From 183a23032e91964b635376e0d9ac35f9b58c8af2 Mon Sep 17 00:00:00 2001 From: Anatolii Bazko Date: Thu, 24 Oct 2024 16:37:47 +0200 Subject: [PATCH 01/10] feat: Allow configuring user namespaces with OpenShift template Signed-off-by: Anatolii Bazko --- DEPENDENCIES.md | 2 +- config/rbac/cluster_role.yaml | 26 + .../usernamespace/workspace_cm_syncer.go | 69 +- .../usernamespace/workspace_cm_syncer_test.go | 22 +- .../usernamespace/workspace_pvc_syncer.go | 39 +- .../workspace_pvc_syncer_test.go | 11 +- .../usernamespace/workspace_secret_syncer.go | 71 +- .../workspace_secret_syncer_test.go | 22 +- .../workspace_unstructured_syncer.go | 108 + .../workspace_unstructured_syncer_test.go | 229 + .../workspaces_config_controller.go | 770 +-- .../workspaces_config_controller_test.go | 143 + deploy/deployment/kubernetes/combined.yaml | 26 + .../objects/che-operator.ClusterRole.yaml | 26 + deploy/deployment/openshift/combined.yaml | 26 + .../objects/che-operator.ClusterRole.yaml | 26 + go.mod | 4 +- go.sum | 24 +- .../templates/che-operator.ClusterRole.yaml | 26 + main.go | 24 +- pkg/common/test/utils.go | 5 +- pkg/common/utils/utils.go | 12 + pkg/common/utils/utils_test.go | 22 + vendor/github.com/openshift/api/LICENSE | 14 +- ...rsion-operator_01_clusteroperator.crd.yaml | 137 + ...ersion-operator_01_clusterversion.crd.yaml | 435 ++ .../0000_03_config-operator_01_proxy.crd.yaml | 78 + ...rketplace-operator_01_operatorhub.crd.yaml | 84 + ...0_10_config-operator_01_apiserver.crd.yaml | 177 + ...config-operator_01_authentication.crd.yaml | 101 + .../0000_10_config-operator_01_build.crd.yaml | 275 ++ ...000_10_config-operator_01_console.crd.yaml | 57 + .../0000_10_config-operator_01_dns.crd.yaml | 72 + ...10_config-operator_01_featuregate.crd.yaml | 63 + .../0000_10_config-operator_01_image.crd.yaml | 108 + ...ig-operator_01_imagecontentpolicy.crd.yaml | 68 + ...-operator_01_imagedigestmirrorset.crd.yaml | 74 + ...fig-operator_01_imagetagmirrorset.crd.yaml | 74 + ...perator_01_infrastructure-Default.crd.yaml | 637 +++ ...frastructure-TechPreviewNoUpgrade.crd.yaml | 789 ++++ ...ucture-TechPreviewNoUpgrade.crd.yaml-patch | 24 + ...000_10_config-operator_01_ingress.crd.yaml | 334 ++ ...000_10_config-operator_01_network.crd.yaml | 163 + .../0000_10_config-operator_01_node.crd.yaml | 59 + .../0000_10_config-operator_01_oauth.crd.yaml | 444 ++ ...000_10_config-operator_01_project.crd.yaml | 55 + ...0_10_config-operator_01_scheduler.crd.yaml | 68 + .../openshift/api/config/v1/Makefile | 3 + .../openshift/api/config/v1/register.go | 8 + .../config/v1/stable.apiserver.testsuite.yaml | 16 + .../v1/stable.authentication.testsuite.yaml | 14 + .../api/config/v1/stable.build.testsuite.yaml | 14 + .../v1/stable.clusteroperator.testsuite.yaml | 14 + .../v1/stable.clusterversion.testsuite.yaml | 138 + .../config/v1/stable.console.testsuite.yaml | 14 + .../api/config/v1/stable.dns.testsuite.yaml | 14 + .../v1/stable.featuregate.testsuite.yaml | 14 + .../api/config/v1/stable.image.testsuite.yaml | 14 + .../stable.imagecontentpolicy.testsuite.yaml | 14 + ...stable.imagedigestmirrorset.testsuite.yaml | 14 + .../stable.imagetagmirrorset.testsuite.yaml | 14 + .../v1/stable.infrastructure.testsuite.yaml | 58 + .../config/v1/stable.ingress.testsuite.yaml | 14 + .../config/v1/stable.network.testsuite.yaml | 14 + .../api/config/v1/stable.node.testsuite.yaml | 14 + .../api/config/v1/stable.oauth.testsuite.yaml | 14 + .../v1/stable.operatorhub.testsuite.yaml | 14 + .../config/v1/stable.project.testsuite.yaml | 14 + .../api/config/v1/stable.proxy.testsuite.yaml | 14 + .../config/v1/stable.scheduler.testsuite.yaml | 14 + .../techpreview.infrastructure.testsuite.yaml | 14 + .../openshift/api/config/v1/types.go | 90 + .../api/config/v1/types_apiserver.go | 136 + .../api/config/v1/types_authentication.go | 53 +- .../openshift/api/config/v1/types_build.go | 17 +- .../api/config/v1/types_cluster_operator.go | 110 +- .../api/config/v1/types_cluster_version.go | 451 +- .../openshift/api/config/v1/types_console.go | 18 +- .../openshift/api/config/v1/types_dns.go | 12 +- .../openshift/api/config/v1/types_feature.go | 136 +- .../openshift/api/config/v1/types_image.go | 26 +- .../config/v1/types_image_content_policy.go | 89 + .../v1/types_image_digest_mirror_set.go | 131 + .../config/v1/types_image_tag_mirror_set.go | 118 + .../api/config/v1/types_infrastructure.go | 968 +++- .../openshift/api/config/v1/types_ingress.go | 293 +- .../openshift/api/config/v1/types_network.go | 67 +- .../openshift/api/config/v1/types_node.go | 108 + .../openshift/api/config/v1/types_oauth.go | 52 +- .../api/config/v1/types_operatorhub.go | 9 +- .../openshift/api/config/v1/types_project.go | 12 +- .../openshift/api/config/v1/types_proxy.go | 30 +- .../api/config/v1/types_scheduling.go | 42 +- .../api/config/v1/types_tlssecurityprofile.go | 262 ++ .../api/config/v1/zz_generated.deepcopy.go | 2463 ++++++++-- .../v1/zz_generated.swagger_doc_generated.go | 1102 ++++- .../v1/0000_10_consoleclidownload.crd.yaml | 77 + .../0000_10_consoleexternalloglink.crd.yaml | 68 + .../console/v1/0000_10_consolelink.crd.yaml | 125 + .../v1/0000_10_consolenotification.crd.yaml | 84 + .../console/v1/0000_10_consoleplugin.crd.yaml | 294 ++ .../v1/0000_10_consolequickstart.crd.yaml | 165 + .../v1/0000_10_consoleyamlsample.crd.yaml | 74 + .../openshift/api/console/v1/Makefile | 3 + .../openshift/api/console/v1/register.go | 6 + .../stable.consoleclidownload.testsuite.yaml | 20 + ...able.consoleexternalloglink.testsuite.yaml | 18 + .../v1/stable.consolelink.testsuite.yaml | 20 + .../stable.consolenotification.testsuite.yaml | 16 + .../v1/stable.consoleplugin.testsuite.yaml | 88 + .../stable.consolequickstart.testsuite.yaml | 28 + .../stable.consoleyamlsample.testsuite.yaml | 26 + .../openshift/api/console/v1/types.go | 1 + .../console/v1/types_console_cli_download.go | 26 +- .../v1/types_console_external_log_links.go | 19 +- .../api/console/v1/types_console_link.go | 42 +- .../console/v1/types_console_notification.go | 17 +- .../api/console/v1/types_console_plugin.go | 238 + .../console/v1/types_console_quick_start.go | 137 + .../console/v1/types_console_yaml_sample.go | 61 + .../api/console/v1/zz_generated.deepcopy.go | 482 +- .../v1/zz_generated.swagger_doc_generated.go | 240 +- .../openshift/api/oauth/v1/generated.pb.go | 1013 +++- .../openshift/api/oauth/v1/generated.proto | 101 +- .../openshift/api/oauth/v1/register.go | 2 + .../openshift/api/oauth/v1/types.go | 88 +- .../api/oauth/v1/zz_generated.deepcopy.go | 65 + .../v1/zz_generated.swagger_doc_generated.go | 47 +- .../api/pkg/serialization/serialization.go | 45 + .../openshift/api/project/v1/generated.pb.go | 159 +- .../openshift/api/project/v1/generated.proto | 19 +- .../openshift/api/project/v1/types.go | 21 +- .../api/project/v1/zz_generated.deepcopy.go | 1 + .../v1/zz_generated.swagger_doc_generated.go | 15 +- .../openshift/api/route/v1/Makefile | 3 + .../openshift/api/route/v1/generated.pb.go | 258 +- .../openshift/api/route/v1/generated.proto | 58 +- .../openshift/api/route/v1/route.crd.yaml | 298 ++ .../api/route/v1/route.crd.yaml-patch | 86 + .../api/route/v1/stable.route.testsuite.yaml | 22 + .../api/route/v1/test-route-validation.sh | 476 ++ .../openshift/api/route/v1/types.go | 93 +- .../api/route/v1/zz_generated.deepcopy.go | 1 + .../v1/zz_generated.swagger_doc_generated.go | 20 +- ...0000_03_security-openshift_01_scc.crd.yaml | 279 ++ .../openshift/api/security/v1/Makefile | 3 + .../openshift/api/security/v1/generated.pb.go | 375 +- .../openshift/api/security/v1/generated.proto | 41 +- ....securitycontextconstraints.testsuite.yaml | 36 + .../openshift/api/security/v1/types.go | 44 +- .../api/security/v1/zz_generated.deepcopy.go | 1 + .../v1/zz_generated.swagger_doc_generated.go | 26 +- .../openshift/api/template/v1/codec.go | 33 + .../openshift/api/template/v1/consts.go | 16 + .../openshift/api/template/v1/doc.go | 8 + .../openshift/api/template/v1/generated.pb.go | 4115 +++++++++++++++++ .../openshift/api/template/v1/generated.proto | 250 + .../openshift/api/template/v1/legacy.go | 24 + .../openshift/api/template/v1/register.go | 43 + .../openshift/api/template/v1/types.go | 276 ++ .../api/template/v1/zz_generated.deepcopy.go | 394 ++ .../v1/zz_generated.swagger_doc_generated.go | 153 + .../openshift/api/user/v1/generated.pb.go | 196 +- .../openshift/api/user/v1/generated.proto | 33 +- .../github.com/openshift/api/user/v1/types.go | 42 +- .../api/user/v1/zz_generated.deepcopy.go | 1 + .../v1/zz_generated.swagger_doc_generated.go | 29 +- vendor/modules.txt | 8 +- 168 files changed, 23107 insertions(+), 1992 deletions(-) create mode 100644 controllers/usernamespace/workspace_unstructured_syncer.go create mode 100644 controllers/usernamespace/workspace_unstructured_syncer_test.go create mode 100644 controllers/usernamespace/workspaces_config_controller_test.go create mode 100644 vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusteroperator.crd.yaml create mode 100644 vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusterversion.crd.yaml create mode 100644 vendor/github.com/openshift/api/config/v1/0000_03_config-operator_01_proxy.crd.yaml create mode 100644 vendor/github.com/openshift/api/config/v1/0000_03_marketplace-operator_01_operatorhub.crd.yaml create mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_apiserver.crd.yaml create mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd.yaml create mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_build.crd.yaml create mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_console.crd.yaml create mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_dns.crd.yaml create mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_featuregate.crd.yaml create mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_image.crd.yaml create mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_imagecontentpolicy.crd.yaml create mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_imagedigestmirrorset.crd.yaml create mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_imagetagmirrorset.crd.yaml create mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-Default.crd.yaml create mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-TechPreviewNoUpgrade.crd.yaml create mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-TechPreviewNoUpgrade.crd.yaml-patch create mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_ingress.crd.yaml create mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_network.crd.yaml create mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_node.crd.yaml create mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_oauth.crd.yaml create mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_project.crd.yaml create mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_scheduler.crd.yaml create mode 100644 vendor/github.com/openshift/api/config/v1/Makefile create mode 100644 vendor/github.com/openshift/api/config/v1/stable.apiserver.testsuite.yaml create mode 100644 vendor/github.com/openshift/api/config/v1/stable.authentication.testsuite.yaml create mode 100644 vendor/github.com/openshift/api/config/v1/stable.build.testsuite.yaml create mode 100644 vendor/github.com/openshift/api/config/v1/stable.clusteroperator.testsuite.yaml create mode 100644 vendor/github.com/openshift/api/config/v1/stable.clusterversion.testsuite.yaml create mode 100644 vendor/github.com/openshift/api/config/v1/stable.console.testsuite.yaml create mode 100644 vendor/github.com/openshift/api/config/v1/stable.dns.testsuite.yaml create mode 100644 vendor/github.com/openshift/api/config/v1/stable.featuregate.testsuite.yaml create mode 100644 vendor/github.com/openshift/api/config/v1/stable.image.testsuite.yaml create mode 100644 vendor/github.com/openshift/api/config/v1/stable.imagecontentpolicy.testsuite.yaml create mode 100644 vendor/github.com/openshift/api/config/v1/stable.imagedigestmirrorset.testsuite.yaml create mode 100644 vendor/github.com/openshift/api/config/v1/stable.imagetagmirrorset.testsuite.yaml create mode 100644 vendor/github.com/openshift/api/config/v1/stable.infrastructure.testsuite.yaml create mode 100644 vendor/github.com/openshift/api/config/v1/stable.ingress.testsuite.yaml create mode 100644 vendor/github.com/openshift/api/config/v1/stable.network.testsuite.yaml create mode 100644 vendor/github.com/openshift/api/config/v1/stable.node.testsuite.yaml create mode 100644 vendor/github.com/openshift/api/config/v1/stable.oauth.testsuite.yaml create mode 100644 vendor/github.com/openshift/api/config/v1/stable.operatorhub.testsuite.yaml create mode 100644 vendor/github.com/openshift/api/config/v1/stable.project.testsuite.yaml create mode 100644 vendor/github.com/openshift/api/config/v1/stable.proxy.testsuite.yaml create mode 100644 vendor/github.com/openshift/api/config/v1/stable.scheduler.testsuite.yaml create mode 100644 vendor/github.com/openshift/api/config/v1/techpreview.infrastructure.testsuite.yaml create mode 100644 vendor/github.com/openshift/api/config/v1/types_image_content_policy.go create mode 100644 vendor/github.com/openshift/api/config/v1/types_image_digest_mirror_set.go create mode 100644 vendor/github.com/openshift/api/config/v1/types_image_tag_mirror_set.go create mode 100644 vendor/github.com/openshift/api/config/v1/types_node.go create mode 100644 vendor/github.com/openshift/api/config/v1/types_tlssecurityprofile.go create mode 100644 vendor/github.com/openshift/api/console/v1/0000_10_consoleclidownload.crd.yaml create mode 100644 vendor/github.com/openshift/api/console/v1/0000_10_consoleexternalloglink.crd.yaml create mode 100644 vendor/github.com/openshift/api/console/v1/0000_10_consolelink.crd.yaml create mode 100644 vendor/github.com/openshift/api/console/v1/0000_10_consolenotification.crd.yaml create mode 100644 vendor/github.com/openshift/api/console/v1/0000_10_consoleplugin.crd.yaml create mode 100644 vendor/github.com/openshift/api/console/v1/0000_10_consolequickstart.crd.yaml create mode 100644 vendor/github.com/openshift/api/console/v1/0000_10_consoleyamlsample.crd.yaml create mode 100644 vendor/github.com/openshift/api/console/v1/Makefile create mode 100644 vendor/github.com/openshift/api/console/v1/stable.consoleclidownload.testsuite.yaml create mode 100644 vendor/github.com/openshift/api/console/v1/stable.consoleexternalloglink.testsuite.yaml create mode 100644 vendor/github.com/openshift/api/console/v1/stable.consolelink.testsuite.yaml create mode 100644 vendor/github.com/openshift/api/console/v1/stable.consolenotification.testsuite.yaml create mode 100644 vendor/github.com/openshift/api/console/v1/stable.consoleplugin.testsuite.yaml create mode 100644 vendor/github.com/openshift/api/console/v1/stable.consolequickstart.testsuite.yaml create mode 100644 vendor/github.com/openshift/api/console/v1/stable.consoleyamlsample.testsuite.yaml create mode 100644 vendor/github.com/openshift/api/console/v1/types_console_plugin.go create mode 100644 vendor/github.com/openshift/api/console/v1/types_console_quick_start.go create mode 100644 vendor/github.com/openshift/api/console/v1/types_console_yaml_sample.go create mode 100644 vendor/github.com/openshift/api/pkg/serialization/serialization.go create mode 100644 vendor/github.com/openshift/api/route/v1/Makefile create mode 100644 vendor/github.com/openshift/api/route/v1/route.crd.yaml create mode 100644 vendor/github.com/openshift/api/route/v1/route.crd.yaml-patch create mode 100644 vendor/github.com/openshift/api/route/v1/stable.route.testsuite.yaml create mode 100644 vendor/github.com/openshift/api/route/v1/test-route-validation.sh create mode 100644 vendor/github.com/openshift/api/security/v1/0000_03_security-openshift_01_scc.crd.yaml create mode 100644 vendor/github.com/openshift/api/security/v1/Makefile create mode 100644 vendor/github.com/openshift/api/security/v1/stable.securitycontextconstraints.testsuite.yaml create mode 100644 vendor/github.com/openshift/api/template/v1/codec.go create mode 100644 vendor/github.com/openshift/api/template/v1/consts.go create mode 100644 vendor/github.com/openshift/api/template/v1/doc.go create mode 100644 vendor/github.com/openshift/api/template/v1/generated.pb.go create mode 100644 vendor/github.com/openshift/api/template/v1/generated.proto create mode 100644 vendor/github.com/openshift/api/template/v1/legacy.go create mode 100644 vendor/github.com/openshift/api/template/v1/register.go create mode 100644 vendor/github.com/openshift/api/template/v1/types.go create mode 100644 vendor/github.com/openshift/api/template/v1/zz_generated.deepcopy.go create mode 100644 vendor/github.com/openshift/api/template/v1/zz_generated.swagger_doc_generated.go diff --git a/DEPENDENCIES.md b/DEPENDENCIES.md index badc1c4c16..802dc3144f 100644 --- a/DEPENDENCIES.md +++ b/DEPENDENCIES.md @@ -466,7 +466,7 @@ | [go.etcd.io/etcd@dd1b699fc4895de8cc23c3cac5a428c37eee384a](https://github.com/etcd-io/etcd.git) | Apache-2.0 | [CQ](https://dev.eclipse.org/ipzilla/show_bug.cgi?id=23592) | | [github.com/remyoudompheng/bigfft@6a916e37a237384e18eefa3270c09247db1ecf50](https://github.com/remyoudompheng/bigfft.git) | BSD-3-Clause | [CQ](https://dev.eclipse.org/ipzilla/show_bug.cgi?id=23591) | | [github.com/operator-framework/operator-registry@v1.13.6](https://github.com/operator-framework/operator-registry.git) | Apache-2.0 | [CQ](https://dev.eclipse.org/ipzilla/show_bug.cgi?id=23590) | -| [github.com/openshift/api@32369d4db2ada1c1cdb95b99b568a9925e2a4480](https://github.com/openshift/api.git) | Apache-2.0 | [CQ](https://dev.eclipse.org/ipzilla/show_bug.cgi?id=23586) | +| [github.com/openshift/api@88b476f987ed90f7b0e1fdc851859c35161b1ff5](https://github.com/openshift/api.git) | Apache-2.0 | [clearlydefined](https://clearlydefined.io/definitions/git/github/openshift/api/88b476f987ed90f7b0e1fdc851859c35161b1ff5) | | [github.com/chai2010/gettext-go@c6fed771bfd517099caf0f7a961671fa8ed08723](https://github.com/chai2010/gettext-go.git) | BSD-3-Clause | [CQ](https://dev.eclipse.org/ipzilla/show_bug.cgi?id=23551) | | [github.com/cloudflare/golz4@ef862a3cdc58a6f1fee4e3af3d44fbe279194cde](https://github.com/cloudflare/golz4.git) | BSD-3-Clause | [CQ](https://dev.eclipse.org/ipzilla/show_bug.cgi?id=23552) | | [github.com/coreos/go-systemd@fd7a80b32e1fc73e890fde45604ed5009dc817a3](https://github.com/coreos/go-systemd.git) | Apache-2.0 | [CQ](https://dev.eclipse.org/ipzilla/show_bug.cgi?id=23553) | diff --git a/config/rbac/cluster_role.yaml b/config/rbac/cluster_role.yaml index a0ba01916a..ecb1f1aa98 100644 --- a/config/rbac/cluster_role.yaml +++ b/config/rbac/cluster_role.yaml @@ -339,7 +339,33 @@ rules: resources: - limitranges verbs: + - create + - delete + - get + - update + - patch + - watch - list + - apiGroups: + - "" + resources: + - resourcequotas + verbs: + - create + - delete + - get + - update + - patch + - watch + - list + - apiGroups: + - template.openshift.io + resources: + - templates + verbs: + - get + - list + - watch - apiGroups: - monitoring.coreos.com resources: diff --git a/controllers/usernamespace/workspace_cm_syncer.go b/controllers/usernamespace/workspace_cm_syncer.go index 16d9d21728..432a954de4 100644 --- a/controllers/usernamespace/workspace_cm_syncer.go +++ b/controllers/usernamespace/workspace_cm_syncer.go @@ -1,5 +1,5 @@ // -// Copyright (c) 2019-2023 Red Hat, Inc. +// Copyright (c) 2019-2024 Red Hat, Inc. // This program and the accompanying materials are made // available under the terms of the Eclipse Public License 2.0 // which is available at https://www.eclipse.org/legal/epl-2.0/ @@ -14,11 +14,9 @@ package usernamespace import ( dwconstants "github.com/devfile/devworkspace-operator/pkg/constants" - "github.com/google/go-cmp/cmp" - "github.com/google/go-cmp/cmp/cmpopts" + "github.com/eclipse-che/che-operator/pkg/common/utils" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime/schema" "sigs.k8s.io/controller-runtime/pkg/client" ) @@ -27,64 +25,43 @@ var ( v1ConfigMapGKV = corev1.SchemeGroupVersion.WithKind("ConfigMap") ) -type configMapSyncer struct { - workspaceConfigSyncer +type cmWorkspaceSyncObject struct { + WorkspaceSyncObject + cm *corev1.ConfigMap } -func newConfigMapSyncer() *configMapSyncer { - return &configMapSyncer{} +func newCMWorkspaceSyncObject(cm *corev1.ConfigMap) *cmWorkspaceSyncObject { + return &cmWorkspaceSyncObject{cm: cm} } -func (p *configMapSyncer) gkv() schema.GroupVersionKind { +func (p *cmWorkspaceSyncObject) getSrcObject() client.Object { + return p.cm +} + +func (p *cmWorkspaceSyncObject) getSrcObjectGKV() schema.GroupVersionKind { return v1ConfigMapGKV } -func (p *configMapSyncer) newObjectFrom(src client.Object) client.Object { - dst := src.(runtime.Object).DeepCopyObject() +func (p *cmWorkspaceSyncObject) newDstObject() client.Object { + dst := p.cm.DeepCopyObject() dst.(*corev1.ConfigMap).ObjectMeta = metav1.ObjectMeta{ - Name: src.GetName(), - Annotations: src.GetAnnotations(), - Labels: mergeWorkspaceConfigObjectLabels( - src.GetLabels(), - map[string]string{ + Name: p.cm.GetName(), + Annotations: p.cm.GetAnnotations(), + Labels: utils.MergeMaps([]map[string]string{ + p.cm.GetLabels(), + { dwconstants.DevWorkspaceWatchConfigMapLabel: "true", dwconstants.DevWorkspaceMountLabel: "true", - }, - ), + }}), } return dst.(client.Object) } -func (p *configMapSyncer) isExistedObjChanged(newObj client.Object, existedObj client.Object) bool { - if newObj.GetLabels() != nil { - for key, value := range newObj.GetLabels() { - if existedObj.GetLabels()[key] != value { - return true - } - } - } - - if newObj.GetAnnotations() != nil { - for key, value := range newObj.GetAnnotations() { - if existedObj.GetAnnotations()[key] != value { - return true - } - } - } - - return cmp.Diff( - newObj, - existedObj, - cmp.Options{ - cmpopts.IgnoreFields(corev1.ConfigMap{}, "TypeMeta", "ObjectMeta"), - }) != "" -} - -func (p *configMapSyncer) getObjectList() client.ObjectList { - return &corev1.ConfigMapList{} +func (p *cmWorkspaceSyncObject) getSrcObjectVersion() string { + return p.cm.GetResourceVersion() } -func (p *configMapSyncer) hasReadOnlySpec() bool { +func (p *cmWorkspaceSyncObject) hasROSpec() bool { return false } diff --git a/controllers/usernamespace/workspace_cm_syncer_test.go b/controllers/usernamespace/workspace_cm_syncer_test.go index c1616626f1..a65db9e917 100644 --- a/controllers/usernamespace/workspace_cm_syncer_test.go +++ b/controllers/usernamespace/workspace_cm_syncer_test.go @@ -1,5 +1,5 @@ // -// Copyright (c) 2019-2023 Red Hat, Inc. +// Copyright (c) 2019-2024 Red Hat, Inc. // This program and the accompanying materials are made // available under the terms of the Eclipse Public License 2.0 // which is available at https://www.eclipse.org/legal/epl-2.0/ @@ -67,12 +67,11 @@ func TestSyncConfigMap(t *testing.T) { workspaceConfigReconciler := NewWorkspacesConfigReconciler( deployContext.ClusterAPI.Client, - deployContext.ClusterAPI.NonCachingClient, deployContext.ClusterAPI.Scheme, NewNamespaceCache(deployContext.ClusterAPI.NonCachingClient)) // Sync ConfigMap - err := workspaceConfigReconciler.syncWorkspacesConfig(context.TODO(), userNamespace) + err := workspaceConfigReconciler.syncWorkspace(context.TODO(), userNamespace) assert.Nil(t, err) assertSyncConfig(t, workspaceConfigReconciler, 2, v1ConfigMapGKV) @@ -96,7 +95,7 @@ func TestSyncConfigMap(t *testing.T) { assert.Nil(t, err) // Sync ConfigMap - err = workspaceConfigReconciler.syncWorkspacesConfig(context.TODO(), userNamespace) + err = workspaceConfigReconciler.syncWorkspace(context.TODO(), userNamespace) assert.Nil(t, err) assertSyncConfig(t, workspaceConfigReconciler, 2, v1ConfigMapGKV) @@ -120,7 +119,7 @@ func TestSyncConfigMap(t *testing.T) { assert.Nil(t, err) // Sync ConfigMap - err = workspaceConfigReconciler.syncWorkspacesConfig(context.TODO(), userNamespace) + err = workspaceConfigReconciler.syncWorkspace(context.TODO(), userNamespace) assert.Nil(t, err) assertSyncConfig(t, workspaceConfigReconciler, 2, v1ConfigMapGKV) @@ -145,7 +144,7 @@ func TestSyncConfigMap(t *testing.T) { assert.Nil(t, err) // Sync ConfigMap - err = workspaceConfigReconciler.syncWorkspacesConfig(context.TODO(), userNamespace) + err = workspaceConfigReconciler.syncWorkspace(context.TODO(), userNamespace) assert.Nil(t, err) assertSyncConfig(t, workspaceConfigReconciler, 2, v1ConfigMapGKV) @@ -167,7 +166,7 @@ func TestSyncConfigMap(t *testing.T) { assert.Nil(t, err) // Sync ConfigMap - err = workspaceConfigReconciler.syncWorkspacesConfig(context.TODO(), userNamespace) + err = workspaceConfigReconciler.syncWorkspace(context.TODO(), userNamespace) assert.Nil(t, err) assertSyncConfig(t, workspaceConfigReconciler, 2, v1ConfigMapGKV) @@ -187,7 +186,7 @@ func TestSyncConfigMap(t *testing.T) { assert.Nil(t, err) // Sync ConfigMap - err = workspaceConfigReconciler.syncWorkspacesConfig(context.TODO(), userNamespace) + err = workspaceConfigReconciler.syncWorkspace(context.TODO(), userNamespace) assert.Nil(t, err) assertSyncConfig(t, workspaceConfigReconciler, 0, v1ConfigMapGKV) @@ -224,12 +223,11 @@ func TestSyncConfigMapShouldMergeLabelsAndAnnotationsOnUpdate(t *testing.T) { workspaceConfigReconciler := NewWorkspacesConfigReconciler( deployContext.ClusterAPI.Client, - deployContext.ClusterAPI.NonCachingClient, deployContext.ClusterAPI.Scheme, NewNamespaceCache(deployContext.ClusterAPI.NonCachingClient)) // Sync ConfigMap - err := workspaceConfigReconciler.syncWorkspacesConfig(context.TODO(), userNamespace) + err := workspaceConfigReconciler.syncWorkspace(context.TODO(), userNamespace) assert.Nil(t, err) assertSyncConfig(t, workspaceConfigReconciler, 2, v1ConfigMapGKV) @@ -254,7 +252,7 @@ func TestSyncConfigMapShouldMergeLabelsAndAnnotationsOnUpdate(t *testing.T) { assert.Nil(t, err) // Sync ConfigMap - err = workspaceConfigReconciler.syncWorkspacesConfig(context.TODO(), userNamespace) + err = workspaceConfigReconciler.syncWorkspace(context.TODO(), userNamespace) assert.Nil(t, err) assertSyncConfig(t, workspaceConfigReconciler, 2, v1ConfigMapGKV) @@ -282,7 +280,7 @@ func TestSyncConfigMapShouldMergeLabelsAndAnnotationsOnUpdate(t *testing.T) { assert.Nil(t, err) // Sync ConfigMap - err = workspaceConfigReconciler.syncWorkspacesConfig(context.TODO(), userNamespace) + err = workspaceConfigReconciler.syncWorkspace(context.TODO(), userNamespace) assert.Nil(t, err) assertSyncConfig(t, workspaceConfigReconciler, 2, v1ConfigMapGKV) diff --git a/controllers/usernamespace/workspace_pvc_syncer.go b/controllers/usernamespace/workspace_pvc_syncer.go index d1d35dc3f6..17d434b43b 100644 --- a/controllers/usernamespace/workspace_pvc_syncer.go +++ b/controllers/usernamespace/workspace_pvc_syncer.go @@ -1,5 +1,5 @@ // -// Copyright (c) 2019-2023 Red Hat, Inc. +// Copyright (c) 2019-2024 Red Hat, Inc. // This program and the accompanying materials are made // available under the terms of the Eclipse Public License 2.0 // which is available at https://www.eclipse.org/legal/epl-2.0/ @@ -24,19 +24,22 @@ var ( v1PvcGKV = corev1.SchemeGroupVersion.WithKind("PersistentVolumeClaim") ) -type pvcSyncer struct { - workspaceConfigSyncer +type pvcWorkspaceSyncObject struct { + WorkspaceSyncObject + pvc *corev1.PersistentVolumeClaim } -func newPvcSyncer() *pvcSyncer { - return &pvcSyncer{} +func newPvcWorkspaceSyncObject(pvc *corev1.PersistentVolumeClaim) *pvcWorkspaceSyncObject { + return &pvcWorkspaceSyncObject{ + pvc: pvc, + } } -func (p *pvcSyncer) gkv() schema.GroupVersionKind { +func (p *pvcWorkspaceSyncObject) getSrcObjectGKV() schema.GroupVersionKind { return v1PvcGKV } -func (p *pvcSyncer) newObjectFrom(src client.Object) client.Object { +func (p *pvcWorkspaceSyncObject) newDstObj(src client.Object) client.Object { dst := src.(runtime.Object).DeepCopyObject() dst.(*corev1.PersistentVolumeClaim).ObjectMeta = metav1.ObjectMeta{ Name: src.GetName(), @@ -48,14 +51,26 @@ func (p *pvcSyncer) newObjectFrom(src client.Object) client.Object { return dst.(client.Object) } -func (p *pvcSyncer) isExistedObjChanged(newObj client.Object, existedObj client.Object) bool { - return false +func (p *pvcWorkspaceSyncObject) getSrcObject() client.Object { + return p.pvc +} + +func (p *pvcWorkspaceSyncObject) newDstObject() client.Object { + dst := p.pvc.DeepCopyObject() + dst.(*corev1.PersistentVolumeClaim).ObjectMeta = metav1.ObjectMeta{ + Name: p.pvc.GetName(), + Annotations: p.pvc.GetAnnotations(), + Labels: p.pvc.GetLabels(), + } + dst.(*corev1.PersistentVolumeClaim).Status = corev1.PersistentVolumeClaimStatus{} + + return dst.(client.Object) } -func (p *pvcSyncer) getObjectList() client.ObjectList { - return &corev1.PersistentVolumeClaimList{} +func (p *pvcWorkspaceSyncObject) getSrcObjectVersion() string { + return p.pvc.GetResourceVersion() } -func (p *pvcSyncer) hasReadOnlySpec() bool { +func (p *pvcWorkspaceSyncObject) hasROSpec() bool { return true } diff --git a/controllers/usernamespace/workspace_pvc_syncer_test.go b/controllers/usernamespace/workspace_pvc_syncer_test.go index 954802b324..d130879e31 100644 --- a/controllers/usernamespace/workspace_pvc_syncer_test.go +++ b/controllers/usernamespace/workspace_pvc_syncer_test.go @@ -1,5 +1,5 @@ // -// Copyright (c) 2019-2023 Red Hat, Inc. +// Copyright (c) 2019-2024 Red Hat, Inc. // This program and the accompanying materials are made // available under the terms of the Eclipse Public License 2.0 // which is available at https://www.eclipse.org/legal/epl-2.0/ @@ -54,14 +54,13 @@ func TestSyncPVC(t *testing.T) { workspaceConfigReconciler := NewWorkspacesConfigReconciler( deployContext.ClusterAPI.Client, - deployContext.ClusterAPI.NonCachingClient, deployContext.ClusterAPI.Scheme, NewNamespaceCache(deployContext.ClusterAPI.NonCachingClient)) assertSyncConfig(t, workspaceConfigReconciler, 0, v1PvcGKV) // Sync PVC to a user namespace - err := workspaceConfigReconciler.syncWorkspacesConfig(context.TODO(), userNamespace) + err := workspaceConfigReconciler.syncWorkspace(context.TODO(), userNamespace) assert.Nil(t, err) assertSyncConfig(t, workspaceConfigReconciler, 2, v1PvcGKV) @@ -81,7 +80,7 @@ func TestSyncPVC(t *testing.T) { err = workspaceConfigReconciler.client.Update(context.TODO(), pvc) // Sync PVC - err = workspaceConfigReconciler.syncWorkspacesConfig(context.TODO(), userNamespace) + err = workspaceConfigReconciler.syncWorkspace(context.TODO(), userNamespace) assert.Nil(t, err) assertSyncConfig(t, workspaceConfigReconciler, 2, v1PvcGKV) @@ -98,7 +97,7 @@ func TestSyncPVC(t *testing.T) { assert.Nil(t, err) // Sync PVC - err = workspaceConfigReconciler.syncWorkspacesConfig(context.TODO(), userNamespace) + err = workspaceConfigReconciler.syncWorkspace(context.TODO(), userNamespace) assert.Nil(t, err) assertSyncConfig(t, workspaceConfigReconciler, 2, v1PvcGKV) @@ -115,7 +114,7 @@ func TestSyncPVC(t *testing.T) { assert.Nil(t, err) // Sync PVC - err = workspaceConfigReconciler.syncWorkspacesConfig(context.TODO(), userNamespace) + err = workspaceConfigReconciler.syncWorkspace(context.TODO(), userNamespace) assert.Nil(t, err) assertSyncConfig(t, workspaceConfigReconciler, 0, v1PvcGKV) diff --git a/controllers/usernamespace/workspace_secret_syncer.go b/controllers/usernamespace/workspace_secret_syncer.go index d32d509dc1..d6e4e0c6c2 100644 --- a/controllers/usernamespace/workspace_secret_syncer.go +++ b/controllers/usernamespace/workspace_secret_syncer.go @@ -1,5 +1,5 @@ // -// Copyright (c) 2019-2023 Red Hat, Inc. +// Copyright (c) 2019-2024 Red Hat, Inc. // This program and the accompanying materials are made // available under the terms of the Eclipse Public License 2.0 // which is available at https://www.eclipse.org/legal/epl-2.0/ @@ -14,11 +14,9 @@ package usernamespace import ( dwconstants "github.com/devfile/devworkspace-operator/pkg/constants" - "github.com/google/go-cmp/cmp" - "github.com/google/go-cmp/cmp/cmpopts" + "github.com/eclipse-che/che-operator/pkg/common/utils" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime/schema" "sigs.k8s.io/controller-runtime/pkg/client" ) @@ -27,64 +25,45 @@ var ( v1SecretGKV = corev1.SchemeGroupVersion.WithKind("Secret") ) -type secretSyncer struct { - workspaceConfigSyncer +type secretWorkspaceSyncObject struct { + WorkspaceSyncObject + secret *corev1.Secret } -func newSecretSyncer() *secretSyncer { - return &secretSyncer{} +func newSecretWorkspaceSyncObject(secret *corev1.Secret) *secretWorkspaceSyncObject { + return &secretWorkspaceSyncObject{ + secret: secret, + } } -func (p *secretSyncer) gkv() schema.GroupVersionKind { +func (p *secretWorkspaceSyncObject) getSrcObjectGKV() schema.GroupVersionKind { return v1SecretGKV } -func (p *secretSyncer) newObjectFrom(src client.Object) client.Object { - dst := src.(runtime.Object).DeepCopyObject() +func (p *secretWorkspaceSyncObject) getSrcObject() client.Object { + return p.secret +} + +func (p *secretWorkspaceSyncObject) newDstObject() client.Object { + dst := p.secret.DeepCopyObject() dst.(*corev1.Secret).ObjectMeta = metav1.ObjectMeta{ - Name: src.GetName(), - Annotations: src.GetAnnotations(), - Labels: mergeWorkspaceConfigObjectLabels( - src.GetLabels(), - map[string]string{ + Name: p.secret.GetName(), + Annotations: p.secret.GetAnnotations(), + Labels: utils.MergeMaps([]map[string]string{ + p.secret.GetLabels(), + { dwconstants.DevWorkspaceWatchSecretLabel: "true", dwconstants.DevWorkspaceMountLabel: "true", - }, - ), + }}), } return dst.(client.Object) } -func (p *secretSyncer) isExistedObjChanged(newObj client.Object, existedObj client.Object) bool { - if newObj.GetLabels() != nil { - for key, value := range newObj.GetLabels() { - if existedObj.GetLabels()[key] != value { - return true - } - } - } - - if newObj.GetAnnotations() != nil { - for key, value := range newObj.GetAnnotations() { - if existedObj.GetAnnotations()[key] != value { - return true - } - } - } - - return cmp.Diff( - newObj, - existedObj, - cmp.Options{ - cmpopts.IgnoreFields(corev1.Secret{}, "TypeMeta", "ObjectMeta"), - }) != "" -} - -func (p *secretSyncer) getObjectList() client.ObjectList { - return &corev1.SecretList{} +func (p *secretWorkspaceSyncObject) getSrcObjectVersion() string { + return p.secret.GetResourceVersion() } -func (p *secretSyncer) hasReadOnlySpec() bool { +func (p *secretWorkspaceSyncObject) hasROSpec() bool { return false } diff --git a/controllers/usernamespace/workspace_secret_syncer_test.go b/controllers/usernamespace/workspace_secret_syncer_test.go index cbe591a7bf..8edf4c9895 100644 --- a/controllers/usernamespace/workspace_secret_syncer_test.go +++ b/controllers/usernamespace/workspace_secret_syncer_test.go @@ -1,5 +1,5 @@ // -// Copyright (c) 2019-2023 Red Hat, Inc. +// Copyright (c) 2019-2024 Red Hat, Inc. // This program and the accompanying materials are made // available under the terms of the Eclipse Public License 2.0 // which is available at https://www.eclipse.org/legal/epl-2.0/ @@ -56,12 +56,11 @@ func TestSyncSecrets(t *testing.T) { workspaceConfigReconciler := NewWorkspacesConfigReconciler( deployContext.ClusterAPI.Client, - deployContext.ClusterAPI.NonCachingClient, deployContext.ClusterAPI.Scheme, NewNamespaceCache(deployContext.ClusterAPI.NonCachingClient)) // Sync Secret - err := workspaceConfigReconciler.syncWorkspacesConfig(context.TODO(), userNamespace) + err := workspaceConfigReconciler.syncWorkspace(context.TODO(), userNamespace) assert.Nil(t, err) assertSyncConfig(t, workspaceConfigReconciler, 2, v1SecretGKV) @@ -89,7 +88,7 @@ func TestSyncSecrets(t *testing.T) { assert.Nil(t, err) // Sync Secret - err = workspaceConfigReconciler.syncWorkspacesConfig(context.TODO(), userNamespace) + err = workspaceConfigReconciler.syncWorkspace(context.TODO(), userNamespace) assert.Nil(t, err) assertSyncConfig(t, workspaceConfigReconciler, 2, v1SecretGKV) @@ -115,7 +114,7 @@ func TestSyncSecrets(t *testing.T) { assert.Nil(t, err) // Sync Secret - err = workspaceConfigReconciler.syncWorkspacesConfig(context.TODO(), userNamespace) + err = workspaceConfigReconciler.syncWorkspace(context.TODO(), userNamespace) assert.Nil(t, err) assertSyncConfig(t, workspaceConfigReconciler, 2, v1SecretGKV) @@ -141,7 +140,7 @@ func TestSyncSecrets(t *testing.T) { assert.Nil(t, err) // Sync Secret - err = workspaceConfigReconciler.syncWorkspacesConfig(context.TODO(), userNamespace) + err = workspaceConfigReconciler.syncWorkspace(context.TODO(), userNamespace) assert.Nil(t, err) assertSyncConfig(t, workspaceConfigReconciler, 2, v1SecretGKV) @@ -164,7 +163,7 @@ func TestSyncSecrets(t *testing.T) { assert.Nil(t, err) // Sync Secret - err = workspaceConfigReconciler.syncWorkspacesConfig(context.TODO(), userNamespace) + err = workspaceConfigReconciler.syncWorkspace(context.TODO(), userNamespace) assert.Nil(t, err) assertSyncConfig(t, workspaceConfigReconciler, 2, v1SecretGKV) @@ -185,7 +184,7 @@ func TestSyncSecrets(t *testing.T) { assert.Nil(t, err) // Sync Secret - err = workspaceConfigReconciler.syncWorkspacesConfig(context.TODO(), userNamespace) + err = workspaceConfigReconciler.syncWorkspace(context.TODO(), userNamespace) assert.Nil(t, err) assertSyncConfig(t, workspaceConfigReconciler, 0, v1SecretGKV) @@ -222,12 +221,11 @@ func TestSyncSecretShouldMergeLabelsAndAnnotationsOnUpdate(t *testing.T) { workspaceConfigReconciler := NewWorkspacesConfigReconciler( deployContext.ClusterAPI.Client, - deployContext.ClusterAPI.NonCachingClient, deployContext.ClusterAPI.Scheme, NewNamespaceCache(deployContext.ClusterAPI.NonCachingClient)) // Sync Secret - err := workspaceConfigReconciler.syncWorkspacesConfig(context.TODO(), userNamespace) + err := workspaceConfigReconciler.syncWorkspace(context.TODO(), userNamespace) assert.Nil(t, err) assertSyncConfig(t, workspaceConfigReconciler, 2, v1SecretGKV) @@ -252,7 +250,7 @@ func TestSyncSecretShouldMergeLabelsAndAnnotationsOnUpdate(t *testing.T) { assert.Nil(t, err) // Sync Secret - err = workspaceConfigReconciler.syncWorkspacesConfig(context.TODO(), userNamespace) + err = workspaceConfigReconciler.syncWorkspace(context.TODO(), userNamespace) assert.Nil(t, err) assertSyncConfig(t, workspaceConfigReconciler, 2, v1SecretGKV) @@ -280,7 +278,7 @@ func TestSyncSecretShouldMergeLabelsAndAnnotationsOnUpdate(t *testing.T) { assert.Nil(t, err) // Sync Secret - err = workspaceConfigReconciler.syncWorkspacesConfig(context.TODO(), userNamespace) + err = workspaceConfigReconciler.syncWorkspace(context.TODO(), userNamespace) assert.Nil(t, err) assertSyncConfig(t, workspaceConfigReconciler, 2, v1SecretGKV) diff --git a/controllers/usernamespace/workspace_unstructured_syncer.go b/controllers/usernamespace/workspace_unstructured_syncer.go new file mode 100644 index 0000000000..00617f260d --- /dev/null +++ b/controllers/usernamespace/workspace_unstructured_syncer.go @@ -0,0 +1,108 @@ +// +// Copyright (c) 2019-2024 Red Hat, Inc. +// This program and the accompanying materials are made +// available under the terms of the Eclipse Public License 2.0 +// which is available at https://www.eclipse.org/legal/epl-2.0/ +// +// SPDX-License-Identifier: EPL-2.0 +// +// Contributors: +// Red Hat, Inc. - initial API and implementation +// + +package usernamespace + +import ( + "github.com/eclipse-che/che-operator/pkg/common/utils" + "github.com/google/go-cmp/cmp" + "github.com/google/go-cmp/cmp/cmpopts" + corev1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" + "k8s.io/apimachinery/pkg/runtime/schema" + "sigs.k8s.io/controller-runtime/pkg/client" + "sigs.k8s.io/yaml" + "strings" +) + +const ( + PROJECT_REQUESTING_USER = "${PROJECT_REQUESTING_USER}" + PROJECT_NAME = "${PROJECT_NAME}" +) + +type unstructuredSyncer struct { + WorkspaceSyncObject + + srcObj client.Object + dstObj client.Object + hash string +} + +func newUnstructuredSyncer( + raw []byte, + user string, + project string) (*unstructuredSyncer, error) { + + hash := utils.ComputeHash256(raw) + + objAsString := string(raw) + objAsString = strings.ReplaceAll(objAsString, PROJECT_REQUESTING_USER, user) + objAsString = strings.ReplaceAll(objAsString, PROJECT_NAME, project) + + srcObj := &unstructured.Unstructured{} + if err := yaml.Unmarshal([]byte(objAsString), srcObj); err != nil { + return nil, err + } + + dstObj := srcObj.DeepCopyObject() + + return &unstructuredSyncer{ + srcObj: srcObj, + dstObj: dstObj.(client.Object), + hash: hash, + }, nil +} + +func (p *unstructuredSyncer) getSrcObject() client.Object { + return p.srcObj +} + +func (p *unstructuredSyncer) getSrcObjectGKV() schema.GroupVersionKind { + return p.srcObj.GetObjectKind().GroupVersionKind() +} + +func (p *unstructuredSyncer) newDstObject() client.Object { + return p.dstObj.DeepCopyObject().