policy: Document the supported subset of the JSON Schema standard that we use for policies |
|||||
Issue descriptiontldr; Our policy code supports the intersection of two subsets of the JSON Schema standard. We should document this intersection to point to people adding new policies. There are two pieces of code used when validating policy schemas: //components/json_schema/json_schema_validator.h //components/policy/core/common/schema.h JSONSchemaValidator parses and validates the JSON Schemas in policy_templates.json. This catches things like incorrect values for schemas e.g. "properties" is an array instead of an object. Schema.h validates JSON objects against JSON Schemas. Note that even if JSONSchemaValidator supports certain keywords e.g. "optional", it doesn't mean that Schema.h will enforce that keyword. For example, JSONSchemaValidator could support the "required" keyword, but Schema.h might ignore it. So in essence we support two subsets of the JSON Schema standard and our policy code supports the intersection of these subsets. This is confusing for people adding new policies, so we should document this in a single place.
,
Jun 27 2018
Does this require triage or is it clear that this will be done / who will do it?
,
Jun 27 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/a74cecf3f3b896364f9ed4f114aad7b963db6291 commit a74cecf3f3b896364f9ed4f114aad7b963db6291 Author: Giovanni Ortuño Urquidi <ortuno@chromium.org> Date: Wed Jun 27 23:48:59 2018 policy: Add docs about schemas in policies Adds docs that point to the code that validates the schemas in policy_templates.json and that valides JSON Objects against the schemas in policy_templates.json Bug: 856901 Change-Id: I534c0bf58f4ff581ada4f704fc7ae0b6223f3337 Reviewed-on: https://chromium-review.googlesource.com/1116407 Reviewed-by: Lutz Justen <ljusten@chromium.org> Commit-Queue: Giovanni Ortuño Urquidi <ortuno@chromium.org> Cr-Commit-Position: refs/heads/master@{#570934} [modify] https://crrev.com/a74cecf3f3b896364f9ed4f114aad7b963db6291/components/policy/core/common/schema.h [modify] https://crrev.com/a74cecf3f3b896364f9ed4f114aad7b963db6291/components/policy/resources/policy_templates.json
,
Jul 4
Is it done?
,
Jul 4
No, there's still a TODO in schema.h about checking what features are supported by it.
,
Aug 13
,
Aug 21
,
Aug 22
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/bf75bad5d18f8190981830d28e8eec257d300e43 commit bf75bad5d18f8190981830d28e8eec257d300e43 Author: Alexander Hendrich <hendrich@chromium.org> Date: Wed Aug 22 14:02:20 2018 Add python schema validator This CL adds a python schema validator that can validate JSON schemas. The schema validator is used in a presubmit to validate all the schemas in policy_templates.json. The schema validator itself supports the minimal set of features needed for our current policies. Bug: 873641 , 856903 , 856901 Change-Id: Ie577e825807e4438eca6921722b88af7c8d1781c Reviewed-on: https://chromium-review.googlesource.com/1172433 Commit-Queue: Alexander Hendrich <hendrich@chromium.org> Reviewed-by: Lutz Justen <ljusten@chromium.org> Cr-Commit-Position: refs/heads/master@{#585003} [add] https://crrev.com/bf75bad5d18f8190981830d28e8eec257d300e43/components/policy/tools/schema_validator.py [modify] https://crrev.com/bf75bad5d18f8190981830d28e8eec257d300e43/components/policy/tools/syntax_check_policy_template_json.py
,
Aug 22
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/b2610da4adc8d07617094bd77a78ac6d702ce24e commit b2610da4adc8d07617094bd77a78ac6d702ce24e Author: Alexander Hendrich <hendrich@chromium.org> Date: Wed Aug 22 17:45:30 2018 Add ValidateValue() to python schema validator This CL adds a method to validate a value against a given schema to the python schema validator. This method is also used in a new presubmit test to ensure all example values are valid in policy_templates.json. Bug: 873641 , 858980 , 856901 Change-Id: I2ad477785e8ee37a9e07ee7231c3d12d8501a43f Reviewed-on: https://chromium-review.googlesource.com/1174443 Commit-Queue: Alexander Hendrich <hendrich@chromium.org> Reviewed-by: Lutz Justen <ljusten@chromium.org> Cr-Commit-Position: refs/heads/master@{#585145} [modify] https://crrev.com/b2610da4adc8d07617094bd77a78ac6d702ce24e/components/policy/core/common/generate_policy_source_unittest.cc [modify] https://crrev.com/b2610da4adc8d07617094bd77a78ac6d702ce24e/components/policy/resources/policy_templates.json [modify] https://crrev.com/b2610da4adc8d07617094bd77a78ac6d702ce24e/components/policy/tools/schema_validator.py [modify] https://crrev.com/b2610da4adc8d07617094bd77a78ac6d702ce24e/components/policy/tools/syntax_check_policy_template_json.py
,
Aug 29
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/d538aa8b13fdccf6c8653538c13cae7899a8ec09 commit d538aa8b13fdccf6c8653538c13cae7899a8ec09 Author: Alexander Hendrich <hendrich@chromium.org> Date: Wed Aug 29 10:54:17 2018 Clean-up schema validator features for schema/value validation This Cl is part of a larger clean-up operation and removes unnecessary features and data types, which are not supported by both schema and value validation. This CL also adds documentation about the supported subset of JSON schema features. Bug: 873641 , 856901 Change-Id: I8d464ab7b6404bde5b0f1372cb04a92a0e07080f Reviewed-on: https://chromium-review.googlesource.com/1183186 Commit-Queue: Alexander Hendrich <hendrich@chromium.org> Reviewed-by: Lutz Justen <ljusten@chromium.org> Cr-Commit-Position: refs/heads/master@{#587068} [modify] https://crrev.com/d538aa8b13fdccf6c8653538c13cae7899a8ec09/components/policy/core/browser/android/policy_converter_unittest.cc [modify] https://crrev.com/d538aa8b13fdccf6c8653538c13cae7899a8ec09/components/policy/core/common/json_schema_constants.cc [modify] https://crrev.com/d538aa8b13fdccf6c8653538c13cae7899a8ec09/components/policy/core/common/json_schema_constants.h [modify] https://crrev.com/d538aa8b13fdccf6c8653538c13cae7899a8ec09/components/policy/core/common/policy_loader_win_unittest.cc [modify] https://crrev.com/d538aa8b13fdccf6c8653538c13cae7899a8ec09/components/policy/core/common/schema.cc [modify] https://crrev.com/d538aa8b13fdccf6c8653538c13cae7899a8ec09/components/policy/core/common/schema.h [modify] https://crrev.com/d538aa8b13fdccf6c8653538c13cae7899a8ec09/components/policy/core/common/schema_map_unittest.cc [modify] https://crrev.com/d538aa8b13fdccf6c8653538c13cae7899a8ec09/components/policy/core/common/schema_registry_unittest.cc [modify] https://crrev.com/d538aa8b13fdccf6c8653538c13cae7899a8ec09/components/policy/core/common/schema_unittest.cc
,
Aug 29
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/7ee2ff272246fe376ea1077ad5aea425bfab824f commit 7ee2ff272246fe376ea1077ad5aea425bfab824f Author: Alexander Hendrich <hendrich@chromium.org> Date: Wed Aug 29 11:40:30 2018 Add 'sensitiveValue' to the known schema attributes This CL adds the boolean schema attribute 'sensitiveValue' to the known schema attributes. This attribute is used to mask sensitive values with a replacement value, which can be displayed in the UI. Bug: 856901 , 873641 , 849657 Change-Id: I8afb2c3255d483737db8380abd898cd15d62e84a Reviewed-on: https://chromium-review.googlesource.com/1183235 Commit-Queue: Alexander Hendrich <hendrich@chromium.org> Reviewed-by: Lutz Justen <ljusten@chromium.org> Reviewed-by: Pavol Marko <pmarko@chromium.org> Cr-Commit-Position: refs/heads/master@{#587079} [modify] https://crrev.com/7ee2ff272246fe376ea1077ad5aea425bfab824f/components/policy/core/common/json_schema_constants.cc [modify] https://crrev.com/7ee2ff272246fe376ea1077ad5aea425bfab824f/components/policy/core/common/json_schema_constants.h [modify] https://crrev.com/7ee2ff272246fe376ea1077ad5aea425bfab824f/components/policy/core/common/schema.cc [modify] https://crrev.com/7ee2ff272246fe376ea1077ad5aea425bfab824f/components/policy/core/common/schema.h
,
Sep 4
|
|||||
►
Sign in to add a comment |
|||||
Comment 1 by ortuno@chromium.org
, Jun 27 2018