/
validate_image.go
94 lines (75 loc) · 2.55 KB
/
validate_image.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
package image
import (
"fmt"
"io"
"k8s.io/apimachinery/pkg/api/validation"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/runtime/schema"
"k8s.io/apimachinery/pkg/util/validation/field"
"k8s.io/apiserver/pkg/admission"
configv1 "github.com/openshift/api/config/v1"
"github.com/openshift/origin/pkg/admission/customresourcevalidation"
)
const PluginName = "config.openshift.io/ValidateImage"
// Register registers a plugin
func Register(plugins *admission.Plugins) {
plugins.Register(PluginName, func(config io.Reader) (admission.Interface, error) {
return customresourcevalidation.NewValidator(
map[schema.GroupResource]bool{
configv1.Resource("images"): true,
},
map[schema.GroupVersionKind]customresourcevalidation.ObjectValidator{
configv1.GroupVersion.WithKind("Image"): imageV1{},
})
})
}
func toImageV1(uncastObj runtime.Object) (*configv1.Image, field.ErrorList) {
if uncastObj == nil {
return nil, nil
}
allErrs := field.ErrorList{}
obj, ok := uncastObj.(*configv1.Image)
if !ok {
return nil, append(allErrs,
field.NotSupported(field.NewPath("kind"), fmt.Sprintf("%T", uncastObj), []string{"Image"}),
field.NotSupported(field.NewPath("apiVersion"), fmt.Sprintf("%T", uncastObj), []string{"config.openshift.io/v1"}))
}
return obj, nil
}
type imageV1 struct {
}
func (imageV1) ValidateCreate(uncastObj runtime.Object) field.ErrorList {
obj, errs := toImageV1(uncastObj)
if len(errs) > 0 {
return errs
}
// TODO validate the obj
errs = append(errs, validation.ValidateObjectMeta(&obj.ObjectMeta, false, customresourcevalidation.RequireNameCluster, field.NewPath("metadata"))...)
return errs
}
func (imageV1) ValidateUpdate(uncastObj runtime.Object, uncastOldObj runtime.Object) field.ErrorList {
obj, errs := toImageV1(uncastObj)
if len(errs) > 0 {
return errs
}
oldObj, errs := toImageV1(uncastOldObj)
if len(errs) > 0 {
return errs
}
// TODO validate the obj
errs = append(errs, validation.ValidateObjectMetaUpdate(&obj.ObjectMeta, &oldObj.ObjectMeta, field.NewPath("metadata"))...)
return errs
}
func (imageV1) ValidateStatusUpdate(uncastObj runtime.Object, uncastOldObj runtime.Object) field.ErrorList {
obj, errs := toImageV1(uncastObj)
if len(errs) > 0 {
return errs
}
oldObj, errs := toImageV1(uncastOldObj)
if len(errs) > 0 {
return errs
}
// TODO validate the obj. remember that status validation should *never* fail on spec validation errors.
errs = append(errs, validation.ValidateObjectMetaUpdate(&obj.ObjectMeta, &oldObj.ObjectMeta, field.NewPath("metadata"))...)
return errs
}