asset/installconfig: improve validation of user inputs #711
Conversation
openshift-ci-robot
added
size/XXL
| @@ -249,51 +122,6 @@ func TestEmail(t *testing.T) { | |||
| }) | |||
| } | |||
| } | |||
| func TestCIDRsDontOverlap(t *testing.T) { | |||
There was a problem hiding this comment.
Might be useful to validate cluster and service cidrs do not overlap.
There was a problem hiding this comment.
I'll add some validation to install-config.yml.
There was a problem hiding this comment.
@staebler any progress on this?
There was a problem hiding this comment.
The implementation for install-config.yml validation is done and add to this PR. I have a bunch of unit tests that I need to create for it still, so I have marked this PR as WIP while I finish those.
staebler
changed the title
openshift-ci-robot
added
the
do-not-merge/work-in-progress
pkg/ipnet/ipnet.go
Outdated
|
|
||
| // ParseCIDRMust parses a CIDR from its string representation. If the parse fails, | ||
| // the function will panic. | ||
| func ParseCIDRMust(s string) *IPNet { |
openshift-ci-robot
added
needs-rebase
staebler
changed the title
openshift-ci-robot
removed
the
do-not-merge/work-in-progress
|
/retest |
|
@abhinavdahiya Some documentation around running unit tests and re-generating mock files has been added to CONTRIBUTING.md. |
|
/lgtm |
|
/lgtm |
|
|
||
| Some unit tests use mocks that are generated with gomock. If the underlying interface for a mock changes, then the mock will need to be regenerated. Use the following to regenerate all of the mocks under the pkg package. | ||
|
|
||
| ``` |
There was a problem hiding this comment.
nit: this and the following fenced block should use:
```sh
Because they're shell excerpts. But we can fix that in follow-up work.
| valid: false, | ||
| }, | ||
| { | ||
| name: "missing worker machine pool", |
There was a problem hiding this comment.
Should this be allowed? We can create worker pools as a day-2 operation, can't we?
There was a problem hiding this comment.
currently our install fails if we do not have workers. So this is required for now.
There was a problem hiding this comment.
I remember it failing at one point without workers defined in the install config. That may have been resolved since I originally wrote it. I'll dig into it further, and if we succeed without workers defined, then I will file a follow-up PR.
| installConfig: func() *types.InstallConfig { | ||
| c := validInstallConfig() | ||
| c.Machines = append(c.Machines, types.MachinePool{ | ||
| Name: "other", |
There was a problem hiding this comment.
I think we want to support this. See here.
There was a problem hiding this comment.
hive team is going to be making that change soon, they can change the tests.
also right now we have nothing that supports adding these random pools.
Use kubernetes validation of rfc-1123 sub-domains, with the addition that the base domain can end with a dot. This change removes the ability to use uppercase letters in the base domain. https://jira.coreos.com/browse/CORS-850
Validate that (1) there is an "auths" field, (2) the "auths" value has fields, and (3) each field in the "auth" value has an "auth" or a "credsStore" field. https://jira.coreos.com/browse/CORS-850
Use ParseAuthorizedKey from golang.org/x/crypto/ssh to validate that the provided ssh key can be parsed. https://jira.coreos.com/browse/CORS-850
The validation functions use golang.org/x/crypto/ssh to validate the ssh key provided. https://jira.coreos.com/browse/CORS-850
Move the uri validation from pkg/asset/installconfig/libvirt to pkg/validation for consistency with other validation functions. https://jira.coreos.com/browse/CORS-850
Much of the code that made of the CIDR validation was there to give a custom description of what made the CIDR provided invalid. This has been removed in favor of using the error returned by the golang library's ParseCIDR function. Additionally, the code to determine whether two CIDRs overlap was unnecessary complex because it did not take advantage of the fact that CIDRs only overlap if one is a subset of the other. https://jira.coreos.com/browse/CORS-850
When an InstallConfig asset is loaded from an on-disk file, validate that the fields of the InstallConfig have appropriate values. This uses all the same validations that are down on the user-provided assets upon which the InstalConfig asset depends as well as addition validations on other fields. #711
The emailaddress asset is no longer used as of commit e7aaedb.
Remove validation functions that are no longer being used. https://jira.coreos.com/browse/CORS-850
Add gomock to use to mock asset.FileFetcher in unit tests that load assets. https://jira.coreos.com/browse/CORS-850
…nfig.yml Move the fetching of openstack platform values to types/openstack/validation so that it can be used to validate values in the install-config.yml as well. https://jira.coreos.com/browse/CORS-888
|
looks like this needs another rebase |
Rebased to fix conflicts with #654. |
|
/lgtm |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: abhinavdahiya, staebler The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
/retest |
|
@staebler: The following test failed, say
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
|
/retest |
Covering 5813f61 (Merge pull request openshift#745 from wking/s3-vpc-endpoint, 2018-12-13) through 874876e (Merge pull request openshift#711 from staebler/improve_input_validation, 2018-12-14).
Catching up with openshift/installer@b2d6fa40 (validate: simplify CIDR validation, 2018-11-27, openshift/installer#711).
And rename to 'Regions', since the target package is already about validation. ValidRegions was added to the aws package in b2d6fa4 (validate: simplify CIDR validation, 2018-11-27, openshift#711), but it's just used for validation and it isn't a type defintion.
Catching up with openshift/installer@b2d6fa40 (validate: simplify CIDR validation, 2018-11-27, openshift/installer#711).
Catching up with openshift/installer@b2d6fa40 (validate: simplify CIDR validation, 2018-11-27, openshift/installer#711). We can't convert the v1alpha1 type to an *IPNet, because it doesn't have DeepCopyInto methods [1]: go vet ./pkg/... ./cmd/... ./contrib/... # github.com/openshift/hive/pkg/apis/hive/v1alpha1 pkg/apis/hive/v1alpha1/zz_generated.deepcopy.go:87:8: (*in).DeepCopyInto undefined (type *ipnet.IPNet has no field or method DeepCopyInto) We used to define those methods in the installer, but stopped in openshift/installer@ca6f6195 (Revert "pkg/ipnet: Add DeepCopy and DeepCopyInto for IPNet", 2018-09-20, openshift/installer#295). [1]: https://storage.googleapis.com/origin-ci-test/pr-logs/pull/openshift_hive/144/pull-ci-openshift-hive-master-unit/253/build-log.txt
For most of the validation, bespoke code has been removed in lieu of calling code that already exists and is more widely used.
Validation has been added to the InstallConfig asset to enforce that the install-config.yml file loaded is valid. Some fields have been modified to make this easier. For example, the CIDR fields that were strings had their types changed to
ipnet.IPNet.Fixes https://jira.coreos.com/browse/CORS-850
Fixes https://jira.coreos.com/browse/CORS-941
Fixes #910