Merge pull request #12016 from liggitt/path-name-validation

OpenShift Bot · web-flow · commit 38e6fba9509a · 2016-12-04T09:58:04.000-05:00
Merged by openshift-bot
diff --git a/pkg/api/helpers.go b/pkg/api/helpers.go
@@ -2,34 +2,14 @@ package api
 
 import (
 	"fmt"
-	"strings"
 
 	"k8s.io/kubernetes/pkg/api/validation"
 )
 
-var NameMayNotBe = []string{".", ".."}
-var NameMayNotContain = []string{"/", "%"}
-
-func MinimalNameRequirements(name string, prefix bool) []string {
-	for _, illegalName := range NameMayNotBe {
-		if name == illegalName {
-			return []string{fmt.Sprintf(`name may not be %q`, illegalName)}
-		}
-	}
-
-	for _, illegalContent := range NameMayNotContain {
-		if strings.Contains(name, illegalContent) {
-			return []string{fmt.Sprintf(`name may not contain %q`, illegalContent)}
-		}
-	}
-
-	return nil
-}
-
 // GetNameValidationFunc returns a name validation function that includes the standard restrictions we want for all types
 func GetNameValidationFunc(nameFunc validation.ValidateNameFunc) validation.ValidateNameFunc {
 	return func(name string, prefix bool) []string {
-		if reasons := MinimalNameRequirements(name, prefix); len(reasons) != 0 {
+		if reasons := validation.ValidatePathSegmentName(name, prefix); len(reasons) != 0 {
 			return reasons
 		}
 
diff --git a/pkg/api/validation/validation_test.go b/pkg/api/validation/validation_test.go
@@ -12,7 +12,6 @@ import (
 	ktypes "k8s.io/kubernetes/pkg/types"
 	"k8s.io/kubernetes/pkg/util/validation/field"
 
-	"github.com/openshift/origin/pkg/api"
 	authorizationapi "github.com/openshift/origin/pkg/authorization/api"
 )
 
@@ -51,15 +50,15 @@ func TestNameFunc(t *testing.T) {
 		apiObjectMeta := apiValue.Elem().FieldByName("ObjectMeta")
 
 		// check for illegal names
-		for _, illegalName := range api.NameMayNotBe {
+		for _, illegalName := range []string{".", ".."} {
 			apiObjectMeta.Set(reflect.ValueOf(kapi.ObjectMeta{Name: illegalName}))
 
 			errList := validationInfo.Validator.Validate(apiValue.Interface().(runtime.Object))
-			reasons := api.MinimalNameRequirements(illegalName, false)
+			reasons := validation.ValidatePathSegmentName(illegalName, false)
 			requiredMessage := strings.Join(reasons, ", ")
 
 			if len(errList) == 0 {
-				t.Errorf("expected error for %v in %v not found amongst %v.  You probably need to add api.MinimalNameRequirements to your name validator..", illegalName, apiType.Elem(), errList)
+				t.Errorf("expected error for %v in %v not found amongst %v.  You probably need to add validation.ValidatePathSegmentName to your name validator..", illegalName, apiType.Elem(), errList)
 				continue
 			}
 
@@ -73,30 +72,30 @@ func TestNameFunc(t *testing.T) {
 					foundExpectedError = true
 					break
 				}
-				// this message is from a stock name validation method in kube that covers our requirements in MinimalNameRequirements
+				// this message is from a stock name validation method in kube that covers our requirements in ValidatePathSegmentName
 				if validationError.Detail == nameRulesMessage {
 					foundExpectedError = true
 					break
 				}
 			}
 
 			if !foundExpectedError {
-				t.Errorf("expected error for %v in %v not found amongst %v.  You probably need to add api.MinimalNameRequirements to your name validator.", illegalName, apiType.Elem(), errList)
+				t.Errorf("expected error for %v in %v not found amongst %v.  You probably need to add validation.ValidatePathSegmentName to your name validator.", illegalName, apiType.Elem(), errList)
 			}
 		}
 
 		// check for illegal contents
-		for _, illegalContent := range api.NameMayNotContain {
+		for _, illegalContent := range []string{"/", "%"} {
 			illegalName := "a" + illegalContent + "b"
 
 			apiObjectMeta.Set(reflect.ValueOf(kapi.ObjectMeta{Name: illegalName}))
 
 			errList := validationInfo.Validator.Validate(apiValue.Interface().(runtime.Object))
-			reasons := api.MinimalNameRequirements(illegalName, false)
+			reasons := validation.ValidatePathSegmentName(illegalName, false)
 			requiredMessage := strings.Join(reasons, ", ")
 
 			if len(errList) == 0 {
-				t.Errorf("expected error for %v in %v not found amongst %v.  You probably need to add api.MinimalNameRequirements to your name validator.", illegalName, apiType.Elem(), errList)
+				t.Errorf("expected error for %v in %v not found amongst %v.  You probably need to add validation.ValidatePathSegmentName to your name validator.", illegalName, apiType.Elem(), errList)
 				continue
 			}
 
