kyverno/pkg/cel/libs/context/impl_test.go

package context

import (
	"context"
	"strings"
	"testing"

	"github.com/google/cel-go/cel"
	"github.com/kyverno/kyverno/pkg/imagedataloader"
	"github.com/stretchr/testify/assert"
	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
)

type ctx struct {
	GetConfigMapFunc       func(string, string) (unstructured.Unstructured, error)
	GetGlobalReferenceFunc func(string) (any, error)
	GetImageDataFunc       func(string) (*imagedataloader.ImageData, error)
}

func (mock *ctx) GetConfigMap(ns string, n string) (unstructured.Unstructured, error) {
	return mock.GetConfigMapFunc(ns, n)
}

func (mock *ctx) GetGlobalReference(n string) (any, error) {
	return mock.GetGlobalReferenceFunc(n)
}

func (mock *ctx) GetImageData(n string) (*imagedataloader.ImageData, error) {
	return mock.GetImageDataFunc(n)
}

func Test_impl_get_configmap_string_string(t *testing.T) {
	opts := Lib()
	base, err := cel.NewEnv(opts)
	assert.NoError(t, err)
	assert.NotNil(t, base)
	options := []cel.EnvOption{
		cel.Variable("context", ContextType),
	}
	env, err := base.Extend(options...)
	assert.NoError(t, err)
	assert.NotNil(t, env)
	ast, issues := env.Compile(`context.GetConfigMap("foo","bar")`)
	assert.Nil(t, issues)
	assert.NotNil(t, ast)
	prog, err := env.Program(ast)
	assert.NoError(t, err)
	assert.NotNil(t, prog)
	called := false
	data := map[string]any{
		"context": Context{&ctx{
			GetConfigMapFunc: func(string, string) (unstructured.Unstructured, error) {
				called = true
				return unstructured.Unstructured{}, nil
			},
		}},
	}
	out, _, err := prog.Eval(data)
	assert.NoError(t, err)
	assert.NotNil(t, out)
	assert.True(t, called)
}

func Test_impl_get_globalreference_string(t *testing.T) {
	opts := Lib()
	base, err := cel.NewEnv(opts)
	assert.NoError(t, err)
	assert.NotNil(t, base)
	options := []cel.EnvOption{
		cel.Variable("context", ContextType),
	}
	env, err := base.Extend(options...)
	assert.NoError(t, err)
	assert.NotNil(t, env)
	ast, issues := env.Compile(`context.GetGlobalReference("foo")`)
	assert.Nil(t, issues)
	assert.NotNil(t, ast)
	prog, err := env.Program(ast)
	assert.NoError(t, err)
	assert.NotNil(t, prog)
	called := false
	data := map[string]any{
		"context": Context{&ctx{
			GetGlobalReferenceFunc: func(string) (any, error) {
				type foo struct {
					s string
				}
				called = true
				return foo{"bar"}, nil
			},
		}},
	}
	out, _, err := prog.Eval(data)
	assert.NoError(t, err)
	assert.NotNil(t, out)
	assert.True(t, called)
}

func Test_impl_get_imagedata_string(t *testing.T) {
	opts := Lib()
	base, err := cel.NewEnv(opts)
	assert.NoError(t, err)
	assert.NotNil(t, base)
	options := []cel.EnvOption{
		cel.Variable("context", ContextType),
	}
	env, err := base.Extend(options...)
	assert.NoError(t, err)
	assert.NotNil(t, env)
	ast, issues := env.Compile(`context.GetImageData("ghcr.io/kyverno/kyverno:latest")`)
	assert.Nil(t, issues)
	assert.NotNil(t, ast)
	prog, err := env.Program(ast)
	assert.NoError(t, err)
	assert.NotNil(t, prog)
	data := map[string]any{
		"context": Context{&ctx{
			GetImageDataFunc: func(image string) (*imagedataloader.ImageData, error) {
				idl, err := imagedataloader.New(nil)
				assert.NoError(t, err)
				return idl.FetchImageData(context.TODO(), image)
			},
		}},
	}
	out, _, err := prog.Eval(data)
	assert.NoError(t, err)
	img := out.Value().(*imagedataloader.ImageData)
	assert.Equal(t, img.Tag, "latest")
	assert.True(t, strings.HasPrefix(img.ResolvedImage, "ghcr.io/kyverno/kyverno:latest@sha256:"))
}
fix: implement cel context lib correctly (#11983) * fix: implement cel context lib correctly Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more changes Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2025-01-23 12:02:33 +01:00			`package context`

