Implement kro CEL library for maps

[gfrey]

Only function right now is merge. Potentially there are more. This implementation is inspired by the CEL lists extension.

[jakobmoellerdev]

Generally nice feature but we need to probably define a boundary of what to include and what not to include. im certain at some point people will ask for kubernetes CEL function as well! (https://github.com/kubernetes/kubernetes/tree/master/staging/src/k8s.io/apiserver/pkg/cel/library)

[a-hilaly]

@jakobmoellerdev i think that's a great point for our next community meeting conversaiton. My mental model is that we'll need both kubernetes upstream CEL env combined with some KRO specific CEL functions

[gfrey]

@a-hilaly this lint error is weird. merge is implementing a function type for the cel.Function, so the "(error) is always nil (unparam)" problem is not something I think I can/want to change.
I'm a noob to GH actions, but the golangci-lint action seems to use v6 whilst v8 would be latest. Maybe that resolves the problem?

[a-hilaly]

Thanks a lot @gfrey ! left a few comments inline

[a-hilaly]

Keys from the first map take precedence over keys in the second map. - is this a common behaviour? i have the impression that most languages/libraries do the opposite - where the second map's values overwrite the first one. i.e in python

a = {'x':1}
b= {'x':2}
print(**a, **b) # prints {'x':2}

[gfrey]

Yes, I was thinking the same, when picking this up again a few weeks back. It was motivated by the implementation, which it shouldn't be (cel map implementation doesn't seem to allow to replace values). I can fix that easily.

[a-hilaly]

does this mean that .merges won't work with map(string, string) types?

[gfrey]

No, it takes string keys, but values can be anything. I'll change int to any, unless you have a better idea.

[a-hilaly]

shall we edit the library in name for random to match this one and similar patterns in cel-go? https://github.com/kro-run/kro/blob/main/pkg/cel/library/random.go#L53-L55 - https://github.com/google/cel-go/blob/master/ext/lists.go

[gfrey]

I've just matched the patterns ;). So, I think changing random would make sense from that perspective.

[jakobmoellerdev]

+1 for both of these. Let's change up the random lib name in a separate mini PR. Shouldnt block anything here though since its mostly for conflict resolution

[barney-s]

Wondering if we need to rename the folder from library to ext ?
Even a separate repo under kro-run ?

[a-hilaly]

Suggested change

	mapType := cel.MapType(cel.TypeParamType("K"), cel.DynType)
	// mapDynType := cel.MapType(cel.DynType, cel.DynType)
	mapType := cel.MapType(cel.TypeParamType("K"), cel.TypeParamType("V")

I'm wondering if we should restrict this function to only act on maps of similar types? Like map[string]int only merging with map[string]int. Users could leverage macros to transform map types if needed. My highlevel toughts here is that i'd rather restrict this now and relax it later, than try to make a generic function and hit tricky type situations.

[gfrey]

It gets worse. It allows memory to grow, which undermines some of the core CEL assumptions, if I understand that correctly.
Despite all of this, my motivation is to get from a list of strings (say a list of availability zones to a list of subnet configurations that I can use for setting up a VPC. This would require this feature, but also the ability to merge maps of arbitrary types (not sure the suggested cel.TypeParamType("V") would allow for that).
Upon reflecting on that for some more, I agree. Let's start simple and extend if necessary. We know it is possible, but not need to go there immediately. I'll try to build it with pinned types.

[a-hilaly]

i wonder if the !ok checks are redundant here - doesn't CEL already validate argument types?

PS: I see what we're doing in https://github.com/kro-run/kro/blob/main/pkg/cel/library/random.go#L53-L55 and i wonder if we should fix that too :)

[gfrey]

I think you're right, at least in the test added, the error is found prior to any execution in the env.Check call.

[a-hilaly]

golangcilint is complaining here because merge never returns a non-nil error (which makes it a redundant parameter)

[gfrey]

D'oh, my bad. Removed the unused error return value.

[a-hilaly]

Thanks @gfrey , left two tiny comments below :)

[a-hilaly]

nit: missing license header

[jakobmoellerdev]

@a-hilaly we should maybe write a linter for new files to avoid this. WDYT?

