-08 00:40:18 -05:00
name: "invalid label",
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
tweakSvc: func(s *api.Service) {
Make testing service validation easier Part of multi-port services. If people like this, we could start to apply this pattern elsewhere. TL;DR: don't redefine objects over and over changing one thing each time. Instead provide a func that mutates a base object to test facets of validation. Much easier to read and to update.
2015-03-08 00:40:18 -05:00
s.Labels["NoUppercaseOrSpecialCharsLike=Equals"] = "bar"
make service validation test be table-driven
2014-09-10 12:41:31 -04:00
},
numErrs: 1,
},
{
Make testing service validation easier Part of multi-port services. If people like this, we could start to apply this pattern elsewhere. TL;DR: don't redefine objects over and over changing one thing each time. Instead provide a func that mutates a base object to test facets of validation. Much easier to read and to update.
2015-03-08 00:40:18 -05:00
name: "invalid annotation",
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
tweakSvc: func(s *api.Service) {
Make testing service validation easier Part of multi-port services. If people like this, we could start to apply this pattern elsewhere. TL;DR: don't redefine objects over and over changing one thing each time. Instead provide a func that mutates a base object to test facets of validation. Much easier to read and to update.
2015-03-08 00:40:18 -05:00
s.Annotations["NoSpecialCharsLike=Equals"] = "bar"
make service validation test be table-driven
2014-09-10 12:41:31 -04:00
},
numErrs: 1,
},
WIP: Implement multi-port Services
2015-03-13 11:16:41 -04:00
{
name: "nil selector",
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
tweakSvc: func(s *api.Service) {
WIP: Implement multi-port Services
2015-03-13 11:16:41 -04:00
s.Spec.Selector = nil
},
numErrs: 0,
},
add a 'protocol' field to api.Service
2014-09-10 12:53:40 -04:00
{
Make testing service validation easier Part of multi-port services. If people like this, we could start to apply this pattern elsewhere. TL;DR: don't redefine objects over and over changing one thing each time. Instead provide a func that mutates a base object to test facets of validation. Much easier to read and to update.
2015-03-08 00:40:18 -05:00
name: "invalid selector",
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
tweakSvc: func(s *api.Service) {
Make testing service validation easier Part of multi-port services. If people like this, we could start to apply this pattern elsewhere. TL;DR: don't redefine objects over and over changing one thing each time. Instead provide a func that mutates a base object to test facets of validation. Much easier to read and to update.
2015-03-08 00:40:18 -05:00
s.Spec.Selector["NoSpecialCharsLike=Equals"] = "bar"
add a 'protocol' field to api.Service
2014-09-10 12:53:40 -04:00
},
numErrs: 1,
},
make service validation test be table-driven
2014-09-10 12:41:31 -04:00
{
Make testing service validation easier Part of multi-port services. If people like this, we could start to apply this pattern elsewhere. TL;DR: don't redefine objects over and over changing one thing each time. Instead provide a func that mutates a base object to test facets of validation. Much easier to read and to update.
2015-03-08 00:40:18 -05:00
name: "missing session affinity",
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
tweakSvc: func(s *api.Service) {
Make testing service validation easier Part of multi-port services. If people like this, we could start to apply this pattern elsewhere. TL;DR: don't redefine objects over and over changing one thing each time. Instead provide a func that mutates a base object to test facets of validation. Much easier to read and to update.
2015-03-08 00:40:18 -05:00
s.Spec.SessionAffinity = ""
make service validation test be table-driven
2014-09-10 12:41:31 -04:00
},
Make testing service validation easier Part of multi-port services. If people like this, we could start to apply this pattern elsewhere. TL;DR: don't redefine objects over and over changing one thing each time. Instead provide a func that mutates a base object to test facets of validation. Much easier to read and to update.
2015-03-08 00:40:18 -05:00
numErrs: 1,
make service validation test be table-driven
2014-09-10 12:41:31 -04:00
},
Add Type to ServiceSpec: ClusterIP or LoadBalancer
2015-05-22 17:49:26 -04:00
{
name: "missing type",
tweakSvc: func(s *api.Service) {
s.Spec.Type = ""
},
numErrs: 1,
},
WIP: Implement multi-port Services
2015-03-13 11:16:41 -04:00
{
name: "missing ports",
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
tweakSvc: func(s *api.Service) {
WIP: Implement multi-port Services
2015-03-13 11:16:41 -04:00
s.Spec.Ports = nil
},
numErrs: 1,
},
Headless services should not need to declare ports
2015-11-06 12:53:57 -05:00
{
name: "missing ports but headless",
tweakSvc: func(s *api.Service) {
s.Spec.Ports = nil
s.Spec.ClusterIP = api.ClusterIPNone
},
numErrs: 0,
},
WIP: Implement multi-port Services
2015-03-13 11:16:41 -04:00
{
name: "empty port[0] name",
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
tweakSvc: func(s *api.Service) {
WIP: Implement multi-port Services
2015-03-13 11:16:41 -04:00
s.Spec.Ports[0].Name = ""
},
numErrs: 0,
},
{
name: "empty port[1] name",
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
tweakSvc: func(s *api.Service) {
Refactor IntOrString into a new pkg pkg/util/intstr is a cleaner encapsulation for this type and supporting functions. No behavioral change.
2015-11-10 01:28:45 -05:00
s.Spec.Ports = append(s.Spec.Ports, api.ServicePort{Name: "", Protocol: "TCP", Port: 12345, TargetPort: intstr.FromInt(12345)})
WIP: Implement multi-port Services
2015-03-13 11:16:41 -04:00
},
numErrs: 1,
},
Service port names are required for multi-port There is no provision for the first port to be unnamed. I think I initially allowed that, but then the Subset struct became a sorted struct, so the first-ness of the port got lost. If you have a Service with one named and one unnamed port, what happens is that the EndpointController fails to create Endpoints (validation error).
2015-05-05 14:51:51 -04:00
{
name: "empty multi-port port[0] name",
tweakSvc: func(s *api.Service) {
s.Spec.Ports[0].Name = ""
Refactor IntOrString into a new pkg pkg/util/intstr is a cleaner encapsulation for this type and supporting functions. No behavioral change.
2015-11-10 01:28:45 -05:00
s.Spec.Ports = append(s.Spec.Ports, api.ServicePort{Name: "p", Protocol: "TCP", Port: 12345, TargetPort: intstr.FromInt(12345)})
Service port names are required for multi-port There is no provision for the first port to be unnamed. I think I initially allowed that, but then the Subset struct became a sorted struct, so the first-ness of the port got lost. If you have a Service with one named and one unnamed port, what happens is that the EndpointController fails to create Endpoints (validation error).
2015-05-05 14:51:51 -04:00
},
numErrs: 1,
},
WIP: Implement multi-port Services
2015-03-13 11:16:41 -04:00
{
name: "invalid port name",
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
tweakSvc: func(s *api.Service) {
WIP: Implement multi-port Services
2015-03-13 11:16:41 -04:00
s.Spec.Ports[0].Name = "INVALID"
},
numErrs: 1,
},
make service validation test be table-driven
2014-09-10 12:41:31 -04:00
{
Make testing service validation easier Part of multi-port services. If people like this, we could start to apply this pattern elsewhere. TL;DR: don't redefine objects over and over changing one thing each time. Instead provide a func that mutates a base object to test facets of validation. Much easier to read and to update.
2015-03-08 00:40:18 -05:00
name: "missing protocol",
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
tweakSvc: func(s *api.Service) {
WIP: Implement multi-port Services
2015-03-13 11:16:41 -04:00
s.Spec.Ports[0].Protocol = ""
make service validation test be table-driven
2014-09-10 12:41:31 -04:00
},
Make testing service validation easier Part of multi-port services. If people like this, we could start to apply this pattern elsewhere. TL;DR: don't redefine objects over and over changing one thing each time. Instead provide a func that mutates a base object to test facets of validation. Much easier to read and to update.
2015-03-08 00:40:18 -05:00
numErrs: 1,
make service validation test be table-driven
2014-09-10 12:41:31 -04:00
},
{
Make testing service validation easier Part of multi-port services. If people like this, we could start to apply this pattern elsewhere. TL;DR: don't redefine objects over and over changing one thing each time. Instead provide a func that mutates a base object to test facets of validation. Much easier to read and to update.
2015-03-08 00:40:18 -05:00
name: "invalid protocol",
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
tweakSvc: func(s *api.Service) {
WIP: Implement multi-port Services
2015-03-13 11:16:41 -04:00
s.Spec.Ports[0].Protocol = "INVALID"
make service validation test be table-driven
2014-09-10 12:41:31 -04:00
},
Make testing service validation easier Part of multi-port services. If people like this, we could start to apply this pattern elsewhere. TL;DR: don't redefine objects over and over changing one thing each time. Instead provide a func that mutates a base object to test facets of validation. Much easier to read and to update.
2015-03-08 00:40:18 -05:00
numErrs: 1,
make service validation test be table-driven
2014-09-10 12:41:31 -04:00
},
Headless Services: Adding option to specify None for PortalIP
2015-03-16 17:36:30 -04:00
{
Rename 'portal IP' to 'cluster IP' most everywhere This covers obvious transforms, but not --portal_net, $PORTAL_NET and similar.
2015-05-23 16:41:11 -04:00
name: "invalid cluster ip",
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
tweakSvc: func(s *api.Service) {
Rename 'portal IP' to 'cluster IP' most everywhere This covers obvious transforms, but not --portal_net, $PORTAL_NET and similar.
2015-05-23 16:41:11 -04:00
s.Spec.ClusterIP = "invalid"
Headless Services: Adding option to specify None for PortalIP
2015-03-16 17:36:30 -04:00
},
numErrs: 1,
},
make service validation test be table-driven
2014-09-10 12:41:31 -04:00
{
Make testing service validation easier Part of multi-port services. If people like this, we could start to apply this pattern elsewhere. TL;DR: don't redefine objects over and over changing one thing each time. Instead provide a func that mutates a base object to test facets of validation. Much easier to read and to update.
2015-03-08 00:40:18 -05:00
name: "missing port",
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
tweakSvc: func(s *api.Service) {
WIP: Implement multi-port Services
2015-03-13 11:16:41 -04:00
s.Spec.Ports[0].Port = 0
make service validation test be table-driven
2014-09-10 12:41:31 -04:00
},
Make testing service validation easier Part of multi-port services. If people like this, we could start to apply this pattern elsewhere. TL;DR: don't redefine objects over and over changing one thing each time. Instead provide a func that mutates a base object to test facets of validation. Much easier to read and to update.
2015-03-08 00:40:18 -05:00
numErrs: 1,
Add initial validation of Service objects
2014-07-10 15:45:01 -04:00
},
Add some validation for externalized service ports.
2014-10-31 02:03:52 -04:00
{
Make testing service validation easier Part of multi-port services. If people like this, we could start to apply this pattern elsewhere. TL;DR: don't redefine objects over and over changing one thing each time. Instead provide a func that mutates a base object to test facets of validation. Much easier to read and to update.
2015-03-08 00:40:18 -05:00
name: "invalid port",
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
tweakSvc: func(s *api.Service) {
WIP: Implement multi-port Services
2015-03-13 11:16:41 -04:00
s.Spec.Ports[0].Port = 65536
Add some validation for externalized service ports.
2014-10-31 02:03:52 -04:00
},
Make testing service validation easier Part of multi-port services. If people like this, we could start to apply this pattern elsewhere. TL;DR: don't redefine objects over and over changing one thing each time. Instead provide a func that mutates a base object to test facets of validation. Much easier to read and to update.
2015-03-08 00:40:18 -05:00
numErrs: 1,
Add some validation for externalized service ports.
2014-10-31 02:03:52 -04:00
},
{
WIP: Implement multi-port Services
2015-03-13 11:16:41 -04:00
name: "invalid TargetPort int",
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
tweakSvc: func(s *api.Service) {
Refactor IntOrString into a new pkg pkg/util/intstr is a cleaner encapsulation for this type and supporting functions. No behavioral change.
2015-11-10 01:28:45 -05:00
s.Spec.Ports[0].TargetPort = intstr.FromInt(65536)
Add some validation for externalized service ports.
2014-10-31 02:03:52 -04:00
},
Make testing service validation easier Part of multi-port services. If people like this, we could start to apply this pattern elsewhere. TL;DR: don't redefine objects over and over changing one thing each time. Instead provide a func that mutates a base object to test facets of validation. Much easier to read and to update.
2015-03-08 00:40:18 -05:00
numErrs: 1,
},
Ensure headless service port equal to targetPort
2015-11-27 03:09:13 -05:00
{
name: "valid port headless",
tweakSvc: func(s *api.Service) {
s.Spec.Ports[0].Port = 11722
s.Spec.Ports[0].TargetPort = intstr.FromInt(11722)
s.Spec.ClusterIP = api.ClusterIPNone
},
numErrs: 0,
},
{
Restore service port validation compatibility with 1.0/1.1
2016-02-22 23:06:16 -05:00
name: "invalid port headless 1",
Ensure headless service port equal to targetPort
2015-11-27 03:09:13 -05:00
tweakSvc: func(s *api.Service) {
s.Spec.Ports[0].Port = 11722
s.Spec.Ports[0].TargetPort = intstr.FromInt(11721)
s.Spec.ClusterIP = api.ClusterIPNone
},
Restore service port validation compatibility with 1.0/1.1
2016-02-22 23:06:16 -05:00
// in the v1 API, targetPorts on headless services were tolerated.
// once we have version-specific validation, we can reject this on newer API versions, but until then, we have to tolerate it for compatibility.
// numErrs: 1,
numErrs: 0,
Ensure headless service port equal to targetPort
2015-11-27 03:09:13 -05:00
},
{
Restore service port validation compatibility with 1.0/1.1
2016-02-22 23:06:16 -05:00
name: "invalid port headless 2",
Ensure headless service port equal to targetPort
2015-11-27 03:09:13 -05:00
tweakSvc: func(s *api.Service) {
s.Spec.Ports[0].Port = 11722
s.Spec.Ports[0].TargetPort = intstr.FromString("target")
s.Spec.ClusterIP = api.ClusterIPNone
},
Restore service port validation compatibility with 1.0/1.1
2016-02-22 23:06:16 -05:00
// in the v1 API, targetPorts on headless services were tolerated.
// once we have version-specific validation, we can reject this on newer API versions, but until then, we have to tolerate it for compatibility.
// numErrs: 1,
numErrs: 0,
Ensure headless service port equal to targetPort
2015-11-27 03:09:13 -05:00
},
Validate Service.Spec.publicIPs to be a valid IP that is not a localhost
2015-03-16 10:03:05 -04:00
{
name: "invalid publicIPs localhost",
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
tweakSvc: func(s *api.Service) {
External IPs support.
2015-08-11 20:18:21 -04:00
s.Spec.ExternalIPs = []string{"127.0.0.1"}
Validate Service.Spec.publicIPs to be a valid IP that is not a localhost
2015-03-16 10:03:05 -04:00
},
numErrs: 1,
},
{
Make IsValidIP return error strings Also treat 0.0.0.0 as special, like loopback and multicast.
2016-01-04 12:49:39 -05:00
name: "invalid publicIPs unspecified",
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
tweakSvc: func(s *api.Service) {
External IPs support.
2015-08-11 20:18:21 -04:00
s.Spec.ExternalIPs = []string{"0.0.0.0"}
Validate Service.Spec.publicIPs to be a valid IP that is not a localhost
2015-03-16 10:03:05 -04:00
},
numErrs: 1,
},
Make IsValidIP return error strings Also treat 0.0.0.0 as special, like loopback and multicast.
2016-01-04 12:49:39 -05:00
{
name: "invalid publicIPs loopback",
tweakSvc: func(s *api.Service) {
s.Spec.ExternalIPs = []string{"127.0.0.1"}
},
numErrs: 1,
},
Validate Service.Spec.publicIPs to be a valid IP that is not a localhost
2015-03-16 10:03:05 -04:00
{
External IPs support.
2015-08-11 20:18:21 -04:00
name: "invalid publicIPs host",
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
tweakSvc: func(s *api.Service) {
External IPs support.
2015-08-11 20:18:21 -04:00
s.Spec.ExternalIPs = []string{"myhost.mydomain"}
Validate Service.Spec.publicIPs to be a valid IP that is not a localhost
2015-03-16 10:03:05 -04:00
},
External IPs support.
2015-08-11 20:18:21 -04:00
numErrs: 1,
Validate Service.Spec.publicIPs to be a valid IP that is not a localhost
2015-03-16 10:03:05 -04:00
},
Make testing service validation easier Part of multi-port services. If people like this, we could start to apply this pattern elsewhere. TL;DR: don't redefine objects over and over changing one thing each time. Instead provide a func that mutates a base object to test facets of validation. Much easier to read and to update.
2015-03-08 00:40:18 -05:00
{
WIP: Implement multi-port Services
2015-03-13 11:16:41 -04:00
name: "dup port name",
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
tweakSvc: func(s *api.Service) {
WIP: Implement multi-port Services
2015-03-13 11:16:41 -04:00
s.Spec.Ports[0].Name = "p"
Refactor IntOrString into a new pkg pkg/util/intstr is a cleaner encapsulation for this type and supporting functions. No behavioral change.
2015-11-10 01:28:45 -05:00
s.Spec.Ports = append(s.Spec.Ports, api.ServicePort{Name: "p", Port: 12345, Protocol: "TCP", TargetPort: intstr.FromInt(12345)})
Add some validation for externalized service ports.
2014-10-31 02:03:52 -04:00
},
WIP: Implement multi-port Services
2015-03-13 11:16:41 -04:00
numErrs: 1,
Add some validation for externalized service ports.
2014-10-31 02:03:52 -04:00
},
Move validation of load balancers only supporting TCP ports to validation.go.
2015-04-03 15:06:25 -04:00
{
* Added UDP LB support (for GCE)
2015-09-28 16:57:58 -04:00
name: "valid load balancer protocol UDP 1",
Move validation of load balancers only supporting TCP ports to validation.go.
2015-04-03 15:06:25 -04:00
tweakSvc: func(s *api.Service) {
Add Type to ServiceSpec: ClusterIP or LoadBalancer
2015-05-22 17:49:26 -04:00
s.Spec.Type = api.ServiceTypeLoadBalancer
Move validation of load balancers only supporting TCP ports to validation.go.
2015-04-03 15:06:25 -04:00
s.Spec.Ports[0].Protocol = "UDP"
},
* Added UDP LB support (for GCE)
2015-09-28 16:57:58 -04:00
numErrs: 0,
Move validation of load balancers only supporting TCP ports to validation.go.
2015-04-03 15:06:25 -04:00
},
{
* Added UDP LB support (for GCE)
2015-09-28 16:57:58 -04:00
name: "valid load balancer protocol UDP 2",
Move validation of load balancers only supporting TCP ports to validation.go.
2015-04-03 15:06:25 -04:00
tweakSvc: func(s *api.Service) {
Add Type to ServiceSpec: ClusterIP or LoadBalancer
2015-05-22 17:49:26 -04:00
s.Spec.Type = api.ServiceTypeLoadBalancer
add service validation for mix protocol
2016-02-03 17:54:32 -05:00
s.Spec.Ports[0] = api.ServicePort{Name: "q", Port: 12345, Protocol: "UDP", TargetPort: intstr.FromInt(12345)}
Move validation of load balancers only supporting TCP ports to validation.go.
2015-04-03 15:06:25 -04:00
},
* Added UDP LB support (for GCE)
2015-09-28 16:57:58 -04:00
numErrs: 0,
Move validation of load balancers only supporting TCP ports to validation.go.
2015-04-03 15:06:25 -04:00
},
add service validation for mix protocol
2016-02-03 17:54:32 -05:00
{
name: "invalid load balancer with mix protocol",
tweakSvc: func(s *api.Service) {
s.Spec.Type = api.ServiceTypeLoadBalancer
s.Spec.Ports = append(s.Spec.Ports, api.ServicePort{Name: "q", Port: 12345, Protocol: "UDP", TargetPort: intstr.FromInt(12345)})
},
numErrs: 1,
},
Add some validation for externalized service ports.
2014-10-31 02:03:52 -04:00
{
Make testing service validation easier Part of multi-port services. If people like this, we could start to apply this pattern elsewhere. TL;DR: don't redefine objects over and over changing one thing each time. Instead provide a func that mutates a base object to test facets of validation. Much easier to read and to update.
2015-03-08 00:40:18 -05:00
name: "valid 1",
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
tweakSvc: func(s *api.Service) {
Make testing service validation easier Part of multi-port services. If people like this, we could start to apply this pattern elsewhere. TL;DR: don't redefine objects over and over changing one thing each time. Instead provide a func that mutates a base object to test facets of validation. Much easier to read and to update.
2015-03-08 00:40:18 -05:00
// do nothing
Add some validation for externalized service ports.
2014-10-31 02:03:52 -04:00
},
numErrs: 0,
},
add RFC952 label validation
2014-10-23 16:14:13 -04:00
{
Make testing service validation easier Part of multi-port services. If people like this, we could start to apply this pattern elsewhere. TL;DR: don't redefine objects over and over changing one thing each time. Instead provide a func that mutates a base object to test facets of validation. Much easier to read and to update.
2015-03-08 00:40:18 -05:00
name: "valid 2",
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
tweakSvc: func(s *api.Service) {
WIP: Implement multi-port Services
2015-03-13 11:16:41 -04:00
s.Spec.Ports[0].Protocol = "UDP"
Refactor IntOrString into a new pkg pkg/util/intstr is a cleaner encapsulation for this type and supporting functions. No behavioral change.
2015-11-10 01:28:45 -05:00
s.Spec.Ports[0].TargetPort = intstr.FromInt(12345)
Allow an empty service
2014-11-18 12:49:00 -05:00
},
Make testing service validation easier Part of multi-port services. If people like this, we could start to apply this pattern elsewhere. TL;DR: don't redefine objects over and over changing one thing each time. Instead provide a func that mutates a base object to test facets of validation. Much easier to read and to update.
2015-03-08 00:40:18 -05:00
numErrs: 0,
Allow an empty service
2014-11-18 12:49:00 -05:00
},
{
Make testing service validation easier Part of multi-port services. If people like this, we could start to apply this pattern elsewhere. TL;DR: don't redefine objects over and over changing one thing each time. Instead provide a func that mutates a base object to test facets of validation. Much easier to read and to update.
2015-03-08 00:40:18 -05:00
name: "valid 3",
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
tweakSvc: func(s *api.Service) {
Refactor IntOrString into a new pkg pkg/util/intstr is a cleaner encapsulation for this type and supporting functions. No behavioral change.
2015-11-10 01:28:45 -05:00
s.Spec.Ports[0].TargetPort = intstr.FromString("http")
add RFC952 label validation
2014-10-23 16:14:13 -04:00
},
Make testing service validation easier Part of multi-port services. If people like this, we could start to apply this pattern elsewhere. TL;DR: don't redefine objects over and over changing one thing each time. Instead provide a func that mutates a base object to test facets of validation. Much easier to read and to update.
2015-03-08 00:40:18 -05:00
numErrs: 0,
add RFC952 label validation
2014-10-23 16:14:13 -04:00
},
Headless Services: Adding option to specify None for PortalIP
2015-03-16 17:36:30 -04:00
{
Rename 'portal IP' to 'cluster IP' most everywhere This covers obvious transforms, but not --portal_net, $PORTAL_NET and similar.
2015-05-23 16:41:11 -04:00
name: "valid cluster ip - none ",
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
tweakSvc: func(s *api.Service) {
Rename 'portal IP' to 'cluster IP' most everywhere This covers obvious transforms, but not --portal_net, $PORTAL_NET and similar.
2015-05-23 16:41:11 -04:00
s.Spec.ClusterIP = "None"
Headless Services: Adding option to specify None for PortalIP
2015-03-16 17:36:30 -04:00
},
numErrs: 0,
},
{
Rename 'portal IP' to 'cluster IP' most everywhere This covers obvious transforms, but not --portal_net, $PORTAL_NET and similar.
2015-05-23 16:41:11 -04:00
name: "valid cluster ip - empty",
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
tweakSvc: func(s *api.Service) {
Rename 'portal IP' to 'cluster IP' most everywhere This covers obvious transforms, but not --portal_net, $PORTAL_NET and similar.
2015-05-23 16:41:11 -04:00
s.Spec.ClusterIP = ""
Refactor IntOrString into a new pkg pkg/util/intstr is a cleaner encapsulation for this type and supporting functions. No behavioral change.
2015-11-10 01:28:45 -05:00
s.Spec.Ports[0].TargetPort = intstr.FromString("http")
Headless Services: Adding option to specify None for PortalIP
2015-03-16 17:36:30 -04:00
},
numErrs: 0,
},
Move validation of load balancers only supporting TCP ports to validation.go.
2015-04-03 15:06:25 -04:00
{
Add ServiceType = NodePort; wire everything up
2015-05-20 11:59:34 -04:00
name: "valid type - cluster",
Add Type to ServiceSpec: ClusterIP or LoadBalancer
2015-05-22 17:49:26 -04:00
tweakSvc: func(s *api.Service) {
s.Spec.Type = api.ServiceTypeClusterIP
},
numErrs: 0,
},
{
Add ServiceType = NodePort; wire everything up
2015-05-20 11:59:34 -04:00
name: "valid type - loadbalancer",
Add Type to ServiceSpec: ClusterIP or LoadBalancer
2015-05-22 17:49:26 -04:00
tweakSvc: func(s *api.Service) {
s.Spec.Type = api.ServiceTypeLoadBalancer
},
numErrs: 0,
},
{
name: "valid type loadbalancer 2 ports",
Move validation of load balancers only supporting TCP ports to validation.go.
2015-04-03 15:06:25 -04:00
tweakSvc: func(s *api.Service) {
Add Type to ServiceSpec: ClusterIP or LoadBalancer
2015-05-22 17:49:26 -04:00
s.Spec.Type = api.ServiceTypeLoadBalancer
Refactor IntOrString into a new pkg pkg/util/intstr is a cleaner encapsulation for this type and supporting functions. No behavioral change.
2015-11-10 01:28:45 -05:00
s.Spec.Ports = append(s.Spec.Ports, api.ServicePort{Name: "q", Port: 12345, Protocol: "TCP", TargetPort: intstr.FromInt(12345)})
Move validation of load balancers only supporting TCP ports to validation.go.
2015-04-03 15:06:25 -04:00
},
numErrs: 0,
},
{
name: "valid external load balancer 2 ports",
tweakSvc: func(s *api.Service) {
Add Type to ServiceSpec: ClusterIP or LoadBalancer
2015-05-22 17:49:26 -04:00
s.Spec.Type = api.ServiceTypeLoadBalancer
Refactor IntOrString into a new pkg pkg/util/intstr is a cleaner encapsulation for this type and supporting functions. No behavioral change.
2015-11-10 01:28:45 -05:00
s.Spec.Ports = append(s.Spec.Ports, api.ServicePort{Name: "q", Port: 12345, Protocol: "TCP", TargetPort: intstr.FromInt(12345)})
Move validation of load balancers only supporting TCP ports to validation.go.
2015-04-03 15:06:25 -04:00
},
numErrs: 0,
},
Add NodePort to ServicePort We prevent it from being set by validation
2015-05-22 17:54:19 -04:00
{
name: "duplicate nodeports",
tweakSvc: func(s *api.Service) {
Add ServiceType = NodePort; wire everything up
2015-05-20 11:59:34 -04:00
s.Spec.Type = api.ServiceTypeNodePort
Refactor IntOrString into a new pkg pkg/util/intstr is a cleaner encapsulation for this type and supporting functions. No behavioral change.
2015-11-10 01:28:45 -05:00
s.Spec.Ports = append(s.Spec.Ports, api.ServicePort{Name: "q", Port: 1, Protocol: "TCP", NodePort: 1, TargetPort: intstr.FromInt(1)})
s.Spec.Ports = append(s.Spec.Ports, api.ServicePort{Name: "r", Port: 2, Protocol: "TCP", NodePort: 1, TargetPort: intstr.FromInt(2)})
Add NodePort to ServicePort We prevent it from being set by validation
2015-05-22 17:54:19 -04:00
},
Add ServiceType = NodePort; wire everything up
2015-05-20 11:59:34 -04:00
numErrs: 1,
Add NodePort to ServicePort We prevent it from being set by validation
2015-05-22 17:54:19 -04:00
},
{
name: "duplicate nodeports (different protocols)",
tweakSvc: func(s *api.Service) {
Add ServiceType = NodePort; wire everything up
2015-05-20 11:59:34 -04:00
s.Spec.Type = api.ServiceTypeNodePort
Refactor IntOrString into a new pkg pkg/util/intstr is a cleaner encapsulation for this type and supporting functions. No behavioral change.
2015-11-10 01:28:45 -05:00
s.Spec.Ports = append(s.Spec.Ports, api.ServicePort{Name: "q", Port: 1, Protocol: "TCP", NodePort: 1, TargetPort: intstr.FromInt(1)})
s.Spec.Ports = append(s.Spec.Ports, api.ServicePort{Name: "r", Port: 2, Protocol: "UDP", NodePort: 1, TargetPort: intstr.FromInt(2)})
Add NodePort to ServicePort We prevent it from being set by validation
2015-05-22 17:54:19 -04:00
},
Add ServiceType = NodePort; wire everything up
2015-05-20 11:59:34 -04:00
numErrs: 0,
},
Validate if service has duplicate port
2017-06-12 02:31:37 -04:00
{
name: "invalid duplicate ports (with same protocol)",
tweakSvc: func(s *api.Service) {
s.Spec.Type = api.ServiceTypeClusterIP
s.Spec.Ports = append(s.Spec.Ports, api.ServicePort{Name: "q", Port: 12345, Protocol: "TCP", TargetPort: intstr.FromInt(8080)})
s.Spec.Ports = append(s.Spec.Ports, api.ServicePort{Name: "r", Port: 12345, Protocol: "TCP", TargetPort: intstr.FromInt(80)})
},
numErrs: 1,
},
{
name: "valid duplicate ports (with different protocols)",
tweakSvc: func(s *api.Service) {
s.Spec.Type = api.ServiceTypeClusterIP
s.Spec.Ports = append(s.Spec.Ports, api.ServicePort{Name: "q", Port: 12345, Protocol: "TCP", TargetPort: intstr.FromInt(8080)})
s.Spec.Ports = append(s.Spec.Ports, api.ServicePort{Name: "r", Port: 12345, Protocol: "UDP", TargetPort: intstr.FromInt(80)})
},
numErrs: 0,
},
Validate if service has duplicate targetPort
2017-06-10 00:55:47 -04:00
{
name: "invalid duplicate targetports (number with same protocol)",
tweakSvc: func(s *api.Service) {
s.Spec.Type = api.ServiceTypeClusterIP
s.Spec.Ports = append(s.Spec.Ports, api.ServicePort{Name: "q", Port: 1, Protocol: "TCP", TargetPort: intstr.FromInt(8080)})
s.Spec.Ports = append(s.Spec.Ports, api.ServicePort{Name: "r", Port: 2, Protocol: "TCP", TargetPort: intstr.FromInt(8080)})
},
numErrs: 1,
},
{
name: "invalid duplicate targetports (name with same protocol)",
tweakSvc: func(s *api.Service) {
s.Spec.Type = api.ServiceTypeClusterIP
s.Spec.Ports = append(s.Spec.Ports, api.ServicePort{Name: "q", Port: 1, Protocol: "TCP", TargetPort: intstr.FromString("http")})
s.Spec.Ports = append(s.Spec.Ports, api.ServicePort{Name: "r", Port: 2, Protocol: "TCP", TargetPort: intstr.FromString("http")})
},
numErrs: 1,
},
{
name: "valid duplicate targetports (number with different protocols)",
tweakSvc: func(s *api.Service) {
s.Spec.Type = api.ServiceTypeClusterIP
s.Spec.Ports = append(s.Spec.Ports, api.ServicePort{Name: "q", Port: 1, Protocol: "TCP", TargetPort: intstr.FromInt(8080)})
s.Spec.Ports = append(s.Spec.Ports, api.ServicePort{Name: "r", Port: 2, Protocol: "UDP", TargetPort: intstr.FromInt(8080)})
},
numErrs: 0,
},
{
name: "valid duplicate targetports (name with different protocols)",
tweakSvc: func(s *api.Service) {
s.Spec.Type = api.ServiceTypeClusterIP
s.Spec.Ports = append(s.Spec.Ports, api.ServicePort{Name: "q", Port: 1, Protocol: "TCP", TargetPort: intstr.FromString("http")})
s.Spec.Ports = append(s.Spec.Ports, api.ServicePort{Name: "r", Port: 2, Protocol: "UDP", TargetPort: intstr.FromString("http")})
},
numErrs: 0,
},
Add ServiceType = NodePort; wire everything up
2015-05-20 11:59:34 -04:00
{
name: "valid type - cluster",
tweakSvc: func(s *api.Service) {
s.Spec.Type = api.ServiceTypeClusterIP
},
numErrs: 0,
},
{
name: "valid type - nodeport",
tweakSvc: func(s *api.Service) {
s.Spec.Type = api.ServiceTypeNodePort
},
numErrs: 0,
},
{
name: "valid type - loadbalancer",
tweakSvc: func(s *api.Service) {
s.Spec.Type = api.ServiceTypeLoadBalancer
},
numErrs: 0,
},
{
name: "valid type loadbalancer 2 ports",
tweakSvc: func(s *api.Service) {
s.Spec.Type = api.ServiceTypeLoadBalancer
Refactor IntOrString into a new pkg pkg/util/intstr is a cleaner encapsulation for this type and supporting functions. No behavioral change.
