From 80d99796e7a37b9a151cfe3b460867cc22b2add5 Mon Sep 17 00:00:00 2001 From: swamyan Date: Tue, 19 Sep 2023 18:13:30 +0530 Subject: [PATCH] Enforce import restrictions in all packages --- bootstrap/kubeadm/api/.import-restrictions | 5 +++++ .../kubeadm/api/v1alpha4/groupversion_info.go | 19 ++++++++++++++----- .../api/v1alpha4/kubeadmconfig_types.go | 2 +- .../v1alpha4/kubeadmconfigtemplate_types.go | 2 +- cmd/clusterctl/api/.import-restrictions | 5 +++++ .../providers/controlplane/generic_types.go | 4 +--- .../controlplane/groupversion_info.go | 16 ++++++++++++---- controlplane/kubeadm/api/.import-restrictions | 5 +++++ .../kubeadm/api/v1alpha4/groupversion_info.go | 18 ++++++++++++++---- .../v1alpha4/kubeadm_control_plane_types.go | 2 +- .../kubeadmcontrolplanetemplate_types.go | 2 +- exp/addons/api/.import-restrictions | 5 +++++ .../api/v1alpha4/clusterresourceset_types.go | 2 +- .../clusterresourcesetbinding_types.go | 2 +- exp/addons/api/v1alpha4/groupversion_info.go | 19 ++++++++++++++----- exp/api/.import-restrictions | 5 +++++ exp/api/v1alpha4/groupversion_info.go | 18 ++++++++++++++---- exp/api/v1alpha4/machinepool_types.go | 2 +- exp/ipam/api/.import-restrictions | 5 +++++ exp/runtime/api/.import-restrictions | 5 +++++ hack/verify-import-restrictions.sh | 10 ++++++++++ .../docker/api/.import-restrictions | 5 +++++ .../docker/exp/api/.import-restrictions | 5 +++++ .../inmemory/api/.import-restrictions | 5 +++++ 24 files changed, 136 insertions(+), 32 deletions(-) create mode 100644 bootstrap/kubeadm/api/.import-restrictions create mode 100644 cmd/clusterctl/api/.import-restrictions create mode 100644 controlplane/kubeadm/api/.import-restrictions create mode 100644 exp/addons/api/.import-restrictions create mode 100644 exp/api/.import-restrictions create mode 100644 exp/ipam/api/.import-restrictions create mode 100644 exp/runtime/api/.import-restrictions create mode 100644 test/infrastructure/docker/api/.import-restrictions create mode 100644 test/infrastructure/docker/exp/api/.import-restrictions create mode 100644 test/infrastructure/inmemory/api/.import-restrictions diff --git a/bootstrap/kubeadm/api/.import-restrictions b/bootstrap/kubeadm/api/.import-restrictions new file mode 100644 index 000000000000..f6f10b3ff544 --- /dev/null +++ b/bootstrap/kubeadm/api/.import-restrictions @@ -0,0 +1,5 @@ +rules: + - selectorRegexp: sigs[.]k8s[.]io/controller-runtime + allowedPrefixes: + - "sigs.k8s.io/controller-runtime/pkg/conversion" + forbiddenPrefixes: [] diff --git a/bootstrap/kubeadm/api/v1alpha4/groupversion_info.go b/bootstrap/kubeadm/api/v1alpha4/groupversion_info.go index 68e2aa7ab030..0b15e0e9de65 100644 --- a/bootstrap/kubeadm/api/v1alpha4/groupversion_info.go +++ b/bootstrap/kubeadm/api/v1alpha4/groupversion_info.go @@ -20,19 +20,28 @@ limitations under the License. package v1alpha4 import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime/schema" - "sigs.k8s.io/controller-runtime/pkg/scheme" ) var ( // GroupVersion is group version used to register these objects. GroupVersion = schema.GroupVersion{Group: "bootstrap.cluster.x-k8s.io", Version: "v1alpha4"} - // SchemeBuilder is used to add go types to the GroupVersionKind scheme. - SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} + schemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) // AddToScheme adds the types in this group-version to the given scheme. - AddToScheme = SchemeBuilder.AddToScheme + AddToScheme = schemeBuilder.AddToScheme - localSchemeBuilder = SchemeBuilder.SchemeBuilder + objectTypes []runtime.Object + + // localSchemeBuilder is used for type conversions. + localSchemeBuilder = schemeBuilder ) + +func addKnownTypes(scheme *runtime.Scheme) error { + scheme.AddKnownTypes(GroupVersion, objectTypes...) + metav1.AddToGroupVersion(scheme, GroupVersion) + return nil +} diff --git a/bootstrap/kubeadm/api/v1alpha4/kubeadmconfig_types.go b/bootstrap/kubeadm/api/v1alpha4/kubeadmconfig_types.go index aee964078dae..ccaea9dbcf35 100644 --- a/bootstrap/kubeadm/api/v1alpha4/kubeadmconfig_types.go +++ b/bootstrap/kubeadm/api/v1alpha4/kubeadmconfig_types.go @@ -163,7 +163,7 @@ type KubeadmConfigList struct { } func init() { - SchemeBuilder.Register(&KubeadmConfig{}, &KubeadmConfigList{}) + objectTypes = append(objectTypes, &KubeadmConfig{}, &KubeadmConfigList{}) } // Encoding specifies the cloud-init file encoding. diff --git a/bootstrap/kubeadm/api/v1alpha4/kubeadmconfigtemplate_types.go b/bootstrap/kubeadm/api/v1alpha4/kubeadmconfigtemplate_types.go index 5a2f362c90dc..31502d4d425a 100644 --- a/bootstrap/kubeadm/api/v1alpha4/kubeadmconfigtemplate_types.go +++ b/bootstrap/kubeadm/api/v1alpha4/kubeadmconfigtemplate_types.go @@ -58,5 +58,5 @@ type KubeadmConfigTemplateList struct { } func init() { - SchemeBuilder.Register(&KubeadmConfigTemplate{}, &KubeadmConfigTemplateList{}) + objectTypes = append(objectTypes, &KubeadmConfigTemplate{}, &KubeadmConfigTemplateList{}) } diff --git a/cmd/clusterctl/api/.import-restrictions b/cmd/clusterctl/api/.import-restrictions new file mode 100644 index 000000000000..f6f10b3ff544 --- /dev/null +++ b/cmd/clusterctl/api/.import-restrictions @@ -0,0 +1,5 @@ +rules: + - selectorRegexp: sigs[.]k8s[.]io/controller-runtime + allowedPrefixes: + - "sigs.k8s.io/controller-runtime/pkg/conversion" + forbiddenPrefixes: [] diff --git a/cmd/clusterctl/internal/test/providers/controlplane/generic_types.go b/cmd/clusterctl/internal/test/providers/controlplane/generic_types.go index 921510065dde..b4a130942c87 100644 --- a/cmd/clusterctl/internal/test/providers/controlplane/generic_types.go +++ b/cmd/clusterctl/internal/test/providers/controlplane/generic_types.go @@ -50,7 +50,5 @@ type GenericControlPlaneList struct { } func init() { - SchemeBuilder.Register( - &GenericControlPlane{}, &GenericControlPlaneList{}, - ) + objectTypes = append(objectTypes, &GenericControlPlane{}, &GenericControlPlaneList{}) } diff --git a/cmd/clusterctl/internal/test/providers/controlplane/groupversion_info.go b/cmd/clusterctl/internal/test/providers/controlplane/groupversion_info.go index 5586f446ad1a..1525a4061f4f 100644 --- a/cmd/clusterctl/internal/test/providers/controlplane/groupversion_info.go +++ b/cmd/clusterctl/internal/test/providers/controlplane/groupversion_info.go @@ -20,17 +20,25 @@ limitations under the License. package controlplane import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime/schema" - "sigs.k8s.io/controller-runtime/pkg/scheme" ) var ( // GroupVersion is group version used to register these objects. GroupVersion = schema.GroupVersion{Group: "controlplane.cluster.x-k8s.io", Version: "v1beta1"} - // SchemeBuilder is used to add go types to the GroupVersionKind scheme. - SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} + schemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) // AddToScheme adds the types in this group-version to the given scheme. - AddToScheme = SchemeBuilder.AddToScheme + AddToScheme = schemeBuilder.AddToScheme + + objectTypes []runtime.Object ) + +func addKnownTypes(scheme *runtime.Scheme) error { + scheme.AddKnownTypes(GroupVersion, objectTypes...) + metav1.AddToGroupVersion(scheme, GroupVersion) + return nil +} diff --git a/controlplane/kubeadm/api/.import-restrictions b/controlplane/kubeadm/api/.import-restrictions new file mode 100644 index 000000000000..f6f10b3ff544 --- /dev/null +++ b/controlplane/kubeadm/api/.import-restrictions @@ -0,0 +1,5 @@ +rules: + - selectorRegexp: sigs[.]k8s[.]io/controller-runtime + allowedPrefixes: + - "sigs.k8s.io/controller-runtime/pkg/conversion" + forbiddenPrefixes: [] diff --git a/controlplane/kubeadm/api/v1alpha4/groupversion_info.go b/controlplane/kubeadm/api/v1alpha4/groupversion_info.go index 64491c59b8bf..e11ac6c216e8 100644 --- a/controlplane/kubeadm/api/v1alpha4/groupversion_info.go +++ b/controlplane/kubeadm/api/v1alpha4/groupversion_info.go @@ -20,8 +20,9 @@ limitations under the License. package v1alpha4 import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime/schema" - "sigs.k8s.io/controller-runtime/pkg/scheme" ) var ( @@ -29,10 +30,19 @@ var ( GroupVersion = schema.GroupVersion{Group: "controlplane.cluster.x-k8s.io", Version: "v1alpha4"} // SchemeBuilder is used to add go types to the GroupVersionKind scheme. - SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} + schemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) // AddToScheme adds the types in this group-version to the given scheme. - AddToScheme = SchemeBuilder.AddToScheme + AddToScheme = schemeBuilder.AddToScheme - localSchemeBuilder = SchemeBuilder.SchemeBuilder + objectTypes []runtime.Object + + // localSchemeBuilder is used for type conversions. + localSchemeBuilder = schemeBuilder ) + +func addKnownTypes(scheme *runtime.Scheme) error { + scheme.AddKnownTypes(GroupVersion, objectTypes...) + metav1.AddToGroupVersion(scheme, GroupVersion) + return nil +} diff --git a/controlplane/kubeadm/api/v1alpha4/kubeadm_control_plane_types.go b/controlplane/kubeadm/api/v1alpha4/kubeadm_control_plane_types.go index 00ea8484e382..b127c027fe33 100644 --- a/controlplane/kubeadm/api/v1alpha4/kubeadm_control_plane_types.go +++ b/controlplane/kubeadm/api/v1alpha4/kubeadm_control_plane_types.go @@ -245,5 +245,5 @@ type KubeadmControlPlaneList struct { } func init() { - SchemeBuilder.Register(&KubeadmControlPlane{}, &KubeadmControlPlaneList{}) + objectTypes = append(objectTypes, &KubeadmControlPlane{}, &KubeadmControlPlaneList{}) } diff --git a/controlplane/kubeadm/api/v1alpha4/kubeadmcontrolplanetemplate_types.go b/controlplane/kubeadm/api/v1alpha4/kubeadmcontrolplanetemplate_types.go index b76e01e5304f..f3f0a8f73420 100644 --- a/controlplane/kubeadm/api/v1alpha4/kubeadmcontrolplanetemplate_types.go +++ b/controlplane/kubeadm/api/v1alpha4/kubeadmcontrolplanetemplate_types.go @@ -53,7 +53,7 @@ type KubeadmControlPlaneTemplateList struct { } func init() { - SchemeBuilder.Register(&KubeadmControlPlaneTemplate{}, &KubeadmControlPlaneTemplateList{}) + objectTypes = append(objectTypes, &KubeadmControlPlaneTemplate{}, &KubeadmControlPlaneTemplateList{}) } // KubeadmControlPlaneTemplateResource describes the data needed to create a KubeadmControlPlane from a template. diff --git a/exp/addons/api/.import-restrictions b/exp/addons/api/.import-restrictions new file mode 100644 index 000000000000..f6f10b3ff544 --- /dev/null +++ b/exp/addons/api/.import-restrictions @@ -0,0 +1,5 @@ +rules: + - selectorRegexp: sigs[.]k8s[.]io/controller-runtime + allowedPrefixes: + - "sigs.k8s.io/controller-runtime/pkg/conversion" + forbiddenPrefixes: [] diff --git a/exp/addons/api/v1alpha4/clusterresourceset_types.go b/exp/addons/api/v1alpha4/clusterresourceset_types.go index 2438e03a50ba..d06d3ffcc9e6 100644 --- a/exp/addons/api/v1alpha4/clusterresourceset_types.go +++ b/exp/addons/api/v1alpha4/clusterresourceset_types.go @@ -141,5 +141,5 @@ type ClusterResourceSetList struct { } func init() { - SchemeBuilder.Register(&ClusterResourceSet{}, &ClusterResourceSetList{}) + objectTypes = append(objectTypes, &ClusterResourceSet{}, &ClusterResourceSetList{}) } diff --git a/exp/addons/api/v1alpha4/clusterresourcesetbinding_types.go b/exp/addons/api/v1alpha4/clusterresourcesetbinding_types.go index acf64a54f2b5..5cd2e123d0ea 100644 --- a/exp/addons/api/v1alpha4/clusterresourcesetbinding_types.go +++ b/exp/addons/api/v1alpha4/clusterresourcesetbinding_types.go @@ -138,5 +138,5 @@ type ClusterResourceSetBindingList struct { } func init() { - SchemeBuilder.Register(&ClusterResourceSetBinding{}, &ClusterResourceSetBindingList{}) + objectTypes = append(objectTypes, &ClusterResourceSetBinding{}, &ClusterResourceSetBindingList{}) } diff --git a/exp/addons/api/v1alpha4/groupversion_info.go b/exp/addons/api/v1alpha4/groupversion_info.go index 41d08f0fd7ba..d1d740e188f1 100644 --- a/exp/addons/api/v1alpha4/groupversion_info.go +++ b/exp/addons/api/v1alpha4/groupversion_info.go @@ -20,19 +20,28 @@ limitations under the License. package v1alpha4 import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime/schema" - "sigs.k8s.io/controller-runtime/pkg/scheme" ) var ( // GroupVersion is group version used to register these objects. GroupVersion = schema.GroupVersion{Group: "addons.cluster.x-k8s.io", Version: "v1alpha4"} - // SchemeBuilder is used to add go types to the GroupVersionKind scheme. - SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} + schemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) // AddToScheme adds the types in this group-version to the given scheme. - AddToScheme = SchemeBuilder.AddToScheme + AddToScheme = schemeBuilder.AddToScheme - localSchemeBuilder = SchemeBuilder.SchemeBuilder + objectTypes []runtime.Object + + // localSchemeBuilder is used for type conversions. + localSchemeBuilder = schemeBuilder ) + +func addKnownTypes(scheme *runtime.Scheme) error { + scheme.AddKnownTypes(GroupVersion, objectTypes...) + metav1.AddToGroupVersion(scheme, GroupVersion) + return nil +} diff --git a/exp/api/.import-restrictions b/exp/api/.import-restrictions new file mode 100644 index 000000000000..f6f10b3ff544 --- /dev/null +++ b/exp/api/.import-restrictions @@ -0,0 +1,5 @@ +rules: + - selectorRegexp: sigs[.]k8s[.]io/controller-runtime + allowedPrefixes: + - "sigs.k8s.io/controller-runtime/pkg/conversion" + forbiddenPrefixes: [] diff --git a/exp/api/v1alpha4/groupversion_info.go b/exp/api/v1alpha4/groupversion_info.go index 77585cdec3d3..c5846b2e9906 100644 --- a/exp/api/v1alpha4/groupversion_info.go +++ b/exp/api/v1alpha4/groupversion_info.go @@ -20,8 +20,9 @@ limitations under the License. package v1alpha4 import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime/schema" - "sigs.k8s.io/controller-runtime/pkg/scheme" ) var ( @@ -29,10 +30,19 @@ var ( GroupVersion = schema.GroupVersion{Group: "cluster.x-k8s.io", Version: "v1alpha4"} // SchemeBuilder is used to add go types to the GroupVersionKind scheme. - SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} + schemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) // AddToScheme