(client.Object) +} + +func (p *unstructuredSyncer) isExistedObjChanged(dstObj client.Object, existedDstObj client.Object) bool { + if dstObj.GetLabels() != nil { + for key, value := range dstObj.GetLabels() { + if existedDstObj.GetLabels()[key] != value { + return true + } + } + } + + if dstObj.GetAnnotations() != nil { + for key, value := range dstObj.GetAnnotations() { + if existedDstObj.GetAnnotations()[key] != value { + return true + } + } + } + + return cmp.Diff( + dstObj, + existedDstObj, + cmp.Options{ + cmpopts.IgnoreFields(corev1.ConfigMap{}, "TypeMeta", "ObjectMeta"), + }) != "" +} + +func (p *unstructuredSyncer) getSrcObjectVersion() string { + return p.hash +} + +func (p *unstructuredSyncer) hasROSpec() bool { + return false +} diff --git a/controllers/usernamespace/workspace_unstructured_syncer_test.go b/controllers/usernamespace/workspace_unstructured_syncer_test.go new file mode 100644 index 0000000000..fa6c8ce332 --- /dev/null +++ b/controllers/usernamespace/workspace_unstructured_syncer_test.go @@ -0,0 +1,229 @@ +// +// Copyright (c) 2019-2024 Red Hat, Inc. +// This program and the accompanying materials are made +// available under the terms of the Eclipse Public License 2.0 +// which is available at https://www.eclipse.org/legal/epl-2.0/ +// +// SPDX-License-Identifier: EPL-2.0 +// +// Contributors: +// Red Hat, Inc. - initial API and implementation +// + +package usernamespace + +import ( + "context" + "k8s.io/apimachinery/pkg/types" + "sync" + "testing" + + "github.com/devfile/devworkspace-operator/pkg/infrastructure" + "github.com/eclipse-che/che-operator/pkg/deploy" + templatev1 "github.com/openshift/api/template/v1" + "k8s.io/apimachinery/pkg/api/errors" + + "github.com/eclipse-che/che-operator/pkg/common/constants" + "github.com/eclipse-che/che-operator/pkg/common/test" + "github.com/eclipse-che/che-operator/pkg/common/utils" + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + + "github.com/stretchr/testify/assert" +) + +var ( + v1LimitRangeGKV = corev1.SchemeGroupVersion.WithKind("LimitRange") +) + +func TestSyncTemplateWithLimitRange(t *testing.T) { + infrastructure.InitializeForTesting(infrastructure.OpenShiftv4) + + deployContext := test.GetDeployContext(nil, []runtime.Object{ + &templatev1.Template{ + TypeMeta: metav1.TypeMeta{ + Kind: "Template", + APIVersion: "template.openshift.io/v1", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: objectName, + Namespace: "eclipse-che", + Labels: map[string]string{ + constants.KubernetesPartOfLabelKey: constants.CheEclipseOrg, + constants.KubernetesComponentLabelKey: constants.WorkspacesConfig, + }, + }, + Objects: []runtime.RawExtension{ + { + Object: &corev1.LimitRange{ + TypeMeta: metav1.TypeMeta{ + Kind: "LimitRange", + APIVersion: "v1", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: objectName, + Labels: map[string]string{ + "user": "${PROJECT_REQUESTING_USER}", + "namespace": "${PROJECT_NAME}", + }, + }, + Spec: corev1.LimitRangeSpec{ + []corev1.LimitRangeItem{ + { + Type: corev1.LimitTypeContainer, + }, + }, + }, + }, + }, + }, + }}) + + workspaceConfigReconciler := NewWorkspacesConfigReconciler( + deployContext.ClusterAPI.Client, + deployContext.ClusterAPI.Scheme, + &namespaceCache{ + client: deployContext.ClusterAPI.Client, + knownNamespaces: map[string]namespaceInfo{ + userNamespace: { + IsWorkspaceNamespace: true, + Username: "user", + CheCluster: &types.NamespacedName{Name: "eclipse-che", Namespace: "eclipse-che"}, + }, + }, + lock: sync.Mutex{}, + }) + + // Sync Template + err := workspaceConfigReconciler.syncWorkspace(context.TODO(), userNamespace) + assert.Nil(t, err) + assertSyncConfig(t, workspaceConfigReconciler, 2, v1LimitRangeGKV) + + // Check LimitRange in a user namespace is created + lr := &corev1.LimitRange{} + err = workspaceConfigReconciler.client.Get(context.TODO(), objectKeyInUserNs, lr) + assert.Nil(t, err) + assert.Equal(t, corev1.LimitTypeContainer, lr.Spec.Limits[0].Type) + assert.Equal(t, constants.WorkspacesConfig, lr.Labels[constants.KubernetesComponentLabelKey]) + assert.Equal(t, constants.CheEclipseOrg, lr.Labels[constants.KubernetesPartOfLabelKey]) + assert.Equal(t, "user", lr.Labels["user"]) + assert.Equal(t, userNamespace, lr.Labels["namespace"]) + + // Update src Template + template := &templatev1.Template{} + err = workspaceConfigReconciler.client.Get(context.TODO(), objectKeyInCheNs, template) + assert.Nil(t, err) + template.Objects = []runtime.RawExtension{ + { + Object: &corev1.LimitRange{ + TypeMeta: metav1.TypeMeta{ + Kind: "LimitRange", + APIVersion: "v1", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: objectName, + }, + Spec: corev1.LimitRangeSpec{ + []corev1.LimitRangeItem{ + { + Type: corev1.LimitTypePod, + }, + }, + }, + }, + }, + } + err = workspaceConfigReconciler.client.Update(context.TODO(), template) + assert.Nil(t, err) + + // Sync Template + err = workspaceConfigReconciler.syncWorkspace(context.TODO(), userNamespace) + assert.Nil(t, err) + assertSyncConfig(t, workspaceConfigReconciler, 2, v1LimitRangeGKV) + + // Check that destination LimitRange is updated + lr = &corev1.LimitRange{} + err = workspaceConfigReconciler.client.Get(context.TODO(), objectKeyInUserNs, lr) + assert.Nil(t, err) + assert.Equal(t, corev1.LimitTypePod, lr.Spec.Limits[0].Type) + assert.Equal(t, constants.WorkspacesConfig, lr.Labels[constants.KubernetesComponentLabelKey]) + assert.Equal(t, constants.CheEclipseOrg, lr.Labels[constants.KubernetesPartOfLabelKey]) + + // Update dst LimitRange + lr = &corev1.LimitRange{} + err = workspaceConfigReconciler.client.Get(context.TODO(), objectKeyInUserNs, lr) + assert.Nil(t, err) + lr.Spec.Limits[0].Type = corev1.LimitTypePersistentVolumeClaim + err = workspaceConfigReconciler.client.Update(context.TODO(), lr) + assert.Nil(t, err) + + // Sync Template + err = workspaceConfigReconciler.syncWorkspace(context.TODO(), userNamespace) + assert.Nil(t, err) + assertSyncConfig(t, workspaceConfigReconciler, 2, v1LimitRangeGKV) + + // Check that destination LimitRange is reverted + lr = &corev1.LimitRange{} + err = workspaceConfigReconciler.client.Get(context.TODO(), objectKeyInUserNs, lr) + assert.Nil(t, err) + assert.Equal(t, corev1.LimitTypePod, lr.Spec.Limits[0].Type) + assert.Equal(t, constants.WorkspacesConfig, lr.Labels[constants.KubernetesComponentLabelKey]) + assert.Equal(t, constants.CheEclipseOrg, lr.Labels[constants.KubernetesPartOfLabelKey]) + + // Update dst LimitRange in the way that it won't be reverted + lr = &corev1.LimitRange{} + err = workspaceConfigReconciler.client.Get(context.TODO(), objectKeyInUserNs, lr) + assert.Nil(t, err) + lr.Annotations = map[string]string{"new-annotation": "new-test"} + utils.AddMap(lr.Labels, map[string]string{"new-label": "new-test"}) + err = workspaceConfigReconciler.client.Update(context.TODO(), lr) + assert.Nil(t, err) + + // Sync Template + err = workspaceConfigReconciler.syncWorkspace(context.TODO(), userNamespace) + assert.Nil(t, err) + assertSyncConfig(t, workspaceConfigReconciler, 2, v1LimitRangeGKV) + + // Check that destination ConfigMap is not reverted + lr = &corev1.LimitRange{} + err = workspaceConfigReconciler.client.Get(context.TODO(), objectKeyInUserNs, lr) + assert.Nil(t, err) + assert.Equal(t, corev1.LimitTypePod, lr.Spec.Limits[0].Type) + assert.Equal(t, constants.WorkspacesConfig, lr.Labels[constants.KubernetesComponentLabelKey]) + assert.Equal(t, constants.CheEclipseOrg, lr.Labels[constants.KubernetesPartOfLabelKey]) + assert.Equal(t, "new-test", lr.Labels["new-label"]) + assert.Equal(t, "new-test", lr.Annotations["new-annotation"]) + + // Delete dst LimitRange + err = deploy.DeleteIgnoreIfNotFound(context.TODO(), deployContext.ClusterAPI.Client, objectKeyInUserNs, &corev1.LimitRange{}) + assert.Nil(t, err) + + // Sync Template + err = workspaceConfigReconciler.syncWorkspace(context.TODO(), userNamespace) + assert.Nil(t, err) + assertSyncConfig(t, workspaceConfigReconciler, 2, v1LimitRangeGKV) + + // Check that destination LimitRange is reverted + lr = &corev1.LimitRange{} + err = workspaceConfigReconciler.client.Get(context.TODO(), objectKeyInUserNs, lr) + assert.Nil(t, err) + assert.Equal(t, corev1.LimitTypePod, lr.Spec.Limits[0].Type) + assert.Equal(t, constants.WorkspacesConfig, lr.Labels[constants.KubernetesComponentLabelKey]) + assert.Equal(t, constants.CheEclipseOrg, lr.Labels[constants.KubernetesPartOfLabelKey]) + + // Delete src Template + err = deploy.DeleteIgnoreIfNotFound(context.TODO(), deployContext.ClusterAPI.Client, objectKeyInCheNs, &templatev1.Template{}) + assert.Nil(t, err) + + // Sync Template + err = workspaceConfigReconciler.syncWorkspace(context.TODO(), userNamespace) + assert.Nil(t, err) + assertSyncConfig(t, workspaceConfigReconciler, 0, v1LimitRangeGKV) + + // Check that destination LimitRange in a user namespace is deleted + lr = &corev1.LimitRange{} + err = workspaceConfigReconciler.client.Get(context.TODO(), objectKeyInUserNs, lr) + assert.NotNil(t, err) + assert.True(t, errors.IsNotFound(err)) +} diff --git a/controllers/usernamespace/workspaces_config_controller.go b/controllers/usernamespace/workspaces_config_controller.go index dfdf1c345f..048f08087d 100644 --- a/controllers/usernamespace/workspaces_config_controller.go +++ b/controllers/usernamespace/workspaces_config_controller.go @@ -1,5 +1,5 @@ // -// Copyright (c) 2019-2023 Red Hat, Inc. +// Copyright (c) 2019-2024 Red Hat, Inc. // This program and the accompanying materials are made // available under the terms of the Eclipse Public License 2.0 // which is available at https://www.eclipse.org/legal/epl-2.0/ @@ -17,13 +17,16 @@ import ( "fmt" "strings" + "github.com/devfile/devworkspace-operator/pkg/infrastructure" "github.com/eclipse-che/che-operator/pkg/common/utils" + "github.com/google/go-cmp/cmp" + "github.com/google/go-cmp/cmp/cmpopts" "github.com/eclipse-che/che-operator/pkg/common/constants" "github.com/eclipse-che/che-operator/pkg/deploy" + templatev1 "github.com/openshift/api/template/v1" corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/api/meta" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/labels" "k8s.io/apimachinery/pkg/runtime" @@ -41,50 +44,45 @@ const ( ) type WorkspacesConfigReconciler struct { - scheme *runtime.Scheme - client client.Client - nonCachedClient client.Client - namespaceCache *namespaceCache + scheme *runtime.Scheme + client client.Client + namespaceCache *namespaceCache } -// Interface for syncing workspace config objects. -type workspaceConfigSyncer interface { - gkv() schema.GroupVersionKind - isExistedObjChanged(newObj client.Object, existedObj client.Object) bool - hasReadOnlySpec() bool - getObjectList() client.ObjectList - newObjectFrom(src client.Object) client.Object +type WorkspaceSyncObject interface { + hasROSpec() bool + getSrcObject() client.Object + getSrcObjectGKV() schema.GroupVersionKind + getSrcObjectVersion() string + newDstObject() client.Object } type syncContext struct { dstNamespace string srcNamespace string ctx context.Context - syncer workspaceConfigSyncer + wsSyncObject WorkspaceSyncObject syncConfig map[string]string } var ( - log = ctrl.Log.WithName("workspaces-config") - - workspacesConfigLabels = map[string]string{ + logger = ctrl.Log.WithName("workspaces-config") + wsConfigComponentLabels = map[string]string{ constants.KubernetesPartOfLabelKey: constants.CheEclipseOrg, constants.KubernetesComponentLabelKey: constants.WorkspacesConfig, } - workspacesConfigSelector = labels.SelectorFromSet(workspacesConfigLabels) + wsConfigComponentSelector = labels.SelectorFromSet(wsConfigComponentLabels) ) func NewWorkspacesConfigReconciler( client client.Client, - noncachedClient client.Client, scheme *runtime.Scheme, namespaceCache *namespaceCache) *WorkspacesConfigReconciler { return &WorkspacesConfigReconciler{ - scheme: scheme, - client: client, - nonCachedClient: noncachedClient, - namespaceCache: namespaceCache, + scheme: scheme, + client: client, + namespaceCache: namespaceCache, } } @@ -92,9 +90,15 @@ func (r *WorkspacesConfigReconciler) SetupWithManager(mgr ctrl.Manager) error { ctx := context.Background() bld := ctrl.NewControllerManagedBy(mgr). For(&corev1.Namespace{}). - Watches(&source.Kind{Type: &corev1.PersistentVolumeClaim{}}, r.watchRules(ctx)). - Watches(&source.Kind{Type: &corev1.Secret{}}, r.watchRules(ctx)). - Watches(&source.Kind{Type: &corev1.ConfigMap{}}, r.watchRules(ctx)) + Watches(&source.Kind{Type: &corev1.PersistentVolumeClaim{}}, r.watchRules(ctx, true, true)). + Watches(&source.Kind{Type: &corev1.Secret{}}, r.watchRules(ctx, true, true)). + Watches(&source.Kind{Type: &corev1.ConfigMap{}}, r.watchRules(ctx, true, true)). + Watches(&source.Kind{Type: &corev1.ResourceQuota{}}, r.watchRules(ctx, false, true)). + Watches(&source.Kind{Type: &corev1.LimitRange{}}, r.watchRules(ctx, false, true)) + + if infrastructure.IsOpenShift() { + bld.Watches(&source.Kind{Type: &templatev1.Template{}}, r.watchRules(ctx, true, false)) + } return bld.Complete(r) } @@ -106,7 +110,7 @@ func (r *WorkspacesConfigReconciler) Reconcile(ctx context.Context, req ctrl.Req info, err := r.namespaceCache.ExamineNamespace(ctx, req.Name) if err != nil { - log.Error(err, "Failed to examine namespace", "namespace", req.Name) + logger.Error(err, "Failed to examine namespace", "namespace", req.Name) return ctrl.Result{}, err } @@ -115,219 +119,398 @@ func (r *WorkspacesConfigReconciler) Reconcile(ctx context.Context, req ctrl.Req return ctrl.Result{}, nil } - if err = r.syncWorkspacesConfig(ctx, req.Name); err != nil { - log.Error(err, "Failed to sync workspace configs", "namespace", req.Name) + if err = r.syncWorkspace(ctx, req.Name); err != nil { + logger.Error(err, "Failed to sync workspace configs", "namespace", req.Name) return ctrl.Result{}, err } return ctrl.Result{}, nil } -func (r *WorkspacesConfigReconciler) watchRules(ctx context.Context) handler.EventHandler { +// Establish watch rules for object. +// cheNamespaceRule - if true, then watch changes in che namespace (source namespace) +// userNamespaceRule - if true, then watch changes in user namespaces (destination namespaces) +func (r *WorkspacesConfigReconciler) watchRules( + ctx context.Context, + cheNamespaceRule bool, + userNamespaceRule bool, +) handler.EventHandler { return handler.EnqueueRequestsFromMapFunc( func(obj client.Object) []reconcile.Request { - return asReconcileRequestsForNamespaces(obj, - []eventRule{ - { + var eventRules []eventRule + + if cheNamespaceRule { + eventRules = append(eventRules, + eventRule{ + // reconcile rule when workspace config is modified in a che namespace + // to update the config in all users` namespaces + check: func(o metav1.Object) bool { + cheCluster, _ := deploy.FindCheClusterCRInNamespace(r.client, o.GetNamespace()) + return hasWSConfigComponentLabels(o) && cheCluster != nil + }, + namespaces: func(o metav1.Object) []string { return r.namespaceCache.GetAllKnownNamespaces() }, + }, + ) + } + + if userNamespaceRule { + eventRules = append(eventRules, + eventRule{ // reconcile rule when workspace config is modified in a user namespace // to revert the config check: func(o metav1.Object) bool { workspaceInfo, _ := r.namespaceCache.GetNamespaceInfo(ctx, o.GetNamespace()) - return isLabeledAsWorkspacesConfig(o) && + return hasWSConfigComponentLabels(o) && o.GetName() != syncedWorkspacesConfig && workspaceInfo != nil && workspaceInfo.IsWorkspaceNamespace }, namespaces: func(o metav1.Object) []string { return []string{o.GetNamespace()} }, }, - { - // reconcile rule when workspace config is modified in a che namespace - // to update the config in all users` namespaces - check: func(o metav1.Object) bool { - cheCluster, _ := deploy.FindCheClusterCRInNamespace(r.client, o.GetNamespace()) - return isLabeledAsWorkspacesConfig(o) && cheCluster != nil - }, - namespaces: func(o metav1.Object) []string { return r.namespaceCache.GetAllKnownNamespaces() }, - }}) + ) + } + + return asReconcileRequestsForNamespaces(obj, eventRules) }) } -func (r *WorkspacesConfigReconciler) syncWorkspacesConfig(ctx context.Context, targetNs string) error { +// syncWorkspace sync user namespace. +// Iterates over all objects in the source namespace labeled as `app.kubernetes.io/component=workspaces-config` +// and syncs them to the target user namespace. +func (r *WorkspacesConfigReconciler) syncWorkspace(ctx context.Context, dstNamespace string) error { checluster, err := deploy.FindCheClusterCRInNamespace(r.client, "") if checluster == nil { + // There is no CheCluster CR, the source namespace is unknown return nil } - syncedConfig, err := r.getSyncConfig(ctx, targetNs) + syncConfig, err := r.getSyncConfig(ctx, dstNamespace) if err != nil { - log.Error(err, "Failed to get workspace sync config", "namespace", targetNs) + logger.Error(err, "Failed to get workspace sync config", "namespace", dstNamespace) return nil } defer func() { - if syncedConfig != nil { - if syncedConfig.GetResourceVersion() == "" { - if err := r.client.Create(ctx, syncedConfig); err != nil { - log.Error(err, "Failed to workspace create sync config", "namespace", targetNs) + // Update sync config in the end of the reconciliation + // despite the result of the reconciliation + if syncConfig != nil { + if syncConfig.GetResourceVersion() == "" { + if err := r.client.Create(ctx, syncConfig); err != nil { + logger.Error(err, "Failed to workspace create sync config", "namespace", dstNamespace) } } else { - if err := r.client.Update(ctx, syncedConfig); err != nil { - log.Error(err, "Failed to update workspace sync config", "namespace", targetNs) + if err := r.client.Update(ctx, syncConfig); err != nil { + logger.Error(err, "Failed to update workspace sync config", "namespace", dstNamespace) } } } }() - if err := r.syncObjects( - &syncContext{ - dstNamespace: targetNs, - srcNamespace: checluster.GetNamespace(), - syncer: newConfigMapSyncer(), - syncConfig: syncedConfig.Data, - ctx: ctx, - }); err != nil { + // Contains keys of objects that are synced with source objects + syncedSrcObjKeys := make(map[string]bool) + + if infrastructure.IsOpenShift() { + if err = r.syncTemplates( + ctx, + checluster.Namespace, + dstNamespace, + syncConfig.Data, + syncedSrcObjKeys, + ); err != nil { + return err + } + } + + if err = r.syncConfigMaps( + ctx, + checluster.Namespace, + dstNamespace, + syncConfig.Data, + syncedSrcObjKeys, + ); err != nil { return err } - if err := r.syncObjects( - &syncContext{ - dstNamespace: targetNs, - srcNamespace: checluster.GetNamespace(), - syncer: newSecretSyncer(), - syncConfig: syncedConfig.Data, - ctx: ctx, - }); err != nil { + if err = r.syncSecretes( + ctx, + checluster.Namespace, + dstNamespace, + syncConfig.Data, + syncedSrcObjKeys, + ); err != nil { return err } - if err := r.syncObjects( - &syncContext{ - dstNamespace: targetNs, - srcNamespace: checluster.GetNamespace(), - syncer: newPvcSyncer(), - syncConfig: syncedConfig.Data, - ctx: ctx, - }); err != nil { + if err = r.syncPVCs( + ctx, + checluster.Namespace, + dstNamespace, + syncConfig.Data, + syncedSrcObjKeys, + ); err != nil { return err } + // Iterates over sync config and deletes obsolete objects, if so. + // It means that object key presents in sync config, but the object is not synced with source object. + for objKey, _ := range syncConfig.Data { + if err := r.deleteIfObjectIsObsolete( + objKey, + ctx, + checluster.Namespace, + dstNamespace, + syncConfig.Data, + syncedSrcObjKeys); err != nil { + + logger.Error(err, "Failed to delete obsolete object", "namespace", dstNamespace, + "kind", gvk2PrintString(item2gkv(getGkvItem(objKey))), + "name", getNameItem(objKey)) + return err + } + } + return nil } -// syncObjects syncs objects from che namespace to target namespace. -func (r *WorkspacesConfigReconciler) syncObjects(syncContext *syncContext) error { - srcObjsList := syncContext.syncer.getObjectList() - if err := r.readSrcObjsList(syncContext.ctx, syncContext.srcNamespace, srcObjsList); err != nil { +// syncConfigMaps syncs all ConfigMaps labeled as `app.kubernetes.io/component=workspaces-config` +// from source namespace to a target user namespace. +func (r *WorkspacesConfigReconciler) syncConfigMaps( + ctx context.Context, + srcNamespace string, + dstNamespace string, + syncConfig map[string]string, + syncedSrcObjKeys map[string]bool) error { + + cmList := &corev1.ConfigMapList{} + opts := &client.ListOptions{ + Namespace: srcNamespace, + LabelSelector: wsConfigComponentSelector, + } + if err := r.client.List(ctx, cmList, opts); err != nil { return err } - srcObjs, err := meta.ExtractList(srcObjsList) - if err != nil { - return err + for _, cm := range cmList.Items { + if err := r.syncObject( + &syncContext{ + dstNamespace: dstNamespace, + srcNamespace: srcNamespace, + wsSyncObject: newCMWorkspaceSyncObject(&cm), + syncConfig: syncConfig, + ctx: ctx, + }); err != nil { + return err + } + + srcObjKey := buildKey(cm.GroupVersionKind(), cm.GetName(), srcNamespace) + syncedSrcObjKeys[srcObjKey] = true } - for _, srcObj := range srcObjs { - newObj := syncContext.syncer.newObjectFrom(srcObj.(client.Object)) - newObj.SetNamespace(syncContext.dstNamespace) + return nil +} + +// syncSecretes syncs all Secrets labeled as `app.kubernetes.io/component=workspaces-config` +// from source namespace to a target user namespace. +func (r *WorkspacesConfigReconciler) syncSecretes( + ctx context.Context, + srcNamespace string, + dstNamespace string, + syncConfig map[string]string, + syncedSrcObjKeys map[string]bool) error { + + secretList := &corev1.SecretList{} + opts := &client.ListOptions{ + Namespace: srcNamespace, + LabelSelector: wsConfigComponentSelector, + } + if err := r.client.List(ctx, secretList, opts); err != nil { + return err + } - if err := r.syncObjectToNamespace(syncContext, srcObj.(client.Object), newObj); err != nil { - log.Error(err, "Failed to sync object", - "namespace", syncContext.dstNamespace, - "kind", gvk2String(syncContext.syncer.gkv()), - "name", newObj.GetName()) + for _, secret := range secretList.Items { + if err := r.syncObject( + &syncContext{ + dstNamespace: dstNamespace, + srcNamespace: srcNamespace, + wsSyncObject: newSecretWorkspaceSyncObject(&secret), + syncConfig: syncConfig, + ctx: ctx, + }); err != nil { return err } + + srcObjKey := buildKey(secret.GroupVersionKind(), secret.GetName(), srcNamespace) + syncedSrcObjKeys[srcObjKey] = true } - actualSyncedSrcObjKeys := make(map[string]bool) - for _, srcObj := range srcObjs { - // compute actual synced objects keys from che namespace - actualSyncedSrcObjKeys[getKey(srcObj.(client.Object))] = true + return nil +} + +// syncPVCs syncs all PVCs labeled as `app.kubernetes.io/component=workspaces-config` +// from source namespace to a target user namespace. +func (r *WorkspacesConfigReconciler) syncPVCs( + ctx context.Context, + srcNamespace string, + dstNamespace string, + syncConfig map[string]string, + syncedSrcObjKeys map[string]bool) error { + + pvcList := &corev1.PersistentVolumeClaimList{} + opts := &client.ListOptions{ + Namespace: srcNamespace, + LabelSelector: wsConfigComponentSelector, + } + if err := r.client.List(ctx, pvcList, opts); err != nil { + return err } - for syncObjKey, _ := range syncContext.syncConfig { - if err := r.deleteObsoleteObjectFromNamespace(syncContext, actualSyncedSrcObjKeys, syncObjKey); err != nil { - log.Error(err, "Failed to delete obsolete object", - "namespace", syncContext.dstNamespace, - "kind", gvk2String(syncContext.syncer.gkv()), - "name", getNameElement(syncObjKey)) + for _, pvc := range pvcList.Items { + if err := r.syncObject( + &syncContext{ + dstNamespace: dstNamespace, + srcNamespace: srcNamespace, + wsSyncObject: newPvcWorkspaceSyncObject(&pvc), + syncConfig: syncConfig, + ctx: ctx, + }); err != nil { return err } + + srcObjKey := buildKey(pvc.GroupVersionKind(), pvc.GetName(), srcNamespace) + syncedSrcObjKeys[srcObjKey] = true } return nil } -// deleteObsoleteObjectFromNamespace deletes objects that are not synced with source objects. -// Returns error if delete failed in a destination namespace. -func (r *WorkspacesConfigReconciler) deleteObsoleteObjectFromNamespace( - syncContext *syncContext, - actualSyncedSrcObjKeys map[string]bool, - syncObjKey string, -) error { - isObjectOfGivenKind := getGVKElement(syncObjKey) == gvk2Element(syncContext.syncer.gkv()) - isObjectFromSrcNamespace := getNamespaceElement(syncObjKey) == syncContext.srcNamespace - isNotSyncedInTargetNs := !actualSyncedSrcObjKeys[syncObjKey] - - if isObjectOfGivenKind && isObjectFromSrcNamespace && isNotSyncedInTargetNs { - blueprint, err := r.scheme.New(syncContext.syncer.gkv()) - if err != nil { - return err +// syncTemplates syncs all objects declared in the template labeled as `app.kubernetes.io/component=workspaces-config` +// from source namespace to a target user namespace. +func (r *WorkspacesConfigReconciler) syncTemplates( + ctx context.Context, + srcNamespace string, + dstNamespace string, + syncConfig map[string]string, + syncedSrcObjKeys map[string]bool) error { + + templates := &templatev1.TemplateList{} + opts := &client.ListOptions{ + Namespace: srcNamespace, + LabelSelector: wsConfigComponentSelector, + } + if err := r.client.List(ctx, templates, opts); err != nil { + return err + } + + nsInfo, err := r.namespaceCache.GetNamespaceInfo(ctx, dstNamespace) + if err != nil { + return nil + } + + for _, template := range templates.Items { + for _, object := range template.Objects { + wsSyncObject, err := newUnstructuredSyncer(object.Raw, nsInfo.Username, dstNamespace) + if err != nil { + return err + } + + if err = r.syncObject( + &syncContext{ + dstNamespace: dstNamespace, + srcNamespace: srcNamespace, + wsSyncObject: wsSyncObject, + syncConfig: syncConfig, + ctx: ctx, + }); err != nil { + return err + } + + srcObjKey := buildKey(wsSyncObject.getSrcObjectGKV(), wsSyncObject.getSrcObject().GetName(), srcNamespace) + syncedSrcObjKeys[srcObjKey] = true } + } - // then delete object from target namespace if it is not synced with source object - if err := deploy.DeleteIgnoreIfNotFound( - syncContext.ctx, - r.client, - types.NamespacedName{ - Name: getNameElement(syncObjKey), - Namespace: syncContext.dstNamespace, + return nil +} + +// syncObject syncs object to a user destination namespace. +// Returns error if sync failed in a destination namespace. +func (r *WorkspacesConfigReconciler) syncObject(syncContext *syncContext) error { + dstObj := syncContext.wsSyncObject.newDstObject() + dstObj.SetNamespace(syncContext.dstNamespace) + // ensure the name is the same as the source object + dstObj.SetName(syncContext.wsSyncObject.getSrcObject().GetName()) + dstObj.SetLabels(utils.MergeMaps( + []map[string]string{ + dstObj.GetLabels(), + { + constants.KubernetesPartOfLabelKey: constants.CheEclipseOrg, + constants.KubernetesComponentLabelKey: constants.WorkspacesConfig, + constants.KubernetesManagedByLabelKey: deploy.GetManagedByLabel(), }, - blueprint.(client.Object)); err != nil { - return err - } + })) - delete(syncContext.syncConfig, syncObjKey) - delete(syncContext.syncConfig, - buildKey( - syncContext.syncer.gkv(), - getNameElement(syncObjKey), - syncContext.dstNamespace), - ) + if err := r.syncObjectIfDiffers(syncContext, dstObj); err != nil { + logger.Error(err, "Failed to sync object", + "namespace", syncContext.dstNamespace, + "kind", gvk2PrintString(syncContext.wsSyncObject.getSrcObjectGKV()), + "name", dstObj.GetName()) + return err } return nil } -// syncObjectToNamespace syncs source object to destination object if they differ. +// syncObjectIfDiffers syncs object to a user destination namespace if it differs from the source object. // Returns error if sync failed in a destination namespace. -func (r *WorkspacesConfigReconciler) syncObjectToNamespace( +func (r *WorkspacesConfigReconciler) syncObjectIfDiffers( syncContext *syncContext, - srcObj client.Object, - newObj client.Object) error { + dstObj client.Object) error { - existedDstObj, err := r.scheme.New(syncContext.syncer.gkv()) + existedDstObj, err := r.scheme.New(syncContext.wsSyncObject.getSrcObjectGKV()) if err != nil { return err } + existedDstObjKey := types.NamespacedName{ + Name: dstObj.GetName(), + Namespace: dstObj.GetNamespace(), + } - err = r.client.Get( - syncContext.ctx, - types.NamespacedName{ - Name: newObj.GetName(), - Namespace: newObj.GetNamespace()}, - existedDstObj.(client.Object)) + err = r.client.Get(syncContext.ctx, existedDstObjKey, existedDstObj.(client.Object)) if err == nil { - // destination object exists, update it if it differs from source object - srcHasBeenChanged := syncContext.syncConfig[getKey(srcObj)] != srcObj.GetResourceVersion() - dstHasBeenChanged := syncContext.syncConfig[getKey(existedDstObj.(client.Object))] != existedDstObj.(client.Object).GetResourceVersion() + srcObj := syncContext.wsSyncObject.getSrcObject() + + srcObjKey := buildKey(syncContext.wsSyncObject.getSrcObjectGKV(), srcObj.GetName(), syncContext.srcNamespace) + dstObjKey := buildKey(syncContext.wsSyncObject.getSrcObjectGKV(), dstObj.GetName(), syncContext.dstNamespace) + + srcHasBeenChanged := syncContext.syncConfig[srcObjKey] != syncContext.wsSyncObject.getSrcObjectVersion() + dstHasBeenChanged := syncContext.syncConfig[dstObjKey] != existedDstObj.(client.Object).GetResourceVersion() if srcHasBeenChanged || dstHasBeenChanged { - return r.doSyncObjectToNamespace(syncContext, srcObj, newObj, existedDstObj.(client.Object)) + // destination object exists, and it differs from the source object, + // so it will be updated + if syncContext.wsSyncObject.hasROSpec() { + // Skip updating objects with readonly spec. + // Admin has to re-create them to update just update resource versions + logger.Info("Object skipped since has readonly spec, re-create it to update", + "namespace", dstObj.GetNamespace(), + "kind", gvk2PrintString(syncContext.wsSyncObject.getSrcObjectGKV()), + "name", dstObj.GetName()) + + r.doUpdateSyncConfig(syncContext, existedDstObj.(client.Object)) + return nil + } else { + if isDiff(dstObj, existedDstObj.(client.Object)) { + return r.doUpdateObject(syncContext, dstObj, existedDstObj.(client.Object)) + } else { + // nothing to update objects are equal just update resource versions + r.doUpdateSyncConfig(syncContext, existedDstObj.(client.Object)) + return nil + } + } } } else if errors.IsNotFound(err) { // destination object does not exist, so it will be created - return r.doSyncObjectToNamespace(syncContext, srcObj, newObj, nil) + return r.doCreateObject(syncContext, dstObj) } else { return err } @@ -335,179 +518,232 @@ func (r *WorkspacesConfigReconciler) syncObjectToNamespace( return nil } -// doSyncObjectToNamespace syncs source object to destination object by updating or creating it. -// Returns error if sync failed in a destination namespace. -func (r *WorkspacesConfigReconciler) doSyncObjectToNamespace( +// doCreateObject creates object in a user destination namespace. +func (r *WorkspacesConfigReconciler) doCreateObject( syncContext *syncContext, - srcObj client.Object, - newObj client.Object, - existedObj client.Object) error { + dstObj client.Object) error { + + if err := r.client.Create(syncContext.ctx, dstObj); err != nil { + return err + } + + logger.Info("Object created", "namespace", dstObj.GetNamespace(), + "kind", gvk2PrintString(syncContext.wsSyncObject.getSrcObjectGKV()), + "name", dstObj.GetName()) + + r.doUpdateSyncConfig(syncContext, dstObj) + return nil +} - if existedObj == nil { - if err := r.client.Create(syncContext.ctx, newObj); err != nil { +// doUpdateObject updates object in a user destination namespace. +func (r *WorkspacesConfigReconciler) doUpdateObject( + syncContext *syncContext, + dstObj client.Object, + existedDstObj client.Object) error { + + // preserve labels and annotations from existed object + dstObj.SetLabels(utils.MergeMaps( + []map[string]string{ + existedDstObj.GetLabels(), + dstObj.GetLabels(), + }, + )) + dstObj.SetAnnotations(utils.MergeMaps( + []map[string]string{ + existedDstObj.GetAnnotations(), + dstObj.GetAnnotations(), + }, + )) + + // set the current resource version to update object + dstObj.SetResourceVersion(existedDstObj.GetResourceVersion()) + + if err := r.client.Update(syncContext.ctx, dstObj); err != nil { + return err + } + + logger.Info("Object updated", "namespace", dstObj.GetNamespace(), + "kind", gvk2PrintString(syncContext.wsSyncObject.getSrcObjectGKV()), + "name", dstObj.GetName()) + + r.doUpdateSyncConfig(syncContext, dstObj) + return nil +} + +// doUpdateSyncConfig updates sync config with resource versions of synced objects. +func (r *WorkspacesConfigReconciler) doUpdateSyncConfig(syncContext *syncContext, dstObj client.Object) { + srcObj := syncContext.wsSyncObject.getSrcObject() + + srcObjKey := buildKey(syncContext.wsSyncObject.getSrcObjectGKV(), srcObj.GetName(), syncContext.srcNamespace) + dstObjKey := buildKey(syncContext.wsSyncObject.getSrcObjectGKV(), dstObj.GetName(), syncContext.dstNamespace) + + syncContext.syncConfig[srcObjKey] = syncContext.wsSyncObject.getSrcObjectVersion() + syncContext.syncConfig[dstObjKey] = dstObj.GetResourceVersion() +} + +// deleteIfObjectIsObsolete deletes obsolete objects. +// Returns error if delete failed in a destination namespace. +func (r *WorkspacesConfigReconciler) deleteIfObjectIsObsolete( + objKey string, + ctx context.Context, + srcNamespace string, + dstNamespace string, + syncConfig map[string]string, + syncedSrcObjKeys map[string]bool) error { + + isSrcObject := getNamespaceItem(objKey) == srcNamespace + isNotSyncedInDstNamespace := !syncedSrcObjKeys[objKey] + + if isSrcObject && isNotSyncedInDstNamespace { + objName := getNameItem(objKey) + gkv := item2gkv(getGkvItem(objKey)) + + blueprint, err := r.scheme.New(gkv) + if err != nil { return err } - syncContext.syncConfig[getKey(srcObj)] = srcObj.GetResourceVersion() - syncContext.syncConfig[buildKey( - syncContext.syncer.gkv(), - newObj.GetName(), - newObj.GetNamespace())] = newObj.GetResourceVersion() + // delete object from destination namespace + if err := deploy.DeleteIgnoreIfNotFound( + ctx, + r.client, + types.NamespacedName{ + Name: objName, + Namespace: dstNamespace, + }, + blueprint.(client.Object)); err != nil { + return err + } - log.Info("Object created", - "namespace", newObj.GetNamespace(), - "kind", gvk2String(syncContext.syncer.gkv()), - "name", newObj.GetName()) - return nil - } else { - if syncContext.syncer.hasReadOnlySpec() { - // skip updating objects with readonly spec - // admin has to re-create them to update - // just update resource versions - syncContext.syncConfig[getKey(srcObj)] = srcObj.GetResourceVersion() - syncContext.syncConfig[getKey(existedObj)] = existedObj.GetResourceVersion() - - log.Info("Object skipped since has readonly spec, re-create it to update", - "namespace", newObj.GetNamespace(), - "kind", gvk2String(syncContext.syncer.gkv()), - "name", newObj.GetName()) - return nil - } else { - if syncContext.syncer.isExistedObjChanged(newObj, existedObj) { - // preserve labels and annotations from existed object - newObj.SetLabels(preserveExistedMapValues(newObj.GetLabels(), existedObj.GetLabels())) - newObj.SetAnnotations(preserveExistedMapValues(newObj.GetAnnotations(), existedObj.GetAnnotations())) - - // set the correct resource version to update object - newObj.SetResourceVersion(existedObj.GetResourceVersion()) - if err := r.client.Update(syncContext.ctx, newObj); err != nil { - return err - } + dstObjKey := buildKey(gkv, objName, dstNamespace) + delete(syncConfig, objKey) + delete(syncConfig, dstObjKey) + } - syncContext.syncConfig[getKey(srcObj)] = srcObj.GetResourceVersion() - syncContext.syncConfig[getKey(existedObj)] = newObj.GetResourceVersion() + return nil +} - log.Info("Object updated", - "namespace", newObj.GetNamespace(), - "kind", gvk2String(syncContext.syncer.gkv()), - "name", newObj.GetName()) - return nil - } else { - // nothing to update objects are equal - // just update resource versions - syncContext.syncConfig[getKey(srcObj)] = srcObj.GetResourceVersion() - syncContext.syncConfig[getKey(existedObj)] = existedObj.GetResourceVersion() - return nil +// isDiff checks if the given objects are different. +// The rules are following: +// - if labels of the source object are absent in the destination object, +// then the objects considered different +// - if annotations of the source object are absent in the destination object, +// then the objects considered different +// - if the rest fields of the objects are different, +// then the objects considered different +func isDiff(src client.Object, dst client.Object) bool { + if src.GetLabels() != nil { + for key, value := range src.GetLabels() { + if dst.GetLabels()[key] != value { + return true } } } + + if src.GetAnnotations() != nil { + for key, value := range src.GetAnnotations() { + if dst.GetAnnotations()[key] != value { + return true + } + } + } + + return cmp.Diff( + src, + dst, + cmp.Options{ + cmpopts.IgnoreTypes(metav1.ObjectMeta{}), + cmpopts.IgnoreTypes(metav1.TypeMeta{}), + }) != "" } // getSyncConfig returns ConfigMap with synced objects resource versions. // Returns error if ConfigMap failed to be retrieved. -func (r *WorkspacesConfigReconciler) getSyncConfig(ctx context.Context, targetNs string) (*corev1.ConfigMap, error) { - syncedConfig := &corev1.ConfigMap{} - err := r.client.Get( - ctx, - types.NamespacedName{ - Name: syncedWorkspacesConfig, - Namespace: targetNs, - }, - syncedConfig) +func (r *WorkspacesConfigReconciler) getSyncConfig(ctx context.Context, namespace string) (*corev1.ConfigMap, error) { + syncCM := &corev1.ConfigMap{} + syncCMKey := types.NamespacedName{ + Name: syncedWorkspacesConfig, + Namespace: namespace, + } + err := r.client.Get(ctx, syncCMKey, syncCM) if err != nil { if errors.IsNotFound(err) { - syncedConfig = &corev1.ConfigMap{ + syncCM = &corev1.ConfigMap{ TypeMeta: metav1.TypeMeta{ Kind: "ConfigMap", APIVersion: "v1", }, ObjectMeta: metav1.ObjectMeta{ Name: syncedWorkspacesConfig, - Namespace: targetNs, - Labels: workspacesConfigLabels, + Namespace: namespace, + Labels: utils.MergeMaps([]map[string]string{ + wsConfigComponentLabels, + {constants.KubernetesManagedByLabelKey: deploy.GetManagedByLabel()}}), }, Data: map[string]string{}, } } else { return nil, err } - } else if syncedConfig.Data == nil { - syncedConfig.Data = map[string]string{} + } else if syncCM.Data == nil { + syncCM.Data = map[string]string{} } - return syncedConfig, nil -} - -func (r *WorkspacesConfigReconciler) readSrcObjsList(ctx context.Context, srcNamespace string, objList client.ObjectList) error { - return r.client.List( - ctx, - objList, - &client.ListOptions{ - Namespace: srcNamespace, - LabelSelector: workspacesConfigSelector, - }) -} - -func getKey(object client.Object) string { - return buildKey(object.GetObjectKind().GroupVersionKind(), object.GetName(), object.GetNamespace()) + return syncCM, nil } +// buildKey returns a key for ConfigMap. +// The key is built from items of GroupVersionKind, name and namespace. func buildKey(gvk schema.GroupVersionKind, name string, namespace string) string { - return fmt.Sprintf("%s.%s.%s", gvk2Element(gvk), name, namespace) + return fmt.Sprintf("%s.%s.%s", gvk2Item(gvk), name, namespace) } -func gvk2Element(gvk schema.GroupVersionKind) string { - if gvk.Group == "" { - return fmt.Sprintf("%s_%s", gvk.Version, gvk.Kind) - } - return fmt.Sprintf("%s_%s_%s", gvk.Group, gvk.Version, gvk.Kind) -} - -func gvk2String(gkv schema.GroupVersionKind) string { - return fmt.Sprintf("%s.%s", gkv.Version, gkv.Kind) -} - -func getGVKElement(key string) string { +func getGkvItem(key string) string { splits := strings.Split(key, ".") return splits[0] } -func getNameElement(key string) string { +func getNameItem(key string) string { splits := strings.Split(key, ".") return splits[1] } -func getNamespaceElement(key string) string { +func getNamespaceItem(key string) string { splits := strings.Split(key, ".") return splits[2] } -func isLabeledAsWorkspacesConfig(obj metav1.Object) bool { - return obj.GetLabels()[constants.KubernetesComponentLabelKey] == constants.WorkspacesConfig && - obj.GetLabels()[constants.KubernetesPartOfLabelKey] == constants.CheEclipseOrg +// gvk2Item returns a key item for GroupVersionKind. +func gvk2Item(gvk schema.GroupVersionKind) string { + if gvk.Group == "" { + return fmt.Sprintf("%s_%s", gvk.Version, gvk.Kind) + } + return fmt.Sprintf("%s_%s_%s", gvk.Group, gvk.Version, gvk.Kind) } -func mergeWorkspaceConfigObjectLabels(srcLabels map[string]string, additionalLabels map[string]string) map[string]string { - newLabels := utils.CloneMap(srcLabels) - for key, value := range additionalLabels { - newLabels[key] = value +func item2gkv(item string) schema.GroupVersionKind { + splits := strings.Split(item, "_") + if len(splits) == 3 { + return schema.GroupVersionKind{ + Group: splits[0], + Version: splits[1], + Kind: splits[2], + } } - // default labels - for key, value := range deploy.GetLabels(constants.WorkspacesConfig) { - newLabels[key] = value + return schema.GroupVersionKind{ + Version: splits[0], + Kind: splits[1], } +} - return newLabels +// gvk2PrintString returns a string representation of GroupVersionKind. +func gvk2PrintString(gkv schema.GroupVersionKind) string { + return fmt.Sprintf("%s.