2015-11-10 01:28:45 -05:00
s.Spec.Ports = append(s.Spec.Ports, api.ServicePort{Name: "q", Port: 12345, Protocol: "TCP", TargetPort: intstr.FromInt(12345)})
Add ServiceType = NodePort; wire everything up
2015-05-20 11:59:34 -04:00
},
numErrs: 0,
},
{
name: "valid type loadbalancer with NodePort",
tweakSvc: func(s *api.Service) {
s.Spec.Type = api.ServiceTypeLoadBalancer
Refactor IntOrString into a new pkg pkg/util/intstr is a cleaner encapsulation for this type and supporting functions. No behavioral change.
2015-11-10 01:28:45 -05:00
s.Spec.Ports = append(s.Spec.Ports, api.ServicePort{Name: "q", Port: 12345, Protocol: "TCP", NodePort: 12345, TargetPort: intstr.FromInt(12345)})
Add ServiceType = NodePort; wire everything up
2015-05-20 11:59:34 -04:00
},
numErrs: 0,
},
{
name: "valid type=NodePort service with NodePort",
tweakSvc: func(s *api.Service) {
s.Spec.Type = api.ServiceTypeNodePort
Refactor IntOrString into a new pkg pkg/util/intstr is a cleaner encapsulation for this type and supporting functions. No behavioral change.
2015-11-10 01:28:45 -05:00
s.Spec.Ports = append(s.Spec.Ports, api.ServicePort{Name: "q", Port: 12345, Protocol: "TCP", NodePort: 12345, TargetPort: intstr.FromInt(12345)})
Add ServiceType = NodePort; wire everything up
2015-05-20 11:59:34 -04:00
},
numErrs: 0,
},
{
name: "valid type=NodePort service without NodePort",
tweakSvc: func(s *api.Service) {
s.Spec.Type = api.ServiceTypeNodePort
Refactor IntOrString into a new pkg pkg/util/intstr is a cleaner encapsulation for this type and supporting functions. No behavioral change.
2015-11-10 01:28:45 -05:00
s.Spec.Ports = append(s.Spec.Ports, api.ServicePort{Name: "q", Port: 12345, Protocol: "TCP", TargetPort: intstr.FromInt(12345)})
Add ServiceType = NodePort; wire everything up
2015-05-20 11:59:34 -04:00
},
numErrs: 0,
},
{
name: "valid cluster service without NodePort",
tweakSvc: func(s *api.Service) {
s.Spec.Type = api.ServiceTypeClusterIP
Refactor IntOrString into a new pkg pkg/util/intstr is a cleaner encapsulation for this type and supporting functions. No behavioral change.
2015-11-10 01:28:45 -05:00
s.Spec.Ports = append(s.Spec.Ports, api.ServicePort{Name: "q", Port: 12345, Protocol: "TCP", TargetPort: intstr.FromInt(12345)})
Add ServiceType = NodePort; wire everything up
2015-05-20 11:59:34 -04:00
},
numErrs: 0,
},
{
name: "invalid cluster service with NodePort",
tweakSvc: func(s *api.Service) {
s.Spec.Type = api.ServiceTypeClusterIP
Refactor IntOrString into a new pkg pkg/util/intstr is a cleaner encapsulation for this type and supporting functions. No behavioral change.
2015-11-10 01:28:45 -05:00
s.Spec.Ports = append(s.Spec.Ports, api.ServicePort{Name: "q", Port: 12345, Protocol: "TCP", NodePort: 12345, TargetPort: intstr.FromInt(12345)})
Add ServiceType = NodePort; wire everything up
2015-05-20 11:59:34 -04:00
},
numErrs: 1,
},
{
name: "invalid public service with duplicate NodePort",
tweakSvc: func(s *api.Service) {
s.Spec.Type = api.ServiceTypeNodePort
Refactor IntOrString into a new pkg pkg/util/intstr is a cleaner encapsulation for this type and supporting functions. No behavioral change.
2015-11-10 01:28:45 -05:00
s.Spec.Ports = append(s.Spec.Ports, api.ServicePort{Name: "p1", Port: 1, Protocol: "TCP", NodePort: 1, TargetPort: intstr.FromInt(1)})
s.Spec.Ports = append(s.Spec.Ports, api.ServicePort{Name: "p2", Port: 2, Protocol: "TCP", NodePort: 1, TargetPort: intstr.FromInt(2)})
Add ServiceType = NodePort; wire everything up
2015-05-20 11:59:34 -04:00
},
numErrs: 1,
},
{
name: "valid type=LoadBalancer",
tweakSvc: func(s *api.Service) {
s.Spec.Type = api.ServiceTypeLoadBalancer
Refactor IntOrString into a new pkg pkg/util/intstr is a cleaner encapsulation for this type and supporting functions. No behavioral change.
2015-11-10 01:28:45 -05:00
s.Spec.Ports = append(s.Spec.Ports, api.ServicePort{Name: "q", Port: 12345, Protocol: "TCP", TargetPort: intstr.FromInt(12345)})
Add ServiceType = NodePort; wire everything up
2015-05-20 11:59:34 -04:00
},
numErrs: 0,
Add NodePort to ServicePort We prevent it from being set by validation
2015-05-22 17:54:19 -04:00
},
Automatically open a firewall when creating a GCE load balancer.
2015-07-09 01:02:10 -04:00
{
// For now we open firewalls, and its insecure if we open 10250, remove this
// when we have better protections in place.
name: "invalid port type=LoadBalancer",
tweakSvc: func(s *api.Service) {
s.Spec.Type = api.ServiceTypeLoadBalancer
Refactor IntOrString into a new pkg pkg/util/intstr is a cleaner encapsulation for this type and supporting functions. No behavioral change.
2015-11-10 01:28:45 -05:00
s.Spec.Ports = append(s.Spec.Ports, api.ServicePort{Name: "kubelet", Port: 10250, Protocol: "TCP", TargetPort: intstr.FromInt(12345)})
Automatically open a firewall when creating a GCE load balancer.
2015-07-09 01:02:10 -04:00
},
numErrs: 1,
},
LB Source Ranges: Move validation into API layer Had to move other things around too to avoid a weird api -> cloudprovider dependency. Also adding fixes per code reviews. (This is a squash of the previously approved commits)
2016-02-29 20:56:39 -05:00
{
name: "valid LoadBalancer source range annotation",
tweakSvc: func(s *api.Service) {
promote sourceRange into service spec
2016-05-17 19:55:04 -04:00
s.Spec.Type = api.ServiceTypeLoadBalancer
Move API annotations into annotation_key_constants and remove api/annotations package
2017-05-16 18:30:29 -04:00
s.Annotations[api.AnnotationLoadBalancerSourceRangesKey] = "1.2.3.4/8, 5.6.7.8/16"
LB Source Ranges: Move validation into API layer Had to move other things around too to avoid a weird api -> cloudprovider dependency. Also adding fixes per code reviews. (This is a squash of the previously approved commits)
2016-02-29 20:56:39 -05:00
},
numErrs: 0,
},
{
name: "empty LoadBalancer source range annotation",
tweakSvc: func(s *api.Service) {
promote sourceRange into service spec
2016-05-17 19:55:04 -04:00
s.Spec.Type = api.ServiceTypeLoadBalancer
Move API annotations into annotation_key_constants and remove api/annotations package
2017-05-16 18:30:29 -04:00
s.Annotations[api.AnnotationLoadBalancerSourceRangesKey] = ""
LB Source Ranges: Move validation into API layer Had to move other things around too to avoid a weird api -> cloudprovider dependency. Also adding fixes per code reviews. (This is a squash of the previously approved commits)
2016-02-29 20:56:39 -05:00
},
numErrs: 0,
},
{
name: "invalid LoadBalancer source range annotation (hostname)",
tweakSvc: func(s *api.Service) {
Move API annotations into annotation_key_constants and remove api/annotations package
2017-05-16 18:30:29 -04:00
s.Annotations[api.AnnotationLoadBalancerSourceRangesKey] = "foo.bar"
LB Source Ranges: Move validation into API layer Had to move other things around too to avoid a weird api -> cloudprovider dependency. Also adding fixes per code reviews. (This is a squash of the previously approved commits)
2016-02-29 20:56:39 -05:00
},
promote sourceRange into service spec
2016-05-17 19:55:04 -04:00
numErrs: 2,
LB Source Ranges: Move validation into API layer Had to move other things around too to avoid a weird api -> cloudprovider dependency. Also adding fixes per code reviews. (This is a squash of the previously approved commits)
2016-02-29 20:56:39 -05:00
},
{
name: "invalid LoadBalancer source range annotation (invalid CIDR)",
tweakSvc: func(s *api.Service) {
promote sourceRange into service spec
2016-05-17 19:55:04 -04:00
s.Spec.Type = api.ServiceTypeLoadBalancer
Move API annotations into annotation_key_constants and remove api/annotations package
2017-05-16 18:30:29 -04:00
s.Annotations[api.AnnotationLoadBalancerSourceRangesKey] = "1.2.3.4/33"
LB Source Ranges: Move validation into API layer Had to move other things around too to avoid a weird api -> cloudprovider dependency. Also adding fixes per code reviews. (This is a squash of the previously approved commits)
2016-02-29 20:56:39 -05:00
},
numErrs: 1,
},
promote sourceRange into service spec
2016-05-17 19:55:04 -04:00
{
name: "invalid source range for non LoadBalancer type service",
tweakSvc: func(s *api.Service) {
s.Spec.LoadBalancerSourceRanges = []string{"1.2.3.4/8", "5.6.7.8/16"}
},
numErrs: 1,
},
{
name: "valid LoadBalancer source range",
tweakSvc: func(s *api.Service) {
s.Spec.Type = api.ServiceTypeLoadBalancer
s.Spec.LoadBalancerSourceRanges = []string{"1.2.3.4/8", "5.6.7.8/16"}
},
numErrs: 0,
},
{
name: "empty LoadBalancer source range",
tweakSvc: func(s *api.Service) {
s.Spec.Type = api.ServiceTypeLoadBalancer
s.Spec.LoadBalancerSourceRanges = []string{" "}
},
numErrs: 1,
},
{
name: "invalid LoadBalancer source range",
tweakSvc: func(s *api.Service) {
s.Spec.Type = api.ServiceTypeLoadBalancer
s.Spec.LoadBalancerSourceRanges = []string{"foo.bar"}
},
numErrs: 1,
},
Add ExternalName to ServiceSpec ExternalName allows kubedns to return CNAME records for external services. No proxying is involved. See original issue at https://github.com/kubernetes/kubernetes/issues/13748 Feature tracking at https://github.com/kubernetes/features/issues/33
2016-08-19 12:09:14 -04:00
{
name: "valid ExternalName",
tweakSvc: func(s *api.Service) {
s.Spec.Type = api.ServiceTypeExternalName
s.Spec.ClusterIP = ""
s.Spec.ExternalName = "foo.bar.example.com"
},
numErrs: 0,
},
{
name: "invalid ExternalName clusterIP (valid IP)",
tweakSvc: func(s *api.Service) {
s.Spec.Type = api.ServiceTypeExternalName
s.Spec.ClusterIP = "1.2.3.4"
s.Spec.ExternalName = "foo.bar.example.com"
},
numErrs: 1,
},
{
name: "invalid ExternalName clusterIP (None)",
tweakSvc: func(s *api.Service) {
s.Spec.Type = api.ServiceTypeExternalName
s.Spec.ClusterIP = "None"
s.Spec.ExternalName = "foo.bar.example.com"
},
numErrs: 1,
},
{
name: "invalid ExternalName (not a DNS name)",
tweakSvc: func(s *api.Service) {
s.Spec.Type = api.ServiceTypeExternalName
s.Spec.ClusterIP = ""
s.Spec.ExternalName = "-123"
},
numErrs: 1,
},
Validate None Service ClusterIP against LB type If the Service is a Load Balancer, it should not have None Cluster IP. If it does, Service validation fails.
2016-09-22 10:07:47 -04:00
{
name: "LoadBalancer type cannot have None ClusterIP",
tweakSvc: func(s *api.Service) {
s.Spec.ClusterIP = "None"
s.Spec.Type = api.ServiceTypeLoadBalancer
},
numErrs: 1,
},
Validation
2016-10-18 21:43:13 -04:00
{
Update ESIPP validation and service registry unit tests
2017-05-03 00:20:16 -04:00
name: "invalid node port with clusterIP None",
Validation
2016-10-18 21:43:13 -04:00
tweakSvc: func(s *api.Service) {
Update ESIPP validation and service registry unit tests
2017-05-03 00:20:16 -04:00
s.Spec.Type = api.ServiceTypeNodePort
s.Spec.Ports = append(s.Spec.Ports, api.ServicePort{Name: "q", Port: 1, Protocol: "TCP", NodePort: 1, TargetPort: intstr.FromInt(1)})
s.Spec.ClusterIP = "None"
},
numErrs: 1,
},
// ESIPP section begins.
{
name: "invalid externalTraffic field",
tweakSvc: func(s *api.Service) {
s.Spec.Type = api.ServiceTypeLoadBalancer
s.Spec.ExternalTrafficPolicy = "invalid"
Service with type=NodePortr and clusterIP=None is not allowed
2016-08-18 17:50:09 -04:00
},
numErrs: 1,
},
Update ESIPP validation and service registry unit tests
2017-05-03 00:20:16 -04:00
{
name: "nagative healthCheckNodePort field",
tweakSvc: func(s *api.Service) {
s.Spec.Type = api.ServiceTypeLoadBalancer
s.Spec.ExternalTrafficPolicy = api.ServiceExternalTrafficPolicyTypeLocal
s.Spec.HealthCheckNodePort = -1
},
numErrs: 1,
},
{
name: "nagative healthCheckNodePort field",
tweakSvc: func(s *api.Service) {
s.Spec.Type = api.ServiceTypeLoadBalancer
s.Spec.ExternalTrafficPolicy = api.ServiceExternalTrafficPolicyTypeLocal
s.Spec.HealthCheckNodePort = 31100
},
numErrs: 0,
},
// ESIPP section ends.
Paramaterize stickyMaxAgeMinutes for service in API
2017-08-01 12:09:37 -04:00
{
name: "invalid timeoutSeconds field",
tweakSvc: func(s *api.Service) {
s.Spec.Type = api.ServiceTypeClusterIP
s.Spec.SessionAffinity = api.ServiceAffinityClientIP
s.Spec.SessionAffinityConfig = &api.SessionAffinityConfig{
ClientIP: &api.ClientIPConfig{
TimeoutSeconds: newInt32(-1),
},
}
},
numErrs: 1,
},
{
name: "sessionAffinityConfig can't be set when session affinity is None",
tweakSvc: func(s *api.Service) {
s.Spec.Type = api.ServiceTypeLoadBalancer
s.Spec.SessionAffinity = api.ServiceAffinityNone
s.Spec.SessionAffinityConfig = &api.SessionAffinityConfig{
ClientIP: &api.ClientIPConfig{
TimeoutSeconds: newInt32(90),
},
}
},
numErrs: 1,
},
Add initial validation of Service objects
2014-07-10 15:45:01 -04:00
}
make service validation test be table-driven
2014-09-10 12:41:31 -04:00
for _, tc := range testCases {
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
svc := makeValidService()
tc.tweakSvc(&svc)
Make testing service validation easier Part of multi-port services. If people like this, we could start to apply this pattern elsewhere. TL;DR: don't redefine objects over and over changing one thing each time. Instead provide a func that mutates a base object to test facets of validation. Much easier to read and to update.
2015-03-08 00:40:18 -05:00
errs := ValidateService(&svc)
make service validation test be table-driven
2014-09-10 12:41:31 -04:00
if len(errs) != tc.numErrs {
Stronger typing for validation ErrorList
2015-11-03 19:08:20 -05:00
t.Errorf("Unexpected error list for case %q: %v", tc.name, errs.ToAggregate())
make service validation test be table-driven
2014-09-10 12:41:31 -04:00
}
Add initial validation of Service objects
2014-07-10 15:45:01 -04:00
}
}
Extend validation for ReplicationController Provide type safe checks for empty sets of selectors.
2014-07-25 12:15:17 -04:00
Update ESIPP validation and service registry unit tests
2017-05-03 00:20:16 -04:00
func TestValidateServiceExternalTrafficFieldsCombination(t *testing.T) {
testCases := []struct {
name string
tweakSvc func(svc *api.Service) // Given a basic valid service, each test case can customize it.
numErrs int
}{
{
name: "valid loadBalancer service with externalTrafficPolicy and healthCheckNodePort set",
tweakSvc: func(s *api.Service) {
s.Spec.Type = api.ServiceTypeLoadBalancer
s.Spec.ExternalTrafficPolicy = api.ServiceExternalTrafficPolicyTypeLocal
s.Spec.HealthCheckNodePort = 34567
},
numErrs: 0,
},
{
name: "valid nodePort service with externalTrafficPolicy set",
tweakSvc: func(s *api.Service) {
s.Spec.Type = api.ServiceTypeNodePort
s.Spec.ExternalTrafficPolicy = api.ServiceExternalTrafficPolicyTypeLocal
},
numErrs: 0,
},
{
name: "valid clusterIP service with none of externalTrafficPolicy and healthCheckNodePort set",
tweakSvc: func(s *api.Service) {
s.Spec.Type = api.ServiceTypeClusterIP
},
numErrs: 0,
},
{
name: "cannot set healthCheckNodePort field on loadBalancer service with externalTrafficPolicy!=Local",
tweakSvc: func(s *api.Service) {
s.Spec.Type = api.ServiceTypeLoadBalancer
'Global' -> 'Cluster' for traffic policy
2017-05-31 14:35:24 -04:00
s.Spec.ExternalTrafficPolicy = api.ServiceExternalTrafficPolicyTypeCluster
Update ESIPP validation and service registry unit tests
2017-05-03 00:20:16 -04:00
s.Spec.HealthCheckNodePort = 34567
},
numErrs: 1,
},
{
name: "cannot set healthCheckNodePort field on nodePort service",
tweakSvc: func(s *api.Service) {
s.Spec.Type = api.ServiceTypeNodePort
s.Spec.ExternalTrafficPolicy = api.ServiceExternalTrafficPolicyTypeLocal
s.Spec.HealthCheckNodePort = 34567
},
numErrs: 1,
},
{
name: "cannot set externalTrafficPolicy or healthCheckNodePort fields on clusterIP service",
tweakSvc: func(s *api.Service) {
s.Spec.Type = api.ServiceTypeClusterIP
s.Spec.ExternalTrafficPolicy = api.ServiceExternalTrafficPolicyTypeLocal
s.Spec.HealthCheckNodePort = 34567
},
numErrs: 2,
},
}
for _, tc := range testCases {
svc := makeValidService()
tc.tweakSvc(&svc)
errs := ValidateServiceExternalTrafficFieldsCombination(&svc)
if len(errs) != tc.numErrs {
t.Errorf("Unexpected error list for case %q: %v", tc.name, errs.ToAggregate())
}
}
}
Add status validation unit tests, validate updatedReplicas
2017-02-25 07:46:06 -05:00
func TestValidateReplicationControllerStatus(t *testing.T) {
tests := []struct {
name string
replicas int32
fullyLabeledReplicas int32
readyReplicas int32
availableReplicas int32
observedGeneration int64
expectedErr bool
}{
{
name: "valid status",
replicas: 3,
fullyLabeledReplicas: 3,
readyReplicas: 2,
availableReplicas: 1,
observedGeneration: 2,
expectedErr: false,
},
{
name: "invalid replicas",
replicas: -1,
fullyLabeledReplicas: 3,
readyReplicas: 2,
availableReplicas: 1,
observedGeneration: 2,
expectedErr: true,
},
{
name: "invalid fullyLabeledReplicas",
replicas: 3,
fullyLabeledReplicas: -1,
readyReplicas: 2,
availableReplicas: 1,
observedGeneration: 2,
expectedErr: true,
},
{
name: "invalid readyReplicas",
replicas: 3,
fullyLabeledReplicas: 3,
readyReplicas: -1,
availableReplicas: 1,
observedGeneration: 2,
expectedErr: true,
},
{
name: "invalid availableReplicas",
replicas: 3,
fullyLabeledReplicas: 3,
readyReplicas: 3,
availableReplicas: -1,
observedGeneration: 2,
expectedErr: true,
},
{
name: "invalid observedGeneration",
replicas: 3,
fullyLabeledReplicas: 3,
readyReplicas: 3,
availableReplicas: 3,
observedGeneration: -1,
expectedErr: true,
},
{
name: "fullyLabeledReplicas greater than replicas",
replicas: 3,
fullyLabeledReplicas: 4,
readyReplicas: 3,
availableReplicas: 3,
observedGeneration: 1,
expectedErr: true,
},
{
name: "readyReplicas greater than replicas",
replicas: 3,
fullyLabeledReplicas: 3,
readyReplicas: 4,
availableReplicas: 3,
observedGeneration: 1,
expectedErr: true,
},
{
name: "availableReplicas greater than replicas",
replicas: 3,
fullyLabeledReplicas: 3,
readyReplicas: 3,
availableReplicas: 4,
observedGeneration: 1,
expectedErr: true,
},
{
name: "availableReplicas greater than readyReplicas",
replicas: 3,
fullyLabeledReplicas: 3,
readyReplicas: 2,
availableReplicas: 3,
observedGeneration: 1,
expectedErr: true,
},
}
for _, test := range tests {
status := api.ReplicationControllerStatus{
Replicas: test.replicas,
FullyLabeledReplicas: test.fullyLabeledReplicas,
ReadyReplicas: test.readyReplicas,
AvailableReplicas: test.availableReplicas,
ObservedGeneration: test.observedGeneration,
}
if hasErr := len(ValidateReplicationControllerStatus(status, field.NewPath("status"))) > 0; hasErr != test.expectedErr {
t.Errorf("%s: expected error: %t, got error: %t", test.name, test.expectedErr, hasErr)
}
}
}
Add replication controller status subresource
2015-09-28 15:39:57 -04:00
func TestValidateReplicationControllerStatusUpdate(t *testing.T) {
validSelector := map[string]string{"a": "b"}
validPodTemplate := api.PodTemplate{
Template: api.PodTemplateSpec{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Add replication controller status subresource
2015-09-28 15:39:57 -04:00
Labels: validSelector,
},
Spec: api.PodSpec{
RestartPolicy: api.RestartPolicyAlways,
DNSPolicy: api.DNSClusterFirst,
Add TerminationMessagePolicy
2016-12-21 23:54:12 -05:00
Containers: []api.Container{{Name: "abc", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File"}},
Add replication controller status subresource
2015-09-28 15:39:57 -04:00
},
},
}
type rcUpdateTest struct {
old api.ReplicationController
update api.ReplicationController
}
successCases := []rcUpdateTest{
{
old: api.ReplicationController{
refactor: move ListOptions references to metav1
2017-01-21 22:36:02 -05:00
ObjectMeta: metav1.ObjectMeta{Name: "abc", Namespace: metav1.NamespaceDefault},
Add replication controller status subresource
2015-09-28 15:39:57 -04:00
Spec: api.ReplicationControllerSpec{
Selector: validSelector,
Template: &validPodTemplate.Template,
},
Status: api.ReplicationControllerStatus{
Replicas: 2,
},
},
update: api.ReplicationController{
refactor: move ListOptions references to metav1
2017-01-21 22:36:02 -05:00
ObjectMeta: metav1.ObjectMeta{Name: "abc", Namespace: metav1.NamespaceDefault},
Add replication controller status subresource
2015-09-28 15:39:57 -04:00
Spec: api.ReplicationControllerSpec{
Replicas: 3,
Selector: validSelector,
Template: &validPodTemplate.Template,
},
Status: api.ReplicationControllerStatus{
Replicas: 4,
},
},
},
}
for _, successCase := range successCases {
successCase.old.ObjectMeta.ResourceVersion = "1"
successCase.update.ObjectMeta.ResourceVersion = "1"
Make order of fun consistent
2015-11-04 02:47:11 -05:00
if errs := ValidateReplicationControllerStatusUpdate(&successCase.update, &successCase.old); len(errs) != 0 {
Add replication controller status subresource
2015-09-28 15:39:57 -04:00
t.Errorf("expected success: %v", errs)
}
}
errorCases := map[string]rcUpdateTest{
"negative replicas": {
old: api.ReplicationController{
refactor: move ListOptions references to metav1
2017-01-21 22:36:02 -05:00
ObjectMeta: metav1.ObjectMeta{Name: "", Namespace: metav1.NamespaceDefault},
Add replication controller status subresource
2015-09-28 15:39:57 -04:00
Spec: api.ReplicationControllerSpec{
Selector: validSelector,
Template: &validPodTemplate.Template,
},
Status: api.ReplicationControllerStatus{
Replicas: 3,
},
},
update: api.ReplicationController{
refactor: move ListOptions references to metav1
2017-01-21 22:36:02 -05:00
ObjectMeta: metav1.ObjectMeta{Name: "abc", Namespace: metav1.NamespaceDefault},
Add replication controller status subresource
2015-09-28 15:39:57 -04:00
Spec: api.ReplicationControllerSpec{
Replicas: 2,
Selector: validSelector,
Template: &validPodTemplate.Template,
},
Status: api.ReplicationControllerStatus{
Replicas: -3,
},
},
},
}
for testName, errorCase := range errorCases {
Make order of fun consistent
2015-11-04 02:47:11 -05:00
if errs := ValidateReplicationControllerStatusUpdate(&errorCase.update, &errorCase.old); len(errs) == 0 {
Add replication controller status subresource
2015-09-28 15:39:57 -04:00
t.Errorf("expected failure: %s", testName)
}
}
}
Adjust replication controller validation to be more flexible about read/write volumes. Update docs to reflect reality as it is implemented.
2015-02-04 23:55:16 -05:00
func TestValidateReplicationControllerUpdate(t *testing.T) {
validSelector := map[string]string{"a": "b"}
validPodTemplate := api.PodTemplate{
Rename PodTemplate.Spec to PodTemplate.Template
2015-03-04 10:46:27 -05:00
Template: api.PodTemplateSpec{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Adjust replication controller validation to be more flexible about read/write volumes. Update docs to reflect reality as it is implemented.
2015-02-04 23:55:16 -05:00
Labels: validSelector,
},
Spec: api.PodSpec{
Convert RestartPolicy to string for v1beta3. Fixed #3607 and spiritually support #5475
2015-03-13 21:38:07 -04:00
RestartPolicy: api.RestartPolicyAlways,
Adjust replication controller validation to be more flexible about read/write volumes. Update docs to reflect reality as it is implemented.
2015-02-04 23:55:16 -05:00
DNSPolicy: api.DNSClusterFirst,
Add TerminationMessagePolicy
2016-12-21 23:54:12 -05:00
Containers: []api.Container{{Name: "abc", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File"}},
Adjust replication controller validation to be more flexible about read/write volumes. Update docs to reflect reality as it is implemented.
2015-02-04 23:55:16 -05:00
},
},
}
readWriteVolumePodTemplate := api.PodTemplate{
Rename PodTemplate.Spec to PodTemplate.Template
2015-03-04 10:46:27 -05:00
Template: api.PodTemplateSpec{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Adjust replication controller validation to be more flexible about read/write volumes. Update docs to reflect reality as it is implemented.
2015-02-04 23:55:16 -05:00
Labels: validSelector,
},
Spec: api.PodSpec{
Convert RestartPolicy to string for v1beta3. Fixed #3607 and spiritually support #5475
2015-03-13 21:38:07 -04:00
RestartPolicy: api.RestartPolicyAlways,
Adjust replication controller validation to be more flexible about read/write volumes. Update docs to reflect reality as it is implemented.
2015-02-04 23:55:16 -05:00
DNSPolicy: api.DNSClusterFirst,
Add TerminationMessagePolicy
2016-12-21 23:54:12 -05:00
Containers: []api.Container{{Name: "abc", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File"}},
Correcting all go vet errors
2015-08-07 21:52:23 -04:00
Volumes: []api.Volume{{Name: "gcepd", VolumeSource: api.VolumeSource{GCEPersistentDisk: &api.GCEPersistentDiskVolumeSource{PDName: "my-PD", FSType: "ext4", Partition: 1, ReadOnly: false}}}},
Adjust replication controller validation to be more flexible about read/write volumes. Update docs to reflect reality as it is implemented.
2015-02-04 23:55:16 -05:00
},
},
}
invalidSelector := map[string]string{"NoUppercaseOrSpecialCharsLike=Equals": "b"}
invalidPodTemplate := api.PodTemplate{
Rename PodTemplate.Spec to PodTemplate.Template
2015-03-04 10:46:27 -05:00
Template: api.PodTemplateSpec{
Adjust replication controller validation to be more flexible about read/write volumes. Update docs to reflect reality as it is implemented.
