From b7c8368569b7cef0d6d790d60d8f81ad2ed5be4e Mon Sep 17 00:00:00 2001 From: Kumar Mallikarjuna Date: Tue, 5 Oct 2021 00:27:39 +0530 Subject: [PATCH] Adding deprecation warning for any and all (Rebased) (#2466) * added deprecation warning for any and all Signed-off-by: RinkiyaKeDad * Updated schemas Signed-off-by: Kumar Mallikarjuna Co-authored-by: RinkiyaKeDad --- charts/kyverno/templates/crds.yaml | 25 +++++++++-------- .../crds/kyverno.io_clusterpolicies.yaml | 8 ++++-- .../crds/kyverno.io_generaterequests.yaml | 19 +++++++------ definitions/crds/kyverno.io_policies.yaml | 8 ++++-- definitions/install.yaml | 27 ++++++++++++++----- definitions/install_debug.yaml | 27 ++++++++++++++----- pkg/api/kyverno/v1/policy_types.go | 8 ++++++ 7 files changed, 81 insertions(+), 41 deletions(-) diff --git a/charts/kyverno/templates/crds.yaml b/charts/kyverno/templates/crds.yaml index b9dde26939..bb94092d21 100644 --- a/charts/kyverno/templates/crds.yaml +++ b/charts/kyverno/templates/crds.yaml @@ -4,6 +4,7 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.4.0 config.kubernetes.io/index: '1' + internal.config.kubernetes.io/index: '1' creationTimestamp: null labels: app.kubernetes.io/component: kyverno @@ -575,8 +576,7 @@ spec: type: string type: array resources: - description: ResourceDescription contains information about - the resource being created or modified. + description: ResourceDescription contains information about the resource being created or modified. Specifying ResourceDescription directly under exclude is being deprecated. Please specify under "any" or "all" instead. properties: annotations: additionalProperties: @@ -1248,9 +1248,7 @@ spec: type: string type: array resources: - description: ResourceDescription contains information about - the resource being created or modified. Requires at least - one tag to be specified when under MatchResources. + description: ResourceDescription contains information about the resource being created or modified. Requires at least one tag to be specified when under MatchResources. Specifying ResourceDescription directly under match is being deprecated. Please specify under "any" or "all" instead. properties: annotations: additionalProperties: @@ -1748,6 +1746,7 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.4.0 config.kubernetes.io/index: '2' + internal.config.kubernetes.io/index: '2' creationTimestamp: null labels: app.kubernetes.io/component: kyverno @@ -2430,6 +2429,7 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.4.0 config.kubernetes.io/index: '3' + internal.config.kubernetes.io/index: '3' creationTimestamp: null labels: app.kubernetes.io/component: kyverno @@ -3112,6 +3112,7 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.4.0 config.kubernetes.io/index: '4' + internal.config.kubernetes.io/index: '4' creationTimestamp: null labels: app.kubernetes.io/component: kyverno @@ -3175,13 +3176,11 @@ spec: description: Context ... properties: admissionRequestInfo: - description: Adding required request information to GR properties: admissionRequest: - description: Adding Admission Request to GR. type: string operation: - description: Current request operation + description: Operation is the type of resource operation being checked for admission control type: string type: object userInfo: @@ -3310,6 +3309,7 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.4.0 config.kubernetes.io/index: '5' + internal.config.kubernetes.io/index: '5' creationTimestamp: null labels: app.kubernetes.io/component: kyverno @@ -3882,8 +3882,7 @@ spec: type: string type: array resources: - description: ResourceDescription contains information about - the resource being created or modified. + description: ResourceDescription contains information about the resource being created or modified. Specifying ResourceDescription directly under exclude is being deprecated. Please specify under "any" or "all" instead. properties: annotations: additionalProperties: @@ -4555,9 +4554,7 @@ spec: type: string type: array resources: - description: ResourceDescription contains information about - the resource being created or modified. Requires at least - one tag to be specified when under MatchResources. + description: ResourceDescription contains information about the resource being created or modified. Requires at least one tag to be specified when under MatchResources. Specifying ResourceDescription directly under match is being deprecated. Please specify under "any" or "all" instead. properties: annotations: additionalProperties: @@ -5056,6 +5053,7 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.4.0 config.kubernetes.io/index: '6' + internal.config.kubernetes.io/index: '6' creationTimestamp: null labels: app.kubernetes.io/component: kyverno @@ -5736,6 +5734,7 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.4.0 config.kubernetes.io/index: '7' + internal.config.kubernetes.io/index: '7' creationTimestamp: null labels: app.kubernetes.io/component: kyverno diff --git