apiextensions-apiserverk8s.io/apiextensions-apiserver/pkg/apis/apiextensions/validation Index | Files

package validation

import "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/validation"

Index

Constants 

const (
	// StaticEstimatedCostLimit represents the largest-allowed static CEL cost on a per-expression basis.
	StaticEstimatedCostLimit = 10000000
	// StaticEstimatedCRDCostLimit represents the largest-allowed total cost for the x-kubernetes-validations rules of a CRD.
	StaticEstimatedCRDCostLimit = 100000000

	MaxSelectableFields = 8
)

Functions

func HasSchemaWith 

func HasSchemaWith(spec *apiextensions.CustomResourceDefinitionSpec, pred func(s *apiextensions.JSONSchemaProps) bool) bool

func SchemaHas 

func SchemaHas(s *apiextensions.JSONSchemaProps, pred func(s *apiextensions.JSONSchemaProps) bool) bool

SchemaHas recursively traverses the Schema and calls the `pred` predicate to see if the schema contains specific values.

The predicate MUST NOT keep a copy of the json schema NOR modify the schema.

func SchemaHasInvalidTypes 

func SchemaHasInvalidTypes(s *apiextensions.JSONSchemaProps) bool

SchemaHasInvalidTypes returns true if it contains invalid offending openapi-v3 specification.

func ValidateCustomResourceColumnDefinition 

func ValidateCustomResourceColumnDefinition(col *apiextensions.CustomResourceColumnDefinition, fldPath *field.Path) field.ErrorList

ValidateCustomResourceColumnDefinition statically validates a printer column.

func ValidateCustomResourceDefinition 

func ValidateCustomResourceDefinition(ctx context.Context, obj *apiextensions.CustomResourceDefinition) field.ErrorList

ValidateCustomResourceDefinition statically validates context is passed for supporting context cancellation during cel validation when validating defaults

func ValidateCustomResourceDefinitionNames 

func ValidateCustomResourceDefinitionNames(names *apiextensions.CustomResourceDefinitionNames, fldPath *field.Path) field.ErrorList

ValidateCustomResourceDefinitionNames statically validates

func ValidateCustomResourceDefinitionStatus 

func ValidateCustomResourceDefinitionStatus(status *apiextensions.CustomResourceDefinitionStatus, fldPath *field.Path) field.ErrorList

ValidateCustomResourceDefinitionStatus statically validates

func ValidateCustomResourceDefinitionStoredVersions 

func ValidateCustomResourceDefinitionStoredVersions(storedVersions []string, versions []apiextensions.CustomResourceDefinitionVersion, fldPath *field.Path) field.ErrorList

ValidateCustomResourceDefinitionStoredVersions statically validates

func ValidateCustomResourceDefinitionSubresources 

func ValidateCustomResourceDefinitionSubresources(subresources *apiextensions.CustomResourceSubresources, fldPath *field.Path) field.ErrorList

ValidateCustomResourceDefinitionSubresources statically validates

func ValidateCustomResourceDefinitionUpdate 

func ValidateCustomResourceDefinitionUpdate(ctx context.Context, obj, oldObj *apiextensions.CustomResourceDefinition) field.ErrorList

ValidateCustomResourceDefinitionUpdate statically validates context is passed for supporting context cancellation during cel validation when validating defaults

func ValidateCustomResourceSelectableFields 

func ValidateCustomResourceSelectableFields(selectableFields []apiextensions.SelectableField, schema *structuralschema.Structural, fldPath *field.Path) (allErrs field.ErrorList)

func ValidateUpdateCustomResourceDefinitionStatus 

func ValidateUpdateCustomResourceDefinitionStatus(obj, oldObj *apiextensions.CustomResourceDefinition) field.ErrorList

ValidateUpdateCustomResourceDefinitionStatus statically validates

Types

type CELSchemaContext 

type CELSchemaContext struct {

	// MaxCardinality represents a limit to the number of data elements that can exist for the current
	// schema based on MaxProperties or MaxItems limits present on parent schemas, If all parent
	// map and array schemas have MaxProperties or MaxItems limits declared MaxCardinality is
	// an int pointer representing the product of these limits.  If least one parent map or list schema
	// does not have a MaxProperties or MaxItems limits set, the MaxCardinality is nil, indicating
	// that the parent schemas offer no bound to the number of times a data element for the current
	// schema can exist.
	MaxCardinality *uint64
	// TotalCost accumulates the x-kubernetes-validators estimated rule cost total for an entire custom resource
	// definition. A single TotalCost is allocated for each CustomResourceDefinition and passed through the stack as the
	// CustomResourceDefinition's OpenAPIv3 schema is recursively validated.
	TotalCost *TotalCost
	// contains filtered or unexported fields
}

