kubernetes-sigs/kustomize
1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kustomize.git synced 2026-06-14 10:30:59 +00:00
Code Issues Packages Projects Releases 1 Wiki Activity

Throwing error instead of silently ignoring invalid input

Browse Source
This commit is contained in:
m-Bilal
2022-01-01 21:52:37 +05:30
parent b28f1e55b7
commit ff7b2f20d5
4 changed files with 22 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
api/internal/accumulator/namereferencetransformer.go
View File

@@ -52,7 +52,10 @@ func (t *nameReferenceTransformer) Transform(m resmap.ResMap) error {
fMap := t.determineFilters(m.Resources()) fMap := t.determineFilters(m.Resources())
debug(fMap) debug(fMap)
for r, fList := range fMap { for r, fList := range fMap {
c := m.SubsetThatCouldBeReferencedByResource(r) c, err := m.SubsetThatCouldBeReferencedByResource(r)
if err != nil {
return err
}
for _, f := range fList { for _, f := range fList {
f.Referrer = r f.Referrer = r
f.ReferralCandidates = c f.ReferralCandidates = c

2
api/resmap/resmap.go
View File

@@ -212,7 +212,7 @@ type ResMap interface {
// This is a filter; it excludes things that cannot be // This is a filter; it excludes things that cannot be
// referenced by the resource, e.g. objects in other // referenced by the resource, e.g. objects in other
// namespaces. Cluster wide objects are never excluded. // namespaces. Cluster wide objects are never excluded.
SubsetThatCouldBeReferencedByResource(*resource.Resource) ResMap SubsetThatCouldBeReferencedByResource(*resource.Resource) (ResMap, error)
// DeAnchor replaces YAML aliases with structured data copied from anchors. // DeAnchor replaces YAML aliases with structured data copied from anchors.
// This cannot be undone; if desired, call DeepCopy first. // This cannot be undone; if desired, call DeepCopy first.

21
api/resmap/reswrangler.go
View File

@@ -389,14 +389,17 @@ func (m *resWrangler) makeCopy(copier resCopier) ResMap {
// SubsetThatCouldBeReferencedByResource implements ResMap. // SubsetThatCouldBeReferencedByResource implements ResMap.
func (m *resWrangler) SubsetThatCouldBeReferencedByResource( func (m *resWrangler) SubsetThatCouldBeReferencedByResource(
referrer *resource.Resource) ResMap { referrer *resource.Resource) (ResMap, error) {
referrerId := referrer.CurId() referrerId := referrer.CurId()
if referrerId.IsClusterScoped() { if referrerId.IsClusterScoped() {
// A cluster scoped resource can refer to anything. // A cluster scoped resource can refer to anything.
return m return m, nil
} }
result := newOne() result := newOne()
roleBindingNamespaces := getNamespacesForRoleBinding(referrer) roleBindingNamespaces, err := getNamespacesForRoleBinding(referrer)
if err != nil {
return nil, err
}
for _, possibleTarget := range m.rList { for _, possibleTarget := range m.rList {
id := possibleTarget.CurId() id := possibleTarget.CurId()
if id.IsClusterScoped() { if id.IsClusterScoped() {
@@ -416,20 +419,20 @@ func (m *resWrangler) SubsetThatCouldBeReferencedByResource(
result.append(possibleTarget) result.append(possibleTarget)
} }
} }
return result return result, nil
} }
// getNamespacesForRoleBinding returns referenced ServiceAccount namespaces // getNamespacesForRoleBinding returns referenced ServiceAccount namespaces
// if the resource is a RoleBinding // if the resource is a RoleBinding
func getNamespacesForRoleBinding(r *resource.Resource) map[string]bool { func getNamespacesForRoleBinding(r *resource.Resource) (map[string]bool, error) {
result := make(map[string]bool) result := make(map[string]bool)
if r.GetKind() != "RoleBinding" { if r.GetKind() != "RoleBinding" {
return result return result, nil
} }
//nolint staticcheck //nolint staticcheck
subjects, err := r.GetSlice("subjects") subjects, err := r.GetSlice("subjects")
if err != nil || subjects == nil { if err != nil || subjects == nil {
return result return result, nil
} }
for _, s := range subjects { for _, s := range subjects {
subject := s.(map[string]interface{}) subject := s.(map[string]interface{})
@@ -438,12 +441,14 @@ func getNamespacesForRoleBinding(r *resource.Resource) map[string]bool {
if kind.(string) == "ServiceAccount" { if kind.(string) == "ServiceAccount" {
if n, ok3 := ns.(string); ok3 { if n, ok3 := ns.(string); ok3 {
result[n] = true result[n] = true
} else {
return nil, errors.New("Invalid Input: namespace is blank")
} }
} }
} }
} }
} }
return result return result, nil
} }
// AppendAll implements ResMap. // AppendAll implements ResMap.

5
api/resmap/reswrangler_test.go
View File

@@ -566,7 +566,10 @@ func TestSubsetThatCouldBeReferencedByResource(t *testing.T) {
for name, test := range tests { for name, test := range tests {
test := test test := test
t.Run(name, func(t *testing.T) { t.Run(name, func(t *testing.T) {
got := m.SubsetThatCouldBeReferencedByResource(test.filter) got, err1 := m.SubsetThatCouldBeReferencedByResource(test.filter)
if err1 != nil {
t.Fatalf("Expected error %v: ", err1)
}
err := test.expected.ErrorIfNotEqualLists(got) err := test.expected.ErrorIfNotEqualLists(got)
if err != nil { if err != nil {
test.expected.Debug("expected") test.expected.Debug("expected")