mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-25 04:33:26 +00:00
Merge pull request #78453 from sttts/sttts-crd-invalid-regex-test
apiextensions: add invalid validation schema regex test
This commit is contained in:
commit
15a01d5fa5
@ -1692,6 +1692,7 @@ func TestValidateCustomResourceDefinition(t *testing.T) {
|
|||||||
invalid("spec", "validation", "openAPIV3Schema", "properties[a]", "default"),
|
invalid("spec", "validation", "openAPIV3Schema", "properties[a]", "default"),
|
||||||
invalid("spec", "validation", "openAPIV3Schema", "properties[c]", "default"),
|
invalid("spec", "validation", "openAPIV3Schema", "properties[c]", "default"),
|
||||||
invalid("spec", "validation", "openAPIV3Schema", "properties[d]", "default"),
|
invalid("spec", "validation", "openAPIV3Schema", "properties[d]", "default"),
|
||||||
|
invalid("spec", "validation", "openAPIV3Schema", "properties[d]", "properties[bad]", "pattern"),
|
||||||
// we also expected unpruned and valid defaults under x-kubernetes-preserve-unknown-fields. We could be more
|
// we also expected unpruned and valid defaults under x-kubernetes-preserve-unknown-fields. We could be more
|
||||||
// strict here, but want to encourage proper specifications by forbidding other defaults.
|
// strict here, but want to encourage proper specifications by forbidding other defaults.
|
||||||
invalid("spec", "validation", "openAPIV3Schema", "properties[e]", "properties[preserveUnknownFields]", "default"),
|
invalid("spec", "validation", "openAPIV3Schema", "properties[e]", "properties[preserveUnknownFields]", "default"),
|
||||||
|
@ -17,7 +17,9 @@ limitations under the License.
|
|||||||
package schema
|
package schema
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"fmt"
|
||||||
"reflect"
|
"reflect"
|
||||||
|
"regexp"
|
||||||
"sort"
|
"sort"
|
||||||
|
|
||||||
"k8s.io/apimachinery/pkg/util/validation/field"
|
"k8s.io/apimachinery/pkg/util/validation/field"
|
||||||
@ -226,6 +228,12 @@ func validateValueValidation(v *ValueValidation, skipAnyOf, skipFirstAllOfAnyOf
|
|||||||
|
|
||||||
allErrs = append(allErrs, validateNestedValueValidation(v.Not, false, false, lvl, fldPath.Child("not"))...)
|
allErrs = append(allErrs, validateNestedValueValidation(v.Not, false, false, lvl, fldPath.Child("not"))...)
|
||||||
|
|
||||||
|
if len(v.Pattern) > 0 {
|
||||||
|
if _, err := regexp.Compile(v.Pattern); err != nil {
|
||||||
|
allErrs = append(allErrs, field.Invalid(fldPath.Child("pattern"), v.Pattern, fmt.Sprintf("must be a valid regular expression, but isn't: %v", err)))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
return allErrs
|
return allErrs
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -139,7 +139,7 @@ func convertNullTypeToNullable(x interface{}) interface{} {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestNullable(t *testing.T) {
|
func TestValidateCustomResource(t *testing.T) {
|
||||||
type args struct {
|
type args struct {
|
||||||
schema apiextensions.JSONSchemaProps
|
schema apiextensions.JSONSchemaProps
|
||||||
object interface{}
|
object interface{}
|
||||||
@ -149,6 +149,7 @@ func TestNullable(t *testing.T) {
|
|||||||
args args
|
args args
|
||||||
wantErr bool
|
wantErr bool
|
||||||
}{
|
}{
|
||||||
|
// TODO: make more complete
|
||||||
{"!nullable against non-null", args{
|
{"!nullable against non-null", args{
|
||||||
apiextensions.JSONSchemaProps{
|
apiextensions.JSONSchemaProps{
|
||||||
Properties: map[string]apiextensions.JSONSchemaProps{
|
Properties: map[string]apiextensions.JSONSchemaProps{
|
||||||
@ -235,6 +236,17 @@ func TestNullable(t *testing.T) {
|
|||||||
},
|
},
|
||||||
map[string]interface{}{"field": nil},
|
map[string]interface{}{"field": nil},
|
||||||
}, false},
|
}, false},
|
||||||
|
{"invalid regex", args{
|
||||||
|
apiextensions.JSONSchemaProps{
|
||||||
|
Properties: map[string]apiextensions.JSONSchemaProps{
|
||||||
|
"field": {
|
||||||
|
Type: "string",
|
||||||
|
Pattern: "+",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
map[string]interface{}{"field": "foo"},
|
||||||
|
}, true},
|
||||||
}
|
}
|
||||||
for _, tt := range tests {
|
for _, tt := range tests {
|
||||||
t.Run(tt.name, func(t *testing.T) {
|
t.Run(tt.name, func(t *testing.T) {
|
||||||
|
@ -870,6 +870,19 @@ oneOf:
|
|||||||
"spec.validation.openAPIV3Schema.not.default",
|
"spec.validation.openAPIV3Schema.not.default",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
desc: "invalid regex pattern",
|
||||||
|
globalSchema: `
|
||||||
|
type: object
|
||||||
|
properties:
|
||||||
|
foo:
|
||||||
|
type: string
|
||||||
|
pattern: "+"
|
||||||
|
`,
|
||||||
|
expectedViolations: []string{
|
||||||
|
"spec.validation.openAPIV3Schema.properties[foo].pattern: Invalid value: \"+\": must be a valid regular expression, but isn't: error parsing regexp: missing argument to repetition operator: `+`",
|
||||||
|
},
|
||||||
|
},
|
||||||
{
|
{
|
||||||
desc: "forbidden vendor extensions in nested value validation",
|
desc: "forbidden vendor extensions in nested value validation",
|
||||||
globalSchema: `
|
globalSchema: `
|
||||||
|
Loading…
Reference in New Issue
Block a user