Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix kubectl CRD validation with preserve-unknown-fields objects #96369

Merged
merged 2 commits into from Nov 12, 2020
Merged

Fix kubectl CRD validation with preserve-unknown-fields objects #96369

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
3659bc8
prune type in preserve-unknown-fields objects
gautierdelorme Nov 7, 2020
eed1047
update e2e kubectl test
gautierdelorme Nov 7, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
3 changes: 1 addition & 2 deletions staging/src/k8s.io/apiextensions-apiserver/pkg/controller/openapi/builder/builder_test.go
View file
Open in desktop
Expand Up @@ -172,8 +172,7 @@ func TestNewBuilder(t *testing.T) {
},
"embedded-object": {
"x-kubernetes-embedded-resource": true,
"x-kubernetes-preserve-unknown-fields": true,
"type":"object"
"x-kubernetes-preserve-unknown-fields": true
}
},
"x-kubernetes-group-version-kind":[{"group":"bar.k8s.io","kind":"Foo","version":"v1"}]
Expand Down
7 changes: 7 additions & 0 deletions staging/src/k8s.io/apiextensions-apiserver/pkg/controller/openapi/v2/conversion.go
View file
Open in desktop
Expand Up @@ -81,6 +81,13 @@ func ToStructuralOpenAPIV2(in *structuralschema.Structural) *structuralschema.St
changed = true
}

if s.XPreserveUnknownFields && s.Type == "object" {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

&& additionalProperties is not set, right?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The bug is still present if additionalProperties is set I think.

  • You can reproduce it with additionalProperties sets to true:
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
  name: foos.k8s.test
spec:
  group: k8s.test
  versions:
    - name: v1
      served: true
      storage: true
      schema:
        openAPIV3Schema:
          type: object
          properties:
            field:
              type: object
              x-kubernetes-preserve-unknown-fields: true
              additionalProperties: true
  scope: Namespaced
  names:
    plural: foos
    singular: foo
    kind: Foo
apiVersion: k8s.test/v1
kind: Foo
metadata:
  name: foo
field:
  foo: null
  • You can reproduce it with additionalProperties including nullable: true:
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
  name: foos.k8s.test
spec:
  group: k8s.test
  versions:
    - name: v1
      served: true
      storage: true
      schema:
        openAPIV3Schema:
          type: object
          properties:
            field:
              type: object
              x-kubernetes-preserve-unknown-fields: true
              additionalProperties:
                type: object
                nullable: true
  scope: Namespaced
  names:
    plural: foos
    singular: foo
    kind: Foo
apiVersion: k8s.test/v1
kind: Foo
metadata:
  name: foo
field:
  foo: null

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ack

// similar as above, kubectl doesn't properly handle object fields with `x-kubernetes-preserve-unknown-fields: true`
s.Type = ""

changed = true
}

for f, fs := range s.Properties {
if fs.Nullable {
s.ValueValidation.Required, changed = filterOut(s.ValueValidation.Required, f)
Expand Down
3 changes: 1 addition & 2 deletions staging/src/k8s.io/apiextensions-apiserver/pkg/controller/openapi/v2/conversion_test.go
View file
Open in desktop
Expand Up @@ -666,8 +666,7 @@ func Test_ConvertJSONSchemaPropsToOpenAPIv2SchemaByType(t *testing.T) {
},
},
},
expected: withVendorExtensions(new(spec.Schema), "x-kubernetes-preserve-unknown-fields", true).
Typed("object", ""),
expected: withVendorExtensions(new(spec.Schema), "x-kubernetes-preserve-unknown-fields", true),
},
}

Expand Down
2 changes: 1 addition & 1 deletion test/e2e/apimachinery/crd_publish_openapi.go
View file
Open in desktop
Expand Up @@ -230,7 +230,7 @@ var _ = SIGDescribe("CustomResourcePublishOpenAPI [Privileged:ClusterAdmin]", fu
ns := fmt.Sprintf("--namespace=%v", f.Namespace.Name)

ginkgo.By("client-side validation (kubectl create and apply) allows request with any unknown properties")
randomCR := fmt.Sprintf(`{%s,"spec":{"b":[{"c":"d"}]}}`, meta)
randomCR := fmt.Sprintf(`{%s,"spec":{"a":null,"b":[{"c":"d"}]}}`, meta)
if _, err := framework.RunKubectlInput(f.Namespace.Name, randomCR, ns, "create", "-f", "-"); err != nil {
framework.Failf("failed to create random CR %s for CRD that allows unknown properties in a nested object: %v", randomCR, err)
}
Expand Down