Merge pull request #855 from Azure/create-schema-validation

janboll · web-flow · commit fa2891a4bcce · 2024-11-20T08:32:19.000+01:00
Add schema validation for templating configuration
diff --git a/config/config.schema.json b/config/config.schema.json
diff --git a/config/config.yaml b/config/config.yaml
@@ -1,3 +1,4 @@
+$schema: config.schema.json
 defaults:
   region: {{ .ctx.region }}
   # Resourcegroups
@@ -207,7 +208,8 @@ clouds:
           # DNS
           regionalDNSSubdomain: '{{ .ctx.region }}-cs'
           # Maestro
-          maestroRestrictIstioIngress: false
+          maestro:
+            restrictIstioIngress: false
       personal-dev:
         # this is the personal DEV environment
         defaults:
diff --git a/config/public-cloud-cs-pr.json b/config/public-cloud-cs-pr.json
@@ -66,9 +66,8 @@
       "serverStorageSizeGB": "32",
       "serverVersion": "15"
     },
-    "restrictIstioIngress": true
+    "restrictIstioIngress": false
   },
-  "maestroRestrictIstioIngress": false,
   "managementClusterSubscription": "ARO Hosted Control Planes (EA Subscription 1)",
   "mgmt": {
     "etcd": {
diff --git a/go.work.sum b/go.work.sum
@@ -608,6 +608,7 @@ github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8
 github.com/digitalocean/godo v1.99.0/go.mod h1:SsS2oXo2rznfM/nORlZ/6JaUJZFhmKTib1YhopUc8NA=
 github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2 h1:aBfCb7iqHmDEIp6fBvC/hQUddQfg+3qdYjwzaiP9Hnc=
 github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2/go.mod h1:WHNsWjnIn2V1LYOrME7e8KxSeKunYHsxEm4am0BUtcI=
+github.com/dlclark/regexp2 v1.11.0/go.mod h1:DHkYz0B9wPfa6wondMfaivmHpzrQ3v9q8cnmRbL6yW8=
 github.com/dnaeon/go-vcr v1.2.0 h1:zHCHvJYTMh1N7xnV7zf1m1GPBF9Ad0Jk/whtQ1663qI=
 github.com/dnaeon/go-vcr v1.2.0/go.mod h1:R4UdLID7HZT3taECzJs4YgbbH6PIGXB6W/sc5OLb6RQ=
 github.com/docker/cli v24.0.0+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
@@ -742,6 +743,7 @@ github.com/gofrs/uuid v4.0.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRx
 github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
 github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4=
 github.com/golang-jwt/jwt v3.2.1+incompatible h1:73Z+4BJcrTC+KczS6WvTPvRGOp1WmfEP4Q1lOd9Z/+c=
+github.com/golang-jwt/jwt v3.2.1+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=
 github.com/golang-jwt/jwt/v4 v4.4.1/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
 github.com/golang/glog v1.0.0/go.mod h1:EWib/APOK0SL3dFbYqvxE3UYd8E6s1ouQ7iEp/0LWV4=
@@ -968,6 +970,7 @@ github.com/jackc/pgx/v4 v4.12.1-0.20210724153913-640aa07df17c/go.mod h1:1QD0+tgS
 github.com/jackc/puddle v0.0.0-20190413234325-e4ced69a3a2b/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk=
 github.com/jackc/puddle v0.0.0-20190608224051-11cab39313c9/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk=
 github.com/jackc/puddle v1.1.3/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk=
+github.com/jackc/puddle v1.3.0/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk=
 github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo=
 github.com/jedisct1/go-minisign v0.0.0-20211028175153-1c139d1cc84b h1:ZGiXF8sz7PDk6RgkP+A/SFfUD0ZR/AgG6SpRNEDKZy8=
 github.com/jedisct1/go-minisign v0.0.0-20211028175153-1c139d1cc84b/go.mod h1:hQmNrgofl+IY/8L+n20H6E6PWBBTokdsv+q49j0QhsU=
diff --git a/tooling/templatize/go.mod b/tooling/templatize/go.mod
@@ -35,6 +35,7 @@ require (
 	github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
+	github.com/santhosh-tekuri/jsonschema/v6 v6.0.1 // indirect
 	github.com/shopspring/decimal v1.4.0 // indirect
 	github.com/spf13/cast v1.7.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
diff --git a/tooling/templatize/go.sum b/tooling/templatize/go.sum
@@ -69,6 +69,8 @@ github.com/redis/go-redis/v9 v9.6.1/go.mod h1:0C0c6ycQsdpVNQpxb1njEQIqkx5UcsM8FJ
 github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8=
 github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
+github.com/santhosh-tekuri/jsonschema/v6 v6.0.1 h1:PKK9DyHxif4LZo+uQSgXNqs0jj5+xZwwfKHgph2lxBw=
+github.com/santhosh-tekuri/jsonschema/v6 v6.0.1/go.mod h1:JXeL+ps8p7/KNMjDQk3TCwPpBy0wYklyWTfbkIzdIFU=
 github.com/shopspring/decimal v1.4.0 h1:bxl37RwXBklmTi0C79JfXCEBD1cqqHt0bbgBAGFp81k=
 github.com/shopspring/decimal v1.4.0/go.mod h1:gawqmDU56v4yIKSwfBSFip1HdCCXN8/+DMd9qYNcwME=
 github.com/spf13/cast v1.7.0 h1:ntdiHjuueXFgm5nzDRdOS4yfT43P5Fnud6DH50rz/7w=
diff --git a/tooling/templatize/pkg/config/config.go b/tooling/templatize/pkg/config/config.go
@@ -4,9 +4,11 @@ import (
 	"bytes"
 	"fmt"
 	"os"
+	"path/filepath"
 	"reflect"
 	"text/template"
 
