refactor: move kyverno constants out of v1 package (#7760)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

api/kyverno/constants.go

@@ -1,4 +1,4 @@
-package v1
+package kyverno
 
 const (
 	// PodControllersAnnotation defines the annotation key for Pod-Controllers

api/kyverno/v1/clusterpolicy_test.go

@@ -3,6 +3,7 @@ package v1
 import (
 	"testing"
 
+	"github.com/kyverno/kyverno/api/kyverno"
 	"gotest.tools/assert"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/util/validation/field"
@@ -44,7 +45,7 @@ func Test_ClusterPolicy_Autogen_All(t *testing.T) {
 		ObjectMeta: metav1.ObjectMeta{
 			Name: "policy",
 			Annotations: map[string]string{
-				PodControllersAnnotation: "all",
+				kyverno.PodControllersAnnotation: "all",
 			},
 		},
 	}

api/kyverno/v1/clusterpolicy_types.go

@@ -3,6 +3,7 @@ package v1
 import (
 	"strings"
 
+	"github.com/kyverno/kyverno/api/kyverno"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/util/sets"
 	"k8s.io/apimachinery/pkg/util/validation/field"
@@ -43,7 +44,7 @@ type ClusterPolicy struct {
 // HasAutoGenAnnotation checks if a policy has auto-gen annotation
 func (p *ClusterPolicy) HasAutoGenAnnotation() bool {
 	annotations := p.GetAnnotations()
-	val, ok := annotations[PodControllersAnnotation]
+	val, ok := annotations[kyverno.PodControllersAnnotation]
 	if ok && strings.ToLower(val) != "none" {
 		return true
 	}

api/kyverno/v1/policy_test.go

@@ -3,6 +3,7 @@ package v1
 import (
 	"testing"
 
+	"github.com/kyverno/kyverno/api/kyverno"
 	"gotest.tools/assert"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/util/validation/field"
@@ -44,7 +45,7 @@ func Test_Policy_Autogen_All(t *testing.T) {
 			Name:      "policy",
 			Namespace: "abcd",
 			Annotations: map[string]string{
-				PodControllersAnnotation: "all",
+				kyverno.PodControllersAnnotation: "all",
 			},
 		},
 	}

api/kyverno/v1/policy_types.go

@@ -3,6 +3,7 @@ package v1
 import (
 	"strings"
 
+	"github.com/kyverno/kyverno/api/kyverno"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/util/sets"
 	"k8s.io/apimachinery/pkg/util/validation/field"
@@ -44,7 +45,7 @@ type Policy struct {
 // HasAutoGenAnnotation checks if a policy has auto-gen annotation
 func (p *Policy) HasAutoGenAnnotation() bool {
 	annotations := p.GetAnnotations()
-	val, ok := annotations[PodControllersAnnotation]
+	val, ok := annotations[kyverno.PodControllersAnnotation]
 	if ok && strings.ToLower(val) != "none" {
 		return true
 	}

api/kyverno/v1/utils.go

@@ -1,6 +1,7 @@
 package v1
 
 import (
+	"github.com/kyverno/kyverno/api/kyverno"
 	log "github.com/kyverno/kyverno/pkg/logging"
 	"k8s.io/apiextensions-apiserver/pkg/apis/apiextensions"
 	apiextv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
@@ -28,7 +29,7 @@ func ToJSON(in apiextensions.JSON) *apiextv1.JSON {
 
 // ValidatePolicyName validates policy name
 func ValidateAutogenAnnotation(path *field.Path, annotations map[string]string) (errs field.ErrorList) {
-	value, ok := annotations[PodControllersAnnotation]
+	value, ok := annotations[kyverno.PodControllersAnnotation]
 	if ok {
 		if value == "all" {
 			errs = append(errs, field.Forbidden(path, "Autogen annotation does not support 'all' anymore, remove the annotation or set it to a valid value"))

api/kyverno/v2beta1/clusterpolicy_test.go

@@ -3,7 +3,7 @@ package v2beta1
 import (
 	"testing"
 
