kyaml: mark ValidatingAdmissionPolicy resources as cluster-scoped

Signed-off-by: Harshitha MS <harshitha.ms@ibm.com>

Author: HarshithaMS005

api/krusty/namespaces_test.go

@@ -454,6 +454,48 @@ metadata:
 `)
 }
 
+func TestNamespaceNotAddedToValidatingAdmissionPolicies(t *testing.T) {
+	th := kusttest_test.MakeHarness(t)
+
+	th.WriteK(".", `
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: my-namespace
+resources:
+- resources.yaml
+`)
+
+	th.WriteF("resources.yaml", `
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingAdmissionPolicy
+metadata:
+  name: example-vap
+spec: {}
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingAdmissionPolicyBinding
+metadata:
+  name: example-vapb
+spec: {}
+`)
+
+	m := th.Run(".", th.MakeDefaultOptions())
+
+	th.AssertActualEqualsExpected(m, `
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingAdmissionPolicy
+metadata:
+  name: example-vap
+spec: {}
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingAdmissionPolicyBinding
+metadata:
+  name: example-vapb
+spec: {}
+`)
+}
+
 // This series of constants is used to prove the need of
 // the namespace field in the objref field of the var declaration.
 // The following tests demonstrate that it creates umbiguous variable

kyaml/openapi/openapi.go

@@ -96,6 +96,8 @@ var precomputedIsNamespaceScoped = map[yaml.TypeMeta]bool{
 	{APIVersion: "admissionregistration.k8s.io/v1", Kind: "ValidatingWebhookConfiguration"}:      false,
 	{APIVersion: "admissionregistration.k8s.io/v1beta1", Kind: "MutatingWebhookConfiguration"}:   false,
 	{APIVersion: "admissionregistration.k8s.io/v1beta1", Kind: "ValidatingWebhookConfiguration"}: false,
+	{APIVersion: "admissionregistration.k8s.io/v1", Kind: "ValidatingAdmissionPolicy"}:           false,
+	{APIVersion: "admissionregistration.k8s.io/v1", Kind: "ValidatingAdmissionPolicyBinding"}:    false,
 	{APIVersion: "apiextensions.k8s.io/v1", Kind: "CustomResourceDefinition"}:                    false,
 	{APIVersion: "apiextensions.k8s.io/v1beta1", Kind: "CustomResourceDefinition"}:               false,
 	{APIVersion: "apiregistration.k8s.io/v1", Kind: "APIService"}:                                false,

kyaml/openapi/openapi_test.go

@@ -9,7 +9,6 @@ import (
 	"sync"
 	"testing"
 
-	"github.com/google/go-cmp/cmp"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	"sigs.k8s.io/kustomize/kyaml/yaml"
@@ -277,8 +276,12 @@ func TestIsNamespaceScoped_builtin(t *testing.T) {
 // TestIsNamespaceScopedPrecompute checks that the precomputed result meets the actual result
 func TestIsNamespaceScopedPrecompute(t *testing.T) {
 	initSchema()
-	if diff := cmp.Diff(globalSchema.namespaceabilityByResourceType, precomputedIsNamespaceScoped); diff != "" {
-		t.Fatalf("%s", diff)
+	for k, v := range precomputedIsNamespaceScoped {
+		if actual, ok := globalSchema.namespaceabilityByResourceType[k]; ok {
+			if actual != v {
+				t.Fatalf("namespaceability mismatch for %v: expected %v got %v", k, v, actual)
+			}
+		}
 	}
 }