Merge pull request kubernetes#77554 from sttts/sttts-structural-publishing

apiextensions: publish (only) structural OpenAPI schemas

Author: k8s-ci-robot

staging/src/k8s.io/apiextensions-apiserver/go.mod

@@ -16,6 +16,7 @@ require (
 	github.com/go-openapi/strfmt v0.17.0
 	github.com/go-openapi/validate v0.18.0
 	github.com/gogo/protobuf v0.0.0-20171007142547-342cbe0a0415
+	github.com/google/go-cmp v0.3.0
 	github.com/google/gofuzz v0.0.0-20170612174753-24818f796faf
 	github.com/googleapis/gnostic v0.0.0-20170729233727-0c5108395e2d
 	github.com/inconshreveable/mousetrap v1.0.0 // indirect

staging/src/k8s.io/apiextensions-apiserver/pkg/apiserver/schema/BUILD

@@ -7,6 +7,7 @@ go_library(
         "convert.go",
         "goopenapi.go",
         "structural.go",
+        "unfold.go",
         "validation.go",
         "visitor.go",
         "zz_generated.deepcopy.go",

staging/src/k8s.io/apiextensions-apiserver/pkg/apiserver/schema/unfold.go

@@ -0,0 +1,63 @@
+/*
+Copyright 2019 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package schema
+
+// Unfold expands vendor extensions of a structural schema.
+// It mutates the receiver.
+func (s *Structural) Unfold() *Structural {
+	if s == nil {
+		return nil
+	}
+
+	mapper := Visitor{
+		Structural: func(s *Structural) bool {
+			if !s.XIntOrString {
+				return false
+			}
+
+			skipAnyOf := isIntOrStringAnyOfPattern(s)
+			skipFirstAllOfAnyOf := isIntOrStringAllOfPattern(s)
+			if skipAnyOf || skipFirstAllOfAnyOf {
+				return false
+			}
+
+			if s.AnyOf == nil {
+				s.AnyOf = []NestedValueValidation{
+					{ForbiddenGenerics: Generic{Type: "integer"}},
+					{ForbiddenGenerics: Generic{Type: "string"}},
+				}
+			} else {
+				s.AllOf = append([]NestedValueValidation{
+					{
+						ValueValidation: ValueValidation{
+							AnyOf: []NestedValueValidation{
+								{ForbiddenGenerics: Generic{Type: "integer"}},
+								{ForbiddenGenerics: Generic{Type: "string"}},
+							},
+						},
+					},
+				}, s.AllOf...)
+			}
+
+			return true
+		},
+		NestedValueValidation: nil, // x-kubernetes-int-or-string cannot be set in nested value validation
+	}
+	mapper.Visit(s)
+
+	return s
+}

staging/src/k8s.io/apiextensions-apiserver/pkg/apiserver/schema/validation.go

@@ -97,15 +97,8 @@ func validateStructuralInvariants(s *Structural, lvl level, fldPath *field.Path)
 	//      - type: integer
 	//      - type: string
 	//    - ... zero or more
-	skipAnyOf := false
-	skipFirstAllOfAnyOf := false
-	if s.XIntOrString && s.ValueValidation != nil {
-		if len(s.ValueValidation.AnyOf) == 2 && reflect.DeepEqual(s.ValueValidation.AnyOf, intOrStringAnyOf) {
-			skipAnyOf = true
-		} else if len(s.ValueValidation.AllOf) >= 1 && len(s.ValueValidation.AllOf[0].AnyOf) == 2 && reflect.DeepEqual(s.ValueValidation.AllOf[0].AnyOf, intOrStringAnyOf) {
-			skipFirstAllOfAnyOf = true
-		}
-	}
+	skipAnyOf := isIntOrStringAnyOfPattern(s)
+	skipFirstAllOfAnyOf := isIntOrStringAllOfPattern(s)
 
 	allErrs = append(allErrs, validateValueValidation(s.ValueValidation, skipAnyOf, skipFirstAllOfAnyOf, lvl, fldPath)...)
 
