Bump CAPI to v1.10.2 (#5447)

Signed-off-by: Tamal Saha <[email protected]>

Author: tamalsaha

Makefile

@@ -20,7 +20,7 @@ include $(ROOT_DIR_RELATIVE)/common.mk
 # https://suva.sh/posts/well-documented-makefiles
 
 # Go
-GO_VERSION ?=1.23.7
+GO_VERSION ?=1.23.9
 GO_CONTAINER_IMAGE ?= golang:$(GO_VERSION)
 
 # Directories.
@@ -151,8 +151,8 @@ E2E_SKIP_EKS_UPGRADE ?= "false"
 EKS_SOURCE_TEMPLATE ?= eks/cluster-template-eks-control-plane-only.yaml
 
 # set up `setup-envtest` to install kubebuilder dependency
-export KUBEBUILDER_ENVTEST_KUBERNETES_VERSION ?= 1.31.0
-SETUP_ENVTEST_VER := release-0.19
+export KUBEBUILDER_ENVTEST_KUBERNETES_VERSION ?= 1.32.0
+SETUP_ENVTEST_VER := release-0.20
 SETUP_ENVTEST_BIN := setup-envtest
 SETUP_ENVTEST := $(abspath $(TOOLS_BIN_DIR)/$(SETUP_ENVTEST_BIN)-$(SETUP_ENVTEST_VER))
 SETUP_ENVTEST_PKG := sigs.k8s.io/controller-runtime/tools/setup-envtest

api/v1beta1/zz_generated.conversion.go

@@ -17,6 +17,7 @@ limitations under the License.
 package v1beta2
 
 import (
+	"context"
 	"fmt"
 	"net"
 	"strings"
@@ -42,21 +43,31 @@ const (
 var _ = ctrl.Log.WithName("awscluster-resource")
 
 func (r *AWSCluster) SetupWebhookWithManager(mgr ctrl.Manager) error {
+	w := new(awsClusterWebhook)
 	return ctrl.NewWebhookManagedBy(mgr).
 		For(r).
+		WithValidator(w).
+		WithDefaulter(w).
 		Complete()
 }
 
 // +kubebuilder:webhook:verbs=create;update,path=/validate-infrastructure-cluster-x-k8s-io-v1beta2-awscluster,mutating=false,failurePolicy=fail,matchPolicy=Equivalent,groups=infrastructure.cluster.x-k8s.io,resources=awsclusters,versions=v1beta2,name=validation.awscluster.infrastructure.cluster.x-k8s.io,sideEffects=None,admissionReviewVersions=v1;v1beta1
 // +kubebuilder:webhook:verbs=create;update,path=/mutate-infrastructure-cluster-x-k8s-io-v1beta2-awscluster,mutating=true,failurePolicy=fail,matchPolicy=Equivalent,groups=infrastructure.cluster.x-k8s.io,resources=awsclusters,versions=v1beta2,name=default.awscluster.infrastructure.cluster.x-k8s.io,sideEffects=None,admissionReviewVersions=v1;v1beta1
 
+type awsClusterWebhook struct{}
+
 var (
-	_ webhook.Validator = &AWSCluster{}
-	_ webhook.Defaulter = &AWSCluster{}
+	_ webhook.CustomValidator = &awsClusterWebhook{}
+	_ webhook.CustomDefaulter = &awsClusterWebhook{}
 )
 
 // ValidateCreate implements webhook.Validator so a webhook will be registered for the type.
-func (r *AWSCluster) ValidateCreate() (admission.Warnings, error) {
+func (*awsClusterWebhook) ValidateCreate(_ context.Context, obj runtime.Object) (admission.Warnings, error) {
+	r, ok := obj.(*AWSCluster)
+	if !ok {
+		return nil, fmt.Errorf("expected an AWSCluster object but got %T", r)
+	}
+
 	var allErrs field.ErrorList
 	var allWarnings admission.Warnings
 
@@ -78,20 +89,25 @@ func (r *AWSCluster) ValidateCreate() (admission.Warnings, error) {
 }
 
