Yamale icon indicating copy to clipboard operation
Yamale copied to clipboard

Published 20 hours ago verified publisher icon 23andMe

"map" validator doesn't validate key, when using include

Open ivocavalcante opened this issue 4 years ago • 3 comments

First of all, congrats for the great job you've done. Yamale is exactly what I needed for a project I'm working on. Now, to the bug report:

"map" validator fails to validate a key, when function used is "included". See example below:

Consider YAML data below, for testing purposes:

test.yaml

maptest: 
  1: xpto 
  2: qwerty 
  error: wrong

WORKING (meaning validation fails):

schema.yaml

maptest: map(include('value'), key=int()) 
--- 
value: str()

NON-WORKING (meaning validation passes):

schema.yaml

maptest: map(include('value'), key=include('key')) 
--- 
value: str()
key: int()

Tested with latest release, 3.0.2 .

ivocavalcante avatar Aug 24 '20 15:08 ivocavalcante

As mentioned in the declined PR, the best course of action is to prevent the include validator from being defined in the key constraint for the map validator. Since this is a potentially breaking change, we should wait for a major release.

mildebrandt avatar Jan 25 '21 21:01 mildebrandt

Hm, I had hoped to use include here like this:

schema: 
---
users: map(include("user"), key=include("act"))
version: enum("1.0")

---
user:
    firstname: str()
    lastname: str()
    roles: list(include("role"))
    groups: list(include("act"))
    password: include("password")
    samba_password: include("password")
    admin_password: include("password")
    maintain_groups: include("maintain_memberships")
    maintain_roles: include("maintain_memberships")
    maintain_password: include("maintain_password")

---
maintain_memberships: enum("initial_only", "restore_memberships", "fixed")

---
maintain_password: enum("initial_only", "fixed")

---
# /usr/share/perl5/IServ/Valid.pm sub Role
role: str(matches="^ROLE_[A-Z0-9_]{1,64}$")

---
# /usr/share/perl5/IServ/Valid.pm sub Act + MAX_LEN
act: str(matches="^[a-z][a-z0-9._-]{0,31}$")

---
password:
  type: enum("plain", "hashed")
  value: str()
input: 
---
version: "1.0"
users:
  martintest:
    firstname: Martin
    lastname: Test
    groups:
      - admins
      - domain.admins
    roles:
      - ROLE_ADMIN
    password:
      type: plain
      value: foobar
    samba_password:
      type: hashed
      value: foobar
    admin_password:
      type: plain
      value: barfoo
    maintain_groups: initial_only
    maintain_roles: initial_only
    maintain_password: initial_only

My intention was to have the definition for the act regex only once (DRY), and then to use it to validate both the user names and the group names. Am I doing this wrong, or is this unsupported and I have to define the act regex twice, once to validate the group names, and once to validate the user names?

martinvonwittich avatar May 23 '23 13:05 martinvonwittich

  • Rather than "waiting" for a major release, this bug seems major enough to trigger a major release in its own right? The validators are silently passing on invalid data.

  • Ideally, the implementation of the Include validator should be moved into the actual Include validator, although that would be a larger refactoring (would have to pass in the Schema).

  • Cross-reference: this also applies to the Any and Subset validators, per #217, and potentially Map and List

sabik avatar Aug 16 '23 02:08 sabik