Strict yaml validation

Signed-off-by: Josh Curl <hello@joshcurl.com>

Author: joshwget

generate.go

@@ -0,0 +1,3 @@
+package libcompose
+
+//go:generate go run script/inline_schema.go

integration/assets/validation/invalid/docker-compose.yml

@@ -0,0 +1,3 @@
+base:
+  image: busybox
+  ports: invalid_type

integration/assets/validation/valid/docker-compose.yml

@@ -0,0 +1,2 @@
+base:
+  image: busybox

integration/create_test.go

@@ -4,6 +4,7 @@ import (
 	"fmt"
 	"os"
 	"os/exec"
+	"strings"
 
 	. "gopkg.in/check.v1"
 	"path/filepath"
@@ -149,7 +150,6 @@ func (s *RunSuite) TestFieldTypeConversions(c *C) {
           image: tianon/true
           mem_limit: $LIMIT
           memswap_limit: "40000000"
-          hostname: 100
         `)
 
 	name := fmt.Sprintf("%s_%s_1", p, "test")
@@ -160,7 +160,6 @@ func (s *RunSuite) TestFieldTypeConversions(c *C) {
           image: tianon/true
           mem_limit: 40000000
           memswap_limit: 40000000
-          hostname: "100"
         `)
 
 	name = fmt.Sprintf("%s_%s_1", p, "reference")
@@ -257,5 +256,92 @@ func (s *RunSuite) TestDefaultMultipleComposeFiles(c *C) {
 
 		c.Assert(container, NotNil)
 	}
+}
+
+func (s *RunSuite) TestValidation(c *C) {
+	template := `
+  test:
+    image: busybox
+    ports: invalid_type
+	`
+	_, output := s.FromTextCaptureOutput(c, s.RandomProject(), "create", template)
+
+	c.Assert(strings.Contains(output, "Service 'test' configuration key 'ports' contains an invalid type, it should be an array."), Equals, true)
+
+	template = `
+  test:
+    image: busybox
+    build: .
+	`
+	_, output = s.FromTextCaptureOutput(c, s.RandomProject(), "create", template)
+
+	c.Assert(strings.Contains(output, "Service 'test' has both an image and build path specified. A service can either be built to image or use an existing image, not both."), Equals, true)
+
+	template = `
+  test:
+    image: busybox
+    ports: invalid_type
+    links: invalid_type
+    devices:
+      - /dev/foo:/dev/foo
+      - /dev/foo:/dev/foo
+  `
+	_, output = s.FromTextCaptureOutput(c, s.RandomProject(), "create", template)
+
+	c.Assert(strings.Contains(output, "Service 'test' configuration key 'ports' contains an invalid type, it should be an array."), Equals, true)
+	c.Assert(strings.Contains(output, "Service 'test' configuration key 'links' contains an invalid type, it should be an array"), Equals, true)
+	c.Assert(strings.Contains(output, "Service 'test' configuration key 'devices' value [/dev/foo:/dev/foo /dev/foo:/dev/foo] has non-unique elements"), Equals, true)
+}
+
+func (s *RunSuite) TestValidationWithExtends(c *C) {
+	template := `
+  base:
+    image: busybox
+    privilege: "something"
+  test:
+    extends:
+      service: base
+	`
+
+	_, output := s.FromTextCaptureOutput(c, s.RandomProject(), "create", template)
+
+	c.Assert(strings.Contains(output, "Unsupported config option for base service: 'privilege' (did you mean 'privileged'?)"), Equals, true)
+
+	template = `
+  base:
+    image: busybox
+  test:
+    extends:
+      service: base
+    links: invalid_type
+	`
+
+	_, output = s.FromTextCaptureOutput(c, s.RandomProject(), "create", template)
+
+	c.Assert(strings.Contains(output, "Service 'test' configuration key 'links' contains an invalid type, it should be an array"), Equals, true)
+
+	template = `
+  test:
+    extends:
+      file: ./assets/validation/valid/docker-compose.yml
+      service: base
+    devices:
+      - /dev/foo:/dev/foo
+      - /dev/foo:/dev/foo
+	`
+
+	_, output = s.FromTextCaptureOutput(c, s.RandomProject(), "create", template)
+
+	c.Assert(strings.Contains(output, "Service 'test' configuration key 'devices' value [/dev/foo:/dev/foo /dev/foo:/dev/foo] has non-unique elements"), Equals, true)
+
+	template = `
+  test:
+    extends:
+      file: ./assets/validation/invalid/docker-compose.yml
+      service: base
+	`
+
+	_, output = s.FromTextCaptureOutput(c, s.RandomProject(), "create", template)
 
+	c.Assert(strings.Contains(output, "Service 'base' configuration key 'ports' contains an invalid type, it should be an array."), Equals, true)
 }

project/merge.go

@@ -43,6 +43,10 @@ func mergeProject(p *Project, file string, bytes []byte) (map[string]*ServiceCon
 		return nil, err
 	}
 
+	if err := validate(datas); err != nil {
+		return nil, err
+	}
+
 	for name, data := range datas {
 		data, err := parse(p.context.ResourceLookup, p.context.EnvironmentLookup, file, data, datas)
 		if err != nil {
@@ -62,6 +66,13 @@ func mergeProject(p *Project, file string, bytes []byte) (map[string]*ServiceCon
 		datas[name] = data
 	}
 
+	for name, data := range datas {
+		err := validateServiceConstraints(data, name)
+		if err != nil {
+			return nil, err
+		}
+	}
+
 	if err := utils.Convert(datas, &configs); err != nil {
 		return nil, err
 	}
@@ -221,6 +232,10 @@ func parse(resourceLookup ResourceLookup, environmentLookup EnvironmentLookup, i
 			return nil, err
 		}
 
