From 2efd2be10c275602135b7151b6e3e2a83271d6f1 Mon Sep 17 00:00:00 2001 From: Ondra Kupka Date: Thu, 8 Jan 2026 14:39:18 +0100 Subject: [PATCH 1/2] Mitigate CVE-2025-61729 --- go.mod | 6 +++++- go.sum | 10 ++++++---- pkg/cli/login/error_translation.go | 22 +++++++++++++++++++--- pkg/cli/login/helpers.go | 6 ++++-- 4 files changed, 34 insertions(+), 10 deletions(-) diff --git a/go.mod b/go.mod index 465d24af66..48290cfa82 100644 --- a/go.mod +++ b/go.mod @@ -33,7 +33,7 @@ require ( github.com/moby/term v0.5.0 github.com/opencontainers/go-digest v1.0.0 github.com/opencontainers/image-spec v1.1.0 - github.com/openshift/api v0.0.0-20250130025500-d9e1a2e1fe6b + github.com/openshift/api v0.0.0-20250320170726-75d64d71980b github.com/openshift/build-machinery-go v0.0.0-20250102153059-e85a1a7ecb5c github.com/openshift/client-go v0.0.0-20250125113824-8e1f0b8fa9a7 github.com/openshift/library-go v0.0.0-20250218150059-017e5b6cf27c @@ -195,6 +195,7 @@ require ( gopkg.in/warnings.v0 v0.1.2 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect k8s.io/component-helpers v0.32.1 // indirect + k8s.io/kube-aggregator v0.32.1 // indirect k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f // indirect k8s.io/metrics v0.32.1 // indirect sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 // indirect @@ -206,3 +207,6 @@ require ( ) replace github.com/apcera/gssapi => github.com/openshift/gssapi v0.0.0-20161010215902-5fb4217df13b + +// Branch mitigate-CVE-2025-61729-release-4.19 +replace github.com/openshift/library-go => github.com/tchap/library-go v0.0.0-20260108123746-89915030bc58 diff --git a/go.sum b/go.sum index 04ed57ca68..9d0d483c9b 100644 --- a/go.sum +++ b/go.sum @@ -489,16 +489,14 @@ github.com/opencontainers/runtime-spec v1.2.0 h1:z97+pHb3uELt/yiAWD691HNHQIF07bE github.com/opencontainers/runtime-spec v1.2.0/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/selinux v1.11.0 h1:+5Zbo97w3Lbmb3PeqQtpmTkMwsW5nRI3YaLpt7tQ7oU= github.com/opencontainers/selinux v1.11.0/go.mod h1:E5dMC3VPuVvVHDYmi78qvhJp8+M586T4DlDRYpFkyec= -github.com/openshift/api v0.0.0-20250130025500-d9e1a2e1fe6b h1:6OdSvfIgEGZ4Oc4zmhcaCRGWeJHVvHc3fkoRckWYajQ= -github.com/openshift/api v0.0.0-20250130025500-d9e1a2e1fe6b/go.mod h1:yk60tHAmHhtVpJQo3TwVYq2zpuP70iJIFDCmeKMIzPw= +github.com/openshift/api v0.0.0-20250320170726-75d64d71980b h1:GGuFSHESP0BSOu70AqV4u9IVrjYdaeu4Id+HXRIOvkw= +github.com/openshift/api v0.0.0-20250320170726-75d64d71980b/go.mod h1:yk60tHAmHhtVpJQo3TwVYq2zpuP70iJIFDCmeKMIzPw= github.com/openshift/build-machinery-go v0.0.0-20250102153059-e85a1a7ecb5c h1:6XcszPFZpan4qll5XbdLll7n1So3IsPn28aw2j1obMo= github.com/openshift/build-machinery-go v0.0.0-20250102153059-e85a1a7ecb5c/go.mod h1:8jcm8UPtg2mCAsxfqKil1xrmRMI3a+XU2TZ9fF8A7TE= github.com/openshift/client-go v0.0.0-20250125113824-8e1f0b8fa9a7 h1:4iliLcvr1P9EUMZgIaSNEKNQQzBn+L6PSequlFOuB6Q= github.com/openshift/client-go v0.0.0-20250125113824-8e1f0b8fa9a7/go.mod h1:2tcufBE4Cu6RNgDCxcUJepa530kGo5GFVfR9BSnndhI= github.com/openshift/gssapi v0.0.0-20161010215902-5fb4217df13b h1:it0YPE/evO6/m8t8wxis9KFI2F/aleOKsI6d9uz0cEk= github.com/openshift/gssapi v0.0.0-20161010215902-5fb4217df13b/go.mod h1:tNrEB5k8SI+g5kOlsCmL2ELASfpqEofI0+FLBgBdN08= -github.com/openshift/library-go v0.0.0-20250218150059-017e5b6cf27c h1:lW/rlxNTLYbHBoB9NBLEykzGriHyc/s/52bTQRUgH9U= -github.com/openshift/library-go v0.0.0-20250218150059-017e5b6cf27c/go.mod h1:GHwvopE5KXXCz4ULHp871sTPLLW+FB+hu/RIzlNwxx8= github.com/orisano/pixelmatch v0.0.0-20220722002657-fb0b55479cde/go.mod h1:nZgzbfBr3hhjoZnS66nKrHmduYNpc34ny7RK4z5/HM0= github.com/pelletier/go-toml v1.7.0/go.mod h1:vwGMzjaWMwyfHwgIBhI2YUM4fB6nL6lVAvS1LBMMhTE= github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI= @@ -587,6 +585,8 @@ github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOf github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 h1:kdXcSzyDtseVEc4yCz2qF8ZrQvIDBJLl4S1c3GCXmoI= github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= +github.com/tchap/library-go v0.0.0-20260108123746-89915030bc58 h1:uza6taICN7yn0ARCaA2mBgBA8wQqiCMdhr4ttLc7T6A= +github.com/tchap/library-go v0.0.0-20260108123746-89915030bc58/go.mod h1:DAa3BGl0CFtkfJn/g5rU8kDDTErfMVA/QlFm4cvU+MI= github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk= github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 h1:e/5i7d4oYZ+C1wj2THlRK+oAhjeS/TRQwMfkIuet3w0= github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399/go.mod h1:LdwHTNJT99C5fTAzDz0ud328OgXz+gierycbcIx2fRs= @@ -989,6 +989,8 @@ k8s.io/component-helpers v0.32.1 h1:TwdsSM1vW9GjnfX18lkrZbwE5G9psCIS2/rhenTDXd8= k8s.io/component-helpers v0.32.1/go.mod h1:1JT1Ei3FD29yFQ18F3laj1WyvxYdHIhyxx6adKMFQXI= k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= +k8s.io/kube-aggregator v0.32.1 h1:cztPyIHbo6tgrhYHDqmdmvxUufJKuxgAC/vog7yeWek= +k8s.io/kube-aggregator v0.32.1/go.mod h1:sXjL5T8FO/rlBzTbBhahw9V5Nnr1UtzZHKTj9WxQCOU= k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f h1:GA7//TjRY9yWGy1poLzYYJJ4JRdzg3+O6e8I+e+8T5Y= k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f/go.mod h1:R/HEjbvWI0qdfb8viZUeVZm0X6IZnxAydC7YU42CMw4= k8s.io/kubectl v0.32.1 h1:/btLtXLQUU1rWx8AEvX9jrb9LaI6yeezt3sFALhB8M8= diff --git a/pkg/cli/login/error_translation.go b/pkg/cli/login/error_translation.go index 4fc61b346d..7e5123c437 100644 --- a/pkg/cli/login/error_translation.go +++ b/pkg/cli/login/error_translation.go @@ -5,6 +5,8 @@ import ( "errors" "fmt" "strings" + + "github.com/openshift/library-go/pkg/crypto" ) const ( @@ -54,6 +56,11 @@ func getPrettyMessageForServer(err error, serverName string) string { return fmt.Sprintf(tlsOversizedRecordMsg, err, serverName) case certificateHostnameErrorReason: + // Use FormatHostnameError to mitigate CVE-2025-61729. + var hostnameErr x509.HostnameError + if errors.As(err, &hostnameErr) { + return fmt.Sprintf("The server is using a certificate that does not match its hostname: %s", crypto.FormatHostnameError(hostnameErr)) + } return fmt.Sprintf("The server is using a certificate that does not match its hostname: %s", err) case certificateInvalidReason: @@ -71,12 +78,21 @@ func getPrettyErrorForServer(err error, serverName string) error { func detectReason(err error) int { if err != nil { + // Use FormatHostnameError to mitigate CVE-2025-61729. + var errMsg string + var hostnameErr x509.HostnameError + if errors.As(err, &hostnameErr) { + errMsg = crypto.FormatHostnameError(hostnameErr) + } else { + errMsg = err.Error() + } + switch { - case strings.Contains(err.Error(), "certificate signed by unknown authority"): + case strings.Contains(errMsg, "certificate signed by unknown authority"): return certificateAuthorityUnknownReason - case strings.Contains(err.Error(), "no server defined"): + case strings.Contains(errMsg, "no server defined"): return noServerFoundReason - case strings.Contains(err.Error(), "tls: oversized record received"): + case strings.Contains(errMsg, "tls: oversized record received"): return tlsOversizedRecordReason } switch err.(type) { diff --git a/pkg/cli/login/helpers.go b/pkg/cli/login/helpers.go index 6b1ca5b9ea..1e37b308f4 100644 --- a/pkg/cli/login/helpers.go +++ b/pkg/cli/login/helpers.go @@ -10,6 +10,7 @@ import ( "os" "strings" + "github.com/openshift/library-go/pkg/crypto" "github.com/openshift/oc/pkg/helpers/term" "k8s.io/apimachinery/pkg/util/sets" "k8s.io/cli-runtime/pkg/printers" @@ -87,11 +88,12 @@ func dialToServer(clientConfig restclient.Config) error { func promptForInsecureTLS(reader io.Reader, out io.Writer, reason error) bool { var insecureTLSRequestReason string if reason != nil { - switch reason.(type) { + switch reason := reason.(type) { case x509.UnknownAuthorityError: insecureTLSRequestReason = "The server uses a certificate signed by an unknown authority." case x509.HostnameError: - insecureTLSRequestReason = fmt.Sprintf("The server is using a certificate that does not match its hostname: %s", reason.Error()) + // Use FormatHostnameError to mitigate CVE-2025-61729.q + insecureTLSRequestReason = fmt.Sprintf("The server is using a certificate that does not match its hostname: %s", crypto.FormatHostnameError(reason)) case x509.CertificateInvalidError: insecureTLSRequestReason = fmt.Sprintf("The server is using an invalid certificate: %s", reason.Error()) } From 312983dd860ac6270a8ef4e6b5e00d1cd324297c Mon Sep 17 00:00:00 2001 From: Ondra Kupka Date: Thu, 8 Jan 2026 14:39:56 +0100 Subject: [PATCH 2/2] go mod vendor --- .../github.com/openshift/api/.golangci.yaml | 1 + vendor/github.com/openshift/api/OWNERS | 14 +- .../api/apiserver/v1/types_apirequestcount.go | 7 +- .../api/cloudnetwork/v1/generated.proto | 4 + .../openshift/api/cloudnetwork/v1/types.go | 6 +- .../api/config/v1/types_authentication.go | 1 + .../api/config/v1/types_cluster_operator.go | 2 + .../api/config/v1/types_cluster_version.go | 13 +- .../openshift/api/config/v1/types_feature.go | 1 + .../openshift/api/config/v1/types_image.go | 2 + .../api/config/v1/types_infrastructure.go | 123 +- .../openshift/api/config/v1/types_network.go | 4 +- .../openshift/api/config/v1/types_node.go | 4 +- .../api/config/v1/zz_generated.deepcopy.go | 28 +- ..._generated.featuregated-crd-manifests.yaml | 3 + .../v1/zz_generated.swagger_doc_generated.go | 28 +- .../v1alpha1/types_cluster_image_policy.go | 1 + .../api/config/v1alpha1/types_image_policy.go | 52 +- .../api/config/v1alpha1/types_insights.go | 80 +- .../config/v1alpha1/zz_generated.deepcopy.go | 109 +- ..._generated.featuregated-crd-manifests.yaml | 2 + .../zz_generated.swagger_doc_generated.go | 58 +- .../openshift/api/envtest-releases.yaml | 13 + vendor/github.com/openshift/api/features.md | 14 +- .../openshift/api/features/features.go | 103 +- .../v1beta1/types_helm_chart_repository.go | 2 + .../api/machine/v1/types_alibabaprovider.go | 2 + .../v1/types_controlplanemachineset.go | 4 +- .../api/machine/v1/types_nutanixprovider.go | 2 + .../api/machine/v1/types_powervsprovider.go | 4 +- .../api/machine/v1beta1/types_awsprovider.go | 33 + .../machine/v1beta1/types_azureprovider.go | 2 + .../api/machine/v1beta1/types_gcpprovider.go | 27 +- .../machine/v1beta1/types_vsphereprovider.go | 29 + .../zz_generated.swagger_doc_generated.go | 10 +- .../api/machineconfiguration/v1/register.go | 2 + .../v1/types_machineosbuild.go | 4 +- .../v1/types_machineosconfig.go | 4 +- .../v1/types_pinnedimageset.go | 86 + .../v1/zz_generated.deepcopy.go | 97 + ..._generated.featuregated-crd-manifests.yaml | 27 + .../v1/zz_generated.swagger_doc_generated.go | 38 + .../v1alpha1/types_machineconfignode.go | 5 +- .../v1alpha1/types_machineosbuild.go | 4 +- .../v1alpha1/types_machineosconfig.go | 4 +- .../v1alpha1/types_pinnedimageset.go | 5 +- .../openshift/api/monitoring/v1/types.go | 2 + .../api/networkoperator/v1/generated.proto | 2 + .../networkoperator/v1/types_egressrouter.go | 2 + .../openshift/api/operator/v1/types.go | 12 +- .../api/operator/v1/types_console.go | 139 +- .../operator/v1/types_csi_cluster_driver.go | 15 + .../operator/v1/types_machineconfiguration.go | 24 +- .../api/operator/v1/types_network.go | 18 +- .../api/operator/v1/zz_generated.deepcopy.go | 85 + ..._generated.featuregated-crd-manifests.yaml | 1 + .../v1/zz_generated.swagger_doc_generated.go | 63 +- .../api/operator/v1alpha1/register.go | 2 + .../api/operator/v1alpha1/types_etcdbackup.go | 4 +- .../openshift/api/security/v1/consts.go | 5 + .../v1alpha1/types_shared_configmap.go | 7 +- .../v1alpha1/types_shared_secret.go | 7 +- .../openshift/library-go/pkg/crypto/crypto.go | 123 +- .../openshift/library-go/pkg/crypto/errors.go | 46 + .../pkg/oauth/tokenrequest/request_token.go | 9 +- .../pkg/operator/certrotation/cabundle.go | 21 +- .../client_cert_rotation_controller.go | 8 + .../pkg/operator/certrotation/signer.go | 14 +- .../pkg/operator/certrotation/target.go | 18 +- .../resource/resourceread/apiregistration.go | 26 + vendor/k8s.io/kube-aggregator/LICENSE | 202 ++ .../pkg/apis/apiregistration/doc.go | 21 + .../pkg/apis/apiregistration/helpers.go | 128 ++ .../pkg/apis/apiregistration/register.go | 54 + .../pkg/apis/apiregistration/types.go | 146 ++ .../pkg/apis/apiregistration/v1/defaults.go | 33 + .../pkg/apis/apiregistration/v1/doc.go | 38 + .../apis/apiregistration/v1/generated.pb.go | 1813 +++++++++++++++++ .../apis/apiregistration/v1/generated.proto | 151 ++ .../pkg/apis/apiregistration/v1/register.go | 61 + .../pkg/apis/apiregistration/v1/types.go | 164 ++ .../v1/zz_generated.conversion.go | 299 +++ .../v1/zz_generated.deepcopy.go | 174 ++ .../v1/zz_generated.defaults.go | 48 + .../v1/zz_generated.prerelease-lifecycle.go | 34 + .../apiregistration/zz_generated.deepcopy.go | 221 ++ vendor/modules.txt | 9 +- 87 files changed, 5087 insertions(+), 226 deletions(-) create mode 100644 vendor/github.com/openshift/api/machineconfiguration/v1/types_pinnedimageset.go create mode 100644 vendor/github.com/openshift/library-go/pkg/crypto/errors.go create mode 100644 vendor/github.com/openshift/library-go/pkg/operator/resource/resourceread/apiregistration.go create mode 100644 vendor/k8s.io/kube-aggregator/LICENSE create mode 100644 vendor/k8s.io/kube-aggregator/pkg/apis/apiregistration/doc.go create mode 100644 vendor/k8s.io/kube-aggregator/pkg/apis/apiregistration/helpers.go create mode 100644 vendor/k8s.io/kube-aggregator/pkg/apis/apiregistration/register.go create mode 100644 vendor/k8s.io/kube-aggregator/pkg/apis/apiregistration/types.go create mode 100644 vendor/k8s.io/kube-aggregator/pkg/apis/apiregistration/v1/defaults.go create mode 100644 vendor/k8s.io/kube-aggregator/pkg/apis/apiregistration/v1/doc.go create mode 100644 vendor/k8s.io/kube-aggregator/pkg/apis/apiregistration/v1/generated.pb.go create mode 100644 vendor/k8s.io/kube-aggregator/pkg/apis/apiregistration/v1/generated.proto create mode 100644 vendor/k8s.io/kube-aggregator/pkg/apis/apiregistration/v1/register.go create mode 100644 vendor/k8s.io/kube-aggregator/pkg/apis/apiregistration/v1/types.go create mode 100644 vendor/k8s.io/kube-aggregator/pkg/apis/apiregistration/v1/zz_generated.conversion.go create mode 100644 vendor/k8s.io/kube-aggregator/pkg/apis/apiregistration/v1/zz_generated.deepcopy.go create mode 100644 vendor/k8s.io/kube-aggregator/pkg/apis/apiregistration/v1/zz_generated.defaults.go create mode 100644 vendor/k8s.io/kube-aggregator/pkg/apis/apiregistration/v1/zz_generated.prerelease-lifecycle.go create mode 100644 vendor/k8s.io/kube-aggregator/pkg/apis/apiregistration/zz_generated.deepcopy.go diff --git a/vendor/github.com/openshift/api/.golangci.yaml b/vendor/github.com/openshift/api/.golangci.yaml index 19746532ca..848960e946 100644 --- a/vendor/github.com/openshift/api/.golangci.yaml +++ b/vendor/github.com/openshift/api/.golangci.yaml @@ -13,6 +13,7 @@ linters-settings: conditions: isFirstField: Warn useProtobuf: Ignore + usePatchStrategy: Ignore linters: disable-all: true enable: diff --git a/vendor/github.com/openshift/api/OWNERS b/vendor/github.com/openshift/api/OWNERS index 2e956a47dd..ff904b63a3 100644 --- a/vendor/github.com/openshift/api/OWNERS +++ b/vendor/github.com/openshift/api/OWNERS @@ -1,19 +1,7 @@ reviewers: - deads2k - - derekwaynecarr - JoelSpeed - - knobunc - - sjenning - - mfojtik - - soltysh - - bparees + - everettraven approvers: - - bparees - deads2k - - derekwaynecarr - JoelSpeed - - knobunc - - mfojtik - - sjenning - - soltysh - - spadgett diff --git a/vendor/github.com/openshift/api/apiserver/v1/types_apirequestcount.go b/vendor/github.com/openshift/api/apiserver/v1/types_apirequestcount.go index 645d796f77..3771fa21d0 100644 --- a/vendor/github.com/openshift/api/apiserver/v1/types_apirequestcount.go +++ b/vendor/github.com/openshift/api/apiserver/v1/types_apirequestcount.go @@ -57,9 +57,10 @@ type APIRequestCountSpec struct { type APIRequestCountStatus struct { // conditions contains details of the current status of this API Resource. - // +patchMergeKey=type - // +patchStrategy=merge - Conditions []metav1.Condition `json:"conditions" patchStrategy:"merge" patchMergeKey:"type"` + // +listType=map + // +listMapKey=type + // +optional + Conditions []metav1.Condition `json:"conditions"` // removedInRelease is when the API will be removed. // +kubebuilder:validation:MinLength=0 diff --git a/vendor/github.com/openshift/api/cloudnetwork/v1/generated.proto b/vendor/github.com/openshift/api/cloudnetwork/v1/generated.proto index 328de7c5a2..aee82514e0 100644 --- a/vendor/github.com/openshift/api/cloudnetwork/v1/generated.proto +++ b/vendor/github.com/openshift/api/cloudnetwork/v1/generated.proto @@ -79,6 +79,10 @@ message CloudPrivateIPConfigStatus { // condition is the assignment condition of the private IP and its status // +required + // +listType=map + // +listMapKey=type + // +patchMergeKey=type + // +patchStrategy=merge repeated .k8s.io.apimachinery.pkg.apis.meta.v1.Condition conditions = 2; } diff --git a/vendor/github.com/openshift/api/cloudnetwork/v1/types.go b/vendor/github.com/openshift/api/cloudnetwork/v1/types.go index de27f8eb60..7508e15053 100644 --- a/vendor/github.com/openshift/api/cloudnetwork/v1/types.go +++ b/vendor/github.com/openshift/api/cloudnetwork/v1/types.go @@ -56,7 +56,11 @@ type CloudPrivateIPConfigStatus struct { Node string `json:"node" protobuf:"bytes,1,opt,name=node"` // condition is the assignment condition of the private IP and its status // +required - Conditions []metav1.Condition `json:"conditions" protobuf:"bytes,2,rep,name=conditions"` + // +listType=map + // +listMapKey=type + // +patchMergeKey=type + // +patchStrategy=merge + Conditions []metav1.Condition `json:"conditions" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,2,rep,name=conditions"` } // CloudPrivateIPConfigConditionType specifies the current condition type of the CloudPrivateIPConfig diff --git a/vendor/github.com/openshift/api/config/v1/types_authentication.go b/vendor/github.com/openshift/api/config/v1/types_authentication.go index 65dffddb00..a2af4d6544 100644 --- a/vendor/github.com/openshift/api/config/v1/types_authentication.go +++ b/vendor/github.com/openshift/api/config/v1/types_authentication.go @@ -343,6 +343,7 @@ type OIDCClientStatus struct { // // +listType=map // +listMapKey=type + // +optional Conditions []metav1.Condition `json:"conditions,omitempty"` } diff --git a/vendor/github.com/openshift/api/config/v1/types_cluster_operator.go b/vendor/github.com/openshift/api/config/v1/types_cluster_operator.go index 4a6823640d..a447adb9f4 100644 --- a/vendor/github.com/openshift/api/config/v1/types_cluster_operator.go +++ b/vendor/github.com/openshift/api/config/v1/types_cluster_operator.go @@ -53,6 +53,8 @@ type ClusterOperatorStatus struct { // conditions describes the state of the operator's managed and monitored components. // +patchMergeKey=type // +patchStrategy=merge + // +listType=map + // +listMapKey=type // +optional Conditions []ClusterOperatorStatusCondition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"` diff --git a/vendor/github.com/openshift/api/config/v1/types_cluster_version.go b/vendor/github.com/openshift/api/config/v1/types_cluster_version.go index 8994ca97cd..092bebff09 100644 --- a/vendor/github.com/openshift/api/config/v1/types_cluster_version.go +++ b/vendor/github.com/openshift/api/config/v1/types_cluster_version.go @@ -62,7 +62,7 @@ type ClusterVersionSpec struct { // // Some of the fields are inter-related with restrictions and meanings described here. // 1. image is specified, version is specified, architecture is specified. API validation error. - // 2. image is specified, version is specified, architecture is not specified. You should not do this. version is silently ignored and image is used. + // 2. image is specified, version is specified, architecture is not specified. The version extracted from the referenced image must match the specified version. // 3. image is specified, version is not specified, architecture is specified. API validation error. // 4. image is specified, version is not specified, architecture is not specified. image is used. // 5. image is not specified, version is specified, architecture is specified. version and desired architecture are used to select an image. @@ -702,16 +702,16 @@ type Update struct { Architecture ClusterVersionArchitecture `json:"architecture"` // version is a semantic version identifying the update version. - // version is ignored if image is specified and required if - // architecture is specified. + // version is required if architecture is specified. + // If both version and image are set, the version extracted from the referenced image must match the specified version. // // +optional Version string `json:"version"` // image is a container image location that contains the update. // image should be used when the desired version does not exist in availableUpdates or history. - // When image is set, version is ignored. When image is set, version should be empty. // When image is set, architecture cannot be specified. + // If both version and image are set, the version extracted from the referenced image must match the specified version. // // +optional Image string `json:"image"` @@ -796,11 +796,10 @@ type ConditionalUpdate struct { // conditions represents the observations of the conditional update's // current status. Known types are: // * Recommended, for whether the update is recommended for the current cluster. - // +patchMergeKey=type - // +patchStrategy=merge // +listType=map // +listMapKey=type - Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` + // +optional + Conditions []metav1.Condition `json:"conditions,omitempty"` } // ConditionalUpdateRisk represents a reason and cluster-state diff --git a/vendor/github.com/openshift/api/config/v1/types_feature.go b/vendor/github.com/openshift/api/config/v1/types_feature.go index 81bc14f2c7..0709a75ae8 100644 --- a/vendor/github.com/openshift/api/config/v1/types_feature.go +++ b/vendor/github.com/openshift/api/config/v1/types_feature.go @@ -99,6 +99,7 @@ type FeatureGateStatus struct { // Known .status.conditions.type are: "DeterminationDegraded" // +listType=map // +listMapKey=type + // +optional Conditions []metav1.Condition `json:"conditions,omitempty"` // featureGates contains a list of enabled and disabled featureGates that are keyed by payloadVersion. diff --git a/vendor/github.com/openshift/api/config/v1/types_image.go b/vendor/github.com/openshift/api/config/v1/types_image.go index 3db935c7fe..82f46c8b6c 100644 --- a/vendor/github.com/openshift/api/config/v1/types_image.go +++ b/vendor/github.com/openshift/api/config/v1/types_image.go @@ -161,6 +161,8 @@ type RegistryLocation struct { } // RegistrySources holds cluster-wide information about how to handle the registries config. +// +// +kubebuilder:validation:XValidation:rule="has(self.blockedRegistries) ? !has(self.allowedRegistries) : true",message="Only one of blockedRegistries or allowedRegistries may be set" type RegistrySources struct { // insecureRegistries are registries which do not have a valid TLS certificates or only support HTTP connections. // +optional diff --git a/vendor/github.com/openshift/api/config/v1/types_infrastructure.go b/vendor/github.com/openshift/api/config/v1/types_infrastructure.go index 0293603d78..f10ccb8557 100644 --- a/vendor/github.com/openshift/api/config/v1/types_infrastructure.go +++ b/vendor/github.com/openshift/api/config/v1/types_infrastructure.go @@ -99,7 +99,7 @@ type InfrastructureStatus struct { // its components are not visible within the cluster. // +kubebuilder:default=HighlyAvailable // +openshift:validation:FeatureGateAwareEnum:featureGate="",enum=HighlyAvailable;SingleReplica;External - // +openshift:validation:FeatureGateAwareEnum:featureGate=HighlyAvailableArbiter,enum=HighlyAvailable;HighlyAvailableArbiter;SingleReplica;External + // +openshift:validation:FeatureGateAwareEnum:featureGate=HighlyAvailableArbiter;DualReplica,enum=HighlyAvailable;HighlyAvailableArbiter;SingleReplica;DualReplica;External ControlPlaneTopology TopologyMode `json:"controlPlaneTopology"` // infrastructureTopology expresses the expectations for infrastructure services that do not run on control @@ -142,6 +142,9 @@ const ( // "SingleReplica" is for operators to avoid spending resources for high-availability purpose. SingleReplicaTopologyMode TopologyMode = "SingleReplica" + // "DualReplica" is for operators to configure for two node topology. + DualReplicaTopologyMode TopologyMode = "DualReplica" + // "External" indicates that the component is running externally to the cluster. When specified // as the control plane topology, operators should avoid scheduling workloads to masters or assume // that any of the control plane components such as kubernetes API server or etcd are visible within @@ -528,18 +531,22 @@ type AWSPlatformStatus struct { // AWSResourceTag is a tag to apply to AWS resources created for the cluster. type AWSResourceTag struct { - // key is the key of the tag + // key sets the key of the AWS resource tag key-value pair. Key is required when defining an AWS resource tag. + // Key should consist of between 1 and 128 characters, and may + // contain only the set of alphanumeric characters, space (' '), '_', '.', '/', '=', '+', '-', ':', and '@'. // +kubebuilder:validation:MinLength=1 // +kubebuilder:validation:MaxLength=128 - // +kubebuilder:validation:Pattern=`^[0-9A-Za-z_.:/=+-@]+$` + // +kubebuilder:validation:XValidation:rule=`self.matches('^[0-9A-Za-z_.:/=+-@ ]+$')`,message="invalid AWS resource tag key. The string can contain only the set of alphanumeric characters, space (' '), '_', '.', '/', '=', '+', '-', ':', '@'" // +required Key string `json:"key"` - // value is the value of the tag. + // value sets the value of the AWS resource tag key-value pair. Value is required when defining an AWS resource tag. + // Value should consist of between 1 and 256 characters, and may + // contain only the set of alphanumeric characters, space (' '), '_', '.', '/', '=', '+', '-', ':', and '@'. // Some AWS service do not support empty values. Since tags are added to resources in many services, the // length of the tag value must meet the requirements of all services. // +kubebuilder:validation:MinLength=1 // +kubebuilder:validation:MaxLength=256 - // +kubebuilder:validation:Pattern=`^[0-9A-Za-z_.:/=+-@]+$` + // +kubebuilder:validation:XValidation:rule=`self.matches('^[0-9A-Za-z_.:/=+-@ ]+$')`,message="invalid AWS resource tag value. The string can contain only the set of alphanumeric characters, space (' '), '_', '.', '/', '=', '+', '-', ':', '@'" // +required Value string `json:"value"` } @@ -620,6 +627,69 @@ const ( AzureStackCloud AzureCloudEnvironment = "AzureStackCloud" ) +// GCPServiceEndpointName is the name of the GCP Service Endpoint. +// +kubebuilder:validation:Enum=Compute;Container;CloudResourceManager;DNS;File;IAM;ServiceUsage;Storage;TagManager +type GCPServiceEndpointName string + +const ( + // GCPServiceEndpointNameCompute is the name used for the GCP Compute Service endpoint. + GCPServiceEndpointNameCompute GCPServiceEndpointName = "Compute" + + // GCPServiceEndpointNameContainer is the name used for the GCP Container Service endpoint. + GCPServiceEndpointNameContainer GCPServiceEndpointName = "Container" + + // GCPServiceEndpointNameCloudResource is the name used for the GCP Resource Manager Service endpoint. + GCPServiceEndpointNameCloudResource GCPServiceEndpointName = "CloudResourceManager" + + // GCPServiceEndpointNameDNS is the name used for the GCP DNS Service endpoint. + GCPServiceEndpointNameDNS GCPServiceEndpointName = "DNS" + + // GCPServiceEndpointNameFile is the name used for the GCP File Service endpoint. + GCPServiceEndpointNameFile GCPServiceEndpointName = "File" + + // GCPServiceEndpointNameIAM is the name used for the GCP IAM Service endpoint. + GCPServiceEndpointNameIAM GCPServiceEndpointName = "IAM" + + // GCPServiceEndpointNameServiceUsage is the name used for the GCP Service Usage Service endpoint. + GCPServiceEndpointNameServiceUsage GCPServiceEndpointName = "ServiceUsage" + + // GCPServiceEndpointNameStorage is the name used for the GCP Storage Service endpoint. + GCPServiceEndpointNameStorage GCPServiceEndpointName = "Storage" + + // GCPServiceEndpointNameTagManager is the name used for the GCP Tag Manager Service endpoint. + GCPServiceEndpointNameTagManager GCPServiceEndpointName = "TagManager" +) + +// GCPServiceEndpoint store the configuration of a custom url to +// override existing defaults of GCP Services. +type GCPServiceEndpoint struct { + // name is the name of the GCP service whose endpoint is being overridden. + // This must be provided and cannot be empty. + // + // Allowed values are Compute, Container, CloudResourceManager, DNS, File, IAM, ServiceUsage, + // Storage, and TagManager. + // + // As an example, when setting the name to Compute all requests made by the caller to the GCP Compute + // Service will be directed to the endpoint specified in the url field. + // + // +required + Name GCPServiceEndpointName `json:"name"` + + // url is a fully qualified URI that overrides the default endpoint for a client using the GCP service specified + // in the name field. + // url is required, must use the scheme https, must not be more than 253 characters in length, + // and must be a valid URL according to Go's net/url package (https://pkg.go.dev/net/url#URL) + // + // An example of a valid endpoint that overrides the Compute Service: "https://compute-myendpoint1.p.googleapis.com" + // + // +required + // +kubebuilder:validation:MaxLength=253 + // +kubebuilder:validation:XValidation:rule="isURL(self)",message="must be a valid URL" + // +kubebuilder:validation:XValidation:rule="isURL(self) ? (url(self).getScheme() == \"https\") : true",message="scheme must be https" + // +kubebuilder:validation:XValidation:rule="url(self).getEscapedPath() == \"\" || url(self).getEscapedPath() == \"/\"",message="url must consist only of a scheme and domain. The url path must be empty." + URL string `json:"url"` +} + // GCPPlatformSpec holds the desired state of the Google Cloud Platform infrastructure provider. // This only includes fields that can be modified in the cluster. type GCPPlatformSpec struct{} @@ -675,6 +745,19 @@ type GCPPlatformStatus struct { // +optional // +nullable CloudLoadBalancerConfig *CloudLoadBalancerConfig `json:"cloudLoadBalancerConfig,omitempty"` + + // serviceEndpoints specifies endpoints that override the default endpoints + // used when creating clients to interact with GCP services. + // When not specified, the default endpoint for the GCP region will be used. + // Only 1 endpoint override is permitted for each GCP service. + // The maximum number of endpoint overrides allowed is 9. + // +listType=map + // +listMapKey=name + // +kubebuilder:validation:MaxItems=9 + // +kubebuilder:validation:XValidation:rule="self.all(x, self.exists_one(y, x.name == y.name))",message="only 1 endpoint override is permitted per GCP service name" + // +optional + // +openshift:enable:FeatureGate=GCPCustomAPIEndpoints + ServiceEndpoints []GCPServiceEndpoint `json:"serviceEndpoints,omitempty"` } // GCPResourceLabel is a label to apply to GCP resources created for the cluster. @@ -1615,17 +1698,35 @@ type IBMCloudServiceEndpoint struct { // url is fully qualified URI with scheme https, that overrides the default generated // endpoint for a client. - // This must be provided and cannot be empty. + // This must be provided and cannot be empty. The path must follow the pattern + // /v[0,9]+ or /api/v[0,9]+ // // +required // +kubebuilder:validation:Type=string + // +kubebuilder:validation:MaxLength=300 // +kubebuilder:validation:XValidation:rule="isURL(self)",message="url must be a valid absolute URL" + // +openshift:validation:FeatureGateAwareXValidation:featureGate=DyanmicServiceEndpointIBMCloud,rule="url(self).getScheme() == \"https\"",message="url must use https scheme" + // +openshift:validation:FeatureGateAwareXValidation:featureGate=DyanmicServiceEndpointIBMCloud,rule=`matches((url(self).getEscapedPath()), '^/(api/)?v[0-9]+/{0,1}$')`,message="url path must match /v[0,9]+ or /api/v[0,9]+" URL string `json:"url"` } // IBMCloudPlatformSpec holds the desired state of the IBMCloud infrastructure provider. // This only includes fields that can be modified in the cluster. -type IBMCloudPlatformSpec struct{} +type IBMCloudPlatformSpec struct { + // serviceEndpoints is a list of custom endpoints which will override the default + // service endpoints of an IBM service. These endpoints are used by components + // within the cluster when trying to reach the IBM Cloud Services that have been + // overriden. The CCCMO reads in the IBMCloudPlatformSpec and validates each + // endpoint is resolvable. Once validated, the cloud config and IBMCloudPlatformStatus + // are updated to reflect the same custom endpoints. + // A maximum of 13 service endpoints overrides are supported. + // +kubebuilder:validation:MaxItems=13 + // +listType=map + // +listMapKey=name + // +optional + // +openshift:enable:FeatureGate=DyanmicServiceEndpointIBMCloud + ServiceEndpoints []IBMCloudServiceEndpoint `json:"serviceEndpoints,omitempty"` +} // IBMCloudPlatformStatus holds the current status of the IBMCloud infrastructure provider. type IBMCloudPlatformStatus struct { @@ -1647,8 +1748,12 @@ type IBMCloudPlatformStatus struct { DNSInstanceCRN string `json:"dnsInstanceCRN,omitempty"` // serviceEndpoints is a list of custom endpoints which will override the default - // service endpoints of an IBM Cloud service. These endpoints are consumed by - // components within the cluster to reach the respective IBM Cloud Services. + // service endpoints of an IBM service. These endpoints are used by components + // within the cluster when trying to reach the IBM Cloud Services that have been + // overriden. The CCCMO reads in the IBMCloudPlatformSpec and validates each + // endpoint is resolvable. Once validated, the cloud config and IBMCloudPlatformStatus + // are updated to reflect the same custom endpoints. + // +openshift:validation:FeatureGateAwareMaxItems:featureGate=DyanmicServiceEndpointIBMCloud,maxItems=13 // +listType=map // +listMapKey=name // +optional diff --git a/vendor/github.com/openshift/api/config/v1/types_network.go b/vendor/github.com/openshift/api/config/v1/types_network.go index 95e55a7ffc..41dc2eb97b 100644 --- a/vendor/github.com/openshift/api/config/v1/types_network.go +++ b/vendor/github.com/openshift/api/config/v1/types_network.go @@ -112,12 +112,10 @@ type NetworkStatus struct { // conditions represents the observations of a network.config current state. // Known .status.conditions.type are: "NetworkDiagnosticsAvailable" // +optional - // +patchMergeKey=type - // +patchStrategy=merge // +listType=map // +listMapKey=type // +openshift:enable:FeatureGate=NetworkDiagnosticsConfig - Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"` + Conditions []metav1.Condition `json:"conditions,omitempty"` } // ClusterNetworkEntry is a contiguous block of IP addresses from which pod IPs diff --git a/vendor/github.com/openshift/api/config/v1/types_node.go b/vendor/github.com/openshift/api/config/v1/types_node.go index 3fc7bc0c39..3977f9f14b 100644 --- a/vendor/github.com/openshift/api/config/v1/types_node.go +++ b/vendor/github.com/openshift/api/config/v1/types_node.go @@ -68,12 +68,10 @@ type NodeSpec struct { type NodeStatus struct { // conditions contain the details and the current state of the nodes.config object - // +patchMergeKey=type - // +patchStrategy=merge // +listType=map // +listMapKey=type // +optional - Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"` + Conditions []metav1.Condition `json:"conditions,omitempty"` } // +kubebuilder:validation:Enum=v1;v2;"" diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go index b013d4595e..40b0c857b1 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go @@ -2226,6 +2226,11 @@ func (in *GCPPlatformStatus) DeepCopyInto(out *GCPPlatformStatus) { *out = new(CloudLoadBalancerConfig) (*in).DeepCopyInto(*out) } + if in.ServiceEndpoints != nil { + in, out := &in.ServiceEndpoints, &out.ServiceEndpoints + *out = make([]GCPServiceEndpoint, len(*in)) + copy(*out, *in) + } return } @@ -2271,6 +2276,22 @@ func (in *GCPResourceTag) DeepCopy() *GCPResourceTag { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GCPServiceEndpoint) DeepCopyInto(out *GCPServiceEndpoint) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GCPServiceEndpoint. +func (in *GCPServiceEndpoint) DeepCopy() *GCPServiceEndpoint { + if in == nil { + return nil + } + out := new(GCPServiceEndpoint) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *GenericAPIServerConfig) DeepCopyInto(out *GenericAPIServerConfig) { *out = *in @@ -2450,6 +2471,11 @@ func (in *HubSourceStatus) DeepCopy() *HubSourceStatus { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *IBMCloudPlatformSpec) DeepCopyInto(out *IBMCloudPlatformSpec) { *out = *in + if in.ServiceEndpoints != nil { + in, out := &in.ServiceEndpoints, &out.ServiceEndpoints + *out = make([]IBMCloudServiceEndpoint, len(*in)) + copy(*out, *in) + } return } @@ -4689,7 +4715,7 @@ func (in *PlatformSpec) DeepCopyInto(out *PlatformSpec) { if in.IBMCloud != nil { in, out := &in.IBMCloud, &out.IBMCloud *out = new(IBMCloudPlatformSpec) - **out = **in + (*in).DeepCopyInto(*out) } if in.Kubevirt != nil { in, out := &in.Kubevirt, &out.Kubevirt diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml b/vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml index 78fd36f3fa..f8182fffec 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml @@ -313,7 +313,10 @@ infrastructures.config.openshift.io: FeatureGates: - AWSClusterHostedDNS - BareMetalLoadBalancer + - DualReplica + - DyanmicServiceEndpointIBMCloud - GCPClusterHostedDNS + - GCPCustomAPIEndpoints - GCPLabelsTags - HighlyAvailableArbiter - NutanixMultiSubnets diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go index 0ac9c7ccd2..819b713ad1 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go @@ -698,7 +698,7 @@ func (ClusterVersionList) SwaggerDoc() map[string]string { var map_ClusterVersionSpec = map[string]string{ "": "ClusterVersionSpec is the desired version state of the cluster. It includes the version the cluster should be at, how the cluster is identified, and where the cluster should look for version updates.", "clusterID": "clusterID uniquely identifies this cluster. This is expected to be an RFC4122 UUID value (xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx in hexadecimal values). This is a required field.", - "desiredUpdate": "desiredUpdate is an optional field that indicates the desired value of the cluster version. Setting this value will trigger an upgrade (if the current version does not match the desired version). The set of recommended update values is listed as part of available updates in status, and setting values outside that range may cause the upgrade to fail.\n\nSome of the fields are inter-related with restrictions and meanings described here. 1. image is specified, version is specified, architecture is specified. API validation error. 2. image is specified, version is specified, architecture is not specified. You should not do this. version is silently ignored and image is used. 3. image is specified, version is not specified, architecture is specified. API validation error. 4. image is specified, version is not specified, architecture is not specified. image is used. 5. image is not specified, version is specified, architecture is specified. version and desired architecture are used to select an image. 6. image is not specified, version is specified, architecture is not specified. version and current architecture are used to select an image. 7. image is not specified, version is not specified, architecture is specified. API validation error. 8. image is not specified, version is not specified, architecture is not specified. API validation error.\n\nIf an upgrade fails the operator will halt and report status about the failing component. Setting the desired update value back to the previous version will cause a rollback to be attempted. Not all rollbacks will succeed.", + "desiredUpdate": "desiredUpdate is an optional field that indicates the desired value of the cluster version. Setting this value will trigger an upgrade (if the current version does not match the desired version). The set of recommended update values is listed as part of available updates in status, and setting values outside that range may cause the upgrade to fail.\n\nSome of the fields are inter-related with restrictions and meanings described here. 1. image is specified, version is specified, architecture is specified. API validation error. 2. image is specified, version is specified, architecture is not specified. The version extracted from the referenced image must match the specified version. 3. image is specified, version is not specified, architecture is specified. API validation error. 4. image is specified, version is not specified, architecture is not specified. image is used. 5. image is not specified, version is specified, architecture is specified. version and desired architecture are used to select an image. 6. image is not specified, version is specified, architecture is not specified. version and current architecture are used to select an image. 7. image is not specified, version is not specified, architecture is specified. API validation error. 8. image is not specified, version is not specified, architecture is not specified. API validation error.\n\nIf an upgrade fails the operator will halt and report status about the failing component. Setting the desired update value back to the previous version will cause a rollback to be attempted. Not all rollbacks will succeed.", "upstream": "upstream may be used to specify the preferred update server. By default it will use the appropriate update server for the cluster and region.", "channel": "channel is an identifier for explicitly requesting that a non-default set of updates be applied to this cluster. The default channel will be contain stable updates that are appropriate for production clusters.", "capabilities": "capabilities configures the installation of optional, core cluster components. A null value here is identical to an empty object; see the child properties for default semantics.", @@ -797,8 +797,8 @@ func (SignatureStore) SwaggerDoc() map[string]string { var map_Update = map[string]string{ "": "Update represents an administrator update request.", "architecture": "architecture is an optional field that indicates the desired value of the cluster architecture. In this context cluster architecture means either a single architecture or a multi architecture. architecture can only be set to Multi thereby only allowing updates from single to multi architecture. If architecture is set, image cannot be set and version must be set. Valid values are 'Multi' and empty.", - "version": "version is a semantic version identifying the update version. version is ignored if image is specified and required if architecture is specified.", - "image": "image is a container image location that contains the update. image should be used when the desired version does not exist in availableUpdates or history. When image is set, version is ignored. When image is set, version should be empty. When image is set, architecture cannot be specified.", + "version": "version is a semantic version identifying the update version. version is required if architecture is specified. If both version and image are set, the version extracted from the referenced image must match the specified version.", + "image": "image is a container image location that contains the update. image should be used when the desired version does not exist in availableUpdates or history. When image is set, architecture cannot be specified. If both version and image are set, the version extracted from the referenced image must match the specified version.", "force": "force allows an administrator to update to an image that has failed verification or upgradeable checks. This option should only be used when the authenticity of the provided image has been verified out of band because the provided image will run with full administrative access to the cluster. Do not use this flag with images that comes from unknown or potentially malicious sources.", } @@ -1198,8 +1198,8 @@ func (AWSPlatformStatus) SwaggerDoc() map[string]string { var map_AWSResourceTag = map[string]string{ "": "AWSResourceTag is a tag to apply to AWS resources created for the cluster.", - "key": "key is the key of the tag", - "value": "value is the value of the tag. Some AWS service do not support empty values. Since tags are added to resources in many services, the length of the tag value must meet the requirements of all services.", + "key": "key sets the key of the AWS resource tag key-value pair. Key is required when defining an AWS resource tag. Key should consist of between 1 and 128 characters, and may contain only the set of alphanumeric characters, space (' '), '_', '.', '/', '=', '+', '-', ':', and '@'.", + "value": "value sets the value of the AWS resource tag key-value pair. Value is required when defining an AWS resource tag. Value should consist of between 1 and 256 characters, and may contain only the set of alphanumeric characters, space (' '), '_', '.', '/', '=', '+', '-', ':', and '@'. Some AWS service do not support empty values. Since tags are added to resources in many services, the length of the tag value must meet the requirements of all services.", } func (AWSResourceTag) SwaggerDoc() map[string]string { @@ -1392,6 +1392,7 @@ var map_GCPPlatformStatus = map[string]string{ "resourceLabels": "resourceLabels is a list of additional labels to apply to GCP resources created for the cluster. See https://cloud.google.com/compute/docs/labeling-resources for information on labeling GCP resources. GCP supports a maximum of 64 labels per resource. OpenShift reserves 32 labels for internal use, allowing 32 labels for user configuration.", "resourceTags": "resourceTags is a list of additional tags to apply to GCP resources created for the cluster. See https://cloud.google.com/resource-manager/docs/tags/tags-overview for information on tagging GCP resources. GCP supports a maximum of 50 tags per resource.", "cloudLoadBalancerConfig": "cloudLoadBalancerConfig holds configuration related to DNS and cloud load balancers. It allows configuration of in-cluster DNS as an alternative to the platform default DNS implementation. When using the ClusterHosted DNS type, Load Balancer IP addresses must be provided for the API and internal API load balancers as well as the ingress load balancer.", + "serviceEndpoints": "serviceEndpoints specifies endpoints that override the default endpoints used when creating clients to interact with GCP services. When not specified, the default endpoint for the GCP region will be used. Only 1 endpoint override is permitted for each GCP service. The maximum number of endpoint overrides allowed is 9.", } func (GCPPlatformStatus) SwaggerDoc() map[string]string { @@ -1419,8 +1420,19 @@ func (GCPResourceTag) SwaggerDoc() map[string]string { return map_GCPResourceTag } +var map_GCPServiceEndpoint = map[string]string{ + "": "GCPServiceEndpoint store the configuration of a custom url to override existing defaults of GCP Services.", + "name": "name is the name of the GCP service whose endpoint is being overridden. This must be provided and cannot be empty.\n\nAllowed values are Compute, Container, CloudResourceManager, DNS, File, IAM, ServiceUsage, Storage, and TagManager.\n\nAs an example, when setting the name to Compute all requests made by the caller to the GCP Compute Service will be directed to the endpoint specified in the url field.", + "url": "url is a fully qualified URI that overrides the default endpoint for a client using the GCP service specified in the name field. url is required, must use the scheme https, must not be more than 253 characters in length, and must be a valid URL according to Go's net/url package (https://pkg.go.dev/net/url#URL)\n\nAn example of a valid endpoint that overrides the Compute Service: \"https://compute-myendpoint1.p.googleapis.com\"", +} + +func (GCPServiceEndpoint) SwaggerDoc() map[string]string { + return map_GCPServiceEndpoint +} + var map_IBMCloudPlatformSpec = map[string]string{ - "": "IBMCloudPlatformSpec holds the desired state of the IBMCloud infrastructure provider. This only includes fields that can be modified in the cluster.", + "": "IBMCloudPlatformSpec holds the desired state of the IBMCloud infrastructure provider. This only includes fields that can be modified in the cluster.", + "serviceEndpoints": "serviceEndpoints is a list of custom endpoints which will override the default service endpoints of an IBM service. These endpoints are used by components within the cluster when trying to reach the IBM Cloud Services that have been overriden. The CCCMO reads in the IBMCloudPlatformSpec and validates each endpoint is resolvable. Once validated, the cloud config and IBMCloudPlatformStatus are updated to reflect the same custom endpoints. A maximum of 13 service endpoints overrides are supported.", } func (IBMCloudPlatformSpec) SwaggerDoc() map[string]string { @@ -1434,7 +1446,7 @@ var map_IBMCloudPlatformStatus = map[string]string{ "providerType": "providerType indicates the type of cluster that was created", "cisInstanceCRN": "cisInstanceCRN is the CRN of the Cloud Internet Services instance managing the DNS zone for the cluster's base domain", "dnsInstanceCRN": "dnsInstanceCRN is the CRN of the DNS Services instance managing the DNS zone for the cluster's base domain", - "serviceEndpoints": "serviceEndpoints is a list of custom endpoints which will override the default service endpoints of an IBM Cloud service. These endpoints are consumed by components within the cluster to reach the respective IBM Cloud Services.", + "serviceEndpoints": "serviceEndpoints is a list of custom endpoints which will override the default service endpoints of an IBM service. These endpoints are used by components within the cluster when trying to reach the IBM Cloud Services that have been overriden. The CCCMO reads in the IBMCloudPlatformSpec and validates each endpoint is resolvable. Once validated, the cloud config and IBMCloudPlatformStatus are updated to reflect the same custom endpoints.", } func (IBMCloudPlatformStatus) SwaggerDoc() map[string]string { @@ -1444,7 +1456,7 @@ func (IBMCloudPlatformStatus) SwaggerDoc() map[string]string { var map_IBMCloudServiceEndpoint = map[string]string{ "": "IBMCloudServiceEndpoint stores the configuration of a custom url to override existing defaults of IBM Cloud Services.", "name": "name is the name of the IBM Cloud service. Possible values are: CIS, COS, COSConfig, DNSServices, GlobalCatalog, GlobalSearch, GlobalTagging, HyperProtect, IAM, KeyProtect, ResourceController, ResourceManager, or VPC. For example, the IBM Cloud Private IAM service could be configured with the service `name` of `IAM` and `url` of `https://private.iam.cloud.ibm.com` Whereas the IBM Cloud Private VPC service for US South (Dallas) could be configured with the service `name` of `VPC` and `url` of `https://us.south.private.iaas.cloud.ibm.com`", - "url": "url is fully qualified URI with scheme https, that overrides the default generated endpoint for a client. This must be provided and cannot be empty.", + "url": "url is fully qualified URI with scheme https, that overrides the default generated endpoint for a client. This must be provided and cannot be empty. The path must follow the pattern /v[0,9]+ or /api/v[0,9]+", } func (IBMCloudServiceEndpoint) SwaggerDoc() map[string]string { diff --git a/vendor/github.com/openshift/api/config/v1alpha1/types_cluster_image_policy.go b/vendor/github.com/openshift/api/config/v1alpha1/types_cluster_image_policy.go index 5eaeeea736..107b9e29a4 100644 --- a/vendor/github.com/openshift/api/config/v1alpha1/types_cluster_image_policy.go +++ b/vendor/github.com/openshift/api/config/v1alpha1/types_cluster_image_policy.go @@ -59,6 +59,7 @@ type ClusterImagePolicyStatus struct { // conditions provide details on the status of this API Resource. // +listType=map // +listMapKey=type + // +optional Conditions []metav1.Condition `json:"conditions,omitempty"` } diff --git a/vendor/github.com/openshift/api/config/v1alpha1/types_image_policy.go b/vendor/github.com/openshift/api/config/v1alpha1/types_image_policy.go index 7f57d88f91..24ff257c93 100644 --- a/vendor/github.com/openshift/api/config/v1alpha1/types_image_policy.go +++ b/vendor/github.com/openshift/api/config/v1alpha1/types_image_policy.go @@ -73,10 +73,12 @@ type Policy struct { // +union // +kubebuilder:validation:XValidation:rule="has(self.policyType) && self.policyType == 'PublicKey' ? has(self.publicKey) : !has(self.publicKey)",message="publicKey is required when policyType is PublicKey, and forbidden otherwise" // +kubebuilder:validation:XValidation:rule="has(self.policyType) && self.policyType == 'FulcioCAWithRekor' ? has(self.fulcioCAWithRekor) : !has(self.fulcioCAWithRekor)",message="fulcioCAWithRekor is required when policyType is FulcioCAWithRekor, and forbidden otherwise" +// +openshift:validation:FeatureGateAwareXValidation:featureGate=SigstoreImageVerificationPKI,rule="has(self.policyType) && self.policyType == 'PKI' ? has(self.pki) : !has(self.pki)",message="pki is required when policyType is PKI, and forbidden otherwise" type PolicyRootOfTrust struct { // policyType serves as the union's discriminator. Users are required to assign a value to this field, choosing one of the policy types that define the root of trust. // "PublicKey" indicates that the policy relies on a sigstore publicKey and may optionally use a Rekor verification. // "FulcioCAWithRekor" indicates that the policy is based on the Fulcio certification and incorporates a Rekor verification. + // "PKI" is a DevPreview feature that indicates that the policy is based on the certificates from Bring Your Own Public Key Infrastructure (BYOPKI). This value is enabled by turning on the SigstoreImageVerificationPKI feature gate. // +unionDiscriminator // +required PolicyType PolicyType `json:"policyType"` @@ -88,14 +90,20 @@ type PolicyRootOfTrust struct { // https://github.com/sigstore/fulcio and https://github.com/sigstore/rekor // +optional FulcioCAWithRekor *FulcioCAWithRekor `json:"fulcioCAWithRekor,omitempty"` + // pki defines the root of trust based on Bring Your Own Public Key Infrastructure (BYOPKI) Root CA(s) and corresponding intermediate certificates. + // +optional + // +openshift:enable:FeatureGate=SigstoreImageVerificationPKI + PKI *PKI `json:"pki,omitempty"` } -// +kubebuilder:validation:Enum=PublicKey;FulcioCAWithRekor +// +openshift:validation:FeatureGateAwareEnum:featureGate="",enum=PublicKey;FulcioCAWithRekor +// +openshift:validation:FeatureGateAwareEnum:featureGate=SigstoreImageVerificationPKI,enum=PublicKey;FulcioCAWithRekor;PKI type PolicyType string const ( PublicKeyRootOfTrust PolicyType = "PublicKey" FulcioCAWithRekorRootOfTrust PolicyType = "FulcioCAWithRekor" + PKIRootOfTrust PolicyType = "PKI" ) // PublicKey defines the root of trust based on a sigstore public key. @@ -143,6 +151,48 @@ type PolicyFulcioSubject struct { SignedEmail string `json:"signedEmail"` } +// PKI defines the root of trust based on Root CA(s) and corresponding intermediate certificates. +type PKI struct { + // caRootsData contains base64-encoded data of a certificate bundle PEM file, which contains one or more CA roots in the PEM format. The total length of the data must not exceed 8192 characters. + // +required + // +kubebuilder:validation:MaxLength=8192 + // +kubebuilder:validation:XValidation:rule="string(self).startsWith('-----BEGIN CERTIFICATE-----')",message="the caRootsData must start with base64 encoding of '-----BEGIN CERTIFICATE-----'." + // +kubebuilder:validation:XValidation:rule="string(self).endsWith('-----END CERTIFICATE-----\\n') || string(self).endsWith('-----END CERTIFICATE-----')",message="the caRootsData must end with base64 encoding of '-----END CERTIFICATE-----'." + // +kubebuilder:validation:XValidation:rule="string(self).findAll('-----BEGIN CERTIFICATE-----').size() == string(self).findAll('-----END CERTIFICATE-----').size()",message="caRootsData must be base64 encoding of valid PEM format data contain the same number of '-----BEGIN CERTIFICATE-----' and '-----END CERTIFICATE-----' markers." + CertificateAuthorityRootsData []byte `json:"caRootsData"` + // caIntermediatesData contains base64-encoded data of a certificate bundle PEM file, which contains one or more intermediate certificates in the PEM format. The total length of the data must not exceed 8192 characters. + // caIntermediatesData requires caRootsData to be set. + // +optional + // +kubebuilder:validation:XValidation:rule="string(self).startsWith('-----BEGIN CERTIFICATE-----')",message="the caIntermediatesData must start with base64 encoding of '-----BEGIN CERTIFICATE-----'." + // +kubebuilder:validation:XValidation:rule="string(self).endsWith('-----END CERTIFICATE-----\\n') || string(self).endsWith('-----END CERTIFICATE-----')",message="the caIntermediatesData must end with base64 encoding of '-----END CERTIFICATE-----'." + // +kubebuilder:validation:XValidation:rule="string(self).findAll('-----BEGIN CERTIFICATE-----').size() == string(self).findAll('-----END CERTIFICATE-----').size()",message="caIntermediatesData must be base64 encoding of valid PEM format data contain the same number of '-----BEGIN CERTIFICATE-----' and '-----END CERTIFICATE-----' markers." + // +kubebuilder:validation:MaxLength=8192 + CertificateAuthorityIntermediatesData []byte `json:"caIntermediatesData,omitempty"` + + // pkiCertificateSubject defines the requirements imposed on the subject to which the certificate was issued. + // +required + PKICertificateSubject PKICertificateSubject `json:"pkiCertificateSubject"` +} + +// PKICertificateSubject defines the requirements imposed on the subject to which the certificate was issued. +// +kubebuilder:validation:XValidation:rule="has(self.email) || has(self.hostname)", message="at least one of email or hostname must be set in pkiCertificateSubject" +// +openshift:enable:FeatureGate=SigstoreImageVerificationPKI +type PKICertificateSubject struct { + // email specifies the expected email address imposed on the subject to which the certificate was issued, and must match the email address listed in the Subject Alternative Name (SAN) field of the certificate. + // The email should be a valid email address and at most 320 characters in length. + // +optional + // +kubebuilder:validation:MaxLength:=320 + // +kubebuilder:validation:XValidation:rule=`self.matches('^\\S+@\\S+$')`,message="invalid email address in pkiCertificateSubject" + Email string `json:"email,omitempty"` + // hostname specifies the expected hostname imposed on the subject to which the certificate was issued, and it must match the hostname listed in the Subject Alternative Name (SAN) DNS field of the certificate. + // The hostname should be a valid dns 1123 subdomain name, optionally prefixed by '*.', and at most 253 characters in length. + // It should consist only of lowercase alphanumeric characters, hyphens, periods and the optional preceding asterisk. + // +optional + // +kubebuilder:validation:MaxLength:=253 + // +kubebuilder:validation:XValidation:rule="self.startsWith('*.') ? !format.dns1123Subdomain().validate(self.replace('*.', '', 1)).hasValue() : !format.dns1123Subdomain().validate(self).hasValue()",message="hostname should be a valid dns 1123 subdomain name, optionally prefixed by '*.'. It should consist only of lowercase alphanumeric characters, hyphens, periods and the optional preceding asterisk." + Hostname string `json:"hostname,omitempty"` +} + // PolicyIdentity defines image identity the signature claims about the image. When omitted, the default matchPolicy is "MatchRepoDigestOrExact". // +kubebuilder:validation:XValidation:rule="(has(self.matchPolicy) && self.matchPolicy == 'ExactRepository') ? has(self.exactRepository) : !has(self.exactRepository)",message="exactRepository is required when matchPolicy is ExactRepository, and forbidden otherwise" // +kubebuilder:validation:XValidation:rule="(has(self.matchPolicy) && self.matchPolicy == 'RemapIdentity') ? has(self.remapIdentity) : !has(self.remapIdentity)",message="remapIdentity is required when matchPolicy is RemapIdentity, and forbidden otherwise" diff --git a/vendor/github.com/openshift/api/config/v1alpha1/types_insights.go b/vendor/github.com/openshift/api/config/v1alpha1/types_insights.go index 3ae4de157c..46666ae3b2 100644 --- a/vendor/github.com/openshift/api/config/v1alpha1/types_insights.go +++ b/vendor/github.com/openshift/api/config/v1alpha1/types_insights.go @@ -32,33 +32,97 @@ type InsightsDataGather struct { } type InsightsDataGatherSpec struct { - // gatherConfig spec attribute includes all the configuration options related to - // gathering of the Insights data and its uploading to the ingress. + // gatherConfig spec attribute includes all the configuration options related to gathering of the Insights data and its uploading to the ingress. // +optional GatherConfig GatherConfig `json:"gatherConfig,omitempty"` } -type InsightsDataGatherStatus struct { -} +type InsightsDataGatherStatus struct{} // gatherConfig provides data gathering configuration options. type GatherConfig struct { - // dataPolicy allows user to enable additional global obfuscation of the IP addresses and base domain - // in the Insights archive data. Valid values are "None" and "ObfuscateNetworking". + // dataPolicy allows user to enable additional global obfuscation of the IP addresses and base domain in the Insights archive data. + // Valid values are "None" and "ObfuscateNetworking". // When set to None the data is not obfuscated. // When set to ObfuscateNetworking the IP addresses and the cluster domain name are obfuscated. // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. - // The current default is None. // +optional DataPolicy DataPolicy `json:"dataPolicy,omitempty"` // disabledGatherers is a list of gatherers to be excluded from the gathering. All the gatherers can be disabled by providing "all" value. // If all the gatherers are disabled, the Insights operator does not gather any data. + // The format for the disabledGatherer should be: {gatherer}/{function} where the function is optional. + // Gatherer consists of a lowercase letters only that may include underscores (_). + // Function consists of a lowercase letters only that may include underscores (_) and is separated from the gatherer by a forward slash (/). // The particular gatherers IDs can be found at https://github.com/openshift/insights-operator/blob/master/docs/gathered-data.md. // Run the following command to get the names of last active gatherers: // "oc get insightsoperators.operator.openshift.io cluster -o json | jq '.status.gatherStatus.gatherers[].name'" // An example of disabling gatherers looks like this: `disabledGatherers: ["clusterconfig/machine_configs", "workloads/workload_info"]` + // +kubebuilder:validation:MaxItems=100 + // +optional + DisabledGatherers []DisabledGatherer `json:"disabledGatherers"` + // storage is an optional field that allows user to define persistent storage for gathering jobs to store the Insights data archive. + // If omitted, the gathering job will use ephemeral storage. + // +optional + StorageSpec *Storage `json:"storage,omitempty"` +} + +// disabledGatherer is a string that represents a gatherer that should be disabled +// +kubebuilder:validation:MaxLength=256 +// +kubebuilder:validation:XValidation:rule=`self.matches("^[a-z]+[_a-z]*[a-z]([/a-z][_a-z]*)?[a-z]$")`,message=`disabledGatherer must be in the format of {gatherer}/{function} where the gatherer and function are lowercase letters only that may include underscores (_) and are separated by a forward slash (/) if the function is provided` +type DisabledGatherer string + +// storage provides persistent storage configuration options for gathering jobs. +// If the type is set to PersistentVolume, then the PersistentVolume must be defined. +// If the type is set to Ephemeral, then the PersistentVolume must not be defined. +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'PersistentVolume' ? has(self.persistentVolume) : !has(self.persistentVolume)",message="persistentVolume is required when type is PersistentVolume, and forbidden otherwise" +type Storage struct { + // type is a required field that specifies the type of storage that will be used to store the Insights data archive. + // Valid values are "PersistentVolume" and "Ephemeral". + // When set to Ephemeral, the Insights data archive is stored in the ephemeral storage of the gathering job. + // When set to PersistentVolume, the Insights data archive is stored in the PersistentVolume that is defined by the persistentVolume field. + // +required + Type StorageType `json:"type"` + // persistentVolume is an optional field that specifies the PersistentVolume that will be used to store the Insights data archive. + // The PersistentVolume must be created in the openshift-insights namespace. // +optional - DisabledGatherers []string `json:"disabledGatherers"` + PersistentVolume *PersistentVolumeConfig `json:"persistentVolume,omitempty"` +} + +// storageType declares valid storage types +// +kubebuilder:validation:Enum=PersistentVolume;Ephemeral +type StorageType string + +const ( + // StorageTypePersistentVolume storage type + StorageTypePersistentVolume StorageType = "PersistentVolume" + // StorageTypeEphemeral storage type + StorageTypeEphemeral StorageType = "Ephemeral" +) + +// persistentVolumeConfig provides configuration options for PersistentVolume storage. +type PersistentVolumeConfig struct { + // claim is a required field that specifies the configuration of the PersistentVolumeClaim that will be used to store the Insights data archive. + // The PersistentVolumeClaim must be created in the openshift-insights namespace. + // +required + Claim PersistentVolumeClaimReference `json:"claim"` + // mountPath is an optional field specifying the directory where the PVC will be mounted inside the Insights data gathering Pod. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // The current default mount path is /var/lib/insights-operator + // The path may not exceed 1024 characters and must not contain a colon. + // +kubebuilder:validation:MaxLength=1024 + // +kubebuilder:validation:XValidation:rule="!self.contains(':')",message="mountPath must not contain a colon" + // +optional + MountPath string `json:"mountPath,omitempty"` +} + +// persistentVolumeClaimReference is a reference to a PersistentVolumeClaim. +type PersistentVolumeClaimReference struct { + // name is a string that follows the DNS1123 subdomain format. + // It must be at most 253 characters in length, and must consist only of lower case alphanumeric characters, '-' and '.', and must start and end with an alphanumeric character. + // +kubebuilder:validation:XValidation:rule="!format.dns1123Subdomain().validate(self).hasValue()",message="a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character." + // +kubebuilder:validation:MaxLength:=253 + // +required + Name string `json:"name"` } const ( diff --git a/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.deepcopy.go index 8e22e2d27e..17d74e0fa8 100644 --- a/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.deepcopy.go @@ -353,9 +353,14 @@ func (in *GatherConfig) DeepCopyInto(out *GatherConfig) { *out = *in if in.DisabledGatherers != nil { in, out := &in.DisabledGatherers, &out.DisabledGatherers - *out = make([]string, len(*in)) + *out = make([]DisabledGatherer, len(*in)) copy(*out, *in) } + if in.StorageSpec != nil { + in, out := &in.StorageSpec, &out.StorageSpec + *out = new(Storage) + (*in).DeepCopyInto(*out) + } return } @@ -569,6 +574,82 @@ func (in *InsightsDataGatherStatus) DeepCopy() *InsightsDataGatherStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PKI) DeepCopyInto(out *PKI) { + *out = *in + if in.CertificateAuthorityRootsData != nil { + in, out := &in.CertificateAuthorityRootsData, &out.CertificateAuthorityRootsData + *out = make([]byte, len(*in)) + copy(*out, *in) + } + if in.CertificateAuthorityIntermediatesData != nil { + in, out := &in.CertificateAuthorityIntermediatesData, &out.CertificateAuthorityIntermediatesData + *out = make([]byte, len(*in)) + copy(*out, *in) + } + out.PKICertificateSubject = in.PKICertificateSubject + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PKI. +func (in *PKI) DeepCopy() *PKI { + if in == nil { + return nil + } + out := new(PKI) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PKICertificateSubject) DeepCopyInto(out *PKICertificateSubject) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PKICertificateSubject. +func (in *PKICertificateSubject) DeepCopy() *PKICertificateSubject { + if in == nil { + return nil + } + out := new(PKICertificateSubject) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PersistentVolumeClaimReference) DeepCopyInto(out *PersistentVolumeClaimReference) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PersistentVolumeClaimReference. +func (in *PersistentVolumeClaimReference) DeepCopy() *PersistentVolumeClaimReference { + if in == nil { + return nil + } + out := new(PersistentVolumeClaimReference) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PersistentVolumeConfig) DeepCopyInto(out *PersistentVolumeConfig) { + *out = *in + out.Claim = in.Claim + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PersistentVolumeConfig. +func (in *PersistentVolumeConfig) DeepCopy() *PersistentVolumeConfig { + if in == nil { + return nil + } + out := new(PersistentVolumeConfig) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Policy) DeepCopyInto(out *Policy) { *out = *in @@ -674,6 +755,11 @@ func (in *PolicyRootOfTrust) DeepCopyInto(out *PolicyRootOfTrust) { *out = new(FulcioCAWithRekor) (*in).DeepCopyInto(*out) } + if in.PKI != nil { + in, out := &in.PKI, &out.PKI + *out = new(PKI) + (*in).DeepCopyInto(*out) + } return } @@ -771,6 +857,27 @@ func (in *RetentionSizeConfig) DeepCopy() *RetentionSizeConfig { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Storage) DeepCopyInto(out *Storage) { + *out = *in + if in.PersistentVolume != nil { + in, out := &in.PersistentVolume, &out.PersistentVolume + *out = new(PersistentVolumeConfig) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Storage. +func (in *Storage) DeepCopy() *Storage { + if in == nil { + return nil + } + out := new(Storage) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *UserDefinedMonitoring) DeepCopyInto(out *UserDefinedMonitoring) { *out = *in diff --git a/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.featuregated-crd-manifests.yaml b/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.featuregated-crd-manifests.yaml index 1d4a88d505..b9dca71a92 100644 --- a/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.featuregated-crd-manifests.yaml +++ b/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.featuregated-crd-manifests.yaml @@ -29,6 +29,7 @@ clusterimagepolicies.config.openshift.io: Category: "" FeatureGates: - SigstoreImageVerification + - SigstoreImageVerificationPKI FilenameOperatorName: config-operator FilenameOperatorOrdering: "01" FilenameRunLevel: "0000_10" @@ -76,6 +77,7 @@ imagepolicies.config.openshift.io: Category: "" FeatureGates: - SigstoreImageVerification + - SigstoreImageVerificationPKI FilenameOperatorName: config-operator FilenameOperatorOrdering: "01" FilenameRunLevel: "0000_10" diff --git a/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.swagger_doc_generated.go index 92ae6cc727..504281540b 100644 --- a/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.swagger_doc_generated.go @@ -214,6 +214,27 @@ func (ImagePolicyStatus) SwaggerDoc() map[string]string { return map_ImagePolicyStatus } +var map_PKI = map[string]string{ + "": "PKI defines the root of trust based on Root CA(s) and corresponding intermediate certificates.", + "caRootsData": "caRootsData contains base64-encoded data of a certificate bundle PEM file, which contains one or more CA roots in the PEM format. The total length of the data must not exceed 8192 characters. ", + "caIntermediatesData": "caIntermediatesData contains base64-encoded data of a certificate bundle PEM file, which contains one or more intermediate certificates in the PEM format. The total length of the data must not exceed 8192 characters. caIntermediatesData requires caRootsData to be set. ", + "pkiCertificateSubject": "pkiCertificateSubject defines the requirements imposed on the subject to which the certificate was issued.", +} + +func (PKI) SwaggerDoc() map[string]string { + return map_PKI +} + +var map_PKICertificateSubject = map[string]string{ + "": "PKICertificateSubject defines the requirements imposed on the subject to which the certificate was issued.", + "email": "email specifies the expected email address imposed on the subject to which the certificate was issued, and must match the email address listed in the Subject Alternative Name (SAN) field of the certificate. The email should be a valid email address and at most 320 characters in length.", + "hostname": "hostname specifies the expected hostname imposed on the subject to which the certificate was issued, and it must match the hostname listed in the Subject Alternative Name (SAN) DNS field of the certificate. The hostname should be a valid dns 1123 subdomain name, optionally prefixed by '*.', and at most 253 characters in length. It should consist only of lowercase alphanumeric characters, hyphens, periods and the optional preceding asterisk.", +} + +func (PKICertificateSubject) SwaggerDoc() map[string]string { + return map_PKICertificateSubject +} + var map_Policy = map[string]string{ "": "Policy defines the verification policy for the items in the scopes list.", "rootOfTrust": "rootOfTrust specifies the root of trust for the policy.", @@ -264,9 +285,10 @@ func (PolicyMatchRemapIdentity) SwaggerDoc() map[string]string { var map_PolicyRootOfTrust = map[string]string{ "": "PolicyRootOfTrust defines the root of trust based on the selected policyType.", - "policyType": "policyType serves as the union's discriminator. Users are required to assign a value to this field, choosing one of the policy types that define the root of trust. \"PublicKey\" indicates that the policy relies on a sigstore publicKey and may optionally use a Rekor verification. \"FulcioCAWithRekor\" indicates that the policy is based on the Fulcio certification and incorporates a Rekor verification.", + "policyType": "policyType serves as the union's discriminator. Users are required to assign a value to this field, choosing one of the policy types that define the root of trust. \"PublicKey\" indicates that the policy relies on a sigstore publicKey and may optionally use a Rekor verification. \"FulcioCAWithRekor\" indicates that the policy is based on the Fulcio certification and incorporates a Rekor verification. \"PKI\" is a DevPreview feature that indicates that the policy is based on the certificates from Bring Your Own Public Key Infrastructure (BYOPKI). This value is enabled by turning on the SigstoreImageVerificationPKI feature gate.", "publicKey": "publicKey defines the root of trust based on a sigstore public key.", "fulcioCAWithRekor": "fulcioCAWithRekor defines the root of trust based on the Fulcio certificate and the Rekor public key. For more information about Fulcio and Rekor, please refer to the document at: https://github.com/sigstore/fulcio and https://github.com/sigstore/rekor", + "pki": "pki defines the root of trust based on Bring Your Own Public Key Infrastructure (BYOPKI) Root CA(s) and corresponding intermediate certificates.", } func (PolicyRootOfTrust) SwaggerDoc() map[string]string { @@ -285,8 +307,9 @@ func (PublicKey) SwaggerDoc() map[string]string { var map_GatherConfig = map[string]string{ "": "gatherConfig provides data gathering configuration options.", - "dataPolicy": "dataPolicy allows user to enable additional global obfuscation of the IP addresses and base domain in the Insights archive data. Valid values are \"None\" and \"ObfuscateNetworking\". When set to None the data is not obfuscated. When set to ObfuscateNetworking the IP addresses and the cluster domain name are obfuscated. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is None.", - "disabledGatherers": "disabledGatherers is a list of gatherers to be excluded from the gathering. All the gatherers can be disabled by providing \"all\" value. If all the gatherers are disabled, the Insights operator does not gather any data. The particular gatherers IDs can be found at https://github.com/openshift/insights-operator/blob/master/docs/gathered-data.md. Run the following command to get the names of last active gatherers: \"oc get insightsoperators.operator.openshift.io cluster -o json | jq '.status.gatherStatus.gatherers[].name'\" An example of disabling gatherers looks like this: `disabledGatherers: [\"clusterconfig/machine_configs\", \"workloads/workload_info\"]`", + "dataPolicy": "dataPolicy allows user to enable additional global obfuscation of the IP addresses and base domain in the Insights archive data. Valid values are \"None\" and \"ObfuscateNetworking\". When set to None the data is not obfuscated. When set to ObfuscateNetworking the IP addresses and the cluster domain name are obfuscated. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", + "disabledGatherers": "disabledGatherers is a list of gatherers to be excluded from the gathering. All the gatherers can be disabled by providing \"all\" value. If all the gatherers are disabled, the Insights operator does not gather any data. The format for the disabledGatherer should be: {gatherer}/{function} where the function is optional. Gatherer consists of a lowercase letters only that may include underscores (_). Function consists of a lowercase letters only that may include underscores (_) and is separated from the gatherer by a forward slash (/). The particular gatherers IDs can be found at https://github.com/openshift/insights-operator/blob/master/docs/gathered-data.md. Run the following command to get the names of last active gatherers: \"oc get insightsoperators.operator.openshift.io cluster -o json | jq '.status.gatherStatus.gatherers[].name'\" An example of disabling gatherers looks like this: `disabledGatherers: [\"clusterconfig/machine_configs\", \"workloads/workload_info\"]`", + "storage": "storage is an optional field that allows user to define persistent storage for gathering jobs to store the Insights data archive. If omitted, the gathering job will use ephemeral storage.", } func (GatherConfig) SwaggerDoc() map[string]string { @@ -321,4 +344,33 @@ func (InsightsDataGatherSpec) SwaggerDoc() map[string]string { return map_InsightsDataGatherSpec } +var map_PersistentVolumeClaimReference = map[string]string{ + "": "persistentVolumeClaimReference is a reference to a PersistentVolumeClaim.", + "name": "name is a string that follows the DNS1123 subdomain format. It must be at most 253 characters in length, and must consist only of lower case alphanumeric characters, '-' and '.', and must start and end with an alphanumeric character.", +} + +func (PersistentVolumeClaimReference) SwaggerDoc() map[string]string { + return map_PersistentVolumeClaimReference +} + +var map_PersistentVolumeConfig = map[string]string{ + "": "persistentVolumeConfig provides configuration options for PersistentVolume storage.", + "claim": "claim is a required field that specifies the configuration of the PersistentVolumeClaim that will be used to store the Insights data archive. The PersistentVolumeClaim must be created in the openshift-insights namespace.", + "mountPath": "mountPath is an optional field specifying the directory where the PVC will be mounted inside the Insights data gathering Pod. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default mount path is /var/lib/insights-operator The path may not exceed 1024 characters and must not contain a colon.", +} + +func (PersistentVolumeConfig) SwaggerDoc() map[string]string { + return map_PersistentVolumeConfig +} + +var map_Storage = map[string]string{ + "": "storage provides persistent storage configuration options for gathering jobs. If the type is set to PersistentVolume, then the PersistentVolume must be defined. If the type is set to Ephemeral, then the PersistentVolume must not be defined.", + "type": "type is a required field that specifies the type of storage that will be used to store the Insights data archive. Valid values are \"PersistentVolume\" and \"Ephemeral\". When set to Ephemeral, the Insights data archive is stored in the ephemeral storage of the gathering job. When set to PersistentVolume, the Insights data archive is stored in the PersistentVolume that is defined by the persistentVolume field.", + "persistentVolume": "persistentVolume is an optional field that specifies the PersistentVolume that will be used to store the Insights data archive. The PersistentVolume must be created in the openshift-insights namespace.", +} + +func (Storage) SwaggerDoc() map[string]string { + return map_Storage +} + // AUTO-GENERATED FUNCTIONS END HERE diff --git a/vendor/github.com/openshift/api/envtest-releases.yaml b/vendor/github.com/openshift/api/envtest-releases.yaml index a0e3f0ebdf..e3a8c94cfa 100644 --- a/vendor/github.com/openshift/api/envtest-releases.yaml +++ b/vendor/github.com/openshift/api/envtest-releases.yaml @@ -38,3 +38,16 @@ releases: envtest-v1.31.2-linux-arm64.tar.gz: hash: f6ad42b701537ddfd6873e9700f8e73927763878eaf36a5437d71fb62bffda91ce7f502e13f9ef4b508d37973ccddd3d847eba0d7150f7acb5495fd82558fbad selfLink: https://storage.googleapis.com/openshift-kubebuilder-tools/envtest-v1.31.2-linux-arm64.tar.gz + v1.32.1: + envtest-v1.32.1-darwin-amd64.tar.gz: + hash: e81d0b8e9d58bcefc8e741e298698670a39bf77923623fb8554b1a4b201a033678d2949e18dcf6933722c69f954b0de93c8f7136ff0641f69e5128a5a3fb6b26 + selfLink: https://storage.googleapis.com/openshift-kubebuilder-tools/envtest-v1.32.1-darwin-amd64.tar.gz + envtest-v1.32.1-darwin-arm64.tar.gz: + hash: 57be0af5cbf72b659c14f955205fa9a95da9af9213bc9b6a5a1090394a0cd5f98c57127b3d8a69dc349bc33112f52505a6f030369bb09a27f9fb2c13a66475d1 + selfLink: https://storage.googleapis.com/openshift-kubebuilder-tools/envtest-v1.32.1-darwin-arm64.tar.gz + envtest-v1.32.1-linux-amd64.tar.gz: + hash: 711c6d6d9443dce6b465403149837d636f440091b77ec45753d9c60fea0d6ba7811b0045ebf16f7b74504d1f47fcf1da90d7c810a18be31311c90f068d9fd1fd + selfLink: https://storage.googleapis.com/openshift-kubebuilder-tools/envtest-v1.32.1-linux-amd64.tar.gz + envtest-v1.32.1-linux-arm64.tar.gz: + hash: 0bc52e6344ae0753715bc39c2878696c72a3129356df484835586165238361c109ad3e1ebd354af8ecdf1026c3a2b98ed225ad0c6dd348cb3ff128a7cfdcc2f8 + selfLink: https://storage.googleapis.com/openshift-kubebuilder-tools/envtest-v1.32.1-linux-arm64.tar.gz diff --git a/vendor/github.com/openshift/api/features.md b/vendor/github.com/openshift/api/features.md index 8b42f6b013..2ebfc0b829 100644 --- a/vendor/github.com/openshift/api/features.md +++ b/vendor/github.com/openshift/api/features.md @@ -8,7 +8,11 @@ | MultiArchInstallAzure| | | | | | | | ClusterVersionOperatorConfiguration| | | Enabled | Enabled | | | | Example2| | | Enabled | Enabled | | | -| GatewayAPI| | | Enabled | Enabled | | | +| NewOLMCatalogdAPIV1Metas| | | | Enabled | | Enabled | +| SELinuxChangePolicy| | | Enabled | Enabled | | | +| SELinuxMount| | | Enabled | Enabled | | | +| ShortCertRotation| | | Enabled | Enabled | | | +| SigstoreImageVerificationPKI| | | Enabled | Enabled | | | | NewOLM| | Enabled | | Enabled | | Enabled | | AWSClusterHostedDNS| | | Enabled | Enabled | Enabled | Enabled | | AutomatedEtcdBackup| | | Enabled | Enabled | Enabled | Enabled | @@ -17,10 +21,15 @@ | ClusterMonitoringConfig| | | Enabled | Enabled | Enabled | Enabled | | ConsolePluginContentSecurityPolicy| | | Enabled | Enabled | Enabled | Enabled | | DNSNameResolver| | | Enabled | Enabled | Enabled | Enabled | +| DualReplica| | | Enabled | Enabled | Enabled | Enabled | +| DyanmicServiceEndpointIBMCloud| | | Enabled | Enabled | Enabled | Enabled | | DynamicResourceAllocation| | | Enabled | Enabled | Enabled | Enabled | | EtcdBackendQuota| | | Enabled | Enabled | Enabled | Enabled | | Example| | | Enabled | Enabled | Enabled | Enabled | | GCPClusterHostedDNS| | | Enabled | Enabled | Enabled | Enabled | +| GCPCustomAPIEndpoints| | | Enabled | Enabled | Enabled | Enabled | +| GatewayAPI| | | Enabled | Enabled | Enabled | Enabled | +| GatewayAPIController| | | Enabled | Enabled | Enabled | Enabled | | HighlyAvailableArbiter| | | Enabled | Enabled | Enabled | Enabled | | ImageStreamImportMode| | | Enabled | Enabled | Enabled | Enabled | | IngressControllerDynamicConfigurationManager| | | Enabled | Enabled | Enabled | Enabled | @@ -35,7 +44,6 @@ | MetricsCollectionProfiles| | | Enabled | Enabled | Enabled | Enabled | | MinimumKubeletVersion| | | Enabled | Enabled | Enabled | Enabled | | MixedCPUsAllocation| | | Enabled | Enabled | Enabled | Enabled | -| NetworkSegmentation| | | Enabled | Enabled | Enabled | Enabled | | NodeSwap| | | Enabled | Enabled | Enabled | Enabled | | NutanixMultiSubnets| | | Enabled | Enabled | Enabled | Enabled | | OVNObservability| | | Enabled | Enabled | Enabled | Enabled | @@ -52,6 +60,7 @@ | UpgradeStatus| | | Enabled | Enabled | Enabled | Enabled | | UserNamespacesPodSecurityStandards| | | Enabled | Enabled | Enabled | Enabled | | UserNamespacesSupport| | | Enabled | Enabled | Enabled | Enabled | +| VSphereConfigurableMaxAllowedBlockVolumesPerNode| | | Enabled | Enabled | Enabled | Enabled | | VSphereHostVMGroupZonal| | | Enabled | Enabled | Enabled | Enabled | | VSphereMultiDisk| | | Enabled | Enabled | Enabled | Enabled | | VSphereMultiNetworks| | | Enabled | Enabled | Enabled | Enabled | @@ -78,6 +87,7 @@ | MultiArchInstallGCP| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | NetworkDiagnosticsConfig| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | NetworkLiveMigration| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | +| NetworkSegmentation| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | NodeDisruptionPolicy| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | OpenShiftPodSecurityAdmission| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | PersistentIPsForVirtualization| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | diff --git a/vendor/github.com/openshift/api/features/features.go b/vendor/github.com/openshift/api/features/features.go index e23a4b6155..8f30373e92 100644 --- a/vendor/github.com/openshift/api/features/features.go +++ b/vendor/github.com/openshift/api/features/features.go @@ -65,7 +65,7 @@ var ( contactPerson("miciah"). productScope(ocpSpecific). enhancementPR(legacyFeatureGateWithoutEnhancement). - enableIn(configv1.DevPreviewNoUpgrade). + enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() FeatureGateSetEIPForNLBIngressController = newFeatureGate("SetEIPForNLBIngressController"). @@ -171,6 +171,14 @@ var ( enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() + FeatureGateSigstoreImageVerificationPKI = newFeatureGate("SigstoreImageVerificationPKI"). + reportProblemsToJiraComponent("node"). + contactPerson("QiWang"). + productScope(ocpSpecific). + enhancementPR("https://github.com/openshift/enhancements/pull/1658"). + enableIn(configv1.DevPreviewNoUpgrade). + mustRegister() + FeatureGateGCPLabelsTags = newFeatureGate("GCPLabelsTags"). reportProblemsToJiraComponent("Installer"). contactPerson("bhb"). @@ -255,8 +263,8 @@ var ( reportProblemsToJiraComponent("Networking/ovn-kubernetes"). contactPerson("tssurya"). productScope(ocpSpecific). - enhancementPR(legacyFeatureGateWithoutEnhancement). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enhancementPR("https://github.com/openshift/enhancements/pull/1623"). + enableIn(configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() FeatureGateAdditionalRoutingCapabilities = newFeatureGate("AdditionalRoutingCapabilities"). @@ -522,6 +530,14 @@ var ( enableForClusterProfile(SelfManaged, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade, configv1.Default). mustRegister() + FeatureGateNewOLMCatalogdAPIV1Metas = newFeatureGate("NewOLMCatalogdAPIV1Metas"). + reportProblemsToJiraComponent("olm"). + contactPerson("jordank"). + productScope(ocpSpecific). + enhancementPR("https://github.com/openshift/enhancements/pull/1749"). + enableForClusterProfile(SelfManaged, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + mustRegister() + FeatureGateInsightsOnDemandDataGather = newFeatureGate("InsightsOnDemandDataGather"). reportProblemsToJiraComponent("insights"). contactPerson("tremes"). @@ -720,12 +736,15 @@ var ( mustRegister() FeatureGateHighlyAvailableArbiter = newFeatureGate("HighlyAvailableArbiter"). - reportProblemsToJiraComponent("TwoNode / Arbiter"). + reportProblemsToJiraComponent("Two Node with Arbiter"). contactPerson("eggfoobar"). productScope(ocpSpecific). enhancementPR("https://github.com/openshift/enhancements/pull/1674"). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). - mustRegister() + // TODO: Do not go GA until jira issue is resolved: https://issues.redhat.com/browse/OCPEDGE-1637 + // Annotations must correctly handle either DualReplica or HighlyAvailableArbiter going GA with + // the other still in TechPreview. + enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + mustRegister() FeatureGateCVOConfiguration = newFeatureGate("ClusterVersionOperatorConfiguration"). reportProblemsToJiraComponent("Cluster Version Operator"). @@ -734,4 +753,76 @@ var ( enhancementPR("https://github.com/openshift/enhancements/pull/1492"). enableIn(configv1.DevPreviewNoUpgrade). mustRegister() + + FeatureGateGCPCustomAPIEndpoints = newFeatureGate("GCPCustomAPIEndpoints"). + reportProblemsToJiraComponent("Installer"). + contactPerson("barbacbd"). + productScope(ocpSpecific). + enhancementPR("https://github.com/openshift/enhancements/pull/1492"). + enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + mustRegister() + + FeatureGateDyanmicServiceEndpointIBMCloud = newFeatureGate("DyanmicServiceEndpointIBMCloud"). + reportProblemsToJiraComponent("Cloud Compute / IBM Provider"). + contactPerson("jared-hayes-dev"). + productScope(ocpSpecific). + enhancementPR("https://github.com/openshift/enhancements/pull/1712"). + enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + mustRegister() + + FeatureGateSELinuxChangePolicy = newFeatureGate("SELinuxChangePolicy"). + reportProblemsToJiraComponent("Storage / Kubernetes"). + contactPerson("jsafrane"). + productScope(kubernetes). + enhancementPR("https://github.com/kubernetes/enhancements/issues/1710"). + enableIn(configv1.DevPreviewNoUpgrade). + mustRegister() + + FeatureGateSELinuxMount = newFeatureGate("SELinuxMount"). + reportProblemsToJiraComponent("Storage / Kubernetes"). + contactPerson("jsafrane"). + productScope(kubernetes). + enhancementPR("https://github.com/kubernetes/enhancements/issues/1710"). + enableIn(configv1.DevPreviewNoUpgrade). + mustRegister() + + FeatureGateDualReplica = newFeatureGate("DualReplica"). + reportProblemsToJiraComponent("Two Node Fencing"). + contactPerson("jaypoulz"). + productScope(ocpSpecific). + enhancementPR("https://github.com/openshift/enhancements/pull/1675"). + // TODO: Do not go GA until jira issue is resolved: https://issues.redhat.com/browse/OCPEDGE-1637 + // Annotations must correctly handle either DualReplica or HighlyAvailableArbiter going GA with + // the other still in TechPreview. + enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + mustRegister() + + FeatureGateGatewayAPIController = newFeatureGate("GatewayAPIController"). + reportProblemsToJiraComponent("Routing"). + contactPerson("miciah"). + productScope(ocpSpecific). + // Previously, the "GatewayAPI" feature gate managed both the GatewayAPI CRDs + // and the Gateway Controller. However, with the introduction of Gateway CRD + // lifecycle management (EP#1756), these responsibilities were separated. + // A dedicated feature gate now controls the Gateway Controller to distinguish + // its production readiness from that of the CRDs. + enhancementPR("https://github.com/openshift/enhancements/pull/1756"). + enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + mustRegister() + + FeatureShortCertRotation = newFeatureGate("ShortCertRotation"). + reportProblemsToJiraComponent("kube-apiserver"). + contactPerson("vrutkovs"). + productScope(ocpSpecific). + enableIn(configv1.DevPreviewNoUpgrade). + enhancementPR("https://github.com/openshift/enhancements/pull/1670"). + mustRegister() + + FeatureGateVSphereConfigurableMaxAllowedBlockVolumesPerNode = newFeatureGate("VSphereConfigurableMaxAllowedBlockVolumesPerNode"). + reportProblemsToJiraComponent("Storage / Kubernetes External Components"). + contactPerson("rbednar"). + productScope(ocpSpecific). + enhancementPR("https://github.com/openshift/enhancements/pull/1748"). + enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + mustRegister() ) diff --git a/vendor/github.com/openshift/api/helm/v1beta1/types_helm_chart_repository.go b/vendor/github.com/openshift/api/helm/v1beta1/types_helm_chart_repository.go index 4700f91140..793cb1938f 100644 --- a/vendor/github.com/openshift/api/helm/v1beta1/types_helm_chart_repository.go +++ b/vendor/github.com/openshift/api/helm/v1beta1/types_helm_chart_repository.go @@ -99,5 +99,7 @@ type HelmChartRepositoryStatus struct { // conditions is a list of conditions and their statuses // +optional + // +listType=map + // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty"` } diff --git a/vendor/github.com/openshift/api/machine/v1/types_alibabaprovider.go b/vendor/github.com/openshift/api/machine/v1/types_alibabaprovider.go index d1396fbfb2..12a8196726 100644 --- a/vendor/github.com/openshift/api/machine/v1/types_alibabaprovider.go +++ b/vendor/github.com/openshift/api/machine/v1/types_alibabaprovider.go @@ -224,6 +224,8 @@ type AlibabaCloudMachineProviderStatus struct { // conditions is a set of conditions associated with the Machine to indicate // errors or other status // +optional + // +listType=map + // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty"` } diff --git a/vendor/github.com/openshift/api/machine/v1/types_controlplanemachineset.go b/vendor/github.com/openshift/api/machine/v1/types_controlplanemachineset.go index cc9c04ca27..ead8b20771 100644 --- a/vendor/github.com/openshift/api/machine/v1/types_controlplanemachineset.go +++ b/vendor/github.com/openshift/api/machine/v1/types_controlplanemachineset.go @@ -428,12 +428,10 @@ type RootVolume struct { type ControlPlaneMachineSetStatus struct { // conditions represents the observations of the ControlPlaneMachineSet's current state. // Known .status.conditions.type are: Available, Degraded and Progressing. - // +patchMergeKey=type - // +patchStrategy=merge // +listType=map // +listMapKey=type // +optional - Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"` + Conditions []metav1.Condition `json:"conditions,omitempty"` // observedGeneration is the most recent generation observed for this // ControlPlaneMachineSet. It corresponds to the ControlPlaneMachineSets's generation, diff --git a/vendor/github.com/openshift/api/machine/v1/types_nutanixprovider.go b/vendor/github.com/openshift/api/machine/v1/types_nutanixprovider.go index cc1a355b53..e2ddde2ad7 100644 --- a/vendor/github.com/openshift/api/machine/v1/types_nutanixprovider.go +++ b/vendor/github.com/openshift/api/machine/v1/types_nutanixprovider.go @@ -331,6 +331,8 @@ type NutanixMachineProviderStatus struct { // conditions is a set of conditions associated with the Machine to indicate // errors or other status // +optional + // +listType=map + // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty"` // vmUUID is the Machine associated VM's UUID diff --git a/vendor/github.com/openshift/api/machine/v1/types_powervsprovider.go b/vendor/github.com/openshift/api/machine/v1/types_powervsprovider.go index b676a8d5f7..d3a4c6ec82 100644 --- a/vendor/github.com/openshift/api/machine/v1/types_powervsprovider.go +++ b/vendor/github.com/openshift/api/machine/v1/types_powervsprovider.go @@ -170,12 +170,10 @@ type PowerVSMachineProviderStatus struct { // conditions is a set of conditions associated with the Machine to indicate // errors or other status - // +patchMergeKey=type - // +patchStrategy=merge // +listType=map // +listMapKey=type // +optional - Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"` + Conditions []metav1.Condition `json:"conditions,omitempty"` // instanceId is the instance ID of the machine created in PowerVS // instanceId uniquely identifies a Power VS server instance(VM) under a Power VS service. diff --git a/vendor/github.com/openshift/api/machine/v1beta1/types_awsprovider.go b/vendor/github.com/openshift/api/machine/v1beta1/types_awsprovider.go index b34a87886d..d69bcd0233 100644 --- a/vendor/github.com/openshift/api/machine/v1beta1/types_awsprovider.go +++ b/vendor/github.com/openshift/api/machine/v1beta1/types_awsprovider.go @@ -95,6 +95,18 @@ type AWSMachineProviderConfig struct { // The field size should be greater than 0 and the field input must start with cr-*** // +optional CapacityReservationID string `json:"capacityReservationId"` + // marketType specifies the type of market for the EC2 instance. + // Valid values are OnDemand, Spot, CapacityBlock and omitted. + // + // Defaults to OnDemand. + // When SpotMarketOptions is provided, the marketType defaults to "Spot". + // + // When set to OnDemand the instance runs as a standard OnDemand instance. + // When set to Spot the instance runs as a Spot instance. + // When set to CapacityBlock the instance utilizes pre-purchased compute capacity (capacity blocks) with AWS Capacity Reservations. + // If this value is selected, capacityReservationID must be specified to identify the target reservation. + // +optional + MarketType MarketType `json:"marketType,omitempty"` } // BlockDeviceMappingSpec describes a block device mapping @@ -318,5 +330,26 @@ type AWSMachineProviderStatus struct { // conditions is a set of conditions associated with the Machine to indicate // errors or other status // +optional + // +listType=map + // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty"` } + +// MarketType describes the market type of an EC2 Instance +// +kubebuilder:validation:Enum:=OnDemand;Spot;CapacityBlock +type MarketType string + +const ( + + // MarketTypeOnDemand is a MarketType enum value + // When set to OnDemand the instance runs as a standard OnDemand instance. + MarketTypeOnDemand MarketType = "OnDemand" + + // MarketTypeSpot is a MarketType enum value + // When set to Spot the instance runs as a Spot instance. + MarketTypeSpot MarketType = "Spot" + + // MarketTypeCapacityBlock is a MarketType enum value + // When set to CapacityBlock the instance utilizes pre-purchased compute capacity (capacity blocks) with AWS Capacity Reservations. + MarketTypeCapacityBlock MarketType = "CapacityBlock" +) diff --git a/vendor/github.com/openshift/api/machine/v1beta1/types_azureprovider.go b/vendor/github.com/openshift/api/machine/v1beta1/types_azureprovider.go index db84fa2c9f..760360bd57 100644 --- a/vendor/github.com/openshift/api/machine/v1beta1/types_azureprovider.go +++ b/vendor/github.com/openshift/api/machine/v1beta1/types_azureprovider.go @@ -234,6 +234,8 @@ type AzureMachineProviderStatus struct { // conditions is a set of conditions associated with the Machine to indicate // errors or other status. // +optional + // +listType=map + // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty"` } diff --git a/vendor/github.com/openshift/api/machine/v1beta1/types_gcpprovider.go b/vendor/github.com/openshift/api/machine/v1beta1/types_gcpprovider.go index fc09a0c47b..72a31b5bdd 100644 --- a/vendor/github.com/openshift/api/machine/v1beta1/types_gcpprovider.go +++ b/vendor/github.com/openshift/api/machine/v1beta1/types_gcpprovider.go @@ -63,6 +63,12 @@ const ( ConfidentialComputePolicyEnabled ConfidentialComputePolicy = "Enabled" // ConfidentialComputePolicyDisabled disables confidential compute for the GCP machine. ConfidentialComputePolicyDisabled ConfidentialComputePolicy = "Disabled" + // ConfidentialComputePolicySEV sets AMD SEV as the VM instance's confidential computing technology of choice. + ConfidentialComputePolicySEV ConfidentialComputePolicy = "AMDEncryptedVirtualization" + // ConfidentialComputePolicySEVSNP sets AMD SEV-SNP as the VM instance's confidential computing technology of choice. + ConfidentialComputePolicySEVSNP ConfidentialComputePolicy = "AMDEncryptedVirtualizationNestedPaging" + // ConfidentialComputePolicyTDX sets Intel TDX as the VM instance's confidential computing technology of choice. + ConfidentialComputePolicyTDX ConfidentialComputePolicy = "IntelTrustedDomainExtensions" ) // GCPMachineProviderSpec is the type that will be embedded in a Machine.Spec.ProviderSpec field @@ -143,10 +149,21 @@ type GCPMachineProviderSpec struct { // +optional ShieldedInstanceConfig GCPShieldedInstanceConfig `json:"shieldedInstanceConfig,omitempty"` - // confidentialCompute Defines whether the instance should have confidential compute enabled. - // If enabled OnHostMaintenance is required to be set to "Terminate". - // If omitted, the platform chooses a default, which is subject to change over time, currently that default is false. - // +kubebuilder:validation:Enum=Enabled;Disabled + // confidentialCompute is an optional field defining whether the instance should have confidential compute enabled or not, and the confidential computing technology of choice. + // Allowed values are omitted, Disabled, Enabled, AMDEncryptedVirtualization, AMDEncryptedVirtualizationNestedPaging, and IntelTrustedDomainExtensions + // When set to Disabled, the machine will not be configured to be a confidential computing instance. + // When set to Enabled, the machine will be configured as a confidential computing instance with no preference on the confidential compute policy used. In this mode, the platform chooses a default that is subject to change over time. Currently, the default is to use AMD Secure Encrypted Virtualization. + // When set to AMDEncryptedVirtualization, the machine will be configured as a confidential computing instance with AMD Secure Encrypted Virtualization (AMD SEV) as the confidential computing technology. + // When set to AMDEncryptedVirtualizationNestedPaging, the machine will be configured as a confidential computing instance with AMD Secure Encrypted Virtualization Secure Nested Paging (AMD SEV-SNP) as the confidential computing technology. + // When set to IntelTrustedDomainExtensions, the machine will be configured as a confidential computing instance with Intel Trusted Domain Extensions (Intel TDX) as the confidential computing technology. + // If any value other than Disabled is set the selected machine type must support that specific confidential computing technology. The machine series supporting confidential computing technologies can be checked at https://cloud.google.com/confidential-computing/confidential-vm/docs/supported-configurations#all-confidential-vm-instances + // Currently, AMDEncryptedVirtualization is supported in c2d, n2d, and c3d machines. + // AMDEncryptedVirtualizationNestedPaging is supported in n2d machines. + // IntelTrustedDomainExtensions is supported in c3 machines. + // If any value other than Disabled is set, the selected region must support that specific confidential computing technology. The list of regions supporting confidential computing technologies can be checked at https://cloud.google.com/confidential-computing/confidential-vm/docs/supported-configurations#supported-zones + // If any value other than Disabled is set onHostMaintenance is required to be set to "Terminate". + // If omitted, the platform chooses a default, which is subject to change over time, currently that default is Disabled. + // +kubebuilder:validation:Enum="";Enabled;Disabled;AMDEncryptedVirtualization;AMDEncryptedVirtualizationNestedPaging;IntelTrustedDomainExtensions // +optional ConfidentialCompute ConfidentialComputePolicy `json:"confidentialCompute,omitempty"` @@ -296,6 +313,8 @@ type GCPMachineProviderStatus struct { // conditions is a set of conditions associated with the Machine to indicate // errors or other status // +optional + // +listType=map + // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty"` } diff --git a/vendor/github.com/openshift/api/machine/v1beta1/types_vsphereprovider.go b/vendor/github.com/openshift/api/machine/v1beta1/types_vsphereprovider.go index 3b83d10f6b..fe6626f729 100644 --- a/vendor/github.com/openshift/api/machine/v1beta1/types_vsphereprovider.go +++ b/vendor/github.com/openshift/api/machine/v1beta1/types_vsphereprovider.go @@ -198,8 +198,34 @@ type VSphereDisk struct { // +kubebuilder:validation:Maximum=16384 // +required SizeGiB int32 `json:"sizeGiB"` + // provisioningMode is an optional field that specifies the provisioning type to be used by this vSphere data disk. + // Allowed values are "Thin", "Thick", "EagerlyZeroed", and omitted. + // When set to Thin, the disk will be made using thin provisioning allocating the bare minimum space. + // When set to Thick, the full disk size will be allocated when disk is created. + // When set to EagerlyZeroed, the disk will be created using eager zero provisioning. An eager zeroed thick disk has all space allocated and wiped clean of any previous contents on the physical media at creation time. Such disks may take longer time during creation compared to other disk formats. + // When omitted, no setting will be applied to the data disk and the provisioning mode for the disk will be determined by the default storage policy configured for the datastore in vSphere. + // +optional + ProvisioningMode ProvisioningMode `json:"provisioningMode,omitempty"` } +// provisioningMode represents the various provisioning types available to a VMs disk. +// +kubebuilder:validation:Enum=Thin;Thick;EagerlyZeroed +type ProvisioningMode string + +const ( + // ProvisioningModeThin creates the disk using thin provisioning. This means a sparse (allocate on demand) + // format with additional space optimizations. + ProvisioningModeThin ProvisioningMode = "Thin" + + // ProvisioningModeThick creates the disk with all space allocated. + ProvisioningModeThick ProvisioningMode = "Thick" + + // ProvisioningModeEagerlyZeroed creates the disk using eager zero provisioning. An eager zeroed thick disk + // has all space allocated and wiped clean of any previous contents on the physical media at + // creation time. Such disks may take longer time during creation compared to other disk formats. + ProvisioningModeEagerlyZeroed ProvisioningMode = "EagerlyZeroed" +) + // WorkspaceConfig defines a workspace configuration for the vSphere cloud // provider. type Workspace struct { @@ -239,6 +265,9 @@ type VSphereMachineProviderStatus struct { InstanceState *string `json:"instanceState,omitempty"` // conditions is a set of conditions associated with the Machine to indicate // errors or other status + // +listType=map + // +listMapKey=type + // +optional Conditions []metav1.Condition `json:"conditions,omitempty"` // taskRef is a managed object reference to a Task related to the machine. // This value is set automatically at runtime and should not be set or diff --git a/vendor/github.com/openshift/api/machine/v1beta1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/machine/v1beta1/zz_generated.swagger_doc_generated.go index 4c52b6651e..b2e55376fe 100644 --- a/vendor/github.com/openshift/api/machine/v1beta1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/machine/v1beta1/zz_generated.swagger_doc_generated.go @@ -33,6 +33,7 @@ var map_AWSMachineProviderConfig = map[string]string{ "placementGroupName": "placementGroupName specifies the name of the placement group in which to launch the instance. The placement group must already be created and may use any placement strategy. When omitted, no placement group is used when creating the EC2 instance.", "placementGroupPartition": "placementGroupPartition is the partition number within the placement group in which to launch the instance. This must be an integer value between 1 and 7. It is only valid if the placement group, referred in `PlacementGroupName` was created with strategy set to partition.", "capacityReservationId": "capacityReservationId specifies the target Capacity Reservation into which the instance should be launched. The field size should be greater than 0 and the field input must start with cr-***", + "marketType": "marketType specifies the type of market for the EC2 instance. Valid values are OnDemand, Spot, CapacityBlock and omitted.\n\nDefaults to OnDemand. When SpotMarketOptions is provided, the marketType defaults to \"Spot\".