CELSchemaContext keeps track of data used by x-kubernetes-validations rules for a specific schema node.

func RootCELContext 

func RootCELContext(schema *apiextensions.JSONSchemaProps) *CELSchemaContext

RootCELContext constructs CELSchemaContext for the given root schema.

func (*CELSchemaContext) ChildAdditionalPropertiesContext 

func (c *CELSchemaContext) ChildAdditionalPropertiesContext(propsSchema *apiextensions.JSONSchemaProps) *CELSchemaContext

ChildAdditionalPropertiesContext returns nil, nil if this CELSchemaContext is nil, otherwise it constructs and returns a CELSchemaContext for the properties of an object if this CELSchemaContext is an object. schema must be non-nil and have a non-nil schema.AdditionalProperties.

func (*CELSchemaContext) ChildItemsContext 

func (c *CELSchemaContext) ChildItemsContext(itemsSchema *apiextensions.JSONSchemaProps) *CELSchemaContext

ChildItemsContext returns nil, nil if this CELSchemaContext is nil, otherwise it constructs and returns a CELSchemaContext for the items of an array if this CELSchemaContext is an array.

func (*CELSchemaContext) ChildPropertyContext 

func (c *CELSchemaContext) ChildPropertyContext(propSchema *apiextensions.JSONSchemaProps, propertyName string) *CELSchemaContext

ChildPropertyContext returns nil, nil if this CELSchemaContext is nil, otherwise constructs and returns a CELSchemaContext for propertyName.

func (*CELSchemaContext) TypeInfo 

func (c *CELSchemaContext) TypeInfo() (*CELTypeInfo, error)

TypeInfo returns the CELTypeInfo for this CELSchemaContext node. Returns nil, nil if this CELSchemaContext is nil, or if current level or above does not have x-kubernetes-validations rules. The returned type info is shared and should not be modified by the caller.

type CELTypeInfo 

type CELTypeInfo struct {
	// Schema is a structural schema for this CELSchemaContext node. It must be non-nil.
	Schema *structuralschema.Structural
	// DeclType is a CEL declaration representation of Schema of this CELSchemaContext node. It must be non-nil.
	DeclType *cel.DeclType
}

CELTypeInfo represents all the typeInfo needed by CEL to compile x-kubernetes-validations rules for a schema node.

type OpenAPISchemaErrorList 

type OpenAPISchemaErrorList struct {
	SchemaErrors field.ErrorList
	CELErrors    field.ErrorList
}

OpenAPISchemaErrorList tracks all validation errors reported ValidateCustomResourceDefinitionOpenAPISchema with CEL related errors kept separate from schema related errors.

func ValidateCustomResourceDefinitionOpenAPISchema 

func ValidateCustomResourceDefinitionOpenAPISchema(schema *apiextensions.JSONSchemaProps, fldPath *field.Path, ssv specStandardValidator, isRoot bool, opts *validationOptions, celContext *CELSchemaContext) *OpenAPISchemaErrorList

ValidateCustomResourceDefinitionOpenAPISchema statically validates

func (*OpenAPISchemaErrorList) AllErrors 

func (o *OpenAPISchemaErrorList) AllErrors() field.ErrorList

AllErrors returns a list containing both schema and CEL errors.

func (*OpenAPISchemaErrorList) AppendErrors 

func (o *OpenAPISchemaErrorList) AppendErrors(list *OpenAPISchemaErrorList)

AppendErrors appends all errors in the provided list with the errors of this list.

type RuleCost 

type RuleCost struct {
	Path *field.Path
	Cost uint64
}

RuleCost represents the cost of evaluating a single x-kubernetes-validations rule.

type TotalCost 

type TotalCost struct {
	// Total accumulates the x-kubernetes-validations estimated rule cost total.
	Total uint64
	// MostExpensive accumulates the top 4 most expensive rules contributing to the Total. Only rules
	// that accumulate at least 1% of total cost limit are included.
	MostExpensive []RuleCost
}

TotalCost tracks the total cost of evaluating all the x-kubernetes-validations rules of a CustomResourceDefinition.

func (*TotalCost) ObserveExpressionCost 

func (c *TotalCost) ObserveExpressionCost(path *field.Path, cost uint64)

ObserveExpressionCost accumulates the cost of evaluating a -kubernetes-validations rule.

Source Files

cel_validation.go validation.go

Version
v0.33.0 (latest)
Published
Apr 23, 2025
Platform
linux/amd64
Imports
29 packages
Last checked
3 hours ago

Tools for package owners.