dra api: implement semver attribute value type

pohly · k8s-publishing-bot · commit 7b41fd0a76a2 · 2024-03-04T09:13:19.000+01:00
This adds support for semantic version comparison to the CEL support in the "named resources" structured parameter model. For example, it can be used to check that an instance supports a certain API level. To minimize the risk, the new "semver" type is only defined in the CEL environment for DRA expressions, not in the base library. See kubernetes/kubernetes#123664 for a PR which adds it to the base library. Validation of semver strings is done with the regular expression from semver.org. The actual evaluation at runtime then uses semver/v4. Kubernetes-commit: 42ee56f093133402ed860d4c5f54b049041386c9
diff --git a/go.mod b/go.mod
@@ -5,6 +5,7 @@ module k8s.io/dynamic-resource-allocation
 go 1.22.0
 
 require (
+	github.com/blang/semver/v4 v4.0.0
 	github.com/go-logr/logr v1.4.1
 	github.com/google/cel-go v0.17.8
 	github.com/google/go-cmp v0.6.0
diff --git a/go.sum b/go.sum
@@ -6,6 +6,7 @@ github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230305170008-8188dc5388df/g
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
 github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
+github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM=
 github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ=
 github.com/cenkalti/backoff/v4 v4.2.1/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
 github.com/census-instrumentation/opencensus-proto v0.4.1/go.mod h1:4T9NM4+4Vw91VeyqjLS6ao50K5bOcLKN6Q42XnYaRYw=
diff --git a/structured/namedresources/cel/compile.go b/structured/namedresources/cel/compile.go
@@ -21,6 +21,7 @@ import (
 	"fmt"
 	"reflect"
 
+	"github.com/blang/semver/v4"
 	"github.com/google/cel-go/cel"
 	"github.com/google/cel-go/common/types"
 	"github.com/google/cel-go/common/types/traits"
@@ -105,43 +106,54 @@ var valueTypes = map[string]struct {
 	celType *cel.Type
 	// get returns nil if the attribute doesn't have the type, otherwise
 	// the value of that type.
-	get func(attr resourceapi.NamedResourcesAttribute) any
+	get func(attr resourceapi.NamedResourcesAttribute) (any, error)
 }{
-	"quantity": {apiservercel.QuantityType, func(attr resourceapi.NamedResourcesAttribute) any {
+	"quantity": {apiservercel.QuantityType, func(attr resourceapi.NamedResourcesAttribute) (any, error) {
 		if attr.QuantityValue == nil {
-			return nil
+			return nil, nil
 		}
-		return apiservercel.Quantity{Quantity: attr.QuantityValue}
+		return apiservercel.Quantity{Quantity: attr.QuantityValue}, nil
 	}},
-	"bool": {cel.BoolType, func(attr resourceapi.NamedResourcesAttribute) any {
+	"bool": {cel.BoolType, func(attr resourceapi.NamedResourcesAttribute) (any, error) {
 		if attr.BoolValue == nil {
-			return nil
+			return nil, nil
 		}
-		return *attr.BoolValue
+		return *attr.BoolValue, nil
 	}},
-	"int": {cel.IntType, func(attr resourceapi.NamedResourcesAttribute) any {
+	"int": {cel.IntType, func(attr resourceapi.NamedResourcesAttribute) (any, error) {
 		if attr.IntValue == nil {
-			return nil
+			return nil, nil
 		}
-		return *attr.IntValue
+		return *attr.IntValue, nil
 	}},
-	"intslice": {types.NewListType(cel.IntType), func(attr resourceapi.NamedResourcesAttribute) any {
+	"intslice": {types.NewListType(cel.IntType), func(attr resourceapi.NamedResourcesAttribute) (any, error) {
 		if attr.IntSliceValue == nil {
-			return nil
+			return nil, nil
 		}
-		return attr.IntSliceValue.Ints
+		return attr.IntSliceValue.Ints, nil
 	}},
-	"string": {cel.StringType, func(attr resourceapi.NamedResourcesAttribute) any {
+	"string": {cel.StringType, func(attr resourceapi.NamedResourcesAttribute) (any, error) {
 		if attr.StringValue == nil {
-			return nil
+			return nil, nil
 		}
-		return *attr.StringValue
+		return *attr.StringValue, nil
 	}},
-	"stringslice": {types.NewListType(cel.StringType), func(attr resourceapi.NamedResourcesAttribute) any {
+	"stringslice": {types.NewListType(cel.StringType), func(attr resourceapi.NamedResourcesAttribute) (any, error) {
 		if attr.StringSliceValue == nil {
-			return nil
+			return nil, nil
 		}
-		return attr.StringSliceValue.Strings
+		return attr.StringSliceValue.Strings, nil
+	}},
+	"version": {SemverType, func(attr resourceapi.NamedResourcesAttribute) (any, error) {
+		if attr.VersionValue == nil {
+			return nil, nil
+		}
+		v, err := semver.Parse(*attr.VersionValue)
+		if err != nil {
+			return nil, fmt.Errorf("parse semantic version: %v", err)
+		}
+
+		return Semver{Version: v}, nil
 	}},
 }
 
@@ -150,7 +162,11 @@ var boolType = reflect.TypeOf(true)
 func (c CompilationResult) Evaluate(ctx context.Context, attributes []resourceapi.NamedResourcesAttribute) (bool, error) {
 	variables := make(map[string]any, len(valueTypes))
 	for name, valueType := range valueTypes {
-		variables[attributesVarPrefix+name] = buildValueMapper(c.Environment.CELTypeAdapter(), attributes, valueType.get)
+		m, err := buildValueMapper(c.Environment.CELTypeAdapter(), attributes, valueType.get)
+		if err != nil {
+			return false, fmt.Errorf("extract attributes with type %s: %v", name, err)
+		}
+		variables[attributesVarPrefix+name] = m
 	}
 	result, _, err := c.Program.ContextEval(ctx, variables)
 	if err != nil {
@@ -172,7 +188,9 @@ func mustBuildEnv() *environment.EnvSet {
 	versioned := []environment.VersionedOptions{
 		{
 			IntroducedVersion: version.MajorMinor(1, 30),
-			EnvOptions:        buildVersionedAttributes(),
+			EnvOptions: append(buildVersionedAttributes(),
+				SemverLib(),
+			),
 		},
 	}
 	envset, err := envset.Extend(versioned...)
@@ -190,17 +208,21 @@ func buildVersionedAttributes() []cel.EnvOption {
 	return options
 }
 
-func buildValueMapper(adapter types.Adapter, attributes []resourceapi.NamedResourcesAttribute, get func(resourceapi.NamedResourcesAttribute) any) traits.Mapper {
+func buildValueMapper(adapter types.Adapter, attributes []resourceapi.NamedResourcesAttribute, get func(resourceapi.NamedResourcesAttribute) (any, error)) (traits.Mapper, error) {
 	// This implementation constructs a map and then let's cel handle the
 	// lookup and iteration. This is done for the sake of simplicity.
 	// Whether it's faster than writing a custom mapper depends on
 	// real-world attribute sets and CEL expressions and would have to be
 	// benchmarked.
 	valueMap := make(map[string]any)
-	for _, attribute := range attributes {
-		if value := get(attribute); value != nil {
+	for name, attribute := range attributes {
+		value, err := get(attribute)
+		if err != nil {
+			return nil, fmt.Errorf("attribute %q: %v", name, err)
+		}
+		if value != nil {
 			valueMap[attribute.Name] = value
 		}
 	}
-	return types.NewStringInterfaceMap(adapter, valueMap)
+	return types.NewStringInterfaceMap(adapter, valueMap), nil
 }
diff --git a/structured/namedresources/cel/semver.go b/structured/namedresources/cel/semver.go
@@ -0,0 +1,73 @@
+/*
+Copyright 2024 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package cel
+
+import (
+	"fmt"
+	"reflect"
+
+	"github.com/blang/semver/v4"
+	"github.com/google/cel-go/cel"
+	"github.com/google/cel-go/common/types"
+	"github.com/google/cel-go/common/types/ref"
+)
+
+var (
+	SemverType = cel.ObjectType("kubernetes.Semver")
+)
+
+// Semver provdes a CEL representation of a [semver.Version].
+type Semver struct {
+	semver.Version
+}
+
+func (v Semver) ConvertToNative(typeDesc reflect.Type) (interface{}, error) {
+	if reflect.TypeOf(v.Version).AssignableTo(typeDesc) {
+		return v.Version, nil
+	}
+	if reflect.TypeOf("").AssignableTo(typeDesc) {
+		return v.Version.String(), nil
+	}
+	return nil, fmt.Errorf("type conversion error from 'Semver' to '%v'", typeDesc)
+}
+
+func (v Semver) ConvertToType(typeVal ref.Type) ref.Val {
+	switch typeVal {
+	case SemverType:
+		return v
+	case types.TypeType:
+		return SemverType
+	default:
+		return types.NewErr("type conversion error from '%s' to '%s'", SemverType, typeVal)
+	}
+}
+
+func (v Semver) Equal(other ref.Val) ref.Val {
+	otherDur, ok := other.(Semver)
+	if !ok {
+		return types.MaybeNoSuchOverloadErr(other)
+	}
+	return types.Bool(v.Version.EQ(otherDur.Version))
+}
+
+func (v Semver) Type() ref.Type {
+	return SemverType
+}
+
+func (v Semver) Value() interface{} {
+	return v.Version
+}
diff --git a/structured/namedresources/cel/semver_test.go b/structured/namedresources/cel/semver_test.go
diff --git a/structured/namedresources/cel/semverlib.go b/structured/namedresources/cel/semverlib.go
