1
2
3
4
19
20 package validation
21
22 import (
23 "fmt"
24 "math"
25 "net"
26 "regexp"
27 "strconv"
28 "strings"
29
30 "sigs.k8s.io/kustomize/kyaml/yaml/internal/k8sgen/pkg/util/validation/field"
31 )
32
33 const qnameCharFmt string = "[A-Za-z0-9]"
34 const qnameExtCharFmt string = "[-A-Za-z0-9_.]"
35 const qualifiedNameFmt string = "(" + qnameCharFmt + qnameExtCharFmt + "*)?" + qnameCharFmt
36 const qualifiedNameErrMsg string = "must consist of alphanumeric characters, '-', '_' or '.', and must start and end with an alphanumeric character"
37 const qualifiedNameMaxLength int = 63
38
39 var qualifiedNameRegexp = regexp.MustCompile("^" + qualifiedNameFmt + "$")
40
41
42
43
44
45 func IsQualifiedName(value string) []string {
46 var errs []string
47 parts := strings.Split(value, "/")
48 var name string
49 switch len(parts) {
50 case 1:
51 name = parts[0]
52 case 2:
53 var prefix string
54 prefix, name = parts[0], parts[1]
55 if len(prefix) == 0 {
56 errs = append(errs, "prefix part "+EmptyError())
57 } else if msgs := IsDNS1123Subdomain(prefix); len(msgs) != 0 {
58 errs = append(errs, prefixEach(msgs, "prefix part ")...)
59 }
60 default:
61 return append(errs, "a qualified name "+RegexError(qualifiedNameErrMsg, qualifiedNameFmt, "MyName", "my.name", "123-abc")+
62 " with an optional DNS subdomain prefix and '/' (e.g. 'example.com/MyName')")
63 }
64
65 if len(name) == 0 {
66 errs = append(errs, "name part "+EmptyError())
67 } else if len(name) > qualifiedNameMaxLength {
68 errs = append(errs, "name part "+MaxLenError(qualifiedNameMaxLength))
69 }
70 if !qualifiedNameRegexp.MatchString(name) {
71 errs = append(errs, "name part "+RegexError(qualifiedNameErrMsg, qualifiedNameFmt, "MyName", "my.name", "123-abc"))
72 }
73 return errs
74 }
75
76
77
78
79
80
81 func IsFullyQualifiedName(fldPath *field.Path, name string) field.ErrorList {
82 var allErrors field.ErrorList
83 if len(name) == 0 {
84 return append(allErrors, field.Required(fldPath, ""))
85 }
86 if errs := IsDNS1123Subdomain(name); len(errs) > 0 {
87 return append(allErrors, field.Invalid(fldPath, name, strings.Join(errs, ",")))
88 }
89 if len(strings.Split(name, ".")) < 3 {
90 return append(allErrors, field.Invalid(fldPath, name, "should be a domain with at least three segments separated by dots"))
91 }
92 return allErrors
93 }
94
95
96
97
98 func IsFullyQualifiedDomainName(fldPath *field.Path, name string) field.ErrorList {
99 var allErrors field.ErrorList
100 if len(name) == 0 {
101 return append(allErrors, field.Required(fldPath, ""))
102 }
103 if strings.HasSuffix(name, ".") {
104 name = name[:len(name)-1]
105 }
106 if errs := IsDNS1123Subdomain(name); len(errs) > 0 {
107 return append(allErrors, field.Invalid(fldPath, name, strings.Join(errs, ",")))
108 }
109 if len(strings.Split(name, ".")) < 2 {
110 return append(allErrors, field.Invalid(fldPath, name, "should be a domain with at least two segments separated by dots"))
111 }
112 for _, label := range strings.Split(name, ".") {
113 if errs := IsDNS1123Label(label); len(errs) > 0 {
114 return append(allErrors, field.Invalid(fldPath, label, strings.Join(errs, ",")))
115 }
116 }
117 return allErrors
118 }
119
120
121
122
123
124
125
126 const httpPathFmt string = `[A-Za-z0-9/\-._~%!$&'()*+,;=:]+`
127
128 var httpPathRegexp = regexp.MustCompile("^" + httpPathFmt + "$")
129
130
131
132
133
134 func IsDomainPrefixedPath(fldPath *field.Path, dpPath string) field.ErrorList {
135 var allErrs field.ErrorList
136 if len(dpPath) == 0 {
137 return append(allErrs, field.Required(fldPath, ""))
138 }
139
140 segments := strings.SplitN(dpPath, "/", 2)
141 if len(segments) != 2 || len(segments[0]) == 0 || len(segments[1]) == 0 {
142 return append(allErrs, field.Invalid(fldPath, dpPath, "must be a domain-prefixed path (such as \"acme.io/foo\")"))
143 }
144
145 host := segments[0]
146 for _, err := range IsDNS1123Subdomain(host) {
147 allErrs = append(allErrs, field.Invalid(fldPath, host, err))
148 }
149
150 path := segments[1]
151 if !httpPathRegexp.MatchString(path) {
152 return append(allErrs, field.Invalid(fldPath, path, RegexError("Invalid path", httpPathFmt)))
153 }
154
155 return allErrs
156 }
157
158 const labelValueFmt string = "(" + qualifiedNameFmt + ")?"
