Build: upgrade controller-gen to 0.16.3 (#944)

Update chart upgrade tests to properly handle annotations/label changes

Makefile

@@ -499,7 +499,7 @@ ENVTEST ?= $(LOCALBIN)/setup-envtest
 
 ## Tool Versions
 KUSTOMIZE_VERSION ?= v4.5.7
-CONTROLLER_TOOLS_VERSION ?= v0.14.0
+CONTROLLER_TOOLS_VERSION ?= v0.16.3
 
 KUSTOMIZE_INSTALL_SCRIPT ?= "./hack/install_kustomize.sh"
 .PHONY: kustomize

chart/crds/secrets.hashicorp.com_hcpauths.yaml

@@ -6,7 +6,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.16.3
   name: hcpauths.secrets.hashicorp.com
 spec:
   group: secrets.hashicorp.com

chart/crds/secrets.hashicorp.com_hcpvaultsecretsapps.yaml

@@ -6,7 +6,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.16.3
   name: hcpvaultsecretsapps.secrets.hashicorp.com
 spec:
   group: secrets.hashicorp.com
@@ -225,7 +225,6 @@ spec:
                     with a timestamp value of when the trigger was executed.
                     E.g. vso.secrets.hashicorp.com/restartedAt: "2023-03-23T13:39:31Z"
 
-
                     Supported resources: Deployment, DaemonSet, StatefulSet, argo.Rollout
                   properties:
                     kind:
@@ -302,12 +301,10 @@ spec:
                 description: |-
                   SecretMAC used when deciding whether new Vault secret data should be synced.
 
-
                   The controller will compare the "new" HCP Vault Secrets App data to this value
                   using HMAC, if they are different, then the data will be synced to the
                   Destination.
 
-
                   The SecretMac is also used to detect drift in the Destination Secret's Data.
                   If drift is detected the data will be synced to the Destination.
                 type: string

chart/crds/secrets.hashicorp.com_secrettransformations.yaml

@@ -6,7 +6,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.16.3
   name: secrettransformations.secrets.hashicorp.com
 spec:
   group: secrets.hashicorp.com

chart/crds/secrets.hashicorp.com_vaultauthglobals.yaml

@@ -6,7 +6,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.16.3
   name: vaultauthglobals.secrets.hashicorp.com
 spec:
   group: secrets.hashicorp.com

chart/crds/secrets.hashicorp.com_vaultauths.yaml

@@ -6,7 +6,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.16.3
   name: vaultauths.secrets.hashicorp.com
 spec:
   group: secrets.hashicorp.com
@@ -252,7 +252,6 @@ spec:
                       as the default if Name is not set. The 'allow-default-globals' option must be
                       set on the operator's '-global-vault-auth-options' flag
 
-
                       The default VaultAuthGlobal search is conditional.
                       When a ref Namespace is set, the search for the default
                       VaultAuthGlobal resource is constrained to that namespace.
@@ -271,15 +270,12 @@ spec:
                           Headers configures the merge strategy for HTTP headers that are included in
                           all Vault requests. Choices are `union`, `replace`, or `none`.
 
-
                           If `union` is set, the headers from the VaultAuthGlobal and VaultAuth
                           resources are merged. The headers from the VaultAuth always take precedence.
 
-
                           If `replace` is set, the first set of non-empty headers taken in order from:
                           VaultAuth, VaultAuthGlobal auth method, VaultGlobal default headers.
 
-
                           If `none` is set, the headers from the
                           VaultAuthGlobal resource are ignored and only the headers from the VaultAuth
                           resource are used. The default is `none`.
@@ -293,16 +289,13 @@ spec:
                           Params configures the merge strategy for HTTP parameters that are included in
                           all Vault requests. Choices are `union`, `replace`, or `none`.
 
-
                           If `union` is set, the parameters from the VaultAuthGlobal and VaultAuth
                           resources are merged. The parameters from the VaultAuth always take
                           precedence.
 
-
                           If `replace` is set, the first set of non-empty parameters taken in order from:
                           VaultAuth, VaultAuthGlobal auth method, VaultGlobal default parameters.
 
