feat: remove kyverno client v2beta1 (kyverno#10543)

* feat: remove kyverno client v2beta1 Signed-off-by: Charles-Edouard Brétéché <[email protected]> * codegen Signed-off-by: Charles-Edouard Brétéché <[email protected]> * fix tests Signed-off-by: Charles-Edouard Brétéché <[email protected]> --------- Signed-off-by: Charles-Edouard Brétéché <[email protected]>
realshuting · Jun 26, 2024 · e900abf · e900abf
1 parent ff88c4c
commit e900abf
Show file tree

Hide file tree

Showing 53 changed files with 84 additions and 4,653 deletions.
diff --git a/Makefile b/Makefile
@@ -403,7 +403,7 @@ GOPATH_SHIM                 := ${PWD}/.gopath
 PACKAGE_SHIM                := $(GOPATH_SHIM)/src/$(PACKAGE)
 OUT_PACKAGE                 := $(PACKAGE)/pkg/client
 INPUT_DIRS                  := $(PACKAGE)/api/kyverno/v1,$(PACKAGE)/api/kyverno/v1beta1,$(PACKAGE)/api/kyverno/v2,$(PACKAGE)/api/kyverno/v2beta1,$(PACKAGE)/api/kyverno/v2alpha1,$(PACKAGE)/api/reports/v1,$(PACKAGE)/api/policyreport/v1alpha2
-CLIENT_INPUT_DIRS           := $(PACKAGE)/api/kyverno/v1,$(PACKAGE)/api/kyverno/v2,$(PACKAGE)/api/kyverno/v2beta1,$(PACKAGE)/api/kyverno/v2alpha1,$(PACKAGE)/api/reports/v1,$(PACKAGE)/api/policyreport/v1alpha2
+CLIENT_INPUT_DIRS           := $(PACKAGE)/api/kyverno/v1,$(PACKAGE)/api/kyverno/v2,$(PACKAGE)/api/kyverno/v2alpha1,$(PACKAGE)/api/reports/v1,$(PACKAGE)/api/policyreport/v1alpha2
 CLIENTSET_PACKAGE           := $(OUT_PACKAGE)/clientset
 LISTERS_PACKAGE             := $(OUT_PACKAGE)/listers
 INFORMERS_PACKAGE           := $(OUT_PACKAGE)/informers

diff --git a/...verno/v2beta1/cleanup_policy_interface.go → api/kyverno/v2/cleanup_policy_interface.go b/...verno/v2beta1/cleanup_policy_interface.go → api/kyverno/v2/cleanup_policy_interface.go
@@ -1,4 +1,4 @@
-package v2beta1
+package v2
 
 import (
 	"time"

diff --git a/api/kyverno/v2/match_resources_test.go b/api/kyverno/v2/match_resources_test.go
@@ -53,7 +53,7 @@ func Test_MatchResources(t *testing.T) {
 			}},
 		},
 		errors: []string{
-			`dummy: Invalid value: v2.MatchResources{Any:v1.ResourceFilters{v1.ResourceFilter{UserInfo:v1.UserInfo{Roles:[]string(nil), ClusterRoles:[]string(nil), Subjects:[]v1.Subject{v1.Subject{Kind:"ServiceAccount", APIGroup:"", Name:"sa-1", Namespace:"ns"}}}, ResourceDescription:v1.ResourceDescription{Kinds:[]string(nil), Name:"", Names:[]string(nil), Namespaces:[]string(nil), Annotations:map[string]string(nil), Selector:(*v1.LabelSelector)(nil), NamespaceSelector:(*v1.LabelSelector)(nil), Operations:[]v1.AdmissionOperation(nil)}}}, All:v1.ResourceFilters{v1.ResourceFilter{UserInfo:v1.UserInfo{Roles:[]string(nil), ClusterRoles:[]string(nil), Subjects:[]v1.Subject{v1.Subject{Kind:"ServiceAccount", APIGroup:"", Name:"sa-1", Namespace:"ns"}}}, ResourceDescription:v1.ResourceDescription{Kinds:[]string(nil), Name:"", Names:[]string(nil), Namespaces:[]string(nil), Annotations:map[string]string(nil), Selector:(*v1.LabelSelector)(nil), NamespaceSelector:(*v1.LabelSelector)(nil), Operations:[]v1.AdmissionOperation(nil)}}}}: Can't specify any and all together`,
+			`dummy: Invalid value: v2beta1.MatchResources{Any:v1.ResourceFilters{v1.ResourceFilter{UserInfo:v1.UserInfo{Roles:[]string(nil), ClusterRoles:[]string(nil), Subjects:[]v1.Subject{v1.Subject{Kind:"ServiceAccount", APIGroup:"", Name:"sa-1", Namespace:"ns"}}}, ResourceDescription:v1.ResourceDescription{Kinds:[]string(nil), Name:"", Names:[]string(nil), Namespaces:[]string(nil), Annotations:map[string]string(nil), Selector:(*v1.LabelSelector)(nil), NamespaceSelector:(*v1.LabelSelector)(nil), Operations:[]v1.AdmissionOperation(nil)}}}, All:v1.ResourceFilters{v1.ResourceFilter{UserInfo:v1.UserInfo{Roles:[]string(nil), ClusterRoles:[]string(nil), Subjects:[]v1.Subject{v1.Subject{Kind:"ServiceAccount", APIGroup:"", Name:"sa-1", Namespace:"ns"}}}, ResourceDescription:v1.ResourceDescription{Kinds:[]string(nil), Name:"", Names:[]string(nil), Namespaces:[]string(nil), Annotations:map[string]string(nil), Selector:(*v1.LabelSelector)(nil), NamespaceSelector:(*v1.LabelSelector)(nil), Operations:[]v1.AdmissionOperation(nil)}}}}: Can't specify any and all together`,
 		},
 	}}
 

