const ObjectVarName … const OldObjectVarName … const ParamsVarName … const RequestVarName … const NamespaceVarName … const AuthorizerVarName … const RequestResourceAuthorizerVarName … const VariableVarName … // BuildRequestType generates a DeclType for AdmissionRequest. This may be replaced with a utility that // converts the native type definition to apiservercel.DeclType once such a utility becomes available. // The 'uid' field is omitted since it is not needed for in-process admission review. // The 'object' and 'oldObject' fields are omitted since they are exposed as root level CEL variables. func BuildRequestType() *apiservercel.DeclType { … } // BuildNamespaceType generates a DeclType for Namespace. // Certain nested fields in Namespace (e.g. managedFields, ownerReferences etc.) are omitted in the generated DeclType // by design. func BuildNamespaceType() *apiservercel.DeclType { … } type CompilationResult … type Compiler … type compiler … func NewCompiler(env *environment.EnvSet) Compiler { … } type variableDeclEnvs … // CompileCELExpression returns a compiled CEL expression. // perCallLimit was added for testing purpose only. Callers should always use const PerCallLimit from k8s.io/apiserver/pkg/apis/cel/config.go as input. func (c compiler) CompileCELExpression(expressionAccessor ExpressionAccessor, options OptionalVariableDeclarations, envType environment.Type) CompilationResult { … } func mustBuildEnvs(baseEnv *environment.EnvSet) variableDeclEnvs { … }
Codebase Browser
kubernetes