159 const labelValueErrMsg string = "a valid label must be an empty string or consist of alphanumeric characters, '-', '_' or '.', and must start and end with an alphanumeric character"
160
161
162 const LabelValueMaxLength int = 63
163
164 var labelValueRegexp = regexp.MustCompile("^" + labelValueFmt + "$")
165
166
167
168
169 func IsValidLabelValue(value string) []string {
170 var errs []string
171 if len(value) > LabelValueMaxLength {
172 errs = append(errs, MaxLenError(LabelValueMaxLength))
173 }
174 if !labelValueRegexp.MatchString(value) {
175 errs = append(errs, RegexError(labelValueErrMsg, labelValueFmt, "MyValue", "my_value", "12345"))
176 }
177 return errs
178 }
179
180 const dns1123LabelFmt string = "[a-z0-9]([-a-z0-9]*[a-z0-9])?"
181 const dns1123LabelErrMsg string = "a DNS-1123 label must consist of lower case alphanumeric characters or '-', and must start and end with an alphanumeric character"
182
183
184 const DNS1123LabelMaxLength int = 63
185
186 var dns1123LabelRegexp = regexp.MustCompile("^" + dns1123LabelFmt + "$")
187
188
189
190 func IsDNS1123Label(value string) []string {
191 var errs []string
192 if len(value) > DNS1123LabelMaxLength {
193 errs = append(errs, MaxLenError(DNS1123LabelMaxLength))
194 }
195 if !dns1123LabelRegexp.MatchString(value) {
196 errs = append(errs, RegexError(dns1123LabelErrMsg, dns1123LabelFmt, "my-name", "123-abc"))
197 }
198 return errs
199 }
200
201 const dns1123SubdomainFmt string = dns1123LabelFmt + "(\\." + dns1123LabelFmt + ")*"
202 const dns1123SubdomainErrorMsg string = "a DNS-1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character"
203
204
205 const DNS1123SubdomainMaxLength int = 253
206
207 var dns1123SubdomainRegexp = regexp.MustCompile("^" + dns1123SubdomainFmt + "$")
208
209
210
211 func IsDNS1123Subdomain(value string) []string {
212 var errs []string
213 if len(value) > DNS1123SubdomainMaxLength {
214 errs = append(errs, MaxLenError(DNS1123SubdomainMaxLength))
215 }
216 if !dns1123SubdomainRegexp.MatchString(value) {
217 errs = append(errs, RegexError(dns1123SubdomainErrorMsg, dns1123SubdomainFmt, "example.com"))
218 }
219 return errs
220 }
221
222 const dns1035LabelFmt string = "[a-z]([-a-z0-9]*[a-z0-9])?"
