Sign In
golang
/
flannel
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: e6edfac9cb
Branches Tags
flannel
/
vendor
/
k8s.io
/
kubernetes
/
pkg
/
apis
/
batch
/
validation
/
validation.go

validation.go 11 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238 
  1. /*
    2. 

  2. Copyright 2016 The Kubernetes Authors.
    3. 

  3. 

  4. Licensed under the Apache License, Version 2.0 (the "License");
    5. 

  5. you may not use this file except in compliance with the License.
    6. 

  6. You may obtain a copy of the License at
    7. 

  7. 

  8.     http://www.apache.org/licenses/LICENSE-2.0
    9. 

  9. 

  10. Unless required by applicable law or agreed to in writing, software
    11. 

  11. distributed under the License is distributed on an "AS IS" BASIS,
    12. 

  12. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13. 

  13. See the License for the specific language governing permissions and
    14. 

  14. limitations under the License.
    15. 

  15. */
    16. 

  16. 

  17. package validation
    18. 

  18. 

  19. import (
    20. 

  20. 	"github.com/robfig/cron"
    21. 

  21. 

  22. 	"k8s.io/kubernetes/pkg/api"
    23. 

  23. 	"k8s.io/kubernetes/pkg/api/unversioned"
    24. 

  24. 	unversionedvalidation "k8s.io/kubernetes/pkg/api/unversioned/validation"
    25. 

  25. 	apivalidation "k8s.io/kubernetes/pkg/api/validation"
    26. 

  26. 	"k8s.io/kubernetes/pkg/apis/batch"
    27. 

  27. 	"k8s.io/kubernetes/pkg/labels"
    28. 

  28. 	"k8s.io/kubernetes/pkg/util/validation/field"
    29. 

  29. )
    30. 

  30. 

  31. // TODO: generalize for other controller objects that will follow the same pattern, such as ReplicaSet and DaemonSet, and
    32. 

  32. // move to new location.  Replace batch.Job with an interface.
    33. 

  33. //
    34. 

  34. // ValidateGeneratedSelector validates that the generated selector on a controller object match the controller object
    35. 

  35. // metadata, and the labels on the pod template are as generated.
    36. 

  36. func ValidateGeneratedSelector(obj *batch.Job) field.ErrorList {
    37. 

  37. 	allErrs := field.ErrorList{}
    38. 

  38. 	if obj.Spec.ManualSelector != nil && *obj.Spec.ManualSelector {
    39. 

  39. 		return allErrs
    40. 

  40. 	}
    41. 

  41. 

  42. 	if obj.Spec.Selector == nil {
    43. 

  43. 		return allErrs // This case should already have been checked in caller.  No need for more errors.
    44. 

  44. 	}
    45. 

  45. 

  46. 	// If somehow uid was unset then we would get "controller-uid=" as the selector
    47. 

  47. 	// which is bad.
    48. 

  48. 	if obj.ObjectMeta.UID == "" {
    49. 

  49. 		allErrs = append(allErrs, field.Required(field.NewPath("metadata").Child("uid"), ""))
    50. 

  50. 	}
    51. 

  51. 

  52. 	// If somehow uid was unset then we would get "controller-uid=" as the selector
    53. 

  53. 	// which is bad.
    54. 

  54. 	if obj.ObjectMeta.UID == "" {
    55. 

  55. 		allErrs = append(allErrs, field.Required(field.NewPath("metadata").Child("uid"), ""))
    56. 

  56. 	}
    57. 

  57. 

  58. 	// If selector generation was requested, then expected labels must be
    59. 

  59. 	// present on pod template, and much match job's uid and name.  The
    60. 

  60. 	// generated (not-manual) selectors/labels ensure no overlap with other
    61. 

  61. 	// controllers.  The manual mode allows orphaning, adoption,
    62. 

  62. 	// backward-compatibility, and experimentation with new
    63. 

  63. 	// labeling/selection schemes.  Automatic selector generation should
    64. 

  64. 	// have placed certain labels on the pod, but this could have failed if
    65. 

  65. 	// the user added coflicting labels.  Validate that the expected
    66. 

  66. 	// generated ones are there.
    67. 

  67. 

  68. 	allErrs = append(allErrs, apivalidation.ValidateHasLabel(obj.Spec.Template.ObjectMeta, field.NewPath("spec").Child("template").Child("metadata"), "controller-uid", string(obj.UID))...)
    69. 

