From 04b21126e589cebf888a8839a69c81761e558861 Mon Sep 17 00:00:00 2001 From: Cici Huang Date: Tue, 17 Oct 2023 20:27:55 +0000 Subject: [PATCH] Add cel new validator into Kubernetes. --- .../pkg/apiserver/schema/cel/validation_test.go | 13 ++++++++++++- .../k8s.io/apiserver/pkg/cel/environment/base.go | 13 ++++++++++++- 2 files changed, 24 insertions(+), 2 deletions(-) diff --git a/staging/src/k8s.io/apiextensions-apiserver/pkg/apiserver/schema/cel/validation_test.go b/staging/src/k8s.io/apiextensions-apiserver/pkg/apiserver/schema/cel/validation_test.go index 2b662534a53..2e133a5b794 100644 --- a/staging/src/k8s.io/apiextensions-apiserver/pkg/apiserver/schema/cel/validation_test.go +++ b/staging/src/k8s.io/apiextensions-apiserver/pkg/apiserver/schema/cel/validation_test.go @@ -274,7 +274,7 @@ func TestValidationExpressions(t *testing.T) { }, errors: map[string]string{ // Invalid regex with a string constant regex pattern is compile time error - "self.val1.matches(')')": "compile error: program instantiation failed: error parsing regexp: unexpected ): `)`", + "self.val1.matches(')')": "compile error: compilation failed: ERROR: :1:19: invalid matches argument", }, }, {name: "escaped strings", @@ -319,6 +319,11 @@ func TestValidationExpressions(t *testing.T) { "self.val1.getMilliseconds() == 3723004", "type(self.val1) == google.protobuf.Duration", }, + errors: map[string]string{ + "duration('1')": "invalid duration argument", + "duration('1d')": "invalid duration argument", + "duration('1us') < duration('1nns')": "invalid duration argument", + }, }, {name: "date format", obj: objs("1997-07-16", "1997-07-16"), @@ -347,6 +352,11 @@ func TestValidationExpressions(t *testing.T) { "self.val1.getHours('UTC') == 18", // TZ in string is 1hr off of UTC "type(self.val1) == google.protobuf.Timestamp", }, + errors: map[string]string{ + "timestamp('1000-00-00T00:00:00Z')": "invalid timestamp", + "timestamp('1000-01-01T00:00:00ZZ')": "invalid timestamp", + "timestamp(-62135596801)": "invalid timestamp", + }, }, {name: "enums", obj: map[string]interface{}{"enumStr": "Pending"}, @@ -1747,6 +1757,7 @@ func TestValidationExpressions(t *testing.T) { "self.str.find(')') == ''": "compile error: program instantiation failed: error parsing regexp: unexpected ): `)`", "self.str.findAll(')') == []": "compile error: program instantiation failed: error parsing regexp: unexpected ): `)`", "self.str.findAll(')', 1) == []": "compile error: program instantiation failed: error parsing regexp: unexpected ): `)`", + "self.str.matches('x++')": "invalid matches argument", }, }, {name: "URL parsing", diff --git a/staging/src/k8s.io/apiserver/pkg/cel/environment/base.go b/staging/src/k8s.io/apiserver/pkg/cel/environment/base.go index 620d9e35e54..22211812147 100644 --- a/staging/src/k8s.io/apiserver/pkg/cel/environment/base.go +++ b/staging/src/k8s.io/apiserver/pkg/cel/environment/base.go @@ -80,7 +80,18 @@ var baseOpts = []VersionedOptions{ library.Quantity(), }, }, - + // add the new validator in 1.29 + { + IntroducedVersion: version.MajorMinor(1, 29), + EnvOptions: []cel.EnvOption{ + cel.ASTValidators( + cel.ValidateDurationLiterals(), + cel.ValidateTimestampLiterals(), + cel.ValidateRegexLiterals(), + cel.ValidateHomogeneousAggregateLiterals(), + ), + }, + }, // String library { IntroducedVersion: version.MajorMinor(1, 0),