本文整理汇总了Golang中github.com/ttysteale/kubernetes-api/util/validation/field.NewPath函数的典型用法代码示例。如果您正苦于以下问题:Golang NewPath函数的具体用法?Golang NewPath怎么用?Golang NewPath使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了NewPath函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Golang代码示例。
示例1: Validate
// Validate ensures that the specified values fall within the range of the strategy.
func (s *mustRunAs) Validate(pod *api.Pod, container *api.Container) field.ErrorList {
allErrs := field.ErrorList{}
if container.SecurityContext == nil {
detail := fmt.Sprintf("unable to validate nil security context for %s", container.Name)
allErrs = append(allErrs, field.Invalid(field.NewPath("securityContext"), container.SecurityContext, detail))
return allErrs
}
if container.SecurityContext.SELinuxOptions == nil {
detail := fmt.Sprintf("unable to validate nil seLinuxOptions for %s", container.Name)
allErrs = append(allErrs, field.Invalid(field.NewPath("seLinuxOptions"), container.SecurityContext.SELinuxOptions, detail))
return allErrs
}
seLinuxOptionsPath := field.NewPath("seLinuxOptions")
seLinux := container.SecurityContext.SELinuxOptions
if seLinux.Level != s.opts.SELinuxOptions.Level {
detail := fmt.Sprintf("seLinuxOptions.level on %s does not match required level. Found %s, wanted %s", container.Name, seLinux.Level, s.opts.SELinuxOptions.Level)
allErrs = append(allErrs, field.Invalid(seLinuxOptionsPath.Child("level"), seLinux.Level, detail))
}
if seLinux.Role != s.opts.SELinuxOptions.Role {
detail := fmt.Sprintf("seLinuxOptions.role on %s does not match required role. Found %s, wanted %s", container.Name, seLinux.Role, s.opts.SELinuxOptions.Role)
allErrs = append(allErrs, field.Invalid(seLinuxOptionsPath.Child("role"), seLinux.Role, detail))
}
if seLinux.Type != s.opts.SELinuxOptions.Type {
detail := fmt.Sprintf("seLinuxOptions.type on %s does not match required type. Found %s, wanted %s", container.Name, seLinux.Type, s.opts.SELinuxOptions.Type)
allErrs = append(allErrs, field.Invalid(seLinuxOptionsPath.Child("type"), seLinux.Type, detail))
}
if seLinux.User != s.opts.SELinuxOptions.User {
detail := fmt.Sprintf("seLinuxOptions.user on %s does not match required user. Found %s, wanted %s", container.Name, seLinux.User, s.opts.SELinuxOptions.User)
allErrs = append(allErrs, field.Invalid(seLinuxOptionsPath.Child("user"), seLinux.User, detail))
}
return allErrs
}示例2: TestValidateAllowedVolumes
// TestValidateAllowedVolumes will test that for every field of VolumeSource we can create
// a pod with that type of volume and deny it, accept it explicitly, or accept it with
// the FSTypeAll wildcard.
func TestValidateAllowedVolumes(t *testing.T) {
val := reflect.ValueOf(api.VolumeSource{})
for i := 0; i < val.NumField(); i++ {
// reflectively create the volume source
fieldVal := val.Type().Field(i)
volumeSource := api.VolumeSource{}
volumeSourceVolume := reflect.New(fieldVal.Type.Elem())
reflect.ValueOf(&volumeSource).Elem().FieldByName(fieldVal.Name).Set(volumeSourceVolume)
volume := api.Volume{VolumeSource: volumeSource}
// sanity check before moving on
fsType, err := psputil.GetVolumeFSType(volume)
if err != nil {
t.Errorf("error getting FSType for %s: %s", fieldVal.Name, err.Error())
continue
}
// add the volume to the pod
pod := defaultPod()
pod.Spec.Volumes = []api.Volume{volume}
// create a PSP that allows no volumes
psp := defaultPSP()
provider, err := NewSimpleProvider(psp, "namespace", NewSimpleStrategyFactory())
if err != nil {
t.Errorf("error creating provider for %s: %s", fieldVal.Name, err.Error())
continue
}
// expect a denial for this PSP and test the error message to ensure it's related to the volumesource
errs := provider.ValidateContainerSecurityContext(pod, &pod.Spec.Containers[0], field.NewPath(""))