adds the types in this group-version to the given scheme. - AddToScheme = SchemeBuilder.AddToScheme + AddToScheme = schemeBuilder.AddToScheme - localSchemeBuilder = SchemeBuilder.SchemeBuilder + objectTypes []runtime.Object + + // localSchemeBuilder is used for type conversions. + localSchemeBuilder = schemeBuilder ) + +func addKnownTypes(scheme *runtime.Scheme) error { + scheme.AddKnownTypes(GroupVersion, objectTypes...) + metav1.AddToGroupVersion(scheme, GroupVersion) + return nil +} diff --git a/exp/api/v1alpha4/machinepool_types.go b/exp/api/v1alpha4/machinepool_types.go index 09de899a78a1..d96f164a8b77 100644 --- a/exp/api/v1alpha4/machinepool_types.go +++ b/exp/api/v1alpha4/machinepool_types.go @@ -243,5 +243,5 @@ type MachinePoolList struct { } func init() { - SchemeBuilder.Register(&MachinePool{}, &MachinePoolList{}) + objectTypes = append(objectTypes, &MachinePool{}, &MachinePoolList{}) } diff --git a/exp/ipam/api/.import-restrictions b/exp/ipam/api/.import-restrictions new file mode 100644 index 000000000000..f6f10b3ff544 --- /dev/null +++ b/exp/ipam/api/.import-restrictions @@ -0,0 +1,5 @@ +rules: + - selectorRegexp: sigs[.]k8s[.]io/controller-runtime + allowedPrefixes: + - "sigs.k8s.io/controller-runtime/pkg/conversion" + forbiddenPrefixes: [] diff --git a/exp/runtime/api/.import-restrictions b/exp/runtime/api/.import-restrictions new file mode 100644 index 000000000000..f6f10b3ff544 --- /dev/null +++ b/exp/runtime/api/.import-restrictions @@ -0,0 +1,5 @@ +rules: + - selectorRegexp: sigs[.]k8s[.]io/controller-runtime + allowedPrefixes: + - "sigs.k8s.io/controller-runtime/pkg/conversion" + forbiddenPrefixes: [] diff --git a/hack/verify-import-restrictions.sh b/hack/verify-import-restrictions.sh index 818503a72f06..57b4aedb7f4d 100755 --- a/hack/verify-import-restrictions.sh +++ b/hack/verify-import-restrictions.sh @@ -25,6 +25,16 @@ set -o pipefail sub_packages=( "api" + "exp/api" + "bootstrap/kubeadm/api" + "cmd/clusterctl/api" + "controlplane/kubeadm/api" + "exp/addons/api" + "exp/ipam/api" + "exp/runtime/api" + "test/infrastructure/docker/api" + "test/infrastructure/docker/exp/api" + "test/infrastructure/inmemory/api" ) packages=() diff --git a/test/infrastructure/docker/api/.import-restrictions b/test/infrastructure/docker/api/.import-restrictions new file mode 100644 index 000000000000..f6f10b3ff544 --- /dev/null +++ b/test/infrastructure/docker/api/.import-restrictions @@ -0,0 +1,5 @@ +rules: + - selectorRegexp: sigs[.]k8s[.]io/controller-runtime + allowedPrefixes: + - "sigs.k8s.io/controller-runtime/pkg/conversion" + forbiddenPrefixes: [] diff --git a/test/infrastructure/docker/exp/api/.import-restrictions b/test/infrastructure/docker/exp/api/.import-restrictions new file mode 100644 index 000000000000..f6f10b3ff544 --- /dev/null +++ b/test/infrastructure/docker/exp/api/.import-restrictions @@ -0,0 +1,5 @@ +rules: + - selectorRegexp: sigs[.]k8s[.]io/controller-runtime + allowedPrefixes: + - "sigs.k8s.io/controller-runtime/pkg/conversion" + forbiddenPrefixes: [] diff --git a/test/infrastructure/inmemory/api/.import-restrictions b/test/infrastructure/inmemory/api/.import-restrictions new file mode 100644 index 000000000000..f6f10b3ff544 --- /dev/null +++ b/test/infrastructure/inmemory/api/.import-restrictions @@ -0,0 +1,5 @@ +rules: + - selectorRegexp: sigs[.]k8s[.]io/controller-runtime + allowedPrefixes: + - "sigs.k8s.io/controller-runtime/pkg/conversion" + forbiddenPrefixes: []