+		if err := validate(baseRawServices); err != nil {
+			return nil, err
+		}
+
 		baseService, ok = baseRawServices[service]
 		if !ok {
 			return nil, fmt.Errorf("Failed to find service %s in file %s", service, file)

project/merge_test.go

@@ -158,7 +158,7 @@ func TestRestartNo(t *testing.T) {
 
 	config, err := mergeProject(p, "", []byte(`
 test:
-  restart: no
+  restart: "no"
   image: foo
 `))
 

project/project_test.go

@@ -163,12 +163,13 @@ func TestParseWithMultipleComposeFiles(t *testing.T) {
 	configTwo := []byte(`
   multiple:
     image: busybox
-    name: multi
+    container_name: multi
     ports:
       - 9000`)
 
 	configThree := []byte(`
   multiple:
+    image: busybox
     mem_limit: 40000000
     ports:
       - 10000`)
@@ -182,7 +183,7 @@ func TestParseWithMultipleComposeFiles(t *testing.T) {
 	assert.Nil(t, err)
 
 	assert.Equal(t, "busybox", p.Configs["multiple"].Image)
-	assert.Equal(t, "multi", p.Configs["multiple"].Name)
+	assert.Equal(t, "multi", p.Configs["multiple"].ContainerName)
 	assert.Equal(t, []string{"8000", "9000"}, p.Configs["multiple"].Ports)
 
 	p = NewProject(&Context{
@@ -194,7 +195,7 @@ func TestParseWithMultipleComposeFiles(t *testing.T) {
 	assert.Nil(t, err)
 
 	assert.Equal(t, "tianon/true", p.Configs["multiple"].Image)
-	assert.Equal(t, "multi", p.Configs["multiple"].Name)
+	assert.Equal(t, "multi", p.Configs["multiple"].ContainerName)
 	assert.Equal(t, []string{"9000", "8000"}, p.Configs["multiple"].Ports)
 
 	p = NewProject(&Context{
@@ -206,7 +207,7 @@ func TestParseWithMultipleComposeFiles(t *testing.T) {
 	assert.Nil(t, err)
 
 	assert.Equal(t, "busybox", p.Configs["multiple"].Image)
-	assert.Equal(t, "multi", p.Configs["multiple"].Name)
+	assert.Equal(t, "multi", p.Configs["multiple"].ContainerName)
 	assert.Equal(t, []string{"8000", "9000", "10000"}, p.Configs["multiple"].Ports)
 	assert.Equal(t, int64(40000000), p.Configs["multiple"].MemLimit)
 }

project/schema_helpers.go

@@ -0,0 +1,92 @@
+package project
+
+import (
+	"encoding/json"
+	"strings"
+
+	"github.com/docker/go-connections/nat"
+	"github.com/xeipuuv/gojsonschema"
+)
+
+var (
+	schemaLoader           gojsonschema.JSONLoader
+	constraintSchemaLoader gojsonschema.JSONLoader
+	schema                 map[string]interface{}
+)
+
+type (
+	environmentFormatChecker struct{}
+	portsFormatChecker       struct{}
+)
+
+func (checker environmentFormatChecker) IsFormat(input string) bool {
+	// If the value is a boolean, a warning should be given
+	// However, we can't determine type since gojsonschema converts the value to a string
+	// Adding a function with an interface{} parameter to gojsonschema is probably the best way to handle this
+	return true
+}
+
+func (checker portsFormatChecker) IsFormat(input string) bool {
+	_, _, err := nat.ParsePortSpecs([]string{input})
+	return err == nil
+}
+
+func setupSchemaLoaders() error {
+	if schema != nil {
+		return nil
+	}
+
+	var schemaRaw interface{}
+	err := json.Unmarshal([]byte(schemaString), &schemaRaw)
+	if err != nil {
+		return err
+	}
+
+	schema = schemaRaw.(map[string]interface{})
+
+	gojsonschema.FormatCheckers.Add("environment", environmentFormatChecker{})
+	gojsonschema.FormatCheckers.Add("ports", portsFormatChecker{})
+	gojsonschema.FormatCheckers.Add("expose", portsFormatChecker{})
+	schemaLoader = gojsonschema.NewGoLoader(schemaRaw)
+
+	definitions := schema["definitions"].(map[string]interface{})
+	constraints := definitions["constraints"].(map[string]interface{})
+	service := constraints["service"].(map[string]interface{})
+	constraintSchemaLoader = gojsonschema.NewGoLoader(service)
+
+	return nil
+}
+
+// gojsonschema doesn't provide a list of valid types for a property
+// This parses the schema manually to find all valid types
+func parseValidTypesFromSchema(schema map[string]interface{}, context string) []string {
+	contextSplit := strings.Split(context, ".")
+	key := contextSplit[len(contextSplit)-1]
+
+	definitions := schema["definitions"].(map[string]interface{})
+	service := definitions["service"].(map[string]interface{})
+	properties := service["properties"].(map[string]interface{})
+	property := properties[key].(map[string]interface{})
+
+	var validTypes []string
+
+	if val, ok := property["oneOf"]; ok {
+		validConditions := val.([]interface{})
+
+		for _, validCondition := range validConditions {
+			condition := validCondition.(map[string]interface{})
+			validTypes = append(validTypes, condition["type"].(string))
+		}
+	} else if val, ok := property["$ref"]; ok {
+		reference := val.(string)
+		if reference == "#/definitions/string_or_list" {
+			return []string{"string", "array"}
+		} else if reference == "#/definitions/list_of_strings" {
+			return []string{"array"}
+		} else if reference == "#/definitions/list_or_dict" {
+			return []string{"array", "object"}
+		}
+	}
+
+	return validTypes
+}