schema

package

v0.55.0 Latest Latest Go to latest Published: Mar 7, 2026 License: Apache-2.0 Imports: 9 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/radius-project/radius

Links

Documentation ¶

Index ¶

func ConvertToOpenAPISchema(schemaData any) (*openapi3.Schema, error)
func ExtractSensitiveFieldPaths(schema map[string]any, prefix string) []string
func GetSchema(ctx context.Context, ucpClient *v20231001preview.ClientFactory, ...) (map[string]any, error)
func GetSensitiveFieldPaths(ctx context.Context, ucpClient *v20231001preview.ClientFactory, ...) ([]string, error)
func RedactFields(data map[string]any, paths []string)
func ValidateResourceAgainstSchema(ctx context.Context, resourceData map[string]any, schemaData any) error
type ErrorType
type FieldPathSegment
- func ParseFieldPath(path string) []FieldPathSegment
type SegmentType
type ValidationError
- func (e *ValidationError) Error() string
type ValidationErrors
type Validator
- func NewValidator() *Validator
- func (v *Validator) ValidateSchema(ctx context.Context, schema *openapi3.Schema) error

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func ConvertToOpenAPISchema ¶

func ConvertToOpenAPISchema(schemaData any) (*openapi3.Schema, error)

ConvertToOpenAPISchema converts the schema any to OpenAPI schema

func ExtractSensitiveFieldPaths ¶ added in v0.55.0

func ExtractSensitiveFieldPaths(schema map[string]any, prefix string) []string

ExtractSensitiveFieldPaths recursively walks the schema and returns paths to fields marked with x-radius-sensitive. The prefix parameter builds up the path as we traverse nested objects. Supports object properties, array items, and additionalProperties (maps). If a field is marked sensitive, its nested properties are not checked since the entire field is considered sensitive.

func GetSchema ¶ added in v0.55.0

func GetSchema(ctx context.Context, ucpClient *v20231001preview.ClientFactory, resourceID string, resourceType string, apiVersion string) (map[string]any, error)

GetSchema fetches the OpenAPI schema for a resource type and api version. Returns nil if the schema is not found or the client is nil.

func GetSensitiveFieldPaths ¶ added in v0.55.0

func GetSensitiveFieldPaths(ctx context.Context, ucpClient *v20231001preview.ClientFactory, resourceID string, resourceType string, apiVersion string) ([]string, error)

GetSensitiveFieldPaths fetches the schema for a resource and returns paths to fields marked with x-radius-sensitive. Paths are in dot notation, e.g., "credentials.password" or "config.apiKey".

Parameters:

ctx: The request context
ucpClient: UCP client factory for fetching the schema
resourceID: The full resource ID (e.g., "/planes/radius/local/resourceGroups/test/providers/Foo.Bar/myResources/test")
resourceType: The resource type (e.g., "Foo.Bar/myResources")
apiVersion: The API version to fetch the schema for

Returns:

[]string: Paths to sensitive fields, or empty slice if none found
error: Any error encountered while fetching the schema

func RedactFields ¶ added in v0.55.0

func RedactFields(data map[string]any, paths []string)

RedactFields sets the values at the given field paths to nil in the data map. Paths support dot notation, wildcards [*], and array indices [N]. Missing fields and invalid paths are silently skipped.

func ValidateResourceAgainstSchema ¶ added in v0.50.0

func ValidateResourceAgainstSchema(ctx context.Context, resourceData map[string]any, schemaData any) error

ValidateResourceAgainstSchema validates resource data against an OpenAPI 3.0 schema. It converts the schema data to OpenAPI format, creates a minimal OpenAPI document for validation, and then validates the resource data against the schema using OpenAPI's built-in validation.

Types ¶

type ErrorType ¶

type ErrorType string

ErrorType represents the type of validation error

const (
	// ErrorTypeSchema indicates a schema structure validation error
	ErrorTypeSchema ErrorType = "SchemaError"

	// ErrorTypeConstraint indicates a Radius constraint violation
	ErrorTypeConstraint ErrorType = "ConstraintError"

	// ErrorTypeFormat indicates a format validation error
	ErrorTypeFormat ErrorType = "FormatError"
)

type FieldPathSegment ¶ added in v0.55.0

type FieldPathSegment struct {
	Type  SegmentType
	Value string // field name or index value (empty for wildcards)
}

FieldPathSegment represents a single segment in a field path. A field path can contain field names, wildcards, and array indices.

func ParseFieldPath ¶ added in v0.55.0

func ParseFieldPath(path string) []FieldPathSegment

ParseFieldPath parses a field path string into segments. Supports dot notation, wildcards [*], and array indices [N].

Examples:

"credentials.password" -> [field:credentials, field:password]
"secrets[*].value" -> [field:secrets, wildcard, field:value]
"config[*]" -> [field:config, wildcard]
"items[0].name" -> [field:items, index:0, field:name]

Returns nil if the path is invalid (e.g., unterminated bracket).

func (FieldPathSegment) IsField ¶ added in v0.55.0

func (s FieldPathSegment) IsField() bool

IsField returns true if the segment is a named field.

func (FieldPathSegment) IsIndex ¶ added in v0.55.0

func (s FieldPathSegment) IsIndex() bool

IsIndex returns true if the segment is an array index.

func (FieldPathSegment) IsWildcard ¶ added in v0.55.0

func (s FieldPathSegment) IsWildcard() bool

IsWildcard returns true if the segment is a wildcard.

type SegmentType ¶ added in v0.55.0

type SegmentType int

SegmentType represents the type of a field path segment.

const (
	// SegmentTypeField represents a named field (e.g., "password" in "credentials.password")
	SegmentTypeField SegmentType = iota
	// SegmentTypeWildcard represents a wildcard segment (e.g., [*] in "secrets[*].value")
	SegmentTypeWildcard
	// SegmentTypeIndex represents an array index (e.g., [0] in "items[0].name")
	SegmentTypeIndex
)

type ValidationError ¶

type ValidationError struct {
	Type    ErrorType
	Field   string
	Message string
}

ValidationError represents a schema validation error

func NewConstraintError ¶

func NewConstraintError(field, message string) *ValidationError

NewConstraintError creates a Radius constraint validation error

func NewFormatError ¶

func NewFormatError(field, format, message string) *ValidationError

NewFormatError creates a new format validation error

func NewSchemaError ¶

func NewSchemaError(field, message string) *ValidationError

NewSchemaError creates a schema validation error

func (*ValidationError) Error ¶

func (e *ValidationError) Error() string

Error implements the error interface

type ValidationErrors ¶

type ValidationErrors struct {
	Errors []*ValidationError
}

ValidationErrors represents a collection of validation errors

func (*ValidationErrors) Add ¶

func (ve *ValidationErrors) Add(err *ValidationError)

Add adds a validation error to the collection

func (*ValidationErrors) Error ¶

func (ve *ValidationErrors) Error() string

Error implements the error interface

func (*ValidationErrors) HasErrors ¶

func (ve *ValidationErrors) HasErrors() bool

HasErrors returns true if there are any validation errors

type Validator ¶

type Validator struct{}

Validator validates OpenAPI 3.0 schemas with Radius-specific constraints

func NewValidator ¶

func NewValidator() *Validator

NewValidator creates a new schema validator

func (*Validator) ValidateSchema ¶

func (v *Validator) ValidateSchema(ctx context.Context, schema *openapi3.Schema) error

ValidateSchema validates an OpenAPI 3.0 schema against Radius constraints

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL