rebase: bump the k8s-dependencies group in /e2e with 3 updates

Bumps the k8s-dependencies group in /e2e with 3 updates: [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery), [k8s.io/cloud-provider](https://github.com/kubernetes/cloud-provider) and [k8s.io/pod-security-admission](https://github.com/kubernetes/pod-security-admission). Updates `k8s.io/apimachinery` from 0.32.3 to 0.33.0 - [Commits](https://github.com/kubernetes/apimachinery/compare/v0.32.3...v0.33.0) Updates `k8s.io/cloud-provider` from 0.32.3 to 0.33.0 - [Commits](https://github.com/kubernetes/cloud-provider/compare/v0.32.3...v0.33.0) Updates `k8s.io/pod-security-admission` from 0.32.3 to 0.33.0 - [Commits](https://github.com/kubernetes/pod-security-admission/compare/v0.32.3...v0.33.0) --- updated-dependencies: - dependency-name: k8s.io/apimachinery dependency-version: 0.33.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: k8s-dependencies - dependency-name: k8s.io/cloud-provider dependency-version: 0.33.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: k8s-dependencies - dependency-name: k8s.io/pod-security-admission dependency-version: 0.33.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: k8s-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>
2025-06-13 10:33:35 +00:00 · 2025-05-06 11:20:01 +00:00
parent d52dc2c4ba
commit dd77e72800
359 changed files with 11145 additions and 18557 deletions
--- a/e2e/vendor/k8s.io/apiserver/pkg/cel/environment/base.go
+++ b/e2e/vendor/k8s.io/apiserver/pkg/cel/environment/base.go
@ -32,9 +32,9 @@ import (
 	celconfig "k8s.io/apiserver/pkg/apis/cel"
 	"k8s.io/apiserver/pkg/cel/library"
 	genericfeatures "k8s.io/apiserver/pkg/features"
+	"k8s.io/apiserver/pkg/util/compatibility"
 	utilfeature "k8s.io/apiserver/pkg/util/feature"
-	"k8s.io/component-base/featuregate"
-	utilversion "k8s.io/component-base/version"
+	basecompatibility "k8s.io/component-base/compatibility"
 )

 // DefaultCompatibilityVersion returns a default compatibility version for use with EnvSet
@ -50,9 +50,9 @@ import (
 // A default version number equal to the current Kubernetes major.minor version
 // indicates fast forward CEL features that can be used when rollback is no longer needed.
 func DefaultCompatibilityVersion() *version.Version {
-	effectiveVer := featuregate.DefaultComponentGlobalsRegistry.EffectiveVersionFor(featuregate.DefaultKubeComponent)
+	effectiveVer := compatibility.DefaultComponentGlobalsRegistry.EffectiveVersionFor(basecompatibility.DefaultKubeComponent)
 	if effectiveVer == nil {
-		effectiveVer = utilversion.DefaultKubeEffectiveVersion()
+		effectiveVer = compatibility.DefaultBuildEffectiveVersion()
 	}
 	return effectiveVer.MinCompatibilityVersion()
 }
@ -173,7 +173,14 @@ var baseOptsWithoutStrictCost = []VersionedOptions{
 	{
 		IntroducedVersion: version.MajorMinor(1, 32),
 		EnvOptions: []cel.EnvOption{
-			UnversionedLib(ext.TwoVarComprehensions),
+			ext.TwoVarComprehensions(),
+		},
+	},
+	// Semver
+	{
+		IntroducedVersion: version.MajorMinor(1, 33),
+		EnvOptions: []cel.EnvOption{
+			library.SemverLib(library.SemverVersion(1)),
 		},
 	},
 }
--- a/e2e/vendor/k8s.io/apiserver/pkg/cel/library/cidr.go
+++ b/e2e/vendor/k8s.io/apiserver/pkg/cel/library/cidr.go
@ -160,9 +160,7 @@ var cidrLibraryDecls = map[string][]cel.FunctionOpt{
 }

