Bump CAPI to v1.5.0

.gitignore

@@ -39,6 +39,10 @@ kubeconfig
 # vscode
 .vscode
 
+# go.work files
+go.work
+go.work.sum
+
 # goland
 .idea
 

.golangci.yml

@@ -87,8 +87,6 @@ linters-settings:
         alias: apiextensionsv1
       - pkg: k8s.io/apimachinery/pkg/apis/meta/v1
         alias: metav1
-      - pkg: k8s.io/apimachinery/pkg/api/errors
-        alias: apierrors
       - pkg: k8s.io/apimachinery/pkg/util/errors
         alias: kerrors
       - pkg: sigs.k8s.io/controller-runtime/pkg/conversion
@@ -165,6 +163,12 @@ linters-settings:
     go: "1.20"
   stylecheck:
     go: "1.20"
+  depguard:
+    rules:
+      main:
+        deny:
+          - pkg: "io/ioutil"
+            desc: "ioutil is deprecated starting with Go 1.16"
 issues:
   max-same-issues: 0
   max-issues-per-linter: 0

api/v1beta2/awscluster_webhook.go

@@ -26,6 +26,7 @@ import (
 	"k8s.io/apimachinery/pkg/util/validation/field"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/webhook"
+	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
 
 	clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1"
 	"sigs.k8s.io/cluster-api/util/annotations"
@@ -49,7 +50,7 @@ var (
 )
 
 // ValidateCreate implements webhook.Validator so a webhook will be registered for the type.
-func (r *AWSCluster) ValidateCreate() error {
+func (r *AWSCluster) ValidateCreate() (admission.Warnings, error) {
 	var allErrs field.ErrorList
 
 	allErrs = append(allErrs, r.Spec.Bastion.Validate()...)
@@ -59,23 +60,23 @@ func (r *AWSCluster) ValidateCreate() error {
 	allErrs = append(allErrs, r.validateNetwork()...)
 	allErrs = append(allErrs, r.validateAdditionalIngressRules()...)
 
-	return aggregateObjErrors(r.GroupVersionKind().GroupKind(), r.Name, allErrs)
+	return nil, aggregateObjErrors(r.GroupVersionKind().GroupKind(), r.Name, allErrs)
 }
 
 // ValidateDelete implements webhook.Validator so a webhook will be registered for the type.
-func (r *AWSCluster) ValidateDelete() error {
-	return nil
+func (r *AWSCluster) ValidateDelete() (admission.Warnings, error) {
+	return nil, nil
 }
 
 // ValidateUpdate implements webhook.Validator so a webhook will be registered for the type.
-func (r *AWSCluster) ValidateUpdate(old runtime.Object) error {
+func (r *AWSCluster) ValidateUpdate(old runtime.Object) (admission.Warnings, error) {
 	var allErrs field.ErrorList
 
 	allErrs = append(allErrs, r.validateGCTasksAnnotation()...)
 
 	oldC, ok := old.(*AWSCluster)
 	if !ok {
-		return apierrors.NewBadRequest(fmt.Sprintf("expected an AWSCluster but got a %T", old))
+		return nil, apierrors.NewBadRequest(fmt.Sprintf("expected an AWSCluster but got a %T", old))
 	}
 
 	if r.Spec.Region != oldC.Spec.Region {
@@ -170,7 +171,7 @@ func (r *AWSCluster) ValidateUpdate(old runtime.Object) error {
 	allErrs = append(allErrs, r.Spec.AdditionalTags.Validate()...)
 	allErrs = append(allErrs, r.Spec.S3Bucket.Validate()...)
 
-	return aggregateObjErrors(r.GroupVersionKind().GroupKind(), r.Name, allErrs)
+	return nil, aggregateObjErrors(r.GroupVersionKind().GroupKind(), r.Name, allErrs)
 }
 
 // Default satisfies the defaulting webhook interface.

api/v1beta2/awscluster_webhook_test.go

@@ -391,7 +391,7 @@ func TestAWSClusterValidateCreate(t *testing.T) {
 			g.Eventually(func() bool {
 				err := testEnv.Get(ctx, key, c)
 				return err == nil
-			}, 10*time.Second).Should(Equal(true))
+			}, 10*time.Second).Should(BeTrue())
 
 			if tt.expect != nil {
 				tt.expect(g, c.Spec.ControlPlaneLoadBalancer)

api/v1beta2/awsclustercontrolleridentity_webhook.go

@@ -27,6 +27,7 @@ import (
 	"k8s.io/apimachinery/pkg/util/validation/field"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/webhook"
+	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
 )
 
 // log is for logging in this package.
@@ -47,54 +48,54 @@ var (
 )
 
 // ValidateCreate will do any extra validation when creating an AWSClusterControllerIdentity.
-func (r *AWSClusterControllerIdentity) ValidateCreate() error {
+func (r *AWSClusterControllerIdentity) ValidateCreate() (admission.Warnings, error) {
 	// Ensures AWSClusterControllerIdentity being singleton by only allowing "default" as name
 	if r.Name != AWSClusterControllerIdentityName {
-		return field.Invalid(field.NewPath("name"),
+		return nil, field.Invalid(field.NewPath("name"),
 			r.Name, "AWSClusterControllerIdentity is a singleton and only acceptable name is default")
 	}
 
 	// Validate selector parses as Selector if AllowedNameSpaces is populated
 	if r.Spec.AllowedNamespaces != nil {
 		_, err := metav1.LabelSelectorAsSelector(&r.Spec.AllowedNamespaces.Selector)
 		if err != nil {
-			return field.Invalid(field.NewPath("spec", "allowedNamespaces", "selector"), r.Spec.AllowedNamespaces.Selector, err.Error())
+			return nil, field.Invalid(field.NewPath("spec", "allowedNamespaces", "selector"), r.Spec.AllowedNamespaces.Selector, err.Error())
 		}
 	}
 
-	return nil
+	return nil, nil
 }
 
 // ValidateDelete allows you to add any extra validation when deleting an AWSClusterControllerIdentity.
-func (r *AWSClusterControllerIdentity) ValidateDelete() error {
-	return nil
+func (r *AWSClusterControllerIdentity) ValidateDelete() (admission.Warnings, error) {
+	return nil, nil
 }
 
 // ValidateUpdate will do any extra validation when updating an AWSClusterControllerIdentity.
-func (r *AWSClusterControllerIdentity) ValidateUpdate(old runtime.Object) error {
+func (r *AWSClusterControllerIdentity) ValidateUpdate(old runtime.Object) (admission.Warnings, error) {
 	oldP, ok := old.(*AWSClusterControllerIdentity)
 	if !ok {
-		return apierrors.NewBadRequest(fmt.Sprintf("expected an AWSClusterControllerIdentity but got a %T", old))
+		return nil, apierrors.NewBadRequest(fmt.Sprintf("expected an AWSClusterControllerIdentity but got a %T", old))
 	}
 
 	if !cmp.Equal(r.Spec, oldP.Spec) {
-		return errors.New("AWSClusterControllerIdentity is immutable")
+		return nil, errors.New("AWSClusterControllerIdentity is immutable")
 	}
 
 	if r.Name != oldP.Name {
-		return field.Invalid(field.NewPath("name"),
+		return nil, field.Invalid(field.NewPath("name"),
 			r.Name, "AWSClusterControllerIdentity is a singleton and only acceptable name is default")
 	}
 
 	// Validate selector parses as Selector if AllowedNameSpaces is not nil
 	if r.Spec.AllowedNamespaces != nil {
 		_, err := metav1.LabelSelectorAsSelector(&r.Spec.AllowedNamespaces.Selector)
 		if err != nil {
-			return field.Invalid(field.NewPath("spec", "allowedNamespaces", "selectors"), r.Spec.AllowedNamespaces.Selector, err.Error())
+			return nil, field.Invalid(field.NewPath("spec", "allowedNamespaces", "selectors"), r.Spec.AllowedNamespaces.Selector, err.Error())
 		}
 	}
 
-	return nil
+	return nil, nil
 }
 
 // Default will set default values for the AWSClusterControllerIdentity.

api/v1beta2/awsclusterroleidentity_webhook.go

@@ -25,6 +25,7 @@ import (
 	"k8s.io/apimachinery/pkg/util/validation/field"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/webhook"
+	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
 )
 
 // log is for logging in this package.
@@ -45,50 +46,50 @@ var (
 )
 