2015-02-04 23:55:16 -05:00
Spec: api.PodSpec{
Convert RestartPolicy to string for v1beta3. Fixed #3607 and spiritually support #5475
2015-03-13 21:38:07 -04:00
RestartPolicy: api.RestartPolicyAlways,
Adjust replication controller validation to be more flexible about read/write volumes. Update docs to reflect reality as it is implemented.
2015-02-04 23:55:16 -05:00
DNSPolicy: api.DNSClusterFirst,
},
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Adjust replication controller validation to be more flexible about read/write volumes. Update docs to reflect reality as it is implemented.
2015-02-04 23:55:16 -05:00
Labels: invalidSelector,
},
},
}
type rcUpdateTest struct {
old api.ReplicationController
update api.ReplicationController
}
successCases := []rcUpdateTest{
{
old: api.ReplicationController{
refactor: move ListOptions references to metav1
2017-01-21 22:36:02 -05:00
ObjectMeta: metav1.ObjectMeta{Name: "abc", Namespace: metav1.NamespaceDefault},
Adjust replication controller validation to be more flexible about read/write volumes. Update docs to reflect reality as it is implemented.
2015-02-04 23:55:16 -05:00
Spec: api.ReplicationControllerSpec{
Selector: validSelector,
Rename PodTemplate.Spec to PodTemplate.Template
2015-03-04 10:46:27 -05:00
Template: &validPodTemplate.Template,
Adjust replication controller validation to be more flexible about read/write volumes. Update docs to reflect reality as it is implemented.
2015-02-04 23:55:16 -05:00
},
},
update: api.ReplicationController{
refactor: move ListOptions references to metav1
2017-01-21 22:36:02 -05:00
ObjectMeta: metav1.ObjectMeta{Name: "abc", Namespace: metav1.NamespaceDefault},
Adjust replication controller validation to be more flexible about read/write volumes. Update docs to reflect reality as it is implemented.
2015-02-04 23:55:16 -05:00
Spec: api.ReplicationControllerSpec{
Replicas: 3,
Selector: validSelector,
Rename PodTemplate.Spec to PodTemplate.Template
2015-03-04 10:46:27 -05:00
Template: &validPodTemplate.Template,
Adjust replication controller validation to be more flexible about read/write volumes. Update docs to reflect reality as it is implemented.
2015-02-04 23:55:16 -05:00
},
},
},
{
old: api.ReplicationController{
refactor: move ListOptions references to metav1
2017-01-21 22:36:02 -05:00
ObjectMeta: metav1.ObjectMeta{Name: "abc", Namespace: metav1.NamespaceDefault},
Adjust replication controller validation to be more flexible about read/write volumes. Update docs to reflect reality as it is implemented.
2015-02-04 23:55:16 -05:00
Spec: api.ReplicationControllerSpec{
Selector: validSelector,
Rename PodTemplate.Spec to PodTemplate.Template
2015-03-04 10:46:27 -05:00
Template: &validPodTemplate.Template,
Adjust replication controller validation to be more flexible about read/write volumes. Update docs to reflect reality as it is implemented.
2015-02-04 23:55:16 -05:00
},
},
update: api.ReplicationController{
refactor: move ListOptions references to metav1
2017-01-21 22:36:02 -05:00
ObjectMeta: metav1.ObjectMeta{Name: "abc", Namespace: metav1.NamespaceDefault},
Adjust replication controller validation to be more flexible about read/write volumes. Update docs to reflect reality as it is implemented.
2015-02-04 23:55:16 -05:00
Spec: api.ReplicationControllerSpec{
Replicas: 1,
Selector: validSelector,
Rename PodTemplate.Spec to PodTemplate.Template
2015-03-04 10:46:27 -05:00
Template: &readWriteVolumePodTemplate.Template,
Adjust replication controller validation to be more flexible about read/write volumes. Update docs to reflect reality as it is implemented.
2015-02-04 23:55:16 -05:00
},
},
},
}
for _, successCase := range successCases {
Give better error message for PUTs with no resource version
2015-03-19 20:51:07 -04:00
successCase.old.ObjectMeta.ResourceVersion = "1"
successCase.update.ObjectMeta.ResourceVersion = "1"
Make order of fun consistent
2015-11-04 02:47:11 -05:00
if errs := ValidateReplicationControllerUpdate(&successCase.update, &successCase.old); len(errs) != 0 {
Adjust replication controller validation to be more flexible about read/write volumes. Update docs to reflect reality as it is implemented.
2015-02-04 23:55:16 -05:00
t.Errorf("expected success: %v", errs)
}
}
errorCases := map[string]rcUpdateTest{
"more than one read/write": {
old: api.ReplicationController{
refactor: move ListOptions references to metav1
2017-01-21 22:36:02 -05:00
ObjectMeta: metav1.ObjectMeta{Name: "", Namespace: metav1.NamespaceDefault},
Adjust replication controller validation to be more flexible about read/write volumes. Update docs to reflect reality as it is implemented.
2015-02-04 23:55:16 -05:00
Spec: api.ReplicationControllerSpec{
Selector: validSelector,
Rename PodTemplate.Spec to PodTemplate.Template
2015-03-04 10:46:27 -05:00
Template: &validPodTemplate.Template,
Adjust replication controller validation to be more flexible about read/write volumes. Update docs to reflect reality as it is implemented.
2015-02-04 23:55:16 -05:00
},
},
update: api.ReplicationController{
refactor: move ListOptions references to metav1
2017-01-21 22:36:02 -05:00
ObjectMeta: metav1.ObjectMeta{Name: "abc", Namespace: metav1.NamespaceDefault},
Adjust replication controller validation to be more flexible about read/write volumes. Update docs to reflect reality as it is implemented.
2015-02-04 23:55:16 -05:00
Spec: api.ReplicationControllerSpec{
Replicas: 2,
Selector: validSelector,
Rename PodTemplate.Spec to PodTemplate.Template
2015-03-04 10:46:27 -05:00
Template: &readWriteVolumePodTemplate.Template,
Adjust replication controller validation to be more flexible about read/write volumes. Update docs to reflect reality as it is implemented.
2015-02-04 23:55:16 -05:00
},
},
},
"invalid selector": {
old: api.ReplicationController{
refactor: move ListOptions references to metav1
2017-01-21 22:36:02 -05:00
ObjectMeta: metav1.ObjectMeta{Name: "", Namespace: metav1.NamespaceDefault},
Adjust replication controller validation to be more flexible about read/write volumes. Update docs to reflect reality as it is implemented.
2015-02-04 23:55:16 -05:00
Spec: api.ReplicationControllerSpec{
Selector: validSelector,
Rename PodTemplate.Spec to PodTemplate.Template
2015-03-04 10:46:27 -05:00
Template: &validPodTemplate.Template,
Adjust replication controller validation to be more flexible about read/write volumes. Update docs to reflect reality as it is implemented.
2015-02-04 23:55:16 -05:00
},
},
update: api.ReplicationController{
refactor: move ListOptions references to metav1
2017-01-21 22:36:02 -05:00
ObjectMeta: metav1.ObjectMeta{Name: "abc", Namespace: metav1.NamespaceDefault},
Adjust replication controller validation to be more flexible about read/write volumes. Update docs to reflect reality as it is implemented.
2015-02-04 23:55:16 -05:00
Spec: api.ReplicationControllerSpec{
Replicas: 2,
Selector: invalidSelector,
Rename PodTemplate.Spec to PodTemplate.Template
2015-03-04 10:46:27 -05:00
Template: &validPodTemplate.Template,
Adjust replication controller validation to be more flexible about read/write volumes. Update docs to reflect reality as it is implemented.
2015-02-04 23:55:16 -05:00
},
},
},
"invalid pod": {
old: api.ReplicationController{
refactor: move ListOptions references to metav1
2017-01-21 22:36:02 -05:00
ObjectMeta: metav1.ObjectMeta{Name: "", Namespace: metav1.NamespaceDefault},
Adjust replication controller validation to be more flexible about read/write volumes. Update docs to reflect reality as it is implemented.
2015-02-04 23:55:16 -05:00
Spec: api.ReplicationControllerSpec{
Selector: validSelector,
Rename PodTemplate.Spec to PodTemplate.Template
2015-03-04 10:46:27 -05:00
Template: &validPodTemplate.Template,
Adjust replication controller validation to be more flexible about read/write volumes. Update docs to reflect reality as it is implemented.
2015-02-04 23:55:16 -05:00
},
},
update: api.ReplicationController{
refactor: move ListOptions references to metav1
2017-01-21 22:36:02 -05:00
ObjectMeta: metav1.ObjectMeta{Name: "abc", Namespace: metav1.NamespaceDefault},
Adjust replication controller validation to be more flexible about read/write volumes. Update docs to reflect reality as it is implemented.
2015-02-04 23:55:16 -05:00
Spec: api.ReplicationControllerSpec{
Replicas: 2,
Selector: validSelector,
Rename PodTemplate.Spec to PodTemplate.Template
2015-03-04 10:46:27 -05:00
Template: &invalidPodTemplate.Template,
Adjust replication controller validation to be more flexible about read/write volumes. Update docs to reflect reality as it is implemented.
2015-02-04 23:55:16 -05:00
},
},
},
"negative replicas": {
old: api.ReplicationController{
refactor: move ListOptions references to metav1
2017-01-21 22:36:02 -05:00
ObjectMeta: metav1.ObjectMeta{Name: "abc", Namespace: metav1.NamespaceDefault},
Adjust replication controller validation to be more flexible about read/write volumes. Update docs to reflect reality as it is implemented.
2015-02-04 23:55:16 -05:00
Spec: api.ReplicationControllerSpec{
Selector: validSelector,
Rename PodTemplate.Spec to PodTemplate.Template
2015-03-04 10:46:27 -05:00
Template: &validPodTemplate.Template,
Adjust replication controller validation to be more flexible about read/write volumes. Update docs to reflect reality as it is implemented.
2015-02-04 23:55:16 -05:00
},
},
update: api.ReplicationController{
refactor: move ListOptions references to metav1
2017-01-21 22:36:02 -05:00
ObjectMeta: metav1.ObjectMeta{Name: "abc", Namespace: metav1.NamespaceDefault},
Adjust replication controller validation to be more flexible about read/write volumes. Update docs to reflect reality as it is implemented.
2015-02-04 23:55:16 -05:00
Spec: api.ReplicationControllerSpec{
Replicas: -1,
Selector: validSelector,
Rename PodTemplate.Spec to PodTemplate.Template
2015-03-04 10:46:27 -05:00
Template: &validPodTemplate.Template,
Adjust replication controller validation to be more flexible about read/write volumes. Update docs to reflect reality as it is implemented.
2015-02-04 23:55:16 -05:00
},
},
},
}
for testName, errorCase := range errorCases {
Make order of fun consistent
2015-11-04 02:47:11 -05:00
if errs := ValidateReplicationControllerUpdate(&errorCase.update, &errorCase.old); len(errs) == 0 {
Adjust replication controller validation to be more flexible about read/write volumes. Update docs to reflect reality as it is implemented.
2015-02-04 23:55:16 -05:00
t.Errorf("expected failure: %s", testName)
}
}
}
Extend validation for ReplicationController Provide type safe checks for empty sets of selectors.
2014-07-25 12:15:17 -04:00
func TestValidateReplicationController(t *testing.T) {
validSelector := map[string]string{"a": "b"}
Make validation work when not in the api package.
2014-08-29 21:20:27 -04:00
validPodTemplate := api.PodTemplate{
Rename PodTemplate.Spec to PodTemplate.Template
2015-03-04 10:46:27 -05:00
Template: api.PodTemplateSpec{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Update the validation logic to test PodTemplateSpec
2014-11-06 21:08:46 -05:00
Labels: validSelector,
Extend validation for ReplicationController Provide type safe checks for empty sets of selectors.
2014-07-25 12:15:17 -04:00
},
Factor out API defaulting from validation logic Currently, the validation logic validates fields in an object and supply default values wherever applies. This change factors out defaulting to a set of defaulting callback functions for decoding (see #1502 for more discussion). * This change is based on pull request 2587. * Most defaulting has been migrated to defaults.go where the defaulting functions are added. * validation_test.go and converter_test.go have been adapted to not testing the default values. * Fixed all tests with that create invalid objects with the absence of defaulting logic.
2015-01-26 12:52:50 -05:00
Spec: api.PodSpec{
Convert RestartPolicy to string for v1beta3. Fixed #3607 and spiritually support #5475
2015-03-13 21:38:07 -04:00
RestartPolicy: api.RestartPolicyAlways,
Factor out API defaulting from validation logic Currently, the validation logic validates fields in an object and supply default values wherever applies. This change factors out defaulting to a set of defaulting callback functions for decoding (see #1502 for more discussion). * This change is based on pull request 2587. * Most defaulting has been migrated to defaults.go where the defaulting functions are added. * validation_test.go and converter_test.go have been adapted to not testing the default values. * Fixed all tests with that create invalid objects with the absence of defaulting logic.
2015-01-26 12:52:50 -05:00
DNSPolicy: api.DNSClusterFirst,
Add TerminationMessagePolicy
2016-12-21 23:54:12 -05:00
Containers: []api.Container{{Name: "abc", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File"}},
Factor out API defaulting from validation logic Currently, the validation logic validates fields in an object and supply default values wherever applies. This change factors out defaulting to a set of defaulting callback functions for decoding (see #1502 for more discussion). * This change is based on pull request 2587. * Most defaulting has been migrated to defaults.go where the defaulting functions are added. * validation_test.go and converter_test.go have been adapted to not testing the default values. * Fixed all tests with that create invalid objects with the absence of defaulting logic.
2015-01-26 12:52:50 -05:00
},
Extend validation for ReplicationController Provide type safe checks for empty sets of selectors.
2014-07-25 12:15:17 -04:00
},
}
Adjust replication controller validation to be more flexible about read/write volumes. Update docs to reflect reality as it is implemented.
2015-02-04 23:55:16 -05:00
readWriteVolumePodTemplate := api.PodTemplate{
Rename PodTemplate.Spec to PodTemplate.Template
2015-03-04 10:46:27 -05:00
Template: api.PodTemplateSpec{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Adjust replication controller validation to be more flexible about read/write volumes. Update docs to reflect reality as it is implemented.
2015-02-04 23:55:16 -05:00
Labels: validSelector,
},
Update the validation logic to test PodTemplateSpec
2014-11-06 21:08:46 -05:00
Spec: api.PodSpec{
Correcting all go vet errors
2015-08-07 21:52:23 -04:00
Volumes: []api.Volume{{Name: "gcepd", VolumeSource: api.VolumeSource{GCEPersistentDisk: &api.GCEPersistentDiskVolumeSource{PDName: "my-PD", FSType: "ext4", Partition: 1, ReadOnly: false}}}},
Convert RestartPolicy to string for v1beta3. Fixed #3607 and spiritually support #5475
2015-03-13 21:38:07 -04:00
RestartPolicy: api.RestartPolicyAlways,
Fix tests in validation_test Some tests expect the error cases to fail for a specific reason, but they could fail for other reasons and still pass. This caused some changes to break the tests without noticing the breakage. Example are the recent defaulting PR This change fixes such tests and also updates some obsolete tests.
2015-02-04 18:44:46 -05:00
DNSPolicy: api.DNSClusterFirst,
Add TerminationMessagePolicy
2016-12-21 23:54:12 -05:00
Containers: []api.Container{{Name: "abc", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File"}},
Adds support for attaching GCEPersitentDisks Adds GCEPersistentDisk volume struct Adds gce-utils to attach disk to kubelet's VM. Updates config to give compute-rw to every minion. Adds GCEPersistentDisk to API Adds ability to mount attached disks Generalizes PD and adds tests. PD now uses an pluggable API interface. Unit Tests more cleanly separates TearDown and SetUp Modify boilerplate hook to omit build tags Adds Mounter interface; mount is now built by OS TearDown() for PD now detaches disk on final refcount Un-generalized PD; GCE calls moved to cloudprovider Address comments.
2014-08-05 13:58:43 -04:00
},
},
}
add RFC952 label validation
2014-10-23 16:14:13 -04:00
invalidSelector := map[string]string{"NoUppercaseOrSpecialCharsLike=Equals": "b"}
invalidPodTemplate := api.PodTemplate{
Rename PodTemplate.Spec to PodTemplate.Template
2015-03-04 10:46:27 -05:00
Template: api.PodTemplateSpec{
Add pod restart policy validation for replication controller.
2014-11-17 23:08:23 -05:00
Spec: api.PodSpec{
Convert RestartPolicy to string for v1beta3. Fixed #3607 and spiritually support #5475
2015-03-13 21:38:07 -04:00
RestartPolicy: api.RestartPolicyAlways,
Factor out API defaulting from validation logic Currently, the validation logic validates fields in an object and supply default values wherever applies. This change factors out defaulting to a set of defaulting callback functions for decoding (see #1502 for more discussion). * This change is based on pull request 2587. * Most defaulting has been migrated to defaults.go where the defaulting functions are added. * validation_test.go and converter_test.go have been adapted to not testing the default values. * Fixed all tests with that create invalid objects with the absence of defaulting logic.
2015-01-26 12:52:50 -05:00
DNSPolicy: api.DNSClusterFirst,
Add pod restart policy validation for replication controller.
2014-11-17 23:08:23 -05:00
},
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Update the validation logic to test PodTemplateSpec
2014-11-06 21:08:46 -05:00
Labels: invalidSelector,
add RFC952 label validation
2014-10-23 16:14:13 -04:00
},
},
}
Make validation work when not in the api package.
2014-08-29 21:20:27 -04:00
successCases := []api.ReplicationController{
Extend validation for ReplicationController Provide type safe checks for empty sets of selectors.
2014-07-25 12:15:17 -04:00
{
refactor: move ListOptions references to metav1
2017-01-21 22:36:02 -05:00
ObjectMeta: metav1.ObjectMeta{Name: "abc", Namespace: metav1.NamespaceDefault},
Update the validation logic to test PodTemplateSpec
2014-11-06 21:08:46 -05:00
Spec: api.ReplicationControllerSpec{
Selector: validSelector,
Rename PodTemplate.Spec to PodTemplate.Template
2015-03-04 10:46:27 -05:00
Template: &validPodTemplate.Template,
Extend validation for ReplicationController Provide type safe checks for empty sets of selectors.
2014-07-25 12:15:17 -04:00
},
},
{
refactor: move ListOptions references to metav1
2017-01-21 22:36:02 -05:00
ObjectMeta: metav1.ObjectMeta{Name: "abc-123", Namespace: metav1.NamespaceDefault},
Update the validation logic to test PodTemplateSpec
2014-11-06 21:08:46 -05:00
Spec: api.ReplicationControllerSpec{
Selector: validSelector,
Rename PodTemplate.Spec to PodTemplate.Template
2015-03-04 10:46:27 -05:00
Template: &validPodTemplate.Template,
Extend validation for ReplicationController Provide type safe checks for empty sets of selectors.
2014-07-25 12:15:17 -04:00
},
},
Adjust replication controller validation to be more flexible about read/write volumes. Update docs to reflect reality as it is implemented.
2015-02-04 23:55:16 -05:00
{
refactor: move ListOptions references to metav1
2017-01-21 22:36:02 -05:00
ObjectMeta: metav1.ObjectMeta{Name: "abc-123", Namespace: metav1.NamespaceDefault},
Adjust replication controller validation to be more flexible about read/write volumes. Update docs to reflect reality as it is implemented.
2015-02-04 23:55:16 -05:00
Spec: api.ReplicationControllerSpec{
Replicas: 1,
Selector: validSelector,
Rename PodTemplate.Spec to PodTemplate.Template
2015-03-04 10:46:27 -05:00
Template: &readWriteVolumePodTemplate.Template,
Adjust replication controller validation to be more flexible about read/write volumes. Update docs to reflect reality as it is implemented.
2015-02-04 23:55:16 -05:00
},
},
Extend validation for ReplicationController Provide type safe checks for empty sets of selectors.
2014-07-25 12:15:17 -04:00
}
for _, successCase := range successCases {
if errs := ValidateReplicationController(&successCase); len(errs) != 0 {
t.Errorf("expected success: %v", errs)
}
}
Make validation work when not in the api package.
2014-08-29 21:20:27 -04:00
errorCases := map[string]api.ReplicationController{
Extend validation for ReplicationController Provide type safe checks for empty sets of selectors.
2014-07-25 12:15:17 -04:00
"zero-length ID": {
refactor: move ListOptions references to metav1
2017-01-21 22:36:02 -05:00
ObjectMeta: metav1.ObjectMeta{Name: "", Namespace: metav1.NamespaceDefault},
Update the validation logic to test PodTemplateSpec
2014-11-06 21:08:46 -05:00
Spec: api.ReplicationControllerSpec{
Selector: validSelector,
Rename PodTemplate.Spec to PodTemplate.Template
2015-03-04 10:46:27 -05:00
Template: &validPodTemplate.Template,
Update test cases to use default context
2014-09-29 17:18:18 -04:00
},
},
"missing-namespace": {
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{Name: "abc-123"},
Update the validation logic to test PodTemplateSpec
2014-11-06 21:08:46 -05:00
Spec: api.ReplicationControllerSpec{
Selector: validSelector,
Rename PodTemplate.Spec to PodTemplate.Template
2015-03-04 10:46:27 -05:00
Template: &validPodTemplate.Template,
Extend validation for ReplicationController Provide type safe checks for empty sets of selectors.
2014-07-25 12:15:17 -04:00
},
},
"empty selector": {
refactor: move ListOptions references to metav1
2017-01-21 22:36:02 -05:00
ObjectMeta: metav1.ObjectMeta{Name: "abc", Namespace: metav1.NamespaceDefault},
Update the validation logic to test PodTemplateSpec
2014-11-06 21:08:46 -05:00
Spec: api.ReplicationControllerSpec{
Rename PodTemplate.Spec to PodTemplate.Template
2015-03-04 10:46:27 -05:00
Template: &validPodTemplate.Template,
Extend validation for ReplicationController Provide type safe checks for empty sets of selectors.
2014-07-25 12:15:17 -04:00
},
},
Add a validation that replicaSelector matches PodTemplate.Labels
2014-08-21 20:02:39 -04:00
"selector_doesnt_match": {
refactor: move ListOptions references to metav1
2017-01-21 22:36:02 -05:00
ObjectMeta: metav1.ObjectMeta{Name: "abc", Namespace: metav1.NamespaceDefault},
Update the validation logic to test PodTemplateSpec
2014-11-06 21:08:46 -05:00
Spec: api.ReplicationControllerSpec{
Selector: map[string]string{"foo": "bar"},
Rename PodTemplate.Spec to PodTemplate.Template
2015-03-04 10:46:27 -05:00
Template: &validPodTemplate.Template,
Add a validation that replicaSelector matches PodTemplate.Labels
2014-08-21 20:02:39 -04:00
},
},
Extend validation for ReplicationController Provide type safe checks for empty sets of selectors.
2014-07-25 12:15:17 -04:00
"invalid manifest": {
refactor: move ListOptions references to metav1
2017-01-21 22:36:02 -05:00
ObjectMeta: metav1.ObjectMeta{Name: "abc", Namespace: metav1.NamespaceDefault},
Update the validation logic to test PodTemplateSpec
2014-11-06 21:08:46 -05:00
Spec: api.ReplicationControllerSpec{
Selector: validSelector,
Extend validation for ReplicationController Provide type safe checks for empty sets of selectors.
2014-07-25 12:15:17 -04:00
},
},
Adjust replication controller validation to be more flexible about read/write volumes. Update docs to reflect reality as it is implemented.
2015-02-04 23:55:16 -05:00
"read-write persistent disk with > 1 pod": {
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{Name: "abc"},
Update the validation logic to test PodTemplateSpec
2014-11-06 21:08:46 -05:00
Spec: api.ReplicationControllerSpec{
Adjust replication controller validation to be more flexible about read/write volumes. Update docs to reflect reality as it is implemented.
2015-02-04 23:55:16 -05:00
Replicas: 2,
Update the validation logic to test PodTemplateSpec
2014-11-06 21:08:46 -05:00
Selector: validSelector,
Rename PodTemplate.Spec to PodTemplate.Template
2015-03-04 10:46:27 -05:00
Template: &readWriteVolumePodTemplate.Template,
Adds support for attaching GCEPersitentDisks Adds GCEPersistentDisk volume struct Adds gce-utils to attach disk to kubelet's VM. Updates config to give compute-rw to every minion. Adds GCEPersistentDisk to API Adds ability to mount attached disks Generalizes PD and adds tests. PD now uses an pluggable API interface. Unit Tests more cleanly separates TearDown and SetUp Modify boilerplate hook to omit build tags Adds Mounter interface; mount is now built by OS TearDown() for PD now detaches disk on final refcount Un-generalized PD; GCE calls moved to cloudprovider Address comments.
2014-08-05 13:58:43 -04:00
},
},
Validate on replicas being non-negative
2014-08-04 15:02:51 -04:00
"negative_replicas": {
refactor: move ListOptions references to metav1
2017-01-21 22:36:02 -05:00
ObjectMeta: metav1.ObjectMeta{Name: "abc", Namespace: metav1.NamespaceDefault},
Update the validation logic to test PodTemplateSpec
2014-11-06 21:08:46 -05:00
Spec: api.ReplicationControllerSpec{
Replicas: -1,
Selector: validSelector,
Validate on replicas being non-negative
2014-08-04 15:02:51 -04:00
},
},
add RFC952 label validation
2014-10-23 16:14:13 -04:00
"invalid_label": {
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
add RFC952 label validation
2014-10-23 16:14:13 -04:00
Name: "abc-123",
refactor: move ListOptions references to metav1
2017-01-21 22:36:02 -05:00
Namespace: metav1.NamespaceDefault,
add RFC952 label validation
2014-10-23 16:14:13 -04:00
Labels: map[string]string{
"NoUppercaseOrSpecialCharsLike=Equals": "bar",
},
},
Update the validation logic to test PodTemplateSpec
2014-11-06 21:08:46 -05:00
Spec: api.ReplicationControllerSpec{
Selector: validSelector,
Rename PodTemplate.Spec to PodTemplate.Template
2015-03-04 10:46:27 -05:00
Template: &validPodTemplate.Template,
add RFC952 label validation
2014-10-23 16:14:13 -04:00
},
},
"invalid_label 2": {
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
add RFC952 label validation
2014-10-23 16:14:13 -04:00
Name: "abc-123",
refactor: move ListOptions references to metav1
2017-01-21 22:36:02 -05:00
Namespace: metav1.NamespaceDefault,
add RFC952 label validation
2014-10-23 16:14:13 -04:00
Labels: map[string]string{
"NoUppercaseOrSpecialCharsLike=Equals": "bar",
},
},
Update the validation logic to test PodTemplateSpec
2014-11-06 21:08:46 -05:00
Spec: api.ReplicationControllerSpec{
Rename PodTemplate.Spec to PodTemplate.Template
2015-03-04 10:46:27 -05:00
Template: &invalidPodTemplate.Template,
},
},
"invalid_annotation": {
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Rename PodTemplate.Spec to PodTemplate.Template
2015-03-04 10:46:27 -05:00
Name: "abc-123",
refactor: move ListOptions references to metav1
2017-01-21 22:36:02 -05:00
Namespace: metav1.NamespaceDefault,
Rename PodTemplate.Spec to PodTemplate.Template
2015-03-04 10:46:27 -05:00
Annotations: map[string]string{
"NoUppercaseOrSpecialCharsLike=Equals": "bar",
},
},
Spec: api.ReplicationControllerSpec{
Selector: validSelector,
Template: &validPodTemplate.Template,
add RFC952 label validation
2014-10-23 16:14:13 -04:00
},
},
Add pod restart policy validation for replication controller.
2014-11-17 23:08:23 -05:00
"invalid restart policy 1": {
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Add pod restart policy validation for replication controller.
2014-11-17 23:08:23 -05:00
Name: "abc-123",
refactor: move ListOptions references to metav1
2017-01-21 22:36:02 -05:00
Namespace: metav1.NamespaceDefault,
Add pod restart policy validation for replication controller.
2014-11-17 23:08:23 -05:00
},
Spec: api.ReplicationControllerSpec{
Selector: validSelector,
Template: &api.PodTemplateSpec{
Spec: api.PodSpec{
Convert RestartPolicy to string for v1beta3. Fixed #3607 and spiritually support #5475
2015-03-13 21:38:07 -04:00
RestartPolicy: api.RestartPolicyOnFailure,
DNSPolicy: api.DNSClusterFirst,
Add TerminationMessagePolicy
2016-12-21 23:54:12 -05:00
Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File"}},
Add pod restart policy validation for replication controller.
2014-11-17 23:08:23 -05:00
},
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Add pod restart policy validation for replication controller.
2014-11-17 23:08:23 -05:00
Labels: validSelector,
},
},
},
},
"invalid restart policy 2": {
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Add pod restart policy validation for replication controller.
2014-11-17 23:08:23 -05:00
Name: "abc-123",
refactor: move ListOptions references to metav1
2017-01-21 22:36:02 -05:00
Namespace: metav1.NamespaceDefault,
Add pod restart policy validation for replication controller.
2014-11-17 23:08:23 -05:00
},
Spec: api.ReplicationControllerSpec{
Selector: validSelector,
Template: &api.PodTemplateSpec{
Spec: api.PodSpec{
Convert RestartPolicy to string for v1beta3. Fixed #3607 and spiritually support #5475
2015-03-13 21:38:07 -04:00
RestartPolicy: api.RestartPolicyNever,
DNSPolicy: api.DNSClusterFirst,
Add TerminationMessagePolicy
2016-12-21 23:54:12 -05:00
Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File"}},
Add pod restart policy validation for replication controller.
2014-11-17 23:08:23 -05:00
},
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Add pod restart policy validation for replication controller.
2014-11-17 23:08:23 -05:00
Labels: validSelector,
},
},
},
},
Extend validation for ReplicationController Provide type safe checks for empty sets of selectors.
2014-07-25 12:15:17 -04:00
}
for k, v := range errorCases {
Convert field errors into a selector for the object Satisfies the "Field" condition for a Cause. Also addresses parts of #914.
2014-08-19 23:54:20 -04:00
errs := ValidateReplicationController(&v)
if len(errs) == 0 {
Extend validation for ReplicationController Provide type safe checks for empty sets of selectors.
2014-07-25 12:15:17 -04:00
t.Errorf("expected failure for %s", k)
}
Convert field errors into a selector for the object Satisfies the "Field" condition for a Cause. Also addresses parts of #914.
2014-08-19 23:54:20 -04:00
for i := range errs {
Stronger typing for validation ErrorList
2015-11-03 19:08:20 -05:00
field := errs[i].Field
Update the validation logic to test PodTemplateSpec
2014-11-06 21:08:46 -05:00
if !strings.HasPrefix(field, "spec.template.") &&
Limit field errors to a single field name
2015-08-12 11:26:23 -04:00
field != "metadata.name" &&
Unify validation logic for create and update paths Ensure ObjectMeta is consistently validated on both create and update Make PortalIP uncleareable
2015-01-27 18:55:54 -05:00
field != "metadata.namespace" &&
Update the validation logic to test PodTemplateSpec
2014-11-06 21:08:46 -05:00
field != "spec.selector" &&
field != "spec.template" &&
Adds support for attaching GCEPersitentDisks Adds GCEPersistentDisk volume struct Adds gce-utils to attach disk to kubelet's VM. Updates config to give compute-rw to every minion. Adds GCEPersistentDisk to API Adds ability to mount attached disks Generalizes PD and adds tests. PD now uses an pluggable API interface. Unit Tests more cleanly separates TearDown and SetUp Modify boilerplate hook to omit build tags Adds Mounter interface; mount is now built by OS TearDown() for PD now detaches disk on final refcount Un-generalized PD; GCE calls moved to cloudprovider Address comments.
