From 05da62c0753ff6be45dbbb4cf147856a7a2746b8 Mon Sep 17 00:00:00 2001 From: Kermit Alexander Date: Wed, 1 Jun 2022 17:11:21 +0000 Subject: [PATCH 1/7] Add additional CRD validation tests. --- test/e2e/apimachinery/crd_validation_rules.go | 52 +++++++++++++++++++ 1 file changed, 52 insertions(+) diff --git a/test/e2e/apimachinery/crd_validation_rules.go b/test/e2e/apimachinery/crd_validation_rules.go index 2a351b8b1fa..d735477bd2b 100644 --- a/test/e2e/apimachinery/crd_validation_rules.go +++ b/test/e2e/apimachinery/crd_validation_rules.go @@ -166,4 +166,56 @@ var _ = SIGDescribe("CustomResourceValidationRules [Privileged:ClusterAdmin][Alp framework.Failf("expect error contains %q, got %q", expectedErrMsg, err.Error()) } }) + + ginkgo.It("MUST fail create of a custom resource definition that contains an x-kubernetes-validations rule that contains a syntax error", func() { + ginkgo.By("Defining a custom resource definition that contains a validation rule with a syntax error") + var schemaWithSyntaxErrorRule = unmarshallSchema([]byte(`{ + "type":"object", + "properties":{ + "spec":{ + "type":"object", + "x-kubernetes-validations":[ + { "rule":"self = 42" } + ] + } + } + }`)) + crd := fixtures.NewRandomNameV1CustomResourceDefinitionWithSchema(v1.NamespaceScoped, schemaWithSyntaxErrorRule, false) + _, err := fixtures.CreateNewV1CustomResourceDefinitionWatchUnsafe(crd, apiExtensionClient) + framework.ExpectError(err, "creating a CustomResourceDefinition with a validation rule that contains a syntax error") + expectedErrMsg := "syntax error" + if !strings.Contains(err.Error(), expectedErrMsg) { + framework.Failf("expected error message to contain %q, got %q", expectedErrMsg, err.Error()) + } + }) + + ginkgo.It("MUST fail create of a custom resource definition that contains an x-kubernetes-validations rule that exceeds the estimated cost limit", func() { + ginkgo.By("Defining a custom resource definition that contains a validation rule that exceeds the cost limit") + var schemaWithExpensiveRule = unmarshallSchema([]byte(`{ + "type": "object", + "properties": { + "spec": { + "type": "object", + "x-kubernetes-validations": [{ + "rule": "self.x.all(s, s == \"string constant\")" + }], + "properties": { + "x": { + "type": "list", + "items": { + "type": "string" + } + } + } + } + } + }`)) + crd := fixtures.NewRandomNameV1CustomResourceDefinitionWithSchema(v1.NamespaceScoped, schemaWithExpensiveRule, false) + _, err := fixtures.CreateNewV1CustomResourceDefinitionWatchUnsafe(crd, apiExtensionClient) + framework.ExpectError(err, "creating a CustomResourceDefinition with a validation rule that exceeds the cost limit") + expectedErrMsg := "syntax error" + if !strings.Contains(err.Error(), expectedErrMsg) { + framework.Failf("expected error message to contain %q, got %q", expectedErrMsg, err.Error()) + } + }) }) From 120744bf44f7e230af13e0b269228c2d1cf3d2dd Mon Sep 17 00:00:00 2001 From: Kermit Alexander Date: Tue, 7 Jun 2022 16:31:41 +0000 Subject: [PATCH 2/7] Change case on syntax error check. --- test/e2e/apimachinery/crd_validation_rules.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/e2e/apimachinery/crd_validation_rules.go b/test/e2e/apimachinery/crd_validation_rules.go index d735477bd2b..0b0f53cd8d9 100644 --- a/test/e2e/apimachinery/crd_validation_rules.go +++ b/test/e2e/apimachinery/crd_validation_rules.go @@ -183,7 +183,7 @@ var _ = SIGDescribe("CustomResourceValidationRules [Privileged:ClusterAdmin][Alp crd := fixtures.NewRandomNameV1CustomResourceDefinitionWithSchema(v1.NamespaceScoped, schemaWithSyntaxErrorRule, false) _, err := fixtures.CreateNewV1CustomResourceDefinitionWatchUnsafe(crd, apiExtensionClient) framework.ExpectError(err, "creating a CustomResourceDefinition with a validation rule that contains a syntax error") - expectedErrMsg := "syntax error" + expectedErrMsg := "Syntax error" if !strings.Contains(err.Error(), expectedErrMsg) { framework.Failf("expected error message to contain %q, got %q", expectedErrMsg, err.Error()) } From 6f66ed06f28ddee31d4c92dcb3fdd0ea95eff3ba Mon Sep 17 00:00:00 2001 From: Kermit Alexander Date: Tue, 7 Jun 2022 16:36:20 +0000 Subject: [PATCH 3/7] Correct cost estimation check. --- test/e2e/apimachinery/crd_validation_rules.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/e2e/apimachinery/crd_validation_rules.go b/test/e2e/apimachinery/crd_validation_rules.go index 0b0f53cd8d9..56b138a5acb 100644 --- a/test/e2e/apimachinery/crd_validation_rules.go +++ b/test/e2e/apimachinery/crd_validation_rules.go @@ -201,7 +201,7 @@ var _ = SIGDescribe("CustomResourceValidationRules [Privileged:ClusterAdmin][Alp }], "properties": { "x": { - "type": "list", + "type": "array", "items": { "type": "string" } @@ -213,7 +213,7 @@ var _ = SIGDescribe("CustomResourceValidationRules [Privileged:ClusterAdmin][Alp crd := fixtures.NewRandomNameV1CustomResourceDefinitionWithSchema(v1.NamespaceScoped, schemaWithExpensiveRule, false) _, err := fixtures.CreateNewV1CustomResourceDefinitionWatchUnsafe(crd, apiExtensionClient) framework.ExpectError(err, "creating a CustomResourceDefinition with a validation rule that exceeds the cost limit") - expectedErrMsg := "syntax error" + expectedErrMsg := "exceeded budget" if !strings.Contains(err.Error(), expectedErrMsg) { framework.Failf("expected error message to contain %q, got %q", expectedErrMsg, err.Error()) } From c58c02fcf9b291e538ab30a43a4aa43d097896d2 Mon Sep 17 00:00:00 2001 From: Kermit Alexander Date: Wed, 8 Jun 2022 17:40:50 +0000 Subject: [PATCH 4/7] Ensure estimated cost limit is exceeded. --- test/e2e/apimachinery/crd_validation_rules.go | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/test/e2e/apimachinery/crd_validation_rules.go b/test/e2e/apimachinery/crd_validation_rules.go index 56b138a5acb..bdc7c5c2eb2 100644 --- a/test/e2e/apimachinery/crd_validation_rules.go +++ b/test/e2e/apimachinery/crd_validation_rules.go @@ -196,14 +196,17 @@ var _ = SIGDescribe("CustomResourceValidationRules [Privileged:ClusterAdmin][Alp "properties": { "spec": { "type": "object", - "x-kubernetes-validations": [{ - "rule": "self.x.all(s, s == \"string constant\")" - }], "properties": { "x": { "type": "array", "items": { - "type": "string" + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-validations": [{ + "rule": "self.all(s, s == \"string constant\")" + }] } } } From ff3d04d5dfc9c9f4f01a8365518c98f20645881a Mon Sep 17 00:00:00 2001 From: Kermit Alexander Date: Wed, 8 Jun 2022 22:45:29 +0000 Subject: [PATCH 5/7] Fix incorrect wording in expectedErrMsg. --- test/e2e/apimachinery/crd_validation_rules.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/e2e/apimachinery/crd_validation_rules.go b/test/e2e/apimachinery/crd_validation_rules.go index bdc7c5c2eb2..6600e3c6ebc 100644 --- a/test/e2e/apimachinery/crd_validation_rules.go +++ b/test/e2e/apimachinery/crd_validation_rules.go @@ -216,7 +216,7 @@ var _ = SIGDescribe("CustomResourceValidationRules [Privileged:ClusterAdmin][Alp crd := fixtures.NewRandomNameV1CustomResourceDefinitionWithSchema(v1.NamespaceScoped, schemaWithExpensiveRule, false) _, err := fixtures.CreateNewV1CustomResourceDefinitionWatchUnsafe(crd, apiExtensionClient) framework.ExpectError(err, "creating a CustomResourceDefinition with