223 const dns1035LabelErrMsg string = "a DNS-1035 label must consist of lower case alphanumeric characters or '-', start with an alphabetic character, and end with an alphanumeric character"
224
225
226 const DNS1035LabelMaxLength int = 63
227
228 var dns1035LabelRegexp = regexp.MustCompile("^" + dns1035LabelFmt + "$")
229
230
231
232 func IsDNS1035Label(value string) []string {
233 var errs []string
234 if len(value) > DNS1035LabelMaxLength {
235 errs = append(errs, MaxLenError(DNS1035LabelMaxLength))
236 }
237 if !dns1035LabelRegexp.MatchString(value) {
238 errs = append(errs, RegexError(dns1035LabelErrMsg, dns1035LabelFmt, "my-name", "abc-123"))
239 }
240 return errs
241 }
242
243
244
245
246
247 const wildcardDNS1123SubdomainFmt = "\\*\\." + dns1123SubdomainFmt
248 const wildcardDNS1123SubdomainErrMsg = "a wildcard DNS-1123 subdomain must start with '*.', followed by a valid DNS subdomain, which must consist of lower case alphanumeric characters, '-' or '.' and end with an alphanumeric character"
249
250
251
252 func IsWildcardDNS1123Subdomain(value string) []string {
253 wildcardDNS1123SubdomainRegexp := regexp.MustCompile("^" + wildcardDNS1123SubdomainFmt + "$")
254
255 var errs []string
256 if len(value) > DNS1123SubdomainMaxLength {
257 errs = append(errs, MaxLenError(DNS1123SubdomainMaxLength))
258 }
259 if !wildcardDNS1123SubdomainRegexp.MatchString(value) {
260 errs = append(errs, RegexError(wildcardDNS1123SubdomainErrMsg, wildcardDNS1123SubdomainFmt, "*.example.com"))
261 }
262 return errs
263 }
264
265 const cIdentifierFmt string = "[A-Za-z_][A-Za-z0-9_]*"
266 const identifierErrMsg string = "a valid C identifier must start with alphabetic character or '_', followed by a string of alphanumeric characters or '_'"
267
268 var cIdentifierRegexp = regexp.MustCompile("^" + cIdentifierFmt + "$")
269
270
271
272 func IsCIdentifier(value string) []string {
273 if !cIdentifierRegexp.MatchString(value) {
274 return []string{RegexError(identifierErrMsg, cIdentifierFmt, "my_name", "MY_NAME", "MyName")}
275 }
276 return nil
277 }
278
279
280 func IsValidPortNum(port int) []string {
281 if 1 <= port && port <= 65535 {
282 return nil
283 }
284 return []string{InclusiveRangeError(1, 65535)}
285 }
286
287
288 func IsInRange(value int, min int, max int) []string {
289 if value >= min && value <= max {
290 return nil
291 }
292 return []string{InclusiveRangeError(min, max)}
293 }
294
295
296
297 const (
298 minUserID = 0
299 maxUserID = math.MaxInt32
300 minGroupID = 0
301 maxGroupID = math.MaxInt32
302 )
303
304
305 func IsValidGroupID(gid int64) []string {
306 if minGroupID <= gid && gid <= maxGroupID {
307 return nil
308 }
309 return []string{InclusiveRangeError(minGroupID, maxGroupID)}
310 }
311
312
313 func IsValidUserID(uid int64) []string {
314 if minUserID <= uid && uid <= maxUserID {
315 return nil
316 }
317 return []string{InclusiveRangeError(minUserID, maxUserID)}
318 }
319
320 var portNameCharsetRegex = regexp.MustCompile("^[-a-z0-9]+$")
321 var portNameOneLetterRegexp = regexp.MustCompile("[a-z]")
322
323
324
325
326
327
328
329
330 func IsValidPortName(port string) []string {
331 var errs []string
332 if len(port) > 15 {
333 errs = append(errs, MaxLenError(15))
334 }
335 if !portNameCharsetRegex.MatchString(port) {
336 errs = append(errs, "must contain only alpha-numeric characters (a-z, 0-9), and hyphens (-)")
337 }
338 if !portNameOneLetterRegexp.MatchString(port) {
339 errs = append(errs, "must contain at least one letter or number (a-z, 0-9)")
340 }
341 if strings.Contains(port, "--") {
342 errs = append(errs, "must not contain consecutive hyphens")
343 }
344 if len(port) > 0 && (port[0] == '-' || port[len(port)-1] == '-') {
345 errs = append(errs, "must not begin or end with a hyphen")
346 }
347 return errs
348 }
349
350
351 func IsValidIP(value string) []string {
352 if net.ParseIP(value) == nil {
353 return []string{"must be a valid IP address, (e.g. 10.9.8.7)"}
354 }
355 return nil
356 }
357
358
359 func IsValidIPv4Address(fldPath *field.Path, value string) field.ErrorList {
360 var allErrors field.ErrorList
361 ip := net.ParseIP(value)
362 if ip == nil || ip.To4() == nil {
363 allErrors = append(allErrors, field.Invalid(fldPath, value, "must be a valid IPv4 address"))
