Remove deprecated status fields from OCIRepository v1

Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2025-05-08 11:54:42 +03:00 · 2025-05-08 11:54:42 +03:00 · aadaf1c0aa
parent 34bb9862e6
commit aadaf1c0aa
9 changed files with 5 additions and 83 deletions
--- a/1
+++ b/1
@ -115,7 +115,6 @@ manifests: controller-gen  ## Generate manifests, e.g. CRD, RBAC, etc.
 	cd api; $(CONTROLLER_GEN) $(CRD_OPTIONS) rbac:roleName=manager-role paths="./..." output:crd:artifacts:config="../config/crd/bases"

 api-docs: gen-crd-api-reference-docs  ## Generate API reference documentation
-	$(GEN_CRD_API_REFERENCE_DOCS) -api-dir=./api/v1beta2 -config=./hack/api-docs/config.json -template-dir=./hack/api-docs/template -out-file=./docs/api/v1beta2/source.md
 	$(GEN_CRD_API_REFERENCE_DOCS) -api-dir=./api/v1 -config=./hack/api-docs/config.json -template-dir=./hack/api-docs/template -out-file=./docs/api/v1/source.md

 tidy:  ## Run go mod tidy
--- a/api/v1/ocirepository_types.go
+++ b/api/v1/ocirepository_types.go
@ -108,9 +108,6 @@ type OCIRepositorySpec struct {
 	// authenticating with a certificate; the CA cert is useful if
 	// you are using a self-signed server certificate. The Secret must
 	// be of type `Opaque` or `kubernetes.io/tls`.
-	//
-	// Note: Support for the `caFile`, `certFile` and `keyFile` keys have
-	// been deprecated.
 	// +optional
 	CertSecretRef *meta.LocalObjectReference `json:"certSecretRef,omitempty"`

@ -205,20 +202,6 @@ type OCIRepositoryStatus struct {
 	// +optional
 	Artifact *Artifact `json:"artifact,omitempty"`