-	kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
+	"github.com/kyverno/kyverno/api/kyverno"
 	"gotest.tools/assert"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/util/validation/field"
@@ -45,7 +45,7 @@ func Test_ClusterPolicy_Autogen_All(t *testing.T) {
 		ObjectMeta: metav1.ObjectMeta{
 			Name: "policy",
 			Annotations: map[string]string{
-				kyvernov1.PodControllersAnnotation: "all",
+				kyverno.PodControllersAnnotation: "all",
 			},
 		},
 	}

api/kyverno/v2beta1/clusterpolicy_types.go

@@ -3,6 +3,7 @@ package v2beta1
 import (
 	"strings"
 
+	"github.com/kyverno/kyverno/api/kyverno"
 	kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/util/sets"
@@ -43,7 +44,7 @@ type ClusterPolicy struct {
 // HasAutoGenAnnotation checks if a policy has auto-gen annotation
 func (p *ClusterPolicy) HasAutoGenAnnotation() bool {
 	annotations := p.GetAnnotations()
-	val, ok := annotations[kyvernov1.PodControllersAnnotation]
+	val, ok := annotations[kyverno.PodControllersAnnotation]
 	if ok && strings.ToLower(val) != "none" {
 		return true
 	}

api/kyverno/v2beta1/policy_test.go

@@ -3,7 +3,7 @@ package v2beta1
 import (
 	"testing"
 
-	kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
+	"github.com/kyverno/kyverno/api/kyverno"
 	"gotest.tools/assert"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/util/validation/field"
@@ -45,7 +45,7 @@ func Test_Policy_Autogen_All(t *testing.T) {
 			Name:      "policy",
 			Namespace: "abcd",
 			Annotations: map[string]string{
-				kyvernov1.PodControllersAnnotation: "all",
+				kyverno.PodControllersAnnotation: "all",
 			},
 		},
 	}

api/kyverno/v2beta1/policy_types.go

@@ -3,6 +3,7 @@ package v2beta1
 import (
 	"strings"
 
+	"github.com/kyverno/kyverno/api/kyverno"
 	kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/util/sets"
@@ -43,7 +44,7 @@ type Policy struct {
 // HasAutoGenAnnotation checks if a policy has auto-gen annotation
 func (p *Policy) HasAutoGenAnnotation() bool {
 	annotations := p.GetAnnotations()
-	val, ok := annotations[kyvernov1.PodControllersAnnotation]
+	val, ok := annotations[kyverno.PodControllersAnnotation]
 	if ok && strings.ToLower(val) != "none" {
 		return true
 	}

cmd/cli/kubectl-kyverno/apply/apply_command.go

@@ -11,6 +11,7 @@ import (
 	"time"
 
 	"github.com/go-git/go-billy/v5/memfs"
+	"github.com/kyverno/kyverno/api/kyverno"
 	kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
 	"github.com/kyverno/kyverno/api/kyverno/v1beta1"
 	"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/utils/common"
@@ -406,7 +407,7 @@ func (c *ApplyCommandConfig) applyCommandHelper() (*common.ResultCounts, []*unst
 										rc.Pass++
 									case engineapi.RuleStatusFail:
 										ann := policy.GetAnnotations()
-										if scored, ok := ann[kyvernov1.AnnotationPolicyScored]; ok && scored == "false" {
+										if scored, ok := ann[kyverno.AnnotationPolicyScored]; ok && scored == "false" {
 											rc.Warn++
 											break
 										} else if applyPolicyConfig.AuditWarn && response.GetValidationFailureAction().Audit() {

cmd/cli/kubectl-kyverno/apply/report.go

@@ -5,7 +5,7 @@ import (
 	"strings"
 	"time"
 
-	kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
+	"github.com/kyverno/kyverno/api/kyverno"
 	policyreportv1alpha2 "github.com/kyverno/kyverno/api/policyreport/v1alpha2"
 	engineapi "github.com/kyverno/kyverno/pkg/engine/api"
 	reportutils "github.com/kyverno/kyverno/pkg/utils/report"
@@ -108,7 +108,7 @@ func buildPolicyResults(auditWarn bool, engineResponses ...engineapi.EngineRespo
 			} else if ruleResponse.Status() == engineapi.RuleStatusPass {
 				result.Result = policyreportv1alpha2.StatusPass
 			} else if ruleResponse.Status() == engineapi.RuleStatusFail {
-				if scored, ok := ann[kyvernov1.AnnotationPolicyScored]; ok && scored == "false" {
+				if scored, ok := ann[kyverno.AnnotationPolicyScored]; ok && scored == "false" {
 					result.Result = policyreportv1alpha2.StatusWarn
 				} else if auditWarn && engineResponse.GetValidationFailureAction().Audit() {
 					result.Result = policyreportv1alpha2.StatusWarn
@@ -123,7 +123,7 @@ func buildPolicyResults(auditWarn bool, engineResponses ...engineapi.EngineRespo
 				result.Rule = ruleResponse.Name()
 			}
 			result.Message = ruleResponse.Message()
-			result.Source = kyvernov1.ValueKyvernoApp
+			result.Source = kyverno.ValueKyvernoApp
 			result.Timestamp = now
 			results[appname] = append(results[appname], result)
 		}

cmd/cli/kubectl-kyverno/test/test.go

@@ -9,6 +9,7 @@ import (
 	"strings"
 
 	"github.com/go-git/go-billy/v5"
+	"github.com/kyverno/kyverno/api/kyverno"
 	kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
 	"github.com/kyverno/kyverno/api/kyverno/v1beta1"
 	policyreportv1alpha2 "github.com/kyverno/kyverno/api/policyreport/v1alpha2"
@@ -559,7 +560,7 @@ func buildPolicyResults(
 					} else if rule.Status() == engineapi.RuleStatusPass {
 						result.Result = policyreportv1alpha2.StatusPass
 					} else if rule.Status() == engineapi.RuleStatusFail {
-						if scored, ok := ann[kyvernov1.AnnotationPolicyScored]; ok && scored == "false" {
+						if scored, ok := ann[kyverno.AnnotationPolicyScored]; ok && scored == "false" {
 							result.Result = policyreportv1alpha2.StatusWarn
 						} else if auditWarn && resp.GetValidationFailureAction().Audit() {
 							result.Result = policyreportv1alpha2.StatusWarn

cmd/cli/kubectl-kyverno/utils/common/common.go

@@ -12,6 +12,7 @@ import (
 	"strings"
 
 	"github.com/go-git/go-billy/v5"
+	"github.com/kyverno/kyverno/api/kyverno"
 	kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
 	kyvernov1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1"
 	sanitizederror "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/utils/sanitizedError"
@@ -333,7 +334,7 @@ func ProcessValidateEngineResponse(policy kyvernov1.PolicyInterface, validateRes
 				case engineapi.RuleStatusFail:
 					auditWarning := false
 					ann := policy.GetAnnotations()
-					if scored, ok := ann[kyvernov1.AnnotationPolicyScored]; ok && scored == "false" {
+					if scored, ok := ann[kyverno.AnnotationPolicyScored]; ok && scored == "false" {
 						rc.Warn++
 						break
 					} else if auditWarn && validateResponse.GetValidationFailureAction().Audit() {

pkg/autogen/autogen.go

@@ -4,6 +4,7 @@ import (
 	"encoding/json"
 	"strings"
 
+	"github.com/kyverno/kyverno/api/kyverno"
 	kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
 	kubeutils "github.com/kyverno/kyverno/pkg/utils/kube"
 	"golang.org/x/exp/slices"
@@ -126,7 +127,7 @@ func GetRequestedControllers(meta *metav1.ObjectMeta) []string {
 	if annotations == nil {
 		return nil
 	}
-	controllers, ok := annotations[kyvernov1.PodControllersAnnotation]
+	controllers, ok := annotations[kyverno.PodControllersAnnotation]
 	if !ok || controllers == "" {
 		return nil
 	}
@@ -241,7 +242,7 @@ func computeRules(p kyvernov1.PolicyInterface) []kyvernov1.Rule {
 		desiredControllers = "none"
 	}
 	ann := p.GetAnnotations()
-	actualControllers, ok := ann[kyvernov1.PodControllersAnnotation]
+	actualControllers, ok := ann[kyverno.PodControllersAnnotation]
 	if !ok || !applyAutoGen {
 		actualControllers = desiredControllers
 	} else {

pkg/autogen/autogen_test.go

@@ -7,7 +7,8 @@ import (
 	"strings"
 	"testing"
 
