From 33ef320e5441955f6da69bf7e69f7f1c2ce23d2b Mon Sep 17 00:00:00 2001 From: Qi Wang Date: Sat, 28 Feb 2026 00:17:18 -0500 Subject: [PATCH 1/2] Add criocredentialprovider tests --- test/extended/imagepolicy/imagepolicy.go | 56 +-- test/extended/node/criocredentialprovider.go | 360 +++++++++++++++++++ 2 files changed, 388 insertions(+), 28 deletions(-) create mode 100644 test/extended/node/criocredentialprovider.go diff --git a/test/extended/imagepolicy/imagepolicy.go b/test/extended/imagepolicy/imagepolicy.go index 8353de7cfede..b449755ce887 100644 --- a/test/extended/imagepolicy/imagepolicy.go +++ b/test/extended/imagepolicy/imagepolicy.go @@ -198,8 +198,8 @@ var _ = g.Describe("[sig-imagepolicy][OCPFeatureGate:SigstoreImageVerificationPK func updateImageConfig(oc *exutil.CLI, allowedRegistries []string) { e2e.Logf("Updating image config with allowed registries") - initialWorkerSpec := getMCPCurrentSpecConfigName(oc, workerPool) - initialMasterSpec := getMCPCurrentSpecConfigName(oc, masterPool) + initialWorkerSpec := GetMCPCurrentSpecConfigName(oc, workerPool) + initialMasterSpec := GetMCPCurrentSpecConfigName(oc, masterPool) err := retry.RetryOnConflict(retry.DefaultBackoff, func() error { imageConfig, err := oc.AdminConfigClient().ConfigV1().Images().Get( @@ -215,13 +215,13 @@ func updateImageConfig(oc *exutil.CLI, allowedRegistries []string) { return err }) o.Expect(err).NotTo(o.HaveOccurred(), "error updating image config") - waitForMCPConfigSpecChangeAndUpdated(oc, workerPool, initialWorkerSpec) - waitForMCPConfigSpecChangeAndUpdated(oc, masterPool, initialMasterSpec) + WaitForMCPConfigSpecChangeAndUpdated(oc, workerPool, initialWorkerSpec) + WaitForMCPConfigSpecChangeAndUpdated(oc, masterPool, initialMasterSpec) } func cleanupImageConfig(oc *exutil.CLI) error { - initialWorkerSpec := getMCPCurrentSpecConfigName(oc, workerPool) - initialMasterSpec := getMCPCurrentSpecConfigName(oc, masterPool) + initialWorkerSpec := GetMCPCurrentSpecConfigName(oc, workerPool) + initialMasterSpec := GetMCPCurrentSpecConfigName(oc, masterPool) err := retry.RetryOnConflict(retry.DefaultBackoff, func() error { imageConfig, err := oc.AdminConfigClient().ConfigV1().Images().Get( @@ -237,8 +237,8 @@ func cleanupImageConfig(oc *exutil.CLI) error { return err }) o.Expect(err).NotTo(o.HaveOccurred(), "error cleaning up image config") - waitForMCPConfigSpecChangeAndUpdated(oc, workerPool, initialWorkerSpec) - waitForMCPConfigSpecChangeAndUpdated(oc, masterPool, initialMasterSpec) + WaitForMCPConfigSpecChangeAndUpdated(oc, workerPool, initialWorkerSpec) + WaitForMCPConfigSpecChangeAndUpdated(oc, masterPool, initialMasterSpec) return nil } @@ -278,32 +278,32 @@ func waitForTestPodContainerToFailSignatureValidation(ctx context.Context, f *e2 func createClusterImagePolicy(oc *exutil.CLI, policy configv1.ClusterImagePolicy) { e2e.Logf("Creating cluster image policy %s", policy.Name) - initialWorkerSpec := getMCPCurrentSpecConfigName(oc, workerPool) - initialMasterSpec := getMCPCurrentSpecConfigName(oc, masterPool) + initialWorkerSpec := GetMCPCurrentSpecConfigName(oc, workerPool) + initialMasterSpec := GetMCPCurrentSpecConfigName(oc, masterPool) _, err := oc.AdminConfigClient().ConfigV1().ClusterImagePolicies().Create(context.TODO(), &policy, metav1.CreateOptions{}) o.Expect(err).NotTo(o.HaveOccurred()) - waitForMCPConfigSpecChangeAndUpdated(oc, workerPool, initialWorkerSpec) - waitForMCPConfigSpecChangeAndUpdated(oc, masterPool, initialMasterSpec) + WaitForMCPConfigSpecChangeAndUpdated(oc, workerPool, initialWorkerSpec) + WaitForMCPConfigSpecChangeAndUpdated(oc, masterPool, initialMasterSpec) } func deleteClusterImagePolicy(oc *exutil.CLI, policyName string) error { - initialWorkerSpec := getMCPCurrentSpecConfigName(oc, workerPool) - initialMasterSpec := getMCPCurrentSpecConfigName(oc, masterPool) + initialWorkerSpec := GetMCPCurrentSpecConfigName(oc, workerPool) + initialMasterSpec := GetMCPCurrentSpecConfigName(oc, masterPool) if err := oc.AdminConfigClient().ConfigV1().ClusterImagePolicies().Delete(context.TODO(), policyName, metav1.DeleteOptions{}); err != nil && !errors.IsNotFound(err) { return fmt.Errorf("failed to delete cluster image policy %s: %v", policyName, err) } - waitForMCPConfigSpecChangeAndUpdated(oc, workerPool, initialWorkerSpec) - waitForMCPConfigSpecChangeAndUpdated(oc, masterPool, initialMasterSpec) + WaitForMCPConfigSpecChangeAndUpdated(oc, workerPool, initialWorkerSpec) + WaitForMCPConfigSpecChangeAndUpdated(oc, masterPool, initialMasterSpec) return nil } func createImagePolicy(oc *exutil.CLI, policy configv1.ImagePolicy, namespace string) { // Capture initial rendered config names for both pools before creating the policy - initialWorkerSpec := getMCPCurrentSpecConfigName(oc, workerPool) - initialMasterSpec := getMCPCurrentSpecConfigName(oc, masterPool) + initialWorkerSpec := GetMCPCurrentSpecConfigName(oc, workerPool) + initialMasterSpec := GetMCPCurrentSpecConfigName(oc, masterPool) e2e.Logf("Creating image policy %s in namespace %s", policy.Name, namespace) _, err := oc.AdminConfigClient().ConfigV1().ImagePolicies(namespace).Create(context.TODO(), &policy, metav1.CreateOptions{}) @@ -311,19 +311,19 @@ func createImagePolicy(oc *exutil.CLI, policy configv1.ImagePolicy, namespace st // Wait until each pool's Spec.Configuration.Name changes from the initial value // and the pool reports Updated=true - waitForMCPConfigSpecChangeAndUpdated(oc, workerPool, initialWorkerSpec) - waitForMCPConfigSpecChangeAndUpdated(oc, masterPool, initialMasterSpec) + WaitForMCPConfigSpecChangeAndUpdated(oc, workerPool, initialWorkerSpec) + WaitForMCPConfigSpecChangeAndUpdated(oc, masterPool, initialMasterSpec) } func deleteImagePolicy(oc *exutil.CLI, policyName string, namespace string) error { - initialWorkerSpec := getMCPCurrentSpecConfigName(oc, workerPool) - initialMasterSpec := getMCPCurrentSpecConfigName(oc, masterPool) + initialWorkerSpec := GetMCPCurrentSpecConfigName(oc, workerPool) + initialMasterSpec := GetMCPCurrentSpecConfigName(oc, masterPool) if err := oc.AdminConfigClient().ConfigV1().ImagePolicies(namespace).Delete(context.TODO(), policyName, metav1.DeleteOptions{}); err != nil && !errors.IsNotFound(err) { return fmt.Errorf("failed to delete image policy %s in namespace %s: %v", policyName, namespace, err) } - waitForMCPConfigSpecChangeAndUpdated(oc, workerPool, initialWorkerSpec) - waitForMCPConfigSpecChangeAndUpdated(oc, masterPool, initialMasterSpec) + WaitForMCPConfigSpecChangeAndUpdated(oc, workerPool, initialWorkerSpec) + WaitForMCPConfigSpecChangeAndUpdated(oc, masterPool, initialMasterSpec) return nil } @@ -679,8 +679,8 @@ L8ITFP+Nw9Meiw4etw59CTAPCc7l4Zvwr1K2ZTBmVGxrqdasiqpI0utG69aItsPi return testImagePolicies } -// getMCPCurrentSpecConfigName returns the current Spec.Configuration.Name for the given MCP -func getMCPCurrentSpecConfigName(oc *exutil.CLI, pool string) string { +// GetMCPCurrentSpecConfigName returns the current Spec.Configuration.Name for the given MCP +func GetMCPCurrentSpecConfigName(oc *exutil.CLI, pool string) string { clientSet, err := machineconfigclient.NewForConfig(oc.KubeFramework().ClientConfig()) o.Expect(err).NotTo(o.HaveOccurred()) mcp, err := clientSet.MachineconfigurationV1().MachineConfigPools().Get(context.TODO(), pool, metav1.GetOptions{}) @@ -688,9 +688,9 @@ func getMCPCurrentSpecConfigName(oc *exutil.CLI, pool string) string { return mcp.Spec.Configuration.Name } -// waitForMCPConfigSpecChangeAndUpdated waits until Spec.Configuration.Name changes from the provided initial value +// WaitForMCPConfigSpecChangeAndUpdated waits until Spec.Configuration.Name changes from the provided initial value // and the MCP reports Updated=true -func waitForMCPConfigSpecChangeAndUpdated(oc *exutil.CLI, pool string, initialSpecName string) { +func WaitForMCPConfigSpecChangeAndUpdated(oc *exutil.CLI, pool string, initialSpecName string) { e2e.Logf("Waiting for pool %s to complete", pool) clientSet, err := machineconfigclient.NewForConfig(oc.KubeFramework().ClientConfig()) o.Expect(err).NotTo(o.HaveOccurred()) diff --git a/test/extended/node/criocredentialprovider.go b/test/extended/node/criocredentialprovider.go new file mode 100644 index 000000000000..16d1645cce26 --- /dev/null +++ b/test/extended/node/criocredentialprovider.go @@ -0,0 +1,360 @@ +package node + +import ( + "context" + "fmt" + "path/filepath" + + g "github.com/onsi/ginkgo/v2" + o "github.com/onsi/gomega" + apicfgv1 "github.com/openshift/api/config/v1" + apicfgv1alpha1 "github.com/openshift/api/config/v1alpha1" + "github.com/openshift/origin/test/extended/imagepolicy" + exutil "github.com/openshift/origin/test/extended/util" + corev1 "k8s.io/api/core/v1" + kapiv1 "k8s.io/api/core/v1" + rbacv1 "k8s.io/api/rbac/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/util/retry" + "k8s.io/kubernetes/test/e2e/framework" + e2e "k8s.io/kubernetes/test/e2e/framework" + e2epod "k8s.io/kubernetes/test/e2e/framework/pod" + admissionapi "k8s.io/pod-security-admission/api" +) + +const ( + workerPool = "worker" + masterPool = "master" + controllerConfigName = "machine-config-controller" + crioCredentialProviderName = "crio-credential-provider" + dummypodImage = "docker.io/library/nginx@sha256:7f2f2b29e70f2785a697e2364718c6dbbe198ee7e17ae736a9da80bdd85ce843" +) + +var _ = g.Describe("[sig-node][OCPFeatureGate:CRIOCredentialProviderConfig][Serial]", g.Ordered, func() { + defer g.GinkgoRecover() + var ( + oc = exutil.NewCLIWithoutNamespace("cluster-image-policy") + tctx = context.Background() + credentialProviderConfigPath string + workerNodes []corev1.Node + cli = exutil.NewCLIWithPodSecurityLevel("criocp-mynamespace", admissionapi.LevelBaseline) + clif = cli.KubeFramework() + ) + + g.BeforeAll(func() { + if !exutil.IsTechPreviewNoUpgrade(tctx, oc.AdminConfigClient()) { + g.Skip("skipping, this feature is only supported on TechPreviewNoUpgrade clusters") + } + credentialProviderConfigPath = getCredentialProviderConfigPath(oc) + e2e.Logf("Using credential provider config path: %s", credentialProviderConfigPath) + if credentialProviderConfigPath == "" { + g.Skip("skipping, platform does not have a default credential provider config") + } + var err error + workerNodes, err = getWorkerNodes(oc) + if err != nil || len(workerNodes) == 0 { + g.Skip("skipping, no worker nodes found") + } + + }) + + g.DescribeTable("criocredentialproviderconfig tests", + func(expectedMatchImages, updatedMatchImages, excludedMatchImages []string, expectCRIOProviderConfigEntry bool) { + updateCRIOCredentialProviderConfig(oc, expectedMatchImages, false) + + // verifyWorkerNodeCRIOCredentialProviderConfig(oc, expectedMatchImages, excludedMatchImages, workerNodes[0], credentialProviderConfigPath, expectCRIOProviderConfigEntry) + verifyWorkerNodeCRIOCredentialProviderConfig(oc, expectedMatchImages, nil, workerNodes[0], credentialProviderConfigPath, true) + + if updatedMatchImages != nil && expectCRIOProviderConfigEntry { + updateCRIOCredentialProviderConfig(oc, updatedMatchImages, false) + g.DeferCleanup(cleanupCRIOCredentialProviderConfig, oc) + verifyWorkerNodeCRIOCredentialProviderConfig(oc, updatedMatchImages, excludedMatchImages, workerNodes[0], credentialProviderConfigPath, true) + } + + if !expectCRIOProviderConfigEntry { + cleanupCRIOCredentialProviderConfig(oc) + verifyWorkerNodeCRIOCredentialProviderConfig(oc, nil, nil, workerNodes[0], credentialProviderConfigPath, false) + } + + }, + g.Entry("pass update criocredentialproviderconfig with valid image entry", []string{"docker.io", + "123456789.dkr.ecr.us-east-1.amazonaws.com", + "*.azurecr.io", + "gcr.io", + "*.*.registry.io", + "registry.io:8080/path"}, nil, nil, true), + g.Entry("update CRIOCredentialProviderConfig with removal one of image entries", + []string{"*.azurecr.io", "registry.io:8080/path"}, + []string{"registry.io:8080/path"}, []string{"*.azurecr.io"}, true), + g.Entry("remove CRIOCredentialProviderConfig entry on removal all matchImages entries", + []string{"*.azurecr.io", "registry.io:8080/path"}, + nil, nil, false), + ) + + g.It("Should fail with empty value matchImages", func() { + updateCRIOCredentialProviderConfig(oc, []string{""}, true) + }) + + g.It("Should execute crio credential provider if private mirror configured", func() { + + matchImages := []string{"docker.io"} + updateCRIOCredentialProviderConfig(oc, matchImages, false) + g.DeferCleanup(cleanupCRIOCredentialProviderConfig, oc) + verifyWorkerNodeCRIOCredentialProviderConfig(oc, matchImages, nil, workerNodes[0], credentialProviderConfigPath, true) + + // namespace rbac + createNamespaceRBAC(clif, clif.Namespace.Name) + + // secret + createSecret(clif, clif.Namespace.Name, "dummy-secret", map[string][]byte{ + ".dockerconfigjson": []byte(`{"auths":{"docker.io":{"auth":"bXl1c2VyOm15cGFzcw=="}}}`), + }) + + // IDMS docker.io/library/nginx to docker.io/qiwanredhat/mirror-pull-secret-dummy, which requires pulling credentials from criocredentialprovider + createIDMSResources(oc) + g.DeferCleanup(cleanupIDMSResources, oc) + + pod, _ := launchTestPod(context.Background(), clif, "dummy-pod", dummypodImage, workerNodes[0].Name) + e2epod.WaitForPodContainerToFail(context.Background(), clif.ClientSet, pod.Namespace, pod.Name, 0, "ImagePullBackOff", e2e.PodStartShortTimeout) + + //verify provider log + out, err := oc.AsAdmin().Run("debug").Args("node/"+workerNodes[0].Name, "--", "chroot", "/host", "journalctl", "_COMM=crio-credential").Output() + framework.Logf("%s", out) + o.Expect(err).NotTo(o.HaveOccurred(), "error reading criocredential provider logs on node %s", workerNodes[0].Name) + o.Expect(out).To(o.ContainSubstring("Wrote auth file to /etc/crio/auth/"), "expected log message not found in criocredential provider logs on node %s", workerNodes[0].Name) + }) +}) + +func updateCRIOCredentialProviderConfig(oc *exutil.CLI, matchImages []string, expectErr bool) { + e2e.Logf("Updating CRIOCredentialProviderConfig 'cluster' with matchImages") + initialWorkerSpec := imagepolicy.GetMCPCurrentSpecConfigName(oc, workerPool) + initialMasterSpec := imagepolicy.GetMCPCurrentSpecConfigName(oc, masterPool) + var images []apicfgv1alpha1.MatchImage + for _, img := range matchImages { + images = append(images, apicfgv1alpha1.MatchImage(img)) + } + + err := retry.RetryOnConflict(retry.DefaultBackoff, func() error { + crioCPConfig, err := oc.AdminConfigClient().ConfigV1alpha1().CRIOCredentialProviderConfigs().Get( + context.Background(), "cluster", metav1.GetOptions{}, + ) + if err != nil { + return err + } + + crioCPConfig.Spec.MatchImages = images + _, err = oc.AdminConfigClient().ConfigV1alpha1().CRIOCredentialProviderConfigs().Update( + context.Background(), crioCPConfig, metav1.UpdateOptions{}, + ) + return err + }) + if expectErr { + o.Expect(err).To(o.HaveOccurred(), "expected error updating CRIOCredentialProviderConfig 'cluster'") + return + } + + o.Expect(err).NotTo(o.HaveOccurred(), "error updating CRIOCredentialProviderConfig 'cluster'") + + imagepolicy.WaitForMCPConfigSpecChangeAndUpdated(oc, workerPool, initialWorkerSpec) + imagepolicy.WaitForMCPConfigSpecChangeAndUpdated(oc, masterPool, initialMasterSpec) + +} + +func cleanupCRIOCredentialProviderConfig(oc *exutil.CLI) error { + initialWorkerSpec := imagepolicy.GetMCPCurrentSpecConfigName(oc, workerPool) + initialMasterSpec := imagepolicy.GetMCPCurrentSpecConfigName(oc, masterPool) + + err := retry.RetryOnConflict(retry.DefaultBackoff, func() error { + crioCPConfig, err := oc.AdminConfigClient().ConfigV1alpha1().CRIOCredentialProviderConfigs().Get( + context.Background(), "cluster", metav1.GetOptions{}, + ) + if err != nil { + return err + } + crioCPConfig.Spec = &apicfgv1alpha1.CRIOCredentialProviderConfigSpec{} + _, err = oc.AdminConfigClient().ConfigV1alpha1().CRIOCredentialProviderConfigs().Update( + context.Background(), crioCPConfig, metav1.UpdateOptions{}, + ) + return err + }) + o.Expect(err).NotTo(o.HaveOccurred(), "error cleaning up image config") + imagepolicy.WaitForMCPConfigSpecChangeAndUpdated(oc, workerPool, initialWorkerSpec) + imagepolicy.WaitForMCPConfigSpecChangeAndUpdated(oc, masterPool, initialMasterSpec) + return nil +} + +func getWorkerNodes(oc *exutil.CLI) ([]corev1.Node, error) { + workerNodes, err := oc.AdminKubeClient().CoreV1().Nodes().List(context.Background(), metav1.ListOptions{ + LabelSelector: `node-role.kubernetes.io/worker`, + }) + if err != nil { + return nil, err + } + e2e.Logf("Discovered %d worker nodes.", len(workerNodes.Items)) + return workerNodes.Items, nil +} + +func verifyWorkerNodeCRIOCredentialProviderConfig(oc *exutil.CLI, expectedMatchImages, excludedMatchImages []string, node corev1.Node, path string, expectCRIOProviderConfigEntry bool) { + nodeName := node.Name + out, err := oc.AsAdmin().Run("debug").Args("node/"+nodeName, "--", "chroot", "/host", "cat", path).Output() + framework.Logf("%s", out) + o.Expect(err).NotTo(o.HaveOccurred(), "error reading CRIOCredentialProviderConfig on node %s", nodeName) + + if !expectCRIOProviderConfigEntry { + o.Expect(out).NotTo(o.ContainSubstring(crioCredentialProviderName), "expected no CRIOCredentialProviderConfig on node %s but found one", nodeName) + return + } + + for _, img := range expectedMatchImages { + o.Expect(out).To(o.ContainSubstring(string(apicfgv1alpha1.MatchImage(img))), "expected match image %s not found in CRIOCredentialProviderConfig on node %s", img, nodeName) + } + for _, img := range excludedMatchImages { + o.Expect(out).NotTo(o.ContainSubstring(string(apicfgv1alpha1.MatchImage(img))), "excluded match image %s found in CRIOCredentialProviderConfig on node %s", img, nodeName) + } +} + +func getCredentialProviderConfigPath(oc *exutil.CLI) string { + cc, err := oc.AsAdmin().MachineConfigurationClient().MachineconfigurationV1().ControllerConfigs().Get(context.Background(), controllerConfigName, metav1.GetOptions{}) + if err != nil { + e2e.Logf("could not get controllerconfig, skipping test") + return "" + } + + var credProviderConfigPath string + + // Determine credential provider config path based on platform + credProviderConfigPathFormat := filepath.FromSlash("/etc/kubernetes/credential-providers/%s-credential-provider.yaml") + switch cc.Spec.Infra.Status.PlatformStatus.Type { + case apicfgv1.AWSPlatformType: + credProviderConfigPath = fmt.Sprintf(credProviderConfigPathFormat, "ecr") + case apicfgv1.GCPPlatformType: + credProviderConfigPath = fmt.Sprintf(credProviderConfigPathFormat, "gcr") + case apicfgv1.AzurePlatformType: + credProviderConfigPath = fmt.Sprintf(credProviderConfigPathFormat, "acr") + default: + return "" + } + return credProviderConfigPath +} + +func createIDMSResources(oc *exutil.CLI) error { + initialWorkerSpec := imagepolicy.GetMCPCurrentSpecConfigName(oc, workerPool) + initialMasterSpec := imagepolicy.GetMCPCurrentSpecConfigName(oc, masterPool) + + idms := &apicfgv1.ImageDigestMirrorSet{ + ObjectMeta: metav1.ObjectMeta{ + Name: "digest-mirror", + }, + Spec: apicfgv1.ImageDigestMirrorSetSpec{ + ImageDigestMirrors: []apicfgv1.ImageDigestMirrors{ + { + Mirrors: []apicfgv1.ImageMirror{ + apicfgv1.ImageMirror("docker.io/qiwanredhat/mirror-pull-secret-dummy"), + }, + Source: "docker.io/library/nginx", + MirrorSourcePolicy: apicfgv1.NeverContactSource, + }, + }, + }, + } + + _, err := oc.AdminConfigClient().ConfigV1().ImageDigestMirrorSets().Create(context.Background(), idms, metav1.CreateOptions{}) + o.Expect(err).NotTo(o.HaveOccurred(), "error creating ImageDigestMirrorSet %q", idms.Name) + + e2e.Logf("Created ImageDigestMirrorSet %q", idms.Name) + + imagepolicy.WaitForMCPConfigSpecChangeAndUpdated(oc, workerPool, initialWorkerSpec) + imagepolicy.WaitForMCPConfigSpecChangeAndUpdated(oc, masterPool, initialMasterSpec) + return nil +} + +func cleanupIDMSResources(oc *exutil.CLI) error { + initialWorkerSpec := imagepolicy.GetMCPCurrentSpecConfigName(oc, workerPool) + initialMasterSpec := imagepolicy.GetMCPCurrentSpecConfigName(oc, masterPool) + + err := oc.AdminConfigClient().ConfigV1().ImageDigestMirrorSets().Delete(context.Background(), "digest-mirror", metav1.DeleteOptions{}) + o.Expect(err).NotTo(o.HaveOccurred(), "error deleting ImageDigestMirrorSet %q", "digest-mirror") + + e2e.Logf("Deleted ImageDigestMirrorSet %q", "digest-mirror") + + imagepolicy.WaitForMCPConfigSpecChangeAndUpdated(oc, workerPool, initialWorkerSpec) + imagepolicy.WaitForMCPConfigSpecChangeAndUpdated(oc, masterPool, initialMasterSpec) + return nil +} + +func createNamespaceRBAC(f *e2e.Framework, namespace string) error { + _, err := f.ClientSet.RbacV1().Roles(f.Namespace.Name).Create(context.Background(), &rbacv1.Role{ + ObjectMeta: metav1.ObjectMeta{ + Name: "credential-provider-secret-reader", + }, + Rules: []rbacv1.PolicyRule{ + { + APIGroups: []string{""}, + Resources: []string{"secrets"}, + Verbs: []string{"get", "list"}, + }, + }, + }, metav1.CreateOptions{}) + o.Expect(err).NotTo(o.HaveOccurred(), "error creating role in namespace %q", namespace) + e2e.Logf("Created role in namespace %q", namespace) + + _, err = f.ClientSet.RbacV1().RoleBindings(f.Namespace.Name).Create(context.Background(), &rbacv1.RoleBinding{ + ObjectMeta: metav1.ObjectMeta{ + Name: "credential-provider-secret-reader-binding", + }, + Subjects: []rbacv1.Subject{ + { + APIGroup: rbacv1.GroupName, + Kind: rbacv1.UserKind, + Name: "system:serviceaccount:" + f.Namespace.Name + ":default", + }, + }, + RoleRef: rbacv1.RoleRef{ + APIGroup: rbacv1.GroupName, + Kind: "Role", + Name: "credential-provider-secret-reader", + }, + }, metav1.CreateOptions{}) + o.Expect(err).NotTo(o.HaveOccurred(), "error creating rolebinding in namespace %q", namespace) + e2e.Logf("Created rolebinding in namespace %q", namespace) + return nil +} + +func createSecret(f *e2e.Framework, namespace, name string, data map[string][]byte) error { + _, err := f.ClientSet.CoreV1().Secrets(namespace).Create(context.Background(), &corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: name, + }, + Type: corev1.SecretTypeDockerConfigJson, + Data: data, + }, metav1.CreateOptions{}) + o.Expect(err).NotTo(o.HaveOccurred(), "error creating secret %q in namespace %q", name, namespace) + e2e.Logf("Created secret %q in namespace %q", name, namespace) + return nil +} + +func launchTestPod(ctx context.Context, f *e2e.Framework, podName, image, nodeName string) (*kapiv1.Pod, error) { + g.By(fmt.Sprintf("launching the pod: %s on node: %s", podName, nodeName)) + contName := fmt.Sprintf("%s-container", podName) + pod := &kapiv1.Pod{ + TypeMeta: metav1.TypeMeta{ + Kind: "Pod", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: podName, + }, + Spec: kapiv1.PodSpec{ + Containers: []kapiv1.Container{ + { + Name: contName, + Image: image, + ImagePullPolicy: kapiv1.PullAlways, + Command: []string{"/bin/sh", "-c", "exit 0"}, + }, + }, + NodeName: nodeName, + }, + } + pod, err := f.ClientSet.CoreV1().Pods(f.Namespace.Name).Create(ctx, pod, metav1.CreateOptions{}) + return pod, err +} From 3b8fd6024985e9d054369e2081817ab688afb66d Mon Sep 17 00:00:00 2001 From: Qi Wang Date: Sat, 28 Feb 2026 00:17:27 -0500 Subject: [PATCH 2/2] vendor Signed-off-by: Qi Wang --- go.mod | 4 +- go.sum | 4 + .../github.com/openshift/api/.coderabbit.yaml | 1 + .../openshift/api/.golangci.go-validated.yaml | 1 + .../github.com/openshift/api/.golangci.yaml | 23 +- vendor/github.com/openshift/api/Makefile | 4 +- .../types_compatibilityrequirement.go | 3 + ..._generated.featuregated-crd-manifests.yaml | 3 +- .../zz_generated.swagger_doc_generated.go | 2 +- .../github.com/openshift/api/apps/v1/types.go | 12 +- .../v1/zz_prerelease_lifecycle_generated.go | 12 +- .../api/config/v1/types_apiserver.go | 1 + .../api/config/v1/types_authentication.go | 264 +++---- .../api/config/v1/types_infrastructure.go | 7 +- .../openshift/api/config/v1/types_insights.go | 1 + .../openshift/api/config/v1/types_network.go | 4 +- .../api/config/v1/types_tlssecurityprofile.go | 49 +- ..._generated.featuregated-crd-manifests.yaml | 6 +- .../v1/zz_generated.swagger_doc_generated.go | 36 +- .../openshift/api/config/v1alpha1/register.go | 2 + .../api/config/v1alpha1/types_backup.go | 3 +- .../v1alpha1/types_cluster_monitoring.go | 162 +++- .../types_crio_credential_provider_config.go | 186 +++++ .../api/config/v1alpha1/types_insights.go | 2 + .../config/v1alpha1/zz_generated.deepcopy.go | 185 +++++ ..._generated.featuregated-crd-manifests.yaml | 25 +- .../zz_generated.swagger_doc_generated.go | 83 +- .../api/config/v1alpha2/types_insights.go | 1 + ..._generated.featuregated-crd-manifests.yaml | 2 +- .../api/console/v1/types_console_sample.go | 4 +- .../github.com/openshift/api/etcd/README.md | 211 +++++ .../github.com/openshift/api/etcd/install.go | 26 + .../openshift/api/etcd/v1alpha1/Makefile | 3 + .../openshift/api/etcd/v1alpha1/doc.go | 6 + .../openshift/api/etcd/v1alpha1/register.go | 39 + .../etcd/v1alpha1/types_pacemakercluster.go | 736 ++++++++++++++++++ .../etcd/v1alpha1/zz_generated.deepcopy.go | 210 +++++ ..._generated.featuregated-crd-manifests.yaml | 23 + .../zz_generated.swagger_doc_generated.go | 89 +++ vendor/github.com/openshift/api/features.md | 32 +- .../openshift/api/features/features.go | 416 +++++----- .../api/features/legacyfeaturegates.go | 12 - .../github.com/openshift/api/features/util.go | 157 ++-- vendor/github.com/openshift/api/install.go | 2 + .../v1/types_controlplanemachineset.go | 3 +- ..._generated.featuregated-crd-manifests.yaml | 1 - .../api/machine/v1beta1/types_awsprovider.go | 91 ++- .../api/machine/v1beta1/types_machine.go | 20 + .../api/machine/v1beta1/types_machineset.go | 8 + .../machine/v1beta1/zz_generated.deepcopy.go | 58 +- .../zz_generated.swagger_doc_generated.go | 31 +- .../api/machineconfiguration/v1/types.go | 1 + .../v1alpha1/types_osimagestream.go | 18 + .../zz_generated.swagger_doc_generated.go | 3 +- .../operator/v1/types_machineconfiguration.go | 3 +- .../api/operator/v1/types_network.go | 6 +- ..._generated.featuregated-crd-manifests.yaml | 5 +- .../api/operator/v1alpha1/register.go | 2 + .../api/operator/v1alpha1/types_clusterapi.go | 229 ++++++ .../v1alpha1/zz_generated.deepcopy.go | 168 ++++ ..._generated.featuregated-crd-manifests.yaml | 24 + .../zz_generated.swagger_doc_generated.go | 73 ++ .../openshift/api/operatoringress/v1/types.go | 13 +- ..._generated.featuregated-crd-manifests.yaml | 4 +- .../v1/zz_generated.swagger_doc_generated.go | 2 +- .../config/v1/acceptrisk.go | 23 + .../config/v1/clusterversionstatus.go | 30 +- .../config/v1/conditionalupdate.go | 11 + .../config/v1/conditionalupdaterisk.go | 18 + .../config/v1/oidcprovider.go | 14 + .../config/v1/tokenclaimvalidationcelrule.go | 32 + .../config/v1/tokenclaimvalidationrule.go | 13 +- .../config/v1/tokenissuer.go | 9 + .../config/v1/tokenuservalidationrule.go | 32 + .../applyconfigurations/config/v1/update.go | 14 + .../config/v1alpha1/clustermonitoringspec.go | 15 +- .../v1alpha1/criocredentialproviderconfig.go | 263 +++++++ .../criocredentialproviderconfigspec.go | 29 + .../criocredentialproviderconfigstatus.go | 32 + .../v1alpha1/prometheusoperatorconfig.go | 79 ++ .../applyconfigurations/internal/internal.go | 147 ++++ .../config/applyconfigurations/utils.go | 14 + .../typed/config/v1alpha1/config_client.go | 5 + .../v1alpha1/criocredentialproviderconfig.go | 62 ++ .../v1alpha1/fake/fake_config_client.go | 4 + .../fake/fake_criocredentialproviderconfig.go | 37 + .../config/v1alpha1/generated_expansion.go | 2 + .../v1alpha1/criocredentialproviderconfig.go | 85 ++ .../config/v1alpha1/interface.go | 7 + .../informers/externalversions/generic.go | 2 + .../v1alpha1/criocredentialproviderconfig.go | 32 + .../config/v1alpha1/expansion_generated.go | 4 + .../applyconfigurations/internal/internal.go | 6 + .../machine/v1beta1/machinesetstatus.go | 9 + .../machine/v1beta1/machinestatus.go | 9 + .../applyconfigurations/internal/internal.go | 45 ++ .../operator/v1alpha1/clusterapi.go | 263 +++++++ .../v1alpha1/clusterapiinstallercomponent.go | 36 + .../clusterapiinstallercomponentimage.go | 36 + .../v1alpha1/clusterapiinstallerrevision.go | 70 ++ .../operator/v1alpha1/clusterapispec.go | 25 + .../operator/v1alpha1/clusterapistatus.go | 50 ++ .../typed/operator/v1alpha1/clusterapi.go | 58 ++ .../operator/v1alpha1/generated_expansion.go | 2 + .../operator/v1alpha1/operator_client.go | 5 + vendor/modules.txt | 6 +- 106 files changed, 4848 insertions(+), 604 deletions(-) create mode 100644 vendor/github.com/openshift/api/config/v1alpha1/types_crio_credential_provider_config.go create mode 100644 vendor/github.com/openshift/api/etcd/README.md create mode 100644 vendor/github.com/openshift/api/etcd/install.go create mode 100644 vendor/github.com/openshift/api/etcd/v1alpha1/Makefile create mode 100644 vendor/github.com/openshift/api/etcd/v1alpha1/doc.go create mode 100644 vendor/github.com/openshift/api/etcd/v1alpha1/register.go create mode 100644 vendor/github.com/openshift/api/etcd/v1alpha1/types_pacemakercluster.go create mode 100644 vendor/github.com/openshift/api/etcd/v1alpha1/zz_generated.deepcopy.go create mode 100644 vendor/github.com/openshift/api/etcd/v1alpha1/zz_generated.featuregated-crd-manifests.yaml create mode 100644 vendor/github.com/openshift/api/etcd/v1alpha1/zz_generated.swagger_doc_generated.go create mode 100644 vendor/github.com/openshift/api/operator/v1alpha1/types_clusterapi.go create mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/acceptrisk.go create mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenclaimvalidationcelrule.go create mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenuservalidationrule.go create mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/criocredentialproviderconfig.go create mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/criocredentialproviderconfigspec.go create mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/criocredentialproviderconfigstatus.go create mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/prometheusoperatorconfig.go create mode 100644 vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1/criocredentialproviderconfig.go create mode 100644 vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1/fake/fake_criocredentialproviderconfig.go create mode 100644 vendor/github.com/openshift/client-go/config/informers/externalversions/config/v1alpha1/criocredentialproviderconfig.go create mode 100644 vendor/github.com/openshift/client-go/config/listers/config/v1alpha1/criocredentialproviderconfig.go create mode 100644 vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1alpha1/clusterapi.go create mode 100644 vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1alpha1/clusterapiinstallercomponent.go create mode 100644 vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1alpha1/clusterapiinstallercomponentimage.go create mode 100644 vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1alpha1/clusterapiinstallerrevision.go create mode 100644 vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1alpha1/clusterapispec.go create mode 100644 vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1alpha1/clusterapistatus.go create mode 100644 vendor/github.com/openshift/client-go/operator/clientset/versioned/typed/operator/v1alpha1/clusterapi.go diff --git a/go.mod b/go.mod index 421f67e72471..35dc5c17caf0 100644 --- a/go.mod +++ b/go.mod @@ -61,10 +61,10 @@ require ( github.com/opencontainers/go-digest v1.0.0 github.com/openshift-eng/openshift-tests-extension v0.0.0-20251218142942-7ecc8801b9df github.com/openshift-kni/commatrix v0.0.5-0.20251111204857-e5a931eff73f - github.com/openshift/api v0.0.0-20260114133223-6ab113cb7368 + github.com/openshift/api v0.0.0-20260225172252-64dddb8f3186 github.com/openshift/apiserver-library-go v0.0.0-20251015164739-79d04067059d github.com/openshift/build-machinery-go v0.0.0-20250530140348-dc5b2804eeee - github.com/openshift/client-go v0.0.0-20260108185524-48f4ccfc4e13 + github.com/openshift/client-go v0.0.0-20260219131751-7e63ce155298 github.com/openshift/library-go v0.0.0-20251015151611-6fc7a74b67c5 github.com/ovn-org/ovn-kubernetes/go-controller v0.0.0-20250118001652-a8b9c3c31417 github.com/pborman/uuid v1.2.0 diff --git a/go.sum b/go.sum index a094396ccacb..d15c5ff365a7 100644 --- a/go.sum +++ b/go.sum @@ -830,12 +830,16 @@ github.com/openshift-kni/commatrix v0.0.5-0.20251111204857-e5a931eff73f h1:E72Zo github.com/openshift-kni/commatrix v0.0.5-0.20251111204857-e5a931eff73f/go.mod h1:cDVdp0eda7EHE6tLuSeo4IqPWdAX/KJK+ogBirIGtsI= github.com/openshift/api v0.0.0-20260114133223-6ab113cb7368 h1:kSr3DOlq0NCrHd65HB2o/pBsks7AfRm+fkpf9RLUPoc= github.com/openshift/api v0.0.0-20260114133223-6ab113cb7368/go.mod h1:d5uzF0YN2nQQFA0jIEWzzOZ+edmo6wzlGLvx5Fhz4uY= +github.com/openshift/api v0.0.0-20260225172252-64dddb8f3186 h1:1IBqLfnTwrsauWPpvw4Wz7w57jAhHfUOHSGpKhXRNBg= +github.com/openshift/api v0.0.0-20260225172252-64dddb8f3186/go.mod h1:ZYAxo9t1AALeEotN07tNzIvqqqWSxcZIqMUKnY/xCeQ= github.com/openshift/apiserver-library-go v0.0.0-20251015164739-79d04067059d h1:Mfya3RxHWvidOrKyHj3bmFn5x2B89DLZIvDAhwm+C2s= github.com/openshift/apiserver-library-go v0.0.0-20251015164739-79d04067059d/go.mod h1:zm2/rIUp0p83pz0/1kkSoKTqhTr3uUKSKQ9fP7Z3g7Y= github.com/openshift/build-machinery-go v0.0.0-20250530140348-dc5b2804eeee h1:+Sp5GGnjHDhT/a/nQ1xdp43UscBMr7G5wxsYotyhzJ4= github.com/openshift/build-machinery-go v0.0.0-20250530140348-dc5b2804eeee/go.mod h1:8jcm8UPtg2mCAsxfqKil1xrmRMI3a+XU2TZ9fF8A7TE= github.com/openshift/client-go v0.0.0-20260108185524-48f4ccfc4e13 h1:6rd4zSo2UaWQcAPZfHK9yzKVqH0BnMv1hqMzqXZyTds= github.com/openshift/client-go v0.0.0-20260108185524-48f4ccfc4e13/go.mod h1:YvOmPmV7wcJxpfhTDuFqqs2Xpb3M3ovsM6Qs/i2ptq4= +github.com/openshift/client-go v0.0.0-20260219131751-7e63ce155298 h1:V8uz/2Z4hh+49TUxl0nYs0sDn1fB7lTdSMDKAa6TFY8= +github.com/openshift/client-go v0.0.0-20260219131751-7e63ce155298/go.mod h1:rtH0BhilT6+jn3nWybANEumaBO1vWCKaY8QpwipRy/Y= github.com/openshift/kubernetes v1.30.1-0.20251017123720-96593f323733 h1:Mpab1CmJPLVWGB0CNGoWnup/NScvv55MVPe94c8JgUk= github.com/openshift/kubernetes v1.30.1-0.20251017123720-96593f323733/go.mod h1:w3+IfrXNp5RosdDXg3LB55yijJqR/FwouvVntYHQf0o= github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20251017123720-96593f323733 h1:42lm41QwjG8JoSicx4FHcuIG2kxHxlUnz6c+ftg2e0E= diff --git a/vendor/github.com/openshift/api/.coderabbit.yaml b/vendor/github.com/openshift/api/.coderabbit.yaml index 1cb17f1e19bd..a3ee2d122e37 100644 --- a/vendor/github.com/openshift/api/.coderabbit.yaml +++ b/vendor/github.com/openshift/api/.coderabbit.yaml @@ -14,6 +14,7 @@ reviews: - "!payload-manifests" - "!**/zz_generated.crd-manifests/*" # Contains files - "!**/zz_generated.featuregated-crd-manifests/**" # Contains folders + - "!openapi/**" - "!**/vendor/**" - "!vendor/**" tools: diff --git a/vendor/github.com/openshift/api/.golangci.go-validated.yaml b/vendor/github.com/openshift/api/.golangci.go-validated.yaml index 44c73149d4cd..ed8fcdbe2de6 100644 --- a/vendor/github.com/openshift/api/.golangci.go-validated.yaml +++ b/vendor/github.com/openshift/api/.golangci.go-validated.yaml @@ -12,6 +12,7 @@ linters: linters: enable: - optionalfields + - nonpointerstructs disable: - "*" lintersConfig: diff --git a/vendor/github.com/openshift/api/.golangci.yaml b/vendor/github.com/openshift/api/.golangci.yaml index 516339b48828..608fb0ed2e78 100644 --- a/vendor/github.com/openshift/api/.golangci.yaml +++ b/vendor/github.com/openshift/api/.golangci.yaml @@ -13,12 +13,15 @@ linters: enable: - forbiddenmarkers - maxlength + - minlength - namingconventions - nobools - nomaps + - preferredmarkers - statussubresource disable: - statusoptional # This is legacy and not something we currently recommend. + - nonpointerstructs # This is intended for native types, not CRD types. lintersConfig: conditions: isFirstField: Warn @@ -30,7 +33,6 @@ linters: - identifier: "openshift:validation:FeatureSetAwareEnum" - identifier: "openshift:validation:FeatureSetAwareXValidation" - identifier: "kubebuilder:validation:UniqueItems" - - identifier: "kubebuilder:validation:Pattern" # Use CEL expressions instead optionalfields: pointers: preference: WhenRequired @@ -44,6 +46,11 @@ linters: # This will force omitzero on optional struct fields. # This means they can be omitted correctly and prevents the need for pointers to structs. policy: SuggestFix + preferredmarkers: + markers: + - preferredIdentifier: "kubebuilder:validation:XValidation" + equivalentIdentifiers: + - identifier: "kubebuilder:validation:Pattern" # Use CEL expressions instead to allow more expressive error messages. requiredfields: pointers: # This will force pointers when the field is required, but only when the zero @@ -60,15 +67,13 @@ linters: policy: SuggestFix namingconventions: conventions: - - name: norefs - violationMatcher: "(?i)ref(erence)?s?$" - operation: Drop - message: "reference fields should not need to be named ref(s)/reference(s)" - name: nokind violationMatcher: "^Kind$" operation: Replacement replacement: "Resource" message: "API Kinds can be ambiguous and should be replaced with Resource" + noreferences: + policy: NoReferences uniquemarkers: customMarkers: - identifier: "openshift:validation:FeatureGateAwareEnum" @@ -101,6 +106,14 @@ linters: # This regex must always be updated in tandem with the regex in .golangci.go-validated.yaml that prevents `optionalfields` from being applied to the files in the path. path: machine/v1beta1/(types_awsprovider.go|types_azureprovider.go|types_gcpprovider.go|types_vsphereprovider.go)|machine/v1alpha1/types_openstack.go text: "optionalfields" + - linters: + - kubeapilinter + # Silence norefs lint for `Ref` field in ClusterAPI as it refers to an OCI image reference, not a kube object reference. + path: operator/v1alpha1/types_clusterapi.go + text: "noreferences: naming convention \"no-references\": field ClusterAPIInstallerComponentImage.Ref: field names should not contain reference-related words" + - linters: + - kubeapilinter + path: features|payload-command/*.go issues: # We have a lot of existing issues. # Want to make sure that those adding new fields have an diff --git a/vendor/github.com/openshift/api/Makefile b/vendor/github.com/openshift/api/Makefile index c069d804017a..9b32b58e4332 100644 --- a/vendor/github.com/openshift/api/Makefile +++ b/vendor/github.com/openshift/api/Makefile @@ -114,15 +114,17 @@ update-scripts: update-compatibility update-openapi update-deepcopy update-proto # Update codegen runs all generators in the order they are defined in the root.go file. # The per group generators are:[compatibility, deepcopy, swagger-docs, empty-partial-schema, schema-patch, crd-manifest-merge] # The multi group generators are:[openapi] +# The payload generation must come after these generators have run so they are included here as well, rather than in update-non-codegen. .PHONY: update-codegen update-codegen: hack/update-codegen.sh + make update-payload-crds update-payload-featuregates # Update non-codegen runs all generators that are not part of the codegen utility, or # are part of it, but are not run by default when invoking codegen without a specific generator. # E.g. the payload feature gates which is not part of the generator style, but is still a subcommand. .PHONY: update-non-codegen -update-non-codegen: update-protobuf tests-vendor update-prerelease-lifecycle-gen update-payload-crds update-payload-featuregates +update-non-codegen: update-protobuf tests-vendor update-prerelease-lifecycle-gen .PHONY: update-compatibility update-compatibility: diff --git a/vendor/github.com/openshift/api/apiextensions/v1alpha1/types_compatibilityrequirement.go b/vendor/github.com/openshift/api/apiextensions/v1alpha1/types_compatibilityrequirement.go index 46e211cd551f..0da25370a9b3 100644 --- a/vendor/github.com/openshift/api/apiextensions/v1alpha1/types_compatibilityrequirement.go +++ b/vendor/github.com/openshift/api/apiextensions/v1alpha1/types_compatibilityrequirement.go @@ -21,6 +21,7 @@ import ( // +kubebuilder:subresource:status // +kubebuilder:resource:path=compatibilityrequirements,scope=Cluster // +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/2479 +// +kubebuilder:metadata:annotations="release.openshift.io/feature-gate=CRDCompatibilityRequirementOperator" type CompatibilityRequirement struct { metav1.TypeMeta `json:",inline"` @@ -184,9 +185,11 @@ type CompatibilitySchema struct { // excludedFields is a set of fields in the schema which will not be validated by // crdSchemaValidation or objectSchemaValidation. // The list may contain at most 64 fields. + // Each path in the list must be unique. // When not specified, all fields in the schema will be validated. // +kubebuilder:validation:MinItems=1 // +kubebuilder:validation:MaxItems=64 + // +kubebuilder:validation:XValidation:rule="self.all(x, self.exists_one(y, y.path == x.path))",message="each path in the list must be unique." // +listType=atomic // +optional ExcludedFields []APIExcludedField `json:"excludedFields,omitempty"` diff --git a/vendor/github.com/openshift/api/apiextensions/v1alpha1/zz_generated.featuregated-crd-manifests.yaml b/vendor/github.com/openshift/api/apiextensions/v1alpha1/zz_generated.featuregated-crd-manifests.yaml index 319f2b335f23..433546401ce1 100644 --- a/vendor/github.com/openshift/api/apiextensions/v1alpha1/zz_generated.featuregated-crd-manifests.yaml +++ b/vendor/github.com/openshift/api/apiextensions/v1alpha1/zz_generated.featuregated-crd-manifests.yaml @@ -1,5 +1,6 @@ compatibilityrequirements.apiextensions.openshift.io: - Annotations: {} + Annotations: + release.openshift.io/feature-gate: CRDCompatibilityRequirementOperator ApprovedPRNumber: https://github.com/openshift/api/pull/2479 CRDName: compatibilityrequirements.apiextensions.openshift.io Capability: "" diff --git a/vendor/github.com/openshift/api/apiextensions/v1alpha1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/apiextensions/v1alpha1/zz_generated.swagger_doc_generated.go index a9a4e707e7ae..d615ef28563c 100644 --- a/vendor/github.com/openshift/api/apiextensions/v1alpha1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/apiextensions/v1alpha1/zz_generated.swagger_doc_generated.go @@ -88,7 +88,7 @@ var map_CompatibilitySchema = map[string]string{ "": "CompatibilitySchema defines the schema used by crdSchemaValidation and objectSchemaValidation.", "customResourceDefinition": "customResourceDefinition contains the complete definition of the CRD for schema and object validation purposes. This field is required.", "requiredVersions": "requiredVersions specifies a subset of the CRD's API versions which will be asserted for compatibility. This field is required.", - "excludedFields": "excludedFields is a set of fields in the schema which will not be validated by crdSchemaValidation or objectSchemaValidation. The list may contain at most 64 fields. When not specified, all fields in the schema will be validated.", + "excludedFields": "excludedFields is a set of fields in the schema which will not be validated by crdSchemaValidation or objectSchemaValidation. The list may contain at most 64 fields. Each path in the list must be unique. When not specified, all fields in the schema will be validated.", } func (CompatibilitySchema) SwaggerDoc() map[string]string { diff --git a/vendor/github.com/openshift/api/apps/v1/types.go b/vendor/github.com/openshift/api/apps/v1/types.go index a66ce09ea59a..883770e76420 100644 --- a/vendor/github.com/openshift/api/apps/v1/types.go +++ b/vendor/github.com/openshift/api/apps/v1/types.go @@ -16,7 +16,7 @@ import ( // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // +k8s:prerelease-lifecycle-gen:introduced=3.0 // +k8s:prerelease-lifecycle-gen:deprecated=4.14 -// +k8s:prerelease-lifecycle-gen:removed=4.10000 +// +k8s:prerelease-lifecycle-gen:removed=6.0 // Deployment Configs define the template for a pod and manages deploying new images or configuration changes. // A single deployment configuration is usually analogous to a single micro-service. Can support many different @@ -407,7 +407,7 @@ type DeploymentCondition struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // +k8s:prerelease-lifecycle-gen:introduced=3.0 // +k8s:prerelease-lifecycle-gen:deprecated=4.14 -// +k8s:prerelease-lifecycle-gen:removed=4.10000 +// +k8s:prerelease-lifecycle-gen:removed=6.0 // DeploymentConfigList is a collection of deployment configs. // @@ -427,7 +427,7 @@ type DeploymentConfigList struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // +k8s:prerelease-lifecycle-gen:introduced=3.0 // +k8s:prerelease-lifecycle-gen:deprecated=4.14 -// +k8s:prerelease-lifecycle-gen:removed=4.10000 +// +k8s:prerelease-lifecycle-gen:removed=6.0 // DeploymentConfigRollback provides the input to rollback generation. // @@ -462,7 +462,7 @@ type DeploymentConfigRollbackSpec struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // +k8s:prerelease-lifecycle-gen:introduced=3.0 // +k8s:prerelease-lifecycle-gen:deprecated=4.14 -// +k8s:prerelease-lifecycle-gen:removed=4.10000 +// +k8s:prerelease-lifecycle-gen:removed=6.0 // DeploymentRequest is a request to a deployment config for a new deployment. // @@ -486,7 +486,7 @@ type DeploymentRequest struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // +k8s:prerelease-lifecycle-gen:introduced=3.0 // +k8s:prerelease-lifecycle-gen:deprecated=4.14 -// +k8s:prerelease-lifecycle-gen:removed=4.10000 +// +k8s:prerelease-lifecycle-gen:removed=6.0 // DeploymentLog represents the logs for a deployment // @@ -499,7 +499,7 @@ type DeploymentLog struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // +k8s:prerelease-lifecycle-gen:introduced=3.0 // +k8s:prerelease-lifecycle-gen:deprecated=4.14 -// +k8s:prerelease-lifecycle-gen:removed=4.10000 +// +k8s:prerelease-lifecycle-gen:removed=6.0 // DeploymentLogOptions is the REST options for a deployment log // diff --git a/vendor/github.com/openshift/api/apps/v1/zz_prerelease_lifecycle_generated.go b/vendor/github.com/openshift/api/apps/v1/zz_prerelease_lifecycle_generated.go index b3e4de501068..cdd91d38560f 100644 --- a/vendor/github.com/openshift/api/apps/v1/zz_prerelease_lifecycle_generated.go +++ b/vendor/github.com/openshift/api/apps/v1/zz_prerelease_lifecycle_generated.go @@ -20,7 +20,7 @@ func (in *DeploymentConfig) APILifecycleDeprecated() (major, minor int) { // APILifecycleRemoved is an autogenerated function, returning the release in which the API is no longer served as int versions of major and minor for comparison. // It is controlled by "k8s:prerelease-lifecycle-gen:removed" tags in types.go or "k8s:prerelease-lifecycle-gen:deprecated" plus three minor. func (in *DeploymentConfig) APILifecycleRemoved() (major, minor int) { - return 4, 10000 + return 6, 0 } // APILifecycleIntroduced is an autogenerated function, returning the release in which the API struct was introduced as int versions of major and minor for comparison. @@ -38,7 +38,7 @@ func (in *DeploymentConfigList) APILifecycleDeprecated() (major, minor int) { // APILifecycleRemoved is an autogenerated function, returning the release in which the API is no longer served as int versions of major and minor for comparison. // It is controlled by "k8s:prerelease-lifecycle-gen:removed" tags in types.go or "k8s:prerelease-lifecycle-gen:deprecated" plus three minor. func (in *DeploymentConfigList) APILifecycleRemoved() (major, minor int) { - return 4, 10000 + return 6, 0 } // APILifecycleIntroduced is an autogenerated function, returning the release in which the API struct was introduced as int versions of major and minor for comparison. @@ -56,7 +56,7 @@ func (in *DeploymentConfigRollback) APILifecycleDeprecated() (major, minor int) // APILifecycleRemoved is an autogenerated function, returning the release in which the API is no longer served as int versions of major and minor for comparison. // It is controlled by "k8s:prerelease-lifecycle-gen:removed" tags in types.go or "k8s:prerelease-lifecycle-gen:deprecated" plus three minor. func (in *DeploymentConfigRollback) APILifecycleRemoved() (major, minor int) { - return 4, 10000 + return 6, 0 } // APILifecycleIntroduced is an autogenerated function, returning the release in which the API struct was introduced as int versions of major and minor for comparison. @@ -74,7 +74,7 @@ func (in *DeploymentLog) APILifecycleDeprecated() (major, minor int) { // APILifecycleRemoved is an autogenerated function, returning the release in which the API is no longer served as int versions of major and minor for comparison. // It is controlled by "k8s:prerelease-lifecycle-gen:removed" tags in types.go or "k8s:prerelease-lifecycle-gen:deprecated" plus three minor. func (in *DeploymentLog) APILifecycleRemoved() (major, minor int) { - return 4, 10000 + return 6, 0 } // APILifecycleIntroduced is an autogenerated function, returning the release in which the API struct was introduced as int versions of major and minor for comparison. @@ -92,7 +92,7 @@ func (in *DeploymentLogOptions) APILifecycleDeprecated() (major, minor int) { // APILifecycleRemoved is an autogenerated function, returning the release in which the API is no longer served as int versions of major and minor for comparison. // It is controlled by "k8s:prerelease-lifecycle-gen:removed" tags in types.go or "k8s:prerelease-lifecycle-gen:deprecated" plus three minor. func (in *DeploymentLogOptions) APILifecycleRemoved() (major, minor int) { - return 4, 10000 + return 6, 0 } // APILifecycleIntroduced is an autogenerated function, returning the release in which the API struct was introduced as int versions of major and minor for comparison. @@ -110,5 +110,5 @@ func (in *DeploymentRequest) APILifecycleDeprecated() (major, minor int) { // APILifecycleRemoved is an autogenerated function, returning the release in which the API is no longer served as int versions of major and minor for comparison. // It is controlled by "k8s:prerelease-lifecycle-gen:removed" tags in types.go or "k8s:prerelease-lifecycle-gen:deprecated" plus three minor. func (in *DeploymentRequest) APILifecycleRemoved() (major, minor int) { - return 4, 10000 + return 6, 0 } diff --git a/vendor/github.com/openshift/api/config/v1/types_apiserver.go b/vendor/github.com/openshift/api/config/v1/types_apiserver.go index 0afe7b1d8dee..31d8881858e2 100644 --- a/vendor/github.com/openshift/api/config/v1/types_apiserver.go +++ b/vendor/github.com/openshift/api/config/v1/types_apiserver.go @@ -212,6 +212,7 @@ type APIServerEncryption struct { // +openshift:validation:FeatureGateAwareEnum:featureGate="",enum="";identity;aescbc;aesgcm // +openshift:validation:FeatureGateAwareEnum:featureGate=KMSEncryptionProvider,enum="";identity;aescbc;aesgcm;KMS +// +openshift:validation:FeatureGateAwareEnum:featureGate=KMSEncryption,enum="";identity;aescbc;aesgcm;KMS type EncryptionType string const ( diff --git a/vendor/github.com/openshift/api/config/v1/types_authentication.go b/vendor/github.com/openshift/api/config/v1/types_authentication.go index e300d4eabc5f..e7433281f4a3 100644 --- a/vendor/github.com/openshift/api/config/v1/types_authentication.go +++ b/vendor/github.com/openshift/api/config/v1/types_authentication.go @@ -80,8 +80,7 @@ type AuthenticationSpec struct { // +optional ServiceAccountIssuer string `json:"serviceAccountIssuer"` - // oidcProviders are OIDC identity providers that can issue tokens - // for this cluster + // oidcProviders are OIDC identity providers that can issue tokens for this cluster // Can only be set if "Type" is set to "OIDC". // // At most one provider can be configured. @@ -113,8 +112,7 @@ type AuthenticationStatus struct { // +optional IntegratedOAuthMetadata ConfigMapNameReference `json:"integratedOAuthMetadata"` - // oidcClients is where participating operators place the current OIDC client status - // for OIDC clients that can be customized by the cluster-admin. + // oidcClients is where participating operators place the current OIDC client status for OIDC clients that can be customized by the cluster-admin. // // +listType=map // +listMapKey=componentNamespace @@ -146,8 +144,7 @@ type AuthenticationType string const ( // None means that no cluster managed authentication system is in place. - // Note that user login will only work if a manually configured system is in place and - // referenced in authentication spec via oauthMetadata and + // Note that user login will only work if a manually configured system is in place and referenced in authentication spec via oauthMetadata and // webhookTokenAuthenticator/oidcProviders AuthenticationTypeNone AuthenticationType = "None" @@ -199,10 +196,8 @@ const ( ) type OIDCProvider struct { - // name is a required field that configures the unique human-readable identifier - // associated with the identity provider. - // It is used to distinguish between multiple identity providers - // and has no impact on token validation or authentication mechanics. + // name is a required field that configures the unique human-readable identifier associated with the identity provider. + // It is used to distinguish between multiple identity providers and has no impact on token validation or authentication mechanics. // // name must not be an empty string (""). // @@ -210,15 +205,12 @@ type OIDCProvider struct { // +required Name string `json:"name"` - // issuer is a required field that configures how the platform interacts - // with the identity provider and how tokens issued from the identity provider - // are evaluated by the Kubernetes API server. + // issuer is a required field that configures how the platform interacts with the identity provider and how tokens issued from the identity provider are evaluated by the Kubernetes API server. // // +required Issuer TokenIssuer `json:"issuer"` - // oidcClients is an optional field that configures how on-cluster, - // platform clients should request tokens from the identity provider. + // oidcClients is an optional field that configures how on-cluster, platform clients should request tokens from the identity provider. // oidcClients must not exceed 20 entries and entries must have unique namespace/name pairs. // // +listType=map @@ -228,16 +220,12 @@ type OIDCProvider struct { // +optional OIDCClients []OIDCClientConfig `json:"oidcClients"` - // claimMappings is a required field that configures the rules to be used by - // the Kubernetes API server for translating claims in a JWT token, issued - // by the identity provider, to a cluster identity. + // claimMappings is a required field that configures the rules to be used by the Kubernetes API server for translating claims in a JWT token, issued by the identity provider, to a cluster identity. // // +required ClaimMappings TokenClaimMappings `json:"claimMappings"` - // claimValidationRules is an optional field that configures the rules to - // be used by the Kubernetes API server for validating the claims in a JWT - // token issued by the identity provider. + // claimValidationRules is an optional field that configures the rules to be used by the Kubernetes API server for validating the claims in a JWT token issued by the identity provider. // // Validation rules are joined via an AND operation. // @@ -245,9 +233,7 @@ type OIDCProvider struct { // +optional ClaimValidationRules []TokenClaimValidationRule `json:"claimValidationRules,omitempty"` - // userValidationRules is an optional field that configures the set of rules - // used to validate the cluster user identity that was constructed via - // mapping token claims to user identity attributes. + // userValidationRules is an optional field that configures the set of rules used to validate the cluster user identity that was constructed via mapping token claims to user identity attributes. // Rules are CEL expressions that must evaluate to 'true' for authentication to succeed. // If any rule in the chain of rules evaluates to 'false', authentication will fail. // When specified, at least one rule must be specified and no more than 64 rules may be specified. @@ -266,10 +252,8 @@ type TokenAudience string // +openshift:validation:FeatureGateAwareXValidation:featureGate=ExternalOIDCWithUpstreamParity,rule="self.?discoveryURL.orValue(\"\").size() > 0 ? (self.issuerURL.size() == 0 || self.discoveryURL.find('^.+[^/]') != self.issuerURL.find('^.