Merge branch 'master' into dev/update-api

Author: leonardoce

.github/workflows/trivy.yaml

@@ -16,8 +16,8 @@ jobs:
       - name: Install go
         uses: actions/setup-go@v5
         with:
-          go-version: ^1.19
-      
+          go-version: ^1.22.3
+
       - name: Build images from Dockerfile
         run: |
           make

Makefile

@@ -17,3 +17,16 @@
 CMDS=snapshot-controller csi-snapshotter snapshot-validation-webhook
 all: build
 include release-tools/build.make
+
+# The test-vendor-client target performs vendor checks in both
+# the external-snapshotter module and the client module.
+# This target has been added for the following reasons:
+# 1. The test-vendor target does not perform vendor checks for the client module.
+# 2. The test-vendor target cannot detect if vendor updates have been made in
+# the external-snapshotter module when changes are made in the client module.
+.PHONY: test-vendor-client
+test: test-vendor-client
+test-vendor-client:
+	@ echo; echo "### $@:"
+	@ cd client && ../release-tools/verify-vendor.sh
+	@ hack/verify-vendor.sh

client/apis/volumegroupsnapshot/v1alpha1/types.go

@@ -36,6 +36,7 @@ type VolumeGroupSnapshotSpec struct {
 	// class will be used.
 	// Empty string is not allowed for this field.
 	// +optional
+	// +kubebuilder:validation:XValidation:rule="size(self) > 0",message="volumeGroupSnapshotClassName must not be the empty string when set"
 	VolumeGroupSnapshotClassName *string `json:"volumeGroupSnapshotClassName,omitempty" protobuf:"bytes,2,opt,name=volumeGroupSnapshotClassName"`
 }
 
@@ -44,6 +45,9 @@ type VolumeGroupSnapshotSpec struct {
 // object should be used.
 // Exactly one of its members must be set.
 // Members in VolumeGroupSnapshotSource are immutable.
+// +kubebuilder:validation:XValidation:rule="!has(oldSelf.selector) || has(self.selector)", message="selector is required once set"
+// +kubebuilder:validation:XValidation:rule="!has(oldSelf.volumeGroupSnapshotContentName) || has(self.volumeGroupSnapshotContentName)", message="volumeGroupSnapshotContentName is required once set"
+// +kubebuilder:validation:XValidation:rule="(has(self.selector) && !has(self.volumeGroupSnapshotContentName)) || (!has(self.selector) && has(self.volumeGroupSnapshotContentName))", message="exactly one of selector and volumeGroupSnapshotContentName must be set"
 type VolumeGroupSnapshotSource struct {
 	// Selector is a label query over persistent volume claims that are to be
 	// grouped together for snapshotting.
@@ -53,6 +57,7 @@ type VolumeGroupSnapshotSource struct {
 	// Once a VolumeGroupSnapshotContent is created and the sidecar starts to process
 	// it, the volume list will not change with retries.
 	// +optional
+	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="selector is immutable"
 	Selector *metav1.LabelSelector `json:"selector,omitempty" protobuf:"bytes,1,opt,name=selector"`
 
 	// VolumeGroupSnapshotContentName specifies the name of a pre-existing VolumeGroupSnapshotContent
@@ -61,6 +66,7 @@ type VolumeGroupSnapshotSource struct {
 	// only needs a representation in Kubernetes.
 	// This field is immutable.
 	// +optional
+	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="volumeGroupSnapshotContentName is immutable"
 	VolumeGroupSnapshotContentName *string `json:"volumeGroupSnapshotContentName,omitempty" protobuf:"bytes,2,opt,name=volumeGroupSnapshotContentName"`
 }
 
@@ -274,6 +280,8 @@ type VolumeGroupSnapshotContentSpec struct {
 	// VolumeGroupSnapshot object MUST be provided for binding to happen.
 	// This field is immutable after creation.
 	// Required.
+	// +kubebuilder:validation:XValidation:rule="has(self.name) && has(self.__namespace__)",message="both volumeGroupSnapshotRef.name and volumeGroupSnapshotRef.namespace must be set"
+	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="volumeGroupSnapshotRef is immutable"
 	VolumeGroupSnapshotRef core_v1.ObjectReference `json:"volumeGroupSnapshotRef" protobuf:"bytes,1,opt,name=volumeGroupSnapshotRef"`
 
 	// DeletionPolicy determines whether this VolumeGroupSnapshotContent and the
@@ -366,11 +374,15 @@ type PVVolumeSnapshotContentPair struct {
 // VolumeGroupSnapshotContentSource represents the CSI source of a group snapshot.
 // Exactly one of its members must be set.
 // Members in VolumeGroupSnapshotContentSource are immutable.
+// +kubebuilder:validation:XValidation:rule="!has(oldSelf.volumeHandles) || has(self.volumeHandles)", message="volumeHandles is required once set"
+// +kubebuilder:validation:XValidation:rule="!has(oldSelf.groupSnapshotHandles) || has(self.groupSnapshotHandles)", message="groupSnapshotHandles is required once set"
+// +kubebuilder:validation:XValidation:rule="(has(self.volumeHandles) && !has(self.groupSnapshotHandles)) || (!has(self.volumeHandles) && has(self.groupSnapshotHandles))", message="exactly one of volumeHandles and groupSnapshotHandles must be set"
 type VolumeGroupSnapshotContentSource struct {
 	// VolumeHandles is a list of volume handles on the backend to be snapshotted
 	// together. It is specified for dynamic provisioning of the VolumeGroupSnapshot.
 	// This field is immutable.
 	// +optional
+	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="volumeHandles is immutable"
 	VolumeHandles []string `json:"volumeHandles,omitempty" protobuf:"bytes,1,opt,name=volumeHandles"`
 
