Add a swagger schema validator, for validating client side json files.

pkg/api/validation/schema.go

@@ -0,0 +1,142 @@
+/*
+Copyright 2014 Google Inc. All rights reserved.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package validation
+
+import (
+	"encoding/json"
+	"fmt"
+	"reflect"
+	"strings"
+
+	"github.com/emicklei/go-restful/swagger"
+	"github.com/golang/glog"
+)
+
+type InvalidTypeError struct {
+	ExpectedKind reflect.Kind
+	ObservedKind reflect.Kind
+	FieldName    string
+}
+
+func (i *InvalidTypeError) Error() string {
+	return fmt.Sprintf("expected type %s, for field %s, got %s", i.ExpectedKind.String(), i.FieldName, i.ObservedKind.String())
+}
+
+func NewInvalidTypeError(expected reflect.Kind, observed reflect.Kind, fieldName string) error {
+	return &InvalidTypeError{expected, observed, fieldName}
+}
+
+type Schema struct {
+	api swagger.ApiDeclaration
+}
+
+func NewSchemaFromBytes(data []byte) (*Schema, error) {
+	schema := &Schema{}
+	err := json.Unmarshal(data, &schema.api)
+	if err != nil {
+		return nil, err
+	}
+	return schema, nil
+}
+
+func (s *Schema) ValidateBytes(data []byte) error {
+	var obj interface{}
+	err := json.Unmarshal(data, &obj)
+	if err != nil {
+		return err
+	}
+	fields := obj.(map[string]interface{})
+	apiVersion := fields["apiVersion"].(string)
+	kind := fields["kind"].(string)
+	return s.ValidateObject(obj, apiVersion, "", apiVersion+"."+kind)
+}
+
+func (s *Schema) ValidateObject(obj interface{}, apiVersion, fieldName, typeName string) error {
+	models := s.api.Models
+	// TODO: handle required fields here too.
+	model, ok := models[typeName]
+	if !ok {
+		glog.V(2).Infof("couldn't find type: %s, skipping validation", typeName)
+		return nil
+	}
+	properties := model.Properties
+	fields := obj.(map[string]interface{})
+	if len(fieldName) > 0 {
+		fieldName = fieldName + "."
+	}
+	for key, value := range fields {
+		details, ok := properties[key]
+		if !ok {
+			glog.V(2).Infof("couldn't find properties for %s, skipping", key)
+			continue
+		}
+		fieldType := *details.Type
+		if value == nil {
+			glog.V(2).Infof("Skipping nil field: %s", key)
+			continue
+		}
+		err := s.validateField(value, apiVersion, fieldName+key, fieldType, &details)
+		if err != nil {
+			glog.Errorf("Validation failed for: %s, %v", key, value)
+			return err
+		}
+	}
+	return nil
+}
+
+func (s *Schema) validateField(value interface{}, apiVersion, fieldName, fieldType string, fieldDetails *swagger.ModelProperty) error {
+	if strings.HasPrefix(fieldType, apiVersion) {
+		return s.ValidateObject(value, apiVersion, fieldName, fieldType)
+	}
+	switch fieldType {
+	case "string":
+		// Be loose about what we accept for 'string' since we use IntOrString in a couple of places
+		_, isString := value.(string)
+		_, isNumber := value.(float64)
+		if !isString && !isNumber {
+			return NewInvalidTypeError(reflect.String, reflect.TypeOf(value).Kind(), fieldName)
+		}
+	case "array":
+		arr, ok := value.([]interface{})
+		if !ok {
+			return NewInvalidTypeError(reflect.Array, reflect.TypeOf(value).Kind(), fieldName)
+		}
+		arrType := *fieldDetails.Items[0].Ref
+		for ix := range arr {
+			err := s.validateField(arr[ix], apiVersion, fmt.Sprintf("%s[%d]", fieldName, ix), arrType, nil)
+			if err != nil {
+				return err
+			}
+		}
+	case "uint64":
+	case "integer":
+		if _, ok := value.(float64); !ok {
+			return NewInvalidTypeError(reflect.Int, reflect.TypeOf(value).Kind(), fieldName)
+		}
+	case "float64":
+		if _, ok := value.(float64); !ok {
+			return NewInvalidTypeError(reflect.Float64, reflect.TypeOf(value).Kind(), fieldName)
+		}
+	case "boolean":
+		if _, ok := value.(bool); !ok {
+			return NewInvalidTypeError(reflect.Bool, reflect.TypeOf(value).Kind(), fieldName)
+		}
+	default:
+		return fmt.Errorf("unexpected type: %v", fieldType)
+	}
+	return nil
+}

pkg/api/validation/schema_test.go

@@ -0,0 +1,279 @@
+/*
+Copyright 2014 Google Inc. All rights reserved.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package validation
+
+import (
+	"io/ioutil"
+	"strconv"
+	"testing"
+
+	"github.com/GoogleCloudPlatform/kubernetes/pkg/api"
+	"github.com/GoogleCloudPlatform/kubernetes/pkg/api/v1beta1"
+	"github.com/GoogleCloudPlatform/kubernetes/pkg/runtime"
+	"github.com/GoogleCloudPlatform/kubernetes/pkg/util"
+
+	docker "github.com/fsouza/go-dockerclient"
+	fuzz "github.com/google/gofuzz"
+)
+
+func LoadSchemaForTest(file string) (*Schema, error) {
+	data, err := ioutil.ReadFile(file)
+	if err != nil {
+		return nil, err
+	}
+	return NewSchemaFromBytes(data)
+}
+
+// TODO: this is cloned from serialization_test.go, refactor to somewhere common like util
+// apiObjectFuzzer can randomly populate api objects.
