pkg/cdi,schema: add schema-based Spec validation.

Add boilerplate code for load-time Spec file validation using
a built-in or externally-provided JSON schema. Validate Spec
files during loading.

Signed-off-by: Krisztian Litkey <[email protected]>

Author: klihub

pkg/cdi/doc.go

@@ -127,4 +127,24 @@
 // The default directories are '/etc/cdi' and '/var/run/cdi'. By putting
 // dynamically generated Spec files under '/var/run/cdi', those take
 // precedence over static ones in '/etc/cdi'.
+//
+// CDI Spec Validation
+//
+// This package performs both syntactic and semantic validation of CDI
+// Spec file data when a Spec file is loaded via the registry or using
+// the ReadSpec API function. As part of the semantic verification, the
+// Spec file is verified against the CDI Spec JSON validation schema.
+//
+// If a valid externally provided JSON validation schema is found in
+// the filesystem at /etc/cdi/schema/schema.json it is loaded and used
+// as the default validation schema. If such a file is not found or
+// fails to load, an embedded no-op schema is used.
+//
+// The used validation schema can also be changed programmatically using
+// the SetSchema API convenience function. This function also accepts
+// the special "builtin" (BuiltinSchemaName) and "none" (NoneSchemaName)
+// schema names which switch the used schema to the in-repo validation
+// schema embedded into the binary or the now default no-op schema
+// correspondingly. Other names are interpreted as the path to the actual
+/// validation schema to load and use.
 package cdi

pkg/cdi/schema.go

@@ -0,0 +1,46 @@
+/*
+   Copyright © 2022 The CDI Authors
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package cdi
+
+import (
+	"github.com/container-orchestrated-devices/container-device-interface/schema"
+	cdi "github.com/container-orchestrated-devices/container-device-interface/specs-go"
+)
+
+const (
+	// DefaultExternalSchema is the JSON schema to load if found.
+	DefaultExternalSchema = "/etc/cdi/schema/schema.json"
+)
+
+// SetSchema sets the Spec JSON validation schema to use.
+func SetSchema(name string) error {
+	s, err := schema.Load(name)
+	if err != nil {
+		return err
+	}
+	schema.Set(s)
+	return nil
+}
+
+// Validate CDI Spec against JSON Schema.
+func validateWithSchema(raw *cdi.Spec) error {
+	return schema.ValidateType(raw)
+}
+
+func init() {
+	SetSchema(DefaultExternalSchema)
+}

pkg/cdi/spec.go

@@ -72,15 +72,23 @@ func ReadSpec(path string, priority int) (*Spec, error) {
 		return nil, errors.Errorf("failed to parse CDI Spec %q, no Spec data", path)
 	}
 
-	return NewSpec(raw, path, priority)
+	spec, err := NewSpec(raw, path, priority)
+	if err != nil {
+		return nil, err
+	}
+
+	return spec, nil
 }
 
 // NewSpec creates a new Spec from the given CDI Spec data. The
 // Spec is marked as loaded from the given path with the given
 // priority. If Spec data validation fails NewSpec returns a nil
 // Spec and an error.
 func NewSpec(raw *cdi.Spec, path string, priority int) (*Spec, error) {
-	var err error
+	err := validateWithSchema(raw)
+	if err != nil {
+		return nil, err
+	}
 
 	spec := &Spec{
 		Spec:     raw,
@@ -178,11 +186,5 @@ func parseSpec(data []byte) (*cdi.Spec, error) {
 	if err != nil {
 		return nil, errors.Wrap(err, "failed to unmarshal CDI Spec")
 	}
-	return raw, validateJSONSchema(raw)
-}
-
-// Validate CDI Spec against JSON Schema.
-func validateJSONSchema(raw *cdi.Spec) error {
-	// TODO
-	return nil
+	return raw, nil
 }

pkg/cdi/spec_test.go

@@ -101,6 +101,7 @@ func TestNewSpec(t *testing.T) {
 		name       string
 		data       string
 		unparsable bool
+		schemaFail bool
 		invalid    bool
 	}
 	for _, tc := range []*testCase{
@@ -121,7 +122,7 @@ devices:
       env:
         - "FOO=BAR"
 `,
-			invalid: true,
+			schemaFail: true,
 		},
 		{
 			name: "invalid, invalid CDI version",
@@ -146,7 +147,7 @@ devices:
       env:
         - "FOO=BAR"
 `,
-			invalid: true,
+			schemaFail: true,
 		},
 		{
 			name: "invalid, invalid vendor",
@@ -175,14 +176,14 @@ devices:
 			invalid: true,
 		},
 		{
-			name: "invalid, invalid device",
+			name: "invalid, missing required edits",
 			data: `
 cdiVersion: "0.3.0"
 kind: vendor.com/device
 devices:
   - name: "dev1"
 `,
-			invalid: true,
+			schemaFail: true,
 		},
 		{
 			name: "invalid, conflicting devices",
@@ -241,7 +242,7 @@ devices:
 			require.NoError(t, err)
 
 			spec, err = NewSpec(raw, tc.name, 0)
-			if tc.invalid {
+			if tc.invalid || tc.schemaFail {
 				require.Error(t, err)
 				require.Nil(t, spec)
 				return