Updated kube-api-linter version to the latest. After update relax conditions checks in .golangci-kal.yml (comment out conditions config). The older version was not picking them.

v47 · v47 · commit 2f48458c333a · 2025-09-04T02:27:50.000+02:00
diff --git a/.golangci-kal.yml b/.golangci-kal.yml
@@ -32,10 +32,10 @@ linters:
             disable:
               - "*" # We will manually enable new linters after understanding the impact. Disable all by default.
           lintersConfig:
-            conditions:
-              isFirstField: Warn # Require conditions to be the first field in the status struct.
-              usePatchStrategy: Forbid # Conditions should not use the patch strategy on CRDs.
-              useProtobuf: Forbid # We don't use protobuf, so protobuf tags are not required.
+            # conditions:
+            #   isFirstField: Warn # Require conditions to be the first field in the status struct.
+            #   usePatchStrategy: Forbid # Conditions should not use the patch strategy on CRDs.
+            #   useProtobuf: Forbid # We don't use protobuf, so protobuf tags are not required.
           # jsonTags:
           #   jsonTagRegex: "^[a-z][a-z0-9]*(?:[A-Z][a-z0-9]*)*$" # The default regex is appropriate for our use case.
           # optionalOrRequired:
diff --git a/api/v1beta1/awsmachine_types.go b/api/v1beta1/awsmachine_types.go
@@ -77,7 +77,7 @@ type AWSMachineSpec struct {
 	// InstanceType is the type of instance to create. Example: m4.xlarge
 	// +kubebuilder:validation:Required
 	// +kubebuilder:validation:MinLength:=2
-	InstanceType string `json:"instanceType"`
+	InstanceType string `json:"instanceType,omitempty"`
 
 	// AdditionalTags is an optional set of tags to add to an instance, in addition to the ones added by default by the
 	// AWS provider. If both the AWSCluster and the AWSMachine specify the same tag name with different values, the
diff --git a/api/v1beta2/awsmachine_types.go b/api/v1beta2/awsmachine_types.go
@@ -114,7 +114,7 @@ type AWSMachineSpec struct {
 	// InstanceType is the type of instance to create. Example: m4.xlarge
 	// +kubebuilder:validation:Required
 	// +kubebuilder:validation:MinLength:=2
-	InstanceType string `json:"instanceType"`
+	InstanceType string `json:"instanceType,omitempty"`
 
 	// AdditionalTags is an optional set of tags to add to an instance, in addition to the ones added by default by the
 	// AWS provider. If both the AWSCluster and the AWSMachine specify the same tag name with different values, the
diff --git a/controlplane/eks/api/v1beta1/types.go b/controlplane/eks/api/v1beta1/types.go
@@ -127,7 +127,7 @@ type Addon struct {
 	// Name is the name of the addon
 	// +kubebuilder:validation:MinLength:=2
 	// +kubebuilder:validation:Required
-	Name string `json:"name"`
+	Name string `json:"name,omitempty"`
 	// Version is the version of the addon to use
 	Version string `json:"version"`
 	// Configuration of the EKS addon
@@ -223,7 +223,8 @@ type OIDCIdentityProviderConfig struct {
 	// This is also known as audience. The ID for the client application that makes
 	// authentication requests to the OpenID identity provider.
 	// +kubebuilder:validation:Required
-	ClientID string `json:"clientId"`
+	// +kubebuilder:validation:MinLength=1
+	ClientID string `json:"clientId,omitempty"`
 
 	// The JWT claim that the provider uses to return your groups.
 	// +optional
@@ -239,7 +240,8 @@ type OIDCIdentityProviderConfig struct {
 	//
 	// IdentityProviderConfigName is a required field
 	// +kubebuilder:validation:Required
-	IdentityProviderConfigName string `json:"identityProviderConfigName"`
+	// +kubebuilder:validation:MinLength=1
+	IdentityProviderConfigName string `json:"identityProviderConfigName,omitempty"`
 
 	// The URL of the OpenID identity provider that allows the API server to discover
 	// public signing keys for verifying tokens. The URL must begin with https://
@@ -250,7 +252,9 @@ type OIDCIdentityProviderConfig struct {
 	// and must be publicly accessible over the internet.
 	//
 	// +kubebuilder:validation:Required
-	IssuerURL string `json:"issuerUrl"`
+	// +kubebuilder:validation:MinLength=1
+	// +kubebuilder:validation:Pattern=^https://
+	IssuerURL string `json:"issuerUrl,omitempty"`
 
 	// The key value pairs that describe required claims in the identity token.
 	// If set, each claim is verified to be present in the token with a matching
diff --git a/controlplane/eks/api/v1beta2/types.go b/controlplane/eks/api/v1beta2/types.go
@@ -107,7 +107,7 @@ type KubernetesMapping struct {
 // RoleMapping represents a mapping from a IAM role to Kubernetes users and groups.
 type RoleMapping struct {
 	// RoleARN is the AWS ARN for the role to map
-	// +kubebuilder:validation:MinLength:=31
+	// +kubebuilder:validation:MinLength=31
 	RoleARN string `json:"rolearn"`
 	// KubernetesMapping holds the RBAC details for the mapping
 	KubernetesMapping `json:",inline"`
@@ -116,7 +116,7 @@ type RoleMapping struct {
 // UserMapping represents a mapping from an IAM user to Kubernetes users and groups.
 type UserMapping struct {
 	// UserARN is the AWS ARN for the user to map
-	// +kubebuilder:validation:MinLength:=31
+	// +kubebuilder:validation:MinLength=31
 	UserARN string `json:"userarn"`
 	// KubernetesMapping holds the RBAC details for the mapping
 	KubernetesMapping `json:",inline"`
@@ -125,9 +125,9 @@ type UserMapping struct {
 // Addon represents a EKS addon.
 type Addon struct {
 	// Name is the name of the addon
-	// +kubebuilder:validation:MinLength:=2
+	// +kubebuilder:validation:MinLength=2
 	// +kubebuilder:validation:Required
-	Name string `json:"name"`
+	Name string `json:"name,omitempty"`
 	// Version is the version of the addon to use
 	Version string `json:"version"`
 	// Configuration of the EKS addon
@@ -227,7 +227,8 @@ type OIDCIdentityProviderConfig struct {
 	// This is also known as audience. The ID for the client application that makes
 	// authentication requests to the OpenID identity provider.
 	// +kubebuilder:validation:Required
-	ClientID string `json:"clientId"`
+	// +kubebuilder:validation:MinLength=1
+	ClientID string `json:"clientId,omitempty"`
 
 	// The JWT claim that the provider uses to return your groups.
 	// +optional
@@ -243,7 +244,8 @@ type OIDCIdentityProviderConfig struct {
 	//
 	// IdentityProviderConfigName is a required field
 	// +kubebuilder:validation:Required
-	IdentityProviderConfigName string `json:"identityProviderConfigName"`
+	// +kubebuilder:validation:MinLength=1
+	IdentityProviderConfigName string `json:"identityProviderConfigName,omitempty"`
 
 	// The URL of the OpenID identity provider that allows the API server to discover
 	// public signing keys for verifying tokens. The URL must begin with https://
@@ -254,7 +256,9 @@ type OIDCIdentityProviderConfig struct {
 	// and must be publicly accessible over the internet.
 	//
 	// +kubebuilder:validation:Required
-	IssuerURL string `json:"issuerUrl"`
+	// +kubebuilder:validation:MinLength=1
+	// +kubebuilder:validation:Pattern=^https://
+	IssuerURL string `json:"issuerUrl,omitempty"`
 
