SANDBOX-1465: update kube & openshift dependencies to 4.20

.govulncheck.yaml

@@ -1,61 +1 @@
-ignored-vulnerabilities:
-  # Panic when validating certificates with DSA public keys in crypto/x509
-  # Found in: crypto/x509@go1.23.12
-  # Fixed in: crypto/x509@go1.24.8
-  - id: GO-2025-4013
-    info: https://pkg.go.dev/vuln/GO-2025-4013
-    silence-until: 2026-01-09
-  # Lack of limit when parsing cookies can cause memory exhaustion in net/http
-  # Found in: net/http@go1.23.12
-  # Fixed in: net/http@go1.24.8
-  - id: GO-2025-4012
-    info: https://pkg.go.dev/vuln/GO-2025-4012
-    silence-until: 2026-01-09
-  # Parsing DER payload can cause memory exhaustion in encoding/asn1
-  # Found in: encoding/asn1@go1.23.12
-  # Fixed in: encoding/asn1@go1.24.8
-  - id: GO-2025-4011
-    info: https://pkg.go.dev/vuln/GO-2025-4011
-    silence-until: 2026-01-09
-  # Insufficient validation of bracketed IPv6 hostnames in net/url
-  # Found in: net/url@go1.23.12
-  # Fixed in: net/url@go1.24.8
-  - id: GO-2025-4010
-    info: https://pkg.go.dev/vuln/GO-2025-4010
-    silence-until: 2026-01-09
-  # Quadratic complexity when parsing some invalid inputs in encoding/pem
-  # Found in: encoding/pem@go1.23.12
-  # Fixed in: encoding/pem@go1.24.8
-  - id: GO-2025-4009
-    info: https://pkg.go.dev/vuln/GO-2025-4009
-    silence-until: 2026-01-09
-  # ALPN negotiation error contains attacker controlled information in crypto/tls
-  # Found in: crypto/tls@go1.23.12
-  # Fixed in: crypto/tls@go1.24.8
-  - id: GO-2025-4008
-    info: https://pkg.go.dev/vuln/GO-2025-4008
-    silence-until: 2026-01-09
-  # Quadratic complexity when checking name constraints in crypto/x509
-  # Found in: crypto/x509@go1.23.12
-  # Fixed in: crypto/x509@go1.24.9
-  - id: GO-2025-4007
-    info: https://pkg.go.dev/vuln/GO-2025-4007
-    silence-until: 2026-01-09
-  # Excessive CPU consumption in ParseAddress in net/mail
-  # Found in: net/mail@go1.23.12
-  # Fixed in: net/mail@go1.24.8
-  - id: GO-2025-4006
-    info: https://pkg.go.dev/vuln/GO-2025-4006
-    silence-until: 2026-01-09
-  # Excessive resource consumption when printing error string for host certificate validation in crypto/x509
-  # Found in: crypto/x509@go1.23.12
-  # Fixed in: crypto/x509@go1.24.11
-  - id: GO-2025-4155
-    info: https://pkg.go.dev/vuln/GO-2025-4155
-    silence-until: 2026-01-09
-  # Improper application of excluded DNS name constraints when verifying wildcard names in crypto/x509
-  # Found in: crypto/x509@go1.23.12
-  # Fixed in: crypto/x509@go1.24.11
-  - id: GO-2025-4175
-    info: https://pkg.go.dev/vuln/GO-2025-4175
-    silence-until: 2026-01-09
+ignored-vulnerabilities: []

README.adoc

@@ -10,7 +10,7 @@ This is the CodeReady Toolchain Member Operator repository. It contains the Open
 
 == Build
 
-Requires Go version 1.23.x (1.23.12 or higher) - download for your development environment https://golang.org/dl/[here].
+Requires Go version 1.24.x (1.24.11 or higher) - download for your development environment https://golang.org/dl/[here].
 
 This repository uses https://github.com/golang/go/wiki/Modules[Go modules].
 

config/crd/bases/toolchain.dev.openshift.com_idlers.yaml

@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.17.3
+    controller-gen.kubebuilder.io/version: v0.18.0
   name: idlers.toolchain.dev.openshift.com
 spec:
   group: toolchain.dev.openshift.com

config/crd/bases/toolchain.dev.openshift.com_memberoperatorconfigs.yaml

@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.17.3
+    controller-gen.kubebuilder.io/version: v0.18.0
   name: memberoperatorconfigs.toolchain.dev.openshift.com
 spec:
   group: toolchain.dev.openshift.com

config/crd/bases/toolchain.dev.openshift.com_memberstatuses.yaml

@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.17.3
+    controller-gen.kubebuilder.io/version: v0.18.0
   name: memberstatuses.toolchain.dev.openshift.com
 spec:
   group: toolchain.dev.openshift.com

config/crd/bases/toolchain.dev.openshift.com_nstemplatesets.yaml

@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.17.3
+    controller-gen.kubebuilder.io/version: v0.18.0
   name: nstemplatesets.toolchain.dev.openshift.com
 spec:
   group: toolchain.dev.openshift.com

config/crd/bases/toolchain.dev.openshift.com_spacebindingrequests.yaml

@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.17.3
+    controller-gen.kubebuilder.io/version: v0.18.0
   name: spacebindingrequests.toolchain.dev.openshift.com
 spec:
   group: toolchain.dev.openshift.com

config/crd/bases/toolchain.dev.openshift.com_spacerequests.yaml

@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.17.3
+    controller-gen.kubebuilder.io/version: v0.18.0
   name: spacerequests.toolchain.dev.openshift.com
 spec:
   group: toolchain.dev.openshift.com

config/crd/bases/toolchain.dev.openshift.com_toolchainclusters.yaml

@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.17.3
+    controller-gen.kubebuilder.io/version: v0.18.0
   name: toolchainclusters.toolchain.dev.openshift.com
 spec:
   group: toolchain.dev.openshift.com

config/crd/bases/toolchain.dev.openshift.com_useraccounts.yaml

@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.17.3
+    controller-gen.kubebuilder.io/version: v0.18.0
   name: useraccounts.toolchain.dev.openshift.com
 spec:
   group: toolchain.dev.openshift.com

config/crd/bases/toolchain.dev.openshift.com_workspaces.yaml

@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.17.3
+    controller-gen.kubebuilder.io/version: v0.18.0
   name: workspaces.toolchain.dev.openshift.com
 spec:
   group: toolchain.dev.openshift.com

config/scorecard/kustomization.yaml

@@ -1,6 +1,6 @@
 resources:
 - bases/config.yaml
-patchesJson6902:
+patches:
 - path: patches/basic.config.yaml
   target:
     group: scorecard.operatorframework.io
@@ -13,4 +13,4 @@ patchesJson6902:
     version: v1alpha3
     kind: Configuration
     name: config
-#+kubebuilder:scaffold:patchesJson6902
+#+kubebuilder:scaffold:patches

controllers/idler/idler_controller.go

@@ -89,7 +89,7 @@ type Reconciler struct {
 // and what is in the Idler.Spec
 // Note:
 // The Controller will requeue the Request to be processed again if the returned error is non-nil or
-// Result.Requeue is true, otherwise upon completion it will remove the work from the queue.
+// Result.RequeueAfter > 0 is true, otherwise upon completion it will remove the work from the queue.
 func (r *Reconciler) Reconcile(ctx context.Context, request ctrl.Request) (ctrl.Result, error) {
 	logger := log.FromContext(ctx)
 	logger.Info("new reconcile loop")
@@ -125,7 +125,6 @@ func (r *Reconciler) Reconcile(ctx context.Context, request ctrl.Request) (ctrl.
 	}
 	logger.Info("requeueing for next pod to check", "after_seconds", requeueAfter.Seconds())
 	result := reconcile.Result{
-		Requeue:      true,
 		RequeueAfter: requeueAfter,
 	}
 	return result, r.setStatusReady(ctx, idler)

controllers/idler/idler_controller_test.go

@@ -128,7 +128,6 @@ func TestEnsureIdling(t *testing.T) {
 
 		// then
 		require.NoError(t, err)
-		assert.True(t, res.Requeue)
 		assert.Equal(t, time.Duration(idler.Spec.TimeoutSeconds)*time.Second, res.RequeueAfter)
 		memberoperatortest.AssertThatIdler(t, idler.Name, fakeClients).HasConditions(memberoperatortest.Running())
 	})
@@ -150,7 +149,6 @@ func TestEnsureIdling(t *testing.T) {
 
 		// then
 		require.NoError(t, err)
-		assert.True(t, res.Requeue)
 		// the pods (without startTime) contain also a VM pod, so the next reconcile will be scheduled to the 1/12th of the timeout
 		assert.Equal(t, time.Duration(idler.Spec.TimeoutSeconds)*time.Second/12, res.RequeueAfter)
 	})
@@ -236,7 +234,6 @@ func TestEnsureIdling(t *testing.T) {
 			memberoperatortest.AssertThatIdler(t, idler.Name, fakeClients).
 				HasConditions(memberoperatortest.Running(), memberoperatortest.IdlerNotificationCreated())
 
-			assert.True(t, res.Requeue)
 			// something was idled, expect the next reconcile in 5% of the timeout
 			assertRequeueTimeInDelta(t, res.RequeueAfter, int32(float32(idler.Spec.TimeoutSeconds)*0.05/12))
 
@@ -259,7 +256,6 @@ func TestEnsureIdling(t *testing.T) {
 					HasConditions(memberoperatortest.Running(), memberoperatortest.IdlerNotificationCreated())
 
 				// no pods being tracked -> requeue after idler timeout
-				assert.True(t, res.Requeue)
 				assert.Equal(t, time.Duration(idler.Spec.TimeoutSeconds)*time.Second, res.RequeueAfter)
 			})
 		})
@@ -282,7 +278,6 @@ func TestEnsureIdling(t *testing.T) {
 
 				// then
 				require.NoError(t, err)
-				assert.True(t, res.Requeue)
 				// with VMs, it needs to be approx one twelfth of the idler timeout plus-minus one second
 				assertRequeueTimeInDelta(t, res.RequeueAfter, idler.Spec.TimeoutSeconds/12)
 
@@ -300,7 +295,6 @@ func TestEnsureIdling(t *testing.T) {
 
 					// then
 					require.NoError(t, err)
-					assert.True(t, res.Requeue)
 					// without VMs, it needs to be approx the idler timeout plus-minus one second
 					assertRequeueTimeInDelta(t, res.RequeueAfter, idler.Spec.TimeoutSeconds)
 				})
@@ -366,7 +360,6 @@ func TestEnsureIdling(t *testing.T) {
 
 		//then
 		require.NoError(t, err)
-		assert.True(t, res.Requeue)
 		// something was idled, expect the next reconcile in 5% of the timeout
 		assert.Equal(t, time.Duration(int32(float32(idler.Spec.TimeoutSeconds)*0.05/12))*time.Second, res.RequeueAfter)
 		memberoperatortest.AssertThatIdler(t, idler.Name, fakeClients).
@@ -389,7 +382,6 @@ func TestEnsureIdling(t *testing.T) {
 
 			//then
 			require.NoError(t, err)
-			assert.True(t, res.Requeue)
 			// pods (exceeding the timeout) are still running, expect the next reconcile in 5% of the timeout
 			assert.Equal(t, time.Duration(int32(float32(idler.Spec.TimeoutSeconds)*0.05/12))*time.Second, res.RequeueAfter)
 			memberoperatortest.AssertThatIdler(t, idler.Name, fakeClients).

controllers/memberoperatorconfig/memberoperatorconfig_controller.go

@@ -45,7 +45,7 @@ type Reconciler struct {
 // and what is in the MemberOperatorConfig.Spec
 // Note:
 // The Controller will requeue the Request to be processed again if the returned error is non-nil or
-// Result.Requeue is true, otherwise upon completion it will remove the work from the queue.
+// Result.RequeueAfter > 0 is true, otherwise upon completion it will remove the work from the queue.
 func (r *Reconciler) Reconcile(ctx context.Context, request ctrl.Request) (ctrl.Result, error) {
 	reqLogger := log.FromContext(ctx)
 	reqLogger.Info("Reconciling MemberOperatorConfig")

controllers/useraccount/useraccount_controller.go

@@ -3,9 +3,10 @@ package useraccount
 import (
 	"context"
 	"fmt"
-	rbac "k8s.io/api/rbac/v1"
 	"time"
 
+	rbac "k8s.io/api/rbac/v1"
+
 	toolchainv1alpha1 "github.com/codeready-toolchain/api/api/v1alpha1"
 	commoncontroller "github.com/codeready-toolchain/toolchain-common/controllers"
 	"github.com/codeready-toolchain/toolchain-common/pkg/condition"
@@ -64,7 +65,7 @@ type Reconciler struct {
 // and what is in the UserAccount.Spec
 // Note:
 // The Controller will requeue the Request to be processed again if the returned error is non-nil or
-// Result.Requeue is true, otherwise upon completion it will remove the work from the queue.
+// Result.RequeueAfter > 0 is true, otherwise upon completion it will remove the work from the queue.
 func (r *Reconciler) Reconcile(ctx context.Context, request ctrl.Request) (ctrl.Result, error) {
 	logger := log.FromContext(ctx)
 	logger.Info("reconciling UserAccount")
@@ -137,7 +138,6 @@ func (r *Reconciler) Reconcile(ctx context.Context, request ctrl.Request) (ctrl.
 	if ok && readyCond.Reason == toolchainv1alpha1.UserAccountUpdatingReason && time.Since(readyCond.LastTransitionTime.Time) <= time.Second {
 		// then don't do anything and just postpone the next reconcile
 		return ctrl.Result{
-			Requeue:      true,
 			RequeueAfter: time.Second,
 		}, nil
 	}