 func (*cidrs) CompileOptions() []cel.EnvOption {
-	options := []cel.EnvOption{cel.Types(apiservercel.CIDRType),
-		cel.Variable(apiservercel.CIDRType.TypeName(), types.NewTypeTypeWithParam(apiservercel.CIDRType)),
-	}
+	options := []cel.EnvOption{cel.Types(apiservercel.CIDRType)}
 	for name, overloads := range cidrLibraryDecls {
 		options = append(options, cel.Function(name, overloads...))
 	}
@ -231,8 +229,7 @@ func cidrContainsCIDR(arg ref.Val, other ref.Val) ref.Val {
 		return types.MaybeNoSuchOverloadErr(other)
 	}

-	equalMasked := cidr.Prefix.Masked() == netip.PrefixFrom(containsCIDR.Prefix.Addr(), cidr.Prefix.Bits())
-	return types.Bool(equalMasked && cidr.Prefix.Bits() <= containsCIDR.Prefix.Bits())
+	return types.Bool(cidr.Overlaps(containsCIDR.Prefix) && cidr.Prefix.Bits() <= containsCIDR.Prefix.Bits())
 }

 func prefixLength(arg ref.Val) ref.Val {
--- a/e2e/vendor/k8s.io/apiserver/pkg/cel/library/cost.go
+++ b/e2e/vendor/k8s.io/apiserver/pkg/cel/library/cost.go
@ -18,13 +18,14 @@ package library

 import (
 	"fmt"
+	"math"
+
 	"github.com/google/cel-go/checker"
 	"github.com/google/cel-go/common"
 	"github.com/google/cel-go/common/ast"
 	"github.com/google/cel-go/common/types"
 	"github.com/google/cel-go/common/types/ref"
 	"github.com/google/cel-go/common/types/traits"
-	"math"

 	"k8s.io/apiserver/pkg/cel"
 )
@ -202,7 +203,7 @@ func (l *CostEstimator) CallCost(function, overloadId string, args []ref.Val, re

 			return &cost
 		}
-	case "quantity", "isQuantity":
+	case "quantity", "isQuantity", "semver", "isSemver":
 		if len(args) >= 1 {
 			cost := uint64(math.Ceil(float64(actualSize(args[0])) * common.StringTraversalCostFactor))
 			return &cost
@ -236,7 +237,7 @@ func (l *CostEstimator) CallCost(function, overloadId string, args []ref.Val, re
 		// Simply dictionary lookup
 		cost := uint64(1)
 		return &cost
-	case "sign", "asInteger", "isInteger", "asApproximateFloat", "isGreaterThan", "isLessThan", "compareTo", "add", "sub":
+	case "sign", "asInteger", "isInteger", "asApproximateFloat", "isGreaterThan", "isLessThan", "compareTo", "add", "sub", "major", "minor", "patch":
 		cost := uint64(1)
 		return &cost
 	case "getScheme", "getHostname", "getHost", "getPort", "getEscapedPath", "getQuery":
@ -486,7 +487,7 @@ func (l *CostEstimator) EstimateCallCost(function, overloadId string, target *ch

 			return &checker.CallEstimate{CostEstimate: ipCompCost}
 		}
-	case "quantity", "isQuantity":
+	case "quantity", "isQuantity", "semver", "isSemver":
 		if target != nil {
 			sz := l.sizeEstimate(args[0])
 			return &checker.CallEstimate{CostEstimate: sz.MultiplyByCostFactor(common.StringTraversalCostFactor)}
@ -498,7 +499,7 @@ func (l *CostEstimator) EstimateCallCost(function, overloadId string, target *ch
 		}
 	case "format.named":
 		return &checker.CallEstimate{CostEstimate: checker.CostEstimate{Min: 1, Max: 1}}
-	case "sign", "asInteger", "isInteger", "asApproximateFloat", "isGreaterThan", "isLessThan", "compareTo", "add", "sub":
+	case "sign", "asInteger", "isInteger", "asApproximateFloat", "isGreaterThan", "isLessThan", "compareTo", "add", "sub", "major", "minor", "patch":
 		return &checker.CallEstimate{CostEstimate: checker.CostEstimate{Min: 1, Max: 1}}
 	case "getScheme", "getHostname", "getHost", "getPort", "getEscapedPath", "getQuery":
 		// url accessors
--- a/e2e/vendor/k8s.io/apiserver/pkg/cel/library/format.go
+++ b/e2e/vendor/k8s.io/apiserver/pkg/cel/library/format.go
@ -20,7 +20,6 @@ import (
 	"fmt"
 	"net/url"