 	// The key value pairs that describe required claims in the identity token.
 	// If set, each claim is verified to be present in the token with a matching
diff --git a/controlplane/rosa/api/v1beta2/external_auth_types.go b/controlplane/rosa/api/v1beta2/external_auth_types.go
@@ -4,15 +4,16 @@ package v1beta2
 type ExternalAuthProvider struct {
 	// Name of the OIDC provider
 	//
-	// +kubebuilder:validation:MinLength=1
 	// +kubebuilder:validation:Required
+	// +kubebuilder:validation:MinLength=1
 	// +required
-	Name string `json:"name"`
+	Name string `json:"name,omitempty"`
 	// Issuer describes attributes of the OIDC token issuer
 	//
 	// +kubebuilder:validation:Required
+	// +kubebuilder:validation:MinLength=1
 	// +required
-	Issuer TokenIssuer `json:"issuer"`
+	Issuer TokenIssuer `json:"issuer,omitzero"`
 
 	// OIDCClients contains configuration for the platform's clients that
 	// need to request tokens from the issuer
@@ -46,9 +47,10 @@ type TokenIssuer struct {
 	// Must use the https:// scheme.
 	//
 	// +kubebuilder:validation:Pattern=`^https:\/\/[^\s]`
+	// +kubebuilder:validation:MinLength=1
 	// +kubebuilder:validation:Required
 	// +required
-	URL string `json:"issuerURL"`
+	URL string `json:"issuerURL,omitempty"`
 
 	// Audiences is an array of audiences that the token was issued for.
 	// Valid tokens must include at least one of these values in their
@@ -60,7 +62,7 @@ type TokenIssuer struct {
 	// +kubebuilder:validation:MinItems=1
 	// +kubebuilder:validation:MaxItems=10
 	// +required
-	Audiences []TokenAudience `json:"audiences"`
+	Audiences []TokenAudience `json:"audiences,omitempty"`
 
 	// CertificateAuthority is a reference to a config map in the
 	// configuration namespace. The .data of the configMap must contain
@@ -79,23 +81,24 @@ type OIDCClientConfig struct {
 	// +kubebuilder:validation:MaxLength=256
 	// +kubebuilder:validation:Required
 	// +required
-	ComponentName string `json:"componentName"`
+	ComponentName string `json:"componentName,omitempty"`
 
 	// ComponentNamespace is the namespace of the component that is supposed to consume this
 	// client configuration
 	//
 	// +kubebuilder:validation:MinLength=1
 	// +kubebuilder:validation:MaxLength=63
 	// +kubebuilder:validation:Required
+	// +kubebuilder:validation:Pattern=^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
 	// +required
-	ComponentNamespace string `json:"componentNamespace"`
+	ComponentNamespace string `json:"componentNamespace,omitempty"`
 
 	// ClientID is the identifier of the OIDC client from the OIDC provider
 	//
 	// +kubebuilder:validation:MinLength=1
 	// +kubebuilder:validation:Required
 	// +required
-	ClientID string `json:"clientID"`
+	ClientID string `json:"clientID,omitempty"`
 
 	// ClientSecret refers to a secret that
 	// contains the client secret in the `clientSecret` key of the `.data` field
@@ -130,8 +133,9 @@ type PrefixedClaimMapping struct {
 	// Claim is a JWT token claim to be used in the mapping
 	//
 	// +kubebuilder:validation:Required
+	// +kubebuilder:validation:MinLength=1
 	// +required
-	Claim string `json:"claim"`
+	Claim string `json:"claim,omitempty"`
 
 	// Prefix is a string to prefix the value from the token in the result of the
 	// claim mapping.
@@ -151,8 +155,9 @@ type UsernameClaimMapping struct {
 	// Claim is a JWT token claim to be used in the mapping
 	//
 	// +kubebuilder:validation:Required
+	// +kubebuilder:validation:MinLength=1
 	// +required
-	Claim string `json:"claim"`
+	Claim string `json:"claim,omitempty"`
 
