github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-23 11:50:44 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #111451 from DangerOnTheRanger/cel-use-case-tests

Browse Source 
Add examples of matchExpressions validation as unit tests
This commit is contained in:
Kubernetes Prow Robot 2022-07-27 13:20:11 -07:00 committed by GitHub
commit a2ffa21eed
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 63 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
staging/src/k8s.io/apiextensions-apiserver/pkg/apiserver/schema/cel/validation_test.go
View File

@ -1948,6 +1948,58 @@ func TestValidationExpressionsAtSchemaLevels(t *testing.T) {
}), }),
errors: []string{"Invalid value: \"object\": failed rule: self.m == 2"}, errors: []string{"Invalid value: \"object\": failed rule: self.m == 2"},
}, },
{name: "matchExpressions - 'values' must be specified when 'operator' is 'In' or 'NotIn'",
obj: map[string]interface{}{
"matchExpressions": []interface{}{
map[string]interface{}{
"key": "tier",
"operator": "In",
"values": []interface{}{},
},
},
},
schema: genMatchSelectorSchema(`self.matchExpressions.all(rule, (rule.operator != "In" && rule.operator != "NotIn") || ((has(rule.values) && size(rule.values) > 0)))`),
errors: []string{"failed rule"},
},
{name: "matchExpressions - 'values' may not be specified when 'operator' is 'Exists' or 'DoesNotExist'",
obj: map[string]interface{}{
"matchExpressions": []interface{}{
map[string]interface{}{
"key": "tier",
"operator": "Exists",
"values": []interface{}{"somevalue"},
},
},
},
schema: genMatchSelectorSchema(`self.matchExpressions.all(rule, (rule.operator != "Exists" && rule.operator != "DoesNotExist") || ((!has(rule.values) || size(rule.values) == 0)))`),
errors: []string{"failed rule"},
},
{name: "matchExpressions - invalid selector operator",
obj: map[string]interface{}{
"matchExpressions": []interface{}{
map[string]interface{}{
"key": "tier",
"operator": "badop",
"values": []interface{}{},
},
},
},
schema: genMatchSelectorSchema(`self.matchExpressions.all(rule, rule.operator == "In" || rule.operator == "NotIn" || rule.operator == "DoesNotExist")`),
errors: []string{"failed rule"},
},
{name: "matchExpressions - invalid label value",
obj: map[string]interface{}{
"matchExpressions": []interface{}{
map[string]interface{}{
"key": "badkey!",
"operator": "Exists",
"values": []interface{}{},
},
},
},
schema: genMatchSelectorSchema(`self.matchExpressions.all(rule, size(rule.key) <= 63 && rule.key.matches("^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$"))`),
errors: []string{"failed rule"},
},
} }
for _, tt := range tests { for _, tt := range tests {
@ -1987,6 +2039,17 @@ func TestValidationExpressionsAtSchemaLevels(t *testing.T) {
} }
} }
func genMatchSelectorSchema(rule string) *schema.Structural {
s := withRule(objectType(map[string]schema.Structural{
"matchExpressions": listType(objectTypePtr(map[string]schema.Structural{
"key": stringType,
"operator": stringType,
"values": listType(&stringType),
})),
}), rule)
return &s
}
func TestCELValidationLimit(t *testing.T) { func TestCELValidationLimit(t *testing.T) {
tests := []struct { tests := []struct {
name string name string