From 4dae677ea2c879daeb0bba5cdd7dd78c45af3ba1 Mon Sep 17 00:00:00 2001 From: Dale Haiducek <19750917+dhaiducek@users.noreply.github.com> Date: Thu, 15 Feb 2024 17:06:15 -0500 Subject: [PATCH 1/2] Upgrade `controller-gen` ref: https://issues.redhat.com/browse/ACM-9975 Signed-off-by: Dale Haiducek <19750917+dhaiducek@users.noreply.github.com> (cherry picked from commit 53335c1cc91c8dbf6fb29882077fa7c7efbdb6fd) --- Makefile | 8 +- api/v1/zz_generated.deepcopy.go | 7 +- api/v1beta1/zz_generated.deepcopy.go | 1 - build/common/Makefile.common.mk | 2 +- ...r-management.io_configurationpolicies.yaml | 128 +++++++++--------- ...luster-management.io_operatorpolicies.yaml | 121 +++++++++-------- ...r-management.io_configurationpolicies.yaml | 128 +++++++++--------- ...luster-management.io_operatorpolicies.yaml | 121 +++++++++-------- deploy/operator.yaml | 1 - deploy/rbac/role.yaml | 2 - 10 files changed, 262 insertions(+), 257 deletions(-) diff --git a/Makefile b/Makefile index c49fb758..00fdc66e 100644 --- a/Makefile +++ b/Makefile @@ -124,16 +124,14 @@ clean: ############################################################ # Generate manifests ############################################################ -CRD_OPTIONS ?= "crd:trivialVersions=true,preserveUnknownFields=false" .PHONY: manifests manifests: controller-gen kustomize - $(CONTROLLER_GEN) $(CRD_OPTIONS) rbac:roleName=config-policy-controller paths="./..." output:crd:artifacts:config=deploy/crds output:rbac:artifacts:config=deploy/rbac + $(CONTROLLER_GEN) crd rbac:roleName=config-policy-controller paths="./..." output:crd:artifacts:config=deploy/crds output:rbac:artifacts:config=deploy/rbac mv deploy/crds/policy.open-cluster-management.io_configurationpolicies.yaml deploy/crds/kustomize_configurationpolicy/policy.open-cluster-management.io_configurationpolicies.yaml mv deploy/crds/policy.open-cluster-management.io_operatorpolicies.yaml deploy/crds/kustomize_operatorpolicy/policy.open-cluster-management.io_operatorpolicies.yaml - # Add a newline so that the format matches what kubebuilder generates - @printf "\n---\n" > deploy/crds/policy.open-cluster-management.io_configurationpolicies.yaml - @printf "\n---\n" > deploy/crds/policy.open-cluster-management.io_operatorpolicies.yaml + @printf -- "---\n" > deploy/crds/policy.open-cluster-management.io_configurationpolicies.yaml + @printf -- "---\n" > deploy/crds/policy.open-cluster-management.io_operatorpolicies.yaml $(KUSTOMIZE) build deploy/crds/kustomize_configurationpolicy >> deploy/crds/policy.open-cluster-management.io_configurationpolicies.yaml $(KUSTOMIZE) build deploy/crds/kustomize_operatorpolicy >> deploy/crds/policy.open-cluster-management.io_operatorpolicies.yaml diff --git a/api/v1/zz_generated.deepcopy.go b/api/v1/zz_generated.deepcopy.go index 55bdb0bf..87dc4c0f 100644 --- a/api/v1/zz_generated.deepcopy.go +++ b/api/v1/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated // Copyright (c) 2021 Red Hat, Inc. // Copyright Contributors to the Open Cluster Management project @@ -23,7 +22,8 @@ func (in ComplianceMap) DeepCopyInto(out *ComplianceMap) { if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(CompliancePerClusterStatus) (*in).DeepCopyInto(*out) } @@ -53,7 +53,8 @@ func (in *CompliancePerClusterStatus) DeepCopyInto(out *CompliancePerClusterStat if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(ConfigurationPolicyStatus) (*in).DeepCopyInto(*out) } diff --git a/api/v1beta1/zz_generated.deepcopy.go b/api/v1beta1/zz_generated.deepcopy.go index 87e41e02..0f8b5366 100644 --- a/api/v1beta1/zz_generated.deepcopy.go +++ b/api/v1beta1/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated // Copyright (c) 2021 Red Hat, Inc. // Copyright Contributors to the Open Cluster Management project diff --git a/build/common/Makefile.common.mk b/build/common/Makefile.common.mk index 1f3d57fc..1fd9abe3 100755 --- a/build/common/Makefile.common.mk +++ b/build/common/Makefile.common.mk @@ -3,7 +3,7 @@ ## CLI versions (with links to the latest releases) # https://github.com/kubernetes-sigs/controller-tools/releases/latest -CONTROLLER_GEN_VERSION := v0.6.1 +CONTROLLER_GEN_VERSION := v0.14.0 # https://github.com/kubernetes-sigs/kustomize/releases/latest KUSTOMIZE_VERSION := v5.3.0 # https://github.com/golangci/golangci-lint/releases/latest diff --git a/deploy/crds/kustomize_configurationpolicy/policy.open-cluster-management.io_configurationpolicies.yaml b/deploy/crds/kustomize_configurationpolicy/policy.open-cluster-management.io_configurationpolicies.yaml index 