feat(params): enabling paramKind and paramRef to the policy by jvanz · Pull Request #185 · kubewarden/cel-policy

jvanz · 2025-09-23T14:10:19Z

Description

Adds new policy settings to allow users to define policy parameters. To address that, now the policy has new settings fields that work in the same way that Kubernetes ValidatingAdmissionPolicy works.

Fix #161

Test

make test e2e-test

viccuad · 2025-09-25T15:16:42Z

Missing to review validate.go and validate_test.go, will get to it tomorrow.

viccuad

I think it would be valuable to put all the params new functions under validate/{params.go,params_test.go}.

viccuad · 2025-10-02T10:36:52Z

        expression: "object.spec.replicas"
    validations:
-      - expression: "variables.replicas <= 5"
+      - expression: "variables.replicas <= params.data.maxreplicas"


I would include also the definition for the ConfigMap in this same YAML block to tie everything together. That way people don't need to know about VAPs.

Sorry, I did not understand the request. Do you want to add a comment with an example of the params ConfigMap resource in the yaml block?

Yes, that was the idea.

I did that for kubewarden/docs#683 on the docs. I'm conflicted, as it just grows the example. What do you think about it?

I think we can added. It's small number of line and give a better understanding of what's going on.

flavio

LGTM, I left some minor comments

jvanz · 2025-10-02T17:38:38Z

@viccuad @flavio , can you review again?

@viccuad let me know if you think that the documentation I wrote explaining the e2e test behavior is enough.

viccuad

LGTM! 🚀

Reminder, we still need some changes to docs.kubewarden.io. Edit: opened kubewarden/docs#683.

Adds new policy settings to allow users to define policy parameters. To address that, now the policy has new settings fields that work in the same way that Kubernetes ValidatingAdmissionPolicy works. Signed-off-by: José Guilherme Vanz <[email protected]>

Update linter version and fixes all the errors pointed by it. Signed-off-by: José Guilherme Vanz <[email protected]>

Moves the functions used to manipulate and fetch parameters to a dedicated file. And, refactor the evaluation functions to remove duplicate code to that iterate and run evaluations. Also fixes some review comments. Signed-off-by: José Guilherme Vanz <[email protected]>

Updates the e2e tests target to generate the metadata.yml file used to annonate the policy used in the e2e test run. Document this behaivour on CONTRIBUTING.md. Signed-off-by: José Guilherme Vanz <[email protected]>

Updates the evaluateValidation signature to return (ValidationResponse,error). Furthermore, fix a type and move more specific function down in the files. Signed-off-by: José Guilherme Vanz <[email protected]>

Updates the README example adding a ConfigMap definition to be used as resource parameter. Signed-off-by: José Guilherme Vanz <[email protected]>

jvanz self-assigned this Sep 23, 2025

github-actions bot added the kind/feature label Sep 23, 2025

jvanz force-pushed the params branch from 49177e4 to d916a38 Compare September 23, 2025 16:33

jvanz marked this pull request as ready for review September 23, 2025 16:35

jvanz requested a review from a team as a code owner September 23, 2025 16:35

viccuad reviewed Sep 25, 2025

View reviewed changes

Comment thread internal/settings/settings.go Outdated

viccuad reviewed Sep 25, 2025

View reviewed changes

Comment thread internal/settings/settings_test.go Outdated

viccuad reviewed Sep 25, 2025

View reviewed changes

Comment thread internal/validate/namespace_object.go

viccuad reviewed Sep 25, 2025

View reviewed changes

Comment thread README.md

viccuad reviewed Sep 25, 2025

View reviewed changes

Comment thread README.md