From a627a550eb8ca4d4eaabd3774b3d9385e569efaf Mon Sep 17 00:00:00 2001
From: Daniel Watkins <oddbloke@ubuntu.com>
Date: Mon, 18 May 2020 12:52:24 -0400
Subject: [PATCH 1/3] cc_snap: add assertions list example

---
 cloudinit/config/cc_snap.py | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/cloudinit/config/cc_snap.py b/cloudinit/config/cc_snap.py
index 3bf2e250b9e..96afd78c395 100644
--- a/cloudinit/config/cc_snap.py
+++ b/cloudinit/config/cc_snap.py
@@ -93,6 +93,13 @@
                 - ['snap', 'install', 'vlc']
                 - snap install vlc
                 - 'snap install vlc'
+    """), dedent("""\
+        # You can use a list of assertions
+        snap:
+            assertions:
+                - signed_assertion_blob_here
+                - |
+                    signed_assertion_blob_here
     """)],
     'frequency': PER_INSTANCE,
     'type': 'object',

From 0e65e95e82c28b232d9a3686505ec6c296c205ef Mon Sep 17 00:00:00 2001
From: Daniel Watkins <oddbloke@ubuntu.com>
Date: Mon, 18 May 2020 12:58:39 -0400
Subject: [PATCH 2/3] cc_snap: validate that assertion property values are
 strings

---
 cloudinit/config/cc_snap.py         |  3 ++-
 cloudinit/config/tests/test_snap.py | 14 ++++++++++++++
 2 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/cloudinit/config/cc_snap.py b/cloudinit/config/cc_snap.py
index 96afd78c395..8a31bd3f998 100644
--- a/cloudinit/config/cc_snap.py
+++ b/cloudinit/config/cc_snap.py
@@ -113,7 +113,8 @@
                     'additionalItems': False,  # Reject items non-string
                     'minItems': 1,
                     'minProperties': 1,
-                    'uniqueItems': True
+                    'uniqueItems': True,
+                    'additionalProperties': {'type': 'string'},
                 },
                 'commands': {
                     'type': ['object', 'array'],  # Array of strings or dict
diff --git a/cloudinit/config/tests/test_snap.py b/cloudinit/config/tests/test_snap.py
index 2be301861bc..95270fa0dfc 100644
--- a/cloudinit/config/tests/test_snap.py
+++ b/cloudinit/config/tests/test_snap.py
@@ -342,6 +342,20 @@ def test_schema_when_commands_list_values_are_invalid_type(self, _):
             " of the given schemas\n",
             self.logs.getvalue())
 
+    @mock.patch('cloudinit.config.cc_snap.run_commands')
+    def test_schema_when_assertions_values_are_invalid_type(self, _):
+        """Warnings when snap:assertions values are invalid type (e.g. int)"""
+        validate_cloudconfig_schema(
+            {'snap': {'assertions': [123]}}, schema)
+        validate_cloudconfig_schema(
+            {'snap': {'assertions': {'01': 123}}}, schema)
+        self.assertEqual(
+            "WARNING: Invalid config:\n"
+            "snap.assertions.0: 123 is not of type 'string'\n"
+            "WARNING: Invalid config:\n"
+            "snap.assertions.01: 123 is not of type 'string'\n",
+            self.logs.getvalue())
+
     @mock.patch('cloudinit.config.cc_snap.add_assertions')
     def test_warn_schema_assertions_is_not_list_or_dict(self, _):
         """Warn when snap:assertions config is not a list or dict."""

From 6b8b79aa5384e064f9ed2238b29df9dfc5b5e90a Mon Sep 17 00:00:00 2001
From: Daniel Watkins <oddbloke@ubuntu.com>
Date: Thu, 21 May 2020 10:09:26 -0400
Subject: [PATCH 3/3] cc_snap: drop now-addressed TODO comment

---
 cloudinit/config/cc_snap.py | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/cloudinit/config/cc_snap.py b/cloudinit/config/cc_snap.py
index 8a31bd3f998..8178562e091 100644
--- a/cloudinit/config/cc_snap.py
+++ b/cloudinit/config/cc_snap.py
@@ -144,10 +144,6 @@
     }
 }
 
-# TODO schema for 'assertions' and 'commands' are too permissive at the moment.
-# Once python-jsonschema supports schema draft 6 add support for arbitrary
-# object keys with 'patternProperties' constraint to validate string values.
-
 __doc__ = get_schema_doc(schema)  # Supplement python help()
 
 SNAP_CMD = "snap"