+[^/]')) : true",message="discoveryURL must be different from issuerURL" type TokenIssuer struct { - // issuerURL is a required field that configures the URL used to issue tokens - // by the identity provider. - // The Kubernetes API server determines how authentication tokens should be handled - // by matching the 'iss' claim in the JWT to the issuerURL of configured identity providers. + // issuerURL is a required field that configures the URL used to issue tokens by the identity provider. + // The Kubernetes API server determines how authentication tokens should be handled by matching the 'iss' claim in the JWT to the issuerURL of configured identity providers. // // Must be at least 1 character and must not exceed 512 characters in length. // Must be a valid URL that uses the 'https' scheme and does not contain a query, fragment or user. @@ -284,8 +268,7 @@ type TokenIssuer struct { // +required URL string `json:"issuerURL"` - // audiences is a required field that configures the acceptable audiences - // the JWT token, issued by the identity provider, must be issued to. + // audiences is a required field that configures the acceptable audiences the JWT token, issued by the identity provider, must be issued to. // At least one of the entries must match the 'aud' claim in the JWT token. // // audiences must contain at least one entry and must not exceed ten entries. @@ -296,24 +279,20 @@ type TokenIssuer struct { // +required Audiences []TokenAudience `json:"audiences"` - // issuerCertificateAuthority is an optional field that configures the - // certificate authority, used by the Kubernetes API server, to validate - // the connection to the identity provider when fetching discovery information. + // issuerCertificateAuthority is an optional field that configures the certificate authority, used by the Kubernetes API server, to validate the connection to the identity provider when fetching discovery information. // // When not specified, the system trust is used. // - // When specified, it must reference a ConfigMap in the openshift-config - // namespace containing the PEM-encoded CA certificates under the 'ca-bundle.crt' - // key in the data field of the ConfigMap. + // When specified, it must reference a ConfigMap in the openshift-config namespace containing the PEM-encoded CA certificates under the 'ca-bundle.crt' key in the data field of the ConfigMap. // // +optional CertificateAuthority ConfigMapNameReference `json:"issuerCertificateAuthority"` - // discoveryURL is an optional field that, if specified, overrides the default discovery endpoint - // used to retrieve OIDC configuration metadata. By default, the discovery URL is derived from `issuerURL` - // as "{issuerURL}/.well-known/openid-configuration". + // discoveryURL is an optional field that, if specified, overrides the default discovery endpoint used to retrieve OIDC configuration metadata. + // By default, the discovery URL is derived from `issuerURL` as "{issuerURL}/.well-known/openid-configuration". // - // The discoveryURL must be a valid absolute HTTPS URL. It must not contain query - // parameters, user information, or fragments. Additionally, it must differ from the value of `url` (ignoring trailing slashes). + // The discoveryURL must be a valid absolute HTTPS URL. + // It must not contain query parameters, user information, or fragments. + // Additionally, it must differ from the value of `issuerURL` (ignoring trailing slashes). // The discoveryURL value must be at least 1 character long and no longer than 2048 characters. // // +optional @@ -329,39 +308,36 @@ type TokenIssuer struct { } type TokenClaimMappings struct { - // username is a required field that configures how the username of a cluster identity - // should be constructed from the claims in a JWT token issued by the identity provider. + // username is a required field that configures how the username of a cluster identity should be constructed from the claims in a JWT token issued by the identity provider. // // +required Username UsernameClaimMapping `json:"username"` - // groups is an optional field that configures how the groups of a cluster identity - // should be constructed from the claims in a JWT token issued - // by the identity provider. - // When referencing a claim, if the claim is present in the JWT - // token, its value must be a list of groups separated by a comma (','). + // groups is an optional field that configures how the groups of a cluster identity should be constructed from the claims in a JWT token issued by the identity provider. + // + // When referencing a claim, if the claim is present in the JWT token, its value must be a list of groups separated by a comma (','). + // // For example - '"example"' and '"exampleOne", "exampleTwo", "exampleThree"' are valid claim values. // // +optional Groups PrefixedClaimMapping `json:"groups,omitempty"` - // uid is an optional field for configuring the claim mapping - // used to construct the uid for the cluster identity. + // uid is an optional field for configuring the claim mapping used to construct the uid for the cluster identity. // // When using uid.claim to specify the claim it must be a single string value. // When using uid.expression the expression must result in a single string value. // - // When omitted, this means the user has no opinion and the platform - // is left to choose a default, which is subject to change over time. + // When omitted, this means the user has no opinion and the platform is left to choose a default, which is subject to change over time. + // // The current default is to use the 'sub' claim. // // +optional // +openshift:enable:FeatureGate=ExternalOIDCWithUIDAndExtraClaimMappings UID *TokenClaimOrExpressionMapping `json:"uid,omitempty"` - // extra is an optional field for configuring the mappings - // used to construct the extra attribute for the cluster identity. + // extra is an optional field for configuring the mappings used to construct the extra attribute for the cluster identity. // When omitted, no extra attributes will be present on the cluster identity. + // // key values for extra mappings must be unique. // A maximum of 32 extra attribute mappings may be provided. // @@ -373,52 +349,39 @@ type TokenClaimMappings struct { Extra []ExtraMapping `json:"extra,omitempty"` } -// TokenClaimMapping allows specifying a JWT token -// claim to be used when mapping claims from an -// authentication token to cluster identities. +// TokenClaimMapping allows specifying a JWT token claim to be used when mapping claims from an authentication token to cluster identities. type TokenClaimMapping struct { - // claim is a required field that configures the JWT token - // claim whose value is assigned to the cluster identity - // field associated with this mapping. + // claim is a required field that configures the JWT token claim whose value is assigned to the cluster identity field associated with this mapping. // // +required Claim string `json:"claim"` } -// TokenClaimOrExpressionMapping allows specifying either a JWT -// token claim or CEL expression to be used when mapping claims -// from an authentication token to cluster identities. +// TokenClaimOrExpressionMapping allows specifying either a JWT token claim or CEL expression to be used when mapping claims from an authentication token to cluster identities. // +kubebuilder:validation:XValidation:rule="has(self.claim) ? !has(self.expression) : has(self.expression)",message="precisely one of claim or expression must be set" type TokenClaimOrExpressionMapping struct { - // claim is an optional field for specifying the - // JWT token claim that is used in the mapping. - // The value of this claim will be assigned to - // the field in which this mapping is associated. + // claim is an optional field for specifying the JWT token claim that is used in the mapping. + // The value of this claim will be assigned to the field in which this mapping is associated. // // Precisely one of claim or expression must be set. // claim must not be specified when expression is set. - // When specified, claim must be at least 1 character in length - // and must not exceed 256 characters in length. + // When specified, claim must be at least 1 character in length and must not exceed 256 characters in length. // // +optional // +kubebuilder:validation:MaxLength=256 // +kubebuilder:validation:MinLength=1 Claim string `json:"claim,omitempty"` - // expression is an optional field for specifying a - // CEL expression that produces a string value from - // JWT token claims. + // expression is an optional field for specifying a CEL expression that produces a string value from JWT token claims. // - // CEL expressions have access to the token claims - // through a CEL variable, 'claims'. + // CEL expressions have access to the token claims through a CEL variable, 'claims'. // 'claims' is a map of claim names to claim values. // For example, the 'sub' claim value can be accessed as 'claims.sub'. // Nested claims can be accessed using dot notation ('claims.foo.bar'). // // Precisely one of claim or expression must be set. // expression must not be specified when claim is set. - // When specified, expression must be at least 1 character in length - // and must not exceed 1024 characters in length. + // When specified, expression must be at least 1 character in length and must not exceed 1024 characters in length. // // +optional // +kubebuilder:validation:MaxLength=1024 @@ -426,13 +389,10 @@ type TokenClaimOrExpressionMapping struct { Expression string `json:"expression,omitempty"` } -// ExtraMapping allows specifying a key and CEL expression -// to evaluate the keys' value. It is used to create additional -// mappings and attributes added to a cluster identity from -// a provided authentication token. +// ExtraMapping allows specifying a key and CEL expression to evaluate the keys' value. +// It is used to create additional mappings and attributes added to a cluster identity from a provided authentication token. type ExtraMapping struct { - // key is a required field that specifies the string - // to use as the extra attribute key. + // key is a required field that specifies the string to use as the extra attribute key. // // key must be a domain-prefix path (e.g 'example.org/foo'). // key must not exceed 510 characters in length. @@ -445,8 +405,7 @@ type ExtraMapping struct { // It must only contain lower case alphanumeric characters and '-' or '.'. // It must not use the reserved domains, or be subdomains of, "kubernetes.io", "k8s.io", and "openshift.io". // - // The path portion of the key (string of characters after the '/') must not be empty and must consist of at least one - // alphanumeric character, percent-encoded octets, '-', '.', '_', '~', '!', '$', '&', ''', '(', ')', '*', '+', ',', ';', '=', and ':'. + // The path portion of the key (string of characters after the '/') must not be empty and must consist of at least one alphanumeric character, percent-encoded octets, '-', '.', '_', '~', '!', '$', '&', ''', '(', ')', '*', '+', ',', ';', '=', and ':'. // It must not exceed 256 characters in length. // // +required @@ -468,14 +427,12 @@ type ExtraMapping struct { // +kubebuilder:validation:XValidation:rule="self.split('/', 2)[1].size() <= 256",message="the path of the key must not exceed 256 characters in length" Key string `json:"key"` - // valueExpression is a required field to specify the CEL expression to extract - // the extra attribute value from a JWT token's claims. + // valueExpression is a required field to specify the CEL expression to extract the extra attribute value from a JWT token's claims. // valueExpression must produce a string or string array value. // "", [], and null are treated as the extra mapping not being present. // Empty string values within an array are filtered out. // - // CEL expressions have access to the token claims - // through a CEL variable, 'claims'. + // CEL expressions have access to the token claims through a CEL variable, 'claims'. // 'claims' is a map of claim names to claim values. // For example, the 'sub' claim value can be accessed as 'claims.sub'. // Nested claims can be accessed using dot notation ('claims.foo.bar'). @@ -489,12 +446,10 @@ type ExtraMapping struct { ValueExpression string `json:"valueExpression"` } -// OIDCClientConfig configures how platform clients -// interact with identity providers as an authentication -// method +// OIDCClientConfig configures how platform clients interact with identity providers as an authentication method. type OIDCClientConfig struct { - // componentName is a required field that specifies the name of the platform - // component being configured to use the identity provider as an authentication mode. + // componentName is a required field that specifies the name of the platform component being configured to use the identity provider as an authentication mode. + // // It is used in combination with componentNamespace as a unique identifier. // // componentName must not be an empty string ("") and must not exceed 256 characters in length. @@ -504,9 +459,8 @@ type OIDCClientConfig struct { // +required ComponentName string `json:"componentName"` - // componentNamespace is a required field that specifies the namespace in which the - // platform component being configured to use the identity provider as an authentication - // mode is running. + // componentNamespace is a required field that specifies the namespace in which the platform component being configured to use the identity provider as an authentication mode is running. + // // It is used in combination with componentName as a unique identifier. // // componentNamespace must not be an empty string ("") and must not exceed 63 characters in length. @@ -516,11 +470,8 @@ type OIDCClientConfig struct { // +required ComponentNamespace string `json:"componentNamespace"` - // clientID is a required field that configures the client identifier, from - // the identity provider, that the platform component uses for authentication - // requests made to the identity provider. - // The identity provider must accept this identifier for platform components - // to be able to use the identity provider as an authentication mode. + // clientID is a required field that configures the client identifier, from the identity provider, that the platform component uses for authentication requests made to the identity provider. + // The identity provider must accept this identifier for platform components to be able to use the identity provider as an authentication mode. // // clientID must not be an empty string (""). // @@ -528,27 +479,21 @@ type OIDCClientConfig struct { // +required ClientID string `json:"clientID"` - // clientSecret is an optional field that configures the client secret used - // by the platform component when making authentication requests to the identity provider. + // clientSecret is an optional field that configures the client secret used by the platform component when making authentication requests to the identity provider. + // + // When not specified, no client secret will be used when making authentication requests to the identity provider. // - // When not specified, no client secret will be used when making authentication requests - // to the identity provider. + // When specified, clientSecret references a Secret in the 'openshift-config' namespace that contains the client secret in the 'clientSecret' key of the '.data' field. // - // When specified, clientSecret references a Secret in the 'openshift-config' - // namespace that contains the client secret in the 'clientSecret' key of the '.data' field. // The client secret will be used when making authentication requests to the identity provider. // - // Public clients do not require a client secret but private - // clients do require a client secret to work with the identity provider. + // Public clients do not require a client secret but private clients do require a client secret to work with the identity provider. // // +optional ClientSecret SecretNameReference `json:"clientSecret"` - // extraScopes is an optional field that configures the extra scopes that should - // be requested by the platform component when making authentication requests to the - // identity provider. - // This is useful if you have configured claim mappings that requires specific - // scopes to be requested beyond the standard OIDC scopes. + // extraScopes is an optional field that configures the extra scopes that should be requested by the platform component when making authentication requests to the identity provider. + // This is useful if you have configured claim mappings that requires specific scopes to be requested beyond the standard OIDC scopes. // // When omitted, no additional scopes are requested. // @@ -561,8 +506,7 @@ type OIDCClientConfig struct { // of platform components and how they interact with // the configured identity providers. type OIDCClientStatus struct { - // componentName is a required field that specifies the name of the platform - // component using the identity provider as an authentication mode. + // componentName is a required field that specifies the name of the platform component using the identity provider as an authentication mode. // It is used in combination with componentNamespace as a unique identifier. // // componentName must not be an empty string ("") and must not exceed 256 characters in length. @@ -572,9 +516,8 @@ type OIDCClientStatus struct { // +required ComponentName string `json:"componentName"` - // componentNamespace is a required field that specifies the namespace in which the - // platform component using the identity provider as an authentication - // mode is running. + // componentNamespace is a required field that specifies the namespace in which the platform component using the identity provider as an authentication mode is running. + // // It is used in combination with componentName as a unique identifier. // // componentNamespace must not be an empty string ("") and must not exceed 63 characters in length. @@ -585,6 +528,7 @@ type OIDCClientStatus struct { ComponentNamespace string `json:"componentNamespace"` // currentOIDCClients is an optional list of clients that the component is currently using. + // // Entries must have unique issuerURL/clientID pairs. // // +listType=map @@ -593,8 +537,7 @@ type OIDCClientStatus struct { // +optional CurrentOIDCClients []OIDCClientReference `json:"currentOIDCClients"` - // consumingUsers is an optional list of ServiceAccounts requiring - // read permissions on the `clientSecret` secret. + // consumingUsers is an optional list of ServiceAccounts requiring read permissions on the `clientSecret` secret. // // consumingUsers must not exceed 5 entries. // @@ -620,8 +563,7 @@ type OIDCClientStatus struct { // OIDCClientReference is a reference to a platform component // client configuration. type OIDCClientReference struct { - // oidcProviderName is a required reference to the 'name' of the identity provider - // configured in 'oidcProviders' that this client is associated with. + // oidcProviderName is a required reference to the 'name' of the identity provider configured in 'oidcProviders' that this client is associated with. // // oidcProviderName must not be an empty string (""). // @@ -629,8 +571,7 @@ type OIDCClientReference struct { // +required OIDCProviderName string `json:"oidcProviderName"` - // issuerURL is a required field that specifies the URL of the identity - // provider that this client is configured to make requests against. + // issuerURL is a required field that specifies the URL of the identity provider that this client is configured to make requests against. // // issuerURL must use the 'https' scheme. // @@ -638,9 +579,7 @@ type OIDCClientReference struct { // +required IssuerURL string `json:"issuerURL"` - // clientID is a required field that specifies the client identifier, from - // the identity provider, that the platform component is using for authentication - // requests made to the identity provider. + // clientID is a required field that specifies the client identifier, from the identity provider, that the platform component is using for authentication requests made to the identity provider. // // clientID must not be empty. // @@ -652,9 +591,7 @@ type OIDCClientReference struct { // +kubebuilder:validation:XValidation:rule="has(self.prefixPolicy) && self.prefixPolicy == 'Prefix' ? (has(self.prefix) && size(self.prefix.prefixString) > 0) : !has(self.prefix)",message="prefix must be set if prefixPolicy is 'Prefix', but must remain unset otherwise" // +union type UsernameClaimMapping struct { - // claim is a required field that configures the JWT token - // claim whose value is assigned to the cluster identity - // field associated with this mapping. + // claim is a required field that configures the JWT token claim whose value is assigned to the cluster identity field associated with this mapping. // // claim must not be an empty string ("") and must not exceed 256 characters. // @@ -663,23 +600,21 @@ type UsernameClaimMapping struct { // +kubebuilder:validation:MaxLength:=256 Claim string `json:"claim"` - // prefixPolicy is an optional field that configures how a prefix should be - // applied to the value of the JWT claim specified in the 'claim' field. + // prefixPolicy is an optional field that configures how a prefix should be applied to the value of the JWT claim specified in the 'claim' field. // // Allowed values are 'Prefix', 'NoPrefix', and omitted (not provided or an empty string). // - // When set to 'Prefix', the value specified in the prefix field will be - // prepended to the value of the JWT claim. + // When set to 'Prefix', the value specified in the prefix field will be prepended to the value of the JWT claim. + // // The prefix field must be set when prefixPolicy is 'Prefix'. // - // When set to 'NoPrefix', no prefix will be prepended to the value - // of the JWT claim. + // When set to 'NoPrefix', no prefix will be prepended to the value of the JWT claim. + // + // When omitted, this means no opinion and the platform is left to choose any prefixes that are applied which is subject to change over time. + // Currently, the platform prepends `{issuerURL}#` to the value of the JWT claim when the claim is not 'email'. // - // When omitted, this means no opinion and the platform is left to choose - // any prefixes that are applied which is subject to change over time. - // Currently, the platform prepends `{issuerURL}#` to the value of the JWT claim - // when the claim is not 'email'. // As an example, consider the following scenario: + // // `prefix` is unset, `issuerURL` is set to `https://myoidc.tld`, // the JWT claims include "username":"userA" and "email":"userA@myoidc.tld", // and `claim` is set to: @@ -691,8 +626,7 @@ type UsernameClaimMapping struct { // +unionDiscriminator PrefixPolicy UsernamePrefixPolicy `json:"prefixPolicy"` - // prefix configures the prefix that should be prepended to the value - // of the JWT claim. + // prefix configures the prefix that should be prepended to the value of the JWT claim. // // prefix must be set when prefixPolicy is set to 'Prefix' and must be unset otherwise. // @@ -701,9 +635,7 @@ type UsernameClaimMapping struct { Prefix *UsernamePrefix `json:"prefix"` } -// UsernamePrefixPolicy configures how prefixes should be applied -// to values extracted from the JWT claims during the process of mapping -// JWT claims to cluster identity attributes. +// UsernamePrefixPolicy configures how prefixes should be applied to values extracted from the JWT claims during the process of mapping JWT claims to cluster identity attributes. // +enum type UsernamePrefixPolicy string @@ -722,9 +654,7 @@ var ( // UsernamePrefix configures the string that should // be used as a prefix for username claim mappings. type UsernamePrefix struct { - // prefixString is a required field that configures the prefix that will - // be applied to cluster identity username attribute - // during the process of mapping JWT claims to cluster identity attributes. + // prefixString is a required field that configures the prefix that will be applied to cluster identity username attribute during the process of mapping JWT claims to cluster identity attributes. // // prefixString must not be an empty string (""). // @@ -738,15 +668,11 @@ type UsernamePrefix struct { type PrefixedClaimMapping struct { TokenClaimMapping `json:",inline"` - // prefix is an optional field that configures the prefix that will be - // applied to the cluster identity attribute during the process of mapping - // JWT claims to cluster identity attributes. + // prefix is an optional field that configures the prefix that will be applied to the cluster identity attribute during the process of mapping JWT claims to cluster identity attributes. // // When omitted (""), no prefix is applied to the cluster identity attribute. // - // Example: if `prefix` is set to "myoidc:" and the `claim` in JWT contains - // an array of strings "a", "b" and "c", the mapping will result in an - // array of string "myoidc:a", "myoidc:b" and "myoidc:c". + // Example: if `prefix` is set to "myoidc:" and the `claim` in JWT contains an array of strings "a", "b" and "c", the mapping will result in an array of string "myoidc:a", "myoidc:b" and "myoidc:c". // // +optional Prefix string `json:"prefix"` @@ -780,19 +706,15 @@ type TokenClaimValidationRule struct { // // Allowed values are "RequiredClaim" and "CEL". // - // When set to 'RequiredClaim', the Kubernetes API server will be configured - // to validate that the incoming JWT contains the required claim and that its - // value matches the required value. + // When set to 'RequiredClaim', the Kubernetes API server will be configured to validate that the incoming JWT contains the required claim and that its value matches the required value. // - // When set to 'CEL', the Kubernetes API server will be configured - // to validate the incoming JWT against the configured CEL expression. + // When set to 'CEL', the Kubernetes API server will be configured to validate the incoming JWT against the configured CEL expression. // +required Type TokenValidationRuleType `json:"type"` // requiredClaim allows configuring a required claim name and its expected value. - // This field is required when `type` is set to RequiredClaim, and must be omitted - // when `type` is set to any other value. The Kubernetes API server uses this field - // to validate if an incoming JWT is valid for this identity provider. + // This field is required when `type` is set to RequiredClaim, and must be omitted when `type` is set to any other value. + // The Kubernetes API server uses this field to validate if an incoming JWT is valid for this identity provider. // // +optional RequiredClaim *TokenRequiredClaim `json:"requiredClaim,omitempty"` @@ -814,10 +736,8 @@ type TokenRequiredClaim struct { // +required Claim string `json:"claim"` - // requiredValue is a required field that configures the value that 'claim' must - // have when taken from the incoming JWT claims. - // If the value in the JWT claims does not match, the token - // will be rejected for authentication. + // requiredValue is a required field that configures the value that 'claim' must have when taken from the incoming JWT claims. + // If the value in the JWT claims does not match, the token will be rejected for authentication. // // requiredValue must not be an empty string (""). // @@ -836,8 +756,7 @@ type TokenClaimValidationCELRule struct { // +required Expression string `json:"expression,omitempty"` - // message is a required human-readable message to be logged by the Kubernetes API server - // if the CEL expression defined in 'expression' fails. + // message is a required human-readable message to be logged by the Kubernetes API server if the CEL expression defined in 'expression' fails. // message must be at least 1 character in length and must not exceed 256 characters. // +required // +kubebuilder:validation:MinLength=1 @@ -848,8 +767,8 @@ type TokenClaimValidationCELRule struct { // TokenUserValidationRule provides a CEL-based rule used to validate a token subject. // Each rule contains a CEL expression that is evaluated against the token’s claims. type TokenUserValidationRule struct { - // expression is a required CEL expression that performs a validation - // on cluster user identity attributes like username, groups, etc. + // expression is a required CEL expression that performs a validation on cluster user identity attributes like username, groups, etc. + // // The expression must evaluate to a boolean value. // When the expression evaluates to 'true', the cluster user identity is considered valid. // When the expression evaluates to 'false', the cluster user identity is not considered valid. @@ -859,8 +778,7 @@ type TokenUserValidationRule struct { // +kubebuilder:validation:MinLength=1 // +kubebuilder:validation:MaxLength=1024 Expression string `json:"expression,omitempty"` - // message is a required human-readable message to be logged by the Kubernetes API server - // if the CEL expression defined in 'expression' fails. + // message is a required human-readable message to be logged by the Kubernetes API server if the CEL expression defined in 'expression' fails. // message must be at least 1 character in length and must not exceed 256 characters. // +required // +kubebuilder:validation:MinLength=1 diff --git a/vendor/github.com/openshift/api/config/v1/types_infrastructure.go b/vendor/github.com/openshift/api/config/v1/types_infrastructure.go index 313ed57a4144..369ba1e7a000 100644 --- a/vendor/github.com/openshift/api/config/v1/types_infrastructure.go +++ b/vendor/github.com/openshift/api/config/v1/types_infrastructure.go @@ -302,9 +302,10 @@ type PlatformSpec struct { // balancers, dynamic volume provisioning, machine creation and deletion, and // other integrations are enabled. If None, no infrastructure automation is // enabled. Allowed values are "AWS", "Azure", "BareMetal", "GCP", "Libvirt", - // "OpenStack", "VSphere", "oVirt", "KubeVirt", "EquinixMetal", "PowerVS", - // "AlibabaCloud", "Nutanix" and "None". Individual components may not support all platforms, - // and must handle unrecognized platforms as None if they do not support that platform. + // "OpenStack", "VSphere", "oVirt", "IBMCloud", "KubeVirt", "EquinixMetal", + // "PowerVS", "AlibabaCloud", "Nutanix", "External", and "None". Individual + // components may not support all platforms, and must handle unrecognized + // platforms as None if they do not support that platform. // // +unionDiscriminator Type PlatformType `json:"type"` diff --git a/vendor/github.com/openshift/api/config/v1/types_insights.go b/vendor/github.com/openshift/api/config/v1/types_insights.go index b0959881f15b..710d4303da22 100644 --- a/vendor/github.com/openshift/api/config/v1/types_insights.go +++ b/vendor/github.com/openshift/api/config/v1/types_insights.go @@ -13,6 +13,7 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" // +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/2448 // +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=config-operator,operatorOrdering=01 // +openshift:enable:FeatureGate=InsightsConfig +// +openshift:capability=Insights // // Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). // +openshift:compatibility-gen:level=1 diff --git a/vendor/github.com/openshift/api/config/v1/types_network.go b/vendor/github.com/openshift/api/config/v1/types_network.go index c0d1602b3766..fb8ed2fff743 100644 --- a/vendor/github.com/openshift/api/config/v1/types_network.go +++ b/vendor/github.com/openshift/api/config/v1/types_network.go @@ -41,7 +41,7 @@ type Network struct { // As a general rule, this SHOULD NOT be read directly. Instead, you should // consume the NetworkStatus, as it indicates the currently deployed configuration. // Currently, most spec fields are immutable after installation. Please view the individual ones for further details on each. -// +openshift:validation:FeatureGateAwareXValidation:featureGate=NetworkDiagnosticsConfig,rule="!has(self.networkDiagnostics) || !has(self.networkDiagnostics.mode) || self.networkDiagnostics.mode!='Disabled' || !has(self.networkDiagnostics.sourcePlacement) && !has(self.networkDiagnostics.targetPlacement)",message="cannot set networkDiagnostics.sourcePlacement and networkDiagnostics.targetPlacement when networkDiagnostics.mode is Disabled" +// +kubebuilder:validation:XValidation:rule="!has(self.networkDiagnostics) || !has(self.networkDiagnostics.mode) || self.networkDiagnostics.mode!='Disabled' || !has(self.networkDiagnostics.sourcePlacement) && !has(self.networkDiagnostics.targetPlacement)",message="cannot set networkDiagnostics.sourcePlacement and networkDiagnostics.targetPlacement when networkDiagnostics.mode is Disabled" type NetworkSpec struct { // IP address pool to use for pod IPs. // This field is immutable after installation. @@ -85,7 +85,6 @@ type NetworkSpec struct { // the network diagnostics feature will be disabled. // // +optional - // +openshift:enable:FeatureGate=NetworkDiagnosticsConfig NetworkDiagnostics NetworkDiagnostics `json:"networkDiagnostics"` } @@ -119,7 +118,6 @@ type NetworkStatus struct { // +optional // +listType=map // +listMapKey=type - // +openshift:enable:FeatureGate=NetworkDiagnosticsConfig Conditions []metav1.Condition `json:"conditions,omitempty"` } diff --git a/vendor/github.com/openshift/api/config/v1/types_tlssecurityprofile.go b/vendor/github.com/openshift/api/config/v1/types_tlssecurityprofile.go index 1e5189796e4c..48657b089475 100644 --- a/vendor/github.com/openshift/api/config/v1/types_tlssecurityprofile.go +++ b/vendor/github.com/openshift/api/config/v1/types_tlssecurityprofile.go @@ -7,9 +7,10 @@ type TLSSecurityProfile struct { // type is one of Old, Intermediate, Modern or Custom. Custom provides the // ability to specify individual TLS security profile parameters. // - // The profiles are currently based on version 5.0 of the Mozilla Server Side TLS - // configuration guidelines (released 2019-06-28) with TLS 1.3 ciphers added for - // forward compatibility. See: https://ssl-config.mozilla.org/guidelines/5.0.json + // The profiles are based on version 5.7 of the Mozilla Server Side TLS + // configuration guidelines. The cipher lists consist of the configuration's + // "ciphersuites" followed by the Go-specific "ciphers" from the guidelines. + // See: https://ssl-config.mozilla.org/guidelines/5.7.json // // The profiles are intent based, so they may change over time as new ciphers are // developed and existing ciphers are found to be insecure. Depending on @@ -22,9 +23,6 @@ type TLSSecurityProfile struct { // old is a TLS profile for use when services need to be accessed by very old // clients or libraries and should be used only as a last resort. // - // The cipher list includes TLS 1.3 ciphers for forward compatibility, followed - // by the "old" profile ciphers. - // // This profile is equivalent to a Custom profile specified as: // minTLSVersion: VersionTLS10 // ciphers: @@ -37,23 +35,15 @@ type TLSSecurityProfile struct { // - ECDHE-RSA-AES256-GCM-SHA384 // - ECDHE-ECDSA-CHACHA20-POLY1305 // - ECDHE-RSA-CHACHA20-POLY1305 - // - DHE-RSA-AES128-GCM-SHA256 - // - DHE-RSA-AES256-GCM-SHA384 - // - DHE-RSA-CHACHA20-POLY1305 // - ECDHE-ECDSA-AES128-SHA256 // - ECDHE-RSA-AES128-SHA256 // - ECDHE-ECDSA-AES128-SHA // - ECDHE-RSA-AES128-SHA - // - ECDHE-ECDSA-AES256-SHA384 - // - ECDHE-RSA-AES256-SHA384 // - ECDHE-ECDSA-AES256-SHA // - ECDHE-RSA-AES256-SHA - // - DHE-RSA-AES128-SHA256 - // - DHE-RSA-AES256-SHA256 // - AES128-GCM-SHA256 // - AES256-GCM-SHA384 // - AES128-SHA256 - // - AES256-SHA256 // - AES128-SHA // - AES256-SHA // - DES-CBC3-SHA @@ -66,9 +56,6 @@ type TLSSecurityProfile struct { // legacy clients and want to remain highly secure while being compatible with // most clients currently in use. // - // The cipher list includes TLS 1.3 ciphers for forward compatibility, followed - // by the "intermediate" profile ciphers. - // // This profile is equivalent to a Custom profile specified as: // minTLSVersion: VersionTLS12 // ciphers: @@ -81,8 +68,6 @@ type TLSSecurityProfile struct { // - ECDHE-RSA-AES256-GCM-SHA384 // - ECDHE-ECDSA-CHACHA20-POLY1305 // - ECDHE-RSA-CHACHA20-POLY1305 - // - DHE-RSA-AES128-GCM-SHA256 - // - DHE-RSA-AES256-GCM-SHA384 // // +optional // +nullable @@ -160,12 +145,14 @@ const ( // TLSProfileSpec is the desired behavior of a TLSSecurityProfile. type TLSProfileSpec struct { // ciphers is used to specify the cipher algorithms that are negotiated - // during the TLS handshake. Operators may remove entries their operands - // do not support. For example, to use DES-CBC3-SHA (yaml): + // during the TLS handshake. Operators may remove entries that their operands + // do not support. For example, to use only ECDHE-RSA-AES128-GCM-SHA256 (yaml): // // ciphers: - // - DES-CBC3-SHA + // - ECDHE-RSA-AES128-GCM-SHA256 // + // TLS 1.3 cipher suites (e.g. TLS_AES_128_GCM_SHA256) are not configurable + // and are always enabled when TLS 1.3 is negotiated. // +listType=atomic Ciphers []string `json:"ciphers"` // minTLSVersion is used to specify the minimal version of the TLS protocol @@ -200,9 +187,11 @@ const ( // TLSProfiles contains a map of TLSProfileType names to TLSProfileSpec. // -// These profiles are based on version 5.0 of the Mozilla Server Side TLS -// configuration guidelines (2019-06-28) with TLS 1.3 cipher suites prepended for -// forward compatibility. See: https://ssl-config.mozilla.org/guidelines/5.0.json +// These profiles are based on version 5.7 of the Mozilla Server Side TLS +// configuration guidelines. See: https://ssl-config.mozilla.org/guidelines/5.7.json +// +// Each Ciphers slice is the configuration's "ciphersuites" followed by the +// Go-specific "ciphers" from the guidelines JSON. // // NOTE: The caller needs to make sure to check that these constants are valid // for their binary. Not all entries map to values for all binaries. In the case @@ -220,23 +209,15 @@ var TLSProfiles = map[TLSProfileType]*TLSProfileSpec{ "ECDHE-RSA-AES256-GCM-SHA384", "ECDHE-ECDSA-CHACHA20-POLY1305", "ECDHE-RSA-CHACHA20-POLY1305", - "DHE-RSA-AES128-GCM-SHA256", - "DHE-RSA-AES256-GCM-SHA384", - "DHE-RSA-CHACHA20-POLY1305", "ECDHE-ECDSA-AES128-SHA256", "ECDHE-RSA-AES128-SHA256", "ECDHE-ECDSA-AES128-SHA", "ECDHE-RSA-AES128-SHA", - "ECDHE-ECDSA-AES256-SHA384", - "ECDHE-RSA-AES256-SHA384", "ECDHE-ECDSA-AES256-SHA", "ECDHE-RSA-AES256-SHA", - "DHE-RSA-AES128-SHA256", - "DHE-RSA-AES256-SHA256", "AES128-GCM-SHA256", "AES256-GCM-SHA384", "AES128-SHA256", - "AES256-SHA256", "AES128-SHA", "AES256-SHA", "DES-CBC3-SHA", @@ -254,8 +235,6 @@ var TLSProfiles = map[TLSProfileType]*TLSProfileSpec{ "ECDHE-RSA-AES256-GCM-SHA384", "ECDHE-ECDSA-CHACHA20-POLY1305", "ECDHE-RSA-CHACHA20-POLY1305", - "DHE-RSA-AES128-GCM-SHA256", - "DHE-RSA-AES256-GCM-SHA384", }, MinTLSVersion: VersionTLS12, }, diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml b/vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml index 5d4794e4bac5..eb7c485e03fc 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml @@ -6,6 +6,7 @@ apiservers.config.openshift.io: Capability: "" Category: "" FeatureGates: + - KMSEncryption - KMSEncryptionProvider FilenameOperatorName: config-operator FilenameOperatorOrdering: "01" @@ -416,7 +417,7 @@ insightsdatagathers.config.openshift.io: Annotations: {} ApprovedPRNumber: https://github.com/openshift/api/pull/2448 CRDName: insightsdatagathers.config.openshift.io - Capability: "" + Capability: Insights Category: "" FeatureGates: - InsightsConfig @@ -442,8 +443,7 @@ networks.config.openshift.io: CRDName: networks.config.openshift.io Capability: "" Category: "" - FeatureGates: - - NetworkDiagnosticsConfig + FeatureGates: [] FilenameOperatorName: config-operator FilenameOperatorOrdering: "01" FilenameRunLevel: "0000_10" diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go index e7bc0aebb336..69fb37c5233c 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go @@ -407,11 +407,11 @@ func (ExtraMapping) SwaggerDoc() map[string]string { } var map_OIDCClientConfig = map[string]string{ - "": "OIDCClientConfig configures how platform clients interact with identity providers as an authentication method", - "componentName": "componentName is a required field that specifies the name of the platform component being configured to use the identity provider as an authentication mode. It is used in combination with componentNamespace as a unique identifier.\n\ncomponentName must not be an empty string (\"\") and must not exceed 256 characters in length.", - "componentNamespace": "componentNamespace is a required field that specifies the namespace in which the platform component being configured to use the identity provider as an authentication mode is running. It is used in combination with componentName as a unique identifier.\n\ncomponentNamespace must not be an empty string (\"\") and must not exceed 63 characters in length.", + "": "OIDCClientConfig configures how platform clients interact with identity providers as an authentication method.", + "componentName": "componentName is a required field that specifies the name of the platform component being configured to use the identity provider as an authentication mode.\n\nIt is used in combination with componentNamespace as a unique identifier.\n\ncomponentName must not be an empty string (\"\") and must not exceed 256 characters in length.", + "componentNamespace": "componentNamespace is a required field that specifies the namespace in which the platform component being configured to use the identity provider as an authentication mode is running.\n\nIt is used in combination with componentName as a unique identifier.\n\ncomponentNamespace must not be an empty string (\"\") and must not exceed 63 characters in length.", "clientID": "clientID is a required field that configures the client identifier, from the identity provider, that the platform component uses for authentication requests made to the identity provider. The identity provider must accept this identifier for platform components to be able to use the identity provider as an authentication mode.\n\nclientID must not be an empty string (\"\").", - "clientSecret": "clientSecret is an optional field that configures the client secret used by the platform component when making authentication requests to the identity provider.\n\nWhen not specified, no client secret will be used when making authentication requests to the identity provider.\n\nWhen specified, clientSecret references a Secret in the 'openshift-config' namespace that contains the client secret in the 'clientSecret' key of the '.data' field. The client secret will be used when making authentication requests to the identity provider.\n\nPublic clients do not require a client secret but private clients do require a client secret to work with the identity provider.", + "clientSecret": "clientSecret is an optional field that configures the client secret used by the platform component when making authentication requests to the identity provider.\n\nWhen not specified, no client secret will be used when making authentication requests to the identity provider.\n\nWhen specified, clientSecret references a Secret in the 'openshift-config' namespace that contains the client secret in the 'clientSecret' key of the '.data' field.\n\nThe client secret will be used when making authentication requests to the identity provider.\n\nPublic clients do not require a client secret but private clients do require a client secret to work with the identity provider.", "extraScopes": "extraScopes is an optional field that configures the extra scopes that should be requested by the platform component when making authentication requests to the identity provider. This is useful if you have configured claim mappings that requires specific scopes to be requested beyond the standard OIDC scopes.\n\nWhen omitted, no additional scopes are requested.", } @@ -433,8 +433,8 @@ func (OIDCClientReference) SwaggerDoc() map[string]string { var map_OIDCClientStatus = map[string]string{ "": "OIDCClientStatus represents the current state of platform components and how they interact with the configured identity providers.", "componentName": "componentName is a required field that specifies the name of the platform component using the identity provider as an authentication mode. It is used in combination with componentNamespace as a unique identifier.\n\ncomponentName must not be an empty string (\"\") and must not exceed 256 characters in length.", - "componentNamespace": "componentNamespace is a required field that specifies the namespace in which the platform component using the identity provider as an authentication mode is running. It is used in combination with componentName as a unique identifier.\n\ncomponentNamespace must not be an empty string (\"\") and must not exceed 63 characters in length.", - "currentOIDCClients": "currentOIDCClients is an optional list of clients that the component is currently using. Entries must have unique issuerURL/clientID pairs.", + "componentNamespace": "componentNamespace is a required field that specifies the namespace in which the platform component using the identity provider as an authentication mode is running.\n\nIt is used in combination with componentName as a unique identifier.\n\ncomponentNamespace must not be an empty string (\"\") and must not exceed 63 characters in length.", + "currentOIDCClients": "currentOIDCClients is an optional list of clients that the component is currently using.\n\nEntries must have unique issuerURL/clientID pairs.", "consumingUsers": "consumingUsers is an optional list of ServiceAccounts requiring read permissions on the `clientSecret` secret.\n\nconsumingUsers must not exceed 5 entries.", "conditions": "conditions are used to communicate the state of the `oidcClients` entry.\n\nSupported conditions include Available, Degraded and Progressing.\n\nIf Available is true, the component is successfully using the configured client. If Degraded is true, that means something has gone wrong trying to handle the client configuration. If Progressing is true, that means the component is taking some action related to the `oidcClients` entry.", } @@ -458,7 +458,7 @@ func (OIDCProvider) SwaggerDoc() map[string]string { var map_PrefixedClaimMapping = map[string]string{ "": "PrefixedClaimMapping configures a claim mapping that allows for an optional prefix.", - "prefix": "prefix is an optional field that configures the prefix that will be applied to the cluster identity attribute during the process of mapping JWT claims to cluster identity attributes.\n\nWhen omitted (\"\"), no prefix is applied to the cluster identity attribute.\n\nExample: if `prefix` is set to \"myoidc:\" and the `claim` in JWT contains an array of strings \"a\", \"b\" and \"c\", the mapping will result in an array of string \"myoidc:a\", \"myoidc:b\" and \"myoidc:c\".", + "prefix": "prefix is an optional field that configures the prefix that will be applied to the cluster identity attribute during the process of mapping JWT claims to cluster identity attributes.\n\nWhen omitted (\"\"), no prefix is applied to the cluster identity attribute.\n\nExample: if `prefix` is set to \"myoidc:\" and the `claim` in JWT contains an array of strings \"a\", \"b\" and \"c\", the mapping will result in an array of string \"myoidc:a\", \"myoidc:b\" and \"myoidc:c\".", } func (PrefixedClaimMapping) SwaggerDoc() map[string]string { @@ -476,9 +476,9 @@ func (TokenClaimMapping) SwaggerDoc() map[string]string { var map_TokenClaimMappings = map[string]string{ "username": "username is a required field that configures how the username of a cluster identity should be constructed from the claims in a JWT token issued by the identity provider.", - "groups": "groups is an optional field that configures how the groups of a cluster identity should be constructed from the claims in a JWT token issued by the identity provider. When referencing a claim, if the claim is present in the JWT token, its value must be a list of groups separated by a comma (','). For example - '\"example\"' and '\"exampleOne\", \"exampleTwo\", \"exampleThree\"' are valid claim values.", - "uid": "uid is an optional field for configuring the claim mapping used to construct the uid for the cluster identity.\n\nWhen using uid.claim to specify the claim it must be a single string value. When using uid.expression the expression must result in a single string value.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose a default, which is subject to change over time. The current default is to use the 'sub' claim.", - "extra": "extra is an optional field for configuring the mappings used to construct the extra attribute for the cluster identity. When omitted, no extra attributes will be present on the cluster identity. key values for extra mappings must be unique. A maximum of 32 extra attribute mappings may be provided.", + "groups": "groups is an optional field that configures how the groups of a cluster identity should be constructed from the claims in a JWT token issued by the identity provider.\n\nWhen referencing a claim, if the claim is present in the JWT token, its value must be a list of groups separated by a comma (',').\n\nFor example - '\"example\"' and '\"exampleOne\", \"exampleTwo\", \"exampleThree\"' are valid claim values.", + "uid": "uid is an optional field for configuring the claim mapping used to construct the uid for the cluster identity.\n\nWhen using uid.claim to specify the claim it must be a single string value. When using uid.expression the expression must result in a single string value.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose a default, which is subject to change over time.\n\nThe current default is to use the 'sub' claim.", + "extra": "extra is an optional field for configuring the mappings used to construct the extra attribute for the cluster identity. When omitted, no extra attributes will be present on the cluster identity.\n\nkey values for extra mappings must be unique. A maximum of 32 extra attribute mappings may be provided.", } func (TokenClaimMappings) SwaggerDoc() map[string]string { @@ -519,7 +519,7 @@ var map_TokenIssuer = map[string]string{ "issuerURL": "issuerURL is a required field that configures the URL used to issue tokens by the identity provider. The Kubernetes API server determines how authentication tokens should be handled by matching the 'iss' claim in the JWT to the issuerURL of configured identity providers.\n\nMust be at least 1 character and must not exceed 512 characters in length. Must be a valid URL that uses the 'https' scheme and does not contain a query, fragment or user.", "audiences": "audiences is a required field that configures the acceptable audiences the JWT token, issued by the identity provider, must be issued to. At least one of the entries must match the 'aud' claim in the JWT token.\n\naudiences must contain at least one entry and must not exceed ten entries.", "issuerCertificateAuthority": "issuerCertificateAuthority is an optional field that configures the certificate authority, used by the Kubernetes API server, to validate the connection to the identity provider when fetching discovery information.\n\nWhen not specified, the system trust is used.\n\nWhen specified, it must reference a ConfigMap in the openshift-config namespace containing the PEM-encoded CA certificates under the 'ca-bundle.crt' key in the data field of the ConfigMap.", - "discoveryURL": "discoveryURL is an optional field that, if specified, overrides the default discovery endpoint used to retrieve OIDC configuration metadata. By default, the discovery URL is derived from `issuerURL` as \"{issuerURL}/.well-known/openid-configuration\".\n\nThe discoveryURL must be a valid absolute HTTPS URL. It must not contain query parameters, user information, or fragments. Additionally, it must differ from the value of `url` (ignoring trailing slashes). The discoveryURL value must be at least 1 character long and no longer than 2048 characters.", + "discoveryURL": "discoveryURL is an optional field that, if specified, overrides the default discovery endpoint used to retrieve OIDC configuration metadata. By default, the discovery URL is derived from `issuerURL` as \"{issuerURL}/.well-known/openid-configuration\".\n\nThe discoveryURL must be a valid absolute HTTPS URL. It must not contain query parameters, user information, or fragments. Additionally, it must differ from the value of `issuerURL` (ignoring trailing slashes). The discoveryURL value must be at least 1 character long and no longer than 2048 characters.", } func (TokenIssuer) SwaggerDoc() map[string]string { @@ -537,7 +537,7 @@ func (TokenRequiredClaim) SwaggerDoc() map[string]string { var map_TokenUserValidationRule = map[string]string{ "": "TokenUserValidationRule provides a CEL-based rule used to validate a token subject. Each rule contains a CEL expression that is evaluated against the token’s claims.", - "expression": "expression is a required CEL expression that performs a validation on cluster user identity attributes like username, groups, etc. The expression must evaluate to a boolean value. When the expression evaluates to 'true', the cluster user identity is considered valid. When the expression evaluates to 'false', the cluster user identity is not considered valid. expression must be at least 1 character in length and must not exceed 1024 characters.", + "expression": "expression is a required CEL expression that performs a validation on cluster user identity attributes like username, groups, etc.\n\nThe expression must evaluate to a boolean value. When the expression evaluates to 'true', the cluster user identity is considered valid. When the expression evaluates to 'false', the cluster user identity is not considered valid. expression must be at least 1 character in length and must not exceed 1024 characters.", "message": "message is a required human-readable message to be logged by the Kubernetes API server if the CEL expression defined in 'expression' fails. message must be at least 1 character in length and must not exceed 256 characters.", } @@ -547,7 +547,7 @@ func (TokenUserValidationRule) SwaggerDoc() map[string]string { var map_UsernameClaimMapping = map[string]string{ "claim": "claim is a required field that configures the JWT token claim whose value is assigned to the cluster identity field associated with this mapping.\n\nclaim must not be an empty string (\"\") and must not exceed 256 characters.", - "prefixPolicy": "prefixPolicy is an optional field that configures how a prefix should be applied to the value of the JWT claim specified in the 'claim' field.\n\nAllowed values are 'Prefix', 'NoPrefix', and omitted (not provided or an empty string).\n\nWhen set to 'Prefix', the value specified in the prefix field will be prepended to the value of the JWT claim. The prefix field must be set when prefixPolicy is 'Prefix'.\n\nWhen set to 'NoPrefix', no prefix will be prepended to the value of the JWT claim.\n\nWhen omitted, this means no opinion and the platform is left to choose any prefixes that are applied which is subject to change over time. Currently, the platform prepends `{issuerURL}#` to the value of the JWT claim when the claim is not 'email'. As an example, consider the following scenario:\n `prefix` is unset, `issuerURL` is set to `https://myoidc.tld`,\n the JWT claims include \"username\":\"userA\" and \"email\":\"userA@myoidc.tld\",\n and `claim` is set to:\n - \"username\": the mapped value will be \"https://myoidc.tld#userA\"\n - \"email\": the mapped value will be \"userA@myoidc.tld\"", + "prefixPolicy": "prefixPolicy is an optional field that configures how a prefix should be applied to the value of the JWT claim specified in the 'claim' field.\n\nAllowed values are 'Prefix', 'NoPrefix', and omitted (not provided or an empty string).\n\nWhen set to 'Prefix', the value specified in the prefix field will be prepended to the value of the JWT claim.\n\nThe prefix field must be set when prefixPolicy is 'Prefix'.\n\nWhen set to 'NoPrefix', no prefix will be prepended to the value of the JWT claim.\n\nWhen omitted, this means no opinion and the platform is left to choose any prefixes that are applied which is subject to change over time. Currently, the platform prepends `{issuerURL}#` to the value of the JWT claim when the claim is not 'email'.\n\nAs an example, consider the following scenario:\n\n `prefix` is unset, `issuerURL` is set to `https://myoidc.tld`,\n the JWT claims include \"username\":\"userA\" and \"email\":\"userA@myoidc.tld\",\n and `claim` is set to:\n - \"username\": the mapped value will be \"https://myoidc.tld#userA\"\n - \"email\": the mapped value will be \"userA@myoidc.tld\"", "prefix": "prefix configures the prefix that should be prepended to the value of the JWT claim.\n\nprefix must be set when prefixPolicy is set to 'Prefix' and must be unset otherwise.", } @@ -1924,7 +1924,7 @@ func (OvirtPlatformStatus) SwaggerDoc() map[string]string { var map_PlatformSpec = map[string]string{ "": "PlatformSpec holds the desired state specific to the underlying infrastructure provider of the current cluster. Since these are used at spec-level for the underlying cluster, it is supposed that only one of the spec structs is set.", - "type": "type is the underlying infrastructure provider for the cluster. This value controls whether infrastructure automation such as service load balancers, dynamic volume provisioning, machine creation and deletion, and other integrations are enabled. If None, no infrastructure automation is enabled. Allowed values are \"AWS\", \"Azure\", \"BareMetal\", \"GCP\", \"Libvirt\", \"OpenStack\", \"VSphere\", \"oVirt\", \"KubeVirt\", \"EquinixMetal\", \"PowerVS\", \"AlibabaCloud\", \"Nutanix\" and \"None\". Individual components may not support all platforms, and must handle unrecognized platforms as None if they do not support that platform.", + "type": "type is the underlying infrastructure provider for the cluster. This value controls whether infrastructure automation such as service load balancers, dynamic volume provisioning, machine creation and deletion, and other integrations are enabled. If None, no infrastructure automation is enabled. Allowed values are \"AWS\", \"Azure\", \"BareMetal\", \"GCP\", \"Libvirt\", \"OpenStack\", \"VSphere\", \"oVirt\", \"IBMCloud\", \"KubeVirt\", \"EquinixMetal\", \"PowerVS\", \"AlibabaCloud\", \"Nutanix\", \"External\", and \"None\". Individual components may not support all platforms, and must handle unrecognized platforms as None if they do not support that platform.", "aws": "aws contains settings specific to the Amazon Web Services infrastructure provider.", "azure": "azure contains settings specific to the Azure infrastructure provider.", "gcp": "gcp contains settings specific to the Google Cloud Platform infrastructure provider.", @@ -3004,7 +3004,7 @@ func (OldTLSProfile) SwaggerDoc() map[string]string { var map_TLSProfileSpec = map[string]string{ "": "TLSProfileSpec is the desired behavior of a TLSSecurityProfile.", - "ciphers": "ciphers is used to specify the cipher algorithms that are negotiated during the TLS handshake. Operators may remove entries their operands do not support. For example, to use DES-CBC3-SHA (yaml):\n\n ciphers:\n - DES-CBC3-SHA", + "ciphers": "ciphers is used to specify the cipher algorithms that are negotiated during the TLS handshake. Operators may remove entries that their operands do not support. For example, to use only ECDHE-RSA-AES128-GCM-SHA256 (yaml):\n\n ciphers:\n - ECDHE-RSA-AES128-GCM-SHA256\n\nTLS 1.3 cipher suites (e.g. TLS_AES_128_GCM_SHA256) are not configurable and are always enabled when TLS 1.3 is negotiated.", "minTLSVersion": "minTLSVersion is used to specify the minimal version of the TLS protocol that is negotiated during the TLS handshake. For example, to use TLS versions 1.1, 1.2 and 1.3 (yaml):\n\n minTLSVersion: VersionTLS11", } @@ -3014,9 +3014,9 @@ func (TLSProfileSpec) SwaggerDoc() map[string]string { var map_TLSSecurityProfile = map[string]string{ "": "TLSSecurityProfile defines the schema for a TLS security profile. This object is used by operators to apply TLS security settings to operands.", - "type": "type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters.\n\nThe profiles are currently based on version 5.0 of the Mozilla Server Side TLS configuration guidelines (released 2019-06-28) with TLS 1.3 ciphers added for forward compatibility. See: https://ssl-config.mozilla.org/guidelines/5.0.json\n\nThe profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on precisely which ciphers are available to a process, the list may be reduced.", - "old": "old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort.\n\nThe cipher list includes TLS 1.3 ciphers for forward compatibility, followed by the \"old\" profile ciphers.\n\nThis profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS10\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES256-GCM-SHA384\n - ECDHE-RSA-AES256-GCM-SHA384\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - DHE-RSA-AES128-GCM-SHA256\n - DHE-RSA-AES256-GCM-SHA384\n - DHE-RSA-CHACHA20-POLY1305\n - ECDHE-ECDSA-AES128-SHA256\n - ECDHE-RSA-AES128-SHA256\n - ECDHE-ECDSA-AES128-SHA\n - ECDHE-RSA-AES128-SHA\n - ECDHE-ECDSA-AES256-SHA384\n - ECDHE-RSA-AES256-SHA384\n - ECDHE-ECDSA-AES256-SHA\n - ECDHE-RSA-AES256-SHA\n - DHE-RSA-AES128-SHA256\n - DHE-RSA-AES256-SHA256\n - AES128-GCM-SHA256\n - AES256-GCM-SHA384\n - AES128-SHA256\n - AES256-SHA256\n - AES128-SHA\n - AES256-SHA\n - DES-CBC3-SHA", - "intermediate": "intermediate is a TLS profile for use when you do not need compatibility with legacy clients and want to remain highly secure while being compatible with most clients currently in use.\n\nThe cipher list includes TLS 1.3 ciphers for forward compatibility, followed by the \"intermediate\" profile ciphers.\n\nThis profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS12\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES256-GCM-SHA384\n - ECDHE-RSA-AES256-GCM-SHA384\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - DHE-RSA-AES128-GCM-SHA256\n - DHE-RSA-AES256-GCM-SHA384", + "type": "type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters.\n\nThe profiles are based on version 5.7 of the Mozilla Server Side TLS configuration guidelines. The cipher lists consist of the configuration's \"ciphersuites\" followed by the Go-specific \"ciphers\" from the guidelines. See: https://ssl-config.mozilla.org/guidelines/5.7.json\n\nThe profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on precisely which ciphers are available to a process, the list may be reduced.", + "old": "old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort.\n\nThis profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS10\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES256-GCM-SHA384\n - ECDHE-RSA-AES256-GCM-SHA384\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - ECDHE-ECDSA-AES128-SHA256\n - ECDHE-RSA-AES128-SHA256\n - ECDHE-ECDSA-AES128-SHA\n - ECDHE-RSA-AES128-SHA\n - ECDHE-ECDSA-AES256-SHA\n - ECDHE-RSA-AES256-SHA\n - AES128-GCM-SHA256\n - AES256-GCM-SHA384\n - AES128-SHA256\n - AES128-SHA\n - AES256-SHA\n - DES-CBC3-SHA", + "intermediate": "intermediate is a TLS profile for use when you do not need compatibility with legacy clients and want to remain highly secure while being compatible with most clients currently in use.\n\nThis profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS12\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES256-GCM-SHA384\n - ECDHE-RSA-AES256-GCM-SHA384\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305", "modern": "modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients.\n\nThis profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS13\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256", "custom": "custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic. An example custom profile looks like this:\n\n minTLSVersion: VersionTLS11\n ciphers:\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256", } diff --git a/vendor/github.com/openshift/api/config/v1alpha1/register.go b/vendor/github.com/openshift/api/config/v1alpha1/register.go index 4b30ea380b1d..c90962495050 100644 --- a/vendor/github.com/openshift/api/config/v1alpha1/register.go +++ b/vendor/github.com/openshift/api/config/v1alpha1/register.go @@ -40,6 +40,8 @@ func addKnownTypes(scheme *runtime.Scheme) error { &ImagePolicyList{}, &ClusterImagePolicy{}, &ClusterImagePolicyList{}, + &CRIOCredentialProviderConfig{}, + &CRIOCredentialProviderConfigList{}, ) metav1.AddToGroupVersion(scheme, GroupVersion) return nil diff --git a/vendor/github.com/openshift/api/config/v1alpha1/types_backup.go b/vendor/github.com/openshift/api/config/v1alpha1/types_backup.go index 77df372d43ef..0f3da5184752 100644 --- a/vendor/github.com/openshift/api/config/v1alpha1/types_backup.go +++ b/vendor/github.com/openshift/api/config/v1alpha1/types_backup.go @@ -93,7 +93,7 @@ type EtcdBackupSpec struct { PVCName string `json:"pvcName"` } -// RetentionType is the enumeration of valid retention policy types +// RetentionType is the enumeration of valid retention policy types. // +enum // +kubebuilder:validation:Enum:="RetentionNumber";"RetentionSize" type RetentionType string @@ -115,7 +115,6 @@ type RetentionPolicy struct { // The current default is RetentionNumber with 15 backups kept. // +unionDiscriminator // +required - // +kubebuilder:validation:Enum:="";"RetentionNumber";"RetentionSize" RetentionType RetentionType `json:"retentionType"` // retentionNumber configures the retention policy based on the number of backups diff --git a/vendor/github.com/openshift/api/config/v1alpha1/types_cluster_monitoring.go b/vendor/github.com/openshift/api/config/v1alpha1/types_cluster_monitoring.go index 0653eeb5a5ed..e72f537f99fa 100644 --- a/vendor/github.com/openshift/api/config/v1alpha1/types_cluster_monitoring.go +++ b/vendor/github.com/openshift/api/config/v1alpha1/types_cluster_monitoring.go @@ -94,6 +94,19 @@ type ClusterMonitoringSpec struct { // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. // +optional MetricsServerConfig MetricsServerConfig `json:"metricsServerConfig,omitempty,omitzero"` + // prometheusOperatorConfig is an optional field that can be used to configure the Prometheus Operator component. + // Specifically, it can configure how the Prometheus Operator instance is deployed, pod scheduling, and resource allocation. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // +optional + PrometheusOperatorConfig PrometheusOperatorConfig `json:"prometheusOperatorConfig,omitempty,omitzero"` + // prometheusOperatorAdmissionWebhookConfig is an optional field that can be used to configure the + // admission webhook component of Prometheus Operator that runs in the openshift-monitoring namespace. + // The admission webhook validates PrometheusRule and AlertmanagerConfig objects to ensure they are + // semantically valid, mutates PrometheusRule annotations, and converts AlertmanagerConfig objects + // between API versions. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // +optional + PrometheusOperatorAdmissionWebhookConfig PrometheusOperatorAdmissionWebhookConfig `json:"prometheusOperatorAdmissionWebhookConfig,omitempty,omitzero"` } // UserDefinedMonitoring config for user-defined projects. @@ -185,6 +198,7 @@ type AlertmanagerCustomConfig struct { // limit: null // Maximum length for this list is 10. // Minimum length for this list is 1. + // Each resource name must be unique within this list. // +optional // +listType=map // +listMapKey=name @@ -218,8 +232,8 @@ type AlertmanagerCustomConfig struct { // When omitted, this means the user has no opinion and the platform is left // to choose reasonable defaults. These defaults are subject to change over time. // Defaults are empty/unset. - // Maximum length for this list is 10 - // Minimum length for this list is 1 + // Maximum length for this list is 10. + // Minimum length for this list is 1. // +kubebuilder:validation:MaxItems=10 // +kubebuilder:validation:MinItems=1 // +listType=atomic @@ -235,7 +249,7 @@ type AlertmanagerCustomConfig struct { // This field maps directly to the `topologySpreadConstraints` field in the Pod spec. // Default is empty list. // Maximum length for this list is 10. - // Minimum length for this list is 1 + // Minimum length for this list is 1. // Entries must have unique topologyKey and whenUnsatisfiable pairs. // +kubebuilder:validation:MaxItems=10 // +kubebuilder:validation:MinItems=1 @@ -356,8 +370,8 @@ type MetricsServerConfig struct { // When omitted, this means the user has no opinion and the platform is left // to choose reasonable defaults. These defaults are subject to change over time. // Defaults are empty/unset. - // Maximum length for this list is 10 - // Minimum length for this list is 1 + // Maximum length for this list is 10. + // Minimum length for this list is 1. // +kubebuilder:validation:MaxItems=10 // +kubebuilder:validation:MinItems=1 // +listType=atomic @@ -389,6 +403,7 @@ type MetricsServerConfig struct { // limit: null // Maximum length for this list is 10. // Minimum length for this list is 1. + // Each resource name must be unique within this list. // +optional // +listType=map // +listMapKey=name @@ -405,7 +420,142 @@ type MetricsServerConfig struct { // This field maps directly to the `topologySpreadConstraints` field in the Pod spec. // Default is empty list. // Maximum length for this list is 10. - // Minimum length for this list is 1 + // Minimum length for this list is 1. + // Entries must have unique topologyKey and whenUnsatisfiable pairs. + // +kubebuilder:validation:MaxItems=10 + // +kubebuilder:validation:MinItems=1 + // +listType=map + // +listMapKey=topologyKey + // +listMapKey=whenUnsatisfiable + // +optional + TopologySpreadConstraints []v1.TopologySpreadConstraint `json:"topologySpreadConstraints,omitempty"` +} + +// PrometheusOperatorConfig provides configuration options for the Prometheus Operator instance +// Use this configuration to control how the Prometheus Operator instance is deployed, how it logs, and how its pods are scheduled. +// +kubebuilder:validation:MinProperties=1 +type PrometheusOperatorConfig struct { + // logLevel defines the verbosity of logs emitted by Prometheus Operator. + // This field allows users to control the amount and severity of logs generated, which can be useful + // for debugging issues or reducing noise in production environments. + // Allowed values are Error, Warn, Info, and Debug. + // When set to Error, only errors will be logged. + // When set to Warn, both warnings and errors will be logged. + // When set to Info, general information, warnings, and errors will all be logged. + // When set to Debug, detailed debugging information will be logged. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. + // The current default value is `Info`. + // +optional + LogLevel LogLevel `json:"logLevel,omitempty"` + // nodeSelector defines the nodes on which the Pods are scheduled + // nodeSelector is optional. + // + // When omitted, this means the user has no opinion and the platform is left + // to choose reasonable defaults. These defaults are subject to change over time. + // The current default value is `kubernetes.io/os: linux`. + // When specified, nodeSelector must contain at least 1 entry and must not contain more than 10 entries. + // +optional + // +kubebuilder:validation:MinProperties=1 + // +kubebuilder:validation:MaxProperties=10 + NodeSelector map[string]string `json:"nodeSelector,omitempty"` + // resources defines the compute resource requests and limits for the Prometheus Operator container. + // This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. + // When not specified, defaults are used by the platform. Requests cannot exceed limits. + // This field is optional. + // More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + // This is a simplified API that maps to Kubernetes ResourceRequirements. + // The current default values are: + // resources: + // - name: cpu + // request: 4m + // limit: null + // - name: memory + // request: 40Mi + // limit: null + // Maximum length for this list is 10. + // Minimum length for this list is 1. + // Each resource name must be unique within this list. + // +optional + // +listType=map + // +listMapKey=name + // +kubebuilder:validation:MaxItems=10 + // +kubebuilder:validation:MinItems=1 + Resources []ContainerResource `json:"resources,omitempty"` + // tolerations defines tolerations for the pods. + // tolerations is optional. + // + // When omitted, this means the user has no opinion and the platform is left + // to choose reasonable defaults. These defaults are subject to change over time. + // Defaults are empty/unset. + // Maximum length for this list is 10. + // Minimum length for this list is 1. + // +kubebuilder:validation:MaxItems=10 + // +kubebuilder:validation:MinItems=1 + // +listType=atomic + // +optional + Tolerations []v1.Toleration `json:"tolerations,omitempty"` + // topologySpreadConstraints defines rules for how Prometheus Operator Pods should be distributed + // across topology domains such as zones, nodes, or other user-defined labels. + // topologySpreadConstraints is optional. + // This helps improve high availability and resource efficiency by avoiding placing + // too many replicas in the same failure domain. + // + // When omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. + // This field maps directly to the `topologySpreadConstraints` field in the Pod spec. + // Default is empty list. + // Maximum length for this list is 10. + // Minimum length for this list is 1. + // Entries must have unique topologyKey and whenUnsatisfiable pairs. + // +kubebuilder:validation:MaxItems=10 + // +kubebuilder:validation:MinItems=1 + // +listType=map + // +listMapKey=topologyKey + // +listMapKey=whenUnsatisfiable + // +optional + TopologySpreadConstraints []v1.TopologySpreadConstraint `json:"topologySpreadConstraints,omitempty"` +} + +// PrometheusOperatorAdmissionWebhookConfig provides configuration options for the admission webhook +// component of Prometheus Operator that runs in the `openshift-monitoring` namespace. The admission +// webhook validates PrometheusRule and AlertmanagerConfig objects, mutates PrometheusRule annotations, +// and converts AlertmanagerConfig objects between API versions. +// +kubebuilder:validation:MinProperties=1 +type PrometheusOperatorAdmissionWebhookConfig struct { + // resources defines the compute resource requests and limits for the + // prometheus-operator-admission-webhook container. + // This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. + // When not specified, defaults are used by the platform. Requests cannot exceed limits. + // This field is optional. + // More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + // This is a simplified API that maps to Kubernetes ResourceRequirements. + // The current default values are: + // resources: + // - name: cpu + // request: 5m + // limit: null + // - name: memory + // request: 30Mi + // limit: null + // Maximum length for this list is 10. + // Minimum length for this list is 1. + // Each resource name must be unique within this list. + // +optional + // +listType=map + // +listMapKey=name + // +kubebuilder:validation:MaxItems=10 + // +kubebuilder:validation:MinItems=1 + Resources []ContainerResource `json:"resources,omitempty"` + // topologySpreadConstraints defines rules for how admission webhook Pods should be distributed + // across topology domains such as zones, nodes, or other user-defined labels. + // topologySpreadConstraints is optional. + // This helps improve high availability and resource efficiency by avoiding placing + // too many replicas in the same failure domain. + // + // When omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. + // This field maps directly to the `topologySpreadConstraints` field in the Pod spec. + // Default is empty list. + // Maximum length for this list is 10. + // Minimum length for this list is 1. // Entries must have unique topologyKey and whenUnsatisfiable pairs. // +kubebuilder:validation:MaxItems=10 // +kubebuilder:validation:MinItems=1 diff --git a/vendor/github.com/openshift/api/config/v1alpha1/types_crio_credential_provider_config.go b/vendor/github.com/openshift/api/config/v1alpha1/types_crio_credential_provider_config.go new file mode 100644 index 000000000000..9e2e0d39d28f --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1alpha1/types_crio_credential_provider_config.go @@ -0,0 +1,186 @@ +package v1alpha1 + +import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + +// +genclient +// +genclient:nonNamespaced +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// CRIOCredentialProviderConfig holds cluster-wide singleton resource configurations for CRI-O credential provider, the name of this instance is "cluster". CRI-O credential provider is a binary shipped with CRI-O that provides a way to obtain container image pull credentials from external sources. +// For example, it can be used to fetch mirror registry credentials from secrets resources in the cluster within the same namespace the pod will be running in. +// CRIOCredentialProviderConfig configuration specifies the pod image sources registries that should trigger the CRI-O credential provider execution, which will resolve the CRI-O mirror configurations and obtain the necessary credentials for pod creation. +// Note: Configuration changes will only take effect after the kubelet restarts, which is automatically managed by the cluster during rollout. +// +// The resource is a singleton named "cluster". +// +// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=criocredentialproviderconfigs,scope=Cluster +// +kubebuilder:subresource:status +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/2557 +// +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=config-operator,operatorOrdering=01 +// +openshift:enable:FeatureGate=CRIOCredentialProviderConfig +// +openshift:compatibility-gen:level=4 +// +kubebuilder:validation:XValidation:rule="self.metadata.name == 'cluster'",message="criocredentialproviderconfig is a singleton, .metadata.name must be 'cluster'" +type CRIOCredentialProviderConfig struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metav1.ObjectMeta `json:"metadata,omitzero"` + + // spec defines the desired configuration of the CRI-O Credential Provider. + // This field is required and must be provided when creating the resource. + // +required + Spec *CRIOCredentialProviderConfigSpec `json:"spec,omitempty,omitzero"` + + // status represents the current state of the CRIOCredentialProviderConfig. + // When omitted or nil, it indicates that the status has not yet been set by the controller. + // The controller will populate this field with validation conditions and operational state. + // +optional + Status CRIOCredentialProviderConfigStatus `json:"status,omitzero,omitempty"` +} + +// CRIOCredentialProviderConfigSpec defines the desired configuration of the CRI-O Credential Provider. +// +kubebuilder:validation:MinProperties=0 +type CRIOCredentialProviderConfigSpec struct { + // matchImages is a list of string patterns used to determine whether + // the CRI-O credential provider should be invoked for a given image. This list is + // passed to the kubelet CredentialProviderConfig, and if any pattern matches + // the requested image, CRI-O credential provider will be invoked to obtain credentials for pulling + // that image or its mirrors. + // Depending on the platform, the CRI-O credential provider may be installed alongside an existing platform specific provider. + // Conflicts between the existing platform specific provider image match configuration and this list will be handled by + // the following precedence rule: credentials from built-in kubelet providers (e.g., ECR, GCR, ACR) take precedence over those + // from the CRIOCredentialProviderConfig when both match the same image. + // To avoid uncertainty, it is recommended to avoid configuring your private image patterns to overlap with + // existing platform specific provider config(e.g., the entries from https://github.com/openshift/machine-config-operator/blob/main/templates/common/aws/files/etc-kubernetes-credential-providers-ecr-credential-provider.yaml). + // You can check the resource's Status conditions + // to see if any entries were ignored due to exact matches with known built-in provider patterns. + // + // This field is optional, the items of the list must contain between 1 and 50 entries. + // The list is treated as a set, so duplicate entries are not allowed. + // + // For more details, see: + // https://kubernetes.io/docs/tasks/administer-cluster/kubelet-credential-provider/ + // https://github.com/cri-o/crio-credential-provider#architecture + // + // Each entry in matchImages is a pattern which can optionally contain a port and a path. Each entry must be no longer than 512 characters. + // Wildcards ('*') are supported for full subdomain labels, such as '*.k8s.io' or 'k8s.*.io', + // and for top-level domains, such as 'k8s.*' (which matches 'k8s.io' or 'k8s.net'). + // A global wildcard '*' (matching any domain) is not allowed. + // Wildcards may replace an entire hostname label (e.g., *.example.com), but they cannot appear within a label (e.g., f*oo.example.com) and are not allowed in the port or path. + // For example, 'example.*.com' is valid, but 'exa*mple.*.com' is not. + // Each wildcard matches only a single domain label, + // so '*.io' does **not** match '*.k8s.io'. + // + // A match exists between an image and a matchImage when all of the below are true: + // Both contain the same number of domain parts and each part matches. + // The URL path of an matchImages must be a prefix of the target image URL path. + // If the matchImages contains a port, then the port must match in the image as well. + // + // Example values of matchImages: + // - 123456789.dkr.ecr.us-east-1.amazonaws.com + // - *.azurecr.io + // - gcr.io + // - *.*.registry.io + // - registry.io:8080/path + // + // +kubebuilder:validation:MaxItems=50 + // +kubebuilder:validation:MinItems=1 + // +listType=set + // +optional + MatchImages []MatchImage `json:"matchImages,omitempty"` +} + +// MatchImage is a string pattern used to match container image registry addresses. +// It must be a valid fully qualified domain name with optional wildcard, port, and path. +// The maximum length is 512 characters. +// +// Wildcards ('*') are supported for full subdomain labels and top-level domains. +// Each entry can optionally contain a port (e.g., :8080) and a path (e.g., /path). +// Wildcards are not allowed in the port or path portions. +// +// Examples: +// - "registry.io" - matches exactly registry.io +// - "*.azurecr.io" - matches any single subdomain of azurecr.io +// - "registry.io:8080/path" - matches with specific port and path prefix +// +// +kubebuilder:validation:MaxLength=512 +// +kubebuilder:validation:MinLength=1 +// +kubebuilder:validation:XValidation:rule="self != '*'",message="global wildcard '*' is not allowed" +// +kubebuilder:validation:XValidation:rule=`self.matches('^((\\*|[a-z0-9]([a-z0-9-]*[a-z0-9])?)(\\.(\\*|[a-z0-9]([a-z0-9-]*[a-z0-9])?))*)(:[0-9]+)?(/[-a-z0-9._/]*)?$')`,message="invalid matchImages value, must be a valid fully qualified domain name in lowercase with optional wildcard, port, and path" +type MatchImage string + +// +k8s:deepcopy-gen=true +// CRIOCredentialProviderConfigStatus defines the observed state of CRIOCredentialProviderConfig +// +kubebuilder:validation:MinProperties=1 +type CRIOCredentialProviderConfigStatus struct { + // conditions represent the latest available observations of the configuration state. + // When omitted, it indicates that no conditions have been reported yet. + // The maximum number of conditions is 16. + // Conditions are stored as a map keyed by condition type, ensuring uniqueness. + // + // Expected condition types include: + // "Validated": indicates whether the matchImages configuration is valid + // +optional + // +kubebuilder:validation:MaxItems=16 + // +kubebuilder:validation:MinItems=1 + // +listType=map + // +listMapKey=type + Conditions []metav1.Condition `json:"conditions,omitempty"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// CRIOCredentialProviderConfigList contains a list of CRIOCredentialProviderConfig resources +// +// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +// +openshift:compatibility-gen:level=4 +type CRIOCredentialProviderConfigList struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard list's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ListMeta `json:"metadata"` + + Items []CRIOCredentialProviderConfig `json:"items"` +} + +const ( + // ConditionTypeValidated is a condition type that indicates whether the CRIOCredentialProviderConfig + // matchImages configuration has been validated successfully. + // When True, all matchImage patterns are valid and have been applied. + // When False, the configuration contains errors (see Reason for details). + // Possible reasons for False status: + // - ValidationFailed: matchImages contains invalid patterns + // - ConfigurationPartiallyApplied: some matchImage entries were ignored due to conflicts + ConditionTypeValidated = "Validated" + + // ReasonValidationFailed is a condition reason used with ConditionTypeValidated=False + // to indicate that the matchImages configuration contains one or more invalid registry patterns + // that do not conform to the required format (valid FQDN with optional wildcard, port, and path). + ReasonValidationFailed = "ValidationFailed" + + // ReasonConfigurationPartiallyApplied is a condition reason used with ConditionTypeValidated=False + // to indicate that some matchImage entries were ignored due to conflicts or overlapping patterns. + // The condition message will contain details about which entries were ignored and why. + ReasonConfigurationPartiallyApplied = "ConfigurationPartiallyApplied" + + // ConditionTypeMachineConfigRendered is a condition type that indicates whether + // the CRIOCredentialProviderConfig has been successfully rendered into a + // MachineConfig object. + // When True, the corresponding MachineConfig is present in the cluster. + // When False, rendering failed. + ConditionTypeMachineConfigRendered = "MachineConfigRendered" + + // ReasonMachineConfigRenderingSucceeded is a condition reason used with ConditionTypeMachineConfigRendered=True + // to indicate that the MachineConfig was successfully created/updated in the API server. + ReasonMachineConfigRenderingSucceeded = "MachineConfigRenderingSucceeded" + + // ReasonMachineConfigRenderingFailed is a condition reason used with ConditionTypeMachineConfigRendered=False + // to indicate that the MachineConfig creation/update failed. + // The condition message will contain details about the failure. + ReasonMachineConfigRenderingFailed = "MachineConfigRenderingFailed" +) diff --git a/vendor/github.com/openshift/api/config/v1alpha1/types_insights.go b/vendor/github.com/openshift/api/config/v1alpha1/types_insights.go index 46666ae3b23b..43546d03b2d9 100644 --- a/vendor/github.com/openshift/api/config/v1alpha1/types_insights.go +++ b/vendor/github.com/openshift/api/config/v1alpha1/types_insights.go @@ -16,6 +16,7 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" // +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=config-operator,operatorOrdering=01 // +openshift:enable:FeatureGate=InsightsConfig // +openshift:compatibility-gen:level=4 +// +openshift:capability=Insights type InsightsDataGather struct { metav1.TypeMeta `json:",inline"` @@ -58,6 +59,7 @@ type GatherConfig struct { // "oc get insightsoperators.operator.openshift.io cluster -o json | jq '.status.gatherStatus.gatherers[].name'" // An example of disabling gatherers looks like this: `disabledGatherers: ["clusterconfig/machine_configs", "workloads/workload_info"]` // +kubebuilder:validation:MaxItems=100 + // +listType=atomic // +optional DisabledGatherers []DisabledGatherer `json:"disabledGatherers"` // storage is an optional field that allows user to define persistent storage for gathering jobs to store the Insights data archive. diff --git a/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.deepcopy.go index 9ead6aba26b3..d648413ab51f 100644 --- a/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.deepcopy.go @@ -192,6 +192,115 @@ func (in *BackupStatus) DeepCopy() *BackupStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CRIOCredentialProviderConfig) DeepCopyInto(out *CRIOCredentialProviderConfig) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + if in.Spec != nil { + in, out := &in.Spec, &out.Spec + *out = new(CRIOCredentialProviderConfigSpec) + (*in).DeepCopyInto(*out) + } + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CRIOCredentialProviderConfig. +func (in *CRIOCredentialProviderConfig) DeepCopy() *CRIOCredentialProviderConfig { + if in == nil { + return nil + } + out := new(CRIOCredentialProviderConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *CRIOCredentialProviderConfig) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CRIOCredentialProviderConfigList) DeepCopyInto(out *CRIOCredentialProviderConfigList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]CRIOCredentialProviderConfig, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CRIOCredentialProviderConfigList. +func (in *CRIOCredentialProviderConfigList) DeepCopy() *CRIOCredentialProviderConfigList { + if in == nil { + return nil + } + out := new(CRIOCredentialProviderConfigList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *CRIOCredentialProviderConfigList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CRIOCredentialProviderConfigSpec) DeepCopyInto(out *CRIOCredentialProviderConfigSpec) { + *out = *in + if in.MatchImages != nil { + in, out := &in.MatchImages, &out.MatchImages + *out = make([]MatchImage, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CRIOCredentialProviderConfigSpec. +func (in *CRIOCredentialProviderConfigSpec) DeepCopy() *CRIOCredentialProviderConfigSpec { + if in == nil { + return nil + } + out := new(CRIOCredentialProviderConfigSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CRIOCredentialProviderConfigStatus) DeepCopyInto(out *CRIOCredentialProviderConfigStatus) { + *out = *in + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]metav1.Condition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CRIOCredentialProviderConfigStatus. +func (in *CRIOCredentialProviderConfigStatus) DeepCopy() *CRIOCredentialProviderConfigStatus { + if in == nil { + return nil + } + out := new(CRIOCredentialProviderConfigStatus) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ClusterImagePolicy) DeepCopyInto(out *ClusterImagePolicy) { *out = *in @@ -365,6 +474,8 @@ func (in *ClusterMonitoringSpec) DeepCopyInto(out *ClusterMonitoringSpec) { out.UserDefined = in.UserDefined in.AlertmanagerConfig.DeepCopyInto(&out.AlertmanagerConfig) in.MetricsServerConfig.DeepCopyInto(&out.MetricsServerConfig) + in.PrometheusOperatorConfig.DeepCopyInto(&out.PrometheusOperatorConfig) + in.PrometheusOperatorAdmissionWebhookConfig.DeepCopyInto(&out.PrometheusOperatorAdmissionWebhookConfig) return } @@ -952,6 +1063,80 @@ func (in *PolicyRootOfTrust) DeepCopy() *PolicyRootOfTrust { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PrometheusOperatorAdmissionWebhookConfig) DeepCopyInto(out *PrometheusOperatorAdmissionWebhookConfig) { + *out = *in + if in.Resources != nil { + in, out := &in.Resources, &out.Resources + *out = make([]ContainerResource, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.TopologySpreadConstraints != nil { + in, out := &in.TopologySpreadConstraints, &out.TopologySpreadConstraints + *out = make([]v1.TopologySpreadConstraint, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PrometheusOperatorAdmissionWebhookConfig. +func (in *PrometheusOperatorAdmissionWebhookConfig) DeepCopy() *PrometheusOperatorAdmissionWebhookConfig { + if in == nil { + return nil + } + out := new(PrometheusOperatorAdmissionWebhookConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PrometheusOperatorConfig) DeepCopyInto(out *PrometheusOperatorConfig) { + *out = *in + if in.NodeSelector != nil { + in, out := &in.NodeSelector, &out.NodeSelector + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + if in.Resources != nil { + in, out := &in.Resources, &out.Resources + *out = make([]ContainerResource, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Tolerations != nil { + in, out := &in.Tolerations, &out.Tolerations + *out = make([]v1.Toleration, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.TopologySpreadConstraints != nil { + in, out := &in.TopologySpreadConstraints, &out.TopologySpreadConstraints + *out = make([]v1.TopologySpreadConstraint, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PrometheusOperatorConfig. +func (in *PrometheusOperatorConfig) DeepCopy() *PrometheusOperatorConfig { + if in == nil { + return nil + } + out := new(PrometheusOperatorConfig) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *RetentionNumberConfig) DeepCopyInto(out *RetentionNumberConfig) { *out = *in diff --git a/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.featuregated-crd-manifests.yaml b/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.featuregated-crd-manifests.yaml index 2f79f801dd40..14091b5872b1 100644 --- a/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.featuregated-crd-manifests.yaml +++ b/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.featuregated-crd-manifests.yaml @@ -21,6 +21,29 @@ backups.config.openshift.io: - AutomatedEtcdBackup Version: v1alpha1 +criocredentialproviderconfigs.config.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/2557 + CRDName: criocredentialproviderconfigs.config.openshift.io + Capability: "" + Category: "" + FeatureGates: + - CRIOCredentialProviderConfig + FilenameOperatorName: config-operator + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_10" + GroupName: config.openshift.io + HasStatus: true + KindName: CRIOCredentialProviderConfig + Labels: {} + PluralName: criocredentialproviderconfigs + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: + - CRIOCredentialProviderConfig + Version: v1alpha1 + clusterimagepolicies.config.openshift.io: Annotations: {} ApprovedPRNumber: https://github.com/openshift/api/pull/1457 @@ -97,7 +120,7 @@ insightsdatagathers.config.openshift.io: Annotations: {} ApprovedPRNumber: https://github.com/openshift/api/pull/1245 CRDName: insightsdatagathers.config.openshift.io - Capability: "" + Capability: Insights Category: "" FeatureGates: - InsightsConfig diff --git a/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.swagger_doc_generated.go index 59a5b3708568..343947f59127 100644 --- a/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.swagger_doc_generated.go @@ -132,10 +132,10 @@ var map_AlertmanagerCustomConfig = map[string]string{ "": "AlertmanagerCustomConfig represents the configuration for a custom Alertmanager deployment. alertmanagerCustomConfig provides configuration options for the default Alertmanager instance that runs in the `openshift-monitoring` namespace. Use this configuration to control whether the default Alertmanager is deployed, how it logs, and how its pods are scheduled.", "logLevel": "logLevel defines the verbosity of logs emitted by Alertmanager. This field allows users to control the amount and severity of logs generated, which can be useful for debugging issues or reducing noise in production environments. Allowed values are Error, Warn, Info, and Debug. When set to Error, only errors will be logged. When set to Warn, both warnings and errors will be logged. When set to Info, general information, warnings, and errors will all be logged. When set to Debug, detailed debugging information will be logged. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default value is `Info`.", "nodeSelector": "nodeSelector defines the nodes on which the Pods are scheduled nodeSelector is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`.", - "resources": "resources defines the compute resource requests and limits for the Alertmanager container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 4m\n limit: null\n - name: memory\n request: 40Mi\n limit: null\nMaximum length for this list is 10. Minimum length for this list is 1.", + "resources": "resources defines the compute resource requests and limits for the Alertmanager container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 4m\n limit: null\n - name: memory\n request: 40Mi\n limit: null\nMaximum length for this list is 10. Minimum length for this list is 1. Each resource name must be unique within this list.", "secrets": "secrets defines a list of secrets that need to be mounted into the Alertmanager. The secrets must reside within the same namespace as the Alertmanager object. They will be added as volumes named secret- and mounted at /etc/alertmanager/secrets/ within the 'alertmanager' container of the Alertmanager Pods.\n\nThese secrets can be used to authenticate Alertmanager with endpoint receivers. For example, you can use secrets to: - Provide certificates for TLS authentication with receivers that require private CA certificates - Store credentials for Basic HTTP authentication with receivers that require password-based auth - Store any other authentication credentials needed by your alert receivers\n\nThis field is optional. Maximum length for this list is 10. Minimum length for this list is 1. Entries in this list must be unique.", - "tolerations": "tolerations defines tolerations for the pods. tolerations is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. Defaults are empty/unset. Maximum length for this list is 10 Minimum length for this list is 1", - "topologySpreadConstraints": "topologySpreadConstraints defines rules for how Alertmanager Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. Maximum length for this list is 10. Minimum length for this list is 1 Entries must have unique topologyKey and whenUnsatisfiable pairs.", + "tolerations": "tolerations defines tolerations for the pods. tolerations is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. Defaults are empty/unset. Maximum length for this list is 10. Minimum length for this list is 1.", + "topologySpreadConstraints": "topologySpreadConstraints defines rules for how Alertmanager Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. Maximum length for this list is 10. Minimum length for this list is 1. Entries must have unique topologyKey and whenUnsatisfiable pairs.", "volumeClaimTemplate": "volumeClaimTemplate Defines persistent storage for Alertmanager. Use this setting to configure the persistent volume claim, including storage class, volume size, and name. If omitted, the Pod uses ephemeral storage and alert data will not persist across restarts. This field is optional.", } @@ -174,10 +174,12 @@ func (ClusterMonitoringList) SwaggerDoc() map[string]string { } var map_ClusterMonitoringSpec = map[string]string{ - "": "ClusterMonitoringSpec defines the desired state of Cluster Monitoring Operator", - "userDefined": "userDefined set the deployment mode for user-defined monitoring in addition to the default platform monitoring. userDefined is optional. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default value is `Disabled`.", - "alertmanagerConfig": "alertmanagerConfig allows users to configure how the default Alertmanager instance should be deployed in the `openshift-monitoring` namespace. alertmanagerConfig is optional. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default value is `DefaultConfig`.", - "metricsServerConfig": "metricsServerConfig is an optional field that can be used to configure the Kubernetes Metrics Server that runs in the openshift-monitoring namespace. Specifically, it can configure how the Metrics Server instance is deployed, pod scheduling, its audit policy and log verbosity. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", + "": "ClusterMonitoringSpec defines the desired state of Cluster Monitoring Operator", + "userDefined": "userDefined set the deployment mode for user-defined monitoring in addition to the default platform monitoring. userDefined is optional. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default value is `Disabled`.", + "alertmanagerConfig": "alertmanagerConfig allows users to configure how the default Alertmanager instance should be deployed in the `openshift-monitoring` namespace. alertmanagerConfig is optional. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default value is `DefaultConfig`.", + "metricsServerConfig": "metricsServerConfig is an optional field that can be used to configure the Kubernetes Metrics Server that runs in the openshift-monitoring namespace. Specifically, it can configure how the Metrics Server instance is deployed, pod scheduling, its audit policy and log verbosity. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", + "prometheusOperatorConfig": "prometheusOperatorConfig is an optional field that can be used to configure the Prometheus Operator component. Specifically, it can configure how the Prometheus Operator instance is deployed, pod scheduling, and resource allocation. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", + "prometheusOperatorAdmissionWebhookConfig": "prometheusOperatorAdmissionWebhookConfig is an optional field that can be used to configure the admission webhook component of Prometheus Operator that runs in the openshift-monitoring namespace. The admission webhook validates PrometheusRule and AlertmanagerConfig objects to ensure they are semantically valid, mutates PrometheusRule annotations, and converts AlertmanagerConfig objects between API versions. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", } func (ClusterMonitoringSpec) SwaggerDoc() map[string]string { @@ -207,16 +209,39 @@ var map_MetricsServerConfig = map[string]string{ "": "MetricsServerConfig provides configuration options for the Metrics Server instance that runs in the `openshift-monitoring` namespace. Use this configuration to control how the Metrics Server instance is deployed, how it logs, and how its pods are scheduled.", "audit": "audit defines the audit configuration used by the Metrics Server instance. audit is optional. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default sets audit.profile to Metadata", "nodeSelector": "nodeSelector defines the nodes on which the Pods are scheduled nodeSelector is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`.", - "tolerations": "tolerations defines tolerations for the pods. tolerations is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. Defaults are empty/unset. Maximum length for this list is 10 Minimum length for this list is 1", + "tolerations": "tolerations defines tolerations for the pods. tolerations is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. Defaults are empty/unset. Maximum length for this list is 10. Minimum length for this list is 1.", "verbosity": "verbosity defines the verbosity of log messages for Metrics Server. Valid values are Errors, Info, Trace, TraceAll and omitted. When set to Errors, only critical messages and errors are logged. When set to Info, only basic information messages are logged. When set to Trace, information useful for general debugging is logged. When set to TraceAll, detailed information about metric scraping is logged. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default value is `Errors`", - "resources": "resources defines the compute resource requests and limits for the Metrics Server container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 4m\n limit: null\n - name: memory\n request: 40Mi\n limit: null\nMaximum length for this list is 10. Minimum length for this list is 1.", - "topologySpreadConstraints": "topologySpreadConstraints defines rules for how Metrics Server Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. Maximum length for this list is 10. Minimum length for this list is 1 Entries must have unique topologyKey and whenUnsatisfiable pairs.", + "resources": "resources defines the compute resource requests and limits for the Metrics Server container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 4m\n limit: null\n - name: memory\n request: 40Mi\n limit: null\nMaximum length for this list is 10. Minimum length for this list is 1. Each resource name must be unique within this list.", + "topologySpreadConstraints": "topologySpreadConstraints defines rules for how Metrics Server Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. Maximum length for this list is 10. Minimum length for this list is 1. Entries must have unique topologyKey and whenUnsatisfiable pairs.", } func (MetricsServerConfig) SwaggerDoc() map[string]string { return map_MetricsServerConfig } +var map_PrometheusOperatorAdmissionWebhookConfig = map[string]string{ + "": "PrometheusOperatorAdmissionWebhookConfig provides configuration options for the admission webhook component of Prometheus Operator that runs in the `openshift-monitoring` namespace. The admission webhook validates PrometheusRule and AlertmanagerConfig objects, mutates PrometheusRule annotations, and converts AlertmanagerConfig objects between API versions.", + "resources": "resources defines the compute resource requests and limits for the prometheus-operator-admission-webhook container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 5m\n limit: null\n - name: memory\n request: 30Mi\n limit: null\nMaximum length for this list is 10. Minimum length for this list is 1. Each resource name must be unique within this list.", + "topologySpreadConstraints": "topologySpreadConstraints defines rules for how admission webhook Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. Maximum length for this list is 10. Minimum length for this list is 1. Entries must have unique topologyKey and whenUnsatisfiable pairs.", +} + +func (PrometheusOperatorAdmissionWebhookConfig) SwaggerDoc() map[string]string { + return map_PrometheusOperatorAdmissionWebhookConfig +} + +var map_PrometheusOperatorConfig = map[string]string{ + "": "PrometheusOperatorConfig provides configuration options for the Prometheus Operator instance Use this configuration to control how the Prometheus Operator instance is deployed, how it logs, and how its pods are scheduled.", + "logLevel": "logLevel defines the verbosity of logs emitted by Prometheus Operator. This field allows users to control the amount and severity of logs generated, which can be useful for debugging issues or reducing noise in production environments. Allowed values are Error, Warn, Info, and Debug. When set to Error, only errors will be logged. When set to Warn, both warnings and errors will be logged. When set to Info, general information, warnings, and errors will all be logged. When set to Debug, detailed debugging information will be logged. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default value is `Info`.", + "nodeSelector": "nodeSelector defines the nodes on which the Pods are scheduled nodeSelector is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`. When specified, nodeSelector must contain at least 1 entry and must not contain more than 10 entries.", + "resources": "resources defines the compute resource requests and limits for the Prometheus Operator container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 4m\n limit: null\n - name: memory\n request: 40Mi\n limit: null\nMaximum length for this list is 10. Minimum length for this list is 1. Each resource name must be unique within this list.", + "tolerations": "tolerations defines tolerations for the pods. tolerations is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. Defaults are empty/unset. Maximum length for this list is 10. Minimum length for this list is 1.", + "topologySpreadConstraints": "topologySpreadConstraints defines rules for how Prometheus Operator Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. Maximum length for this list is 10. Minimum length for this list is 1. Entries must have unique topologyKey and whenUnsatisfiable pairs.", +} + +func (PrometheusOperatorConfig) SwaggerDoc() map[string]string { + return map_PrometheusOperatorConfig +} + var map_UserDefinedMonitoring = map[string]string{ "": "UserDefinedMonitoring config for user-defined projects.", "mode": "mode defines the different configurations of UserDefinedMonitoring Valid values are Disabled and NamespaceIsolated Disabled disables monitoring for user-defined projects. This restricts the default monitoring stack, installed in the openshift-monitoring project, to monitor only platform namespaces, which prevents any custom monitoring configurations or resources from being applied to user-defined namespaces. NamespaceIsolated enables monitoring for user-defined projects with namespace-scoped tenancy. This ensures that metrics, alerts, and monitoring data are isolated at the namespace level. The current default value is `Disabled`.", @@ -226,6 +251,44 @@ func (UserDefinedMonitoring) SwaggerDoc() map[string]string { return map_UserDefinedMonitoring } +var map_CRIOCredentialProviderConfig = map[string]string{ + "": "CRIOCredentialProviderConfig holds cluster-wide singleton resource configurations for CRI-O credential provider, the name of this instance is \"cluster\". CRI-O credential provider is a binary shipped with CRI-O that provides a way to obtain container image pull credentials from external sources. For example, it can be used to fetch mirror registry credentials from secrets resources in the cluster within the same namespace the pod will be running in. CRIOCredentialProviderConfig configuration specifies the pod image sources registries that should trigger the CRI-O credential provider execution, which will resolve the CRI-O mirror configurations and obtain the necessary credentials for pod creation. Note: Configuration changes will only take effect after the kubelet restarts, which is automatically managed by the cluster during rollout.\n\nThe resource is a singleton named \"cluster\".\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "spec": "spec defines the desired configuration of the CRI-O Credential Provider. This field is required and must be provided when creating the resource.", + "status": "status represents the current state of the CRIOCredentialProviderConfig. When omitted or nil, it indicates that the status has not yet been set by the controller. The controller will populate this field with validation conditions and operational state.", +} + +func (CRIOCredentialProviderConfig) SwaggerDoc() map[string]string { + return map_CRIOCredentialProviderConfig +} + +var map_CRIOCredentialProviderConfigList = map[string]string{ + "": "CRIOCredentialProviderConfigList contains a list of CRIOCredentialProviderConfig resources\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "metadata": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", +} + +func (CRIOCredentialProviderConfigList) SwaggerDoc() map[string]string { + return map_CRIOCredentialProviderConfigList +} + +var map_CRIOCredentialProviderConfigSpec = map[string]string{ + "": "CRIOCredentialProviderConfigSpec defines the desired configuration of the CRI-O Credential Provider.", + "matchImages": "matchImages is a list of string patterns used to determine whether the CRI-O credential provider should be invoked for a given image. This list is passed to the kubelet CredentialProviderConfig, and if any pattern matches the requested image, CRI-O credential provider will be invoked to obtain credentials for pulling that image or its mirrors. Depending on the platform, the CRI-O credential provider may be installed alongside an existing platform specific provider. Conflicts between the existing platform specific provider image match configuration and this list will be handled by the following precedence rule: credentials from built-in kubelet providers (e.g., ECR, GCR, ACR) take precedence over those from the CRIOCredentialProviderConfig when both match the same image. To avoid uncertainty, it is recommended to avoid configuring your private image patterns to overlap with existing platform specific provider config(e.g., the entries from https://github.com/openshift/machine-config-operator/blob/main/templates/common/aws/files/etc-kubernetes-credential-providers-ecr-credential-provider.yaml). You can check the resource's Status conditions to see if any entries were ignored due to exact matches with known built-in provider patterns.\n\nThis field is optional, the items of the list must contain between 1 and 50 entries. The list is treated as a set, so duplicate entries are not allowed.\n\nFor more details, see: https://kubernetes.io/docs/tasks/administer-cluster/kubelet-credential-provider/ https://github.com/cri-o/crio-credential-provider#architecture\n\nEach entry in matchImages is a pattern which can optionally contain a port and a path. Each entry must be no longer than 512 characters. Wildcards ('*') are supported for full subdomain labels, such as '*.k8s.io' or 'k8s.*.io', and for top-level domains, such as 'k8s.*' (which matches 'k8s.io' or 'k8s.net'). A global wildcard '*' (matching any domain) is not allowed. Wildcards may replace an entire hostname label (e.g., *.example.com), but they cannot appear within a label (e.g., f*oo.example.com) and are not allowed in the port or path. For example, 'example.*.com' is valid, but 'exa*mple.*.com' is not. Each wildcard matches only a single domain label, so '*.io' does **not** match '*.k8s.io'.\n\nA match exists between an image and a matchImage when all of the below are true: Both contain the same number of domain parts and each part matches. The URL path of an matchImages must be a prefix of the target image URL path. If the matchImages contains a port, then the port must match in the image as well.\n\nExample values of matchImages: - 123456789.dkr.ecr.us-east-1.amazonaws.com - *.azurecr.io - gcr.io - *.*.registry.io - registry.io:8080/path", +} + +func (CRIOCredentialProviderConfigSpec) SwaggerDoc() map[string]string { + return map_CRIOCredentialProviderConfigSpec +} + +var map_CRIOCredentialProviderConfigStatus = map[string]string{ + "": "CRIOCredentialProviderConfigStatus defines the observed state of CRIOCredentialProviderConfig", + "conditions": "conditions represent the latest available observations of the configuration state. When omitted, it indicates that no conditions have been reported yet. The maximum number of conditions is 16. Conditions are stored as a map keyed by condition type, ensuring uniqueness.\n\nExpected condition types include: \"Validated\": indicates whether the matchImages configuration is valid", +} + +func (CRIOCredentialProviderConfigStatus) SwaggerDoc() map[string]string { + return map_CRIOCredentialProviderConfigStatus +} + var map_ImagePolicy = map[string]string{ "": "ImagePolicy holds namespace-wide configuration for image signature verification\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", diff --git a/vendor/github.com/openshift/api/config/v1alpha2/types_insights.go b/vendor/github.com/openshift/api/config/v1alpha2/types_insights.go index d59f5920b1ff..fbe666249a14 100644 --- a/vendor/github.com/openshift/api/config/v1alpha2/types_insights.go +++ b/vendor/github.com/openshift/api/config/v1alpha2/types_insights.go @@ -16,6 +16,7 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" // +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=config-operator,operatorOrdering=01 // +openshift:enable:FeatureGate=InsightsConfig // +openshift:compatibility-gen:level=4 +// +openshift:capability=Insights type InsightsDataGather struct { metav1.TypeMeta `json:",inline"` // metadata is the standard object's metadata. diff --git a/vendor/github.com/openshift/api/config/v1alpha2/zz_generated.featuregated-crd-manifests.yaml b/vendor/github.com/openshift/api/config/v1alpha2/zz_generated.featuregated-crd-manifests.yaml index 99fe308ef811..1f73e723eb33 100644 --- a/vendor/github.com/openshift/api/config/v1alpha2/zz_generated.featuregated-crd-manifests.yaml +++ b/vendor/github.com/openshift/api/config/v1alpha2/zz_generated.featuregated-crd-manifests.yaml @@ -2,7 +2,7 @@ insightsdatagathers.config.openshift.io: Annotations: {} ApprovedPRNumber: https://github.com/openshift/api/pull/2195 CRDName: insightsdatagathers.config.openshift.io - Capability: "" + Capability: Insights Category: "" FeatureGates: - InsightsConfig diff --git a/vendor/github.com/openshift/api/console/v1/types_console_sample.go b/vendor/github.com/openshift/api/console/v1/types_console_sample.go index bd0f6569699a..c296059b7e93 100644 --- a/vendor/github.com/openshift/api/console/v1/types_console_sample.go +++ b/vendor/github.com/openshift/api/console/v1/types_console_sample.go @@ -125,7 +125,8 @@ type ConsoleSampleSpec struct { // ConsoleSampleSourceType is an enumeration of the supported sample types. // Unsupported samples types will be ignored in the web console. -// +kubebuilder:validation:Enum:=GitImport;ContainerImport +// +kubebuilder:validation:Enum:="GitImport";"ContainerImport" +// +enum type ConsoleSampleSourceType string const ( @@ -144,7 +145,6 @@ type ConsoleSampleSource struct { // type of the sample, currently supported: "GitImport";"ContainerImport" // +unionDiscriminator // +required - // +kubebuilder:validation:Enum:="GitImport";"ContainerImport" Type ConsoleSampleSourceType `json:"type"` // gitImport allows the user to import code from a git repository. diff --git a/vendor/github.com/openshift/api/etcd/README.md b/vendor/github.com/openshift/api/etcd/README.md new file mode 100644 index 000000000000..b92d553df7e7 --- /dev/null +++ b/vendor/github.com/openshift/api/etcd/README.md @@ -0,0 +1,211 @@ +# etcd.openshift.io API Group + +This API group contains CRDs related to etcd cluster management in Two Node OpenShift with Fencing deployments. + +## API Versions + +### v1alpha1 + +Contains the `PacemakerCluster` custom resource for monitoring Pacemaker cluster health in Two Node OpenShift with Fencing deployments. + +#### PacemakerCluster + +- **Feature Gate**: `DualReplica` +- **Component**: `two-node-fencing` +- **Scope**: Cluster-scoped singleton resource (must be named "cluster") +- **Resource Path**: `pacemakerclusters.etcd.openshift.io` + +The `PacemakerCluster` resource provides visibility into the health and status of a Pacemaker-managed cluster. +It is periodically updated by the cluster-etcd-operator's status collector. + +### Status Subresource Design + +This resource uses the standard Kubernetes status subresource pattern (`+kubebuilder:subresource:status`). +The status collector creates the resource without status, then immediately populates it via the `/status` endpoint. + +**Why not atomic create-with-status?