-	"github.com/asaskevich/govalidator"
 	"github.com/google/cel-go/cel"
 	"github.com/google/cel-go/common/decls"
 	"github.com/google/cel-go/common/types"
@ -32,6 +31,13 @@ import (
 	"k8s.io/kube-openapi/pkg/validation/strfmt"
 )

+var (
+	// base64_length estimate for base64 regex size from github.com/asaskevich/govalidator
+	base64Length = 84
+	// url_length estimate for url regex size from github.com/asaskevich/govalidator
+	urlLength = 1103
+)
+
 // Format provides a CEL library exposing common named Kubernetes string
 // validations. Can be used in CRD ValidationRules messageExpression.
 //
@ -193,7 +199,7 @@ var ConstantFormats = map[string]apiservercel.Format{
 		},
 		// Use govalidator url regex to estimate, since ParseRequestURI
 		// doesnt use regex
-		MaxRegexSize: len(govalidator.URL),
+		MaxRegexSize: urlLength,
 	},
 	"uuid": {
 		Name: "uuid",
@ -213,7 +219,7 @@ var ConstantFormats = map[string]apiservercel.Format{
 			}
 			return nil
 		},
-		MaxRegexSize: len(govalidator.Base64),
+		MaxRegexSize: base64Length,
 	},
 	"date": {
 		Name: "date",
--- a/e2e/vendor/k8s.io/apiserver/pkg/cel/library/ip.go
+++ b/e2e/vendor/k8s.io/apiserver/pkg/cel/library/ip.go
@ -187,9 +187,7 @@ var ipLibraryDecls = map[string][]cel.FunctionOpt{
 }

 func (*ip) CompileOptions() []cel.EnvOption {
-	options := []cel.EnvOption{cel.Types(apiservercel.IPType),
-		cel.Variable(apiservercel.IPType.TypeName(), types.NewTypeTypeWithParam(apiservercel.IPType)),
-	}
+	options := []cel.EnvOption{cel.Types(apiservercel.IPType)}
 	for name, overloads := range ipLibraryDecls {
 		options = append(options, cel.Function(name, overloads...))
 	}
--- a/e2e/vendor/k8s.io/apiserver/pkg/cel/library/semverlib.go
+++ b/e2e/vendor/k8s.io/apiserver/pkg/cel/library/semverlib.go
@ -17,6 +17,10 @@ limitations under the License.
 package library

