π€ Generated by the Daily AI Assistant
Problem. Some ConfigMaps embed JSON as a YAML block scalar β e.g. the Headlamp Kubescape exceptions ConfigMap (k8s/bases/infrastructure/controllers/kubescape/config-map-headlamp-exceptions.yaml, data.exceptionPolicies, ~15 hand-maintained policy entries). ksail workload validate schema-validates the YAML but treats the blob as an opaque string, so a stray comma or missing bracket ships silently and only fails at consumption time β Headlamp would just show no exceptions, which reads identical to a clean posture (the 0 β clean trap). Flagged by CodeRabbit on #2446.
Proposal. Add a small CI step (script under scripts/, wired into the validate workflow) that finds ConfigMap keys whose value looks like JSON (key convention or an explicit allowlist, starting with exceptionPolicies) and runs them through a JSON parse, failing the build on a syntax error.
Acceptance criteria.
- CI fails when
data.exceptionPolicies (or another registered embedded-JSON key) is not parseable JSON.
- Passing case adds negligible CI time and no new heavyweight tooling.
- The check is documented where the validate command is documented.
Problem. Some ConfigMaps embed JSON as a YAML block scalar β e.g. the Headlamp Kubescape exceptions ConfigMap (
k8s/bases/infrastructure/controllers/kubescape/config-map-headlamp-exceptions.yaml,data.exceptionPolicies, ~15 hand-maintained policy entries).ksail workload validateschema-validates the YAML but treats the blob as an opaque string, so a stray comma or missing bracket ships silently and only fails at consumption time β Headlamp would just show no exceptions, which reads identical to a clean posture (the0 β cleantrap). Flagged by CodeRabbit on #2446.Proposal. Add a small CI step (script under
scripts/, wired into the validate workflow) that finds ConfigMap keys whose value looks like JSON (key convention or an explicit allowlist, starting withexceptionPolicies) and runs them through a JSON parse, failing the build on a syntax error.Acceptance criteria.
data.exceptionPolicies(or another registered embedded-JSON key) is not parseable JSON.