build: update CRDs and k8s dependencies (#48)

Co-authored-by: Tomasz Smelcerz <[email protected]>

.circleci/config.yml

@@ -2,7 +2,7 @@ version: 2
 jobs:
   build:
     docker:
-      - image: circleci/golang:1.13
+      - image: circleci/golang:1.15
     working_directory: /go/src/github.com/ory/oathkeeper-maester
     steps:
       - checkout
@@ -23,7 +23,7 @@ jobs:
       - run: make
   test:
     docker:
-      - image: circleci/golang:1.13
+      - image: circleci/golang:1.15
     working_directory: /go/src/github.com/ory/oathkeeper-maester
     steps:
       - checkout
@@ -49,8 +49,8 @@ jobs:
           name: Update golang
           command: |
             sudo rm -rf /usr/local/go/
-            curl -LO https://dl.google.com/go/go1.13.3.linux-amd64.tar.gz
-            sudo tar -C /usr/local -xzf go1.13.3.linux-amd64.tar.gz
+            curl -LO https://dl.google.com/go/go1.15.11.linux-amd64.tar.gz
+            sudo tar -C /usr/local -xzf go1.15.11.linux-amd64.tar.gz
             sudo echo "export PATH=$PATH:/usr/local/go/bin" >> $HOME/.profile
             go version
       - run:
@@ -75,7 +75,7 @@ jobs:
       - run:
           name: Install Kind
           command: |
-            curl -Lo ./kind https://github.com/kubernetes-sigs/kind/releases/download/v0.4.0/kind-linux-amd64
+            curl -Lo ./kind https://github.com/kubernetes-sigs/kind/releases/download/v0.10.0/kind-linux-amd64
             chmod +x ./kind
             sudo mv ./kind /usr/local/bin/kind
       - run:
@@ -91,7 +91,7 @@ jobs:
 
   release:
     docker:
-      - image: circleci/golang:1.13
+      - image: circleci/golang:1.15
     working_directory: /go/src/github.com/ory/oathkeeper-maester
     steps:
       - checkout

Makefile

@@ -2,7 +2,7 @@
 # Image URL to use all building/pushing image targets
 IMG ?= controller:latest
 # Produce CRDs that work back to Kubernetes 1.11 (no version conversion)
-CRD_OPTIONS ?= "crd:trivialVersions=true"
+CRD_OPTIONS ?= "crd:trivialVersions=true,crdVersions=v1"
 
 run-with-cleanup = $(1) && $(2) || (ret=$$?; $(2) && exit $$ret)
 
@@ -14,11 +14,11 @@ test: generate fmt vet manifests
 
 # Start KIND pseudo-cluster
 kind-start:
-	GO111MODULE=on go get "sigs.k8s.io/kind@v0.7.0" && kind create cluster
+	GO111MODULE=on go get "sigs.k8s.io/kind@v0.10.0" && kind create cluster
 
 # Stop KIND pseudo-cluster
 kind-stop:
-	GO111MODULE=on go get "sigs.k8s.io/kind@v0.7.0" && kind delete cluster
+	GO111MODULE=on go get "sigs.k8s.io/kind@v0.10.0" && kind delete cluster
 
 # Deploy on KIND
 # Ensures the controller image is built, deploys the image to KIND cluster along with necessary configuration
@@ -87,7 +87,7 @@ docker-push:
 # download controller-gen if necessary
 controller-gen:
 ifeq (, $(shell which controller-gen))
-	go get sigs.k8s.io/controller-tools/cmd/controller-gen@v0.2.9
+	go get sigs.k8s.io/controller-tools/cmd/controller-gen@v0.5.0
 CONTROLLER_GEN=$(shell which controller-gen)
 else
 CONTROLLER_GEN=$(shell which controller-gen)

api/v1alpha1/rule_types.go

@@ -130,6 +130,8 @@ type Handler struct {
 	Name string `json:"handler"`
 	// Config configures the handler. Configuration keys vary per handler.
 	// +kubebuilder:validation:Type=object
+	// +kubebuilder:pruning:PreserveUnknownFields
+	// +kubebuilder:validation:XPreserveUnknownFields
 	Config *runtime.RawExtension `json:"config,omitempty"`
 }
 
