Disallow additional properties in credential_spec

thaJeztah · thaJeztah · commit 1e99ed3ca32b · 2019-02-02T18:27:50.000+01:00
Signed-off-by: Sebastiaan van Stijn &lt;github@gone.nl&gt;
diff --git a/cli/compose/loader/loader_test.go b/cli/compose/loader/loader_test.go
@@ -283,7 +283,7 @@ services:
   foo:
     image: busybox
     credential_spec:
-      File: "/foo"
+      file: "/foo"
     configs: [super]
 configs:
   super:
diff --git a/cli/compose/schema/bindata.go b/cli/compose/schema/bindata.go
diff --git a/cli/compose/schema/data/config_schema_v3.3.json b/cli/compose/schema/data/config_schema_v3.3.json
@@ -118,10 +118,14 @@
           }
         },
         "container_name": {"type": "string"},
-        "credential_spec": {"type": "object", "properties": {
-          "file": {"type": "string"},
-          "registry": {"type": "string"}
-        }},
+        "credential_spec": {
+          "type": "object",
+          "properties": {
+            "file": {"type": "string"},
+            "registry": {"type": "string"}
+          },
+          "additionalProperties": false
+        },
         "depends_on": {"$ref": "#/definitions/list_of_strings"},
         "devices": {"type": "array", "items": {"type": "string"}, "uniqueItems": true},
         "dns": {"$ref": "#/definitions/string_or_list"},
diff --git a/cli/compose/schema/data/config_schema_v3.4.json b/cli/compose/schema/data/config_schema_v3.4.json
@@ -121,10 +121,14 @@
           }
         },
         "container_name": {"type": "string"},
-        "credential_spec": {"type": "object", "properties": {
-          "file": {"type": "string"},
-          "registry": {"type": "string"}
-        }},
+        "credential_spec": {
+          "type": "object",
+          "properties": {
+            "file": {"type": "string"},
+            "registry": {"type": "string"}
+          },
+          "additionalProperties": false
+        },
         "depends_on": {"$ref": "#/definitions/list_of_strings"},
         "devices": {"type": "array", "items": {"type": "string"}, "uniqueItems": true},
         "dns": {"$ref": "#/definitions/string_or_list"},
diff --git a/cli/compose/schema/data/config_schema_v3.5.json b/cli/compose/schema/data/config_schema_v3.5.json
@@ -122,10 +122,14 @@
           }
         },
         "container_name": {"type": "string"},
-        "credential_spec": {"type": "object", "properties": {
-          "file": {"type": "string"},
-          "registry": {"type": "string"}
-        }},
+        "credential_spec": {
+          "type": "object",
+          "properties": {
+            "file": {"type": "string"},
+            "registry": {"type": "string"}
+          },
+          "additionalProperties": false
+        },
         "depends_on": {"$ref": "#/definitions/list_of_strings"},
         "devices": {"type": "array", "items": {"type": "string"}, "uniqueItems": true},
         "dns": {"$ref": "#/definitions/string_or_list"},
diff --git a/cli/compose/schema/data/config_schema_v3.6.json b/cli/compose/schema/data/config_schema_v3.6.json
@@ -122,10 +122,14 @@
           }
         },
         "container_name": {"type": "string"},
-        "credential_spec": {"type": "object", "properties": {
-          "file": {"type": "string"},
-          "registry": {"type": "string"}
-        }},
+        "credential_spec": {
+          "type": "object",
+          "properties": {
+            "file": {"type": "string"},
+            "registry": {"type": "string"}
+          },
+          "additionalProperties": false
+        },
         "depends_on": {"$ref": "#/definitions/list_of_strings"},
         "devices": {"type": "array", "items": {"type": "string"}, "uniqueItems": true},
         "dns": {"$ref": "#/definitions/string_or_list"},
diff --git a/cli/compose/schema/data/config_schema_v3.7.json b/cli/compose/schema/data/config_schema_v3.7.json
@@ -122,10 +122,14 @@
           }
         },
         "container_name": {"type": "string"},
-        "credential_spec": {"type": "object", "properties": {
-          "file": {"type": "string"},
-          "registry": {"type": "string"}
-        }},
+        "credential_spec": {
+          "type": "object",
+          "properties": {
+            "file": {"type": "string"},
+            "registry": {"type": "string"}
+          },
+          "additionalProperties": false
+        },
         "depends_on": {"$ref": "#/definitions/list_of_strings"},
         "devices": {"type": "array", "items": {"type": "string"}, "uniqueItems": true},
         "dns": {"$ref": "#/definitions/string_or_list"},
diff --git a/cli/compose/schema/schema_test.go b/cli/compose/schema/schema_test.go
@@ -1,6 +1,7 @@
 package schema
 
 import (
+	"fmt"
 	"testing"
 
 	"gotest.tools/assert"
@@ -78,6 +79,46 @@ func TestValidateAllowsXFields(t *testing.T) {
 	assert.NilError(t, err)
 }
 
+func TestValidateCredentialSpecs(t *testing.T) {
+	config := dict{
+		"version": "99.99",
+		"services": dict{
+			"foo": dict{
+				"image": "busybox",
+				"credential_spec": dict{
+					"config": "foobar",
+				},
+			},
+		},
+	}
+	tests := []struct {
+		version     string
+		expectedErr string
+	}{
+		{version: "3.0", expectedErr: "credential_spec"},
+		{version: "3.1", expectedErr: "credential_spec"},
+		{version: "3.2", expectedErr: "credential_spec"},
+		{version: "3.3", expectedErr: "config"},
+		{version: "3.4", expectedErr: "config"},
+		{version: "3.5", expectedErr: "config"},
+		{version: "3.6", expectedErr: "config"},
+		{version: "3.7", expectedErr: "config"},
+	}
+
+	for _, tc := range tests {
+		tc := tc
+		t.Run(tc.version, func(t *testing.T) {
+			err := Validate(config, tc.version)
+			if tc.expectedErr != "" {
+				assert.ErrorContains(t, err, fmt.Sprintf("Additional property %s is not allowed", tc.expectedErr))
+			} else {
+				assert.NilError(t, err)
+			}
+		})
+	}
+
+}
+
 func TestValidateSecretConfigNames(t *testing.T) {
 	config := dict{
 		"version": "3.5",