%s", gkv.Version, gkv.Kind) } -func preserveExistedMapValues(newObjMap map[string]string, existedObjMap map[string]string) map[string]string { - preservedMap := utils.CloneMap(newObjMap) - for key, value := range existedObjMap { - if _, ok := preservedMap[key]; !ok { - preservedMap[key] = value - } - } - return preservedMap +func hasWSConfigComponentLabels(obj metav1.Object) bool { + return obj.GetLabels()[constants.KubernetesComponentLabelKey] == constants.WorkspacesConfig && + obj.GetLabels()[constants.KubernetesPartOfLabelKey] == constants.CheEclipseOrg } diff --git a/controllers/usernamespace/workspaces_config_controller_test.go b/controllers/usernamespace/workspaces_config_controller_test.go new file mode 100644 index 0000000000..b65c1d90a0 --- /dev/null +++ b/controllers/usernamespace/workspaces_config_controller_test.go @@ -0,0 +1,143 @@ +// +// Copyright (c) 2019-2024 Red Hat, Inc. +// This program and the accompanying materials are made +// available under the terms of the Eclipse Public License 2.0 +// which is available at https://www.eclipse.org/legal/epl-2.0/ +// +// SPDX-License-Identifier: EPL-2.0 +// +// Contributors: +// Red Hat, Inc. - initial API and implementation +// + +package usernamespace + +import ( + "context" + "github.com/eclipse-che/che-operator/pkg/common/constants" + "github.com/eclipse-che/che-operator/pkg/common/test" + "github.com/eclipse-che/che-operator/pkg/deploy" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/types" + "testing" + + "github.com/stretchr/testify/assert" + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +func TestDeleteIfObjectIsObsolete(t *testing.T) { + ctx := test.GetDeployContext(nil, []runtime.Object{ + &corev1.ConfigMap{ + TypeMeta: metav1.TypeMeta{ + Kind: "ConfigMap", + APIVersion: "v1", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "test_1", + Namespace: "user-che", + }, + }, + }) + + workspaceConfigReconciler := NewWorkspacesConfigReconciler( + ctx.ClusterAPI.Client, + ctx.ClusterAPI.Scheme, + NewNamespaceCache(ctx.ClusterAPI.NonCachingClient)) + + test1CMInUserNS := buildKey(v1ConfigMapGKV, "test_1", "user-che") + test2CMInUserNS := buildKey(v1ConfigMapGKV, "test_2", "user-che") + test1CMInCheNS := buildKey(v1ConfigMapGKV, "test_1", "eclipse-che") + test2CMInCheNS := buildKey(v1ConfigMapGKV, "test_2", "eclipse-che") + + syncConfig := map[string]string{ + test1CMInUserNS: "1", + test1CMInCheNS: "1", + test2CMInUserNS: "1", + test2CMInCheNS: "1", + } + + exists, err := deploy.Get(ctx, types.NamespacedName{Namespace: "user-che", Name: "test_1"}, &corev1.ConfigMap{}) + assert.NoError(t, err) + assert.True(t, exists) + + // Should delete, since the object from source namespace is obsolete + err = workspaceConfigReconciler.deleteIfObjectIsObsolete( + test1CMInCheNS, + context.TODO(), + "eclipse-che", + "user-che", + syncConfig, + map[string]bool{}, + ) + assert.NoError(t, err) + assert.Equal(t, 2, len(syncConfig)) + assert.Contains(t, syncConfig, test2CMInUserNS) + assert.Contains(t, syncConfig, test2CMInCheNS) + + exists, err = deploy.Get(ctx, types.NamespacedName{Namespace: "user-che", Name: "test_1"}, &corev1.ConfigMap{}) + assert.NoError(t, err) + assert.False(t, exists) + + // Should NOT delete, since the object from a user destination namespace + err = workspaceConfigReconciler.deleteIfObjectIsObsolete( + test2CMInUserNS, + context.TODO(), + "eclipse-che", + "user-che", + syncConfig, + map[string]bool{}, + ) + assert.NoError(t, err) + assert.Equal(t, 2, len(syncConfig)) + assert.Contains(t, syncConfig, test2CMInUserNS) + assert.Contains(t, syncConfig, test2CMInCheNS) +} + +func TestGetEmptySyncConfig(t *testing.T) { + ctx := test.GetDeployContext(nil, []runtime.Object{}) + + workspaceConfigReconciler := NewWorkspacesConfigReconciler( + ctx.ClusterAPI.Client, + ctx.ClusterAPI.Scheme, + NewNamespaceCache(ctx.ClusterAPI.NonCachingClient)) + + cm, err := workspaceConfigReconciler.getSyncConfig(context.TODO(), "eclipse-che") + assert.NoError(t, err) + assert.NotNil(t, cm) + assert.Empty(t, cm.Data) + assert.Equal(t, constants.CheEclipseOrg, cm.Labels[constants.KubernetesPartOfLabelKey]) + assert.Equal(t, constants.WorkspacesConfig, cm.Labels[constants.KubernetesComponentLabelKey]) + assert.Equal(t, deploy.GetManagedByLabel(), cm.Labels[constants.KubernetesManagedByLabelKey]) +} + +func TestIsDiff(t *testing.T) { + src := &corev1.ConfigMap{ + TypeMeta: metav1.TypeMeta{ + Kind: "ConfigMap", + APIVersion: "v1", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "test", + Namespace: "eclipse-che", + Labels: map[string]string{}, + Annotations: map[string]string{}, + }, + } + + dst := &corev1.ConfigMap{ + TypeMeta: metav1.TypeMeta{ + Kind: "ConfigMap", + APIVersion: "v1", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "test", + Namespace: "eclipse-che", + Labels: map[string]string{"a": "b"}, + Annotations: map[string]string{"c": "d"}, + }, + } + + changed := isDiff(src, dst) + assert.False(t, changed) +} diff --git a/deploy/deployment/kubernetes/combined.yaml b/deploy/deployment/kubernetes/combined.yaml index 791453fc0b..e9195c58ad 100644 --- a/deploy/deployment/kubernetes/combined.yaml +++ b/deploy/deployment/kubernetes/combined.yaml @@ -8997,7 +8997,33 @@ rules: resources: - limitranges verbs: + - create + - delete + - get + - update + - patch + - watch - list +- apiGroups: + - "" + resources: + - resourcequotas + verbs: + - create + - delete + - get + - update + - patch + - watch + - list +- apiGroups: + - template.openshift.io + resources: + - templates + verbs: + - get + - list + - watch - apiGroups: - monitoring.coreos.com resources: diff --git a/deploy/deployment/kubernetes/objects/che-operator.ClusterRole.yaml b/deploy/deployment/kubernetes/objects/che-operator.ClusterRole.yaml index 8d0fea5489..ca69f645e7 100644 --- a/deploy/deployment/kubernetes/objects/che-operator.ClusterRole.yaml +++ b/deploy/deployment/kubernetes/objects/che-operator.ClusterRole.yaml @@ -339,7 +339,33 @@ rules: resources: - limitranges verbs: + - create + - delete + - get + - update + - patch + - watch - list +- apiGroups: + - "" + resources: + - resourcequotas + verbs: + - create + - delete + - get + - update + - patch + - watch + - list +- apiGroups: + - template.openshift.io + resources: + - templates + verbs: + - get + - list + - watch - apiGroups: - monitoring.coreos.com resources: diff --git a/deploy/deployment/openshift/combined.yaml b/deploy/deployment/openshift/combined.yaml index 18c97319cc..4da7b3a67d 100644 --- a/deploy/deployment/openshift/combined.yaml +++ b/deploy/deployment/openshift/combined.yaml @@ -8997,7 +8997,33 @@ rules: resources: - limitranges verbs: + - create + - delete + - get + - update + - patch + - watch - list +- apiGroups: + - "" + resources: + - resourcequotas + verbs: + - create + - delete + - get + - update + - patch + - watch + - list +- apiGroups: + - template.openshift.io + resources: + - templates + verbs: + - get + - list + - watch - apiGroups: - monitoring.coreos.com resources: diff --git a/deploy/deployment/openshift/objects/che-operator.ClusterRole.yaml b/deploy/deployment/openshift/objects/che-operator.ClusterRole.yaml index 8d0fea5489..ca69f645e7 100644 --- a/deploy/deployment/openshift/objects/che-operator.ClusterRole.yaml +++ b/deploy/deployment/openshift/objects/che-operator.ClusterRole.yaml @@ -339,7 +339,33 @@ rules: resources: - limitranges verbs: + - create + - delete + - get + - update + - patch + - watch - list +- apiGroups: + - "" + resources: + - resourcequotas + verbs: + - create + - delete + - get + - update + - patch + - watch + - list +- apiGroups: + - template.openshift.io + resources: + - templates + verbs: + - get + - list + - watch - apiGroups: - monitoring.coreos.com resources: diff --git a/go.mod b/go.mod index 0d84a96ccc..f0b4064034 100644 --- a/go.mod +++ b/go.mod @@ -8,7 +8,7 @@ require ( github.com/devfile/devworkspace-operator v0.31.0 github.com/go-logr/logr v1.2.4 github.com/google/go-cmp v0.6.0 - github.com/openshift/api v0.0.0-20200331152225-585af27e34fd + github.com/openshift/api v0.0.0-20230120182048-88b476f987ed github.com/operator-framework/api v0.10.0 github.com/operator-framework/operator-lifecycle-manager v0.18.1 github.com/sirupsen/logrus v1.8.1 @@ -366,7 +366,7 @@ replace ( github.com/opencontainers/image-spec => github.com/opencontainers/image-spec v1.0.2-0.20190823105129-775207bd45b6 github.com/opencontainers/runc => github.com/opencontainers/runc v1.0.0-rc2.0.20190611121236-6cc515888830 github.com/opencontainers/runtime-spec => github.com/opencontainers/runtime-spec v1.0.0 - github.com/openshift/api => github.com/openshift/api v0.0.0-20190924102528-32369d4db2ad + github.com/openshift/api => github.com/openshift/api v0.0.0-20230120182048-88b476f987ed github.com/openshift/client-go => github.com/openshift/client-go v0.0.0-20200326155132-2a6cd50aedd0 github.com/opentracing/opentracing-go => github.com/opentracing/opentracing-go v1.1.0 github.com/operator-framework/operator-registry => github.com/operator-framework/operator-registry v1.13.6 diff --git a/go.sum b/go.sum index fbb34e8057..1053278ef1 100644 --- a/go.sum +++ b/go.sum @@ -650,6 +650,7 @@ github.com/antihax/optional v0.0.0-20180407024304-ca021399b1a6/go.mod h1:V8iCPQY github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o= github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY= github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= +github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= github.com/aws/aws-sdk-go v0.0.0-20210122191723-2c7b39c8f2e2/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro= github.com/benbjohnson/clock v1.1.0 h1:Q92kusRqC1XV2MjkWETPvjJVqKetz1OzxZB7mHJLju8= @@ -737,6 +738,7 @@ github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25Kn github.com/edsrzf/mmap-go v0.0.0-20181215214921-188cc3b666ba/go.mod h1:YO35OhQPt3KJa3ryjFM5Bs14WD66h8eGKpfaBNrHW5M= github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= github.com/emicklei/go-restful v0.0.0-20200129102538-a2fa14558f9a/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= +github.com/emicklei/go-restful/v3 v3.8.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= github.com/emicklei/go-restful/v3 v3.9.0 h1:XwGDlfxEnQZzuopoqxwSEllNcCOM9DhhFyhFIIGKwxE= github.com/emicklei/go-restful/v3 v3.9.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= github.com/envoyproxy/go-control-plane v0.0.0-20200213201256-ba8e577f987f/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= @@ -768,6 +770,7 @@ github.com/go-logr/logr v0.3.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTg github.com/go-logr/logr v0.4.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU= github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= +github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ= github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/zapr v0.1.0/go.mod h1:tabnROwaDl0UNxkVeFRbY8bwB37GwRv0P8lg6aAiEnk= @@ -792,6 +795,7 @@ github.com/go-openapi/validate v0.19.2/go.mod h1:1tRCw7m3jtI8eNWEEliiAqUIcBztB2K github.com/go-playground/universal-translator v0.16.0/go.mod h1:1AnU7NaIRDWWzGEKwgtJRd2xk99HeFyHw3yid4rvQIY= github.com/go-sql-driver/mysql v1.4.1/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= +github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE= github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI= github.com/gobuffalo/flect v0.1.0/go.mod h1:d2ehjJqGOH/Kjqcoz+F7jHTBbmDb38yXA598Hb50EGs= github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8= @@ -898,6 +902,7 @@ github.com/jmespath/go-jmespath v0.3.0/go.mod h1:9QtRXoHjLGCJ5IBSaohpXITPlowMeeY github.com/jmoiron/sqlx v1.2.0/go.mod h1:1FEQNm3xlJgrMD+FBdI9+xvCksHtbpVBBw5dYhBSsks= github.com/joefitzgerald/rainbow-reporter v0.1.0/go.mod h1:481CNgqmVHQZzdIbN52CupLJyoVwB10FQ/IQlF1pdL8= github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo= +github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4= github.com/json-iterator/go v0.0.0-20200608025830-a1ca0830781e h1:WF9fQ5iQufxf34QPLSMWdShF5rABCC9tJ0sFAO4MrT0= github.com/json-iterator/go v0.0.0-20200608025830-a1ca0830781e/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= @@ -967,6 +972,8 @@ github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLA github.com/olekukonko/tablewriter v0.0.2/go.mod h1:rSAaSIOAGT9odnlyGlUfAJaoc5w2fSBUmeGDbRWPxyQ= github.com/onsi/ginkgo v1.11.0 h1:JAKSXpt1YjtLA7YpPiqO9ss6sNXEsPfSGdwN0UHqzrw= github.com/onsi/ginkgo v1.11.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= +github.com/onsi/ginkgo/v2 v2.1.4/go.mod h1:um6tUpWM/cxCK3/FK8BXqEiUMUwRgSM4JXG47RKZmLU= +github.com/onsi/ginkgo/v2 v2.4.0/go.mod h1:iHkDK1fKGcBoEHT5W7YBq4RFWaQulw+caOMkAt4OrFo= github.com/onsi/ginkgo/v2 v2.11.0 h1:WgqUCUt/lT6yXoQ8Wef0fsNn5cAuMK7+KT9UFRz2tcU= github.com/onsi/gomega v1.7.0 h1:XPnZz8VVBHjVsy1vzJmRwIcSwiUO+JFfrv/xGiigmME= github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= @@ -977,8 +984,8 @@ github.com/opencontainers/image-spec v1.0.2-0.20190823105129-775207bd45b6/go.mod github.com/opencontainers/runc v1.0.0-rc2.0.20190611121236-6cc515888830 h1:yvQ/2Pupw60ON8TYEIGGTAI77yZsWYkiOeHFZWkwlCk= github.com/opencontainers/runc v1.0.0-rc2.0.20190611121236-6cc515888830/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U= github.com/opencontainers/runtime-spec v1.0.0/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= -github.com/openshift/api v0.0.0-20190924102528-32369d4db2ad h1:MiZEukiPd7ll8BQDwBfc3LKBxbqyeXIx+wl4CzVj5EQ= -github.com/openshift/api v0.0.0-20190924102528-32369d4db2ad/go.mod h1:dh9o4Fs58gpFXGSYfnVxGR9PnV53I8TW84pQaJDdGiY= +github.com/openshift/api v0.0.0-20230120182048-88b476f987ed h1:G0GVW25yJYBOwVisC3K06d2TZDZtJOYWL8nyJPkD9Fg= +github.com/openshift/api v0.0.0-20230120182048-88b476f987ed/go.mod h1:ctXNyWanKEjGj8sss1KjjHQ3ENKFm33FFnS5BKaIPh4= github.com/openshift/client-go v0.0.0-20200326155132-2a6cd50aedd0/go.mod h1:uUQ4LClRO+fg5MF/P6QxjMCb1C9f7Oh4RKepftDnEJE= github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= github.com/operator-framework/api v0.3.7-0.20200602203552-431198de9fc2/go.mod h1:Xbje9x0SHmh0nihE21kpesB38vk3cyxnE6JdDS8Jo1Q= @@ -1095,7 +1102,9 @@ golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzB golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3/go.mod h1:3p9vT2HGsQu2K1YbXdKPJLVgG5VJdoTa1poYQBtP1AY= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= +golang.org/x/mod v0.6.0/go.mod h1:4mET923SAdbXp2ki8ey+zGs1SLqsuM2Y0uvdZR/fUNI= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.12.0 h1:rmsUpXtvNzj340zd98LZ4KntptpfRHwpFOHG188oHXc= golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= @@ -1138,6 +1147,8 @@ golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug golang.org/x/net v0.0.0-20220909164309-bea034e7d591/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk= golang.org/x/net v0.0.0-20221012135044-0b7e1fb9d458/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk= golang.org/x/net v0.0.0-20221014081412-f15817d10f9b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk= +golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= +golang.org/x/net v0.3.1-0.20221206200815-1e63c2f08a10/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= @@ -1213,10 +1224,13 @@ golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211019181941-9d821ace8654/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220319134239-a9b59b0215f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220624220833-87e55d714810/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -1228,6 +1242,8 @@ golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXR golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= +golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= +golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= golang.org/x/term v0.7.0/go.mod h1:P32HKFT3hSsZrRxla30E9HqToFYAQPCMs/zFMBUFqPY= @@ -1294,7 +1310,9 @@ golang.org/x/tools v0.0.0-20200609164405-eb789aa7ce50/go.mod h1:EkVYQZoAsY45+roY golang.org/x/tools v0.0.0-20200612220849-54c614fe050c/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= +golang.org/x/tools v0.1.10/go.mod h1:Uh6Zz+xoGYZom868N8YTex3t7RhtHDBrE8Gzo9bV56E= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= +golang.org/x/tools v0.2.0/go.mod h1:y4OqIKeOV/fWJetJ8bXPU1sEVniLMIyDAZWeHdV+NTA= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= golang.org/x/tools v0.13.0 h1:Iey4qkscZuv0VvIt8E0neZjtPVQFSc870HQ448QgEmQ= golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58= @@ -1504,6 +1522,8 @@ k8s.io/utils v0.0.0-20201110183641-67b214c5f920/go.mod h1:jPW/WVKK9YHAvNhRxK0md/ k8s.io/utils v0.0.0-20210111153108-fddb29f9d009/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= k8s.io/utils v0.0.0-20210527160623-6fdb442a123b/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= k8s.io/utils v0.0.0-20210722164352-7f3ee0f31471/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= +k8s.io/utils v0.0.0-20210802155522-efc7438f0176/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= +k8s.io/utils v0.0.0-20221107191617-1a15be271d1d/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= k8s.io/utils v0.0.0-20221128185143-99ec85e7a448 h1:KTgPnR10d5zhztWptI952TNtt/4u5h3IzDXkdIMuo2Y= k8s.io/utils v0.0.0-20221128185143-99ec85e7a448/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= modernc.org/b v1.0.0/go.mod h1:uZWcZfRj1BpYzfN9JTerzlNUnnPsV9O2ZA8JsRcubNg= diff --git a/helmcharts/next/templates/che-operator.ClusterRole.yaml b/helmcharts/next/templates/che-operator.ClusterRole.yaml index 8d0fea5489..ca69f645e7 100644 --- a/helmcharts/next/templates/che-operator.ClusterRole.yaml +++ b/helmcharts/next/templates/che-operator.ClusterRole.yaml @@ -339,7 +339,33 @@ rules: resources: - limitranges verbs: + - create + - delete + - get + - update + - patch + - watch - list +- apiGroups: + - "" + resources: + - resourcequotas + verbs: + - create + - delete + - get + - update + - patch + - watch + - list +- apiGroups: + - template.openshift.io + resources: + - templates + verbs: + - get + - list + - watch - apiGroups: - monitoring.coreos.com resources: diff --git a/main.go b/main.go index 3c8d03afd1..0e0a38fc5e 100644 --- a/main.go +++ b/main.go @@ -57,6 +57,7 @@ import ( configv1 "github.com/openshift/api/config/v1" consolev1 "github.com/openshift/api/console/v1" oauthv1 "github.com/openshift/api/oauth/v1" + templatev1 "github.com/openshift/api/template/v1" checontroller "github.com/eclipse-che/che-operator/controllers/che" "github.com/eclipse-che/che-operator/pkg/common/utils" @@ -81,7 +82,6 @@ import ( chev1 "github.com/eclipse-che/che-operator/api/v1" chev2 "github.com/eclipse-che/che-operator/api/v2" - //+kubebuilder:scaffold:imports ) var ( @@ -137,16 +137,17 @@ func init() { utilruntime.Must(packagesv1.AddToScheme(scheme)) utilruntime.Must(operatorsv1alpha1.AddToScheme(scheme)) utilruntime.Must(operatorsv1.AddToScheme(scheme)) + utilruntime.Must(corev1.AddToScheme(scheme)) if infrastructure.IsOpenShift() { utilruntime.Must(routev1.AddToScheme(scheme)) utilruntime.Must(oauthv1.AddToScheme(scheme)) utilruntime.Must(userv1.AddToScheme(scheme)) utilruntime.Must(configv1.AddToScheme(scheme)) - utilruntime.Must(corev1.AddToScheme(scheme)) utilruntime.Must(consolev1.AddToScheme(scheme)) utilruntime.Must(projectv1.AddToScheme(scheme)) utilruntime.Must(securityv1.Install(scheme)) + utilruntime.Must(templatev1.Install(scheme)) } } @@ -289,7 +290,7 @@ func main() { os.Exit(1) } - workspacesConfigReconciler := usernamespace.NewWorkspacesConfigReconciler(mgr.GetClient(), nonCachingClient, mgr.GetScheme(), namespacechace) + workspacesConfigReconciler := usernamespace.NewWorkspacesConfigReconciler(mgr.GetClient(), mgr.GetScheme(), namespacechace) if err = workspacesConfigReconciler.SetupWithManager(mgr); err != nil { setupLog.Error(err, "unable to set up controller", "controller", "WorkspacesConfigReconciler") os.Exit(1) @@ -346,8 +347,6 @@ func getCacheFunc() (cache.NewCacheFunc, error) { logrus.Infof("Limit cache by selector: %s", partOfCheObjectSelector.String()) - routeKey := &routev1.Route{} - oauthKey := &oauthv1.OAuthClient{} selectors := cache.SelectorsByObject{ &appsv1.Deployment{}: { Label: partOfCheObjectSelector, @@ -364,9 +363,6 @@ func getCacheFunc() (cache.NewCacheFunc, error) { &networkingv1.Ingress{}: { Label: partOfCheObjectSelector, }, - routeKey: { - Label: partOfCheObjectSelector, - }, &corev1.ConfigMap{}: { Label: partOfCheObjectSelector, }, @@ -391,14 +387,18 @@ func getCacheFunc() (cache.NewCacheFunc, error) { &corev1.PersistentVolumeClaim{}: { Label: partOfCheObjectSelector, }, - oauthKey: { + &corev1.LimitRange{}: { + Label: partOfCheObjectSelector, + }, + &corev1.ResourceQuota{}: { Label: partOfCheObjectSelector, }, } - if !infrastructure.IsOpenShift() { - delete(selectors, routeKey) - delete(selectors, oauthKey) + if infrastructure.IsOpenShift() { + selectors[&oauthv1.OAuthClient{}] = cache.ObjectSelector{Label: partOfCheObjectSelector} + selectors[&routev1.Route{}] = cache.ObjectSelector{Label: partOfCheObjectSelector} + selectors[&templatev1.Template{}] = cache.ObjectSelector{Label: partOfCheObjectSelector} } return cache.BuilderWithOptions(cache.Options{ diff --git a/pkg/common/test/utils.go b/pkg/common/test/utils.go index ef593bef18..ffbf07456d 100644 --- a/pkg/common/test/utils.go +++ b/pkg/common/test/utils.go @@ -31,6 +31,7 @@ import ( "github.com/eclipse-che/che-operator/pkg/common/chetypes" console "github.com/openshift/api/console/v1" oauthv1 "github.com/openshift/api/oauth/v1" + templatev1 "github.com/openshift/api/template/v1" appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/resource" @@ -189,9 +190,9 @@ func GetDeployContext(cheCluster *chev2.CheCluster, initObjs []runtime.Object) * scheme := scheme.Scheme chev2.SchemeBuilder.AddToScheme(scheme) scheme.AddKnownTypes(controllerv1alpha1.SchemeBuilder.GroupVersion, &controllerv1alpha1.DevWorkspaceOperatorConfig{}) - scheme.AddKnownTypes(oauthv1.GroupVersion, &oauthv1.OAuthClient{}) - scheme.AddKnownTypes(oauthv1.GroupVersion, &oauthv1.OAuthClientList{}) + scheme.AddKnownTypes(oauthv1.GroupVersion, &oauthv1.OAuthClient{}, &oauthv1.OAuthClientList{}) scheme.AddKnownTypes(configv1.GroupVersion, &configv1.Proxy{}, &configv1.Console{}) + scheme.AddKnownTypes(templatev1.GroupVersion, &templatev1.Template{}, &templatev1.TemplateList{}) scheme.AddKnownTypes(routev1.GroupVersion, &routev1.Route{}) scheme.AddKnownTypes(corev1.SchemeGroupVersion, &corev1.Secret{}) scheme.AddKnownTypes(console.GroupVersion, &console.ConsoleLink{}) diff --git a/pkg/common/utils/utils.go b/pkg/common/utils/utils.go index ed5f75ef19..553d5c8e50 100644 --- a/pkg/common/utils/utils.go +++ b/pkg/common/utils/utils.go @@ -219,6 +219,18 @@ func AddMap(a map[string]string, b map[string]string) { } } +// MergeMaps merges maps into a single one. +// If a key is present in multiple maps, the value from the last map is used. +func MergeMaps(maps []map[string]string) map[string]string { + result := make(map[string]string) + for _, m := range maps { + for k, v := range m { + result[k] = v + } + } + return result +} + // Converts label map into plain string func FormatLabels(m map[string]string) string { if len(m) == 0 { diff --git a/pkg/common/utils/utils_test.go b/pkg/common/utils/utils_test.go index addbdc785e..c72823d734 100644 --- a/pkg/common/utils/utils_test.go +++ b/pkg/common/utils/utils_test.go @@ -15,6 +15,8 @@ package utils import ( "reflect" "testing" + + "github.com/stretchr/testify/assert" ) func TestGeneratePasswd(t *testing.T) { @@ -83,3 +85,23 @@ func TestWhitelist(t *testing.T) { } } } + +func TestMergeMaps(t *testing.T) { + map1 := map[string]string{ + "key1": "value1", + "key2": "value2", + } + map2 := map[string]string{ + "key3": "value3", + "key4": "value4", + } + expected := map[string]string{ + "key1": "value1", + "key2": "value2", + "key3": "value3", + "key4": "value4", + } + + actual := MergeMaps([]map[string]string{nil, map1, nil, map2, make(map[string]string)}) + assert.Equal(t, expected, actual) +} diff --git a/vendor/github.com/openshift/api/LICENSE b/vendor/github.com/openshift/api/LICENSE index 8dada3edaf..5c389317ec 100644 --- a/vendor/github.com/openshift/api/LICENSE +++ b/vendor/github.com/openshift/api/LICENSE @@ -1,3 +1,4 @@ + Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ @@ -175,18 +176,7 @@ END OF TERMS AND CONDITIONS - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "{}" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright {yyyy} {name of copyright owner} + Copyright 2020 Red Hat, Inc. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusteroperator.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusteroperator.crd.yaml new file mode 100644 index 0000000000..f2e2cc3655 --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusteroperator.crd.yaml @@ -0,0 +1,137 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/497 + include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" + name: clusteroperators.config.openshift.io +spec: + group: config.openshift.io + names: + kind: ClusterOperator + listKind: ClusterOperatorList + plural: clusteroperators + shortNames: + - co + singular: clusteroperator + scope: Cluster + versions: + - additionalPrinterColumns: + - description: The version the operator is at. + jsonPath: .status.versions[?(@.name=="operator")].version + name: Version + type: string + - description: Whether the operator is running and stable. + jsonPath: .status.conditions[?(@.type=="Available")].status + name: Available + type: string + - description: Whether the operator is processing changes. + jsonPath: .status.conditions[?(@.type=="Progressing")].status + name: Progressing + type: string + - description: Whether the operator is degraded. + jsonPath: .status.conditions[?(@.type=="Degraded")].status + name: Degraded + type: string + - description: The time the operator's Available status last changed. + jsonPath: .status.conditions[?(@.type=="Available")].lastTransitionTime + name: Since + type: date + name: v1 + schema: + openAPIV3Schema: + description: "ClusterOperator is the Custom Resource object which holds the current state of an operator. This object is used by operators to convey their state to the rest of the cluster. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds configuration that could apply to any operator. + type: object + status: + description: status holds the information about the state of an operator. It is consistent with status information across the Kubernetes ecosystem. + type: object + properties: + conditions: + description: conditions describes the state of the operator's managed and monitored components. + type: array + items: + description: ClusterOperatorStatusCondition represents the state of the operator's managed and monitored components. + type: object + required: + - lastTransitionTime + - status + - type + properties: + lastTransitionTime: + description: lastTransitionTime is the time of the last update to the current status property. + type: string + format: date-time + message: + description: message provides additional information about the current condition. This is only to be consumed by humans. It may contain Line Feed characters (U+000A), which should be rendered as new lines. + type: string + reason: + description: reason is the CamelCase reason for the condition's current status. + type: string + status: + description: status of the condition, one of True, False, Unknown. + type: string + type: + description: type specifies the aspect reported by this condition. + type: string + extension: + description: extension contains any additional status information specific to the operator which owns this status object. + type: object + nullable: true + x-kubernetes-preserve-unknown-fields: true + relatedObjects: + description: 'relatedObjects is a list of objects that are "interesting" or related to this operator. Common uses are: 1. the detailed resource driving the operator 2. operator namespaces 3. operand namespaces' + type: array + items: + description: ObjectReference contains enough information to let you inspect or modify the referred object. + type: object + required: + - group + - name + - resource + properties: + group: + description: group of the referent. + type: string + name: + description: name of the referent. + type: string + namespace: + description: namespace of the referent. + type: string + resource: + description: resource of the referent. + type: string + versions: + description: versions is a slice of operator and operand version tuples. Operators which manage multiple operands will have multiple operand entries in the array. Available operators must report the version of the operator itself with the name "operator". An operator reports a new "operator" version when it has rolled out the new version to all of its operands. + type: array + items: + type: object + required: + - name + - version + properties: + name: + description: name is the name of the particular operand this version is for. It usually matches container images, not operators. + type: string + version: + description: version indicates which version of a particular operand is currently being managed. It must always match the Available operand. If 1.0.0 is Available, then this must indicate 1.0.0 even if the operator is trying to rollout 1.1.0 + type: string + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusterversion.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusterversion.crd.yaml new file mode 100644 index 0000000000..16a333ca8b --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusterversion.crd.yaml @@ -0,0 +1,435 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/495 + include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" + name: clusterversions.config.openshift.io +spec: + group: config.openshift.io + names: + kind: ClusterVersion + plural: clusterversions + singular: clusterversion + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .status.history[?(@.state=="Completed")].version + name: Version + type: string + - jsonPath: .status.conditions[?(@.type=="Available")].status + name: Available + type: string + - jsonPath: .status.conditions[?(@.type=="Progressing")].status + name: Progressing + type: string + - jsonPath: .status.conditions[?(@.type=="Progressing")].lastTransitionTime + name: Since + type: date + - jsonPath: .status.conditions[?(@.type=="Progressing")].message + name: Status + type: string + name: v1 + schema: + openAPIV3Schema: + description: "ClusterVersion is the configuration for the ClusterVersionOperator. This is where parameters related to automatic updates can be set. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec is the desired state of the cluster version - the operator will work to ensure that the desired version is applied to the cluster. + type: object + required: + - clusterID + properties: + capabilities: + description: capabilities configures the installation of optional, core cluster components. A null value here is identical to an empty object; see the child properties for default semantics. + type: object + properties: + additionalEnabledCapabilities: + description: additionalEnabledCapabilities extends the set of managed capabilities beyond the baseline defined in baselineCapabilitySet. The default is an empty set. + type: array + items: + description: ClusterVersionCapability enumerates optional, core cluster components. + type: string + enum: + - openshift-samples + - baremetal + - marketplace + - Console + - Insights + - Storage + - CSISnapshot + - NodeTuning + x-kubernetes-list-type: atomic + baselineCapabilitySet: + description: baselineCapabilitySet selects an initial set of optional capabilities to enable, which can be extended via additionalEnabledCapabilities. If unset, the cluster will choose a default, and the default may change over time. The current default is vCurrent. + type: string + enum: + - None + - v4.11 + - v4.12 + - v4.13 + - vCurrent + channel: + description: channel is an identifier for explicitly requesting that a non-default set of updates be applied to this cluster. The default channel will be contain stable updates that are appropriate for production clusters. + type: string + clusterID: + description: clusterID uniquely identifies this cluster. This is expected to be an RFC4122 UUID value (xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx in hexadecimal values). This is a required field. + type: string + desiredUpdate: + description: "desiredUpdate is an optional field that indicates the desired value of the cluster version. Setting this value will trigger an upgrade (if the current version does not match the desired version). The set of recommended update values is listed as part of available updates in status, and setting values outside that range may cause the upgrade to fail. \n Some of the fields are inter-related with restrictions and meanings described here. 1. image is specified, version is specified, architecture is specified. API validation error. 2. image is specified, version is specified, architecture is not specified. You should not do this. version is silently ignored and image is used. 3. image is specified, version is not specified, architecture is specified. API validation error. 4. image is specified, version is not specified, architecture is not specified. image is used. 5. image is not specified, version is specified, architecture is specified. version and desired architecture are used to select an image. 6. image is not specified, version is specified, architecture is not specified. version and current architecture are used to select an image. 7. image is not specified, version is not specified, architecture is specified. API validation error. 8. image is not specified, version is not specified, architecture is not specified. API validation error. \n If an upgrade fails the operator will halt and report status about the failing component. Setting the desired update value back to the previous version will cause a rollback to be attempted. Not all rollbacks will succeed." + type: object + properties: + architecture: + description: architecture is an optional field that indicates the desired value of the cluster architecture. In this context cluster architecture means either a single architecture or a multi architecture. architecture can only be set to Multi thereby only allowing updates from single to multi architecture. If architecture is set, image cannot be set and version must be set. Valid values are 'Multi' and empty. + type: string + enum: + - Multi + - "" + force: + description: force allows an administrator to update to an image that has failed verification or upgradeable checks. This option should only be used when the authenticity of the provided image has been verified out of band because the provided image will run with full administrative access to the cluster. Do not use this flag with images that comes from unknown or potentially malicious sources. + type: boolean + image: + description: image is a container image location that contains the update. image should be used when the desired version does not exist in availableUpdates or history. When image is set, version is ignored. When image is set, version should be empty. When image is set, architecture cannot be specified. + type: string + version: + description: version is a semantic version identifying the update version. version is ignored if image is specified and required if architecture is specified. + type: string + x-kubernetes-validations: + - rule: 'has(self.architecture) && has(self.image) ? (self.architecture == '''' || self.image == '''') : true' + message: cannot set both Architecture and Image + - rule: 'has(self.architecture) && self.architecture != '''' ? self.version != '''' : true' + message: Version must be set if Architecture is set + overrides: + description: overrides is list of overides for components that are managed by cluster version operator. Marking a component unmanaged will prevent the operator from creating or updating the object. + type: array + items: + description: ComponentOverride allows overriding cluster version operator's behavior for a component. + type: object + required: + - group + - kind + - name + - namespace + - unmanaged + properties: + group: + description: group identifies the API group that the kind is in. + type: string + kind: + description: kind indentifies which object to override. + type: string + name: + description: name is the component's name. + type: string + namespace: + description: namespace is the component's namespace. If the resource is cluster scoped, the namespace should be empty. + type: string + unmanaged: + description: 'unmanaged controls if cluster version operator should stop managing the resources in this cluster. Default: false' + type: boolean + upstream: + description: upstream may be used to specify the preferred update server. By default it will use the appropriate update server for the cluster and region. + type: string + status: + description: status contains information about the available updates and any in-progress updates. + type: object + required: + - availableUpdates + - desired + - observedGeneration + - versionHash + properties: + availableUpdates: + description: availableUpdates contains updates recommended for this cluster. Updates which appear in conditionalUpdates but not in availableUpdates may expose this cluster to known issues. This list may be empty if no updates are recommended, if the update service is unavailable, or if an invalid channel has been specified. + type: array + items: + description: Release represents an OpenShift release image and associated metadata. + type: object + properties: + channels: + description: channels is the set of Cincinnati channels to which the release currently belongs. + type: array + items: + type: string + image: + description: image is a container image location that contains the update. When this field is part of spec, image is optional if version is specified and the availableUpdates field contains a matching version. + type: string + url: + description: url contains information about this release. This URL is set by the 'url' metadata property on a release or the metadata returned by the update API and should be displayed as a link in user interfaces. The URL field may not be set for test or nightly releases. + type: string + version: + description: version is a semantic version identifying the update version. When this field is part of spec, version is optional if image is specified. + type: string + nullable: true + capabilities: + description: capabilities describes the state of optional, core cluster components. + type: object + properties: + enabledCapabilities: + description: enabledCapabilities lists all the capabilities that are currently managed. + type: array + items: + description: ClusterVersionCapability enumerates optional, core cluster components. + type: string + enum: + - openshift-samples + - baremetal + - marketplace + - Console + - Insights + - Storage + - CSISnapshot + - NodeTuning + x-kubernetes-list-type: atomic + knownCapabilities: + description: knownCapabilities lists all the capabilities known to the current cluster. + type: array + items: + description: ClusterVersionCapability enumerates optional, core cluster components. + type: string + enum: + - openshift-samples + - baremetal + - marketplace + - Console + - Insights + - Storage + - CSISnapshot + - NodeTuning + x-kubernetes-list-type: atomic + conditionalUpdates: + description: conditionalUpdates contains the list of updates that may be recommended for this cluster if it meets specific required conditions. Consumers interested in the set of updates that are actually recommended for this cluster should use availableUpdates. This list may be empty if no updates are recommended, if the update service is unavailable, or