Add type declarations to g8r MatchSchema()

Kubernetes v1 CRDs require structural schemas. This means that, where possible, JSONSchemas should identify the type of a field. Fields without this type information will require the key: value pair of x-kubernetes-unknown-fields: true to be set. This signals the API server to save the content found in that field to etcd without validation. This PR adds the remaining type information to the MatchSchema() function, rendering its output structural. This func's output is what populates the `match` section of the CRD for a Constraint kind. Fixes open-policy-agent#550 Signed-off-by: juliankatz <juliankatz@google.com>
julianKatz · Apr 14, 2021 · 61ee060 · 61ee060
1 parent 65c3f85
commit 61ee060
Showing 1 changed file with 26 additions and 21 deletions.
diff --git a/pkg/target/target.go b/pkg/target/target.go
@@ -244,10 +244,21 @@ func (h *K8sValidationTarget) HandleViolation(result *types.Result) error {
 }
 
 func (h *K8sValidationTarget) MatchSchema() apiextensions.JSONSchemaProps {
-	stringList := &apiextensions.JSONSchemaPropsOrArray{
-		// nullable also allows for the empty string
-		Schema: &apiextensions.JSONSchemaProps{Type: "string", Nullable: true}}
+	// Define some repeatedly used sections
+	stringList := apiextensions.JSONSchemaProps{
+		Type: "array",
+		Items: &apiextensions.JSONSchemaPropsOrArray{
+			Schema: &apiextensions.JSONSchemaProps{Type: "string"},
+		},
+	}
+	nullableStringList := apiextensions.JSONSchemaProps{
+		Type: "array",
+		Items: &apiextensions.JSONSchemaPropsOrArray{
+			Schema: &apiextensions.JSONSchemaProps{Type: "string", Nullable: true},
+		},
+	}
 	labelSelectorSchema := apiextensions.JSONSchemaProps{
+		Type: "object",
 		Properties: map[string]apiextensions.JSONSchemaProps{
 			// Map schema validation will only work in kubernetes versions > 1.10. See https://github.com/kubernetes/kubernetes/pull/62333
 			//"matchLabels": apiextensions.JSONSchemaProps{
@@ -260,6 +271,7 @@ func (h *K8sValidationTarget) MatchSchema() apiextensions.JSONSchemaProps {
 				Type: "array",
 				Items: &apiextensions.JSONSchemaPropsOrArray{
 					Schema: &apiextensions.JSONSchemaProps{
+						Type: "object",
 						Properties: map[string]apiextensions.JSONSchemaProps{
 							"key": {Type: "string"},
 							"operator": {
@@ -271,41 +283,34 @@ func (h *K8sValidationTarget) MatchSchema() apiextensions.JSONSchemaProps {
 									"DoesNotExist",
 								},
 							},
-							"values": {
-								Type: "array",
-								Items: &apiextensions.JSONSchemaPropsOrArray{
-									Schema: &apiextensions.JSONSchemaProps{Type: "string"},
-								},
-							},
+							"values": stringList,
 						},
 					},
 				},
 			},
 		},
 	}
+
 	return apiextensions.JSONSchemaProps{
+		// needs a Type for the entire JSONSchemaProps
+		Type: "object",
 		Properties: map[string]apiextensions.JSONSchemaProps{
 			"kinds": {
 				Type: "array",
 				Items: &apiextensions.JSONSchemaPropsOrArray{
 					Schema: &apiextensions.JSONSchemaProps{
+						Type: "object",
 						Properties: map[string]apiextensions.JSONSchemaProps{
-							"apiGroups": {Items: stringList},
-							"kinds":     {Items: stringList},
+							"apiGroups": nullableStringList,
+							"kinds":     nullableStringList,
 						},
 					},
 				},
 			},
-			"namespaces": {
-				Type: "array",
-				Items: &apiextensions.JSONSchemaPropsOrArray{
-					Schema: &apiextensions.JSONSchemaProps{Type: "string"}}},
-			"excludedNamespaces": {
-				Type: "array",
-				Items: &apiextensions.JSONSchemaPropsOrArray{
-					Schema: &apiextensions.JSONSchemaProps{Type: "string"}}},
-			"labelSelector":     labelSelectorSchema,
-			"namespaceSelector": labelSelectorSchema,
+			"namespaces":         stringList,
+			"excludedNamespaces": stringList,
+			"labelSelector":      labelSelectorSchema,
+			"namespaceSelector":  labelSelectorSchema,
 			"scope": {
 				Type: "string",
 				Enum: []apiextensions.JSON{