feat: kubesphere 4.0 (#6115)

* feat: kubesphere 4.0

Signed-off-by: ci-bot <ci-bot@kubesphere.io>

* feat: kubesphere 4.0

Signed-off-by: ci-bot <ci-bot@kubesphere.io>

---------

Signed-off-by: ci-bot <ci-bot@kubesphere.io>
Co-authored-by: ks-ci-bot <ks-ci-bot@example.com>
Co-authored-by: joyceliu <joyceliu@yunify.com>

vendor/k8s.io/apiextensions-apiserver/pkg/apiserver/schema/objectmeta/algorithm.go

@@ -0,0 +1,147 @@
+/*
+Copyright 2019 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package objectmeta
+
+import (
+	"sort"
+
+	structuralschema "k8s.io/apiextensions-apiserver/pkg/apiserver/schema"
+	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+	"k8s.io/apimachinery/pkg/util/validation/field"
+)
+
+// CoerceOptions gives the ability to ReturnUnknownFieldPaths for fields
+// unrecognized by the schema or DropInvalidFields for fields that are a part
+// of the schema, but are malformed.
+type CoerceOptions struct {
+	// DropInvalidFields discards malformed serialized metadata fields that
+	// cannot be successfully decoded to the corresponding ObjectMeta field.
+	// This only applies to fields that are recognized as part of the schema,
+	// but of an invalid type (i.e. cause an error when unmarshaling, rather
+	// than being dropped or causing a strictErr).
+	DropInvalidFields bool
+	// ReturnUnknownFieldPaths will return the paths to fields that are not
+	// recognized as part of the schema.
+	ReturnUnknownFieldPaths bool
+}
+
+// Coerce checks types of embedded ObjectMeta and TypeMeta and prunes unknown fields inside the former.
+// It does coerce ObjectMeta and TypeMeta at the root if isResourceRoot is true.
+// If opts.ReturnUnknownFieldPaths is true, it will return the paths of any fields that are not a part of the
+// schema that are dropped when unmarshaling.
+// If opts.DropInvalidFields is true, fields of wrong type will be dropped.
+func CoerceWithOptions(pth *field.Path, obj interface{}, s *structuralschema.Structural, isResourceRoot bool, opts CoerceOptions) (*field.Error, []string) {
+	if isResourceRoot {
+		if s == nil {
+			s = &structuralschema.Structural{}
+		}
+		if !s.XEmbeddedResource {
+			clone := *s
+			clone.XEmbeddedResource = true
+			s = &clone
+		}
+	}
+	c := coercer{DropInvalidFields: opts.DropInvalidFields, ReturnUnknownFieldPaths: opts.ReturnUnknownFieldPaths}
+	schemaOpts := &structuralschema.UnknownFieldPathOptions{
+		TrackUnknownFieldPaths: opts.ReturnUnknownFieldPaths,
+	}
+	fieldErr := c.coerce(pth, obj, s, schemaOpts)
+	sort.Strings(schemaOpts.UnknownFieldPaths)
+	return fieldErr, schemaOpts.UnknownFieldPaths
+}
+
+// Coerce calls CoerceWithOptions without returning unknown field paths.
+func Coerce(pth *field.Path, obj interface{}, s *structuralschema.Structural, isResourceRoot, dropInvalidFields bool) *field.Error {
+	fieldErr, _ := CoerceWithOptions(pth, obj, s, isResourceRoot, CoerceOptions{DropInvalidFields: dropInvalidFields})
+	return fieldErr
+}
+
+type coercer struct {
+	DropInvalidFields       bool
+	ReturnUnknownFieldPaths bool
+}
+
+func (c *coercer) coerce(pth *field.Path, x interface{}, s *structuralschema.Structural, opts *structuralschema.UnknownFieldPathOptions) *field.Error {
+	if s == nil {
+		return nil
+	}
+	origPathLen := len(opts.ParentPath)
+	defer func() {
+		opts.ParentPath = opts.ParentPath[:origPathLen]
+	}()
+	switch x := x.(type) {
+	case map[string]interface{}:
+		for k, v := range x {
+			if s.XEmbeddedResource {
+				switch k {
+				case "apiVersion", "kind":
+					if _, ok := v.(string); !ok && c.DropInvalidFields {
+						delete(x, k)
+					} else if !ok {
+						return field.Invalid(pth.Child(k), v, "must be a string")
+					}
+				case "metadata":
+					meta, found, unknownFields, err := GetObjectMetaWithOptions(x, ObjectMetaOptions{
+						DropMalformedFields:     c.DropInvalidFields,
+						ReturnUnknownFieldPaths: c.ReturnUnknownFieldPaths,
+						ParentPath:              pth,
+					})
+					opts.UnknownFieldPaths = append(opts.UnknownFieldPaths, unknownFields...)
+					if err != nil {
+						if !c.DropInvalidFields {
+							return field.Invalid(pth.Child("metadata"), v, err.Error())
+						}
+						// pass through on error if DropInvalidFields is true
+					} else if found {
+						if err := SetObjectMeta(x, meta); err != nil {
+							return field.Invalid(pth.Child("metadata"), v, err.Error())
+						}
+						if meta.CreationTimestamp.IsZero() {
+							unstructured.RemoveNestedField(x, "metadata", "creationTimestamp")
+						}
+					}
+				}
+			}
+			prop, ok := s.Properties[k]
+			if ok {
+				opts.AppendKey(k)
+				if err := c.coerce(pth.Child(k), v, &prop, opts); err != nil {
+					return err
+				}
+				opts.ParentPath = opts.ParentPath[:origPathLen]
+			} else if s.AdditionalProperties != nil {
+				opts.AppendKey(k)
+				if err := c.coerce(pth.Key(k), v, s.AdditionalProperties.Structural, opts); err != nil {
+					return err
+				}
+				opts.ParentPath = opts.ParentPath[:origPathLen]
+			}
+		}
+	case []interface{}:
+		for i, v := range x {
+			opts.AppendIndex(i)
+			if err := c.coerce(pth.Index(i), v, s.Items, opts); err != nil {
+				return err
+			}
+			opts.ParentPath = opts.ParentPath[:origPathLen]
+		}
+	default:
+		// scalars, do nothing
+	}
+
+	return nil
+}