			`import (`
feat: create image data loader (#12036) * feat: add image data loader to context Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: build Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: linter Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: tests Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: update types Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: replace crane with remote Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: linter Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: linter Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> --------- Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2025-02-03 19:12:40 +05:30			`"context"`
			`"strings"`
fix: implement cel context lib correctly (#11983) * fix: implement cel context lib correctly Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more changes Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2025-01-23 12:02:33 +01:00			`"testing"`

			`"github.com/google/cel-go/cel"`
feat: create image data loader (#12036) * feat: add image data loader to context Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: build Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: linter Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: tests Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: update types Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: replace crane with remote Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: linter Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: linter Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> --------- Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2025-02-03 19:12:40 +05:30			`"github.com/kyverno/kyverno/pkg/imagedataloader"`
fix: implement cel context lib correctly (#11983) * fix: implement cel context lib correctly Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more changes Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2025-01-23 12:02:33 +01:00			`"github.com/stretchr/testify/assert"`
			`"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"`
			`)`

			`type ctx struct {`
feat: add support for more context elements (#11986) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2025-01-24 09:37:33 +01:00			`GetConfigMapFunc func(string, string) (unstructured.Unstructured, error)`
			`GetGlobalReferenceFunc func(string) (any, error)`
feat: create image data loader (#12036) * feat: add image data loader to context Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: build Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: linter Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: tests Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: update types Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: replace crane with remote Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: linter Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: linter Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> --------- Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2025-02-03 19:12:40 +05:30			`GetImageDataFunc func(string) (*imagedataloader.ImageData, error)`
fix: implement cel context lib correctly (#11983) * fix: implement cel context lib correctly Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more changes Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2025-01-23 12:02:33 +01:00			`}`

			`func (mock *ctx) GetConfigMap(ns string, n string) (unstructured.Unstructured, error) {`
			`return mock.GetConfigMapFunc(ns, n)`
			`}`

feat: add support for more context elements (#11986) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2025-01-24 09:37:33 +01:00			`func (mock *ctx) GetGlobalReference(n string) (any, error) {`
			`return mock.GetGlobalReferenceFunc(n)`
			`}`

feat: create image data loader (#12036) * feat: add image data loader to context Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: build Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: linter Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: tests Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: update types Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: replace crane with remote Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: linter Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: linter Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> --------- Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2025-02-03 19:12:40 +05:30			`func (mock ctx) GetImageData(n string) (imagedataloader.ImageData, error) {`
feat: add support for more context elements (#11986) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2025-01-24 09:37:33 +01:00			`return mock.GetImageDataFunc(n)`
			`}`

