StackStorm · cognifloyd · Jul 18, 2022 · Aug 4, 2021 · Aug 4, 2021 · Aug 4, 2021
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
@@ -25,6 +25,45 @@ Added
 * Added graceful shutdown for workflow engine. #5463
   Contributed by @khushboobhatia01
 
+Changed
+~~~~~~~
+
+* BREAKING CHANGE for anyone that uses ``output_schema``, which is disabled by default.
+  If you have ``[system].validate_output_schema = True`` in st2.conf AND you have added
+  ``output_schema`` to any of your packs, then you must update your action metadata.
+
+  ``output_schema`` must be a full jsonschema now. If a schema is not well-formed, we ignore it.
+  Now, ``output`` can be types other than object such as list, bool, int, etc.
+  This also means that all of an action's output can be masked as a secret.
+
+  To get the same behavior, you'll need to update your output schema.
+  For example, this schema:
+
+  .. code-block:: yaml
+
+    output_schema:
+      property1:
+        type: bool
+      property2:
+        type: str
+
+  should be updated like this:
+
+  .. code-block:: yaml
+
+    output_schema:
+      type: object
+      properties:
+        property1:
+          type: bool
+        property2:
+          type: str
+      additionalProperties: false
+
+  #5319
+
+  Contributed by @cognifloyd
+
 3.7.0 - May 05, 2022
 --------------------
 
@@ -143,6 +182,7 @@ Added
 * Added garbage collection for rule_enforcement and trace models #5596/5602
   Contributed by Amanda McGuinness (@amanda11 intive)
 
+
 * Added garbage collection for workflow execution and task execution objects #4924
   Contributed by @srimandaleeka01 and @amanda11
 

diff --git a/contrib/runners/action_chain_runner/action_chain_runner/runner.yaml b/contrib/runners/action_chain_runner/action_chain_runner/runner.yaml
@@ -14,7 +14,10 @@
       type: array
   output_key: published
   output_schema:
-    published:
-      type: "object"
-    tasks:
-      type: "array"
+    type: object
+    properties:
+      published:
+        type: "object"
+      tasks:
+        type: "array"
+    additionalProperties: false
diff --git a/contrib/runners/http_runner/http_runner/runner.yaml b/contrib/runners/http_runner/http_runner/runner.yaml
@@ -54,18 +54,21 @@
         type: string
   output_key: body
   output_schema:
-    status_code:
-      type: integer
-    body:
-      anyOf:
-        - type: "object"
-        - type: "string"
-        - type: "integer"
-        - type: "number"
-        - type: "boolean"
-        - type: "array"
-        - type: "null"
-    parsed:
-      type: boolean
-    headers:
-      type: object
+    type: object
+    properties:
+      status_code:
+        type: integer
+      body:
+        anyOf:
+          - type: "object"
+          - type: "string"
+          - type: "integer"
+          - type: "number"
+          - type: "boolean"
+          - type: "array"
+          - type: "null"
+      parsed:
+        type: boolean
+      headers:
+        type: object
+    additionalProperties: false
diff --git a/contrib/runners/orquesta_runner/orquesta_runner/runner.yaml b/contrib/runners/orquesta_runner/orquesta_runner/runner.yaml
@@ -16,16 +16,19 @@
       default: []
   output_key: output
   output_schema:
-    errors:
-      anyOf:
-        - type: "object"
-        - type: "array"
-    output:
-      anyOf:
-        - type: "object"
-        - type: "string"
-        - type: "integer"
-        - type: "number"
-        - type: "boolean"
-        - type: "array"
-        - type: "null"
+    type: object
+    properties:
+      errors:
+        anyOf:
+          - type: "object"
+          - type: "array"
+      output:
+        anyOf:
+          - type: "object"
+          - type: "string"
+          - type: "integer"
+          - type: "number"
+          - type: "boolean"
+          - type: "array"
+          - type: "null"
+    additionalProperties: false
diff --git a/contrib/runners/python_runner/python_runner/runner.yaml b/contrib/runners/python_runner/python_runner/runner.yaml
@@ -4,24 +4,27 @@
   runner_module: python_runner
   output_key: result
   output_schema:
-    result:
-      anyOf:
-        - type: "object"
-        - type: "string"
-        - type: "integer"
-        - type: "number"
-        - type: "boolean"
-        - type: "array"
-        - type: "null"
-    stderr:
-      type: string
-      required: true
-    stdout:
-      type: string
-      required: true
-    exit_code:
-      type: integer
-      required: true
+    type: object
+    properties:
+      result:
+        anyOf:
+          - type: "object"
+          - type: "string"
+          - type: "integer"
+          - type: "number"
+          - type: "boolean"
+          - type: "array"
+          - type: "null"
+      stderr:
+        type: string
+        required: true
+      stdout:
+        type: string
+        required: true
+      exit_code:
+        type: integer
+        required: true
+    additionalProperties: false
   runner_parameters:
     debug:
       description: Enable runner debug mode.

diff --git a/contrib/runners/python_runner/tests/unit/test_output_schema.py b/contrib/runners/python_runner/tests/unit/test_output_schema.py
@@ -44,10 +44,14 @@
 MOCK_EXECUTION = mock.Mock()
 MOCK_EXECUTION.id = "598dbf0c0640fd54bffc688b"
 
-FAIL_SCHEMA = {
-    "notvalid": {
-        "type": "string",
+FAIL_OUTPUT_SCHEMA = {
+    "type": "object",
+    "properties": {
+        "notvalid": {
+            "type": "string",
+        },
     },
+    "additionalProperties": False,
 }
 
 
@@ -78,7 +82,7 @@ def test_fail_incorrect_output_schema(self):
         runner.pre_run()
         (status, output, _) = runner.run({"row_index": 5})
         with self.assertRaises(jsonschema.ValidationError):
-            output_schema._validate_runner(FAIL_SCHEMA, output)
+            output_schema._validate_runner(FAIL_OUTPUT_SCHEMA, output)
 
     def _get_mock_runner_obj(self, pack=None, sandbox=None):
         runner = python_runner.get_runner()