diff --git a/pkg/apis/apiextensions/validation/validation.go b/pkg/apis/apiextensions/validation/validation.go index f841ca854..3df476c03 100644 --- a/pkg/apis/apiextensions/validation/validation.go +++ b/pkg/apis/apiextensions/validation/validation.go @@ -1182,7 +1182,7 @@ func ValidateCustomResourceDefinitionOpenAPISchema(schema *apiextensions.JSONSch } } } - if cr.TransitionRule { + if cr.UsesOldSelf { if uncorrelatablePath := ssv.forbidOldSelfValidations(); uncorrelatablePath != nil { allErrs.CELErrors = append(allErrs.CELErrors, field.Invalid(fldPath.Child("x-kubernetes-validations").Index(i).Child("rule"), schema.XValidations[i].Rule, fmt.Sprintf("oldSelf cannot be used on the uncorrelatable portion of the schema within %v", uncorrelatablePath))) } diff --git a/pkg/apiserver/schema/cel/compilation.go b/pkg/apiserver/schema/cel/compilation.go index 270c73c7f..da6494e53 100644 --- a/pkg/apiserver/schema/cel/compilation.go +++ b/pkg/apiserver/schema/cel/compilation.go @@ -48,9 +48,8 @@ const ( type CompilationResult struct { Program cel.Program Error *apiservercel.Error - // If true, the compiled expression contains a reference to the identifier "oldSelf", and its corresponding rule - // is implicitly a transition rule. - TransitionRule bool + // If true, the compiled expression contains a reference to the identifier "oldSelf". + UsesOldSelf bool // Represents the worst-case cost of the compiled expression in terms of CEL's cost units, as used by cel.EstimateCost. MaxCost uint64 // MaxCardinality represents the worse case number of times this validation rule could be invoked if contained under an @@ -190,7 +189,7 @@ func compileRule(s *schema.Structural, rule apiextensions.ValidationRule, envSet } for _, ref := range checkedExpr.ReferenceMap { if ref.Name == OldScopedVarName { - compilationResult.TransitionRule = true + compilationResult.UsesOldSelf = true break } } diff --git a/pkg/apiserver/schema/cel/compilation_test.go b/pkg/apiserver/schema/cel/compilation_test.go index 2d5621128..18df5a424 100644 --- a/pkg/apiserver/schema/cel/compilation_test.go +++ b/pkg/apiserver/schema/cel/compilation_test.go @@ -140,7 +140,7 @@ func transitionRule(t bool) validationMatcher { } func (v transitionRuleMatcher) matches(cr CompilationResult) bool { - return cr.TransitionRule == bool(v) + return cr.UsesOldSelf == bool(v) } func (v transitionRuleMatcher) String() string { diff --git a/pkg/apiserver/schema/cel/validation.go b/pkg/apiserver/schema/cel/validation.go index 14e48c4c7..968538e37 100644 --- a/pkg/apiserver/schema/cel/validation.go +++ b/pkg/apiserver/schema/cel/validation.go @@ -124,7 +124,7 @@ func validator(s *schema.Structural, isResourceRoot bool, declType *cel.DeclType if len(compiledRules) > 0 || err != nil || itemsValidator != nil || additionalPropertiesValidator != nil || len(propertiesValidators) > 0 { var activationFactory func(*schema.Structural, interface{}, interface{}) interpreter.Activation = validationActivationWithoutOldSelf for _, rule := range compiledRules { - if rule.TransitionRule { + if rule.UsesOldSelf { activationFactory = validationActivationWithOldSelf break } @@ -300,7 +300,7 @@ func (s *Validator) validateExpressions(ctx context.Context, fldPath *field.Path // rule is empty continue } - if compiled.TransitionRule && oldObj == nil { + if compiled.UsesOldSelf && oldObj == nil { // transition rules are evaluated only if there is a comparable existing value continue } @@ -344,7 +344,7 @@ func (s *Validator) validateExpressions(ctx context.Context, fldPath *field.Path } addErr := func(e *field.Error) { - if !compiled.TransitionRule && correlation.shouldRatchetError() { + if !compiled.UsesOldSelf && correlation.shouldRatchetError() { warning.AddWarning(ctx, "", e.Error()) } else { errs = append(errs, e)