Update jsonschema library to v6 (#324)

Author: yannh

Dockerfile.bats

@@ -1,5 +1,5 @@
 FROM bats/bats:1.11.0
 RUN apk --no-cache add ca-certificates parallel libxml2-utils
-COPY dist/kubeconform_linux_amd64_v1/kubeconform /code/bin/
+COPY bin/kubeconform /code/bin/
 COPY acceptance.bats acceptance-nonetwork.bats /code/
 COPY fixtures /code/fixtures

acceptance.bats

@@ -299,14 +299,14 @@ resetCacheFolder() {
 @test "Fail when parsing a List that contains an invalid resource" {
   run bin/kubeconform -summary fixtures/list_invalid.yaml
   [ "$status" -eq 1 ]
-  [ "${lines[0]}" == 'fixtures/list_invalid.yaml - ReplicationController bob is invalid: problem validating schema. Check JSON formatting: jsonschema: '\''/spec/replicas'\'' does not validate with https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/master-standalone/replicationcontroller-v1.json#/properties/spec/properties/replicas/type: expected integer or null, but got string' ]
+  [ "${lines[0]}" == 'fixtures/list_invalid.yaml - ReplicationController bob is invalid: problem validating schema. Check JSON formatting: jsonschema validation failed with '\''https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/master-standalone/replicationcontroller-v1.json#'\'' - at '\''/spec/replicas'\'': got string, want null or integer' ]
   [ "${lines[1]}" == 'Summary: 2 resources found in 1 file - Valid: 1, Invalid: 1, Errors: 0, Skipped: 0' ]
 }
 
 @test "Fail when parsing a List that contains an invalid resource from stdin" {
   run bash -c "cat fixtures/list_invalid.yaml | bin/kubeconform -summary -"
   [ "$status" -eq 1 ]
-  [ "${lines[0]}" == 'stdin - ReplicationController bob is invalid: problem validating schema. Check JSON formatting: jsonschema: '\''/spec/replicas'\'' does not validate with https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/master-standalone/replicationcontroller-v1.json#/properties/spec/properties/replicas/type: expected integer or null, but got string' ]
+  [ "${lines[0]}" == 'stdin - ReplicationController bob is invalid: problem validating schema. Check JSON formatting: jsonschema validation failed with '\''https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/master-standalone/replicationcontroller-v1.json#'\'' - at '\''/spec/replicas'\'': got string, want null or integer' ]
   [ "${lines[1]}" == 'Summary: 2 resources found parsing stdin - Valid: 1, Invalid: 1, Errors: 0, Skipped: 0' ]
 }
 

fixtures/cache/6dd0c06492c957fe2118a16dae1c5b9e76be072b527a9a45fd1044bd54237334

@@ -4,7 +4,8 @@ go 1.24
 
 require (
 	github.com/hashicorp/go-retryablehttp v0.7.7
-	github.com/santhosh-tekuri/jsonschema/v5 v5.3.1
+	github.com/santhosh-tekuri/jsonschema/v6 v6.0.1
+	golang.org/x/text v0.25.0
 	sigs.k8s.io/yaml v1.4.0
 )
 

go.mod

@@ -1,3 +1,5 @@
+github.com/dlclark/regexp2 v1.11.0 h1:G/nrcoOa7ZXlpoa/91N3X7mM3r8eIlMBBJZvsz/mxKI=
+github.com/dlclark/regexp2 v1.11.0/go.mod h1:DHkYz0B9wPfa6wondMfaivmHpzrQ3v9q8cnmRbL6yW8=
 github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM=
 github.com/fatih/color v1.16.0/go.mod h1:fL2Sau1YI5c0pdGEVCbKQbLXB6edEj1ZgiY4NijnWvE=
 github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
@@ -12,10 +14,12 @@ github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxec
 github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
 github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
 github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
-github.com/santhosh-tekuri/jsonschema/v5 v5.3.1 h1:lZUw3E0/J3roVtGQ+SCrUrg3ON6NgVqpn3+iol9aGu4=
-github.com/santhosh-tekuri/jsonschema/v5 v5.3.1/go.mod h1:uToXkOrWAZ6/Oc07xWQrPOhJotwFIyu2bBVN41fcDUY=
+github.com/santhosh-tekuri/jsonschema/v6 v6.0.1 h1:PKK9DyHxif4LZo+uQSgXNqs0jj5+xZwwfKHgph2lxBw=
+github.com/santhosh-tekuri/jsonschema/v6 v6.0.1/go.mod h1:JXeL+ps8p7/KNMjDQk3TCwPpBy0wYklyWTfbkIzdIFU=
 golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y=
 golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/text v0.25.0 h1:qVyWApTSYLk/drJRO5mDlNYskwQznZmkpV2c8q9zls4=
+golang.org/x/text v0.25.0/go.mod h1:WEdwpYrmk1qmdHvhkSTNPm3app7v4rsT8F2UD6+VHIA=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E=

