Merge branch 'yannh:master' into master

Readme.md

@@ -204,6 +204,8 @@ $ ./scripts/openapi2jsonschema.py https://raw.githubusercontent.com/aws/amazon-s
 JSON schema written to trainingjob-sagemaker-v1.json
 ```
 
+Some CRD schemas do not have explicit validation for fields implicitly validated by the Kubernetes API like `apiVersion`, `kind`, and `metadata`, thus additional properties are allowed at the root of the JSON schema by default, if this is not desired the `DENY_ROOT_ADDITIONAL_PROPERTIES` environment variable can be set to any non-empty value.
+
 ### Usage as a Github Action
 
 Kubeconform is publishes Docker Images to Github's new Container Registry, ghcr.io. These images

scripts/acceptance.bats

@@ -2,6 +2,7 @@
 
 setup() {
   rm -f prometheus_v1.json
+  rm -f prometheus-monitoring-v1.json
 }
 
 @test "Should generate expected prometheus resource" {
@@ -19,3 +20,19 @@ setup() {
   run diff prometheus_v1.json ./fixtures/prometheus_v1-expected.json
   [ "$status" -eq 0 ]
 }
+
+@test "Should output filename in {kind}-{group}-{version} format" {
+  FILENAME_FORMAT='{kind}-{group}-{version}' run ./openapi2jsonschema.py fixtures/prometheus-operator-0prometheusCustomResourceDefinition.yaml
+  [ "$status" -eq 0 ]
+  [ "$output" = "JSON schema written to prometheus-monitoring-v1.json" ]
+  run diff prometheus-monitoring-v1.json ./fixtures/prometheus_v1-expected.json
+  [ "$status" -eq 0 ]
+}
+
+@test "Should set 'additionalProperties: false' at the root" {
+  DENY_ROOT_ADDITIONAL_PROPERTIES='true' run ./openapi2jsonschema.py fixtures/prometheus-operator-0prometheusCustomResourceDefinition.yaml
+  [ "$status" -eq 0 ]
+  [ "$output" = "JSON schema written to prometheus_v1.json" ]
+  run diff prometheus_v1.json ./fixtures/prometheus_v1-denyRootAdditionalProperties.json
+  [ "$status" -eq 0 ]
+}

scripts/fixtures/prometheus_v1-expected.json

@@ -7094,4 +7094,4 @@
     "spec"
   ],
   "type": "object"
-}
+}

scripts/openapi2jsonschema.py

@@ -17,23 +17,15 @@ def test_additional_properties():
     }]):
         assert additional_properties(test["input"]) == test["expect"]
 
-def additional_properties(data):
+def additional_properties(data, skip=False):
     "This recreates the behaviour of kubectl at https://github.com/kubernetes/kubernetes/blob/225b9119d6a8f03fcbe3cc3d590c261965d928d0/pkg/kubectl/validation/schema.go#L312"
-    new = {}
+    if isinstance(data, dict):
-    try:
+        if "properties" in data and not skip:
-        for k, v in iter(data.items()):
+            if "additionalProperties" not in data:
-            new_v = v
+                data["additionalProperties"] = False
-            if isinstance(v, dict):
+        for _, v in data.items():
-                if "properties" in v:
+            additional_properties(v)
-                    if "additionalProperties" not in v:
+    return data
-                        v["additionalProperties"] = False
-                new_v = additional_properties(v)
-            else:
-                new_v = v
-            new[k] = new_v
-        return new
-    except AttributeError:
-        return data
 
 def test_replace_int_or_string():
     for test in iter([{
@@ -102,14 +94,14 @@ def append_no_duplicates(obj, key, value):
 def write_schema_file(schema, filename):
     schemaJSON = ""
 
-    schema = additional_properties(schema)
+    schema = additional_properties(schema, skip=not os.getenv("DENY_ROOT_ADDITIONAL_PROPERTIES"))
     schema = replace_int_or_string(schema)
     schemaJSON = json.dumps(schema, indent=2)
 
     # Dealing with user input here..
     filename = os.path.basename(filename)
     f = open(filename, "w")
-    f.write(schemaJSON)
+    print(schemaJSON, file=f)
     f.close()
     print("JSON schema written to {filename}".format(filename=filename))