230 lines
8.5 KiB
Go
230 lines
8.5 KiB
Go
/*
|
|
Copyright 2014 The Kubernetes Authors.
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
you may not use this file except in compliance with the License.
|
|
You may obtain a copy of the License at
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
See the License for the specific language governing permissions and
|
|
limitations under the License.
|
|
*/
|
|
|
|
package rest
|
|
|
|
import (
|
|
"fmt"
|
|
|
|
"k8s.io/apimachinery/pkg/api/errors"
|
|
"k8s.io/apimachinery/pkg/api/meta"
|
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
|
"k8s.io/apimachinery/pkg/runtime"
|
|
"k8s.io/apimachinery/pkg/util/validation/field"
|
|
genericapirequest "k8s.io/apiserver/pkg/endpoints/request"
|
|
"k8s.io/kubernetes/pkg/api"
|
|
"k8s.io/kubernetes/pkg/api/validation/genericvalidation"
|
|
)
|
|
|
|
// RESTUpdateStrategy defines the minimum validation, accepted input, and
|
|
// name generation behavior to update an object that follows Kubernetes
|
|
// API conventions. A resource may have many UpdateStrategies, depending on
|
|
// the call pattern in use.
|
|
type RESTUpdateStrategy interface {
|
|
runtime.ObjectTyper
|
|
// NamespaceScoped returns true if the object must be within a namespace.
|
|
NamespaceScoped() bool
|
|
// AllowCreateOnUpdate returns true if the object can be created by a PUT.
|
|
AllowCreateOnUpdate() bool
|
|
// PrepareForUpdate is invoked on update before validation to normalize
|
|
// the object. For example: remove fields that are not to be persisted,
|
|
// sort order-insensitive list fields, etc. This should not remove fields
|
|
// whose presence would be considered a validation error.
|
|
PrepareForUpdate(ctx genericapirequest.Context, obj, old runtime.Object)
|
|
// ValidateUpdate is invoked after default fields in the object have been
|
|
// filled in before the object is persisted. This method should not mutate
|
|
// the object.
|
|
ValidateUpdate(ctx genericapirequest.Context, obj, old runtime.Object) field.ErrorList
|
|
// Canonicalize allows an object to be mutated into a canonical form. This
|
|
// ensures that code that operates on these objects can rely on the common
|
|
// form for things like comparison. Canonicalize is invoked after
|
|
// validation has succeeded but before the object has been persisted.
|
|
// This method may mutate the object.
|
|
Canonicalize(obj runtime.Object)
|
|
// AllowUnconditionalUpdate returns true if the object can be updated
|
|
// unconditionally (irrespective of the latest resource version), when
|
|
// there is no resource version specified in the object.
|
|
AllowUnconditionalUpdate() bool
|
|
}
|
|
|
|
// TODO: add other common fields that require global validation.
|
|
func validateCommonFields(obj, old runtime.Object) (field.ErrorList, error) {
|
|
allErrs := field.ErrorList{}
|
|
objectMeta, err := metav1.ObjectMetaFor(obj)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("failed to get new object metadata: %v", err)
|
|
}
|
|
oldObjectMeta, err := metav1.ObjectMetaFor(old)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("failed to get old object metadata: %v", err)
|
|
}
|
|
allErrs = append(allErrs, genericvalidation.ValidateObjectMetaUpdate(objectMeta, oldObjectMeta, field.NewPath("metadata"))...)
|
|
|
|
return allErrs, nil
|
|
}
|
|
|
|
// BeforeUpdate ensures that common operations for all resources are performed on update. It only returns
|
|
// errors that can be converted to api.Status. It will invoke update validation with the provided existing
|
|
// and updated objects.
|
|
func BeforeUpdate(strategy RESTUpdateStrategy, ctx genericapirequest.Context, obj, old runtime.Object) error {
|
|
objectMeta, kind, kerr := objectMetaAndKind(strategy, obj)
|
|
if kerr != nil {
|
|
return kerr
|
|
}
|
|
if strategy.NamespaceScoped() {
|
|
if !ValidNamespace(ctx, objectMeta) {
|
|
return errors.NewBadRequest("the namespace of the provided object does not match the namespace sent on the request")
|
|
}
|
|
} else {
|
|
objectMeta.Namespace = metav1.NamespaceNone
|
|
}
|
|
// Ensure requests cannot update generation
|
|
oldMeta, err := metav1.ObjectMetaFor(old)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
objectMeta.Generation = oldMeta.Generation
|
|
|
|
strategy.PrepareForUpdate(ctx, obj, old)
|
|
|
|
// ClusterName is ignored and should not be saved
|
|
objectMeta.ClusterName = ""
|
|
|
|
// Ensure some common fields, like UID, are validated for all resources.
|
|
errs, err := validateCommonFields(obj, old)
|
|
if err != nil {
|
|
return errors.NewInternalError(err)
|
|
}
|
|
|
|
errs = append(errs, strategy.ValidateUpdate(ctx, obj, old)...)
