Skip to content

Commit

Permalink
fix: bump kubectl validate (#490)
Browse files Browse the repository at this point in the history
Signed-off-by: Charles-Edouard Brétéché <[email protected]>
  • Loading branch information
eddycharly authored Sep 20, 2023
1 parent 89500ef commit 0ddf789
Show file tree
Hide file tree
Showing 4 changed files with 38 additions and 72 deletions.
8 changes: 3 additions & 5 deletions backend/go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,6 @@ module github.com/kyverno/playground/backend

go 1.21

replace sigs.k8s.io/kubectl-validate => github.com/fjogeleit/kubectl-validate v0.0.0-20230829084516-b287ab7c3ec5

require (
github.com/Masterminds/semver/v3 v3.2.1
github.com/evanphx/json-patch/v5 v5.7.0
Expand All @@ -19,20 +17,20 @@ require (
k8s.io/apimachinery v0.28.2
k8s.io/client-go v0.28.2
sigs.k8s.io/controller-runtime v0.16.2
sigs.k8s.io/kubectl-validate v0.0.0-20230531195345-5aee348b797c
sigs.k8s.io/kubectl-validate v0.0.0-20230914185012-0d8eb44296e9
sigs.k8s.io/yaml v1.3.0
)

require (
cloud.google.com/go/compute v1.23.0 // indirect
cloud.google.com/go/compute/metadata v0.2.3 // indirect
cloud.google.com/go/iam v1.1.2 // indirect
cloud.google.com/go/kms v1.15.1 // indirect
cloud.google.com/go/kms v1.15.2 // indirect
cuelang.org/go v0.6.0 // indirect
filippo.io/edwards25519 v1.0.0 // indirect
github.com/AliyunContainerService/ack-ram-tool/pkg/credentials/alibabacloudsdkgo/helper v0.2.0 // indirect
github.com/Azure/azure-sdk-for-go v68.0.0+incompatible // indirect
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.7.1 // indirect
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.7.2 // indirect
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.1 // indirect
github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0 // indirect
github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.0.1 // indirect
Expand Down
12 changes: 6 additions & 6 deletions backend/go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -37,8 +37,8 @@ cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1
cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk=
cloud.google.com/go/iam v1.1.2 h1:gacbrBdWcoVmGLozRuStX45YKvJtzIjJdAolzUs1sm4=
cloud.google.com/go/iam v1.1.2/go.mod h1:A5avdyVL2tCppe4unb0951eI9jreack+RJ0/d+KUZOU=
cloud.google.com/go/kms v1.15.1 h1:HUC3fAoepH3RpcQXiJhXWWYizjQ5r7YjI7SO9ZbHf9s=
cloud.google.com/go/kms v1.15.1/go.mod h1:c9J991h5DTl+kg7gi3MYomh12YEENGrf48ee/N/2CDM=
cloud.google.com/go/kms v1.15.2 h1:lh6qra6oC4AyWe5fUUUBe/S27k12OHAleOOOw6KakdE=
cloud.google.com/go/kms v1.15.2/go.mod h1:3hopT4+7ooWRCjc2DxgnpESFxhIraaI2IpAVUEhbT/w=
cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I=
cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw=
cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA=
Expand Down Expand Up @@ -66,8 +66,8 @@ github.com/AliyunContainerService/ack-ram-tool/pkg/credentials/alibabacloudsdkgo
