refactor compilatoin for real types

staging/src/k8s.io/apiserver/pkg/admission/plugin/policy/mutating/compilation.go

@@ -41,13 +41,17 @@ import (
 // any error is stored and delayed until invocation.
 func compilePolicy(policy *Policy) PolicyEvaluator {
 	// removal not yet supported
-	e := &evaluator{policy: policy}
-	e.compiledEvaluator, e.err = e.compile(plugincel.OptionalVariableDeclarations{HasParams: e.hasParams()})
-	return e.Invoke
+	var res []MutationEvaluationFunc
+	for _, m := range policy.Spec.Mutations {
+		e := &evaluator{mutation: &m}
+		e.compiledEvaluator, e.err = e.compile(plugincel.OptionalVariableDeclarations{HasParams: policy.Spec.ParamKind != nil})
+		res = append(res, e.Invoke)
+	}
+	return res
 }
 
 type evaluator struct {
-	policy *Policy
+	mutation *PolicyMutation
 
 	compiledEvaluator *compiledEvaluator
 	// err holds the error during the creation of compiledEvaluator
@@ -58,10 +62,6 @@ type compiledEvaluator struct {
 	programs []cel.Program
 }
 
-func (e *evaluator) hasParams() bool {
-	return e.policy.Spec.ParamKind != nil
-}
-
 func (e *evaluator) compile(vars plugincel.OptionalVariableDeclarations) (*compiledEvaluator, error) {
 	envSet, err := createEnvSet(vars)
 	if err != nil {
@@ -72,20 +72,19 @@ func (e *evaluator) compile(vars plugincel.OptionalVariableDeclarations) (*compi
 		return nil, err
 	}
 	var programs []cel.Program
-	for _, m := range e.policy.Spec.Mutations {
-		if m.PatchType != "Apply" {
-			return nil, fmt.Errorf("unsupported mutation type %q", m.PatchType)
-		}
-		ast, issues := env.Compile(m.Expression)
-		if issues != nil {
-			return nil, fmt.Errorf("cannot compile CEL expression: %v", issues)
-		}
-		program, err := env.Program(ast)
-		if err != nil {
-			return nil, fmt.Errorf("cannot initiate program: %w", err)
-		}
-		programs = append(programs, program)
+	// if m.PatchType != "Apply" {
+	// 	return nil, fmt.Errorf("unsupported mutation type %q", m.PatchType)
+	// }
+	ast, issues := env.Compile(e.mutation.Expression)
+	if issues != nil {
+		return nil, fmt.Errorf("cannot compile CEL expression: %v", issues)
 	}
+	program, err := env.Program(ast)
+	if err != nil {
+		return nil, fmt.Errorf("cannot initiate program: %w", err)
+	}
+	programs = append(programs, program)
+
 	return &compiledEvaluator{
 		programs: programs,
 	}, nil

staging/src/k8s.io/apiserver/pkg/admission/plugin/policy/mutating/compilation_test.go

@@ -21,6 +21,7 @@ import (
 	"reflect"
 	"testing"
 
+	"k8s.io/api/admissionregistration/v1alpha1"
 	appsv1 "k8s.io/api/apps/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	plugincel "k8s.io/apiserver/pkg/admission/plugin/cel"
@@ -42,9 +43,8 @@ func TestCompilation(t *testing.T) {
 		{
 			name: "refer to object",
 			policy: &Policy{
-				Spec: MutatingAdmissionPolicySpec{Mutations: []Mutation{
+				Spec: v1alpha1.MutatingAdmissionPolicySpec{Mutations: []v1alpha1.Mutation{
 					{
-						PatchType: "Apply",
 						Expression: `Object{
 							spec: Object.spec{
 								replicas: object.spec.replicas % 2 == 0?object.spec.replicas + 1:object.spec.replicas
@@ -63,9 +63,8 @@ func TestCompilation(t *testing.T) {
 		{
 			name: "refer to oldObject",
 			policy: &Policy{
-				Spec: MutatingAdmissionPolicySpec{Mutations: []Mutation{
+				Spec: v1alpha1.MutatingAdmissionPolicySpec{Mutations: []v1alpha1.Mutation{
 					{
-						PatchType: "Apply",
 						Expression: `Object{
 							spec: Object.spec{
 								replicas: oldObject.spec.replicas % 2 == 0?oldObject.spec.replicas + 1:oldObject.spec.replicas
@@ -84,8 +83,8 @@ func TestCompilation(t *testing.T) {
 		},
 	} {
 		t.Run(tc.name, func(t *testing.T) {
-			e := &evaluator{policy: tc.policy}
-			c, err := e.compile(plugincel.OptionalVariableDeclarations{HasParams: e.hasParams()})
+			e := &evaluator{mutation: &tc.policy.Spec.Mutations[0]}
+			c, err := e.compile(plugincel.OptionalVariableDeclarations{HasParams: tc.policy.Spec.ParamKind != nil})
 			if err != nil {
 				if tc.expectedErr == "" {
 					t.Fatalf("unexpected error: %v", err)