\n\nWhen set to OnDemand the instance runs as a standard OnDemand instance. When set to Spot the instance runs as a Spot instance. When set to CapacityBlock the instance utilizes pre-purchased compute capacity (capacity blocks) with AWS Capacity Reservations. If this value is selected, capacityReservationID must be specified to identify the target reservation.", } func (AWSMachineProviderConfig) SwaggerDoc() map[string]string { @@ -444,7 +445,7 @@ var map_GCPMachineProviderSpec = map[string]string{ "onHostMaintenance": "onHostMaintenance determines the behavior when a maintenance event occurs that might cause the instance to reboot. This is required to be set to \"Terminate\" if you want to provision machine with attached GPUs. Otherwise, allowed values are \"Migrate\" and \"Terminate\". If omitted, the platform chooses a default, which is subject to change over time, currently that default is \"Migrate\".", "restartPolicy": "restartPolicy determines the behavior when an instance crashes or the underlying infrastructure provider stops the instance as part of a maintenance event (default \"Always\"). Cannot be \"Always\" with preemptible instances. Otherwise, allowed values are \"Always\" and \"Never\". If omitted, the platform chooses a default, which is subject to change over time, currently that default is \"Always\". RestartPolicy represents AutomaticRestart in GCP compute api", "shieldedInstanceConfig": "shieldedInstanceConfig is the Shielded VM configuration for the VM", - "confidentialCompute": "confidentialCompute Defines whether the instance should have confidential compute enabled. If enabled OnHostMaintenance is required to be set to \"Terminate\". If omitted, the platform chooses a default, which is subject to change over time, currently that default is false.", + "confidentialCompute": "confidentialCompute is an optional field defining whether the instance should have confidential compute enabled or not, and the confidential computing technology of choice. Allowed values are omitted, Disabled, Enabled, AMDEncryptedVirtualization, AMDEncryptedVirtualizationNestedPaging, and IntelTrustedDomainExtensions When set to Disabled, the machine will not be configured to be a confidential computing instance. When set to Enabled, the machine will be configured as a confidential computing instance with no preference on the confidential compute policy used. In this mode, the platform chooses a default that is subject to change over time. Currently, the default is to use AMD Secure Encrypted Virtualization. When set to AMDEncryptedVirtualization, the machine will be configured as a confidential computing instance with AMD Secure Encrypted Virtualization (AMD SEV) as the confidential computing technology. When set to AMDEncryptedVirtualizationNestedPaging, the machine will be configured as a confidential computing instance with AMD Secure Encrypted Virtualization Secure Nested Paging (AMD SEV-SNP) as the confidential computing technology. When set to IntelTrustedDomainExtensions, the machine will be configured as a confidential computing instance with Intel Trusted Domain Extensions (Intel TDX) as the confidential computing technology. If any value other than Disabled is set the selected machine type must support that specific confidential computing technology. The machine series supporting confidential computing technologies can be checked at https://cloud.google.com/confidential-computing/confidential-vm/docs/supported-configurations#all-confidential-vm-instances Currently, AMDEncryptedVirtualization is supported in c2d, n2d, and c3d machines. AMDEncryptedVirtualizationNestedPaging is supported in n2d machines. IntelTrustedDomainExtensions is supported in c3 machines. If any value other than Disabled is set, the selected region must support that specific confidential computing technology. The list of regions supporting confidential computing technologies can be checked at https://cloud.google.com/confidential-computing/confidential-vm/docs/supported-configurations#supported-zones If any value other than Disabled is set onHostMaintenance is required to be set to \"Terminate\". If omitted, the platform chooses a default, which is subject to change over time, currently that default is Disabled.", "resourceManagerTags": "resourceManagerTags is an optional list of tags to apply to the GCP resources created for the cluster. See https://cloud.google.com/resource-manager/docs/tags/tags-overview for information on tagging GCP resources. GCP supports a maximum of 50 tags per resource.", } @@ -784,9 +785,10 @@ func (NetworkSpec) SwaggerDoc() map[string]string { } var map_VSphereDisk = map[string]string{ - "": "VSphereDisk describes additional disks for vSphere.", - "name": "name is used to identify the disk definition. name is required needs to be unique so that it can be used to clearly identify purpose of the disk. It must be at most 80 characters in length and must consist only of alphanumeric characters, hyphens and underscores, and must start and end with an alphanumeric character.", - "sizeGiB": "sizeGiB is the size of the disk in GiB. The maximum supported size 16384 GiB.", + "": "VSphereDisk describes additional disks for vSphere.", + "name": "name is used to identify the disk definition. name is required needs to be unique so that it can be used to clearly identify purpose of the disk. It must be at most 80 characters in length and must consist only of alphanumeric characters, hyphens and underscores, and must start and end with an alphanumeric character.", + "sizeGiB": "sizeGiB is the size of the disk in GiB. The maximum supported size 16384 GiB.", + "provisioningMode": "provisioningMode is an optional field that specifies the provisioning type to be used by this vSphere data disk. Allowed values are \"Thin\", \"Thick\", \"EagerlyZeroed\", and omitted. When set to Thin, the disk will be made using thin provisioning allocating the bare minimum space. When set to Thick, the full disk size will be allocated when disk is created. When set to EagerlyZeroed, the disk will be created using eager zero provisioning. An eager zeroed thick disk has all space allocated and wiped clean of any previous contents on the physical media at creation time. Such disks may take longer time during creation compared to other disk formats. When omitted, no setting will be applied to the data disk and the provisioning mode for the disk will be determined by the default storage policy configured for the datastore in vSphere.", } func (VSphereDisk) SwaggerDoc() map[string]string { diff --git a/vendor/github.com/openshift/api/machineconfiguration/v1/register.go b/vendor/github.com/openshift/api/machineconfiguration/v1/register.go index cddaa85301..46cf07a95d 100644 --- a/vendor/github.com/openshift/api/machineconfiguration/v1/register.go +++ b/vendor/github.com/openshift/api/machineconfiguration/v1/register.go @@ -38,6 +38,8 @@ func addKnownTypes(scheme *runtime.Scheme) error { &MachineOSConfigList{}, &MachineOSBuild{}, &MachineOSBuildList{}, + &PinnedImageSet{}, + &PinnedImageSetList{}, ) metav1.AddToGroupVersion(scheme, GroupVersion) diff --git a/vendor/github.com/openshift/api/machineconfiguration/v1/types_machineosbuild.go b/vendor/github.com/openshift/api/machineconfiguration/v1/types_machineosbuild.go index 8dcebebb8d..beea7e7dcd 100644 --- a/vendor/github.com/openshift/api/machineconfiguration/v1/types_machineosbuild.go +++ b/vendor/github.com/openshift/api/machineconfiguration/v1/types_machineosbuild.go @@ -82,8 +82,6 @@ type MachineOSBuildStatus struct { // conditions are state related conditions for the build. Valid types are: // Prepared, Building, Failed, Interrupted, and Succeeded. // Once a Build is marked as Failed, Interrupted or Succeeded, no future conditions can be set. - // +patchMergeKey=type - // +patchStrategy=merge // +listType=map // +listMapKey=type // +kubebuilder:validation:MaxItems=8 @@ -91,7 +89,7 @@ type MachineOSBuildStatus struct { // +kubebuilder:validation:XValidation:rule="oldSelf.exists(x, x.type=='Interrupted' && x.status=='True') ? self==oldSelf : true",message="once an Interrupted condition is set, conditions are immutable" // +kubebuilder:validation:XValidation:rule="oldSelf.exists(x, x.type=='Succeeded' && x.status=='True') ? self==oldSelf : true",message="once an Succeeded condition is set, conditions are immutable" // +optional - Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"` + Conditions []metav1.Condition `json:"conditions,omitempty"` // builder describes the image builder backend used for this build. // +optional Builder *MachineOSBuilderReference `json:"builder,omitempty"` diff --git a/vendor/github.com/openshift/api/machineconfiguration/v1/types_machineosconfig.go b/vendor/github.com/openshift/api/machineconfiguration/v1/types_machineosconfig.go index 9cf1553d9d..0bc5984b81 100644 --- a/vendor/github.com/openshift/api/machineconfiguration/v1/types_machineosconfig.go +++ b/vendor/github.com/openshift/api/machineconfiguration/v1/types_machineosconfig.go @@ -98,13 +98,11 @@ type MachineOSConfigSpec struct { // MachineOSConfigStatus describes the status this config object and relates it to the builds associated with this MachineOSConfig type MachineOSConfigStatus struct { // conditions are state related conditions for the object. - // +patchMergeKey=type - // +patchStrategy=merge // +listType=map // +listMapKey=type // +optional // TODO(jerzhang): add godoc after conditions are finalized. Also consider adding printer columns. - Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"` + Conditions []metav1.Condition `json:"conditions,omitempty"` // observedGeneration represents the generation of the MachineOSConfig object observed by the Machine Config Operator's build controller. // +kubebuilder:validation:XValidation:rule="self >= oldSelf", message="observedGeneration must not move backwards" // +kubebuilder:validation:Minimum=0 diff --git a/vendor/github.com/openshift/api/machineconfiguration/v1/types_pinnedimageset.go b/vendor/github.com/openshift/api/machineconfiguration/v1/types_pinnedimageset.go new file mode 100644 index 0000000000..240b679b7a --- /dev/null +++ b/vendor/github.com/openshift/api/machineconfiguration/v1/types_pinnedimageset.go @@ -0,0 +1,86 @@ +package v1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// +genclient +// +genclient:nonNamespaced +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=pinnedimagesets,scope=Cluster +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/2198 +// +openshift:file-pattern=cvoRunLevel=0000_80,operatorName=machine-config,operatorOrdering=01 +// +openshift:enable:FeatureGate=PinnedImages +// +kubebuilder:metadata:labels=openshift.io/operator-managed= + +// PinnedImageSet describes a set of images that should be pinned by CRI-O and +// pulled to the nodes which are members of the declared MachineConfigPools. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +type PinnedImageSet struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard object metadata. + // +optional + metav1.ObjectMeta `json:"metadata,omitempty"` + + // spec describes the configuration of this pinned image set. + // +required + Spec PinnedImageSetSpec `json:"spec"` +} + +// PinnedImageSetSpec defines the desired state of a PinnedImageSet. +type PinnedImageSetSpec struct { + // pinnedImages is a list of OCI Image referenced by digest that should be + // pinned and pre-loaded by the nodes of a MachineConfigPool. + // Translates into a new file inside the /etc/crio/crio.conf.d directory + // with content similar to this: + // + // pinned_images = [ + // "quay.io/openshift-release-dev/ocp-release@sha256:...", + // "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:...", + // "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:...", + // ... + // ] + // + // Image references must be by digest. + // A maximum of 500 images may be specified. + // +required + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=500 + // +listType=map + // +listMapKey=name + PinnedImages []PinnedImageRef `json:"pinnedImages"` +} + +// PinnedImageRef represents a reference to an OCI image +type PinnedImageRef struct { + // name is an OCI Image referenced by digest. + // The format of the image pull spec is: host[:port][/namespace]/name@sha256:, + // where the digest must be 64 characters long, and consist only of lowercase hexadecimal characters, a-f and 0-9. + // The length of the whole spec must be between 1 to 447 characters. + // +required + Name ImageDigestFormat `json:"name"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// PinnedImageSetList is a list of PinnedImageSet resources +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +type PinnedImageSetList struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard list metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metav1.ListMeta `json:"metadata,omitempty"` + + // items contains a collection of PinnedImageSet resources. + // +kubebuilder:validation:MaxItems=500 + // +optional + Items []PinnedImageSet `json:"items"` +} diff --git a/vendor/github.com/openshift/api/machineconfiguration/v1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/machineconfiguration/v1/zz_generated.deepcopy.go index 94f9acbd5a..c5abcdddc1 100644 --- a/vendor/github.com/openshift/api/machineconfiguration/v1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/machineconfiguration/v1/zz_generated.deepcopy.go @@ -1225,6 +1225,82 @@ func (in *ObjectReference) DeepCopy() *ObjectReference { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PinnedImageRef) DeepCopyInto(out *PinnedImageRef) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PinnedImageRef. +func (in *PinnedImageRef) DeepCopy() *PinnedImageRef { + if in == nil { + return nil + } + out := new(PinnedImageRef) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PinnedImageSet) DeepCopyInto(out *PinnedImageSet) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PinnedImageSet. +func (in *PinnedImageSet) DeepCopy() *PinnedImageSet { + if in == nil { + return nil + } + out := new(PinnedImageSet) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *PinnedImageSet) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PinnedImageSetList) DeepCopyInto(out *PinnedImageSetList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]PinnedImageSet, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PinnedImageSetList. +func (in *PinnedImageSetList) DeepCopy() *PinnedImageSetList { + if in == nil { + return nil + } + out := new(PinnedImageSetList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *PinnedImageSetList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *PinnedImageSetRef) DeepCopyInto(out *PinnedImageSetRef) { *out = *in @@ -1241,6 +1317,27 @@ func (in *PinnedImageSetRef) DeepCopy() *PinnedImageSetRef { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PinnedImageSetSpec) DeepCopyInto(out *PinnedImageSetSpec) { + *out = *in + if in.PinnedImages != nil { + in, out := &in.PinnedImages, &out.PinnedImages + *out = make([]PinnedImageRef, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PinnedImageSetSpec. +func (in *PinnedImageSetSpec) DeepCopy() *PinnedImageSetSpec { + if in == nil { + return nil + } + out := new(PinnedImageSetSpec) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *PoolSynchronizerStatus) DeepCopyInto(out *PoolSynchronizerStatus) { *out = *in diff --git a/vendor/github.com/openshift/api/machineconfiguration/v1/zz_generated.featuregated-crd-manifests.yaml b/vendor/github.com/openshift/api/machineconfiguration/v1/zz_generated.featuregated-crd-manifests.yaml index bb386656df..de45be4c72 100644 --- a/vendor/github.com/openshift/api/machineconfiguration/v1/zz_generated.featuregated-crd-manifests.yaml +++ b/vendor/github.com/openshift/api/machineconfiguration/v1/zz_generated.featuregated-crd-manifests.yaml @@ -30,7 +30,10 @@ controllerconfigs.machineconfiguration.openshift.io: FeatureGates: - AWSClusterHostedDNS - BareMetalLoadBalancer + - DualReplica + - DyanmicServiceEndpointIBMCloud - GCPClusterHostedDNS + - GCPCustomAPIEndpoints - GCPLabelsTags - HighlyAvailableArbiter - NutanixMultiSubnets @@ -237,3 +240,27 @@ machineosconfigs.machineconfiguration.openshift.io: - OnClusterBuild Version: v1 +pinnedimagesets.machineconfiguration.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/2198 + CRDName: pinnedimagesets.machineconfiguration.openshift.io + Capability: "" + Category: "" + FeatureGates: + - PinnedImages + FilenameOperatorName: machine-config + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_80" + GroupName: machineconfiguration.openshift.io + HasStatus: false + KindName: PinnedImageSet + Labels: + openshift.io/operator-managed: "" + PluralName: pinnedimagesets + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: + - PinnedImages + Version: v1 + diff --git a/vendor/github.com/openshift/api/machineconfiguration/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/machineconfiguration/v1/zz_generated.swagger_doc_generated.go index 22ead771e6..a5d9ff6f23 100644 --- a/vendor/github.com/openshift/api/machineconfiguration/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/machineconfiguration/v1/zz_generated.swagger_doc_generated.go @@ -537,4 +537,42 @@ func (MachineOSImageBuilder) SwaggerDoc() map[string]string { return map_MachineOSImageBuilder } +var map_PinnedImageRef = map[string]string{ + "": "PinnedImageRef represents a reference to an OCI image", + "name": "name is an OCI Image referenced by digest. The format of the image pull spec is: host[:port][/namespace]/name@sha256:, where the digest must be 64 characters long, and consist only of lowercase hexadecimal characters, a-f and 0-9. The length of the whole spec must be between 1 to 447 characters.", +} + +func (PinnedImageRef) SwaggerDoc() map[string]string { + return map_PinnedImageRef +} + +var map_PinnedImageSet = map[string]string{ + "": "PinnedImageSet describes a set of images that should be pinned by CRI-O and pulled to the nodes which are members of the declared MachineConfigPools.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard object metadata.", + "spec": "spec describes the configuration of this pinned image set.", +} + +func (PinnedImageSet) SwaggerDoc() map[string]string { + return map_PinnedImageSet +} + +var map_PinnedImageSetList = map[string]string{ + "": "PinnedImageSetList is a list of PinnedImageSet resources\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "items": "items contains a collection of PinnedImageSet resources.", +} + +func (PinnedImageSetList) SwaggerDoc() map[string]string { + return map_PinnedImageSetList +} + +var map_PinnedImageSetSpec = map[string]string{ + "": "PinnedImageSetSpec defines the desired state of a PinnedImageSet.", + "pinnedImages": "pinnedImages is a list of OCI Image referenced by digest that should be pinned and pre-loaded by the nodes of a MachineConfigPool. Translates into a new file inside the /etc/crio/crio.conf.d directory with content similar to this:\n\n pinned_images = [\n \"quay.io/openshift-release-dev/ocp-release@sha256:...\",\n \"quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:...\",\n \"quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:...\",\n ...\n ]\n\nImage references must be by digest. A maximum of 500 images may be specified.", +} + +func (PinnedImageSetSpec) SwaggerDoc() map[string]string { + return map_PinnedImageSetSpec +} + // AUTO-GENERATED FUNCTIONS END HERE diff --git a/vendor/github.com/openshift/api/machineconfiguration/v1alpha1/types_machineconfignode.go b/vendor/github.com/openshift/api/machineconfiguration/v1alpha1/types_machineconfignode.go index 050b5f683e..965549d4e3 100644 --- a/vendor/github.com/openshift/api/machineconfiguration/v1alpha1/types_machineconfignode.go +++ b/vendor/github.com/openshift/api/machineconfiguration/v1alpha1/types_machineconfignode.go @@ -102,11 +102,10 @@ type MachineConfigNodeSpec struct { // MachineConfigNodeStatus holds the reported information on a particular machine config node. type MachineConfigNodeStatus struct { // conditions represent the observations of a machine config node's current state. - // +patchMergeKey=type - // +patchStrategy=merge // +listType=map // +listMapKey=type - Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"` + // +optional + Conditions []metav1.Condition `json:"conditions,omitempty"` // observedGeneration represents the generation observed by the controller. // This field is updated when the controller observes a change to the desiredConfig in the configVersion of the machine config node spec. // +required diff --git a/vendor/github.com/openshift/api/machineconfiguration/v1alpha1/types_machineosbuild.go b/vendor/github.com/openshift/api/machineconfiguration/v1alpha1/types_machineosbuild.go index d65fd4bce0..7e60fd7cbf 100644 --- a/vendor/github.com/openshift/api/machineconfiguration/v1alpha1/types_machineosbuild.go +++ b/vendor/github.com/openshift/api/machineconfiguration/v1alpha1/types_machineosbuild.go @@ -82,12 +82,10 @@ type MachineOSBuildStatus struct { // conditions are state related conditions for the build. Valid types are: // Prepared, Building, Failed, Interrupted, and Succeeded // once a Build is marked as Failed, no future conditions can be set. This is enforced by the MCO. - // +patchMergeKey=type - // +patchStrategy=merge // +listType=map // +listMapKey=type // +optional - Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"` + Conditions []metav1.Condition `json:"conditions,omitempty"` // ImageBuilderType describes the image builder set in the MachineOSConfig // +optional BuilderReference *MachineOSBuilderReference `json:"builderReference"` diff --git a/vendor/github.com/openshift/api/machineconfiguration/v1alpha1/types_machineosconfig.go b/vendor/github.com/openshift/api/machineconfiguration/v1alpha1/types_machineosconfig.go index 1d9f36c36b..b992b69d02 100644 --- a/vendor/github.com/openshift/api/machineconfiguration/v1alpha1/types_machineosconfig.go +++ b/vendor/github.com/openshift/api/machineconfiguration/v1alpha1/types_machineosconfig.go @@ -60,12 +60,10 @@ type MachineOSConfigSpec struct { // MachineOSConfigStatus describes the status this config object and relates it to the builds associated with this MachineOSConfig type MachineOSConfigStatus struct { // conditions are state related conditions for the config. - // +patchMergeKey=type - // +patchStrategy=merge // +listType=map // +listMapKey=type // +optional - Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"` + Conditions []metav1.Condition `json:"conditions,omitempty"` // observedGeneration represents the generation observed by the controller. // this field is updated when the user changes the configuration in BuildSettings or the MCP this object is associated with. // +required diff --git a/vendor/github.com/openshift/api/machineconfiguration/v1alpha1/types_pinnedimageset.go b/vendor/github.com/openshift/api/machineconfiguration/v1alpha1/types_pinnedimageset.go index 9d097311dd..7373c610a0 100644 --- a/vendor/github.com/openshift/api/machineconfiguration/v1alpha1/types_pinnedimageset.go +++ b/vendor/github.com/openshift/api/machineconfiguration/v1alpha1/types_pinnedimageset.go @@ -36,11 +36,10 @@ type PinnedImageSet struct { // PinnedImageSetStatus describes the current state of a PinnedImageSet. type PinnedImageSetStatus struct { // conditions represent the observations of a pinned image set's current state. - // +patchMergeKey=type - // +patchStrategy=merge // +listType=map // +listMapKey=type - Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"` + // +optional + Conditions []metav1.Condition `json:"conditions,omitempty"` } // PinnedImageSetSpec defines the desired state of a PinnedImageSet. diff --git a/vendor/github.com/openshift/api/monitoring/v1/types.go b/vendor/github.com/openshift/api/monitoring/v1/types.go index fc650d9616..faa250ed32 100644 --- a/vendor/github.com/openshift/api/monitoring/v1/types.go +++ b/vendor/github.com/openshift/api/monitoring/v1/types.go @@ -264,6 +264,8 @@ type AlertRelabelConfigStatus struct { // empty. // // +optional + // +listType=map + // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty"` } diff --git a/vendor/github.com/openshift/api/networkoperator/v1/generated.proto b/vendor/github.com/openshift/api/networkoperator/v1/generated.proto index ebf09e7e9a..1999f71e8d 100644 --- a/vendor/github.com/openshift/api/networkoperator/v1/generated.proto +++ b/vendor/github.com/openshift/api/networkoperator/v1/generated.proto @@ -110,6 +110,8 @@ message EgressRouterSpec { message EgressRouterStatus { // Observed status of the egress router // +required + // +listType=map + // +listMapKey=type repeated EgressRouterStatusCondition conditions = 1; } diff --git a/vendor/github.com/openshift/api/networkoperator/v1/types_egressrouter.go b/vendor/github.com/openshift/api/networkoperator/v1/types_egressrouter.go index 87e279eda8..541c3b5597 100644 --- a/vendor/github.com/openshift/api/networkoperator/v1/types_egressrouter.go +++ b/vendor/github.com/openshift/api/networkoperator/v1/types_egressrouter.go @@ -247,6 +247,8 @@ type EgressRouterStatusCondition struct { type EgressRouterStatus struct { // Observed status of the egress router // +required + // +listType=map + // +listMapKey=type Conditions []EgressRouterStatusCondition `json:"conditions,omitempty" protobuf:"bytes,1,rep,name=conditions"` } diff --git a/vendor/github.com/openshift/api/operator/v1/types.go b/vendor/github.com/openshift/api/operator/v1/types.go index 284dfe54dd..4b0c48a103 100644 --- a/vendor/github.com/openshift/api/operator/v1/types.go +++ b/vendor/github.com/openshift/api/operator/v1/types.go @@ -258,15 +258,21 @@ type StaticPodOperatorStatus struct { // NodeStatus provides information about the current state of a particular node managed by this operator. // +kubebuilder:validation:XValidation:rule="has(self.currentRevision) || !has(oldSelf.currentRevision)",message="cannot be unset once set",fieldPath=".currentRevision" +// +kubebuilder:validation:XValidation:rule="oldSelf.hasValue() || !has(self.currentRevision)",message="currentRevision can not be set on creation of a nodeStatus",optionalOldSelf=true,fieldPath=.currentRevision +// +kubebuilder:validation:XValidation:rule="oldSelf.hasValue() || !has(self.targetRevision)",message="targetRevision can not be set on creation of a nodeStatus",optionalOldSelf=true,fieldPath=.targetRevision type NodeStatus struct { // nodeName is the name of the node // +required NodeName string `json:"nodeName"` - // currentRevision is the generation of the most recently successful deployment + // currentRevision is the generation of the most recently successful deployment. + // Can not be set on creation of a nodeStatus. Updates must only increase the value. // +kubebuilder:validation:XValidation:rule="self >= oldSelf",message="must only increase" - CurrentRevision int32 `json:"currentRevision"` - // targetRevision is the generation of the deployment we're trying to apply + // +optional + CurrentRevision int32 `json:"currentRevision,omitempty"` + // targetRevision is the generation of the deployment we're trying to apply. + // Can not be set on creation of a nodeStatus. + // +optional TargetRevision int32 `json:"targetRevision,omitempty"` // lastFailedRevision is the generation of the deployment we tried and failed to deploy. diff --git a/vendor/github.com/openshift/api/operator/v1/types_console.go b/vendor/github.com/openshift/api/operator/v1/types_console.go index 68d9daa450..c2f25e4e64 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_console.go +++ b/vendor/github.com/openshift/api/operator/v1/types_console.go @@ -143,8 +143,141 @@ type Capability struct { Visibility CapabilityVisibility `json:"visibility"` } +// ThemeMode is the value of the logo theme mode that determines the theme mode in the console UI. +// +kubebuilder:validation:Enum="Dark";"Light" +// +enum +type ThemeMode string + +// ThemeMode values +const ( + // ThemeModeDark represents the dark mode for a console theme. + ThemeModeDark ThemeMode = "Dark" + + // ThemeModeLight represents the light mode for a console theme. + ThemeModeLight ThemeMode = "Light" +) + +// LogoType is the value of the logo type that determines if the logo is for the masthead or the favicon in the console UI. +// The masthead logo is displayed in the masthead and about modal of the console UI. +// +kubebuilder:validation:Enum="Masthead";"Favicon" +// +enum +type LogoType string + +const ( + // Masthead represents the logo in the masthead. + LogoTypeMasthead LogoType = "Masthead" + + // Favicon represents the favicon logo. + LogoTypeFavicon LogoType = "Favicon" +) + +// SourceType defines the source type of the file reference. +// +kubebuilder:validation:Enum="ConfigMap" +// +enum +type SourceType string + +const ( + // SourceTypeConfigMap represents a ConfigMap source. + SourceTypeConfigMap SourceType = "ConfigMap" +) + +// ConfigMapFileReference references a specific file within a ConfigMap. +type ConfigMapFileReference struct { + // name is the name of the ConfigMap. + // name is a required field. + // Must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character. + // Must be at most 253 characters in length. + // +kubebuilder:validation:MaxLength=253 + // +kubebuilder:validation:XValidation:rule="!format.dns1123Subdomain().validate(self).hasValue()",message="a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character." + // +required + Name string `json:"name"` + + // key is the logo key inside the referenced ConfigMap. + // Must consist only of alphanumeric characters, dashes (-), underscores (_), and periods (.). + // Must be at most 253 characters in length. + // Must end in a valid file extension. + // A valid file extension must consist of a period followed by 2 to 5 alpha characters. + // +kubebuilder:validation:MaxLength=253 + // +kubebuilder:validation:XValidation:rule="self.matches('^[a-zA-Z0-9._-]+$')",message="The ConfigMap key must consist only of alphanumeric characters, dashes (-), underscores (_), and periods (.)." + // +kubebuilder:validation:XValidation:rule="self.matches('.*\\\\.[a-zA-Z]{2,5}$')",message="The ConfigMap key must end with a valid file extension (2 to 5 letters)." + // +required + Key string `json:"key"` +} +// FileReferenceSource is used by the console to locate the specified file containing a custom logo. +// +kubebuilder:validation:XValidation:rule="has(self.from) && self.from == 'ConfigMap' ? has(self.configMap) : !has(self.configMap)",message="configMap is required when from is 'ConfigMap', and forbidden otherwise." +type FileReferenceSource struct { + // from is a required field to specify the source type of the file reference. + // Allowed values are ConfigMap. + // When set to ConfigMap, the file will be sourced from a ConfigMap in the openshift-config namespace. The configMap field must be set when from is set to ConfigMap. + // +required + From SourceType `json:"from"` + + // configMap specifies the ConfigMap sourcing details such as the name of the ConfigMap and the key for the file. + // The ConfigMap must exist in the openshift-config namespace. + // Required when from is "ConfigMap", and forbidden otherwise. + // +optional + ConfigMap *ConfigMapFileReference `json:"configMap"` +} + +// Theme defines a theme mode for the console UI. +type Theme struct { + // mode is used to specify what theme mode a logo will apply to in the console UI. + // mode is a required field that allows values of Dark and Light. + // When set to Dark, the logo file referenced in the 'file' field will be used when an end-user of the console UI enables the Dark mode. + // When set to Light, the logo file referenced in the 'file' field will be used when an end-user of the console UI enables the Light mode. + // +required + Mode ThemeMode `json:"mode"` + + // source is used by the console to locate the specified file containing a custom logo. + // source is a required field that references a ConfigMap name and key that contains the custom logo file in the openshift-config namespace. + // You can create it with a command like: + // - 'oc create configmap custom-logos-config --namespace=openshift-config --from-file=/path/to/file' + // The ConfigMap key must include the file extension so that the console serves the file with the correct MIME type. + // The recommended file format for the Masthead and Favicon logos is SVG, but other file formats are allowed if supported by the browser. + // The logo image size must be less than 1 MB due to constraints on the ConfigMap size. + // For more information, see the documentation: https://docs.redhat.com/en/documentation/openshift_container_platform/4.19/html/web_console/customizing-web-console#customizing-web-console + // +required + Source FileReferenceSource `json:"source"` +} + +// Logo defines a configuration based on theme modes for the console UI logo. +type Logo struct { + // type specifies the type of the logo for the console UI. It determines whether the logo is for the masthead or favicon. + // type is a required field that allows values of Masthead and Favicon. + // When set to "Masthead", the logo will be used in the masthead and about modal of the console UI. + // When set to "Favicon", the logo will be used as the favicon of the console UI. + // +required + Type LogoType `json:"type"` + + // themes specifies the themes for the console UI logo. + // themes is a required field that allows a list of themes. Each item in the themes list must have a unique mode and a source field. + // Each mode determines whether the logo is for the dark or light mode of the console UI. + // If a theme is not specified, the default OpenShift logo will be displayed for that theme. + // There must be at least one entry and no more than 2 entries. + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=2 + // +listType=map + // +listMapKey=mode + // +required + Themes []Theme `json:"themes"` +} + // ConsoleCustomization defines a list of optional configuration for the console UI. +// Ensure that Logos and CustomLogoFile cannot be set at the same time. +// +kubebuilder:validation:XValidation:rule="!(has(self.logos) && has(self.customLogoFile))",message="Only one of logos or customLogoFile can be set." type ConsoleCustomization struct { + // logos is used to replace the OpenShift Masthead and Favicon logos in the console UI with custom logos. + // logos is an optional field that allows a list of logos. + // Only one of logos or customLogoFile can be set at a time. + // If logos is set, customLogoFile must be unset. + // When specified, there must be at least one entry and no more than 2 entries. + // Each type must appear only once in the list. + // +kubebuilder:validation:MaxItems=2 + // +listType=map + // +listMapKey=type + // +optional + Logos []Logo `json:"logos"` + // capabilities defines an array of capabilities that can be interacted with in the console UI. // Each capability defines a visual state that can be interacted with the console to render in the UI. // Available capabilities are LightspeedButton and GettingStartedBanner. @@ -172,14 +305,14 @@ type ConsoleCustomization struct { // +optional CustomProductName string `json:"customProductName,omitempty"` // customLogoFile replaces the default OpenShift logo in the masthead and about dialog. It is a reference to a + // Only one of customLogoFile or logos can be set at a time. // ConfigMap in the openshift-config namespace. This can be created with a command like // 'oc create configmap custom-logo --from-file=/path/to/file -n openshift-config'. // Image size must be less than 1 MB due to constraints on the ConfigMap size. // The ConfigMap key should include a file extension so that the console serves the file // with the correct MIME type. - // Recommended logo specifications: - // Dimensions: Max height of 68px and max width of 200px - // SVG format preferred + // The recommended file format for the logo is SVG, but other file formats are allowed if supported by the browser. + // Deprecated: Use logos instead. // +optional CustomLogoFile configv1.ConfigMapFileReference `json:"customLogoFile,omitempty"` // developerCatalog allows to configure the shown developer catalog categories (filters) and types (sub-catalogs). diff --git a/vendor/github.com/openshift/api/operator/v1/types_csi_cluster_driver.go b/vendor/github.com/openshift/api/operator/v1/types_csi_cluster_driver.go index 731323750a..b25133a42f 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_csi_cluster_driver.go +++ b/vendor/github.com/openshift/api/operator/v1/types_csi_cluster_driver.go @@ -369,6 +369,21 @@ type VSphereCSIDriverConfigSpec struct { // +openshift:enable:FeatureGate=VSphereDriverConfiguration // +optional GranularMaxSnapshotsPerBlockVolumeInVVOL *uint32 `json:"granularMaxSnapshotsPerBlockVolumeInVVOL,omitempty"` + + // maxAllowedBlockVolumesPerNode is an optional configuration parameter that allows setting a custom value for the + // limit of the number of PersistentVolumes attached to a node. In vSphere version 7 this limit was set to 59 by + // default, however in vSphere version 8 this limit was increased to 255. + // Before increasing this value above 59 the cluster administrator needs to ensure that every node forming the + // cluster is updated to ESXi version 8 or higher and that all nodes are running the same version. + // The limit must be between 1 and 255, which matches the vSphere version 8 maximum. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to + // change over time. + // The current default is 59, which matches the limit for vSphere version 7. + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=255 + // +openshift:enable:FeatureGate=VSphereConfigurableMaxAllowedBlockVolumesPerNode + // +optional + MaxAllowedBlockVolumesPerNode int32 `json:"maxAllowedBlockVolumesPerNode,omitempty"` } // ClusterCSIDriverStatus is the observed status of CSI driver operator diff --git a/vendor/github.com/openshift/api/operator/v1/types_machineconfiguration.go b/vendor/github.com/openshift/api/operator/v1/types_machineconfiguration.go index 88b89f8188..4c53734d86 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_machineconfiguration.go +++ b/vendor/github.com/openshift/api/operator/v1/types_machineconfiguration.go @@ -41,8 +41,10 @@ type MachineConfigurationSpec struct { // managedBootImages allows configuration for the management of boot images for machine // resources within the cluster. This configuration allows users to select resources that should // be updated to the latest boot images during cluster upgrades, ensuring that new machines - // always boot with the current cluster version's boot image. When omitted, no boot images - // will be updated. + // always boot with the current cluster version's boot image. When omitted, this means no opinion + // and the platform is left to choose a reasonable default, which is subject to change over time. + // The default for each machine manager mode is All for GCP and AWS platforms, and None for all + // other platforms. // +openshift:enable:FeatureGate=ManagedBootImages // +optional ManagedBootImages ManagedBootImages `json:"managedBootImages"` @@ -62,11 +64,10 @@ type MachineConfigurationStatus struct { ObservedGeneration int64 `json:"observedGeneration,omitempty"` // conditions is a list of conditions and their status - // +patchMergeKey=type - // +patchStrategy=merge // +listType=map // +listMapKey=type - Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"` + // +optional + Conditions []metav1.Condition `json:"conditions,omitempty"` // Previously there was a StaticPodOperatorStatus here for legacy reasons. Many of the fields within // it are no longer relevant for the MachineConfiguration CRD's functions. The following remainder @@ -96,6 +97,12 @@ type MachineConfigurationStatus struct { // +openshift:enable:FeatureGate=NodeDisruptionPolicy // +optional NodeDisruptionPolicyStatus NodeDisruptionPolicyStatus `json:"nodeDisruptionPolicyStatus"` + + // managedBootImagesStatus reflects what the latest cluster-validated boot image configuration is + // and will be used by Machine Config Controller while performing boot image updates. + // +openshift:enable:FeatureGate=ManagedBootImages + // +optional + ManagedBootImagesStatus ManagedBootImages `json:"managedBootImagesStatus"` } // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object @@ -122,6 +129,7 @@ type ManagedBootImages struct { // +listType=map // +listMapKey=resource // +listMapKey=apiGroup + // +kubebuilder:validation:MaxItems=5 MachineManagers []MachineManager `json:"machineManagers"` } @@ -152,6 +160,7 @@ type MachineManagerSelector struct { // Valid values are All and Partial. // All means that every resource matched by the machine manager will be updated. // Partial requires specified selector(s) and allows customisation of which resources matched by the machine manager will be updated. + // None means that every resource matched by the machine manager will not be updated. // +unionDiscriminator // +required Mode MachineManagerSelectorMode `json:"mode"` @@ -170,7 +179,7 @@ type PartialSelector struct { } // MachineManagerSelectorMode is a string enum used in the MachineManagerSelector union discriminator. -// +kubebuilder:validation:Enum:="All";"Partial" +// +kubebuilder:validation:Enum:="All";"Partial";"None" type MachineManagerSelectorMode string const ( @@ -180,6 +189,9 @@ const ( // Partial represents a configuration mode that will register resources specified by the parent MachineManager only // if they match with the label selector. Partial MachineManagerSelectorMode = "Partial" + + // None represents a configuration mode that excludes all resources specified by the parent MachineManager from boot image updates. + None MachineManagerSelectorMode = "None" ) // MachineManagerManagedResourceType is a string enum used in the MachineManager type to describe the resource diff --git a/vendor/github.com/openshift/api/operator/v1/types_network.go b/vendor/github.com/openshift/api/operator/v1/types_network.go index b4b0a6d6d6..713939ddbb 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_network.go +++ b/vendor/github.com/openshift/api/operator/v1/types_network.go @@ -79,9 +79,10 @@ type NetworkSpec struct { // +listMapKey=name AdditionalNetworks []AdditionalNetworkDefinition `json:"additionalNetworks,omitempty"` - // disableMultiNetwork specifies whether or not multiple pod network - // support should be disabled. If unset, this property defaults to - // 'false' and multiple network support is enabled. + // disableMultiNetwork defaults to 'false' and this setting enables the pod multi-networking capability. + // disableMultiNetwork when set to 'true' at cluster install time does not install the components, typically the Multus CNI and the network-attachment-definition CRD, + // that enable the pod multi-networking capability. Setting the parameter to 'true' might be useful when you need install third-party CNI plugins, + // but these plugins are not supported by Red Hat. Changing the parameter value as a postinstallation cluster task has no effect. DisableMultiNetwork *bool `json:"disableMultiNetwork,omitempty"` // useMultiNetworkPolicy enables a controller which allows for @@ -440,7 +441,7 @@ type OVNKubernetesConfig struct { // any other subnet being used by OpenShift or by the node network. The size of the // subnet must be larger than the number of nodes. The value cannot be changed // after installation. - // Default is fd98::/48 + // Default is fd98::/64 // +optional V6InternalSubnet string `json:"v6InternalSubnet,omitempty"` // egressIPConfig holds the configuration for EgressIP options. @@ -529,7 +530,7 @@ type IPv6OVNKubernetesConfig struct { // subnet must be larger than the number of nodes. The value cannot be changed // after installation. // The subnet must be large enough to accomadate one IP per node in your cluster - // The current default value is fd98::/48 + // The current default value is fd98::/64 // The value must be in proper IPV6 CIDR format // Note that IPV6 dual addresses are not permitted // +kubebuilder:validation:MaxLength=48 @@ -579,8 +580,6 @@ type Encapsulation string const ( // EncapsulationAlways always enable UDP encapsulation regardless of whether NAT is detected. EncapsulationAlways = "Always" - // EncapsulationNever never enable UDP encapsulation even if NAT is present. - EncapsulationNever = "Never" // EncapsulationAuto enable UDP encapsulation based on the detection of NAT. EncapsulationAuto = "Auto" ) @@ -591,13 +590,12 @@ type IPsecFullModeConfig struct { // encapsulation option to configure libreswan on how inter-pod traffic across nodes // are encapsulated to handle NAT traversal. When configured it uses UDP port 4500 // for the encapsulation. - // Valid values are Always, Never, Auto and omitted. + // Valid values are Always, Auto and omitted. // Always means enable UDP encapsulation regardless of whether NAT is detected. - // Disable means never enable UDP encapsulation even if NAT is present. // Auto means enable UDP encapsulation based on the detection of NAT. // When omitted, this means no opinion and the platform is left to choose a reasonable // default, which is subject to change over time. The current default is Auto. - // +kubebuilder:validation:Enum:=Always;Never;Auto + // +kubebuilder:validation:Enum:=Always;Auto // +optional Encapsulation Encapsulation `json:"encapsulation,omitempty"` } diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go index 700ae5e695..1257a66e71 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go @@ -849,6 +849,22 @@ func (in *ConfigList) DeepCopyObject() runtime.Object { return nil } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ConfigMapFileReference) DeepCopyInto(out *ConfigMapFileReference) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConfigMapFileReference. +func (in *ConfigMapFileReference) DeepCopy() *ConfigMapFileReference { + if in == nil { + return nil + } + out := new(ConfigMapFileReference) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ConfigSpec) DeepCopyInto(out *ConfigSpec) { *out = *in @@ -931,6 +947,13 @@ func (in *ConsoleConfigRoute) DeepCopy() *ConsoleConfigRoute { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ConsoleCustomization) DeepCopyInto(out *ConsoleCustomization) { *out = *in + if in.Logos != nil { + in, out := &in.Logos, &out.Logos + *out = make([]Logo, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.Capabilities != nil { in, out := &in.Capabilities, &out.Capabilities *out = make([]Capability, len(*in)) @@ -1598,6 +1621,27 @@ func (in *FeaturesMigration) DeepCopy() *FeaturesMigration { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *FileReferenceSource) DeepCopyInto(out *FileReferenceSource) { + *out = *in + if in.ConfigMap != nil { + in, out := &in.ConfigMap, &out.ConfigMap + *out = new(ConfigMapFileReference) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FileReferenceSource. +func (in *FileReferenceSource) DeepCopy() *FileReferenceSource { + if in == nil { + return nil + } + out := new(FileReferenceSource) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ForwardPlugin) DeepCopyInto(out *ForwardPlugin) { *out = *in @@ -3035,6 +3079,29 @@ func (in *LoggingDestination) DeepCopy() *LoggingDestination { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Logo) DeepCopyInto(out *Logo) { + *out = *in + if in.Themes != nil { + in, out := &in.Themes, &out.Themes + *out = make([]Theme, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Logo. +func (in *Logo) DeepCopy() *Logo { + if in == nil { + return nil + } + out := new(Logo) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *MTUMigration) DeepCopyInto(out *MTUMigration) { *out = *in @@ -3178,6 +3245,7 @@ func (in *MachineConfigurationStatus) DeepCopyInto(out *MachineConfigurationStat } } in.NodeDisruptionPolicyStatus.DeepCopyInto(&out.NodeDisruptionPolicyStatus) + in.ManagedBootImagesStatus.DeepCopyInto(&out.ManagedBootImagesStatus) return } @@ -5276,6 +5344,23 @@ func (in *SyslogLoggingDestinationParameters) DeepCopy() *SyslogLoggingDestinati return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Theme) DeepCopyInto(out *Theme) { + *out = *in + in.Source.DeepCopyInto(&out.Source) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Theme. +func (in *Theme) DeepCopy() *Theme { + if in == nil { + return nil + } + out := new(Theme) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Upstream) DeepCopyInto(out *Upstream) { *out = *in diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.featuregated-crd-manifests.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.featuregated-crd-manifests.yaml index 6d4e3cf232..81f2a87a99 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.featuregated-crd-manifests.yaml +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.featuregated-crd-manifests.yaml @@ -70,6 +70,7 @@ clustercsidrivers.operator.openshift.io: Category: "" FeatureGates: - AWSEFSDriverVolumeMetrics + - VSphereConfigurableMaxAllowedBlockVolumesPerNode - VSphereDriverConfiguration FilenameOperatorName: csi-driver FilenameOperatorOrdering: "01" diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go index 93eca5730f..a0fa4fe475 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go @@ -37,8 +37,8 @@ func (MyOperatorResource) SwaggerDoc() map[string]string { var map_NodeStatus = map[string]string{ "": "NodeStatus provides information about the current state of a particular node managed by this operator.", "nodeName": "nodeName is the name of the node", - "currentRevision": "currentRevision is the generation of the most recently successful deployment", - "targetRevision": "targetRevision is the generation of the deployment we're trying to apply", + "currentRevision": "currentRevision is the generation of the most recently successful deployment. Can not be set on creation of a nodeStatus. Updates must only increase the value.", + "targetRevision": "targetRevision is the generation of the deployment we're trying to apply. Can not be set on creation of a nodeStatus.", "lastFailedRevision": "lastFailedRevision is the generation of the deployment we tried and failed to deploy.", "lastFailedTime": "lastFailedTime is the time the last failed revision failed the last time.", "lastFailedReason": "lastFailedReason is a machine readable failure reason string.", @@ -227,6 +227,16 @@ func (CapabilityVisibility) SwaggerDoc() map[string]string { return map_CapabilityVisibility } +var map_ConfigMapFileReference = map[string]string{ + "": "ConfigMapFileReference references a specific file within a ConfigMap.", + "name": "name is the name of the ConfigMap. name is a required field. Must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character. Must be at most 253 characters in length.", + "key": "key is the logo key inside the referenced ConfigMap. Must consist only of alphanumeric characters, dashes (-), underscores (_), and periods (.). Must be at most 253 characters in length. Must end in a valid file extension. A valid file extension must consist of a period followed by 2 to 5 alpha characters.", +} + +func (ConfigMapFileReference) SwaggerDoc() map[string]string { + return map_ConfigMapFileReference +} + var map_Console = map[string]string{ "": "Console provides a means to configure an operator to manage the console.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", @@ -247,12 +257,13 @@ func (ConsoleConfigRoute) SwaggerDoc() map[string]string { } var map_ConsoleCustomization = map[string]string{ - "": "ConsoleCustomization defines a list of optional configuration for the console UI.", + "": "ConsoleCustomization defines a list of optional configuration for the console UI. Ensure that Logos and CustomLogoFile cannot be set at the same time.", + "logos": "logos is used to replace the OpenShift Masthead and Favicon logos in the console UI with custom logos. logos is an optional field that allows a list of logos. Only one of logos or customLogoFile can be set at a time. If logos is set, customLogoFile must be unset. When specified, there must be at least one entry and no more than 2 entries. Each type must appear only once in the list.", "capabilities": "capabilities defines an array of capabilities that can be interacted with in the console UI. Each capability defines a visual state that can be interacted with the console to render in the UI. Available capabilities are LightspeedButton and GettingStartedBanner. Each of the available capabilities may appear only once in the list.", "brand": "brand is the default branding of the web console which can be overridden by providing the brand field. There is a limited set of specific brand options. This field controls elements of the console such as the logo. Invalid value will prevent a console rollout.", "documentationBaseURL": "documentationBaseURL links to external documentation are shown in various sections of the web console. Providing documentationBaseURL will override the default documentation URL. Invalid value will prevent a console rollout.", "customProductName": "customProductName is the name that will be displayed in page titles, logo alt text, and the about dialog instead of the normal OpenShift product name.", - "customLogoFile": "customLogoFile replaces the default OpenShift logo in the masthead and about dialog. It is a reference to a ConfigMap in the openshift-config namespace. This can be created with a command like 'oc create configmap custom-logo --from-file=/path/to/file -n openshift-config'. Image size must be less than 1 MB due to constraints on the ConfigMap size. The ConfigMap key should include a file extension so that the console serves the file with the correct MIME type. Recommended logo specifications: Dimensions: Max height of 68px and max width of 200px SVG format preferred", + "customLogoFile": "customLogoFile replaces the default OpenShift logo in the masthead and about dialog. It is a reference to a Only one of customLogoFile or logos can be set at a time. ConfigMap in the openshift-config namespace. This can be created with a command like 'oc create configmap custom-logo --from-file=/path/to/file -n openshift-config'. Image size must be less than 1 MB due to constraints on the ConfigMap size. The ConfigMap key should include a file extension so that the console serves the file with the correct MIME type. The recommended file format for the logo is SVG, but other file formats are allowed if supported by the browser. Deprecated: Use logos instead.", "developerCatalog": "developerCatalog allows to configure the shown developer catalog categories (filters) and types (sub-catalogs).", "projectAccess": "projectAccess allows customizing the available list of ClusterRoles in the Developer perspective Project access page which can be used by a project admin to specify roles to other users and restrict access within the project. If set, the list will replace the default ClusterRole options.", "quickStarts": "quickStarts allows customization of available ConsoleQuickStart resources in console.", @@ -344,6 +355,16 @@ func (DeveloperConsoleCatalogTypes) SwaggerDoc() map[string]string { return map_DeveloperConsoleCatalogTypes } +var map_FileReferenceSource = map[string]string{ + "": "FileReferenceSource is used by the console to locate the specified file containing a custom logo.", + "from": "from is a required field to specify the source type of the file reference. Allowed values are ConfigMap. When set to ConfigMap, the file will be sourced from a ConfigMap in the openshift-config namespace. The configMap field must be set when from is set to ConfigMap.", + "configMap": "configMap specifies the ConfigMap sourcing details such as the name of the ConfigMap and the key for the file. The ConfigMap must exist in the openshift-config namespace. Required when from is \"ConfigMap\", and forbidden otherwise.", +} + +func (FileReferenceSource) SwaggerDoc() map[string]string { + return map_FileReferenceSource +} + var map_Ingress = map[string]string{ "": "Ingress allows cluster admin to configure alternative ingress for the console.", "consoleURL": "consoleURL is a URL to be used as the base console address. If not specified, the console route hostname will be used. This field is required for clusters without ingress capability, where access to routes is not possible. Make sure that appropriate ingress is set up at this URL. The console operator will monitor the URL and may go degraded if it's unreachable for an extended period. Must use the HTTPS scheme.", @@ -354,6 +375,16 @@ func (Ingress) SwaggerDoc() map[string]string { return map_Ingress } +var map_Logo = map[string]string{ + "": "Logo defines a configuration based on theme modes for the console UI logo.", + "type": "type specifies the type of the logo for the console UI. It determines whether the logo is for the masthead or favicon. type is a required field that allows values of Masthead and Favicon. When set to \"Masthead\", the logo will be used in the masthead and about modal of the console UI. When set to \"Favicon\", the logo will be used as the favicon of the console UI.", + "themes": "themes specifies the themes for the console UI logo. themes is a required field that allows a list of themes. Each item in the themes list must have a unique mode and a source field. Each mode determines whether the logo is for the dark or light mode of the console UI. If a theme is not specified, the default OpenShift logo will be displayed for that theme. There must be at least one entry and no more than 2 entries.", +} + +func (Logo) SwaggerDoc() map[string]string { + return map_Logo +} + var map_Perspective = map[string]string{ "": "Perspective defines a perspective that cluster admins want to show/hide in the perspective switcher dropdown", "id": "id defines the id of the perspective. Example: \"dev\", \"admin\". The available perspective ids can be found in the code snippet section next to the yaml editor. Incorrect or unknown ids will be ignored.", @@ -423,6 +454,16 @@ func (StatuspageProvider) SwaggerDoc() map[string]string { return map_StatuspageProvider } +var map_Theme = map[string]string{ + "": "Theme defines a theme mode for the console UI.", + "mode": "mode is used to specify what theme mode a logo will apply to in the console UI. mode is a required field that allows values of Dark and Light. When set to Dark, the logo file referenced in the 'file' field will be used when an end-user of the console UI enables the Dark mode. When set to Light, the logo file referenced in the 'file' field will be used when an end-user of the console UI enables the Light mode.", + "source": "source is used by the console to locate the specified file containing a custom logo. source is a required field that references a ConfigMap name and key that contains the custom logo file in the openshift-config namespace. You can create it with a command like: - 'oc create configmap custom-logos-config --namespace=openshift-config --from-file=/path/to/file' The ConfigMap key must include the file extension so that the console serves the file with the correct MIME type. The recommended file format for the Masthead and Favicon logos is SVG, but other file formats are allowed if supported by the browser. The logo image size must be less than 1 MB due to constraints on the ConfigMap size. For more information, see the documentation: https://docs.redhat.com/en/documentation/openshift_container_platform/4.19/html/web_console/customizing-web-console#customizing-web-console", +} + +func (Theme) SwaggerDoc() map[string]string { + return map_Theme +} + var map_AWSCSIDriverConfigSpec = map[string]string{ "": "AWSCSIDriverConfigSpec defines properties that can be configured for the AWS CSI driver.", "kmsKeyARN": "kmsKeyARN sets the cluster default storage class to encrypt volumes with a user-defined KMS key, rather than the default KMS key used by AWS. The value may be either the ARN or Alias ARN of a KMS key.", @@ -561,6 +602,7 @@ var map_VSphereCSIDriverConfigSpec = map[string]string{ "globalMaxSnapshotsPerBlockVolume": "globalMaxSnapshotsPerBlockVolume is a global configuration parameter that applies to volumes on all kinds of datastores. If omitted, the platform chooses a default, which is subject to change over time, currently that default is 3. Snapshots can not be disabled using this parameter. Increasing number of snapshots above 3 can have negative impact on performance, for more details see: https://kb.vmware.com/s/article/1025279 Volume snapshot documentation: https://docs.vmware.com/en/VMware-vSphere-Container-Storage-Plug-in/3.0/vmware-vsphere-csp-getting-started/GUID-E0B41C69-7EEB-450F-A73D-5FD2FF39E891.html", "granularMaxSnapshotsPerBlockVolumeInVSAN": "granularMaxSnapshotsPerBlockVolumeInVSAN is a granular configuration parameter on vSAN datastore only. It overrides GlobalMaxSnapshotsPerBlockVolume if set, while it falls back to the global constraint if unset. Snapshots for VSAN can not be disabled using this parameter.", "granularMaxSnapshotsPerBlockVolumeInVVOL": "granularMaxSnapshotsPerBlockVolumeInVVOL is a granular configuration parameter on Virtual Volumes datastore only. It overrides GlobalMaxSnapshotsPerBlockVolume if set, while it falls back to the global constraint if unset. Snapshots for VVOL can not be disabled using this parameter.", + "maxAllowedBlockVolumesPerNode": "maxAllowedBlockVolumesPerNode is an optional configuration parameter that allows setting a custom value for the limit of the number of PersistentVolumes attached to a node. In vSphere version 7 this limit was set to 59 by default, however in vSphere version 8 this limit was increased to 255. Before increasing this value above 59 the cluster administrator needs to ensure that every node forming the cluster is updated to ESXi version 8 or higher and that all nodes are running the same version. The limit must be between 1 and 255, which matches the vSphere version 8 maximum. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is 59, which matches the limit for vSphere version 7.", } func (VSphereCSIDriverConfigSpec) SwaggerDoc() map[string]string { @@ -1359,7 +1401,7 @@ func (MachineConfigurationList) SwaggerDoc() map[string]string { } var map_MachineConfigurationSpec = map[string]string{ - "managedBootImages": "managedBootImages allows configuration for the management of boot images for machine resources within the cluster. This configuration allows users to select resources that should be updated to the latest boot images during cluster upgrades, ensuring that new machines always boot with the current cluster version's boot image. When omitted, no boot images will be updated.", + "managedBootImages": "managedBootImages allows configuration for the management of boot images for machine resources within the cluster. This configuration allows users to select resources that should be updated to the latest boot images during cluster upgrades, ensuring that new machines always boot with the current cluster version's boot image. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default for each machine manager mode is All for GCP and AWS platforms, and None for all other platforms.", "nodeDisruptionPolicy": "nodeDisruptionPolicy allows an admin to set granular node disruption actions for MachineConfig-based updates, such as drains, service reloads, etc. Specifying this will allow for less downtime when doing small configuration updates to the cluster. This configuration has no effect on cluster upgrades which will still incur node disruption where required.", } @@ -1371,6 +1413,7 @@ var map_MachineConfigurationStatus = map[string]string{ "observedGeneration": "observedGeneration is the last generation change you've dealt with", "conditions": "conditions is a list of conditions and their status", "nodeDisruptionPolicyStatus": "nodeDisruptionPolicyStatus status reflects what the latest cluster-validated policies are, and will be used by the Machine Config Daemon during future node updates.", + "managedBootImagesStatus": "managedBootImagesStatus reflects what the latest cluster-validated boot image configuration is and will be used by Machine Config Controller while performing boot image updates.", } func (MachineConfigurationStatus) SwaggerDoc() map[string]string { @@ -1389,7 +1432,7 @@ func (MachineManager) SwaggerDoc() map[string]string { } var map_MachineManagerSelector = map[string]string{ - "mode": "mode determines how machine managers will be selected for updates. Valid values are All and Partial. All means that every resource matched by the machine manager will be updated. Partial requires specified selector(s) and allows customisation of which resources matched by the machine manager will be updated.", + "mode": "mode determines how machine managers will be selected for updates. Valid values are All and Partial. All means that every resource matched by the machine manager will be updated. Partial requires specified selector(s) and allows customisation of which resources matched by the machine manager will be updated. None means that every resource matched by the machine manager will not be updated.", "partial": "partial provides label selector(s) that can be used to match machine management resources. Only permitted when mode is set to \"Partial\".", } @@ -1660,7 +1703,7 @@ func (IPsecConfig) SwaggerDoc() map[string]string { var map_IPsecFullModeConfig = map[string]string{ "": "IPsecFullModeConfig defines configuration parameters for the IPsec `Full` mode.", - "encapsulation": "encapsulation option to configure libreswan on how inter-pod traffic across nodes are encapsulated to handle NAT traversal. When configured it uses UDP port 4500 for the encapsulation. Valid values are Always, Never, Auto and omitted. Always means enable UDP encapsulation regardless of whether NAT is detected. Disable means never enable UDP encapsulation even if NAT is present. Auto means enable UDP encapsulation based on the detection of NAT. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is Auto.", + "encapsulation": "encapsulation option to configure libreswan on how inter-pod traffic across nodes are encapsulated to handle NAT traversal. When configured it uses UDP port 4500 for the encapsulation. Valid values are Always, Auto and omitted. Always means enable UDP encapsulation regardless of whether NAT is detected. Auto means enable UDP encapsulation based on the detection of NAT. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is Auto.", } func (IPsecFullModeConfig) SwaggerDoc() map[string]string { @@ -1696,7 +1739,7 @@ func (IPv6GatewayConfig) SwaggerDoc() map[string]string { var map_IPv6OVNKubernetesConfig = map[string]string{ "internalTransitSwitchSubnet": "internalTransitSwitchSubnet is a v4 subnet in IPV4 CIDR format used internally by OVN-Kubernetes for the distributed transit switch in the OVN Interconnect architecture that connects the cluster routers on each node together to enable east west traffic. The subnet chosen should not overlap with other networks specified for OVN-Kubernetes as well as other networks used on the host. The value cannot be changed after installation. When ommitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. The subnet must be large enough to accomadate one IP per node in your cluster The current default subnet is fd97::/64 The value must be in proper IPV6 CIDR format Note that IPV6 dual addresses are not permitted", - "internalJoinSubnet": "internalJoinSubnet is a v6 subnet used internally by ovn-kubernetes in case the default one is being already used by something else. It must not overlap with any other subnet being used by OpenShift or by the node network. The size of the subnet must be larger than the number of nodes. The value cannot be changed after installation. The subnet must be large enough to accomadate one IP per node in your cluster The current default value is fd98::/48 The value must be in proper IPV6 CIDR format Note that IPV6 dual addresses are not permitted", + "internalJoinSubnet": "internalJoinSubnet is a v6 subnet used internally by ovn-kubernetes in case the default one is being already used by something else. It must not overlap with any other subnet being used by OpenShift or by the node network. The size of the subnet must be larger than the number of nodes. The value cannot be changed after installation. The subnet must be large enough to accomadate one IP per node in your cluster The current default value is fd98::/64 The value must be in proper IPV6 CIDR format Note that IPV6 dual addresses are not permitted", } func (IPv6OVNKubernetesConfig) SwaggerDoc() map[string]string { @@ -1767,7 +1810,7 @@ var map_NetworkSpec = map[string]string{ "serviceNetwork": "serviceNetwork is the ip address pool to use for Service IPs Currently, all existing network providers only support a single value here, but this is an array to allow for growth.", "defaultNetwork": "defaultNetwork is the \"default\" network that all pods will receive", "additionalNetworks": "additionalNetworks is a list of extra networks to make available to pods when multiple networks are enabled.", - "disableMultiNetwork": "disableMultiNetwork specifies whether or not multiple pod network support should be disabled. If unset, this property defaults to 'false' and multiple network support is enabled.", + "disableMultiNetwork": "disableMultiNetwork defaults to 'false' and this setting enables the pod multi-networking capability. disableMultiNetwork when set to 'true' at cluster install time does not install the components, typically the Multus CNI and the network-attachment-definition CRD, that enable the pod multi-networking capability. Setting the parameter to 'true' might be useful when you need install third-party CNI plugins, but these plugins are not supported by Red Hat. Changing the parameter value as a postinstallation cluster task has no effect.", "useMultiNetworkPolicy": "useMultiNetworkPolicy enables a controller which allows for MultiNetworkPolicy objects to be used on additional networks as created by Multus CNI. MultiNetworkPolicy are similar to NetworkPolicy objects, but NetworkPolicy objects only apply to the primary interface. With MultiNetworkPolicy, you can control the traffic that a pod can receive over the secondary interfaces. If unset, this property defaults to 'false' and MultiNetworkPolicy objects are ignored. If 'disableMultiNetwork' is 'true' then the value of this field is ignored.", "deployKubeProxy": "deployKubeProxy specifies whether or not a standalone kube-proxy should be deployed by the operator. Some network providers include kube-proxy or similar functionality. If unset, the plugin will attempt to select the correct value, which is false when ovn-kubernetes is used and true otherwise.", "disableNetworkDiagnostics": "disableNetworkDiagnostics specifies whether or not PodNetworkConnectivityCheck CRs from a test pod to every node, apiserver and LB should be disabled or not. If unset, this property defaults to 'false' and network diagnostics is enabled. Setting this to 'true' would reduce the additional load of the pods performing the checks.", @@ -1798,7 +1841,7 @@ var map_OVNKubernetesConfig = map[string]string{ "policyAuditConfig": "policyAuditConfig is the configuration for network policy audit events. If unset, reported defaults are used.", "gatewayConfig": "gatewayConfig holds the configuration for node gateway options.", "v4InternalSubnet": "v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the default one is being already used by something else. It must not overlap with any other subnet being used by OpenShift or by the node network. The size of the subnet must be larger than the number of nodes. The value cannot be changed after installation. Default is 100.64.0.0/16", - "v6InternalSubnet": "v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the default one is being already used by something else. It must not overlap with any other subnet being used by OpenShift or by the node network. The size of the subnet must be larger than the number of nodes. The value cannot be changed after installation. Default is fd98::/48", + "v6InternalSubnet": "v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the default one is being already used by something else. It must not overlap with any other subnet being used by OpenShift or by the node network. The size of the subnet must be larger than the number of nodes. The value cannot be changed after installation. Default is fd98::/64", "egressIPConfig": "egressIPConfig holds the configuration for EgressIP options.", "ipv4": "ipv4 allows users to configure IP settings for IPv4 connections. When ommitted, this means no opinions and the default configuration is used. Check individual fields within ipv4 for details of default values.", "ipv6": "ipv6 allows users to configure IP settings for IPv6 connections. When ommitted, this means no opinions and the default configuration is used. Check individual fields within ipv4 for details of default values.", diff --git a/vendor/github.com/openshift/api/operator/v1alpha1/register.go b/vendor/github.com/openshift/api/operator/v1alpha1/register.go index 0921431c05..3e9b09cced 100644 --- a/vendor/github.com/openshift/api/operator/v1alpha1/register.go +++ b/vendor/github.com/openshift/api/operator/v1alpha1/register.go @@ -39,6 +39,8 @@ func addKnownTypes(scheme *runtime.Scheme) error { &OLMList{}, &EtcdBackup{}, &EtcdBackupList{}, + &ClusterVersionOperator{}, + &ClusterVersionOperatorList{}, ) return nil diff --git a/vendor/github.com/openshift/api/operator/v1alpha1/types_etcdbackup.go b/vendor/github.com/openshift/api/operator/v1alpha1/types_etcdbackup.go index 3c6f344b1e..fe56b0eab2 100644 --- a/vendor/github.com/openshift/api/operator/v1alpha1/types_etcdbackup.go +++ b/vendor/github.com/openshift/api/operator/v1alpha1/types_etcdbackup.go @@ -44,12 +44,10 @@ type EtcdBackupSpec struct { // +kubebuilder:validation:Optional type EtcdBackupStatus struct { // conditions provide details on the status of the etcd backup job. - // +patchMergeKey=type - // +patchStrategy=merge // +listType=map // +listMapKey=type // +optional - Conditions []metav1.Condition `json:"conditions" patchStrategy:"merge" patchMergeKey:"type"` + Conditions []metav1.Condition `json:"conditions,omitempty"` // backupJob is the reference to the Job that executes the backup. // Optional diff --git a/vendor/github.com/openshift/api/security/v1/consts.go b/vendor/github.com/openshift/api/security/v1/consts.go index 7e8adf6e64..92147d3c5d 100644 --- a/vendor/github.com/openshift/api/security/v1/consts.go +++ b/vendor/github.com/openshift/api/security/v1/consts.go @@ -13,4 +13,9 @@ const ( // MinimallySufficientPodSecurityStandard indicates the PodSecurityStandard that matched the SCCs available to the users of the namespace. MinimallySufficientPodSecurityStandard = "security.openshift.io/MinimallySufficientPodSecurityStandard" + + // ValidatedSCCSubjectTypeAnnotation indicates the subject type that allowed the + // SCC admission. This can be used by controllers to detect potential issues + // between user-driven SCC usage and the ServiceAccount-driven SCC usage. + ValidatedSCCSubjectTypeAnnotation = "security.openshift.io/validated-scc-subject-type" ) diff --git a/vendor/github.com/openshift/api/sharedresource/v1alpha1/types_shared_configmap.go b/vendor/github.com/openshift/api/sharedresource/v1alpha1/types_shared_configmap.go index 3b6e6be374..2a4a0d1b6c 100644 --- a/vendor/github.com/openshift/api/sharedresource/v1alpha1/types_shared_configmap.go +++ b/vendor/github.com/openshift/api/sharedresource/v1alpha1/types_shared_configmap.go @@ -93,7 +93,8 @@ type SharedConfigMapSpec struct { // SharedSecretStatus contains the observed status of the shared resource type SharedConfigMapStatus struct { // conditions represents any observations made on this particular shared resource by the underlying CSI driver or Share controller. - // +patchMergeKey=type - // +patchStrategy=merge - Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"` + // +listType=map + // +listMapKey=type + // +optional + Conditions []metav1.Condition `json:"conditions,omitempty"` } diff --git a/vendor/github.com/openshift/api/sharedresource/v1alpha1/types_shared_secret.go b/vendor/github.com/openshift/api/sharedresource/v1alpha1/types_shared_secret.go index 3ea9260f0c..be06f97749 100644 --- a/vendor/github.com/openshift/api/sharedresource/v1alpha1/types_shared_secret.go +++ b/vendor/github.com/openshift/api/sharedresource/v1alpha1/types_shared_secret.go @@ -92,7 +92,8 @@ type SharedSecretSpec struct { // SharedSecretStatus contains the observed status of the shared resource type SharedSecretStatus struct { // conditions represents any observations made on this particular shared resource by the underlying CSI driver or Share controller. - // +patchMergeKey=type - // +patchStrategy=merge - Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"` + // +listType=map + // +listMapKey=type + // +optional + Conditions []metav1.Condition `json:"conditions,omitempty"` } diff --git a/vendor/github.com/openshift/library-go/pkg/crypto/crypto.go b/vendor/github.com/openshift/library-go/pkg/crypto/crypto.go index e6651fecc2..80f5efc2c0 100644 --- a/vendor/github.com/openshift/library-go/pkg/crypto/crypto.go +++ b/vendor/github.com/openshift/library-go/pkg/crypto/crypto.go @@ -110,15 +110,6 @@ func DefaultTLSVersion() uint16 { return tls.VersionTLS12 } -// ciphersTLS13 copies golang 1.13 implementation, where TLS1.3 suites are not -// configurable (cipherSuites field is ignored for TLS1.3 flows and all of the -// below three - and none other - are used) -var ciphersTLS13 = map[string]uint16{ - "TLS_AES_128_GCM_SHA256": tls.TLS_AES_128_GCM_SHA256, - "TLS_AES_256_GCM_SHA384": tls.TLS_AES_256_GCM_SHA384, - "TLS_CHACHA20_POLY1305_SHA256": tls.TLS_CHACHA20_POLY1305_SHA256, -} - var ciphers = map[string]uint16{ "TLS_RSA_WITH_RC4_128_SHA": tls.TLS_RSA_WITH_RC4_128_SHA, "TLS_RSA_WITH_3DES_EDE_CBC_SHA": tls.TLS_RSA_WITH_3DES_EDE_CBC_SHA, @@ -144,6 +135,9 @@ var ciphers = map[string]uint16{ "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305": tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256": tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256": tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, + "TLS_AES_128_GCM_SHA256": tls.TLS_AES_128_GCM_SHA256, + "TLS_AES_256_GCM_SHA384": tls.TLS_AES_256_GCM_SHA384, + "TLS_CHACHA20_POLY1305_SHA256": tls.TLS_CHACHA20_POLY1305_SHA256, } // openSSLToIANACiphersMap maps OpenSSL cipher suite names to IANA names @@ -223,10 +217,6 @@ func CipherSuite(cipherName string) (uint16, error) { return cipher, nil } - if _, ok := ciphersTLS13[cipherName]; ok { - return 0, fmt.Errorf("all golang TLSv1.3 ciphers are always used for TLSv1.3 flows") - } - return 0, fmt.Errorf("unknown cipher name %q", cipherName) } @@ -281,6 +271,9 @@ func DefaultCiphers() []uint16 { // tls.TLS_RSA_WITH_3DES_EDE_CBC_SHA, // forbidden by http/2, disabled to mitigate SWEET32 attack tls.TLS_RSA_WITH_AES_128_CBC_SHA, // forbidden by http/2 tls.TLS_RSA_WITH_AES_256_CBC_SHA, // forbidden by http/2 + tls.TLS_AES_128_GCM_SHA256, + tls.TLS_AES_256_GCM_SHA384, + tls.TLS_CHACHA20_POLY1305_SHA256, } } @@ -393,7 +386,7 @@ func GetTLSCertificateConfig(certFile, keyFile string) (*TLSCertificateConfig, e } certs, err := cert.ParseCertsPEM(certPEMBlock) if err != nil { - return nil, fmt.Errorf("Error reading %s: %s", certFile, err) + return nil, fmt.Errorf("error reading %s: %s", certFile, err) } keyPEMBlock, err := os.ReadFile(keyFile) @@ -419,7 +412,7 @@ func GetTLSCertificateConfigFromBytes(certBytes, keyBytes []byte) (*TLSCertifica certs, err := cert.ParseCertsPEM(certBytes) if err != nil { - return nil, fmt.Errorf("Error reading cert: %s", err) + return nil, fmt.Errorf("error reading cert: %s", err) } keyPairCert, err := tls.X509KeyPair(certBytes, keyBytes) @@ -432,8 +425,8 @@ func GetTLSCertificateConfigFromBytes(certBytes, keyBytes []byte) (*TLSCertifica } const ( - DefaultCertificateLifetimeInDays = 365 * 2 // 2 years - DefaultCACertificateLifetimeInDays = 365 * 5 // 5 years + DefaultCertificateLifetimeDuration = time.Hour * 24 * 365 * 2 // 2 years + DefaultCACertificateLifetimeDuration = time.Hour * 24 * 365 * 5 // 5 years // Default keys are 2048 bits keyBits = 2048 @@ -553,11 +546,11 @@ func randomSerialNumber() int64 { // EnsureCA returns a CA, whether it was created (as opposed to pre-existing), and any error // if serialFile is empty, a RandomSerialGenerator will be used -func EnsureCA(certFile, keyFile, serialFile, name string, expireDays int) (*CA, bool, error) { +func EnsureCA(certFile, keyFile, serialFile, name string, lifetime time.Duration) (*CA, bool, error) { if ca, err := GetCA(certFile, keyFile, serialFile); err == nil { return ca, false, err } - ca, err := MakeSelfSignedCA(certFile, keyFile, serialFile, name, expireDays) + ca, err := MakeSelfSignedCA(certFile, keyFile, serialFile, name, lifetime) return ca, true, err } @@ -597,10 +590,10 @@ func GetCAFromBytes(certBytes, keyBytes []byte) (*CA, error) { } // if serialFile is empty, a RandomSerialGenerator will be used -func MakeSelfSignedCA(certFile, keyFile, serialFile, name string, expireDays int) (*CA, error) { +func MakeSelfSignedCA(certFile, keyFile, serialFile, name string, lifetime time.Duration) (*CA, error) { klog.V(2).Infof("Generating new CA for %s cert, and key in %s, %s", name, certFile, keyFile) - caConfig, err := MakeSelfSignedCAConfig(name, expireDays) + caConfig, err := MakeSelfSignedCAConfig(name, lifetime) if err != nil { return nil, err } @@ -628,23 +621,21 @@ func MakeSelfSignedCA(certFile, keyFile, serialFile, name string, expireDays int }, nil } -func MakeSelfSignedCAConfig(name string, expireDays int) (*TLSCertificateConfig, error) { +func MakeSelfSignedCAConfig(name string, lifetime time.Duration) (*TLSCertificateConfig, error) { subject := pkix.Name{CommonName: name} - return MakeSelfSignedCAConfigForSubject(subject, expireDays) + return MakeSelfSignedCAConfigForSubject(subject, lifetime) } -func MakeSelfSignedCAConfigForSubject(subject pkix.Name, expireDays int) (*TLSCertificateConfig, error) { - var caLifetimeInDays = DefaultCACertificateLifetimeInDays - if expireDays > 0 { - caLifetimeInDays = expireDays +func MakeSelfSignedCAConfigForSubject(subject pkix.Name, lifetime time.Duration) (*TLSCertificateConfig, error) { + if lifetime <= 0 { + lifetime = DefaultCACertificateLifetimeDuration + fmt.Fprintf(os.Stderr, "Validity period of the certificate for %q is unset, resetting to %d years!