"map" validator doesn't validate key, when using include

[ivocavalcante]

First of all, congrats for the great job you've done. Yamale is exactly what I needed for a project I'm working on. Now, to the bug report:

"map" validator fails to validate a key, when function used is "included". See example below:

Consider YAML data below, for testing purposes:

test.yaml

maptest: 
  1: xpto 
  2: qwerty 
  error: wrong

WORKING (meaning validation fails):

schema.yaml

maptest: map(include('value'), key=int()) 
--- 
value: str()

NON-WORKING (meaning validation passes):

schema.yaml

maptest: map(include('value'), key=include('key')) 
--- 
value: str()
key: int()

Tested with latest release, 3.0.2 .

[mildebrandt]

As mentioned in the declined PR, the best course of action is to prevent the include validator from being defined in the key constraint for the map validator. Since this is a potentially breaking change, we should wait for a major release.

[martinvonwittich]

Hm, I had hoped to use include here like this:

schema:

---
users: map(include("user"), key=include("act"))
version: enum("1.0")

---
user:
    firstname: str()
    lastname: str()
    roles: list(include("role"))
    groups: list(include("act"))
    password: include("password")
    samba_password: include("password")
    admin_password: include("password")
    maintain_groups: include("maintain_memberships")
    maintain_roles: include("maintain_memberships")
    maintain_password: include("maintain_password")

---
maintain_memberships: enum("initial_only", "restore_memberships", "fixed")

---
maintain_password: enum("initial_only", "fixed")

---
# /usr/share/perl5/IServ/Valid.pm sub Role
role: str(matches="^ROLE_[A-Z0-9_]{1,64}$")

---
# /usr/share/perl5/IServ/Valid.pm sub Act + MAX_LEN
act: str(matches="^[a-z][a-z0-9._-]{0,31}$")

---
password:
  type: enum("plain", "hashed")
  value: str()

input:

---
version: "1.0"
users:
  martintest:
    firstname: Martin
    lastname: Test
    groups:
      - admins
      - domain.admins
    roles:
      - ROLE_ADMIN
    password:
      type: plain
      value: foobar
    samba_password:
      type: hashed
      value: foobar
    admin_password:
      type: plain
      value: barfoo
    maintain_groups: initial_only
    maintain_roles: initial_only
    maintain_password: initial_only

My intention was to have the definition for the act regex only once (DRY), and then to use it to validate both the user names and the group names. Am I doing this wrong, or is this unsupported and I have to define the act regex twice, once to validate the group names, and once to validate the user names?

[sabik]

• Rather than "waiting" for a major release, this bug seems major enough to trigger a major release in its own right? The validators are silently passing on invalid data.

• Ideally, the implementation of the Include validator should be moved into the actual Include validator, although that would be a larger refactoring (would have to pass in the Schema).

• Cross-reference: this also applies to the Any and Subset validators, per Issue with using map validator "key" option with any/subset. #217, and potentially Map and List