WIP

2026-05-01 07:44:28 +00:00 · 2025-05-10 22:11:18 +02:00 · 2025-05-10 22:11:18 +02:00 · b578f66419
commit b578f66419
parent 872f8b00cc
8 changed files with 165 additions and 117 deletions
--- a/pkg/registry/http.go
+++ b/pkg/registry/http.go
@ -1,17 +1,9 @@
 package registry

 import (
-	"crypto/tls"
-	"errors"
-	"fmt"
-	"io"
-	"log"
-	"net/http"
-	"os"
-	"time"
-
-	retryablehttp "github.com/hashicorp/go-retryablehttp"
+	"github.com/santhosh-tekuri/jsonschema/v6"
 	"github.com/yannh/kubeconform/pkg/cache"
+	"net/http"
 )

 type httpGetter interface {
@ -20,55 +12,24 @@ type httpGetter interface {

 // SchemaRegistry is a file repository (local or remote) that contains JSON schemas for Kubernetes resources
 type SchemaRegistry struct {
-	c                  httpGetter
 	schemaPathTemplate string
 	cache              cache.Cache
 	strict             bool
 	debug              bool
+	loader             jsonschema.URLLoader
 }

-func newHTTPRegistry(schemaPathTemplate string, cacheFolder string, strict bool, skipTLS bool, debug bool) (*SchemaRegistry, error) {
-	reghttp := &http.Transport{
-		MaxIdleConns:       100,
-		IdleConnTimeout:    3 * time.Second,
-		DisableCompression: true,
-		Proxy:              http.ProxyFromEnvironment,
-	}
-
-	if skipTLS {
-		reghttp.TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
-	}
-
-	var filecache cache.Cache = nil
-	if cacheFolder != "" {
-		fi, err := os.Stat(cacheFolder)
-		if err != nil {
-			return nil, fmt.Errorf("failed opening cache folder %s: %s", cacheFolder, err)
-		}
-		if !fi.IsDir() {
-			return nil, fmt.Errorf("cache folder %s is not a directory", err)
-		}
-
-		filecache = cache.NewOnDiskCache(cacheFolder)
-	}
-
-	// retriable http client
-	retryClient := retryablehttp.NewClient()
-	retryClient.RetryMax = 2
-	retryClient.HTTPClient = &http.Client{Transport: reghttp}
-	retryClient.Logger = nil
-
+func newHTTPRegistry(schemaPathTemplate string, loader jsonschema.URLLoader, strict bool, debug bool) (*SchemaRegistry, error) {
 	return &SchemaRegistry{
-		c:                  retryClient.StandardClient(),
 		schemaPathTemplate: schemaPathTemplate,
-		cache:              filecache,
 		strict:             strict,
+		loader:             loader,
 		debug:              debug,
 	}, nil
 }

 // DownloadSchema downloads the schema for a particular resource from an HTTP server
-func (r SchemaRegistry) DownloadSchema(resourceKind, resourceAPIVersion, k8sVersion string) (string, []byte, error) {
+func (r SchemaRegistry) DownloadSchema(resourceKind, resourceAPIVersion, k8sVersion string) (string, any, error) {
 	url, err := schemaPath(r.schemaPathTemplate, resourceKind, resourceAPIVersion, k8sVersion, r.strict)
 	if err != nil {
 		return "", nil, err
@ -80,50 +41,7 @@ func (r SchemaRegistry) DownloadSchema(resourceKind, resourceAPIVersion, k8sVers
 		}
 	}

-	resp, err := r.c.Get(url)
-	if err != nil {
-		msg := fmt.Sprintf("failed downloading schema at %s: %s", url, err)
-		if r.debug {
-			log.Println(msg)
-		}
-		return url, nil, errors.New(msg)
-	}
-	defer resp.Body.Close()
+	resp, err := r.loader.Load(url)

-	if resp.StatusCode == http.StatusNotFound {
-		msg := fmt.Sprintf("could not find schema at %s", url)
-		if r.debug {
-			log.Print(msg)
-		}
-		return url, nil, newNotFoundError(errors.New(msg))
-	}
-
-	if resp.StatusCode != http.StatusOK {
-		msg := fmt.Sprintf("error while downloading schema at %s - received HTTP status %d", url, resp.StatusCode)
-		if r.debug {
-			log.Print(msg)
-		}
-		return url, nil, fmt.Errorf("%s", msg)
-	}
-
-	body, err := io.ReadAll(resp.Body)
-	if err != nil {
-		msg := fmt.Sprintf("failed parsing schema from %s: %s", url, err)
-		if r.debug {
-			log.Print(msg)
-		}
-		return url, nil, errors.New(msg)
-	}
-
-	if r.debug {
-		log.Printf("using schema found at %s", url)
-	}
-
-	if r.cache != nil {
-		if err := r.cache.Set(resourceKind, resourceAPIVersion, k8sVersion, body); err != nil {
-			return url, nil, fmt.Errorf("failed writing schema to cache: %s", err)
-		}
-	}
-
-	return url, body, nil
+	return url, resp, nil
 }
--- a/pkg/registry/local.go
+++ b/pkg/registry/local.go
@ -1,8 +1,10 @@
 package registry

 import (
+	"bytes"
 	"errors"
 	"fmt"
+	"github.com/santhosh-tekuri/jsonschema/v6"
 	"io"
 	"log"
 	"os"
@ -24,7 +26,7 @@ func newLocalRegistry(pathTemplate string, strict bool, debug bool) (*LocalRegis
 }

 // DownloadSchema retrieves the schema from a file for the resource
-func (r LocalRegistry) DownloadSchema(resourceKind, resourceAPIVersion, k8sVersion string) (string, []byte, error) {
+func (r LocalRegistry) DownloadSchema(resourceKind, resourceAPIVersion, k8sVersion string) (string, any, error) {
 	schemaFile, err := schemaPath(r.pathTemplate, resourceKind, resourceAPIVersion, k8sVersion, r.strict)
 	if err != nil {
 		return schemaFile, []byte{}, nil
@ -36,7 +38,7 @@ func (r LocalRegistry) DownloadSchema(resourceKind, resourceAPIVersion, k8sVersi
 			if r.debug {
 				log.Print(msg)
 			}
-			return schemaFile, nil, newNotFoundError(errors.New(msg))
+			return schemaFile, nil, NewNotFoundError(errors.New(msg))
 		}

 		msg := fmt.Sprintf("failed to open schema at %s: %s", schemaFile, err)
@ -59,5 +61,7 @@ func (r LocalRegistry) DownloadSchema(resourceKind, resourceAPIVersion, k8sVersi
 	if r.debug {
 		log.Printf("using schema found at %s", schemaFile)
 	}
-	return schemaFile, content, nil
+
+	b, err := jsonschema.UnmarshalJSON(bytes.NewReader(content))
+	return schemaFile, b, err
 }
--- a/pkg/registry/registry.go
+++ b/pkg/registry/registry.go
@ -3,6 +3,9 @@ package registry
 import (
 	"bytes"
 	"fmt"
+	"github.com/yannh/kubeconform/pkg/cache"
+	"github.com/yannh/kubeconform/pkg/loader"
+	"os"
 	"strings"
 	"text/template"
 )
@ -13,7 +16,7 @@ type Manifest struct {

 // Registry is an interface that should be implemented by any source of Kubernetes schemas
 type Registry interface {
-	DownloadSchema(resourceKind, resourceAPIVersion, k8sVersion string) (string, []byte, error)
+	DownloadSchema(resourceKind, resourceAPIVersion, k8sVersion string) (string, any, error)
 }

 // Retryable indicates whether an error is a temporary or a permanent failure
@ -26,7 +29,7 @@ type NotFoundError struct {
 	err error
 }

-func newNotFoundError(err error) *NotFoundError {
+func NewNotFoundError(err error) *NotFoundError {
 	return &NotFoundError{err}
 }
 func (e *NotFoundError) Error() string   { return e.err.Error() }
@ -81,7 +84,7 @@ func schemaPath(tpl, resourceKind, resourceAPIVersion, k8sVersion string, strict
 	return buf.String(), nil
 }

-func New(schemaLocation string, cache string, strict bool, skipTLS bool, debug bool) (Registry, error) {
+func New(schemaLocation string, cacheFolder string, strict bool, skipTLS bool, debug bool) (Registry, error) {
 	if schemaLocation == "default" {
 		schemaLocation = "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/{{ .NormalizedKubernetesVersion }}-standalone{{ .StrictSuffix }}/{{ .ResourceKind }}{{ .KindSuffix }}.json"
 	} else if !strings.HasSuffix(schemaLocation, "json") { // If we dont specify a full templated path, we assume the paths of our fork of kubernetes-json-schema
@ -93,8 +96,25 @@ func New(schemaLocation string, cache string, strict bool, skipTLS bool, debug b
 		return nil, fmt.Errorf("failed initialising schema location registry: %s", err)
 	}

+	var filecache cache.Cache = nil
+	if cacheFolder != "" {
+		fi, err := os.Stat(cacheFolder)
+		if err != nil {
+			return nil, fmt.Errorf("failed opening cache folder %s: %s", cacheFolder, err)
+		}
+		if !fi.IsDir() {
+			return nil, fmt.Errorf("cache folder %s is not a directory", err)
+		}
+
+		filecache = cache.NewOnDiskCache(cacheFolder)
+	}
+
 	if strings.HasPrefix(schemaLocation, "http") {
-		return newHTTPRegistry(schemaLocation, cache, strict, skipTLS, debug)
+		httpLoader, err := loader.NewHTTPURLLoader(skipTLS, filecache)
+		if err != nil {
+			return nil, fmt.Errorf("failed creating HTTP loader: %s", err)
+		}
+		return newHTTPRegistry(schemaLocation, httpLoader, strict, debug)
 	}

 	return newLocalRegistry(schemaLocation, strict, debug)