diff --git a/apis/admissionregistration/v1alpha1/mutatingadmissionpolicy.go b/apis/admissionregistration/v1alpha1/mutatingadmissionpolicy.go new file mode 100644 index 0000000..5906645 --- /dev/null +++ b/apis/admissionregistration/v1alpha1/mutatingadmissionpolicy.go @@ -0,0 +1,101 @@ +/* +Copyright 2024 the original author or authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1alpha1 + +import ( + admissionregistrationv1alpha1 "k8s.io/api/admissionregistration/v1alpha1" +) + +// +die:object=true,apiVersion=admissionregistration.k8s.io/v1alpha1,kind=MutatingAdmissionPolicy +type _ = admissionregistrationv1alpha1.MutatingAdmissionPolicy + +// +die +// +die:field:name=ParamKind,die=ParamKindDie,pointer=true +// +die:field:name=MatchConstraints,die=MatchResourcesDie,pointer=true +// +die:field:name=Variables,die=VariableDie,listType=atomic +// +die:field:name=Mutations,die=MutationDie,listType=atomic +// +die:field:name=MatchConditions,die=MatchConditionDie,listType=map +type _ = admissionregistrationv1alpha1.MutatingAdmissionPolicySpec + +// +die +type _ = admissionregistrationv1alpha1.ParamKind + +// +die +// +die:field:name=NamespaceSelector,die=LabelSelectorDie,package=_/meta/v1,pointer=true +// +die:field:name=ObjectSelector,die=LabelSelectorDie,package=_/meta/v1,pointer=true +// +die:field:name=ResourceRules,die=NamedRuleWithOperationsDie,listType=atomic +// +die:field:name=ExcludeResourceRules,die=NamedRuleWithOperationsDie,listType=atomic +type _ = admissionregistrationv1alpha1.MatchResources + +// +die +type _ = admissionregistrationv1alpha1.MatchCondition + +// Name is an identifier for this match condition, used for strategic merging of MatchConditions, +// as well as providing an identifier for logging purposes. A good name should be descriptive of +// the associated expression. +// Name must be a qualified name consisting of alphanumeric characters, '-', '_' or '.', and +// must start and end with an alphanumeric character (e.g. 'MyName', or 'my.name', or +// '123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]') with an +// optional DNS subdomain prefix and '/' (e.g. 'example.com/MyName') +// +// Required. +func (d *MatchConditionDie) Name(v string) *MatchConditionDie { + return d.DieStamp(func(r *admissionregistrationv1alpha1.MatchCondition) { + r.Name = v + }) +} + +// Expression represents the expression which will be evaluated by CEL. Must evaluate to bool. +// CEL expressions have access to the contents of the AdmissionRequest and Authorizer, organized into CEL variables: +// +// 'object' - The object from the incoming request. The value is null for DELETE requests. +// 'oldObject' - The existing object. The value is null for CREATE requests. +// 'request' - Attributes of the admission request(/pkg/apis/admission/types.go#AdmissionRequest). +// 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request. +// +// See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz +// +// 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the +// +// request resource. +// +// Documentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/ +// +// Required. +func (d *MatchConditionDie) Expression(v string) *MatchConditionDie { + return d.DieStamp(func(r *admissionregistrationv1alpha1.MatchCondition) { + r.Expression = v + }) +} + +// +die +type _ = admissionregistrationv1alpha1.Variable + +// +die +// +die:field:name=ApplyConfiguration,die=ApplyConfigurationDie,pointer=true +// +die:field:name=JSONPatch,die=JSONPatchDie,pointer=true +type _ = admissionregistrationv1alpha1.Mutation + +// +die +// +die:field:name=RuleWithOperations,die=RuleWithOperationsDie,package=_/admissionregistration/v1 +type _ = admissionregistrationv1alpha1.NamedRuleWithOperations + +// +die +type _ = admissionregistrationv1alpha1.ApplyConfiguration + +// +die +type _ = admissionregistrationv1alpha1.JSONPatch diff --git a/apis/admissionregistration/v1alpha1/zz_generated.die.go b/apis/admissionregistration/v1alpha1/zz_generated.die.go new file mode 100644 index 0000000..9f68bb5 --- /dev/null +++ b/apis/admissionregistration/v1alpha1/zz_generated.die.go @@ -0,0 +1,3294 @@ +//go:build !ignore_autogenerated +// +build !ignore_autogenerated + +/* +Copyright 2021-2022 the original author or authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by diegen. DO NOT EDIT. + +package v1alpha1 + +import ( + fmtx "fmt" + cmp "github.com/google/go-cmp/cmp" + admissionregistrationv1alpha1 "k8s.io/api/admissionregistration/v1alpha1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + unstructured "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" + runtime "k8s.io/apimachinery/pkg/runtime" + schema "k8s.io/apimachinery/pkg/runtime/schema" + types "k8s.io/apimachinery/pkg/types" + json "k8s.io/apimachinery/pkg/util/json" + jsonpath "k8s.io/client-go/util/jsonpath" + osx "os" + admissionregistrationv1 "reconciler.io/dies/apis/admissionregistration/v1" + v1 "reconciler.io/dies/apis/meta/v1" + patch "reconciler.io/dies/patch" + reflectx "reflect" + yaml "sigs.k8s.io/yaml" +) + +var MutatingAdmissionPolicyBlank = (&MutatingAdmissionPolicyDie{}).DieFeed(admissionregistrationv1alpha1.MutatingAdmissionPolicy{}) + +type MutatingAdmissionPolicyDie struct { + v1.FrozenObjectMeta + mutable bool + r admissionregistrationv1alpha1.MutatingAdmissionPolicy + seal admissionregistrationv1alpha1.MutatingAdmissionPolicy +} + +// DieImmutable returns a new die for the current die's state that is either mutable (`false`) or immutable (`true`). +func (d *MutatingAdmissionPolicyDie) DieImmutable(immutable bool) *MutatingAdmissionPolicyDie { + if d.mutable == !immutable { + return d + } + d = d.DeepCopy() + d.mutable = !immutable + return d +} + +// DieFeed returns a new die with the provided resource. +func (d *MutatingAdmissionPolicyDie) DieFeed(r admissionregistrationv1alpha1.MutatingAdmissionPolicy) *MutatingAdmissionPolicyDie { + if d.mutable { + d.FrozenObjectMeta = v1.FreezeObjectMeta(r.ObjectMeta) + d.r = r + return d + } + return &MutatingAdmissionPolicyDie{ + FrozenObjectMeta: v1.FreezeObjectMeta(r.ObjectMeta), + mutable: d.mutable, + r: r, + seal: d.seal, + } +} + +// DieFeedPtr returns a new die with the provided resource pointer. If the resource is nil, the empty value is used instead. +func (d *MutatingAdmissionPolicyDie) DieFeedPtr(r *admissionregistrationv1alpha1.MutatingAdmissionPolicy) *MutatingAdmissionPolicyDie { + if r == nil { + r = &admissionregistrationv1alpha1.MutatingAdmissionPolicy{} + } + return d.DieFeed(*r) +} + +// DieFeedJSON returns a new die with the provided JSON. Panics on error. +func (d *MutatingAdmissionPolicyDie) DieFeedJSON(j []byte) *MutatingAdmissionPolicyDie { + r := admissionregistrationv1alpha1.MutatingAdmissionPolicy{} + if err := json.Unmarshal(j, &r); err != nil { + panic(err) + } + return d.DieFeed(r) +} + +// DieFeedYAML returns a new die with the provided YAML. Panics on error. +func (d *MutatingAdmissionPolicyDie) DieFeedYAML(y []byte) *MutatingAdmissionPolicyDie { + r := admissionregistrationv1alpha1.MutatingAdmissionPolicy{} + if err := yaml.Unmarshal(y, &r); err != nil { + panic(err) + } + return d.DieFeed(r) +} + +// DieFeedYAMLFile returns a new die loading YAML from a file path. Panics on error. +func (d *MutatingAdmissionPolicyDie) DieFeedYAMLFile(name string) *MutatingAdmissionPolicyDie { + y, err := osx.ReadFile(name) + if err != nil { + panic(err) + } + return d.DieFeedYAML(y) +} + +// DieFeedRawExtension returns the resource managed by the die as an raw extension. Panics on error. +func (d *MutatingAdmissionPolicyDie) DieFeedRawExtension(raw runtime.RawExtension) *MutatingAdmissionPolicyDie { + j, err := json.Marshal(raw) + if err != nil { + panic(err) + } + return d.DieFeedJSON(j) +} + +// DieRelease returns the resource managed by the die. +func (d *MutatingAdmissionPolicyDie) DieRelease() admissionregistrationv1alpha1.MutatingAdmissionPolicy { + if d.mutable { + return d.r + } + return *d.r.DeepCopy() +} + +// DieReleasePtr returns a pointer to the resource managed by the die. +func (d *MutatingAdmissionPolicyDie) DieReleasePtr() *admissionregistrationv1alpha1.MutatingAdmissionPolicy { + r := d.DieRelease() + return &r +} + +// DieReleaseUnstructured returns the resource managed by the die as an unstructured object. Panics on error. +func (d *MutatingAdmissionPolicyDie) DieReleaseUnstructured() *unstructured.Unstructured { + r := d.DieReleasePtr() + u, err := runtime.DefaultUnstructuredConverter.ToUnstructured(r) + if err != nil { + panic(err) + } + return &unstructured.Unstructured{ + Object: u, + } +} + +// DieReleaseJSON returns the resource managed by the die as JSON. Panics on error. +func (d *MutatingAdmissionPolicyDie) DieReleaseJSON() []byte { + r := d.DieReleasePtr() + j, err := json.Marshal(r) + if err != nil { + panic(err) + } + return j +} + +// DieReleaseYAML returns the resource managed by the die as YAML. Panics on error. +func (d *MutatingAdmissionPolicyDie) DieReleaseYAML() []byte { + r := d.DieReleasePtr() + y, err := yaml.Marshal(r) + if err != nil { + panic(err) + } + return y +} + +// DieReleaseRawExtension returns the resource managed by the die as an raw extension. Panics on error. +func (d *MutatingAdmissionPolicyDie) DieReleaseRawExtension() runtime.RawExtension { + j := d.DieReleaseJSON() + raw := runtime.RawExtension{} + if err := json.Unmarshal(j, &raw); err != nil { + panic(err) + } + return raw +} + +// DieStamp returns a new die with the resource passed to the callback function. The resource is mutable. +func (d *MutatingAdmissionPolicyDie) DieStamp(fn func(r *admissionregistrationv1alpha1.MutatingAdmissionPolicy)) *MutatingAdmissionPolicyDie { + r := d.DieRelease() + fn(&r) + return d.DieFeed(r) +} + +// Experimental: DieStampAt uses a JSON path (http://goessner.net/articles/JsonPath/) expression to stamp portions of the resource. The callback is invoked with each JSON path match. Panics if the callback function does not accept a single argument of the same type or a pointer to that type as found on the resource at the target location. +// +// Future iterations will improve type coercion from the resource to the callback argument. +func (d *MutatingAdmissionPolicyDie) DieStampAt(jp string, fn interface{}) *MutatingAdmissionPolicyDie { + return d.DieStamp(func(r *admissionregistrationv1alpha1.MutatingAdmissionPolicy) { + if ni := reflectx.ValueOf(fn).Type().NumIn(); ni != 1 { + panic(fmtx.Errorf("callback function must have 1 input parameters, found %d", ni)) + } + if no := reflectx.ValueOf(fn).Type().NumOut(); no != 0 { + panic(fmtx.Errorf("callback function must have 0 output parameters, found %d", no)) + } + + cp := jsonpath.New("") + if err := cp.Parse(fmtx.Sprintf("{%s}", jp)); err != nil { + panic(err) + } + cr, err := cp.FindResults(r) + if err != nil { + // errors are expected if a path is not found + return + } + for _, cv := range cr[0] { + arg0t := reflectx.ValueOf(fn).Type().In(0) + + var args []reflectx.Value + if cv.Type().AssignableTo(arg0t) { + args = []reflectx.Value{cv} + } else if cv.CanAddr() && cv.Addr().Type().AssignableTo(arg0t) { + args = []reflectx.Value{cv.Addr()} + } else { + panic(fmtx.Errorf("callback function must accept value of type %q, found type %q", cv.Type(), arg0t)) + } + + reflectx.ValueOf(fn).Call(args) + } + }) +} + +// DieWith returns a new die after passing the current die to the callback function. The passed die is mutable. +func (d *MutatingAdmissionPolicyDie) DieWith(fns ...func(d *MutatingAdmissionPolicyDie)) *MutatingAdmissionPolicyDie { + nd := MutatingAdmissionPolicyBlank.DieFeed(d.DieRelease()).DieImmutable(false) + for _, fn := range fns { + if fn != nil { + fn(nd) + } + } + return d.DieFeed(nd.DieRelease()) +} + +// DeepCopy returns a new die with equivalent state. Useful for snapshotting a mutable die. +func (d *MutatingAdmissionPolicyDie) DeepCopy() *MutatingAdmissionPolicyDie { + r := *d.r.DeepCopy() + return &MutatingAdmissionPolicyDie{ + FrozenObjectMeta: v1.FreezeObjectMeta(r.ObjectMeta), + mutable: d.mutable, + r: r, + seal: d.seal, + } +} + +// DieSeal returns a new die for the current die's state that is sealed for comparison in future diff and patch operations. +func (d *MutatingAdmissionPolicyDie) DieSeal() *MutatingAdmissionPolicyDie { + return d.DieSealFeed(d.r) +} + +// DieSealFeed returns a new die for the current die's state that uses a specific resource for comparison in future diff and patch operations. +func (d *MutatingAdmissionPolicyDie) DieSealFeed(r admissionregistrationv1alpha1.MutatingAdmissionPolicy) *MutatingAdmissionPolicyDie { + if !d.mutable { + d = d.DeepCopy() + } + d.seal = *r.DeepCopy() + return d +} + +// DieSealFeedPtr returns a new die for the current die's state that uses a specific resource pointer for comparison in future diff and patch operations. If the resource is nil, the empty value is used instead. +func (d *MutatingAdmissionPolicyDie) DieSealFeedPtr(r *admissionregistrationv1alpha1.MutatingAdmissionPolicy) *MutatingAdmissionPolicyDie { + if r == nil { + r = &admissionregistrationv1alpha1.MutatingAdmissionPolicy{} + } + return d.DieSealFeed(*r) +} + +// DieSealRelease returns the sealed resource managed by the die. +func (d *MutatingAdmissionPolicyDie) DieSealRelease() admissionregistrationv1alpha1.MutatingAdmissionPolicy { + return *d.seal.DeepCopy() +} + +// DieSealReleasePtr returns the sealed resource pointer managed by the die. +func (d *MutatingAdmissionPolicyDie) DieSealReleasePtr() *admissionregistrationv1alpha1.MutatingAdmissionPolicy { + r := d.DieSealRelease() + return &r +} + +// DieDiff uses cmp.Diff to compare the current value of the die with the sealed value. +func (d *MutatingAdmissionPolicyDie) DieDiff(opts ...cmp.Option) string { + return cmp.Diff(d.seal, d.r, opts...) +} + +// DiePatch generates a patch between the current value of the die and the sealed value. +func (d *MutatingAdmissionPolicyDie) DiePatch(patchType types.PatchType) ([]byte, error) { + return patch.Create(d.seal, d.r, patchType) +} + +var _ runtime.Object = (*MutatingAdmissionPolicyDie)(nil) + +func (d *MutatingAdmissionPolicyDie) DeepCopyObject() runtime.Object { + return d.r.DeepCopy() +} + +func (d *MutatingAdmissionPolicyDie) GetObjectKind() schema.ObjectKind { + r := d.DieRelease() + return r.GetObjectKind() +} + +func (d *MutatingAdmissionPolicyDie) MarshalJSON() ([]byte, error) { + return json.Marshal(d.r) +} + +func (d *MutatingAdmissionPolicyDie) UnmarshalJSON(b []byte) error { + if !d.mutable { + return fmtx.Errorf("cannot unmarshal into immutable dies, create a mutable version first") + } + resource := &admissionregistrationv1alpha1.MutatingAdmissionPolicy{} + err := json.Unmarshal(b, resource) + *d = *d.DieFeed(*resource) + return err +} + +// DieDefaultTypeMetadata sets the APIVersion and Kind to "admissionregistration.k8s.io/v1alpha1" and "MutatingAdmissionPolicy" respectively. +func (d *MutatingAdmissionPolicyDie) DieDefaultTypeMetadata() *MutatingAdmissionPolicyDie { + return d.DieStamp(func(r *admissionregistrationv1alpha1.MutatingAdmissionPolicy) { + r.APIVersion = "admissionregistration.k8s.io/v1alpha1" + r.Kind = "MutatingAdmissionPolicy" + }) +} + +// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources +func (d *MutatingAdmissionPolicyDie) APIVersion(v string) *MutatingAdmissionPolicyDie { + return d.DieStamp(func(r *admissionregistrationv1alpha1.MutatingAdmissionPolicy) { + r.APIVersion = v + }) +} + +// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds +func (d *MutatingAdmissionPolicyDie) Kind(v string) *MutatingAdmissionPolicyDie { + return d.DieStamp(func(r *admissionregistrationv1alpha1.MutatingAdmissionPolicy) { + r.Kind = v + }) +} + +// TypeMetadata standard object's type metadata. +func (d *MutatingAdmissionPolicyDie) TypeMetadata(v metav1.TypeMeta) *MutatingAdmissionPolicyDie { + return d.DieStamp(func(r *admissionregistrationv1alpha1.MutatingAdmissionPolicy) { + r.TypeMeta = v + }) +} + +// TypeMetadataDie stamps the resource's TypeMeta field with a mutable die. +func (d *MutatingAdmissionPolicyDie) TypeMetadataDie(fn func(d *v1.TypeMetaDie)) *MutatingAdmissionPolicyDie { + return d.DieStamp(func(r *admissionregistrationv1alpha1.MutatingAdmissionPolicy) { + d := v1.TypeMetaBlank.DieImmutable(false).DieFeed(r.TypeMeta) + fn(d) + r.TypeMeta = d.DieRelease() + }) +} + +// Metadata standard object's metadata. +func (d *MutatingAdmissionPolicyDie) Metadata(v metav1.ObjectMeta) *MutatingAdmissionPolicyDie { + return d.DieStamp(func(r *admissionregistrationv1alpha1.MutatingAdmissionPolicy) { + r.ObjectMeta = v + }) +} + +// MetadataDie stamps the resource's ObjectMeta field with a mutable die. +func (d *MutatingAdmissionPolicyDie) MetadataDie(fn func(d *v1.ObjectMetaDie)) *MutatingAdmissionPolicyDie { + return d.DieStamp(func(r *admissionregistrationv1alpha1.MutatingAdmissionPolicy) { + d := v1.ObjectMetaBlank.DieImmutable(false).DieFeed(r.ObjectMeta) + fn(d) + r.ObjectMeta = d.DieRelease() + }) +} + +// SpecDie stamps the resource's spec field with a mutable die. +func (d *MutatingAdmissionPolicyDie) SpecDie(fn func(d *MutatingAdmissionPolicySpecDie)) *MutatingAdmissionPolicyDie { + return d.DieStamp(func(r *admissionregistrationv1alpha1.MutatingAdmissionPolicy) { + d := MutatingAdmissionPolicySpecBlank.DieImmutable(false).DieFeed(r.Spec) + fn(d) + r.Spec = d.DieRelease() + }) +} + +// Specification of the desired behavior of the MutatingAdmissionPolicy. +func (d *MutatingAdmissionPolicyDie) Spec(v admissionregistrationv1alpha1.MutatingAdmissionPolicySpec) *MutatingAdmissionPolicyDie { + return d.DieStamp(func(r *admissionregistrationv1alpha1.MutatingAdmissionPolicy) { + r.Spec = v + }) +} + +var MutatingAdmissionPolicySpecBlank = (&MutatingAdmissionPolicySpecDie{}).DieFeed(admissionregistrationv1alpha1.MutatingAdmissionPolicySpec{}) + +type MutatingAdmissionPolicySpecDie struct { + mutable bool + r admissionregistrationv1alpha1.MutatingAdmissionPolicySpec + seal admissionregistrationv1alpha1.MutatingAdmissionPolicySpec +} + +// DieImmutable returns a new die for the current die's state that is either mutable (`false`) or immutable (`true`). +func (d *MutatingAdmissionPolicySpecDie) DieImmutable(immutable bool) *MutatingAdmissionPolicySpecDie { + if d.mutable == !immutable { + return d + } + d = d.DeepCopy() + d.mutable = !immutable + return d +} + +// DieFeed returns a new die with the provided resource. +func (d *MutatingAdmissionPolicySpecDie) DieFeed(r admissionregistrationv1alpha1.MutatingAdmissionPolicySpec) *MutatingAdmissionPolicySpecDie { + if d.mutable { + d.r = r + return d + } + return &MutatingAdmissionPolicySpecDie{ + mutable: d.mutable, + r: r, + seal: d.seal, + } +} + +// DieFeedPtr returns a new die with the provided resource pointer. If the resource is nil, the empty value is used instead. +func (d *MutatingAdmissionPolicySpecDie) DieFeedPtr(r *admissionregistrationv1alpha1.MutatingAdmissionPolicySpec) *MutatingAdmissionPolicySpecDie { + if r == nil { + r = &admissionregistrationv1alpha1.MutatingAdmissionPolicySpec{} + } + return d.DieFeed(*r) +} + +// DieFeedJSON returns a new die with the provided JSON. Panics on error. +func (d *MutatingAdmissionPolicySpecDie) DieFeedJSON(j []byte) *MutatingAdmissionPolicySpecDie { + r := admissionregistrationv1alpha1.MutatingAdmissionPolicySpec{} + if err := json.Unmarshal(j, &r); err != nil { + panic(err) + } + return d.DieFeed(r) +} + +// DieFeedYAML returns a new die with the provided YAML. Panics on error. +func (d *MutatingAdmissionPolicySpecDie) DieFeedYAML(y []byte) *MutatingAdmissionPolicySpecDie { + r := admissionregistrationv1alpha1.MutatingAdmissionPolicySpec{} + if err := yaml.Unmarshal(y, &r); err != nil { + panic(err) + } + return d.DieFeed(r) +} + +// DieFeedYAMLFile returns a new die loading YAML from a file path. Panics on error. +func (d *MutatingAdmissionPolicySpecDie) DieFeedYAMLFile(name string) *MutatingAdmissionPolicySpecDie { + y, err := osx.ReadFile(name) + if err != nil { + panic(err) + } + return d.DieFeedYAML(y) +} + +// DieFeedRawExtension returns the resource managed by the die as an raw extension. Panics on error. +func (d *MutatingAdmissionPolicySpecDie) DieFeedRawExtension(raw runtime.RawExtension) *MutatingAdmissionPolicySpecDie { + j, err := json.Marshal(raw) + if err != nil { + panic(err) + } + return d.DieFeedJSON(j) +} + +// DieRelease returns the resource managed by the die. +func (d *MutatingAdmissionPolicySpecDie) DieRelease() admissionregistrationv1alpha1.MutatingAdmissionPolicySpec { + if d.mutable { + return d.r + } + return *d.r.DeepCopy() +} + +// DieReleasePtr returns a pointer to the resource managed by the die. +func (d *MutatingAdmissionPolicySpecDie) DieReleasePtr() *admissionregistrationv1alpha1.MutatingAdmissionPolicySpec { + r := d.DieRelease() + return &r +} + +// DieReleaseJSON returns the resource managed by the die as JSON. Panics on error. +func (d *MutatingAdmissionPolicySpecDie) DieReleaseJSON() []byte { + r := d.DieReleasePtr() + j, err := json.Marshal(r) + if err != nil { + panic(err) + } + return j +} + +// DieReleaseYAML returns the resource managed by the die as YAML. Panics on error. +func (d *MutatingAdmissionPolicySpecDie) DieReleaseYAML() []byte { + r := d.DieReleasePtr() + y, err := yaml.Marshal(r) + if err != nil { + panic(err) + } + return y +} + +// DieReleaseRawExtension returns the resource managed by the die as an raw extension. Panics on error. +func (d *MutatingAdmissionPolicySpecDie) DieReleaseRawExtension() runtime.RawExtension { + j := d.DieReleaseJSON() + raw := runtime.RawExtension{} + if err := json.Unmarshal(j, &raw); err != nil { + panic(err) + } + return raw +} + +// DieStamp returns a new die with the resource passed to the callback function. The resource is mutable. +func (d *MutatingAdmissionPolicySpecDie) DieStamp(fn func(r *admissionregistrationv1alpha1.MutatingAdmissionPolicySpec)) *MutatingAdmissionPolicySpecDie { + r := d.DieRelease() + fn(&r) + return d.DieFeed(r) +} + +// Experimental: DieStampAt uses a JSON path (http://goessner.net/articles/JsonPath/) expression to stamp portions of the resource. The callback is invoked with each JSON path match. Panics if the callback function does not accept a single argument of the same type or a pointer to that type as found on the resource at the target location. +// +// Future iterations will improve type coercion from the resource to the callback argument. +func (d *MutatingAdmissionPolicySpecDie) DieStampAt(jp string, fn interface{}) *MutatingAdmissionPolicySpecDie { + return d.DieStamp(func(r *admissionregistrationv1alpha1.MutatingAdmissionPolicySpec) { + if ni := reflectx.ValueOf(fn).Type().NumIn(); ni != 1 { + panic(fmtx.Errorf("callback function must have 1 input parameters, found %d", ni)) + } + if no := reflectx.ValueOf(fn).Type().NumOut(); no != 0 { + panic(fmtx.Errorf("callback function must have 0 output parameters, found %d", no)) + } + + cp := jsonpath.New("") + if err := cp.Parse(fmtx.Sprintf("{%s}", jp)); err != nil { + panic(err) + } + cr, err := cp.FindResults(r) + if err != nil { + // errors are expected if a path is not found + return + } + for _, cv := range cr[0] { + arg0t := reflectx.ValueOf(fn).Type().In(0) + + var args []reflectx.Value + if cv.Type().AssignableTo(arg0t) { + args = []reflectx.Value{cv} + } else if cv.CanAddr() && cv.Addr().Type().AssignableTo(arg0t) { + args = []reflectx.Value{cv.Addr()} + } else { + panic(fmtx.Errorf("callback function must accept value of type %q, found type %q", cv.Type(), arg0t)) + } + + reflectx.ValueOf(fn).Call(args) + } + }) +} + +// DieWith returns a new die after passing the current die to the callback function. The passed die is mutable. +func (d *MutatingAdmissionPolicySpecDie) DieWith(fns ...func(d *MutatingAdmissionPolicySpecDie)) *MutatingAdmissionPolicySpecDie { + nd := MutatingAdmissionPolicySpecBlank.DieFeed(d.DieRelease()).DieImmutable(false) + for _, fn := range fns { + if fn != nil { + fn(nd) + } + } + return d.DieFeed(nd.DieRelease()) +} + +// DeepCopy returns a new die with equivalent state. Useful for snapshotting a mutable die. +func (d *MutatingAdmissionPolicySpecDie) DeepCopy() *MutatingAdmissionPolicySpecDie { + r := *d.r.DeepCopy() + return &MutatingAdmissionPolicySpecDie{ + mutable: d.mutable, + r: r, + seal: d.seal, + } +} + +// DieSeal returns a new die for the current die's state that is sealed for comparison in future diff and patch operations. +func (d *MutatingAdmissionPolicySpecDie) DieSeal() *MutatingAdmissionPolicySpecDie { + return d.DieSealFeed(d.r) +} + +// DieSealFeed returns a new die for the current die's state that uses a specific resource for comparison in future diff and patch operations. +func (d *MutatingAdmissionPolicySpecDie) DieSealFeed(r admissionregistrationv1alpha1.MutatingAdmissionPolicySpec) *MutatingAdmissionPolicySpecDie { + if !d.mutable { + d = d.DeepCopy() + } + d.seal = *r.DeepCopy() + return d +} + +// DieSealFeedPtr returns a new die for the current die's state that uses a specific resource pointer for comparison in future diff and patch operations. If the resource is nil, the empty value is used instead. +func (d *MutatingAdmissionPolicySpecDie) DieSealFeedPtr(r *admissionregistrationv1alpha1.MutatingAdmissionPolicySpec) *MutatingAdmissionPolicySpecDie { + if r == nil { + r = &admissionregistrationv1alpha1.MutatingAdmissionPolicySpec{} + } + return d.DieSealFeed(*r) +} + +// DieSealRelease returns the sealed resource managed by the die. +func (d *MutatingAdmissionPolicySpecDie) DieSealRelease() admissionregistrationv1alpha1.MutatingAdmissionPolicySpec { + return *d.seal.DeepCopy() +} + +// DieSealReleasePtr returns the sealed resource pointer managed by the die. +func (d *MutatingAdmissionPolicySpecDie) DieSealReleasePtr() *admissionregistrationv1alpha1.MutatingAdmissionPolicySpec { + r := d.DieSealRelease() + return &r +} + +// DieDiff uses cmp.Diff to compare the current value of the die with the sealed value. +func (d *MutatingAdmissionPolicySpecDie) DieDiff(opts ...cmp.Option) string { + return cmp.Diff(d.seal, d.r, opts...) +} + +// DiePatch generates a patch between the current value of the die and the sealed value. +func (d *MutatingAdmissionPolicySpecDie) DiePatch(patchType types.PatchType) ([]byte, error) { + return patch.Create(d.seal, d.r, patchType) +} + +// ParamKindDie mutates ParamKind as a die. +// +// paramKind specifies the kind of resources used to parameterize this policy. +// +// If absent, there are no parameters for this policy and the param CEL variable will not be provided to validation expressions. +// +// If paramKind refers to a non-existent kind, this policy definition is mis-configured and the FailurePolicy is applied. +// +// If paramKind is specified but paramRef is unset in MutatingAdmissionPolicyBinding, the params variable will be null. +func (d *MutatingAdmissionPolicySpecDie) ParamKindDie(fn func(d *ParamKindDie)) *MutatingAdmissionPolicySpecDie { + return d.DieStamp(func(r *admissionregistrationv1alpha1.MutatingAdmissionPolicySpec) { + d := ParamKindBlank.DieImmutable(false).DieFeedPtr(r.ParamKind) + fn(d) + r.ParamKind = d.DieReleasePtr() + }) +} + +// MatchConstraintsDie mutates MatchConstraints as a die. +// +// matchConstraints specifies what resources this policy is designed to validate. +// +// The MutatingAdmissionPolicy cares about a request if it matches _all_ Constraints. +// +// # However, in order to prevent clusters from being put into an unstable state that cannot be recovered from via the API +// +// MutatingAdmissionPolicy cannot match MutatingAdmissionPolicy and MutatingAdmissionPolicyBinding. +// +// The CREATE, UPDATE and CONNECT operations are allowed. The DELETE operation may not be matched. +// +// '*' matches CREATE, UPDATE and CONNECT. +// +// Required. +func (d *MutatingAdmissionPolicySpecDie) MatchConstraintsDie(fn func(d *MatchResourcesDie)) *MutatingAdmissionPolicySpecDie { + return d.DieStamp(func(r *admissionregistrationv1alpha1.MutatingAdmissionPolicySpec) { + d := MatchResourcesBlank.DieImmutable(false).DieFeedPtr(r.MatchConstraints) + fn(d) + r.MatchConstraints = d.DieReleasePtr() + }) +} + +// VariablesDie replaces Variables by collecting the released value from each die passed. +// +// variables contain definitions of variables that can be used in composition of other expressions. +// +// Each variable is defined as a named CEL expression. +// +// # The variables defined here will be available under `variables` in other expressions of the policy +// +// except matchConditions because matchConditions are evaluated before the rest of the policy. +// +// The expression of a variable can refer to other variables defined earlier in the list but not those after. +// +// Thus, variables must be sorted by the order of first appearance and acyclic. +func (d *MutatingAdmissionPolicySpecDie) VariablesDie(v ...*VariableDie) *MutatingAdmissionPolicySpecDie { + return d.DieStamp(func(r *admissionregistrationv1alpha1.MutatingAdmissionPolicySpec) { + r.Variables = make([]admissionregistrationv1alpha1.Variable, len(v)) + for i := range v { + r.Variables[i] = v[i].DieRelease() + } + }) +} + +// MutationsDie replaces Mutations by collecting the released value from each die passed. +// +// mutations contain operations to perform on matching objects. +// +// mutations may not be empty; a minimum of one mutation is required. +// +// mutations are evaluated in order, and are reinvoked according to +// +// the reinvocationPolicy. +// +// # The mutations of a policy are invoked for each binding of this policy +// +// and reinvocation of mutations occurs on a per binding basis. +func (d *MutatingAdmissionPolicySpecDie) MutationsDie(v ...*MutationDie) *MutatingAdmissionPolicySpecDie { + return d.DieStamp(func(r *admissionregistrationv1alpha1.MutatingAdmissionPolicySpec) { + r.Mutations = make([]admissionregistrationv1alpha1.Mutation, len(v)) + for i := range v { + r.Mutations[i] = v[i].DieRelease() + } + }) +} + +// MatchConditionDie mutates a single item in MatchConditions matched by the nested field Name, appending a new item if no match is found. +// +// matchConditions is a list of conditions that must be met for a request to be validated. +// +// Match conditions filter requests that have already been matched by the matchConstraints. +// +// An empty list of matchConditions matches all requests. +// +// There are a maximum of 64 match conditions allowed. +// +// # If a parameter object is provided, it can be accessed via the `params` handle in the same +// +// manner as validation expressions. +// +// The exact matching logic is (in order): +// +// 1. If ANY matchCondition evaluates to FALSE, the policy is skipped. +// +// 2. If ALL matchConditions evaluate to TRUE, the policy is evaluated. +// +// 3. If any matchCondition evaluates to an error (but none are FALSE): +// +// - If failurePolicy=Fail, reject the request +// +// - If failurePolicy=Ignore, the policy is skipped +func (d *MutatingAdmissionPolicySpecDie) MatchConditionDie(v string, fn func(d *MatchConditionDie)) *MutatingAdmissionPolicySpecDie { + return d.DieStamp(func(r *admissionregistrationv1alpha1.MutatingAdmissionPolicySpec) { + for i := range r.MatchConditions { + if v == r.MatchConditions[i].Name { + d := MatchConditionBlank.DieImmutable(false).DieFeed(r.MatchConditions[i]) + fn(d) + r.MatchConditions[i] = d.DieRelease() + return + } + } + + d := MatchConditionBlank.DieImmutable(false).DieFeed(admissionregistrationv1alpha1.MatchCondition{Name: v}) + fn(d) + r.MatchConditions = append(r.MatchConditions, d.DieRelease()) + }) +} + +// paramKind specifies the kind of resources used to parameterize this policy. +// +// If absent, there are no parameters for this policy and the param CEL variable will not be provided to validation expressions. +// +// If paramKind refers to a non-existent kind, this policy definition is mis-configured and the FailurePolicy is applied. +// +// If paramKind is specified but paramRef is unset in MutatingAdmissionPolicyBinding, the params variable will be null. +func (d *MutatingAdmissionPolicySpecDie) ParamKind(v *admissionregistrationv1alpha1.ParamKind) *MutatingAdmissionPolicySpecDie { + return d.DieStamp(func(r *admissionregistrationv1alpha1.MutatingAdmissionPolicySpec) { + r.ParamKind = v + }) +} + +// matchConstraints specifies what resources this policy is designed to validate. +// +// The MutatingAdmissionPolicy cares about a request if it matches _all_ Constraints. +// +// # However, in order to prevent clusters from being put into an unstable state that cannot be recovered from via the API +// +// MutatingAdmissionPolicy cannot match MutatingAdmissionPolicy and MutatingAdmissionPolicyBinding. +// +// The CREATE, UPDATE and CONNECT operations are allowed. The DELETE operation may not be matched. +// +// '*' matches CREATE, UPDATE and CONNECT. +// +// Required. +func (d *MutatingAdmissionPolicySpecDie) MatchConstraints(v *admissionregistrationv1alpha1.MatchResources) *MutatingAdmissionPolicySpecDie { + return d.DieStamp(func(r *admissionregistrationv1alpha1.MutatingAdmissionPolicySpec) { + r.MatchConstraints = v + }) +} + +// variables contain definitions of variables that can be used in composition of other expressions. +// +// Each variable is defined as a named CEL expression. +// +// # The variables defined here will be available under `variables` in other expressions of the policy +// +// except matchConditions because matchConditions are evaluated before the rest of the policy. +// +// The expression of a variable can refer to other variables defined earlier in the list but not those after. +// +// Thus, variables must be sorted by the order of first appearance and acyclic. +func (d *MutatingAdmissionPolicySpecDie) Variables(v ...admissionregistrationv1alpha1.Variable) *MutatingAdmissionPolicySpecDie { + return d.DieStamp(func(r *admissionregistrationv1alpha1.MutatingAdmissionPolicySpec) { + r.Variables = v + }) +} + +// mutations contain operations to perform on matching objects. +// +// mutations may not be empty; a minimum of one mutation is required. +// +// mutations are evaluated in order, and are reinvoked according to +// +// the reinvocationPolicy. +// +// # The mutations of a policy are invoked for each binding of this policy +// +// and reinvocation of mutations occurs on a per binding basis. +func (d *MutatingAdmissionPolicySpecDie) Mutations(v ...admissionregistrationv1alpha1.Mutation) *MutatingAdmissionPolicySpecDie { + return d.DieStamp(func(r *admissionregistrationv1alpha1.MutatingAdmissionPolicySpec) { + r.Mutations = v + }) +} + +// failurePolicy defines how to handle failures for the admission policy. Failures can +// +// occur from CEL expression parse errors, type check errors, runtime errors and invalid +// +// or mis-configured policy definitions or bindings. +// +// A policy is invalid if paramKind refers to a non-existent Kind. +// +// A binding is invalid if paramRef.name refers to a non-existent resource. +// +// failurePolicy does not define how validations that evaluate to false are handled. +// +// Allowed values are Ignore or Fail. Defaults to Fail. +func (d *MutatingAdmissionPolicySpecDie) FailurePolicy(v *admissionregistrationv1alpha1.FailurePolicyType) *MutatingAdmissionPolicySpecDie { + return d.DieStamp(func(r *admissionregistrationv1alpha1.MutatingAdmissionPolicySpec) { + r.FailurePolicy = v + }) +} + +// matchConditions is a list of conditions that must be met for a request to be validated. +// +// Match conditions filter requests that have already been matched by the matchConstraints. +// +// An empty list of matchConditions matches all requests. +// +// There are a maximum of 64 match conditions allowed. +// +// # If a parameter object is provided, it can be accessed via the `params` handle in the same +// +// manner as validation expressions. +// +// The exact matching logic is (in order): +// +// 1. If ANY matchCondition evaluates to FALSE, the policy is skipped. +// +// 2. If ALL matchConditions evaluate to TRUE, the policy is evaluated. +// +// 3. If any matchCondition evaluates to an error (but none are FALSE): +// +// - If failurePolicy=Fail, reject the request +// +// - If failurePolicy=Ignore, the policy is skipped +func (d *MutatingAdmissionPolicySpecDie) MatchConditions(v ...admissionregistrationv1alpha1.MatchCondition) *MutatingAdmissionPolicySpecDie { + return d.DieStamp(func(r *admissionregistrationv1alpha1.MutatingAdmissionPolicySpec) { + r.MatchConditions = v + }) +} + +// reinvocationPolicy indicates whether mutations may be called multiple times per MutatingAdmissionPolicyBinding +// +// as part of a single admission evaluation. +// +// Allowed values are "Never" and "IfNeeded". +// +// Never: These mutations will not be called more than once per binding in a single admission evaluation. +// +// IfNeeded: These mutations may be invoked more than once per binding for a single admission request and there is no guarantee of +// +// order with respect to other admission plugins, admission webhooks, bindings of this policy and admission policies. Mutations are only +// +// reinvoked when mutations change the object after this mutation is invoked. +// +// Required. +func (d *MutatingAdmissionPolicySpecDie) ReinvocationPolicy(v admissionregistrationv1alpha1.ReinvocationPolicyType) *MutatingAdmissionPolicySpecDie { + return d.DieStamp(func(r *admissionregistrationv1alpha1.MutatingAdmissionPolicySpec) { + r.ReinvocationPolicy = v + }) +} + +var ParamKindBlank = (&ParamKindDie{}).DieFeed(admissionregistrationv1alpha1.ParamKind{}) + +type ParamKindDie struct { + mutable bool + r admissionregistrationv1alpha1.ParamKind + seal admissionregistrationv1alpha1.ParamKind +} + +// DieImmutable returns a new die for the current die's state that is either mutable (`false`) or immutable (`true`). +func (d *ParamKindDie) DieImmutable(immutable bool) *ParamKindDie { + if d.mutable == !immutable { + return d + } + d = d.DeepCopy() + d.mutable = !immutable + return d +} + +// DieFeed returns a new die with the provided resource. +func (d *ParamKindDie) DieFeed(r admissionregistrationv1alpha1.ParamKind) *ParamKindDie { + if d.mutable { + d.r = r + return d + } + return &ParamKindDie{ + mutable: d.mutable, + r: r, + seal: d.seal, + } +} + +// DieFeedPtr returns a new die with the provided resource pointer. If the resource is nil, the empty value is used instead. +func (d *ParamKindDie) DieFeedPtr(r *admissionregistrationv1alpha1.ParamKind) *ParamKindDie { + if r == nil { + r = &admissionregistrationv1alpha1.ParamKind{} + } + return d.DieFeed(*r) +} + +// DieFeedJSON returns a new die with the provided JSON. Panics on error. +func (d *ParamKindDie) DieFeedJSON(j []byte) *ParamKindDie { + r := admissionregistrationv1alpha1.ParamKind{} + if err := json.Unmarshal(j, &r); err != nil { + panic(err) + } + return d.DieFeed(r) +} + +// DieFeedYAML returns a new die with the provided YAML. Panics on error. +func (d *ParamKindDie) DieFeedYAML(y []byte) *ParamKindDie { + r := admissionregistrationv1alpha1.ParamKind{} + if err := yaml.Unmarshal(y, &r); err != nil { + panic(err) + } + return d.DieFeed(r) +} + +// DieFeedYAMLFile returns a new die loading YAML from a file path. Panics on error. +func (d *ParamKindDie) DieFeedYAMLFile(name string) *ParamKindDie { + y, err := osx.ReadFile(name) + if err != nil { + panic(err) + } + return d.DieFeedYAML(y) +} + +// DieFeedRawExtension returns the resource managed by the die as an raw extension. Panics on error. +func (d *ParamKindDie) DieFeedRawExtension(raw runtime.RawExtension) *ParamKindDie { + j, err := json.Marshal(raw) + if err != nil { + panic(err) + } + return d.DieFeedJSON(j) +} + +// DieRelease returns the resource managed by the die. +func (d *ParamKindDie) DieRelease() admissionregistrationv1alpha1.ParamKind { + if d.mutable { + return d.r + } + return *d.r.DeepCopy() +} + +// DieReleasePtr returns a pointer to the resource managed by the die. +func (d *ParamKindDie) DieReleasePtr() *admissionregistrationv1alpha1.ParamKind { + r := d.DieRelease() + return &r +} + +// DieReleaseJSON returns the resource managed by the die as JSON. Panics on error. +func (d *ParamKindDie) DieReleaseJSON() []byte { + r := d.DieReleasePtr() + j, err := json.Marshal(r) + if err != nil { + panic(err) + } + return j +} + +// DieReleaseYAML returns the resource managed by the die as YAML. Panics on error. +func (d *ParamKindDie) DieReleaseYAML() []byte { + r := d.DieReleasePtr() + y, err := yaml.Marshal(r) + if err != nil { + panic(err) + } + return y +} + +// DieReleaseRawExtension returns the resource managed by the die as an raw extension. Panics on error. +func (d *ParamKindDie) DieReleaseRawExtension() runtime.RawExtension { + j := d.DieReleaseJSON() + raw := runtime.RawExtension{} + if err := json.Unmarshal(j, &raw); err != nil { + panic(err) + } + return raw +} + +// DieStamp returns a new die with the resource passed to the callback function. The resource is mutable. +func (d *ParamKindDie) DieStamp(fn func(r *admissionregistrationv1alpha1.ParamKind)) *ParamKindDie { + r := d.DieRelease() + fn(&r) + return d.DieFeed(r) +} + +// Experimental: DieStampAt uses a JSON path (http://goessner.net/articles/JsonPath/) expression to stamp portions of the resource. The callback is invoked with each JSON path match. Panics if the callback function does not accept a single argument of the same type or a pointer to that type as found on the resource at the target location. +// +// Future iterations will improve type coercion from the resource to the callback argument. +func (d *ParamKindDie) DieStampAt(jp string, fn interface{}) *ParamKindDie { + return d.DieStamp(func(r *admissionregistrationv1alpha1.ParamKind) { + if ni := reflectx.ValueOf(fn).Type().NumIn(); ni != 1 { + panic(fmtx.Errorf("callback function must have 1 input parameters, found %d", ni)) + } + if no := reflectx.ValueOf(fn).Type().NumOut(); no != 0 { + panic(fmtx.Errorf("callback function must have 0 output parameters, found %d", no)) + } + + cp := jsonpath.New("") + if err := cp.Parse(fmtx.Sprintf("{%s}", jp)); err != nil { + panic(err) + } + cr, err := cp.FindResults(r) + if err != nil { + // errors are expected if a path is not found + return + } + for _, cv := range cr[0] { + arg0t := reflectx.ValueOf(fn).Type().In(0) + + var args []reflectx.Value + if cv.Type().AssignableTo(arg0t) { + args = []reflectx.Value{cv} + } else if cv.CanAddr() && cv.Addr().Type().AssignableTo(arg0t) { + args = []reflectx.Value{cv.Addr()} + } else { + panic(fmtx.Errorf("callback function must accept value of type %q, found type %q", cv.Type(), arg0t)) + } + + reflectx.ValueOf(fn).Call(args) + } + }) +} + +// DieWith returns a new die after passing the current die to the callback function. The passed die is mutable. +func (d *ParamKindDie) DieWith(fns ...func(d *ParamKindDie)) *ParamKindDie { + nd := ParamKindBlank.DieFeed(d.DieRelease()).DieImmutable(false) + for _, fn := range fns { + if fn != nil { + fn(nd) + } + } + return d.DieFeed(nd.DieRelease()) +} + +// DeepCopy returns a new die with equivalent state. Useful for snapshotting a mutable die. +func (d *ParamKindDie) DeepCopy() *ParamKindDie { + r := *d.r.DeepCopy() + return &ParamKindDie{ + mutable: d.mutable, + r: r, + seal: d.seal, + } +} + +// DieSeal returns a new die for the current die's state that is sealed for comparison in future diff and patch operations. +func (d *ParamKindDie) DieSeal() *ParamKindDie { + return d.DieSealFeed(d.r) +} + +// DieSealFeed returns a new die for the current die's state that uses a specific resource for comparison in future diff and patch operations. +func (d *ParamKindDie) DieSealFeed(r admissionregistrationv1alpha1.ParamKind) *ParamKindDie { + if !d.mutable { + d = d.DeepCopy() + } + d.seal = *r.DeepCopy() + return d +} + +// DieSealFeedPtr returns a new die for the current die's state that uses a specific resource pointer for comparison in future diff and patch operations. If the resource is nil, the empty value is used instead. +func (d *ParamKindDie) DieSealFeedPtr(r *admissionregistrationv1alpha1.ParamKind) *ParamKindDie { + if r == nil { + r = &admissionregistrationv1alpha1.ParamKind{} + } + return d.DieSealFeed(*r) +} + +// DieSealRelease returns the sealed resource managed by the die. +func (d *ParamKindDie) DieSealRelease() admissionregistrationv1alpha1.ParamKind { + return *d.seal.DeepCopy() +} + +// DieSealReleasePtr returns the sealed resource pointer managed by the die. +func (d *ParamKindDie) DieSealReleasePtr() *admissionregistrationv1alpha1.ParamKind { + r := d.DieSealRelease() + return &r +} + +// DieDiff uses cmp.Diff to compare the current value of the die with the sealed value. +func (d *ParamKindDie) DieDiff(opts ...cmp.Option) string { + return cmp.Diff(d.seal, d.r, opts...) +} + +// DiePatch generates a patch between the current value of the die and the sealed value. +func (d *ParamKindDie) DiePatch(patchType types.PatchType) ([]byte, error) { + return patch.Create(d.seal, d.r, patchType) +} + +// APIVersion is the API group version the resources belong to. +// +// In format of "group/version". +// +// Required. +func (d *ParamKindDie) APIVersion(v string) *ParamKindDie { + return d.DieStamp(func(r *admissionregistrationv1alpha1.ParamKind) { + r.APIVersion = v + }) +} + +// Kind is the API kind the resources belong to. +// +// Required. +func (d *ParamKindDie) Kind(v string) *ParamKindDie { + return d.DieStamp(func(r *admissionregistrationv1alpha1.ParamKind) { + r.Kind = v + }) +} + +var MatchResourcesBlank = (&MatchResourcesDie{}).DieFeed(admissionregistrationv1alpha1.MatchResources{}) + +type MatchResourcesDie struct { + mutable bool + r admissionregistrationv1alpha1.MatchResources + seal admissionregistrationv1alpha1.MatchResources +} + +// DieImmutable returns a new die for the current die's state that is either mutable (`false`) or immutable (`true`). +func (d *MatchResourcesDie) DieImmutable(immutable bool) *MatchResourcesDie { + if d.mutable == !immutable { + return d + } + d = d.DeepCopy() + d.mutable = !immutable + return d +} + +// DieFeed returns a new die with the provided resource. +func (d *MatchResourcesDie) DieFeed(r admissionregistrationv1alpha1.MatchResources) *MatchResourcesDie { + if d.mutable { + d.r = r + return d + } + return &MatchResourcesDie{ + mutable: d.mutable, + r: r, + seal: d.seal, + } +} + +// DieFeedPtr returns a new die with the provided resource pointer. If the resource is nil, the empty value is used instead. +func (d *MatchResourcesDie) DieFeedPtr(r *admissionregistrationv1alpha1.MatchResources) *MatchResourcesDie { + if r == nil { + r = &admissionregistrationv1alpha1.MatchResources{} + } + return d.DieFeed(*r) +} + +// DieFeedJSON returns a new die with the provided JSON. Panics on error. +func (d *MatchResourcesDie) DieFeedJSON(j []byte) *MatchResourcesDie { + r := admissionregistrationv1alpha1.MatchResources{} + if err := json.Unmarshal(j, &r); err != nil { + panic(err) + } + return d.DieFeed(r) +} + +// DieFeedYAML returns a new die with the provided YAML. Panics on error. +func (d *MatchResourcesDie) DieFeedYAML(y []byte) *MatchResourcesDie { + r := admissionregistrationv1alpha1.MatchResources{} + if err := yaml.Unmarshal(y, &r); err != nil { + panic(err) + } + return d.DieFeed(r) +} + +// DieFeedYAMLFile returns a new die loading YAML from a file path. Panics on error. +func (d *MatchResourcesDie) DieFeedYAMLFile(name string) *MatchResourcesDie { + y, err := osx.ReadFile(name) + if err != nil { + panic(err) + } + return d.DieFeedYAML(y) +} + +// DieFeedRawExtension returns the resource managed by the die as an raw extension. Panics on error. +func (d *MatchResourcesDie) DieFeedRawExtension(raw runtime.RawExtension) *MatchResourcesDie { + j, err := json.Marshal(raw) + if err != nil { + panic(err) + } + return d.DieFeedJSON(j) +} + +// DieRelease returns the resource managed by the die. +func (d *MatchResourcesDie) DieRelease() admissionregistrationv1alpha1.MatchResources { + if d.mutable { + return d.r + } + return *d.r.DeepCopy() +} + +// DieReleasePtr returns a pointer to the resource managed by the die. +func (d *MatchResourcesDie) DieReleasePtr() *admissionregistrationv1alpha1.MatchResources { + r := d.DieRelease() + return &r +} + +// DieReleaseJSON returns the resource managed by the die as JSON. Panics on error. +func (d *MatchResourcesDie) DieReleaseJSON() []byte { + r := d.DieReleasePtr() + j, err := json.Marshal(r) + if err != nil { + panic(err) + } + return j +} + +// DieReleaseYAML returns the resource managed by the die as YAML. Panics on error. +func (d *MatchResourcesDie) DieReleaseYAML() []byte { + r := d.DieReleasePtr() + y, err := yaml.Marshal(r) + if err != nil { + panic(err) + } + return y +} + +// DieReleaseRawExtension returns the resource managed by the die as an raw extension. Panics on error. +func (d *MatchResourcesDie) DieReleaseRawExtension() runtime.RawExtension { + j := d.DieReleaseJSON() + raw := runtime.RawExtension{} + if err := json.Unmarshal(j, &raw); err != nil { + panic(err) + } + return raw +} + +// DieStamp returns a new die with the resource passed to the callback function. The resource is mutable. +func (d *MatchResourcesDie) DieStamp(fn func(r *admissionregistrationv1alpha1.MatchResources)) *MatchResourcesDie { + r := d.DieRelease() + fn(&r) + return d.DieFeed(r) +} + +// Experimental: DieStampAt uses a JSON path (http://goessner.net/articles/JsonPath/) expression to stamp portions of the resource. The callback is invoked with each JSON path match. Panics if the callback function does not accept a single argument of the same type or a pointer to that type as found on the resource at the target location. +// +// Future iterations will improve type coercion from the resource to the callback argument. +func (d *MatchResourcesDie) DieStampAt(jp string, fn interface{}) *MatchResourcesDie { + return d.DieStamp(func(r *admissionregistrationv1alpha1.MatchResources) { + if ni := reflectx.ValueOf(fn).Type().NumIn(); ni != 1 { + panic(fmtx.Errorf("callback function must have 1 input parameters, found %d", ni)) + } + if no := reflectx.ValueOf(fn).Type().NumOut(); no != 0 { + panic(fmtx.Errorf("callback function must have 0 output parameters, found %d", no)) + } + + cp := jsonpath.New("") + if err := cp.Parse(fmtx.Sprintf("{%s}", jp)); err != nil { + panic(err) + } + cr, err := cp.FindResults(r) + if err != nil { + // errors are expected if a path is not found + return + } + for _, cv := range cr[0] { + arg0t := reflectx.ValueOf(fn).Type().In(0) + + var args []reflectx.Value + if cv.Type().AssignableTo(arg0t) { + args = []reflectx.Value{cv} + } else if cv.CanAddr() && cv.Addr().Type().AssignableTo(arg0t) { + args = []reflectx.Value{cv.Addr()} + } else { + panic(fmtx.Errorf("callback function must accept value of type %q, found type %q", cv.Type(), arg0t)) + } + + reflectx.ValueOf(fn).Call(args) + } + }) +} + +// DieWith returns a new die after passing the current die to the callback function. The passed die is mutable. +func (d *MatchResourcesDie) DieWith(fns ...func(d *MatchResourcesDie)) *MatchResourcesDie { + nd := MatchResourcesBlank.DieFeed(d.DieRelease()).DieImmutable(false) + for _, fn := range fns { + if fn != nil { + fn(nd) + } + } + return d.DieFeed(nd.DieRelease()) +} + +// DeepCopy returns a new die with equivalent state. Useful for snapshotting a mutable die. +func (d *MatchResourcesDie) DeepCopy() *MatchResourcesDie { + r := *d.r.DeepCopy() + return &MatchResourcesDie{ + mutable: d.mutable, + r: r, + seal: d.seal, + } +} + +// DieSeal returns a new die for the current die's state that is sealed for comparison in future diff and patch operations. +func (d *MatchResourcesDie) DieSeal() *MatchResourcesDie { + return d.DieSealFeed(d.r) +} + +// DieSealFeed returns a new die for the current die's state that uses a specific resource for comparison in future diff and patch operations. +func (d *MatchResourcesDie) DieSealFeed(r admissionregistrationv1alpha1.MatchResources) *MatchResourcesDie { + if !d.mutable { + d = d.DeepCopy() + } + d.seal = *r.DeepCopy() + return d +} + +// DieSealFeedPtr returns a new die for the current die's state that uses a specific resource pointer for comparison in future diff and patch operations. If the resource is nil, the empty value is used instead. +func (d *MatchResourcesDie) DieSealFeedPtr(r *admissionregistrationv1alpha1.MatchResources) *MatchResourcesDie { + if r == nil { + r = &admissionregistrationv1alpha1.MatchResources{} + } + return d.DieSealFeed(*r) +} + +// DieSealRelease returns the sealed resource managed by the die. +func (d *MatchResourcesDie) DieSealRelease() admissionregistrationv1alpha1.MatchResources { + return *d.seal.DeepCopy() +} + +// DieSealReleasePtr returns the sealed resource pointer managed by the die. +func (d *MatchResourcesDie) DieSealReleasePtr() *admissionregistrationv1alpha1.MatchResources { + r := d.DieSealRelease() + return &r +} + +// DieDiff uses cmp.Diff to compare the current value of the die with the sealed value. +func (d *MatchResourcesDie) DieDiff(opts ...cmp.Option) string { + return cmp.Diff(d.seal, d.r, opts...) +} + +// DiePatch generates a patch between the current value of the die and the sealed value. +func (d *MatchResourcesDie) DiePatch(patchType types.PatchType) ([]byte, error) { + return patch.Create(d.seal, d.r, patchType) +} + +// NamespaceSelectorDie mutates NamespaceSelector as a die. +// +// # NamespaceSelector decides whether to run the admission control policy on an object based +// +// on whether the namespace for that object matches the selector. If the +// +// object itself is a namespace, the matching is performed on +// +// object.metadata.labels. If the object is another cluster scoped resource, +// +// it never skips the policy. +// +// # For example, to run the webhook on any objects whose namespace is not +// +// associated with "runlevel" of "0" or "1"; you will set the selector as +// +// follows: +// +// "namespaceSelector": { +// +// "matchExpressions": [ +// +// { +// +// "key": "runlevel", +// +// "operator": "NotIn", +// +// "values": [ +// +// "0", +// +// "1" +// +// ] +// +// } +// +// ] +// +// } +// +// # If instead you want to only run the policy on any objects whose +// +// namespace is associated with the "environment" of "prod" or "staging"; +// +// you will set the selector as follows: +// +// "namespaceSelector": { +// +// "matchExpressions": [ +// +// { +// +// "key": "environment", +// +// "operator": "In", +// +// "values": [ +// +// "prod", +// +// "staging" +// +// ] +// +// } +// +// ] +// +// } +// +// # See +// +// https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ +// +// for more examples of label selectors. +// +// Default to the empty LabelSelector, which matches everything. +func (d *MatchResourcesDie) NamespaceSelectorDie(fn func(d *v1.LabelSelectorDie)) *MatchResourcesDie { + return d.DieStamp(func(r *admissionregistrationv1alpha1.MatchResources) { + d := v1.LabelSelectorBlank.DieImmutable(false).DieFeedPtr(r.NamespaceSelector) + fn(d) + r.NamespaceSelector = d.DieReleasePtr() + }) +} + +// ObjectSelectorDie mutates ObjectSelector as a die. +// +// # ObjectSelector decides whether to run the validation based on if the +// +// object has matching labels. objectSelector is evaluated against both +// +// the oldObject and newObject that would be sent to the cel validation, and +// +// is considered to match if either object matches the selector. A null +// +// object (oldObject in the case of create, or newObject in the case of +// +// delete) or an object that cannot have labels (like a +// +// # DeploymentRollback or a PodProxyOptions object) is not considered to +// +// match. +// +// # Use the object selector only if the webhook is opt-in, because end +// +// users may skip the admission webhook by setting the labels. +// +// Default to the empty LabelSelector, which matches everything. +func (d *MatchResourcesDie) ObjectSelectorDie(fn func(d *v1.LabelSelectorDie)) *MatchResourcesDie { + return d.DieStamp(func(r *admissionregistrationv1alpha1.MatchResources) { + d := v1.LabelSelectorBlank.DieImmutable(false).DieFeedPtr(r.ObjectSelector) + fn(d) + r.ObjectSelector = d.DieReleasePtr() + }) +} + +// ResourceRulesDie replaces ResourceRules by collecting the released value from each die passed. +// +// ResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy matches. +// +// The policy cares about an operation if it matches _any_ Rule. +func (d *MatchResourcesDie) ResourceRulesDie(v ...*NamedRuleWithOperationsDie) *MatchResourcesDie { + return d.DieStamp(func(r *admissionregistrationv1alpha1.MatchResources) { + r.ResourceRules = make([]admissionregistrationv1alpha1.NamedRuleWithOperations, len(v)) + for i := range v { + r.ResourceRules[i] = v[i].DieRelease() + } + }) +} + +// ExcludeResourceRulesDie replaces ExcludeResourceRules by collecting the released value from each die passed. +// +// ExcludeResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy should not care about. +// +// The exclude rules take precedence over include rules (if a resource matches both, it is excluded) +func (d *MatchResourcesDie) ExcludeResourceRulesDie(v ...*NamedRuleWithOperationsDie) *MatchResourcesDie { + return d.DieStamp(func(r *admissionregistrationv1alpha1.MatchResources) { + r.ExcludeResourceRules = make([]admissionregistrationv1alpha1.NamedRuleWithOperations, len(v)) + for i := range v { + r.ExcludeResourceRules[i] = v[i].DieRelease() + } + }) +} + +// NamespaceSelector decides whether to run the admission control policy on an object based +// +// on whether the namespace for that object matches the selector. If the +// +// object itself is a namespace, the matching is performed on +// +// object.metadata.labels. If the object is another cluster scoped resource, +// +// it never skips the policy. +// +// # For example, to run the webhook on any objects whose namespace is not +// +// associated with "runlevel" of "0" or "1"; you will set the selector as +// +// follows: +// +// "namespaceSelector": { +// +// "matchExpressions": [ +// +// { +// +// "key": "runlevel", +// +// "operator": "NotIn", +// +// "values": [ +// +// "0", +// +// "1" +// +// ] +// +// } +// +// ] +// +// } +// +// # If instead you want to only run the policy on any objects whose +// +// namespace is associated with the "environment" of "prod" or "staging"; +// +// you will set the selector as follows: +// +// "namespaceSelector": { +// +// "matchExpressions": [ +// +// { +// +// "key": "environment", +// +// "operator": "In", +// +// "values": [ +// +// "prod", +// +// "staging" +// +// ] +// +// } +// +// ] +// +// } +// +// # See +// +// https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ +// +// for more examples of label selectors. +// +// Default to the empty LabelSelector, which matches everything. +func (d *MatchResourcesDie) NamespaceSelector(v *metav1.LabelSelector) *MatchResourcesDie { + return d.DieStamp(func(r *admissionregistrationv1alpha1.MatchResources) { + r.NamespaceSelector = v + }) +} + +// ObjectSelector decides whether to run the validation based on if the +// +// object has matching labels. objectSelector is evaluated against both +// +// the oldObject and newObject that would be sent to the cel validation, and +// +// is considered to match if either object matches the selector. A null +// +// object (oldObject in the case of create, or newObject in the case of +// +// delete) or an object that cannot have labels (like a +// +// # DeploymentRollback or a PodProxyOptions object) is not considered to +// +// match. +// +// # Use the object selector only if the webhook is opt-in, because end +// +// users may skip the admission webhook by setting the labels. +// +// Default to the empty LabelSelector, which matches everything. +func (d *MatchResourcesDie) ObjectSelector(v *metav1.LabelSelector) *MatchResourcesDie { + return d.DieStamp(func(r *admissionregistrationv1alpha1.MatchResources) { + r.ObjectSelector = v + }) +} + +// ResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy matches. +// +// The policy cares about an operation if it matches _any_ Rule. +func (d *MatchResourcesDie) ResourceRules(v ...admissionregistrationv1alpha1.NamedRuleWithOperations) *MatchResourcesDie { + return d.DieStamp(func(r *admissionregistrationv1alpha1.MatchResources) { + r.ResourceRules = v + }) +} + +// ExcludeResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy should not care about. +// +// The exclude rules take precedence over include rules (if a resource matches both, it is excluded) +func (d *MatchResourcesDie) ExcludeResourceRules(v ...admissionregistrationv1alpha1.NamedRuleWithOperations) *MatchResourcesDie { + return d.DieStamp(func(r *admissionregistrationv1alpha1.MatchResources) { + r.ExcludeResourceRules = v + }) +} + +// matchPolicy defines how the "MatchResources" list is used to match incoming requests. +// +// Allowed values are "Exact" or "Equivalent". +// +// - Exact: match a request only if it exactly matches a specified rule. +// +// For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, +// +// but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, +// +// a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the ValidatingAdmissionPolicy. +// +// - Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. +// +// For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, +// +// and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, +// +// a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the ValidatingAdmissionPolicy. +// +// Defaults to "Equivalent" +func (d *MatchResourcesDie) MatchPolicy(v *admissionregistrationv1alpha1.MatchPolicyType) *MatchResourcesDie { + return d.DieStamp(func(r *admissionregistrationv1alpha1.MatchResources) { + r.MatchPolicy = v + }) +} + +var MatchConditionBlank = (&MatchConditionDie{}).DieFeed(admissionregistrationv1alpha1.MatchCondition{}) + +type MatchConditionDie struct { + mutable bool + r admissionregistrationv1alpha1.MatchCondition + seal admissionregistrationv1alpha1.MatchCondition +} + +// DieImmutable returns a new die for the current die's state that is either mutable (`false`) or immutable (`true`). +func (d *MatchConditionDie) DieImmutable(immutable bool) *MatchConditionDie { + if d.mutable == !immutable { + return d + } + d = d.DeepCopy() + d.mutable = !immutable + return d +} + +// DieFeed returns a new die with the provided resource. +func (d *MatchConditionDie) DieFeed(r admissionregistrationv1alpha1.MatchCondition) *MatchConditionDie { + if d.mutable { + d.r = r + return d + } + return &MatchConditionDie{ + mutable: d.mutable, + r: r, + seal: d.seal, + } +} + +// DieFeedPtr returns a new die with the provided resource pointer. If the resource is nil, the empty value is used instead. +func (d *MatchConditionDie) DieFeedPtr(r *admissionregistrationv1alpha1.MatchCondition) *MatchConditionDie { + if r == nil { + r = &admissionregistrationv1alpha1.MatchCondition{} + } + return d.DieFeed(*r) +} + +// DieFeedJSON returns a new die with the provided JSON. Panics on error. +func (d *MatchConditionDie) DieFeedJSON(j []byte) *MatchConditionDie { + r := admissionregistrationv1alpha1.MatchCondition{} + if err := json.Unmarshal(j, &r); err != nil { + panic(err) + } + return d.DieFeed(r) +} + +// DieFeedYAML returns a new die with the provided YAML. Panics on error. +func (d *MatchConditionDie) DieFeedYAML(y []byte) *MatchConditionDie { + r := admissionregistrationv1alpha1.MatchCondition{} + if err := yaml.Unmarshal(y, &r); err != nil { + panic(err) + } + return d.DieFeed(r) +} + +// DieFeedYAMLFile returns a new die loading YAML from a file path. Panics on error. +func (d *MatchConditionDie) DieFeedYAMLFile(name string) *MatchConditionDie { + y, err := osx.ReadFile(name) + if err != nil { + panic(err) + } + return d.DieFeedYAML(y) +} + +// DieFeedRawExtension returns the resource managed by the die as an raw extension. Panics on error. +func (d *MatchConditionDie) DieFeedRawExtension(raw runtime.RawExtension) *MatchConditionDie { + j, err := json.Marshal(raw) + if err != nil { + panic(err) + } + return d.DieFeedJSON(j) +} + +// DieRelease returns the resource managed by the die. +func (d *MatchConditionDie) DieRelease() admissionregistrationv1alpha1.MatchCondition { + if d.mutable { + return d.r + } + return *d.r.DeepCopy() +} + +// DieReleasePtr returns a pointer to the resource managed by the die. +func (d *MatchConditionDie) DieReleasePtr() *admissionregistrationv1alpha1.MatchCondition { + r := d.DieRelease() + return &r +} + +// DieReleaseJSON returns the resource managed by the die as JSON. Panics on error. +func (d *MatchConditionDie) DieReleaseJSON() []byte { + r := d.DieReleasePtr() + j, err := json.Marshal(r) + if err != nil { + panic(err) + } + return j +} + +// DieReleaseYAML returns the resource managed by the die as YAML. Panics on error. +func (d *MatchConditionDie) DieReleaseYAML() []byte { + r := d.DieReleasePtr() + y, err := yaml.Marshal(r) + if err != nil { + panic(err) + } + return y +} + +// DieReleaseRawExtension returns the resource managed by the die as an raw extension. Panics on error. +func (d *MatchConditionDie) DieReleaseRawExtension() runtime.RawExtension { + j := d.DieReleaseJSON() + raw := runtime.RawExtension{} + if err := json.Unmarshal(j, &raw); err != nil { + panic(err) + } + return raw +} + +// DieStamp returns a new die with the resource passed to the callback function. The resource is mutable. +func (d *MatchConditionDie) DieStamp(fn func(r *admissionregistrationv1alpha1.MatchCondition)) *MatchConditionDie { + r := d.DieRelease() + fn(&r) + return d.DieFeed(r) +} + +// Experimental: DieStampAt uses a JSON path (http://goessner.net/articles/JsonPath/) expression to stamp portions of the resource. The callback is invoked with each JSON path match. Panics if the callback function does not accept a single argument of the same type or a pointer to that type as found on the resource at the target location. +// +// Future iterations will improve type coercion from the resource to the callback argument. +func (d *MatchConditionDie) DieStampAt(jp string, fn interface{}) *MatchConditionDie { + return d.DieStamp(func(r *admissionregistrationv1alpha1.MatchCondition) { + if ni := reflectx.ValueOf(fn).Type().NumIn(); ni != 1 { + panic(fmtx.Errorf("callback function must have 1 input parameters, found %d", ni)) + } + if no := reflectx.ValueOf(fn).Type().NumOut(); no != 0 { + panic(fmtx.Errorf("callback function must have 0 output parameters, found %d", no)) + } + + cp := jsonpath.New("") + if err := cp.Parse(fmtx.Sprintf("{%s}", jp)); err != nil { + panic(err) + } + cr, err := cp.FindResults(r) + if err != nil { + // errors are expected if a path is not found + return + } + for _, cv := range cr[0] { + arg0t := reflectx.ValueOf(fn).Type().In(0) + + var args []reflectx.Value + if cv.Type().AssignableTo(arg0t) { + args = []reflectx.Value{cv} + } else if cv.CanAddr() && cv.Addr().Type().AssignableTo(arg0t) { + args = []reflectx.Value{cv.Addr()} + } else { + panic(fmtx.Errorf("callback function must accept value of type %q, found type %q", cv.Type(), arg0t)) + } + + reflectx.ValueOf(fn).Call(args) + } + }) +} + +// DieWith returns a new die after passing the current die to the callback function. The passed die is mutable. +func (d *MatchConditionDie) DieWith(fns ...func(d *MatchConditionDie)) *MatchConditionDie { + nd := MatchConditionBlank.DieFeed(d.DieRelease()).DieImmutable(false) + for _, fn := range fns { + if fn != nil { + fn(nd) + } + } + return d.DieFeed(nd.DieRelease()) +} + +// DeepCopy returns a new die with equivalent state. Useful for snapshotting a mutable die. +func (d *MatchConditionDie) DeepCopy() *MatchConditionDie { + r := *d.r.DeepCopy() + return &MatchConditionDie{ + mutable: d.mutable, + r: r, + seal: d.seal, + } +} + +// DieSeal returns a new die for the current die's state that is sealed for comparison in future diff and patch operations. +func (d *MatchConditionDie) DieSeal() *MatchConditionDie { + return d.DieSealFeed(d.r) +} + +// DieSealFeed returns a new die for the current die's state that uses a specific resource for comparison in future diff and patch operations. +func (d *MatchConditionDie) DieSealFeed(r admissionregistrationv1alpha1.MatchCondition) *MatchConditionDie { + if !d.mutable { + d = d.DeepCopy() + } + d.seal = *r.DeepCopy() + return d +} + +// DieSealFeedPtr returns a new die for the current die's state that uses a specific resource pointer for comparison in future diff and patch operations. If the resource is nil, the empty value is used instead. +func (d *MatchConditionDie) DieSealFeedPtr(r *admissionregistrationv1alpha1.MatchCondition) *MatchConditionDie { + if r == nil { + r = &admissionregistrationv1alpha1.MatchCondition{} + } + return d.DieSealFeed(*r) +} + +// DieSealRelease returns the sealed resource managed by the die. +func (d *MatchConditionDie) DieSealRelease() admissionregistrationv1alpha1.MatchCondition { + return *d.seal.DeepCopy() +} + +// DieSealReleasePtr returns the sealed resource pointer managed by the die. +func (d *MatchConditionDie) DieSealReleasePtr() *admissionregistrationv1alpha1.MatchCondition { + r := d.DieSealRelease() + return &r +} + +// DieDiff uses cmp.Diff to compare the current value of the die with the sealed value. +func (d *MatchConditionDie) DieDiff(opts ...cmp.Option) string { + return cmp.Diff(d.seal, d.r, opts...) +} + +// DiePatch generates a patch between the current value of the die and the sealed value. +func (d *MatchConditionDie) DiePatch(patchType types.PatchType) ([]byte, error) { + return patch.Create(d.seal, d.r, patchType) +} + +var VariableBlank = (&VariableDie{}).DieFeed(admissionregistrationv1alpha1.Variable{}) + +type VariableDie struct { + mutable bool + r admissionregistrationv1alpha1.Variable + seal admissionregistrationv1alpha1.Variable +} + +// DieImmutable returns a new die for the current die's state that is either mutable (`false`) or immutable (`true`). +func (d *VariableDie) DieImmutable(immutable bool) *VariableDie { + if d.mutable == !immutable { + return d + } + d = d.DeepCopy() + d.mutable = !immutable + return d +} + +// DieFeed returns a new die with the provided resource. +func (d *VariableDie) DieFeed(r admissionregistrationv1alpha1.Variable) *VariableDie { + if d.mutable { + d.r = r + return d + } + return &VariableDie{ + mutable: d.mutable, + r: r, + seal: d.seal, + } +} + +// DieFeedPtr returns a new die with the provided resource pointer. If the resource is nil, the empty value is used instead. +func (d *VariableDie) DieFeedPtr(r *admissionregistrationv1alpha1.Variable) *VariableDie { + if r == nil { + r = &admissionregistrationv1alpha1.Variable{} + } + return d.DieFeed(*r) +} + +// DieFeedJSON returns a new die with the provided JSON. Panics on error. +func (d *VariableDie) DieFeedJSON(j []byte) *VariableDie { + r := admissionregistrationv1alpha1.Variable{} + if err := json.Unmarshal(j, &r); err != nil { + panic(err) + } + return d.DieFeed(r) +} + +// DieFeedYAML returns a new die with the provided YAML. Panics on error. +func (d *VariableDie) DieFeedYAML(y []byte) *VariableDie { + r := admissionregistrationv1alpha1.Variable{} + if err := yaml.Unmarshal(y, &r); err != nil { + panic(err) + } + return d.DieFeed(r) +} + +// DieFeedYAMLFile returns a new die loading YAML from a file path. Panics on error. +func (d *VariableDie) DieFeedYAMLFile(name string) *VariableDie { + y, err := osx.ReadFile(name) + if err != nil { + panic(err) + } + return d.DieFeedYAML(y) +} + +// DieFeedRawExtension returns the resource managed by the die as an raw extension. Panics on error. +func (d *VariableDie) DieFeedRawExtension(raw runtime.RawExtension) *VariableDie { + j, err := json.Marshal(raw) + if err != nil { + panic(err) + } + return d.DieFeedJSON(j) +} + +// DieRelease returns the resource managed by the die. +func (d *VariableDie) DieRelease() admissionregistrationv1alpha1.Variable { + if d.mutable { + return d.r + } + return *d.r.DeepCopy() +} + +// DieReleasePtr returns a pointer to the resource managed by the die. +func (d *VariableDie) DieReleasePtr() *admissionregistrationv1alpha1.Variable { + r := d.DieRelease() + return &r +} + +// DieReleaseJSON returns the resource managed by the die as JSON. Panics on error. +func (d *VariableDie) DieReleaseJSON() []byte { + r := d.DieReleasePtr() + j, err := json.Marshal(r) + if err != nil { + panic(err) + } + return j +} + +// DieReleaseYAML returns the resource managed by the die as YAML. Panics on error. +func (d *VariableDie) DieReleaseYAML() []byte { + r := d.DieReleasePtr() + y, err := yaml.Marshal(r) + if err != nil { + panic(err) + } + return y +} + +// DieReleaseRawExtension returns the resource managed by the die as an raw extension. Panics on error. +func (d *VariableDie) DieReleaseRawExtension() runtime.RawExtension { + j := d.DieReleaseJSON() + raw := runtime.RawExtension{} + if err := json.Unmarshal(j, &raw); err != nil { + panic(err) + } + return raw +} + +// DieStamp returns a new die with the resource passed to the callback function. The resource is mutable. +func (d *VariableDie) DieStamp(fn func(r *admissionregistrationv1alpha1.Variable)) *VariableDie { + r := d.DieRelease() + fn(&r) + return d.DieFeed(r) +} + +// Experimental: DieStampAt uses a JSON path (http://goessner.net/articles/JsonPath/) expression to stamp portions of the resource. The callback is invoked with each JSON path match. Panics if the callback function does not accept a single argument of the same type or a pointer to that type as found on the resource at the target location. +// +// Future iterations will improve type coercion from the resource to the callback argument. +func (d *VariableDie) DieStampAt(jp string, fn interface{}) *VariableDie { + return d.DieStamp(func(r *admissionregistrationv1alpha1.Variable) { + if ni := reflectx.ValueOf(fn).Type().NumIn(); ni != 1 { + panic(fmtx.Errorf("callback function must have 1 input parameters, found %d", ni)) + } + if no := reflectx.ValueOf(fn).Type().NumOut(); no != 0 { + panic(fmtx.Errorf("callback function must have 0 output parameters, found %d", no)) + } + + cp := jsonpath.New("") + if err := cp.Parse(fmtx.Sprintf("{%s}", jp)); err != nil { + panic(err) + } + cr, err := cp.FindResults(r) + if err != nil { + // errors are expected if a path is not found + return + } + for _, cv := range cr[0] { + arg0t := reflectx.ValueOf(fn).Type().In(0) + + var args []reflectx.Value + if cv.Type().AssignableTo(arg0t) { + args = []reflectx.Value{cv} + } else if cv.CanAddr() && cv.Addr().Type().AssignableTo(arg0t) { + args = []reflectx.Value{cv.Addr()} + } else { + panic(fmtx.Errorf("callback function must accept value of type %q, found type %q", cv.Type(), arg0t)) + } + + reflectx.ValueOf(fn).Call(args) + } + }) +} + +// DieWith returns a new die after passing the current die to the callback function. The passed die is mutable. +func (d *VariableDie) DieWith(fns ...func(d *VariableDie)) *VariableDie { + nd := VariableBlank.DieFeed(d.DieRelease()).DieImmutable(false) + for _, fn := range fns { + if fn != nil { + fn(nd) + } + } + return d.DieFeed(nd.DieRelease()) +} + +// DeepCopy returns a new die with equivalent state. Useful for snapshotting a mutable die. +func (d *VariableDie) DeepCopy() *VariableDie { + r := *d.r.DeepCopy() + return &VariableDie{ + mutable: d.mutable, + r: r, + seal: d.seal, + } +} + +// DieSeal returns a new die for the current die's state that is sealed for comparison in future diff and patch operations. +func (d *VariableDie) DieSeal() *VariableDie { + return d.DieSealFeed(d.r) +} + +// DieSealFeed returns a new die for the current die's state that uses a specific resource for comparison in future diff and patch operations. +func (d *VariableDie) DieSealFeed(r admissionregistrationv1alpha1.Variable) *VariableDie { + if !d.mutable { + d = d.DeepCopy() + } + d.seal = *r.DeepCopy() + return d +} + +// DieSealFeedPtr returns a new die for the current die's state that uses a specific resource pointer for comparison in future diff and patch operations. If the resource is nil, the empty value is used instead. +func (d *VariableDie) DieSealFeedPtr(r *admissionregistrationv1alpha1.Variable) *VariableDie { + if r == nil { + r = &admissionregistrationv1alpha1.Variable{} + } + return d.DieSealFeed(*r) +} + +// DieSealRelease returns the sealed resource managed by the die. +func (d *VariableDie) DieSealRelease() admissionregistrationv1alpha1.Variable { + return *d.seal.DeepCopy() +} + +// DieSealReleasePtr returns the sealed resource pointer managed by the die. +func (d *VariableDie) DieSealReleasePtr() *admissionregistrationv1alpha1.Variable { + r := d.DieSealRelease() + return &r +} + +// DieDiff uses cmp.Diff to compare the current value of the die with the sealed value. +func (d *VariableDie) DieDiff(opts ...cmp.Option) string { + return cmp.Diff(d.seal, d.r, opts...) +} + +// DiePatch generates a patch between the current value of the die and the sealed value. +func (d *VariableDie) DiePatch(patchType types.PatchType) ([]byte, error) { + return patch.Create(d.seal, d.r, patchType) +} + +// Name is the name of the variable. The name must be a valid CEL identifier and unique among all variables. +// +// The variable can be accessed in other expressions through `variables` +// +// For example, if name is "foo", the variable will be available as `variables.foo` +func (d *VariableDie) Name(v string) *VariableDie { + return d.DieStamp(func(r *admissionregistrationv1alpha1.Variable) { + r.Name = v + }) +} + +// Expression is the expression that will be evaluated as the value of the variable. +// +// The CEL expression has access to the same identifiers as the CEL expressions in Validation. +func (d *VariableDie) Expression(v string) *VariableDie { + return d.DieStamp(func(r *admissionregistrationv1alpha1.Variable) { + r.Expression = v + }) +} + +var MutationBlank = (&MutationDie{}).DieFeed(admissionregistrationv1alpha1.Mutation{}) + +type MutationDie struct { + mutable bool + r admissionregistrationv1alpha1.Mutation + seal admissionregistrationv1alpha1.Mutation +} + +// DieImmutable returns a new die for the current die's state that is either mutable (`false`) or immutable (`true`). +func (d *MutationDie) DieImmutable(immutable bool) *MutationDie { + if d.mutable == !immutable { + return d + } + d = d.DeepCopy() + d.mutable = !immutable + return d +} + +// DieFeed returns a new die with the provided resource. +func (d *MutationDie) DieFeed(r admissionregistrationv1alpha1.Mutation) *MutationDie { + if d.mutable { + d.r = r + return d + } + return &MutationDie{ + mutable: d.mutable, + r: r, + seal: d.seal, + } +} + +// DieFeedPtr returns a new die with the provided resource pointer. If the resource is nil, the empty value is used instead. +func (d *MutationDie) DieFeedPtr(r *admissionregistrationv1alpha1.Mutation) *MutationDie { + if r == nil { + r = &admissionregistrationv1alpha1.Mutation{} + } + return d.DieFeed(*r) +} + +// DieFeedJSON returns a new die with the provided JSON. Panics on error. +func (d *MutationDie) DieFeedJSON(j []byte) *MutationDie { + r := admissionregistrationv1alpha1.Mutation{} + if err := json.Unmarshal(j, &r); err != nil { + panic(err) + } + return d.DieFeed(r) +} + +// DieFeedYAML returns a new die with the provided YAML. Panics on error. +func (d *MutationDie) DieFeedYAML(y []byte) *MutationDie { + r := admissionregistrationv1alpha1.Mutation{} + if err := yaml.Unmarshal(y, &r); err != nil { + panic(err) + } + return d.DieFeed(r) +} + +// DieFeedYAMLFile returns a new die loading YAML from a file path. Panics on error. +func (d *MutationDie) DieFeedYAMLFile(name string) *MutationDie { + y, err := osx.ReadFile(name) + if err != nil { + panic(err) + } + return d.DieFeedYAML(y) +} + +// DieFeedRawExtension returns the resource managed by the die as an raw extension. Panics on error. +func (d *MutationDie) DieFeedRawExtension(raw runtime.RawExtension) *MutationDie { + j, err := json.Marshal(raw) + if err != nil { + panic(err) + } + return d.DieFeedJSON(j) +} + +// DieRelease returns the resource managed by the die. +func (d *MutationDie) DieRelease() admissionregistrationv1alpha1.Mutation { + if d.mutable { + return d.r + } + return *d.r.DeepCopy() +} + +// DieReleasePtr returns a pointer to the resource managed by the die. +func (d *MutationDie) DieReleasePtr() *admissionregistrationv1alpha1.Mutation { + r := d.DieRelease() + return &r +} + +// DieReleaseJSON returns the resource managed by the die as JSON. Panics on error. +func (d *MutationDie) DieReleaseJSON() []byte { + r := d.DieReleasePtr() + j, err := json.Marshal(r) + if err != nil { + panic(err) + } + return j +} + +// DieReleaseYAML returns the resource managed by the die as YAML. Panics on error. +func (d *MutationDie) DieReleaseYAML() []byte { + r := d.DieReleasePtr() + y, err := yaml.Marshal(r) + if err != nil { + panic(err) + } + return y +} + +// DieReleaseRawExtension returns the resource managed by the die as an raw extension. Panics on error. +func (d *MutationDie) DieReleaseRawExtension() runtime.RawExtension { + j := d.DieReleaseJSON() + raw := runtime.RawExtension{} + if err := json.Unmarshal(j, &raw); err != nil { + panic(err) + } + return raw +} + +// DieStamp returns a new die with the resource passed to the callback function. The resource is mutable. +func (d *MutationDie) DieStamp(fn func(r *admissionregistrationv1alpha1.Mutation)) *MutationDie { + r := d.DieRelease() + fn(&r) + return d.DieFeed(r) +} + +// Experimental: DieStampAt uses a JSON path (http://goessner.net/articles/JsonPath/) expression to stamp portions of the resource. The callback is invoked with each JSON path match. Panics if the callback function does not accept a single argument of the same type or a pointer to that type as found on the resource at the target location. +// +// Future iterations will improve type coercion from the resource to the callback argument. +func (d *MutationDie) DieStampAt(jp string, fn interface{}) *MutationDie { + return d.DieStamp(func(r *admissionregistrationv1alpha1.Mutation) { + if ni := reflectx.ValueOf(fn).Type().NumIn(); ni != 1 { + panic(fmtx.Errorf("callback function must have 1 input parameters, found %d", ni)) + } + if no := reflectx.ValueOf(fn).Type().NumOut(); no != 0 { + panic(fmtx.Errorf("callback function must have 0 output parameters, found %d", no)) + } + + cp := jsonpath.New("") + if err := cp.Parse(fmtx.Sprintf("{%s}", jp)); err != nil { + panic(err) + } + cr, err := cp.FindResults(r) + if err != nil { + // errors are expected if a path is not found + return + } + for _, cv := range cr[0] { + arg0t := reflectx.ValueOf(fn).Type().In(0) + + var args []reflectx.Value + if cv.Type().AssignableTo(arg0t) { + args = []reflectx.Value{cv} + } else if cv.CanAddr() && cv.Addr().Type().AssignableTo(arg0t) { + args = []reflectx.Value{cv.Addr()} + } else { + panic(fmtx.Errorf("callback function must accept value of type %q, found type %q", cv.Type(), arg0t)) + } + + reflectx.ValueOf(fn).Call(args) + } + }) +} + +// DieWith returns a new die after passing the current die to the callback function. The passed die is mutable. +func (d *MutationDie) DieWith(fns ...func(d *MutationDie)) *MutationDie { + nd := MutationBlank.DieFeed(d.DieRelease()).DieImmutable(false) + for _, fn := range fns { + if fn != nil { + fn(nd) + } + } + return d.DieFeed(nd.DieRelease()) +} + +// DeepCopy returns a new die with equivalent state. Useful for snapshotting a mutable die. +func (d *MutationDie) DeepCopy() *MutationDie { + r := *d.r.DeepCopy() + return &MutationDie{ + mutable: d.mutable, + r: r, + seal: d.seal, + } +} + +// DieSeal returns a new die for the current die's state that is sealed for comparison in future diff and patch operations. +func (d *MutationDie) DieSeal() *MutationDie { + return d.DieSealFeed(d.r) +} + +// DieSealFeed returns a new die for the current die's state that uses a specific resource for comparison in future diff and patch operations. +func (d *MutationDie) DieSealFeed(r admissionregistrationv1alpha1.Mutation) *MutationDie { + if !d.mutable { + d = d.DeepCopy() + } + d.seal = *r.DeepCopy() + return d +} + +// DieSealFeedPtr returns a new die for the current die's state that uses a specific resource pointer for comparison in future diff and patch operations. If the resource is nil, the empty value is used instead. +func (d *MutationDie) DieSealFeedPtr(r *admissionregistrationv1alpha1.Mutation) *MutationDie { + if r == nil { + r = &admissionregistrationv1alpha1.Mutation{} + } + return d.DieSealFeed(*r) +} + +// DieSealRelease returns the sealed resource managed by the die. +func (d *MutationDie) DieSealRelease() admissionregistrationv1alpha1.Mutation { + return *d.seal.DeepCopy() +} + +// DieSealReleasePtr returns the sealed resource pointer managed by the die. +func (d *MutationDie) DieSealReleasePtr() *admissionregistrationv1alpha1.Mutation { + r := d.DieSealRelease() + return &r +} + +// DieDiff uses cmp.Diff to compare the current value of the die with the sealed value. +func (d *MutationDie) DieDiff(opts ...cmp.Option) string { + return cmp.Diff(d.seal, d.r, opts...) +} + +// DiePatch generates a patch between the current value of the die and the sealed value. +func (d *MutationDie) DiePatch(patchType types.PatchType) ([]byte, error) { + return patch.Create(d.seal, d.r, patchType) +} + +// ApplyConfigurationDie mutates ApplyConfiguration as a die. +// +// applyConfiguration defines the desired configuration values of an object. +// +// # The configuration is applied to the admission object using +// +// [structured merge diff](https://github.com/kubernetes-sigs/structured-merge-diff). +// +// A CEL expression is used to create apply configuration. +func (d *MutationDie) ApplyConfigurationDie(fn func(d *ApplyConfigurationDie)) *MutationDie { + return d.DieStamp(func(r *admissionregistrationv1alpha1.Mutation) { + d := ApplyConfigurationBlank.DieImmutable(false).DieFeedPtr(r.ApplyConfiguration) + fn(d) + r.ApplyConfiguration = d.DieReleasePtr() + }) +} + +// JSONPatchDie mutates JSONPatch as a die. +// +// jsonPatch defines a [JSON patch](https://jsonpatch.com/) operation to perform a mutation to the object. +// +// A CEL expression is used to create the JSON patch. +func (d *MutationDie) JSONPatchDie(fn func(d *JSONPatchDie)) *MutationDie { + return d.DieStamp(func(r *admissionregistrationv1alpha1.Mutation) { + d := JSONPatchBlank.DieImmutable(false).DieFeedPtr(r.JSONPatch) + fn(d) + r.JSONPatch = d.DieReleasePtr() + }) +} + +// patchType indicates the patch strategy used. +// +// Allowed values are "ApplyConfiguration" and "JSONPatch". +// +// Required. +func (d *MutationDie) PatchType(v admissionregistrationv1alpha1.PatchType) *MutationDie { + return d.DieStamp(func(r *admissionregistrationv1alpha1.Mutation) { + r.PatchType = v + }) +} + +// applyConfiguration defines the desired configuration values of an object. +// +// # The configuration is applied to the admission object using +// +// [structured merge diff](https://github.com/kubernetes-sigs/structured-merge-diff). +// +// A CEL expression is used to create apply configuration. +func (d *MutationDie) ApplyConfiguration(v *admissionregistrationv1alpha1.ApplyConfiguration) *MutationDie { + return d.DieStamp(func(r *admissionregistrationv1alpha1.Mutation) { + r.ApplyConfiguration = v + }) +} + +// jsonPatch defines a [JSON patch](https://jsonpatch.com/) operation to perform a mutation to the object. +// +// A CEL expression is used to create the JSON patch. +func (d *MutationDie) JSONPatch(v *admissionregistrationv1alpha1.JSONPatch) *MutationDie { + return d.DieStamp(func(r *admissionregistrationv1alpha1.Mutation) { + r.JSONPatch = v + }) +} + +var NamedRuleWithOperationsBlank = (&NamedRuleWithOperationsDie{}).DieFeed(admissionregistrationv1alpha1.NamedRuleWithOperations{}) + +type NamedRuleWithOperationsDie struct { + mutable bool + r admissionregistrationv1alpha1.NamedRuleWithOperations + seal admissionregistrationv1alpha1.NamedRuleWithOperations +} + +// DieImmutable returns a new die for the current die's state that is either mutable (`false`) or immutable (`true`). +func (d *NamedRuleWithOperationsDie) DieImmutable(immutable bool) *NamedRuleWithOperationsDie { + if d.mutable == !immutable { + return d + } + d = d.DeepCopy() + d.mutable = !immutable + return d +} + +// DieFeed returns a new die with the provided resource. +func (d *NamedRuleWithOperationsDie) DieFeed(r admissionregistrationv1alpha1.NamedRuleWithOperations) *NamedRuleWithOperationsDie { + if d.mutable { + d.r = r + return d + } + return &NamedRuleWithOperationsDie{ + mutable: d.mutable, + r: r, + seal: d.seal, + } +} + +// DieFeedPtr returns a new die with the provided resource pointer. If the resource is nil, the empty value is used instead. +func (d *NamedRuleWithOperationsDie) DieFeedPtr(r *admissionregistrationv1alpha1.NamedRuleWithOperations) *NamedRuleWithOperationsDie { + if r == nil { + r = &admissionregistrationv1alpha1.NamedRuleWithOperations{} + } + return d.DieFeed(*r) +} + +// DieFeedJSON returns a new die with the provided JSON. Panics on error. +func (d *NamedRuleWithOperationsDie) DieFeedJSON(j []byte) *NamedRuleWithOperationsDie { + r := admissionregistrationv1alpha1.NamedRuleWithOperations{} + if err := json.Unmarshal(j, &r); err != nil { + panic(err) + } + return d.DieFeed(r) +} + +// DieFeedYAML returns a new die with the provided YAML. Panics on error. +func (d *NamedRuleWithOperationsDie) DieFeedYAML(y []byte) *NamedRuleWithOperationsDie { + r := admissionregistrationv1alpha1.NamedRuleWithOperations{} + if err := yaml.Unmarshal(y, &r); err != nil { + panic(err) + } + return d.DieFeed(r) +} + +// DieFeedYAMLFile returns a new die loading YAML from a file path. Panics on error. +func (d *NamedRuleWithOperationsDie) DieFeedYAMLFile(name string) *NamedRuleWithOperationsDie { + y, err := osx.ReadFile(name) + if err != nil { + panic(err) + } + return d.DieFeedYAML(y) +} + +// DieFeedRawExtension returns the resource managed by the die as an raw extension. Panics on error. +func (d *NamedRuleWithOperationsDie) DieFeedRawExtension(raw runtime.RawExtension) *NamedRuleWithOperationsDie { + j, err := json.Marshal(raw) + if err != nil { + panic(err) + } + return d.DieFeedJSON(j) +} + +// DieRelease returns the resource managed by the die. +func (d *NamedRuleWithOperationsDie) DieRelease() admissionregistrationv1alpha1.NamedRuleWithOperations { + if d.mutable { + return d.r + } + return *d.r.DeepCopy() +} + +// DieReleasePtr returns a pointer to the resource managed by the die. +func (d *NamedRuleWithOperationsDie) DieReleasePtr() *admissionregistrationv1alpha1.NamedRuleWithOperations { + r := d.DieRelease() + return &r +} + +// DieReleaseJSON returns the resource managed by the die as JSON. Panics on error. +func (d *NamedRuleWithOperationsDie) DieReleaseJSON() []byte { + r := d.DieReleasePtr() + j, err := json.Marshal(r) + if err != nil { + panic(err) + } + return j +} + +// DieReleaseYAML returns the resource managed by the die as YAML. Panics on error. +func (d *NamedRuleWithOperationsDie) DieReleaseYAML() []byte { + r := d.DieReleasePtr() + y, err := yaml.Marshal(r) + if err != nil { + panic(err) + } + return y +} + +// DieReleaseRawExtension returns the resource managed by the die as an raw extension. Panics on error. +func (d *NamedRuleWithOperationsDie) DieReleaseRawExtension() runtime.RawExtension { + j := d.DieReleaseJSON() + raw := runtime.RawExtension{} + if err := json.Unmarshal(j, &raw); err != nil { + panic(err) + } + return raw +} + +// DieStamp returns a new die with the resource passed to the callback function. The resource is mutable. +func (d *NamedRuleWithOperationsDie) DieStamp(fn func(r *admissionregistrationv1alpha1.NamedRuleWithOperations)) *NamedRuleWithOperationsDie { + r := d.DieRelease() + fn(&r) + return d.DieFeed(r) +} + +// Experimental: DieStampAt uses a JSON path (http://goessner.net/articles/JsonPath/) expression to stamp portions of the resource. The callback is invoked with each JSON path match. Panics if the callback function does not accept a single argument of the same type or a pointer to that type as found on the resource at the target location. +// +// Future iterations will improve type coercion from the resource to the callback argument. +func (d *NamedRuleWithOperationsDie) DieStampAt(jp string, fn interface{}) *NamedRuleWithOperationsDie { + return d.DieStamp(func(r *admissionregistrationv1alpha1.NamedRuleWithOperations) { + if ni := reflectx.ValueOf(fn).Type().NumIn(); ni != 1 { + panic(fmtx.Errorf("callback function must have 1 input parameters, found %d", ni)) + } + if no := reflectx.ValueOf(fn).Type().NumOut(); no != 0 { + panic(fmtx.Errorf("callback function must have 0 output parameters, found %d", no)) + } + + cp := jsonpath.New("") + if err := cp.Parse(fmtx.Sprintf("{%s}", jp)); err != nil { + panic(err) + } + cr, err := cp.FindResults(r) + if err != nil { + // errors are expected if a path is not found + return + } + for _, cv := range cr[0] { + arg0t := reflectx.ValueOf(fn).Type().In(0) + + var args []reflectx.Value + if cv.Type().AssignableTo(arg0t) { + args = []reflectx.Value{cv} + } else if cv.CanAddr() && cv.Addr().Type().AssignableTo(arg0t) { + args = []reflectx.Value{cv.Addr()} + } else { + panic(fmtx.Errorf("callback function must accept value of type %q, found type %q", cv.Type(), arg0t)) + } + + reflectx.ValueOf(fn).Call(args) + } + }) +} + +// DieWith returns a new die after passing the current die to the callback function. The passed die is mutable. +func (d *NamedRuleWithOperationsDie) DieWith(fns ...func(d *NamedRuleWithOperationsDie)) *NamedRuleWithOperationsDie { + nd := NamedRuleWithOperationsBlank.DieFeed(d.DieRelease()).DieImmutable(false) + for _, fn := range fns { + if fn != nil { + fn(nd) + } + } + return d.DieFeed(nd.DieRelease()) +} + +// DeepCopy returns a new die with equivalent state. Useful for snapshotting a mutable die. +func (d *NamedRuleWithOperationsDie) DeepCopy() *NamedRuleWithOperationsDie { + r := *d.r.DeepCopy() + return &NamedRuleWithOperationsDie{ + mutable: d.mutable, + r: r, + seal: d.seal, + } +} + +// DieSeal returns a new die for the current die's state that is sealed for comparison in future diff and patch operations. +func (d *NamedRuleWithOperationsDie) DieSeal() *NamedRuleWithOperationsDie { + return d.DieSealFeed(d.r) +} + +// DieSealFeed returns a new die for the current die's state that uses a specific resource for comparison in future diff and patch operations. +func (d *NamedRuleWithOperationsDie) DieSealFeed(r admissionregistrationv1alpha1.NamedRuleWithOperations) *NamedRuleWithOperationsDie { + if !d.mutable { + d = d.DeepCopy() + } + d.seal = *r.DeepCopy() + return d +} + +// DieSealFeedPtr returns a new die for the current die's state that uses a specific resource pointer for comparison in future diff and patch operations. If the resource is nil, the empty value is used instead. +func (d *NamedRuleWithOperationsDie) DieSealFeedPtr(r *admissionregistrationv1alpha1.NamedRuleWithOperations) *NamedRuleWithOperationsDie { + if r == nil { + r = &admissionregistrationv1alpha1.NamedRuleWithOperations{} + } + return d.DieSealFeed(*r) +} + +// DieSealRelease returns the sealed resource managed by the die. +func (d *NamedRuleWithOperationsDie) DieSealRelease() admissionregistrationv1alpha1.NamedRuleWithOperations { + return *d.seal.DeepCopy() +} + +// DieSealReleasePtr returns the sealed resource pointer managed by the die. +func (d *NamedRuleWithOperationsDie) DieSealReleasePtr() *admissionregistrationv1alpha1.NamedRuleWithOperations { + r := d.DieSealRelease() + return &r +} + +// DieDiff uses cmp.Diff to compare the current value of the die with the sealed value. +func (d *NamedRuleWithOperationsDie) DieDiff(opts ...cmp.Option) string { + return cmp.Diff(d.seal, d.r, opts...) +} + +// DiePatch generates a patch between the current value of the die and the sealed value. +func (d *NamedRuleWithOperationsDie) DiePatch(patchType types.PatchType) ([]byte, error) { + return patch.Create(d.seal, d.r, patchType) +} + +// RuleWithOperationsDie mutates RuleWithOperations as a die. +// +// RuleWithOperations is a tuple of Operations and Resources. +func (d *NamedRuleWithOperationsDie) RuleWithOperationsDie(fn func(d *admissionregistrationv1.RuleWithOperationsDie)) *NamedRuleWithOperationsDie { + return d.DieStamp(func(r *admissionregistrationv1alpha1.NamedRuleWithOperations) { + d := admissionregistrationv1.RuleWithOperationsBlank.DieImmutable(false).DieFeed(r.RuleWithOperations) + fn(d) + r.RuleWithOperations = d.DieRelease() + }) +} + +// ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed. +func (d *NamedRuleWithOperationsDie) ResourceNames(v ...string) *NamedRuleWithOperationsDie { + return d.DieStamp(func(r *admissionregistrationv1alpha1.NamedRuleWithOperations) { + r.ResourceNames = v + }) +} + +// RuleWithOperations is a tuple of Operations and Resources. +func (d *NamedRuleWithOperationsDie) RuleWithOperations(v admissionregistrationv1alpha1.RuleWithOperations) *NamedRuleWithOperationsDie { + return d.DieStamp(func(r *admissionregistrationv1alpha1.NamedRuleWithOperations) { + r.RuleWithOperations = v + }) +} + +var ApplyConfigurationBlank = (&ApplyConfigurationDie{}).DieFeed(admissionregistrationv1alpha1.ApplyConfiguration{}) + +type ApplyConfigurationDie struct { + mutable bool + r admissionregistrationv1alpha1.ApplyConfiguration + seal admissionregistrationv1alpha1.ApplyConfiguration +} + +// DieImmutable returns a new die for the current die's state that is either mutable (`false`) or immutable (`true`). +func (d *ApplyConfigurationDie) DieImmutable(immutable bool) *ApplyConfigurationDie { + if d.mutable == !immutable { + return d + } + d = d.DeepCopy() + d.mutable = !immutable + return d +} + +// DieFeed returns a new die with the provided resource. +func (d *ApplyConfigurationDie) DieFeed(r admissionregistrationv1alpha1.ApplyConfiguration) *ApplyConfigurationDie { + if d.mutable { + d.r = r + return d + } + return &ApplyConfigurationDie{ + mutable: d.mutable, + r: r, + seal: d.seal, + } +} + +// DieFeedPtr returns a new die with the provided resource pointer. If the resource is nil, the empty value is used instead. +func (d *ApplyConfigurationDie) DieFeedPtr(r *admissionregistrationv1alpha1.ApplyConfiguration) *ApplyConfigurationDie { + if r == nil { + r = &admissionregistrationv1alpha1.ApplyConfiguration{} + } + return d.DieFeed(*r) +} + +// DieFeedJSON returns a new die with the provided JSON. Panics on error. +func (d *ApplyConfigurationDie) DieFeedJSON(j []byte) *ApplyConfigurationDie { + r := admissionregistrationv1alpha1.ApplyConfiguration{} + if err := json.Unmarshal(j, &r); err != nil { + panic(err) + } + return d.DieFeed(r) +} + +// DieFeedYAML returns a new die with the provided YAML. Panics on error. +func (d *ApplyConfigurationDie) DieFeedYAML(y []byte) *ApplyConfigurationDie { + r := admissionregistrationv1alpha1.ApplyConfiguration{} + if err := yaml.Unmarshal(y, &r); err != nil { + panic(err) + } + return d.DieFeed(r) +} + +// DieFeedYAMLFile returns a new die loading YAML from a file path. Panics on error. +func (d *ApplyConfigurationDie) DieFeedYAMLFile(name string) *ApplyConfigurationDie { + y, err := osx.ReadFile(name) + if err != nil { + panic(err) + } + return d.DieFeedYAML(y) +} + +// DieFeedRawExtension returns the resource managed by the die as an raw extension. Panics on error. +func (d *ApplyConfigurationDie) DieFeedRawExtension(raw runtime.RawExtension) *ApplyConfigurationDie { + j, err := json.Marshal(raw) + if err != nil { + panic(err) + } + return d.DieFeedJSON(j) +} + +// DieRelease returns the resource managed by the die. +func (d *ApplyConfigurationDie) DieRelease() admissionregistrationv1alpha1.ApplyConfiguration { + if d.mutable { + return d.r + } + return *d.r.DeepCopy() +} + +// DieReleasePtr returns a pointer to the resource managed by the die. +func (d *ApplyConfigurationDie) DieReleasePtr() *admissionregistrationv1alpha1.ApplyConfiguration { + r := d.DieRelease() + return &r +} + +// DieReleaseJSON returns the resource managed by the die as JSON. Panics on error. +func (d *ApplyConfigurationDie) DieReleaseJSON() []byte { + r := d.DieReleasePtr() + j, err := json.Marshal(r) + if err != nil { + panic(err) + } + return j +} + +// DieReleaseYAML returns the resource managed by the die as YAML. Panics on error. +func (d *ApplyConfigurationDie) DieReleaseYAML() []byte { + r := d.DieReleasePtr() + y, err := yaml.Marshal(r) + if err != nil { + panic(err) + } + return y +} + +// DieReleaseRawExtension returns the resource managed by the die as an raw extension. Panics on error. +func (d *ApplyConfigurationDie) DieReleaseRawExtension() runtime.RawExtension { + j := d.DieReleaseJSON() + raw := runtime.RawExtension{} + if err := json.Unmarshal(j, &raw); err != nil { + panic(err) + } + return raw +} + +// DieStamp returns a new die with the resource passed to the callback function. The resource is mutable. +func (d *ApplyConfigurationDie) DieStamp(fn func(r *admissionregistrationv1alpha1.ApplyConfiguration)) *ApplyConfigurationDie { + r := d.DieRelease() + fn(&r) + return d.DieFeed(r) +} + +// Experimental: DieStampAt uses a JSON path (http://goessner.net/articles/JsonPath/) expression to stamp portions of the resource. The callback is invoked with each JSON path match. Panics if the callback function does not accept a single argument of the same type or a pointer to that type as found on the resource at the target location. +// +// Future iterations will improve type coercion from the resource to the callback argument. +func (d *ApplyConfigurationDie) DieStampAt(jp string, fn interface{}) *ApplyConfigurationDie { + return d.DieStamp(func(r *admissionregistrationv1alpha1.ApplyConfiguration) { + if ni := reflectx.ValueOf(fn).Type().NumIn(); ni != 1 { + panic(fmtx.Errorf("callback function must have 1 input parameters, found %d", ni)) + } + if no := reflectx.ValueOf(fn).Type().NumOut(); no != 0 { + panic(fmtx.Errorf("callback function must have 0 output parameters, found %d", no)) + } + + cp := jsonpath.New("") + if err := cp.Parse(fmtx.Sprintf("{%s}", jp)); err != nil { + panic(err) + } + cr, err := cp.FindResults(r) + if err != nil { + // errors are expected if a path is not found + return + } + for _, cv := range cr[0] { + arg0t := reflectx.ValueOf(fn).Type().In(0) + + var args []reflectx.Value + if cv.Type().AssignableTo(arg0t) { + args = []reflectx.Value{cv} + } else if cv.CanAddr() && cv.Addr().Type().AssignableTo(arg0t) { + args = []reflectx.Value{cv.Addr()} + } else { + panic(fmtx.Errorf("callback function must accept value of type %q, found type %q", cv.Type(), arg0t)) + } + + reflectx.ValueOf(fn).Call(args) + } + }) +} + +// DieWith returns a new die after passing the current die to the callback function. The passed die is mutable. +func (d *ApplyConfigurationDie) DieWith(fns ...func(d *ApplyConfigurationDie)) *ApplyConfigurationDie { + nd := ApplyConfigurationBlank.DieFeed(d.DieRelease()).DieImmutable(false) + for _, fn := range fns { + if fn != nil { + fn(nd) + } + } + return d.DieFeed(nd.DieRelease()) +} + +// DeepCopy returns a new die with equivalent state. Useful for snapshotting a mutable die. +func (d *ApplyConfigurationDie) DeepCopy() *ApplyConfigurationDie { + r := *d.r.DeepCopy() + return &ApplyConfigurationDie{ + mutable: d.mutable, + r: r, + seal: d.seal, + } +} + +// DieSeal returns a new die for the current die's state that is sealed for comparison in future diff and patch operations. +func (d *ApplyConfigurationDie) DieSeal() *ApplyConfigurationDie { + return d.DieSealFeed(d.r) +} + +// DieSealFeed returns a new die for the current die's state that uses a specific resource for comparison in future diff and patch operations. +func (d *ApplyConfigurationDie) DieSealFeed(r admissionregistrationv1alpha1.ApplyConfiguration) *ApplyConfigurationDie { + if !d.mutable { + d = d.DeepCopy() + } + d.seal = *r.DeepCopy() + return d +} + +// DieSealFeedPtr returns a new die for the current die's state that uses a specific resource pointer for comparison in future diff and patch operations. If the resource is nil, the empty value is used instead. +func (d *ApplyConfigurationDie) DieSealFeedPtr(r *admissionregistrationv1alpha1.ApplyConfiguration) *ApplyConfigurationDie { + if r == nil { + r = &admissionregistrationv1alpha1.ApplyConfiguration{} + } + return d.DieSealFeed(*r) +} + +// DieSealRelease returns the sealed resource managed by the die. +func (d *ApplyConfigurationDie) DieSealRelease() admissionregistrationv1alpha1.ApplyConfiguration { + return *d.seal.DeepCopy() +} + +// DieSealReleasePtr returns the sealed resource pointer managed by the die. +func (d *ApplyConfigurationDie) DieSealReleasePtr() *admissionregistrationv1alpha1.ApplyConfiguration { + r := d.DieSealRelease() + return &r +} + +// DieDiff uses cmp.Diff to compare the current value of the die with the sealed value. +func (d *ApplyConfigurationDie) DieDiff(opts ...cmp.Option) string { + return cmp.Diff(d.seal, d.r, opts...) +} + +// DiePatch generates a patch between the current value of the die and the sealed value. +func (d *ApplyConfigurationDie) DiePatch(patchType types.PatchType) ([]byte, error) { + return patch.Create(d.seal, d.r, patchType) +} + +// expression will be evaluated by CEL to create an apply configuration. +// +// ref: https://github.com/google/cel-spec +// +// Apply configurations are declared in CEL using object initialization. For example, this CEL expression +// +// returns an apply configuration to set a single field: +// +// Object{ +// +// spec: Object.spec{ +// +// serviceAccountName: "example" +// +// } +// +// } +// +// # Apply configurations may not modify atomic structs, maps or arrays due to the risk of accidental deletion of +// +// values not included in the apply configuration. +// +// CEL expressions have access to the object types needed to create apply configurations: +// +// - 'Object' - CEL type of the resource object. +// +// - 'Object.' - CEL type of object field (such as 'Object.spec') +// +// - 'Object.....` - CEL type of nested field (such as 'Object.spec.containers') +// +// CEL expressions have access to the contents of the API request, organized into CEL variables as well as some other useful variables: +// +// - 'object' - The object from the incoming request. The value is null for DELETE requests. +// +// - 'oldObject' - The existing object. The value is null for CREATE requests. +// +// - 'request' - Attributes of the API request([ref](/pkg/apis/admission/types.go#AdmissionRequest)). +// +// - 'params' - Parameter resource referred to by the policy binding being evaluated. Only populated if the policy has a ParamKind. +// +// - 'namespaceObject' - The namespace object that the incoming object belongs to. The value is null for cluster-scoped resources. +// +// - 'variables' - Map of composited variables, from its name to its lazily evaluated value. +// +// For example, a variable named 'foo' can be accessed as 'variables.foo'. +// +// - 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request. +// +// See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz +// +// - 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the +// +// request resource. +// +// # The `apiVersion`, `kind`, `metadata.name` and `metadata.generateName` are always accessible from the root of the +// +// object. No other metadata properties are accessible. +// +// Only property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*` are accessible. +// +// Required. +func (d *ApplyConfigurationDie) Expression(v string) *ApplyConfigurationDie { + return d.DieStamp(func(r *admissionregistrationv1alpha1.ApplyConfiguration) { + r.Expression = v + }) +} + +var JSONPatchBlank = (&JSONPatchDie{}).DieFeed(admissionregistrationv1alpha1.JSONPatch{}) + +type JSONPatchDie struct { + mutable bool + r admissionregistrationv1alpha1.JSONPatch + seal admissionregistrationv1alpha1.JSONPatch +} + +// DieImmutable returns a new die for the current die's state that is either mutable (`false`) or immutable (`true`). +func (d *JSONPatchDie) DieImmutable(immutable bool) *JSONPatchDie { + if d.mutable == !immutable { + return d + } + d = d.DeepCopy() + d.mutable = !immutable + return d +} + +// DieFeed returns a new die with the provided resource. +func (d *JSONPatchDie) DieFeed(r admissionregistrationv1alpha1.JSONPatch) *JSONPatchDie { + if d.mutable { + d.r = r + return d + } + return &JSONPatchDie{ + mutable: d.mutable, + r: r, + seal: d.seal, + } +} + +// DieFeedPtr returns a new die with the provided resource pointer. If the resource is nil, the empty value is used instead. +func (d *JSONPatchDie) DieFeedPtr(r *admissionregistrationv1alpha1.JSONPatch) *JSONPatchDie { + if r == nil { + r = &admissionregistrationv1alpha1.JSONPatch{} + } + return d.DieFeed(*r) +} + +// DieFeedJSON returns a new die with the provided JSON. Panics on error. +func (d *JSONPatchDie) DieFeedJSON(j []byte) *JSONPatchDie { + r := admissionregistrationv1alpha1.JSONPatch{} + if err := json.Unmarshal(j, &r); err != nil { + panic(err) + } + return d.DieFeed(r) +} + +// DieFeedYAML returns a new die with the provided YAML. Panics on error. +func (d *JSONPatchDie) DieFeedYAML(y []byte) *JSONPatchDie { + r := admissionregistrationv1alpha1.JSONPatch{} + if err := yaml.Unmarshal(y, &r); err != nil { + panic(err) + } + return d.DieFeed(r) +} + +// DieFeedYAMLFile returns a new die loading YAML from a file path. Panics on error. +func (d *JSONPatchDie) DieFeedYAMLFile(name string) *JSONPatchDie { + y, err := osx.ReadFile(name) + if err != nil { + panic(err) + } + return d.DieFeedYAML(y) +} + +// DieFeedRawExtension returns the resource managed by the die as an raw extension. Panics on error. +func (d *JSONPatchDie) DieFeedRawExtension(raw runtime.RawExtension) *JSONPatchDie { + j, err := json.Marshal(raw) + if err != nil { + panic(err) + } + return d.DieFeedJSON(j) +} + +// DieRelease returns the resource managed by the die. +func (d *JSONPatchDie) DieRelease() admissionregistrationv1alpha1.JSONPatch { + if d.mutable { + return d.r + } + return *d.r.DeepCopy() +} + +// DieReleasePtr returns a pointer to the resource managed by the die. +func (d *JSONPatchDie) DieReleasePtr() *admissionregistrationv1alpha1.JSONPatch { + r := d.DieRelease() + return &r +} + +// DieReleaseJSON returns the resource managed by the die as JSON. Panics on error. +func (d *JSONPatchDie) DieReleaseJSON() []byte { + r := d.DieReleasePtr() + j, err := json.Marshal(r) + if err != nil { + panic(err) + } + return j +} + +// DieReleaseYAML returns the resource managed by the die as YAML. Panics on error. +func (d *JSONPatchDie) DieReleaseYAML() []byte { + r := d.DieReleasePtr() + y, err := yaml.Marshal(r) + if err != nil { + panic(err) + } + return y +} + +// DieReleaseRawExtension returns the resource managed by the die as an raw extension. Panics on error. +func (d *JSONPatchDie) DieReleaseRawExtension() runtime.RawExtension { + j := d.DieReleaseJSON() + raw := runtime.RawExtension{} + if err := json.Unmarshal(j, &raw); err != nil { + panic(err) + } + return raw +} + +// DieStamp returns a new die with the resource passed to the callback function. The resource is mutable. +func (d *JSONPatchDie) DieStamp(fn func(r *admissionregistrationv1alpha1.JSONPatch)) *JSONPatchDie { + r := d.DieRelease() + fn(&r) + return d.DieFeed(r) +} + +// Experimental: DieStampAt uses a JSON path (http://goessner.net/articles/JsonPath/) expression to stamp portions of the resource. The callback is invoked with each JSON path match. Panics if the callback function does not accept a single argument of the same type or a pointer to that type as found on the resource at the target location. +// +// Future iterations will improve type coercion from the resource to the callback argument. +func (d *JSONPatchDie) DieStampAt(jp string, fn interface{}) *JSONPatchDie { + return d.DieStamp(func(r *admissionregistrationv1alpha1.JSONPatch) { + if ni := reflectx.ValueOf(fn).Type().NumIn(); ni != 1 { + panic(fmtx.Errorf("callback function must have 1 input parameters, found %d", ni)) + } + if no := reflectx.ValueOf(fn).Type().NumOut(); no != 0 { + panic(fmtx.Errorf("callback function must have 0 output parameters, found %d", no)) + } + + cp := jsonpath.New("") + if err := cp.Parse(fmtx.Sprintf("{%s}", jp)); err != nil { + panic(err) + } + cr, err := cp.FindResults(r) + if err != nil { + // errors are expected if a path is not found + return + } + for _, cv := range cr[0] { + arg0t := reflectx.ValueOf(fn).Type().In(0) + + var args []reflectx.Value + if cv.Type().AssignableTo(arg0t) { + args = []reflectx.Value{cv} + } else if cv.CanAddr() && cv.Addr().Type().AssignableTo(arg0t) { + args = []reflectx.Value{cv.Addr()} + } else { + panic(fmtx.Errorf("callback function must accept value of type %q, found type %q", cv.Type(), arg0t)) + } + + reflectx.ValueOf(fn).Call(args) + } + }) +} + +// DieWith returns a new die after passing the current die to the callback function. The passed die is mutable. +func (d *JSONPatchDie) DieWith(fns ...func(d *JSONPatchDie)) *JSONPatchDie { + nd := JSONPatchBlank.DieFeed(d.DieRelease()).DieImmutable(false) + for _, fn := range fns { + if fn != nil { + fn(nd) + } + } + return d.DieFeed(nd.DieRelease()) +} + +// DeepCopy returns a new die with equivalent state. Useful for snapshotting a mutable die. +func (d *JSONPatchDie) DeepCopy() *JSONPatchDie { + r := *d.r.DeepCopy() + return &JSONPatchDie{ + mutable: d.mutable, + r: r, + seal: d.seal, + } +} + +// DieSeal returns a new die for the current die's state that is sealed for comparison in future diff and patch operations. +func (d *JSONPatchDie) DieSeal() *JSONPatchDie { + return d.DieSealFeed(d.r) +} + +// DieSealFeed returns a new die for the current die's state that uses a specific resource for comparison in future diff and patch operations. +func (d *JSONPatchDie) DieSealFeed(r admissionregistrationv1alpha1.JSONPatch) *JSONPatchDie { + if !d.mutable { + d = d.DeepCopy() + } + d.seal = *r.DeepCopy() + return d +} + +// DieSealFeedPtr returns a new die for the current die's state that uses a specific resource pointer for comparison in future diff and patch operations. If the resource is nil, the empty value is used instead. +func (d *JSONPatchDie) DieSealFeedPtr(r *admissionregistrationv1alpha1.JSONPatch) *JSONPatchDie { + if r == nil { + r = &admissionregistrationv1alpha1.JSONPatch{} + } + return d.DieSealFeed(*r) +} + +// DieSealRelease returns the sealed resource managed by the die. +func (d *JSONPatchDie) DieSealRelease() admissionregistrationv1alpha1.JSONPatch { + return *d.seal.DeepCopy() +} + +// DieSealReleasePtr returns the sealed resource pointer managed by the die. +func (d *JSONPatchDie) DieSealReleasePtr() *admissionregistrationv1alpha1.JSONPatch { + r := d.DieSealRelease() + return &r +} + +// DieDiff uses cmp.Diff to compare the current value of the die with the sealed value. +func (d *JSONPatchDie) DieDiff(opts ...cmp.Option) string { + return cmp.Diff(d.seal, d.r, opts...) +} + +// DiePatch generates a patch between the current value of the die and the sealed value. +func (d *JSONPatchDie) DiePatch(patchType types.PatchType) ([]byte, error) { + return patch.Create(d.seal, d.r, patchType) +} + +// expression will be evaluated by CEL to create a [JSON patch](https://jsonpatch.com/). +// +// ref: https://github.com/google/cel-spec +// +// expression must return an array of JSONPatch values. +// +// For example, this CEL expression returns a JSON patch to conditionally modify a value: +// +// [ +// +// JSONPatch{op: "test", path: "/spec/example", value: "Red"}, +// +// JSONPatch{op: "replace", path: "/spec/example", value: "Green"} +// +// ] +// +// To define an object for the patch value, use Object types. For example: +// +// [ +// +// JSONPatch{ +// +// op: "add", +// +// path: "/spec/selector", +// +// value: Object.spec.selector{matchLabels: {"environment": "test"}} +// +// } +// +// ] +// +// To use strings containing '/' and '~' as JSONPatch path keys, use "jsonpatch.escapeKey". For example: +// +// [ +// +// JSONPatch{ +// +// op: "add", +// +// path: "/metadata/labels/" + jsonpatch.escapeKey("example.com/environment"), +// +// value: "test" +// +// }, +// +// ] +// +// CEL expressions have access to the types needed to create JSON patches and objects: +// +// - 'JSONPatch' - CEL type of JSON Patch operations. JSONPatch has the fields 'op', 'from', 'path' and 'value'. +// +// See [JSON patch](https://jsonpatch.com/) for more details. The 'value' field may be set to any of: string, +// +// integer, array, map or object. If set, the 'path' and 'from' fields must be set to a +// +// [JSON pointer](https://datatracker.ietf.org/doc/html/rfc6901/) string, where the 'jsonpatch.escapeKey()' CEL +// +// function may be used to escape path keys containing '/' and '~'. +// +// - 'Object' - CEL type of the resource object. +// +// - 'Object.' - CEL type of object field (such as 'Object.spec') +// +// - 'Object.....` - CEL type of nested field (such as 'Object.spec.containers') +// +// CEL expressions have access to the contents of the API request, organized into CEL variables as well as some other useful variables: +// +// - 'object' - The object from the incoming request. The value is null for DELETE requests. +// +// - 'oldObject' - The existing object. The value is null for CREATE requests. +// +// - 'request' - Attributes of the API request([ref](/pkg/apis/admission/types.go#AdmissionRequest)). +// +// - 'params' - Parameter resource referred to by the policy binding being evaluated. Only populated if the policy has a ParamKind. +// +// - 'namespaceObject' - The namespace object that the incoming object belongs to. The value is null for cluster-scoped resources. +// +// - 'variables' - Map of composited variables, from its name to its lazily evaluated value. +// +// For example, a variable named 'foo' can be accessed as 'variables.foo'. +// +// - 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request. +// +// See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz +// +// - 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the +// +// request resource. +// +// CEL expressions have access to [Kubernetes CEL function libraries](https://kubernetes.io/docs/reference/using-api/cel/#cel-options-language-features-and-libraries) +// +// as well as: +// +// - 'jsonpatch.escapeKey' - Performs JSONPatch key escaping. '~' and '/' are escaped as '~0' and `~1' respectively). +// +// Only property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*` are accessible. +// +// Required. +func (d *JSONPatchDie) Expression(v string) *JSONPatchDie { + return d.DieStamp(func(r *admissionregistrationv1alpha1.JSONPatch) { + r.Expression = v + }) +} diff --git a/apis/admissionregistration/v1alpha1/zz_generated.die_test.go b/apis/admissionregistration/v1alpha1/zz_generated.die_test.go new file mode 100644 index 0000000..3b4c8e9 --- /dev/null +++ b/apis/admissionregistration/v1alpha1/zz_generated.die_test.go @@ -0,0 +1,117 @@ +//go:build !ignore_autogenerated +// +build !ignore_autogenerated + +/* +Copyright 2021-2022 the original author or authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by diegen. DO NOT EDIT. + +package v1alpha1 + +import ( + testing "reconciler.io/dies/testing" + testingx "testing" +) + +func TestMutatingAdmissionPolicyDie_MissingMethods(t *testingx.T) { + die := MutatingAdmissionPolicyBlank + ignore := []string{"TypeMeta", "ObjectMeta"} + diff := testing.DieFieldDiff(die).Delete(ignore...) + if diff.Len() != 0 { + t.Errorf("found missing fields for MutatingAdmissionPolicyDie: %s", diff.List()) + } +} + +func TestMutatingAdmissionPolicySpecDie_MissingMethods(t *testingx.T) { + die := MutatingAdmissionPolicySpecBlank + ignore := []string{} + diff := testing.DieFieldDiff(die).Delete(ignore...) + if diff.Len() != 0 { + t.Errorf("found missing fields for MutatingAdmissionPolicySpecDie: %s", diff.List()) + } +} + +func TestParamKindDie_MissingMethods(t *testingx.T) { + die := ParamKindBlank + ignore := []string{} + diff := testing.DieFieldDiff(die).Delete(ignore...) + if diff.Len() != 0 { + t.Errorf("found missing fields for ParamKindDie: %s", diff.List()) + } +} + +func TestMatchResourcesDie_MissingMethods(t *testingx.T) { + die := MatchResourcesBlank + ignore := []string{} + diff := testing.DieFieldDiff(die).Delete(ignore...) + if diff.Len() != 0 { + t.Errorf("found missing fields for MatchResourcesDie: %s", diff.List()) + } +} + +func TestMatchConditionDie_MissingMethods(t *testingx.T) { + die := MatchConditionBlank + ignore := []string{} + diff := testing.DieFieldDiff(die).Delete(ignore...) + if diff.Len() != 0 { + t.Errorf("found missing fields for MatchConditionDie: %s", diff.List()) + } +} + +func TestVariableDie_MissingMethods(t *testingx.T) { + die := VariableBlank + ignore := []string{} + diff := testing.DieFieldDiff(die).Delete(ignore...) + if diff.Len() != 0 { + t.Errorf("found missing fields for VariableDie: %s", diff.List()) + } +} + +func TestMutationDie_MissingMethods(t *testingx.T) { + die := MutationBlank + ignore := []string{} + diff := testing.DieFieldDiff(die).Delete(ignore...) + if diff.Len() != 0 { + t.Errorf("found missing fields for MutationDie: %s", diff.List()) + } +} + +func TestNamedRuleWithOperationsDie_MissingMethods(t *testingx.T) { + die := NamedRuleWithOperationsBlank + ignore := []string{} + diff := testing.DieFieldDiff(die).Delete(ignore...) + if diff.Len() != 0 { + t.Errorf("found missing fields for NamedRuleWithOperationsDie: %s", diff.List()) + } +} + +func TestApplyConfigurationDie_MissingMethods(t *testingx.T) { + die := ApplyConfigurationBlank + ignore := []string{} + diff := testing.DieFieldDiff(die).Delete(ignore...) + if diff.Len() != 0 { + t.Errorf("found missing fields for ApplyConfigurationDie: %s", diff.List()) + } +} + +func TestJSONPatchDie_MissingMethods(t *testingx.T) { + die := JSONPatchBlank + ignore := []string{} + diff := testing.DieFieldDiff(die).Delete(ignore...) + if diff.Len() != 0 { + t.Errorf("found missing fields for JSONPatchDie: %s", diff.List()) + } +} diff --git a/apis/apps/v1/zz_generated.die.go b/apis/apps/v1/zz_generated.die.go index 172a9e4..fc7bd50 100644 --- a/apis/apps/v1/zz_generated.die.go +++ b/apis/apps/v1/zz_generated.die.go @@ -5353,9 +5353,7 @@ func (d *StatefulSetSpecDie) UpdateStrategyDie(fn func(d *StatefulSetUpdateStrat // // volume claims when their stateful set is deleted, or when their pod is scaled // -// down. This requires the StatefulSetAutoDeletePVC feature gate to be enabled, -// -// which is beta. +// down. func (d *StatefulSetSpecDie) PersistentVolumeClaimRetentionPolicyDie(fn func(d *StatefulSetPersistentVolumeClaimRetentionPolicyDie)) *StatefulSetSpecDie { return d.DieStamp(func(r *appsv1.StatefulSetSpec) { d := StatefulSetPersistentVolumeClaimRetentionPolicyBlank.DieImmutable(false).DieFeedPtr(r.PersistentVolumeClaimRetentionPolicy) @@ -5548,9 +5546,7 @@ func (d *StatefulSetSpecDie) MinReadySeconds(v int32) *StatefulSetSpecDie { // // volume claims when their stateful set is deleted, or when their pod is scaled // -// down. This requires the StatefulSetAutoDeletePVC feature gate to be enabled, -// -// which is beta. +// down. func (d *StatefulSetSpecDie) PersistentVolumeClaimRetentionPolicy(v *appsv1.StatefulSetPersistentVolumeClaimRetentionPolicy) *StatefulSetSpecDie { return d.DieStamp(func(r *appsv1.StatefulSetSpec) { r.PersistentVolumeClaimRetentionPolicy = v diff --git a/apis/autoscaling/v2/zz_generated.die.go b/apis/autoscaling/v2/zz_generated.die.go index 3468139..e5b958a 100644 --- a/apis/autoscaling/v2/zz_generated.die.go +++ b/apis/autoscaling/v2/zz_generated.die.go @@ -1280,8 +1280,6 @@ func (d *MetricSpecDie) ResourceDie(fn func(d *ResourceMetricSourceDie)) *Metric // built in to Kubernetes, and have special scaling options on top of those // // available to normal per-pod metrics using the "pods" source. -// -// This is an alpha feature and can be enabled by the HPAContainerMetrics feature flag. func (d *MetricSpecDie) ContainerResourceDie(fn func(d *ContainerResourceMetricSourceDie)) *MetricSpecDie { return d.DieStamp(func(r *autoscalingv2.MetricSpec) { d := ContainerResourceMetricSourceBlank.DieImmutable(false).DieFeedPtr(r.ContainerResource) @@ -1312,10 +1310,6 @@ func (d *MetricSpecDie) ExternalDie(fn func(d *ExternalMetricSourceDie)) *Metric // type is the type of metric source. It should be one of "ContainerResource", "External", // // "Object", "Pods" or "Resource", each mapping to a matching field in the object. -// -// Note: "ContainerResource" type is available on when the feature-gate -// -// HPAContainerMetrics is enabled func (d *MetricSpecDie) Type(v autoscalingv2.MetricSourceType) *MetricSpecDie { return d.DieStamp(func(r *autoscalingv2.MetricSpec) { r.Type = v @@ -1366,8 +1360,6 @@ func (d *MetricSpecDie) Resource(v *autoscalingv2.ResourceMetricSource) *MetricS // built in to Kubernetes, and have special scaling options on top of those // // available to normal per-pod metrics using the "pods" source. -// -// This is an alpha feature and can be enabled by the HPAContainerMetrics feature flag. func (d *MetricSpecDie) ContainerResource(v *autoscalingv2.ContainerResourceMetricSource) *MetricSpecDie { return d.DieStamp(func(r *autoscalingv2.MetricSpec) { r.ContainerResource = v @@ -4683,10 +4675,6 @@ func (d *MetricStatusDie) ExternalDie(fn func(d *ExternalMetricStatusDie)) *Metr // type is the type of metric source. It will be one of "ContainerResource", "External", // // "Object", "Pods" or "Resource", each corresponds to a matching field in the object. -// -// Note: "ContainerResource" type is available on when the feature-gate -// -// HPAContainerMetrics is enabled func (d *MetricStatusDie) Type(v autoscalingv2.MetricSourceType) *MetricStatusDie { return d.DieStamp(func(r *autoscalingv2.MetricStatus) { r.Type = v diff --git a/apis/batch/v1/zz_generated.die.go b/apis/batch/v1/zz_generated.die.go index 3b6e8d2..ba8e51e 100644 --- a/apis/batch/v1/zz_generated.die.go +++ b/apis/batch/v1/zz_generated.die.go @@ -1939,9 +1939,9 @@ func (d *JobSpecDie) PodReplacementPolicy(v *batchv1.PodReplacementPolicy) *JobS // // This field is immutable. // -// This field is alpha-level. The job controller accepts setting the field +// This field is beta-level. The job controller accepts setting the field // -// when the feature gate JobManagedBy is enabled (disabled by default). +// when the feature gate JobManagedBy is enabled (enabled by default). func (d *JobSpecDie) ManagedBy(v *string) *JobSpecDie { return d.DieStamp(func(r *batchv1.JobSpec) { r.ManagedBy = v diff --git a/apis/core/v1/pod.go b/apis/core/v1/pod.go index 160a2b8..261f19a 100644 --- a/apis/core/v1/pod.go +++ b/apis/core/v1/pod.go @@ -37,6 +37,7 @@ type _ = corev1.Pod // +die:field:name=TopologySpreadConstraints,die=TopologySpreadConstraintDie,listMapKey=TopologyKey // +die:field:name=SchedulingGates,die=PodSchedulingGateDie,listType=atomic // +die:field:name=ResourceClaims,die=PodResourceClaimDie,listType=atomic +// +die:field:name=Resources,die=ResourceRequirementsDie,pointer=true type _ = corev1.PodSpec // +die diff --git a/apis/core/v1/zz_generated.die.go b/apis/core/v1/zz_generated.die.go index 24fa91c..0b6d784 100644 --- a/apis/core/v1/zz_generated.die.go +++ b/apis/core/v1/zz_generated.die.go @@ -919,8 +919,6 @@ func (d *LocalObjectReferenceDie) DiePatch(patchType types.PatchType) ([]byte, e // // almost certainly wrong. // -// TODO: Add other useful fields. apiVersion, kind, uid? -// // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names // // TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. @@ -8559,7 +8557,7 @@ func (d *LifecycleHandlerDie) DiePatch(patchType types.PatchType) ([]byte, error // ExecDie mutates Exec as a die. // -// Exec specifies the action to take. +// Exec specifies a command to execute in the container. func (d *LifecycleHandlerDie) ExecDie(fn func(d *ExecActionDie)) *LifecycleHandlerDie { return d.DieStamp(func(r *corev1.LifecycleHandler) { d := ExecActionBlank.DieImmutable(false).DieFeedPtr(r.Exec) @@ -8570,7 +8568,7 @@ func (d *LifecycleHandlerDie) ExecDie(fn func(d *ExecActionDie)) *LifecycleHandl // HTTPGetDie mutates HTTPGet as a die. // -// HTTPGet specifies the http request to perform. +// HTTPGet specifies an HTTP GET request to perform. func (d *LifecycleHandlerDie) HTTPGetDie(fn func(d *HTTPGetActionDie)) *LifecycleHandlerDie { return d.DieStamp(func(r *corev1.LifecycleHandler) { d := HTTPGetActionBlank.DieImmutable(false).DieFeedPtr(r.HTTPGet) @@ -8583,9 +8581,9 @@ func (d *LifecycleHandlerDie) HTTPGetDie(fn func(d *HTTPGetActionDie)) *Lifecycl // // Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept // -// for the backward compatibility. There are no validation of this field and +// for backward compatibility. There is no validation of this field and // -// lifecycle hooks will fail in runtime when tcp handler is specified. +// lifecycle hooks will fail at runtime when it is specified. func (d *LifecycleHandlerDie) TCPSocketDie(fn func(d *TCPSocketActionDie)) *LifecycleHandlerDie { return d.DieStamp(func(r *corev1.LifecycleHandler) { d := TCPSocketActionBlank.DieImmutable(false).DieFeedPtr(r.TCPSocket) @@ -8596,7 +8594,7 @@ func (d *LifecycleHandlerDie) TCPSocketDie(fn func(d *TCPSocketActionDie)) *Life // SleepDie mutates Sleep as a die. // -// Sleep represents the duration that the container should sleep before being terminated. +// Sleep represents a duration that the container should sleep. func (d *LifecycleHandlerDie) SleepDie(fn func(d *SleepActionDie)) *LifecycleHandlerDie { return d.DieStamp(func(r *corev1.LifecycleHandler) { d := SleepActionBlank.DieImmutable(false).DieFeedPtr(r.Sleep) @@ -8605,14 +8603,14 @@ func (d *LifecycleHandlerDie) SleepDie(fn func(d *SleepActionDie)) *LifecycleHan }) } -// Exec specifies the action to take. +// Exec specifies a command to execute in the container. func (d *LifecycleHandlerDie) Exec(v *corev1.ExecAction) *LifecycleHandlerDie { return d.DieStamp(func(r *corev1.LifecycleHandler) { r.Exec = v }) } -// HTTPGet specifies the http request to perform. +// HTTPGet specifies an HTTP GET request to perform. func (d *LifecycleHandlerDie) HTTPGet(v *corev1.HTTPGetAction) *LifecycleHandlerDie { return d.DieStamp(func(r *corev1.LifecycleHandler) { r.HTTPGet = v @@ -8621,16 +8619,16 @@ func (d *LifecycleHandlerDie) HTTPGet(v *corev1.HTTPGetAction) *LifecycleHandler // Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept // -// for the backward compatibility. There are no validation of this field and +// for backward compatibility. There is no validation of this field and // -// lifecycle hooks will fail in runtime when tcp handler is specified. +// lifecycle hooks will fail at runtime when it is specified. func (d *LifecycleHandlerDie) TCPSocket(v *corev1.TCPSocketAction) *LifecycleHandlerDie { return d.DieStamp(func(r *corev1.LifecycleHandler) { r.TCPSocket = v }) } -// Sleep represents the duration that the container should sleep before being terminated. +// Sleep represents a duration that the container should sleep. func (d *LifecycleHandlerDie) Sleep(v *corev1.SleepAction) *LifecycleHandlerDie { return d.DieStamp(func(r *corev1.LifecycleHandler) { r.Sleep = v @@ -8867,7 +8865,7 @@ func (d *ProbeHandlerDie) DiePatch(patchType types.PatchType) ([]byte, error) { // ExecDie mutates Exec as a die. // -// Exec specifies the action to take. +// Exec specifies a command to execute in the container. func (d *ProbeHandlerDie) ExecDie(fn func(d *ExecActionDie)) *ProbeHandlerDie { return d.DieStamp(func(r *corev1.ProbeHandler) { d := ExecActionBlank.DieImmutable(false).DieFeedPtr(r.Exec) @@ -8878,7 +8876,7 @@ func (d *ProbeHandlerDie) ExecDie(fn func(d *ExecActionDie)) *ProbeHandlerDie { // HTTPGetDie mutates HTTPGet as a die. // -// HTTPGet specifies the http request to perform. +// HTTPGet specifies an HTTP GET request to perform. func (d *ProbeHandlerDie) HTTPGetDie(fn func(d *HTTPGetActionDie)) *ProbeHandlerDie { return d.DieStamp(func(r *corev1.ProbeHandler) { d := HTTPGetActionBlank.DieImmutable(false).DieFeedPtr(r.HTTPGet) @@ -8889,7 +8887,7 @@ func (d *ProbeHandlerDie) HTTPGetDie(fn func(d *HTTPGetActionDie)) *ProbeHandler // TCPSocketDie mutates TCPSocket as a die. // -// TCPSocket specifies an action involving a TCP port. +// TCPSocket specifies a connection to a TCP port. func (d *ProbeHandlerDie) TCPSocketDie(fn func(d *TCPSocketActionDie)) *ProbeHandlerDie { return d.DieStamp(func(r *corev1.ProbeHandler) { d := TCPSocketActionBlank.DieImmutable(false).DieFeedPtr(r.TCPSocket) @@ -8900,7 +8898,7 @@ func (d *ProbeHandlerDie) TCPSocketDie(fn func(d *TCPSocketActionDie)) *ProbeHan // GRPCDie mutates GRPC as a die. // -// GRPC specifies an action involving a GRPC port. +// GRPC specifies a GRPC HealthCheckRequest. func (d *ProbeHandlerDie) GRPCDie(fn func(d *GRPCActionDie)) *ProbeHandlerDie { return d.DieStamp(func(r *corev1.ProbeHandler) { d := GRPCActionBlank.DieImmutable(false).DieFeedPtr(r.GRPC) @@ -8909,28 +8907,28 @@ func (d *ProbeHandlerDie) GRPCDie(fn func(d *GRPCActionDie)) *ProbeHandlerDie { }) } -// Exec specifies the action to take. +// Exec specifies a command to execute in the container. func (d *ProbeHandlerDie) Exec(v *corev1.ExecAction) *ProbeHandlerDie { return d.DieStamp(func(r *corev1.ProbeHandler) { r.Exec = v }) } -// HTTPGet specifies the http request to perform. +// HTTPGet specifies an HTTP GET request to perform. func (d *ProbeHandlerDie) HTTPGet(v *corev1.HTTPGetAction) *ProbeHandlerDie { return d.DieStamp(func(r *corev1.ProbeHandler) { r.HTTPGet = v }) } -// TCPSocket specifies an action involving a TCP port. +// TCPSocket specifies a connection to a TCP port. func (d *ProbeHandlerDie) TCPSocket(v *corev1.TCPSocketAction) *ProbeHandlerDie { return d.DieStamp(func(r *corev1.ProbeHandler) { r.TCPSocket = v }) } -// GRPC specifies an action involving a GRPC port. +// GRPC specifies a GRPC HealthCheckRequest. func (d *ProbeHandlerDie) GRPC(v *corev1.GRPCAction) *ProbeHandlerDie { return d.DieStamp(func(r *corev1.ProbeHandler) { r.GRPC = v @@ -13486,13 +13484,13 @@ func (d *ResourceStatusDie) DiePatch(patchType types.PatchType) ([]byte, error) // ResourceDie mutates a single item in Resources matched by the nested field ResourceID, appending a new item if no match is found. // -// List of unique Resources health. Each element in the list contains an unique resource ID and resource health. +// List of unique resources health. Each element in the list contains an unique resource ID and its health. // -// # At a minimum, ResourceID must uniquely identify the Resource +// At a minimum, for the lifetime of a Pod, resource ID must uniquely identify the resource allocated to the Pod on the Node. // -// allocated to the Pod on the Node for the lifetime of a Pod. +// If other Pod on the same Node reports the status with the same resource ID, it must be the same resource they share. // -// See ResourceID type for it's definition. +// See ResourceID type definition for a specific format it has in various use cases. func (d *ResourceStatusDie) ResourceDie(v corev1.ResourceID, fn func(d *ResourceHealthDie)) *ResourceStatusDie { return d.DieStamp(func(r *corev1.ResourceStatus) { for i := range r.Resources { @@ -13510,20 +13508,24 @@ func (d *ResourceStatusDie) ResourceDie(v corev1.ResourceID, fn func(d *Resource }) } -// Name of the resource. Must be unique within the pod and match one of the resources from the pod spec. +// Name of the resource. Must be unique within the pod and in case of non-DRA resource, match one of the resources from the pod spec. +// +// For DRA resources, the value must be "claim:/". +// +// When this status is reported about a container, the "claim_name" and "request" must match one of the claims of this container. func (d *ResourceStatusDie) Name(v corev1.ResourceName) *ResourceStatusDie { return d.DieStamp(func(r *corev1.ResourceStatus) { r.Name = v }) } -// List of unique Resources health. Each element in the list contains an unique resource ID and resource health. +// List of unique resources health. Each element in the list contains an unique resource ID and its health. // -// # At a minimum, ResourceID must uniquely identify the Resource +// At a minimum, for the lifetime of a Pod, resource ID must uniquely identify the resource allocated to the Pod on the Node. // -// allocated to the Pod on the Node for the lifetime of a Pod. +// If other Pod on the same Node reports the status with the same resource ID, it must be the same resource they share. // -// See ResourceID type for it's definition. +// See ResourceID type definition for a specific format it has in various use cases. func (d *ResourceStatusDie) Resources(v ...corev1.ResourceHealth) *ResourceStatusDie { return d.DieStamp(func(r *corev1.ResourceStatus) { r.Resources = v @@ -20762,7 +20764,7 @@ func (d *NodeStatusDie) DaemonEndpointsDie(fn func(d *NodeDaemonEndpointsDie)) * // // Set of ids/uuids to uniquely identify the node. // -// More info: https://kubernetes.io/docs/concepts/nodes/node/#info +// More info: https://kubernetes.io/docs/reference/node/node-status/#info func (d *NodeStatusDie) NodeInfoDie(fn func(d *NodeSystemInfoDie)) *NodeStatusDie { return d.DieStamp(func(r *corev1.NodeStatus) { d := NodeSystemInfoBlank.DieImmutable(false).DieFeed(r.NodeInfo) @@ -20788,7 +20790,7 @@ func (d *NodeStatusDie) ConfigDie(fn func(d *NodeConfigStatusDie)) *NodeStatusDi // // Queried from cloud provider, if available. // -// More info: https://kubernetes.io/docs/concepts/nodes/node/#addresses +// More info: https://kubernetes.io/docs/reference/node/node-status/#addresses // // Note: This field is declared as mergeable, but the merge key is not sufficiently // @@ -20946,7 +20948,7 @@ func (d *NodeStatusDie) Phase(v corev1.NodePhase) *NodeStatusDie { // Conditions is an array of current observed node conditions. // -// More info: https://kubernetes.io/docs/concepts/nodes/node/#condition +// More info: https://kubernetes.io/docs/reference/node/node-status/#condition func (d *NodeStatusDie) Conditions(v ...corev1.NodeCondition) *NodeStatusDie { return d.DieStamp(func(r *corev1.NodeStatus) { r.Conditions = v @@ -20957,7 +20959,7 @@ func (d *NodeStatusDie) Conditions(v ...corev1.NodeCondition) *NodeStatusDie { // // Queried from cloud provider, if available. // -// More info: https://kubernetes.io/docs/concepts/nodes/node/#addresses +// More info: https://kubernetes.io/docs/reference/node/node-status/#addresses // // Note: This field is declared as mergeable, but the merge key is not sufficiently // @@ -20987,7 +20989,7 @@ func (d *NodeStatusDie) DaemonEndpoints(v corev1.NodeDaemonEndpoints) *NodeStatu // Set of ids/uuids to uniquely identify the node. // -// More info: https://kubernetes.io/docs/concepts/nodes/node/#info +// More info: https://kubernetes.io/docs/reference/node/node-status/#info func (d *NodeStatusDie) NodeInfo(v corev1.NodeSystemInfo) *NodeStatusDie { return d.DieStamp(func(r *corev1.NodeStatus) { r.NodeInfo = v @@ -32153,6 +32155,31 @@ func (d *PodSpecDie) ResourceClaimsDie(v ...*PodResourceClaimDie) *PodSpecDie { }) } +// ResourcesDie mutates Resources as a die. +// +// # Resources is the total amount of CPU and Memory resources required by all +// +// containers in the pod. It supports specifying Requests and Limits for +// +// "cpu" and "memory" resource names only. ResourceClaims are not supported. +// +// # This field enables fine-grained control over resource allocation for the +// +// entire pod, allowing resource sharing among containers in a pod. +// +// TODO: For beta graduation, expand this comment with a detailed explanation. +// +// # This is an alpha field and requires enabling the PodLevelResources feature +// +// gate. +func (d *PodSpecDie) ResourcesDie(fn func(d *ResourceRequirementsDie)) *PodSpecDie { + return d.DieStamp(func(r *corev1.PodSpec) { + d := ResourceRequirementsBlank.DieImmutable(false).DieFeedPtr(r.Resources) + fn(d) + r.Resources = d.DieReleasePtr() + }) +} + // List of volumes that can be mounted by containers belonging to the pod. // // More info: https://kubernetes.io/docs/concepts/storage/volumes @@ -32746,6 +32773,27 @@ func (d *PodSpecDie) ResourceClaims(v ...corev1.PodResourceClaim) *PodSpecDie { }) } +// Resources is the total amount of CPU and Memory resources required by all +// +// containers in the pod. It supports specifying Requests and Limits for +// +// "cpu" and "memory" resource names only. ResourceClaims are not supported. +// +// # This field enables fine-grained control over resource allocation for the +// +// entire pod, allowing resource sharing among containers in a pod. +// +// TODO: For beta graduation, expand this comment with a detailed explanation. +// +// # This is an alpha field and requires enabling the PodLevelResources feature +// +// gate. +func (d *PodSpecDie) Resources(v *corev1.ResourceRequirements) *PodSpecDie { + return d.DieStamp(func(r *corev1.PodSpec) { + r.Resources = v + }) +} + var PodSchedulingGateBlank = (&PodSchedulingGateDie{}).DieFeed(corev1.PodSchedulingGate{}) type PodSchedulingGateDie struct { @@ -33760,6 +33808,47 @@ func (d *PodSecurityContextDie) AppArmorProfile(v *corev1.AppArmorProfile) *PodS }) } +// seLinuxChangePolicy defines how the container's SELinux label is applied to all volumes used by the Pod. +// +// It has no effect on nodes that do not support SELinux or to volumes does not support SELinux. +// +// Valid values are "MountOption" and "Recursive". +// +// "Recursive" means relabeling of all files on all Pod volumes by the container runtime. +// +// This may be slow for large volumes, but allows mixing privileged and unprivileged Pods sharing the same volume on the same node. +// +// "MountOption" mounts all eligible Pod volumes with `-o context` mount option. +// +// This requires all Pods that share the same volume to use the same SELinux label. +// +// It is not possible to share the same volume among privileged and unprivileged Pods. +// +// # Eligible volumes are in-tree FibreChannel and iSCSI volumes, and all CSI volumes +// +// whose CSI driver announces SELinux support by setting spec.seLinuxMount: true in their +// +// CSIDriver instance. Other volumes are always re-labelled recursively. +// +// "MountOption" value is allowed only when SELinuxMount feature gate is enabled. +// +// If not specified and SELinuxMount feature gate is enabled, "MountOption" is used. +// +// If not specified and SELinuxMount feature gate is disabled, "MountOption" is used for ReadWriteOncePod volumes +// +// and "Recursive" for all other volumes. +// +// This field affects only Pods that have SELinux label set, either in PodSecurityContext or in SecurityContext of all containers. +// +// All Pods that use the same volume should use the same seLinuxChangePolicy, otherwise some pods can get stuck in ContainerCreating state. +// +// Note that this field cannot be set when spec.os.name is windows. +func (d *PodSecurityContextDie) SELinuxChangePolicy(v *corev1.PodSELinuxChangePolicy) *PodSecurityContextDie { + return d.DieStamp(func(r *corev1.PodSecurityContext) { + r.SELinuxChangePolicy = v + }) +} + var SysctlBlank = (&SysctlDie{}).DieFeed(corev1.Sysctl{}) type SysctlDie struct { @@ -35034,6 +35123,8 @@ func (d *PodDNSConfigOptionDie) DiePatch(patchType types.PatchType) ([]byte, err return patch.Create(d.seal, d.r, patchType) } +// Name is this DNS resolver option's name. +// // Required. func (d *PodDNSConfigOptionDie) Name(v string) *PodDNSConfigOptionDie { return d.DieStamp(func(r *corev1.PodDNSConfigOption) { @@ -35041,6 +35132,7 @@ func (d *PodDNSConfigOptionDie) Name(v string) *PodDNSConfigOptionDie { }) } +// Value is this DNS resolver option's value. func (d *PodDNSConfigOptionDie) Value(v *string) *PodDNSConfigOptionDie { return d.DieStamp(func(r *corev1.PodDNSConfigOption) { r.Value = v @@ -36212,13 +36304,25 @@ func (d *PodStatusDie) DiePatch(patchType types.PatchType) ([]byte, error) { // InitContainerStatusDie mutates a single item in InitContainerStatuses matched by the nested field Name, appending a new item if no match is found. // -// The list has one entry per init container in the manifest. The most recent successful +// Statuses of init containers in this pod. The most recent successful non-restartable // // init container will have ready = true, the most recently started container will have // // startTime set. // -// More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-and-container-status +// Each init container in the pod should have at most one status in this list, +// +// and all statuses should be for containers in the pod. +// +// However this is not enforced. +// +// If a status for a non-existent container is present in the list, or the list has duplicate names, +// +// the behavior of various Kubernetes components is not defined and those statuses might be +// +// ignored. +// +// More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-and-container-status func (d *PodStatusDie) InitContainerStatusDie(v string, fn func(d *ContainerStatusDie)) *PodStatusDie { return d.DieStamp(func(r *corev1.PodStatus) { for i := range r.InitContainerStatuses { @@ -36238,7 +36342,19 @@ func (d *PodStatusDie) InitContainerStatusDie(v string, fn func(d *ContainerStat // ContainerStatusDie mutates a single item in ContainerStatuses matched by the nested field Name, appending a new item if no match is found. // -// The list has one entry per container in the manifest. +// Statuses of containers in this pod. +// +// Each container in the pod should have at most one status in this list, +// +// and all statuses should be for containers in the pod. +// +// However this is not enforced. +// +// If a status for a non-existent container is present in the list, or the list has duplicate names, +// +// the behavior of various Kubernetes components is not defined and those statuses might be +// +// ignored. // // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-and-container-status func (d *PodStatusDie) ContainerStatusDie(v string, fn func(d *ContainerStatusDie)) *PodStatusDie { @@ -36260,7 +36376,21 @@ func (d *PodStatusDie) ContainerStatusDie(v string, fn func(d *ContainerStatusDi // EphemeralContainerStatusDie mutates a single item in EphemeralContainerStatuses matched by the nested field Name, appending a new item if no match is found. // -// Status for any ephemeral containers that have run in this pod. +// Statuses for any ephemeral containers that have run in this pod. +// +// Each ephemeral container in the pod should have at most one status in this list, +// +// and all statuses should be for containers in the pod. +// +// However this is not enforced. +// +// If a status for a non-existent container is present in the list, or the list has duplicate names, +// +// the behavior of various Kubernetes components is not defined and those statuses might be +// +// ignored. +// +// More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-and-container-status func (d *PodStatusDie) EphemeralContainerStatusDie(v string, fn func(d *ContainerStatusDie)) *PodStatusDie { return d.DieStamp(func(r *corev1.PodStatus) { for i := range r.EphemeralContainerStatuses { @@ -36412,20 +36542,44 @@ func (d *PodStatusDie) StartTime(v *apismetav1.Time) *PodStatusDie { }) } -// The list has one entry per init container in the manifest. The most recent successful +// Statuses of init containers in this pod. The most recent successful non-restartable // // init container will have ready = true, the most recently started container will have // // startTime set. // -// More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-and-container-status +// Each init container in the pod should have at most one status in this list, +// +// and all statuses should be for containers in the pod. +// +// However this is not enforced. +// +// If a status for a non-existent container is present in the list, or the list has duplicate names, +// +// the behavior of various Kubernetes components is not defined and those statuses might be +// +// ignored. +// +// More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-and-container-status func (d *PodStatusDie) InitContainerStatuses(v ...corev1.ContainerStatus) *PodStatusDie { return d.DieStamp(func(r *corev1.PodStatus) { r.InitContainerStatuses = v }) } -// The list has one entry per container in the manifest. +// Statuses of containers in this pod. +// +// Each container in the pod should have at most one status in this list, +// +// and all statuses should be for containers in the pod. +// +// However this is not enforced. +// +// If a status for a non-existent container is present in the list, or the list has duplicate names, +// +// the behavior of various Kubernetes components is not defined and those statuses might be +// +// ignored. // // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-and-container-status func (d *PodStatusDie) ContainerStatuses(v ...corev1.ContainerStatus) *PodStatusDie { @@ -36445,7 +36599,21 @@ func (d *PodStatusDie) QOSClass(v corev1.PodQOSClass) *PodStatusDie { }) } -// Status for any ephemeral containers that have run in this pod. +// Statuses for any ephemeral containers that have run in this pod. +// +// Each ephemeral container in the pod should have at most one status in this list, +// +// and all statuses should be for containers in the pod. +// +// However this is not enforced. +// +// If a status for a non-existent container is present in the list, or the list has duplicate names, +// +// the behavior of various Kubernetes components is not defined and those statuses might be +// +// ignored. +// +// More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-and-container-status func (d *PodStatusDie) EphemeralContainerStatuses(v ...corev1.ContainerStatus) *PodStatusDie { return d.DieStamp(func(r *corev1.PodStatus) { r.EphemeralContainerStatuses = v @@ -40850,7 +41018,7 @@ func (d *ServiceSpecDie) InternalTrafficPolicy(v *corev1.ServiceInternalTrafficP // // topologically close (e.g., same zone). // -// This is an alpha field and requires enabling ServiceTrafficDistribution feature. +// This is a beta field and requires enabling ServiceTrafficDistribution feature. func (d *ServiceSpecDie) TrafficDistribution(v *string) *ServiceSpecDie { return d.DieStamp(func(r *corev1.ServiceSpec) { r.TrafficDistribution = v @@ -43110,6 +43278,10 @@ func (d *ServiceAccountDie) MetadataDie(fn func(d *metav1.ObjectMetaDie)) *Servi // // Pods are only limited to this list if this service account has a "kubernetes.io/enforce-mountable-secrets" annotation set to "true". // +// The "kubernetes.io/enforce-mountable-secrets" annotation is deprecated since v1.32. +// +// Prefer separate namespaces to isolate access to mounted secrets. +// // This field should not be used to find auto-generated service account token secrets for use outside of pods. // // Instead, tokens can be requested directly using the TokenRequest API, or service account token secrets can be manually created. @@ -43146,6 +43318,10 @@ func (d *ServiceAccountDie) ImagePullSecretsDie(v ...*LocalObjectReferenceDie) * // // Pods are only limited to this list if this service account has a "kubernetes.io/enforce-mountable-secrets" annotation set to "true". // +// The "kubernetes.io/enforce-mountable-secrets" annotation is deprecated since v1.32. +// +// Prefer separate namespaces to isolate access to mounted secrets. +// // This field should not be used to find auto-generated service account token secrets for use outside of pods. // // Instead, tokens can be requested directly using the TokenRequest API, or service account token secrets can be manually created. diff --git a/diegen/go.mod b/diegen/go.mod index 9076500..5a66702 100644 --- a/diegen/go.mod +++ b/diegen/go.mod @@ -1,18 +1,19 @@ module reconciler.io/dies/diegen -go 1.22.0 +go 1.23.0 require ( - k8s.io/apimachinery v0.31.0 - k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 + k8s.io/apimachinery v0.32.0 + k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738 sigs.k8s.io/controller-tools v0.14.0 ) require ( - github.com/kr/text v0.2.0 // indirect - golang.org/x/mod v0.17.0 // indirect - golang.org/x/sync v0.7.0 // indirect - golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect + github.com/kr/pretty v0.3.1 // indirect + github.com/rogpeppe/go-internal v1.12.0 // indirect + golang.org/x/mod v0.21.0 // indirect + golang.org/x/sync v0.8.0 // indirect + golang.org/x/tools v0.26.0 // indirect gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect gopkg.in/yaml.v2 v2.4.0 // indirect ) diff --git a/diegen/go.sum b/diegen/go.sum index 970ffce..5543c78 100644 --- a/diegen/go.sum +++ b/diegen/go.sum @@ -5,7 +5,6 @@ github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= -github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= @@ -14,22 +13,21 @@ github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE= github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU= github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= -github.com/onsi/gomega v1.30.0 h1:hvMK7xYz4D3HapigLTeGdId/NcfQx1VHMJc60ew99+8= -github.com/onsi/gomega v1.30.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ= +github.com/onsi/gomega v1.35.1 h1:Cwbd75ZBPxFSuZ6T+rN/WCb/gOc6YgFBXLlZLhC7Ds4= +github.com/onsi/gomega v1.35.1/go.mod h1:PvZbdDc8J6XJEpDK4HCuRBm8a6Fzp9/DmhC9C7yFlog= github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= -github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= -golang.org/x/mod v0.17.0 h1:zY54UmvipHiNd+pm+m0x9KhZ9hl1/7QNMyxXbc6ICqA= -golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= -golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ= -golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE= -golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M= -golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= -golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws= -golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4= -golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI= -golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d h1:vU5i/LfpvrRCpgM/VPfJLg5KjxD3E+hfT1SH+d9zLwg= -golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= +golang.org/x/mod v0.21.0 h1:vvrHzRwRfVKSiLrG+d4FMl/Qi4ukBCE6kZlTUkDYRT0= +golang.org/x/mod v0.21.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY= +golang.org/x/net v0.30.0 h1:AcW1SDZMkb8IpzCdQUaIq2sP4sZ4zw+55h6ynffypl4= +golang.org/x/net v0.30.0/go.mod h1:2wGyMJ5iFasEhkwi13ChkO/t1ECNC4X4eBKkVFyYFlU= +golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ= +golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo= +golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/text v0.19.0 h1:kTxAhCbGbxhK0IwgSKiMO5awPoDQ0RpfiVYBfK860YM= +golang.org/x/text v0.19.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= +golang.org/x/tools v0.26.0 h1:v/60pFQmzmT9ExmjDv2gGIfi3OqfKoEP6I5+umXlbnQ= +golang.org/x/tools v0.26.0/go.mod h1:TPVVj70c7JJ3WCazhD8OdXcZg/og+b9+tH/KxylGwH0= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= @@ -39,9 +37,9 @@ gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -k8s.io/apimachinery v0.31.0 h1:m9jOiSr3FoSSL5WO9bjm1n6B9KROYYgNZOb4tyZ1lBc= -k8s.io/apimachinery v0.31.0/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo= -k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 h1:pUdcCO1Lk/tbT5ztQWOBi5HBgbBP1J8+AsQnQCKsi8A= -k8s.io/utils v0.0.0-20240711033017-18e509b52bc8/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +k8s.io/apimachinery v0.32.0 h1:cFSE7N3rmEEtv4ei5X6DaJPHHX0C+upp+v5lVPiEwpg= +k8s.io/apimachinery v0.32.0/go.mod h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE= +k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738 h1:M3sRQVHv7vB20Xc2ybTt7ODCeFj6JSWYFzOFnYeS6Ro= +k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= sigs.k8s.io/controller-tools v0.14.0 h1:rnNoCC5wSXlrNoBKKzL70LNJKIQKEzT6lloG6/LF73A= sigs.k8s.io/controller-tools v0.14.0/go.mod h1:TV7uOtNNnnR72SpzhStvPkoS/U5ir0nMudrkrC4M9Sc= diff --git a/go.mod b/go.mod index 534a76a..d14ddf3 100644 --- a/go.mod +++ b/go.mod @@ -1,17 +1,17 @@ module reconciler.io/dies -go 1.22.0 +go 1.23.0 require ( github.com/evanphx/json-patch/v5 v5.9.0 github.com/google/go-cmp v0.6.0 gomodules.xyz/jsonpatch/v3 v3.0.1 - k8s.io/api v0.31.0 - k8s.io/apiextensions-apiserver v0.31.0 - k8s.io/apimachinery v0.31.0 - k8s.io/client-go v0.31.0 - k8s.io/kube-aggregator v0.31.0 - k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 + k8s.io/api v0.32.0 + k8s.io/apiextensions-apiserver v0.32.0 + k8s.io/apimachinery v0.32.0 + k8s.io/client-go v0.32.0 + k8s.io/kube-aggregator v0.32.0 + k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738 sigs.k8s.io/yaml v1.4.0 ) @@ -19,9 +19,9 @@ require ( github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect github.com/fxamacker/cbor/v2 v2.7.0 // indirect github.com/go-logr/logr v1.4.2 // indirect - github.com/go-openapi/jsonpointer v0.19.6 // indirect + github.com/go-openapi/jsonpointer v0.21.0 // indirect github.com/go-openapi/jsonreference v0.20.2 // indirect - github.com/go-openapi/swag v0.22.4 // indirect + github.com/go-openapi/swag v0.23.0 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang/protobuf v1.5.4 // indirect github.com/google/gnostic-models v0.6.8 // indirect @@ -33,15 +33,14 @@ require ( github.com/modern-go/reflect2 v1.0.2 // indirect github.com/pkg/errors v0.9.1 // indirect github.com/x448/float16 v0.8.4 // indirect - golang.org/x/net v0.26.0 // indirect - golang.org/x/text v0.16.0 // indirect + golang.org/x/net v0.30.0 // indirect + golang.org/x/text v0.19.0 // indirect gomodules.xyz/orderedmap v0.1.0 // indirect - google.golang.org/protobuf v1.34.2 // indirect + google.golang.org/protobuf v1.35.1 // indirect gopkg.in/inf.v0 v0.9.1 // indirect - gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect k8s.io/klog/v2 v2.130.1 // indirect - k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect - sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect - sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect + k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f // indirect + sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 // indirect + sigs.k8s.io/structured-merge-diff/v4 v4.4.2 // indirect ) diff --git a/go.sum b/go.sum index 48021d4..04f16e8 100644 --- a/go.sum +++ b/go.sum @@ -11,13 +11,14 @@ github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ= github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= -github.com/go-openapi/jsonpointer v0.19.6 h1:eCs3fxoIi3Wh6vtgmLTOjdhSpiqphQ+DaPn38N2ZdrE= github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs= +github.com/go-openapi/jsonpointer v0.21.0 h1:YgdVicSA9vH5RiHs9TZW5oyafXZFc6+2Vc1rr/O9oNQ= +github.com/go-openapi/jsonpointer v0.21.0/go.mod h1:IUyH9l/+uyhIYQ/PXVA41Rexl+kOkAPDdXEYns6fzUY= github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE= github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k= github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= -github.com/go-openapi/swag v0.22.4 h1:QLMzNJnMGPRNDCbySlcj1x01tzU8/9LTTL9hZZZogBU= -github.com/go-openapi/swag v0.22.4/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= +github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+GrE= +github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ= github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI= github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= @@ -32,8 +33,8 @@ github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeN github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/pprof v0.0.0-20240525223248-4bfdf5a9a2af h1:kmjWCqn2qkEml422C2Rrd27c3VGxi6a/6HNq8QmHRKM= -github.com/google/pprof v0.0.0-20240525223248-4bfdf5a9a2af/go.mod h1:K1liHPHnj73Fdn/EKuT8nrFqBihUSKXoLYU0BuatOYo= +github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db h1:097atOisP2aRj7vFgYQBbFN4U4JNXUNYpxael3UzMyo= +github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= @@ -54,10 +55,10 @@ github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M= github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= -github.com/onsi/ginkgo/v2 v2.19.0 h1:9Cnnf7UHo57Hy3k6/m5k3dRfGTMXGvxhHFvkDTCTpvA= -github.com/onsi/ginkgo/v2 v2.19.0/go.mod h1:rlwLi9PilAFJ8jCg9UE1QP6VBpd6/xj3SRC0d6TU0To= -github.com/onsi/gomega v1.19.0 h1:4ieX6qQjPP/BfC3mpsAtIGGlxTWPeA3Inl/7DtXw1tw= -github.com/onsi/gomega v1.19.0/go.mod h1:LY+I3pBVzYsTBU1AnDwOSxaYi9WoWiqgwooUqq9yPro= +github.com/onsi/ginkgo/v2 v2.21.0 h1:7rg/4f3rB88pb5obDgNZrNHrQ4e6WpjonchcpuBRnZM= +github.com/onsi/ginkgo/v2 v2.21.0/go.mod h1:7Du3c42kxCUegi0IImZ1wUQzMBVecgIHjR1C+NkhLQo= +github.com/onsi/gomega v1.35.1 h1:Cwbd75ZBPxFSuZ6T+rN/WCb/gOc6YgFBXLlZLhC7Ds4= +github.com/onsi/gomega v1.35.1/go.mod h1:PvZbdDc8J6XJEpDK4HCuRBm8a6Fzp9/DmhC9C7yFlog= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= @@ -90,26 +91,26 @@ golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ= -golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE= +golang.org/x/net v0.30.0 h1:AcW1SDZMkb8IpzCdQUaIq2sP4sZ4zw+55h6ynffypl4= +golang.org/x/net v0.30.0/go.mod h1:2wGyMJ5iFasEhkwi13ChkO/t1ECNC4X4eBKkVFyYFlU= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws= -golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo= +golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4= -golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI= +golang.org/x/text v0.19.0 h1:kTxAhCbGbxhK0IwgSKiMO5awPoDQ0RpfiVYBfK860YM= +golang.org/x/text v0.19.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d h1:vU5i/LfpvrRCpgM/VPfJLg5KjxD3E+hfT1SH+d9zLwg= -golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= +golang.org/x/tools v0.26.0 h1:v/60pFQmzmT9ExmjDv2gGIfi3OqfKoEP6I5+umXlbnQ= +golang.org/x/tools v0.26.0/go.mod h1:TPVVj70c7JJ3WCazhD8OdXcZg/og+b9+tH/KxylGwH0= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -118,39 +119,36 @@ gomodules.xyz/jsonpatch/v3 v3.0.1 h1:Te7hKxV52TKCbNYq3t84tzKav3xhThdvSsSp/W89IyI gomodules.xyz/jsonpatch/v3 v3.0.1/go.mod h1:CBhndykehEwTOlEfnsfJwvkFQbSN8YZFr9M+cIHAJto= gomodules.xyz/orderedmap v0.1.0 h1:fM/+TGh/O1KkqGR5xjTKg6bU8OKBkg7p0Y+x/J9m8Os= gomodules.xyz/orderedmap v0.1.0/go.mod h1:g9/TPUCm1t2gwD3j3zfV8uylyYhVdCNSi+xCEIu7yTU= -google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg= -google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw= +google.golang.org/protobuf v1.35.1 h1:m3LfL6/Ca+fqnjnlqQXNpFPABW1UD7mjh8KO2mKFytA= +google.golang.org/protobuf v1.35.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= -gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -k8s.io/api v0.31.0 h1:b9LiSjR2ym/SzTOlfMHm1tr7/21aD7fSkqgD/CVJBCo= -k8s.io/api v0.31.0/go.mod h1:0YiFF+JfFxMM6+1hQei8FY8M7s1Mth+z/q7eF1aJkTE= -k8s.io/apiextensions-apiserver v0.31.0 h1:fZgCVhGwsclj3qCw1buVXCV6khjRzKC5eCFt24kyLSk= -k8s.io/apiextensions-apiserver v0.31.0/go.mod h1:b9aMDEYaEe5sdK+1T0KU78ApR/5ZVp4i56VacZYEHxk= -k8s.io/apimachinery v0.31.0 h1:m9jOiSr3FoSSL5WO9bjm1n6B9KROYYgNZOb4tyZ1lBc= -k8s.io/apimachinery v0.31.0/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo= -k8s.io/client-go v0.31.0 h1:QqEJzNjbN2Yv1H79SsS+SWnXkBgVu4Pj3CJQgbx0gI8= -k8s.io/client-go v0.31.0/go.mod h1:Y9wvC76g4fLjmU0BA+rV+h2cncoadjvjjkkIGoTLcGU= +k8s.io/api v0.32.0 h1:OL9JpbvAU5ny9ga2fb24X8H6xQlVp+aJMFlgtQjR9CE= +k8s.io/api v0.32.0/go.mod h1:4LEwHZEf6Q/cG96F3dqR965sYOfmPM7rq81BLgsE0p0= +k8s.io/apiextensions-apiserver v0.32.0 h1:S0Xlqt51qzzqjKPxfgX1xh4HBZE+p8KKBq+k2SWNOE0= +k8s.io/apiextensions-apiserver v0.32.0/go.mod h1:86hblMvN5yxMvZrZFX2OhIHAuFIMJIZ19bTvzkP+Fmw= +k8s.io/apimachinery v0.32.0 h1:cFSE7N3rmEEtv4ei5X6DaJPHHX0C+upp+v5lVPiEwpg= +k8s.io/apimachinery v0.32.0/go.mod h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE= +k8s.io/client-go v0.32.0 h1:DimtMcnN/JIKZcrSrstiwvvZvLjG0aSxy8PxN8IChp8= +k8s.io/client-go v0.32.0/go.mod h1:boDWvdM1Drk4NJj/VddSLnx59X3OPgwrOo0vGbtq9+8= k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/kube-aggregator v0.31.0 h1:3DqSpmqHF8rey7fY+qYXLJms0tYPhxrgWvjpnKVnS0Y= -k8s.io/kube-aggregator v0.31.0/go.mod h1:Fa+OVSpMQC7zbTTz7/QG7FXe9jZ8usuJQej5sMdCrkM= -k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 h1:BZqlfIlq5YbRMFko6/PM7FjZpUb45WallggurYhKGag= -k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98= -k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 h1:pUdcCO1Lk/tbT5ztQWOBi5HBgbBP1J8+AsQnQCKsi8A= -k8s.io/utils v0.0.0-20240711033017-18e509b52bc8/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= -sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= -sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4= -sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08= +k8s.io/kube-aggregator v0.32.0 h1:5ZyMW3QwAbmkasQrROcpa5we3et938DQuyUYHeXSPao= +k8s.io/kube-aggregator v0.32.0/go.mod h1:6OKivf6Ypx44qu2v1ZUMrxH8kRp/8LKFKeJU72J18lU= +k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f h1:GA7//TjRY9yWGy1poLzYYJJ4JRdzg3+O6e8I+e+8T5Y= +k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f/go.mod h1:R/HEjbvWI0qdfb8viZUeVZm0X6IZnxAydC7YU42CMw4= +k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738 h1:M3sRQVHv7vB20Xc2ybTt7ODCeFj6JSWYFzOFnYeS6Ro= +k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 h1:/Rv+M11QRah1itp8VhT6HoVx1Ray9eB4DBr+K+/sCJ8= +sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3/go.mod h1:18nIHnGi6636UCz6m8i4DhaJ65T6EruyzmoQqI2BVDo= +sigs.k8s.io/structured-merge-diff/v4 v4.4.2 h1:MdmvkGuXi/8io6ixD5wud3vOLwc1rj0aNqRlpuvjmwA= +sigs.k8s.io/structured-merge-diff/v4 v4.4.2/go.mod h1:N8f93tFZh9U6vpxwRArLiikrE5/2tiu1w1AGfACIGE4= sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E= sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY= diff --git a/go.work b/go.work index ace4c62..f99a69e 100644 --- a/go.work +++ b/go.work @@ -1,4 +1,4 @@ -go 1.22.0 +go 1.23.0 use ( . diff --git a/go.work.sum b/go.work.sum index eb990d1..835d2a3 100644 --- a/go.work.sum +++ b/go.work.sum @@ -1,3 +1,4 @@ +cel.dev/expr v0.18.0/go.mod h1:MrpN08Q+lEBs+bGYdLxxHkZoUSsCp0nSKTs0nTymJgw= cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ= @@ -27,6 +28,7 @@ github.com/felixge/httpsnoop v1.0.3/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSw github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/fxamacker/cbor/v2 v2.6.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ= github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= +github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= github.com/gobuffalo/flect v0.2.3 h1:f/ZukRnSNA/DUpSNDadko7Qc0PhGvsew35p/2tu+CRY= github.com/gobuffalo/flect v0.2.3/go.mod h1:vmkQwuZYhN5Pc4ljYQZzP+1sq+NEkK+lh20jmEmX3jc= @@ -40,12 +42,14 @@ github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9 github.com/google/cel-go v0.17.7/go.mod h1:HXZKzB0LXqer5lHHgfWAnlYwJaQBDKMjxjulNQzhwhY= github.com/google/cel-go v0.17.8/go.mod h1:HXZKzB0LXqer5lHHgfWAnlYwJaQBDKMjxjulNQzhwhY= github.com/google/cel-go v0.20.1/go.mod h1:kWcIzTsPX0zmQ+H3TirHstLLf9ep5QTsZBN9u4dOYLg= +github.com/google/cel-go v0.22.0/go.mod h1:BuznPXXfQDpXKWQ9sPW3TzlAJN5zzFe+i9tIs0yC4s8= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= +github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= github.com/grpc-ecosystem/go-grpc-middleware v1.3.0/go.mod h1:z0ButlSOZa5vEBq9m2m2hlwIgKw+rp3sdCBRoJY+30Y= github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk= github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= @@ -56,6 +60,7 @@ github.com/imdario/mergo v0.3.6/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJ github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= github.com/jonboulle/clockwork v0.2.2/go.mod h1:Pkfl5aHPm1nk2H9h0bjmnJD/BcgbGXUBGnn1kMkgxc8= +github.com/jonboulle/clockwork v0.4.0/go.mod h1:xgRqUGwRcjKCO1vbZUEtSLrqKoPSsUpK7fnezOII0kc= github.com/mattn/go-colorable v0.1.8 h1:c1ghPdyEDarC70ftn0y+A/Ee++9zz8ljHG1b13eJ0s8= github.com/mattn/go-colorable v0.1.8/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA= @@ -67,6 +72,7 @@ github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= github.com/moby/spdystream v0.2.0/go.mod h1:f7i0iNDQJ059oMTcWxx8MA/zKFIuD/lY+0GqbN2Wy8c= github.com/moby/spdystream v0.4.0/go.mod h1:xBAYlnt/ay+11ShkdFKNAG7LsyK/tmNBVvVOwrfMgdI= +github.com/moby/spdystream v0.5.0/go.mod h1:xBAYlnt/ay+11ShkdFKNAG7LsyK/tmNBVvVOwrfMgdI= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= github.com/onsi/ginkgo/v2 v2.13.0/go.mod h1:TE309ZR8s5FsKKpuB1YAQYBzCaAfUgatB/xlT/ETL/o= @@ -91,27 +97,37 @@ github.com/spf13/cobra v1.8.0/go.mod h1:WXLWApfZ71AjXPya3WOlMsY9yMs7YeiHhFVlvLyh github.com/spf13/cobra v1.8.1 h1:e5/vxKd/rZsfSJMUX1agtjeTDf+qv1/JdBF8gg5k9ZM= github.com/spf13/cobra v1.8.1/go.mod h1:wHxEcudfqmLYa8iTfL+OuZPbBZkmvliBWKIezN3kD9Y= github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8= +github.com/stoewer/go-strcase v1.3.0/go.mod h1:fAH5hQ5pehh+j3nZfvwdk2RgEgQjAoM8wodgtPmh1xo= github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA= github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/tmc/grpc-websocket-proxy v0.0.0-20220101234140-673ab2c3ae75/go.mod h1:KO6IkyS8Y3j8OdNO85qEYBsRPuteD+YciPomcXdrMnk= github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= +github.com/xiang90/probing v0.0.0-20221125231312-a49e3df8f510/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= go.etcd.io/bbolt v1.3.8/go.mod h1:N9Mkw9X8x5fupy0IKsmuqVtoGDyxsaDlbk4Rd05IAQw= go.etcd.io/bbolt v1.3.9/go.mod h1:zaO32+Ti0PK1ivdPtgMESzuzL2VPoIG1PCQNvOdo/dE= +go.etcd.io/bbolt v1.3.11/go.mod h1:dksAq7YMXoljX0xu6VF5DMZGbhYYoLUalEiSySYAS4I= go.etcd.io/etcd/api/v3 v3.5.10/go.mod h1:TidfmT4Uycad3NM/o25fG3J07odo4GBB9hoxaodFCtI= go.etcd.io/etcd/api/v3 v3.5.14/go.mod h1:BmtWcRlQvwa1h3G2jvKYwIQy4PkHlDej5t7uLMUdJUU= +go.etcd.io/etcd/api/v3 v3.5.16/go.mod h1:1P4SlIP/VwkDmGo3OlOD7faPeP8KDIFhqvciH5EfN28= go.etcd.io/etcd/client/pkg/v3 v3.5.10/go.mod h1:DYivfIviIuQ8+/lCq4vcxuseg2P2XbHygkKwFo9fc8U= go.etcd.io/etcd/client/pkg/v3 v3.5.14/go.mod h1:8uMgAokyG1czCtIdsq+AGyYQMvpIKnSvPjFMunkgeZI= +go.etcd.io/etcd/client/pkg/v3 v3.5.16/go.mod h1:V8acl8pcEK0Y2g19YlOV9m9ssUe6MgiDSobSoaBAM0E= go.etcd.io/etcd/client/v2 v2.305.10/go.mod h1:m3CKZi69HzilhVqtPDcjhSGp+kA1OmbNn0qamH80xjA= go.etcd.io/etcd/client/v2 v2.305.13/go.mod h1:iQnL7fepbiomdXMb3om1rHq96htNNGv2sJkEcZGDRRg= +go.etcd.io/etcd/client/v2 v2.305.16/go.mod h1:h9YxWCzcdvZENbfzBTFCnoNumr2ax3F19sKMqHFmXHE= go.etcd.io/etcd/client/v3 v3.5.10/go.mod h1:RVeBnDz2PUEZqTpgqwAtUd8nAPf5kjyFyND7P1VkOKc= go.etcd.io/etcd/client/v3 v3.5.14/go.mod h1:k3XfdV/VIHy/97rqWjoUzrj9tk7GgJGH9J8L4dNXmAk= +go.etcd.io/etcd/client/v3 v3.5.16/go.mod h1:X+rExSGkyqxvu276cr2OwPLBaeqFu1cIl4vmRjAD/50= go.etcd.io/etcd/pkg/v3 v3.5.10/go.mod h1:TKTuCKKcF1zxmfKWDkfz5qqYaE3JncKKZPFf8c1nFUs= go.etcd.io/etcd/pkg/v3 v3.5.13/go.mod h1:N+4PLrp7agI/Viy+dUYpX7iRtSPvKq+w8Y14d1vX+m0= +go.etcd.io/etcd/pkg/v3 v3.5.16/go.mod h1:+lutCZHG5MBBFI/U4eYT5yL7sJfnexsoM20Y0t2uNuY= go.etcd.io/etcd/raft/v3 v3.5.10/go.mod h1:odD6kr8XQXTy9oQnyMPBOr0TVe+gT0neQhElQ6jbGRc= go.etcd.io/etcd/raft/v3 v3.5.13/go.mod h1:uUFibGLn2Ksm2URMxN1fICGhk8Wu96EfDQyuLhAcAmw= +go.etcd.io/etcd/raft/v3 v3.5.16/go.mod h1:P4UP14AxofMJ/54boWilabqqWoW9eLodl6I5GdGzazI= go.etcd.io/etcd/server/v3 v3.5.10/go.mod h1:gBplPHfs6YI0L+RpGkTQO7buDbHv5HJGG/Bst0/zIPo= go.etcd.io/etcd/server/v3 v3.5.13/go.mod h1:K/8nbsGupHqmr5MkgaZpLlH1QdX1pcNQLAkODy44XcQ= +go.etcd.io/etcd/server/v3 v3.5.16/go.mod h1:ynhyZZpdDp1Gq49jkUg5mfkDWZwXnn3eIqCqtJnrD/s= go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.42.0/go.mod h1:5z+/ZWJQKXa9YT34fQNx5K8Hd1EoIhvtUygUQPqEOgQ= go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.53.0/go.mod h1:azvtTADFQJA8mX80jIH/akaE7h+dbm/sVuaHqN13w74= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.44.0/go.mod h1:SeQhzAEccGVZVEy7aH87Nh0km+utSpo1pTv6eMMop48= @@ -135,38 +151,48 @@ go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= go.uber.org/zap v1.19.0/go.mod h1:xg/QME4nWcxGxrpdeYfq7UvYrLh66cuVKdrbD1XF/NI= go.uber.org/zap v1.26.0/go.mod h1:dtElttAiwGvoJ/vj4IwHBS/gXsEu/pZ50mUIRWuG0so= +go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E= golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4= golang.org/x/crypto v0.16.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM= +golang.org/x/crypto v0.28.0/go.mod h1:rmgy+3RHxRZMyY0jjAJShp2zgEdOqj2AO7U0pYmeQ7U= golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e/go.mod h1:Kr81I6Kryrl9sr8s2FK3vxD90NdsKWRuOIl2O4CvYbA= golang.org/x/exp v0.0.0-20230515195305-f3d0a9c9a5cc/go.mod h1:V1LtkGg67GoY2N1AnLN78QLrzxkLyJw7RJb1gzOOz9w= +golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= golang.org/x/oauth2 v0.10.0/go.mod h1:kTpgurOux7LqtuxjuyZa4Gj2gdezIt/jQtGnNFfypQI= golang.org/x/oauth2 v0.21.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= +golang.org/x/oauth2 v0.23.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/telemetry v0.0.0-20240208230135-b75ee8823808/go.mod h1:KG1lNk5ZFNssSZLrpVb4sMXKMpGwGXOxSG3rnu2gZQQ= golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE= +golang.org/x/telemetry v0.0.0-20240521205824-bda55230c457/go.mod h1:pRgIJT+bRLFKnoM1ldnzKoxTIn14Yxz928LQRYYgIN0= golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= golang.org/x/term v0.21.0/go.mod h1:ooXLefLobQVslOqselCNF4SxFAaoS6KujMbsGzSDmX0= +golang.org/x/term v0.25.0/go.mod h1:RPyXicDX+6vLxogjjRxjgD2TKtmAO6NZBsBRfrOLu7M= golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/time v0.7.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58= golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8= google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= google.golang.org/genproto v0.0.0-20230803162519-f966b187b2e5/go.mod h1:oH/ZOT02u4kWEp7oYBGYFFkCdKS/uYR9Z7+0/xuuFp8= google.golang.org/genproto v0.0.0-20230822172742-b8732ec3820d/go.mod h1:yZTlhN0tQnXo3h00fuXNCxJdLdIdnVFVBaRJ5LWBbw4= +google.golang.org/genproto v0.0.0-20240123012728-ef4313101c80/go.mod h1:cc8bqMqtv9gMOr0zHg2Vzff5ULhhL2IXP4sbcn32Dro= google.golang.org/genproto/googleapis/api v0.0.0-20230726155614-23370e0ffb3e/go.mod h1:rsr7RhLuwsDKL7RmgDDCUc6yaGr1iqceVb5Wv6f6YvQ= google.golang.org/genproto/googleapis/api v0.0.0-20240528184218-531527333157/go.mod h1:99sLkeliLXfdj2J75X3Ho+rrVCaJze0uwN7zDDkjPVU= +google.golang.org/genproto/googleapis/api v0.0.0-20240826202546-f6391c0de4c7/go.mod h1:OCdP9MfskevB/rbYvHTsXTtKC+3bHWajPdoKgjcYkfo= google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d/go.mod h1:+Bk1OCOj40wS2hwAMA+aCW9ypzm63QTBBHp6lQ3p+9M= google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240826202546-f6391c0de4c7/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU= google.golang.org/grpc v1.58.3/go.mod h1:tgX3ZQDlNJGU96V6yHh1T/JeoBQ2TXdr43YbYSsCJk0= google.golang.org/grpc v1.65.0/go.mod h1:WgYC2ypjlB0EiQi6wdKixMqukr6lBc0Vo+oOgjrM5ZQ= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= @@ -176,20 +202,26 @@ gopkg.in/natefinch/lumberjack.v2 v2.2.1/go.mod h1:YD8tP3GAjkrDg1eZH7EGmyESg/lsYs k8s.io/apiserver v0.29.0/go.mod h1:31n78PsRKPmfpee7/l9NYEv67u6hOL6AfcE761HapDM= k8s.io/apiserver v0.30.0/go.mod h1:smOIBq8t0MbKZi7O7SyIpjPsiKJ8qa+llcFCluKyqiY= k8s.io/apiserver v0.31.0/go.mod h1:KI9ox5Yu902iBnnyMmy7ajonhKnkeZYJhTZ/YI+WEMk= +k8s.io/apiserver v0.32.0/go.mod h1:HFh+dM1/BE/Hm4bS4nTXHVfN6Z6tFIZPi649n83b4Ag= k8s.io/code-generator v0.29.0/go.mod h1:5bqIZoCxs2zTRKMWNYqyQWW/bajc+ah4rh0tMY8zdGA= k8s.io/code-generator v0.30.0/go.mod h1:mBMZhfRR4IunJUh2+7LVmdcWwpouCH5+LNPkZ3t/v7Q= k8s.io/code-generator v0.31.0/go.mod h1:84y4w3es8rOJOUUP1rLsIiGlO1JuEaPFXQPA9e/K6U0= +k8s.io/code-generator v0.32.0/go.mod h1:b7Q7KMZkvsYFy72A79QYjiv4aTz3GvW0f1T3UfhFq4s= k8s.io/component-base v0.29.0/go.mod h1:sADonFTQ9Zc9yFLghpDpmNXEdHyQmFIGbiuZbqAXQ1M= k8s.io/component-base v0.30.0/go.mod h1:V9x/0ePFNaKeKYA3bOvIbrNoluTSG+fSJKjLdjOoeXQ= k8s.io/component-base v0.31.0/go.mod h1:TYVuzI1QmN4L5ItVdMSXKvH7/DtvIuas5/mm8YT3rTo= +k8s.io/component-base v0.32.0/go.mod h1:JLG2W5TUxUu5uDyKiH2R/7NnxJo1HlPoRIIbVLkK5eM= k8s.io/gengo v0.0.0-20230829151522-9cce18d56c01/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= k8s.io/gengo/v2 v2.0.0-20240228010128-51d4e06bde70/go.mod h1:VH3AT8AaQOqiGjMF9p0/IM1Dj+82ZwjfxUP1IxaHE+8= +k8s.io/gengo/v2 v2.0.0-20240911193312-2b36238f13e9/go.mod h1:EJykeLsmFC60UQbYJezXkEsG2FLrt0GPNkU5iK5GWxU= k8s.io/klog/v2 v2.80.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= k8s.io/kms v0.29.0/go.mod h1:mB0f9HLxRXeXUfHfn1A7rpwOlzXI1gIWu86z6buNoYA= k8s.io/kms v0.30.0/go.mod h1:GrMurD0qk3G4yNgGcsCEmepqf9KyyIrTXYR2lyUOJC4= k8s.io/kms v0.31.0/go.mod h1:OZKwl1fan3n3N5FFxnW5C4V3ygrah/3YXeJWS3O6+94= +k8s.io/kms v0.32.0/go.mod h1:Bk2evz/Yvk0oVrvm4MvZbgq8BD34Ksxs2SRHn4/UiOM= k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00/go.mod h1:AsvuZPBlUDVuCdzJ87iajxtXuR9oktsTctW/R9wwouA= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.28.0/go.mod h1:VHVDI/KrK4fjnV61bE2g3sA7tiETLn8sooImelsCx3Y= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.29.0/go.mod h1:z7+wmGM2dfIiLRfrC6jb5kV2Mq/sK1ZP303cxzkV5Y4= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.30.3/go.mod h1:Ve9uj1L+deCXFrPOk1LpFXqTg7LCFzFso6PA48q/XZw= +sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.31.0/go.mod h1:Ve9uj1L+deCXFrPOk1LpFXqTg7LCFzFso6PA48q/XZw= sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8=