From 9d8fcb12ba35c291e5668b44b035d494be3e08b6 Mon Sep 17 00:00:00 2001
From: Alejandro Moreno <amorenoc@vmware.com>
Date: Tue, 13 Sep 2022 16:13:13 +0200
Subject: [PATCH] Fix schema validation errors (#957)

---
 Makefile                                      |  1 -
 helm/sealed-secrets/Chart.yaml                |  2 +-
 .../crds/bitnami.com_sealedsecrets.yaml       | 10 +-
 pkg/apis/sealedsecrets/v1alpha1/types.go      |  2 +
 schema-v1alpha1.yaml                          | 99 ++++++++++++++++++-
 5 files changed, 102 insertions(+), 12 deletions(-)

diff --git a/Makefile b/Makefile
index 62a556fc8a..18c3a61483 100644
--- a/Makefile
+++ b/Makefile
@@ -55,7 +55,6 @@ generate: $(GO_FILES)
 	cp -r gentmp/github.com/bitnami-labs/sealed-secrets/pkg . && rm gentmp/ -rf
 
 manifests:
-	$(call go-get-tool,$(CONTROLLER_GEN),sigs.k8s.io/controller-tools/cmd/controller-gen@v0.8.0)
 	$(CONTROLLER_GEN) crd paths="./pkg/apis/..."  output:crd:artifacts:config=helm/sealed-secrets/crds/
 
 controller: $(GO_FILES)
diff --git a/helm/sealed-secrets/Chart.yaml b/helm/sealed-secrets/Chart.yaml
index 4df02de8b2..1bc1e17171 100644
--- a/helm/sealed-secrets/Chart.yaml
+++ b/helm/sealed-secrets/Chart.yaml
@@ -14,4 +14,4 @@ maintainers:
     url: https://github.com/bitnami-labs/sealed-secrets
 name: sealed-secrets
 type: application
-version: 2.6.3
+version: 2.6.4
diff --git a/helm/sealed-secrets/crds/bitnami.com_sealedsecrets.yaml b/helm/sealed-secrets/crds/bitnami.com_sealedsecrets.yaml
index 8370a43d7c..d7230fbffe 100644
--- a/helm/sealed-secrets/crds/bitnami.com_sealedsecrets.yaml
+++ b/helm/sealed-secrets/crds/bitnami.com_sealedsecrets.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.8.0
+    controller-gen.kubebuilder.io/version: v0.9.2
   creationTimestamp: null
   name: sealedsecrets.bitnami.com
 spec:
@@ -55,10 +55,12 @@ spec:
                     additionalProperties:
                       type: string
                     description: Keys that should be templated using decrypted data
+                    nullable: true
                     type: object
                   metadata:
                     description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
                     type: object
+                    x-kubernetes-preserve-unknown-fields: true
                   type:
                     description: Used to facilitate programmatic handling of secret
                       data.
@@ -118,9 +120,3 @@ spec:
         type: object
     served: true
     storage: true
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []
diff --git a/pkg/apis/sealedsecrets/v1alpha1/types.go b/pkg/apis/sealedsecrets/v1alpha1/types.go
index bb66c8f716..8bf765e8c2 100644
--- a/pkg/apis/sealedsecrets/v1alpha1/types.go
+++ b/pkg/apis/sealedsecrets/v1alpha1/types.go
@@ -35,6 +35,7 @@ type SecretTemplateSpec struct {
 	// Standard object's metadata.
 	// More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata
 	// +optional
+	// +kubebuilder:validation:XPreserveUnknownFields
 	metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`
 
 	// Used to facilitate programmatic handling of secret data.
@@ -43,6 +44,7 @@ type SecretTemplateSpec struct {
 
 	// Keys that should be templated using decrypted data
 	// +optional
+	// +nullable
 	Data map[string]string `json:"data,omitempty"`
 }
 
diff --git a/schema-v1alpha1.yaml b/schema-v1alpha1.yaml
index 905d17748c..9dc3356ee9 100644
--- a/schema-v1alpha1.yaml
+++ b/schema-v1alpha1.yaml
@@ -1,8 +1,101 @@
 openAPIV3Schema:
-  type: object
+  description: SealedSecret is the K8s representation of a "sealed Secret" -
+    a regular k8s Secret that has been sealed (encrypted) using the controller's
+    key.
   properties:
+    apiVersion:
+      description: 'APIVersion defines the versioned schema of this representation
+        of an object. Servers should convert recognized schemas to the latest
+        internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+      type: string
+    kind:
+      description: 'Kind is a string value representing the REST resource this
+        object represents. Servers may infer this from the endpoint the client
+        submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+      type: string
+    metadata:
+      type: object
     spec:
+      description: SealedSecretSpec is the specification of a SealedSecret
+      properties:
+        data:
+          description: Data is deprecated and will be removed eventually. Use
+            per-value EncryptedData instead.
+          format: byte
+          type: string
+        encryptedData:
+          additionalProperties:
+            type: string
+          type: object
+          x-kubernetes-preserve-unknown-fields: true
+        template:
+          description: Template defines the structure of the Secret that will
+            be created from this sealed secret.
+          properties:
+            data:
+              additionalProperties:
+                type: string
+              description: Keys that should be templated using decrypted data
+              nullable: true
+              type: object
+            metadata:
+              description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
+              type: object
+              x-kubernetes-preserve-unknown-fields: true
+            type:
+              description: Used to facilitate programmatic handling of secret
+                data.
+              type: string
+          type: object
+      required:
+      - encryptedData
       type: object
-      x-kubernetes-preserve-unknown-fields: true
     status:
-      x-kubernetes-preserve-unknown-fields: true
+      description: SealedSecretStatus is the most recently observed status of
+        the SealedSecret.
+      properties:
+        conditions:
+          description: Represents the latest available observations of a sealed
+            secret's current state.
+          items:
+            description: SealedSecretCondition describes the state of a sealed
+              secret at a certain point.
+            properties:
+              lastTransitionTime:
+                description: Last time the condition transitioned from one status
+                  to another.
+                format: date-time
+                type: string
+              lastUpdateTime:
+                description: The last time this condition was updated.
+                format: date-time
+                type: string
+              message:
+                description: A human readable message indicating details about
+                  the transition.
+                type: string
+              reason:
+                description: The reason for the condition's last transition.
+                type: string
+              status:
+                description: 'Status of the condition for a sealed secret. Valid
+                  values for "Synced": "True", "False", or "Unknown".'
+                type: string
+              type:
+                description: 'Type of condition for a sealed secret. Valid value:
+                  "Synced"'
+                type: string
+            required:
+            - status
+            - type
+            type: object
+          type: array
+        observedGeneration:
+          description: ObservedGeneration reflects the generation most recently
+            observed by the sealed-secrets controller.
+          format: int64
+          type: integer
+      type: object
+  required:
+  - spec
+  type: object