-	kyverno "github.com/kyverno/kyverno/api/kyverno/v1"
+	"github.com/kyverno/kyverno/api/kyverno"
+	kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
 	yamlutils "github.com/kyverno/kyverno/pkg/utils/yaml"
 	"gotest.tools/assert"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -143,7 +144,7 @@ func Test_CanAutoGen(t *testing.T) {
 
 	for _, test := range testCases {
 		t.Run(test.name, func(t *testing.T) {
-			var policy kyverno.ClusterPolicy
+			var policy kyvernov1.ClusterPolicy
 			err := json.Unmarshal(test.policy, &policy)
 			assert.NilError(t, err)
 
@@ -246,7 +247,7 @@ func Test_GetSupportedControllers(t *testing.T) {
 
 	for _, test := range testCases {
 		t.Run(test.name, func(t *testing.T) {
-			var policy kyverno.ClusterPolicy
+			var policy kyvernov1.ClusterPolicy
 			err := json.Unmarshal(test.policy, &policy)
 			assert.NilError(t, err)
 
@@ -354,7 +355,7 @@ func Test_ComputeRules(t *testing.T) {
 	testCases := []struct {
 		name          string
 		policy        string
-		expectedRules []kyverno.Rule
+		expectedRules []kyvernov1.Rule
 	}{
 		{
 			name: "rule-with-match-name",
@@ -404,19 +405,19 @@ spec:
                 FlDw3fzPhtberBblY4Y9u525ev999SogMBTXoSkfajRR2ol10xUxY60kVbqoEUln
                 kA==
                 -----END CERTIFICATE-----`,
-			expectedRules: []kyverno.Rule{{
+			expectedRules: []kyvernov1.Rule{{
 				Name: "check-image",
-				MatchResources: kyverno.MatchResources{
+				MatchResources: kyvernov1.MatchResources{
-					ResourceDescription: kyverno.ResourceDescription{
+					ResourceDescription: kyvernov1.ResourceDescription{
 						Kinds: []string{"Pod"},
 					},
 				},
-				VerifyImages: []kyverno.ImageVerification{{
+				VerifyImages: []kyvernov1.ImageVerification{{
 					ImageReferences: []string{"*"},
-					Attestors: []kyverno.AttestorSet{{
+					Attestors: []kyvernov1.AttestorSet{{
 						Count: intPtr(1),
-						Entries: []kyverno.Attestor{{
+						Entries: []kyvernov1.Attestor{{
-							Keyless: &kyverno.KeylessAttestor{
+							Keyless: &kyvernov1.KeylessAttestor{
 								Roots: `-----BEGIN CERTIFICATE-----
 MIIDjTCCAnWgAwIBAgIQb8yUrbw3aYZAubIjOJkFBjANBgkqhkiG9w0BAQsFADBZ
 MRMwEQYKCZImiZPyLGQBGRYDY29tMRowGAYKCZImiZPyLGQBGRYKdmVuYWZpZGVt
@@ -445,17 +446,17 @@ kA==
 				}},
 			}, {
 				Name: "autogen-check-image",
-				MatchResources: kyverno.MatchResources{
+				MatchResources: kyvernov1.MatchResources{
-					ResourceDescription: kyverno.ResourceDescription{
+					ResourceDescription: kyvernov1.ResourceDescription{
 						Kinds: []string{"DaemonSet", "Deployment", "Job", "StatefulSet", "ReplicaSet", "ReplicationController"},
 					},
 				},
-				VerifyImages: []kyverno.ImageVerification{{
+				VerifyImages: []kyvernov1.ImageVerification{{
 					ImageReferences: []string{"*"},
-					Attestors: []kyverno.AttestorSet{{
+					Attestors: []kyvernov1.AttestorSet{{
 						Count: intPtr(1),
-						Entries: []kyverno.Attestor{{
+						Entries: []kyvernov1.Attestor{{
-							Keyless: &kyverno.KeylessAttestor{
+							Keyless: &kyvernov1.KeylessAttestor{
 								Roots: `-----BEGIN CERTIFICATE-----
 MIIDjTCCAnWgAwIBAgIQb8yUrbw3aYZAubIjOJkFBjANBgkqhkiG9w0BAQsFADBZ
 MRMwEQYKCZImiZPyLGQBGRYDY29tMRowGAYKCZImiZPyLGQBGRYKdmVuYWZpZGVt
@@ -484,17 +485,17 @@ kA==
 				}},
 			}, {
 				Name: "autogen-cronjob-check-image",
-				MatchResources: kyverno.MatchResources{
+				MatchResources: kyvernov1.MatchResources{
-					ResourceDescription: kyverno.ResourceDescription{
+					ResourceDescription: kyvernov1.ResourceDescription{
 						Kinds: []string{"CronJob"},
 					},
 				},
-				VerifyImages: []kyverno.ImageVerification{{
+				VerifyImages: []kyvernov1.ImageVerification{{
 					ImageReferences: []string{"*"},
-					Attestors: []kyverno.AttestorSet{{
+					Attestors: []kyvernov1.AttestorSet{{
 						Count: intPtr(1),
-						Entries: []kyverno.Attestor{{
+						Entries: []kyvernov1.Attestor{{
-							Keyless: &kyverno.KeylessAttestor{
+							Keyless: &kyvernov1.KeylessAttestor{
 								Roots: `-----BEGIN CERTIFICATE-----
 MIIDjTCCAnWgAwIBAgIQb8yUrbw3aYZAubIjOJkFBjANBgkqhkiG9w0BAQsFADBZ
 MRMwEQYKCZImiZPyLGQBGRYDY29tMRowGAYKCZImiZPyLGQBGRYKdmVuYWZpZGVt

