CHAOSPLT-68: Replace ddmark with go-validator (#944)

Author: ptnapoleon

CONTRIBUTING.md

@@ -219,6 +219,15 @@ export DATADOG_API_KEY=$(security find-generic-password -a ${USER} -s datadog_ap
 
 - Go to Datadog you [test-services](https://app.datadoghq.com/ci/test-services?env=local&view=branches&paused=false)
 
+## Adding new spec validation
+
+We use [go-validator](https://github.com/go-playground/validator) to supplement the kubebuilder validation annotations on our resource Specs.
+Structs are tagged with `"chaos_validate:..."` to specify constraints on valid fields, such as `lte`, `gte`, `required`, etc.
+Error messages are customized in the translation functions in [validations.go](./api/v1beta1/validations.go). Most are self-explanatory
+but the go-validator docs will have more information. We want to especially call out the "dive" tag here. This is used on slice or map
+fields to tell go-validator that validation needs to be run on every element in the slice or map. Other nested structs will be validated
+by default. When using the "dive" tag, on a field, it _must_ be the final tag, or the others will be skipped.
+
 ## 3rd-party licenses
 
 3rd-party references and licenses are kept in the [LICENSE-3rdparty.csv](LICENSE-3rdparty.csv) file. This file has been generated by the [tasks/thirdparty.py](tasks/thirdparty.py) script. If any vendor is updated, added or removed, this file must be updated as well.

LICENSE-3rdparty.csv

@@ -213,6 +213,10 @@ github.com/evanphx/json-patch/v5,github.com/evanphx/json-patch/v5,BSD-3-Clause
 github.com/evanphx/json-patch/v5,github.com/evanphx/json-patch/v5/internal/json,BSD-3-Clause
 github.com/felixge/httpsnoop,github.com/felixge/httpsnoop,MIT
 github.com/fsnotify/fsnotify,github.com/fsnotify/fsnotify,BSD-3-Clause
+github.com/gabriel-vasile/mimetype,github.com/gabriel-vasile/mimetype,MIT
+github.com/gabriel-vasile/mimetype,github.com/gabriel-vasile/mimetype/internal/charset,MIT
+github.com/gabriel-vasile/mimetype,github.com/gabriel-vasile/mimetype/internal/json,MIT
+github.com/gabriel-vasile/mimetype,github.com/gabriel-vasile/mimetype/internal/magic,MIT
 github.com/go-logr/logr,github.com/go-logr/logr,Apache-2.0
 github.com/go-logr/logr,github.com/go-logr/logr/funcr,Apache-2.0
 github.com/go-logr/logr,github.com/go-logr/logr/slogr,Apache-2.0
@@ -224,6 +228,11 @@ github.com/go-openapi/jsonpointer,github.com/go-openapi/jsonpointer,Apache-2.0
 github.com/go-openapi/jsonreference,github.com/go-openapi/jsonreference,Apache-2.0
 github.com/go-openapi/jsonreference,github.com/go-openapi/jsonreference/internal,Apache-2.0
 github.com/go-openapi/swag,github.com/go-openapi/swag,Apache-2.0
+github.com/go-playground/locales,github.com/go-playground/locales,MIT
+github.com/go-playground/locales,github.com/go-playground/locales/currency,MIT
+github.com/go-playground/locales,github.com/go-playground/locales/en,MIT
+github.com/go-playground/universal-translator,github.com/go-playground/universal-translator,MIT
+github.com/go-playground/validator/v10,github.com/go-playground/validator/v10,MIT
 github.com/go-task/slim-sprig,github.com/go-task/slim-sprig,MIT
 github.com/godbus/dbus/v5,github.com/godbus/dbus/v5,BSD-2-Clause
 github.com/gogo/googleapis,github.com/gogo/googleapis/google/rpc,Apache-2.0
@@ -281,6 +290,8 @@ github.com/klauspost/compress,github.com/klauspost/compress/internal/cpuinfo,Apa
 github.com/klauspost/compress,github.com/klauspost/compress/internal/snapref,Apache-2.0
 github.com/klauspost/compress,github.com/klauspost/compress/zstd,Apache-2.0
 github.com/klauspost/compress,github.com/klauspost/compress/zstd/internal/xxhash,Apache-2.0
+github.com/leodido/go-urn,github.com/leodido/go-urn,MIT
+github.com/leodido/go-urn,github.com/leodido/go-urn/scim/schema,MIT
 github.com/liggitt/tabwriter,github.com/liggitt/tabwriter,BSD-3-Clause
 github.com/lufia/plan9stats,github.com/lufia/plan9stats,BSD-3-Clause
 github.com/magiconair/properties,github.com/magiconair/properties,BSD-2-Clause
@@ -486,6 +497,7 @@ go.uber.org/zap,go.uber.org/zap/internal/ztest,MIT
 go.uber.org/zap,go.uber.org/zap/zapcore,MIT
 go.uber.org/zap,go.uber.org/zap/zaptest,MIT
 go.uber.org/zap,go.uber.org/zap/zaptest/observer,MIT
+golang.org/x/crypto,golang.org/x/crypto/sha3,BSD-3-Clause
 golang.org/x/exp,golang.org/x/exp/maps,BSD-3-Clause
 golang.org/x/mod,golang.org/x/mod/semver,BSD-3-Clause
 golang.org/x/net,golang.org/x/net/bpf,BSD-3-Clause
@@ -510,6 +522,7 @@ golang.org/x/oauth2,golang.org/x/oauth2,BSD-3-Clause
 golang.org/x/oauth2,golang.org/x/oauth2/internal,BSD-3-Clause
 golang.org/x/sync,golang.org/x/sync/errgroup,BSD-3-Clause
 golang.org/x/sync,golang.org/x/sync/semaphore,BSD-3-Clause
+golang.org/x/sys,golang.org/x/sys/cpu,BSD-3-Clause
 golang.org/x/sys,golang.org/x/sys/execabs,BSD-3-Clause
 golang.org/x/sys,golang.org/x/sys/plan9,BSD-3-Clause
 golang.org/x/sys,golang.org/x/sys/unix,BSD-3-Clause