@@ -111,15 +110,15 @@ func TestNameFunc(t *testing.T) {
 					foundExpectedError = true
 					break
 				}
-				// this message is from a stock name validation method in kube that covers our requirements in MinimalNameRequirements
+				// this message is from a stock name validation method in kube that covers our requirements in ValidatePathSegmentName
 				if validationError.Detail == nameRulesMessage {
 					foundExpectedError = true
 					break
 				}
 			}
 
 			if !foundExpectedError {
-				t.Errorf("expected error for %v in %v not found amongst %v.  You probably need to add api.MinimalNameRequirements to your name validator.", illegalName, apiType.Elem(), errList)
+				t.Errorf("expected error for %v in %v not found amongst %v.  You probably need to add validation.ValidatePathSegmentName to your name validator.", illegalName, apiType.Elem(), errList)
 			}
 		}
 	}
@@ -141,7 +140,7 @@ func TestObjectMeta(t *testing.T) {
 		}
 
 		errList := validationInfo.Validator.Validate(apiValue.Interface().(runtime.Object))
-		requiredErrors := validation.ValidateObjectMeta(apiObjectMeta.Addr().Interface().(*kapi.ObjectMeta), validationInfo.IsNamespaced, api.MinimalNameRequirements, field.NewPath("metadata"))
+		requiredErrors := validation.ValidateObjectMeta(apiObjectMeta.Addr().Interface().(*kapi.ObjectMeta), validationInfo.IsNamespaced, validation.ValidatePathSegmentName, field.NewPath("metadata"))
 
 		if len(errList) == 0 {
 			t.Errorf("expected errors %v in %v not found amongst %v.  You probably need to call kube/validation.ValidateObjectMeta in your validator.", requiredErrors, apiType.Elem(), errList)
diff --git a/pkg/authorization/api/validation/validation.go b/pkg/authorization/api/validation/validation.go
@@ -9,7 +9,6 @@ import (
 	kvalidation "k8s.io/kubernetes/pkg/util/validation"
 	"k8s.io/kubernetes/pkg/util/validation/field"
 
-	oapi "github.com/openshift/origin/pkg/api"
 	authorizationapi "github.com/openshift/origin/pkg/authorization/api"
 	uservalidation "github.com/openshift/origin/pkg/user/api/validation"
 )
@@ -81,7 +80,7 @@ func ValidateLocalResourceAccessReview(review *authorizationapi.LocalResourceAcc
 }
 
 func ValidatePolicyName(name string, prefix bool) []string {
-	if reasons := oapi.MinimalNameRequirements(name, prefix); len(reasons) != 0 {
+	if reasons := validation.ValidatePathSegmentName(name, prefix); len(reasons) != 0 {
 		return reasons
 	}
 
@@ -137,7 +136,7 @@ func ValidatePolicyUpdate(policy *authorizationapi.Policy, oldPolicy *authorizat
 
 func PolicyBindingNameValidator(policyRefNamespace string) validation.ValidateNameFunc {
 	return func(name string, prefix bool) []string {
-		if reasons := oapi.MinimalNameRequirements(name, prefix); len(reasons) != 0 {
+		if reasons := validation.ValidatePathSegmentName(name, prefix); len(reasons) != 0 {
 			return reasons
 		}
 
@@ -227,7 +226,7 @@ func ValidateRole(role *authorizationapi.Role, isNamespaced bool) field.ErrorLis
 }
 
 func validateRole(role *authorizationapi.Role, isNamespaced bool, fldPath *field.Path) field.ErrorList {
-	return validation.ValidateObjectMeta(&role.ObjectMeta, isNamespaced, oapi.MinimalNameRequirements, fldPath.Child("metadata"))
+	return validation.ValidateObjectMeta(&role.ObjectMeta, isNamespaced, validation.ValidatePathSegmentName, fldPath.Child("metadata"))
 }
 
 func ValidateRoleUpdate(role *authorizationapi.Role, oldRole *authorizationapi.Role, isNamespaced bool) field.ErrorList {
@@ -259,7 +258,7 @@ func ValidateRoleBinding(roleBinding *authorizationapi.RoleBinding, isNamespaced
 
 func validateRoleBinding(roleBinding *authorizationapi.RoleBinding, isNamespaced bool, fldPath *field.Path) field.ErrorList {
 	allErrs := field.ErrorList{}
-	allErrs = append(allErrs, validation.ValidateObjectMeta(&roleBinding.ObjectMeta, isNamespaced, oapi.MinimalNameRequirements, fldPath.Child("metadata"))...)
+	allErrs = append(allErrs, validation.ValidateObjectMeta(&roleBinding.ObjectMeta, isNamespaced, validation.ValidatePathSegmentName, fldPath.Child("metadata"))...)
 