+	"github.com/santhosh-tekuri/jsonschema/v6"
 	"gopkg.in/yaml.v3"
 )
 
@@ -89,6 +91,62 @@ func mergeVariables(base, override Variables) Variables {
 	return base
 }
 
+// Needed to convert Variables to map[string]interface{} for jsonschema validation
+// see: https://github.com/santhosh-tekuri/jsonschema/blob/boon/schema.go#L124
+func convertToInterface(variables Variables) map[string]any {
+	m := map[string]any{}
+	for k, v := range variables {
+		if subMap, ok := v.(Variables); ok {
+			m[k] = convertToInterface(subMap)
+		} else {
+			m[k] = v
+		}
+	}
+	return m
+}
+
+func (cp *configProviderImpl) loadSchema() (any, error) {
+	schemaPath := cp.schema
+	if !filepath.IsAbs(schemaPath) {
+		schemaPath = filepath.Join(filepath.Dir(cp.config), schemaPath)
+	}
+	reader, err := os.Open(schemaPath)
+	if err != nil {
+		return nil, fmt.Errorf("failed to open schema file: %v", err)
+	}
+
+	schema, err := jsonschema.UnmarshalJSON(reader)
+	if err != nil {
+		return nil, fmt.Errorf("failed to unmarshal schema: %v", err)
+	}
+
+	return schema, nil
+}
+
+func (cp *configProviderImpl) validateSchema(variables Variables) error {
+	c := jsonschema.NewCompiler()
+
+	schema, err := cp.loadSchema()
+	if err != nil {
+		return fmt.Errorf("failed to load schema: %v", err)
+	}
+
+	err = c.AddResource(cp.schema, schema)
+	if err != nil {
+		return fmt.Errorf("failed to add schema resource: %v", err)
+	}
+	sch, err := c.Compile(cp.schema)
+	if err != nil {
+		return fmt.Errorf("failed to compile schema: %v", err)
+	}
+
+	err = sch.Validate(convertToInterface(variables))
+	if err != nil {
+		return fmt.Errorf("failed to validate schema: %v", err)
+	}
+	return nil
+}
+
 func (cp *configProviderImpl) GetVariables(cloud, deployEnv, region string, configReplacements *ConfigReplacements) (Variables, error) {
 	variables, err := cp.GetDeployEnvVariables(cloud, deployEnv, configReplacements)
 	if err != nil {
@@ -102,6 +160,11 @@ func (cp *configProviderImpl) GetVariables(cloud, deployEnv, region string, conf
 	}
 	mergeVariables(variables, regionOverrides)
 
+	// validate schema
+	err = cp.validateSchema(variables)
+	if err != nil {
+		return nil, err
+	}
 	return variables, nil
 }
 
@@ -117,6 +180,10 @@ func (cp *configProviderImpl) Validate(cloud, deployEnv string) error {
 	if ok := config.HasDeployEnv(cloud, deployEnv); !ok {
 		return fmt.Errorf("the deployment env %s is not found under cloud %s", deployEnv, cloud)
 	}
+
+	if !config.HasSchema() {
+		return fmt.Errorf("$schema not found in config")
+	}
 	return nil
 }
 
@@ -135,6 +202,8 @@ func (cp *configProviderImpl) GetDeployEnvVariables(cloud, deployEnv string, con
 	mergeVariables(variables, config.GetCloudOverrides(cloud))
 	mergeVariables(variables, config.GetDeployEnvOverrides(cloud, deployEnv))
 
+	cp.schema = config.GetSchema()
+
 	return variables, nil
 }
 
diff --git a/tooling/templatize/pkg/config/config_test.go b/tooling/templatize/pkg/config/config_test.go
@@ -2,6 +2,7 @@ package config
 
 import (
 	"fmt"
+	"os"
 	"testing"
 