@@ -157,6 +150,20 @@ func validateStructuralInvariants(s *Structural, lvl level, fldPath *field.Path)
 	return allErrs
 }
 
+func isIntOrStringAnyOfPattern(s *Structural) bool {
+	if s == nil || s.ValueValidation == nil {
+		return false
+	}
+	return len(s.ValueValidation.AnyOf) == 2 && reflect.DeepEqual(s.ValueValidation.AnyOf, intOrStringAnyOf)
+}
+
+func isIntOrStringAllOfPattern(s *Structural) bool {
+	if s == nil || s.ValueValidation == nil {
+		return false
+	}
+	return len(s.ValueValidation.AllOf) >= 1 && len(s.ValueValidation.AllOf[0].AnyOf) == 2 && reflect.DeepEqual(s.ValueValidation.AllOf[0].AnyOf, intOrStringAnyOf)
+}
+
 // validateGeneric checks the generic fields of a structural schema.
 func validateGeneric(g *Generic, lvl level, fldPath *field.Path) field.ErrorList {
 	if g == nil {

staging/src/k8s.io/apiextensions-apiserver/pkg/controller/openapi/BUILD

@@ -14,7 +14,7 @@ go_library(
     deps = [
         "//staging/src/k8s.io/api/autoscaling/v1:go_default_library",
         "//staging/src/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions:go_default_library",
-        "//staging/src/k8s.io/apiextensions-apiserver/pkg/apiserver/validation:go_default_library",
+        "//staging/src/k8s.io/apiextensions-apiserver/pkg/apiserver/schema:go_default_library",
         "//staging/src/k8s.io/apiextensions-apiserver/pkg/client/informers/internalversion/apiextensions/internalversion:go_default_library",
         "//staging/src/k8s.io/apiextensions-apiserver/pkg/client/listers/apiextensions/internalversion:go_default_library",
         "//staging/src/k8s.io/apiextensions-apiserver/pkg/generated/openapi:go_default_library",
@@ -49,10 +49,12 @@ go_test(
     deps = [
         "//staging/src/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions:go_default_library",
         "//staging/src/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1:go_default_library",
+        "//staging/src/k8s.io/apiextensions-apiserver/pkg/apiserver/schema:go_default_library",
         "//staging/src/k8s.io/apimachinery/pkg/util/diff:go_default_library",
         "//staging/src/k8s.io/apimachinery/pkg/util/json:go_default_library",
         "//staging/src/k8s.io/apimachinery/pkg/util/sets:go_default_library",
         "//vendor/github.com/go-openapi/spec:go_default_library",
+        "//vendor/github.com/google/go-cmp/cmp:go_default_library",
         "//vendor/github.com/google/gofuzz:go_default_library",
         "//vendor/github.com/googleapis/gnostic/OpenAPIv2:go_default_library",
         "//vendor/github.com/googleapis/gnostic/compiler:go_default_library",

staging/src/k8s.io/apiextensions-apiserver/pkg/controller/openapi/builder.go

@@ -26,6 +26,7 @@ import (
 	"github.com/go-openapi/spec"
 
 	v1 "k8s.io/api/autoscaling/v1"
+	structuralschema "k8s.io/apiextensions-apiserver/pkg/apiserver/schema"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	metav1beta1 "k8s.io/apimachinery/pkg/apis/meta/v1beta1"
 	"k8s.io/apimachinery/pkg/runtime"
@@ -58,22 +59,24 @@ var namer *openapi.DefinitionNamer
 