pkg/background/common/labels.go

@@ -5,6 +5,7 @@ import (
 	"reflect"
 	"strings"
 
+	"github.com/kyverno/kyverno/api/kyverno"
 	kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
 	kyvernov1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1"
 	"github.com/kyverno/kyverno/pkg/logging"
@@ -67,8 +68,8 @@ func GenerateLabelsSet(policyKey string, trigger Object) pkglabels.Set {
 
 func managedBy(labels map[string]string) {
 	// ManagedBy label
-	key := kyvernov1.LabelAppManagedBy
+	key := kyverno.LabelAppManagedBy
-	value := kyvernov1.ValueKyvernoApp
+	value := kyverno.ValueKyvernoApp
 	val, ok := labels[key]
 	if ok {
 		if val != value {

pkg/background/generate/cleanup.go

@@ -4,6 +4,7 @@ import (
 	"context"
 	"fmt"
 
+	"github.com/kyverno/kyverno/api/kyverno"
 	kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
 	kyvernov1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1"
 	"github.com/kyverno/kyverno/pkg/background/common"
@@ -61,7 +62,7 @@ func (c *GenerateController) handleNonPolicyChanges(policy kyvernov1.PolicyInter
 			common.GeneratePolicyLabel:          policy.GetName(),
 			common.GeneratePolicyNamespaceLabel: policy.GetNamespace(),
 			common.GenerateRuleLabel:            rule.Name,
-			kyvernov1.LabelAppManagedBy:         kyvernov1.ValueKyvernoApp,
+			kyverno.LabelAppManagedBy:           kyverno.ValueKyvernoApp,
 		}
 
 		downstreams, err := c.getDownstreams(rule, labels, ur)

pkg/controllers/generic/webhook/controller.go

@@ -6,7 +6,7 @@ import (
 	"time"
 
 	"github.com/go-logr/logr"
-	kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
+	"github.com/kyverno/kyverno/api/kyverno"
 	"github.com/kyverno/kyverno/pkg/config"
 	"github.com/kyverno/kyverno/pkg/controllers"
 	"github.com/kyverno/kyverno/pkg/logging"
@@ -156,7 +156,7 @@ func objectMeta(name string, annotations map[string]string, owner ...metav1.Owne
 	return metav1.ObjectMeta{
 		Name: name,
 		Labels: map[string]string{
-			utils.ManagedByLabel: kyvernov1.ValueKyvernoApp,
+			utils.ManagedByLabel: kyverno.ValueKyvernoApp,
 		},
 		Annotations:     annotations,
 		OwnerReferences: owner,

pkg/controllers/webhook/controller.go

@@ -8,6 +8,7 @@ import (
 	"time"
 