vendor/k8s.io/apiextensions-apiserver/pkg/apiserver/schema/objectmeta/coerce.go

@@ -0,0 +1,151 @@
+/*
+Copyright 2019 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package objectmeta
+
+import (
+	"fmt"
+
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+	"k8s.io/apimachinery/pkg/runtime"
+	utiljson "k8s.io/apimachinery/pkg/util/json"
+	"k8s.io/apimachinery/pkg/util/validation/field"
+	kjson "sigs.k8s.io/json"
+)
+
+// GetObjectMeta calls GetObjectMetaWithOptions without returning unknown field paths.
+func GetObjectMeta(obj map[string]interface{}, dropMalformedFields bool) (*metav1.ObjectMeta, bool, error) {
+	meta, found, _, err := GetObjectMetaWithOptions(obj, ObjectMetaOptions{
+		DropMalformedFields: dropMalformedFields,
+	})
+	return meta, found, err
+}
+
+// ObjectMetaOptions provides the options for how GetObjectMeta should retrieve the object meta.
+type ObjectMetaOptions struct {
+	// DropMalformedFields discards malformed serialized metadata fields that
+	// cannot be successfully decoded to the corresponding ObjectMeta field.
+	// This only applies to fields that are recognized as part of the schema,
+	// but of an invalid type (i.e. cause an error when unmarshaling, rather
+	// than being dropped or causing a strictErr).
+	DropMalformedFields bool
+	// ReturnUnknownFieldPaths will return the paths to fields that are not
+	// recognized as part of the schema.
+	ReturnUnknownFieldPaths bool
+	// ParentPath provides the current path up to the given ObjectMeta.
+	// If nil, the metadata is assumed to be at the root of the object.
+	ParentPath *field.Path
+}
+
+// GetObjectMetaWithOptions  does conversion of JSON to ObjectMeta.
+// It first tries json.Unmarshal into a metav1.ObjectMeta
+// type. If that does not work and opts.DropMalformedFields is true, it does field-by-field best-effort conversion
+// throwing away fields which lead to errors.
+// If opts.ReturnedUnknownFields is true, it will UnmarshalStrict instead, returning the paths of any unknown fields
+// it encounters (i.e. paths returned as strict errs from UnmarshalStrict)
+func GetObjectMetaWithOptions(obj map[string]interface{}, opts ObjectMetaOptions) (*metav1.ObjectMeta, bool, []string, error) {
+	metadata, found := obj["metadata"]
+	if !found {
+		return nil, false, nil, nil
+	}
+
+	// round-trip through JSON first, hoping that unmarshalling just works
+	objectMeta := &metav1.ObjectMeta{}
+	metadataBytes, err := utiljson.Marshal(metadata)
+	if err != nil {
+		return nil, false, nil, err
+	}
+	var unmarshalErr error
+	if opts.ReturnUnknownFieldPaths {
+		var strictErrs []error
+		strictErrs, unmarshalErr = kjson.UnmarshalStrict(metadataBytes, objectMeta)
+		if unmarshalErr == nil {
+			if len(strictErrs) > 0 {
+				unknownPaths := []string{}
+				prefix := opts.ParentPath.Child("metadata").String()
+				for _, err := range strictErrs {
+					if fieldPathErr, ok := err.(kjson.FieldError); ok {
+						unknownPaths = append(unknownPaths, prefix+"."+fieldPathErr.FieldPath())
+					}
+				}
+				return objectMeta, true, unknownPaths, nil
+			}
+			return objectMeta, true, nil, nil
+		}
+	} else {
+		if unmarshalErr = utiljson.Unmarshal(metadataBytes, objectMeta); unmarshalErr == nil {
+			// if successful, return
+			return objectMeta, true, nil, nil
+		}
+	}
+	if !opts.DropMalformedFields {
+		// if we're not trying to drop malformed fields, return the error
+		return nil, true, nil, unmarshalErr
+	}
+
+	metadataMap, ok := metadata.(map[string]interface{})
+	if !ok {
+		return nil, false, nil, fmt.Errorf("invalid metadata: expected object, got %T", metadata)
+	}
+
+	// Go field by field accumulating into the metadata object.
+	// This takes advantage of the fact that you can repeatedly unmarshal individual fields into a single struct,
+	// each iteration preserving the old key-values.
+	accumulatedObjectMeta := &metav1.ObjectMeta{}
+	testObjectMeta := &metav1.ObjectMeta{}
+	var unknownFields []string
+	for k, v := range metadataMap {
+		// serialize a single field
+		if singleFieldBytes, err := utiljson.Marshal(map[string]interface{}{k: v}); err == nil {
+			// do a test unmarshal
+			if utiljson.Unmarshal(singleFieldBytes, testObjectMeta) == nil {
+				// if that succeeds, unmarshal for real
+				if opts.ReturnUnknownFieldPaths {
+					strictErrs, _ := kjson.UnmarshalStrict(singleFieldBytes, accumulatedObjectMeta)
+					if len(strictErrs) > 0 {
+						prefix := opts.ParentPath.Child("metadata").String()
+						for _, err := range strictErrs {
+							if fieldPathErr, ok := err.(kjson.FieldError); ok {
+								unknownFields = append(unknownFields, prefix+"."+fieldPathErr.FieldPath())
+							}
+						}
+					}
+				} else {
+					utiljson.Unmarshal(singleFieldBytes, accumulatedObjectMeta)
+				}
+			}
+		}
+	}
+
+	return accumulatedObjectMeta, true, unknownFields, nil
+}
+
+// SetObjectMeta writes back ObjectMeta into a JSON data structure.
+func SetObjectMeta(obj map[string]interface{}, objectMeta *metav1.ObjectMeta) error {
+	if objectMeta == nil {
+		unstructured.RemoveNestedField(obj, "metadata")
+		return nil
+	}
+
+	metadata, err := runtime.DefaultUnstructuredConverter.ToUnstructured(objectMeta)
+	if err != nil {
+		return err
+	}
+
+	obj["metadata"] = metadata
+	return nil
+}

vendor/k8s.io/apiextensions-apiserver/pkg/apiserver/schema/objectmeta/validation.go