 	"github.com/stretchr/testify/assert"
@@ -154,3 +155,79 @@ func TestMergeVariable(t *testing.T) {
 	}
 
 }
+
+func TestLoadSchema(t *testing.T) {
+	testDirs := t.TempDir()
+
+	err := os.WriteFile(testDirs+"/schema.json", []byte(`{"type": "object"}`), 0644)
+	assert.Nil(t, err)
+
+	configProvider := configProviderImpl{}
+	configProvider.schema = testDirs + "/schema.json"
+
+	schema, err := configProvider.loadSchema()
+	assert.Nil(t, err)
+	assert.NotNil(t, schema)
+	assert.Equal(t, map[string]any{"type": "object"}, schema)
+}
+
+func TestLoadSchemaError(t *testing.T) {
+	testDirs := t.TempDir()
+
+	err := os.WriteFile(testDirs+"/schma.json", []byte(`{"type": "object"}`), 0644)
+	assert.Nil(t, err)
+
+	configProvider := configProviderImpl{}
+	configProvider.schema = testDirs + "/schema.json"
+	_, err = configProvider.loadSchema()
+	assert.NotNil(t, err)
+}
+
+func TestValidateSchema(t *testing.T) {
+	testSchema := `{
+	"type": "object",
+	"properties": {
+		"key1": {
+			"type": "string"
+		}
+	},
+	"additionalProperties": false
+}`
+
+	testDirs := t.TempDir()
+
+	err := os.WriteFile(testDirs+"/schema.json", []byte(testSchema), 0644)
+	assert.Nil(t, err)
+
+	configProvider := configProviderImpl{}
+	configProvider.schema = "schema.json"
+	configProvider.config = testDirs + "/config.yaml"
+
+	err = configProvider.validateSchema(map[string]any{"foo": "bar"})
+	assert.NotNil(t, err)
+	assert.ErrorContains(t, err, "additional properties 'foo' not allowed")
+
+	err = configProvider.validateSchema(map[string]any{"key1": "bar"})
+	assert.Nil(t, err)
+}
+
+func TestConvertToInterface(t *testing.T) {
+	vars := Variables{
+		"key1": "value1",
+		"key2": Variables{
+			"key3": "value3",
+		},
+	}
+
+	expected := map[string]any{
+		"key1": "value1",
+		"key2": map[string]any{
+			"key3": "value3",
+		},
+	}
+
+	result := convertToInterface(vars)
+	assert.Equal(t, expected, result)
+	assert.IsType(t, expected, map[string]any{})
+	assert.IsType(t, expected["key2"], map[string]any{})
+}
diff --git a/tooling/templatize/pkg/config/types.go b/tooling/templatize/pkg/config/types.go
@@ -6,9 +6,10 @@ import (
 
 type configProviderImpl struct {
 	config string
+	schema string
 }
 
-type Variables map[string]interface{}
+type Variables map[string]any
 
 func NewVariableOverrides() VariableOverrides {
 	return &variableOverrides{}
@@ -20,11 +21,14 @@ type VariableOverrides interface {
 	GetDeployEnvOverrides(cloud, deployEnv string) Variables
 	GetRegionOverrides(cloud, deployEnv, region string) Variables
 	GetRegions(cloud, deployEnv string) []string
+	GetSchema() string
+	HasSchema() bool
 	HasCloud(cloud string) bool
 	HasDeployEnv(cloud, deployEnv string) bool
 }
 
 type variableOverrides struct {
+	Schema   string    `yaml:"$schema"`
 	Defaults Variables `yaml:"defaults"`
 	// key is the cloud alias
 	Overrides map[string]*struct {
@@ -38,6 +42,14 @@ type variableOverrides struct {
 	} `yaml:"clouds"`
 }
 
+func (vo *variableOverrides) GetSchema() string {
+	return vo.Schema
+}
+
+func (vo *variableOverrides) HasSchema() bool {
+	return vo.Schema != ""
+}
+
 func (vo *variableOverrides) GetDefaults() Variables {
 	return vo.Defaults
 }
diff --git a/tooling/templatize/testdata/config.yaml b/tooling/templatize/testdata/config.yaml
@@ -1,3 +1,4 @@
+$schema: schema.json
 defaults:
   region: {{ .ctx.region }}
   serviceClusterSubscription: hcp-{{ .ctx.region }}
diff --git a/tooling/templatize/testdata/schema.json b/tooling/templatize/testdata/schema.json
@@ -0,0 +1,3 @@
+{
+    "type": "object"
+}

Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,4 @@`
	`1`	`+$schema: schema.json`
`1`	`2`	`defaults:`
`2`	`3`	`region: {{ .ctx.region }}`
`3`	`4`	`serviceClusterSubscription: hcp-{{ .ctx.region }}`