| |
@@ -0,0 +1,132 @@
|
| |
+ From 6183101985e7c3c83c13aa5c7eb7545bccc8953b Mon Sep 17 00:00:00 2001
|
| |
+ From: Simone Tiraboschi <stirabos@redhat.com>
|
| |
+ Date: Mon, 13 Jul 2020 23:31:05 +0200
|
| |
+ Subject: [PATCH] Correctly validate crd.spec.versions
|
| |
+
|
| |
+ crd.spec.version got deprecated for crd.spec.versions
|
| |
+ but in this case we are going to access a list of
|
| |
+ dictionaries where the relevant value
|
| |
+ is in the name field.
|
| |
+
|
| |
+ Fix all the validations on spec.versions and add
|
| |
+ additional validations.
|
| |
+
|
| |
+ Fix also its test.
|
| |
+
|
| |
+ Signed-off-by: Simone Tiraboschi stirabos@redhat.com
|
| |
+ Fixes: #188
|
| |
+ ---
|
| |
+ operatorcourier/validate.py | 56 +++++++++++++++++--
|
| |
+ .../crdversions.invalid.bundle.yaml | 4 +-
|
| |
+ .../crdversions.valid.bundle.yaml | 8 ++-
|
| |
+ 3 files changed, 59 insertions(+), 9 deletions(-)
|
| |
+
|
| |
+ diff --git a/operatorcourier/validate.py b/operatorcourier/validate.py
|
| |
+ index 2a4a4fa..9644aa7 100644
|
| |
+ --- a/operatorcourier/validate.py
|
| |
+ +++ b/operatorcourier/validate.py
|
| |
+ @@ -156,11 +156,52 @@ def _crd_validation(self, bundle):
|
| |
+ if "group" not in crd['spec']:
|
| |
+ self._log_error("crd spec.group not defined.")
|
| |
+ valid = False
|
| |
+ - if "versions" not in crd['spec']:
|
| |
+ - if "version" not in crd['spec']:
|
| |
+ - self._log_error("crd spec.version or spec.versions not defined")
|
| |
+ + if (
|
| |
+ + "versions" not in crd['spec'] and
|
| |
+ + "version" not in crd['spec']
|
| |
+ + ):
|
| |
+ + self._log_error(
|
| |
+ + "crd spec.version or spec.versions not defined."
|
| |
+ + )
|
| |
+ + valid = False
|
| |
+ + if "versions" in crd['spec']:
|
| |
+ + if not len(crd['spec']['versions']) > 0:
|
| |
+ + self._log_error("crd spec.versions is empty.")
|
| |
+ valid = False
|
| |
+ -
|
| |
+ + else:
|
| |
+ + for ver in crd['spec']['versions']:
|
| |
+ + if (
|
| |
+ + "name" not in ver or
|
| |
+ + "served" not in ver or
|
| |
+ + "storage" not in ver
|
| |
+ + ):
|
| |
+ + self._log_error(
|
| |
+ + "crd spec.versions contains an invalid "
|
| |
+ + "CustomResourceDefinitionVersion."
|
| |
+ + )
|
| |
+ + valid = False
|
| |
+ + if "version" in crd['spec']:
|
| |
+ + if (
|
| |
+ + "name" in crd['spec']['version'][0] and
|
| |
+ + crd['spec']['version'][0]['name'] !=
|
| |
+ + crd['spec']['version']
|
| |
+ + ):
|
| |
+ + self._log_error(
|
| |
+ + "crd spec.version and spec.versions are "
|
| |
+ + "defined but spec.versions[0].name "
|
| |
+ + "doesn't match spec.version."
|
| |
+ + )
|
| |
+ + valid = False
|
| |
+ + storage_version_list = [
|
| |
+ + v for v in crd['spec']['versions']
|
| |
+ + if "storage" in v and v['storage'] is True
|
| |
+ + ]
|
| |
+ + if len(storage_version_list) != 1:
|
| |
+ + self._log_error(
|
| |
+ + "crd spec.version should contain exactly "
|
| |
+ + "one version flagged as storage version."
|
| |
+ + )
|
| |
+ + valid = False
|
| |
+ return valid
|
| |
+
|
| |
+ def _csv_validation(self, bundle):
|
| |
+ @@ -273,8 +314,11 @@ def _csv_spec_validation(self, spec, bundleData):
|
| |
+ if 'version' in csvOwnedCrd:
|
| |
+ if 'spec' in crd:
|
| |
+ if 'versions' in crd['spec']:
|
| |
+ - if csvOwnedCrd['version'] not in crd['spec']['versions']:
|
| |
+ - self._log_error('CSV.spec.crd.owned.version is'
|
| |
+ + if csvOwnedCrd['version'] not in [
|
| |
+ + v['name'] for v in crd['spec']['versions']
|
| |
+ + if 'name' in v
|
| |
+ + ]:
|
| |
+ + self._log_error('CSV.spec.crd.owned.version is '
|
| |
+ 'not in CRD.spec.versions list')
|
| |
+ valid = False
|
| |
+ if 'version' in crd['spec']:
|
| |
+ diff --git a/tests/test_files/bundles/verification/crdversions.invalid.bundle.yaml b/tests/test_files/bundles/verification/crdversions.invalid.bundle.yaml
|
| |
+ index 1512e96..63bce44 100644
|
| |
+ --- a/tests/test_files/bundles/verification/crdversions.invalid.bundle.yaml
|
| |
+ +++ b/tests/test_files/bundles/verification/crdversions.invalid.bundle.yaml
|
| |
+ @@ -263,7 +263,9 @@ data:
|
| |
+ - packages
|
| |
+ type: object
|
| |
+ versions:
|
| |
+ - - v1beta1
|
| |
+ + - name: v1beta1
|
| |
+ + served: true
|
| |
+ + storage: true
|
| |
+ - apiVersion: apiextensions.k8s.io/v1beta1
|
| |
+ kind: CustomResourceDefinition
|
| |
+ metadata:
|
| |
+ diff --git a/tests/test_files/bundles/verification/crdversions.valid.bundle.yaml b/tests/test_files/bundles/verification/crdversions.valid.bundle.yaml
|
| |
+ index 92f4c7a..311fa8f 100644
|
| |
+ --- a/tests/test_files/bundles/verification/crdversions.valid.bundle.yaml
|
| |
+ +++ b/tests/test_files/bundles/verification/crdversions.valid.bundle.yaml
|
| |
+ @@ -263,8 +263,12 @@ data:
|
| |
+ - packages
|
| |
+ type: object
|
| |
+ versions:
|
| |
+ - - v1alpha1
|
| |
+ - - v1beta1
|
| |
+ + - name: v1beta1
|
| |
+ + served: true
|
| |
+ + storage: true
|
| |
+ + - name: v1alpha1
|
| |
+ + served: true
|
| |
+ + storage: false
|
| |
+ - apiVersion: apiextensions.k8s.io/v1beta1
|
| |
+ kind: CustomResourceDefinition
|
| |
+ metadata:
|
| |
jhrozek
commented 3 years ago
It would be nice to upgrade to the latest upstream release, but also include additional path that fixes validation of crd.spec.versions. The patch comes from https://github.com/operator-framework/operator-courier/pull/189 so it's not merged at the moment, but the discussion in the PR seems positive.