本文整理汇总了Golang中k8s/io/kubernetes/pkg/api/errors.NewBadRequest函数的典型用法代码示例。如果您正苦于以下问题:Golang NewBadRequest函数的具体用法?Golang NewBadRequest怎么用?Golang NewBadRequest使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了NewBadRequest函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Golang代码示例。
示例1: GetEffectivePolicyRules
func GetEffectivePolicyRules(ctx kapi.Context, ruleResolver rulevalidation.AuthorizationRuleResolver, clusterPolicyGetter client.ClusterPolicyLister) ([]authorizationapi.PolicyRule, []error) {
namespace := kapi.NamespaceValue(ctx)
if len(namespace) == 0 {
return nil, []error{kapierrors.NewBadRequest(fmt.Sprintf("namespace is required on this type: %v", namespace))}
}
user, exists := kapi.UserFrom(ctx)
if !exists {
return nil, []error{kapierrors.NewBadRequest(fmt.Sprintf("user missing from context"))}
}
var errors []error
var rules []authorizationapi.PolicyRule
namespaceRules, err := ruleResolver.RulesFor(user, namespace)
if err != nil {
errors = append(errors, err)
}
for _, rule := range namespaceRules {
rules = append(rules, rulevalidation.BreakdownRule(rule)...)
}
if scopes := user.GetExtra()[authorizationapi.ScopesKey]; len(scopes) > 0 {
rules, err = filterRulesByScopes(rules, scopes, namespace, clusterPolicyGetter)
if err != nil {
return nil, []error{kapierrors.NewInternalError(err)}
}
}
if compactedRules, err := rulevalidation.CompactRules(rules); err == nil {
rules = compactedRules
}
sort.Sort(authorizationapi.SortableRuleSlice(rules))
return rules, errors
}示例2: Create
func (r *REST) Create(ctx kapi.Context, obj runtime.Object) (runtime.Object, error) {
localSubjectAccessReview, ok := obj.(*authorizationapi.LocalSubjectAccessReview)
if !ok {
return nil, kapierrors.NewBadRequest(fmt.Sprintf("not a LocaLocalSubjectAccessReview: %#v", obj))
}
if errs := authorizationvalidation.ValidateLocalSubjectAccessReview(localSubjectAccessReview); len(errs) > 0 {
return nil, kapierrors.NewInvalid(authorizationapi.Kind(localSubjectAccessReview.Kind), "", errs)
}
namespace := kapi.NamespaceValue(ctx)
if len(namespace) == 0 {
return nil, kapierrors.NewBadRequest(fmt.Sprintf("namespace is required on this type: %v", namespace))
}
if namespace != localSubjectAccessReview.Namespace {
return nil, kapierrors.NewBadRequest(fmt.Sprintf("spec.resourceAttributes.namespace must match namespace: %v", namespace))
}
authorizationAttributes := authorizationutil.AuthorizationAttributesFrom(localSubjectAccessReview.Spec)
allowed, reason, evaluationErr := r.authorizer.Authorize(authorizationAttributes)
localSubjectAccessReview.Status = authorizationapi.SubjectAccessReviewStatus{
Allowed: allowed,
Reason: reason,
}
if evaluationErr != nil {
localSubjectAccessReview.Status.EvaluationError = evaluationErr.Error()
}
return localSubjectAccessReview, nil
}示例3: Create
// Create transforms a LocalSAR into an ClusterSAR that is requesting a namespace. That collapses the code paths.