if an empty or invalid channel has been specified. + type: array + items: + description: ConditionalUpdate represents an update which is recommended to some clusters on the version the current cluster is reconciling, but which may not be recommended for the current cluster. + type: object + required: + - release + - risks + properties: + conditions: + description: 'conditions represents the observations of the conditional update''s current status. Known types are: * Evaluating, for whether the cluster-version operator will attempt to evaluate any risks[].matchingRules. * Recommended, for whether the update is recommended for the current cluster.' + type: array + items: + description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + type: object + required: + - lastTransitionTime + - message + - reason + - status + - type + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + type: string + format: date-time + message: + description: message is a human readable message indicating details about the transition. This may be an empty string. + type: string + maxLength: 32768 + observedGeneration: + description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + type: integer + format: int64 + minimum: 0 + reason: + description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. + type: string + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + status: + description: status of the condition, one of True, False, Unknown. + type: string + enum: + - "True" + - "False" + - Unknown + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + type: string + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + release: + description: release is the target of the update. + type: object + properties: + channels: + description: channels is the set of Cincinnati channels to which the release currently belongs. + type: array + items: + type: string + image: + description: image is a container image location that contains the update. When this field is part of spec, image is optional if version is specified and the availableUpdates field contains a matching version. + type: string + url: + description: url contains information about this release. This URL is set by the 'url' metadata property on a release or the metadata returned by the update API and should be displayed as a link in user interfaces. The URL field may not be set for test or nightly releases. + type: string + version: + description: version is a semantic version identifying the update version. When this field is part of spec, version is optional if image is specified. + type: string + risks: + description: risks represents the range of issues associated with updating to the target release. The cluster-version operator will evaluate all entries, and only recommend the update if there is at least one entry and all entries recommend the update. + type: array + minItems: 1 + items: + description: ConditionalUpdateRisk represents a reason and cluster-state for not recommending a conditional update. + type: object + required: + - matchingRules + - message + - name + - url + properties: + matchingRules: + description: matchingRules is a slice of conditions for deciding which clusters match the risk and which do not. The slice is ordered by decreasing precedence. The cluster-version operator will walk the slice in order, and stop after the first it can successfully evaluate. If no condition can be successfully evaluated, the update will not be recommended. + type: array + minItems: 1 + items: + description: ClusterCondition is a union of typed cluster conditions. The 'type' property determines which of the type-specific properties are relevant. When evaluated on a cluster, the condition may match, not match, or fail to evaluate. + type: object + required: + - type + properties: + promql: + description: promQL represents a cluster condition based on PromQL. + type: object + required: + - promql + properties: + promql: + description: PromQL is a PromQL query classifying clusters. This query query should return a 1 in the match case and a 0 in the does-not-match case. Queries which return no time series, or which return values besides 0 or 1, are evaluation failures. + type: string + type: + description: type represents the cluster-condition type. This defines the members and semantics of any additional properties. + type: string + enum: + - Always + - PromQL + x-kubernetes-list-type: atomic + message: + description: message provides additional information about the risk of updating, in the event that matchingRules match the cluster state. This is only to be consumed by humans. It may contain Line Feed characters (U+000A), which should be rendered as new lines. + type: string + minLength: 1 + name: + description: name is the CamelCase reason for not recommending a conditional update, in the event that matchingRules match the cluster state. + type: string + minLength: 1 + url: + description: url contains information about this risk. + type: string + format: uri + minLength: 1 + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + x-kubernetes-list-type: atomic + conditions: + description: conditions provides information about the cluster version. The condition "Available" is set to true if the desiredUpdate has been reached. The condition "Progressing" is set to true if an update is being applied. The condition "Degraded" is set to true if an update is currently blocked by a temporary or permanent error. Conditions are only valid for the current desiredUpdate when metadata.generation is equal to status.generation. + type: array + items: + description: ClusterOperatorStatusCondition represents the state of the operator's managed and monitored components. + type: object + required: + - lastTransitionTime + - status + - type + properties: + lastTransitionTime: + description: lastTransitionTime is the time of the last update to the current status property. + type: string + format: date-time + message: + description: message provides additional information about the current condition. This is only to be consumed by humans. It may contain Line Feed characters (U+000A), which should be rendered as new lines. + type: string + reason: + description: reason is the CamelCase reason for the condition's current status. + type: string + status: + description: status of the condition, one of True, False, Unknown. + type: string + type: + description: type specifies the aspect reported by this condition. + type: string + desired: + description: desired is the version that the cluster is reconciling towards. If the cluster is not yet fully initialized desired will be set with the information available, which may be an image or a tag. + type: object + properties: + channels: + description: channels is the set of Cincinnati channels to which the release currently belongs. + type: array + items: + type: string + image: + description: image is a container image location that contains the update. When this field is part of spec, image is optional if version is specified and the availableUpdates field contains a matching version. + type: string + url: + description: url contains information about this release. This URL is set by the 'url' metadata property on a release or the metadata returned by the update API and should be displayed as a link in user interfaces. The URL field may not be set for test or nightly releases. + type: string + version: + description: version is a semantic version identifying the update version. When this field is part of spec, version is optional if image is specified. + type: string + history: + description: history contains a list of the most recent versions applied to the cluster. This value may be empty during cluster startup, and then will be updated when a new update is being applied. The newest update is first in the list and it is ordered by recency. Updates in the history have state Completed if the rollout completed - if an update was failing or halfway applied the state will be Partial. Only a limited amount of update history is preserved. + type: array + items: + description: UpdateHistory is a single attempted update to the cluster. + type: object + required: + - completionTime + - image + - startedTime + - state + - verified + properties: + acceptedRisks: + description: acceptedRisks records risks which were accepted to initiate the update. For example, it may menition an Upgradeable=False or missing signature that was overriden via desiredUpdate.force, or an update that was initiated despite not being in the availableUpdates set of recommended update targets. + type: string + completionTime: + description: completionTime, if set, is when the update was fully applied. The update that is currently being applied will have a null completion time. Completion time will always be set for entries that are not the current update (usually to the started time of the next update). + type: string + format: date-time + nullable: true + image: + description: image is a container image location that contains the update. This value is always populated. + type: string + startedTime: + description: startedTime is the time at which the update was started. + type: string + format: date-time + state: + description: state reflects whether the update was fully applied. The Partial state indicates the update is not fully applied, while the Completed state indicates the update was successfully rolled out at least once (all parts of the update successfully applied). + type: string + verified: + description: verified indicates whether the provided update was properly verified before it was installed. If this is false the cluster may not be trusted. Verified does not cover upgradeable checks that depend on the cluster state at the time when the update target was accepted. + type: boolean + version: + description: version is a semantic version identifying the update version. If the requested image does not define a version, or if a failure occurs retrieving the image, this value may be empty. + type: string + observedGeneration: + description: observedGeneration reports which version of the spec is being synced. If this value is not equal to metadata.generation, then the desired and conditions fields may represent a previous version. + type: integer + format: int64 + versionHash: + description: versionHash is a fingerprint of the content that the cluster will be updated with. It is used by the operator to avoid unnecessary work and is for internal use only. + type: string + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_03_config-operator_01_proxy.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_03_config-operator_01_proxy.crd.yaml new file mode 100644 index 0000000000..3f58cbf691 --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/0000_03_config-operator_01_proxy.crd.yaml @@ -0,0 +1,78 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/470 + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" + name: proxies.config.openshift.io +spec: + group: config.openshift.io + names: + kind: Proxy + listKind: ProxyList + plural: proxies + singular: proxy + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: "Proxy holds cluster-wide information on how to configure default proxies for the cluster. The canonical name is `cluster` \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec holds user-settable values for the proxy configuration + type: object + properties: + httpProxy: + description: httpProxy is the URL of the proxy for HTTP requests. Empty means unset and will not result in an env var. + type: string + httpsProxy: + description: httpsProxy is the URL of the proxy for HTTPS requests. Empty means unset and will not result in an env var. + type: string + noProxy: + description: noProxy is a comma-separated list of hostnames and/or CIDRs and/or IPs for which the proxy should not be used. Empty means unset and will not result in an env var. + type: string + readinessEndpoints: + description: readinessEndpoints is a list of endpoints used to verify readiness of the proxy. + type: array + items: + type: string + trustedCA: + description: "trustedCA is a reference to a ConfigMap containing a CA certificate bundle. The trustedCA field should only be consumed by a proxy validator. The validator is responsible for reading the certificate bundle from the required key \"ca-bundle.crt\", merging it with the system default trust bundle, and writing the merged trust bundle to a ConfigMap named \"trusted-ca-bundle\" in the \"openshift-config-managed\" namespace. Clients that expect to make proxy connections must use the trusted-ca-bundle for all HTTPS requests to the proxy, and may use the trusted-ca-bundle for non-proxy HTTPS requests as well. \n The namespace for the ConfigMap referenced by trustedCA is \"openshift-config\". Here is an example ConfigMap (in yaml): \n apiVersion: v1 kind: ConfigMap metadata: name: user-ca-bundle namespace: openshift-config data: ca-bundle.crt: | -----BEGIN CERTIFICATE----- Custom CA certificate bundle. -----END CERTIFICATE-----" + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced config map + type: string + status: + description: status holds observed values from the cluster. They may not be overridden. + type: object + properties: + httpProxy: + description: httpProxy is the URL of the proxy for HTTP requests. + type: string + httpsProxy: + description: httpsProxy is the URL of the proxy for HTTPS requests. + type: string + noProxy: + description: noProxy is a comma-separated list of hostnames and/or CIDRs for which the proxy should not be used. + type: string + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_03_marketplace-operator_01_operatorhub.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_03_marketplace-operator_01_operatorhub.crd.yaml new file mode 100644 index 0000000000..6e82955fa3 --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/0000_03_marketplace-operator_01_operatorhub.crd.yaml @@ -0,0 +1,84 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/470 + capability.openshift.io/name: marketplace + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" + name: operatorhubs.config.openshift.io +spec: + group: config.openshift.io + names: + kind: OperatorHub + listKind: OperatorHubList + plural: operatorhubs + singular: operatorhub + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: "OperatorHub is the Schema for the operatorhubs API. It can be used to change the state of the default hub sources for OperatorHub on the cluster from enabled to disabled and vice versa. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." + type: object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: OperatorHubSpec defines the desired state of OperatorHub + type: object + properties: + disableAllDefaultSources: + description: disableAllDefaultSources allows you to disable all the default hub sources. If this is true, a specific entry in sources can be used to enable a default source. If this is false, a specific entry in sources can be used to disable or enable a default source. + type: boolean + sources: + description: sources is the list of default hub sources and their configuration. If the list is empty, it implies that the default hub sources are enabled on the cluster unless disableAllDefaultSources is true. If disableAllDefaultSources is true and sources is not empty, the configuration present in sources will take precedence. The list of default hub sources and their current state will always be reflected in the status block. + type: array + items: + description: HubSource is used to specify the hub source and its configuration + type: object + properties: + disabled: + description: disabled is used to disable a default hub source on cluster + type: boolean + name: + description: name is the name of one of the default hub sources + type: string + maxLength: 253 + minLength: 1 + status: + description: OperatorHubStatus defines the observed state of OperatorHub. The current state of the default hub sources will always be reflected here. + type: object + properties: + sources: + description: sources encapsulates the result of applying the configuration for each hub source + type: array + items: + description: HubSourceStatus is used to reflect the current state of applying the configuration to a default source + type: object + properties: + disabled: + description: disabled is used to disable a default hub source on cluster + type: boolean + message: + description: message provides more information regarding failures + type: string + name: + description: name is the name of one of the default hub sources + type: string + maxLength: 253 + minLength: 1 + status: + description: status indicates success or failure in applying the configuration + type: string + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_apiserver.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_apiserver.crd.yaml new file mode 100644 index 0000000000..3e53b28b9e --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_apiserver.crd.yaml @@ -0,0 +1,177 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/470 + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" + name: apiservers.config.openshift.io +spec: + group: config.openshift.io + names: + kind: APIServer + listKind: APIServerList + plural: apiservers + singular: apiserver + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: "APIServer holds configuration (like serving certificates, client CA and CORS domains) shared by all API servers in the system, among them especially kube-apiserver and openshift-apiserver. The canonical name of an instance is 'cluster'. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + type: object + properties: + additionalCORSAllowedOrigins: + description: additionalCORSAllowedOrigins lists additional, user-defined regular expressions describing hosts for which the API server allows access using the CORS headers. This may be needed to access the API and the integrated OAuth server from JavaScript applications. The values are regular expressions that correspond to the Golang regular expression language. + type: array + items: + type: string + audit: + description: audit specifies the settings for audit configuration to be applied to all OpenShift-provided API servers in the cluster. + type: object + default: + profile: Default + properties: + customRules: + description: customRules specify profiles per group. These profile take precedence over the top-level profile field if they apply. They are evaluation from top to bottom and the first one that matches, applies. + type: array + items: + description: AuditCustomRule describes a custom rule for an audit profile that takes precedence over the top-level profile. + type: object + required: + - group + - profile + properties: + group: + description: group is a name of group a request user must be member of in order to this profile to apply. + type: string + minLength: 1 + profile: + description: "profile specifies the name of the desired audit policy configuration to be deployed to all OpenShift-provided API servers in the cluster. \n The following profiles are provided: - Default: the existing default policy. - WriteRequestBodies: like 'Default', but logs request and response HTTP payloads for write requests (create, update, patch). - AllRequestBodies: like 'WriteRequestBodies', but also logs request and response HTTP payloads for read requests (get, list). - None: no requests are logged at all, not even oauthaccesstokens and oauthauthorizetokens. \n If unset, the 'Default' profile is used as the default." + type: string + enum: + - Default + - WriteRequestBodies + - AllRequestBodies + - None + x-kubernetes-list-map-keys: + - group + x-kubernetes-list-type: map + profile: + description: "profile specifies the name of the desired top-level audit profile to be applied to all requests sent to any of the OpenShift-provided API servers in the cluster (kube-apiserver, openshift-apiserver and oauth-apiserver), with the exception of those requests that match one or more of the customRules. \n The following profiles are provided: - Default: default policy which means MetaData level logging with the exception of events (not logged at all), oauthaccesstokens and oauthauthorizetokens (both logged at RequestBody level). - WriteRequestBodies: like 'Default', but logs request and response HTTP payloads for write requests (create, update, patch). - AllRequestBodies: like 'WriteRequestBodies', but also logs request and response HTTP payloads for read requests (get, list). - None: no requests are logged at all, not even oauthaccesstokens and oauthauthorizetokens. \n Warning: It is not recommended to disable audit logging by using the `None` profile unless you are fully aware of the risks of not logging data that can be beneficial when troubleshooting issues. If you disable audit logging and a support situation arises, you might need to enable audit logging and reproduce the issue in order to troubleshoot properly. \n If unset, the 'Default' profile is used as the default." + type: string + default: Default + enum: + - Default + - WriteRequestBodies + - AllRequestBodies + - None + clientCA: + description: 'clientCA references a ConfigMap containing a certificate bundle for the signers that will be recognized for incoming client certificates in addition to the operator managed signers. If this is empty, then only operator managed signers are valid. You usually only have to set this if you have your own PKI you wish to honor client certificates from. The ConfigMap must exist in the openshift-config namespace and contain the following required fields: - ConfigMap.Data["ca-bundle.crt"] - CA bundle.' + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced config map + type: string + encryption: + description: encryption allows the configuration of encryption of resources at the datastore layer. + type: object + properties: + type: + description: "type defines what encryption type should be used to encrypt resources at the datastore layer. When this field is unset (i.e. when it is set to the empty string), identity is implied. The behavior of unset can and will change over time. Even if encryption is enabled by default, the meaning of unset may change to a different encryption type based on changes in best practices. \n When encryption is enabled, all sensitive resources shipped with the platform are encrypted. This list of sensitive resources can and will change over time. The current authoritative list is: \n 1. secrets 2. configmaps 3. routes.route.openshift.io 4. oauthaccesstokens.oauth.openshift.io 5. oauthauthorizetokens.oauth.openshift.io" + type: string + enum: + - "" + - identity + - aescbc + servingCerts: + description: servingCert is the TLS cert info for serving secure traffic. If not specified, operator managed certificates will be used for serving secure traffic. + type: object + properties: + namedCertificates: + description: namedCertificates references secrets containing the TLS cert info for serving secure traffic to specific hostnames. If no named certificates are provided, or no named certificates match the server name as understood by a client, the defaultServingCertificate will be used. + type: array + items: + description: APIServerNamedServingCert maps a server DNS name, as understood by a client, to a certificate. + type: object + properties: + names: + description: names is a optional list of explicit DNS names (leading wildcards allowed) that should use this certificate to serve secure traffic. If no names are provided, the implicit names will be extracted from the certificates. Exact names trump over wildcard names. Explicit names defined here trump over extracted implicit names. + type: array + items: + type: string + servingCertificate: + description: 'servingCertificate references a kubernetes.io/tls type secret containing the TLS cert info for serving secure traffic. The secret must exist in the openshift-config namespace and contain the following required fields: - Secret.Data["tls.key"] - TLS private key. - Secret.Data["tls.crt"] - TLS certificate.' + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced secret + type: string + tlsSecurityProfile: + description: "tlsSecurityProfile specifies settings for TLS connections for externally exposed servers. \n If unset, a default (which may change between releases) is chosen. Note that only Old, Intermediate and Custom profiles are currently supported, and the maximum available MinTLSVersions is VersionTLS12." + type: object + properties: + custom: + description: "custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic. An example custom profile looks like this: \n ciphers: - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 minTLSVersion: TLSv1.1" + type: object + properties: + ciphers: + description: "ciphers is used to specify the cipher algorithms that are negotiated during the TLS handshake. Operators may remove entries their operands do not support. For example, to use DES-CBC3-SHA (yaml): \n ciphers: - DES-CBC3-SHA" + type: array + items: + type: string + minTLSVersion: + description: "minTLSVersion is used to specify the minimal version of the TLS protocol that is negotiated during the TLS handshake. For example, to use TLS versions 1.1, 1.2 and 1.3 (yaml): \n minTLSVersion: TLSv1.1 \n NOTE: currently the highest minTLSVersion allowed is VersionTLS12" + type: string + enum: + - VersionTLS10 + - VersionTLS11 + - VersionTLS12 + - VersionTLS13 + nullable: true + intermediate: + description: "intermediate is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29 \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - DHE-RSA-AES128-GCM-SHA256 - DHE-RSA-AES256-GCM-SHA384 minTLSVersion: TLSv1.2" + type: object + nullable: true + modern: + description: "modern is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 minTLSVersion: TLSv1.3 \n NOTE: Currently unsupported." + type: object + nullable: true + old: + description: "old is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - DHE-RSA-AES128-GCM-SHA256 - DHE-RSA-AES256-GCM-SHA384 - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA - ECDHE-ECDSA-AES256-SHA384 - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA - DHE-RSA-AES128-SHA256 - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384 - AES128-SHA256 - AES256-SHA256 - AES128-SHA - AES256-SHA - DES-CBC3-SHA minTLSVersion: TLSv1.0" + type: object + nullable: true + type: + description: "type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. Old, Intermediate and Modern are TLS security profiles based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations \n The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on precisely which ciphers are available to a process, the list may be reduced. \n Note that the Modern profile is currently not supported because it is not yet well adopted by common software libraries." + type: string + enum: + - Old + - Intermediate + - Modern + - Custom + status: + description: status holds observed values from the cluster. They may not be overridden. + type: object + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd.yaml new file mode 100644 index 0000000000..facf7c6b09 --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd.yaml @@ -0,0 +1,101 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/470 + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" + name: authentications.config.openshift.io +spec: + group: config.openshift.io + names: + kind: Authentication + listKind: AuthenticationList + plural: authentications + singular: authentication + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: "Authentication specifies cluster-wide settings for authentication (like OAuth and webhook token authenticators). The canonical name of an instance is `cluster`. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + type: object + properties: + oauthMetadata: + description: 'oauthMetadata contains the discovery endpoint data for OAuth 2.0 Authorization Server Metadata for an external OAuth server. This discovery document can be viewed from its served location: oc get --raw ''/.well-known/oauth-authorization-server'' For further details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 If oauthMetadata.name is non-empty, this value has precedence over any metadata reference stored in status. The key "oauthMetadata" is used to locate the data. If specified and the config map or expected key is not found, no metadata is served. If the specified metadata is not valid, no metadata is served. The namespace for this config map is openshift-config.' + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced config map + type: string + serviceAccountIssuer: + description: 'serviceAccountIssuer is the identifier of the bound service account token issuer. The default is https://kubernetes.default.svc WARNING: Updating this field will not result in immediate invalidation of all bound tokens with the previous issuer value. Instead, the tokens issued by previous service account issuer will continue to be trusted for a time period chosen by the platform (currently set to 24h). This time period is subject to change over time. This allows internal components to transition to use new service account issuer without service distruption.' + type: string + type: + description: type identifies the cluster managed, user facing authentication mode in use. Specifically, it manages the component that responds to login attempts. The default is IntegratedOAuth. + type: string + webhookTokenAuthenticator: + description: webhookTokenAuthenticator configures a remote token reviewer. These remote authentication webhooks can be used to verify bearer tokens via the tokenreviews.authentication.k8s.io REST API. This is required to honor bearer tokens that are provisioned by an external authentication service. + type: object + required: + - kubeConfig + properties: + kubeConfig: + description: "kubeConfig references a secret that contains kube config file data which describes how to access the remote webhook service. The namespace for the referenced secret is openshift-config. \n For further details, see: \n https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication \n The key \"kubeConfig\" is used to locate the data. If the secret or expected key is not found, the webhook is not honored. If the specified kube config data is not valid, the webhook is not honored." + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced secret + type: string + webhookTokenAuthenticators: + description: webhookTokenAuthenticators is DEPRECATED, setting it has no effect. + type: array + items: + description: deprecatedWebhookTokenAuthenticator holds the necessary configuration options for a remote token authenticator. It's the same as WebhookTokenAuthenticator but it's missing the 'required' validation on KubeConfig field. + type: object + properties: + kubeConfig: + description: 'kubeConfig contains kube config file data which describes how to access the remote webhook service. For further details, see: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication The key "kubeConfig" is used to locate the data. If the secret or expected key is not found, the webhook is not honored. If the specified kube config data is not valid, the webhook is not honored. The namespace for this secret is determined by the point of use.' + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced secret + type: string + status: + description: status holds observed values from the cluster. They may not be overridden. + type: object + properties: + integratedOAuthMetadata: + description: 'integratedOAuthMetadata contains the discovery endpoint data for OAuth 2.0 Authorization Server Metadata for the in-cluster integrated OAuth server. This discovery document can be viewed from its served location: oc get --raw ''/.well-known/oauth-authorization-server'' For further details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 This contains the observed value based on cluster state. An explicitly set value in spec.oauthMetadata has precedence over this field. This field has no meaning if authentication spec.type is not set to IntegratedOAuth. The key "oauthMetadata" is used to locate the data. If the config map or expected key is not found, no metadata is served. If the specified metadata is not valid, no metadata is served. The namespace for this config map is openshift-config-managed.' + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced config map + type: string + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_build.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_build.crd.yaml new file mode 100644 index 0000000000..89bc65581f --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_build.crd.yaml @@ -0,0 +1,275 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/470 + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" + name: builds.config.openshift.io +spec: + group: config.openshift.io + names: + kind: Build + listKind: BuildList + plural: builds + singular: build + preserveUnknownFields: false + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: "Build configures the behavior of OpenShift builds for the entire cluster. This includes default settings that can be overridden in BuildConfig objects, and overrides which are applied to all builds. \n The canonical name is \"cluster\" \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec holds user-settable values for the build controller configuration + type: object + properties: + additionalTrustedCA: + description: "AdditionalTrustedCA is a reference to a ConfigMap containing additional CAs that should be trusted for image pushes and pulls during builds. The namespace for this config map is openshift-config. \n DEPRECATED: Additional CAs for image pull and push should be set on image.config.openshift.io/cluster instead." + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced config map + type: string + buildDefaults: + description: BuildDefaults controls the default information for Builds + type: object + properties: + defaultProxy: + description: "DefaultProxy contains the default proxy settings for all build operations, including image pull/push and source download. \n Values can be overrode by setting the `HTTP_PROXY`, `HTTPS_PROXY`, and `NO_PROXY` environment variables in the build config's strategy." + type: object + properties: + httpProxy: + description: httpProxy is the URL of the proxy for HTTP requests. Empty means unset and will not result in an env var. + type: string + httpsProxy: + description: httpsProxy is the URL of the proxy for HTTPS requests. Empty means unset and will not result in an env var. + type: string + noProxy: + description: noProxy is a comma-separated list of hostnames and/or CIDRs and/or IPs for which the proxy should not be used. Empty means unset and will not result in an env var. + type: string + readinessEndpoints: + description: readinessEndpoints is a list of endpoints used to verify readiness of the proxy. + type: array + items: + type: string + trustedCA: + description: "trustedCA is a reference to a ConfigMap containing a CA certificate bundle. The trustedCA field should only be consumed by a proxy validator. The validator is responsible for reading the certificate bundle from the required key \"ca-bundle.crt\", merging it with the system default trust bundle, and writing the merged trust bundle to a ConfigMap named \"trusted-ca-bundle\" in the \"openshift-config-managed\" namespace. Clients that expect to make proxy connections must use the trusted-ca-bundle for all HTTPS requests to the proxy, and may use the trusted-ca-bundle for non-proxy HTTPS requests as well. \n The namespace for the ConfigMap referenced by trustedCA is \"openshift-config\". Here is an example ConfigMap (in yaml): \n apiVersion: v1 kind: ConfigMap metadata: name: user-ca-bundle namespace: openshift-config data: ca-bundle.crt: | -----BEGIN CERTIFICATE----- Custom CA certificate bundle. -----END CERTIFICATE-----" + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced config map + type: string + env: + description: Env is a set of default environment variables that will be applied to the build if the specified variables do not exist on the build + type: array + items: + description: EnvVar represents an environment variable present in a Container. + type: object + required: + - name + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used if value is not empty. + type: object + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + type: object + required: + - key + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.' + type: object + required: + - fieldPath + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + x-kubernetes-map-type: atomic + resourceFieldRef: + description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.' + type: object + required: + - resource + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + type: object + required: + - key + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + gitProxy: + description: "GitProxy contains the proxy settings for git operations only. If set, this will override any Proxy settings for all git commands, such as git clone. \n Values that are not set here will be inherited from DefaultProxy." + type: object + properties: + httpProxy: + description: httpProxy is the URL of the proxy for HTTP requests. Empty means unset and will not result in an env var. + type: string + httpsProxy: + description: httpsProxy is the URL of the proxy for HTTPS requests. Empty means unset and will not result in an env var. + type: string + noProxy: + description: noProxy is a comma-separated list of hostnames and/or CIDRs and/or IPs for which the proxy should not be used. Empty means unset and will not result in an env var. + type: string + readinessEndpoints: + description: readinessEndpoints is a list of endpoints used to verify readiness of the proxy. + type: array + items: + type: string + trustedCA: + description: "trustedCA is a reference to a ConfigMap containing a CA certificate bundle. The trustedCA field should only be consumed by a proxy validator. The validator is responsible for reading the certificate bundle from the required key \"ca-bundle.crt\", merging it with the system default trust bundle, and writing the merged trust bundle to a ConfigMap named \"trusted-ca-bundle\" in the \"openshift-config-managed\" namespace. Clients that expect to make proxy connections must use the trusted-ca-bundle for all HTTPS requests to the proxy, and may use the trusted-ca-bundle for non-proxy HTTPS requests as well. \n The namespace for the ConfigMap referenced by trustedCA is \"openshift-config\". Here is an example ConfigMap (in yaml): \n apiVersion: v1 kind: ConfigMap metadata: name: user-ca-bundle namespace: openshift-config data: ca-bundle.crt: | -----BEGIN CERTIFICATE----- Custom CA certificate bundle. -----END CERTIFICATE-----" + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced config map + type: string + imageLabels: + description: ImageLabels is a list of docker labels that are applied to the resulting image. User can override a default label by providing a label with the same name in their Build/BuildConfig. + type: array + items: + type: object + properties: + name: + description: Name defines the name of the label. It must have non-zero length. + type: string + value: + description: Value defines the literal value of the label. + type: string + resources: + description: Resources defines resource requirements to execute the build. + type: object + properties: + limits: + description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + requests: + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + buildOverrides: + description: BuildOverrides controls override settings for builds + type: object + properties: + forcePull: + description: ForcePull overrides, if set, the equivalent value in the builds, i.e. false disables force pull for all builds, true enables force pull for all builds, independently of what each build specifies itself + type: boolean + imageLabels: + description: ImageLabels is a list of docker labels that are applied to the resulting image. If user provided a label in their Build/BuildConfig with the same name as one in this list, the user's label will be overwritten. + type: array + items: + type: object + properties: + name: + description: Name defines the name of the label. It must have non-zero length. + type: string + value: + description: Value defines the literal value of the label. + type: string + nodeSelector: + description: NodeSelector is a selector which must be true for the build pod to fit on a node + type: object + additionalProperties: + type: string + tolerations: + description: Tolerations is a list of Tolerations that will override any existing tolerations set on a build pod. + type: array + items: + description: The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . + type: object + properties: + effect: + description: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. + type: integer + format: int64 + value: + description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_console.