 	// roleRef namespace is empty when referring to global policy.
 	if (len(roleBinding.RoleRef.Namespace) > 0) && len(kvalidation.IsDNS1123Subdomain(roleBinding.RoleRef.Namespace)) != 0 {
@@ -269,7 +268,7 @@ func validateRoleBinding(roleBinding *authorizationapi.RoleBinding, isNamespaced
 	if len(roleBinding.RoleRef.Name) == 0 {
 		allErrs = append(allErrs, field.Required(fldPath.Child("roleRef", "name"), ""))
 	} else {
-		if reasons := oapi.MinimalNameRequirements(roleBinding.RoleRef.Name, false); len(reasons) != 0 {
+		if reasons := validation.ValidatePathSegmentName(roleBinding.RoleRef.Name, false); len(reasons) != 0 {
 			allErrs = append(allErrs, field.Invalid(fldPath.Child("roleRef", "name"), roleBinding.RoleRef.Name, strings.Join(reasons, ", ")))
 		}
 	}
diff --git a/pkg/build/api/validation/validation.go b/pkg/build/api/validation/validation.go
@@ -17,7 +17,6 @@ import (
 	kvalidation "k8s.io/kubernetes/pkg/util/validation"
 	"k8s.io/kubernetes/pkg/util/validation/field"
 
-	oapi "github.com/openshift/origin/pkg/api"
 	buildapi "github.com/openshift/origin/pkg/build/api"
 	"github.com/openshift/origin/pkg/build/api/v1"
 	buildutil "github.com/openshift/origin/pkg/build/util"
@@ -162,7 +161,7 @@ func ValidateBuildConfigUpdate(config *buildapi.BuildConfig, older *buildapi.Bui
 
 // ValidateBuildRequest validates a BuildRequest object
 func ValidateBuildRequest(request *buildapi.BuildRequest) field.ErrorList {
-	return validation.ValidateObjectMeta(&request.ObjectMeta, true, oapi.MinimalNameRequirements, field.NewPath("metadata"))
+	return validation.ValidateObjectMeta(&request.ObjectMeta, true, validation.ValidatePathSegmentName, field.NewPath("metadata"))
 }
 
 func validateCommonSpec(spec *buildapi.CommonSpec, fldPath *field.Path) field.ErrorList {
diff --git a/pkg/image/api/validation/validation.go b/pkg/image/api/validation/validation.go
@@ -14,7 +14,6 @@ import (
 	"k8s.io/kubernetes/pkg/util/diff"
 	"k8s.io/kubernetes/pkg/util/validation/field"
 
-	oapi "github.com/openshift/origin/pkg/api"
 	"github.com/openshift/origin/pkg/image/api"
 )
 
@@ -35,7 +34,7 @@ var RepositoryNameComponentAnchoredRegexp = regexp.MustCompile(`^` + RepositoryN
 var RepositoryNameRegexp = regexp.MustCompile(`(?:` + RepositoryNameComponentRegexp.String() + `/)*` + RepositoryNameComponentRegexp.String())
 
 func ValidateImageStreamName(name string, prefix bool) []string {
-	if reasons := oapi.MinimalNameRequirements(name, prefix); len(reasons) != 0 {
+	if reasons := validation.ValidatePathSegmentName(name, prefix); len(reasons) != 0 {
 		return reasons
 	}
 
@@ -51,7 +50,7 @@ func ValidateImage(image *api.Image) field.ErrorList {
 }
 
 func validateImage(image *api.Image, fldPath *field.Path) field.ErrorList {
-	result := validation.ValidateObjectMeta(&image.ObjectMeta, false, oapi.MinimalNameRequirements, fldPath.Child("metadata"))
+	result := validation.ValidateObjectMeta(&image.ObjectMeta, false, validation.ValidatePathSegmentName, fldPath.Child("metadata"))
 
 	if len(image.DockerImageReference) == 0 {
 		result = append(result, field.Required(fldPath.Child("dockerImageReference"), ""))
@@ -81,7 +80,7 @@ func ValidateImageSignature(signature *api.ImageSignature) field.ErrorList {
 }
 
 func validateImageSignature(signature *api.ImageSignature, fldPath *field.Path) field.ErrorList {
-	allErrs := validation.ValidateObjectMeta(&signature.ObjectMeta, false, oapi.MinimalNameRequirements, fldPath.Child("metadata"))
+	allErrs := validation.ValidateObjectMeta(&signature.ObjectMeta, false, validation.ValidatePathSegmentName, fldPath.Child("metadata"))
 	if len(signature.Labels) > 0 {
 		allErrs = append(allErrs, field.Forbidden(fldPath.Child("metadata").Child("labels"), "signature labels cannot be set"))
 	}
@@ -227,7 +226,7 @@ func ValidateImageStreamStatusUpdate(newStream, oldStream *api.ImageStream) fiel
 
 // ValidateImageStreamMapping tests required fields for an ImageStreamMapping.
 func ValidateImageStreamMapping(mapping *api.ImageStreamMapping) field.ErrorList {
-	result := validation.ValidateObjectMeta(&mapping.ObjectMeta, true, oapi.MinimalNameRequirements, field.NewPath("metadata"))
+	result := validation.ValidateObjectMeta(&mapping.ObjectMeta, true, validation.ValidatePathSegmentName, field.NewPath("metadata"))
 
 	hasRepository := len(mapping.DockerImageRepository) != 0
 	hasName := len(mapping.Name) != 0
@@ -256,7 +255,7 @@ func ValidateImageStreamMapping(mapping *api.ImageStreamMapping) field.ErrorList
 
