feat: rework conditions marshaling (#10550)

* feat: rework conditions marshaling Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2025-03-31 03:45:17 +00:00 · 2024-06-27 09:00:02 +02:00 · 2024-06-27 09:00:02 +02:00 · 6f4818d724
commit 6f4818d724
parent 418bf25659
7 changed files with 216 additions and 34 deletions
--- a/api/kyverno/v2/condition.go
+++ b/api/kyverno/v2/condition.go
@ -1,11 +1,49 @@
 package v2

 import (
-	kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
-	"k8s.io/apiextensions-apiserver/pkg/apis/apiextensions"
-	apiextv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
+	"github.com/jinzhu/copier"
+	"k8s.io/apimachinery/pkg/util/json"
 )

+type Value any
+
+// Any can be any type.
+// +k8s:deepcopy-gen=false
+type Any struct {
+	// Value contains the value of the Any object.
+	// +optional
+	Value `json:"-"`
+}
+
+func (in *Any) DeepCopyInto(out *Any) {
+	if err := copier.Copy(out, in); err != nil {
+		panic("deep copy failed")
+	}
+}
+
+func (in *Any) DeepCopy() *Any {
+	if in == nil {
+		return nil
+	}
+	out := new(Any)
+	in.DeepCopyInto(out)
+	return out
+}
+
+func (a *Any) MarshalJSON() ([]byte, error) {
+	return json.Marshal(a.Value)
+}
+
+func (a *Any) UnmarshalJSON(data []byte) error {
+	var v any
+	err := json.Unmarshal(data, &v)
+	if err != nil {
+		return err
+	}
+	a.Value = v
+	return nil
+}
+
 // ConditionOperator is the operation performed on condition key and value.
 // +kubebuilder:validation:Enum=Equals;NotEquals;AnyIn;AllIn;AnyNotIn;AllNotIn;GreaterThanOrEquals;GreaterThan;LessThanOrEquals;LessThan;DurationGreaterThanOrEquals;DurationGreaterThan;DurationLessThanOrEquals;DurationLessThan
 type ConditionOperator string
@ -44,7 +82,9 @@ var ConditionOperators = map[string]ConditionOperator{

 type Condition struct {
 	// Key is the context entry (using JMESPath) for conditional rule evaluation.
-	RawKey *apiextv1.JSON `json:"key,omitempty" yaml:"key,omitempty"`
+	// +kubebuilder:validation:Schemaless
+	// +kubebuilder:pruning:PreserveUnknownFields
+	RawKey *Any `json:"key,omitempty" yaml:"key,omitempty"`

 	// Operator is the conditional operation to perform. Valid operators are:
 	// Equals, NotEquals, In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn, GreaterThanOrEquals,
@ -54,27 +94,42 @@ type Condition struct {

 	// Value is the conditional value, or set of values. The values can be fixed set
 	// or can be variables declared using JMESPath.
-	// +optional
-	RawValue *apiextv1.JSON `json:"value,omitempty" yaml:"value,omitempty"`
+	// +kubebuilder:validation:Schemaless
+	// +kubebuilder:pruning:PreserveUnknownFields
+	RawValue *Any `json:"value,omitempty" yaml:"value,omitempty"`

 	// Message is an optional display message
 	Message string `json:"message,omitempty" yaml:"message,omitempty"`
 }

-func (c *Condition) GetKey() apiextensions.JSON {
-	return kyvernov1.FromJSON(c.RawKey)
+func (c *Condition) GetKey() any {
+	if c.RawKey == nil {
+		return nil
+	}
+	return c.RawKey.Value
 }

-func (c *Condition) SetKey(in apiextensions.JSON) {
-	c.RawKey = kyvernov1.ToJSON(in)
+func (c *Condition) SetKey(in any) {
+	var new *Any
+	if in != nil {
+		new = &Any{in}
+	}
+	c.RawKey = new
 }

-func (c *Condition) GetValue() apiextensions.JSON {
-	return kyvernov1.FromJSON(c.RawValue)
+func (c *Condition) GetValue() any {
+	if c.RawValue == nil {
+		return nil
+	}
+	return c.RawValue.Value
 }

