Add v1beta1 versions of Constraints and ConstraintTemplates

constraint/Dockerfile

@@ -13,6 +13,13 @@ RUN tar -zxvf kubebuilder_${version}_linux_${arch}.tar.gz
 RUN mv kubebuilder_${version}_linux_${arch} kubebuilder && mv kubebuilder /usr/local/
 ENV PATH=$PATH:/usr/local/kubebuilder/bin:/usr/bin
 
+# Install kustomize
+ENV version=3.0.2
+ENV arch=amd64
+RUN curl -L -O "https://github.com/kubernetes-sigs/kustomize/releases/download/v${version}/kustomize_${version}_linux_${arch}"
+RUN mv kustomize_${version}_linux_${arch} /usr/bin/kustomize
+RUN chmod u+x /usr/bin/kustomize
+
 # Install OPA
 WORKDIR /usr/bin
 RUN curl -L -o opa https://github.com/open-policy-agent/opa/releases/download/v0.10.5/opa_linux_amd64

constraint/Gopkg.toml

@@ -28,6 +28,7 @@ required = [
     "github.com/onsi/gomega", # for test matchers
     "k8s.io/code-generator/cmd/client-gen", # for go generate
     "k8s.io/code-generator/cmd/deepcopy-gen", # for go generate
+    "k8s.io/code-generator/cmd/conversion-gen", # for go generate
     "sigs.k8s.io/controller-tools/cmd/controller-gen", # for crd/rbac generation
    	"k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1",
     ]
@@ -63,3 +64,7 @@ required = [
 [prune]
   go-tests = true
   unused-packages = true
+
+[[constraint]]
+  name = "github.com/google/go-cmp"
+  version = "0.3.0"

constraint/Makefile

@@ -20,6 +20,7 @@ install: manifests
 # Generate manifests e.g. CRD, RBAC etc.
 manifests:
 	go run vendor/sigs.k8s.io/controller-tools/cmd/controller-gen/main.go all
+	kustomize build config -o deploy/crds.yaml
 
 # Run go fmt against code
 fmt:

constraint/README.md

@@ -10,7 +10,7 @@ I want to make sure that every object has a `billing` label, I might write the
 following constraint YAML:
 
 ```yaml
-apiVersion: constraints.gatekeeper.sh/v1alpha1
+apiVersion: constraints.gatekeeper.sh/v1beta1
 kind: FooSystemRequiredLabel
 metadata:
   name: require-billing-label
@@ -39,7 +39,7 @@ intent. For example, to define the `FooSystemRequiredLabel` constraint kind
 implemented above, I might write the following template YAML:
 
 ```yaml
-apiVersion: gatekeeper.sh/v1alpha1
+apiVersion: gatekeeper.sh/v1beta1
 kind: ConstraintTemplate
 metadata:
   name: foosystemrequiredlabels
@@ -48,9 +48,6 @@ spec:
     spec:
       names:
         kind: FooSystemRequiredLabel
-        listKind: FooSystemRequiredLabelsList
-        plural: foosystemrequiredlabels
-        singular: foosystemrequiredlabel
       validation:
         # Schema for the `parameters` field
         openAPIV3Schema:
@@ -152,7 +149,7 @@ type TargetHandler interface {
 	GetName() string
 
 	// MatchSchema returns the JSON Schema for the `match` field of a constraint
-	MatchSchema() apiextensionsv1beta1.JSONSchemaProps
+	MatchSchema() apiextensions.JSONSchemaProps
 
 	// Library returns the pieces of Rego code required to stitch together constraint evaluation  // for the target. Current required libraries are `matching_constraints` and
 	// `matching_reviews_and_constraints` 
@@ -246,9 +243,9 @@ type Client interface {
 	AddData(context.Context, interface{}) (*types.Responses, error)
 	RemoveData(context.Context, interface{}) (*types.Responses, error)
 
-	CreateCRD(context.Context, *v1alpha1.ConstraintTemplate) (*apiextensionsv1beta1.CustomResourceDefinition, error)
-	AddTemplate(context.Context, *v1alpha1.ConstraintTemplate) (*types.Responses, error)
-	RemoveTemplate(context.Context, *v1alpha1.ConstraintTemplate) (*types.Responses, error)
+	CreateCRD(context.Context, *templates.ConstraintTemplate) (*apiextensions.CustomResourceDefinition, error)
+	AddTemplate(context.Context, *templates.ConstraintTemplate) (*types.Responses, error)
+	RemoveTemplate(context.Context, *templates.ConstraintTemplate) (*types.Responses, error)
 