@@ -180,7 +182,7 @@ func (rl RuleList) FilterOutRule(r Rule) RuleList {
 	rlCopy := rl
 	validRules := []Rule{}
 	for _, rule := range rl.Items {
-		if rule.ObjectMeta.SelfLink != r.ObjectMeta.SelfLink {
+		if rule.ObjectMeta.UID != r.ObjectMeta.UID {
 			validRules = append(validRules, rule)
 		}
 	}

config/crd/bases/oathkeeper.ory.sh_rules.yaml

@@ -1,10 +1,10 @@
 
 ---
-apiVersion: apiextensions.k8s.io/v1beta1
+apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.2.9
+    controller-gen.kubebuilder.io/version: v0.5.0
   creationTimestamp: null
   name: rules.oathkeeper.ory.sh
 spec:
@@ -15,119 +15,121 @@ spec:
     plural: rules
     singular: rule
   scope: Namespaced
-  validation:
-    openAPIV3Schema:
-      description: Rule is the Schema for the rules API
-      properties:
-        apiVersion:
-          description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-          type: string
-        kind:
-          description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-          type: string
-        metadata:
-          type: object
-        spec:
-          description: RuleSpec defines the desired state of Rule
-          properties:
-            authenticators:
-              items:
-                description: Authenticator represents a handler that authenticates provided credentials.
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: Rule is the Schema for the rules API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: RuleSpec defines the desired state of Rule
+            properties:
+              authenticators:
+                items:
+                  description: Authenticator represents a handler that authenticates provided credentials.
+                  properties:
+                    config:
+                      description: Config configures the handler. Configuration keys vary per handler.
+                      type: object
+                      x-kubernetes-preserve-unknown-fields: true
+                    handler:
+                      description: Name is the name of a handler
+                      type: string
+                  required:
+                  - handler
+                  type: object
+                type: array
+              authorizer:
+                description: Authorizer represents a handler that authorizes the subject ("user") from the previously validated credentials making the request.
                 properties:
                   config:
                     description: Config configures the handler. Configuration keys vary per handler.
                     type: object
+                    x-kubernetes-preserve-unknown-fields: true
                   handler:
                     description: Name is the name of a handler
                     type: string
                 required:
                 - handler
                 type: object
-              type: array
-            authorizer:
-              description: Authorizer represents a handler that authorizes the subject ("user") from the previously validated credentials making the request.
-              properties:
-                config:
-                  description: Config configures the handler. Configuration keys vary per handler.
-                  type: object
-                handler:
-                  description: Name is the name of a handler
-                  type: string
-              required:
-              - handler
-              type: object
-            configMapName:
-              description: ConfigMapName points to the K8s ConfigMap that contains these rules
-              maxLength: 253
-              minLength: 1
-              pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*'
-              type: string
-            match:
-              description: Match defines the URL(s) that an access rule should match.
-              properties:
-                methods:
-                  description: Methods represent an array of HTTP methods (e.g. GET, POST, PUT, DELETE, ...)
-                  items:
+              configMapName:
+                description: ConfigMapName points to the K8s ConfigMap that contains these rules
+                maxLength: 253
+                minLength: 1
+                pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*'
+                type: string
+              match:
+                description: Match defines the URL(s) that an access rule should match.
+                properties:
+                  methods:
+                    description: Methods represent an array of HTTP methods (e.g. GET, POST, PUT, DELETE, ...)
+                    items:
+                      type: string
+                    type: array
+                  url:
+                    description: URL is the URL that should be matched. It supports regex templates.
                     type: string
-                  type: array
-                url:
-                  description: URL is the URL that should be matched. It supports regex templates.
-                  type: string
-              required:
-              - methods
-              - url
-              type: object
-            mutators:
-              items:
-                description: Mutator represents a handler that transforms the HTTP request before forwarding it.
+                required:
+                - methods
+                - url
+                type: object
+              mutators:
+                items:
+                  description: Mutator represents a handler that transforms the HTTP request before forwarding it.
+                  properties:
+                    config:
+                      description: Config configures the handler. Configuration keys vary per handler.
+                      type: object
+                      x-kubernetes-preserve-unknown-fields: true
+                    handler:
+                      description: Name is the name of a handler
+                      type: string
+                  required:
+                  - handler
+                  type: object
+                type: array
+              upstream:
+                description: Upstream represents the location of a server where requests matching a rule should be forwarded to.
                 properties:
-                  config:
-                    description: Config configures the handler. Configuration keys vary per handler.
-                    type: object
-                  handler:
-                    description: Name is the name of a handler
+                  preserveHost:
+                    description: PreserveHost includes the host and port of the url value if set to false. If true, the host and port of the ORY Oathkeeper Proxy will be used instead.
+                    type: boolean
+                  stripPath:
+                    description: StripPath replaces the provided path prefix when forwarding the requested URL to the upstream URL.
+                    type: string
+                  url:
+                    description: URL defines the target URL for incoming requests
+                    maxLength: 256
+                    minLength: 3
+                    pattern: ^(?:https?:\/\/)?(?:[^@\/\n]+@)?(?:www\.)?([^:\/\n]+)
                     type: string
                 required:
-                - handler
+                - url
                 type: object
-              type: array
-            upstream:
-              description: Upstream represents the location of a server where requests matching a rule should be forwarded to.
-              properties:
-                preserveHost:
-                  description: PreserveHost includes the host and port of the url value if set to false. If true, the host and port of the ORY Oathkeeper Proxy will be used instead.
-                  type: boolean
-                stripPath:
-                  description: StripPath replaces the provided path prefix when forwarding the requested URL to the upstream URL.
-                  type: string
-                url:
-                  description: URL defines the target URL for incoming requests
-                  maxLength: 256
-                  minLength: 3
-                  pattern: ^(?:https?:\/\/)?(?:[^@\/\n]+@)?(?:www\.)?([^:\/\n]+)
-                  type: string
-              required:
-              - url
-              type: object
-          required:
-          - match
-          type: object
-        status:
-          description: RuleStatus defines the observed state of Rule
-          properties:
-            validation:
-              description: Validation defines the validation state of Rule
-              properties:
-                valid:
-                  type: boolean
-                validationError:
-                  type: string
-              type: object
-          type: object
-      type: object
-  version: v1alpha1
-  versions:
-  - name: v1alpha1
+            required:
+            - match
+            type: object
+          status:
+            description: RuleStatus defines the observed state of Rule
+            properties:
+              validation:
+                description: Validation defines the validation state of Rule
+                properties:
+                  valid:
+                    type: boolean
+                  validationError:
+                    type: string
+                type: object
+            type: object
+        type: object
     served: true
     storage: true
 status:

