Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support CEL CRD validation expressions that reference existing object state. #108073

Merged
merged 2 commits into from Mar 25, 2022
Merged

Support CEL CRD validation expressions that reference existing object state. #108073

merged 2 commits into from Mar 25, 2022

Conversation

benluddy
Copy link
Contributor

@benluddy benluddy commented Feb 11, 2022
edited

What type of PR is this?

/kind feature

What this PR does / why we need it:

Adds support for CEL CRD validation expressions that reference the existing state of an object during CR updates.

Special notes for your reviewer:

https://github.com/kubernetes/enhancements/tree/787e5513d09096756c61aaba1916a73cb1dd348b/keps/sig-api-machinery/2876-crd-validation-expression-language#transition-rules

Does this PR introduce a user-facing change?

CEL CRD validation expressions may now reference existing object state using the identifier `oldSelf`.

Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.:

- [KEP]: https://github.com/kubernetes/enhancements/tree/787e5513d09096756c61aaba1916a73cb1dd348b/keps/sig-api-machinery/2876-crd-validation-expression-language#transition-rules

@k8s-ci-robot
Copy link
Contributor

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@k8s-ci-robot k8s-ci-robot added do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. kind/feature Categorizes issue or PR as related to a new feature. size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. do-not-merge/release-note-label-needed Indicates that a PR should not merge because it's missing one of the release note labels. do-not-merge/needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. needs-priority Indicates a PR lacks a `priority/foo` label and requires one. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/api-change Categorizes issue or PR as related to adding, removing, or otherwise changing an API sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. and removed do-not-merge/needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. labels Feb 11, 2022
@benluddy benluddy force-pushed the cel-transition-rule-oldself-plumbing branch 4 times, most recently from 1391d95 to 0343e61 Compare February 11, 2022 21:40
@fedebongio
Copy link
Contributor

/triage accepted

@k8s-ci-robot k8s-ci-robot added triage/accepted Indicates an issue or PR is ready to be actively worked on. and removed needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. labels Feb 15, 2022
@benluddy benluddy force-pushed the cel-transition-rule-oldself-plumbing branch 3 times, most recently from a8d7e35 to d539ebd Compare February 24, 2022 20:37
@benluddy
Copy link
Contributor Author

benluddy commented Mar 2, 2022

/cc @tkashem

@k8s-ci-robot k8s-ci-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Mar 3, 2022
@benluddy benluddy force-pushed the cel-transition-rule-oldself-plumbing branch from d539ebd to 0e10143 Compare March 3, 2022 21:38
@k8s-ci-robot k8s-ci-robot added release-note Denotes a PR that will be considered when it comes time to generate release notes. and removed needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. labels Mar 3, 2022
@k8s-ci-robot k8s-ci-robot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Mar 23, 2022
@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Mar 23, 2022
@jpbetz
Copy link
Contributor

jpbetz commented Mar 23, 2022

/priority important-soon

@k8s-ci-robot k8s-ci-robot added priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. and removed needs-priority Indicates a PR lacks a `priority/foo` label and requires one. labels Mar 23, 2022
@k8s-triage-robot
Copy link

The Kubernetes project has merge-blocking tests that are currently too flaky to consistently pass.

This bot retests PRs for certain kubernetes repos according to the following rules:

  • The PR does have any do-not-merge/* labels
  • The PR does not have the needs-ok-to-test label
  • The PR is mergeable (does not have a needs-rebase label)
  • The PR is approved (has cncf-cla: yes, lgtm, approved labels)
  • The PR is failing tests required for merge

You can:

/retest

3 similar comments
@k8s-triage-robot
Copy link

The Kubernetes project has merge-blocking tests that are currently too flaky to consistently pass.

This bot retests PRs for certain kubernetes repos according to the following rules:

  • The PR does have any do-not-merge/* labels
  • The PR does not have the needs-ok-to-test label
  • The PR is mergeable (does not have a needs-rebase label)
  • The PR is approved (has cncf-cla: yes, lgtm, approved labels)
  • The PR is failing tests required for merge

You can:

/retest

@k8s-triage-robot
Copy link

The Kubernetes project has merge-blocking tests that are currently too flaky to consistently pass.

