github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-23 19:56:01 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #93078 from vareti/show-error-in-status-if-preserve-unknown-field-is-true-for-nonstructural-schemas

Browse Source 
Show error in status if preserve unknown fields is true for nonstructural schemas
This commit is contained in:
Kubernetes Prow Robot 2020-09-28 12:32:53 -07:00 committed by GitHub
commit 6e3ef0be16
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 129 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
staging/src/k8s.io/apiextensions-apiserver/pkg/controller/nonstructuralschema/BUILD
View File

@ -1,4 +1,4 @@
load("@io_bazel_rules_go//go:def.bzl", "go_library") load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test")
go_library( go_library(
name = "go_default_library", name = "go_default_library",
@ -38,3 +38,13 @@ filegroup(
tags = ["automanaged"], tags = ["automanaged"],
visibility = ["//visibility:public"], visibility = ["//visibility:public"],
) )
go_test(
name = "go_default_test",
srcs = ["nonstructuralschema_controller_test.go"],
embed = [":go_default_library"],
deps = [
"//staging/src/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/util/validation/field:go_default_library",
],
)

6
staging/src/k8s.io/apiextensions-apiserver/pkg/controller/nonstructuralschema/nonstructuralschema_controller.go
View File

@ -90,6 +90,12 @@ func calculateCondition(in *apiextensionsv1.CustomResourceDefinition) *apiextens
allErrs := field.ErrorList{} allErrs := field.ErrorList{}
if in.Spec.PreserveUnknownFields {
allErrs = append(allErrs, field.Invalid(field.NewPath("spec", "preserveUnknownFields"),
in.Spec.PreserveUnknownFields,
fmt.Sprint("must be false")))
}
for i, v := range in.Spec.Versions { for i, v := range in.Spec.Versions {
if v.Schema == nil || v.Schema.OpenAPIV3Schema == nil { if v.Schema == nil || v.Schema.OpenAPIV3Schema == nil {
continue continue

66
staging/src/k8s.io/apiextensions-apiserver/pkg/controller/nonstructuralschema/nonstructuralschema_controller_test.go Normal file
View File

@ -0,0 +1,66 @@
/*
Copyright 2020 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package nonstructuralschema
import (
"fmt"
"reflect"
"testing"
apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
"k8s.io/apimachinery/pkg/util/validation/field"
)
func Test_calculateCondition(t *testing.T) {
tests := []struct {
name string
args *apiextensionsv1.CustomResourceDefinition
want *apiextensionsv1.CustomResourceDefinitionCondition
}{
{
name: "preserve unknown fields is false",
args: &apiextensionsv1.CustomResourceDefinition{
Spec: apiextensionsv1.CustomResourceDefinitionSpec{
PreserveUnknownFields: false,
},
},
},
{
name: "preserve unknown fields is true",
args: &apiextensionsv1.CustomResourceDefinition{
Spec: apiextensionsv1.CustomResourceDefinitionSpec{
PreserveUnknownFields: true,
},
},
want: &apiextensionsv1.CustomResourceDefinitionCondition{
Type: apiextensionsv1.NonStructuralSchema,
Status: apiextensionsv1.ConditionTrue,
Reason: "Violations",
Message: field.Invalid(field.NewPath("spec", "preserveUnknownFields"),
true,
fmt.Sprint("must be false")).Error(),
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if got := calculateCondition(tt.args); !reflect.DeepEqual(got, tt.want) {
t.Errorf("calculateCondition() = %v, want %v", got, tt.want)
}
})
}
}

67
staging/src/k8s.io/apiextensions-apiserver/test/integration/validation_test.go
View File