 	// PrefixPolicy specifies how a prefix should apply.
 	//
@@ -218,7 +223,8 @@ type TokenClaimValidationRule struct {
 
 	// RequiredClaim allows configuring a required claim name and its expected value
 	// +kubebuilder:validation:Required
-	RequiredClaim TokenRequiredClaim `json:"requiredClaim"`
+	// +kubebuilder:validation:MinLength=1
+	RequiredClaim TokenRequiredClaim `json:"requiredClaim,omitzero"`
 }
 
 // TokenRequiredClaim allows configuring a required claim name and its expected value.
@@ -229,21 +235,22 @@ type TokenRequiredClaim struct {
 	// +kubebuilder:validation:MinLength=1
 	// +kubebuilder:validation:Required
 	// +required
-	Claim string `json:"claim"`
+	Claim string `json:"claim,omitempty"`
 
 	// RequiredValue is the required value for the claim.
 	//
 	// +kubebuilder:validation:MinLength=1
 	// +kubebuilder:validation:Required
 	// +required
-	RequiredValue string `json:"requiredValue"`
+	RequiredValue string `json:"requiredValue,omitempty"`
 }
 
 // LocalObjectReference references an object in the same namespace.
 type LocalObjectReference struct {
 	// Name is the metadata.name of the referenced object.
 	//
 	// +kubebuilder:validation:Required
+	// +kubebuilder:validation:MinLength=1
 	// +required
-	Name string `json:"name"`
+	Name string `json:"name,omitempty"`
 }
diff --git a/exp/api/v1beta1/awsmachinepool_types.go b/exp/api/v1beta1/awsmachinepool_types.go
@@ -60,7 +60,8 @@ type AWSMachinePoolSpec struct {
 
 	// AWSLaunchTemplate specifies the launch template and version to use when an instance is launched.
 	// +kubebuilder:validation:Required
-	AWSLaunchTemplate AWSLaunchTemplate `json:"awsLaunchTemplate"`
+	// +kubebuilder:validation:MinProperties=1
+	AWSLaunchTemplate AWSLaunchTemplate `json:"awsLaunchTemplate,omitzero"`
 
 	// MixedInstancesPolicy describes how multiple instance types will be used by the ASG.
 	MixedInstancesPolicy *MixedInstancesPolicy `json:"mixedInstancesPolicy,omitempty"`
diff --git a/exp/api/v1beta1/types.go b/exp/api/v1beta1/types.go
@@ -53,7 +53,8 @@ type EBS struct {
 type BlockDeviceMapping struct {
 	// The device name exposed to the EC2 instance (for example, /dev/sdh or xvdh).
 	// +kubebuilder:validation:Required
-	DeviceName string `json:"deviceName"`
+	// +kubebuilder:validation:MinLength=1
+	DeviceName string `json:"deviceName,omitempty"`
 
 	// You can specify either VirtualName or Ebs, but not both.
 	// +optional
@@ -227,13 +228,15 @@ type Taint struct {
 	// Effect specifies the effect for the taint
 	// +kubebuilder:validation:Required
 	// +kubebuilder:validation:Enum=no-schedule;no-execute;prefer-no-schedule
-	Effect TaintEffect `json:"effect"`
+	Effect TaintEffect `json:"effect,omitempty"`
 	// Key is the key of the taint
 	// +kubebuilder:validation:Required
-	Key string `json:"key"`
+	// +kubebuilder:validation:MinLength=1
+	Key string `json:"key,omitempty"`
 	// Value is the value of the taint
 	// +kubebuilder:validation:Required
-	Value string `json:"value"`
+	// +kubebuilder:validation:MinLength=1
+	Value string `json:"value,omitempty"`
 }
 
 // Equals is used to test if 2 taints are equal.
diff --git a/exp/api/v1beta2/awsmachinepool_types.go b/exp/api/v1beta2/awsmachinepool_types.go
@@ -67,7 +67,8 @@ type AWSMachinePoolSpec struct {
 
