Skip to content

Commit

Permalink
Add ConstraintTemplate v1 (#121)
Browse files Browse the repository at this point in the history 
We recently upgraded Constraint Framework to produce v1 CRDs when
creating Constraint kind CRDs.  This was in preparation for the release
of k8s 1.22, which removes the `v1beta1` CRD version.  See
open-policy-agent/gatekeeper#550 for more info.

As v1beta1 ConstraintTemplate did _not_ required any user-entered schema
information to be structural, transformation logic was implemented to
"structuralize" the user-inputted schema information as needed.

The new v1 ConstraintTemplate version purposefully does _no_
transformation, as it is meant to put the ConstraintTemplate creation
experience in line with that of a v1 CRDs.  Any schema information added
by the user is expected to be structural.  If non-structural schema info
is added, an error should be returned.

Signed-off-by: juliankatz <juliankatz@google.com>
  • Loading branch information
@julianKatz
julianKatz authored Jul 1, 2021
1 parent 1a90d7c commit 1dbe261
Show file tree
Hide file tree
Showing 17 changed files with 1,602 additions and 21 deletions.
109 changes: 108 additions & 1 deletion constraint/config/crds/templates.gatekeeper.sh_constrainttemplates.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,107 @@ spec:
singular: constrainttemplate
scope: Cluster
versions:
- name: v1
schema:
openAPIV3Schema:
description: ConstraintTemplate is the Schema for the constrainttemplates
API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: ConstraintTemplateSpec defines the desired state of ConstraintTemplate
properties:
crd:
properties:
spec:
properties:
names:
properties:
kind:
type: string
shortNames:
items:
type: string
type: array
type: object
validation:
properties:
legacySchema:
default: false
type: boolean
openAPIV3Schema:
type: object
x-kubernetes-preserve-unknown-fields: true
type: object
type: object
type: object
targets:
items:
properties:
libs:
items:
type: string
type: array
rego:
type: string
target:
type: string
type: object
type: array
type: object
status:
description: ConstraintTemplateStatus defines the observed state of ConstraintTemplate
properties:
byPod:
items:
description: ByPodStatus defines the observed state of ConstraintTemplate
as seen by an individual controller
properties:
errors:
items:
description: CreateCRDError represents a single error caught
during parsing, compiling, etc.
properties:
code:
type: string
location:
type: string
message:
type: string
required:
- code
- message
type: object
type: array
id:
description: a unique identifier for the pod that wrote the
status
type: string
observedGeneration:
format: int64
type: integer
type: object
x-kubernetes-preserve-unknown-fields: true
type: array
created:
type: boolean
type: object
type: object
served: true
storage: true
subresources:
status: {}
- name: v1alpha1
schema:
openAPIV3Schema:
Expand Down Expand Up @@ -52,6 +153,9 @@ spec:
type: object
validation:
properties:
legacySchema:
default: true
type: boolean
openAPIV3Schema:
type: object
x-kubernetes-preserve-unknown-fields: true
Expand Down Expand Up @@ -150,6 +254,9 @@ spec:
type: object
validation:
properties:
legacySchema:
default: true
type: boolean
openAPIV3Schema:
type: object
x-kubernetes-preserve-unknown-fields: true
Expand Down Expand Up @@ -209,7 +316,7 @@ spec:
type: object
type: object
served: true
storage: true
storage: false
subresources:
status: {}
status:
Expand Down
109 changes: 108 additions & 1 deletion constraint/deploy/crds.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,107 @@ spec:
preserveUnknownFields: false
scope: Cluster
versions:
- name: v1
schema:
openAPIV3Schema:
description: ConstraintTemplate is the Schema for the constrainttemplates
API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: ConstraintTemplateSpec defines the desired state of ConstraintTemplate
properties:
crd:
properties:
spec:
properties:
names:
properties:
kind:
type: string
shortNames:
items:
type: string
type: array
type: object
validation:
properties:
legacySchema:
default: false
type: boolean
openAPIV3Schema:
type: object
x-kubernetes-preserve-unknown-fields: true
type: object
type: object
type: object
targets:
items:
properties:
libs:
items:
type: string
type: array
rego:
type: string
target:
type: string
type: object
type: array
type: object
status:
description: ConstraintTemplateStatus defines the observed state of ConstraintTemplate
properties:
byPod:
items:
description: ByPodStatus defines the observed state of ConstraintTemplate
as seen by an individual controller
properties:
errors:
items:
description: CreateCRDError represents a single error caught
during parsing, compiling, etc.
properties:
code:
type: string
location:
type: string
message:
type: string
required:
- code
- message
type: object
type: array
id:
description: a unique identifier for the pod that wrote the
status
type: string
observedGeneration:
format: int64
type: integer
type: object
x-kubernetes-preserve-unknown-fields: true
type: array
created:
type: boolean
type: object
type: object
served: true
storage: true
subresources:
status: {}
- name: v1alpha1
schema:
openAPIV3Schema:
Expand Down Expand Up @@ -45,6 +146,9 @@ spec:
type: object
validation:
properties:
legacySchema:
default: true
type: boolean
openAPIV3Schema:
type: object
x-kubernetes-preserve-unknown-fields: true
Expand Down Expand Up @@ -135,6 +239,9 @@ spec:
type: object
validation:
properties:
legacySchema:
default: true
type: boolean
openAPIV3Schema:
type: object
x-kubernetes-preserve-unknown-fields: true
Expand Down Expand Up @@ -191,7 +298,7 @@ spec:
type: object
type: object
served: true
storage: true
storage: false
subresources:
status: {}
status:
Expand Down
23 changes: 23 additions & 0 deletions constraint/pkg/apis/addtoscheme_templates_v1.go
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

package apis

import v1 "github.com/open-policy-agent/frameworks/constraint/pkg/apis/templates/v1"

func init() {
// Register the types with the Scheme so the components can map objects to GroupVersionKinds and back
AddToSchemes = append(AddToSchemes, v1.AddToScheme)
}
Loading

0 comments on commit 1dbe261

Please sign in to comment.