feat: simplify resource cel lib (#12427)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

pkg/cel/libs/resource/impl.go

@@ -10,10 +10,6 @@ type impl struct {
 	types.Adapter
 }
 
-func (c *impl) get_configmap_string_string(args ...ref.Val) ref.Val {
-	return c.get_resource_string_string_string_string(args[0], types.String("v1"), types.String("configmaps"), args[1], args[2])
-}
-
 func (c *impl) get_imagedata_string(ctx ref.Val, image ref.Val) ref.Val {
 	if self, err := utils.ConvertToNative[Context](ctx); err != nil {
 		return types.WrapErr(err)

pkg/cel/libs/resource/impl_test.go

@@ -12,38 +12,6 @@ import (
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 )
 
-func Test_impl_get_configmap_string_string(t *testing.T) {
-	opts := Lib()
-	base, err := cel.NewEnv(opts)
-	assert.NoError(t, err)
-	assert.NotNil(t, base)
-	options := []cel.EnvOption{
-		cel.Variable("resource", ContextType),
-	}
-	env, err := base.Extend(options...)
-	assert.NoError(t, err)
-	assert.NotNil(t, env)
-	ast, issues := env.Compile(`resource.GetConfigMap("foo","bar")`)
-	assert.Nil(t, issues)
-	assert.NotNil(t, ast)
-	prog, err := env.Program(ast)
-	assert.NoError(t, err)
-	assert.NotNil(t, prog)
-	called := false
-	data := map[string]any{
-		"resource": Context{&MockCtx{
-			GetResourceFunc: func(string, string, string, string) (*unstructured.Unstructured, error) {
-				called = true
-				return &unstructured.Unstructured{}, nil
-			},
-		},
-		}}
-	out, _, err := prog.Eval(data)
-	assert.NoError(t, err)
-	assert.NotNil(t, out)
-	assert.True(t, called)
-}
-
 func Test_impl_get_imagedata_string(t *testing.T) {
 	opts := Lib()
 	base, err := cel.NewEnv(opts)

pkg/cel/libs/resource/lib.go

@@ -20,7 +20,6 @@ func Lib() cel.EnvOption {
 
 func Types() []*apiservercel.DeclType {
 	return []*apiservercel.DeclType{
-		configMapType,
 		imageDataType,
 	}
 }
@@ -47,14 +46,6 @@ func (c *lib) extendEnv(env *cel.Env) (*cel.Env, error) {
 	}
 	// build our function overloads
 	libraryDecls := map[string][]cel.FunctionOpt{
-		"GetConfigMap": {
-			cel.MemberOverload(
-				"resource_getconfigmap_string_string",
-				[]*cel.Type{ContextType, types.StringType, types.StringType},
-				configMapType.CelType(),
-				cel.FunctionBinding(impl.get_configmap_string_string),
-			),
-		},
 		"List": {
 			// TODO: should not use DynType in return
 			cel.MemberOverload(

pkg/cel/libs/resource/types.go

@@ -8,7 +8,6 @@ import (
 
 var (
 	ContextType   = types.NewOpaqueType("resource.Context")
-	configMapType = BuildConfigMapType()
 	imageDataType = BuildImageDataType()
 )
 
@@ -22,44 +21,6 @@ type Context struct {
 	ContextInterface
 }
 
-func BuildTypeMetaType() *apiservercel.DeclType {
-	return apiservercel.NewObjectType("kubernetes.TypeMeta", fields(
-		field("apiVersion", apiservercel.StringType, true),
-		field("kind", apiservercel.StringType, true),
-	))
-}
-
-func BuildObjectMetaType() *apiservercel.DeclType {
-	return apiservercel.NewObjectType("kubernetes.ObjectMeta", fields(
-		field("name", apiservercel.StringType, true),
-		field("generateName", apiservercel.StringType, true),
-		field("namespace", apiservercel.StringType, true),
-		field("labels", apiservercel.NewMapType(apiservercel.StringType, apiservercel.StringType, -1), true),
-		field("annotations", apiservercel.NewMapType(apiservercel.StringType, apiservercel.StringType, -1), true),
-		field("UID", apiservercel.StringType, true),
-		field("creationTimestamp", apiservercel.TimestampType, true),
-		field("deletionGracePeriodSeconds", apiservercel.IntType, true),
-		field("deletionTimestamp", apiservercel.TimestampType, true),
-		field("generation", apiservercel.IntType, true),
-		field("resourceVersion", apiservercel.StringType, true),
-		field("finalizers", apiservercel.NewListType(apiservercel.StringType, -1), true),
-	))
-}
-
-func BuildConfigMapType() *apiservercel.DeclType {
-	typeMeta := BuildTypeMetaType()
-	objectMeta := BuildObjectMetaType()
-	f := make([]*apiservercel.DeclField, 0, len(typeMeta.Fields))
-	for _, field := range typeMeta.Fields {
-		f = append(f, field)
-	}
-	f = append(f,
-		field("metadata", objectMeta, true),
-		field("data", apiservercel.NewMapType(apiservercel.StringType, apiservercel.StringType, -1), true),
-	)
-	return apiservercel.NewObjectType("kubernetes.ConfigMap", fields(f...))
-}
-
 func BuildImageDataType() *apiservercel.DeclType {
 	f := make([]*apiservercel.DeclField, 0)
 	f = append(f,

pkg/cel/policy/compiler_test.go

@@ -81,7 +81,7 @@ func Test_compiler_Compile(t *testing.T) {
 				},
 				Variables: []admissionregistrationv1.Variable{{
 					Name:       "cm",
-					Expression: "resource.GetConfigMap('foo', 'bar')",
+					Expression: "resource.Get('v1', 'configmaps', 'foo', 'bar')",
 				}},
 				Validations: []admissionregistrationv1.Validation{{
 					Expression: "variables.cm != null",

test/cli/test-validating-policy/policy-with-cm/policy.yaml

@@ -12,7 +12,7 @@ spec:
   variables:
     - name: cm
       expression: >-
-        resource.GetConfigMap(object.metadata.namespace, "policy-cm")
+        resource.Get("v1", "configmaps", object.metadata.namespace, "policy-cm")
   validations:
     - expression: >-
         object.metadata.name == variables.cm.data.name

test/conformance/chainsaw/validating-policies/context/configmap/policy.yaml

@@ -12,7 +12,7 @@ spec:
   variables:
     - name: cm
       expression: >-
-        resource.GetConfigMap(object.metadata.namespace, "policy-cm")
+        resource.Get("v1", "configmaps", object.metadata.namespace, "policy-cm")
     - name: environment
       expression: >-
         has(object.metadata.labels) && 'env' in object.metadata.labels && object.metadata.labels['env'] == variables.cm.data.env