You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: keps/sig-api-machinery/2876-crd-validation-expression-language/README.md
+31-7Lines changed: 31 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -233,20 +233,44 @@ will be surfaced when the validation rule evaluates to false.
233
233
234
234
- The validator will be scoped to the location of the `x-kubernetes-validator`
235
235
extension in the schema. In the above example, the validator is scoped to the
236
-
'spec'field.
237
-
236
+
`spec`field. `self` will be used to represent the name of the field which the validator
237
+
is scoped to.
238
+
- Consideration under adding `self`: There would be composition problem while generating CRD with tools like `controller-gen`.
239
+
When trying to add validation as a maker comment to a field, the validation rule will
240
+
be hard to define without the actual field name. As the example showing below. When we want to put cel validation on ToySpec, the field name as `spec` has not
241
+
been identified yet which makes rule hard to define.
242
+
243
+
```azure
244
+
// +kubebuilder:validation:XValidator=
245
+
type ToySpec struct {
246
+
fieldSample string `json:"fieldSample"`
247
+
...
248
+
}
249
+
250
+
type Toy struct {
251
+
Spec ToySpec `json:"spec"`
252
+
}
253
+
```
254
+
255
+
- Alternatives:
256
+
- Provide a local scoped variable with a fixed name for different types:
257
+
- scalar: value
258
+
- array: items
259
+
- map: entries
260
+
- object: object
261
+
262
+
It will cause a lot of keywords to be reserved and users have to memorize those variable when writing rules.
263
+
- Using other names like `this`, `me`, `value`, `_`. The name should be self-explanatory, less chance of conflict and easy to be picked up.
238
264
- For OpenAPIv3 object types, the expression will have direct access to all the
239
265
fields of the object the validator is scoped to.
240
266
241
267
- For OpenAPIv3 scalar types (integer, string & boolean), the expression will have access to the
242
268
scalar data element the validator is scoped to. The data element will be accessible to CEL
243
-
expressions via the name of the property name that `x-kubernetes-validator` is defined on,
244
-
e.g. `len(labelSelector) > 10`.
269
+
expressions via `self`, e.g. `len(self) > 10`.
245
270
246
271
- For OpenAPIv3 list and map types, the expression will have access to the data element of the list
247
-
or map. These will be accessible to CEL via the property name that `x-kubernetes-validator` is
248
-
defined on. The elements of a map or list can be validated using the CEL support for collections
249
-
like the `all` macro, e.g. `property.all(listItem, <predicate>)` or `property.all(mapKey,
272
+
or map. These will be accessible to CEL via `self`. The elements of a map or list can be validated using the CEL support for collections
273
+
like the `all` macro, e.g. `self.all(listItem, <predicate>)` or `self.all(mapKey,
250
274
<predicate>)`.
251
275
252
276
- For immutability use case, validator will have access to the existing version of the object. This
0 commit comments