kube-cel 0.5.3

Kubernetes CEL extension functions for the cel crate
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69

//! Validate Kubernetes objects against CRD schema CEL rules.
//!
//! Run with: `cargo run --example validate_crd --features validation`

use kube_cel::validation::Validator;
use serde_json::json;

fn main() {
    let schema = json!({
        "type": "object",
        "properties": {
            "spec": {
                "type": "object",
                "properties": {
                    "replicas": {
                        "type": "integer",
                        "x-kubernetes-validations": [
                            {"rule": "self >= 0", "message": "replicas must be non-negative"}
                        ]
                    }
                },
                "x-kubernetes-validations": [
                    {"rule": "self.replicas >= 1", "message": "at least one replica required"}
                ]
            }
        }
    });

    let validator = Validator::new();

    // Valid object
    let valid = json!({"spec": {"replicas": 3}});
    let errors = validator.validate(&schema, &valid, None);
    println!("Valid object: {} errors", errors.len());

    // Invalid object
    let invalid = json!({"spec": {"replicas": -1}});
    let errors = validator.validate(&schema, &invalid, None);
    println!("\nInvalid object: {} errors", errors.len());
    for err in &errors {
        println!("  [{path}] {msg}", path = err.field_path, msg = err.message);
    }

    // Transition rule (update check)
    let transition_schema = json!({
        "type": "object",
        "x-kubernetes-validations": [{
            "rule": "self.replicas >= oldSelf.replicas",
            "message": "cannot scale down"
        }],
        "properties": {
            "replicas": {"type": "integer"}
        }
    });

    let new_obj = json!({"replicas": 2});
    let old_obj = json!({"replicas": 5});

    // Create (no old object): transition rule skipped
    let errors = validator.validate(&transition_schema, &new_obj, None);
    println!("\nCreate (no old): {} errors", errors.len());

    // Update (scale down): transition rule fires
    let errors = validator.validate(&transition_schema, &new_obj, Some(&old_obj));
    println!("Update (scale down): {} errors", errors.len());
    for err in &errors {
        println!("  {}", err);
    }
}