| 123456789101112131415161718192021222324252627282930313233343536373839404142 |
- /*
- Copyright 2018 The Kubernetes Authors.
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
- http://www.apache.org/licenses/LICENSE-2.0
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- */
- // Package validation contains methods to validate kinds in the
- // authentication.k8s.io API group.
- package validation
- import (
- "time"
- "k8s.io/apimachinery/pkg/util/validation/field"
- "k8s.io/kubernetes/pkg/apis/authentication"
- )
- // ValidateTokenRequest validates a TokenRequest.
- func ValidateTokenRequest(tr *authentication.TokenRequest) field.ErrorList {
- allErrs := field.ErrorList{}
- specPath := field.NewPath("spec")
- const min = 10 * time.Minute
- if tr.Spec.ExpirationSeconds < int64(min.Seconds()) {
- allErrs = append(allErrs, field.Invalid(specPath.Child("expirationSeconds"), tr.Spec.ExpirationSeconds, "may not specify a duration less than 10 minutes"))
- }
- if tr.Spec.ExpirationSeconds > 1<<32 {
- allErrs = append(allErrs, field.Invalid(specPath.Child("expirationSeconds"), tr.Spec.ExpirationSeconds, "may not specify a duration larger than 2^32 seconds"))
- }
- return allErrs
- }
|
