chore(*): Updates to latest k8s openapi and kube (#49)

* chore(*): Updates to latest k8s openapi and kube

This partially reverts commit 357f4ad.
The k8s openapi crate reverted their change to remove `Option` wrapped
collections and so this will be another breaking change and new version
bump for krator

Signed-off-by: Taylor Thomas <[email protected]>

* fix(*): Updates golden files to match expected output

Signed-off-by: Taylor Thomas <[email protected]>

README.md

@@ -40,4 +40,4 @@ questions or comments.
 ## Vulnerability Reporting
 
 For sensitive issues, please email one of the project maintainers. For
-other issues, please open an issue in this GitHub repository. 
+other issues, please open an issue in this GitHub repository.

docs/community/developers.md

@@ -23,23 +23,23 @@ We use `cargo` to build our programs:
 $ cargo build
 ```
 
-Krator is a library crate, meaning that you cannot run Krator directly, but must
-import it into other "binary" crates which can then be run. To see an example of
-using Krator in this way, check out the [moose
-example](/krator/examples/moose.rs).
+Krator is a library crate, meaning that you cannot run Krator
+directly, but must import it into other "binary" crates which can
+then be run. To see an example of using Krator in this way,
+check out the [moose example](/krator/examples/moose.rs).
 
-Krator does not configure `k8s-openapi` to use a specific version of Kubernetes.
-You will need to select a version and enable its feature when building your
-application:
+Krator does not configure `k8s-openapi` to use a specific version of
+Kubernetes. You will need to select a version and enable its feature
+when building your application:
 
 ```toml
 [dependencies.k8s-openapi]
-version = "0.12"
+version = "0.13"
 default-features = false
-features = ["v1_21"]
+features = ["v1_22"]
 ```
 
-Krator is tested against Kubernetes v1.21.
+Krator is tested against Kubernetes v1.22.
 
 ### Building without openssl
 

krator-derive/Cargo.toml

@@ -30,13 +30,13 @@ features = ["docs", "admission-webhook"]
 rustdoc-args = ["--cfg", "feature=\"docs\""]
 
 [dev-dependencies]
-kube-runtime = { version = "0.58", default-features = false }
-kube-derive = "0.58"
+kube-runtime = { version = "0.60", default-features = false }
+kube-derive = "0.60"
 serde = { version = "1.0", features = ["derive"] }
 serde_json = "1.0"
 serde_yaml = "0.8"
 schemars = "0.8.0"
 anyhow = { version = "1.0.40" }
-k8s-openapi = { version = "0.12", default-features = false, features = ["v1_21"] }
-kube = { version = "0.58", default-features = false, features = ["derive"] }
+k8s-openapi = { version = "0.13", default-features = false, features = ["v1_22"] }
+kube = { version = "0.60", default-features = false, features = ["derive"] }
 rcgen = { version = "0.8.9", features = ["x509-parser", "pem"] }

krator-derive/src/admission.rs

@@ -209,7 +209,7 @@ impl CustomDerive for CustomResourceInfos {
                             namespace: Some(namespace.to_string()),
                             ..Default::default()
                         },
-                        string_data: data,
+                        string_data: Some(data),
                         type_: Some("tls".to_string()),
                         ..Default::default()
                     }
@@ -253,13 +253,13 @@ impl CustomDerive for CustomResourceInfos {
                             ..Default::default()
                         },
                         spec: Some(k8s_openapi::api::core::v1::ServiceSpec {
-                            selector: selector,
-                            ports: vec![k8s_openapi::api::core::v1::ServicePort{
+                            selector: Some(selector),
+                            ports: Some(vec![k8s_openapi::api::core::v1::ServicePort{
                                 protocol: Some("TCP".to_string()),
                                 port: 443,
                                 target_port: Some(k8s_openapi::apimachinery::pkg::util::intstr::IntOrString::Int(8443)),
                                 ..Default::default()
-                            }],
+                            }]),
                             type_: Some("ClusterIP".to_string()),
                             ..Default::default()
                         }),
@@ -300,14 +300,20 @@ impl CustomDerive for CustomResourceInfos {
 
                    const TLS_CRT: &'static str = "tls.crt";
 
-                   let ca_bundle = secret.data
-                        .get(TLS_CRT)
-                        .map(|d| d.to_owned())
-                        .or_else(|| secret.string_data
-                            .get(TLS_CRT)
-                            .map(std::string::String::as_bytes)
-                            .map(std::vec::Vec::from)
-                            .map(k8s_openapi::ByteString));
+                   let ca_bundle = secret
+                       .string_data
+                       .as_ref()
+                       .and_then(|ref string_data| {
+                           string_data
+                               .get(TLS_CRT)
+                               .map(std::string::String::as_bytes)
+                               .map(std::vec::Vec::from)
+                               .map(k8s_openapi::ByteString)
+                       })
+                       .or(secret
+                           .data
+                           .as_ref()
+                           .and_then(|ref data| data.get(TLS_CRT).map(k8s_openapi::ByteString::to_owned)));
 
 
                    if ca_bundle.is_none() { return Err(format!("secret with {} is does not contain data 'tls.crt'", secret.metadata.name.unwrap()).into())}
@@ -317,18 +323,18 @@ impl CustomDerive for CustomResourceInfos {
                            name: Some(webhook_name.clone()),
                            ..Default::default()
                        },
-                       webhooks: vec![
+                       webhooks: Some(vec![
                         k8s_openapi::api::admissionregistration::v1::MutatingWebhook{
                            admission_review_versions: versions.clone(),
-                           name: webhook_name,
+                           name: format!("{}", webhook_name.clone()),
                            side_effects: "None".to_string(),
-                           rules: vec![k8s_openapi::api::admissionregistration::v1::RuleWithOperations{
-                               api_groups: vec![crd.spec.group],
-                               api_versions: versions,
-                               operations: vec!["*".to_string()],
-                               resources: vec![crd.spec.names.plural],
