You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: keps/sig-api-machinery/2876-crd-validation-expression-language/README.md
+31-7Lines changed: 31 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -235,20 +235,44 @@ will be surfaced when the validation rule evaluates to false.
235
235
236
236
- The validator will be scoped to the location of the `x-kubernetes-validator`
237
237
extension in the schema. In the above example, the validator is scoped to the
238
-
'spec'field.
239
-
238
+
`spec`field. `self` will be used to represent the name of the field which the validator
239
+
is scoped to.
240
+
- Consideration under adding the representative of scoped filed name: There would be composition problem while generating CRD with tools like `controller-gen`.
241
+
When trying to add validation as a marker comment to a field, the validation rule will
242
+
be hard to define without the actual field name. As the example showing below. When we want to put cel validation on ToySpec, the field name as `spec` has not
243
+
been identified yet which makes rule hard to define.
244
+
245
+
```azure
246
+
// +kubebuilder:validation:XValidator=
247
+
type ToySpec struct {
248
+
fieldSample string `json:"fieldSample"`
249
+
...
250
+
}
251
+
252
+
type Toy struct {
253
+
Spec ToySpec `json:"spec"`
254
+
}
255
+
```
256
+
257
+
- Alternatives:
258
+
- Provide a local scoped variable with a fixed name for different types:
259
+
- scalar: value
260
+
- array: items
261
+
- map: entries
262
+
- object: object
263
+
264
+
It will cause a lot of keywords to be reserved and users have to memorize those variable when writing rules.
265
+
- Using other names like `this`, `me`, `value`, `_`. The name should be self-explanatory, less chance of conflict and easy to be picked up.
240
266
- For OpenAPIv3 object types, the expression will have direct access to all the
241
267
fields of the object the validator is scoped to.
242
268
243
269
- For OpenAPIv3 scalar types (integer, string & boolean), the expression will have access to the
244
270
scalar data element the validator is scoped to. The data element will be accessible to CEL
245
-
expressions via the name of the property name that `x-kubernetes-validator` is defined on,
246
-
e.g. `len(labelSelector) > 10`.
271
+
expressions via `self`, e.g. `len(self) > 10`.
247
272
248
273
- For OpenAPIv3 list and map types, the expression will have access to the data element of the list
249
-
or map. These will be accessible to CEL via the property name that `x-kubernetes-validator` is
250
-
defined on. The elements of a map or list can be validated using the CEL support for collections
251
-
like the `all` macro, e.g. `property.all(listItem, <predicate>)` or `property.all(mapKey,
274
+
or map. These will be accessible to CEL via `self`. The elements of a map or list can be validated using the CEL support for collections
275
+
like the `all` macro, e.g. `self.all(listItem, <predicate>)` or `self.all(mapKey,
252
276
<predicate>)`.
253
277
254
278
- For immutability use case, validator will have access to the existing version of the object. This
0 commit comments