Use yaml.UnmarshalStrict() during strict validation
#201
Conversation
|
Build failure is expected. Will need a newer version of |
|
Thanks! Seems worth considering just always being strict. Are there any downsides/breakages from that, besides obviously breaking for people with invalid configurations which were silently being accepted before? I'm gonna wait for |
|
Hi @vito - I can't think of any reason not to use it everywhere, assuming that it does what it says on the box correctly, and if writing new code I definitely would. I'm not sure whether Concourse stores any yaml that it later reads out again, and whether stricter parsing might cause issues then? When prepping this PR I did find that of the code in |
|
@vito - looks like a new version of e.g. https://gopkg.in/yaml.v2 points to https://github.com/go-yaml/yaml/tree/v2.1.1 which includes go-yaml/yaml@77b384e |
|
Hello any news ? |
|
Taking a look now! I'll merge this manually by bumping gopkg at the same time if the tests pass locally. |
vmware-archive/fly#201 Submodule src/github.com/concourse/fly f9d92f5..2be951a: > Merge branch 'govau-unmarshalstrict' > Merge pull request #214 from alepee/patch-1 Submodule src/gopkg.in/yaml.v2 e4d366fc..5420a8b6: > Use underlying float precision when formatting floats (#353) > Fix typo in tab error message (#208). > Fix misspell of precede in ported code (#216) > Fix type on Marshal docs (#206). > Fixed typos in docstrings (#179). > Drop unnecessary explicit timestamp tags. > Fix broken test from last merge. > increment non-zero scanner error lines (#319) > Convert int to float when explicitly tagged. > Encode and decode arrays. > Fix edge case when decoding MinInt as -0b. > Remove mention of non-existent examples folder. > Fix curious assumption from the original C reader. > Ensure scanner has data before checking for blanks. > Drop invalid simple key assertion. > Improve map stabilization logic. > Fix unstable map key ordering (#195). > Merge pull request #336 from rogpeppe/025-go.mod > Merge pull request #335 from rogpeppe/024-merge-devel > Merge pull request #253 from heldtogether/patch-1 > Merge pull request #308 from rogpeppe/016-revert-v2-PR273 > Merge pull request #273 from rogpeppe/006-timestamps > Merge pull request #299 from rogpeppe/009-gofmt > Merge pull request #281 from houshengbo/fix-incorrect-line-number > Correct documentation for Marshal (#287) > Merge pull request #289 from rliebz/null-fix > Replace LICENSE text with actual license (#274) > Merge pull request #272 from rogpeppe/005-cleaner-tag-scan > Merge pull request #103 from andreychernih/bugfix/non-specific-tags > Merge pull request #271 from rogpeppe/004-embedded-example > Merge pull request #94 from mvo5/feature/embeded-structs-example > Merge pull request #264 from hiveminded/v2 > Merge pull request #262 from wupeka/v2 > Remove unreachable code to fix go vet (#249) > Fix dead URL for yaml specification (#240) > Tighten restrictions on float decoding (#171) > Fix decode test for Go 1.8 (#217) > Fix unmarshaler handling of empty strings. > new license in the README file (#189)
|
Thanks! All good. |
|
Man! beer++ if we meet one day! |
Earlier this week the go-yaml/yaml#307 landed which adds checking of duplicate keys when unmarshaling yaml, which would have saved me a few hours with a buggy pipeline that I wrote.
This PR changes to the behaviour of
verify-pipelineto useyaml.UnmarshalStrict(), only when the existing--strictoption is set. This also has the benefit of picking up any field names in a yaml file that don't match a struct (when unmarshalled into a map, anything is allowed) which can help detect typos.Note that in order for these tests to pass, you will need to vendor in a new version of
gopkg.in/yaml.v2. I'm not sure how they plan to update their branch - in my testing of below I updated to the tip of thedevelbranch at https://github.com/go-yaml/yaml, which I verified passes the full set of integration tests (testflight).(maybe you'll want to wait for a newer release from them?)
Anyway, submitting the PR now with some basic tests.
It might be interesting to consider using
yaml.UnmarshalStrict()everywhere thatyaml.Unmarshal()is used, but that's a bigger change to contemplate.