364 }
365 return allErrors
366 }
367
368
369 func IsValidIPv6Address(fldPath *field.Path, value string) field.ErrorList {
370 var allErrors field.ErrorList
371 ip := net.ParseIP(value)
372 if ip == nil || ip.To4() != nil {
373 allErrors = append(allErrors, field.Invalid(fldPath, value, "must be a valid IPv6 address"))
374 }
375 return allErrors
376 }
377
378 const percentFmt string = "[0-9]+%"
379 const percentErrMsg string = "a valid percent string must be a numeric string followed by an ending '%'"
380
381 var percentRegexp = regexp.MustCompile("^" + percentFmt + "$")
382
383
384 func IsValidPercent(percent string) []string {
385 if !percentRegexp.MatchString(percent) {
386 return []string{RegexError(percentErrMsg, percentFmt, "1%", "93%")}
387 }
388 return nil
389 }
390
391 const httpHeaderNameFmt string = "[-A-Za-z0-9]+"
392 const httpHeaderNameErrMsg string = "a valid HTTP header must consist of alphanumeric characters or '-'"
393
394 var httpHeaderNameRegexp = regexp.MustCompile("^" + httpHeaderNameFmt + "$")
395
396
397
398 func IsHTTPHeaderName(value string) []string {
399 if !httpHeaderNameRegexp.MatchString(value) {
400 return []string{RegexError(httpHeaderNameErrMsg, httpHeaderNameFmt, "X-Header-Name")}
401 }
402 return nil
403 }
404
405 const envVarNameFmt = "[-._a-zA-Z][-._a-zA-Z0-9]*"
406 const envVarNameFmtErrMsg string = "a valid environment variable name must consist of alphabetic characters, digits, '_', '-', or '.', and must not start with a digit"
407
408 var envVarNameRegexp = regexp.MustCompile("^" + envVarNameFmt + "$")
409
410
411 func IsEnvVarName(value string) []string {
412 var errs []string
413 if !envVarNameRegexp.MatchString(value) {
414 errs = append(errs, RegexError(envVarNameFmtErrMsg, envVarNameFmt, "my.env-name", "MY_ENV.NAME", "MyEnvName1"))
415 }
416
417 errs = append(errs, hasChDirPrefix(value)...)
418 return errs
419 }
420
421 const configMapKeyFmt = `[-._a-zA-Z0-9]+`
422 const configMapKeyErrMsg string = "a valid config key must consist of alphanumeric characters, '-', '_' or '.'"
423
424 var configMapKeyRegexp = regexp.MustCompile("^" + configMapKeyFmt + "$")
425
426
427 func IsConfigMapKey(value string) []string {
428 var errs []string
429 if len(value) > DNS1123SubdomainMaxLength {
430 errs = append(errs, MaxLenError(DNS1123SubdomainMaxLength))
431 }
432 if !configMapKeyRegexp.MatchString(value) {
433 errs = append(errs, RegexError(configMapKeyErrMsg, configMapKeyFmt, "key.name", "KEY_NAME", "key-name"))
434 }
435 errs = append(errs, hasChDirPrefix(value)...)
436 return errs
437 }
438
439
440
441 func MaxLenError(length int) string {
442 return fmt.Sprintf("must be no more than %d characters", length)
443 }
444
445
446 func RegexError(msg string, fmt string, examples ...string) string {
447 if len(examples) == 0 {
448 return msg + " (regex used for validation is '" + fmt + "')"
449 }
450 msg += " (e.g. "
451 for i := range examples {
452 if i > 0 {
453 msg += " or "
454 }
455 msg += "'" + examples[i] + "', "
456 }
457 msg += "regex used for validation is '" + fmt + "')"
458 return msg
459 }
460
461
462
463 func EmptyError() string {
464 return "must be non-empty"
465 }
466
467 func prefixEach(msgs []string, prefix string) []string {
468 for i := range msgs {
469 msgs[i] = prefix + msgs[i]
470 }
471 return msgs
472 }
473
474
475
476 func InclusiveRangeError(lo, hi int) string {
477 return fmt.Sprintf(`must be between %d and %d, inclusive`, lo, hi)
478 }
479
480 func hasChDirPrefix(value string) []string {
481 var errs []string
482 switch {
483 case value == ".":
484 errs = append(errs, `must not be '.'`)
485 case value == "..":
486 errs = append(errs, `must not be '..'`)
487 case strings.HasPrefix(value, ".."):
488 errs = append(errs, `must not start with '..'`)
489 }
490 return errs
491 }
492
493
494
495 func IsValidSocketAddr(value string) []string {
496 var errs []string
497 ip, port, err := net.SplitHostPort(value)
498 if err != nil {
499 errs = append(errs, "must be a valid socket address format, (e.g. 0.0.0.0:10254 or [::]:10254)")
500 return errs
501 }
502 portInt, _ := strconv.Atoi(port)
503 errs = append(errs, IsValidPortNum(portInt)...)
504 errs = append(errs, IsValidIP(ip)...)
505 return errs
506 }
507
View as plain text