-	// ContentConfigChecksum is a checksum of all the configurations related to
-	// the content of the source artifact:
-	//  - .spec.ignore
-	//  - .spec.layerSelector
-	// observed in .status.observedGeneration version of the object. This can
-	// be used to determine if the content configuration has changed and the
-	// artifact needs to be rebuilt.
-	// It has the format of `<algo>:<checksum>`, for example: `sha256:<checksum>`.
-	//
-	// Deprecated: Replaced with explicit fields for observed artifact content
-	// config in the status.
-	// +optional
-	ContentConfigChecksum string `json:"contentConfigChecksum,omitempty"`
-
 	// ObservedIgnore is the observed exclusion patterns used for constructing
 	// the source artifact.
 	// +optional
--- a/config/crd/bases/source.toolkit.fluxcd.io_ocirepositories.yaml
+++ b/config/crd/bases/source.toolkit.fluxcd.io_ocirepositories.yaml
@ -68,9 +68,6 @@ spec:
                  authenticating with a certificate; the CA cert is useful if
                  you are using a self-signed server certificate. The Secret must
                  be of type `Opaque` or `kubernetes.io/tls`.
-
-                  Note: Support for the `caFile`, `certFile` and `keyFile` keys have
-                  been deprecated.
                properties:
                  name:
                    description: Name of the referent.
@ -364,20 +361,6 @@ spec:
                  - type
                  type: object
                type: array
-              contentConfigChecksum:
-                description: |-
-                  ContentConfigChecksum is a checksum of all the configurations related to
-                  the content of the source artifact:
-                   - .spec.ignore
-                   - .spec.layerSelector
-                  observed in .status.observedGeneration version of the object. This can
-                  be used to determine if the content configuration has changed and the
-                  artifact needs to be rebuilt.
-                  It has the format of `<algo>:<checksum>`, for example: `sha256:<checksum>`.
-
-                  Deprecated: Replaced with explicit fields for observed artifact content
-                  config in the status.
-                type: string
              lastHandledReconcileAt:
                description: |-
                  LastHandledReconcileAt holds the value of the most recent
--- a/config/testdata/ocirepository/signed-with-notation.yaml
+++ b/config/testdata/ocirepository/signed-with-notation.yaml
@ -1,5 +1,5 @@
 ---
-apiVersion: source.toolkit.fluxcd.io/v1beta2
+apiVersion: source.toolkit.fluxcd.io/v1
 kind: OCIRepository
 metadata:
  name: podinfo-deploy-signed-with-notation
--- a/docs/api/v1/source.md
+++ b/docs/api/v1/source.md
@ -1196,8 +1196,6 @@ registry. The client cert and key are useful if you are
 authenticating with a certificate; the CA cert is useful if
 you are using a self-signed server certificate. The Secret must
 be of type <code>Opaque</code> or <code>kubernetes.io/tls</code>.</p>
-<p>Note: Support for the <code>caFile</code>, <code>certFile</code> and <code>keyFile</code> keys have
-been deprecated.</p>
 </td>
 </tr>
 <tr>
@ -3296,8 +3294,6 @@ registry. The client cert and key are useful if you are
 authenticating with a certificate; the CA cert is useful if
 you are using a self-signed server certificate. The Secret must
 be of type <code>Opaque</code> or <code>kubernetes.io/tls</code>.</p>
-<p>Note: Support for the <code>caFile</code>, <code>certFile</code> and <code>keyFile</code> keys have
-been deprecated.</p>
 </td>
 </tr>
 <tr>
@ -3457,27 +3453,6 @@ Artifact
 </tr>
 <tr>
 <td>
-<code>contentConfigChecksum</code><br>
-<em>
-string
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>ContentConfigChecksum is a checksum of all the configurations related to
-the content of the source artifact:
- .spec.ignore
- .spec.layerSelector
-observed in .status.observedGeneration version of the object. This can
-be used to determine if the content configuration has changed and the
-artifact needs to be rebuilt.
-It has the format of <code>&lt;algo&gt;:&lt;checksum&gt;</code>, for example: <code>sha256:&lt;checksum&gt;</code>.</p>
-<p>Deprecated: Replaced with explicit fields for observed artifact content
-config in the status.</p>
-</td>
-</tr>
-<tr>
-<td>
 <code>observedIgnore</code><br>
 <em>
 string
--- a/docs/spec/v1/ocirepositories.md
+++ b/docs/spec/v1/ocirepositories.md
@ -326,10 +326,6 @@ data:
  ca.crt: <BASE64>
 ```

-**Warning:** Support for the `caFile`, `certFile` and `keyFile` keys have been
-deprecated. If you have any Secrets using these keys and specified in an
-OCIRepository, the controller will log a deprecation warning.
-
 ### Proxy secret reference

 `.spec.proxySecretRef.name` is an optional field used to specify the name of a
@ -1073,19 +1069,6 @@ configuration issue in the OCIRepository spec. When a reconciliation fails, the
 reconciliation is performed again after the failure, the reason is updated to
 `Progressing`.

-### Content Configuration Checksum
-
-The source-controller calculates the SHA256 checksum of the various
-configurations of the OCIRepository that indicate a change in source and
-records it in `.status.contentConfigChecksum`. This field is used to determine
-if the source artifact needs to be rebuilt.
-
-**Deprecation Note:** `contentConfigChecksum` is no longer used and will be
-removed in the next API version. The individual components used for generating
-content configuration checksum now have explicit fields in the status. This
-makes the observations used by the controller for making artifact rebuild
-decisions more transparent and easier to debug.
-
 ### Observed Ignore

 The source-controller reports an observed ignore in the OCIRepository's
--- a/internal/controller/ocirepository_controller.go
+++ b/internal/controller/ocirepository_controller.go
@ -1225,7 +1225,6 @@ func (r *OCIRepositoryReconciler) reconcileArtifact(ctx context.Context, sp *pat
 	// Record the observations on the object.
 	obj.Status.Artifact = artifact.DeepCopy()
 	obj.Status.Artifact.Metadata = metadata.Metadata
-	obj.Status.ContentConfigChecksum = "" // To be removed in the next API version.
 	obj.Status.ObservedIgnore = obj.Spec.Ignore
 	obj.Status.ObservedLayerSelector = obj.Spec.LayerSelector

--- a/internal/controller/ocirepository_controller_test.go
+++ b/internal/controller/ocirepository_controller_test.go
@ -3028,12 +3028,12 @@ func TestOCIRepository_objectLevelWorkloadIdentityFeatureGate(t *testing.T) {
 	})
 	g.Expect(err).NotTo(HaveOccurred())

-	obj := &ociv1.OCIRepository{
+	obj := &sourcev1.OCIRepository{
 		ObjectMeta: metav1.ObjectMeta{
 			GenerateName: "ocirepository-reconcile",
 			Namespace:    ns.Name,
 		},
-		Spec: ociv1.OCIRepositorySpec{
+		Spec: sourcev1.OCIRepositorySpec{
 			URL:                "oci://ghcr.io/stefanprodan/manifests/podinfo",
 			Interval:           metav1.Duration{Duration: 60 * time.Minute},
 			Provider:           "aws",
@ -3044,7 +3044,7 @@ func TestOCIRepository_objectLevelWorkloadIdentityFeatureGate(t *testing.T) {
 	g.Expect(testEnv.Create(ctx, obj)).To(Succeed())

 	key := client.ObjectKey{Name: obj.Name, Namespace: obj.Namespace}
-	resultobj := &ociv1.OCIRepository{}
+	resultobj := &sourcev1.OCIRepository{}

 	g.Eventually(func() bool {
 		if err := testEnv.Get(ctx, key, resultobj); err != nil {
--- a/internal/controller/suite_test.go
+++ b/internal/controller/suite_test.go
@ -452,7 +452,7 @@ func int64p(i int64) *int64 {
 	return &i
 }

-func logOCIRepoStatus(t *testing.T, obj *sourcev1beta2.OCIRepository) {
+func logOCIRepoStatus(t *testing.T, obj *sourcev1.OCIRepository) {
 	sts, _ := yaml.Marshal(obj.Status)
 	t.Log(string(sts))
 }