Disallow unexpected properties

[umairidris]

Currently, the CFT schemas allow arbitrary fields to be set. This can be dangerous, especially with config languages like YAML. Customers can easily introduce typos or a misindentations, etc causing unexpected behaviours and vulnerabilities.

Please consider adding "additionalProperties: false" to all schemas.

See: https://json-schema.org/understanding-json-schema/reference/object.html

The additionalProperties keyword is used to control the handling of extra stuff, that is, properties whose names are not listed in the properties keyword. By default any additional properties are allowed.
The additionalProperties keyword may be either a boolean or an object. If additionalProperties is a boolean and set to false, no additional properties will be allowed.

/cc @ocsig

[umairidris]

optional:
p.s. Forseti for example is investigating using protos to define their schemas (forseti-security/forseti-security#1962). The great thing protos is it can let users define native CFT compatible objects in a myriad of languages which can be dumped to YAML and sent to CFT. It will also make it easier to catch incompatibilities and have automated testing.

[ocsig]

Good point, this is on my roadmap to improve the schema validation.