if len(errs) != 1 {
t.Errorf("expected exactly 1 error for %s but got %v", fieldVal.Name, errs)
} else {
if !strings.Contains(errs.ToAggregate().Error(), fmt.Sprintf("%s volumes are not allowed to be used", fsType)) {
t.Errorf("did not find the expected error, received: %v", errs)
}
}
// now add the fstype directly to the psp and it should validate
psp.Spec.Volumes = []extensions.FSType{fsType}
errs = provider.ValidateContainerSecurityContext(pod, &pod.Spec.Containers[0], field.NewPath(""))
if len(errs) != 0 {
t.Errorf("directly allowing volume expected no errors for %s but got %v", fieldVal.Name, errs)
}
// now change the psp to allow any volumes and the pod should still validate
psp.Spec.Volumes = []extensions.FSType{extensions.All}
errs = provider.ValidateContainerSecurityContext(pod, &pod.Spec.Containers[0], field.NewPath(""))
if len(errs) != 0 {
t.Errorf("wildcard volume expected no errors for %s but got %v", fieldVal.Name, errs)
}
}
}示例3: filterInvalidPods
func filterInvalidPods(pods []*api.Pod, source string, recorder record.EventRecorder) (filtered []*api.Pod) {
names := sets.String{}
for i, pod := range pods {
var errlist field.ErrorList
if errs := validation.ValidatePod(pod); len(errs) != 0 {
errlist = append(errlist, errs...)
// If validation fails, don't trust it any further -
// even Name could be bad.
} else {
name := kubecontainer.GetPodFullName(pod)
if names.Has(name) {
// TODO: when validation becomes versioned, this gets a bit
// more complicated.
errlist = append(errlist, field.Duplicate(field.NewPath("metadata", "name"), pod.Name))
} else {
names.Insert(name)
}
}
if len(errlist) > 0 {
name := bestPodIdentString(pod)
err := errlist.ToAggregate()
glog.Warningf("Pod[%d] (%s) from %s failed validation, ignoring: %v", i+1, name, source, err)
recorder.Eventf(pod, api.EventTypeWarning, kubecontainer.FailedValidation, "Error validating pod %s from %s, ignoring: %v", name, source, err)
continue
}
filtered = append(filtered, pod)
}
return
}示例4: TestValidateSelfSAR
func TestValidateSelfSAR(t *testing.T) {
successCases := []authorizationapi.SelfSubjectAccessReviewSpec{
{ResourceAttributes: &authorizationapi.ResourceAttributes{}},
}
for _, successCase := range successCases {
if errs := ValidateSelfSubjectAccessReviewSpec(successCase, field.NewPath("spec")); len(errs) != 0 {
t.Errorf("expected success: %v", errs)
}
}
errorCases := []struct {
name string
obj authorizationapi.SelfSubjectAccessReviewSpec
msg string
}{
{
name: "neither request",
obj: authorizationapi.SelfSubjectAccessReviewSpec{},
msg: "exactly one of nonResourceAttributes or resourceAttributes must be specified",
},
{
name: "both requests",
obj: authorizationapi.SelfSubjectAccessReviewSpec{
ResourceAttributes: &authorizationapi.ResourceAttributes{},
NonResourceAttributes: &authorizationapi.NonResourceAttributes{},
},
msg: "cannot be specified in combination with resourceAttributes",
},
}
for _, c := range errorCases {
errs := ValidateSelfSubjectAccessReviewSpec(c.obj, field.NewPath("spec"))
if len(errs) == 0 {
t.Errorf("%s: expected failure for %q", c.name, c.msg)
} else if !strings.Contains(errs[0].Error(), c.msg) {
t.Errorf("%s: unexpected error: %q, expected: %q", c.name, errs[0], c.msg)
}
errs = ValidateSelfSubjectAccessReview(&authorizationapi.SelfSubjectAccessReview{Spec: c.obj})
if len(errs) == 0 {
t.Errorf("%s: expected failure for %q", c.name, c.msg)
} else if !strings.Contains(errs[0].Error(), c.msg) {
t.Errorf("%s: unexpected error: %q, expected: %q", c.name, errs[0], c.msg)
}
}
}示例5: ValidateScale
func ValidateScale(scale *autoscaling.Scale) field.ErrorList {
allErrs := field.ErrorList{}
allErrs = append(allErrs, apivalidation.ValidateObjectMeta(&scale.ObjectMeta, true, apivalidation.NameIsDNSSubdomain, field.NewPath("metadata"))...)