api/v1beta1/disk_failure.go

@@ -17,13 +17,13 @@ import (
 type OpenatSyscallSpec struct {
 	// Refer to this documentation: https://linux.die.net/man/2/open
 	// +kubebuilder:validation:Enum=EACCES;EDQUOT;EEXIST;EFAULT;EFBIG;EINTR;EISDIR;ELOOP;EMFILE;ENAMETOOLONG;ENFILE;ENODEV;ENOENT;ENOMEM;ENOSPC;ENOTDIR;ENXIO;EOVERFLOW;EPERM;EROFS;ETXTBSY;EWOULDBLOCK
-	ExitCode string `json:"exitCode"`
+	ExitCode string `json:"exitCode" chaos_validate:"oneofci=EACCES EDQUOT EEXIST EFAULT EFBIG EINTR EISDIR ELOOP EMFILE ENAMETOOLONG ENFILE ENODEV ENOENT ENOMEM ENOSPC ENOTDIR ENXIO EOVERFLOW EPERM EROFS ETXTBSY EWOULDBLOCK"`
 }
 
 // DiskFailureSpec represents a disk failure disruption
 type DiskFailureSpec struct {
 	// +kubebuilder:validation:Required
-	Paths []string `json:"paths"`
+	Paths []string `json:"paths" chaos_validate:"required"`
 	// +nullable
 	OpenatSyscall *OpenatSyscallSpec `json:"openat,omitempty"`
 	Probability   string             `json:"probability,omitempty"`

api/v1beta1/disk_pressure.go

@@ -13,7 +13,7 @@ import (
 type DiskPressureSpec struct {
 	Path string `json:"path"`
 	// +kubebuilder:validation:Required
-	Throttling DiskPressureThrottlingSpec `json:"throttling"`
+	Throttling DiskPressureThrottlingSpec `json:"throttling" chaos_validate:"required"`
 }
 
