Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CustomResourceDefinition schemas should support $ref #91669

Closed
Jc2k opened this issue Jun 2, 2020 · 2 comments
Closed

CustomResourceDefinition schemas should support $ref #91669

Jc2k opened this issue Jun 2, 2020 · 2 comments
Labels
area/custom-resources kind/feature Categorizes issue or PR as related to a new feature. sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery.

Comments

@Jc2k
Copy link

Jc2k commented Jun 2, 2020
edited

What would you like to be added:

I would like to be able to use$ref as part of a CRD schema to enable a somewhat recursive schema to apply validation to child values in a map. Here is a simple JSON schema that shows what I mean.

(When i first opened the ticket I thought I needed patternProperties, and the ticket was about supporting that, but it looks like I should be able to do this with additionalProperties instead?)

{
    "type": "object",
    "oneOf": [
        {
            "properties": {
                "type": {
                    "type": "string",
                    "enum": [
                        "text",
                        "number",
                        "ip",
                    ]
                },
                "description": {
                    "type": "string"
                }
            },
            "additionalProperties": false
        },
        {
            "properties": {
                "type": {
                    "type": "string",
                    "enum": [
                        "object"
                    ]
                },
                "description": {
                    "type": "string"
                },
                "properties": {
                    "type": "object",
                    "additionalProperties": {"$ref": "#"}
                }
            },
            "additionalProperties": false
        }
    ]
}

The intention is to ultimately enable something like:

spec:
  mapping:
    type: object
    properties:
        foo:
          type: string
        bar:
          type: object
          properties:
            baz:
              type: string

As you can see the field names are not known at CRD creation time. This is part of a "glue" operator - generating various configs and "sticking" together various Deployments according to best practice. So I cannot lock down the field names or avoid the recursion.

While I've been able to mock up the validation in JSON schema, obviously kubernetes imposes its own restrictions on top and also uses openapi 3.0, not jsonschema, which is both a subset and a superset of jsonschema. While OpenAPI has shifted from being a subset AND superset of JSON schema in 3.0 to being a superset of JSON schema draft 7 in OpenAPI 3.1, that doesn't help because Kubernetes is still a subset in its own right.

Why is this needed:

Right now, it looks like something like this /might/ allow CRD instances to be created?

{
            "type": "object",
            "properties": {
              "type": {
                "type": "string",
                "enum": ["text", "object"],
              },
              "properties": {
                "type": "object",
                "additionalProperties": true
              }
            }
}

But without nesting, the validation is inadequate and will probably need a admission webhook just to run a full jsonschema validation pass in addition to a minimal CRD one.

I'm also not sure of the implications here for structural schemas, as additionalProperties: true don't feel very structural when the schema of the value is not specified? Would this even be a valid structural schema? It seems like recursive approach might give kubernetes more clues about the structure of a schema than additionalProperties: true can.
@Jc2k Jc2k added the kind/feature Categorizes issue or PR as related to a new feature. label Jun 2, 2020
@k8s-ci-robot k8s-ci-robot added the needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. label Jun 2, 2020
@Jc2k
Copy link
Author

Jc2k commented Jun 2, 2020

Related: #59485

/sig api-machinery
/area custom-resources

@k8s-ci-robot k8s-ci-robot added sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. area/custom-resources and removed needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. labels Jun 2, 2020
@Jc2k Jc2k changed the title CustomResourceDefinition schemas should support patternProperties CustomResourceDefinition schemas should support $ref / patternProperties Jun 2, 2020
@Jc2k Jc2k changed the title CustomResourceDefinition schemas should support $ref / patternProperties CustomResourceDefinition schemas should support $ref Jun 2, 2020
@liggitt
Copy link
Member

liggitt commented Jun 2, 2020

Thanks for the request. This is a duplicate of #62872

@liggitt liggitt closed this as completed Jun 2, 2020
@mwylde mwylde mentioned this issue Jun 18, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/custom-resources kind/feature Categorizes issue or PR as related to a new feature. sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Jc2k @liggitt @k8s-ci-robot