@ -27,6 +27,7 @@ import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
"k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/apimachinery/pkg/runtime/schema"
"k8s.io/apimachinery/pkg/types"
"k8s.io/apimachinery/pkg/util/wait" "k8s.io/apimachinery/pkg/util/wait"
"k8s.io/apimachinery/pkg/util/yaml" "k8s.io/apimachinery/pkg/util/yaml"
@ -780,21 +781,25 @@ spec:
if v := "spec.versions[0].schema.openAPIV3Schema.properties[a].type: Required value: must not be empty for specified object fields"; !strings.Contains(cond.Message, v) { if v := "spec.versions[0].schema.openAPIV3Schema.properties[a].type: Required value: must not be empty for specified object fields"; !strings.Contains(cond.Message, v) {
t.Fatalf("expected violation %q, but got: %v", v, cond.Message) t.Fatalf("expected violation %q, but got: %v", v, cond.Message)
} }
if v := "spec.preserveUnknownFields: Invalid value: true: must be false"; !strings.Contains(cond.Message, v) {
t.Fatalf("expected violation %q, but got: %v", v, cond.Message)
}
// remove schema // remove schema
t.Log("Remove schema") t.Log("Remove schema")
for retry := 0; retry < 5; retry++ { for retry := 0; retry < 5; retry++ {
crd, err = apiExtensionClient.ApiextensionsV1beta1().CustomResourceDefinitions().Get(context.TODO(), name, metav1.GetOptions{}) // This patch fixes two fields to resolve
if err != nil { // 1. property type validation error
t.Fatalf("unexpected get error: %v", err) // 2. preserveUnknownFields validation error
} patch := []byte("[{\"op\":\"add\",\"path\":\"/spec/validation/openAPIV3Schema/properties/a/type\",\"value\":\"int\"}," +
crd.Spec.Validation = nil "{\"op\":\"replace\",\"path\":\"/spec/preserveUnknownFields\",\"value\":false}]")
if _, err = apiExtensionClient.ApiextensionsV1beta1().CustomResourceDefinitions().Update(context.TODO(), crd, metav1.UpdateOptions{}); apierrors.IsConflict(err) { if _, err = apiExtensionClient.ApiextensionsV1beta1().CustomResourceDefinitions().Patch(context.TODO(), name, types.JSONPatchType, patch, metav1.PatchOptions{}); apierrors.IsConflict(err) {
continue continue
} }
if err != nil { if err != nil {
t.Fatalf("unexpected update error: %v", err) t.Fatalf("unexpected update error: %v", err)
} }
break
} }
if err != nil { if err != nil {
t.Fatalf("unexpected update error: %v", err) t.Fatalf("unexpected update error: %v", err)
@ -814,13 +819,14 @@ spec:
t.Fatalf("unexpected error waiting for NonStructuralSchema condition: %v", cond) t.Fatalf("unexpected error waiting for NonStructuralSchema condition: %v", cond)
} }
// readd schema // re-add schema
t.Log("Readd schema") t.Log("Re-add schema")
for retry := 0; retry < 5; retry++ { for retry := 0; retry < 5; retry++ {
crd, err = apiExtensionClient.ApiextensionsV1beta1().CustomResourceDefinitions().Get(context.TODO(), name, metav1.GetOptions{}) crd, err = apiExtensionClient.ApiextensionsV1beta1().CustomResourceDefinitions().Get(context.TODO(), name, metav1.GetOptions{})
if err != nil { if err != nil {
t.Fatalf("unexpected get error: %v", err) t.Fatalf("unexpected get error: %v", err)
} }
crd.Spec.PreserveUnknownFields = nil
crd.Spec.Validation = &apiextensionsv1beta1.CustomResourceValidation{OpenAPIV3Schema: origSchema} crd.Spec.Validation = &apiextensionsv1beta1.CustomResourceValidation{OpenAPIV3Schema: origSchema}
if _, err = apiExtensionClient.ApiextensionsV1beta1().CustomResourceDefinitions().Update(context.TODO(), crd, metav1.UpdateOptions{}); apierrors.IsConflict(err) { if _, err = apiExtensionClient.ApiextensionsV1beta1().CustomResourceDefinitions().Update(context.TODO(), crd, metav1.UpdateOptions{}); apierrors.IsConflict(err) {
continue continue
@ -828,6 +834,7 @@ spec:
if err != nil { if err != nil {
t.Fatalf("unexpected update error: %v", err) t.Fatalf("unexpected update error: %v", err)
} }
break
} }
if err != nil { if err != nil {
t.Fatalf("unexpected update error: %v", err) t.Fatalf("unexpected update error: %v", err)
@ -849,6 +856,9 @@ spec:
if v := "spec.versions[0].schema.openAPIV3Schema.properties[a].type: Required value: must not be empty for specified object fields"; !strings.Contains(cond.Message, v) { if v := "spec.versions[0].schema.openAPIV3Schema.properties[a].type: Required value: must not be empty for specified object fields"; !strings.Contains(cond.Message, v) {
t.Fatalf("expected violation %q, but got: %v", v, cond.Message) t.Fatalf("expected violation %q, but got: %v", v, cond.Message)
} }
if v := "spec.preserveUnknownFields: Invalid value: true: must be false"; !strings.Contains(cond.Message, v) {
