Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Add support for recursive json schema elements to prevent fatal error #5167

Merged
merged 1 commit into from
Sep 23, 2022
Merged

fix: Add support for recursive json schema elements to prevent fatal error #5167

merged 1 commit into from
Sep 23, 2022
+257 −67

Conversation

liamg
Copy link
Contributor

@liamg liamg commented Sep 22, 2022

This adds support for recursive json schemas, such as:

{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "$id": "https://github.com/open-policy-agent/opa/issues/5166",
  "type": "object",
  "properties": {
    "Something": {
      "$ref": "#/$defs/X"
    }
  },
  "$defs": {
    "X": {
      "type": "object",
      "properties": {
        "Y": {
          "$ref": "#/$defs/Y"
        }
      }
    },
    "Y": {
      "type": "object",
      "properties": {
        "X": {
          "$ref": "#/$defs/X"
        }
      }
    }
  }
}

The parseSchema method now hangs from a schemaParser struct. This allows the use of a cache that can be populated with definitions as they are seen, to prevent them being reparsed later. They are added to cache before they are completely parsed, otherwise the recursive crash would still occur. Thus they are added to the cache with all properties without values, then the values are added in by reference after the subsequent child tree parse.

I've added a couple of tests that cover my use case, as well as a schema parsing test (this already passed before my changes - the compile time analysis of the schema is the problem) for good measure.

Happy to change whatever or discuss an alternative approach, just shout (I'm on the OPA slack)

Resolves #5166

Signed-off-by: Liam Galvin liam.galvin@aquasec.com

@liamg liamg marked this pull request as draft September 22, 2022 11:45
@liamg
Copy link
Contributor Author

liamg commented Sep 22, 2022

Looks like it's got a race condition, converting to draft until it's fixed.

@liamg liamg force-pushed the liamg-recursive-schema-support branch from d6316ed to 66fa711 Compare September 22, 2022 12:06
@liamg liamg marked this pull request as ready for review September 22, 2022 12:36
@liamg
Copy link
Contributor Author

liamg commented Sep 22, 2022

...fixed now 🥳

srenatus
srenatus reviewed Sep 22, 2022
View reviewed changes
Copy link
Contributor

@srenatus srenatus left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks good, just a tiny nitpick re: the error case. Let's do some error unwrapping, maybe?

ast/compile.go
//
// We'd get this result:
//
// GetRulesDynamicWithOpts("data[x]", RulesOptions{IncludeHiddenModules: true}) => [rule1, rule2, rule3]
// GetRulesDynamicWithOpts("data[x]", RulesOptions{IncludeHiddenModules: true}) => [rule1, rule2, rule3]
//
// Without the options, it would be excluded.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

☝️ These are automatically done through go 1.19's formatter -- it's not related to this PR, but someone's got to commit it eventually. So I'm ok if that someone is you 😀

ast/compile_test.go
expectedErrors: []string{
"undefined function foo",
},
},*/
{
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🙈 this is weird, but presumably also the code formatter. Let's roll with it.

ast/compile_test.go
@@ -7332,3 +7333,121 @@ func TestKeepModules(t *testing.T) {
}
})
}

// see https://github.com/open-policy-agent/opa/issues/5166
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think keeping the issue link in the commit message is good enough. But it doesn't hurt much to have it twice, either.

ast/compile_test.go Show resolved Hide resolved
@liamg liamg force-pushed the liamg-recursive-schema-support branch from 66fa711 to 43c8f01 Compare September 22, 2022 15:40
@netlify
Copy link

netlify bot commented Sep 22, 2022
edited
Loading

Deploy Preview for openpolicyagent ready!

Name Link
🔨 Latest commit 03993a1
🔍 Latest deploy log https://app.netlify.com/sites/openpolicyagent/deploys/632d70d95dfc2000085640d9
😎 Deploy Preview https://deploy-preview-5167--openpolicyagent.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site settings.

@liamg
fix: Add support for recursive json schema elements to prevent fatal …
03993a1 
…error

Resolves open-policy-agent#5166

Signed-off-by: Liam Galvin <liam.galvin@aquasec.com>
@liamg liamg force-pushed the liamg-recursive-schema-support branch from 43c8f01 to 03993a1 Compare September 23, 2022 08:39
@srenatus srenatus merged commit 65d7495 into open-policy-agent:main Sep 23, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@srenatus srenatus srenatus approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

bug: Panic when using a JSON schema with recursive elements
2 participants
@liamg @srenatus