  69. 	allErrs = append(allErrs, apivalidation.ValidateHasLabel(obj.Spec.Template.ObjectMeta, field.NewPath("spec").Child("template").Child("metadata"), "job-name", string(obj.Name))...)
    70. 

  70. 	expectedLabels := make(map[string]string)
    71. 

  71. 	expectedLabels["controller-uid"] = string(obj.UID)
    72. 

  72. 	expectedLabels["job-name"] = string(obj.Name)
    73. 

  73. 	// Whether manually or automatically generated, the selector of the job must match the pods it will produce.
    74. 

  74. 	if selector, err := unversioned.LabelSelectorAsSelector(obj.Spec.Selector); err == nil {
    75. 

  75. 		if !selector.Matches(labels.Set(expectedLabels)) {
    76. 

  76. 			allErrs = append(allErrs, field.Invalid(field.NewPath("spec").Child("selector"), obj.Spec.Selector, "`selector` not auto-generated"))
    77. 

  77. 		}
    78. 

  78. 	}
    79. 

  79. 

  80. 	return allErrs
    81. 

  81. }
    82. 

  82. 

  83. func ValidateJob(job *batch.Job) field.ErrorList {
    84. 

  84. 	// Jobs and rcs have the same name validation
    85. 

  85. 	allErrs := apivalidation.ValidateObjectMeta(&job.ObjectMeta, true, apivalidation.ValidateReplicationControllerName, field.NewPath("metadata"))
    86. 

  86. 	allErrs = append(allErrs, ValidateGeneratedSelector(job)...)
    87. 

  87. 	allErrs = append(allErrs, ValidateJobSpec(&job.Spec, field.NewPath("spec"))...)
    88. 

  88. 	return allErrs
    89. 

  89. }
    90. 

  90. 

  91. func ValidateJobSpec(spec *batch.JobSpec, fldPath *field.Path) field.ErrorList {
    92. 

  92. 	allErrs := validateJobSpec(spec, fldPath)
    93. 

  93. 

  94. 	if spec.Selector == nil {
    95. 

  95. 		allErrs = append(allErrs, field.Required(fldPath.Child("selector"), ""))
    96. 

  96. 	} else {
    97. 

  97. 		allErrs = append(allErrs, unversionedvalidation.ValidateLabelSelector(spec.Selector, fldPath.Child("selector"))...)
    98. 

  98. 	}
    99. 

  99. 

  100. 	// Whether manually or automatically generated, the selector of the job must match the pods it will produce.
    101. 

  101. 	if selector, err := unversioned.LabelSelectorAsSelector(spec.Selector); err == nil {
    102. 

  102. 		labels := labels.Set(spec.Template.Labels)
    103. 

  103. 		if !selector.Matches(labels) {
    104. 

  104. 			allErrs = append(allErrs, field.Invalid(fldPath.Child("template", "metadata", "labels"), spec.Template.Labels, "`selector` does not match template `labels`"))
    105. 

  105. 		}
    106. 

  106. 	}
    107. 

  107. 	return allErrs
    108. 

  108. }
    109. 

  109. 

  110. func validateJobSpec(spec *batch.JobSpec, fldPath *field.Path) field.ErrorList {
    111. 

  111. 	allErrs := field.ErrorList{}
    112. 

  112. 

  113. 	if spec.Parallelism != nil {
    114. 

  114. 		allErrs = append(allErrs, apivalidation.ValidateNonnegativeField(int64(*spec.Parallelism), fldPath.Child("parallelism"))...)
    115. 

  115. 	}
    116. 

  116. 	if spec.Completions != nil {
    117. 

  117. 		allErrs = append(allErrs, apivalidation.ValidateNonnegativeField(int64(*spec.Completions), fldPath.Child("completions"))...)
    118. 

  118. 	}
    119. 

  119. 	if spec.ActiveDeadlineSeconds != nil {
    120. 

  120. 		allErrs = append(allErrs, apivalidation.ValidateNonnegativeField(int64(*spec.ActiveDeadlineSeconds), fldPath.Child("activeDeadlineSeconds"))...)
    121. 

  121. 	}
    122. 

  122. 

  123. 	allErrs = append(allErrs, apivalidation.ValidatePodTemplateSpec(&spec.Template, fldPath.Child("template"))...)
    124. 

  124. 	if spec.Template.Spec.RestartPolicy != api.RestartPolicyOnFailure &&
    125. 

  125. 		spec.Template.Spec.RestartPolicy != api.RestartPolicyNever {
    126. 

