From ebfefc0bd052cf37d9f7d27eab675be79c67e562 Mon Sep 17 00:00:00 2001
From: Lukas Krejci <metlos@users.noreply.github.com>
Date: Tue, 8 Oct 2024 17:22:15 +0200
Subject: [PATCH] Remove the deprecated ToolchainCluster.Spec fields (#448)

Note that the spec.apiEndpoint has not been removed but merely made optional.

We need this indirection because we need to make the removal in two
steps so that the potentially different versions of the CRD in host and
member stay compatible.
---
 api/v1alpha1/docs/apiref.adoc          | 38 +++----------------------
 api/v1alpha1/toolchaincluster_types.go | 39 ++++----------------------
 api/v1alpha1/zz_generated.deepcopy.go  |  7 +----
 api/v1alpha1/zz_generated.openapi.go   | 34 ++--------------------
 4 files changed, 14 insertions(+), 104 deletions(-)

diff --git a/api/v1alpha1/docs/apiref.adoc b/api/v1alpha1/docs/apiref.adoc
index ec66d323..1cd03f22 100644
--- a/api/v1alpha1/docs/apiref.adoc
+++ b/api/v1alpha1/docs/apiref.adoc
@@ -3063,22 +3063,6 @@ Supported condition types: ConditionReady + |  |
 |===
 
 
-[id="{anchor_prefix}-github-com-codeready-toolchain-api-api-v1alpha1-tlsvalidation"]
-==== TLSValidation
-
-_Underlying type:_ _string_
-
-
-
-
-
-.Appears In:
-****
-- xref:{anchor_prefix}-github-com-codeready-toolchain-api-api-v1alpha1-toolchainclusterspec[$$ToolchainClusterSpec$$]
-****
-
-
-
 [id="{anchor_prefix}-github-com-codeready-toolchain-api-api-v1alpha1-tiertemplate"]
 ==== TierTemplate
 
@@ -3354,27 +3338,13 @@ ToolchainClusterSpec defines the desired state of ToolchainCluster
 hostname:port, IP or IP:port. +
 
 
-Be aware that this field is going to be replaced with +
-the Status.APIEndpoint in the future. + |  | 
-| *`caBundle`* __string__ | CABundle contains the certificate authority information. +
+Be aware that this is kept in the spec only for compatibility reasons +
+and doesn't serve any purpose. Use the Status.APIEndpoint instead. +
 
 
-Note that this is going to be deprecated and removed. It will be replaced by a field in +
-the kubecondig of the connection secret + |  | 
-| *`secretRef`* __xref:{anchor_prefix}-github-com-codeready-toolchain-api-api-v1alpha1-localsecretreference[$$LocalSecretReference$$]__ | Name of the secret containing the token required to access the +
-member cluster. The secret needs to exist in the same namespace +
-as the control plane and should have a "token" key. +
-
-
-In the near future, the secret will contain the whole kubeconfig required to connect +
+Deprecated: This is not used for anything. + |  | 
+| *`secretRef`* __xref:{anchor_prefix}-github-com-codeready-toolchain-api-api-v1alpha1-localsecretreference[$$LocalSecretReference$$]__ | Name of the secret containing the kubeconfig required to connect +
 to the cluster. + |  | 
-| *`disabledTLSValidations`* __xref:{anchor_prefix}-github-com-codeready-toolchain-api-api-v1alpha1-tlsvalidation[$$TLSValidation$$] array__ | DisabledTLSValidations defines a list of checks to ignore when validating +
-the TLS connection to the member cluster.  This can be any of *, SubjectName, or ValidityPeriod. +
-If * is specified, it is expected to be the only option in list. +
-
-
-Note that this is going to be deprecated and removed. It will be replaced by +
-the kubeconfig stored in the connection secret. + |  | 
 |===
 
 
diff --git a/api/v1alpha1/toolchaincluster_types.go b/api/v1alpha1/toolchaincluster_types.go
index fa8b5bb4..c30ad46e 100644
--- a/api/v1alpha1/toolchaincluster_types.go
+++ b/api/v1alpha1/toolchaincluster_types.go
@@ -21,49 +21,22 @@ const (
 	ToolchainClusterLabel = LabelKeyPrefix + "toolchain-cluster"
 )
 
-type TLSValidation string
-
-const (
-	TLSAll            TLSValidation = "*"
-	TLSSubjectName    TLSValidation = "SubjectName"
-	TLSValidityPeriod TLSValidation = "ValidityPeriod"
-)
-
 // ToolchainClusterSpec defines the desired state of ToolchainCluster
 // +k8s:openapi-gen=true
 type ToolchainClusterSpec struct {
 	// The API endpoint of the member cluster. This can be a hostname,
 	// hostname:port, IP or IP:port.
 	//
-	// Be aware that this field is going to be replaced with
-	// the Status.APIEndpoint in the future.
-	APIEndpoint string `json:"apiEndpoint"`
-
-	// CABundle contains the certificate authority information.
-	// +optional
+	// Be aware that this is kept in the spec only for compatibility reasons
+	// and doesn't serve any purpose. Use the Status.APIEndpoint instead.
 	//
-	// Note that this is going to be deprecated and removed. It will be replaced by a field in
-	// the kubecondig of the connection secret
-	CABundle string `json:"caBundle,omitempty"`
+	// Deprecated: This is not used for anything.
+	// +optional
+	APIEndpoint string `json:"apiEndpoint,omitempty"`
 
