openshift
diff --git a/‎pkg/features/kube_features.go‎
Lines changed: 6 additions & 0 deletions b/‎pkg/features/kube_features.go‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎staging/src/k8s.io/apiextensions-apiserver/go.mod‎
Lines changed: 1 addition & 1 deletion b/‎staging/src/k8s.io/apiextensions-apiserver/go.mod‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎staging/src/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/validation/validation.go‎
Lines changed: 1 addition & 1 deletion b/‎staging/src/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/validation/validation.go‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎staging/src/k8s.io/apiextensions-apiserver/pkg/apiserver/customresource_handler.go‎
Lines changed: 6 additions & 7 deletions b/‎staging/src/k8s.io/apiextensions-apiserver/pkg/apiserver/customresource_handler.go‎
Lines changed: 6 additions & 7 deletions
@@ -17,6 +17,7 @@ limitations under the License.
 package features
 
 import (
+	apiextensionsfeatures "k8s.io/apiextensions-apiserver/pkg/features"
 	"k8s.io/apimachinery/pkg/util/runtime"
 	genericfeatures "k8s.io/apiserver/pkg/features"
 	utilfeature "k8s.io/apiserver/pkg/util/feature"
@@ -1191,6 +1192,11 @@ var defaultKubernetesFeatureGates = map[featuregate.Feature]featuregate.FeatureS
 
 	genericfeatures.ServerSideFieldValidation: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in 1.29
 
+	// inherited features from apiextensions-apiserver, relisted here to get a conflict if it is changed
+	// unintentionally on either side:
+
+	apiextensionsfeatures.CRDValidationRatcheting: {Default: false, PreRelease: featuregate.Alpha},
+
 	// features that enable backwards compatibility but are scheduled to be removed
 	// ...
 	HPAScaleToZero: {Default: false, PreRelease: featuregate.Alpha},
 
@@ -6,6 +6,7 @@ go 1.20
 
 require (
 	github.com/emicklei/go-restful/v3 v3.9.0
+	github.com/evanphx/json-patch v5.6.0+incompatible
 	github.com/gogo/protobuf v1.3.2
 	github.com/google/cel-go v0.16.0
 	github.com/google/gnostic-models v0.6.8
@@ -49,7 +50,6 @@ require (
 	github.com/coreos/go-systemd/v22 v22.5.0 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/dustin/go-humanize v1.0.1 // indirect
-	github.com/evanphx/json-patch v5.6.0+incompatible // indirect
 	github.com/felixge/httpsnoop v1.0.3 // indirect
 	github.com/fsnotify/fsnotify v1.6.0 // indirect
 	github.com/go-logr/logr v1.2.4 // indirect
 
@@ -825,7 +825,7 @@ func validateCustomResourceDefinitionValidation(ctx context.Context, customResou
 
 	// if validation passed otherwise, make sure we can actually construct a schema validator from this custom resource validation.
 	if len(allErrs) == 0 {
-		if _, _, err := apiservervalidation.NewSchemaValidator(customResourceValidation); err != nil {
+		if _, _, err := apiservervalidation.NewSchemaValidator(customResourceValidation.OpenAPIV3Schema); err != nil {
 			allErrs = append(allErrs, field.Invalid(fldPath, "", fmt.Sprintf("error building validator: %v", err)))
 		}
 	}
 
@@ -79,8 +79,6 @@ import (
 	"k8s.io/klog/v2"
 	"k8s.io/kube-openapi/pkg/spec3"
 	"k8s.io/kube-openapi/pkg/validation/spec"
-	"k8s.io/kube-openapi/pkg/validation/strfmt"
-	"k8s.io/kube-openapi/pkg/validation/validate"
 )
 
 // crdHandler serves the `/apis` endpoint.
@@ -739,20 +737,22 @@ func (r *crdHandler) getOrCreateServingInfoFor(uid types.UID, name string) (*crd
 			utilruntime.HandleError(err)
 			return nil, fmt.Errorf("the server could not properly serve the CR schema")
 		}
+		var internalSchemaProps *apiextensionsinternal.JSONSchemaProps
 		var internalValidationSchema *apiextensionsinternal.CustomResourceValidation
 		if validationSchema != nil {
 			internalValidationSchema = &apiextensionsinternal.CustomResourceValidation{}
 			if err := apiextensionsv1.Convert_v1_CustomResourceValidation_To_apiextensions_CustomResourceValidation(validationSchema, internalValidationSchema, nil); err != nil {
 				return nil, fmt.Errorf("failed to convert CRD validation to internal version: %v", err)
 			}
+			internalSchemaProps = internalValidationSchema.OpenAPIV3Schema
 		}
-		validator, _, err := apiservervalidation.NewSchemaValidator(internalValidationSchema)
+		validator, _, err := apiservervalidation.NewSchemaValidator(internalSchemaProps)
 		if err != nil {
 			return nil, err
 		}
 
