kubernetes-sigs
diff --git a/‎Makefile‎
Lines changed: 8 additions & 8 deletions b/‎Makefile‎
Lines changed: 8 additions & 8 deletions
diff --git a/‎api/v1alpha1/helmchartproxy_webhook.go‎
Lines changed: 55 additions & 31 deletions b/‎api/v1alpha1/helmchartproxy_webhook.go‎
Lines changed: 55 additions & 31 deletions
diff --git a/‎api/v1alpha1/helmreleaseproxy_webhook.go‎
Lines changed: 52 additions & 27 deletions b/‎api/v1alpha1/helmreleaseproxy_webhook.go‎
Lines changed: 52 additions & 27 deletions
diff --git a/‎config/certmanager/kustomization.yaml‎
Lines changed: 2 additions & 0 deletions b/‎config/certmanager/kustomization.yaml‎
Lines changed: 2 additions & 0 deletions
@@ -51,7 +51,7 @@ BUILD_CONTAINER_ADDITIONAL_ARGS ?=
 #
 # Kubebuilder.
 #
-export KUBEBUILDER_ENVTEST_KUBERNETES_VERSION ?= 1.32.0
+export KUBEBUILDER_ENVTEST_KUBERNETES_VERSION ?= 1.33.0
 export KUBEBUILDER_CONTROLPLANE_START_TIMEOUT ?= 60s
 export KUBEBUILDER_CONTROLPLANE_STOP_TIMEOUT ?= 60s
 
@@ -115,7 +115,7 @@ get_go_version = $(shell go list -m $1 | rev | cut -d' ' -f1 | rev)
 # curl retries
 CURL_RETRIES=3
 
-KUSTOMIZE_VER := v5.3.0
+KUSTOMIZE_VER := v5.6.0
 KUSTOMIZE_BIN := kustomize
 KUSTOMIZE := $(abspath $(TOOLS_BIN_DIR)/$(KUSTOMIZE_BIN)-$(KUSTOMIZE_VER))
 KUSTOMIZE_PKG := sigs.k8s.io/kustomize/kustomize/v5
@@ -128,12 +128,12 @@ MOCKGEN_VER := $(call get_go_version,$(MOCKGEN_PKG))
 MOCKGEN_BIN := mockgen
 MOCKGEN := $(TOOLS_BIN_DIR)/$(MOCKGEN_BIN)-$(MOCKGEN_VER)
 
-SETUP_ENVTEST_VER := release-0.19
+SETUP_ENVTEST_VER := release-0.20
 SETUP_ENVTEST_BIN := setup-envtest
 SETUP_ENVTEST := $(abspath $(TOOLS_BIN_DIR)/$(SETUP_ENVTEST_BIN)-$(SETUP_ENVTEST_VER))
 SETUP_ENVTEST_PKG := sigs.k8s.io/controller-runtime/tools/setup-envtest
 
-CONTROLLER_GEN_VER := v0.16.1
+CONTROLLER_GEN_VER := v0.17.2
 CONTROLLER_GEN_BIN := controller-gen
 CONTROLLER_GEN := $(abspath $(TOOLS_BIN_DIR)/$(CONTROLLER_GEN_BIN)-$(CONTROLLER_GEN_VER))
 CONTROLLER_GEN_PKG := sigs.k8s.io/controller-tools/cmd/controller-gen
@@ -143,7 +143,7 @@ GOTESTSUM_BIN := gotestsum
 GOTESTSUM := $(abspath $(TOOLS_BIN_DIR)/$(GOTESTSUM_BIN)-$(GOTESTSUM_VER))
 GOTESTSUM_PKG := gotest.tools/gotestsum
 
-CONVERSION_GEN_VER := v0.31.0
+CONVERSION_GEN_VER := v0.32.2
 CONVERSION_GEN_BIN := conversion-gen
 # We are intentionally using the binary without version suffix, to avoid the version
 # in generated files.
@@ -165,12 +165,12 @@ HADOLINT_FAILURE_THRESHOLD = warning
 
 SHELLCHECK_VER := v0.9.0
 
-KPROMO_VER := v4.0.5
+KPROMO_VER := 5ab0dbc74b0228c22a93d240596dff77464aee8f
 KPROMO_BIN := kpromo
 KPROMO :=  $(abspath $(TOOLS_BIN_DIR)/$(KPROMO_BIN)-$(KPROMO_VER))
 KPROMO_PKG := sigs.k8s.io/promo-tools/v4/cmd/kpromo
 
