type Validator … // NewValidator returns compiles all the CEL programs defined in x-kubernetes-validations extensions // of the Structural schema and returns a custom resource validator that contains nested // validators for all items, properties and additionalProperties that transitively contain validator rules. // Returns nil if there are no validator rules in the Structural schema. May return a validator containing only errors. // Adding perCallLimit as input arg for testing purpose only. Callers should always use const PerCallLimit from k8s.io/apiserver/pkg/apis/cel/config.go as input func NewValidator(s *schema.Structural, isResourceRoot bool, perCallLimit uint64) *Validator { … } // validator creates a Validator for all x-kubernetes-validations at the level of the provided schema and lower and // returns the Validator if any x-kubernetes-validations exist in the schema, or nil if no x-kubernetes-validations // exist. declType is expected to be a CEL DeclType corresponding to the structural schema. // perCallLimit was added for testing purpose only. Callers should always use const PerCallLimit from k8s.io/apiserver/pkg/apis/cel/config.go as input. func validator(validationSchema, nodeSchema *schema.Structural, isResourceRoot bool, declType *cel.DeclType, perCallLimit uint64) *Validator { … } type options … type Option … func WithRatcheting(correlation *common.CorrelatedObject) Option { … } // Validate validates all x-kubernetes-validations rules in Validator against obj and returns any errors. // If the validation rules exceed the costBudget, subsequent evaluations will be skipped, the list of errs returned will not be empty, and a negative remainingBudget will be returned. // Most callers can ignore the returned remainingBudget value unless another validate call is going to be made // context is passed for supporting context cancellation during cel validation func (s *Validator) Validate(ctx context.Context, fldPath *field.Path, _ *schema.Structural, obj, oldObj interface{ … } type ratchetingOptions … // shouldRatchetError returns true if the errors raised by the current node // should be ratcheted. // // Errors for the current node should be ratcheted if one of the following is true: // 1. The current node is correlatable, and it is equal to its old value // 2. The current node has a correlatable ancestor, and the ancestor is equal // to its old value. func (r ratchetingOptions) shouldRatchetError() bool { … } // Finds the next node following the field in the tree and returns options using // that node. If none could be found, then retains a reference to the last // correlatable ancestor for ratcheting purposes func (r ratchetingOptions) key(field string) ratchetingOptions { … } // Finds the next node following the index in the tree and returns options using // that node. If none could be found, then retains a reference to the last // correlatable ancestor for ratcheting purposes func (r ratchetingOptions) index(idx int) ratchetingOptions { … } func nestedToStructural(nested *schema.NestedValueValidation) *schema.Structural { … } func (s *Validator) validate(ctx context.Context, fldPath *field.Path, obj, oldObj interface{ … } func (s *Validator) validateExpressions(ctx context.Context, fldPath *field.Path, obj, oldObj interface{ … } var unescapeMatcher … func unescapeSingleQuote(s string) (string, error) { … } type validFieldPathOptions … type ValidFieldPathOption … // WithFieldPathAllowArrayNotation sets of array annotation ('[<index or map key>]') is allowed // in field paths. // Defaults to true func WithFieldPathAllowArrayNotation(allow bool) ValidFieldPathOption { … } // ValidFieldPath validates that jsonPath is a valid JSON Path containing only field and map accessors // that are valid for the given schema, and returns a field.Path representation of the validated jsonPath or an error. func ValidFieldPath(jsonPath string, schema *schema.Structural, options ...ValidFieldPathOption) (validFieldPath *field.Path, foundSchema *schema.Structural, err error) { … } func fieldErrorForReason(fldPath *field.Path, value interface{ … } // evalMessageExpression evaluates the given message expression and returns the evaluated string form and the remaining budget, or an error if one // occurred during evaluation. func evalMessageExpression(ctx context.Context, expr celgo.Program, exprSrc string, activation interpreter.Activation, remainingBudget int64) (string, int64, *cel.Error) { … } var newlineMatcher … func hasNewlines(s string) bool { … } func ruleMessageOrDefault(rule apiextensions.ValidationRule) string { … } func ruleErrorString(rule apiextensions.ValidationRule) string { … } type validationActivation … func validationActivationWithOldSelf(sts *schema.Structural, obj, oldObj interface{ … } func validationActivationWithoutOldSelf(sts *schema.Structural, obj, _ interface{ … } func (a *validationActivation) ResolveName(name string) (interface{ … } func (a *validationActivation) Parent() interpreter.Activation { … } func (s *Validator) validateMap(ctx context.Context, fldPath *field.Path, obj, oldObj map[string]interface{ … } func (s *Validator) validateArray(ctx context.Context, fldPath *field.Path, obj, oldObj []interface{ … } // MapIsCorrelatable returns true if the mapType can be used to correlate the data elements of a map after an update // with the data elements of the map from before the updated. func MapIsCorrelatable(mapType *string) bool { … } func hasXValidations(s *schema.Structural) bool { … }
Codebase Browser
kubernetes