diff --git a/pkg/cel/libs/context/impl.go b/pkg/cel/libs/context/impl.go index a741d4e78c..94bde3e03a 100644 --- a/pkg/cel/libs/context/impl.go +++ b/pkg/cel/libs/context/impl.go @@ -27,7 +27,7 @@ func (c *impl) get_configmap_string_string(args ...ref.Val) ref.Val { } } -func (c *impl) get_globalreference_string(args ...ref.Val) ref.Val { +func (c *impl) get_globalreference_string_string(args ...ref.Val) ref.Val { if len(args) != 3 { return types.NewErr("expected 3 arguments, got %d", len(args)) } @@ -77,7 +77,7 @@ func (c *impl) parse_imagereference_string(ctx ref.Val, image ref.Val) ref.Val { } } -func (c *impl) list_resource_string(args ...ref.Val) ref.Val { +func (c *impl) list_resources_string_string_string(args ...ref.Val) ref.Val { if self, err := utils.ConvertToNative[Context](args[0]); err != nil { return types.WrapErr(err) } else if apiVersion, err := utils.ConvertToNative[string](args[1]); err != nil { @@ -87,7 +87,7 @@ func (c *impl) list_resource_string(args ...ref.Val) ref.Val { } else if namespace, err := utils.ConvertToNative[string](args[3]); err != nil { return types.WrapErr(err) } else { - list, err := self.ListResource(apiVersion, resource, namespace) + list, err := self.ListResources(apiVersion, resource, namespace) if err != nil { // Errors are not expected here since Parse is a more lenient parser than ParseRequestURI. return types.NewErr("failed to list resource: %v", err) @@ -96,7 +96,7 @@ func (c *impl) list_resource_string(args ...ref.Val) ref.Val { } } -func (c *impl) get_resource_string(args ...ref.Val) ref.Val { +func (c *impl) get_resource_string_string_string_string(args ...ref.Val) ref.Val { if self, err := utils.ConvertToNative[Context](args[0]); err != nil { return types.WrapErr(err) } else if apiVersion, err := utils.ConvertToNative[string](args[1]); err != nil { diff --git a/pkg/cel/libs/context/impl_test.go b/pkg/cel/libs/context/impl_test.go index 254a22310d..4a78a88df3 100644 --- a/pkg/cel/libs/context/impl_test.go +++ b/pkg/cel/libs/context/impl_test.go @@ -38,7 +38,7 @@ func (mock *ctx) ParseImageReference(n string) (imagedataloader.ImageReference, return mock.ParseImageReferenceFunc(n) } -func (mock *ctx) ListResource(apiVersion, resource, namespace string) (*unstructured.UnstructuredList, error) { +func (mock *ctx) ListResources(apiVersion, resource, namespace string) (*unstructured.UnstructuredList, error) { return mock.ListResourcesFunc(apiVersion, resource, namespace) } @@ -105,7 +105,7 @@ func (m *mockEntry) Get(_ string) (any, error) { func (m *mockEntry) Stop() {} -func Test_impl_get_globalreference_string(t *testing.T) { +func Test_impl_get_globalreference_string_string(t *testing.T) { opts := Lib() base, err := cel.NewEnv(opts) assert.NoError(t, err) @@ -265,7 +265,7 @@ func Test_impl_parse_image_ref_string(t *testing.T) { assert.Equal(t, img.Image, "ghcr.io/kyverno/kyverno:latest") } -func Test_impl_get_resource_string(t *testing.T) { +func Test_impl_get_resource_string_string_string_string(t *testing.T) { opts := Lib() base, err := cel.NewEnv(opts) assert.NoError(t, err) @@ -276,7 +276,7 @@ func Test_impl_get_resource_string(t *testing.T) { env, err := base.Extend(options...) assert.NoError(t, err) assert.NotNil(t, env) - ast, issues := env.Compile(`context.GetResource("apps/v1", "Deployment", "default", "nginx")`) + ast, issues := env.Compile(`context.GetResource("apps/v1", "deployments", "default", "nginx")`) assert.Nil(t, issues) assert.NotNil(t, ast) prog, err := env.Program(ast) @@ -287,8 +287,8 @@ func Test_impl_get_resource_string(t *testing.T) { GetResourcesFunc: func(apiVersion, resource, namespace, name string) (*unstructured.Unstructured, error) { return &unstructured.Unstructured{ Object: map[string]any{ - "apiVersion": apiVersion, - "kind": resource, + "apiVersion": "apps/v1", + "kind": "Deployment", "metadata": map[string]any{ "name": name, "namespace": namespace, @@ -305,7 +305,7 @@ func Test_impl_get_resource_string(t *testing.T) { assert.Equal(t, object["kind"].