2014-08-05 13:58:43 -04:00
field != "GCEPersistentDisk.ReadOnly" &&
Update the validation logic to test PodTemplateSpec
2014-11-06 21:08:46 -05:00
field != "spec.replicas" &&
clean up error message on labels validation errs
2014-11-20 00:55:45 -05:00
field != "spec.template.labels" &&
Unify validation logic for create and update paths Ensure ObjectMeta is consistently validated on both create and update Make PortalIP uncleareable
2015-01-27 18:55:54 -05:00
field != "metadata.annotations" &&
Add replication controller status subresource
2015-09-28 15:39:57 -04:00
field != "metadata.labels" &&
field != "status.replicas" {
Convert field errors into a selector for the object Satisfies the "Field" condition for a Cause. Also addresses parts of #914.
2014-08-19 23:54:20 -04:00
t.Errorf("%s: missing prefix for: %v", k, errs[i])
}
}
Extend validation for ReplicationController Provide type safe checks for empty sets of selectors.
2014-07-25 12:15:17 -04:00
}
}
Read BoundPods from etcd instead of ContainerManifestList There are three values that uniquely identify a pod on a host - the configuration source (etcd, file, http), the pod name, and the pod namespace. This change ensures that configuration properly makes those names unique by changing podFullName to contain both name (currently ID in v1beta1, Name in v1beta3) and namespace. The Kubelet does not properly handle information requests for pods not in the default namespace at this time.
2014-10-08 15:56:02 -04:00
Validate Node IPs; clean up validation code
2015-04-22 13:55:05 -04:00
func TestValidateNode(t *testing.T) {
Centralize minion validation
2014-11-12 12:38:15 -05:00
validSelector := map[string]string{"a": "b"}
invalidSelector := map[string]string{"NoUppercaseOrSpecialCharsLike=Equals": "b"}
Internal rename api.Minion -> api.Node
2014-12-07 22:44:27 -05:00
successCases := []api.Node{
Centralize minion validation
2014-11-12 12:38:15 -05:00
{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Move the internal minion representation to match v1beta3 Moves to 'Spec' and 'Status' internally and removes duplicate fields. Moves Capacity into Spec and drops use of NodeResources
2014-11-19 17:39:10 -05:00
Name: "abc",
Labels: validSelector,
},
Status: api.NodeStatus{
Node addresses
2015-02-13 14:07:23 -05:00
Addresses: []api.NodeAddress{
remove deprecated NodeLegacyHostIP
2017-04-23 22:21:29 -04:00
{Type: api.NodeExternalIP, Address: "something"},
Node addresses
2015-02-13 14:07:23 -05:00
},
Add validation for node creation.
2015-03-24 13:24:07 -04:00
Capacity: api.ResourceList{
api.ResourceName(api.ResourceCPU): resource.MustParse("10"),
api.ResourceName(api.ResourceMemory): resource.MustParse("10G"),
api.ResourceName("my.org/gpu"): resource.MustParse("10"),
},
},
Move Capacity from NodeSpec to NodeStatus
2015-03-25 09:44:40 -04:00
Spec: api.NodeSpec{
ExternalID: "external",
},
Centralize minion validation
2014-11-12 12:38:15 -05:00
},
{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Add name generation and normalize common create flows Adds `ObjectMeta.GenerateName`, an optional string field that defines name generation behavior if a Name is not provided. Adds `pkg/api/rest`, which defines the default Kubernetes API pattern for creation (and will cover update as well). Will allow registries and REST objects to be merged by moving logic on api out of those places. Add `pkg/api/rest/resttest`, which will be the test suite that verifies a RESTStorage object follows the Kubernetes API conventions and begin reducing our duplicated tests.
2015-01-27 18:56:38 -05:00
Name: "abc",
},
Move the internal minion representation to match v1beta3 Moves to 'Spec' and 'Status' internally and removes duplicate fields. Moves Capacity into Spec and drops use of NodeResources
2014-11-19 17:39:10 -05:00
Status: api.NodeStatus{
Node addresses
2015-02-13 14:07:23 -05:00
Addresses: []api.NodeAddress{
remove deprecated NodeLegacyHostIP
2017-04-23 22:21:29 -04:00
{Type: api.NodeExternalIP, Address: "something"},
Node addresses
2015-02-13 14:07:23 -05:00
},
Add validation for node creation.
2015-03-24 13:24:07 -04:00
Capacity: api.ResourceList{
api.ResourceName(api.ResourceCPU): resource.MustParse("10"),
api.ResourceName(api.ResourceMemory): resource.MustParse("0"),
},
},
Move Capacity from NodeSpec to NodeStatus
2015-03-25 09:44:40 -04:00
Spec: api.NodeSpec{
ExternalID: "external",
},
Centralize minion validation
2014-11-12 12:38:15 -05:00
},
implement taints and tolerations
2016-03-30 23:42:57 -04:00
{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
implement taints and tolerations
2016-03-30 23:42:57 -04:00
Name: "dedicated-node1",
},
Status: api.NodeStatus{
Addresses: []api.NodeAddress{
remove deprecated NodeLegacyHostIP
2017-04-23 22:21:29 -04:00
{Type: api.NodeExternalIP, Address: "something"},
implement taints and tolerations
2016-03-30 23:42:57 -04:00
},
Capacity: api.ResourceList{
api.ResourceName(api.ResourceCPU): resource.MustParse("10"),
api.ResourceName(api.ResourceMemory): resource.MustParse("0"),
},
},
Spec: api.NodeSpec{
ExternalID: "external",
Update tests.
2017-02-07 09:08:45 -05:00
// Add a valid taint to a node
Taints: []api.Taint{{Key: "GPU", Value: "true", Effect: "NoSchedule"}},
implement taints and tolerations
2016-03-30 23:42:57 -04:00
},
},
Use PreferAvoidPods annotation to avoid pods being scheduled to specific node. 1. define PreferAvoidPods annotation 2. add PreferAvoidPodsPriority 3. validate AvoidPods in node annotations
2016-02-25 04:30:31 -05:00
{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Use PreferAvoidPods annotation to avoid pods being scheduled to specific node. 1. define PreferAvoidPods annotation 2. add PreferAvoidPodsPriority 3. validate AvoidPods in node annotations
2016-02-25 04:30:31 -05:00
Name: "abc",
Annotations: map[string]string{
api.PreferAvoidPodsAnnotationKey: `
{
"preferAvoidPods": [
{
"podSignature": {
"podController": {
"apiVersion": "v1",
"kind": "ReplicationController",
"name": "foo",
"uid": "abcdef123456",
"controller": true
}
},
"reason": "some reason",
"message": "some message"
}
]
}`,
},
},
Status: api.NodeStatus{
Addresses: []api.NodeAddress{
remove deprecated NodeLegacyHostIP
2017-04-23 22:21:29 -04:00
{Type: api.NodeExternalIP, Address: "something"},
Use PreferAvoidPods annotation to avoid pods being scheduled to specific node. 1. define PreferAvoidPods annotation 2. add PreferAvoidPodsPriority 3. validate AvoidPods in node annotations
2016-02-25 04:30:31 -05:00
},
Capacity: api.ResourceList{
api.ResourceName(api.ResourceCPU): resource.MustParse("10"),
api.ResourceName(api.ResourceMemory): resource.MustParse("0"),
},
},
Spec: api.NodeSpec{
ExternalID: "external",
},
},
Centralize minion validation
2014-11-12 12:38:15 -05:00
}
for _, successCase := range successCases {
Validate Node IPs; clean up validation code
2015-04-22 13:55:05 -04:00
if errs := ValidateNode(&successCase); len(errs) != 0 {
Centralize minion validation
2014-11-12 12:38:15 -05:00
t.Errorf("expected success: %v", errs)
}
}
Internal rename api.Minion -> api.Node
2014-12-07 22:44:27 -05:00
errorCases := map[string]api.Node{
Centralize minion validation
2014-11-12 12:38:15 -05:00
"zero-length Name": {
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Move the internal minion representation to match v1beta3 Moves to 'Spec' and 'Status' internally and removes duplicate fields. Moves Capacity into Spec and drops use of NodeResources
2014-11-19 17:39:10 -05:00
Name: "",
Labels: validSelector,
},
Status: api.NodeStatus{
Node addresses
2015-02-13 14:07:23 -05:00
Addresses: []api.NodeAddress{},
Add validation for node creation.
2015-03-24 13:24:07 -04:00
Capacity: api.ResourceList{
api.ResourceName(api.ResourceCPU): resource.MustParse("10"),
api.ResourceName(api.ResourceMemory): resource.MustParse("10G"),
},
},
Move Capacity from NodeSpec to NodeStatus
2015-03-25 09:44:40 -04:00
Spec: api.NodeSpec{
ExternalID: "external",
},
Centralize minion validation
2014-11-12 12:38:15 -05:00
},
"invalid-labels": {
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Move the internal minion representation to match v1beta3 Moves to 'Spec' and 'Status' internally and removes duplicate fields. Moves Capacity into Spec and drops use of NodeResources
2014-11-19 17:39:10 -05:00
Name: "abc-123",
Labels: invalidSelector,
},
Move Capacity from NodeSpec to NodeStatus
2015-03-25 09:44:40 -04:00
Status: api.NodeStatus{
Add validation for node creation.
2015-03-24 13:24:07 -04:00
Capacity: api.ResourceList{
api.ResourceName(api.ResourceCPU): resource.MustParse("10"),
api.ResourceName(api.ResourceMemory): resource.MustParse("10G"),
},
},
Move Capacity from NodeSpec to NodeStatus
2015-03-25 09:44:40 -04:00
Spec: api.NodeSpec{
ExternalID: "external",
},
Add validation for node creation.
2015-03-24 13:24:07 -04:00
},
"missing-external-id": {
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Add validation for node creation.
2015-03-24 13:24:07 -04:00
Name: "abc-123",
Labels: validSelector,
},
Move Capacity from NodeSpec to NodeStatus
2015-03-25 09:44:40 -04:00
Status: api.NodeStatus{
Add validation for node creation.
2015-03-24 13:24:07 -04:00
Capacity: api.ResourceList{
api.ResourceName(api.ResourceCPU): resource.MustParse("10"),
api.ResourceName(api.ResourceMemory): resource.MustParse("10G"),
},
},
},
implement taints and tolerations
2016-03-30 23:42:57 -04:00
"missing-taint-key": {
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
implement taints and tolerations
2016-03-30 23:42:57 -04:00
Name: "dedicated-node1",
},
Spec: api.NodeSpec{
ExternalID: "external",
Update tests.
2017-02-07 09:08:45 -05:00
// Add a taint with an empty key to a node
Taints: []api.Taint{{Key: "", Value: "special-user-1", Effect: "NoSchedule"}},
implement taints and tolerations
2016-03-30 23:42:57 -04:00
},
},
"bad-taint-key": {
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
implement taints and tolerations
2016-03-30 23:42:57 -04:00
Name: "dedicated-node1",
},
Spec: api.NodeSpec{
ExternalID: "external",
Update tests.
2017-02-07 09:08:45 -05:00
// Add a taint with an invalid key to a node
Taints: []api.Taint{{Key: "NoUppercaseOrSpecialCharsLike=Equals", Value: "special-user-1", Effect: "NoSchedule"}},
implement taints and tolerations
2016-03-30 23:42:57 -04:00
},
},
"bad-taint-value": {
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
implement taints and tolerations
2016-03-30 23:42:57 -04:00
Name: "dedicated-node2",
},
Status: api.NodeStatus{
Addresses: []api.NodeAddress{
remove deprecated NodeLegacyHostIP
2017-04-23 22:21:29 -04:00
{Type: api.NodeExternalIP, Address: "something"},
implement taints and tolerations
2016-03-30 23:42:57 -04:00
},
Capacity: api.ResourceList{
api.ResourceName(api.ResourceCPU): resource.MustParse("10"),
api.ResourceName(api.ResourceMemory): resource.MustParse("0"),
},
},
Spec: api.NodeSpec{
ExternalID: "external",
Update tests.
2017-02-07 09:08:45 -05:00
// Add a taint with a bad value to a node
Taints: []api.Taint{{Key: "dedicated", Value: "some\\bad\\value", Effect: "NoSchedule"}},
implement taints and tolerations
2016-03-30 23:42:57 -04:00
},
},
"missing-taint-effect": {
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
implement taints and tolerations
2016-03-30 23:42:57 -04:00
Name: "dedicated-node3",
},
Status: api.NodeStatus{
Addresses: []api.NodeAddress{
remove deprecated NodeLegacyHostIP
2017-04-23 22:21:29 -04:00
{Type: api.NodeExternalIP, Address: "something"},
implement taints and tolerations
2016-03-30 23:42:57 -04:00
},
Capacity: api.ResourceList{
api.ResourceName(api.ResourceCPU): resource.MustParse("10"),
api.ResourceName(api.ResourceMemory): resource.MustParse("0"),
},
},
Spec: api.NodeSpec{
ExternalID: "external",
Update tests.
2017-02-07 09:08:45 -05:00
// Add a taint with an empty effect to a node
Taints: []api.Taint{{Key: "dedicated", Value: "special-user-3", Effect: ""}},
implement taints and tolerations
2016-03-30 23:42:57 -04:00
},
},
api changes of forgiveness phase1
2017-01-04 06:45:50 -05:00
"invalid-taint-effect": {
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
implement taints and tolerations
2016-03-30 23:42:57 -04:00
Name: "dedicated-node3",
},
Status: api.NodeStatus{
Addresses: []api.NodeAddress{
remove deprecated NodeLegacyHostIP
2017-04-23 22:21:29 -04:00
{Type: api.NodeExternalIP, Address: "something"},
implement taints and tolerations
2016-03-30 23:42:57 -04:00
},
Capacity: api.ResourceList{
api.ResourceName(api.ResourceCPU): resource.MustParse("10"),
api.ResourceName(api.ResourceMemory): resource.MustParse("0"),
},
},
Spec: api.NodeSpec{
ExternalID: "external",
Update tests.
2017-02-07 09:08:45 -05:00
// Add a taint with NoExecute effect to a node
Taints: []api.Taint{{Key: "dedicated", Value: "special-user-3", Effect: "NoScheduleNoAdmit"}},
implement taints and tolerations
2016-03-30 23:42:57 -04:00
},
},
make taints unique by <key, effect> on a node
2016-08-12 04:46:40 -04:00
"duplicated-taints-with-same-key-effect": {
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
make taints unique by <key, effect> on a node
2016-08-12 04:46:40 -04:00
Name: "dedicated-node1",
},
Spec: api.NodeSpec{
ExternalID: "external",
Update tests.
2017-02-07 09:08:45 -05:00
// Add two taints to the node with the same key and effect; should be rejected.
Taints: []api.Taint{
{Key: "dedicated", Value: "special-user-1", Effect: "NoSchedule"},
{Key: "dedicated", Value: "special-user-2", Effect: "NoSchedule"},
},
make taints unique by <key, effect> on a node
2016-08-12 04:46:40 -04:00
},
},
Use PreferAvoidPods annotation to avoid pods being scheduled to specific node. 1. define PreferAvoidPods annotation 2. add PreferAvoidPodsPriority 3. validate AvoidPods in node annotations
2016-02-25 04:30:31 -05:00
"missing-podSignature": {
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Use PreferAvoidPods annotation to avoid pods being scheduled to specific node. 1. define PreferAvoidPods annotation 2. add PreferAvoidPodsPriority 3. validate AvoidPods in node annotations
2016-02-25 04:30:31 -05:00
Name: "abc-123",
Annotations: map[string]string{
api.PreferAvoidPodsAnnotationKey: `
{
"preferAvoidPods": [
{
"reason": "some reason",
"message": "some message"
}
]
}`,
},
},
Status: api.NodeStatus{
Addresses: []api.NodeAddress{},
Capacity: api.ResourceList{
api.ResourceName(api.ResourceCPU): resource.MustParse("10"),
api.ResourceName(api.ResourceMemory): resource.MustParse("0"),
},
},
Spec: api.NodeSpec{
ExternalID: "external",
},
},
"invalid-podController": {
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Use PreferAvoidPods annotation to avoid pods being scheduled to specific node. 1. define PreferAvoidPods annotation 2. add PreferAvoidPodsPriority 3. validate AvoidPods in node annotations
2016-02-25 04:30:31 -05:00
Name: "abc-123",
Annotations: map[string]string{
api.PreferAvoidPodsAnnotationKey: `
{
"preferAvoidPods": [
{
"podSignature": {
"podController": {
"apiVersion": "v1",
"kind": "ReplicationController",
"name": "foo",
"uid": "abcdef123456",
"controller": false
}
},
"reason": "some reason",
"message": "some message"
}
]
}`,
},
},
Status: api.NodeStatus{
Addresses: []api.NodeAddress{},
Capacity: api.ResourceList{
api.ResourceName(api.ResourceCPU): resource.MustParse("10"),
api.ResourceName(api.ResourceMemory): resource.MustParse("0"),
},
},
Spec: api.NodeSpec{
ExternalID: "external",
},
},
Centralize minion validation
2014-11-12 12:38:15 -05:00
}
for k, v := range errorCases {
Validate Node IPs; clean up validation code
2015-04-22 13:55:05 -04:00
errs := ValidateNode(&v)
Centralize minion validation
2014-11-12 12:38:15 -05:00
if len(errs) == 0 {
t.Errorf("expected failure for %s", k)
}
for i := range errs {
Stronger typing for validation ErrorList
2015-11-03 19:08:20 -05:00
field := errs[i].Field
Add validation for node creation.
2015-03-24 13:24:07 -04:00
expectedFields := map[string]bool{
Use PreferAvoidPods annotation to avoid pods being scheduled to specific node. 1. define PreferAvoidPods annotation 2. add PreferAvoidPodsPriority 3. validate AvoidPods in node annotations
2016-02-25 04:30:31 -05:00
"metadata.name": true,
"metadata.labels": true,
"metadata.annotations": true,
"metadata.namespace": true,
"spec.externalID": true,
Update tests.
2017-02-07 09:08:45 -05:00
"spec.taints[0].key": true,
"spec.taints[0].value": true,
"spec.taints[0].effect": true,
Use PreferAvoidPods annotation to avoid pods being scheduled to specific node. 1. define PreferAvoidPods annotation 2. add PreferAvoidPodsPriority 3. validate AvoidPods in node annotations
2016-02-25 04:30:31 -05:00
"metadata.annotations.scheduler.alpha.kubernetes.io/preferAvoidPods[0].PodSignature": true,
"metadata.annotations.scheduler.alpha.kubernetes.io/preferAvoidPods[0].PodSignature.PodController.Controller": true,
Add validation for node creation.
2015-03-24 13:24:07 -04:00
}
implement taints and tolerations
2016-03-30 23:42:57 -04:00
if val, ok := expectedFields[field]; ok {
if !val {
t.Errorf("%s: missing prefix for: %v", k, errs[i])
}
Centralize minion validation
2014-11-12 12:38:15 -05:00
}
}
}
}
Add more validation for updating node.
2014-11-17 13:22:27 -05:00
Validate Node IPs; clean up validation code
2015-04-22 13:55:05 -04:00
func TestValidateNodeUpdate(t *testing.T) {
Add more validation for updating node.
2014-11-17 13:22:27 -05:00
tests := []struct {
Validate Node IPs; clean up validation code
2015-04-22 13:55:05 -04:00
oldNode api.Node
node api.Node
valid bool
Add more validation for updating node.
2014-11-17 13:22:27 -05:00
}{
Internal rename api.Minion -> api.Node
2014-12-07 22:44:27 -05:00
{api.Node{}, api.Node{}, true},
{api.Node{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Add more validation for updating node.
2014-11-17 13:22:27 -05:00
Name: "foo"}},
Internal rename api.Minion -> api.Node
2014-12-07 22:44:27 -05:00
api.Node{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Add more validation for updating node.
2014-11-17 13:22:27 -05:00
Name: "bar"},
}, false},
Internal rename api.Minion -> api.Node
2014-12-07 22:44:27 -05:00
{api.Node{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Add more validation for updating node.
2014-11-17 13:22:27 -05:00
Name: "foo",
Labels: map[string]string{"foo": "bar"},
},
Internal rename api.Minion -> api.Node
2014-12-07 22:44:27 -05:00
}, api.Node{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Add more validation for updating node.
2014-11-17 13:22:27 -05:00
Name: "foo",
Labels: map[string]string{"foo": "baz"},
},
}, true},
Internal rename api.Minion -> api.Node
2014-12-07 22:44:27 -05:00
{api.Node{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Add more validation for updating node.
2014-11-17 13:22:27 -05:00
Name: "foo",
},
Internal rename api.Minion -> api.Node
2014-12-07 22:44:27 -05:00
}, api.Node{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Add more validation for updating node.
2014-11-17 13:22:27 -05:00
Name: "foo",
Labels: map[string]string{"foo": "baz"},
},
}, true},
Internal rename api.Minion -> api.Node
2014-12-07 22:44:27 -05:00
{api.Node{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Add more validation for updating node.
2014-11-17 13:22:27 -05:00
Name: "foo",
Labels: map[string]string{"bar": "foo"},
},
Internal rename api.Minion -> api.Node
2014-12-07 22:44:27 -05:00
}, api.Node{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Add more validation for updating node.
2014-11-17 13:22:27 -05:00
Name: "foo",
Labels: map[string]string{"foo": "baz"},
},
}, true},
pod cidr validation
2016-01-30 22:49:31 -05:00
{api.Node{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
pod cidr validation
2016-01-30 22:49:31 -05:00
Name: "foo",
},
Spec: api.NodeSpec{
PodCIDR: "",
},
}, api.Node{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
pod cidr validation
2016-01-30 22:49:31 -05:00
Name: "foo",
},
Spec: api.NodeSpec{
PodCIDR: "192.168.0.0/16",
},
}, true},
{api.Node{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
pod cidr validation
2016-01-30 22:49:31 -05:00
Name: "foo",
},
Spec: api.NodeSpec{
PodCIDR: "192.123.0.0/16",
},
}, api.Node{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
pod cidr validation
2016-01-30 22:49:31 -05:00
Name: "foo",
},
Spec: api.NodeSpec{
PodCIDR: "192.168.0.0/16",
},
}, false},
Make it easier to update nodes, make it possible to update capacity.
2014-12-12 00:39:56 -05:00
{api.Node{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Make it easier to update nodes, make it possible to update capacity.
2014-12-12 00:39:56 -05:00
Name: "foo",
},
Move Capacity from NodeSpec to NodeStatus
2015-03-25 09:44:40 -04:00
Status: api.NodeStatus{
Make it easier to update nodes, make it possible to update capacity.
2014-12-12 00:39:56 -05:00
Capacity: api.ResourceList{
ParseOrDie -> MustParse; stop returning pointer
2015-01-06 20:20:01 -05:00
api.ResourceCPU: resource.MustParse("10000"),
api.ResourceMemory: resource.MustParse("100"),
Make it easier to update nodes, make it possible to update capacity.
2014-12-12 00:39:56 -05:00
},
},
}, api.Node{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Make it easier to update nodes, make it possible to update capacity.
2014-12-12 00:39:56 -05:00
Name: "foo",
},
Move Capacity from NodeSpec to NodeStatus
2015-03-25 09:44:40 -04:00
Status: api.NodeStatus{
Make it easier to update nodes, make it possible to update capacity.
2014-12-12 00:39:56 -05:00
Capacity: api.ResourceList{
ParseOrDie -> MustParse; stop returning pointer
2015-01-06 20:20:01 -05:00
api.ResourceCPU: resource.MustParse("100"),
api.ResourceMemory: resource.MustParse("10000"),
Make it easier to update nodes, make it possible to update capacity.
2014-12-12 00:39:56 -05:00
},
},
}, true},
{api.Node{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Make it easier to update nodes, make it possible to update capacity.
2014-12-12 00:39:56 -05:00
Name: "foo",
Labels: map[string]string{"bar": "foo"},
},
Move Capacity from NodeSpec to NodeStatus
2015-03-25 09:44:40 -04:00
Status: api.NodeStatus{
Make it easier to update nodes, make it possible to update capacity.
2014-12-12 00:39:56 -05:00
Capacity: api.ResourceList{
ParseOrDie -> MustParse; stop returning pointer
2015-01-06 20:20:01 -05:00
api.ResourceCPU: resource.MustParse("10000"),
api.ResourceMemory: resource.MustParse("100"),
Make it easier to update nodes, make it possible to update capacity.
2014-12-12 00:39:56 -05:00
},
},
}, api.Node{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Make it easier to update nodes, make it possible to update capacity.
2014-12-12 00:39:56 -05:00
Name: "foo",
Labels: map[string]string{"bar": "fooobaz"},
},
Move Capacity from NodeSpec to NodeStatus
2015-03-25 09:44:40 -04:00
Status: api.NodeStatus{
Make it easier to update nodes, make it possible to update capacity.
2014-12-12 00:39:56 -05:00
Capacity: api.ResourceList{
ParseOrDie -> MustParse; stop returning pointer
2015-01-06 20:20:01 -05:00
api.ResourceCPU: resource.MustParse("100"),
api.ResourceMemory: resource.MustParse("10000"),
Make it easier to update nodes, make it possible to update capacity.
2014-12-12 00:39:56 -05:00
},
},
}, true},
Clear node status before the validation check.
2014-12-22 14:04:57 -05:00
{api.Node{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Clear node status before the validation check.
2014-12-22 14:04:57 -05:00
Name: "foo",
Labels: map[string]string{"bar": "foo"},
},
Status: api.NodeStatus{
Node addresses
2015-02-13 14:07:23 -05:00
Addresses: []api.NodeAddress{
remove deprecated NodeLegacyHostIP
2017-04-23 22:21:29 -04:00
{Type: api.NodeExternalIP, Address: "1.2.3.4"},
Node addresses
2015-02-13 14:07:23 -05:00
},
Clear node status before the validation check.
2014-12-22 14:04:57 -05:00
},
}, api.Node{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Clear node status before the validation check.
2014-12-22 14:04:57 -05:00
Name: "foo",
Labels: map[string]string{"bar": "fooobaz"},
},
}, true},
Add a few extra test cases for API validation of labels that would have caught a bug that was in past versions. Also, copy the label key format requirements from the API types.go comments into the labels doc.
2015-02-04 17:21:34 -05:00
{api.Node{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Add a few extra test cases for API validation of labels that would have caught a bug that was in past versions. Also, copy the label key format requirements from the API types.go comments into the labels doc.
2015-02-04 17:21:34 -05:00
Name: "foo",
Labels: map[string]string{"foo": "baz"},
},
}, api.Node{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Add a few extra test cases for API validation of labels that would have caught a bug that was in past versions. Also, copy the label key format requirements from the API types.go comments into the labels doc.
2015-02-04 17:21:34 -05:00
Name: "foo",
Labels: map[string]string{"Foo": "baz"},
},
Loosen label and annotation validation and related tests
2015-02-27 10:08:02 -05:00
}, true},
Allow admin user to explicitly unschedule the node Setting Unschedulable on the node will not touch any existing pods on the node but will block scheduling of new pods on the node.
2015-02-17 15:03:14 -05:00
{api.Node{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Allow admin user to explicitly unschedule the node Setting Unschedulable on the node will not touch any existing pods on the node but will block scheduling of new pods on the node.
2015-02-17 15:03:14 -05:00
Name: "foo",
},
Spec: api.NodeSpec{
Unschedulable: false,
},
}, api.Node{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Allow admin user to explicitly unschedule the node Setting Unschedulable on the node will not touch any existing pods on the node but will block scheduling of new pods on the node.
2015-02-17 15:03:14 -05:00
Name: "foo",
},
Spec: api.NodeSpec{
Unschedulable: true,
},
}, true},
Validate Node IPs; clean up validation code
2015-04-22 13:55:05 -04:00
{api.Node{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Validate Node IPs; clean up validation code
2015-04-22 13:55:05 -04:00
Name: "foo",
},
Spec: api.NodeSpec{
Unschedulable: false,
},
}, api.Node{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Validate Node IPs; clean up validation code
2015-04-22 13:55:05 -04:00
Name: "foo",
},
Status: api.NodeStatus{
Addresses: []api.NodeAddress{
{Type: api.NodeExternalIP, Address: "1.1.1.1"},
{Type: api.NodeExternalIP, Address: "1.1.1.1"},
},
},
}, false},
{api.Node{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Validate Node IPs; clean up validation code
2015-04-22 13:55:05 -04:00
Name: "foo",
},
Spec: api.NodeSpec{
Unschedulable: false,
},
}, api.Node{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Validate Node IPs; clean up validation code
2015-04-22 13:55:05 -04:00
Name: "foo",
},
Status: api.NodeStatus{
Addresses: []api.NodeAddress{
{Type: api.NodeExternalIP, Address: "1.1.1.1"},
{Type: api.NodeInternalIP, Address: "10.1.1.1"},
},
},
}, true},
Use PreferAvoidPods annotation to avoid pods being scheduled to specific node. 1. define PreferAvoidPods annotation 2. add PreferAvoidPodsPriority 3. validate AvoidPods in node annotations
2016-02-25 04:30:31 -05:00
{api.Node{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Use PreferAvoidPods annotation to avoid pods being scheduled to specific node. 1. define PreferAvoidPods annotation 2. add PreferAvoidPodsPriority 3. validate AvoidPods in node annotations
2016-02-25 04:30:31 -05:00
Name: "foo",
},
}, api.Node{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Use PreferAvoidPods annotation to avoid pods being scheduled to specific node. 1. define PreferAvoidPods annotation 2. add PreferAvoidPodsPriority 3. validate AvoidPods in node annotations
2016-02-25 04:30:31 -05:00
Name: "foo",
Annotations: map[string]string{
api.PreferAvoidPodsAnnotationKey: `
{
"preferAvoidPods": [
{
"podSignature": {
"podController": {
"apiVersion": "v1",
"kind": "ReplicationController",
"name": "foo",
"uid": "abcdef123456",
"controller": true
}
},
"reason": "some reason",
"message": "some message"
}
]
}`,
},
},
Spec: api.NodeSpec{
Unschedulable: false,
},
}, true},
{api.Node{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Use PreferAvoidPods annotation to avoid pods being scheduled to specific node. 1. define PreferAvoidPods annotation 2. add PreferAvoidPodsPriority 3. validate AvoidPods in node annotations
2016-02-25 04:30:31 -05:00
Name: "foo",
},
}, api.Node{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Use PreferAvoidPods annotation to avoid pods being scheduled to specific node. 1. define PreferAvoidPods annotation 2. add PreferAvoidPodsPriority 3. validate AvoidPods in node annotations
2016-02-25 04:30:31 -05:00
Name: "foo",
Annotations: map[string]string{
api.PreferAvoidPodsAnnotationKey: `
{
"preferAvoidPods": [
{
"reason": "some reason",
"message": "some message"
}
]
}`,
},
},
}, false},
{api.Node{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Use PreferAvoidPods annotation to avoid pods being scheduled to specific node. 1. define PreferAvoidPods annotation 2. add PreferAvoidPodsPriority 3. validate AvoidPods in node annotations
2016-02-25 04:30:31 -05:00
Name: "foo",
},
}, api.Node{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Use PreferAvoidPods annotation to avoid pods being scheduled to specific node. 1. define PreferAvoidPods annotation 2. add PreferAvoidPodsPriority 3. validate AvoidPods in node annotations
2016-02-25 04:30:31 -05:00
Name: "foo",
Annotations: map[string]string{
api.PreferAvoidPodsAnnotationKey: `
{
"preferAvoidPods": [
{
"podSignature": {
"podController": {
"apiVersion": "v1",
"kind": "ReplicationController",
"name": "foo",
"uid": "abcdef123456",
"controller": false
}
},
"reason": "some reason",
"message": "some message"
}
]
}`,
},
},
}, false},
Support opaque integer resource accounting. - Prevents kubelet from overwriting capacity during sync. - Handles opaque integer resources in the scheduler. - Adds scheduler predicate tests for opaque resources. - Validates opaque int resources: - Ensures supplied opaque int quantities in node capacity, node allocatable, pod request and pod limit are integers. - Adds tests for new validation logic (node update and pod spec). - Added e2e tests for opaque integer resources.