 	// AWSLaunchTemplate specifies the launch template and version to use when an instance is launched.
 	// +kubebuilder:validation:Required
-	AWSLaunchTemplate AWSLaunchTemplate `json:"awsLaunchTemplate"`
+	// +kubebuilder:validation:MinProperties=1
+	AWSLaunchTemplate AWSLaunchTemplate `json:"awsLaunchTemplate,omitzero"`
 
 	// MixedInstancesPolicy describes how multiple instance types will be used by the ASG.
 	MixedInstancesPolicy *MixedInstancesPolicy `json:"mixedInstancesPolicy,omitempty"`
diff --git a/exp/api/v1beta2/rosamachinepool_types.go b/exp/api/v1beta2/rosamachinepool_types.go
@@ -74,7 +74,9 @@ type RosaMachinePoolSpec struct {
 	// InstanceType specifies the AWS instance type
 	//
 	// +kubebuilder:validation:Required
-	InstanceType string `json:"instanceType"`
+	// +kubebuilder:validation:MinLength=1
+	// +required
+	InstanceType string `json:"instanceType,omitempty"`
 
 	// Autoscaling specifies auto scaling behaviour for this MachinePool.
 	// required if Replicas is not configured
@@ -125,7 +127,8 @@ type RosaTaint struct {
 	// The taint key to be applied to a node.
 	//
 	// +kubebuilder:validation:Required
-	Key string `json:"key"`
+	// +kubebuilder:validation:MinLength=1
+	Key string `json:"key,omitempty"`
 	// The taint value corresponding to the taint key.
 	//
 	// +kubebuilder:validation:Pattern:=`^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$`
@@ -136,7 +139,7 @@ type RosaTaint struct {
 	//
 	// +kubebuilder:validation:Required
 	// +kubebuilder:validation:Enum=NoSchedule;PreferNoSchedule;NoExecute
-	Effect corev1.TaintEffect `json:"effect"`
+	Effect corev1.TaintEffect `json:"effect,omitempty"`
 }
 
 // RosaMachinePoolAutoScaling specifies scaling options.
diff --git a/exp/api/v1beta2/types.go b/exp/api/v1beta2/types.go
@@ -52,7 +52,8 @@ type EBS struct {
 type BlockDeviceMapping struct {
 	// The device name exposed to the EC2 instance (for example, /dev/sdh or xvdh).
 	// +kubebuilder:validation:Required
-	DeviceName string `json:"deviceName"`
+	// +kubebuilder:validation:MinLength=1
+	DeviceName string `json:"deviceName,omitempty"`
 
 	// You can specify either VirtualName or Ebs, but not both.
 	// +optional
@@ -339,13 +340,15 @@ type Taint struct {
 	// Effect specifies the effect for the taint
 	// +kubebuilder:validation:Required
 	// +kubebuilder:validation:Enum=no-schedule;no-execute;prefer-no-schedule
-	Effect TaintEffect `json:"effect"`
+	Effect TaintEffect `json:"effect,omitempty"`
 	// Key is the key of the taint
 	// +kubebuilder:validation:Required
-	Key string `json:"key"`
+	// +kubebuilder:validation:MinLength=1
+	Key string `json:"key,omitempty"`
 	// Value is the value of the taint
 	// +kubebuilder:validation:Required
-	Value string `json:"value"`
+	// +kubebuilder:validation:MinLength=1
+	Value string `json:"value,omitempty"`
 }
 
 // Equals is used to test if 2 taints are equal.
diff --git a/hack/tools/.custom-gcl.yaml b/hack/tools/.custom-gcl.yaml
@@ -3,4 +3,4 @@ name: golangci-lint-kube-api-linter
 destination: ./bin
 plugins:
 - module: 'sigs.k8s.io/kube-api-linter'
-  version: v0.0.0-20250411141643-33ef95a5ee04
+  version: v0.0.0-20250902135116-ef33eac3b92b
