Merge pull request #50269 from stevekuznetsov/skuznets/import-restrictions

Automatic merge from submit-queue Rewrite staging import verifier in Go Signed-off-by: Steve Kuznetsov <skuznets@redhat.com> **What this PR does / why we need it**: Maintaining Bash is nobody's idea of fun. The declarative config is infinitely easier to read, as well. **Special notes for your reviewer**: @sttts still trying to figure out the rules you have encoded in the shell script... very confusing. Please review the `kube-gen` specifically. **Release note**: ```release-note NONE ```
2025-09-26 04:36:00 +00:00 · 2017-08-11 00:37:13 -07:00
parent a227c1ea2c 54809de387
commit 7adb675003
5 changed files with 417 additions and 75 deletions
--- a/hack/staging-import-restrictions.json
+++ b/hack/staging-import-restrictions.json
@@ -0,0 +1,102 @@
+[
+  {
+    "baseImportPath": "./vendor/k8s.io/apimachinery/",
+    "allowedImports": [
+      "k8s.io/apimachinery",
+      "k8s.io/kube-openapi"
+    ]
+  },
+  {
+    "baseImportPath": "./vendor/k8s.io/api/",
+    "allowedImports": [
+      "k8s.io/api",
+      "k8s.io/apimachinery"
+    ]
+  },
+  {
+    "baseImportPath": "./vendor/k8s.io/kube-gen/",
+    "ignoredSubTrees": [
+      "./vendor/k8s.io/kube-gen/test"
+    ],
+    "allowedImports": [
+      "k8s.io/gengo",
+      "k8s.io/kube-gen",
+      "k8s.io/kube-openapi"
+    ]
+  },
+  {
+    "baseImportPath": "./vendor/k8s.io/kube-gen/test/",
+    "allowedImports": [
+      "k8s.io/apimachinery",
+      "k8s.io/client-go",
+      "k8s.io/gengo",
+      "k8s.io/kube-gen/test",
+      "k8s.io/kube-openapi"
+    ]
+  },
+  {
+    "baseImportPath": "./vendor/k8s.io/client-go/",
+    "allowedImports": [
+      "k8s.io/api",
+      "k8s.io/apimachinery",
+      "k8s.io/client-go"
+    ]
+  },
+  {
+    "baseImportPath": "./vendor/k8s.io/apiserver/",
+    "allowedImports": [
+      "k8s.io/api",
+      "k8s.io/apimachinery",
+      "k8s.io/apiserver",
+      "k8s.io/client-go",
+      "k8s.io/kube-openapi"
+    ]
+  },
+  {
+    "baseImportPath": "./vendor/k8s.io/metrics/",
+    "allowedImports": [
+      "k8s.io/api",
+      "k8s.io/apimachinery",
+      "k8s.io/client-go",
+      "k8s.io/metrics"
+    ]
+  },
+  {
+    "baseImportPath": "./vendor/k8s.io/kube-aggregator/",
+    "allowedImports": [
+      "k8s.io/api",
+      "k8s.io/apimachinery",
+      "k8s.io/apiserver",
+      "k8s.io/client-go",
+      "k8s.io/kube-aggregator",
+      "k8s.io/kube-openapi"
+    ]
+  },
+  {
+    "baseImportPath": "./vendor/k8s.io/sample-apiserver/",
+    "allowedImports": [
+      "k8s.io/api",
+      "k8s.io/apimachinery",
+      "k8s.io/apiserver",
+      "k8s.io/client-go",
+      "k8s.io/sample-apiserver"
+    ]
+  },
+  {
+    "baseImportPath": "./vendor/k8s.io/apiextensions-apiserver/",
+    "allowedImports": [
+      "k8s.io/api",
+      "k8s.io/apiextensions-apiserver",
+      "k8s.io/apimachinery",
+      "k8s.io/apiserver",
+      "k8s.io/client-go"
+    ]
+  },
+  {
+    "baseImportPath": "./vendor/k8s.io/kube-openapi/",
+    "allowedImports": [
+      "k8s.io/kube-openapi",
+      "k8s.io/gengo"
+    ]
+  }
+]
--- a/hack/verify-staging-imports.sh
+++ b/hack/verify-staging-imports.sh
@@ -23,82 +23,19 @@ source "${KUBE_ROOT}/hack/lib/init.sh"

 kube::golang::setup_env

-function print_forbidden_imports () {
-    set -o errexit # this was unset by ||
-    local REPO="${1%%/*}" # everything in front of the /
+make -C "${KUBE_ROOT}" WHAT=cmd/importverifier