 // DiskPressureThrottlingSpec represents a throttle on read and write disk operations

api/v1beta1/disruption_types.go

@@ -37,7 +37,7 @@ import (
 // DisruptionSpec defines the desired state of Disruption
 type DisruptionSpec struct {
 	// +kubebuilder:validation:Required
-	Count *intstr.IntOrString `json:"count"` // number of pods to target in either integer form or percent form appended with a %
+	Count *intstr.IntOrString `json:"count" chaos_validate:"required"` // number of pods to target in either integer form or percent form appended with a %
 	// AllowDisruptedTargets allow pods with one or several other active disruptions, with disruption kinds that does not intersect
 	// with this disruption kinds, to be returned as part of eligible targets for this disruption
 	// - e.g. apply a CPU pressure and later, apply a container failure for a short duration
@@ -61,7 +61,7 @@ type DisruptionSpec struct {
 	// Level defines what the disruption will target, either a pod or a node
 	// +kubebuilder:default=pod
 	// +kubebuilder:validation:Enum=pod;node
-	Level      chaostypes.DisruptionLevel `json:"level,omitempty"`
+	Level      chaostypes.DisruptionLevel `json:"level,omitempty" chaos_validate:"omitempty,oneofci=pod node"`
 	Containers []string                   `json:"containers,omitempty"`
 	// +nullable
 	Network *NetworkDisruptionSpec `json:"network,omitempty"`
@@ -125,7 +125,7 @@ type Reporting struct {
 	// +kubebuilder:validation:MaxLength=80
 	// +kubebuilder:validation:Pattern=(^[a-z0-9-_]+$)|(^C[A-Z0-9]+$)
 	// +kubebuilder:validation:Required
-	SlackChannel string `json:"slackChannel,omitempty"`
+	SlackChannel string `json:"slackChannel,omitempty" chaos_validate:"required"`
 	// Purpose determines contextual informations about the disruption
 	// a brief context to determines disruption goal
 	// +kubebuilder:validation:MinLength=10
@@ -586,6 +586,10 @@ func (s DisruptionSpec) ValidateSelectorsOptional(requireSelectors bool) (retErr
 		}
 	}
 
+	if err := validateStructTags(s); err != nil {
+		retErr = multierror.Append(retErr, err)
+	}
+
 	return multierror.Prefix(retErr, "Spec:")
 }
 
@@ -747,7 +751,7 @@ func (s DisruptionSpec) validateGlobalDisruptionScope(requireSelectors bool) (re
 		}
 	}
 
-	if s.GRPC != nil && s.Level != chaostypes.DisruptionLevelPod {
+	if s.GRPC != nil && s.Level == chaostypes.DisruptionLevelNode {
 		retErr = multierror.Append(retErr, errors.New("GRPC disruptions can only be applied at the pod level"))
 	}
 

api/v1beta1/grpc_disruption.go

@@ -45,20 +45,22 @@ var ErrorMap = map[string]codes.Code{
 type GRPCDisruptionSpec struct {
 	// +kubebuilder:validation:Minimum=1
 	// +kubebuilder:validation:Maximum=65535
-	Port      int                  `json:"port"`
-	Endpoints []EndpointAlteration `json:"endpoints"`
+	Port int `json:"port" chaos_validate:"gte=1,lte=65535"`
+	// +kubebuilder:validation:Required
+	Endpoints []EndpointAlteration `json:"endpoints" chaos_validate:"required,dive"`
 }
 