fix: implement cel context lib correctly (#11983) * fix: implement cel context lib correctly Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more changes Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2025-01-23 12:02:33 +01:00			`func Test_impl_get_configmap_string_string(t *testing.T) {`
			`opts := Lib()`
			`base, err := cel.NewEnv(opts)`
			`assert.NoError(t, err)`
			`assert.NotNil(t, base)`
			`options := []cel.EnvOption{`
			`cel.Variable("context", ContextType),`
			`}`
			`env, err := base.Extend(options...)`
			`assert.NoError(t, err)`
			`assert.NotNil(t, env)`
			ast, issues := env.Compile(`context.GetConfigMap("foo","bar")`)
			`assert.Nil(t, issues)`
			`assert.NotNil(t, ast)`
			`prog, err := env.Program(ast)`
			`assert.NoError(t, err)`
			`assert.NotNil(t, prog)`
			`called := false`
			`data := map[string]any{`
			`"context": Context{&ctx{`
			`GetConfigMapFunc: func(string, string) (unstructured.Unstructured, error) {`
			`called = true`
			`return unstructured.Unstructured{}, nil`
			`},`
			`}},`
			`}`
			`out, _, err := prog.Eval(data)`
			`assert.NoError(t, err)`
			`assert.NotNil(t, out)`
			`assert.True(t, called)`
			`}`
feat: add support for more context elements (#11986) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2025-01-24 09:37:33 +01:00
			`func Test_impl_get_globalreference_string(t *testing.T) {`
			`opts := Lib()`
			`base, err := cel.NewEnv(opts)`
			`assert.NoError(t, err)`
			`assert.NotNil(t, base)`
			`options := []cel.EnvOption{`
			`cel.Variable("context", ContextType),`
			`}`
			`env, err := base.Extend(options...)`
			`assert.NoError(t, err)`
			`assert.NotNil(t, env)`
			ast, issues := env.Compile(`context.GetGlobalReference("foo")`)
			`assert.Nil(t, issues)`
			`assert.NotNil(t, ast)`
			`prog, err := env.Program(ast)`
			`assert.NoError(t, err)`
			`assert.NotNil(t, prog)`
			`called := false`
			`data := map[string]any{`
			`"context": Context{&ctx{`
			`GetGlobalReferenceFunc: func(string) (any, error) {`
			`type foo struct {`
			`s string`
			`}`
			`called = true`
			`return foo{"bar"}, nil`
			`},`
			`}},`
			`}`
			`out, _, err := prog.Eval(data)`
			`assert.NoError(t, err)`
			`assert.NotNil(t, out)`
			`assert.True(t, called)`
			`}`

			`func Test_impl_get_imagedata_string(t *testing.T) {`
			`opts := Lib()`
			`base, err := cel.NewEnv(opts)`
			`assert.NoError(t, err)`
			`assert.NotNil(t, base)`
			`options := []cel.EnvOption{`
			`cel.Variable("context", ContextType),`
			`}`
			`env, err := base.Extend(options...)`
			`assert.NoError(t, err)`
			`assert.NotNil(t, env)`
feat: create image data loader (#12036) * feat: add image data loader to context Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: build Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: linter Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: tests Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: update types Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: replace crane with remote Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: linter Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: linter Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> --------- Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2025-02-03 19:12:40 +05:30			ast, issues := env.Compile(`context.GetImageData("ghcr.io/kyverno/kyverno:latest")`)
feat: add support for more context elements (#11986) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2025-01-24 09:37:33 +01:00			`assert.Nil(t, issues)`
			`assert.NotNil(t, ast)`
			`prog, err := env.Program(ast)`
			`assert.NoError(t, err)`
			`assert.NotNil(t, prog)`
			`data := map[string]any{`
			`"context": Context{&ctx{`
feat: create image data loader (#12036) * feat: add image data loader to context Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: build Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: linter Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: tests Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: update types Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: replace crane with remote Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: linter Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: linter Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> --------- Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2025-02-03 19:12:40 +05:30			`GetImageDataFunc: func(image string) (*imagedataloader.ImageData, error) {`
			`idl, err := imagedataloader.New(nil)`
			`assert.NoError(t, err)`
			`return idl.FetchImageData(context.TODO(), image)`
feat: add support for more context elements (#11986) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2025-01-24 09:37:33 +01:00			`},`
			`}},`
			`}`
			`out, _, err := prog.Eval(data)`
			`assert.NoError(t, err)`
feat: create image data loader (#12036) * feat: add image data loader to context Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: build Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: linter Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: tests Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: update types Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: replace crane with remote Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: linter Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: linter Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> --------- Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2025-02-03 19:12:40 +05:30			`img := out.Value().(*imagedataloader.ImageData)`
			`assert.Equal(t, img.Tag, "latest")`
			`assert.True(t, strings.HasPrefix(img.ResolvedImage, "ghcr.io/kyverno/kyverno:latest@sha256:"))`
feat: add support for more context elements (#11986) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2025-01-24 09:37:33 +01:00			`}`