diff --git a/api/kyverno/v2/match_resources_types.go b/api/kyverno/v2/match_resources_types.go
@@ -1,80 +1,7 @@
 package v2
 
 import (
-	kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
-	"k8s.io/apimachinery/pkg/util/sets"
-	"k8s.io/apimachinery/pkg/util/validation/field"
+	kyvernov2beta1 "github.com/kyverno/kyverno/api/kyverno/v2beta1"
 )
 
-// MatchResources is used to specify resource and admission review request data for
-// which a policy rule is applicable.
-type MatchResources struct {
-	// Any allows specifying resources which will be ORed
-	// +optional
-	Any kyvernov1.ResourceFilters `json:"any,omitempty" yaml:"any,omitempty"`
-
-	// All allows specifying resources which will be ANDed
-	// +optional
-	All kyvernov1.ResourceFilters `json:"all,omitempty" yaml:"all,omitempty"`
-}
-
-// GetKinds returns all kinds
-func (m *MatchResources) GetKinds() []string {
-	var kinds []string
-	for _, value := range m.All {
-		kinds = append(kinds, value.ResourceDescription.Kinds...)
-	}
-	for _, value := range m.Any {
-		kinds = append(kinds, value.ResourceDescription.Kinds...)
-	}
-	return kinds
-}
-
-// ValidateNoUserInfo verifies that no user info is used
-func (m *MatchResources) ValidateNoUserInfo(path *field.Path) (errs field.ErrorList) {
-	anyPath := path.Child("any")
-	for i, filter := range m.Any {
-		errs = append(errs, filter.UserInfo.ValidateNoUserInfo(anyPath.Index(i))...)
-	}
-	allPath := path.Child("all")
-	for i, filter := range m.All {
-		errs = append(errs, filter.UserInfo.ValidateNoUserInfo(allPath.Index(i))...)
-	}
-	return errs
-}
-
-// ValidateResourceWithNoUserInfo implements programmatic validation and verifies that no user info is used
-func (m *MatchResources) ValidateResourceWithNoUserInfo(path *field.Path, namespaced bool, clusterResources sets.Set[string]) (errs field.ErrorList) {
-	if len(m.Any) > 0 && len(m.All) > 0 {
-		errs = append(errs, field.Invalid(path, m, "Can't specify any and all together"))
-	}
-	anyPath := path.Child("any")
-	for i, filter := range m.Any {
-		errs = append(errs, filter.UserInfo.ValidateNoUserInfo(anyPath.Index(i))...)
-		errs = append(errs, filter.ResourceDescription.Validate(anyPath.Index(i), namespaced, clusterResources)...)
-	}
-	allPath := path.Child("all")
-	for i, filter := range m.All {
-		errs = append(errs, filter.UserInfo.ValidateNoUserInfo(allPath.Index(i))...)
-		errs = append(errs, filter.ResourceDescription.Validate(allPath.Index(i), namespaced, clusterResources)...)
-	}
-	return errs
-}
-
-// Validate implements programmatic validation
-func (m *MatchResources) Validate(path *field.Path, namespaced bool, clusterResources sets.Set[string]) (errs field.ErrorList) {
-	if len(m.Any) > 0 && len(m.All) > 0 {
-		errs = append(errs, field.Invalid(path, m, "Can't specify any and all together"))
-	}
-	anyPath := path.Child("any")
-	for i, filter := range m.Any {
-		errs = append(errs, filter.UserInfo.Validate(anyPath.Index(i))...)
-		errs = append(errs, filter.ResourceDescription.Validate(anyPath.Index(i), namespaced, clusterResources)...)
-	}
-	allPath := path.Child("all")
-	for i, filter := range m.All {
-		errs = append(errs, filter.UserInfo.Validate(allPath.Index(i))...)
-		errs = append(errs, filter.ResourceDescription.Validate(allPath.Index(i), namespaced, clusterResources)...)
-	}
-	return errs
-}
+type MatchResources = kyvernov2beta1.MatchResources
diff --git a/api/kyverno/v2/policy_exception_types.go b/api/kyverno/v2/policy_exception_types.go
@@ -71,7 +71,7 @@ type PolicyExceptionSpec struct {
 	// Conditions are used to determine if a resource applies to the exception by evaluating a
 	// set of conditions. The declaration can contain nested `any` or `all` statements.
 	// +optional
-	Conditions *kyvernov2beta1.AnyAllConditions `json:"conditions,omitempty"`
+	Conditions *AnyAllConditions `json:"conditions,omitempty"`
 