 // EndpointAlteration represents an endpoint to disrupt and the corresponding error to return
 type EndpointAlteration struct {
-	TargetEndpoint string `json:"endpoint"`
+	// +kubebuilder:validation:Required
+	TargetEndpoint string `json:"endpoint" chaos_validate:"required"`
 	// +kubebuilder:validation:Enum=OK;CANCELED;UNKNOWN;INVALID_ARGUMENT;DEADLINE_EXCEEDED;NOT_FOUND;ALREADY_EXISTS;PERMISSION_DENIED;RESOURCE_EXHAUSTED;FAILED_PRECONDITION;ABORTED;OUT_OF_RANGE;UNIMPLEMENTED;INTERNAL;UNAVAILABLE;DATA_LOSS;UNAUTHENTICATED
-	ErrorToReturn string `json:"error,omitempty"`
+	ErrorToReturn string `json:"error,omitempty" chaos_validate:"omitempty,oneofci=OK CANCELED UNKNOWN INVALID_ARGUMENT DEADLINE_EXCEEDED NOT_FOUND ALREADY_EXISTS PERMISSION_DENIED RESOURCE_EXHAUSTED FAILED_PRECONDITION ABORTED OUT_OF_RANGE UNIMPLEMENTED INTERNAL UNAVAILABLE DATA_LOSS UNAUTHENTICATED"`
 	// +kubebuilder:validation:Enum={}
 	OverrideToReturn string `json:"override,omitempty"`
 	// +kubebuilder:validation:Minimum=0
 	// +kubebuilder:validation:Maximum=100
-	QueryPercent int `json:"queryPercent,omitempty"`
+	QueryPercent int `json:"queryPercent,omitempty" chaos_validate:"omitempty,gte=0,lte=100"`
 }
 
 // Validate validates that all alterations have either an error or override to return and at least 1% chance of occurring,

api/v1beta1/network_disruption.go

@@ -58,31 +58,31 @@ type HTTPPath string
 // NetworkDisruptionSpec represents a network disruption injection
 type NetworkDisruptionSpec struct {
 	// +nullable
-	Hosts []NetworkDisruptionHostSpec `json:"hosts,omitempty"`
+	Hosts []NetworkDisruptionHostSpec `json:"hosts,omitempty" chaos_validate:"omitempty,dive"`
 	// +nullable
-	AllowedHosts               []NetworkDisruptionHostSpec `json:"allowedHosts,omitempty"`
+	AllowedHosts               []NetworkDisruptionHostSpec `json:"allowedHosts,omitempty" chaos_validate:"omitempty,dive"`
 	DisableDefaultAllowedHosts bool                        `json:"disableDefaultAllowedHosts,omitempty"`
 	// +nullable
-	Services []NetworkDisruptionServiceSpec `json:"services,omitempty"`
+	Services []NetworkDisruptionServiceSpec `json:"services,omitempty" chaos_validate:"omitempty,dive"`
 	// +nullable
 	Cloud *NetworkDisruptionCloudSpec `json:"cloud,omitempty"`
 	// +kubebuilder:validation:Minimum=0
 	// +kubebuilder:validation:Maximum=100
-	Drop int `json:"drop,omitempty"`
+	Drop int `json:"drop,omitempty" chaos_validate:"omitempty,gte=0,lte=100"`
 	// +kubebuilder:validation:Minimum=0
 	// +kubebuilder:validation:Maximum=100
-	Duplicate int `json:"duplicate,omitempty"`
+	Duplicate int `json:"duplicate,omitempty" chaos_validate:"omitempty,gte=0,lte=100"`
 	// +kubebuilder:validation:Minimum=0
 	// +kubebuilder:validation:Maximum=100
-	Corrupt int `json:"corrupt,omitempty"`
+	Corrupt int `json:"corrupt,omitempty" chaos_validate:"omitempty,gte=0,lte=100"`
 	// +kubebuilder:validation:Minimum=0
 	// +kubebuilder:validation:Maximum=60000
-	Delay uint `json:"delay,omitempty"`
+	Delay uint `json:"delay,omitempty" chaos_validate:"omitempty,gte=0,lte=60000"`
 	// +kubebuilder:validation:Minimum=0
 	// +kubebuilder:validation:Maximum=100
-	DelayJitter uint `json:"delayJitter,omitempty"`
+	DelayJitter uint `json:"delayJitter,omitempty" chaos_validate:"omitempty,gte=0,lte=100"`
 	// +kubebuilder:validation:Minimum=0
-	BandwidthLimit int `json:"bandwidthLimit,omitempty"`
+	BandwidthLimit int `json:"bandwidthLimit,omitempty" chaos_validate:"omitempty,gte=0"`
 	// +nullable
 	HTTP *NetworkHTTPFilters `json:"http,omitempty"`
 }
@@ -97,44 +97,44 @@ type NetworkDisruptionHostSpec struct {
 	Host string `json:"host,omitempty"`
 	// +kubebuilder:validation:Minimum=0
 	// +kubebuilder:validation:Maximum=65535
-	Port int `json:"port,omitempty"`
+	Port int `json:"port,omitempty" chaos_validate:"omitempty,gte=0,lte=65535"`
 	// +kubebuilder:validation:Enum=tcp;udp;""
-	Protocol string `json:"protocol,omitempty"`
+	Protocol string `json:"protocol,omitempty" chaos_validate:"omitempty,oneofci=udp tcp"`
 	// +kubebuilder:validation:Enum=ingress;egress;""
-	Flow string `json:"flow,omitempty"`
+	Flow string `json:"flow,omitempty" chaos_validate:"omitempty,oneofci=ingress egress"`
 	// +kubebuilder:validation:Enum=new;est;""
-	ConnState string `json:"connState,omitempty"`
+	ConnState string `json:"connState,omitempty" chaos_validate:"omitempty,oneofci=new est"`
 }
 