a/definitions/crds/kyverno.io_clusterpolicies.yaml b/definitions/crds/kyverno.io_clusterpolicies.yaml index 27fb8fe9b8..f9d775ad59 100644 --- a/definitions/crds/kyverno.io_clusterpolicies.yaml +++ b/definitions/crds/kyverno.io_clusterpolicies.yaml @@ -570,7 +570,9 @@ spec: type: array resources: description: ResourceDescription contains information about - the resource being created or modified. + the resource being created or modified. Specifying ResourceDescription + directly under exclude is being deprecated. Please specify + under "any" or "all" instead. properties: annotations: additionalProperties: @@ -1244,7 +1246,9 @@ spec: resources: description: ResourceDescription contains information about the resource being created or modified. Requires at least - one tag to be specified when under MatchResources. + one tag to be specified when under MatchResources. Specifying + ResourceDescription directly under match is being deprecated. + Please specify under "any" or "all" instead. properties: annotations: additionalProperties: diff --git a/definitions/crds/kyverno.io_generaterequests.yaml b/definitions/crds/kyverno.io_generaterequests.yaml index 6ae8b54882..997e3f662f 100644 --- a/definitions/crds/kyverno.io_generaterequests.yaml +++ b/definitions/crds/kyverno.io_generaterequests.yaml @@ -60,6 +60,15 @@ spec: context: description: Context ... properties: + admissionRequestInfo: + properties: + admissionRequest: + type: string + operation: + description: Operation is the type of resource operation being + checked for admission control + type: string + type: object userInfo: description: RequestInfo contains permission info carried in an admission request. @@ -108,16 +117,6 @@ spec: type: string type: object type: object - admissionRequestInfo: - description: Adding required request information to GR - properties: - admissionRequest: - description: Adding Admission Request to GR. - type: string - operation: - description: Current request operation - type: string - type: object type: object policy: description: Specifies the name of the policy. diff --git a/definitions/crds/kyverno.io_policies.yaml b/definitions/crds/kyverno.io_policies.yaml index 5dac0ab41b..c624d893c2 100644 --- a/definitions/crds/kyverno.io_policies.yaml +++ b/definitions/crds/kyverno.io_policies.yaml @@ -571,7 +571,9 @@ spec: type: array resources: description: ResourceDescription contains information about - the resource being created or modified. + the resource being created or modified. Specifying ResourceDescription + directly under exclude is being deprecated. Please specify + under "any" or "all" instead. properties: annotations: additionalProperties: @@ -1245,7 +1247,9 @@ spec: resources: description: ResourceDescription contains information about the resource being created or modified. Requires at least - one tag to be specified when under MatchResources. + one tag to be specified when under MatchResources. Specifying + ResourceDescription directly under match is being deprecated. + Please specify under "any" or "all" instead. properties: annotations: additionalProperties: diff --git a/definitions/install.yaml b/definitions/install.yaml index a00da10b61..ce4da86064 100644 --- a/definitions/install.yaml +++ b/definitions/install.yaml @@ -374,7 +374,10 @@ spec: type: string type: array resources: - description: ResourceDescription contains information about the resource being created or modified. + description: ResourceDescription contains information about + the resource being created or modified. Specifying ResourceDescription + directly under exclude is being deprecated. Please specify + under "any" or "all" instead. properties: annotations: additionalProperties: @@ -781,7 +784,11 @@ spec: type: string type: array resources: - description: ResourceDescription contains information about the resource being created or modified. Requires at least one tag to be specified when under MatchResources. + description: ResourceDescription contains information about + the resource being created or modified. Requires at least + one tag to be specified when under MatchResources. Specifying + ResourceDescription directly under match is being deprecated. + Please specify under "any" or "all" instead. properties: annotations: additionalProperties: @@ -2154,13 +2161,12 @@ spec: description: Context ... properties: admissionRequestInfo: - description: Adding required request information to GR properties: admissionRequest: - description: Adding Admission Request to GR. type: string operation: - description: Current request operation + description: Operation is the type of resource operation being + checked for admission control type: string type: object userInfo: @@ -2635,7 +2641,10 @@ spec: type: string type: array resources: - description: ResourceDescription contains information about the resource being created or modified. + description: ResourceDescription contains information about + the resource being created or modified. Specifying ResourceDescription + directly under exclude is being deprecated. Please specify + under "any" or "all" instead. properties: annotations: additionalProperties: @@ -3042,7 +3051,11 @@ spec: type: string type: array resources: - description: ResourceDescription contains information about the resource being created or modified. Requires at least one tag to be specified when under MatchResources. + description: ResourceDescription contains information about + the resource being created or modified. Requires at least + one tag to be specified when under MatchResources. Specifying + ResourceDescription directly under match is being deprecated. + Please specify under "any" or "all" instead. properties: annotations: additionalProperties: diff --git a/definitions/install_debug.yaml b/definitions/install_debug.yaml index 4ebb00793e..9da4f8765f 100755 --- a/definitions/install_debug.yaml +++ b/definitions/install_debug.yaml @@ -361,7 +361,10 @@ spec: type: string type: array resources: - description: ResourceDescription contains information about the resource being created or modified. + description: ResourceDescription contains information about + the resource being created or modified. Specifying ResourceDescription + directly under exclude is being deprecated. Please specify + under "any" or "all" instead. properties: annotations: additionalProperties: @@ -768,7 +771,11 @@ spec: type: string type: array resources: - description: ResourceDescription contains information about the resource being created or modified. Requires at least one tag to be specified when under MatchResources. + description: ResourceDescription contains information about + the resource being created or modified. Requires at least + one tag to be specified when under MatchResources. Specifying + ResourceDescription directly under match is being deprecated. + Please specify under "any" or "all" instead. properties: annotations: additionalProperties: @@ -2120,13 +2127,12 @@ spec: description: Context ... properties: admissionRequestInfo: - description: Adding required request information to GR properties: admissionRequest: - description: Adding Admission Request to GR. type: string operation: - description: Current request operation + description: Operation is the type of resource operation being + checked for admission control type: string type: object userInfo: @@ -2594,7 +2600,10 @@ spec: type: string type: array resources: - description: ResourceDescription contains information about the resource being created or modified. + description: ResourceDescription contains information about + the resource being created or modified. Specifying ResourceDescription + directly under exclude is being deprecated. Please specify + under "any" or "all" instead. properties: annotations: additionalProperties: @@ -3001,7 +3010,11 @@ spec: type: string type: array resources: - description: ResourceDescription contains information about the resource being created or modified. Requires at least one tag to be specified when under MatchResources. + description: ResourceDescription contains information about + the resource being created or modified. Requires at least + one tag to be specified when under MatchResources. Specifying + ResourceDescription directly under match is being deprecated. + Please specify under "any" or "all" instead. properties: annotations: additionalProperties: diff --git a/pkg/api/kyverno/v1/policy_types.go b/pkg/api/kyverno/v1/policy_types.go index 3a6aba16f9..1a1236bf68 100755 --- a/pkg/api/kyverno/v1/policy_types.go +++ b/pkg/api/kyverno/v1/policy_types.go @@ -267,11 +267,15 @@ type MatchResources struct { All ResourceFilters `json:"all,omitempty" yaml:"all,omitempty"` // UserInfo contains information about the user performing the operation. + // Specifying UserInfo directly under match is being deprecated. + // Please specify under "any" or "all" instead. // +optional UserInfo `json:",omitempty" yaml:",omitempty"` // ResourceDescription contains information about the resource being created or modified. // Requires at least one tag to be specified when under MatchResources. + // Specifying ResourceDescription directly under match is being deprecated. + // Please specify under "any" or "all" instead. // +optional ResourceDescription `json:"resources,omitempty" yaml:"resources,omitempty"` } @@ -288,10 +292,14 @@ type ExcludeResources struct { All ResourceFilters `json:"all,omitempty" yaml:"all,omitempty"` // UserInfo contains information about the user performing the operation. + // Specifying UserInfo directly under exclude is being deprecated. + // Please specify under "any" or "all" instead. // +optional UserInfo `json:",omitempty" yaml:",omitempty"` // ResourceDescription contains information about the resource being created or modified. + // Specifying ResourceDescription directly under exclude is being deprecated. + // Please specify under "any" or "all" instead. // +optional ResourceDescription `json:"resources,omitempty" yaml:"resources,omitempty"` }