Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Validation: add documentation and use CEL pre-processor #3333

Open
wants to merge 6 commits into
base: master
Choose a base branch
from
Open

Validation: add documentation and use CEL pre-processor #3333

wants to merge 6 commits into from

Conversation

howardjohn
Copy link
Member

Depends on istio/tools#3050.

This PR adds support for a new cel pre-processor: https://github.com/howardjohn/celpp.

This avoids the need to write incredibly verbose and error prone boilerplate to workaround limitations in the CEL language.

This PR has a few commits:

  • Run with no changes. The pre-processor formats the CEL expression, so this has some trivial changes
  • Incrementally migrate things to the new CEL macros where it makes sense to simplify
  • Add documentation for validation (includes more than just the new stuff)

@howardjohn howardjohn added the do-not-merge/hold Block automatic merging of a PR. label Oct 10, 2024
@howardjohn howardjohn requested review from a team as code owners October 10, 2024 21:10
@istio-testing istio-testing added the size/L Denotes a PR that changes 100-499 lines, ignoring generated files. label Oct 10, 2024
@istio-testing
Copy link
Collaborator

@howardjohn: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
gencheck_api 584cc10 link true /test gencheck
release-notes_api 584cc10 link false /test release-notes
build_api 584cc10 link true /test build

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

ilrudie
ilrudie reviewed Oct 23, 2024
View reviewed changes
GUIDELINES.md
Comment on lines +268 to +270
* **default**. Usage: `default(self.x, 'DEF')`.
* **oneof**. Usage: `oneof(self.x, self.y, self.z)`. This checks that 0 or 1 of these fields is set.
* **index**. Usage: `self.index({}, x, z, b)`. This does `self.x.z.b` and returns `{}` if any of these is not set.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is the difference 'DEF' must be a concrete value whereas {} could be an expression of some sort?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Both 'DEF' and {} are just examples of the same thing -- the default value. In one example I return a string and the other an empty object, but there is not a difference.

ilrudie
ilrudie reviewed Oct 23, 2024
View reviewed changes
networking/v1alpha3/service_entry.proto
// +kubebuilder:validation:XValidation:message="only one of WorkloadSelector or Endpoints can be set",rule="oneof(self.workloadSelector, self.endpoints)"
// +kubebuilder:validation:XValidation:message="CIDR addresses are allowed only for NONE/STATIC resolution types",rule="!(default(self.addresses, []).exists(k, k.contains('/')) && !(default(self.resolution, 'NONE') in ['STATIC', 'NONE']))"
// +kubebuilder:validation:XValidation:message="NONE mode cannot set endpoints",rule="default(self.resolution, 'NONE') == 'NONE' ? !has(self.endpoints) : true"
// +kubebuilder:validation:XValidation:message="DNS_ROUND_ROBIN mode cannot have multiple endpoints",rule="default(self.resolution, '') == 'DNS_ROUND_ROBIN' ? default(self.endpoints, []).size() <= 1 : true"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit it really doesn't matter for this logic but just looks a bit odd that we default to something which isn't actually the default 'NONE'

ilrudie
ilrudie reviewed Oct 23, 2024
View reviewed changes
Copy link
Contributor

@ilrudie ilrudie left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This really improves readability. It looks good to me

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ilrudie ilrudie ilrudie left review comments

At least 2 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
do-not-merge/hold Block automatic merging of a PR. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@howardjohn @istio-testing @ilrudie