2016-09-26 11:11:31 -04:00
{api.Node{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Support opaque integer resource accounting. - Prevents kubelet from overwriting capacity during sync. - Handles opaque integer resources in the scheduler. - Adds scheduler predicate tests for opaque resources. - Validates opaque int resources: - Ensures supplied opaque int quantities in node capacity, node allocatable, pod request and pod limit are integers. - Adds tests for new validation logic (node update and pod spec). - Added e2e tests for opaque integer resources.
2016-09-26 11:11:31 -04:00
Name: "valid-opaque-int-resources",
},
}, api.Node{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Support opaque integer resource accounting. - Prevents kubelet from overwriting capacity during sync. - Handles opaque integer resources in the scheduler. - Adds scheduler predicate tests for opaque resources. - Validates opaque int resources: - Ensures supplied opaque int quantities in node capacity, node allocatable, pod request and pod limit are integers. - Adds tests for new validation logic (node update and pod spec). - Added e2e tests for opaque integer resources.
2016-09-26 11:11:31 -04:00
Name: "valid-opaque-int-resources",
},
Status: api.NodeStatus{
Capacity: api.ResourceList{
api.ResourceName(api.ResourceCPU): resource.MustParse("10"),
api.ResourceName(api.ResourceMemory): resource.MustParse("10G"),
move helpers.go to helper
2017-04-10 13:49:54 -04:00
helper.OpaqueIntResourceName("A"): resource.MustParse("5"),
helper.OpaqueIntResourceName("B"): resource.MustParse("10"),
Support opaque integer resource accounting. - Prevents kubelet from overwriting capacity during sync. - Handles opaque integer resources in the scheduler. - Adds scheduler predicate tests for opaque resources. - Validates opaque int resources: - Ensures supplied opaque int quantities in node capacity, node allocatable, pod request and pod limit are integers. - Adds tests for new validation logic (node update and pod spec). - Added e2e tests for opaque integer resources.
2016-09-26 11:11:31 -04:00
},
},
}, true},
{api.Node{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Support opaque integer resource accounting. - Prevents kubelet from overwriting capacity during sync. - Handles opaque integer resources in the scheduler. - Adds scheduler predicate tests for opaque resources. - Validates opaque int resources: - Ensures supplied opaque int quantities in node capacity, node allocatable, pod request and pod limit are integers. - Adds tests for new validation logic (node update and pod spec). - Added e2e tests for opaque integer resources.
2016-09-26 11:11:31 -04:00
Name: "invalid-fractional-opaque-int-capacity",
},
}, api.Node{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Support opaque integer resource accounting. - Prevents kubelet from overwriting capacity during sync. - Handles opaque integer resources in the scheduler. - Adds scheduler predicate tests for opaque resources. - Validates opaque int resources: - Ensures supplied opaque int quantities in node capacity, node allocatable, pod request and pod limit are integers. - Adds tests for new validation logic (node update and pod spec). - Added e2e tests for opaque integer resources.
2016-09-26 11:11:31 -04:00
Name: "invalid-fractional-opaque-int-capacity",
},
Status: api.NodeStatus{
Capacity: api.ResourceList{
api.ResourceName(api.ResourceCPU): resource.MustParse("10"),
api.ResourceName(api.ResourceMemory): resource.MustParse("10G"),
move helpers.go to helper
2017-04-10 13:49:54 -04:00
helper.OpaqueIntResourceName("A"): resource.MustParse("500m"),
Support opaque integer resource accounting. - Prevents kubelet from overwriting capacity during sync. - Handles opaque integer resources in the scheduler. - Adds scheduler predicate tests for opaque resources. - Validates opaque int resources: - Ensures supplied opaque int quantities in node capacity, node allocatable, pod request and pod limit are integers. - Adds tests for new validation logic (node update and pod spec). - Added e2e tests for opaque integer resources.
2016-09-26 11:11:31 -04:00
},
},
}, false},
{api.Node{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Support opaque integer resource accounting. - Prevents kubelet from overwriting capacity during sync. - Handles opaque integer resources in the scheduler. - Adds scheduler predicate tests for opaque resources. - Validates opaque int resources: - Ensures supplied opaque int quantities in node capacity, node allocatable, pod request and pod limit are integers. - Adds tests for new validation logic (node update and pod spec). - Added e2e tests for opaque integer resources.
2016-09-26 11:11:31 -04:00
Name: "invalid-fractional-opaque-int-allocatable",
},
}, api.Node{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Support opaque integer resource accounting. - Prevents kubelet from overwriting capacity during sync. - Handles opaque integer resources in the scheduler. - Adds scheduler predicate tests for opaque resources. - Validates opaque int resources: - Ensures supplied opaque int quantities in node capacity, node allocatable, pod request and pod limit are integers. - Adds tests for new validation logic (node update and pod spec). - Added e2e tests for opaque integer resources.
2016-09-26 11:11:31 -04:00
Name: "invalid-fractional-opaque-int-allocatable",
},
Status: api.NodeStatus{
Capacity: api.ResourceList{
api.ResourceName(api.ResourceCPU): resource.MustParse("10"),
api.ResourceName(api.ResourceMemory): resource.MustParse("10G"),
move helpers.go to helper
2017-04-10 13:49:54 -04:00
helper.OpaqueIntResourceName("A"): resource.MustParse("5"),
Support opaque integer resource accounting. - Prevents kubelet from overwriting capacity during sync. - Handles opaque integer resources in the scheduler. - Adds scheduler predicate tests for opaque resources. - Validates opaque int resources: - Ensures supplied opaque int quantities in node capacity, node allocatable, pod request and pod limit are integers. - Adds tests for new validation logic (node update and pod spec). - Added e2e tests for opaque integer resources.
2016-09-26 11:11:31 -04:00
},
Allocatable: api.ResourceList{
api.ResourceName(api.ResourceCPU): resource.MustParse("10"),
api.ResourceName(api.ResourceMemory): resource.MustParse("10G"),
move helpers.go to helper
2017-04-10 13:49:54 -04:00
helper.OpaqueIntResourceName("A"): resource.MustParse("4.5"),
Support opaque integer resource accounting. - Prevents kubelet from overwriting capacity during sync. - Handles opaque integer resources in the scheduler. - Adds scheduler predicate tests for opaque resources. - Validates opaque int resources: - Ensures supplied opaque int quantities in node capacity, node allocatable, pod request and pod limit are integers. - Adds tests for new validation logic (node update and pod spec). - Added e2e tests for opaque integer resources.
2016-09-26 11:11:31 -04:00
},
},
}, false},
Add more validation for updating node.
2014-11-17 13:22:27 -05:00
}
Unify validation logic for create and update paths Ensure ObjectMeta is consistently validated on both create and update Make PortalIP uncleareable
2015-01-27 18:55:54 -05:00
for i, test := range tests {
Validate Node IPs; clean up validation code
2015-04-22 13:55:05 -04:00
test.oldNode.ObjectMeta.ResourceVersion = "1"
test.node.ObjectMeta.ResourceVersion = "1"
Make order of fun consistent
2015-11-04 02:47:11 -05:00
errs := ValidateNodeUpdate(&test.node, &test.oldNode)
Add more validation for updating node.
2014-11-17 13:22:27 -05:00
if test.valid && len(errs) > 0 {
Unify validation logic for create and update paths Ensure ObjectMeta is consistently validated on both create and update Make PortalIP uncleareable
2015-01-27 18:55:54 -05:00
t.Errorf("%d: Unexpected error: %v", i, errs)
Validate Node IPs; clean up validation code
2015-04-22 13:55:05 -04:00
t.Logf("%#v vs %#v", test.oldNode.ObjectMeta, test.node.ObjectMeta)
Add more validation for updating node.
2014-11-17 13:22:27 -05:00
}
if !test.valid && len(errs) == 0 {
Unify validation logic for create and update paths Ensure ObjectMeta is consistently validated on both create and update Make PortalIP uncleareable
2015-01-27 18:55:54 -05:00
t.Errorf("%d: Unexpected non-error", i)
}
}
}
func TestValidateServiceUpdate(t *testing.T) {
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
testCases := []struct {
name string
tweakSvc func(oldSvc, newSvc *api.Service) // given basic valid services, each test case can customize them
numErrs int
Unify validation logic for create and update paths Ensure ObjectMeta is consistently validated on both create and update Make PortalIP uncleareable
2015-01-27 18:55:54 -05:00
}{
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
{
name: "no change",
tweakSvc: func(oldSvc, newSvc *api.Service) {
// do nothing
Unify validation logic for create and update paths Ensure ObjectMeta is consistently validated on both create and update Make PortalIP uncleareable
2015-01-27 18:55:54 -05:00
},
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
numErrs: 0,
},
{
name: "change name",
tweakSvc: func(oldSvc, newSvc *api.Service) {
newSvc.Name += "2"
Unify validation logic for create and update paths Ensure ObjectMeta is consistently validated on both create and update Make PortalIP uncleareable
2015-01-27 18:55:54 -05:00
},
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
numErrs: 1,
},
{
name: "change namespace",
tweakSvc: func(oldSvc, newSvc *api.Service) {
newSvc.Namespace += "2"
Unify validation logic for create and update paths Ensure ObjectMeta is consistently validated on both create and update Make PortalIP uncleareable
2015-01-27 18:55:54 -05:00
},
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
numErrs: 1,
},
{
name: "change label valid",
tweakSvc: func(oldSvc, newSvc *api.Service) {
newSvc.Labels["key"] = "other-value"
Unify validation logic for create and update paths Ensure ObjectMeta is consistently validated on both create and update Make PortalIP uncleareable
2015-01-27 18:55:54 -05:00
},
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
numErrs: 0,
},
{
name: "add label",
tweakSvc: func(oldSvc, newSvc *api.Service) {
newSvc.Labels["key2"] = "value2"
Unify validation logic for create and update paths Ensure ObjectMeta is consistently validated on both create and update Make PortalIP uncleareable
2015-01-27 18:55:54 -05:00
},
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
numErrs: 0,
},
{
Rename 'portal IP' to 'cluster IP' most everywhere This covers obvious transforms, but not --portal_net, $PORTAL_NET and similar.
2015-05-23 16:41:11 -04:00
name: "change cluster IP",
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
tweakSvc: func(oldSvc, newSvc *api.Service) {
Rename 'portal IP' to 'cluster IP' most everywhere This covers obvious transforms, but not --portal_net, $PORTAL_NET and similar.
2015-05-23 16:41:11 -04:00
oldSvc.Spec.ClusterIP = "1.2.3.4"
newSvc.Spec.ClusterIP = "8.6.7.5"
Unify validation logic for create and update paths Ensure ObjectMeta is consistently validated on both create and update Make PortalIP uncleareable
2015-01-27 18:55:54 -05:00
},
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
numErrs: 1,
},
{
Rename 'portal IP' to 'cluster IP' most everywhere This covers obvious transforms, but not --portal_net, $PORTAL_NET and similar.
2015-05-23 16:41:11 -04:00
name: "remove cluster IP",
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
tweakSvc: func(oldSvc, newSvc *api.Service) {
Rename 'portal IP' to 'cluster IP' most everywhere This covers obvious transforms, but not --portal_net, $PORTAL_NET and similar.
2015-05-23 16:41:11 -04:00
oldSvc.Spec.ClusterIP = "1.2.3.4"
newSvc.Spec.ClusterIP = ""
Unify validation logic for create and update paths Ensure ObjectMeta is consistently validated on both create and update Make PortalIP uncleareable
2015-01-27 18:55:54 -05:00
},
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
numErrs: 1,
},
{
name: "change affinity",
tweakSvc: func(oldSvc, newSvc *api.Service) {
newSvc.Spec.SessionAffinity = "ClientIP"
Paramaterize stickyMaxAgeMinutes for service in API
2017-08-01 12:09:37 -04:00
newSvc.Spec.SessionAffinityConfig = &api.SessionAffinityConfig{
ClientIP: &api.ClientIPConfig{
TimeoutSeconds: newInt32(90),
},
}
Unify validation logic for create and update paths Ensure ObjectMeta is consistently validated on both create and update Make PortalIP uncleareable
2015-01-27 18:55:54 -05:00
},
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
numErrs: 0,
},
{
name: "remove affinity",
tweakSvc: func(oldSvc, newSvc *api.Service) {
newSvc.Spec.SessionAffinity = ""
Add a few extra test cases for API validation of labels that would have caught a bug that was in past versions. Also, copy the label key format requirements from the API types.go comments into the labels doc.
2015-02-04 17:21:34 -05:00
},
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
numErrs: 1,
},
Add Type to ServiceSpec: ClusterIP or LoadBalancer
2015-05-22 17:49:26 -04:00
{
name: "change type",
tweakSvc: func(oldSvc, newSvc *api.Service) {
newSvc.Spec.Type = api.ServiceTypeLoadBalancer
},
numErrs: 0,
},
{
name: "remove type",
tweakSvc: func(oldSvc, newSvc *api.Service) {
newSvc.Spec.Type = ""
},
numErrs: 1,
},
Add ServiceType = NodePort; wire everything up
2015-05-20 11:59:34 -04:00
{
name: "change type -> nodeport",
tweakSvc: func(oldSvc, newSvc *api.Service) {
newSvc.Spec.Type = api.ServiceTypeNodePort
},
numErrs: 0,
},
disallow user to update loadbalancerSourceRanges
2016-09-22 20:41:25 -04:00
{
name: "add loadBalancerSourceRanges",
tweakSvc: func(oldSvc, newSvc *api.Service) {
oldSvc.Spec.Type = api.ServiceTypeLoadBalancer
newSvc.Spec.Type = api.ServiceTypeLoadBalancer
newSvc.Spec.LoadBalancerSourceRanges = []string{"10.0.0.0/8"}
},
support service loadBalancerSourceRange update
2016-11-30 17:04:22 -05:00
numErrs: 0,
disallow user to update loadbalancerSourceRanges
2016-09-22 20:41:25 -04:00
},
{
name: "update loadBalancerSourceRanges",
tweakSvc: func(oldSvc, newSvc *api.Service) {
oldSvc.Spec.Type = api.ServiceTypeLoadBalancer
oldSvc.Spec.LoadBalancerSourceRanges = []string{"10.0.0.0/8"}
newSvc.Spec.Type = api.ServiceTypeLoadBalancer
Fix hardcoded CIDR in the validation_test The ideal fix is to not hardcode these values. fixes #47479
2017-06-16 01:15:08 -04:00
newSvc.Spec.LoadBalancerSourceRanges = []string{"10.100.0.0/16"}
disallow user to update loadbalancerSourceRanges
2016-09-22 20:41:25 -04:00
},
support service loadBalancerSourceRange update
2016-11-30 17:04:22 -05:00
numErrs: 0,
disallow user to update loadbalancerSourceRanges
2016-09-22 20:41:25 -04:00
},
Validate None Service ClusterIP against LB type If the Service is a Load Balancer, it should not have None Cluster IP. If it does, Service validation fails.
2016-09-22 10:07:47 -04:00
{
name: "LoadBalancer type cannot have None ClusterIP",
tweakSvc: func(oldSvc, newSvc *api.Service) {
newSvc.Spec.ClusterIP = "None"
newSvc.Spec.Type = api.ServiceTypeLoadBalancer
},
numErrs: 1,
},
Test cases for service ClusterIP updates Test cases from ClusterIP using types to other ClusterIP using types (ClusterIP, NodePort, LoadBalancer) added.
2016-10-13 04:17:44 -04:00
{
name: "`None` ClusterIP cannot be changed",
tweakSvc: func(oldSvc, newSvc *api.Service) {
oldSvc.Spec.ClusterIP = "None"
newSvc.Spec.ClusterIP = "1.2.3.4"
},
numErrs: 1,
},
{
name: "`None` ClusterIP cannot be removed",
tweakSvc: func(oldSvc, newSvc *api.Service) {
oldSvc.Spec.ClusterIP = "None"
newSvc.Spec.ClusterIP = ""
},
numErrs: 1,
},
{
name: "Service with ClusterIP type cannot change its set ClusterIP",
tweakSvc: func(oldSvc, newSvc *api.Service) {
oldSvc.Spec.Type = api.ServiceTypeClusterIP
newSvc.Spec.Type = api.ServiceTypeClusterIP
oldSvc.Spec.ClusterIP = "1.2.3.4"
newSvc.Spec.ClusterIP = "1.2.3.5"
},
numErrs: 1,
},
{
name: "Service with ClusterIP type can change its empty ClusterIP",
tweakSvc: func(oldSvc, newSvc *api.Service) {
oldSvc.Spec.Type = api.ServiceTypeClusterIP
newSvc.Spec.Type = api.ServiceTypeClusterIP
oldSvc.Spec.ClusterIP = ""
newSvc.Spec.ClusterIP = "1.2.3.5"
},
numErrs: 0,
},
{
name: "Service with ClusterIP type cannot change its set ClusterIP when changing type to NodePort",
tweakSvc: func(oldSvc, newSvc *api.Service) {
oldSvc.Spec.Type = api.ServiceTypeClusterIP
newSvc.Spec.Type = api.ServiceTypeNodePort
oldSvc.Spec.ClusterIP = "1.2.3.4"
newSvc.Spec.ClusterIP = "1.2.3.5"
},
numErrs: 1,
},
{
name: "Service with ClusterIP type can change its empty ClusterIP when changing type to NodePort",
tweakSvc: func(oldSvc, newSvc *api.Service) {
oldSvc.Spec.Type = api.ServiceTypeClusterIP
newSvc.Spec.Type = api.ServiceTypeNodePort
oldSvc.Spec.ClusterIP = ""
newSvc.Spec.ClusterIP = "1.2.3.5"
},
numErrs: 0,
},
{
name: "Service with ClusterIP type cannot change its ClusterIP when changing type to LoadBalancer",
tweakSvc: func(oldSvc, newSvc *api.Service) {
oldSvc.Spec.Type = api.ServiceTypeClusterIP
newSvc.Spec.Type = api.ServiceTypeLoadBalancer
oldSvc.Spec.ClusterIP = "1.2.3.4"
newSvc.Spec.ClusterIP = "1.2.3.5"
},
numErrs: 1,
},
{
name: "Service with ClusterIP type can change its empty ClusterIP when changing type to LoadBalancer",
tweakSvc: func(oldSvc, newSvc *api.Service) {
oldSvc.Spec.Type = api.ServiceTypeClusterIP
newSvc.Spec.Type = api.ServiceTypeLoadBalancer
oldSvc.Spec.ClusterIP = ""
newSvc.Spec.ClusterIP = "1.2.3.5"
},
numErrs: 0,
},
{
name: "Service with NodePort type cannot change its set ClusterIP",
tweakSvc: func(oldSvc, newSvc *api.Service) {
oldSvc.Spec.Type = api.ServiceTypeNodePort
newSvc.Spec.Type = api.ServiceTypeNodePort
oldSvc.Spec.ClusterIP = "1.2.3.4"
newSvc.Spec.ClusterIP = "1.2.3.5"
},
numErrs: 1,
},
{
name: "Service with NodePort type can change its empty ClusterIP",
tweakSvc: func(oldSvc, newSvc *api.Service) {
oldSvc.Spec.Type = api.ServiceTypeNodePort
newSvc.Spec.Type = api.ServiceTypeNodePort
oldSvc.Spec.ClusterIP = ""
newSvc.Spec.ClusterIP = "1.2.3.5"
},
numErrs: 0,
},
{
name: "Service with NodePort type cannot change its set ClusterIP when changing type to ClusterIP",
tweakSvc: func(oldSvc, newSvc *api.Service) {
oldSvc.Spec.Type = api.ServiceTypeNodePort
newSvc.Spec.Type = api.ServiceTypeClusterIP
oldSvc.Spec.ClusterIP = "1.2.3.4"
newSvc.Spec.ClusterIP = "1.2.3.5"
},
numErrs: 1,
},
{
name: "Service with NodePort type can change its empty ClusterIP when changing type to ClusterIP",
tweakSvc: func(oldSvc, newSvc *api.Service) {
oldSvc.Spec.Type = api.ServiceTypeNodePort
newSvc.Spec.Type = api.ServiceTypeClusterIP
oldSvc.Spec.ClusterIP = ""
newSvc.Spec.ClusterIP = "1.2.3.5"
},
numErrs: 0,
},
{
name: "Service with NodePort type cannot change its set ClusterIP when changing type to LoadBalancer",
tweakSvc: func(oldSvc, newSvc *api.Service) {
oldSvc.Spec.Type = api.ServiceTypeNodePort
newSvc.Spec.Type = api.ServiceTypeLoadBalancer
oldSvc.Spec.ClusterIP = "1.2.3.4"
newSvc.Spec.ClusterIP = "1.2.3.5"
},
numErrs: 1,
},
{
name: "Service with NodePort type can change its empty ClusterIP when changing type to LoadBalancer",
tweakSvc: func(oldSvc, newSvc *api.Service) {
oldSvc.Spec.Type = api.ServiceTypeNodePort
newSvc.Spec.Type = api.ServiceTypeLoadBalancer
oldSvc.Spec.ClusterIP = ""
newSvc.Spec.ClusterIP = "1.2.3.5"
},
numErrs: 0,
},
{
name: "Service with LoadBalancer type cannot change its set ClusterIP",
tweakSvc: func(oldSvc, newSvc *api.Service) {
oldSvc.Spec.Type = api.ServiceTypeLoadBalancer
newSvc.Spec.Type = api.ServiceTypeLoadBalancer
oldSvc.Spec.ClusterIP = "1.2.3.4"
newSvc.Spec.ClusterIP = "1.2.3.5"
},
numErrs: 1,
},
{
name: "Service with LoadBalancer type can change its empty ClusterIP",
tweakSvc: func(oldSvc, newSvc *api.Service) {
oldSvc.Spec.Type = api.ServiceTypeLoadBalancer
newSvc.Spec.Type = api.ServiceTypeLoadBalancer
oldSvc.Spec.ClusterIP = ""
newSvc.Spec.ClusterIP = "1.2.3.5"
},
numErrs: 0,
},
{
name: "Service with LoadBalancer type cannot change its set ClusterIP when changing type to ClusterIP",
tweakSvc: func(oldSvc, newSvc *api.Service) {
oldSvc.Spec.Type = api.ServiceTypeLoadBalancer
newSvc.Spec.Type = api.ServiceTypeClusterIP
oldSvc.Spec.ClusterIP = "1.2.3.4"
newSvc.Spec.ClusterIP = "1.2.3.5"
},
numErrs: 1,
},
{
name: "Service with LoadBalancer type can change its empty ClusterIP when changing type to ClusterIP",
tweakSvc: func(oldSvc, newSvc *api.Service) {
oldSvc.Spec.Type = api.ServiceTypeLoadBalancer
newSvc.Spec.Type = api.ServiceTypeClusterIP
oldSvc.Spec.ClusterIP = ""
newSvc.Spec.ClusterIP = "1.2.3.5"
},
numErrs: 0,
},
{
name: "Service with LoadBalancer type cannot change its set ClusterIP when changing type to NodePort",
tweakSvc: func(oldSvc, newSvc *api.Service) {
oldSvc.Spec.Type = api.ServiceTypeLoadBalancer
newSvc.Spec.Type = api.ServiceTypeNodePort
oldSvc.Spec.ClusterIP = "1.2.3.4"
newSvc.Spec.ClusterIP = "1.2.3.5"
},
numErrs: 1,
},
{
name: "Service with LoadBalancer type can change its empty ClusterIP when changing type to NodePort",
tweakSvc: func(oldSvc, newSvc *api.Service) {
oldSvc.Spec.Type = api.ServiceTypeLoadBalancer
newSvc.Spec.Type = api.ServiceTypeNodePort
oldSvc.Spec.ClusterIP = ""
newSvc.Spec.ClusterIP = "1.2.3.5"
},
numErrs: 0,
},
{
name: "Service with ExternalName type can change its empty ClusterIP when changing type to ClusterIP",
tweakSvc: func(oldSvc, newSvc *api.Service) {
oldSvc.Spec.Type = api.ServiceTypeExternalName
newSvc.Spec.Type = api.ServiceTypeClusterIP
oldSvc.Spec.ClusterIP = ""
newSvc.Spec.ClusterIP = "1.2.3.5"
},
numErrs: 0,
},
{
name: "Service with ExternalName type can change its set ClusterIP when changing type to ClusterIP",
tweakSvc: func(oldSvc, newSvc *api.Service) {
oldSvc.Spec.Type = api.ServiceTypeExternalName
newSvc.Spec.Type = api.ServiceTypeClusterIP
oldSvc.Spec.ClusterIP = "1.2.3.4"
newSvc.Spec.ClusterIP = "1.2.3.5"
},
numErrs: 0,
},
Service with type=NodePortr and clusterIP=None is not allowed
2016-08-18 17:50:09 -04:00
{
name: "invalid node port with clusterIP None",
tweakSvc: func(oldSvc, newSvc *api.Service) {
oldSvc.Spec.Type = api.ServiceTypeNodePort
newSvc.Spec.Type = api.ServiceTypeNodePort
oldSvc.Spec.Ports = append(oldSvc.Spec.Ports, api.ServicePort{Name: "q", Port: 1, Protocol: "TCP", NodePort: 1, TargetPort: intstr.FromInt(1)})
newSvc.Spec.Ports = append(newSvc.Spec.Ports, api.ServicePort{Name: "q", Port: 1, Protocol: "TCP", NodePort: 1, TargetPort: intstr.FromInt(1)})
oldSvc.Spec.ClusterIP = ""
newSvc.Spec.ClusterIP = "None"
},
numErrs: 1,
},
Unify validation logic for create and update paths Ensure ObjectMeta is consistently validated on both create and update Make PortalIP uncleareable
2015-01-27 18:55:54 -05:00
}
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
for _, tc := range testCases {
oldSvc := makeValidService()
newSvc := makeValidService()
tc.tweakSvc(&oldSvc, &newSvc)
Make order of fun consistent
2015-11-04 02:47:11 -05:00
errs := ValidateServiceUpdate(&newSvc, &oldSvc)
fix tests broken by stronger validation
2015-03-31 14:13:44 -04:00
if len(errs) != tc.numErrs {
Stronger typing for validation ErrorList
2015-11-03 19:08:20 -05:00
t.Errorf("Unexpected error list for case %q: %v", tc.name, errs.ToAggregate())
Add more validation for updating node.
2014-11-17 13:22:27 -05:00
}
}
}
Adding a 'Typename' strongtype for representing all compute resource types.
2015-01-16 19:34:47 -05:00
func TestValidateResourceNames(t *testing.T) {
table := []struct {
input string
success bool
Make IsQualifiedName return error strings
2015-12-16 00:28:42 -05:00
expect string
Adding a 'Typename' strongtype for representing all compute resource types.
2015-01-16 19:34:47 -05:00
}{
Make IsQualifiedName return error strings
2015-12-16 00:28:42 -05:00
{"memory", true, ""},
{"cpu", true, ""},
requests.storage is a standard resource name
2016-10-10 20:49:05 -04:00
{"storage", true, ""},
{"requests.cpu", true, ""},
{"requests.memory", true, ""},
{"requests.storage", true, ""},
{"limits.cpu", true, ""},
{"limits.memory", true, ""},
Make IsQualifiedName return error strings
2015-12-16 00:28:42 -05:00
{"network", false, ""},
{"disk", false, ""},
{"", false, ""},
{".", false, ""},
{"..", false, ""},
{"my.favorite.app.co/12345", true, ""},
{"my.favorite.app.co/_12345", false, ""},
{"my.favorite.app.co/12345_", false, ""},
{"kubernetes.io/..", false, ""},
{"kubernetes.io/" + strings.Repeat("a", 63), true, ""},
{"kubernetes.io/" + strings.Repeat("a", 64), false, ""},
{"kubernetes.io//", false, ""},
{"kubernetes.io", false, ""},
{"kubernetes.io/will/not/work/", false, ""},
Adding a 'Typename' strongtype for representing all compute resource types.
2015-01-16 19:34:47 -05:00
}
Add more information to Validator error messages.
2015-02-04 19:36:27 -05:00
for k, item := range table {
Move FieldPath and errors to a sub-package This makes the naming and reading a lot simpler.
2015-11-06 18:30:52 -05:00
err := validateResourceName(item.input, field.NewPath("field"))
Adding a 'Typename' strongtype for representing all compute resource types.
2015-01-16 19:34:47 -05:00
if len(err) != 0 && item.success {
t.Errorf("expected no failure for input %q", item.input)
} else if len(err) == 0 && !item.success {
t.Errorf("expected failure for input %q", item.input)
Add more information to Validator error messages.
2015-02-04 19:36:27 -05:00
for i := range err {
Stronger typing for validation ErrorList
2015-11-03 19:08:20 -05:00
detail := err[i].Detail
Make IsQualifiedName return error strings
2015-12-16 00:28:42 -05:00
if detail != "" && !strings.Contains(detail, item.expect) {
t.Errorf("%d: expected error detail either empty or %s, got %s", k, item.expect, detail)
Add more information to Validator error messages.
2015-02-04 19:36:27 -05:00
}
}
Adding a 'Typename' strongtype for representing all compute resource types.
2015-01-16 19:34:47 -05:00
}
}
}
Add a limit range resource
2015-01-22 16:52:40 -05:00
Fix precision handling in validating LimitRange
2015-09-08 14:49:54 -04:00
func getResourceList(cpu, memory string) api.ResourceList {
res := api.ResourceList{}
if cpu != "" {
res[api.ResourceCPU] = resource.MustParse(cpu)
Add LimitRange range validation
2015-06-16 16:16:34 -04:00
}
Fix precision handling in validating LimitRange
2015-09-08 14:49:54 -04:00
if memory != "" {
res[api.ResourceMemory] = resource.MustParse(memory)
Revert "Revert "LimitRange updates for Resource Requirements Requests""
2015-08-28 12:26:36 -04:00
}
Fix precision handling in validating LimitRange
2015-09-08 14:49:54 -04:00
return res
}
Revert "Revert "LimitRange updates for Resource Requirements Requests""
2015-08-28 12:26:36 -04:00
Fix validation of resources (cpu, memory, storage) for limit range types.
