-
Notifications
You must be signed in to change notification settings - Fork 617
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Validate generated user-data yaml with jsonschema #2267
Conversation
cba16c4
to
dbebe9e
Compare
As an example there is a warning in place for ca-certs, something that affected lima earlier (326bbaa) "cc_ca_certs": {
"type": "object",
"properties": {
"ca_certs": {
"$ref": "#/$defs/ca_certs.properties"
},
"ca-certs": {
"allOf": [
{
"$ref": "#/$defs/ca_certs.properties"
},
{
"deprecated": true,
"deprecated_version": "22.3",
"deprecated_description": "Use ``ca_certs`` instead."
}
]
}
}
}, But no such deprecation for ssh-authorized-keys. |
dbebe9e
to
77b84c3
Compare
The cidata tests are supposed to be failing, until the schema is valid (i.e. But it would be a good idea to get the lima-init fix merged first, and check all other cloud-init |
77b84c3
to
139f69a
Compare
I don't think validation should fail for using deprecated expressions. We cannot assume that all supported distros will have updated to a new This is kind of the point of deprecation instead of outright removal. |
It is not deprecated in the jsonschema, it is outright missing (and failing) That is probably a bug in the schema, since implementation supports it* For instance ca-certs is deprecated, then again deprecation is "annotation" * for decades, while schema is years |
Signed-off-by: Anders F Björklund <[email protected]>
Signed-off-by: Anders F Björklund <[email protected]>
Signed-off-by: Anders F Björklund <[email protected]>
139f69a
to
b860d26
Compare
I added cloud-init jsonschema "latest" documentation version 24.1.3 Then I added my cloud-init patch as well: canonical/cloud-init#5162 --- a/cloudinit/config/schemas/schema-cloud-config-v1.json
+++ b/cloudinit/config/schemas/schema-cloud-config-v1.json
@@ -361,6 +361,22 @@
},
"minItems": 1
},
+ "ssh-authorized-keys": {
+ "allOf": [
+ {
+ "type": "array",
+ "items": {
+ "type": "string"
+ },
+ "minItems": 1
+ },
+ {
+ "deprecated": true,
+ "deprecated_version": "18.3",
+ "deprecated_description": "Use ``ssh_authorized_keys`` instead."
+ }
+ ]
+ },
"ssh_import_id": {
"description": "List of ssh ids to import for user. Can not be combined with ``ssh_redirect_user``. See the man page[1] for more details. [1] https://manpages.ubuntu.com/manpages/noble/en/man1
/ssh-import-id.1.html",
"type": "array",
Note: the latest version on github is 24.1.4 Note: the jsonschema on index ff61dcaa6..a71cec996 100644
--- a/cloudinit/config/schemas/schema-cloud-config-v1.json
+++ b/cloudinit/config/schemas/schema-cloud-config-v1.json
@@ -835,6 +835,13 @@
"vault_password_file": {
"type": "string"
},
+ "verify_commit": {
+ "type": "boolean",
+ "default": false
+ },
+ "inventory": {
+ "type": "string"
+ },
"module_name": {
"type": "string"
}, |
Signed-off-by: Anders F Björklund <[email protected]>
The patch for deprecating |
Signed-off-by: Anders F Björklund <[email protected]>
a49331c
to
48f6a4a
Compare
Signed-off-by: Anders F Björklund <[email protected]>
Now when cloud-config.yaml is available in the instance directory, we can use I think eventually it will be left to the user, to run their favorite schema validation tool with their favorite URL:
|
It is possible to use the go version through cli, so we don't need to included it with lima...
And then it (
|
Currently there are 3 validation errors being reported:
jsonschema: '/ca_certs/remove_defaults' does not validate with https://raw.githubusercontent.com/canonical/cloud-init/main/cloudinit/config/schemas/schema-cloud-config-v1.json#/allOf/8/$ref/properties/ca_certs/$ref/properties/remove_defaults/type: expected boolean, but got string
jsonschema: '/ca_certs/trusted' does not validate with https://raw.githubusercontent.com/canonical/cloud-init/main/cloudinit/config/schemas/schema-cloud-config-v1.json#/allOf/8/$ref/properties/ca_certs/$ref/properties/trusted/type: expected array, but got null
jsonschema: '/users/0' does not validate with https://raw.githubusercontent.com/canonical/cloud-init/main/cloudinit/config/schemas/schema-cloud-config-v1.json#/allOf/49/$ref/properties/users/items/oneOf/0/type: expected string, but got object
And 1 deprecation warning, not yet being shown here.
https://github.com/canonical/cloud-init/blob/main/cloudinit/config/schemas/schema-cloud-config-v1.json
Issue:
user-data
is failing cloud-config schema validation #2265The first two are fixed by
But "ssh-authorized-keys" is a problem.
https://git.launchpad.net/cloud-init/commit/?id=b27f713a