 type NetworkDisruptionServiceSpec struct {
 	Name      string `json:"name"`
 	Namespace string `json:"namespace"`
 	// +optional
-	Ports []NetworkDisruptionServicePortSpec `json:"ports,omitempty"`
+	Ports []NetworkDisruptionServicePortSpec `json:"ports,omitempty" chaos_validate:"omitempty,dive"`
 }
 
 type NetworkDisruptionServicePortSpec struct {
 	Name string `json:"name,omitempty"`
 	// +kubebuilder:validation:Minimum=0
 	// +kubebuilder:validation:Maximum=65535
-	Port int `json:"port,omitempty"`
+	Port int `json:"port,omitempty" chaos_validate:"omitempty,gte=0,lte=65535"`
 }
 
 type NetworkDisruptionCloudSpec struct {
-	AWSServiceList     *[]NetworkDisruptionCloudServiceSpec `json:"aws,omitempty"`
-	GCPServiceList     *[]NetworkDisruptionCloudServiceSpec `json:"gcp,omitempty"`
-	DatadogServiceList *[]NetworkDisruptionCloudServiceSpec `json:"datadog,omitempty"`
+	AWSServiceList     *[]NetworkDisruptionCloudServiceSpec `json:"aws,omitempty" chaos_validate:"omitempty,dive"`
+	GCPServiceList     *[]NetworkDisruptionCloudServiceSpec `json:"gcp,omitempty" chaos_validate:"omitempty,dive"`
+	DatadogServiceList *[]NetworkDisruptionCloudServiceSpec `json:"datadog,omitempty" chaos_validate:"omitempty,dive"`
 }
 
 type NetworkDisruptionCloudServiceSpec struct {
 	// +kubebuilder:validation:Required
-	ServiceName string `json:"service"`
+	ServiceName string `json:"service" chaos_validate:"required"`
 	// +kubebuilder:validation:Enum=tcp;udp;""
-	Protocol string `json:"protocol,omitempty"`
+	Protocol string `json:"protocol,omitempty" chaos_validate:"omitempty,oneofci=tcp udp"`
 	// +kubebuilder:validation:Enum=ingress;egress;""
-	Flow string `json:"flow,omitempty"`
+	Flow string `json:"flow,omitempty" chaos_validate:"omitempty,oneofci=ingress egress"`
 	// +kubebuilder:validation:Enum=new;est;""
-	ConnState string `json:"connState,omitempty"`
+	ConnState string `json:"connState,omitempty" chaos_validate:"omitempty,oneofci=new est"`
 }
 
 func (p HTTPPath) validate() error {