From 1647675190630ac281f79fc886b06d1030922b76 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Charles-Edouard=20Br=C3=A9t=C3=A9ch=C3=A9?=
 <charles.edouard@nirmata.com>
Date: Thu, 4 Jul 2024 16:05:42 +0200
Subject: [PATCH] feat: improve api json parsing (#10600)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* feat: improve api json parsing

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

---------

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
---
 api/kyverno/v2beta1/common_types.go           | 38 ++++++++++---------
 api/kyverno/v2beta1/spec_test.go              | 14 +++----
 api/kyverno/v2beta1/zz_generated.deepcopy.go  | 13 ++-----
 docs/user/crd/index.html                      | 19 ++--------
 docs/user/crd/kyverno.v2beta1.html            | 14 +++++--
 .../kyverno/v2beta1/condition.go              | 10 ++---
 .../kyverno/v2beta1/validation.go             | 10 ++---
 7 files changed, 54 insertions(+), 64 deletions(-)

diff --git a/api/kyverno/v2beta1/common_types.go b/api/kyverno/v2beta1/common_types.go
index ca106b022e..8ab462d529 100644
--- a/api/kyverno/v2beta1/common_types.go
+++ b/api/kyverno/v2beta1/common_types.go
@@ -1,9 +1,8 @@
 package v2beta1
 
 import (
+	"github.com/kyverno/kyverno/api/kyverno"
 	kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
-	"k8s.io/apiextensions-apiserver/pkg/apis/apiextensions"
-	apiextv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
 )
 
 // Validation defines checks to be performed on matching resources.
@@ -34,13 +33,15 @@ type Validation struct {
 	ForEachValidation []kyvernov1.ForEachValidation `json:"foreach,omitempty" yaml:"foreach,omitempty"`
 
 	// Pattern specifies an overlay-style pattern used to check resources.
-	// +optional
-	RawPattern *apiextv1.JSON `json:"pattern,omitempty" yaml:"pattern,omitempty"`
+	// +kubebuilder:validation:Schemaless
+	// +kubebuilder:pruning:PreserveUnknownFields
+	RawPattern *kyverno.Any `json:"pattern,omitempty" yaml:"pattern,omitempty"`
 
 	// AnyPattern specifies list of validation patterns. At least one of the patterns
 	// must be satisfied for the validation rule to succeed.
-	// +optional
-	RawAnyPattern *apiextv1.JSON `json:"anyPattern,omitempty" yaml:"anyPattern,omitempty"`
+	// +kubebuilder:validation:Schemaless
+	// +kubebuilder:pruning:PreserveUnknownFields
+	RawAnyPattern *kyverno.Any `json:"anyPattern,omitempty" yaml:"anyPattern,omitempty"`
 
 	// Deny defines conditions used to pass or fail a validation rule.
 	// +optional
@@ -101,7 +102,9 @@ type Deny struct {
 
 type Condition struct {
 	// Key is the context entry (using JMESPath) for conditional rule evaluation.
-	RawKey *apiextv1.JSON `json:"key,omitempty" yaml:"key,omitempty"`
+	// +kubebuilder:validation:Schemaless
+	// +kubebuilder:pruning:PreserveUnknownFields
+	RawKey *kyverno.Any `json:"key,omitempty" yaml:"key,omitempty"`
 
 	// Operator is the conditional operation to perform. Valid operators are:
 	// Equals, NotEquals, In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn, GreaterThanOrEquals,
@@ -111,27 +114,28 @@ type Condition struct {
 
 	// Value is the conditional value, or set of values. The values can be fixed set
 	// or can be variables declared using JMESPath.
-	// +optional
-	RawValue *apiextv1.JSON `json:"value,omitempty" yaml:"value,omitempty"`
+	// +kubebuilder:validation:Schemaless
+	// +kubebuilder:pruning:PreserveUnknownFields
+	RawValue *kyverno.Any `json:"value,omitempty" yaml:"value,omitempty"`
 
 	// Message is an optional display message
 	Message string `json:"message,omitempty" yaml:"message,omitempty"`
 }
 
-func (c *Condition) GetKey() apiextensions.JSON {
-	return kyvernov1.FromJSON(c.RawKey)
+func (c *Condition) GetKey() any {
+	return kyverno.FromAny(c.RawKey)
 }
 
-func (c *Condition) SetKey(in apiextensions.JSON) {
-	c.RawKey = kyvernov1.ToJSON(in)
+func (c *Condition) SetKey(in any) {
+	c.RawKey = kyverno.ToAny(in)
 }
 
