schema: Completely drop our JSON Schema 'id' properties #945
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
wking
force-pushed
the
json-schema-minimal-ids
branch
from
25d6c81
to
a3f89ae
Compare
We're using JSON Schema draft-04 [1], as declared by our '$schema' properties [2]. In draft-04, the 'id' keyword alters the resolution scope. But our current '$ref' values use JSON Pointers [3,4] with relative references like 'defs-linux.json#/definitions/Device' that ignore the 'id's. By draft-07, 'id' has become '$id', and [5]: The root schema of a JSON Schema document SHOULD contain an "$id" keyword with a URI (containing a scheme). But since [6], including any URI that cannot be retrieved generates an error: $ ./validate config-schema.json test/config/good/minimal.json Could not read schema from HTTP, response status is 404 Not Found While a root 'id' entry would be nice, we don't currently host these anywhere with a useful URI. We could use [7], but then testing pull requests would be difficult. By draft-07, the purpose of internal '$id' entries is clearly explained [5]: Providing a plain name fragment enables a subschema to be relocated within a schema without requiring that JSON Pointer references are updated. We don't need that, because we control all the references. In the infrequent event of a subschema move, we can update the consuming references in the same commit. The draft-07 $ref docs also explain that $ref targets may be URNs [8]: The URI is not a network locator, only an identifier. A schema need not be downloadable from the address if it is a network-addressable URL, and implementations SHOULD NOT assume they should perform a network operation when they encounter a network-addressable URI. I haven't found analogous wording for $id, but it's possible that gojsonschema is being overly agressive with its attempted retrievals. This commit removes all of our 'id' entries. The resulting JSON Schema is valid (regardless of where you host it) and does not generate the 404s. Reported by Tom Godkin [9] and William Martin [10]. [1]: https://tools.ietf.org/html/draft-zyp-json-schema-04#section-7.2 [2]: https://tools.ietf.org/html/draft-zyp-json-schema-04#section-6 [3]: https://tools.ietf.org/html/draft-ietf-appsawg-json-pointer-07 [4]: https://tools.ietf.org/html/rfc6901 [5]: https://tools.ietf.org/html/draft-handrews-json-schema-00#section-9.2 [6]: xeipuuv/gojsonschema@83a7f63 [7]: https://raw.githubusercontent.com/opencontainers/runtime-spec/v1.0.1/schema/config-schema.json [8]: https://tools.ietf.org/html/draft-handrews-json-schema-00#section-8 [9]: opencontainers/runc#1680 [10]: https://groups.google.com/a/opencontainers.org/forum/#!topic/dev/L9ME-YRPmmc Subject: runtime-spec validation questions Date: Thu, 4 Jan 2018 15:47:50 +0000 Message-ID: <CAMp6QwMTJab5K25=CVy=6OZV6NRX0s-nMLGwqC8ZMpFEp5bF_Q@mail.gmail.com> Signed-off-by: W. Trevor King <wking@tremily.us>
wking
force-pushed
the
json-schema-minimal-ids
branch
from
a3f89ae
to
4e5a137
Compare
This was referenced Jan 10, 2018
Merged
This was referenced Jan 24, 2018
|
LGTM |
1 similar comment
|
LGTM |
This was referenced Feb 16, 2018
Closed
kolyshkin
added a commit
to kolyshkin/runtime-tools
that referenced
this pull request
Oct 19, 2021
New(er) xeipuuv/gojsonschema package is trying to fetch id fields, which in the spec were looking like this: "id": "https://opencontainers.org/schema/bundle/linux" Obviously, this results in HTTP 404s, and multiple test failures. This was fixed by opencontainers/runtime-spec#945 which ended up in runtime-spec v1.0.2. Now, if we want to bump xeipuuv/gojsonschema (we do), we need to test against at least v1.0.2 of runtime-spec, for the reason explained above. Bump the spec version in all test cases, remove or fix some test cases. In particular: * remove "process is required" as it needed v1.0.0-rc5 version of spec. * remove "args is required" as args are no longer required since commit opencontainers/runtime-spec@deb4d954eafc4fc. * fixup "invalid seccomp action" error as it now also has SCMP_ACT_LOG. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
This was referenced Oct 19, 2021
kolyshkin
added a commit
to kolyshkin/runtime-tools
that referenced
this pull request
Oct 19, 2021
New(er) xeipuuv/gojsonschema package is trying to fetch id fields, which in the spec were looking like this: "id": "https://opencontainers.org/schema/bundle/linux" Obviously, this results in HTTP 404s, and multiple test failures. This was fixed by opencontainers/runtime-spec#945 which ended up in runtime-spec v1.0.2. Now, if we want to bump xeipuuv/gojsonschema (we do), we need to test against at least v1.0.2 of runtime-spec, for the reason explained above. Bump the spec version in all test cases, remove or fix some test cases. In particular: * remove "process is required" as it needed v1.0.0-rc5 version of spec. * remove "args is required" as args are no longer required since commit opencontainers/runtime-spec@deb4d954eafc4fc. * fixup "invalid seccomp action" error as it now also has SCMP_ACT_LOG. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
kolyshkin
added a commit
to kolyshkin/runtime-tools