** + +We initially explored removing the status subresource to allow creating the resource with status in a single +atomic operation. This would ensure the resource is never observed in an incomplete state. However: + +1. The Kubernetes API server strips the `status` field from create requests when a status subresource is enabled +2. Without the subresource, we cannot use separate RBAC for spec vs status updates +3. The OpenShift API test framework assumes status subresource exists for status update tests + +The status collector performs a two-step operation: create resource, then immediately update status. +The brief window where status is empty is acceptable since the healthcheck controller handles missing status gracefully. + +### Pacemaker Resources + +A **pacemaker resource** is a unit of work managed by pacemaker. In pacemaker terminology, resources are services +or applications that pacemaker monitors, starts, stops, and moves between nodes to maintain high availability. + +For Two Node OpenShift with Fencing, we manage three resource types: +- **Kubelet**: The Kubernetes node agent and a prerequisite for etcd +- **Etcd**: The distributed key-value store +- **FencingAgent**: Used to isolate failed nodes during a quorum loss event (tracked separately) + +### Status Structure + +```yaml +status: # Optional on creation, populated via status subresource + conditions: # Required when status present (min 3 items) + - type: Healthy + - type: InService + - type: NodeCountAsExpected + lastUpdated: # Required when status present, cannot decrease + nodes: # Control-plane nodes (0-5, expects 2 for TNF) + - nodeName: # RFC 1123 subdomain name + addresses: # Required: List of node addresses (1-8 items) + - type: InternalIP # Currently only InternalIP is supported + address: # First address used for etcd peer URLs + conditions: # Required: Node-level conditions (min 9 items) + - type: Healthy + - type: Online + - type: InService + - type: Active + - type: Ready + - type: Clean + - type: Member + - type: FencingAvailable + - type: FencingHealthy + resources: # Required: Pacemaker resources on this node (min 2) + - name: Kubelet # Both Kubelet and Etcd must be present + conditions: # Required: Resource-level conditions (min 8 items) + - type: Healthy + - type: InService + - type: Managed + - type: Enabled + - type: Operational + - type: Active + - type: Started + - type: Schedulable + - name: Etcd + conditions: [...] # Same 8 conditions as Kubelet (abbreviated) + fencingAgents: # Required: Fencing agents for THIS node (1-8) + - name: # e.g., "master-0_redfish" (unique, max 300 chars) + method: # Fencing method: "Redfish" or "IPMI" + conditions: [...] # Same 8 conditions as resources (abbreviated) +``` + +### Fencing Agents + +Fencing agents are STONITH (Shoot The Other Node In The Head) devices used to isolate failed nodes. +Unlike regular pacemaker resources (Kubelet, Etcd), fencing agents are tracked separately because: + +1. **Mapping by target, not schedule**: Resources are mapped to the node where they are scheduled to run. + Fencing agents are mapped to the node they can *fence* (their target), regardless of which node + their monitoring operations are scheduled on. + +2. **Multiple agents per node**: A node can have multiple fencing agents for redundancy + (e.g., both Redfish and IPMI). Expected: 1 per node, supported: up to 8. + +3. **Health tracking via two node-level conditions**: + - **FencingAvailable**: True if at least one agent is healthy (fencing works), False if all agents unhealthy (degrades operator) + - **FencingHealthy**: True if all agents are healthy (ideal state), False if any agent is unhealthy (emits warning events) + +### Cluster-Level Conditions + +| Condition | True | False | +|-----------|------|-------| +| `Healthy` | Cluster is healthy (`ClusterHealthy`) | Cluster has issues (`ClusterUnhealthy`) | +| `InService` | In service (`InService`) | In maintenance (`InMaintenance`) | +| `NodeCountAsExpected` | Node count is as expected (`AsExpected`) | Wrong count (`InsufficientNodes`, `ExcessiveNodes`) | + +### Node-Level Conditions + +| Condition | True | False | +|-----------|------|-------| +| `Healthy` | Node is healthy (`NodeHealthy`) | Node has issues (`NodeUnhealthy`) | +| `Online` | Node is online (`Online`) | Node is offline (`Offline`) | +| `InService` | In service (`InService`) | In maintenance (`InMaintenance`) | +| `Active` | Node is active (`Active`) | Node is in standby (`Standby`) | +| `Ready` | Node is ready (`Ready`) | Node is pending (`Pending`) | +| `Clean` | Node is clean (`Clean`) | Node is unclean (`Unclean`) | +| `Member` | Node is a member (`Member`) | Not a member (`NotMember`) | +| `FencingAvailable` | At least one agent healthy (`FencingAvailable`) | All agents unhealthy (`FencingUnavailable`) - degrades operator | +| `FencingHealthy` | All agents healthy (`FencingHealthy`) | Some agents unhealthy (`FencingUnhealthy`) - emits warnings | + +### Resource-Level Conditions + +Each resource in the `resources` array and each fencing agent in the `fencingAgents` array has its own conditions. + +| Condition | True | False | +|-----------|------|-------| +| `Healthy` | Resource is healthy (`ResourceHealthy`) | Resource has issues (`ResourceUnhealthy`) | +| `InService` | In service (`InService`) | In maintenance (`InMaintenance`) | +| `Managed` | Managed by pacemaker (`Managed`) | Not managed (`Unmanaged`) | +| `Enabled` | Resource is enabled (`Enabled`) | Resource is disabled (`Disabled`) | +| `Operational` | Resource is operational (`Operational`) | Resource has failed (`Failed`) | +| `Active` | Resource is active (`Active`) | Resource is not active (`Inactive`) | +| `Started` | Resource is started (`Started`) | Resource is stopped (`Stopped`) | +| `Schedulable` | Resource is schedulable (`Schedulable`) | Resource is not schedulable (`Unschedulable`) | + +### Validation Rules + +**Resource naming:** +- Resource name must be "cluster" (singleton) + +**Node name validation:** +- Must be a lowercase RFC 1123 subdomain name +- Consists of lowercase alphanumeric characters, '-' or '.' +- Must start and end with an alphanumeric character +- Maximum 253 characters + +**Node addresses:** +- Uses `PacemakerNodeAddress` type (similar to `corev1.NodeAddress` but with IP validation) +- Currently only `InternalIP` type is supported +- Pacemaker allows multiple addresses for Corosync communication between nodes (1-8 addresses) +- The first address in the list is used for IP-based peer URLs for etcd membership +- IP validation: + - Must be a valid global unicast IPv4 or IPv6 address + - Must be in canonical form (e.g., `192.168.1.1` not `192.168.001.001`, or `2001:db8::1` not `2001:0db8::1`) + - Excludes loopback, link-local, and multicast addresses + - Maximum length is 39 characters (full IPv6 address) + +**Timestamp validation:** +- `lastUpdated` is required when status is present +- Once set, cannot be set to an earlier timestamp (validation uses `!has(oldSelf.lastUpdated)` to handle initial creation) +- Timestamps must always increase (prevents stale updates from overwriting newer data) + +**Status fields:** +- `status` - Optional on creation (pointer type), populated via status subresource +- When status is present, all fields within are required: + - `conditions` - Required array of cluster conditions (min 3 items) + - `lastUpdated` - Required timestamp for staleness detection + - `nodes` - Required array of control-plane node statuses (min 0, max 5; empty allowed for catastrophic failures) + +**Node fields (when node present):** +- `nodeName` - Required, RFC 1123 subdomain +- `addresses` - Required (min 1, max 8 items) +- `conditions` - Required (min 9 items with specific types enforced via XValidation) +- `resources` - Required (min 2 items: Kubelet and Etcd) +- `fencingAgents` - Required (min 1, max 8 items) + +**Conditions validation:** +- Cluster-level: MinItems=3 (Healthy, InService, NodeCountAsExpected) +- Node-level: MinItems=9 (Healthy, Online, InService, Active, Ready, Clean, Member, FencingAvailable, FencingHealthy) +- Resource-level: MinItems=8 (Healthy, InService, Managed, Enabled, Operational, Active, Started, Schedulable) +- Fencing agent-level: MinItems=8 (same conditions as resources) + +All condition arrays have XValidation rules to ensure specific condition types are present. + +**Resource names:** +- Valid values are: `Kubelet`, `Etcd` +- Both resources must be present in each node's `resources` array + +**Fencing agent fields:** +- `name`: Unique identifier for the fencing agent (e.g., "master-0_redfish") + - Must be unique within the `fencingAgents` array + - May contain alphanumeric characters, dots, hyphens, and underscores (`^[a-zA-Z0-9._-]+$`) + - Maximum 300 characters (provides headroom beyond 253 node name + underscore + method) +- `method`: Fencing method enum - valid values are `Redfish` or `IPMI` +- `conditions`: Required, same 8 conditions as resources + +Note: The target node is implied by the parent `PacemakerClusterNodeStatus` - fencing agents are nested under the node they can fence. + +### Usage + +The cluster-etcd-operator healthcheck controller watches this resource and updates operator conditions based on +the cluster state. The aggregate `Healthy` conditions at each level (cluster, node, resource) provide a quick +way to determine overall health. diff --git a/vendor/github.com/openshift/api/etcd/install.go b/vendor/github.com/openshift/api/etcd/install.go new file mode 100644 index 000000000000..7e7474152c4e --- /dev/null +++ b/vendor/github.com/openshift/api/etcd/install.go @@ -0,0 +1,26 @@ +package etcd + +import ( + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" + + v1alpha1 "github.com/openshift/api/etcd/v1alpha1" +) + +const ( + GroupName = "etcd.openshift.io" +) + +var ( + schemeBuilder = runtime.NewSchemeBuilder(v1alpha1.Install) + // Install is a function which adds every version of this group to a scheme + Install = schemeBuilder.AddToScheme +) + +func Resource(resource string) schema.GroupResource { + return schema.GroupResource{Group: GroupName, Resource: resource} +} + +func Kind(kind string) schema.GroupKind { + return schema.GroupKind{Group: GroupName, Kind: kind} +} diff --git a/vendor/github.com/openshift/api/etcd/v1alpha1/Makefile b/vendor/github.com/openshift/api/etcd/v1alpha1/Makefile new file mode 100644 index 000000000000..3d019662af64 --- /dev/null +++ b/vendor/github.com/openshift/api/etcd/v1alpha1/Makefile @@ -0,0 +1,3 @@ +.PHONY: test +test: + make -C ../../tests test GINKGO_EXTRA_ARGS=--focus="etcd.openshift.io/v1alpha1" diff --git a/vendor/github.com/openshift/api/etcd/v1alpha1/doc.go b/vendor/github.com/openshift/api/etcd/v1alpha1/doc.go new file mode 100644 index 000000000000..aea92fb381aa --- /dev/null +++ b/vendor/github.com/openshift/api/etcd/v1alpha1/doc.go @@ -0,0 +1,6 @@ +// +k8s:deepcopy-gen=package,register +// +k8s:defaulter-gen=TypeMeta +// +k8s:openapi-gen=true +// +openshift:featuregated-schema-gen=true +// +groupName=etcd.openshift.io +package v1alpha1 diff --git a/vendor/github.com/openshift/api/etcd/v1alpha1/register.go b/vendor/github.com/openshift/api/etcd/v1alpha1/register.go new file mode 100644 index 000000000000..1dc6482f832d --- /dev/null +++ b/vendor/github.com/openshift/api/etcd/v1alpha1/register.go @@ -0,0 +1,39 @@ +package v1alpha1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" +) + +var ( + GroupName = "etcd.openshift.io" + GroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"} + schemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) + // Install is a function which adds this version to a scheme + Install = schemeBuilder.AddToScheme + + // SchemeGroupVersion generated code relies on this name + // Deprecated + SchemeGroupVersion = GroupVersion + // AddToScheme exists solely to keep the old generators creating valid code + // DEPRECATED + AddToScheme = schemeBuilder.AddToScheme +) + +// Resource generated code relies on this being here, but it logically belongs to the group +// DEPRECATED +func Resource(resource string) schema.GroupResource { + return schema.GroupResource{Group: GroupName, Resource: resource} +} + +func addKnownTypes(scheme *runtime.Scheme) error { + metav1.AddToGroupVersion(scheme, GroupVersion) + + scheme.AddKnownTypes(GroupVersion, + &PacemakerCluster{}, + &PacemakerClusterList{}, + ) + + return nil +} diff --git a/vendor/github.com/openshift/api/etcd/v1alpha1/types_pacemakercluster.go b/vendor/github.com/openshift/api/etcd/v1alpha1/types_pacemakercluster.go new file mode 100644 index 000000000000..ab06d0e3904e --- /dev/null +++ b/vendor/github.com/openshift/api/etcd/v1alpha1/types_pacemakercluster.go @@ -0,0 +1,736 @@ +package v1alpha1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// PacemakerCluster is used in Two Node OpenShift with Fencing deployments to monitor the health +// of etcd running under pacemaker. + +// Cluster-level condition types for PacemakerCluster.status.conditions +const ( + // ClusterHealthyConditionType tracks the overall health of the pacemaker cluster. + // This is an aggregate condition that reflects the health of all cluster-level conditions and node health. + // Specifically, it aggregates the following conditions: + // - ClusterInServiceConditionType + // - ClusterNodeCountAsExpectedConditionType + // - NodeHealthyConditionType (for each node) + // When True, the cluster is healthy with reason "ClusterHealthy". + // When False, the cluster is unhealthy with reason "ClusterUnhealthy". + ClusterHealthyConditionType = "Healthy" + + // ClusterInServiceConditionType tracks whether the cluster is in service (not in maintenance mode). + // Maintenance mode is a cluster-wide setting that prevents pacemaker from starting or stopping resources. + // When True, the cluster is in service with reason "InService". This is the normal operating state. + // When False, the cluster is in maintenance mode with reason "InMaintenance". This is an unexpected state. + ClusterInServiceConditionType = "InService" + + // ClusterNodeCountAsExpectedConditionType tracks whether the cluster has the expected number of nodes. + // For Two Node OpenShift with Fencing, we are expecting exactly 2 nodes. + // When True, the expected number of nodes are present with reason "AsExpected". + // When False, the node count is incorrect with reason "InsufficientNodes" or "ExcessiveNodes". + ClusterNodeCountAsExpectedConditionType = "NodeCountAsExpected" +) + +// ClusterHealthy condition reasons +const ( + // ClusterHealthyReasonHealthy means the pacemaker cluster is healthy and operating normally. + ClusterHealthyReasonHealthy = "ClusterHealthy" + + // ClusterHealthyReasonUnhealthy means the pacemaker cluster has issues that need investigation. + ClusterHealthyReasonUnhealthy = "ClusterUnhealthy" +) + +// ClusterInService condition reasons +const ( + // ClusterInServiceReasonInService means the cluster is in service (not in maintenance mode). + // This is the normal operating state. + ClusterInServiceReasonInService = "InService" + + // ClusterInServiceReasonInMaintenance means the cluster is in maintenance mode. + // In maintenance mode, pacemaker will not start or stop any resources. Entering and exiting this state requires + // manual user intervention, and is unexpected during normal cluster operation. + ClusterInServiceReasonInMaintenance = "InMaintenance" +) + +// ClusterNodeCountAsExpected condition reasons +const ( + // ClusterNodeCountAsExpectedReasonAsExpected means the expected number of nodes are present. + // For Two Node OpenShift with Fencing, we are expecting exactly 2 nodes. This is the expected healthy state. + ClusterNodeCountAsExpectedReasonAsExpected = "AsExpected" + + // ClusterNodeCountAsExpectedReasonInsufficientNodes means fewer nodes than expected are present. + // For Two Node OpenShift with Fencing, this means that less than 2 nodes are present. Under normal operation, this will only happen during + // a node replacement operation. It's also possible to enter this state with manual user intervention, but + // will also require user intervention to restore normal functionality. + ClusterNodeCountAsExpectedReasonInsufficientNodes = "InsufficientNodes" + + // ClusterNodeCountAsExpectedReasonExcessiveNodes means more nodes than expected are present. + // For Two Node OpenShift with Fencing, this means more than 2 nodes are present. This should be investigated as it is unexpected and should + // never happen during normal cluster operation. It is possible to enter this state with manual user intervention, + // but will also require user intervention to restore normal functionality. + ClusterNodeCountAsExpectedReasonExcessiveNodes = "ExcessiveNodes" +) + +// Node-level condition types for PacemakerCluster.status.nodes[].conditions +const ( + // NodeHealthyConditionType tracks the overall health of a node in the pacemaker cluster. + // This is an aggregate condition that reflects the health of all node-level conditions and resource health. + // Specifically, it aggregates the following conditions: + // - NodeOnlineConditionType + // - NodeInServiceConditionType + // - NodeActiveConditionType + // - NodeReadyConditionType + // - NodeCleanConditionType + // - NodeMemberConditionType + // - NodeFencingAvailableConditionType + // - NodeFencingHealthyConditionType + // - ResourceHealthyConditionType (for each resource in the node's resources list) + // When True, the node is healthy with reason "NodeHealthy". + // When False, the node is unhealthy with reason "NodeUnhealthy". + NodeHealthyConditionType = "Healthy" + + // NodeOnlineConditionType tracks whether a node is online. + // When True, the node is online with reason "Online". This is the normal operating state. + // When False, the node is offline with reason "Offline". This can occur during reboots, failures, maintenance, or replacement. + NodeOnlineConditionType = "Online" + + // NodeInServiceConditionType tracks whether a node is in service (not in maintenance mode). + // A node in maintenance mode is ignored by pacemaker while maintenance mode is active. + // When True, the node is in service with reason "InService". This is the normal operating state. + // When False, the node is in maintenance mode with reason "InMaintenance". This is an unexpected state. + NodeInServiceConditionType = "InService" + + // NodeActiveConditionType tracks whether a node is active (not in standby mode). + // When a node enters standby mode, pacemaker moves its resources to other nodes in the cluster. + // In Two Node OpenShift with Fencing, we do not use standby mode during normal operation. + // When True, the node is active with reason "Active". This is the normal operating state. + // When False, the node is in standby mode with reason "Standby". This is an unexpected state. + NodeActiveConditionType = "Active" + + // NodeReadyConditionType tracks whether a node is ready (not in a pending state). + // A node in a pending state is in the process of joining or leaving the cluster. + // When True, the node is ready with reason "Ready". This is the normal operating state. + // When False, the node is pending with reason "Pending". This is expected to be temporary. + NodeReadyConditionType = "Ready" + + // NodeCleanConditionType tracks whether a node is in a clean state. + // An unclean state means that pacemaker was unable to confirm the node's state, which signifies issues + // in fencing, communication, or configuration. + // When True, the node is clean with reason "Clean". This is the normal operating state. + // When False, the node is unclean with reason "Unclean". This is an unexpected state. + NodeCleanConditionType = "Clean" + + // NodeMemberConditionType tracks whether a node is a member of the cluster. + // Some configurations may use remote nodes or ping nodes, which are nodes that are not members. + // For Two Node OpenShift with Fencing, we expect both nodes to be members. + // When True, the node is a member with reason "Member". This is the normal operating state. + // When False, the node is not a member with reason "NotMember". This is an unexpected state. + NodeMemberConditionType = "Member" + + // NodeFencingAvailableConditionType tracks whether a node can be fenced by at least one fencing agent. + // For Two Node OpenShift with Fencing, each node needs at least one healthy fencing agent to ensure + // that the cluster can recover from a node failure via STONITH (Shoot The Other Node In The Head). + // When True, at least one fencing agent is healthy with reason "FencingAvailable". + // When False, all fencing agents are unhealthy with reason "FencingUnavailable". This is a critical + // state that should degrade the operator. + NodeFencingAvailableConditionType = "FencingAvailable" + + // NodeFencingHealthyConditionType tracks whether all fencing agents for a node are healthy. + // This is an aggregate condition that reflects the health of all fencing agents targeting this node. + // When True, all fencing agents are healthy with reason "FencingHealthy". + // When False, one or more fencing agents are unhealthy with reason "FencingUnhealthy". Warning events + // should be emitted for failing agents, but the operator should not be degraded if FencingAvailable is True. + NodeFencingHealthyConditionType = "FencingHealthy" +) + +// NodeHealthy condition reasons +const ( + // NodeHealthyReasonHealthy means the node is healthy and operating normally. + NodeHealthyReasonHealthy = "NodeHealthy" + + // NodeHealthyReasonUnhealthy means the node has issues that need investigation. + NodeHealthyReasonUnhealthy = "NodeUnhealthy" +) + +// NodeOnline condition reasons +const ( + // NodeOnlineReasonOnline means the node is online. This is the normal operating state. + NodeOnlineReasonOnline = "Online" + + // NodeOnlineReasonOffline means the node is offline. + NodeOnlineReasonOffline = "Offline" +) + +// NodeInService condition reasons +const ( + // NodeInServiceReasonInService means the node is in service (not in maintenance mode). + // This is the normal operating state. + NodeInServiceReasonInService = "InService" + + // NodeInServiceReasonInMaintenance means the node is in maintenance mode. + // This is an unexpected state. + NodeInServiceReasonInMaintenance = "InMaintenance" +) + +// NodeActive condition reasons +const ( + // NodeActiveReasonActive means the node is active (not in standby mode). + // This is the normal operating state. + NodeActiveReasonActive = "Active" + + // NodeActiveReasonStandby means the node is in standby mode. + // This is an unexpected state. + NodeActiveReasonStandby = "Standby" +) + +// NodeReady condition reasons +const ( + // NodeReadyReasonReady means the node is ready (not in a pending state). + // This is the normal operating state. + NodeReadyReasonReady = "Ready" + + // NodeReadyReasonPending means the node is joining or leaving the cluster. + // This state is expected to be temporary. + NodeReadyReasonPending = "Pending" +) + +// NodeClean condition reasons +const ( + // NodeCleanReasonClean means the node is in a clean state. + // This is the normal operating state. + NodeCleanReasonClean = "Clean" + + // NodeCleanReasonUnclean means the node is in an unclean state. + // Pacemaker was unable to confirm the node's state, which signifies issues in fencing, communication, or configuration. + // This is an unexpected state. + NodeCleanReasonUnclean = "Unclean" +) + +// NodeMember condition reasons +const ( + // NodeMemberReasonMember means the node is a member of the cluster. + // For Two Node OpenShift with Fencing, we expect both nodes to be members. This is the normal operating state. + NodeMemberReasonMember = "Member" + + // NodeMemberReasonNotMember means the node is not a member of the cluster. + // This is an unexpected state. + NodeMemberReasonNotMember = "NotMember" +) + +// NodeFencingAvailable condition reasons +const ( + // NodeFencingAvailableReasonAvailable means at least one fencing agent for this node is healthy. + // The cluster can fence this node if needed. This is the normal operating state. + NodeFencingAvailableReasonAvailable = "FencingAvailable" + + // NodeFencingAvailableReasonUnavailable means all fencing agents for this node are unhealthy. + // The cluster cannot fence this node, which compromises high availability. + // This is a critical state that should degrade the operator. + NodeFencingAvailableReasonUnavailable = "FencingUnavailable" +) + +// NodeFencingHealthy condition reasons +const ( + // NodeFencingHealthyReasonHealthy means all fencing agents for this node are healthy. + // This is the ideal operating state with full redundancy. + NodeFencingHealthyReasonHealthy = "FencingHealthy" + + // NodeFencingHealthyReasonUnhealthy means one or more fencing agents for this node are unhealthy. + // Warning events should be emitted for failing agents, but the operator should not be degraded + // if FencingAvailable is still True. + NodeFencingHealthyReasonUnhealthy = "FencingUnhealthy" +) + +// Resource-level condition types for PacemakerCluster.status.nodes[].resources[].conditions +const ( + // ResourceHealthyConditionType tracks the overall health of a pacemaker resource. + // This is an aggregate condition that reflects the health of all resource-level conditions. + // Specifically, it aggregates the following conditions: + // - ResourceInServiceConditionType + // - ResourceManagedConditionType + // - ResourceEnabledConditionType + // - ResourceOperationalConditionType + // - ResourceActiveConditionType + // - ResourceStartedConditionType + // - ResourceSchedulableConditionType + // When True, the resource is healthy with reason "ResourceHealthy". + // When False, the resource is unhealthy with reason "ResourceUnhealthy". + ResourceHealthyConditionType = "Healthy" + + // ResourceInServiceConditionType tracks whether a resource is in service (not in maintenance mode). + // Resources in maintenance mode are not monitored or moved by pacemaker. + // In Two Node OpenShift with Fencing, we do not expect any resources to be in maintenance mode. + // When True, the resource is in service with reason "InService". This is the normal operating state. + // When False, the resource is in maintenance mode with reason "InMaintenance". This is an unexpected state. + ResourceInServiceConditionType = "InService" + + // ResourceManagedConditionType tracks whether a resource is managed by pacemaker. + // Resources that are not managed by pacemaker are effectively invisible to the pacemaker HA logic. + // For Two Node OpenShift with Fencing, all resources are expected to be managed. + // When True, the resource is managed with reason "Managed". This is the normal operating state. + // When False, the resource is not managed with reason "Unmanaged". This is an unexpected state. + ResourceManagedConditionType = "Managed" + + // ResourceEnabledConditionType tracks whether a resource is enabled. + // Resources that are disabled are stopped and not automatically managed or started by the cluster. + // In Two Node OpenShift with Fencing, we do not expect any resources to be disabled. + // When True, the resource is enabled with reason "Enabled". This is the normal operating state. + // When False, the resource is disabled with reason "Disabled". This is an unexpected state. + ResourceEnabledConditionType = "Enabled" + + // ResourceOperationalConditionType tracks whether a resource is operational (not failed). + // A failed resource is one that is not able to start or is in an error state. + // When True, the resource is operational with reason "Operational". This is the normal operating state. + // When False, the resource has failed with reason "Failed". This is an unexpected state. + ResourceOperationalConditionType = "Operational" + + // ResourceActiveConditionType tracks whether a resource is active. + // An active resource is running on a cluster node. + // In Two Node OpenShift with Fencing, all resources are expected to be active. + // When True, the resource is active with reason "Active". This is the normal operating state. + // When False, the resource is not active with reason "Inactive". This is an unexpected state. + ResourceActiveConditionType = "Active" + + // ResourceStartedConditionType tracks whether a resource is started. + // It's normal for a resource like etcd to become stopped in the event of a quorum loss event because + // the pacemaker recovery logic will fence a node and restore etcd quorum on the surviving node as a cluster-of-one. + // A resource that stays stopped for an extended period of time is an unexpected state and should be investigated. + // When True, the resource is started with reason "Started". This is the normal operating state. + // When False, the resource is not started with reason "Stopped". This is expected to be temporary. + ResourceStartedConditionType = "Started" + + // ResourceSchedulableConditionType tracks whether a resource is schedulable (not blocked). + // A resource that is not schedulable is unable to start or move to a different node. + // In Two Node OpenShift with Fencing, we do not expect any resources to be unschedulable. + // When True, the resource is schedulable with reason "Schedulable". This is the normal operating state. + // When False, the resource is not schedulable with reason "Unschedulable". This is an unexpected state. + ResourceSchedulableConditionType = "Schedulable" +) + +// ResourceHealthy condition reasons +const ( + // ResourceHealthyReasonHealthy means the resource is healthy and operating normally. + ResourceHealthyReasonHealthy = "ResourceHealthy" + + // ResourceHealthyReasonUnhealthy means the resource has issues that need investigation. + ResourceHealthyReasonUnhealthy = "ResourceUnhealthy" +) + +// ResourceInService condition reasons +const ( + // ResourceInServiceReasonInService means the resource is in service (not in maintenance mode). + // This is the normal operating state. + ResourceInServiceReasonInService = "InService" + + // ResourceInServiceReasonInMaintenance means the resource is in maintenance mode. + // Resources in maintenance mode are not monitored or moved by pacemaker. This is an unexpected state. + ResourceInServiceReasonInMaintenance = "InMaintenance" +) + +// ResourceManaged condition reasons +const ( + // ResourceManagedReasonManaged means the resource is managed by pacemaker. + // This is the normal operating state. + ResourceManagedReasonManaged = "Managed" + + // ResourceManagedReasonUnmanaged means the resource is not managed by pacemaker. + // Resources that are not managed by pacemaker are effectively invisible to the pacemaker HA logic. + // This is an unexpected state. + ResourceManagedReasonUnmanaged = "Unmanaged" +) + +// ResourceEnabled condition reasons +const ( + // ResourceEnabledReasonEnabled means the resource is enabled. + // This is the normal operating state. + ResourceEnabledReasonEnabled = "Enabled" + + // ResourceEnabledReasonDisabled means the resource is disabled. + // Resources that are disabled are stopped and not automatically managed or started by the cluster. + // This is an unexpected state. + ResourceEnabledReasonDisabled = "Disabled" +) + +// ResourceOperational condition reasons +const ( + // ResourceOperationalReasonOperational means the resource is operational (not failed). + // This is the normal operating state. + ResourceOperationalReasonOperational = "Operational" + + // ResourceOperationalReasonFailed means the resource has failed. + // A failed resource is one that is not able to start or is in an error state. This is an unexpected state. + ResourceOperationalReasonFailed = "Failed" +) + +// ResourceActive condition reasons +const ( + // ResourceActiveReasonActive means the resource is active. + // An active resource is running on a cluster node. This is the normal operating state. + ResourceActiveReasonActive = "Active" + + // ResourceActiveReasonInactive means the resource is not active. + // This is an unexpected state. + ResourceActiveReasonInactive = "Inactive" +) + +// ResourceStarted condition reasons +const ( + // ResourceStartedReasonStarted means the resource is started. + // This is the normal operating state. + ResourceStartedReasonStarted = "Started" + + // ResourceStartedReasonStopped means the resource is stopped. + // It's normal for a resource like etcd to become stopped in the event of a quorum loss event because + // the pacemaker recovery logic will fence a node and restore etcd quorum on the surviving node as a cluster-of-one. + // A resource that stays stopped for an extended period of time is an unexpected state and should be investigated. + ResourceStartedReasonStopped = "Stopped" +) + +// ResourceSchedulable condition reasons +const ( + // ResourceSchedulableReasonSchedulable means the resource is schedulable (not blocked). + // This is the normal operating state. + ResourceSchedulableReasonSchedulable = "Schedulable" + + // ResourceSchedulableReasonUnschedulable means the resource is not schedulable (blocked). + // A resource that is not schedulable is unable to start or move to a different node. This is an unexpected state. + ResourceSchedulableReasonUnschedulable = "Unschedulable" +) + +// PacemakerNodeAddressType represents the type of a node address. +// Currently only InternalIP is supported. +// +kubebuilder:validation:Enum=InternalIP +// +enum +type PacemakerNodeAddressType string + +const ( + // PacemakerNodeInternalIP is an internal IP address assigned to the node. + // This is typically the IP address used for intra-cluster communication. + PacemakerNodeInternalIP PacemakerNodeAddressType = "InternalIP" +) + +// PacemakerNodeAddress contains information for a node's address. +// This is similar to corev1.NodeAddress but adds validation for IP addresses. +type PacemakerNodeAddress struct { + // type is the type of node address. + // Currently only "InternalIP" is supported. + // +required + Type PacemakerNodeAddressType `json:"type,omitempty"` + + // address is the node address. + // For InternalIP, this must be a valid global unicast IPv4 or IPv6 address in canonical form. + // Canonical form means the shortest standard representation (e.g., "192.168.1.1" not "192.168.001.001", + // or "2001:db8::1" not "2001:0db8::1"). Maximum length is 39 characters (full IPv6 address). + // Global unicast includes private/RFC1918 addresses but excludes loopback, link-local, and multicast. + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=39 + // +kubebuilder:validation:XValidation:rule="isIP(self) && ip.isCanonical(self) && ip(self).isGlobalUnicast()",message="must be a valid global unicast IPv4 or IPv6 address in canonical form" + // +required + Address string `json:"address,omitempty"` +} + +// PacemakerClusterResourceName represents the name of a pacemaker resource. +// Fencing agents are tracked separately in the fencingAgents field. +// +kubebuilder:validation:Enum=Kubelet;Etcd +// +enum +type PacemakerClusterResourceName string + +// PacemakerClusterResourceName values +const ( + // PacemakerClusterResourceNameKubelet is the kubelet pacemaker resource. + // The kubelet resource is a prerequisite for etcd in Two Node OpenShift with Fencing deployments. + PacemakerClusterResourceNameKubelet PacemakerClusterResourceName = "Kubelet" + + // PacemakerClusterResourceNameEtcd is the etcd pacemaker resource. + // The etcd resource may temporarily transition to stopped during pacemaker quorum-recovery operations. + PacemakerClusterResourceNameEtcd PacemakerClusterResourceName = "Etcd" +) + +// FencingMethod represents the method used by a fencing agent to isolate failed nodes. +// Valid values are "Redfish" and "IPMI". +// +kubebuilder:validation:Enum=Redfish;IPMI +// +enum +type FencingMethod string + +// FencingMethod values +const ( + // FencingMethodRedfish uses Redfish, a standard RESTful API for server management. + FencingMethodRedfish FencingMethod = "Redfish" + + // FencingMethodIPMI uses IPMI (Intelligent Platform Management Interface), a hardware management interface. + FencingMethodIPMI FencingMethod = "IPMI" +) + +// +genclient +// +genclient:nonNamespaced +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// PacemakerCluster represents the current state of the pacemaker cluster as reported by the pcs status command. +// PacemakerCluster is a cluster-scoped singleton resource. The name of this instance is "cluster". This +// resource provides a view into the health and status of a pacemaker-managed cluster in Two Node OpenShift with Fencing deployments. +// +// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +// +openshift:compatibility-gen:level=4 +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=pacemakerclusters,scope=Cluster,singular=pacemakercluster +// +kubebuilder:subresource:status +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/2544 +// +openshift:file-pattern=cvoRunLevel=0000_25,operatorName=etcd,operatorOrdering=01,operatorComponent=two-node-fencing +// +openshift:enable:FeatureGate=DualReplica +// +kubebuilder:validation:XValidation:rule="self.metadata.name == 'cluster'",message="PacemakerCluster must be named 'cluster'" +// +kubebuilder:validation:XValidation:rule="!has(oldSelf.status) || has(self.status)",message="status may not be removed once set" +type PacemakerCluster struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +required + metav1.ObjectMeta `json:"metadata,omitempty"` + + // status contains the actual pacemaker cluster status information collected from the cluster. + // The goal of this status is to be able to quickly identify if pacemaker is in a healthy state. + // In Two Node OpenShift with Fencing, a healthy pacemaker cluster has 2 nodes, both of which have healthy kubelet, etcd, and fencing resources. + // This field is optional on creation - the status collector populates it immediately after creating + // the resource via the status subresource. + // +optional + Status PacemakerClusterStatus `json:"status,omitzero"` +} + +// PacemakerClusterStatus contains the actual pacemaker cluster status information. As part of validating the status +// object, we need to ensure that the lastUpdated timestamp may not be set to an earlier timestamp than the current value. +// The validation rule checks if oldSelf has lastUpdated before comparing, to handle the initial status creation case. +// +kubebuilder:validation:XValidation:rule="!has(oldSelf.lastUpdated) || self.lastUpdated >= oldSelf.lastUpdated",message="lastUpdated may not be set to an earlier timestamp" +type PacemakerClusterStatus struct { + // conditions represent the observations of the pacemaker cluster's current state. + // Known condition types are: "Healthy", "InService", "NodeCountAsExpected". + // The "Healthy" condition is an aggregate that tracks the overall health of the cluster. + // The "InService" condition tracks whether the cluster is in service (not in maintenance mode). + // The "NodeCountAsExpected" condition tracks whether the expected number of nodes are present. + // Each of these conditions is required, so the array must contain at least 3 items. + // +listType=map + // +listMapKey=type + // +kubebuilder:validation:MinItems=3 + // +kubebuilder:validation:MaxItems=8 + // +kubebuilder:validation:XValidation:rule="self.exists(c, c.type == 'Healthy')",message="conditions must contain a condition of type Healthy" + // +kubebuilder:validation:XValidation:rule="self.exists(c, c.type == 'InService')",message="conditions must contain a condition of type InService" + // +kubebuilder:validation:XValidation:rule="self.exists(c, c.type == 'NodeCountAsExpected')",message="conditions must contain a condition of type NodeCountAsExpected" + // +required + Conditions []metav1.Condition `json:"conditions,omitempty"` + + // lastUpdated is the timestamp when this status was last updated. This is useful for identifying + // stale status reports. It must be a valid timestamp in RFC3339 format. Once set, this field cannot + // be removed and cannot be set to an earlier timestamp than the current value. + // +kubebuilder:validation:Format=date-time + // +required + LastUpdated metav1.Time `json:"lastUpdated,omitempty,omitzero"` + + // nodes provides detailed status for each control-plane node in the Pacemaker cluster. + // While Pacemaker supports up to 32 nodes, the limit is set to 5 (max OpenShift control-plane nodes). + // For Two Node OpenShift with Fencing, exactly 2 nodes are expected in a healthy cluster. + // An empty list indicates a catastrophic failure where Pacemaker reports no nodes. + // +listType=map + // +listMapKey=nodeName + // +kubebuilder:validation:MinItems=0 + // +kubebuilder:validation:MaxItems=5 + // +required + Nodes *[]PacemakerClusterNodeStatus `json:"nodes,omitempty"` +} + +// PacemakerClusterNodeStatus represents the status of a single node in the pacemaker cluster including +// the node's conditions and the health of critical resources running on that node. +type PacemakerClusterNodeStatus struct { + // conditions represent the observations of the node's current state. + // Known condition types are: "Healthy", "Online", "InService", "Active", "Ready", "Clean", "Member", + // "FencingAvailable", "FencingHealthy". + // The "Healthy" condition is an aggregate that tracks the overall health of the node. + // The "Online" condition tracks whether the node is online. + // The "InService" condition tracks whether the node is in service (not in maintenance mode). + // The "Active" condition tracks whether the node is active (not in standby mode). + // The "Ready" condition tracks whether the node is ready (not in a pending state). + // The "Clean" condition tracks whether the node is in a clean (status known) state. + // The "Member" condition tracks whether the node is a member of the cluster. + // The "FencingAvailable" condition tracks whether this node can be fenced by at least one healthy agent. + // The "FencingHealthy" condition tracks whether all fencing agents for this node are healthy. + // Each of these conditions is required, so the array must contain at least 9 items. + // +listType=map + // +listMapKey=type + // +kubebuilder:validation:MinItems=9 + // +kubebuilder:validation:MaxItems=16 + // +kubebuilder:validation:XValidation:rule="self.exists(c, c.type == 'Healthy')",message="conditions must contain a condition of type Healthy" + // +kubebuilder:validation:XValidation:rule="self.exists(c, c.type == 'Online')",message="conditions must contain a condition of type Online" + // +kubebuilder:validation:XValidation:rule="self.exists(c, c.type == 'InService')",message="conditions must contain a condition of type InService" + // +kubebuilder:validation:XValidation:rule="self.exists(c, c.type == 'Active')",message="conditions must contain a condition of type Active" + // +kubebuilder:validation:XValidation:rule="self.exists(c, c.type == 'Ready')",message="conditions must contain a condition of type Ready" + // +kubebuilder:validation:XValidation:rule="self.exists(c, c.type == 'Clean')",message="conditions must contain a condition of type Clean" + // +kubebuilder:validation:XValidation:rule="self.exists(c, c.type == 'Member')",message="conditions must contain a condition of type Member" + // +kubebuilder:validation:XValidation:rule="self.exists(c, c.type == 'FencingAvailable')",message="conditions must contain a condition of type FencingAvailable" + // +kubebuilder:validation:XValidation:rule="self.exists(c, c.type == 'FencingHealthy')",message="conditions must contain a condition of type FencingHealthy" + // +required + Conditions []metav1.Condition `json:"conditions,omitempty"` + + // nodeName is the name of the node. This is expected to match the Kubernetes node's name, which must be a lowercase + // RFC 1123 subdomain consisting of lowercase alphanumeric characters, '-' or '.', starting and ending with + // an alphanumeric character, and be at most 253 characters in length. + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=253 + // +kubebuilder:validation:XValidation:rule="!format.dns1123Subdomain().validate(self).hasValue()",message="nodeName must be a lowercase RFC 1123 subdomain consisting of lowercase alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character" + // +required + NodeName string `json:"nodeName,omitempty"` + + // addresses is a list of IP addresses for the node. + // Pacemaker allows multiple IP addresses for Corosync communication between nodes. + // The first address in this list is used for IP-based peer URLs for etcd membership. + // Each address must be a valid global unicast IPv4 or IPv6 address in canonical form + // (e.g., "192.168.1.1" not "192.168.001.001", or "2001:db8::1" not "2001:0db8::1"). + // This excludes loopback, link-local, and multicast addresses. + // +listType=atomic + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=8 + // +required + Addresses []PacemakerNodeAddress `json:"addresses,omitempty"` + + // resources contains the status of pacemaker resources scheduled on this node. + // Each resource entry includes the resource name and its health conditions. + // For Two Node OpenShift with Fencing, we track Kubelet and Etcd resources per node. + // Both resources are required to be present, so the array must contain at least 2 items. + // Valid resource names are "Kubelet" and "Etcd". + // Fencing agents are tracked separately in the fencingAgents field. + // +listType=map + // +listMapKey=name + // +kubebuilder:validation:MinItems=2 + // +kubebuilder:validation:MaxItems=8 + // +kubebuilder:validation:XValidation:rule="self.exists(r, r.name == 'Kubelet')",message="resources must contain a resource named Kubelet" + // +kubebuilder:validation:XValidation:rule="self.exists(r, r.name == 'Etcd')",message="resources must contain a resource named Etcd" + // +required + Resources []PacemakerClusterResourceStatus `json:"resources,omitempty"` + + // fencingAgents contains the status of fencing agents that can fence this node. + // Unlike resources (which are scheduled to run on this node), fencing agents are mapped + // to the node they can fence (their target), not the node where monitoring operations run. + // Each fencing agent entry includes a unique name, fencing type, target node, and health conditions. + // A node is considered fence-capable if at least one fencing agent is healthy. + // Expected to have 1 fencing agent per node, but up to 8 are supported for redundancy. + // Names must be unique within this array. + // +listType=map + // +listMapKey=name + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=8 + // +kubebuilder:validation:XValidation:rule="self.all(x, self.exists_one(y, x.name == y.name))",message="fencing agent names must be unique" + // +required + FencingAgents []PacemakerClusterFencingAgentStatus `json:"fencingAgents,omitempty"` +} + +// PacemakerClusterFencingAgentStatus represents the status of a fencing agent that can fence a node. +// Fencing agents are STONITH (Shoot The Other Node In The Head) devices used to isolate failed nodes. +// Unlike regular pacemaker resources, fencing agents are mapped to their target node (the node they +// can fence), not the node where their monitoring operations are scheduled. +type PacemakerClusterFencingAgentStatus struct { + // conditions represent the observations of the fencing agent's current state. + // Known condition types are: "Healthy", "InService", "Managed", "Enabled", "Operational", + // "Active", "Started", "Schedulable". + // The "Healthy" condition is an aggregate that tracks the overall health of the fencing agent. + // The "InService" condition tracks whether the fencing agent is in service (not in maintenance mode). + // The "Managed" condition tracks whether the fencing agent is managed by pacemaker. + // The "Enabled" condition tracks whether the fencing agent is enabled. + // The "Operational" condition tracks whether the fencing agent is operational (not failed). + // The "Active" condition tracks whether the fencing agent is active (available to be used). + // The "Started" condition tracks whether the fencing agent is started. + // The "Schedulable" condition tracks whether the fencing agent is schedulable (not blocked). + // Each of these conditions is required, so the array must contain at least 8 items. + // +listType=map + // +listMapKey=type + // +kubebuilder:validation:MinItems=8 + // +kubebuilder:validation:MaxItems=16 + // +kubebuilder:validation:XValidation:rule="self.exists(c, c.type == 'Healthy')",message="conditions must contain a condition of type Healthy" + // +kubebuilder:validation:XValidation:rule="self.exists(c, c.type == 'InService')",message="conditions must contain a condition of type InService" + // +kubebuilder:validation:XValidation:rule="self.exists(c, c.type == 'Managed')",message="conditions must contain a condition of type Managed" + // +kubebuilder:validation:XValidation:rule="self.exists(c, c.type == 'Enabled')",message="conditions must contain a condition of type Enabled" + // +kubebuilder:validation:XValidation:rule="self.exists(c, c.type == 'Operational')",message="conditions must contain a condition of type Operational" + // +kubebuilder:validation:XValidation:rule="self.exists(c, c.type == 'Active')",message="conditions must contain a condition of type Active" + // +kubebuilder:validation:XValidation:rule="self.exists(c, c.type == 'Started')",message="conditions must contain a condition of type Started" + // +kubebuilder:validation:XValidation:rule="self.exists(c, c.type == 'Schedulable')",message="conditions must contain a condition of type Schedulable" + // +required + Conditions []metav1.Condition `json:"conditions,omitempty"` + + // name is the unique identifier for this fencing agent (e.g., "master-0_redfish"). + // The name must be unique within the fencingAgents array for this node. + // It may contain alphanumeric characters, dots, hyphens, and underscores. + // Maximum length is 300 characters, providing headroom beyond the typical format of + // _ (253 for RFC 1123 node name + 1 underscore + type). + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=300 + // +kubebuilder:validation:XValidation:rule="self.matches('^[a-zA-Z0-9._-]+$')",message="name must contain only alphanumeric characters, dots, hyphens, and underscores" + // +required + Name string `json:"name,omitempty"` + + // method is the fencing method used by this agent. + // Valid values are "Redfish" and "IPMI". + // Redfish is a standard RESTful API for server management. + // IPMI (Intelligent Platform Management Interface) is a hardware management interface. + // +required + Method FencingMethod `json:"method,omitempty"` +} + +// PacemakerClusterResourceStatus represents the status of a pacemaker resource scheduled on a node. +// A pacemaker resource is a unit of work managed by pacemaker. In pacemaker terminology, resources are services or +// applications that pacemaker monitors, starts, stops, and moves between nodes to maintain high availability. +// For Two Node OpenShift with Fencing, we track two resources per node: +// - Kubelet (the Kubernetes node agent and a prerequisite for etcd) +// - Etcd (the distributed key-value store) +// +// Fencing agents are tracked separately in the fencingAgents field because they are mapped to +// their target node (the node they can fence), not the node where monitoring operations are scheduled. +type PacemakerClusterResourceStatus struct { + // conditions represent the observations of the resource's current state. + // Known condition types are: "Healthy", "InService", "Managed", "Enabled", "Operational", + // "Active", "Started", "Schedulable". + // The "Healthy" condition is an aggregate that tracks the overall health of the resource. + // The "InService" condition tracks whether the resource is in service (not in maintenance mode). + // The "Managed" condition tracks whether the resource is managed by pacemaker. + // The "Enabled" condition tracks whether the resource is enabled. + // The "Operational" condition tracks whether the resource is operational (not failed). + // The "Active" condition tracks whether the resource is active (available to be used). + // The "Started" condition tracks whether the resource is started. + // The "Schedulable" condition tracks whether the resource is schedulable (not blocked). + // Each of these conditions is required, so the array must contain at least 8 items. + // +listType=map + // +listMapKey=type + // +kubebuilder:validation:MinItems=8 + // +kubebuilder:validation:MaxItems=16 + // +kubebuilder:validation:XValidation:rule="self.exists(c, c.type == 'Healthy')",message="conditions must contain a condition of type Healthy" + // +kubebuilder:validation:XValidation:rule="self.exists(c, c.type == 'InService')",message="conditions must contain a condition of type InService" + // +kubebuilder:validation:XValidation:rule="self.exists(c, c.type == 'Managed')",message="conditions must contain a condition of type Managed" + // +kubebuilder:validation:XValidation:rule="self.exists(c, c.type == 'Enabled')",message="conditions must contain a condition of type Enabled" + // +kubebuilder:validation:XValidation:rule="self.exists(c, c.type == 'Operational')",message="conditions must contain a condition of type Operational" + // +kubebuilder:validation:XValidation:rule="self.exists(c, c.type == 'Active')",message="conditions must contain a condition of type Active" + // +kubebuilder:validation:XValidation:rule="self.exists(c, c.type == 'Started')",message="conditions must contain a condition of type Started" + // +kubebuilder:validation:XValidation:rule="self.exists(c, c.type == 'Schedulable')",message="conditions must contain a condition of type Schedulable" + // +required + Conditions []metav1.Condition `json:"conditions,omitempty"` + + // name is the name of the pacemaker resource. + // Valid values are "Kubelet" and "Etcd". + // The Kubelet resource is a prerequisite for etcd in Two Node OpenShift with Fencing deployments. + // The Etcd resource may temporarily transition to stopped during pacemaker quorum-recovery operations. + // Fencing agents are tracked separately in the node's fencingAgents field. + // +required + Name PacemakerClusterResourceName `json:"name,omitempty"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// PacemakerClusterList contains a list of PacemakerCluster objects. PacemakerCluster is a cluster-scoped singleton +// resource; only one instance named "cluster" may exist. This list type exists only to satisfy Kubernetes API +// conventions. +// +// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +// +openshift:compatibility-gen:level=4 +type PacemakerClusterList struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard list's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ListMeta `json:"metadata,omitempty"` + + // items is a list of PacemakerCluster objects. + Items []PacemakerCluster `json:"items"` +} diff --git a/vendor/github.com/openshift/api/etcd/v1alpha1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/etcd/v1alpha1/zz_generated.deepcopy.go new file mode 100644 index 000000000000..17bf978510d8 --- /dev/null +++ b/vendor/github.com/openshift/api/etcd/v1alpha1/zz_generated.deepcopy.go @@ -0,0 +1,210 @@ +//go:build !ignore_autogenerated +// +build !ignore_autogenerated + +// Code generated by codegen. DO NOT EDIT. + +package v1alpha1 + +import ( + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PacemakerCluster) DeepCopyInto(out *PacemakerCluster) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PacemakerCluster. +func (in *PacemakerCluster) DeepCopy() *PacemakerCluster { + if in == nil { + return nil + } + out := new(PacemakerCluster) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *PacemakerCluster) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PacemakerClusterFencingAgentStatus) DeepCopyInto(out *PacemakerClusterFencingAgentStatus) { + *out = *in + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]v1.Condition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PacemakerClusterFencingAgentStatus. +func (in *PacemakerClusterFencingAgentStatus) DeepCopy() *PacemakerClusterFencingAgentStatus { + if in == nil { + return nil + } + out := new(PacemakerClusterFencingAgentStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PacemakerClusterList) DeepCopyInto(out *PacemakerClusterList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]PacemakerCluster, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PacemakerClusterList. +func (in *PacemakerClusterList) DeepCopy() *PacemakerClusterList { + if in == nil { + return nil + } + out := new(PacemakerClusterList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *PacemakerClusterList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PacemakerClusterNodeStatus) DeepCopyInto(out *PacemakerClusterNodeStatus) { + *out = *in + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]v1.Condition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Addresses != nil { + in, out := &in.Addresses, &out.Addresses + *out = make([]PacemakerNodeAddress, len(*in)) + copy(*out, *in) + } + if in.Resources != nil { + in, out := &in.Resources, &out.Resources + *out = make([]PacemakerClusterResourceStatus, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.FencingAgents != nil { + in, out := &in.FencingAgents, &out.FencingAgents + *out = make([]PacemakerClusterFencingAgentStatus, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PacemakerClusterNodeStatus. +func (in *PacemakerClusterNodeStatus) DeepCopy() *PacemakerClusterNodeStatus { + if in == nil { + return nil + } + out := new(PacemakerClusterNodeStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PacemakerClusterResourceStatus) DeepCopyInto(out *PacemakerClusterResourceStatus) { + *out = *in + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]v1.Condition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PacemakerClusterResourceStatus. +func (in *PacemakerClusterResourceStatus) DeepCopy() *PacemakerClusterResourceStatus { + if in == nil { + return nil + } + out := new(PacemakerClusterResourceStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PacemakerClusterStatus) DeepCopyInto(out *PacemakerClusterStatus) { + *out = *in + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]v1.Condition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + in.LastUpdated.DeepCopyInto(&out.LastUpdated) + if in.Nodes != nil { + in, out := &in.Nodes, &out.Nodes + *out = new([]PacemakerClusterNodeStatus) + if **in != nil { + in, out := *in, *out + *out = make([]PacemakerClusterNodeStatus, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PacemakerClusterStatus. +func (in *PacemakerClusterStatus) DeepCopy() *PacemakerClusterStatus { + if in == nil { + return nil + } + out := new(PacemakerClusterStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PacemakerNodeAddress) DeepCopyInto(out *PacemakerNodeAddress) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PacemakerNodeAddress. +func (in *PacemakerNodeAddress) DeepCopy() *PacemakerNodeAddress { + if in == nil { + return nil + } + out := new(PacemakerNodeAddress) + in.DeepCopyInto(out) + return out +} diff --git a/vendor/github.com/openshift/api/etcd/v1alpha1/zz_generated.featuregated-crd-manifests.yaml b/vendor/github.com/openshift/api/etcd/v1alpha1/zz_generated.featuregated-crd-manifests.yaml new file mode 100644 index 000000000000..f5a64682ab23 --- /dev/null +++ b/vendor/github.com/openshift/api/etcd/v1alpha1/zz_generated.featuregated-crd-manifests.yaml @@ -0,0 +1,23 @@ +pacemakerclusters.etcd.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/2544 + CRDName: pacemakerclusters.etcd.openshift.io + Capability: "" + Category: "" + FeatureGates: + - DualReplica + FilenameOperatorName: etcd + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_25" + GroupName: etcd.openshift.io + HasStatus: true + KindName: PacemakerCluster + Labels: {} + PluralName: pacemakerclusters + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: + - DualReplica + Version: v1alpha1 + diff --git a/vendor/github.com/openshift/api/etcd/v1alpha1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/etcd/v1alpha1/zz_generated.swagger_doc_generated.go new file mode 100644 index 000000000000..62e1c3ebd7db --- /dev/null +++ b/vendor/github.com/openshift/api/etcd/v1alpha1/zz_generated.swagger_doc_generated.go @@ -0,0 +1,89 @@ +package v1alpha1 + +// This file contains a collection of methods that can be used from go-restful to +// generate Swagger API documentation for its models. Please read this PR for more +// information on the implementation: https://github.com/emicklei/go-restful/pull/215 +// +// TODOs are ignored from the parser (e.g. TODO(andronat):... || TODO:...) if and only if +// they are on one line! For multiple line or blocks that you want to ignore use ---. +// Any context after a --- is ignored. +// +// Those methods can be generated by using hack/update-swagger-docs.sh + +// AUTO-GENERATED FUNCTIONS START HERE +var map_PacemakerCluster = map[string]string{ + "": "PacemakerCluster represents the current state of the pacemaker cluster as reported by the pcs status command. PacemakerCluster is a cluster-scoped singleton resource. The name of this instance is \"cluster\". This resource provides a view into the health and status of a pacemaker-managed cluster in Two Node OpenShift with Fencing deployments.