-func (c *Condition) GetValue() apiextensions.JSON {
-	return kyvernov1.FromJSON(c.RawValue)
+func (c *Condition) GetValue() any {
+	return kyverno.FromAny(c.RawValue)
 }
 
-func (c *Condition) SetValue(in apiextensions.JSON) {
-	c.RawValue = kyvernov1.ToJSON(in)
+func (c *Condition) SetValue(in any) {
+	c.RawValue = kyverno.ToAny(in)
 }
 
 type AnyAllConditions struct {
diff --git a/api/kyverno/v2beta1/spec_test.go b/api/kyverno/v2beta1/spec_test.go
index ff3f131d65..69da20f938 100644
--- a/api/kyverno/v2beta1/spec_test.go
+++ b/api/kyverno/v2beta1/spec_test.go
@@ -3,9 +3,9 @@ package v2beta1
 import (
 	"testing"
 
+	"github.com/kyverno/kyverno/api/kyverno"
 	kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
 	"gotest.tools/assert"
-	apiextv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
 	"k8s.io/apimachinery/pkg/util/validation/field"
 )
 
@@ -23,10 +23,8 @@ func Test_Validate_UniqueRuleName(t *testing.T) {
 				}},
 			},
 			Validation: Validation{
-				Message: "message",
-				RawAnyPattern: &apiextv1.JSON{
-					Raw: []byte("{"),
-				},
+				Message:       "message",
+				RawAnyPattern: kyverno.ToAny("{"),
 			},
 		}, {
 			Name: "deny-privileged-disallowpriviligedescalation",
@@ -39,10 +37,8 @@ func Test_Validate_UniqueRuleName(t *testing.T) {
 					}},
 				}},
 			Validation: Validation{
-				Message: "message",
-				RawAnyPattern: &apiextv1.JSON{
-					Raw: []byte("{"),
-				},
+				Message:       "message",
+				RawAnyPattern: kyverno.ToAny("{"),
 			},
 		}},
 	}
diff --git a/api/kyverno/v2beta1/zz_generated.deepcopy.go b/api/kyverno/v2beta1/zz_generated.deepcopy.go
index 7b1eae6591..8b1fe999e4 100755
--- a/api/kyverno/v2beta1/zz_generated.deepcopy.go
+++ b/api/kyverno/v2beta1/zz_generated.deepcopy.go
@@ -24,7 +24,6 @@ package v2beta1
 import (
 	v1 "github.com/kyverno/kyverno/api/kyverno/v1"
 	admissionregistrationv1 "k8s.io/api/admissionregistration/v1"
-	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	runtime "k8s.io/apimachinery/pkg/runtime"
 )
@@ -305,13 +304,11 @@ func (in *Condition) DeepCopyInto(out *Condition) {
 	*out = *in
 	if in.RawKey != nil {
 		in, out := &in.RawKey, &out.RawKey
-		*out = new(apiextensionsv1.JSON)
-		(*in).DeepCopyInto(*out)
+		*out = (*in).DeepCopy()
 	}
 	if in.RawValue != nil {
 		in, out := &in.RawValue, &out.RawValue
-		*out = new(apiextensionsv1.JSON)
-		(*in).DeepCopyInto(*out)
+		*out = (*in).DeepCopy()
 	}
 	return
 }
@@ -857,13 +854,11 @@ func (in *Validation) DeepCopyInto(out *Validation) {
 	}
 	if in.RawPattern != nil {
 		in, out := &in.RawPattern, &out.RawPattern
-		*out = new(apiextensionsv1.JSON)
-		(*in).DeepCopyInto(*out)
+		*out = (*in).DeepCopy()
 	}
 	if in.RawAnyPattern != nil {
 		in, out := &in.RawAnyPattern, &out.RawAnyPattern
-		*out = new(apiextensionsv1.JSON)
-		(*in).DeepCopyInto(*out)
+		*out = (*in).DeepCopy()
 	}
 	if in.Deny != nil {
 		in, out := &in.Deny, &out.Deny
diff --git a/docs/user/crd/index.html b/docs/user/crd/index.html
index b8b8253dce..d755e58da8 100644
--- a/docs/user/crd/index.html
+++ b/docs/user/crd/index.html
@@ -8100,9 +8100,7 @@ Kubernetes meta/v1.Time
 <td>
 <code>key</code><br/>
 <em>
-<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#json-v1-apiextensions">
-Kubernetes apiextensions/v1.JSON
-</a>
+github.com/kyverno/kyverno/api/kyverno.Any
 </em>
 </td>
 <td>
@@ -8129,13 +8127,10 @@ DurationLessThanOrEquals, DurationLessThan</p>
 <td>
 <code>value</code><br/>
 <em>
-<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#json-v1-apiextensions">
-Kubernetes apiextensions/v1.JSON
-</a>
+github.com/kyverno/kyverno/api/kyverno.Any
 </em>
 </td>
 <td>
-<em>(Optional)</em>
 <p>Value is the conditional value, or set of values. The values can be fixed set
 or can be variables declared using JMESPath.</p>
 </td>
@@ -9205,13 +9200,10 @@ Manifests
 <td>
 <code>pattern</code><br/>
 <em>
-<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#json-v1-apiextensions">
-Kubernetes apiextensions/v1.JSON
-</a>
+github.com/kyverno/kyverno/api/kyverno.Any
 </em>
 </td>
 <td>
-<em>(Optional)</em>
 <p>Pattern specifies an overlay-style pattern used to check resources.</p>
 </td>
 </tr>
@@ -9219,13 +9211,10 @@ Kubernetes apiextensions/v1.JSON
 <td>
 <code>anyPattern</code><br/>
 <em>
-<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#json-v1-apiextensions">
-Kubernetes apiextensions/v1.JSON
-</a>
+github.com/kyverno/kyverno/api/kyverno.Any
 </em>
 </td>
 <td>
-<em>(Optional)</em>
 <p>AnyPattern specifies list of validation patterns. At least one of the patterns
 must be satisfied for the validation rule to succeed.</p>
 </td>
diff --git a/docs/user/crd/kyverno.v2beta1.html b/docs/user/crd/kyverno.v2beta1.html
index 495749aab6..24e728161f 100644
--- a/docs/user/crd/kyverno.v2beta1.html
+++ b/docs/user/crd/kyverno.v2beta1.html
@@ -2444,7 +2444,7 @@ and admission review request information like the name or role.</p>
           
