Closed AjanKG closed 7 months ago
I'm pretty sure I run into the same issue
kubeconform -output tap -ignore-missing-schemas -strict -schema-location https://raw.githubusercontent.com/enercity/kubernetes-json-schema/master -schema-location /var/lib/crd-schemas/externalsecret_v1beta1.json k8s
validates all the usual CRDs & ExternalSecrets, but I was unable to add other CRDs.
Apparently, only 1 additional -schema-location
is supported right now with v0.6.3.
We solved this issue by providing a folder of Schemas for the --schema-location
parameter, instead of a concrete JSON:
kubeconform -output tap -ignore-missing-schemas -strict -schema-location https://raw.githubusercontent.com/enercity/kubernetes-json-schema/master -schema-location /var/lib/crd-schemas k8s
Hi @michaelholtermann , the -schema-location is meant to be used not as a path to a particular file, but as a templated string, see documentation at https://github.com/yannh/kubeconform?tab=readme-ov-file#overriding-schemas-location
Especially: "if the -schema-location value ends with .json - Kubeconform assumes the value is a Go templated string that indicates how to search for JSON schemas."
You're not the first one to trip on the usability of this feature unfortunately :grimacing: Glad you found a solution!
The issue still persist.
Certainly there is an issue with the CRD but we didn't find a way to fix it.
Is there a way to find out, why the CRD that was found was rejected by kubeconform?
kubectl get crd apigeeorganizations.apigee.cnrm.cloud.google.com -o yaml > apigeeorganizations-crd.yaml
export FILENAME_FORMAT='{kind}-{group}-{version}'
openapi2jsonschema.py apigeeorganizations-crd.yaml
JSON schema written to apigeeorganization-apigee-v1beta1.json
kubeconform-0.6.6 -debug -summary -schema-location './{{ .ResourceKind }}{{ .KindSuffix }}.json' test.yaml
2024/05/15 13:38:07 using schema found at ./apigeeorganization-apigee-v1beta1.json
test.yaml - ApigeeOrganization apigeeorganization-sample failed validation: could not find schema for ApigeeOrganization
Summary: 1 resource found in 1 file - Valid: 0, Invalid: 0, Errors: 1, Skipped: 0
kubeconform-0.6.2 -debug -summary -schema-location './{{ .ResourceKind }}{{ .KindSuffix }}.json' test.yaml
2024/05/15 13:37:45 using schema found at ./apigeeorganization-apigee-v1beta1.json
Summary: 1 resource found in 1 file - Valid: 1, Invalid: 0, Errors: 0, Skipped: 0
You will find below the files to reproduce the regression we are observing. apigeeorganizations-crd.yaml.txt test.yaml.txt
Hello,
I am experiencing a schema recognition issue with kubeconform starting from version 0.6.3 and continuing in the latest version 0.6.4. The tool fails to recognize the schema for Apigee resources (ApigeeEnvironment and ApigeeOrganization):
Actual Results:
kubeconform versions 0.6.3 and 0.6.4 fail to recognize the schema for these resources, resulting in validation error:
The ApigeeOrganization CRD:
Expected Results:
kubeconform should correctly recognize and validate the schema of the given resource, as it did in version 0.6.2 I add Apigee Organization and Apigee Environment json schema generated
Apigee Organization:
Apigee Environment: