Merge pull request #54 from klihub/devel/schema-based-validation

devel: perform schema-based Spec validation while loading Specs.

Author: elezar

Makefile

@@ -8,7 +8,7 @@ GO_VET   := $(GO_CMD) vet
 
 CDI_PKG  := $(shell grep ^module go.mod | sed 's/^module *//g')
 
-BINARIES := bin/cdi
+BINARIES := bin/cdi bin/validate
 
 ifneq ($(V),1)
   Q := @
@@ -70,7 +70,7 @@ test-gopkgs:
 	$(Q)$(GO_TEST) ./...
 
 # tests for CDI Spec JSON schema
-test-schema:
+test-schema: bin/validate
 	$(Q)echo "Building in schema..."; \
 	$(MAKE) -C schema test
 
@@ -79,6 +79,8 @@ test-schema:
 # dependencies
 #
 
+bin/validate: cmd/validate/validate.go $(wildcard schema/*.json)
+
 # quasi-automatic dependency for bin/cdi
 bin/cdi: $(wildcard cmd/cdi/*.go cmd/cdi/cmd/*.go) $(shell \
             for dir in \

cmd/cdi/cmd/cdi-api.go

@@ -345,7 +345,7 @@ func cdiPrintRegistryErrors() {
 	for path, specErrors := range cdiErrors {
 		fmt.Printf("Spec file %s:\n", path)
 		for idx, err := range specErrors {
-			fmt.Printf("  %d: %v", idx, err)
+			fmt.Printf("  %d: %v\n", idx, strings.TrimRight(err.Error(), "\n"))
 		}
 	}
 }

cmd/cdi/cmd/root.go

@@ -17,12 +17,18 @@
 package cmd
 
 import (
+	"fmt"
+	"os"
+
 	"github.com/spf13/cobra"
 
 	"github.com/container-orchestrated-devices/container-device-interface/pkg/cdi"
 )
 
-var specDirs []string
+var (
+	specDirs   []string
+	schemaName string
+)
 
 // rootCmd represents the base command when called without any subcommands
 var rootCmd = &cobra.Command{
@@ -48,9 +54,16 @@ func Execute() {
 func init() {
 	cobra.OnInitialize(initSpecDirs)
 	rootCmd.PersistentFlags().StringSliceVarP(&specDirs, "spec-dirs", "d", nil, "directories to scan for CDI Spec files")
+	rootCmd.PersistentFlags().StringVarP(&schemaName, "schema", "s", "builtin", "JSON schema to use for validation")
 }
 
 func initSpecDirs() {
+	err := cdi.SetSchema(schemaName)
+	if err != nil {
+		fmt.Printf("failed to load JSON schema %s: %v\n", schemaName, err)
+		os.Exit(1)
+	}
+
 	if len(specDirs) > 0 {
 		cdi.GetRegistry(cdi.WithSpecDirs(specDirs...))
 		if len(cdi.GetRegistry().GetErrors()) > 0 {

cmd/cdi/cmd/validate.go

@@ -40,9 +40,6 @@ were reported by the registry.`,
 			return
 		}
 
-		fmt.Printf("CDI Registry has errors:\n")
-		cdiPrintRegistryErrors()
-
 		os.Exit(1)
 	},
 }