           
             
-              <span style="font-family: monospace">k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.JSON</span>
+              <span style="font-family: monospace">github.com/kyverno/kyverno/api/kyverno.Any</span>
             
           
         </td>
@@ -2500,12 +2500,14 @@ DurationLessThanOrEquals, DurationLessThan</p>
       <tr>
         <td><code>value</code>
           
+          <span style="color:blue;"> *</span>
+          
           </br>
 
           
           
             
-              <span style="font-family: monospace">k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.JSON</span>
+              <span style="font-family: monospace">github.com/kyverno/kyverno/api/kyverno.Any</span>
             
           
         </td>
@@ -4666,12 +4668,14 @@ namespace-wise. It overrides ValidationFailureAction for the specified namespace
       <tr>
         <td><code>pattern</code>
           
+          <span style="color:blue;"> *</span>
+          
           </br>
 
           
           
             
-              <span style="font-family: monospace">k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.JSON</span>
+              <span style="font-family: monospace">github.com/kyverno/kyverno/api/kyverno.Any</span>
             
           
         </td>
@@ -4693,12 +4697,14 @@ namespace-wise. It overrides ValidationFailureAction for the specified namespace
       <tr>
         <td><code>anyPattern</code>
           
+          <span style="color:blue;"> *</span>
+          
           </br>
 
           
           
             
-              <span style="font-family: monospace">k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.JSON</span>
+              <span style="font-family: monospace">github.com/kyverno/kyverno/api/kyverno.Any</span>
             
           
         </td>
diff --git a/pkg/client/applyconfigurations/kyverno/v2beta1/condition.go b/pkg/client/applyconfigurations/kyverno/v2beta1/condition.go
index 57a82b3223..2a1f9fe355 100644
--- a/pkg/client/applyconfigurations/kyverno/v2beta1/condition.go
+++ b/pkg/client/applyconfigurations/kyverno/v2beta1/condition.go
@@ -19,16 +19,16 @@ limitations under the License.
 package v2beta1
 
 import (
+	kyverno "github.com/kyverno/kyverno/api/kyverno"
 	v2beta1 "github.com/kyverno/kyverno/api/kyverno/v2beta1"
-	v1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
 )
 
 // ConditionApplyConfiguration represents an declarative configuration of the Condition type for use
 // with apply.
 type ConditionApplyConfiguration struct {
-	RawKey   *v1.JSON                   `json:"key,omitempty"`
+	RawKey   *kyverno.Any               `json:"key,omitempty"`
 	Operator *v2beta1.ConditionOperator `json:"operator,omitempty"`
-	RawValue *v1.JSON                   `json:"value,omitempty"`
+	RawValue *kyverno.Any               `json:"value,omitempty"`
 	Message  *string                    `json:"message,omitempty"`
 }
 
