Merge pull request #4 from compspec/add-unmarshall-spec

fix: unmarshall spec customization

Author: vsoch

cmd/ocifit/main.go

@@ -52,7 +52,11 @@ type JSONPatch struct {
 
 // admit allows the request without modification
 func admit(ar *admissionv1.AdmissionReview) *admissionv1.AdmissionResponse {
-	log.Printf("Allowing pod %s/%s without mutation", ar.Request.Namespace, ar.Request.Name)
+	if ar.Request.Name != "" {
+		log.Printf("Allowing pod %s/%s: %s", ar.Request.Namespace, ar.Request.Name)
+	} else {
+		log.Printf("Allowing pod in namespace %s without mutation", ar.Request.Namespace)
+	}
 	return &admissionv1.AdmissionResponse{
 		Allowed: true,
 		UID:     ar.Request.UID,
@@ -61,7 +65,13 @@ func admit(ar *admissionv1.AdmissionReview) *admissionv1.AdmissionResponse {
 
 // deny rejects the request with a message
 func deny(ar *admissionv1.AdmissionReview, message string) *admissionv1.AdmissionResponse {
-	log.Printf("Denying pod %s/%s: %s", ar.Request.Namespace, ar.Request.Name, message)
+
+	// Most pods don't have a name yet
+	if ar.Request.Name != "" {
+		log.Printf("Denying pod %s/%s: %s", ar.Request.Namespace, ar.Request.Name, message)
+	} else {
+		log.Printf("Denying pod in namespace %s: %s", ar.Request.Namespace, message)
+	}
 	return &admissionv1.AdmissionResponse{
 		Allowed: false,
 		UID:     ar.Request.UID,

example/ebpf-compatibility-spec.json

@@ -0,0 +1,85 @@
+{
+    "version": "v1alpha1",
+    "compatibilities": [
+        {
+            "tag": "ghcr.io/converged-computing/kernel-header-installer:ubuntu2204",
+            "description": "Compatibility for eBPF installer intended for Ubuntu 22.04 LTS nodes with kernel 6.1 or newer.",
+            "rules": [
+                {
+                    "matchFeatures": [
+                        {
+                            "matchExpressions": [
+                                {
+                                    "op": "In",
+                                    "key": "feature.node.kubernetes.io/system-os_release.ID",
+                                    "value": [
+                                        "ubuntu"
+                                    ]
+                                },
+                                {
+                                    "op": "In",
+                                    "key": "feature.node.kubernetes.io/system-os_release.VERSION_ID",
+                                    "value": [
+                                        "22.04"
+                                    ]
+                                },
+                                {
+                                    "op": "In",
+                                    "key": "feature.node.kubernetes.io/kernel-version.major",
+                                    "value": [
+                                        "6"
+                                    ]
+                                },
+                                {
+                                    "op": "Gte",
+                                    "key": "feature.node.kubernetes.io/kernel-version.minor",
+                                    "value": "1"
+                                }
+                            ]
+                        }
+                    ]
+                }
+            ]
+        },
+        {
+            "tag": "ghcr.io/converged-computing/kernel-header-installer:fedora43",
+            "description": "Compatibility for eBPF installer intended for Amazon Linux 2023 nodes with kernel 6.1 or newer.",
+            "rules": [
+                {
+                    "matchFeatures": [
+                        {
+                            "matchExpressions": [
+                                {
+                                    "op": "In",
+                                    "key": "feature.node.kubernetes.io/system-os_release.ID",
+                                    "value": [
+                                        "amzn"
+                                    ]
+                                },
+                                {
+                                    "op": "In",
+                                    "key": "feature.node.kubernetes.io/system-os_release.VERSION_ID",
+                                    "value": [
+                                        "2023"
+                                    ]
+                                },
+                                {
+                                    "op": "In",
+                                    "key": "feature.node.kubernetes.io/kernel-version.major",
+                                    "value": [
+                                        "6"
+                                    ]
+                                },
+                                {
+                                    "op": "Gte",
+                                    "key": "feature.node.kubernetes.io/kernel-version.minor",
+                                    "value": "1"
+                                }
+                            ]
+                        }
+                    ]
+                }
+            ]
+        }
+    ]
+}

