Skip to content

feat(nameref): follow name references inside embedded YAML/JSON #6125

Open
isumitsolanki wants to merge 1 commit intokubernetes-sigs:masterfrom
isumitsolanki:issue_6101
Open

feat(nameref): follow name references inside embedded YAML/JSON #6125
isumitsolanki wants to merge 1 commit intokubernetes-sigs:masterfrom
isumitsolanki:issue_6101

Conversation

@isumitsolanki
Copy link
Copy Markdown

Fixes

Closes #6101


Summary

[One line: what changed and which subsystem.]

Example: Implements structured-data traversal for nameReference so names inside YAML/JSON embedded in scalar fields (e.g. ConfigMap.data) can be updated, aligned with structured replacements behavior.


Related issue


Problem

[What was broken or missing; user-visible symptom.]

For #6101:

  • nameReference only updated normal manifest fields from fieldSpecs.
  • It did not traverse JSON/YAML inside scalar strings (ConfigMap.data, Secret.stringData, annotations, etc.).
  • Generated names (e.g. secretGenerator hash suffixes) did not propagate into nested config such as auth.secretName inside data["config.yaml"].

Root cause

[Why the old code could not satisfy the issue.]

For #6101: The nameref filter stopped at the leaf scalar that contained the whole embedded document as one string; there was no parse → navigate → update → serialize path for that content.


Solution

[Bullets: syntax, main code paths, compatibility.]

For #6101:

Item Detail
Path syntax manifest/path//inner.dot.path — manifest segment uses /; inner segment uses . with SmarterPathSplitter escaping (same idea as structured replacements).
Behavior Parse scalar → PathMatcher on inner path → existing nameref set / map / sequence logic → serialize back.
Refactor api/internal/structuredscalar for serialization; replacements calls into it.
roleRef Uses manifest-only prefix when path contains //.
Compatibility Paths without // unchanged.

Impact

Area Notes
Users Can propagate renames and generator hashes into embedded app config without per-key replacements.
Risk Low; opt-in via // in path.
Caveats Minor YAML style drift on round-trip (e.g. | vs |-), similar to structured replacements.

How to verify

cd api

go test ./filters/nameref/... -run 'TestNamerefFilter/structured' -count=1 -v
go test ./krusty/... -run TestIssue6101StructuredNameReference -count=1 -v
go test ./filters/replacement/... ./internal/accumulator/... -count=1

…/ path suffix

Signed-off-by: Sumit Solanki <sumit.solanki@ibm.com>
@k8s-ci-robot k8s-ci-robot requested a review from sarab97 April 13, 2026 10:07
@k8s-ci-robot
Copy link
Copy Markdown
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: isumitsolanki
Once this PR has been reviewed and has the lgtm label, please assign koba1t for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. label Apr 13, 2026
@k8s-ci-robot
Copy link
Copy Markdown
Contributor

Hi @isumitsolanki. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@k8s-ci-robot k8s-ci-robot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. labels Apr 13, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Support structured-data traversal in nameReference transformer

2 participants