// LocalSubjectAccessReview exists to allow clean expression of policy.
func (r *REST) Create(ctx kapi.Context, obj runtime.Object) (runtime.Object, error) {
localSAR, ok := obj.(*authorizationapi.LocalSubjectAccessReview)
if !ok {
return nil, kapierrors.NewBadRequest(fmt.Sprintf("not a localSubjectAccessReview: %#v", obj))
}
if errs := authorizationvalidation.ValidateLocalSubjectAccessReview(localSAR); len(errs) > 0 {
return nil, kapierrors.NewInvalid(authorizationapi.Kind(localSAR.Kind), "", errs)
}
if namespace := kapi.NamespaceValue(ctx); len(namespace) == 0 {
return nil, kapierrors.NewBadRequest(fmt.Sprintf("namespace is required on this type: %v", namespace))
} else if (len(localSAR.Action.Namespace) > 0) && (namespace != localSAR.Action.Namespace) {
return nil, field.Invalid(field.NewPath("namespace"), localSAR.Action.Namespace, fmt.Sprintf("namespace must be: %v", namespace))
}
// transform this into a SubjectAccessReview
clusterSAR := &authorizationapi.SubjectAccessReview{
Action: localSAR.Action,
User: localSAR.User,
Groups: localSAR.Groups,
Scopes: localSAR.Scopes,
}
clusterSAR.Action.Namespace = kapi.NamespaceValue(ctx)
return r.clusterSARRegistry.CreateSubjectAccessReview(kapi.WithNamespace(ctx, ""), clusterSAR)
}示例4: Create
func (r *REST) Create(ctx api.Context, obj runtime.Object) (runtime.Object, error) {
selfSAR, ok := obj.(*authorizationapi.SelfSubjectAccessReview)
if !ok {
return nil, apierrors.NewBadRequest(fmt.Sprintf("not a SelfSubjectAccessReview: %#v", obj))
}
if errs := authorizationvalidation.ValidateSelfSubjectAccessReview(selfSAR); len(errs) > 0 {
return nil, apierrors.NewInvalid(authorizationapi.Kind(selfSAR.Kind), "", errs)
}
userToCheck, exists := api.UserFrom(ctx)
if !exists {
return nil, apierrors.NewBadRequest("no user present on request")
}
var authorizationAttributes authorizer.AttributesRecord
if selfSAR.Spec.ResourceAttributes != nil {
authorizationAttributes = authorizationutil.ResourceAttributesFrom(userToCheck, *selfSAR.Spec.ResourceAttributes)
} else {
authorizationAttributes = authorizationutil.NonResourceAttributesFrom(userToCheck, *selfSAR.Spec.NonResourceAttributes)
}
allowed, reason, evaluationErr := r.authorizer.Authorize(authorizationAttributes)
selfSAR.Status = authorizationapi.SubjectAccessReviewStatus{
Allowed: allowed,
Reason: reason,
}
if evaluationErr != nil {
selfSAR.Status.EvaluationError = evaluationErr.Error()
}
return selfSAR, nil
}示例5: Update
func (r *ScaleREST) Update(ctx api.Context, name string, objInfo rest.UpdatedObjectInfo) (runtime.Object, bool, error) {
rc, err := r.registry.GetController(ctx, name)
if err != nil {
return nil, false, errors.NewNotFound(autoscaling.Resource("replicationcontrollers/scale"), name)
}
oldScale := scaleFromRC(rc)
obj, err := objInfo.UpdatedObject(ctx, oldScale)
if err != nil {
return nil, false, err
}
if obj == nil {
return nil, false, errors.NewBadRequest("nil update passed to Scale")
}
scale, ok := obj.(*autoscaling.Scale)
if !ok {
return nil, false, errors.NewBadRequest(fmt.Sprintf("wrong object passed to Scale update: %v", obj))
}
if errs := validation.ValidateScale(scale); len(errs) > 0 {
return nil, false, errors.NewInvalid(autoscaling.Kind("Scale"), scale.Name, errs)
}
rc.Spec.Replicas = scale.Spec.Replicas
rc.ResourceVersion = scale.ResourceVersion
rc, err = r.registry.UpdateController(ctx, rc)
if err != nil {
return nil, false, err
}
return scaleFromRC(rc), false, nil
}示例6: Update
func (r *ScaleREST) Update(ctx api.Context, obj runtime.Object) (runtime.Object, bool, error) {
if obj == nil {
return nil, false, errors.NewBadRequest(fmt.Sprintf("nil update passed to Scale"))
}
scale, ok := obj.(*extensions.Scale)
if !ok {
