base/v0_6_exp: Validate merged/replaced Ignition configs

[Adam0Brien]

Fix #275

This PR introduces validation for local/inline fields when using the merge/replace feature in butane.

For this PR ignitions Parse function needs to be used so the vendor folder is has been updated to accommodate this

[bgilbert]

The file extension doesn't matter. There's no requirement that Ignition configs have an .ign extension. And, in the case of the inline directive, there isn't any file extension; the file contents are included directly in the parent config.

As #275 says, what we should do instead is validate the contents of the specified config using Ignition config validation.

[Adam0Brien]

As #275 says, what we should do instead is validate the contents of the specified config using Ignition config validation.

by ignition config validation do you mean https://github.com/coreos/butane/blob/main/vendor/github.com/coreos/ignition/v2/config/v3_5_experimental/types/resource.go#L34 ?

[bgilbert]

That's a validator that's invoked by the validation process. We need to run the validation process.

But thinking about it some more, we need to do more than just validation. The embedded Ignition config is in the form of text, not Go structs, so we also need to parse it. Ignition's config parsing function in config handles both parsing and validation, so we can just call that, and merge its report into ours.

A few notes:

• The parse function sometimes returns an error alongside an empty report. We should probably AddOnError the returned error to our validation report in addition to merging Ignition's report.

• Merging Ignition's report is a bit tricky. We'd need to replace all the path fields with the path to the Butane field holding the config, which will be something like $.ignition.config.merge.0.inline. That loses information but I'm not sure there's a good way around it. We could try replacing the Ignition error in the log entry with a new one that includes the original path and the original message.

• The user is allowed to use older versions of Butane that don't understand the current Ignition spec, and is allowed to embed Ignition configs with versions newer than Butane understands. We should have special handling for that case: Validate merged/replaced Ignition configs if they're local/inline #275 (comment)

• This validation isn't FCOS-specific; it applies to all variants. So, it should be in base. And since we're only going to be producing errors for configs that were already invalid (but would be rejected when the machine boots rather than when Butane runs) we should backport it to stable base specs.

[prestist]

Hey, thank you for working on this I just took a first pass at this.

I found some surface level questions for you.

I am planning on taking another deeper pass so see why your CI is failing.

[prestist]

So is ErrTooManyResourceSources the only error that is relevant to ParseCompatibleVersion? I ask because if not, we losing valuable debug info for the user.

Additionally, in the comment #275 (comment)
there was talk about catching ErrUnknownVersion and instead of returning the error just warning in this case to work around ratcheting when butane / Ignition are undergoing stabilization.

[travier]

Let's split the vendor update into its own commit to make reviewing the change easier.

[Adam0Brien]

Let's split the vendor update into its own commit to make reviewing the change easier.

That's no problem!, but wont that break CI since validate.go wont be able to compile the parse function?

[prestist]

Its getting really close, keep it up!

[prestist]

So I think we want to be returning any errors other than the special case. The special case in this instance is ErrUnknownVersion => #275 (comment)

[prestist]

Nit: wdyt about ConvertToButaneReport

[prestist]

I think in a perfect world we might make this a helper function ..

i.e func(report.report) toButane() report.Report {}

However def not scope for this PR as I am not sure where I would want to put that type of a utility.

[prestist]

Im not sure this is everything we need.
Looping through the entries and expanding them into a new report object with those entries is good.
The issue comes with the the entry.Context path the paths are different between the ignition package and the butane package. this is mostly because we are converting from json to yaml butane is human readable so their names change.

internal to butane it looks like we already have a similar issue, we have to translate to json from yaml the direction is the inverse of what we need now though.

It has a good test to explain this here => https://github.com/coreos/butane/blob/0244d31c627890b9af64b82e2a2224ac39bbb4d4/base/v0_6_exp/translate_test.go#L573C12-L573C12