-RELEASE_NOTES_VER := v0.12.0
+RELEASE_NOTES_VER := v0.18.0
 RELEASE_NOTES_BIN := release-notes
 RELEASE_NOTES := $(TOOLS_BIN_DIR)/$(RELEASE_NOTES_BIN)-$(RELEASE_NOTES_VER)
 
@@ -187,7 +187,7 @@ GINKGO_PKG := github.com/onsi/ginkgo/v2/ginkgo
 CONVERSION_VERIFIER_BIN := conversion-verifier
 CONVERSION_VERIFIER := $(abspath $(TOOLS_BIN_DIR)/$(CONVERSION_VERIFIER_BIN))
 
-OPENAPI_GEN_VER := dc4e619 # main branch as of 22.04.2024
+OPENAPI_GEN_VER := 2c72e55 # main branch as of 03.01.2025
 OPENAPI_GEN_BIN := openapi-gen
 # We are intentionally using the binary without version suffix, to avoid the version
 # in generated files.
 
@@ -17,6 +17,7 @@ limitations under the License.
 package v1alpha1
 
 import (
+	"context"
 	"fmt"
 	"net/url"
 	"time"
@@ -35,96 +36,119 @@ import (
 var helmchartproxylog = logf.Log.WithName("helmchartproxy-resource")
 
 func (r *HelmChartProxy) SetupWebhookWithManager(mgr ctrl.Manager) error {
+	w := new(helmChartProxyWebhook)
+
 	return ctrl.NewWebhookManagedBy(mgr).
 		For(r).
+		WithDefaulter(w).
+		WithValidator(w).
 		Complete()
 }
 
-// TODO(user): EDIT THIS FILE!  THIS IS SCAFFOLDING FOR YOU TO OWN!
-
 //+kubebuilder:webhook:path=/mutate-addons-cluster-x-k8s-io-v1alpha1-helmchartproxy,mutating=true,failurePolicy=fail,sideEffects=None,groups=addons.cluster.x-k8s.io,resources=helmchartproxies,verbs=create;update,versions=v1alpha1,name=helmchartproxy.kb.io,admissionReviewVersions=v1
 
-var _ webhook.Defaulter = &HelmChartProxy{}
+type helmChartProxyWebhook struct{}
+
+var (
+	_ webhook.CustomValidator = &helmChartProxyWebhook{}
+	_ webhook.CustomDefaulter = &helmChartProxyWebhook{}
+)
 
 const helmTimeout = 10 * time.Minute
 
 // Default implements webhook.Defaulter so a webhook will be registered for the type.
-func (p *HelmChartProxy) Default() {
-	helmchartproxylog.Info("default", "name", p.Name)
+func (*helmChartProxyWebhook) Default(_ context.Context, objRaw runtime.Object) error {
+	newObj, ok := objRaw.(*HelmChartProxy)
+	if !ok {
+		return apierrors.NewBadRequest(fmt.Sprintf("expected a HelmChartProxy but got a %T", objRaw))
+	}
+	helmchartproxylog.Info("default", "name", newObj.Name)
 
-	if p.Spec.ReleaseNamespace == "" {
-		p.Spec.ReleaseNamespace = "default"
+	if newObj.Spec.ReleaseNamespace == "" {
+		newObj.Spec.ReleaseNamespace = "default"
 	}
 
-	if p.Spec.Options.Atomic {
-		p.Spec.Options.Wait = true
+	if newObj.Spec.Options.Atomic {
+		newObj.Spec.Options.Wait = true
 	}
 
 	// Note: timeout is also needed to ensure that Spec.Options.Wait works.
-	if p.Spec.Options.Timeout == nil {
-		p.Spec.Options.Timeout = &metav1.Duration{Duration: helmTimeout}
+	if newObj.Spec.Options.Timeout == nil {
+		newObj.Spec.Options.Timeout = &metav1.Duration{Duration: helmTimeout}
 	}
+
+	return nil
 }
 
-// TODO(user): change verbs to "verbs=create;update;delete" if you want to enable deletion validation.
 //+kubebuilder:webhook:path=/validate-addons-cluster-x-k8s-io-v1alpha1-helmchartproxy,mutating=false,failurePolicy=fail,sideEffects=None,groups=addons.cluster.x-k8s.io,resources=helmchartproxies,verbs=create;update,versions=v1alpha1,name=vhelmchartproxy.kb.io,admissionReviewVersions=v1
 
