首頁 探索 說明
登入
tzeneto
/
custom-kube-scheduler
關註 1
讚好 0
複刻 0
檔案 問題管理 0 合併請求 0 Wiki
目錄樹: 715caac57d
分支列表 標籤列表
custom-kube-...
/
kubernetes-v1.15.4
/
pkg
/
apis
/
certificates
/
validation
/
validation.go

validation.go 2.3 KB
文件歷史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869 
  1. /*
    2. 

  2. Copyright 2016 The Kubernetes Authors.
    3. 

  3. 

  4. Licensed under the Apache License, Version 2.0 (the "License");
    5. 

  5. you may not use this file except in compliance with the License.
    6. 

  6. You may obtain a copy of the License at
    7. 

  7. 

  8.     http://www.apache.org/licenses/LICENSE-2.0
    9. 

  9. 

  10. Unless required by applicable law or agreed to in writing, software
    11. 

  11. distributed under the License is distributed on an "AS IS" BASIS,
    12. 

  12. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13. 

  13. See the License for the specific language governing permissions and
    14. 

  14. limitations under the License.
    15. 

  15. */
    16. 

  16. 

  17. package validation
    18. 

  18. 

  19. import (
    20. 

  20. 	"fmt"
    21. 

  21. 

  22. 	"k8s.io/apimachinery/pkg/util/validation/field"
    23. 

  23. 	"k8s.io/kubernetes/pkg/apis/certificates"
    24. 

  24. 	apivalidation "k8s.io/kubernetes/pkg/apis/core/validation"
    25. 

  25. )
    26. 

  26. 

  27. // validateCSR validates the signature and formatting of a base64-wrapped,
    28. 

  28. // PEM-encoded PKCS#10 certificate signing request. If this is invalid, we must
    29. 

  29. // not accept the CSR for further processing.
    30. 

  30. func validateCSR(obj *certificates.CertificateSigningRequest) error {
    31. 

  31. 	csr, err := certificates.ParseCSR(obj)
    32. 

  32. 	if err != nil {
    33. 

  33. 		return err
    34. 

  34. 	}
    35. 

  35. 	// check that the signature is valid
    36. 

  36. 	err = csr.CheckSignature()
    37. 

  37. 	if err != nil {
    38. 

  38. 		return err
    39. 

  39. 	}
    40. 

  40. 	return nil
    41. 

  41. }
    42. 

  42. 

  43. // We don't care what you call your certificate requests.
    44. 

  44. func ValidateCertificateRequestName(name string, prefix bool) []string {
    45. 

  45. 	return nil
    46. 

  46. }
    47. 

  47. 

  48. func ValidateCertificateSigningRequest(csr *certificates.CertificateSigningRequest) field.ErrorList {
    49. 

  49. 	isNamespaced := false
    50. 

  50. 	allErrs := apivalidation.ValidateObjectMeta(&csr.ObjectMeta, isNamespaced, ValidateCertificateRequestName, field.NewPath("metadata"))
    51. 

  51. 	err := validateCSR(csr)
    52. 

  52. 

  53. 	specPath := field.NewPath("spec")
    54. 

  54. 

  55. 	if err != nil {
    56. 

  56. 		allErrs = append(allErrs, field.Invalid(specPath.Child("request"), csr.Spec.Request, fmt.Sprintf("%v", err)))
    57. 

  57. 	}
    58. 

  58. 	if len(csr.Spec.Usages) == 0 {
    59. 

  59. 		allErrs = append(allErrs, field.Required(specPath.Child("usages"), "usages must be provided"))
    60. 

  60. 	}
    61. 

  61. 	return allErrs
    62. 

  62. }
    63. 

  63. 

  64. func ValidateCertificateSigningRequestUpdate(newCSR, oldCSR *certificates.CertificateSigningRequest) field.ErrorList {
    65. 

  65. 	validationErrorList := ValidateCertificateSigningRequest(newCSR)
    66. 

  66. 	metaUpdateErrorList := apivalidation.ValidateObjectMetaUpdate(&newCSR.ObjectMeta, &oldCSR.ObjectMeta, field.NewPath("metadata"))
    67. 

  67. 	return append(validationErrorList, metaUpdateErrorList...)
    68. 

  68. }
    69. 

  69.