schema: perform validate_cloudcfg_schema once in early boot

Validate full schema one time early in boot just after user-data is processed. This avoid 51+ repeated calls to validate_cloudcfg_schema on subsections of the schema. Moving validation to one place against the whole schema will allow for a single concise error/warning about schema violations in one place in logs.
canonical · Jan 7, 2022 · f1a7c75 · f1a7c75
1 parent b966f43
commit f1a7c75
Show file tree

Hide file tree

Showing 4 changed files with 554 additions and 25 deletions.
diff --git a/cloudinit/cmd/main.py b/cloudinit/cmd/main.py
@@ -22,6 +22,7 @@
 
 patcher.patch_logging()
 
+from cloudinit.config.schema import validate_cloudconfig_schema
 from cloudinit import log as logging
 from cloudinit import netinfo
 from cloudinit import signal_handler
@@ -452,6 +453,10 @@ def main_init(name, args):
     # update fully realizes user-data (pulling in #include if necessary)
     init.update()
     _maybe_set_hostname(init, stage="init-net", retry_stage="modules:config")
+
+    # Validate user-data adheres to schema definition
+    validate_cloudconfig_schema(config=init.cfg, strict=True)
+
     # Stage 7
     try:
         # Attempt to consume the data per instance.

diff --git a/cloudinit/config/schema.py b/cloudinit/config/schema.py
@@ -166,14 +166,18 @@ def validate_cloudconfig_metaschema(validator, schema: dict, throw=True):
 
 
 def validate_cloudconfig_schema(
-    config: dict, schema: dict, strict=False, strict_metaschema=False
+    config: dict,
+    schema: dict = None,
+    strict: bool = False,
+    strict_metaschema: bool = False,
 ):
     """Validate provided config meets the schema definition.
 
     @param config: Dict of cloud configuration settings validated against
         schema. Ignored if strict_metaschema=True
     @param schema: jsonschema dict describing the supported schema definition
-       for the cloud config module (config.cc_*).
+       for the cloud config module (config.cc_*). If None, validate against
+       global schema.
     @param strict: Boolean, when True raise SchemaValidationErrors instead of
        logging warnings.
     @param strict_metaschema: Boolean, when True validates schema using strict
@@ -183,6 +187,8 @@ def validate_cloudconfig_schema(
         against the provided schema.
     @raises: RuntimeError when provided config sourced from YAML is not a dict.
     """
+    if schema is None:
+        schema = get_schema()
     try:
         (cloudinitValidator, FormatChecker) = get_jsonschema_validator()
         if strict_metaschema: