v0.3.0

Release v0.3.0

Overview

This release adds support for annotations-based protection, the ability
to set custom reasons, replay deletion support, typed Usage generation,
updated examples for Crossplane v2, and multiple dependency updates.

Key Features

Annotations Support (#32)

The function now defaults to using annotations for enabling
deletion protection and other settings.

metadata:
  annotations:
    protection.fn.crossplane.io/block-deletion: "true"

The protection.fn.crossplane.io/block-deletion label is still
supported for backwards compatibility. In the case of a conflict
between the annotation and label, the annotation will take
precedence.

All other settings like custom reasons and replay deletion
are only supported via annotations.

metadata:
  labels:
    protection.fn.crossplane.io/block-deletion: "true"

Custom Reason Messages

You can now specify custom reason messages that appear in the Usage and deletion rejection messages using the protection.fn.crossplane.io/reason annotation:

metadata:
  annotations:
    protection.fn.crossplane.io/block-deletion: "true"
    protection.fn.crossplane.io/reason: "in use by production workload - do not delete"

Custom reasons help provide context-specific information about why a resource is protected, making it clearer to operators why deletion is blocked.

Replay Deletion

The function now supports the replayDeletion feature for Usages via the protection.fn.crossplane.io/replay-deletion annotation. When enabled, deletion attempts will be logged and tracked:

metadata:
  annotations:
    protection.fn.crossplane.io/block-deletion: "true"
    protection.fn.crossplane.io/replay-deletion: "true"

Replay deletion can speed up deletion of nested resources that
have been blocked by the Usage webhook. However, it will attempt
to delete a resource if the Usage is removed.

See comment 6140#issuecomment-2538629314. For
a discussion of possible downsides.

Typed Usage Generation (#35)

The function now uses Go types to generate Usage objects instead of unstructured data.

Before: Usage objects were created as map[string]any with manual field construction:

usage := map[string]any{
    "apiVersion": ProtectionGroupVersion,
    "kind":       usageType,
    "metadata":   usageMeta,
    "spec": map[string]any{
        "of": map[string]any{
            "apiVersion": u.GetAPIVersion(),
            // ...
        },
    },
}

In release v0.3.0, they are created as Go structs:

usage := protectionv1beta1.Usage{
    ObjectMeta: v1.ObjectMeta{
        Name:      GenerateName(name, UsageNameSuffix),
        Namespace: u.GetNamespace(),
    },
    Spec: protectionv1beta1.UsageSpec{
        Of: protectionv1beta1.NamespacedResource{
            APIVersion: u.GetAPIVersion(),
            Kind:       u.GetKind(),
            ResourceRef: &protectionv1beta1.NamespacedResourceRef{
                Name: u.GetName(),
            },
        },
        Reason:         &uo.Reason,
        ReplayDeletion: &uo.ReplayDeletion,
    },
}
return composed.From(&usage)

Updated Examples for Crossplane v2 (#37)

All examples have been updated to align with Crossplane v2 APIs and conventions:

• Updated API versions from v1beta1 to v1 for Function packages
• Updated composition examples with v2-compatible resources
• Fixed indentation and package version references
• Updated example documentation to reflect v2 changes

Technical Improvements

Dependency Updates

• Updated github.com/crossplane/function-sdk-go to v0.6.2 (#36, #22)
• Updated google.golang.org/protobuf to v1.36.11 (#17)
• Updated module dependencies (#34)
• Pin dependencies for reproducible builds (#33)

CI/CD Updates

• Updated docker/build-push-action to v7 (#30)
• Updated docker/setup-buildx-action to v4 (#29)
• Updated docker/setup-qemu-action to v4 (#28)
• Updated docker/login-action to v4 (#27)
• Updated golangci/golangci-lint-action to v9 (#26)
• Updated actions/checkout to v6.0.2 (#16)
• Updated GitHub artifact actions (#25)

Installation

Install via Crossplane package specification:

apiVersion: pkg.crossplane.io/v1
kind: Function
metadata:
  name: crossplane-contrib-function-deletion-protection
spec:
  package: xpkg.upbound.io/crossplane-contrib/function-deletion-protection:v0.3.0

Compatibility

• Crossplane 2.x: Full support for all features including Operations
• Crossplane 1.x: Composition pipeline support available with v1 mode
• Breaking Changes: None - fully backward compatible with v0.2.x

What's Changed

Full Changelog: v0.2.0...v0.3.0

v0.2.2

v0.2.2 contains a fix that automatically marks usages as ready, thanks to a fix submitted by @fabioaraujopt.

The function can be installed using the following manifest:

apiVersion: pkg.crossplane.io/v1
kind: Function
metadata:
  name: crossplane-contrib-function-deletion-protection
spec:
  package: xpkg.upbound.io/crossplane-contrib/function-deletion-protection:v0.2.2

What's Changed

• fix: mark generated usages as ready in function output by @fabioaraujopt in #12
• update to version v0.2.2 by @stevendborrelli in #14
• Backport fixes to release-0.2 branch by @stevendborrelli in #15

New Contributors

• @haarchri made their first contribution in #11
• @fabioaraujopt made their first contribution in #12

Full Changelog: v0.2.1...v0.2.2

v0.2.1

v0.2.1 includes new checks that will raise an error if a Namespace-scoped resource has protection enabled when enableV1Mode is true.

What's Changed

• update for v0.2.0 by @stevendborrelli in #3
• add checks for v1 usages and namespaced resources by @stevendborrelli in #2
• Sync to release-0.2 by @stevendborrelli in #4
• Update version to v0.2.1 by @stevendborrelli in #5

Full Changelog: v0.2.0...v0.2.1

v0.2.0

Release v0.2.0 - function-deletion-protection

Overview

This release introduces major functionality enabling Crossplane Operations support, allowing protection of any Kubernetes resource beyond composed resources in pipelines, plus code quality enhancements and improved documentation.

This is the first release out of the Crossplane-contrib GitHub org via https://github.com/crossplane-contrib/function-deletion-protection and published to the Upbound Marketplace.

Key Features

Operations Support

The function now integrates with WatchOperation to protect arbitrary Kubernetes resources. When resources matching watch conditions receive specific labels, the system automatically generates Usage objects preventing deletion.

An example of Protecting namespaces from deletion via labeled resources has been created at https://github.com/crossplane-contrib/function-deletion-protection/tree/main/examples/operations.

Enhanced Usage Reason Strings

The release provides more descriptive reason messages:

• Label-based protection identification
• Composite resource protection tracking
• Operation and WatchOperation attribution

Documentation Improvements

• Reorganized examples into composition and operations directories
• Enhanced README with Operations guidance
• Clearer Crossplane version compatibility notes

Installation

Install via Crossplane package specification using the image:

apiVersion: pkg.crossplane.io/v1beta1
kind: Function
metadata:
  name: crossplane-contrib-function-deletion-protection
spec:
  package: xpkg.upbound.io/crossplane-contrib/function-deletion-protection:v0.2.0

Compatibility

• Crossplane 2.x required for Operations
• Composition pipeline support: Crossplane 1.x and 2.x
• V1 mode available for older clusters

What's Changed

• update for crossplane-contrib repo by @stevendborrelli in #1

New Contributors

• @stevendborrelli made their first contribution in #1

Full Changelog: https://github.com/crossplane-contrib/function-deletion-protection/commits/v0.2.0