return nil, false, errors.NewBadRequest(fmt.Sprintf("expected input object type to be Scale, but %T", obj))
}
if errs := extvalidation.ValidateScale(scale); len(errs) > 0 {
return nil, false, errors.NewInvalid(extensions.Kind("Scale"), scale.Name, errs)
}
deployment, err := r.registry.GetDeployment(ctx, scale.Name)
if err != nil {
return nil, false, errors.NewNotFound(extensions.Resource("deployments/scale"), scale.Name)
}
deployment.Spec.Replicas = scale.Spec.Replicas
deployment.ResourceVersion = scale.ResourceVersion
deployment, err = r.registry.UpdateDeployment(ctx, deployment)
if err != nil {
return nil, false, err
}
newScale, err := scaleFromDeployment(deployment)
if err != nil {
return nil, false, errors.NewBadRequest(fmt.Sprintf("%v", err))
}
return newScale, false, nil
}示例7: Update
func (r *ScaleREST) Update(ctx api.Context, obj runtime.Object) (runtime.Object, bool, error) {
if obj == nil {
return nil, false, errors.NewBadRequest(fmt.Sprintf("nil update passed to Scale"))
}
scale, ok := obj.(*extensions.Scale)
if !ok {
return nil, false, errors.NewBadRequest(fmt.Sprintf("wrong object passed to Scale update: %v", obj))
}
if errs := extvalidation.ValidateScale(scale); len(errs) > 0 {
return nil, false, errors.NewInvalid(extensions.Kind("Scale"), scale.Name, errs)
}
rs, err := r.registry.GetReplicaSet(ctx, scale.Name)
if err != nil {
return nil, false, errors.NewNotFound(extensions.Resource("replicasets/scale"), scale.Name)
}
rs.Spec.Replicas = scale.Spec.Replicas
rs.ResourceVersion = scale.ResourceVersion
rs, err = r.registry.UpdateReplicaSet(ctx, rs)
if err != nil {
return nil, false, err
}
newScale, err := scaleFromReplicaSet(rs)
if err != nil {
return nil, false, errors.NewBadRequest(fmt.Sprintf("%v", err))
}
return newScale, false, err
}示例8: Admit
// Admit will deny pods that have a RunAsUser set that isn't the uid of the user requesting it
func (p *plugin) Admit(a admission.Attributes) (err error) {
if a.GetResource() != string(api.ResourcePods) {
return nil
}
pod, ok := a.GetObject().(*api.Pod)
if !ok {
return apierrors.NewBadRequest("Resource was marked with kind Pod but was unable to be converted")
}
user := a.GetUserInfo()
if user == nil {
return apierrors.NewBadRequest("uidenforcer admission controller can not be used if there is no user set")
}
for i := 0; i < len(pod.Spec.Containers); i++ {
container := &pod.Spec.Containers[i]
uid, ok := strconv.ParseInt(user.GetUID(), 10, 32)
if ok == nil {
if container.SecurityContext == nil {
container.SecurityContext = &api.SecurityContext{
RunAsUser: &uid,
}
} else {
container.SecurityContext.RunAsUser = &uid
}
} else {
return apierrors.NewBadRequest("Requesting user's uid is not an integer")
}
}
return nil
}示例9: Update
func (r *ScaleREST) Update(ctx api.Context, obj runtime.Object) (runtime.Object, bool, error) {
if obj == nil {
return nil, false, errors.NewBadRequest(fmt.Sprintf("nil update passed to Scale"))
}
scale, ok := obj.(*experimental.Scale)
if !ok {
return nil, false, errors.NewBadRequest(fmt.Sprintf("wrong object passed to Scale update: %v", obj))
}
rc, err := (*r.registry).GetController(ctx, scale.Name)
if err != nil {
return nil, false, errors.NewNotFound("scale", scale.Name)
}
rc.Spec.Replicas = scale.Spec.Replicas
rc, err = (*r.registry).UpdateController(ctx, rc)
if err != nil {
return nil, false, errors.NewConflict("scale", scale.Name, err)
}
return &experimental.Scale{
ObjectMeta: api.ObjectMeta{
Name: rc.Name,
Namespace: rc.Namespace,
CreationTimestamp: rc.CreationTimestamp,
},
Spec: experimental.ScaleSpec{
Replicas: rc.Spec.Replicas,
},
Status: experimental.ScaleStatus{
Replicas: rc.Status.Replicas,
Selector: rc.Spec.Selector,
},
}, false, nil
}示例10: Create
// Create registers a given new ResourceAccessReview instance to r.registry.
