Skip to content

Commit

Permalink
Merge pull request #119807 from jpbetz/automated-cherry-pick-of-#1198…
Browse files Browse the repository at this point in the history
…00-origin-release-1.28

Automated cherry pick of #119800: Fixes CEL estimated cost to propagate result sizes correctly

Kubernetes-commit: ab3cebfdb2cd1054f34f4287a757755810ede009
  • Loading branch information
k8s-publishing-bot committed Sep 6, 2023
2 parents 6087aeb + 4d28f48 commit efb98fd
Show file tree
Hide file tree
Showing 5 changed files with 41 additions and 12 deletions.
6 changes: 3 additions & 3 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ require (
github.com/emicklei/go-restful/v3 v3.9.0
github.com/evanphx/json-patch v4.12.0+incompatible
github.com/gogo/protobuf v1.3.2
github.com/google/cel-go v0.16.0
github.com/google/cel-go v0.16.1
github.com/google/gnostic-models v0.6.8
github.com/google/go-cmp v0.5.9
github.com/google/gofuzz v1.2.0
Expand All @@ -26,7 +26,7 @@ require (
gopkg.in/yaml.v2 v2.4.0
k8s.io/api v0.0.0-20230904104028-546e4253e738
k8s.io/apimachinery v0.0.0-20230904102823-bc548d1d2406
k8s.io/apiserver v0.0.0-20230904114607-bf038b7f385e
k8s.io/apiserver v0.0.0-20230906193730-7e09bf350908
k8s.io/client-go v0.0.0-20230904110526-745513ad7b37
k8s.io/code-generator v0.0.0-20230807201159-791c213a776b
k8s.io/component-base v0.0.0-20230904111932-ef6aa9891ad3
Expand Down Expand Up @@ -129,7 +129,7 @@ require (
replace (
k8s.io/api => k8s.io/api v0.0.0-20230904104028-546e4253e738
k8s.io/apimachinery => k8s.io/apimachinery v0.0.0-20230904102823-bc548d1d2406
k8s.io/apiserver => k8s.io/apiserver v0.0.0-20230904114607-bf038b7f385e
k8s.io/apiserver => k8s.io/apiserver v0.0.0-20230906193730-7e09bf350908
k8s.io/client-go => k8s.io/client-go v0.0.0-20230904110526-745513ad7b37
k8s.io/code-generator => k8s.io/code-generator v0.0.0-20230807201159-791c213a776b
k8s.io/component-base => k8s.io/component-base v0.0.0-20230904111932-ef6aa9891ad3
Expand Down
8 changes: 4 additions & 4 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -159,8 +159,8 @@ github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Z
github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
github.com/google/btree v1.0.1 h1:gK4Kx5IaGY9CD5sPJ36FHiBJ6ZXl0kilRiiCj+jdYp4=
github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA=
github.com/google/cel-go v0.16.0 h1:DG9YQ8nFCFXAs/FDDwBxmL1tpKNrdlGUM9U3537bX/Y=
github.com/google/cel-go v0.16.0/go.mod h1:HXZKzB0LXqer5lHHgfWAnlYwJaQBDKMjxjulNQzhwhY=
github.com/google/cel-go v0.16.1 h1:3hZfSNiAU3KOiNtxuFXVp5WFy4hf/Ly3Sa4/7F8SXNo=
github.com/google/cel-go v0.16.1/go.mod h1:HXZKzB0LXqer5lHHgfWAnlYwJaQBDKMjxjulNQzhwhY=
github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I=
github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U=
github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
Expand Down Expand Up @@ -673,8 +673,8 @@ k8s.io/api v0.0.0-20230904104028-546e4253e738 h1:0PmEjeZX6g4bLgztHHEVVj0XrMQ+F8u
k8s.io/api v0.0.0-20230904104028-546e4253e738/go.mod h1:4GpdFbUbYEFNj6e44T5yz6hE7p8yAn4+dYvmqTPVuOs=
k8s.io/apimachinery v0.0.0-20230904102823-bc548d1d2406 h1:/YP5PLKVrV5WDzScq2agCBHPP0FCLVrU/4d9+j8uEFs=
k8s.io/apimachinery v0.0.0-20230904102823-bc548d1d2406/go.mod h1:RdzF87y/ngqk9H4z3EL2Rppv5jj95vGS/HaFXrLDApU=
