Implicit JSON Serialization (#18)

I'm guilty of missing out the json function myself at times, so add it
in implicitly.  While this works for straight pipelines, it won't for
stuff with control flow, so outlaw this for now until we can work out
how to do this.  It will most likely involve parse trees and augmenting
leaves.

Author: spjmurray

documentation/modules/ROOT/pages/concepts/dynamic-attributes.adoc

@@ -19,13 +19,15 @@ Dynamic attributes are best thought of as functions: they accept input arguments
 Dynamic attributes do not have any side effects.
 
 In general, dynamic attributes use the Go language https://golang.org/pkg/text/template/[template^] library with a few specializations.
-All actions, pipelines and functions are fully supported, providing control flow and function chaining out of the box.
+All pipelines and functions are fully supported.
+Actions involving control flow (e.g. `if` and `range`) are not supported at present.
 Arguments are confined to scalar values only (typically `int`, `string` and `bool`) and undefined values (`nil`).
 
 === Dynamic Attribute Typing
 
 The key thing to note is that Go language templating operates on text.
 Text has no concept of type (other than being a string) therefore all dynamic attributes must be serialized to JSON in order to preserve type information and allow the Service Broker to make the correct decisions.
+The JSON serialization function is added implicitly, by the Service Broker, to all pipelines.
 All dynamic attributes are initially defined as strings, however the attribute itself takes on the type of the value returned by attribute template processing.
 
 Internally, the templating engine treats all data as abstract values.
@@ -50,7 +52,7 @@ You can catch these types of errors earlier, and with more context, by specifyin
 
 [source]
 ----
-{{ parameter "/optional-parameter" | required | json }}
+{{ parameter "/optional-parameter" | required }}
 ----
 
 Unlike optional parameters, required parameters will raise an error if the result resolves to `nil`.
@@ -77,7 +79,7 @@ A registry source for name `foo` will return any value associated with the regis
 
 [source]
 ----
-{{ registry "fool" | json }}
+{{ registry "fool" }}
 ----
 
 ==== Parameter
@@ -105,7 +107,7 @@ A dynamic attribute of:
 
 [source]
 ----
-{{ parameter "/size" | json }}
+{{ parameter "/size" }}
 ----
 
 would resolve to `"4"`.
@@ -114,7 +116,7 @@ A dynamic attribute of:
 
 [source]
 ----
-{{ parameter "/resources/requests" | json }}
+{{ parameter "/resources/requests" }}
 ----
 
 would resolve to `{"cpu":"4","memory":"16Gi"}`.
@@ -133,7 +135,7 @@ To demonstrate consider the following configuration template snippet definition:
 ----
 name: label-snippet
 template:
-  app: '{{ registry "my-app-name" | json }}' # <1>
+  app: '{{ registry "my-app-name" }}' # <1>
 ----
 
 <1> The `app` attribute is dynamically set to the value defined by the `my-app-name` registry key.
@@ -149,7 +151,7 @@ template:
   kind: Secret
   metadata:
     name: my-secret
-    labels: '{{ snippet "label-snippet" | json }}'
+    labels: '{{ snippet "label-snippet" }}'
 ----
 
 This would generate the following Kubernetes resource:
@@ -174,7 +176,7 @@ The default function allows a dynamic attribute to have a value set when an opti
 
 [source]
 ----
-{{ parameter "/size" | default 3 | json }}
+{{ parameter "/size" | default 3 }}
 ----
 
 === Generators
@@ -192,7 +194,7 @@ To generate a 32 character password:
 
 [source]
 ----
-{{ generatePassword 32 nil | json }}
+{{ generatePassword 32 nil }}
 ----
 
 ==== Generate Key
@@ -205,7 +207,7 @@ For example, to generate a PKCS#8 encoded P256 elliptic curve private key:
 
 [source]
 ----
-{{ generatePrivateKey "EllipticP256" "PKCS#8" nil | json }}
+{{ generatePrivateKey "EllipticP256" "PKCS#8" nil }}
 ----
 
 ==== Generate Certificate
@@ -221,7 +223,7 @@ For example, to generate a signed X.509 certificate:
 
 [source]
 ----
-{{ generateCertificate (registry "my-key") "My Certificate" "24h" "Server" (list "localhost") (registry "my-ca-key") (registry "my-ca-cert") | json }}
+{{ generateCertificate (registry "my-key") "My Certificate" "24h" "Server" (list "localhost") (registry "my-ca-key") (registry "my-ca-cert") }}
 ----
 
 .Recursive Template Processing
@@ -249,7 +251,7 @@ The required function will raise an error if the input argument is `nil`.
 
 [source]
 ----
-{{ parameter "/password" | required | json }}
+{{ parameter "/password" | required }}
 ----
 
 == Next Steps

documentation/modules/ROOT/pages/concepts/templates.adoc

@@ -32,7 +32,7 @@ template: # <1>
   apiVersion: v1
   kind: Secret
   metadata:
-    name: '{{ registry "instance-id" | json }}' # <2>
+    name: '{{ registry "instance-id" }}' # <2>
   stringData:
     mySecretName: TopSecret!
 ----
@@ -44,10 +44,6 @@ Lets look in more detail at the configuration:
 <2> The `metadata.name` attribute is an example of using dynamic attributes
     Dynamic attributes are defined as strings--Go language templating operates on strings.
     This particular template references a value from the registry--a simple key/value store.
-    The result from the registry lookup is then piped into a JSON converter.
-    As Go language templating is all based on strings, then all outputs will also be strings.
-    To allow the Service Broker to preserve structure and data types, all templated attributes must serialize their output into a JSON string.
-    By using JSON, the Service Broker can decode it and process it correctly based on data type.
 
 If, for example, our instance ID was `camelot`, the resulting resource would be:
 
@@ -76,7 +72,7 @@ template:
   kind: Secret
   metadata:
     name: my-secret
-    namespace: '{{ parameter "my-namespace" | json }}'
+    namespace: '{{ parameter "my-namespace" }}'
 ----
 
 If the parameter did not exist, the resulting resource would look like:

documentation/modules/ROOT/pages/reference/servicebrokerconfigs.adoc

@@ -429,7 +429,7 @@ Configuration binding parameters are defined as follows:
 ----
 registry:
 - name: my-key
-  value: '{{ generatePassword 32 nil | json }}'
+  value: '{{ generatePassword 32 nil }}'
 templates:
 - my-template
 readinessChecks: []
@@ -499,8 +499,8 @@ readinessChecks:
 - condition:
     apiVersion: apps/v1
     kind: Deployment
-    namespace: '{{ registry "namespace" | json }}'
-    name: '{{ registry "instance-name" | json }}'
+    namespace: '{{ registry "namespace" }}'
+    name: '{{ registry "instance-name" }}'
     type: Available
     status: "True"
 ----

documentation/modules/ROOT/pages/reference/template-functions.adoc

@@ -115,6 +115,8 @@ The result type will be any type.
 == `json`
 
 The `json` function serializes its input as a JSON string.
+All templates implicitly append the JSON function to their pipelines as this is required by the Service Broker for all operations.
+This is only performed for simple, single pipeline actions, therefore complex action involving control flow are not supported at present.
 
