strategy.go

Documentation: k8s.io/kubernetes/pkg/registry/rbac/clusterrole

     1  /*
     2  Copyright 2016 The Kubernetes Authors.
     3  
     4  Licensed under the Apache License, Version 2.0 (the "License");
     5  you may not use this file except in compliance with the License.
     6  You may obtain a copy of the License at
     7  
     8      http://www.apache.org/licenses/LICENSE-2.0
     9  
    10  Unless required by applicable law or agreed to in writing, software
    11  distributed under the License is distributed on an "AS IS" BASIS,
    12  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13  See the License for the specific language governing permissions and
    14  limitations under the License.
    15  */
    16  
    17  package clusterrole
    18  
    19  import (
    20  	"context"
    21  
    22  	metav1validation "k8s.io/apimachinery/pkg/apis/meta/v1/validation"
    23  	"k8s.io/apimachinery/pkg/runtime"
    24  	"k8s.io/apimachinery/pkg/util/validation/field"
    25  	"k8s.io/apiserver/pkg/registry/rest"
    26  	"k8s.io/apiserver/pkg/storage/names"
    27  	"k8s.io/kubernetes/pkg/api/legacyscheme"
    28  	"k8s.io/kubernetes/pkg/apis/rbac"
    29  	"k8s.io/kubernetes/pkg/apis/rbac/validation"
    30  )
    31  
    32  // strategy implements behavior for ClusterRoles
    33  type strategy struct {
    34  	runtime.ObjectTyper
    35  	names.NameGenerator
    36  }
    37  
    38  // Strategy is the default logic that applies when creating and updating
    39  // ClusterRole objects.
    40  var Strategy = strategy{legacyscheme.Scheme, names.SimpleNameGenerator}
    41  
    42  // Strategy should implement rest.RESTCreateStrategy
    43  var _ rest.RESTCreateStrategy = Strategy
    44  
    45  // Strategy should implement rest.RESTUpdateStrategy
    46  var _ rest.RESTUpdateStrategy = Strategy
    47  
    48  // NamespaceScoped is false for ClusterRoles.
    49  func (strategy) NamespaceScoped() bool {
    50  	return false
    51  }
    52  
    53  // AllowCreateOnUpdate is true for ClusterRoles.
    54  func (strategy) AllowCreateOnUpdate() bool {
    55  	return true
    56  }
    57  
    58  // PrepareForCreate clears fields that are not allowed to be set by end users
    59  // on creation.
    60  func (strategy) PrepareForCreate(ctx context.Context, obj runtime.Object) {
    61  	_ = obj.(*rbac.ClusterRole)
    62  }
    63  
    64  // PrepareForUpdate clears fields that are not allowed to be set by end users on update.
    65  func (strategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) {
    66  	newClusterRole := obj.(*rbac.ClusterRole)
    67  	oldClusterRole := old.(*rbac.ClusterRole)
    68  
    69  	_, _ = newClusterRole, oldClusterRole
    70  }
    71  
    72  // Validate validates a new ClusterRole. Validation must check for a correct signature.
    73  func (strategy) Validate(ctx context.Context, obj runtime.Object) field.ErrorList {
    74  	clusterRole := obj.(*rbac.ClusterRole)
    75  	opts := validation.ClusterRoleValidationOptions{
    76  		AllowInvalidLabelValueInSelector: false,
    77  	}
    78  	return validation.ValidateClusterRole(clusterRole, opts)
    79  }
    80  
    81  // WarningsOnCreate returns warnings for the creation of the given object.
    82  func (strategy) WarningsOnCreate(ctx context.Context, obj runtime.Object) []string { return nil }
    83  
    84  // Canonicalize normalizes the object after validation.
    85  func (strategy) Canonicalize(obj runtime.Object) {
    86  	_ = obj.(*rbac.ClusterRole)
    87  }
    88  
    89  // ValidateUpdate is the default update validation for an end user.
    90  func (strategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList {
    91  	newObj := obj.(*rbac.ClusterRole)
    92  	oldObj := old.(*rbac.ClusterRole)
    93  	opts := validation.ClusterRoleValidationOptions{
    94  		AllowInvalidLabelValueInSelector: hasInvalidLabelValueInLabelSelector(oldObj),
    95  	}
    96  	errorList := validation.ValidateClusterRole(newObj, opts)
    97  	return append(errorList, validation.ValidateClusterRoleUpdate(newObj, old.(*rbac.ClusterRole), opts)...)
    98  }
    99  
   100  // WarningsOnUpdate returns warnings for the given update.
   101  func (strategy) WarningsOnUpdate(ctx context.Context, obj, old runtime.Object) []string {
   102  	return nil
   103  }
   104  
   105  // If AllowUnconditionalUpdate() is true and the object specified by
   106  // the user does not have a resource version, then generic Update()
   107  // populates it with the latest version. Else, it checks that the
   108  // version specified by the user matches the version of latest etcd
   109  // object.
   110  func (strategy) AllowUnconditionalUpdate() bool {
   111  	return true
   112  }
   113  
   114  func hasInvalidLabelValueInLabelSelector(role *rbac.ClusterRole) bool {
   115  	if role.AggregationRule != nil {
   116  		labelSelectorValidationOptions := metav1validation.LabelSelectorValidationOptions{AllowInvalidLabelValueInSelector: false}
   117  		for _, selector := range role.AggregationRule.ClusterRoleSelectors {
   118  			if len(metav1validation.ValidateLabelSelector(&selector, labelSelectorValidationOptions, nil)) > 0 {
   119  				return true
   120  			}
   121  		}
   122  	}
   123  	return false
   124  }
   125
View as plain text