Merge pull request #504 from allianz-direct/feat/add-126-127-129-depr…

…ecations feat: Add 1.26 1.27 1.29 deprecations
doitintl · Aug 24, 2023 · e506263 · e506263
2 parents e74bb93 + 025e291
commit e506263
Show file tree

Hide file tree

Showing 12 changed files with 235 additions and 5 deletions.
diff --git a/fixtures/csistoragecapacity-v1beta1.yaml b/fixtures/csistoragecapacity-v1beta1.yaml
@@ -0,0 +1,5 @@
+kind: CSIStorageCapacity
+apiVersion: storage.k8s.io/v1beta1
+metadata:
+  name: my-csi-capacity
+storageClassName: gp2
diff --git a/fixtures/flowschema-v1beta1.yaml b/fixtures/flowschema-v1beta1.yaml
@@ -0,0 +1,30 @@
+apiVersion: flowcontrol.apiserver.k8s.io/v1beta1
+kind: FlowSchema
+metadata:
+  name: service-accounts-test
+spec:
+  distinguisherMethod:
+    type: ByUser
+  matchingPrecedence: 9000
+  priorityLevelConfiguration:
+    name: workload-medium
+  rules:
+  - nonResourceRules:
+    - nonResourceURLs:
+      - '*'
+      verbs:
+      - '*'
+    resourceRules:
+    - apiGroups:
+      - '*'
+      clusterScope: true
+      namespaces:
+      - '*'
+      resources:
+      - '*'
+      verbs:
+      - '*'
+    subjects:
+    - group:
+        name: system:serviceaccounts
+      kind: Group
diff --git a/fixtures/flowschema-v1beta2.yaml b/fixtures/flowschema-v1beta2.yaml
@@ -0,0 +1,30 @@
+apiVersion: flowcontrol.apiserver.k8s.io/v1beta2
+kind: FlowSchema
+metadata:
+  name: service-accounts-test
+spec:
+  distinguisherMethod:
+    type: ByUser
+  matchingPrecedence: 9000
+  priorityLevelConfiguration:
+    name: workload-medium
+  rules:
+  - nonResourceRules:
+    - nonResourceURLs:
+      - '*'
+      verbs:
+      - '*'
+    resourceRules:
+    - apiGroups:
+      - '*'
+      clusterScope: true
+      namespaces:
+      - '*'
+      resources:
+      - '*'
+      verbs:
+      - '*'
+    subjects:
+    - group:
+        name: system:serviceaccounts
+      kind: Group
diff --git a/fixtures/prioritylevelconfiguration-v1beta1.yaml b/fixtures/prioritylevelconfiguration-v1beta1.yaml
@@ -0,0 +1,14 @@
+apiVersion: flowcontrol.apiserver.k8s.io/v1beta1
+kind: PriorityLevelConfiguration
+metadata:
+  name: workload-medium
+spec:
+  limited:
+    assuredConcurrencyShares: 70
+    limitResponse:
+      queuing:
+        handSize: 6
+        queueLengthLimit: 50
+        queues: 128
+      type: Queue
+  type: Limited
diff --git a/fixtures/prioritylevelconfiguration-v1beta2.yaml b/fixtures/prioritylevelconfiguration-v1beta2.yaml
@@ -0,0 +1,14 @@
+apiVersion: flowcontrol.apiserver.k8s.io/v1beta2
+kind: PriorityLevelConfiguration
+metadata:
+  name: workload-medium
+spec:
+  limited:
+    assuredConcurrencyShares: 70
+    limitResponse:
+      queuing:
+        handSize: 6
+        queueLengthLimit: 50
+        queues: 128
+      type: Queue
+  type: Limited
diff --git a/pkg/collector/cluster.go b/pkg/collector/cluster.go
@@ -83,6 +83,7 @@ func (c *ClusterCollector) Get() ([]map[string]interface{}, error) {
 		schema.GroupVersionResource{Group: "storage.k8s.io", Version: "v1", Resource: "csinodes"},
 		schema.GroupVersionResource{Group: "storage.k8s.io", Version: "v1", Resource: "storageclasses"},
 		schema.GroupVersionResource{Group: "storage.k8s.io", Version: "v1", Resource: "volumeattachments"},
+		schema.GroupVersionResource{Group: "storage.k8s.io", Version: "v1", Resource: "csistoragecapacities"},
 		schema.GroupVersionResource{Group: "scheduling.k8s.io", Version: "v1", Resource: "priorityclasses"},
 		schema.GroupVersionResource{Group: "rbac.authorization.k8s.io", Version: "v1", Resource: "clusterroles"},
 		schema.GroupVersionResource{Group: "rbac.authorization.k8s.io", Version: "v1", Resource: "clusterrolebindings"},
@@ -107,6 +108,10 @@ func (c *ClusterCollector) Get() ([]map[string]interface{}, error) {
 		schema.GroupVersionResource{Group: "snapshot.storage.k8s.io", Version: "v1", Resource: "volumesnapshots"},
 		schema.GroupVersionResource{Group: "snapshot.storage.k8s.io", Version: "v1", Resource: "volumesnapshotclasses"},
 		schema.GroupVersionResource{Group: "snapshot.storage.k8s.io", Version: "v1", Resource: "volumesnapshotcontents"},
+		schema.GroupVersionResource{Group: "flowcontrol.apiserver.k8s.io", Version: "v1beta2", Resource: "flowschemas"},
+		schema.GroupVersionResource{Group: "flowcontrol.apiserver.k8s.io", Version: "v1beta2", Resource: "prioritylevelconfigurations"},
+		schema.GroupVersionResource{Group: "flowcontrol.apiserver.k8s.io", Version: "v1beta3", Resource: "flowschemas"},
+		schema.GroupVersionResource{Group: "flowcontrol.apiserver.k8s.io", Version: "v1beta3", Resource: "prioritylevelconfigurations"},
 	}
 	gvrs = append(gvrs, c.additionalResources...)
 