2016-03-09 18:11:26 -05:00
func getStorageResourceList(storage string) api.ResourceList {
res := api.ResourceList{}
if storage != "" {
res[api.ResourceStorage] = resource.MustParse(storage)
}
return res
}
Add feature gate and validate test for local storage limitrange
2017-08-16 04:55:17 -04:00
func getLocalStorageResourceList(ephemeralStorage string) api.ResourceList {
res := api.ResourceList{}
if ephemeralStorage != "" {
res[api.ResourceEphemeralStorage] = resource.MustParse(ephemeralStorage)
}
return res
}
func TestValidateLimitRangeForLocalStorage(t *testing.T) {
testCases := []struct {
name string
spec api.LimitRangeSpec
}{
{
name: "all-fields-valid",
spec: api.LimitRangeSpec{
Limits: []api.LimitRangeItem{
{
Type: api.LimitTypePod,
Max: getLocalStorageResourceList("10000Mi"),
Min: getLocalStorageResourceList("100Mi"),
MaxLimitRequestRatio: getLocalStorageResourceList(""),
},
{
Type: api.LimitTypeContainer,
Max: getLocalStorageResourceList("10000Mi"),
Min: getLocalStorageResourceList("100Mi"),
Default: getLocalStorageResourceList("500Mi"),
DefaultRequest: getLocalStorageResourceList("200Mi"),
MaxLimitRequestRatio: getLocalStorageResourceList(""),
},
},
},
},
}
// Enable alpha feature LocalStorageCapacityIsolation
err := utilfeature.DefaultFeatureGate.Set("LocalStorageCapacityIsolation=true")
if err != nil {
t.Errorf("Failed to enable feature gate for LocalStorageCapacityIsolation: %v", err)
return
}
for _, testCase := range testCases {
limitRange := &api.LimitRange{ObjectMeta: metav1.ObjectMeta{Name: testCase.name, Namespace: "foo"}, Spec: testCase.spec}
if errs := ValidateLimitRange(limitRange); len(errs) != 0 {
t.Errorf("Case %v, unexpected error: %v", testCase.name, errs)
}
}
// Disable alpha feature LocalStorageCapacityIsolation
err = utilfeature.DefaultFeatureGate.Set("LocalStorageCapacityIsolation=false")
if err != nil {
t.Errorf("Failed to disable feature gate for LocalStorageCapacityIsolation: %v", err)
return
}
for _, testCase := range testCases {
limitRange := &api.LimitRange{ObjectMeta: metav1.ObjectMeta{Name: testCase.name, Namespace: "foo"}, Spec: testCase.spec}
if errs := ValidateLimitRange(limitRange); len(errs) == 0 {
t.Errorf("Case %v, expected feature gate unable error but actually no error", testCase.name)
}
}
}
Fix precision handling in validating LimitRange
2015-09-08 14:49:54 -04:00
func TestValidateLimitRange(t *testing.T) {
successCases := []struct {
name string
spec api.LimitRangeSpec
}{
{
name: "all-fields-valid",
spec: api.LimitRangeSpec{
Limits: []api.LimitRangeItem{
{
Type: api.LimitTypePod,
Max: getResourceList("100m", "10000Mi"),
Min: getResourceList("5m", "100Mi"),
Validate LimitRange default and defaultRequest are not supported for limits of type Pod
2015-09-10 16:39:59 -04:00
MaxLimitRequestRatio: getResourceList("10", ""),
},
{
Type: api.LimitTypeContainer,
Max: getResourceList("100m", "10000Mi"),
Min: getResourceList("5m", "100Mi"),
Fix precision handling in validating LimitRange
2015-09-08 14:49:54 -04:00
Default: getResourceList("50m", "500Mi"),
DefaultRequest: getResourceList("10m", "200Mi"),
MaxLimitRequestRatio: getResourceList("10", ""),
},
add pvc storage to LimitRange
2016-08-15 10:19:15 -04:00
{
Type: api.LimitTypePersistentVolumeClaim,
Max: getStorageResourceList("10Gi"),
Min: getStorageResourceList("5Gi"),
},
Revert "Revert "LimitRange updates for Resource Requirements Requests""
2015-08-28 12:26:36 -04:00
},
},
},
loosened validation on pvc limitranger
2016-10-24 11:01:18 -04:00
{
name: "pvc-min-only",
spec: api.LimitRangeSpec{
Limits: []api.LimitRangeItem{
{
Type: api.LimitTypePersistentVolumeClaim,
Min: getStorageResourceList("5Gi"),
},
},
},
},
{
name: "pvc-max-only",
spec: api.LimitRangeSpec{
Limits: []api.LimitRangeItem{
{
Type: api.LimitTypePersistentVolumeClaim,
Max: getStorageResourceList("10Gi"),
},
},
},
},
Add a limit range resource
2015-01-22 16:52:40 -05:00
{
Fix precision handling in validating LimitRange
2015-09-08 14:49:54 -04:00
name: "all-fields-valid-big-numbers",
spec: api.LimitRangeSpec{
Limits: []api.LimitRangeItem{
{
Validate LimitRange default and defaultRequest are not supported for limits of type Pod
2015-09-10 16:39:59 -04:00
Type: api.LimitTypeContainer,
Fix precision handling in validating LimitRange
2015-09-08 14:49:54 -04:00
Max: getResourceList("100m", "10000T"),
Min: getResourceList("5m", "100Mi"),
Default: getResourceList("50m", "500Mi"),
DefaultRequest: getResourceList("10m", "200Mi"),
MaxLimitRequestRatio: getResourceList("10", ""),
},
},
Add a limit range resource
2015-01-22 16:52:40 -05:00
},
},
Fix validation of resources (cpu, memory, storage) for limit range types.
2016-03-09 18:11:26 -05:00
{
name: "thirdparty-fields-all-valid-standard-container-resources",
spec: api.LimitRangeSpec{
Limits: []api.LimitRangeItem{
{
Type: "thirdparty.com/foo",
Max: getResourceList("100m", "10000T"),
Min: getResourceList("5m", "100Mi"),
Default: getResourceList("50m", "500Mi"),
DefaultRequest: getResourceList("10m", "200Mi"),
MaxLimitRequestRatio: getResourceList("10", ""),
},
},
},
},
{
name: "thirdparty-fields-all-valid-storage-resources",
spec: api.LimitRangeSpec{
Limits: []api.LimitRangeItem{
{
Type: "thirdparty.com/foo",
Max: getStorageResourceList("10000T"),
Min: getStorageResourceList("100Mi"),
Default: getStorageResourceList("500Mi"),
DefaultRequest: getStorageResourceList("200Mi"),
MaxLimitRequestRatio: getStorageResourceList(""),
},
},
},
},
Add a limit range resource
2015-01-22 16:52:40 -05:00
}
Introduce a ResourceQuota object
2015-01-23 12:38:30 -05:00
Add a limit range resource
2015-01-22 16:52:40 -05:00
for _, successCase := range successCases {
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
limitRange := &api.LimitRange{ObjectMeta: metav1.ObjectMeta{Name: successCase.name, Namespace: "foo"}, Spec: successCase.spec}
Fix precision handling in validating LimitRange
2015-09-08 14:49:54 -04:00
if errs := ValidateLimitRange(limitRange); len(errs) != 0 {
t.Errorf("Case %v, unexpected error: %v", successCase.name, errs)
Add a limit range resource
2015-01-22 16:52:40 -05:00
}
}
Add more information to Validator error messages.
2015-02-04 19:36:27 -05:00
errorCases := map[string]struct {
R api.LimitRange
D string
}{
Fix precision handling in validating LimitRange
2015-09-08 14:49:54 -04:00
"zero-length-name": {
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
api.LimitRange{ObjectMeta: metav1.ObjectMeta{Name: "", Namespace: "foo"}, Spec: api.LimitRangeSpec{}},
Limit field errors to a single field name
2015-08-12 11:26:23 -04:00
"name or generateName is required",
Add a limit range resource
2015-01-22 16:52:40 -05:00
},
"zero-length-namespace": {
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
api.LimitRange{ObjectMeta: metav1.ObjectMeta{Name: "abc", Namespace: ""}, Spec: api.LimitRangeSpec{}},
Add more information to Validator error messages.
2015-02-04 19:36:27 -05:00
"",
},
Fix precision handling in validating LimitRange
2015-09-08 14:49:54 -04:00
"invalid-name": {
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
api.LimitRange{ObjectMeta: metav1.ObjectMeta{Name: "^Invalid", Namespace: "foo"}, Spec: api.LimitRangeSpec{}},
Improve error message for name/label validation. This patch added user readable naming rules to the output of the error messages for name/label validation.
2016-12-01 23:32:41 -05:00
dnsSubdomainLabelErrMsg,
Add more information to Validator error messages.
2015-02-04 19:36:27 -05:00
},
Fix precision handling in validating LimitRange
2015-09-08 14:49:54 -04:00
"invalid-namespace": {
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
api.LimitRange{ObjectMeta: metav1.ObjectMeta{Name: "abc", Namespace: "^Invalid"}, Spec: api.LimitRangeSpec{}},
Improve error message for name/label validation. This patch added user readable naming rules to the output of the error messages for name/label validation.
2016-12-01 23:32:41 -05:00
dnsLabelErrMsg,
Add a limit range resource
2015-01-22 16:52:40 -05:00
},
Fix precision handling in validating LimitRange
2015-09-08 14:49:54 -04:00
"duplicate-limit-type": {
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
api.LimitRange{ObjectMeta: metav1.ObjectMeta{Name: "abc", Namespace: "foo"}, Spec: api.LimitRangeSpec{
Fix precision handling in validating LimitRange
2015-09-08 14:49:54 -04:00
Limits: []api.LimitRangeItem{
{
Type: api.LimitTypePod,
Max: getResourceList("100m", "10000m"),
Min: getResourceList("0m", "100m"),
},
{
Type: api.LimitTypePod,
Min: getResourceList("0m", "100m"),
},
},
}},
Add LimitRange range validation
2015-06-16 16:16:34 -04:00
"",
},
Validate LimitRange default and defaultRequest are not supported for limits of type Pod
2015-09-10 16:39:59 -04:00
"default-limit-type-pod": {
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
api.LimitRange{ObjectMeta: metav1.ObjectMeta{Name: "abc", Namespace: "foo"}, Spec: api.LimitRangeSpec{
Validate LimitRange default and defaultRequest are not supported for limits of type Pod
2015-09-10 16:39:59 -04:00
Limits: []api.LimitRangeItem{
{
Type: api.LimitTypePod,
Max: getResourceList("100m", "10000m"),
Min: getResourceList("0m", "100m"),
Default: getResourceList("10m", "100m"),
},
},
}},
Clean up and document validation strings Also add a detail string for Required and Forbidden. Fix tests.
2015-11-14 15:26:04 -05:00
"may not be specified when `type` is 'Pod'",
Validate LimitRange default and defaultRequest are not supported for limits of type Pod
2015-09-10 16:39:59 -04:00
},
"default-request-limit-type-pod": {
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
api.LimitRange{ObjectMeta: metav1.ObjectMeta{Name: "abc", Namespace: "foo"}, Spec: api.LimitRangeSpec{
Validate LimitRange default and defaultRequest are not supported for limits of type Pod
2015-09-10 16:39:59 -04:00
Limits: []api.LimitRangeItem{
{
Type: api.LimitTypePod,
Max: getResourceList("100m", "10000m"),
Min: getResourceList("0m", "100m"),
DefaultRequest: getResourceList("10m", "100m"),
},
},
}},
Clean up and document validation strings Also add a detail string for Required and Forbidden. Fix tests.
2015-11-14 15:26:04 -05:00
"may not be specified when `type` is 'Pod'",
Validate LimitRange default and defaultRequest are not supported for limits of type Pod
2015-09-10 16:39:59 -04:00
},
Fix precision handling in validating LimitRange
2015-09-08 14:49:54 -04:00
"min value 100m is greater than max value 10m": {
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
api.LimitRange{ObjectMeta: metav1.ObjectMeta{Name: "abc", Namespace: "foo"}, Spec: api.LimitRangeSpec{
Fix precision handling in validating LimitRange
2015-09-08 14:49:54 -04:00
Limits: []api.LimitRangeItem{
{
Type: api.LimitTypePod,
Max: getResourceList("10m", ""),
Min: getResourceList("100m", ""),
},
},
}},
"min value 100m is greater than max value 10m",
Add LimitRange range validation
2015-06-16 16:16:34 -04:00
},
"invalid spec default outside range": {
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
api.LimitRange{ObjectMeta: metav1.ObjectMeta{Name: "abc", Namespace: "foo"}, Spec: api.LimitRangeSpec{
Fix precision handling in validating LimitRange
2015-09-08 14:49:54 -04:00
Limits: []api.LimitRangeItem{
{
Validate LimitRange default and defaultRequest are not supported for limits of type Pod
2015-09-10 16:39:59 -04:00
Type: api.LimitTypeContainer,
Fix precision handling in validating LimitRange
2015-09-08 14:49:54 -04:00
Max: getResourceList("1", ""),
Min: getResourceList("100m", ""),
Default: getResourceList("2000m", ""),
},
},
}},
"default value 2 is greater than max value 1",
Add LimitRange range validation
2015-06-16 16:16:34 -04:00
},
Add feature gate and validate test for local storage limitrange
2017-08-16 04:55:17 -04:00
"invalid spec default request outside range": {
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
api.LimitRange{ObjectMeta: metav1.ObjectMeta{Name: "abc", Namespace: "foo"}, Spec: api.LimitRangeSpec{
Fix precision handling in validating LimitRange
2015-09-08 14:49:54 -04:00
Limits: []api.LimitRangeItem{
{
Validate LimitRange default and defaultRequest are not supported for limits of type Pod
2015-09-10 16:39:59 -04:00
Type: api.LimitTypeContainer,
Fix precision handling in validating LimitRange
2015-09-08 14:49:54 -04:00
Max: getResourceList("1", ""),
Min: getResourceList("100m", ""),
DefaultRequest: getResourceList("2000m", ""),
},
},
}},
"default request value 2 is greater than max value 1",
Revert "Revert "LimitRange updates for Resource Requirements Requests""
2015-08-28 12:26:36 -04:00
},
Add feature gate and validate test for local storage limitrange
2017-08-16 04:55:17 -04:00
"invalid spec default request more than default": {
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
api.LimitRange{ObjectMeta: metav1.ObjectMeta{Name: "abc", Namespace: "foo"}, Spec: api.LimitRangeSpec{
Fix precision handling in validating LimitRange
2015-09-08 14:49:54 -04:00
Limits: []api.LimitRangeItem{
{
Type: api.LimitTypeContainer,
Max: getResourceList("2", ""),
Min: getResourceList("100m", ""),
Default: getResourceList("500m", ""),
DefaultRequest: getResourceList("800m", ""),
},
},
}},
"default request value 800m is greater than default limit value 500m",
Revert "Revert "LimitRange updates for Resource Requirements Requests""
2015-08-28 12:26:36 -04:00
},
Add validation to MaxLimitRequestRatio in LimitRange MaxLimitRequestRatio should >=1 MaxLimitRequestRatio should <= max/min(if both are specified)
2015-09-11 03:38:38 -04:00
"invalid spec maxLimitRequestRatio less than 1": {
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
api.LimitRange{ObjectMeta: metav1.ObjectMeta{Name: "abc", Namespace: "foo"}, Spec: api.LimitRangeSpec{
Add validation to MaxLimitRequestRatio in LimitRange MaxLimitRequestRatio should >=1 MaxLimitRequestRatio should <= max/min(if both are specified)
2015-09-11 03:38:38 -04:00
Limits: []api.LimitRangeItem{
{
Type: api.LimitTypePod,
MaxLimitRequestRatio: getResourceList("800m", ""),
},
},
}},
Convert validation to use FieldPath Before this change we have a mish-mash of ways to pass field names around for error generation. Sometimes string fieldnames, sometimes .Prefix(), sometimes neither, often wrong names or not indexed when it should be. Instead of that mess, this is part one of a couple of commits that will make it more strongly typed and hopefully encourage correct behavior. At least you will have to think about field names, which is better than nothing. It turned out to be really hard to do this incrementally.
2015-11-04 16:52:14 -05:00
"ratio 800m is less than 1",
Add validation to MaxLimitRequestRatio in LimitRange MaxLimitRequestRatio should >=1 MaxLimitRequestRatio should <= max/min(if both are specified)
2015-09-11 03:38:38 -04:00
},
"invalid spec maxLimitRequestRatio greater than max/min": {
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
api.LimitRange{ObjectMeta: metav1.ObjectMeta{Name: "abc", Namespace: "foo"}, Spec: api.LimitRangeSpec{
Add validation to MaxLimitRequestRatio in LimitRange MaxLimitRequestRatio should >=1 MaxLimitRequestRatio should <= max/min(if both are specified)
2015-09-11 03:38:38 -04:00
Limits: []api.LimitRangeItem{
{
Type: api.LimitTypeContainer,
Max: getResourceList("", "2Gi"),
Min: getResourceList("", "512Mi"),
MaxLimitRequestRatio: getResourceList("", "10"),
},
},
}},
Convert validation to use FieldPath Before this change we have a mish-mash of ways to pass field names around for error generation. Sometimes string fieldnames, sometimes .Prefix(), sometimes neither, often wrong names or not indexed when it should be. Instead of that mess, this is part one of a couple of commits that will make it more strongly typed and hopefully encourage correct behavior. At least you will have to think about field names, which is better than nothing. It turned out to be really hard to do this incrementally.
2015-11-04 16:52:14 -05:00
"ratio 10 is greater than max/min = 4.000000",
Add validation to MaxLimitRequestRatio in LimitRange MaxLimitRequestRatio should >=1 MaxLimitRequestRatio should <= max/min(if both are specified)
2015-09-11 03:38:38 -04:00
},
Fix validation of resources (cpu, memory, storage) for limit range types.
2016-03-09 18:11:26 -05:00
"invalid non standard limit type": {
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
api.LimitRange{ObjectMeta: metav1.ObjectMeta{Name: "abc", Namespace: "foo"}, Spec: api.LimitRangeSpec{
Fix validation of resources (cpu, memory, storage) for limit range types.
2016-03-09 18:11:26 -05:00
Limits: []api.LimitRangeItem{
{
Type: "foo",
Max: getStorageResourceList("10000T"),
Min: getStorageResourceList("100Mi"),
Default: getStorageResourceList("500Mi"),
DefaultRequest: getStorageResourceList("200Mi"),
MaxLimitRequestRatio: getStorageResourceList(""),
},
},
}},
"must be a standard limit type or fully qualified",
},
loosened validation on pvc limitranger
2016-10-24 11:01:18 -04:00
"min and max values missing, one required": {
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
api.LimitRange{ObjectMeta: metav1.ObjectMeta{Name: "abc", Namespace: "foo"}, Spec: api.LimitRangeSpec{
add pvc storage to LimitRange
2016-08-15 10:19:15 -04:00
Limits: []api.LimitRangeItem{
{
Type: api.LimitTypePersistentVolumeClaim,
},
},
}},
loosened validation on pvc limitranger
2016-10-24 11:01:18 -04:00
"either minimum or maximum storage value is required, but neither was provided",
add pvc storage to LimitRange
2016-08-15 10:19:15 -04:00
},
"invalid min greater than max": {
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
api.LimitRange{ObjectMeta: metav1.ObjectMeta{Name: "abc", Namespace: "foo"}, Spec: api.LimitRangeSpec{
add pvc storage to LimitRange
2016-08-15 10:19:15 -04:00
Limits: []api.LimitRangeItem{
{
Type: api.LimitTypePersistentVolumeClaim,
Min: getStorageResourceList("10Gi"),
Max: getStorageResourceList("1Gi"),
},
},
}},
"min value 10Gi is greater than max value 1Gi",
},
Add a limit range resource
2015-01-22 16:52:40 -05:00
}
Fix precision handling in validating LimitRange
2015-09-08 14:49:54 -04:00
Add a limit range resource
2015-01-22 16:52:40 -05:00
for k, v := range errorCases {
Add more information to Validator error messages.
2015-02-04 19:36:27 -05:00
errs := ValidateLimitRange(&v.R)
Add a limit range resource
2015-01-22 16:52:40 -05:00
if len(errs) == 0 {
t.Errorf("expected failure for %s", k)
}
for i := range errs {
Stronger typing for validation ErrorList
2015-11-03 19:08:20 -05:00
detail := errs[i].Detail
Make IsDNS1123Label return error strings
2015-12-16 02:49:58 -05:00
if !strings.Contains(detail, v.D) {
Convert validation to use FieldPath Before this change we have a mish-mash of ways to pass field names around for error generation. Sometimes string fieldnames, sometimes .Prefix(), sometimes neither, often wrong names or not indexed when it should be. Instead of that mess, this is part one of a couple of commits that will make it more strongly typed and hopefully encourage correct behavior. At least you will have to think about field names, which is better than nothing. It turned out to be really hard to do this incrementally.
2015-11-04 16:52:14 -05:00
t.Errorf("[%s]: expected error detail either empty or %q, got %q", k, v.D, detail)
Add more information to Validator error messages.
2015-02-04 19:36:27 -05:00
}
Add a limit range resource
2015-01-22 16:52:40 -05:00
}
}
Fix precision handling in validating LimitRange
2015-09-08 14:49:54 -04:00
Add a limit range resource
2015-01-22 16:52:40 -05:00
}
Introduce a ResourceQuota object
2015-01-23 12:38:30 -05:00
func TestValidateResourceQuota(t *testing.T) {
Add more information to Validator error messages.
2015-02-04 19:36:27 -05:00
spec := api.ResourceQuotaSpec{
Hard: api.ResourceList{
api.ResourceCPU: resource.MustParse("100"),
api.ResourceMemory: resource.MustParse("10000"),
ResourceQuota API validation for scopes and new resource types
2016-02-22 11:14:11 -05:00
api.ResourceRequestsCPU: resource.MustParse("100"),
api.ResourceRequestsMemory: resource.MustParse("10000"),
api.ResourceLimitsCPU: resource.MustParse("100"),
api.ResourceLimitsMemory: resource.MustParse("10000"),
Add more information to Validator error messages.
2015-02-04 19:36:27 -05:00
api.ResourcePods: resource.MustParse("10"),
Ensure ResourceQuota values are non-negative
2015-09-24 10:15:40 -04:00
api.ResourceServices: resource.MustParse("0"),
Add more information to Validator error messages.
2015-02-04 19:36:27 -05:00
api.ResourceReplicationControllers: resource.MustParse("10"),
api.ResourceQuotas: resource.MustParse("10"),
Add resource quota for ConfigMap
2016-02-29 12:02:05 -05:00
api.ResourceConfigMaps: resource.MustParse("10"),
api.ResourceSecrets: resource.MustParse("10"),
Add more information to Validator error messages.
2015-02-04 19:36:27 -05:00
},
}
ResourceQuota API validation for scopes and new resource types
2016-02-22 11:14:11 -05:00
terminatingSpec := api.ResourceQuotaSpec{
Hard: api.ResourceList{
api.ResourceCPU: resource.MustParse("100"),
api.ResourceLimitsCPU: resource.MustParse("200"),
},
Scopes: []api.ResourceQuotaScope{api.ResourceQuotaScopeTerminating},
}
nonTerminatingSpec := api.ResourceQuotaSpec{
Hard: api.ResourceList{
api.ResourceCPU: resource.MustParse("100"),
},
Scopes: []api.ResourceQuotaScope{api.ResourceQuotaScopeNotTerminating},
}
bestEffortSpec := api.ResourceQuotaSpec{
Hard: api.ResourceList{
api.ResourcePods: resource.MustParse("100"),
},
Scopes: []api.ResourceQuotaScope{api.ResourceQuotaScopeBestEffort},
}
nonBestEffortSpec := api.ResourceQuotaSpec{
Hard: api.ResourceList{
api.ResourceCPU: resource.MustParse("100"),
},
Scopes: []api.ResourceQuotaScope{api.ResourceQuotaScopeNotBestEffort},
}
// storage is not yet supported as a quota tracked resource
invalidQuotaResourceSpec := api.ResourceQuotaSpec{
Hard: api.ResourceList{
api.ResourceStorage: resource.MustParse("10"),
},
}
Ensure ResourceQuota values are non-negative
2015-09-24 10:15:40 -04:00
negativeSpec := api.ResourceQuotaSpec{
Hard: api.ResourceList{
api.ResourceCPU: resource.MustParse("-100"),
api.ResourceMemory: resource.MustParse("-10000"),
api.ResourcePods: resource.MustParse("-10"),
api.ResourceServices: resource.MustParse("-10"),
api.ResourceReplicationControllers: resource.MustParse("-10"),
api.ResourceQuotas: resource.MustParse("-10"),
Add resource quota for ConfigMap
2016-02-29 12:02:05 -05:00
api.ResourceConfigMaps: resource.MustParse("-10"),
api.ResourceSecrets: resource.MustParse("-10"),
Ensure ResourceQuota values are non-negative
2015-09-24 10:15:40 -04:00
},
}
Resource Quota should not let fractional values for API resources
2015-10-13 17:27:56 -04:00
fractionalComputeSpec := api.ResourceQuotaSpec{
Hard: api.ResourceList{
api.ResourceCPU: resource.MustParse("100m"),
},
}
fractionalPodSpec := api.ResourceQuotaSpec{
Hard: api.ResourceList{
api.ResourcePods: resource.MustParse(".1"),
api.ResourceServices: resource.MustParse(".5"),
api.ResourceReplicationControllers: resource.MustParse("1.25"),
api.ResourceQuotas: resource.MustParse("2.5"),
},
}
ResourceQuota API validation for scopes and new resource types
2016-02-22 11:14:11 -05:00
invalidTerminatingScopePairsSpec := api.ResourceQuotaSpec{
Hard: api.ResourceList{
api.ResourceCPU: resource.MustParse("100"),
},
Scopes: []api.ResourceQuotaScope{api.ResourceQuotaScopeTerminating, api.ResourceQuotaScopeNotTerminating},
}
invalidBestEffortScopePairsSpec := api.ResourceQuotaSpec{
Hard: api.ResourceList{
api.ResourcePods: resource.MustParse("100"),
},
Scopes: []api.ResourceQuotaScope{api.ResourceQuotaScopeBestEffort, api.ResourceQuotaScopeNotBestEffort},
}
invalidScopeNameSpec := api.ResourceQuotaSpec{
Hard: api.ResourceList{
api.ResourceCPU: resource.MustParse("100"),
},
Scopes: []api.ResourceQuotaScope{api.ResourceQuotaScope("foo")},
}
Introduce a ResourceQuota object
2015-01-23 12:38:30 -05:00
successCases := []api.ResourceQuota{
{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Introduce a ResourceQuota object
2015-01-23 12:38:30 -05:00
Name: "abc",
Namespace: "foo",
},
Add more information to Validator error messages.
2015-02-04 19:36:27 -05:00
Spec: spec,
Introduce a ResourceQuota object
2015-01-23 12:38:30 -05:00
},
Resource Quota should not let fractional values for API resources
2015-10-13 17:27:56 -04:00
{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Resource Quota should not let fractional values for API resources
2015-10-13 17:27:56 -04:00
Name: "abc",
Namespace: "foo",
},
Spec: fractionalComputeSpec,
},
ResourceQuota API validation for scopes and new resource types
2016-02-22 11:14:11 -05:00
{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
ResourceQuota API validation for scopes and new resource types
2016-02-22 11:14:11 -05:00
Name: "abc",
Namespace: "foo",
},
Spec: terminatingSpec,
},
{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
ResourceQuota API validation for scopes and new resource types
2016-02-22 11:14:11 -05:00
Name: "abc",
Namespace: "foo",
},
Spec: nonTerminatingSpec,
},
{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
ResourceQuota API validation for scopes and new resource types
2016-02-22 11:14:11 -05:00
Name: "abc",
Namespace: "foo",
},
Spec: bestEffortSpec,
},
{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
ResourceQuota API validation for scopes and new resource types
2016-02-22 11:14:11 -05:00
Name: "abc",
Namespace: "foo",
},
Spec: nonBestEffortSpec,
},
Introduce a ResourceQuota object
2015-01-23 12:38:30 -05:00
}
for _, successCase := range successCases {
if errs := ValidateResourceQuota(&successCase); len(errs) != 0 {
t.Errorf("expected success: %v", errs)
}
}
Add more information to Validator error messages.
2015-02-04 19:36:27 -05:00
errorCases := map[string]struct {
R api.ResourceQuota
D string
}{
Introduce a ResourceQuota object
2015-01-23 12:38:30 -05:00
"zero-length Name": {
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
api.ResourceQuota{ObjectMeta: metav1.ObjectMeta{Name: "", Namespace: "foo"}, Spec: spec},
Limit field errors to a single field name
2015-08-12 11:26:23 -04:00
"name or generateName is required",
Introduce a ResourceQuota object
2015-01-23 12:38:30 -05:00
},
Add more information to Validator error messages.
2015-02-04 19:36:27 -05:00
"zero-length Namespace": {
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
api.ResourceQuota{ObjectMeta: metav1.ObjectMeta{Name: "abc", Namespace: ""}, Spec: spec},
Add more information to Validator error messages.
2015-02-04 19:36:27 -05:00
"",
},
"invalid Name": {
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
api.ResourceQuota{ObjectMeta: metav1.ObjectMeta{Name: "^Invalid", Namespace: "foo"}, Spec: spec},
Improve error message for name/label validation. This patch added user readable naming rules to the output of the error messages for name/label validation.
2016-12-01 23:32:41 -05:00
dnsSubdomainLabelErrMsg,
Add more information to Validator error messages.
2015-02-04 19:36:27 -05:00
},
"invalid Namespace": {
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
api.ResourceQuota{ObjectMeta: metav1.ObjectMeta{Name: "abc", Namespace: "^Invalid"}, Spec: spec},
Improve error message for name/label validation. This patch added user readable naming rules to the output of the error messages for name/label validation.
