Fix code generation (#1536)

**Description of the change**
Code generation wasn't working. This PR fixes it and updates the
generated code:

- Use latest version of `controller-gen` to generate the manifests for
the CRD
- Use `kube_codegen.sh` to generate the client code. The
`generate_groups.sh` script we were using previously has been deprecated
and removed.
- Code generation is now done from a `hack` directory following the
[Kubernetes sample-controller
example](https://github.com/kubernetes/sample-controller/blob/master/hack/update-codegen.sh).
- `make manifests` has been run to update the manifests.
- `make generate` has been run to update the generated code.

---------

Signed-off-by: Alejandro Moreno <[email protected]>

Author: alemorcuq

Makefile

@@ -10,7 +10,7 @@ GO_FLAGS =
 KUBECFG = kubecfg
 DOCKER = docker
 GINKGO = ginkgo -p
-CONTROLLER_GEN ?= controller-gen
+CONTROLLER_GEN ?= go run sigs.k8s.io/controller-tools/cmd/controller-gen@latest
 
 REGISTRY ?= docker.io
 CONTROLLER_IMAGE = $(REGISTRY)/bitnami/sealed-secrets-controller:latest
@@ -45,8 +45,10 @@ GO_LD_FLAGS = -X main.VERSION=$(VERSION)
 
 all: controller kubeseal
 
-generate: $(GO_FILES)
-	$(GO) generate $(GO_PACKAGES)
+generate:
+	$(GO) mod vendor
+	./hack/update-codegen.sh
+	rm -rf vendor
 
 manifests:
 	$(CONTROLLER_GEN) crd:generateEmbeddedObjectMeta=true paths="./pkg/apis/..." output:stdout | tail -n +2 > helm/sealed-secrets/crds/bitnami.com_sealedsecrets.yaml
@@ -128,7 +130,7 @@ lint:
 	 $(GOLANGCILINT) run --enable goimports --timeout=5m
 
 lint-gosec:
-	 $(GOSEC) -r --severity low
+	 $(GOSEC) -r -severity low -exclude-generated
 
 clean:
 	$(RM) ./controller ./kubeseal

pkg/apis/sealedsecrets/v1alpha1/boilerplate.go.txt renamed to hack/boilerplate.go.txt

@@ -5,7 +5,7 @@
 //go:build tools
 // +build tools
 
-package sealedsecrets
+package tools
 
 import (
 	_ "k8s.io/code-generator"

tools.go renamed to hack/tools.go

@@ -0,0 +1,23 @@
+#!/usr/bin/env bash
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+SCRIPT_ROOT=$(dirname "${BASH_SOURCE[0]}")/..
+CODEGEN_PKG=${CODEGEN_PKG:-$(cd "${SCRIPT_ROOT}"; ls -d -1 ./vendor/k8s.io/code-generator 2>/dev/null || echo ../code-generator)}
+
+source "${CODEGEN_PKG}/kube_codegen.sh"
+
+THIS_PKG="github.com/bitnami-labs/sealed-secrets"
+
+kube::codegen::gen_helpers \
+    --boilerplate "${SCRIPT_ROOT}/hack/boilerplate.go.txt" \
+    "${SCRIPT_ROOT}/pkg/apis"
+
+kube::codegen::gen_client \
+    --with-watch \
+    --output-dir "${SCRIPT_ROOT}/pkg/client" \
+    --output-pkg "${THIS_PKG}/pkg/client" \
+    --boilerplate "${SCRIPT_ROOT}/hack/boilerplate.go.txt" \
+    "${SCRIPT_ROOT}/pkg/apis"

hack/update-codegen.sh

@@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.12.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: sealedsecrets.bitnami.com
 spec:
   group: bitnami.com
@@ -26,24 +26,30 @@ spec:
     name: v1alpha1
     schema:
       openAPIV3Schema:
-        description: SealedSecret is the K8s representation of a "sealed Secret" -
-          a regular k8s Secret that has been sealed (encrypted) using the controller's
-          key.
+        description: |-
+          SealedSecret is the K8s representation of a "sealed Secret" - a
+          regular k8s Secret that has been sealed (encrypted) using the
+          controller's key.
         properties:
           apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
             type: string
           kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
             type: string
           metadata:
             type: object
           spec:
-            description: SealedSecretSpec is the specification of a SealedSecret
+            description: SealedSecretSpec is the specification of a SealedSecret.
             properties:
               data:
                 description: Data is deprecated and will be removed eventually. Use
@@ -56,17 +62,27 @@ spec:
                 type: object
                 x-kubernetes-preserve-unknown-fields: true
               template:
-                description: Template defines the structure of the Secret that will
-                  be created from this sealed secret.
+                description: |-
+                  Template defines the structure of the Secret that will be
+                  created from this sealed secret.
                 properties:
                   data:
                     additionalProperties:
                       type: string
-                    description: Keys that should be templated using decrypted data
+                    description: Keys that should be templated using decrypted data.
                     nullable: true
                     type: object
+                  immutable:
+                    description: |-
+                      Immutable, if set to true, ensures that data stored in the Secret cannot
+                      be updated (only object metadata can be modified).
+                      If not set to true, the field can be modified at any time.
+                      Defaulted to nil.
+                    type: boolean
                   metadata:
-                    description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
+                    description: |-
+                      Standard object's metadata.
+                      More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata
                     nullable: true
                     properties:
                       annotations:
@@ -91,10 +107,6 @@ spec:
                     description: Used to facilitate programmatic handling of secret
                       data.
                     type: string
-                  immutable:
-                    description: 'Immutable, if set to true, ensures that data stored in the Secret cannot be updated (only object metadata can be modified).
-                      If not set to true, the field can be modified at any time. Defaulted to nil.'
-                    type: boolean
                 type: object
             required:
             - encryptedData
@@ -127,12 +139,14 @@ spec:
                       description: The reason for the condition's last transition.
                       type: string
                     status:
-                      description: 'Status of the condition for a sealed secret. Valid
-                        values for "Synced": "True", "False", or "Unknown".'
+                      description: |-
+                        Status of the condition for a sealed secret.
+                        Valid values for "Synced": "True", "False", or "Unknown".
                       type: string
                     type:
-                      description: 'Type of condition for a sealed secret. Valid value:
-                        "Synced"'
+                      description: |-
+                        Type of condition for a sealed secret.
+                        Valid value: "Synced"
                       type: string
                   required:
                   - status