 // ValidateImageStreamTag validates a mutation of an image stream tag, which can happen on PUT
 func ValidateImageStreamTag(ist *api.ImageStreamTag) field.ErrorList {
-	result := validation.ValidateObjectMeta(&ist.ObjectMeta, true, oapi.MinimalNameRequirements, field.NewPath("metadata"))
+	result := validation.ValidateObjectMeta(&ist.ObjectMeta, true, validation.ValidatePathSegmentName, field.NewPath("metadata"))
 	if ist.Tag != nil {
 		result = append(result, ValidateImageStreamTagReference(*ist.Tag, field.NewPath("tag"))...)
 		if ist.Tag.Annotations != nil && !kapi.Semantic.DeepEqual(ist.Tag.Annotations, ist.ObjectMeta.Annotations) {
diff --git a/pkg/image/api/validation/validation_test.go b/pkg/image/api/validation/validation_test.go
@@ -380,14 +380,14 @@ func TestValidateImageStream(t *testing.T) {
 			namespace: "foo",
 			name:      "foo/bar",
 			expected: field.ErrorList{
-				field.Invalid(field.NewPath("metadata", "name"), "foo/bar", `name may not contain "/"`),
+				field.Invalid(field.NewPath("metadata", "name"), "foo/bar", `may not contain '/'`),
 			},
 		},
 		"no percent in Name": {
 			namespace: "foo",
 			name:      "foo%%bar",
 			expected: field.ErrorList{
-				field.Invalid(field.NewPath("metadata", "name"), "foo%%bar", `name may not contain "%"`),
+				field.Invalid(field.NewPath("metadata", "name"), "foo%%bar", `may not contain '%'`),
 			},
 		},
 		"other invalid name": {
@@ -689,13 +689,13 @@ func TestValidateImageStreamImport(t *testing.T) {
 		"no slash in Name": {
 			isi: &api.ImageStreamImport{ObjectMeta: kapi.ObjectMeta{Namespace: "foo", Name: "foo/bar"}, Spec: validSpec},
 			expected: field.ErrorList{
-				field.Invalid(field.NewPath("metadata", "name"), "foo/bar", `name may not contain "/"`),
+				field.Invalid(field.NewPath("metadata", "name"), "foo/bar", `may not contain '/'`),
 			},
 		},
 		"no percent in Name": {
 			isi: &api.ImageStreamImport{ObjectMeta: kapi.ObjectMeta{Namespace: "foo", Name: "foo%%bar"}, Spec: validSpec},
 			expected: field.ErrorList{
-				field.Invalid(field.NewPath("metadata", "name"), "foo%%bar", `name may not contain "%"`),
+				field.Invalid(field.NewPath("metadata", "name"), "foo%%bar", `may not contain '%'`),
 			},
 		},
 		"other invalid name": {
diff --git a/pkg/oauth/api/validation/validation.go b/pkg/oauth/api/validation/validation.go
@@ -10,7 +10,6 @@ import (
 	"k8s.io/kubernetes/pkg/serviceaccount"
 	"k8s.io/kubernetes/pkg/util/validation/field"
 
-	oapi "github.com/openshift/origin/pkg/api"
 	authorizerscopes "github.com/openshift/origin/pkg/authorization/authorizer/scope"
 	"github.com/openshift/origin/pkg/oauth/api"
 	uservalidation "github.com/openshift/origin/pkg/user/api/validation"
@@ -28,7 +27,7 @@ const (
 var CodeChallengeMethodsSupported = []string{codeChallengeMethodPlain, codeChallengeMethodSHA256}
 
 func ValidateTokenName(name string, prefix bool) []string {
-	if reasons := oapi.MinimalNameRequirements(name, prefix); len(reasons) != 0 {
+	if reasons := validation.ValidatePathSegmentName(name, prefix); len(reasons) != 0 {
 		return reasons
 	}
 
@@ -187,7 +186,7 @@ func ValidateClientUpdate(client *api.OAuthClient, oldClient *api.OAuthClient) f
 }
 
 func ValidateClientAuthorizationName(name string, prefix bool) []string {
-	if reasons := oapi.MinimalNameRequirements(name, prefix); len(reasons) != 0 {
+	if reasons := validation.ValidatePathSegmentName(name, prefix); len(reasons) != 0 {
 		return reasons
 	}
 
@@ -305,7 +304,7 @@ func ValidateScopes(scopes []string, fldPath *field.Path) field.ErrorList {
 }
 
 func ValidateOAuthRedirectReference(sref *api.OAuthRedirectReference) field.ErrorList {
-	allErrs := validation.ValidateObjectMeta(&sref.ObjectMeta, true, oapi.MinimalNameRequirements, field.NewPath("metadata"))
+	allErrs := validation.ValidateObjectMeta(&sref.ObjectMeta, true, validation.ValidatePathSegmentName, field.NewPath("metadata"))
 	return append(allErrs, validateRedirectReference(&sref.Reference)...)
 }
 
@@ -314,7 +313,7 @@ func validateRedirectReference(ref *api.RedirectReference) field.ErrorList {
 	if len(ref.Name) == 0 {
 		allErrs = append(allErrs, field.Required(field.NewPath("name"), "may not be empty"))
 	} else {
-		for _, msg := range oapi.MinimalNameRequirements(ref.Name, false) {
+		for _, msg := range validation.ValidatePathSegmentName(ref.Name, false) {
 			allErrs = append(allErrs, field.Invalid(field.NewPath("name"), ref.Name, msg))
 		}
 	}
diff --git a/pkg/project/api/validation/validation.go b/pkg/project/api/validation/validation.go
@@ -7,14 +7,13 @@ import (
 	"k8s.io/kubernetes/pkg/api/validation"
 	"k8s.io/kubernetes/pkg/util/validation/field"
 