 import (
+	"errors"
+	"math"
+	"strings"
+
 	"github.com/blang/semver/v4"
 	"github.com/google/cel-go/cel"
 	"github.com/google/cel-go/common/types"
@ -31,8 +35,10 @@ import (
 //
 // Converts a string to a semantic version or results in an error if the string is not a valid semantic version. Refer
 // to semver.org documentation for information on accepted patterns.
-//
+// An optional "normalize" argument can be passed to enable normalization. Normalization removes any "v" prefix, adds a
+// 0 minor and patch numbers to versions with only major or major.minor components specified, and removes any leading 0s.
 //	semver(<string>) <Semver>
+//	semver(<string>, <bool>) <Semver>
 //
 // Examples:
 //
@ -41,19 +47,28 @@ import (
 //	semver('200K') // error
 //	semver('Three') // error
 //	semver('Mi') // error
+//	semver('v1.0.0', true) // Applies normalization to remove the leading "v". Returns a Semver of "1.0.0".
+//	semver('1.0', true) // Applies normalization to add the missing patch version. Returns a Semver of "1.0.0"
+//	semver('01.01.01', true) // Applies normalization to remove leading zeros. Returns a Semver of "1.1.1"
 //
 // isSemver
 //
 // Returns true if a string is a valid Semver. isSemver returns true if and
 // only if semver does not result in error.
+// An optional "normalize" argument can be passed to enable normalization. Normalization removes any "v" prefix, adds a
+// 0 minor and patch numbers to versions with only major or major.minor components specified, and removes any leading 0s.
 //
 //	isSemver( <string>) <bool>
+//	isSemver( <string>, <bool>) <bool>
 //
 // Examples:
 //
 //	isSemver('1.0.0') // returns true
-//	isSemver('v1.0') // returns true (tolerant parsing)
 //	isSemver('hello') // returns false
+//  isSemver('v1.0')  // returns false (leading "v" is not allowed unless normalization is enabled)
+//	isSemver('v1.0', true) // Applies normalization to remove leading "v". returns true
+//	semver('1.0', true) // Applies normalization to add the missing patch version. Returns true
+//	semver('01.01.01', true) // Applies normalization to remove leading zeros. Returns true
 //
 // Conversion to Scalars:
 //
@ -84,13 +99,29 @@ import (
 // semver("1.2.3").compareTo(semver("2.0.0")) // returns -1
 // semver("1.2.3").compareTo(semver("0.1.2")) // returns 1

-func SemverLib() cel.EnvOption {
+func SemverLib(options ...SemverOption) cel.EnvOption {
+	semverLib := &semverLibType{}
+	for _, o := range options {
+		semverLib = o(semverLib)
+	}
 	return cel.Lib(semverLib)
 }

-var semverLib = &semverLibType{}
+var semverLib = &semverLibType{version: math.MaxUint32} // include all versions

-type semverLibType struct{}
+type semverLibType struct {
+	version uint32
+}
+
+// StringsOption is a functional interface for configuring the strings library.
+type SemverOption func(*semverLibType) *semverLibType
+
+func SemverVersion(version uint32) SemverOption {
+	return func(lib *semverLibType) *semverLibType {
+		lib.version = version
+		return lib
+	}
+}

 func (*semverLibType) LibraryName() string {
 	return "kubernetes.Semver"
@ -100,8 +131,8 @@ func (*semverLibType) Types() []*cel.Type {
 	return []*cel.Type{apiservercel.SemverType}
 }

-func (*semverLibType) declarations() map[string][]cel.FunctionOpt {
-	return map[string][]cel.FunctionOpt{
+func (lib *semverLibType) declarations() map[string][]cel.FunctionOpt {
+	fnOpts := map[string][]cel.FunctionOpt{
 		"semver": {
 			cel.Overload("string_to_semver", []*cel.Type{cel.StringType}, apiservercel.SemverType, cel.UnaryBinding((stringToSemver))),
 		},
@ -127,6 +158,11 @@ func (*semverLibType) declarations() map[string][]cel.FunctionOpt {
 			cel.MemberOverload("semver_patch", []*cel.Type{apiservercel.SemverType}, cel.IntType, cel.UnaryBinding(semverPatch)),
 		},
 	}
+	if lib.version >= 1 {
+		fnOpts["semver"] = append(fnOpts["semver"], cel.Overload("string_bool_to_semver", []*cel.Type{cel.StringType, cel.BoolType}, apiservercel.SemverType, cel.BinaryBinding((stringToSemverNormalize))))
+		fnOpts["isSemver"] = append(fnOpts["isSemver"], cel.Overload("is_semver_string_bool", []*cel.Type{cel.StringType, cel.BoolType}, cel.BoolType, cel.BinaryBinding(isSemverNormalize)))
+	}
+	return fnOpts
 }