  126. 		allErrs = append(allErrs, field.NotSupported(fldPath.Child("template", "spec", "restartPolicy"),
    127. 

  127. 			spec.Template.Spec.RestartPolicy, []string{string(api.RestartPolicyOnFailure), string(api.RestartPolicyNever)}))
    128. 

  128. 	}
    129. 

  129. 	return allErrs
    130. 

  130. }
    131. 

  131. 

  132. func ValidateJobStatus(status *batch.JobStatus, fldPath *field.Path) field.ErrorList {
    133. 

  133. 	allErrs := field.ErrorList{}
    134. 

  134. 	allErrs = append(allErrs, apivalidation.ValidateNonnegativeField(int64(status.Active), fldPath.Child("active"))...)
    135. 

  135. 	allErrs = append(allErrs, apivalidation.ValidateNonnegativeField(int64(status.Succeeded), fldPath.Child("succeeded"))...)
    136. 

  136. 	allErrs = append(allErrs, apivalidation.ValidateNonnegativeField(int64(status.Failed), fldPath.Child("failed"))...)
    137. 

  137. 	return allErrs
    138. 

  138. }
    139. 

  139. 

  140. func ValidateJobUpdate(job, oldJob *batch.Job) field.ErrorList {
    141. 

  141. 	allErrs := apivalidation.ValidateObjectMetaUpdate(&oldJob.ObjectMeta, &job.ObjectMeta, field.NewPath("metadata"))
    142. 

  142. 	allErrs = append(allErrs, ValidateJobSpecUpdate(job.Spec, oldJob.Spec, field.NewPath("spec"))...)
    143. 

  143. 	return allErrs
    144. 

  144. }
    145. 

  145. 

  146. func ValidateJobUpdateStatus(job, oldJob *batch.Job) field.ErrorList {
    147. 

  147. 	allErrs := apivalidation.ValidateObjectMetaUpdate(&oldJob.ObjectMeta, &job.ObjectMeta, field.NewPath("metadata"))
    148. 

  148. 	allErrs = append(allErrs, ValidateJobStatusUpdate(job.Status, oldJob.Status)...)
    149. 

  149. 	return allErrs
    150. 

  150. }
    151. 

  151. 

  152. func ValidateJobSpecUpdate(spec, oldSpec batch.JobSpec, fldPath *field.Path) field.ErrorList {
    153. 

  153. 	allErrs := field.ErrorList{}
    154. 

  154. 	allErrs = append(allErrs, ValidateJobSpec(&spec, fldPath)...)
    155. 

  155. 	allErrs = append(allErrs, apivalidation.ValidateImmutableField(spec.Completions, oldSpec.Completions, fldPath.Child("completions"))...)
    156. 

  156. 	allErrs = append(allErrs, apivalidation.ValidateImmutableField(spec.Selector, oldSpec.Selector, fldPath.Child("selector"))...)
    157. 

  157. 	allErrs = append(allErrs, apivalidation.ValidateImmutableField(spec.Template, oldSpec.Template, fldPath.Child("template"))...)
    158. 

  158. 	return allErrs
    159. 

  159. }
    160. 

  160. 

  161. func ValidateJobStatusUpdate(status, oldStatus batch.JobStatus) field.ErrorList {
    162. 

  162. 	allErrs := field.ErrorList{}
    163. 

  163. 	allErrs = append(allErrs, ValidateJobStatus(&status, field.NewPath("status"))...)
    164. 

  164. 	return allErrs
    165. 

  165. }
    166. 

  166. 

  167. func ValidateScheduledJob(scheduledJob *batch.ScheduledJob) field.ErrorList {
    168. 

  168. 	// ScheduledJobs and rcs have the same name validation
    169. 

  169. 	allErrs := apivalidation.ValidateObjectMeta(&scheduledJob.ObjectMeta, true, apivalidation.ValidateReplicationControllerName, field.NewPath("metadata"))
    170. 

  170. 	allErrs = append(allErrs, ValidateScheduledJobSpec(&scheduledJob.Spec, field.NewPath("spec"))...)
    171. 

  171. 	return allErrs
    172. 

  172. }
    173. 

  173. 

  174. func ValidateScheduledJobSpec(spec *batch.ScheduledJobSpec, fldPath *field.Path) field.ErrorList {
    175. 

  175. 	allErrs := field.ErrorList{}
    176. 

  176. 

  177. 	if len(spec.Schedule) == 0 {
    178. 

  178. 		allErrs = append(allErrs, field.Required(fldPath.Child("schedule"), ""))
    179. 