-	oapi "github.com/openshift/origin/pkg/api"
 	"github.com/openshift/origin/pkg/project/api"
 	projectapi "github.com/openshift/origin/pkg/project/api"
 	"github.com/openshift/origin/pkg/util/labelselector"
 )
 
 func ValidateProjectName(name string, prefix bool) []string {
-	if reasons := oapi.MinimalNameRequirements(name, prefix); len(reasons) != 0 {
+	if reasons := validation.ValidatePathSegmentName(name, prefix); len(reasons) != 0 {
 		return reasons
 	}
 
diff --git a/pkg/sdn/api/validation/validation.go b/pkg/sdn/api/validation/validation.go
@@ -6,13 +6,12 @@ import (
 	"k8s.io/kubernetes/pkg/api/validation"
 	"k8s.io/kubernetes/pkg/util/validation/field"
 
-	oapi "github.com/openshift/origin/pkg/api"
 	sdnapi "github.com/openshift/origin/pkg/sdn/api"
 )
 
 // ValidateClusterNetwork tests if required fields in the ClusterNetwork are set.
 func ValidateClusterNetwork(clusterNet *sdnapi.ClusterNetwork) field.ErrorList {
-	allErrs := validation.ValidateObjectMeta(&clusterNet.ObjectMeta, false, oapi.MinimalNameRequirements, field.NewPath("metadata"))
+	allErrs := validation.ValidateObjectMeta(&clusterNet.ObjectMeta, false, validation.ValidatePathSegmentName, field.NewPath("metadata"))
 
 	clusterIP, clusterIPNet, err := net.ParseCIDR(clusterNet.Network)
 	if err != nil {
@@ -83,7 +82,7 @@ func ValidateClusterNetworkUpdate(obj *sdnapi.ClusterNetwork, old *sdnapi.Cluste
 // ValidateHostSubnet tests fields for the host subnet, the host should be a network resolvable string,
 //  and subnet should be a valid CIDR
 func ValidateHostSubnet(hs *sdnapi.HostSubnet) field.ErrorList {
-	allErrs := validation.ValidateObjectMeta(&hs.ObjectMeta, false, oapi.MinimalNameRequirements, field.NewPath("metadata"))
+	allErrs := validation.ValidateObjectMeta(&hs.ObjectMeta, false, validation.ValidatePathSegmentName, field.NewPath("metadata"))
 
 	if hs.Subnet == "" {
 		// check if annotation exists, then let the Subnet field be empty
@@ -115,7 +114,7 @@ func ValidateHostSubnetUpdate(obj *sdnapi.HostSubnet, old *sdnapi.HostSubnet) fi
 
 // ValidateNetNamespace tests fields for a greater-than-zero NetID
 func ValidateNetNamespace(netnamespace *sdnapi.NetNamespace) field.ErrorList {
-	allErrs := validation.ValidateObjectMeta(&netnamespace.ObjectMeta, false, oapi.MinimalNameRequirements, field.NewPath("metadata"))
+	allErrs := validation.ValidateObjectMeta(&netnamespace.ObjectMeta, false, validation.ValidatePathSegmentName, field.NewPath("metadata"))
 
 	if err := sdnapi.ValidVNID(netnamespace.NetID); err != nil {
 		allErrs = append(allErrs, field.Invalid(field.NewPath("netID"), netnamespace.NetID, err.Error()))
@@ -131,7 +130,7 @@ func ValidateNetNamespaceUpdate(obj *sdnapi.NetNamespace, old *sdnapi.NetNamespa
 
 // ValidateEgressNetworkPolicy tests if required fields in the EgressNetworkPolicy are set.
 func ValidateEgressNetworkPolicy(policy *sdnapi.EgressNetworkPolicy) field.ErrorList {
-	allErrs := validation.ValidateObjectMeta(&policy.ObjectMeta, true, oapi.MinimalNameRequirements, field.NewPath("metadata"))
+	allErrs := validation.ValidateObjectMeta(&policy.ObjectMeta, true, validation.ValidatePathSegmentName, field.NewPath("metadata"))
 
 	for i, rule := range policy.Spec.Egress {
 		if rule.Type != sdnapi.EgressNetworkPolicyRuleAllow && rule.Type != sdnapi.EgressNetworkPolicyRuleDeny {
diff --git a/pkg/user/api/validation/validation.go b/pkg/user/api/validation/validation.go