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "status": "status contains the actual pacemaker cluster status information collected from the cluster. The goal of this status is to be able to quickly identify if pacemaker is in a healthy state. In Two Node OpenShift with Fencing, a healthy pacemaker cluster has 2 nodes, both of which have healthy kubelet, etcd, and fencing resources. This field is optional on creation - the status collector populates it immediately after creating the resource via the status subresource.", +} + +func (PacemakerCluster) SwaggerDoc() map[string]string { + return map_PacemakerCluster +} + +var map_PacemakerClusterFencingAgentStatus = map[string]string{ + "": "PacemakerClusterFencingAgentStatus represents the status of a fencing agent that can fence a node. Fencing agents are STONITH (Shoot The Other Node In The Head) devices used to isolate failed nodes. Unlike regular pacemaker resources, fencing agents are mapped to their target node (the node they can fence), not the node where their monitoring operations are scheduled.", + "conditions": "conditions represent the observations of the fencing agent's current state. Known condition types are: \"Healthy\", \"InService\", \"Managed\", \"Enabled\", \"Operational\", \"Active\", \"Started\", \"Schedulable\". The \"Healthy\" condition is an aggregate that tracks the overall health of the fencing agent. The \"InService\" condition tracks whether the fencing agent is in service (not in maintenance mode). The \"Managed\" condition tracks whether the fencing agent is managed by pacemaker. The \"Enabled\" condition tracks whether the fencing agent is enabled. The \"Operational\" condition tracks whether the fencing agent is operational (not failed). The \"Active\" condition tracks whether the fencing agent is active (available to be used). The \"Started\" condition tracks whether the fencing agent is started. The \"Schedulable\" condition tracks whether the fencing agent is schedulable (not blocked). Each of these conditions is required, so the array must contain at least 8 items.", + "name": "name is the unique identifier for this fencing agent (e.g., \"master-0_redfish\"). The name must be unique within the fencingAgents array for this node. It may contain alphanumeric characters, dots, hyphens, and underscores. Maximum length is 300 characters, providing headroom beyond the typical format of _ (253 for RFC 1123 node name + 1 underscore + type).", + "method": "method is the fencing method used by this agent. Valid values are \"Redfish\" and \"IPMI\". Redfish is a standard RESTful API for server management. IPMI (Intelligent Platform Management Interface) is a hardware management interface.", +} + +func (PacemakerClusterFencingAgentStatus) SwaggerDoc() map[string]string { + return map_PacemakerClusterFencingAgentStatus +} + +var map_PacemakerClusterList = map[string]string{ + "": "PacemakerClusterList contains a list of PacemakerCluster objects. PacemakerCluster is a cluster-scoped singleton resource; only one instance named \"cluster\" may exist. This list type exists only to satisfy Kubernetes API conventions.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "metadata": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "items": "items is a list of PacemakerCluster objects.", +} + +func (PacemakerClusterList) SwaggerDoc() map[string]string { + return map_PacemakerClusterList +} + +var map_PacemakerClusterNodeStatus = map[string]string{ + "": "PacemakerClusterNodeStatus represents the status of a single node in the pacemaker cluster including the node's conditions and the health of critical resources running on that node.", + "conditions": "conditions represent the observations of the node's current state. Known condition types are: \"Healthy\", \"Online\", \"InService\", \"Active\", \"Ready\", \"Clean\", \"Member\", \"FencingAvailable\", \"FencingHealthy\". The \"Healthy\" condition is an aggregate that tracks the overall health of the node. The \"Online\" condition tracks whether the node is online. The \"InService\" condition tracks whether the node is in service (not in maintenance mode). The \"Active\" condition tracks whether the node is active (not in standby mode). The \"Ready\" condition tracks whether the node is ready (not in a pending state). The \"Clean\" condition tracks whether the node is in a clean (status known) state. The \"Member\" condition tracks whether the node is a member of the cluster. The \"FencingAvailable\" condition tracks whether this node can be fenced by at least one healthy agent. The \"FencingHealthy\" condition tracks whether all fencing agents for this node are healthy. Each of these conditions is required, so the array must contain at least 9 items.", + "nodeName": "nodeName is the name of the node. This is expected to match the Kubernetes node's name, which must be a lowercase RFC 1123 subdomain consisting of lowercase alphanumeric characters, '-' or '.', starting and ending with an alphanumeric character, and be at most 253 characters in length.", + "addresses": "addresses is a list of IP addresses for the node. Pacemaker allows multiple IP addresses for Corosync communication between nodes. The first address in this list is used for IP-based peer URLs for etcd membership. Each address must be a valid global unicast IPv4 or IPv6 address in canonical form (e.g., \"192.168.1.1\" not \"192.168.001.001\", or \"2001:db8::1\" not \"2001:0db8::1\"). This excludes loopback, link-local, and multicast addresses.", + "resources": "resources contains the status of pacemaker resources scheduled on this node. Each resource entry includes the resource name and its health conditions. For Two Node OpenShift with Fencing, we track Kubelet and Etcd resources per node. Both resources are required to be present, so the array must contain at least 2 items. Valid resource names are \"Kubelet\" and \"Etcd\". Fencing agents are tracked separately in the fencingAgents field.", + "fencingAgents": "fencingAgents contains the status of fencing agents that can fence this node. Unlike resources (which are scheduled to run on this node), fencing agents are mapped to the node they can fence (their target), not the node where monitoring operations run. Each fencing agent entry includes a unique name, fencing type, target node, and health conditions. A node is considered fence-capable if at least one fencing agent is healthy. Expected to have 1 fencing agent per node, but up to 8 are supported for redundancy. Names must be unique within this array.", +} + +func (PacemakerClusterNodeStatus) SwaggerDoc() map[string]string { + return map_PacemakerClusterNodeStatus +} + +var map_PacemakerClusterResourceStatus = map[string]string{ + "": "PacemakerClusterResourceStatus represents the status of a pacemaker resource scheduled on a node. A pacemaker resource is a unit of work managed by pacemaker. In pacemaker terminology, resources are services or applications that pacemaker monitors, starts, stops, and moves between nodes to maintain high availability. For Two Node OpenShift with Fencing, we track two resources per node:\n - Kubelet (the Kubernetes node agent and a prerequisite for etcd)\n - Etcd (the distributed key-value store)\n\nFencing agents are tracked separately in the fencingAgents field because they are mapped to their target node (the node they can fence), not the node where monitoring operations are scheduled.", + "conditions": "conditions represent the observations of the resource's current state. Known condition types are: \"Healthy\", \"InService\", \"Managed\", \"Enabled\", \"Operational\", \"Active\", \"Started\", \"Schedulable\". The \"Healthy\" condition is an aggregate that tracks the overall health of the resource. The \"InService\" condition tracks whether the resource is in service (not in maintenance mode). The \"Managed\" condition tracks whether the resource is managed by pacemaker. The \"Enabled\" condition tracks whether the resource is enabled. The \"Operational\" condition tracks whether the resource is operational (not failed). The \"Active\" condition tracks whether the resource is active (available to be used). The \"Started\" condition tracks whether the resource is started. The \"Schedulable\" condition tracks whether the resource is schedulable (not blocked). Each of these conditions is required, so the array must contain at least 8 items.", + "name": "name is the name of the pacemaker resource. Valid values are \"Kubelet\" and \"Etcd\". The Kubelet resource is a prerequisite for etcd in Two Node OpenShift with Fencing deployments. The Etcd resource may temporarily transition to stopped during pacemaker quorum-recovery operations. Fencing agents are tracked separately in the node's fencingAgents field.", +} + +func (PacemakerClusterResourceStatus) SwaggerDoc() map[string]string { + return map_PacemakerClusterResourceStatus +} + +var map_PacemakerClusterStatus = map[string]string{ + "": "PacemakerClusterStatus contains the actual pacemaker cluster status information. As part of validating the status object, we need to ensure that the lastUpdated timestamp may not be set to an earlier timestamp than the current value. The validation rule checks if oldSelf has lastUpdated before comparing, to handle the initial status creation case.", + "conditions": "conditions represent the observations of the pacemaker cluster's current state. Known condition types are: \"Healthy\", \"InService\", \"NodeCountAsExpected\". The \"Healthy\" condition is an aggregate that tracks the overall health of the cluster. The \"InService\" condition tracks whether the cluster is in service (not in maintenance mode). The \"NodeCountAsExpected\" condition tracks whether the expected number of nodes are present. Each of these conditions is required, so the array must contain at least 3 items.", + "lastUpdated": "lastUpdated is the timestamp when this status was last updated. This is useful for identifying stale status reports. It must be a valid timestamp in RFC3339 format. Once set, this field cannot be removed and cannot be set to an earlier timestamp than the current value.", + "nodes": "nodes provides detailed status for each control-plane node in the Pacemaker cluster. While Pacemaker supports up to 32 nodes, the limit is set to 5 (max OpenShift control-plane nodes). For Two Node OpenShift with Fencing, exactly 2 nodes are expected in a healthy cluster. An empty list indicates a catastrophic failure where Pacemaker reports no nodes.", +} + +func (PacemakerClusterStatus) SwaggerDoc() map[string]string { + return map_PacemakerClusterStatus +} + +var map_PacemakerNodeAddress = map[string]string{ + "": "PacemakerNodeAddress contains information for a node's address. This is similar to corev1.NodeAddress but adds validation for IP addresses.", + "type": "type is the type of node address. Currently only \"InternalIP\" is supported.", + "address": "address is the node address. For InternalIP, this must be a valid global unicast IPv4 or IPv6 address in canonical form. Canonical form means the shortest standard representation (e.g., \"192.168.1.1\" not \"192.168.001.001\", or \"2001:db8::1\" not \"2001:0db8::1\"). Maximum length is 39 characters (full IPv6 address). Global unicast includes private/RFC1918 addresses but excludes loopback, link-local, and multicast.", +} + +func (PacemakerNodeAddress) SwaggerDoc() map[string]string { + return map_PacemakerNodeAddress +} + +// AUTO-GENERATED FUNCTIONS END HERE diff --git a/vendor/github.com/openshift/api/features.md b/vendor/github.com/openshift/api/features.md index fd8d9fa77dfa..b98d9e631002 100644 --- a/vendor/github.com/openshift/api/features.md +++ b/vendor/github.com/openshift/api/features.md @@ -5,13 +5,15 @@ | EventedPLEG| | | | | | | | | | MachineAPIOperatorDisableMachineHealthCheckController| | | | | | | | | | MultiArchInstallAzure| | | | | | | | | -| NewOLMBoxCutterRuntime| | | | | | | | | | ShortCertRotation| | | | | | | | | +| ClusterAPIComputeInstall| | | Enabled | Enabled | | | | | +| ClusterAPIControlPlaneInstall| | | Enabled | Enabled | | | | | | ClusterAPIMachineManagementVSphere| | | Enabled | Enabled | | | | | | Example2| | | Enabled | Enabled | | | | | | ExternalSnapshotMetadata| | | Enabled | Enabled | | | | | -| IngressControllerDynamicConfigurationManager| | | Enabled | Enabled | | | | | +| KMSEncryptionProvider| | | Enabled | Enabled | | | | | | NetworkConnect| | | Enabled | Enabled | | | | | +| NewOLMBoxCutterRuntime| | | | Enabled | | | | Enabled | | NewOLMCatalogdAPIV1Metas| | | | Enabled | | | | Enabled | | NewOLMPreflightPermissionChecks| | | | Enabled | | | | Enabled | | NoRegistryClusterInstall| | | | Enabled | | | | Enabled | @@ -30,6 +32,7 @@ | BootcNodeManagement| | | Enabled | Enabled | | | Enabled | Enabled | | CBORServingAndStorage| | | Enabled | Enabled | | | Enabled | Enabled | | CRDCompatibilityRequirementOperator| | | Enabled | Enabled | | | Enabled | Enabled | +| CRIOCredentialProviderConfig| | | Enabled | Enabled | | | Enabled | Enabled | | ClientsPreferCBOR| | | Enabled | Enabled | | | Enabled | Enabled | | ClusterAPIInstallIBMCloud| | | Enabled | Enabled | | | Enabled | Enabled | | ClusterAPIMachineManagement| | | Enabled | Enabled | | | Enabled | Enabled | @@ -38,8 +41,10 @@ | ClusterVersionOperatorConfiguration| | | Enabled | Enabled | | | Enabled | Enabled | | ConfigurablePKI| | | Enabled | Enabled | | | Enabled | Enabled | | DNSNameResolver| | | Enabled | Enabled | | | Enabled | Enabled | +| DRAPartitionableDevices| | | Enabled | Enabled | | | Enabled | Enabled | | DualReplica| | | Enabled | Enabled | | | Enabled | Enabled | | DyanmicServiceEndpointIBMCloud| | | Enabled | Enabled | | | Enabled | Enabled | +| EVPN| | | Enabled | Enabled | | | Enabled | Enabled | | EtcdBackendQuota| | | Enabled | Enabled | | | Enabled | Enabled | | EventTTL| | | Enabled | Enabled | | | Enabled | Enabled | | Example| | | Enabled | Enabled | | | Enabled | Enabled | @@ -48,19 +53,17 @@ | GCPCustomAPIEndpoints| | | Enabled | Enabled | | | Enabled | Enabled | | GCPCustomAPIEndpointsInstall| | | Enabled | Enabled | | | Enabled | Enabled | | GCPDualStackInstall| | | Enabled | Enabled | | | Enabled | Enabled | +| GatewayAPIWithoutOLM| | | Enabled | Enabled | | | Enabled | Enabled | | HyperShiftOnlyDynamicResourceAllocation| Enabled | | Enabled | | Enabled | | Enabled | | | ImageModeStatusReporting| | | Enabled | Enabled | | | Enabled | Enabled | -| InsightsConfig| | | Enabled | Enabled | | | Enabled | Enabled | -| InsightsOnDemandDataGather| | | Enabled | Enabled | | | Enabled | Enabled | +| IngressControllerDynamicConfigurationManager| | | Enabled | Enabled | | | Enabled | Enabled | | IrreconcilableMachineConfig| | | Enabled | Enabled | | | Enabled | Enabled | -| KMSEncryptionProvider| | | Enabled | Enabled | | | Enabled | Enabled | +| KMSEncryption| | | Enabled | Enabled | | | Enabled | Enabled | | MachineAPIMigration| | | Enabled | Enabled | | | Enabled | Enabled | -| ManagedBootImagesCPMS| | | Enabled | Enabled | | | Enabled | Enabled | | MaxUnavailableStatefulSet| | | Enabled | Enabled | | | Enabled | Enabled | | MinimumKubeletVersion| | | Enabled | Enabled | | | Enabled | Enabled | | MixedCPUsAllocation| | | Enabled | Enabled | | | Enabled | Enabled | | MultiDiskSetup| | | Enabled | Enabled | | | Enabled | Enabled | -| MutableCSINodeAllocatableCount| | | Enabled | Enabled | | | Enabled | Enabled | | MutatingAdmissionPolicy| | | Enabled | Enabled | | | Enabled | Enabled | | NewOLM| | Enabled | | Enabled | | Enabled | | Enabled | | NewOLMOwnSingleNamespace| | Enabled | | Enabled | | Enabled | | Enabled | @@ -75,12 +78,8 @@ | VSphereHostVMGroupZonal| | | Enabled | Enabled | | | Enabled | Enabled | | VSphereMixedNodeEnv| | | Enabled | Enabled | | | Enabled | Enabled | | VolumeGroupSnapshot| | | Enabled | Enabled | | | Enabled | Enabled | -| AdditionalRoutingCapabilities| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| AdminNetworkPolicy| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| AlibabaPlatform| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | AzureWorkloadIdentity| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | BuildCSIVolumes| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| CPMSMachineNamePrefix| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | ConsolePluginContentSecurityPolicy| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | ExternalOIDC| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | ExternalOIDCWithUIDAndExtraClaimMappings| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | @@ -90,21 +89,19 @@ | HighlyAvailableArbiter| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | ImageStreamImportMode| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | ImageVolume| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | +| InsightsConfig| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | +| InsightsOnDemandDataGather| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | KMSv1| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | MachineConfigNodes| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | ManagedBootImages| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | ManagedBootImagesAWS| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | ManagedBootImagesAzure| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | +| ManagedBootImagesCPMS| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | ManagedBootImagesvSphere| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | MetricsCollectionProfiles| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| NetworkDiagnosticsConfig| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| NetworkLiveMigration| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| NetworkSegmentation| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | +| MutableCSINodeAllocatableCount| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | OpenShiftPodSecurityAdmission| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | PinnedImages| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| PreconfiguredUDNAddresses| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| ProcMountType| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| RouteAdvertisements| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | RouteExternalCertificate| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | ServiceAccountTokenNodeBinding| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | SigstoreImageVerification| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | @@ -115,4 +112,3 @@ | UserNamespacesSupport| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | VSphereMultiDisk| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | VSphereMultiNetworks| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| VolumeAttributesClass| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | diff --git a/vendor/github.com/openshift/api/features/features.go b/vendor/github.com/openshift/api/features/features.go index 9159b43d3463..2fc3881f101e 100644 --- a/vendor/github.com/openshift/api/features/features.go +++ b/vendor/github.com/openshift/api/features/features.go @@ -1,46 +1,85 @@ package features import ( - "fmt" - configv1 "github.com/openshift/api/config/v1" + "k8s.io/apimachinery/pkg/util/sets" ) -func FeatureSets(clusterProfile ClusterProfileName, featureSet configv1.FeatureSet) (*FeatureGateEnabledDisabled, error) { - byFeatureSet, ok := allFeatureGates[clusterProfile] - if !ok { - return nil, fmt.Errorf("no information found for ClusterProfile=%q", clusterProfile) - } - featureGates, ok := byFeatureSet[featureSet] - if !ok { - return nil, fmt.Errorf("no information found for FeatureSet=%q under ClusterProfile=%q", featureSet, clusterProfile) +// Generating this many versions future proofs us until at least 2040. +const ( + minOpenshiftVersion uint64 = 4 + maxOpenshiftVersion uint64 = 10 +) + +func FeatureSets(version uint64, clusterProfile ClusterProfileName, featureSet configv1.FeatureSet) *FeatureGateEnabledDisabled { + enabledDisabled := &FeatureGateEnabledDisabled{} + + for name, statuses := range allFeatureGates { + enabled := false + + for _, status := range statuses { + if status.isEnabled(version, clusterProfile, featureSet) { + enabled = true + break + } + } + + if enabled { + enabledDisabled.Enabled = append(enabledDisabled.Enabled, FeatureGateDescription{ + FeatureGateAttributes: configv1.FeatureGateAttributes{ + Name: name, + }, + }) + } else { + enabledDisabled.Disabled = append(enabledDisabled.Disabled, FeatureGateDescription{ + FeatureGateAttributes: configv1.FeatureGateAttributes{ + Name: name, + }, + }) + } } - return featureGates.DeepCopy(), nil + + return enabledDisabled } -func AllFeatureSets() map[ClusterProfileName]map[configv1.FeatureSet]*FeatureGateEnabledDisabled { - ret := map[ClusterProfileName]map[configv1.FeatureSet]*FeatureGateEnabledDisabled{} +func AllFeatureSets() map[uint64]map[ClusterProfileName]map[configv1.FeatureSet]*FeatureGateEnabledDisabled { + versions := sets.New[uint64]() + for version := minOpenshiftVersion; version <= maxOpenshiftVersion; version++ { + versions.Insert(version) + } + + clusterProfiles := sets.New[ClusterProfileName](AllClusterProfiles...) + featureSets := sets.New[configv1.FeatureSet](configv1.AllFixedFeatureSets...) - for clusterProfile, byFeatureSet := range allFeatureGates { - newByFeatureSet := map[configv1.FeatureSet]*FeatureGateEnabledDisabled{} + // Check for versions explicitly being set among the gates. + for _, statuses := range allFeatureGates { + for _, status := range statuses { + versions.Insert(status.version.UnsortedList()...) + } + } - for featureSet, enabledDisabled := range byFeatureSet { - newByFeatureSet[featureSet] = enabledDisabled.DeepCopy() + ret := map[uint64]map[ClusterProfileName]map[configv1.FeatureSet]*FeatureGateEnabledDisabled{} + for version := range versions { + ret[version] = map[ClusterProfileName]map[configv1.FeatureSet]*FeatureGateEnabledDisabled{} + for clusterProfile := range clusterProfiles { + ret[version][clusterProfile] = map[configv1.FeatureSet]*FeatureGateEnabledDisabled{} + for featureSet := range featureSets { + ret[version][clusterProfile][featureSet] = FeatureSets(version, clusterProfile, featureSet) + } } - ret[clusterProfile] = newByFeatureSet } return ret } var ( - allFeatureGates = map[ClusterProfileName]map[configv1.FeatureSet]*FeatureGateEnabledDisabled{} + allFeatureGates = map[configv1.FeatureGateName][]featureGateStatus{} FeatureGateConsolePluginCSP = newFeatureGate("ConsolePluginContentSecurityPolicy"). reportProblemsToJiraComponent("Management Console"). contactPerson("jhadvig"). productScope(ocpSpecific). - enableIn(configv1.Default, configv1.OKD, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enable(inDefault(), inOKD(), inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). enhancementPR("https://github.com/openshift/enhancements/pull/1706"). mustRegister() @@ -49,7 +88,7 @@ var ( contactPerson("ibihim"). productScope(kubernetes). enhancementPR("https://github.com/kubernetes/enhancements/issues/4193"). - enableIn(configv1.Default, configv1.OKD, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enable(inDefault(), inOKD(), inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() FeatureGateMutatingAdmissionPolicy = newFeatureGate("MutatingAdmissionPolicy"). @@ -57,7 +96,7 @@ var ( contactPerson("benluddy"). productScope(kubernetes). enhancementPR("https://github.com/kubernetes/enhancements/issues/3962"). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enable(inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() FeatureGateGatewayAPI = newFeatureGate("GatewayAPI"). @@ -65,7 +104,7 @@ var ( contactPerson("miciah"). productScope(ocpSpecific). enhancementPR(legacyFeatureGateWithoutEnhancement). - enableIn(configv1.Default, configv1.OKD, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enable(inDefault(), inOKD(), inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() FeatureGateOpenShiftPodSecurityAdmission = newFeatureGate("OpenShiftPodSecurityAdmission"). @@ -73,7 +112,7 @@ var ( contactPerson("ibihim"). productScope(ocpSpecific). enhancementPR("https://github.com/openshift/enhancements/pull/899"). - enableIn(configv1.Default, configv1.OKD, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enable(inDefault(), inOKD(), inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() FeatureGateBuildCSIVolumes = newFeatureGate("BuildCSIVolumes"). @@ -81,7 +120,7 @@ var ( contactPerson("adkaplan"). productScope(ocpSpecific). enhancementPR(legacyFeatureGateWithoutEnhancement). - enableIn(configv1.Default, configv1.OKD, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enable(inDefault(), inOKD(), inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() FeatureGateAzureWorkloadIdentity = newFeatureGate("AzureWorkloadIdentity"). @@ -89,7 +128,7 @@ var ( contactPerson("abutcher"). productScope(ocpSpecific). enhancementPR(legacyFeatureGateWithoutEnhancement). - enableIn(configv1.Default, configv1.OKD, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enable(inDefault(), inOKD(), inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() FeatureGateAzureDedicatedHosts = newFeatureGate("AzureDedicatedHosts"). @@ -97,7 +136,7 @@ var ( contactPerson("rvanderp3"). productScope(ocpSpecific). enhancementPR("https://github.com/openshift/enhancements/pull/1783"). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enable(inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() FeatureGateMaxUnavailableStatefulSet = newFeatureGate("MaxUnavailableStatefulSet"). @@ -105,7 +144,7 @@ var ( contactPerson("atiratree"). productScope(kubernetes). enhancementPR("https://github.com/kubernetes/enhancements/issues/961"). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enable(inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() FeatureGateEventedPLEG = newFeatureGate("EventedPLEG"). @@ -120,7 +159,7 @@ var ( contactPerson("sgrunert"). productScope(ocpSpecific). enhancementPR(legacyFeatureGateWithoutEnhancement). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade, configv1.Default, configv1.OKD). + enable(inDefault(), inOKD(), inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() FeatureGateSigstoreImageVerificationPKI = newFeatureGate("SigstoreImageVerificationPKI"). @@ -128,23 +167,23 @@ var ( contactPerson("QiWang"). productScope(ocpSpecific). enhancementPR("https://github.com/openshift/enhancements/pull/1658"). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade, configv1.Default, configv1.OKD). + enable(inDefault(), inOKD(), inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() - FeatureGateAlibabaPlatform = newFeatureGate("AlibabaPlatform"). - reportProblemsToJiraComponent("cloud-provider"). - contactPerson("jspeed"). - productScope(ocpSpecific). - enhancementPR(legacyFeatureGateWithoutEnhancement). - enableIn(configv1.Default, configv1.OKD, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). - mustRegister() + FeatureGateCRIOCredentialProviderConfig = newFeatureGate("CRIOCredentialProviderConfig"). + reportProblemsToJiraComponent("node"). + contactPerson("QiWang"). + productScope(ocpSpecific). + enhancementPR("https://github.com/openshift/enhancements/pull/1861"). + enable(inDevPreviewNoUpgrade(), inTechPreviewNoUpgrade()). + mustRegister() FeatureGateVSphereHostVMGroupZonal = newFeatureGate("VSphereHostVMGroupZonal"). reportProblemsToJiraComponent("splat"). contactPerson("jcpowermac"). productScope(ocpSpecific). enhancementPR("https://github.com/openshift/enhancements/pull/1677"). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enable(inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() FeatureGateVSphereMultiDisk = newFeatureGate("VSphereMultiDisk"). @@ -152,7 +191,7 @@ var ( contactPerson("vr4manta"). productScope(ocpSpecific). enhancementPR("https://github.com/openshift/enhancements/pull/1709"). - enableIn(configv1.Default, configv1.OKD, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enable(inDefault(), inOKD(), inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() FeatureGateRouteExternalCertificate = newFeatureGate("RouteExternalCertificate"). @@ -160,79 +199,31 @@ var ( contactPerson("chiragkyal"). productScope(ocpSpecific). enhancementPR(legacyFeatureGateWithoutEnhancement). - enableIn(configv1.Default, configv1.OKD, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enable(inDefault(), inOKD(), inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() - FeatureGateCPMSMachineNamePrefix = newFeatureGate("CPMSMachineNamePrefix"). - reportProblemsToJiraComponent("Cloud Compute / ControlPlaneMachineSet"). - contactPerson("chiragkyal"). - productScope(ocpSpecific). - enhancementPR("https://github.com/openshift/enhancements/pull/1714"). - enableIn(configv1.Default, configv1.OKD, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). - mustRegister() - - FeatureGateAdminNetworkPolicy = newFeatureGate("AdminNetworkPolicy"). - reportProblemsToJiraComponent("Networking/ovn-kubernetes"). - contactPerson("tssurya"). - productScope(ocpSpecific). - enhancementPR(legacyFeatureGateWithoutEnhancement). - enableIn(configv1.Default, configv1.OKD, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). - mustRegister() - - FeatureGateNetworkSegmentation = newFeatureGate("NetworkSegmentation"). - reportProblemsToJiraComponent("Networking/ovn-kubernetes"). - contactPerson("tssurya"). - productScope(ocpSpecific). - enhancementPR("https://github.com/openshift/enhancements/pull/1623"). - enableIn(configv1.Default, configv1.OKD, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). - mustRegister() - FeatureGateNetworkConnect = newFeatureGate("NetworkConnect"). reportProblemsToJiraComponent("Networking/ovn-kubernetes"). contactPerson("tssurya"). productScope(ocpSpecific). enhancementPR("https://github.com/ovn-kubernetes/ovn-kubernetes/pull/5246"). - enableIn(configv1.DevPreviewNoUpgrade). - mustRegister() - - FeatureGateAdditionalRoutingCapabilities = newFeatureGate("AdditionalRoutingCapabilities"). - reportProblemsToJiraComponent("Networking/cluster-network-operator"). - contactPerson("jcaamano"). - productScope(ocpSpecific). - enhancementPR(legacyFeatureGateWithoutEnhancement). - enableIn(configv1.Default, configv1.OKD, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). - mustRegister() - - FeatureGateRouteAdvertisements = newFeatureGate("RouteAdvertisements"). - reportProblemsToJiraComponent("Networking/ovn-kubernetes"). - contactPerson("jcaamano"). - productScope(ocpSpecific). - enhancementPR(legacyFeatureGateWithoutEnhancement). - enableIn(configv1.Default, configv1.OKD, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enable(inDevPreviewNoUpgrade()). mustRegister() - FeatureGateNetworkLiveMigration = newFeatureGate("NetworkLiveMigration"). - reportProblemsToJiraComponent("Networking/ovn-kubernetes"). - contactPerson("pliu"). - productScope(ocpSpecific). - enhancementPR(legacyFeatureGateWithoutEnhancement). - enableIn(configv1.Default, configv1.OKD, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). - mustRegister() - - FeatureGateNetworkDiagnosticsConfig = newFeatureGate("NetworkDiagnosticsConfig"). - reportProblemsToJiraComponent("Networking/cluster-network-operator"). - contactPerson("kyrtapz"). - productScope(ocpSpecific). - enhancementPR(legacyFeatureGateWithoutEnhancement). - enableIn(configv1.Default, configv1.OKD, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). - mustRegister() + FeatureGateEVPN = newFeatureGate("EVPN"). + reportProblemsToJiraComponent("Networking/ovn-kubernetes"). + contactPerson("jcaamano"). + productScope(ocpSpecific). + enhancementPR("https://github.com/openshift/enhancements/pull/1862"). + enable(inDevPreviewNoUpgrade(), inTechPreviewNoUpgrade()). + mustRegister() FeatureGateOVNObservability = newFeatureGate("OVNObservability"). reportProblemsToJiraComponent("Networking"). contactPerson("npinaeva"). productScope(ocpSpecific). enhancementPR(legacyFeatureGateWithoutEnhancement). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enable(inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() FeatureGateBackendQuotaGiB = newFeatureGate("EtcdBackendQuota"). @@ -240,7 +231,7 @@ var ( contactPerson("hasbro17"). productScope(ocpSpecific). enhancementPR(legacyFeatureGateWithoutEnhancement). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enable(inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() FeatureGateAutomatedEtcdBackup = newFeatureGate("AutomatedEtcdBackup"). @@ -248,7 +239,7 @@ var ( contactPerson("hasbro17"). productScope(ocpSpecific). enhancementPR(legacyFeatureGateWithoutEnhancement). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enable(inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() FeatureGateMachineAPIOperatorDisableMachineHealthCheckController = newFeatureGate("MachineAPIOperatorDisableMachineHealthCheckController"). @@ -263,7 +254,7 @@ var ( contactPerson("miciah"). productScope(ocpSpecific). enhancementPR(legacyFeatureGateWithoutEnhancement). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enable(inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() FeatureGateMachineConfigNodes = newFeatureGate("MachineConfigNodes"). @@ -271,7 +262,7 @@ var ( contactPerson("ijanssen"). productScope(ocpSpecific). enhancementPR("https://github.com/openshift/enhancements/pull/1765"). - enableIn(configv1.Default, configv1.OKD, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enable(inDefault(), inOKD(), inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() FeatureGateImageModeStatusReporting = newFeatureGate("ImageModeStatusReporting"). @@ -279,7 +270,7 @@ var ( contactPerson("ijanssen"). productScope(ocpSpecific). enhancementPR("https://github.com/openshift/enhancements/pull/1809"). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enable(inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() FeatureGateClusterAPIInstall = newFeatureGate("ClusterAPIInstall"). @@ -294,7 +285,7 @@ var ( contactPerson("barbacbd"). productScope(ocpSpecific). enhancementPR(legacyFeatureGateWithoutEnhancement). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enable(inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() FeatureGateAWSClusterHostedDNS = newFeatureGate("AWSClusterHostedDNS"). @@ -302,7 +293,7 @@ var ( contactPerson("barbacbd"). productScope(ocpSpecific). enhancementPR(legacyFeatureGateWithoutEnhancement). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enable(inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() FeatureGateAzureClusterHostedDNSInstall = newFeatureGate("AzureClusterHostedDNSInstall"). @@ -310,7 +301,7 @@ var ( contactPerson("sadasu"). productScope(ocpSpecific). enhancementPR("https://github.com/openshift/enhancements/pull/1468"). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enable(inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() FeatureGateMixedCPUsAllocation = newFeatureGate("MixedCPUsAllocation"). @@ -318,7 +309,7 @@ var ( contactPerson("titzhak"). productScope(ocpSpecific). enhancementPR(legacyFeatureGateWithoutEnhancement). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enable(inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() FeatureGateManagedBootImages = newFeatureGate("ManagedBootImages"). @@ -326,7 +317,7 @@ var ( contactPerson("djoshy"). productScope(ocpSpecific). enhancementPR(legacyFeatureGateWithoutEnhancement). - enableIn(configv1.Default, configv1.OKD, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enable(inDefault(), inOKD(), inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() FeatureGateManagedBootImagesAWS = newFeatureGate("ManagedBootImagesAWS"). @@ -334,7 +325,7 @@ var ( contactPerson("djoshy"). productScope(ocpSpecific). enhancementPR(legacyFeatureGateWithoutEnhancement). - enableIn(configv1.Default, configv1.OKD, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enable(inDefault(), inOKD(), inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() FeatureGateManagedBootImagesvSphere = newFeatureGate("ManagedBootImagesvSphere"). @@ -342,7 +333,7 @@ var ( contactPerson("rsaini"). productScope(ocpSpecific). enhancementPR("https://github.com/openshift/enhancements/pull/1496"). - enableIn(configv1.Default, configv1.OKD, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enable(inDefault(), inOKD(), inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() FeatureGateManagedBootImagesAzure = newFeatureGate("ManagedBootImagesAzure"). @@ -350,7 +341,7 @@ var ( contactPerson("djoshy"). productScope(ocpSpecific). enhancementPR("https://github.com/openshift/enhancements/pull/1761"). - enableIn(configv1.Default, configv1.OKD, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enable(inDefault(), inOKD(), inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() FeatureGateManagedBootImagesCPMS = newFeatureGate("ManagedBootImagesCPMS"). @@ -358,7 +349,7 @@ var ( contactPerson("djoshy"). productScope(ocpSpecific). enhancementPR("https://github.com/openshift/enhancements/pull/1818"). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enable(inDefault(), inOKD(), inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() FeatureGateBootImageSkewEnforcement = newFeatureGate("BootImageSkewEnforcement"). @@ -366,7 +357,7 @@ var ( contactPerson("djoshy"). productScope(ocpSpecific). enhancementPR("https://github.com/openshift/enhancements/pull/1761"). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enable(inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() FeatureGateBootcNodeManagement = newFeatureGate("BootcNodeManagement"). @@ -374,7 +365,7 @@ var ( contactPerson("inesqyx"). productScope(ocpSpecific). enhancementPR(legacyFeatureGateWithoutEnhancement). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enable(inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() FeatureGateSignatureStores = newFeatureGate("SignatureStores"). @@ -382,7 +373,7 @@ var ( contactPerson("lmohanty"). productScope(ocpSpecific). enhancementPR(legacyFeatureGateWithoutEnhancement). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enable(inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() FeatureGateKMSv1 = newFeatureGate("KMSv1"). @@ -390,7 +381,7 @@ var ( contactPerson("dgrisonnet"). productScope(kubernetes). enhancementPR(legacyFeatureGateWithoutEnhancement). - enableIn(configv1.Default, configv1.OKD, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enable(inDefault(), inOKD(), inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() FeatureGatePinnedImages = newFeatureGate("PinnedImages"). @@ -398,7 +389,7 @@ var ( contactPerson("RishabhSaini"). productScope(ocpSpecific). enhancementPR(legacyFeatureGateWithoutEnhancement). - enableIn(configv1.Default, configv1.OKD, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enable(inDefault(), inOKD(), inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() FeatureGateUpgradeStatus = newFeatureGate("UpgradeStatus"). @@ -406,23 +397,15 @@ var ( contactPerson("pmuller"). productScope(ocpSpecific). enhancementPR(legacyFeatureGateWithoutEnhancement). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade, configv1.Default, configv1.OKD). + enable(inDefault(), inOKD(), inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() - FeatureGateVolumeAttributesClass = newFeatureGate("VolumeAttributesClass"). - reportProblemsToJiraComponent("Storage / Kubernetes External Components"). - contactPerson("dfajmon"). - productScope(kubernetes). - enhancementPR("https://github.com/kubernetes/enhancements/issues/3751"). - enableIn(configv1.Default, configv1.OKD, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). - mustRegister() - FeatureGateVolumeGroupSnapshot = newFeatureGate("VolumeGroupSnapshot"). reportProblemsToJiraComponent("Storage / Kubernetes External Components"). contactPerson("fbertina"). productScope(kubernetes). enhancementPR("https://github.com/kubernetes/enhancements/issues/3476"). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enable(inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() FeatureGateExternalSnapshotMetadata = newFeatureGate("ExternalSnapshotMetadata"). @@ -430,7 +413,7 @@ var ( contactPerson("jdobson"). productScope(kubernetes). enhancementPR("https://github.com/kubernetes/enhancements/issues/3314"). - enableIn(configv1.DevPreviewNoUpgrade). + enable(inDevPreviewNoUpgrade()). mustRegister() FeatureGateExternalOIDC = newFeatureGate("ExternalOIDC"). @@ -438,7 +421,7 @@ var ( contactPerson("liouk"). productScope(ocpSpecific). enhancementPR("https://github.com/openshift/enhancements/pull/1596"). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade, configv1.Default, configv1.OKD). + enable(inDefault(), inOKD(), inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() FeatureGateExternalOIDCWithAdditionalClaimMappings = newFeatureGate("ExternalOIDCWithUIDAndExtraClaimMappings"). @@ -446,7 +429,7 @@ var ( contactPerson("bpalmer"). productScope(ocpSpecific). enhancementPR("https://github.com/openshift/enhancements/pull/1777"). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade, configv1.Default, configv1.OKD). + enable(inDefault(), inOKD(), inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() FeatureGateExternalOIDCWithUpstreamParity = newFeatureGate("ExternalOIDCWithUpstreamParity"). @@ -454,7 +437,7 @@ var ( contactPerson("saldawam"). productScope(ocpSpecific). enhancementPR("https://github.com/openshift/enhancements/pull/1763"). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enable(inDevPreviewNoUpgrade(), inTechPreviewNoUpgrade()). mustRegister() FeatureGateExample = newFeatureGate("Example"). @@ -462,7 +445,7 @@ var ( contactPerson("deads"). productScope(ocpSpecific). enhancementPR(legacyFeatureGateWithoutEnhancement). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enable(inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() FeatureGateExample2 = newFeatureGate("Example2"). @@ -470,7 +453,7 @@ var ( contactPerson("JoelSpeed"). productScope(ocpSpecific). enhancementPR(legacyFeatureGateWithoutEnhancement). - enableIn(configv1.DevPreviewNoUpgrade). + enable(inDevPreviewNoUpgrade()). mustRegister() FeatureGateNewOLM = newFeatureGate("NewOLM"). @@ -478,7 +461,7 @@ var ( contactPerson("joe"). productScope(ocpSpecific). enhancementPR(legacyFeatureGateWithoutEnhancement). - enableForClusterProfile(SelfManaged, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade, configv1.Default, configv1.OKD). + enable(inClusterProfile(SelfManaged), inDefault(), inOKD(), inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() FeatureGateNewOLMCatalogdAPIV1Metas = newFeatureGate("NewOLMCatalogdAPIV1Metas"). @@ -486,7 +469,7 @@ var ( contactPerson("jordank"). productScope(ocpSpecific). enhancementPR("https://github.com/openshift/enhancements/pull/1749"). - enableForClusterProfile(SelfManaged, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enable(inClusterProfile(SelfManaged), inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() FeatureGateNewOLMPreflightPermissionChecks = newFeatureGate("NewOLMPreflightPermissionChecks"). @@ -494,7 +477,7 @@ var ( contactPerson("tshort"). productScope(ocpSpecific). enhancementPR("https://github.com/openshift/enhancements/pull/1768"). - enableForClusterProfile(SelfManaged, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enable(inClusterProfile(SelfManaged), inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() FeatureGateNewOLMOwnSingleNamespace = newFeatureGate("NewOLMOwnSingleNamespace"). @@ -502,7 +485,7 @@ var ( contactPerson("nschieder"). productScope(ocpSpecific). enhancementPR("https://github.com/openshift/enhancements/pull/1849"). - enableForClusterProfile(SelfManaged, configv1.Default, configv1.OKD, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enable(inClusterProfile(SelfManaged), inDefault(), inOKD(), inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() FeatureGateNewOLMWebhookProviderOpenshiftServiceCA = newFeatureGate("NewOLMWebhookProviderOpenshiftServiceCA"). @@ -510,7 +493,7 @@ var ( contactPerson("pegoncal"). productScope(ocpSpecific). enhancementPR("https://github.com/openshift/enhancements/pull/1844"). - enableForClusterProfile(SelfManaged, configv1.Default, configv1.OKD, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enable(inClusterProfile(SelfManaged), inDefault(), inOKD(), inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() FeatureGateNewOLMBoxCutterRuntime = newFeatureGate("NewOLMBoxCutterRuntime"). @@ -518,6 +501,7 @@ var ( contactPerson("pegoncal"). productScope(ocpSpecific). enhancementPR("https://github.com/openshift/enhancements/pull/1890"). + enable(inClusterProfile(SelfManaged), inDevPreviewNoUpgrade(), inTechPreviewNoUpgrade()). mustRegister() FeatureGateInsightsOnDemandDataGather = newFeatureGate("InsightsOnDemandDataGather"). @@ -525,7 +509,7 @@ var ( contactPerson("tremes"). productScope(ocpSpecific). enhancementPR(legacyFeatureGateWithoutEnhancement). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enable(inDefault(), inOKD(), inDevPreviewNoUpgrade(), inTechPreviewNoUpgrade()). mustRegister() FeatureGateInsightsConfig = newFeatureGate("InsightsConfig"). @@ -533,7 +517,7 @@ var ( contactPerson("tremes"). productScope(ocpSpecific). enhancementPR(legacyFeatureGateWithoutEnhancement). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enable(inDefault(), inOKD(), inDevPreviewNoUpgrade(), inTechPreviewNoUpgrade()). mustRegister() FeatureGateMetricsCollectionProfiles = newFeatureGate("MetricsCollectionProfiles"). @@ -541,7 +525,7 @@ var ( contactPerson("rexagod"). productScope(ocpSpecific). enhancementPR(legacyFeatureGateWithoutEnhancement). - enableIn(configv1.Default, configv1.OKD, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enable(inDefault(), inOKD(), inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() FeatureGateClusterAPIInstallIBMCloud = newFeatureGate("ClusterAPIInstallIBMCloud"). @@ -549,7 +533,7 @@ var ( contactPerson("cjschaef"). productScope(ocpSpecific). enhancementPR(legacyFeatureGateWithoutEnhancement). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enable(inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() FeatureGateMachineAPIMigration = newFeatureGate("MachineAPIMigration"). @@ -557,7 +541,7 @@ var ( contactPerson("jspeed"). productScope(ocpSpecific). enhancementPR(legacyFeatureGateWithoutEnhancement). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enable(inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() FeatureGateClusterAPIMachineManagement = newFeatureGate("ClusterAPIMachineManagement"). @@ -565,7 +549,7 @@ var ( contactPerson("ddonati"). productScope(ocpSpecific). enhancementPR("https://github.com/openshift/enhancements/pull/1465"). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enable(inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() FeatureGateClusterAPIMachineManagementVSphere = newFeatureGate("ClusterAPIMachineManagementVSphere"). @@ -573,7 +557,7 @@ var ( contactPerson("jcpowermac"). productScope(ocpSpecific). enhancementPR("https://github.com/openshift/enhancements/pull/1465"). - enableIn(configv1.DevPreviewNoUpgrade). + enable(inDevPreviewNoUpgrade()). mustRegister() FeatureGateClusterMonitoringConfig = newFeatureGate("ClusterMonitoringConfig"). @@ -581,7 +565,7 @@ var ( contactPerson("marioferh"). productScope(ocpSpecific). enhancementPR(legacyFeatureGateWithoutEnhancement). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enable(inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() FeatureGateMultiArchInstallAzure = newFeatureGate("MultiArchInstallAzure"). @@ -596,7 +580,7 @@ var ( contactPerson("psundara"). productScope(ocpSpecific). enhancementPR(legacyFeatureGateWithoutEnhancement). - enableIn(configv1.Default, configv1.OKD, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enable(inDefault(), inOKD(), inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() FeatureGateUserNamespacesSupport = newFeatureGate("UserNamespacesSupport"). @@ -604,7 +588,7 @@ var ( contactPerson("haircommander"). productScope(kubernetes). enhancementPR("https://github.com/kubernetes/enhancements/issues/127"). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade, configv1.Default, configv1.OKD). + enable(inDefault(), inOKD(), inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() // Note: this feature is perma-alpha, but it is safe and desireable to enable. @@ -615,38 +599,30 @@ var ( contactPerson("haircommander"). productScope(kubernetes). enhancementPR("https://github.com/kubernetes/enhancements/issues/127"). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade, configv1.Default, configv1.OKD). + enable(inDefault(), inOKD(), inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() - FeatureGateProcMountType = newFeatureGate("ProcMountType"). - reportProblemsToJiraComponent("Node"). - contactPerson("haircommander"). - productScope(kubernetes). - enhancementPR("https://github.com/kubernetes/enhancements/issues/4265"). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade, configv1.Default, configv1.OKD). - mustRegister() - FeatureGateVSphereMultiNetworks = newFeatureGate("VSphereMultiNetworks"). reportProblemsToJiraComponent("SPLAT"). contactPerson("rvanderp"). productScope(ocpSpecific). enhancementPR(legacyFeatureGateWithoutEnhancement). - enableIn(configv1.Default, configv1.OKD, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enable(inDefault(), inOKD(), inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() FeatureGateIngressControllerDynamicConfigurationManager = newFeatureGate("IngressControllerDynamicConfigurationManager"). reportProblemsToJiraComponent("Networking/router"). contactPerson("miciah"). productScope(ocpSpecific). - enhancementPR(legacyFeatureGateWithoutEnhancement). - enableIn(configv1.DevPreviewNoUpgrade). + enhancementPR("https://github.com/openshift/enhancements/pull/1687"). + enable(inDevPreviewNoUpgrade(), inTechPreviewNoUpgrade()). mustRegister() FeatureGateMinimumKubeletVersion = newFeatureGate("MinimumKubeletVersion"). reportProblemsToJiraComponent("Node"). contactPerson("haircommander"). productScope(ocpSpecific). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enable(inDevPreviewNoUpgrade(), inTechPreviewNoUpgrade()). enhancementPR("https://github.com/openshift/enhancements/pull/1697"). mustRegister() @@ -655,7 +631,7 @@ var ( contactPerson("yanhli"). productScope(ocpSpecific). enhancementPR("https://github.com/openshift/enhancements/pull/1711"). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enable(inDevPreviewNoUpgrade(), inTechPreviewNoUpgrade()). mustRegister() FeatureGateKMSEncryptionProvider = newFeatureGate("KMSEncryptionProvider"). @@ -663,15 +639,23 @@ var ( contactPerson("swghosh"). productScope(ocpSpecific). enhancementPR("https://github.com/openshift/enhancements/pull/1682"). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enable(inDevPreviewNoUpgrade()). mustRegister() + FeatureGateKMSEncryption = newFeatureGate("KMSEncryption"). + reportProblemsToJiraComponent("kube-apiserver"). + contactPerson("ardaguclu"). + productScope(ocpSpecific). + enhancementPR("https://github.com/openshift/enhancements/pull/1900"). + enable(inDevPreviewNoUpgrade(), inTechPreviewNoUpgrade()). + mustRegister() + FeatureGateHighlyAvailableArbiter = newFeatureGate("HighlyAvailableArbiter"). reportProblemsToJiraComponent("Two Node with Arbiter"). contactPerson("eggfoobar"). productScope(ocpSpecific). enhancementPR("https://github.com/openshift/enhancements/pull/1674"). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade, configv1.Default, configv1.OKD). + enable(inDefault(), inOKD(), inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() FeatureGateCVOConfiguration = newFeatureGate("ClusterVersionOperatorConfiguration"). @@ -679,7 +663,7 @@ var ( contactPerson("dhurta"). productScope(ocpSpecific). enhancementPR("https://github.com/openshift/enhancements/pull/1492"). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enable(inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() FeatureGateClusterUpdateAcceptRisks = newFeatureGate("ClusterUpdateAcceptRisks"). @@ -687,7 +671,7 @@ var ( contactPerson("hongkliu"). productScope(ocpSpecific). enhancementPR("https://github.com/openshift/enhancements/pull/1807"). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enable(inDevPreviewNoUpgrade(), inTechPreviewNoUpgrade()). mustRegister() FeatureGateGCPCustomAPIEndpoints = newFeatureGate("GCPCustomAPIEndpoints"). @@ -695,7 +679,7 @@ var ( contactPerson("barbacbd"). productScope(ocpSpecific). enhancementPR("https://github.com/openshift/enhancements/pull/1492"). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enable(inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() FeatureGateDyanmicServiceEndpointIBMCloud = newFeatureGate("DyanmicServiceEndpointIBMCloud"). @@ -703,7 +687,7 @@ var ( contactPerson("jared-hayes-dev"). productScope(ocpSpecific). enhancementPR("https://github.com/openshift/enhancements/pull/1712"). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enable(inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() FeatureGateSELinuxMount = newFeatureGate("SELinuxMount"). @@ -711,7 +695,7 @@ var ( contactPerson("jsafrane"). productScope(kubernetes). enhancementPR("https://github.com/kubernetes/enhancements/issues/1710"). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enable(inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() FeatureGateDualReplica = newFeatureGate("DualReplica"). @@ -719,7 +703,7 @@ var ( contactPerson("jaypoulz"). productScope(ocpSpecific). enhancementPR("https://github.com/openshift/enhancements/pull/1675"). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enable(inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() FeatureGateGatewayAPIController = newFeatureGate("GatewayAPIController"). @@ -732,7 +716,7 @@ var ( // A dedicated feature gate now controls the Gateway Controller to distinguish // its production readiness from that of the CRDs. enhancementPR("https://github.com/openshift/enhancements/pull/1756"). - enableIn(configv1.Default, configv1.OKD, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enable(inDefault(), inOKD(), inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() FeatureShortCertRotation = newFeatureGate("ShortCertRotation"). @@ -747,7 +731,7 @@ var ( contactPerson("rbednar"). productScope(ocpSpecific). enhancementPR("https://github.com/openshift/enhancements/pull/1748"). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enable(inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() FeatureGateAzureMultiDisk = newFeatureGate("AzureMultiDisk"). @@ -755,7 +739,7 @@ var ( contactPerson("jcpowermac"). productScope(ocpSpecific). enhancementPR("https://github.com/openshift/enhancements/pull/1779"). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enable(inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() FeatureGateStoragePerformantSecurityPolicy = newFeatureGate("StoragePerformantSecurityPolicy"). @@ -763,7 +747,7 @@ var ( contactPerson("hekumar"). productScope(ocpSpecific). enhancementPR("https://github.com/openshift/enhancements/pull/1804"). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade, configv1.Default, configv1.OKD). + enable(inDefault(), inOKD(), inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() FeatureGateMultiDiskSetup = newFeatureGate("MultiDiskSetup"). @@ -771,7 +755,7 @@ var ( contactPerson("jcpowermac"). productScope(ocpSpecific). enhancementPR("https://github.com/openshift/enhancements/pull/1805"). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enable(inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() FeatureGateAWSDedicatedHosts = newFeatureGate("AWSDedicatedHosts"). @@ -779,7 +763,7 @@ var ( contactPerson("rvanderp3"). productScope(ocpSpecific). enhancementPR("https://github.com/openshift/enhancements/pull/1781"). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enable(inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() FeatureGateVSphereMixedNodeEnv = newFeatureGate("VSphereMixedNodeEnv"). @@ -787,23 +771,15 @@ var ( contactPerson("vr4manta"). productScope(ocpSpecific). enhancementPR("https://github.com/openshift/enhancements/pull/1772"). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enable(inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() - FeatureGatePreconfiguredUDNAddresses = newFeatureGate("PreconfiguredUDNAddresses"). - reportProblemsToJiraComponent("Networking/ovn-kubernetes"). - contactPerson("kyrtapz"). - productScope(ocpSpecific). - enhancementPR("https://github.com/openshift/enhancements/pull/1793"). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade, configv1.Default, configv1.OKD). - mustRegister() - FeatureGateAWSServiceLBNetworkSecurityGroup = newFeatureGate("AWSServiceLBNetworkSecurityGroup"). reportProblemsToJiraComponent("Cloud Compute / Cloud Controller Manager"). contactPerson("mtulio"). productScope(ocpSpecific). enhancementPR("https://github.com/openshift/enhancements/pull/1802"). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enable(inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() FeatureGateImageVolume = newFeatureGate("ImageVolume"). @@ -811,7 +787,7 @@ var ( contactPerson("haircommander"). productScope(kubernetes). enhancementPR("https://github.com/openshift/enhancements/pull/1792"). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade, configv1.Default, configv1.OKD). + enable(inDefault(), inOKD(), inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() FeatureGateNoRegistryClusterInstall = newFeatureGate("NoRegistryClusterInstall"). @@ -819,7 +795,7 @@ var ( contactPerson("andfasano"). productScope(ocpSpecific). enhancementPR("https://github.com/openshift/enhancements/pull/1821"). - enableForClusterProfile(SelfManaged, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enable(inClusterProfile(SelfManaged), inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() FeatureGateGCPClusterHostedDNSInstall = newFeatureGate("GCPClusterHostedDNSInstall"). @@ -827,7 +803,7 @@ var ( contactPerson("barbacbd"). productScope(ocpSpecific). enhancementPR("https://github.com/openshift/enhancements/pull/1468"). - enableIn(configv1.Default, configv1.OKD, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enable(inDefault(), inOKD(), inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() FeatureGateAWSClusterHostedDNSInstall = newFeatureGate("AWSClusterHostedDNSInstall"). @@ -835,7 +811,7 @@ var ( contactPerson("barbacbd"). productScope(ocpSpecific). enhancementPR("https://github.com/openshift/enhancements/pull/1468"). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enable(inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() FeatureGateGCPCustomAPIEndpointsInstall = newFeatureGate("GCPCustomAPIEndpointsInstall"). @@ -843,7 +819,7 @@ var ( contactPerson("barbacbd"). productScope(ocpSpecific). enhancementPR("https://github.com/openshift/enhancements/pull/1492"). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enable(inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() FeatureGateIrreconcilableMachineConfig = newFeatureGate("IrreconcilableMachineConfig"). @@ -851,14 +827,14 @@ var ( contactPerson("pabrodri"). productScope(ocpSpecific). enhancementPR("https://github.com/openshift/enhancements/pull/1785"). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enable(inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() FeatureGateAWSDualStackInstall = newFeatureGate("AWSDualStackInstall"). reportProblemsToJiraComponent("Installer"). contactPerson("sadasu"). productScope(ocpSpecific). enhancementPR("https://github.com/openshift/enhancements/pull/1806"). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enable(inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() FeatureGateAzureDualStackInstall = newFeatureGate("AzureDualStackInstall"). @@ -866,7 +842,7 @@ var ( contactPerson("jhixson74"). productScope(ocpSpecific). enhancementPR("https://github.com/openshift/enhancements/pull/1806"). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enable(inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() FeatureGateGCPDualStackInstall = newFeatureGate("GCPDualStackInstall"). @@ -874,7 +850,7 @@ var ( contactPerson("barbacbd"). productScope(ocpSpecific). enhancementPR("https://github.com/openshift/enhancements/pull/1806"). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enable(inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() FeatureCBORServingAndStorage = newFeatureGate("CBORServingAndStorage"). @@ -882,7 +858,7 @@ var ( contactPerson("benluddy"). productScope(kubernetes). enhancementPR("https://github.com/kubernetes/enhancements/issues/4222"). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enable(inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() FeatureCBORClientsAllowCBOR = newFeatureGate("ClientsAllowCBOR"). @@ -897,7 +873,7 @@ var ( contactPerson("benluddy"). productScope(kubernetes). enhancementPR("https://github.com/kubernetes/enhancements/issues/4222"). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enable(inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() FeatureEventTTL = newFeatureGate("EventTTL"). @@ -905,7 +881,7 @@ var ( contactPerson("tjungblu"). productScope(ocpSpecific). enhancementPR("https://github.com/openshift/enhancements/pull/1857"). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enable(inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() FeatureGateMutableCSINodeAllocatableCount = newFeatureGate("MutableCSINodeAllocatableCount"). @@ -913,14 +889,14 @@ var ( contactPerson("jsafrane"). productScope(kubernetes). enhancementPR("https://github.com/kubernetes/enhancements/issues/4876"). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enable(inDevPreviewNoUpgrade(), inTechPreviewNoUpgrade(), inDefault(), inOKD()). mustRegister() FeatureGateOSStreams = newFeatureGate("OSStreams"). reportProblemsToJiraComponent("MachineConfigOperator"). contactPerson("pabrodri"). productScope(ocpSpecific). enhancementPR("https://github.com/openshift/enhancements/pull/1874"). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enable(inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() FeatureGateCRDCompatibilityRequirementOperator = newFeatureGate("CRDCompatibilityRequirementOperator"). @@ -928,14 +904,14 @@ var ( contactPerson("ddonati"). productScope(ocpSpecific). enhancementPR("https://github.com/openshift/enhancements/pull/1845"). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enable(inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() FeatureGateOnPremDNSRecords = newFeatureGate("OnPremDNSRecords"). reportProblemsToJiraComponent("Networking / On-Prem DNS"). contactPerson("bnemec"). productScope(ocpSpecific). enhancementPR("https://github.com/openshift/enhancements/pull/1803"). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enable(inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() FeatureGateProvisioningRequestAvailable = newFeatureGate("ProvisioningRequestAvailable"). @@ -943,7 +919,7 @@ var ( contactPerson("elmiko"). productScope(ocpSpecific). enhancementPR("https://github.com/openshift/enhancements/pull/1752"). - enableIn(configv1.DevPreviewNoUpgrade). + enable(inDevPreviewNoUpgrade()). mustRegister() FeatureGateHyperShiftOnlyDynamicResourceAllocation = newFeatureGate("HyperShiftOnlyDynamicResourceAllocation"). @@ -951,14 +927,46 @@ var ( contactPerson("csrwng"). productScope(ocpSpecific). enhancementPR("https://github.com/kubernetes/enhancements/issues/4381"). - enableForClusterProfile(Hypershift, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade, configv1.Default, configv1.OKD). + enable(inClusterProfile(Hypershift), inDefault(), inOKD(), inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() + FeatureGateDRAPartitionableDevices = newFeatureGate("DRAPartitionableDevices"). + reportProblemsToJiraComponent("Node"). + contactPerson("harche"). + productScope(kubernetes). + enhancementPR("https://github.com/kubernetes/enhancements/issues/4815"). + enable(inDevPreviewNoUpgrade(), inTechPreviewNoUpgrade()). + mustRegister() + FeatureGateConfigurablePKI = newFeatureGate("ConfigurablePKI"). reportProblemsToJiraComponent("kube-apiserver"). contactPerson("sanchezl"). productScope(ocpSpecific). enhancementPR("https://github.com/openshift/enhancements/pull/1882"). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enable(inDevPreviewNoUpgrade(), inTechPreviewNoUpgrade()). + mustRegister() + + FeatureGateClusterAPIControlPlaneInstall = newFeatureGate("ClusterAPIControlPlaneInstall"). + reportProblemsToJiraComponent("Installer / openshift-installer"). + contactPerson("patrickdillon"). + productScope(ocpSpecific). + enhancementPR("https://github.com/openshift/enhancements/pull/1465"). + enable(inDevPreviewNoUpgrade()). + mustRegister() + + FeatureGateClusterAPIComputeInstall = newFeatureGate("ClusterAPIComputeInstall"). + reportProblemsToJiraComponent("Installer / openshift-installer"). + contactPerson("patrickdillon"). + productScope(ocpSpecific). + enhancementPR("https://github.com/openshift/enhancements/pull/1465"). + enable(inDevPreviewNoUpgrade()). + mustRegister() + + FeatureGateGatewayAPIWithoutOLM = newFeatureGate("GatewayAPIWithoutOLM"). + reportProblemsToJiraComponent("Routing"). + contactPerson("miciah"). + productScope(ocpSpecific). + enhancementPR("https://github.com/openshift/enhancements/pull/1933"). + enable(inDevPreviewNoUpgrade(), inTechPreviewNoUpgrade()). mustRegister() ) diff --git a/vendor/github.com/openshift/api/features/legacyfeaturegates.go b/vendor/github.com/openshift/api/features/legacyfeaturegates.go index dd11fdf6632a..a92c0b9bb90f 100644 --- a/vendor/github.com/openshift/api/features/legacyfeaturegates.go +++ b/vendor/github.com/openshift/api/features/legacyfeaturegates.go @@ -7,10 +7,6 @@ var legacyFeatureGates = sets.New( // never add to this list, if you think you have an exception ask @deads2k "AWSEFSDriverVolumeMetrics", // never add to this list, if you think you have an exception ask @deads2k - "AdditionalRoutingCapabilities", - // never add to this list, if you think you have an exception ask @deads2k - "AdminNetworkPolicy", - // never add to this list, if you think you have an exception ask @deads2k "AlibabaPlatform", // never add to this list, if you think you have an exception ask @deads2k "AutomatedEtcdBackup", @@ -79,12 +75,6 @@ var legacyFeatureGates = sets.New( // never add to this list, if you think you have an exception ask @deads2k "MultiArchInstallGCP", // never add to this list, if you think you have an exception ask @deads2k - "NetworkDiagnosticsConfig", - // never add to this list, if you think you have an exception ask @deads2k - "NetworkLiveMigration", - // never add to this list, if you think you have an exception ask @deads2k - "NetworkSegmentation", - // never add to this list, if you think you have an exception ask @deads2k "NewOLM", // never add to this list, if you think you have an exception ask @deads2k "OVNObservability", @@ -95,8 +85,6 @@ var legacyFeatureGates = sets.New( // never add to this list, if you think you have an exception ask @deads2k "PrivateHostedZoneAWS", // never add to this list, if you think you have an exception ask @deads2k - "RouteAdvertisements", - // never add to this list, if you think you have an exception ask @deads2k "RouteExternalCertificate", // never add to this list, if you think you have an exception ask @deads2k "SetEIPForNLBIngressController", diff --git a/vendor/github.com/openshift/api/features/util.go b/vendor/github.com/openshift/api/features/util.go index 8606b6befd5d..e2b35d93a92a 100644 --- a/vendor/github.com/openshift/api/features/util.go +++ b/vendor/github.com/openshift/api/features/util.go @@ -6,6 +6,7 @@ import ( "strings" configv1 "github.com/openshift/api/config/v1" + "k8s.io/apimachinery/pkg/util/sets" ) // FeatureGateDescription is a golang-only interface used to contains details for a feature gate. @@ -45,6 +46,77 @@ var ( kubernetes = OwningProduct("Kubernetes") ) +type featureGateEnableOption func(s *featureGateStatus) + +type versionOperator string + +var ( + equal = versionOperator("=") + greaterThan = versionOperator(">") + greaterThanOrEqual = versionOperator(">=") + lessThan = versionOperator("<") + lessThanOrEqual = versionOperator("<=") +) + +func inVersion(version uint64, op versionOperator) featureGateEnableOption { + return func(s *featureGateStatus) { + switch op { + case equal: + s.version.Insert(version) + case greaterThan: + for v := version + 1; v <= maxOpenshiftVersion; v++ { + s.version.Insert(v) + } + case greaterThanOrEqual: + for v := version; v <= maxOpenshiftVersion; v++ { + s.version.Insert(v) + } + case lessThan: + for v := minOpenshiftVersion; v < version; v++ { + s.version.Insert(v) + } + case lessThanOrEqual: + for v := minOpenshiftVersion; v <= version; v++ { + s.version.Insert(v) + } + default: + panic(fmt.Sprintf("invalid version operator: %s", op)) + } + } +} + +func inClusterProfile(clusterProfile ClusterProfileName) featureGateEnableOption { + return func(s *featureGateStatus) { + s.clusterProfile.Insert(clusterProfile) + } +} + +func withFeatureSet(featureSet configv1.FeatureSet) featureGateEnableOption { + return func(s *featureGateStatus) { + s.featureSets.Insert(featureSet) + } +} + +func inDefault() featureGateEnableOption { + return withFeatureSet(configv1.Default) +} + +func inTechPreviewNoUpgrade() featureGateEnableOption { + return withFeatureSet(configv1.TechPreviewNoUpgrade) +} + +func inDevPreviewNoUpgrade() featureGateEnableOption { + return withFeatureSet(configv1.DevPreviewNoUpgrade) +} + +func inCustomNoUpgrade() featureGateEnableOption { + return withFeatureSet(configv1.CustomNoUpgrade) +} + +func inOKD() featureGateEnableOption { + return withFeatureSet(configv1.OKD) +} + type featureGateBuilder struct { name string owningJiraComponent string @@ -52,7 +124,22 @@ type featureGateBuilder struct { owningProduct OwningProduct enhancementPRURL string - statusByClusterProfileByFeatureSet map[ClusterProfileName]map[configv1.FeatureSet]bool + status []featureGateStatus +} +type featureGateStatus struct { + version sets.Set[uint64] + clusterProfile sets.Set[ClusterProfileName] + featureSets sets.Set[configv1.FeatureSet] +} + +func (s *featureGateStatus) isEnabled(version uint64, clusterProfile ClusterProfileName, featureSet configv1.FeatureSet) bool { + // If either version or clusterprofile are empty, match all. + matchesVersion := len(s.version) == 0 || s.version.Has(version) + matchesClusterProfile := len(s.clusterProfile) == 0 || s.clusterProfile.Has(clusterProfile) + + matchesFeatureSet := s.featureSets.Has(featureSet) + + return matchesVersion && matchesClusterProfile && matchesFeatureSet } const ( @@ -61,18 +148,9 @@ const ( // newFeatureGate featuregate are disabled in every FeatureSet and selectively enabled func newFeatureGate(name string) *featureGateBuilder { - b := &featureGateBuilder{ - name: name, - statusByClusterProfileByFeatureSet: map[ClusterProfileName]map[configv1.FeatureSet]bool{}, - } - for _, clusterProfile := range AllClusterProfiles { - byFeatureSet := map[configv1.FeatureSet]bool{} - for _, featureSet := range configv1.AllFixedFeatureSets { - byFeatureSet[featureSet] = false - } - b.statusByClusterProfileByFeatureSet[clusterProfile] = byFeatureSet + return &featureGateBuilder{ + name: name, } - return b } func (b *featureGateBuilder) reportProblemsToJiraComponent(owningJiraComponent string) *featureGateBuilder { @@ -95,19 +173,19 @@ func (b *featureGateBuilder) enhancementPR(url string) *featureGateBuilder { return b } -func (b *featureGateBuilder) enableIn(featureSets ...configv1.FeatureSet) *featureGateBuilder { - for clusterProfile := range b.statusByClusterProfileByFeatureSet { - for _, featureSet := range featureSets { - b.statusByClusterProfileByFeatureSet[clusterProfile][featureSet] = true - } +func (b *featureGateBuilder) enable(opts ...featureGateEnableOption) *featureGateBuilder { + status := featureGateStatus{ + version: sets.New[uint64](), + clusterProfile: sets.New[ClusterProfileName](), + featureSets: sets.New[configv1.FeatureSet](), } - return b -} -func (b *featureGateBuilder) enableForClusterProfile(clusterProfile ClusterProfileName, featureSets ...configv1.FeatureSet) *featureGateBuilder { - for _, featureSet := range featureSets { - b.statusByClusterProfileByFeatureSet[clusterProfile][featureSet] = true + for _, opt := range opts { + opt(&status) } + + b.status = append(b.status, status) + return b } @@ -144,33 +222,8 @@ func (b *featureGateBuilder) register() (configv1.FeatureGateName, error) { } featureGateName := configv1.FeatureGateName(b.name) - description := FeatureGateDescription{ - FeatureGateAttributes: configv1.FeatureGateAttributes{ - Name: featureGateName, - }, - OwningJiraComponent: b.owningJiraComponent, - ResponsiblePerson: b.responsiblePerson, - OwningProduct: b.owningProduct, - EnhancementPR: b.enhancementPRURL, - } - - // statusByClusterProfileByFeatureSet is initialized by constructor to be false for every combination - for clusterProfile, byFeatureSet := range b.statusByClusterProfileByFeatureSet { - for featureSet, enabled := range byFeatureSet { - if _, ok := allFeatureGates[clusterProfile]; !ok { - allFeatureGates[clusterProfile] = map[configv1.FeatureSet]*FeatureGateEnabledDisabled{} - } - if _, ok := allFeatureGates[clusterProfile][featureSet]; !ok { - allFeatureGates[clusterProfile][featureSet] = &FeatureGateEnabledDisabled{} - } - if enabled { - allFeatureGates[clusterProfile][featureSet].Enabled = append(allFeatureGates[clusterProfile][featureSet].Enabled, description) - } else { - allFeatureGates[clusterProfile][featureSet].Disabled = append(allFeatureGates[clusterProfile][featureSet].Disabled, description) - } - } - } + allFeatureGates[featureGateName] = b.status return featureGateName, nil } @@ -189,12 +242,16 @@ func (in *FeatureGateEnabledDisabled) DeepCopyInto(out *FeatureGateEnabledDisabl if in.Enabled != nil { in, out := &in.Enabled, &out.Enabled *out = make([]FeatureGateDescription, len(*in)) - copy(*out, *in) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } } if in.Disabled != nil { in, out := &in.Disabled, &out.Disabled *out = make([]FeatureGateDescription, len(*in)) - copy(*out, *in) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } } return } diff --git a/vendor/github.com/openshift/api/install.go b/vendor/github.com/openshift/api/install.go index ea5f349708ca..e4574e7c4f52 100644 --- a/vendor/github.com/openshift/api/install.go +++ b/vendor/github.com/openshift/api/install.go @@ -55,6 +55,7 @@ import ( "github.com/openshift/api/cloudnetwork" "github.com/openshift/api/config" "github.com/openshift/api/console" + "github.com/openshift/api/etcd" "github.com/openshift/api/helm" "github.com/openshift/api/image" "github.com/openshift/api/imageregistry" @@ -91,6 +92,7 @@ var ( build.Install, config.Install, console.Install, + etcd.Install, helm.Install, image.Install, imageregistry.Install, diff --git a/vendor/github.com/openshift/api/machine/v1/types_controlplanemachineset.go b/vendor/github.com/openshift/api/machine/v1/types_controlplanemachineset.go index d7661cf38938..25ffc9f46d5e 100644 --- a/vendor/github.com/openshift/api/machine/v1/types_controlplanemachineset.go +++ b/vendor/github.com/openshift/api/machine/v1/types_controlplanemachineset.go @@ -53,10 +53,9 @@ type ControlPlaneMachineSetSpec struct { // For example, if machineNamePrefix is set to 'control-plane', // and three machines are created, their names might be: // control-plane-abcde-0, control-plane-fghij-1, control-plane-klmno-2 - // +openshift:validation:FeatureGateAwareXValidation:featureGate=CPMSMachineNamePrefix,rule="!format.dns1123Subdomain().validate(self).hasValue()",message="a lowercase RFC 1123 subdomain must consist of lowercase alphanumeric characters, hyphens ('-'), and periods ('.'). Each block, separated by periods, must start and end with an alphanumeric character. Hyphens are not allowed at the start or end of a block, and consecutive periods are not permitted." + // +kubebuilder:validation:XValidation:rule="!format.dns1123Subdomain().validate(self).hasValue()",message="a lowercase RFC 1123 subdomain must consist of lowercase alphanumeric characters, hyphens ('-'), and periods ('.'). Each block, separated by periods, must start and end with an alphanumeric character. Hyphens are not allowed at the start or end of a block, and consecutive periods are not permitted." // +kubebuilder:validation:MinLength=1 // +kubebuilder:validation:MaxLength=245 - // +openshift:enable:FeatureGate=CPMSMachineNamePrefix // +optional MachineNamePrefix string `json:"machineNamePrefix,omitempty"` diff --git a/vendor/github.com/openshift/api/machine/v1/zz_generated.featuregated-crd-manifests.yaml b/vendor/github.com/openshift/api/machine/v1/zz_generated.featuregated-crd-manifests.yaml index 7be04ec84436..b001170fafe1 100644 --- a/vendor/github.com/openshift/api/machine/v1/zz_generated.featuregated-crd-manifests.yaml +++ b/vendor/github.com/openshift/api/machine/v1/zz_generated.featuregated-crd-manifests.yaml @@ -7,7 +7,6 @@ controlplanemachinesets.machine.openshift.io: Capability: MachineAPI Category: "" FeatureGates: - - CPMSMachineNamePrefix - MachineAPIMigration FilenameOperatorName: control-plane-machine-set FilenameOperatorOrdering: "01" diff --git a/vendor/github.com/openshift/api/machine/v1beta1/types_awsprovider.go b/vendor/github.com/openshift/api/machine/v1beta1/types_awsprovider.go index d1d5941fa836..e3508d6679d5 100644 --- a/vendor/github.com/openshift/api/machine/v1beta1/types_awsprovider.go +++ b/vendor/github.com/openshift/api/machine/v1beta1/types_awsprovider.go @@ -331,9 +331,16 @@ type Filter struct { // TagSpecification is the name/value pair for a tag type TagSpecification struct { - // name of the tag + // name of the tag. + // This field is required and must be a non-empty string. + // Must be between 1 and 128 characters in length. + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=128 + // +required Name string `json:"name"` - // value of the tag + // value of the tag. + // When omitted, this creates a tag with an empty string as the value. + // +optional Value string `json:"value"` } @@ -407,6 +414,26 @@ type AWSMachineProviderStatus struct { // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty"` + // dedicatedHost tracks the dynamically allocated dedicated host. + // This field is populated when allocationStrategy is Dynamic (with or without DynamicHostAllocation). + // When omitted, this indicates that the dedicated host has not yet been allocated, or allocation is in progress. + // +optional + DedicatedHost *DedicatedHostStatus `json:"dedicatedHost,omitempty"` +} + +// DedicatedHostStatus defines the observed state of a dynamically allocated dedicated host +// associated with an AWSMachine. This struct is used to track the ID of the dedicated host. +type DedicatedHostStatus struct { + // id tracks the dynamically allocated dedicated host ID. + // This field is populated when allocationStrategy is Dynamic (with or without DynamicHostAllocation). + // The value must start with "h-" followed by either 8 or 17 lowercase hexadecimal characters (0-9 and a-f). + // The use of 8 lowercase hexadecimal characters is for older legacy hosts that may not have been migrated to newer format. + // Must be either 10 or 19 characters in length. + // +kubebuilder:validation:XValidation:rule="self.matches('^h-([0-9a-f]{8}|[0-9a-f]{17})$')",message="id must start with 'h-' followed by either 8 or 17 lowercase hexadecimal characters (0-9 and a-f)" + // +kubebuilder:validation:MinLength=10 + // +kubebuilder:validation:MaxLength=19 + // +required + ID string `json:"id,omitempty"` } // MarketType describes the market type of an EC2 Instance @@ -454,21 +481,77 @@ type HostAffinity string const ( // HostAffinityAnyAvailable lets the platform select any available dedicated host. + HostAffinityAnyAvailable HostAffinity = "AnyAvailable" // HostAffinityDedicatedHost requires specifying a particular host via dedicatedHost.host.hostID. HostAffinityDedicatedHost HostAffinity = "DedicatedHost" ) +// AllocationStrategy selects how a dedicated host is provided to the system for assigning to the instance. +// +kubebuilder:validation:Enum:=UserProvided;Dynamic +// +enum +type AllocationStrategy string + +const ( + // AllocationStrategyUserProvided specifies that the system should assign instances to a user-provided dedicated host. + AllocationStrategyUserProvided AllocationStrategy = "UserProvided" + + // AllocationStrategyDynamic specifies that the system should dynamically allocate a dedicated host for instances. + AllocationStrategyDynamic AllocationStrategy = "Dynamic" +) + // DedicatedHost represents the configuration for the usage of dedicated host. +// +kubebuilder:validation:XValidation:rule="self.allocationStrategy == 'UserProvided' ? has(self.id) : !has(self.id)",message="id is required when allocationStrategy is UserProvided, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.dynamicHostAllocation) ? self.allocationStrategy == 'Dynamic' : true",message="dynamicHostAllocation is only allowed when allocationStrategy is Dynamic" +// +union type DedicatedHost struct { + // allocationStrategy specifies if the dedicated host will be provided by the admin through the id field or if the host will be dynamically allocated. + // Valid values are UserProvided and Dynamic. + // When omitted, the value defaults to "UserProvided", which requires the id field to be set. + // When allocationStrategy is set to UserProvided, an ID of the dedicated host to assign must be provided. + // When allocationStrategy is set to Dynamic, a dedicated host will be allocated and used to assign instances. + // When allocationStrategy is set to Dynamic, and dynamicHostAllocation is configured, a dedicated host will be allocated and the tags in dynamicHostAllocation will be assigned to that host. + // +optional + // +unionDiscriminator + // +default="UserProvided" + AllocationStrategy *AllocationStrategy `json:"allocationStrategy,omitempty"` + // id identifies the AWS Dedicated Host on which the instance must run. // The value must start with "h-" followed by either 8 or 17 lowercase hexadecimal characters (0-9 and a-f). // The use of 8 lowercase hexadecimal characters is for older legacy hosts that may not have been migrated to newer format. // Must be either 10 or 19 characters in length. - // +kubebuilder:validation:XValidation:rule="self.matches('^h-([0-9a-f]{8}|[0-9a-f]{17})$')",message="hostID must start with 'h-' followed by either 8 or 17 lowercase hexadecimal characters (0-9 and a-f)" + // This field is required when allocationStrategy is UserProvided, and forbidden otherwise. + // When omitted with allocationStrategy set to Dynamic, the platform will dynamically allocate a dedicated host. + // +kubebuilder:validation:XValidation:rule="self.matches('^h-([0-9a-f]{8}|[0-9a-f]{17})$')",message="id must start with 'h-' followed by either 8 or 17 lowercase hexadecimal characters (0-9 and a-f)" // +kubebuilder:validation:MinLength=10 // +kubebuilder:validation:MaxLength=19 - // +required + // +optional + // +unionMember=UserProvided ID string `json:"id,omitempty"` + + // dynamicHostAllocation specifies tags to apply to a dynamically allocated dedicated host. + // This field is only allowed when allocationStrategy is Dynamic, and is mutually exclusive with id. + // When specified, a dedicated host will be allocated with the provided tags applied. + // When omitted (and allocationStrategy is Dynamic), a dedicated host will be allocated without any additional tags. + // +optional + // +unionMember=Dynamic + DynamicHostAllocation *DynamicHostAllocationSpec `json:"dynamicHostAllocation,omitempty"` +} + +// DynamicHostAllocationSpec defines the configuration for dynamic dedicated host allocation. +// This specification always allocates exactly one dedicated host per machine. +// At least one property must be specified when this struct is used. +// Currently only Tags are available for configuring, but in the future more configs may become available. +// +kubebuilder:validation:MinProperties=1 +type DynamicHostAllocationSpec struct { + // tags specifies a set of key-value pairs to apply to the allocated dedicated host. + // When omitted, no additional user-defined tags will be applied to the allocated host. + // A maximum of 50 tags can be specified. + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=50 + // +listType=map + // +listMapKey=name + // +optional + Tags *[]TagSpecification `json:"tags,omitempty"` } diff --git a/vendor/github.com/openshift/api/machine/v1beta1/types_machine.go b/vendor/github.com/openshift/api/machine/v1beta1/types_machine.go index 9510b49fddf7..6bfe850812b8 100644 --- a/vendor/github.com/openshift/api/machine/v1beta1/types_machine.go +++ b/vendor/github.com/openshift/api/machine/v1beta1/types_machine.go @@ -185,6 +185,18 @@ const ( MachineAuthorityMigrating MachineAuthority = "Migrating" ) +// SynchronizedAPI holds the last stable value of authoritativeAPI. +// +kubebuilder:validation:Enum=MachineAPI;ClusterAPI +type SynchronizedAPI string + +const ( + // MachineAPISynchronized indicates that the Machine API is the last synchronized API. + MachineAPISynchronized SynchronizedAPI = "MachineAPI" + + // ClusterAPISynchronized indicates that the Cluster API is the last synchronized API. + ClusterAPISynchronized SynchronizedAPI = "ClusterAPI" +) + // +genclient // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object @@ -407,6 +419,14 @@ type MachineStatus struct { // +optional AuthoritativeAPI MachineAuthority `json:"authoritativeAPI,omitempty"` + // synchronizedAPI holds the last stable value of authoritativeAPI. + // It is used to detect migration cancellation requests and to restore the resource to its previous state. + // Valid values are "MachineAPI" and "ClusterAPI". + // When omitted, the resource has not yet been reconciled by the migration controller. + // +openshift:enable:FeatureGate=MachineAPIMigration + // +optional + SynchronizedAPI SynchronizedAPI `json:"synchronizedAPI,omitempty"` + // synchronizedGeneration is the generation of the authoritative resource that the non-authoritative resource is synchronised with. // This field is set when the authoritative resource is updated and the sync controller has updated the non-authoritative resource to match. // +kubebuilder:validation:Minimum=0 diff --git a/vendor/github.com/openshift/api/machine/v1beta1/types_machineset.go b/vendor/github.com/openshift/api/machine/v1beta1/types_machineset.go index 80cb282b7ffd..be5476344b12 100644 --- a/vendor/github.com/openshift/api/machine/v1beta1/types_machineset.go +++ b/vendor/github.com/openshift/api/machine/v1beta1/types_machineset.go @@ -169,6 +169,14 @@ type MachineSetStatus struct { // +optional AuthoritativeAPI MachineAuthority `json:"authoritativeAPI,omitempty"` + // synchronizedAPI holds the last stable value of authoritativeAPI. + // It is used to detect migration cancellation requests and to restore the resource to its previous state. + // Valid values are "MachineAPI" and "ClusterAPI". + // When omitted, the resource has not yet been reconciled by the migration controller. + // +openshift:enable:FeatureGate=MachineAPIMigration + // +optional + SynchronizedAPI SynchronizedAPI `json:"synchronizedAPI,omitempty"` + // synchronizedGeneration is the generation of the authoritative resource that the non-authoritative resource is synchronised with. // This field is set when the authoritative resource is updated and the sync controller has updated the non-authoritative resource to match. // +kubebuilder:validation:Minimum=0 diff --git a/vendor/github.com/openshift/api/machine/v1beta1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/machine/v1beta1/zz_generated.deepcopy.go index d08906c7d871..63b9bb5ff813 100644 --- a/vendor/github.com/openshift/api/machine/v1beta1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/machine/v1beta1/zz_generated.deepcopy.go @@ -152,6 +152,11 @@ func (in *AWSMachineProviderStatus) DeepCopyInto(out *AWSMachineProviderStatus) (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.DedicatedHost != nil { + in, out := &in.DedicatedHost, &out.DedicatedHost + *out = new(DedicatedHostStatus) + **out = **in + } return } @@ -512,6 +517,16 @@ func (in *DataDiskManagedDiskParameters) DeepCopy() *DataDiskManagedDiskParamete // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *DedicatedHost) DeepCopyInto(out *DedicatedHost) { *out = *in + if in.AllocationStrategy != nil { + in, out := &in.AllocationStrategy, &out.AllocationStrategy + *out = new(AllocationStrategy) + **out = **in + } + if in.DynamicHostAllocation != nil { + in, out := &in.DynamicHostAllocation, &out.DynamicHostAllocation + *out = new(DynamicHostAllocationSpec) + (*in).DeepCopyInto(*out) + } return } @@ -525,6 +540,22 @@ func (in *DedicatedHost) DeepCopy() *DedicatedHost { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *DedicatedHostStatus) DeepCopyInto(out *DedicatedHostStatus) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DedicatedHostStatus. +func (in *DedicatedHostStatus) DeepCopy() *DedicatedHostStatus { + if in == nil { + return nil + } + out := new(DedicatedHostStatus) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *DiskEncryptionSetParameters) DeepCopyInto(out *DiskEncryptionSetParameters) { *out = *in @@ -557,6 +588,31 @@ func (in *DiskSettings) DeepCopy() *DiskSettings { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *DynamicHostAllocationSpec) DeepCopyInto(out *DynamicHostAllocationSpec) { + *out = *in + if in.Tags != nil { + in, out := &in.Tags, &out.Tags + *out = new([]TagSpecification) + if **in != nil { + in, out := *in, *out + *out = make([]TagSpecification, len(*in)) + copy(*out, *in) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DynamicHostAllocationSpec. +func (in *DynamicHostAllocationSpec) DeepCopy() *DynamicHostAllocationSpec { + if in == nil { + return nil + } + out := new(DynamicHostAllocationSpec) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *EBSBlockDeviceSpec) DeepCopyInto(out *EBSBlockDeviceSpec) { *out = *in @@ -935,7 +991,7 @@ func (in *HostPlacement) DeepCopyInto(out *HostPlacement) { if in.DedicatedHost != nil { in, out := &in.DedicatedHost, &out.DedicatedHost *out = new(DedicatedHost) - **out = **in + (*in).DeepCopyInto(*out) } return } diff --git a/vendor/github.com/openshift/api/machine/v1beta1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/machine/v1beta1/zz_generated.swagger_doc_generated.go index 093a40076946..2c4a9030cc9c 100644 --- a/vendor/github.com/openshift/api/machine/v1beta1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/machine/v1beta1/zz_generated.swagger_doc_generated.go @@ -54,6 +54,7 @@ var map_AWSMachineProviderStatus = map[string]string{ "instanceId": "instanceId is the instance ID of the machine created in AWS", "instanceState": "instanceState is the state of the AWS instance for this machine", "conditions": "conditions is a set of conditions associated with the Machine to indicate errors or other status", + "dedicatedHost": "dedicatedHost tracks the dynamically allocated dedicated host. This field is populated when allocationStrategy is Dynamic (with or without DynamicHostAllocation). When omitted, this indicates that the dedicated host has not yet been allocated, or allocation is in progress.", } func (AWSMachineProviderStatus) SwaggerDoc() map[string]string { @@ -93,14 +94,34 @@ func (CPUOptions) SwaggerDoc() map[string]string { } var map_DedicatedHost = map[string]string{ - "": "DedicatedHost represents the configuration for the usage of dedicated host.", - "id": "id identifies the AWS Dedicated Host on which the instance must run. The value must start with \"h-\" followed by either 8 or 17 lowercase hexadecimal characters (0-9 and a-f). The use of 8 lowercase hexadecimal characters is for older legacy hosts that may not have been migrated to newer format. Must be either 10 or 19 characters in length.", + "": "DedicatedHost represents the configuration for the usage of dedicated host.", + "allocationStrategy": "allocationStrategy specifies if the dedicated host will be provided by the admin through the id field or if the host will be dynamically allocated. Valid values are UserProvided and Dynamic. When omitted, the value defaults to \"UserProvided\", which requires the id field to be set. When allocationStrategy is set to UserProvided, an ID of the dedicated host to assign must be provided. When allocationStrategy is set to Dynamic, a dedicated host will be allocated and used to assign instances. When allocationStrategy is set to Dynamic, and dynamicHostAllocation is configured, a dedicated host will be allocated and the tags in dynamicHostAllocation will be assigned to that host.", + "id": "id identifies the AWS Dedicated Host on which the instance must run. The value must start with \"h-\" followed by either 8 or 17 lowercase hexadecimal characters (0-9 and a-f). The use of 8 lowercase hexadecimal characters is for older legacy hosts that may not have been migrated to newer format. Must be either 10 or 19 characters in length. This field is required when allocationStrategy is UserProvided, and forbidden otherwise. When omitted with allocationStrategy set to Dynamic, the platform will dynamically allocate a dedicated host.", + "dynamicHostAllocation": "dynamicHostAllocation specifies tags to apply to a dynamically allocated dedicated host. This field is only allowed when allocationStrategy is Dynamic, and is mutually exclusive with id. When specified, a dedicated host will be allocated with the provided tags applied. When omitted (and allocationStrategy is Dynamic), a dedicated host will be allocated without any additional tags.", } func (DedicatedHost) SwaggerDoc() map[string]string { return map_DedicatedHost } +var map_DedicatedHostStatus = map[string]string{ + "": "DedicatedHostStatus defines the observed state of a dynamically allocated dedicated host associated with an AWSMachine. This struct is used to track the ID of the dedicated host.", + "id": "id tracks the dynamically allocated dedicated host ID. This field is populated when allocationStrategy is Dynamic (with or without DynamicHostAllocation). The value must start with \"h-\" followed by either 8 or 17 lowercase hexadecimal characters (0-9 and a-f). The use of 8 lowercase hexadecimal characters is for older legacy hosts that may not have been migrated to newer format. Must be either 10 or 19 characters in length.", +} + +func (DedicatedHostStatus) SwaggerDoc() map[string]string { + return map_DedicatedHostStatus +} + +var map_DynamicHostAllocationSpec = map[string]string{ + "": "DynamicHostAllocationSpec defines the configuration for dynamic dedicated host allocation. This specification always allocates exactly one dedicated host per machine. At least one property must be specified when this struct is used. Currently only Tags are available for configuring, but in the future more configs may become available.", + "tags": "tags specifies a set of key-value pairs to apply to the allocated dedicated host. When omitted, no additional user-defined tags will be applied to the allocated host. A maximum of 50 tags can be specified.", +} + +func (DynamicHostAllocationSpec) SwaggerDoc() map[string]string { + return map_DynamicHostAllocationSpec +} + var map_EBSBlockDeviceSpec = map[string]string{ "": "EBSBlockDeviceSpec describes a block device for an EBS volume. https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/EbsBlockDevice", "deleteOnTermination": "Indicates whether the EBS volume is deleted on machine termination.\n\nDeprecated: setting this field has no effect.", @@ -176,8 +197,8 @@ func (SpotMarketOptions) SwaggerDoc() map[string]string { var map_TagSpecification = map[string]string{ "": "TagSpecification is the name/value pair for a tag", - "name": "name of the tag", - "value": "value of the tag", + "name": "name of the tag. This field is required and must be a non-empty string. Must be between 1 and 128 characters in length.", + "value": "value of the tag. When omitted, this creates a tag with an empty string as the value.", } func (TagSpecification) SwaggerDoc() map[string]string { @@ -626,6 +647,7 @@ var map_MachineStatus = map[string]string{ "phase": "phase represents the current phase of machine actuation. One of: Failed, Provisioning, Provisioned, Running, Deleting", "conditions": "conditions defines the current state of the Machine", "authoritativeAPI": "authoritativeAPI is the API that is authoritative for this resource. Valid values are MachineAPI, ClusterAPI and Migrating. This value is updated by the migration controller to reflect the authoritative API. Machine API and Cluster API controllers use this value to determine whether or not to reconcile the resource. When set to Migrating, the migration controller is currently performing the handover of authority from one API to the other.", + "synchronizedAPI": "synchronizedAPI holds the last stable value of authoritativeAPI. It is used to detect migration cancellation requests and to restore the resource to its previous state. Valid values are \"MachineAPI\" and \"ClusterAPI\". When omitted, the resource has not yet been reconciled by the migration controller.", "synchronizedGeneration": "synchronizedGeneration is the generation of the authoritative resource that the non-authoritative resource is synchronised with. This field is set when the authoritative resource is updated and the sync controller has updated the non-authoritative resource to match.", } @@ -729,6 +751,7 @@ var map_MachineSetStatus = map[string]string{ "errorReason": "In the event that there is a terminal problem reconciling the replicas, both ErrorReason and ErrorMessage will be set. ErrorReason will be populated with a succinct value suitable for machine interpretation, while ErrorMessage will contain a more verbose string suitable for logging and human consumption.\n\nThese fields should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is fundamentally wrong with the MachineTemplate's spec or the configuration of the machine controller, and that manual intervention is required. Examples of terminal errors would be invalid combinations of settings in the spec, values that are unsupported by the machine controller, or the responsible machine controller itself being critically misconfigured.\n\nAny transient errors that occur during the reconciliation of Machines can be added as events to the MachineSet object and/or logged in the controller's output.", "conditions": "conditions defines the current state of the MachineSet", "authoritativeAPI": "authoritativeAPI is the API that is authoritative for this resource. Valid values are MachineAPI, ClusterAPI and Migrating. This value is updated by the migration controller to reflect the authoritative API. Machine API and Cluster API controllers use this value to determine whether or not to reconcile the resource. When set to Migrating, the migration controller is currently performing the handover of authority from one API to the other.", + "synchronizedAPI": "synchronizedAPI holds the last stable value of authoritativeAPI. It is used to detect migration cancellation requests and to restore the resource to its previous state. Valid values are \"MachineAPI\" and \"ClusterAPI\". When omitted, the resource has not yet been reconciled by the migration controller.", "synchronizedGeneration": "synchronizedGeneration is the generation of the authoritative resource that the non-authoritative resource is synchronised with. This field is set when the authoritative resource is updated and the sync controller has updated the non-authoritative resource to match.", } diff --git a/vendor/github.com/openshift/api/machineconfiguration/v1/types.go b/vendor/github.com/openshift/api/machineconfiguration/v1/types.go index 6673adeb1b28..ed2a2536891e 100644 --- a/vendor/github.com/openshift/api/machineconfiguration/v1/types.go +++ b/vendor/github.com/openshift/api/machineconfiguration/v1/types.go @@ -770,6 +770,7 @@ type KubeletConfigStatus struct { // conditions represents the latest available observations of current state. // +optional + // +listType=atomic Conditions []KubeletConfigCondition `json:"conditions"` } diff --git a/vendor/github.com/openshift/api/machineconfiguration/v1alpha1/types_osimagestream.go b/vendor/github.com/openshift/api/machineconfiguration/v1alpha1/types_osimagestream.go index cb6163ddb739..20cc963896ca 100644 --- a/vendor/github.com/openshift/api/machineconfiguration/v1alpha1/types_osimagestream.go +++ b/vendor/github.com/openshift/api/machineconfiguration/v1alpha1/types_osimagestream.go @@ -74,6 +74,24 @@ type OSImageStreamStatus struct { // OSImageStreamSpec defines the desired state of a OSImageStream. type OSImageStreamSpec struct { + // defaultStream is the desired name of the stream that should be used as the + // default when no specific stream is requested by a MachineConfigPool. + // + // This field is set by the installer during installation. Users may need to + // update it if the currently selected stream is no longer available, for + // example when the stream has reached its End of Life. + // The MachineConfigOperator uses this value to determine which stream from + // status.availableStreams to apply as the default for MachineConfigPools + // that do not specify a stream override. + // + // It must be a valid RFC 1123 subdomain between 1 and 253 characters in length, + // consisting of lowercase alphanumeric characters, hyphens ('-'), and periods ('.'). + // + // +optional + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=253 + // +kubebuilder:validation:XValidation:rule="!format.dns1123Subdomain().validate(self).hasValue()",message="a RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character." + DefaultStream string `json:"defaultStream,omitempty"` } type OSImageStreamSet struct { diff --git a/vendor/github.com/openshift/api/machineconfiguration/v1alpha1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/machineconfiguration/v1alpha1/zz_generated.swagger_doc_generated.go index 144d295afeb2..574d524ec922 100644 --- a/vendor/github.com/openshift/api/machineconfiguration/v1alpha1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/machineconfiguration/v1alpha1/zz_generated.swagger_doc_generated.go @@ -185,7 +185,8 @@ func (OSImageStreamSet) SwaggerDoc() map[string]string { } var map_OSImageStreamSpec = map[string]string{ - "": "OSImageStreamSpec defines the desired state of a OSImageStream.", + "": "OSImageStreamSpec defines the desired state of a OSImageStream.", + "defaultStream": "defaultStream is the desired name of the stream that should be used as the default when no specific stream is requested by a MachineConfigPool.\n\nThis field is set by the installer during installation. Users may need to update it if the currently selected stream is no longer available, for example when the stream has reached its End of Life. The MachineConfigOperator uses this value to determine which stream from status.availableStreams to apply as the default for MachineConfigPools that do not specify a stream override.\n\nIt must be a valid RFC 1123 subdomain between 1 and 253 characters in length, consisting of lowercase alphanumeric characters, hyphens ('-'), and periods ('.').", } func (OSImageStreamSpec) SwaggerDoc() map[string]string { diff --git a/vendor/github.com/openshift/api/operator/v1/types_machineconfiguration.go b/vendor/github.com/openshift/api/operator/v1/types_machineconfiguration.go index c6bcd22bc0fc..f5836af0f8cc 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_machineconfiguration.go +++ b/vendor/github.com/openshift/api/operator/v1/types_machineconfiguration.go @@ -18,7 +18,8 @@ import ( // Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). // +openshift:compatibility-gen:level=1 // +openshift:validation:FeatureGateAwareXValidation:featureGate=BootImageSkewEnforcement,rule="self.?status.bootImageSkewEnforcementStatus.mode.orValue(\"\") == 'Automatic' ? self.?spec.managedBootImages.hasValue() || self.?status.managedBootImagesStatus.hasValue() : true",message="when skew enforcement is in Automatic mode, a boot image configuration is required" -// +openshift:validation:FeatureGateAwareXValidation:featureGate=BootImageSkewEnforcement,rule="self.?status.bootImageSkewEnforcementStatus.mode.orValue(\"\") == 'Automatic' ? !(self.?spec.managedBootImages.machineManagers.hasValue()) || self.spec.managedBootImages.machineManagers.exists(m, m.selection.mode == 'All' && m.resource == 'machinesets' && m.apiGroup == 'machine.openshift.io') : true",message="when skew enforcement is in Automatic mode, managedBootImages must contain a MachineManager opting in all MachineAPI MachineSets" +// +openshift:validation:FeatureGateAwareXValidation:featureGate=BootImageSkewEnforcement,rule="self.?status.bootImageSkewEnforcementStatus.mode.orValue(\"\") == 'Automatic' ? !(self.?spec.managedBootImages.machineManagers.hasValue()) || size(self.spec.managedBootImages.machineManagers) > 0 : true",message="when skew enforcement is in Automatic mode, managedBootImages.machineManagers must not be an empty list" +// +openshift:validation:FeatureGateAwareXValidation:featureGate=BootImageSkewEnforcement,rule="self.?status.bootImageSkewEnforcementStatus.mode.orValue(\"\") == 'Automatic' ? !(self.?spec.managedBootImages.machineManagers.hasValue()) || !self.spec.managedBootImages.machineManagers.exists(m, m.resource == 'machinesets' && m.apiGroup == 'machine.openshift.io') || self.spec.managedBootImages.machineManagers.exists(m, m.resource == 'machinesets' && m.apiGroup == 'machine.openshift.io' && m.selection.mode == 'All') : true",message="when skew enforcement is in Automatic mode, any MachineAPI MachineSet MachineManager must use selection mode 'All'" // +openshift:validation:FeatureGateAwareXValidation:featureGate=BootImageSkewEnforcement,rule="self.?status.bootImageSkewEnforcementStatus.mode.orValue(\"\") == 'Automatic' ? !(self.?status.managedBootImagesStatus.machineManagers.hasValue()) || self.status.managedBootImagesStatus.machineManagers.exists(m, m.selection.mode == 'All' && m.resource == 'machinesets' && m.apiGroup == 'machine.openshift.io'): true",message="when skew enforcement is in Automatic mode, managedBootImagesStatus must contain a MachineManager opting in all MachineAPI MachineSets" type MachineConfiguration struct { metav1.TypeMeta `json:",inline"` diff --git a/vendor/github.com/openshift/api/operator/v1/types_network.go b/vendor/github.com/openshift/api/operator/v1/types_network.go index 111240eecff0..1cf56f549bfc 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_network.go +++ b/vendor/github.com/openshift/api/operator/v1/types_network.go @@ -54,7 +54,7 @@ type NetworkList struct { // NetworkSpec is the top-level network configuration object. // +kubebuilder:validation:XValidation:rule="!has(self.defaultNetwork) || !has(self.defaultNetwork.ovnKubernetesConfig) || !has(self.defaultNetwork.ovnKubernetesConfig.gatewayConfig) || !has(self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding) || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding == oldSelf.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding == 'Restricted' || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding == 'Global'",message="invalid value for IPForwarding, valid values are 'Restricted' or 'Global'" -// +openshift:validation:FeatureGateAwareXValidation:featureGate=RouteAdvertisements,rule="(has(self.additionalRoutingCapabilities) && ('FRR' in self.additionalRoutingCapabilities.providers)) || !has(self.defaultNetwork) || !has(self.defaultNetwork.ovnKubernetesConfig) || !has(self.defaultNetwork.ovnKubernetesConfig.routeAdvertisements) || self.defaultNetwork.ovnKubernetesConfig.routeAdvertisements != 'Enabled'",message="Route advertisements cannot be Enabled if 'FRR' routing capability provider is not available" +// +kubebuilder:validation:XValidation:rule="(has(self.additionalRoutingCapabilities) && ('FRR' in self.additionalRoutingCapabilities.providers)) || !has(self.defaultNetwork) || !has(self.defaultNetwork.ovnKubernetesConfig) || !has(self.defaultNetwork.ovnKubernetesConfig.routeAdvertisements) || self.defaultNetwork.ovnKubernetesConfig.routeAdvertisements != 'Enabled'",message="Route advertisements cannot be Enabled if 'FRR' routing capability provider is not available" type NetworkSpec struct { OperatorSpec `json:",inline"` @@ -136,7 +136,6 @@ type NetworkSpec struct { // capabilities acquired through the enablement of these components but may // require specific configuration on their side to do so; refer to their // respective documentation and configuration options. - // +openshift:enable:FeatureGate=AdditionalRoutingCapabilities // +optional AdditionalRoutingCapabilities *AdditionalRoutingCapabilities `json:"additionalRoutingCapabilities,omitempty"` } @@ -157,7 +156,7 @@ const ( ) // NetworkMigration represents the cluster network migration configuration. -// +openshift:validation:FeatureGateAwareXValidation:featureGate=NetworkLiveMigration,rule="!has(self.mtu) || !has(self.networkType) || self.networkType == \"\" || has(self.mode) && self.mode == 'Live'",message="networkType migration in mode other than 'Live' may not be configured at the same time as mtu migration" +// +kubebuilder:validation:XValidation:rule="!has(self.mtu) || !has(self.networkType) || self.networkType == \"\" || has(self.mode) && self.mode == 'Live'",message="networkType migration in mode other than 'Live' may not be configured at the same time as mtu migration" type NetworkMigration struct { // mtu contains the MTU migration configuration. Set this to allow changing // the MTU values for the default network. If unset, the operation of @@ -465,7 +464,6 @@ type OVNKubernetesConfig struct { // means the user has no opinion and the platform is left to choose // reasonable defaults. These defaults are subject to change over time. The // current default is "Disabled". - // +openshift:enable:FeatureGate=RouteAdvertisements // +optional RouteAdvertisements RouteAdvertisementsEnablement `json:"routeAdvertisements,omitempty"` } diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.featuregated-crd-manifests.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.featuregated-crd-manifests.yaml index e7c94e286946..51a758804d60 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.featuregated-crd-manifests.yaml +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.featuregated-crd-manifests.yaml @@ -327,10 +327,7 @@ networks.operator.openshift.io: CRDName: networks.operator.openshift.io Capability: "" Category: "" - FeatureGates: - - AdditionalRoutingCapabilities - - NetworkLiveMigration - - RouteAdvertisements + FeatureGates: [] FilenameOperatorName: network FilenameOperatorOrdering: "01" FilenameRunLevel: "0000_70" diff --git a/vendor/github.com/openshift/api/operator/v1alpha1/register.go b/vendor/github.com/openshift/api/operator/v1alpha1/register.go index 3e9b09ccede5..ec19cba3a94d 100644 --- a/vendor/github.com/openshift/api/operator/v1alpha1/register.go +++ b/vendor/github.com/openshift/api/operator/v1alpha1/register.go @@ -41,6 +41,8 @@ func addKnownTypes(scheme *runtime.Scheme) error { &EtcdBackupList{}, &ClusterVersionOperator{}, &ClusterVersionOperatorList{}, + &ClusterAPI{}, + &ClusterAPIList{}, ) return nil diff --git a/vendor/github.com/openshift/api/operator/v1alpha1/types_clusterapi.go b/vendor/github.com/openshift/api/operator/v1alpha1/types_clusterapi.go new file mode 100644 index 000000000000..c38fbaf97eef --- /dev/null +++ b/vendor/github.com/openshift/api/operator/v1alpha1/types_clusterapi.go @@ -0,0 +1,229 @@ +package v1alpha1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// +genclient +// +genclient:nonNamespaced +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=clusterapis,scope=Cluster +// +kubebuilder:subresource:status +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/2564 +// +openshift:file-pattern=cvoRunLevel=0000_30,operatorName=cluster-api,operatorOrdering=01 +// +openshift:enable:FeatureGate=ClusterAPIMachineManagement +// +kubebuilder:metadata:annotations="release.openshift.io/feature-gate=ClusterAPIMachineManagement" + +// ClusterAPI provides configuration for the capi-operator. +// +// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +// +openshift:compatibility-gen:level=4 +// +kubebuilder:validation:XValidation:rule="self.metadata.name == 'cluster'",message="clusterapi is a singleton, .metadata.name must be 'cluster'" +type ClusterAPI struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +required + metav1.ObjectMeta `json:"metadata,omitempty"` + + // spec is the specification of the desired behavior of the capi-operator. + // +required + Spec *ClusterAPISpec `json:"spec,omitempty"` + + // status defines the observed status of the capi-operator. + // +optional + Status ClusterAPIStatus `json:"status,omitzero"` +} + +// ClusterAPISpec defines the desired configuration of the capi-operator. +// The spec is required but we deliberately allow it to be empty. +// +kubebuilder:validation:MinProperties=0 +// +kubebuilder:validation:XValidation:rule="!has(oldSelf.unmanagedCustomResourceDefinitions) || has(self.unmanagedCustomResourceDefinitions)",message="unmanagedCustomResourceDefinitions cannot be unset once set" +type ClusterAPISpec struct { + // unmanagedCustomResourceDefinitions is a list of ClusterResourceDefinition (CRD) + // names that should not be managed by the capi-operator installer + // controller. This allows external actors to own specific CRDs while + // capi-operator manages others. + // + // Each CRD name must be a valid DNS-1123 subdomain consisting of lowercase + // alphanumeric characters, '-' or '.', and must start and end with an + // alphanumeric character, with a maximum length of 253 characters. + // CRD names must contain at least two '.' characters. + // Example: "clusters.cluster.x-k8s.io" + // + // Items cannot be removed from this list once added. + // + // The maximum number of unmanagedCustomResourceDefinitions is 128. + // + // +optional + // +listType=set + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=128 + // +kubebuilder:validation:XValidation:rule="oldSelf.all(item, item in self)",message="items cannot be removed from unmanagedCustomResourceDefinitions list" + // +kubebuilder:validation:items:XValidation:rule="!format.dns1123Subdomain().validate(self).hasValue()",message="a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character." + // +kubebuilder:validation:items:XValidation:rule="self.split('.').size() > 2",message="CRD names must contain at least two '.' characters." + // +kubebuilder:validation:items:MinLength=1 + // +kubebuilder:validation:items:MaxLength=253 + UnmanagedCustomResourceDefinitions []string `json:"unmanagedCustomResourceDefinitions,omitempty"` +} + +// RevisionName represents the name of a revision. The name must be between 1 +// and 255 characters long. +// +kubebuilder:validation:MinLength=1 +// +kubebuilder:validation:MaxLength=255 +type RevisionName string + +// ClusterAPIStatus describes the current state of the capi-operator. +// +kubebuilder:validation:XValidation:rule="self.revisions.exists(r, r.name == self.desiredRevision && self.revisions.all(s, s.revision <= r.revision))",message="desiredRevision must be the name of the revision with the highest revision number" +// +kubebuilder:validation:XValidation:rule="!has(self.currentRevision) || self.revisions.exists(r, r.name == self.currentRevision)",message="currentRevision must correspond to an entry in the revisions list" +type ClusterAPIStatus struct { + // currentRevision is the name of the most recently fully applied revision. + // It is written by the installer controller. If it is absent, it indicates + // that no revision has been fully applied yet. + // If set, currentRevision must correspond to an entry in the revisions list. + // +optional + CurrentRevision RevisionName `json:"currentRevision,omitempty"` + + // desiredRevision is the name of the desired revision. It is written by the + // revision controller. It must be set to the name of the entry in the + // revisions list with the highest revision number. + // +required + DesiredRevision RevisionName `json:"desiredRevision,omitempty"` + + // revisions is a list of all currently active revisions. A revision is + // active until the installer controller updates currentRevision to a later + // revision. It is written by the revision controller. + // + // The maximum number of revisions is 16. + // All revisions must have a unique name. + // All revisions must have a unique revision number. + // When adding a revision, the revision number must be greater than the highest revision number in the list. + // Revisions are immutable, although they can be deleted. + // + // +required + // +listType=atomic + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=16 + // +kubebuilder:validation:XValidation:rule="self.all(x, self.exists_one(y, x.name == y.name))",message="each revision must have a unique name" + // +kubebuilder:validation:XValidation:rule="self.all(x, self.exists_one(y, x.revision == y.revision))",message="each revision must have a unique revision number" + // +kubebuilder:validation:XValidation:rule="self.all(new, oldSelf.exists(old, old.name == new.name) || oldSelf.all(old, new.revision > old.revision))",message="new revisions must have a revision number greater than all existing revisions" + // +kubebuilder:validation:XValidation:rule="oldSelf.all(old, !self.exists(new, new.name == old.name) || self.exists(new, new == old))",message="existing revisions are immutable, but may be removed" + Revisions []ClusterAPIInstallerRevision `json:"revisions,omitempty"` +} + +// +structType=atomic +type ClusterAPIInstallerRevision struct { + // name is the name of a revision. + // +required + Name RevisionName `json:"name,omitempty"` + + // revision is a monotonically increasing number that is assigned to a revision. + // +required + // +kubebuilder:validation:Minimum=1 + Revision int64 `json:"revision,omitempty"` + + // contentID uniquely identifies the content of this revision. + // The contentID must be between 1 and 255 characters long. + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=255 + ContentID string `json:"contentID,omitempty"` + + // unmanagedCustomResourceDefinitions is a list of the names of + // ClusterResourceDefinition (CRD) objects which are included in this + // revision, but which should not be installed or updated. If not set, all + // CRDs in the revision will be managed by the CAPI operator. + // +listType=atomic + // +kubebuilder:validation:items:XValidation:rule="!format.dns1123Subdomain().validate(self).hasValue()",message="a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character." + // +kubebuilder:validation:items:MinLength=1 + // +kubebuilder:validation:items:MaxLength=253 + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=128 + // +optional + UnmanagedCustomResourceDefinitions []string `json:"unmanagedCustomResourceDefinitions,omitempty"` + + // components is list of components which will be installed by this + // revision. Components will be installed in the order they are listed. + // + // The maximum number of components is 32. + // + // +required + // +listType=atomic + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=32 + Components []ClusterAPIInstallerComponent `json:"components,omitempty"` +} + +// InstallerComponentType is the type of component to install. +// +kubebuilder:validation:Enum=Image +// +enum +type InstallerComponentType string + +const ( + // InstallerComponentTypeImage is an image source for a component. + InstallerComponentTypeImage InstallerComponentType = "Image" +) + +// ClusterAPIInstallerComponent defines a component which will be installed by this revision. +// +union +// +kubebuilder:validation:XValidation:rule="self.type == 'Image' ? has(self.image) : !has(self.image)",message="image is required when type is Image, and forbidden otherwise" +type ClusterAPIInstallerComponent struct { + // type is the source type of the component. + // The only valid value is Image. + // When set to Image, the image field must be set and will define an image source for the component. + // +required + // +unionDiscriminator + Type InstallerComponentType `json:"type,omitempty"` + + // image defines an image source for a component. The image must contain a + // /capi-operator-installer directory containing the component manifests. + // +optional + Image ClusterAPIInstallerComponentImage `json:"image,omitzero"` +} + +// ImageDigestFormat is a type that conforms to the format host[:port][/namespace]/name@sha256:. +// The digest must be 64 characters long, and consist only of lowercase hexadecimal characters, a-f and 0-9. +// The length of the field must be between 1 to 447 characters. +// +kubebuilder:validation:MinLength=1 +// +kubebuilder:validation:MaxLength=447 +// +kubebuilder:validation:XValidation:rule=`(self.split('@').size() == 2 && self.split('@')[1].matches('^sha256:[a-f0-9]{64}$'))`,message="the OCI Image reference must end with a valid '@sha256:' suffix, where '' is 64 characters long" +// +kubebuilder:validation:XValidation:rule=`(self.split('@')[0].matches('^([a-zA-Z0-9-]+\\.)