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_console.crd.yaml new file mode 100644 index 0000000000..188b45e013 --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_console.crd.yaml @@ -0,0 +1,57 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/470 + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" + name: consoles.config.openshift.io +spec: + group: config.openshift.io + names: + kind: Console + listKind: ConsoleList + plural: consoles + singular: console + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: "Console holds cluster-wide configuration for the web console, including the logout URL, and reports the public URL of the console. The canonical name is `cluster`. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + type: object + properties: + authentication: + description: ConsoleAuthentication defines a list of optional configuration for console authentication. + type: object + properties: + logoutRedirect: + description: 'An optional, absolute URL to redirect web browsers to after logging out of the console. If not specified, it will redirect to the default login page. This is required when using an identity provider that supports single sign-on (SSO) such as: - OpenID (Keycloak, Azure) - RequestHeader (GSSAPI, SSPI, SAML) - OAuth (GitHub, GitLab, Google) Logging out of the console will destroy the user''s token. The logoutRedirect provides the user the option to perform single logout (SLO) through the identity provider to destroy their single sign-on session.' + type: string + pattern: ^$|^((https):\/\/?)[^\s()<>]+(?:\([\w\d]+\)|([^[:punct:]\s]|\/?))$ + status: + description: status holds observed values from the cluster. They may not be overridden. + type: object + properties: + consoleURL: + description: The URL for the console. This will be derived from the host for the route that is created for the console. + type: string + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_dns.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_dns.crd.yaml new file mode 100644 index 0000000000..e4fa56eeea --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_dns.crd.yaml @@ -0,0 +1,72 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/470 + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" + name: dnses.config.openshift.io +spec: + group: config.openshift.io + names: + kind: DNS + listKind: DNSList + plural: dnses + singular: dns + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: "DNS holds cluster-wide information about DNS. The canonical name is `cluster` \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + type: object + properties: + baseDomain: + description: "baseDomain is the base domain of the cluster. All managed DNS records will be sub-domains of this base. \n For example, given the base domain `openshift.example.com`, an API server DNS record may be created for `cluster-api.openshift.example.com`. \n Once set, this field cannot be changed." + type: string + privateZone: + description: "privateZone is the location where all the DNS records that are only available internally to the cluster exist. \n If this field is nil, no private records should be created. \n Once set, this field cannot be changed." + type: object + properties: + id: + description: "id is the identifier that can be used to find the DNS hosted zone. \n on AWS zone can be fetched using `ID` as id in [1] on Azure zone can be fetched using `ID` as a pre-determined name in [2], on GCP zone can be fetched using `ID` as a pre-determined name in [3]. \n [1]: https://docs.aws.amazon.com/cli/latest/reference/route53/get-hosted-zone.html#options [2]: https://docs.microsoft.com/en-us/cli/azure/network/dns/zone?view=azure-cli-latest#az-network-dns-zone-show [3]: https://cloud.google.com/dns/docs/reference/v1/managedZones/get" + type: string + tags: + description: "tags can be used to query the DNS hosted zone. \n on AWS, resourcegroupstaggingapi [1] can be used to fetch a zone using `Tags` as tag-filters, \n [1]: https://docs.aws.amazon.com/cli/latest/reference/resourcegroupstaggingapi/get-resources.html#options" + type: object + additionalProperties: + type: string + publicZone: + description: "publicZone is the location where all the DNS records that are publicly accessible to the internet exist. \n If this field is nil, no public records should be created. \n Once set, this field cannot be changed." + type: object + properties: + id: + description: "id is the identifier that can be used to find the DNS hosted zone. \n on AWS zone can be fetched using `ID` as id in [1] on Azure zone can be fetched using `ID` as a pre-determined name in [2], on GCP zone can be fetched using `ID` as a pre-determined name in [3]. \n [1]: https://docs.aws.amazon.com/cli/latest/reference/route53/get-hosted-zone.html#options [2]: https://docs.microsoft.com/en-us/cli/azure/network/dns/zone?view=azure-cli-latest#az-network-dns-zone-show [3]: https://cloud.google.com/dns/docs/reference/v1/managedZones/get" + type: string + tags: + description: "tags can be used to query the DNS hosted zone. \n on AWS, resourcegroupstaggingapi [1] can be used to fetch a zone using `Tags` as tag-filters, \n [1]: https://docs.aws.amazon.com/cli/latest/reference/resourcegroupstaggingapi/get-resources.html#options" + type: object + additionalProperties: + type: string + status: + description: status holds observed values from the cluster. They may not be overridden. + type: object + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_featuregate.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_featuregate.crd.yaml new file mode 100644 index 0000000000..5254d0ce28 --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_featuregate.crd.yaml @@ -0,0 +1,63 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/470 + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" + name: featuregates.config.openshift.io +spec: + group: config.openshift.io + names: + kind: FeatureGate + listKind: FeatureGateList + plural: featuregates + singular: featuregate + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: "Feature holds cluster-wide information about feature gates. The canonical name is `cluster` \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + type: object + properties: + customNoUpgrade: + description: customNoUpgrade allows the enabling or disabling of any feature. Turning this feature set on IS NOT SUPPORTED, CANNOT BE UNDONE, and PREVENTS UPGRADES. Because of its nature, this setting cannot be validated. If you have any typos or accidentally apply invalid combinations your cluster may fail in an unrecoverable way. featureSet must equal "CustomNoUpgrade" must be set to use this field. + type: object + properties: + disabled: + description: disabled is a list of all feature gates that you want to force off + type: array + items: + type: string + enabled: + description: enabled is a list of all feature gates that you want to force on + type: array + items: + type: string + nullable: true + featureSet: + description: featureSet changes the list of features in the cluster. The default is empty. Be very careful adjusting this setting. Turning on or off features may cause irreversible changes in your cluster which cannot be undone. + type: string + status: + description: status holds observed values from the cluster. They may not be overridden. + type: object + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_image.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_image.crd.yaml new file mode 100644 index 0000000000..a160fef40f --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_image.crd.yaml @@ -0,0 +1,108 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/470 + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" + name: images.config.openshift.io +spec: + group: config.openshift.io + names: + kind: Image + listKind: ImageList + plural: images + singular: image + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: "Image governs policies related to imagestream imports and runtime configuration for external registries. It allows cluster admins to configure which registries OpenShift is allowed to import images from, extra CA trust bundles for external registries, and policies to block or allow registry hostnames. When exposing OpenShift's image registry to the public, this also lets cluster admins specify the external hostname. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + type: object + properties: + additionalTrustedCA: + description: additionalTrustedCA is a reference to a ConfigMap containing additional CAs that should be trusted during imagestream import, pod image pull, build image pull, and imageregistry pullthrough. The namespace for this config map is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced config map + type: string + allowedRegistriesForImport: + description: allowedRegistriesForImport limits the container image registries that normal users may import images from. Set this list to the registries that you trust to contain valid Docker images and that you want applications to be able to import from. Users with permission to create Images or ImageStreamMappings via the API are not affected by this policy - typically only administrators or system integrations will have those permissions. + type: array + items: + description: RegistryLocation contains a location of the registry specified by the registry domain name. The domain name might include wildcards, like '*' or '??'. + type: object + properties: + domainName: + description: domainName specifies a domain name for the registry In case the registry use non-standard (80 or 443) port, the port should be included in the domain name as well. + type: string + insecure: + description: insecure indicates whether the registry is secure (https) or insecure (http) By default (if not specified) the registry is assumed as secure. + type: boolean + externalRegistryHostnames: + description: externalRegistryHostnames provides the hostnames for the default external image registry. The external hostname should be set only when the image registry is exposed externally. The first value is used in 'publicDockerImageRepository' field in ImageStreams. The value must be in "hostname[:port]" format. + type: array + items: + type: string + registrySources: + description: registrySources contains configuration that determines how the container runtime should treat individual registries when accessing images for builds+pods. (e.g. whether or not to allow insecure access). It does not contain configuration for the internal cluster registry. + type: object + properties: + allowedRegistries: + description: "allowedRegistries are the only registries permitted for image pull and push actions. All other registries are denied. \n Only one of BlockedRegistries or AllowedRegistries may be set." + type: array + items: + type: string + blockedRegistries: + description: "blockedRegistries cannot be used for image pull and push actions. All other registries are permitted. \n Only one of BlockedRegistries or AllowedRegistries may be set." + type: array + items: + type: string + containerRuntimeSearchRegistries: + description: 'containerRuntimeSearchRegistries are registries that will be searched when pulling images that do not have fully qualified domains in their pull specs. Registries will be searched in the order provided in the list. Note: this search list only works with the container runtime, i.e CRI-O. Will NOT work with builds or imagestream imports.' + type: array + format: hostname + minItems: 1 + items: + type: string + x-kubernetes-list-type: set + insecureRegistries: + description: insecureRegistries are registries which do not have a valid TLS certificates or only support HTTP connections. + type: array + items: + type: string + status: + description: status holds observed values from the cluster. They may not be overridden. + type: object + properties: + externalRegistryHostnames: + description: externalRegistryHostnames provides the hostnames for the default external image registry. The external hostname should be set only when the image registry is exposed externally. The first value is used in 'publicDockerImageRepository' field in ImageStreams. The value must be in "hostname[:port]" format. + type: array + items: + type: string + internalRegistryHostname: + description: internalRegistryHostname sets the hostname for the default internal image registry. The value must be in "hostname[:port]" format. This value is set by the image registry operator which controls the internal registry hostname. For backward compatibility, users can still use OPENSHIFT_DEFAULT_REGISTRY environment variable but this setting overrides the environment variable. + type: string + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_imagecontentpolicy.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_imagecontentpolicy.crd.yaml new file mode 100644 index 0000000000..147c73c44d --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_imagecontentpolicy.crd.yaml @@ -0,0 +1,68 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/874 + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" + name: imagecontentpolicies.config.openshift.io +spec: + group: config.openshift.io + names: + kind: ImageContentPolicy + listKind: ImageContentPolicyList + plural: imagecontentpolicies + singular: imagecontentpolicy + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: "ImageContentPolicy holds cluster-wide information about how to handle registry mirror rules. When multiple policies are defined, the outcome of the behavior is defined on each field. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + type: object + properties: + repositoryDigestMirrors: + description: "repositoryDigestMirrors allows images referenced by image digests in pods to be pulled from alternative mirrored repository locations. The image pull specification provided to the pod will be compared to the source locations described in RepositoryDigestMirrors and the image may be pulled down from any of the mirrors in the list instead of the specified repository allowing administrators to choose a potentially faster mirror. To pull image from mirrors by tags, should set the \"allowMirrorByTags\". \n Each “source” repository is treated independently; configurations for different “source” repositories don’t interact. \n If the \"mirrors\" is not specified, the image will continue to be pulled from the specified repository in the pull spec. \n When multiple policies are defined for the same “source” repository, the sets of defined mirrors will be merged together, preserving the relative order of the mirrors, if possible. For example, if policy A has mirrors `a, b, c` and policy B has mirrors `c, d, e`, the mirrors will be used in the order `a, b, c, d, e`. If the orders of mirror entries conflict (e.g. `a, b` vs. `b, a`) the configuration is not rejected but the resulting order is unspecified." + type: array + items: + description: RepositoryDigestMirrors holds cluster-wide information about how to handle mirrors in the registries config. + type: object + required: + - source + properties: + allowMirrorByTags: + description: allowMirrorByTags if true, the mirrors can be used to pull the images that are referenced by their tags. Default is false, the mirrors only work when pulling the images that are referenced by their digests. Pulling images by tag can potentially yield different images, depending on which endpoint we pull from. Forcing digest-pulls for mirrors avoids that issue. + type: boolean + mirrors: + description: mirrors is zero or more repositories that may also contain the same images. If the "mirrors" is not specified, the image will continue to be pulled from the specified repository in the pull spec. No mirror will be configured. The order of mirrors in this list is treated as the user's desired priority, while source is by default considered lower priority than all mirrors. Other cluster configuration, including (but not limited to) other repositoryDigestMirrors objects, may impact the exact order mirrors are contacted in, or some mirrors may be contacted in parallel, so this should be considered a preference rather than a guarantee of ordering. + type: array + items: + type: string + pattern: ^(([a-zA-Z]|[a-zA-Z][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z]|[A-Za-z][A-Za-z0-9\-]*[A-Za-z0-9])(:[0-9]+)?(\/[^\/:\n]+)*(\/[^\/:\n]+((:[^\/:\n]+)|(@[^\n]+)))?$ + x-kubernetes-list-type: set + source: + description: source is the repository that users refer to, e.g. in image pull specifications. + type: string + pattern: ^(([a-zA-Z]|[a-zA-Z][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z]|[A-Za-z][A-Za-z0-9\-]*[A-Za-z0-9])(:[0-9]+)?(\/[^\/:\n]+)*(\/[^\/:\n]+((:[^\/:\n]+)|(@[^\n]+)))?$ + x-kubernetes-list-map-keys: + - source + x-kubernetes-list-type: map + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_imagedigestmirrorset.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_imagedigestmirrorset.crd.yaml new file mode 100644 index 0000000000..693a554e7a --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_imagedigestmirrorset.crd.yaml @@ -0,0 +1,74 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/1126 + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" + name: imagedigestmirrorsets.config.openshift.io +spec: + group: config.openshift.io + names: + kind: ImageDigestMirrorSet + listKind: ImageDigestMirrorSetList + plural: imagedigestmirrorsets + shortNames: + - idms + singular: imagedigestmirrorset + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: "ImageDigestMirrorSet holds cluster-wide information about how to handle registry mirror rules on using digest pull specification. When multiple policies are defined, the outcome of the behavior is defined on each field. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + type: object + properties: + imageDigestMirrors: + description: "imageDigestMirrors allows images referenced by image digests in pods to be pulled from alternative mirrored repository locations. The image pull specification provided to the pod will be compared to the source locations described in imageDigestMirrors and the image may be pulled down from any of the mirrors in the list instead of the specified repository allowing administrators to choose a potentially faster mirror. To use mirrors to pull images using tag specification, users should configure a list of mirrors using \"ImageTagMirrorSet\" CRD. \n If the image pull specification matches the repository of \"source\" in multiple imagedigestmirrorset objects, only the objects which define the most specific namespace match will be used. For example, if there are objects using quay.io/libpod and quay.io/libpod/busybox as the \"source\", only the objects using quay.io/libpod/busybox are going to apply for pull specification quay.io/libpod/busybox. Each “source” repository is treated independently; configurations for different “source” repositories don’t interact. \n If the \"mirrors\" is not specified, the image will continue to be pulled from the specified repository in the pull spec. \n When multiple policies are defined for the same “source” repository, the sets of defined mirrors will be merged together, preserving the relative order of the mirrors, if possible. For example, if policy A has mirrors `a, b, c` and policy B has mirrors `c, d, e`, the mirrors will be used in the order `a, b, c, d, e`. If the orders of mirror entries conflict (e.g. `a, b` vs. `b, a`) the configuration is not rejected but the resulting order is unspecified. Users who want to use a specific order of mirrors, should configure them into one list of mirrors using the expected order." + type: array + items: + description: ImageDigestMirrors holds cluster-wide information about how to handle mirrors in the registries config. + type: object + required: + - source + properties: + mirrorSourcePolicy: + description: mirrorSourcePolicy defines the fallback policy if fails to pull image from the mirrors. If unset, the image will continue to be pulled from the the repository in the pull spec. sourcePolicy is valid configuration only when one or more mirrors are in the mirror list. + type: string + enum: + - NeverContactSource + - AllowContactingSource + mirrors: + description: 'mirrors is zero or more locations that may also contain the same images. No mirror will be configured if not specified. Images can be pulled from these mirrors only if they are referenced by their digests. The mirrored location is obtained by replacing the part of the input reference that matches source by the mirrors entry, e.g. for registry.redhat.io/product/repo reference, a (source, mirror) pair *.redhat.io, mirror.local/redhat causes a mirror.local/redhat/product/repo repository to be used. The order of mirrors in this list is treated as the user''s desired priority, while source is by default considered lower priority than all mirrors. If no mirror is specified or all image pulls from the mirror list fail, the image will continue to be pulled from the repository in the pull spec unless explicitly prohibited by "mirrorSourcePolicy" Other cluster configuration, including (but not limited to) other imageDigestMirrors objects, may impact the exact order mirrors are contacted in, or some mirrors may be contacted in parallel, so this should be considered a preference rather than a guarantee of ordering. "mirrors" uses one of the following formats: host[:port] host[:port]/namespace[/namespace…] host[:port]/namespace[/namespace…]/repo for more information about the format, see the document about the location field: https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md#choosing-a-registry-toml-table' + type: array + items: + type: string + pattern: ^((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:(?:\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+)?(?::[0-9]+)?)(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$ + x-kubernetes-list-type: set + source: + description: 'source matches the repository that users refer to, e.g. in image pull specifications. Setting source to a registry hostname e.g. docker.io. quay.io, or registry.redhat.io, will match the image pull specification of corressponding registry. "source" uses one of the following formats: host[:port] host[:port]/namespace[/namespace…] host[:port]/namespace[/namespace…]/repo [*.]host for more information about the format, see the document about the location field: https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md#choosing-a-registry-toml-table' + type: string + pattern: ^\*(?:\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+$|^((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:(?:\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+)?(?::[0-9]+)?)(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$ + x-kubernetes-list-type: atomic + status: + description: status contains the observed state of the resource. + type: object + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_imagetagmirrorset.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_imagetagmirrorset.crd.yaml new file mode 100644 index 0000000000..17a2d045ba --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_imagetagmirrorset.crd.yaml @@ -0,0 +1,74 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/1126 + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" + name: imagetagmirrorsets.config.openshift.io +spec: + group: config.openshift.io + names: + kind: ImageTagMirrorSet + listKind: ImageTagMirrorSetList + plural: imagetagmirrorsets + shortNames: + - itms + singular: imagetagmirrorset + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: "ImageTagMirrorSet holds cluster-wide information about how to handle registry mirror rules on using tag pull specification. When multiple policies are defined, the outcome of the behavior is defined on each field. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + type: object + properties: + imageTagMirrors: + description: "imageTagMirrors allows images referenced by image tags in pods to be pulled from alternative mirrored repository locations. The image pull specification provided to the pod will be compared to the source locations described in imageTagMirrors and the image may be pulled down from any of the mirrors in the list instead of the specified repository allowing administrators to choose a potentially faster mirror. To use mirrors to pull images using digest specification only, users should configure a list of mirrors using \"ImageDigestMirrorSet\" CRD. \n If the image pull specification matches the repository of \"source\" in multiple imagetagmirrorset objects, only the objects which define the most specific namespace match will be used. For example, if there are objects using quay.io/libpod and quay.io/libpod/busybox as the \"source\", only the objects using quay.io/libpod/busybox are going to apply for pull specification quay.io/libpod/busybox. Each “source” repository is treated independently; configurations for different “source” repositories don’t interact. \n If the \"mirrors\" is not specified, the image will continue to be pulled from the specified repository in the pull spec. \n When multiple policies are defined for the same “source” repository, the sets of defined mirrors will be merged together, preserving the relative order of the mirrors, if possible. For example, if policy A has mirrors `a, b, c` and policy B has mirrors `c, d, e`, the mirrors will be used in the order `a, b, c, d, e`. If the orders of mirror entries conflict (e.g. `a, b` vs. `b, a`) the configuration is not rejected but the resulting order is unspecified. Users who want to use a deterministic order of mirrors, should configure them into one list of mirrors using the expected order." + type: array + items: + description: ImageTagMirrors holds cluster-wide information about how to handle mirrors in the registries config. + type: object + required: + - source + properties: + mirrorSourcePolicy: + description: mirrorSourcePolicy defines the fallback policy if fails to pull image from the mirrors. If unset, the image will continue to be pulled from the repository in the pull spec. sourcePolicy is valid configuration only when one or more mirrors are in the mirror list. + type: string + enum: + - NeverContactSource + - AllowContactingSource + mirrors: + description: 'mirrors is zero or more locations that may also contain the same images. No mirror will be configured if not specified. Images can be pulled from these mirrors only if they are referenced by their tags. The mirrored location is obtained by replacing the part of the input reference that matches source by the mirrors entry, e.g. for registry.redhat.io/product/repo reference, a (source, mirror) pair *.redhat.io, mirror.local/redhat causes a mirror.local/redhat/product/repo repository to be used. Pulling images by tag can potentially yield different images, depending on which endpoint we pull from. Configuring a list of mirrors using "ImageDigestMirrorSet" CRD and forcing digest-pulls for mirrors avoids that issue. The order of mirrors in this list is treated as the user''s desired priority, while source is by default considered lower priority than all mirrors. If no mirror is specified or all image pulls from the mirror list fail, the image will continue to be pulled from the repository in the pull spec unless explicitly prohibited by "mirrorSourcePolicy". Other cluster configuration, including (but not limited to) other imageTagMirrors objects, may impact the exact order mirrors are contacted in, or some mirrors may be contacted in parallel, so this should be considered a preference rather than a guarantee of ordering. "mirrors" uses one of the following formats: host[:port] host[:port]/namespace[/namespace…] host[:port]/namespace[/namespace…]/repo for more information about the format, see the document about the location field: https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md#choosing-a-registry-toml-table' + type: array + items: + type: string + pattern: ^((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:(?:\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+)?(?::[0-9]+)?)(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$ + x-kubernetes-list-type: set + source: + description: 'source matches the repository that users refer to, e.g. in image pull specifications. Setting source to a registry hostname e.g. docker.io. quay.io, or registry.redhat.io, will match the image pull specification of corressponding registry. "source" uses one of the following formats: host[:port] host[:port]/namespace[/namespace…] host[:port]/namespace[/namespace…]/repo [*.]host for more information about the format, see the document about the location field: https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md#choosing-a-registry-toml-table' + type: string + pattern: ^\*(?:\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+$|^((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:(?:\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+)?(?::[0-9]+)?)(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$ + x-kubernetes-list-type: atomic + status: + description: status contains the observed state of the resource. + type: object + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-Default.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-Default.crd.yaml new file mode 100644 index 0000000000..fe57bddfc6 --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-Default.crd.yaml @@ -0,0 +1,637 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/470 + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" + release.openshift.io/feature-set: Default + name: infrastructures.config.openshift.io +spec: + group: config.openshift.io + names: + kind: Infrastructure + listKind: InfrastructureList + plural: infrastructures + singular: infrastructure + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: "Infrastructure holds cluster-wide information about Infrastructure. The canonical name is `cluster` \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + type: object + properties: + cloudConfig: + description: "cloudConfig is a reference to a ConfigMap containing the cloud provider configuration file. This configuration file is used to configure the Kubernetes cloud provider integration when using the built-in cloud provider integration or the external cloud controller manager. The namespace for this config map is openshift-config. \n cloudConfig should only be consumed by the kube_cloud_config controller. The controller is responsible for using the user configuration in the spec for various platforms and combining that with the user provided ConfigMap in this field to create a stitched kube cloud config. The controller generates a ConfigMap `kube-cloud-config` in `openshift-config-managed` namespace with the kube cloud config is stored in `cloud.conf` key. All the clients are expected to use the generated ConfigMap only." + type: object + properties: + key: + description: Key allows pointing to a specific key/value inside of the configmap. This is useful for logical file references. + type: string + name: + type: string + platformSpec: + description: platformSpec holds desired information specific to the underlying infrastructure provider. + type: object + properties: + alibabaCloud: + description: AlibabaCloud contains settings specific to the Alibaba Cloud infrastructure provider. + type: object + aws: + description: AWS contains settings specific to the Amazon Web Services infrastructure provider. + type: object + properties: + serviceEndpoints: + description: serviceEndpoints list contains custom endpoints which will override default service endpoint of AWS Services. There must be only one ServiceEndpoint for a service. + type: array + items: + description: AWSServiceEndpoint store the configuration of a custom url to override existing defaults of AWS Services. + type: object + properties: + name: + description: name is the name of the AWS service. The list of all the service names can be found at https://docs.aws.amazon.com/general/latest/gr/aws-service-information.html This must be provided and cannot be empty. + type: string + pattern: ^[a-z0-9-]+$ + url: + description: url is fully qualified URI with scheme https, that overrides the default generated endpoint for a client. This must be provided and cannot be empty. + type: string + pattern: ^https:// + azure: + description: Azure contains settings specific to the Azure infrastructure provider. + type: object + baremetal: + description: BareMetal contains settings specific to the BareMetal platform. + type: object + equinixMetal: + description: EquinixMetal contains settings specific to the Equinix Metal infrastructure provider. + type: object + external: + description: ExternalPlatformType represents generic infrastructure provider. Platform-specific components should be supplemented separately. + type: object + properties: + cloudControllerManager: + description: CloudControllerManager contains settings specific to the external Cloud Controller Manager (a.k.a. CCM or CPI) + type: object + properties: + state: + description: "state determines whether or not an external Cloud Controller Manager is expected to be installed within the cluster. https://kubernetes.io/docs/tasks/administer-cluster/running-cloud-controller/#running-cloud-controller-manager \n When set to \"External\", new nodes will be tainted as uninitialized when created, preventing them from running workloads until they are initialized by the cloud controller manager. When omitted or set to \"None\", new nodes will be not tainted and no extra initialization from the cloud controller manager is expected." + type: string + enum: + - "" + - External + - None + platformName: + description: PlatformName holds the arbitrary string representing the infrastructure provider name, expected to be set at the installation time. This field is solely for informational and reporting purposes and is not expected to be used for decision-making. + type: string + default: Unknown + x-kubernetes-validations: + - rule: oldSelf == 'Unknown' || self == oldSelf + message: platform name cannot be changed once set + gcp: + description: GCP contains settings specific to the Google Cloud Platform infrastructure provider. + type: object + ibmcloud: + description: IBMCloud contains settings specific to the IBMCloud infrastructure provider. + type: object + kubevirt: + description: Kubevirt contains settings specific to the kubevirt infrastructure provider. + type: object + nutanix: + description: Nutanix contains settings specific to the Nutanix infrastructure provider. + type: object + required: + - prismCentral + - prismElements + properties: + prismCentral: + description: prismCentral holds the endpoint address and port to access the Nutanix Prism Central. When a cluster-wide proxy is installed, by default, this endpoint will be accessed via the proxy. Should you wish for communication with this endpoint not to be proxied, please add the endpoint to the proxy spec.noProxy list. + type: object + required: + - address + - port + properties: + address: + description: address is the endpoint address (DNS name or IP address) of the Nutanix Prism Central or Element (cluster) + type: string + maxLength: 256 + port: + description: port is the port number to access the Nutanix Prism Central or Element (cluster) + type: integer + format: int32 + maximum: 65535 + minimum: 1 + prismElements: + description: prismElements holds one or more endpoint address and port data to access the Nutanix Prism Elements (clusters) of the Nutanix Prism Central. Currently we only support one Prism Element (cluster) for an OpenShift cluster, where all the Nutanix resources (VMs, subnets, volumes, etc.) used in the OpenShift cluster are located. In the future, we may support Nutanix resources (VMs, etc.) spread over multiple Prism Elements (clusters) of the Prism Central. + type: array + items: + description: NutanixPrismElementEndpoint holds the name and endpoint data for a Prism Element (cluster) + type: object + required: + - endpoint + - name + properties: + endpoint: + description: endpoint holds the endpoint address and port data of the Prism Element (cluster). When a cluster-wide proxy is installed, by default, this endpoint will be accessed via the proxy. Should you wish for communication with this endpoint not to be proxied, please add the endpoint to the proxy spec.noProxy list. + type: object + required: + - address + - port + properties: + address: + description: address is the endpoint address (DNS name or IP address) of the Nutanix Prism Central or Element (cluster) + type: string + maxLength: 256 + port: + description: port is the port number to access the Nutanix Prism Central or Element (cluster) + type: integer + format: int32 + maximum: 65535 + minimum: 1 + name: + description: name is the name of the Prism Element (cluster). This value will correspond with the cluster field configured on other resources (eg Machines, PVCs, etc). + type: string + maxLength: 256 + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + openstack: + description: OpenStack contains settings specific to the OpenStack infrastructure provider. + type: object + ovirt: + description: Ovirt contains settings specific to the oVirt infrastructure provider. + type: object + powervs: + description: PowerVS contains settings specific to the IBM Power Systems Virtual Servers infrastructure provider. + type: object + properties: + serviceEndpoints: + description: serviceEndpoints is a list of custom endpoints which will override the default service endpoints of a Power VS service. + type: array + items: + description: PowervsServiceEndpoint stores the configuration of a custom url to override existing defaults of PowerVS Services. + type: object + required: + - name + - url + properties: + name: + description: name is the name of the Power VS service. Few of the services are IAM - https://cloud.ibm.com/apidocs/iam-identity-token-api ResourceController - https://cloud.ibm.com/apidocs/resource-controller/resource-controller Power Cloud - https://cloud.ibm.com/apidocs/power-cloud + type: string + pattern: ^[a-z0-9-]+$ + url: + description: url is fully qualified URI with scheme https, that overrides the default generated endpoint for a client. This must be provided and cannot be empty. + type: string + format: uri + pattern: ^https:// + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + type: + description: type is the underlying infrastructure provider for the cluster. This value controls whether infrastructure automation such as service load balancers, dynamic volume provisioning, machine creation and deletion, and other integrations are enabled. If None, no infrastructure automation is enabled. Allowed values are "AWS", "Azure", "BareMetal", "GCP", "Libvirt", "OpenStack", "VSphere", "oVirt", "KubeVirt", "EquinixMetal", "PowerVS", "AlibabaCloud", "Nutanix" and "None". Individual components may not support all platforms, and must handle unrecognized platforms as None if they do not support that platform. + type: string + enum: + - "" + - AWS + - Azure + - BareMetal + - GCP + - Libvirt + - OpenStack + - None + - VSphere + - oVirt + - IBMCloud + - KubeVirt + - EquinixMetal + - PowerVS + - AlibabaCloud + - Nutanix + - External + vsphere: + description: VSphere contains settings specific to the VSphere infrastructure provider. + type: object + status: + description: status holds observed values from the cluster. They may not be overridden. + type: object + properties: + apiServerInternalURI: + description: apiServerInternalURL is a valid URI with scheme 'https', address and optionally a port (defaulting to 443). apiServerInternalURL can be used by components like kubelets, to contact the Kubernetes API server using the infrastructure provider rather than Kubernetes networking. + type: string + apiServerURL: + description: apiServerURL is a valid URI with scheme 'https', address and optionally a port (defaulting to 443). apiServerURL can be used by components like the web console to tell users where to find the Kubernetes API. + type: string + controlPlaneTopology: + description: controlPlaneTopology expresses the expectations for operands that normally run on control nodes. The default is 'HighlyAvailable', which represents the behavior operators have in a "normal" cluster. The 'SingleReplica' mode will be used in single-node deployments and the operators should not configure the operand for highly-available operation The 'External' mode indicates that the control plane is hosted externally to the cluster and that its components are not visible within the cluster. + type: string + default: HighlyAvailable + enum: + - HighlyAvailable + - SingleReplica + - External + etcdDiscoveryDomain: + description: 'etcdDiscoveryDomain is the domain used to fetch the SRV records for discovering etcd servers and clients. For more info: https://github.com/etcd-io/etcd/blob/329be66e8b3f9e2e6af83c123ff89297e49ebd15/Documentation/op-guide/clustering.md#dns-discovery deprecated: as of 4.7, this field is no longer set or honored. It will be removed in a future release.' + type: string + infrastructureName: + description: infrastructureName uniquely identifies a cluster with a human friendly name. Once set it should not be changed. Must be of max length 27 and must have only alphanumeric or hyphen characters. + type: string + infrastructureTopology: + description: 'infrastructureTopology expresses the expectations for infrastructure services that do not run on control plane nodes, usually indicated by a node selector for a `role` value other than `master`. The default is ''HighlyAvailable'', which represents the behavior operators have in a "normal" cluster. The ''SingleReplica'' mode will be used in single-node deployments and the operators should not configure the operand for highly-available operation NOTE: External topology mode is not applicable for this field.' + type: string + default: HighlyAvailable + enum: + - HighlyAvailable + - SingleReplica + platform: + description: "platform is the underlying infrastructure provider for the cluster. \n Deprecated: Use platformStatus.type instead." + type: string + enum: + - "" + - AWS + - Azure + - BareMetal + - GCP + - Libvirt + - OpenStack + - None + - VSphere + - oVirt + - IBMCloud + - KubeVirt + - EquinixMetal + - PowerVS + - AlibabaCloud + - Nutanix + - External + platformStatus: + description: platformStatus holds status information specific to the underlying infrastructure provider. + type: object + properties: + alibabaCloud: + description: AlibabaCloud contains settings specific to the Alibaba Cloud infrastructure provider. + type: object + required: + - region + properties: + region: + description: region specifies the region for Alibaba Cloud resources created for the cluster. + type: string + pattern: ^[0-9A-Za-z-]+$ + resourceGroupID: + description: resourceGroupID is the ID of the resource group for the cluster. + type: string + pattern: ^(rg-[0-9A-Za-z]+)?