Original file line number	Diff line number	Diff line change
`@@ -12,7 +12,6 @@ import (`
`12`	`12`	`ktypes "k8s.io/kubernetes/pkg/types"`
`13`	`13`	`"k8s.io/kubernetes/pkg/util/validation/field"`
`14`	`14`
`15`		`- "github.com/openshift/origin/pkg/api"`
`16`	`15`	`authorizationapi "github.com/openshift/origin/pkg/authorization/api"`
`17`	`16`	`)`
`18`	`17`
`@@ -51,15 +50,15 @@ func TestNameFunc(t *testing.T) {`
`51`	`50`	`apiObjectMeta := apiValue.Elem().FieldByName("ObjectMeta")`
`52`	`51`
`53`	`52`	`// check for illegal names`
`54`		`- for _, illegalName := range api.NameMayNotBe {`
	`53`	`+ for _, illegalName := range []string{".", ".."} {`
`55`	`54`	`apiObjectMeta.Set(reflect.ValueOf(kapi.ObjectMeta{Name: illegalName}))`
`56`	`55`
`57`	`56`	`errList := validationInfo.Validator.Validate(apiValue.Interface().(runtime.Object))`
`58`		`- reasons := api.MinimalNameRequirements(illegalName, false)`
	`57`	`+ reasons := validation.ValidatePathSegmentName(illegalName, false)`
`59`	`58`	`requiredMessage := strings.Join(reasons, ", ")`
`60`	`59`
`61`	`60`	`if len(errList) == 0 {`
`62`		`- t.Errorf("expected error for %v in %v not found amongst %v. You probably need to add api.MinimalNameRequirements to your name validator..", illegalName, apiType.Elem(), errList)`
	`61`	`+ t.Errorf("expected error for %v in %v not found amongst %v. You probably need to add validation.ValidatePathSegmentName to your name validator..", illegalName, apiType.Elem(), errList)`
`63`	`62`	`continue`
`64`	`63`	`}`
`65`	`64`
`@@ -73,30 +72,30 @@ func TestNameFunc(t *testing.T) {`
`73`	`72`	`foundExpectedError = true`
`74`	`73`	`break`
`75`	`74`	`}`
`76`		`- // this message is from a stock name validation method in kube that covers our requirements in MinimalNameRequirements`
	`75`	`+ // this message is from a stock name validation method in kube that covers our requirements in ValidatePathSegmentName`
`77`	`76`	`if validationError.Detail == nameRulesMessage {`
`78`	`77`	`foundExpectedError = true`
`79`	`78`	`break`
`80`	`79`	`}`
`81`	`80`	`}`
`82`	`81`
`83`	`82`	`if !foundExpectedError {`
`84`		`- t.Errorf("expected error for %v in %v not found amongst %v. You probably need to add api.MinimalNameRequirements to your name validator.", illegalName, apiType.Elem(), errList)`
	`83`	`+ t.Errorf("expected error for %v in %v not found amongst %v. You probably need to add validation.ValidatePathSegmentName to your name validator.", illegalName, apiType.Elem(), errList)`
`85`	`84`	`}`
`86`	`85`	`}`
`87`	`86`
`88`	`87`	`// check for illegal contents`
`89`		`- for _, illegalContent := range api.NameMayNotContain {`
	`88`	`+ for _, illegalContent := range []string{"/", "%"} {`
`90`	`89`	`illegalName := "a" + illegalContent + "b"`
`91`	`90`
`92`	`91`	`apiObjectMeta.Set(reflect.ValueOf(kapi.ObjectMeta{Name: illegalName}))`
`93`	`92`
`94`	`93`	`errList := validationInfo.Validator.Validate(apiValue.Interface().(runtime.Object))`
`95`		`- reasons := api.MinimalNameRequirements(illegalName, false)`
	`94`	`+ reasons := validation.ValidatePathSegmentName(illegalName, false)`
`96`	`95`	`requiredMessage := strings.Join(reasons, ", ")`
`97`	`96`
`98`	`97`	`if len(errList) == 0 {`
`99`		`- t.Errorf("expected error for %v in %v not found amongst %v. You probably need to add api.MinimalNameRequirements to your name validator.", illegalName, apiType.Elem(), errList)`
	`98`	`+ t.Errorf("expected error for %v in %v not found amongst %v. You probably need to add validation.ValidatePathSegmentName to your name validator.", illegalName, apiType.Elem(), errList)`
`100`	`99`	`continue`
`101`	`100`	`}`
`102`	`101`
`@@ -111,15 +110,15 @@ func TestNameFunc(t *testing.T) {`
`111`	`110`	`foundExpectedError = true`
`112`	`111`	`break`
`113`	`112`	`}`
`114`		`- // this message is from a stock name validation method in kube that covers our requirements in MinimalNameRequirements`
	`113`	`+ // this message is from a stock name validation method in kube that covers our requirements in ValidatePathSegmentName`
`115`	`114`	`if validationError.Detail == nameRulesMessage {`
`116`	`115`	`foundExpectedError = true`
`117`	`116`	`break`
`118`	`117`	`}`