go.sum

@@ -1,6 +1,6 @@
 package cache
 
 type Cache interface {
-	Get(resourceKind, resourceAPIVersion, k8sVersion string) (interface{}, error)
-	Set(resourceKind, resourceAPIVersion, k8sVersion string, schema interface{}) error
+	Get(key string) (any, error)
+	Set(key string, schema any) error
 }

pkg/cache/cache.go

@@ -10,26 +10,21 @@ import (
 //   - This cache caches the parsed Schemas
 type inMemory struct {
 	sync.RWMutex
-	schemas map[string]interface{}
+	schemas map[string]any
 }
 
 // New creates a new cache for downloaded schemas
 func NewInMemoryCache() Cache {
 	return &inMemory{
-		schemas: map[string]interface{}{},
+		schemas: make(map[string]any),
 	}
 }
 
-func key(resourceKind, resourceAPIVersion, k8sVersion string) string {
-	return fmt.Sprintf("%s-%s-%s", resourceKind, resourceAPIVersion, k8sVersion)
-}
-
 // Get retrieves the JSON schema given a resource signature
-func (c *inMemory) Get(resourceKind, resourceAPIVersion, k8sVersion string) (interface{}, error) {
-	k := key(resourceKind, resourceAPIVersion, k8sVersion)
+func (c *inMemory) Get(key string) (any, error) {
 	c.RLock()
 	defer c.RUnlock()
-	schema, ok := c.schemas[k]
+	schema, ok := c.schemas[key]
 
 	if !ok {
 		return nil, fmt.Errorf("schema not found in in-memory cache")
@@ -39,11 +34,10 @@ func (c *inMemory) Get(resourceKind, resourceAPIVersion, k8sVersion string) (int
 }
 
 // Set adds a JSON schema to the schema cache
-func (c *inMemory) Set(resourceKind, resourceAPIVersion, k8sVersion string, schema interface{}) error {
-	k := key(resourceKind, resourceAPIVersion, k8sVersion)
+func (c *inMemory) Set(key string, schema any) error {
 	c.Lock()
 	defer c.Unlock()
-	c.schemas[k] = schema
+	c.schemas[key] = schema
 
 	return nil
 }

pkg/cache/inmemory.go

@@ -3,7 +3,6 @@ package cache
 import (
 	"crypto/sha256"
 	"encoding/hex"
-	"fmt"
 	"io"
 	"os"
 	"path"
@@ -22,17 +21,17 @@ func NewOnDiskCache(cache string) Cache {
 	}
 }
 
-func cachePath(folder, resourceKind, resourceAPIVersion, k8sVersion string) string {
-	hash := sha256.Sum256([]byte(fmt.Sprintf("%s-%s-%s", resourceKind, resourceAPIVersion, k8sVersion)))
+func cachePath(folder, key string) string {
+	hash := sha256.Sum256([]byte(key))
 	return path.Join(folder, hex.EncodeToString(hash[:]))
 }
 
 // Get retrieves the JSON schema given a resource signature
-func (c *onDisk) Get(resourceKind, resourceAPIVersion, k8sVersion string) (interface{}, error) {
+func (c *onDisk) Get(key string) (any, error) {
 	c.RLock()
 	defer c.RUnlock()
 
-	f, err := os.Open(cachePath(c.folder, resourceKind, resourceAPIVersion, k8sVersion))
+	f, err := os.Open(cachePath(c.folder, key))
 	if err != nil {
 		return nil, err
 	}
@@ -42,8 +41,12 @@ func (c *onDisk) Get(resourceKind, resourceAPIVersion, k8sVersion string) (inter
 }
 
 // Set adds a JSON schema to the schema cache
-func (c *onDisk) Set(resourceKind, resourceAPIVersion, k8sVersion string, schema interface{}) error {
+func (c *onDisk) Set(key string, schema any) error {
 	c.Lock()
 	defer c.Unlock()
-	return os.WriteFile(cachePath(c.folder, resourceKind, resourceAPIVersion, k8sVersion), schema.([]byte), 0644)
+
+	if _, err := os.Stat(cachePath(c.folder, key)); os.IsNotExist(err) {
+		return os.WriteFile(cachePath(c.folder, key), schema.([]byte), 0644)
+	}
+	return nil
 }