@@ -0,0 +1,121 @@
+/*
+Copyright 2019 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package objectmeta
+
+import (
+	"strings"
+
+	structuralschema "k8s.io/apiextensions-apiserver/pkg/apiserver/schema"
+	metavalidation "k8s.io/apimachinery/pkg/api/validation"
+	"k8s.io/apimachinery/pkg/api/validation/path"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+	utilvalidation "k8s.io/apimachinery/pkg/util/validation"
+	"k8s.io/apimachinery/pkg/util/validation/field"
+)
+
+// Validate validates embedded ObjectMeta and TypeMeta.
+// It also validate those at the root if isResourceRoot is true.
+func Validate(pth *field.Path, obj interface{}, s *structuralschema.Structural, isResourceRoot bool) field.ErrorList {
+	if isResourceRoot {
+		if s == nil {
+			s = &structuralschema.Structural{}
+		}
+		if !s.XEmbeddedResource {
+			clone := *s
+			clone.XEmbeddedResource = true
+			s = &clone
+		}
+	}
+	return validate(pth, obj, s)
+}
+
+func validate(pth *field.Path, x interface{}, s *structuralschema.Structural) field.ErrorList {
+	if s == nil {
+		return nil
+	}
+
+	var allErrs field.ErrorList
+
+	switch x := x.(type) {
+	case map[string]interface{}:
+		if s.XEmbeddedResource {
+			allErrs = append(allErrs, validateEmbeddedResource(pth, x, s)...)
+		}
+
+		for k, v := range x {
+			prop, ok := s.Properties[k]
+			if ok {
+				allErrs = append(allErrs, validate(pth.Child(k), v, &prop)...)
+			} else if s.AdditionalProperties != nil {
+				allErrs = append(allErrs, validate(pth.Key(k), v, s.AdditionalProperties.Structural)...)
+			}
+		}
+	case []interface{}:
+		for i, v := range x {
+			allErrs = append(allErrs, validate(pth.Index(i), v, s.Items)...)
+		}
+	default:
+		// scalars, do nothing
+	}
+
+	return allErrs
+}
+
+func validateEmbeddedResource(pth *field.Path, x map[string]interface{}, s *structuralschema.Structural) field.ErrorList {
+	var allErrs field.ErrorList
+
+	// require apiVersion and kind, but not metadata
+	if _, found := x["apiVersion"]; !found {
+		allErrs = append(allErrs, field.Required(pth.Child("apiVersion"), "must not be empty"))
+	}
+	if _, found := x["kind"]; !found {
+		allErrs = append(allErrs, field.Required(pth.Child("kind"), "must not be empty"))
+	}
+
+	for k, v := range x {
+		switch k {
+		case "apiVersion":
+			if apiVersion, ok := v.(string); !ok {
+				allErrs = append(allErrs, field.Invalid(pth.Child("apiVersion"), v, "must be a string"))
+			} else if len(apiVersion) == 0 {
+				allErrs = append(allErrs, field.Invalid(pth.Child("apiVersion"), apiVersion, "must not be empty"))
+			} else if _, err := schema.ParseGroupVersion(apiVersion); err != nil {
+				allErrs = append(allErrs, field.Invalid(pth.Child("apiVersion"), apiVersion, err.Error()))
+			}
+		case "kind":
+			if kind, ok := v.(string); !ok {
+				allErrs = append(allErrs, field.Invalid(pth.Child("kind"), v, "must be a string"))
+			} else if len(kind) == 0 {
+				allErrs = append(allErrs, field.Invalid(pth.Child("kind"), kind, "must not be empty"))
+			} else if errs := utilvalidation.IsDNS1035Label(strings.ToLower(kind)); len(errs) > 0 {
+				allErrs = append(allErrs, field.Invalid(pth.Child("kind"), kind, "may have mixed case, but should otherwise match: "+strings.Join(errs, ",")))
+			}
+		case "metadata":
+			meta, _, err := GetObjectMeta(x, false)
+			if err != nil {
+				allErrs = append(allErrs, field.Invalid(pth.Child("metadata"), v, err.Error()))
+			} else {
+				if len(meta.Name) == 0 {
+					meta.Name = "fakename" // we have to set something to avoid an error
+				}
+				allErrs = append(allErrs, metavalidation.ValidateObjectMeta(meta, len(meta.Namespace) > 0, path.ValidatePathSegmentName, pth.Child("metadata"))...)
+			}
+		}
+	}
+
+	return allErrs
+}