github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-26 21:17:23 +00:00
Code Issues Projects Releases Wiki Activity

apiextensions: forbid additionalProperties at embedded resource root

Browse Source
This commit is contained in:
Dr. Stefan Schimanski 2019-06-10 11:08:51 +02:00
parent d6c480122f
commit fca2f71a96
2 changed files with 53 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
staging/src/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/validation/validation_test.go
View File

@ -1796,6 +1796,56 @@ func TestValidateCustomResourceDefinition(t *testing.T) {
}, },
enabledFeatures: []featuregate.Feature{features.CustomResourceDefaulting}, enabledFeatures: []featuregate.Feature{features.CustomResourceDefaulting},
}, },
{
name: "additionalProperties at resource root",
resource: &apiextensions.CustomResourceDefinition{
ObjectMeta: metav1.ObjectMeta{Name: "plural.group.com"},
Spec: apiextensions.CustomResourceDefinitionSpec{
Group: "group.com",
Version: "version",
Versions: singleVersionList,
Scope: apiextensions.NamespaceScoped,
Names: apiextensions.CustomResourceDefinitionNames{
Plural: "plural",
Singular: "singular",
Kind: "Plural",
ListKind: "PluralList",
},
Validation: &apiextensions.CustomResourceValidation{
OpenAPIV3Schema: &apiextensions.JSONSchemaProps{
Type: "object",
Properties: map[string]apiextensions.JSONSchemaProps{
"embedded1": {
Type: "object",
XEmbeddedResource: true,
AdditionalProperties: &apiextensions.JSONSchemaPropsOrBool{
Schema: &apiextensions.JSONSchemaProps{Type: "string"},
},
},
"embedded2": {
Type: "object",
XEmbeddedResource: true,
XPreserveUnknownFields: pointer.BoolPtr(true),
AdditionalProperties: &apiextensions.JSONSchemaPropsOrBool{
Schema: &apiextensions.JSONSchemaProps{Type: "string"},
},
},
},
},
},
PreserveUnknownFields: pointer.BoolPtr(false),
},
Status: apiextensions.CustomResourceDefinitionStatus{
StoredVersions: []string{"version"},
},
},
errors: []validationMatch{
forbidden("spec", "validation", "openAPIV3Schema", "properties[embedded1]", "additionalProperties"),
required("spec", "validation", "openAPIV3Schema", "properties[embedded1]", "properties"),
forbidden("spec", "validation", "openAPIV3Schema", "properties[embedded2]", "additionalProperties"),
},
enabledFeatures: []featuregate.Feature{features.CustomResourceDefaulting},
},
{ {
name: "contradicting meta field types", name: "contradicting meta field types",
resource: &apiextensions.CustomResourceDefinition{ resource: &apiextensions.CustomResourceDefinition{

3
staging/src/k8s.io/apiextensions-apiserver/pkg/apiserver/schema/validation.go
View File

@ -126,6 +126,9 @@ func validateStructuralInvariants(s *Structural, lvl level, fldPath *field.Path)
allErrs = append(allErrs, field.Required(fldPath.Child("type"), "must not be empty for specified object fields")) allErrs = append(allErrs, field.Required(fldPath.Child("type"), "must not be empty for specified object fields"))
} }
} }
if s.XEmbeddedResource && s.AdditionalProperties != nil {
allErrs = append(allErrs, field.Forbidden(fldPath.Child("additionalProperties"), "must not be used if x-kubernetes-embedded-resource is set"))
}
if lvl == rootLevel && len(s.Type) > 0 && s.Type != "object" { if lvl == rootLevel && len(s.Type) > 0 && s.Type != "object" {
allErrs = append(allErrs, field.Invalid(fldPath.Child("type"), s.Type, "must be object at the root")) allErrs = append(allErrs, field.Invalid(fldPath.Child("type"), s.Type, "must be object at the root"))