2016-12-01 23:32:41 -05:00
dnsLabelErrMsg,
Introduce a ResourceQuota object
2015-01-23 12:38:30 -05:00
},
Ensure ResourceQuota values are non-negative
2015-09-24 10:15:40 -04:00
"negative-limits": {
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
api.ResourceQuota{ObjectMeta: metav1.ObjectMeta{Name: "abc", Namespace: "foo"}, Spec: negativeSpec},
Ensure ResourceQuota values are non-negative
2015-09-24 10:15:40 -04:00
isNegativeErrorMsg,
},
Resource Quota should not let fractional values for API resources
2015-10-13 17:27:56 -04:00
"fractional-api-resource": {
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
api.ResourceQuota{ObjectMeta: metav1.ObjectMeta{Name: "abc", Namespace: "foo"}, Spec: fractionalPodSpec},
Resource Quota should not let fractional values for API resources
2015-10-13 17:27:56 -04:00
isNotIntegerErrorMsg,
},
ResourceQuota API validation for scopes and new resource types
2016-02-22 11:14:11 -05:00
"invalid-quota-resource": {
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
api.ResourceQuota{ObjectMeta: metav1.ObjectMeta{Name: "abc", Namespace: "foo"}, Spec: invalidQuotaResourceSpec},
ResourceQuota API validation for scopes and new resource types
2016-02-22 11:14:11 -05:00
isInvalidQuotaResource,
},
"invalid-quota-terminating-pair": {
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
api.ResourceQuota{ObjectMeta: metav1.ObjectMeta{Name: "abc", Namespace: "foo"}, Spec: invalidTerminatingScopePairsSpec},
ResourceQuota API validation for scopes and new resource types
2016-02-22 11:14:11 -05:00
"conflicting scopes",
},
"invalid-quota-besteffort-pair": {
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
api.ResourceQuota{ObjectMeta: metav1.ObjectMeta{Name: "abc", Namespace: "foo"}, Spec: invalidBestEffortScopePairsSpec},
ResourceQuota API validation for scopes and new resource types
2016-02-22 11:14:11 -05:00
"conflicting scopes",
},
"invalid-quota-scope-name": {
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
api.ResourceQuota{ObjectMeta: metav1.ObjectMeta{Name: "abc", Namespace: "foo"}, Spec: invalidScopeNameSpec},
ResourceQuota API validation for scopes and new resource types
2016-02-22 11:14:11 -05:00
"unsupported scope",
},
Introduce a ResourceQuota object
2015-01-23 12:38:30 -05:00
}
for k, v := range errorCases {
Add more information to Validator error messages.
2015-02-04 19:36:27 -05:00
errs := ValidateResourceQuota(&v.R)
Introduce a ResourceQuota object
2015-01-23 12:38:30 -05:00
if len(errs) == 0 {
t.Errorf("expected failure for %s", k)
}
for i := range errs {
Make IsDNS1123Label return error strings
2015-12-16 02:49:58 -05:00
if !strings.Contains(errs[i].Detail, v.D) {
Convert validation to use FieldPath Before this change we have a mish-mash of ways to pass field names around for error generation. Sometimes string fieldnames, sometimes .Prefix(), sometimes neither, often wrong names or not indexed when it should be. Instead of that mess, this is part one of a couple of commits that will make it more strongly typed and hopefully encourage correct behavior. At least you will have to think about field names, which is better than nothing. It turned out to be really hard to do this incrementally.
2015-11-04 16:52:14 -05:00
t.Errorf("[%s]: expected error detail either empty or %s, got %s", k, v.D, errs[i].Detail)
Add more information to Validator error messages.
2015-02-04 19:36:27 -05:00
}
Introduce a ResourceQuota object
2015-01-23 12:38:30 -05:00
}
}
}
Add support for Namespace as Kind Add example for using namespaces
2015-01-19 16:50:00 -05:00
func TestValidateNamespace(t *testing.T) {
validLabels := map[string]string{"a": "b"}
invalidLabels := map[string]string{"NoUppercaseOrSpecialCharsLike=Equals": "b"}
successCases := []api.Namespace{
{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{Name: "abc", Labels: validLabels},
Add support for Namespace as Kind Add example for using namespaces
2015-01-19 16:50:00 -05:00
},
{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{Name: "abc-123"},
Client must specifiy a resource version on finalize
2015-03-31 17:00:04 -04:00
Spec: api.NamespaceSpec{
Finalizers: []api.FinalizerName{"example.com/something", "example.com/other"},
},
Add support for Namespace as Kind Add example for using namespaces
2015-01-19 16:50:00 -05:00
},
}
for _, successCase := range successCases {
if errs := ValidateNamespace(&successCase); len(errs) != 0 {
t.Errorf("expected success: %v", errs)
}
}
errorCases := map[string]struct {
R api.Namespace
D string
}{
"zero-length name": {
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
api.Namespace{ObjectMeta: metav1.ObjectMeta{Name: ""}},
Add support for Namespace as Kind Add example for using namespaces
2015-01-19 16:50:00 -05:00
"",
},
"defined-namespace": {
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
api.Namespace{ObjectMeta: metav1.ObjectMeta{Name: "abc-123", Namespace: "makesnosense"}},
Add support for Namespace as Kind Add example for using namespaces
2015-01-19 16:50:00 -05:00
"",
},
"invalid-labels": {
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
api.Namespace{ObjectMeta: metav1.ObjectMeta{Name: "abc", Labels: invalidLabels}},
Add support for Namespace as Kind Add example for using namespaces
2015-01-19 16:50:00 -05:00
"",
},
}
for k, v := range errorCases {
errs := ValidateNamespace(&v.R)
if len(errs) == 0 {
t.Errorf("expected failure for %s", k)
}
}
}
Namespace.Spec.Finalizer support
2015-03-20 12:48:12 -04:00
func TestValidateNamespaceFinalizeUpdate(t *testing.T) {
tests := []struct {
oldNamespace api.Namespace
namespace api.Namespace
valid bool
}{
{api.Namespace{}, api.Namespace{}, true},
{api.Namespace{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Namespace.Spec.Finalizer support
2015-03-20 12:48:12 -04:00
Name: "foo"}},
api.Namespace{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Namespace.Spec.Finalizer support
2015-03-20 12:48:12 -04:00
Name: "foo"},
Spec: api.NamespaceSpec{
Finalizers: []api.FinalizerName{"Foo"},
},
}, false},
{api.Namespace{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Namespace.Spec.Finalizer support
2015-03-20 12:48:12 -04:00
Name: "foo"},
Spec: api.NamespaceSpec{
Finalizers: []api.FinalizerName{"foo.com/bar"},
},
},
api.Namespace{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Namespace.Spec.Finalizer support
2015-03-20 12:48:12 -04:00
Name: "foo"},
Spec: api.NamespaceSpec{
Finalizers: []api.FinalizerName{"foo.com/bar", "what.com/bar"},
},
}, true},
Client must specifiy a resource version on finalize
2015-03-31 17:00:04 -04:00
{api.Namespace{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Client must specifiy a resource version on finalize
2015-03-31 17:00:04 -04:00
Name: "fooemptyfinalizer"},
Spec: api.NamespaceSpec{
Finalizers: []api.FinalizerName{"foo.com/bar"},
},
},
api.Namespace{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Client must specifiy a resource version on finalize
2015-03-31 17:00:04 -04:00
Name: "fooemptyfinalizer"},
Spec: api.NamespaceSpec{
Finalizers: []api.FinalizerName{"", "foo.com/bar", "what.com/bar"},
},
}, false},
Namespace.Spec.Finalizer support
2015-03-20 12:48:12 -04:00
}
for i, test := range tests {
Give better error message for PUTs with no resource version
2015-03-19 20:51:07 -04:00
test.namespace.ObjectMeta.ResourceVersion = "1"
test.oldNamespace.ObjectMeta.ResourceVersion = "1"
Namespace.Spec.Finalizer support
2015-03-20 12:48:12 -04:00
errs := ValidateNamespaceFinalizeUpdate(&test.namespace, &test.oldNamespace)
if test.valid && len(errs) > 0 {
t.Errorf("%d: Unexpected error: %v", i, errs)
t.Logf("%#v vs %#v", test.oldNamespace, test.namespace)
}
if !test.valid && len(errs) == 0 {
t.Errorf("%d: Unexpected non-error", i)
}
}
}
func TestValidateNamespaceStatusUpdate(t *testing.T) {
refactor: generated
2016-12-03 13:57:26 -05:00
now := metav1.Now()
Improve validation and fix not throwing an error during ns delete
2015-04-10 11:41:18 -04:00
Namespace.Spec.Finalizer support
2015-03-20 12:48:12 -04:00
tests := []struct {
oldNamespace api.Namespace
namespace api.Namespace
valid bool
}{
Improve validation and fix not throwing an error during ns delete
2015-04-10 11:41:18 -04:00
{api.Namespace{}, api.Namespace{
Status: api.NamespaceStatus{
Phase: api.NamespaceActive,
},
}, true},
Validate deletion timestamp doesn't change on update
2016-04-28 11:50:48 -04:00
// Cannot set deletionTimestamp via status update
Namespace.Spec.Finalizer support
2015-03-20 12:48:12 -04:00
{api.Namespace{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Namespace.Spec.Finalizer support
2015-03-20 12:48:12 -04:00
Name: "foo"}},
api.Namespace{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Improve validation and fix not throwing an error during ns delete
2015-04-10 11:41:18 -04:00
Name: "foo",
DeletionTimestamp: &now},
Namespace.Spec.Finalizer support
2015-03-20 12:48:12 -04:00
Status: api.NamespaceStatus{
Phase: api.NamespaceTerminating,
},
Validate deletion timestamp doesn't change on update
2016-04-28 11:50:48 -04:00
}, false},
// Can update phase via status update
{api.Namespace{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Validate deletion timestamp doesn't change on update
2016-04-28 11:50:48 -04:00
Name: "foo",
DeletionTimestamp: &now}},
api.Namespace{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Validate deletion timestamp doesn't change on update
2016-04-28 11:50:48 -04:00
Name: "foo",
DeletionTimestamp: &now},
Status: api.NamespaceStatus{
Phase: api.NamespaceTerminating,
},
Namespace.Spec.Finalizer support
2015-03-20 12:48:12 -04:00
}, true},
Improve validation and fix not throwing an error during ns delete
2015-04-10 11:41:18 -04:00
{api.Namespace{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Improve validation and fix not throwing an error during ns delete
2015-04-10 11:41:18 -04:00
Name: "foo"}},
api.Namespace{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Improve validation and fix not throwing an error during ns delete
2015-04-10 11:41:18 -04:00
Name: "foo"},
Status: api.NamespaceStatus{
Phase: api.NamespaceTerminating,
},
}, false},
Namespace.Spec.Finalizer support
2015-03-20 12:48:12 -04:00
{api.Namespace{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Namespace.Spec.Finalizer support
2015-03-20 12:48:12 -04:00
Name: "foo"}},
api.Namespace{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Namespace.Spec.Finalizer support
2015-03-20 12:48:12 -04:00
Name: "bar"},
Status: api.NamespaceStatus{
Phase: api.NamespaceTerminating,
},
}, false},
}
for i, test := range tests {
Give better error message for PUTs with no resource version
2015-03-19 20:51:07 -04:00
test.namespace.ObjectMeta.ResourceVersion = "1"
test.oldNamespace.ObjectMeta.ResourceVersion = "1"
Improve validation and fix not throwing an error during ns delete
2015-04-10 11:41:18 -04:00
errs := ValidateNamespaceStatusUpdate(&test.namespace, &test.oldNamespace)
Namespace.Spec.Finalizer support
2015-03-20 12:48:12 -04:00
if test.valid && len(errs) > 0 {
t.Errorf("%d: Unexpected error: %v", i, errs)
t.Logf("%#v vs %#v", test.oldNamespace.ObjectMeta, test.namespace.ObjectMeta)
}
if !test.valid && len(errs) == 0 {
t.Errorf("%d: Unexpected non-error", i)
}
}
}
Add support for Namespace as Kind Add example for using namespaces
2015-01-19 16:50:00 -05:00
func TestValidateNamespaceUpdate(t *testing.T) {
tests := []struct {
oldNamespace api.Namespace
namespace api.Namespace
valid bool
}{
{api.Namespace{}, api.Namespace{}, true},
{api.Namespace{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Client must specifiy a resource version on finalize
2015-03-31 17:00:04 -04:00
Name: "foo1"}},
Add support for Namespace as Kind Add example for using namespaces
2015-01-19 16:50:00 -05:00
api.Namespace{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Client must specifiy a resource version on finalize
2015-03-31 17:00:04 -04:00
Name: "bar1"},
Add support for Namespace as Kind Add example for using namespaces
2015-01-19 16:50:00 -05:00
}, false},
{api.Namespace{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Client must specifiy a resource version on finalize
2015-03-31 17:00:04 -04:00
Name: "foo2",
Add support for Namespace as Kind Add example for using namespaces
2015-01-19 16:50:00 -05:00
Labels: map[string]string{"foo": "bar"},
},
}, api.Namespace{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Client must specifiy a resource version on finalize
2015-03-31 17:00:04 -04:00
Name: "foo2",
Add support for Namespace as Kind Add example for using namespaces
2015-01-19 16:50:00 -05:00
Labels: map[string]string{"foo": "baz"},
},
}, true},
{api.Namespace{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Client must specifiy a resource version on finalize
2015-03-31 17:00:04 -04:00
Name: "foo3",
Add support for Namespace as Kind Add example for using namespaces
2015-01-19 16:50:00 -05:00
},
}, api.Namespace{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Client must specifiy a resource version on finalize
2015-03-31 17:00:04 -04:00
Name: "foo3",
Add support for Namespace as Kind Add example for using namespaces
2015-01-19 16:50:00 -05:00
Labels: map[string]string{"foo": "baz"},
},
}, true},
{api.Namespace{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Client must specifiy a resource version on finalize
2015-03-31 17:00:04 -04:00
Name: "foo4",
Add support for Namespace as Kind Add example for using namespaces
2015-01-19 16:50:00 -05:00
Labels: map[string]string{"bar": "foo"},
},
}, api.Namespace{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Client must specifiy a resource version on finalize
2015-03-31 17:00:04 -04:00
Name: "foo4",
Add support for Namespace as Kind Add example for using namespaces
2015-01-19 16:50:00 -05:00
Labels: map[string]string{"foo": "baz"},
},
}, true},
{api.Namespace{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Client must specifiy a resource version on finalize
2015-03-31 17:00:04 -04:00
Name: "foo5",
Add support for Namespace as Kind Add example for using namespaces
2015-01-19 16:50:00 -05:00
Labels: map[string]string{"foo": "baz"},
},
}, api.Namespace{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Client must specifiy a resource version on finalize
2015-03-31 17:00:04 -04:00
Name: "foo5",
Add support for Namespace as Kind Add example for using namespaces
2015-01-19 16:50:00 -05:00
Labels: map[string]string{"Foo": "baz"},
},
Loosen label and annotation validation and related tests
2015-02-27 10:08:02 -05:00
}, true},
Client must specifiy a resource version on finalize
2015-03-31 17:00:04 -04:00
{api.Namespace{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Client must specifiy a resource version on finalize
2015-03-31 17:00:04 -04:00
Name: "foo6",
Labels: map[string]string{"foo": "baz"},
},
}, api.Namespace{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Client must specifiy a resource version on finalize
2015-03-31 17:00:04 -04:00
Name: "foo6",
Labels: map[string]string{"Foo": "baz"},
},
Spec: api.NamespaceSpec{
Finalizers: []api.FinalizerName{"kubernetes"},
},
Status: api.NamespaceStatus{
Phase: api.NamespaceTerminating,
},
}, true},
Add support for Namespace as Kind Add example for using namespaces
2015-01-19 16:50:00 -05:00
}
for i, test := range tests {
Give better error message for PUTs with no resource version
2015-03-19 20:51:07 -04:00
test.namespace.ObjectMeta.ResourceVersion = "1"
test.oldNamespace.ObjectMeta.ResourceVersion = "1"
Client must specifiy a resource version on finalize
2015-03-31 17:00:04 -04:00
errs := ValidateNamespaceUpdate(&test.namespace, &test.oldNamespace)
Add support for Namespace as Kind Add example for using namespaces
2015-01-19 16:50:00 -05:00
if test.valid && len(errs) > 0 {
t.Errorf("%d: Unexpected error: %v", i, errs)
t.Logf("%#v vs %#v", test.oldNamespace.ObjectMeta, test.namespace.ObjectMeta)
}
if !test.valid && len(errs) == 0 {
t.Errorf("%d: Unexpected non-error", i)
}
}
}
Secret API resource
2015-02-17 20:24:50 -05:00
func TestValidateSecret(t *testing.T) {
Add ServiceAccountToken SecretType
2015-04-27 23:51:20 -04:00
// Opaque secret validation
Secret API resource
2015-02-17 20:24:50 -05:00
validSecret := func() api.Secret {
return api.Secret{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{Name: "foo", Namespace: "bar"},
Secret API resource
2015-02-17 20:24:50 -05:00
Data: map[string][]byte{
Add secret volume plugin and e2e test
2015-02-17 20:26:41 -05:00
"data-1": []byte("bar"),
Secret API resource
2015-02-17 20:24:50 -05:00
},
}
}
var (
allow leading dots in secret keys
2015-05-11 15:03:10 -04:00
emptyName = validSecret()
invalidName = validSecret()
emptyNs = validSecret()
invalidNs = validSecret()
overMaxSize = validSecret()
invalidKey = validSecret()
leadingDotKey = validSecret()
dotKey = validSecret()
doubleDotKey = validSecret()
Secret API resource
2015-02-17 20:24:50 -05:00
)
emptyName.Name = ""
invalidName.Name = "NoUppercaseOrSpecialCharsLike=Equals"
emptyNs.Namespace = ""
invalidNs.Namespace = "NoUppercaseOrSpecialCharsLike=Equals"
overMaxSize.Data = map[string][]byte{
"over": make([]byte, api.MaxSecretSize+1),
}
Allows Secret & ConfigMap Keys to look like Environment Variables This makes environment variable style keys (uppercase with underscores) valid in Secrets and ConfigMap.
2016-05-11 01:59:59 -04:00
invalidKey.Data["a*b"] = []byte("whoops")
allow leading dots in secret keys
2015-05-11 15:03:10 -04:00
leadingDotKey.Data[".key"] = []byte("bar")
dotKey.Data["."] = []byte("bar")
doubleDotKey.Data[".."] = []byte("bar")
Secret API resource
2015-02-17 20:24:50 -05:00
Add ServiceAccountToken SecretType
2015-04-27 23:51:20 -04:00
// kubernetes.io/service-account-token secret validation
validServiceAccountTokenSecret := func() api.Secret {
return api.Secret{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Add ServiceAccountToken SecretType
2015-04-27 23:51:20 -04:00
Name: "foo",
Namespace: "bar",
Annotations: map[string]string{
api.ServiceAccountNameKey: "foo",
},
},
Type: api.SecretTypeServiceAccountToken,
Data: map[string][]byte{
"data-1": []byte("bar"),
},
}
}
var (
emptyTokenAnnotation = validServiceAccountTokenSecret()
missingTokenAnnotation = validServiceAccountTokenSecret()
missingTokenAnnotations = validServiceAccountTokenSecret()
)
emptyTokenAnnotation.Annotations[api.ServiceAccountNameKey] = ""
delete(missingTokenAnnotation.Annotations, api.ServiceAccountNameKey)
missingTokenAnnotations.Annotations = nil
Secret API resource
2015-02-17 20:24:50 -05:00
tests := map[string]struct {
secret api.Secret
valid bool
}{
allow leading dots in secret keys
2015-05-11 15:03:10 -04:00
"valid": {validSecret(), true},
"empty name": {emptyName, false},
"invalid name": {invalidName, false},
"empty namespace": {emptyNs, false},
"invalid namespace": {invalidNs, false},
"over max size": {overMaxSize, false},
"invalid key": {invalidKey, false},
Add ServiceAccountToken SecretType
2015-04-27 23:51:20 -04:00
"valid service-account-token secret": {validServiceAccountTokenSecret(), true},
"empty service-account-token annotation": {emptyTokenAnnotation, false},
"missing service-account-token annotation": {missingTokenAnnotation, false},
"missing service-account-token annotations": {missingTokenAnnotations, false},
allow leading dots in secret keys
2015-05-11 15:03:10 -04:00
"leading dot key": {leadingDotKey, true},
"dot key": {dotKey, false},
"double dot key": {doubleDotKey, false},
Secret API resource
2015-02-17 20:24:50 -05:00
}
for name, tc := range tests {
errs := ValidateSecret(&tc.secret)
add dockercfg secret types
2015-05-06 10:09:18 -04:00
if tc.valid && len(errs) > 0 {
t.Errorf("%v: Unexpected error: %v", name, errs)
}
if !tc.valid && len(errs) == 0 {
t.Errorf("%v: Unexpected non-error", name)
}
}
}
func TestValidateDockerConfigSecret(t *testing.T) {
validDockerSecret := func() api.Secret {
return api.Secret{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{Name: "foo", Namespace: "bar"},
add dockercfg secret types
2015-05-06 10:09:18 -04:00
Type: api.SecretTypeDockercfg,
Data: map[string][]byte{
api.DockerConfigKey: []byte(`{"https://index.docker.io/v1/": {"auth": "Y2x1ZWRyb29sZXIwMDAxOnBhc3N3b3Jk","email": "fake@example.com"}}`),
},
}
}
Validate kubernetes.io/dockerconfigjson secrets Added unit test.
2015-12-16 17:13:18 -05:00
validDockerSecret2 := func() api.Secret {
return api.Secret{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{Name: "foo", Namespace: "bar"},
Validate kubernetes.io/dockerconfigjson secrets Added unit test.
2015-12-16 17:13:18 -05:00
Type: api.SecretTypeDockerConfigJson,
Data: map[string][]byte{
api.DockerConfigJsonKey: []byte(`{"auths":{"https://index.docker.io/v1/": {"auth": "Y2x1ZWRyb29sZXIwMDAxOnBhc3N3b3Jk","email": "fake@example.com"}}}`),
},
}
}
add dockercfg secret types
2015-05-06 10:09:18 -04:00
var (
Validate kubernetes.io/dockerconfigjson secrets Added unit test.
2015-12-16 17:13:18 -05:00
missingDockerConfigKey = validDockerSecret()
emptyDockerConfigKey = validDockerSecret()
invalidDockerConfigKey = validDockerSecret()
missingDockerConfigKey2 = validDockerSecret2()
emptyDockerConfigKey2 = validDockerSecret2()
invalidDockerConfigKey2 = validDockerSecret2()
add dockercfg secret types
2015-05-06 10:09:18 -04:00
)
delete(missingDockerConfigKey.Data, api.DockerConfigKey)
emptyDockerConfigKey.Data[api.DockerConfigKey] = []byte("")
invalidDockerConfigKey.Data[api.DockerConfigKey] = []byte("bad")
Validate kubernetes.io/dockerconfigjson secrets Added unit test.
2015-12-16 17:13:18 -05:00
delete(missingDockerConfigKey2.Data, api.DockerConfigJsonKey)
emptyDockerConfigKey2.Data[api.DockerConfigJsonKey] = []byte("")
invalidDockerConfigKey2.Data[api.DockerConfigJsonKey] = []byte("bad")
add dockercfg secret types
2015-05-06 10:09:18 -04:00
tests := map[string]struct {
secret api.Secret
valid bool
}{
Validate kubernetes.io/dockerconfigjson secrets Added unit test.
2015-12-16 17:13:18 -05:00
"valid dockercfg": {validDockerSecret(), true},
"missing dockercfg": {missingDockerConfigKey, false},
"empty dockercfg": {emptyDockerConfigKey, false},
"invalid dockercfg": {invalidDockerConfigKey, false},
"valid config.json": {validDockerSecret2(), true},
"missing config.json": {missingDockerConfigKey2, false},
"empty config.json": {emptyDockerConfigKey2, false},
"invalid config.json": {invalidDockerConfigKey2, false},
add dockercfg secret types
2015-05-06 10:09:18 -04:00
}
Additional SecretTypes
2015-09-10 11:30:58 -04:00
for name, tc := range tests {
errs := ValidateSecret(&tc.secret)
if tc.valid && len(errs) > 0 {
t.Errorf("%v: Unexpected error: %v", name, errs)
}
if !tc.valid && len(errs) == 0 {
t.Errorf("%v: Unexpected non-error", name)
}
}
}
func TestValidateBasicAuthSecret(t *testing.T) {
validBasicAuthSecret := func() api.Secret {
return api.Secret{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{Name: "foo", Namespace: "bar"},
Additional SecretTypes
2015-09-10 11:30:58 -04:00
Type: api.SecretTypeBasicAuth,
Data: map[string][]byte{
api.BasicAuthUsernameKey: []byte("username"),
api.BasicAuthPasswordKey: []byte("password"),
},
}
}
var (
missingBasicAuthUsernamePasswordKeys = validBasicAuthSecret()
)
delete(missingBasicAuthUsernamePasswordKeys.Data, api.BasicAuthUsernameKey)
delete(missingBasicAuthUsernamePasswordKeys.Data, api.BasicAuthPasswordKey)
tests := map[string]struct {
secret api.Secret
valid bool
}{
"valid": {validBasicAuthSecret(), true},
"missing username and password": {missingBasicAuthUsernamePasswordKeys, false},
}
for name, tc := range tests {
errs := ValidateSecret(&tc.secret)
if tc.valid && len(errs) > 0 {
t.Errorf("%v: Unexpected error: %v", name, errs)
}
if !tc.valid && len(errs) == 0 {
t.Errorf("%v: Unexpected non-error", name)
}
}
}
func TestValidateSSHAuthSecret(t *testing.T) {
validSSHAuthSecret := func() api.Secret {
return api.Secret{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{Name: "foo", Namespace: "bar"},
Additional SecretTypes
2015-09-10 11:30:58 -04:00
Type: api.SecretTypeSSHAuth,
Data: map[string][]byte{
api.SSHAuthPrivateKey: []byte("foo-bar-baz"),
},
}
}
missingSSHAuthPrivateKey := validSSHAuthSecret()
delete(missingSSHAuthPrivateKey.Data, api.SSHAuthPrivateKey)
tests := map[string]struct {
secret api.Secret
valid bool
}{
"valid": {validSSHAuthSecret(), true},
"missing private key": {missingSSHAuthPrivateKey, false},
}
add dockercfg secret types
2015-05-06 10:09:18 -04:00
for name, tc := range tests {
errs := ValidateSecret(&tc.secret)
Secret API resource
2015-02-17 20:24:50 -05:00
if tc.valid && len(errs) > 0 {
t.Errorf("%v: Unexpected error: %v", name, errs)
}
if !tc.valid && len(errs) == 0 {
t.Errorf("%v: Unexpected non-error", name)
}
}
}
Implement multi-port endpoints Instead of endpoints being a flat list, it is now a list of "subsets" where each is a struct of {Addresses, Ports}. To generate the list of endpoints you need to take union of the Cartesian products of the subsets. This is compact in the vast majority of cases, yet still represents named ports and corner cases (e.g. each pod has a different port number). This also stores subsets in a deterministic order (sorted by hash) to avoid spurious updates and comparison problems. This is a fully compatible change - old objects and clients will keepworking as long as they don't need the new functionality. This is the prep for multi-port Services, which will add API to produce endpoints in this new structure.
2015-03-20 17:24:43 -04:00
func TestValidateEndpoints(t *testing.T) {
Add validation for Endpoints
2015-03-20 10:40:20 -04:00
successCases := map[string]api.Endpoints{
"simple endpoint": {
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{Name: "mysvc", Namespace: "namespace"},
Add validation for Endpoints
2015-03-20 10:40:20 -04:00
Subsets: []api.EndpointSubset{
{
Addresses: []api.EndpointAddress{{IP: "10.10.1.1"}, {IP: "10.10.2.2"}},
Ports: []api.EndpointPort{{Name: "a", Port: 8675, Protocol: "TCP"}, {Name: "b", Port: 309, Protocol: "TCP"}},
},
{
Addresses: []api.EndpointAddress{{IP: "10.10.3.3"}},
Ports: []api.EndpointPort{{Name: "a", Port: 93, Protocol: "TCP"}, {Name: "b", Port: 76, Protocol: "TCP"}},
},
},
},
"empty subsets": {
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{Name: "mysvc", Namespace: "namespace"},
Add validation for Endpoints
2015-03-20 10:40:20 -04:00
},
"no name required for singleton port": {
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{Name: "mysvc", Namespace: "namespace"},
Add validation for Endpoints
2015-03-20 10:40:20 -04:00
Subsets: []api.EndpointSubset{
{
Addresses: []api.EndpointAddress{{IP: "10.10.1.1"}},
Ports: []api.EndpointPort{{Port: 8675, Protocol: "TCP"}},
},
},
},
Populate endpoints and allow ports with headless service
2017-06-09 11:22:37 -04:00
"empty ports": {
ObjectMeta: metav1.ObjectMeta{Name: "mysvc", Namespace: "namespace"},
Subsets: []api.EndpointSubset{
{
Addresses: []api.EndpointAddress{{IP: "10.10.3.3"}},
},
},
},
Add validation for Endpoints
2015-03-20 10:40:20 -04:00
}
for k, v := range successCases {
if errs := ValidateEndpoints(&v); len(errs) != 0 {
t.Errorf("Expected success for %s, got %v", k, errs)
}
}
errorCases := map[string]struct {
endpoints api.Endpoints
Move FieldPath and errors to a sub-package This makes the naming and reading a lot simpler.
2015-11-06 18:30:52 -05:00
errorType field.ErrorType
Add validation for Endpoints
2015-03-20 10:40:20 -04:00
errorDetail string
}{
"missing namespace": {
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
endpoints: api.Endpoints{ObjectMeta: metav1.ObjectMeta{Name: "mysvc"}},
Add validation for Endpoints
2015-03-20 10:40:20 -04:00
errorType: "FieldValueRequired",
},
"missing name": {
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
endpoints: api.Endpoints{ObjectMeta: metav1.ObjectMeta{Namespace: "namespace"}},
Add validation for Endpoints
2015-03-20 10:40:20 -04:00
errorType: "FieldValueRequired",
},
"invalid namespace": {
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
endpoints: api.Endpoints{ObjectMeta: metav1.ObjectMeta{Name: "mysvc", Namespace: "no@#invalid.;chars\"allowed"}},
Add validation for Endpoints
2015-03-20 10:40:20 -04:00
errorType: "FieldValueInvalid",
Improve error message for name/label validation. This patch added user readable naming rules to the output of the error messages for name/label validation.
2016-12-01 23:32:41 -05:00
errorDetail: dnsLabelErrMsg,
Add validation for Endpoints
2015-03-20 10:40:20 -04:00
},
"invalid name": {
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
endpoints: api.Endpoints{ObjectMeta: metav1.ObjectMeta{Name: "-_Invliad^&Characters", Namespace: "namespace"}},
Add validation for Endpoints
2015-03-20 10:40:20 -04:00
errorType: "FieldValueInvalid",
Improve error message for name/label validation. This patch added user readable naming rules to the output of the error messages for name/label validation.