 	// Exceptions is a list policy/rules to be excluded
 	Exceptions []Exception `json:"exceptions" yaml:"exceptions"`

diff --git a/api/kyverno/v2/zz_generated.deepcopy.go b/api/kyverno/v2/zz_generated.deepcopy.go
diff --git a/cmd/cleanup-controller/main.go b/cmd/cleanup-controller/main.go
@@ -143,13 +143,13 @@ func main() {
 		genericloggingcontroller.NewController(
 			setup.Logger.WithName("cleanup-policy"),
 			"CleanupPolicy",
-			kyvernoInformer.Kyverno().V2beta1().CleanupPolicies(),
+			kyvernoInformer.Kyverno().V2().CleanupPolicies(),
 			genericloggingcontroller.CheckGeneration,
 		)
 		genericloggingcontroller.NewController(
 			setup.Logger.WithName("cluster-cleanup-policy"),
 			"ClusterCleanupPolicy",
-			kyvernoInformer.Kyverno().V2beta1().ClusterCleanupPolicies(),
+			kyvernoInformer.Kyverno().V2().ClusterCleanupPolicies(),
 			genericloggingcontroller.CheckGeneration,
 		)
 		eventGenerator := event.NewEventGenerator(
@@ -303,8 +303,8 @@ func main() {
 					cleanup.NewController(
 						setup.KyvernoDynamicClient,
 						setup.KyvernoClient,
-						kyvernoInformer.Kyverno().V2beta1().ClusterCleanupPolicies(),
-						kyvernoInformer.Kyverno().V2beta1().CleanupPolicies(),
+						kyvernoInformer.Kyverno().V2().ClusterCleanupPolicies(),
+						kyvernoInformer.Kyverno().V2().CleanupPolicies(),
 						nsLister,
 						setup.Configuration,
 						cmResolver,