if scale.Spec.Replicas < 0 {
allErrs = append(allErrs, field.Invalid(field.NewPath("spec", "replicas"), scale.Spec.Replicas, "must be greater than or equal to 0"))
}
return allErrs
}示例6: ParseWatchResourceVersion
// ParseWatchResourceVersion takes a resource version argument and converts it to
// the etcd version we should pass to helper.Watch(). Because resourceVersion is
// an opaque value, the default watch behavior for non-zero watch is to watch
// the next value (if you pass "1", you will see updates from "2" onwards).
func ParseWatchResourceVersion(resourceVersion string) (uint64, error) {
if resourceVersion == "" || resourceVersion == "0" {
return 0, nil
}
version, err := strconv.ParseUint(resourceVersion, 10, 64)
if err != nil {
return 0, NewInvalidError(field.ErrorList{
// Validation errors are supposed to return version-specific field
// paths, but this is probably close enough.
field.Invalid(field.NewPath("resourceVersion"), resourceVersion, err.Error()),
})
}
return version, nil
}示例7: nodeShouldRunDaemonPod
func (dsc *DaemonSetsController) nodeShouldRunDaemonPod(node *api.Node, ds *extensions.DaemonSet) bool {
// Check if the node satisfies the daemon set's node selector.
nodeSelector := labels.Set(ds.Spec.Template.Spec.NodeSelector).AsSelector()
if !nodeSelector.Matches(labels.Set(node.Labels)) {
return false
}
// If the daemon set specifies a node name, check that it matches with node.Name.
if !(ds.Spec.Template.Spec.NodeName == "" || ds.Spec.Template.Spec.NodeName == node.Name) {
return false
}
for _, c := range node.Status.Conditions {
if c.Type == api.NodeOutOfDisk && c.Status == api.ConditionTrue {
return false
}
}
newPod := &api.Pod{Spec: ds.Spec.Template.Spec}
newPod.Spec.NodeName = node.Name
pods := []*api.Pod{newPod}
for _, m := range dsc.podStore.Indexer.List() {
pod := m.(*api.Pod)
if pod.Spec.NodeName != node.Name {
continue
}
if pod.Status.Phase == api.PodSucceeded || pod.Status.Phase == api.PodFailed {
continue
}
// ignore pods that belong to the daemonset when taking into account wheter
// a daemonset should bind to a node.
if pds := dsc.getPodDaemonSet(pod); pds != nil && ds.Name == pds.Name {
continue
}
pods = append(pods, pod)
}
_, notFittingCPU, notFittingMemory, notFittingNvidiaGPU := predicates.CheckPodsExceedingFreeResources(pods, node.Status.Allocatable)
if len(notFittingCPU)+len(notFittingMemory)+len(notFittingNvidiaGPU) != 0 {
dsc.eventRecorder.Eventf(ds, api.EventTypeNormal, "FailedPlacement", "failed to place pod on %q: insufficent free resources", node.ObjectMeta.Name)
return false
}
ports := sets.String{}
for _, pod := range pods {
if errs := validation.AccumulateUniqueHostPorts(pod.Spec.Containers, &ports, field.NewPath("spec", "containers")); len(errs) > 0 {
dsc.eventRecorder.Eventf(ds, api.EventTypeNormal, "FailedPlacement", "failed to place pod on %q: host port conflict", node.ObjectMeta.Name)
return false
}
}
return true
}示例8: Validate
// Validate ensures that the specified values fall within the range of the strategy. Validation
// of this will pass if either the UID is not set, assuming that the image will provided the UID
// or if the UID is set it is not root. In order to work properly this assumes that the kubelet
// performs a final check on runAsUser or the image UID when runAsUser is nil.