t.Fatalf("expected violation %q, but got: %v", v, cond.Message)
}
} }
func TestNonStructuralSchemaCondition(t *testing.T) { func TestNonStructuralSchemaCondition(t *testing.T) {
@ -862,6 +872,7 @@ func TestNonStructuralSchemaCondition(t *testing.T) {
apiVersion: apiextensions.k8s.io/v1beta1 apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition kind: CustomResourceDefinition
spec: spec:
preserveUnknownFields: PRESERVE_UNKNOWN_FIELDS
version: v1beta1 version: v1beta1
names: names:
plural: foos plural: foos
@ -882,6 +893,7 @@ spec:
type Test struct { type Test struct {
desc string desc string
preserveUnknownFields string
globalSchema, v1Schema, v1beta1Schema string globalSchema, v1Schema, v1beta1Schema string
expectedCreateErrors []string expectedCreateErrors []string
unexpectedCreateErrors []string unexpectedCreateErrors []string
@ -889,7 +901,19 @@ spec:
unexpectedViolations []string unexpectedViolations []string
} }
tests := []Test{ tests := []Test{
{"empty", "", "", "", nil, nil, nil, nil}, {
desc: "empty",
expectedViolations: []string{
"spec.preserveUnknownFields: Invalid value: true: must be false",
},
},
{
desc: "preserve unknown fields is false",
preserveUnknownFields: "false",
globalSchema: `
type: object
`,
},
{ {
desc: "int-or-string and preserve-unknown-fields true", desc: "int-or-string and preserve-unknown-fields true",
globalSchema: ` globalSchema: `
@ -922,7 +946,8 @@ x-kubernetes-embedded-resource: true
}, },
}, },
{ {
desc: "embedded-resource without preserve-unknown-fields, but properties", desc: "embedded-resource without preserve-unknown-fields, but properties",
preserveUnknownFields: "false",
globalSchema: ` globalSchema: `
type: object type: object
x-kubernetes-embedded-resource: true x-kubernetes-embedded-resource: true
@ -934,16 +959,15 @@ properties:
metadata: metadata:
type: object type: object
`, `,
expectedViolations: []string{},
}, },
{ {
desc: "embedded-resource with preserve-unknown-fields", desc: "embedded-resource with preserve-unknown-fields",
preserveUnknownFields: "false",
globalSchema: ` globalSchema: `
type: object type: object
x-kubernetes-embedded-resource: true x-kubernetes-embedded-resource: true
x-kubernetes-preserve-unknown-fields: true x-kubernetes-preserve-unknown-fields: true
`, `,
expectedViolations: []string{},
}, },
{ {
desc: "embedded-resource with wrong type", desc: "embedded-resource with wrong type",
@ -1330,7 +1354,8 @@ oneOf:
}, },
}, },
{ {
desc: "structural complete", desc: "structural complete",
preserveUnknownFields: "false",
globalSchema: ` globalSchema: `
type: object type: object
properties: properties:
@ -1391,7 +1416,6 @@ oneOf:
- properties: - properties:
g: {} g: {}
`, `,
expectedViolations: nil,
}, },
{ {
desc: "invalid v1beta1 schema", desc: "invalid v1beta1 schema",
@ -1472,7 +1496,8 @@ properties:
}, },
}, },
{ {
desc: "metadata with name property", desc: "metadata with name property",
preserveUnknownFields: "false",
globalSchema: ` globalSchema: `
type: object type: object
properties: properties:
@ -1483,10 +1508,10 @@ properties:
type: string type: string
pattern: "^[a-z]+$" pattern: "^[a-z]+$"
`, `,
expectedViolations: []string{},
}, },
{ {
desc: "metadata with generateName property", desc: "metadata with generateName property",
preserveUnknownFields: "false",
globalSchema: ` globalSchema: `
type: object type: object
properties: properties:
@ -1497,10 +1522,10 @@ properties:
type: string type: string
pattern: "^[a-z]+$" pattern: "^[a-z]+$"
`, `,
expectedViolations: []string{},
}, },
{ {
desc: "metadata with name and generateName property", desc: "metadata with name and generateName property",
preserveUnknownFields: "false",
globalSchema: ` globalSchema: `
type: object type: object
properties: properties:
@ -1514,7 +1539,6 @@ properties:
type: string type: string
pattern: "^[a-z]+$" pattern: "^[a-z]+$"
`, `,
expectedViolations: []string{},
}, },
{ {
desc: "metadata under junctors", desc: "metadata under junctors",
@ -1597,6 +1621,7 @@ properties:
"GLOBAL_SCHEMA", toValidationJSON(tst.globalSchema), "GLOBAL_SCHEMA", toValidationJSON(tst.globalSchema),
"V1BETA1_SCHEMA", toValidationJSON(tst.v1beta1Schema), "V1BETA1_SCHEMA", toValidationJSON(tst.v1beta1Schema),
"V1_SCHEMA", toValidationJSON(tst.v1Schema), "V1_SCHEMA", toValidationJSON(tst.v1Schema),
"PRESERVE_UNKNOWN_FIELDS", tst.preserveUnknownFields,
).Replace(tmpl) ).Replace(tmpl)
// decode CRD manifest // decode CRD manifest