feat(decl/loader): add validator leveraging JSON schema

Signed-off-by: Leonardo Di Giovanna <[email protected]>
Co-authored-by: Aldo Lacuku <[email protected]>

go.mod

@@ -18,6 +18,7 @@ require (
 	github.com/iancoleman/strcase v0.3.0
 	github.com/mitchellh/go-homedir v1.1.0
 	github.com/prometheus/procfs v0.15.1
+	github.com/santhosh-tekuri/jsonschema/v6 v6.0.1
 	github.com/sirupsen/logrus v1.9.3
 	github.com/spf13/cobra v1.8.1
 	github.com/spf13/pflag v1.0.5

go.sum

@@ -68,6 +68,8 @@ github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZm
 github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no=
 github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk=
 github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E=
+github.com/dlclark/regexp2 v1.11.0 h1:G/nrcoOa7ZXlpoa/91N3X7mM3r8eIlMBBJZvsz/mxKI=
+github.com/dlclark/regexp2 v1.11.0/go.mod h1:DHkYz0B9wPfa6wondMfaivmHpzrQ3v9q8cnmRbL6yW8=
 github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c h1:+pKlWGMw7gf6bQ+oDZB4KHQFypsfjYlq/C4rfL7D3g8=
 github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c/go.mod h1:Uw6UezgYA44ePAFQYUehOuCzmy5zmg/+nl2ZfMWGkpA=
 github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY=
@@ -312,6 +314,8 @@ github.com/sagikazarmark/locafero v0.6.0 h1:ON7AQg37yzcRPU69mt7gwhFEBwxI6P9T4Qu3
 github.com/sagikazarmark/locafero v0.6.0/go.mod h1:77OmuIc6VTraTXKXIs/uvUxKGUXjE1GbemJYHqdNjX0=
 github.com/sagikazarmark/slog-shim v0.1.0 h1:diDBnUNK9N/354PgrxMywXnAwEr1QZcOr6gto+ugjYE=
 github.com/sagikazarmark/slog-shim v0.1.0/go.mod h1:SrcSrq8aKtyuqEI1uvTDTK1arOWRIczQRv+GVI1AkeQ=
+github.com/santhosh-tekuri/jsonschema/v6 v6.0.1 h1:PKK9DyHxif4LZo+uQSgXNqs0jj5+xZwwfKHgph2lxBw=
+github.com/santhosh-tekuri/jsonschema/v6 v6.0.1/go.mod h1:JXeL+ps8p7/KNMjDQk3TCwPpBy0wYklyWTfbkIzdIFU=
 github.com/sergi/go-diff v1.2.0 h1:XU+rvMAioB0UC3q1MFrIQy4Vo5/4VsRDQQXHsEya6xQ=
 github.com/sergi/go-diff v1.2.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM=
 github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=

pkg/test/loader/schema/doc.go

@@ -0,0 +1,17 @@
+// SPDX-License-Identifier: Apache-2.0
+// Copyright (C) 2024 The Falco Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Package schema provides validation for the loaded tests description leveraging JSON schemas.
+package schema

pkg/test/loader/schema/jsonschemas/binding.schema.json

@@ -0,0 +1,11 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "binding.schema.json",
+  "title": "Field binding",
+  "description": "A field binding allows to bind a value in a test step's field with the value in a preceding test resource/step's field. The syntax requires to specify the name of the source resource/step followed by a '.' and the relative path to the source resource/step's field",
+  "examples": [
+    "${resourceA.fieldX}",
+    "${stepA.fieldY.subFieldZ}"
+  ],
+  "pattern": "\\${.+}"
+}

pkg/test/loader/schema/jsonschemas/context.schema.json

@@ -0,0 +1,94 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "context.schema.json",
+  "title": "Test context",
+  "description": "The test context allowing to specify process chain details. It can be used to run the test under a specific (even containerized) process chain",
+  "type": "object",
+  "properties": {
+    "container": {
+      "description": "The container context containing information regarding the container that will run a test",
+      "type": "object",
+      "properties": {
+        "image": {
+          "description": "The name the base event-generator image must be tagged with before being used to spawn the container",
+          "type": "string",
+          "default": "docker.io/falcosecurity/event-generator:latest",
+          "minLength": 1
+        },
+        "name": {
+          "description": "The name that must be used to identify the running container",
+          "type": "string",
+          "default": "event-generator",
+          "minLength": 1
+        },
+        "env": {
+          "description": "The set of environment variables that must be provided to the container (in addition to the default ones)",
+          "type": "object",
+          "minProperties": 1,
+          "additionalProperties": {
+            "description": "An environment variable in the form KEY=VALUE",
+            "type": "string",
+            "minLength": 1
+          }
+        }
+      }
+    },
+    "processes": {
+      "description": "The list of process contexts",
+      "type": "array",
+      "minItems": 1,
+      "items": {
+        "description": "The process context containing information regarding the process that will run a test, or information about one of its ancestors",
+        "type": "object",
+        "properties": {
+          "exePath": {
+            "description": "The executable path",
+            "type": "string",
+            "default": "/tmp/event-generator<X>, where X is a randomly generated sequence",
+            "minLength": 1
+          },
+          "args": {
+            "description": "A string containing the space-separated list of command line arguments. If a single argument contains spaces, the entire argument must be quoted in order to not be considered as multiple arguments",
+            "type": "string",
+            "default": "",
+            "minLength": 1
+          },
+          "exe": {
+            "description": "The argument in position 0 (a.k.a. argv[0]) of the process",
+            "type": "string",
+            "default": "The name if this is specified; otherwise, filepath.Base(exePath)",
+            "minLength": 1
+          },
+          "name": {
+            "description": "The process name",
+            "type": "string",
+            "default": "filepath.Base(exePath)",
+            "minLength": 1
+          },
+          "env": {
+            "description": "The set of environment variables that must be provided to the process (in addition to the default ones)",
+            "type": "object",
+            "minProperties": 1,
+            "additionalProperties": {
+              "description": "An environment variable in the form KEY=VALUE",
+              "type": "string",
+              "minLength": 1
+            }
+          },
+          "user": {
+            "description": "The name of the user that must run the process. If the user does not exist, it is created before running the test and deleted after test execution",
+            "type": "string",
+            "default": "The current process user",
+            "minLength": 1
+          },
+          "capabilities": {
+            "description": "The capabilities of the process. The syntax follows the conventions specified by cap_from_text(3)",
+            "type": "string",
+            "default": "all=iep",
+            "minLength": 1
+          }
+        }
+      }
+    }
+  }
+}