 // ValidateCreate will do any extra validation when creating an AWSClusterRoleIdentity.
-func (r *AWSClusterRoleIdentity) ValidateCreate() error {
+func (r *AWSClusterRoleIdentity) ValidateCreate() (admission.Warnings, error) {
 	if r.Spec.SourceIdentityRef == nil {
-		return field.Invalid(field.NewPath("spec", "sourceIdentityRef"),
+		return nil, field.Invalid(field.NewPath("spec", "sourceIdentityRef"),
 			r.Spec.SourceIdentityRef, "field cannot be set to nil")
 	}
 
 	// Validate selector parses as Selector
 	if r.Spec.AllowedNamespaces != nil {
 		_, err := metav1.LabelSelectorAsSelector(&r.Spec.AllowedNamespaces.Selector)
 		if err != nil {
-			return field.Invalid(field.NewPath("spec", "allowedNamespaces", "selector"), r.Spec.AllowedNamespaces.Selector, err.Error())
+			return nil, field.Invalid(field.NewPath("spec", "allowedNamespaces", "selector"), r.Spec.AllowedNamespaces.Selector, err.Error())
 		}
 	}
 
-	return nil
+	return nil, nil
 }
 
 // ValidateDelete allows you to add any extra validation when deleting an AWSClusterRoleIdentity.
-func (r *AWSClusterRoleIdentity) ValidateDelete() error {
-	return nil
+func (r *AWSClusterRoleIdentity) ValidateDelete() (admission.Warnings, error) {
+	return nil, nil
 }
 
 // ValidateUpdate will do any extra validation when updating an AWSClusterRoleIdentity.
-func (r *AWSClusterRoleIdentity) ValidateUpdate(old runtime.Object) error {
+func (r *AWSClusterRoleIdentity) ValidateUpdate(old runtime.Object) (admission.Warnings, error) {
 	oldP, ok := old.(*AWSClusterRoleIdentity)
 	if !ok {
-		return apierrors.NewBadRequest(fmt.Sprintf("expected an AWSClusterRoleIdentity but got a %T", old))
+		return nil, apierrors.NewBadRequest(fmt.Sprintf("expected an AWSClusterRoleIdentity but got a %T", old))
 	}
 
 	// If a SourceIdentityRef is set, do not allow removal of it.
 	if oldP.Spec.SourceIdentityRef != nil && r.Spec.SourceIdentityRef == nil {
-		return field.Invalid(field.NewPath("spec", "sourceIdentityRef"),
+		return nil, field.Invalid(field.NewPath("spec", "sourceIdentityRef"),
 			r.Spec.SourceIdentityRef, "field cannot be set to nil")
 	}
 
 	// Validate selector parses as Selector
 	if r.Spec.AllowedNamespaces != nil {
 		_, err := metav1.LabelSelectorAsSelector(&r.Spec.AllowedNamespaces.Selector)
 		if err != nil {
-			return field.Invalid(field.NewPath("spec", "allowedNamespaces", "selector"), r.Spec.AllowedNamespaces.Selector, err.Error())
+			return nil, field.Invalid(field.NewPath("spec", "allowedNamespaces", "selector"), r.Spec.AllowedNamespaces.Selector, err.Error())
 		}
 	}
 
-	return nil
+	return nil, nil
 }
 
 // Default will set default values for the AWSClusterRoleIdentity.

api/v1beta2/awsclusterstaticidentity_webhook.go

@@ -25,6 +25,7 @@ import (
 	"k8s.io/apimachinery/pkg/util/validation/field"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/webhook"
+	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
 )
 
 // log is for logging in this package.
@@ -45,44 +46,44 @@ var (
 )
 
 // ValidateCreate implements webhook.Validator so a webhook will be registered for the type.
-func (r *AWSClusterStaticIdentity) ValidateCreate() error {
+func (r *AWSClusterStaticIdentity) ValidateCreate() (admission.Warnings, error) {
 	// Validate selector parses as Selector
 	if r.Spec.AllowedNamespaces != nil {
 		_, err := metav1.LabelSelectorAsSelector(&r.Spec.AllowedNamespaces.Selector)
 		if err != nil {
-			return field.Invalid(field.NewPath("spec", "allowedNamespaces", "selector"), r.Spec.AllowedNamespaces.Selector, err.Error())
+			return nil, field.Invalid(field.NewPath("spec", "allowedNamespaces", "selector"), r.Spec.AllowedNamespaces.Selector, err.Error())
 		}
 	}
 
-	return nil
+	return nil, nil
 }
 
 // ValidateDelete implements webhook.Validator so a webhook will be registered for the type.
-func (r *AWSClusterStaticIdentity) ValidateDelete() error {
-	return nil
+func (r *AWSClusterStaticIdentity) ValidateDelete() (admission.Warnings, error) {
+	return nil, nil
 }
 
 // ValidateUpdate implements webhook.Validator so a webhook will be registered for the type.
-func (r *AWSClusterStaticIdentity) ValidateUpdate(old runtime.Object) error {
+func (r *AWSClusterStaticIdentity) ValidateUpdate(old runtime.Object) (admission.Warnings, error) {
 	oldP, ok := old.(*AWSClusterStaticIdentity)
 	if !ok {
-		return apierrors.NewBadRequest(fmt.Sprintf("expected an AWSClusterStaticIdentity but got a %T", old))
+		return nil, apierrors.NewBadRequest(fmt.Sprintf("expected an AWSClusterStaticIdentity but got a %T", old))
 	}
 
 	if oldP.Spec.SecretRef != r.Spec.SecretRef {
-		return field.Invalid(field.NewPath("spec", "secretRef"),
+		return nil, field.Invalid(field.NewPath("spec", "secretRef"),
 			r.Spec.SecretRef, "field cannot be updated")
 	}
 
 	// Validate selector parses as Selector
 	if r.Spec.AllowedNamespaces != nil {
 		_, err := metav1.LabelSelectorAsSelector(&r.Spec.AllowedNamespaces.Selector)
 		if err != nil {
-			return field.Invalid(field.NewPath("spec", "allowedNamespaces", "selector"), r.Spec.AllowedNamespaces.Selector, err.Error())
+			return nil, field.Invalid(field.NewPath("spec", "allowedNamespaces", "selector"), r.Spec.AllowedNamespaces.Selector, err.Error())
 		}
 	}
 
-	return nil
+	return nil, nil
 }
 
 // Default should return the default AWSClusterStaticIdentity.

api/v1beta2/awsclustertemplate_webhook.go

@@ -23,6 +23,7 @@ import (
 	"k8s.io/apimachinery/pkg/util/validation/field"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/webhook"
+	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
 )
 
 func (r *AWSClusterTemplate) SetupWebhookWithManager(mgr ctrl.Manager) error {
@@ -43,26 +44,26 @@ func (r *AWSClusterTemplate) Default() {
 }
 
 // ValidateCreate implements webhook.Validator so a webhook will be registered for the type.
-func (r *AWSClusterTemplate) ValidateCreate() error {
+func (r *AWSClusterTemplate) ValidateCreate() (admission.Warnings, error) {
 	var allErrs field.ErrorList
 
 	allErrs = append(allErrs, r.Spec.Template.Spec.Bastion.Validate()...)
 	allErrs = append(allErrs, validateSSHKeyName(r.Spec.Template.Spec.SSHKeyName)...)
 
-	return aggregateObjErrors(r.GroupVersionKind().GroupKind(), r.Name, allErrs)
+	return nil, aggregateObjErrors(r.GroupVersionKind().GroupKind(), r.Name, allErrs)
 }
 
 // ValidateUpdate implements webhook.Validator so a webhook will be registered for the type.
-func (r *AWSClusterTemplate) ValidateUpdate(oldRaw runtime.Object) error {
+func (r *AWSClusterTemplate) ValidateUpdate(oldRaw runtime.Object) (admission.Warnings, error) {
 	old := oldRaw.(*AWSClusterTemplate)
 
 	if !cmp.Equal(r.Spec, old.Spec) {
-		return apierrors.NewBadRequest("AWSClusterTemplate.Spec is immutable")
+		return nil, apierrors.NewBadRequest("AWSClusterTemplate.Spec is immutable")
 	}
-	return nil
+	return nil, nil
 }
 
 // ValidateDelete implements webhook.Validator so a webhook will be registered for the type.
-func (r *AWSClusterTemplate) ValidateDelete() error {
-	return nil
+func (r *AWSClusterTemplate) ValidateDelete() (admission.Warnings, error) {
+	return nil, nil
 }