Upgrade constraint framework to add new K8s Native Validation driver …

…schema Signed-off-by: Max Smythe <smythe@google.com>
maxsmythe · Aug 12, 2023 · 0f4779a · 0f4779a
1 parent 1e8b914
commit 0f4779a
Show file tree

Hide file tree

Showing 10 changed files with 564 additions and 89 deletions.
diff --git a/demo/k8s-validating-admission-policy/k8srequiredlabels_template.yaml b/demo/k8s-validating-admission-policy/k8srequiredlabels_template.yaml
@@ -28,14 +28,8 @@ spec:
       code:
         - engine: K8sNativeValidation
           source:
-           apiVersion: admissionregistration.k8s.io/v1alpha1
-           kind: ValidatingAdmissionPolicy
-           spec:
-             paramKind:
-               apiVersion: "foobar/v1"
-               kind: "Placeholder"
-             validations:
-             - expression: "params.spec.parameters.labels.all(entry, has(object.metadata.labels) && entry.key in object.metadata.labels)"
-               messageExpression: '"missing required label, requires all of: " + params.spec.parameters.labels.map(entry, entry.key).join(", ")'
-             - expression: "!params.spec.parameters.labels.exists(entry, has(object.metadata.labels) && entry.key in object.metadata.labels && !string(object.metadata.labels[entry.key]).matches(string(entry.allowedRegex)))"
-               message: "regex mismatch"
+            validations:
+            - expression: "variables.params.labels.all(entry, has(object.metadata.labels) && entry.key in object.metadata.labels)"
+              messageExpression: '"missing required label, requires all of: " + variables.params.labels.map(entry, entry.key).join(", ")'
+            - expression: "!variables.params.labels.exists(entry, has(object.metadata.labels) && entry.key in object.metadata.labels && !string(object.metadata.labels[entry.key]).matches(string(entry.allowedRegex)))"
+              message: "regex mismatch"
diff --git a/go.mod b/go.mod
@@ -20,7 +20,7 @@ require (
 	github.com/google/uuid v1.3.0
 	github.com/onsi/gomega v1.27.7
 	github.com/open-policy-agent/cert-controller v0.8.0
-	github.com/open-policy-agent/frameworks/constraint v0.0.0-20230712214810-96753a21c26f
+	github.com/open-policy-agent/frameworks/constraint v0.0.0-20230812003220-e24af74adbae
 	github.com/pkg/errors v0.9.1
 	github.com/prometheus/client_golang v1.16.0
 	github.com/spf13/cobra v1.7.0

diff --git a/go.sum b/go.sum
@@ -966,6 +966,8 @@ github.com/open-policy-agent/cert-controller v0.8.0 h1:pao3WCLsKGz5dSWSlNUFrNFQd
 github.com/open-policy-agent/cert-controller v0.8.0/go.mod h1:alotCQRwX4M6VEwEgO53FB6nGLSlvah6L0pWxSRslIk=
 github.com/open-policy-agent/frameworks/constraint v0.0.0-20230712214810-96753a21c26f h1:dJDnp6A6LBrU/hbve5NzZNV3OzPYXdD0SJUn+xAPj+I=
 github.com/open-policy-agent/frameworks/constraint v0.0.0-20230712214810-96753a21c26f/go.mod h1:54/KzLMvA5ndBVpm7B1OjLeV0cUtTLTz2bZ2OtydLpU=
+github.com/open-policy-agent/frameworks/constraint v0.0.0-20230812003220-e24af74adbae h1:NdSZfqm8lAJG4o8iiQltzsU8Ime2KzfvWY/HtLOddc4=
+github.com/open-policy-agent/frameworks/constraint v0.0.0-20230812003220-e24af74adbae/go.mod h1:54/KzLMvA5ndBVpm7B1OjLeV0cUtTLTz2bZ2OtydLpU=
 github.com/open-policy-agent/opa v0.54.0 h1:mGEsK+R5ZTMV8fzzbNzmYDGbTmY30wmRCIHmtm2VqWs=
 github.com/open-policy-agent/opa v0.54.0/go.mod h1:d8I8jWygKGi4+T4H07qrbeCdH1ITLsEfT0M+bsvxWw0=
 github.com/opencontainers/go-digest v0.0.0-20170106003457-a6d0ee40d420/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=

diff --git a/vendor/github.com/open-policy-agent/frameworks/constraint/pkg/client/crds/validate.go b/vendor/github.com/open-policy-agent/frameworks/constraint/pkg/client/crds/validate.go
diff --git a/...or/github.com/open-policy-agent/frameworks/constraint/pkg/client/drivers/k8scel/driver.go b/...or/github.com/open-policy-agent/frameworks/constraint/pkg/client/drivers/k8scel/driver.go
diff --git a/vendor/github.com/open-policy-agent/frameworks/constraint/pkg/client/drivers/k8scel/new.go b/vendor/github.com/open-policy-agent/frameworks/constraint/pkg/client/drivers/k8scel/new.go