$ + resourceTags: + description: resourceTags is a list of additional tags to apply to Alibaba Cloud resources created for the cluster. + type: array + maxItems: 20 + items: + description: AlibabaCloudResourceTag is the set of tags to add to apply to resources. + type: object + required: + - key + - value + properties: + key: + description: key is the key of the tag. + type: string + maxLength: 128 + minLength: 1 + value: + description: value is the value of the tag. + type: string + maxLength: 128 + minLength: 1 + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + aws: + description: AWS contains settings specific to the Amazon Web Services infrastructure provider. + type: object + properties: + region: + description: region holds the default AWS region for new AWS resources created by the cluster. + type: string + resourceTags: + description: resourceTags is a list of additional tags to apply to AWS resources created for the cluster. See https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html for information on tagging AWS resources. AWS supports a maximum of 50 tags per resource. OpenShift reserves 25 tags for its use, leaving 25 tags available for the user. + type: array + maxItems: 25 + items: + description: AWSResourceTag is a tag to apply to AWS resources created for the cluster. + type: object + required: + - key + - value + properties: + key: + description: key is the key of the tag + type: string + maxLength: 128 + minLength: 1 + pattern: ^[0-9A-Za-z_.:/=+-@]+$ + value: + description: value is the value of the tag. Some AWS service do not support empty values. Since tags are added to resources in many services, the length of the tag value must meet the requirements of all services. + type: string + maxLength: 256 + minLength: 1 + pattern: ^[0-9A-Za-z_.:/=+-@]+$ + serviceEndpoints: + description: ServiceEndpoints list contains custom endpoints which will override default service endpoint of AWS Services. There must be only one ServiceEndpoint for a service. + type: array + items: + description: AWSServiceEndpoint store the configuration of a custom url to override existing defaults of AWS Services. + type: object + properties: + name: + description: name is the name of the AWS service. The list of all the service names can be found at https://docs.aws.amazon.com/general/latest/gr/aws-service-information.html This must be provided and cannot be empty. + type: string + pattern: ^[a-z0-9-]+$ + url: + description: url is fully qualified URI with scheme https, that overrides the default generated endpoint for a client. This must be provided and cannot be empty. + type: string + pattern: ^https:// + azure: + description: Azure contains settings specific to the Azure infrastructure provider. + type: object + properties: + armEndpoint: + description: armEndpoint specifies a URL to use for resource management in non-soverign clouds such as Azure Stack. + type: string + cloudName: + description: cloudName is the name of the Azure cloud environment which can be used to configure the Azure SDK with the appropriate Azure API endpoints. If empty, the value is equal to `AzurePublicCloud`. + type: string + enum: + - "" + - AzurePublicCloud + - AzureUSGovernmentCloud + - AzureChinaCloud + - AzureGermanCloud + - AzureStackCloud + networkResourceGroupName: + description: networkResourceGroupName is the Resource Group for network resources like the Virtual Network and Subnets used by the cluster. If empty, the value is same as ResourceGroupName. + type: string + resourceGroupName: + description: resourceGroupName is the Resource Group for new Azure resources created for the cluster. + type: string + baremetal: + description: BareMetal contains settings specific to the BareMetal platform. + type: object + properties: + apiServerInternalIP: + description: "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers. \n Deprecated: Use APIServerInternalIPs instead." + type: string + apiServerInternalIPs: + description: apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IPs otherwise only one. + type: array + format: ip + maxItems: 2 + items: + type: string + ingressIP: + description: "ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names. \n Deprecated: Use IngressIPs instead." + type: string + ingressIPs: + description: ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IPs otherwise only one. + type: array + format: ip + maxItems: 2 + items: + type: string + nodeDNSIP: + description: nodeDNSIP is the IP address for the internal DNS used by the nodes. Unlike the one managed by the DNS operator, `NodeDNSIP` provides name resolution for the nodes themselves. There is no DNS-as-a-service for BareMetal deployments. In order to minimize necessary changes to the datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames to the nodes in the cluster. + type: string + equinixMetal: + description: EquinixMetal contains settings specific to the Equinix Metal infrastructure provider. + type: object + properties: + apiServerInternalIP: + description: apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers. + type: string + ingressIP: + description: ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names. + type: string + external: + description: External contains settings specific to the generic External infrastructure provider. + type: object + gcp: + description: GCP contains settings specific to the Google Cloud Platform infrastructure provider. + type: object + properties: + projectID: + description: resourceGroupName is the Project ID for new GCP resources created for the cluster. + type: string + region: + description: region holds the region for new GCP resources created for the cluster. + type: string + ibmcloud: + description: IBMCloud contains settings specific to the IBMCloud infrastructure provider. + type: object + properties: + cisInstanceCRN: + description: CISInstanceCRN is the CRN of the Cloud Internet Services instance managing the DNS zone for the cluster's base domain + type: string + dnsInstanceCRN: + description: DNSInstanceCRN is the CRN of the DNS Services instance managing the DNS zone for the cluster's base domain + type: string + location: + description: Location is where the cluster has been deployed + type: string + providerType: + description: ProviderType indicates the type of cluster that was created + type: string + resourceGroupName: + description: ResourceGroupName is the Resource Group for new IBMCloud resources created for the cluster. + type: string + kubevirt: + description: Kubevirt contains settings specific to the kubevirt infrastructure provider. + type: object + properties: + apiServerInternalIP: + description: apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers. + type: string + ingressIP: + description: ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names. + type: string + nutanix: + description: Nutanix contains settings specific to the Nutanix infrastructure provider. + type: object + properties: + apiServerInternalIP: + description: "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers. \n Deprecated: Use APIServerInternalIPs instead." + type: string + apiServerInternalIPs: + description: apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IPs otherwise only one. + type: array + format: ip + maxItems: 2 + items: + type: string + ingressIP: + description: "ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names. \n Deprecated: Use IngressIPs instead." + type: string + ingressIPs: + description: ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IPs otherwise only one. + type: array + format: ip + maxItems: 2 + items: + type: string + openstack: + description: OpenStack contains settings specific to the OpenStack infrastructure provider. + type: object + properties: + apiServerInternalIP: + description: "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers. \n Deprecated: Use APIServerInternalIPs instead." + type: string + apiServerInternalIPs: + description: apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IPs otherwise only one. + type: array + format: ip + maxItems: 2 + items: + type: string + cloudName: + description: cloudName is the name of the desired OpenStack cloud in the client configuration file (`clouds.yaml`). + type: string + ingressIP: + description: "ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names. \n Deprecated: Use IngressIPs instead." + type: string + ingressIPs: + description: ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IPs otherwise only one. + type: array + format: ip + maxItems: 2 + items: + type: string + nodeDNSIP: + description: nodeDNSIP is the IP address for the internal DNS used by the nodes. Unlike the one managed by the DNS operator, `NodeDNSIP` provides name resolution for the nodes themselves. There is no DNS-as-a-service for OpenStack deployments. In order to minimize necessary changes to the datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames to the nodes in the cluster. + type: string + ovirt: + description: Ovirt contains settings specific to the oVirt infrastructure provider. + type: object + properties: + apiServerInternalIP: + description: "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers. \n Deprecated: Use APIServerInternalIPs instead." + type: string + apiServerInternalIPs: + description: apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IPs otherwise only one. + type: array + format: ip + maxItems: 2 + items: + type: string + ingressIP: + description: "ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names. \n Deprecated: Use IngressIPs instead." + type: string + ingressIPs: + description: ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IPs otherwise only one. + type: array + format: ip + maxItems: 2 + items: + type: string + nodeDNSIP: + description: 'deprecated: as of 4.6, this field is no longer set or honored. It will be removed in a future release.' + type: string + powervs: + description: PowerVS contains settings specific to the Power Systems Virtual Servers infrastructure provider. + type: object + properties: + cisInstanceCRN: + description: CISInstanceCRN is the CRN of the Cloud Internet Services instance managing the DNS zone for the cluster's base domain + type: string + dnsInstanceCRN: + description: DNSInstanceCRN is the CRN of the DNS Services instance managing the DNS zone for the cluster's base domain + type: string + region: + description: region holds the default Power VS region for new Power VS resources created by the cluster. + type: string + serviceEndpoints: + description: serviceEndpoints is a list of custom endpoints which will override the default service endpoints of a Power VS service. + type: array + items: + description: PowervsServiceEndpoint stores the configuration of a custom url to override existing defaults of PowerVS Services. + type: object + required: + - name + - url + properties: + name: + description: name is the name of the Power VS service. Few of the services are IAM - https://cloud.ibm.com/apidocs/iam-identity-token-api ResourceController - https://cloud.ibm.com/apidocs/resource-controller/resource-controller Power Cloud - https://cloud.ibm.com/apidocs/power-cloud + type: string + pattern: ^[a-z0-9-]+$ + url: + description: url is fully qualified URI with scheme https, that overrides the default generated endpoint for a client. This must be provided and cannot be empty. + type: string + format: uri + pattern: ^https:// + zone: + description: 'zone holds the default zone for the new Power VS resources created by the cluster. Note: Currently only single-zone OCP clusters are supported' + type: string + type: + description: "type is the underlying infrastructure provider for the cluster. This value controls whether infrastructure automation such as service load balancers, dynamic volume provisioning, machine creation and deletion, and other integrations are enabled. If None, no infrastructure automation is enabled. Allowed values are \"AWS\", \"Azure\", \"BareMetal\", \"GCP\", \"Libvirt\", \"OpenStack\", \"VSphere\", \"oVirt\", \"EquinixMetal\", \"PowerVS\", \"AlibabaCloud\", \"Nutanix\" and \"None\". Individual components may not support all platforms, and must handle unrecognized platforms as None if they do not support that platform. \n This value will be synced with to the `status.platform` and `status.platformStatus.type`. Currently this value cannot be changed once set." + type: string + enum: + - "" + - AWS + - Azure + - BareMetal + - GCP + - Libvirt + - OpenStack + - None + - VSphere + - oVirt + - IBMCloud + - KubeVirt + - EquinixMetal + - PowerVS + - AlibabaCloud + - Nutanix + - External + vsphere: + description: VSphere contains settings specific to the VSphere infrastructure provider. + type: object + properties: + apiServerInternalIP: + description: "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers. \n Deprecated: Use APIServerInternalIPs instead." + type: string + apiServerInternalIPs: + description: apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IPs otherwise only one. + type: array + format: ip + maxItems: 2 + items: + type: string + ingressIP: + description: "ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names. \n Deprecated: Use IngressIPs instead." + type: string + ingressIPs: + description: ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IPs otherwise only one. + type: array + format: ip + maxItems: 2 + items: + type: string + nodeDNSIP: + description: nodeDNSIP is the IP address for the internal DNS used by the nodes. Unlike the one managed by the DNS operator, `NodeDNSIP` provides name resolution for the nodes themselves. There is no DNS-as-a-service for vSphere deployments. In order to minimize necessary changes to the datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames to the nodes in the cluster. + type: string + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-TechPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-TechPreviewNoUpgrade.crd.yaml new file mode 100644 index 0000000000..01eeb09289 --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-TechPreviewNoUpgrade.crd.yaml @@ -0,0 +1,789 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/470 + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" + release.openshift.io/feature-set: TechPreviewNoUpgrade + name: infrastructures.config.openshift.io +spec: + group: config.openshift.io + names: + kind: Infrastructure + listKind: InfrastructureList + plural: infrastructures + singular: infrastructure + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: "Infrastructure holds cluster-wide information about Infrastructure. The canonical name is `cluster` \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + properties: + cloudConfig: + description: "cloudConfig is a reference to a ConfigMap containing the cloud provider configuration file. This configuration file is used to configure the Kubernetes cloud provider integration when using the built-in cloud provider integration or the external cloud controller manager. The namespace for this config map is openshift-config. \n cloudConfig should only be consumed by the kube_cloud_config controller. The controller is responsible for using the user configuration in the spec for various platforms and combining that with the user provided ConfigMap in this field to create a stitched kube cloud config. The controller generates a ConfigMap `kube-cloud-config` in `openshift-config-managed` namespace with the kube cloud config is stored in `cloud.conf` key. All the clients are expected to use the generated ConfigMap only." + properties: + key: + description: Key allows pointing to a specific key/value inside of the configmap. This is useful for logical file references. + type: string + name: + type: string + type: object + platformSpec: + description: platformSpec holds desired information specific to the underlying infrastructure provider. + properties: + alibabaCloud: + description: AlibabaCloud contains settings specific to the Alibaba Cloud infrastructure provider. + type: object + aws: + description: AWS contains settings specific to the Amazon Web Services infrastructure provider. + properties: + serviceEndpoints: + description: serviceEndpoints list contains custom endpoints which will override default service endpoint of AWS Services. There must be only one ServiceEndpoint for a service. + items: + description: AWSServiceEndpoint store the configuration of a custom url to override existing defaults of AWS Services. + properties: + name: + description: name is the name of the AWS service. The list of all the service names can be found at https://docs.aws.amazon.com/general/latest/gr/aws-service-information.html This must be provided and cannot be empty. + pattern: ^[a-z0-9-]+$ + type: string + url: + description: url is fully qualified URI with scheme https, that overrides the default generated endpoint for a client. This must be provided and cannot be empty. + pattern: ^https:// + type: string + type: object + type: array + type: object + azure: + description: Azure contains settings specific to the Azure infrastructure provider. + type: object + baremetal: + description: BareMetal contains settings specific to the BareMetal platform. + type: object + equinixMetal: + description: EquinixMetal contains settings specific to the Equinix Metal infrastructure provider. + type: object + external: + description: ExternalPlatformType represents generic infrastructure provider. Platform-specific components should be supplemented separately. + properties: + cloudControllerManager: + description: CloudControllerManager contains settings specific to the external Cloud Controller Manager (a.k.a. CCM or CPI) + properties: + state: + description: "state determines whether or not an external Cloud Controller Manager is expected to be installed within the cluster. https://kubernetes.io/docs/tasks/administer-cluster/running-cloud-controller/#running-cloud-controller-manager \n When set to \"External\", new nodes will be tainted as uninitialized when created, preventing them from running workloads until they are initialized by the cloud controller manager. When omitted or set to \"None\", new nodes will be not tainted and no extra initialization from the cloud controller manager is expected." + enum: + - "" + - External + - None + type: string + type: object + platformName: + default: Unknown + description: PlatformName holds the arbitrary string representing the infrastructure provider name, expected to be set at the installation time. This field is solely for informational and reporting purposes and is not expected to be used for decision-making. + type: string + x-kubernetes-validations: + - message: platform name cannot be changed once set + rule: oldSelf == 'Unknown' || self == oldSelf + type: object + gcp: + description: GCP contains settings specific to the Google Cloud Platform infrastructure provider. + type: object + ibmcloud: + description: IBMCloud contains settings specific to the IBMCloud infrastructure provider. + type: object + kubevirt: + description: Kubevirt contains settings specific to the kubevirt infrastructure provider. + type: object + nutanix: + description: Nutanix contains settings specific to the Nutanix infrastructure provider. + properties: + prismCentral: + description: prismCentral holds the endpoint address and port to access the Nutanix Prism Central. When a cluster-wide proxy is installed, by default, this endpoint will be accessed via the proxy. Should you wish for communication with this endpoint not to be proxied, please add the endpoint to the proxy spec.noProxy list. + properties: + address: + description: address is the endpoint address (DNS name or IP address) of the Nutanix Prism Central or Element (cluster) + maxLength: 256 + type: string + port: + description: port is the port number to access the Nutanix Prism Central or Element (cluster) + format: int32 + maximum: 65535 + minimum: 1 + type: integer + required: + - address + - port + type: object + prismElements: + description: prismElements holds one or more endpoint address and port data to access the Nutanix Prism Elements (clusters) of the Nutanix Prism Central. Currently we only support one Prism Element (cluster) for an OpenShift cluster, where all the Nutanix resources (VMs, subnets, volumes, etc.) used in the OpenShift cluster are located. In the future, we may support Nutanix resources (VMs, etc.) spread over multiple Prism Elements (clusters) of the Prism Central. + items: + description: NutanixPrismElementEndpoint holds the name and endpoint data for a Prism Element (cluster) + properties: + endpoint: + description: endpoint holds the endpoint address and port data of the Prism Element (cluster). When a cluster-wide proxy is installed, by default, this endpoint will be accessed via the proxy. Should you wish for communication with this endpoint not to be proxied, please add the endpoint to the proxy spec.noProxy list. + properties: + address: + description: address is the endpoint address (DNS name or IP address) of the Nutanix Prism Central or Element (cluster) + maxLength: 256 + type: string + port: + description: port is the port number to access the Nutanix Prism Central or Element (cluster) + format: int32 + maximum: 65535 + minimum: 1 + type: integer + required: + - address + - port + type: object + name: + description: name is the name of the Prism Element (cluster). This value will correspond with the cluster field configured on other resources (eg Machines, PVCs, etc). + maxLength: 256 + type: string + required: + - endpoint + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + required: + - prismCentral + - prismElements + type: object + openstack: + description: OpenStack contains settings specific to the OpenStack infrastructure provider. + type: object + ovirt: + description: Ovirt contains settings specific to the oVirt infrastructure provider. + type: object + powervs: + description: PowerVS contains settings specific to the IBM Power Systems Virtual Servers infrastructure provider. + properties: + serviceEndpoints: + description: serviceEndpoints is a list of custom endpoints which will override the default service endpoints of a Power VS service. + items: + description: PowervsServiceEndpoint stores the configuration of a custom url to override existing defaults of PowerVS Services. + properties: + name: + description: name is the name of the Power VS service. Few of the services are IAM - https://cloud.ibm.com/apidocs/iam-identity-token-api ResourceController - https://cloud.ibm.com/apidocs/resource-controller/resource-controller Power Cloud - https://cloud.ibm.com/apidocs/power-cloud + pattern: ^[a-z0-9-]+$ + type: string + url: + description: url is fully qualified URI with scheme https, that overrides the default generated endpoint for a client. This must be provided and cannot be empty. + format: uri + pattern: ^https:// + type: string + required: + - name + - url + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + type: object + type: + description: type is the underlying infrastructure provider for the cluster. This value controls whether infrastructure automation such as service load balancers, dynamic volume provisioning, machine creation and deletion, and other integrations are enabled. If None, no infrastructure automation is enabled. Allowed values are "AWS", "Azure", "BareMetal", "GCP", "Libvirt", "OpenStack", "VSphere", "oVirt", "KubeVirt", "EquinixMetal", "PowerVS", "AlibabaCloud", "Nutanix" and "None". Individual components may not support all platforms, and must handle unrecognized platforms as None if they do not support that platform. + enum: + - "" + - AWS + - Azure + - BareMetal + - GCP + - Libvirt + - OpenStack + - None + - VSphere + - oVirt + - IBMCloud + - KubeVirt + - EquinixMetal + - PowerVS + - AlibabaCloud + - Nutanix + - External + type: string + vsphere: + description: VSphere contains settings specific to the VSphere infrastructure provider. + properties: + failureDomains: + description: failureDomains contains the definition of region, zone and the vCenter topology. If this is omitted failure domains (regions and zones) will not be used. + items: + description: VSpherePlatformFailureDomainSpec holds the region and zone failure domain and the vCenter topology of that failure domain. + properties: + name: + description: name defines the arbitrary but unique name of a failure domain. + maxLength: 256 + minLength: 1 + type: string + region: + description: region defines the name of a region tag that will be attached to a vCenter datacenter. The tag category in vCenter must be named openshift-region. + maxLength: 80 + minLength: 1 + type: string + server: + anyOf: + - format: ipv4 + - format: ipv6 + - format: hostname + description: server is the fully-qualified domain name or the IP address of the vCenter server. --- + maxLength: 255 + minLength: 1 + type: string + topology: + description: Topology describes a given failure domain using vSphere constructs + properties: + computeCluster: + description: computeCluster the absolute path of the vCenter cluster in which virtual machine will be located. The absolute path is of the form //host/. The maximum length of the path is 2048 characters. + maxLength: 2048 + pattern: ^/.*?/host/.*? + type: string + datacenter: + description: datacenter is the name of vCenter datacenter in which virtual machines will be located. The maximum length of the datacenter name is 80 characters. + maxLength: 80 + type: string + datastore: + description: datastore is the absolute path of the datastore in which the virtual machine is located. The absolute path is of the form //datastore/ The maximum length of the path is 2048 characters. + maxLength: 2048 + pattern: ^/.*?/datastore/.*? + type: string + folder: + description: folder is the absolute path of the folder where virtual machines are located. The absolute path is of the form //vm/. The maximum length of the path is 2048 characters. + maxLength: 2048 + pattern: ^/.*?/vm/.*? + type: string + networks: + description: networks is the list of port group network names within this failure domain. Currently, we only support a single interface per RHCOS virtual machine. The available networks (port groups) can be listed using `govc ls 'network/*'` The single interface should be the absolute path of the form //network/. + items: + type: string + maxItems: 1 + minItems: 1 + type: array + resourcePool: + description: resourcePool is the absolute path of the resource pool where virtual machines will be created. The absolute path is of the form //host//Resources/. The maximum length of the path is 2048 characters. + maxLength: 2048 + pattern: ^/.*?/host/.*?/Resources.* + type: string + required: + - computeCluster + - datacenter + - datastore + - networks + type: object + zone: + description: zone defines the name of a zone tag that will be attached to a vCenter cluster. The tag category in vCenter must be named openshift-zone. + maxLength: 80 + minLength: 1 + type: string + required: + - name + - region + - server + - topology + - zone + type: object + type: array + nodeNetworking: + description: nodeNetworking contains the definition of internal and external network constraints for assigning the node's networking. If this field is omitted, networking defaults to the legacy address selection behavior which is to only support a single address and return the first one found. + properties: + external: + description: external represents the network configuration of the node that is externally routable. + properties: + excludeNetworkSubnetCidr: + description: excludeNetworkSubnetCidr IP addresses in subnet ranges will be excluded when selecting the IP address from the VirtualMachine's VM for use in the status.addresses fields. --- + items: + format: cidr + type: string + type: array + network: + description: network VirtualMachine's VM Network names that will be used to when searching for status.addresses fields. Note that if internal.networkSubnetCIDR and external.networkSubnetCIDR are not set, then the vNIC associated to this network must only have a single IP address assigned to it. The available networks (port groups) can be listed using `govc ls 'network/*'` + type: string + networkSubnetCidr: + description: networkSubnetCidr IP address on VirtualMachine's network interfaces included in the fields' CIDRs that will be used in respective status.addresses fields. --- + items: + format: cidr + type: string + type: array + type: object + internal: + description: internal represents the network configuration of the node that is routable only within the cluster. + properties: + excludeNetworkSubnetCidr: + description: excludeNetworkSubnetCidr IP addresses in subnet ranges will be excluded when selecting the IP address from the VirtualMachine's VM for use in the status.addresses fields. --- + items: + format: cidr + type: string + type: array + network: + description: network VirtualMachine's VM Network names that will be used to when searching for status.addresses fields. Note that if internal.networkSubnetCIDR and external.networkSubnetCIDR are not set, then the vNIC associated to this network must only have a single IP address assigned to it. The available networks (port groups) can be listed using `govc ls 'network/*'` + type: string + networkSubnetCidr: + description: networkSubnetCidr IP address on VirtualMachine's network interfaces included in the fields' CIDRs that will be used in respective status.addresses fields. --- + items: + format: cidr + type: string + type: array + type: object + type: object + vcenters: + description: vcenters holds the connection details for services to communicate with vCenter. Currently, only a single vCenter is supported. --- + items: + description: VSpherePlatformVCenterSpec stores the vCenter connection fields. This is used by the vSphere CCM. + properties: + datacenters: + description: The vCenter Datacenters in which the RHCOS vm guests are located. This field will be used by the Cloud Controller Manager. Each datacenter listed here should be used within a topology. + items: + type: string + minItems: 1 + type: array + port: + description: port is the TCP port that will be used to communicate to the vCenter endpoint. When omitted, this means the user has no opinion and it is up to the platform to choose a sensible default, which is subject to change over time. + format: int32 + maximum: 32767 + minimum: 1 + type: integer + server: + anyOf: + - format: ipv4 + - format: ipv6 + - format: hostname + description: server is the fully-qualified domain name or the IP address of the vCenter server. --- + maxLength: 255 + type: string + required: + - datacenters + - server + type: object + maxItems: 1 + minItems: 0 + type: array + type: object + type: object + type: object + status: + description: status holds observed values from the cluster. They may not be overridden. + properties: + apiServerInternalURI: + description: apiServerInternalURL is a valid URI with scheme 'https', address and optionally a port (defaulting to 443). apiServerInternalURL can be used by components like kubelets, to contact the Kubernetes API server using the infrastructure provider rather than Kubernetes networking. + type: string + apiServerURL: + description: apiServerURL is a valid URI with scheme 'https', address and optionally a port (defaulting to 443). apiServerURL can be used by components like the web console to tell users where to find the Kubernetes API. + type: string + controlPlaneTopology: + default: HighlyAvailable + description: controlPlaneTopology expresses the expectations for operands that normally run on control nodes. The default is 'HighlyAvailable', which represents the behavior operators have in a "normal" cluster. The 'SingleReplica' mode will be used in single-node deployments and the operators should not configure the operand for highly-available operation The 'External' mode indicates that the control plane is hosted externally to the cluster and that its components are not visible within the cluster. + enum: + - HighlyAvailable + - SingleReplica + - External + type: string + etcdDiscoveryDomain: + description: 'etcdDiscoveryDomain is the domain used to fetch the SRV records for discovering etcd servers and clients. For more info: https://github.com/etcd-io/etcd/blob/329be66e8b3f9e2e6af83c123ff89297e49ebd15/Documentation/op-guide/clustering.md#dns-discovery deprecated: as of 4.7, this field is no longer set or honored. It will be removed in a future release.' + type: string + infrastructureName: + description: infrastructureName uniquely identifies a cluster with a human friendly name. Once set it should not be changed. Must be of max length 27 and must have only alphanumeric or hyphen characters. + type: string + infrastructureTopology: + default: HighlyAvailable + description: 'infrastructureTopology expresses the expectations for infrastructure services that do not run on control plane nodes, usually indicated by a node selector for a `role` value other than `master`. The default is ''HighlyAvailable'', which represents the behavior operators have in a "normal" cluster. The ''SingleReplica'' mode will be used in single-node deployments and the operators should not configure the operand for highly-available operation NOTE: External topology mode is not applicable for this field.' + enum: + - HighlyAvailable + - SingleReplica + type: string + platform: + description: "platform is the underlying infrastructure provider for the cluster. \n Deprecated: Use platformStatus.type instead." + enum: + - "" + - AWS + - Azure + - BareMetal + - GCP + - Libvirt + - OpenStack + - None + - VSphere + - oVirt + - IBMCloud + - KubeVirt + - EquinixMetal + - PowerVS + - AlibabaCloud + - Nutanix + - External + type: string + platformStatus: + description: platformStatus holds status information specific to the underlying infrastructure provider. + properties: + alibabaCloud: + description: AlibabaCloud contains settings specific to the Alibaba Cloud infrastructure provider. + properties: + region: + description: region specifies the region for Alibaba Cloud resources created for the cluster. + pattern: ^[0-9A-Za-z-]+$ + type: string + resourceGroupID: + description: resourceGroupID is the ID of the resource group for the cluster. + pattern: ^(rg-[0-9A-Za-z]+)?