+var apiObjectFuzzer = fuzz.New().NilChance(.5).NumElements(1, 1).Funcs(
+	func(j *runtime.PluginBase, c fuzz.Continue) {
+		// Do nothing; this struct has only a Kind field and it must stay blank in memory.
+	},
+	func(j *runtime.TypeMeta, c fuzz.Continue) {
+		// We have to customize the randomization of TypeMetas because their
+		// APIVersion and Kind must remain blank in memory.
+		j.APIVersion = ""
+		j.Kind = ""
+
+		j.Name = c.RandString()
+		// TODO: Fix JSON/YAML packages and/or write custom encoding
+		// for uint64's. Somehow the LS *byte* of this is lost, but
+		// only when all 8 bytes are set.
+		j.ResourceVersion = strconv.FormatUint(c.RandUint64()>>8, 10)
+		j.SelfLink = c.RandString()
+
+		var sec, nsec int64
+		c.Fuzz(&sec)
+		c.Fuzz(&nsec)
+		j.CreationTimestamp = util.Unix(sec, nsec).Rfc3339Copy()
+	},
+	func(j *api.TypeMeta, c fuzz.Continue) {
+		// We have to customize the randomization of TypeMetas because their
+		// APIVersion and Kind must remain blank in memory.
+		j.APIVersion = ""
+		j.Kind = ""
+	},
+	func(j *api.ObjectMeta, c fuzz.Continue) {
+		j.Name = c.RandString()
+		// TODO: Fix JSON/YAML packages and/or write custom encoding
+		// for uint64's. Somehow the LS *byte* of this is lost, but
+		// only when all 8 bytes are set.
+		j.ResourceVersion = strconv.FormatUint(c.RandUint64()>>8, 10)
+		j.SelfLink = c.RandString()
+
+		var sec, nsec int64
+		c.Fuzz(&sec)
+		c.Fuzz(&nsec)
+		j.CreationTimestamp = util.Unix(sec, nsec).Rfc3339Copy()
+	},
+	func(j *api.ListMeta, c fuzz.Continue) {
+		// TODO: Fix JSON/YAML packages and/or write custom encoding
+		// for uint64's. Somehow the LS *byte* of this is lost, but
+		// only when all 8 bytes are set.
+		j.ResourceVersion = strconv.FormatUint(c.RandUint64()>>8, 10)
+		j.SelfLink = c.RandString()
+	},
+	func(j *api.PodCondition, c fuzz.Continue) {
+		statuses := []api.PodCondition{api.PodPending, api.PodRunning, api.PodFailed}
+		*j = statuses[c.Rand.Intn(len(statuses))]
+	},
+	func(j *api.ReplicationControllerSpec, c fuzz.Continue) {
+		// TemplateRef must be nil for round trip
+		c.Fuzz(&j.Template)
+		if j.Template == nil {
+			// TODO: v1beta1/2 can't round trip a nil template correctly, fix by having v1beta1/2
+			// conversion compare converted object to nil via DeepEqual
+			j.Template = &api.PodTemplateSpec{}
+		}
+		j.Template.ObjectMeta = api.ObjectMeta{Labels: j.Template.ObjectMeta.Labels}
+		j.Template.Spec.NodeSelector = nil
+		c.Fuzz(&j.Selector)
+		j.Replicas = int(c.RandUint64())
+	},
+	func(j *api.ReplicationControllerStatus, c fuzz.Continue) {
+		// only replicas round trips
+		j.Replicas = int(c.RandUint64())
+	},
+	func(intstr *util.IntOrString, c fuzz.Continue) {
+		// util.IntOrString will panic if its kind is set wrong.
+		if c.RandBool() {
+			intstr.Kind = util.IntstrInt
+			intstr.IntVal = int(c.RandUint64())
+			intstr.StrVal = ""
+		} else {
+			intstr.Kind = util.IntstrString
+			intstr.IntVal = 0
+			intstr.StrVal = c.RandString()
+		}
+	},
+	func(u64 *uint64, c fuzz.Continue) {
+		// TODO: uint64's are NOT handled right.
