From 5abe84c8f19c4d981a1be71ef26754160d6130e9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Charles-Edouard=20Br=C3=A9t=C3=A9ch=C3=A9?=
 <charles.edouard@nirmata.com>
Date: Wed, 28 Aug 2024 00:34:58 +0200
Subject: [PATCH] feat: add server side validation support (#1894)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---
 pkg/client/simple/client.go                   |  7 +++++-
 testdata/e2e/examples/CATALOG.md              |  1 +
 .../e2e/examples/field-validation/README.md   | 22 +++++++++++++++++++
 .../field-validation/chainsaw-test.yaml       | 21 ++++++++++++++++++
 testdata/e2e/examples/quick-start/README.md   |  3 +--
 .../examples/quick-start/chainsaw-test.yaml   | 10 ---------
 6 files changed, 51 insertions(+), 13 deletions(-)
 create mode 100644 testdata/e2e/examples/field-validation/README.md
 create mode 100644 testdata/e2e/examples/field-validation/chainsaw-test.yaml

diff --git a/pkg/client/simple/client.go b/pkg/client/simple/client.go
index 8a39944d6..ad6bd8c25 100644
--- a/pkg/client/simple/client.go
+++ b/pkg/client/simple/client.go
@@ -2,11 +2,16 @@ package simple
 
 import (
 	"github.com/kyverno/chainsaw/pkg/client"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/client-go/rest"
 	ctrlclient "sigs.k8s.io/controller-runtime/pkg/client"
 )
 
 func New(cfg *rest.Config) (client.Client, error) {
 	var opts ctrlclient.Options
-	return ctrlclient.New(cfg, opts)
+	client, err := ctrlclient.New(cfg, opts)
+	if err != nil {
+		return nil, err
+	}
+	return ctrlclient.WithFieldValidation(client, metav1.FieldValidationStrict), nil
 }
diff --git a/testdata/e2e/examples/CATALOG.md b/testdata/e2e/examples/CATALOG.md
index 73f1bf860..4c995f1ae 100644
--- a/testdata/e2e/examples/CATALOG.md
+++ b/testdata/e2e/examples/CATALOG.md
@@ -12,6 +12,7 @@
 - [delete](delete/README.md)
 - [deployment](deployment/README.md)
 - [dynamic-clusters](dynamic-clusters/README.md)
+- [field-validation](field-validation/README.md)
 - [finally](finally/README.md)
 - [inline](inline/README.md)
 - [k8s-server-version](k8s-server-version/README.md)
diff --git a/testdata/e2e/examples/field-validation/README.md b/testdata/e2e/examples/field-validation/README.md
new file mode 100644
index 000000000..e544a03ac
--- /dev/null
+++ b/testdata/e2e/examples/field-validation/README.md
@@ -0,0 +1,22 @@
+# Test: `field-validation`
+
+*No description*
+
+## Steps
+
+| # | Name | Bindings | Try | Catch | Finally | Cleanup |
+|:-:|---|:-:|:-:|:-:|:-:|
+| 1 | [step-1](#step-step-1) | 0 | 1 | 0 | 0 | 0 |
+
+### Step: `step-1`
+
+*No description*
+
+#### Try
+
+| # | Operation | Bindings | Outputs | Description |
+|:-:|---|:-:|:-:|---|
+| 1 | `apply` | 0 | 0 | *No description* |
+
+---
+
diff --git a/testdata/e2e/examples/field-validation/chainsaw-test.yaml b/testdata/e2e/examples/field-validation/chainsaw-test.yaml
new file mode 100644
index 000000000..0dd8ec605
--- /dev/null
+++ b/testdata/e2e/examples/field-validation/chainsaw-test.yaml
@@ -0,0 +1,21 @@
+# yaml-language-server: $schema=../../../../.schemas/json/test-chainsaw-v1alpha1.json
+apiVersion: chainsaw.kyverno.io/v1alpha1
+kind: Test
+metadata:
+  name: field-validation
+spec:
+  steps:
+  - try:
+    - apply:
+        resource:
+          apiVersion: v1
+          kind: ConfigMap
+          metadata:
+            name: chainsaw-quick-start
+          data:
+            foo: bar
+          bar: baz
+        expect:
+          - check:
+              ($error): |-
+                ConfigMap in version "v1" cannot be handled as a ConfigMap: strict decoding error: unknown field "bar"
diff --git a/testdata/e2e/examples/quick-start/README.md b/testdata/e2e/examples/quick-start/README.md
index a49401048..388ff0b90 100644
--- a/testdata/e2e/examples/quick-start/README.md
+++ b/testdata/e2e/examples/quick-start/README.md
@@ -6,7 +6,7 @@
 
 | # | Name | Bindings | Try | Catch | Finally | Cleanup |
 |:-:|---|:-:|:-:|:-:|:-:|
-| 1 | [step-1](#step-step-1) | 0 | 3 | 0 | 0 | 0 |
+| 1 | [step-1](#step-step-1) | 0 | 2 | 0 | 0 | 0 |
 
 ### Step: `step-1`
 
@@ -18,7 +18,6 @@
 |:-:|---|:-:|:-:|---|
 | 1 | `apply` | 0 | 0 | *No description* |
 | 2 | `assert` | 0 | 0 | *No description* |
-| 3 | `error` | 0 | 0 | *No description* |
 
 ---
 
diff --git a/testdata/e2e/examples/quick-start/chainsaw-test.yaml b/testdata/e2e/examples/quick-start/chainsaw-test.yaml
index 6d82f7505..33df19c83 100644
--- a/testdata/e2e/examples/quick-start/chainsaw-test.yaml
+++ b/testdata/e2e/examples/quick-start/chainsaw-test.yaml
@@ -14,13 +14,3 @@ spec:
     - assert:
         # file is relative to the test folder
         file: configmap.yaml
-    # this make sure a non-existent field cannot be compared to an empty object
-    - error:
-        resource:
-          apiVersion: v1
-          kind: ConfigMap
-          metadata:
-            name: chainsaw-quick-start
-          status:
-            vulnerabilitySummary:
-              severityCount: {}