feat: Add initial CEL expression scanner pod implmentation

cmd/manager/common.go

@@ -6,6 +6,7 @@ import (
 	"path/filepath"
 
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/client-go/discovery"
 
 	ocpcfgv1 "github.com/openshift/api/config/v1"
@@ -56,6 +57,26 @@ func (crclient *complianceCrClient) useEventRecorder(source string, config *rest
 	return nil
 }
 
+func DeriveResourcePath(gvr schema.GroupVersionResource, namespace string) string {
+	var objPath string
+	if gvr.Group == "" {
+		// Core resource like "namespaces"
+		if namespace == "" {
+			objPath = fmt.Sprintf("/api/%s/%s", gvr.Version, gvr.Resource)
+		} else {
+			objPath = fmt.Sprintf("/api/%s/namespaces/%s/%s", gvr.Version, namespace, gvr.Resource)
+		}
+	} else {
+		// Non-core resource
+		if namespace == "" {
+			objPath = fmt.Sprintf("/apis/%s/%s/%s", gvr.Group, gvr.Version, gvr.Resource)
+		} else {
+			objPath = fmt.Sprintf("/apis/%s/%s/namespaces/%s/%s", gvr.Group, gvr.Version, namespace, gvr.Resource)
+		}
+	}
+	return objPath
+}
+
 func (crclient *complianceCrClient) getClient() runtimeclient.Client {
 	return crclient.client
 }

config/crd/bases/compliance.openshift.io_tailoredprofiles.yaml

@@ -57,6 +57,11 @@ spec:
                   description: RuleReferenceSpec specifies a rule to be selected/deselected,
                     as well as the reason why
                   properties:
+                    kind:
+                      description: |-
+                        Type of the rule reference, either "Rule" or "CustomRule"
+                        We will use "Rule" by default if not specified
+                      type: string
                     name:
                       description: Name of the rule that's being referenced
                       type: string
@@ -75,6 +80,11 @@ spec:
                   description: RuleReferenceSpec specifies a rule to be selected/deselected,
                     as well as the reason why
                   properties:
+                    kind:
+                      description: |-
+                        Type of the rule reference, either "Rule" or "CustomRule"
+                        We will use "Rule" by default if not specified
+                      type: string
                     name:
                       description: Name of the rule that's being referenced
                       type: string
@@ -97,6 +107,11 @@ spec:
                   description: RuleReferenceSpec specifies a rule to be selected/deselected,
                     as well as the reason why
                   properties:
+                    kind:
+                      description: |-
+                        Type of the rule reference, either "Rule" or "CustomRule"
+                        We will use "Rule" by default if not specified
+                      type: string
                     name:
                       description: Name of the rule that's being referenced
                       type: string

go.mod

@@ -4,16 +4,18 @@ go 1.23.0
 
 require (
 	github.com/cenkalti/backoff/v4 v4.3.0
+	github.com/google/cel-go v0.22.0
 	github.com/onsi/ginkgo v1.16.5
-	github.com/onsi/ginkgo/v2 v2.22.2
 	github.com/onsi/gomega v1.36.2
+	google.golang.org/genproto/googleapis/api v0.0.0-20241216192217-9240e9c98484
 	k8s.io/apimachinery v0.32.1
 	k8s.io/client-go v0.32.1
 	open-cluster-management.io/api v0.15.0
 	sigs.k8s.io/controller-runtime v0.20.0
 )
 
 require (
+	cel.dev/expr v0.18.0 // indirect
 	cloud.google.com/go v0.116.0 // indirect
 	cloud.google.com/go/ai v0.8.0 // indirect
 	cloud.google.com/go/auth v0.13.0 // indirect
@@ -25,16 +27,13 @@ require (
 	github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 // indirect
 	github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 // indirect
 	github.com/alecthomas/units v0.0.0-20240927000941-0f3dac36c52b // indirect
+	github.com/antlr4-go/antlr/v4 v4.13.0 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
 	github.com/bboreham/go-loser v0.0.0-20230920113527-fcc2c21820a3 // indirect
-	github.com/cncf/xds/go v0.0.0-20240905190251-b4127c9b8d78 // indirect
 	github.com/dennwc/varint v1.0.0 // indirect
 	github.com/edsrzf/mmap-go v1.2.0 // indirect
-	github.com/envoyproxy/go-control-plane v0.13.1 // indirect
 	github.com/facette/natsort v0.0.0-20181210072756-2cd4dd1e2dcb // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
-	github.com/go-kit/log v0.2.1 // indirect
-	github.com/go-logfmt/logfmt v0.6.0 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-openapi/analysis v0.22.2 // indirect
 	github.com/go-openapi/errors v0.22.0 // indirect
@@ -60,9 +59,9 @@ require (
 	github.com/oklog/ulid v1.3.1 // indirect
 	github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect
 	github.com/prometheus/alertmanager v0.27.0 // indirect
-	github.com/prometheus/common/sigv4 v0.1.0 // indirect
 	github.com/prometheus/sigv4 v0.1.0 // indirect
 	github.com/rogpeppe/go-internal v1.13.2-0.20241226121412-a5dc8ff20d0a // indirect
+	github.com/stoewer/go-strcase v1.3.0 // indirect
 	go.mongodb.org/mongo-driver v1.14.0 // indirect
 	go.opentelemetry.io/auto/sdk v1.1.0 // indirect
 	go.opentelemetry.io/collector/pdata v1.22.0 // indirect
@@ -77,7 +76,6 @@ require (
 	go.uber.org/goleak v1.3.0 // indirect
 	golang.org/x/crypto v0.32.0 // indirect
 	google.golang.org/api v0.215.0 // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20241216192217-9240e9c98484 // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20241223144023-3abc09e42ca8 // indirect
 	google.golang.org/grpc v1.69.0 // indirect
 )
@@ -87,7 +85,6 @@ require (
 	github.com/antchfx/xmlquery v1.4.3
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/blang/semver/v4 v4.0.0
-	github.com/cenkalti/backoff/v5 v5.0.1
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/clarketm/json v1.17.1
 	github.com/coreos/ignition/v2 v2.20.0