(string), "Deployment") } -func Test_impl_list_resource_string(t *testing.T) { +func Test_impl_list_resources_string_string_string(t *testing.T) { opts := Lib() base, err := cel.NewEnv(opts) assert.NoError(t, err) @@ -316,7 +316,7 @@ func Test_impl_list_resource_string(t *testing.T) { env, err := base.Extend(options...) assert.NoError(t, err) assert.NotNil(t, env) - ast, issues := env.Compile(`context.ListResource("apps/v1", "Deployment", "default")`) + ast, issues := env.Compile(`context.ListResources("apps/v1", "deployments", "default")`) assert.Nil(t, issues) assert.NotNil(t, ast) prog, err := env.Program(ast) @@ -329,8 +329,8 @@ func Test_impl_list_resource_string(t *testing.T) { Items: []unstructured.Unstructured{ { Object: map[string]any{ - "apiVersion": apiVersion, - "kind": resource, + "apiVersion": "apps/v1", + "kind": "Deployment", "metadata": map[string]any{ "name": "nginx", "namespace": namespace, diff --git a/pkg/cel/libs/context/lib.go b/pkg/cel/libs/context/lib.go index a11cc94e61..935ecc57d5 100644 --- a/pkg/cel/libs/context/lib.go +++ b/pkg/cel/libs/context/lib.go @@ -48,26 +48,54 @@ func (c *lib) extendEnv(env *cel.Env) (*cel.Env, error) { // build our function overloads libraryDecls := map[string][]cel.FunctionOpt{ "GetConfigMap": { - cel.MemberOverload("get_configmap_string_string", []*cel.Type{ContextType, types.StringType, types.StringType}, configMapType.CelType(), cel.FunctionBinding(impl.get_configmap_string_string)), + cel.MemberOverload( + "get_configmap_string_string", + []*cel.Type{ContextType, types.StringType, types.StringType}, + configMapType.CelType(), + cel.FunctionBinding(impl.get_configmap_string_string), + ), }, "GetGlobalReference": { - // TODO: should not use DynType in return - cel.MemberOverload("get_globalreference_string", []*cel.Type{ContextType, types.StringType, types.StringType}, types.DynType, cel.FunctionBinding(impl.get_globalreference_string)), + cel.MemberOverload( + "get_globalreference_string_string", + []*cel.Type{ContextType, types.StringType, types.StringType}, + types.DynType, + cel.FunctionBinding(impl.get_globalreference_string_string), + ), }, "GetImageData": { - // TODO: should not use DynType in return - cel.MemberOverload("get_imagedata_string", []*cel.Type{ContextType, types.StringType}, imageDataType.CelType(), cel.BinaryBinding(impl.get_imagedata_string)), + cel.MemberOverload( + "get_imagedata_string", + []*cel.Type{ContextType, types.StringType}, + imageDataType.CelType(), + cel.BinaryBinding(impl.get_imagedata_string), + ), }, "ParseImageReference": { - cel.MemberOverload("parse_image_reference_string", []*cel.Type{ContextType, types.StringType}, imageReferenceType.CelType(), cel.BinaryBinding(impl.parse_imagereference_string)), + cel.MemberOverload( + "parse_image_reference_string", + []*cel.Type{ContextType, types.StringType}, + imageReferenceType.CelType(), + cel.BinaryBinding(impl.parse_imagereference_string), + ), }, - "ListResource": { + "ListResources": { // TODO: should not use DynType in return - cel.MemberOverload("list_resource_string", []*cel.Type{ContextType, types.StringType, types.StringType, types.StringType}, types.DynType, cel.FunctionBinding(impl.list_resource_string)), + cel.MemberOverload( + "list_resources_string_string_string", + []*cel.Type{ContextType, types.StringType, types.StringType, types.StringType}, + types.DynType, + cel.FunctionBinding(impl.list_resources_string_string_string), + ), }, "GetResource": { // TODO: should not use DynType in return - cel.MemberOverload("get_resource_string", []*cel.Type{ContextType, types.StringType, types.StringType, types.StringType, types.StringType}, types.DynType, cel.FunctionBinding(impl.get_resource_string)), + cel.MemberOverload( + "get_resource_string_string_string_string", + []*cel.Type{ContextType, types.StringType, types.StringType, types.StringType, types.StringType}, + types.DynType, + cel.FunctionBinding(impl.get_resource_string_string_string_string), + ), }, } // create env options corresponding to our function overloads diff --git a/pkg/cel/libs/context/types.go b/pkg/cel/libs/context/types.go index 8e8b430a39..5a7541a19a 100644 --- a/pkg/cel/libs/context/types.go +++ b/pkg/cel/libs/context/types.go @@ -19,7 +19,7 @@ type ContextInterface interface { GetGlobalReference(string, string) (any, error) GetImageData(string) (*imagedataloader.ImageData, error) ParseImageReference(string) (imagedataloader.ImageReference, error) - ListResource(apiVersion, resource, namespace string) (*unstructured.UnstructuredList, error) + ListResources(apiVersion, resource, namespace string) (*unstructured.UnstructuredList, error) GetResource(apiVersion, resource, namespace, name string) (*unstructured.Unstructured, error) } diff --git a/pkg/cel/policy/context.go b/pkg/cel/policy/context.go index 84d3b5d37a..93f7fa0e27 100644 --- a/pkg/cel/policy/context.go +++ b/pkg/cel/policy/context.go @@ -114,7 +114,7 @@ func isLikelyKubernetesObject(data any) bool { return false } -func (cp *contextProvider) ListResource(apiVersion, resource, namespace string) (*unstructured.UnstructuredList, error) { +func (cp *contextProvider) ListResources(apiVersion, resource, namespace string) (*unstructured.UnstructuredList, error) { groupVersion, err := schema.ParseGroupVersion(apiVersion) if err != nil { return nil, err