-
                           If `none` is set, the parameters from the VaultAuthGlobal resource are ignored
                           and only the parameters from the VaultAuth resource are used. The default is
                           `none`.
@@ -336,16 +329,8 @@ spec:
             properties:
               conditions:
                 items:
-                  description: "Condition contains details for one aspect of the current
-                    state of this API Resource.\n---\nThis struct is intended for
-                    direct use as an array at the field path .status.conditions.  For
-                    example,\n\n\n\ttype FooStatus struct{\n\t    // Represents the
-                    observations of a foo's current state.\n\t    // Known .status.conditions.type
-                    are: \"Available\", \"Progressing\", and \"Degraded\"\n\t    //
-                    +patchMergeKey=type\n\t    // +patchStrategy=merge\n\t    // +listType=map\n\t
-                    \   // +listMapKey=type\n\t    Conditions []metav1.Condition `json:\"conditions,omitempty\"
-                    patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
-                    \   // other fields\n\t}"
+                  description: Condition contains details for one aspect of the current
+                    state of this API Resource.
                   properties:
                     lastTransitionTime:
                       description: |-
@@ -386,12 +371,7 @@ spec:
                       - Unknown
                       type: string
                     type:
-                      description: |-
-                        type of condition in CamelCase or in foo.example.com/CamelCase.
-                        ---
-                        Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
-                        useful (see .node.status.conditions), the ability to deconflict is important.
-                        The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+                      description: type of condition in CamelCase or in foo.example.com/CamelCase.
                       maxLength: 316
                       pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
                       type: string

chart/crds/secrets.hashicorp.com_vaultconnections.yaml

@@ -6,7 +6,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.16.3
   name: vaultconnections.secrets.hashicorp.com
 spec:
   group: secrets.hashicorp.com

chart/crds/secrets.hashicorp.com_vaultdynamicsecrets.yaml

@@ -6,7 +6,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.16.3
   name: vaultdynamicsecrets.secrets.hashicorp.com
 spec:
   group: secrets.hashicorp.com
@@ -272,7 +272,6 @@ spec:
                     with a timestamp value of when the trigger was executed.
                     E.g. vso.secrets.hashicorp.com/restartedAt: "2023-03-23T13:39:31Z"
 
-
                     Supported resources: Deployment, DaemonSet, StatefulSet, argo.Rollout
                   properties:
                     kind:
@@ -345,11 +344,9 @@ spec:
                 description: |-
                   SecretMAC used when deciding whether new Vault secret data should be synced.
 
-
                   The controller will compare the "new" Vault secret data to this value using HMAC,
                   if they are different, then the data will be synced to the Destination.
 
-
                   The SecretMac is also used to detect drift in the Destination Secret's Data.
                   If drift is detected the data will be synced to the Destination.
                   SecretMAC will only be stored when VaultDynamicSecretSpec.AllowStaticCreds is true.

chart/crds/secrets.hashicorp.com_vaultpkisecrets.yaml

@@ -6,7 +6,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.16.3
   name: vaultpkisecrets.secrets.hashicorp.com
 spec:
   group: secrets.hashicorp.com
@@ -289,7 +289,6 @@ spec:
                     with a timestamp value of when the trigger was executed.
                     E.g. vso.secrets.hashicorp.com/restartedAt: "2023-03-23T13:39:31Z"
 
-
                     Supported resources: Deployment, DaemonSet, StatefulSet, argo.Rollout
                   properties:
                     kind:
@@ -364,11 +363,9 @@ spec:
                 description: |-
                   SecretMAC used when deciding whether new Vault secret data should be synced.
 
-
                   The controller will compare the "new" Vault secret data to this value using HMAC,
                   if they are different, then the data will be synced to the Destination.
 
-
                   The SecretMac is also used to detect drift in the Destination Secret's Data.
                   If drift is detected the data will be synced to the Destination.
                 type: string

chart/crds/secrets.hashicorp.com_vaultstaticsecrets.yaml

@@ -6,7 +6,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.16.3
   name: vaultstaticsecrets.secrets.hashicorp.com
 spec:
   group: secrets.hashicorp.com
@@ -233,7 +233,6 @@ spec:
                     with a timestamp value of when the trigger was executed.
                     E.g. vso.secrets.hashicorp.com/restartedAt: "2023-03-23T13:39:31Z"
 
-
                     Supported resources: Deployment, DaemonSet, StatefulSet, argo.Rollout
                   properties:
                     kind:
@@ -298,11 +297,9 @@ spec:
                 description: |-
                   SecretMAC used when deciding whether new Vault secret data should be synced.
 
-
                   The controller will compare the "new" Vault secret data to this value using HMAC,
                   if they are different, then the data will be synced to the Destination.
 
-
                   The SecretMac is also used to detect drift in the Destination Secret's Data.
                   If drift is detected the data will be synced to the Destination.
                 type: string