chore: Get latest apiserver files

Made with ❤️️ by updatecli

Signed-off-by: José Guilherme Vanz <[email protected]>

third_party/k8s.io/apiserver/pkg/cel/errors.go

@@ -16,11 +16,46 @@ limitations under the License.
 
 package cel
 
+import (
+	"fmt"
+
+	"github.com/google/cel-go/cel"
+)
+
+// ErrInternal the basic error that occurs when the expression fails to evaluate
+// due to internal reasons. Any Error that has the Type of
+// ErrorInternal is considered equal to ErrInternal
+var ErrInternal = fmt.Errorf("internal")
+
+// ErrInvalid is the basic error that occurs when the expression fails to
+// evaluate but not due to internal reasons. Any Error that has the Type of
+// ErrorInvalid is considered equal to ErrInvalid.
+var ErrInvalid = fmt.Errorf("invalid")
+
+// ErrRequired is the basic error that occurs when the expression is required
+// but absent.
+// Any Error that has the Type of ErrorRequired is considered equal
+// to ErrRequired.
+var ErrRequired = fmt.Errorf("required")
+
+// ErrCompilation is the basic error that occurs when the expression fails to
+// compile. Any CompilationError wraps ErrCompilation.
+// ErrCompilation wraps ErrInvalid
+var ErrCompilation = fmt.Errorf("%w: compilation error", ErrInvalid)
+
+// ErrOutOfBudget is the basic error that occurs when the expression fails due to
+// exceeding budget.
+var ErrOutOfBudget = fmt.Errorf("out of budget")
+
 // Error is an implementation of the 'error' interface, which represents a
 // XValidation error.
 type Error struct {
 	Type   ErrorType
 	Detail string
+
+	// Cause is an optional wrapped errors that can be useful to
+	// programmatically retrieve detailed errors.
+	Cause error
 }
 
 var _ error = &Error{}
@@ -30,7 +65,24 @@ func (v *Error) Error() string {
 	return v.Detail
 }
 
-// ErrorType is a machine readable value providing more detail about why
+func (v *Error) Is(err error) bool {
+	switch v.Type {
+	case ErrorTypeRequired:
+		return err == ErrRequired
+	case ErrorTypeInvalid:
+		return err == ErrInvalid
+	case ErrorTypeInternal:
+		return err == ErrInternal
+	}
+	return false
+}
+
+// Unwrap returns the wrapped Cause.
+func (v *Error) Unwrap() error {
+	return v.Cause
+}
+
+// ErrorType is a machine-readable value providing more detail about why
 // a XValidation is invalid.
 type ErrorType string
 
@@ -45,3 +97,28 @@ const (
 	// to user input.  See InternalError().
 	ErrorTypeInternal ErrorType = "InternalError"
 )
+
+// CompilationError indicates an error during expression compilation.
+// It wraps ErrCompilation.
+type CompilationError struct {
+	err    *Error
+	Issues *cel.Issues
+}
+
+// NewCompilationError wraps a cel.Issues to indicate a compilation failure.
+func NewCompilationError(issues *cel.Issues) *CompilationError {
+	return &CompilationError{
+		Issues: issues,
+		err: &Error{
+			Type:   ErrorTypeInvalid,
+			Detail: fmt.Sprintf("compilation error: %s", issues),
+		}}
+}
+
+func (e *CompilationError) Error() string {
+	return e.err.Error()
+}
+
+func (e *CompilationError) Unwrap() []error {
+	return []error{e.err, ErrCompilation}
+}

third_party/k8s.io/apiserver/pkg/cel/escaping.go

@@ -0,0 +1,170 @@
+/*
+Copyright 2021 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package cel
+
+import (
+	"regexp"
+
+	"k8s.io/apimachinery/pkg/util/sets"
+)
+
+// celReservedSymbols is a list of RESERVED symbols defined in the CEL lexer.
+// No identifiers are allowed to collide with these symbols.
+// https://github.com/google/cel-spec/blob/master/doc/langdef.md#syntax
+var celReservedSymbols = sets.NewString(
+	"true", "false", "null", "in",
+	"as", "break", "const", "continue", "else",
+	"for", "function", "if", "import", "let",
+	"loop", "package", "namespace", "return", // !! 'namespace' is used heavily in Kubernetes
+	"var", "void", "while",
+)
+
+// expandMatcher matches the escape sequence, characters that are escaped, and characters that are unsupported
+var expandMatcher = regexp.MustCompile(`(__|[-./]|[^a-zA-Z0-9-./_])`)
+
+// newCharacterFilter returns a boolean array to indicate the allowed characters
+func newCharacterFilter(characters string) []bool {
+	maxChar := 0
+	for _, c := range characters {
+		if maxChar < int(c) {
+			maxChar = int(c)
+		}
+	}
+	filter := make([]bool, maxChar+1)
+
+	for _, c := range characters {
+		filter[int(c)] = true
+	}
+
+	return filter
+}
+
+type escapeCheck struct {
+	canSkipRegex     bool
+	invalidCharFound bool
+}
+
+// skipRegexCheck checks if escape would be skipped.
+// if invalidCharFound is true, it must have invalid character; if invalidCharFound is false, not sure if it has invalid character or not
+func skipRegexCheck(ident string) escapeCheck {
+	escapeCheck := escapeCheck{canSkipRegex: true, invalidCharFound: false}
+	// skip escape if possible
+	previous_underscore := false
+	for _, c := range ident {
+		if c == '/' || c == '-' || c == '.' {
+			escapeCheck.canSkipRegex = false
+			return escapeCheck
+		}
+		intc := int(c)
+		if intc < 0 || intc >= len(validCharacterFilter) || !validCharacterFilter[intc] {
+			escapeCheck.invalidCharFound = true
+			return escapeCheck
+		}
+		if c == '_' && previous_underscore {
+			escapeCheck.canSkipRegex = false
+			return escapeCheck
+		}
+
+		previous_underscore = c == '_'
+	}
+	return escapeCheck
+}
+
+// validCharacterFilter indicates the allowed characters.
+var validCharacterFilter = newCharacterFilter("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_")
+
+// Escape escapes ident and returns a CEL identifier (of the form '[a-zA-Z_][a-zA-Z0-9_]*'), or returns
+// false if the ident does not match the supported input format of `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*`.
+// Escaping Rules:
+//   - '__' escapes to '__underscores__'
+//   - '.' escapes to '__dot__'
+//   - '-' escapes to '__dash__'
+//   - '/' escapes to '__slash__'
+//   - Identifiers that exactly match a CEL RESERVED keyword escape to '__{keyword}__'. The keywords are: "true", "false",
+//     "null", "in", "as", "break", "const", "continue", "else", "for", "function", "if", "import", "let", loop", "package",
+//     "namespace", "return".
+func Escape(ident string) (string, bool) {
+	if len(ident) == 0 || ('0' <= ident[0] && ident[0] <= '9') {
+		return "", false
+	}
+	if celReservedSymbols.Has(ident) {
+		return "__" + ident + "__", true
+	}
+
+	escapeCheck := skipRegexCheck(ident)
+	if escapeCheck.invalidCharFound {
+		return "", false
+	}
+	if escapeCheck.canSkipRegex {
+		return ident, true
+	}
+
+	ok := true
+	ident = expandMatcher.ReplaceAllStringFunc(ident, func(s string) string {
+		switch s {
+		case "__":
+			return "__underscores__"
+		case ".":
+			return "__dot__"
+		case "-":
+			return "__dash__"
+		case "/":
+			return "__slash__"
+		default: // matched a unsupported supported
+			ok = false
+			return ""
+		}
+	})
+	if !ok {
+		return "", false
+	}
+	return ident, true
+}
+
+var unexpandMatcher = regexp.MustCompile(`(_{2}[^_]+_{2})`)
+
+// Unescape unescapes an CEL identifier containing the escape sequences described in Escape, or return false if the
+// string contains invalid escape sequences. The escaped input is expected to be a valid CEL identifier, but is
+// not checked.
+func Unescape(escaped string) (string, bool) {
+	ok := true
+	escaped = unexpandMatcher.ReplaceAllStringFunc(escaped, func(s string) string {
+		contents := s[2 : len(s)-2]
+		switch contents {
+		case "underscores":
+			return "__"
+		case "dot":
+			return "."
+		case "dash":
+			return "-"
+		case "slash":
+			return "/"
+		}
+		if celReservedSymbols.Has(contents) {
+			if len(s) != len(escaped) {
+				ok = false
+			}
+			return contents
+		}
+		ok = false
+		return ""
+	})
+	if !ok {
+		return "", false
+	}
+	return escaped, true
+}

third_party/k8s.io/apiserver/pkg/cel/limits.go

@@ -47,4 +47,6 @@ const (
 	MinBoolSize = 4
 	// MinNumberSize is the length of literal 0
 	MinNumberSize = 1
+
+	MaxNameFormatRegexSize = 128
 )

third_party/k8s.io/apiserver/pkg/cel/quantity.go

@@ -50,7 +50,7 @@ func (d Quantity) ConvertToNative(typeDesc reflect.Type) (interface{}, error) {
 
 func (d Quantity) ConvertToType(typeVal ref.Type) ref.Val {
 	switch typeVal {
-	case typeValue:
+	case quantityTypeValue:
 		return d
 	case types.TypeType:
 		return quantityTypeValue