Upstreaming network.IP/CIDR to CEL-go from kubernetes

[tdesrosi]

Upstream CIDR and IP-related functions from kubernetes into cel-go

This is part of a broader effort to bring network functions from the kubernetes
project into CEL specifications upstream. This is related directly to
issues/1237.

These are currently locked inside k8s.io/apiserver, but they are generally
useful for any policy engine dealing with network logic (firewalls, access lists, etc.).

[tdesrosi]

/gcbrun

[TristonianJones]

/gcbrun

[TristonianJones]

FYI @cici37 @jpbetz

[TristonianJones]

/gcbrun

[TristonianJones]

You can omit the traits.ReceiverType here and below. It implies the type implements the Receive method which it doesn't.

[TristonianJones]

Prefer creating an types.OpaqueType since these are types which do not have any fields accessible.

[TristonianJones]

Prefer instead to create an inline cel.EnvOption like so:

func (e *cel.Env) (*cel.Env, error) {
   adapter := &networkAdapter{Adapter: e.CELTypeAdapter()}
   return cel.CustomTypeAdapter(adapter)(e)
}

[TristonianJones]

I would be very happy if we used the K8s content verbatim here (modulo some simple renames) as it'll simplify cost-tracking checks which K8s is doing presently and which someone will also need to upstream before making the improvements available to K8s to use.

https://github.com/kubernetes/kubernetes/blob/5bcb7599736327cd8c6d23e398002354a6e40f68/staging/src/k8s.io/apiserver/pkg/cel/library/ip.go

The primary cleanup would be to shift from an IP library to a Network library which aggregates the K8s library/ip.go and library/cidr.go since we'd very likely always use them together.