pkg/types/types.go

@@ -25,8 +25,10 @@ const (
 	MatchOpInRegexp     MatchOp = "InRegexp"
 	MatchOpExists       MatchOp = "Exists"
 	MatchOpDoesNotExist MatchOp = "DoesNotExist"
-	MatchOpGt           MatchOp = "Gt" // Greater than
-	MatchOpLt           MatchOp = "Lt" // Less than
+	MatchOpGt           MatchOp = "Gt"  // Greater than
+	MatchOpLt           MatchOp = "Lt"  // Less than
+	MatchOpGte          MatchOp = "Gte" // Greater than or equal to
+	MatchOpLte          MatchOp = "Lte" // Less than or equal to
 )
 
 // MatchExpression specifies a requirement for matching features.

pkg/types/unmarshal.go

@@ -0,0 +1,51 @@
+package types
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// UnmarshalJSON implements a custom unmarshaler for MatchExpression to handle value
+func (m *MatchExpression) UnmarshalJSON(data []byte) error {
+	// 1. Define an alias type to avoid an infinite recursion loop.
+	//    If we called json.Unmarshal on MatchExpression inside this method,
+	//    it would call this method again (stack overflow).
+	type alias MatchExpression
+
+	// 2. Create a temporary struct to unmarshal into. value needs to be raw
+	temp := &struct {
+		Value json.RawMessage `json:"value"`
+		*alias
+	}{
+		// 3. Point the alias to the current MatchExpression instance ('m')
+		//    so that Op and Key are populated directly into it.
+		alias: (*alias)(m),
+	}
+
+	// 4. Unmarshal the data into our temporary struct.
+	if err := json.Unmarshal(data, &temp); err != nil {
+		return fmt.Errorf("failed to unmarshal match expression: %w", err)
+	}
+
+	// 5. Now, inspect the raw JSON for the 'value' field.
+	if len(temp.Value) > 0 {
+		// If the first character is '[', it's a JSON array.
+		if temp.Value[0] == '[' {
+			// Unmarshal it as a normal slice of strings.
+			if err := json.Unmarshal(temp.Value, &m.Value); err != nil {
+				return fmt.Errorf("failed to unmarshal 'value' as array: %w", err)
+			}
+		} else {
+			// Otherwise, assume it's a single JSON string.
+			var strValue string
+			if err := json.Unmarshal(temp.Value, &strValue); err != nil {
+				return fmt.Errorf("failed to unmarshal 'value' as string: %w", err)
+			}
+			// **This is the key step:** We normalize the single string
+			// into a slice containing just that string.
+			m.Value = []string{strValue}
+		}
+	}
+
+	return nil
+}

pkg/validator/rule.go

@@ -1,7 +1,6 @@
 package validator
 
 import (
-	"fmt"
 	"log"
 	"regexp"
 	"strconv"
@@ -11,7 +10,6 @@ import (
 
 func evaluateRule(expression types.MatchExpression, nodeLabels map[string]string) bool {
 	// Get the value of the label from the node
-	fmt.Printf("Checking expression %s against node labels %s", expression, nodeLabels)
 	nodeVal, ok := nodeLabels[expression.Key]
 
 	switch expression.Op {
@@ -66,7 +64,7 @@ func evaluateRule(expression types.MatchExpression, nodeLabels map[string]string
 			if err != nil {
 				// A malformed regex in the spec is a spec error, not a node error.
 				// Log it and treat it as a non-match for this pattern.
-				log.Printf("WARN: Invalid regexp in compatibility spec: '%s'. Error: %v", pattern, err)
+				log.Printf("WARN: Invalid regexp in compatibility spec: '%s'. Error: %v\n", pattern, err)
 				continue
 			}
 			// Found a regex match.
@@ -77,7 +75,7 @@ func evaluateRule(expression types.MatchExpression, nodeLabels map[string]string
 		// No patterns matched.
 		return false
 
-	case types.MatchOpGt, types.MatchOpLt:
+	case types.MatchOpGt, types.MatchOpLt, types.MatchOpGte, types.MatchOpLte:
 		// Rule matches if the key exists AND its integer value is > or < the spec's value.
 		if !ok {
 