This bot retests PRs for certain kubernetes repos according to the following rules:

  • The PR does have any do-not-merge/* labels
  • The PR does not have the needs-ok-to-test label
  • The PR is mergeable (does not have a needs-rebase label)
  • The PR is approved (has cncf-cla: yes, lgtm, approved labels)
  • The PR is failing tests required for merge

You can:

/retest

@k8s-triage-robot
Copy link

The Kubernetes project has merge-blocking tests that are currently too flaky to consistently pass.

This bot retests PRs for certain kubernetes repos according to the following rules:

  • The PR does have any do-not-merge/* labels
  • The PR does not have the needs-ok-to-test label
  • The PR is mergeable (does not have a needs-rebase label)
  • The PR is approved (has cncf-cla: yes, lgtm, approved labels)
  • The PR is failing tests required for merge

You can:

/retest

@jpbetz jpbetz force-pushed the cel-transition-rule-oldself-plumbing branch from 6f4f700 to 0151432 Compare March 24, 2022 15:35
@k8s-ci-robot k8s-ci-robot removed the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Mar 24, 2022
@benluddy @jpbetz
Allow and enforce CEL CRD validation rules that reference oldSelf.
fe38a41 
Co-authored-by: Joe Betz <jpbetz@google.com>
@jpbetz jpbetz force-pushed the cel-transition-rule-oldself-plumbing branch from 0151432 to 7c2ae10 Compare March 24, 2022 22:21
@jpbetz
Copy link
Contributor

jpbetz commented Mar 24, 2022

rebased

@jpbetz
Copy link
Contributor

jpbetz commented Mar 24, 2022

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Mar 24, 2022
@jpbetz
Copy link
Contributor

jpbetz commented Mar 25, 2022

/retest

@jpbetz jpbetz force-pushed the cel-transition-rule-oldself-plumbing branch from 7c2ae10 to f71c4d4 Compare March 25, 2022 01:20
@k8s-ci-robot k8s-ci-robot removed the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Mar 25, 2022
@jpbetz
Copy link
Contributor

jpbetz commented Mar 25, 2022

/retest

@jpbetz
Copy link
Contributor

jpbetz commented Mar 25, 2022

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Mar 25, 2022
@jpbetz
Copy link
Contributor

jpbetz commented Mar 25, 2022

/test pull-kubernetes-e2e-kind-ipv6

@k8s-ci-robot k8s-ci-robot merged commit ef404e9 into kubernetes:master Mar 25, 2022
@k8s-ci-robot k8s-ci-robot added this to the v1.24 milestone Mar 25, 2022
@github-actions github-actions bot mentioned this pull request Mar 29, 2022
Open
@pacoxu pacoxu mentioned this pull request Apr 1, 2022
Closed
@jpbetz jpbetz mentioned this pull request Jun 13, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jpbetz jpbetz jpbetz left review comments

@liggitt liggitt liggitt left review comments

@deads2k deads2k Awaiting requested review from deads2k

@pwittrock pwittrock Awaiting requested review from pwittrock

@tkashem tkashem Awaiting requested review from tkashem

@logicalhan logicalhan Awaiting requested review from logicalhan

@mikedanese mikedanese Awaiting requested review from mikedanese

Assignees

@jpbetz jpbetz

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/test cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/api-change Categorizes issue or PR as related to adding, removing, or otherwise changing an API kind/feature Categorizes issue or PR as related to a new feature. lgtm "Looks good to me", indicates that a PR is ready to be merged. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. release-note Denotes a PR that will be considered when it comes time to generate release notes. sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. sig/testing Categorizes an issue or PR as relevant to SIG Testing. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. triage/accepted Indicates an issue or PR is ready to be actively worked on.
Projects
None yet
Milestone
v1.24
Development

Successfully merging this pull request may close these issues.

None yet
7 participants
@benluddy @k8s-ci-robot @fedebongio @jpbetz @k8s-triage-robot @liggitt @logicalhan