From 0404ad2c2ba998527de71a56a25cdecad9b4a03b Mon Sep 17 00:00:00 2001
From: Joe Betz <jpbetz@google.com>
Date: Mon, 7 Aug 2023 12:41:52 -0400
Subject: [PATCH] Add test coverage of result size of string operations

Kubernetes-commit: ab26637eae47f953190a4d93a7f6155e3b7e89cc
---
 .../validation/validation_test.go             | 26 +++++++++++++++++++
 .../schema/cel/celcoststability_test.go       |  1 +
 pkg/apiserver/schema/cel/compilation_test.go  |  6 ++---
 3 files changed, 30 insertions(+), 3 deletions(-)

diff --git a/pkg/apis/apiextensions/validation/validation_test.go b/pkg/apis/apiextensions/validation/validation_test.go
index 11ef6fd24..1d7316e58 100644
--- a/pkg/apis/apiextensions/validation/validation_test.go
+++ b/pkg/apis/apiextensions/validation/validation_test.go
@@ -9315,6 +9315,32 @@ func TestValidateCustomResourceDefinitionValidation(t *testing.T) {
 				forbidden("spec.validation.openAPIV3Schema.properties[f].x-kubernetes-validations[0].messageExpression"),
 			},
 		},
+		{
+			name: "x-kubernetes-validations rule with lowerAscii check should be within estimated cost limit",
+			opts: validationOptions{requireStructuralSchema: true},
+			input: apiextensions.CustomResourceValidation{
+				OpenAPIV3Schema: &apiextensions.JSONSchemaProps{
+					Type: "object",
+					Properties: map[string]apiextensions.JSONSchemaProps{
+						"f": {
+							Type:     "array",
+							MaxItems: pointer.Int64(5),
+							Items: &apiextensions.JSONSchemaPropsOrArray{
+								Schema: &apiextensions.JSONSchemaProps{
+									Type:      "string",
+									MaxLength: pointer.Int64(5),
+								},
+							},
+							XValidations: apiextensions.ValidationRules{
+								{
+									Rule: "self.all(x, self.exists_one(y, x.lowerAscii() == y.lowerAscii()))",
+								},
+							},
+						},
+					},
+				},
+			},
+		},
 		{
 			name: "x-kubernetes-validations rule invalidated by messageExpression exceeding per-CRD estimated cost limit",
 			opts: validationOptions{requireStructuralSchema: true},
diff --git a/pkg/apiserver/schema/cel/celcoststability_test.go b/pkg/apiserver/schema/cel/celcoststability_test.go
index ab614bcd3..5e1a9bbca 100644
--- a/pkg/apiserver/schema/cel/celcoststability_test.go
+++ b/pkg/apiserver/schema/cel/celcoststability_test.go
@@ -115,6 +115,7 @@ func TestCelCostStability(t *testing.T) {
 				"self.val1.substring(4, 10).trim() == 'takes'":     6,
 				"self.val1.upperAscii() == 'ROOK TAKES 👑'":         6,
 				"self.val1.lowerAscii() == 'rook takes 👑'":         6,
+				"self.val1.lowerAscii() == self.val1.lowerAscii()": 10,
 			},
 		},
 		{name: "escaped strings",
diff --git a/pkg/apiserver/schema/cel/compilation_test.go b/pkg/apiserver/schema/cel/compilation_test.go
index 1b575ba30..481f97905 100644
--- a/pkg/apiserver/schema/cel/compilation_test.go
+++ b/pkg/apiserver/schema/cel/compilation_test.go
@@ -1688,12 +1688,12 @@ func TestCostEstimation(t *testing.T) {
 					"before": strType,
 					"after":  strType,
 				})
-				objType = withRule(objType, "self.str.replace(self.before, self.after) == 'does not matter'")
+				objType = withRule(objType, "self.str.replace(self.before, self.after) == '0123456789'")
 				return &objType
 			},
-			expectedCalcCost: 629154,
+			expectedCalcCost: 629152,
 			setMaxElements:   10,
-			expectedSetCost:  16,
+			expectedSetCost:  14,
 		},
 		{
 			name: "extended library split",