-var _ webhook.Validator = &HelmChartProxy{}
-
 // ValidateCreate implements webhook.Validator so a webhook will be registered for the type.
-func (p *HelmChartProxy) ValidateCreate() (admission.Warnings, error) {
-	helmchartproxylog.Info("validate create", "name", p.Name)
+func (*helmChartProxyWebhook) ValidateCreate(_ context.Context, objRaw runtime.Object) (admission.Warnings, error) {
+	newObj, ok := objRaw.(*HelmChartProxy)
+	if !ok {
+		return nil, apierrors.NewBadRequest(fmt.Sprintf("expected a HelmChartProxy but got a %T", objRaw))
+	}
+
+	helmchartproxylog.Info("validate create", "name", newObj.Name)
 
-	if err := isUrlValid(p.Spec.RepoURL); err != nil {
+	if err := isUrlValid(newObj.Spec.RepoURL); err != nil {
 		return nil, err
 	}
 
 	return nil, nil
 }
 
 // ValidateUpdate implements webhook.Validator so a webhook will be registered for the type.
-func (p *HelmChartProxy) ValidateUpdate(oldRaw runtime.Object) (admission.Warnings, error) {
-	helmchartproxylog.Info("validate update", "name", p.Name)
-
+func (*helmChartProxyWebhook) ValidateUpdate(_ context.Context, oldRaw, newRaw runtime.Object) (admission.Warnings, error) {
 	var allErrs field.ErrorList
-	old, ok := oldRaw.(*HelmChartProxy)
+	oldObj, ok := oldRaw.(*HelmChartProxy)
+	if !ok {
+		return nil, apierrors.NewBadRequest(fmt.Sprintf("expected a HelmChartProxy but got a %T", oldRaw))
+	}
+	newObj, ok := newRaw.(*HelmChartProxy)
 	if !ok {
-		return nil, apierrors.NewBadRequest(fmt.Sprintf("expected a HelmChartProxy but got a %T", old))
+		return nil, apierrors.NewBadRequest(fmt.Sprintf("expected a HelmChartProxy but got a %T", newRaw))
 	}
 
-	if err := isUrlValid(p.Spec.RepoURL); err != nil {
+	helmchartproxylog.Info("validate update", "name", newObj.Name)
+
+	if err := isUrlValid(newObj.Spec.RepoURL); err != nil {
 		allErrs = append(allErrs,
 			field.Invalid(field.NewPath("spec", "RepoURL"),
-				p.Spec.ReleaseNamespace, err.Error()),
+				newObj.Spec.ReleaseNamespace, err.Error()),
 		)
 	}
 
-	if p.Spec.ReconcileStrategy != old.Spec.ReconcileStrategy {
+	if newObj.Spec.ReconcileStrategy != oldObj.Spec.ReconcileStrategy {
 		allErrs = append(allErrs,
 			field.Invalid(field.NewPath("spec", "ReconcileStrategy"),
-				p.Spec.ReconcileStrategy, "field is immutable"),
+				newObj.Spec.ReconcileStrategy, "field is immutable"),
 		)
 	}
 
 	if len(allErrs) > 0 {
-		return nil, apierrors.NewInvalid(GroupVersion.WithKind("HelmChartProxy").GroupKind(), p.Name, allErrs)
+		return nil, apierrors.NewInvalid(GroupVersion.WithKind("HelmChartProxy").GroupKind(), newObj.Name, allErrs)
 	}
 
 	return nil, nil
 }
 
 // ValidateDelete implements webhook.Validator so a webhook will be registered for the type.
-func (p *HelmChartProxy) ValidateDelete() (admission.Warnings, error) {
-	helmchartproxylog.Info("validate delete", "name", p.Name)
+func (*helmChartProxyWebhook) ValidateDelete(_ context.Context, objRaw runtime.Object) (admission.Warnings, error) {
+	obj, ok := objRaw.(*HelmChartProxy)
+	if !ok {
+		return nil, fmt.Errorf("expected a HelmChartProxy object but got %T", objRaw)
+	}
+
+	helmchartproxylog.Info("validate delete", "name", obj.Name)
 
 	// TODO(user): fill in your validation logic upon object deletion.
 	return nil, nil
 }
 
 // isUrlValid returns true if specified repoURL is valid as per go doc https://pkg.go.dev/net/url#ParseRequestURI.
 func isUrlValid(repoURL string) error {
-	_, err := url.ParseRequestURI(repoURL)
-	if err != nil {
+	if _, err := url.ParseRequestURI(repoURL); err != nil {
 		return fmt.Errorf("specified repoURL %s is not valid: %w", repoURL, err)
 	}
 
 
@@ -17,6 +17,7 @@ limitations under the License.
 package v1alpha1
 
 import (
+	"context"
 	"fmt"
 	"reflect"
 
@@ -33,89 +34,113 @@ import (
 var helmreleaseproxylog = logf.Log.WithName("helmreleaseproxy-resource")
 
 func (r *HelmReleaseProxy) SetupWebhookWithManager(mgr ctrl.Manager) error {
+	w := new(helmReleaseProxyWebhook)
+
 	return ctrl.NewWebhookManagedBy(mgr).
 		For(r).
+		WithDefaulter(w).
+		WithValidator(w).
 		Complete()
 }
 
-// TODO(user): EDIT THIS FILE!  THIS IS SCAFFOLDING FOR YOU TO OWN!
-
 //+kubebuilder:webhook:path=/mutate-addons-cluster-x-k8s-io-v1alpha1-helmreleaseproxy,mutating=true,failurePolicy=fail,sideEffects=None,groups=addons.cluster.x-k8s.io,resources=helmreleaseproxies,verbs=create;update,versions=v1alpha1,name=helmreleaseproxy.kb.io,admissionReviewVersions=v1
 
-var _ webhook.Defaulter = &HelmReleaseProxy{}
+type helmReleaseProxyWebhook struct{}
+
+var (
+	_ webhook.CustomValidator = &helmReleaseProxyWebhook{}
+	_ webhook.CustomDefaulter = &helmReleaseProxyWebhook{}
+)
 
 // Default implements webhook.Defaulter so a webhook will be registered for the type.
-func (p *HelmReleaseProxy) Default() {
-	helmreleaseproxylog.Info("default", "name", p.Name)
+func (*helmReleaseProxyWebhook) Default(_ context.Context, objRaw runtime.Object) error {
+	obj, ok := objRaw.(*HelmReleaseProxy)
+	if !ok {
+		return apierrors.NewBadRequest(fmt.Sprintf("expected a HelmReleaseProxy but got a %T", objRaw))
+	}
+	helmreleaseproxylog.Info("default", "name", obj.Name)
 
-	if p.Spec.ReleaseNamespace == "" {
-		p.Spec.ReleaseNamespace = "default"
+	if obj.Spec.ReleaseNamespace == "" {
+		obj.Spec.ReleaseNamespace = "default"
 	}
+
+	return nil
 }
 
 // TODO(user): change verbs to "verbs=create;update;delete" if you want to enable deletion validation.
 //+kubebuilder:webhook:path=/validate-addons-cluster-x-k8s-io-v1alpha1-helmreleaseproxy,mutating=false,failurePolicy=fail,sideEffects=None,groups=addons.cluster.x-k8s.io,resources=helmreleaseproxies,verbs=create;update,versions=v1alpha1,name=vhelmreleaseproxy.kb.io,admissionReviewVersions=v1
 
-var _ webhook.Validator = &HelmReleaseProxy{}
-
 // ValidateCreate implements webhook.Validator so a webhook will be registered for the type.
-func (p *HelmReleaseProxy) ValidateCreate() (admission.Warnings, error) {
-	helmreleaseproxylog.Info("validate create", "name", p.Name)
+func (*helmReleaseProxyWebhook) ValidateCreate(_ context.Context, objRaw runtime.Object) (admission.Warnings, error) {
+	newObj, ok := objRaw.(*HelmReleaseProxy)
+	if !ok {
+		return nil, apierrors.NewBadRequest(fmt.Sprintf("expected a HelmReleaseProxy but got a %T", objRaw))
+	}
+
+	helmreleaseproxylog.Info("validate create", "name", newObj.Name)
 
 	// TODO(user): fill in your validation logic upon object creation.
 	return nil, nil
 }
 