controllers/rule_controller.go

@@ -52,9 +52,8 @@ type RuleReconciler struct {
 // +kubebuilder:rbac:groups="",resources=configmaps,verbs=get;list;watch;create;update;patch;delete
 
 // Reconcile main reconcile loop
-func (r *RuleReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) {
+func (r *RuleReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
 
-	ctx := context.Background()
 	_ = r.Log.WithValues("rule", req.NamespacedName)
 
 	var rule oathkeeperv1alpha1.Rule

go.mod

@@ -1,18 +1,18 @@
 module github.com/ory/oathkeeper-maester
 
-go 1.12
+go 1.15
 
 require (
 	github.com/avast/retry-go v2.4.1+incompatible
 	github.com/bitly/go-simplejson v0.5.0
 	github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869 // indirect
-	github.com/go-logr/logr v0.1.0
-	github.com/onsi/ginkgo v1.16.1
-	github.com/onsi/gomega v1.10.1
-	github.com/stretchr/testify v1.5.1
-	k8s.io/api v0.17.8
-	k8s.io/apimachinery v0.17.8
-	k8s.io/client-go v0.17.8
-	sigs.k8s.io/controller-runtime v0.5.8
-	sigs.k8s.io/kind v0.7.0 // indirect
+	github.com/go-logr/logr v0.4.0
+	github.com/onsi/ginkgo v1.16.2
+	github.com/onsi/gomega v1.10.2
+	github.com/stretchr/testify v1.6.1
+	k8s.io/api v0.20.2
+	k8s.io/apimachinery v0.20.2
+	k8s.io/client-go v0.20.2
+	sigs.k8s.io/controller-runtime v0.8.3
+	sigs.k8s.io/kind v0.10.0 // indirect
 )