Improve create volume error messages and path validation

Correctly validate paths on the client when checking key/path items in a
config map or secret volume.

Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1397788
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1397789

Author: spadgett

app/scripts/controllers/addConfigVolume.js

@@ -225,7 +225,11 @@ angular.module('openshiftConsole')
               $window.history.back();
             },
             function(result) {
-              displayError("An error occurred attaching the persistent volume claim to the " + $filter('humanizeKind')($routeParams.kind) + ".", getErrorDetails(result));
+              $scope.disableInputs = false;
+              var humanizeKind = $filter('humanizeKind');
+              var sourceKind = humanizeKind(source.kind);
+              var targetKind = humanizeKind($routeParams.kind);
+              displayError("An error occurred attaching the " + sourceKind + " to the " + targetKind + ".", getErrorDetails(result));
             }
           );
         };

app/views/add-config-volume.html

@@ -136,19 +136,33 @@ <h3>Keys and Paths</h3>
                               </div>
                               <div class="form-group col-md-6">
                                 <label ng-attr-for="path-{{$id}}" class="required">Path</label>
+                                <!--
+                                  Regex matches any paths not starting with `/` or containing `..` as path elements.
+                                  Use negative lookaheads to assert that the value does not match those patterns.
+
+                                    (?!(\.\.)?\/)         do not match strings starting with `/` or `../`
+                                    (?!.*\/\.\.(\/|$))    do not match strings containing `/../` or ending in `/..`
+                                -->
                                 <input
                                     ng-attr-id="path-{{$id}}"
                                     class="form-control"
                                     ng-class="{ 'has-error': forms.addConfigVolumeForm['path-' + $id].$invalid && forms.addConfigVolumeForm['path-' + $id].$touched }"
                                     type="text"
                                     name="path-{{$id}}"
                                     ng-model="item.path"
+                                    ng-pattern="/^(?!(\.\.)?\/)(?!.*\/\.\.(\/|$)).*$/"
                                     required
                                     osc-unique="itemPaths"
                                     placeholder="example: config/app.properties"
                                     autocorrect="off"
                                     autocapitalize="off"
                                     spellcheck="false">
+                                <div class="has-error" ng-show="forms.addConfigVolumeForm['path-' + $id].$error.pattern">
+                                  <span class="help-block">
+                                    Path must be a relative path. It cannot start with <code>/</code> or
+                                    contain <code>..</code> path elements.
+                                  </span>
+                                </div>
                                 <div class="has-error" ng-show="forms.addConfigVolumeForm['path-' + $id].$error.oscUnique">
                                   <span class="help-block">
                                     Paths must be unique.

dist/scripts/scripts.js

@@ -8308,8 +8308,10 @@ items:r
 }
 i.spec.volumes = i.spec.volumes || [], i.spec.volumes.push(s), c.alerts = {}, c.disableInputs = !0, g.update(l, e.metadata.name, c.targetObject, h).then(function() {
 d.history.back();
-}, function(c) {
-n("An error occurred attaching the persistent volume claim to the " + a("humanizeKind")(b.kind) + ".", k(c));
+}, function(d) {
+c.disableInputs = !1;
+var e = a("humanizeKind"), g = e(f.kind), h = e(b.kind);
+n("An error occurred attaching the " + g + " to the " + h + ".", k(d));
 });
 }
 };

dist/scripts/templates.js

@@ -1028,7 +1028,13 @@ angular.module('openshiftConsoleTemplates', []).run(['$templateCache', function(
     "</div>\n" +
     "<div class=\"form-group col-md-6\">\n" +
     "<label ng-attr-for=\"path-{{$id}}\" class=\"required\">Path</label>\n" +
-    "<input ng-attr-id=\"path-{{$id}}\" class=\"form-control\" ng-class=\"{ 'has-error': forms.addConfigVolumeForm['path-' + $id].$invalid && forms.addConfigVolumeForm['path-' + $id].$touched }\" type=\"text\" name=\"path-{{$id}}\" ng-model=\"item.path\" required osc-unique=\"itemPaths\" placeholder=\"example: config/app.properties\" autocorrect=\"off\" autocapitalize=\"off\" spellcheck=\"false\">\n" +
+    "\n" +
+    "<input ng-attr-id=\"path-{{$id}}\" class=\"form-control\" ng-class=\"{ 'has-error': forms.addConfigVolumeForm['path-' + $id].$invalid && forms.addConfigVolumeForm['path-' + $id].$touched }\" type=\"text\" name=\"path-{{$id}}\" ng-model=\"item.path\" ng-pattern=\"/^(?!(\\.\\.)?\\/)(?!.*\\/\\.\\.(\\/|$)).*$/\" required osc-unique=\"itemPaths\" placeholder=\"example: config/app.properties\" autocorrect=\"off\" autocapitalize=\"off\" spellcheck=\"false\">\n" +
+    "<div class=\"has-error\" ng-show=\"forms.addConfigVolumeForm['path-' + $id].$error.pattern\">\n" +
+    "<span class=\"help-block\">\n" +
+    "Path must be a relative path. It cannot start with <code>/</code> or contain <code>..</code> path elements.\n" +
+    "</span>\n" +
+    "</div>\n" +
     "<div class=\"has-error\" ng-show=\"forms.addConfigVolumeForm['path-' + $id].$error.oscUnique\">\n" +
     "<span class=\"help-block\">\n" +
     "Paths must be unique.\n" +