 // ValidateUpdate implements webhook.Validator so a webhook will be registered for the type.
-func (p *HelmReleaseProxy) ValidateUpdate(oldRaw runtime.Object) (admission.Warnings, error) {
-	helmreleaseproxylog.Info("validate update", "name", p.Name)
-
+func (*helmReleaseProxyWebhook) ValidateUpdate(_ context.Context, oldRaw, newRaw runtime.Object) (admission.Warnings, error) {
 	var allErrs field.ErrorList
-	old, ok := oldRaw.(*HelmReleaseProxy)
+	oldObj, ok := oldRaw.(*HelmReleaseProxy)
+	if !ok {
+		return nil, apierrors.NewBadRequest(fmt.Sprintf("expected a HelmReleaseProxy but got a %T", oldRaw))
+	}
+	newObj, ok := newRaw.(*HelmReleaseProxy)
 	if !ok {
-		return nil, apierrors.NewBadRequest(fmt.Sprintf("expected a HelmReleaseProxy but got a %T", old))
+		return nil, apierrors.NewBadRequest(fmt.Sprintf("expected a HelmReleaseProxy but got a %T", newRaw))
 	}
 
-	if !reflect.DeepEqual(p.Spec.RepoURL, old.Spec.RepoURL) {
+	helmreleaseproxylog.Info("validate update", "name", newObj.Name)
+
+	if !reflect.DeepEqual(newObj.Spec.RepoURL, oldObj.Spec.RepoURL) {
 		allErrs = append(allErrs,
 			field.Invalid(field.NewPath("spec", "RepoURL"),
-				p.Spec.RepoURL, "field is immutable"),
+				newObj.Spec.RepoURL, "field is immutable"),
 		)
 	}
 
-	if !reflect.DeepEqual(p.Spec.ChartName, old.Spec.ChartName) {
+	if !reflect.DeepEqual(newObj.Spec.ChartName, oldObj.Spec.ChartName) {
 		allErrs = append(allErrs,
 			field.Invalid(field.NewPath("spec", "ChartName"),
-				p.Spec.ChartName, "field is immutable"),
+				newObj.Spec.ChartName, "field is immutable"),
 		)
 	}
 
-	if !reflect.DeepEqual(p.Spec.ReleaseNamespace, old.Spec.ReleaseNamespace) {
+	if !reflect.DeepEqual(newObj.Spec.ReleaseNamespace, oldObj.Spec.ReleaseNamespace) {
 		allErrs = append(allErrs,
 			field.Invalid(field.NewPath("spec", "ReleaseNamespace"),
-				p.Spec.ReleaseNamespace, "field is immutable"),
+				newObj.Spec.ReleaseNamespace, "field is immutable"),
 		)
 	}
 
-	if p.Spec.ReconcileStrategy != old.Spec.ReconcileStrategy {
+	if newObj.Spec.ReconcileStrategy != oldObj.Spec.ReconcileStrategy {
 		allErrs = append(allErrs,
 			field.Invalid(field.NewPath("spec", "ReconcileStrategy"),
-				p.Spec.ReconcileStrategy, "field is immutable"),
+				newObj.Spec.ReconcileStrategy, "field is immutable"),
 		)
 	}
 
 	// TODO: add webhook for ReleaseName. Currently it's being set if the release name is generated.
 
 	if len(allErrs) > 0 {
-		return nil, apierrors.NewInvalid(GroupVersion.WithKind("HelmReleaseProxy").GroupKind(), p.Name, allErrs)
+		return nil, apierrors.NewInvalid(GroupVersion.WithKind("HelmReleaseProxy").GroupKind(), newObj.Name, allErrs)
 	}
 
 	return nil, nil
 }
 
 // ValidateDelete implements webhook.Validator so a webhook will be registered for the type.
-func (r *HelmReleaseProxy) ValidateDelete() (admission.Warnings, error) {
-	helmreleaseproxylog.Info("validate delete", "name", r.Name)
+func (*helmReleaseProxyWebhook) ValidateDelete(_ context.Context, objRaw runtime.Object) (admission.Warnings, error) {
+	obj, ok := objRaw.(*HelmReleaseProxy)
+	if !ok {
+		return nil, fmt.Errorf("expected a HelmReleaseProxy object but got %T", objRaw)
+	}
+	helmreleaseproxylog.Info("validate delete", "name", obj.Name)
 
 	// TODO(user): fill in your validation logic upon object deletion.
 	return nil, nil
 
@@ -1,3 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
 resources:
 - certificate.yaml
Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,5 @@`
	`1`	`+apiVersion: kustomize.config.k8s.io/v1beta1`
	`2`	`+kind: Kustomization`
`1`	`3`	`resources:`
`2`	`4`	`- certificate.yaml`
`3`	`5`