func (s *nonRoot) Validate(pod *api.Pod, container *api.Container) field.ErrorList {
allErrs := field.ErrorList{}
securityContextPath := field.NewPath("securityContext")
if container.SecurityContext == nil {
detail := fmt.Sprintf("unable to validate nil security context for container %s", container.Name)
allErrs = append(allErrs, field.Invalid(securityContextPath, container.SecurityContext, detail))
return allErrs
}
if container.SecurityContext.RunAsUser != nil && *container.SecurityContext.RunAsUser == 0 {
detail := fmt.Sprintf("running with the root UID is forbidden by the pod security policy %s", container.Name)
allErrs = append(allErrs, field.Invalid(securityContextPath.Child("runAsUser"), *container.SecurityContext.RunAsUser, detail))
return allErrs
}
return allErrs
}示例9: TestValidatePodDisruptionBudgetSpec
func TestValidatePodDisruptionBudgetSpec(t *testing.T) {
successCases := []intstr.IntOrString{
intstr.FromString("0%"),
intstr.FromString("1%"),
intstr.FromString("100%"),
intstr.FromInt(0),
intstr.FromInt(1),
intstr.FromInt(100),
}
for _, c := range successCases {
spec := policy.PodDisruptionBudgetSpec{
MinAvailable: c,
}
errs := ValidatePodDisruptionBudgetSpec(spec, field.NewPath("foo"))
if len(errs) != 0 {
t.Errorf("unexpected failure %v for %v", errs, spec)
}
}
failureCases := []intstr.IntOrString{
intstr.FromString("1.1%"),
intstr.FromString("nope"),
intstr.FromString("-1%"),
intstr.FromString("101%"),
intstr.FromInt(-1),
}
for _, c := range failureCases {
spec := policy.PodDisruptionBudgetSpec{
MinAvailable: c,
}
errs := ValidatePodDisruptionBudgetSpec(spec, field.NewPath("foo"))
if len(errs) == 0 {
t.Errorf("unexpected success for %v", spec)
}
}
}示例10: Export
func (s strategy) Export(obj runtime.Object, exact bool) error {
t, ok := obj.(*api.Secret)
if !ok {
// unexpected programmer error
return fmt.Errorf("unexpected object: %v", obj)
}
s.PrepareForCreate(obj)
if exact {
return nil
}
// secrets that are tied to the UID of a service account cannot be exported anyway
if t.Type == api.SecretTypeServiceAccountToken || len(t.Annotations[api.ServiceAccountUIDKey]) > 0 {
errs := []*field.Error{
field.Invalid(field.NewPath("type"), t, "can not export service account secrets"),
}
return errors.NewInvalid(api.Kind("Secret"), t.Name, errs)
}
return nil
}示例11: ValidatePetSetUpdate
// ValidatePetSetUpdate tests if required fields in the PetSet are set.
func ValidatePetSetUpdate(petSet, oldPetSet *apps.PetSet) field.ErrorList {
allErrs := field.ErrorList{}
// TODO: For now we're taking the safe route and disallowing all updates to spec except for Spec.Replicas.
// Enable on a case by case basis.
restoreReplicas := petSet.Spec.Replicas
petSet.Spec.Replicas = oldPetSet.Spec.Replicas
// The generation changes for this update
restoreGeneration := petSet.Generation
petSet.Generation = oldPetSet.Generation
if !reflect.DeepEqual(petSet, oldPetSet) {
allErrs = append(allErrs, field.Forbidden(field.NewPath("spec"), "updates to petset spec for fields other than 'replicas' are forbidden."))
}
petSet.Spec.Replicas = restoreReplicas
petSet.Generation = restoreGeneration
allErrs = append(allErrs, apivalidation.ValidateNonnegativeField(int64(petSet.Spec.Replicas), field.NewPath("spec", "replicas"))...)
return allErrs
}示例12: PodConstraintsFunc
// PodConstraintsFunc verifies that all required resources are present on the pod
// In addition, it validates that the resources are valid (i.e. requests < limits)
func PodConstraintsFunc(required []api.ResourceName, object runtime.Object) error {
pod, ok := object.(*api.Pod)
if !ok {
return fmt.Errorf("Unexpected input object %v", object)
}
// Pod level resources are often set during admission control
// As a consequence, we want to verify that resources are valid prior
// to ever charging quota prematurely in case they are not.
allErrs := field.ErrorList{}
fldPath := field.NewPath("spec").Child("containers")
for i, ctr := range pod.Spec.Containers {
idxPath := fldPath.Index(i)
allErrs = append(allErrs, validation.ValidateResourceRequirements(&ctr.Resources, idxPath.Child("resources"))...)