 // ValidateDelete implements webhook.Validator so a webhook will be registered for the type.
-func (r *AWSCluster) ValidateDelete() (admission.Warnings, error) {
+func (*awsClusterWebhook) ValidateDelete(_ context.Context, obj runtime.Object) (admission.Warnings, error) {
 	return nil, nil
 }
 
 // ValidateUpdate implements webhook.Validator so a webhook will be registered for the type.
-func (r *AWSCluster) ValidateUpdate(old runtime.Object) (admission.Warnings, error) {
+func (*awsClusterWebhook) ValidateUpdate(_ context.Context, oldObj, newObj runtime.Object) (admission.Warnings, error) {
+	r, ok := newObj.(*AWSCluster)
+	if !ok {
+		return nil, fmt.Errorf("expected an AWSCluster object but got %T", r)
+	}
+
 	var allErrs field.ErrorList
 	var allWarnings admission.Warnings
 
 	allErrs = append(allErrs, r.validateGCTasksAnnotation()...)
 
-	oldC, ok := old.(*AWSCluster)
+	oldC, ok := oldObj.(*AWSCluster)
 	if !ok {
-		return nil, apierrors.NewBadRequest(fmt.Sprintf("expected an AWSCluster but got a %T", old))
+		return nil, apierrors.NewBadRequest(fmt.Sprintf("expected an AWSCluster but got a %T", oldObj))
 	}
 
 	if r.Spec.Region != oldC.Spec.Region {
@@ -227,6 +243,17 @@ func (r *AWSCluster) validateControlPlaneLoadBalancerUpdate(oldlb, newlb *AWSLoa
 	return allErrs
 }
 
+// Default satisfies the defaulting webhook interface.
+func (*awsClusterWebhook) Default(_ context.Context, obj runtime.Object) error {
+	r, ok := obj.(*AWSCluster)
+	if !ok {
+		return fmt.Errorf("expected an AWSCluster object but got %T", r)
+	}
+
+	r.Default()
+	return nil
+}
+
 // Default satisfies the defaulting webhook interface.
 func (r *AWSCluster) Default() {
 	SetObjectDefaults_AWSCluster(r)

api/v1beta2/awscluster_webhook.go

@@ -26,18 +26,19 @@ import (
 	"github.com/aws/aws-sdk-go/aws"
 	. "github.com/onsi/gomega"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
 	utilfeature "k8s.io/component-base/featuregate/testing"
 	"k8s.io/utils/ptr"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 
 	"sigs.k8s.io/cluster-api-provider-aws/v2/feature"
+	"sigs.k8s.io/cluster-api-provider-aws/v2/util/defaulting"
 	clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1"
-	"sigs.k8s.io/cluster-api/util/defaulting"
 )
 
 func TestAWSClusterDefault(t *testing.T) {
 	cluster := &AWSCluster{ObjectMeta: metav1.ObjectMeta{Name: "foo", Namespace: "default"}}
-	t.Run("for AWSCluster", defaultValidateTest(cluster, true))
+	t.Run("for AWSCluster", defaultValidateTest(context.Background(), cluster, &awsClusterWebhook{}, true))
 	cluster.Default()
 	g := NewWithT(t)
 	g.Expect(cluster.Spec.IdentityRef).NotTo(BeNil())
@@ -1494,38 +1495,38 @@ func TestAWSClusterDefaultAllowedCIDRBlocks(t *testing.T) {
 // update and delete.
 // NOTE: This is a copy of the DefaultValidateTest function in the cluster-api
 // package, but it has been modified to allow warnings to be returned.
-func defaultValidateTest(object defaulting.DefaultingValidator, allowWarnings bool) func(*testing.T) {
+func defaultValidateTest(ctx context.Context, object runtime.Object, webhook defaulting.DefaulterValidator, allowWarnings bool) func(*testing.T) {
 	return func(t *testing.T) {
 		t.Helper()
 
-		createCopy := object.DeepCopyObject().(defaulting.DefaultingValidator)
-		updateCopy := object.DeepCopyObject().(defaulting.DefaultingValidator)
-		deleteCopy := object.DeepCopyObject().(defaulting.DefaultingValidator)
-		defaultingUpdateCopy := updateCopy.DeepCopyObject().(defaulting.DefaultingValidator)
+		createCopy := object.DeepCopyObject()
+		updateCopy := object.DeepCopyObject()
+		deleteCopy := object.DeepCopyObject()
+		defaultingUpdateCopy := updateCopy.DeepCopyObject()
 
 		t.Run("validate-on-create", func(t *testing.T) {
 			g := NewWithT(t)
-			createCopy.Default()
-			warnings, err := createCopy.ValidateCreate()
+			g.Expect(webhook.Default(ctx, createCopy)).To(Succeed())
+			warnings, err := webhook.ValidateCreate(ctx, createCopy)
 			g.Expect(err).ToNot(HaveOccurred())
 			if !allowWarnings {
 				g.Expect(warnings).To(BeEmpty())
 			}
 		})
 		t.Run("validate-on-update", func(t *testing.T) {
 			g := NewWithT(t)
-			defaultingUpdateCopy.Default()
-			updateCopy.Default()
-			warnings, err := defaultingUpdateCopy.ValidateUpdate(updateCopy)
+			g.Expect(webhook.Default(ctx, defaultingUpdateCopy)).To(Succeed())
+			g.Expect(webhook.Default(ctx, updateCopy)).To(Succeed())
+			warnings, err := webhook.ValidateUpdate(ctx, updateCopy, defaultingUpdateCopy)
 			g.Expect(err).ToNot(HaveOccurred())
 			if !allowWarnings {
 				g.Expect(warnings).To(BeEmpty())
 			}
 		})
 		t.Run("validate-on-delete", func(t *testing.T) {
 			g := NewWithT(t)
-			deleteCopy.Default()
-			warnings, err := deleteCopy.ValidateDelete()
+			g.Expect(webhook.Default(ctx, deleteCopy)).To(Succeed())
+			warnings, err := webhook.ValidateDelete(ctx, deleteCopy)
 			g.Expect(err).ToNot(HaveOccurred())
 			if !allowWarnings {
 				g.Expect(warnings).To(BeEmpty())

api/v1beta2/awscluster_webhook_test.go

@@ -17,6 +17,7 @@ limitations under the License.
 package v1beta2
 
 import (
+	"context"
 	"fmt"
 
 	"github.com/google/go-cmp/cmp"
@@ -34,21 +35,31 @@ import (
 var _ = ctrl.Log.WithName("awsclustercontrolleridentity-resource")
 
 func (r *AWSClusterControllerIdentity) SetupWebhookWithManager(mgr ctrl.Manager) error {
+	w := new(awsClusterControllerIdentityWebhook)
 	return ctrl.NewWebhookManagedBy(mgr).
 		For(r).
+		WithValidator(w).
+		WithDefaulter(w).
 		Complete()
 }
 
 // +kubebuilder:webhook:verbs=create;update,path=/validate-infrastructure-cluster-x-k8s-io-v1beta2-awsclustercontrolleridentity,mutating=false,failurePolicy=fail,matchPolicy=Equivalent,groups=infrastructure.cluster.x-k8s.io,resources=awsclustercontrolleridentities,versions=v1beta2,name=validation.awsclustercontrolleridentity.infrastructure.cluster.x-k8s.io,sideEffects=None,admissionReviewVersions=v1;v1beta1
 // +kubebuilder:webhook:verbs=create;update,path=/mutate-infrastructure-cluster-x-k8s-io-v1beta2-awsclustercontrolleridentity,mutating=true,failurePolicy=fail,matchPolicy=Equivalent,groups=infrastructure.cluster.x-k8s.io,resources=awsclustercontrolleridentities,versions=v1beta2,name=default.awsclustercontrolleridentity.infrastructure.cluster.x-k8s.io,sideEffects=None,admissionReviewVersions=v1;v1beta1
 
+type awsClusterControllerIdentityWebhook struct{}
+
 var (
-	_ webhook.Validator = &AWSClusterControllerIdentity{}
-	_ webhook.Defaulter = &AWSClusterControllerIdentity{}
+	_ webhook.CustomValidator = &awsClusterControllerIdentityWebhook{}
+	_ webhook.CustomDefaulter = &awsClusterControllerIdentityWebhook{}
 )
 
 // ValidateCreate will do any extra validation when creating an AWSClusterControllerIdentity.
-func (r *AWSClusterControllerIdentity) ValidateCreate() (admission.Warnings, error) {
+func (*awsClusterControllerIdentityWebhook) ValidateCreate(_ context.Context, obj runtime.Object) (admission.Warnings, error) {
+	r, ok := obj.(*AWSClusterControllerIdentity)
+	if !ok {
+		return nil, fmt.Errorf("expected an AWSClusterControllerIdentity object but got %T", r)
+	}
+
 	// Ensures AWSClusterControllerIdentity being singleton by only allowing "default" as name
 	if r.Name != AWSClusterControllerIdentityName {
 		return nil, field.Invalid(field.NewPath("name"),
@@ -67,15 +78,20 @@ func (r *AWSClusterControllerIdentity) ValidateCreate() (admission.Warnings, err
 }
 
 // ValidateDelete allows you to add any extra validation when deleting an AWSClusterControllerIdentity.
-func (r *AWSClusterControllerIdentity) ValidateDelete() (admission.Warnings, error) {
+func (*awsClusterControllerIdentityWebhook) ValidateDelete(_ context.Context, obj runtime.Object) (admission.Warnings, error) {
 	return nil, nil
 }
 
 // ValidateUpdate will do any extra validation when updating an AWSClusterControllerIdentity.
-func (r *AWSClusterControllerIdentity) ValidateUpdate(old runtime.Object) (admission.Warnings, error) {
-	oldP, ok := old.(*AWSClusterControllerIdentity)
+func (*awsClusterControllerIdentityWebhook) ValidateUpdate(_ context.Context, oldObj, newObj runtime.Object) (admission.Warnings, error) {
+	r, ok := newObj.(*AWSClusterControllerIdentity)
+	if !ok {
+		return nil, fmt.Errorf("expected an AWSClusterControllerIdentity object but got %T", r)
+	}
+
+	oldP, ok := oldObj.(*AWSClusterControllerIdentity)
 	if !ok {
-		return nil, apierrors.NewBadRequest(fmt.Sprintf("expected an AWSClusterControllerIdentity but got a %T", old))
+		return nil, apierrors.NewBadRequest(fmt.Sprintf("expected an AWSClusterControllerIdentity but got a %T", oldObj))
 	}
 
 	if !cmp.Equal(r.Spec, oldP.Spec) {
@@ -99,6 +115,12 @@ func (r *AWSClusterControllerIdentity) ValidateUpdate(old runtime.Object) (admis
 }
 
 // Default will set default values for the AWSClusterControllerIdentity.
-func (r *AWSClusterControllerIdentity) Default() {
+func (*awsClusterControllerIdentityWebhook) Default(_ context.Context, obj runtime.Object) error {
+	r, ok := obj.(*AWSClusterControllerIdentity)
+	if !ok {
+		return fmt.Errorf("expected an AWSClusterControllerIdentity object but got %T", r)
+	}
+
 	SetDefaults_Labels(&r.ObjectMeta)
+	return nil
 }

api/v1beta2/awsclustercontrolleridentity_webhook.go

@@ -17,6 +17,7 @@ limitations under the License.
 package v1beta2
 
 import (
+	"context"
 	"fmt"
 
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
@@ -32,21 +33,31 @@ import (
 var _ = ctrl.Log.WithName("awsclusterroleidentity-resource")
 
 func (r *AWSClusterRoleIdentity) SetupWebhookWithManager(mgr ctrl.Manager) error {
+	w := new(awsClusterRoleIdentityWebhook)
 	return ctrl.NewWebhookManagedBy(mgr).
 		For(r).
+		WithValidator(w).
+		WithDefaulter(w).
 		Complete()
 }
 