910c6915..fa4c0edf 100644 --- a/deploy/crds/kustomize_configurationpolicy/policy.open-cluster-management.io_configurationpolicies.yaml +++ b/deploy/crds/kustomize_configurationpolicy/policy.open-cluster-management.io_configurationpolicies.yaml @@ -1,11 +1,9 @@ - --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.6.1 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.14.0 name: configurationpolicies.policy.open-cluster-management.io spec: group: policy.open-cluster-management.io @@ -27,14 +25,19 @@ spec: API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -42,32 +45,31 @@ spec: description: ConfigurationPolicySpec defines the desired state of ConfigurationPolicy properties: evaluationInterval: - description: Configures the minimum elapsed time before a ConfigurationPolicy - is reevaluated. If the policy spec is changed, or if the list of - namespaces selected by the policy changes, the policy may be evaluated - regardless of the settings here. + description: |- + Configures the minimum elapsed time before a ConfigurationPolicy is reevaluated. If the policy + spec is changed, or if the list of namespaces selected by the policy changes, the policy may be + evaluated regardless of the settings here. properties: compliant: - description: The minimum elapsed time before a ConfigurationPolicy - is reevaluated when in the compliant state. Set this to "never" - to disable reevaluation when in the compliant state. + description: |- + The minimum elapsed time before a ConfigurationPolicy is reevaluated when in the compliant state. Set this to + "never" to disable reevaluation when in the compliant state. pattern: ^(?:(?:(?:[0-9]+(?:.[0-9])?)(?:h|m|s|(?:ms)|(?:us)|(?:ns)))|never)+$ type: string noncompliant: - description: The minimum elapsed time before a ConfigurationPolicy - is reevaluated when in the noncompliant state. Set this to "never" - to disable reevaluation when in the noncompliant state. + description: |- + The minimum elapsed time before a ConfigurationPolicy is reevaluated when in the noncompliant state. Set this to + "never" to disable reevaluation when in the noncompliant state. pattern: ^(?:(?:(?:[0-9]+(?:.[0-9])?)(?:h|m|s|(?:ms)|(?:us)|(?:ns)))|never)+$ type: string type: object namespaceSelector: - description: '''namespaceSelector'' defines the list of namespaces - to include/exclude for objects defined in spec.objectTemplates. - All selector rules are ANDed. If ''include'' is not provided but - ''matchLabels'' and/or ''matchExpressions'' are, ''include'' will - behave as if [''*''] were given. If ''matchExpressions'' and ''matchLabels'' - are both not provided, ''include'' must be provided to retrieve - namespaces.' + description: |- + 'namespaceSelector' defines the list of namespaces to include/exclude for objects defined in + spec.objectTemplates. All selector rules are ANDed. If 'include' is not provided but + 'matchLabels' and/or 'matchExpressions' are, 'include' will behave as if ['*'] were given. If + 'matchExpressions' and 'matchLabels' are both not provided, 'include' must be provided to + retrieve namespaces. properties: exclude: description: '''exclude'' is an array of filepath expressions @@ -87,24 +89,24 @@ spec: description: '''matchExpressions'' is an array of label selector requirements matching objects by label.' items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string @@ -122,12 +124,12 @@ spec: type: object type: object object-templates: - description: '''object-templates'' and ''object-templates-raw'' are - arrays of objects for the configuration policy to check, create, - modify, or delete on the cluster. ''object-templates'' is an array - of objects, while ''object-templates-raw'' is a string containing - an array of objects in YAML format. Only one of the two object-templates - variables can be set in a given configurationPolicy.' + description: |- + 'object-templates' and 'object-templates-raw' are arrays of objects for the configuration + policy to check, create, modify, or delete on the cluster. 