@@ -93,22 +91,28 @@ func evaluateRule(expression types.MatchExpression, nodeLabels map[string]string
 		// Convert node value to an integer.
 		nodeInt, err := strconv.Atoi(nodeVal)
 		if err != nil {
-			log.Printf("WARN: Could not convert node label value '%s' to int for Gt/Lt comparison. Key: %s", nodeVal, expression.Key)
+			log.Printf("WARN: Could not convert node label value '%s' to int for Gt/Lt/Gte/Lte comparison. Key: %s", nodeVal, expression.Key)
 			return false
 		}
 
 		// Convert spec value to an integer.
 		specInt, err := strconv.Atoi(specValStr)
 		if err != nil {
-			log.Printf("WARN: Could not convert spec value '%s' to int for Gt/Lt comparison. Key: %s", specValStr, expression.Key)
+			log.Printf("WARN: Could not convert spec value '%s' to int for Gt/Lt/Gte/Lte comparison. Key: %s", specValStr, expression.Key)
 			return false
 		}
 
 		// Perform the correct comparison.
+		if expression.Op == types.MatchOpGte {
+			return nodeInt >= specInt
+		}
 		if expression.Op == types.MatchOpGt {
 			return nodeInt > specInt
 		}
-		// If not Gt, it must be Lt.
+		if expression.Op == types.MatchOpLte {
+			return nodeInt <= specInt
+		}
+		// Last comparison, Lte
 		return nodeInt < specInt
 
 	default:

pkg/validator/validator.go

@@ -7,6 +7,19 @@ import (
 	"ghcr.io/compspec/ocifit-k8s/pkg/types"
 )
 
+// Make it pretty :)
+var (
+	Reset   = "\033[0m"
+	Red     = "\033[31m"
+	Green   = "\033[32m"
+	Yellow  = "\033[33m"
+	Blue    = "\033[34m"
+	Magenta = "\033[35m"
+	Cyan    = "\033[36m"
+	Gray    = "\033[37m"
+	White   = "\033[97m"
+)
+
 // evaluateCompatibilitySpec finds the best matching compatibility set from the spec
 // by evaluating its rules against the node's labels.
 func EvaluateCompatibilitySpec(spec *types.CompatibilitySpec, nodeLabels map[string]string) (string, error) {
@@ -16,6 +29,7 @@ func EvaluateCompatibilitySpec(spec *types.CompatibilitySpec, nodeLabels map[str
 	// Loop through each top-level Compatibility set in the spec.
 	for i, comp := range spec.Compatibilities {
 		allRulesMatch := true
+		log.Printf("Assessing compatibility of %s", comp.Tag)
 
 		// Each Compatibility set can have multiple GroupRules
 		// All GroupRules must match for the set to be considered a match (AND logic).
@@ -33,16 +47,19 @@ func EvaluateCompatibilitySpec(spec *types.CompatibilitySpec, nodeLabels map[str
 				for _, expression := range featureMatcher.MatchExpressions {
 					if !evaluateRule(expression, nodeLabels) {
 						// As soon as one expression fails, the entire Compatibility set is invalid.
+						log.Printf(Red+"  FAILED %s"+Reset, expression)
 						allRulesMatch = false
 						break
+					} else {
+						log.Printf(Green+"  PASSED %s"+Reset, expression)
 					}
 				}
 			}
 		}
 
 		// If after checking all the rules for this set, allRulesMatch is still true...
 		if allRulesMatch {
-			log.Printf("Found a matching compatibility set: '%s' (weight %d)", comp.Tag, comp.Weight)
+			log.Printf("⭐ Found a matching compatibility set: '%s' (weight %d)\n", comp.Tag, comp.Weight)
 
 			// Check if this match is better (has a higher weight) than any previous match we found.
 			if comp.Weight > maxWeight {
@@ -59,6 +76,6 @@ func EvaluateCompatibilitySpec(spec *types.CompatibilitySpec, nodeLabels map[str
 		return "", fmt.Errorf("no matching compatibility rule found for the given node labels")
 	}
 
-	log.Printf("Selected best match: '%s' with highest weight %d", bestMatch.Tag, bestMatch.Weight)
+	log.Printf("Selected best match: '%s' with highest weight %d\n", bestMatch.Tag, bestMatch.Weight)
 	return bestMatch.Tag, nil
 }