Documentation ¶
Index ¶
- func ResolverEnvOption(resolver TypeResolver) cel.EnvOption
- func SchemaDeclType(s Schema, isResourceRoot bool) *apiservercel.DeclType
- func UnstructuredToVal(unstructured interface{}, schema Schema) ref.Val
- func WithTypeAndObjectMeta(s *spec.Schema) *spec.Schema
- type CorrelatedObject
- type KubeExtensions
- type MapList
- type ResolvedType
- type ResolverTypeProvider
- func (p *ResolverTypeProvider) EnumValue(enumName string) ref.Val
- func (p *ResolverTypeProvider) FindIdent(identName string) (ref.Val, bool)
- func (p *ResolverTypeProvider) FindStructFieldNames(structType string) ([]string, bool)
- func (p *ResolverTypeProvider) FindStructFieldType(structType, fieldName string) (*types.FieldType, bool)
- func (p *ResolverTypeProvider) FindStructType(structType string) (*types.Type, bool)
- func (p *ResolverTypeProvider) NewValue(structType string, fields map[string]ref.Val) ref.Val
- type Schema
- type SchemaOrBool
- type TypeResolver
- type ValidationRule
- type Validations
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ResolverEnvOption ¶ added in v0.32.0
func ResolverEnvOption(resolver TypeResolver) cel.EnvOption
ResolverEnvOption creates the ResolverTypeProvider with a given DynamicTypeResolver, and also returns the CEL ResolverEnvOption to apply it to the env.
func SchemaDeclType ¶
func SchemaDeclType(s Schema, isResourceRoot bool) *apiservercel.DeclType
SchemaDeclType converts the structural schema to a CEL declaration, or returns nil if the structural schema should not be exposed in CEL expressions. Set isResourceRoot to true for the root of a custom resource or embedded resource.
Schemas with XPreserveUnknownFields not exposed unless they are objects. Array and "maps" schemas are not exposed if their items or additionalProperties schemas are not exposed. Object Properties are not exposed if their schema is not exposed.
The CEL declaration for objects with XPreserveUnknownFields does not expose unknown fields.
func UnstructuredToVal ¶
UnstructuredToVal converts a Kubernetes unstructured data element to a CEL Val. The root schema of custom resource schema is expected contain type meta and object meta schemas. If Embedded resources do not contain type meta and object meta schemas, they will be added automatically.
Types ¶
type CorrelatedObject ¶ added in v0.29.0
type CorrelatedObject struct { // to determine how to correlate the old object. Schema Schema // children. Duration *time.Duration // contains filtered or unexported fields }OldValue interface{} Value interface{}
CorrelatedObject represents a node in a tree of objects that are being validated. It is used to keep track of the old value of an object during traversal of the new value. It is also used to cache the results of DeepEqual comparisons between the old and new values of objects.
All receiver functions support being called on `nil` to support ergonomic recursive descent. The nil `CorrelatedObject` represents an uncorrelatable node in the tree.
CorrelatedObject is not thread-safe. It is the responsibility of the caller to handle concurrency, if any.
func NewCorrelatedObject ¶ added in v0.29.0
func NewCorrelatedObject(new, old interface{}, schema Schema) *CorrelatedObject
func (*CorrelatedObject) CachedDeepEqual ¶ added in v0.29.0
func (r *CorrelatedObject) CachedDeepEqual() (res bool)
CachedDeepEqual is equivalent to reflect.DeepEqual, but caches the results in the tree of ratchetInvocationScratch objects on the way:
For objects and arrays, this function will make a best effort to make use of past DeepEqual checks performed by this Node's children, if available.
If a lazy computation could not be found for all children possibly due to validation logic short circuiting and skipping the children, then this function simply defers to reflect.DeepEqual.
func (*CorrelatedObject) Index ¶ added in v0.29.0
func (r *CorrelatedObject) Index(i int) *CorrelatedObject
Index returns the child of the receiver at the given index. Returns nil if the given index is out of bounds, or its value is not correlatable to an old value. If receiver is nil or if the new value is not an array, returns nil.
func (*CorrelatedObject) Key ¶ added in v0.29.0
func (r *CorrelatedObject) Key(field string) *CorrelatedObject
Key returns the child of the receiver with the given name. Returns nil if the given name is does not exist in the new object, or its value is not correlatable to an old value. If receiver is nil or if the new value is not an object/map, returns nil.
type KubeExtensions ¶
type KubeExtensions interface { IsXIntOrString() bool IsXEmbeddedResource() bool IsXPreserveUnknownFields() bool XListType() string XListMapKeys() []string XMapType() string XValidations() []ValidationRule }
KubeExtensions contains Kubernetes-specific extensions to the OpenAPI schema.
type MapList ¶
type MapList interface { // Get returns the first element having given key, for all // x-kubernetes-list-map-keys, to the provided object. If the provided object isn't itself a valid MapList element, // get returns nil. Get(interface{}) interface{} }
MapList provides a "lookup by key" operation for lists (arrays) with x-kubernetes-list-type=map.