 func (s *semverLibType) CompileOptions() []cel.EnvOption {
@ -144,16 +180,29 @@ func (*semverLibType) ProgramOptions() []cel.ProgramOption {
 }

 func isSemver(arg ref.Val) ref.Val {
+	return isSemverNormalize(arg, types.Bool(false))
+}
+func isSemverNormalize(arg ref.Val, normalizeArg ref.Val) ref.Val {
 	str, ok := arg.Value().(string)
 	if !ok {
 		return types.MaybeNoSuchOverloadErr(arg)
 	}

+	normalize, ok := normalizeArg.Value().(bool)
+	if !ok {
+		return types.MaybeNoSuchOverloadErr(arg)
+	}
+
 	// Using semver/v4 here is okay because this function isn't
 	// used to validate the Kubernetes API. In the CEL base library
 	// we would have to use the regular expression from
 	// pkg/apis/resource/structured/namedresources/validation/validation.go.
-	_, err := semver.Parse(str)
+	var err error
+	if normalize {
+		_, err = normalizeAndParse(str)
+	} else {
+		_, err = semver.Parse(str)
+	}
 	if err != nil {
 		return types.Bool(false)
 	}
@ -162,17 +211,31 @@ func isSemver(arg ref.Val) ref.Val {
 }

 func stringToSemver(arg ref.Val) ref.Val {
+	return stringToSemverNormalize(arg, types.Bool(false))
+}
+func stringToSemverNormalize(arg ref.Val, normalizeArg ref.Val) ref.Val {
 	str, ok := arg.Value().(string)
 	if !ok {
 		return types.MaybeNoSuchOverloadErr(arg)
 	}

+	normalize, ok := normalizeArg.Value().(bool)
+	if !ok {
+		return types.MaybeNoSuchOverloadErr(arg)
+	}
+
 	// Using semver/v4 here is okay because this function isn't
 	// used to validate the Kubernetes API. In the CEL base library
 	// we would have to use the regular expression from
 	// pkg/apis/resource/structured/namedresources/validation/validation.go
 	// first before parsing.
-	v, err := semver.Parse(str)
+	var err error
+	var v semver.Version
+	if normalize {
+		v, err = normalizeAndParse(str)
+	} else {
+		v, err = semver.Parse(str)
+	}
 	if err != nil {
 		return types.WrapErr(err)
 	}
@ -245,3 +308,37 @@ func semverCompareTo(arg ref.Val, other ref.Val) ref.Val {

 	return types.Int(v.Compare(v2))
 }
+
+// normalizeAndParse removes any "v" prefix,  adds a 0 minor and patch numbers to versions with
+// only major or major.minor components specified, and removes any leading 0s.
+// normalizeAndParse is based on semver.ParseTolerant but does not trim extra whitespace and is
+// guaranteed to not change behavior in the future.
+func normalizeAndParse(s string) (semver.Version, error) {
+	s = strings.TrimPrefix(s, "v")
+
+	// Split into major.minor.(patch+pr+meta)
+	parts := strings.SplitN(s, ".", 3)
+	// Remove leading zeros.
+	for i, p := range parts {
+		if len(p) > 1 {
+			p = strings.TrimLeft(p, "0")
+			if len(p) == 0 || !strings.ContainsAny(p[0:1], "0123456789") {
+				p = "0" + p
+			}
+			parts[i] = p
+		}
+	}
+
+	// Fill up shortened versions.
+	if len(parts) < 3 {
+		if strings.ContainsAny(parts[len(parts)-1], "+-") {
+			return semver.Version{}, errors.New("short version cannot contain PreRelease/Build meta data")
+		}
+		for len(parts) < 3 {
+			parts = append(parts, "0")
+		}
+	}
+	s = strings.Join(parts, ".")
+
+	return semver.Parse(s)
+}