-                               scope: Some(crd.spec.scope),
-                            }],
+                           rules: Some(vec![k8s_openapi::api::admissionregistration::v1::RuleWithOperations{
+                               api_groups: Some(vec![crd.spec.group]),
+                               api_versions: Some(versions),
+                               operations: Some(vec!["*".to_string()]),
+                               resources: Some(vec![crd.spec.names.plural]),
+                               scope: Some(crd.spec.scope)
+                            }]),
                            client_config: k8s_openapi::api::admissionregistration::v1::WebhookClientConfig{
                                ca_bundle: ca_bundle,
                                service: Some(k8s_openapi::api::admissionregistration::v1::ServiceReference{
@@ -341,7 +347,7 @@ impl CustomDerive for CustomResourceInfos {
                            },
                            ..Default::default()
                         }
-                      ]
+                      ])
                    })
                 }
             };

krator-derive/tests/admission.rs

@@ -26,7 +26,7 @@ pub struct CrSpec {
 #[test]
 fn it_has_a_function_for_creating_admission_webhook_tls_secret() {
     let secret: k8s_openapi::api::core::v1::Secret = MyCr::admission_webhook_secret("default");
-    let data = secret.string_data;
+    let data = secret.string_data.unwrap();
     assert_eq!(
         secret.metadata.name.unwrap(),
         "mycrs-example-com-admission-webhook-tls".to_string()
@@ -51,7 +51,7 @@ fn it_has_a_function_for_creating_admission_webhook_service() {
     );
 
     let spec = service.spec.unwrap();
-    let selector = &spec.selector;
+    let selector = &spec.selector.unwrap();
     assert_eq!(selector.get("app").unwrap(), "mycrs-example-com-operator");
 }
 
@@ -62,21 +62,24 @@ fn it_has_a_function_for_creating_admission_webhook_configuration() {
     let admission_webhook_configuration: MutatingWebhookConfiguration =
         MyCr::admission_webhook_configuration(service, secret).unwrap();
 
-    let webhook = &admission_webhook_configuration.webhooks[0];
+    let webhook = &admission_webhook_configuration.webhooks.unwrap()[0];
     let client_config = &webhook.client_config.clone();
     let service = client_config.service.clone().unwrap();
 
-    let rule = &webhook.rules[0];
+    let rule = &webhook.rules.clone().unwrap()[0];
     assert_eq!(
         admission_webhook_configuration.metadata.name.unwrap(),
         "mycrs.example.com".to_string()
     );
     assert_eq!(webhook.admission_review_versions, vec!["v1"]);
     assert_eq!(webhook.side_effects, "None");
-    assert_eq!(rule.api_groups, vec!["example.com".to_string()]);
-    assert_eq!(rule.api_versions, vec!["v1".to_string()]);
-    assert_eq!(rule.operations, vec!["*".to_string()]);
-    assert_eq!(rule.resources, vec!["mycrs".to_string()]);
+    assert_eq!(
+        rule.api_groups.clone().unwrap(),
+        vec!["example.com".to_string()]
+    );
+    assert_eq!(rule.api_versions.clone().unwrap(), vec!["v1".to_string()]);
+    assert_eq!(rule.operations.clone().unwrap(), vec!["*".to_string()]);
+    assert_eq!(rule.resources.clone().unwrap(), vec!["mycrs".to_string()]);
     assert_eq!(rule.scope.clone().unwrap(), "Cluster".to_string());
 
     assert_eq!(client_config.url, None);

krator/Cargo.toml

@@ -35,8 +35,8 @@ async-trait = "0.1"
 anyhow = "1.0"
 tokio = { version = "1.0", features = ["fs", "macros", "signal"] }
 tokio-stream = { version = "0.1", features = ['sync'] }
-kube = { version = "0.58", default-features = false }
-kube-runtime = { version = "0.58", default-features = false }
+kube = { version = "0.60", default-features = false }
+kube-runtime = { version = "0.60", default-features = false }
 serde = { version = "1.0", features = ["derive"] }
 serde_json = "1.0"
 serde_yaml = { version = "0.8", optional = true }
@@ -49,16 +49,16 @@ tracing-futures = "0.2"
 rcgen = { version = "0.8.9", features = ["x509-parser", "pem"], optional = true }
 
 [dependencies.k8s-openapi]
-version = "0.12"
+version = "0.13"
 default-features = false
 
 [dev-dependencies.k8s-openapi]
-version = "0.12"
+version = "0.13"
 default-features = false
-features = ["v1_21"]
+features = ["v1_22"]
 
 [dev-dependencies]
-kube-derive = "0.58"
+kube-derive = "0.60"
 schemars = "0.8"
 serde_yaml = "0.8"
 chrono = "0.4"

krator/src/admission.rs

@@ -1,7 +1,7 @@
 //! Basic implementation of Kubernetes Admission API
 use crate::ObjectState;
 use crate::Operator;
-use anyhow::{ensure, Context};
+use anyhow::{bail, ensure, Context};
 use k8s_openapi::{
     api::{
         admissionregistration::v1::MutatingWebhookConfiguration,
@@ -110,14 +110,14 @@ impl WebhookResources {
     {
         let metadata = owner.metadata();
 
-        let owner_references = vec![OwnerReference {
+        let owner_references = Some(vec![OwnerReference {
