mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-06 16:06:56 +00:00
c0d7df709a
* Implement Object type checking based on OpenAPI v3 schema Signed-off-by: Frank Jogeleit <frank.jogeleit@web.de> * Fix conflicting resource name Signed-off-by: Frank Jogeleit <frank.jogeleit@web.de> * make typeName an configurable argument Signed-off-by: Frank Jogeleit <frank.jogeleit@web.de> --------- Signed-off-by: Frank Jogeleit <frank.jogeleit@web.de> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
33 lines
940 B
Go
33 lines
940 B
Go
package resource
|
|
|
|
import (
|
|
"k8s.io/apimachinery/pkg/runtime/schema"
|
|
"k8s.io/apiserver/pkg/cel"
|
|
"k8s.io/apiserver/pkg/cel/common"
|
|
"k8s.io/apiserver/pkg/cel/openapi"
|
|
"k8s.io/kube-openapi/pkg/validation/spec"
|
|
)
|
|
|
|
// https://pkg.go.dev/k8s.io/apiserver@v0.32.0/pkg/cel/openapi/resolver#ClientDiscoveryResolver
|
|
type SchemaClient interface {
|
|
ResolveSchema(gvk schema.GroupVersionKind) (*spec.Schema, error)
|
|
}
|
|
|
|
type OpenAPITypeResolver struct {
|
|
client SchemaClient
|
|
}
|
|
|
|
func (o *OpenAPITypeResolver) GetDeclProvier(gvk schema.GroupVersionKind, typeName string) (*cel.DeclTypeProvider, error) {
|
|
spec, err := o.client.ResolveSchema(gvk)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
schema := common.SchemaDeclType(&openapi.Schema{Schema: spec}, true)
|
|
|
|
return cel.NewDeclTypeProvider(schema.MaybeAssignTypeName(typeName)), nil
|
|
}
|
|
|
|
func NewOpenAPITypeResolver(client SchemaClient) *OpenAPITypeResolver {
|
|
return &OpenAPITypeResolver{client: client}
|
|
}
|