From c171f27b99e029f144011bfd33723be2b34df72d Mon Sep 17 00:00:00 2001
From: Max Smythe <smythe@google.com>
Date: Fri, 15 Dec 2023 07:41:01 +0000
Subject: [PATCH] Rename reserved prefix, document global constants

Signed-off-by: Max Smythe <smythe@google.com>
---
 .../client/drivers/k8scel/schema/schema.go    | 21 +++++++++++--------
 .../drivers/k8scel/schema/schema_test.go      |  4 ++--
 .../drivers/k8scel/transform/cel_snippets.go  |  8 +++----
 .../k8scel/transform/make_vap_objects_test.go | 12 +++++------
 4 files changed, 24 insertions(+), 21 deletions(-)

diff --git a/constraint/pkg/client/drivers/k8scel/schema/schema.go b/constraint/pkg/client/drivers/k8scel/schema/schema.go
index 039a54355..9fd1a9d49 100644
--- a/constraint/pkg/client/drivers/k8scel/schema/schema.go
+++ b/constraint/pkg/client/drivers/k8scel/schema/schema.go
@@ -16,9 +16,12 @@ import (
 
 const (
 	// Name is the name of the driver.
-	Name           = "K8sNativeValidation"
-	ReservedPrefix = "g8r_"
-	ParamsName     = "params"
+	Name = "K8sNativeValidation"
+	// ReservedPrefix signifies a prefix that no user-defined value (variable, matcher, etc.) is allowed to have.
+	// This gives us the ability to add new variables in the future without worrying about breaking pre-existing templates.
+	ReservedPrefix = "g8r_internal_"
+	// ParamsName is the VAP variable constraint parameters will be bound to.
+	ParamsName = "params"
 )
 
 var (
@@ -27,7 +30,7 @@ var (
 )
 
 type Validation struct {
-	// A CEL expression. Maps to ValidationAdmissionPolicy's spec.validations
+	// A CEL expression. Maps to ValidationAdmissionPolicy's `spec.validations`.
 	Expression        string `json:"expression,omitempty"`
 	Message           string `json:"message,omitempty"`
 	MessageExpression string `json:"messageExpression,omitempty"`
@@ -39,22 +42,22 @@ type MatchCondition struct {
 }
 
 type Variable struct {
-	// A CEL variable definition. Maps to ValidationAdmissionPolicy's spec.variables
+	// A CEL variable definition. Maps to ValidationAdmissionPolicy's `spec.variables`.
 	Name       string `json:"name,omitempty"`
 	Expression string `json:"expression,omitempty"`
 }
 
 type Source struct {
-	// Validations maps to ValidatingAdmissionPolicy's spec.validations.
+	// Validations maps to ValidatingAdmissionPolicy's `spec.validations`.
 	Validations []Validation `json:"validations,omitempty"`
 
-	// FailurePolicy maps to ValidatingAdmissionPolicy's spec.failurePolicy
+	// FailurePolicy maps to ValidatingAdmissionPolicy's `spec.failurePolicy`.
 	FailurePolicy *string `json:"failurePolicy,omitempty"`
 
-	// MatchConditions maps to ValidatingAdmissionPolicy's spec.matchConditions
+	// MatchConditions maps to ValidatingAdmissionPolicy's `spec.matchConditions`.
 	MatchConditions []MatchCondition `json:"matchCondition,omitempty"`
 
-	// Variables maps to ValidatingAdmissionPolicy's spec.variables
+	// Variables maps to ValidatingAdmissionPolicy's `spec.variables`.
 	Variables []Variable `json:"variables,omitempty"`
 }
 
diff --git a/constraint/pkg/client/drivers/k8scel/schema/schema_test.go b/constraint/pkg/client/drivers/k8scel/schema/schema_test.go
index e6298debc..2e48d1dc5 100644
--- a/constraint/pkg/client/drivers/k8scel/schema/schema_test.go
+++ b/constraint/pkg/client/drivers/k8scel/schema/schema_test.go
@@ -58,7 +58,7 @@ func TestValidationErrors(t *testing.T) {
 				FailurePolicy: ptr.To[string]("Fail"),
 				MatchConditions: []MatchCondition{
 					{
-						Name:       "g8r_must_match_something",
+						Name:       "g8r_internal_must_match_something",
 						Expression: "true == true",
 					},
 				},
@@ -83,7 +83,7 @@ func TestValidationErrors(t *testing.T) {
 				},
 				Variables: []Variable{
 					{
-						Name:       "g8r_my_variable",
+						Name:       "g8r_internal_my_variable",
 						Expression: "true",
 					},
 				},
diff --git a/constraint/pkg/client/drivers/k8scel/transform/cel_snippets.go b/constraint/pkg/client/drivers/k8scel/transform/cel_snippets.go
index 0261b1cd6..8a52a27fc 100644
--- a/constraint/pkg/client/drivers/k8scel/transform/cel_snippets.go
+++ b/constraint/pkg/client/drivers/k8scel/transform/cel_snippets.go
@@ -72,7 +72,7 @@ const (
 
