Merge branch 'main' into cel-support

kyverno · Sep 19, 2024 · 6b4fd8e · 6b4fd8e
2 parents 13c053d + c0a564e
commit 6b4fd8e
Show file tree

Hide file tree

Showing 8 changed files with 32 additions and 57 deletions.
diff --git a/pkg/apis/policy/v1alpha1/assertion_tree.go b/pkg/apis/policy/v1alpha1/assertion_tree.go
@@ -4,7 +4,7 @@ import (
 	"context"
 	"sync"
 
-	"github.com/kyverno/kyverno-json/pkg/engine/assert"
+	"github.com/kyverno/kyverno-json/pkg/core/assertion"
 	"k8s.io/apimachinery/pkg/util/json"
 )
 
@@ -14,19 +14,19 @@ import (
 // AssertionTree represents an assertion tree.
 type AssertionTree struct {
 	_tree      any
-	_assertion func() (assert.Assertion, error)
+	_assertion func() (assertion.Assertion, error)
 }
 
 func NewAssertionTree(value any) AssertionTree {
 	return AssertionTree{
 		_tree: value,
-		_assertion: sync.OnceValues(func() (assert.Assertion, error) {
-			return assert.Parse(context.Background(), value)
+		_assertion: sync.OnceValues(func() (assertion.Assertion, error) {
+			return assertion.Parse(context.Background(), value)
 		}),
 	}
 }
 
-func (t *AssertionTree) Assertion() (assert.Assertion, error) {
+func (t *AssertionTree) Assertion() (assertion.Assertion, error) {
 	if t._tree == nil {
 		return nil, nil
 	}
@@ -44,8 +44,8 @@ func (a *AssertionTree) UnmarshalJSON(data []byte) error {
 		return err
 	}
 	a._tree = v
-	a._assertion = sync.OnceValues(func() (assert.Assertion, error) {
-		return assert.Parse(context.Background(), v)
+	a._assertion = sync.OnceValues(func() (assertion.Assertion, error) {
+		return assertion.Parse(context.Background(), v)
 	})
 	return nil
 }

diff --git a/pkg/engine/assert/parse.go → pkg/core/assertion/assertion.go b/pkg/engine/assert/parse.go → pkg/core/assertion/assertion.go
@@ -1,4 +1,4 @@
-package assert
+package assertion
 
 import (
 	"context"
@@ -17,7 +17,11 @@ import (
 	"k8s.io/apimachinery/pkg/util/validation/field"
 )
 
-func Parse(ctx context.Context, assertion any) (Assertion, error) {
+type Assertion interface {
+	Assert(context.Context, *field.Path, any, binding.Bindings, ...template.Option) (field.ErrorList, error)
+}
+
+func Parse(ctx context.Context, assertion any) (node, error) {
 	switch reflectutils.GetKind(assertion) {
 	case reflect.Slice:
 		return parseSlice(ctx, assertion)
@@ -31,15 +35,15 @@ func Parse(ctx context.Context, assertion any) (Assertion, error) {
 // node implements the Assertion interface using a delegate func
 type node func(ctx context.Context, path *field.Path, value any, bindings binding.Bindings, opts ...template.Option) (field.ErrorList, error)
 
-func (n node) assert(ctx context.Context, path *field.Path, value any, bindings binding.Bindings, opts ...template.Option) (field.ErrorList, error) {
+func (n node) Assert(ctx context.Context, path *field.Path, value any, bindings binding.Bindings, opts ...template.Option) (field.ErrorList, error) {
 	return n(ctx, path, value, bindings, opts...)
 }
 
