From 3de82ad98016eec5938f05920888d7079408d7e6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Charles-Edouard=20Br=C3=A9t=C3=A9ch=C3=A9?= Date: Tue, 10 Oct 2023 12:00:42 +0200 Subject: [PATCH] fix: remove image data in context for now MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Charles-Edouard Brétéché --- config/crds/json.kyverno.io_policies.yaml | 44 --------- docs/user/apis/md/kyverno-json.v1alpha1.md | 95 ------------------- pkg/apis/v1alpha1/context_entry.go | 3 - pkg/apis/v1alpha1/image_registry.go | 11 --- .../v1alpha1/image_registry_credentials.go | 14 --- .../image_registry_credentials_provider.go | 13 --- pkg/apis/v1alpha1/zz_generated.deepcopy.go | 52 ---------- pkg/data/crds/json.kyverno.io_policies.yaml | 44 --------- website/docs/apis/kyverno-json.v1alpha1.md | 95 ------------------- 9 files changed, 371 deletions(-) delete mode 100644 pkg/apis/v1alpha1/image_registry.go delete mode 100644 pkg/apis/v1alpha1/image_registry_credentials.go delete mode 100644 pkg/apis/v1alpha1/image_registry_credentials_provider.go diff --git a/config/crds/json.kyverno.io_policies.yaml b/config/crds/json.kyverno.io_policies.yaml index 184801c3..2f333812 100644 --- a/config/crds/json.kyverno.io_policies.yaml +++ b/config/crds/json.kyverno.io_policies.yaml @@ -44,50 +44,6 @@ spec: description: ContextEntry adds variables and data sources to a rule Context. properties: - imageRegistry: - description: ImageRegistry defines requests to an OCI/Docker - V2 registry to fetch image details. - properties: - imageRegistryCredentials: - description: ImageRegistryCredentials provides credentials - that will be used for authentication with registry. - properties: - allowInsecureRegistry: - description: AllowInsecureRegistry allows insecure - access to a registry. - type: boolean - providers: - description: 'Providers specifies a list of OCI - Registry names, whose authentication providers - are provided. It can be of one of these values: - AWS, ACR, GCP, GHCR.' - items: - description: ImageRegistryCredentialsProvider - provides the list of credential providers - required. - enum: - - default - - amazon - - azure - - google - - github - type: string - type: array - secrets: - description: Secrets specifies a list of secrets - that are provided for credentials. Secrets must - live in the Kyverno namespace. - items: - type: string - type: array - type: object - reference: - description: 'Reference is image reference to a container - image in the registry. Example: ghcr.io/kyverno/kyverno:latest' - type: string - required: - - reference - type: object name: description: Name is the variable name. type: string diff --git a/docs/user/apis/md/kyverno-json.v1alpha1.md b/docs/user/apis/md/kyverno-json.v1alpha1.md index 5f0939cc..774cbf92 100644 --- a/docs/user/apis/md/kyverno-json.v1alpha1.md +++ b/docs/user/apis/md/kyverno-json.v1alpha1.md @@ -112,104 +112,9 @@ auto_generated: true

Variable defines an arbitrary JMESPath context variable that can be defined inline.

-imageRegistry [Required]
-ImageRegistry - - -

ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image details.

- - - - - -## `ImageRegistry` {#json-kyverno-io-v1alpha1-ImageRegistry} - - -**Appears in:** - -- [ContextEntry](#json-kyverno-io-v1alpha1-ContextEntry) - - -

ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image details.

- - - - - - - - - - - - -
FieldDescription
reference [Required]
-string -		 -

Reference is image reference to a container image in the registry. -Example: ghcr.io/kyverno/kyverno:latest

-
imageRegistryCredentials [Required]
-ImageRegistryCredentials -		 -

ImageRegistryCredentials provides credentials that will be used for authentication with registry.

-
-## `ImageRegistryCredentials` {#json-kyverno-io-v1alpha1-ImageRegistryCredentials} - - -**Appears in:** - -- [ImageRegistry](#json-kyverno-io-v1alpha1-ImageRegistry) - - - - - - - - - - - - - - - - - - -
FieldDescription
allowInsecureRegistry [Required]
-bool -		 -

AllowInsecureRegistry allows insecure access to a registry.

-
providers [Required]
-[]ImageRegistryCredentialsProvider -		 -

Providers specifies a list of OCI Registry names, whose authentication providers are provided. -It can be of one of these values: AWS, ACR, GCP, GHCR.

-
secrets [Required]
-[]string -		 -

Secrets specifies a list of secrets that are provided for credentials. -Secrets must live in the Kyverno namespace.

-
- -## `ImageRegistryCredentialsProvider` {#json-kyverno-io-v1alpha1-ImageRegistryCredentialsProvider} - -(Alias of `string`) - -**Appears in:** - -- [ImageRegistryCredentials](#json-kyverno-io-v1alpha1-ImageRegistryCredentials) - - -

ImageRegistryCredentialsProvider provides the list of credential providers required.

- - - - ## `Match` {#json-kyverno-io-v1alpha1-Match} diff --git a/pkg/apis/v1alpha1/context_entry.go b/pkg/apis/v1alpha1/context_entry.go index e13d89d5..ff4e69d0 100644 --- a/pkg/apis/v1alpha1/context_entry.go +++ b/pkg/apis/v1alpha1/context_entry.go @@ -9,7 +9,4 @@ type ContextEntry struct { // +kubebuilder:pruning:PreserveUnknownFields // +kubebuilder:validation:Schemaless Variable Any `json:"variable,omitempty"` - - // ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image details. - ImageRegistry *ImageRegistry `json:"imageRegistry,omitempty"` } diff --git a/pkg/apis/v1alpha1/image_registry.go b/pkg/apis/v1alpha1/image_registry.go deleted file mode 100644 index 76b55c64..00000000 --- a/pkg/apis/v1alpha1/image_registry.go +++ /dev/null @@ -1,11 +0,0 @@ -package v1alpha1 - -// ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image details. -type ImageRegistry struct { - // Reference is image reference to a container image in the registry. - // Example: ghcr.io/kyverno/kyverno:latest - Reference string `json:"reference"` - - // ImageRegistryCredentials provides credentials that will be used for authentication with registry. - ImageRegistryCredentials *ImageRegistryCredentials `json:"imageRegistryCredentials,omitempty"` -} diff --git a/pkg/apis/v1alpha1/image_registry_credentials.go b/pkg/apis/v1alpha1/image_registry_credentials.go deleted file mode 100644 index 91cbe8ad..00000000 --- a/pkg/apis/v1alpha1/image_registry_credentials.go +++ /dev/null @@ -1,14 +0,0 @@ -package v1alpha1 - -type ImageRegistryCredentials struct { - // AllowInsecureRegistry allows insecure access to a registry. - AllowInsecureRegistry bool `json:"allowInsecureRegistry,omitempty"` - - // Providers specifies a list of OCI Registry names, whose authentication providers are provided. - // It can be of one of these values: AWS, ACR, GCP, GHCR. - Providers []ImageRegistryCredentialsProvider `json:"providers,omitempty"` - - // Secrets specifies a list of secrets that are provided for credentials. - // Secrets must live in the Kyverno namespace. - Secrets []string `json:"secrets,omitempty"` -} diff --git a/pkg/apis/v1alpha1/image_registry_credentials_provider.go b/pkg/apis/v1alpha1/image_registry_credentials_provider.go deleted file mode 100644 index 0fe890c1..00000000 --- a/pkg/apis/v1alpha1/image_registry_credentials_provider.go +++ /dev/null @@ -1,13 +0,0 @@ -package v1alpha1 - -// ImageRegistryCredentialsProvider provides the list of credential providers required. -// +kubebuilder:validation:Enum=default;amazon;azure;google;github -type ImageRegistryCredentialsProvider string - -const ( - DEFAULT ImageRegistryCredentialsProvider = "default" - AWS ImageRegistryCredentialsProvider = "amazon" - ACR ImageRegistryCredentialsProvider = "azure" - GCP ImageRegistryCredentialsProvider = "google" - GHCR ImageRegistryCredentialsProvider = "github" -) diff --git a/pkg/apis/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/v1alpha1/zz_generated.deepcopy.go index 1efc09f7..d6b4ddc2 100644 --- a/pkg/apis/v1alpha1/zz_generated.deepcopy.go +++ b/pkg/apis/v1alpha1/zz_generated.deepcopy.go @@ -51,11 +51,6 @@ func (in Assertions) DeepCopy() Assertions { func (in *ContextEntry) DeepCopyInto(out *ContextEntry) { *out = *in in.Variable.DeepCopyInto(&out.Variable) - if in.ImageRegistry != nil { - in, out := &in.ImageRegistry, &out.ImageRegistry - *out = new(ImageRegistry) - (*in).DeepCopyInto(*out) - } return } @@ -69,53 +64,6 @@ func (in *ContextEntry) DeepCopy() *ContextEntry { return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ImageRegistry) DeepCopyInto(out *ImageRegistry) { - *out = *in - if in.ImageRegistryCredentials != nil { - in, out := &in.ImageRegistryCredentials, &out.ImageRegistryCredentials - *out = new(ImageRegistryCredentials) - (*in).DeepCopyInto(*out) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImageRegistry. -func (in *ImageRegistry) DeepCopy() *ImageRegistry { - if in == nil { - return nil - } - out := new(ImageRegistry) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ImageRegistryCredentials) DeepCopyInto(out *ImageRegistryCredentials) { - *out = *in - if in.Providers != nil { - in, out := &in.Providers, &out.Providers - *out = make([]ImageRegistryCredentialsProvider, len(*in)) - copy(*out, *in) - } - if in.Secrets != nil { - in, out := &in.Secrets, &out.Secrets - *out = make([]string, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImageRegistryCredentials. -func (in *ImageRegistryCredentials) DeepCopy() *ImageRegistryCredentials { - if in == nil { - return nil - } - out := new(ImageRegistryCredentials) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Match) DeepCopyInto(out *Match) { *out = *in diff --git a/pkg/data/crds/json.kyverno.io_policies.yaml b/pkg/data/crds/json.kyverno.io_policies.yaml index 184801c3..2f333812 100644 --- a/pkg/data/crds/json.kyverno.io_policies.yaml +++ b/pkg/data/crds/json.kyverno.io_policies.yaml @@ -44,50 +44,6 @@ spec: description: ContextEntry adds variables and data sources to a rule Context. properties: - imageRegistry: - description: ImageRegistry defines requests to an OCI/Docker - V2 registry to fetch image details. - properties: - imageRegistryCredentials: - description: ImageRegistryCredentials provides credentials - that will be used for authentication with registry. - properties: - allowInsecureRegistry: - description: AllowInsecureRegistry allows insecure - access to a registry. - type: boolean - providers: - description: 'Providers specifies a list of OCI - Registry names, whose authentication providers - are provided. It can be of one of these values: - AWS, ACR, GCP, GHCR.' - items: - description: ImageRegistryCredentialsProvider - provides the list of credential providers - required. - enum: - - default - - amazon - - azure - - google - - github - type: string - type: array - secrets: - description: Secrets specifies a list of secrets - that are provided for credentials. Secrets must - live in the Kyverno namespace. - items: - type: string - type: array - type: object - reference: - description: 'Reference is image reference to a container - image in the registry. Example: ghcr.io/kyverno/kyverno:latest' - type: string - required: - - reference - type: object name: description: Name is the variable name. type: string diff --git a/website/docs/apis/kyverno-json.v1alpha1.md b/website/docs/apis/kyverno-json.v1alpha1.md index 5f0939cc..774cbf92 100644 --- a/website/docs/apis/kyverno-json.v1alpha1.md +++ b/website/docs/apis/kyverno-json.v1alpha1.md @@ -112,104 +112,9 @@ auto_generated: true

