temporarily disable linter

.dockerignore

@@ -1,5 +1,7 @@
 .github
 docs
 examples
+hack
+site
 travis
 *.md

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,68 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: ""
+labels:
+  - kind/bug
+assignees: ""
+---
+
+<!--
+Please read this page: https://kubectl.docs.kubernetes.io/contributing/kustomize/bugs/ before
+filing a bug
+-->
+
+<!-- Feel free to skip the sections if they are not applicable. -->
+
+**Describe the bug**
+
+<!-- A clear and concise description of what the bug is. -->
+
+**Files that can reproduce the issue**
+
+<!--
+We cannot figure out or fix the issue if we don't know how to reproduce. Please
+provide a minimum set of files that can reproduce the issue. You can paste the
+file contents here or provide a link to a tarball or git repo.
+
+Example:
+
+kustomization.yaml
+
+```
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+...
+```
+
+resources.yaml
+
+```
+apiVersion: v1
+kind: Deployment
+...
+```
+
+...
+-->
+
+**Expected output**
+
+<!-- What's the expected output? -->
+
+**Actual output**
+
+<!-- What's the actual output? -->
+
+**Kustomize version**
+
+<!-- Please use the latest version when it's possible. -->
+
+**Platform**
+
+<!-- Linux/macOS/Windows? -->
+
+**Additional context**
+
+<!-- Add any other context about the problem here. -->

.github/ISSUE_TEMPLATE/bug_report.yaml

@@ -1,87 +0,0 @@
-name: Bug report
-description: File a bug report
-labels: ["kind/bug"]
-body:
-  - type: textarea
-    id: problem
-    attributes:
-      label: What happened?
-      description: |
-        Please provide as much info as possible. Not doing so may result in your bug not being addressed in a timely manner.
-        If this matter is security related, please disclose it privately via https://kubernetes.io/security
-    validations:
-      required: true
-
-  - type: textarea
-    id: expected
-    attributes:
-      label: What did you expect to happen?
-    validations:
-      required: true
-
-  - type: textarea
-    id: repro-files
-    attributes:
-      label: How can we reproduce it (as minimally and precisely as possible)?
-      description: Please provide a minimum set of files that can reproduce the issue. You can paste the file contents here or provide a link to a tarball or git repo. Even better, submit a tests case in the api/krusty package! For more information on how to do that, see https://kubectl.docs.kubernetes.io/contributing/kustomize/bugs/.
-      value: | 
-        ```yaml
-        # kustomization.yaml
-        apiVersion: kustomize.config.k8s.io/v1beta1
-        kind: Kustomization
-        resources:
-        - resources.yaml
-        ```
-    
-        ```yaml
-        # resources.yaml
-        apiVersion: v1
-        kind: ConfigMap
-        metadata:
-          name: test-object
-        data:
-          placeholder: data
-        ```
-    validations:
-      required: true  
-  - type: textarea
-    id: expected-output
-    attributes:
-      label: Expected output
-      description: If you are able to provide reproduction files, please include the output you expect here.
-      value: | 
-        ```yaml
-
-        ```
-    validations:
-      required: false
-  - type: textarea
-    id: actual-output
-    attributes:
-      label: Actual output
-      description: If you are able to provide reproduction files, please include the output they currently produce here.
-      value: | 
-        ```yaml
-
-        ```
-    validations:
-      required: false
-  - type: input
-    id: kustomize-version
-    attributes:
-      label: Kustomize version
-      description: Please use the latest version whenever possible.
-      placeholder: What version of Kustomize are you using?
-    validations:
-      required: true
-  - type: dropdown
-    id: os
-    attributes:
-      label: Operating system
-      options:
-        - Linux
-        - MacOS
-        - Windows
-        - Other
-    validations:
-      required: false

.github/ISSUE_TEMPLATE/config.yaml

@@ -0,0 +1 @@
+blank_issues_enabled: true

.github/ISSUE_TEMPLATE/config.yml

@@ -1,6 +0,0 @@
-contact_links:
-  - name: Support request
-    url: https://discuss.kubernetes.io
-    about: |
-      Please do not submit support requests or questions as issues. 
-      Ask your question in the Kubernetes Community Forums, or in the #kustomize channel on Kubernetes Slack (https://slack.k8s.io).

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,26 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+title: ""
+labels:
+  - kind/feature
+assignees: ""
+---
+
+<!-- Feel free to skip the sections if they are not applicable. -->
+
+**Is your feature request related to a problem? Please describe.**
+
+<!-- A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] -->
+
+**Describe the solution you'd like**
+
+<!-- A clear and concise description of what you want to happen. -->
+
+**Describe alternatives you've considered**
+
+<!-- A clear and concise description of any alternative solutions or features you've considered. -->
+
+**Additional context**
+
+<!-- Add any other context or screenshots about the feature request here. -->

.github/ISSUE_TEMPLATE/feature_request.yaml

@@ -1,64 +0,0 @@
-name: Feature request
-description: Propose an enhancement to Kustomize
-labels: kind/feature
-body:
-  - type: markdown
-    attributes:
-      value: |
-        Small, straightforward enhancements can be proposed in regular GitHub issues using the template below. As a rule of thumb, the enhancement should be resolvable in a single PR that is at most size L. Anything more involved requires a mini (in-repo) enhancement proposal, and features with implications for kubectl require a full [KEP](https://github.com/kubernetes/enhancements). 
-         
-        For more information on the Kustomize enhancement process, see: https://github.com/kubernetes-sigs/kustomize/tree/master/proposals.      
-         
-        When in doubt, go ahead and fill out the template below; the maintainers will let you know if a KEP is required.
-
-  - type: checkboxes
-    attributes:
-      label: Eschewed features
-      description: Some features are out of scope for Kustomize because they are incompatible with its foundational design principles. Please review the [Eschewed Features](https://kubectl.docs.kubernetes.io/faq/kustomize/eschewedfeatures/) documentation before submitting your feature request.
-      options:
-      - label: This issue is not requesting templating, unstuctured edits, build-time side-effects from args or env vars, or any other eschewed feature.
-        required: true
-
-  - type: textarea
-    id: feature-description
-    attributes:
-      label: What would you like to have added?
-    validations:
-      required: true
-
-  - type: textarea
-    id: rationale
-    attributes:
-      label: Why is this needed?
-    validations:
-      required: true
-      
-  - type: textarea
-    id: current-alternatives
-    attributes:
-      label: Can you accomplish the motivating task without this feature, and if so, how?
-    validations:
-      required: true      
-      
-      
-  - type: textarea
-    id: design-alternatives
-    attributes:
-      label: What other solutions have you considered?
-    validations:
-      required: true        
-
-  - type: textarea
-    id: additional-info
-    attributes:
-      label: Anything else we should know?
-    validations:
-      required: false
-      
-  - type: checkboxes
-    attributes:
-      label: Feature ownership
-      description: The Kustomize project, like many areas of Kubernetes, currently lacks enough contributors to adequately respond to all proposals that have merit. Offering to build and support the feature yourself can help get traction for your request.
-      options:
-      - label: I am interested in contributing this feature myself! 🎉
-        required: false

.github/ISSUE_TEMPLATE/question.md

@@ -0,0 +1,9 @@
+---
+name: Question
+about: Ask a question about the kustomize
+title: "[Question]"
+labels: ""
+assignees: ""
+---
+
+<!-- Please describe your question here -->

.github/dependabot.yml

@@ -4,11 +4,3 @@ updates:
   directory: "/"
   schedule:
       interval: "weekly"
-
-- package-ecosystem: gomod
-  directory: "/"
-  schedule:
-    interval: "weekly"
-  open-pull-requests-limit: 10
-  vulnerability-alerts:
-    enabled: true

.github/workflows/apidiff.yml

@@ -1,36 +0,0 @@
-name: APIDiff
-
-# Trigger the workflow on pull requests and direct pushes to any branch
-on:
-  push:
-  pull_request:
-
-jobs:
-  go-apidiff:
-    name: Verify API differences
-    runs-on: ubuntu-latest
-    # Pull requests from different repository only trigger this checks
-    if: (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name != github.repository)
-    steps:
-      - name: Clone the code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
-        with:
-          fetch-depth: 0
-      - name: Setup Go
-        uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c
-        with:
-          go-version-file: go.work
-      - name: Execute go-apidiff
-        uses: joelanford/go-apidiff@60c4206be8f84348ebda2a3e0c3ac9cb54b8f685
-        with:
-          compare-imports: true
-          print-compatible: true
-      - name: Report failure
-        uses: nashmaniac/create-issue-action@6814b79f58a9e25070c226b0c847e67b0c06efdd
-        # Only report failures of pushes (PRs have are visible through the Checks section) to the default branch
-        if: failure() && github.event_name == 'push' && github.ref == 'refs/heads/master'
-        with:
-          title: 🐛 go-apidiff failed for ${{ github.sha }}
-          token: ${{ secrets.GITHUB_TOKEN }}
-          labels: kind/bug
-          body: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}

.github/workflows/go.yml

@@ -2,157 +2,101 @@ name: Go
 
 on:
   push:
-    branches: [master]
+    branches: [ master ]
   pull_request:
-    branches: [master]
+    branches: [ master ]
 
 permissions:
   contents: read
 
 jobs:
-  ## TODO: conditional-changes checker is not working
-  conditional-changes:
-    runs-on: ubuntu-latest
-    permissions:
-      pull-requests: read
-    outputs:
-      doc: ${{ steps.filter.outputs.doc }}
-    steps:
-    - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
-    - uses: dorny/paths-filter@fbd0ab8f3e69293af611ebaee6363fc25e6d187d
-      id: filter
-      with:
-        filters: |
-          doc:
-            - 'site/**'
-
-  check-modules:
-    name: check-synced-go-modules
-    # needs: conditional-changes
-    # if: needs.conditional-changes.outputs.doc == 'false'
-    runs-on: [ubuntu-latest]
-    steps:
-    - name: Check out code into the Go module directory
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
-      with:
-        fetch-depth: 0
-    - name: Set up Go 1.x
-      uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c
-      with:
-        go-version-file: go.work
-        cache: true
-        cache-dependency-path: |
-          **/go.sum
-      id: go
-    - name: sync go modules
-      run: make workspace-sync
-    - name: check for changes with 'make workspace-sync'
-      run: git diff --exit-code
 
   lint:
     name: Lint
-    # needs: conditional-changes
-    # if: needs.conditional-changes.outputs.doc == 'false'
     runs-on: [ubuntu-latest]
     steps:
+
+    - name: Set up Go 1.x
+      uses: actions/setup-go@v3
+      with:
+        go-version: ^1.18
+      id: go
+
     - name: Check out code into the Go module directory
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+      uses: actions/checkout@v3
       with:
         fetch-depth: 0
-    - name: Set up Go 1.x
-      uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c
-      with:
-        go-version-file: go.work
-        cache: true
-        cache-dependency-path: |
-          **/go.sum
-      id: go
+
     - name: Lint
       run: make lint
+
     - name: Verify boilerplate
       run: make check-license
 
-  ## Test all modules without plugins and released modules
-  test-non-released-modules:
+  test-linux:
     name: Test Linux
-    # needs: conditional-changes
-    # if: needs.conditional-changes.outputs.doc == 'false'
     runs-on: [ubuntu-latest]
     steps:
-    - name: Check out code into the Go module directory
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
-    - name: Set up Go 1.x
-      uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c
-      with:
-        go-version-file: go.work
-        cache: true
-        cache-dependency-path: |
-          **/go.sum
-      id: go
-    - name: Test all modules without plugins and released modules
-      run: make test-unit-non-plugin-and-non-released
-      env:
-        KUSTOMIZE_DOCKER_E2E: true
 
-  test-modules:
-    name: Test ${{ matrix.os }} - ${{ matrix.module }}
-    # needs: conditional-changes
-    # if: needs.conditional-changes.outputs.doc == 'false'
-    runs-on: ${{ matrix.os }}
-    strategy:
-      fail-fast: false
-      matrix:
-        os: [ubuntu-latest, macos-latest, windows-latest]
-        module:
-        - kyaml
-        - cmd/config
-        - api
-        - kustomize
-        include:
-        - module: kyaml
-          test-cmd: go test -race -v -cover ./...
-        - module: cmd/config
-          test-cmd: go test -v -cover ./...
-        - module: api
-          test-cmd: go test -v -cover ./... -ldflags "-X sigs.k8s.io/kustomize/api/provenance.buildDate=2023-01-31T23:38:41Z -X sigs.k8s.io/kustomize/api/provenance.version=(test)"
-        - module: kustomize
-          test-cmd: go test -v -cover ./...
-        - os: ubuntu-latest
-          docker-e2e: true
-        - os: macos-latest
-          docker-e2e: false
-        - os: windows-latest
-          docker-e2e: false
-    env:
-      KUSTOMIZE_DOCKER_E2E: ${{ matrix.docker-e2e }}
+      - name: Set up Go 1.x
+        uses: actions/setup-go@v3
+        with:
+          go-version: ^1.18
+        id: go
+
+      - name: Check out code into the Go module directory
+        uses: actions/checkout@v2
+
+      - name: Test all modules
+        run: make test-unit-non-plugin
+        env:
+          KUSTOMIZE_DOCKER_E2E: true
+
+  test-macos:
+    name: Test MacOS
+    runs-on: [macos-latest]
     steps:
-    - name: Check out code into the Go module directory
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
-    - name: Set up Go 1.x
-      uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c
-      with:
-        go-version-file: go.work
-        cache: true
-        cache-dependency-path: |
-          **/go.sum
-      id: go
-    - name: Test ${{ matrix.module }}
-      run: ${{ matrix.test-cmd }}
+
+      - name: Set up Go 1.x
+        uses: actions/setup-go@v3
+        with:
+          go-version: ^1.18
+        id: go
+
+      - name: Check out code into the Go module directory
+        uses: actions/checkout@v2
+
+      - name: Test all modules
+        run: make test-unit-non-plugin
+        env:
+          KUSTOMIZE_DOCKER_E2E: false # docker not installed on mac
+
+  test-windows:
+    name: Test Windows
+    runs-on: [windows-latest]
+    steps:
+
+      - name: Set up Go 1.x
+        uses: actions/setup-go@v3
+        with:
+          go-version: ^1.18
+        id: go
+
+      - name: Check out code into the Go module directory
+        uses: actions/checkout@v2
+
+      - name: Test kyaml
+        run: go test -cover ./...
+        working-directory: ./kyaml
+
+      - name: Test cmd/config
+        run: go test -cover ./...
+        working-directory: ./cmd/config
+        env:
+          KUSTOMIZE_DOCKER_E2E: false # docker on windows not working well yet
+
       # TODO (#4001): replace specific modules above with this once Windows tests are passing.
-      if: ${{ !(matrix.os == 'windows-latest' && (matrix.module == 'api' || matrix.module == 'kustomize')) }}
-      working-directory: ./${{ matrix.module }}
-
-  # Aggregation matrix tests from test-modules for branch protection rules
-  test-modules-summary:
-    name: Test Summary
-    runs-on: ubuntu-latest
-    needs: test-modules
-    if: always()
-    steps:
-    - name: Check test results
-      run: |
-        if [[ "${{ needs.test-modules.result }}" != "success" ]]; then
-          echo "Some tests failed or were cancelled"
-          exit 1
-        fi
-        echo "All tests passed successfully"
+      #- name: Test all modules
+      #  run: make test-unit-non-plugin
+      #  env:
+      #    KUSTOMIZE_DOCKER_E2E: false # docker on windows not working well yet

.github/workflows/release.yaml

@@ -1,30 +0,0 @@
-name: release
-
-permissions:
-  contents: write # Allow actions to update dependabot PRs
-
-on:
-  push:
-    tags:
-      - kyaml/v*
-      - cmd/config/v*
-      - api/v*
-      - kustomize/v*
-
-jobs:
-  release:
-    runs-on: ubuntu-latest
-    steps:
-    - name: Check out code into the Go module directory
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
-      with:
-        fetch-depth: 0
-    - name: Set up Go 1.x
-      uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c
-      with:
-        go-version-file: go.work
-      id: go
-    - run: ./releasing/create-release.sh "${tag}"
-      env:
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        tag: ${{ github.ref_name }}

.gitignore

@@ -31,4 +31,3 @@ site/.hugo_build.lock
 
 # goreleaser artifacts
 **/dist/
-/output/

.golangci.yml

@@ -3,50 +3,91 @@
 
 run:
   deadline: 5m
-  go: "1.25"
 
 linters:
-  enable-all: true
-  disable:
-    - cyclop
-    - depguard
-    - exhaustivestruct
-    - forbidigo
-    - funlen
-    - gci
-    - gocognit
-    - godot
-    - godox
-    - goerr113
-    - gofumpt
-    - ifshort # too many false positives
-    - ireturn
-    - nilnil
-    - nlreturn
-    - noctx
-    - paralleltest
-    - perfsprint
-    - stylecheck
-    - testifylint
-    - varnamelen
-    - wsl
-    - exhaustruct
+  # please, do not use `enable-all`: it's deprecated and will be removed soon.
+  # inverted configuration with `enable-all` and `disable` is not scalable during updates of golangci-lint
+  disable-all: true
+  enable:
+    - asciicheck
+    - bidichk
+    - bodyclose
+    - contextcheck
+#    - cyclop
     - deadcode
-    - scopelint
-    - nonamedreturns
-    - golint
-    - maintidx
-    - nosnakecase
-    - testpackage # it's better to keep tests in the same package for now because kustomize does open box testing
-    - structcheck # abandoned by author
-    - varcheck # abandoned by author
-    - maligned # abandoned by author
-    - interfacer # archived by author
-    # TODO(koba1t): temporarily disabled, will be addressed after upgrading to Go 1.24
-    - usetesting
-    - mnd
-    - copyloopvar
-    - intrange
+    - depguard
+    - dogsled
+    - dupl
+    - durationcheck
+    - errcheck
+    - errname
+    - errorlint
+    - exhaustive
+#    - exhaustivestruct
+    - exportloopref
+#    - forbidigo
+    - forcetypeassert
+#    - funlen
+#    - gci
+    - gochecknoglobals
+    - gochecknoinits
+#    - gocognit
+    - goconst
+    - gocritic
+    - gocyclo
+#    - godot
+#    - godox
+#    - goerr113
+    - gofmt
+#    - gofumpt
+    - goheader
+    - goimports
+    - gomnd
+    - gomoddirectives
+    - gomodguard
+    - goprintffuncname
+    - gosec
+    - gosimple
+    - govet
+#    - ifshort # too many false positives
+    - importas
+    - ineffassign
+#    - ireturn
+    - lll
+    - makezero
+    - misspell
+    - nakedret
+    - nestif
+    - nilerr
+#    - nilnil
+#    - nlreturn
+#    - noctx
+    - nolintlint
+#    - paralleltest
+    - prealloc
+    - predeclared
+    - promlinter
+    - revive
+    - rowserrcheck
+    - sqlclosecheck
+    - staticcheck
+    - structcheck
+#    - stylecheck
+    - tagliatelle
+    - tenv
+    - testpackage
+    - thelper
+    - tparallel
+    - typecheck
+    - unconvert
+    - unparam
+    - unused
+    - varcheck
+#    - varnamelen
+    - wastedassign
+    - whitespace
+    - wrapcheck
+#    - wsl
 
 linters-settings:
   dupl:
@@ -57,19 +98,18 @@ linters-settings:
     min-complexity: 30
   revive:
     rules:
-      - name: var-naming
-        arguments:
-          - ["ID", "API", "JSON"] # AllowList
-          - [] # DenyList
-  gomnd:
-    ignored-functions:
-      - os.WriteFile
-      - make
+    - name: var-naming
+      arguments:
+      - [ "ID", "API", "JSON" ] # AllowList
+      - [ ] # DenyList
   gomoddirectives:
     replace-local: true
   gosec:
     config:
       G306: "0644"
+  gomnd:
+     ignored-functions:
+     - ioutil.WriteFile
   wrapcheck:
     ignoreSigs:
       # defaults

CONTRIBUTING.md

@@ -13,7 +13,6 @@
 [CNCF Code of Conduct]: https://github.com/cncf/foundation/blob/master/code-of-conduct.md
 [Kubernetes Community Membership]: https://github.com/kubernetes/community/blob/master/community-membership.md
 
-[Kustomize Architecture]: ARCHITECTURE.md
 [Contribution Guide]: https://kubectl.docs.kubernetes.io/contributing/kustomize/
 [MacOS Dev Guide]: https://kubectl.docs.kubernetes.io/contributing/kustomize/mac/
 [Windows Dev Guide]: https://kubectl.docs.kubernetes.io/contributing/kustomize/windows/
@@ -26,113 +25,13 @@ _As contributors and maintainers of this project, and in the interest of fosteri
 
 ## Getting Started
 
-### Forking Kustomize and Working Locally
-The Kustomize project uses a "Fork and Pull" workflow that is standard to GitHub. In git terms, your personal fork is referred to as the "origin" and the actual project's git repository is called "upstream". To keep your personal branch (origin) up to date with the project (upstream), it must be configured within your local working copy.
+Dev guides:
 
-### Create a fork in GitHub
-1. Visit https://github.com/kubernetes-sigs/kustomize
-2. Click the `Fork` button on the top right
+- [Contribution Guide]
+- [MacOS Dev Guide]
+- [Windows Dev Guide]
 
-### Clone the repository
-```bash
-# Clone your repository fork from the previous step
-git clone --recurse-submodules git@github.com:<your github username>/kustomize.git
-cd kustomize
-
-# Configure upstream
-git remote add upstream https://github.com/kubernetes-sigs/kustomize
-git remote set-url --push upstream no_push
-
-# Review git configuration
-git remote -v
-```
-
-### Create a working branch
-```bash
-# Fetch changes from upstream master
-cd kustomize
-git fetch upstream
-git checkout master
-git rebase upstream/master
-
-# Create your working branch
-git checkout -b myfeature
-```
-
-### Sync your working branch
-You will need to periodically fetch changes from the `upstream` repository to keep your working branch in sync.
-```bash
-cd kustomize
-git fetch upstream
-git checkout myfeature
-git rebase upstream/master
-```
-
-### Push to GitHub
-When your changes are ready for review, push your working branch to your fork on GitHub.
-```bash
-cd kustomize
-git push origin myfeature
-```
-
-### Pull Request Rules
-
-We are using [Conventional Commits v1.0.0](https://www.conventionalcommits.org/en/v1.0.0/) as the main guideline of making PR. This guideline serves to help contributor and maintainer to classify their changes, thus providing better insight on type of release will be covered on each Kustomize release cycle.
-
-1. Please add these keywords on your PR titles accordingly
-
-| Keyword  | Description | Example |
-| ------------- | ------------- | ------------- |
-| fix  | Patching or fixing bugs or improvements introduction from previous release. This type of change will mark a `PATCH` release.  | fix: fix null value when generating yaml |
-| feat  | New features. This change will mark a `MINOR` release. | feat: new transformer and generator for ACME API CRD. |
-| chore  | Minor improvement outside main code base  | chore: add exclusion for transformer test. |
-| ci | CI/CD related changes (e.g. github workflow, scripts, CI steps). | ci: remove blocking tests |
-| docs  | Changes related to documentation. | docs: add rules documentation for PR. |
-
-
-2. Add `BREAKING CHANGE:` on your commit message as footer to signify breaking changes. This will help maintainers identify `MAJOR` releases.
-  
-Example:
-
-```
-feat: change YAML parser from `yaml/v1` to `yaml/v2`
-
-BREAKING CHANGE: parse() function now works with 2 arguments.
-```
-
-### Create a Pull Request
-
-1. Visit your fork at `https://github.com/<user>/kustomize`
-2. Click the **Compare & Pull Request** button next to your `myfeature` branch.
-3. Check out the pull request [process](https://github.com/kubernetes/community/blob/master/contributors/guide/pull-requests.md) for more details and advice.
-
-If you ran `git push` in the previous step, GitHub will return a useful link to create a Pull Request.
-
-### Build Kustomize
-The [Kustomize Architecture] document describes the respository organization and the kustomize build process.
-```bash
-# For go version >= 1.13
-unset GOPATH
-unset GO111MODULES
-
-# Build kustomize binary and install in go bin path
-cd kustomize
-make kustomize
-
-# Run unit tests
-make test-unit-all
-
-# Run linter
-make lint
-
-# Test examples against HEAD
-make test-examples-kustomize-against-HEAD
-
-# Run your development version
-~/go/bin/kustomize version
-```
-
-### General resources for contributors
+General resources for contributors:
 
 - [Contributor License Agreement] - Kubernetes projects require that you sign a Contributor License Agreement (CLA) before we can accept your pull requests.
 - [Kubernetes Contributor Guide] - Main contributor documentation.
@@ -160,144 +59,12 @@ Kustomize follows the [Kubernetes Community Membership] contributor ladder. Role
 
 The kyaml module within the Kustomize repo has additional owners following the same ladder.
 
-For the kustomize project, we have defined some specific guidelines on each step of the ladder:
-
-To reach reviewer status, you must:
-- Have been actively involved in kustomize for 3+ months
-- Review at least 8 PRs that have been driven through to completion (see the reviewer guide below)
-- Author at least 5 PRs that have been approved and merged
-- Be a member of the kubernetes-sigs org. This should not be a blocker though, as once you meet the requirements for reviewer here,
-the existing kustomize maintainers will be happy to sponsor your request to join the kubernetes-sigs org.
-- Once you have met the above requirements, you may submit a PR adding yourself to the kustomize reviewers list, with links to your
-contributions in the description.
-
-To reach approver status, you must:
-- Meet all the requirements of a reviewer
-- Have been actively involved in kustomize for 6+ months
-- Review at least 15 PRs that have been driven through to completion (see the reviewer guide below)
-- Authored PRs meeting *either* of the following requirements:
-  - 15 PRs that have been approved and merged
-  - *OR* 10 PRs that have been approved and merged where some were more difficult, required greater thought/design,
-or built up to larger features/long-term goals.
-- File 3 issues. This can be any number of things, including but not limited to:
-  - Bugs with kustomize usage that you've found
-  - CI or release improvements
-  - Creating subtasks of a larger feature or project that you are in charge of.
-  - Long term improvements for the health of the project
-- Triage at least 10 untriaged issues, including at least 1 feature request. The kustomize bug scrub is a great place to get practice with doing this, but you can
-also follow the triage guide below to get started on your own.
-- Demonstrate deeper understanding of kustomize goals. This can take many forms and is a bit subjective, but here are a few examples:
-  - saying no to an eschewed feature, instead recommending an alternative solution that is more aligned with the declarative configuration model
-  - active participation in discussion on a feature request issue
-  - filing an issue describing a long term problem and solution aligned with kustomize goals, for example: https://github.com/kubernetes-sigs/kustomize/issues/5140
-  - writing up KEPs for features that will improve the kustomize workflow while being aligned with kustomize goals, for example: https://github.com/kubernetes-sigs/kustomize/pull/4558
-- Regularly interact with the existing kustomize maintainers, with clear communication about what you are working on or planning to work on. The kustomize
-maintainers should know who you are and be familiar with your contributions.
-- If you meet *most* of the above requirements while going above and beyond in a few areas, we will still consider your request to become an approver even
-if you are missing one or two of the requirements. Please contact the maintainers directly to ask about getting approver status if you fall into this category.
-- Otherwise, once you meet all the above requirements, you may:
-  - request to be added to the kustomize maintainer meeting that occurs each week with the kustomize PMs.
-  - submit a PR adding yourself to the kustomize approvers list, with links to your contributions in the description.
-
-To reach owner status, you must:
-- Meet all the requirements of an approver
-- Have been actively involved with kustomize for 1+ year
-- Assisted the current owner in driving the roadmap. This can be explicit or implicit help, such as:
-  - Editing the roadmap directly
-  - Reviewing the roadmap
-  - Providing suggestions for issues or prioritization in meetings that indirectly influence the roadmap
-- Regularly triage issues and attend the kustomize bug scrub
-- Regularly review PRs (1-2 a week)
-- Periodically lead the kustomize bug scrub
-- Periodically release kustomize (ensuring that there are no release blockers and that release notes are clean)
-- Be the primary owner or point of contact for a particular project or area of code
-- Ideally, there should be 2-3 owners at a time. Reach out to the current owners if you are interested in ownership. These
-requirements are not strict and evaluation is somewhat subjective.
-
-## Reviewer guide
-Please watch this talk on how to review code from Tim Hockin: https://www.youtube.com/watch?v=OZVv7-o8i40
-
-For reviewing PRs in kustomize, we have some specific guidelines:
-- If the PR is introducing a new feature:
-  - *It must be implementing an issue that has already been triage/accepted or
-a KEP that has been approved.* If it is not, then request the PR author to first file an issue.
-  - The PR must include thorough tests for the new feature, including unit and integration tests
-  - The code must be clean and readable, with thought given to how we will maintain the code in the future
-  - If the feature requires being broken up into multiple PRs to ease review, the feature should not be exposed to users
-    until the feature is completed in the last PR. For example, while we were building `kustomize localize`, we
-    built the feature almost entirely under the `api` module as a library with all the needed tests. There was no way
-    for users to invoke the localize code until the last PR that actually exposed the `kustomize localize` command in the
-    kustomize binary. This allowed us to continue development of `kustomize localize` without blocking kustomize releases.
-    If this type of development is not possible, then new features requiring multiple PRs should be
-    developed in their own feature branch.
-- If the PR is introducing a bug fix:
-  - If the PR is not fixing an issue that has already been triage/accepted, follow the triage guide below on bug
-    fixes to decide if this is a PR we want to accept.
-  - The PR should have two distinct commits:
-    - The first commit should add a test demonstrating incorrect behavior
-    - The second commit should include the bug fix
-    - Some sample PRs:
-      - https://github.com/kubernetes-sigs/kustomize/pull/5263/commits
-      - https://github.com/kubernetes-sigs/kustomize/pull/3931/commits
-    - The regression test is absolutely required, and we cannot accept bug fixes without tests.
-- If the PR is introducing a performance improvement:
-  - The PR description should give an indication of how much the performance is being improved and how we
-    can measure it - benchmark tests are fantastic.
-- Other PRs (documentation, CI improvements, etc.) should be reviewed based on your best judgment.
-
-## Triage guide
-The possible triage labels are listed here: https://github.com/kubernetes-sigs/kustomize/labels?q=triage.
-
-Triaging a feature request means:
-- Understand what the user is asking for, and their use case.
-- Verify that it is not an [eschewed feature](https://kubectl.docs.kubernetes.io/faq/kustomize/eschewedfeatures/#build-time-side-effects-from-cli-args-or-env-variables)
-- Verify that it is not a duplicate issue.
-- Look into workarounds. Is there another way that the user can achieve their use case with existing features?
-- If you are new to this role, prior to leaving a comment on the issue, please bring it to weekly standup
-for group discussion to make sure that we are all on the same page.
-- Once you feel ready, you can label it with a triage label. Here's an [example](https://github.com/kubernetes-sigs/kustomize/issues/5049). You can also
-look at other feature request issues to see how they were triaged and resolved. There are a few different triage labels that you can use, you can see the
-full list [here](https://github.com/kubernetes-sigs/kustomize/labels?q=triage).
-
-Triaging a bug means:
-- First, verify that you can reproduce the issue. If you cannot reproduce the issue or need more information to give
-it a go, triage it accordingly.
-- Try to understand if this is really a bug or if this is intended behavior from kustomize. If it seems like intended
-behavior, do your best to explain to the user why this is the case.
-- If it seems to be a genuine bug, you can /triage accept the issue. In addition, investigate if there are workarounds or
-alternative solutions for the user that they can try until the issue gets resolved.
-
-The triage party for kustomize is here https://cli.triage.k8s.io/s/kustomize and can be a easy way to
-find issues that have not been triaged yet.
-
-## Project/Product Managers
-
-Kustomize will have opportunities to join in a project/product manager role. You can reach out to
-the existing kustomize maintainers if you are interested in this type of role. Project management work
-can greatly help supplement your contributions as you climb from reviewer to approver
-to owner.
-
-Expectations for this role are:
-
-- Triage 1 feature request each week, and bring it to weekly stand-up for discussion. Feature
-requests are issues labeled kind/feature, and you can find them [here](https://github.com/kubernetes-sigs/kustomize/issues?q=is%3Aissue+is%3Aopen+kind+feature+label%3Akind%2Ffeature).
-Please view the above triage guide for details on how to approach feature request triage.
-- Monitor the kustomize Slack channel and try to help users if you can. It is a pretty
-active channel, so responding to 4-5 users per week is sufficient even if some
-questions go unanswered. If there is an interesting topic or a recurring problem that many
-users are having, please bring it up in weekly stand-up.
-- Keeping track of a queue of backlog issues or PRs that are not being actively looked at in any existing project board.
-- Organizing or reorganizing project tracking boards when it makes sense.
-
-You will also be asked to help with roadmap planning, deprecation communication, prioritization,
-and doing research on kustomize usage when appropriate, though these responsibilities will occur less
-frequently.
-
-## Administrative notes:
+Administrative notes:
 
 - The [OWNERS file spec] is a useful resources in making changes.
 - Maintainers and admins must be added to the appropriate lists in both [Kustomize OWNERS_ALIASES] and [SIG-CLI Teams]. If this isn't done, the individual in question will lack either PR approval rights (Kustomize list) or the appropriate Github repository permissions (community list).
 
+
 ## Contact Information
 
 - [Slack channel]

Makefile

@@ -3,7 +3,7 @@
 #
 # Makefile for kustomize CLI and API.
 
-LATEST_RELEASE=v5.8.1
+LATEST_V4_RELEASE=v4.5.5
 
 SHELL := /usr/bin/env bash
 GOOS = $(shell go env GOOS)
@@ -56,25 +56,26 @@ uninstall-local-tools:
 
 # Build from local source.
 $(MYGOBIN)/gorepomod:
-	cd cmd/gorepomod && go install .
+	cd cmd/gorepomod; \
+	go install .
 
 # Build from local source.
 $(MYGOBIN)/k8scopy:
-	cd cmd/k8scopy && go install .
+	cd cmd/k8scopy; \
+	go install .
 
 # Build from local source.
 $(MYGOBIN)/pluginator:
-	cd cmd/pluginator && go install .
+	cd cmd/pluginator; \
+	go install .
 
 
 # --- Build targets ---
 
 # Build from local source.
 $(MYGOBIN)/kustomize: build-kustomize-api
-	cd kustomize && go install -ldflags \
-	"-X sigs.k8s.io/kustomize/api/provenance.buildDate=$(shell date -u +'%Y-%m-%dT%H:%M:%SZ') \
-	 -X sigs.k8s.io/kustomize/api/provenance.version=$(shell git describe --tags --always --dirty)" \
-	.
+	cd kustomize; \
+	go install .
 
 kustomize: $(MYGOBIN)/kustomize
 
@@ -82,38 +83,34 @@ kustomize: $(MYGOBIN)/kustomize
 # plugin-to-api compatibility checks.
 .PHONY: build-kustomize-api
 build-kustomize-api: $(MYGOBIN)/goimports $(builtinplugins)
-	cd api && $(MAKE) build
+	cd api; $(MAKE) build
 
 .PHONY: generate-kustomize-api
 generate-kustomize-api:
-	cd api && $(MAKE) generate
+	cd api; $(MAKE) generate
 
 
 # --- Verification targets ---
 .PHONY: verify-kustomize-repo
 verify-kustomize-repo: \
 	install-tools \
-	lint \
 	check-license \
 	test-unit-all \
 	build-non-plugin-all \
 	test-go-mod \
 	test-examples-kustomize-against-HEAD \
-	test-examples-kustomize-against-latest-release
+	test-examples-kustomize-against-v4-release
 
 # The following target referenced by a file in
 # https://github.com/kubernetes/test-infra/tree/master/config/jobs/kubernetes-sigs/kustomize
 .PHONY: prow-presubmit-check
 prow-presubmit-check: \
 	install-tools \
-	workspace-sync \
-	generate-kustomize-builtin-plugins \
-	builtin-plugins-diff \
 	test-unit-kustomize-plugins \
 	test-go-mod \
 	build-non-plugin-all \
 	test-examples-kustomize-against-HEAD \
-	test-examples-kustomize-against-latest-release
+	test-examples-kustomize-against-v4-release
 
 .PHONY: license
 license: $(MYGOBIN)/addlicense
@@ -127,30 +124,22 @@ check-license: $(MYGOBIN)/addlicense
 lint: $(MYGOBIN)/golangci-lint $(MYGOBIN)/goimports $(builtinplugins)
 	./hack/for-each-module.sh "make lint"
 
-.PHONY: apidiff
-apidiff: $(MYGOBIN)/go-apidiff ## Run the go-apidiff to verify any API differences compared with origin/master
-	go-apidiff master --compare-imports --print-compatible --repo-path=.
-
 .PHONY: test-unit-all
 test-unit-all: \
 	test-unit-non-plugin \
 	test-unit-kustomize-plugins
 
+# This target is used by our Github Actions CI to run unit tests for all non-plugin modules in multiple GOOS environments.
 .PHONY: test-unit-non-plugin
 test-unit-non-plugin:
-	./hack/for-each-module.sh "make test" "./plugin/*" 20
-
-# This target is used by our Github Actions CI to run unit tests for all non-plugin and non-released modules in multiple GOOS environments.
-.PHONY: test-unit-non-plugin-and-non-released
-test-unit-non-plugin-and-non-released:
-	./hack/for-each-module.sh "make test" "./plugin/*|./kyaml/go.mod|./cmd/config/go.mod|./api/go.mod|./kustomize/go.mod" 16
+	./hack/for-each-module.sh "make test" "./plugin/*" 15
 
 .PHONY: build-non-plugin-all
 build-non-plugin-all:
-	./hack/for-each-module.sh "make build" "./plugin/*" 20
+	./hack/for-each-module.sh "make build" "./plugin/*" 15
 
 .PHONY: test-unit-kustomize-plugins
-test-unit-kustomize-plugins: build-kustomize-external-go-plugin
+test-unit-kustomize-plugins:
 	./hack/testUnitKustomizePlugins.sh
 
 .PHONY: functions-examples-all
@@ -162,7 +151,7 @@ functions-examples-all:
 	done
 
 test-go-mod:
-	./hack/for-each-module.sh "go mod tidy -v"
+	./hack/for-each-module.sh "go list -m -json all > /dev/null && go mod tidy -v"
 
 .PHONY:
 verify-kustomize-e2e: $(MYGOBIN)/mdrip $(MYGOBIN)/kind
@@ -179,14 +168,9 @@ test-examples-kustomize-against-HEAD: $(MYGOBIN)/kustomize $(MYGOBIN)/mdrip
 	./hack/testExamplesAgainstKustomize.sh HEAD
 
 .PHONY:
-test-examples-kustomize-against-latest-release: $(MYGOBIN)/mdrip
-	./hack/testExamplesAgainstKustomize.sh v5@$(LATEST_RELEASE)
+test-examples-kustomize-against-v4-release: $(MYGOBIN)/mdrip
+	./hack/testExamplesAgainstKustomize.sh v4@$(LATEST_V4_RELEASE)
 
-# Pushes dependencies in the go.work file back to go.mod files of each workspace module.
-.PHONY: workspace-sync
-workspace-sync:
-	go work sync
-	./hack/doGoMod.sh tidy
 
 # --- Cleanup targets ---
 .PHONY: clean

Makefile-modules.mk

@@ -14,7 +14,6 @@ include $(KUSTOMIZE_ROOT)/Makefile-tools.mk
 .PHONY: lint test fix fmt tidy vet build
 
 lint: $(MYGOBIN)/golangci-lint
-	$(MYGOBIN)/golangci-lint cache clean # Workaround for https://github.com/golangci/golangci-lint/issues/3228
 	$(MYGOBIN)/golangci-lint \
 	  -c $$KUSTOMIZE_ROOT/.golangci.yml \
 	  --path-prefix $(shell pwd | sed -E 's|(.*\/kustomize)/(.*)|\2|') \