 	// GroupSnapshotHandles specifies the CSI "group_snapshot_id" of a pre-existing
@@ -379,6 +391,7 @@ type VolumeGroupSnapshotContentSource struct {
 	// representation was (or should be) created.
 	// This field is immutable.
 	// +optional
+	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="groupSnapshotHandles is immutable"
 	GroupSnapshotHandles *GroupSnapshotHandles `json:"groupSnapshotHandles,omitempty" protobuf:"bytes,2,opt,name=groupSnapshotHandles"`
 }
 

client/apis/volumesnapshot/v1/types.go

@@ -91,6 +91,7 @@ type VolumeSnapshotSpec struct {
 	// CreateSnapshot will fail and generate an event.
 	// Empty string is not allowed for this field.
 	// +optional
+	// +kubebuilder:validation:XValidation:rule="size(self) > 0",message="volumeSnapshotClassName must not be the empty string when set"
 	VolumeSnapshotClassName *string `json:"volumeSnapshotClassName,omitempty" protobuf:"bytes,2,opt,name=volumeSnapshotClassName"`
 }
 
@@ -99,6 +100,9 @@ type VolumeSnapshotSpec struct {
 // object should be used.
 // Exactly one of its members must be set.
 // Members in VolumeSnapshotSource are immutable.
+// +kubebuilder:validation:XValidation:rule="!has(oldSelf.persistentVolumeClaimName) || has(self.persistentVolumeClaimName)", message="persistentVolumeClaimName is required once set"
+// +kubebuilder:validation:XValidation:rule="!has(oldSelf.volumeSnapshotContentName) || has(self.volumeSnapshotContentName)", message="volumeSnapshotContentName is required once set"
+// +kubebuilder:validation:XValidation:rule="(has(self.volumeSnapshotContentName) && !has(self.persistentVolumeClaimName)) || (!has(self.volumeSnapshotContentName) && has(self.persistentVolumeClaimName))", message="exactly one of volumeSnapshotContentName and persistentVolumeClaimName must be set"
 type VolumeSnapshotSource struct {
 	// persistentVolumeClaimName specifies the name of the PersistentVolumeClaim
 	// object representing the volume from which a snapshot should be created.
@@ -108,13 +112,15 @@ type VolumeSnapshotSource struct {
 	// created.
 	// This field is immutable.
 	// +optional
+	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="persistentVolumeClaimName is immutable"
 	PersistentVolumeClaimName *string `json:"persistentVolumeClaimName,omitempty" protobuf:"bytes,1,opt,name=persistentVolumeClaimName"`
 
 	// volumeSnapshotContentName specifies the name of a pre-existing VolumeSnapshotContent
 	// object representing an existing volume snapshot.
 	// This field should be set if the snapshot already exists and only needs a representation in Kubernetes.
 	// This field is immutable.
 	// +optional
+	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="volumeSnapshotContentName is immutable"
 	VolumeSnapshotContentName *string `json:"volumeSnapshotContentName,omitempty" protobuf:"bytes,2,opt,name=volumeSnapshotContentName"`
 }
 
@@ -289,6 +295,7 @@ type VolumeSnapshotContentList struct {
 }
 
 // VolumeSnapshotContentSpec is the specification of a VolumeSnapshotContent
+// +kubebuilder:validation:XValidation:rule="!has(oldSelf.sourceVolumeMode) || has(self.sourceVolumeMode)", message="sourceVolumeMode is required once set"
 type VolumeSnapshotContentSpec struct {
 	// volumeSnapshotRef specifies the VolumeSnapshot object to which this
 	// VolumeSnapshotContent object is bound.
@@ -298,6 +305,7 @@ type VolumeSnapshotContentSpec struct {
 	// VolumeSnapshot object MUST be provided for binding to happen.
 	// This field is immutable after creation.
 	// Required.
+	// +kubebuilder:validation:XValidation:rule="has(self.name) && has(self.__namespace__)",message="both spec.volumeSnapshotRef.name and spec.volumeSnapshotRef.namespace must be set"
 	VolumeSnapshotRef core_v1.ObjectReference `json:"volumeSnapshotRef" protobuf:"bytes,1,opt,name=volumeSnapshotRef"`
 
