-
-
Notifications
You must be signed in to change notification settings - Fork 322
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implement CEL validation proc macro for generated CRDs #1621
Implement CEL validation proc macro for generated CRDs #1621
Conversation
Signed-off-by: Danil-Grigorev <danil.grigorev@suse.com>
Signed-off-by: Danil-Grigorev <danil.grigorev@suse.com>
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #1621 +/- ##
=======================================
- Coverage 75.3% 74.6% -0.6%
=======================================
Files 82 82
Lines 7344 7416 +72
=======================================
+ Hits 5528 5532 +4
- Misses 1816 1884 +68
|
Hey this is great! Thanks a lot for doing this. I was wondering if you could elaborate a bit on a couple of things:
is this to ensure precedence of annotations? is there possibly something we could do to simplify these requirements by perhaps referencing a common rewrite rule in kube-core (like we do in schema.rs for structural rewriting)? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
quick comments / questions
kube-derive/src/custom_resource.rs
Outdated
message: Option<String>, | ||
} | ||
|
||
pub(crate) fn cel_validation(_: TokenStream, input: TokenStream) -> TokenStream { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
what is the first arg here for? the new proc macro seems take args
and input
, but you seem to be discarding args
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Probably need to be checked, they are currently empty. Could be a good place for name overrides to avoid clashes
let validation_method_name = field.ident.as_ref().map(|i| i.to_string()).unwrap_or_default(); | ||
let name = Ident::new(&validation_method_name, Span::call_site()); | ||
let field_type = &field.ty; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This stuff here could do with some comments. You're implementing a method fith a fixed name. Could this ave clashing issues? Can we parametrise such a function from kube-core instead?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As long as there is no structure Validation in the scope, there should not be a clash, but makes sense to add an override for such occasion 👍🏻
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should be added now - #[cel_validation(struct_name = "FooSpecValidation")]
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
i guess i am still confused about the temporary struct you are making. it seems to me that the #[cel_validation(struct_name = X struct X is there for you to implement a method, but that method feels like something we can define cleanly inside kube-core, and invoke from kube-derive.
kube-derive/src/custom_resource.rs
Outdated
let struct_name = ast.ident.to_string() + "Validation"; | ||
let anchor = Ident::new(&struct_name, Span::call_site()); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
magic names needs a comment here probably
yes, I was trying to replace If the keyword comes after derive, no macro will be able to process replaced #[schemars] annotations. |
- https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/#validation-rules Signed-off-by: Danil-Grigorev <danil.grigorev@suse.com>
Signed-off-by: Danil-Grigorev <danil.grigorev@suse.com>
I'll close it for now to find more suitable approach. |
Motivation
CRDs allow to declare server-side validation rules using CEL. This functionality is supported via
#[schemars(schema_with = "<schemagen-wrapper>")]
, but requires defining a method with handling logic, which may be error-prone.Since
kube
owns CRD generation code, the idea is to simplify this process for added validation rules and achieve more declarative approach, similar to thekubebuilder
library. This approach will be compatible withkopium
generation based on existing CRD structures, already using CEL expressions.Solution
Allow for a more native handling of CEL validation rules on the CRDs via a field macro.
Unfortunately due to limitations of derive macros, a new
#[proc_macro_attribute]
is required to allow adjustments of the annotations on the fields, currently named#[cel_validation]
(working prototype name),Similar approach may also be used to allow for server-side defaults and other custom modifications of the CRD in the future, if decided.