mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2024-12-14 11:57:48 +00:00
Code Activity

feat: improve api json parsing (#10600)

Browse source 
* feat: improve api json parsing

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

---------

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
This commit is contained in:
Charles-Edouard Brétéché 2024-07-04 16:05:42 +02:00 committed by GitHub
parent c2a9e9ef69
commit 1647675190
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
7 changed files with 54 additions and 64 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

38
api/kyverno/v2beta1/common_types.go
View file

@ -1,9 +1,8 @@
package v2beta1 package v2beta1
import ( import (
"github.com/kyverno/kyverno/api/kyverno"
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1" kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
"k8s.io/apiextensions-apiserver/pkg/apis/apiextensions"
apiextv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
) )
// Validation defines checks to be performed on matching resources. // Validation defines checks to be performed on matching resources.
@ -34,13 +33,15 @@ type Validation struct {
ForEachValidation []kyvernov1.ForEachValidation `json:"foreach,omitempty" yaml:"foreach,omitempty"` ForEachValidation []kyvernov1.ForEachValidation `json:"foreach,omitempty" yaml:"foreach,omitempty"`
// Pattern specifies an overlay-style pattern used to check resources. // Pattern specifies an overlay-style pattern used to check resources.
// +optional // +kubebuilder:validation:Schemaless
RawPattern *apiextv1.JSON `json:"pattern,omitempty" yaml:"pattern,omitempty"` // +kubebuilder:pruning:PreserveUnknownFields
RawPattern *kyverno.Any `json:"pattern,omitempty" yaml:"pattern,omitempty"`
// AnyPattern specifies list of validation patterns. At least one of the patterns // AnyPattern specifies list of validation patterns. At least one of the patterns
// must be satisfied for the validation rule to succeed. // must be satisfied for the validation rule to succeed.
// +optional // +kubebuilder:validation:Schemaless
RawAnyPattern *apiextv1.JSON `json:"anyPattern,omitempty" yaml:"anyPattern,omitempty"` // +kubebuilder:pruning:PreserveUnknownFields
RawAnyPattern *kyverno.Any `json:"anyPattern,omitempty" yaml:"anyPattern,omitempty"`
// Deny defines conditions used to pass or fail a validation rule. // Deny defines conditions used to pass or fail a validation rule.
// +optional // +optional
@ -101,7 +102,9 @@ type Deny struct {
type Condition struct { type Condition struct {
// Key is the context entry (using JMESPath) for conditional rule evaluation. // Key is the context entry (using JMESPath) for conditional rule evaluation.
RawKey *apiextv1.JSON `json:"key,omitempty" yaml:"key,omitempty"` // +kubebuilder:validation:Schemaless
// +kubebuilder:pruning:PreserveUnknownFields
RawKey *kyverno.Any `json:"key,omitempty" yaml:"key,omitempty"`
// Operator is the conditional operation to perform. Valid operators are: // Operator is the conditional operation to perform. Valid operators are:
// Equals, NotEquals, In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn, GreaterThanOrEquals, // Equals, NotEquals, In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn, GreaterThanOrEquals,
@ -111,27 +114,28 @@ type Condition struct {
// Value is the conditional value, or set of values. The values can be fixed set // Value is the conditional value, or set of values. The values can be fixed set
// or can be variables declared using JMESPath. // or can be variables declared using JMESPath.
// +optional // +kubebuilder:validation:Schemaless
RawValue *apiextv1.JSON `json:"value,omitempty" yaml:"value,omitempty"` // +kubebuilder:pruning:PreserveUnknownFields
RawValue *kyverno.Any `json:"value,omitempty" yaml:"value,omitempty"`
// Message is an optional display message // Message is an optional display message
Message string `json:"message,omitempty" yaml:"message,omitempty"` Message string `json:"message,omitempty" yaml:"message,omitempty"`
} }
func (c *Condition) GetKey() apiextensions.JSON { func (c *Condition) GetKey() any {
return kyvernov1.FromJSON(c.RawKey) return kyverno.FromAny(c.RawKey)
} }
func (c *Condition) SetKey(in apiextensions.JSON) { func (c *Condition) SetKey(in any) {
c.RawKey = kyvernov1.ToJSON(in) c.RawKey = kyverno.ToAny(in)
} }
func (c *Condition) GetValue() apiextensions.JSON { func (c *Condition) GetValue() any {
return kyvernov1.FromJSON(c.RawValue) return kyverno.FromAny(c.RawValue)
} }
func (c *Condition) SetValue(in apiextensions.JSON) { func (c *Condition) SetValue(in any) {
c.RawValue = kyvernov1.ToJSON(in) c.RawValue = kyverno.ToAny(in)
} }
type AnyAllConditions struct { type AnyAllConditions struct {

