refactor: policy compilation

Signed-off-by: Charles-Edouard Brétéché <[email protected]>
kyverno · Sep 24, 2024 · c51d502 · c51d502
1 parent 9d7931b
commit c51d502
Show file tree

Hide file tree

Showing 10 changed files with 520 additions and 213 deletions.
diff --git a/pkg/apis/policy/v1alpha1/any.go b/pkg/apis/policy/v1alpha1/any.go
@@ -1,8 +1,8 @@
 package v1alpha1
 
 import (
+	"github.com/kyverno/kyverno-json/pkg/core/compilers"
 	"github.com/kyverno/kyverno-json/pkg/core/projection"
-	hashutils "github.com/kyverno/kyverno-json/pkg/utils/hash"
 	"k8s.io/apimachinery/pkg/util/json"
 )
 
@@ -12,18 +12,16 @@ import (
 // +kubebuilder:validation:Type:=""
 type Any struct {
 	_value any
-	_hash  string
 }
 
 func NewAny(value any) Any {
 	return Any{
 		_value: value,
-		_hash:  hashutils.Hash(value),
 	}
 }
 
-func (t *Any) Compile(compiler func(string, any, string) (projection.ScalarHandler, error), defaultCompiler string) (projection.ScalarHandler, error) {
-	return compiler(t._hash, t._value, defaultCompiler)
+func (t *Any) Compile(compilers compilers.Compilers) (projection.ScalarHandler, error) {
+	return projection.ParseScalar(t._value, compilers)
 }
 
 func (a *Any) MarshalJSON() ([]byte, error) {
@@ -37,13 +35,11 @@ func (a *Any) UnmarshalJSON(data []byte) error {
 		return err
 	}
 	a._value = v
-	a._hash = hashutils.Hash(a._value)
 	return nil
 }
 
 func (in *Any) DeepCopyInto(out *Any) {
 	out._value = deepCopy(in._value)
-	out._hash = in._hash
 }
 
 func (in *Any) DeepCopy() *Any {

diff --git a/pkg/apis/policy/v1alpha1/assertion_tree.go b/pkg/apis/policy/v1alpha1/assertion_tree.go
@@ -2,7 +2,7 @@ package v1alpha1
 
 import (
 	"github.com/kyverno/kyverno-json/pkg/core/assertion"
-	hashutils "github.com/kyverno/kyverno-json/pkg/utils/hash"
+	"github.com/kyverno/kyverno-json/pkg/core/compilers"
 	"k8s.io/apimachinery/pkg/util/json"
 )
 
@@ -12,18 +12,16 @@ import (
 // AssertionTree represents an assertion tree.
 type AssertionTree struct {
 	_tree any
-	_hash string
 }
 
 func NewAssertionTree(value any) AssertionTree {
 	return AssertionTree{
 		_tree: value,
-		_hash: hashutils.Hash(value),
 	}
 }
 
-func (t *AssertionTree) Compile(compiler func(string, any, string) (assertion.Assertion, error), defaultCompiler string) (assertion.Assertion, error) {
-	return compiler(t._hash, t._tree, defaultCompiler)
+func (t *AssertionTree) Compile(compilers compilers.Compilers) (assertion.Assertion, error) {
+	return assertion.Parse(t._tree, compilers)
 }
 
 func (a *AssertionTree) MarshalJSON() ([]byte, error) {
@@ -37,11 +35,9 @@ func (a *AssertionTree) UnmarshalJSON(data []byte) error {
 		return err
 	}
 	a._tree = v
-	a._hash = hashutils.Hash(a._tree)
 	return nil
 }
 
 func (in *AssertionTree) DeepCopyInto(out *AssertionTree) {
 	out._tree = deepCopy(in._tree)
-	out._hash = in._hash
 }
diff --git a/pkg/apis/policy/v1alpha1/context_entry.go b/pkg/apis/policy/v1alpha1/context_entry.go
@@ -1,5 +1,7 @@
 package v1alpha1
 
+type Context []ContextEntry
+
 // ContextEntry adds variables and data sources to a rule context.
 type ContextEntry struct {
 	// Compiler defines the default compiler to use when evaluating expressions.

diff --git a/pkg/apis/policy/v1alpha1/validating_rule.go b/pkg/apis/policy/v1alpha1/validating_rule.go
@@ -12,7 +12,7 @@ type ValidatingRule struct {
 
 	// Context defines variables and data sources that can be used during rule execution.
 	// +optional
-	Context []ContextEntry `json:"context,omitempty"`
+	Context Context `json:"context,omitempty"`
 
 	// Match defines when this policy rule should be applied.
 	// +optional

diff --git a/pkg/apis/policy/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/policy/v1alpha1/zz_generated.deepcopy.go