pkg/cache/ondisk.go

@@ -0,0 +1,78 @@
+package loader
+
+import (
+	"bytes"
+	"errors"
+	"fmt"
+	"github.com/santhosh-tekuri/jsonschema/v6"
+	"github.com/yannh/kubeconform/pkg/cache"
+	"io"
+	gourl "net/url"
+	"os"
+	"path/filepath"
+	"runtime"
+	"strings"
+)
+
+// FileLoader loads json file url.
+type FileLoader struct {
+	cache cache.Cache
+}
+
+func (l FileLoader) Load(url string) (any, error) {
+	path, err := l.ToFile(url)
+	if err != nil {
+		return nil, err
+	}
+	if l.cache != nil {
+		if cached, err := l.cache.Get(path); err == nil {
+			return jsonschema.UnmarshalJSON(bytes.NewReader(cached.([]byte)))
+		}
+	}
+
+	f, err := os.Open(path)
+	if err != nil {
+		if os.IsNotExist(err) {
+			msg := fmt.Sprintf("could not open file %s", path)
+			return nil, NewNotFoundError(errors.New(msg))
+		}
+		return nil, err
+	}
+	defer f.Close()
+
+	content, err := io.ReadAll(f)
+	if err != nil {
+		return nil, err
+	}
+
+	if l.cache != nil {
+		if err = l.cache.Set(path, content); err != nil {
+			return nil, fmt.Errorf("failed to write cache to disk: %s", err)
+		}
+	}
+
+	return jsonschema.UnmarshalJSON(bytes.NewReader(content))
+}
+
+// ToFile is helper method to convert file url to file path.
+func (l FileLoader) ToFile(url string) (string, error) {
+	u, err := gourl.Parse(url)
+	if err != nil {
+		return "", err
+	}
+	if u.Scheme != "file" {
+		return url, nil
+	}
+	path := u.Path
+	if runtime.GOOS == "windows" {
+		path = strings.TrimPrefix(path, "/")
+		path = filepath.FromSlash(path)
+	}
+	return path, nil
+}
+
+func NewFileLoader(cache cache.Cache) *FileLoader {
+	return &FileLoader{
+		cache: cache,
+	}
+}

pkg/loader/file.go

@@ -0,0 +1,85 @@
+package loader
+
+import (
+	"bytes"
+	"crypto/tls"
+	"errors"
+	"fmt"
+	"github.com/hashicorp/go-retryablehttp"
+	"github.com/santhosh-tekuri/jsonschema/v6"
+	"github.com/yannh/kubeconform/pkg/cache"
+	"io"
+	"net/http"
+	"time"
+)
+
+type HTTPURLLoader struct {
+	client http.Client
+	cache  cache.Cache
+}
+
+func (l *HTTPURLLoader) Load(url string) (any, error) {
+	if l.cache != nil {
+		if cached, err := l.cache.Get(url); err == nil {
+			return jsonschema.UnmarshalJSON(bytes.NewReader(cached.([]byte)))
+		}
+	}
+
+	resp, err := l.client.Get(url)
+	if err != nil {
+		msg := fmt.Sprintf("failed downloading schema at %s: %s", url, err)
+		return nil, errors.New(msg)
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode == http.StatusNotFound {
+		msg := fmt.Sprintf("could not find schema at %s", url)
+		return nil, NewNotFoundError(errors.New(msg))
+	}
+
+	if resp.StatusCode != http.StatusOK {
+		msg := fmt.Sprintf("error while downloading schema at %s - received HTTP status %d", url, resp.StatusCode)
+		return nil, fmt.Errorf("%s", msg)
+	}
+
+	body, err := io.ReadAll(resp.Body)
+	if err != nil {
+		msg := fmt.Sprintf("failed parsing schema from %s: %s", url, err)
+		return nil, errors.New(msg)
+	}
+
+	if l.cache != nil {
+		if err = l.cache.Set(url, body); err != nil {
+			return nil, fmt.Errorf("failed to write cache to disk: %s", err)
+		}
+	}
+
+	s, err := jsonschema.UnmarshalJSON(bytes.NewReader(body))
+	if err != nil {
+		return nil, err
+	}
+
+	return s, nil
+}
+
+func NewHTTPURLLoader(skipTLS bool, cache cache.Cache) (*HTTPURLLoader, error) {
+	transport := &http.Transport{
+		MaxIdleConns:       100,
+		IdleConnTimeout:    3 * time.Second,
+		DisableCompression: true,
+		Proxy:              http.ProxyFromEnvironment,
+	}
+
+	if skipTLS {
+		transport.TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
+	}
+
+	// retriable http client
+	retryClient := retryablehttp.NewClient()
+	retryClient.RetryMax = 2
+	retryClient.HTTPClient = &http.Client{Transport: transport}
+	retryClient.Logger = nil
+
+	httpLoader := HTTPURLLoader{client: *retryClient.StandardClient(), cache: cache}
+	return &httpLoader, nil
+}