validation

package
v0.27.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 18, 2023 License: Apache-2.0 Imports: 27 Imported by: 51

Documentation

Index

Constants

View Source
const (
	// StaticEstimatedCostLimit represents the largest-allowed static CEL cost on a per-expression basis.
	StaticEstimatedCostLimit = 10000000
	// StaticEstimatedCRDCostLimit represents the largest-allowed total cost for the x-kubernetes-validations rules of a CRD.
	StaticEstimatedCRDCostLimit = 100000000
)

Variables

This section is empty.

Functions

func HasSchemaWith added in v0.23.0

func SchemaHas added in v0.23.0

SchemaHas recursively traverses the Schema and calls the `pred` predicate to see if the schema contains specific values.

The predicate MUST NOT keep a copy of the json schema NOR modify the schema.

func SchemaHasInvalidTypes added in v0.16.4

func SchemaHasInvalidTypes(s *apiextensions.JSONSchemaProps) bool

SchemaHasInvalidTypes returns true if it contains invalid offending openapi-v3 specification.

func ValidateCustomResourceColumnDefinition

func ValidateCustomResourceColumnDefinition(col *apiextensions.CustomResourceColumnDefinition, fldPath *field.Path) field.ErrorList

ValidateCustomResourceColumnDefinition statically validates a printer column.

func ValidateCustomResourceConversion

func ValidateCustomResourceConversion(conversion *apiextensions.CustomResourceConversion, fldPath *field.Path) field.ErrorList

ValidateCustomResourceConversion statically validates

func ValidateCustomResourceDefinition

func ValidateCustomResourceDefinition(ctx context.Context, obj *apiextensions.CustomResourceDefinition) field.ErrorList

ValidateCustomResourceDefinition statically validates context is passed for supporting context cancellation during cel validation when validating defaults

func ValidateCustomResourceDefinitionNames

func ValidateCustomResourceDefinitionNames(names *apiextensions.CustomResourceDefinitionNames, fldPath *field.Path) field.ErrorList

ValidateCustomResourceDefinitionNames statically validates

func ValidateCustomResourceDefinitionStatus

func ValidateCustomResourceDefinitionStatus(status *apiextensions.CustomResourceDefinitionStatus, fldPath *field.Path) field.ErrorList

ValidateCustomResourceDefinitionStatus statically validates

func ValidateCustomResourceDefinitionStoredVersions

func ValidateCustomResourceDefinitionStoredVersions(storedVersions []string, versions []apiextensions.CustomResourceDefinitionVersion, fldPath *field.Path) field.ErrorList

ValidateCustomResourceDefinitionStoredVersions statically validates

func ValidateCustomResourceDefinitionSubresources

func ValidateCustomResourceDefinitionSubresources(subresources *apiextensions.CustomResourceSubresources, fldPath *field.Path) field.ErrorList

ValidateCustomResourceDefinitionSubresources statically validates

func ValidateCustomResourceDefinitionUpdate

func ValidateCustomResourceDefinitionUpdate(ctx context.Context, obj, oldObj *apiextensions.CustomResourceDefinition) field.ErrorList

ValidateCustomResourceDefinitionUpdate statically validates context is passed for supporting context cancellation during cel validation when validating defaults

func ValidateUpdateCustomResourceDefinitionStatus

func ValidateUpdateCustomResourceDefinitionStatus(obj, oldObj *apiextensions.CustomResourceDefinition) field.ErrorList

ValidateUpdateCustomResourceDefinitionStatus statically validates

Types

type CELSchemaContext added in v0.25.0

type CELSchemaContext struct {

	// MaxCardinality represents a limit to the number of data elements that can exist for the current
	// schema based on MaxProperties or MaxItems limits present on parent schemas, If all parent
	// map and array schemas have MaxProperties or MaxItems limits declared MaxCardinality is
	// an int pointer representing the product of these limits.  If least one parent map or list schema
	// does not have a MaxProperties or MaxItems limits set, the MaxCardinality is nil, indicating
	// that the parent schemas offer no bound to the number of times a data element for the current
	// schema can exist.
	MaxCardinality *uint64
	// TotalCost accumulates the x-kubernetes-validators estimated rule cost total for an entire custom resource
	// definition. A single TotalCost is allocated for each CustomResourceDefinition and passed through the stack as the
	// CustomResourceDefinition's OpenAPIv3 schema is recursively validated.
	TotalCost *TotalCost
	// contains filtered or unexported fields
}

