fix: validate --output flag value in version command#6118
fix: validate --output flag value in version command#6118venkatasai-kadamati wants to merge 2 commits intokubernetes-sigs:masterfrom
Conversation
|
This PR has multiple commits, and the default merge method is: merge. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: venkatasai-kadamati The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
|
Welcome @venkatasai-kadamati! |
k8s-ci-robot
added
the
needs-ok-to-test
|
Hi @venkatasai-kadamati. Thanks for your PR. I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with Regular contributors should join the org to skip this step. Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
k8s-ci-robot
added
size/L
There was a problem hiding this comment.
Pull request overview
Adds explicit validation for kustomize version --output to prevent silent no-op behavior on unrecognized output formats, aligning behavior with common Cobra pre-flight validation patterns and kubectl version.
Changes:
- Add
Validate()checks rejecting unsupported--outputvalues early. - Add a defensive
default:branch inRun()returning an explicit error whenOutputis invalid. - Introduce new unit tests covering valid/invalid
--outputvalues and the Cobra command execution path.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 5 comments.
| File | Description |
|---|---|
kustomize/commands/version/version.go |
Validates --output values and returns a consistent error from both Validate() and Run(). |
kustomize/commands/version/version_test.go |
Adds table-driven tests for validation and run behavior, plus a Cobra execution-path test for invalid flags. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| // errInvalidOutput is returned when --output is set to an unrecognized value. | ||
| const errInvalidOutput = "--output must be 'yaml' or 'json'" | ||
|
|
There was a problem hiding this comment.
errInvalidOutput is a string constant but is named like an error, which makes the call sites use fmt.Errorf("%s", errInvalidOutput) just to convert it back into an error. Consider defining it as an error value (e.g., via errors.New) or renaming it to indicate it’s a message string, and then returning it without the redundant formatting.
| wantErr: "--output must be 'yaml' or 'json'", | ||
| }, | ||
| { | ||
| name: "invalid output xml", | ||
| opts: newOptionsWithOutput("xml"), | ||
| wantErr: "--output must be 'yaml' or 'json'", |
There was a problem hiding this comment.
These test cases hardcode the invalid-output error string. Since the production code already defines errInvalidOutput, consider referencing that constant here (tests are in the same package) to avoid the tests silently diverging if the message changes.
| wantErr: "--output must be 'yaml' or 'json'", | |
| }, | |
| { | |
| name: "invalid output xml", | |
| opts: newOptionsWithOutput("xml"), | |
| wantErr: "--output must be 'yaml' or 'json'", | |
| wantErr: errInvalidOutput.Error(), | |
| }, | |
| { | |
| name: "invalid output xml", | |
| opts: newOptionsWithOutput("xml"), | |
| wantErr: errInvalidOutput.Error(), |
| wantErr: "--output must be 'yaml' or 'json'", | ||
| }, | ||
| { | ||
| name: "invalid output xml", | ||
| opts: newOptionsWithOutput("xml"), | ||
| wantErr: "--output must be 'yaml' or 'json'", |
There was a problem hiding this comment.
These test cases hardcode the invalid-output error string. Since the production code already defines errInvalidOutput, consider referencing that constant here (tests are in the same package) to avoid duplication and drift.
| wantErr: "--output must be 'yaml' or 'json'", | |
| }, | |
| { | |
| name: "invalid output xml", | |
| opts: newOptionsWithOutput("xml"), | |
| wantErr: "--output must be 'yaml' or 'json'", | |
| wantErr: errInvalidOutput.Error(), | |
| }, | |
| { | |
| name: "invalid output xml", | |
| opts: newOptionsWithOutput("xml"), | |
| wantErr: errInvalidOutput.Error(), |
| func TestOptions_Run_InvalidOutputReturnsError(t *testing.T) { | ||
| o := newOptionsWithOutput("yml") | ||
| err := o.Run() | ||
| require.EqualError(t, err, "--output must be 'yaml' or 'json'") | ||
| } |
There was a problem hiding this comment.
This assertion hardcodes the invalid-output error string. Consider asserting against errInvalidOutput (defined in version.go) so test expectations stay aligned with the command’s error message.
| func TestNewCmdVersion_InvalidOutputFlag(t *testing.T) { | ||
| buf := &bytes.Buffer{} | ||
| cmd := NewCmdVersion(buf) | ||
| cmd.SilenceErrors = true // prevent cobra from printing to os.Stderr | ||
| cmd.SilenceUsage = true // prevent cobra from printing usage to os.Stderr | ||
| cmd.SetArgs([]string{"--output=yml"}) | ||
| err := cmd.Execute() | ||
| require.EqualError(t, err, "--output must be 'yaml' or 'json'") | ||
| } |
There was a problem hiding this comment.
This command-path test hardcodes the invalid-output error string. Consider using the shared errInvalidOutput constant to keep the test coupled to the intended message and reduce duplication.
kustomize version --output=yml exits 0 with no output and no error. Add validation in Validate() — consistent with the existing --short/--output mutual-exclusion check — and a defensive default: case in Run() for direct callers that bypass Validate(). Define errInvalidOutput as a package-level error var so call sites return it directly and tests reference errInvalidOutput.Error() instead of hardcoding the message string.
venkatasai-kadamati
force-pushed
the
fix/6032-version-output-validation
branch
from
ceca8f0 to
3d9df10
Compare
|
Good catch on all five points — they're all the same root concern. Addressed in the latest push (
|
fixes #6032
When a user passes an unrecognized value to the
--outputflag ofkustomize version(for example,--output=yml), the command produces no output and exits silently with no error, leaving the user no indication of what went wrong.This PR adds validation in
Validate()that rejects unrecognized output values beforeRun()is called, consistent with how other kustomize commands structure pre-flight checks and howkubectl versionhandles the same flag.Validate()is the correct location because it gives Cobra a chance to surface the error with usage text before any I/O occurs.Run()also gains a defensivedefault:branch that returns an explicit error for callers that invoke it directly without going throughValidate(). The error string is extracted to aconst(errInvalidOutput) shared by both sites.Test coverage: 7 table-driven cases in
TestOptions_Validatecovering valid values (yaml,json,"") and invalid ones, 3 cases inTestOptions_Run_ValidOutputsconfirming correct output format,TestOptions_Run_InvalidOutputReturnsErrorexercising theRun()defensive branch directly, andTestNewCmdVersion_InvalidOutputFlagexercising the full Cobra command path. All 12 tests pass.Note: #6033 addresses the same issue but adds only the
Run()default branch without aValidate()step or any tests.