-
Notifications
You must be signed in to change notification settings - Fork 142
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
validate: allow unset "type" fields in resource devices whitelist #491
validate: allow unset "type" fields in resource devices whitelist #491
Conversation
CI failure is caused by a build failure I cannot reproduce on my local machine. |
Build failures were fixed by #490. The check you're patching is from #374, and I think we can drop at least the |
I've commented on opencontainers/runtime-spec#690, which currently has the same bug as the one I'm fixing here. But since it might take a while to land in runtime-spec, we should fix this bug as currently our validation isn't even consistent with our own defaults (which really shouldn't have happened in the first place -- don't we test that our own default configuration is compliant?). |
+1 to unit tests for this code, runtime-tools is currently sparsely-tested. I'm fine with either this PR or dropping the local |
fc0b7d8
to
f9de4c6
Compare
Rebased, added the smoke test, and corrected another bug in our default configuration. |
validate/validate.go
Outdated
@@ -206,11 +206,6 @@ func (v *Validator) CheckRoot() (errs error) { | |||
return | |||
} | |||
|
|||
if filepath.Base(v.spec.Root.Path) != "rootfs" { | |||
errs = multierror.Append(errs, | |||
specerror.NewError(specerror.PathName, fmt.Errorf("path name should be the conventional 'rootfs'"), rspec.Version)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is a spec SHOULD, and removing it is why your Travis tests fail. I think we need to keep this check, and users that don't care about SHOULD-level violations can ignore those errors like this.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I know it's a SHOULD. But CheckAll
doesn't appear to understand that SHOULD doesn't mean MUST. The following error happens:
=== RUN TestGenerateValid
--- FAIL: TestGenerateValid (0.52s)
generate_test.go:42: unexpected error(s) validating default: 1 error occurred:
* path name should be the conventional 'rootfs'
Refer to: https://github.com/opencontainers/runtime-spec/blob/v1.0.0/config.md#root
And this means that oci-runtime-tool validate
returns a non-zero error code.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
But
CheckAll
doesn't appear to understand that SHOULD doesn't mean MUST.
CheckAll
shouldn't care; it's up to the caller to decide what is fatal or not. Using rootfs
in the default config should be enough for your TestGenerateValid
. cmd/oci-runtime-tool/validate.go
needs a --compliance-level
like runtimetest
(which may be in flight somewhere, I don't have my dev box handy to grep open PRs).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
cmd/oci-runtime-tool/validate.go
needs a--compliance-level
likeruntimetest
(which may be in flight somewhere, I don't have my dev box handy to grep open PRs).
I couldn't find this in flight, so I filed it as #492.
f9de4c6
to
4d6860d
Compare
Rebased off #492. |
validation/generate_test.go
Outdated
levelErrors, err2 := specerror.SplitLevel(err, rfc2119.Must) | ||
if err2 != nil { | ||
t.Errorf("unexpected error(s) filtering errors default: %+v", err2) | ||
t.Errorf("unexpected error(s): %+v", err) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What you call err2
will only ever be non-nil
if it exactly matches the input error
. So I think you want to drop the previous line and keep only this one to avoid redundancy. Perhaps the SplitLevel
comment can also be improved to make this more clear?
4d6860d
to
27ad856
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
One long-term concern, but I don't see anything that would hold back merging.
} | ||
|
||
// Validate the bundle. | ||
v, err := validate.NewValidatorFromPath(bundle, true, runtime.GOOS) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not excited about the asymmetry between unparmeterized generation and host-specific validation. This will cerainly die if runtime.GOOS
is not Linux. It may die even on Linux if the host system is sufficiently ancient or the stock config becomes sufficiently demanding. But I'm ok crossing those bridges later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do you want me to set the OS explicitly?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do you want me to set the OS explicitly?
I'm fine leaving it as it stands, as a reminder that New
will need similar options when we get our first non-Linux user and/or stabilize the API.
According to the spec, an unset .Type field in the .Linux.Resources.Devices list is permitted (and it maps to "all"). This was broken recently, making our own default profile (as well as umoci's and runc's) not pass validation anymore. Signed-off-by: Aleksa Sarai <asarai@suse.de>
It doesn't make sense for us to not include a rootfs in our default configuration -- as it means that we're providing an invalid configuration. Signed-off-by: Aleksa Sarai <asarai@suse.de>
To avoid cases where our own validation code would consider our defaults unsafe (which has happened in the past several times), add a smoke-test to ensure that this won't happen. Our defaults should not be intentionally invalid, as that confuses downstreams like umoci which use runtime-tools for the default as well as for validation of the generated configuration. Signed-off-by: Aleksa Sarai <asarai@suse.de>
27ad856
to
6df06d9
Compare
/ping @opencontainers/runtime-tools-maintainers |
According to the spec, an unset .Type field in the
.Linux.Resources.Devices list is permitted (and it maps to "all").
This was broken recently, making our own default profile (as well as
umoci's and runc's) not pass validation anymore.
Signed-off-by: Aleksa Sarai asarai@suse.de