CELSchemaContext keeps track of data used by x-kubernetes-validations rules for a specific schema node.

func RootCELContext added in v0.25.0

func RootCELContext(schema *apiextensions.JSONSchemaProps) *CELSchemaContext

RootCELContext constructs CELSchemaContext for the given root schema.

func (*CELSchemaContext) ChildAdditionalPropertiesContext added in v0.25.0

func (c *CELSchemaContext) ChildAdditionalPropertiesContext(propsSchema *apiextensions.JSONSchemaProps) *CELSchemaContext

ChildAdditionalPropertiesContext returns nil, nil if this CELSchemaContext is nil, otherwise it constructs and returns a CELSchemaContext for the properties of an object if this CELSchemaContext is an object. schema must be non-nil and have a non-nil schema.AdditionalProperties.

func (*CELSchemaContext) ChildItemsContext added in v0.25.0

func (c *CELSchemaContext) ChildItemsContext(itemsSchema *apiextensions.JSONSchemaProps) *CELSchemaContext

ChildItemsContext returns nil, nil if this CELSchemaContext is nil, otherwise it constructs and returns a CELSchemaContext for the items of an array if this CELSchemaContext is an array.

func (*CELSchemaContext) ChildPropertyContext added in v0.25.0

func (c *CELSchemaContext) ChildPropertyContext(propSchema *apiextensions.JSONSchemaProps, propertyName string) *CELSchemaContext

ChildPropertyContext returns nil, nil if this CELSchemaContext is nil, otherwise constructs and returns a CELSchemaContext for propertyName.

func (*CELSchemaContext) TypeInfo added in v0.25.0

func (c *CELSchemaContext) TypeInfo() (*CELTypeInfo, error)

TypeInfo returns the CELTypeInfo for this CELSchemaContext node. Returns nil, nil if this CELSchemaContext is nil, or if current level or above does not have x-kubernetes-validations rules. The returned type info is shared and should not be modified by the caller.

type CELTypeInfo added in v0.25.0

type CELTypeInfo struct {
	// Schema is a structural schema for this CELSchemaContext node. It must be non-nil.
	Schema *structuralschema.Structural
	// DeclType is a CEL declaration representation of Schema of this CELSchemaContext node. It must be non-nil.
	DeclType *cel.DeclType
}

CELTypeInfo represents all the typeInfo needed by CEL to compile x-kubernetes-validations rules for a schema node.

type OpenAPISchemaErrorList added in v0.25.0

type OpenAPISchemaErrorList struct {
	SchemaErrors field.ErrorList
	CELErrors    field.ErrorList
}

OpenAPISchemaErrorList tracks all validation errors reported ValidateCustomResourceDefinitionOpenAPISchema with CEL related errors kept separate from schema related errors.

func ValidateCustomResourceDefinitionOpenAPISchema

func ValidateCustomResourceDefinitionOpenAPISchema(schema *apiextensions.JSONSchemaProps, fldPath *field.Path, ssv specStandardValidator, isRoot bool, opts *validationOptions, celContext *CELSchemaContext) *OpenAPISchemaErrorList

ValidateCustomResourceDefinitionOpenAPISchema statically validates

func (*OpenAPISchemaErrorList) AllErrors added in v0.25.0

func (o *OpenAPISchemaErrorList) AllErrors() field.ErrorList

AllErrors returns a list containing both schema and CEL errors.

func (*OpenAPISchemaErrorList) AppendErrors added in v0.25.0

func (o *OpenAPISchemaErrorList) AppendErrors(list *OpenAPISchemaErrorList)

AppendErrors appends all errors in the provided list with the errors of this list.

type RuleCost added in v0.25.0

type RuleCost struct {
	Path *field.Path
	Cost uint64
}

RuleCost represents the cost of evaluating a single x-kubernetes-validations rule.

type TotalCost added in v0.25.0

type TotalCost struct {
	// Total accumulates the x-kubernetes-validations estimated rule cost total.
	Total uint64
	// MostExpensive accumulates the top 4 most expensive rules contributing to the Total. Only rules
	// that accumulate at least 1% of total cost limit are included.
	MostExpensive []RuleCost
}

TotalCost tracks the total cost of evaluating all the x-kubernetes-validations rules of a CustomResourceDefinition.

func (*TotalCost) ObserveExpressionCost added in v0.25.0

func (c *TotalCost) ObserveExpressionCost(path *field.Path, cost uint64)

ObserveExpressionCost accumulates the cost of evaluating a -kubernetes-validations rule.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL