1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2024-12-14 11:57:48 +00:00

feat: improve api json parsing (#10600)

* feat: improve api json parsing

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

---------

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
This commit is contained in:
Charles-Edouard Brétéché 2024-07-04 16:05:42 +02:00 committed by GitHub
parent c2a9e9ef69
commit 1647675190
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
7 changed files with 54 additions and 64 deletions

View file

@ -1,9 +1,8 @@
package v2beta1
import (
"github.com/kyverno/kyverno/api/kyverno"
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
"k8s.io/apiextensions-apiserver/pkg/apis/apiextensions"
apiextv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
)
// Validation defines checks to be performed on matching resources.
@ -34,13 +33,15 @@ type Validation struct {
ForEachValidation []kyvernov1.ForEachValidation `json:"foreach,omitempty" yaml:"foreach,omitempty"`
// Pattern specifies an overlay-style pattern used to check resources.
// +optional
RawPattern *apiextv1.JSON `json:"pattern,omitempty" yaml:"pattern,omitempty"`
// +kubebuilder:validation:Schemaless
// +kubebuilder:pruning:PreserveUnknownFields
RawPattern *kyverno.Any `json:"pattern,omitempty" yaml:"pattern,omitempty"`
// AnyPattern specifies list of validation patterns. At least one of the patterns
// must be satisfied for the validation rule to succeed.
// +optional
RawAnyPattern *apiextv1.JSON `json:"anyPattern,omitempty" yaml:"anyPattern,omitempty"`
// +kubebuilder:validation:Schemaless
// +kubebuilder:pruning:PreserveUnknownFields
RawAnyPattern *kyverno.Any `json:"anyPattern,omitempty" yaml:"anyPattern,omitempty"`
// Deny defines conditions used to pass or fail a validation rule.
// +optional
@ -101,7 +102,9 @@ type Deny struct {
type Condition struct {
// Key is the context entry (using JMESPath) for conditional rule evaluation.
RawKey *apiextv1.JSON `json:"key,omitempty" yaml:"key,omitempty"`
// +kubebuilder:validation:Schemaless
// +kubebuilder:pruning:PreserveUnknownFields
RawKey *kyverno.Any `json:"key,omitempty" yaml:"key,omitempty"`
// Operator is the conditional operation to perform. Valid operators are:
// Equals, NotEquals, In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn, GreaterThanOrEquals,
@ -111,27 +114,28 @@ type Condition struct {
// Value is the conditional value, or set of values. The values can be fixed set
// or can be variables declared using JMESPath.
// +optional
RawValue *apiextv1.JSON `json:"value,omitempty" yaml:"value,omitempty"`
// +kubebuilder:validation:Schemaless
// +kubebuilder:pruning:PreserveUnknownFields
RawValue *kyverno.Any `json:"value,omitempty" yaml:"value,omitempty"`
// Message is an optional display message
Message string `json:"message,omitempty" yaml:"message,omitempty"`
}
func (c *Condition) GetKey() apiextensions.JSON {
return kyvernov1.FromJSON(c.RawKey)
func (c *Condition) GetKey() any {
return kyverno.FromAny(c.RawKey)
}
func (c *Condition) SetKey(in apiextensions.JSON) {
c.RawKey = kyvernov1.ToJSON(in)
func (c *Condition) SetKey(in any) {
c.RawKey = kyverno.ToAny(in)
}
func (c *Condition) GetValue() apiextensions.JSON {
return kyvernov1.FromJSON(c.RawValue)
func (c *Condition) GetValue() any {
return kyverno.FromAny(c.RawValue)
}
func (c *Condition) SetValue(in apiextensions.JSON) {
c.RawValue = kyvernov1.ToJSON(in)
func (c *Condition) SetValue(in any) {
c.RawValue = kyverno.ToAny(in)
}
type AnyAllConditions struct {

View file

@ -3,9 +3,9 @@ package v2beta1
import (
"testing"
"github.com/kyverno/kyverno/api/kyverno"
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
"gotest.tools/assert"
apiextv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
"k8s.io/apimachinery/pkg/util/validation/field"
)
@ -24,9 +24,7 @@ func Test_Validate_UniqueRuleName(t *testing.T) {
},
Validation: Validation{
Message: "message",
RawAnyPattern: &apiextv1.JSON{
Raw: []byte("{"),
},
RawAnyPattern: kyverno.ToAny("{"),
},
}, {
Name: "deny-privileged-disallowpriviligedescalation",
@ -40,9 +38,7 @@ func Test_Validate_UniqueRuleName(t *testing.T) {
}},
Validation: Validation{
Message: "message",
RawAnyPattern: &apiextv1.JSON{
Raw: []byte("{"),
},
RawAnyPattern: kyverno.ToAny("{"),
},
}},
}