-	// Name of the secret containing the token required to access the
-	// member cluster. The secret needs to exist in the same namespace
-	// as the control plane and should have a "token" key.
-	//
-	// In the near future, the secret will contain the whole kubeconfig required to connect
+	// Name of the secret containing the kubeconfig required to connect
 	// to the cluster.
 	SecretRef LocalSecretReference `json:"secretRef"`
-
-	// DisabledTLSValidations defines a list of checks to ignore when validating
-	// the TLS connection to the member cluster.  This can be any of *, SubjectName, or ValidityPeriod.
-	// If * is specified, it is expected to be the only option in list.
-	//
-	// Note that this is going to be deprecated and removed. It will be replaced by
-	// the kubeconfig stored in the connection secret.
-	//
-	// +optional
-	// +listType=set
-	DisabledTLSValidations []TLSValidation `json:"disabledTLSValidations,omitempty"`
 }
 
 // LocalSecretReference is a reference to a secret within the enclosing
diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go
index 5df3a56c..3ebacf6e 100644
--- a/api/v1alpha1/zz_generated.deepcopy.go
+++ b/api/v1alpha1/zz_generated.deepcopy.go
@@ -3211,7 +3211,7 @@ func (in *ToolchainCluster) DeepCopyInto(out *ToolchainCluster) {
 	*out = *in
 	out.TypeMeta = in.TypeMeta
 	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
-	in.Spec.DeepCopyInto(&out.Spec)
+	out.Spec = in.Spec
 	in.Status.DeepCopyInto(&out.Status)
 }
 
@@ -3294,11 +3294,6 @@ func (in *ToolchainClusterList) DeepCopyObject() runtime.Object {
 func (in *ToolchainClusterSpec) DeepCopyInto(out *ToolchainClusterSpec) {
 	*out = *in
 	out.SecretRef = in.SecretRef
-	if in.DisabledTLSValidations != nil {
-		in, out := &in.DisabledTLSValidations, &out.DisabledTLSValidations
-		*out = make([]TLSValidation, len(*in))
-		copy(*out, *in)
-	}
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ToolchainClusterSpec.
diff --git a/api/v1alpha1/zz_generated.openapi.go b/api/v1alpha1/zz_generated.openapi.go
index 9ef0afce..2e69ff82 100644
--- a/api/v1alpha1/zz_generated.openapi.go
+++ b/api/v1alpha1/zz_generated.openapi.go
@@ -4593,48 +4593,20 @@ func schema_codeready_toolchain_api_api_v1alpha1_ToolchainClusterSpec(ref common
 				Properties: map[string]spec.Schema{
 					"apiEndpoint": {
 						SchemaProps: spec.SchemaProps{
-							Description: "The API endpoint of the member cluster. This can be a hostname, hostname:port, IP or IP:port.\n\nBe aware that this field is going to be replaced with the Status.APIEndpoint in the future.",
-							Default:     "",
-							Type:        []string{"string"},
-							Format:      "",
-						},
-					},
-					"caBundle": {
-						SchemaProps: spec.SchemaProps{
-							Description: "CABundle contains the certificate authority information.\n\nNote that this is going to be deprecated and removed. It will be replaced by a field in the kubecondig of the connection secret",
+							Description: "The API endpoint of the member cluster. This can be a hostname, hostname:port, IP or IP:port.\n\nBe aware that this is kept in the spec only for compatibility reasons and doesn't serve any purpose. Use the Status.APIEndpoint instead.\n\nDeprecated: This is not used for anything.",
 							Type:        []string{"string"},
 							Format:      "",
 						},
 					},
 					"secretRef": {
 						SchemaProps: spec.SchemaProps{
-							Description: "Name of the secret containing the token required to access the member cluster. The secret needs to exist in the same namespace as the control plane and should have a \"token\" key.\n\nIn the near future, the secret will contain the whole kubeconfig required to connect to the cluster.",
+							Description: "Name of the secret containing the kubeconfig required to connect to the cluster.",
 							Default:     map[string]interface{}{},
 							Ref:         ref("github.com/codeready-toolchain/api/api/v1alpha1.LocalSecretReference"),
 						},
 					},
-					"disabledTLSValidations": {
-						VendorExtensible: spec.VendorExtensible{
-							Extensions: spec.Extensions{
-								"x-kubernetes-list-type": "set",
-							},
-						},
-						SchemaProps: spec.SchemaProps{
-							Description: "DisabledTLSValidations defines a list of checks to ignore when validating the TLS connection to the member cluster.  This can be any of *, SubjectName, or ValidityPeriod. If * is specified, it is expected to be the only option in list.\n\nNote that this is going to be deprecated and removed. It will be replaced by the kubeconfig stored in the connection secret.",
-							Type:        []string{"array"},
-							Items: &spec.SchemaOrArray{
-								Schema: &spec.Schema{
-									SchemaProps: spec.SchemaProps{
-										Default: "",
-										Type:    []string{"string"},
-										Format:  "",
-									},
-								},
-							},
-						},
-					},
 				},
-				Required: []string{"apiEndpoint", "secretRef"},
+				Required: []string{"secretRef"},
 			},
 		},
 		Dependencies: []string{