Variable defines an arbitrary JMESPath context variable that can be defined inline.

-imageRegistry [Required]
-ImageRegistry - - -

ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image details.

- - - - - -## `ImageRegistry` {#json-kyverno-io-v1alpha1-ImageRegistry} - - -**Appears in:** - -- [ContextEntry](#json-kyverno-io-v1alpha1-ContextEntry) - - -

ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image details.

- - - - - - - - - - - - -
FieldDescription
reference [Required]
-string -		 -

Reference is image reference to a container image in the registry. -Example: ghcr.io/kyverno/kyverno:latest

-
imageRegistryCredentials [Required]
-ImageRegistryCredentials -		 -

ImageRegistryCredentials provides credentials that will be used for authentication with registry.

-
-## `ImageRegistryCredentials` {#json-kyverno-io-v1alpha1-ImageRegistryCredentials} - - -**Appears in:** - -- [ImageRegistry](#json-kyverno-io-v1alpha1-ImageRegistry) - - - - - - - - - - - - - - - - - - -
FieldDescription
allowInsecureRegistry [Required]
-bool -		 -

AllowInsecureRegistry allows insecure access to a registry.

-
providers [Required]
-[]ImageRegistryCredentialsProvider -		 -

Providers specifies a list of OCI Registry names, whose authentication providers are provided. -It can be of one of these values: AWS, ACR, GCP, GHCR.

-
secrets [Required]
-[]string -		 -

Secrets specifies a list of secrets that are provided for credentials. -Secrets must live in the Kyverno namespace.

-
- -## `ImageRegistryCredentialsProvider` {#json-kyverno-io-v1alpha1-ImageRegistryCredentialsProvider} - -(Alias of `string`) - -**Appears in:** - -- [ImageRegistryCredentials](#json-kyverno-io-v1alpha1-ImageRegistryCredentials) - - -

ImageRegistryCredentialsProvider provides the list of credential providers required.

- - - - ## `Match` {#json-kyverno-io-v1alpha1-Match}