 [source]
 ----

examples/configurations/couchbase-server/broker.yaml

@@ -264,7 +264,7 @@ spec:
       subjects:
       - kind: ServiceAccount
         name: couchbase-operator
-        namespace: '{{ registry "namespace" | json }}'
+        namespace: '{{ registry "namespace" }}'
   - name: couchbase-operator-deployment
     singleton: true
     template:
@@ -309,116 +309,116 @@ spec:
       apiVersion: v1
       kind: Secret
       metadata:
-        name: '{{ printf "%v-admin" (registry "instance-name") | json }}'
+        name: '{{ printf "%v-admin" (registry "instance-name") }}'
       stringData:
         username: Administrator
-        password: '{{ parameter "/password" | json }}'
+        password: '{{ parameter "/password" }}'
   - name: couchbase-operator-tls-secret
     template:
       apiVersion: v1
       kind: Secret
       metadata:
-        name: '{{ printf "%v-operator-tls" (registry "instance-name") | json }}'
+        name: '{{ printf "%v-operator-tls" (registry "instance-name") }}'
       stringData:
-        ca.crt: '{{ registry "ca-cert" | json }}'
+        ca.crt: '{{ registry "ca-cert" }}'
   - name: couchbase-server-tls-secret
     template:
       apiVersion: v1
       kind: Secret
       metadata:
-        name: '{{ printf "%v-server-tls" (registry "instance-name") | json }}'
+        name: '{{ printf "%v-server-tls" (registry "instance-name") }}'
       stringData:
-        pkey.key: '{{ registry "server-key" | json }}'
-        chain.pem: '{{ registry "server-cert" | json }}'
+        pkey.key: '{{ registry "server-key" }}'
+        chain.pem: '{{ registry "server-cert" }}'
   - name: selector-snippet
     template:
       matchLabels:
-        cluster: '{{ registry "instance-name" | json }}'
+        cluster: '{{ registry "instance-name" }}'
   - name: couchbase-developer-private
     template:
       apiVersion: couchbase.com/v2
       kind: CouchbaseCluster
       metadata:
-        name: '{{ registry "instance-name" | json }}'
+        name: '{{ registry "instance-name" }}'
       spec:
-        image: '{{ parameter "/image" | default "couchbase/server:6.5.0" | json }}'
+        image: '{{ parameter "/image" | default "couchbase/server:6.5.0" }}'
         security:
-          adminSecret: '{{ printf "%v-admin" (registry "instance-name") | json }}'
+          adminSecret: '{{ printf "%v-admin" (registry "instance-name") }}'
           rbac:
             managed: true
-            selector: '{{ snippet "selector-snippet" | json }}'
+            selector: '{{ snippet "selector-snippet" }}'
         networking:
           tls:
             static:
-              operatorSecret: '{{ printf "%v-operator-tls" (registry "instance-name") | json }}'
-              serverSecret: '{{ printf "%v-server-tls" (registry "instance-name") | json }}'
+              operatorSecret: '{{ printf "%v-operator-tls" (registry "instance-name") }}'
+              serverSecret: '{{ printf "%v-server-tls" (registry "instance-name") }}'
         buckets:
           managed: true
-          selector: '{{ snippet "selector-snippet" | json }}'
+          selector: '{{ snippet "selector-snippet" }}'
         servers:
         - name: default
           services:
           - data
           - index
           - query
-          size: '{{ parameter "/size" | default 3 | json }}'
+          size: '{{ parameter "/size" | default 3 }}'
   - name: couchbase-bucket
     template:
       apiVersion: couchbase.com/v2
       kind: CouchbaseBucket
       metadata:
-        name: '{{ registry "binding-name" | json }}'
-        labels: '{{ snippet "selector-snippet" | json }}'
+        name: '{{ registry "binding-name" }}'
+        labels: '{{ snippet "selector-snippet" }}'
   - name: couchbase-user-secret
     template:
       apiVersion: v1
       kind: Secret
       metadata:
-        name: '{{ registry "binding-name" | json }}'
+        name: '{{ registry "binding-name" }}'
       data:
-        password: '{{ registry "password" | json }}'
+        password: '{{ registry "password" }}'
   - name: couchbase-user
     template:
       apiVersion: couchbase.com/v2
       kind: CouchbaseUser
       metadata:
-        name: '{{ registry "binding-name" | json }}'
-        labels: '{{ snippet "selector-snippet" | json }}'
+        name: '{{ registry "binding-name" }}'
+        labels: '{{ snippet "selector-snippet" }}'
       spec:
         authDomain: local
-        authSecret: '{{ registry "binding-name" | json }}'
+        authSecret: '{{ registry "binding-name" }}'
   - name: couchbase-group
     template:
       apiVersion: couchbase.com/v2
       kind: CouchbaseGroup
       metadata:
-        name: '{{ registry "binding-name" | json }}'
-        labels: '{{ snippet "selector-snippet" | json }}'
+        name: '{{ registry "binding-name" }}'
+        labels: '{{ snippet "selector-snippet" }}'
       spec:
         roles:
         - name: bucket_admin