 // parseSlice is the assertion represented by a slice.
 // it first compares the length of the analysed resource with the length of the descendants.
 // if lengths match all descendants are evaluated with their corresponding items.
 func parseSlice(ctx context.Context, assertion any) (node, error) {
-	var assertions []Assertion
+	var assertions []node
 	valueOf := reflect.ValueOf(assertion)
 	for i := 0; i < valueOf.Len(); i++ {
 		sub, err := Parse(ctx, valueOf.Index(i).Interface())
@@ -60,7 +64,7 @@ func parseSlice(ctx context.Context, assertion any) (node, error) {
 				errs = append(errs, field.Invalid(path, value, "lengths of slices don't match"))
 			} else {
 				for i := range assertions {
-					if _errs, err := assertions[i].assert(ctx, path.Index(i), valueOf.Index(i).Interface(), bindings, opts...); err != nil {
+					if _errs, err := assertions[i].Assert(ctx, path.Index(i), valueOf.Index(i).Interface(), bindings, opts...); err != nil {
 						return nil, err
 					} else {
 						errs = append(errs, _errs...)
@@ -77,7 +81,7 @@ func parseSlice(ctx context.Context, assertion any) (node, error) {
 func parseMap(ctx context.Context, assertion any) (node, error) {
 	assertions := map[any]struct {
 		projection.Projection
-		Assertion
+		node
 	}{}
 	iter := reflect.ValueOf(assertion).MapRange()
 	for iter.Next() {
@@ -88,7 +92,7 @@ func parseMap(ctx context.Context, assertion any) (node, error) {
 			return nil, err
 		}
 		entry := assertions[key]
-		entry.Assertion = assertion
+		entry.node = assertion
 		entry.Projection = projection.Parse(key)
 		assertions[key] = entry
 	}
@@ -120,7 +124,7 @@ func parseMap(ctx context.Context, assertion any) (node, error) {
 							if v.Projection.ForeachName != "" {
 								bindings = bindings.Register("$"+v.Projection.ForeachName, binding.NewBinding(i))
 							}
-							if _errs, err := v.assert(ctx, path.Child(fmt.Sprint(k)).Index(i), valueOf.Index(i).Interface(), bindings, opts...); err != nil {
+							if _errs, err := v.Assert(ctx, path.Child(fmt.Sprint(k)).Index(i), valueOf.Index(i).Interface(), bindings, opts...); err != nil {
 								return nil, err
 							} else {
 								errs = append(errs, _errs...)
@@ -134,7 +138,7 @@ func parseMap(ctx context.Context, assertion any) (node, error) {
 							if v.Projection.ForeachName != "" {
 								bindings = bindings.Register("$"+v.Projection.ForeachName, binding.NewBinding(key))
 							}
-							if _errs, err := v.assert(ctx, path.Child(fmt.Sprint(k)).Key(fmt.Sprint(key)), iter.Value().Interface(), bindings, opts...); err != nil {
+							if _errs, err := v.Assert(ctx, path.Child(fmt.Sprint(k)).Key(fmt.Sprint(key)), iter.Value().Interface(), bindings, opts...); err != nil {
 								return nil, err
 							} else {
 								errs = append(errs, _errs...)
@@ -144,7 +148,7 @@ func parseMap(ctx context.Context, assertion any) (node, error) {
 						return nil, field.TypeInvalid(path.Child(fmt.Sprint(k)), projected, "expected a slice or a map")
 					}
 				} else {
-					if _errs, err := v.assert(ctx, path.Child(fmt.Sprint(k)), projected, bindings, opts...); err != nil {
+					if _errs, err := v.Assert(ctx, path.Child(fmt.Sprint(k)), projected, bindings, opts...); err != nil {
 						return nil, err
 					} else {
 						errs = append(errs, _errs...)

diff --git a/pkg/engine/assert/assert_test.go → pkg/core/assertion/assertion_test.go b/pkg/engine/assert/assert_test.go → pkg/core/assertion/assertion_test.go
@@ -1,4 +1,4 @@
-package assert
+package assertion
 
 import (
 	"context"
@@ -50,7 +50,7 @@ func TestAssert(t *testing.T) {
 		t.Run(tt.name, func(t *testing.T) {
 			parsed, err := Parse(context.TODO(), tt.assertion)
 			tassert.NoError(t, err)
-			got, err := Assert(context.TODO(), nil, parsed, tt.value, tt.bindings)
+			got, err := parsed.Assert(context.TODO(), nil, tt.value, tt.bindings)
 			if tt.wantErr {
 				tassert.Error(t, err)
 			} else {

diff --git a/pkg/engine/assert/assert.go b/pkg/engine/assert/assert.go
diff --git a/pkg/engine/assert/assertion.go b/pkg/engine/assert/assertion.go
diff --git a/pkg/engine/assert/binding.go → pkg/engine/template/binding.go b/pkg/engine/assert/binding.go → pkg/engine/template/binding.go
@@ -1,19 +1,18 @@
-package assert
+package template
 
 import (
 	"context"
 
 	"github.com/jmespath-community/go-jmespath/pkg/binding"
 	"github.com/kyverno/kyverno-json/pkg/core/expression"
-	"github.com/kyverno/kyverno-json/pkg/engine/template"
 	"github.com/kyverno/kyverno-json/pkg/jp"
 	"k8s.io/apimachinery/pkg/util/validation/field"
 )
 
