Rename reserved prefix, document global constants

Signed-off-by: Max Smythe <[email protected]>

constraint/pkg/client/drivers/k8scel/schema/schema.go

@@ -17,7 +17,10 @@ import (
 const (
 	// Name is the name of the driver.
 	Name           = "K8sNativeValidation"
-	ReservedPrefix = "g8r_"
+	// ReservedPrefix signifies a prefix that no user-defined value (variable, matcher, etc.) is allowed to have.
+	// This gives us the ability to add new variables in the future without worrying about breaking pre-existing templates.
+	ReservedPrefix = "g8r_internal_"
+	// ParamsName is the VAP variable constraint parameters will be bound to.
 	ParamsName     = "params"
 )
 
@@ -27,7 +30,7 @@ var (
 )
 
 type Validation struct {
-	// A CEL expression. Maps to ValidationAdmissionPolicy's spec.validations
+	// A CEL expression. Maps to ValidationAdmissionPolicy's `spec.validations`.
 	Expression        string `json:"expression,omitempty"`
 	Message           string `json:"message,omitempty"`
 	MessageExpression string `json:"messageExpression,omitempty"`
@@ -39,22 +42,22 @@ type MatchCondition struct {
 }
 
 type Variable struct {
-	// A CEL variable definition. Maps to ValidationAdmissionPolicy's spec.variables
+	// A CEL variable definition. Maps to ValidationAdmissionPolicy's `spec.variables`.
 	Name       string `json:"name,omitempty"`
 	Expression string `json:"expression,omitempty"`
 }
 
 type Source struct {
-	// Validations maps to ValidatingAdmissionPolicy's spec.validations.
+	// Validations maps to ValidatingAdmissionPolicy's `spec.validations`.
 	Validations []Validation `json:"validations,omitempty"`
 
-	// FailurePolicy maps to ValidatingAdmissionPolicy's spec.failurePolicy
+	// FailurePolicy maps to ValidatingAdmissionPolicy's `spec.failurePolicy`.
 	FailurePolicy *string `json:"failurePolicy,omitempty"`
 
-	// MatchConditions maps to ValidatingAdmissionPolicy's spec.matchConditions
+	// MatchConditions maps to ValidatingAdmissionPolicy's `spec.matchConditions`.
 	MatchConditions []MatchCondition `json:"matchCondition,omitempty"`
 
-	// Variables maps to ValidatingAdmissionPolicy's spec.variables
+	// Variables maps to ValidatingAdmissionPolicy's `spec.variables`.
 	Variables []Variable `json:"variables,omitempty"`
 }
 

constraint/pkg/client/drivers/k8scel/schema/schema_test.go

@@ -58,7 +58,7 @@ func TestValidationErrors(t *testing.T) {
 				FailurePolicy: ptr.To[string]("Fail"),
 				MatchConditions: []MatchCondition{
 					{
-						Name:       "g8r_must_match_something",
+						Name:       "g8r_internal_must_match_something",
 						Expression: "true == true",
 					},
 				},
@@ -83,7 +83,7 @@ func TestValidationErrors(t *testing.T) {
 				},
 				Variables: []Variable{
 					{
-						Name:       "g8r_my_variable",
+						Name:       "g8r_internal_my_variable",
 						Expression: "true",
 					},
 				},

constraint/pkg/client/drivers/k8scel/transform/cel_snippets.go

@@ -72,7 +72,7 @@ const (
 
 func MatchExcludedNamespacesGlobV1Alpha1() admissionregistrationv1alpha1.MatchCondition {
 	return admissionregistrationv1alpha1.MatchCondition{
-		Name:       "g8r_match_excluded_namespaces",
+		Name:       "g8r_internal_match_excluded_namespaces",
 		Expression: matchExcludedNamespacesGlob,
 	}
 }
@@ -89,7 +89,7 @@ func MatchExcludedNamespacesGlobCEL() []cel.ExpressionAccessor {
 
 func MatchNamespacesGlobV1Alpha1() admissionregistrationv1alpha1.MatchCondition {
 	return admissionregistrationv1alpha1.MatchCondition{
-		Name:       "g8r_match_namespaces",
+		Name:       "g8r_internal_match_namespaces",
 		Expression: matchNamespacesGlob,
 	}
 }
@@ -106,7 +106,7 @@ func MatchNamespacesGlobCEL() []cel.ExpressionAccessor {
 
 func MatchNameGlobV1Alpha1() admissionregistrationv1alpha1.MatchCondition {
 	return admissionregistrationv1alpha1.MatchCondition{
-		Name:       "g8r_match_name",
+		Name:       "g8r_internal_match_name",
 		Expression: matchNameGlob,
 	}
 }
@@ -123,7 +123,7 @@ func MatchNameGlobCEL() []cel.ExpressionAccessor {
 
 func MatchKindsV1Alpha1() admissionregistrationv1alpha1.MatchCondition {
 	return admissionregistrationv1alpha1.MatchCondition{
-		Name:       "g8r_match_kinds",
+		Name:       "g8r_internal_match_kinds",
 		Expression: matchKinds,
 	}
 }

constraint/pkg/client/drivers/k8scel/transform/make_vap_objects_test.go

@@ -61,19 +61,19 @@ func TestTemplateToPolicyDefinition(t *testing.T) {
 							Expression: "true == true",
 						},
 						{
-							Name:       "g8r_match_excluded_namespaces",
+							Name:       "g8r_internal_match_excluded_namespaces",
 							Expression: matchExcludedNamespacesGlob,
 						},
 						{
-							Name:       "g8r_match_namespaces",
+							Name:       "g8r_internal_match_namespaces",
 							Expression: matchNamespacesGlob,
 						},
 						{
-							Name:       "g8r_match_name",
+							Name:       "g8r_internal_match_name",
 							Expression: matchNameGlob,
 						},
 						{
-							Name:       "g8r_match_kinds",
+							Name:       "g8r_internal_match_kinds",
 							Expression: matchKinds,
 						},
 					},
@@ -105,7 +105,7 @@ func TestTemplateToPolicyDefinition(t *testing.T) {
 				FailurePolicy: ptr.To[string]("Fail"),
 				MatchConditions: []schema.MatchCondition{
 					{
-						Name:       "g8r_match_something",
+						Name:       "g8r_internal_match_something",
 						Expression: "true == true",
 					},
 				},
@@ -138,7 +138,7 @@ func TestTemplateToPolicyDefinition(t *testing.T) {
 				},
 				Variables: []schema.Variable{
 					{
-						Name:       "g8r_my_variable",
+						Name:       "g8r_internal_my_variable",
 						Expression: "true",
 					},
 				},