}
if len(allErrs) > 0 {
return allErrs.ToAggregate()
}
// TODO: fix this when we have pod level cgroups
// since we do not yet pod level requests/limits, we need to ensure each
// container makes an explict request or limit for a quota tracked resource
requiredSet := quota.ToSet(required)
missingSet := sets.NewString()
for i := range pod.Spec.Containers {
requests := pod.Spec.Containers[i].Resources.Requests
limits := pod.Spec.Containers[i].Resources.Limits
containerUsage := podUsageHelper(requests, limits)
containerSet := quota.ToSet(quota.ResourceNames(containerUsage))
if !containerSet.Equal(requiredSet) {
difference := requiredSet.Difference(containerSet)
missingSet.Insert(difference.List()...)
}
}
if len(missingSet) == 0 {
return nil
}
return fmt.Errorf("must specify %s", strings.Join(missingSet.List(), ","))
}示例13: ValidateHorizontalPodAutoscaler
func ValidateHorizontalPodAutoscaler(autoscaler *autoscaling.HorizontalPodAutoscaler) field.ErrorList {
allErrs := apivalidation.ValidateObjectMeta(&autoscaler.ObjectMeta, true, ValidateHorizontalPodAutoscalerName, field.NewPath("metadata"))
allErrs = append(allErrs, validateHorizontalPodAutoscalerSpec(autoscaler.Spec, field.NewPath("spec"))...)
allErrs = append(allErrs, validateHorizontalPodAutoscalerAnnotations(autoscaler.Annotations, field.NewPath("metadata"))...)
return allErrs
}示例14: TestValidateContainerSecurityContextSuccess
//.........这里部分代码省略.........
privPod.Spec.Containers[0].SecurityContext.Privileged = &priv
capsPSP := defaultPSP()
capsPSP.Spec.AllowedCapabilities = []api.Capability{"foo"}
capsPod := defaultPod()
capsPod.Spec.Containers[0].SecurityContext.Capabilities = &api.Capabilities{
Add: []api.Capability{"foo"},
}
// pod should be able to request caps that are in the required set even if not specified in the allowed set
requiredCapsPSP := defaultPSP()
requiredCapsPSP.Spec.DefaultAddCapabilities = []api.Capability{"foo"}
requiredCapsPod := defaultPod()
requiredCapsPod.Spec.Containers[0].SecurityContext.Capabilities = &api.Capabilities{
Add: []api.Capability{"foo"},
}
hostDirPSP := defaultPSP()
hostDirPSP.Spec.Volumes = []extensions.FSType{extensions.HostPath}
hostDirPod := defaultPod()
hostDirPod.Spec.Volumes = []api.Volume{
{
Name: "bad volume",
VolumeSource: api.VolumeSource{
HostPath: &api.HostPathVolumeSource{},
},
},
}
hostPortPSP := defaultPSP()
hostPortPSP.Spec.HostPorts = []extensions.HostPortRange{{Min: 1, Max: 1}}
hostPortPod := defaultPod()
hostPortPod.Spec.Containers[0].Ports = []api.ContainerPort{{HostPort: 1}}
readOnlyRootFSPodFalse := defaultPod()
readOnlyRootFSFalse := false
readOnlyRootFSPodFalse.Spec.Containers[0].SecurityContext.ReadOnlyRootFilesystem = &readOnlyRootFSFalse
readOnlyRootFSPodTrue := defaultPod()
readOnlyRootFSTrue := true
readOnlyRootFSPodTrue.Spec.Containers[0].SecurityContext.ReadOnlyRootFilesystem = &readOnlyRootFSTrue
errorCases := map[string]struct {
pod *api.Pod
psp *extensions.PodSecurityPolicy
}{
"pass user must run as PSP": {
pod: userPod,
psp: userPSP,
},
"pass seLinux must run as PSP": {
pod: seLinuxPod,
psp: seLinuxPSP,
},
"pass priv validating PSP": {
pod: privPod,
psp: privPSP,
},
"pass allowed caps validating PSP": {
pod: capsPod,
psp: capsPSP,
},