func MakeMapList ¶
MakeMapList returns a queryable interface over the provided x-kubernetes-list-type=map keyedItems. If the provided schema is _not_ an array with x-kubernetes-list-type=map, returns an empty mapList.
type ResolvedType ¶ added in v0.32.0
type ResolvedType interface { ref.Type Type() *types.Type // Field finds the field by the field name, or false if the field is not known. // This function directly return a FieldType that is known to CEL to be more customizable. Field(name string) (*types.FieldType, bool) // FieldNames returns the field names associated with the type, if the type // is found. FieldNames() ([]string, bool) // Val creates an instance for the ResolvedType, given its fields and their values. Val(fields map[string]ref.Val) ref.Val }
ResolvedType refers an object type that can be looked up for its fields.
type ResolverTypeProvider ¶ added in v0.32.0
type ResolverTypeProvider struct {
// contains filtered or unexported fields
}
ResolverTypeProvider delegates type resolution first to the TypeResolver and then to the underlying types.Provider for types not resolved by the TypeResolver.
func NewResolverTypeProviderAndEnvOption ¶ added in v0.32.0
func NewResolverTypeProviderAndEnvOption(resolver TypeResolver) (*ResolverTypeProvider, cel.EnvOption)
NewResolverTypeProviderAndEnvOption creates the ResolverTypeProvider with a given DynamicTypeResolver, and also returns the CEL ResolverEnvOption to apply it to the env.
func (*ResolverTypeProvider) EnumValue ¶ added in v0.32.0
func (p *ResolverTypeProvider) EnumValue(enumName string) ref.Val
func (*ResolverTypeProvider) FindIdent ¶ added in v0.32.0
func (p *ResolverTypeProvider) FindIdent(identName string) (ref.Val, bool)
func (*ResolverTypeProvider) FindStructFieldNames ¶ added in v0.32.0
func (p *ResolverTypeProvider) FindStructFieldNames(structType string) ([]string, bool)
FindStructFieldNames returns the field names associated with the type, if the type is found.
func (*ResolverTypeProvider) FindStructFieldType ¶ added in v0.32.0
func (p *ResolverTypeProvider) FindStructFieldType(structType, fieldName string) (*types.FieldType, bool)
FindStructFieldType returns the field type for a checked type value. Returns false if the field could not be found.
func (*ResolverTypeProvider) FindStructType ¶ added in v0.32.0
func (p *ResolverTypeProvider) FindStructType(structType string) (*types.Type, bool)
FindStructType returns the Type give a qualified type name, by looking it up with the DynamicTypeResolver and translating it to CEL Type. If the type is not known to the DynamicTypeResolver, the lookup falls back to the underlying ResolverTypeProvider instead.
type Schema ¶
type Schema interface { // Type returns the OpenAPI type. // Multiple types are not supported. It should return // empty string if no type is specified. Type() string // Format returns the OpenAPI format. May be empty Format() string // Items returns the OpenAPI items. or nil of this field does not exist or // contains no schema. Items() Schema // Properties returns the OpenAPI properties, or nil if this field does not // exist. // The values of the returned map are of the adapted type. Properties() map[string]Schema // AdditionalProperties returns the OpenAPI additional properties field, // or nil if this field does not exist. AdditionalProperties() SchemaOrBool // Default returns the OpenAPI default field, or nil if this field does not exist. Default() any Validations KubeExtensions // WithTypeAndObjectMeta returns a schema that has the type and object meta set. // the type includes "kind", "apiVersion" field // the "metadata" field requires "name" and "generateName" to be set // The original schema must not be mutated. Make a copy if necessary. WithTypeAndObjectMeta() Schema }
Schema is the adapted type for an OpenAPI schema that CEL uses. This schema does not cover all OpenAPI fields but only these CEL requires are exposed as getters.
type SchemaOrBool ¶
SchemaOrBool contains either a schema or a boolean indicating if the object can contain any fields.
type TypeResolver ¶ added in v0.32.0
type TypeResolver interface { // Resolve resolves the type by its name. // This function returns false if the name does not refer to a known object type. Resolve(name string) (ResolvedType, bool) }
TypeResolver resolves a type by a given name.
type ValidationRule ¶ added in v0.29.0
type ValidationRule interface { Rule() string Message() string MessageExpression() string FieldPath() string }
ValidationRule represents a single x-kubernetes-validations rule.
type Validations ¶
type Validations interface { Pattern() string Minimum() *float64 IsExclusiveMinimum() bool Maximum() *float64 IsExclusiveMaximum() bool MultipleOf() *float64 MinItems() *int64 MaxItems() *int64 MinLength() *int64 MaxLength() *int64 MinProperties() *int64 MaxProperties() *int64 Required() []string Enum() []any Nullable() bool UniqueItems() bool AllOf() []Schema OneOf() []Schema AnyOf() []Schema Not() Schema }
Validations contains OpenAPI validation that the CEL library uses.