cmd/validate/validate.go

@@ -0,0 +1,102 @@
+/*
+ * Original code from: https://github.com/opencontainers/runtime-spec/blob/643c1429d905bba70fe977bae274f367ad101e73/schema/validate.go
+ * Changes:
+ *  - Output errors to stderr
+ *  - Refactored to use package-internal validation library
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package main
+
+import (
+	"flag"
+	"fmt"
+	"io/ioutil"
+	"os"
+
+	"github.com/container-orchestrated-devices/container-device-interface/schema"
+)
+
+const usage = `Validate is used to check document with specified schema.
+You can use validate in following ways:
+
+   1.specify document file as an argument
+      validate --schema <schema.json> <document.json>
+
+   2.pass document content through a pipe
+      cat <document.json> | validate --schema <schema.json>
+
+   3.input document content manually, ended with ctrl+d(or your self-defined EOF keys)
+      validate --schema <schema.json>
+      [INPUT DOCUMENT CONTENT HERE]
+`
+
+func main() {
+	var (
+		schemaFile string
+		docFile    string
+		docData    []byte
+		err        error
+		exitCode   int
+	)
+
+	flag.Usage = func() {
+		fmt.Fprintf(flag.CommandLine.Output(), "%s\n", usage)
+		fmt.Fprintf(flag.CommandLine.Output(), "Usage of %s:\n", os.Args[0])
+		flag.PrintDefaults()
+	}
+
+	flag.StringVar(&schemaFile, "schema", "builtin", "JSON Schema to validate against")
+	flag.Parse()
+
+	if schemaFile != "" {
+		scm, err := schema.Load(schemaFile)
+		if err != nil {
+			fmt.Fprintf(os.Stderr, "failed to load schema %s: %v\n", schemaFile, err)
+			os.Exit(1)
+		}
+		schema.Set(scm)
+		fmt.Printf("Validating against JSON schema %s...\n", schemaFile)
+	} else {
+		fmt.Printf("Validating against builtin JSON schema...\n")
+	}
+
+	docs := flag.Args()
+	if len(docs) == 0 {
+		docs = []string{"-"}
+	}
+
+	for _, docFile = range docs {
+		if docFile == "" || docFile == "-" {
+			docFile = "<stdin>"
+			docData, err = ioutil.ReadAll(os.Stdin)
+			if err != nil {
+				fmt.Fprintf(os.Stderr, "failed to read document data from stdin: %v\n", err)
+				os.Exit(1)
+			}
+			err = schema.ValidateData(docData)
+		} else {
+			err = schema.ValidateFile(docFile)
+		}
+
+		if err != nil {
+			fmt.Fprintf(os.Stderr, "%s: validation failed:\n    %v\n", docFile, err)
+			exitCode = 1
+		} else {
+			fmt.Printf("%s: document is valid.\n", docFile)
+		}
+	}
+
+	os.Exit(exitCode)
+}

pkg/cdi/doc.go

@@ -127,4 +127,24 @@
 // The default directories are '/etc/cdi' and '/var/run/cdi'. By putting
 // dynamically generated Spec files under '/var/run/cdi', those take
 // precedence over static ones in '/etc/cdi'.
+//
+// CDI Spec Validation
+//
+// This package performs both syntactic and semantic validation of CDI
+// Spec file data when a Spec file is loaded via the registry or using
+// the ReadSpec API function. As part of the semantic verification, the
+// Spec file is verified against the CDI Spec JSON validation schema.
+//
+// If a valid externally provided JSON validation schema is found in
+// the filesystem at /etc/cdi/schema/schema.json it is loaded and used
+// as the default validation schema. If such a file is not found or
+// fails to load, an embedded no-op schema is used.
+//
+// The used validation schema can also be changed programmatically using
+// the SetSchema API convenience function. This function also accepts
+// the special "builtin" (BuiltinSchemaName) and "none" (NoneSchemaName)
+// schema names which switch the used schema to the in-repo validation
+// schema embedded into the binary or the now default no-op schema
+// correspondingly. Other names are interpreted as the path to the actual
+/// validation schema to load and use.
 package cdi

pkg/cdi/schema.go

@@ -0,0 +1,46 @@
+/*
+   Copyright © 2022 The CDI Authors
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package cdi
+
+import (
+	"github.com/container-orchestrated-devices/container-device-interface/schema"
+	cdi "github.com/container-orchestrated-devices/container-device-interface/specs-go"
+)
+
+const (
+	// DefaultExternalSchema is the JSON schema to load if found.
+	DefaultExternalSchema = "/etc/cdi/schema/schema.json"
+)
+
+// SetSchema sets the Spec JSON validation schema to use.
+func SetSchema(name string) error {
+	s, err := schema.Load(name)
+	if err != nil {
+		return err
+	}
+	schema.Set(s)
+	return nil
+}
+
+// Validate CDI Spec against JSON Schema.
+func validateWithSchema(raw *cdi.Spec) error {
+	return schema.ValidateType(raw)
+}
+
+func init() {
+	SetSchema(DefaultExternalSchema)
+}

pkg/cdi/spec.go

@@ -72,15 +72,23 @@ func ReadSpec(path string, priority int) (*Spec, error) {
 		return nil, errors.Errorf("failed to parse CDI Spec %q, no Spec data", path)
 	}
 
-	return NewSpec(raw, path, priority)
+	spec, err := NewSpec(raw, path, priority)
+	if err != nil {
+		return nil, err
+	}
+
+	return spec, nil
 }
 
 // NewSpec creates a new Spec from the given CDI Spec data. The
 // Spec is marked as loaded from the given path with the given
 // priority. If Spec data validation fails NewSpec returns a nil
 // Spec and an error.
 func NewSpec(raw *cdi.Spec, path string, priority int) (*Spec, error) {
-	var err error
+	err := validateWithSchema(raw)
+	if err != nil {
+		return nil, err
+	}
 
 	spec := &Spec{
 		Spec:     raw,
@@ -178,11 +186,5 @@ func parseSpec(data []byte) (*cdi.Spec, error) {
 	if err != nil {
 		return nil, errors.Wrap(err, "failed to unmarshal CDI Spec")
 	}
-	return raw, validateJSONSchema(raw)
-}
-
-// Validate CDI Spec against JSON Schema.
-func validateJSONSchema(raw *cdi.Spec) error {
-	// TODO
-	return nil
+	return raw, nil
 }

pkg/cdi/spec_test.go

@@ -101,6 +101,7 @@ func TestNewSpec(t *testing.T) {
 		name       string
 		data       string
 		unparsable bool
+		schemaFail bool
 		invalid    bool
 	}
 	for _, tc := range []*testCase{
@@ -121,7 +122,7 @@ devices:
       env:
         - "FOO=BAR"
 `,
-			invalid: true,
+			schemaFail: true,
 		},
 		{
 			name: "invalid, invalid CDI version",
@@ -146,7 +147,7 @@ devices:
       env:
         - "FOO=BAR"
 `,
-			invalid: true,
+			schemaFail: true,
 		},
 		{
 			name: "invalid, invalid vendor",
@@ -175,14 +176,14 @@ devices:
 			invalid: true,
 		},
 		{
-			name: "invalid, invalid device",
+			name: "invalid, missing required edits",
 			data: `
 cdiVersion: "0.3.0"
 kind: vendor.com/device
 devices:
   - name: "dev1"
 `,
-			invalid: true,
+			schemaFail: true,
 		},
 		{
 			name: "invalid, conflicting devices",
@@ -241,7 +242,7 @@ devices:
 			require.NoError(t, err)
 
 			spec, err = NewSpec(raw, tc.name, 0)
-			if tc.invalid {
+			if tc.invalid || tc.schemaFail {
 				require.Error(t, err)
 				require.Nil(t, spec)
 				return

schema/Makefile

@@ -1,14 +1,14 @@
-build:
-	go build ./validate.go
+VALIDATE ?= ../bin/validate
+SCHEMA ?= schema.json
 
-test: build
+test:
 	@FMT_RED=$$(tput setaf 1); \
 	FMT_BLUE=$$(tput setaf 12); \
 	FMT_CLEAR=$$(tput sgr0); \
 	echo "Running Good Tests"; \
 	for FILE in $$(ls "testdata/good"); do \
 		FILE_PATH="testdata/good/$${FILE}"; \
-		if ./validate "schema.json" "$${FILE_PATH}" > /dev/null ; then \
+		if $(VALIDATE) --schema "$(SCHEMA)" "$${FILE_PATH}" > /dev/null ; then \
 			printf '%s[OK]%s %s\n' "$${FMT_BLUE}" "$${FMT_CLEAR}" "$${FILE_PATH}"; \
 		else \
 			printf '%s[KO]%s %s\n' "$${FMT_RED}" "$${FMT_CLEAR}" "$${FILE_PATH}"; \
@@ -18,7 +18,7 @@ test: build
 	echo "Running Bad Tests"; \
 	for FILE in $$(ls "testdata/bad"); do \
 		FILE_PATH="testdata/bad/$${FILE}"; \
-		if ./validate "schema.json" "$${FILE_PATH}" > /dev/null ; then \
+		if $(VALIDATE) --schema "$(SCHEMA)" "$${FILE_PATH}" > /dev/null ; then \
 			printf '%s[KO]%s %s\n' "$${FMT_RED}" "$${FMT_CLEAR}" "$${FILE_PATH}"; \
 			exit 1; \
 		else \