93581bfde2
Add scripts to extract OpenAPI v3 schemas from CRD definitions in all kustomize overlays and write JSON schema files to ci/crd-schemas/ for kubeconform validation. This allows kubeconform to validate CRD instances (Elasticsearch, Kibana, CNPG Cluster, VictoriaMetrics, etc.) instead of skipping or erroring on them. - ci/generate-crd-schemas.py: extracts schemas from CRD YAML on stdin - ci/generate-crd-schemas.sh: iterates overlays, pipes to Python script - ci/validate-apps.sh, ci/validate-clusters.sh: add local schema-location fallback - Makefile: add generate-schemas target - add generate-schemas step to kubeconform woodpecker pipeline so schemas
46 lines
1.3 KiB
Python
Executable File
46 lines
1.3 KiB
Python
Executable File
#!/usr/bin/env python3
|
|
"""
|
|
Extract OpenAPI v3 schemas from CRD YAML on stdin and write JSON schema files
|
|
to the output directory for use with kubeconform.
|
|
|
|
Usage: kustomize build ... | python3 ci/generate-crd-schemas.py <output-dir>
|
|
"""
|
|
import sys
|
|
import json
|
|
import os
|
|
|
|
import yaml
|
|
|
|
|
|
def main() -> int:
|
|
output_dir = sys.argv[1] if len(sys.argv) > 1 else "ci/crd-schemas"
|
|
count = 0
|
|
|
|
for doc in yaml.safe_load_all(sys.stdin):
|
|
if not doc or doc.get("kind") != "CustomResourceDefinition":
|
|
continue
|
|
|
|
group = doc["spec"]["group"]
|
|
kind = doc["spec"]["names"]["kind"]
|
|
group_dir = os.path.join(output_dir, group)
|
|
os.makedirs(group_dir, exist_ok=True)
|
|
|
|
for ver in doc["spec"].get("versions", []):
|
|
if not ver.get("served", True):
|
|
continue
|
|
schema = ver.get("schema", {}).get("openAPIV3Schema")
|
|
if not schema:
|
|
continue
|
|
fname = os.path.join(group_dir, f"{kind.lower()}_{ver['name']}.json")
|
|
with open(fname, "w") as f:
|
|
json.dump({"$schema": "http://json-schema.org/schema#", **schema}, f, indent=2)
|
|
f.write("\n")
|
|
print(f" wrote {fname}", file=sys.stderr)
|
|
count += 1
|
|
|
|
return count
|
|
|
|
|
|
if __name__ == "__main__":
|
|
print(main())
|