2016-12-01 23:32:41 -05:00
errorDetail: dnsSubdomainLabelErrMsg,
Add validation for Endpoints
2015-03-20 10:40:20 -04:00
},
"empty addresses": {
endpoints: api.Endpoints{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{Name: "mysvc", Namespace: "namespace"},
Add validation for Endpoints
2015-03-20 10:40:20 -04:00
Subsets: []api.EndpointSubset{
{
Ports: []api.EndpointPort{{Name: "a", Port: 93, Protocol: "TCP"}},
},
},
},
errorType: "FieldValueRequired",
},
"invalid IP": {
endpoints: api.Endpoints{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{Name: "mysvc", Namespace: "namespace"},
Add validation for Endpoints
2015-03-20 10:40:20 -04:00
Subsets: []api.EndpointSubset{
{
Removing IPv4 enforcement on Endpoints Signed-off-by: André Martins <aanm90@gmail.com>
2016-03-22 00:54:32 -04:00
Addresses: []api.EndpointAddress{{IP: "[2001:0db8:85a3:0042:1000:8a2e:0370:7334]"}},
Add validation for Endpoints
2015-03-20 10:40:20 -04:00
Ports: []api.EndpointPort{{Name: "a", Port: 93, Protocol: "TCP"}},
},
},
},
errorType: "FieldValueInvalid",
Removing IPv4 enforcement on Endpoints Signed-off-by: André Martins <aanm90@gmail.com>
2016-03-22 00:54:32 -04:00
errorDetail: "must be a valid IP address",
Add validation for Endpoints
2015-03-20 10:40:20 -04:00
},
"Multiple ports, one without name": {
endpoints: api.Endpoints{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{Name: "mysvc", Namespace: "namespace"},
Add validation for Endpoints
2015-03-20 10:40:20 -04:00
Subsets: []api.EndpointSubset{
{
Addresses: []api.EndpointAddress{{IP: "10.10.1.1"}},
Ports: []api.EndpointPort{{Port: 8675, Protocol: "TCP"}, {Name: "b", Port: 309, Protocol: "TCP"}},
},
},
},
errorType: "FieldValueRequired",
},
"Invalid port number": {
endpoints: api.Endpoints{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{Name: "mysvc", Namespace: "namespace"},
Add validation for Endpoints
2015-03-20 10:40:20 -04:00
Subsets: []api.EndpointSubset{
{
Addresses: []api.EndpointAddress{{IP: "10.10.1.1"}},
Ports: []api.EndpointPort{{Name: "a", Port: 66000, Protocol: "TCP"}},
},
},
},
errorType: "FieldValueInvalid",
Make IsValidPortNum/Name return error strings
2016-01-04 11:33:26 -05:00
errorDetail: "between",
Add validation for Endpoints
2015-03-20 10:40:20 -04:00
},
"Invalid protocol": {
endpoints: api.Endpoints{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{Name: "mysvc", Namespace: "namespace"},
Add validation for Endpoints
2015-03-20 10:40:20 -04:00
Subsets: []api.EndpointSubset{
{
Addresses: []api.EndpointAddress{{IP: "10.10.1.1"}},
Ports: []api.EndpointPort{{Name: "a", Port: 93, Protocol: "Protocol"}},
},
},
},
errorType: "FieldValueNotSupported",
},
"Address missing IP": {
endpoints: api.Endpoints{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{Name: "mysvc", Namespace: "namespace"},
Add validation for Endpoints
2015-03-20 10:40:20 -04:00
Subsets: []api.EndpointSubset{
{
Addresses: []api.EndpointAddress{{}},
Ports: []api.EndpointPort{{Name: "a", Port: 93, Protocol: "TCP"}},
},
},
},
errorType: "FieldValueInvalid",
Removing IPv4 enforcement on Endpoints Signed-off-by: André Martins <aanm90@gmail.com>
2016-03-22 00:54:32 -04:00
errorDetail: "must be a valid IP address",
Add validation for Endpoints
2015-03-20 10:40:20 -04:00
},
"Port missing number": {
endpoints: api.Endpoints{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{Name: "mysvc", Namespace: "namespace"},
Add validation for Endpoints
2015-03-20 10:40:20 -04:00
Subsets: []api.EndpointSubset{
{
Addresses: []api.EndpointAddress{{IP: "10.10.1.1"}},
Ports: []api.EndpointPort{{Name: "a", Protocol: "TCP"}},
},
},
},
errorType: "FieldValueInvalid",
Make IsValidPortNum/Name return error strings
2016-01-04 11:33:26 -05:00
errorDetail: "between",
Add validation for Endpoints
2015-03-20 10:40:20 -04:00
},
"Port missing protocol": {
endpoints: api.Endpoints{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{Name: "mysvc", Namespace: "namespace"},
Add validation for Endpoints
2015-03-20 10:40:20 -04:00
Subsets: []api.EndpointSubset{
{
Addresses: []api.EndpointAddress{{IP: "10.10.1.1"}},
Ports: []api.EndpointPort{{Name: "a", Port: 93}},
},
},
},
errorType: "FieldValueRequired",
},
Check loopback and link-local multicast endpoints Previously we just disallowed link-local (unicast). This disallows loopback and link-local multicast.
2015-07-04 00:05:15 -04:00
"Address is loopback": {
endpoints: api.Endpoints{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{Name: "mysvc", Namespace: "namespace"},
Check loopback and link-local multicast endpoints Previously we just disallowed link-local (unicast). This disallows loopback and link-local multicast.
2015-07-04 00:05:15 -04:00
Subsets: []api.EndpointSubset{
{
Addresses: []api.EndpointAddress{{IP: "127.0.0.1"}},
Ports: []api.EndpointPort{{Name: "p", Port: 93, Protocol: "TCP"}},
},
},
},
errorType: "FieldValueInvalid",
errorDetail: "loopback",
},
Don't allow link-local Endpoints
2015-06-03 00:49:51 -04:00
"Address is link-local": {
endpoints: api.Endpoints{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{Name: "mysvc", Namespace: "namespace"},
Don't allow link-local Endpoints
2015-06-03 00:49:51 -04:00
Subsets: []api.EndpointSubset{
{
Addresses: []api.EndpointAddress{{IP: "169.254.169.254"}},
Ports: []api.EndpointPort{{Name: "p", Port: 93, Protocol: "TCP"}},
},
},
},
errorType: "FieldValueInvalid",
errorDetail: "link-local",
},
Check loopback and link-local multicast endpoints Previously we just disallowed link-local (unicast). This disallows loopback and link-local multicast.
2015-07-04 00:05:15 -04:00
"Address is link-local multicast": {
endpoints: api.Endpoints{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{Name: "mysvc", Namespace: "namespace"},
Check loopback and link-local multicast endpoints Previously we just disallowed link-local (unicast). This disallows loopback and link-local multicast.
2015-07-04 00:05:15 -04:00
Subsets: []api.EndpointSubset{
{
Addresses: []api.EndpointAddress{{IP: "224.0.0.1"}},
Ports: []api.EndpointPort{{Name: "p", Port: 93, Protocol: "TCP"}},
},
},
},
errorType: "FieldValueInvalid",
errorDetail: "link-local multicast",
},
Add validation for Endpoints
2015-03-20 10:40:20 -04:00
}
for k, v := range errorCases {
Stronger typing for validation ErrorList
2015-11-03 19:08:20 -05:00
if errs := ValidateEndpoints(&v.endpoints); len(errs) == 0 || errs[0].Type != v.errorType || !strings.Contains(errs[0].Detail, v.errorDetail) {
Clean up and document validation strings Also add a detail string for Required and Forbidden. Fix tests.
2015-11-14 15:26:04 -05:00
t.Errorf("[%s] Expected error type %s with detail %q, got %v", k, v.errorType, v.errorDetail, errs)
Add validation for Endpoints
2015-03-20 10:40:20 -04:00
}
}
Implement multi-port endpoints Instead of endpoints being a flat list, it is now a list of "subsets" where each is a struct of {Addresses, Ports}. To generate the list of endpoints you need to take union of the Cartesian products of the subsets. This is compact in the vast majority of cases, yet still represents named ports and corner cases (e.g. each pod has a different port number). This also stores subsets in a deterministic order (sorted by hash) to avoid spurious updates and comparison problems. This is a fully compatible change - old objects and clients will keepworking as long as they don't need the new functionality. This is the prep for multi-port Services, which will add API to produce endpoints in this new structure.
2015-03-20 17:24:43 -04:00
}
Revert "Revert "Security context - types, kubelet, admission""
2015-05-05 19:02:13 -04:00
Basic TLS support.
2016-01-16 19:06:40 -05:00
func TestValidateTLSSecret(t *testing.T) {
successCases := map[string]api.Secret{
add test for validation NFS and GlusterFS
2017-05-27 10:37:56 -04:00
"empty certificate chain": {
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{Name: "tls-cert", Namespace: "namespace"},
Basic TLS support.
2016-01-16 19:06:40 -05:00
Data: map[string][]byte{
api.TLSCertKey: []byte("public key"),
api.TLSPrivateKeyKey: []byte("private key"),
},
},
}
for k, v := range successCases {
if errs := ValidateSecret(&v); len(errs) != 0 {
t.Errorf("Expected success for %s, got %v", k, errs)
}
}
errorCases := map[string]struct {
secrets api.Secret
errorType field.ErrorType
errorDetail string
}{
"missing public key": {
secrets: api.Secret{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{Name: "tls-cert"},
Basic TLS support.
2016-01-16 19:06:40 -05:00
Data: map[string][]byte{
api.TLSCertKey: []byte("public key"),
},
},
errorType: "FieldValueRequired",
},
"missing private key": {
secrets: api.Secret{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{Name: "tls-cert"},
Basic TLS support.
2016-01-16 19:06:40 -05:00
Data: map[string][]byte{
api.TLSCertKey: []byte("public key"),
},
},
errorType: "FieldValueRequired",
},
}
for k, v := range errorCases {
if errs := ValidateSecret(&v.secrets); len(errs) == 0 || errs[0].Type != v.errorType || !strings.Contains(errs[0].Detail, v.errorDetail) {
t.Errorf("[%s] Expected error type %s with detail %q, got %v", k, v.errorType, v.errorDetail, errs)
}
}
}
Revert "Revert "Security context - types, kubelet, admission""
2015-05-05 19:02:13 -04:00
func TestValidateSecurityContext(t *testing.T) {
priv := false
Remove all references to types.UnixUserID and types.UnixGroupID
2017-06-21 03:13:36 -04:00
runAsUser := int64(1)
Revert "Revert "Security context - types, kubelet, admission""
2015-05-05 19:02:13 -04:00
fullValidSC := func() *api.SecurityContext {
return &api.SecurityContext{
Privileged: &priv,
Capabilities: &api.Capabilities{
rename CapabilityType Capability
2015-05-18 16:37:10 -04:00
Add: []api.Capability{"foo"},
Drop: []api.Capability{"bar"},
Revert "Revert "Security context - types, kubelet, admission""
2015-05-05 19:02:13 -04:00
},
SELinuxOptions: &api.SELinuxOptions{
User: "user",
Role: "role",
Type: "type",
Level: "level",
},
RunAsUser: &runAsUser,
}
}
//setup data
allSettings := fullValidSC()
noCaps := fullValidSC()
noCaps.Capabilities = nil
noSELinux := fullValidSC()
noSELinux.SELinuxOptions = nil
noPrivRequest := fullValidSC()
noPrivRequest.Privileged = nil
noRunAsUser := fullValidSC()
noRunAsUser.RunAsUser = nil
successCases := map[string]struct {
sc *api.SecurityContext
}{
"all settings": {allSettings},
"no capabilities": {noCaps},
"no selinux": {noSELinux},
"no priv request": {noPrivRequest},
"no run as user": {noRunAsUser},
}
for k, v := range successCases {
Move FieldPath and errors to a sub-package This makes the naming and reading a lot simpler.
2015-11-06 18:30:52 -05:00
if errs := ValidateSecurityContext(v.sc, field.NewPath("field")); len(errs) != 0 {
Clean up and document validation strings Also add a detail string for Required and Forbidden. Fix tests.
2015-11-14 15:26:04 -05:00
t.Errorf("[%s] Expected success, got %v", k, errs)
Revert "Revert "Security context - types, kubelet, admission""
2015-05-05 19:02:13 -04:00
}
}
privRequestWithGlobalDeny := fullValidSC()
requestPrivileged := true
privRequestWithGlobalDeny.Privileged = &requestPrivileged
negativeRunAsUser := fullValidSC()
Remove all references to types.UnixUserID and types.UnixGroupID
2017-06-21 03:13:36 -04:00
negativeUser := int64(-1)
Revert "Revert "Security context - types, kubelet, admission""
2015-05-05 19:02:13 -04:00
negativeRunAsUser.RunAsUser = &negativeUser
errorCases := map[string]struct {
sc *api.SecurityContext
Move FieldPath and errors to a sub-package This makes the naming and reading a lot simpler.
2015-11-06 18:30:52 -05:00
errorType field.ErrorType
Revert "Revert "Security context - types, kubelet, admission""
2015-05-05 19:02:13 -04:00
errorDetail string
}{
"request privileged when capabilities forbids": {
sc: privRequestWithGlobalDeny,
errorType: "FieldValueForbidden",
Improve an error message when privileged containers are disallowed globally on the cluster.
2017-01-05 12:07:50 -05:00
errorDetail: "disallowed by cluster policy",
Revert "Revert "Security context - types, kubelet, admission""
2015-05-05 19:02:13 -04:00
},
"negative RunAsUser": {
sc: negativeRunAsUser,
errorType: "FieldValueInvalid",
Clean up and document validation strings Also add a detail string for Required and Forbidden. Fix tests.
2015-11-14 15:26:04 -05:00
errorDetail: isNegativeErrorMsg,
Revert "Revert "Security context - types, kubelet, admission""
2015-05-05 19:02:13 -04:00
},
}
for k, v := range errorCases {
audit validation errors to not double-print field names
2015-11-14 11:44:50 -05:00
if errs := ValidateSecurityContext(v.sc, field.NewPath("field")); len(errs) == 0 || errs[0].Type != v.errorType || !strings.Contains(errs[0].Detail, v.errorDetail) {
t.Errorf("[%s] Expected error type %q with detail %q, got %v", k, v.errorType, v.errorDetail, errs)
Revert "Revert "Security context - types, kubelet, admission""
2015-05-05 19:02:13 -04:00
}
}
}
func fakeValidSecurityContext(priv bool) *api.SecurityContext {
return &api.SecurityContext{
Privileged: &priv,
}
}
Support extended pod logging options Increase the supported controls on pod logging. Add validaiton to pod log options. Ensure the Kubelet is using a consistent, structured way to process pod log arguments. Add ?sinceSeconds=<durationInSeconds>, &sinceTime=<RFC3339>, ?timestamps=<bool>, ?tailLines=<number>, and ?limitBytes=<number>
2015-09-09 23:46:11 -04:00
func TestValidPodLogOptions(t *testing.T) {
refactor: generated
2016-12-03 13:57:26 -05:00
now := metav1.Now()
Support extended pod logging options Increase the supported controls on pod logging. Add validaiton to pod log options. Ensure the Kubelet is using a consistent, structured way to process pod log arguments. Add ?sinceSeconds=<durationInSeconds>, &sinceTime=<RFC3339>, ?timestamps=<bool>, ?tailLines=<number>, and ?limitBytes=<number>
2015-09-09 23:46:11 -04:00
negative := int64(-1)
zero := int64(0)
positive := int64(1)
tests := []struct {
opt api.PodLogOptions
errs int
}{
{api.PodLogOptions{}, 0},
{api.PodLogOptions{Previous: true}, 0},
{api.PodLogOptions{Follow: true}, 0},
{api.PodLogOptions{TailLines: &zero}, 0},
{api.PodLogOptions{TailLines: &negative}, 1},
{api.PodLogOptions{TailLines: &positive}, 0},
{api.PodLogOptions{LimitBytes: &zero}, 1},
{api.PodLogOptions{LimitBytes: &negative}, 1},
{api.PodLogOptions{LimitBytes: &positive}, 0},
{api.PodLogOptions{SinceSeconds: &negative}, 1},
{api.PodLogOptions{SinceSeconds: &positive}, 0},
{api.PodLogOptions{SinceSeconds: &zero}, 1},
{api.PodLogOptions{SinceTime: &now}, 0},
}
for i, test := range tests {
errs := ValidatePodLogOptions(&test.opt)
if test.errs != len(errs) {
t.Errorf("%d: Unexpected errors: %v", i, errs)
}
}
}
Move ConfigMap to main API
2016-01-15 11:48:36 -05:00
func TestValidateConfigMap(t *testing.T) {
newConfigMap := func(name, namespace string, data map[string]string) api.ConfigMap {
return api.ConfigMap{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Move ConfigMap to main API
2016-01-15 11:48:36 -05:00
Name: name,
Namespace: namespace,
},
Data: data,
}
}
var (
validConfigMap = newConfigMap("validname", "validns", map[string]string{"key": "value"})
maxKeyLength = newConfigMap("validname", "validns", map[string]string{strings.Repeat("a", 253): "value"})
emptyName = newConfigMap("", "validns", nil)
invalidName = newConfigMap("NoUppercaseOrSpecialCharsLike=Equals", "validns", nil)
emptyNs = newConfigMap("validname", "", nil)
invalidNs = newConfigMap("validname", "NoUppercaseOrSpecialCharsLike=Equals", nil)
Allows Secret & ConfigMap Keys to look like Environment Variables This makes environment variable style keys (uppercase with underscores) valid in Secrets and ConfigMap.
2016-05-11 01:59:59 -04:00
invalidKey = newConfigMap("validname", "validns", map[string]string{"a*b": "value"})
Move ConfigMap to main API
2016-01-15 11:48:36 -05:00
leadingDotKey = newConfigMap("validname", "validns", map[string]string{".ab": "value"})
dotKey = newConfigMap("validname", "validns", map[string]string{".": "value"})
doubleDotKey = newConfigMap("validname", "validns", map[string]string{"..": "value"})
overMaxKeyLength = newConfigMap("validname", "validns", map[string]string{strings.Repeat("a", 254): "value"})
Add size limit for ConfigMap
2016-01-20 23:14:37 -05:00
overMaxSize = newConfigMap("validname", "validns", map[string]string{"key": strings.Repeat("a", api.MaxSecretSize+1)})
Move ConfigMap to main API
2016-01-15 11:48:36 -05:00
)
tests := map[string]struct {
cfg api.ConfigMap
isValid bool
}{
"valid": {validConfigMap, true},
"max key length": {maxKeyLength, true},
"leading dot key": {leadingDotKey, true},
"empty name": {emptyName, false},
"invalid name": {invalidName, false},
"invalid key": {invalidKey, false},
"empty namespace": {emptyNs, false},
"invalid namespace": {invalidNs, false},
"dot key": {dotKey, false},
"double dot key": {doubleDotKey, false},
"over max key length": {overMaxKeyLength, false},
Add size limit for ConfigMap
2016-01-20 23:14:37 -05:00
"over max size": {overMaxSize, false},
Move ConfigMap to main API
2016-01-15 11:48:36 -05:00
}
for name, tc := range tests {
errs := ValidateConfigMap(&tc.cfg)
if tc.isValid && len(errs) > 0 {
t.Errorf("%v: unexpected error: %v", name, errs)
}
if !tc.isValid && len(errs) == 0 {
t.Errorf("%v: unexpected non-error", name)
}
}
}
func TestValidateConfigMapUpdate(t *testing.T) {
newConfigMap := func(version, name, namespace string, data map[string]string) api.ConfigMap {
return api.ConfigMap{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Move ConfigMap to main API
2016-01-15 11:48:36 -05:00
Name: name,
Namespace: namespace,
ResourceVersion: version,
},
Data: data,
}
}
var (
validConfigMap = newConfigMap("1", "validname", "validns", map[string]string{"key": "value"})
noVersion = newConfigMap("", "validname", "validns", map[string]string{"key": "value"})
)
cases := []struct {
name string
newCfg api.ConfigMap
oldCfg api.ConfigMap
isValid bool
}{
{
name: "valid",
newCfg: validConfigMap,
oldCfg: validConfigMap,
isValid: true,
},
{
name: "invalid",
newCfg: noVersion,
oldCfg: validConfigMap,
isValid: false,
},
}
for _, tc := range cases {
errs := ValidateConfigMapUpdate(&tc.newCfg, &tc.oldCfg)
if tc.isValid && len(errs) > 0 {
t.Errorf("%v: unexpected error: %v", tc.name, errs)
}
if !tc.isValid && len(errs) == 0 {
t.Errorf("%v: unexpected non-error", tc.name)
}
}
}
Add a validation helper function. I will use this in a subsequent PR as part of #12298
2016-02-12 17:38:22 -05:00
func TestValidateHasLabel(t *testing.T) {
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
successCase := metav1.ObjectMeta{
Add a validation helper function. I will use this in a subsequent PR as part of #12298
2016-02-12 17:38:22 -05:00
Name: "123",
Namespace: "ns",
Labels: map[string]string{
"other": "blah",
"foo": "bar",
},
}
if errs := ValidateHasLabel(successCase, field.NewPath("field"), "foo", "bar"); len(errs) != 0 {
t.Errorf("expected success: %v", errs)
}
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
missingCase := metav1.ObjectMeta{
Add a validation helper function. I will use this in a subsequent PR as part of #12298
2016-02-12 17:38:22 -05:00
Name: "123",
Namespace: "ns",
Labels: map[string]string{
"other": "blah",
},
}
if errs := ValidateHasLabel(missingCase, field.NewPath("field"), "foo", "bar"); len(errs) == 0 {
t.Errorf("expected failure")
}
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
wrongValueCase := metav1.ObjectMeta{
Add a validation helper function. I will use this in a subsequent PR as part of #12298
2016-02-12 17:38:22 -05:00
Name: "123",
Namespace: "ns",
Labels: map[string]string{
"other": "blah",
"foo": "notbar",
},
}
if errs := ValidateHasLabel(wrongValueCase, field.NewPath("field"), "foo", "bar"); len(errs) == 0 {
t.Errorf("expected failure")
}
}
Add sysctl api, validation & Docker support
2016-06-14 09:09:53 -04:00
func TestIsValidSysctlName(t *testing.T) {
valid := []string{
"a.b.c.d",
"a",
"a_b",
"a-b",
"abc",
"abc.def",
}
invalid := []string{
"",
"*",
"ä",
"a_",
"_",
"__",
"_a",
"_a._b",
"-",
".",
"a.",
".a",
"a.b.",
"a*.b",
"a*b",
"*a",
"a.*",
"*",
"abc*",
"a.abc*",
"a.b.*",
"Abc",
func(n int) string {
x := make([]byte, n)
for i := range x {
x[i] = byte('a')
}
return string(x)
}(256),
}
for _, s := range valid {
if !IsValidSysctlName(s) {
t.Errorf("%q expected to be a valid sysctl name", s)
}
}
for _, s := range invalid {
if IsValidSysctlName(s) {
t.Errorf("%q expected to be an invalid sysctl name", s)
}
}
}
func TestValidateSysctls(t *testing.T) {
valid := []string{
"net.foo.bar",
"kernel.shmmax",
}
invalid := []string{
"i..nvalid",
"_invalid",
}
sysctls := make([]api.Sysctl, len(valid))
for i, sysctl := range valid {
sysctls[i].Name = sysctl
}
errs := validateSysctls(sysctls, field.NewPath("foo"))
if len(errs) != 0 {
t.Errorf("unexpected validation errors: %v", errs)
}
sysctls = make([]api.Sysctl, len(invalid))
for i, sysctl := range invalid {
sysctls[i].Name = sysctl
}
errs = validateSysctls(sysctls, field.NewPath("foo"))
if len(errs) != 2 {
t.Errorf("expected 2 validation errors. Got: %v", errs)
} else {
if got, expected := errs[0].Error(), "foo"; !strings.Contains(got, expected) {
t.Errorf("unexpected errors: expected=%q, got=%q", expected, got)
}
if got, expected := errs[1].Error(), "foo"; !strings.Contains(got, expected) {
t.Errorf("unexpected errors: expected=%q, got=%q", expected, got)
}
}
}
Enforce EndpointAddress.NodeName validation + added unit tests
2016-08-24 12:57:38 -04:00
func newNodeNameEndpoint(nodeName string) *api.Endpoints {
ep := &api.Endpoints{
refactor: use metav1.ObjectMeta in other types
2017-01-16 22:38:19 -05:00
ObjectMeta: metav1.ObjectMeta{
Enforce EndpointAddress.NodeName validation + added unit tests
2016-08-24 12:57:38 -04:00
Name: "foo",
refactor: move ListOptions references to metav1
2017-01-21 22:36:02 -05:00
Namespace: metav1.NamespaceDefault,
Enforce EndpointAddress.NodeName validation + added unit tests
2016-08-24 12:57:38 -04:00
ResourceVersion: "1",
},
Subsets: []api.EndpointSubset{
{
NotReadyAddresses: []api.EndpointAddress{},
Ports: []api.EndpointPort{{Name: "https", Port: 443, Protocol: "TCP"}},
Addresses: []api.EndpointAddress{
{
IP: "8.8.8.8",
Hostname: "zookeeper1",
NodeName: &nodeName}}}}}
return ep
}
func TestEndpointAddressNodeNameUpdateRestrictions(t *testing.T) {
Remove 'minion' from the code in two places in favor of 'node'
2016-11-22 01:48:06 -05:00
oldEndpoint := newNodeNameEndpoint("kubernetes-node-setup-by-backend")
Enforce EndpointAddress.NodeName validation + added unit tests
2016-08-24 12:57:38 -04:00
updatedEndpoint := newNodeNameEndpoint("kubernetes-changed-nodename")
// Check that NodeName cannot be changed during update (if already set)
errList := ValidateEndpoints(updatedEndpoint)
errList = append(errList, ValidateEndpointsUpdate(updatedEndpoint, oldEndpoint)...)
if len(errList) == 0 {
t.Error("Endpoint should not allow changing of Subset.Addresses.NodeName on update")
}
}
Allow IP addresses to be used as node names Fixes #32050
2016-09-04 19:23:03 -04:00
func TestEndpointAddressNodeNameInvalidDNSSubdomain(t *testing.T) {
Enforce EndpointAddress.NodeName validation + added unit tests
2016-08-24 12:57:38 -04:00
// Check NodeName DNS validation
Allow IP addresses to be used as node names Fixes #32050
2016-09-04 19:23:03 -04:00
endpoint := newNodeNameEndpoint("illegal*.nodename")
Enforce EndpointAddress.NodeName validation + added unit tests
2016-08-24 12:57:38 -04:00
errList := ValidateEndpoints(endpoint)
if len(errList) == 0 {
t.Error("Endpoint should reject invalid NodeName")
}
}
Allow IP addresses to be used as node names Fixes #32050
2016-09-04 19:23:03 -04:00
func TestEndpointAddressNodeNameCanBeAnIPAddress(t *testing.T) {
endpoint := newNodeNameEndpoint("10.10.1.1")
errList := ValidateEndpoints(endpoint)
if len(errList) != 0 {
t.Error("Endpoint should accept a NodeName that is an IP address")
}
}
Reserve kubernetes.io prefix for flex volume options
2017-01-05 15:45:59 -05:00
func TestValidateFlexVolumeSource(t *testing.T) {
testcases := map[string]struct {
source *api.FlexVolumeSource
expectedErrs map[string]string
}{
"valid": {
source: &api.FlexVolumeSource{Driver: "foo"},
expectedErrs: map[string]string{},
},
"valid with options": {
source: &api.FlexVolumeSource{Driver: "foo", Options: map[string]string{"foo": "bar"}},
expectedErrs: map[string]string{},
},
"no driver": {
source: &api.FlexVolumeSource{Driver: ""},
expectedErrs: map[string]string{"driver": "Required value"},
},
"reserved option keys": {
source: &api.FlexVolumeSource{
Driver: "foo",
Options: map[string]string{
// valid options
"myns.io": "A",
"myns.io/bar": "A",
"myns.io/kubernetes.io": "A",
// invalid options
"KUBERNETES.IO": "A",
"kubernetes.io": "A",
"kubernetes.io/": "A",
"kubernetes.io/foo": "A",
"alpha.kubernetes.io": "A",
"alpha.kubernetes.io/": "A",
"alpha.kubernetes.io/foo": "A",
"k8s.io": "A",
"k8s.io/": "A",
"k8s.io/foo": "A",
"alpha.k8s.io": "A",
"alpha.k8s.io/": "A",
"alpha.k8s.io/foo": "A",
},
},
expectedErrs: map[string]string{
"options[KUBERNETES.IO]": "reserved",
"options[kubernetes.io]": "reserved",
"options[kubernetes.io/]": "reserved",
"options[kubernetes.io/foo]": "reserved",
"options[alpha.kubernetes.io]": "reserved",
"options[alpha.kubernetes.io/]": "reserved",
"options[alpha.kubernetes.io/foo]": "reserved",
"options[k8s.io]": "reserved",
"options[k8s.io/]": "reserved",
"options[k8s.io/foo]": "reserved",
"options[alpha.k8s.io]": "reserved",
"options[alpha.k8s.io/]": "reserved",
"options[alpha.k8s.io/foo]": "reserved",
},
},
}
for k, tc := range testcases {
errs := validateFlexVolumeSource(tc.source, nil)
for _, err := range errs {
expectedErr, ok := tc.expectedErrs[err.Field]
if !ok {
t.Errorf("%s: unexpected err on field %s: %v", k, err.Field, err)
continue
}
if !strings.Contains(err.Error(), expectedErr) {
t.Errorf("%s: expected err on field %s to contain '%s', was %v", k, err.Field, expectedErr, err.Error())
continue
}
}
if len(errs) != len(tc.expectedErrs) {
t.Errorf("%s: expected errs %#v, got %#v", k, tc.expectedErrs, errs)
continue
}
}
}
Paramaterize stickyMaxAgeMinutes for service in API
2017-08-01 12:09:37 -04:00
func TestValidateOrSetClientIPAffinityConfig(t *testing.T) {
successCases := map[string]*api.SessionAffinityConfig{
"non-empty config, valid timeout: 1": {
ClientIP: &api.ClientIPConfig{
TimeoutSeconds: newInt32(1),
},
},
"non-empty config, valid timeout: api.MaxClientIPServiceAffinitySeconds-1": {
ClientIP: &api.ClientIPConfig{
TimeoutSeconds: newInt32(int(api.MaxClientIPServiceAffinitySeconds - 1)),
},
},
"non-empty config, valid timeout: api.MaxClientIPServiceAffinitySeconds": {
ClientIP: &api.ClientIPConfig{
TimeoutSeconds: newInt32(int(api.MaxClientIPServiceAffinitySeconds)),
},
},
}
for name, test := range successCases {
if errs := validateClientIPAffinityConfig(test, field.NewPath("field")); len(errs) != 0 {
t.Errorf("case: %s, expected success: %v", name, errs)
}
}
errorCases := map[string]*api.SessionAffinityConfig{
"empty session affinity config": nil,
"empty client IP config": {
ClientIP: nil,
},
"empty timeoutSeconds": {
ClientIP: &api.ClientIPConfig{
TimeoutSeconds: nil,
},
},
"non-empty config, invalid timeout: api.MaxClientIPServiceAffinitySeconds+1": {
ClientIP: &api.ClientIPConfig{
TimeoutSeconds: newInt32(int(api.MaxClientIPServiceAffinitySeconds + 1)),
},
},
"non-empty config, invalid timeout: -1": {
ClientIP: &api.ClientIPConfig{
TimeoutSeconds: newInt32(-1),
},
},
"non-empty config, invalid timeout: 0": {
ClientIP: &api.ClientIPConfig{
TimeoutSeconds: newInt32(0),
},
},
}
for name, test := range errorCases {
if errs := validateClientIPAffinityConfig(test, field.NewPath("field")); len(errs) == 0 {
t.Errorf("case: %v, expected failures: %v", name, errs)
}
}
}
Reference in a new issue Copy permalink