1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-31 03:45:17 +00:00

feat: simplify resource cel lib (#12427)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
This commit is contained in:
Charles-Edouard Brétéché 2025-03-18 09:58:59 +01:00 committed by GitHub
parent 6c8446b831
commit c0d7332d14
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
7 changed files with 3 additions and 87 deletions

View file

@ -10,10 +10,6 @@ type impl struct {
types.Adapter types.Adapter
} }
func (c *impl) get_configmap_string_string(args ...ref.Val) ref.Val {
return c.get_resource_string_string_string_string(args[0], types.String("v1"), types.String("configmaps"), args[1], args[2])
}
func (c *impl) get_imagedata_string(ctx ref.Val, image ref.Val) ref.Val { func (c *impl) get_imagedata_string(ctx ref.Val, image ref.Val) ref.Val {
if self, err := utils.ConvertToNative[Context](ctx); err != nil { if self, err := utils.ConvertToNative[Context](ctx); err != nil {
return types.WrapErr(err) return types.WrapErr(err)

View file

@ -12,38 +12,6 @@ import (
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
) )
func Test_impl_get_configmap_string_string(t *testing.T) {
opts := Lib()
base, err := cel.NewEnv(opts)
assert.NoError(t, err)
assert.NotNil(t, base)
options := []cel.EnvOption{
cel.Variable("resource", ContextType),
}
env, err := base.Extend(options...)
assert.NoError(t, err)
assert.NotNil(t, env)
ast, issues := env.Compile(`resource.GetConfigMap("foo","bar")`)
assert.Nil(t, issues)
assert.NotNil(t, ast)
prog, err := env.Program(ast)
assert.NoError(t, err)
assert.NotNil(t, prog)
called := false
data := map[string]any{
"resource": Context{&MockCtx{
GetResourceFunc: func(string, string, string, string) (*unstructured.Unstructured, error) {
called = true
return &unstructured.Unstructured{}, nil
},
},
}}
out, _, err := prog.Eval(data)
assert.NoError(t, err)
assert.NotNil(t, out)
assert.True(t, called)
}
func Test_impl_get_imagedata_string(t *testing.T) { func Test_impl_get_imagedata_string(t *testing.T) {
opts := Lib() opts := Lib()
base, err := cel.NewEnv(opts) base, err := cel.NewEnv(opts)

View file

@ -20,7 +20,6 @@ func Lib() cel.EnvOption {
func Types() []*apiservercel.DeclType { func Types() []*apiservercel.DeclType {
return []*apiservercel.DeclType{ return []*apiservercel.DeclType{
configMapType,
imageDataType, imageDataType,
} }
} }
@ -47,14 +46,6 @@ func (c *lib) extendEnv(env *cel.Env) (*cel.Env, error) {
} }
// build our function overloads // build our function overloads
libraryDecls := map[string][]cel.FunctionOpt{ libraryDecls := map[string][]cel.FunctionOpt{
"GetConfigMap": {
cel.MemberOverload(
"resource_getconfigmap_string_string",
[]*cel.Type{ContextType, types.StringType, types.StringType},
configMapType.CelType(),
cel.FunctionBinding(impl.get_configmap_string_string),
),
},
"List": { "List": {
// TODO: should not use DynType in return // TODO: should not use DynType in return
cel.MemberOverload( cel.MemberOverload(

View file

@ -8,7 +8,6 @@ import (
var ( var (
ContextType = types.NewOpaqueType("resource.Context") ContextType = types.NewOpaqueType("resource.Context")
configMapType = BuildConfigMapType()
imageDataType = BuildImageDataType() imageDataType = BuildImageDataType()
) )
@ -22,44 +21,6 @@ type Context struct {
ContextInterface ContextInterface
} }
func BuildTypeMetaType() *apiservercel.DeclType {
return apiservercel.NewObjectType("kubernetes.TypeMeta", fields(
field("apiVersion", apiservercel.StringType, true),
field("kind", apiservercel.StringType, true),
))
}
func BuildObjectMetaType() *apiservercel.DeclType {
return apiservercel.NewObjectType("kubernetes.ObjectMeta", fields(
field("name", apiservercel.StringType, true),
field("generateName", apiservercel.StringType, true),
field("namespace", apiservercel.StringType, true),
field("labels", apiservercel.NewMapType(apiservercel.StringType, apiservercel.StringType, -1), true),
field("annotations", apiservercel.NewMapType(apiservercel.StringType, apiservercel.StringType, -1), true),
field("UID", apiservercel.StringType, true),
field("creationTimestamp", apiservercel.TimestampType, true),
field("deletionGracePeriodSeconds", apiservercel.IntType, true),
field("deletionTimestamp", apiservercel.TimestampType, true),
field("generation", apiservercel.IntType, true),
field("resourceVersion", apiservercel.StringType, true),
field("finalizers", apiservercel.NewListType(apiservercel.StringType, -1), true),
))
}
func BuildConfigMapType() *apiservercel.DeclType {
typeMeta := BuildTypeMetaType()
objectMeta := BuildObjectMetaType()
f := make([]*apiservercel.DeclField, 0, len(typeMeta.Fields))
for _, field := range typeMeta.Fields {
f = append(f, field)
}
f = append(f,
field("metadata", objectMeta, true),
field("data", apiservercel.NewMapType(apiservercel.StringType, apiservercel.StringType, -1), true),
)
return apiservercel.NewObjectType("kubernetes.ConfigMap", fields(f...))
}
func BuildImageDataType() *apiservercel.DeclType { func BuildImageDataType() *apiservercel.DeclType {
f := make([]*apiservercel.DeclField, 0) f := make([]*apiservercel.DeclField, 0)
f = append(f, f = append(f,

View file

@ -81,7 +81,7 @@ func Test_compiler_Compile(t *testing.T) {
}, },
Variables: []admissionregistrationv1.Variable{{ Variables: []admissionregistrationv1.Variable{{
Name: "cm", Name: "cm",
Expression: "resource.GetConfigMap('foo', 'bar')", Expression: "resource.Get('v1', 'configmaps', 'foo', 'bar')",
}}, }},
Validations: []admissionregistrationv1.Validation{{ Validations: []admissionregistrationv1.Validation{{
Expression: "variables.cm != null", Expression: "variables.cm != null",

View file

@ -12,7 +12,7 @@ spec:
variables: variables:
- name: cm - name: cm
expression: >- expression: >-
resource.GetConfigMap(object.metadata.namespace, "policy-cm") resource.Get("v1", "configmaps", object.metadata.namespace, "policy-cm")
validations: validations:
- expression: >- - expression: >-
object.metadata.name == variables.cm.data.name object.metadata.name == variables.cm.data.name

View file

@ -12,7 +12,7 @@ spec:
variables: variables:
- name: cm - name: cm
expression: >- expression: >-
resource.GetConfigMap(object.metadata.namespace, "policy-cm") resource.Get("v1", "configmaps", object.metadata.namespace, "policy-cm")
- name: environment - name: environment
expression: >- expression: >-
has(object.metadata.labels) && 'env' in object.metadata.labels && object.metadata.labels['env'] == variables.cm.data.env has(object.metadata.labels) && 'env' in object.metadata.labels && object.metadata.labels['env'] == variables.cm.data.env