-func (c *Condition) SetValue(in apiextensions.JSON) {
-	c.RawValue = kyvernov1.ToJSON(in)
+func (c *Condition) SetValue(in any) {
+	var new *Any
+	if in != nil {
+		new = &Any{in}
+	}
+	c.RawValue = new
 }

 type AnyAllConditions struct {
--- a/api/kyverno/v2/condition_test.go
+++ b/api/kyverno/v2/condition_test.go
@ -0,0 +1,52 @@
+package v2
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"k8s.io/apimachinery/pkg/util/json"
+)
+
+func TestCondition_Marshal(t *testing.T) {
+	type fields struct {
+		RawKey   *Any
+		Operator ConditionOperator
+		RawValue *Any
+		Message  string
+	}
+	tests := []struct {
+		name   string
+		fields fields
+		want   string
+	}{
+		{
+			name: "empty",
+			want: "{}",
+		}, {
+			name: "with key",
+			fields: fields{
+				RawKey: &Any{
+					Value: "{{ request.object.name }}",
+				},
+				Operator: ConditionOperators["Equals"],
+				RawValue: &Any{
+					Value: "dummy",
+				},
+			},
+			want: `{"key":"{{ request.object.name }}","operator":"Equals","value":"dummy"}`,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			c := &Condition{
+				RawKey:   tt.fields.RawKey,
+				Operator: tt.fields.Operator,
+				RawValue: tt.fields.RawValue,
+				Message:  tt.fields.Message,
+			}
+			got, err := json.Marshal(c)
+			assert.NoError(t, err)
+			assert.Equal(t, tt.want, string(got))
+		})
+	}
+}
--- a/api/kyverno/v2/zz_generated.deepcopy.go
+++ b/api/kyverno/v2/zz_generated.deepcopy.go
@ -25,7 +25,6 @@ import (
 	kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
 	v2beta1 "github.com/kyverno/kyverno/api/kyverno/v2beta1"
 	v1 "k8s.io/api/admission/v1"
-	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	runtime "k8s.io/apimachinery/pkg/runtime"
 )
@ -266,13 +265,11 @@ func (in *Condition) DeepCopyInto(out *Condition) {
 	*out = *in
 	if in.RawKey != nil {
 		in, out := &in.RawKey, &out.RawKey
-		*out = new(apiextensionsv1.JSON)
-		(*in).DeepCopyInto(*out)
+		*out = (*in).DeepCopy()
 	}
 	if in.RawValue != nil {
 		in, out := &in.RawValue, &out.RawValue
-		*out = new(apiextensionsv1.JSON)
-		(*in).DeepCopyInto(*out)
+		*out = (*in).DeepCopy()
 	}
 	return
 }
--- a/docs/user/crd/index.html
+++ b/docs/user/crd/index.html
@ -5875,6 +5875,40 @@ Kubernetes admission/v1.Operation
 </tbody>
 </table>
 <hr />
+<h3 id="kyverno.io/v2.Any">Any
+</h3>
+<p>
+(<em>Appears on:</em>
+<a href="#kyverno.io/v2.Condition">Condition</a>)
+</p>
+<p>
+<p>Any can be any type.</p>
+</p>
+<table class="table table-striped">
+<thead class="thead-dark">
+<tr>
+<th>Field</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>
+<code>-</code><br/>
+<em>
+<a href="#kyverno.io/v2.Value">
+Value
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Value contains the value of the Any object.</p>
+</td>
+</tr>
+</tbody>
+</table>
+<hr />
 <h3 id="kyverno.io/v2.AnyAllConditions">AnyAllConditions
 </h3>
 <p>
@ -6092,8 +6126,8 @@ Kubernetes meta/v1.Time
 <td>
 <code>key</code><br/>
 <em>
-<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#json-v1-apiextensions">
-Kubernetes apiextensions/v1.JSON
+<a href="#kyverno.io/v2.Any">
+Any
 </a>
 </em>
 </td>
@ -6121,13 +6155,12 @@ DurationLessThanOrEquals, DurationLessThan</p>
 <td>
 <code>value</code><br/>
 <em>
-<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#json-v1-apiextensions">
-Kubernetes apiextensions/v1.JSON
+<a href="#kyverno.io/v2.Any">
+Any
 </a>
 </em>
 </td>
 <td>
-<em>(Optional)</em>
 <p>Value is the conditional value, or set of values. The values can be fixed set
 or can be variables declared using JMESPath.</p>
 </td>
@ -6582,6 +6615,14 @@ int
 </tbody>
 </table>
 <hr />
+<h3 id="kyverno.io/v2.Value">Value
+</h3>
+<p>
+(<em>Appears on:</em>
+<a href="#kyverno.io/v2.Any">Any</a>)
+</p>
+<p>
+</p>
 <h2 id="kyverno.io/v2alpha1">kyverno.io/v2alpha1</h2>
 <p>
 </p>
--- a/pkg/client/applyconfigurations/kyverno/v2/any.go
+++ b/pkg/client/applyconfigurations/kyverno/v2/any.go
@ -0,0 +1,39 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v2
+
+// AnyApplyConfiguration represents an declarative configuration of the Any type for use
+// with apply.
+type AnyApplyConfiguration struct {
+	Value *interface{} `json:",inline"`
+}
+
+// AnyApplyConfiguration constructs an declarative configuration of the Any type for use with
+// apply.
+func Any() *AnyApplyConfiguration {
+	return &AnyApplyConfiguration{}
+}
+
+// WithValue sets the Value field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Value field is set to the value of the last call.
+func (b *AnyApplyConfiguration) WithValue(value interface{}) *AnyApplyConfiguration {
+	b.Value = &value
+	return b
+}
--- a/pkg/client/applyconfigurations/kyverno/v2/condition.go
+++ b/pkg/client/applyconfigurations/kyverno/v2/condition.go
@ -20,15 +20,14 @@ package v2