  179. 	} else {
    180. 

  180. 		allErrs = append(allErrs, validateScheduleFormat(spec.Schedule, fldPath.Child("schedule"))...)
    181. 

  181. 	}
    182. 

  182. 	if spec.StartingDeadlineSeconds != nil {
    183. 

  183. 		allErrs = append(allErrs, apivalidation.ValidateNonnegativeField(int64(*spec.StartingDeadlineSeconds), fldPath.Child("startingDeadlineSeconds"))...)
    184. 

  184. 	}
    185. 

  185. 	allErrs = append(allErrs, validateConcurrencyPolicy(&spec.ConcurrencyPolicy, fldPath.Child("concurrencyPolicy"))...)
    186. 

  186. 	allErrs = append(allErrs, ValidateJobTemplateSpec(&spec.JobTemplate, fldPath.Child("jobTemplate"))...)
    187. 

  187. 

  188. 	return allErrs
    189. 

  189. }
    190. 

  190. 

  191. func validateConcurrencyPolicy(concurrencyPolicy *batch.ConcurrencyPolicy, fldPath *field.Path) field.ErrorList {
    192. 

  192. 	allErrs := field.ErrorList{}
    193. 

  193. 	switch *concurrencyPolicy {
    194. 

  194. 	case batch.AllowConcurrent, batch.ForbidConcurrent, batch.ReplaceConcurrent:
    195. 

  195. 		break
    196. 

  196. 	case "":
    197. 

  197. 		allErrs = append(allErrs, field.Required(fldPath, ""))
    198. 

  198. 	default:
    199. 

  199. 		validValues := []string{string(batch.AllowConcurrent), string(batch.ForbidConcurrent), string(batch.ReplaceConcurrent)}
    200. 

  200. 		allErrs = append(allErrs, field.NotSupported(fldPath, *concurrencyPolicy, validValues))
    201. 

  201. 	}
    202. 

  202. 

  203. 	return allErrs
    204. 

  204. }
    205. 

  205. 

  206. func validateScheduleFormat(schedule string, fldPath *field.Path) field.ErrorList {
    207. 

  207. 	allErrs := field.ErrorList{}
    208. 

  208. 	// TODO soltysh: this should be removed when https://github.com/robfig/cron/issues/58 is fixed
    209. 

  209. 	tmpSchedule := schedule
    210. 

  210. 	if len(schedule) > 0 && schedule[0] != '@' {
    211. 

  211. 		tmpSchedule = "0 " + schedule
    212. 

  212. 	}
    213. 

  213. 	if _, err := cron.Parse(tmpSchedule); err != nil {
    214. 

  214. 		allErrs = append(allErrs, field.Invalid(fldPath, schedule, err.Error()))
    215. 

  215. 	}
    216. 

  216. 

  217. 	return allErrs
    218. 

  218. }
    219. 

  219. 

  220. func ValidateJobTemplate(job *batch.JobTemplate) field.ErrorList {
    221. 

  221. 	// this method should be identical to ValidateJob
    222. 

  222. 	allErrs := apivalidation.ValidateObjectMeta(&job.ObjectMeta, true, apivalidation.ValidateReplicationControllerName, field.NewPath("metadata"))
    223. 

  223. 	allErrs = append(allErrs, ValidateJobTemplateSpec(&job.Template, field.NewPath("template"))...)
    224. 

  224. 	return allErrs
    225. 

  225. }
    226. 

  226. 

  227. func ValidateJobTemplateSpec(spec *batch.JobTemplateSpec, fldPath *field.Path) field.ErrorList {
    228. 

  228. 	allErrs := validateJobSpec(&spec.Spec, fldPath.Child("spec"))
    229. 

  229. 

  230. 	// jobtemplate will always have the selector automatically generated
    231. 

  231. 	if spec.Spec.Selector != nil {
    232. 

  232. 		allErrs = append(allErrs, field.Invalid(fldPath.Child("spec", "selector"), spec.Spec.Selector, "`selector` will be auto-generated"))
    233. 

  233. 	}
    234. 

  234. 	if spec.Spec.ManualSelector != nil && *spec.Spec.ManualSelector {
    235. 

  235. 		allErrs = append(allErrs, field.NotSupported(fldPath.Child("spec", "manualSelector"), spec.Spec.ManualSelector, []string{"nil", "false"}))
    236. 

  236. 	}
    237. 

  237. 	return allErrs
    238. 

  238. }
    239.