-func NewContextBinding(path *field.Path, bindings binding.Bindings, value any, entry any, opts ...template.Option) binding.Binding {
+func NewContextBinding(path *field.Path, bindings binding.Bindings, value any, template any, opts ...Option) binding.Binding {
 	return jp.NewLazyBinding(
 		func() (any, error) {
-			switch typed := entry.(type) {
+			switch typed := template.(type) {
 			case string:
 				expr := expression.Parse(typed)
 				if expr.Foreach {
@@ -24,7 +23,7 @@ func NewContextBinding(path *field.Path, bindings binding.Bindings, value any, e
 				}
 				switch expr.Engine {
 				case expression.EngineJP:
-					projected, err := template.ExecuteJP(context.TODO(), expr.Statement, value, bindings, opts...)
+					projected, err := ExecuteJP(context.TODO(), expr.Statement, value, bindings, opts...)
 					if err != nil {
 						return nil, field.InternalError(path.Child("variable"), err)
 					}

diff --git a/pkg/json-engine/engine.go b/pkg/json-engine/engine.go
@@ -8,7 +8,6 @@ import (
 	jpbinding "github.com/jmespath-community/go-jmespath/pkg/binding"
 	"github.com/kyverno/kyverno-json/pkg/apis/policy/v1alpha1"
 	"github.com/kyverno/kyverno-json/pkg/engine"
-	"github.com/kyverno/kyverno-json/pkg/engine/assert"
 	"github.com/kyverno/kyverno-json/pkg/engine/builder"
 	"github.com/kyverno/kyverno-json/pkg/engine/template"
 	"github.com/kyverno/kyverno-json/pkg/matching"
@@ -74,7 +73,7 @@ func New() engine.Engine[Request, Response] {
 			var path *field.Path
 			path = path.Child("context")
 			for i, entry := range r.rule.Context {
-				bindings = bindings.Register("$"+entry.Name, assert.NewContextBinding(path.Index(i), bindings, r.resource, entry.Variable.Value()))
+				bindings = bindings.Register("$"+entry.Name, template.NewContextBinding(path.Index(i), bindings, r.resource, entry.Variable.Value()))
 			}
 			identifier := ""
 			if r.rule.Identifier != "" {

diff --git a/pkg/matching/match.go b/pkg/matching/match.go
@@ -6,7 +6,6 @@ import (
 
 	"github.com/jmespath-community/go-jmespath/pkg/binding"
 	"github.com/kyverno/kyverno-json/pkg/apis/policy/v1alpha1"
-	"github.com/kyverno/kyverno-json/pkg/engine/assert"
 	"github.com/kyverno/kyverno-json/pkg/engine/template"
 	"k8s.io/apimachinery/pkg/util/validation/field"
 )
@@ -53,7 +52,7 @@ func MatchAssert(ctx context.Context, path *field.Path, match v1alpha1.Assert, a
 				if err != nil {
 					return fails, err
 				}
-				checkFails, err := assert.Assert(ctx, path, parsed, actual, bindings, opts...)
+				checkFails, err := parsed.Assert(ctx, path, actual, bindings, opts...)
 				if err != nil {
 					return fails, err
 				}
@@ -82,7 +81,7 @@ func MatchAssert(ctx context.Context, path *field.Path, match v1alpha1.Assert, a
 				if err != nil {
 					return fails, err
 				}
-				checkFails, err := assert.Assert(ctx, path, parsed, actual, bindings, opts...)
+				checkFails, err := parsed.Assert(ctx, path, actual, bindings, opts...)
 				if err != nil {
 					return fails, err
 				}
@@ -133,7 +132,7 @@ func MatchAny(ctx context.Context, path *field.Path, assertions []v1alpha1.Asser
 		if err != nil {
 			return errs, err
 		}
-		_errs, err := assert.Assert(ctx, path, assertion, actual, bindings, opts...)
+		_errs, err := assertion.Assert(ctx, path, actual, bindings, opts...)
 		if err != nil {
 			return errs, err
 		}
@@ -153,7 +152,7 @@ func MatchAll(ctx context.Context, path *field.Path, assertions []v1alpha1.Asser
 		if err != nil {
 			return errs, err
 		}
-		_errs, err := assert.Assert(ctx, path, assertion, actual, bindings, opts...)
+		_errs, err := assertion.Assert(ctx, path, actual, bindings, opts...)
 		if err != nil {
 			return errs, err
 		}