github.com/openshift/installer@v1.4.17/pkg/types/azure/validation/disk.go (about)

     1  package validation
     2  
     3  import (
     4  	"regexp"
     5  
     6  	"k8s.io/apimachinery/pkg/util/validation/field"
     7  
     8  	"github.com/openshift/installer/pkg/types/azure"
     9  )
    10  
    11  var (
    12  	// RxDiskEncryptionSetID is a regular expression that validates a disk encryption set ID.
    13  	RxDiskEncryptionSetID = regexp.MustCompile(`(?i)^/subscriptions/([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})/resourceGroups/([-a-zA-Z0-9_().]{0,89}[-a-zA-Z0-9_()])/providers/Microsoft\.Compute/diskEncryptionSets/([-a-zA-Z0-9_]{1,80})$`)
    14  
    15  	// RxSubscriptionID is a regular expression that validates a subscription ID.
    16  	RxSubscriptionID = regexp.MustCompile(`^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$`)
    17  
    18  	// RxResourceGroup is a regular expression that validates a resource group.
    19  	RxResourceGroup = regexp.MustCompile(`^[-a-zA-Z0-9_().]{0,89}[-a-zA-Z0-9_()]$`)
    20  
    21  	// RxDiskEncryptionSetName is a regular expression that validates a disk encryption set name
    22  	RxDiskEncryptionSetName = regexp.MustCompile(`^[-a-zA-Z0-9_]{1,80}$`)
    23  )
    24  
    25  // ValidateDiskEncryption checks that the specified disk encryption configuration is valid.
    26  func ValidateDiskEncryption(p *azure.MachinePool, cloudName azure.CloudEnvironment, fldPath *field.Path) field.ErrorList {
    27  	allErrs := field.ErrorList{}
    28  	childFldPath := fldPath.Child("osDisk", "diskEncryptionSet")
    29  
    30  	diskEncryptionSet := p.OSDisk.DiskEncryptionSet
    31  	if diskEncryptionSet != nil && cloudName == azure.StackCloud {
    32  		return append(allErrs, field.Invalid(childFldPath.Child("diskEncryptionSet"), diskEncryptionSet, "disk encryption sets are not supported on this platform"))
    33  	}
    34  	if diskEncryptionSet.SubscriptionID == "" {
    35  		return append(allErrs, field.Required(childFldPath.Child("subscriptionID"), "subscription ID is required"))
    36  	}
    37  	if !RxSubscriptionID.MatchString(diskEncryptionSet.SubscriptionID) {
    38  		return append(allErrs, field.Invalid(childFldPath.Child("subscriptionID"), diskEncryptionSet.SubscriptionID, "invalid subscription ID format"))
    39  	}
    40  	if !RxResourceGroup.MatchString(diskEncryptionSet.ResourceGroup) {
    41  		return append(allErrs, field.Invalid(childFldPath.Child("resourceGroup"), diskEncryptionSet.ResourceGroup, "invalid resource group format"))
    42  	}
    43  	if !RxDiskEncryptionSetName.MatchString(diskEncryptionSet.Name) {
    44  		return append(allErrs, field.Invalid(childFldPath.Child("diskEncryptionSetName"), diskEncryptionSet.Name, "invalid name format"))
    45  	}
    46  
    47  	return allErrs
    48  }
    49  
    50  // ValidateEncryptionAtHost checks that the encryption at host configuration is valid.
    51  func ValidateEncryptionAtHost(p *azure.MachinePool, cloudName azure.CloudEnvironment, fldPath *field.Path) field.ErrorList {
    52  	allErrs := field.ErrorList{}
    53  
    54  	encryptionAtHost := p.EncryptionAtHost
    55  	if encryptionAtHost == true && cloudName == azure.StackCloud {
    56  		return append(allErrs, field.Invalid(fldPath.Child("encryptionAtHost"), encryptionAtHost, "encryption at host is not supported on this platform"))
    57  	}
    58  
    59  	return allErrs
    60  }