 // +kubebuilder:webhook:verbs=create;update,path=/validate-infrastructure-cluster-x-k8s-io-v1beta2-awsclusterroleidentity,mutating=false,failurePolicy=fail,matchPolicy=Equivalent,groups=infrastructure.cluster.x-k8s.io,resources=awsclusterroleidentities,versions=v1beta2,name=validation.awsclusterroleidentity.infrastructure.cluster.x-k8s.io,sideEffects=None,admissionReviewVersions=v1;v1beta1
 // +kubebuilder:webhook:verbs=create;update,path=/mutate-infrastructure-cluster-x-k8s-io-v1beta2-awsclusterroleidentity,mutating=true,failurePolicy=fail,matchPolicy=Equivalent,groups=infrastructure.cluster.x-k8s.io,resources=awsclusterroleidentities,versions=v1beta2,name=default.awsclusterroleidentity.infrastructure.cluster.x-k8s.io,sideEffects=None,admissionReviewVersions=v1;v1beta1
 
+type awsClusterRoleIdentityWebhook struct{}
+
 var (
-	_ webhook.Validator = &AWSClusterRoleIdentity{}
-	_ webhook.Defaulter = &AWSClusterRoleIdentity{}
+	_ webhook.CustomValidator = &awsClusterRoleIdentityWebhook{}
+	_ webhook.CustomDefaulter = &awsClusterRoleIdentityWebhook{}
 )
 
 // ValidateCreate will do any extra validation when creating an AWSClusterRoleIdentity.
-func (r *AWSClusterRoleIdentity) ValidateCreate() (admission.Warnings, error) {
+func (*awsClusterRoleIdentityWebhook) ValidateCreate(_ context.Context, obj runtime.Object) (admission.Warnings, error) {
+	r, ok := obj.(*AWSClusterRoleIdentity)
+	if !ok {
+		return nil, fmt.Errorf("expected an AWSClusterRoleIdentity object but got %T", r)
+	}
+
 	if r.Spec.SourceIdentityRef == nil {
 		return nil, field.Invalid(field.NewPath("spec", "sourceIdentityRef"),
 			r.Spec.SourceIdentityRef, "field cannot be set to nil")
@@ -64,15 +75,20 @@ func (r *AWSClusterRoleIdentity) ValidateCreate() (admission.Warnings, error) {
 }
 
 // ValidateDelete allows you to add any extra validation when deleting an AWSClusterRoleIdentity.
-func (r *AWSClusterRoleIdentity) ValidateDelete() (admission.Warnings, error) {
+func (*awsClusterRoleIdentityWebhook) ValidateDelete(_ context.Context, obj runtime.Object) (admission.Warnings, error) {
 	return nil, nil
 }
 
 // ValidateUpdate will do any extra validation when updating an AWSClusterRoleIdentity.
-func (r *AWSClusterRoleIdentity) ValidateUpdate(old runtime.Object) (admission.Warnings, error) {
-	oldP, ok := old.(*AWSClusterRoleIdentity)
+func (*awsClusterRoleIdentityWebhook) ValidateUpdate(_ context.Context, oldObj, newObj runtime.Object) (admission.Warnings, error) {
+	r, ok := newObj.(*AWSClusterRoleIdentity)
 	if !ok {
-		return nil, apierrors.NewBadRequest(fmt.Sprintf("expected an AWSClusterRoleIdentity but got a %T", old))
+		return nil, fmt.Errorf("expected an AWSClusterRoleIdentity object but got %T", r)
+	}
+
+	oldP, ok := oldObj.(*AWSClusterRoleIdentity)
+	if !ok {
+		return nil, apierrors.NewBadRequest(fmt.Sprintf("expected an AWSClusterRoleIdentity but got a %T", oldObj))
 	}
 
 	// If a SourceIdentityRef is set, do not allow removal of it.
@@ -93,6 +109,11 @@ func (r *AWSClusterRoleIdentity) ValidateUpdate(old runtime.Object) (admission.W
 }
 
 // Default will set default values for the AWSClusterRoleIdentity.
-func (r *AWSClusterRoleIdentity) Default() {
+func (*awsClusterRoleIdentityWebhook) Default(_ context.Context, obj runtime.Object) error {
+	r, ok := obj.(*AWSClusterRoleIdentity)
+	if !ok {
+		return fmt.Errorf("expected an AWSClusterRoleIdentity object but got %T", r)
+	}
 	SetDefaults_Labels(&r.ObjectMeta)
+	return nil
 }