Documentation
¶
Index ¶
- Constants
- Variables
- func DenyForbiddenDevicePath(p string) error
- func FormatInvalidError(input, path, errorMsg string) []error
- func ValidateAnnotations(annotations *map[string]string) []error
- func ValidateBase64Field(s string, path string, maxLen int) []error
- func ValidateBearerToken(token *string, path string) []error
- func ValidateCSR(csr []byte) []error
- func ValidateCSRUsages(u *[]string) []error
- func ValidateCSRWithTCGSupport(csr []byte) []error
- func ValidateComposePaths(paths []string) error
- func ValidateComposeSpec(spec *common.ComposeSpec, fleetTemplate bool) []error
- func ValidateExpirationSeconds(e *int32) []error
- func ValidateFileOrDirectoryPath(s *string, path string) []error
- func ValidateFilePath(s *string, path string) []error
- func ValidateGenericName(name *string, path string) []error
- func ValidateGitRevision(name *string, path string) []error
- func ValidateHostnameOrFQDN(name *string, path string) []error
- func ValidateLabels(labels *map[string]string) []error
- func ValidateLabelsWithPath(labels *map[string]string, path string) []error
- func ValidateLinuxFileMode(m *int, path string) []error
- func ValidateLinuxUserGroup(s *string, path string) []error
- func ValidateOCIReferenceStrict(s *string, path string, fleetTemplate bool) []error
- func ValidateOciImageReference(s *string, path string) []error
- func ValidateOciImageReferenceStrict(s *string, path string) []error
- func ValidateOciImageReferenceWithTemplates(s *string, path string) []error
- func ValidateQuadletCrossReferences(specs map[string]*common.QuadletReferences) []error
- func ValidateQuadletNames(specs map[string]*common.QuadletReferences) []error
- func ValidateQuadletPaths(paths []string) error
- func ValidateQuadletSpec(spec *common.QuadletReferences, path string, fleetTemplate bool) []error
- func ValidateRelativePath(s *string, path string, maxLength int) []error
- func ValidateResourceName(name *string) []error
- func ValidateResourceNameReference(name *string, path string) []error
- func ValidateResourceOwner(owner *string, kind *string) []error
- func ValidateSignerName(s string) []error
- func ValidateStandaloneConfig(config *standalone.Config) []error
- func ValidateString(s *string, path string, minLen int, maxLen int, patternRegexp *regexp.Regexp, ...) []error
- func ValidateStringMap(m *map[string]string, path string, minLen int, maxLen int, ...) []error
- func ValidateSystemdName(name *string, path string) []error
- type ComposePathType
Constants ¶
const ( Dns1123LabelFmt string = `[a-z0-9]([-a-z0-9]*[a-z0-9])?` DNS1123MaxLength int = 253 HostnameOrFQDNFmt string = `(` + Dns1123LabelFmt + `\.)*` + hostnameOrFQDNLastLabelFmt )
const ( OciImageDomainFmt string = ociDomainCompFmt + `(?:[.]` + ociDomainCompFmt + `)*` + `(?::[0-9]+)?` OciImageNameFmt string = `(?:` + OciImageDomainFmt + `\/)?` + ociNameCompFmt + `(?:\/` + ociNameCompFmt + `)*` OciImageTagFmt string = `[\w][\w.-]{0,127}` OciImageDigestFmt string = `[A-Za-z][A-Za-z0-9]*(?:[-_+.][A-Za-z][A-Za-z0-9]*)*[:][[:xdigit:]]{32,}` OciImageReferenceFmt string = `(` + OciImageNameFmt + `)(?:\:(` + OciImageTagFmt + `))?(?:\@(` + OciImageDigestFmt + `))?` OciImageReferenceMaxLength int = 2048 // short names (nginx:latest) are forbidden with strict mode StrictOciImageNameFmt string = OciImageDomainFmt + `\/` + ociNameCompFmt + `(?:\/` + ociNameCompFmt + `)*` StrictOciImageReferenceFmt string = `(` + StrictOciImageNameFmt + `)(?:\:(` + OciImageTagFmt + `))?(?:\@(` + OciImageDigestFmt + `))?` // OCI image reference with a templated tag and optional digest: // <name> ":" <templatedTag> [ "@" <digest> ] OciImageReferenceWithTemplatesFmt = `(` + OciImageNameFmt + `)(?:\:` + templatedTagFmt + `)(?:\@(` + OciImageDigestFmt + `))?` )
const ( // as per https://docs.github.com/en/get-started/using-git/dealing-with-special-characters-in-branch-and-tag-names#naming-branches-and-tags GitRevisionFmt string = `[a-zA-Z0-9]([a-zA-Z0-9\.\-\_\/])*` // GitHub limits to 255 minus "refs/heads/" GitRevisionMaxLength int = 244 )
const ( // SystemD unit pattern supports all allowed formats for unit files and glob searches // This includes templated services (e.g., foo@.service, foo@bar.service) // and glob patterns (e.g., foo*.service, foo[0-9].service) SystemdNameFmt string = `[0-9a-zA-Z:\-_.\\\[\]!\-\*\?]+(@[0-9a-zA-Z:\-_.\\\[\]!\-\*\?]+)?(\.[a-zA-Z\[\]!\-\*\?]+)?` SystemDNameMaxLength int = 256 // SystemD unit names are limited to 256 characters )
Variables ¶
var ( GenericNameRegexp = regexp.MustCompile("^" + Dns1123LabelFmt + "$") EnvVarNameRegexp = regexp.MustCompile("^" + envVarNameFmt + "$") HostnameOrFQDNRegexp = regexp.MustCompile("^" + HostnameOrFQDNFmt + "$") )
var ( OciImageReferenceRegexp = regexp.MustCompile("^" + OciImageReferenceFmt + "$") StrictOciImageReferenceRegexp = regexp.MustCompile("^" + StrictOciImageReferenceFmt + "$") OciImageReferenceWithTemplatesRegexp = regexp.MustCompile("^" + OciImageReferenceWithTemplatesFmt + "$") )
var (
ErrForbiddenDevicePath = errors.New("forbidden device path")
)
var ErrHardCodedContainerName = errors.New("hardcoded container_name")
var GitRevisionRegexp = regexp.MustCompile("^" + GitRevisionFmt + "$")
var SystemdNameRegexp = regexp.MustCompile("^" + SystemdNameFmt + "$")
Functions ¶
func DenyForbiddenDevicePath ¶ added in v1.0.0
DenyForbiddenDevicePath validates that the given device path does not target agent-managed or read-only directories/files that must not be written by config providers. Denied paths:
- /var/lib/flightctl (and all subpaths)
- /usr/lib/flightctl (and all subpaths)
- /etc/flightctl/certs (and all subpaths)
- /etc/flightctl/config.yaml (file itself)
- /etc/flightctl/config.yml (file itself)
The check denies the exact file and the roots listed above and any subpath under those roots.