\n", subject.CommonName, lifetime) } - if caLifetimeInDays > DefaultCACertificateLifetimeInDays { - warnAboutCertificateLifeTime(subject.CommonName, DefaultCACertificateLifetimeInDays) + if lifetime > DefaultCACertificateLifetimeDuration { + warnAboutCertificateLifeTime(subject.CommonName, DefaultCACertificateLifetimeDuration) } - - caLifetime := time.Duration(caLifetimeInDays) * 24 * time.Hour - return makeSelfSignedCAConfigForSubjectAndDuration(subject, time.Now, caLifetime) + return makeSelfSignedCAConfigForSubjectAndDuration(subject, time.Now, lifetime) } func MakeSelfSignedCAConfigForDuration(name string, caLifetime time.Duration) (*TLSCertificateConfig, error) { @@ -702,21 +693,21 @@ func MakeCAConfigForDuration(name string, caLifetime time.Duration, issuer *CA) // (as opposed to pre-existing), and any error that might occur during the subCA // creation. // If serialFile is an empty string, a RandomSerialGenerator will be used. -func (ca *CA) EnsureSubCA(certFile, keyFile, serialFile, name string, expireDays int) (*CA, bool, error) { +func (ca *CA) EnsureSubCA(certFile, keyFile, serialFile, name string, lifetime time.Duration) (*CA, bool, error) { if subCA, err := GetCA(certFile, keyFile, serialFile); err == nil { return subCA, false, err } - subCA, err := ca.MakeAndWriteSubCA(certFile, keyFile, serialFile, name, expireDays) + subCA, err := ca.MakeAndWriteSubCA(certFile, keyFile, serialFile, name, lifetime) return subCA, true, err } // MakeAndWriteSubCA returns a new sub-CA configuration. New cert/key pair is generated // while using this function. // If serialFile is an empty string, a RandomSerialGenerator will be used. -func (ca *CA) MakeAndWriteSubCA(certFile, keyFile, serialFile, name string, expireDays int) (*CA, error) { +func (ca *CA) MakeAndWriteSubCA(certFile, keyFile, serialFile, name string, lifetime time.Duration) (*CA, error) { klog.V(4).Infof("Generating sub-CA certificate in %s, key in %s, serial in %s", certFile, keyFile, serialFile) - subCAConfig, err := MakeCAConfigForDuration(name, time.Duration(expireDays)*time.Hour*24, ca) + subCAConfig, err := MakeCAConfigForDuration(name, lifetime, ca) if err != nil { return nil, err } @@ -746,10 +737,10 @@ func (ca *CA) MakeAndWriteSubCA(certFile, keyFile, serialFile, name string, expi }, nil } -func (ca *CA) EnsureServerCert(certFile, keyFile string, hostnames sets.Set[string], expireDays int) (*TLSCertificateConfig, bool, error) { +func (ca *CA) EnsureServerCert(certFile, keyFile string, hostnames sets.Set[string], lifetime time.Duration) (*TLSCertificateConfig, bool, error) { certConfig, err := GetServerCert(certFile, keyFile, hostnames) if err != nil { - certConfig, err = ca.MakeAndWriteServerCert(certFile, keyFile, hostnames, expireDays) + certConfig, err = ca.MakeAndWriteServerCert(certFile, keyFile, hostnames, lifetime) return certConfig, true, err } @@ -773,13 +764,13 @@ func GetServerCert(certFile, keyFile string, hostnames sets.Set[string]) (*TLSCe return server, nil } - return nil, fmt.Errorf("Existing server certificate in %s does not match required hostnames.", certFile) + return nil, fmt.Errorf("existing server certificate in %s does not match required hostnames", certFile) } -func (ca *CA) MakeAndWriteServerCert(certFile, keyFile string, hostnames sets.Set[string], expireDays int) (*TLSCertificateConfig, error) { +func (ca *CA) MakeAndWriteServerCert(certFile, keyFile string, hostnames sets.Set[string], lifetime time.Duration) (*TLSCertificateConfig, error) { klog.V(4).Infof("Generating server certificate in %s, key in %s", certFile, keyFile) - server, err := ca.MakeServerCert(hostnames, expireDays) + server, err := ca.MakeServerCert(hostnames, lifetime) if err != nil { return nil, err } @@ -793,11 +784,11 @@ func (ca *CA) MakeAndWriteServerCert(certFile, keyFile string, hostnames sets.Se // if the extension attempt failed. type CertificateExtensionFunc func(*x509.Certificate) error -func (ca *CA) MakeServerCert(hostnames sets.Set[string], expireDays int, fns ...CertificateExtensionFunc) (*TLSCertificateConfig, error) { +func (ca *CA) MakeServerCert(hostnames sets.Set[string], lifetime time.Duration, fns ...CertificateExtensionFunc) (*TLSCertificateConfig, error) { serverPublicKey, serverPrivateKey, publicKeyHash, _ := newKeyPairWithHash() authorityKeyId := ca.Config.Certs[0].SubjectKeyId subjectKeyId := publicKeyHash - serverTemplate := newServerCertificateTemplate(pkix.Name{CommonName: sets.List(hostnames)[0]}, sets.List(hostnames), expireDays, time.Now, authorityKeyId, subjectKeyId) + serverTemplate := newServerCertificateTemplate(pkix.Name{CommonName: sets.List(hostnames)[0]}, sets.List(hostnames), lifetime, time.Now, authorityKeyId, subjectKeyId) for _, fn := range fns { if err := fn(serverTemplate); err != nil { return nil, err @@ -835,10 +826,10 @@ func (ca *CA) MakeServerCertForDuration(hostnames sets.Set[string], lifetime tim return server, nil } -func (ca *CA) EnsureClientCertificate(certFile, keyFile string, u user.Info, expireDays int) (*TLSCertificateConfig, bool, error) { +func (ca *CA) EnsureClientCertificate(certFile, keyFile string, u user.Info, lifetime time.Duration) (*TLSCertificateConfig, bool, error) { certConfig, err := GetClientCertificate(certFile, keyFile, u) if err != nil { - certConfig, err = ca.MakeClientCertificate(certFile, keyFile, u, expireDays) + certConfig, err = ca.MakeClientCertificate(certFile, keyFile, u, lifetime) return certConfig, true, err // true indicates we wrote the files. } return certConfig, false, nil @@ -867,7 +858,7 @@ func subjectChanged(existing, expected pkix.Name) bool { !reflect.DeepEqual(existing.Organization, expected.Organization) } -func (ca *CA) MakeClientCertificate(certFile, keyFile string, u user.Info, expireDays int) (*TLSCertificateConfig, error) { +func (ca *CA) MakeClientCertificate(certFile, keyFile string, u user.Info, lifetime time.Duration) (*TLSCertificateConfig, error) { klog.V(4).Infof("Generating client cert in %s and key in %s", certFile, keyFile) // ensure parent dirs if err := os.MkdirAll(filepath.Dir(certFile), os.FileMode(0755)); err != nil { @@ -878,7 +869,7 @@ func (ca *CA) MakeClientCertificate(certFile, keyFile string, u user.Info, expir } clientPublicKey, clientPrivateKey, _ := NewKeyPair() - clientTemplate := NewClientCertificateTemplate(UserToSubject(u), expireDays, time.Now) + clientTemplate := NewClientCertificateTemplate(UserToSubject(u), lifetime, time.Now) clientCrt, err := ca.SignCertificate(clientTemplate, clientPublicKey) if err != nil { return nil, err @@ -1024,18 +1015,16 @@ func newSigningCertificateTemplateForDuration(subject pkix.Name, caLifetime time } // Can be used for ListenAndServeTLS -func newServerCertificateTemplate(subject pkix.Name, hosts []string, expireDays int, currentTime func() time.Time, authorityKeyId, subjectKeyId []byte) *x509.Certificate { - var lifetimeInDays = DefaultCertificateLifetimeInDays - if expireDays > 0 { - lifetimeInDays = expireDays +func newServerCertificateTemplate(subject pkix.Name, hosts []string, lifetime time.Duration, currentTime func() time.Time, authorityKeyId, subjectKeyId []byte) *x509.Certificate { + if lifetime <= 0 { + lifetime = DefaultCertificateLifetimeDuration + fmt.Fprintf(os.Stderr, "Validity period of the certificate for %q is unset, resetting to %d years!\n", subject.CommonName, lifetime) } - if lifetimeInDays > DefaultCertificateLifetimeInDays { - warnAboutCertificateLifeTime(subject.CommonName, DefaultCertificateLifetimeInDays) + if lifetime > DefaultCertificateLifetimeDuration { + warnAboutCertificateLifeTime(subject.CommonName, DefaultCertificateLifetimeDuration) } - lifetime := time.Duration(lifetimeInDays) * 24 * time.Hour - return newServerCertificateTemplateForDuration(subject, hosts, lifetime, currentTime, authorityKeyId, subjectKeyId) } @@ -1107,24 +1096,22 @@ func CertsFromPEM(pemCerts []byte) ([]*x509.Certificate, error) { } if !ok { - return certs, errors.New("Could not read any certificates") + return certs, errors.New("could not read any certificates") } return certs, nil } // Can be used as a certificate in http.Transport TLSClientConfig -func NewClientCertificateTemplate(subject pkix.Name, expireDays int, currentTime func() time.Time) *x509.Certificate { - var lifetimeInDays = DefaultCertificateLifetimeInDays - if expireDays > 0 { - lifetimeInDays = expireDays +func NewClientCertificateTemplate(subject pkix.Name, lifetime time.Duration, currentTime func() time.Time) *x509.Certificate { + if lifetime <= 0 { + lifetime = DefaultCertificateLifetimeDuration + fmt.Fprintf(os.Stderr, "Validity period of the certificate for %q is unset, resetting to %d years!\n", subject.CommonName, lifetime) } - if lifetimeInDays > DefaultCertificateLifetimeInDays { - warnAboutCertificateLifeTime(subject.CommonName, DefaultCertificateLifetimeInDays) + if lifetime > DefaultCertificateLifetimeDuration { + warnAboutCertificateLifeTime(subject.CommonName, DefaultCertificateLifetimeDuration) } - lifetime := time.Duration(lifetimeInDays) * 24 * time.Hour - return NewClientCertificateTemplateForDuration(subject, lifetime, currentTime) } @@ -1145,8 +1132,8 @@ func NewClientCertificateTemplateForDuration(subject pkix.Name, lifetime time.Du } } -func warnAboutCertificateLifeTime(name string, defaultLifetimeInDays int) { - defaultLifetimeInYears := defaultLifetimeInDays / 365 +func warnAboutCertificateLifeTime(name string, defaultLifetimeDuration time.Duration) { + defaultLifetimeInYears := defaultLifetimeDuration / 365 / 24 fmt.Fprintf(os.Stderr, "WARNING: Validity period of the certificate for %q is greater than %d years!\n", name, defaultLifetimeInYears) fmt.Fprintln(os.Stderr, "WARNING: By security reasons it is strongly recommended to change this period and make it smaller!") } @@ -1161,7 +1148,7 @@ func signCertificate(template *x509.Certificate, requestKey crypto.PublicKey, is return nil, err } if len(certs) != 1 { - return nil, errors.New("Expected a single certificate") + return nil, errors.New("expected a single certificate") } return certs[0], nil } @@ -1191,7 +1178,7 @@ func EncodeKey(key crypto.PrivateKey) ([]byte, error) { return []byte{}, err } default: - return []byte{}, errors.New("Unrecognized key type") + return []byte{}, errors.New("unrecognized key type") } return b.Bytes(), nil diff --git a/vendor/github.com/openshift/library-go/pkg/crypto/errors.go b/vendor/github.com/openshift/library-go/pkg/crypto/errors.go new file mode 100644 index 0000000000..07f79c9a45 --- /dev/null +++ b/vendor/github.com/openshift/library-go/pkg/crypto/errors.go @@ -0,0 +1,46 @@ +package crypto + +import ( + "crypto/x509" + "fmt" + "net" + "strings" +) + +// FormatHostnameError formats hostname errors without calling HostnameError.Error() +// to mitigate CVE-2025-61729 (quadratic runtime from repeated string concatenation with unlimited SANs). +func FormatHostnameError(h x509.HostnameError) string { + c := h.Certificate + if c == nil { + return "x509: cannot validate certificate for " + h.Host + } + + const maxNamesIncluded = 100 + + // Check if host is an IP address + if ip := net.ParseIP(h.Host); ip != nil { + if len(c.IPAddresses) == 0 { + return "x509: cannot validate certificate for " + h.Host + " because it doesn't contain any IP SANs" + } + if len(c.IPAddresses) >= maxNamesIncluded { + return fmt.Sprintf("x509: certificate is valid for %d IP SANs, but none matched %s", len(c.IPAddresses), h.Host) + } + var valid strings.Builder + for i, san := range c.IPAddresses { + if i > 0 { + valid.WriteString(", ") + } + valid.WriteString(san.String()) + } + return "x509: certificate is valid for " + valid.String() + ", not " + h.Host + } + + // DNS name validation + if len(c.DNSNames) == 0 { + return "x509: certificate is not valid for any names, but wanted to match " + h.Host + } + if len(c.DNSNames) >= maxNamesIncluded { + return fmt.Sprintf("x509: certificate is valid for %d names, but none matched %s", len(c.DNSNames), h.Host) + } + return "x509: certificate is valid for " + strings.Join(c.DNSNames, ", ") + ", not " + h.Host +} diff --git a/vendor/github.com/openshift/library-go/pkg/oauth/tokenrequest/request_token.go b/vendor/github.com/openshift/library-go/pkg/oauth/tokenrequest/request_token.go index db1f7f4434..0d37714d54 100644 --- a/vendor/github.com/openshift/library-go/pkg/oauth/tokenrequest/request_token.go +++ b/vendor/github.com/openshift/library-go/pkg/oauth/tokenrequest/request_token.go @@ -21,6 +21,7 @@ import ( restclient "k8s.io/client-go/rest" "k8s.io/klog/v2" + "github.com/openshift/library-go/pkg/crypto" "github.com/openshift/library-go/pkg/oauth/oauthdiscovery" "github.com/openshift/library-go/pkg/oauth/tokenrequest/challengehandlers" ) @@ -551,7 +552,7 @@ func transportWithSystemRoots(issuer string, clientConfig *restclient.Config) (h resp.Body.Close() _, err = verifyServerCertChain(issuerURL.Hostname(), resp.TLS.PeerCertificates) - switch err.(type) { + switch err := err.(type) { case nil: // copy the config so we can freely mutate it configWithSystemRoots := restclient.CopyConfig(clientConfig) @@ -571,7 +572,11 @@ func transportWithSystemRoots(issuer string, clientConfig *restclient.Config) (h return nil, err } return systemRootsRT, nil - case x509.UnknownAuthorityError, x509.HostnameError, x509.CertificateInvalidError, x509.SystemRootsError, + case x509.HostnameError: + // fallback to the CA in the kubeconfig since the system roots did not work + klog.V(4).Infof("falling back to kubeconfig CA due to possible x509 error: %s", crypto.FormatHostnameError(err)) + return restclient.TransportFor(clientConfig) + case x509.UnknownAuthorityError, x509.CertificateInvalidError, x509.SystemRootsError, tls.RecordHeaderError, *net.OpError: // fallback to the CA in the kubeconfig since the system roots did not work // we are very broad on the errors here to avoid failing when we should fallback diff --git a/vendor/github.com/openshift/library-go/pkg/operator/certrotation/cabundle.go b/vendor/github.com/openshift/library-go/pkg/operator/certrotation/cabundle.go index 1cb4685b1f..447b1e0e31 100644 --- a/vendor/github.com/openshift/library-go/pkg/operator/certrotation/cabundle.go +++ b/vendor/github.com/openshift/library-go/pkg/operator/certrotation/cabundle.go @@ -30,6 +30,10 @@ type CABundleConfigMap struct { Namespace string // Name is the name of the ConfigMap to maintain. Name string + // RefreshOnlyWhenExpired set to true means to ignore 80% of validity and the Refresh duration for rotation, + // but only rotate when the certificate expires. This is useful for auto-recovery when we want to enforce + // rotation on expiration only, but not interfere with the ordinary rotation controller. + RefreshOnlyWhenExpired bool // Owner is an optional reference to add to the secret that this rotator creates. Owner *metav1.OwnerReference // AdditionalAnnotations is a collection of annotations set for the secret @@ -62,12 +66,15 @@ func (c CABundleConfigMap) EnsureConfigMapCABundle(ctx context.Context, signingC creationRequired = true } - needsOwnerUpdate := false - if c.Owner != nil { - needsOwnerUpdate = ensureOwnerReference(&caBundleConfigMap.ObjectMeta, c.Owner) + // run Update if metadata needs changing unless running in RefreshOnlyWhenExpired mode + if !c.RefreshOnlyWhenExpired { + needsOwnerUpdate := false + if c.Owner != nil { + needsOwnerUpdate = ensureOwnerReference(&caBundleConfigMap.ObjectMeta, c.Owner) + } + needsMetadataUpdate := c.AdditionalAnnotations.EnsureTLSMetadataUpdate(&caBundleConfigMap.ObjectMeta) + updateRequired = needsOwnerUpdate || needsMetadataUpdate } - needsMetadataUpdate := c.AdditionalAnnotations.EnsureTLSMetadataUpdate(&caBundleConfigMap.ObjectMeta) - updateRequired = needsOwnerUpdate || needsMetadataUpdate updatedCerts, err := manageCABundleConfigMap(caBundleConfigMap, signingCertKeyPair.Config.Certs[0]) if err != nil { @@ -98,6 +105,10 @@ func (c CABundleConfigMap) EnsureConfigMapCABundle(ctx context.Context, signingC caBundleConfigMap = actualCABundleConfigMap } else if updateRequired { actualCABundleConfigMap, err := c.Client.ConfigMaps(c.Namespace).Update(ctx, caBundleConfigMap, metav1.UpdateOptions{}) + if apierrors.IsConflict(err) { + // ignore error if its attempting to update outdated version of the configmap + return nil, nil + } resourcehelper.ReportUpdateEvent(c.EventRecorder, actualCABundleConfigMap, err) if err != nil { return nil, err diff --git a/vendor/github.com/openshift/library-go/pkg/operator/certrotation/client_cert_rotation_controller.go b/vendor/github.com/openshift/library-go/pkg/operator/certrotation/client_cert_rotation_controller.go index d8569f2c8d..0d669a8e67 100644 --- a/vendor/github.com/openshift/library-go/pkg/operator/certrotation/client_cert_rotation_controller.go +++ b/vendor/github.com/openshift/library-go/pkg/operator/certrotation/client_cert_rotation_controller.go @@ -133,11 +133,19 @@ func (c CertRotationController) SyncWorker(ctx context.Context) error { if err != nil { return err } + // If no signingCertKeyPair returned due to update conflict or otherwise, return an error + if signingCertKeyPair == nil { + return fmt.Errorf("signingCertKeyPair is nil") + } cabundleCerts, err := c.CABundleConfigMap.EnsureConfigMapCABundle(ctx, signingCertKeyPair, c.getSigningCertKeyPairLocation()) if err != nil { return err } + // If no ca bundle returned due to update conflict or otherwise, return an error + if cabundleCerts == nil { + return fmt.Errorf("cabundleCerts is nil") + } if _, err := c.RotatedSelfSignedCertKeySecret.EnsureTargetCertKeyPair(ctx, signingCertKeyPair, cabundleCerts); err != nil { return err diff --git a/vendor/github.com/openshift/library-go/pkg/operator/certrotation/signer.go b/vendor/github.com/openshift/library-go/pkg/operator/certrotation/signer.go index 2eb761bbb3..de9eb11b72 100644 --- a/vendor/github.com/openshift/library-go/pkg/operator/certrotation/signer.go +++ b/vendor/github.com/openshift/library-go/pkg/operator/certrotation/signer.go @@ -78,10 +78,12 @@ func (c RotatedSigningCASecret) EnsureSigningCertKeyPair(ctx context.Context) (* creationRequired = true } - // run Update if metadata needs changing - needsMetadataUpdate := ensureMetadataUpdate(signingCertKeyPairSecret, c.Owner, c.AdditionalAnnotations) - needsTypeChange := ensureSecretTLSTypeSet(signingCertKeyPairSecret) - updateRequired = needsMetadataUpdate || needsTypeChange + // run Update if metadata needs changing unless we're in RefreshOnlyWhenExpired mode + if !c.RefreshOnlyWhenExpired { + needsMetadataUpdate := ensureMetadataUpdate(signingCertKeyPairSecret, c.Owner, c.AdditionalAnnotations) + needsTypeChange := ensureSecretTLSTypeSet(signingCertKeyPairSecret) + updateRequired = needsMetadataUpdate || needsTypeChange + } // run Update if signer content needs changing signerUpdated := false @@ -110,6 +112,10 @@ func (c RotatedSigningCASecret) EnsureSigningCertKeyPair(ctx context.Context) (* signingCertKeyPairSecret = actualSigningCertKeyPairSecret } else if updateRequired { actualSigningCertKeyPairSecret, err := c.Client.Secrets(c.Namespace).Update(ctx, signingCertKeyPairSecret, metav1.UpdateOptions{}) + if apierrors.IsConflict(err) { + // ignore error if its attempting to update outdated version of the secret + return nil, false, nil + } resourcehelper.ReportUpdateEvent(c.EventRecorder, actualSigningCertKeyPairSecret, err) if err != nil { return nil, false, err diff --git a/vendor/github.com/openshift/library-go/pkg/operator/certrotation/target.go b/vendor/github.com/openshift/library-go/pkg/operator/certrotation/target.go index b68aea1633..436ff1bb85 100644 --- a/vendor/github.com/openshift/library-go/pkg/operator/certrotation/target.go +++ b/vendor/github.com/openshift/library-go/pkg/operator/certrotation/target.go @@ -112,9 +112,12 @@ func (c RotatedSelfSignedCertKeySecret) EnsureTargetCertKeyPair(ctx context.Cont creationRequired = true } - needsMetadataUpdate := ensureMetadataUpdate(targetCertKeyPairSecret, c.Owner, c.AdditionalAnnotations) - needsTypeChange := ensureSecretTLSTypeSet(targetCertKeyPairSecret) - updateRequired = needsMetadataUpdate || needsTypeChange + // run Update if metadata needs changing unless we're in RefreshOnlyWhenExpired mode + if !c.RefreshOnlyWhenExpired { + needsMetadataUpdate := ensureMetadataUpdate(targetCertKeyPairSecret, c.Owner, c.AdditionalAnnotations) + needsTypeChange := ensureSecretTLSTypeSet(targetCertKeyPairSecret) + updateRequired = needsMetadataUpdate || needsTypeChange + } if reason := c.CertCreator.NeedNewTargetCertKeyPair(targetCertKeyPairSecret, signingCertKeyPair, caBundleCerts, c.Refresh, c.RefreshOnlyWhenExpired, creationRequired); len(reason) > 0 { c.EventRecorder.Eventf("TargetUpdateRequired", "%q in %q requires a new target cert/key pair: %v", c.Name, c.Namespace, reason) @@ -136,6 +139,10 @@ func (c RotatedSelfSignedCertKeySecret) EnsureTargetCertKeyPair(ctx context.Cont targetCertKeyPairSecret = actualTargetCertKeyPairSecret } else if updateRequired { actualTargetCertKeyPairSecret, err := c.Client.Secrets(c.Namespace).Update(ctx, targetCertKeyPairSecret, metav1.UpdateOptions{}) + if apierrors.IsConflict(err) { + // ignore error if its attempting to update outdated version of the secret + return nil, nil + } resourcehelper.ReportUpdateEvent(c.EventRecorder, actualTargetCertKeyPairSecret, err) if err != nil { return nil, err @@ -157,6 +164,11 @@ func needNewTargetCertKeyPair(secret *corev1.Secret, signer *crypto.CA, caBundle return reason } + // Exit early if we're only refreshing when expired and the certificate does not need an update + if refreshOnlyWhenExpired { + return "" + } + // check the signer common name against all the common names in our ca bundle so we don't refresh early signerCommonName := annotations[CertificateIssuer] if len(signerCommonName) == 0 { diff --git a/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceread/apiregistration.go b/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceread/apiregistration.go new file mode 100644 index 0000000000..05a4146ecf --- /dev/null +++ b/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceread/apiregistration.go @@ -0,0 +1,26 @@ +package resourceread + +import ( + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/serializer" + apiregistrationv1 "k8s.io/kube-aggregator/pkg/apis/apiregistration/v1" +) + +var ( + apiRegisterScheme = runtime.NewScheme() + apiRegisterCodec = serializer.NewCodecFactory(apiRegisterScheme) +) + +func init() { + if err := apiregistrationv1.AddToScheme(apiRegisterScheme); err != nil { + panic(err) + } +} + +func ReadAPIServiceOrDie(objBytes []byte) *apiregistrationv1.APIService { + requiredObj, err := runtime.Decode(apiRegisterCodec.UniversalDecoder(apiregistrationv1.SchemeGroupVersion), objBytes) + if err != nil { + panic(err) + } + return requiredObj.(*apiregistrationv1.APIService) +} diff --git a/vendor/k8s.io/kube-aggregator/LICENSE b/vendor/k8s.io/kube-aggregator/LICENSE new file mode 100644 index 0000000000..d645695673 --- /dev/null +++ b/vendor/k8s.io/kube-aggregator/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/vendor/k8s.io/kube-aggregator/pkg/apis/apiregistration/doc.go b/vendor/k8s.io/kube-aggregator/pkg/apis/apiregistration/doc.go new file mode 100644 index 0000000000..394bcbc8ef --- /dev/null +++ b/vendor/k8s.io/kube-aggregator/pkg/apis/apiregistration/doc.go @@ -0,0 +1,21 @@ +/* +Copyright 2016 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// +k8s:deepcopy-gen=package +// +groupName=apiregistration.k8s.io + +// Package apiregistration is the internal version of the API. +package apiregistration // import "k8s.io/kube-aggregator/pkg/apis/apiregistration" diff --git a/vendor/k8s.io/kube-aggregator/pkg/apis/apiregistration/helpers.go b/vendor/k8s.io/kube-aggregator/pkg/apis/apiregistration/helpers.go new file mode 100644 index 0000000000..dfa7460080 --- /dev/null +++ b/vendor/k8s.io/kube-aggregator/pkg/apis/apiregistration/helpers.go @@ -0,0 +1,128 @@ +/* +Copyright 2016 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package apiregistration + +import ( + "sort" + + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/version" +) + +// SortedByGroupAndVersion sorts APIServices into their different groups, and then sorts them based on their versions. +// For example, the first element of the first array contains the APIService with the highest version number, in the +// group with the highest priority; while the last element of the last array contains the APIService with the lowest +// version number, in the group with the lowest priority. +func SortedByGroupAndVersion(servers []*APIService) [][]*APIService { + serversByGroupPriorityMinimum := ByGroupPriorityMinimum(servers) + sort.Sort(serversByGroupPriorityMinimum) + + ret := [][]*APIService{} + for _, curr := range serversByGroupPriorityMinimum { + // check to see if we already have an entry for this group + existingIndex := -1 + for j, groupInReturn := range ret { + if groupInReturn[0].Spec.Group == curr.Spec.Group { + existingIndex = j + break + } + } + + if existingIndex >= 0 { + ret[existingIndex] = append(ret[existingIndex], curr) + sort.Sort(ByVersionPriority(ret[existingIndex])) + continue + } + + ret = append(ret, []*APIService{curr}) + } + + return ret +} + +// ByGroupPriorityMinimum sorts with the highest group number first, then by name. +// This is not a simple reverse, because we want the name sorting to be alpha, not +// reverse alpha. +type ByGroupPriorityMinimum []*APIService + +func (s ByGroupPriorityMinimum) Len() int { return len(s) } +func (s ByGroupPriorityMinimum) Swap(i, j int) { s[i], s[j] = s[j], s[i] } +func (s ByGroupPriorityMinimum) Less(i, j int) bool { + if s[i].Spec.GroupPriorityMinimum != s[j].Spec.GroupPriorityMinimum { + return s[i].Spec.GroupPriorityMinimum > s[j].Spec.GroupPriorityMinimum + } + return s[i].Name < s[j].Name +} + +// ByVersionPriority sorts with the highest version number first, then by name. +// This is not a simple reverse, because we want the name sorting to be alpha, not +// reverse alpha. +type ByVersionPriority []*APIService + +func (s ByVersionPriority) Len() int { return len(s) } +func (s ByVersionPriority) Swap(i, j int) { s[i], s[j] = s[j], s[i] } +func (s ByVersionPriority) Less(i, j int) bool { + if s[i].Spec.VersionPriority != s[j].Spec.VersionPriority { + return s[i].Spec.VersionPriority > s[j].Spec.VersionPriority + } + return version.CompareKubeAwareVersionStrings(s[i].Spec.Version, s[j].Spec.Version) > 0 +} + +// NewLocalAvailableAPIServiceCondition returns a condition for an available local APIService. +func NewLocalAvailableAPIServiceCondition() APIServiceCondition { + return APIServiceCondition{ + Type: Available, + Status: ConditionTrue, + LastTransitionTime: metav1.Now(), + Reason: "Local", + Message: "Local APIServices are always available", + } +} + +// GetAPIServiceConditionByType gets an *APIServiceCondition by APIServiceConditionType if present +func GetAPIServiceConditionByType(apiService *APIService, conditionType APIServiceConditionType) *APIServiceCondition { + for i := range apiService.Status.Conditions { + if apiService.Status.Conditions[i].Type == conditionType { + return &apiService.Status.Conditions[i] + } + } + return nil +} + +// SetAPIServiceCondition sets the status condition. It either overwrites the existing one or +// creates a new one +func SetAPIServiceCondition(apiService *APIService, newCondition APIServiceCondition) { + existingCondition := GetAPIServiceConditionByType(apiService, newCondition.Type) + if existingCondition == nil { + apiService.Status.Conditions = append(apiService.Status.Conditions, newCondition) + return + } + + if existingCondition.Status != newCondition.Status { + existingCondition.Status = newCondition.Status + existingCondition.LastTransitionTime = newCondition.LastTransitionTime + } + + existingCondition.Reason = newCondition.Reason + existingCondition.Message = newCondition.Message +} + +// IsAPIServiceConditionTrue indicates if the condition is present and strictly true +func IsAPIServiceConditionTrue(apiService *APIService, conditionType APIServiceConditionType) bool { + condition := GetAPIServiceConditionByType(apiService, conditionType) + return condition != nil && condition.Status == ConditionTrue +} diff --git a/vendor/k8s.io/kube-aggregator/pkg/apis/apiregistration/register.go b/vendor/k8s.io/kube-aggregator/pkg/apis/apiregistration/register.go new file mode 100644 index 0000000000..7b88df42fa --- /dev/null +++ b/vendor/k8s.io/kube-aggregator/pkg/apis/apiregistration/register.go @@ -0,0 +1,54 @@ +/* +Copyright 2016 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package apiregistration + +import ( + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" +) + +// GroupName is the API group for apiregistration +const GroupName = "apiregistration.k8s.io" + +// SchemeGroupVersion is group version used to register these objects +var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal} + +// Kind takes an unqualified kind and returns back a Group qualified GroupKind +func Kind(kind string) schema.GroupKind { + return SchemeGroupVersion.WithKind(kind).GroupKind() +} + +// Resource takes an unqualified resource and returns back a Group qualified GroupResource +func Resource(resource string) schema.GroupResource { + return SchemeGroupVersion.WithResource(resource).GroupResource() +} + +var ( + // SchemeBuilder is the scheme builder with scheme init functions to run for this API package + SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) + // AddToScheme is a common registration function for mapping packaged scoped group & version keys to a scheme + AddToScheme = SchemeBuilder.AddToScheme +) + +// Adds the list of known types to the given scheme. +func addKnownTypes(scheme *runtime.Scheme) error { + scheme.AddKnownTypes(SchemeGroupVersion, + &APIService{}, + &APIServiceList{}, + ) + return nil +} diff --git a/vendor/k8s.io/kube-aggregator/pkg/apis/apiregistration/types.go b/vendor/k8s.io/kube-aggregator/pkg/apis/apiregistration/types.go new file mode 100644 index 0000000000..97411783f3 --- /dev/null +++ b/vendor/k8s.io/kube-aggregator/pkg/apis/apiregistration/types.go @@ -0,0 +1,146 @@ +/* +Copyright 2016 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package apiregistration + +import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// APIServiceList is a list of APIService objects. +type APIServiceList struct { + metav1.TypeMeta + metav1.ListMeta + + Items []APIService +} + +// ServiceReference holds a reference to Service.legacy.k8s.io +type ServiceReference struct { + // Namespace is the namespace of the service + Namespace string + // Name is the name of the service + Name string + // If specified, the port on the service that hosting the service. + // Default to 443 for backward compatibility. + // `port` should be a valid port number (1-65535, inclusive). + // +optional + Port int32 +} + +// APIServiceSpec contains information for locating and communicating with a server. +// Only https is supported, though you are able to disable certificate verification. +type APIServiceSpec struct { + // Service is a reference to the service for this API server. It must communicate + // on port 443. + // If the Service is nil, that means the handling for the API groupversion is handled locally on this server. + // The call will simply delegate to the normal handler chain to be fulfilled. + // +optional + Service *ServiceReference + // Group is the API group name this server hosts + Group string + // Version is the API version this server hosts. For example, "v1" + Version string + + // InsecureSkipTLSVerify disables TLS certificate verification when communicating with this server. + // This is strongly discouraged. You should use the CABundle instead. + InsecureSkipTLSVerify bool + // CABundle is a PEM encoded CA bundle which will be used to validate an API server's serving certificate. + // If unspecified, system trust roots on the apiserver are used. + // +listType=atomic + // +optional + CABundle []byte + + // GroupPriorityMinimum is the priority this group should have at least. Higher priority means that the group is preferred by clients over lower priority ones. + // Note that other versions of this group might specify even higher GroupPriorityMinimum values such that the whole group gets a higher priority. + // The primary sort is based