From b883f30501110b67d2637a33e7cb6082d07c4261 Mon Sep 17 00:00:00 2001 From: Dave Chen Date: Fri, 14 Jul 2023 14:25:59 +0800 Subject: [PATCH] kubeadm: Support `kubeadm config validate` for ResetConfiguration Signed-off-by: Dave Chen --- cmd/kubeadm/app/util/config/common.go | 9 +++++- cmd/kubeadm/app/util/config/common_test.go | 29 +++++++++++++++++++ .../app/util/config/resetconfiguration.go | 10 +++++-- 3 files changed, 44 insertions(+), 4 deletions(-) diff --git a/cmd/kubeadm/app/util/config/common.go b/cmd/kubeadm/app/util/config/common.go index 064b9afb3fb..333a2dd44da 100644 --- a/cmd/kubeadm/app/util/config/common.go +++ b/cmd/kubeadm/app/util/config/common.go @@ -291,7 +291,7 @@ func MigrateOldConfig(oldConfig []byte, allowExperimental bool) ([]byte, error) // Migrate ResetConfiguration if there is any if kubeadmutil.GroupVersionKindsHasResetConfiguration(gvks...) { - o, err := documentMapToResetConfiguration(gvkmap, true, allowExperimental) + o, err := documentMapToResetConfiguration(gvkmap, true, allowExperimental, true) if err != nil { return []byte{}, err } @@ -336,6 +336,13 @@ func ValidateConfig(config []byte, allowExperimental bool) error { } } + // Validate ResetConfiguration if there is any + if kubeadmutil.GroupVersionKindsHasResetConfiguration(gvks...) { + if _, err := documentMapToResetConfiguration(gvkmap, true, allowExperimental, true); err != nil { + return err + } + } + return nil } diff --git a/cmd/kubeadm/app/util/config/common_test.go b/cmd/kubeadm/app/util/config/common_test.go index 3891d9b5a1a..729cbd7281b 100644 --- a/cmd/kubeadm/app/util/config/common_test.go +++ b/cmd/kubeadm/app/util/config/common_test.go @@ -575,6 +575,35 @@ func TestValidateConfig(t *testing.T) { expectedError: true, allowExperimental: false, }, + { + name: "valid ResetConfiguration", + cfg: dedent.Dedent(fmt.Sprintf(` + apiVersion: %s + kind: ResetConfiguration + force: true + `, gvExperimental)), + expectedError: false, + allowExperimental: true, + }, + { + name: "invalid field in ResetConfiguration", + cfg: dedent.Dedent(fmt.Sprintf(` + apiVersion: %s + kind: ResetConfiguration + foo: bar + `, gvExperimental)), + expectedError: true, + allowExperimental: true, + }, + { + name: "experimental API is not allowed in ResetConfiguration", + cfg: dedent.Dedent(fmt.Sprintf(` + apiVersion: %s + kind: ResetConfiguration + `, gvExperimental)), + expectedError: true, + allowExperimental: false, + }, } for _, test := range tests { diff --git a/cmd/kubeadm/app/util/config/resetconfiguration.go b/cmd/kubeadm/app/util/config/resetconfiguration.go index da110014312..f6178a8beb9 100644 --- a/cmd/kubeadm/app/util/config/resetconfiguration.go +++ b/cmd/kubeadm/app/util/config/resetconfiguration.go @@ -83,12 +83,12 @@ func LoadResetConfigurationFromFile(cfgPath string, allowExperimental bool) (*ku return nil, err } - return documentMapToResetConfiguration(gvkmap, false, allowExperimental) + return documentMapToResetConfiguration(gvkmap, false, allowExperimental, false) } // documentMapToResetConfiguration takes a map between GVKs and YAML documents (as returned by SplitYAMLDocuments), // finds a ResetConfiguration, decodes it, dynamically defaults it and then validates it prior to return. -func documentMapToResetConfiguration(gvkmap kubeadmapi.DocumentMap, allowDeprecated, allowExperimental bool) (*kubeadmapi.ResetConfiguration, error) { +func documentMapToResetConfiguration(gvkmap kubeadmapi.DocumentMap, allowDeprecated, allowExperimental bool, strictErrors bool) (*kubeadmapi.ResetConfiguration, error) { resetBytes := []byte{} for gvk, bytes := range gvkmap { // not interested in anything other than ResetConfiguration @@ -103,7 +103,11 @@ func documentMapToResetConfiguration(gvkmap kubeadmapi.DocumentMap, allowDepreca // verify the validity of the YAML if err := strict.VerifyUnmarshalStrict([]*runtime.Scheme{kubeadmscheme.Scheme}, gvk, bytes); err != nil { - klog.Warning(err.Error()) + if !strictErrors { + klog.Warning(err.Error()) + } else { + return nil, err + } } resetBytes = bytes