+[a-zA-Z0-9-]+(:[0-9]{2,5})?/([a-zA-Z0-9-_]{0,61}/)?[a-zA-Z0-9-_.]*?$'))`,message="the OCI Image name should follow the host[:port][/namespace]/name format, resembling a valid URL without the scheme" +type ImageDigestFormat string + +// ClusterAPIInstallerComponentImage defines an image source for a component. +type ClusterAPIInstallerComponentImage struct { + // ref is an image reference to the image containing the component manifests. The reference + // must be a valid image digest reference in the format host[:port][/namespace]/name@sha256:. + // The digest must be 64 characters long, and consist only of lowercase hexadecimal characters, a-f and 0-9. + // The length of the field must be between 1 to 447 characters. + // +required + Ref ImageDigestFormat `json:"ref,omitempty"` + + // profile is the name of a profile to use from the image. + // + // A profile name may be up to 255 characters long. It must consist of alphanumeric characters, '-', or '_'. + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=255 + // +kubebuilder:validation:XValidation:rule="self.matches('^[a-zA-Z0-9-_]+$')",message="profile must consist of alphanumeric characters, '-', or '_'" + Profile string `json:"profile,omitempty"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// ClusterAPIList contains a list of ClusterAPI configurations +// +// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +// +openshift:compatibility-gen:level=4 +type ClusterAPIList struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard list's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ListMeta `json:"metadata"` + + // items contains the items + Items []ClusterAPI `json:"items"` +} diff --git a/vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.deepcopy.go index de4c07128155..1f3fd281e158 100644 --- a/vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.deepcopy.go @@ -26,6 +26,174 @@ func (in *BackupJobReference) DeepCopy() *BackupJobReference { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterAPI) DeepCopyInto(out *ClusterAPI) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + if in.Spec != nil { + in, out := &in.Spec, &out.Spec + *out = new(ClusterAPISpec) + (*in).DeepCopyInto(*out) + } + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterAPI. +func (in *ClusterAPI) DeepCopy() *ClusterAPI { + if in == nil { + return nil + } + out := new(ClusterAPI) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ClusterAPI) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterAPIInstallerComponent) DeepCopyInto(out *ClusterAPIInstallerComponent) { + *out = *in + out.Image = in.Image + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterAPIInstallerComponent. +func (in *ClusterAPIInstallerComponent) DeepCopy() *ClusterAPIInstallerComponent { + if in == nil { + return nil + } + out := new(ClusterAPIInstallerComponent) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterAPIInstallerComponentImage) DeepCopyInto(out *ClusterAPIInstallerComponentImage) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterAPIInstallerComponentImage. +func (in *ClusterAPIInstallerComponentImage) DeepCopy() *ClusterAPIInstallerComponentImage { + if in == nil { + return nil + } + out := new(ClusterAPIInstallerComponentImage) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterAPIInstallerRevision) DeepCopyInto(out *ClusterAPIInstallerRevision) { + *out = *in + if in.UnmanagedCustomResourceDefinitions != nil { + in, out := &in.UnmanagedCustomResourceDefinitions, &out.UnmanagedCustomResourceDefinitions + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.Components != nil { + in, out := &in.Components, &out.Components + *out = make([]ClusterAPIInstallerComponent, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterAPIInstallerRevision. +func (in *ClusterAPIInstallerRevision) DeepCopy() *ClusterAPIInstallerRevision { + if in == nil { + return nil + } + out := new(ClusterAPIInstallerRevision) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterAPIList) DeepCopyInto(out *ClusterAPIList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]ClusterAPI, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterAPIList. +func (in *ClusterAPIList) DeepCopy() *ClusterAPIList { + if in == nil { + return nil + } + out := new(ClusterAPIList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ClusterAPIList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterAPISpec) DeepCopyInto(out *ClusterAPISpec) { + *out = *in + if in.UnmanagedCustomResourceDefinitions != nil { + in, out := &in.UnmanagedCustomResourceDefinitions, &out.UnmanagedCustomResourceDefinitions + *out = make([]string, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterAPISpec. +func (in *ClusterAPISpec) DeepCopy() *ClusterAPISpec { + if in == nil { + return nil + } + out := new(ClusterAPISpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterAPIStatus) DeepCopyInto(out *ClusterAPIStatus) { + *out = *in + if in.Revisions != nil { + in, out := &in.Revisions, &out.Revisions + *out = make([]ClusterAPIInstallerRevision, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterAPIStatus. +func (in *ClusterAPIStatus) DeepCopy() *ClusterAPIStatus { + if in == nil { + return nil + } + out := new(ClusterAPIStatus) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ClusterVersionOperator) DeepCopyInto(out *ClusterVersionOperator) { *out = *in diff --git a/vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.featuregated-crd-manifests.yaml b/vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.featuregated-crd-manifests.yaml index 0d595be801b0..3ad442d9d848 100644 --- a/vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.featuregated-crd-manifests.yaml +++ b/vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.featuregated-crd-manifests.yaml @@ -1,3 +1,27 @@ +clusterapis.operator.openshift.io: + Annotations: + release.openshift.io/feature-gate: ClusterAPIMachineManagement + ApprovedPRNumber: https://github.com/openshift/api/pull/2564 + CRDName: clusterapis.operator.openshift.io + Capability: "" + Category: "" + FeatureGates: + - ClusterAPIMachineManagement + FilenameOperatorName: cluster-api + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_30" + GroupName: operator.openshift.io + HasStatus: true + KindName: ClusterAPI + Labels: {} + PluralName: clusterapis + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: + - ClusterAPIMachineManagement + Version: v1alpha1 + clusterversionoperators.operator.openshift.io: Annotations: {} ApprovedPRNumber: https://github.com/openshift/api/pull/2044 diff --git a/vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.swagger_doc_generated.go index 9060bf99815d..94d48269d405 100644 --- a/vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.swagger_doc_generated.go @@ -135,6 +135,79 @@ func (VersionAvailability) SwaggerDoc() map[string]string { return map_VersionAvailability } +var map_ClusterAPI = map[string]string{ + "": "ClusterAPI provides configuration for the capi-operator.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "spec": "spec is the specification of the desired behavior of the capi-operator.", + "status": "status defines the observed status of the capi-operator.", +} + +func (ClusterAPI) SwaggerDoc() map[string]string { + return map_ClusterAPI +} + +var map_ClusterAPIInstallerComponent = map[string]string{ + "": "ClusterAPIInstallerComponent defines a component which will be installed by this revision.", + "type": "type is the source type of the component. The only valid value is Image. When set to Image, the image field must be set and will define an image source for the component.", + "image": "image defines an image source for a component. The image must contain a /capi-operator-installer directory containing the component manifests.", +} + +func (ClusterAPIInstallerComponent) SwaggerDoc() map[string]string { + return map_ClusterAPIInstallerComponent +} + +var map_ClusterAPIInstallerComponentImage = map[string]string{ + "": "ClusterAPIInstallerComponentImage defines an image source for a component.", + "ref": "ref is an image reference to the image containing the component manifests. The reference must be a valid image digest reference in the format host[:port][/namespace]/name@sha256:. The digest must be 64 characters long, and consist only of lowercase hexadecimal characters, a-f and 0-9. The length of the field must be between 1 to 447 characters.", + "profile": "profile is the name of a profile to use from the image.\n\nA profile name may be up to 255 characters long. It must consist of alphanumeric characters, '-', or '_'.", +} + +func (ClusterAPIInstallerComponentImage) SwaggerDoc() map[string]string { + return map_ClusterAPIInstallerComponentImage +} + +var map_ClusterAPIInstallerRevision = map[string]string{ + "name": "name is the name of a revision.", + "revision": "revision is a monotonically increasing number that is assigned to a revision.", + "contentID": "contentID uniquely identifies the content of this revision. The contentID must be between 1 and 255 characters long.", + "unmanagedCustomResourceDefinitions": "unmanagedCustomResourceDefinitions is a list of the names of ClusterResourceDefinition (CRD) objects which are included in this revision, but which should not be installed or updated. If not set, all CRDs in the revision will be managed by the CAPI operator.", + "components": "components is list of components which will be installed by this revision. Components will be installed in the order they are listed.\n\nThe maximum number of components is 32.", +} + +func (ClusterAPIInstallerRevision) SwaggerDoc() map[string]string { + return map_ClusterAPIInstallerRevision +} + +var map_ClusterAPIList = map[string]string{ + "": "ClusterAPIList contains a list of ClusterAPI configurations\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "metadata": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "items": "items contains the items", +} + +func (ClusterAPIList) SwaggerDoc() map[string]string { + return map_ClusterAPIList +} + +var map_ClusterAPISpec = map[string]string{ + "": "ClusterAPISpec defines the desired configuration of the capi-operator. The spec is required but we deliberately allow it to be empty.", + "unmanagedCustomResourceDefinitions": "unmanagedCustomResourceDefinitions is a list of ClusterResourceDefinition (CRD) names that should not be managed by the capi-operator installer controller. This allows external actors to own specific CRDs while capi-operator manages others.\n\nEach CRD name must be a valid DNS-1123 subdomain consisting of lowercase alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character, with a maximum length of 253 characters. CRD names must contain at least two '.' characters. Example: \"clusters.cluster.x-k8s.io\"\n\nItems cannot be removed from this list once added.\n\nThe maximum number of unmanagedCustomResourceDefinitions is 128.", +} + +func (ClusterAPISpec) SwaggerDoc() map[string]string { + return map_ClusterAPISpec +} + +var map_ClusterAPIStatus = map[string]string{ + "": "ClusterAPIStatus describes the current state of the capi-operator.", + "currentRevision": "currentRevision is the name of the most recently fully applied revision. It is written by the installer controller. If it is absent, it indicates that no revision has been fully applied yet. If set, currentRevision must correspond to an entry in the revisions list.", + "desiredRevision": "desiredRevision is the name of the desired revision. It is written by the revision controller. It must be set to the name of the entry in the revisions list with the highest revision number.", + "revisions": "revisions is a list of all currently active revisions. A revision is active until the installer controller updates currentRevision to a later revision. It is written by the revision controller.\n\nThe maximum number of revisions is 16. All revisions must have a unique name. All revisions must have a unique revision number. When adding a revision, the revision number must be greater than the highest revision number in the list. Revisions are immutable, although they can be deleted.", +} + +func (ClusterAPIStatus) SwaggerDoc() map[string]string { + return map_ClusterAPIStatus +} + var map_ClusterVersionOperator = map[string]string{ "": "ClusterVersionOperator holds cluster-wide information about the Cluster Version Operator.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", diff --git a/vendor/github.com/openshift/api/operatoringress/v1/types.go b/vendor/github.com/openshift/api/operatoringress/v1/types.go index f256507cce47..bb0b17404900 100644 --- a/vendor/github.com/openshift/api/operatoringress/v1/types.go +++ b/vendor/github.com/openshift/api/operatoringress/v1/types.go @@ -49,9 +49,10 @@ type DNSRecordSpec struct { // targets are record targets. // // +kubebuilder:validation:MinItems=1 + // +listType=atomic // +required Targets []string `json:"targets"` - // recordType is the DNS record type. For example, "A" or "CNAME". + // recordType is the DNS record type. For example, "A", "AAAA", or "CNAME". // +required RecordType DNSRecordType `json:"recordType"` // recordTTL is the record TTL in seconds. If zero, the default is 30. @@ -81,6 +82,7 @@ type DNSRecordSpec struct { // DNSRecordStatus is the most recently observed status of each record. type DNSRecordStatus struct { // zones are the status of the record in each zone. + // +listType=atomic // +optional Zones []DNSZoneStatus `json:"zones,omitempty"` @@ -103,6 +105,8 @@ type DNSZoneStatus struct { // If publishing the record succeeds, the "Published" condition will be // set with status "True" and upon failure it will be set to "False" along // with the reason and message describing the cause of the failure. + // + // +listType=atomic Conditions []DNSZoneCondition `json:"conditions,omitempty"` } @@ -129,7 +133,8 @@ type DNSZoneCondition struct { } // DNSRecordType is a DNS resource record type. -// +kubebuilder:validation:Enum=CNAME;A +// +openshift:validation:FeatureGateAwareEnum:featureGate="",enum=CNAME;A +// +openshift:validation:FeatureGateAwareEnum:featureGate=AzureDualStackInstall;GCPDualStackInstall,enum=CNAME;A;AAAA type DNSRecordType string const ( @@ -138,6 +143,9 @@ const ( // ARecordType is an RFC 1035 A record. ARecordType DNSRecordType = "A" + + // AAAARecordType is an RFC 3596 AAAA record that is used to map a domain name to an IPv6 address. + AAAARecordType DNSRecordType = "AAAA" ) // DNSManagementPolicy is a policy for configuring how the dns controller @@ -169,5 +177,6 @@ type DNSRecordList struct { // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata metav1.ListMeta `json:"metadata,omitempty"` + // +listType=atomic Items []DNSRecord `json:"items"` } diff --git a/vendor/github.com/openshift/api/operatoringress/v1/zz_generated.featuregated-crd-manifests.yaml b/vendor/github.com/openshift/api/operatoringress/v1/zz_generated.featuregated-crd-manifests.yaml index 1a2fc330abb3..ca2af253ab81 100644 --- a/vendor/github.com/openshift/api/operatoringress/v1/zz_generated.featuregated-crd-manifests.yaml +++ b/vendor/github.com/openshift/api/operatoringress/v1/zz_generated.featuregated-crd-manifests.yaml @@ -4,7 +4,9 @@ dnsrecords.ingress.operator.openshift.io: CRDName: dnsrecords.ingress.operator.openshift.io Capability: Ingress Category: "" - FeatureGates: [] + FeatureGates: + - AzureDualStackInstall + - GCPDualStackInstall FilenameOperatorName: dns FilenameOperatorOrdering: "01" FilenameRunLevel: "0000_50" diff --git a/vendor/github.com/openshift/api/operatoringress/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/operatoringress/v1/zz_generated.swagger_doc_generated.go index 56ef173aa449..8eecccccd796 100644 --- a/vendor/github.com/openshift/api/operatoringress/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/operatoringress/v1/zz_generated.swagger_doc_generated.go @@ -35,7 +35,7 @@ var map_DNSRecordSpec = map[string]string{ "": "DNSRecordSpec contains the details of a DNS record.", "dnsName": "dnsName is the hostname of the DNS record", "targets": "targets are record targets.", - "recordType": "recordType is the DNS record type. For example, \"A\" or \"CNAME\".", + "recordType": "recordType is the DNS record type. For example, \"A\", \"AAAA\", or \"CNAME\".", "recordTTL": "recordTTL is the record TTL in seconds. If zero, the default is 30. RecordTTL will not be used in AWS regions Alias targets, but will be used in CNAME targets, per AWS API contract.", "dnsManagementPolicy": "dnsManagementPolicy denotes the current policy applied on the DNS record. Records that have policy set as \"Unmanaged\" are ignored by the ingress operator. This means that the DNS record on the cloud provider is not managed by the operator, and the \"Published\" status condition will be updated to \"Unknown\" status, since it is externally managed. Any existing record on the cloud provider can be deleted at the discretion of the cluster admin.\n\nThis field defaults to Managed. Valid values are \"Managed\" and \"Unmanaged\".", } diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/acceptrisk.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/acceptrisk.go new file mode 100644 index 000000000000..dba8a77eda91 --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/acceptrisk.go @@ -0,0 +1,23 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +// AcceptRiskApplyConfiguration represents a declarative configuration of the AcceptRisk type for use +// with apply. +type AcceptRiskApplyConfiguration struct { + Name *string `json:"name,omitempty"` +} + +// AcceptRiskApplyConfiguration constructs a declarative configuration of the AcceptRisk type for use with +// apply. +func AcceptRisk() *AcceptRiskApplyConfiguration { + return &AcceptRiskApplyConfiguration{} +} + +// WithName sets the Name field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Name field is set to the value of the last call. +func (b *AcceptRiskApplyConfiguration) WithName(value string) *AcceptRiskApplyConfiguration { + b.Name = &value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterversionstatus.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterversionstatus.go index e966cf424211..4d44643d42b3 100644 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterversionstatus.go +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterversionstatus.go @@ -5,14 +5,15 @@ package v1 // ClusterVersionStatusApplyConfiguration represents a declarative configuration of the ClusterVersionStatus type for use // with apply. type ClusterVersionStatusApplyConfiguration struct { - Desired *ReleaseApplyConfiguration `json:"desired,omitempty"` - History []UpdateHistoryApplyConfiguration `json:"history,omitempty"` - ObservedGeneration *int64 `json:"observedGeneration,omitempty"` - VersionHash *string `json:"versionHash,omitempty"` - Capabilities *ClusterVersionCapabilitiesStatusApplyConfiguration `json:"capabilities,omitempty"` - Conditions []ClusterOperatorStatusConditionApplyConfiguration `json:"conditions,omitempty"` - AvailableUpdates []ReleaseApplyConfiguration `json:"availableUpdates,omitempty"` - ConditionalUpdates []ConditionalUpdateApplyConfiguration `json:"conditionalUpdates,omitempty"` + Desired *ReleaseApplyConfiguration `json:"desired,omitempty"` + History []UpdateHistoryApplyConfiguration `json:"history,omitempty"` + ObservedGeneration *int64 `json:"observedGeneration,omitempty"` + VersionHash *string `json:"versionHash,omitempty"` + Capabilities *ClusterVersionCapabilitiesStatusApplyConfiguration `json:"capabilities,omitempty"` + Conditions []ClusterOperatorStatusConditionApplyConfiguration `json:"conditions,omitempty"` + AvailableUpdates []ReleaseApplyConfiguration `json:"availableUpdates,omitempty"` + ConditionalUpdates []ConditionalUpdateApplyConfiguration `json:"conditionalUpdates,omitempty"` + ConditionalUpdateRisks []ConditionalUpdateRiskApplyConfiguration `json:"conditionalUpdateRisks,omitempty"` } // ClusterVersionStatusApplyConfiguration constructs a declarative configuration of the ClusterVersionStatus type for use with @@ -104,3 +105,16 @@ func (b *ClusterVersionStatusApplyConfiguration) WithConditionalUpdates(values . } return b } + +// WithConditionalUpdateRisks adds the given value to the ConditionalUpdateRisks field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the ConditionalUpdateRisks field. +func (b *ClusterVersionStatusApplyConfiguration) WithConditionalUpdateRisks(values ...*ConditionalUpdateRiskApplyConfiguration) *ClusterVersionStatusApplyConfiguration { + for i := range values { + if values[i] == nil { + panic("nil value passed to WithConditionalUpdateRisks") + } + b.ConditionalUpdateRisks = append(b.ConditionalUpdateRisks, *values[i]) + } + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/conditionalupdate.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/conditionalupdate.go index f183fc6e252b..8bffb192c0c2 100644 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/conditionalupdate.go +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/conditionalupdate.go @@ -10,6 +10,7 @@ import ( // with apply. type ConditionalUpdateApplyConfiguration struct { Release *ReleaseApplyConfiguration `json:"release,omitempty"` + RiskNames []string `json:"riskNames,omitempty"` Risks []ConditionalUpdateRiskApplyConfiguration `json:"risks,omitempty"` Conditions []metav1.ConditionApplyConfiguration `json:"conditions,omitempty"` } @@ -28,6 +29,16 @@ func (b *ConditionalUpdateApplyConfiguration) WithRelease(value *ReleaseApplyCon return b } +// WithRiskNames adds the given value to the RiskNames field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the RiskNames field. +func (b *ConditionalUpdateApplyConfiguration) WithRiskNames(values ...string) *ConditionalUpdateApplyConfiguration { + for i := range values { + b.RiskNames = append(b.RiskNames, values[i]) + } + return b +} + // WithRisks adds the given value to the Risks field in the declarative configuration // and returns the receiver, so that objects can be build by chaining "With" function invocations. // If called multiple times, values provided by each call will be appended to the Risks field. diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/conditionalupdaterisk.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/conditionalupdaterisk.go index 6debb6e62457..fdfc14ebfaec 100644 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/conditionalupdaterisk.go +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/conditionalupdaterisk.go @@ -2,9 +2,14 @@ package v1 +import ( + metav1 "k8s.io/client-go/applyconfigurations/meta/v1" +) + // ConditionalUpdateRiskApplyConfiguration represents a declarative configuration of the ConditionalUpdateRisk type for use // with apply. type ConditionalUpdateRiskApplyConfiguration struct { + Conditions []metav1.ConditionApplyConfiguration `json:"conditions,omitempty"` URL *string `json:"url,omitempty"` Name *string `json:"name,omitempty"` Message *string `json:"message,omitempty"` @@ -17,6 +22,19 @@ func ConditionalUpdateRisk() *ConditionalUpdateRiskApplyConfiguration { return &ConditionalUpdateRiskApplyConfiguration{} } +// WithConditions adds the given value to the Conditions field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Conditions field. +func (b *ConditionalUpdateRiskApplyConfiguration) WithConditions(values ...*metav1.ConditionApplyConfiguration) *ConditionalUpdateRiskApplyConfiguration { + for i := range values { + if values[i] == nil { + panic("nil value passed to WithConditions") + } + b.Conditions = append(b.Conditions, *values[i]) + } + return b +} + // WithURL sets the URL field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the URL field is set to the value of the last call. diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/oidcprovider.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/oidcprovider.go index 7d9300367364..4f5aec3a5464 100644 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/oidcprovider.go +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/oidcprovider.go @@ -10,6 +10,7 @@ type OIDCProviderApplyConfiguration struct { OIDCClients []OIDCClientConfigApplyConfiguration `json:"oidcClients,omitempty"` ClaimMappings *TokenClaimMappingsApplyConfiguration `json:"claimMappings,omitempty"` ClaimValidationRules []TokenClaimValidationRuleApplyConfiguration `json:"claimValidationRules,omitempty"` + UserValidationRules []TokenUserValidationRuleApplyConfiguration `json:"userValidationRules,omitempty"` } // OIDCProviderApplyConfiguration constructs a declarative configuration of the OIDCProvider type for use with @@ -67,3 +68,16 @@ func (b *OIDCProviderApplyConfiguration) WithClaimValidationRules(values ...*Tok } return b } + +// WithUserValidationRules adds the given value to the UserValidationRules field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the UserValidationRules field. +func (b *OIDCProviderApplyConfiguration) WithUserValidationRules(values ...*TokenUserValidationRuleApplyConfiguration) *OIDCProviderApplyConfiguration { + for i := range values { + if values[i] == nil { + panic("nil value passed to WithUserValidationRules") + } + b.UserValidationRules = append(b.UserValidationRules, *values[i]) + } + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenclaimvalidationcelrule.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenclaimvalidationcelrule.go new file mode 100644 index 000000000000..8dda73db1262 --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenclaimvalidationcelrule.go @@ -0,0 +1,32 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +// TokenClaimValidationCELRuleApplyConfiguration represents a declarative configuration of the TokenClaimValidationCELRule type for use +// with apply. +type TokenClaimValidationCELRuleApplyConfiguration struct { + Expression *string `json:"expression,omitempty"` + Message *string `json:"message,omitempty"` +} + +// TokenClaimValidationCELRuleApplyConfiguration constructs a declarative configuration of the TokenClaimValidationCELRule type for use with +// apply. +func TokenClaimValidationCELRule() *TokenClaimValidationCELRuleApplyConfiguration { + return &TokenClaimValidationCELRuleApplyConfiguration{} +} + +// WithExpression sets the Expression field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Expression field is set to the value of the last call. +func (b *TokenClaimValidationCELRuleApplyConfiguration) WithExpression(value string) *TokenClaimValidationCELRuleApplyConfiguration { + b.Expression = &value + return b +} + +// WithMessage sets the Message field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Message field is set to the value of the last call. +func (b *TokenClaimValidationCELRuleApplyConfiguration) WithMessage(value string) *TokenClaimValidationCELRuleApplyConfiguration { + b.Message = &value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenclaimvalidationrule.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenclaimvalidationrule.go index 74e9f61091f2..c8b0c600589e 100644 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenclaimvalidationrule.go +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenclaimvalidationrule.go @@ -9,8 +9,9 @@ import ( // TokenClaimValidationRuleApplyConfiguration represents a declarative configuration of the TokenClaimValidationRule type for use // with apply. type TokenClaimValidationRuleApplyConfiguration struct { - Type *configv1.TokenValidationRuleType `json:"type,omitempty"` - RequiredClaim *TokenRequiredClaimApplyConfiguration `json:"requiredClaim,omitempty"` + Type *configv1.TokenValidationRuleType `json:"type,omitempty"` + RequiredClaim *TokenRequiredClaimApplyConfiguration `json:"requiredClaim,omitempty"` + CEL *TokenClaimValidationCELRuleApplyConfiguration `json:"cel,omitempty"` } // TokenClaimValidationRuleApplyConfiguration constructs a declarative configuration of the TokenClaimValidationRule type for use with @@ -34,3 +35,11 @@ func (b *TokenClaimValidationRuleApplyConfiguration) WithRequiredClaim(value *To b.RequiredClaim = value return b } + +// WithCEL sets the CEL field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the CEL field is set to the value of the last call. +func (b *TokenClaimValidationRuleApplyConfiguration) WithCEL(value *TokenClaimValidationCELRuleApplyConfiguration) *TokenClaimValidationRuleApplyConfiguration { + b.CEL = value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenissuer.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenissuer.go index 68f590abc6ed..4c971d292974 100644 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenissuer.go +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenissuer.go @@ -12,6 +12,7 @@ type TokenIssuerApplyConfiguration struct { URL *string `json:"issuerURL,omitempty"` Audiences []configv1.TokenAudience `json:"audiences,omitempty"` CertificateAuthority *ConfigMapNameReferenceApplyConfiguration `json:"issuerCertificateAuthority,omitempty"` + DiscoveryURL *string `json:"discoveryURL,omitempty"` } // TokenIssuerApplyConfiguration constructs a declarative configuration of the TokenIssuer type for use with @@ -45,3 +46,11 @@ func (b *TokenIssuerApplyConfiguration) WithCertificateAuthority(value *ConfigMa b.CertificateAuthority = value return b } + +// WithDiscoveryURL sets the DiscoveryURL field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the DiscoveryURL field is set to the value of the last call. +func (b *TokenIssuerApplyConfiguration) WithDiscoveryURL(value string) *TokenIssuerApplyConfiguration { + b.DiscoveryURL = &value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenuservalidationrule.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenuservalidationrule.go new file mode 100644 index 000000000000..2aae5f3fe028 --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenuservalidationrule.go @@ -0,0 +1,32 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +// TokenUserValidationRuleApplyConfiguration represents a declarative configuration of the TokenUserValidationRule type for use +// with apply. +type TokenUserValidationRuleApplyConfiguration struct { + Expression *string `json:"expression,omitempty"` + Message *string `json:"message,omitempty"` +} + +// TokenUserValidationRuleApplyConfiguration constructs a declarative configuration of the TokenUserValidationRule type for use with +// apply. +func TokenUserValidationRule() *TokenUserValidationRuleApplyConfiguration { + return &TokenUserValidationRuleApplyConfiguration{} +} + +// WithExpression sets the Expression field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Expression field is set to the value of the last call. +func (b *TokenUserValidationRuleApplyConfiguration) WithExpression(value string) *TokenUserValidationRuleApplyConfiguration { + b.Expression = &value + return b +} + +// WithMessage sets the Message field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Message field is set to the value of the last call. +func (b *TokenUserValidationRuleApplyConfiguration) WithMessage(value string) *TokenUserValidationRuleApplyConfiguration { + b.Message = &value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/update.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/update.go index 004d1bac2241..d20e3ca42333 100644 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/update.go +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/update.go @@ -13,6 +13,7 @@ type UpdateApplyConfiguration struct { Version *string `json:"version,omitempty"` Image *string `json:"image,omitempty"` Force *bool `json:"force,omitempty"` + AcceptRisks []AcceptRiskApplyConfiguration `json:"acceptRisks,omitempty"` } // UpdateApplyConfiguration constructs a declarative configuration of the Update type for use with @@ -52,3 +53,16 @@ func (b *UpdateApplyConfiguration) WithForce(value bool) *UpdateApplyConfigurati b.Force = &value return b } + +// WithAcceptRisks adds the given value to the AcceptRisks field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the AcceptRisks field. +func (b *UpdateApplyConfiguration) WithAcceptRisks(values ...*AcceptRiskApplyConfiguration) *UpdateApplyConfiguration { + for i := range values { + if values[i] == nil { + panic("nil value passed to WithAcceptRisks") + } + b.AcceptRisks = append(b.AcceptRisks, *values[i]) + } + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/clustermonitoringspec.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/clustermonitoringspec.go index 7fcce84b5cf3..e4e57f3573ba 100644 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/clustermonitoringspec.go +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/clustermonitoringspec.go @@ -5,9 +5,10 @@ package v1alpha1 // ClusterMonitoringSpecApplyConfiguration represents a declarative configuration of the ClusterMonitoringSpec type for use // with apply. type ClusterMonitoringSpecApplyConfiguration struct { - UserDefined *UserDefinedMonitoringApplyConfiguration `json:"userDefined,omitempty"` - AlertmanagerConfig *AlertmanagerConfigApplyConfiguration `json:"alertmanagerConfig,omitempty"` - MetricsServerConfig *MetricsServerConfigApplyConfiguration `json:"metricsServerConfig,omitempty"` + UserDefined *UserDefinedMonitoringApplyConfiguration `json:"userDefined,omitempty"` + AlertmanagerConfig *AlertmanagerConfigApplyConfiguration `json:"alertmanagerConfig,omitempty"` + MetricsServerConfig *MetricsServerConfigApplyConfiguration `json:"metricsServerConfig,omitempty"` + PrometheusOperatorConfig *PrometheusOperatorConfigApplyConfiguration `json:"prometheusOperatorConfig,omitempty"` } // ClusterMonitoringSpecApplyConfiguration constructs a declarative configuration of the ClusterMonitoringSpec type for use with @@ -39,3 +40,11 @@ func (b *ClusterMonitoringSpecApplyConfiguration) WithMetricsServerConfig(value b.MetricsServerConfig = value return b } + +// WithPrometheusOperatorConfig sets the PrometheusOperatorConfig field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the PrometheusOperatorConfig field is set to the value of the last call. +func (b *ClusterMonitoringSpecApplyConfiguration) WithPrometheusOperatorConfig(value *PrometheusOperatorConfigApplyConfiguration) *ClusterMonitoringSpecApplyConfiguration { + b.PrometheusOperatorConfig = value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/criocredentialproviderconfig.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/criocredentialproviderconfig.go new file mode 100644 index 000000000000..221728dcaf2a --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/criocredentialproviderconfig.go @@ -0,0 +1,263 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + configv1alpha1 "github.com/openshift/api/config/v1alpha1" + internal "github.com/openshift/client-go/config/applyconfigurations/internal" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + managedfields "k8s.io/apimachinery/pkg/util/managedfields" + v1 "k8s.io/client-go/applyconfigurations/meta/v1" +) + +// CRIOCredentialProviderConfigApplyConfiguration represents a declarative configuration of the CRIOCredentialProviderConfig type for use +// with apply. +type CRIOCredentialProviderConfigApplyConfiguration struct { + v1.TypeMetaApplyConfiguration `json:",inline"` + *v1.ObjectMetaApplyConfiguration `json:"metadata,omitempty"` + Spec *CRIOCredentialProviderConfigSpecApplyConfiguration `json:"spec,omitempty"` + Status *CRIOCredentialProviderConfigStatusApplyConfiguration `json:"status,omitempty"` +} + +// CRIOCredentialProviderConfig constructs a declarative configuration of the CRIOCredentialProviderConfig type for use with +// apply. +func CRIOCredentialProviderConfig(name string) *CRIOCredentialProviderConfigApplyConfiguration { + b := &CRIOCredentialProviderConfigApplyConfiguration{} + b.WithName(name) + b.WithKind("CRIOCredentialProviderConfig") + b.WithAPIVersion("config.openshift.io/v1alpha1") + return b +} + +// ExtractCRIOCredentialProviderConfig extracts the applied configuration owned by fieldManager from +// cRIOCredentialProviderConfig. If no managedFields are found in cRIOCredentialProviderConfig for fieldManager, a +// CRIOCredentialProviderConfigApplyConfiguration is returned with only the Name, Namespace (if applicable), +// APIVersion and Kind populated. It is possible that no managed fields were found for because other +// field managers have taken ownership of all the fields previously owned by fieldManager, or because +// the fieldManager never owned fields any fields. +// cRIOCredentialProviderConfig must be a unmodified CRIOCredentialProviderConfig API object that was retrieved from the Kubernetes API. +// ExtractCRIOCredentialProviderConfig provides a way to perform a extract/modify-in-place/apply workflow. +// Note that an extracted apply configuration will contain fewer fields than what the fieldManager previously +// applied if another fieldManager has updated or force applied any of the previously applied fields. +// Experimental! +func ExtractCRIOCredentialProviderConfig(cRIOCredentialProviderConfig *configv1alpha1.CRIOCredentialProviderConfig, fieldManager string) (*CRIOCredentialProviderConfigApplyConfiguration, error) { + return extractCRIOCredentialProviderConfig(cRIOCredentialProviderConfig, fieldManager, "") +} + +// ExtractCRIOCredentialProviderConfigStatus is the same as ExtractCRIOCredentialProviderConfig except +// that it extracts the status subresource applied configuration. +// Experimental! +func ExtractCRIOCredentialProviderConfigStatus(cRIOCredentialProviderConfig *configv1alpha1.CRIOCredentialProviderConfig, fieldManager string) (*CRIOCredentialProviderConfigApplyConfiguration, error) { + return extractCRIOCredentialProviderConfig(cRIOCredentialProviderConfig, fieldManager, "status") +} + +func extractCRIOCredentialProviderConfig(cRIOCredentialProviderConfig *configv1alpha1.CRIOCredentialProviderConfig, fieldManager string, subresource string) (*CRIOCredentialProviderConfigApplyConfiguration, error) { + b := &CRIOCredentialProviderConfigApplyConfiguration{} + err := managedfields.ExtractInto(cRIOCredentialProviderConfig, internal.Parser().Type("com.github.openshift.api.config.v1alpha1.CRIOCredentialProviderConfig"), fieldManager, b, subresource) + if err != nil { + return nil, err + } + b.WithName(cRIOCredentialProviderConfig.Name) + + b.WithKind("CRIOCredentialProviderConfig") + b.WithAPIVersion("config.openshift.io/v1alpha1") + return b, nil +} +func (b CRIOCredentialProviderConfigApplyConfiguration) IsApplyConfiguration() {} + +// WithKind sets the Kind field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Kind field is set to the value of the last call. +func (b *CRIOCredentialProviderConfigApplyConfiguration) WithKind(value string) *CRIOCredentialProviderConfigApplyConfiguration { + b.TypeMetaApplyConfiguration.Kind = &value + return b +} + +// WithAPIVersion sets the APIVersion field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the APIVersion field is set to the value of the last call. +func (b *CRIOCredentialProviderConfigApplyConfiguration) WithAPIVersion(value string) *CRIOCredentialProviderConfigApplyConfiguration { + b.TypeMetaApplyConfiguration.APIVersion = &value + return b +} + +// WithName sets the Name field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Name field is set to the value of the last call. +func (b *CRIOCredentialProviderConfigApplyConfiguration) WithName(value string) *CRIOCredentialProviderConfigApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.Name = &value + return b +} + +// WithGenerateName sets the GenerateName field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the GenerateName field is set to the value of the last call. +func (b *CRIOCredentialProviderConfigApplyConfiguration) WithGenerateName(value string) *CRIOCredentialProviderConfigApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.GenerateName = &value + return b +} + +// WithNamespace sets the Namespace field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Namespace field is set to the value of the last call. +func (b *CRIOCredentialProviderConfigApplyConfiguration) WithNamespace(value string) *CRIOCredentialProviderConfigApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.Namespace = &value + return b +} + +// WithUID sets the UID field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the UID field is set to the value of the last call. +func (b *CRIOCredentialProviderConfigApplyConfiguration) WithUID(value types.UID) *CRIOCredentialProviderConfigApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.UID = &value + return b +} + +// WithResourceVersion sets the ResourceVersion field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ResourceVersion field is set to the value of the last call. +func (b *CRIOCredentialProviderConfigApplyConfiguration) WithResourceVersion(value string) *CRIOCredentialProviderConfigApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.ResourceVersion = &value + return b +} + +// WithGeneration sets the Generation field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Generation field is set to the value of the last call. +func (b *CRIOCredentialProviderConfigApplyConfiguration) WithGeneration(value int64) *CRIOCredentialProviderConfigApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.Generation = &value + return b +} + +// WithCreationTimestamp sets the CreationTimestamp field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the CreationTimestamp field is set to the value of the last call. +func (b *CRIOCredentialProviderConfigApplyConfiguration) WithCreationTimestamp(value metav1.Time) *CRIOCredentialProviderConfigApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.CreationTimestamp = &value + return b +} + +// WithDeletionTimestamp sets the DeletionTimestamp field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the DeletionTimestamp field is set to the value of the last call. +func (b *CRIOCredentialProviderConfigApplyConfiguration) WithDeletionTimestamp(value metav1.Time) *CRIOCredentialProviderConfigApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.DeletionTimestamp = &value + return b +} + +// WithDeletionGracePeriodSeconds sets the DeletionGracePeriodSeconds field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the DeletionGracePeriodSeconds field is set to the value of the last call. +func (b *CRIOCredentialProviderConfigApplyConfiguration) WithDeletionGracePeriodSeconds(value int64) *CRIOCredentialProviderConfigApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.DeletionGracePeriodSeconds = &value + return b +} + +// WithLabels puts the entries into the Labels field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, the entries provided by each call will be put on the Labels field, +// overwriting an existing map entries in Labels field with the same key. +func (b *CRIOCredentialProviderConfigApplyConfiguration) WithLabels(entries map[string]string) *CRIOCredentialProviderConfigApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + if b.ObjectMetaApplyConfiguration.Labels == nil && len(entries) > 0 { + b.ObjectMetaApplyConfiguration.Labels = make(map[string]string, len(entries)) + } + for k, v := range entries { + b.ObjectMetaApplyConfiguration.Labels[k] = v + } + return b +} + +// WithAnnotations puts the entries into the Annotations field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, the entries provided by each call will be put on the Annotations field, +// overwriting an existing map entries in Annotations field with the same key. +func (b *CRIOCredentialProviderConfigApplyConfiguration) WithAnnotations(entries map[string]string) *CRIOCredentialProviderConfigApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + if b.ObjectMetaApplyConfiguration.Annotations == nil && len(entries) > 0 { + b.ObjectMetaApplyConfiguration.Annotations = make(map[string]string, len(entries)) + } + for k, v := range entries { + b.ObjectMetaApplyConfiguration.Annotations[k] = v + } + return b +} + +// WithOwnerReferences adds the given value to the OwnerReferences field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the OwnerReferences field. +func (b *CRIOCredentialProviderConfigApplyConfiguration) WithOwnerReferences(values ...*v1.OwnerReferenceApplyConfiguration) *CRIOCredentialProviderConfigApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + for i := range values { + if values[i] == nil { + panic("nil value passed to WithOwnerReferences") + } + b.ObjectMetaApplyConfiguration.OwnerReferences = append(b.ObjectMetaApplyConfiguration.OwnerReferences, *values[i]) + } + return b +} + +// WithFinalizers adds the given value to the Finalizers field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Finalizers field. +func (b *CRIOCredentialProviderConfigApplyConfiguration) WithFinalizers(values ...string) *CRIOCredentialProviderConfigApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + for i := range values { + b.ObjectMetaApplyConfiguration.Finalizers = append(b.ObjectMetaApplyConfiguration.Finalizers, values[i]) + } + return b +} + +func (b *CRIOCredentialProviderConfigApplyConfiguration) ensureObjectMetaApplyConfigurationExists() { + if b.ObjectMetaApplyConfiguration == nil { + b.ObjectMetaApplyConfiguration = &v1.ObjectMetaApplyConfiguration{} + } +} + +// WithSpec sets the Spec field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Spec field is set to the value of the last call. +func (b *CRIOCredentialProviderConfigApplyConfiguration) WithSpec(value *CRIOCredentialProviderConfigSpecApplyConfiguration) *CRIOCredentialProviderConfigApplyConfiguration { + b.Spec = value + return b +} + +// WithStatus sets the Status field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Status field is set to the value of the last call. +func (b *CRIOCredentialProviderConfigApplyConfiguration) WithStatus(value *CRIOCredentialProviderConfigStatusApplyConfiguration) *CRIOCredentialProviderConfigApplyConfiguration { + b.Status = value + return b +} + +// GetKind retrieves the value of the Kind field in the declarative configuration. +func (b *CRIOCredentialProviderConfigApplyConfiguration) GetKind() *string { + return b.TypeMetaApplyConfiguration.Kind +} + +// GetAPIVersion retrieves the value of the APIVersion field in the declarative configuration. +func (b *CRIOCredentialProviderConfigApplyConfiguration) GetAPIVersion() *string { + return b.TypeMetaApplyConfiguration.APIVersion +} + +// GetName retrieves the value of the Name field in the declarative configuration. +func (b *CRIOCredentialProviderConfigApplyConfiguration) GetName() *string { + b.ensureObjectMetaApplyConfigurationExists() + return b.ObjectMetaApplyConfiguration.Name +} + +// GetNamespace retrieves the value of the Namespace field in the declarative configuration. +func (b *CRIOCredentialProviderConfigApplyConfiguration) GetNamespace() *string { + b.ensureObjectMetaApplyConfigurationExists() + return b.ObjectMetaApplyConfiguration.Namespace +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/criocredentialproviderconfigspec.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/criocredentialproviderconfigspec.go new file mode 100644 index 000000000000..e6588c608ccc --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/criocredentialproviderconfigspec.go @@ -0,0 +1,29 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + configv1alpha1 "github.com/openshift/api/config/v1alpha1" +) + +// CRIOCredentialProviderConfigSpecApplyConfiguration represents a declarative configuration of the CRIOCredentialProviderConfigSpec type for use +// with apply. +type CRIOCredentialProviderConfigSpecApplyConfiguration struct { + MatchImages []configv1alpha1.MatchImage `json:"matchImages,omitempty"` +} + +// CRIOCredentialProviderConfigSpecApplyConfiguration constructs a declarative configuration of the CRIOCredentialProviderConfigSpec type for use with +// apply. +func CRIOCredentialProviderConfigSpec() *CRIOCredentialProviderConfigSpecApplyConfiguration { + return &CRIOCredentialProviderConfigSpecApplyConfiguration{} +} + +// WithMatchImages adds the given value to the MatchImages field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the MatchImages field. +func (b *CRIOCredentialProviderConfigSpecApplyConfiguration) WithMatchImages(values ...configv1alpha1.MatchImage) *CRIOCredentialProviderConfigSpecApplyConfiguration { + for i := range values { + b.MatchImages = append(b.MatchImages, values[i]) + } + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/criocredentialproviderconfigstatus.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/criocredentialproviderconfigstatus.go new file mode 100644 index 000000000000..a243b281dfd4 --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/criocredentialproviderconfigstatus.go @@ -0,0 +1,32 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + v1 "k8s.io/client-go/applyconfigurations/meta/v1" +) + +// CRIOCredentialProviderConfigStatusApplyConfiguration represents a declarative configuration of the CRIOCredentialProviderConfigStatus type for use +// with apply. +type CRIOCredentialProviderConfigStatusApplyConfiguration struct { + Conditions []v1.ConditionApplyConfiguration `json:"conditions,omitempty"` +} + +// CRIOCredentialProviderConfigStatusApplyConfiguration constructs a declarative configuration of the CRIOCredentialProviderConfigStatus type for use with +// apply. +func CRIOCredentialProviderConfigStatus() *CRIOCredentialProviderConfigStatusApplyConfiguration { + return &CRIOCredentialProviderConfigStatusApplyConfiguration{} +} + +// WithConditions adds the given value to the Conditions field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Conditions field. +func (b *CRIOCredentialProviderConfigStatusApplyConfiguration) WithConditions(values ...*v1.ConditionApplyConfiguration) *CRIOCredentialProviderConfigStatusApplyConfiguration { + for i := range values { + if values[i] == nil { + panic("nil value passed to WithConditions") + } + b.Conditions = append(b.Conditions, *values[i]) + } + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/prometheusoperatorconfig.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/prometheusoperatorconfig.go new file mode 100644 index 000000000000..3276097b3b63 --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/prometheusoperatorconfig.go @@ -0,0 +1,79 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + configv1alpha1 "github.com/openshift/api/config/v1alpha1" + v1 "k8s.io/api/core/v1" +) + +// PrometheusOperatorConfigApplyConfiguration represents a declarative configuration of the PrometheusOperatorConfig type for use +// with apply. +type PrometheusOperatorConfigApplyConfiguration struct { + LogLevel *configv1alpha1.LogLevel `json:"logLevel,omitempty"` + NodeSelector map[string]string `json:"nodeSelector,omitempty"` + Resources []ContainerResourceApplyConfiguration `json:"resources,omitempty"` + Tolerations []v1.Toleration `json:"tolerations,omitempty"` + TopologySpreadConstraints []v1.TopologySpreadConstraint `json:"topologySpreadConstraints,omitempty"` +} + +// PrometheusOperatorConfigApplyConfiguration constructs a declarative configuration of the PrometheusOperatorConfig type for use with +// apply. +func PrometheusOperatorConfig() *PrometheusOperatorConfigApplyConfiguration { + return &PrometheusOperatorConfigApplyConfiguration{} +} + +// WithLogLevel sets the LogLevel field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the LogLevel field is set to the value of the last call. +func (b *PrometheusOperatorConfigApplyConfiguration) WithLogLevel(value configv1alpha1.LogLevel) *PrometheusOperatorConfigApplyConfiguration { + b.LogLevel = &value + return b +} + +// WithNodeSelector puts the entries into the NodeSelector field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, the entries provided by each call will be put on the NodeSelector field, +// overwriting an existing map entries in NodeSelector field with the same key. +func (b *PrometheusOperatorConfigApplyConfiguration) WithNodeSelector(entries map[string]string) *PrometheusOperatorConfigApplyConfiguration { + if b.NodeSelector == nil && len(entries) > 0 { + b.NodeSelector = make(map[string]string, len(entries)) + } + for k, v := range entries { + b.NodeSelector[k] = v + } + return b +} + +// WithResources adds the given value to the Resources field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Resources field. +func (b *PrometheusOperatorConfigApplyConfiguration) WithResources(values ...*ContainerResourceApplyConfiguration) *PrometheusOperatorConfigApplyConfiguration { + for i := range values { + if values[i] == nil { + panic("nil value passed to WithResources") + } + b.Resources = append(b.Resources, *values[i]) + } + return b +} + +// WithTolerations adds the given value to the Tolerations field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Tolerations field. +func (b *PrometheusOperatorConfigApplyConfiguration) WithTolerations(values ...v1.Toleration) *PrometheusOperatorConfigApplyConfiguration { + for i := range values { + b.Tolerations = append(b.Tolerations, values[i]) + } + return b +} + +// WithTopologySpreadConstraints adds the given value to the TopologySpreadConstraints field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the TopologySpreadConstraints field. +func (b *PrometheusOperatorConfigApplyConfiguration) WithTopologySpreadConstraints(values ...v1.TopologySpreadConstraint) *PrometheusOperatorConfigApplyConfiguration { + for i := range values { + b.TopologySpreadConstraints = append(b.TopologySpreadConstraints, values[i]) + } + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/internal/internal.