Validation Reference

Validation Struct

The Validation struct is a data structure used for ingesting validation data. It contains the following fields:

• LulaVersion (string): Optional field to maintain backward compatibility.
• Metadata (*Metadata): Optional metadata containing the name and UUID of the validation.
• Provider (*Provider): Required field specifying the provider and its corresponding specification.
• Domain (*Domain): Required field specifying the domain and its corresponding specification.

Metadata Struct

The Metadata struct contains the following fields:

• Name (string): Optional short description to use in the output of validations.
• UUID (string): Optional UUID of the validation.

Domain Struct

The Domain struct contains the following fields:

• Type (string): Required field specifying the type of domain (enum: kubernetes, api).
• KubernetesSpec (*KubernetesSpec): Optional specification for a Kubernetes domain, required if type is kubernetes.
• ApiSpec (*ApiSpec): Optional specification for an API domain, required if type is api.

Provider Struct

The Provider struct contains the following fields:

• Type (string): Required field specifying the type of provider (enum: opa, kyverno).
• OpaSpec (*OpaSpec): Optional specification for an OPA provider.
• KyvernoSpec (*KyvernoSpec): Optional specification for a Kyverno provider.

Example YAML Document

The following is an example of a YAML document for a validation artifact:

lula-version: ">=v0.2.0"
metadata:
  name: Validate pods with label foo=bar
  uuid: 123e4567-e89b-12d3-a456-426655440000
domain:
  type: kubernetes
  kubernetes-spec:
    resources:
      - name: podsvt
        resource-rule:
          version: v1
          resource: pods
          namespaces: [validation-test]
provider:
  type: opa
  opa-spec:
    rego: |
      package validate

      import future.keywords.every

      validate {
        every pod in input.podsvt {
          podLabel := pod.metadata.labels.foo
          podLabel == "bar"
        }
      }

Linting

Linting is done by Lula when a Validation object is converted to a LulaValidation for evaluation.

The common.Validation.Lint method is a convenience method to lint a Validation object. It performs the following step:

1. Marshalling: The method marshals the Validation object into a YAML byte array using the common.Validation.MarshalYaml function.
2. Linting: The method runs linting against the marshalled Validation object. This is done using the schemas.Validate function, which ensures that the YAML data conforms to the expected schema.

The schemas.Validate function is responsible for validating the provided data against a specified JSON schema using github.com/santhosh-tekuri/jsonschema/v6. The process involves the following steps:

1. Coercion to JSON Map: The provided data, which can be either an interface or a byte array, is coerced into a JSON map using the model.CoerceToJsonMap function.
2. Schema Retrieval: The function retrieves the JSON schema specified by the schema parameter using the GetSchema function.
3. Schema Compilation: The retrieved schema is compiled into a format that can be used for validation using the jsonschema.CompileString function.
4. Validation: The coerced JSON map is validated against the compiled schema. If the validation fails, the function extracts the specific errors and returns them as a formatted string.

VS Code intellisense:

1. Ensure that the YAML (Red Hat) extension is installed.
2. Add the following to your settings.json:

"yaml.schemas": {
    "${PATH_TO_LULA}/lula/src/pkg/common/schemas/validation.json": "*validation*.yaml"
},

Note:

• ${PATH_TO_LULA} should be replaced with your path.
• *validation*.yaml may be changed to match your project’s validation file naming conventions.
• can also be limited to project or workspace settings if desired