func FormatInvalidError ¶ added in v0.4.0
func ValidateAnnotations ¶
ValidateAnnotations validates that a set of annotations are valid K8s annotations.
func ValidateBearerToken ¶
func ValidateCSR ¶
func ValidateCSRUsages ¶
func ValidateCSRWithTCGSupport ¶ added in v0.9.0
func ValidateComposePaths ¶ added in v0.6.0
func ValidateComposeSpec ¶ added in v0.6.0
func ValidateComposeSpec(spec *common.ComposeSpec, fleetTemplate bool) []error
ValidateComposeSpec verifies the ComposeSpec for common issues.
func ValidateExpirationSeconds ¶
TODO: this should log a warning if less than minExpirationSeconds using the configured logger
func ValidateFileOrDirectoryPath ¶ added in v0.4.0
func ValidateFilePath ¶ added in v0.3.0
func ValidateGenericName ¶
func ValidateGitRevision ¶
func ValidateHostnameOrFQDN ¶ added in v1.0.0
func ValidateLabels ¶
ValidateLabels validates that a set of labels are valid K8s labels.
func ValidateLabelsWithPath ¶
ValidateLabelsWithPath validates that a set of labels are valid K8s labels, with fieldPath being the path to the label field.
func ValidateLinuxFileMode ¶ added in v0.3.0
func ValidateLinuxUserGroup ¶ added in v0.3.0
func ValidateOCIReferenceStrict ¶ added in v1.0.0
ValidateOCIReferenceStrict validates the supplied image depending on the source of the validation If it's a fleet, template validation will occur, but for devices, strict reference checking is applied
func ValidateOciImageReference ¶
Validates an OCI image reference.
func ValidateOciImageReferenceStrict ¶ added in v0.6.0
Validates an OCI image reference in strict mode. This mode forbids short names (nginx:latest) and requires a domain name.
func ValidateOciImageReferenceWithTemplates ¶ added in v1.0.0
Validates an OCI image reference that can contain template parameters.
func ValidateQuadletCrossReferences ¶ added in v1.0.0
func ValidateQuadletCrossReferences(specs map[string]*common.QuadletReferences) []error
ValidateQuadletCrossReferences validates that all quadlet file references within an application actually exist in the application's defined files. This ensures that quadlet files don't reference other quadlet files that aren't part of the same application (since applications are namespaced).
func ValidateQuadletNames ¶ added in v1.0.0
func ValidateQuadletNames(specs map[string]*common.QuadletReferences) []error
ValidateQuadletNames ensures custom quadlet names are unique.
func ValidateQuadletPaths ¶ added in v1.0.0
ValidateQuadletPaths validates a list of paths for inline quadlet applications
func ValidateQuadletSpec ¶ added in v1.0.0
func ValidateQuadletSpec(spec *common.QuadletReferences, path string, fleetTemplate bool) []error
ValidateQuadletSpec verifies the QuadletSpec for common issues. When fleetTemplate is true, template expressions like {{ .metadata.labels.x }} are allowed in image references.
func ValidateRelativePath ¶ added in v0.6.0
func ValidateResourceName ¶
ValidateResourceName validates that metadata.name is not empty and is a valid name in K8s.
func ValidateResourceNameReference ¶ added in v0.2.0
ValidateResourceRef validates that metadata.name is not empty and is a valid name in K8s.
func ValidateResourceOwner ¶ added in v0.6.0
ValidateResourceOwner validates that metadata.owner is not empty and is a valid reference.
func ValidateSignerName ¶
Currently every request is sent to the only signer, named "ca" and defined in cmd/flightctl-api/main.go
func ValidateStandaloneConfig ¶ added in v1.0.0
func ValidateStandaloneConfig(config *standalone.Config) []error
func ValidateString ¶
func ValidateString(s *string, path string, minLen int, maxLen int, patternRegexp *regexp.Regexp, patternFmt string, patternExample ...string) []error
ValidateString validates that a string has a length between minLen and maxLen, and matches the provided pattern.
func ValidateStringMap ¶ added in v0.3.0
func ValidateStringMap(m *map[string]string, path string, minLen int, maxLen int, keyPatternRegexp, valuePatternRegexp *regexp.Regexp, patternFmt string, patternExample ...string) []error
ValidateStringMap validates that the k,v elements in a map are correctly defined as a string.
func ValidateSystemdName ¶ added in v0.9.0
Types ¶
type ComposePathType ¶ added in v0.6.0
type ComposePathType int
const ( InvalidCompose ComposePathType = iota BaseCompose OverrideCompose )
Source Files