Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

YAML Parser tests accept arbitrary fields #5318

Closed
lbernick opened this issue Aug 12, 2022 · 12 comments
Closed

YAML Parser tests accept arbitrary fields #5318

lbernick opened this issue Aug 12, 2022 · 12 comments
Labels
kind/bug Categorizes issue or PR as related to a bug. lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed.

Comments

@lbernick
Copy link
Member

Expected Behavior

Test inputs representing TaskRuns, PipelineRuns, etc, should not contain fields that aren't part of the spec of those objects.

Actual Behavior

The following test passes:

func TestParseTaskRun(t *testing.T) {
	MustParseTaskRun(t,
		`
spec:
  taskRef:
    name: mytask
  foo: bar
`)
}

We use the yaml parser extensively in pipelinerun_test.go and taskrun_test.go
@lbernick lbernick added the kind/bug Categorizes issue or PR as related to a bug. label Aug 12, 2022
@lbernick lbernick mentioned this issue Aug 12, 2022
Merged
7 tasks
@06kellyjac
Copy link
Contributor

Tekton Pipelines resources have no schema so they just accept arbitrary data happily

$ kubectl get crd taskruns.tekton.dev -o json | jq '.spec.versions[].schema'
{
  "openAPIV3Schema": {
    "type": "object",
    "x-kubernetes-preserve-unknown-fields": true
  }
}

If you make a task with random nonsense it'd successfully be created but then every time you make a pod it will be rejected for the invalid nonsense field

@jerop
Copy link
Member

jerop commented Aug 12, 2022

related discussion in #297

there's a downside that @jonjohnsonjr pointed out:

If you don't allow unknown fields and you ever plan to add a new field, your users won't be able to downgrade build-pipeline, because the new field will be unrecognized by the old build-pipeline.

this was before I joined tekton, but I believe build-pipeline that's mentioned there was the old name for tekton

@dibyom
Copy link
Member

dibyom commented Aug 12, 2022
edited
Loading

If you make a task with random nonsense it'd successfully be created but then every time you make a pod it will be rejected for the invalid nonsense field

I don't know if this is true - we have a validation webhook that should fail this validation
edit: this is what I am talking about https://github.com/tektoncd/pipeline/blob/main/cmd/webhook/main.go#L105-L106

though I think that's a different issue from our test yaml parser allowing arbitrary fields

@06kellyjac
Copy link
Contributor

Tekton already has upgrade schema migrations, is it not possible to have downgrade schema migrations?

Also if there is a breaking difference across schemas I dont think it should be as easy as change the version and apply it because they're different.
You could apply something that doesnt work at all and then youve gone and broken all the pods it churns out.

And if its at the cost of not getting any validation feedback for mistakes thats pretty painful

@tekton-robot
Copy link
Collaborator

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale with a justification.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close with a justification.
If this issue should be exempted, mark the issue as frozen with /lifecycle frozen with a justification.

/lifecycle stale

Send feedback to tektoncd/plumbing.

@tekton-robot tekton-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Nov 10, 2022
@tekton-robot
Copy link
Collaborator

Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten with a justification.
Rotten issues close after an additional 30d of inactivity.
If this issue is safe to close now please do so with /close with a justification.
If this issue should be exempted, mark the issue as frozen with /lifecycle frozen with a justification.

/lifecycle rotten

Send feedback to tektoncd/plumbing.

@tekton-robot tekton-robot added lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. and removed lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. labels Dec 10, 2022
@afrittoli
Copy link
Member

@lbernick is it ok to close this issue now?

@lbernick
Copy link
Member Author

Thanks for checking @afrittoli, I think my main concern is that it's possible to define invalid yaml in reconciler tests without being alerted by a test failure. We don't have to change the allow-unknown-fields in our CRD schemas since we have the validation webhook (that's probably a separate discussion, and better tracked by #1461) but I think this issue has value in ensuring our tests aren't providing false positive signals.

/remove-lifecycle rotten

@tekton-robot tekton-robot removed the lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. label Dec 19, 2022
@tekton-robot
Copy link
Collaborator

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale with a justification.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close with a justification.
If this issue should be exempted, mark the issue as frozen with /lifecycle frozen with a justification.

/lifecycle stale

Send feedback to tektoncd/plumbing.

@tekton-robot tekton-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Mar 19, 2023
@tekton-robot
Copy link
Collaborator

Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten with a justification.
Rotten issues close after an additional 30d of inactivity.
If this issue is safe to close now please do so with /close with a justification.
If this issue should be exempted, mark the issue as frozen with /lifecycle frozen with a justification.

/lifecycle rotten

Send feedback to tektoncd/plumbing.

@tekton-robot tekton-robot added lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. and removed lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. labels Apr 18, 2023
@tekton-robot
Copy link
Collaborator

Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen with a justification.
Mark the issue as fresh with /remove-lifecycle rotten with a justification.
If this issue should be exempted, mark the issue as frozen with /lifecycle frozen with a justification.

/close

Send feedback to tektoncd/plumbing.

@tekton-robot
Copy link
Collaborator

@tekton-robot: Closing this issue.

In response to this:

Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen with a justification.
Mark the issue as fresh with /remove-lifecycle rotten with a justification.
If this issue should be exempted, mark the issue as frozen with /lifecycle frozen with a justification.

/close

Send feedback to tektoncd/plumbing.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug Categorizes issue or PR as related to a bug. lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed.
Projects
Tekton Community Roadmap
Status: Done
Milestone
No milestone
Development

No branches or pull requests
6 participants
@afrittoli @dibyom @06kellyjac @jerop @lbernick @tekton-robot