 	"github.com/go-logr/logr"
+	"github.com/kyverno/kyverno/api/kyverno"
 	kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
 	"github.com/kyverno/kyverno/pkg/autogen"
 	"github.com/kyverno/kyverno/pkg/client/clientset/versioned"
@@ -211,7 +212,7 @@ func (c *controller) watchdog(ctx context.Context, logger logr.Logger) {
 							Name:      "kyverno-health",
 							Namespace: config.KyvernoNamespace(),
 							Labels: map[string]string{
-								"app.kubernetes.io/name": kyvernov1.ValueKyvernoApp,
+								"app.kubernetes.io/name": kyverno.ValueKyvernoApp,
 							},
 							Annotations: map[string]string{
 								AnnotationLastRequestTime: time.Now().Format(time.RFC3339),
@@ -227,7 +228,7 @@ func (c *controller) watchdog(ctx context.Context, logger logr.Logger) {
 			} else {
 				lease := lease.DeepCopy()
 				lease.Labels = map[string]string{
-					"app.kubernetes.io/name": kyvernov1.ValueKyvernoApp,
+					"app.kubernetes.io/name": kyverno.ValueKyvernoApp,
 				}
 				_, err = c.leaseClient.Update(ctx, lease, metav1.UpdateOptions{})
 				if err != nil {
@@ -515,7 +516,7 @@ func (c *controller) buildVerifyMutatingWebhookConfiguration(_ context.Context,
 				AdmissionReviewVersions: []string{"v1"},
 				ObjectSelector: &metav1.LabelSelector{
 					MatchLabels: map[string]string{
-						"app.kubernetes.io/name": kyvernov1.ValueKyvernoApp,
+						"app.kubernetes.io/name": kyverno.ValueKyvernoApp,
 					},
 				},
 			}},

pkg/controllers/webhook/utils.go

@@ -3,6 +3,7 @@ package webhook
 import (
 	"strings"
 
+	"github.com/kyverno/kyverno/api/kyverno"
 	kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
 	"github.com/kyverno/kyverno/pkg/utils"
 	"golang.org/x/exp/slices"
@@ -88,7 +89,7 @@ func objectMeta(name string, annotations map[string]string, owner ...metav1.Owne
 	return metav1.ObjectMeta{
 		Name: name,
 		Labels: map[string]string{
-			utils.ManagedByLabel: kyvernov1.ValueKyvernoApp,
+			utils.ManagedByLabel: kyverno.ValueKyvernoApp,
 		},
 		Annotations:     annotations,
 		OwnerReferences: owner,

pkg/policy/generate.go

@@ -4,6 +4,7 @@ import (
 	"context"
 	"fmt"
 
+	"github.com/kyverno/kyverno/api/kyverno"
 	kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
 	kyvernov1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1"
 	"github.com/kyverno/kyverno/pkg/autogen"
@@ -97,7 +98,7 @@ func (pc *policyController) syncDataRulechanges(policy kyvernov1.PolicyInterface
 		common.GeneratePolicyLabel:          policy.GetName(),
 		common.GeneratePolicyNamespaceLabel: policy.GetNamespace(),
 		common.GenerateRuleLabel:            rule.Name,
-		kyvernov1.LabelAppManagedBy:         kyvernov1.ValueKyvernoApp,
+		kyverno.LabelAppManagedBy:           kyverno.ValueKyvernoApp,
 	}
 
 	downstreams, err := generateutils.FindDownstream(pc.client, rule.Generation.GetAPIVersion(), rule.Generation.GetKind(), labels)

pkg/tls/renewer.go

@@ -7,7 +7,7 @@ import (
 	"fmt"
 	"time"
 
-	kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
+	"github.com/kyverno/kyverno/api/kyverno"
 	"github.com/kyverno/kyverno/pkg/config"
 	controllerutils "github.com/kyverno/kyverno/pkg/utils/controller"
 	corev1 "k8s.io/api/core/v1"
@@ -228,7 +228,7 @@ func (c *certRenewer) writeSecret(ctx context.Context, name string, key *rsa.Pri
 				Name:      name,
 				Namespace: config.KyvernoNamespace(),
 				Labels: map[string]string{
-					managedByLabel: kyvernov1.ValueKyvernoApp,
+					managedByLabel: kyverno.ValueKyvernoApp,
 				},
 			},
 			Type: corev1.SecretTypeTLS,

pkg/tls/utils.go

@@ -6,7 +6,7 @@ import (
 	"encoding/pem"
 	"time"
 