that referenced
this pull request
Oct 20, 2021
New(er) xeipuuv/gojsonschema package is trying to fetch id fields, which in the spec were looking like this: "id": "https://opencontainers.org/schema/bundle/linux" Obviously, this results in HTTP 404s, and multiple test failures. This was fixed by opencontainers/runtime-spec#945 which ended up in runtime-spec v1.0.2. Now, if we want to bump xeipuuv/gojsonschema (we do), we need to test against at least v1.0.2 of runtime-spec, for the reason explained above. Bump the spec version in all test cases, remove or fix some test cases. In particular: * remove "process is required" as it needed v1.0.0-rc5 version of spec. * remove "args is required" as args are no longer required since commit opencontainers/runtime-spec@deb4d954eafc4fc. * fixup "invalid seccomp action" error as it now also has SCMP_ACT_LOG. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
kolyshkin
added a commit
to kolyshkin/runtime-tools
that referenced
this pull request
Oct 20, 2021
New(er) xeipuuv/gojsonschema package is trying to fetch id fields, which in the spec were looking like this: "id": "https://opencontainers.org/schema/bundle/linux" Obviously, this results in HTTP 404s, and multiple test failures. This was fixed by opencontainers/runtime-spec#945 which ended up in runtime-spec v1.0.2. Now, if we want to bump xeipuuv/gojsonschema (we do), we need to test against at least v1.0.2 of runtime-spec, for the reason explained above. Bump the spec version in all test cases, remove or fix some test cases. In particular: * remove "process is required" as it needed v1.0.0-rc5 version of spec. * remove "args is required" as args are no longer required since commit opencontainers/runtime-spec@deb4d954eafc4fc. * fixup "invalid seccomp action" error as it now also has SCMP_ACT_LOG. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
kolyshkin
added a commit
to kolyshkin/runtime-tools
that referenced
this pull request
Oct 20, 2021
New(er) xeipuuv/gojsonschema package is trying to fetch id fields, which in the spec were looking like this: "id": "https://opencontainers.org/schema/bundle/linux" Obviously, this results in HTTP 404s, and multiple test failures. This was fixed by opencontainers/runtime-spec#945 which ended up in runtime-spec v1.0.2. This essentially means with newer xeipuuv/gojsonschema we are no longer able to validate against runtime-spec < 1.0.2. To adopt for a new xeipuuv/gojsonschema, do the following: 1. Add the version check, add a test case for it. 2. Remove some test cases: - "process is required" as it needed v1.0.0-rc5 version of spec. - "args is required" as args are no longer required since commit opencontainers/runtime-spec@deb4d954eafc4fc. 3. Bump the spec version in all test cases. 4. Fix "invalid seccomp action" error as it now also has SCMP_ACT_LOG. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
kolyshkin
added a commit
to kolyshkin/runtime-tools
that referenced
this pull request
Oct 20, 2021
New(er) xeipuuv/gojsonschema package is trying to fetch id fields, which in the spec were looking like this: "id": "https://opencontainers.org/schema/bundle/linux" Obviously, this results in HTTP 404s, and multiple test failures. This was fixed by opencontainers/runtime-spec#945 which ended up in runtime-spec v1.0.2. This essentially means with newer xeipuuv/gojsonschema we are no longer able to validate against runtime-spec < 1.0.2. To adopt for a new xeipuuv/gojsonschema, do the following: 1. Add the version check, add a test case for it. 2. Remove some test cases: - "process is required" as it needed v1.0.0-rc5 version of spec. - "args is required" as args are no longer required since commit opencontainers/runtime-spec@deb4d954eafc4fc. 3. Bump the spec version in all test cases. 4. Fix "invalid seccomp action" error as it now also has SCMP_ACT_LOG. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
We're using JSON Schema draft-04, as declared by our
$schemaproperties. In draft-04, theidkeyword alters the resolution scope. But our current$refvalues use JSON Pointers with relative references likedefs-linux.json#/definitions/Devicethat ignore theids.By draft-07,
idhas become$id, and the docs say:But since xeipuuv/gojsonschema@83a7f6369d5, including any URI that cannot be retrieved generates an error:
While a root
identry would be nice, we don't currently host these anywhere with a useful URI. We could use GitHub links like this, but then testing pull requests would be difficult.By draft-07, the purpose of internal
$identries is clearly explained:We don't need that, because we control all the references. In the infrequent event of a subschema move, we can update the consuming references in the same commit.
The draft-07
$refdocs also explain that$reftargets may be URNs:I haven't found analogous wording for
$id, but it's possible that gojsonschema is being overly agressive with its attempted retrievals.This commit removes all of our
identries. The resulting JSON Schema is valid (regardless of where you host it) and does not generate the 404s.If/when we merge/release this it should address opencontainers/runc#1680.