github.com/AliyunContainerService/ack-ram-tool/pkg/credentials/alibabacloudsdkgo/helper v0.2.0/go.mod h1:GgeIE+1be8Ivm7Sh4RgwI42aTtC9qrcj+Y9Y6CjJhJs=
github.com/Azure/azure-sdk-for-go v68.0.0+incompatible h1:fcYLmCpyNYRnvJbPerq7U0hS+6+I79yEDJBqVNcqUzU=
github.com/Azure/azure-sdk-for-go v68.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.7.1 h1:/iHxaJhsFr0+xVFfbMr5vxz848jyiWuIEDhYq3y5odY=
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.7.1/go.mod h1:bjGvMhVMb+EEm3VRNQawDMUyMMjo+S5ewNjflkep/0Q=
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.7.2 h1:t5+QXLCK9SVi0PPdaY0PrFvYUo24KwA0QwxnaHRSVd4=
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.7.2/go.mod h1:bjGvMhVMb+EEm3VRNQawDMUyMMjo+S5ewNjflkep/0Q=
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.1 h1:LNHhpdK7hzUcx/k1LIcuh5k7k1LGIWLQfCjaneSj7Fc=
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.1/go.mod h1:uE9zaUfEQT/nbQjVi2IblCG9iaLtZsuYZ8ne+PuQ02M=
github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0 h1:sXr+ck84g/ZlZUOZiNELInmMgOsuGwdjjVkEIde0OtY=
Expand Down Expand Up @@ -474,8 +474,6 @@ github.com/fatih/color v1.15.0/go.mod h1:0h5ZqXfHYED7Bhv2ZJamyIOUej9KtShiJESRwBD
github.com/fatih/structtag v1.2.0/go.mod h1:mBJUNpUnHmRKrKlQQlmCrh5PuhftFbNv8Ys4/aAZl94=
github.com/felixge/httpsnoop v1.0.3 h1:s/nj+GCswXYzN5v2DpNMuMQYe+0DDwt5WVCU6CWBdXk=
github.com/felixge/httpsnoop v1.0.3/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
github.com/fjogeleit/kubectl-validate v0.0.0-20230829084516-b287ab7c3ec5 h1:qK0Jm6cE186ce8MecbypxsARaQMQUDWwBj3aRYvW5Xk=
github.com/fjogeleit/kubectl-validate v0.0.0-20230829084516-b287ab7c3ec5/go.mod h1:9FgW8ync4Up+D1hIYTSO1vc9HkNbgm55N2iZ/LYNYxk=
github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k=
github.com/fortytw2/leaktest v1.3.0 h1:u8491cBMTQ8ft8aeV+adlcytMZylmA5nnwwkRZjI8vw=
github.com/fortytw2/leaktest v1.3.0/go.mod h1:jDsjWgpAGjm2CA7WthBh/CdZYEPF31XHquHwclZch5g=
Expand Down Expand Up @@ -2471,6 +2469,8 @@ sigs.k8s.io/controller-runtime v0.16.2 h1:mwXAVuEk3EQf478PQwQ48zGOXvW27UJc8NHktQ
sigs.k8s.io/controller-runtime v0.16.2/go.mod h1:vpMu3LpI5sYWtujJOa2uPK61nB5rbwlN7BAB8aSLvGU=
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
sigs.k8s.io/kubectl-validate v0.0.0-20230914185012-0d8eb44296e9 h1:2SQuQcVormMzrPZyayZ2q4t1EJBe0RTtqmFozc6HQTA=
sigs.k8s.io/kubectl-validate v0.0.0-20230914185012-0d8eb44296e9/go.mod h1:9FgW8ync4Up+D1hIYTSO1vc9HkNbgm55N2iZ/LYNYxk=
sigs.k8s.io/kustomize/api v0.14.0 h1:6+QLmXXA8X4eDM7ejeaNUyruA1DDB3PVIjbpVhDOJRA=
sigs.k8s.io/kustomize/api v0.14.0/go.mod h1:vmOXlC8BcmcUJQjiceUbcyQ75JBP6eg8sgoyzc+eLpQ=
sigs.k8s.io/kustomize/kyaml v0.14.3 h1:WpabVAKZe2YEp/irTSHwD6bfjwZnTtSDewd2BVJGMZs=
Expand Down
52 changes: 10 additions & 42 deletions backend/pkg/resource/loader/loader.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,69 +3,37 @@ package loader
import (
"fmt"

metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/client-go/openapi"
"sigs.k8s.io/kubectl-validate/pkg/validatorfactory"
"sigs.k8s.io/yaml"
"sigs.k8s.io/kubectl-validate/pkg/validator"
)

type Loader interface {
Load([]byte) (unstructured.Unstructured, error)
}

type loader struct {
factory *validatorfactory.ValidatorFactory
validator *validator.Validator
}

func New(client openapi.Client) (Loader, error) {
factory, err := validatorfactory.New(client)
factory, err := validator.New(client)
if err != nil {
return nil, err
}
return &loader{
factory: factory,
validator: factory,
}, nil
}

func (l *loader) Load(document []byte) (unstructured.Unstructured, error) {
var metadata metav1.TypeMeta
if err := yaml.Unmarshal(document, &metadata); err != nil {
return unstructured.Unstructured{}, err
}
gvk := metadata.GetObjectKind().GroupVersionKind()
if gvk.Empty() {
return unstructured.Unstructured{}, fmt.Errorf("GVK cannot be empty")
}
validator, err := l.factory.ValidatorsForGVK(gvk)
_, result, err := l.validator.Parse(document)
if err != nil {
return unstructured.Unstructured{}, err
return unstructured.Unstructured{}, fmt.Errorf("failed to parse document (%w)", err)
}
decoder, err := validator.Decoder(gvk)
if err != nil {
return unstructured.Unstructured{}, err
// TODO: remove DeepCopy when fixed upstream
if err := l.validator.Validate(result.DeepCopy()); err != nil {
return unstructured.Unstructured{}, fmt.Errorf("failed to validate resource (%w)", err)
}
info, ok := runtime.SerializerInfoForMediaType(decoder.SupportedMediaTypes(), runtime.ContentTypeYAML)
if !ok {
return unstructured.Unstructured{}, fmt.Errorf("unsupported media type %q", runtime.ContentTypeYAML)
}
var result unstructured.Unstructured
_, _, err = decoder.DecoderToVersion(info.StrictSerializer, gvk.GroupVersion()).Decode(document, &gvk, &result)
if err != nil {
return unstructured.Unstructured{}, err
}

c := result.UnstructuredContent()
if m, ok := c["metadata"]; ok {
if mm, ok := m.(map[string]any); ok {
if cT, ok := mm["creationTimestamp"]; ok {
if _, ok := cT.(map[string]any); ok {
mm["creationTimestamp"] = nil
}
}
}
}

return result, err
return *result, nil
}
38 changes: 19 additions & 19 deletions backend/pkg/resource/loader/loader_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ import (
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
"k8s.io/client-go/openapi"
"sigs.k8s.io/kubectl-validate/pkg/openapiclient"
"sigs.k8s.io/kubectl-validate/pkg/validatorfactory"
"sigs.k8s.io/kubectl-validate/pkg/validator"
"sigs.k8s.io/yaml"

"github.com/kyverno/playground/backend/data"
Expand All @@ -36,30 +36,30 @@ func TestNew(t *testing.T) {
name: "builtin",
client: openapiclient.NewHardcodedBuiltins("1.27"),
want: func() Loader {
factory, err := validatorfactory.New(openapiclient.NewHardcodedBuiltins("1.27"))
validator, err := validator.New(openapiclient.NewHardcodedBuiltins("1.27"))
require.NoError(t, err)
return &loader{
factory: factory,
validator: validator,
}
}(),
}, {
name: "invalid local",
client: openapiclient.NewLocalSchemaFiles(data.Schemas(), "blam"),
want: func() Loader {
factory, err := validatorfactory.New(openapiclient.NewLocalSchemaFiles(data.Schemas(), "blam"))
validator, err := validator.New(openapiclient.NewLocalSchemaFiles(data.Schemas(), "blam"))
require.NoError(t, err)
return &loader{
factory: factory,
validator: validator,
}
}(),
}, {
name: "composite - no clients",
client: openapiclient.NewComposite(),
want: func() Loader {
factory, err := validatorfactory.New(openapiclient.NewComposite())
validator, err := validator.New(openapiclient.NewComposite())
require.NoError(t, err)
return &loader{
factory: factory,
validator: validator,
}
}(),
}, {
Expand All @@ -74,10 +74,10 @@ func TestNew(t *testing.T) {
name: "composite - invalid local",
client: openapiclient.NewComposite(openapiclient.NewLocalSchemaFiles(data.Schemas(), "blam")),
want: func() Loader {
factory, err := validatorfactory.New(openapiclient.NewComposite(openapiclient.NewLocalSchemaFiles(data.Schemas(), "blam")))
validator, err := validator.New(openapiclient.NewComposite(openapiclient.NewLocalSchemaFiles(data.Schemas(), "blam")))
require.NoError(t, err)
return &loader{
factory: factory,
validator: validator,
}
}(),
}}
Expand Down Expand Up @@ -135,9 +135,9 @@ func Test_loader_Load(t *testing.T) {
name: "not yaml",
loader: newLoader(openapiclient.NewLocalSchemaFiles(data.Schemas(), "schemas")),
document: []byte(`
foo
bar
- baz`),
foo
bar
- baz`),
wantErr: true,
}, {
name: "unknown GVK",
Expand All @@ -148,13 +148,13 @@ foo
name: "bad schema",
loader: newLoader(openapiclient.NewHardcodedBuiltins("1.27")),
document: []byte(`
apiVersion: v1
kind: Namespace
bad: field
metadata:
name: prod-bus-app1
labels:
purpose: production`),
apiVersion: v1
kind: Namespace
bad: field
metadata:
name: prod-bus-app1
labels:
purpose: production`),
wantErr: true,
}, {
name: "ok",
Expand Down

0 comments on commit 0ddf789

Please sign in to comment.