View file

@ -24,7 +24,6 @@ package v2beta1
import (
v1 "github.com/kyverno/kyverno/api/kyverno/v1"
admissionregistrationv1 "k8s.io/api/admissionregistration/v1"
apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
runtime "k8s.io/apimachinery/pkg/runtime"
)
@ -305,13 +304,11 @@ func (in *Condition) DeepCopyInto(out *Condition) {
*out = *in
if in.RawKey != nil {
in, out := &in.RawKey, &out.RawKey
*out = new(apiextensionsv1.JSON)
(*in).DeepCopyInto(*out)
*out = (*in).DeepCopy()
}
if in.RawValue != nil {
in, out := &in.RawValue, &out.RawValue
*out = new(apiextensionsv1.JSON)
(*in).DeepCopyInto(*out)
*out = (*in).DeepCopy()
}
return
}
@ -857,13 +854,11 @@ func (in *Validation) DeepCopyInto(out *Validation) {
}
if in.RawPattern != nil {
in, out := &in.RawPattern, &out.RawPattern
*out = new(apiextensionsv1.JSON)
(*in).DeepCopyInto(*out)
*out = (*in).DeepCopy()
}
if in.RawAnyPattern != nil {
in, out := &in.RawAnyPattern, &out.RawAnyPattern
*out = new(apiextensionsv1.JSON)
(*in).DeepCopyInto(*out)
*out = (*in).DeepCopy()
}
if in.Deny != nil {
in, out := &in.Deny, &out.Deny

View file

@ -8100,9 +8100,7 @@ Kubernetes meta/v1.Time
<td>
<code>key</code><br/>
<em>
<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#json-v1-apiextensions">
Kubernetes apiextensions/v1.JSON
</a>
github.com/kyverno/kyverno/api/kyverno.Any
</em>
</td>
<td>
@ -8129,13 +8127,10 @@ DurationLessThanOrEquals, DurationLessThan</p>
<td>
<code>value</code><br/>
<em>
<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#json-v1-apiextensions">
Kubernetes apiextensions/v1.JSON
</a>
github.com/kyverno/kyverno/api/kyverno.Any
</em>
</td>
<td>
<em>(Optional)</em>
<p>Value is the conditional value, or set of values. The values can be fixed set
or can be variables declared using JMESPath.</p>
</td>
@ -9205,13 +9200,10 @@ Manifests
<td>
<code>pattern</code><br/>
<em>
<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#json-v1-apiextensions">
Kubernetes apiextensions/v1.JSON
</a>
github.com/kyverno/kyverno/api/kyverno.Any
</em>
</td>
<td>
<em>(Optional)</em>
<p>Pattern specifies an overlay-style pattern used to check resources.</p>
</td>
</tr>
@ -9219,13 +9211,10 @@ Kubernetes apiextensions/v1.JSON
<td>
<code>anyPattern</code><br/>
<em>
<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#json-v1-apiextensions">
Kubernetes apiextensions/v1.JSON
</a>
github.com/kyverno/kyverno/api/kyverno.Any
</em>
</td>
<td>
<em>(Optional)</em>
<p>AnyPattern specifies list of validation patterns. At least one of the patterns
must be satisfied for the validation rule to succeed.</p>
</td>

View file

@ -2444,7 +2444,7 @@ and admission review request information like the name or role.</p>
<span style="font-family: monospace">k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.JSON</span>
<span style="font-family: monospace">github.com/kyverno/kyverno/api/kyverno.Any</span>
</td>
@ -2500,12 +2500,14 @@ DurationLessThanOrEquals, DurationLessThan</p>
<tr>
<td><code>value</code>
<span style="color:blue;"> *</span>
</br>
<span style="font-family: monospace">k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.JSON</span>
<span style="font-family: monospace">github.com/kyverno/kyverno/api/kyverno.Any</span>
</td>
@ -4666,12 +4668,14 @@ namespace-wise. It overrides ValidationFailureAction for the specified namespace
<tr>
<td><code>pattern</code>
<span style="color:blue;"> *</span>
</br>
<span style="font-family: monospace">k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.JSON</span>
<span style="font-family: monospace">github.com/kyverno/kyverno/api/kyverno.Any</span>
</td>
@ -4693,12 +4697,14 @@ namespace-wise. It overrides ValidationFailureAction for the specified namespace
<tr>
<td><code>anyPattern</code>
<span style="color:blue;"> *</span>
</br>
<span style="font-family: monospace">k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.JSON</span>
<span style="font-family: monospace">github.com/kyverno/kyverno/api/kyverno.Any</span>
</td>