14
api/kyverno/v2beta1/spec_test.go
View file

@ -3,9 +3,9 @@ package v2beta1
import ( import (
"testing" "testing"
"github.com/kyverno/kyverno/api/kyverno"
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1" kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
"gotest.tools/assert" "gotest.tools/assert"
apiextv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
"k8s.io/apimachinery/pkg/util/validation/field" "k8s.io/apimachinery/pkg/util/validation/field"
) )
@ -23,10 +23,8 @@ func Test_Validate_UniqueRuleName(t *testing.T) {
}}, }},
}, },
Validation: Validation{ Validation: Validation{
Message: "message", Message: "message",
RawAnyPattern: &apiextv1.JSON{ RawAnyPattern: kyverno.ToAny("{"),
Raw: []byte("{"),
},
}, },
}, { }, {
Name: "deny-privileged-disallowpriviligedescalation", Name: "deny-privileged-disallowpriviligedescalation",
@ -39,10 +37,8 @@ func Test_Validate_UniqueRuleName(t *testing.T) {
}}, }},
}}, }},
Validation: Validation{ Validation: Validation{
Message: "message", Message: "message",
RawAnyPattern: &apiextv1.JSON{ RawAnyPattern: kyverno.ToAny("{"),
Raw: []byte("{"),
},
}, },
}}, }},
} }

13
api/kyverno/v2beta1/zz_generated.deepcopy.go
View file

@ -24,7 +24,6 @@ package v2beta1
import ( import (
v1 "github.com/kyverno/kyverno/api/kyverno/v1" v1 "github.com/kyverno/kyverno/api/kyverno/v1"
admissionregistrationv1 "k8s.io/api/admissionregistration/v1" admissionregistrationv1 "k8s.io/api/admissionregistration/v1"
apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
runtime "k8s.io/apimachinery/pkg/runtime" runtime "k8s.io/apimachinery/pkg/runtime"
) )
@ -305,13 +304,11 @@ func (in *Condition) DeepCopyInto(out *Condition) {
*out = *in *out = *in
if in.RawKey != nil { if in.RawKey != nil {
in, out := &in.RawKey, &out.RawKey in, out := &in.RawKey, &out.RawKey
*out = new(apiextensionsv1.JSON) *out = (*in).DeepCopy()
(*in).DeepCopyInto(*out)
} }
if in.RawValue != nil { if in.RawValue != nil {
in, out := &in.RawValue, &out.RawValue in, out := &in.RawValue, &out.RawValue
*out = new(apiextensionsv1.JSON) *out = (*in).DeepCopy()
(*in).DeepCopyInto(*out)
} }
return return
} }
@ -857,13 +854,11 @@ func (in *Validation) DeepCopyInto(out *Validation) {
} }
if in.RawPattern != nil { if in.RawPattern != nil {
in, out := &in.RawPattern, &out.RawPattern in, out := &in.RawPattern, &out.RawPattern
*out = new(apiextensionsv1.JSON) *out = (*in).DeepCopy()
(*in).DeepCopyInto(*out)
} }
if in.RawAnyPattern != nil { if in.RawAnyPattern != nil {
in, out := &in.RawAnyPattern, &out.RawAnyPattern in, out := &in.RawAnyPattern, &out.RawAnyPattern
*out = new(apiextensionsv1.JSON) *out = (*in).DeepCopy()
(*in).DeepCopyInto(*out)
} }
if in.Deny != nil { if in.Deny != nil {
in, out := &in.Deny, &out.Deny in, out := &in.Deny, &out.Deny