helm/sealed-secrets/crds/bitnami.com_sealedsecrets.yaml

@@ -1,5 +1,3 @@
-// go mod vendor doesn't preserve executable perm bits
-//go:generate bash -c "go mod download && cd ../../../.. && bash $(go list -mod=mod -m -f '{{.Dir}}' k8s.io/code-generator)/generate-groups.sh deepcopy,client,informer,lister github.com/bitnami-labs/sealed-secrets/pkg/client github.com/bitnami-labs/sealed-secrets/pkg/apis sealedsecrets:v1alpha1 --go-header-file pkg/apis/sealedsecrets/v1alpha1/boilerplate.go.txt --trim-path-prefix github.com/bitnami-labs/sealed-secrets"
 // +k8s:deepcopy-gen=package,register
 
 // +groupName=bitnami.com

pkg/apis/sealedsecrets/v1alpha1/doc.go

@@ -1,16 +1,28 @@
 openAPIV3Schema:
-  description: SealedSecret is the K8s representation of a "sealed Secret" - a regular k8s Secret that has been sealed (encrypted) using the controller's key.
+  description: |-
+    SealedSecret is the K8s representation of a "sealed Secret" - a
+    regular k8s Secret that has been sealed (encrypted) using the
+    controller's key.
   properties:
     apiVersion:
-      description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+      description: |-
+        APIVersion defines the versioned schema of this representation of an object.
+        Servers should convert recognized schemas to the latest internal value, and
+        may reject unrecognized values.
+        More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
       type: string
     kind:
-      description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+      description: |-
+        Kind is a string value representing the REST resource this object represents.
+        Servers may infer this from the endpoint the client submits requests to.
+        Cannot be updated.
+        In CamelCase.
+        More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
       type: string
     metadata:
       type: object
     spec:
-      description: SealedSecretSpec is the specification of a SealedSecret
+      description: SealedSecretSpec is the specification of a SealedSecret.
       properties:
         data:
           description: Data is deprecated and will be removed eventually. Use per-value EncryptedData instead.
@@ -22,16 +34,27 @@ openAPIV3Schema:
           type: object
           x-kubernetes-preserve-unknown-fields: true
         template:
-          description: Template defines the structure of the Secret that will be created from this sealed secret.
+          description: |-
+            Template defines the structure of the Secret that will be
+            created from this sealed secret.
           properties:
             data:
               additionalProperties:
                 type: string
-              description: Keys that should be templated using decrypted data
+              description: Keys that should be templated using decrypted data.
               nullable: true
               type: object
+            immutable:
+              description: |-
+                Immutable, if set to true, ensures that data stored in the Secret cannot
+                be updated (only object metadata can be modified).
+                If not set to true, the field can be modified at any time.
+                Defaulted to nil.
+              type: boolean
             metadata:
-              description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
+              description: |-
+                Standard object's metadata.
+                More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata
               nullable: true
               properties:
                 annotations:
@@ -55,9 +78,6 @@ openAPIV3Schema:
             type:
               description: Used to facilitate programmatic handling of secret data.
               type: string
-            immutable:
-              description: 'Immutable, if set to true, ensures that data stored in the Secret cannot be updated (only object metadata can be modified). If not set to true, the field can be modified at any time. Defaulted to nil.'
-              type: boolean
           type: object
       required:
         - encryptedData
@@ -85,10 +105,14 @@ openAPIV3Schema:
                 description: The reason for the condition's last transition.
                 type: string
               status:
-                description: 'Status of the condition for a sealed secret. Valid values for "Synced": "True", "False", or "Unknown".'
+                description: |-
+                  Status of the condition for a sealed secret.
+                  Valid values for "Synced": "True", "False", or "Unknown".
                 type: string
               type:
-                description: 'Type of condition for a sealed secret. Valid value: "Synced"'
+                description: |-
+                  Type of condition for a sealed secret.
+                  Valid value: "Synced"
                 type: string
             required:
               - status