func (r *REST) Create(ctx kapi.Context, obj runtime.Object) (runtime.Object, error) {
rulesReview, ok := obj.(*authorizationapi.SubjectRulesReview)
if !ok {
return nil, kapierrors.NewBadRequest(fmt.Sprintf("not a SubjectRulesReview: %#v", obj))
}
namespace := kapi.NamespaceValue(ctx)
if len(namespace) == 0 {
return nil, kapierrors.NewBadRequest(fmt.Sprintf("namespace is required on this type: %v", namespace))
}
userToCheck := &user.DefaultInfo{
Name: rulesReview.Spec.User,
Groups: rulesReview.Spec.Groups,
Extra: map[string][]string{},
}
if len(rulesReview.Spec.Scopes) > 0 {
userToCheck.Extra[authorizationapi.ScopesKey] = rulesReview.Spec.Scopes
}
rules, errors := GetEffectivePolicyRules(kapi.WithUser(ctx, userToCheck), r.ruleResolver, r.clusterPolicyGetter)
ret := &authorizationapi.SubjectRulesReview{
Status: authorizationapi.SubjectRulesReviewStatus{
Rules: rules,
},
}
if len(errors) != 0 {
ret.Status.EvaluationError = kutilerrors.NewAggregate(errors).Error()
}
return ret, nil
}示例11: Update
// Update scales the DeploymentConfig for the given Scale subresource, returning the updated Scale.
func (r *ScaleREST) Update(ctx kapi.Context, obj runtime.Object) (runtime.Object, bool, error) {
if obj == nil {
return nil, false, errors.NewBadRequest(fmt.Sprintf("nil update passed to Scale"))
}
scale, ok := obj.(*extensions.Scale)
if !ok {
return nil, false, errors.NewBadRequest(fmt.Sprintf("wrong object passed to Scale update: %v", obj))
}
// fake an existing object to validate
existing := &extensions.Scale{
ObjectMeta: kapi.ObjectMeta{
Name: scale.Name,
CreationTimestamp: scale.CreationTimestamp,
},
}
if existing.Namespace, ok = kapi.NamespaceFrom(ctx); !ok {
existing.Namespace = scale.Namespace
}
if errs := extvalidation.ValidateScaleUpdate(scale, existing); len(errs) > 0 {
return nil, false, errors.NewInvalid("scale", scale.Name, errs)
}
deploymentConfig, err := r.registry.GetDeploymentConfig(ctx, scale.Name)
if err != nil {
return nil, false, errors.NewNotFound("scale", scale.Name)
}
scaleRet := &extensions.Scale{
ObjectMeta: kapi.ObjectMeta{
Name: deploymentConfig.Name,
Namespace: deploymentConfig.Namespace,
CreationTimestamp: deploymentConfig.CreationTimestamp,
},
Spec: extensions.ScaleSpec{
Replicas: scale.Spec.Replicas,
},
Status: extensions.ScaleStatus{
Selector: deploymentConfig.Spec.Selector,
},
}
// TODO(directxman12): this is going to be a bit out of sync, since we are calculating it
// here and not as part of the deploymentconfig loop -- is there a better way of doing it?