[a-hilaly]

I thought we had one! :) go generate should get that done. cc @tomasaschan

[barney-s]

#640

[a-hilaly]

ditto

[a-hilaly]

i'm thinking, wouldn't something like this just work?

    // populate with self map
    for it := self.Iterator(); it.HasNext() == types.True; {
        k := it.Next()
        result.Insert(k, self.Get(k))
    }
    
    // overwrides with other map
    for it := other.Iterator(); it.HasNext() == types.True; {
        k := it.Next()
        result.Insert(k, other.Get(k))
    }

[gfrey]

this works in general (flip order so that other is written first, then fill in whatever keys aren't there from self); have picked suggestions from @jakobmoellerdev

[a-hilaly]

Cc @jakobmoellerdev

[jakobmoellerdev]

This looks great: Ive mostly had style remarks with this, logically its sound. Unsure if we want dyn type support in this lib

[jakobmoellerdev]

@a-hilaly we should maybe write a linter for new files to avoid this. WDYT?

[jakobmoellerdev]

+1 for both of these. Let's change up the random lib name in a separate mini PR. Shouldnt block anything here though since its mostly for conflict resolution

[jakobmoellerdev]

nit: expose this function separately instead of inlining, and then unit test this function as such instead of having to go through the environment

[jakobmoellerdev]

nit: this looks very complex (similar to https://github.com/kro-run/kro/pull/628/files#r2283120971 comment I looked into this a bit). why not go for something like this:

func mergeVals(lhs, rhs ref.Val) ref.Val {
	left, lok := lhs.(traits.Mapper)
	right, rok := rhs.(traits.Mapper)
	if !lok || !rok {
		return types.ValOrErr(lhs, "no such overload: %v.merge(%v)", lhs.Type(), rhs.Type())
	}
	return merge(left, right)
}

// merge returns a new map containing entries from both maps.
// Keys in 'other' overwrite keys in 'self'.
func merge(self, other traits.Mapper) traits.Mapper {
	result := mapperTraitToMutableMapper(other)
	for i := self.Iterator(); i.HasNext().(types.Bool); {
		k := i.Next()
		if !result.Contains(k).(types.Bool) {
			result.Insert(k, self.Get(k))
		}
	}
	return result.ToImmutableMap()
}

// mapperTraitToMutableMapper copies a traits.Mapper into a MutableMap.
func mapperTraitToMutableMapper(m traits.Mapper) traits.MutableMapper {
	vals := make(map[ref.Val]ref.Val, m.Size().(types.Int))
	for it := m.Iterator(); it.HasNext().(types.Bool); {
		k := it.Next()
		vals[k] = m.Get(k)
	}
	return types.NewMutableMap(types.DefaultTypeAdapter, vals)
}

Then you can call

cel.Function("merge",
			cel.MemberOverload("map_merge",
				[]*cel.Type{mapType, mapType},
				mapType,
				cel.BinaryBinding(mergeVals),
			),
		)

[jakobmoellerdev]

nit: using testify can make your life a lot easier here probably (we already use it in other tests in this package):

package library

import (
	"fmt"
	"testing"

	"github.com/google/cel-go/cel"
	"github.com/stretchr/testify/require"
)

func TestMaps(t *testing.T) {
	tests := []struct {
		expr string
		err  require.ErrorAssertionFunc
	}{
		{expr: `{}.merge({}) == {}`},
		{expr: `{}.merge({'a': 1}) == {'a': 1}`},
		{expr: `{}.merge({'a': 2.1}) == {'a': 2.1}`},
		{expr: `{}.merge({'a': 'foo'}) == {'a': 'foo'}`},
		{expr: `{'a': 1}.merge({}) == {'a': 1}`},
		{expr: `{'a': 1}.merge({'b': 2}) == {'a': 1, 'b': 2}`},
		{expr: `{'a': 1}.merge({'a': 2, 'b': 2}) == {'a': 2, 'b': 2}`},
		{expr: `{}.merge([])`, err: func(t require.TestingT, err error, i ...interface{}) {
			require.ErrorContains(t, err, "ERROR: <input>:1:9: found no matching overload for 'merge' applied to 'map(dyn, dyn).(list(dyn))'")
		}},
	}