 	AddConstraint(context.Context, *unstructured.Unstructured) (*types.Responses, error)
 	RemoveConstraint(context.Context, *unstructured.Unstructured) (*types.Responses, error)

constraint/config/crd_patch.yaml

@@ -0,0 +1,12 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: constrainttemplates.templates.gatekeeper.sh
+spec:
+  versions:
+    - name: v1beta1
+      served: true
+      storage: true
+    - name: v1alpha1
+      served: true
+      storage: false

constraint/config/crds/templates_v1beta1_constrainttemplate.yaml

@@ -0,0 +1,87 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  creationTimestamp: null
+  labels:
+    controller-tools.k8s.io: "1.0"
+  name: constrainttemplates.templates.gatekeeper.sh
+spec:
+  group: templates.gatekeeper.sh
+  names:
+    kind: ConstraintTemplate
+    plural: constrainttemplates
+  scope: Cluster
+  validation:
+    openAPIV3Schema:
+      properties:
+        apiVersion:
+          description: 'APIVersion defines the versioned schema of this representation
+            of an object. Servers should convert recognized schemas to the latest
+            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
+          type: string
+        kind:
+          description: 'Kind is a string value representing the REST resource this
+            object represents. Servers may infer this from the endpoint the client
+            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
+          type: string
+        metadata:
+          type: object
+        spec:
+          properties:
+            crd:
+              properties:
+                spec:
+                  properties:
+                    names:
+                      properties:
+                        kind:
+                          type: string
+                      type: object
+                    validation:
+                      type: object
+                  type: object
+              type: object
+            targets:
+              items:
+                properties:
+                  rego:
+                    type: string
+                  target:
+                    type: string
+                type: object
+              type: array
+          type: object
+        status:
+          properties:
+            byPod:
+              items:
+                properties:
+                  errors:
+                    items:
+                      properties:
+                        code:
+                          type: string
+                        location:
+                          type: string
+                        message:
+                          type: string
+                      required:
+                      - code
+                      - message
+                      type: object
+                    type: array
+                  id:
+                    description: a unique identifier for the pod that wrote the status
+                    type: string
+                type: object
+              type: array
+            created:
+              type: boolean
+          type: object
+  version: v1beta1
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []

constraint/config/kustomization.yaml

@@ -0,0 +1,9 @@
+# create a multi-version CRD via kustomize because Kubebuilder v1 doesn't support multi-version
+# CRDs
+
+resources:
+- crds/templates_v1beta1_constrainttemplate.yaml
+
+patchesStrategicMerge:
+- crd_patch.yaml
+

constraint/config/samples/templates_v1beta1_constrainttemplate.yaml

@@ -0,0 +1,9 @@
+apiVersion: templates.gatekeeper.sh/v1beta1
+kind: ConstraintTemplate
+metadata:
+  labels:
+    controller-tools.k8s.io: "1.0"
+  name: constrainttemplate-sample
+spec:
+  # Add fields here
+  foo: bar

constraint/deploy/crds.yaml

@@ -0,0 +1,94 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  creationTimestamp: null
+  labels:
+    controller-tools.k8s.io: "1.0"
+  name: constrainttemplates.templates.gatekeeper.sh
+spec:
+  group: templates.gatekeeper.sh
+  names:
+    kind: ConstraintTemplate
+    plural: constrainttemplates
+  scope: Cluster
+  validation:
+    openAPIV3Schema:
+      properties:
+        apiVersion:
+          description: 'APIVersion defines the versioned schema of this representation
+            of an object. Servers should convert recognized schemas to the latest
+            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
+          type: string
+        kind:
+          description: 'Kind is a string value representing the REST resource this
+            object represents. Servers may infer this from the endpoint the client
+            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
+          type: string
+        metadata:
+          type: object
+        spec:
+          properties:
+            crd:
+              properties:
+                spec:
+                  properties:
+                    names:
+                      properties:
+                        kind:
+                          type: string
+                      type: object
+                    validation:
+                      type: object
+                  type: object
+              type: object
+            targets:
+              items:
+                properties:
+                  rego:
+                    type: string
+                  target:
+                    type: string
+                type: object
+              type: array
+          type: object
+        status:
+          properties:
+            byPod:
+              items:
+                properties:
+                  errors:
+                    items:
+                      properties:
+                        code:
+                          type: string
+                        location:
+                          type: string
+                        message:
+                          type: string
+                      required:
+                      - code
+                      - message
+                      type: object
+                    type: array
+                  id:
+                    description: a unique identifier for the pod that wrote the status
+                    type: string
+                type: object
+              type: array
+            created:
+              type: boolean
+          type: object
+  version: v1beta1
+  versions:
+  - name: v1beta1
+    served: true
+    storage: true
+  - name: v1alpha1
+    served: true
+    storage: false
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []

constraint/pkg/apis/addtoscheme_templates_v1alpha1.go

@@ -21,5 +21,5 @@ import (
 
 func init() {
 	// Register the types with the Scheme so the components can map objects to GroupVersionKinds and back
-	AddToSchemes = append(AddToSchemes, v1alpha1.SchemeBuilder.AddToScheme)
+	AddToSchemes = append(AddToSchemes, v1alpha1.AddToSchemes...)
 }