View file

@ -19,16 +19,16 @@ limitations under the License.
package v2beta1
import (
kyverno "github.com/kyverno/kyverno/api/kyverno"
v2beta1 "github.com/kyverno/kyverno/api/kyverno/v2beta1"
v1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
)
// ConditionApplyConfiguration represents an declarative configuration of the Condition type for use
// with apply.
type ConditionApplyConfiguration struct {
RawKey *v1.JSON `json:"key,omitempty"`
RawKey *kyverno.Any `json:"key,omitempty"`
Operator *v2beta1.ConditionOperator `json:"operator,omitempty"`
RawValue *v1.JSON `json:"value,omitempty"`
RawValue *kyverno.Any `json:"value,omitempty"`
Message *string `json:"message,omitempty"`
}
@ -41,7 +41,7 @@ func Condition() *ConditionApplyConfiguration {
// WithRawKey sets the RawKey field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the RawKey field is set to the value of the last call.
func (b *ConditionApplyConfiguration) WithRawKey(value v1.JSON) *ConditionApplyConfiguration {
func (b *ConditionApplyConfiguration) WithRawKey(value kyverno.Any) *ConditionApplyConfiguration {
b.RawKey = &value
return b
}
@ -57,7 +57,7 @@ func (b *ConditionApplyConfiguration) WithOperator(value v2beta1.ConditionOperat
// WithRawValue sets the RawValue field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the RawValue field is set to the value of the last call.
func (b *ConditionApplyConfiguration) WithRawValue(value v1.JSON) *ConditionApplyConfiguration {
func (b *ConditionApplyConfiguration) WithRawValue(value kyverno.Any) *ConditionApplyConfiguration {
b.RawValue = &value
return b
}

View file

@ -19,9 +19,9 @@ limitations under the License.
package v2beta1
import (
kyverno "github.com/kyverno/kyverno/api/kyverno"
v1 "github.com/kyverno/kyverno/api/kyverno/v1"
kyvernov1 "github.com/kyverno/kyverno/pkg/client/applyconfigurations/kyverno/v1"
apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
)
// ValidationApplyConfiguration represents an declarative configuration of the Validation type for use
@ -32,8 +32,8 @@ type ValidationApplyConfiguration struct {
Message *string `json:"message,omitempty"`
Manifests *kyvernov1.ManifestsApplyConfiguration `json:"manifests,omitempty"`
ForEachValidation []kyvernov1.ForEachValidationApplyConfiguration `json:"foreach,omitempty"`
RawPattern *apiextensionsv1.JSON `json:"pattern,omitempty"`
RawAnyPattern *apiextensionsv1.JSON `json:"anyPattern,omitempty"`
RawPattern *kyverno.Any `json:"pattern,omitempty"`
RawAnyPattern *kyverno.Any `json:"anyPattern,omitempty"`
Deny *DenyApplyConfiguration `json:"deny,omitempty"`
PodSecurity *kyvernov1.PodSecurityApplyConfiguration `json:"podSecurity,omitempty"`
CEL *kyvernov1.CELApplyConfiguration `json:"cel,omitempty"`
@ -98,7 +98,7 @@ func (b *ValidationApplyConfiguration) WithForEachValidation(values ...*kyvernov
// WithRawPattern sets the RawPattern field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the RawPattern field is set to the value of the last call.
func (b *ValidationApplyConfiguration) WithRawPattern(value apiextensionsv1.JSON) *ValidationApplyConfiguration {
func (b *ValidationApplyConfiguration) WithRawPattern(value kyverno.Any) *ValidationApplyConfiguration {
b.RawPattern = &value
return b
}
@ -106,7 +106,7 @@ func (b *ValidationApplyConfiguration) WithRawPattern(value apiextensionsv1.JSON
// WithRawAnyPattern sets the RawAnyPattern field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the RawAnyPattern field is set to the value of the last call.
func (b *ValidationApplyConfiguration) WithRawAnyPattern(value apiextensionsv1.JSON) *ValidationApplyConfiguration {
func (b *ValidationApplyConfiguration) WithRawAnyPattern(value kyverno.Any) *ValidationApplyConfiguration {
b.RawAnyPattern = &value
return b
}