chore: bump cleanup policies to v2beta1 (kyverno#8621)

Signed-off-by: Mariam Fahmy <[email protected]>

api/kyverno/v2alpha1/cleanup_policy_types.go

@@ -22,34 +22,22 @@ import (
 	"github.com/aptible/supercronic/cronexpr"
 	kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
 	kyvernov2beta1 "github.com/kyverno/kyverno/api/kyverno/v2beta1"
-	datautils "github.com/kyverno/kyverno/pkg/utils/data"
 	"github.com/robfig/cron"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/util/sets"
 	"k8s.io/apimachinery/pkg/util/validation/field"
 )
 
 // +genclient
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 // +kubebuilder:object:root=true
-// +kubebuilder:storageversion
 // +kubebuilder:resource:shortName=cleanpol,categories=kyverno
 // +kubebuilder:subresource:status
 // +kubebuilder:printcolumn:name="Schedule",type=string,JSONPath=".spec.schedule"
 // +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp"
+// +kubebuilder:deprecatedversion
 
 // CleanupPolicy defines a rule for resource cleanup.
-type CleanupPolicy struct {
-	metav1.TypeMeta   `json:",inline,omitempty"`
-	metav1.ObjectMeta `json:"metadata,omitempty"`
-
-	// Spec declares policy behaviors.
-	Spec CleanupPolicySpec `json:"spec"`
-
-	// Status contains policy runtime data.
-	// +optional
-	Status CleanupPolicyStatus `json:"status,omitempty"`
-}
+type CleanupPolicy kyvernov2beta1.CleanupPolicy
 
 // GetSpec returns the policy spec
 func (p *CleanupPolicy) GetSpec() *CleanupPolicySpec {
@@ -108,34 +96,20 @@ func (p *CleanupPolicy) IsNamespaced() bool {
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 
 // CleanupPolicyList is a list of ClusterPolicy instances.
-type CleanupPolicyList struct {
-	metav1.TypeMeta `json:",inline"`
-	metav1.ListMeta `json:"metadata"`
-	Items           []CleanupPolicy `json:"items"`
-}
+type CleanupPolicyList kyvernov2beta1.CleanupPolicyList
 
 // +genclient
 // +genclient:nonNamespaced
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 // +kubebuilder:object:root=true
-// +kubebuilder:storageversion
 // +kubebuilder:resource:scope=Cluster,shortName=ccleanpol,categories=kyverno
 // +kubebuilder:subresource:status
 // +kubebuilder:printcolumn:name="Schedule",type=string,JSONPath=".spec.schedule"
 // +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp"
+// +kubebuilder:deprecatedversion
 
 // ClusterCleanupPolicy defines rule for resource cleanup.
-type ClusterCleanupPolicy struct {
-	metav1.TypeMeta   `json:",inline,omitempty"`
-	metav1.ObjectMeta `json:"metadata,omitempty"`
-
-	// Spec declares policy behaviors.
-	Spec CleanupPolicySpec `json:"spec"`
-
-	// Status contains policy runtime data.
-	// +optional
-	Status CleanupPolicyStatus `json:"status,omitempty"`
-}
+type ClusterCleanupPolicy kyvernov2beta1.ClusterCleanupPolicy
 
 // GetSpec returns the policy spec
 func (p *ClusterCleanupPolicy) GetSpec() *CleanupPolicySpec {
@@ -194,65 +168,14 @@ func (p *ClusterCleanupPolicy) Validate(clusterResources sets.Set[string]) (errs
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 
 // ClusterCleanupPolicyList is a list of ClusterCleanupPolicy instances.
-type ClusterCleanupPolicyList struct {
-	metav1.TypeMeta `json:",inline"`
-	metav1.ListMeta `json:"metadata"`
-	Items           []ClusterCleanupPolicy `json:"items"`
-}
+type ClusterCleanupPolicyList kyvernov2beta1.ClusterCleanupPolicyList
 
 // CleanupPolicySpec stores specifications for selecting resources that the user needs to delete
 // and schedule when the matching resources needs deleted.
-type CleanupPolicySpec struct {
-	// Context defines variables and data sources that can be used during rule execution.
-	// +optional
-	Context []kyvernov1.ContextEntry `json:"context,omitempty" yaml:"context,omitempty"`
-
-	// MatchResources defines when cleanuppolicy should be applied. The match
-	// criteria can include resource information (e.g. kind, name, namespace, labels)
-	// and admission review request information like the user name or role.
-	// At least one kind is required.
-	MatchResources kyvernov2beta1.MatchResources `json:"match,omitempty"`
-
-	// ExcludeResources defines when cleanuppolicy should not be applied. The exclude
-	// criteria can include resource information (e.g. kind, name, namespace, labels)
-	// and admission review request information like the name or role.
-	// +optional
-	ExcludeResources *kyvernov2beta1.MatchResources `json:"exclude,omitempty"`
-
-	// The schedule in Cron format
-	Schedule string `json:"schedule"`
-
-	// Conditions defines the conditions used to select the resources which will be cleaned up.
-	// +optional
-	Conditions *kyvernov2beta1.AnyAllConditions `json:"conditions,omitempty"`
-}
+type CleanupPolicySpec = kyvernov2beta1.CleanupPolicySpec
 
 // CleanupPolicyStatus stores the status of the policy.
-type CleanupPolicyStatus struct {
-	Conditions        []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"`
-	LastExecutionTime metav1.Time        `json:"lastExecutionTime,omitempty"`
-}
-
-// Validate implements programmatic validation
-func (p *CleanupPolicySpec) Validate(path *field.Path, clusterResources sets.Set[string], namespaced bool) (errs field.ErrorList) {
-	// Write context validation code here by following other validations.
-	errs = append(errs, ValidateContext(path.Child("context"), p.Context)...)
-	errs = append(errs, ValidateSchedule(path.Child("schedule"), p.Schedule)...)
-	if userInfoErrs := p.MatchResources.ValidateNoUserInfo(path.Child("match")); len(userInfoErrs) != 0 {
-		errs = append(errs, userInfoErrs...)
-	} else {
-		errs = append(errs, p.MatchResources.Validate(path.Child("match"), namespaced, clusterResources)...)
-	}
-	if p.ExcludeResources != nil {
-		if userInfoErrs := p.ExcludeResources.ValidateNoUserInfo(path.Child("exclude")); len(userInfoErrs) != 0 {
-			errs = append(errs, userInfoErrs...)
-		} else {
-			errs = append(errs, p.ExcludeResources.Validate(path.Child("exclude"), namespaced, clusterResources)...)
-		}
-	}
-	errs = append(errs, p.ValidateMatchExcludeConflict(path)...)
-	return errs
-}
+type CleanupPolicyStatus = kyvernov2beta1.CleanupPolicyStatus
 
 func ValidateContext(path *field.Path, context []kyvernov1.ContextEntry) (errs field.ErrorList) {
 	for _, entry := range context {
@@ -272,25 +195,3 @@ func ValidateSchedule(path *field.Path, schedule string) (errs field.ErrorList)
 	}
 	return errs
 }
-
-// ValidateMatchExcludeConflict checks if the resultant of match and exclude block is not an empty set
-func (spec *CleanupPolicySpec) ValidateMatchExcludeConflict(path *field.Path) (errs field.ErrorList) {
-	if spec.ExcludeResources == nil || len(spec.ExcludeResources.All) > 0 || len(spec.MatchResources.All) > 0 {
-		return errs
-	}
-	// if both have any then no resource should be common
-	if len(spec.MatchResources.Any) > 0 && len(spec.ExcludeResources.Any) > 0 {
-		for _, rmr := range spec.MatchResources.Any {
-			for _, rer := range spec.ExcludeResources.Any {
-				if datautils.DeepEqual(rmr, rer) {
-					return append(errs, field.Invalid(path, spec, "CleanupPolicy is matching an empty set"))
-				}
-			}
-		}
-		return errs
-	}
-	if datautils.DeepEqual(spec.ExcludeResources, &kyvernov2beta1.MatchResources{}) {
-		return errs
-	}
-	return append(errs, field.Invalid(path, spec, "CleanupPolicy is matching an empty set"))
-}

api/kyverno/v2alpha1/policy_exception_types.go

@@ -27,6 +27,7 @@ import (
 // +kubebuilder:object:root=true
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 // +kubebuilder:resource:shortName=polex,categories=kyverno
+// +kubebuilder:deprecatedversion
 
 // PolicyException declares resources to be excluded from specified policies.
 type PolicyException kyvernov2beta1.PolicyException