-	kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
+	"github.com/kyverno/kyverno/api/kyverno"
 	"github.com/kyverno/kyverno/pkg/config"
 	corev1 "k8s.io/api/core/v1"
 )
@@ -89,7 +89,7 @@ func isSecretManagedByKyverno(secret *corev1.Secret) bool {
 		if labels == nil {
 			return false
 		}
-		if labels[managedByLabel] != kyvernov1.ValueKyvernoApp {
+		if labels[managedByLabel] != kyverno.ValueKyvernoApp {
 			return false
 		}
 	}

pkg/utils/controller/metadata.go

@@ -1,7 +1,7 @@
 package controller
 
 import (
-	kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
+	"github.com/kyverno/kyverno/api/kyverno"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
 )
@@ -33,11 +33,11 @@ func GetLabel(obj metav1.Object, key string) string {
 }
 
 func SetManagedByKyvernoLabel(obj metav1.Object) {
-	SetLabel(obj, kyvernov1.LabelAppManagedBy, kyvernov1.ValueKyvernoApp)
+	SetLabel(obj, kyverno.LabelAppManagedBy, kyverno.ValueKyvernoApp)
 }
 
 func IsManagedByKyverno(obj metav1.Object) bool {
-	return CheckLabel(obj, kyvernov1.LabelAppManagedBy, kyvernov1.ValueKyvernoApp)
+	return CheckLabel(obj, kyverno.LabelAppManagedBy, kyverno.ValueKyvernoApp)
 }
 
 func HasLabel(obj metav1.Object, key string) bool {

pkg/utils/controller/selector.go

@@ -1,14 +1,14 @@
 package controller
 
 import (
-	kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
+	"github.com/kyverno/kyverno/api/kyverno"
 	"k8s.io/apimachinery/pkg/labels"
 	"k8s.io/apimachinery/pkg/selection"
 )
 
 func SelectorNotManagedByKyverno() (labels.Selector, error) {
 	selector := labels.Everything()
-	requirement, err := labels.NewRequirement(kyvernov1.LabelAppManagedBy, selection.NotEquals, []string{kyvernov1.ValueKyvernoApp})
+	requirement, err := labels.NewRequirement(kyverno.LabelAppManagedBy, selection.NotEquals, []string{kyverno.ValueKyvernoApp})
 	if err == nil {
 		selector = selector.Add(*requirement)
 	}

pkg/utils/report/labels.go

@@ -7,6 +7,7 @@ import (
 	"fmt"
 	"strings"
 
+	"github.com/kyverno/kyverno/api/kyverno"
 	kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
 	kyvernov1alpha2 "github.com/kyverno/kyverno/api/kyverno/v1alpha2"
 	controllerutils "github.com/kyverno/kyverno/pkg/utils/controller"
@@ -77,7 +78,7 @@ func CleanupKyvernoLabels(obj metav1.Object) {
 }
 
 func SetManagedByKyvernoLabel(obj metav1.Object) {
-	controllerutils.SetLabel(obj, kyvernov1.LabelAppManagedBy, kyvernov1.ValueKyvernoApp)
+	controllerutils.SetLabel(obj, kyverno.LabelAppManagedBy, kyverno.ValueKyvernoApp)
 }
 
 func SetResourceUid(report kyvernov1alpha2.ReportInterface, uid types.UID) {

pkg/utils/report/results.go

@@ -6,7 +6,7 @@ import (
 	"time"
 
