Validate generated user-data yaml with jsonschema

afbjorklund · afbjorklund · commit 3184d67b5d08 · 2024-04-09T16:38:12.000+02:00
Signed-off-by: Anders F Björklund &lt;anders.f.bjorklund@gmail.com&gt;
diff --git a/go.mod b/go.mod
@@ -34,6 +34,7 @@ require (
 	github.com/opencontainers/go-digest v1.0.0
 	github.com/pbnjay/memory v0.0.0-20210728143218-7b4eea64cf58
 	github.com/rjeczalik/notify v0.9.3
+	github.com/santhosh-tekuri/jsonschema/v5 v5.3.1
 	github.com/sethvargo/go-password v0.2.0
 	github.com/sirupsen/logrus v1.9.3
 	github.com/spf13/cobra v1.8.0
diff --git a/go.sum b/go.sum
@@ -239,6 +239,8 @@ github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjR
 github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog=
 github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
+github.com/santhosh-tekuri/jsonschema/v5 v5.3.1 h1:lZUw3E0/J3roVtGQ+SCrUrg3ON6NgVqpn3+iol9aGu4=
+github.com/santhosh-tekuri/jsonschema/v5 v5.3.1/go.mod h1:uToXkOrWAZ6/Oc07xWQrPOhJotwFIyu2bBVN41fcDUY=
 github.com/sethvargo/go-password v0.2.0 h1:BTDl4CC/gjf/axHMaDQtw507ogrXLci6XRiLc7i/UHI=
 github.com/sethvargo/go-password v0.2.0/go.mod h1:Ym4Mr9JXLBycr02MFuVQ/0JHidNetSgbzutTr3zsYXE=
 github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
diff --git a/pkg/cidata/schema.go b/pkg/cidata/schema.go
@@ -0,0 +1,36 @@
+package cidata
+
+import (
+	_ "embed"
+	"strings"
+
+	"github.com/santhosh-tekuri/jsonschema/v5"
+	"gopkg.in/yaml.v3"
+)
+
+// schemaURL is the identifier, not the context
+const schemaURL = "https://raw.githubusercontent.com/canonical/cloud-init/main/cloudinit/config/schemas/schema-cloud-config-v1.json"
+
+//go:embed schemas/schema-cloud-config-v1.json
+var schemaText string
+
+func validateCloudConfig(userData []byte) error {
+	var m interface{}
+	err := yaml.Unmarshal(userData, &m)
+	if err != nil {
+		return err
+	}
+	compiler := jsonschema.NewCompiler()
+	compiler.ExtractAnnotations = true
+	if err := compiler.AddResource(schemaURL, strings.NewReader(schemaText)); err != nil {
+		return err
+	}
+	schema, err := compiler.Compile(schemaURL)
+	if err != nil {
+		return err
+	}
+	if err := schema.Validate(m); err != nil {
+		return err
+	}
+	return err
+}
diff --git a/pkg/cidata/schema_test.go b/pkg/cidata/schema_test.go
@@ -0,0 +1,16 @@
+package cidata
+
+import (
+	"testing"
+
+	"gotest.tools/v3/assert"
+)
+
+func TestValidate(t *testing.T) {
+	config := `#cloud-config
+users:
+   - default
+`
+	err := validateCloudConfig([]byte(config))
+	assert.NilError(t, err)
+}
diff --git a/pkg/cidata/schemas/LICENSE b/pkg/cidata/schemas/LICENSE
@@ -0,0 +1,13 @@
+Copyright 2015 Canonical Ltd.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
diff --git a/pkg/cidata/schemas/Makefile b/pkg/cidata/schemas/Makefile
@@ -0,0 +1,7 @@
+
+CLOUD_INIT_VERSION = 24.1.3
+
+all: versions.schema.cloud-config.json schema-cloud-config-v1.json
+
+%.json:
+	curl -fsSLO https://raw.githubusercontent.com/canonical/cloud-init/$(CLOUD_INIT_VERSION)/cloudinit/config/schemas/$@
diff --git a/pkg/cidata/schemas/schema-cloud-config-v1.json b/pkg/cidata/schemas/schema-cloud-config-v1.json
diff --git a/pkg/cidata/schemas/versions.schema.cloud-config.json b/pkg/cidata/schemas/versions.schema.cloud-config.json
diff --git a/pkg/cidata/template.go b/pkg/cidata/template.go