Makefile-plugins.mk

@@ -34,7 +34,7 @@ _builtinplugins = \
 	HashTransformer.go \
 	ImageTagTransformer.go \
 	LabelTransformer.go \
-	SortOrderTransformer.go \
+	LegacyOrderTransformer.go \
 	NamespaceTransformer.go \
 	PatchJson6902Transformer.go \
 	PatchStrategicMergeTransformer.go \
@@ -63,7 +63,7 @@ $(pGen)/GkeSaGenerator.go: $(pSrc)/gkesagenerator/GkeSaGenerator.go
 $(pGen)/HashTransformer.go: $(pSrc)/hashtransformer/HashTransformer.go
 $(pGen)/ImageTagTransformer.go: $(pSrc)/imagetagtransformer/ImageTagTransformer.go
 $(pGen)/LabelTransformer.go: $(pSrc)/labeltransformer/LabelTransformer.go
-$(pGen)/SortOrderTransformer.go: $(pSrc)/sortordertransformer/SortOrderTransformer.go
+$(pGen)/LegacyOrderTransformer.go: $(pSrc)/legacyordertransformer/LegacyOrderTransformer.go
 $(pGen)/NamespaceTransformer.go: $(pSrc)/namespacetransformer/NamespaceTransformer.go
 $(pGen)/PatchJson6902Transformer.go: $(pSrc)/patchjson6902transformer/PatchJson6902Transformer.go
 $(pGen)/PatchStrategicMergeTransformer.go: $(pSrc)/patchstrategicmergetransformer/PatchStrategicMergeTransformer.go
@@ -79,7 +79,7 @@ $(pGen)/HelmChartInflationGenerator.go: $(pSrc)/helmchartinflationgenerator/Helm
 # The (verbose but portable) Makefile way to convert to lowercase.
 toLowerCase = $(subst A,a,$(subst B,b,$(subst C,c,$(subst D,d,$(subst E,e,$(subst F,f,$(subst G,g,$(subst H,h,$(subst I,i,$(subst J,j,$(subst K,k,$(subst L,l,$(subst M,m,$(subst N,n,$(subst O,o,$(subst P,p,$(subst Q,q,$(subst R,r,$(subst S,s,$(subst T,t,$(subst U,u,$(subst V,v,$(subst W,w,$(subst X,x,$(subst Y,y,$(subst Z,z,$1))))))))))))))))))))))))))
 
-$(pGen)/%.go: $(MYGOBIN)/pluginator $(MYGOBIN)/goimports
+$(pGen)/%.go: $(MYGOBIN)/pluginator
 	@echo "generating $*"
 	( \
 		set -e; \
@@ -89,29 +89,9 @@ $(pGen)/%.go: $(MYGOBIN)/pluginator $(MYGOBIN)/goimports
 		$(MYGOBIN)/goimports -w $*.go \
 	)
 
-# Generate builtin plugins
+# Target is for debugging.
 .PHONY: generate-kustomize-builtin-plugins
-generate-kustomize-builtin-plugins: $(builtplugins)
-	for plugin in $(abspath $(wildcard $(pSrc)/*)); do \
-		echo "generating $${plugin} ..."; \
-		set -e; \
-		cd $${plugin}; \
-		go generate .; \
-	done
-
-# Check for diff by comparing current revision of generated plugins on HEAD and newly generated plugins on local branch,
-# If diff is found, throw error code 1
-.PHONY: builtin-plugins-diff
-builtin-plugins-diff: $(builtplugins)
-	for file in $(abspath $(builtinplugins)); do \
-		echo "Checking for diff... $${file}" ; \
-		set -e ; \
-		if [ "`git diff $${file} | wc -c`" -gt 0 ]; then\
-			echo "Error(1): diff found on $${file}"; \
-			git diff $${file};\
-			exit 1;\
-		fi \
-	done
+generate-kustomize-builtin-plugins: $(builtinplugins)
 
 .PHONY: build-kustomize-external-go-plugin
 build-kustomize-external-go-plugin:

Makefile-tools.mk

@@ -1,17 +1,12 @@
 # Copyright 2022 The Kubernetes Authors.
 # SPDX-License-Identifier: Apache-2.0
 
-GOOS = $(shell go env GOOS)
-GOARCH = $(shell go env GOARCH)
 MYGOBIN = $(shell go env GOBIN)
 ifeq ($(MYGOBIN),)
 MYGOBIN = $(shell go env GOPATH)/bin
 endif
 export PATH := $(MYGOBIN):$(PATH)
 
-REPO_ROOT=$(shell git rev-parse --show-toplevel)
-GOLANGCI_LINT_VERSION ?= $(shell cd $(REPO_ROOT)/hack && go list -m -f '{{.Version}}' github.com/golangci/golangci-lint)
-
 # determines whether to run tests that only behave locally; can be overridden by override variable
 export IS_LOCAL = false
 
@@ -21,7 +16,8 @@ install-out-of-tree-tools: \
 	$(MYGOBIN)/golangci-lint \
 	$(MYGOBIN)/helmV3 \
 	$(MYGOBIN)/mdrip \
-	$(MYGOBIN)/stringer
+	$(MYGOBIN)/stringer \
+	$(MYGOBIN)/goimports
 
 .PHONY: uninstall-out-of-tree-tools
 uninstall-out-of-tree-tools:
@@ -31,68 +27,75 @@ uninstall-out-of-tree-tools:
 	rm -f $(MYGOBIN)/mdrip
 	rm -f $(MYGOBIN)/stringer
 
-# golangci-lint is not guaranteed to use from tool directive, so we install it directly.
-# https://golangci-lint.run/docs/welcome/install/local/#install-from-sources
-.PHONY: $(MYGOBIN)/golangci-lint
 $(MYGOBIN)/golangci-lint:
-	go install github.com/golangci/golangci-lint/cmd/golangci-lint@$(GOLANGCI_LINT_VERSION)
+	go install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.46.2
 
-.PHONY: $(MYGOBIN)/mdrip
 $(MYGOBIN)/mdrip:
-	cd $(REPO_ROOT)/hack && go install github.com/monopole/mdrip
+	go install github.com/monopole/mdrip@v1.0.2
 
-.PHONY: $(MYGOBIN)/stringer
 $(MYGOBIN)/stringer:
-	cd $(REPO_ROOT)/hack && go install golang.org/x/tools/cmd/stringer
+	go install golang.org/x/tools/cmd/stringer@latest
 
-.PHONY: $(MYGOBIN)/goimports
 $(MYGOBIN)/goimports:
-	cd $(REPO_ROOT)/hack && go install golang.org/x/tools/cmd/goimports
+	go install golang.org/x/tools/cmd/goimports@latest
 
-.PHONY: $(MYGOBIN)/mdtogo
 $(MYGOBIN)/mdtogo:
-	cd $(REPO_ROOT)/hack && go install sigs.k8s.io/kustomize/cmd/mdtogo
+	go install sigs.k8s.io/kustomize/cmd/mdtogo@latest
 
-.PHONY: $(MYGOBIN)/addlicense
 $(MYGOBIN)/addlicense:
-	cd $(REPO_ROOT)/hack && go install github.com/google/addlicense
+	go install github.com/google/addlicense@latest
+
+$(MYGOBIN)/statik:
+	go install github.com/rakyll/statik@latest
+
+$(MYGOBIN)/goreleaser:
+	go install github.com/goreleaser/goreleaser@v0.179.0 # https://github.com/kubernetes-sigs/kustomize/issues/4542
 
-.PHONY: $(MYGOBIN)/kind
 $(MYGOBIN)/kind:
-	cd $(REPO_ROOT)/hack && go install sigs.k8s.io/kind
+	( \
+        set -e; \
+        d=$(shell mktemp -d); cd $$d; \
+        wget -O ./kind https://github.com/kubernetes-sigs/kind/releases/download/v0.7.0/kind-$(GOOS)-$(GOARCH); \
+        chmod +x ./kind; \
+        mv ./kind $(MYGOBIN); \
+        rm -rf $$d; \
+	)
 
-.PHONY: $(MYGOBIN)/controller-gen
-$(MYGOBIN)/controller-gen:
-	cd $(REPO_ROOT)/hack && go install sigs.k8s.io/controller-tools/cmd/controller-gen
-
-.PHONY: $(MYGOBIN)/embedmd
-$(MYGOBIN)/embedmd:
-	cd $(REPO_ROOT)/hack && go install github.com/campoy/embedmd
-
-.PHONY: $(MYGOBIN)/go-bindata
-$(MYGOBIN)/go-bindata:
-	cd $(REPO_ROOT)/hack && go install github.com/go-bindata/go-bindata/v3/go-bindata
-
-.PHONY: $(MYGOBIN)/go-apidiff
-$(MYGOBIN)/go-apidiff:
-	cd $(REPO_ROOT)/hack && go install github.com/joelanford/go-apidiff
-
-.PHONY: $(MYGOBIN)/gh
+# linux only.
 $(MYGOBIN)/gh:
-	cd $(REPO_ROOT)/hack && go install github.com/cli/cli/cmd/gh
+	( \
+		set -e; \
+		d=$(shell mktemp -d); cd $$d; \
+		tgzFile=gh_1.0.0_$(GOOS)_$(GOARCH).tar.gz; \
+		wget https://github.com/cli/cli/releases/download/v1.0.0/$$tgzFile; \
+		tar -xvzf $$tgzFile; \
+		mv gh_1.0.0_$(GOOS)_$(GOARCH)/bin/gh  $(MYGOBIN)/gh; \
+		rm -rf $$d \
+	)
 
-.PHONY: $(MYGOBIN)/kubeval
+# linux only.
+# This is for testing an example plugin that
+# uses kubeval for validation.
+# Don't want to add a hard dependence in go.mod file
+# to github.com/instrumenta/kubeval.
+# Instead, download the binary.
 $(MYGOBIN)/kubeval:
-	cd $(REPO_ROOT)/hack && go install github.com/instrumenta/kubeval
+	( \
+		set -e; \
+		d=$(shell mktemp -d); cd $$d; \
+		wget https://github.com/instrumenta/kubeval/releases/latest/download/kubeval-$(GOOS)-$(GOARCH).tar.gz; \
+		tar xf kubeval-$(GOOS)-$(GOARCH).tar.gz; \
+		mv kubeval $(MYGOBIN); \
+		rm -rf $$d; \
+	)
 
 # Helm V3 differs from helm V2; downloading it to provide coverage for the
 # chart inflator plugin under helm v3.
-.PHONY: $(MYGOBIN)/helmV3
 $(MYGOBIN)/helmV3:
 	( \
 		set -e; \
 		d=$(shell mktemp -d); cd $$d; \
-		tgzFile=helm-v3.10.2-$(GOOS)-$(GOARCH).tar.gz; \
+		tgzFile=helm-v3.6.3-$(GOOS)-$(GOARCH).tar.gz; \
 		wget https://get.helm.sh/$$tgzFile; \
 		tar -xvzf $$tgzFile; \
 		mv $(GOOS)-$(GOARCH)/helm $(MYGOBIN)/helmV3; \

OWNERS

@@ -1,5 +1,6 @@
 # See https://github.com/kubernetes/community/blob/master/community-membership.md
 approvers:
   - kustomize-approvers
+
 reviewers:
   - kustomize-reviewers

OWNERS_ALIASES

@@ -3,35 +3,27 @@
 aliases:
   kustomize-owners:
     - knverey
-    - koba1t
+    - natasha41575
   kustomize-approvers:
     - knverey
-    - koba1t
-    - varshaprasad96
+    - natasha41575
   kustomize-reviewers:
     - knverey
-    - koba1t
-    - varshaprasad96
-    - ncapps
-    - sarab97
+    - natasha41575
+    - yuwenma
 
-  docs-approvers:
-    - ncapps
-  docs-reviewers:
-    - ncapps
+  kyaml-approvers:
+    - mengqiy
+    - mortent
+    - phanimarupaka
+  kyaml-reviewers:
+    - mengqiy
+    - mortent
+    - phanimarupaka
 
-  commands-approvers: []
-  commands-reviewers: []
-
-  #  emeritus:
-  #    - liujingfang1
-  #    - Shell32-Natsu
-  #    - justinsb
-  #    - monopole
-  #    - pwittrock
-  #    - mengqiy
-  #    - mortent
-  #    - phanimarupaka
-  #    - natasha41575
-  #    - annasong20
-  #    - yuwenma
+  emeritus-approvers:
+    - liujingfang1
+    - Shell32-Natsu
+    - justinsb
+    - monopole
+    - pwittrock

README.md

@@ -20,14 +20,6 @@ This tool is sponsored by [sig-cli] ([KEP]).
 
 ## kubectl integration
 
-To find the kustomize version embedded in recent versions of kubectl, run `kubectl version`:
-
-```sh
-> kubectl version --client
-Client Version: v1.31.0
-Kustomize Version: v5.4.2
-```
-
 The kustomize build flow at [v2.0.3] was added
 to [kubectl v1.14][kubectl announcement].  The kustomize
 flow in kubectl remained frozen at v2.0.3 until kubectl v1.21,
@@ -36,16 +28,11 @@ be updated on a regular basis going forward, and such updates
 will be reflected in the Kubernetes release notes.
 
 | Kubectl version | Kustomize version |
-| --------------- | ----------------- |
-| < v1.14         | n/a               |
-| v1.14-v1.20     | v2.0.3            |
-| v1.21           | v4.0.5            |
-| v1.22           | v4.2.0            |
-| v1.23           | v4.4.1            |
-| v1.24           | v4.5.4            |
-| v1.25           | v4.5.7            |
-| v1.26           | v4.5.7            |
-| v1.27           | v5.0.1            |
+| --- | --- |
+| < v1.14 | n/a |
+| v1.14-v1.20 | v2.0.3 |
+| v1.21 | v4.0.5 |
+| v1.22 | v4.2.0 |
 
 [v2.0.3]: https://github.com/kubernetes-sigs/kustomize/releases/tag/v2.0.3
 [#2506]: https://github.com/kubernetes-sigs/kustomize/issues/2506
@@ -68,37 +55,7 @@ This file should declare those resources, and any
 customization to apply to them, e.g. _add a common
 label_.
 
-```
-
-base: kustomization + resources
-
-kustomization.yaml                                      deployment.yaml                                                 service.yaml
-+---------------------------------------------+         +-------------------------------------------------------+       +-----------------------------------+
-| apiVersion: kustomize.config.k8s.io/v1beta1 |         | apiVersion: apps/v1                                   |       | apiVersion: v1                    |
-| kind: Kustomization                         |         | kind: Deployment                                      |       | kind: Service                     |
-| labels:                                     |         | metadata:                                             |       | metadata:                         |
-| - includeSelectors: true                    |         |   name: myapp                                         |       |   name: myapp                     |
-|   pairs:                                    |         | spec:                                                 |       | spec:                             |
-|     app: myapp                              |         |   selector:                                           |       |   selector:                       |
-| resources:                                  |         |     matchLabels:                                      |       |     app: myapp                    |
-|   - deployment.yaml                         |         |       app: myapp                                      |       |   ports:                          |
-|   - service.yaml                            |         |   template:                                           |       |     - port: 6060                  |
-| configMapGenerator:                         |         |     metadata:                                         |       |       targetPort: 6060            |
-|   - name: myapp-map                         |         |       labels:                                         |       +-----------------------------------+
-|     literals:                               |         |         app: myapp                                    |
-|       - KEY=value                           |         |     spec:                                             |
-+---------------------------------------------+         |       containers:                                     |
-                                                        |         - name: myapp                                 |
-                                                        |           image: myapp                                |
-                                                        |           resources:                                  |
-                                                        |             limits:                                   |
-                                                        |               memory: "128Mi"                         |
-                                                        |               cpu: "500m"                             |
-                                                        |           ports:                                      |
-                                                        |             - containerPort: 6060                     |
-                                                        +-------------------------------------------------------+
-
-```
+![base image][imageBase]
 
 File structure:
 
@@ -134,41 +91,20 @@ Manage traditional [variants] of a configuration - like
 _development_, _staging_ and _production_ - using
 [overlays] that modify a common [base].
 
-```
-
-overlay: kustomization + patches
-
-kustomization.yaml                                      replica_count.yaml                      cpu_count.yaml
-+-----------------------------------------------+       +-------------------------------+       +------------------------------------------+
-| apiVersion: kustomize.config.k8s.io/v1beta1   |       | apiVersion: apps/v1           |       | apiVersion: apps/v1                      |
-| kind: Kustomization                           |       | kind: Deployment              |       | kind: Deployment                         |
-| labels:                                       |       | metadata:                     |       | metadata:                                |
-|  - includeSelectors: true                     |       |   name: myapp                 |       |   name: myapp                            |
-|    pairs:                                     |       | spec:                         |       | spec:                                    |
-|      variant: prod                            |       |   replicas: 80                |       |  template:                               |
-| resources:                                    |       +-------------------------------+       |     spec:                                |
-|   - ../../base                                |                                               |       containers:                        |
-| patches:                                      |                                               |         - name: myapp                    |
-|   - path: replica_count.yaml                  |                                               |           resources:                     |
-|   - path: cpu_count.yaml                      |                                               |             limits:                      |
-+-----------------------------------------------+                                               |               memory: "128Mi"            |
-                                                                                                |               cpu: "7000m"               |
-                                                                                                +------------------------------------------+
-```
-
+![overlay image][imageOverlay]
 
 File structure:
 > ```
 > ~/someApp
 > ├── base
-> │   ├── deployment.yaml
-> │   ├── kustomization.yaml
-> │   └── service.yaml
+> │   ├── deployment.yaml
+> │   ├── kustomization.yaml
+> │   └── service.yaml
 > └── overlays
 >     ├── development
->     │   ├── cpu_count.yaml
->     │   ├── kustomization.yaml
->     │   └── replica_count.yaml
+>     │   ├── cpu_count.yaml
+>     │   ├── kustomization.yaml
+>     │   └── replica_count.yaml
 >     └── production
 >         ├── cpu_count.yaml
 >         ├── kustomization.yaml
@@ -222,6 +158,8 @@ is governed by the [Kubernetes Code of Conduct].
 [applied]: https://kubectl.docs.kubernetes.io/references/kustomize/glossary/#apply
 [base]: https://kubectl.docs.kubernetes.io/references/kustomize/glossary/#base
 [declarative configuration]: https://kubectl.docs.kubernetes.io/references/kustomize/glossary/#declarative-application-management
+[imageBase]: images/base.jpg
+[imageOverlay]: images/overlay.jpg
 [kubectl announcement]: https://kubernetes.io/blog/2019/03/25/kubernetes-1-14-release-announcement
 [kubernetes documentation]: https://kubernetes.io/docs/tasks/manage-kubernetes-objects/kustomization/
 [kubernetes style]: https://kubectl.docs.kubernetes.io/references/kustomize/glossary/#kubernetes-style-object

ROADMAP.md

@@ -1,185 +1,112 @@
-# Kustomize roadmap 2023-2024
+# Kustomize roadmap 2022
 
-This document describes the items that we hope to make progress on over the next
-1 year (H2 2023 and H1 2024). Take this roadmap as more of what we hope to achieve
-rather than what we promise to achieve, as some items in this doc are highly dependent
-on the success that we have on-ramping new contributors to the project, and other
-items will depend on external contributions, which can vary.
+Presented at the [January 26, 2022, SIG-CLI meeting](https://youtu.be/l2plzJ9MRlk?t=1321)
 
-If you are interested in contributing to a particular area, you can look through
-the project board for that area and assign yourself to one of the issues. It is
-recommended to start with smaller issues to ramp up on the project before starting
-to tackle larger issues.
+kustomize maintainers: @knverey, @natasha41575
 
-Project boards:
-https://github.com/orgs/kubernetes-sigs/projects/50
-https://github.com/orgs/kubernetes-sigs/projects/51
-https://github.com/orgs/kubernetes-sigs/projects/52
-https://github.com/orgs/kubernetes-sigs/projects/53
-https://github.com/orgs/kubernetes-sigs/projects/54
+[Objective: Improve contributor community](#objective-improve-contributor-community)
 
-## Kustomize contributors (at time of writing):
+[Objective: Improve end-user experience](#objective-improve-end-user-experience)
 
-kustomize owner: @natasha41575
+[Objective: Improve extension experience](#objective-improve-extension-experience)
 
-kustomize maintainers: @annasong20, @koba1t
+## Objective: Improve contributor community
 
-kustomize contributors: @varshaprasad96
+**_WHO: End user who also contributes source code._**
+
+Top priority:
+
+- Kustomization v1 (also end-user impact) ([PROJECT](https://github.com/kubernetes-sigs/kustomize/projects/12))
+  - Remove the following fields:
+    - [vars](https://github.com/kubernetes-sigs/kustomize/issues/2052)
+    - [patchesJson6902, patchesStrategicMerge (consolidate on \`patches)](https://github.com/kubernetes-sigs/kustomize/issues/4376)
+    - [helmChartInflationGenerator, helmCharts, helmGlobals](https://github.com/kubernetes-sigs/kustomize/issues/4401)
+    - all long-deprecated fields in Kustomization v1 such as \`bases\` and those being accommodate by kustomize edit \[[see code snippet](https://github.com/kubernetes-sigs/kustomize/blob/ee4b7847f0beb6c0d2070673b10f23f7b3e92e82/api/types/fix.go#L15)\]
+  - Ensure that \`kustomize edit fix\` handles migrations for all those, and that anything it changes is not still present in v1.
+  - [Add reorder field](https://github.com/kubernetes-sigs/kustomize/issues/3913). Default should be FIFO and legacy should also be supported (could add alphabetic and custom sort support eventually). Replaces -reorder flag.
+  - [Reconcile openapi and crds field](https://github.com/kubernetes-sigs/kustomize/issues/3944)
+  - [Consider deprecating configurations field](https://github.com/kubernetes-sigs/kustomize/issues/3945) (old, pre-plugin, pre-openapi global configuration)
+  - [Add a field to enable the managedby label](https://github.com/kubernetes-sigs/kustomize/issues/4047)
+
+Second priority:
+
+- Improve contributor documentation
+  - [Instructions to upgrade kustomize-in-kubectl](https://github.com/kubernetes-sigs/kustomize/issues/3951)
+
+Also very valuable to the project:
+
+- [Improve the release process](https://github.com/kubernetes-sigs/kustomize/issues/3952) to support regular biweekly releases [PROJECT](https://github.com/kubernetes-sigs/kustomize/projects/7)
+- Release sigs.k8s.io/kustomize/api v1.0.0 [PROJECT](https://github.com/kubernetes-sigs/kustomize/projects/5)
+  - [Reduce the public surface of the API module](https://github.com/kubernetes-sigs/kustomize/issues/3942)
+  - [Vendor all transitive deps](https://github.com/kubernetes-sigs/kustomize/issues/3706). Since kustomize is in kubectl, we must do as kubectl does to manage deps, exposing new transitive deps in code review.
+- Project administration
+  - [Rename master branch to main](https://github.com/kubernetes-sigs/kustomize/issues/3954)
 
 
-# H2 2023
 
-## Goal: Create kustomize leadership and contributor playbooks
+## Objective: Improve end-user experience
 
-Contributors: natasha41575, annasong20
+**_WHO: End user that wants kustomize build artifacts (binaries, containers)._**
 
-Priority: High
+Top priorities:
 
-Effort: Medium
+- Bug fixes:
+  - Fix bugs in basic anchor support: [issue query](https://github.com/kubernetes-sigs/kustomize/issues?q=is%3Aopen+is%3Aissue+label%3Aarea%2Fanchors)
+  - integer keys support: [#3446](https://github.com/kubernetes-sigs/kustomize/issues/3446)
+  - kyaml not respecting \`$patch replace|retainKeys\`: [#2037](https://github.com/kubernetes-sigs/kustomize/issues/2037)
+  - kustomize removing quotes from namespace field values: [#4146](https://github.com/kubernetes-sigs/kustomize/issues/4146)
+  - Kustomize doesn’t support metadata.generateName: [#641](https://github.com/kubernetes-sigs/kustomize/issues/641)
+- Send kustomize CLI version number into kubectl ([kubectl issue](https://github.com/kubernetes/kubectl/issues/797) / [kustomize issue](https://github.com/kubernetes-sigs/kustomize/issues/1424))
+- Kustomize performance investigations/improvements [PROJECT](https://github.com/kubernetes-sigs/kustomize/projects/13)
+- [Support generic resource references in name reference tracking](https://github.com/kubernetes-sigs/kustomize/issues/3418)
+- [KEP 4267: retain the resource origin and transformer data in annotations](https://github.com/kubernetes-sigs/kustomize/pull/4267)
 
-In the past, when the leads stopped contributing (for various reasons, not covered here)
-in various kubernetes projects, it left a wide hole that few could easily fill,
-leaving the remaining leads in a bad position and the project understaffed. We should assume
-that we will need to onboard new maintainers in the future, and should have playbooks
-for doing so. As we grow the contributor base in kustomize, we will build these playbooks for
-those who are contributing and those who are looking to grow into kustomize leaders.
-To ensure the long term health and stability of the project, we should have:
+Secondary priorities:
 
-- On-boarding guides for new contributors
-- Clear guidelines for how to climb the kustomize ladder from contributor to approver to owner
-- A plan (maybe a schedule) for future kustomize cohorts
-- A succession plan, in case the current kustomize leads ever decide to step down
+- kustomize cli v5 ([PROJECT](https://github.com/kubernetes-sigs/kustomize/projects/14))
+  - [Drop the --reorder flag](https://github.com/kubernetes-sigs/kustomize/issues/3947)
+  - [Graduate cfg read-only commands out of alpha](https://github.com/kubernetes-sigs/kustomize/issues/4090).
+  - [Drop the –enable-managedby-label](https://github.com/kubernetes-sigs/kustomize/issues/4047)
+  - Drop old plugin-related fields in favor of [the Catalog-style fields](https://github.com/kubernetes/enhancements/tree/master/keps/sig-cli/2906-kustomize-function-catalog).
+  - [Drop the helm flags](https://github.com/kubernetes-sigs/kustomize/issues/4401)
+- [Confusion around namespace replacement](https://github.com/kubernetes-sigs/kustomize/issues/880).
 
-## Goal: Onboard 2-5 new contributors to kustomize
+Also very valuable to the project:
 
-Contributors: natasha41575, annasong20, koba1t
+- [Overinclusion of root directory error in error messages](https://github.com/kubernetes-sigs/kustomize/issues/4348)
+- [Add kustomize localize command](https://github.com/kubernetes-sigs/kustomize/issues/3980)
+- [Fix Windows support in test suite](https://github.com/kubernetes-sigs/kustomize/issues/4001)
+- Improve end-user documentation [PROJECT](https://github.com/kubernetes-sigs/kustomize/projects/9)
 
-Priority: High
 
-Effort: High
+## Objective: Improve extension experience
 
-In order to make progress on kustomize goals in the future, we need to increase the
-level of staffing on kustomize. We should leverage community contributions to keep kustomize
-healthy and making progress.
+**_WHO: Plugin developers: end users who extend kustomize, but don’t think about internals._**
 
-The primary means in which we will try to find new kustomize contributors is through the new kustomize
-maintainer training cohort. We will lead a group of ~20 kubernetes community members through a 3-6 month
-training program, involving talk sessions, bug scrubs, issue triage, PR reviews, and coding projects for
-each member.
+This objective is described in detail in the [Kustomize Plugin Graduation KEP](https://github.com/kubernetes/enhancements/tree/master/keps/sig-cli/2953-kustomize-plugin-graduation) / [PROJECT](https://github.com/kubernetes-sigs/kustomize/projects/15) .
 
-See [our call for help](https://groups.google.com/a/kubernetes.io/g/dev/c/M5OphEVsv5o/m/zc6G4H15AAAJ) for more
-specific details about the program.
+Top priorities:
 
-The effort from existing kustomize maintainers here will be to:
-- Organize the cohort, so that each cohort member feels productive and understands what they should work on
-- Align motivation of the cohort members with the work that we assign to them.
-- Review PRs from cohort members in a timely manner.
-- Be the point(s) of contact for questions/escalations
-- Lead weekly stand-ups and monthly bug scrubs
+- Fix core usability issues with KRM Function extensions:
+  - [Better errors for function config failures](https://github.com/kubernetes-sigs/kustomize/issues/4398)
+  - [Container KRM Mounts are not mounting via function parameters](https://github.com/kubernetes-sigs/kustomize/issues/4290)
+  - [Resolution of local file references in extensions transformer configuration](https://github.com/kubernetes-sigs/kustomize/issues/4154)
+  - [Do not silently ignore plugins when config has typo](https://github.com/kubernetes-sigs/kustomize/issues/4399)
+  - [KRM Exec Function can't locate executable when referencing a base](https://github.com/kubernetes-sigs/kustomize/issues/4347)
+- Once core usability issues are fixed, [deprecate legacy exec and Go plugin support](https://github.com/kubernetes/enhancements/tree/master/keps/sig-cli/2953-kustomize-plugin-graduation)
+- [Catalog KEP](https://github.com/kubernetes/enhancements/tree/master/keps/sig-cli/2906-kustomize-function-catalog)
 
-At the end of all this, if we have a small team of contributors to kustomize, who understand its founding
-philosophy and intentions, we should be able to keep the project up to date.
+Secondary priorities:
 
-## Goal: Improve kustomize extensibility through KRM functions and CRD support
+- [Remove Starlark support](https://github.com/kubernetes-sigs/kustomize/issues/4349)
+- [Composition KEP](https://github.com/kubernetes/enhancements/pull/2300). The implementation is complete in [#4223](https://github.com/kubernetes-sigs/kustomize/pull/4323), but depends on:
+  - [Convert resources and components to be backed by a reusable generator](https://github.com/kubernetes-sigs/kustomize/issues/4402)
+  - [Enable explicitly invoked transformers to use default fieldSpecs](https://github.com/kubernetes-sigs/kustomize/issues/4404)
+  - [Enable built-in generators to be used in the transformers field ](https://github.com/kubernetes-sigs/kustomize/issues/4403)
 
-Contributors: koba1t, varshaprasad96, external contributors
 
-Priority: High
+Also very valuable to the project:
 
-Effort: High
-
-Project board: https://github.com/orgs/kubernetes-sigs/projects/53/views/1
-
-For a long time, we have supported KRM functions as the proper way to implement custom generators and transformers.
-However, due to limited staffing, we have been unable to drive this feature out of alpha in kustomize. The two
-main features which we hope to make progress on are Composition and Catalog, two long-standing proposals for which
-numerous users have been waiting for a long time. There are several open issues
-regarding KRM functions where our long-term answer has been these two features, but users have been hearing about them
-for over a year without seeing any progress. If we can implement them, they will vastly improve usability and security
-of KRM functions.
-
-One item that falls under this category that does not currently have a contributor is improving CRD support.
-Currently, it is difficult to use CRDs properly, as there are three different fields (configurations, openapi, and crds)
-where users have to input their CRD configuration. We need to consolidate these fields into one easy to use feature to
-support CRDs. If you are interested in putting together a design proposal for how to tackle this task, please reach
-out to the kustomize maintainers.
-
-# H1 2024
-
-## Goal: Improve the kustomize documentation
-
-Contributors: annasong20, external contributions
-
-Priority: High
-
-Effort: High
-
-Project board: https://github.com/orgs/kubernetes-sigs/projects/50
-
-The kustomize documentation is currently fragmented, out of date, and lacks examples to fully understand its value.
-We have had a "docs project" for a long time; we need to prioritize implementing it so that the documentation is in
-one place, easy to find, and helps new users get started more easily. Some outcomes from this project should be:
-
-- A single, unified website hosted on kustomize.io
-- Updated information architecture, and a plan to keep it up to date
-- End to end examples of using kustomize, including complex use cases
-
-## Goal: Fix core usability bugs in kustomize
-
-Contributors: external contributions
-
-Priority: High
-
-Effort: High
-
-Project board: https://github.com/orgs/kubernetes-sigs/projects/51
-
-There are several core usability issues that block some users from adopting kustomize features or in
-some base block users from using kustomize entirely. These issues range from small bugs with workable but
-inconvenient workarounds, to enormous feature gaps.
-
-As part of this goal, we should work toward reducing the number of such issues that we have, making
-kustomize work more smoothly and predictably, and be usable for a larger range of users.
-
-There are a lot of important issues in this project, but the biggest and highest priority one is that
-kustomize doesn't currently support metadata.GenerateName. Unfortunately, we don't currently have anyone
-actively working on this issue, we would need an external contributor to reach out to the kustomize
-maintainers to pick it up.
-
-## Goal: Improve kustomize CI, release, & security patch processes
-
-Contributors: external contributions
-
-Priority: Medium
-
-Effort: High
-
-Project board: https://github.com/orgs/kubernetes-sigs/projects/54
-
-The kustomize release process is currently done on-demand and is strictly linear. This means that if we find a CVE,
-we are forced to release the next version of kustomize ASAP, and we are required to release every PR that has merged
-since the last release. This can put us in a sticky situation if we have a breaking change that we are
-not ready to release yet, but we need a patch quickly.
-
-We should try to improve the kustomize release process so that we can release frequently, reliably, and with some
-flexibility. The outcome of this effort should be:
-
-- kustomize is released on a regular cadence (biweekly or monthly)
-- kustomize is able to separate patch and feature releases, so that we can fix CVEs without needing to release
-everything that we have in flight
-- We can detect and fix CVEs early
-
-## Goal: Take long-standing alpha commands out of alpha
-
-Contributors: external contributions
-
-Priority: Medium
-
-Effort: Medium
-
-Project board: https://github.com/orgs/kubernetes-sigs/projects/52
-
-There are several commands in kustomize that have been alpha for a long time, including the cfg command group and
-localize. Moving them forward can indicate good health of a project and these commands are useful to many users.
-Some of these projects can be good starter issues for new contributors to have an easier onramp while others will
-require more effort and thought.
+- [Improve docs for kyaml libraries](https://github.com/kubernetes-sigs/kustomize/issues/3950), especially by adding examples.
+- [Create a reserved field for plugin runtime information](https://github.com/kubernetes-sigs/kustomize/issues/4405)
+- [Develop new standard process for implementing builtin transformers](https://github.com/kubernetes-sigs/kustomize/issues/4400)

SECURITY_CONTACTS

@@ -9,7 +9,7 @@
 #
 # DO NOT REPORT SECURITY VULNERABILITIES DIRECTLY TO THESE NAMES, FOLLOW THE
 # INSTRUCTIONS AT https://kubernetes.io/security/
-eddiezane
-KnVerey
-natasha41575
-soltysh
+
+monopole
+Liujingfang1
+pwittrock

api/Makefile

@@ -4,25 +4,11 @@
 include ../Makefile-modules.mk
 
 test:
-	go test -v -timeout 45m -cover ./... -ldflags "-X sigs.k8s.io/kustomize/api/provenance.buildDate=2023-01-31T23:38:41Z -X sigs.k8s.io/kustomize/api/provenance.version=(test)"
+	go test -v -timeout 45m -cover ./... -ldflags "-X sigs.k8s.io/kustomize/api/provenance.version=v444.333.222"
+	cd krusty/openapitests; OPENAPI_TEST=true go test -v -timeout 45m -p 1 -cover ./...
 
 build:
-	go build -ldflags "-X sigs.k8s.io/kustomize/api/provenance.buildDate=$(shell date -u +"%Y-%m-%dT%H:%M:%SZ")" ./...
+	go build -ldflags "-X sigs.k8s.io/kustomize/api/provenance.version=v444.333.222" ./...
 
 generate: $(MYGOBIN)/k8scopy $(MYGOBIN)/stringer
 	go generate ./...
-
-lint: lint-api-static
-
-## lint-api-static runs the linter on the API module
-## with build-tag kustomize_disable_go_plugin_support
-## this aims to catch any issues with the API module
-## that would prevent the API module from being used
-## when the go plugin support is disabled.
-lint-api-static:
-	$(MYGOBIN)/golangci-lint cache clean # Workaround for https://github.com/golangci/golangci-lint/issues/3228
-	$(MYGOBIN)/golangci-lint \
-	  -c $$KUSTOMIZE_ROOT/.golangci.yml \
-	  --build-tags kustomize_disable_go_plugin_support \
-	  --path-prefix api \
-	  run ./...

api/builtins/builtins.go

@@ -16,6 +16,7 @@ type (
 	IAMPolicyGeneratorPlugin             = internal.IAMPolicyGeneratorPlugin
 	ImageTagTransformerPlugin            = internal.ImageTagTransformerPlugin
 	LabelTransformerPlugin               = internal.LabelTransformerPlugin
+	LegacyOrderTransformerPlugin         = internal.LegacyOrderTransformerPlugin
 	NamespaceTransformerPlugin           = internal.NamespaceTransformerPlugin
 	PatchJson6902TransformerPlugin       = internal.PatchJson6902TransformerPlugin
 	PatchStrategicMergeTransformerPlugin = internal.PatchStrategicMergeTransformerPlugin
@@ -36,6 +37,7 @@ var (
 	NewIAMPolicyGeneratorPlugin             = internal.NewIAMPolicyGeneratorPlugin
 	NewImageTagTransformerPlugin            = internal.NewImageTagTransformerPlugin
 	NewLabelTransformerPlugin               = internal.NewLabelTransformerPlugin
+	NewLegacyOrderTransformerPlugin         = internal.NewLegacyOrderTransformerPlugin
 	NewNamespaceTransformerPlugin           = internal.NewNamespaceTransformerPlugin
 	NewPatchJson6902TransformerPlugin       = internal.NewPatchJson6902TransformerPlugin
 	NewPatchStrategicMergeTransformerPlugin = internal.NewPatchStrategicMergeTransformerPlugin

api/filters/fieldspec/fieldspec_test.go

@@ -9,7 +9,6 @@ import (
 	"testing"
 
 	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
 	"sigs.k8s.io/kustomize/api/filters/fieldspec"
 	"sigs.k8s.io/kustomize/api/filters/filtersutil"
 	"sigs.k8s.io/kustomize/kyaml/kio"
@@ -622,7 +621,7 @@ kind: Pod
 
 		t.Run(name, func(t *testing.T) {
 			err := yaml.Unmarshal([]byte(tc.fieldSpec), &filter.FieldSpec)
-			require.NoError(t, err)
+			assert.NoError(t, err)
 			rw := &kio.ByteReadWriter{
 				Reader:                bytes.NewBufferString(tc.input),
 				Writer:                &bytes.Buffer{},
@@ -636,7 +635,7 @@ kind: Pod
 				Outputs: []kio.Writer{rw},
 			}.Execute()
 
-			require.NoError(t, err)
+			assert.NoError(t, err)
 			assert.Equal(t, tc.expected, fieldPaths)
 		})
 	}

api/filters/filtersutil/setters_test.go

@@ -102,7 +102,5 @@ func TestTrackableSetter_SetEntryIfEmpty_BadInputNodeKind(t *testing.T) {
 	fn := filtersutil.TrackableSetter{}.SetEntryIfEmpty("foo", "false", yaml.NodeTagBool)
 	rn := yaml.NewListRNode("nope")
 	rn.AppendToFieldPath("dummy", "path")
-	assert.EqualError(t, fn(rn), `wrong node kind: expected MappingNode but got SequenceNode: node contents:
-- nope
-`)
+	assert.EqualError(t, fn(rn), "wrong Node Kind for dummy.path expected: MappingNode was SequenceNode: value: {- nope}")
 }

api/filters/imagetag/imagetag_test.go

@@ -879,84 +879,6 @@ spec:
 				},
 			},
 		},
-		"update image volume in pod template": {
-			input: `
-group: apps
-apiVersion: v1
-kind: Deployment
-metadata:
-  name: imagevolume
-spec:
-  template:
-    spec:
-      volumes:
-      - name: volume
-        image:
-          reference: nginx
-`,
-			expectedOutput: `
-group: apps
-apiVersion: v1
-kind: Deployment
-metadata:
-  name: imagevolume
-spec:
-  template:
-    spec:
-      volumes:
-      - name: volume
-        image:
-          reference: apache@12345
-`,
-			filter: Filter{
-				ImageTag: types.Image{
-					Name:    "nginx",
-					NewName: "apache",
-					Digest:  "12345",
-				},
-			},
-			fsSlice: []types.FieldSpec{
-				{
-					Path: "spec/template/spec/volumes[]/image/reference",
-				},
-			},
-		},
-		"update image volume in pod spec": {
-			input: `
-apiVersion: v1
-kind: Pod
-metadata:
-  name: imagevolume
-spec:
-  volumes:
-  - name: volume
-    image:
-      reference: nginx
-`,
-			expectedOutput: `
-apiVersion: v1
-kind: Pod
-metadata:
-  name: imagevolume
-spec:
-  volumes:
-  - name: volume
-    image:
-      reference: apache@12345
-`,
-			filter: Filter{
-				ImageTag: types.Image{
-					Name:    "nginx",
-					NewName: "apache",
-					Digest:  "12345",
-				},
-			},
-			fsSlice: []types.FieldSpec{
-				{
-					Path: "spec/volumes[]/image/reference",
-				},
-			},
-		},
 	}
 
 	for tn, tc := range testCases {

api/filters/imagetag/updater.go

@@ -6,7 +6,7 @@ package imagetag
 import (
 	"sigs.k8s.io/kustomize/api/filters/filtersutil"
 
-	"sigs.k8s.io/kustomize/api/internal/image"
+	"sigs.k8s.io/kustomize/api/image"
 	"sigs.k8s.io/kustomize/api/types"
 	"sigs.k8s.io/kustomize/kyaml/yaml"
 )

api/filters/nameref/nameref.go

@@ -7,11 +7,11 @@ import (
 	"fmt"
 	"strings"
 
+	"github.com/pkg/errors"
 	"sigs.k8s.io/kustomize/api/filters/fieldspec"
 	"sigs.k8s.io/kustomize/api/resmap"
 	"sigs.k8s.io/kustomize/api/resource"
 	"sigs.k8s.io/kustomize/api/types"
-	"sigs.k8s.io/kustomize/kyaml/errors"
 	"sigs.k8s.io/kustomize/kyaml/kio"
 	"sigs.k8s.io/kustomize/kyaml/resid"
 	"sigs.k8s.io/kustomize/kyaml/yaml"
@@ -64,7 +64,7 @@ func (f Filter) run(node *yaml.RNode) (*yaml.RNode, error) {
 		FieldSpec: f.NameFieldToUpdate,
 		SetValue:  f.set,
 	}); err != nil {
-		return nil, errors.WrapPrefixf(
+		return nil, errors.Wrapf(
 			err, "updating name reference in '%s' field of '%s'",
 			f.NameFieldToUpdate.Path, f.Referrer.CurId().String())
 	}
@@ -104,7 +104,7 @@ func (f Filter) setMapping(node *yaml.RNode) error {
 	}
 	nameNode, err := node.Pipe(yaml.FieldMatcher{Name: "name"})
 	if err != nil {
-		return errors.WrapPrefixf(err, "trying to match 'name' field")
+		return errors.Wrap(err, "trying to match 'name' field")
 	}
 	if nameNode == nil {
 		// This is a _configuration_ error; the field path
@@ -153,7 +153,7 @@ func (f Filter) filterMapCandidatesByNamespace(
 	node *yaml.RNode) ([]*resource.Resource, error) {
 	namespaceNode, err := node.Pipe(yaml.FieldMatcher{Name: "namespace"})
 	if err != nil {
-		return nil, errors.WrapPrefixf(err, "trying to match 'namespace' field")
+		return nil, errors.Wrap(err, "trying to match 'namespace' field")
 	}
 	if namespaceNode == nil {
 		return f.ReferralCandidates.Resources(), nil
@@ -205,14 +205,16 @@ func getRoleRefGvk(n *resource.Resource) (*resid.Gvk, error) {
 		return nil, err
 	}
 	if apiGroup.IsNil() {
-		return nil, fmt.Errorf("apiGroup cannot be found in roleRef %s", roleRef.MustString())
+		return nil, fmt.Errorf(
+			"apiGroup cannot be found in roleRef %s", roleRef.MustString())
 	}
 	kind, err := roleRef.Pipe(yaml.Lookup("kind"))
 	if err != nil {
 		return nil, err
 	}
 	if kind.IsNil() {
-		return nil, fmt.Errorf("kind cannot be found in roleRef %s", roleRef.MustString())
+		return nil, fmt.Errorf(
+			"kind cannot be found in roleRef %s", roleRef.MustString())
 	}
 	return &resid.Gvk{
 		Group: apiGroup.YNode().Value,
@@ -282,9 +284,9 @@ func (f Filter) roleRefFilter() sieveFunc {
 	return previousIdSelectedByGvk(roleRefGvk)
 }
 
-func prefixSuffixEquals(other resource.ResCtx, allowEmpty bool) sieveFunc {
+func prefixSuffixEquals(other resource.ResCtx) sieveFunc {
 	return func(r *resource.Resource) bool {
-		return r.PrefixesSuffixesEquals(other, allowEmpty)
+		return r.PrefixesSuffixesEquals(other)
 	}
 }
 
@@ -323,10 +325,7 @@ func (f Filter) selectReferral(
 	if len(candidates) == 1 {
 		return candidates[0], nil
 	}
-	candidates = doSieve(candidates, prefixSuffixEquals(f.Referrer, true))
-	if len(candidates) > 1 {
-		candidates = doSieve(candidates, prefixSuffixEquals(f.Referrer, false))
-	}
+	candidates = doSieve(candidates, prefixSuffixEquals(f.Referrer))
 	if len(candidates) == 1 {
 		return candidates[0], nil
 	}

api/filters/namespace/namespace.go

@@ -56,11 +56,9 @@ func (ns Filter) Filter(nodes []*yaml.RNode) ([]*yaml.RNode, error) {
 
 // Run runs the filter on a single node rather than a slice
 func (ns Filter) run(node *yaml.RNode) (*yaml.RNode, error) {
-	// Special handling for metadata.namespace and metadata.name -- :(
+	// Special handling for metadata.namespace -- :(
 	// never let SetEntry handle metadata.namespace--it will incorrectly include cluster-scoped resources
-	// only update metadata.name if api version is expected one--so-as it leaves other resources of kind namespace alone
-	apiVersion := node.GetApiVersion()
-	ns.FsSlice = ns.removeUnneededMetaFieldSpecs(apiVersion, ns.FsSlice)
+	ns.FsSlice = ns.removeMetaNamespaceFieldSpecs(ns.FsSlice)
 	gvk := resid.GvkFromNode(node)
 	if err := ns.metaNamespaceHack(node, gvk); err != nil {
 		return nil, err
@@ -81,11 +79,7 @@ func (ns Filter) run(node *yaml.RNode) (*yaml.RNode, error) {
 		CreateKind: yaml.ScalarNode, // Namespace is a ScalarNode
 		CreateTag:  yaml.NodeTagString,
 	})
-	invalidKindErr := &yaml.InvalidNodeKindError{}
-	if err != nil && errors.As(err, &invalidKindErr) && invalidKindErr.ActualNodeKind() != yaml.ScalarNode {
-		return nil, errors.WrapPrefixf(err, "namespace field specs must target scalar nodes")
-	}
-	return node, errors.WrapPrefixf(err, "namespace transformation failed")
+	return node, err
 }
 
 // metaNamespaceHack is a hack for implementing the namespace transform
@@ -180,7 +174,8 @@ func setNamespaceField(node *yaml.RNode, setter filtersutil.SetFn) error {
 func (ns Filter) removeRoleBindingSubjectFieldSpecs(fs types.FsSlice) types.FsSlice {
 	var val types.FsSlice
 	for i := range fs {
-		if isRoleBinding(fs[i].Kind) && fs[i].Path == subjectsNamespacePath {
+		if isRoleBinding(fs[i].Kind) &&
+			(fs[i].Path == subjectsNamespacePath || fs[i].Path == subjectsField) {
 			continue
 		}
 		val = append(val, fs[i])
@@ -188,15 +183,12 @@ func (ns Filter) removeRoleBindingSubjectFieldSpecs(fs types.FsSlice) types.FsSl
 	return val
 }
 
-func (ns Filter) removeUnneededMetaFieldSpecs(apiVersion string, fs types.FsSlice) types.FsSlice {
+func (ns Filter) removeMetaNamespaceFieldSpecs(fs types.FsSlice) types.FsSlice {
 	var val types.FsSlice
 	for i := range fs {
 		if fs[i].Path == types.MetadataNamespacePath {
 			continue
 		}
-		if apiVersion != types.MetadataNamespaceApiVersion && fs[i].Path == types.MetadataNamePath {
-			continue
-		}
 		val = append(val, fs[i])
 	}
 	return val

api/filters/patchjson6902/patchjson6902.go

@@ -6,7 +6,7 @@ package patchjson6902
 import (
 	"strings"
 
-	jsonpatch "gopkg.in/evanphx/json-patch.v4"
+	jsonpatch "github.com/evanphx/json-patch"
 	"sigs.k8s.io/kustomize/kyaml/kio"
 	"sigs.k8s.io/kustomize/kyaml/yaml"
 	k8syaml "sigs.k8s.io/yaml"

api/filters/patchstrategicmerge/patchstrategicmerge_test.go

@@ -732,177 +732,6 @@ spec:
           protocol: "TCP"
         - containerPort: 8301
           protocol: "UDP"
-`,
-		},
-
-		// Issue #4628
-		"should retain existing null values in targets": {
-			input: `
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
-kind: HelmRelease
-metadata:
-  name: chart
-spec:
-  releaseName: helm-chart
-  timeout: 15m
-  values:
-    chart:
-      replicaCount: null
-      autoscaling: true
-`,
-			patch: yaml.MustParse(`
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
-kind: HelmRelease
-metadata:
-  name: chart
-spec:
-  releaseName: helm-chart
-  timeout: 15m
-  values:
-    deepgram-api:
-      some: value
-`),
-			expected: `
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
-kind: HelmRelease
-metadata:
-  name: chart
-spec:
-  releaseName: helm-chart
-  timeout: 15m
-  values:
-    chart:
-      replicaCount: null
-      autoscaling: true
-    deepgram-api:
-      some: value
-`,
-		},
-
-		// Issue #4928
-		"support numeric keys": {
-			input: `
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: blabla
-  namespace: blabla-ns
-data:
-  "6443": "foobar"
-`,
-			patch: yaml.MustParse(`
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: blabla
-  namespace: blabla-ns
-data:
-  "6443": "barfoo"
-  "9110": "foo-foo"
-`),
-			expected: `
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: blabla
-  namespace: blabla-ns
-data:
-  "6443": "barfoo"
-  "9110": "foo-foo"
-`,
-		},
-
-		"honor different key style one": {
-			input: `
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: blabla
-  namespace: blabla-ns
-data:
-  '6443': "foobar"
-`,
-			patch: yaml.MustParse(`
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: blabla
-  namespace: blabla-ns
-data:
-  "6443": "barfoo"
-  9110: "foo-foo"
-`),
-			expected: `
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: blabla
-  namespace: blabla-ns
-data:
-  '6443': "barfoo"
-  9110: "foo-foo"
-`,
-		},
-
-		"honor different key style two": {
-			input: `
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: blabla
-  namespace: blabla-ns
-data:
-  "6443": "foobar"
-`,
-			patch: yaml.MustParse(`
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: blabla
-  namespace: blabla-ns
-data:
-  "6443": "barfoo"
-  '9110': "foo-foo"
-`),
-			expected: `
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: blabla
-  namespace: blabla-ns
-data:
-  "6443": "barfoo"
-  '9110': "foo-foo"
-`,
-		},
-
-		"different key types": {
-			input: `
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: blabla
-  namespace: blabla-ns
-data:
-  "6443": "key-string-double-quoted"
-`,
-			patch: yaml.MustParse(`
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: blabla
-  namespace: blabla-ns
-data:
-  6443: "key-int"
-`),
-			expected: `
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: blabla
-  namespace: blabla-ns
-data:
-  "6443": "key-int"
 `,
 		},
 	}

api/filters/replacement/replacement.go

@@ -4,14 +4,14 @@
 package replacement
 
 import (
-	"encoding/json"
+	"errors"
 	"fmt"
 	"strings"
 
 	"sigs.k8s.io/kustomize/api/internal/utils"
 	"sigs.k8s.io/kustomize/api/resource"
 	"sigs.k8s.io/kustomize/api/types"
-	"sigs.k8s.io/kustomize/kyaml/errors"
+	"sigs.k8s.io/kustomize/kyaml/resid"
 	kyaml_utils "sigs.k8s.io/kustomize/kyaml/utils"
 	"sigs.k8s.io/kustomize/kyaml/yaml"
 )
@@ -23,7 +23,7 @@ type Filter struct {
 // Filter replaces values of targets with values from sources
 func (f Filter) Filter(nodes []*yaml.RNode) ([]*yaml.RNode, error) {
 	for i, r := range f.Replacements {
-		if (r.SourceValue == nil && r.Source == nil) || r.Targets == nil {
+		if r.Source == nil || r.Targets == nil {
 			return nil, fmt.Errorf("replacements must specify a source and at least one target")
 		}
 		value, err := getReplacement(nodes, &f.Replacements[i])
@@ -39,13 +39,6 @@ func (f Filter) Filter(nodes []*yaml.RNode) ([]*yaml.RNode, error) {
 }
 
 func getReplacement(nodes []*yaml.RNode, r *types.Replacement) (*yaml.RNode, error) {
-	if r.SourceValue != nil && r.Source != nil {
-		return nil, fmt.Errorf("value and resource selectors are mutually exclusive")
-	}
-	if r.SourceValue != nil {
-		return yaml.NewScalarRNode(*r.SourceValue), nil
-	}
-
 	source, err := selectSourceNode(nodes, r.Source)
 	if err != nil {
 		return nil, err
@@ -112,15 +105,11 @@ func getRefinedValue(options *types.FieldOptions, rn *yaml.RNode) (*yaml.RNode,
 func applyReplacement(nodes []*yaml.RNode, value *yaml.RNode, targetSelectors []*types.TargetSelector) ([]*yaml.RNode, error) {
 	for _, selector := range targetSelectors {
 		if selector.Select == nil {
-			return nil, errors.Errorf("target must specify resources to select")
+			return nil, errors.New("target must specify resources to select")
 		}
 		if len(selector.FieldPaths) == 0 {
 			selector.FieldPaths = []string{types.DefaultReplacementFieldPath}
 		}
-		tsr, err := types.NewTargetSelectorRegex(selector)
-		if err != nil {
-			return nil, fmt.Errorf("error creating target selector: %w", err)
-		}
 		for _, possibleTarget := range nodes {
 			ids, err := utils.MakeResIds(possibleTarget)
 			if err != nil {
@@ -136,13 +125,9 @@ func applyReplacement(nodes []*yaml.RNode, value *yaml.RNode, targetSelectors []
 				continue
 			}
 
-			if tsr.RejectsAny(ids) {
-				continue
-			}
-
 			// filter targets by matching resource IDs
-			for _, id := range ids {
-				if tsr.Selects(id) {
+			for i, id := range ids {
+				if id.IsSelectedBy(selector.Select.ResId) && !rejectId(selector.Reject, &ids[i]) {
 					err := copyValueToTarget(possibleTarget, value, selector)
 					if err != nil {
 						return nil, err
@@ -183,50 +168,52 @@ func matchesAnnoAndLabelSelector(n *yaml.RNode, selector *types.Selector) (bool,
 	return annoMatch && labelMatch, nil
 }
 
+func rejectId(rejects []*types.Selector, id *resid.ResId) bool {
+	for _, r := range rejects {
+		if !r.ResId.IsEmpty() && id.IsSelectedBy(r.ResId) {
+			return true
+		}
+	}
+	return false
+}
+
 func copyValueToTarget(target *yaml.RNode, value *yaml.RNode, selector *types.TargetSelector) error {
 	for _, fp := range selector.FieldPaths {
-		createKind := yaml.Kind(0) // do not create
-		if selector.Options != nil && selector.Options.Create {
-			createKind = value.YNode().Kind
+		fieldPath := kyaml_utils.SmarterPathSplitter(fp, ".")
+		create, err := shouldCreateField(selector.Options, fieldPath)
+		if err != nil {
+			return err
 		}
 
-		// Check if this fieldPath contains structured data access
-		if err := setValueInStructuredData(target, value, fp, selector.Options); err == nil {
-			// Successfully handled as structured data
-			continue
-		}
-
-		// Fall back to normal path handling
-		targetFieldList, err := target.Pipe(&yaml.PathMatcher{
-			Path:   kyaml_utils.SmarterPathSplitter(fp, "."),
-			Create: createKind})
-		if err != nil {
-			return errors.WrapPrefixf(err, "%s", fieldRetrievalError(fp, createKind != 0))
-		}
-		targetFields, err := targetFieldList.Elements()
-		if err != nil {
-			return errors.WrapPrefixf(err, "%s", fieldRetrievalError(fp, createKind != 0))
-		}
-		if len(targetFields) == 0 {
-			return errors.Errorf("%s", fieldRetrievalError(fp, createKind != 0))
+		var targetFields []*yaml.RNode
+		if create {
+			createdField, createErr := target.Pipe(yaml.LookupCreate(value.YNode().Kind, fieldPath...))
+			if createErr != nil {
+				return fmt.Errorf("error creating replacement node: %w", createErr)
+			}
+			targetFields = append(targetFields, createdField)
+		} else {
+			// may return multiple fields, always wrapped in a sequence node
+			foundFieldSequence, lookupErr := target.Pipe(&yaml.PathMatcher{Path: fieldPath})
+			if lookupErr != nil {
+				return fmt.Errorf("error finding field in replacement target: %w", lookupErr)
+			}
+			targetFields, err = foundFieldSequence.Elements()
+			if err != nil {
+				return fmt.Errorf("error fetching elements in replacement target: %w", err)
+			}
 		}
 
 		for _, t := range targetFields {
 			if err := setFieldValue(selector.Options, t, value); err != nil {
-				return fmt.Errorf("%w", err)
+				return err
 			}
 		}
+
 	}
 	return nil
 }
 
-func fieldRetrievalError(fieldPath string, isCreate bool) string {
-	if isCreate {
-		return fmt.Sprintf("unable to find or create field %q in replacement target", fieldPath)
-	}
-	return fmt.Sprintf("unable to find field %q in replacement target", fieldPath)
-}
-
 func setFieldValue(options *types.FieldOptions, targetField *yaml.RNode, value *yaml.RNode) error {
 	value = value.Copy()
 	if options != nil && options.Delimiter != "" {
@@ -257,149 +244,15 @@ func setFieldValue(options *types.FieldOptions, targetField *yaml.RNode, value *
 	return nil
 }
 
-// setValueInStructuredData handles setting values within structured data (JSON/YAML) in scalar fields
-func setValueInStructuredData(target *yaml.RNode, value *yaml.RNode, fieldPath string, options *types.FieldOptions) error {
-	pathParts := kyaml_utils.SmarterPathSplitter(fieldPath, ".")
-	if len(pathParts) < 2 {
-		return fmt.Errorf("not a structured data path")
+func shouldCreateField(options *types.FieldOptions, fieldPath []string) (bool, error) {
+	if options == nil || !options.Create {
+		return false, nil
 	}
-
-	// Find the potential scalar field that might contain structured data
-	var scalarFieldPath []string
-	var structuredDataPath []string
-	var foundScalar = false
-
-	// Try to find where the scalar field ends and structured data begins
-	for i := 1; i <= len(pathParts); i++ {
-		potentialScalarPath := pathParts[:i]
-		scalarField, err := target.Pipe(yaml.Lookup(potentialScalarPath...))
-		if err != nil {
-			continue
-		}
-		if scalarField != nil && scalarField.YNode().Kind == yaml.ScalarNode && i < len(pathParts) {
-			// Try to parse the scalar value as structured data
-			scalarValue := scalarField.YNode().Value
-			var parsedNode yaml.Node
-			if err := yaml.Unmarshal([]byte(scalarValue), &parsedNode); err == nil {
-				// Successfully parsed - this is structured data
-				scalarFieldPath = potentialScalarPath
-				structuredDataPath = pathParts[i:]
-				foundScalar = true
-				break
-			}
+	// create option is not supported in a wildcard matching
+	for _, f := range fieldPath {
+		if f == "*" {
+			return false, fmt.Errorf("cannot support create option in a multi-value target")
 		}
 	}
-
-	if !foundScalar {
-		return fmt.Errorf("no structured data found in path")
-	}
-
-	// Get the scalar field containing structured data
-	scalarField, err := target.Pipe(yaml.Lookup(scalarFieldPath...))
-	if err != nil {
-		return fmt.Errorf("%w", err)
-	}
-
-	// Parse the structured data
-	scalarValue := scalarField.YNode().Value
-	var parsedNode yaml.Node
-	if err := yaml.Unmarshal([]byte(scalarValue), &parsedNode); err != nil {
-		return fmt.Errorf("%w", err)
-	}
-
-	structuredData := yaml.NewRNode(&parsedNode)
-
-	createKind := yaml.Kind(0) // do not create
-	if options != nil && options.Create {
-		createKind = value.YNode().Kind
-	}
-
-	// Navigate to the target location within the structured data
-	targetInStructured, err := structuredData.Pipe(&yaml.PathMatcher{
-		Path:   structuredDataPath,
-		Create: createKind,
-	})
-	if err != nil {
-		return fmt.Errorf("%w", err)
-	}
-
-	targetFields, err := targetInStructured.Elements()
-	if err != nil {
-		return fmt.Errorf("%w", err)
-	}
-
-	if len(targetFields) == 0 {
-		return fmt.Errorf("unable to find field in structured data")
-	}
-
-	// Set the value in the structured data
-	for _, t := range targetFields {
-		err = setFieldValue(options, t, value)
-		if err != nil {
-			return err
-		}
-	}
-
-	// Serialize the modified structured data back to the scalar field
-	// Try to detect if original was JSON or YAML and preserve formatting
-	serializedData, err := serializeStructuredData(structuredData, scalarValue)
-	if err != nil {
-		return fmt.Errorf("%w", err)
-	}
-
-	// Update the original scalar field
-	scalarField.YNode().Value = serializedData
-
-	return nil
-}
-
-// serializeStructuredData handles the serialization of structured data back to string format
-// preserving the original format (JSON vs YAML) and style (pretty vs compact)
-func serializeStructuredData(structuredData *yaml.RNode, originalValue string) (string, error) {
-	firstChar := rune(strings.TrimSpace(originalValue)[0])
-	if firstChar == '{' || firstChar == '[' {
-		return serializeAsJSON(structuredData, originalValue)
-	}
-
-	// Fallback to YAML format
-	return serializeAsYAML(structuredData)
-}
-
-// serializeAsJSON converts structured data back to JSON format
-func serializeAsJSON(structuredData *yaml.RNode, originalValue string) (string, error) {
-	modifiedData, err := structuredData.String()
-	if err != nil {
-		return "", fmt.Errorf("failed to serialize structured data: %w", err)
-	}
-
-	// Parse the YAML output as JSON
-	var jsonData interface{}
-	if err := yaml.Unmarshal([]byte(modifiedData), &jsonData); err != nil {
-		return "", fmt.Errorf("failed to unmarshal YAML data: %w", err)
-	}
-
-	// Check if original was pretty-printed by looking for newlines and indentation
-	if strings.Contains(originalValue, "\n") && strings.Contains(originalValue, "  ") {
-		// Pretty-print the JSON to match original formatting
-		if prettyJSON, err := json.MarshalIndent(jsonData, "", "  "); err == nil {
-			return string(prettyJSON), nil
-		}
-	}
-
-	// Compact JSON
-	if compactJSON, err := json.Marshal(jsonData); err == nil {
-		return string(compactJSON), nil
-	}
-
-	return "", fmt.Errorf("failed to marshal JSON data")
-}
-
-// serializeAsYAML converts structured data back to YAML format
-func serializeAsYAML(structuredData *yaml.RNode) (string, error) {
-	modifiedData, err := structuredData.String()
-	if err != nil {
-		return "", fmt.Errorf("failed to serialize YAML data: %w", err)
-	}
-
-	return strings.TrimSpace(modifiedData), nil
+	return true, nil
 }

api/go.mod

@@ -1,44 +1,38 @@
 module sigs.k8s.io/kustomize/api
 
-go 1.25.0
+go 1.18
 
 require (
-	github.com/blang/semver/v4 v4.0.0
-	github.com/go-errors/errors v1.4.2
-	github.com/stretchr/testify v1.11.1
-	go.uber.org/goleak v1.3.0
-	go.yaml.in/yaml/v2 v2.4.2
-	gopkg.in/evanphx/json-patch.v4 v4.13.0
-	k8s.io/kube-openapi v0.0.0-20260502001324-b7f5293f4787
-	sigs.k8s.io/kustomize/kyaml v0.21.1
-	sigs.k8s.io/yaml v1.5.0
+	github.com/evanphx/json-patch v4.11.0+incompatible
+	github.com/go-errors/errors v1.0.1
+	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510
+	github.com/imdario/mergo v0.3.6
+	github.com/pkg/errors v0.9.1
+	github.com/stretchr/testify v1.7.0
+	gopkg.in/yaml.v2 v2.4.0
+	k8s.io/kube-openapi v0.0.0-20220401212409-b28bf2818661
+	sigs.k8s.io/kustomize/kyaml v0.13.8
+	sigs.k8s.io/yaml v1.2.0
 )
 
 require (
-	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
-	github.com/go-openapi/jsonpointer v0.21.0 // indirect
-	github.com/go-openapi/jsonreference v0.20.2 // indirect
-	github.com/go-openapi/swag v0.25.4 // indirect
-	github.com/go-openapi/swag/cmdutils v0.25.4 // indirect
-	github.com/go-openapi/swag/conv v0.25.4 // indirect
-	github.com/go-openapi/swag/fileutils v0.25.4 // indirect
-	github.com/go-openapi/swag/jsonname v0.25.4 // indirect
-	github.com/go-openapi/swag/jsonutils v0.25.4 // indirect
-	github.com/go-openapi/swag/loading v0.25.4 // indirect
-	github.com/go-openapi/swag/mangling v0.25.4 // indirect
-	github.com/go-openapi/swag/netutils v0.25.4 // indirect
-	github.com/go-openapi/swag/stringutils v0.25.4 // indirect
-	github.com/go-openapi/swag/typeutils v0.25.4 // indirect
-	github.com/go-openapi/swag/yamlutils v0.25.4 // indirect
-	github.com/google/gnostic-models v0.7.0 // indirect
+	github.com/PuerkitoBio/purell v1.1.1 // indirect
+	github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 // indirect
+	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/go-openapi/jsonpointer v0.19.5 // indirect
+	github.com/go-openapi/jsonreference v0.19.5 // indirect
+	github.com/go-openapi/swag v0.19.14 // indirect
+	github.com/golang/protobuf v1.5.2 // indirect
+	github.com/google/gnostic v0.5.7-v3refs // indirect
+	github.com/josharian/intern v1.0.0 // indirect
+	github.com/mailru/easyjson v0.7.6 // indirect
 	github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect
-	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
-	github.com/sergi/go-diff v1.4.0 // indirect
-	github.com/xlab/treeprint v1.2.0 // indirect
-	go.yaml.in/yaml/v3 v3.0.4 // indirect
-	golang.org/x/sys v0.42.0 // indirect
-	google.golang.org/protobuf v1.36.11 // indirect
-	gopkg.in/yaml.v3 v3.0.1 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/xlab/treeprint v1.1.0 // indirect
+	go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5 // indirect
+	golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd // indirect
+	golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e // indirect
+	golang.org/x/text v0.3.7 // indirect
+	google.golang.org/protobuf v1.28.0 // indirect
+	gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect
 )
-
-replace sigs.k8s.io/kustomize/kyaml => ../kyaml

api/go.sum

@@ -1,111 +1,216 @@
-github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM=
-github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ=
+cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
+github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
+github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ=
+github.com/PuerkitoBio/purell v1.1.1 h1:WEQqlqaGbrPkxLJWfBwQmfEAE1Z7ONdDLqrN38tNFfI=
+github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
+github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 h1:d+Bc7a5rLufV/sSk/8dngufqelfh6jnri85riMAaF/M=
+github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
+github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
+github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
+github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
+github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
+github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
+github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
-github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/go-errors/errors v1.4.2 h1:J6MZopCL4uSllY1OfXM374weqZFFItUbrImctkmUxIA=
-github.com/go-errors/errors v1.4.2/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og=
-github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs=
-github.com/go-openapi/jsonpointer v0.21.0 h1:YgdVicSA9vH5RiHs9TZW5oyafXZFc6+2Vc1rr/O9oNQ=
-github.com/go-openapi/jsonpointer v0.21.0/go.mod h1:IUyH9l/+uyhIYQ/PXVA41Rexl+kOkAPDdXEYns6fzUY=
-github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE=
-github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k=
-github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14=
-github.com/go-openapi/swag v0.25.4 h1:OyUPUFYDPDBMkqyxOTkqDYFnrhuhi9NR6QVUvIochMU=
-github.com/go-openapi/swag v0.25.4/go.mod h1:zNfJ9WZABGHCFg2RnY0S4IOkAcVTzJ6z2Bi+Q4i6qFQ=
-github.com/go-openapi/swag/cmdutils v0.25.4 h1:8rYhB5n6WawR192/BfUu2iVlxqVR9aRgGJP6WaBoW+4=
-github.com/go-openapi/swag/cmdutils v0.25.4/go.mod h1:pdae/AFo6WxLl5L0rq87eRzVPm/XRHM3MoYgRMvG4A0=
-github.com/go-openapi/swag/conv v0.25.4 h1:/Dd7p0LZXczgUcC/Ikm1+YqVzkEeCc9LnOWjfkpkfe4=
-github.com/go-openapi/swag/conv v0.25.4/go.mod h1:3LXfie/lwoAv0NHoEuY1hjoFAYkvlqI/Bn5EQDD3PPU=
-github.com/go-openapi/swag/fileutils v0.25.4 h1:2oI0XNW5y6UWZTC7vAxC8hmsK/tOkWXHJQH4lKjqw+Y=
-github.com/go-openapi/swag/fileutils v0.25.4/go.mod h1:cdOT/PKbwcysVQ9Tpr0q20lQKH7MGhOEb6EwmHOirUk=
-github.com/go-openapi/swag/jsonname v0.25.4 h1:bZH0+MsS03MbnwBXYhuTttMOqk+5KcQ9869Vye1bNHI=
-github.com/go-openapi/swag/jsonname v0.25.4/go.mod h1:GPVEk9CWVhNvWhZgrnvRA6utbAltopbKwDu8mXNUMag=
-github.com/go-openapi/swag/jsonutils v0.25.4 h1:VSchfbGhD4UTf4vCdR2F4TLBdLwHyUDTd1/q4i+jGZA=
-github.com/go-openapi/swag/jsonutils v0.25.4/go.mod h1:7OYGXpvVFPn4PpaSdPHJBtF0iGnbEaTk8AvBkoWnaAY=
-github.com/go-openapi/swag/jsonutils/fixtures_test v0.25.4 h1:IACsSvBhiNJwlDix7wq39SS2Fh7lUOCJRmx/4SN4sVo=
-github.com/go-openapi/swag/jsonutils/fixtures_test v0.25.4/go.mod h1:Mt0Ost9l3cUzVv4OEZG+WSeoHwjWLnarzMePNDAOBiM=
-github.com/go-openapi/swag/loading v0.25.4 h1:jN4MvLj0X6yhCDduRsxDDw1aHe+ZWoLjW+9ZQWIKn2s=
-github.com/go-openapi/swag/loading v0.25.4/go.mod h1:rpUM1ZiyEP9+mNLIQUdMiD7dCETXvkkC30z53i+ftTE=
-github.com/go-openapi/swag/mangling v0.25.4 h1:2b9kBJk9JvPgxr36V23FxJLdwBrpijI26Bx5JH4Hp48=
-github.com/go-openapi/swag/mangling v0.25.4/go.mod h1:6dxwu6QyORHpIIApsdZgb6wBk/DPU15MdyYj/ikn0Hg=
-github.com/go-openapi/swag/netutils v0.25.4 h1:Gqe6K71bGRb3ZQLusdI8p/y1KLgV4M/k+/HzVSqT8H0=
-github.com/go-openapi/swag/netutils v0.25.4/go.mod h1:m2W8dtdaoX7oj9rEttLyTeEFFEBvnAx9qHd5nJEBzYg=
-github.com/go-openapi/swag/stringutils v0.25.4 h1:O6dU1Rd8bej4HPA3/CLPciNBBDwZj9HiEpdVsb8B5A8=
-github.com/go-openapi/swag/stringutils v0.25.4/go.mod h1:GTsRvhJW5xM5gkgiFe0fV3PUlFm0dr8vki6/VSRaZK0=
-github.com/go-openapi/swag/typeutils v0.25.4 h1:1/fbZOUN472NTc39zpa+YGHn3jzHWhv42wAJSN91wRw=
-github.com/go-openapi/swag/typeutils v0.25.4/go.mod h1:Ou7g//Wx8tTLS9vG0UmzfCsjZjKhpjxayRKTHXf2pTE=
-github.com/go-openapi/swag/yamlutils v0.25.4 h1:6jdaeSItEUb7ioS9lFoCZ65Cne1/RZtPBZ9A56h92Sw=
-github.com/go-openapi/swag/yamlutils v0.25.4/go.mod h1:MNzq1ulQu+yd8Kl7wPOut/YHAAU/H6hL91fF+E2RFwc=
-github.com/go-openapi/testify/enable/yaml/v2 v2.0.2 h1:0+Y41Pz1NkbTHz8NngxTuAXxEodtNSI1WG1c/m5Akw4=
-github.com/go-openapi/testify/enable/yaml/v2 v2.0.2/go.mod h1:kme83333GCtJQHXQ8UKX3IBZu6z8T5Dvy5+CW3NLUUg=
-github.com/go-openapi/testify/v2 v2.0.2 h1:X999g3jeLcoY8qctY/c/Z8iBHTbwLz7R2WXd6Ub6wls=
-github.com/go-openapi/testify/v2 v2.0.2/go.mod h1:HCPmvFFnheKK2BuwSA0TbbdxJ3I16pjwMkYkP4Ywn54=
-github.com/google/gnostic-models v0.7.0 h1:qwTtogB15McXDaNqTZdzPJRHvaVJlAl+HVQnLmJEJxo=
-github.com/google/gnostic-models v0.7.0/go.mod h1:whL5G0m6dmc5cPxKc5bdKdEN3UjI7OUGxBlw57miDrQ=
-github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
-github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
+github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE=
+github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
+github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
+github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
+github.com/evanphx/json-patch v4.11.0+incompatible h1:glyUF9yIYtMHzn8xaKw5rMhdWcwsYV8dZHIq5567/xs=
+github.com/evanphx/json-patch v4.11.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
+github.com/getkin/kin-openapi v0.76.0/go.mod h1:660oXbgy5JFMKreazJaQTw7o+X00qeSyhcnluiMv+Xg=
+github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
+github.com/go-errors/errors v1.0.1 h1:LUHzmkK3GUKUrL/1gfBUxAHzcev3apQlezX/+O7ma6w=
+github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q=
+github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas=
+github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU=
+github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
+github.com/go-openapi/jsonpointer v0.19.5 h1:gZr+CIYByUqjcgeLXnQu2gHYQC9o73G2XUeOFYEICuY=
+github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
+github.com/go-openapi/jsonreference v0.19.3/go.mod h1:rjx6GuL8TTa9VaixXglHmQmIL98+wF9xc8zWvFonSJ8=
+github.com/go-openapi/jsonreference v0.19.5 h1:1WJP/wi4OjB4iV8KVbH73rQaoialJrqv8gitZLxGLtM=
+github.com/go-openapi/jsonreference v0.19.5/go.mod h1:RdybgQwPxbL4UEjuAruzK1x3nE69AqPYEJeo/TWfEeg=
+github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
+github.com/go-openapi/swag v0.19.14 h1:gm3vOOXfiuw5i9p5N9xJvfjvuofpyvLA9Wr6QfK5Fng=
+github.com/go-openapi/swag v0.19.14/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ=
+github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
+github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
+github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
+github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
+github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=
+github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
+github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
+github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8=
+github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
+github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw=
+github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
+github.com/google/gnostic v0.5.7-v3refs h1:FhTMOKj2VhjpouxvWJAV1TL304uMlb9zcDqkl6cEI54=
+github.com/google/gnostic v0.5.7-v3refs/go.mod h1:73MKFl6jIHelAJNaBGFzt3SPtZULs9dYrGFt8OiIsHQ=
+github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
+github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
+github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
+github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.5 h1:Khx7svrCpmxxtHBq5j2mp/xVjsi8hQMfNLvJFAlrGgU=
+github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/google/gofuzz v1.1.0 h1:Hsa8mG0dQ46ij8Sl2AYJDUv1oA9/d6Vk+3LG99Oe02g=
+github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4=
+github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ=
+github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So=
+github.com/imdario/mergo v0.3.6 h1:xTNEAn+kxVO7dTZGu0CegyqKZmoWFI0rF8UxjlB2d28=
+github.com/imdario/mergo v0.3.6/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
+github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
 github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
+github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
-github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
-github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
-github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
+github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
-github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
+github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
+github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
+github.com/mailru/easyjson v0.7.6 h1:8yTIVnZgCoiM1TgqoeTl+LfU5Jg6/xL3QhGQnimLYnA=
+github.com/mailru/easyjson v0.7.6/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
+github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
+github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
+github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
 github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 h1:n6/2gBQ3RWajuToeY6ZtZTIKv2v7ThUy5KKusIT0yc0=
 github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00/go.mod h1:Pm3mSP3c5uWn86xMLZ5Sa7JB9GsEZySvHYXCTK4E9q4=
+github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
+github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e h1:fD57ERR4JtEqsWbfPhv4DMiApHyliiK5xCTNVSPiaAs=
+github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
+github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
+github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
+github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
+github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
-github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/rogpeppe/go-internal v1.14.1 h1:UQB4HGPB6osV0SQTLymcB4TgvyWu6ZyliaW0tI/otEQ=
-github.com/rogpeppe/go-internal v1.14.1/go.mod h1:MaRKkUm5W0goXpeCfT7UZI6fk/L7L7so1lCWt35ZSgc=
-github.com/sergi/go-diff v1.4.0 h1:n/SP9D5ad1fORl+llWyN+D6qoUETXNZARKjyY2/KVCw=
-github.com/sergi/go-diff v1.4.0/go.mod h1:A0bzQcvG0E7Rwjx0REVgAGH58e96+X0MeOfepqsbeW4=
+github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
+github.com/sergi/go-diff v1.1.0 h1:we8PVUC3FE2uYfodKH/nBHMSetSfHDR6scGdBi+erh0=
+github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk=
+github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
+github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
-github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
-github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY=
-github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=
-github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
+github.com/stretchr/objx v0.2.0 h1:Hbg2NidpLE8veEBkEZTL3CvlkUIVzuU9jDplZO54c48=
+github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
+github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
+github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
-github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
-github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U=
-github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
-github.com/xlab/treeprint v1.2.0 h1:HzHnuAF1plUN2zGlAFHbSQP2qJ0ZAD3XF5XD7OesXRQ=
-github.com/xlab/treeprint v1.2.0/go.mod h1:gj5Gd3gPdKtR1ikdDK6fnFLdmIS0X30kTTuNd/WEJu0=
-go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
-go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
-go.yaml.in/yaml/v2 v2.4.2 h1:DzmwEr2rDGHl7lsFgAHxmNz/1NlQ7xLIrlN2h5d1eGI=
-go.yaml.in/yaml/v2 v2.4.2/go.mod h1:081UH+NErpNdqlCXm3TtEran0rJZGxAYx9hb/ELlsPU=
-go.yaml.in/yaml/v3 v3.0.4 h1:tfq32ie2Jv2UxXFdLJdh3jXuOzWiL1fo0bu/FbuKpbc=
-go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg=
-golang.org/x/sys v0.42.0 h1:omrd2nAlyT5ESRdCLYdm3+fMfNFE/+Rf4bDIQImRJeo=
-golang.org/x/sys v0.42.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw=
-google.golang.org/protobuf v1.36.11 h1:fV6ZwhNocDyBLK0dj+fg8ektcVegBBuEolpbTQyBNVE=
-google.golang.org/protobuf v1.36.11/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco=
+github.com/xlab/treeprint v1.1.0 h1:G/1DjNkPpfZCFt9CSh6b5/nY4VimlbHF3Rh4obvtzDk=
+github.com/xlab/treeprint v1.1.0/go.mod h1:gj5Gd3gPdKtR1ikdDK6fnFLdmIS0X30kTTuNd/WEJu0=
+github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
+go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5 h1:+FNtrFTmVw0YZGpBGX56XDee331t6JAXeK2bcyhLOOc=
+go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5/go.mod h1:nmDLcffg48OtT/PSW0Hg7FvpRQsQh5OSqIylirxKC7o=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
+golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
+golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
+golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
+golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd h1:O7DYs+zxREGLKzKoMQrtrEacpb0ZVXA5rIwylE2Xchk=
+golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
+golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
+golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191002063906-3421d5a6bb1c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e h1:fLOSk5Q00efkSvAm+4xcoXD+RRmLmmulPn5I3Y9F2EM=
+golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
+golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk=
+golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
+golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
+golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20200505023115-26f46d2f7ef8/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
+golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE=
+golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
+google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
+google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
+google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
+google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
+google.golang.org/genproto v0.0.0-20201019141844-1ed22bb0c154/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
+google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
+google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
+google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
+google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
+google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
+google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE=
+google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=
+google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4=
+google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
+google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
+google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
+google.golang.org/protobuf v1.28.0 h1:w43yiav+6bVFTBQFZX0r7ipe9JQ1QsbMgHwbBziscLw=
+google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
-gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
-gopkg.in/evanphx/json-patch.v4 v4.13.0 h1:czT3CmqEaQ1aanPc5SdlgQrrEIb8w/wwCvWWnfEbYzo=
-gopkg.in/evanphx/json-patch.v4 v4.13.0/go.mod h1:p8EYWUEYMpynmqDbY58zCKCFZw8pRWMG4EsWvDvM72M=
+gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f h1:BLraFXnmrev5lT+xlilqcH8XK9/i0At2xKjWk4p6zsU=
+gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
 gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
-gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-k8s.io/kube-openapi v0.0.0-20260502001324-b7f5293f4787 h1:kHv8PETbPIVHfqKBYwTNNSjqChf/7xn3JOS3re+NWs8=
-k8s.io/kube-openapi v0.0.0-20260502001324-b7f5293f4787/go.mod h1:Cyq7UE0QtGe+Zo+/6XFrxiS4Mq0tLyQEONkFzSkfp9o=
-sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=
-sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
-sigs.k8s.io/randfill v1.0.0 h1:JfjMILfT8A6RbawdsK2JXGBR5AQVfd+9TbzrlneTyrU=
-sigs.k8s.io/randfill v1.0.0/go.mod h1:XeLlZ/jmk4i1HRopwe7/aU3H5n1zNUcX6TM94b3QxOY=
-sigs.k8s.io/yaml v1.5.0 h1:M10b2U7aEUY6hRtU870n2VTPgR5RZiL/I6Lcc2F4NUQ=
-sigs.k8s.io/yaml v1.5.0/go.mod h1:wZs27Rbxoai4C0f8/9urLZtZtF3avA3gKvGyPdDqTO4=
+gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b h1:h8qDotaEPuJATrMmW04NCwg7v22aHH28wwpauUhK9Oo=
+gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E=
+k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE=
+k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y=
+k8s.io/kube-openapi v0.0.0-20220401212409-b28bf2818661 h1:nqYOUleKLC/0P1zbU29F5q6aoezM6MOAVz+iyfQbZ5M=
+k8s.io/kube-openapi v0.0.0-20220401212409-b28bf2818661/go.mod h1:daOouuuwd9JXpv1L7Y34iV3yf6nxzipkKMWWlqlvK9M=
+k8s.io/utils v0.0.0-20210802155522-efc7438f0176/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
+sigs.k8s.io/kustomize/kyaml v0.13.8 h1:L4dSaDb6dL5mzv0UWSrUw8bskcEW+EnNtIObT5BoRsU=
+sigs.k8s.io/kustomize/kyaml v0.13.8/go.mod h1:QsRbD0/KcU+wdk0/L0fIp2KLnohkVzs6fQ85/nOXac4=
+sigs.k8s.io/structured-merge-diff/v4 v4.0.2/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw=
+sigs.k8s.io/yaml v1.2.0 h1:kr/MCeFWJWTwyaHoR9c8EjH9OumOmoF9YGiZd7lFm/Q=
+sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc=

api/ifc/ifc.go

@@ -28,20 +28,12 @@ type KvLoader interface {
 
 // Loader interface exposes methods to read bytes.
 type Loader interface {
-
-	// Repo returns the repo location if this Loader was created from a url
-	// or the empty string otherwise.
-	Repo() string
-
 	// Root returns the root location for this Loader.
 	Root() string
-
 	// New returns Loader located at newRoot.
 	New(newRoot string) (Loader, error)
-
 	// Load returns the bytes read from the location or an error.
 	Load(location string) ([]byte, error)
-
 	// Cleanup cleans the loader
 	Cleanup() error
 }

api/image/image_test.go

@@ -1,13 +1,12 @@
 // Copyright 2020 The Kubernetes Authors.
 // SPDX-License-Identifier: Apache-2.0
 
-package image_test
+package image
 
 import (
 	"testing"
 
 	"github.com/stretchr/testify/assert"
-	"sigs.k8s.io/kustomize/api/internal/image"
 )
 
 func TestIsImageMatched(t *testing.T) {
@@ -51,7 +50,7 @@ func TestIsImageMatched(t *testing.T) {
 
 	for _, tc := range testCases {
 		t.Run(tc.testName, func(t *testing.T) {
-			assert.Equal(t, tc.isMatched, image.IsImageMatched(tc.value, tc.name))
+			assert.Equal(t, tc.isMatched, IsImageMatched(tc.value, tc.name))
 		})
 	}
 }
@@ -117,7 +116,7 @@ func TestSplit(t *testing.T) {
 
 	for _, tc := range testCases {
 		t.Run(tc.testName, func(t *testing.T) {
-			name, tag, digest := image.Split(tc.value)
+			name, tag, digest := Split(tc.value)
 			assert.Equal(t, tc.name, name)
 			assert.Equal(t, tc.tag, tag)
 			assert.Equal(t, tc.digest, digest)

api/internal/accumulator/loadconfigfromcrds.go

@@ -7,11 +7,11 @@ import (
 	"encoding/json"
 	"strings"
 
+	"github.com/pkg/errors"
 	"k8s.io/kube-openapi/pkg/validation/spec"
 	"sigs.k8s.io/kustomize/api/ifc"
 	"sigs.k8s.io/kustomize/api/internal/plugins/builtinconfig"
 	"sigs.k8s.io/kustomize/api/types"
-	"sigs.k8s.io/kustomize/kyaml/errors"
 	"sigs.k8s.io/kustomize/kyaml/filesys"
 	"sigs.k8s.io/kustomize/kyaml/resid"
 	"sigs.k8s.io/yaml"
@@ -39,7 +39,7 @@ func LoadConfigFromCRDs(
 		}
 		m, err := makeNameToApiMap(content)
 		if err != nil {
-			return nil, errors.WrapPrefixf(err, "unable to parse open API definition from '%s'", path)
+			return nil, errors.Wrapf(err, "unable to parse open API definition from '%s'", path)
 		}
 		otherTc, err := makeConfigFromApiMap(m)
 		if err != nil {
@@ -144,7 +144,7 @@ func loadCrdIntoConfig(
 		}
 		_, label := property.Extensions.GetString(xLabelSelector)
 		if label {
-			err = theConfig.AddCommonLabelsFieldSpec(
+			err = theConfig.AddLabelFieldSpec(
 				makeFs(theGvk, append(path, propName)))
 			if err != nil {
 				return

api/internal/accumulator/loadconfigfromcrds_test.go

@@ -9,8 +9,8 @@ import (
 
 	"github.com/stretchr/testify/require"
 	. "sigs.k8s.io/kustomize/api/internal/accumulator"
-	"sigs.k8s.io/kustomize/api/internal/loader"
 	"sigs.k8s.io/kustomize/api/internal/plugins/builtinconfig"
+	"sigs.k8s.io/kustomize/api/loader"
 	"sigs.k8s.io/kustomize/api/types"
 	"sigs.k8s.io/kustomize/kyaml/filesys"
 	"sigs.k8s.io/kustomize/kyaml/resid"

api/internal/accumulator/namereferencetransformer_test.go

@@ -590,7 +590,7 @@ func TestNameReferenceUnhappyRun(t *testing.T) {
 func TestNameReferencePersistentVolumeHappyRun(t *testing.T) {
 	rf := provider.NewDefaultDepProvider().GetResourceFactory()
 
-	v1, err := rf.FromMapWithName(
+	v1 := rf.FromMapWithName(
 		"volume1",
 		map[string]interface{}{
 			"apiVersion": "v1",
@@ -599,10 +599,7 @@ func TestNameReferencePersistentVolumeHappyRun(t *testing.T) {
 				"name": "someprefix-volume1",
 			},
 		})
-	if err != nil {
-		t.Fatalf("failed to get new instance with given name: %v", err)
-	}
-	c1, err := rf.FromMapWithName(
+	c1 := rf.FromMapWithName(
 		"claim1",
 		map[string]interface{}{
 			"apiVersion": "v1",
@@ -615,11 +612,9 @@ func TestNameReferencePersistentVolumeHappyRun(t *testing.T) {
 				"volumeName": "volume1",
 			},
 		})
-	if err != nil {
-		t.Fatalf("failed to get new instance with given name: %v", err)
-	}
+
 	v2 := v1.DeepCopy()
-	c2, err := rf.FromMapWithName(
+	c2 := rf.FromMapWithName(
 		"claim1",
 		map[string]interface{}{
 			"apiVersion": "v1",
@@ -632,9 +627,6 @@ func TestNameReferencePersistentVolumeHappyRun(t *testing.T) {
 				"volumeName": "someprefix-volume1",
 			},
 		})
-	if err != nil {
-		t.Fatalf("failed to get new instance with given name: %v", err)
-	}
 
 	m1 := resmaptest_test.NewRmBuilder(t, rf).AddR(v1).AddR(c1).ResMap()
 

api/internal/accumulator/resaccumulator.go

@@ -170,10 +170,9 @@ func (ra *ResAccumulator) FixBackReferences() (err error) {
 
 // Intersection drops the resources which "other" does not have.
 func (ra *ResAccumulator) Intersection(other resmap.ResMap) error {
-	otherIds := other.AllIds() //nolint:revive
 	for _, curId := range ra.resMap.AllIds() {
 		toDelete := true
-		for _, otherId := range otherIds {
+		for _, otherId := range other.AllIds() {
 			if otherId == curId {
 				toDelete = false
 				break

api/internal/accumulator/resaccumulator_test.go

@@ -64,7 +64,7 @@ func makeResAccumulator(t *testing.T) *ResAccumulator {
 					"name": "backendTwo",
 				}}).ResMap())
 	if err != nil {
-		t.Fatalf("failed to append resources: %v", err)
+		t.Fatalf("unexpected err: %v", err)
 	}
 	return ra
 }
@@ -143,26 +143,22 @@ func expectLog(t *testing.T, log bytes.Buffer, expect string) {
 func TestResolveVarsVarNeedsDisambiguation(t *testing.T) {
 	ra := makeResAccumulator(t)
 	rm0 := resmap.New()
-
-	r, err := provider.NewDefaultDepProvider().GetResourceFactory().FromMap(
-		map[string]interface{}{
-			"apiVersion": "v1",
-			"kind":       "Service",
-			"metadata": map[string]interface{}{
-				"name":      "backendOne",
-				"namespace": "fooNamespace",
-			},
-		})
+	err := rm0.Append(
+		provider.NewDefaultDepProvider().GetResourceFactory().FromMap(
+			map[string]interface{}{
+				"apiVersion": "v1",
+				"kind":       "Service",
+				"metadata": map[string]interface{}{
+					"name":      "backendOne",
+					"namespace": "fooNamespace",
+				},
+			}))
 	if err != nil {
-		t.Fatalf("failed to get instance of resources: %v", err)
-	}
-	err = rm0.Append(r)
-	if err != nil {
-		t.Fatalf("failed to append a resource to ResMap: %v", err)
+		t.Fatalf("unexpected err: %v", err)
 	}
 	err = ra.AppendAll(rm0)
 	if err != nil {
-		t.Fatalf("failed to append a resource to ResAccumulator: %v", err)
+		t.Fatalf("unexpected err: %v", err)
 	}
 
 	err = ra.MergeVars([]types.Var{
@@ -231,11 +227,7 @@ func TestResolveVarConflicts(t *testing.T) {
 	// create accumulators holding apparently conflicting vars that are not
 	// actually in conflict because they point to the same concrete value.
 	rm0 := resmap.New()
-	r0, err0 := rf.FromMap(fooAws)
-	if err0 != nil {
-		t.Fatalf("failed to get instance of resources: %v", err0)
-	}
-	err := rm0.Append(r0)
+	err := rm0.Append(rf.FromMap(fooAws))
 	require.NoError(t, err)
 	ac0 := MakeEmptyAccumulator()
 	err = ac0.AppendAll(rm0)
@@ -244,11 +236,7 @@ func TestResolveVarConflicts(t *testing.T) {
 	require.NoError(t, err)
 
 	rm1 := resmap.New()
-	r1, err1 := rf.FromMap(barAws)
-	if err1 != nil {
-		t.Fatalf("failed to get instance of resources: %v", err1)
-	}
-	err = rm1.Append(r1)
+	err = rm1.Append(rf.FromMap(barAws))
 	require.NoError(t, err)
 	ac1 := MakeEmptyAccumulator()
 	err = ac1.AppendAll(rm1)
@@ -267,11 +255,7 @@ func TestResolveVarConflicts(t *testing.T) {
 	// two above (because it contains a variable whose name is used in the other
 	// accumulators AND whose concrete values are different).
 	rm2 := resmap.New()
-	r2, err2 := rf.FromMap(barGcp)
-	if err2 != nil {
-		t.Fatalf("failed to get instance of resources: %v", err2)
-	}
-	err = rm2.Append(r2)
+	err = rm2.Append(rf.FromMap(barGcp))
 	require.NoError(t, err)
 	ac2 := MakeEmptyAccumulator()
 	err = ac2.AppendAll(rm2)

api/internal/builtins/AnnotationsTransformer.go

@@ -1,4 +1,6 @@
 // Code generated by pluginator on AnnotationsTransformer; DO NOT EDIT.
+// pluginator {unknown  1970-01-01T00:00:00Z  }
+
 package builtins
 
 import (

api/internal/builtins/ConfigMapGenerator.go

@@ -1,4 +1,6 @@
 // Code generated by pluginator on ConfigMapGenerator; DO NOT EDIT.
+// pluginator {unknown  1970-01-01T00:00:00Z  }
+
 package builtins
 
 import (

api/internal/builtins/HashTransformer.go

@@ -1,4 +1,6 @@
 // Code generated by pluginator on HashTransformer; DO NOT EDIT.
+// pluginator {unknown  1970-01-01T00:00:00Z  }
+
 package builtins
 
 import (

api/internal/builtins/HelmChartInflationGenerator.go

@@ -1,27 +1,27 @@
 // Code generated by pluginator on HelmChartInflationGenerator; DO NOT EDIT.
+// pluginator {unknown  1970-01-01T00:00:00Z  }
+
 package builtins
 
 import (
 	"bytes"
 	"fmt"
+	"io/ioutil"
 	"os"
 	"os/exec"
 	"path/filepath"
 	"regexp"
-	"slices"
 	"strings"
 
-	"sigs.k8s.io/kustomize/api/konfig"
+	"github.com/imdario/mergo"
+	"github.com/pkg/errors"
 	"sigs.k8s.io/kustomize/api/resmap"
 	"sigs.k8s.io/kustomize/api/types"
-	"sigs.k8s.io/kustomize/kyaml/errors"
-	"sigs.k8s.io/kustomize/kyaml/kio"
-	kyaml "sigs.k8s.io/kustomize/kyaml/yaml"
-	"sigs.k8s.io/kustomize/kyaml/yaml/merge2"
 	"sigs.k8s.io/yaml"
 )
 
-// Generate resources from a remote or local helm chart.
+// HelmChartInflationGeneratorPlugin is a plugin to generate resources
+// from a remote or local helm chart.
 type HelmChartInflationGeneratorPlugin struct {
 	h *resmap.PluginHelpers
 	types.HelmGlobals
@@ -29,6 +29,8 @@ type HelmChartInflationGeneratorPlugin struct {
 	tmpDir string
 }
 
+var KustomizePlugin HelmChartInflationGeneratorPlugin
+
 const (
 	valuesMergeOptionMerge    = "merge"
 	valuesMergeOptionOverride = "override"
@@ -54,18 +56,6 @@ func (p *HelmChartInflationGeneratorPlugin) Config(
 	if h.GeneralConfig().HelmConfig.Command == "" {
 		return fmt.Errorf("must specify --helm-command")
 	}
-
-	// CLI args takes precedence
-	if h.GeneralConfig().HelmConfig.KubeVersion != "" {
-		p.HelmChart.KubeVersion = h.GeneralConfig().HelmConfig.KubeVersion
-	}
-	if len(h.GeneralConfig().HelmConfig.ApiVersions) != 0 {
-		p.HelmChart.ApiVersions = h.GeneralConfig().HelmConfig.ApiVersions
-	}
-	if h.GeneralConfig().HelmConfig.Debug {
-		p.HelmChart.Debug = h.GeneralConfig().HelmConfig.Debug
-	}
-
 	p.h = h
 	if err = yaml.Unmarshal(config, p); err != nil {
 		return
@@ -83,7 +73,7 @@ func (p *HelmChartInflationGeneratorPlugin) establishTmpDir() (err error) {
 		// already done.
 		return nil
 	}
-	p.tmpDir, err = os.MkdirTemp("", "kustomize-helm-")
+	p.tmpDir, err = ioutil.TempDir("", "kustomize-helm-")
 	return err
 }
 
@@ -97,22 +87,14 @@ func (p *HelmChartInflationGeneratorPlugin) validateArgs() (err error) {
 	// the loader root (unless root restrictions are
 	// disabled, in which case this can be an absolute path).
 	if p.ChartHome == "" {
-		p.ChartHome = types.HelmDefaultHome
+		p.ChartHome = "charts"
 	}
 
-	// The ValuesFile(s) may be consulted by the plugin, so it must
+	// The ValuesFile may be consulted by the plugin, so it must
 	// be under the loader root (unless root restrictions are
 	// disabled).
 	if p.ValuesFile == "" {
-		p.ValuesFile = filepath.Join(p.absChartHome(), p.Name, "values.yaml")
-	}
-	for i, file := range p.AdditionalValuesFiles {
-		// use Load() to enforce root restrictions
-		if _, err := p.h.Loader().Load(file); err != nil {
-			return errors.WrapPrefixf(err, "could not load additionalValuesFile")
-		}
-		// the additional values filepaths must be relative to the kust root
-		p.AdditionalValuesFiles[i] = filepath.Join(p.h.Loader().Root(), file)
+		p.ValuesFile = filepath.Join(p.ChartHome, p.Name, "values.yaml")
 	}
 
 	if err = p.errIfIllegalValuesMerge(); err != nil {
@@ -122,7 +104,7 @@ func (p *HelmChartInflationGeneratorPlugin) validateArgs() (err error) {
 	// ConfigHome is not loaded by the plugin, and can be located anywhere.
 	if p.ConfigHome == "" {
 		if err = p.establishTmpDir(); err != nil {
-			return errors.WrapPrefixf(
+			return errors.Wrap(
 				err, "unable to create tmp dir for HELM_CONFIG_HOME")
 		}
 		p.ConfigHome = filepath.Join(p.tmpDir, "helm")
@@ -145,17 +127,10 @@ func (p *HelmChartInflationGeneratorPlugin) errIfIllegalValuesMerge() error {
 }
 
 func (p *HelmChartInflationGeneratorPlugin) absChartHome() string {
-	var chartHome string
 	if filepath.IsAbs(p.ChartHome) {
-		chartHome = p.ChartHome
-	} else {
-		chartHome = filepath.Join(p.h.Loader().Root(), p.ChartHome)
+		return p.ChartHome
 	}
-
-	if p.Version != "" && p.Repo != "" {
-		return filepath.Join(chartHome, fmt.Sprintf("%s-%s", p.Name, p.Version))
-	}
-	return chartHome
+	return filepath.Join(p.h.Loader().Root(), p.ChartHome)
 }
 
 func (p *HelmChartInflationGeneratorPlugin) runHelmCommand(
@@ -171,17 +146,13 @@ func (p *HelmChartInflationGeneratorPlugin) runHelmCommand(
 		fmt.Sprintf("HELM_DATA_HOME=%s/.data", p.ConfigHome)}
 	cmd.Env = append(os.Environ(), env...)
 	err := cmd.Run()
-	errorOutput := stderr.String()
-	if slices.Contains(args, "--debug") {
-		errorOutput = " Helm stack trace:\n" + errorOutput + "\nHelm template:\n" + stdout.String() + "\n"
-	}
 	if err != nil {
 		helm := p.h.GeneralConfig().HelmConfig.Command
-		err = errors.WrapPrefixf(
+		err = errors.Wrap(
 			fmt.Errorf(
-				"unable to run: '%s %s' with env=%s (is '%s' installed?): %w",
-				helm, strings.Join(args, " "), env, helm, err),
-			"%s", errorOutput,
+				"unable to run: '%s %s' with env=%s (is '%s' installed?)",
+				helm, strings.Join(args, " "), env, helm),
+			stderr.String(),
 		)
 	}
 	return stdout.Bytes(), err
@@ -209,33 +180,18 @@ func (p *HelmChartInflationGeneratorPlugin) replaceValuesInline() error {
 	if err != nil {
 		return err
 	}
-	chValues, err := kyaml.Parse(string(pValues))
-	if err != nil {
-		return errors.WrapPrefixf(err, "could not parse values file into rnode")
+	chValues := make(map[string]interface{})
+	if err = yaml.Unmarshal(pValues, &chValues); err != nil {
+		return err
 	}
-	inlineValues, err := kyaml.FromMap(p.ValuesInline)
-	if err != nil {
-		return errors.WrapPrefixf(err, "could not parse values inline into rnode")
-	}
-	var outValues *kyaml.RNode
 	switch p.ValuesMerge {
-	// Function `merge2.Merge` overrides values in dest with values from src.
-	// To achieve override or merge behavior, we pass parameters in different order.
-	// Object passed as dest will be modified, so we copy it just in case someone
-	// decides to use it after this is called.
 	case valuesMergeOptionOverride:
-		outValues, err = merge2.Merge(inlineValues, chValues.Copy(), kyaml.MergeOptions{})
+		err = mergo.Merge(
+			&chValues, p.ValuesInline, mergo.WithOverride)
 	case valuesMergeOptionMerge:
-		outValues, err = merge2.Merge(chValues, inlineValues.Copy(), kyaml.MergeOptions{})
+		err = mergo.Merge(&chValues, p.ValuesInline)
 	}
-	if err != nil {
-		return errors.WrapPrefixf(err, "could not merge values")
-	}
-	mapValues, err := outValues.Map()
-	if err != nil {
-		return errors.WrapPrefixf(err, "could not parse merged values into map")
-	}
-	p.ValuesInline = mapValues
+	p.ValuesInline = chValues
 	return err
 }
 
@@ -255,7 +211,7 @@ func (p *HelmChartInflationGeneratorPlugin) writeValuesBytes(
 		return "", fmt.Errorf("cannot create tmp dir to write helm values")
 	}
 	path := filepath.Join(p.tmpDir, p.Name+"-kustomize-values.yaml")
-	return path, errors.WrapPrefixf(os.WriteFile(path, b, 0644), "failed to write values file")
+	return path, ioutil.WriteFile(path, b, 0644)
 }
 
 func (p *HelmChartInflationGeneratorPlugin) cleanup() {
@@ -288,37 +244,46 @@ func (p *HelmChartInflationGeneratorPlugin) Generate() (rm resmap.ResMap, err er
 		return nil, err
 	}
 	var stdout []byte
-	stdout, err = p.runHelmCommand(p.AsHelmArgs(p.absChartHome()))
+	stdout, err = p.runHelmCommand(p.templateCommand())
 	if err != nil {
 		return nil, err
 	}
 
-	rm, resMapErr := p.h.ResmapFactory().NewResMapFromBytes(stdout)
-	if resMapErr == nil {
-		if err := p.markHelmGeneratedResources(rm); err != nil {
-			return nil, err
-		}
+	rm, err = p.h.ResmapFactory().NewResMapFromBytes(stdout)
+	if err == nil {
 		return rm, nil
 	}
 	// try to remove the contents before first "---" because
 	// helm may produce messages to stdout before it
-	r := &kio.ByteReader{Reader: bytes.NewBuffer(stdout), OmitReaderAnnotations: true}
-	nodes, err := r.Read()
-	if err != nil {
-		return nil, fmt.Errorf("error reading helm output: %w", err)
+	stdoutStr := string(stdout)
+	if idx := strings.Index(stdoutStr, "---"); idx != -1 {
+		return p.h.ResmapFactory().NewResMapFromBytes([]byte(stdoutStr[idx:]))
 	}
+	return nil, err
+}
 
-	if len(nodes) != 0 {
-		rm, err = p.h.ResmapFactory().NewResMapFromRNodeSlice(nodes)
-		if err != nil {
-			return nil, fmt.Errorf("could not parse rnode slice into resource map: %w", err)
-		}
-		if err := p.markHelmGeneratedResources(rm); err != nil {
-			return nil, err
-		}
-		return rm, nil
+func (p *HelmChartInflationGeneratorPlugin) templateCommand() []string {
+	args := []string{"template"}
+	if p.ReleaseName != "" {
+		args = append(args, p.ReleaseName)
 	}
-	return nil, fmt.Errorf("could not parse bytes into resource map: %w", resMapErr)
+	if p.Namespace != "" {
+		args = append(args, "--namespace", p.Namespace)
+	}
+	args = append(args, filepath.Join(p.absChartHome(), p.Name))
+	if p.ValuesFile != "" {
+		args = append(args, "--values", p.ValuesFile)
+	}
+	if p.ReleaseName == "" {
+		// AFAICT, this doesn't work as intended due to a bug in helm.
+		// See https://github.com/helm/helm/issues/6019
+		// I've tried placing the flag before and after the name argument.
+		args = append(args, "--generate-name")
+	}
+	if p.IncludeCRDs {
+		args = append(args, "--include-crds")
+	}
+	return args
 }
 
 func (p *HelmChartInflationGeneratorPlugin) pullCommand() []string {
@@ -326,24 +291,11 @@ func (p *HelmChartInflationGeneratorPlugin) pullCommand() []string {
 		"pull",
 		"--untar",
 		"--untardir", p.absChartHome(),
-	}
-
-	switch {
-	case strings.HasPrefix(p.Repo, "oci://"):
-		args = append(args, strings.TrimSuffix(p.Repo, "/")+"/"+p.Name)
-	case p.Repo != "":
-		args = append(args, "--repo", p.Repo)
-		fallthrough
-	default:
-		args = append(args, p.Name)
-	}
-
+		"--repo", p.Repo,
+		p.Name}
 	if p.Version != "" {
 		args = append(args, "--version", p.Version)
 	}
-	if p.Devel {
-		args = append(args, "--devel")
-	}
 	return args
 }
 
@@ -358,18 +310,9 @@ func (p *HelmChartInflationGeneratorPlugin) chartExistsLocally() (string, bool)
 	return path, s.IsDir()
 }
 
-func (p *HelmChartInflationGeneratorPlugin) markHelmGeneratedResources(rm resmap.ResMap) error {
-	for _, r := range rm.Resources() {
-		if err := r.RNode.PipeE(kyaml.SetAnnotation(konfig.HelmGeneratedAnnotation, "true")); err != nil {
-			return fmt.Errorf("failed to set helm annotation: %w", err)
-		}
-	}
-	return nil
-}
-
-// checkHelmVersion will return an error if the helm version is not V3 or V4
+// checkHelmVersion will return an error if the helm version is not V3
 func (p *HelmChartInflationGeneratorPlugin) checkHelmVersion() error {
-	stdout, err := p.runHelmCommand([]string{"version", "--short"})
+	stdout, err := p.runHelmCommand([]string{"version", "-c", "--short"})
 	if err != nil {
 		return err
 	}
@@ -385,8 +328,8 @@ func (p *HelmChartInflationGeneratorPlugin) checkHelmVersion() error {
 		v = v[1:]
 	}
 	majorVersion := strings.Split(v, ".")[0]
-	if majorVersion != "3" && majorVersion != "4" {
-		return fmt.Errorf("this plugin requires helm V3 or V4 but got v%s", v)
+	if majorVersion != "3" {
+		return fmt.Errorf("this plugin requires helm V3 but got v%s", v)
 	}
 	return nil
 }

api/internal/builtins/IAMPolicyGenerator.go

@@ -1,4 +1,6 @@
 // Code generated by pluginator on IAMPolicyGenerator; DO NOT EDIT.
+// pluginator {unknown  1970-01-01T00:00:00Z  }
+
 package builtins
 
 import (

api/internal/builtins/ImageTagTransformer.go

@@ -1,4 +1,6 @@
 // Code generated by pluginator on ImageTagTransformer; DO NOT EDIT.
+// pluginator {unknown  1970-01-01T00:00:00Z  }
+
 package builtins
 
 import (

api/internal/builtins/LabelTransformer.go

@@ -1,4 +1,6 @@
 // Code generated by pluginator on LabelTransformer; DO NOT EDIT.
+// pluginator {unknown  1970-01-01T00:00:00Z  }
+
 package builtins
 
 import (

api/internal/builtins/LegacyOrderTransformer.go

@@ -0,0 +1,46 @@
+// Code generated by pluginator on LegacyOrderTransformer; DO NOT EDIT.
+// pluginator {unknown  1970-01-01T00:00:00Z  }
+
+package builtins
+
+import (
+	"sort"
+
+	"github.com/pkg/errors"
+	"sigs.k8s.io/kustomize/api/resmap"
+	"sigs.k8s.io/kustomize/api/resource"
+)
+
+// Sort the resources using an ordering defined in the Gvk class.
+// This puts cluster-wide basic resources with no
+// dependencies (like Namespace, StorageClass, etc.)
+// first, and resources with a high number of dependencies
+// (like ValidatingWebhookConfiguration) last.
+type LegacyOrderTransformerPlugin struct{}
+
+// Nothing needed for configuration.
+func (p *LegacyOrderTransformerPlugin) Config(
+	_ *resmap.PluginHelpers, _ []byte) (err error) {
+	return nil
+}
+
+func (p *LegacyOrderTransformerPlugin) Transform(m resmap.ResMap) (err error) {
+	resources := make([]*resource.Resource, m.Size())
+	ids := m.AllIds()
+	sort.Sort(resmap.IdSlice(ids))
+	for i, id := range ids {
+		resources[i], err = m.GetByCurrentId(id)
+		if err != nil {
+			return errors.Wrap(err, "expected match for sorting")
+		}
+	}
+	m.Clear()
+	for _, r := range resources {
+		m.Append(r)
+	}
+	return nil
+}
+
+func NewLegacyOrderTransformerPlugin() resmap.TransformerPlugin {
+	return &LegacyOrderTransformerPlugin{}
+}

api/internal/builtins/NamespaceTransformer.go

@@ -1,11 +1,12 @@
 // Code generated by pluginator on NamespaceTransformer; DO NOT EDIT.
+// pluginator {unknown  1970-01-01T00:00:00Z  }
+
 package builtins
 
 import (
 	"fmt"
 
 	"sigs.k8s.io/kustomize/api/filters/namespace"
-	"sigs.k8s.io/kustomize/api/konfig"
 	"sigs.k8s.io/kustomize/api/resmap"
 	"sigs.k8s.io/kustomize/api/types"
 	"sigs.k8s.io/kustomize/kyaml/errors"
@@ -13,8 +14,6 @@ import (
 )
 
 // Change or set the namespace of non-cluster level resources.
-//
-//nolint:tagalign
 type NamespaceTransformerPlugin struct {
 	types.ObjectMeta       `json:"metadata,omitempty" yaml:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`
 	FieldSpecs             []types.FieldSpec                `json:"fieldSpecs,omitempty" yaml:"fieldSpecs,omitempty"`
@@ -52,10 +51,6 @@ func (p *NamespaceTransformerPlugin) Transform(m resmap.ResMap) error {
 			// Don't mutate empty objects?
 			continue
 		}
-		if annotations := r.GetAnnotations(konfig.HelmGeneratedAnnotation); annotations[konfig.HelmGeneratedAnnotation] == "true" {
-			// Don't apply namespace on Helm generated manifest. Helm should take care of it.
-			continue
-		}
 		r.StorePreviousId()
 		if err := r.ApplyFilter(namespace.Filter{
 			Namespace:              p.Namespace,

api/internal/builtins/PatchJson6902Transformer.go

@@ -1,15 +1,17 @@
 // Code generated by pluginator on PatchJson6902Transformer; DO NOT EDIT.
+// pluginator {unknown  1970-01-01T00:00:00Z  }
+
 package builtins
 
 import (
 	"fmt"
 
-	jsonpatch "gopkg.in/evanphx/json-patch.v4"
+	jsonpatch "github.com/evanphx/json-patch"
+	"github.com/pkg/errors"
 	"sigs.k8s.io/kustomize/api/filters/patchjson6902"
 	"sigs.k8s.io/kustomize/api/ifc"
 	"sigs.k8s.io/kustomize/api/resmap"
 	"sigs.k8s.io/kustomize/api/types"
-	"sigs.k8s.io/kustomize/kyaml/errors"
 	"sigs.k8s.io/kustomize/kyaml/kio/kioutil"
 	"sigs.k8s.io/yaml"
 )
@@ -59,7 +61,7 @@ func (p *PatchJson6902TransformerPlugin) Config(
 	}
 	p.decodedPatch, err = jsonpatch.DecodePatch([]byte(p.JsonOp))
 	if err != nil {
-		return errors.WrapPrefixf(err, "decoding %s", p.JsonOp)
+		return errors.Wrapf(err, "decoding %s", p.JsonOp)
 	}
 	if len(p.decodedPatch) == 0 {
 		return fmt.Errorf(

api/internal/builtins/PatchStrategicMergeTransformer.go

@@ -1,4 +1,6 @@
 // Code generated by pluginator on PatchStrategicMergeTransformer; DO NOT EDIT.
+// pluginator {unknown  1970-01-01T00:00:00Z  }
+
 package builtins
 
 import (

api/internal/builtins/PatchTransformer.go

@@ -1,135 +1,110 @@
 // Code generated by pluginator on PatchTransformer; DO NOT EDIT.
+// pluginator {unknown  1970-01-01T00:00:00Z  }
+
 package builtins
 
 import (
 	"fmt"
 	"strings"
 
-	jsonpatch "gopkg.in/evanphx/json-patch.v4"
+	jsonpatch "github.com/evanphx/json-patch"
 	"sigs.k8s.io/kustomize/api/filters/patchjson6902"
 	"sigs.k8s.io/kustomize/api/resmap"
 	"sigs.k8s.io/kustomize/api/resource"
 	"sigs.k8s.io/kustomize/api/types"
-	"sigs.k8s.io/kustomize/kyaml/errors"
 	"sigs.k8s.io/kustomize/kyaml/kio/kioutil"
 	"sigs.k8s.io/yaml"
 )
 
 type PatchTransformerPlugin struct {
-	smPatches   []*resource.Resource // strategic-merge patches
-	jsonPatches jsonpatch.Patch      // json6902 patch
-	// patchText is pure patch text created by Path or Patch
-	patchText string
-	// patchSource is patch source message
-	patchSource string
-	Path        string           `json:"path,omitempty"    yaml:"path,omitempty"`
-	Patch       string           `json:"patch,omitempty"   yaml:"patch,omitempty"`
-	Target      *types.Selector  `json:"target,omitempty"  yaml:"target,omitempty"`
-	Options     *types.PatchArgs `json:"options,omitempty" yaml:"options,omitempty"`
+	loadedPatch  *resource.Resource
+	decodedPatch jsonpatch.Patch
+	Path         string          `json:"path,omitempty" yaml:"path,omitempty"`
+	Patch        string          `json:"patch,omitempty" yaml:"patch,omitempty"`
+	Target       *types.Selector `json:"target,omitempty" yaml:"target,omitempty"`
+	Options      map[string]bool `json:"options,omitempty" yaml:"options,omitempty"`
 }
 
-func (p *PatchTransformerPlugin) Config(h *resmap.PluginHelpers, c []byte) error {
-	if err := yaml.Unmarshal(c, p); err != nil {
+func (p *PatchTransformerPlugin) Config(
+	h *resmap.PluginHelpers, c []byte) error {
+	err := yaml.Unmarshal(c, p)
+	if err != nil {
 		return err
 	}
-
 	p.Patch = strings.TrimSpace(p.Patch)
-	switch {
-	case p.Patch == "" && p.Path == "":
-		return fmt.Errorf("must specify one of patch and path in\n%s", string(c))
-	case p.Patch != "" && p.Path != "":
-		return fmt.Errorf("patch and path can't be set at the same time\n%s", string(c))
-	case p.Patch != "":
-		p.patchText = p.Patch
-		p.patchSource = fmt.Sprintf("[patch: %q]", p.patchText)
-	case p.Path != "":
-		loaded, err := h.Loader().Load(p.Path)
-		if err != nil {
-			return fmt.Errorf("failed to get the patch file from path(%s): %w", p.Path, err)
+	if p.Patch == "" && p.Path == "" {
+		return fmt.Errorf(
+			"must specify one of patch and path in\n%s", string(c))
+	}
+	if p.Patch != "" && p.Path != "" {
+		return fmt.Errorf(
+			"patch and path can't be set at the same time\n%s", string(c))
+	}
+	if p.Path != "" {
+		loaded, loadErr := h.Loader().Load(p.Path)
+		if loadErr != nil {
+			return loadErr
 		}
-		p.patchText = string(loaded)
-		p.patchSource = fmt.Sprintf("[path: %q]", p.Path)
+		p.Patch = string(loaded)
 	}
 
-	patchesSM, errSM := h.ResmapFactory().RF().SliceFromBytes([]byte(p.patchText))
-	patchesJson, errJson := jsonPatchFromBytes([]byte(p.patchText))
-
-	if ((errSM == nil && errJson == nil) ||
-		(patchesSM != nil && patchesJson != nil)) &&
-		(len(patchesSM) > 0 && len(patchesJson) > 0) {
+	patchSM, errSM := h.ResmapFactory().RF().FromBytes([]byte(p.Patch))
+	patchJson, errJson := jsonPatchFromBytes([]byte(p.Patch))
+	if (errSM == nil && errJson == nil) ||
+		(patchSM != nil && patchJson != nil) {
 		return fmt.Errorf(
-			"illegally qualifies as both an SM and JSON patch: %s",
-			p.patchSource)
+			"illegally qualifies as both an SM and JSON patch: [%v]",
+			p.Patch)
 	}
 	if errSM != nil && errJson != nil {
 		return fmt.Errorf(
-			"unable to parse SM or JSON patch from %s", p.patchSource)
+			"unable to parse SM or JSON patch from [%v]", p.Patch)
 	}
 	if errSM == nil {
-		p.smPatches = patchesSM
-		for _, loadedPatch := range p.smPatches {
-			if p.Options == nil {
-				continue
-			}
-
-			if p.Options.AllowNameChange {
-				loadedPatch.AllowNameChange()
-			}
-			if p.Options.AllowKindChange {
-				loadedPatch.AllowKindChange()
-			}
+		p.loadedPatch = patchSM
+		if p.Options["allowNameChange"] {
+			p.loadedPatch.AllowNameChange()
+		}
+		if p.Options["allowKindChange"] {
+			p.loadedPatch.AllowKindChange()
 		}
 	} else {
-		p.jsonPatches = patchesJson
+		p.decodedPatch = patchJson
 	}
 	return nil
 }
 
 func (p *PatchTransformerPlugin) Transform(m resmap.ResMap) error {
-	if p.smPatches != nil {
-		return p.transformStrategicMerge(m)
+	if p.loadedPatch == nil {
+		return p.transformJson6902(m, p.decodedPatch)
 	}
-	if p.jsonPatches != nil {
-		return p.transformJson6902(m)
-	}
-	return nil
+	// The patch was a strategic merge patch
+	return p.transformStrategicMerge(m, p.loadedPatch)
 }
 
-// transformStrategicMerge applies each loaded strategic merge patch
-// to the resource in the ResMap that matches the identifier of the patch.
-// If only one patch is specified, the Target can be used instead.
-func (p *PatchTransformerPlugin) transformStrategicMerge(m resmap.ResMap) error {
-	if p.Target != nil {
-		if len(p.smPatches) > 1 {
-			// detail: https://github.com/kubernetes-sigs/kustomize/issues/5049#issuecomment-1440604403
-			return fmt.Errorf("Multiple Strategic-Merge Patches in one `patches` entry is not allowed to set `patches.target` field: %s", p.patchSource)
-		}
-
-		// single patch
-		patch := p.smPatches[0]
-		selected, err := m.Select(*p.Target)
-		if err != nil {
-			return fmt.Errorf("unable to find patch target %q in `resources`: %w", p.Target, err)
-		}
-		return errors.Wrap(m.ApplySmPatch(resource.MakeIdSet(selected), patch))
-	}
-
-	for _, patch := range p.smPatches {
+// transformStrategicMerge applies the provided strategic merge patch
+// to all the resources in the ResMap that match either the Target or
+// the identifier of the patch.
+func (p *PatchTransformerPlugin) transformStrategicMerge(m resmap.ResMap, patch *resource.Resource) error {
+	if p.Target == nil {
 		target, err := m.GetById(patch.OrgId())
 		if err != nil {
-			return fmt.Errorf("no resource matches strategic merge patch %q: %w", patch.OrgId(), err)
-		}
-		if err := target.ApplySmPatch(patch); err != nil {
-			return errors.Wrap(err)
+			return err
 		}
+		return target.ApplySmPatch(patch)
 	}
-	return nil
+	selected, err := m.Select(*p.Target)
+	if err != nil {
+		return err
+	}
+	return m.ApplySmPatch(resource.MakeIdSet(selected), patch)
 }
 
-// transformJson6902 applies json6902 Patch to all the resources in the ResMap that match Target.
-func (p *PatchTransformerPlugin) transformJson6902(m resmap.ResMap) error {
+// transformJson6902 applies the provided json6902 patch
+// to all the resources in the ResMap that match the Target.
+func (p *PatchTransformerPlugin) transformJson6902(m resmap.ResMap, patch jsonpatch.Patch) error {
 	if p.Target == nil {
-		return fmt.Errorf("must specify a target for JSON patch %s", p.patchSource)
+		return fmt.Errorf("must specify a target for patch %s", p.Patch)
 	}
 	resources, err := m.Select(*p.Target)
 	if err != nil {
@@ -139,7 +114,7 @@ func (p *PatchTransformerPlugin) transformJson6902(m resmap.ResMap) error {
 		res.StorePreviousId()
 		internalAnnotations := kioutil.GetInternalAnnotations(&res.RNode)
 		err = res.ApplyFilter(patchjson6902.Filter{
-			Patch: p.patchText,
+			Patch: p.Patch,
 		})
 		if err != nil {
 			return err
@@ -154,17 +129,16 @@ func (p *PatchTransformerPlugin) transformJson6902(m resmap.ResMap) error {
 	return nil
 }
 
-// jsonPatchFromBytes loads a Json 6902 patch from a bytes input
-func jsonPatchFromBytes(in []byte) (jsonpatch.Patch, error) {
+// jsonPatchFromBytes loads a Json 6902 patch from
+// a bytes input
+func jsonPatchFromBytes(
+	in []byte) (jsonpatch.Patch, error) {
 	ops := string(in)
 	if ops == "" {
 		return nil, fmt.Errorf("empty json patch operations")
 	}
 
 	if ops[0] != '[' {
-		// TODO(5049):
-		//   In the case of multiple yaml documents, return error instead of ignoring all but first.
-		//   Details: https://github.com/kubernetes-sigs/kustomize/pull/5194#discussion_r1256686728
 		jsonOps, err := yaml.YAMLToJSON(in)
 		if err != nil {
 			return nil, err

api/internal/builtins/PrefixTransformer.go

@@ -1,4 +1,6 @@
 // Code generated by pluginator on PrefixTransformer; DO NOT EDIT.
+// pluginator {unknown  1970-01-01T00:00:00Z  }
+
 package builtins
 
 import (

api/internal/builtins/ReplacementTransformer.go

@@ -1,4 +1,6 @@
 // Code generated by pluginator on ReplacementTransformer; DO NOT EDIT.
+// pluginator {unknown  1970-01-01T00:00:00Z  }
+
 package builtins
 
 import (
@@ -14,7 +16,7 @@ import (
 // Replace values in targets with values from a source
 type ReplacementTransformerPlugin struct {
 	ReplacementList []types.ReplacementField `json:"replacements,omitempty" yaml:"replacements,omitempty"`
-	replacements    []types.Replacement
+	Replacements    []types.Replacement      `json:"omitempty" yaml:"omitempty"`
 }
 
 func (p *ReplacementTransformerPlugin) Config(
@@ -47,19 +49,19 @@ func (p *ReplacementTransformerPlugin) Config(
 				if err := yaml.Unmarshal(content, &repl); err != nil {
 					return err
 				}
-				p.replacements = append(p.replacements, repl...)
+				p.Replacements = append(p.Replacements, repl...)
 			case reflect.Map:
 				repl := types.Replacement{}
 				if err := yaml.Unmarshal(content, &repl); err != nil {
 					return err
 				}
-				p.replacements = append(p.replacements, repl)
+				p.Replacements = append(p.Replacements, repl)
 			default:
 				return fmt.Errorf("unsupported replacement type encountered within replacement path: %v", items.Kind())
 			}
 		} else {
 			// replacement information is already loaded
-			p.replacements = append(p.replacements, r.Replacement)
+			p.Replacements = append(p.Replacements, r.Replacement)
 		}
 	}
 	return nil
@@ -67,7 +69,7 @@ func (p *ReplacementTransformerPlugin) Config(
 
 func (p *ReplacementTransformerPlugin) Transform(m resmap.ResMap) (err error) {
 	return m.ApplyFilter(replacement.Filter{
-		Replacements: p.replacements,
+		Replacements: p.Replacements,
 	})
 }
 

api/internal/builtins/ReplicaCountTransformer.go

@@ -1,4 +1,6 @@
 // Code generated by pluginator on ReplicaCountTransformer; DO NOT EDIT.
+// pluginator {unknown  1970-01-01T00:00:00Z  }
+
 package builtins
 
 import (

api/internal/builtins/SecretGenerator.go

@@ -1,4 +1,6 @@
 // Code generated by pluginator on SecretGenerator; DO NOT EDIT.
+// pluginator {unknown  1970-01-01T00:00:00Z  }
+
 package builtins
 
 import (

api/internal/builtins/SortOrderTransformer.go

@@ -1,236 +0,0 @@
-// Code generated by pluginator on SortOrderTransformer; DO NOT EDIT.
-package builtins
-
-import (
-	"sort"
-	"strings"
-
-	"sigs.k8s.io/kustomize/api/resmap"
-	"sigs.k8s.io/kustomize/api/resource"
-	"sigs.k8s.io/kustomize/api/types"
-	"sigs.k8s.io/kustomize/kyaml/errors"
-	"sigs.k8s.io/kustomize/kyaml/resid"
-	"sigs.k8s.io/yaml"
-)
-
-// Sort the resources using a customizable ordering based of Kind.
-// Defaults to the ordering of the GVK struct, which puts cluster-wide basic
-// resources with no dependencies (like Namespace, StorageClass, etc.) first,
-// and resources with a high number of dependencies
-// (like ValidatingWebhookConfiguration) last.
-type SortOrderTransformerPlugin struct {
-	SortOptions *types.SortOptions `json:"sortOptions,omitempty" yaml:"sortOptions,omitempty"`
-}
-
-func (p *SortOrderTransformerPlugin) Config(
-	_ *resmap.PluginHelpers, c []byte) error {
-	return errors.WrapPrefixf(yaml.Unmarshal(c, p), "Failed to unmarshal SortOrderTransformer config")
-}
-
-func (p *SortOrderTransformerPlugin) applyDefaults() {
-	// Default to FIFO sort, aka no-op.
-	if p.SortOptions == nil {
-		p.SortOptions = &types.SortOptions{
-			Order: types.FIFOSortOrder,
-		}
-	}
-
-	// If legacy sort is selected and no options are given, default to
-	// hardcoded order.
-	if p.SortOptions.Order == types.LegacySortOrder && p.SortOptions.LegacySortOptions == nil {
-		p.SortOptions.LegacySortOptions = &types.LegacySortOptions{
-			OrderFirst: defaultOrderFirst,
-			OrderLast:  defaultOrderLast,
-		}
-	}
-}
-
-func (p *SortOrderTransformerPlugin) validate() error {
-	// Check valid values for SortOrder
-	if p.SortOptions.Order != types.FIFOSortOrder && p.SortOptions.Order != types.LegacySortOrder {
-		return errors.Errorf("the field 'sortOptions.order' must be one of [%s, %s]",
-			types.FIFOSortOrder, types.LegacySortOrder)
-	}
-
-	// Validate that the only options set are the ones corresponding to the
-	// selected sort order.
-	if p.SortOptions.Order == types.FIFOSortOrder &&
-		p.SortOptions.LegacySortOptions != nil {
-		return errors.Errorf("the field 'sortOptions.legacySortOptions' is"+
-			" set but the selected sort order is '%v', not 'legacy'",
-			p.SortOptions.Order)
-	}
-	return nil
-}
-
-func (p *SortOrderTransformerPlugin) Transform(m resmap.ResMap) (err error) {
-	p.applyDefaults()
-	err = p.validate()
-	if err != nil {
-		return err
-	}
-
-	// Sort
-	if p.SortOptions.Order == types.LegacySortOrder {
-		s := newLegacyIDSorter(m.Resources(), p.SortOptions.LegacySortOptions)
-		sort.Sort(s)
-
-		// Clear the map and re-add the resources in the sorted order.
-		m.Clear()
-		for _, r := range s.resources {
-			err := m.Append(r)
-			if err != nil {
-				return errors.WrapPrefixf(err, "SortOrderTransformer: Failed to append to resources")
-			}
-		}
-	}
-	return nil
-}
-
-// Code for legacy sorting.
-// Legacy sorting is a "fixed" order sorting maintained for backwards
-// compatibility.
-
-// legacyIDSorter sorts resources based on two priority lists:
-// - orderFirst: Resources that should be placed in the start, in the given order.
-// - orderLast: Resources that should be placed in the end, in the given order.
-type legacyIDSorter struct {
-	// resids only stores the metadata of the object. This is an optimization as
-	// it's expensive to compute these again and again during ordering.
-	resids []resid.ResId
-	// Initially, we sorted the metadata (ResId) of each object and then called GetByCurrentId on each to construct the final list.
-	// The problem is that GetByCurrentId is inefficient and does a linear scan in a list every time we do that.
-	// So instead, we sort resources alongside the ResIds.
-	resources []*resource.Resource
-
-	typeOrders map[string]int
-}
-
-func newLegacyIDSorter(
-	resources []*resource.Resource,
-	options *types.LegacySortOptions) *legacyIDSorter {
-	// Precalculate a resource ranking based on the priority lists.
-	var typeOrders = func() map[string]int {
-		m := map[string]int{}
-		for i, n := range options.OrderFirst {
-			m[n] = -len(options.OrderFirst) + i
-		}
-		for i, n := range options.OrderLast {
-			m[n] = 1 + i
-		}
-		return m
-	}()
-
-	ret := &legacyIDSorter{typeOrders: typeOrders}
-	for _, res := range resources {
-		ret.resids = append(ret.resids, res.CurId())
-		ret.resources = append(ret.resources, res)
-	}
-	return ret
-}
-
-var _ sort.Interface = legacyIDSorter{}
-
-func (a legacyIDSorter) Len() int { return len(a.resids) }
-func (a legacyIDSorter) Swap(i, j int) {
-	a.resids[i], a.resids[j] = a.resids[j], a.resids[i]
-	a.resources[i], a.resources[j] = a.resources[j], a.resources[i]
-}
-func (a legacyIDSorter) Less(i, j int) bool {
-	if !a.resids[i].Gvk.Equals(a.resids[j].Gvk) {
-		return gvkLessThan(a.resids[i].Gvk, a.resids[j].Gvk, a.typeOrders)
-	}
-	return legacyResIDSortString(a.resids[i]) < legacyResIDSortString(a.resids[j])
-}
-
-func gvkLessThan(gvk1, gvk2 resid.Gvk, typeOrders map[string]int) bool {
-	index1 := typeOrders[gvk1.Kind]
-	index2 := typeOrders[gvk2.Kind]
-	if index1 != index2 {
-		return index1 < index2
-	}
-	if (gvk1.Kind == types.NamespaceKind && gvk2.Kind == types.NamespaceKind) && (gvk1.Group == "" || gvk2.Group == "") {
-		return legacyGVKSortString(gvk1) > legacyGVKSortString(gvk2)
-	}
-	return legacyGVKSortString(gvk1) < legacyGVKSortString(gvk2)
-}
-
-// legacyGVKSortString returns a string representation of given GVK used for
-// stable sorting.
-func legacyGVKSortString(x resid.Gvk) string {
-	legacyNoGroup := "~G"
-	legacyNoVersion := "~V"
-	legacyNoKind := "~K"
-	legacyFieldSeparator := "_"
-
-	g := x.Group
-	if g == "" {
-		g = legacyNoGroup
-	}
-	v := x.Version
-	if v == "" {
-		v = legacyNoVersion
-	}
-	k := x.Kind
-	if k == "" {
-		k = legacyNoKind
-	}
-	return strings.Join([]string{g, v, k}, legacyFieldSeparator)
-}
-
-// legacyResIDSortString returns a string representation of given ResID used for
-// stable sorting.
-func legacyResIDSortString(id resid.ResId) string {
-	legacyNoNamespace := "~X"
-	legacyNoName := "~N"
-	legacySeparator := "|"
-
-	ns := id.Namespace
-	if ns == "" {
-		ns = legacyNoNamespace
-	}
-	nm := id.Name
-	if nm == "" {
-		nm = legacyNoName
-	}
-	return strings.Join(
-		[]string{id.Gvk.String(), ns, nm}, legacySeparator)
-}
-
-// DO NOT CHANGE!
-// Final legacy ordering provided as a default by kustomize.
-// Originally an attempt to apply resources in the correct order, an effort
-// which later proved impossible as not all types are known beforehand.
-// See: https://github.com/kubernetes-sigs/kustomize/issues/3913
-var defaultOrderFirst = []string{ //nolint:gochecknoglobals
-	"Namespace",
-	"ResourceQuota",
-	"StorageClass",
-	"CustomResourceDefinition",
-	"ServiceAccount",
-	"PodSecurityPolicy",
-	"Role",
-	"ClusterRole",
-	"RoleBinding",
-	"ClusterRoleBinding",
-	"ConfigMap",
-	"Secret",
-	"Endpoints",
-	"Service",
-	"LimitRange",
-	"PriorityClass",
-	"PersistentVolume",
-	"PersistentVolumeClaim",
-	"Deployment",
-	"StatefulSet",
-	"CronJob",
-	"PodDisruptionBudget",
-}
-var defaultOrderLast = []string{ //nolint:gochecknoglobals
-	"MutatingWebhookConfiguration",
-	"ValidatingWebhookConfiguration",
-}
-
-func NewSortOrderTransformerPlugin() resmap.TransformerPlugin {
-	return &SortOrderTransformerPlugin{}
-}

api/internal/builtins/SuffixTransformer.go

@@ -1,4 +1,6 @@
 // Code generated by pluginator on SuffixTransformer; DO NOT EDIT.
+// pluginator {unknown  1970-01-01T00:00:00Z  }
+
 package builtins
 
 import (

api/internal/builtins/ValueAddTransformer.go

@@ -1,4 +1,6 @@
 // Code generated by pluginator on ValueAddTransformer; DO NOT EDIT.
+// pluginator {unknown  1970-01-01T00:00:00Z  }
+
 package builtins
 
 import (

api/internal/generators/configmap_test.go

@@ -10,7 +10,7 @@ import (
 	"github.com/stretchr/testify/assert"
 	. "sigs.k8s.io/kustomize/api/internal/generators"
 	"sigs.k8s.io/kustomize/api/kv"
-	"sigs.k8s.io/kustomize/api/pkg/loader"
+	"sigs.k8s.io/kustomize/api/loader"
 	valtest_test "sigs.k8s.io/kustomize/api/testutils/valtest"
 	"sigs.k8s.io/kustomize/api/types"
 	"sigs.k8s.io/kustomize/kyaml/filesys"

api/internal/generators/secret_test.go

@@ -10,7 +10,7 @@ import (
 	"github.com/stretchr/testify/assert"
 	. "sigs.k8s.io/kustomize/api/internal/generators"
 	"sigs.k8s.io/kustomize/api/kv"
-	"sigs.k8s.io/kustomize/api/pkg/loader"
+	"sigs.k8s.io/kustomize/api/loader"
 	valtest_test "sigs.k8s.io/kustomize/api/testutils/valtest"
 	"sigs.k8s.io/kustomize/api/types"
 	"sigs.k8s.io/kustomize/kyaml/filesys"

api/internal/generators/utils.go

@@ -5,8 +5,6 @@ package generators
 
 import (
 	"fmt"
-	"path"
-	"strings"
 
 	"github.com/go-errors/errors"
 	"sigs.k8s.io/kustomize/api/ifc"
@@ -97,28 +95,3 @@ func setImmutable(
 
 	return nil
 }
-
-// ParseFileSource parses the source given.
-//
-// Acceptable formats include:
-//  1. source-path: the basename will become the key name
-//  2. source-name=source-path: the source-name will become the key name and
-//     source-path is the path to the key file.
-//
-// Key names cannot include '='.
-func ParseFileSource(source string) (keyName, filePath string, err error) {
-	numSeparators := strings.Count(source, "=")
-	switch {
-	case numSeparators == 0:
-		return path.Base(source), source, nil
-	case numSeparators == 1 && strings.HasPrefix(source, "="):
-		return "", "", errors.Errorf("missing key name for file path %q in source %q", strings.TrimPrefix(source, "="), source)
-	case numSeparators == 1 && strings.HasSuffix(source, "="):
-		return "", "", errors.Errorf("missing file path for key name %q in source %q", strings.TrimSuffix(source, "="), source)
-	case numSeparators > 1:
-		return "", "", errors.Errorf("source %q key name or file path contains '='", source)
-	default:
-		components := strings.Split(source, "=")
-		return components[0], components[1], nil
-	}
-}

api/internal/generators/utils_test.go

@@ -1,51 +0,0 @@
-// Copyright 2020 The Kubernetes Authors.
-// SPDX-License-Identifier: Apache-2.0
-
-package generators_test
-
-import (
-	"testing"
-
-	"github.com/stretchr/testify/require"
-	. "sigs.k8s.io/kustomize/api/internal/generators"
-)
-
-func TestParseFileSource(t *testing.T) {
-	tests := map[string]*struct {
-		Input    string
-		Error    string
-		Key      string
-		Filename string
-	}{
-		"filename only": {
-			Input:    "./path/myfile",
-			Key:      "myfile",
-			Filename: "./path/myfile",
-		},
-		"key and filename": {
-			Input:    "newName.ini=oldName",
-			Key:      "newName.ini",
-			Filename: "oldName",
-		},
-		"multiple =": {
-			Input: "newName.ini==oldName",
-			Error: `source "newName.ini==oldName" key name or file path contains '='`,
-		},
-		"missing key": {
-			Input: "=myfile",
-			Error: `missing key name for file path "myfile" in source "=myfile"`,
-		},
-	}
-	for name, test := range tests {
-		t.Run(name, func(t *testing.T) {
-			key, file, err := ParseFileSource(test.Input)
-			if test.Error != "" {
-				require.EqualError(t, err, test.Error)
-			} else {
-				require.NoError(t, err)
-				require.Equal(t, test.Key, key)
-				require.Equal(t, test.Filename, file)
-			}
-		})
-	}
-}

api/internal/git/cloner.go

@@ -22,17 +22,15 @@ func ClonerUsingGitExec(repoSpec *RepoSpec) error {
 	if err = r.run("init"); err != nil {
 		return err
 	}
-	// git relative submodule need origin, see https://github.com/kubernetes-sigs/kustomize/issues/5131
-	if err = r.run("remote", "add", "origin", repoSpec.CloneSpec()); err != nil {
+	if err = r.run(
+		"remote", "add", "origin", repoSpec.CloneSpec()); err != nil {
 		return err
 	}
 	ref := "HEAD"
 	if repoSpec.Ref != "" {
 		ref = repoSpec.Ref
 	}
-	// we use repoSpec.CloneSpec() instead of origin because on error,
-	// the prior prints the actual repo url for the user.
-	if err = r.run("fetch", "--depth=1", repoSpec.CloneSpec(), ref); err != nil {
+	if err = r.run("fetch", "--depth=1", "origin", ref); err != nil {
 		return err
 	}
 	if err = r.run("checkout", "FETCH_HEAD"); err != nil {

api/internal/git/gitrunner.go

@@ -7,8 +7,8 @@ import (
 	"os/exec"
 	"time"
 
+	"github.com/pkg/errors"
 	"sigs.k8s.io/kustomize/api/internal/utils"
-	"sigs.k8s.io/kustomize/kyaml/errors"
 	"sigs.k8s.io/kustomize/kyaml/filesys"
 )
 
@@ -24,7 +24,7 @@ type gitRunner struct {
 func newCmdRunner(timeout time.Duration) (*gitRunner, error) {
 	gitProgram, err := exec.LookPath("git")
 	if err != nil {
-		return nil, errors.WrapPrefixf(err, "no 'git' program on path")
+		return nil, errors.Wrap(err, "no 'git' program on path")
 	}
 	dir, err := filesys.NewTmpConfirmedDir()
 	if err != nil {
@@ -46,9 +46,9 @@ func (r gitRunner) run(args ...string) error {
 		cmd.String(),
 		r.duration,
 		func() error {
-			out, err := cmd.CombinedOutput()
+			_, err := cmd.CombinedOutput()
 			if err != nil {
-				return errors.WrapPrefixf(err, "failed to run '%s': %s", cmd.String(), string(out))
+				return errors.Wrapf(err, "git cmd = '%s'", cmd.String())
 			}
 			return err
 		})

api/internal/git/repospec.go

@@ -5,15 +5,12 @@ package git
 
 import (
 	"fmt"
-	"log"
 	"net/url"
 	"path/filepath"
-	"regexp"
 	"strconv"
 	"strings"
 	"time"
 
-	"sigs.k8s.io/kustomize/kyaml/errors"
 	"sigs.k8s.io/kustomize/kyaml/filesys"
 )
 
@@ -30,23 +27,26 @@ type RepoSpec struct {
 	// TODO(monopole): Drop raw, use processed fields instead.
 	raw string
 
-	// Host, e.g. https://github.com/
+	// Host, e.g. github.com
 	Host string
 
-	// RepoPath name (Path to repository),
+	// orgRepo name (organization/repoName),
 	// e.g. kubernetes-sigs/kustomize
-	RepoPath string
+	OrgRepo string
 
-	// Dir is where the repository is cloned to.
+	// Dir where the orgRepo is cloned to.
 	Dir filesys.ConfirmedDir
 
 	// Relative path in the repository, and in the cloneDir,
 	// to a Kustomization.
-	KustRootPath string
+	Path string
 
 	// Branch or tag reference.
 	Ref string
 
+	// e.g. .git or empty in case of _git is present
+	GitSuffix string
+
 	// Submodules indicates whether or not to clone git submodules.
 	Submodules bool
 
@@ -56,7 +56,10 @@ type RepoSpec struct {
 
 // CloneSpec returns a string suitable for "git clone {spec}".
 func (x *RepoSpec) CloneSpec() string {
-	return x.Host + x.RepoPath
+	if isAzureHost(x.Host) || isAWSHost(x.Host) {
+		return x.Host + x.OrgRepo
+	}
+	return x.Host + x.OrgRepo + x.GitSuffix
 }
 
 func (x *RepoSpec) CloneDir() filesys.ConfirmedDir {
@@ -68,140 +71,81 @@ func (x *RepoSpec) Raw() string {
 }
 
 func (x *RepoSpec) AbsPath() string {
-	return x.Dir.Join(x.KustRootPath)
+	return x.Dir.Join(x.Path)
 }
 
 func (x *RepoSpec) Cleaner(fSys filesys.FileSystem) func() error {
 	return func() error { return fSys.RemoveAll(x.Dir.String()) }
 }
 
-const (
-	refQuery         = "?ref="
-	gitSuffix        = ".git"
-	gitRootDelimiter = "_git/"
-	pathSeparator    = "/" // do not use filepath.Separator, as this is a URL
-)
-
 // NewRepoSpecFromURL parses git-like urls.
 // From strings like git@github.com:someOrg/someRepo.git or
 // https://github.com/someOrg/someRepo?ref=someHash, extract
-// the different parts of URL, set into a RepoSpec object and return RepoSpec object.
-// It MUST return an error if the input is not a git-like URL, as this is used by some code paths
-// to distinguish between local and remote paths.
-//
-// In particular, NewRepoSpecFromURL separates the URL used to clone the repo from the
-// elements Kustomize uses for other purposes (e.g. query params that turn into args, and
-// the path to the kustomization root within the repo).
+// the parts.
 func NewRepoSpecFromURL(n string) (*RepoSpec, error) {
-	repoSpec := &RepoSpec{raw: n, Dir: notCloned, Timeout: defaultTimeout, Submodules: defaultSubmodules}
 	if filepath.IsAbs(n) {
 		return nil, fmt.Errorf("uri looks like abs path: %s", n)
 	}
-
-	// Parse the query first. This is safe because according to rfc3986 "?" is only allowed in the
-	// query and is not recognized %-encoded.
-	// Note that parseQuery returns default values for empty parameters.
-	n, query, _ := strings.Cut(n, "?")
-	repoSpec.Ref, repoSpec.Timeout, repoSpec.Submodules = parseQuery(query)
-
-	var err error
-
-	// Parse the host (e.g. scheme, username, domain) segment.
-	repoSpec.Host, n, err = extractHost(n)
-	if err != nil {
-		return nil, err
+	host, orgRepo, path, gitRef, gitSubmodules, suffix, gitTimeout := parseGitURL(n)
+	if orgRepo == "" {
+		return nil, fmt.Errorf("url lacks orgRepo: %s", n)
 	}
-
-	// In some cases, we're given a path to a git repo + a path to the kustomization root within
-	// that repo. We need to split them so that we can ultimately give the repo only to the cloner.
-	repoSpec.RepoPath, repoSpec.KustRootPath, err = parsePathParts(n, defaultRepoPathLength(repoSpec.Host))
-	if err != nil {
-		return nil, err
+	if host == "" {
+		return nil, fmt.Errorf("url lacks host: %s", n)
 	}
-
-	return repoSpec, nil
+	return &RepoSpec{
+		raw: n, Host: host, OrgRepo: orgRepo,
+		Dir: notCloned, Path: path, Ref: gitRef, GitSuffix: suffix,
+		Submodules: gitSubmodules, Timeout: gitTimeout}, nil
 }
 
-const allSegments = -999999
-const orgRepoSegments = 2
+const (
+	refQuery     = "?ref="
+	gitSuffix    = ".git"
+	gitDelimiter = "_git/"
+)
 
-func defaultRepoPathLength(host string) int {
-	if strings.HasPrefix(host, fileScheme) {
-		return allSegments
+// From strings like git@github.com:someOrg/someRepo.git or
+// https://github.com/someOrg/someRepo?ref=someHash, extract
+// the parts.
+func parseGitURL(n string) (
+	host string, orgRepo string, path string, gitRef string, gitSubmodules bool, gitSuff string, gitTimeout time.Duration) {
+	if strings.Contains(n, gitDelimiter) {
+		index := strings.Index(n, gitDelimiter)
+		// Adding _git/ to host
+		host = normalizeGitHostSpec(n[:index+len(gitDelimiter)])
+		orgRepo = strings.Split(strings.Split(n[index+len(gitDelimiter):], "/")[0], "?")[0]
+		path, gitRef, gitTimeout, gitSubmodules = peelQuery(n[index+len(gitDelimiter)+len(orgRepo):])
+		return
 	}
-	return orgRepoSegments
-}
-
-// parsePathParts splits the repo path that will ultimately be passed to git to clone the
-// repo from the kustomization root path, which Kustomize will execute the build in after the repo
-// is cloned.
-//
-// We first try to do this based on explicit markers in the URL (e.g. _git, .git or //).
-// If none are present, we try to apply a historical default repo path length that is derived from
-// Github URLs. If there aren't enough segments, we have historically considered the URL invalid.
-func parsePathParts(n string, defaultSegmentLength int) (string, string, error) {
-	repoPath, kustRootPath, success := tryExplicitMarkerSplit(n)
-	if !success {
-		repoPath, kustRootPath, success = tryDefaultLengthSplit(n, defaultSegmentLength)
+	host, n = parseHostSpec(n)
+	gitSuff = gitSuffix
+	if strings.Contains(n, gitSuffix) {
+		index := strings.Index(n, gitSuffix)
+		orgRepo = n[0:index]
+		n = n[index+len(gitSuffix):]
+		if len(n) > 0 && n[0] == '/' {
+			n = n[1:]
+		}
+		path, gitRef, gitTimeout, gitSubmodules = peelQuery(n)
+		return
 	}
 
-	// Validate the result
-	if !success || len(repoPath) == 0 {
-		return "", "", fmt.Errorf("failed to parse repo path segment")
+	i := strings.Index(n, "/")
+	if i < 1 {
+		path, gitRef, gitTimeout, gitSubmodules = peelQuery(n)
+		return
 	}
-	if kustRootPathExitsRepo(kustRootPath) {
-		return "", "", fmt.Errorf("url path exits repo: %s", n)
+	j := strings.Index(n[i+1:], "/")
+	if j >= 0 {
+		j += i + 1
+		orgRepo = n[:j]
+		path, gitRef, gitTimeout, gitSubmodules = peelQuery(n[j+1:])
+		return
 	}
-
-	return repoPath, strings.TrimPrefix(kustRootPath, pathSeparator), nil
-}
-
-func tryExplicitMarkerSplit(n string) (string, string, bool) {
-	// Look for the _git delimiter, which by convention is expected to be ONE directory above the repo root.
-	// If found, split on the NEXT path element, which is the repo root.
-	// Example: https://username@dev.azure.com/org/project/_git/repo/path/to/kustomization/root
-	if gitRootIdx := strings.Index(n, gitRootDelimiter); gitRootIdx >= 0 {
-		gitRootPath := n[:gitRootIdx+len(gitRootDelimiter)]
-		subpathSegments := strings.Split(n[gitRootIdx+len(gitRootDelimiter):], pathSeparator)
-		return gitRootPath + subpathSegments[0], strings.Join(subpathSegments[1:], pathSeparator), true
-
-		// Look for a double-slash in the path, which if present separates the repo root from the kust path.
-		// It is a convention, not a real path element, so do not preserve it in the returned value.
-		// Example: https://github.com/org/repo//path/to/kustomozation/root
-	} else if repoRootIdx := strings.Index(n, "//"); repoRootIdx >= 0 {
-		return n[:repoRootIdx], n[repoRootIdx+2:], true
-
-		// Look for .git in the path, which if present is part of the directory name of the git repo.
-		// This means we want to grab everything up to and including that suffix
-		// Example: https://github.com/org/repo.git/path/to/kustomozation/root
-	} else if gitSuffixIdx := strings.Index(n, gitSuffix); gitSuffixIdx >= 0 {
-		upToGitSuffix := n[:gitSuffixIdx+len(gitSuffix)]
-		afterGitSuffix := n[gitSuffixIdx+len(gitSuffix):]
-		return upToGitSuffix, afterGitSuffix, true
-	}
-	return "", "", false
-}
-
-func tryDefaultLengthSplit(n string, defaultSegmentLength int) (string, string, bool) {
-	// If the default is to take all segments, do so.
-	if defaultSegmentLength == allSegments {
-		return n, "", true
-
-		// If the default is N segments, make sure we have at least that many and take them if so.
-		// If we have less than N, we have historically considered the URL invalid.
-	} else if segments := strings.Split(n, pathSeparator); len(segments) >= defaultSegmentLength {
-		firstNSegments := strings.Join(segments[:defaultSegmentLength], pathSeparator)
-		rest := strings.Join(segments[defaultSegmentLength:], pathSeparator)
-		return firstNSegments, rest, true
-	}
-	return "", "", false
-}
-
-func kustRootPathExitsRepo(kustRootPath string) bool {
-	cleanedPath := filepath.Clean(strings.TrimPrefix(kustRootPath, string(filepath.Separator)))
-	pathElements := strings.Split(cleanedPath, string(filepath.Separator))
-	return len(pathElements) > 0 &&
-		pathElements[0] == filesys.ParentDir
+	path = ""
+	orgRepo, gitRef, gitTimeout, gitSubmodules = peelQuery(n)
+	return host, orgRepo, path, gitRef, gitSubmodules, gitSuff, gitTimeout
 }
 
 // Clone git submodules by default.
@@ -210,12 +154,14 @@ const defaultSubmodules = true
 // Arbitrary, but non-infinite, timeout for running commands.
 const defaultTimeout = 27 * time.Second
 
-func parseQuery(query string) (string, time.Duration, bool) {
-	values, err := url.ParseQuery(query)
-	// in event of parse failure, return defaults
+func peelQuery(arg string) (string, string, time.Duration, bool) {
+	// Parse the given arg into a URL. In the event of a parse failure, return
+	// our defaults.
+	parsed, err := url.Parse(arg)
 	if err != nil {
-		return "", defaultTimeout, defaultSubmodules
+		return arg, "", defaultTimeout, defaultSubmodules
 	}
+	values := parsed.Query()
 
 	// ref is the desired git ref to target. Can be specified by in a git URL
 	// with ?ref=<string> or ?version=<string>, although ref takes precedence.
@@ -246,142 +192,76 @@ func parseQuery(query string) (string, time.Duration, bool) {
 		}
 	}
 
-	return ref, duration, submodules
+	return parsed.Path, ref, duration, submodules
 }
 
-func extractHost(n string) (string, string, error) {
-	n = ignoreForcedGitProtocol(n)
-	scheme, n := extractScheme(n)
-	username, n := extractUsername(n)
-	stdGithub := isStandardGithubHost(n)
-	acceptSCP := acceptSCPStyle(scheme, username, stdGithub)
-
-	// Validate the username and scheme before attempting host/path parsing, because if the parsing
-	// so far has not succeeded, we will not be able to extract the host and path correctly.
-	if err := validateScheme(scheme, acceptSCP); err != nil {
-		return "", "", err
-	}
-
-	// Now that we have extracted a valid scheme+username, we can parse host itself.
-
-	// The file protocol specifies an absolute path to a local git repo.
-	// Everything after the scheme (including any 'username' we found) is actually part of that path.
-	if scheme == fileScheme {
-		return scheme, username + n, nil
-	}
-	var host, rest = n, ""
-	if sepIndex := findPathSeparator(n, acceptSCP); sepIndex >= 0 {
-		host, rest = n[:sepIndex+1], n[sepIndex+1:]
-	}
-
-	// Github URLs are strictly normalized in a way that may discard scheme and username components.
-	if stdGithub {
-		scheme, username, host = normalizeGithubHostParts(scheme, username)
-	}
-
-	// Host is required, so do not concat the scheme and username if we didn't find one.
-	if host == "" {
-		return "", "", errors.Errorf("failed to parse host segment")
-	}
-	return scheme + username + host, rest, nil
-}
-
-// ignoreForcedGitProtocol strips the "git::" prefix from URLs.
-// We used to use go-getter to handle our urls: https://github.com/hashicorp/go-getter.
-// The git:: prefix signaled go-getter to use the git protocol to fetch the url's contents.
-// We silently strip this prefix to allow these go-getter-style urls to continue to work,
-// although the git protocol (which is insecure and unsupported on many platforms, including Github)
-// will not actually be used as intended.
-func ignoreForcedGitProtocol(n string) string {
-	n, found := trimPrefixIgnoreCase(n, "git::")
-	if found {
-		log.Println("Warning: Forcing the git protocol using the 'git::' URL prefix is not supported. " +
-			"Kustomize currently strips this invalid prefix, but will stop doing so in a future release. " +
-			"Please remove the 'git::' prefix from your configuration.")
-	}
-	return n
-}
-
-// acceptSCPStyle returns true if the scheme and username indicate potential use of an SCP-style URL.
-// With this style, the scheme is not explicit and the path is delimited by a colon.
-// Strictly speaking the username is optional in SCP-like syntax, but Kustomize has always
-// required it for non-Github URLs.
-// Example: user@host.xz:path/to/repo.git/
-func acceptSCPStyle(scheme, username string, isGithubURL bool) bool {
-	return scheme == "" && (username != "" || isGithubURL)
-}
-
-func validateScheme(scheme string, acceptSCPStyle bool) error {
-	// see https://git-scm.com/docs/git-fetch#_git_urls for info relevant to these validations
-	switch scheme {
-	case "":
-		// Empty scheme is only ok if it's a Github URL or if it looks like SCP-style syntax
-		if !acceptSCPStyle {
-			return fmt.Errorf("failed to parse scheme")
-		}
-	case sshScheme, fileScheme, httpsScheme, httpScheme:
-		// These are all supported schemes
-	default:
-		// At time of writing, we should never end up here because we do not parse out
-		// unsupported schemes to begin with.
-		return fmt.Errorf("unsupported scheme %q", scheme)
-	}
-	return nil
-}
-
-const fileScheme = "file://"
-const httpScheme = "http://"
-const httpsScheme = "https://"
-const sshScheme = "ssh://"
-
-func extractScheme(s string) (string, string) {
-	for _, prefix := range []string{sshScheme, httpsScheme, httpScheme, fileScheme} {
-		if rest, found := trimPrefixIgnoreCase(s, prefix); found {
-			return prefix, rest
+func parseHostSpec(n string) (string, string) {
+	var host string
+	// Start accumulating the host part.
+	for _, p := range []string{
+		// Order matters here.
+		"git::", "gh:", "ssh://", "https://", "http://",
+		"git@", "github.com:", "github.com/"} {
+		if len(p) < len(n) && strings.ToLower(n[:len(p)]) == p {
+			n = n[len(p):]
+			host += p
 		}
 	}
-	return "", s
-}
-
-func extractUsername(s string) (string, string) {
-	var userRegexp = regexp.MustCompile(`^([a-zA-Z][a-zA-Z0-9-]*)@`)
-	if m := userRegexp.FindStringSubmatch(s); m != nil {
-		username := m[1] + "@"
-		return username, s[len(username):]
+	if host == "git@" {
+		i := strings.Index(n, "/")
+		if i > -1 {
+			host += n[:i+1]
+			n = n[i+1:]
+		} else {
+			i = strings.Index(n, ":")
+			if i > -1 {
+				host += n[:i+1]
+				n = n[i+1:]
+			}
+		}
+		return host, n
 	}
-	return "", s
-}
 
-func isStandardGithubHost(s string) bool {
-	lowerCased := strings.ToLower(s)
-	return strings.HasPrefix(lowerCased, "github.com/") ||
-		strings.HasPrefix(lowerCased, "github.com:")
-}
-
-// trimPrefixIgnoreCase returns the rest of s and true if prefix, ignoring case, prefixes s.
-// Otherwise, trimPrefixIgnoreCase returns s and false.
-func trimPrefixIgnoreCase(s, prefix string) (string, bool) {
-	if len(prefix) <= len(s) && strings.ToLower(s[:len(prefix)]) == prefix {
-		return s[len(prefix):], true
-	}
-	return s, false
-}
-
-func findPathSeparator(hostPath string, acceptSCP bool) int {
-	sepIndex := strings.Index(hostPath, pathSeparator)
-	if acceptSCP {
-		colonIndex := strings.Index(hostPath, ":")
-		// The colon acts as a delimiter in scp-style ssh URLs only if not prefixed by '/'.
-		if sepIndex == -1 || (colonIndex > 0 && colonIndex < sepIndex) {
-			sepIndex = colonIndex
+	// If host is a http(s) or ssh URL, grab the domain part.
+	for _, p := range []string{
+		"ssh://", "https://", "http://"} {
+		if strings.HasSuffix(host, p) {
+			i := strings.Index(n, "/")
+			if i > -1 {
+				host += n[0 : i+1]
+				n = n[i+1:]
+			}
+			break
 		}
 	}
-	return sepIndex
+
+	return normalizeGitHostSpec(host), n
 }
 
-func normalizeGithubHostParts(scheme, username string) (string, string, string) {
-	if strings.HasPrefix(scheme, sshScheme) || username != "" {
-		return "", username, "github.com:"
+func normalizeGitHostSpec(host string) string {
+	s := strings.ToLower(host)
+	if strings.Contains(s, "github.com") {
+		if strings.Contains(s, "git@") || strings.Contains(s, "ssh:") {
+			host = "git@github.com:"
+		} else {
+			host = "https://github.com/"
+		}
 	}
-	return httpsScheme, "", "github.com/"
+	if strings.HasPrefix(s, "git::") {
+		host = strings.TrimPrefix(s, "git::")
+	}
+	return host
+}
+
+// The format of Azure repo URL is documented
+// https://docs.microsoft.com/en-us/azure/devops/repos/git/clone?view=vsts&tabs=visual-studio#clone_url
+func isAzureHost(host string) bool {
+	return strings.Contains(host, "dev.azure.com") ||
+		strings.Contains(host, "visualstudio.com")
+}
+
+// The format of AWS repo URL is documented
+// https://docs.aws.amazon.com/codecommit/latest/userguide/regions.html
+func isAWSHost(host string) bool {
+	return strings.Contains(host, "amazonaws.com")
 }

api/internal/konfig/builtinpluginconsts/metadatalabels.go

@@ -1,46 +0,0 @@
-// Copyright 2019 The Kubernetes Authors.
-// SPDX-License-Identifier: Apache-2.0
-
-package builtinpluginconsts
-
-const metadataLabelsFieldSpecs = `
-- path: metadata/labels
-  create: true
-
-- path: spec/template/metadata/labels
-  create: true
-  version: v1
-  kind: ReplicationController
-
-- path: spec/template/metadata/labels
-  create: true
-  kind: Deployment
-
-- path: spec/template/metadata/labels
-  create: true
-  kind: ReplicaSet
-
-- path: spec/template/metadata/labels
-  create: true
-  kind: DaemonSet
-
-- path: spec/template/metadata/labels
-  create: true
-  group: apps
-  kind: StatefulSet
-
-- path: spec/template/metadata/labels
-  create: true
-  group: batch
-  kind: Job
-
-- path: spec/jobTemplate/metadata/labels
-  create: true
-  group: batch
-  kind: CronJob
-
-- path: spec/jobTemplate/spec/template/metadata/labels
-  create: true
-  group: batch
-  kind: CronJob
-`

api/internal/konfig/builtinpluginconsts/templatelabels.go

@@ -1,8 +0,0 @@
-// Copyright 2019 The Kubernetes Authors.
-// SPDX-License-Identifier: Apache-2.0
-
-package builtinpluginconsts
-
-const templateLabelFieldSpecs = `
-templateLabels:
-` + metadataLabelsFieldSpecs

api/internal/konfig/builtinpluginconsts/volumeclaimmetadatalabels.go

@@ -1,15 +0,0 @@
-// Copyright 2019 The Kubernetes Authors.
-// SPDX-License-Identifier: Apache-2.0
-
-package builtinpluginconsts
-
-const volumeClaimTemplateLabelFieldSpecs = `
-volumeClaimTemplateLabels:
-` + volumeClaimTemplatesMetadataLabels
-
-const volumeClaimTemplatesMetadataLabels = `
-- path: spec/volumeClaimTemplates[]/metadata/labels
-  create: true
-  group: apps
-  kind: StatefulSet
-`

api/internal/localizer/builtinplugins.go

@@ -1,152 +0,0 @@
-// Copyright 2022 The Kubernetes Authors.
-// SPDX-License-Identifier: Apache-2.0
-
-package localizer
-
-import (
-	"sigs.k8s.io/kustomize/api/filters/fieldspec"
-	"sigs.k8s.io/kustomize/api/filters/filtersutil"
-	"sigs.k8s.io/kustomize/api/filters/fsslice"
-	"sigs.k8s.io/kustomize/api/internal/plugins/builtinhelpers"
-	"sigs.k8s.io/kustomize/api/konfig"
-	"sigs.k8s.io/kustomize/api/types"
-	"sigs.k8s.io/kustomize/kyaml/errors"
-	"sigs.k8s.io/kustomize/kyaml/kio"
-	"sigs.k8s.io/kustomize/kyaml/resid"
-	"sigs.k8s.io/kustomize/kyaml/yaml"
-)
-
-// localizeBuiltinPlugins localizes built-in plugins with file paths.
-// Note that this excludes helm, which needs a repo.
-type localizeBuiltinPlugins struct {
-	lc *localizer
-
-	// locPathFn is used by localizeNode to set the localized path on the plugin.
-	locPathFn func(string) (string, error)
-}
-
-var _ kio.Filter = &localizeBuiltinPlugins{}
-
-// Filter localizes the built-in plugins with file paths.
-func (lbp *localizeBuiltinPlugins) Filter(plugins []*yaml.RNode) ([]*yaml.RNode, error) {
-	for _, singlePlugin := range plugins {
-		err := singlePlugin.PipeE(fsslice.Filter{
-			FsSlice: types.FsSlice{
-				types.FieldSpec{
-					Gvk:  resid.Gvk{Version: konfig.BuiltinPluginApiVersion, Kind: builtinhelpers.ConfigMapGenerator.String()},
-					Path: "env",
-				},
-				types.FieldSpec{
-					Gvk:  resid.Gvk{Version: konfig.BuiltinPluginApiVersion, Kind: builtinhelpers.ConfigMapGenerator.String()},
-					Path: "envs",
-				},
-				types.FieldSpec{
-					Gvk:  resid.Gvk{Version: konfig.BuiltinPluginApiVersion, Kind: builtinhelpers.SecretGenerator.String()},
-					Path: "env",
-				},
-				types.FieldSpec{
-					Gvk:  resid.Gvk{Version: konfig.BuiltinPluginApiVersion, Kind: builtinhelpers.SecretGenerator.String()},
-					Path: "envs",
-				},
-				types.FieldSpec{
-					Gvk:  resid.Gvk{Version: konfig.BuiltinPluginApiVersion, Kind: builtinhelpers.HelmChartInflationGenerator.String()},
-					Path: "valuesFile",
-				},
-				types.FieldSpec{
-					Gvk:  resid.Gvk{Version: konfig.BuiltinPluginApiVersion, Kind: builtinhelpers.HelmChartInflationGenerator.String()},
-					Path: "additionalValuesFiles",
-				},
-				types.FieldSpec{
-					Gvk:  resid.Gvk{Version: konfig.BuiltinPluginApiVersion, Kind: builtinhelpers.PatchTransformer.String()},
-					Path: "path",
-				},
-				types.FieldSpec{
-					Gvk:  resid.Gvk{Version: konfig.BuiltinPluginApiVersion, Kind: builtinhelpers.PatchJson6902Transformer.String()},
-					Path: "path",
-				},
-				types.FieldSpec{
-					Gvk:  resid.Gvk{Version: konfig.BuiltinPluginApiVersion, Kind: builtinhelpers.ReplacementTransformer.String()},
-					Path: "replacements/path",
-				},
-			},
-			SetValue: func(node *yaml.RNode) error {
-				lbp.locPathFn = lbp.lc.localizeFile
-				return lbp.localizeAll(node)
-			},
-		},
-			fsslice.Filter{
-				FsSlice: types.FsSlice{
-					types.FieldSpec{
-						Gvk:  resid.Gvk{Version: konfig.BuiltinPluginApiVersion, Kind: builtinhelpers.ConfigMapGenerator.String()},
-						Path: "files",
-					},
-					types.FieldSpec{
-						Gvk:  resid.Gvk{Version: konfig.BuiltinPluginApiVersion, Kind: builtinhelpers.SecretGenerator.String()},
-						Path: "files",
-					},
-				},
-				SetValue: func(node *yaml.RNode) error {
-					lbp.locPathFn = lbp.lc.localizeFileSource
-					return lbp.localizeAll(node)
-				},
-			},
-			yaml.FilterFunc(func(node *yaml.RNode) (*yaml.RNode, error) {
-				isHelm := node.GetApiVersion() == konfig.BuiltinPluginApiVersion &&
-					node.GetKind() == builtinhelpers.HelmChartInflationGenerator.String()
-				if !isHelm {
-					return node, nil
-				}
-				home, err := node.Pipe(yaml.Lookup("chartHome"))
-				if err != nil {
-					return nil, errors.Wrap(err)
-				}
-				if home == nil {
-					_, err = lbp.lc.copyChartHomeEntry("")
-				} else {
-					lbp.locPathFn = lbp.lc.copyChartHomeEntry
-					err = lbp.localizeScalar(home)
-				}
-				return node, errors.WrapPrefixf(err, "plugin %s", resid.FromRNode(node))
-			}),
-			fieldspec.Filter{
-				FieldSpec: types.FieldSpec{
-					Gvk:  resid.Gvk{Version: konfig.BuiltinPluginApiVersion, Kind: builtinhelpers.PatchStrategicMergeTransformer.String()},
-					Path: "paths",
-				},
-				SetValue: func(node *yaml.RNode) error {
-					lbp.locPathFn = lbp.lc.localizeK8sResource
-					return lbp.localizeAll(node)
-				},
-			})
-		if err != nil {
-			return nil, errors.Wrap(err)
-		}
-	}
-	return plugins, nil
-}
-
-// localizeAll sets each entry in node to its value localized by locPathFn.
-// Node is a sequence or scalar value.
-func (lbp *localizeBuiltinPlugins) localizeAll(node *yaml.RNode) error {
-	// We rely on the build command to throw errors for nodes in
-	// built-in plugins that are sequences when expected to be scalar,
-	// and vice versa.
-	//nolint: exhaustive
-	switch node.YNode().Kind {
-	case yaml.SequenceNode:
-		return errors.Wrap(node.VisitElements(lbp.localizeScalar))
-	case yaml.ScalarNode:
-		return lbp.localizeScalar(node)
-	default:
-		return errors.Errorf("expected sequence or scalar node")
-	}
-}
-
-// localizeScalar sets the scalar node to its value localized by locPathFn.
-func (lbp *localizeBuiltinPlugins) localizeScalar(node *yaml.RNode) error {
-	localizedPath, err := lbp.locPathFn(node.YNode().Value)
-	if err != nil {
-		return err
-	}
-	return filtersutil.SetScalar(localizedPath)(node)
-}

api/internal/localizer/doc.go

@@ -1,7 +0,0 @@
-// Copyright 2022 The Kubernetes Authors.
-// SPDX-License-Identifier: Apache-2.0
-
-// Package localizer contains utilities for the command kustomize localize, which is
-// documented under proposals/localize-command or at
-// https://github.com/kubernetes-sigs/kustomize/blob/master/proposals/22-04-localize-command.md
-package localizer

api/internal/localizer/errors.go

@@ -1,27 +0,0 @@
-// Copyright 2022 The Kubernetes Authors.
-// SPDX-License-Identifier: Apache-2.0
-
-package localizer
-
-import "fmt"
-
-type ResourceLoadError struct {
-	InlineError error
-	FileError   error
-}
-
-func (rle ResourceLoadError) Error() string {
-	return fmt.Sprintf(`when parsing as inline received error: %s
-when parsing as filepath received error: %s`, rle.InlineError, rle.FileError)
-}
-
-type PathLocalizeError struct {
-	Path      string
-	FileError error
-	RootError error
-}
-
-func (ple PathLocalizeError) Error() string {
-	return fmt.Sprintf(`could not localize path %q as file: %s; could not localize path %q as directory: %s`,
-		ple.Path, ple.FileError, ple.Path, ple.RootError)
-}

api/internal/localizer/localizer.go

@@ -1,613 +0,0 @@
-// Copyright 2022 The Kubernetes Authors.
-// SPDX-License-Identifier: Apache-2.0
-
-package localizer
-
-import (
-	"io/fs"
-	"log"
-	"os"
-	"path/filepath"
-
-	"sigs.k8s.io/kustomize/api/ifc"
-	"sigs.k8s.io/kustomize/api/internal/generators"
-	"sigs.k8s.io/kustomize/api/internal/loader"
-	"sigs.k8s.io/kustomize/api/internal/target"
-	"sigs.k8s.io/kustomize/api/provider"
-	"sigs.k8s.io/kustomize/api/resmap"
-	"sigs.k8s.io/kustomize/api/types"
-	"sigs.k8s.io/kustomize/kyaml/errors"
-	"sigs.k8s.io/kustomize/kyaml/filesys"
-	"sigs.k8s.io/yaml"
-)
-
-// localizer encapsulates all state needed to localize the root at ldr.
-type localizer struct {
-	fSys filesys.FileSystem
-
-	// underlying type is Loader
-	ldr ifc.Loader
-
-	// root is at ldr.Root()
-	root filesys.ConfirmedDir
-
-	rFactory *resmap.Factory
-
-	// destination directory in newDir that mirrors root
-	dst string
-}
-
-// Run attempts to localize the kustomization root at target with the given localize arguments
-// and returns the path to the created newDir.
-func Run(target, scope, newDir string, fSys filesys.FileSystem) (string, error) {
-	ldr, args, err := NewLoader(target, scope, newDir, fSys)
-	if err != nil {
-		return "", errors.Wrap(err)
-	}
-	defer func() { _ = ldr.Cleanup() }()
-
-	toDst, err := filepath.Rel(args.Scope.String(), args.Target.String())
-	if err != nil {
-		log.Panicf("cannot find path from %q to child directory %q: %s", args.Scope, args.Target, err)
-	}
-	dst := args.NewDir.Join(toDst)
-	if err = fSys.MkdirAll(dst); err != nil {
-		return "", errors.WrapPrefixf(err, "unable to create directory in localize destination")
-	}
-
-	err = (&localizer{
-		fSys:     fSys,
-		ldr:      ldr,
-		root:     args.Target,
-		rFactory: resmap.NewFactory(provider.NewDepProvider().GetResourceFactory()),
-		dst:      dst,
-	}).localize()
-	if err != nil {
-		errCleanup := fSys.RemoveAll(args.NewDir.String())
-		if errCleanup != nil {
-			log.Printf("unable to clean localize destination: %s", errCleanup)
-		}
-		return "", errors.WrapPrefixf(err, "unable to localize target %q", target)
-	}
-	return args.NewDir.String(), nil
-}
-
-// localize localizes the root that lc is at
-func (lc *localizer) localize() error {
-	kustomization, kustFileName, err := lc.load()
-	if err != nil {
-		return err
-	}
-	err = lc.localizeNativeFields(kustomization)
-	if err != nil {
-		return err
-	}
-	err = lc.localizeBuiltinPlugins(kustomization)
-	if err != nil {
-		return err
-	}
-
-	content, err := yaml.Marshal(kustomization)
-	if err != nil {
-		return errors.WrapPrefixf(err, "unable to serialize localized kustomization file")
-	}
-	if err = lc.fSys.WriteFile(filepath.Join(lc.dst, kustFileName), content); err != nil {
-		return errors.WrapPrefixf(err, "unable to write localized kustomization file")
-	}
-	return nil
-}
-
-// load returns the kustomization at lc.root and the file name under which it was found
-func (lc *localizer) load() (*types.Kustomization, string, error) {
-	content, kustFileName, err := target.LoadKustFile(lc.ldr)
-	if err != nil {
-		return nil, "", errors.Wrap(err)
-	}
-
-	var kust types.Kustomization
-	err = (&kust).Unmarshal(content)
-	if err != nil {
-		return nil, "", errors.Wrap(err)
-	}
-
-	// Localize intentionally does not replace legacy fields to return a localized kustomization
-	// with as much resemblance to the original as possible.
-	// Localize also intentionally does not enforce fields, as localize does not wish to unnecessarily
-	// repeat the responsibilities of kustomize build.
-
-	return &kust, kustFileName, nil
-}
-
-// localizeNativeFields localizes paths on kustomize-native fields, like configMapGenerator, that kustomize has a
-// built-in understanding of. This excludes helm-related fields, such as `helmGlobals` and `helmCharts`.
-func (lc *localizer) localizeNativeFields(kust *types.Kustomization) error {
-	if path, exists := kust.OpenAPI["path"]; exists {
-		locPath, err := lc.localizeFile(path)
-		if err != nil {
-			return errors.WrapPrefixf(err, "unable to localize openapi path")
-		}
-		kust.OpenAPI["path"] = locPath
-	}
-
-	for fieldName, field := range map[string]struct {
-		paths []string
-		locFn func(string) (string, error)
-	}{
-		"bases": {
-			// Allow use of deprecated field
-			//nolint:staticcheck
-			kust.Bases,
-			lc.localizeRoot,
-		},
-		"components": {
-			kust.Components,
-			lc.localizeRoot,
-		},
-		"configurations": {
-			kust.Configurations,
-			lc.localizeFile,
-		},
-		"crds": {
-			kust.Crds,
-			lc.localizeFile,
-		},
-		"resources": {
-			kust.Resources,
-			lc.localizeResource,
-		},
-	} {
-		for i, path := range field.paths {
-			locPath, err := field.locFn(path)
-			if err != nil {
-				return errors.WrapPrefixf(err, "unable to localize %s entry", fieldName)
-			}
-			field.paths[i] = locPath
-		}
-	}
-
-	for i := range kust.ConfigMapGenerator {
-		if err := lc.localizeGenerator(&kust.ConfigMapGenerator[i].GeneratorArgs); err != nil {
-			return errors.WrapPrefixf(err, "unable to localize configMapGenerator")
-		}
-	}
-	for i := range kust.SecretGenerator {
-		if err := lc.localizeGenerator(&kust.SecretGenerator[i].GeneratorArgs); err != nil {
-			return errors.WrapPrefixf(err, "unable to localize secretGenerator")
-		}
-	}
-	if err := lc.localizeHelmInflationGenerator(kust); err != nil {
-		return err
-	}
-	if err := lc.localizeHelmCharts(kust); err != nil {
-		return err
-	}
-	if err := lc.localizePatches(kust.Patches); err != nil {
-		return errors.WrapPrefixf(err, "unable to localize patches")
-	}
-	//nolint:staticcheck
-	if err := lc.localizePatches(kust.PatchesJson6902); err != nil {
-		return errors.WrapPrefixf(err, "unable to localize patchesJson6902")
-	}
-	//nolint:staticcheck
-	for i, patch := range kust.PatchesStrategicMerge {
-		locPath, err := lc.localizeK8sResource(string(patch))
-		if err != nil {
-			return errors.WrapPrefixf(err, "unable to localize patchesStrategicMerge entry")
-		}
-		kust.PatchesStrategicMerge[i] = types.PatchStrategicMerge(locPath)
-	}
-	for i, replacement := range kust.Replacements {
-		locPath, err := lc.localizeFile(replacement.Path)
-		if err != nil {
-			return errors.WrapPrefixf(err, "unable to localize replacements entry")
-		}
-		kust.Replacements[i].Path = locPath
-	}
-	return nil
-}
-
-// localizeGenerator localizes the file paths on generator.
-func (lc *localizer) localizeGenerator(generator *types.GeneratorArgs) error {
-	locEnvSrc, err := lc.localizeFile(generator.EnvSource)
-	if err != nil {
-		return errors.WrapPrefixf(err, "unable to localize generator env file")
-	}
-	locEnvs := make([]string, len(generator.EnvSources))
-	for i, env := range generator.EnvSources {
-		locEnvs[i], err = lc.localizeFile(env)
-		if err != nil {
-			return errors.WrapPrefixf(err, "unable to localize generator envs file")
-		}
-	}
-	locFiles := make([]string, len(generator.FileSources))
-	for i, file := range generator.FileSources {
-		locFiles[i], err = lc.localizeFileSource(file)
-		if err != nil {
-			return err
-		}
-	}
-	generator.EnvSource = locEnvSrc
-	generator.EnvSources = locEnvs
-	generator.FileSources = locFiles
-	return nil
-}
-
-// localizeFileSource returns the localized file source found in configMap and
-// secretGenerators.
-func (lc *localizer) localizeFileSource(source string) (string, error) {
-	key, file, err := generators.ParseFileSource(source)
-	if err != nil {
-		return "", errors.Wrap(err)
-	}
-	locFile, err := lc.localizeFile(file)
-	if err != nil {
-		return "", errors.WrapPrefixf(err, "invalid file source %q", source)
-	}
-	var locSource string
-	if source == file {
-		locSource = locFile
-	} else {
-		locSource = key + "=" + locFile
-	}
-	return locSource, nil
-}
-
-// localizeHelmInflationGenerator localizes helmChartInflationGenerator on kust.
-// localizeHelmInflationGenerator localizes values files and copies local chart homes.
-func (lc *localizer) localizeHelmInflationGenerator(kust *types.Kustomization) error {
-	for i, chart := range kust.HelmChartInflationGenerator {
-		locFile, err := lc.localizeFile(chart.Values)
-		if err != nil {
-			return errors.WrapPrefixf(err, "unable to localize helmChartInflationGenerator entry %d values", i)
-		}
-		kust.HelmChartInflationGenerator[i].Values = locFile
-
-		locDir, err := lc.copyChartHomeEntry(chart.ChartHome)
-		if err != nil {
-			return errors.WrapPrefixf(err, "unable to copy helmChartInflationGenerator entry %d", i)
-		}
-		kust.HelmChartInflationGenerator[i].ChartHome = locDir
-	}
-	return nil
-}
-
-// localizeHelmCharts localizes helmCharts and helmGlobals on kust.
-// localizeHelmCharts localizes values files and copies a local chart home.
-func (lc *localizer) localizeHelmCharts(kust *types.Kustomization) error {
-	for i, chart := range kust.HelmCharts {
-		locFile, err := lc.localizeFile(chart.ValuesFile)
-		if err != nil {
-			return errors.WrapPrefixf(err, "unable to localize helmCharts entry %d valuesFile", i)
-		}
-		kust.HelmCharts[i].ValuesFile = locFile
-
-		for j, valuesFile := range chart.AdditionalValuesFiles {
-			locFile, err = lc.localizeFile(valuesFile)
-			if err != nil {
-				return errors.WrapPrefixf(err, "unable to localize helmCharts entry %d additionalValuesFiles", i)
-			}
-			kust.HelmCharts[i].AdditionalValuesFiles[j] = locFile
-		}
-	}
-	if kust.HelmGlobals != nil {
-		locDir, err := lc.copyChartHomeEntry(kust.HelmGlobals.ChartHome)
-		if err != nil {
-			return errors.WrapPrefixf(err, "unable to copy helmGlobals")
-		}
-		kust.HelmGlobals.ChartHome = locDir
-	} else if len(kust.HelmCharts) > 0 {
-		_, err := lc.copyChartHomeEntry("")
-		if err != nil {
-			return errors.WrapPrefixf(err, "unable to copy default chart home")
-		}
-	}
-	return nil
-}
-
-// localizePatches localizes the file paths on patches if they are non-empty
-func (lc *localizer) localizePatches(patches []types.Patch) error {
-	for i := range patches {
-		locPath, err := lc.localizeFile(patches[i].Path)
-		if err != nil {
-			return err
-		}
-		patches[i].Path = locPath
-	}
-	return nil
-}
-
-// localizeResource localizes resource path, a file or root, and returns the
-// localized path
-func (lc *localizer) localizeResource(path string) (string, error) {
-	var locPath string
-
-	content, fileErr := lc.ldr.Load(path)
-	// The following check catches the case where path is a repo root.
-	// Load on a repo will successfully return its README in HTML.
-	// Because HTML does not follow resource formatting, we then correctly try
-	// to localize path as a root.
-	if fileErr == nil {
-		_, resErr := lc.rFactory.NewResMapFromBytes(content)
-		if resErr != nil {
-			fileErr = errors.WrapPrefixf(resErr, "invalid resource at file %q", path)
-		} else {
-			locPath, fileErr = lc.localizeFileWithContent(path, content)
-		}
-	}
-	if fileErr != nil {
-		var rootErr error
-		locPath, rootErr = lc.localizeRoot(path)
-		if rootErr != nil {
-			err := PathLocalizeError{
-				Path:      path,
-				FileError: fileErr,
-				RootError: rootErr,
-			}
-			return "", err
-		}
-	}
-	return locPath, nil
-}
-
-// localizeFile localizes file path if set and returns the localized path
-func (lc *localizer) localizeFile(path string) (string, error) {
-	// Some localizable fields can be empty, for example, replacements.path.
-	// We rely on the build command to throw errors for the ones that cannot.
-	if path == "" {
-		return "", nil
-	}
-	content, err := lc.ldr.Load(path)
-	if err != nil {
-		return "", errors.Wrap(err)
-	}
-	return lc.localizeFileWithContent(path, content)
-}
-
-// localizeFileWithContent writes content to the localized file path and returns the localized path.
-func (lc *localizer) localizeFileWithContent(path string, content []byte) (string, error) {
-	var locPath string
-	if loader.IsRemoteFile(path) {
-		if lc.fSys.Exists(lc.root.Join(LocalizeDir)) {
-			return "", errors.Errorf("%s already contains %s needed to store file %q", lc.root, LocalizeDir, path)
-		}
-		locPath = locFilePath(path)
-	} else {
-		// ldr has checked that path must be relative; this is subject to change in beta.
-
-		// We must clean path to:
-		// 1. avoid symlinks. A `kustomize build` run will fail if we write files to
-		//    symlink paths outside the current root, given that we don't want to recreate
-		//    the symlinks. Even worse, we could be writing files outside the localize destination.
-		// 2. avoid paths that temporarily traverse outside the current root,
-		//    i.e. ../../../scope/target/current-root. The localized file will be surrounded by
-		//    different directories than its source, and so an uncleaned path may no longer be valid.
-		locPath = cleanedRelativePath(lc.fSys, lc.root, path)
-	}
-	absPath := filepath.Join(lc.dst, locPath)
-	if err := lc.fSys.MkdirAll(filepath.Dir(absPath)); err != nil {
-		return "", errors.WrapPrefixf(err, "unable to create directories to localize file %q", path)
-	}
-	if err := lc.fSys.WriteFile(absPath, content); err != nil {
-		return "", errors.WrapPrefixf(err, "unable to localize file %q", path)
-	}
-	return locPath, nil
-}
-
-// localizeRoot localizes root path if set and returns the localized path
-func (lc *localizer) localizeRoot(path string) (string, error) {
-	if path == "" {
-		return "", nil
-	}
-	ldr, err := lc.ldr.New(path)
-	if err != nil {
-		return "", errors.Wrap(err)
-	}
-	defer func() { _ = ldr.Cleanup() }()
-
-	root, err := filesys.ConfirmDir(lc.fSys, ldr.Root())
-	if err != nil {
-		log.Panicf("unable to establish validated root reference %q: %s", path, err)
-	}
-	var locPath string
-	if repo := ldr.Repo(); repo != "" {
-		if lc.fSys.Exists(lc.root.Join(LocalizeDir)) {
-			return "", errors.Errorf("%s already contains %s needed to store root %q", lc.root, LocalizeDir, path)
-		}
-		locPath, err = locRootPath(path, repo, root, lc.fSys)
-		if err != nil {
-			return "", err
-		}
-	} else {
-		locPath, err = filepath.Rel(lc.root.String(), root.String())
-		if err != nil {
-			log.Panicf("cannot find relative path between scoped localize roots %q and %q: %s", lc.root, root, err)
-		}
-	}
-	newDst := filepath.Join(lc.dst, locPath)
-	if err = lc.fSys.MkdirAll(newDst); err != nil {
-		return "", errors.WrapPrefixf(err, "unable to create root %q in localize destination", path)
-	}
-	err = (&localizer{
-		fSys:     lc.fSys,
-		ldr:      ldr,
-		root:     root,
-		rFactory: lc.rFactory,
-		dst:      newDst,
-	}).localize()
-	if err != nil {
-		return "", errors.WrapPrefixf(err, "unable to localize root %q", path)
-	}
-	return locPath, nil
-}
-
-// copyChartHomeEntry copies the helm chart home entry to lc dst
-// at the same location relative to the root and returns said relative path.
-// If entry is empty, copyChartHomeEntry returns the empty string.
-// If entry does not exist, copyChartHome returns entry.
-//
-// copyChartHomeEntry copies the default home to the same location at dst,
-// without following symlinks. An empty entry also indicates the default home.
-func (lc *localizer) copyChartHomeEntry(entry string) (string, error) {
-	path := entry
-	if entry == "" {
-		path = types.HelmDefaultHome
-	}
-	if filepath.IsAbs(path) {
-		return "", errors.Errorf("absolute path %q not handled in alpha", path)
-	}
-	isDefault := lc.root.Join(path) == lc.root.Join(types.HelmDefaultHome)
-	locPath, err := lc.copyChartHome(path, !isDefault)
-	if err != nil {
-		return "", errors.WrapPrefixf(err, "unable to copy home %q", entry)
-	}
-	if entry == "" {
-		return "", nil
-	}
-	return locPath, nil
-}
-
-// copyChartHome copies path relative to lc root to dst and returns the
-// copied location relative to dst. If clean is true, copyChartHome uses path's
-// delinked location as the copy destination.
-//
-// If path does not exist, copyChartHome returns path.
-func (lc *localizer) copyChartHome(path string, clean bool) (string, error) {
-	path, err := filepath.Rel(lc.root.String(), lc.root.Join(path))
-	if err != nil {
-		return "", errors.WrapPrefixf(err, "no path to chart home %q", path)
-	}
-	// Chart home may serve as untar destination.
-	// Note that we don't check if path is in scope.
-	if !lc.fSys.Exists(lc.root.Join(path)) {
-		return path, nil
-	}
-	// Perform localize directory checks.
-	ldr, err := lc.ldr.New(path)
-	if err != nil {
-		return "", errors.WrapPrefixf(err, "invalid chart home")
-	}
-	cleaned, err := filesys.ConfirmDir(lc.fSys, ldr.Root())
-	if err != nil {
-		log.Panicf("unable to confirm validated directory %q: %s", ldr.Root(), err)
-	}
-	toDst := path
-	if clean {
-		toDst, err = filepath.Rel(lc.root.String(), cleaned.String())
-		if err != nil {
-			log.Panicf("no path between scoped directories %q and %q: %s", lc.root, cleaned, err)
-		}
-	}
-	// Note this check does not guarantee that we copied the entire directory.
-	if dst := filepath.Join(lc.dst, toDst); !lc.fSys.Exists(dst) {
-		err = lc.copyDir(cleaned, filepath.Join(lc.dst, toDst))
-		if err != nil {
-			return "", errors.WrapPrefixf(err, "unable to copy chart home %q", path)
-		}
-	}
-	return toDst, nil
-}
-
-// copyDir copies src to dst. copyDir does not follow symlinks.
-func (lc *localizer) copyDir(src filesys.ConfirmedDir, dst string) error {
-	err := lc.fSys.Walk(src.String(),
-		func(path string, info fs.FileInfo, err error) error {
-			if err != nil {
-				return err
-			}
-			pathToCreate, err := filepath.Rel(src.String(), path)
-			if err != nil {
-				log.Panicf("no path from %q to child file %q: %s", src, path, err)
-			}
-			pathInDst := filepath.Join(dst, pathToCreate)
-			if info.Mode()&os.ModeSymlink == os.ModeSymlink {
-				return nil
-			}
-			if info.IsDir() {
-				err = lc.fSys.MkdirAll(pathInDst)
-			} else {
-				var content []byte
-				content, err = lc.fSys.ReadFile(path)
-				if err != nil {
-					return errors.Wrap(err)
-				}
-				err = lc.fSys.WriteFile(pathInDst, content)
-			}
-			return errors.Wrap(err)
-		})
-	if err != nil {
-		return errors.WrapPrefixf(err, "unable to copy directory %q", src)
-	}
-	return nil
-}
-
-// localizeBuiltinPlugins localizes built-in plugins on kust that can contain file paths. The built-in plugins
-// can be inline or in a file. This excludes the HelmChartInflationGenerator.
-//
-// Note that the localization in this function has not been implemented yet.
-func (lc *localizer) localizeBuiltinPlugins(kust *types.Kustomization) error {
-	for fieldName, entries := range map[string][]string{
-		"generators":   kust.Generators,
-		"transformers": kust.Transformers,
-		"validators":   kust.Validators,
-	} {
-		for i, entry := range entries {
-			rm, isPath, err := lc.loadK8sResource(entry)
-			if err != nil {
-				return errors.WrapPrefixf(err, "unable to load %s entry", fieldName)
-			}
-			err = rm.ApplyFilter(&localizeBuiltinPlugins{lc: lc})
-			if err != nil {
-				return errors.Wrap(err)
-			}
-			localizedPlugin, err := rm.AsYaml()
-			if err != nil {
-				return errors.WrapPrefixf(err, "unable to serialize localized %s entry %q", fieldName, entry)
-			}
-			var localizedEntry string
-			if isPath {
-				localizedEntry, err = lc.localizeFileWithContent(entry, localizedPlugin)
-				if err != nil {
-					return errors.WrapPrefixf(err, "unable to localize %s entry", fieldName)
-				}
-			} else {
-				localizedEntry = string(localizedPlugin)
-			}
-			entries[i] = localizedEntry
-		}
-	}
-	return nil
-}
-
-// localizeK8sResource returns the localized resourceEntry if it is a file
-// containing a kubernetes resource.
-// localizeK8sResource returns resourceEntry if it is an inline resource.
-func (lc *localizer) localizeK8sResource(resourceEntry string) (string, error) {
-	_, isFile, err := lc.loadK8sResource(resourceEntry)
-	if err != nil {
-		return "", err
-	}
-	if isFile {
-		return lc.localizeFile(resourceEntry)
-	}
-	return resourceEntry, nil
-}
-
-// loadK8sResource tries to load resourceEntry as a file path or inline
-// kubernetes resource.
-// On success, loadK8sResource returns the loaded resource map and whether
-// resourceEntry is a file path.
-func (lc *localizer) loadK8sResource(resourceEntry string) (resmap.ResMap, bool, error) {
-	rm, inlineErr := lc.rFactory.NewResMapFromBytes([]byte(resourceEntry))
-	if inlineErr != nil {
-		var fileErr error
-		rm, fileErr = lc.rFactory.FromFile(lc.ldr, resourceEntry)
-		if fileErr != nil {
-			err := ResourceLoadError{
-				InlineError: inlineErr,
-				FileError:   fileErr,
-			}
-			return nil, false, errors.WrapPrefixf(err, "unable to load resource entry %q", resourceEntry)
-		}
-	}
-	return rm, inlineErr != nil, nil
-}

api/internal/localizer/locloader.go

@@ -1,132 +0,0 @@
-// Copyright 2022 The Kubernetes Authors.
-// SPDX-License-Identifier: Apache-2.0
-
-package localizer
-
-import (
-	"path/filepath"
-
-	"sigs.k8s.io/kustomize/api/ifc"
-	"sigs.k8s.io/kustomize/api/internal/git"
-	"sigs.k8s.io/kustomize/api/internal/loader"
-	"sigs.k8s.io/kustomize/kyaml/errors"
-	"sigs.k8s.io/kustomize/kyaml/filesys"
-)
-
-// Args holds localize arguments
-type Args struct {
-	// target; local copy if remote
-	Target filesys.ConfirmedDir
-
-	// directory that bounds target's local references
-	// repo directory of local copy if target is remote
-	Scope filesys.ConfirmedDir
-
-	// localize destination
-	NewDir filesys.ConfirmedDir
-}
-
-// Loader is an ifc.Loader that enforces additional constraints specific to kustomize localize.
-type Loader struct {
-	fSys filesys.FileSystem
-
-	args *Args
-
-	// loader at Loader's current directory
-	ifc.Loader
-
-	// whether Loader and all its ancestors are the result of local references
-	local bool
-}
-
-var _ ifc.Loader = &Loader{}
-
-// NewLoader is the factory method for Loader, under localize constraints, at rawTarget. For invalid localize arguments,
-// NewLoader returns an error.
-func NewLoader(rawTarget string, rawScope string, rawNewDir string, fSys filesys.FileSystem) (*Loader, Args, error) {
-	// check earlier to avoid cleanup
-	repoSpec, err := git.NewRepoSpecFromURL(rawTarget)
-	if err == nil && repoSpec.Ref == "" {
-		return nil, Args{}, errors.Errorf("localize remote root %q missing ref query string parameter", rawTarget)
-	}
-
-	// for security, should enforce load restrictions
-	ldr, err := loader.NewLoader(loader.RestrictionRootOnly, rawTarget, fSys)
-	if err != nil {
-		return nil, Args{}, errors.WrapPrefixf(err, "unable to establish localize target %q", rawTarget)
-	}
-
-	scope, err := establishScope(rawScope, rawTarget, ldr, fSys)
-	if err != nil {
-		_ = ldr.Cleanup()
-		return nil, Args{}, errors.WrapPrefixf(err, "invalid localize scope %q", rawScope)
-	}
-
-	newDir, err := createNewDir(rawNewDir, ldr, repoSpec, fSys)
-	if err != nil {
-		_ = ldr.Cleanup()
-		return nil, Args{}, errors.WrapPrefixf(err, "invalid localize destination %q", rawNewDir)
-	}
-
-	args := Args{
-		Target: filesys.ConfirmedDir(ldr.Root()),
-		Scope:  scope,
-		NewDir: newDir,
-	}
-	return &Loader{
-		fSys:   fSys,
-		args:   &args,
-		Loader: ldr,
-		local:  scope != "",
-	}, args, nil
-}
-
-// Load returns the contents of path if path is a valid localize file.
-// Otherwise, Load returns an error.
-func (ll *Loader) Load(path string) ([]byte, error) {
-	// checks in root, and thus in scope
-	content, err := ll.Loader.Load(path)
-	if err != nil {
-		return nil, errors.WrapPrefixf(err, "invalid file reference")
-	}
-	if !loader.IsRemoteFile(path) && ll.local {
-		cleanPath := cleanedRelativePath(ll.fSys, filesys.ConfirmedDir(ll.Root()), path)
-		cleanAbs := filepath.Join(ll.Root(), cleanPath)
-		dir := filesys.ConfirmedDir(filepath.Dir(cleanAbs))
-		// target cannot reference newDir, as this load would've failed prior to localize;
-		// not a problem if remote because then reference could only be in newDir if repo copy,
-		// which will be cleaned, is inside newDir
-		if dir.HasPrefix(ll.args.NewDir) {
-			return nil, errors.Errorf("file %q at %q enters localize destination %q", path, cleanAbs, ll.args.NewDir)
-		}
-	}
-	return content, nil
-}
-
-// New returns a Loader at path if path is a valid localize root.
-// Otherwise, New returns an error.
-func (ll *Loader) New(path string) (ifc.Loader, error) {
-	ldr, err := ll.Loader.New(path)
-	if err != nil {
-		return nil, errors.WrapPrefixf(err, "invalid root reference")
-	}
-
-	if repo := ldr.Repo(); repo == "" {
-		if ll.local && !filesys.ConfirmedDir(ldr.Root()).HasPrefix(ll.args.Scope) {
-			return nil, errors.Errorf("root %q outside localize scope %q", ldr.Root(), ll.args.Scope)
-		}
-		if ll.local && filesys.ConfirmedDir(ldr.Root()).HasPrefix(ll.args.NewDir) {
-			return nil, errors.Errorf(
-				"root %q references into localize destination %q", ldr.Root(), ll.args.NewDir)
-		}
-	} else if !hasRef(path) {
-		return nil, errors.Errorf("localize remote root %q missing ref query string parameter", path)
-	}
-
-	return &Loader{
-		fSys:   ll.fSys,
-		args:   ll.args,
-		Loader: ldr,
-		local:  ll.local && ldr.Repo() == "",
-	}, nil
-}

api/internal/localizer/locloader_test.go

@@ -1,298 +0,0 @@
-// Copyright 2022 The Kubernetes Authors.
-// SPDX-License-Identifier: Apache-2.0
-
-package localizer_test
-
-import (
-	"bytes"
-	"log"
-	"os"
-	"testing"
-
-	"github.com/stretchr/testify/require"
-	"sigs.k8s.io/kustomize/api/ifc"
-	. "sigs.k8s.io/kustomize/api/internal/localizer"
-	"sigs.k8s.io/kustomize/kyaml/filesys"
-)
-
-func checkNewLoader(req *require.Assertions, ldr *Loader, args *Args, target string, scope string, newDir string, fSys filesys.FileSystem) {
-	checkLoader(req, ldr, target)
-	checkArgs(req, args, target, scope, newDir, fSys)
-}
-
-func checkLoader(req *require.Assertions, ldr ifc.Loader, root string) {
-	req.Equal(root, ldr.Root())
-	req.Empty(ldr.Repo())
-}
-
-func checkArgs(req *require.Assertions, args *Args, target string, scope string, newDir string, fSys filesys.FileSystem) {
-	req.Equal(target, args.Target.String())
-	req.Equal(scope, args.Scope.String())
-	req.Equal(newDir, args.NewDir.String())
-	req.True(fSys.Exists(newDir))
-}
-
-func TestLocalLoadNewAndCleanup(t *testing.T) {
-	req := require.New(t)
-	fSys := makeMemoryFs(t)
-
-	var buf bytes.Buffer
-	log.SetOutput(&buf)
-	defer func() {
-		log.SetOutput(os.Stderr)
-	}()
-	// typical setup
-	ldr, args, err := NewLoader("a", "/", "/newDir", fSys)
-	req.NoError(err)
-	checkNewLoader(req, ldr, &args, "/a", "/", "/newDir", fSys)
-
-	fSysCopy := makeMemoryFs(t)
-	req.NoError(fSysCopy.Mkdir("/newDir"))
-	req.Equal(fSysCopy, fSys)
-
-	// easy load directly in root
-	content, err := ldr.Load("pod.yaml")
-	req.NoError(err)
-	req.Equal([]byte(podConfiguration), content)
-
-	// typical sibling root reference
-	sibLdr, err := ldr.New("../alpha")
-	req.NoError(err)
-	checkLoader(req, sibLdr, "/alpha")
-
-	// only need to test once, since don't need to call Cleanup() on local target
-	req.NoError(sibLdr.Cleanup())
-	req.NoError(ldr.Cleanup())
-
-	// file system and buffer checks are also one-time
-	req.Equal(fSysCopy, fSys)
-	req.Empty(buf.String())
-}
-
-func TestNewLocLoaderDefaultForRootTarget(t *testing.T) {
-	cases := map[string]struct {
-		target string
-		scope  string
-	}{
-		"explicit": {
-			"/",
-			".",
-		},
-		"implicit": {
-			".",
-			"",
-		},
-	}
-	for name, params := range cases {
-		params := params
-		t.Run(name, func(t *testing.T) {
-			req := require.New(t)
-			fSys := makeMemoryFs(t)
-
-			ldr, args, err := NewLoader(params.target, params.scope, "", fSys)
-			req.NoError(err)
-			checkNewLoader(req, ldr, &args, "/", "/", "/"+DstPrefix, fSys)
-
-			// file in root, but nested
-			content, err := ldr.Load("a/pod.yaml")
-			req.NoError(err)
-			req.Equal([]byte(podConfiguration), content)
-
-			childLdr, err := ldr.New("a")
-			req.NoError(err)
-			checkLoader(req, childLdr, "/a")
-
-			// messy, uncleaned path
-			content, err = childLdr.Load("./../a/pod.yaml")
-			req.NoError(err)
-			req.Equal([]byte(podConfiguration), content)
-		})
-	}
-}
-
-func TestNewMultiple(t *testing.T) {
-	req := require.New(t)
-	fSys := makeMemoryFs(t)
-
-	// default destination for non-file system root target
-	// destination outside of scope
-	ldr, args, err := NewLoader("/alpha/beta", "/alpha", "", fSys)
-	req.NoError(err)
-	checkNewLoader(req, ldr, &args, "/alpha/beta", "/alpha", "/"+DstPrefix+"-beta", fSys)
-
-	// nested child root that isn't cleaned
-	descLdr, err := ldr.New("../beta/gamma/delta")
-	req.NoError(err)
-	checkLoader(req, descLdr, "/alpha/beta/gamma/delta")
-
-	// upwards traversal
-	higherLdr, err := descLdr.New("../../say")
-	req.NoError(err)
-	checkLoader(req, higherLdr, "/alpha/beta/say")
-}
-
-func makeWdFs(t *testing.T) map[string]filesys.FileSystem {
-	t.Helper()
-	req := require.New(t)
-
-	root := filesys.MakeEmptyDirInMemory()
-	req.NoError(root.MkdirAll("a/b/c/d/e"))
-
-	outer, err := root.Find("a")
-	req.NoError(err)
-	middle, err := root.Find("a/b/c")
-	req.NoError(err)
-
-	return map[string]filesys.FileSystem{
-		"a":     outer,
-		"a/b/c": middle,
-	}
-}
-
-func TestNewLocLoaderCwdNotRoot(t *testing.T) {
-	cases := map[string]struct {
-		wd     string
-		target string
-		scope  string
-		newDir string
-	}{
-		// target not immediate child of scope
-		"outer dir": {
-			"a",
-			"b/c/d/e",
-			"b/c",
-			"b/newDir",
-		},
-		"scope": {
-			"a/b/c",
-			"d/e",
-			".",
-			"d/e/newDir",
-		},
-	}
-
-	for name, test := range cases {
-		test := test
-		t.Run(name, func(t *testing.T) {
-			req := require.New(t)
-			fSys := makeWdFs(t)[test.wd]
-
-			ldr, args, err := NewLoader(test.target, test.scope, test.newDir, fSys)
-			req.NoError(err)
-			checkLoader(req, ldr, "a/b/c/d/e")
-
-			req.Equal("a/b/c/d/e", args.Target.String())
-			req.Equal("a/b/c", args.Scope.String())
-			req.Equal(test.wd+"/"+test.newDir, args.NewDir.String())
-			// memory file system can only find paths rooted at current node
-			req.True(fSys.Exists(test.newDir))
-		})
-	}
-}
-
-func TestNewLocLoaderFails(t *testing.T) {
-	cases := map[string]struct {
-		target string
-		scope  string
-		dest   string
-	}{
-		"non-existent target": {
-			"/b",
-			"/",
-			"/newDir",
-		},
-		"file target": {
-			"/a/pod.yaml",
-			"/",
-			"/newDir",
-		},
-		"inner scope": {
-			"/alpha",
-			"/alpha/beta",
-			"/newDir",
-		},
-		"side scope": {
-			"/alpha",
-			"/a",
-			"/newDir",
-		},
-		"existing dst": {
-			"/alpha",
-			"/",
-			"/a",
-		},
-	}
-	for name, params := range cases {
-		params := params
-		t.Run(name, func(t *testing.T) {
-			var buf bytes.Buffer
-			log.SetOutput(&buf)
-			defer func() {
-				log.SetOutput(os.Stderr)
-			}()
-
-			_, _, err := NewLoader(params.target, params.scope, params.dest, makeMemoryFs(t))
-			require.Error(t, err)
-			require.Empty(t, buf.String())
-		})
-	}
-}
-
-func TestNewFails(t *testing.T) {
-	req := require.New(t)
-	fSys := makeMemoryFs(t)
-
-	ldr, args, err := NewLoader("/alpha/beta/gamma", "alpha", "alpha/beta/gamma/newDir", fSys)
-	req.NoError(err)
-	checkNewLoader(req, ldr, &args, "/alpha/beta/gamma", "/alpha", "/alpha/beta/gamma/newDir", fSys)
-
-	cases := map[string]string{
-		"outside scope":     "../../../a",
-		"at dst":            "newDir",
-		"ancestor":          "../../beta",
-		"non-existent root": "delt",
-		"file":              "delta/deployment.yaml",
-	}
-	for name, root := range cases {
-		root := root
-		t.Run(name, func(t *testing.T) {
-			fSys := makeMemoryFs(t)
-
-			ldr, _, err := NewLoader("/alpha/beta/gamma", "alpha", "alpha/beta/gamma/newDir", fSys)
-			require.NoError(t, err)
-
-			_, err = ldr.New(root)
-			require.Error(t, err)
-		})
-	}
-}
-
-func TestLoadFails(t *testing.T) {
-	req := require.New(t)
-	fSys := makeMemoryFs(t)
-
-	ldr, args, err := NewLoader("./a/../a", "/a/../a", "/a/newDir", fSys)
-	req.NoError(err)
-	checkNewLoader(req, ldr, &args, "/a", "/a", "/a/newDir", fSys)
-
-	cases := map[string]string{
-		"directory":          "b",
-		"non-existent file":  "kubectl.yaml",
-		"file outside root":  "../alpha/beta/gamma/delta/deployment.yaml",
-		"inside dst":         "newDir/pod.yaml",
-		"winding inside dst": "/a/test/../newDir/pod.yaml",
-	}
-	for name, file := range cases {
-		file := file
-		t.Run(name, func(t *testing.T) {
-			req := require.New(t)
-			fSys := makeMemoryFs(t)
-
-			ldr, _, err := NewLoader("./a/../a", "/a/../a", "/a/newDir", fSys)
-			req.NoError(err)
-
-			_, err = ldr.Load(file)
-			req.Error(err)
-		})
-	}
-}

api/internal/localizer/util.go

@@ -1,222 +0,0 @@
-// Copyright 2022 The Kubernetes Authors.
-// SPDX-License-Identifier: Apache-2.0
-
-package localizer
-
-import (
-	"log"
-	"net/url"
-	"path/filepath"
-	"strings"
-
-	"sigs.k8s.io/kustomize/api/ifc"
-	"sigs.k8s.io/kustomize/api/internal/git"
-	"sigs.k8s.io/kustomize/kyaml/errors"
-	"sigs.k8s.io/kustomize/kyaml/filesys"
-)
-
-const (
-	// DstPrefix prefixes the target and ref, if target is remote, in the default localize destination directory name
-	DstPrefix = "localized"
-
-	// LocalizeDir is the name of the localize directories used to store remote content in the localize destination
-	LocalizeDir = "localized-files"
-
-	// FileSchemeDir is the name of the directory immediately inside LocalizeDir used to store file-schemed repos
-	FileSchemeDir = "file-schemed"
-)
-
-// establishScope returns the effective scope given localize arguments and targetLdr at rawTarget. For remote rawTarget,
-// the effective scope is the downloaded repo.
-func establishScope(rawScope string, rawTarget string, targetLdr ifc.Loader, fSys filesys.FileSystem) (filesys.ConfirmedDir, error) {
-	if repo := targetLdr.Repo(); repo != "" {
-		if rawScope != "" {
-			return "", errors.Errorf("scope %q specified for remote localize target %q", rawScope, rawTarget)
-		}
-		return filesys.ConfirmedDir(repo), nil
-	}
-	// default scope
-	if rawScope == "" {
-		return filesys.ConfirmedDir(targetLdr.Root()), nil
-	}
-	scope, err := filesys.ConfirmDir(fSys, rawScope)
-	if err != nil {
-		return "", errors.WrapPrefixf(err, "unable to establish localize scope")
-	}
-	if !filesys.ConfirmedDir(targetLdr.Root()).HasPrefix(scope) {
-		return scope, errors.Errorf("localize scope %q does not contain target %q at %q", rawScope, rawTarget,
-			targetLdr.Root())
-	}
-	return scope, nil
-}
-
-// createNewDir returns the localize destination directory or error. Note that spec is nil if targetLdr is at local
-// target.
-func createNewDir(rawNewDir string, targetLdr ifc.Loader, spec *git.RepoSpec, fSys filesys.FileSystem) (filesys.ConfirmedDir, error) {
-	if rawNewDir == "" {
-		rawNewDir = defaultNewDir(targetLdr, spec)
-	}
-	if fSys.Exists(rawNewDir) {
-		return "", errors.Errorf("localize destination %q already exists", rawNewDir)
-	}
-	// destination directory must sit in an existing directory
-	if err := fSys.Mkdir(rawNewDir); err != nil {
-		return "", errors.WrapPrefixf(err, "unable to create localize destination directory")
-	}
-	newDir, err := filesys.ConfirmDir(fSys, rawNewDir)
-	if err != nil {
-		if errCleanup := fSys.RemoveAll(newDir.String()); errCleanup != nil {
-			log.Printf("%s", errors.WrapPrefixf(errCleanup, "unable to clean localize destination"))
-		}
-		return "", errors.WrapPrefixf(err, "unable to establish localize destination")
-	}
-
-	return newDir, nil
-}
-
-// defaultNewDir calculates the default localize destination directory name from targetLdr at the localize target
-// and spec of target, which is nil if target is local
-func defaultNewDir(targetLdr ifc.Loader, spec *git.RepoSpec) string {
-	targetDir := filepath.Base(targetLdr.Root())
-	if repo := targetLdr.Repo(); repo != "" {
-		// kustomize doesn't download repo into repo-named folder
-		// must find repo folder name from url
-		if repo == targetLdr.Root() {
-			targetDir = urlBase(spec.RepoPath)
-		}
-		return strings.Join([]string{DstPrefix, targetDir, strings.ReplaceAll(spec.Ref, "/", "-")}, "-")
-	}
-	// special case for local target directory since destination directory cannot have "/" in name
-	if targetDir == string(filepath.Separator) {
-		return DstPrefix
-	}
-	return strings.Join([]string{DstPrefix, targetDir}, "-")
-}
-
-// urlBase is the url equivalent of filepath.Base
-func urlBase(url string) string {
-	cleaned := strings.TrimRight(url, "/")
-	i := strings.LastIndex(cleaned, "/")
-	if i < 0 {
-		return cleaned
-	}
-	return cleaned[i+1:]
-}
-
-// hasRef checks if repoURL has ref query string parameter
-func hasRef(repoURL string) bool {
-	repoSpec, err := git.NewRepoSpecFromURL(repoURL)
-	if err != nil {
-		log.Fatalf("unable to parse validated root url: %s", err)
-	}
-	return repoSpec.Ref != ""
-}
-
-// cleanedRelativePath returns a cleaned relative path of file to root on fSys
-func cleanedRelativePath(fSys filesys.FileSystem, root filesys.ConfirmedDir, file string) string {
-	abs := file
-	if !filepath.IsAbs(file) {
-		abs = root.Join(file)
-	}
-
-	dir, f, err := fSys.CleanedAbs(abs)
-	if err != nil {
-		log.Fatalf("cannot clean validated file path %q: %s", abs, err)
-	}
-	locPath, err := filepath.Rel(root.String(), dir.Join(f))
-	if err != nil {
-		log.Fatalf("cannot find path from parent %q to file %q: %s", root, dir.Join(f), err)
-	}
-	return locPath
-}
-
-// locFilePath converts a URL to its localized form, e.g.
-// https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/api/krusty/testdata/localize/simple/service.yaml ->
-// localized-files/raw.githubusercontent.com/kubernetes-sigs/kustomize/master/api/krusty/testdata/localize/simple/service.yaml.
-//
-// fileURL must be a validated file URL.
-func locFilePath(fileURL string) string {
-	// File urls must have http or https scheme, so it is safe to use url.Parse.
-	u, err := url.Parse(fileURL)
-	if err != nil {
-		log.Panicf("cannot parse validated file url %q: %s", fileURL, err)
-	}
-
-	// HTTP requests use the escaped path, so we use it here. Escaped paths also help us
-	// preserve percent-encoding in the original path, in the absence of illegal characters,
-	// in case they have special meaning to the host.
-	// Extraneous '..' parent directory dot-segments should be removed.
-	path := filepath.Join(string(filepath.Separator), filepath.FromSlash(u.EscapedPath()))
-
-	// We intentionally exclude userinfo and port.
-	// Raw github urls are the only type of file urls kustomize officially accepts.
-	// In this case, the path already consists of org, repo, version, and path in repo, in order,
-	// so we can use it as is.
-	return filepath.Join(LocalizeDir, u.Hostname(), path)
-}
-
-// locRootPath returns the relative localized path of the validated root url rootURL, where the local copy of its repo
-// is at repoDir and the copy of its root is at root on fSys.
-func locRootPath(rootURL, repoDir string, root filesys.ConfirmedDir, fSys filesys.FileSystem) (string, error) {
-	repoSpec, err := git.NewRepoSpecFromURL(rootURL)
-	if err != nil {
-		log.Panicf("cannot parse validated repo url %q: %s", rootURL, err)
-	}
-	host, err := parseHost(repoSpec)
-	if err != nil {
-		return "", errors.WrapPrefixf(err, "unable to parse host of remote root %q", rootURL)
-	}
-	repo, err := filesys.ConfirmDir(fSys, repoDir)
-	if err != nil {
-		log.Panicf("unable to establish validated repo download location %q: %s", repoDir, err)
-	}
-	// calculate from copy instead of url to straighten symlinks
-	inRepo, err := filepath.Rel(repo.String(), root.String())
-	if err != nil {
-		log.Panicf("cannot find path from %q to child directory %q: %s", repo, root, err)
-	}
-	// the git-server-side directory name conventionally (but not universally) ends in .git, which
-	// is conventionally stripped from the client-side directory name used for the clone.
-	localRepoPath := strings.TrimSuffix(repoSpec.RepoPath, ".git")
-
-	// We do not need to escape RepoPath, a path on the git server.
-	// However, like git, we clean dot-segments from RepoPath.
-	// Git does not allow ref value to contain dot-segments.
-	return filepath.Join(LocalizeDir,
-		host,
-		filepath.Join(string(filepath.Separator), filepath.FromSlash(localRepoPath)),
-		filepath.FromSlash(repoSpec.Ref),
-		inRepo), nil
-}
-
-// parseHost returns the localize directory path corresponding to repoSpec.Host
-func parseHost(repoSpec *git.RepoSpec) (string, error) {
-	var target string
-	switch scheme, _, _ := strings.Cut(repoSpec.Host, "://"); scheme {
-	case "gh:":
-		// 'gh' was meant to be a local github.com shorthand, in which case
-		// the .gitconfig file could map it to any host. See origin here:
-		// https://github.com/kubernetes-sigs/kustomize/blob/kustomize/v4.5.7/api/internal/git/repospec.go#L203
-		// We give it a special host directory here under the assumption
-		// that we are unlikely to have another host simply named 'gh'.
-		return "gh", nil
-	case "file":
-		// We put file-scheme repos under a special directory to avoid
-		// colluding local absolute paths with hosts.
-		return FileSchemeDir, nil
-	case "https", "http", "ssh":
-		target = repoSpec.Host
-	default:
-		// We must have relative ssh url; in other words, the url has scp-like syntax.
-		// We attach a scheme to avoid url.Parse errors.
-		target = "ssh://" + repoSpec.Host
-	}
-	// url.Parse will not recognize ':' delimiter that both RepoSpec and git accept.
-	target = strings.TrimSuffix(target, ":")
-	u, err := url.Parse(target)
-	if err != nil {
-		return "", errors.Wrap(err)
-	}
-	// strip scheme, userinfo, port, and any trailing slashes.
-	return u.Hostname(), nil
-}

api/internal/localizer/util_test.go

@@ -1,326 +0,0 @@
-// Copyright 2022 The Kubernetes Authors.
-// SPDX-License-Identifier: Apache-2.0
-
-package localizer //nolint:testpackage
-
-import (
-	"fmt"
-	"os"
-	"path/filepath"
-	"strings"
-	"testing"
-
-	"github.com/stretchr/testify/require"
-	"sigs.k8s.io/kustomize/api/ifc"
-	"sigs.k8s.io/kustomize/api/internal/git"
-	"sigs.k8s.io/kustomize/kyaml/filesys"
-)
-
-func TestDefaultNewDirRepo(t *testing.T) {
-	for name, test := range map[string]struct {
-		url, dst string
-	}{
-		"simple": {
-			url: "https://github.com/org/repo?ref=value",
-			dst: "localized-repo-value",
-		},
-		"slashed_ref": {
-			url: "https://github.com/org/repo?ref=group/version",
-			dst: "localized-repo-group-version",
-		},
-	} {
-		t.Run(name, func(t *testing.T) {
-			repoSpec, err := git.NewRepoSpecFromURL(test.url)
-			require.NoError(t, err)
-			require.Equal(t, test.dst, defaultNewDir(&fakeLoader{t.TempDir()}, repoSpec))
-		})
-	}
-}
-
-type fakeLoader struct {
-	root string
-}
-
-func (fl *fakeLoader) Root() string {
-	return fl.root
-}
-func (fl *fakeLoader) Repo() string {
-	return fl.root
-}
-func (fl *fakeLoader) Load(_ string) ([]byte, error) {
-	return []byte{}, nil
-}
-func (fl *fakeLoader) New(path string) (ifc.Loader, error) {
-	return &fakeLoader{path}, nil
-}
-func (fl *fakeLoader) Cleanup() error {
-	return nil
-}
-
-func TestUrlBase(t *testing.T) {
-	require.Equal(t, "repo", urlBase("https://github.com/org/repo"))
-}
-
-func TestUrlBaseTrailingSlash(t *testing.T) {
-	require.Equal(t, "repo", urlBase("github.com/org/repo//"))
-}
-
-// simpleJoin is filepath.Join() without the side effects of filepath.Clean()
-func simpleJoin(t *testing.T, elems ...string) string {
-	t.Helper()
-
-	return strings.Join(elems, string(filepath.Separator))
-}
-
-func TestLocFilePath(t *testing.T) {
-	for name, tUnit := range map[string]struct {
-		url, path string
-	}{
-		"official": {
-			url:  "https://raw.githubusercontent.com/org/repo/ref/path/to/file.yaml",
-			path: simpleJoin(t, "raw.githubusercontent.com", "org", "repo", "ref", "path", "to", "file.yaml"),
-		},
-		"http-scheme": {
-			url:  "http://host/path",
-			path: simpleJoin(t, "host", "path"),
-		},
-		"extraneous_components": {
-			url:  "http://userinfo@host:1234/path/file?query",
-			path: simpleJoin(t, "host", "path", "file"),
-		},
-		"empty_path": {
-			url:  "https://host",
-			path: "host",
-		},
-		"empty_path_segment": {
-			url:  "https://host//",
-			path: "host",
-		},
-		"percent-encoded_path": {
-			url:  "https://host/file%2Eyaml",
-			path: simpleJoin(t, "host", "file%2Eyaml"),
-		},
-		"dot-segments": {
-			url:  "https://host/path/blah/../to/foo/bar/../../file/./",
-			path: simpleJoin(t, "host", "path", "to", "file"),
-		},
-		"extraneous_dot-segments": {
-			url:  "https://host/foo/bar/baz/../../../../file",
-			path: simpleJoin(t, "host", "file"),
-		},
-	} {
-		t.Run(name, func(t *testing.T) {
-			require.Equal(t, simpleJoin(t, LocalizeDir, tUnit.path), locFilePath(tUnit.url))
-		})
-	}
-}
-
-func TestLocFilePathColon(t *testing.T) {
-	req := require.New(t)
-
-	// The colon is special because it was once used as the unix file separator.
-	const url = "https://[2001:4860:4860::8888]/file.yaml"
-	const host = "2001:4860:4860::8888"
-	const file = "file.yaml"
-	req.Equal(simpleJoin(t, LocalizeDir, host, file), locFilePath(url))
-
-	fSys := filesys.MakeFsOnDisk()
-	targetDir := simpleJoin(t, t.TempDir(), host)
-
-	// We check that we can create single directory, meaning ':' not used as file separator.
-	req.NoError(fSys.Mkdir(targetDir))
-	_, err := fSys.Create(simpleJoin(t, targetDir, file))
-	req.NoError(err)
-
-	// We check that the directory with such name is readable.
-	files, err := fSys.ReadDir(targetDir)
-	req.NoError(err)
-	req.Equal([]string{file}, files)
-}
-
-func TestLocFilePath_SpecialChar(t *testing.T) {
-	req := require.New(t)
-
-	// The wild card character is one of the legal uri characters with more meaning
-	// to the system, so we test it here.
-	const wildcard = "*"
-	req.Equal(simpleJoin(t, LocalizeDir, "host", wildcard), locFilePath("https://host/*"))
-
-	fSys := filesys.MakeFsOnDisk()
-	testDir := t.TempDir()
-	req.NoError(fSys.Mkdir(simpleJoin(t, testDir, "a")))
-	req.NoError(fSys.WriteFile(simpleJoin(t, testDir, "b"), []byte{}))
-
-	// We check that we can create and read from wild card-named file.
-	// We check that the file system is not matching it to existing file names.
-	req.NoError(fSys.WriteFile(simpleJoin(t, testDir, wildcard), []byte("test")))
-	content, err := fSys.ReadFile(simpleJoin(t, testDir, wildcard))
-	req.NoError(err)
-	req.Equal("test", string(content))
-}
-
-func TestLocFilePath_SpecialFiles(t *testing.T) {
-	for name, tFSys := range map[string]struct {
-		urlPath           string
-		pathDir, pathFile string
-	}{
-		"windows_reserved_name": {
-			urlPath:  "/aux/file",
-			pathDir:  "aux",
-			pathFile: "file",
-		},
-		"hidden_files": {
-			urlPath:  "/.../.file",
-			pathDir:  "...",
-			pathFile: ".file",
-		},
-	} {
-		t.Run(name, func(t *testing.T) {
-			req := require.New(t)
-
-			expectedPath := simpleJoin(t, LocalizeDir, "host", tFSys.pathDir, tFSys.pathFile)
-			req.Equal(expectedPath, locFilePath("https://host"+tFSys.urlPath))
-
-			fSys := filesys.MakeFsOnDisk()
-			targetDir := simpleJoin(t, t.TempDir(), tFSys.pathDir)
-			req.NoError(fSys.Mkdir(targetDir))
-			req.NoError(fSys.WriteFile(simpleJoin(t, targetDir, tFSys.pathFile), []byte("test")))
-
-			content, err := fSys.ReadFile(simpleJoin(t, targetDir, tFSys.pathFile))
-			req.NoError(err)
-			req.Equal([]byte("test"), content)
-		})
-	}
-}
-
-func makeConfirmedDir(t *testing.T) (filesys.FileSystem, filesys.ConfirmedDir) {
-	t.Helper()
-
-	fSys := filesys.MakeFsOnDisk()
-	testDir, err := filesys.NewTmpConfirmedDir()
-	require.NoError(t, err)
-	t.Cleanup(func() {
-		_ = fSys.RemoveAll(testDir.String())
-	})
-
-	return fSys, testDir
-}
-
-func TestLocRootPath_URLComponents(t *testing.T) {
-	for name, test := range map[string]struct {
-		urlf, path string
-	}{
-		"ssh": {
-			urlf: "ssh://git@github.com/org/repo//%s?ref=value",
-			path: simpleJoin(t, "github.com", "org", "repo", "value"),
-		},
-		"rel_ssh": {
-			urlf: "git@github.com:org/repo//%s?ref=value",
-			path: simpleJoin(t, "github.com", "org", "repo", "value"),
-		},
-		"https": {
-			urlf: "https://gitlab.com/org/repo//%s?ref=value",
-			path: simpleJoin(t, "gitlab.com", "org", "repo", "value"),
-		},
-		"file": {
-			urlf: "file:///var/run/repo//%s?ref=value",
-			path: simpleJoin(t, FileSchemeDir, "var", "run", "repo", "value"),
-		},
-		"IPv6": {
-			urlf: "https://[2001:4860:4860::8888]/org/repo//%s?ref=value",
-			path: simpleJoin(t, "2001:4860:4860::8888", "org", "repo", "value"),
-		},
-		"port": {
-			urlf: "https://localhost.com:8080/org/repo//%s?ref=value",
-			path: simpleJoin(t, "localhost.com", "org", "repo", "value"),
-		},
-		"no_org": {
-			urlf: "https://github.com/repo//%s?ref=value",
-			path: simpleJoin(t, "github.com", "repo", "value"),
-		},
-		".git_suffix": {
-			urlf: "https://github.com/org1/org2/repo.git//%s?ref=value",
-			path: simpleJoin(t, "github.com", "org1", "org2", "repo", "value"),
-		},
-		"dot-segments": {
-			urlf: "https://github.com/./../org/../org/repo.git//%s?ref=value",
-			path: simpleJoin(t, "github.com", "org", "repo", "value"),
-		},
-		"no_path_delimiter": {
-			urlf: "https://github.com/org/repo/%s?ref=value",
-			path: simpleJoin(t, "github.com", "org", "repo", "value"),
-		},
-		"illegal_windows_dir": {
-			urlf: "https://gitlab.com/org./repo..git//%s?ref=value",
-			path: simpleJoin(t, "gitlab.com", "org.", "repo.", "value"),
-		},
-		"ref_has_slash": {
-			urlf: "https://gitlab.com/org/repo//%s?ref=group/version/kind",
-			path: simpleJoin(t, "gitlab.com", "org", "repo", "group", "version", "kind"),
-		},
-	} {
-		t.Run(name, func(t *testing.T) {
-			u := fmt.Sprintf(test.urlf, "path/to/root")
-			path := simpleJoin(t, LocalizeDir, test.path, "path", "to", "root")
-
-			fSys, testDir := makeConfirmedDir(t)
-			repoDir := simpleJoin(t, testDir.String(), "repo_random-hash")
-			require.NoError(t, fSys.Mkdir(repoDir))
-			rootDir := simpleJoin(t, repoDir, "path", "to", "root")
-			require.NoError(t, fSys.MkdirAll(rootDir))
-
-			actual, err := locRootPath(u, repoDir, filesys.ConfirmedDir(rootDir), fSys)
-			require.NoError(t, err)
-			require.Equal(t, path, actual)
-
-			require.NoError(t, fSys.MkdirAll(simpleJoin(t, testDir.String(), path)))
-		})
-	}
-}
-
-func TestLocRootPath_Repo(t *testing.T) {
-	const url = "https://github.com/org/repo?ref=value"
-	expected := simpleJoin(t, LocalizeDir, "github.com", "org", "repo", "value")
-
-	fSys, testDir := makeConfirmedDir(t)
-	actual, err := locRootPath(url, testDir.String(), testDir, fSys)
-	require.NoError(t, err)
-	require.Equal(t, expected, actual)
-}
-
-func TestLocRootPath_SymlinkPath(t *testing.T) {
-	const url = "https://github.com/org/repo//symlink?ref=value"
-
-	fSys, repoDir := makeConfirmedDir(t)
-	rootDir := simpleJoin(t, repoDir.String(), "actual-root")
-	require.NoError(t, fSys.Mkdir(rootDir))
-	require.NoError(t, os.Symlink(rootDir, simpleJoin(t, repoDir.String(), "symlink")))
-
-	expected := simpleJoin(t, LocalizeDir, "github.com", "org", "repo", "value", "actual-root")
-	actual, err := locRootPath(url, repoDir.String(), filesys.ConfirmedDir(rootDir), fSys)
-	require.NoError(t, err)
-	require.Equal(t, expected, actual)
-}
-
-func TestCleanedRelativePath(t *testing.T) {
-	fSys := filesys.MakeFsInMemory()
-	require.NoError(t, fSys.MkdirAll("/root/test"))
-	require.NoError(t, fSys.WriteFile("/root/test/file.yaml", []byte("")))
-	require.NoError(t, fSys.WriteFile("/root/filetwo.yaml", []byte("")))
-
-	// Absolute path is cleaned to relative path
-	cleanedPath := cleanedRelativePath(fSys, "/root/", "/root/test/file.yaml")
-	require.Equal(t, "test/file.yaml", cleanedPath)
-
-	// Winding absolute path is cleaned to relative path
-	cleanedPath = cleanedRelativePath(fSys, "/root/", "/root/test/../filetwo.yaml")
-	require.Equal(t, "filetwo.yaml", cleanedPath)
-
-	// Already clean relative path stays the same
-	cleanedPath = cleanedRelativePath(fSys, "/root/", "test/file.yaml")
-	require.Equal(t, "test/file.yaml", cleanedPath)
-
-	// Winding relative path is cleaned
-	cleanedPath = cleanedRelativePath(fSys, "/root/", "test/../filetwo.yaml")
-	require.Equal(t, "filetwo.yaml", cleanedPath)
-}

api/internal/plugins/builtinconfig/loaddefaultconfig.go

@@ -33,7 +33,7 @@ func loadDefaultConfig(
 // makeTransformerConfigFromBytes returns a TransformerConfig object from bytes
 func makeTransformerConfigFromBytes(data []byte) (*TransformerConfig, error) {
 	var t TransformerConfig
-	err := yaml.UnmarshalStrict(data, &t)
+	err := yaml.Unmarshal(data, &t)
 	if err != nil {
 		return nil, err
 	}

api/internal/plugins/builtinconfig/loaddefaultconfig_test.go

@@ -5,10 +5,9 @@ package builtinconfig
 
 import (
 	"reflect"
-	"strings"
 	"testing"
 
-	"sigs.k8s.io/kustomize/api/internal/loader"
+	"sigs.k8s.io/kustomize/api/loader"
 	"sigs.k8s.io/kustomize/api/types"
 	"sigs.k8s.io/kustomize/kyaml/filesys"
 	"sigs.k8s.io/kustomize/kyaml/resid"
@@ -45,28 +44,3 @@ namePrefix:
 		t.Fatalf("expected %v\n but go6t %v\n", expected, tCfg)
 	}
 }
-
-func TestLoadDefaultConfigsFromFilesWithMissingFields(t *testing.T) {
-	fSys := filesys.MakeFsInMemory()
-	filePathContainsTypo := "config_contains_typo.yaml"
-	if err := fSys.WriteFile(filePathContainsTypo, []byte(`
-namoPrefix:
-- path: nameprefix/path
-  kind: SomeKind
-`)); err != nil {
-		t.Fatal(err)
-	}
-	ldr, err := loader.NewLoader(
-		loader.RestrictionRootOnly, filesys.Separator, fSys)
-	if err != nil {
-		t.Fatal(err)
-	}
-	errMsg := "error unmarshaling JSON: while decoding JSON: json: unknown field"
-	_, err = loadDefaultConfig(ldr, []string{filePathContainsTypo})
-	if err == nil {
-		t.Fatalf("expected to fail unmarshal yaml, but got nil %s", filePathContainsTypo)
-	}
-	if !strings.Contains(err.Error(), errMsg) {
-		t.Fatalf("expected error %s, but got %s", errMsg, err)
-	}
-}

api/internal/plugins/builtinconfig/namebackreferences.go

@@ -22,7 +22,7 @@ import (
 // contains a Pod; Deployment, Job, StatefulSet, etc.
 // The ConfigMap is the ReferralTarget, the others are Referrers.
 //
-// If the name of a ConfigMap instance changed from 'alice' to 'bob',
+// If the the name of a ConfigMap instance changed from 'alice' to 'bob',
 // one must
 //  - visit all objects that could refer to the ConfigMap (the Referrers)
 //  - see if they mention 'alice',
@@ -47,8 +47,6 @@ type NameBackReferences struct {
 	// TODO: rename json 'fieldSpecs' to 'referrers' for clarity.
 	// This will, however, break anyone using a custom config.
 	Referrers types.FsSlice `json:"fieldSpecs,omitempty" yaml:"fieldSpecs,omitempty"`
-
-	// Note: If any new pointer based members are added, DeepCopy needs to be updated
 }
 
 func (n NameBackReferences) String() string {
@@ -68,17 +66,6 @@ func (s nbrSlice) Less(i, j int) bool {
 	return s[i].Gvk.IsLessThan(s[j].Gvk)
 }
 
-// DeepCopy returns a new copy of nbrSlice
-func (s nbrSlice) DeepCopy() nbrSlice {
-	ret := make(nbrSlice, len(s))
-	copy(ret, s)
-	for i, slice := range ret {
-		ret[i].Referrers = slice.Referrers.DeepCopy()
-	}
-
-	return ret
-}
-
 func (s nbrSlice) mergeAll(o nbrSlice) (result nbrSlice, err error) {
 	result = s
 	for _, r := range o {

api/internal/plugins/builtinconfig/namebackreferences_test.go

@@ -95,29 +95,3 @@ func TestMergeAll(t *testing.T) {
 		t.Fatalf("expected\n %v\n but got\n %v\n", expected, actual)
 	}
 }
-
-func TestNbrSlice_DeepCopy(t *testing.T) {
-	original := make(nbrSlice, 2, 4)
-	original[0] = NameBackReferences{Gvk: resid.FromKind("A"), Referrers: types.FsSlice{{Path: "a"}}}
-	original[1] = NameBackReferences{Gvk: resid.FromKind("B"), Referrers: types.FsSlice{{Path: "b"}}}
-
-	copied := original.DeepCopy()
-
-	original, _ = original.mergeOne(NameBackReferences{Gvk: resid.FromKind("C"), Referrers: types.FsSlice{{Path: "c"}}})
-
-	// perform mutations which should not affect original
-	copied.Swap(0, 1)
-	copied[0].Referrers[0].Path = "very b" // ensure Referrers are not shared
-	_, _ = copied.mergeOne(NameBackReferences{Gvk: resid.FromKind("D"), Referrers: types.FsSlice{{Path: "d"}}})
-
-	// if DeepCopy does not work, original would be {very b,a,d} instead of {a,b,c}
-	expected := nbrSlice{
-		{Gvk: resid.FromKind("A"), Referrers: types.FsSlice{{Path: "a"}}},
-		{Gvk: resid.FromKind("B"), Referrers: types.FsSlice{{Path: "b"}}},
-		{Gvk: resid.FromKind("C"), Referrers: types.FsSlice{{Path: "c"}}},
-	}
-
-	if !reflect.DeepEqual(original, expected) {
-		t.Fatalf("original affected by mutations to copied object:\ngot\t%+v,\nexpected: %+v", original, expected)
-	}
-}

api/internal/plugins/builtinconfig/transformerconfig.go

@@ -6,31 +6,23 @@ package builtinconfig
 import (
 	"log"
 	"sort"
-	"sync"
 
 	"sigs.k8s.io/kustomize/api/ifc"
-	"sigs.k8s.io/kustomize/api/internal/konfig/builtinpluginconsts"
+	"sigs.k8s.io/kustomize/api/konfig/builtinpluginconsts"
 	"sigs.k8s.io/kustomize/api/types"
-	"sigs.k8s.io/kustomize/kyaml/errors"
 )
 
 // TransformerConfig holds the data needed to perform transformations.
-//
-//nolint:tagalign
 type TransformerConfig struct {
-	// if any fields are added, update the DeepCopy implementation
-	NamePrefix                types.FsSlice `json:"namePrefix,omitempty" yaml:"namePrefix,omitempty"`
-	NameSuffix                types.FsSlice `json:"nameSuffix,omitempty" yaml:"nameSuffix,omitempty"`
-	NameSpace                 types.FsSlice `json:"namespace,omitempty" yaml:"namespace,omitempty"`
-	CommonLabels              types.FsSlice `json:"commonLabels,omitempty" yaml:"commonLabels,omitempty"`
-	Labels                    types.FsSlice `json:"labels,omitempty" yaml:"labels,omitempty"`
-	TemplateLabels            types.FsSlice `json:"templateLabels,omitempty" yaml:"templateLabels,omitempty"`
-	VolumeClaimTemplateLabels types.FsSlice `json:"volumeClaimTemplateLabels,omitempty" yaml:"volumeClaimTemplateLabels,omitempty"`
-	CommonAnnotations         types.FsSlice `json:"commonAnnotations,omitempty" yaml:"commonAnnotations,omitempty"`
-	NameReference             nbrSlice      `json:"nameReference,omitempty" yaml:"nameReference,omitempty"`
-	VarReference              types.FsSlice `json:"varReference,omitempty" yaml:"varReference,omitempty"`
-	Images                    types.FsSlice `json:"images,omitempty" yaml:"images,omitempty"`
-	Replicas                  types.FsSlice `json:"replicas,omitempty" yaml:"replicas,omitempty"`
+	NamePrefix        types.FsSlice `json:"namePrefix,omitempty" yaml:"namePrefix,omitempty"`
+	NameSuffix        types.FsSlice `json:"nameSuffix,omitempty" yaml:"nameSuffix,omitempty"`
+	NameSpace         types.FsSlice `json:"namespace,omitempty" yaml:"namespace,omitempty"`
+	CommonLabels      types.FsSlice `json:"commonLabels,omitempty" yaml:"commonLabels,omitempty"`
+	CommonAnnotations types.FsSlice `json:"commonAnnotations,omitempty" yaml:"commonAnnotations,omitempty"`
+	NameReference     nbrSlice      `json:"nameReference,omitempty" yaml:"nameReference,omitempty"`
+	VarReference      types.FsSlice `json:"varReference,omitempty" yaml:"varReference,omitempty"`
+	Images            types.FsSlice `json:"images,omitempty" yaml:"images,omitempty"`
+	Replicas          types.FsSlice `json:"replicas,omitempty" yaml:"replicas,omitempty"`
 }
 
 // MakeEmptyConfig returns an empty TransformerConfig object
@@ -38,45 +30,14 @@ func MakeEmptyConfig() *TransformerConfig {
 	return &TransformerConfig{}
 }
 
-// DeepCopy returns a new copy of TransformerConfig
-func (t *TransformerConfig) DeepCopy() *TransformerConfig {
-	return &TransformerConfig{
-		NamePrefix:                t.NamePrefix.DeepCopy(),
-		NameSuffix:                t.NameSuffix.DeepCopy(),
-		NameSpace:                 t.NameSpace.DeepCopy(),
-		CommonLabels:              t.CommonLabels.DeepCopy(),
-		Labels:                    t.Labels.DeepCopy(),
-		TemplateLabels:            t.TemplateLabels.DeepCopy(),
-		VolumeClaimTemplateLabels: t.VolumeClaimTemplateLabels.DeepCopy(),
-		CommonAnnotations:         t.CommonAnnotations.DeepCopy(),
-		NameReference:             t.NameReference.DeepCopy(),
-		VarReference:              t.VarReference.DeepCopy(),
-		Images:                    t.Images.DeepCopy(),
-		Replicas:                  t.Replicas.DeepCopy(),
-	}
-}
-
-// the default transformer config is initialized by MakeDefaultConfig,
-// and must only be accessed via that function.
-var (
-	initDefaultConfig sync.Once          //nolint:gochecknoglobals
-	defaultConfig     *TransformerConfig //nolint:gochecknoglobals
-)
-
 // MakeDefaultConfig returns a default TransformerConfig.
 func MakeDefaultConfig() *TransformerConfig {
-	// parsing is expensive when having a large tree with many kustomization modules, so only do it once
-	initDefaultConfig.Do(func() {
-		var err error
-		defaultConfig, err = makeTransformerConfigFromBytes(
-			builtinpluginconsts.GetDefaultFieldSpecs())
-		if err != nil {
-			log.Fatalf("Unable to make default transformconfig: %v", err)
-		}
-	})
-
-	// return a copy to avoid any mutations to protect the reference copy
-	return defaultConfig.DeepCopy()
+	c, err := makeTransformerConfigFromBytes(
+		builtinpluginconsts.GetDefaultFieldSpecs())
+	if err != nil {
+		log.Fatalf("Unable to make default transformconfig: %v", err)
+	}
+	return c
 }
 
 // MakeTransformerConfig returns a merger of custom config,
@@ -97,12 +58,8 @@ func MakeTransformerConfig(
 // sortFields provides determinism in logging, tests, etc.
 func (t *TransformerConfig) sortFields() {
 	sort.Sort(t.NamePrefix)
-	sort.Sort(t.NameSuffix)
 	sort.Sort(t.NameSpace)
 	sort.Sort(t.CommonLabels)
-	sort.Sort(t.Labels)
-	sort.Sort(t.TemplateLabels)
-	sort.Sort(t.VolumeClaimTemplateLabels)
 	sort.Sort(t.CommonAnnotations)
 	sort.Sort(t.NameReference)
 	sort.Sort(t.VarReference)
@@ -122,18 +79,12 @@ func (t *TransformerConfig) AddSuffixFieldSpec(fs types.FieldSpec) (err error) {
 	return err
 }
 
-// AddCommonLabelsFieldSpec adds a FieldSpec to CommonLabels
-func (t *TransformerConfig) AddCommonLabelsFieldSpec(fs types.FieldSpec) (err error) {
+// AddLabelFieldSpec adds a FieldSpec to CommonLabels
+func (t *TransformerConfig) AddLabelFieldSpec(fs types.FieldSpec) (err error) {
 	t.CommonLabels, err = t.CommonLabels.MergeOne(fs)
 	return err
 }
 
-// AddLabelsFieldSpec adds a FieldSpec to Labels
-func (t *TransformerConfig) AddLabelsFieldSpec(fs types.FieldSpec) (err error) {
-	t.Labels, err = t.Labels.MergeOne(fs)
-	return err //nolint:wrapcheck
-}
-
 // AddAnnotationFieldSpec adds a FieldSpec to CommonAnnotations
 func (t *TransformerConfig) AddAnnotationFieldSpec(fs types.FieldSpec) (err error) {
 	t.CommonAnnotations, err = t.CommonAnnotations.MergeOne(fs)
@@ -157,52 +108,40 @@ func (t *TransformerConfig) Merge(input *TransformerConfig) (
 	merged = &TransformerConfig{}
 	merged.NamePrefix, err = t.NamePrefix.MergeAll(input.NamePrefix)
 	if err != nil {
-		return nil, errors.WrapPrefixf(err, "failed to merge NamePrefix fieldSpec")
+		return nil, err
 	}
 	merged.NameSuffix, err = t.NameSuffix.MergeAll(input.NameSuffix)
 	if err != nil {
-		return nil, errors.WrapPrefixf(err, "failed to merge NameSuffix fieldSpec")
+		return nil, err
 	}
 	merged.NameSpace, err = t.NameSpace.MergeAll(input.NameSpace)
 	if err != nil {
-		return nil, errors.WrapPrefixf(err, "failed to merge NameSpace fieldSpec")
+		return nil, err
 	}
 	merged.CommonAnnotations, err = t.CommonAnnotations.MergeAll(
 		input.CommonAnnotations)
 	if err != nil {
-		return nil, errors.WrapPrefixf(err, "failed to merge CommonAnnotations fieldSpec")
+		return nil, err
 	}
 	merged.CommonLabels, err = t.CommonLabels.MergeAll(input.CommonLabels)
 	if err != nil {
-		return nil, errors.WrapPrefixf(err, "failed to merge CommonLabels fieldSpec")
-	}
-	merged.Labels, err = t.Labels.MergeAll(input.Labels)
-	if err != nil {
-		return nil, errors.WrapPrefixf(err, "failed to merge Labels fieldSpec")
-	}
-	merged.TemplateLabels, err = t.TemplateLabels.MergeAll(input.TemplateLabels)
-	if err != nil {
-		return nil, errors.WrapPrefixf(err, "failed to merge TemplateLabels fieldSpec")
-	}
-	merged.VolumeClaimTemplateLabels, err = t.VolumeClaimTemplateLabels.MergeAll(input.VolumeClaimTemplateLabels)
-	if err != nil {
-		return nil, errors.WrapPrefixf(err, "failed to merge VolumeClaimTemplateLabels fieldSpec")
+		return nil, err
 	}
 	merged.VarReference, err = t.VarReference.MergeAll(input.VarReference)
 	if err != nil {
-		return nil, errors.WrapPrefixf(err, "failed to merge VarReference fieldSpec")
+		return nil, err
 	}
 	merged.NameReference, err = t.NameReference.mergeAll(input.NameReference)
 	if err != nil {
-		return nil, errors.WrapPrefixf(err, "failed to merge NameReference fieldSpec")
+		return nil, err
 	}
 	merged.Images, err = t.Images.MergeAll(input.Images)
 	if err != nil {
-		return nil, errors.WrapPrefixf(err, "failed to merge Images fieldSpec")
+		return nil, err
 	}
 	merged.Replicas, err = t.Replicas.MergeAll(input.Replicas)
 	if err != nil {
-		return nil, errors.WrapPrefixf(err, "failed to merge Replicas fieldSpec")
+		return nil, err
 	}
 	merged.sortFields()
 	return merged, nil

api/internal/plugins/builtinconfig/transformerconfig_test.go

@@ -4,10 +4,9 @@
 package builtinconfig_test
 
 import (
+	"reflect"
 	"testing"
 
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
 	. "sigs.k8s.io/kustomize/api/internal/plugins/builtinconfig"
 	"sigs.k8s.io/kustomize/api/types"
 	"sigs.k8s.io/kustomize/kyaml/resid"
@@ -36,8 +35,13 @@ func TestAddNamereferenceFieldSpec(t *testing.T) {
 		},
 	}
 
-	require.NoError(t, cfg.AddNamereferenceFieldSpec(nbrs))
-	require.Len(t, cfg.NameReference, 1, "failed to add namereference FieldSpec")
+	err := cfg.AddNamereferenceFieldSpec(nbrs)
+	if err != nil {
+		t.Fatalf("unexpected err: %v", err)
+	}
+	if len(cfg.NameReference) != 1 {
+		t.Fatal("failed to add namereference FieldSpec")
+	}
 }
 
 func TestAddFieldSpecs(t *testing.T) {
@@ -49,14 +53,34 @@ func TestAddFieldSpecs(t *testing.T) {
 		CreateIfNotPresent: true,
 	}
 
-	require.NoError(t, cfg.AddPrefixFieldSpec(fieldSpec))
-	require.Len(t, cfg.NamePrefix, 1, "failed to add nameprefix FieldSpec")
-	require.NoError(t, cfg.AddSuffixFieldSpec(fieldSpec))
-	require.Len(t, cfg.NameSuffix, 1, "failed to add namesuffix FieldSpec")
-	require.NoError(t, cfg.AddCommonLabelsFieldSpec(fieldSpec))
-	require.Len(t, cfg.CommonLabels, 1, "failed to add labels FieldSpec")
-	require.NoError(t, cfg.AddAnnotationFieldSpec(fieldSpec))
-	require.Len(t, cfg.CommonAnnotations, 1, "failed to add nameprefix FieldSpec")
+	err := cfg.AddPrefixFieldSpec(fieldSpec)
+	if err != nil {
+		t.Fatalf("unexpected err: %v", err)
+	}
+	if len(cfg.NamePrefix) != 1 {
+		t.Fatalf("failed to add nameprefix FieldSpec")
+	}
+	err = cfg.AddSuffixFieldSpec(fieldSpec)
+	if err != nil {
+		t.Fatalf("unexpected err: %v", err)
+	}
+	if len(cfg.NameSuffix) != 1 {
+		t.Fatalf("failed to add namesuffix FieldSpec")
+	}
+	err = cfg.AddLabelFieldSpec(fieldSpec)
+	if err != nil {
+		t.Fatalf("unexpected err: %v", err)
+	}
+	if len(cfg.CommonLabels) != 1 {
+		t.Fatalf("failed to add nameprefix FieldSpec")
+	}
+	err = cfg.AddAnnotationFieldSpec(fieldSpec)
+	if err != nil {
+		t.Fatalf("unexpected err: %v", err)
+	}
+	if len(cfg.CommonAnnotations) != 1 {
+		t.Fatalf("failed to add nameprefix FieldSpec")
+	}
 }
 
 func TestMerge(t *testing.T) {
@@ -103,58 +127,49 @@ func TestMerge(t *testing.T) {
 		},
 	}
 	cfga := &TransformerConfig{}
-	require.NoError(t, cfga.AddNamereferenceFieldSpec(nameReference[0]))
-	require.NoError(t, cfga.AddPrefixFieldSpec(fieldSpecs[0]))
-	require.NoError(t, cfga.AddSuffixFieldSpec(fieldSpecs[0]))
-	require.NoError(t, cfga.AddCommonLabelsFieldSpec(fieldSpecs[0]))
-	require.NoError(t, cfga.AddLabelsFieldSpec(fieldSpecs[0]))
+	cfga.AddNamereferenceFieldSpec(nameReference[0])
+	cfga.AddPrefixFieldSpec(fieldSpecs[0])
+	cfga.AddSuffixFieldSpec(fieldSpecs[0])
 
 	cfgb := &TransformerConfig{}
-	require.NoError(t, cfgb.AddNamereferenceFieldSpec(nameReference[1]))
-	require.NoError(t, cfgb.AddPrefixFieldSpec(fieldSpecs[1]))
-	require.NoError(t, cfgb.AddSuffixFieldSpec(fieldSpecs[1]))
-	require.NoError(t, cfgb.AddCommonLabelsFieldSpec(fieldSpecs[1]))
-	require.NoError(t, cfgb.AddLabelsFieldSpec(fieldSpecs[1]))
+	cfgb.AddNamereferenceFieldSpec(nameReference[1])
+	cfgb.AddPrefixFieldSpec(fieldSpecs[1])
+	cfga.AddSuffixFieldSpec(fieldSpecs[1])
 
 	actual, err := cfga.Merge(cfgb)
-	require.NoError(t, err)
-	require.Len(t, actual.NamePrefix, 2, "merge failed for namePrefix FieldSpec")
-	require.Len(t, actual.NameSuffix, 2, "merge failed for nameSuffix FieldSpec")
-	require.Len(t, actual.NameReference, 1, "merge failed for nameReference FieldSpec")
-	require.Len(t, actual.Labels, 2, "merge failed for labels FieldSpec")
-	require.Len(t, actual.CommonLabels, 2, "merge failed for commonLabels FieldSpec")
+	if err != nil {
+		t.Fatalf("unexpected err: %v", err)
+	}
+
+	if len(actual.NamePrefix) != 2 {
+		t.Fatal("merge failed for namePrefix FieldSpec")
+	}
+
+	if len(actual.NameSuffix) != 2 {
+		t.Fatal("merge failed for nameSuffix FieldSpec")
+	}
+
+	if len(actual.NameReference) != 1 {
+		t.Fatal("merge failed for namereference FieldSpec")
+	}
 
 	expected := &TransformerConfig{}
-	require.NoError(t, expected.AddNamereferenceFieldSpec(nameReference[0]))
-	require.NoError(t, expected.AddNamereferenceFieldSpec(nameReference[1]))
-	require.NoError(t, expected.AddPrefixFieldSpec(fieldSpecs[0]))
-	require.NoError(t, expected.AddPrefixFieldSpec(fieldSpecs[1]))
-	require.NoError(t, expected.AddSuffixFieldSpec(fieldSpecs[0]))
-	require.NoError(t, expected.AddSuffixFieldSpec(fieldSpecs[1]))
-	require.NoError(t, expected.AddCommonLabelsFieldSpec(fieldSpecs[0]))
-	require.NoError(t, expected.AddCommonLabelsFieldSpec(fieldSpecs[1]))
-	require.NoError(t, expected.AddLabelsFieldSpec(fieldSpecs[0]))
-	require.NoError(t, expected.AddLabelsFieldSpec(fieldSpecs[1]))
-	require.Equal(t, expected, actual)
+	expected.AddNamereferenceFieldSpec(nameReference[0])
+	expected.AddNamereferenceFieldSpec(nameReference[1])
+	expected.AddPrefixFieldSpec(fieldSpecs[0])
+	expected.AddPrefixFieldSpec(fieldSpecs[1])
+	expected.AddSuffixFieldSpec(fieldSpecs[0])
+	expected.AddSuffixFieldSpec(fieldSpecs[1])
+
+	if !reflect.DeepEqual(actual, expected) {
+		t.Fatalf("expected: %v\n but got: %v\n", expected, actual)
+	}
 
 	actual, err = cfga.Merge(nil)
-	require.NoError(t, err)
-	require.Equal(t, cfga, actual)
-}
-
-func TestMakeDefaultConfig_mutation(t *testing.T) {
-	a := MakeDefaultConfig()
-
-	// mutate
-	a.NameReference[0].Kind = "mutated"
-	a.NameReference = a.NameReference[:1]
-
-	clean := MakeDefaultConfig()
-	assert.NotEqualf(t, "mutated", clean.NameReference[0].Kind, "MakeDefaultConfig() did not return a clean copy: %+v", clean.NameReference)
-}
-
-func BenchmarkMakeDefaultConfig(b *testing.B) {
-	for i := 0; i < b.N; i++ {
-		_ = MakeDefaultConfig()
+	if err != nil {
+		t.Fatalf("unexpected err: %v", err)
+	}
+	if !reflect.DeepEqual(actual, cfga) {
+		t.Fatalf("expected: %v\n but got: %v\n", cfga, actual)
 	}
 }

api/internal/plugins/builtinhelpers/builtinplugintype_string.go

@@ -15,23 +15,24 @@ func _() {
 	_ = x[HashTransformer-4]
 	_ = x[ImageTagTransformer-5]
 	_ = x[LabelTransformer-6]
-	_ = x[NamespaceTransformer-7]
-	_ = x[PatchJson6902Transformer-8]
-	_ = x[PatchStrategicMergeTransformer-9]
-	_ = x[PatchTransformer-10]
-	_ = x[PrefixSuffixTransformer-11]
-	_ = x[PrefixTransformer-12]
-	_ = x[SuffixTransformer-13]
-	_ = x[ReplicaCountTransformer-14]
-	_ = x[SecretGenerator-15]
-	_ = x[ValueAddTransformer-16]
-	_ = x[HelmChartInflationGenerator-17]
-	_ = x[ReplacementTransformer-18]
+	_ = x[LegacyOrderTransformer-7]
+	_ = x[NamespaceTransformer-8]
+	_ = x[PatchJson6902Transformer-9]
+	_ = x[PatchStrategicMergeTransformer-10]
+	_ = x[PatchTransformer-11]
+	_ = x[PrefixSuffixTransformer-12]
+	_ = x[PrefixTransformer-13]
+	_ = x[SuffixTransformer-14]
+	_ = x[ReplicaCountTransformer-15]
+	_ = x[SecretGenerator-16]
+	_ = x[ValueAddTransformer-17]
+	_ = x[HelmChartInflationGenerator-18]
+	_ = x[ReplacementTransformer-19]
 }
 
-const _BuiltinPluginType_name = "UnknownAnnotationsTransformerConfigMapGeneratorIAMPolicyGeneratorHashTransformerImageTagTransformerLabelTransformerNamespaceTransformerPatchJson6902TransformerPatchStrategicMergeTransformerPatchTransformerPrefixSuffixTransformerPrefixTransformerSuffixTransformerReplicaCountTransformerSecretGeneratorValueAddTransformerHelmChartInflationGeneratorReplacementTransformer"
+const _BuiltinPluginType_name = "UnknownAnnotationsTransformerConfigMapGeneratorIAMPolicyGeneratorHashTransformerImageTagTransformerLabelTransformerLegacyOrderTransformerNamespaceTransformerPatchJson6902TransformerPatchStrategicMergeTransformerPatchTransformerPrefixSuffixTransformerPrefixTransformerSuffixTransformerReplicaCountTransformerSecretGeneratorValueAddTransformerHelmChartInflationGeneratorReplacementTransformer"
 
-var _BuiltinPluginType_index = [...]uint16{0, 7, 29, 47, 65, 80, 99, 115, 135, 159, 189, 205, 228, 245, 262, 285, 300, 319, 346, 368}
+var _BuiltinPluginType_index = [...]uint16{0, 7, 29, 47, 65, 80, 99, 115, 137, 157, 181, 211, 227, 250, 267, 284, 307, 322, 341, 368, 390}
 
 func (i BuiltinPluginType) String() string {
 	if i < 0 || i >= BuiltinPluginType(len(_BuiltinPluginType_index)-1) {

api/internal/plugins/builtinhelpers/builtins.go

@@ -19,6 +19,7 @@ const (
 	HashTransformer
 	ImageTagTransformer
 	LabelTransformer
+	LegacyOrderTransformer
 	NamespaceTransformer
 	PatchJson6902Transformer
 	PatchStrategicMergeTransformer
@@ -99,6 +100,7 @@ var TransformerFactories = map[BuiltinPluginType]func() resmap.TransformerPlugin
 	HashTransformer:                builtins.NewHashTransformerPlugin,
 	ImageTagTransformer:            builtins.NewImageTagTransformerPlugin,
 	LabelTransformer:               builtins.NewLabelTransformerPlugin,
+	LegacyOrderTransformer:         builtins.NewLegacyOrderTransformerPlugin,
 	NamespaceTransformer:           builtins.NewNamespaceTransformerPlugin,
 	PatchJson6902Transformer:       builtins.NewPatchJson6902TransformerPlugin,
 	PatchStrategicMergeTransformer: builtins.NewPatchStrategicMergeTransformerPlugin,
@@ -109,7 +111,4 @@ var TransformerFactories = map[BuiltinPluginType]func() resmap.TransformerPlugin
 	ReplacementTransformer:         builtins.NewReplacementTransformerPlugin,
 	ReplicaCountTransformer:        builtins.NewReplicaCountTransformerPlugin,
 	ValueAddTransformer:            builtins.NewValueAddTransformerPlugin,
-	// Do not wired SortOrderTransformer as a builtin plugin.
-	// We only want it to be available in the top-level kustomization.
-	// See: https://github.com/kubernetes-sigs/kustomize/issues/3913
 }

api/internal/plugins/compiler/compiler.go

@@ -12,8 +12,8 @@ import (
 	"path/filepath"
 	"strings"
 
+	"github.com/pkg/errors"
 	"sigs.k8s.io/kustomize/api/internal/plugins/utils"
-	"sigs.k8s.io/kustomize/kyaml/errors"
 )
 
 // Compiler creates Go plugin object files.
@@ -86,7 +86,7 @@ func (b *Compiler) Compile() error {
 	cmd.Dir = b.workDir
 	if err := cmd.Run(); err != nil {
 		b.report()
-		return errors.WrapPrefixf(
+		return errors.Wrapf(
 			err, "cannot compile %s:\nSTDERR\n%s\n",
 			b.srcPath(), b.stderr.String())
 	}

api/internal/plugins/execplugin/execplugin.go

@@ -6,21 +6,22 @@ package execplugin
 import (
 	"bytes"
 	"fmt"
-	"log"
+	"io/ioutil"
 	"os"
 	"os/exec"
 	"runtime"
 	"strings"
 
+	"github.com/google/shlex"
+
+	"github.com/pkg/errors"
 	"sigs.k8s.io/kustomize/api/internal/plugins/utils"
 	"sigs.k8s.io/kustomize/api/resmap"
-	"sigs.k8s.io/kustomize/kyaml/errors"
 	"sigs.k8s.io/yaml"
 )
 
 const (
 	tmpConfigFilePrefix = "kust-plugin-config-"
-	maxArgStringLength  = 131071
 )
 
 // ExecPlugin record the name and args of an executable
@@ -93,11 +94,7 @@ func (p *ExecPlugin) processOptionalArgsFields() error {
 		return err
 	}
 	if c.ArgsOneLiner != "" {
-		argsTolenSlice, err := ShlexSplit(c.ArgsOneLiner)
-		if err != nil {
-			return fmt.Errorf("failed to parse argsOneLiner: %w", err)
-		}
-		p.args = argsTolenSlice
+		p.args, _ = shlex.Split(c.ArgsOneLiner)
 	}
 	if c.ArgsFromFile != "" {
 		content, err := p.h.Loader().Load(c.ArgsFromFile)
@@ -153,54 +150,43 @@ func (p *ExecPlugin) Transform(rm resmap.ResMap) error {
 // passes the full temp file path as the first arg to a process
 // running the plugin binary.  Process output is returned.
 func (p *ExecPlugin) invokePlugin(input []byte) ([]byte, error) {
-	f, err := os.CreateTemp("", tmpConfigFilePrefix)
+	f, err := ioutil.TempFile("", tmpConfigFilePrefix)
 	if err != nil {
-		return nil, errors.WrapPrefixf(
+		return nil, errors.Wrap(
 			err, "creating tmp plugin config file")
 	}
 	_, err = f.Write(p.cfg)
 	if err != nil {
-		return nil, errors.WrapPrefixf(
-			err, "writing plugin config to %s", f.Name())
+		return nil, errors.Wrap(
+			err, "writing plugin config to "+f.Name())
 	}
 	err = f.Close()
 	if err != nil {
-		return nil, errors.WrapPrefixf(
-			err, "closing plugin config file %s", f.Name())
+		return nil, errors.Wrap(
+			err, "closing plugin config file "+f.Name())
 	}
+	//nolint:gosec
 	cmd := exec.Command(
 		p.path, append([]string{f.Name()}, p.args...)...)
 	cmd.Env = p.getEnv()
 	cmd.Stdin = bytes.NewReader(input)
-	var stdErr bytes.Buffer
-	cmd.Stderr = &stdErr
+	cmd.Stderr = os.Stderr
 	if _, err := os.Stat(p.h.Loader().Root()); err == nil {
 		cmd.Dir = p.h.Loader().Root()
 	}
 	result, err := cmd.Output()
 	if err != nil {
-		return nil, errors.WrapPrefixf(
-			fmt.Errorf("failure in plugin configured via %s; %w", f.Name(), err),
-			"%s", stdErr.String())
+		return nil, errors.Wrapf(
+			err, "failure in plugin configured via %s; %v",
+			f.Name(), err.Error())
 	}
 	return result, os.Remove(f.Name())
 }
 
 func (p *ExecPlugin) getEnv() []string {
 	env := os.Environ()
-	pluginConfigString := "KUSTOMIZE_PLUGIN_CONFIG_STRING=" + string(p.cfg)
-	if len(pluginConfigString) <= maxArgStringLength {
-		env = append(env, pluginConfigString)
-	} else {
-		log.Printf("KUSTOMIZE_PLUGIN_CONFIG_STRING exceeds hard limit of %d characters, the environment variable "+
-			"will be omitted", maxArgStringLength)
-	}
-	pluginConfigRoot := "KUSTOMIZE_PLUGIN_CONFIG_ROOT=" + p.h.Loader().Root()
-	if len(pluginConfigRoot) <= maxArgStringLength {
-		env = append(env, pluginConfigRoot)
-	} else {
-		log.Printf("KUSTOMIZE_PLUGIN_CONFIG_ROOT exceeds hard limit of %d characters, the environment variable "+
-			"will be omitted", maxArgStringLength)
-	}
+	env = append(env,
+		"KUSTOMIZE_PLUGIN_CONFIG_STRING="+string(p.cfg),
+		"KUSTOMIZE_PLUGIN_CONFIG_ROOT="+p.h.Loader().Root())
 	return env
 }

api/internal/plugins/execplugin/execplugin_test.go

@@ -10,22 +10,16 @@ import (
 	"testing"
 
 	"github.com/stretchr/testify/require"
-	fLdr "sigs.k8s.io/kustomize/api/internal/loader"
 	. "sigs.k8s.io/kustomize/api/internal/plugins/execplugin"
 	pLdr "sigs.k8s.io/kustomize/api/internal/plugins/loader"
 	"sigs.k8s.io/kustomize/api/internal/plugins/utils"
+	fLdr "sigs.k8s.io/kustomize/api/loader"
 	"sigs.k8s.io/kustomize/api/provider"
 	"sigs.k8s.io/kustomize/api/resmap"
 	"sigs.k8s.io/kustomize/api/types"
 	"sigs.k8s.io/kustomize/kyaml/filesys"
 )
 
-const (
-	expectedLargeConfigMap = `{"apiVersion":"v1","data":{"password":"password","username":"user"},"kind":"ConfigMap",` +
-		`"metadata":{"annotations":{"internal.config.kubernetes.io/generatorBehavior":"unspecified",` +
-		`"internal.config.kubernetes.io/needsHashSuffix":"enabled"},"name":"example-configmap-test"}}`
-)
-
 func TestExecPluginConfig(t *testing.T) {
 	fSys := filesys.MakeFsInMemory()
 	err := fSys.WriteFile("sed-input.txt", []byte(`
@@ -41,7 +35,7 @@ s/$BAR/bar baz/g
 	}
 	pvd := provider.NewDefaultDepProvider()
 	rf := resmap.NewFactory(pvd.GetResourceFactory())
-	pluginConfig, err := rf.RF().FromMap(
+	pluginConfig := rf.RF().FromMap(
 		map[string]interface{}{
 			"apiVersion": "someteam.example.com/v1",
 			"kind":       "SedTransformer",
@@ -51,9 +45,6 @@ s/$BAR/bar baz/g
 			"argsOneLiner": "one two 'foo bar'",
 			"argsFromFile": "sed-input.txt",
 		})
-	if err != nil {
-		t.Fatalf("failed to writes the data to a file: %v", err)
-	}
 
 	pluginConfig.RemoveBuildAnnotations()
 	pc := types.DisabledPluginConfig()
@@ -134,104 +125,3 @@ func TestExecPlugin_ErrIfNotExecutable(t *testing.T) {
 		t.Fatalf("unexpected err: %v", err)
 	}
 }
-
-// TestExecPluginLarge loads PluginConfigs of various (large) sizes. It tests if the env variable is kept below the
-// maximum of 131072 bytes.
-func TestExecPluginLarge(t *testing.T) {
-	// Skip this test on windows.
-	if runtime.GOOS == "windows" {
-		t.Skipf("always returns nil on Windows")
-	}
-
-	// Add executable plugin.
-	srcRoot, err := utils.DeterminePluginSrcRoot(filesys.MakeFsOnDisk())
-	if err != nil {
-		t.Error(err)
-	}
-	executablePlugin := filepath.Join(
-		srcRoot, "someteam.example.com", "v1", "bashedconfigmap", "BashedConfigMap")
-	p := NewExecPlugin(executablePlugin)
-	err = p.ErrIfNotExecutable()
-	if err != nil {
-		t.Fatalf("unexpected err: %v", err)
-	}
-
-	// Create a fake filesystem.
-	fSys := filesys.MakeFsInMemory()
-
-	// Load plugin config.
-	ldr, err := fLdr.NewLoader(
-		fLdr.RestrictionRootOnly, filesys.Separator, fSys)
-	if err != nil {
-		t.Fatal(err)
-	}
-	pvd := provider.NewDefaultDepProvider()
-	rf := resmap.NewFactory(pvd.GetResourceFactory())
-	pc := types.DisabledPluginConfig()
-
-	// Test for various lengths. 131071 is the max length that we can have for any given env var in Bytes.
-	tcs := []struct {
-		length int
-		char   rune
-	}{
-		{1000, 'a'},
-		{131071, 'a'},
-		{131072, 'a'},
-		{200000, 'a'},
-		{131071, '安'},
-		{131074, '安'},
-	}
-	for _, tc := range tcs {
-		t.Logf("Testing with an env var length of %d and character %c", tc.length, tc.char)
-		pluginConfig, err := rf.RF().FromBytes(buildLargePluginConfig(tc.length, tc.char))
-		if err != nil {
-			t.Fatalf("unexpected err: %v", err)
-		}
-		yaml, err := pluginConfig.AsYAML()
-		if err != nil {
-			t.Fatalf("unexpected err: %v", err)
-		}
-		err = p.Config(resmap.NewPluginHelpers(ldr, pvd.GetFieldValidator(), rf, pc), yaml)
-		if err != nil {
-			t.Fatalf("unexpected err: %v", err)
-		}
-		resMap, err := p.Generate()
-		if err != nil {
-			t.Fatalf("unexpected err: %v", err)
-		}
-		rNodeSlices := resMap.ToRNodeSlice()
-		for _, rNodeSlice := range rNodeSlices {
-			json, err := rNodeSlice.MarshalJSON()
-			if err != nil {
-				t.Fatalf("unexpected err: %v", err)
-			}
-			if string(json) != expectedLargeConfigMap {
-				t.Fatalf("expected generated JSON to match %q, but got %q instead",
-					expectedLargeConfigMap, string(json))
-			}
-		}
-	}
-}
-
-// buildLargePluginConfig builds a plugin configuration of length: length - len("KUSTOMIZE_PLUGIN_CONFIG_STRING=")
-// This allows us to create an environment variable KUSTOMIZE_PLUGIN_CONFIG_STRING=<plugin content> with the exact
-// length that's provided in the length parameter. Used as a helper for TestExecPluginLarge.
-func buildLargePluginConfig(length int, char rune) []byte {
-	length -= len("KUSTOMIZE_PLUGIN_CONFIG_STRING=")
-
-	var sb strings.Builder
-	sb.WriteString("apiVersion: someteam.example.com/v1\n")
-	sb.WriteString("kind: BashedConfigMap\n")
-	sb.WriteString("metadata:\n")
-	sb.WriteString("  name: some-random-name\n")
-	sb.WriteString("argsOneLiner: \"user password\"\n")
-	sb.WriteString("customArg: ")
-
-	// Now, fill up parameter customArg: until we reach the desired length. Account for the fact that runes can be
-	// 1 to 4 Bytes each.
-	upperBound := length - sb.Len()
-	for i := 0; i < upperBound-len(string(char)); i += len(string(char)) {
-		sb.WriteRune(char)
-	}
-	return []byte(sb.String())
-}

api/internal/plugins/execplugin/shlex.go

@@ -1,62 +0,0 @@
-// Copyright 2019 The Kubernetes Authors.
-// SPDX-License-Identifier: Apache-2.0
-
-package execplugin
-
-import (
-	"fmt"
-	"strings"
-	"unicode"
-)
-
-// ShlexSplit splits a string into a slice of strings using shell-style rules for quoting and commenting
-// Similar to Python's shlex.split with comments enabled
-func ShlexSplit(s string) ([]string, error) {
-	return shlexSplit(s)
-}
-
-func shlexSplit(s string) ([]string, error) {
-	result := []string{}
-
-	// noQuote is used to track if we are not in a quoted
-	const noQuote = 0
-
-	var current strings.Builder
-	var quote rune = noQuote
-	var escaped bool
-
-	for _, r := range s {
-		switch {
-		case escaped:
-			current.WriteRune(r)
-			escaped = false
-		case r == '\\' && quote != '\'':
-			escaped = true
-		case (r == '\'' || r == '"') && quote == noQuote:
-			quote = r
-		case r == quote:
-			quote = noQuote
-		case r == '#' && quote == noQuote:
-			// Comment starts, ignore the rest of the line
-			if current.Len() > 0 {
-				result = append(result, current.String())
-			}
-			return result, nil
-		case unicode.IsSpace(r) && quote == noQuote:
-			if current.Len() > 0 {
-				result = append(result, current.String())
-				current.Reset()
-			}
-		default:
-			current.WriteRune(r)
-		}
-	}
-
-	if quote != noQuote {
-		return nil, fmt.Errorf("unclosed quote in string")
-	}
-	if current.Len() > 0 {
-		result = append(result, current.String())
-	}
-	return result, nil
-}

api/internal/plugins/execplugin/shlex_test.go

@@ -1,183 +0,0 @@
-// Copyright 2019 The Kubernetes Authors.
-// SPDX-License-Identifier: Apache-2.0
-
-package execplugin
-
-import (
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestShlexSplit(t *testing.T) {
-	testCases := []struct {
-		name     string
-		input    string
-		expected []string
-		wantErr  bool
-	}{
-		{
-			name:     "basic space separation",
-			input:    `hello world`,
-			expected: []string{"hello", "world"},
-			wantErr:  false,
-		},
-		{
-			name:     "double quoted string",
-			input:    `"hello world"`,
-			expected: []string{"hello world"},
-			wantErr:  false,
-		},
-		{
-			name:     "single quoted string",
-			input:    `'hello world'`,
-			expected: []string{"hello world"},
-			wantErr:  false,
-		},
-		{
-			name:     "mixed quotes and words",
-			input:    `hello "world test"`,
-			expected: []string{"hello", "world test"},
-			wantErr:  false,
-		},
-		{
-			name:     "single quotes with spaces",
-			input:    `hello 'world test'`,
-			expected: []string{"hello", "world test"},
-			wantErr:  false,
-		},
-		{
-			name:     "nested quotes - single in double",
-			input:    `"hello 'nested' world"`,
-			expected: []string{"hello 'nested' world"},
-			wantErr:  false,
-		},
-		{
-			name:     "nested quotes - double in single",
-			input:    `'hello "nested" world'`,
-			expected: []string{"hello \"nested\" world"},
-			wantErr:  false,
-		},
-		{
-			name:     "escaped space",
-			input:    `hello\ world`,
-			expected: []string{"hello world"},
-			wantErr:  false,
-		},
-		{
-			name:     "escaped quotes in double quotes",
-			input:    `"hello \"world\""`,
-			expected: []string{"hello \"world\""},
-			wantErr:  false,
-		},
-		{
-			name:     "single quote in single quotes",
-			input:    `'can'\''t'`,
-			expected: []string{"can't"},
-			wantErr:  false,
-		},
-		{
-			name:     "complex argument list",
-			input:    `arg1 "arg 2" 'arg 3' arg4`,
-			expected: []string{"arg1", "arg 2", "arg 3", "arg4"},
-			wantErr:  false,
-		},
-		{
-			name:     "echo command with escaped quotes",
-			input:    `echo "Hello, \"World!\""`,
-			expected: []string{"echo", "Hello, \"World!\""},
-			wantErr:  false,
-		},
-		{
-			name:     "grep command with quoted search term",
-			input:    `grep -r "search term" /path/to/dir`,
-			expected: []string{"grep", "-r", "search term", "/path/to/dir"},
-			wantErr:  false,
-		},
-		{
-			name:     "ls command with quoted filename",
-			input:    `ls -la "file with spaces.txt"`,
-			expected: []string{"ls", "-la", "file with spaces.txt"},
-			wantErr:  false,
-		},
-		{
-			name:     "empty string",
-			input:    ``,
-			expected: []string{},
-			wantErr:  false,
-		},
-		{
-			name:     "multiple spaces",
-			input:    `   multiple	spaces   `,
-			expected: []string{"multiple", "spaces"},
-			wantErr:  false,
-		},
-		{
-			name:     "with comment string",
-			input:    `echo "Hello, W#orld!" ${USER} # This is a comment`,
-			expected: []string{"echo", "Hello, W#orld!", "${USER}"},
-			wantErr:  false,
-		},
-		{
-			name:     "comment only",
-			input:    `# this line is just a comment`,
-			expected: []string{},
-			wantErr:  false,
-		},
-		// may cause an error in shlex at python3
-		{
-			name:     "unclosed double quote",
-			input:    `"unclosed quote`,
-			expected: nil,
-			wantErr:  true,
-		},
-		{
-			name:     "unclosed single quote",
-			input:    `'unclosed quote`,
-			expected: nil,
-			wantErr:  true,
-		},
-		{
-			name:     "mixed unclosed quotes",
-			input:    `"mixed 'quotes`,
-			expected: nil,
-			wantErr:  true,
-		},
-		{
-			name:     "single quote closed with double quote",
-			input:    `"hello world'`,
-			expected: nil,
-			wantErr:  true,
-		},
-		{
-			name:     "double quote closed with single quote",
-			input:    `'hello world"`,
-			expected: nil,
-			wantErr:  true,
-		},
-	}
-
-	// execute each test case
-	for _, tc := range testCases {
-		t.Run(tc.name, func(t *testing.T) {
-			// call the ShlexSplit function
-			result, err := ShlexSplit(tc.input)
-
-			// check for expected error
-			if tc.wantErr {
-				if err == nil {
-					t.Errorf("FAIL: Expected error but got none, Expected: %q\n", tc.expected)
-				}
-				return
-			}
-
-			if assert.NoError(t, err, "FAIL: Unexpected error %q for input %q", err, tc.input) {
-				// check if the result matches the expected output
-				assert.Equal(t, tc.expected, result,
-					"FAIL: Result mismatch,Input %q, Expected %q, Got: %q\n",
-					tc.input, tc.expected, result,
-				)
-			}
-		})
-	}
-}

api/internal/plugins/fnplugin/fnplugin.go

@@ -7,7 +7,7 @@ import (
 	"bytes"
 	"fmt"
 
-	"sigs.k8s.io/kustomize/kyaml/errors"
+	"github.com/pkg/errors"
 
 	"sigs.k8s.io/kustomize/api/internal/plugins/utils"
 	"sigs.k8s.io/kustomize/api/resmap"
@@ -51,16 +51,13 @@ func resourceToRNode(res *resource.Resource) (*yaml.RNode, error) {
 }
 
 // GetFunctionSpec return function spec is there is. Otherwise return nil
-func GetFunctionSpec(res *resource.Resource) (*runtimeutil.FunctionSpec, error) {
+func GetFunctionSpec(res *resource.Resource) *runtimeutil.FunctionSpec {
 	rnode, err := resourceToRNode(res)
 	if err != nil {
-		return nil, fmt.Errorf("could not convert resource to RNode: %w", err)
+		return nil
 	}
-	functionSpec, err := runtimeutil.GetFunctionSpec(rnode)
-	if err != nil {
-		return nil, fmt.Errorf("failed to get FunctionSpec: %w", err)
-	}
-	return functionSpec, nil
+
+	return runtimeutil.GetFunctionSpec(rnode)
 }
 
 func toStorageMounts(mounts []string) []runtimeutil.StorageMount {
@@ -77,6 +74,7 @@ func NewFnPlugin(o *types.FnPluginLoadingOptions) *FnPlugin {
 		runFns: runfn.RunFns{
 			Functions:      []*yaml.RNode{},
 			Network:        o.Network,
+			EnableStarlark: o.EnableStar,
 			EnableExec:     o.EnableExec,
 			StorageMounts:  toStorageMounts(o.Mounts),
 			Env:            o.Env,
@@ -193,7 +191,7 @@ func (p *FnPlugin) invokePlugin(input []byte) ([]byte, error) {
 
 	err = p.runFns.Execute()
 	if err != nil {
-		return nil, errors.WrapPrefixf(
+		return nil, errors.Wrap(
 			err, "couldn't execute function")
 	}
 

api/internal/plugins/loader/load_go_plugin.go

@@ -1,62 +0,0 @@
-// Copyright 2024 The Kubernetes Authors.
-// SPDX-License-Identifier: Apache-2.0
-//go:build !kustomize_disable_go_plugin_support
-
-package loader
-
-import (
-	"fmt"
-	"log"
-	"plugin"
-	"reflect"
-
-	"sigs.k8s.io/kustomize/api/internal/plugins/utils"
-	"sigs.k8s.io/kustomize/api/konfig"
-	"sigs.k8s.io/kustomize/api/resmap"
-	"sigs.k8s.io/kustomize/kyaml/errors"
-	"sigs.k8s.io/kustomize/kyaml/resid"
-)
-
-// registry is a means to avoid trying to load the same .so file
-// into memory more than once, which results in an error.
-// Each test makes its own loader, and tries to load its own plugins,
-// but the loaded .so files are in shared memory, so one will get
-// "this plugin already loaded" errors if the registry is maintained
-// as a Loader instance variable.  So make it a package variable.
-var registry = make(map[string]resmap.Configurable) //nolint:gochecknoglobals
-
-func copyPlugin(c resmap.Configurable) resmap.Configurable {
-	indirect := reflect.Indirect(reflect.ValueOf(c))
-	newIndirect := reflect.New(indirect.Type())
-	newIndirect.Elem().Set(reflect.ValueOf(indirect.Interface()))
-	newNamed := newIndirect.Interface()
-	return newNamed.(resmap.Configurable) //nolint:forcetypeassert
-}
-
-func (l *Loader) loadGoPlugin(id resid.ResId, absPath string) (resmap.Configurable, error) {
-	regId := relativePluginPath(id)
-	if c, ok := registry[regId]; ok {
-		return copyPlugin(c), nil
-	}
-	if !utils.FileExists(absPath) {
-		return nil, fmt.Errorf(
-			"expected file with Go object code at: %s", absPath)
-	}
-	log.Printf("Attempting plugin load from %q", absPath)
-	p, err := plugin.Open(absPath)
-	if err != nil {
-		return nil, errors.WrapPrefixf(err, "plugin %s fails to load", absPath)
-	}
-	symbol, err := p.Lookup(konfig.PluginSymbol)
-	if err != nil {
-		return nil, errors.WrapPrefixf(
-			err, "plugin %s doesn't have symbol %s",
-			regId, konfig.PluginSymbol)
-	}
-	c, ok := symbol.(resmap.Configurable)
-	if !ok {
-		return nil, fmt.Errorf("plugin %q not configurable", regId)
-	}
-	registry[regId] = c
-	return copyPlugin(c), nil
-}