+		*u64 = c.RandUint64() >> 8
+	},
+	func(pb map[docker.Port][]docker.PortBinding, c fuzz.Continue) {
+		// This is necessary because keys with nil values get omitted.
+		// TODO: Is this a bug?
+		pb[docker.Port(c.RandString())] = []docker.PortBinding{
+			{c.RandString(), c.RandString()},
+			{c.RandString(), c.RandString()},
+		}
+	},
+	func(pm map[string]docker.PortMapping, c fuzz.Continue) {
+		// This is necessary because keys with nil values get omitted.
+		// TODO: Is this a bug?
+		pm[c.RandString()] = docker.PortMapping{
+			c.RandString(): c.RandString(),
+		}
+	},
+)
+
+func TestLoad(t *testing.T) {
+	_, err := LoadSchemaForTest("v1beta1-swagger.json")
+	if err != nil {
+		t.Errorf("Failed to load: %v", err)
+	}
+}
+
+func TestValidateOk(t *testing.T) {
+	schema, err := LoadSchemaForTest("v1beta1-swagger.json")
+	if err != nil {
+		t.Errorf("Failed to load: %v", err)
+	}
+	tests := []struct {
+		obj      runtime.Object
+		typeName string
+	}{
+		{obj: &api.Pod{}},
+		{obj: &api.Service{}},
+		{obj: &api.ReplicationController{}},
+	}
+
+	for i := 0; i < 5; i++ {
+		for _, test := range tests {
+			testObj := test.obj
+			apiObjectFuzzer.Fuzz(testObj)
+			data, err := v1beta1.Codec.Encode(testObj)
+			if err != nil {
+				t.Errorf("unexpected error: %v", err)
+			}
+			err = schema.ValidateBytes(data)
+			if err != nil {
+				t.Errorf("unexpected error: %v", err)
+			}
+		}
+	}
+}
+
+var invalidPod = `{
+  "id": "name",
+  "kind": "Pod",
+  "apiVersion": "v1beta1",
+  "desiredState": {
+    "manifest": {
+      "version": "v1beta1",
+      "id": "redis-master",
+      "containers": [{
+        "name": "master",
+        "image": "dockerfile/redis",
+        "command": "this is a bad command",
+      }]
+    }
+  },
+  "labels": {
+    "name": "redis-master"
+  }
+}
+`
+
+var invalidPod2 = `{
+  "apiVersion": "v1beta1",
+  "kind": "Pod",
+  "id": "apache-php",
+  "desiredState": {
+    "manifest": {
+      "version": "v1beta1",
+      "id": "apache-php",
+      "containers": [
+             {
+           "name": "apache-php",
+           "image": "php:5.6.2-apache",
+           "ports": [{ "name": "apache", "containerPort": 80, "hostPort":"13380", "protocol":"TCP" }],
+           "volumeMounts": [{"name": "shared-disk","mountPath": "/var/www/html", "readOnly": false}]
+        }
+           ]
+    }
+  },
+  "labels": { "name": "apache-php" },
+  "restartPolicy": {"always": {}},
+  "volumes": [
+    "name": "shared-disk",
+    "source": {
+      "GCEPersistentDisk": {
+        "path": "shared-disk"
+      }
+    }
+  ]
+}
+`
+
+var invalidPod3 = `{
+  "apiVersion": "v1beta1",
+  "kind": "Pod",
+  "id": "apache-php",
+  "desiredState": {
+    "manifest": {
+      "version": "v1beta1",
+      "id": "apache-php",
+      "containers": [
+             {
+           "name": "apache-php",
+           "image": "php:5.6.2-apache",
+           "ports": [{ "name": "apache", "containerPort": 80, "hostPort":"13380", "protocol":"TCP" }],
+           "volumeMounts": [{"name": "shared-disk","mountPath": "/var/www/html", "readOnly": false}]
+        }
+           ]
+    }
+  },
+  "labels": { "name": "apache-php" },
+  "restartPolicy": {"always": {}},
+  "volumes": [
+    {
+      "name": "shared-disk",
+      "source": {
+        "GCEPersistentDisk": {
+          "path": "shared-disk"
+        }
+      }
+    }
+  ]
+}
+`
+
+func TestInvalid(t *testing.T) {
+	schema, err := LoadSchemaForTest("v1beta1-swagger.json")
+	if err != nil {
+		t.Errorf("Failed to load: %v", err)
+	}
+	tests := []string{invalidPod, invalidPod2}
+	for _, test := range tests {
+		err = schema.ValidateBytes([]byte(test))
+		if err == nil {
+			t.Errorf("unexpected non-error\n%s", test)
+		}
+	}
+}