Validate generated user-data yaml with jsonschema #2267
Conversation
afbjorklund
force-pushed
the
cidata-schema
branch
from
cba16c4
to
dbebe9e
Compare
|
As an example there is a warning in place for ca-certs, something that affected lima earlier (326bbaa) "cc_ca_certs": {
"type": "object",
"properties": {
"ca_certs": {
"$ref": "#/$defs/ca_certs.properties"
},
"ca-certs": {
"allOf": [
{
"$ref": "#/$defs/ca_certs.properties"
},
{
"deprecated": true,
"deprecated_version": "22.3",
"deprecated_description": "Use ``ca_certs`` instead."
}
]
}
}
},But no such deprecation for ssh-authorized-keys. |
afbjorklund
force-pushed
the
cidata-schema
branch
from
dbebe9e
to
77b84c3
Compare
|
The cidata tests are supposed to be failing, until the schema is valid (i.e. But it would be a good idea to get the lima-init fix merged first, and check all other cloud-init |
afbjorklund
force-pushed
the
cidata-schema
branch
from
77b84c3
to
139f69a
Compare
I don't think validation should fail for using deprecated expressions. We cannot assume that all supported distros will have updated to a new This is kind of the point of deprecation instead of outright removal. |
It is not deprecated in the jsonschema, it is outright missing (and failing) That is probably a bug in the schema, since implementation supports it* For instance ca-certs is deprecated, then again deprecation is "annotation" * for decades, while schema is years |
Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
afbjorklund
force-pushed
the
cidata-schema
branch
from
139f69a
to
b860d26
Compare
|
I added cloud-init jsonschema "latest" documentation version 24.1.3 Then I added my cloud-init patch as well: canonical/cloud-init#5162 --- a/cloudinit/config/schemas/schema-cloud-config-v1.json
+++ b/cloudinit/config/schemas/schema-cloud-config-v1.json
@@ -361,6 +361,22 @@
},
"minItems": 1
},
+ "ssh-authorized-keys": {
+ "allOf": [
+ {
+ "type": "array",
+ "items": {
+ "type": "string"
+ },
+ "minItems": 1
+ },
+ {
+ "deprecated": true,
+ "deprecated_version": "18.3",
+ "deprecated_description": "Use ``ssh_authorized_keys`` instead."
+ }
+ ]
+ },
"ssh_import_id": {
"description": "List of ssh ids to import for user. Can not be combined with ``ssh_redirect_user``. See the man page[1] for more details. [1] https://manpages.ubuntu.com/manpages/noble/en/man1
/ssh-import-id.1.html",
"type": "array",
Note: the latest version on github is 24.1.4 Note: the jsonschema on index ff61dcaa6..a71cec996 100644
--- a/cloudinit/config/schemas/schema-cloud-config-v1.json
+++ b/cloudinit/config/schemas/schema-cloud-config-v1.json
@@ -835,6 +835,13 @@
"vault_password_file": {
"type": "string"
},
+ "verify_commit": {
+ "type": "boolean",
+ "default": false
+ },
+ "inventory": {
+ "type": "string"
+ },
"module_name": {
"type": "string"
}, |
Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
|
The patch for deprecating |
Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
afbjorklund
force-pushed
the
cidata-schema
branch
from
a49331c
to
48f6a4a
Compare
Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
|
Now when cloud-config.yaml is available in the instance directory, we can use I think eventually it will be left to the user, to run their favorite schema validation tool with their favorite URL:
|
|
It is possible to use the go version through cli, so we don't need to included it with lima... And then it ( |
Currently there are 3 validation errors being reported:
jsonschema: '/ca_certs/remove_defaults' does not validate with https://raw.githubusercontent.com/canonical/cloud-init/main/cloudinit/config/schemas/schema-cloud-config-v1.json#/allOf/8/$ref/properties/ca_certs/$ref/properties/remove_defaults/type: expected boolean, but got stringjsonschema: '/ca_certs/trusted' does not validate with https://raw.githubusercontent.com/canonical/cloud-init/main/cloudinit/config/schemas/schema-cloud-config-v1.json#/allOf/8/$ref/properties/ca_certs/$ref/properties/trusted/type: expected array, but got nulljsonschema: '/users/0' does not validate with https://raw.githubusercontent.com/canonical/cloud-init/main/cloudinit/config/schemas/schema-cloud-config-v1.json#/allOf/49/$ref/properties/users/items/oneOf/0/type: expected string, but got objectAnd 1 deprecation warning, not yet being shown here.
https://github.com/canonical/cloud-init/blob/main/cloudinit/config/schemas/schema-cloud-config-v1.json
Issue:
user-datais failing cloud-config schema validation #2265The first two are fixed by
But "ssh-authorized-keys" is a problem.
https://git.launchpad.net/cloud-init/commit/?id=b27f713a