-    # find packages with extended glob support of bash (supports inversion)
-    local PACKAGES=($(
-      shopt -s extglob;
-      eval ls -d -1 ./vendor/k8s.io/${1}/
-    ))
+# Find binary
+importverifier=$(kube::util::find-binary "importverifier")

-    shift
-    local RE=""
-    local SEP=""
-    for CLAUSE in "$@"; do
-        RE+="${SEP}${CLAUSE}"
-        SEP='\|'
-    done
-    local FORBIDDEN=$(
-        go list -f $'{{with $package := .ImportPath}}{{range $.Imports}}{{$package}} imports {{.}}\n{{end}}{{end}}' "${PACKAGES[@]/%/...}" |
-        sed 's|^k8s.io/kubernetes/vendor/||;s| k8s.io/kubernetes/vendor/| |' |
-        grep -v " k8s.io/${REPO}" |
-        grep " k8s.io/" |
-        grep -v -e "imports \(${RE}\)"
-    )
-    if [ -n "${FORBIDDEN}" ]; then
-        echo "${REPO} has a forbidden dependency:"
-        echo
-        echo "${FORBIDDEN}" | sed 's/^/  /'
-        echo
-        return 1
-    fi
-    local TEST_FORBIDDEN=$(
-        go list -f $'{{with $package := .ImportPath}}{{range $.TestImports}}{{$package}} imports {{.}}\n{{end}}{{end}}' "${PACKAGES[@]/%/...}" |
-        sed 's|^k8s.io/kubernetes/vendor/||;s| k8s.io/kubernetes/vendor/| |' |
-        grep -v " k8s.io/${REPO}" |
-        grep " k8s.io/" |
-        grep -v -e "imports \(${RE}\)"
-    )
-    if [ -n "${TEST_FORBIDDEN}" ]; then
-        echo "${REPO} has a forbidden dependency in test code:"
-        echo
-        echo "${TEST_FORBIDDEN}" | sed 's/^/  /'
-        echo
-        return 1
-    fi
-    return 0
-}
-
-RC=0
-print_forbidden_imports apimachinery k8s.io/kube-openapi || RC=1
-print_forbidden_imports api k8s.io/apimachinery || RC=1
-print_forbidden_imports kube-gen k8s.io/apimachinery k8s.io/client-go k8s.io/gengo k8s.io/kube-openapi || RC=1
-print_forbidden_imports 'kube-gen/!(test)' k8s.io/gengo k8s.io/kube-openapi || RC=1
-print_forbidden_imports kube-gen/test k8s.io/apimachinery k8s.io/client-go || RC=1
-print_forbidden_imports client-go k8s.io/apimachinery k8s.io/api || RC=1
-print_forbidden_imports apiserver k8s.io/apimachinery k8s.io/client-go k8s.io/api k8s.io/kube-openapi || RC=1
-print_forbidden_imports metrics k8s.io/apimachinery k8s.io/client-go k8s.io/api || RC=1
-print_forbidden_imports kube-aggregator k8s.io/apimachinery k8s.io/client-go k8s.io/apiserver k8s.io/api k8s.io/kube-openapi || RC=1
-print_forbidden_imports sample-apiserver k8s.io/apimachinery k8s.io/client-go k8s.io/apiserver k8s.io/api || RC=1
-print_forbidden_imports apiextensions-apiserver k8s.io/apimachinery k8s.io/client-go k8s.io/apiserver k8s.io/api || RC=1
-print_forbidden_imports kube-openapi k8s.io/gengo || RC=1
-if [ ${RC} != 0 ]; then
-    exit ${RC}
+if [[ ! -x "$importverifier" ]]; then
+  {
+    echo "It looks as if you don't have a compiled importverifier binary"
+    echo
+    echo "If you are running from a clone of the git repo, please run"
+    echo "'make WHAT=cmd/importverifier'."
+  } >&2
+  exit 1
 fi

-if grep -rq '// import "k8s.io/kubernetes/' 'staging/'; then
-	echo 'file has "// import "k8s.io/kubernetes/"'
-	exit 1
-fi
-
-for EXAMPLE in vendor/k8s.io/client-go/examples/{in-cluster-client-configuration,out-of-cluster-client-configuration} vendor/k8s.io/apiextensions-apiserver/examples ; do
-	test -d "${EXAMPLE}" # make sure example is still there
-	if go list -f '{{ join .Deps "\n" }}' "./${EXAMPLE}/..." | sort | uniq | grep -q k8s.io/client-go/plugin; then
-		echo "${EXAMPLE} imports client-go plugins by default, but shouldn't."
-		exit 1
-	fi
-done
-
-exit 0
+"${importverifier}" "k8s.io/" "${KUBE_ROOT}/hack/staging-import-restrictions.json"