	env := testMapsEnv(t)
	for i, tc := range tests {
		t.Run(fmt.Sprintf("%d", i), func(t *testing.T) {
			r := require.New(t)
			ast, iss := env.Compile(tc.expr)
			if tc.err != nil {
				tc.err(t, iss.Err())
				return
			}
			r.NoError(iss.Err(), "compile failed for expr: %s", tc.expr)

			prg, err := env.Program(ast)
			r.NoError(err, "program failed for expr: %s", tc.expr)

			out, _, err := prg.Eval(cel.NoVars())
			if tc.err != nil {
				r.Error(err, "expected error for expr: %s", tc.expr)
				r.Contains(err.Error(), tc.err)
			} else {
				r.NoError(err, "unexpected error for expr: %s", tc.expr)
				r.IsType(cel.BoolType, out.Type(), "unexpected type for expr: %s", tc.expr)
				r.True(out.Value().(bool), "unexpected result for expr: %s", tc.expr)
			}
		})
	}
}

func testMapsEnv(t *testing.T, opts ...cel.EnvOption) *cel.Env {
	t.Helper()
	env, err := cel.NewEnv(append([]cel.EnvOption{Maps()}, opts...)...)
	require.NoError(t, err, "cel.NewEnv(Maps()) failed")
	return env
}

[gfrey]

Haha, I had started converting the tests to using testify (back when I originally wrote this code, I didn't see that testify was available). Thanks, learnt a few tricks from this (r := require.New(t) f.ex. and usage of ErrorAssertionFunc)

[jakobmoellerdev]

nit: do we want dynamic support in here? If so, either uncomment the test, add todo for the comment if outstanding, or remove the comments

[a-hilaly]

Thank you @gfrey !

[matthchr]

Before we merge this it might be good to check with the cel-go maintainers if they'd just accept this upstream as an ext/maps.go extension.

It doesn't really seem kro specific and I'd rather we:

1. Depend on shared logic rather than roll our own as much as possible.
2. Share these sorts of "generally useful CEL helpers" with upstream

If making that happen is going to be difficult or take a lot of time we can just merge here and upstream later, but it feels like we should check first.

[a-hilaly]

pinged Joe on upstream slack, let's see what cel-go folks think.

[barney-s]

Reached out to CEL team internally this week. They seem to be open. They were expressing concerns about merge semantics (overwrite, replace, combine etc) especially when the values are lists. Will keep working with them and get something part of standard extensions. Meanwhile we can merge this here in KRO or K8s (Joe Betz).

My recommendation would be to indicate experimental in the library name or alpha ?
"cel.lib.ext.kro.maps" -> "cel.lib.ext.kro.experimental.maps" ?

[barney-s]

Is this common to version it to MAX_INT ?

[barney-s]

is there a way to indicate this is still experimental/alpha.

cel.lib.ext.experimental.maps ?
or
cel.lib.ext.kro.experimental.maps ?

[barney-s]

Wondering if we need to rename the folder from library to ext ?
Even a separate repo under kro-run ?

[barney-s]

More of a Q: "K" and "V" are not used here. Are those more for documentation ?>
If so can we rename to Key, Value ?

[k8s-triage-robot]

Unknown CLA label state. Rechecking for CLA labels.

Send feedback to sig-contributor-experience at kubernetes/community.

/check-cla
/easycla

[linux-foundation-easycla]

• ❌ The email address for the commit (3bb33f5, 1aaecef, 44ece4d, e28f93e, efa762e, 89467b4, 904e210) is not linked to the GitHub account, preventing the EasyCLA check. Consult this Help Article and GitHub Help to resolve. (To view the commit's email address, add .patch at the end of this PR page's URL.) For further assistance with EasyCLA, please submit a support request ticket.

[a-hilaly]

ping @gfrey - as Barni stated would you like to open a PR against CEL official std libs?

[a-hilaly]

also can you please sign the CLA?