on GroupPriorityMinimum, ordered highest number to lowest (20 before 10). + // The secondary sort is based on the alphabetical comparison of the name of the object. (v1.bar before v1.foo) + // We'd recommend something like: *.k8s.io (except extensions) at 18000 and + // PaaSes (OpenShift, Deis) are recommended to be in the 2000s + GroupPriorityMinimum int32 + + // VersionPriority controls the ordering of this API version inside of its group. Must be greater than zero. + // The primary sort is based on VersionPriority, ordered highest to lowest (20 before 10). + // Since it's inside of a group, the number can be small, probably in the 10s. + // In case of equal version priorities, the version string will be used to compute the order inside a group. + // If the version string is "kube-like", it will sort above non "kube-like" version strings, which are ordered + // lexicographically. "Kube-like" versions start with a "v", then are followed by a number (the major version), + // then optionally the string "alpha" or "beta" and another number (the minor version). These are sorted first + // by GA > beta > alpha (where GA is a version with no suffix such as beta or alpha), and then by comparing major + // version, then minor version. An example sorted list of versions: + // v10, v2, v1, v11beta2, v10beta3, v3beta1, v12alpha1, v11alpha2, foo1, foo10. + VersionPriority int32 +} + +// ConditionStatus indicates the status of a condition (true, false, or unknown). +type ConditionStatus string + +// These are valid condition statuses. "ConditionTrue" means a resource is in the condition; +// "ConditionFalse" means a resource is not in the condition; "ConditionUnknown" means kubernetes +// can't decide if a resource is in the condition or not. In the future, we could add other +// intermediate conditions, e.g. ConditionDegraded. +const ( + ConditionTrue ConditionStatus = "True" + ConditionFalse ConditionStatus = "False" + ConditionUnknown ConditionStatus = "Unknown" +) + +// APIServiceConditionType is a valid value for APIServiceCondition.Type +type APIServiceConditionType string + +const ( + // Available indicates that the service exists and is reachable + Available APIServiceConditionType = "Available" +) + +// APIServiceCondition describes conditions for an APIService +type APIServiceCondition struct { + // Type is the type of the condition. + Type APIServiceConditionType + // Status is the status of the condition. + // Can be True, False, Unknown. + Status ConditionStatus + // Last time the condition transitioned from one status to another. + LastTransitionTime metav1.Time + // Unique, one-word, CamelCase reason for the condition's last transition. + Reason string + // Human-readable message indicating details about last transition. + Message string +} + +// APIServiceStatus contains derived information about an API server +type APIServiceStatus struct { + // Current service state of apiService. + // +listType=map + // +listMapKey=type + Conditions []APIServiceCondition +} + +// +genclient +// +genclient:nonNamespaced +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// APIService represents a server for a particular GroupVersion. +// Name must be "version.group". +type APIService struct { + metav1.TypeMeta + metav1.ObjectMeta + + // Spec contains information for locating and communicating with a server + Spec APIServiceSpec + // Status contains derived information about an API server + Status APIServiceStatus +} diff --git a/vendor/k8s.io/kube-aggregator/pkg/apis/apiregistration/v1/defaults.go b/vendor/k8s.io/kube-aggregator/pkg/apis/apiregistration/v1/defaults.go new file mode 100644 index 0000000000..2ae90d6461 --- /dev/null +++ b/vendor/k8s.io/kube-aggregator/pkg/apis/apiregistration/v1/defaults.go @@ -0,0 +1,33 @@ +/* +Copyright 2019 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1 + +import ( + "k8s.io/apimachinery/pkg/runtime" + utilpointer "k8s.io/utils/pointer" +) + +func addDefaultingFuncs(scheme *runtime.Scheme) error { + return RegisterDefaults(scheme) +} + +// SetDefaults_ServiceReference sets defaults for AuditSync Webhook's ServiceReference +func SetDefaults_ServiceReference(obj *ServiceReference) { + if obj.Port == nil { + obj.Port = utilpointer.Int32Ptr(443) + } +} diff --git a/vendor/k8s.io/kube-aggregator/pkg/apis/apiregistration/v1/doc.go b/vendor/k8s.io/kube-aggregator/pkg/apis/apiregistration/v1/doc.go new file mode 100644 index 0000000000..dd286e1f21 --- /dev/null +++ b/vendor/k8s.io/kube-aggregator/pkg/apis/apiregistration/v1/doc.go @@ -0,0 +1,38 @@ +/* +Copyright 2016 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// +k8s:deepcopy-gen=package +// +k8s:protobuf-gen=package +// +k8s:conversion-gen=k8s.io/kube-aggregator/pkg/apis/apiregistration +// +k8s:openapi-gen=true +// +groupName=apiregistration.k8s.io +// +k8s:defaulter-gen=TypeMeta +// +k8s:prerelease-lifecycle-gen=true + +// Package v1 contains the API Registration API, which is responsible for +// registering an API `Group`/`Version` with another kubernetes like API server. +// The `APIService` holds information about the other API server in +// `APIServiceSpec` type as well as general `TypeMeta` and `ObjectMeta`. The +// `APIServiceSpec` type have the main configuration needed to do the +// aggregation. Any request coming for specified `Group`/`Version` will be +// directed to the service defined by `ServiceReference` (on port 443) after +// validating the target using provided `CABundle` or skipping validation +// if development flag `InsecureSkipTLSVerify` is set. `Priority` is controlling +// the order of this API group in the overall discovery document. +// The return status is a set of conditions for this aggregation. Currently +// there is only one condition named "Available", if true, it means the +// api/server requests will be redirected to specified API server. +package v1 // import "k8s.io/kube-aggregator/pkg/apis/apiregistration/v1" diff --git a/vendor/k8s.io/kube-aggregator/pkg/apis/apiregistration/v1/generated.pb.go b/vendor/k8s.io/kube-aggregator/pkg/apis/apiregistration/v1/generated.pb.go new file mode 100644 index 0000000000..690810e8bb --- /dev/null +++ b/vendor/k8s.io/kube-aggregator/pkg/apis/apiregistration/v1/generated.pb.go @@ -0,0 +1,1813 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by protoc-gen-gogo. DO NOT EDIT. +// source: k8s.io/kube-aggregator/pkg/apis/apiregistration/v1/generated.proto + +package v1 + +import ( + fmt "fmt" + + io "io" + + proto "github.com/gogo/protobuf/proto" + + math "math" + math_bits "math/bits" + reflect "reflect" + strings "strings" +) + +// Reference imports to suppress errors if they are not otherwise used. +var _ = proto.Marshal +var _ = fmt.Errorf +var _ = math.Inf + +// This is a compile-time assertion to ensure that this generated file +// is compatible with the proto package it is being compiled against. +// A compilation error at this line likely means your copy of the +// proto package needs to be updated. +const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package + +func (m *APIService) Reset() { *m = APIService{} } +func (*APIService) ProtoMessage() {} +func (*APIService) Descriptor() ([]byte, []int) { + return fileDescriptor_93cf925561aed99f, []int{0} +} +func (m *APIService) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *APIService) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil +} +func (m *APIService) XXX_Merge(src proto.Message) { + xxx_messageInfo_APIService.Merge(m, src) +} +func (m *APIService) XXX_Size() int { + return m.Size() +} +func (m *APIService) XXX_DiscardUnknown() { + xxx_messageInfo_APIService.DiscardUnknown(m) +} + +var xxx_messageInfo_APIService proto.InternalMessageInfo + +func (m *APIServiceCondition) Reset() { *m = APIServiceCondition{} } +func (*APIServiceCondition) ProtoMessage() {} +func (*APIServiceCondition) Descriptor() ([]byte, []int) { + return fileDescriptor_93cf925561aed99f, []int{1} +} +func (m *APIServiceCondition) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *APIServiceCondition) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil +} +func (m *APIServiceCondition) XXX_Merge(src proto.Message) { + xxx_messageInfo_APIServiceCondition.Merge(m, src) +} +func (m *APIServiceCondition) XXX_Size() int { + return m.Size() +} +func (m *APIServiceCondition) XXX_DiscardUnknown() { + xxx_messageInfo_APIServiceCondition.DiscardUnknown(m) +} + +var xxx_messageInfo_APIServiceCondition proto.InternalMessageInfo + +func (m *APIServiceList) Reset() { *m = APIServiceList{} } +func (*APIServiceList) ProtoMessage() {} +func (*APIServiceList) Descriptor() ([]byte, []int) { + return fileDescriptor_93cf925561aed99f, []int{2} +} +func (m *APIServiceList) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *APIServiceList) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil +} +func (m *APIServiceList) XXX_Merge(src proto.Message) { + xxx_messageInfo_APIServiceList.Merge(m, src) +} +func (m *APIServiceList) XXX_Size() int { + return m.Size() +} +func (m *APIServiceList) XXX_DiscardUnknown() { + xxx_messageInfo_APIServiceList.DiscardUnknown(m) +} + +var xxx_messageInfo_APIServiceList proto.InternalMessageInfo + +func (m *APIServiceSpec) Reset() { *m = APIServiceSpec{} } +func (*APIServiceSpec) ProtoMessage() {} +func (*APIServiceSpec) Descriptor() ([]byte, []int) { + return fileDescriptor_93cf925561aed99f, []int{3} +} +func (m *APIServiceSpec) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *APIServiceSpec) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil +} +func (m *APIServiceSpec) XXX_Merge(src proto.Message) { + xxx_messageInfo_APIServiceSpec.Merge(m, src) +} +func (m *APIServiceSpec) XXX_Size() int { + return m.Size() +} +func (m *APIServiceSpec) XXX_DiscardUnknown() { + xxx_messageInfo_APIServiceSpec.DiscardUnknown(m) +} + +var xxx_messageInfo_APIServiceSpec proto.InternalMessageInfo + +func (m *APIServiceStatus) Reset() { *m = APIServiceStatus{} } +func (*APIServiceStatus) ProtoMessage() {} +func (*APIServiceStatus) Descriptor() ([]byte, []int) { + return fileDescriptor_93cf925561aed99f, []int{4} +} +func (m *APIServiceStatus) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *APIServiceStatus) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil +} +func (m *APIServiceStatus) XXX_Merge(src proto.Message) { + xxx_messageInfo_APIServiceStatus.Merge(m, src) +} +func (m *APIServiceStatus) XXX_Size() int { + return m.Size() +} +func (m *APIServiceStatus) XXX_DiscardUnknown() { + xxx_messageInfo_APIServiceStatus.DiscardUnknown(m) +} + +var xxx_messageInfo_APIServiceStatus proto.InternalMessageInfo + +func (m *ServiceReference) Reset() { *m = ServiceReference{} } +func (*ServiceReference) ProtoMessage() {} +func (*ServiceReference) Descriptor() ([]byte, []int) { + return fileDescriptor_93cf925561aed99f, []int{5} +} +func (m *ServiceReference) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *ServiceReference) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil +} +func (m *ServiceReference) XXX_Merge(src proto.Message) { + xxx_messageInfo_ServiceReference.Merge(m, src) +} +func (m *ServiceReference) XXX_Size() int { + return m.Size() +} +func (m *ServiceReference) XXX_DiscardUnknown() { + xxx_messageInfo_ServiceReference.DiscardUnknown(m) +} + +var xxx_messageInfo_ServiceReference proto.InternalMessageInfo + +func init() { + proto.RegisterType((*APIService)(nil), "k8s.io.kube_aggregator.pkg.apis.apiregistration.v1.APIService") + proto.RegisterType((*APIServiceCondition)(nil), "k8s.io.kube_aggregator.pkg.apis.apiregistration.v1.APIServiceCondition") + proto.RegisterType((*APIServiceList)(nil), "k8s.io.kube_aggregator.pkg.apis.apiregistration.v1.APIServiceList") + proto.RegisterType((*APIServiceSpec)(nil), "k8s.io.kube_aggregator.pkg.apis.apiregistration.v1.APIServiceSpec") + proto.RegisterType((*APIServiceStatus)(nil), "k8s.io.kube_aggregator.pkg.apis.apiregistration.v1.APIServiceStatus") + proto.RegisterType((*ServiceReference)(nil), "k8s.io.kube_aggregator.pkg.apis.apiregistration.v1.ServiceReference") +} + +func init() { + proto.RegisterFile("k8s.io/kube-aggregator/pkg/apis/apiregistration/v1/generated.proto", fileDescriptor_93cf925561aed99f) +} + +var fileDescriptor_93cf925561aed99f = []byte{ + // 826 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xa4, 0x55, 0x5d, 0x6b, 0x2b, 0x45, + 0x18, 0xce, 0xb6, 0x49, 0x9b, 0x4e, 0xeb, 0x69, 0x1d, 0xcf, 0xe1, 0x2c, 0xe5, 0xb8, 0xad, 0x11, + 0x34, 0x0a, 0x67, 0xd7, 0x06, 0x11, 0x45, 0x10, 0xba, 0x47, 0x28, 0x85, 0x56, 0xc3, 0xa4, 0x14, + 0x11, 0x41, 0x27, 0x9b, 0xb7, 0xdb, 0x31, 0xdd, 0x0f, 0x66, 0x66, 0x03, 0xc1, 0x1b, 0xc1, 0x1f, + 0xa0, 0xbf, 0xc9, 0xab, 0x5e, 0x1e, 0xf0, 0xa6, 0x57, 0xc1, 0xc4, 0x7f, 0x71, 0xae, 0x64, 0x66, + 0x67, 0x77, 0xd3, 0x34, 0xe2, 0xe9, 0xe9, 0x4d, 0xc8, 0xfb, 0xf1, 0x3c, 0xcf, 0x3b, 0xef, 0x3c, + 0x99, 0x20, 0x7f, 0xf8, 0xb9, 0x70, 0x59, 0xe2, 0x0d, 0xb3, 0x3e, 0x3c, 0xa7, 0x61, 0xc8, 0x21, + 0xa4, 0x32, 0xe1, 0x5e, 0x3a, 0x0c, 0x3d, 0x9a, 0x32, 0xa1, 0x3e, 0x38, 0x84, 0x4c, 0x48, 0x4e, + 0x25, 0x4b, 0x62, 0x6f, 0x74, 0xe0, 0x85, 0x10, 0x03, 0xa7, 0x12, 0x06, 0x6e, 0xca, 0x13, 0x99, + 0xe0, 0x4e, 0xce, 0xe1, 0x2a, 0x8e, 0x1f, 0x2b, 0x0e, 0x37, 0x1d, 0x86, 0xae, 0xe2, 0x70, 0x17, + 0x38, 0xdc, 0xd1, 0xc1, 0xee, 0xf3, 0x90, 0xc9, 0xcb, 0xac, 0xef, 0x06, 0x49, 0xe4, 0x85, 0x49, + 0x98, 0x78, 0x9a, 0xaa, 0x9f, 0x5d, 0xe8, 0x48, 0x07, 0xfa, 0x5b, 0x2e, 0xb1, 0xfb, 0xa9, 0x19, + 0x93, 0xa6, 0x2c, 0xa2, 0xc1, 0x25, 0x8b, 0x81, 0x8f, 0xab, 0x19, 0x23, 0x90, 0x74, 0xc9, 0x60, + 0xbb, 0xde, 0x7f, 0xa1, 0x78, 0x16, 0x4b, 0x16, 0xc1, 0x1d, 0xc0, 0x67, 0xff, 0x07, 0x10, 0xc1, + 0x25, 0x44, 0x74, 0x11, 0xd7, 0xfa, 0x73, 0x05, 0xa1, 0xc3, 0xee, 0x71, 0x0f, 0xf8, 0x88, 0x05, + 0x80, 0x7f, 0x42, 0x4d, 0x35, 0xd2, 0x80, 0x4a, 0x6a, 0x5b, 0xfb, 0x56, 0x7b, 0xb3, 0xf3, 0x89, + 0x6b, 0x76, 0x34, 0xcf, 0x5c, 0x2d, 0x48, 0x75, 0xbb, 0xa3, 0x03, 0xf7, 0xdb, 0xfe, 0xcf, 0x10, + 0xc8, 0x53, 0x90, 0xd4, 0xc7, 0xd7, 0x93, 0xbd, 0xda, 0x6c, 0xb2, 0x87, 0xaa, 0x1c, 0x29, 0x59, + 0xf1, 0x00, 0xd5, 0x45, 0x0a, 0x81, 0xbd, 0xa2, 0xd9, 0x7d, 0xf7, 0xfe, 0x37, 0xe0, 0x56, 0xf3, + 0xf6, 0x52, 0x08, 0xfc, 0x2d, 0xa3, 0x57, 0x57, 0x11, 0xd1, 0xec, 0xf8, 0x0a, 0xad, 0x09, 0x49, + 0x65, 0x26, 0xec, 0x55, 0xad, 0xf3, 0xf5, 0x03, 0x75, 0x34, 0x97, 0xff, 0xc8, 0x28, 0xad, 0xe5, + 0x31, 0x31, 0x1a, 0xad, 0x9b, 0x15, 0xf4, 0x4e, 0xd5, 0xfc, 0x22, 0x89, 0x07, 0x4c, 0x71, 0xe0, + 0x2f, 0x51, 0x5d, 0x8e, 0x53, 0xd0, 0x9b, 0xdc, 0xf0, 0x3f, 0x2c, 0xe6, 0x3c, 0x1b, 0xa7, 0xf0, + 0x6a, 0xb2, 0xf7, 0x74, 0x09, 0x44, 0x95, 0x88, 0x06, 0xe1, 0x2f, 0xca, 0x23, 0xac, 0x68, 0xf8, + 0x7b, 0xb7, 0xc5, 0x5f, 0x4d, 0xf6, 0xb6, 0x4b, 0xd8, 0xed, 0x79, 0xf0, 0x08, 0xe1, 0x2b, 0x2a, + 0xe4, 0x19, 0xa7, 0xb1, 0xc8, 0x69, 0x59, 0x04, 0x66, 0x13, 0x1f, 0xbf, 0xde, 0x7d, 0x2a, 0x84, + 0xbf, 0x6b, 0x24, 0xf1, 0xc9, 0x1d, 0x36, 0xb2, 0x44, 0x01, 0x7f, 0x80, 0xd6, 0x38, 0x50, 0x91, + 0xc4, 0x76, 0x5d, 0x8f, 0x5c, 0xee, 0x8b, 0xe8, 0x2c, 0x31, 0x55, 0xfc, 0x11, 0x5a, 0x8f, 0x40, + 0x08, 0x1a, 0x82, 0xdd, 0xd0, 0x8d, 0xdb, 0xa6, 0x71, 0xfd, 0x34, 0x4f, 0x93, 0xa2, 0xde, 0xfa, + 0xcb, 0x42, 0x8f, 0xaa, 0x3d, 0x9d, 0x30, 0x21, 0xf1, 0x0f, 0x77, 0x3c, 0xea, 0xbe, 0xde, 0x99, + 0x14, 0x5a, 0x3b, 0x74, 0xc7, 0xc8, 0x35, 0x8b, 0xcc, 0x9c, 0x3f, 0x03, 0xd4, 0x60, 0x12, 0x22, + 0xb5, 0xf5, 0xd5, 0xf6, 0x66, 0xe7, 0xab, 0x87, 0x19, 0xc7, 0x7f, 0xcb, 0x48, 0x35, 0x8e, 0x15, + 0x29, 0xc9, 0xb9, 0x5b, 0xd3, 0xd5, 0xf9, 0x53, 0x29, 0xdf, 0xe2, 0x21, 0x5a, 0x17, 0x79, 0x68, + 0x0e, 0xf5, 0x46, 0x96, 0x35, 0x8c, 0x04, 0x2e, 0x80, 0x43, 0x1c, 0x80, 0xbf, 0xa9, 0xb6, 0x5a, + 0x64, 0x0b, 0x05, 0xfc, 0x3e, 0x6a, 0x84, 0x3c, 0xc9, 0x52, 0x63, 0xad, 0x72, 0xc8, 0x23, 0x95, + 0x24, 0x79, 0x4d, 0xdd, 0xd2, 0x08, 0xb8, 0x60, 0x49, 0xac, 0xad, 0x33, 0x77, 0x4b, 0xe7, 0x79, + 0x9a, 0x14, 0x75, 0xdc, 0x43, 0x4f, 0x58, 0x2c, 0x20, 0xc8, 0x38, 0xf4, 0x86, 0x2c, 0x3d, 0x3b, + 0xe9, 0x9d, 0x03, 0x67, 0x17, 0x63, 0xed, 0x83, 0xa6, 0xff, 0xae, 0x01, 0x3e, 0x39, 0x5e, 0xd6, + 0x44, 0x96, 0x63, 0x71, 0x1b, 0x35, 0x03, 0xea, 0x67, 0xf1, 0xe0, 0x2a, 0xb7, 0xc9, 0x96, 0xbf, + 0xa5, 0xee, 0xec, 0xc5, 0x61, 0x9e, 0x23, 0x65, 0x15, 0x77, 0xd1, 0x63, 0x3d, 0x72, 0x97, 0xb3, + 0x84, 0x33, 0x39, 0x3e, 0x65, 0x31, 0x8b, 0xb2, 0xc8, 0x5e, 0xdf, 0xb7, 0xda, 0x0d, 0xff, 0x99, + 0x51, 0x7f, 0x7c, 0xb4, 0xa4, 0x87, 0x2c, 0x45, 0xe2, 0x43, 0xb4, 0x6d, 0xce, 0x56, 0x54, 0xec, + 0xa6, 0x26, 0x7b, 0x6a, 0xc8, 0xb6, 0xcf, 0x6f, 0x97, 0xc9, 0x62, 0x7f, 0xeb, 0x77, 0x0b, 0xed, + 0x2c, 0xbe, 0x20, 0xf8, 0x17, 0x84, 0x82, 0xe2, 0x47, 0x2b, 0x6c, 0x4b, 0x5b, 0xec, 0xe8, 0x61, + 0x16, 0x2b, 0x1f, 0x81, 0xea, 0xe1, 0x2d, 0x53, 0x82, 0xcc, 0xc9, 0xb5, 0x7e, 0xb3, 0xd0, 0xce, + 0xa2, 0x41, 0xb0, 0x87, 0x36, 0x62, 0x1a, 0x81, 0x48, 0x69, 0x50, 0x3c, 0x54, 0x6f, 0x1b, 0x9e, + 0x8d, 0x6f, 0x8a, 0x02, 0xa9, 0x7a, 0xf0, 0x3e, 0xaa, 0xab, 0xc0, 0x58, 0xa7, 0x7c, 0x7c, 0x55, + 0x2f, 0xd1, 0x15, 0xfc, 0x0c, 0xd5, 0xd3, 0x84, 0x4b, 0xed, 0x9a, 0x86, 0xdf, 0x54, 0xd5, 0x6e, + 0xc2, 0x25, 0xd1, 0x59, 0xff, 0xbb, 0xeb, 0xa9, 0x53, 0x7b, 0x39, 0x75, 0x6a, 0x37, 0x53, 0xa7, + 0xf6, 0xeb, 0xcc, 0xb1, 0xae, 0x67, 0x8e, 0xf5, 0x72, 0xe6, 0x58, 0x37, 0x33, 0xc7, 0xfa, 0x7b, + 0xe6, 0x58, 0x7f, 0xfc, 0xe3, 0xd4, 0xbe, 0xef, 0xdc, 0xff, 0xdf, 0xfd, 0xdf, 0x00, 0x00, 0x00, + 0xff, 0xff, 0x19, 0x6e, 0x3d, 0x66, 0x12, 0x08, 0x00, 0x00, +} + +func (m *APIService) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *APIService) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *APIService) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + { + size, err := m.Status.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x1a + { + size, err := m.Spec.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x12 + { + size, err := m.ObjectMeta.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0xa + return len(dAtA) - i, nil +} + +func (m *APIServiceCondition) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *APIServiceCondition) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *APIServiceCondition) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + i -= len(m.Message) + copy(dAtA[i:], m.Message) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.Message))) + i-- + dAtA[i] = 0x2a + i -= len(m.Reason) + copy(dAtA[i:], m.Reason) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.Reason))) + i-- + dAtA[i] = 0x22 + { + size, err := m.LastTransitionTime.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x1a + i -= len(m.Status) + copy(dAtA[i:], m.Status) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.Status))) + i-- + dAtA[i] = 0x12 + i -= len(m.Type) + copy(dAtA[i:], m.Type) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.Type))) + i-- + dAtA[i] = 0xa + return len(dAtA) - i, nil +} + +func (m *APIServiceList) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *APIServiceList) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *APIServiceList) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if len(m.Items) > 0 { + for iNdEx := len(m.Items) - 1; iNdEx >= 0; iNdEx-- { + { + size, err := m.Items[iNdEx].MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x12 + } + } + { + size, err := m.ListMeta.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0xa + return len(dAtA) - i, nil +} + +func (m *APIServiceSpec) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *APIServiceSpec) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *APIServiceSpec) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + i = encodeVarintGenerated(dAtA, i, uint64(m.VersionPriority)) + i-- + dAtA[i] = 0x40 + i = encodeVarintGenerated(dAtA, i, uint64(m.GroupPriorityMinimum)) + i-- + dAtA[i] = 0x38 + if m.CABundle != nil { + i -= len(m.CABundle) + copy(dAtA[i:], m.CABundle) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.CABundle))) + i-- + dAtA[i] = 0x2a + } + i-- + if m.InsecureSkipTLSVerify { + dAtA[i] = 1 + } else { + dAtA[i] = 0 + } + i-- + dAtA[i] = 0x20 + i -= len(m.Version) + copy(dAtA[i:], m.Version) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.Version))) + i-- + dAtA[i] = 0x1a + i -= len(m.Group) + copy(dAtA[i:], m.Group) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.Group))) + i-- + dAtA[i] = 0x12 + if m.Service != nil { + { + size, err := m.Service.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0xa + } + return len(dAtA) - i, nil +} + +func (m *APIServiceStatus) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *APIServiceStatus) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *APIServiceStatus) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if len(m.Conditions) > 0 { + for iNdEx := len(m.Conditions) - 1; iNdEx >= 0; iNdEx-- { + { + size, err := m.Conditions[iNdEx].MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0xa + } + } + return len(dAtA) - i, nil +} + +func (m *ServiceReference) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *ServiceReference) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *ServiceReference) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if m.Port != nil { + i = encodeVarintGenerated(dAtA, i, uint64(*m.Port)) + i-- + dAtA[i] = 0x18 + } + i -= len(m.Name) + copy(dAtA[i:], m.Name) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.Name))) + i-- + dAtA[i] = 0x12 + i -= len(m.Namespace) + copy(dAtA[i:], m.Namespace) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.Namespace))) + i-- + dAtA[i] = 0xa + return len(dAtA) - i, nil +} + +func encodeVarintGenerated(dAtA []byte, offset int, v uint64) int { + offset -= sovGenerated(v) + base := offset + for v >= 1<<7 { + dAtA[offset] = uint8(v&0x7f | 0x80) + v >>= 7 + offset++ + } + dAtA[offset] = uint8(v) + return base +} +func (m *APIService) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = m.ObjectMeta.Size() + n += 1 + l + sovGenerated(uint64(l)) + l = m.Spec.Size() + n += 1 + l + sovGenerated(uint64(l)) + l = m.Status.Size() + n += 1 + l + sovGenerated(uint64(l)) + return n +} + +func (m *APIServiceCondition) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.Type) + n += 1 + l + sovGenerated(uint64(l)) + l = len(m.Status) + n += 1 + l + sovGenerated(uint64(l)) + l = m.LastTransitionTime.Size() + n += 1 + l + sovGenerated(uint64(l)) + l = len(m.Reason) + n += 1 + l + sovGenerated(uint64(l)) + l = len(m.Message) + n += 1 + l + sovGenerated(uint64(l)) + return n +} + +func (m *APIServiceList) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = m.ListMeta.Size() + n += 1 + l + sovGenerated(uint64(l)) + if len(m.Items) > 0 { + for _, e := range m.Items { + l = e.Size() + n += 1 + l + sovGenerated(uint64(l)) + } + } + return n +} + +func (m *APIServiceSpec) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + if m.Service != nil { + l = m.Service.Size() + n += 1 + l + sovGenerated(uint64(l)) + } + l = len(m.Group) + n += 1 + l + sovGenerated(uint64(l)) + l = len(m.Version) + n += 1 + l + sovGenerated(uint64(l)) + n += 2 + if m.CABundle != nil { + l = len(m.CABundle) + n += 1 + l + sovGenerated(uint64(l)) + } + n += 1 + sovGenerated(uint64(m.GroupPriorityMinimum)) + n += 1 + sovGenerated(uint64(m.VersionPriority)) + return n +} + +func (m *APIServiceStatus) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + if len(m.Conditions) > 0 { + for _, e := range m.Conditions { + l = e.Size() + n += 1 + l + sovGenerated(uint64(l)) + } + } + return n +} + +func (m *ServiceReference) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.Namespace) + n += 1 + l + sovGenerated(uint64(l)) + l = len(m.Name) + n += 1 + l + sovGenerated(uint64(l)) + if m.Port != nil { + n += 1 + sovGenerated(uint64(*m.Port)) + } + return n +} + +func sovGenerated(x uint64) (n int) { + return (math_bits.Len64(x|1) + 6) / 7 +} +func sozGenerated(x uint64) (n int) { + return sovGenerated(uint64((x << 1) ^ uint64((int64(x) >> 63)))) +} +func (this *APIService) String() string { + if this == nil { + return "nil" + } + s := strings.Join([]string{`&APIService{`, + `ObjectMeta:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.ObjectMeta), "ObjectMeta", "v1.ObjectMeta", 1), `&`, ``, 1) + `,`, + `Spec:` + strings.Replace(strings.Replace(this.Spec.String(), "APIServiceSpec", "APIServiceSpec", 1), `&`, ``, 1) + `,`, + `Status:` + strings.Replace(strings.Replace(this.Status.String(), "APIServiceStatus", "APIServiceStatus", 1), `&`, ``, 1) + `,`, + `}`, + }, "") + return s +} +func (this *APIServiceCondition) String() string { + if this == nil { + return "nil" + } + s := strings.Join([]string{`&APIServiceCondition{`, + `Type:` + fmt.Sprintf("%v", this.Type) + `,`, + `Status:` + fmt.Sprintf("%v", this.Status) + `,`, + `LastTransitionTime:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.LastTransitionTime), "Time", "v1.Time", 1), `&`, ``, 1) + `,`, + `Reason:` + fmt.Sprintf("%v", this.Reason) + `,`, + `Message:` + fmt.Sprintf("%v", this.Message) + `,`, + `}`, + }, "") + return s +} +func (this *APIServiceList) String() string { + if this == nil { + return "nil" + } + repeatedStringForItems := "[]APIService{" + for _, f := range this.Items { + repeatedStringForItems += strings.Replace(strings.Replace(f.String(), "APIService", "APIService", 1), `&`, ``, 1) + "," + } + repeatedStringForItems += "}" + s := strings.Join([]string{`&APIServiceList{`, + `ListMeta:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.ListMeta), "ListMeta", "v1.ListMeta", 1), `&`, ``, 1) + `,`, + `Items:` + repeatedStringForItems + `,`, + `}`, + }, "") + return s +} +func (this *APIServiceSpec) String() string { + if this == nil { + return "nil" + } + s := strings.Join([]string{`&APIServiceSpec{`, + `Service:` + strings.Replace(this.Service.String(), "ServiceReference", "ServiceReference", 1) + `,`, + `Group:` + fmt.Sprintf("%v", this.Group) + `,`, + `Version:` + fmt.Sprintf("%v", this.Version) + `,`, + `InsecureSkipTLSVerify:` + fmt.Sprintf("%v", this.InsecureSkipTLSVerify) + `,`, + `CABundle:` + valueToStringGenerated(this.CABundle) + `,`, + `GroupPriorityMinimum:` + fmt.Sprintf("%v", this.GroupPriorityMinimum) + `,`, + `VersionPriority:` + fmt.Sprintf("%v", this.VersionPriority) + `,`, + `}`, + }, "") + return s +} +func (this *APIServiceStatus) String() string { + if this == nil { + return "nil" + } + repeatedStringForConditions := "[]APIServiceCondition{" + for _, f := range this.Conditions { + repeatedStringForConditions += strings.Replace(strings.Replace(f.String(), "APIServiceCondition", "APIServiceCondition", 1), `&`, ``, 1) + "," + } + repeatedStringForConditions += "}" + s := strings.Join([]string{`&APIServiceStatus{`, + `Conditions:` + repeatedStringForConditions + `,`, + `}`, + }, "") + return s +} +func (this *ServiceReference) String() string { + if this == nil { + return "nil" + } + s := strings.Join([]string{`&ServiceReference{`, + `Namespace:` + fmt.Sprintf("%v", this.Namespace) + `,`, + `Name:` + fmt.Sprintf("%v", this.Name) + `,`, + `Port:` + valueToStringGenerated(this.Port) + `,`, + `}`, + }, "") + return s +} +func valueToStringGenerated(v interface{}) string { + rv := reflect.ValueOf(v) + if rv.IsNil() { + return "nil" + } + pv := reflect.Indirect(rv).Interface() + return fmt.Sprintf("*%v", pv) +} +func (m *APIService) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: APIService: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: APIService: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ObjectMeta", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.ObjectMeta.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Spec", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.Spec.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Status", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.Status.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *APIServiceCondition) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: APIServiceCondition: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: APIServiceCondition: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Type", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Type = APIServiceConditionType(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Status", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Status = ConditionStatus(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field LastTransitionTime", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.LastTransitionTime.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 4: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Reason", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Reason = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 5: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Message", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Message = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *APIServiceList) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: APIServiceList: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: APIServiceList: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ListMeta", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.ListMeta.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Items", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Items = append(m.Items, APIService{}) + if err := m.Items[len(m.Items)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *APIServiceSpec) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: APIServiceSpec: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: APIServiceSpec: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Service", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.Service == nil { + m.Service = &ServiceReference{} + } + if err := m.Service.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Group", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Group = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Version", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Version = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 4: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field InsecureSkipTLSVerify", wireType) + } + var v int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + v |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + m.InsecureSkipTLSVerify = bool(v != 0) + case 5: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field CABundle", wireType) + } + var byteLen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + byteLen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if byteLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + byteLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.CABundle = append(m.CABundle[:0], dAtA[iNdEx:postIndex]...) + if m.CABundle == nil { + m.CABundle = []byte{} + } + iNdEx = postIndex + case 7: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field GroupPriorityMinimum", wireType) + } + m.GroupPriorityMinimum = 0 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + m.GroupPriorityMinimum |= int32(b&0x7F) << shift + if b < 0x80 { + break + } + } + case 8: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field VersionPriority", wireType) + } + m.VersionPriority = 0 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + m.VersionPriority |= int32(b&0x7F) << shift + if b < 0x80 { + break + } + } + default: + iNdEx = preIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *APIServiceStatus) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: APIServiceStatus: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: APIServiceStatus: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Conditions", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Conditions = append(m.Conditions, APIServiceCondition{}) + if err := m.Conditions[len(m.Conditions)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *ServiceReference) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: ServiceReference: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: ServiceReference: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Namespace", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Namespace = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Name = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 3: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field Port", wireType) + } + var v int32 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + v |= int32(b&0x7F) << shift + if b < 0x80 { + break + } + } + m.Port = &v + default: + iNdEx = preIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func skipGenerated(dAtA []byte) (n int, err error) { + l := len(dAtA) + iNdEx := 0 + depth := 0 + for iNdEx < l { + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return 0, ErrIntOverflowGenerated + } + if iNdEx >= l { + return 0, io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + wireType := int(wire & 0x7) + switch wireType { + case 0: + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return 0, ErrIntOverflowGenerated + } + if iNdEx >= l { + return 0, io.ErrUnexpectedEOF + } + iNdEx++ + if dAtA[iNdEx-1] < 0x80 { + break + } + } + case 1: + iNdEx += 8 + case 2: + var length int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return 0, ErrIntOverflowGenerated + } + if iNdEx >= l { + return 0, io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + length |= (int(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + if length < 0 { + return 0, ErrInvalidLengthGenerated + } + iNdEx += length + case 3: + depth++ + case 4: + if depth == 0 { + return 0, ErrUnexpectedEndOfGroupGenerated + } + depth-- + case 5: + iNdEx += 4 + default: + return 0, fmt.Errorf("proto: illegal wireType %d", wireType) + } + if iNdEx < 0 { + return 0, ErrInvalidLengthGenerated + } + if depth == 0 { + return iNdEx, nil + } + } + return 0, io.ErrUnexpectedEOF +} + +var ( + ErrInvalidLengthGenerated = fmt.Errorf("proto: negative length found during unmarshaling") + ErrIntOverflowGenerated = fmt.Errorf("proto: integer overflow") + ErrUnexpectedEndOfGroupGenerated = fmt.Errorf("proto: unexpected end of group") +) diff --git a/vendor/k8s.io/kube-aggregator/pkg/apis/apiregistration/v1/generated.proto b/vendor/k8s.io/kube-aggregator/pkg/apis/apiregistration/v1/generated.proto new file mode 100644 index 0000000000..5571387ef8 --- /dev/null +++ b/vendor/k8s.io/kube-aggregator/pkg/apis/apiregistration/v1/generated.proto @@ -0,0 +1,151 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + + +// This file was autogenerated by go-to-protobuf. Do not edit it manually! + +syntax = "proto2"; + +package k8s.io.kube_aggregator.pkg.apis.apiregistration.v1; + +import "k8s.io/apimachinery/pkg/apis/meta/v1/generated.proto"; +import "k8s.io/apimachinery/pkg/runtime/generated.proto"; +import "k8s.io/apimachinery/pkg/runtime/schema/generated.proto"; + +// Package-wide variables from generator "generated". +option go_package = "k8s.io/kube-aggregator/pkg/apis/apiregistration/v1"; + +// APIService represents a server for a particular GroupVersion. +// Name must be "version.group". +message APIService { + // Standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; + + // Spec contains information for locating and communicating with a server + optional APIServiceSpec spec = 2; + + // Status contains derived information about an API server + optional APIServiceStatus status = 3; +} + +// APIServiceCondition describes the state of an APIService at a particular point +message APIServiceCondition { + // Type is the type of the condition. + optional string type = 1; + + // Status is the status of the condition. + // Can be True, False, Unknown. + optional string status = 2; + + // Last time the condition transitioned from one status to another. + // +optional + optional .k8s.io.apimachinery.pkg.apis.meta.v1.Time lastTransitionTime = 3; + + // Unique, one-word, CamelCase reason for the condition's last transition. + // +optional + optional string reason = 4; + + // Human-readable message indicating details about last transition. + // +optional + optional string message = 5; +} + +// APIServiceList is a list of APIService objects. +message APIServiceList { + // Standard list metadata + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; + + // Items is the list of APIService + repeated APIService items = 2; +} + +// APIServiceSpec contains information for locating and communicating with a server. +// Only https is supported, though you are able to disable certificate verification. +message APIServiceSpec { + // Service is a reference to the service for this API server. It must communicate + // on port 443. + // If the Service is nil, that means the handling for the API groupversion is handled locally on this server. + // The call will simply delegate to the normal handler chain to be fulfilled. + // +optional + optional ServiceReference service = 1; + + // Group is the API group name this server hosts + optional string group = 2; + + // Version is the API version this server hosts. For example, "v1" + optional string version = 3; + + // InsecureSkipTLSVerify disables TLS certificate verification when communicating with this server. + // This is strongly discouraged. You should use the CABundle instead. + optional bool insecureSkipTLSVerify = 4; + + // CABundle is a PEM encoded CA bundle which will be used to validate an API server's serving certificate. + // If unspecified, system trust roots on the apiserver are used. + // +listType=atomic + // +optional + optional bytes caBundle = 5; + + // GroupPriorityMinimum is the priority this group should have at least. Higher priority means that the group is preferred by clients over lower priority