pkg/test/loader/schema/jsonschemas/description.schema.json

@@ -0,0 +1,17 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "description.schema.json",
+  "title": "Tests description",
+  "description": "The tests description",
+  "type": "object",
+  "properties": {
+    "tests": {
+      "description": "The list of tests to run",
+      "type": "array",
+      "minItems": 1,
+      "items": {
+        "$ref": "test.schema.json"
+      }
+    }
+  }
+}

pkg/test/loader/schema/jsonschemas/expectedOutcome.schema.json

@@ -0,0 +1,37 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "expectedOutcome.schema.json",
+  "title": "Test expected outcome",
+  "description": "The outcome expected from Falco as a result of the test execution",
+  "type": "object",
+  "source": {
+    "description": "The Falco event source",
+    "type": "string",
+    "minLength": 1,
+    "examples": [
+      "syscall"
+    ]
+  },
+  "hostname": {
+    "description": "The Falco event hostname",
+    "type": "string",
+    "minLength": 1
+  },
+  "priority": {
+    "description": "The Falco event priority",
+    "type": "string",
+    "minLength": 1,
+    "examples": [
+      "WARNING"
+    ]
+  },
+  "outputFields": {
+    "description": "The output fields attached to the Falco event",
+    "type": "object",
+    "minProperties": 1,
+    "additionalProperties": {
+      "type": "string",
+      "minLength": 1
+    }
+  }
+}

pkg/test/loader/schema/jsonschemas/resource.schema.json

@@ -0,0 +1,71 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "resource.schema.json",
+  "title": "Test resource",
+  "description": "A test resource creates one or more system resource and exposes some of their information as bindable fields",
+  "type": "object",
+  "properties": {
+    "type": {
+      "description": "The test resource type",
+      "type": "string",
+      "enum": [
+        "clientServer",
+        "fd",
+        "process"
+      ],
+      "examples": [
+        "clientServer"
+      ]
+    },
+    "name": {
+      "description": "The test resource name",
+      "type": "string",
+      "minLength": 1,
+      "examples": [
+        "clientServer1"
+      ]
+    }
+  },
+  "required": [
+    "type",
+    "name"
+  ],
+  "allOf": [
+    {
+      "if": {
+        "properties": {
+          "type": {
+            "const": "clientServer"
+          }
+        }
+      },
+      "then": {
+        "$ref": "resources.clientServer.schema.json"
+      }
+    },
+    {
+      "if": {
+        "properties": {
+          "type": {
+            "const": "fd"
+          }
+        }
+      },
+      "then": {
+        "$ref": "resources.fd.schema.json"
+      }
+    },
+    {
+      "if": {
+        "properties": {
+          "type": {
+            "const": "process"
+          }
+        }
+      },
+      "then": {
+        "$ref": "resources.process.schema.json"
+      }
+    }
+  ]
+}

pkg/test/loader/schema/jsonschemas/resources/clientServer.schema.json

@@ -0,0 +1,49 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "resources.clientServer.schema.json",
+  "title": "The clientServer test resource",
+  "description": "A clientServer test resource sets up a client and a server, and enables their communication by tuning the underlying network infrastructure. The user can specify udp4, udp6, tcp4, tcp6 or unix as transport protocol. For connection-oriented transport protocols, the client is automatically connected to the server. The resource enables field binding to both client and server information",
+  "properties": {
+    "l4Proto": {
+      "description": "The transport protocol used by the client and the server",
+      "type": "string",
+      "enum": [
+        "udp4",
+        "udp6",
+        "tcp4",
+        "tcp6",
+        "unix"
+      ]
+    },
+    "address": {
+      "description": "The endpoint exposed by the server (as accepted by net.SplitHostPort or empty, in case of l4Proto equals to 'unix'",
+      "type": "string"
+    }
+  },
+  "required": [
+    "l4Proto",
+    "address"
+  ],
+  "x-exposedFields": {
+    "fields": {
+      "client": {
+        "description": "The exposed client information",
+        "fields": {
+          "fd": {
+            "description": "The client file descriptor",
+            "fieldType": "fd"
+          }
+        }
+      },
+      "server": {
+        "description": "The exposed server information",
+        "fields": {
+          "fd": {
+            "description": "The server file descriptor",
+            "fieldType": "fd"
+          }
+        }
+      }
+    }
+  }
+}