a validation rule that exceeds the cost limit") - expectedErrMsg := "exceeded budget" + expectedErrMsg := "exceeds budget" if !strings.Contains(err.Error(), expectedErrMsg) { framework.Failf("expected error message to contain %q, got %q", expectedErrMsg, err.Error()) } From 9fb55af69b00f4a9573a577019133b16a9fcd84e Mon Sep 17 00:00:00 2001 From: Kermit Alexander Date: Thu, 9 Jun 2022 23:15:30 +0000 Subject: [PATCH 6/7] Make schema formatting consistent. --- test/e2e/apimachinery/crd_validation_rules.go | 56 +++++++++---------- 1 file changed, 28 insertions(+), 28 deletions(-) diff --git a/test/e2e/apimachinery/crd_validation_rules.go b/test/e2e/apimachinery/crd_validation_rules.go index 6600e3c6ebc..98ce415b9df 100644 --- a/test/e2e/apimachinery/crd_validation_rules.go +++ b/test/e2e/apimachinery/crd_validation_rules.go @@ -170,14 +170,14 @@ var _ = SIGDescribe("CustomResourceValidationRules [Privileged:ClusterAdmin][Alp ginkgo.It("MUST fail create of a custom resource definition that contains an x-kubernetes-validations rule that contains a syntax error", func() { ginkgo.By("Defining a custom resource definition that contains a validation rule with a syntax error") var schemaWithSyntaxErrorRule = unmarshallSchema([]byte(`{ - "type":"object", - "properties":{ - "spec":{ - "type":"object", - "x-kubernetes-validations":[ - { "rule":"self = 42" } - ] - } + "type":"object", + "properties":{ + "spec":{ + "type":"object", + "x-kubernetes-validations":[ + { "rule":"self = 42" } + ] + } } }`)) crd := fixtures.NewRandomNameV1CustomResourceDefinitionWithSchema(v1.NamespaceScoped, schemaWithSyntaxErrorRule, false) @@ -192,26 +192,26 @@ var _ = SIGDescribe("CustomResourceValidationRules [Privileged:ClusterAdmin][Alp ginkgo.It("MUST fail create of a custom resource definition that contains an x-kubernetes-validations rule that exceeds the estimated cost limit", func() { ginkgo.By("Defining a custom resource definition that contains a validation rule that exceeds the cost limit") var schemaWithExpensiveRule = unmarshallSchema([]byte(`{ - "type": "object", - "properties": { - "spec": { - "type": "object", - "properties": { - "x": { - "type": "array", - "items": { - "type": "array", - "items": { - "type": "string" - }, - "x-kubernetes-validations": [{ - "rule": "self.all(s, s == \"string constant\")" - }] - } - } - } - } - } + "type":"object", + "properties":{ + "spec":{ + "type":"object", + "properties":{ + "x":{ + "type":"array", + "items":{ + "type":"array", + "items":{ + "type":"string" + }, + "x-kubernetes-validations":[ + { "rule":"self.all(s, s == \"string constant\")" } + ] + } + } + } + } + } }`)) crd := fixtures.NewRandomNameV1CustomResourceDefinitionWithSchema(v1.NamespaceScoped, schemaWithExpensiveRule, false) _, err := fixtures.CreateNewV1CustomResourceDefinitionWatchUnsafe(crd, apiExtensionClient) From 192aea7119cc2410e539098585aadb75b53d84c3 Mon Sep 17 00:00:00 2001 From: Kermit Alexander Date: Fri, 17 Jun 2022 22:40:38 +0000 Subject: [PATCH 7/7] Remove need for escaped quotes. --- test/e2e/apimachinery/crd_validation_rules.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/e2e/apimachinery/crd_validation_rules.go b/test/e2e/apimachinery/crd_validation_rules.go index 98ce415b9df..5b1dbe82df7 100644 --- a/test/e2e/apimachinery/crd_validation_rules.go +++ b/test/e2e/apimachinery/crd_validation_rules.go @@ -205,7 +205,7 @@ var _ = SIGDescribe("CustomResourceValidationRules [Privileged:ClusterAdmin][Alp "type":"string" }, "x-kubernetes-validations":[ - { "rule":"self.all(s, s == \"string constant\")" } + { "rule":"self.all(s, s == 'string constant')" } ] } }