totalReplicas, err := r.replicasForDeploymentConfig(deploymentConfig.Namespace, deploymentConfig.Name)
if err != nil {
return nil, false, err
}
oldReplicas := deploymentConfig.Spec.Replicas
deploymentConfig.Spec.Replicas = scale.Spec.Replicas
if err := r.registry.UpdateDeploymentConfig(ctx, deploymentConfig); err != nil {
return nil, false, err
}
scaleRet.Status.Replicas = totalReplicas + (scale.Spec.Replicas - oldReplicas)
return scaleRet, false, nil
}示例12: Update
func (r *ScaleREST) Update(ctx api.Context, obj runtime.Object) (runtime.Object, bool, error) {
if obj == nil {
return nil, false, errors.NewBadRequest(fmt.Sprintf("nil update passed to Scale"))
}
scale, ok := obj.(*extensions.Scale)
if !ok {
return nil, false, errors.NewBadRequest(fmt.Sprintf("wrong object passed to Scale update: %v", obj))
}
if errs := extvalidation.ValidateScale(scale); len(errs) > 0 {
return nil, false, errors.NewInvalid(extensions.Kind("Scale"), scale.Name, errs)
}
rc, err := (*r.registry).GetController(ctx, scale.Name)
if err != nil {
return nil, false, errors.NewNotFound(extensions.Resource("replicationcontrollers/scale"), scale.Name)
}
rc.Spec.Replicas = scale.Spec.Replicas
rc.ResourceVersion = scale.ResourceVersion
rc, err = (*r.registry).UpdateController(ctx, rc)
if err != nil {
return nil, false, errors.NewConflict(extensions.Resource("replicationcontrollers/scale"), scale.Name, err)
}
return scaleFromRC(rc), false, nil
}示例13: streamLocation
func streamLocation(getter ResourceGetter, connInfo client.ConnectionInfoGetter, ctx api.Context, name string, opts runtime.Object, container, path string) (*url.URL, http.RoundTripper, error) {
pod, err := getPod(getter, ctx, name)
if err != nil {
return nil, nil, err
}
// Try to figure out a container
if container == "" {
if len(pod.Spec.Containers) == 1 {
container = pod.Spec.Containers[0].Name
} else {
return nil, nil, errors.NewBadRequest(fmt.Sprintf("a container name must be specified for pod %s", name))
}
}
nodeHost := pod.Spec.NodeName
if len(nodeHost) == 0 {
// If pod has not been assigned a host, return an empty location
return nil, nil, errors.NewBadRequest(fmt.Sprintf("pod %s does not have a host assigned", name))
}
nodeScheme, nodePort, nodeTransport, err := connInfo.GetConnectionInfo(nodeHost)
if err != nil {
return nil, nil, err
}
params := url.Values{}
if err := streamParams(params, opts); err != nil {
return nil, nil, err
}
loc := &url.URL{
Scheme: nodeScheme,
Host: fmt.Sprintf("%s:%d", nodeHost, nodePort),
Path: fmt.Sprintf("/%s/%s/%s/%s", path, pod.Namespace, name, container),
RawQuery: params.Encode(),
}
return loc, nodeTransport, nil
}示例14: Create
// Create registers a given new PodSecurityPolicyReview instance to r.registry.
func (r *REST) Create(ctx kapi.Context, obj runtime.Object) (runtime.Object, error) {
pspr, ok := obj.(*securityapi.PodSecurityPolicyReview)
if !ok {
return nil, kapierrors.NewBadRequest(fmt.Sprintf("not a PodSecurityPolicyReview: %#v", obj))
}
if errs := securityvalidation.ValidatePodSecurityPolicyReview(pspr); len(errs) > 0 {
return nil, kapierrors.NewInvalid(kapi.Kind("PodSecurityPolicyReview"), "", errs)
}
ns, ok := kapi.NamespaceFrom(ctx)
if !ok {
return nil, kapierrors.NewBadRequest("namespace parameter required.")