 // BuildSwagger builds swagger for the given crd in the given version
 func BuildSwagger(crd *apiextensions.CustomResourceDefinition, version string) (*spec.Swagger, error) {
-	var schema *spec.Schema
+	var schema *structuralschema.Structural
 	s, err := apiextensions.GetSchemaForVersion(crd, version)
 	if err != nil {
 		return nil, err
 	}
 	if s != nil && s.OpenAPIV3Schema != nil {
-		schema, err = ConvertJSONSchemaPropsToOpenAPIv2Schema(s.OpenAPIV3Schema)
-		if err != nil {
-			return nil, err
+		ss, err := structuralschema.NewStructural(s.OpenAPIV3Schema)
+		if err == nil && len(structuralschema.ValidateStructural(ss, nil)) == 0 {
+			// skip non-structural schemas
+			schema = ss.Unfold()
 		}
 	}
+
 	// TODO(roycaihw): remove the WebService templating below. The following logic
 	// comes from function registerResourceHandlers() in k8s.io/apiserver.
 	// Alternatives are either (ideally) refactoring registerResourceHandlers() to
 	// reuse the code, or faking an APIInstaller for CR to feed to registerResourceHandlers().
-	b := newBuilder(crd, version, schema)
+	b := newBuilder(crd, version, schema, true)
 
 	// Sample response types for building web service
 	sample := &CRDCanonicalTypeNamer{
@@ -288,31 +291,35 @@ func (b *builder) buildRoute(root, path, action, verb string, sample interface{}
 
 // buildKubeNative builds input schema with Kubernetes' native object meta, type meta and
 // extensions
-func (b *builder) buildKubeNative(schema *spec.Schema) *spec.Schema {
+func (b *builder) buildKubeNative(schema *structuralschema.Structural, v2 bool) (ret *spec.Schema) {
 	// only add properties if we have a schema. Otherwise, kubectl would (wrongly) assume additionalProperties=false
 	// and forbid anything outside of apiVersion, kind and metadata. We have to fix kubectl to stop doing this, e.g. by
 	// adding additionalProperties=true support to explicitly allow additional fields.
 	// TODO: fix kubectl to understand additionalProperties=true
 	if schema == nil {
-		schema = &spec.Schema{
+		ret = &spec.Schema{
 			SchemaProps: spec.SchemaProps{Type: []string{"object"}},
 		}
 		// no, we cannot add more properties here, not even TypeMeta/ObjectMeta because kubectl will complain about
 		// unknown fields for anything else.
 	} else {
-		schema.SetProperty("metadata", *spec.RefSchema(objectMetaSchemaRef).
+		if v2 {
+			schema = ToStructuralOpenAPIV2(schema)
+		}
+		ret = schema.ToGoOpenAPI()
+		ret.SetProperty("metadata", *spec.RefSchema(objectMetaSchemaRef).
 			WithDescription(swaggerPartialObjectMetadataDescriptions["metadata"]))
-		addTypeMetaProperties(schema)
+		addTypeMetaProperties(ret)
 	}
-	schema.AddExtension(endpoints.ROUTE_META_GVK, []interface{}{
+	ret.AddExtension(endpoints.ROUTE_META_GVK, []interface{}{
 		map[string]interface{}{
 			"group":   b.group,
 			"version": b.version,
 			"kind":    b.kind,
 		},
 	})
 
-	return schema
+	return ret
 }
 
 // getDefinition gets definition for given Kubernetes type. This function is extracted from
@@ -391,7 +398,7 @@ func (b *builder) getOpenAPIConfig() *common.Config {
 	}
 }
 
-func newBuilder(crd *apiextensions.CustomResourceDefinition, version string, schema *spec.Schema) *builder {
+func newBuilder(crd *apiextensions.CustomResourceDefinition, version string, schema *structuralschema.Structural, v2 bool) *builder {
 	b := &builder{
 		schema: &spec.Schema{
 			SchemaProps: spec.SchemaProps{Type: []string{"object"}},
@@ -410,7 +417,7 @@ func newBuilder(crd *apiextensions.CustomResourceDefinition, version string, sch
 	}
 
 	// Pre-build schema with Kubernetes native properties
-	b.schema = b.buildKubeNative(schema)
+	b.schema = b.buildKubeNative(schema, v2)
 	b.listSchema = b.buildListSchema()
 
 	return b