Switch yaml libraries to use json annotations

Signed-off-by: Matt Moore <[email protected]>
octo-sts · May 21, 2024 · fc2f809 · fc2f809
1 parent 8f1603b
commit fc2f809
Show file tree

Hide file tree

Showing 4 changed files with 48 additions and 4 deletions.
diff --git a/go.mod b/go.mod
@@ -20,7 +20,6 @@ require (
 	golang.org/x/oauth2 v0.19.0
 	google.golang.org/api v0.174.0
 	google.golang.org/grpc v1.63.2
-	gopkg.in/yaml.v2 v2.4.0
 	k8s.io/apimachinery v0.29.1
 	sigs.k8s.io/yaml v1.4.0
 )

diff --git a/go.sum b/go.sum
@@ -310,8 +310,6 @@ gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntN
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
-gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=

diff --git a/pkg/webhook/webhook.go b/pkg/webhook/webhook.go
@@ -19,8 +19,8 @@ import (
 	"github.com/google/go-github/v58/github"
 	"github.com/hashicorp/go-multierror"
 	"github.com/octo-sts/app/pkg/octosts"
-	"gopkg.in/yaml.v2"
 	"k8s.io/apimachinery/pkg/util/sets"
+	"sigs.k8s.io/yaml"
 )
 
 const (

diff --git a/pkg/webhook/webhook_test.go b/pkg/webhook/webhook_test.go
@@ -0,0 +1,47 @@
+// Copyright 2024 Chainguard, Inc.
+// SPDX-License-Identifier: Apache-2.0
+
+package webhook
+
+import (
+	"testing"
+
+	"github.com/octo-sts/app/pkg/octosts"
+	"sigs.k8s.io/yaml"
+)
+
+func TestYAMLUnmarshalStrict(t *testing.T) {
+	const orgPolicy = `
+issuer: https://issuer.enforce.dev
+subject: 9e8b549b441afc4f082e9dccb5d1eeda843af975
+claim_pattern:
+  email: .*
+
+permissions:
+  metadata: read
+  administration: read
+
+repositories: [] # Act over all of the repos in the org.
+`
+	const repoPolicy = `
+issuer: https://issuer.enforce.dev
+subject: 9e8b549b441afc4f082e9dccb5d1eeda843af975
+claim_pattern:
+  email: .*
+
+permissions:
+  metadata: read
+  administration: read
+`
+	if err := yaml.UnmarshalStrict([]byte(orgPolicy), &octosts.OrgTrustPolicy{}); err != nil {
+		t.Error(err)
+	}
+
+	tp := &octosts.TrustPolicy{}
+	if err := yaml.UnmarshalStrict([]byte(orgPolicy), tp); err == nil {
+		t.Errorf("Wanted error, got: %v", tp)
+	}
+	if err := yaml.UnmarshalStrict([]byte(repoPolicy), &octosts.TrustPolicy{}); err != nil {
+		t.Error(err)
+	}
+}