From 3a15b832cd70bcd137236eed31a6f3ecddb1eed1 Mon Sep 17 00:00:00 2001
From: Bartosz Stebel <implr@hackerspace.pl>
Date: Wed, 16 Jun 2021 19:14:50 +0200
Subject: [PATCH] update kube.libsonnet

Change-Id: I130bb2c9d799036daba8be4837f6070e65f31243
---
 kube/kube.upstream.libsonnet | 37 ++++++++++++++++++++----------------
 1 file changed, 21 insertions(+), 16 deletions(-)

diff --git a/kube/kube.upstream.libsonnet b/kube/kube.upstream.libsonnet
index d12a7868..a99841d2 100644
--- a/kube/kube.upstream.libsonnet
+++ b/kube/kube.upstream.libsonnet
@@ -53,10 +53,15 @@
 // (client-side, and gives better line information).
 
 {
+  // In case you may want/need to skip assertions for speed reasons (rather big configmaps/etc),
+  // load the library with e.g.
+  //   local kube = (import "lib/kube.libsonnet") { _assert:: false };
+  _assert:: true,
+
   // resource contructors will use kinds/versions/fields compatible at least with version:
   minKubeVersion: {
     major: 1,
-    minor: 9,
+    minor: 14,
     version: "%s.%s" % [self.major, self.minor],
   },
 
@@ -74,7 +79,7 @@
     local len = std.length(s);
     local leading = std.substr(s, 0, len - 1);
     local last = std.parseInt(std.substr(s, len - 1, 1));
-    assert last < 8 : "found '%s' digit >= 8" % [last];
+    assert (!$._assert) || last < 8 : "found '%s' digit >= 8" % [last];
     last + (if len > 1 then 8 * $.parseOctal(leading) else 0)
   ),
 
@@ -249,14 +254,14 @@
 
     stdin: false,
     tty: false,
-    assert !self.tty || self.stdin : "tty=true requires stdin=true",
+    assert (!$._assert) || (!self.tty || self.stdin) : "tty=true requires stdin=true",
   },
 
   PodDisruptionBudget(name): $._Object("policy/v1beta1", "PodDisruptionBudget", name) {
     local this = self,
     target_pod:: error "target_pod required",
     spec: {
-      assert $.boolXor(
+      assert (!$._assert) || $.boolXor(
         std.objectHas(self, "minAvailable"),
         std.objectHas(self, "maxUnavailable")
       ) : "PDB '%s': exactly one of minAvailable/maxUnavailable required" % name,
@@ -278,7 +283,7 @@
 
     local container_names_ordered = [self.default_container] + [n for n in container_names if n != self.default_container],
     containers: (
-      assert std.length(self.containers_) > 0 : "Pod must have at least one container (via containers_ map)";
+      assert (!$._assert) || std.length(self.containers_) > 0 : "Pod must have at least one container (via containers_ map)";
       [{ name: $.hyphenate(name) } + self.containers_[name] for name in container_names_ordered if self.containers_[name] != null]
     ),
 
@@ -297,7 +302,7 @@
 
     terminationGracePeriodSeconds: 30,
 
-    assert std.length(self.containers) > 0 : "Pod must have at least one container (via containers array)",
+    assert (!$._assert) || std.length(self.containers) > 0 : "Pod must have at least one container (via containers array)",
 
     // Return an array of pod's ports numbers
     ports(proto):: [
@@ -350,12 +355,12 @@
       for k in std.objectFields(self.data)
       if std.type(self.data[k]) != "string"
     ],
-    assert std.length(nonstrings) == 0 : "data contains non-string values: %s" % [nonstrings],
+    assert (!$._assert) || std.length(nonstrings) == 0 : "data contains non-string values: %s" % [nonstrings],
   },
 
   // subtype of EnvVarSource
   ConfigMapRef(configmap, key): {
-    assert std.objectHas(configmap.data, key) : "ConfigMap '%s' doesn't have '%s' field in configmap.data" % [configmap.metadata.name, key],
+    assert (!$._assert) || std.objectHas(configmap.data, key) : "ConfigMap '%s' doesn't have '%s' field in configmap.data" % [configmap.metadata.name, key],
     configMapKeyRef: {
       name: configmap.metadata.name,
       key: key,
@@ -372,7 +377,7 @@
 
   // subtype of EnvVarSource
   SecretKeyRef(secret, key): {
-    assert std.objectHas(secret.data, key) : "Secret '%s' doesn't have '%s' field in secret.data" % [secret.metadata.name, key],
+    assert (!$._assert) || std.objectHas(secret.data, key) : "Secret '%s' doesn't have '%s' field in secret.data" % [secret.metadata.name, key],
     secretKeyRef: {
       name: secret.metadata.name,
       key: key,
@@ -461,7 +466,7 @@
       minReplicas: hpa.target.spec.replicas,
       maxReplicas: error "maxReplicas required",
 
-      assert self.maxReplicas >= self.minReplicas,
+      assert (!$._assert) || self.maxReplicas >= self.minReplicas,
     },
   },
 
@@ -501,7 +506,7 @@
       ],
 
       replicas: 1,
-      assert self.replicas >= 1,
+      assert (!$._assert) || self.replicas >= 1,
     },
   },
 
@@ -580,9 +585,9 @@
       p.path
       for r in self.spec.rules
       for p in r.http.paths
-      if !std.startsWith(p.path, "/")
+      if std.objectHas(p, "path") && !std.startsWith(p.path, "/")
     ],
-    assert std.length(rel_paths) == 0 : "paths must be absolute: " + rel_paths,
+    assert (!$._assert) || std.length(rel_paths) == 0 : "paths must be absolute: " + rel_paths,
   },
 
   ThirdPartyResource(name): $._Object("extensions/v1beta1", "ThirdPartyResource", name) {
@@ -613,7 +618,7 @@
   ServiceAccount(name): $._Object("v1", "ServiceAccount", name) {
   },
 
-  Role(name): $._Object("rbac.authorization.k8s.io/v1beta1", "Role", name) {
+  Role(name): $._Object("rbac.authorization.k8s.io/v1", "Role", name) {
     rules: [],
   },
 
@@ -633,7 +638,7 @@
     apiGroup: "rbac.authorization.k8s.io",
   },
 
-  RoleBinding(name): $._Object("rbac.authorization.k8s.io/v1beta1", "RoleBinding", name) {
+  RoleBinding(name): $._Object("rbac.authorization.k8s.io/v1", "RoleBinding", name) {
     local rb = self,
 
     subjects_:: [],
@@ -662,7 +667,7 @@
     spec: {
       encryptedData: {},
     },
-    assert std.length(std.objectFields(self.spec.encryptedData)) != 0 : "SealedSecret '%s' has empty encryptedData field" % name,
+    assert (!$._assert) || std.length(std.objectFields(self.spec.encryptedData)) != 0 : "SealedSecret '%s' has empty encryptedData field" % name,
   },
 
   // NB: helper method to access several Kubernetes objects podRef,