             api_version: k8s_openapi::api_version(owner).to_string(),
             controller: Some(true),
             kind: k8s_openapi::kind(owner).to_string(),
             name: metadata.name.clone().unwrap(),
             uid: metadata.uid.clone().unwrap(),
             ..Default::default()
-        }];
+        }]);
 
         let mut secret = self.secret().to_owned();
         secret.metadata.owner_references = owner_references.clone();
@@ -252,7 +252,7 @@ impl Display for WebhookResources {
 # the webhook configuration
 {}
 "#,
-            service.spec.clone().unwrap().selector,
+            service.spec.clone().unwrap().selector.unwrap(),
             service.metadata.namespace.as_ref().unwrap(),
             serde_yaml::to_string(self.service()).unwrap(),
             serde_yaml::to_string(self.secret()).unwrap(),
@@ -271,7 +271,8 @@ pub struct AdmissionTls {
 }
 
 impl AdmissionTls {
-    /// Convenience function to extract secret data from a Kubernetes secret of type `tls`.
+    /// Convenience function to extract secret data from a Kubernetes secret of type `tls`. It supports
+    /// Secrets that have secrets set via `data` or `string_data`
     pub fn from(s: &Secret) -> anyhow::Result<Self> {
         ensure!(
             s.type_.as_ref().unwrap() == "tls",
@@ -291,16 +292,31 @@ impl AdmissionTls {
         const TLS_CRT: &str = "tls.crt";
         const TLS_KEY: &str = "tls.key";
 
-        // We only can get data from the `data` field. `string_data` is a write-only input field for
-        // convenience according to the API docs
+        if let Some(data) = &s.data {
+            let cert_byte_string = data.get(TLS_CRT).context(error_msg(TLS_CRT))?;
+            let key_byte_string = data.get(TLS_KEY).context(error_msg(TLS_KEY))?;
 
-        let cert_byte_string = s.data.get(TLS_CRT).context(error_msg(TLS_CRT))?;
-        let key_byte_string = s.data.get(TLS_KEY).context(error_msg(TLS_KEY))?;
+            return Ok(AdmissionTls {
+                cert: std::str::from_utf8(&cert_byte_string.0)?.to_string(),
+                private_key: std::str::from_utf8(&key_byte_string.0)?.to_string(),
+            });
+        }
 
-        return Ok(AdmissionTls {
-            cert: std::str::from_utf8(&cert_byte_string.0)?.to_string(),
-            private_key: std::str::from_utf8(&key_byte_string.0)?.to_string(),
-        });
+        if let Some(string_data) = &s.string_data {
+            let cert = string_data.get(TLS_CRT).context(error_msg(TLS_CRT))?;
+            let key = string_data.get(TLS_KEY).context(error_msg(TLS_KEY))?;
+
+            return Ok(AdmissionTls {
+                cert: cert.to_string(),
+                private_key: key.to_string(),
+            });
+        }
+
+        bail!(
+            "secret {}/{} does not contain any data",
+            metadata.name.as_ref().unwrap_or(&"".to_string()),
+            metadata.namespace.as_ref().unwrap_or(&"".to_string())
+        )
     }
 }
 

krator/tests/ui/state/next_must_be_state.stderr

@@ -1,8 +1,10 @@
 error[E0277]: the trait bound `NotState: krator::State<PodState>` is not satisfied
-  --> $DIR/next_must_be_state.rs:39:9
+  --> $DIR/next_must_be_state.rs:39:32
    |
 LL |         Transition::next(self, NotState)
-   |         ^^^^^^^^^^^^^^^^ the trait `krator::State<PodState>` is not implemented for `NotState`
+   |         ----------------       ^^^^^^^^ the trait `krator::State<PodState>` is not implemented for `NotState`
+   |         |
+   |         required by a bound introduced by this call
    |
 note: required by `Transition::<S>::next`
   --> $SRC_DIR/src/state.rs:43:5

krator/tests/ui/state/require_same_object_state.stderr

@@ -1,8 +1,10 @@
 error[E0277]: the trait bound `OtherState: krator::State<PodState>` is not satisfied
-  --> $DIR/require_same_object_state.rs:50:9
+  --> $DIR/require_same_object_state.rs:50:32
    |
 LL |         Transition::next(self, OtherState)
-   |         ^^^^^^^^^^^^^^^^ the trait `krator::State<PodState>` is not implemented for `OtherState`
+   |         ----------------       ^^^^^^^^^^ the trait `krator::State<PodState>` is not implemented for `OtherState`
+   |         |
+   |         required by a bound introduced by this call
    |
    = help: the following implementations were found:
              <OtherState as krator::State<OtherPodState>>

krator/tests/ui/state/require_transition_to.stderr

@@ -1,8 +1,10 @@
 error[E0277]: the trait bound `TestState: TransitionTo<_>` is not satisfied
-  --> $DIR/require_transition_to.rs:38:9
+  --> $DIR/require_transition_to.rs:38:32
    |
 LL |         Transition::next(self, TestState)
-   |         ^^^^^^^^^^^^^^^^ the trait `TransitionTo<_>` is not implemented for `TestState`
+   |         ----------------       ^^^^^^^^^ the trait `TransitionTo<_>` is not implemented for `TestState`
+   |         |
+   |         required by a bound introduced by this call
    |
 note: required by `Transition::<S>::next`
   --> $SRC_DIR/src/state.rs:43:5