k8s.io/apiserver v0.0.0-20230904114607-bf038b7f385e h1:J1HaAqOL9irju2bXc34G3Z2UTXZVnE+GLOfSD1NTwRg=
k8s.io/apiserver v0.0.0-20230904114607-bf038b7f385e/go.mod h1:CjTNnDKEDMQHdsr2dzFdIFuoZxfXISlPuT7BSOa3YQw=
k8s.io/apiserver v0.0.0-20230906193730-7e09bf350908 h1:HVeQjJRMlaVBcjY4ujcNXpta+aLDa7QXz5K1y38r43E=
k8s.io/apiserver v0.0.0-20230906193730-7e09bf350908/go.mod h1:CZwPGvyqJFPbGm/wL283IZM52p6VcGic+gXoOP7wy+4=
k8s.io/client-go v0.0.0-20230904110526-745513ad7b37 h1:+SF0CtBoQI6Eso+8poN4i55d4oUahClerZwALYSz6Tw=
k8s.io/client-go v0.0.0-20230904110526-745513ad7b37/go.mod h1:9oac6LWqvfKcphw6P69YH6Ns8xgf4S3ciKrBfqXxq3c=
k8s.io/code-generator v0.0.0-20230807201159-791c213a776b h1:SQbgU/KO+8dA4z1FG2Miatu7XYb3oDc7tzbycneiyDY=
Expand Down
26 changes: 26 additions & 0 deletions pkg/apis/apiextensions/validation/validation_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -9315,6 +9315,32 @@ func TestValidateCustomResourceDefinitionValidation(t *testing.T) {
forbidden("spec.validation.openAPIV3Schema.properties[f].x-kubernetes-validations[0].messageExpression"),
},
},
{
name: "x-kubernetes-validations rule with lowerAscii check should be within estimated cost limit",
opts: validationOptions{requireStructuralSchema: true},
input: apiextensions.CustomResourceValidation{
OpenAPIV3Schema: &apiextensions.JSONSchemaProps{
Type: "object",
Properties: map[string]apiextensions.JSONSchemaProps{
"f": {
Type: "array",
MaxItems: pointer.Int64(5),
Items: &apiextensions.JSONSchemaPropsOrArray{
Schema: &apiextensions.JSONSchemaProps{
Type: "string",
MaxLength: pointer.Int64(5),
},
},
XValidations: apiextensions.ValidationRules{
{
Rule: "self.all(x, self.exists_one(y, x.lowerAscii() == y.lowerAscii()))",
},
},
},
},
},
},
},
{
name: "x-kubernetes-validations rule invalidated by messageExpression exceeding per-CRD estimated cost limit",
opts: validationOptions{requireStructuralSchema: true},
Expand Down
1 change: 1 addition & 0 deletions pkg/apiserver/schema/cel/celcoststability_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -115,6 +115,7 @@ func TestCelCostStability(t *testing.T) {
"self.val1.substring(4, 10).trim() == 'takes'": 6,
"self.val1.upperAscii() == 'ROOK TAKES 👑'": 6,
"self.val1.lowerAscii() == 'rook takes 👑'": 6,
"self.val1.lowerAscii() == self.val1.lowerAscii()": 10,
},
},
{name: "escaped strings",
Expand Down
12 changes: 7 additions & 5 deletions pkg/apiserver/schema/cel/compilation_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -1683,17 +1683,19 @@ func TestCostEstimation(t *testing.T) {
name: "extended library replace",
schemaGenerator: func(max *int64) *schema.Structural {
strType := withMaxLength(primitiveType("string", ""), max)
beforeLen := int64(2)
afterLen := int64(4)
objType := objectType(map[string]schema.Structural{
"str": strType,
"before": strType,
"after": strType,
"before": withMaxLength(primitiveType("string", ""), &beforeLen),
"after": withMaxLength(primitiveType("string", ""), &afterLen),
})
objType = withRule(objType, "self.str.replace(self.before, self.after) == 'does not matter'")
return &objType
},
expectedCalcCost: 629154,
setMaxElements: 10,
expectedSetCost: 16,
expectedCalcCost: 629154, // cost is based on the result size of the replace() call
setMaxElements: 4,
expectedSetCost: 12,
},
{
name: "extended library split",
Expand Down

0 comments on commit efb98fd

Please sign in to comment.