@@ -41,7 +41,7 @@ func Condition() *ConditionApplyConfiguration {
 // WithRawKey sets the RawKey field in the declarative configuration to the given value
 // and returns the receiver, so that objects can be built by chaining "With" function invocations.
 // If called multiple times, the RawKey field is set to the value of the last call.
-func (b *ConditionApplyConfiguration) WithRawKey(value v1.JSON) *ConditionApplyConfiguration {
+func (b *ConditionApplyConfiguration) WithRawKey(value kyverno.Any) *ConditionApplyConfiguration {
 	b.RawKey = &value
 	return b
 }
@@ -57,7 +57,7 @@ func (b *ConditionApplyConfiguration) WithOperator(value v2beta1.ConditionOperat
 // WithRawValue sets the RawValue field in the declarative configuration to the given value
 // and returns the receiver, so that objects can be built by chaining "With" function invocations.
 // If called multiple times, the RawValue field is set to the value of the last call.
-func (b *ConditionApplyConfiguration) WithRawValue(value v1.JSON) *ConditionApplyConfiguration {
+func (b *ConditionApplyConfiguration) WithRawValue(value kyverno.Any) *ConditionApplyConfiguration {
 	b.RawValue = &value
 	return b
 }
diff --git a/pkg/client/applyconfigurations/kyverno/v2beta1/validation.go b/pkg/client/applyconfigurations/kyverno/v2beta1/validation.go
index bac8683ee2..fff237a500 100644
--- a/pkg/client/applyconfigurations/kyverno/v2beta1/validation.go
+++ b/pkg/client/applyconfigurations/kyverno/v2beta1/validation.go
@@ -19,9 +19,9 @@ limitations under the License.
 package v2beta1
 
 import (
+	kyverno "github.com/kyverno/kyverno/api/kyverno"
 	v1 "github.com/kyverno/kyverno/api/kyverno/v1"
 	kyvernov1 "github.com/kyverno/kyverno/pkg/client/applyconfigurations/kyverno/v1"
-	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
 )
 
 // ValidationApplyConfiguration represents an declarative configuration of the Validation type for use
@@ -32,8 +32,8 @@ type ValidationApplyConfiguration struct {
 	Message                          *string                                                       `json:"message,omitempty"`
 	Manifests                        *kyvernov1.ManifestsApplyConfiguration                        `json:"manifests,omitempty"`
 	ForEachValidation                []kyvernov1.ForEachValidationApplyConfiguration               `json:"foreach,omitempty"`
-	RawPattern                       *apiextensionsv1.JSON                                         `json:"pattern,omitempty"`
-	RawAnyPattern                    *apiextensionsv1.JSON                                         `json:"anyPattern,omitempty"`
+	RawPattern                       *kyverno.Any                                                  `json:"pattern,omitempty"`
+	RawAnyPattern                    *kyverno.Any                                                  `json:"anyPattern,omitempty"`
 	Deny                             *DenyApplyConfiguration                                       `json:"deny,omitempty"`
 	PodSecurity                      *kyvernov1.PodSecurityApplyConfiguration                      `json:"podSecurity,omitempty"`
 	CEL                              *kyvernov1.CELApplyConfiguration                              `json:"cel,omitempty"`
@@ -98,7 +98,7 @@ func (b *ValidationApplyConfiguration) WithForEachValidation(values ...*kyvernov
 // WithRawPattern sets the RawPattern field in the declarative configuration to the given value
 // and returns the receiver, so that objects can be built by chaining "With" function invocations.
 // If called multiple times, the RawPattern field is set to the value of the last call.
-func (b *ValidationApplyConfiguration) WithRawPattern(value apiextensionsv1.JSON) *ValidationApplyConfiguration {
+func (b *ValidationApplyConfiguration) WithRawPattern(value kyverno.Any) *ValidationApplyConfiguration {
 	b.RawPattern = &value
 	return b
 }
@@ -106,7 +106,7 @@ func (b *ValidationApplyConfiguration) WithRawPattern(value apiextensionsv1.JSON
 // WithRawAnyPattern sets the RawAnyPattern field in the declarative configuration to the given value
 // and returns the receiver, so that objects can be built by chaining "With" function invocations.
 // If called multiple times, the RawAnyPattern field is set to the value of the last call.
-func (b *ValidationApplyConfiguration) WithRawAnyPattern(value apiextensionsv1.JSON) *ValidationApplyConfiguration {
+func (b *ValidationApplyConfiguration) WithRawAnyPattern(value kyverno.Any) *ValidationApplyConfiguration {
 	b.RawAnyPattern = &value
 	return b
 }