|
|
if len(errs) > 0 {
|
|
return errors.NewInvalid(kind.GroupKind(), objectMeta.Name, errs)
|
|
}
|
|
|
|
strategy.Canonicalize(obj)
|
|
|
|
return nil
|
|
}
|
|
|
|
// TransformFunc is a function to transform and return newObj
|
|
type TransformFunc func(ctx genericapirequest.Context, newObj runtime.Object, oldObj runtime.Object) (transformedNewObj runtime.Object, err error)
|
|
|
|
// defaultUpdatedObjectInfo implements UpdatedObjectInfo
|
|
type defaultUpdatedObjectInfo struct {
|
|
// obj is the updated object
|
|
obj runtime.Object
|
|
|
|
// copier makes a copy of the object before returning it.
|
|
// this allows repeated calls to UpdatedObject() to return
|
|
// pristine data, even if the returned value is mutated.
|
|
copier runtime.ObjectCopier
|
|
|
|
// transformers is an optional list of transforming functions that modify or
|
|
// replace obj using information from the context, old object, or other sources.
|
|
transformers []TransformFunc
|
|
}
|
|
|
|
// DefaultUpdatedObjectInfo returns an UpdatedObjectInfo impl based on the specified object.
|
|
func DefaultUpdatedObjectInfo(obj runtime.Object, copier runtime.ObjectCopier, transformers ...TransformFunc) UpdatedObjectInfo {
|
|
return &defaultUpdatedObjectInfo{obj, copier, transformers}
|
|
}
|
|
|
|
// Preconditions satisfies the UpdatedObjectInfo interface.
|
|
func (i *defaultUpdatedObjectInfo) Preconditions() *api.Preconditions {
|
|
// Attempt to get the UID out of the object
|
|
accessor, err := meta.Accessor(i.obj)
|
|
if err != nil {
|
|
// If no UID can be read, no preconditions are possible
|
|
return nil
|
|
}
|
|
|
|
// If empty, no preconditions needed
|
|
uid := accessor.GetUID()
|
|
if len(uid) == 0 {
|
|
return nil
|
|
}
|
|
|
|
return &api.Preconditions{UID: &uid}
|
|
}
|
|
|
|
// UpdatedObject satisfies the UpdatedObjectInfo interface.
|
|
// It returns a copy of the held obj, passed through any configured transformers.
|
|
func (i *defaultUpdatedObjectInfo) UpdatedObject(ctx genericapirequest.Context, oldObj runtime.Object) (runtime.Object, error) {
|
|
var err error
|
|
// Start with the configured object
|
|
newObj := i.obj
|
|
|
|
// If the original is non-nil (might be nil if the first transformer builds the object from the oldObj), make a copy,
|
|
// so we don't return the original. BeforeUpdate can mutate the returned object, doing things like clearing ResourceVersion.
|
|
// If we're re-called, we need to be able to return the pristine version.
|
|
if newObj != nil {
|
|
newObj, err = i.copier.Copy(newObj)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
}
|
|
|
|
// Allow any configured transformers to update the new object
|
|
for _, transformer := range i.transformers {
|
|
newObj, err = transformer(ctx, newObj, oldObj)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
}
|
|
|
|
return newObj, nil
|
|
}
|
|
|
|
// wrappedUpdatedObjectInfo allows wrapping an existing objInfo and
|
|
// chaining additional transformations/checks on the result of UpdatedObject()
|
|
type wrappedUpdatedObjectInfo struct {
|
|
// obj is the updated object
|
|
objInfo UpdatedObjectInfo
|
|
|
|
// transformers is an optional list of transforming functions that modify or
|
|
// replace obj using information from the context, old object, or other sources.
|
|
transformers []TransformFunc
|
|
}
|
|
|
|
// WrapUpdatedObjectInfo returns an UpdatedObjectInfo impl that delegates to
|
|
// the specified objInfo, then calls the passed transformers
|
|
func WrapUpdatedObjectInfo(objInfo UpdatedObjectInfo, transformers ...TransformFunc) UpdatedObjectInfo {
|
|
return &wrappedUpdatedObjectInfo{objInfo, transformers}
|
|
}
|
|
|
|
// Preconditions satisfies the UpdatedObjectInfo interface.
|
|
func (i *wrappedUpdatedObjectInfo) Preconditions() *api.Preconditions {
|
|
return i.objInfo.Preconditions()
|
|
}
|
|
|
|
// UpdatedObject satisfies the UpdatedObjectInfo interface.
|
|
// It delegates to the wrapped objInfo and passes the result through any configured transformers.
|
|
func (i *wrappedUpdatedObjectInfo) UpdatedObject(ctx genericapirequest.Context, oldObj runtime.Object) (runtime.Object, error) {
|
|
newObj, err := i.objInfo.UpdatedObject(ctx, oldObj)
|
|
if err != nil {
|
|
return newObj, err
|
|
}
|
|
|
|
// Allow any configured transformers to update the new object or error
|
|
for _, transformer := range i.transformers {
|
|
newObj, err = transformer(ctx, newObj, oldObj)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
}
|
|
|
|
return newObj, nil
|
|
}
|