19
docs/user/crd/index.html
View file

@ -8100,9 +8100,7 @@ Kubernetes meta/v1.Time
<td> <td>
<code>key</code><br/> <code>key</code><br/>
<em> <em>
<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#json-v1-apiextensions"> github.com/kyverno/kyverno/api/kyverno.Any
Kubernetes apiextensions/v1.JSON
</a>
</em> </em>
</td> </td>
<td> <td>
@ -8129,13 +8127,10 @@ DurationLessThanOrEquals, DurationLessThan</p>
<td> <td>
<code>value</code><br/> <code>value</code><br/>
<em> <em>
<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#json-v1-apiextensions"> github.com/kyverno/kyverno/api/kyverno.Any
Kubernetes apiextensions/v1.JSON
</a>
</em> </em>
</td> </td>
<td> <td>
<em>(Optional)</em>
<p>Value is the conditional value, or set of values. The values can be fixed set <p>Value is the conditional value, or set of values. The values can be fixed set
or can be variables declared using JMESPath.</p> or can be variables declared using JMESPath.</p>
</td> </td>
@ -9205,13 +9200,10 @@ Manifests
<td> <td>
<code>pattern</code><br/> <code>pattern</code><br/>
<em> <em>
<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#json-v1-apiextensions"> github.com/kyverno/kyverno/api/kyverno.Any
Kubernetes apiextensions/v1.JSON
</a>
</em> </em>
</td> </td>
<td> <td>
<em>(Optional)</em>
<p>Pattern specifies an overlay-style pattern used to check resources.</p> <p>Pattern specifies an overlay-style pattern used to check resources.</p>
</td> </td>
</tr> </tr>
@ -9219,13 +9211,10 @@ Kubernetes apiextensions/v1.JSON
<td> <td>
<code>anyPattern</code><br/> <code>anyPattern</code><br/>
<em> <em>
<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#json-v1-apiextensions"> github.com/kyverno/kyverno/api/kyverno.Any
Kubernetes apiextensions/v1.JSON
</a>
</em> </em>
</td> </td>
<td> <td>
<em>(Optional)</em>
<p>AnyPattern specifies list of validation patterns. At least one of the patterns <p>AnyPattern specifies list of validation patterns. At least one of the patterns
must be satisfied for the validation rule to succeed.</p> must be satisfied for the validation rule to succeed.</p>
</td> </td>

14
docs/user/crd/kyverno.v2beta1.html
View file

@ -2444,7 +2444,7 @@ and admission review request information like the name or role.</p>
<span style="font-family: monospace">k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.JSON</span> <span style="font-family: monospace">github.com/kyverno/kyverno/api/kyverno.Any</span>
</td> </td>
@ -2500,12 +2500,14 @@ DurationLessThanOrEquals, DurationLessThan</p>
<tr> <tr>
<td><code>value</code> <td><code>value</code>
<span style="color:blue;"> *</span>
</br> </br>
<span style="font-family: monospace">k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.JSON</span> <span style="font-family: monospace">github.com/kyverno/kyverno/api/kyverno.Any</span>
</td> </td>
@ -4666,12 +4668,14 @@ namespace-wise. It overrides ValidationFailureAction for the specified namespace
<tr> <tr>
<td><code>pattern</code> <td><code>pattern</code>
<span style="color:blue;"> *</span>
</br> </br>
<span style="font-family: monospace">k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.JSON</span> <span style="font-family: monospace">github.com/kyverno/kyverno/api/kyverno.Any</span>
</td> </td>
@ -4693,12 +4697,14 @@ namespace-wise. It overrides ValidationFailureAction for the specified namespace
<tr> <tr>
<td><code>anyPattern</code> <td><code>anyPattern</code>
<span style="color:blue;"> *</span>
</br> </br>
<span style="font-family: monospace">k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.JSON</span> <span style="font-family: monospace">github.com/kyverno/kyverno/api/kyverno.Any</span>
</td> </td>

10
pkg/client/applyconfigurations/kyverno/v2beta1/condition.go
View file

@ -19,16 +19,16 @@ limitations under the License.
package v2beta1 package v2beta1
import ( import (
kyverno "github.com/kyverno/kyverno/api/kyverno"
v2beta1 "github.com/kyverno/kyverno/api/kyverno/v2beta1" v2beta1 "github.com/kyverno/kyverno/api/kyverno/v2beta1"
v1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
) )
// ConditionApplyConfiguration represents an declarative configuration of the Condition type for use // ConditionApplyConfiguration represents an declarative configuration of the Condition type for use
// with apply. // with apply.
type ConditionApplyConfiguration struct { type ConditionApplyConfiguration struct {
RawKey *v1.JSON `json:"key,omitempty"` RawKey *kyverno.Any `json:"key,omitempty"`
Operator *v2beta1.ConditionOperator `json:"operator,omitempty"` Operator *v2beta1.ConditionOperator `json:"operator,omitempty"`
RawValue *v1.JSON `json:"value,omitempty"` RawValue *kyverno.Any `json:"value,omitempty"`
Message *string `json:"message,omitempty"` Message *string `json:"message,omitempty"`
} }
@ -41,7 +41,7 @@ func Condition() *ConditionApplyConfiguration {
// WithRawKey sets the RawKey field in the declarative configuration to the given value // WithRawKey sets the RawKey field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations. // and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the RawKey field is set to the value of the last call. // If called multiple times, the RawKey field is set to the value of the last call.
func (b *ConditionApplyConfiguration) WithRawKey(value v1.JSON) *ConditionApplyConfiguration { func (b *ConditionApplyConfiguration) WithRawKey(value kyverno.Any) *ConditionApplyConfiguration {
b.RawKey = &value b.RawKey = &value
return b return b
} }
@ -57,7 +57,7 @@ func (b *ConditionApplyConfiguration) WithOperator(value v2beta1.ConditionOperat
// WithRawValue sets the RawValue field in the declarative configuration to the given value // WithRawValue sets the RawValue field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations. // and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the RawValue field is set to the value of the last call. // If called multiple times, the RawValue field is set to the value of the last call.
func (b *ConditionApplyConfiguration) WithRawValue(value v1.JSON) *ConditionApplyConfiguration { func (b *ConditionApplyConfiguration) WithRawValue(value kyverno.Any) *ConditionApplyConfiguration {
b.RawValue = &value b.RawValue = &value
return b return b
} }