`119`	`118`	`}`
`120`	`119`
`121`	`120`	`if !foundExpectedError {`
`122`		`- t.Errorf("expected error for %v in %v not found amongst %v. You probably need to add api.MinimalNameRequirements to your name validator.", illegalName, apiType.Elem(), errList)`
	`121`	`+ t.Errorf("expected error for %v in %v not found amongst %v. You probably need to add validation.ValidatePathSegmentName to your name validator.", illegalName, apiType.Elem(), errList)`
`123`	`122`	`}`
`124`	`123`	`}`
`125`	`124`	`}`
`@@ -141,7 +140,7 @@ func TestObjectMeta(t *testing.T) {`
`141`	`140`	`}`
`142`	`141`
`143`	`142`	`errList := validationInfo.Validator.Validate(apiValue.Interface().(runtime.Object))`
`144`		`- requiredErrors := validation.ValidateObjectMeta(apiObjectMeta.Addr().Interface().(*kapi.ObjectMeta), validationInfo.IsNamespaced, api.MinimalNameRequirements, field.NewPath("metadata"))`
	`143`	`+ requiredErrors := validation.ValidateObjectMeta(apiObjectMeta.Addr().Interface().(*kapi.ObjectMeta), validationInfo.IsNamespaced, validation.ValidatePathSegmentName, field.NewPath("metadata"))`
`145`	`144`
`146`	`145`	`if len(errList) == 0 {`
`147`	`146`	`t.Errorf("expected errors %v in %v not found amongst %v. You probably need to call kube/validation.ValidateObjectMeta in your validator.", requiredErrors, apiType.Elem(), errList)`
Original file line number	Diff line number	Diff line change
`@@ -9,7 +9,6 @@ import (`
`9`	`9`	`kvalidation "k8s.io/kubernetes/pkg/util/validation"`
`10`	`10`	`"k8s.io/kubernetes/pkg/util/validation/field"`
`11`	`11`
`12`		`- oapi "github.com/openshift/origin/pkg/api"`
`13`	`12`	`authorizationapi "github.com/openshift/origin/pkg/authorization/api"`
`14`	`13`	`uservalidation "github.com/openshift/origin/pkg/user/api/validation"`
`15`	`14`	`)`
`@@ -81,7 +80,7 @@ func ValidateLocalResourceAccessReview(review *authorizationapi.LocalResourceAcc`
`81`	`80`	`}`
`82`	`81`
`83`	`82`	`func ValidatePolicyName(name string, prefix bool) []string {`
`84`		`- if reasons := oapi.MinimalNameRequirements(name, prefix); len(reasons) != 0 {`
	`83`	`+ if reasons := validation.ValidatePathSegmentName(name, prefix); len(reasons) != 0 {`
`85`	`84`	`return reasons`
`86`	`85`	`}`
`87`	`86`
`@@ -137,7 +136,7 @@ func ValidatePolicyUpdate(policy authorizationapi.Policy, oldPolicy authorizat`
`137`	`136`
`138`	`137`	`func PolicyBindingNameValidator(policyRefNamespace string) validation.ValidateNameFunc {`
`139`	`138`	`return func(name string, prefix bool) []string {`
`140`		`- if reasons := oapi.MinimalNameRequirements(name, prefix); len(reasons) != 0 {`
	`139`	`+ if reasons := validation.ValidatePathSegmentName(name, prefix); len(reasons) != 0 {`
`141`	`140`	`return reasons`
`142`	`141`	`}`
`143`	`142`
`@@ -227,7 +226,7 @@ func ValidateRole(role *authorizationapi.Role, isNamespaced bool) field.ErrorLis`
`227`	`226`	`}`
`228`	`227`
`229`	`228`	`func validateRole(role authorizationapi.Role, isNamespaced bool, fldPath field.Path) field.ErrorList {`
`230`		`- return validation.ValidateObjectMeta(&role.ObjectMeta, isNamespaced, oapi.MinimalNameRequirements, fldPath.Child("metadata"))`
	`229`	`+ return validation.ValidateObjectMeta(&role.ObjectMeta, isNamespaced, validation.ValidatePathSegmentName, fldPath.Child("metadata"))`
`231`	`230`	`}`
`232`	`231`
`233`	`232`	`func ValidateRoleUpdate(role authorizationapi.Role, oldRole authorizationapi.Role, isNamespaced bool) field.ErrorList {`
`@@ -259,7 +258,7 @@ func ValidateRoleBinding(roleBinding *authorizationapi.RoleBinding, isNamespaced`
`259`	`258`
`260`	`259`	`func validateRoleBinding(roleBinding authorizationapi.RoleBinding, isNamespaced bool, fldPath field.Path) field.ErrorList {`
`261`	`260`	`allErrs := field.ErrorList{}`
`262`		`- allErrs = append(allErrs, validation.ValidateObjectMeta(&roleBinding.ObjectMeta, isNamespaced, oapi.MinimalNameRequirements, fldPath.Child("metadata"))...)`
	`261`	`+ allErrs = append(allErrs, validation.ValidateObjectMeta(&roleBinding.ObjectMeta, isNamespaced, validation.ValidatePathSegmentName, fldPath.Child("metadata"))...)`
`263`	`262`
`264`	`263`	`// roleRef namespace is empty when referring to global policy.`