 		var statusSpec *apiextensionsinternal.CustomResourceSubresourceStatus
-		var statusValidator *validate.SchemaValidator
+		var statusValidator apiservervalidation.SchemaValidator
 		subresources, err := apiextensionshelpers.GetSubresourcesForVersion(crd, v.Name)
 		if err != nil {
 			utilruntime.HandleError(err)
@@ -767,11 +767,10 @@ func (r *crdHandler) getOrCreateServingInfoFor(uid types.UID, name string) (*crd
 			// for the status subresource, validate only against the status schema
 			if internalValidationSchema != nil && internalValidationSchema.OpenAPIV3Schema != nil && internalValidationSchema.OpenAPIV3Schema.Properties != nil {
 				if statusSchema, ok := internalValidationSchema.OpenAPIV3Schema.Properties["status"]; ok {
-					openapiSchema := &spec.Schema{}
-					if err := apiservervalidation.ConvertJSONSchemaPropsWithPostProcess(&statusSchema, openapiSchema, apiservervalidation.StripUnsupportedFormatsPostProcess); err != nil {
+					statusValidator, _, err = apiservervalidation.NewSchemaValidator(&statusSchema)
+					if err != nil {
 						return nil, err
 					}
-					statusValidator = validate.NewSchemaValidator(openapiSchema, nil, "", strfmt.Default)
 				}
 			}
 		}
Original file line number	Diff line number	Diff line change
`@@ -825,7 +825,7 @@ func validateCustomResourceDefinitionValidation(ctx context.Context, customResou`
`825`	`825`
`826`	`826`	`// if validation passed otherwise, make sure we can actually construct a schema validator from this custom resource validation.`
`827`	`827`	`if len(allErrs) == 0 {`
`828`		`- if _, _, err := apiservervalidation.NewSchemaValidator(customResourceValidation); err != nil {`
	`828`	`+ if _, _, err := apiservervalidation.NewSchemaValidator(customResourceValidation.OpenAPIV3Schema); err != nil {`
`829`	`829`	`allErrs = append(allErrs, field.Invalid(fldPath, "", fmt.Sprintf("error building validator: %v", err)))`
`830`	`830`	`}`
`831`	`831`	`}`
Original file line number	Diff line number	Diff line change
`@@ -79,8 +79,6 @@ import (`
`79`	`79`	`"k8s.io/klog/v2"`
`80`	`80`	`"k8s.io/kube-openapi/pkg/spec3"`
`81`	`81`	`"k8s.io/kube-openapi/pkg/validation/spec"`
`82`		`- "k8s.io/kube-openapi/pkg/validation/strfmt"`
`83`		`- "k8s.io/kube-openapi/pkg/validation/validate"`
`84`	`82`	`)`
`85`	`83`
`86`	`84`	// crdHandler serves the `/apis` endpoint.
`@@ -739,20 +737,22 @@ func (r crdHandler) getOrCreateServingInfoFor(uid types.UID, name string) (crd`
`739`	`737`	`utilruntime.HandleError(err)`
`740`	`738`	`return nil, fmt.Errorf("the server could not properly serve the CR schema")`
`741`	`739`	`}`
	`740`	`+ var internalSchemaProps *apiextensionsinternal.JSONSchemaProps`
`742`	`741`	`var internalValidationSchema *apiextensionsinternal.CustomResourceValidation`
`743`	`742`	`if validationSchema != nil {`
`744`	`743`	`internalValidationSchema = &apiextensionsinternal.CustomResourceValidation{}`
`745`	`744`	`if err := apiextensionsv1.Convert_v1_CustomResourceValidation_To_apiextensions_CustomResourceValidation(validationSchema, internalValidationSchema, nil); err != nil {`
`746`	`745`	`return nil, fmt.Errorf("failed to convert CRD validation to internal version: %v", err)`
`747`	`746`	`}`
	`747`	`+ internalSchemaProps = internalValidationSchema.OpenAPIV3Schema`
`748`	`748`	`}`
`749`		`- validator, _, err := apiservervalidation.NewSchemaValidator(internalValidationSchema)`
	`749`	`+ validator, _, err := apiservervalidation.NewSchemaValidator(internalSchemaProps)`
`750`	`750`	`if err != nil {`
`751`	`751`	`return nil, err`
`752`	`752`	`}`
`753`	`753`
`754`	`754`	`var statusSpec *apiextensionsinternal.CustomResourceSubresourceStatus`
`755`		`- var statusValidator *validate.SchemaValidator`
	`755`	`+ var statusValidator apiservervalidation.SchemaValidator`
`756`	`756`	`subresources, err := apiextensionshelpers.GetSubresourcesForVersion(crd, v.Name)`
`757`	`757`	`if err != nil {`
`758`	`758`	`utilruntime.HandleError(err)`
`@@ -767,11 +767,10 @@ func (r crdHandler) getOrCreateServingInfoFor(uid types.UID, name string) (crd`
`767`	`767`	`// for the status subresource, validate only against the status schema`
`768`	`768`	`if internalValidationSchema != nil && internalValidationSchema.OpenAPIV3Schema != nil && internalValidationSchema.OpenAPIV3Schema.Properties != nil {`
`769`	`769`	`if statusSchema, ok := internalValidationSchema.OpenAPIV3Schema.Properties["status"]; ok {`
`770`		`- openapiSchema := &spec.Schema{}`
`771`		`- if err := apiservervalidation.ConvertJSONSchemaPropsWithPostProcess(&statusSchema, openapiSchema, apiservervalidation.StripUnsupportedFormatsPostProcess); err != nil {`
	`770`	`+ statusValidator, _, err = apiservervalidation.NewSchemaValidator(&statusSchema)`
	`771`	`+ if err != nil {`
`772`	`772`	`return nil, err`
`773`	`773`	`}`
`774`		`- statusValidator = validate.NewSchemaValidator(openapiSchema, nil, "", strfmt.Default)`
`775`	`774`	`}`
`776`	`775`	`}`
`777`	`776`	`}`