validation

package
v0.20.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 14, 2026 License: Apache-2.0 Imports: 6 Imported by: 0

Documentation

Overview

Package validation provides validation functionality for the ToolHive operator.

Index

Constants

View Source 
const (

	// OIDCCABundleVolumePrefix is the prefix used for OIDC CA bundle volume names.
	// Used by controllerutil/oidc_volumes.go when creating volumes.
	OIDCCABundleVolumePrefix = "oidc-ca-bundle-"

	// OIDCCABundleMountBasePath is the base path where OIDC CA bundle ConfigMaps are mounted.
	// The full mount path is: OIDCCABundleMountBasePath + "/" + configMapName
	// The full file path is: OIDCCABundleMountBasePath + "/" + configMapName + "/" + key
	// Used by both controllerutil/oidc_volumes.go and oidc/resolver.go.
	OIDCCABundleMountBasePath = "/config/certs"

	// OIDCCABundleDefaultKey is the default key name used when not specified in caBundleRef.
	OIDCCABundleDefaultKey = "ca.crt"
)
View Source 
const (
	// TelemetryCABundleVolumePrefix is the prefix used for telemetry CA bundle volume names.
	TelemetryCABundleVolumePrefix = "otel-ca-bundle-"

	// TelemetryCABundleMountBasePath is the base path where telemetry CA bundle ConfigMaps are mounted.
	// The full mount path is: TelemetryCABundleMountBasePath + "/" + configMapName
	// The full file path is: TelemetryCABundleMountBasePath + "/" + configMapName + "/" + key
	TelemetryCABundleMountBasePath = "/config/certs/otel"

	// TelemetryCABundleDefaultKey is the default key name used when not specified in caBundleRef.
	TelemetryCABundleDefaultKey = "ca.crt"
)

Variables

This section is empty.

Functions

func ValidateCABundleSource added in v0.8.1 

func ValidateCABundleSource(ref *mcpv1alpha1.CABundleSource) error

ValidateCABundleSource validates the CABundleSource configuration. It ensures that configMapRef is specified when CABundleRef is provided, and that the ConfigMap name is short enough to fit in a Kubernetes volume name. Returns nil if ref is nil (no CA bundle configured).

func ValidateCedarPolicies added in v0.12.2 

func ValidateCedarPolicies(policies []string) error

ValidateCedarPolicies validates the syntax of each Cedar policy string in the provided slice. It returns an error for the first policy that fails to parse, or nil if all policies are valid (including when the slice is empty or nil).

func ValidateJWKSURL added in v0.12.2 

func ValidateJWKSURL(rawURL string) error

ValidateJWKSURL validates that rawURL, if non-empty, is a well-formed HTTPS URL with a non-empty host. JWKS endpoints serve key material and must use HTTPS. An empty rawURL is allowed because JWKS discovery can determine the endpoint automatically.

func ValidateOIDCIssuerURL added in v0.11.1 

func ValidateOIDCIssuerURL(issuer string, allowInsecure bool) error

ValidateOIDCIssuerURL validates that an OIDC issuer URL is well-formed and uses HTTPS. If allowInsecure is true, HTTP scheme is permitted (for development/testing only). Returns nil if the issuer is empty (nothing to validate).

func ValidateRemoteURL added in v0.12.2 

func ValidateRemoteURL(rawURL string) error

ValidateRemoteURL validates that rawURL is a well-formed HTTP or HTTPS URL with a non-empty host. It also rejects URLs targeting internal/metadata endpoints to prevent SSRF. No network calls or DNS resolution is performed.

Types

This section is empty.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.