diff --git a/docs/user/crd/index.html b/docs/user/crd/index.html
@@ -3430,7 +3430,6 @@ <h3 id="kyverno.io/v1.ResourceFilters">ResourceFilters
 <p>
 (<em>Appears on:</em>
 <a href="#kyverno.io/v1.MatchResources">MatchResources</a>, 
-<a href="#kyverno.io/v2.MatchResources">MatchResources</a>, 
 <a href="#kyverno.io/v2beta1.MatchResources">MatchResources</a>)
 </p>
 <p>
@@ -5313,7 +5312,7 @@ <h3 id="kyverno.io/v2.CleanupPolicy">CleanupPolicy
 <td>
 <code>match</code><br/>
 <em>
-<a href="#kyverno.io/v2.MatchResources">
+<a href="#kyverno.io/v2beta1.MatchResources">
 MatchResources
 </a>
 </em>
@@ -5329,7 +5328,7 @@ <h3 id="kyverno.io/v2.CleanupPolicy">CleanupPolicy
 <td>
 <code>exclude</code><br/>
 <em>
-<a href="#kyverno.io/v2.MatchResources">
+<a href="#kyverno.io/v2beta1.MatchResources">
 MatchResources
 </a>
 </em>
@@ -5462,7 +5461,7 @@ <h3 id="kyverno.io/v2.ClusterCleanupPolicy">ClusterCleanupPolicy
 <td>
 <code>match</code><br/>
 <em>
-<a href="#kyverno.io/v2.MatchResources">
+<a href="#kyverno.io/v2beta1.MatchResources">
 MatchResources
 </a>
 </em>
@@ -5478,7 +5477,7 @@ <h3 id="kyverno.io/v2.ClusterCleanupPolicy">ClusterCleanupPolicy
 <td>
 <code>exclude</code><br/>
 <em>
-<a href="#kyverno.io/v2.MatchResources">
+<a href="#kyverno.io/v2beta1.MatchResources">
 MatchResources
 </a>
 </em>
@@ -5623,7 +5622,7 @@ <h3 id="kyverno.io/v2.PolicyException">PolicyException
 <td>
 <code>conditions</code><br/>
 <em>
-<a href="#kyverno.io/v2beta1.AnyAllConditions">
+<a href="#kyverno.io/v2.AnyAllConditions">
 AnyAllConditions
 </a>
 </em>
@@ -5880,7 +5879,8 @@ <h3 id="kyverno.io/v2.AnyAllConditions">AnyAllConditions
 </h3>
 <p>
 (<em>Appears on:</em>
-<a href="#kyverno.io/v2.CleanupPolicySpec">CleanupPolicySpec</a>)
+<a href="#kyverno.io/v2.CleanupPolicySpec">CleanupPolicySpec</a>, 
+<a href="#kyverno.io/v2.PolicyExceptionSpec">PolicyExceptionSpec</a>)
 </p>
 <p>
 </p>
@@ -5929,6 +5929,11 @@ <h3 id="kyverno.io/v2.AnyAllConditions">AnyAllConditions
 </tbody>
 </table>
 <hr />
+<h3 id="kyverno.io/v2.CleanupPolicyInterface">CleanupPolicyInterface
+</h3>
+<p>
+<p>CleanupPolicyInterface abstracts the concrete policy type (CleanupPolicy vs ClusterCleanupPolicy)</p>
+</p>
 <h3 id="kyverno.io/v2.CleanupPolicySpec">CleanupPolicySpec
 </h3>
 <p>
@@ -5966,7 +5971,7 @@ <h3 id="kyverno.io/v2.CleanupPolicySpec">CleanupPolicySpec
 <td>
 <code>match</code><br/>
 <em>
-<a href="#kyverno.io/v2.MatchResources">
+<a href="#kyverno.io/v2beta1.MatchResources">
 MatchResources
 </a>
 </em>
@@ -5982,7 +5987,7 @@ <h3 id="kyverno.io/v2.CleanupPolicySpec">CleanupPolicySpec
 <td>
 <code>exclude</code><br/>
 <em>
-<a href="#kyverno.io/v2.MatchResources">
+<a href="#kyverno.io/v2beta1.MatchResources">
 MatchResources
 </a>
 </em>
@@ -6194,55 +6199,6 @@ <h3 id="kyverno.io/v2.Exception">Exception
 </tbody>
 </table>
 <hr />
-<h3 id="kyverno.io/v2.MatchResources">MatchResources
-</h3>
-<p>
-(<em>Appears on:</em>
-<a href="#kyverno.io/v2.CleanupPolicySpec">CleanupPolicySpec</a>)
-</p>
-<p>
-<p>MatchResources is used to specify resource and admission review request data for
-which a policy rule is applicable.</p>
-</p>
-<table class="table table-striped">
-<thead class="thead-dark">
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>any</code><br/>
-<em>
-<a href="#kyverno.io/v1.ResourceFilters">
-ResourceFilters
-</a>
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>Any allows specifying resources which will be ORed</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>all</code><br/>
-<em>
-<a href="#kyverno.io/v1.ResourceFilters">
-ResourceFilters
-</a>
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>All allows specifying resources which will be ANDed</p>
-</td>
-</tr>
-</tbody>
-</table>
-<hr />
 <h3 id="kyverno.io/v2.PolicyExceptionSpec">PolicyExceptionSpec