 func MatchExcludedNamespacesGlobV1Alpha1() admissionregistrationv1alpha1.MatchCondition {
 	return admissionregistrationv1alpha1.MatchCondition{
-		Name:       "g8r_match_excluded_namespaces",
+		Name:       "g8r_internal_match_excluded_namespaces",
 		Expression: matchExcludedNamespacesGlob,
 	}
 }
@@ -89,7 +89,7 @@ func MatchExcludedNamespacesGlobCEL() []cel.ExpressionAccessor {
 
 func MatchNamespacesGlobV1Alpha1() admissionregistrationv1alpha1.MatchCondition {
 	return admissionregistrationv1alpha1.MatchCondition{
-		Name:       "g8r_match_namespaces",
+		Name:       "g8r_internal_match_namespaces",
 		Expression: matchNamespacesGlob,
 	}
 }
@@ -106,7 +106,7 @@ func MatchNamespacesGlobCEL() []cel.ExpressionAccessor {
 
 func MatchNameGlobV1Alpha1() admissionregistrationv1alpha1.MatchCondition {
 	return admissionregistrationv1alpha1.MatchCondition{
-		Name:       "g8r_match_name",
+		Name:       "g8r_internal_match_name",
 		Expression: matchNameGlob,
 	}
 }
@@ -123,7 +123,7 @@ func MatchNameGlobCEL() []cel.ExpressionAccessor {
 
 func MatchKindsV1Alpha1() admissionregistrationv1alpha1.MatchCondition {
 	return admissionregistrationv1alpha1.MatchCondition{
-		Name:       "g8r_match_kinds",
+		Name:       "g8r_internal_match_kinds",
 		Expression: matchKinds,
 	}
 }
diff --git a/constraint/pkg/client/drivers/k8scel/transform/make_vap_objects_test.go b/constraint/pkg/client/drivers/k8scel/transform/make_vap_objects_test.go
index 54340522e..2b8ae4533 100644
--- a/constraint/pkg/client/drivers/k8scel/transform/make_vap_objects_test.go
+++ b/constraint/pkg/client/drivers/k8scel/transform/make_vap_objects_test.go
@@ -61,19 +61,19 @@ func TestTemplateToPolicyDefinition(t *testing.T) {
 							Expression: "true == true",
 						},
 						{
-							Name:       "g8r_match_excluded_namespaces",
+							Name:       "g8r_internal_match_excluded_namespaces",
 							Expression: matchExcludedNamespacesGlob,
 						},
 						{
-							Name:       "g8r_match_namespaces",
+							Name:       "g8r_internal_match_namespaces",
 							Expression: matchNamespacesGlob,
 						},
 						{
-							Name:       "g8r_match_name",
+							Name:       "g8r_internal_match_name",
 							Expression: matchNameGlob,
 						},
 						{
-							Name:       "g8r_match_kinds",
+							Name:       "g8r_internal_match_kinds",
 							Expression: matchKinds,
 						},
 					},
@@ -105,7 +105,7 @@ func TestTemplateToPolicyDefinition(t *testing.T) {
 				FailurePolicy: ptr.To[string]("Fail"),
 				MatchConditions: []schema.MatchCondition{
 					{
-						Name:       "g8r_match_something",
+						Name:       "g8r_internal_match_something",
 						Expression: "true == true",
 					},
 				},
@@ -138,7 +138,7 @@ func TestTemplateToPolicyDefinition(t *testing.T) {
 				},
 				Variables: []schema.Variable{
 					{
-						Name:       "g8r_my_variable",
+						Name:       "g8r_internal_my_variable",
 						Expression: "true",
 					},
 				},