"pass required caps validating PSP": {
pod: requiredCapsPod,
psp: requiredCapsPSP,
},
"pass hostDir validating PSP": {
pod: hostDirPod,
psp: hostDirPSP,
},
"pass hostPort validating PSP": {
pod: hostPortPod,
psp: hostPortPSP,
},
"pass read only root fs - nil": {
pod: defaultPod(),
psp: defaultPSP(),
},
"pass read only root fs - false": {
pod: readOnlyRootFSPodFalse,
psp: defaultPSP(),
},
"pass read only root fs - true": {
pod: readOnlyRootFSPodTrue,
psp: defaultPSP(),
},
}
for k, v := range errorCases {
provider, err := NewSimpleProvider(v.psp, "namespace", NewSimpleStrategyFactory())
if err != nil {
t.Fatalf("unable to create provider %v", err)
}
errs := provider.ValidateContainerSecurityContext(v.pod, &v.pod.Spec.Containers[0], field.NewPath(""))
if len(errs) != 0 {
t.Errorf("%s expected validation pass but received errors %v", k, errs)
continue
}
}
}示例15: TestValidatePodSecurityContextSuccess
func TestValidatePodSecurityContextSuccess(t *testing.T) {
hostNetworkPSP := defaultPSP()
hostNetworkPSP.Spec.HostNetwork = true
hostNetworkPod := defaultPod()
hostNetworkPod.Spec.SecurityContext.HostNetwork = true
hostPIDPSP := defaultPSP()
hostPIDPSP.Spec.HostPID = true
hostPIDPod := defaultPod()
hostPIDPod.Spec.SecurityContext.HostPID = true
hostIPCPSP := defaultPSP()
hostIPCPSP.Spec.HostIPC = true
hostIPCPod := defaultPod()
hostIPCPod.Spec.SecurityContext.HostIPC = true
supGroupPSP := defaultPSP()
supGroupPSP.Spec.SupplementalGroups = extensions.SupplementalGroupsStrategyOptions{
Rule: extensions.SupplementalGroupsStrategyMustRunAs,
Ranges: []extensions.IDRange{
{Min: 1, Max: 5},
},
}
supGroupPod := defaultPod()
supGroupPod.Spec.SecurityContext.SupplementalGroups = []int64{3}
fsGroupPSP := defaultPSP()
fsGroupPSP.Spec.FSGroup = extensions.FSGroupStrategyOptions{
Rule: extensions.FSGroupStrategyMustRunAs,
Ranges: []extensions.IDRange{
{Min: 1, Max: 5},
},
}
fsGroupPod := defaultPod()
fsGroup := int64(3)
fsGroupPod.Spec.SecurityContext.FSGroup = &fsGroup
seLinuxPod := defaultPod()
seLinuxPod.Spec.SecurityContext.SELinuxOptions = &api.SELinuxOptions{
User: "user",
Role: "role",
Type: "type",
Level: "level",
}
seLinuxPSP := defaultPSP()
seLinuxPSP.Spec.SELinux.Rule = extensions.SELinuxStrategyMustRunAs
seLinuxPSP.Spec.SELinux.SELinuxOptions = &api.SELinuxOptions{
User: "user",
Role: "role",
Type: "type",
Level: "level",
}
errorCases := map[string]struct {
pod *api.Pod
psp *extensions.PodSecurityPolicy
}{
"pass hostNetwork validating PSP": {
pod: hostNetworkPod,
psp: hostNetworkPSP,
},
"pass hostPID validating PSP": {
pod: hostPIDPod,
psp: hostPIDPSP,
},
"pass hostIPC validating PSP": {
pod: hostIPCPod,
psp: hostIPCPSP,
},
"pass supplemental group validating PSP": {
pod: supGroupPod,
psp: supGroupPSP,
},
"pass fs group validating PSP": {
pod: fsGroupPod,
psp: fsGroupPSP,
},
"pass selinux validating PSP": {
pod: seLinuxPod,
psp: seLinuxPSP,
},
}
for k, v := range errorCases {
provider, err := NewSimpleProvider(v.psp, "namespace", NewSimpleStrategyFactory())
if err != nil {
t.Fatalf("unable to create provider %v", err)
}
errs := provider.ValidatePodSecurityContext(v.pod, field.NewPath(""))
if len(errs) != 0 {
t.Errorf("%s expected validation pass but received errors %v", k, errs)
continue
}
}
}