Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Kubectl-validate Bug: Overwritten Keys with Invalid Suffix Not Detected #137

Open
Yashi5108 opened this issue Aug 7, 2024 · 1 comment
Open

Kubectl-validate Bug: Overwritten Keys with Invalid Suffix Not Detected #137

Yashi5108 opened this issue Aug 7, 2024 · 1 comment
Labels
kind/bug Categorizes issue or PR as related to a bug.

Comments

@Yashi5108
Copy link

Yashi5108 commented Aug 7, 2024
edited
Loading

What happened?

When using kubectl-validate to validate a ChaosEngine YAML manifest, the tool did not flag keys that were overwritten with an invalid suffix (1111). Despite the keys clearly being incorrect and not matching the expected schema, kubectl-validate did not raise any errors or warnings.

What did you expect to happen?

I expected kubectl-validate to detect and flag the overwritten keys with the invalid suffix (1111) as errors. The tool should have identified that these keys do not conform to the expected schema for a ChaosEngine resource and provided appropriate validation errors.

How can we reproduce it (as minimally and precisely as possible)?

Create a ChaosEngine YAML manifest with keys overwritten with an invalid suffix (1111). Below is an example manifest:

apiVersion: litmuschaos.io/v1alpha1
kind: ChaosEngine
metadata:
name: v1alpha1
namespace: default
spec:
annotationCheck1111: 'true'
appinfo1111:
appkind: deployment
applabel: app=nginx
appns: default
auxiliaryAppInfo1111: ''
chaosServiceAccount1111: container-kill-sa
components1111:
runner:
image1111: litmuschaos/chaos-runner:latest
imagePullPolicy1111: IfNotPresent
imagePullSecrets:
- name1111: testing
engineState1111: active
experiments1111:

  • name: container-kill
    spec:
    components:
    experimentImagePullSecrets1111:
    - name1111: testing
    jobCleanUpPolicy1111: delete
    monitoring1111: false

Run the kubectl-validate command against this manifest.

Observe that kubectl-validate does not raise any errors or warnings for the invalid keys.

Anything else we need to know?

The issue seems to be related to the schema validation process within kubectl-validate. It appears that the tool is not correctly identifying keys that do not conform to the expected schema when they are suffixed with invalid characters or numbers.
I am validating it chaosengines.litmuschaos.io crd.

Kubernetes version

kubectl version --client
Client Version: v1.30.2
Kustomize Version: v5.0.4-0.20230601165947-6ce0bf390ce3

kubectl version
Client Version: v1.30.2
Kustomize Version: v5.0.4-0.20230601165947-6ce0bf390ce3

Tasks
Preview Give feedback
No tasks being tracked yet.
@Yashi5108 Yashi5108 added the kind/bug Categorizes issue or PR as related to a bug. label Aug 7, 2024
@crandles
Copy link

crandles commented Oct 9, 2024
edited
Loading

I believe what's missing here is enabling "Strict" mode for the serializer

https://pkg.go.dev/k8s.io/[email protected]/pkg/runtime#SerializerInfo

// StrictSerializer, if set, deserializes this object strictly,
// erring on unknown fields.
StrictSerializer Serializer

This seems like something I'd also expect to be enabled by default.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug Categorizes issue or PR as related to a bug.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@crandles @Yashi5108