ones. + // Note that other versions of this group might specify even higher GroupPriorityMinimum values such that the whole group gets a higher priority. + // The primary sort is based on GroupPriorityMinimum, ordered highest number to lowest (20 before 10). + // The secondary sort is based on the alphabetical comparison of the name of the object. (v1.bar before v1.foo) + // We'd recommend something like: *.k8s.io (except extensions) at 18000 and + // PaaSes (OpenShift, Deis) are recommended to be in the 2000s + optional int32 groupPriorityMinimum = 7; + + // VersionPriority controls the ordering of this API version inside of its group. Must be greater than zero. + // The primary sort is based on VersionPriority, ordered highest to lowest (20 before 10). + // Since it's inside of a group, the number can be small, probably in the 10s. + // In case of equal version priorities, the version string will be used to compute the order inside a group. + // If the version string is "kube-like", it will sort above non "kube-like" version strings, which are ordered + // lexicographically. "Kube-like" versions start with a "v", then are followed by a number (the major version), + // then optionally the string "alpha" or "beta" and another number (the minor version). These are sorted first + // by GA > beta > alpha (where GA is a version with no suffix such as beta or alpha), and then by comparing major + // version, then minor version. An example sorted list of versions: + // v10, v2, v1, v11beta2, v10beta3, v3beta1, v12alpha1, v11alpha2, foo1, foo10. + optional int32 versionPriority = 8; +} + +// APIServiceStatus contains derived information about an API server +message APIServiceStatus { + // Current service state of apiService. + // +optional + // +patchMergeKey=type + // +patchStrategy=merge + // +listType=map + // +listMapKey=type + repeated APIServiceCondition conditions = 1; +} + +// ServiceReference holds a reference to Service.legacy.k8s.io +message ServiceReference { + // Namespace is the namespace of the service + optional string namespace = 1; + + // Name is the name of the service + optional string name = 2; + + // If specified, the port on the service that hosting webhook. + // Default to 443 for backward compatibility. + // `port` should be a valid port number (1-65535, inclusive). + // +optional + optional int32 port = 3; +} + diff --git a/vendor/k8s.io/kube-aggregator/pkg/apis/apiregistration/v1/register.go b/vendor/k8s.io/kube-aggregator/pkg/apis/apiregistration/v1/register.go new file mode 100644 index 0000000000..07e65bf045 --- /dev/null +++ b/vendor/k8s.io/kube-aggregator/pkg/apis/apiregistration/v1/register.go @@ -0,0 +1,61 @@ +/* +Copyright 2016 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" +) + +// GroupName is the API group for apiregistration +const GroupName = "apiregistration.k8s.io" + +// SchemeGroupVersion is group version used to register these objects +var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1"} + +// Resource takes an unqualified resource and returns back a Group qualified GroupResource +func Resource(resource string) schema.GroupResource { + return SchemeGroupVersion.WithResource(resource).GroupResource() +} + +var ( + // SchemeBuilder is the scheme builder with scheme init functions to run for this API package + // TODO: move SchemeBuilder with zz_generated.deepcopy.go to k8s.io/api. + // localSchemeBuilder and AddToScheme will stay in k8s.io/kubernetes. + SchemeBuilder runtime.SchemeBuilder + localSchemeBuilder = &SchemeBuilder + // AddToScheme is a common registration function for mapping packaged scoped group & version keys to a scheme + AddToScheme = localSchemeBuilder.AddToScheme +) + +func init() { + // We only register manually written functions here. The registration of the + // generated functions takes place in the generated files. The separation + // makes the code compile even when the generated files are missing. + localSchemeBuilder.Register(addKnownTypes, addDefaultingFuncs) +} + +// Adds the list of known types to the given scheme. +func addKnownTypes(scheme *runtime.Scheme) error { + scheme.AddKnownTypes(SchemeGroupVersion, + &APIService{}, + &APIServiceList{}, + ) + metav1.AddToGroupVersion(scheme, SchemeGroupVersion) + return nil +} diff --git a/vendor/k8s.io/kube-aggregator/pkg/apis/apiregistration/v1/types.go b/vendor/k8s.io/kube-aggregator/pkg/apis/apiregistration/v1/types.go new file mode 100644 index 0000000000..fe5f64c0e1 --- /dev/null +++ b/vendor/k8s.io/kube-aggregator/pkg/apis/apiregistration/v1/types.go @@ -0,0 +1,164 @@ +/* +Copyright 2016 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1 + +import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +k8s:prerelease-lifecycle-gen:introduced=1.10 + +// APIServiceList is a list of APIService objects. +type APIServiceList struct { + metav1.TypeMeta `json:",inline"` + // Standard list metadata + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` + + // Items is the list of APIService + Items []APIService `json:"items" protobuf:"bytes,2,rep,name=items"` +} + +// ServiceReference holds a reference to Service.legacy.k8s.io +type ServiceReference struct { + // Namespace is the namespace of the service + Namespace string `json:"namespace,omitempty" protobuf:"bytes,1,opt,name=namespace"` + // Name is the name of the service + Name string `json:"name,omitempty" protobuf:"bytes,2,opt,name=name"` + // If specified, the port on the service that hosting webhook. + // Default to 443 for backward compatibility. + // `port` should be a valid port number (1-65535, inclusive). + // +optional + Port *int32 `json:"port,omitempty" protobuf:"varint,3,opt,name=port"` +} + +// APIServiceSpec contains information for locating and communicating with a server. +// Only https is supported, though you are able to disable certificate verification. +type APIServiceSpec struct { + // Service is a reference to the service for this API server. It must communicate + // on port 443. + // If the Service is nil, that means the handling for the API groupversion is handled locally on this server. + // The call will simply delegate to the normal handler chain to be fulfilled. + // +optional + Service *ServiceReference `json:"service,omitempty" protobuf:"bytes,1,opt,name=service"` + // Group is the API group name this server hosts + Group string `json:"group,omitempty" protobuf:"bytes,2,opt,name=group"` + // Version is the API version this server hosts. For example, "v1" + Version string `json:"version,omitempty" protobuf:"bytes,3,opt,name=version"` + + // InsecureSkipTLSVerify disables TLS certificate verification when communicating with this server. + // This is strongly discouraged. You should use the CABundle instead. + InsecureSkipTLSVerify bool `json:"insecureSkipTLSVerify,omitempty" protobuf:"varint,4,opt,name=insecureSkipTLSVerify"` + // CABundle is a PEM encoded CA bundle which will be used to validate an API server's serving certificate. + // If unspecified, system trust roots on the apiserver are used. + // +listType=atomic + // +optional + CABundle []byte `json:"caBundle,omitempty" protobuf:"bytes,5,opt,name=caBundle"` + + // GroupPriorityMinimum is the priority this group should have at least. Higher priority means that the group is preferred by clients over lower priority ones. + // Note that other versions of this group might specify even higher GroupPriorityMinimum values such that the whole group gets a higher priority. + // The primary sort is based on GroupPriorityMinimum, ordered highest number to lowest (20 before 10). + // The secondary sort is based on the alphabetical comparison of the name of the object. (v1.bar before v1.foo) + // We'd recommend something like: *.k8s.io (except extensions) at 18000 and + // PaaSes (OpenShift, Deis) are recommended to be in the 2000s + GroupPriorityMinimum int32 `json:"groupPriorityMinimum" protobuf:"varint,7,opt,name=groupPriorityMinimum"` + + // VersionPriority controls the ordering of this API version inside of its group. Must be greater than zero. + // The primary sort is based on VersionPriority, ordered highest to lowest (20 before 10). + // Since it's inside of a group, the number can be small, probably in the 10s. + // In case of equal version priorities, the version string will be used to compute the order inside a group. + // If the version string is "kube-like", it will sort above non "kube-like" version strings, which are ordered + // lexicographically. "Kube-like" versions start with a "v", then are followed by a number (the major version), + // then optionally the string "alpha" or "beta" and another number (the minor version). These are sorted first + // by GA > beta > alpha (where GA is a version with no suffix such as beta or alpha), and then by comparing major + // version, then minor version. An example sorted list of versions: + // v10, v2, v1, v11beta2, v10beta3, v3beta1, v12alpha1, v11alpha2, foo1, foo10. + VersionPriority int32 `json:"versionPriority" protobuf:"varint,8,opt,name=versionPriority"` + + // leaving this here so everyone remembers why proto index 6 is skipped + // Priority int64 `json:"priority" protobuf:"varint,6,opt,name=priority"` +} + +// ConditionStatus indicates the status of a condition (true, false, or unknown). +type ConditionStatus string + +// These are valid condition statuses. "ConditionTrue" means a resource is in the condition; +// "ConditionFalse" means a resource is not in the condition; "ConditionUnknown" means kubernetes +// can't decide if a resource is in the condition or not. In the future, we could add other +// intermediate conditions, e.g. ConditionDegraded. +const ( + ConditionTrue ConditionStatus = "True" + ConditionFalse ConditionStatus = "False" + ConditionUnknown ConditionStatus = "Unknown" +) + +// APIServiceConditionType is a valid value for APIServiceCondition.Type +type APIServiceConditionType string + +const ( + // Available indicates that the service exists and is reachable + Available APIServiceConditionType = "Available" +) + +// APIServiceCondition describes the state of an APIService at a particular point +type APIServiceCondition struct { + // Type is the type of the condition. + Type APIServiceConditionType `json:"type" protobuf:"bytes,1,opt,name=type,casttype=APIServiceConditionType"` + // Status is the status of the condition. + // Can be True, False, Unknown. + Status ConditionStatus `json:"status" protobuf:"bytes,2,opt,name=status,casttype=ConditionStatus"` + // Last time the condition transitioned from one status to another. + // +optional + LastTransitionTime metav1.Time `json:"lastTransitionTime,omitempty" protobuf:"bytes,3,opt,name=lastTransitionTime"` + // Unique, one-word, CamelCase reason for the condition's last transition. + // +optional + Reason string `json:"reason,omitempty" protobuf:"bytes,4,opt,name=reason"` + // Human-readable message indicating details about last transition. + // +optional + Message string `json:"message,omitempty" protobuf:"bytes,5,opt,name=message"` +} + +// APIServiceStatus contains derived information about an API server +type APIServiceStatus struct { + // Current service state of apiService. + // +optional + // +patchMergeKey=type + // +patchStrategy=merge + // +listType=map + // +listMapKey=type + Conditions []APIServiceCondition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` +} + +// +genclient +// +genclient:nonNamespaced +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +k8s:prerelease-lifecycle-gen:introduced=1.10 + +// APIService represents a server for a particular GroupVersion. +// Name must be "version.group". +type APIService struct { + metav1.TypeMeta `json:",inline"` + // Standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` + + // Spec contains information for locating and communicating with a server + Spec APIServiceSpec `json:"spec,omitempty" protobuf:"bytes,2,opt,name=spec"` + // Status contains derived information about an API server + Status APIServiceStatus `json:"status,omitempty" protobuf:"bytes,3,opt,name=status"` +} diff --git a/vendor/k8s.io/kube-aggregator/pkg/apis/apiregistration/v1/zz_generated.conversion.go b/vendor/k8s.io/kube-aggregator/pkg/apis/apiregistration/v1/zz_generated.conversion.go new file mode 100644 index 0000000000..208e23efd8 --- /dev/null +++ b/vendor/k8s.io/kube-aggregator/pkg/apis/apiregistration/v1/zz_generated.conversion.go @@ -0,0 +1,299 @@ +//go:build !ignore_autogenerated +// +build !ignore_autogenerated + +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by conversion-gen. DO NOT EDIT. + +package v1 + +import ( + unsafe "unsafe" + + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + conversion "k8s.io/apimachinery/pkg/conversion" + runtime "k8s.io/apimachinery/pkg/runtime" + apiregistration "k8s.io/kube-aggregator/pkg/apis/apiregistration" +) + +func init() { + localSchemeBuilder.Register(RegisterConversions) +} + +// RegisterConversions adds conversion functions to the given scheme. +// Public to allow building arbitrary schemes. +func RegisterConversions(s *runtime.Scheme) error { + if err := s.AddGeneratedConversionFunc((*APIService)(nil), (*apiregistration.APIService)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1_APIService_To_apiregistration_APIService(a.(*APIService), b.(*apiregistration.APIService), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*apiregistration.APIService)(nil), (*APIService)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_apiregistration_APIService_To_v1_APIService(a.(*apiregistration.APIService), b.(*APIService), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*APIServiceCondition)(nil), (*apiregistration.APIServiceCondition)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1_APIServiceCondition_To_apiregistration_APIServiceCondition(a.(*APIServiceCondition), b.(*apiregistration.APIServiceCondition), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*apiregistration.APIServiceCondition)(nil), (*APIServiceCondition)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_apiregistration_APIServiceCondition_To_v1_APIServiceCondition(a.(*apiregistration.APIServiceCondition), b.(*APIServiceCondition), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*APIServiceList)(nil), (*apiregistration.APIServiceList)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1_APIServiceList_To_apiregistration_APIServiceList(a.(*APIServiceList), b.(*apiregistration.APIServiceList), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*apiregistration.APIServiceList)(nil), (*APIServiceList)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_apiregistration_APIServiceList_To_v1_APIServiceList(a.(*apiregistration.APIServiceList), b.(*APIServiceList), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*APIServiceSpec)(nil), (*apiregistration.APIServiceSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1_APIServiceSpec_To_apiregistration_APIServiceSpec(a.(*APIServiceSpec), b.(*apiregistration.APIServiceSpec), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*apiregistration.APIServiceSpec)(nil), (*APIServiceSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_apiregistration_APIServiceSpec_To_v1_APIServiceSpec(a.(*apiregistration.APIServiceSpec), b.(*APIServiceSpec), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*APIServiceStatus)(nil), (*apiregistration.APIServiceStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1_APIServiceStatus_To_apiregistration_APIServiceStatus(a.(*APIServiceStatus), b.(*apiregistration.APIServiceStatus), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*apiregistration.APIServiceStatus)(nil), (*APIServiceStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_apiregistration_APIServiceStatus_To_v1_APIServiceStatus(a.(*apiregistration.APIServiceStatus), b.(*APIServiceStatus), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*ServiceReference)(nil), (*apiregistration.ServiceReference)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1_ServiceReference_To_apiregistration_ServiceReference(a.(*ServiceReference), b.(*apiregistration.ServiceReference), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*apiregistration.ServiceReference)(nil), (*ServiceReference)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_apiregistration_ServiceReference_To_v1_ServiceReference(a.(*apiregistration.ServiceReference), b.(*ServiceReference), scope) + }); err != nil { + return err + } + return nil +} + +func autoConvert_v1_APIService_To_apiregistration_APIService(in *APIService, out *apiregistration.APIService, s conversion.Scope) error { + out.ObjectMeta = in.ObjectMeta + if err := Convert_v1_APIServiceSpec_To_apiregistration_APIServiceSpec(&in.Spec, &out.Spec, s); err != nil { + return err + } + if err := Convert_v1_APIServiceStatus_To_apiregistration_APIServiceStatus(&in.Status, &out.Status, s); err != nil { + return err + } + return nil +} + +// Convert_v1_APIService_To_apiregistration_APIService is an autogenerated conversion function. +func Convert_v1_APIService_To_apiregistration_APIService(in *APIService, out *apiregistration.APIService, s conversion.Scope) error { + return autoConvert_v1_APIService_To_apiregistration_APIService(in, out, s) +} + +func autoConvert_apiregistration_APIService_To_v1_APIService(in *apiregistration.APIService, out *APIService, s conversion.Scope) error { + out.ObjectMeta = in.ObjectMeta + if err := Convert_apiregistration_APIServiceSpec_To_v1_APIServiceSpec(&in.Spec, &out.Spec, s); err != nil { + return err + } + if err := Convert_apiregistration_APIServiceStatus_To_v1_APIServiceStatus(&in.Status, &out.Status, s); err != nil { + return err + } + return nil +} + +// Convert_apiregistration_APIService_To_v1_APIService is an autogenerated conversion function. +func Convert_apiregistration_APIService_To_v1_APIService(in *apiregistration.APIService, out *APIService, s conversion.Scope) error { + return autoConvert_apiregistration_APIService_To_v1_APIService(in, out, s) +} + +func autoConvert_v1_APIServiceCondition_To_apiregistration_APIServiceCondition(in *APIServiceCondition, out *apiregistration.APIServiceCondition, s conversion.Scope) error { + out.Type = apiregistration.APIServiceConditionType(in.Type) + out.Status = apiregistration.ConditionStatus(in.Status) + out.LastTransitionTime = in.LastTransitionTime + out.Reason = in.Reason + out.Message = in.Message + return nil +} + +// Convert_v1_APIServiceCondition_To_apiregistration_APIServiceCondition is an autogenerated conversion function. +func Convert_v1_APIServiceCondition_To_apiregistration_APIServiceCondition(in *APIServiceCondition, out *apiregistration.APIServiceCondition, s conversion.Scope) error { + return autoConvert_v1_APIServiceCondition_To_apiregistration_APIServiceCondition(in, out, s) +} + +func autoConvert_apiregistration_APIServiceCondition_To_v1_APIServiceCondition(in *apiregistration.APIServiceCondition, out *APIServiceCondition, s conversion.Scope) error { + out.Type = APIServiceConditionType(in.Type) + out.Status = ConditionStatus(in.Status) + out.LastTransitionTime = in.LastTransitionTime + out.Reason = in.Reason + out.Message = in.Message + return nil +} + +// Convert_apiregistration_APIServiceCondition_To_v1_APIServiceCondition is an autogenerated conversion function. +func Convert_apiregistration_APIServiceCondition_To_v1_APIServiceCondition(in *apiregistration.APIServiceCondition, out *APIServiceCondition, s conversion.Scope) error { + return autoConvert_apiregistration_APIServiceCondition_To_v1_APIServiceCondition(in, out, s) +} + +func autoConvert_v1_APIServiceList_To_apiregistration_APIServiceList(in *APIServiceList, out *apiregistration.APIServiceList, s conversion.Scope) error { + out.ListMeta = in.ListMeta + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]apiregistration.APIService, len(*in)) + for i := range *in { + if err := Convert_v1_APIService_To_apiregistration_APIService(&(*in)[i], &(*out)[i], s); err != nil { + return err + } + } + } else { + out.Items = nil + } + return nil +} + +// Convert_v1_APIServiceList_To_apiregistration_APIServiceList is an autogenerated conversion function. +func Convert_v1_APIServiceList_To_apiregistration_APIServiceList(in *APIServiceList, out *apiregistration.APIServiceList, s conversion.Scope) error { + return autoConvert_v1_APIServiceList_To_apiregistration_APIServiceList(in, out, s) +} + +func autoConvert_apiregistration_APIServiceList_To_v1_APIServiceList(in *apiregistration.APIServiceList, out *APIServiceList, s conversion.Scope) error { + out.ListMeta = in.ListMeta + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]APIService, len(*in)) + for i := range *in { + if err := Convert_apiregistration_APIService_To_v1_APIService(&(*in)[i], &(*out)[i], s); err != nil { + return err + } + } + } else { + out.Items = nil + } + return nil +} + +// Convert_apiregistration_APIServiceList_To_v1_APIServiceList is an autogenerated conversion function. +func Convert_apiregistration_APIServiceList_To_v1_APIServiceList(in *apiregistration.APIServiceList, out *APIServiceList, s conversion.Scope) error { + return autoConvert_apiregistration_APIServiceList_To_v1_APIServiceList(in, out, s) +} + +func autoConvert_v1_APIServiceSpec_To_apiregistration_APIServiceSpec(in *APIServiceSpec, out *apiregistration.APIServiceSpec, s conversion.Scope) error { + if in.Service != nil { + in, out := &in.Service, &out.Service + *out = new(apiregistration.ServiceReference) + if err := Convert_v1_ServiceReference_To_apiregistration_ServiceReference(*in, *out, s); err != nil { + return err + } + } else { + out.Service = nil + } + out.Group = in.Group + out.Version = in.Version + out.InsecureSkipTLSVerify = in.InsecureSkipTLSVerify + out.CABundle = *(*[]byte)(unsafe.Pointer(&in.CABundle)) + out.GroupPriorityMinimum = in.GroupPriorityMinimum + out.VersionPriority = in.VersionPriority + return nil +} + +// Convert_v1_APIServiceSpec_To_apiregistration_APIServiceSpec is an autogenerated conversion function. +func Convert_v1_APIServiceSpec_To_apiregistration_APIServiceSpec(in *APIServiceSpec, out *apiregistration.APIServiceSpec, s conversion.Scope) error { + return autoConvert_v1_APIServiceSpec_To_apiregistration_APIServiceSpec(in, out, s) +} + +func autoConvert_apiregistration_APIServiceSpec_To_v1_APIServiceSpec(in *apiregistration.APIServiceSpec, out *APIServiceSpec, s conversion.Scope) error { + if in.Service != nil { + in, out := &in.Service, &out.Service + *out = new(ServiceReference) + if err := Convert_apiregistration_ServiceReference_To_v1_ServiceReference(*in, *out, s); err != nil { + return err + } + } else { + out.Service = nil + } + out.Group = in.Group + out.Version = in.Version + out.InsecureSkipTLSVerify = in.InsecureSkipTLSVerify + out.CABundle = *(*[]byte)(unsafe.Pointer(&in.CABundle)) + out.GroupPriorityMinimum = in.GroupPriorityMinimum + out.VersionPriority = in.VersionPriority + return nil +} + +// Convert_apiregistration_APIServiceSpec_To_v1_APIServiceSpec is an autogenerated conversion function. +func Convert_apiregistration_APIServiceSpec_To_v1_APIServiceSpec(in *apiregistration.APIServiceSpec, out *APIServiceSpec, s conversion.Scope) error { + return autoConvert_apiregistration_APIServiceSpec_To_v1_APIServiceSpec(in, out, s) +} + +func autoConvert_v1_APIServiceStatus_To_apiregistration_APIServiceStatus(in *APIServiceStatus, out *apiregistration.APIServiceStatus, s conversion.Scope) error { + out.Conditions = *(*[]apiregistration.APIServiceCondition)(unsafe.Pointer(&in.Conditions)) + return nil +} + +// Convert_v1_APIServiceStatus_To_apiregistration_APIServiceStatus is an autogenerated conversion function. +func Convert_v1_APIServiceStatus_To_apiregistration_APIServiceStatus(in *APIServiceStatus, out *apiregistration.APIServiceStatus, s conversion.Scope) error { + return autoConvert_v1_APIServiceStatus_To_apiregistration_APIServiceStatus(in, out, s) +} + +func autoConvert_apiregistration_APIServiceStatus_To_v1_APIServiceStatus(in *apiregistration.APIServiceStatus, out *APIServiceStatus, s conversion.Scope) error { + out.Conditions = *(*[]APIServiceCondition)(unsafe.Pointer(&in.Conditions)) + return nil +} + +// Convert_apiregistration_APIServiceStatus_To_v1_APIServiceStatus is an autogenerated conversion function. +func Convert_apiregistration_APIServiceStatus_To_v1_APIServiceStatus(in *apiregistration.APIServiceStatus, out *APIServiceStatus, s conversion.Scope) error { + return autoConvert_apiregistration_APIServiceStatus_To_v1_APIServiceStatus(in, out, s) +} + +func autoConvert_v1_ServiceReference_To_apiregistration_ServiceReference(in *ServiceReference, out *apiregistration.ServiceReference, s conversion.Scope) error { + out.Namespace = in.Namespace + out.Name = in.Name + if err := metav1.Convert_Pointer_int32_To_int32(&in.Port, &out.Port, s); err != nil { + return err + } + return nil +} + +// Convert_v1_ServiceReference_To_apiregistration_ServiceReference is an autogenerated conversion function. +func Convert_v1_ServiceReference_To_apiregistration_ServiceReference(in *ServiceReference, out *apiregistration.ServiceReference, s conversion.Scope) error { + return autoConvert_v1_ServiceReference_To_apiregistration_ServiceReference(in, out, s) +} + +func autoConvert_apiregistration_ServiceReference_To_v1_ServiceReference(in *apiregistration.ServiceReference, out *ServiceReference, s conversion.Scope) error { + out.Namespace = in.Namespace + out.Name = in.Name + if err := metav1.Convert_int32_To_Pointer_int32(&in.Port, &out.Port, s); err != nil { + return err + } + return nil +} + +// Convert_apiregistration_ServiceReference_To_v1_ServiceReference is an autogenerated conversion function. +func Convert_apiregistration_ServiceReference_To_v1_ServiceReference(in *apiregistration.ServiceReference, out *ServiceReference, s conversion.Scope) error { + return autoConvert_apiregistration_ServiceReference_To_v1_ServiceReference(in, out, s) +} diff --git a/vendor/k8s.io/kube-aggregator/pkg/apis/apiregistration/v1/zz_generated.deepcopy.go b/vendor/k8s.io/kube-aggregator/pkg/apis/apiregistration/v1/zz_generated.deepcopy.go new file mode 100644 index 0000000000..6388772450 --- /dev/null +++ b/vendor/k8s.io/kube-aggregator/pkg/apis/apiregistration/v1/zz_generated.deepcopy.go @@ -0,0 +1,174 @@ +//go:build !ignore_autogenerated +// +build !ignore_autogenerated + +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by deepcopy-gen. DO NOT EDIT. + +package v1 + +import ( + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *APIService) DeepCopyInto(out *APIService) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new APIService. +func (in *APIService) DeepCopy() *APIService { + if in == nil { + return nil + } + out := new(APIService) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *APIService) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *APIServiceCondition) DeepCopyInto(out *APIServiceCondition) { + *out = *in + in.LastTransitionTime.DeepCopyInto(&out.LastTransitionTime) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new APIServiceCondition. +func (in *APIServiceCondition) DeepCopy() *APIServiceCondition { + if in == nil { + return nil + } + out := new(APIServiceCondition) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *APIServiceList) DeepCopyInto(out *APIServiceList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]APIService, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new APIServiceList. +func (in *APIServiceList) DeepCopy() *APIServiceList { + if in == nil { + return nil + } + out := new(APIServiceList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *APIServiceList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *APIServiceSpec) DeepCopyInto(out *APIServiceSpec) { + *out = *in + if in.Service != nil { + in, out := &in.Service, &out.Service + *out = new(ServiceReference) + (*in).DeepCopyInto(*out) + } + if in.CABundle != nil { + in, out := &in.CABundle, &out.CABundle + *out = make([]byte, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new APIServiceSpec. +func (in *APIServiceSpec) DeepCopy() *APIServiceSpec { + if in == nil { + return nil + } + out := new(APIServiceSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *APIServiceStatus) DeepCopyInto(out *APIServiceStatus) { + *out = *in + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]APIServiceCondition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new APIServiceStatus. +func (in *APIServiceStatus) DeepCopy() *APIServiceStatus { + if in == nil { + return nil + } + out := new(APIServiceStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ServiceReference) DeepCopyInto(out *ServiceReference) { + *out = *in + if in.Port != nil { + in, out := &in.Port, &out.Port + *out = new(int32) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceReference. +func (in *ServiceReference) DeepCopy() *ServiceReference { + if in == nil { + return nil + } + out := new(ServiceReference) + in.DeepCopyInto(out) + return out +} diff --git a/vendor/k8s.io/kube-aggregator/pkg/apis/apiregistration/v1/zz_generated.defaults.go b/vendor/k8s.io/kube-aggregator/pkg/apis/apiregistration/v1/zz_generated.defaults.go new file mode 100644 index 0000000000..175637ca5a --- /dev/null +++ b/vendor/k8s.io/kube-aggregator/pkg/apis/apiregistration/v1/zz_generated.defaults.go @@ -0,0 +1,48 @@ +//go:build !ignore_autogenerated +// +build !ignore_autogenerated + +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by defaulter-gen. DO NOT EDIT. + +package v1 + +import ( + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// RegisterDefaults adds defaulters functions to the given scheme. +// Public to allow building arbitrary schemes. +// All generated defaulters are covering - they call all nested defaulters. +func RegisterDefaults(scheme *runtime.Scheme) error { + scheme.AddTypeDefaultingFunc(&APIService{}, func(obj interface{}) { SetObjectDefaults_APIService(obj.(*APIService)) }) + scheme.AddTypeDefaultingFunc(&APIServiceList{}, func(obj interface{}) { SetObjectDefaults_APIServiceList(obj.(*APIServiceList)) }) + return nil +} + +func SetObjectDefaults_APIService(in *APIService) { + if in.Spec.Service != nil { + SetDefaults_ServiceReference(in.Spec.Service) + } +} + +func SetObjectDefaults_APIServiceList(in *APIServiceList) { + for i := range in.Items { + a := &in.Items[i] + SetObjectDefaults_APIService(a) + } +} diff --git a/vendor/k8s.io/kube-aggregator/pkg/apis/apiregistration/v1/zz_generated.prerelease-lifecycle.go b/vendor/k8s.io/kube-aggregator/pkg/apis/apiregistration/v1/zz_generated.prerelease-lifecycle.go new file mode 100644 index 0000000000..14d3e1f48d --- /dev/null +++ b/vendor/k8s.io/kube-aggregator/pkg/apis/apiregistration/v1/zz_generated.prerelease-lifecycle.go @@ -0,0 +1,34 @@ +//go:build !ignore_autogenerated +// +build !ignore_autogenerated + +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by prerelease-lifecycle-gen. DO NOT EDIT. + +package v1 + +// APILifecycleIntroduced is an autogenerated function, returning the release in which the API struct was introduced as int versions of major and minor for comparison. +// It is controlled by "k8s:prerelease-lifecycle-gen:introduced" tags in types.go. +func (in *APIService) APILifecycleIntroduced() (major, minor int) { + return 1, 10 +} + +// APILifecycleIntroduced is an autogenerated function, returning the release in which the API struct was introduced as int versions of major and minor for comparison. +// It is controlled by "k8s:prerelease-lifecycle-gen:introduced" tags in types.go. +func (in *APIServiceList) APILifecycleIntroduced() (major, minor int) { + return 1, 10 +} diff --git a/vendor/k8s.io/kube-aggregator/pkg/apis/apiregistration/zz_generated.deepcopy.go b/vendor/k8s.io/kube-aggregator/pkg/apis/apiregistration/zz_generated.deepcopy.go new file mode 100644 index 0000000000..45d0347c02 --- /dev/null +++ b/vendor/k8s.io/kube-aggregator/pkg/apis/apiregistration/zz_generated.deepcopy.go @@ -0,0 +1,221 @@ +//go:build !ignore_autogenerated +// +build !ignore_autogenerated + +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by deepcopy-gen. DO NOT EDIT. + +package apiregistration + +import ( + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *APIService) DeepCopyInto(out *APIService) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new APIService. +func (in *APIService) DeepCopy() *APIService { + if in == nil { + return nil + } + out := new(APIService) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *APIService) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *APIServiceCondition) DeepCopyInto(out *APIServiceCondition) { + *out = *in + in.LastTransitionTime.DeepCopyInto(&out.LastTransitionTime) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new APIServiceCondition. +func (in *APIServiceCondition) DeepCopy() *APIServiceCondition { + if in == nil { + return nil + } + out := new(APIServiceCondition) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *APIServiceList) DeepCopyInto(out *APIServiceList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]APIService, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new APIServiceList. +func (in *APIServiceList) DeepCopy() *APIServiceList { + if in == nil { + return nil + } + out := new(APIServiceList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *APIServiceList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *APIServiceSpec) DeepCopyInto(out *APIServiceSpec) { + *out = *in + if in.Service != nil { + in, out := &in.Service, &out.Service + *out = new(ServiceReference) + **out = **in + } + if in.CABundle != nil { + in, out := &in.CABundle, &out.CABundle + *out = make([]byte, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new APIServiceSpec. +func (in *APIServiceSpec) DeepCopy() *APIServiceSpec { + if in == nil { + return nil + } + out := new(APIServiceSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *APIServiceStatus) DeepCopyInto(out *APIServiceStatus) { + *out = *in + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]APIServiceCondition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new APIServiceStatus. +func (in *APIServiceStatus) DeepCopy() *APIServiceStatus { + if in == nil { + return nil + } + out := new(APIServiceStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in ByGroupPriorityMinimum) DeepCopyInto(out *ByGroupPriorityMinimum) { + { + in := &in + *out = make(ByGroupPriorityMinimum, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(APIService) + (*in).DeepCopyInto(*out) + } + } + return + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ByGroupPriorityMinimum. +func (in ByGroupPriorityMinimum) DeepCopy() ByGroupPriorityMinimum { + if in == nil { + return nil + } + out := new(ByGroupPriorityMinimum) + in.DeepCopyInto(out) + return *out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in ByVersionPriority) DeepCopyInto(out *ByVersionPriority) { + { + in := &in + *out = make(ByVersionPriority, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(APIService) + (*in).DeepCopyInto(*out) + } + } + return + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ByVersionPriority. +func (in ByVersionPriority) DeepCopy() ByVersionPriority { + if in == nil { + return nil + } + out := new(ByVersionPriority) + in.DeepCopyInto(out) + return *out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ServiceReference) DeepCopyInto(out *ServiceReference) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceReference. +func (in *ServiceReference) DeepCopy() *ServiceReference { + if in == nil { + return nil + } + out := new(ServiceReference) + in.DeepCopyInto(out) + return out +} diff --git a/vendor/modules.txt b/vendor/modules.txt index 15729e20d8..5cd5c2b6ee 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -578,7 +578,7 @@ github.com/opencontainers/runtime-spec/specs-go ## explicit; go 1.19 github.com/opencontainers/selinux/go-selinux github.com/opencontainers/selinux/pkg/pwalkdir -# github.com/openshift/api v0.0.0-20250130025500-d9e1a2e1fe6b +# github.com/openshift/api v0.0.0-20250320170726-75d64d71980b ## explicit; go 1.23.0 github.com/openshift/api github.com/openshift/api/annotations @@ -778,7 +778,7 @@ github.com/openshift/client-go/user/clientset/versioned/fake github.com/openshift/client-go/user/clientset/versioned/scheme github.com/openshift/client-go/user/clientset/versioned/typed/user/v1 github.com/openshift/client-go/user/clientset/versioned/typed/user/v1/fake -# github.com/openshift/library-go v0.0.0-20250218150059-017e5b6cf27c +# github.com/openshift/library-go v0.0.0-20250218150059-017e5b6cf27c => github.com/tchap/library-go v0.0.0-20260108123746-89915030bc58 ## explicit; go 1.23.0 github.com/openshift/library-go/pkg/apiserver/jsonpatch github.com/openshift/library-go/pkg/apps/appsserialization @@ -1653,6 +1653,10 @@ k8s.io/klog/v2/internal/severity k8s.io/klog/v2/internal/sloghandler k8s.io/klog/v2/internal/verbosity k8s.io/klog/v2/textlogger +# k8s.io/kube-aggregator v0.32.1 +## explicit; go 1.23.0 +k8s.io/kube-aggregator/pkg/apis/apiregistration +k8s.io/kube-aggregator/pkg/apis/apiregistration/v1 # k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f ## explicit; go 1.20 k8s.io/kube-openapi/pkg/cached @@ -1878,3 +1882,4 @@ sigs.k8s.io/yaml sigs.k8s.io/yaml/goyaml.v2 sigs.k8s.io/yaml/goyaml.v3 # github.com/apcera/gssapi => github.com/openshift/gssapi v0.0.0-20161010215902-5fb4217df13b +# github.com/openshift/library-go => github.com/tchap/library-go v0.0.0-20260108123746-89915030bc58