 	// deletionPolicy determines whether this VolumeSnapshotContent and its physical snapshot on
@@ -340,24 +348,30 @@ type VolumeSnapshotContentSpec struct {
 	// This field is immutable.
 	// This field is an alpha field.
 	// +optional
+	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="sourceVolumeMode is immutable"
 	SourceVolumeMode *core_v1.PersistentVolumeMode `json:"sourceVolumeMode" protobuf:"bytes,6,opt,name=sourceVolumeMode"`
 }
 
 // VolumeSnapshotContentSource represents the CSI source of a snapshot.
 // Exactly one of its members must be set.
 // Members in VolumeSnapshotContentSource are immutable.
+// +kubebuilder:validation:XValidation:rule="!has(oldSelf.volumeHandle) || has(self.volumeHandle)", message="volumeHandle is required once set"
+// +kubebuilder:validation:XValidation:rule="!has(oldSelf.snapshotHandle) || has(self.snapshotHandle)", message="snapshotHandle is required once set"
+// +kubebuilder:validation:XValidation:rule="(has(self.volumeHandle) && !has(self.snapshotHandle)) || (!has(self.volumeHandle) && has(self.snapshotHandle))", message="exactly one of volumeHandle and snapshotHandle must be set"
 type VolumeSnapshotContentSource struct {
 	// volumeHandle specifies the CSI "volume_id" of the volume from which a snapshot
 	// should be dynamically taken from.
 	// This field is immutable.
 	// +optional
+	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="volumeHandle is immutable"
 	VolumeHandle *string `json:"volumeHandle,omitempty" protobuf:"bytes,1,opt,name=volumeHandle"`
 
 	// snapshotHandle specifies the CSI "snapshot_id" of a pre-existing snapshot on
 	// the underlying storage system for which a Kubernetes object representation
 	// was (or should be) created.
 	// This field is immutable.
 	// +optional
+	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="snapshotHandle is immutable"
 	SnapshotHandle *string `json:"snapshotHandle,omitempty" protobuf:"bytes,2,opt,name=snapshotHandle"`
 }
 

client/config/crd/groupsnapshot.storage.k8s.io_volumegroupsnapshotclasses.yaml

@@ -4,8 +4,7 @@ kind: CustomResourceDefinition
 metadata:
   annotations:
     api-approved.kubernetes.io: "https://github.com/kubernetes-csi/external-snapshotter/pull/814"
-    controller-gen.kubebuilder.io/version: v0.12.0
-  creationTimestamp: null
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: volumegroupsnapshotclasses.groupsnapshot.storage.k8s.io
 spec:
   group: groupsnapshot.storage.k8s.io
@@ -35,45 +34,56 @@ spec:
     name: v1alpha1
     schema:
       openAPIV3Schema:
-        description: VolumeGroupSnapshotClass specifies parameters that a underlying
-          storage system uses when creating a volume group snapshot. A specific VolumeGroupSnapshotClass
-          is used by specifying its name in a VolumeGroupSnapshot object. VolumeGroupSnapshotClasses
-          are non-namespaced.
+        description: |-
+          VolumeGroupSnapshotClass specifies parameters that a underlying storage system
+          uses when creating a volume group snapshot. A specific VolumeGroupSnapshotClass
+          is used by specifying its name in a VolumeGroupSnapshot object.
+          VolumeGroupSnapshotClasses are non-namespaced.
         properties:
           apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
             type: string
           deletionPolicy:
-            description: DeletionPolicy determines whether a VolumeGroupSnapshotContent
-              created through the VolumeGroupSnapshotClass should be deleted when
-              its bound VolumeGroupSnapshot is deleted. Supported values are "Retain"
-              and "Delete". "Retain" means that the VolumeGroupSnapshotContent and
-              its physical group snapshot on underlying storage system are kept. "Delete"
-              means that the VolumeGroupSnapshotContent and its physical group snapshot
-              on underlying storage system are deleted. Required.
+            description: |-
+              DeletionPolicy determines whether a VolumeGroupSnapshotContent created
+              through the VolumeGroupSnapshotClass should be deleted when its bound
+              VolumeGroupSnapshot is deleted.
+              Supported values are "Retain" and "Delete".
+              "Retain" means that the VolumeGroupSnapshotContent and its physical group
+              snapshot on underlying storage system are kept.
+              "Delete" means that the VolumeGroupSnapshotContent and its physical group
+              snapshot on underlying storage system are deleted.
+              Required.
             enum:
             - Delete
             - Retain
             type: string
           driver:
-            description: Driver is the name of the storage driver expected to handle
-              this VolumeGroupSnapshotClass. Required.
+            description: |-
+              Driver is the name of the storage driver expected to handle this VolumeGroupSnapshotClass.
+              Required.
             type: string
           kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
             type: string
           metadata:
             type: object
           parameters:
             additionalProperties:
               type: string
-            description: Parameters is a key-value map with storage driver specific
-              parameters for creating group snapshots. These values are opaque to
-              Kubernetes and are passed directly to the driver.
+            description: |-
+              Parameters is a key-value map with storage driver specific parameters for
+              creating group snapshots.
+              These values are opaque to Kubernetes and are passed directly to the driver.
             type: object
         required:
         - deletionPolicy