}
serviceAccounts, err := getServiceAccounts(pspr.Spec, r.saCache, ns)
if err != nil {
return nil, kapierrors.NewBadRequest(err.Error())
}
if len(serviceAccounts) == 0 {
glog.Errorf("No service accounts for namespace %s", ns)
return nil, kapierrors.NewBadRequest(fmt.Sprintf("unable to find ServiceAccount for namespace: %s", ns))
}
errs := []error{}
newStatus := securityapi.PodSecurityPolicyReviewStatus{}
for _, sa := range serviceAccounts {
userInfo := serviceaccount.UserInfo(ns, sa.Name, "")
saConstraints, err := r.sccMatcher.FindApplicableSCCs(userInfo)
if err != nil {
errs = append(errs, fmt.Errorf("unable to find SecurityContextConstraints for ServiceAccount %s: %v", sa.Name, err))
continue
}
oscc.DeduplicateSecurityContextConstraints(saConstraints)
sort.Sort(oscc.ByPriority(saConstraints))
var namespace *kapi.Namespace
for _, constraint := range saConstraints {
var (
provider kscc.SecurityContextConstraintsProvider
err error
)
pspsrs := securityapi.PodSecurityPolicySubjectReviewStatus{}
if provider, namespace, err = oscc.CreateProviderFromConstraint(ns, namespace, constraint, r.client); err != nil {
errs = append(errs, fmt.Errorf("unable to create provider for service account %s: %v", sa.Name, err))
continue
}
_, err = podsecuritypolicysubjectreview.FillPodSecurityPolicySubjectReviewStatus(&pspsrs, provider, pspr.Spec.Template.Spec, constraint)
if err != nil {
glog.Errorf("unable to fill PodSecurityPolicyReviewStatus from constraint %v", err)
continue
}
sapsprs := securityapi.ServiceAccountPodSecurityPolicyReviewStatus{pspsrs, sa.Name}
newStatus.AllowedServiceAccounts = append(newStatus.AllowedServiceAccounts, sapsprs)
}
}
if len(errs) > 0 {
return nil, kapierrors.NewBadRequest(fmt.Sprintf("%s", kerrors.NewAggregate(errs)))
}
pspr.Status = newStatus
return pspr, nil
}示例15: LogLocation
// LogLocation returns the log URL for a pod container. If opts.Container is blank
// and only one container is present in the pod, that container is used.
func LogLocation(getter ResourceGetter, connInfo client.ConnectionInfoGetter, ctx api.Context, name string, opts *api.PodLogOptions) (*url.URL, http.RoundTripper, error) {
pod, err := getPod(getter, ctx, name)
if err != nil {
return nil, nil, err
}
// Try to figure out a container
// If a container was provided, it must be valid
container := opts.Container
if len(container) == 0 {
if len(pod.Spec.Containers) == 1 {
container = pod.Spec.Containers[0].Name
} else {
return nil, nil, errors.NewBadRequest(fmt.Sprintf("a container name must be specified for pod %s", name))
}
} else {
if !podHasContainerWithName(pod, container) {
return nil, nil, errors.NewBadRequest(fmt.Sprintf("container %s is not valid for pod %s", container, name))
}
}
nodeHost := pod.Spec.NodeName
if len(nodeHost) == 0 {
// If pod has not been assigned a host, return an empty location
return nil, nil, nil
}
nodeScheme, nodePort, nodeTransport, err := connInfo.GetConnectionInfo(nodeHost)
if err != nil {
return nil, nil, err
}
params := url.Values{}
if opts.Follow {
params.Add("follow", "true")
}
if opts.Previous {
params.Add("previous", "true")
}
if opts.Timestamps {
params.Add("timestamps", "true")
}
if opts.SinceSeconds != nil {
params.Add("sinceSeconds", strconv.FormatInt(*opts.SinceSeconds, 10))
}
if opts.SinceTime != nil {
params.Add("sinceTime", opts.SinceTime.Format(time.RFC3339))
}
if opts.TailLines != nil {
params.Add("tailLines", strconv.FormatInt(*opts.TailLines, 10))
}
if opts.LimitBytes != nil {
params.Add("limitBytes", strconv.FormatInt(*opts.LimitBytes, 10))
}
loc := &url.URL{
Scheme: nodeScheme,
Host: fmt.Sprintf("%s:%d", nodeHost, nodePort),
Path: fmt.Sprintf("/containerLogs/%s/%s/%s", pod.Namespace, pod.Name, container),
RawQuery: params.Encode(),
}
return loc, nodeTransport, nil
}