 </h3>
 <p>
@@ -6290,7 +6246,7 @@ <h3 id="kyverno.io/v2.PolicyExceptionSpec">PolicyExceptionSpec
 <td>
 <code>conditions</code><br/>
 <em>
-<a href="#kyverno.io/v2beta1.AnyAllConditions">
+<a href="#kyverno.io/v2.AnyAllConditions">
 AnyAllConditions
 </a>
 </em>
@@ -7939,7 +7895,6 @@ <h3 id="kyverno.io/v2beta1.AnyAllConditions">AnyAllConditions
 </h3>
 <p>
 (<em>Appears on:</em>
-<a href="#kyverno.io/v2.PolicyExceptionSpec">PolicyExceptionSpec</a>, 
 <a href="#kyverno.io/v2beta1.CleanupPolicySpec">CleanupPolicySpec</a>, 
 <a href="#kyverno.io/v2beta1.Deny">Deny</a>, 
 <a href="#kyverno.io/v2beta1.PolicyExceptionSpec">PolicyExceptionSpec</a>, 
@@ -7992,11 +7947,6 @@ <h3 id="kyverno.io/v2beta1.AnyAllConditions">AnyAllConditions
 </tbody>
 </table>
 <hr />
-<h3 id="kyverno.io/v2beta1.CleanupPolicyInterface">CleanupPolicyInterface
-</h3>
-<p>
-<p>CleanupPolicyInterface abstracts the concrete policy type (CleanupPolicy vs ClusterCleanupPolicy)</p>
-</p>
 <h3 id="kyverno.io/v2beta1.CleanupPolicySpec">CleanupPolicySpec
 </h3>
 <p>
@@ -8463,6 +8413,7 @@ <h3 id="kyverno.io/v2beta1.MatchResources">MatchResources
 </h3>
 <p>
 (<em>Appears on:</em>
+<a href="#kyverno.io/v2.CleanupPolicySpec">CleanupPolicySpec</a>, 
 <a href="#kyverno.io/v2.PolicyExceptionSpec">PolicyExceptionSpec</a>, 
 <a href="#kyverno.io/v2beta1.CleanupPolicySpec">CleanupPolicySpec</a>, 
 <a href="#kyverno.io/v2beta1.PolicyExceptionSpec">PolicyExceptionSpec</a>,
-Original file line number
+Diff line change
@@ Expand Up / @@ -53,7 +53,7 @@ func Test_MatchResources(t *testing.T) { @@
     			}},
     		},
     		errors: []string{
-    			`dummy: Invalid value: v2.MatchResources{Any:v1.ResourceFilters{v1.ResourceFilter{UserInfo:v1.UserInfo{Roles:[]string(nil), ClusterRoles:[]string(nil), Subjects:[]v1.Subject{v1.Subject{Kind:"ServiceAccount", APIGroup:"", Name:"sa-1", Namespace:"ns"}}}, ResourceDescription:v1.ResourceDescription{Kinds:[]string(nil), Name:"", Names:[]string(nil), Namespaces:[]string(nil), Annotations:map[string]string(nil), Selector:(*v1.LabelSelector)(nil), NamespaceSelector:(*v1.LabelSelector)(nil), Operations:[]v1.AdmissionOperation(nil)}}}, All:v1.ResourceFilters{v1.ResourceFilter{UserInfo:v1.UserInfo{Roles:[]string(nil), ClusterRoles:[]string(nil), Subjects:[]v1.Subject{v1.Subject{Kind:"ServiceAccount", APIGroup:"", Name:"sa-1", Namespace:"ns"}}}, ResourceDescription:v1.ResourceDescription{Kinds:[]string(nil), Name:"", Names:[]string(nil), Namespaces:[]string(nil), Annotations:map[string]string(nil), Selector:(*v1.LabelSelector)(nil), NamespaceSelector:(*v1.LabelSelector)(nil), Operations:[]v1.AdmissionOperation(nil)}}}}: Can't specify any and all together`,
+    			`dummy: Invalid value: v2beta1.MatchResources{Any:v1.ResourceFilters{v1.ResourceFilter{UserInfo:v1.UserInfo{Roles:[]string(nil), ClusterRoles:[]string(nil), Subjects:[]v1.Subject{v1.Subject{Kind:"ServiceAccount", APIGroup:"", Name:"sa-1", Namespace:"ns"}}}, ResourceDescription:v1.ResourceDescription{Kinds:[]string(nil), Name:"", Names:[]string(nil), Namespaces:[]string(nil), Annotations:map[string]string(nil), Selector:(*v1.LabelSelector)(nil), NamespaceSelector:(*v1.LabelSelector)(nil), Operations:[]v1.AdmissionOperation(nil)}}}, All:v1.ResourceFilters{v1.ResourceFilter{UserInfo:v1.UserInfo{Roles:[]string(nil), ClusterRoles:[]string(nil), Subjects:[]v1.Subject{v1.Subject{Kind:"ServiceAccount", APIGroup:"", Name:"sa-1", Namespace:"ns"}}}, ResourceDescription:v1.ResourceDescription{Kinds:[]string(nil), Name:"", Names:[]string(nil), Namespaces:[]string(nil), Annotations:map[string]string(nil), Selector:(*v1.LabelSelector)(nil), NamespaceSelector:(*v1.LabelSelector)(nil), Operations:[]v1.AdmissionOperation(nil)}}}}: Can't specify any and all together`,
     		},
     	}}
@@ Expand Down @@