 import (
 	v2 "github.com/kyverno/kyverno/api/kyverno/v2"
-	v1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
 )

 // ConditionApplyConfiguration represents an declarative configuration of the Condition type for use
 // with apply.
 type ConditionApplyConfiguration struct {
-	RawKey   *v1.JSON              `json:"key,omitempty"`
+	RawKey   *v2.Any               `json:"key,omitempty"`
 	Operator *v2.ConditionOperator `json:"operator,omitempty"`
-	RawValue *v1.JSON              `json:"value,omitempty"`
+	RawValue *v2.Any               `json:"value,omitempty"`
 	Message  *string               `json:"message,omitempty"`
 }

@ -41,7 +40,7 @@ func Condition() *ConditionApplyConfiguration {
 // WithRawKey sets the RawKey field in the declarative configuration to the given value
 // and returns the receiver, so that objects can be built by chaining "With" function invocations.
 // If called multiple times, the RawKey field is set to the value of the last call.
-func (b *ConditionApplyConfiguration) WithRawKey(value v1.JSON) *ConditionApplyConfiguration {
+func (b *ConditionApplyConfiguration) WithRawKey(value v2.Any) *ConditionApplyConfiguration {
 	b.RawKey = &value
 	return b
 }
@ -57,7 +56,7 @@ func (b *ConditionApplyConfiguration) WithOperator(value v2.ConditionOperator) *
 // WithRawValue sets the RawValue field in the declarative configuration to the given value
 // and returns the receiver, so that objects can be built by chaining "With" function invocations.
 // If called multiple times, the RawValue field is set to the value of the last call.
-func (b *ConditionApplyConfiguration) WithRawValue(value v1.JSON) *ConditionApplyConfiguration {
+func (b *ConditionApplyConfiguration) WithRawValue(value v2.Any) *ConditionApplyConfiguration {
 	b.RawValue = &value
 	return b
 }
--- a/pkg/utils/conditions/condition_test.go
+++ b/pkg/utils/conditions/condition_test.go
@ -9,7 +9,6 @@ import (
 	enginecontext "github.com/kyverno/kyverno/pkg/engine/context"
 	"github.com/kyverno/kyverno/pkg/engine/jmespath"
 	"github.com/kyverno/kyverno/pkg/logging"
-	v1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
 )

 var jp = jmespath.New(config.NewDefaultConfiguration(false))
@ -35,12 +34,12 @@ func Test_checkCondition(t *testing.T) {
 			logger: logging.GlobalLogger(),
 			ctx:    ctx,
 			condition: kyvernov2.Condition{
-				RawKey: &v1.JSON{
-					Raw: []byte(`"{{ request.object.name }}"`),
+				RawKey: &kyvernov2.Any{
+					Value: "{{ request.object.name }}",
 				},
 				Operator: kyvernov2.ConditionOperators["Equals"],
-				RawValue: &v1.JSON{
-					Raw: []byte(`"dummy"`),
+				RawValue: &kyvernov2.Any{
+					Value: "dummy",
 				},
 			},
 		},