Merge pull request #78453 from sttts/sttts-crd-invalid-regex-test

apiextensions: add invalid validation schema regex test
This commit is contained in:
Kubernetes Prow Robot 2019-05-31 23:23:12 -07:00 committed by GitHub
commit 15a01d5fa5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 35 additions and 1 deletions

View File

@ -1692,6 +1692,7 @@ func TestValidateCustomResourceDefinition(t *testing.T) {
invalid("spec", "validation", "openAPIV3Schema", "properties[a]", "default"), invalid("spec", "validation", "openAPIV3Schema", "properties[a]", "default"),
invalid("spec", "validation", "openAPIV3Schema", "properties[c]", "default"), invalid("spec", "validation", "openAPIV3Schema", "properties[c]", "default"),
invalid("spec", "validation", "openAPIV3Schema", "properties[d]", "default"), invalid("spec", "validation", "openAPIV3Schema", "properties[d]", "default"),
invalid("spec", "validation", "openAPIV3Schema", "properties[d]", "properties[bad]", "pattern"),
// we also expected unpruned and valid defaults under x-kubernetes-preserve-unknown-fields. We could be more // we also expected unpruned and valid defaults under x-kubernetes-preserve-unknown-fields. We could be more
// strict here, but want to encourage proper specifications by forbidding other defaults. // strict here, but want to encourage proper specifications by forbidding other defaults.
invalid("spec", "validation", "openAPIV3Schema", "properties[e]", "properties[preserveUnknownFields]", "default"), invalid("spec", "validation", "openAPIV3Schema", "properties[e]", "properties[preserveUnknownFields]", "default"),

View File

@ -17,7 +17,9 @@ limitations under the License.
package schema package schema
import ( import (
"fmt"
"reflect" "reflect"
"regexp"
"sort" "sort"
"k8s.io/apimachinery/pkg/util/validation/field" "k8s.io/apimachinery/pkg/util/validation/field"
@ -226,6 +228,12 @@ func validateValueValidation(v *ValueValidation, skipAnyOf, skipFirstAllOfAnyOf
allErrs = append(allErrs, validateNestedValueValidation(v.Not, false, false, lvl, fldPath.Child("not"))...) allErrs = append(allErrs, validateNestedValueValidation(v.Not, false, false, lvl, fldPath.Child("not"))...)
if len(v.Pattern) > 0 {
if _, err := regexp.Compile(v.Pattern); err != nil {
allErrs = append(allErrs, field.Invalid(fldPath.Child("pattern"), v.Pattern, fmt.Sprintf("must be a valid regular expression, but isn't: %v", err)))
}
}
return allErrs return allErrs
} }

View File

@ -139,7 +139,7 @@ func convertNullTypeToNullable(x interface{}) interface{} {
} }
} }
func TestNullable(t *testing.T) { func TestValidateCustomResource(t *testing.T) {
type args struct { type args struct {
schema apiextensions.JSONSchemaProps schema apiextensions.JSONSchemaProps
object interface{} object interface{}
@ -149,6 +149,7 @@ func TestNullable(t *testing.T) {
args args args args
wantErr bool wantErr bool
}{ }{
// TODO: make more complete
{"!nullable against non-null", args{ {"!nullable against non-null", args{
apiextensions.JSONSchemaProps{ apiextensions.JSONSchemaProps{
Properties: map[string]apiextensions.JSONSchemaProps{ Properties: map[string]apiextensions.JSONSchemaProps{
@ -235,6 +236,17 @@ func TestNullable(t *testing.T) {
}, },
map[string]interface{}{"field": nil}, map[string]interface{}{"field": nil},
}, false}, }, false},
{"invalid regex", args{
apiextensions.JSONSchemaProps{
Properties: map[string]apiextensions.JSONSchemaProps{
"field": {
Type: "string",
Pattern: "+",
},
},
},
map[string]interface{}{"field": "foo"},
}, true},
} }
for _, tt := range tests { for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) { t.Run(tt.name, func(t *testing.T) {

View File

@ -870,6 +870,19 @@ oneOf:
"spec.validation.openAPIV3Schema.not.default", "spec.validation.openAPIV3Schema.not.default",
}, },
}, },
{
desc: "invalid regex pattern",
globalSchema: `
type: object
properties:
foo:
type: string
pattern: "+"
`,
expectedViolations: []string{
"spec.validation.openAPIV3Schema.properties[foo].pattern: Invalid value: \"+\": must be a valid regular expression, but isn't: error parsing regexp: missing argument to repetition operator: `+`",
},
},
{ {
desc: "forbidden vendor extensions in nested value validation", desc: "forbidden vendor extensions in nested value validation",
globalSchema: ` globalSchema: `