Adding json-schema validation for extra-specs

Author: fabi200123

README.md

@@ -32,6 +32,7 @@ Garm supports sending opaque json encoded configs to the IaaS providers it hooks
 To this end, this provider supports the following extra specs schema:
 
 ```json
+
 {
     "$schema": "http://cloudbase.it/garm-provider-openstack/schemas/extra_specs#",
     "type": "object",
@@ -74,7 +75,8 @@ To this end, this provider supports the following extra specs schema:
             },
             "description": "A list of image owners to allow when creating the instance. If not specified, all images will be allowed." 
         }
-    }
+    },
+	"additionalProperties": false
 }
 ```
 

go.mod

@@ -22,6 +22,9 @@ require (
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/teris-io/shortid v0.0.0-20220617161101-71ec9f2aa569 // indirect
+	github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f // indirect
+	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
+	github.com/xeipuuv/gojsonschema v1.2.0
 	golang.org/x/crypto v0.12.0 // indirect
 	golang.org/x/sys v0.11.0 // indirect
 	golang.org/x/text v0.12.0 // indirect

go.sum

@@ -2,6 +2,7 @@ github.com/BurntSushi/toml v1.2.1 h1:9F2/+DoOYIOksmaJFPw1tGFy1eDnIJXg+UHjuD8lTak
 github.com/BurntSushi/toml v1.2.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
 github.com/cloudbase/garm-provider-common v0.1.1 h1:9SbkEevpycI/P3J7jEmjJf6VzdrxAIHkLppnjqaKAWU=
 github.com/cloudbase/garm-provider-common v0.1.1/go.mod h1:igxJRT3OlykERYc6ssdRQXcb+BCaeSfnucg6I0OSoDc=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/felixge/httpsnoop v1.0.1/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
@@ -26,10 +27,18 @@ github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
 github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
 github.com/teris-io/shortid v0.0.0-20220617161101-71ec9f2aa569 h1:xzABM9let0HLLqFypcxvLmlvEciCHL7+Lv+4vwZqecI=
 github.com/teris-io/shortid v0.0.0-20220617161101-71ec9f2aa569/go.mod h1:2Ly+NIftZN4de9zRmENdYbvPQeaVIYKWpLFStLFEBgI=
+github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f h1:J9EGpcZtP0E/raorCMxlFGSTBrsSlaDGf3jU/qvAE2c=
+github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
+github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHovont7NscjpAxXsDA8S8BMYve8Y5+7cuRE7R0=
+github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ=
+github.com/xeipuuv/gojsonschema v1.2.0 h1:LhYJRs+L4fBtjZUfuSZIKGeVu0QRy8e5Xi7D17UxZ74=
+github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y=
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=

provider/spec.go

@@ -26,12 +26,61 @@ import (
 	"github.com/gophercloud/gophercloud/openstack/compute/v2/servers"
 	"github.com/gophercloud/gophercloud/openstack/imageservice/v2/images"
 	"github.com/gophercloud/gophercloud/openstack/networking/v2/networks"
+	"github.com/xeipuuv/gojsonschema"
 
 	"github.com/cloudbase/garm-provider-openstack/config"
 )
 
 var defaultBootDiskSize int64 = 50
 
+const jsonSchema string = `
+{
+    "$schema": "http://cloudbase.it/garm-provider-openstack/schemas/extra_specs#",
+    "type": "object",
+    "description": "Schema defining supported extra specs for the Garm OpenStack Provider",
+    "properties": {
+        "security_groups": {
+            "type": "array",
+            "items": {
+                "type": "string"
+            }
+        },
+        "network_id": {
+            "type": "string",
+            "description": "The tenant network to which runners will be connected to."
+        },
+        "storage_backend": {
+            "type": "string",
+            "description": "The cinder backend to use when creating volumes."
+        },
+        "boot_from_volume": {
+            "type": "boolean",
+            "description": "Whether to boot from volume or not. Use this option if the root disk size defined by the flavor is not enough."
+        },
+        "boot_disk_size": {
+            "type": "integer",
+            "description": "The size of the root disk in GB. Default is 50 GB."
+        },
+        "use_config_drive": {
+            "type": "boolean",
+            "description": "Use config drive."
+        },
+        "enable_boot_debug": {
+            "type": "boolean",
+            "description": "Enable cloud-init debug mode. Adds 'set -x' into the cloud-init script."
+        },
+        "allow_image_owners": {
+            "type": "array",
+            "items": {
+                "type": "string"
+            },
+            "description": "A list of image owners to allow when creating the instance. If not specified, all images will be allowed." 
+        }
+    },
+	"additionalProperties": false
+}
+`
+
 type extraSpecs struct {
 	SecurityGroups     []string `json:"security_groups,omitempty"`
 	AllowedImageOwners []string `json:"allowed_image_owners,omitempty"`
@@ -44,12 +93,28 @@ type extraSpecs struct {
 	EnableBootDebug    *bool    `json:"enable_boot_debug"`
 }
 
+func jsonSchemaValidation(schema json.RawMessage) error {
+	schemaLoader := gojsonschema.NewStringLoader(jsonSchema)
+	extraSpecsLoader := gojsonschema.NewBytesLoader(schema)
+	result, err := gojsonschema.Validate(schemaLoader, extraSpecsLoader)
+	if err != nil {
+		return fmt.Errorf("failed to validate schema: %w", err)
+	}
+	if !result.Valid() {
+		return fmt.Errorf("schema validation failed: %s", result.Errors())
+	}
+	return nil
+}
+
 func extraSpecsFromBootstrapData(data params.BootstrapInstance) (extraSpecs, error) {
 	if len(data.ExtraSpecs) == 0 {
 		return extraSpecs{}, nil
 	}
 
 	var spec extraSpecs
+	if err := jsonSchemaValidation(data.ExtraSpecs); err != nil {
+		return extraSpecs{}, fmt.Errorf("failed to validate extra specs: %w", err)
+	}
 	if err := json.Unmarshal(data.ExtraSpecs, &spec); err != nil {
 		return extraSpecs{}, fmt.Errorf("failed to unmarshal extra_specs: %w", err)
 	}