cel

package
v0.24.10 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 19, 2023 License: Apache-2.0 Imports: 23 Imported by: 13

Documentation

Index

Constants

View Source
const (
	// ScopedVarName is the variable name assigned to the locally scoped data element of a CEL validation
	// expression.
	ScopedVarName = "self"

	// OldScopedVarName is the variable name assigned to the existing value of the locally scoped data element of a
	// CEL validation expression.
	OldScopedVarName = "oldSelf"

	// PerCallLimit specify the actual cost limit per CEL validation call
	// current PerCallLimit gives roughly 0.1 second for each expression validation call
	PerCallLimit = 1000000

	// RuntimeCELCostBudget is the overall cost budget for runtime CEL validation cost per CustomResource
	// current RuntimeCELCostBudget gives roughly 1 seconds for CR validation
	RuntimeCELCostBudget = 10000000
)

Variables

This section is empty.

Functions

func MapIsCorrelatable added in v0.24.0

func MapIsCorrelatable(mapType *string) bool

MapIsCorrelatable returns true if the mapType can be used to correlate the data elements of a map after an update with the data elements of the map from before the updated.

func NewValidationActivation

func NewValidationActivation(obj, oldObj interface{}, structural *schema.Structural) *validationActivation

func UnstructuredToVal

func UnstructuredToVal(unstructured interface{}, schema *structuralschema.Structural) ref.Val

UnstructuredToVal converts a Kubernetes unstructured data element to a CEL Val. The root schema of custom resource schema is expected contain type meta and object meta schemas. If Embedded resources do not contain type meta and object meta schemas, they will be added automatically.

Types

type CompilationResult

type CompilationResult struct {
	Program cel.Program
	Error   *Error
	// If true, the compiled expression contains a reference to the identifier "oldSelf", and its corresponding rule
	// is implicitly a transition rule.
	TransitionRule bool
	// Represents the worst-case cost of the compiled expression in terms of CEL's cost units, as used by cel.EstimateCost.
	MaxCost uint64
	// MaxCardinality represents the worse case number of times this validation rule could be invoked if contained under an
	// unbounded map or list in an OpenAPIv3 schema.
	MaxCardinality uint64
}

CompilationResult represents the cel compilation result for one rule

func Compile

func Compile(s *schema.Structural, isResourceRoot bool, perCallLimit uint64) ([]CompilationResult, error)

Compile compiles all the XValidations rules (without recursing into the schema) and returns a slice containing a CompilationResult for each ValidationRule, or an error. Each CompilationResult may contain: / - non-nil Program, nil Error: The program was compiled successfully

  • nil Program, non-nil Error: Compilation resulted in an error
  • nil Program, nil Error: The provided rule was empty so compilation was not attempted

perCallLimit was added for testing purpose only. Callers should always use const PerCallLimit as input.

type Error

type Error struct {
	Type   ErrorType
	Detail string
}

Error is an implementation of the 'error' interface, which represents a XValidation error.

func (*Error) Error

func (v *Error) Error() string

Error implements the error interface.

type ErrorType

type ErrorType string

ErrorType is a machine readable value providing more detail about why a XValidation is invalid.

const (
	// ErrorTypeRequired is used to report withNullable values that are not
	// provided (e.g. empty strings, null values, or empty arrays).  See
	// Required().
	ErrorTypeRequired ErrorType = "RuleRequired"
	// ErrorTypeInvalid is used to report malformed values
	ErrorTypeInvalid ErrorType = "RuleInvalid"
	// ErrorTypeInternal is used to report other errors that are not related
	// to user input.  See InternalError().
	ErrorTypeInternal ErrorType = "InternalError"
)

type Validator

type Validator struct {
	Items      *Validator
	Properties map[string]Validator

	AdditionalProperties *Validator
	// contains filtered or unexported fields
}

Validator parallels the structure of schema.Structural and includes the compiled CEL programs for the x-kubernetes-validations of each schema node.

func NewValidator

func NewValidator(s *schema.Structural, perCallLimit uint64) *Validator

NewValidator returns compiles all the CEL programs defined in x-kubernetes-validations extensions of the Structural schema and returns a custom resource validator that contains nested validators for all items, properties and additionalProperties that transitively contain validator rules. Returns nil only if there no validator rules in the Structural schema. May return a validator containing only errors. Adding perCallLimit as input arg for testing purpose only. Callers should always use const PerCallLimit as input

func (*Validator) Validate

func (s *Validator) Validate(ctx context.Context, fldPath *field.Path, sts *schema.Structural, obj, oldObj interface{}, costBudget int64) (errs field.ErrorList, remainingBudget int64)

Validate validates all x-kubernetes-validations rules in Validator against obj and returns any errors. If the validation rules exceed the costBudget, subsequent evaluations will be skipped, the list of errs returned will not be empty, and a negative remainingBudget will be returned. Most callers can ignore the returned remainingBudget value unless another validate call is going to be made context is passed for supporting context cancellation during cel validation

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL