JSONPatch1.2.1
- Known subtypes in package:
- Known usages in package:
- All versions:
Properties
-
expand_morelink
expression will be evaluated by CEL to create a
JSON patch(https://jsonpatch.com/).ref: https://github.com/google/cel-spec
expression must return an array of JSONPatch values.
For example, this CEL expression returns a JSON patch to conditionally modify a value:
[ JSONPatch{op: "test", path: "/spec/example", value: "Red"}, JSONPatch{op: "replace", path: "/spec/example", value: "Green"} ]To define an object for the patch value, use Object types. For example:
[ JSONPatch{ op: "add", path: "/spec/selector", value: Object.spec.selector{matchLabels: {"environment": "test"}} } ]To use strings containing '/' and '~' as JSONPatch path keys, use "jsonpatch.escapeKey". For example:
[ JSONPatch{ op: "add", path: "/metadata/labels/" + jsonpatch.escapeKey("example.com/environment"), value: "test" }, ]CEL expressions have access to the types needed to create JSON patches and objects:
- 'JSONPatch' - CEL type of JSON Patch operations.
JSONPatch has the fields 'op', 'from', 'path' and 'value'.
See
JSON patch(https://jsonpatch.com/) for more details. The 'value' field may be set to any of: string, integer, array, map or object. If set, the 'path' and 'from' fields must be set to aJSON pointer(https://datatracker.ietf.org/doc/html/rfc6901/) string, where the 'jsonpatch.escapeKey()' CEL function may be used to escape path keys containing '/' and '~'. - 'Object' - CEL type of the resource object.
- 'Object.
' - CEL type of object field (such as 'Object.spec') - 'Object. . ... ` - CEL type of nested field (such as 'Object.spec.containers')
CEL expressions have access to the contents of the API request, organized into CEL variables as well as some other useful variables:
- 'object' - The object from the incoming request. The value is null for DELETE requests.
- 'oldObject' - The existing object. The value is null for CREATE requests.
- 'request' - Attributes of the API request(ref).
- 'params' - Parameter resource referred to by the policy binding being evaluated. Only populated if the policy has a ParamKind.
- 'namespaceObject' - The namespace object that the incoming object belongs to. The value is null for cluster-scoped resources.
- 'variables' - Map of composited variables, from its name to its lazily evaluated value. For example, a variable named 'foo' can be accessed as 'variables.foo'.
- 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request. See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz
- 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the request resource.
CEL expressions have access to
Kubernetes CEL function libraries(https://kubernetes.io/docs/reference/using-api/cel/#cel-options-language-features-and-libraries) as well as:- 'jsonpatch.escapeKey' - Performs JSONPatch key escaping. '~' and '/' are escaped as '~0' and `~1' respectively).
Only property names of the form
[a-zA-Z_.-/][a-zA-Z0-9_.-/]*are accessible. Required. - 'JSONPatch' - CEL type of JSON Patch operations.
JSONPatch has the fields 'op', 'from', 'path' and 'value'.
See
JSONPatch defines a JSON Patch.