10
pkg/client/applyconfigurations/kyverno/v2beta1/validation.go
View file

@ -19,9 +19,9 @@ limitations under the License.
package v2beta1 package v2beta1
import ( import (
kyverno "github.com/kyverno/kyverno/api/kyverno"
v1 "github.com/kyverno/kyverno/api/kyverno/v1" v1 "github.com/kyverno/kyverno/api/kyverno/v1"
kyvernov1 "github.com/kyverno/kyverno/pkg/client/applyconfigurations/kyverno/v1" kyvernov1 "github.com/kyverno/kyverno/pkg/client/applyconfigurations/kyverno/v1"
apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
) )
// ValidationApplyConfiguration represents an declarative configuration of the Validation type for use // ValidationApplyConfiguration represents an declarative configuration of the Validation type for use
@ -32,8 +32,8 @@ type ValidationApplyConfiguration struct {
Message *string `json:"message,omitempty"` Message *string `json:"message,omitempty"`
Manifests *kyvernov1.ManifestsApplyConfiguration `json:"manifests,omitempty"` Manifests *kyvernov1.ManifestsApplyConfiguration `json:"manifests,omitempty"`
ForEachValidation []kyvernov1.ForEachValidationApplyConfiguration `json:"foreach,omitempty"` ForEachValidation []kyvernov1.ForEachValidationApplyConfiguration `json:"foreach,omitempty"`
RawPattern *apiextensionsv1.JSON `json:"pattern,omitempty"` RawPattern *kyverno.Any `json:"pattern,omitempty"`
RawAnyPattern *apiextensionsv1.JSON `json:"anyPattern,omitempty"` RawAnyPattern *kyverno.Any `json:"anyPattern,omitempty"`
Deny *DenyApplyConfiguration `json:"deny,omitempty"` Deny *DenyApplyConfiguration `json:"deny,omitempty"`
PodSecurity *kyvernov1.PodSecurityApplyConfiguration `json:"podSecurity,omitempty"` PodSecurity *kyvernov1.PodSecurityApplyConfiguration `json:"podSecurity,omitempty"`
CEL *kyvernov1.CELApplyConfiguration `json:"cel,omitempty"` CEL *kyvernov1.CELApplyConfiguration `json:"cel,omitempty"`
@ -98,7 +98,7 @@ func (b *ValidationApplyConfiguration) WithForEachValidation(values ...*kyvernov
// WithRawPattern sets the RawPattern field in the declarative configuration to the given value // WithRawPattern sets the RawPattern field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations. // and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the RawPattern field is set to the value of the last call. // If called multiple times, the RawPattern field is set to the value of the last call.
func (b *ValidationApplyConfiguration) WithRawPattern(value apiextensionsv1.JSON) *ValidationApplyConfiguration { func (b *ValidationApplyConfiguration) WithRawPattern(value kyverno.Any) *ValidationApplyConfiguration {
b.RawPattern = &value b.RawPattern = &value
return b return b
} }
@ -106,7 +106,7 @@ func (b *ValidationApplyConfiguration) WithRawPattern(value apiextensionsv1.JSON
// WithRawAnyPattern sets the RawAnyPattern field in the declarative configuration to the given value // WithRawAnyPattern sets the RawAnyPattern field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations. // and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the RawAnyPattern field is set to the value of the last call. // If called multiple times, the RawAnyPattern field is set to the value of the last call.
func (b *ValidationApplyConfiguration) WithRawAnyPattern(value apiextensionsv1.JSON) *ValidationApplyConfiguration { func (b *ValidationApplyConfiguration) WithRawAnyPattern(value kyverno.Any) *ValidationApplyConfiguration {
b.RawAnyPattern = &value b.RawAnyPattern = &value
return b return b
} }