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/internal/internal.go index f00417a5c6e5..65906b80c50a 100644 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/internal/internal.go +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/internal/internal.go @@ -206,6 +206,12 @@ var schemaYAML = typed.YAMLObject(`types: type: scalar: string default: "" +- name: com.github.openshift.api.config.v1.AcceptRisk + map: + fields: + - name: name + type: + scalar: string - name: com.github.openshift.api.config.v1.AlibabaCloudPlatformSpec map: elementType: @@ -848,6 +854,14 @@ var schemaYAML = typed.YAMLObject(`types: type: namedType: com.github.openshift.api.config.v1.ClusterVersionCapabilitiesStatus default: {} + - name: conditionalUpdateRisks + type: + list: + elementType: + namedType: com.github.openshift.api.config.v1.ConditionalUpdateRisk + elementRelationship: associative + keys: + - name - name: conditionalUpdates type: list: @@ -978,6 +992,12 @@ var schemaYAML = typed.YAMLObject(`types: type: namedType: com.github.openshift.api.config.v1.Release default: {} + - name: riskNames + type: + list: + elementType: + scalar: string + elementRelationship: associative - name: risks type: list: @@ -989,6 +1009,14 @@ var schemaYAML = typed.YAMLObject(`types: - name: com.github.openshift.api.config.v1.ConditionalUpdateRisk map: fields: + - name: conditions + type: + list: + elementType: + namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Condition + elementRelationship: associative + keys: + - type - name: matchingRules type: list: @@ -2751,6 +2779,14 @@ var schemaYAML = typed.YAMLObject(`types: keys: - componentNamespace - componentName + - name: userValidationRules + type: + list: + elementType: + namedType: com.github.openshift.api.config.v1.TokenUserValidationRule + elementRelationship: associative + keys: + - expression - name: com.github.openshift.api.config.v1.ObjectReference map: fields: @@ -3689,9 +3725,22 @@ var schemaYAML = typed.YAMLObject(`types: - name: expression type: scalar: string +- name: com.github.openshift.api.config.v1.TokenClaimValidationCELRule + map: + fields: + - name: expression + type: + scalar: string + - name: message + type: + scalar: string - name: com.github.openshift.api.config.v1.TokenClaimValidationRule map: fields: + - name: cel + type: + namedType: com.github.openshift.api.config.v1.TokenClaimValidationCELRule + default: {} - name: requiredClaim type: namedType: com.github.openshift.api.config.v1.TokenRequiredClaim @@ -3720,6 +3769,9 @@ var schemaYAML = typed.YAMLObject(`types: elementType: scalar: string elementRelationship: associative + - name: discoveryURL + type: + scalar: string - name: issuerCertificateAuthority type: namedType: com.github.openshift.api.config.v1.ConfigMapNameReference @@ -3739,9 +3791,26 @@ var schemaYAML = typed.YAMLObject(`types: type: scalar: string default: "" +- name: com.github.openshift.api.config.v1.TokenUserValidationRule + map: + fields: + - name: expression + type: + scalar: string + - name: message + type: + scalar: string - name: com.github.openshift.api.config.v1.Update map: fields: + - name: acceptRisks + type: + list: + elementType: + namedType: com.github.openshift.api.config.v1.AcceptRisk + elementRelationship: associative + keys: + - name - name: architecture type: scalar: string @@ -4149,6 +4218,46 @@ var schemaYAML = typed.YAMLObject(`types: elementType: namedType: __untyped_deduced_ elementRelationship: separable +- name: com.github.openshift.api.config.v1alpha1.CRIOCredentialProviderConfig + map: + fields: + - name: apiVersion + type: + scalar: string + - name: kind + type: + scalar: string + - name: metadata + type: + namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + default: {} + - name: spec + type: + namedType: com.github.openshift.api.config.v1alpha1.CRIOCredentialProviderConfigSpec + - name: status + type: + namedType: com.github.openshift.api.config.v1alpha1.CRIOCredentialProviderConfigStatus + default: {} +- name: com.github.openshift.api.config.v1alpha1.CRIOCredentialProviderConfigSpec + map: + fields: + - name: matchImages + type: + list: + elementType: + scalar: string + elementRelationship: associative +- name: com.github.openshift.api.config.v1alpha1.CRIOCredentialProviderConfigStatus + map: + fields: + - name: conditions + type: + list: + elementType: + namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Condition + elementRelationship: associative + keys: + - type - name: com.github.openshift.api.config.v1alpha1.ClusterImagePolicy map: fields: @@ -4226,6 +4335,10 @@ var schemaYAML = typed.YAMLObject(`types: type: namedType: com.github.openshift.api.config.v1alpha1.MetricsServerConfig default: {} + - name: prometheusOperatorConfig + type: + namedType: com.github.openshift.api.config.v1alpha1.PrometheusOperatorConfig + default: {} - name: userDefined type: namedType: com.github.openshift.api.config.v1alpha1.UserDefinedMonitoring @@ -4557,6 +4670,40 @@ var schemaYAML = typed.YAMLObject(`types: discriminatorValue: PKI - fieldName: publicKey discriminatorValue: PublicKey +- name: com.github.openshift.api.config.v1alpha1.PrometheusOperatorConfig + map: + fields: + - name: logLevel + type: + scalar: string + - name: nodeSelector + type: + map: + elementType: + scalar: string + - name: resources + type: + list: + elementType: + namedType: com.github.openshift.api.config.v1alpha1.ContainerResource + elementRelationship: associative + keys: + - name + - name: tolerations + type: + list: + elementType: + namedType: io.k8s.api.core.v1.Toleration + elementRelationship: atomic + - name: topologySpreadConstraints + type: + list: + elementType: + namedType: io.k8s.api.core.v1.TopologySpreadConstraint + elementRelationship: associative + keys: + - topologyKey + - whenUnsatisfiable - name: com.github.openshift.api.config.v1alpha1.RetentionNumberConfig map: fields: diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/utils.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/utils.go index 99cad8e204e1..da8304eaf97e 100644 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/utils.go +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/utils.go @@ -20,6 +20,8 @@ import ( func ForKind(kind schema.GroupVersionKind) interface{} { switch kind { // Group=config.openshift.io, Version=v1 + case v1.SchemeGroupVersion.WithKind("AcceptRisk"): + return &configv1.AcceptRiskApplyConfiguration{} case v1.SchemeGroupVersion.WithKind("AlibabaCloudPlatformStatus"): return &configv1.AlibabaCloudPlatformStatusApplyConfiguration{} case v1.SchemeGroupVersion.WithKind("AlibabaCloudResourceTag"): @@ -430,6 +432,8 @@ func ForKind(kind schema.GroupVersionKind) interface{} { return &configv1.TokenClaimMappingsApplyConfiguration{} case v1.SchemeGroupVersion.WithKind("TokenClaimOrExpressionMapping"): return &configv1.TokenClaimOrExpressionMappingApplyConfiguration{} + case v1.SchemeGroupVersion.WithKind("TokenClaimValidationCELRule"): + return &configv1.TokenClaimValidationCELRuleApplyConfiguration{} case v1.SchemeGroupVersion.WithKind("TokenClaimValidationRule"): return &configv1.TokenClaimValidationRuleApplyConfiguration{} case v1.SchemeGroupVersion.WithKind("TokenConfig"): @@ -438,6 +442,8 @@ func ForKind(kind schema.GroupVersionKind) interface{} { return &configv1.TokenIssuerApplyConfiguration{} case v1.SchemeGroupVersion.WithKind("TokenRequiredClaim"): return &configv1.TokenRequiredClaimApplyConfiguration{} + case v1.SchemeGroupVersion.WithKind("TokenUserValidationRule"): + return &configv1.TokenUserValidationRuleApplyConfiguration{} case v1.SchemeGroupVersion.WithKind("Update"): return &configv1.UpdateApplyConfiguration{} case v1.SchemeGroupVersion.WithKind("UpdateHistory"): @@ -494,6 +500,12 @@ func ForKind(kind schema.GroupVersionKind) interface{} { return &configv1alpha1.ClusterMonitoringSpecApplyConfiguration{} case v1alpha1.SchemeGroupVersion.WithKind("ContainerResource"): return &configv1alpha1.ContainerResourceApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("CRIOCredentialProviderConfig"): + return &configv1alpha1.CRIOCredentialProviderConfigApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("CRIOCredentialProviderConfigSpec"): + return &configv1alpha1.CRIOCredentialProviderConfigSpecApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("CRIOCredentialProviderConfigStatus"): + return &configv1alpha1.CRIOCredentialProviderConfigStatusApplyConfiguration{} case v1alpha1.SchemeGroupVersion.WithKind("EtcdBackupSpec"): return &configv1alpha1.EtcdBackupSpecApplyConfiguration{} case v1alpha1.SchemeGroupVersion.WithKind("GatherConfig"): @@ -534,6 +546,8 @@ func ForKind(kind schema.GroupVersionKind) interface{} { return &configv1alpha1.PolicyMatchRemapIdentityApplyConfiguration{} case v1alpha1.SchemeGroupVersion.WithKind("PolicyRootOfTrust"): return &configv1alpha1.PolicyRootOfTrustApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("PrometheusOperatorConfig"): + return &configv1alpha1.PrometheusOperatorConfigApplyConfiguration{} case v1alpha1.SchemeGroupVersion.WithKind("RetentionNumberConfig"): return &configv1alpha1.RetentionNumberConfigApplyConfiguration{} case v1alpha1.SchemeGroupVersion.WithKind("RetentionPolicy"): diff --git a/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1/config_client.go b/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1/config_client.go index 2530a4a645fc..58cf671dc907 100644 --- a/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1/config_client.go +++ b/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1/config_client.go @@ -13,6 +13,7 @@ import ( type ConfigV1alpha1Interface interface { RESTClient() rest.Interface BackupsGetter + CRIOCredentialProviderConfigsGetter ClusterImagePoliciesGetter ClusterMonitoringsGetter ImagePoliciesGetter @@ -28,6 +29,10 @@ func (c *ConfigV1alpha1Client) Backups() BackupInterface { return newBackups(c) } +func (c *ConfigV1alpha1Client) CRIOCredentialProviderConfigs() CRIOCredentialProviderConfigInterface { + return newCRIOCredentialProviderConfigs(c) +} + func (c *ConfigV1alpha1Client) ClusterImagePolicies() ClusterImagePolicyInterface { return newClusterImagePolicies(c) } diff --git a/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1/criocredentialproviderconfig.go b/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1/criocredentialproviderconfig.go new file mode 100644 index 000000000000..3c4962155a45 --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1/criocredentialproviderconfig.go @@ -0,0 +1,62 @@ +// Code generated by client-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + context "context" + + configv1alpha1 "github.com/openshift/api/config/v1alpha1" + applyconfigurationsconfigv1alpha1 "github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1" + scheme "github.com/openshift/client-go/config/clientset/versioned/scheme" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + gentype "k8s.io/client-go/gentype" +) + +// CRIOCredentialProviderConfigsGetter has a method to return a CRIOCredentialProviderConfigInterface. +// A group's client should implement this interface. +type CRIOCredentialProviderConfigsGetter interface { + CRIOCredentialProviderConfigs() CRIOCredentialProviderConfigInterface +} + +// CRIOCredentialProviderConfigInterface has methods to work with CRIOCredentialProviderConfig resources. +type CRIOCredentialProviderConfigInterface interface { + Create(ctx context.Context, cRIOCredentialProviderConfig *configv1alpha1.CRIOCredentialProviderConfig, opts v1.CreateOptions) (*configv1alpha1.CRIOCredentialProviderConfig, error) + Update(ctx context.Context, cRIOCredentialProviderConfig *configv1alpha1.CRIOCredentialProviderConfig, opts v1.UpdateOptions) (*configv1alpha1.CRIOCredentialProviderConfig, error) + // Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). + UpdateStatus(ctx context.Context, cRIOCredentialProviderConfig *configv1alpha1.CRIOCredentialProviderConfig, opts v1.UpdateOptions) (*configv1alpha1.CRIOCredentialProviderConfig, error) + Delete(ctx context.Context, name string, opts v1.DeleteOptions) error + DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error + Get(ctx context.Context, name string, opts v1.GetOptions) (*configv1alpha1.CRIOCredentialProviderConfig, error) + List(ctx context.Context, opts v1.ListOptions) (*configv1alpha1.CRIOCredentialProviderConfigList, error) + Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) + Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *configv1alpha1.CRIOCredentialProviderConfig, err error) + Apply(ctx context.Context, cRIOCredentialProviderConfig *applyconfigurationsconfigv1alpha1.CRIOCredentialProviderConfigApplyConfiguration, opts v1.ApplyOptions) (result *configv1alpha1.CRIOCredentialProviderConfig, err error) + // Add a +genclient:noStatus comment above the type to avoid generating ApplyStatus(). + ApplyStatus(ctx context.Context, cRIOCredentialProviderConfig *applyconfigurationsconfigv1alpha1.CRIOCredentialProviderConfigApplyConfiguration, opts v1.ApplyOptions) (result *configv1alpha1.CRIOCredentialProviderConfig, err error) + CRIOCredentialProviderConfigExpansion +} + +// cRIOCredentialProviderConfigs implements CRIOCredentialProviderConfigInterface +type cRIOCredentialProviderConfigs struct { + *gentype.ClientWithListAndApply[*configv1alpha1.CRIOCredentialProviderConfig, *configv1alpha1.CRIOCredentialProviderConfigList, *applyconfigurationsconfigv1alpha1.CRIOCredentialProviderConfigApplyConfiguration] +} + +// newCRIOCredentialProviderConfigs returns a CRIOCredentialProviderConfigs +func newCRIOCredentialProviderConfigs(c *ConfigV1alpha1Client) *cRIOCredentialProviderConfigs { + return &cRIOCredentialProviderConfigs{ + gentype.NewClientWithListAndApply[*configv1alpha1.CRIOCredentialProviderConfig, *configv1alpha1.CRIOCredentialProviderConfigList, *applyconfigurationsconfigv1alpha1.CRIOCredentialProviderConfigApplyConfiguration]( + "criocredentialproviderconfigs", + c.RESTClient(), + scheme.ParameterCodec, + "", + func() *configv1alpha1.CRIOCredentialProviderConfig { + return &configv1alpha1.CRIOCredentialProviderConfig{} + }, + func() *configv1alpha1.CRIOCredentialProviderConfigList { + return &configv1alpha1.CRIOCredentialProviderConfigList{} + }, + ), + } +} diff --git a/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1/fake/fake_config_client.go b/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1/fake/fake_config_client.go index dd57e4a2cc69..e807c2314749 100644 --- a/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1/fake/fake_config_client.go +++ b/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1/fake/fake_config_client.go @@ -16,6 +16,10 @@ func (c *FakeConfigV1alpha1) Backups() v1alpha1.BackupInterface { return newFakeBackups(c) } +func (c *FakeConfigV1alpha1) CRIOCredentialProviderConfigs() v1alpha1.CRIOCredentialProviderConfigInterface { + return newFakeCRIOCredentialProviderConfigs(c) +} + func (c *FakeConfigV1alpha1) ClusterImagePolicies() v1alpha1.ClusterImagePolicyInterface { return newFakeClusterImagePolicies(c) } diff --git a/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1/fake/fake_criocredentialproviderconfig.go b/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1/fake/fake_criocredentialproviderconfig.go new file mode 100644 index 000000000000..588ce179cc3c --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1/fake/fake_criocredentialproviderconfig.go @@ -0,0 +1,37 @@ +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + v1alpha1 "github.com/openshift/api/config/v1alpha1" + configv1alpha1 "github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1" + typedconfigv1alpha1 "github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1" + gentype "k8s.io/client-go/gentype" +) + +// fakeCRIOCredentialProviderConfigs implements CRIOCredentialProviderConfigInterface +type fakeCRIOCredentialProviderConfigs struct { + *gentype.FakeClientWithListAndApply[*v1alpha1.CRIOCredentialProviderConfig, *v1alpha1.CRIOCredentialProviderConfigList, *configv1alpha1.CRIOCredentialProviderConfigApplyConfiguration] + Fake *FakeConfigV1alpha1 +} + +func newFakeCRIOCredentialProviderConfigs(fake *FakeConfigV1alpha1) typedconfigv1alpha1.CRIOCredentialProviderConfigInterface { + return &fakeCRIOCredentialProviderConfigs{ + gentype.NewFakeClientWithListAndApply[*v1alpha1.CRIOCredentialProviderConfig, *v1alpha1.CRIOCredentialProviderConfigList, *configv1alpha1.CRIOCredentialProviderConfigApplyConfiguration]( + fake.Fake, + "", + v1alpha1.SchemeGroupVersion.WithResource("criocredentialproviderconfigs"), + v1alpha1.SchemeGroupVersion.WithKind("CRIOCredentialProviderConfig"), + func() *v1alpha1.CRIOCredentialProviderConfig { return &v1alpha1.CRIOCredentialProviderConfig{} }, + func() *v1alpha1.CRIOCredentialProviderConfigList { return &v1alpha1.CRIOCredentialProviderConfigList{} }, + func(dst, src *v1alpha1.CRIOCredentialProviderConfigList) { dst.ListMeta = src.ListMeta }, + func(list *v1alpha1.CRIOCredentialProviderConfigList) []*v1alpha1.CRIOCredentialProviderConfig { + return gentype.ToPointerSlice(list.Items) + }, + func(list *v1alpha1.CRIOCredentialProviderConfigList, items []*v1alpha1.CRIOCredentialProviderConfig) { + list.Items = gentype.FromPointerSlice(items) + }, + ), + fake, + } +} diff --git a/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1/generated_expansion.go b/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1/generated_expansion.go index ab5198cce6ae..9f530ae2201a 100644 --- a/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1/generated_expansion.go +++ b/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1/generated_expansion.go @@ -4,6 +4,8 @@ package v1alpha1 type BackupExpansion interface{} +type CRIOCredentialProviderConfigExpansion interface{} + type ClusterImagePolicyExpansion interface{} type ClusterMonitoringExpansion interface{} diff --git a/vendor/github.com/openshift/client-go/config/informers/externalversions/config/v1alpha1/criocredentialproviderconfig.go b/vendor/github.com/openshift/client-go/config/informers/externalversions/config/v1alpha1/criocredentialproviderconfig.go new file mode 100644 index 000000000000..b349ee0ed5e6 --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/informers/externalversions/config/v1alpha1/criocredentialproviderconfig.go @@ -0,0 +1,85 @@ +// Code generated by informer-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + context "context" + time "time" + + apiconfigv1alpha1 "github.com/openshift/api/config/v1alpha1" + versioned "github.com/openshift/client-go/config/clientset/versioned" + internalinterfaces "github.com/openshift/client-go/config/informers/externalversions/internalinterfaces" + configv1alpha1 "github.com/openshift/client-go/config/listers/config/v1alpha1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" + watch "k8s.io/apimachinery/pkg/watch" + cache "k8s.io/client-go/tools/cache" +) + +// CRIOCredentialProviderConfigInformer provides access to a shared informer and lister for +// CRIOCredentialProviderConfigs. +type CRIOCredentialProviderConfigInformer interface { + Informer() cache.SharedIndexInformer + Lister() configv1alpha1.CRIOCredentialProviderConfigLister +} + +type cRIOCredentialProviderConfigInformer struct { + factory internalinterfaces.SharedInformerFactory + tweakListOptions internalinterfaces.TweakListOptionsFunc +} + +// NewCRIOCredentialProviderConfigInformer constructs a new informer for CRIOCredentialProviderConfig type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewCRIOCredentialProviderConfigInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { + return NewFilteredCRIOCredentialProviderConfigInformer(client, resyncPeriod, indexers, nil) +} + +// NewFilteredCRIOCredentialProviderConfigInformer constructs a new informer for CRIOCredentialProviderConfig type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewFilteredCRIOCredentialProviderConfigInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { + return cache.NewSharedIndexInformer( + &cache.ListWatch{ + ListFunc: func(options v1.ListOptions) (runtime.Object, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.ConfigV1alpha1().CRIOCredentialProviderConfigs().List(context.Background(), options) + }, + WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.ConfigV1alpha1().CRIOCredentialProviderConfigs().Watch(context.Background(), options) + }, + ListWithContextFunc: func(ctx context.Context, options v1.ListOptions) (runtime.Object, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.ConfigV1alpha1().CRIOCredentialProviderConfigs().List(ctx, options) + }, + WatchFuncWithContext: func(ctx context.Context, options v1.ListOptions) (watch.Interface, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.ConfigV1alpha1().CRIOCredentialProviderConfigs().Watch(ctx, options) + }, + }, + &apiconfigv1alpha1.CRIOCredentialProviderConfig{}, + resyncPeriod, + indexers, + ) +} + +func (f *cRIOCredentialProviderConfigInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { + return NewFilteredCRIOCredentialProviderConfigInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) +} + +func (f *cRIOCredentialProviderConfigInformer) Informer() cache.SharedIndexInformer { + return f.factory.InformerFor(&apiconfigv1alpha1.CRIOCredentialProviderConfig{}, f.defaultInformer) +} + +func (f *cRIOCredentialProviderConfigInformer) Lister() configv1alpha1.CRIOCredentialProviderConfigLister { + return configv1alpha1.NewCRIOCredentialProviderConfigLister(f.Informer().GetIndexer()) +} diff --git a/vendor/github.com/openshift/client-go/config/informers/externalversions/config/v1alpha1/interface.go b/vendor/github.com/openshift/client-go/config/informers/externalversions/config/v1alpha1/interface.go index 893d2db0ad73..10cc930b8cbd 100644 --- a/vendor/github.com/openshift/client-go/config/informers/externalversions/config/v1alpha1/interface.go +++ b/vendor/github.com/openshift/client-go/config/informers/externalversions/config/v1alpha1/interface.go @@ -10,6 +10,8 @@ import ( type Interface interface { // Backups returns a BackupInformer. Backups() BackupInformer + // CRIOCredentialProviderConfigs returns a CRIOCredentialProviderConfigInformer. + CRIOCredentialProviderConfigs() CRIOCredentialProviderConfigInformer // ClusterImagePolicies returns a ClusterImagePolicyInformer. ClusterImagePolicies() ClusterImagePolicyInformer // ClusterMonitorings returns a ClusterMonitoringInformer. @@ -36,6 +38,11 @@ func (v *version) Backups() BackupInformer { return &backupInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} } +// CRIOCredentialProviderConfigs returns a CRIOCredentialProviderConfigInformer. +func (v *version) CRIOCredentialProviderConfigs() CRIOCredentialProviderConfigInformer { + return &cRIOCredentialProviderConfigInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} +} + // ClusterImagePolicies returns a ClusterImagePolicyInformer. func (v *version) ClusterImagePolicies() ClusterImagePolicyInformer { return &clusterImagePolicyInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} diff --git a/vendor/github.com/openshift/client-go/config/informers/externalversions/generic.go b/vendor/github.com/openshift/client-go/config/informers/externalversions/generic.go index 146e7e9754ee..ca697748ae9e 100644 --- a/vendor/github.com/openshift/client-go/config/informers/externalversions/generic.go +++ b/vendor/github.com/openshift/client-go/config/informers/externalversions/generic.go @@ -91,6 +91,8 @@ func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource // Group=config.openshift.io, Version=v1alpha1 case v1alpha1.SchemeGroupVersion.WithResource("backups"): return &genericInformer{resource: resource.GroupResource(), informer: f.Config().V1alpha1().Backups().Informer()}, nil + case v1alpha1.SchemeGroupVersion.WithResource("criocredentialproviderconfigs"): + return &genericInformer{resource: resource.GroupResource(), informer: f.Config().V1alpha1().CRIOCredentialProviderConfigs().Informer()}, nil case v1alpha1.SchemeGroupVersion.WithResource("clusterimagepolicies"): return &genericInformer{resource: resource.GroupResource(), informer: f.Config().V1alpha1().ClusterImagePolicies().Informer()}, nil case v1alpha1.SchemeGroupVersion.WithResource("clustermonitorings"): diff --git a/vendor/github.com/openshift/client-go/config/listers/config/v1alpha1/criocredentialproviderconfig.go b/vendor/github.com/openshift/client-go/config/listers/config/v1alpha1/criocredentialproviderconfig.go new file mode 100644 index 000000000000..cc5dfa388586 --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/listers/config/v1alpha1/criocredentialproviderconfig.go @@ -0,0 +1,32 @@ +// Code generated by lister-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + configv1alpha1 "github.com/openshift/api/config/v1alpha1" + labels "k8s.io/apimachinery/pkg/labels" + listers "k8s.io/client-go/listers" + cache "k8s.io/client-go/tools/cache" +) + +// CRIOCredentialProviderConfigLister helps list CRIOCredentialProviderConfigs. +// All objects returned here must be treated as read-only. +type CRIOCredentialProviderConfigLister interface { + // List lists all CRIOCredentialProviderConfigs in the indexer. + // Objects returned here must be treated as read-only. + List(selector labels.Selector) (ret []*configv1alpha1.CRIOCredentialProviderConfig, err error) + // Get retrieves the CRIOCredentialProviderConfig from the index for a given name. + // Objects returned here must be treated as read-only. + Get(name string) (*configv1alpha1.CRIOCredentialProviderConfig, error) + CRIOCredentialProviderConfigListerExpansion +} + +// cRIOCredentialProviderConfigLister implements the CRIOCredentialProviderConfigLister interface. +type cRIOCredentialProviderConfigLister struct { + listers.ResourceIndexer[*configv1alpha1.CRIOCredentialProviderConfig] +} + +// NewCRIOCredentialProviderConfigLister returns a new CRIOCredentialProviderConfigLister. +func NewCRIOCredentialProviderConfigLister(indexer cache.Indexer) CRIOCredentialProviderConfigLister { + return &cRIOCredentialProviderConfigLister{listers.New[*configv1alpha1.CRIOCredentialProviderConfig](indexer, configv1alpha1.Resource("criocredentialproviderconfig"))} +} diff --git a/vendor/github.com/openshift/client-go/config/listers/config/v1alpha1/expansion_generated.go b/vendor/github.com/openshift/client-go/config/listers/config/v1alpha1/expansion_generated.go index 09b4d206dba1..75ba32823f9c 100644 --- a/vendor/github.com/openshift/client-go/config/listers/config/v1alpha1/expansion_generated.go +++ b/vendor/github.com/openshift/client-go/config/listers/config/v1alpha1/expansion_generated.go @@ -6,6 +6,10 @@ package v1alpha1 // BackupLister. type BackupListerExpansion interface{} +// CRIOCredentialProviderConfigListerExpansion allows custom methods to be added to +// CRIOCredentialProviderConfigLister. +type CRIOCredentialProviderConfigListerExpansion interface{} + // ClusterImagePolicyListerExpansion allows custom methods to be added to // ClusterImagePolicyLister. type ClusterImagePolicyListerExpansion interface{} diff --git a/vendor/github.com/openshift/client-go/machine/applyconfigurations/internal/internal.go b/vendor/github.com/openshift/client-go/machine/applyconfigurations/internal/internal.go index 8a9308e85843..3dd213be7915 100644 --- a/vendor/github.com/openshift/client-go/machine/applyconfigurations/internal/internal.go +++ b/vendor/github.com/openshift/client-go/machine/applyconfigurations/internal/internal.go @@ -548,6 +548,9 @@ var schemaYAML = typed.YAMLObject(`types: type: scalar: numeric default: 0 + - name: synchronizedAPI + type: + scalar: string - name: synchronizedGeneration type: scalar: numeric @@ -620,6 +623,9 @@ var schemaYAML = typed.YAMLObject(`types: - name: providerStatus type: namedType: __untyped_atomic_ + - name: synchronizedAPI + type: + scalar: string - name: synchronizedGeneration type: scalar: numeric diff --git a/vendor/github.com/openshift/client-go/machine/applyconfigurations/machine/v1beta1/machinesetstatus.go b/vendor/github.com/openshift/client-go/machine/applyconfigurations/machine/v1beta1/machinesetstatus.go index 583ee66b7650..08b74fde0d48 100644 --- a/vendor/github.com/openshift/client-go/machine/applyconfigurations/machine/v1beta1/machinesetstatus.go +++ b/vendor/github.com/openshift/client-go/machine/applyconfigurations/machine/v1beta1/machinesetstatus.go @@ -18,6 +18,7 @@ type MachineSetStatusApplyConfiguration struct { ErrorMessage *string `json:"errorMessage,omitempty"` Conditions []ConditionApplyConfiguration `json:"conditions,omitempty"` AuthoritativeAPI *machinev1beta1.MachineAuthority `json:"authoritativeAPI,omitempty"` + SynchronizedAPI *machinev1beta1.SynchronizedAPI `json:"synchronizedAPI,omitempty"` SynchronizedGeneration *int64 `json:"synchronizedGeneration,omitempty"` } @@ -104,6 +105,14 @@ func (b *MachineSetStatusApplyConfiguration) WithAuthoritativeAPI(value machinev return b } +// WithSynchronizedAPI sets the SynchronizedAPI field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the SynchronizedAPI field is set to the value of the last call. +func (b *MachineSetStatusApplyConfiguration) WithSynchronizedAPI(value machinev1beta1.SynchronizedAPI) *MachineSetStatusApplyConfiguration { + b.SynchronizedAPI = &value + return b +} + // WithSynchronizedGeneration sets the SynchronizedGeneration field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the SynchronizedGeneration field is set to the value of the last call. diff --git a/vendor/github.com/openshift/client-go/machine/applyconfigurations/machine/v1beta1/machinestatus.go b/vendor/github.com/openshift/client-go/machine/applyconfigurations/machine/v1beta1/machinestatus.go index ab4a2632c1ad..8e211e60eeb6 100644 --- a/vendor/github.com/openshift/client-go/machine/applyconfigurations/machine/v1beta1/machinestatus.go +++ b/vendor/github.com/openshift/client-go/machine/applyconfigurations/machine/v1beta1/machinestatus.go @@ -22,6 +22,7 @@ type MachineStatusApplyConfiguration struct { Phase *string `json:"phase,omitempty"` Conditions []ConditionApplyConfiguration `json:"conditions,omitempty"` AuthoritativeAPI *machinev1beta1.MachineAuthority `json:"authoritativeAPI,omitempty"` + SynchronizedAPI *machinev1beta1.SynchronizedAPI `json:"synchronizedAPI,omitempty"` SynchronizedGeneration *int64 `json:"synchronizedGeneration,omitempty"` } @@ -118,6 +119,14 @@ func (b *MachineStatusApplyConfiguration) WithAuthoritativeAPI(value machinev1be return b } +// WithSynchronizedAPI sets the SynchronizedAPI field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the SynchronizedAPI field is set to the value of the last call. +func (b *MachineStatusApplyConfiguration) WithSynchronizedAPI(value machinev1beta1.SynchronizedAPI) *MachineStatusApplyConfiguration { + b.SynchronizedAPI = &value + return b +} + // WithSynchronizedGeneration sets the SynchronizedGeneration field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the SynchronizedGeneration field is set to the value of the last call. diff --git a/vendor/github.com/openshift/client-go/operator/applyconfigurations/internal/internal.go b/vendor/github.com/openshift/client-go/operator/applyconfigurations/internal/internal.go index d2451c5723e8..51ec76686f98 100644 --- a/vendor/github.com/openshift/client-go/operator/applyconfigurations/internal/internal.go +++ b/vendor/github.com/openshift/client-go/operator/applyconfigurations/internal/internal.go @@ -4061,6 +4061,51 @@ var schemaYAML = typed.YAMLObject(`types: type: scalar: string default: "" +- name: com.github.openshift.api.operator.v1alpha1.ClusterAPI + map: + fields: + - name: apiVersion + type: + scalar: string + - name: kind + type: + scalar: string + - name: metadata + type: + namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + default: {} + - name: spec + type: + namedType: com.github.openshift.api.operator.v1alpha1.ClusterAPISpec + default: {} + - name: status + type: + namedType: com.github.openshift.api.operator.v1alpha1.ClusterAPIStatus + default: {} +- name: com.github.openshift.api.operator.v1alpha1.ClusterAPISpec + map: + fields: + - name: unmanagedCustomResourceDefinitions + type: + list: + elementType: + scalar: string + elementRelationship: associative +- name: com.github.openshift.api.operator.v1alpha1.ClusterAPIStatus + map: + fields: + - name: activeConfigMaps + type: + list: + elementType: + scalar: string + elementRelationship: atomic + - name: targetConfigMaps + type: + list: + elementType: + scalar: string + elementRelationship: atomic - name: com.github.openshift.api.operator.v1alpha1.ClusterVersionOperator map: fields: diff --git a/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1alpha1/clusterapi.go b/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1alpha1/clusterapi.go new file mode 100644 index 000000000000..b61e10d4b248 --- /dev/null +++ b/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1alpha1/clusterapi.go @@ -0,0 +1,263 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + operatorv1alpha1 "github.com/openshift/api/operator/v1alpha1" + internal "github.com/openshift/client-go/operator/applyconfigurations/internal" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + managedfields "k8s.io/apimachinery/pkg/util/managedfields" + v1 "k8s.io/client-go/applyconfigurations/meta/v1" +) + +// ClusterAPIApplyConfiguration represents a declarative configuration of the ClusterAPI type for use +// with apply. +type ClusterAPIApplyConfiguration struct { + v1.TypeMetaApplyConfiguration `json:",inline"` + *v1.ObjectMetaApplyConfiguration `json:"metadata,omitempty"` + Spec *ClusterAPISpecApplyConfiguration `json:"spec,omitempty"` + Status *ClusterAPIStatusApplyConfiguration `json:"status,omitempty"` +} + +// ClusterAPI constructs a declarative configuration of the ClusterAPI type for use with +// apply. +func ClusterAPI(name string) *ClusterAPIApplyConfiguration { + b := &ClusterAPIApplyConfiguration{} + b.WithName(name) + b.WithKind("ClusterAPI") + b.WithAPIVersion("operator.openshift.io/v1alpha1") + return b +} + +// ExtractClusterAPI extracts the applied configuration owned by fieldManager from +// clusterAPI. If no managedFields are found in clusterAPI for fieldManager, a +// ClusterAPIApplyConfiguration is returned with only the Name, Namespace (if applicable), +// APIVersion and Kind populated. It is possible that no managed fields were found for because other +// field managers have taken ownership of all the fields previously owned by fieldManager, or because +// the fieldManager never owned fields any fields. +// clusterAPI must be a unmodified ClusterAPI API object that was retrieved from the Kubernetes API. +// ExtractClusterAPI provides a way to perform a extract/modify-in-place/apply workflow. +// Note that an extracted apply configuration will contain fewer fields than what the fieldManager previously +// applied if another fieldManager has updated or force applied any of the previously applied fields. +// Experimental! +func ExtractClusterAPI(clusterAPI *operatorv1alpha1.ClusterAPI, fieldManager string) (*ClusterAPIApplyConfiguration, error) { + return extractClusterAPI(clusterAPI, fieldManager, "") +} + +// ExtractClusterAPIStatus is the same as ExtractClusterAPI except +// that it extracts the status subresource applied configuration. +// Experimental! +func ExtractClusterAPIStatus(clusterAPI *operatorv1alpha1.ClusterAPI, fieldManager string) (*ClusterAPIApplyConfiguration, error) { + return extractClusterAPI(clusterAPI, fieldManager, "status") +} + +func extractClusterAPI(clusterAPI *operatorv1alpha1.ClusterAPI, fieldManager string, subresource string) (*ClusterAPIApplyConfiguration, error) { + b := &ClusterAPIApplyConfiguration{} + err := managedfields.ExtractInto(clusterAPI, internal.Parser().Type("com.github.openshift.api.operator.v1alpha1.ClusterAPI"), fieldManager, b, subresource) + if err != nil { + return nil, err + } + b.WithName(clusterAPI.Name) + + b.WithKind("ClusterAPI") + b.WithAPIVersion("operator.openshift.io/v1alpha1") + return b, nil +} +func (b ClusterAPIApplyConfiguration) IsApplyConfiguration() {} + +// WithKind sets the Kind field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Kind field is set to the value of the last call. +func (b *ClusterAPIApplyConfiguration) WithKind(value string) *ClusterAPIApplyConfiguration { + b.TypeMetaApplyConfiguration.Kind = &value + return b +} + +// WithAPIVersion sets the APIVersion field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the APIVersion field is set to the value of the last call. +func (b *ClusterAPIApplyConfiguration) WithAPIVersion(value string) *ClusterAPIApplyConfiguration { + b.TypeMetaApplyConfiguration.APIVersion = &value + return b +} + +// WithName sets the Name field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Name field is set to the value of the last call. +func (b *ClusterAPIApplyConfiguration) WithName(value string) *ClusterAPIApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.Name = &value + return b +} + +// WithGenerateName sets the GenerateName field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the GenerateName field is set to the value of the last call. +func (b *ClusterAPIApplyConfiguration) WithGenerateName(value string) *ClusterAPIApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.GenerateName = &value + return b +} + +// WithNamespace sets the Namespace field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Namespace field is set to the value of the last call. +func (b *ClusterAPIApplyConfiguration) WithNamespace(value string) *ClusterAPIApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.Namespace = &value + return b +} + +// WithUID sets the UID field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the UID field is set to the value of the last call. +func (b *ClusterAPIApplyConfiguration) WithUID(value types.UID) *ClusterAPIApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.UID = &value + return b +} + +// WithResourceVersion sets the ResourceVersion field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ResourceVersion field is set to the value of the last call. +func (b *ClusterAPIApplyConfiguration) WithResourceVersion(value string) *ClusterAPIApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.ResourceVersion = &value + return b +} + +// WithGeneration sets the Generation field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Generation field is set to the value of the last call. +func (b *ClusterAPIApplyConfiguration) WithGeneration(value int64) *ClusterAPIApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.Generation = &value + return b +} + +// WithCreationTimestamp sets the CreationTimestamp field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the CreationTimestamp field is set to the value of the last call. +func (b *ClusterAPIApplyConfiguration) WithCreationTimestamp(value metav1.Time) *ClusterAPIApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.CreationTimestamp = &value + return b +} + +// WithDeletionTimestamp sets the DeletionTimestamp field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the DeletionTimestamp field is set to the value of the last call. +func (b *ClusterAPIApplyConfiguration) WithDeletionTimestamp(value metav1.Time) *ClusterAPIApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.DeletionTimestamp = &value + return b +} + +// WithDeletionGracePeriodSeconds sets the DeletionGracePeriodSeconds field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the DeletionGracePeriodSeconds field is set to the value of the last call. +func (b *ClusterAPIApplyConfiguration) WithDeletionGracePeriodSeconds(value int64) *ClusterAPIApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.DeletionGracePeriodSeconds = &value + return b +} + +// WithLabels puts the entries into the Labels field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, the entries provided by each call will be put on the Labels field, +// overwriting an existing map entries in Labels field with the same key. +func (b *ClusterAPIApplyConfiguration) WithLabels(entries map[string]string) *ClusterAPIApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + if b.ObjectMetaApplyConfiguration.Labels == nil && len(entries) > 0 { + b.ObjectMetaApplyConfiguration.Labels = make(map[string]string, len(entries)) + } + for k, v := range entries { + b.ObjectMetaApplyConfiguration.Labels[k] = v + } + return b +} + +// WithAnnotations puts the entries into the Annotations field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, the entries provided by each call will be put on the Annotations field, +// overwriting an existing map entries in Annotations field with the same key. +func (b *ClusterAPIApplyConfiguration) WithAnnotations(entries map[string]string) *ClusterAPIApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + if b.ObjectMetaApplyConfiguration.Annotations == nil && len(entries) > 0 { + b.ObjectMetaApplyConfiguration.Annotations = make(map[string]string, len(entries)) + } + for k, v := range entries { + b.ObjectMetaApplyConfiguration.Annotations[k] = v + } + return b +} + +// WithOwnerReferences adds the given value to the OwnerReferences field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the OwnerReferences field. +func (b *ClusterAPIApplyConfiguration) WithOwnerReferences(values ...*v1.OwnerReferenceApplyConfiguration) *ClusterAPIApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + for i := range values { + if values[i] == nil { + panic("nil value passed to WithOwnerReferences") + } + b.ObjectMetaApplyConfiguration.OwnerReferences = append(b.ObjectMetaApplyConfiguration.OwnerReferences, *values[i]) + } + return b +} + +// WithFinalizers adds the given value to the Finalizers field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Finalizers field. +func (b *ClusterAPIApplyConfiguration) WithFinalizers(values ...string) *ClusterAPIApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + for i := range values { + b.ObjectMetaApplyConfiguration.Finalizers = append(b.ObjectMetaApplyConfiguration.Finalizers, values[i]) + } + return b +} + +func (b *ClusterAPIApplyConfiguration) ensureObjectMetaApplyConfigurationExists() { + if b.ObjectMetaApplyConfiguration == nil { + b.ObjectMetaApplyConfiguration = &v1.ObjectMetaApplyConfiguration{} + } +} + +// WithSpec sets the Spec field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Spec field is set to the value of the last call. +func (b *ClusterAPIApplyConfiguration) WithSpec(value *ClusterAPISpecApplyConfiguration) *ClusterAPIApplyConfiguration { + b.Spec = value + return b +} + +// WithStatus sets the Status field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Status field is set to the value of the last call. +func (b *ClusterAPIApplyConfiguration) WithStatus(value *ClusterAPIStatusApplyConfiguration) *ClusterAPIApplyConfiguration { + b.Status = value + return b +} + +// GetKind retrieves the value of the Kind field in the declarative configuration. +func (b *ClusterAPIApplyConfiguration) GetKind() *string { + return b.TypeMetaApplyConfiguration.Kind +} + +// GetAPIVersion retrieves the value of the APIVersion field in the declarative configuration. +func (b *ClusterAPIApplyConfiguration) GetAPIVersion() *string { + return b.TypeMetaApplyConfiguration.APIVersion +} + +// GetName retrieves the value of the Name field in the declarative configuration. +func (b *ClusterAPIApplyConfiguration) GetName() *string { + b.ensureObjectMetaApplyConfigurationExists() + return b.ObjectMetaApplyConfiguration.Name +} + +// GetNamespace retrieves the value of the Namespace field in the declarative configuration. +func (b *ClusterAPIApplyConfiguration) GetNamespace() *string { + b.ensureObjectMetaApplyConfigurationExists() + return b.ObjectMetaApplyConfiguration.Namespace +} diff --git a/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1alpha1/clusterapiinstallercomponent.go b/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1alpha1/clusterapiinstallercomponent.go new file mode 100644 index 000000000000..7bc2143b7b26 --- /dev/null +++ b/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1alpha1/clusterapiinstallercomponent.go @@ -0,0 +1,36 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + operatorv1alpha1 "github.com/openshift/api/operator/v1alpha1" +) + +// ClusterAPIInstallerComponentApplyConfiguration represents a declarative configuration of the ClusterAPIInstallerComponent type for use +// with apply. +type ClusterAPIInstallerComponentApplyConfiguration struct { + Type *operatorv1alpha1.InstallerComponentType `json:"type,omitempty"` + Image *ClusterAPIInstallerComponentImageApplyConfiguration `json:"image,omitempty"` +} + +// ClusterAPIInstallerComponentApplyConfiguration constructs a declarative configuration of the ClusterAPIInstallerComponent type for use with +// apply. +func ClusterAPIInstallerComponent() *ClusterAPIInstallerComponentApplyConfiguration { + return &ClusterAPIInstallerComponentApplyConfiguration{} +} + +// WithType sets the Type field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Type field is set to the value of the last call. +func (b *ClusterAPIInstallerComponentApplyConfiguration) WithType(value operatorv1alpha1.InstallerComponentType) *ClusterAPIInstallerComponentApplyConfiguration { + b.Type = &value + return b +} + +// WithImage sets the Image field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Image field is set to the value of the last call. +func (b *ClusterAPIInstallerComponentApplyConfiguration) WithImage(value *ClusterAPIInstallerComponentImageApplyConfiguration) *ClusterAPIInstallerComponentApplyConfiguration { + b.Image = value + return b +} diff --git a/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1alpha1/clusterapiinstallercomponentimage.go b/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1alpha1/clusterapiinstallercomponentimage.go new file mode 100644 index 000000000000..ffbbcd645498 --- /dev/null +++ b/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1alpha1/clusterapiinstallercomponentimage.go @@ -0,0 +1,36 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + operatorv1alpha1 "github.com/openshift/api/operator/v1alpha1" +) + +// ClusterAPIInstallerComponentImageApplyConfiguration represents a declarative configuration of the ClusterAPIInstallerComponentImage type for use +// with apply. +type ClusterAPIInstallerComponentImageApplyConfiguration struct { + Ref *operatorv1alpha1.ImageDigestFormat `json:"ref,omitempty"` + Profile *string `json:"profile,omitempty"` +} + +// ClusterAPIInstallerComponentImageApplyConfiguration constructs a declarative configuration of the ClusterAPIInstallerComponentImage type for use with +// apply. +func ClusterAPIInstallerComponentImage() *ClusterAPIInstallerComponentImageApplyConfiguration { + return &ClusterAPIInstallerComponentImageApplyConfiguration{} +} + +// WithRef sets the Ref field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Ref field is set to the value of the last call. +func (b *ClusterAPIInstallerComponentImageApplyConfiguration) WithRef(value operatorv1alpha1.ImageDigestFormat) *ClusterAPIInstallerComponentImageApplyConfiguration { + b.Ref = &value + return b +} + +// WithProfile sets the Profile field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Profile field is set to the value of the last call. +func (b *ClusterAPIInstallerComponentImageApplyConfiguration) WithProfile(value string) *ClusterAPIInstallerComponentImageApplyConfiguration { + b.Profile = &value + return b +} diff --git a/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1alpha1/clusterapiinstallerrevision.go b/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1alpha1/clusterapiinstallerrevision.go new file mode 100644 index 000000000000..f8841752da93 --- /dev/null +++ b/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1alpha1/clusterapiinstallerrevision.go @@ -0,0 +1,70 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + operatorv1alpha1 "github.com/openshift/api/operator/v1alpha1" +) + +// ClusterAPIInstallerRevisionApplyConfiguration represents a declarative configuration of the ClusterAPIInstallerRevision type for use +// with apply. +type ClusterAPIInstallerRevisionApplyConfiguration struct { + Name *operatorv1alpha1.RevisionName `json:"name,omitempty"` + Revision *int64 `json:"revision,omitempty"` + ContentID *string `json:"contentID,omitempty"` + UnmanagedCustomResourceDefinitions []string `json:"unmanagedCustomResourceDefinitions,omitempty"` + Components []ClusterAPIInstallerComponentApplyConfiguration `json:"components,omitempty"` +} + +// ClusterAPIInstallerRevisionApplyConfiguration constructs a declarative configuration of the ClusterAPIInstallerRevision type for use with +// apply. +func ClusterAPIInstallerRevision() *ClusterAPIInstallerRevisionApplyConfiguration { + return &ClusterAPIInstallerRevisionApplyConfiguration{} +} + +// WithName sets the Name field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Name field is set to the value of the last call. +func (b *ClusterAPIInstallerRevisionApplyConfiguration) WithName(value operatorv1alpha1.RevisionName) *ClusterAPIInstallerRevisionApplyConfiguration { + b.Name = &value + return b +} + +// WithRevision sets the Revision field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Revision field is set to the value of the last call. +func (b *ClusterAPIInstallerRevisionApplyConfiguration) WithRevision(value int64) *ClusterAPIInstallerRevisionApplyConfiguration { + b.Revision = &value + return b +} + +// WithContentID sets the ContentID field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ContentID field is set to the value of the last call. +func (b *ClusterAPIInstallerRevisionApplyConfiguration) WithContentID(value string) *ClusterAPIInstallerRevisionApplyConfiguration { + b.ContentID = &value + return b +} + +// WithUnmanagedCustomResourceDefinitions adds the given value to the UnmanagedCustomResourceDefinitions field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the UnmanagedCustomResourceDefinitions field. +func (b *ClusterAPIInstallerRevisionApplyConfiguration) WithUnmanagedCustomResourceDefinitions(values ...string) *ClusterAPIInstallerRevisionApplyConfiguration { + for i := range values { + b.UnmanagedCustomResourceDefinitions = append(b.UnmanagedCustomResourceDefinitions, values[i]) + } + return b +} + +// WithComponents adds the given value to the Components field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Components field. +func (b *ClusterAPIInstallerRevisionApplyConfiguration) WithComponents(values ...*ClusterAPIInstallerComponentApplyConfiguration) *ClusterAPIInstallerRevisionApplyConfiguration { + for i := range values { + if values[i] == nil { + panic("nil value passed to WithComponents") + } + b.Components = append(b.Components, *values[i]) + } + return b +} diff --git a/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1alpha1/clusterapispec.go b/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1alpha1/clusterapispec.go new file mode 100644 index 000000000000..10acc59c9e65 --- /dev/null +++ b/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1alpha1/clusterapispec.go @@ -0,0 +1,25 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +// ClusterAPISpecApplyConfiguration represents a declarative configuration of the ClusterAPISpec type for use +// with apply. +type ClusterAPISpecApplyConfiguration struct { + UnmanagedCustomResourceDefinitions []string `json:"unmanagedCustomResourceDefinitions,omitempty"` +} + +// ClusterAPISpecApplyConfiguration constructs a declarative configuration of the ClusterAPISpec type for use with +// apply. +func ClusterAPISpec() *ClusterAPISpecApplyConfiguration { + return &ClusterAPISpecApplyConfiguration{} +} + +// WithUnmanagedCustomResourceDefinitions adds the given value to the UnmanagedCustomResourceDefinitions field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the UnmanagedCustomResourceDefinitions field. +func (b *ClusterAPISpecApplyConfiguration) WithUnmanagedCustomResourceDefinitions(values ...string) *ClusterAPISpecApplyConfiguration { + for i := range values { + b.UnmanagedCustomResourceDefinitions = append(b.UnmanagedCustomResourceDefinitions, values[i]) + } + return b +} diff --git a/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1alpha1/clusterapistatus.go b/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1alpha1/clusterapistatus.go new file mode 100644 index 000000000000..4a49ac3a8667 --- /dev/null +++ b/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1alpha1/clusterapistatus.go @@ -0,0 +1,50 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + operatorv1alpha1 "github.com/openshift/api/operator/v1alpha1" +) + +// ClusterAPIStatusApplyConfiguration represents a declarative configuration of the ClusterAPIStatus type for use +// with apply. +type ClusterAPIStatusApplyConfiguration struct { + CurrentRevision *operatorv1alpha1.RevisionName `json:"currentRevision,omitempty"` + DesiredRevision *operatorv1alpha1.RevisionName `json:"desiredRevision,omitempty"` + Revisions []ClusterAPIInstallerRevisionApplyConfiguration `json:"revisions,omitempty"` +} + +// ClusterAPIStatusApplyConfiguration constructs a declarative configuration of the ClusterAPIStatus type for use with +// apply. +func ClusterAPIStatus() *ClusterAPIStatusApplyConfiguration { + return &ClusterAPIStatusApplyConfiguration{} +} + +// WithCurrentRevision sets the CurrentRevision field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the CurrentRevision field is set to the value of the last call. +func (b *ClusterAPIStatusApplyConfiguration) WithCurrentRevision(value operatorv1alpha1.RevisionName) *ClusterAPIStatusApplyConfiguration { + b.CurrentRevision = &value + return b +} + +// WithDesiredRevision sets the DesiredRevision field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the DesiredRevision field is set to the value of the last call. +func (b *ClusterAPIStatusApplyConfiguration) WithDesiredRevision(value operatorv1alpha1.RevisionName) *ClusterAPIStatusApplyConfiguration { + b.DesiredRevision = &value + return b +} + +// WithRevisions adds the given value to the Revisions field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Revisions field. +func (b *ClusterAPIStatusApplyConfiguration) WithRevisions(values ...*ClusterAPIInstallerRevisionApplyConfiguration) *ClusterAPIStatusApplyConfiguration { + for i := range values { + if values[i] == nil { + panic("nil value passed to WithRevisions") + } + b.Revisions = append(b.Revisions, *values[i]) + } + return b +} diff --git a/vendor/github.com/openshift/client-go/operator/clientset/versioned/typed/operator/v1alpha1/clusterapi.go b/vendor/github.com/openshift/client-go/operator/clientset/versioned/typed/operator/v1alpha1/clusterapi.go new file mode 100644 index 000000000000..dfa364007b4c --- /dev/null +++ b/vendor/github.com/openshift/client-go/operator/clientset/versioned/typed/operator/v1alpha1/clusterapi.go @@ -0,0 +1,58 @@ +// Code generated by client-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + context "context" + + operatorv1alpha1 "github.com/openshift/api/operator/v1alpha1" + applyconfigurationsoperatorv1alpha1 "github.com/openshift/client-go/operator/applyconfigurations/operator/v1alpha1" + scheme "github.com/openshift/client-go/operator/clientset/versioned/scheme" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + gentype "k8s.io/client-go/gentype" +) + +// ClusterAPIsGetter has a method to return a ClusterAPIInterface. +// A group's client should implement this interface. +type ClusterAPIsGetter interface { + ClusterAPIs() ClusterAPIInterface +} + +// ClusterAPIInterface has methods to work with ClusterAPI resources. +type ClusterAPIInterface interface { + Create(ctx context.Context, clusterAPI *operatorv1alpha1.ClusterAPI, opts v1.CreateOptions) (*operatorv1alpha1.ClusterAPI, error) + Update(ctx context.Context, clusterAPI *operatorv1alpha1.ClusterAPI, opts v1.UpdateOptions) (*operatorv1alpha1.ClusterAPI, error) + // Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). + UpdateStatus(ctx context.Context, clusterAPI *operatorv1alpha1.ClusterAPI, opts v1.UpdateOptions) (*operatorv1alpha1.ClusterAPI, error) + Delete(ctx context.Context, name string, opts v1.DeleteOptions) error + DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error + Get(ctx context.Context, name string, opts v1.GetOptions) (*operatorv1alpha1.ClusterAPI, error) + List(ctx context.Context, opts v1.ListOptions) (*operatorv1alpha1.ClusterAPIList, error) + Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) + Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *operatorv1alpha1.ClusterAPI, err error) + Apply(ctx context.Context, clusterAPI *applyconfigurationsoperatorv1alpha1.ClusterAPIApplyConfiguration, opts v1.ApplyOptions) (result *operatorv1alpha1.ClusterAPI, err error) + // Add a +genclient:noStatus comment above the type to avoid generating ApplyStatus(). + ApplyStatus(ctx context.Context, clusterAPI *applyconfigurationsoperatorv1alpha1.ClusterAPIApplyConfiguration, opts v1.ApplyOptions) (result *operatorv1alpha1.ClusterAPI, err error) + ClusterAPIExpansion +} + +// clusterAPIs implements ClusterAPIInterface +type clusterAPIs struct { + *gentype.ClientWithListAndApply[*operatorv1alpha1.ClusterAPI, *operatorv1alpha1.ClusterAPIList, *applyconfigurationsoperatorv1alpha1.ClusterAPIApplyConfiguration] +} + +// newClusterAPIs returns a ClusterAPIs +func newClusterAPIs(c *OperatorV1alpha1Client) *clusterAPIs { + return &clusterAPIs{ + gentype.NewClientWithListAndApply[*operatorv1alpha1.ClusterAPI, *operatorv1alpha1.ClusterAPIList, *applyconfigurationsoperatorv1alpha1.ClusterAPIApplyConfiguration]( + "clusterapis", + c.RESTClient(), + scheme.ParameterCodec, + "", + func() *operatorv1alpha1.ClusterAPI { return &operatorv1alpha1.ClusterAPI{} }, + func() *operatorv1alpha1.ClusterAPIList { return &operatorv1alpha1.ClusterAPIList{} }, + ), + } +} diff --git a/vendor/github.com/openshift/client-go/operator/clientset/versioned/typed/operator/v1alpha1/generated_expansion.go b/vendor/github.com/openshift/client-go/operator/clientset/versioned/typed/operator/v1alpha1/generated_expansion.go index 33de3f965760..a19ef54dc153 100644 --- a/vendor/github.com/openshift/client-go/operator/clientset/versioned/typed/operator/v1alpha1/generated_expansion.go +++ b/vendor/github.com/openshift/client-go/operator/clientset/versioned/typed/operator/v1alpha1/generated_expansion.go @@ -2,6 +2,8 @@ package v1alpha1 +type ClusterAPIExpansion interface{} + type ClusterVersionOperatorExpansion interface{} type EtcdBackupExpansion interface{} diff --git a/vendor/github.com/openshift/client-go/operator/clientset/versioned/typed/operator/v1alpha1/operator_client.go b/vendor/github.com/openshift/client-go/operator/clientset/versioned/typed/operator/v1alpha1/operator_client.go index 75852e942f93..6ed123d5e305 100644 --- a/vendor/github.com/openshift/client-go/operator/clientset/versioned/typed/operator/v1alpha1/operator_client.go +++ b/vendor/github.com/openshift/client-go/operator/clientset/versioned/typed/operator/v1alpha1/operator_client.go @@ -12,6 +12,7 @@ import ( type OperatorV1alpha1Interface interface { RESTClient() rest.Interface + ClusterAPIsGetter ClusterVersionOperatorsGetter EtcdBackupsGetter ImageContentSourcePoliciesGetter @@ -23,6 +24,10 @@ type OperatorV1alpha1Client struct { restClient rest.Interface } +func (c *OperatorV1alpha1Client) ClusterAPIs() ClusterAPIInterface { + return newClusterAPIs(c) +} + func (c *OperatorV1alpha1Client) ClusterVersionOperators() ClusterVersionOperatorInterface { return newClusterVersionOperators(c) } diff --git a/vendor/modules.txt b/vendor/modules.txt index cfb7d1d4ef67..5c59fc0a4485 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -1449,7 +1449,7 @@ github.com/openshift-kni/commatrix/pkg/matrix-diff github.com/openshift-kni/commatrix/pkg/mcp github.com/openshift-kni/commatrix/pkg/types github.com/openshift-kni/commatrix/pkg/utils -# github.com/openshift/api v0.0.0-20260114133223-6ab113cb7368 +# github.com/openshift/api v0.0.0-20260225172252-64dddb8f3186 ## explicit; go 1.24.0 github.com/openshift/api github.com/openshift/api/annotations @@ -1471,6 +1471,8 @@ github.com/openshift/api/config/v1alpha1 github.com/openshift/api/config/v1alpha2 github.com/openshift/api/console github.com/openshift/api/console/v1 +github.com/openshift/api/etcd +github.com/openshift/api/etcd/v1alpha1 github.com/openshift/api/features github.com/openshift/api/helm github.com/openshift/api/helm/v1beta1 @@ -1559,7 +1561,7 @@ github.com/openshift/build-machinery-go/make/targets/golang github.com/openshift/build-machinery-go/make/targets/openshift github.com/openshift/build-machinery-go/make/targets/openshift/operator github.com/openshift/build-machinery-go/scripts -# github.com/openshift/client-go v0.0.0-20260108185524-48f4ccfc4e13 +# github.com/openshift/client-go v0.0.0-20260219131751-7e63ce155298 ## explicit; go 1.24.0 github.com/openshift/client-go/apiserver/applyconfigurations/apiserver/v1 github.com/openshift/client-go/apiserver/applyconfigurations/internal