diff --git a/pkg/rules/rego/deprecated-1-26.rego b/pkg/rules/rego/deprecated-1-26.rego
@@ -20,11 +20,23 @@ deprecated_resource(r) = api {
 }
 
 deprecated_api(kind, api_version) = api {
-	deprecated_apis = {"HorizontalPodAutoscaler": {
-		"old": ["autoscaling/v2beta2"],
-		"new": "autoscaling/v2",
-		"since": "1.23",
-	}}
+	deprecated_apis = {
+		"HorizontalPodAutoscaler": {
+			"old": ["autoscaling/v2beta2"],
+			"new": "autoscaling/v2",
+			"since": "1.23",
+		},
+		"FlowSchema": {
+			"old": ["flowcontrol.apiserver.k8s.io/v1beta1"],
+			"new": "flowcontrol.apiserver.k8s.io/v1beta3",
+			"since": "1.26",
+		},
+		"PriorityLevelConfiguration": {
+			"old": ["flowcontrol.apiserver.k8s.io/v1beta1"],
+			"new": "flowcontrol.apiserver.k8s.io/v1beta3",
+			"since": "1.26",
+		},
+	}
 
 	deprecated_apis[kind].old[_] == api_version
 

diff --git a/pkg/rules/rego/deprecated-1-27.rego b/pkg/rules/rego/deprecated-1-27.rego
@@ -0,0 +1,42 @@
+package deprecated127
+
+main[return] {
+	resource := input[_]
+	api := deprecated_resource(resource)
+	return := {
+		"Name": get_default(resource.metadata, "name", "<undefined>"),
+		# Namespace does not have to be defined in case of local manifests
+		"Namespace": get_default(resource.metadata, "namespace", "<undefined>"),
+		"Kind": resource.kind,
+		"ApiVersion": api.old,
+		"ReplaceWith": api.new,
+		"RuleSet": "Deprecated APIs removed in 1.27",
+		"Since": api.since,
+	}
+}
+
+deprecated_resource(r) = api {
+	api := deprecated_api(r.kind, r.apiVersion)
+}
+
+deprecated_api(kind, api_version) = api {
+	deprecated_apis = {"CSIStorageCapacity": {
+		"old": ["storage.k8s.io/v1beta1"],
+		"new": "storage.k8s.io/v1",
+		"since": "1.24",
+	}}
+
+	deprecated_apis[kind].old[_] == api_version
+
+	api := {
+		"old": api_version,
+		"new": deprecated_apis[kind].new,
+		"since": deprecated_apis[kind].since,
+	}
+}
+
+get_default(val, key, _) = val[key]
+
+get_default(val, key, fallback) = fallback {
+	not val[key]
+}
diff --git a/pkg/rules/rego/deprecated-1-29.rego b/pkg/rules/rego/deprecated-1-29.rego
@@ -0,0 +1,49 @@
+package deprecated129
+
+main[return] {
+	resource := input[_]
+	api := deprecated_resource(resource)
+	return := {
+		"Name": get_default(resource.metadata, "name", "<undefined>"),
+		# Namespace does not have to be defined in case of local manifests
+		"Namespace": get_default(resource.metadata, "namespace", "<undefined>"),
+		"Kind": resource.kind,
+		"ApiVersion": api.old,
+		"ReplaceWith": api.new,
+		"RuleSet": "Deprecated APIs removed in 1.29",
+		"Since": api.since,
+	}
+}
+
+deprecated_resource(r) = api {
+	api := deprecated_api(r.kind, r.apiVersion)
+}
+
+deprecated_api(kind, api_version) = api {
+	deprecated_apis = {
+		"FlowSchema": {
+			"old": ["flowcontrol.apiserver.k8s.io/v1beta2"],
+			"new": "flowcontrol.apiserver.k8s.io/v1beta3",
+			"since": "1.26",
+		},
+		"PriorityLevelConfiguration": {
+			"old": ["flowcontrol.apiserver.k8s.io/v1beta2"],
+			"new": "flowcontrol.apiserver.k8s.io/v1beta3",
+			"since": "1.26",
+		},
+	}
+
+	deprecated_apis[kind].old[_] == api_version
+
+	api := {
+		"old": api_version,
+		"new": deprecated_apis[kind].new,
+		"since": deprecated_apis[kind].since,
+	}
+}
+
+get_default(val, key, _) = val[key]
+
+get_default(val, key, fallback) = fallback {
+	not val[key]
+}
diff --git a/test/rules_126_test.go b/test/rules_126_test.go
@@ -7,6 +7,8 @@ import (
 func TestRego126(t *testing.T) {
 	testCases := []resourceFixtureTestCase{
 		{"AutoScaler", []string{"../fixtures/autoscaler-v2beta2.yaml"}, []string{"HorizontalPodAutoscaler"}},
+		{"FlowSchema", []string{"../fixtures/flowschema-v1beta1.yaml"}, []string{"FlowSchema"}},
+		{"PriorityLevelConfiguration", []string{"../fixtures/prioritylevelconfiguration-v1beta1.yaml"}, []string{"PriorityLevelConfiguration"}},
 	}
 
 	testResourcesUsingFixtures(t, testCases)

diff --git a/test/rules_127_test.go b/test/rules_127_test.go
@@ -0,0 +1,13 @@
+package test
+
+import (
+	"testing"
+)
+
+func TestRego127(t *testing.T) {
+	testCases := []resourceFixtureTestCase{
+		{"CSIStorageCapacity", []string{"../fixtures/csistoragecapacity-v1beta1.yaml"}, []string{"CSIStorageCapacity"}},
+	}
+
+	testResourcesUsingFixtures(t, testCases)
+}
diff --git a/test/rules_129_test.go b/test/rules_129_test.go
@@ -0,0 +1,14 @@
+package test
+
+import (
+	"testing"
+)
+
+func TestRego129(t *testing.T) {
+	testCases := []resourceFixtureTestCase{
+		{"FlowSchema", []string{"../fixtures/flowschema-v1beta2.yaml"}, []string{"FlowSchema"}},
+		{"PriorityLevelConfiguration", []string{"../fixtures/prioritylevelconfiguration-v1beta2.yaml"}, []string{"PriorityLevelConfiguration"}},
+	}
+
+	testResourcesUsingFixtures(t, testCases)
+}