 	"github.com/go-logr/logr"
-	kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
+	"github.com/kyverno/kyverno/api/kyverno"
 	kyvernov1alpha2 "github.com/kyverno/kyverno/api/kyverno/v1alpha2"
 	policyreportv1alpha2 "github.com/kyverno/kyverno/api/policyreport/v1alpha2"
 	engineapi "github.com/kyverno/kyverno/pkg/engine/api"
@@ -87,17 +87,17 @@ func EngineResponseToReportResults(response engineapi.EngineResponse) []policyre
 	for _, ruleResult := range response.PolicyResponse.Rules {
 		annotations := response.Policy().GetAnnotations()
 		result := policyreportv1alpha2.PolicyReportResult{
-			Source:  kyvernov1.ValueKyvernoApp,
+			Source:  kyverno.ValueKyvernoApp,
 			Policy:  key,
 			Rule:    ruleResult.Name(),
 			Message: ruleResult.Message(),
 			Result:  toPolicyResult(ruleResult.Status()),
-			Scored:  annotations[kyvernov1.AnnotationPolicyScored] != "false",
+			Scored:  annotations[kyverno.AnnotationPolicyScored] != "false",
 			Timestamp: metav1.Timestamp{
 				Seconds: time.Now().Unix(),
 			},
-			Category: annotations[kyvernov1.AnnotationPolicyCategory],
+			Category: annotations[kyverno.AnnotationPolicyCategory],
-			Severity: severityFromString(annotations[kyvernov1.AnnotationPolicySeverity]),
+			Severity: severityFromString(annotations[kyverno.AnnotationPolicySeverity]),
 		}
 		pss := ruleResult.PodSecurityChecks()
 		if pss != nil {

pkg/validation/policy/validate.go

@@ -14,6 +14,7 @@ import (
 	jsonpatch "github.com/evanphx/json-patch/v5"
 	"github.com/jmespath/go-jmespath"
 	"github.com/jmoiron/jsonq"
+	"github.com/kyverno/kyverno/api/kyverno"
 	kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
 	"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/utils/common"
 	"github.com/kyverno/kyverno/pkg/autogen"
@@ -1124,7 +1125,7 @@ func jsonPatchOnPod(rule kyvernov1.Rule) bool {
 
 func podControllerAutoGenExclusion(policy kyvernov1.PolicyInterface) bool {
 	annotations := policy.GetAnnotations()
-	val, ok := annotations[kyvernov1.PodControllersAnnotation]
+	val, ok := annotations[kyverno.PodControllersAnnotation]
 	if !ok || val == "none" {
 		return false
 	}

pkg/webhooks/handlers/protect.go

@@ -8,7 +8,7 @@ import (
 	"time"
 
 	"github.com/go-logr/logr"
-	kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
+	"github.com/kyverno/kyverno/api/kyverno"
 	"github.com/kyverno/kyverno/pkg/config"
 	admissionutils "github.com/kyverno/kyverno/pkg/utils/admission"
 	admissionv1 "k8s.io/api/admission/v1"
@@ -39,7 +39,7 @@ func (inner AdmissionHandler) withProtection() AdmissionHandler {
 		}
 		for _, resource := range []unstructured.Unstructured{newResource, oldResource} {
 			resLabels := resource.GetLabels()
-			if resLabels[kyvernov1.LabelAppManagedBy] == kyvernov1.ValueKyvernoApp {
+			if resLabels[kyverno.LabelAppManagedBy] == kyverno.ValueKyvernoApp {
 				if !strings.HasPrefix(request.UserInfo.Username, kyvernoUsernamePrefix) {
 					logger.V(2).Info("access to the resource not authorized, this is a kyverno managed resource and should be altered only by kyverno")
 					return admissionutils.Response(request.UID, errors.New("A kyverno managed resource can only be modified by kyverno"))

pkg/webhooks/resource/generation/handler.go

@@ -5,6 +5,7 @@ import (
 	"fmt"
 
 	"github.com/go-logr/logr"
+	"github.com/kyverno/kyverno/api/kyverno"
 	kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
 	kyvernov1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1"
 	"github.com/kyverno/kyverno/pkg/background/common"
@@ -237,7 +238,7 @@ func (h *generationHandler) processRequest(ctx context.Context, policyContext *e
 	new := policyContext.NewResource()
 	old := policyContext.OldResource()
 	labels := old.GetLabels()
-	managedBy := labels[kyvernov1.LabelAppManagedBy] == kyvernov1.ValueKyvernoApp
+	managedBy := labels[kyverno.LabelAppManagedBy] == kyverno.ValueKyvernoApp
 
 	// clone source changes
 	if !managedBy {