actions/kubeconform
9
0
Fork 0
mirror of https://github.com/yannh/kubeconform.git synced 2026-02-21 19:07:00 +00:00
Code Issues Projects Releases 1 Packages Wiki Activity Actions

Properly handle successful http requests to registries sending invalid schema responses

Browse source
This commit is contained in:
Victor Cardenas 2021-08-03 19:46:18 -04:00
parent f8ffb2f9e3
commit 44b7ba9aef
3 changed files with 173 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
.gitignore vendored
View file

@ -1,2 +1,3 @@
dist/ dist/
bin/ bin/
.idea/

8
pkg/validator/validator.go
View file

@ -225,7 +225,13 @@ func downloadSchema(registries []registry.Registry, kind, version, k8sVersion st
for _, reg := range registries { for _, reg := range registries {
schemaBytes, err = reg.DownloadSchema(kind, version, k8sVersion) schemaBytes, err = reg.DownloadSchema(kind, version, k8sVersion)
if err == nil { if err == nil {
return gojsonschema.NewSchema(gojsonschema.NewBytesLoader(schemaBytes)) schema, err := gojsonschema.NewSchema(gojsonschema.NewBytesLoader(schemaBytes))
// If we got a non-parseable response, we try the next registry
if err != nil {
continue
}
return schema, err
} }
// If we get a 404, we try the next registry, but we exit if we get a real failure // If we get a 404, we try the next registry, but we exit if we get a real failure

180
pkg/validator/validator_test.go
View file

@ -1,19 +1,35 @@
package validator package validator
import ( import (
"testing" "github.com/yannh/kubeconform/pkg/registry"
"testing"
"github.com/yannh/kubeconform/pkg/registry" "github.com/yannh/kubeconform/pkg/resource"
"github.com/yannh/kubeconform/pkg/resource"
"github.com/xeipuuv/gojsonschema"
) )
type mockRegistry struct {
SchemaDownloader func() ([]byte, error)
}
func newMockRegistry(f func() ([]byte, error)) *mockRegistry {
return &mockRegistry{
SchemaDownloader: f,
}
}
func (m mockRegistry) DownloadSchema(resourceKind, resourceAPIVersion, k8sVersion string) ([]byte, error) {
return m.SchemaDownloader()
}
func TestValidate(t *testing.T) { func TestValidate(t *testing.T) {
for i, testCase := range []struct { for i, testCase := range []struct {
name string name string
rawResource, schema []byte rawResource, schemaRegistry1 []byte
expect Status schemaRegistry2 []byte
ignoreMissingSchema bool
expect Status
}{ }{
{ {
"valid resource", "valid resource",
@ -44,6 +60,8 @@ lastName: bar
}, },
"required": ["firstName", "lastName"] "required": ["firstName", "lastName"]
}`), }`),
nil,
false,
Valid, Valid,
}, },
{ {
@ -75,6 +93,8 @@ lastName: bar
}, },
"required": ["firstName", "lastName"] "required": ["firstName", "lastName"]
}`), }`),
nil,
false,
Invalid, Invalid,
}, },
{ {
@ -105,6 +125,8 @@ firstName: foo
}, },
"required": ["firstName", "lastName"] "required": ["firstName", "lastName"]
}`), }`),
nil,
false,
Invalid, Invalid,
}, },
{ {
@ -139,6 +161,132 @@ lastName: bar
}, },
"required": ["firstName", "lastName"] "required": ["firstName", "lastName"]
}`), }`),
nil,
false,
Error,
},
{
"missing schema in 1st registry",
[]byte(`
kind: name
apiVersion: v1
firstName: foo
lastName: bar
`),
nil,
[]byte(`{
"title": "Example Schema",
"type": "object",
"properties": {
"kind": {
"type": "string"
},
"apiVersion": {
"type": "string"
},
"firstName": {
"type": "string"
},
"lastName": {
"type": "string"
},
"age": {
"description": "Age in years",
"type": "integer",
"minimum": 0
}
},
"required": ["firstName", "lastName"]
}`),
false,
Valid,
},
{
"non-json response in 1st registry",
[]byte(`
kind: name
apiVersion: v1
firstName: foo
lastName: bar
`),
[]byte(`<html>error page</html>`),
[]byte(`{
"title": "Example Schema",
"type": "object",
"properties": {
"kind": {
"type": "string"
},
"apiVersion": {
"type": "string"
},
"firstName": {
"type": "string"
},
"lastName": {
"type": "string"
},
"age": {
"description": "Age in years",
"type": "integer",
"minimum": 0
}
},
"required": ["firstName", "lastName"]
}`),
false,
Valid,
},
{
"missing schema in both registries, ignore missing",
[]byte(`
kind: name
apiVersion: v1
firstName: foo
lastName: bar
`),
nil,
nil,
true,
Skipped,
},
{
"missing schema in both registries, do not ignore missing",
[]byte(`
kind: name
apiVersion: v1
firstName: foo
lastName: bar
`),
nil,
nil,
false,
Error,
},
{
"non-json response in both registries, ignore missing",
[]byte(`
kind: name
apiVersion: v1
firstName: foo
lastName: bar
`),
[]byte(`<html>error page</html>`),
[]byte(`<html>error page</html>`),
true,
Skipped,
},
{
"non-json response in both registries, do not ignore missing",
[]byte(`
kind: name
apiVersion: v1
firstName: foo
lastName: bar
`),
[]byte(`<html>error page</html>`),
[]byte(`<html>error page</html>`),
false,
Error, Error,
}, },
} { } {
@ -146,16 +294,18 @@ lastName: bar
opts: Opts{ opts: Opts{
SkipKinds: map[string]struct{}{}, SkipKinds: map[string]struct{}{},
RejectKinds: map[string]struct{}{}, RejectKinds: map[string]struct{}{},
IgnoreMissingSchemas: testCase.ignoreMissingSchema,
}, },
schemaCache: nil, schemaCache: nil,
schemaDownload: func(_ []registry.Registry, _, _, _ string) (*gojsonschema.Schema, error) { schemaDownload: downloadSchema,
schema, err := gojsonschema.NewSchema(gojsonschema.NewBytesLoader(testCase.schema)) regs: []registry.Registry{
if err != nil { newMockRegistry(func() ([]byte, error) {
t.Errorf("failed parsing test schema") return testCase.schemaRegistry1, nil
} }),
return schema, nil newMockRegistry(func() ([]byte, error) {
return testCase.schemaRegistry2, nil
}),
}, },
regs: nil,
} }
if got := val.ValidateResource(resource.Resource{Bytes: testCase.rawResource}); got.Status != testCase.expect { if got := val.ValidateResource(resource.Resource{Bytes: testCase.rawResource}); got.Status != testCase.expect {
t.Errorf("%d - expected %d, got %d: %s", i, testCase.expect, got.Status, got.Err.Error()) t.Errorf("%d - expected %d, got %d: %s", i, testCase.expect, got.Status, got.Err.Error())