github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
76a94fd836
kubernetes/cmd/kubeadm/app/util/config/strict/strict.go
Lubomir I. Ivanov ee5c927f06 kubeadm: improve strict validation for configuration 
- Modify VerifyUnmarshalStrict to use serializer/json instead
of sigs.k8s.io/yaml. In strict mode, the serializers
in serializer/json use the new sigs.k8s.io/json library
that also catches case sensitive errors for field names -
e.g. foo vs Foo. Include test case for that in strict/testdata.
- Move the hardcoded schemes to check to the side of the
caller - i.e. accept a slice of runtime.Scheme.
- Move the klog warnings outside of VerifyUnmarshalStrict
and make them the responsibility of the caller.
- Call VerifyUnmarshalStrict when downloading the configuration
from kubeadm-config or the kube-proxy or kubelet-config CMs.
This validation is useful if the user has manually patched the CMs.
2022-02-17 19:37:41 +02:00

50 lines
1.5 KiB
Go
Raw Blame History

/*
Copyright 2018 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package strict
import (
"github.com/pkg/errors"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/runtime/schema"
"k8s.io/apimachinery/pkg/runtime/serializer/json"
)
// VerifyUnmarshalStrict takes a slice of schems, a JSON/YAML byte slice and a GroupVersionKind
// and verifies if the schema is known and if the byte slice unmarshals with strict mode.
func VerifyUnmarshalStrict(schemes []*runtime.Scheme, gvk schema.GroupVersionKind, bytes []byte) error {
var scheme *runtime.Scheme
for _, s := range schemes {
if _, err := s.New(gvk); err == nil {
scheme = s
break
}
}
if scheme == nil {
return errors.Errorf("unknown configuration %#v", gvk)
}
opt := json.SerializerOptions{Yaml: true, Pretty: false, Strict: true}
serializer := json.NewSerializerWithOptions(json.DefaultMetaFactory, scheme, scheme, opt)
_, _, err := serializer.Decode(bytes, &gvk, nil)
if err != nil {
return errors.Wrapf(err, "error unmarshaling configuration %#v", gvk)
}
return nil
}
Reference in New Issue View Git Blame Copy Permalink