From 7e9b51865d147f40c2554ebd5145a553126b661a Mon Sep 17 00:00:00 2001
From: Karen Etheridge <ether@joyent.com>
Date: Fri, 3 Jan 2020 12:30:39 -0800
Subject: [PATCH] tighten json schema for incoming device reports

Invalid "disks" entries were not being rejected, e.g. as seen in
https://rollbar.com/joyent_buildops/conch/items/64/occurrences/111200659371/
---
 json-schema/device_report.yaml |  1 +
 t/json-validation.t            | 15 ++++++++++++---
 2 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/json-schema/device_report.yaml b/json-schema/device_report.yaml
index f6d38911e..7778f8a81 100644
--- a/json-schema/device_report.yaml
+++ b/json-schema/device_report.yaml
@@ -44,6 +44,7 @@ definitions:
                 - type: 'null'
       disks:
         type: object
+        additionalProperties: false
         propertyNames:
           $ref: common.yaml#/definitions/disk_serial_number
         additionalProperties:
diff --git a/t/json-validation.t b/t/json-validation.t
index 513f6f3bf..dcd25f47b 100644
--- a/t/json-validation.t
+++ b/t/json-validation.t
@@ -127,16 +127,25 @@ subtest 'device report validation' => sub {
         ->load_and_validate_schema('json-schema/device_report.yaml',
             { schema => 'http://json-schema.org/draft-07/schema#' });
 
-    my $schema = $validator->get('/definitions/DeviceReport_v3.0.0/properties/system_uuid');
-
     cmp_deeply(
-        [ $validator->validate('00000000-0000-0000-0000-000000000000', $schema) ],
+        [ $validator->validate('00000000-0000-0000-0000-000000000000',
+                $validator->get('/definitions/DeviceReport_v3.0.0/properties/system_uuid')) ],
         [ methods(
             path => '/',
             message => re(qr/should not match/i),
         ) ],
         'all-zero system_uuids are rejected',
     );
+
+    cmp_deeply(
+        [ $validator->validate({ '' => {} },
+                $validator->get('/definitions/DeviceReport_v3.0.0/properties/disks')) ],
+        [ methods(
+            path => '/',
+            message => re(qr{/propertyName/ String does not match '?\^\\S\+\$'?}i),
+        ) ],
+        'bad disk entries are rejected',
+    );
 };
 
 done_testing;