'object-templates' is an array + of objects, while 'object-templates-raw' is a string containing an array of objects in + YAML format. Only one of the two object-templates variables can be set in a given + configurationPolicy. items: description: ObjectTemplate describes how an object should look properties: @@ -162,9 +164,9 @@ spec: type: object x-kubernetes-preserve-unknown-fields: true recordDiff: - description: RecordDiff specifies whether (and where) to log - the diff between the object on the cluster and the objectDefinition - in the policy. Defaults to "None". + description: |- + RecordDiff specifies whether (and where) to log the diff between the object on the + cluster and the objectDefinition in the policy. Defaults to "None". enum: - Log - None @@ -175,17 +177,18 @@ spec: type: object type: array object-templates-raw: - description: '''object-templates'' and ''object-templates-raw'' are - arrays of objects for the configuration policy to check, create, - modify, or delete on the cluster. ''object-templates'' is an array - of objects, while ''object-templates-raw'' is a string containing - an array of objects in YAML format. Only one of the two object-templates - variables can be set in a given configurationPolicy.' + description: |- + 'object-templates' and 'object-templates-raw' are arrays of objects for the configuration + policy to check, create, modify, or delete on the cluster. 'object-templates' is an array + of objects, while 'object-templates-raw' is a string containing an array of objects in + YAML format. Only one of the two object-templates variables can be set in a given + configurationPolicy. type: string pruneObjectBehavior: default: None - description: PruneObjectBehavior is used to remove objects that are - managed by the policy upon policy deletion. + description: |- + PruneObjectBehavior is used to remove objects that are managed by the + policy upon policy deletion. enum: - DeleteAll - DeleteIfCreated @@ -290,17 +293,22 @@ spec: description: API version of the referent. type: string kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind of the referent. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: description: Metadata values from the referent. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + description: |- + Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ type: string type: object type: object @@ -325,9 +333,3 @@ spec: storage: true subresources: status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/deploy/crds/kustomize_operatorpolicy/policy.open-cluster-management.io_operatorpolicies.yaml b/deploy/crds/kustomize_operatorpolicy/policy.open-cluster-management.io_operatorpolicies.yaml index a66eb6ed..be7e48bc 100644 --- a/deploy/crds/kustomize_operatorpolicy/policy.open-cluster-management.io_operatorpolicies.yaml +++ b/deploy/crds/kustomize_operatorpolicy/policy.open-cluster-management.io_operatorpolicies.yaml @@ -1,11 +1,9 @@ - --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.6.1 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.14.0 name: operatorpolicies.policy.open-cluster-management.io spec: group: policy.open-cluster-management.io @@ -22,14 +20,19 @@ spec: description: OperatorPolicy is the Schema for the operatorpolicies API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -51,9 +54,10 @@ spec: - mustnothave type: string operatorGroup: - description: Include the name, namespace, and any `spec` fields for - the OperatorGroup. For more info, see `kubectl explain operatorgroup.spec` - or https://olm.operatorframework.io/docs/concepts/crds/operatorgroup/ + description: |- + Include the name, namespace, and any `spec` fields for the OperatorGroup. + For more info, see `kubectl explain operatorgroup.spec` or + https://olm.operatorframework.io/docs/concepts/crds/operatorgroup/ type: object x-kubernetes-preserve-unknown-fields: true remediationAction: @@ -77,15 +81,16 @@ spec: - Critical type: string subscription: - description: Include the namespace, and any `spec` fields for the - Subscription. For more info, see `kubectl explain subscription.spec` - or https://olm.operatorframework.io/docs/concepts/crds/subscription/ + description: |- + Include the namespace, and any `spec` fields for the Subscription. + For more info, see `kubectl explain subscription.spec` or + https://olm.operatorframework.io/docs/concepts/crds/subscription/ type: object x-kubernetes-preserve-unknown-fields: true versions: - description: Versions is a list of nonempty strings that specifies - which installed versions are compliant when in 'inform' mode, and - which installPlans are approved when in 'enforce' mode + description: |- + Versions is a list of nonempty strings that specifies which installed versions are compliant when + in 'inform' mode, and which installPlans are approved when in 'enforce' mode items: minLength: 1 type: string @@ -104,44 +109,42 @@ spec: description: Historic details on the condition of the policy items: description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n \ttype FooStatus struct{ \t // Represents the observations - of a foo's current state. \t // Known .status.conditions.type - are: \"Available\", \"Progressing\", and \"Degraded\" \t // - +patchMergeKey=type \t // +patchStrategy=merge \t // +listType=map - \t // +listMapKey=type \t Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n \t // other fields - \t}" + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" properties: lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. maxLength: 32768 type: string observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. format: int64 minimum: 0 type: integer reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. This field may not be empty. maxLength: 1024 minLength: 1 @@ -155,11 +158,12 @@ spec: - Unknown type: string type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string @@ -190,17 +194,22 @@ spec: description: API version of the referent. type: string kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind of the referent. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: description: Metadata values from the referent. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + description: |- + Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ type: string type: object type: object @@ -225,9 +234,3 @@ spec: storage: true subresources: status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/deploy/crds/policy.open-cluster-management.io_configurationpolicies.yaml b/deploy/crds/policy.open-cluster-management.io_configurationpolicies.yaml index 4a2ed4de..6be90138 100644 --- a/deploy/crds/policy.open-cluster-management.io_configurationpolicies.yaml +++ b/deploy/crds/policy.open-cluster-management.io_configurationpolicies.yaml @@ -1,11 +1,9 @@ - --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.6.1 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.14.0 labels: policy.open-cluster-management.io/policy-type: template name: configurationpolicies.policy.open-cluster-management.io @@ -29,14 +27,19 @@ spec: API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -49,32 +52,31 @@ spec: - object-templates-raw properties: evaluationInterval: - description: Configures the minimum elapsed time before a ConfigurationPolicy - is reevaluated. If the policy spec is changed, or if the list of - namespaces selected by the policy changes, the policy may be evaluated - regardless of the settings here. + description: |- + Configures the minimum elapsed time before a ConfigurationPolicy is reevaluated. If the policy + spec is changed, or if the list of namespaces selected by the policy changes, the policy may be + evaluated regardless of the settings here. properties: compliant: - description: The minimum elapsed time before a ConfigurationPolicy - is reevaluated when in the compliant state. Set this to "never" - to disable reevaluation when in the compliant state. + description: |- + The minimum elapsed time before a ConfigurationPolicy is reevaluated when in the compliant state. Set this to + "never" to disable reevaluation when in the compliant state. pattern: ^(?:(?:(?:[0-9]+(?:.[0-9])?)(?:h|m|s|(?:ms)|(?:us)|(?:ns)))|never)+$ type: string noncompliant: - description: The minimum elapsed time before a ConfigurationPolicy - is reevaluated when in the noncompliant state. Set this to "never" - to disable reevaluation when in the noncompliant state. + description: |- + The minimum elapsed time before a ConfigurationPolicy is reevaluated when in the noncompliant state. Set this to + "never" to disable reevaluation when in the noncompliant state. pattern: ^(?:(?:(?:[0-9]+(?:.[0-9])?)(?:h|m|s|(?:ms)|(?:us)|(?:ns)))|never)+$ type: string type: object namespaceSelector: - description: '''namespaceSelector'' defines the list of namespaces - to include/exclude for objects defined in spec.objectTemplates. - All selector rules are ANDed. If ''include'' is not provided but - ''matchLabels'' and/or ''matchExpressions'' are, ''include'' will - behave as if [''*''] were given. If ''matchExpressions'' and ''matchLabels'' - are both not provided, ''include'' must be provided to retrieve - namespaces.' + description: |- + 'namespaceSelector' defines the list of namespaces to include/exclude for objects defined in + spec.objectTemplates. All selector rules are ANDed. If 'include' is not provided but + 'matchLabels' and/or 'matchExpressions' are, 'include' will behave as if ['*'] were given. If + 'matchExpressions' and 'matchLabels' are both not provided, 'include' must be provided to + retrieve namespaces. properties: exclude: description: '''exclude'' is an array of filepath expressions @@ -94,24 +96,24 @@ spec: description: '''matchExpressions'' is an array of label selector requirements matching objects by label.' items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string @@ -129,12 +131,12 @@ spec: type: object type: object object-templates: - description: '''object-templates'' and ''object-templates-raw'' are - arrays of objects for the configuration policy to check, create, - modify, or delete on the cluster. ''object-templates'' is an array - of objects, while ''object-templates-raw'' is a string containing - an array of objects in YAML format. Only one of the two object-templates - variables can be set in a given configurationPolicy.' + description: |- + 'object-templates' and 'object-templates-raw' are arrays of objects for the configuration + policy to check, create, modify, or delete on the cluster. 'object-templates' is an array + of objects, while 'object-templates-raw' is a string containing an array of objects in + YAML format. Only one of the two object-templates variables can be set in a given + configurationPolicy. items: description: ObjectTemplate describes how an object should look properties: @@ -169,9 +171,9 @@ spec: type: object x-kubernetes-preserve-unknown-fields: true recordDiff: - description: RecordDiff specifies whether (and where) to log - the diff between the object on the cluster and the objectDefinition - in the policy. Defaults to "None". + description: |- + RecordDiff specifies whether (and where) to log the diff between the object on the + cluster and the objectDefinition in the policy. Defaults to "None". enum: - Log - None @@ -182,17 +184,18 @@ spec: type: object type: array object-templates-raw: - description: '''object-templates'' and ''object-templates-raw'' are - arrays of objects for the configuration policy to check, create, - modify, or delete on the cluster. ''object-templates'' is an array - of objects, while ''object-templates-raw'' is a string containing - an array of objects in YAML format. Only one of the two object-templates - variables can be set in a given configurationPolicy.' + description: |- + 'object-templates' and 'object-templates-raw' are arrays of objects for the configuration + policy to check, create, modify, or delete on the cluster. 'object-templates' is an array + of objects, while 'object-templates-raw' is a string containing an array of objects in + YAML format. Only one of the two object-templates variables can be set in a given + configurationPolicy. type: string pruneObjectBehavior: default: None - description: PruneObjectBehavior is used to remove objects that are - managed by the policy upon policy deletion. + description: |- + PruneObjectBehavior is used to remove objects that are managed by the + policy upon policy deletion. enum: - DeleteAll - DeleteIfCreated @@ -297,17 +300,22 @@ spec: description: API version of the referent. type: string kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind of the referent. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: description: Metadata values from the referent. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + description: |- + Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ type: string type: object type: object @@ -332,9 +340,3 @@ spec: storage: true subresources: status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/deploy/crds/policy.open-cluster-management.io_operatorpolicies.yaml b/deploy/crds/policy.open-cluster-management.io_operatorpolicies.yaml index 3f725256..05f74803 100644 --- a/deploy/crds/policy.open-cluster-management.io_operatorpolicies.yaml +++ b/deploy/crds/policy.open-cluster-management.io_operatorpolicies.yaml @@ -1,11 +1,9 @@ - --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.6.1 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.14.0 labels: policy.open-cluster-management.io/policy-type: template name: operatorpolicies.policy.open-cluster-management.io @@ -24,14 +22,19 @@ spec: description: OperatorPolicy is the Schema for the operatorpolicies API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -45,9 +48,10 @@ spec: - musthave type: string operatorGroup: - description: Include the name, namespace, and any `spec` fields for - the OperatorGroup. For more info, see `kubectl explain operatorgroup.spec` - or https://olm.operatorframework.io/docs/concepts/crds/operatorgroup/ + description: |- + Include the name, namespace, and any `spec` fields for the OperatorGroup. + For more info, see `kubectl explain operatorgroup.spec` or + https://olm.operatorframework.io/docs/concepts/crds/operatorgroup/ type: object x-kubernetes-preserve-unknown-fields: true remediationAction: @@ -71,15 +75,16 @@ spec: - Critical type: string subscription: - description: Include the namespace, and any `spec` fields for the - Subscription. For more info, see `kubectl explain subscription.spec` - or https://olm.operatorframework.io/docs/concepts/crds/subscription/ + description: |- + Include the namespace, and any `spec` fields for the Subscription. + For more info, see `kubectl explain subscription.spec` or + https://olm.operatorframework.io/docs/concepts/crds/subscription/ type: object x-kubernetes-preserve-unknown-fields: true versions: - description: Versions is a list of nonempty strings that specifies - which installed versions are compliant when in 'inform' mode, and - which installPlans are approved when in 'enforce' mode + description: |- + Versions is a list of nonempty strings that specifies which installed versions are compliant when + in 'inform' mode, and which installPlans are approved when in 'enforce' mode items: minLength: 1 type: string @@ -98,44 +103,42 @@ spec: description: Historic details on the condition of the policy items: description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n \ttype FooStatus struct{ \t // Represents the observations - of a foo's current state. \t // Known .status.conditions.type - are: \"Available\", \"Progressing\", and \"Degraded\" \t // - +patchMergeKey=type \t // +patchStrategy=merge \t // +listType=map - \t // +listMapKey=type \t Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n \t // other fields - \t}" + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" properties: lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. maxLength: 32768 type: string observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. format: int64 minimum: 0 type: integer reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. This field may not be empty. maxLength: 1024 minLength: 1 @@ -149,11 +152,12 @@ spec: - Unknown type: string type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string @@ -184,17 +188,22 @@ spec: description: API version of the referent. type: string kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind of the referent. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: description: Metadata values from the referent. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + description: |- + Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ type: string type: object type: object @@ -219,9 +228,3 @@ spec: storage: true subresources: status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/deploy/operator.yaml b/deploy/operator.yaml index c5ebfc8f..11ad006a 100644 --- a/deploy/operator.yaml +++ b/deploy/operator.yaml @@ -6,7 +6,6 @@ metadata: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - creationTimestamp: null name: config-policy-controller rules: - apiGroups: diff --git a/deploy/rbac/role.yaml b/deploy/rbac/role.yaml index 5d58c667..527424ba 100644 --- a/deploy/rbac/role.yaml +++ b/deploy/rbac/role.yaml @@ -1,9 +1,7 @@ - --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - creationTimestamp: null name: config-policy-controller rules: - apiGroups: From 600b0ded14fc101e4fdb4bfada6d6a3df8bfca1a Mon Sep 17 00:00:00 2001 From: Dale Haiducek <19750917+dhaiducek@users.noreply.github.com> Date: Mon, 26 Feb 2024 11:52:22 -0500 Subject: [PATCH 2/2] Upgrade common Makefile Signed-off-by: Dale Haiducek <19750917+dhaiducek@users.noreply.github.com> (cherry picked from commit 8cc552ecb8937dffdffb4bba882af0249fb666ff) --- build/common/Makefile.common.mk | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/build/common/Makefile.common.mk b/build/common/Makefile.common.mk index 1fd9abe3..f50d31e8 100755 --- a/build/common/Makefile.common.mk +++ b/build/common/Makefile.common.mk @@ -11,13 +11,13 @@ GOLANGCI_VERSION := v1.52.2 # https://github.com/mvdan/gofumpt/releases/latest GOFUMPT_VERSION := v0.6.0 # https://github.com/daixiang0/gci/releases/latest -GCI_VERSION := v0.12.1 +GCI_VERSION := v0.12.3 # https://github.com/securego/gosec/releases/latest -GOSEC_VERSION := v2.18.2 +GOSEC_VERSION := v2.19.0 # https://github.com/kubernetes-sigs/kubebuilder/releases/latest -KBVERSION := 3.12.0 +KBVERSION := 3.14.0 # https://github.com/kubernetes/kubernetes/releases/latest -ENVTEST_K8S_VERSION := 1.26.x +ENVTEST_K8S_VERSION := 1.29.x LOCAL_BIN ?= $(error LOCAL_BIN is not set.) ifneq ($(findstring $(LOCAL_BIN), $(PATH)), $(LOCAL_BIN))