1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
//! Demonstrates static analysis of CEL validation rules.
//!
//! Run with: `cargo run --example static_analysis --features validation`
use kube_cel::{ScopeContext, analyze_rule, compile_schema};
use serde_json::json;
fn main() {
let schema = json!({
"type": "object",
"properties": {
"name": {"type": "string", "maxLength": 253},
"tags": {
"type": "array",
"items": {"type": "string"}
// Note: no maxItems — cost estimator will warn
},
"replicas": {"type": "integer"}
}
});
let compiled = compile_schema(&schema);
let rules = [
// Good rule: simple comparison, low cost
"self.replicas >= 0",
// Good rule: bounded string operation
"self.name.size() > 0",
// Potentially expensive: unbounded list comprehension
"self.tags.all(tag, tag.size() > 0)",
// Wrong scope: uses admission policy variable in CRD context
"request.userInfo.username != 'admin'",
];
println!("=== CEL Rule Analysis ===\n");
for rule in &rules {
println!("Rule: {rule}");
// Combined analysis: scope + cost in one compilation
let warnings = analyze_rule(rule, &compiled, ScopeContext::CrdValidation);
if warnings.is_empty() {
println!(" OK — no issues found\n");
} else {
for w in &warnings {
println!(" [{:?}] {}", w.kind, w.message);
}
println!();
}
}
}