`265`	`264`	`if (len(roleBinding.RoleRef.Namespace) > 0) && len(kvalidation.IsDNS1123Subdomain(roleBinding.RoleRef.Namespace)) != 0 {`
`@@ -269,7 +268,7 @@ func validateRoleBinding(roleBinding *authorizationapi.RoleBinding, isNamespaced`
`269`	`268`	`if len(roleBinding.RoleRef.Name) == 0 {`
`270`	`269`	`allErrs = append(allErrs, field.Required(fldPath.Child("roleRef", "name"), ""))`
`271`	`270`	`} else {`
`272`		`- if reasons := oapi.MinimalNameRequirements(roleBinding.RoleRef.Name, false); len(reasons) != 0 {`
	`271`	`+ if reasons := validation.ValidatePathSegmentName(roleBinding.RoleRef.Name, false); len(reasons) != 0 {`
`273`	`272`	`allErrs = append(allErrs, field.Invalid(fldPath.Child("roleRef", "name"), roleBinding.RoleRef.Name, strings.Join(reasons, ", ")))`
`274`	`273`	`}`
`275`	`274`	`}`
Original file line number	Diff line number	Diff line change
`@@ -10,7 +10,6 @@ import (`
`10`	`10`	`"k8s.io/kubernetes/pkg/serviceaccount"`
`11`	`11`	`"k8s.io/kubernetes/pkg/util/validation/field"`
`12`	`12`
`13`		`- oapi "github.com/openshift/origin/pkg/api"`
`14`	`13`	`authorizerscopes "github.com/openshift/origin/pkg/authorization/authorizer/scope"`
`15`	`14`	`"github.com/openshift/origin/pkg/oauth/api"`
`16`	`15`	`uservalidation "github.com/openshift/origin/pkg/user/api/validation"`
`@@ -28,7 +27,7 @@ const (`
`28`	`27`	`var CodeChallengeMethodsSupported = []string{codeChallengeMethodPlain, codeChallengeMethodSHA256}`
`29`	`28`
`30`	`29`	`func ValidateTokenName(name string, prefix bool) []string {`
`31`		`- if reasons := oapi.MinimalNameRequirements(name, prefix); len(reasons) != 0 {`
	`30`	`+ if reasons := validation.ValidatePathSegmentName(name, prefix); len(reasons) != 0 {`
`32`	`31`	`return reasons`
`33`	`32`	`}`
`34`	`33`
`@@ -187,7 +186,7 @@ func ValidateClientUpdate(client api.OAuthClient, oldClient api.OAuthClient) f`
`187`	`186`	`}`
`188`	`187`
`189`	`188`	`func ValidateClientAuthorizationName(name string, prefix bool) []string {`
`190`		`- if reasons := oapi.MinimalNameRequirements(name, prefix); len(reasons) != 0 {`
	`189`	`+ if reasons := validation.ValidatePathSegmentName(name, prefix); len(reasons) != 0 {`
`191`	`190`	`return reasons`
`192`	`191`	`}`
`193`	`192`
`@@ -305,7 +304,7 @@ func ValidateScopes(scopes []string, fldPath *field.Path) field.ErrorList {`
`305`	`304`	`}`
`306`	`305`
`307`	`306`	`func ValidateOAuthRedirectReference(sref *api.OAuthRedirectReference) field.ErrorList {`
`308`		`- allErrs := validation.ValidateObjectMeta(&sref.ObjectMeta, true, oapi.MinimalNameRequirements, field.NewPath("metadata"))`
	`307`	`+ allErrs := validation.ValidateObjectMeta(&sref.ObjectMeta, true, validation.ValidatePathSegmentName, field.NewPath("metadata"))`
`309`	`308`	`return append(allErrs, validateRedirectReference(&sref.Reference)...)`
`310`	`309`	`}`
`311`	`310`
`@@ -314,7 +313,7 @@ func validateRedirectReference(ref *api.RedirectReference) field.ErrorList {`
`314`	`313`	`if len(ref.Name) == 0 {`
`315`	`314`	`allErrs = append(allErrs, field.Required(field.NewPath("name"), "may not be empty"))`
`316`	`315`	`} else {`
`317`		`- for _, msg := range oapi.MinimalNameRequirements(ref.Name, false) {`
	`316`	`+ for _, msg := range validation.ValidatePathSegmentName(ref.Name, false) {`
`318`	`317`	`allErrs = append(allErrs, field.Invalid(field.NewPath("name"), ref.Name, msg))`
`319`	`318`	`}`
`320`	`319`	`}`
Original file line number	Diff line number	Diff line change
`@@ -7,14 +7,13 @@ import (`
`7`	`7`	`"k8s.io/kubernetes/pkg/api/validation"`
`8`	`8`	`"k8s.io/kubernetes/pkg/util/validation/field"`
`9`	`9`
`10`		`- oapi "github.com/openshift/origin/pkg/api"`
`11`	`10`	`"github.com/openshift/origin/pkg/project/api"`
`12`	`11`	`projectapi "github.com/openshift/origin/pkg/project/api"`
`13`	`12`	`"github.com/openshift/origin/pkg/util/labelselector"`
`14`	`13`	`)`
`15`	`14`
`16`	`15`	`func ValidateProjectName(name string, prefix bool) []string {`
`17`		`- if reasons := oapi.MinimalNameRequirements(name, prefix); len(reasons) != 0 {`
	`16`	`+ if reasons := validation.ValidatePathSegmentName(name, prefix); len(reasons) != 0 {`
`18`	`17`	`return reasons`
`19`	`18`	`}`
`20`	`19`