-          bucket: '{{ registry "binding-name" | json }}'
+          bucket: '{{ registry "binding-name" }}'
   - name: couchbase-role-binding
     template:
       apiVersion: couchbase.com/v2
       kind: CouchbaseRoleBinding
       metadata:
-        name: '{{ registry "binding-name" | json }}'
-        labels: '{{ snippet "selector-snippet" | json }}'
+        name: '{{ registry "binding-name" }}'
+        labels: '{{ snippet "selector-snippet" }}'
       spec:
         subjects:
         - kind: CouchbaseUser
-          name: '{{ registry "binding-name" | json }}'
+          name: '{{ registry "binding-name" }}'
         roleRef:
           kind: CouchbaseGroup
-          name: '{{ registry "binding-name" | json }}'
+          name: '{{ registry "binding-name" }}'
   - name: credentials
     template:
-      connection-string: '{{ printf "couchbases://%v-srv.%v" (registry "instance-name") (registry "namespace") | json }}'
-      ca.pem: '{{ registry "ca-cert" | json }}'
-      username: '{{ registry "username" | json }}'
-      password: '{{ registry "password" | json }}'
-      bucket: '{{ registry "binding-name" | json }}'
+      connection-string: '{{ printf "couchbases://%v-srv.%v" (registry "instance-name") (registry "namespace") }}'
+      ca.pem: '{{ registry "ca-cert" }}'
+      username: '{{ registry "username" }}'
+      password: '{{ registry "password" }}'
+      bucket: '{{ registry "binding-name" }}'
   # Bindings bind templates to service plans.  These allow the specification of
   # exactly what templates are created when a plan is instantiated or bound to.
   bindings:
@@ -428,17 +428,17 @@ spec:
     serviceInstance:
       registry:
       - name: instance-name
-        value: '{{ printf "instance-%s" (generatePassword 8 "abcdefghijklmnopqrstuvwxyz0123456789") | json }}'
+        value: '{{ printf "instance-%s" (generatePassword 8 "abcdefghijklmnopqrstuvwxyz0123456789") }}'
       - name: dashboard-url
-        value: '{{ printf "https://%s.%s:18091" (registry "instance-name") (registry "namespace") | json }}'
+        value: '{{ printf "https://%s.%s:18091" (registry "instance-name") (registry "namespace") }}'
       - name: ca-key
-        value: '{{ generatePrivateKey "RSA" "PKCS#8" 2048 | json}}'
+        value: '{{ generatePrivateKey "RSA" "PKCS#8" 2048 }}'
       - name: ca-cert
-        value: '{{ generateCertificate (registry "ca-key") "Couchbase Server CA" "87600h" "CA" nil nil nil | json }}'
+        value: '{{ generateCertificate (registry "ca-key") "Couchbase Server CA" "87600h" "CA" nil nil nil }}'
       - name: server-key
-        value: '{{ generatePrivateKey "RSA" "PKCS#1" 2048 | json }}'
+        value: '{{ generatePrivateKey "RSA" "PKCS#1" 2048 }}'
       - name: server-cert
-        value: '{{ generateCertificate (registry "server-key") "Couchbase Server" "87600h" "Server" (list (printf "DNS:%s-srv" (registry "instance-name")) (printf "DNS:%s-srv.%s" (registry "instance-name") (registry "namespace")) (printf "DNS:%s-srv.%s.svc" (registry "instance-name") (registry "namespace")) (printf "DNS:*.%s" (registry "instance-name")) (printf "DNS:*.%s.%s" (registry "instance-name") (registry "namespace")) (printf "DNS:*.%s.%s.svc" (registry "instance-name") (registry "namespace")) "DNS:localhost") (registry "ca-key") (registry "ca-cert") | json }}'
+        value: '{{ generateCertificate (registry "server-key") "Couchbase Server" "87600h" "Server" (list (printf "DNS:%s-srv" (registry "instance-name")) (printf "DNS:%s-srv.%s" (registry "instance-name") (registry "namespace")) (printf "DNS:%s-srv.%s.svc" (registry "instance-name") (registry "namespace")) (printf "DNS:*.%s" (registry "instance-name")) (printf "DNS:*.%s.%s" (registry "instance-name") (registry "namespace")) (printf "DNS:*.%s.%s.svc" (registry "instance-name") (registry "namespace")) "DNS:localhost") (registry "ca-key") (registry "ca-cert") }}'
       templates:
       - couchbase-operator-serviceaccount
       - couchbase-operator-role
@@ -453,18 +453,18 @@ spec:
         condition:
           apiVersion: couchbase.com/v2
           kind: CouchbaseCluster
-          namespace: '{{ registry "namespace" | json }}'
-          name: '{{ registry "instance-name" | json }}'
+          namespace: '{{ registry "namespace" }}'
+          name: '{{ registry "instance-name" }}'
           type: Available
           status: "True"
     serviceBinding:
       registry:
       - name: binding-name
-        value: '{{ printf "binding-%s" (registry "binding-id") | json }}'
+        value: '{{ printf "binding-%s" (registry "binding-id") }}'
       - name: password
-        value: '{{ generatePassword 32 nil | json }}'
+        value: '{{ generatePassword 32 nil }}'
       - name: credentials
-        value: '{{ snippet "credentials" | json }}'
+        value: '{{ snippet "credentials" }}'
       templates:
       - couchbase-bucket
       - couchbase-group