$ + type: string + resourceTags: + description: resourceTags is a list of additional tags to apply to Alibaba Cloud resources created for the cluster. + items: + description: AlibabaCloudResourceTag is the set of tags to add to apply to resources. + properties: + key: + description: key is the key of the tag. + maxLength: 128 + minLength: 1 + type: string + value: + description: value is the value of the tag. + maxLength: 128 + minLength: 1 + type: string + required: + - key + - value + type: object + maxItems: 20 + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + required: + - region + type: object + aws: + description: AWS contains settings specific to the Amazon Web Services infrastructure provider. + properties: + region: + description: region holds the default AWS region for new AWS resources created by the cluster. + type: string + resourceTags: + description: resourceTags is a list of additional tags to apply to AWS resources created for the cluster. See https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html for information on tagging AWS resources. AWS supports a maximum of 50 tags per resource. OpenShift reserves 25 tags for its use, leaving 25 tags available for the user. + items: + description: AWSResourceTag is a tag to apply to AWS resources created for the cluster. + properties: + key: + description: key is the key of the tag + maxLength: 128 + minLength: 1 + pattern: ^[0-9A-Za-z_.:/=+-@]+$ + type: string + value: + description: value is the value of the tag. Some AWS service do not support empty values. Since tags are added to resources in many services, the length of the tag value must meet the requirements of all services. + maxLength: 256 + minLength: 1 + pattern: ^[0-9A-Za-z_.:/=+-@]+$ + type: string + required: + - key + - value + type: object + maxItems: 25 + type: array + serviceEndpoints: + description: ServiceEndpoints list contains custom endpoints which will override default service endpoint of AWS Services. There must be only one ServiceEndpoint for a service. + items: + description: AWSServiceEndpoint store the configuration of a custom url to override existing defaults of AWS Services. + properties: + name: + description: name is the name of the AWS service. The list of all the service names can be found at https://docs.aws.amazon.com/general/latest/gr/aws-service-information.html This must be provided and cannot be empty. + pattern: ^[a-z0-9-]+$ + type: string + url: + description: url is fully qualified URI with scheme https, that overrides the default generated endpoint for a client. This must be provided and cannot be empty. + pattern: ^https:// + type: string + type: object + type: array + type: object + azure: + description: Azure contains settings specific to the Azure infrastructure provider. + properties: + armEndpoint: + description: armEndpoint specifies a URL to use for resource management in non-soverign clouds such as Azure Stack. + type: string + cloudName: + description: cloudName is the name of the Azure cloud environment which can be used to configure the Azure SDK with the appropriate Azure API endpoints. If empty, the value is equal to `AzurePublicCloud`. + enum: + - "" + - AzurePublicCloud + - AzureUSGovernmentCloud + - AzureChinaCloud + - AzureGermanCloud + - AzureStackCloud + type: string + networkResourceGroupName: + description: networkResourceGroupName is the Resource Group for network resources like the Virtual Network and Subnets used by the cluster. If empty, the value is same as ResourceGroupName. + type: string + resourceGroupName: + description: resourceGroupName is the Resource Group for new Azure resources created for the cluster. + type: string + type: object + baremetal: + description: BareMetal contains settings specific to the BareMetal platform. + properties: + apiServerInternalIP: + description: "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers. \n Deprecated: Use APIServerInternalIPs instead." + type: string + apiServerInternalIPs: + description: apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IPs otherwise only one. + format: ip + items: + type: string + maxItems: 2 + type: array + ingressIP: + description: "ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names. \n Deprecated: Use IngressIPs instead." + type: string + ingressIPs: + description: ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IPs otherwise only one. + format: ip + items: + type: string + maxItems: 2 + type: array + nodeDNSIP: + description: nodeDNSIP is the IP address for the internal DNS used by the nodes. Unlike the one managed by the DNS operator, `NodeDNSIP` provides name resolution for the nodes themselves. There is no DNS-as-a-service for BareMetal deployments. In order to minimize necessary changes to the datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames to the nodes in the cluster. + type: string + type: object + equinixMetal: + description: EquinixMetal contains settings specific to the Equinix Metal infrastructure provider. + properties: + apiServerInternalIP: + description: apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers. + type: string + ingressIP: + description: ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names. + type: string + type: object + external: + description: External contains settings specific to the generic External infrastructure provider. + type: object + gcp: + description: GCP contains settings specific to the Google Cloud Platform infrastructure provider. + properties: + projectID: + description: resourceGroupName is the Project ID for new GCP resources created for the cluster. + type: string + region: + description: region holds the region for new GCP resources created for the cluster. + type: string + type: object + ibmcloud: + description: IBMCloud contains settings specific to the IBMCloud infrastructure provider. + properties: + cisInstanceCRN: + description: CISInstanceCRN is the CRN of the Cloud Internet Services instance managing the DNS zone for the cluster's base domain + type: string + dnsInstanceCRN: + description: DNSInstanceCRN is the CRN of the DNS Services instance managing the DNS zone for the cluster's base domain + type: string + location: + description: Location is where the cluster has been deployed + type: string + providerType: + description: ProviderType indicates the type of cluster that was created + type: string + resourceGroupName: + description: ResourceGroupName is the Resource Group for new IBMCloud resources created for the cluster. + type: string + type: object + kubevirt: + description: Kubevirt contains settings specific to the kubevirt infrastructure provider. + properties: + apiServerInternalIP: + description: apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers. + type: string + ingressIP: + description: ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names. + type: string + type: object + nutanix: + description: Nutanix contains settings specific to the Nutanix infrastructure provider. + properties: + apiServerInternalIP: + description: "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers. \n Deprecated: Use APIServerInternalIPs instead." + type: string + apiServerInternalIPs: + description: apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IPs otherwise only one. + format: ip + items: + type: string + maxItems: 2 + type: array + ingressIP: + description: "ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names. \n Deprecated: Use IngressIPs instead." + type: string + ingressIPs: + description: ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IPs otherwise only one. + format: ip + items: + type: string + maxItems: 2 + type: array + type: object + openstack: + description: OpenStack contains settings specific to the OpenStack infrastructure provider. + properties: + apiServerInternalIP: + description: "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers. \n Deprecated: Use APIServerInternalIPs instead." + type: string + apiServerInternalIPs: + description: apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IPs otherwise only one. + format: ip + items: + type: string + maxItems: 2 + type: array + cloudName: + description: cloudName is the name of the desired OpenStack cloud in the client configuration file (`clouds.yaml`). + type: string + ingressIP: + description: "ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names. \n Deprecated: Use IngressIPs instead." + type: string + ingressIPs: + description: ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IPs otherwise only one. + format: ip + items: + type: string + maxItems: 2 + type: array + nodeDNSIP: + description: nodeDNSIP is the IP address for the internal DNS used by the nodes. Unlike the one managed by the DNS operator, `NodeDNSIP` provides name resolution for the nodes themselves. There is no DNS-as-a-service for OpenStack deployments. In order to minimize necessary changes to the datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames to the nodes in the cluster. + type: string + type: object + ovirt: + description: Ovirt contains settings specific to the oVirt infrastructure provider. + properties: + apiServerInternalIP: + description: "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers. \n Deprecated: Use APIServerInternalIPs instead." + type: string + apiServerInternalIPs: + description: apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IPs otherwise only one. + format: ip + items: + type: string + maxItems: 2 + type: array + ingressIP: + description: "ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names. \n Deprecated: Use IngressIPs instead." + type: string + ingressIPs: + description: ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IPs otherwise only one. + format: ip + items: + type: string + maxItems: 2 + type: array + nodeDNSIP: + description: 'deprecated: as of 4.6, this field is no longer set or honored. It will be removed in a future release.' + type: string + type: object + powervs: + description: PowerVS contains settings specific to the Power Systems Virtual Servers infrastructure provider. + properties: + cisInstanceCRN: + description: CISInstanceCRN is the CRN of the Cloud Internet Services instance managing the DNS zone for the cluster's base domain + type: string + dnsInstanceCRN: + description: DNSInstanceCRN is the CRN of the DNS Services instance managing the DNS zone for the cluster's base domain + type: string + region: + description: region holds the default Power VS region for new Power VS resources created by the cluster. + type: string + serviceEndpoints: + description: serviceEndpoints is a list of custom endpoints which will override the default service endpoints of a Power VS service. + items: + description: PowervsServiceEndpoint stores the configuration of a custom url to override existing defaults of PowerVS Services. + properties: + name: + description: name is the name of the Power VS service. Few of the services are IAM - https://cloud.ibm.com/apidocs/iam-identity-token-api ResourceController - https://cloud.ibm.com/apidocs/resource-controller/resource-controller Power Cloud - https://cloud.ibm.com/apidocs/power-cloud + pattern: ^[a-z0-9-]+$ + type: string + url: + description: url is fully qualified URI with scheme https, that overrides the default generated endpoint for a client. This must be provided and cannot be empty. + format: uri + pattern: ^https:// + type: string + required: + - name + - url + type: object + type: array + zone: + description: 'zone holds the default zone for the new Power VS resources created by the cluster. Note: Currently only single-zone OCP clusters are supported' + type: string + type: object + type: + description: "type is the underlying infrastructure provider for the cluster. This value controls whether infrastructure automation such as service load balancers, dynamic volume provisioning, machine creation and deletion, and other integrations are enabled. If None, no infrastructure automation is enabled. Allowed values are \"AWS\", \"Azure\", \"BareMetal\", \"GCP\", \"Libvirt\", \"OpenStack\", \"VSphere\", \"oVirt\", \"EquinixMetal\", \"PowerVS\", \"AlibabaCloud\", \"Nutanix\" and \"None\". Individual components may not support all platforms, and must handle unrecognized platforms as None if they do not support that platform. \n This value will be synced with to the `status.platform` and `status.platformStatus.type`. Currently this value cannot be changed once set." + enum: + - "" + - AWS + - Azure + - BareMetal + - GCP + - Libvirt + - OpenStack + - None + - VSphere + - oVirt + - IBMCloud + - KubeVirt + - EquinixMetal + - PowerVS + - AlibabaCloud + - Nutanix + - External + type: string + vsphere: + description: VSphere contains settings specific to the VSphere infrastructure provider. + properties: + apiServerInternalIP: + description: "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers. \n Deprecated: Use APIServerInternalIPs instead." + type: string + apiServerInternalIPs: + description: apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IPs otherwise only one. + format: ip + items: + type: string + maxItems: 2 + type: array + ingressIP: + description: "ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names. \n Deprecated: Use IngressIPs instead." + type: string + ingressIPs: + description: ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IPs otherwise only one. + format: ip + items: + type: string + maxItems: 2 + type: array + nodeDNSIP: + description: nodeDNSIP is the IP address for the internal DNS used by the nodes. Unlike the one managed by the DNS operator, `NodeDNSIP` provides name resolution for the nodes themselves. There is no DNS-as-a-service for vSphere deployments. In order to minimize necessary changes to the datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames to the nodes in the cluster. + type: string + type: object + type: object + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-TechPreviewNoUpgrade.crd.yaml-patch b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-TechPreviewNoUpgrade.crd.yaml-patch new file mode 100644 index 0000000000..d127130add --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-TechPreviewNoUpgrade.crd.yaml-patch @@ -0,0 +1,24 @@ +- op: add + path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/spec/properties/platformSpec/properties/vsphere/properties/vcenters/items/properties/server/anyOf + value: + - format: ipv4 + - format: ipv6 + - format: hostname +- op: add + path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/spec/properties/platformSpec/properties/vsphere/properties/failureDomains/items/properties/server/anyOf + value: + - format: ipv4 + - format: ipv6 + - format: hostname +- op: add + path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/spec/properties/platformSpec/properties/vsphere/properties/nodeNetworking/properties/external/properties/excludeNetworkSubnetCidr/items/format + value: cidr +- op: add + path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/spec/properties/platformSpec/properties/vsphere/properties/nodeNetworking/properties/external/properties/networkSubnetCidr/items/format + value: cidr +- op: add + path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/spec/properties/platformSpec/properties/vsphere/properties/nodeNetworking/properties/internal/properties/excludeNetworkSubnetCidr/items/format + value: cidr +- op: add + path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/spec/properties/platformSpec/properties/vsphere/properties/nodeNetworking/properties/internal/properties/networkSubnetCidr/items/format + value: cidr diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_ingress.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_ingress.crd.yaml new file mode 100644 index 0000000000..0d7dec19e5 --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_ingress.crd.yaml @@ -0,0 +1,334 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/470 + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" + name: ingresses.config.openshift.io +spec: + group: config.openshift.io + names: + kind: Ingress + listKind: IngressList + plural: ingresses + singular: ingress + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: "Ingress holds cluster-wide information about ingress, including the default ingress domain used for routes. The canonical name is `cluster`. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + type: object + properties: + appsDomain: + description: appsDomain is an optional domain to use instead of the one specified in the domain field when a Route is created without specifying an explicit host. If appsDomain is nonempty, this value is used to generate default host values for Route. Unlike domain, appsDomain may be modified after installation. This assumes a new ingresscontroller has been setup with a wildcard certificate. + type: string + componentRoutes: + description: "componentRoutes is an optional list of routes that are managed by OpenShift components that a cluster-admin is able to configure the hostname and serving certificate for. The namespace and name of each route in this list should match an existing entry in the status.componentRoutes list. \n To determine the set of configurable Routes, look at namespace and name of entries in the .status.componentRoutes list, where participating operators write the status of configurable routes." + type: array + items: + description: ComponentRouteSpec allows for configuration of a route's hostname and serving certificate. + type: object + required: + - hostname + - name + - namespace + properties: + hostname: + description: hostname is the hostname that should be used by the route. + type: string + pattern: ^([a-zA-Z0-9\p{S}\p{L}]((-?[a-zA-Z0-9\p{S}\p{L}]{0,62})?)|([a-zA-Z0-9\p{S}\p{L}](([a-zA-Z0-9-\p{S}\p{L}]{0,61}[a-zA-Z0-9\p{S}\p{L}])?)(\.)){1,}([a-zA-Z\p{L}]){2,63})$|^(([a-z0-9][-a-z0-9]{0,61}[a-z0-9]|[a-z0-9]{1,63})[\.]){0,}([a-z0-9][-a-z0-9]{0,61}[a-z0-9]|[a-z0-9]{1,63})$ + name: + description: "name is the logical name of the route to customize. \n The namespace and name of this componentRoute must match a corresponding entry in the list of status.componentRoutes if the route is to be customized." + type: string + maxLength: 256 + minLength: 1 + namespace: + description: "namespace is the namespace of the route to customize. \n The namespace and name of this componentRoute must match a corresponding entry in the list of status.componentRoutes if the route is to be customized." + type: string + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + servingCertKeyPairSecret: + description: servingCertKeyPairSecret is a reference to a secret of type `kubernetes.io/tls` in the openshift-config namespace. The serving cert/key pair must match and will be used by the operator to fulfill the intent of serving with this name. If the custom hostname uses the default routing suffix of the cluster, the Secret specification for a serving certificate will not be needed. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced secret + type: string + x-kubernetes-list-map-keys: + - namespace + - name + x-kubernetes-list-type: map + domain: + description: "domain is used to generate a default host name for a route when the route's host name is empty. The generated host name will follow this pattern: \"..\". \n It is also used as the default wildcard domain suffix for ingress. The default ingresscontroller domain will follow this pattern: \"*.\". \n Once set, changing domain is not currently supported." + type: string + loadBalancer: + description: loadBalancer contains the load balancer details in general which are not only specific to the underlying infrastructure provider of the current cluster and are required for Ingress Controller to work on OpenShift. + type: object + properties: + platform: + description: platform holds configuration specific to the underlying infrastructure provider for the ingress load balancers. When omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. + type: object + properties: + aws: + description: aws contains settings specific to the Amazon Web Services infrastructure provider. + type: object + required: + - type + properties: + type: + description: "type allows user to set a load balancer type. When this field is set the default ingresscontroller will get created using the specified LBType. If this field is not set then the default ingress controller of LBType Classic will be created. Valid values are: \n * \"Classic\": A Classic Load Balancer that makes routing decisions at either the transport layer (TCP/SSL) or the application layer (HTTP/HTTPS). See the following for additional details: \n https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#clb \n * \"NLB\": A Network Load Balancer that makes routing decisions at the transport layer (TCP/SSL). See the following for additional details: \n https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#nlb" + type: string + enum: + - NLB + - Classic + type: + description: type is the underlying infrastructure provider for the cluster. Allowed values are "AWS", "Azure", "BareMetal", "GCP", "Libvirt", "OpenStack", "VSphere", "oVirt", "KubeVirt", "EquinixMetal", "PowerVS", "AlibabaCloud", "Nutanix" and "None". Individual components may not support all platforms, and must handle unrecognized platforms as None if they do not support that platform. + type: string + enum: + - "" + - AWS + - Azure + - BareMetal + - GCP + - Libvirt + - OpenStack + - None + - VSphere + - oVirt + - IBMCloud + - KubeVirt + - EquinixMetal + - PowerVS + - AlibabaCloud + - Nutanix + - External + requiredHSTSPolicies: + description: "requiredHSTSPolicies specifies HSTS policies that are required to be set on newly created or updated routes matching the domainPattern/s and namespaceSelector/s that are specified in the policy. Each requiredHSTSPolicy must have at least a domainPattern and a maxAge to validate a route HSTS Policy route annotation, and affect route admission. \n A candidate route is checked for HSTS Policies if it has the HSTS Policy route annotation: \"haproxy.router.openshift.io/hsts_header\" E.g. haproxy.router.openshift.io/hsts_header: max-age=31536000;preload;includeSubDomains \n - For each candidate route, if it matches a requiredHSTSPolicy domainPattern and optional namespaceSelector, then the maxAge, preloadPolicy, and includeSubdomainsPolicy must be valid to be admitted. Otherwise, the route is rejected. - The first match, by domainPattern and optional namespaceSelector, in the ordering of the RequiredHSTSPolicies determines the route's admission status. - If the candidate route doesn't match any requiredHSTSPolicy domainPattern and optional namespaceSelector, then it may use any HSTS Policy annotation. \n The HSTS policy configuration may be changed after routes have already been created. An update to a previously admitted route may then fail if the updated route does not conform to the updated HSTS policy configuration. However, changing the HSTS policy configuration will not cause a route that is already admitted to stop working. \n Note that if there are no RequiredHSTSPolicies, any HSTS Policy annotation on the route is valid." + type: array + items: + type: object + required: + - domainPatterns + properties: + domainPatterns: + description: "domainPatterns is a list of domains for which the desired HSTS annotations are required. If domainPatterns is specified and a route is created with a spec.host matching one of the domains, the route must specify the HSTS Policy components described in the matching RequiredHSTSPolicy. \n The use of wildcards is allowed like this: *.foo.com matches everything under foo.com. foo.com only matches foo.com, so to cover foo.com and everything under it, you must specify *both*." + type: array + minItems: 1 + items: + type: string + includeSubDomainsPolicy: + description: 'includeSubDomainsPolicy means the HSTS Policy should apply to any subdomains of the host''s domain name. Thus, for the host bar.foo.com, if includeSubDomainsPolicy was set to RequireIncludeSubDomains: - the host app.bar.foo.com would inherit the HSTS Policy of bar.foo.com - the host bar.foo.com would inherit the HSTS Policy of bar.foo.com - the host foo.com would NOT inherit the HSTS Policy of bar.foo.com - the host def.foo.com would NOT inherit the HSTS Policy of bar.foo.com' + type: string + enum: + - RequireIncludeSubDomains + - RequireNoIncludeSubDomains + - NoOpinion + maxAge: + description: maxAge is the delta time range in seconds during which hosts are regarded as HSTS hosts. If set to 0, it negates the effect, and hosts are removed as HSTS hosts. If set to 0 and includeSubdomains is specified, all subdomains of the host are also removed as HSTS hosts. maxAge is a time-to-live value, and if this policy is not refreshed on a client, the HSTS policy will eventually expire on that client. + type: object + properties: + largestMaxAge: + description: The largest allowed value (in seconds) of the RequiredHSTSPolicy max-age This value can be left unspecified, in which case no upper limit is enforced. + type: integer + format: int32 + maximum: 2147483647 + minimum: 0 + smallestMaxAge: + description: The smallest allowed value (in seconds) of the RequiredHSTSPolicy max-age Setting max-age=0 allows the deletion of an existing HSTS header from a host. This is a necessary tool for administrators to quickly correct mistakes. This value can be left unspecified, in which case no lower limit is enforced. + type: integer + format: int32 + maximum: 2147483647 + minimum: 0 + namespaceSelector: + description: namespaceSelector specifies a label selector such that the policy applies only to those routes that are in namespaces with labels that match the selector, and are in one of the DomainPatterns. Defaults to the empty LabelSelector, which matches everything. + type: object + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + type: array + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + type: object + required: + - key + - operator + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + type: array + items: + type: string + matchLabels: + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + additionalProperties: + type: string + x-kubernetes-map-type: atomic + preloadPolicy: + description: preloadPolicy directs the client to include hosts in its host preload list so that it never needs to do an initial load to get the HSTS header (note that this is not defined in RFC 6797 and is therefore client implementation-dependent). + type: string + enum: + - RequirePreload + - RequireNoPreload + - NoOpinion + status: + description: status holds observed values from the cluster. They may not be overridden. + type: object + properties: + componentRoutes: + description: componentRoutes is where participating operators place the current route status for routes whose hostnames and serving certificates can be customized by the cluster-admin. + type: array + items: + description: ComponentRouteStatus contains information allowing configuration of a route's hostname and serving certificate. + type: object + required: + - defaultHostname + - name + - namespace + - relatedObjects + properties: + conditions: + description: "conditions are used to communicate the state of the componentRoutes entry. \n Supported conditions include Available, Degraded and Progressing. \n If available is true, the content served by the route can be accessed by users. This includes cases where a default may continue to serve content while the customized route specified by the cluster-admin is being configured. \n If Degraded is true, that means something has gone wrong trying to handle the componentRoutes entry. The currentHostnames field may or may not be in effect. \n If Progressing is true, that means the component is taking some action related to the componentRoutes entry." + type: array + items: + description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + type: object + required: + - lastTransitionTime + - message + - reason + - status + - type + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + type: string + format: date-time + message: + description: message is a human readable message indicating details about the transition. This may be an empty string. + type: string + maxLength: 32768 + observedGeneration: + description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + type: integer + format: int64 + minimum: 0 + reason: + description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. + type: string + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + status: + description: status of the condition, one of True, False, Unknown. + type: string + enum: + - "True" + - "False" + - Unknown + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + type: string + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + consumingUsers: + description: consumingUsers is a slice of ServiceAccounts that need to have read permission on the servingCertKeyPairSecret secret. + type: array + maxItems: 5 + items: + description: ConsumingUser is an alias for string which we add validation to. Currently only service accounts are supported. + type: string + maxLength: 512 + minLength: 1 + pattern: ^system:serviceaccount:[a-z0-9]([-a-z0-9]*[a-z0-9])?:[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + currentHostnames: + description: currentHostnames is the list of current names used by the route. Typically, this list should consist of a single hostname, but if multiple hostnames are supported by the route the operator may write multiple entries to this list. + type: array + minItems: 1 + items: + description: "Hostname is an alias for hostname string validation. \n The left operand of the | is the original kubebuilder hostname validation format, which is incorrect because it allows upper case letters, disallows hyphen or number in the TLD, and allows labels to start/end in non-alphanumeric characters. See https://bugzilla.redhat.com/show_bug.cgi?id=2039256. ^([a-zA-Z0-9\\p{S}\\p{L}]((-?[a-zA-Z0-9\\p{S}\\p{L}]{0,62})?)|([a-zA-Z0-9\\p{S}\\p{L}](([a-zA-Z0-9-\\p{S}\\p{L}]{0,61}[a-zA-Z0-9\\p{S}\\p{L}])?)(\\.)){1,}([a-zA-Z\\p{L}]){2,63})$ \n The right operand of the | is a new pattern that mimics the current API route admission validation on hostname, except that it allows hostnames longer than the maximum length: ^(([a-z0-9][-a-z0-9]{0,61}[a-z0-9]|[a-z0-9]{1,63})[\\.]){0,}([a-z0-9][-a-z0-9]{0,61}[a-z0-9]|[a-z0-9]{1,63})$ \n Both operand patterns are made available so that modifications on ingress spec can still happen after an invalid hostname was saved via validation by the incorrect left operand of the | operator." + type: string + pattern: ^([a-zA-Z0-9\p{S}\p{L}]((-?[a-zA-Z0-9\p{S}\p{L}]{0,62})?)|([a-zA-Z0-9\p{S}\p{L}](([a-zA-Z0-9-\p{S}\p{L}]{0,61}[a-zA-Z0-9\p{S}\p{L}])?)(\.)){1,}([a-zA-Z\p{L}]){2,63})$|^(([a-z0-9][-a-z0-9]{0,61}[a-z0-9]|[a-z0-9]{1,63})[\.]){0,}([a-z0-9][-a-z0-9]{0,61}[a-z0-9]|[a-z0-9]{1,63})$ + defaultHostname: + description: defaultHostname is the hostname of this route prior to customization. + type: string + pattern: ^([a-zA-Z0-9\p{S}\p{L}]((-?[a-zA-Z0-9\p{S}\p{L}]{0,62})?)|([a-zA-Z0-9\p{S}\p{L}](([a-zA-Z0-9-\p{S}\p{L}]{0,61}[a-zA-Z0-9\p{S}\p{L}])?)(\.)){1,}([a-zA-Z\p{L}]){2,63})$|^(([a-z0-9][-a-z0-9]{0,61}[a-z0-9]|[a-z0-9]{1,63})[\.]){0,}([a-z0-9][-a-z0-9]{0,61}[a-z0-9]|[a-z0-9]{1,63})$ + name: + description: "name is the logical name of the route to customize. It does not have to be the actual name of a route resource but it cannot be renamed. \n The namespace and name of this componentRoute must match a corresponding entry in the list of spec.componentRoutes if the route is to be customized." + type: string + maxLength: 256 + minLength: 1 + namespace: + description: "namespace is the namespace of the route to customize. It must be a real namespace. Using an actual namespace ensures that no two components will conflict and the same component can be installed multiple times. \n The namespace and name of this componentRoute must match a corresponding entry in the list of spec.componentRoutes if the route is to be customized." + type: string + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + relatedObjects: + description: relatedObjects is a list of resources which are useful when debugging or inspecting how spec.componentRoutes is applied. + type: array + minItems: 1 + items: + description: ObjectReference contains enough information to let you inspect or modify the referred object. + type: object + required: + - group + - name + - resource + properties: + group: + description: group of the referent. + type: string + name: + description: name of the referent. + type: string + namespace: + description: namespace of the referent. + type: string + resource: + description: resource of the referent. + type: string + x-kubernetes-list-map-keys: + - namespace + - name + x-kubernetes-list-type: map + defaultPlacement: + description: "defaultPlacement is set at installation time to control which nodes will host the ingress router pods by default. The options are control-plane nodes or worker nodes. \n This field works by dictating how the Cluster Ingress Operator will consider unset replicas and nodePlacement fields in IngressController resources when creating the corresponding Deployments. \n See the documentation for the IngressController replicas and nodePlacement fields for more information. \n When omitted, the default value is Workers" + type: string + enum: + - ControlPlane + - Workers + - "" + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_network.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_network.crd.yaml new file mode 100644 index 0000000000..c011785061 --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_network.crd.yaml @@ -0,0 +1,163 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/470 + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" + name: networks.config.openshift.io +spec: + group: config.openshift.io + names: + kind: Network + listKind: NetworkList + plural: networks + singular: network + preserveUnknownFields: false + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: "Network holds cluster-wide information about Network. The canonical name is `cluster`. It is used to configure the desired network configuration, such as: IP address pools for services/pod IPs, network plugin, etc. Please view network.spec for an explanation on what applies when configuring this resource. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration. As a general rule, this SHOULD NOT be read directly. Instead, you should consume the NetworkStatus, as it indicates the currently deployed configuration. Currently, most spec fields are immutable after installation. Please view the individual ones for further details on each. + type: object + properties: + clusterNetwork: + description: IP address pool to use for pod IPs. This field is immutable after installation. + type: array + items: + description: ClusterNetworkEntry is a contiguous block of IP addresses from which pod IPs are allocated. + type: object + properties: + cidr: + description: The complete block for pod IPs. + type: string + hostPrefix: + description: The size (prefix) of block to allocate to each node. If this field is not used by the plugin, it can be left unset. + type: integer + format: int32 + minimum: 0 + externalIP: + description: externalIP defines configuration for controllers that affect Service.ExternalIP. If nil, then ExternalIP is not allowed to be set. + type: object + properties: + autoAssignCIDRs: + description: autoAssignCIDRs is a list of CIDRs from which to automatically assign Service.ExternalIP. These are assigned when the service is of type LoadBalancer. In general, this is only useful for bare-metal clusters. In Openshift 3.x, this was misleadingly called "IngressIPs". Automatically assigned External IPs are not affected by any ExternalIPPolicy rules. Currently, only one entry may be provided. + type: array + items: + type: string + policy: + description: policy is a set of restrictions applied to the ExternalIP field. If nil or empty, then ExternalIP is not allowed to be set. + type: object + properties: + allowedCIDRs: + description: allowedCIDRs is the list of allowed CIDRs. + type: array + items: + type: string + rejectedCIDRs: + description: rejectedCIDRs is the list of disallowed CIDRs. These take precedence over allowedCIDRs. + type: array + items: + type: string + networkType: + description: 'NetworkType is the plugin that is to be deployed (e.g. OpenShiftSDN). This should match a value that the cluster-network-operator understands, or else no networking will be installed. Currently supported values are: - OpenShiftSDN This field is immutable after installation.' + type: string + serviceNetwork: + description: IP address pool for services. Currently, we only support a single entry here. This field is immutable after installation. + type: array + items: + type: string + serviceNodePortRange: + description: The port range allowed for Services of type NodePort. If not specified, the default of 30000-32767 will be used. Such Services without a NodePort specified will have one automatically allocated from this range. This parameter can be updated after the cluster is installed. + type: string + pattern: ^([0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])-([0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ + status: + description: status holds observed values from the cluster. They may not be overridden. + type: object + properties: + clusterNetwork: + description: IP address pool to use for pod IPs. + type: array + items: + description: ClusterNetworkEntry is a contiguous block of IP addresses from which pod IPs are allocated. + type: object + properties: + cidr: + description: The complete block for pod IPs. + type: string + hostPrefix: + description: The size (prefix) of block to allocate to each node. If this field is not used by the plugin, it can be left unset. + type: integer + format: int32 + minimum: 0 + clusterNetworkMTU: + description: ClusterNetworkMTU is the MTU for inter-pod networking. + type: integer + migration: + description: Migration contains the cluster network migration configuration. + type: object + properties: + mtu: + description: MTU contains the MTU migration configuration. + type: object + properties: + machine: + description: Machine contains MTU migration configuration for the machine's uplink. + type: object + properties: + from: + description: From is the MTU to migrate from. + type: integer + format: int32 + minimum: 0 + to: + description: To is the MTU to migrate to. + type: integer + format: int32 + minimum: 0 + network: + description: Network contains MTU migration configuration for the default network. + type: object + properties: + from: + description: From is the MTU to migrate from. + type: integer + format: int32 + minimum: 0 + to: + description: To is the MTU to migrate to. + type: integer + format: int32 + minimum: 0 + networkType: + description: 'NetworkType is the target plugin that is to be deployed. Currently supported values are: OpenShiftSDN, OVNKubernetes' + type: string + enum: + - OpenShiftSDN + - OVNKubernetes + networkType: + description: NetworkType is the plugin that is deployed (e.g. OpenShiftSDN). + type: string + serviceNetwork: + description: IP address pool for services. Currently, we only support a single entry here. + type: array + items: + type: string + served: true + storage: true diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_node.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_node.crd.yaml new file mode 100644 index 0000000000..a4ef368c2c --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_node.crd.yaml @@ -0,0 +1,59 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/1107 + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" + name: nodes.config.openshift.io +spec: + group: config.openshift.io + names: + kind: Node + listKind: NodeList + plural: nodes + singular: node + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: "Node holds cluster-wide information about node specific features. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + type: object + properties: + cgroupMode: + description: CgroupMode determines the cgroups version on the node + type: string + enum: + - v1 + - v2 + - "" + workerLatencyProfile: + description: WorkerLatencyProfile determins the how fast the kubelet is updating the status and corresponding reaction of the cluster + type: string + enum: + - Default + - MediumUpdateAverageReaction + - LowUpdateSlowReaction + status: + description: status holds observed values. + type: object + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_oauth.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_oauth.crd.yaml new file mode 100644 index 0000000000..ba5ab8327e --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_oauth.crd.yaml @@ -0,0 +1,444 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/470 + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" + name: oauths.config.openshift.io +spec: + group: config.openshift.io + names: + kind: OAuth + listKind: OAuthList + plural: oauths + singular: oauth + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: "OAuth holds cluster-wide information about OAuth. The canonical name is `cluster`. It is used to configure the integrated OAuth server. This configuration is only honored when the top level Authentication config has type set to IntegratedOAuth. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + type: object + properties: + identityProviders: + description: identityProviders is an ordered list of ways for a user to identify themselves. When this list is empty, no identities are provisioned for users. + type: array + items: + description: IdentityProvider provides identities for users authenticating using credentials + type: object + properties: + basicAuth: + description: basicAuth contains configuration options for the BasicAuth IdP + type: object + properties: + ca: + description: ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key "ca.crt" is used to locate the data. If specified and the config map or expected key is not found, the identity provider is not honored. If the specified ca data is not valid, the identity provider is not honored. If empty, the default system roots are used. The namespace for this config map is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced config map + type: string + tlsClientCert: + description: tlsClientCert is an optional reference to a secret by name that contains the PEM-encoded TLS client certificate to present when connecting to the server. The key "tls.crt" is used to locate the data. If specified and the secret or expected key is not found, the identity provider is not honored. If the specified certificate data is not valid, the identity provider is not honored. The namespace for this secret is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced secret + type: string + tlsClientKey: + description: tlsClientKey is an optional reference to a secret by name that contains the PEM-encoded TLS private key for the client certificate referenced in tlsClientCert. The key "tls.key" is used to locate the data. If specified and the secret or expected key is not found, the identity provider is not honored. If the specified certificate data is not valid, the identity provider is not honored. The namespace for this secret is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced secret + type: string + url: + description: url is the remote URL to connect to + type: string + github: + description: github enables user authentication using GitHub credentials + type: object + properties: + ca: + description: ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key "ca.crt" is used to locate the data. If specified and the config map or expected key is not found, the identity provider is not honored. If the specified ca data is not valid, the identity provider is not honored. If empty, the default system roots are used. This can only be configured when hostname is set to a non-empty value. The namespace for this config map is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced config map + type: string + clientID: + description: clientID is the oauth client ID + type: string + clientSecret: + description: clientSecret is a required reference to the secret by name containing the oauth client secret. The key "clientSecret" is used to locate the data. If the secret or expected key is not found, the identity provider is not honored. The namespace for this secret is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced secret + type: string + hostname: + description: hostname is the optional domain (e.g. "mycompany.com") for use with a hosted instance of GitHub Enterprise. It must match the GitHub Enterprise settings value configured at /setup/settings#hostname. + type: string + organizations: + description: organizations optionally restricts which organizations are allowed to log in + type: array + items: + type: string + teams: + description: teams optionally restricts which teams are allowed to log in. Format is /. + type: array + items: + type: string + gitlab: + description: gitlab enables user authentication using GitLab credentials + type: object + properties: + ca: + description: ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key "ca.crt" is used to locate the data. If specified and the config map or expected key is not found, the identity provider is not honored. If the specified ca data is not valid, the identity provider is not honored. If empty, the default system roots are used. The namespace for this config map is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced config map + type: string + clientID: + description: clientID is the oauth client ID + type: string + clientSecret: + description: clientSecret is a required reference to the secret by name containing the oauth client secret. The key "clientSecret" is used to locate the data. If the secret or expected key is not found, the identity provider is not honored. The namespace for this secret is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced secret + type: string + url: + description: url is the oauth server base URL + type: string + google: + description: google enables user authentication using Google credentials + type: object + properties: + clientID: + description: clientID is the oauth client ID + type: string + clientSecret: + description: clientSecret is a required reference to the secret by name containing the oauth client secret. The key "clientSecret" is used to locate the data. If the secret or expected key is not found, the identity provider is not honored. The namespace for this secret is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced secret + type: string + hostedDomain: + description: hostedDomain is the optional Google App domain (e.g. "mycompany.com") to restrict logins to + type: string + htpasswd: + description: htpasswd enables user authentication using an HTPasswd file to validate credentials + type: object + properties: + fileData: + description: fileData is a required reference to a secret by name containing the data to use as the htpasswd file. The key "htpasswd" is used to locate the data. If the secret or expected key is not found, the identity provider is not honored. If the specified htpasswd data is not valid, the identity provider is not honored. The namespace for this secret is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced secret + type: string + keystone: + description: keystone enables user authentication using keystone password credentials + type: object + properties: + ca: + description: ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key "ca.crt" is used to locate the data. If specified and the config map or expected key is not found, the identity provider is not honored. If the specified ca data is not valid, the identity provider is not honored. If empty, the default system roots are used. The namespace for this config map is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced config map + type: string + domainName: + description: domainName is required for keystone v3 + type: string + tlsClientCert: + description: tlsClientCert is an optional reference to a secret by name that contains the PEM-encoded TLS client certificate to present when connecting to the server. The key "tls.crt" is used to locate the data. If specified and the secret or expected key is not found, the identity provider is not honored. If the specified certificate data is not valid, the identity provider is not honored. The namespace for this secret is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced secret + type: string + tlsClientKey: + description: tlsClientKey is an optional reference to a secret by name that contains the PEM-encoded TLS private key for the client certificate referenced in tlsClientCert. The key "tls.key" is used to locate the data. If specified and the secret or expected key is not found, the identity provider is not honored. If the specified certificate data is not valid, the identity provider is not honored. The namespace for this secret is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced secret + type: string + url: + description: url is the remote URL to connect to + type: string + ldap: + description: ldap enables user authentication using LDAP credentials + type: object + properties: + attributes: + description: attributes maps LDAP attributes to identities + type: object + properties: + email: + description: email is the list of attributes whose values should be used as the email address. Optional. If unspecified, no email is set for the identity + type: array + items: + type: string + id: + description: id is the list of attributes whose values should be used as the user ID. Required. First non-empty attribute is used. At least one attribute is required. If none of the listed attribute have a value, authentication fails. LDAP standard identity attribute is "dn" + type: array + items: + type: string + name: + description: name is the list of attributes whose values should be used as the display name. Optional. If unspecified, no display name is set for the identity LDAP standard display name attribute is "cn" + type: array + items: + type: string + preferredUsername: + description: preferredUsername is the list of attributes whose values should be used as the preferred username. LDAP standard login attribute is "uid" + type: array + items: + type: string + bindDN: + description: bindDN is an optional DN to bind with during the search phase. + type: string + bindPassword: + description: bindPassword is an optional reference to a secret by name containing a password to bind with during the search phase. The key "bindPassword" is used to locate the data. If specified and the secret or expected key is not found, the identity provider is not honored. The namespace for this secret is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced secret + type: string + ca: + description: ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key "ca.crt" is used to locate the data. If specified and the config map or expected key is not found, the identity provider is not honored. If the specified ca data is not valid, the identity provider is not honored. If empty, the default system roots are used. The namespace for this config map is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced config map + type: string + insecure: + description: 'insecure, if true, indicates the connection should not use TLS WARNING: Should not be set to `true` with the URL scheme "ldaps://" as "ldaps://" URLs always attempt to connect using TLS, even when `insecure` is set to `true` When `true`, "ldap://" URLS connect insecurely. When `false`, "ldap://" URLs are upgraded to a TLS connection using StartTLS as specified in https://tools.ietf.org/html/rfc2830.' + type: boolean + url: + description: 'url is an RFC 2255 URL which specifies the LDAP search parameters to use. The syntax of the URL is: ldap://host:port/basedn?attribute?scope?filter' + type: string + mappingMethod: + description: mappingMethod determines how identities from this provider are mapped to users Defaults to "claim" + type: string + name: + description: 'name is used to qualify the identities returned by this provider. - It MUST be unique and not shared by any other identity provider used - It MUST be a valid path segment: name cannot equal "." or ".." or contain "/" or "%" or ":" Ref: https://godoc.org/github.com/openshift/origin/pkg/user/apis/user/validation#ValidateIdentityProviderName' + type: string + openID: + description: openID enables user authentication using OpenID credentials + type: object + properties: + ca: + description: ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key "ca.crt" is used to locate the data. If specified and the config map or expected key is not found, the identity provider is not honored. If the specified ca data is not valid, the identity provider is not honored. If empty, the default system roots are used. The namespace for this config map is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced config map + type: string + claims: + description: claims mappings + type: object + properties: + email: + description: email is the list of claims whose values should be used as the email address. Optional. If unspecified, no email is set for the identity + type: array + items: + type: string + x-kubernetes-list-type: atomic + groups: + description: groups is the list of claims value of which should be used to synchronize groups from the OIDC provider to OpenShift for the user. If multiple claims are specified, the first one with a non-empty value is used. + type: array + items: + description: OpenIDClaim represents a claim retrieved from an OpenID provider's tokens or userInfo responses + type: string + minLength: 1 + x-kubernetes-list-type: atomic + name: + description: name is the list of claims whose values should be used as the display name. Optional. If unspecified, no display name is set for the identity + type: array + items: + type: string + x-kubernetes-list-type: atomic + preferredUsername: + description: preferredUsername is the list of claims whose values should be used as the preferred username. If unspecified, the preferred username is determined from the value of the sub claim + type: array + items: + type: string + x-kubernetes-list-type: atomic + clientID: + description: clientID is the oauth client ID + type: string + clientSecret: + description: clientSecret is a required reference to the secret by name containing the oauth client secret. The key "clientSecret" is used to locate the data. If the secret or expected key is not found, the identity provider is not honored. The namespace for this secret is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced secret + type: string + extraAuthorizeParameters: + description: extraAuthorizeParameters are any custom parameters to add to the authorize request. + type: object + additionalProperties: + type: string + extraScopes: + description: extraScopes are any scopes to request in addition to the standard "openid" scope. + type: array + items: + type: string + issuer: + description: issuer is the URL that the OpenID Provider asserts as its Issuer Identifier. It must use the https scheme with no query or fragment component. + type: string + requestHeader: + description: requestHeader enables user authentication using request header credentials + type: object + properties: + ca: + description: ca is a required reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. Specifically, it allows verification of incoming requests to prevent header spoofing. The key "ca.crt" is used to locate the data. If the config map or expected key is not found, the identity provider is not honored. If the specified ca data is not valid, the identity provider is not honored. The namespace for this config map is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced config map + type: string + challengeURL: + description: challengeURL is a URL to redirect unauthenticated /authorize requests to Unauthenticated requests from OAuth clients which expect WWW-Authenticate challenges will be redirected here. ${url} is replaced with the current URL, escaped to be safe in a query parameter https://www.example.com/sso-login?then=${url} ${query} is replaced with the current query string https://www.example.com/auth-proxy/oauth/authorize?${query} Required when challenge is set to true. + type: string + clientCommonNames: + description: clientCommonNames is an optional list of common names to require a match from. If empty, any client certificate validated against the clientCA bundle is considered authoritative. + type: array + items: + type: string + emailHeaders: + description: emailHeaders is the set of headers to check for the email address + type: array + items: + type: string + headers: + description: headers is the set of headers to check for identity information + type: array + items: + type: string + loginURL: + description: loginURL is a URL to redirect unauthenticated /authorize requests to Unauthenticated requests from OAuth clients which expect interactive logins will be redirected here ${url} is replaced with the current URL, escaped to be safe in a query parameter https://www.example.com/sso-login?then=${url} ${query} is replaced with the current query string https://www.example.com/auth-proxy/oauth/authorize?${query} Required when login is set to true. + type: string + nameHeaders: + description: nameHeaders is the set of headers to check for the display name + type: array + items: + type: string + preferredUsernameHeaders: + description: preferredUsernameHeaders is the set of headers to check for the preferred username + type: array + items: + type: string + type: + description: type identifies the identity provider type for this entry. + type: string + x-kubernetes-list-type: atomic + templates: + description: templates allow you to customize pages like the login page. + type: object + properties: + error: + description: error is the name of a secret that specifies a go template to use to render error pages during the authentication or grant flow. The key "errors.html" is used to locate the template data. If specified and the secret or expected key is not found, the default error page is used. If the specified template is not valid, the default error page is used. If unspecified, the default error page is used. The namespace for this secret is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced secret + type: string + login: + description: login is the name of a secret that specifies a go template to use to render the login page. The key "login.html" is used to locate the template data. If specified and the secret or expected key is not found, the default login page is used. If the specified template is not valid, the default login page is used. If unspecified, the default login page is used. The namespace for this secret is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced secret + type: string + providerSelection: + description: providerSelection is the name of a secret that specifies a go template to use to render the provider selection page. The key "providers.html" is used to locate the template data. If specified and the secret or expected key is not found, the default provider selection page is used. If the specified template is not valid, the default provider selection page is used. If unspecified, the default provider selection page is used. The namespace for this secret is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced secret + type: string + tokenConfig: + description: tokenConfig contains options for authorization and access tokens + type: object + properties: + accessTokenInactivityTimeout: + description: "accessTokenInactivityTimeout defines the token inactivity timeout for tokens granted by any client. The value represents the maximum amount of time that can occur between consecutive uses of the token. Tokens become invalid if they are not used within this temporal window. The user will need to acquire a new token to regain access once a token times out. Takes valid time duration string such as \"5m\", \"1.5h\" or \"2h45m\". The minimum allowed value for duration is 300s (5 minutes). If the timeout is configured per client, then that value takes precedence. If the timeout value is not specified and the client does not override the value, then tokens are valid until their lifetime. \n WARNING: existing tokens' timeout will not be affected (lowered) by changing this value" + type: string + accessTokenInactivityTimeoutSeconds: + description: 'accessTokenInactivityTimeoutSeconds - DEPRECATED: setting this field has no effect.' + type: integer + format: int32 + accessTokenMaxAgeSeconds: + description: accessTokenMaxAgeSeconds defines the maximum age of access tokens + type: integer + format: int32 + status: + description: status holds observed values from the cluster. They may not be overridden. + type: object + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_project.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_project.crd.yaml new file mode 100644 index 0000000000..42f745c677 --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_project.crd.yaml @@ -0,0 +1,55 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/470 + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" + name: projects.config.openshift.io +spec: + group: config.openshift.io + names: + kind: Project + listKind: ProjectList + plural: projects + singular: project + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: "Project holds cluster-wide information about Project. The canonical name is `cluster` \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + type: object + properties: + projectRequestMessage: + description: projectRequestMessage is the string presented to a user if they are unable to request a project via the projectrequest api endpoint + type: string + projectRequestTemplate: + description: projectRequestTemplate is the template to use for creating projects in response to projectrequest. This must point to a template in 'openshift-config' namespace. It is optional. If it is not specified, a default template is used. + type: object + properties: + name: + description: name is the metadata.name of the referenced project request template + type: string + status: + description: status holds observed values from the cluster. They may not be overridden. + type: object + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_scheduler.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_scheduler.crd.yaml new file mode 100644 index 0000000000..f161bc4322 --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_scheduler.crd.yaml @@ -0,0 +1,68 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/470 + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" + name: schedulers.config.openshift.io +spec: + group: config.openshift.io + names: + kind: Scheduler + listKind: SchedulerList + plural: schedulers + singular: scheduler + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: "Scheduler holds cluster-wide config information to run the Kubernetes Scheduler and influence its placement decisions. The canonical name for this config is `cluster`. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + type: object + properties: + defaultNodeSelector: + description: 'defaultNodeSelector helps set the cluster-wide default node selector to restrict pod placement to specific nodes. This is applied to the pods created in all namespaces and creates an intersection with any existing nodeSelectors already set on a pod, additionally constraining that pod''s selector. For example, defaultNodeSelector: "type=user-node,region=east" would set nodeSelector field in pod spec to "type=user-node,region=east" to all pods created in all namespaces. Namespaces having project-wide node selectors won''t be impacted even if this field is set. This adds an annotation section to the namespace. For example, if a new namespace is created with node-selector=''type=user-node,region=east'', the annotation openshift.io/node-selector: type=user-node,region=east gets added to the project. When the openshift.io/node-selector annotation is set on the project the value is used in preference to the value we are setting for defaultNodeSelector field. For instance, openshift.io/node-selector: "type=user-node,region=west" means that the default of "type=user-node,region=east" set in defaultNodeSelector would not be applied.' + type: string + mastersSchedulable: + description: 'MastersSchedulable allows masters nodes to be schedulable. When this flag is turned on, all the master nodes in the cluster will be made schedulable, so that workload pods can run on them. The default value for this field is false, meaning none of the master nodes are schedulable. Important Note: Once the workload pods start running on the master nodes, extreme care must be taken to ensure that cluster-critical control plane components are not impacted. Please turn on this field after doing due diligence.' + type: boolean + policy: + description: 'DEPRECATED: the scheduler Policy API has been deprecated and will be removed in a future release. policy is a reference to a ConfigMap containing scheduler policy which has user specified predicates and priorities. If this ConfigMap is not available scheduler will default to use DefaultAlgorithmProvider. The namespace for this configmap is openshift-config.' + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced config map + type: string + profile: + description: "profile sets which scheduling profile should be set in order to configure scheduling decisions for new pods. \n Valid values are \"LowNodeUtilization\", \"HighNodeUtilization\", \"NoScoring\" Defaults to \"LowNodeUtilization\"" + type: string + enum: + - "" + - LowNodeUtilization + - HighNodeUtilization + - NoScoring + status: + description: status holds observed values from the cluster. They may not be overridden. + type: object + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/config/v1/Makefile b/vendor/github.com/openshift/api/config/v1/Makefile new file mode 100644 index 0000000000..66bf636305 --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/Makefile @@ -0,0 +1,3 @@ +.PHONY: test +test: + make -C ../../tests test GINKGO_EXTRA_ARGS=--focus="config.openshift.io/v1" diff --git a/vendor/github.com/openshift/api/config/v1/register.go b/vendor/github.com/openshift/api/config/v1/register.go index 35eace3701..61302592ea 100644 --- a/vendor/github.com/openshift/api/config/v1/register.go +++ b/vendor/github.com/openshift/api/config/v1/register.go @@ -52,6 +52,8 @@ func addKnownTypes(scheme *runtime.Scheme) error { &InfrastructureList{}, &Ingress{}, &IngressList{}, + &Node{}, + &NodeList{}, &Network{}, &NetworkList{}, &OAuth{}, @@ -64,6 +66,12 @@ func addKnownTypes(scheme *runtime.Scheme) error { &ProxyList{}, &Scheduler{}, &SchedulerList{}, + &ImageContentPolicy{}, + &ImageContentPolicyList{}, + &ImageDigestMirrorSet{}, + &ImageDigestMirrorSetList{}, + &ImageTagMirrorSet{}, + &ImageTagMirrorSetList{}, ) metav1.AddToGroupVersion(scheme, GroupVersion) return nil diff --git a/vendor/github.com/openshift/api/config/v1/stable.apiserver.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.apiserver.testsuite.yaml new file mode 100644 index 0000000000..5c28143d54 --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/stable.apiserver.testsuite.yaml @@ -0,0 +1,16 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "[Stable] APIServer" +crd: 0000_10_config-operator_01_apiserver.crd.yaml +tests: + onCreate: + - name: Should be able to create a minimal ClusterOperator + initial: | + apiVersion: config.openshift.io/v1 + kind: APIServer + spec: {} # No spec is required for a APIServer + expected: | + apiVersion: config.openshift.io/v1 + kind: APIServer + spec: + audit: + profile: Default diff --git a/vendor/github.com/openshift/api/config/v1/stable.authentication.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.authentication.testsuite.yaml new file mode 100644 index 0000000000..dec3667561 --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/stable.authentication.testsuite.yaml @@ -0,0 +1,14 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "[Stable] Authentication" +crd: 0000_10_config-operator_01_authentication.crd.yaml +tests: + onCreate: + - name: Should be able to create a minimal Authentication + initial: | + apiVersion: config.openshift.io/v1 + kind: Authentication + spec: {} # No spec is required for a Authentication + expected: | + apiVersion: config.openshift.io/v1 + kind: Authentication + spec: {} diff --git a/vendor/github.com/openshift/api/config/v1/stable.build.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.build.testsuite.yaml new file mode 100644 index 0000000000..cdd8a9b701 --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/stable.build.testsuite.yaml @@ -0,0 +1,14 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "[Stable] Build" +crd: 0000_10_config-operator_01_build.crd.yaml +tests: + onCreate: + - name: Should be able to create a minimal Build + initial: | + apiVersion: config.openshift.io/v1 + kind: Build + spec: {} # No spec is required for a Build + expected: | + apiVersion: config.openshift.io/v1 + kind: Build + spec: {} diff --git a/vendor/github.com/openshift/api/config/v1/stable.clusteroperator.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.clusteroperator.testsuite.yaml new file mode 100644 index 0000000000..177e8f6917 --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/stable.clusteroperator.testsuite.yaml @@ -0,0 +1,14 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "[Stable] ClusterOperator" +crd: 0000_00_cluster-version-operator_01_clusteroperator.crd.yaml +tests: + onCreate: + - name: Should be able to create a minimal ClusterOperator + initial: | + apiVersion: config.openshift.io/v1 + kind: ClusterOperator + spec: {} # No spec is required for a ClusterOperator + expected: | + apiVersion: config.openshift.io/v1 + kind: ClusterOperator + spec: {} diff --git a/vendor/github.com/openshift/api/config/v1/stable.clusterversion.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.clusterversion.testsuite.yaml new file mode 100644 index 0000000000..b966b29a88 --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/stable.clusterversion.testsuite.yaml @@ -0,0 +1,138 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "[Stable] ClusterVersion" +crd: 0000_00_cluster-version-operator_01_clusterversion.crd.yaml +tests: + onCreate: + - name: Should be able to create a minimal ClusterVersion + initial: | + apiVersion: config.openshift.io/v1 + kind: ClusterVersion + spec: + clusterID: foo + expected: | + apiVersion: config.openshift.io/v1 + kind: ClusterVersion + spec: + clusterID: foo + - name: Should allow image to be set + initial: | + apiVersion: config.openshift.io/v1 + kind: ClusterVersion + spec: + clusterID: foo + desiredUpdate: + image: bar + expected: | + apiVersion: config.openshift.io/v1 + kind: ClusterVersion + spec: + clusterID: foo + desiredUpdate: + image: bar + - name: Should allow version to be set + initial: | + apiVersion: config.openshift.io/v1 + kind: ClusterVersion + spec: + clusterID: foo + desiredUpdate: + version: 4.11.1 + expected: | + apiVersion: config.openshift.io/v1 + kind: ClusterVersion + spec: + clusterID: foo + desiredUpdate: + version: 4.11.1 + - name: Should allow architecture to be empty + initial: | + apiVersion: config.openshift.io/v1 + kind: ClusterVersion + spec: + clusterID: foo + desiredUpdate: + architecture: "" + version: 4.11.1 + expected: | + apiVersion: config.openshift.io/v1 + kind: ClusterVersion + spec: + clusterID: foo + desiredUpdate: + architecture: "" + version: 4.11.1 + - name: Should allow architecture and version to be set + initial: | + apiVersion: config.openshift.io/v1 + kind: ClusterVersion + spec: + clusterID: foo + desiredUpdate: + architecture: Multi + version: 4.11.1 + expected: | + apiVersion: config.openshift.io/v1 + kind: ClusterVersion + spec: + clusterID: foo + desiredUpdate: + architecture: Multi + version: 4.11.1 + - name: Version must be set if architecture is set + initial: | + apiVersion: config.openshift.io/v1 + kind: ClusterVersion + spec: + clusterID: foo + desiredUpdate: + architecture: Multi + expectedError: "Version must be set if Architecture is set" + - name: Should not allow image and architecture to be set + initial: | + apiVersion: config.openshift.io/v1 + kind: ClusterVersion + spec: + clusterID: foo + desiredUpdate: + architecture: Multi + version: 4.11.1 + image: bar + expectedError: "cannot set both Architecture and Image" + onUpdate: + - name: Should not allow image to be set if architecture set + initial: | + apiVersion: config.openshift.io/v1 + kind: ClusterVersion + spec: + clusterID: foo + desiredUpdate: + architecture: Multi + version: 4.11.1 + updated: | + apiVersion: config.openshift.io/v1 + kind: ClusterVersion + spec: + clusterID: foo + desiredUpdate: + architecture: Multi + version: 4.11.1 + image: bar + expectedError: "cannot set both Architecture and Image" + - name: Should not allow architecture to be set if image set + initial: | + apiVersion: config.openshift.io/v1 + kind: ClusterVersion + spec: + clusterID: foo + desiredUpdate: + image: bar + updated: | + apiVersion: config.openshift.io/v1 + kind: ClusterVersion + spec: + clusterID: foo + desiredUpdate: + architecture: Multi + version: 4.11.1 + image: bar + expectedError: "cannot set both Architecture and Image" diff --git a/vendor/github.com/openshift/api/config/v1/stable.console.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.console.testsuite.yaml new file mode 100644 index 0000000000..0081816fc9 --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/stable.console.testsuite.yaml @@ -0,0 +1,14 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "[Stable] Console" +crd: 0000_10_config-operator_01_console.crd.yaml +tests: + onCreate: + - name: Should be able to create a minimal Console + initial: | + apiVersion: config.openshift.io/v1 + kind: Console + spec: {} # No spec is required for a Console + expected: | + apiVersion: config.openshift.io/v1 + kind: Console + spec: {} diff --git a/vendor/github.com/openshift/api/config/v1/stable.dns.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.dns.testsuite.yaml new file mode 100644 index 0000000000..c69f50050a --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/stable.dns.testsuite.yaml @@ -0,0 +1,14 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "[Stable] DNS" +crd: 0000_10_config-operator_01_dns.crd.yaml +tests: + onCreate: + - name: Should be able to create a minimal DNS + initial: | + apiVersion: config.openshift.io/v1 + kind: DNS + spec: {} # No spec is required for a DNS + expected: | + apiVersion: config.openshift.io/v1 + kind: DNS + spec: {} diff --git a/vendor/github.com/openshift/api/config/v1/stable.featuregate.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.featuregate.testsuite.yaml new file mode 100644 index 0000000000..6b6a4327a6 --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/stable.featuregate.testsuite.yaml @@ -0,0 +1,14 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "[Stable] FeatureGate" +crd: 0000_10_config-operator_01_featuregate.crd.yaml +tests: + onCreate: + - name: Should be able to create a minimal FeatureGate + initial: | + apiVersion: config.openshift.io/v1 + kind: FeatureGate + spec: {} # No spec is required for a FeatureGate + expected: | + apiVersion: config.openshift.io/v1 + kind: FeatureGate + spec: {} diff --git a/vendor/github.com/openshift/api/config/v1/stable.image.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.image.testsuite.yaml new file mode 100644 index 0000000000..6bfbb820ff --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/stable.image.testsuite.yaml @@ -0,0 +1,14 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "[Stable] Image" +crd: 0000_10_config-operator_01_image.crd.yaml +tests: + onCreate: + - name: Should be able to create a minimal Image + initial: | + apiVersion: config.openshift.io/v1 + kind: Image + spec: {} # No spec is required for a Image + expected: | + apiVersion: config.openshift.io/v1 + kind: Image + spec: {} diff --git a/vendor/github.com/openshift/api/config/v1/stable.imagecontentpolicy.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.imagecontentpolicy.testsuite.yaml new file mode 100644 index 0000000000..bffdb6bcda --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/stable.imagecontentpolicy.testsuite.yaml @@ -0,0 +1,14 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "[Stable] ImageContentPolicy" +crd: 0000_10_config-operator_01_imagecontentpolicy.crd.yaml +tests: + onCreate: + - name: Should be able to create a minimal ImageContentPolicy + initial: | + apiVersion: config.openshift.io/v1 + kind: ImageContentPolicy + spec: {} # No spec is required for a ImageContentPolicy + expected: | + apiVersion: config.openshift.io/v1 + kind: ImageContentPolicy + spec: {} diff --git a/vendor/github.com/openshift/api/config/v1/stable.imagedigestmirrorset.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.imagedigestmirrorset.testsuite.yaml new file mode 100644 index 0000000000..c25b1696bc --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/stable.imagedigestmirrorset.testsuite.yaml @@ -0,0 +1,14 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "[Stable] ImageDigestMirrorSet" +crd: 0000_10_config-operator_01_imagedigestmirrorset.crd.yaml +tests: + onCreate: + - name: Should be able to create a minimal ImageDigestMirrorSet + initial: | + apiVersion: config.openshift.io/v1 + kind: ImageDigestMirrorSet + spec: {} # No spec is required for a ImageDigestMirrorSet + expected: | + apiVersion: config.openshift.io/v1 + kind: ImageDigestMirrorSet + spec: {} diff --git a/vendor/github.com/openshift/api/config/v1/stable.imagetagmirrorset.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.imagetagmirrorset.testsuite.yaml new file mode 100644 index 0000000000..de91eb2c59 --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/stable.imagetagmirrorset.testsuite.yaml @@ -0,0 +1,14 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "[Stable] ImageTagMirrorSet" +crd: 0000_10_config-operator_01_imagetagmirrorset.crd.yaml +tests: + onCreate: + - name: Should be able to create a minimal ImageTagMirrorSet + initial: | + apiVersion: config.openshift.io/v1 + kind: ImageTagMirrorSet + spec: {} # No spec is required for a ImageTagMirrorSet + expected: | + apiVersion: config.openshift.io/v1 + kind: ImageTagMirrorSet + spec: {} diff --git a/vendor/github.com/openshift/api/config/v1/stable.infrastructure.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.infrastructure.testsuite.yaml new file mode 100644 index 0000000000..bbafe4c478 --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/stable.infrastructure.testsuite.yaml @@ -0,0 +1,58 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "[Stable] Infrastructure" +crd: 0000_10_config-operator_01_infrastructure-Default.crd.yaml +tests: + onCreate: + - name: Should be able to create a minimal Infrastructure + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} # No spec is required for a Infrastructure + expected: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + onUpdate: + - name: Should be able to change External platformName from unknown to something else + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: + platformSpec: + type: External + external: + platformName: Unknown + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: + platformSpec: + type: External + external: + platformName: M&PCloud + expected: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: + platformSpec: + type: External + external: + platformName: M&PCloud + - name: Should not be able to change External platformName once it was set + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: + platformSpec: + type: External + external: + platformName: M&PCloud + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: + platformSpec: + type: External + external: + platformName: SomeOtherCoolplatformName + expectedError: " spec.platformSpec.external.platformName: Invalid value: \"string\": platform name cannot be changed once set" diff --git a/vendor/github.com/openshift/api/config/v1/stable.ingress.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.ingress.testsuite.yaml new file mode 100644 index 0000000000..90d48e8965 --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/stable.ingress.testsuite.yaml @@ -0,0 +1,14 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "[Stable] Ingress" +crd: 0000_10_config-operator_01_ingress.crd.yaml +tests: + onCreate: + - name: Should be able to create a minimal Ingress + initial: | + apiVersion: config.openshift.io/v1 + kind: Ingress + spec: {} # No spec is required for a Ingress + expected: | + apiVersion: config.openshift.io/v1 + kind: Ingress + spec: {} diff --git a/vendor/github.com/openshift/api/config/v1/stable.network.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.network.testsuite.yaml new file mode 100644 index 0000000000..e8a8bcfaf2 --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/stable.network.testsuite.yaml @@ -0,0 +1,14 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "[Stable] Network" +crd: 0000_10_config-operator_01_network.crd.yaml +tests: + onCreate: + - name: Should be able to create a minimal Network + initial: | + apiVersion: config.openshift.io/v1 + kind: Network + spec: {} # No spec is required for a Network + expected: | + apiVersion: config.openshift.io/v1 + kind: Network + spec: {} diff --git a/vendor/github.com/openshift/api/config/v1/stable.node.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.node.testsuite.yaml new file mode 100644 index 0000000000..d6502600bc --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/stable.node.testsuite.yaml @@ -0,0 +1,14 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "[Stable] Node" +crd: 0000_10_config-operator_01_node.crd.yaml +tests: + onCreate: + - name: Should be able to create a minimal Node + initial: | + apiVersion: config.openshift.io/v1 + kind: Node + spec: {} # No spec is required for a Node + expected: | + apiVersion: config.openshift.io/v1 + kind: Node + spec: {} diff --git a/vendor/github.com/openshift/api/config/v1/stable.oauth.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.oauth.testsuite.yaml new file mode 100644 index 0000000000..d33d2bc1b1 --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/stable.oauth.testsuite.yaml @@ -0,0 +1,14 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "[Stable] OAuth" +crd: 0000_10_config-operator_01_oauth.crd.yaml +tests: + onCreate: + - name: Should be able to create a minimal OAuth + initial: | + apiVersion: config.openshift.io/v1 + kind: OAuth + spec: {} # No spec is required for a OAuth + expected: | + apiVersion: config.openshift.io/v1 + kind: OAuth + spec: {} diff --git a/vendor/github.com/openshift/api/config/v1/stable.operatorhub.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.operatorhub.testsuite.yaml new file mode 100644 index 0000000000..9dd7a4c6d6 --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/stable.operatorhub.testsuite.yaml @@ -0,0 +1,14 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "[Stable] OperatorHub" +crd: 0000_03_marketplace-operator_01_operatorhub.crd.yaml +tests: + onCreate: + - name: Should be able to create a minimal OperatorHub + initial: | + apiVersion: config.openshift.io/v1 + kind: OperatorHub + spec: {} # No spec is required for a OperatorHub + expected: | + apiVersion: config.openshift.io/v1 + kind: OperatorHub + spec: {} diff --git a/vendor/github.com/openshift/api/config/v1/stable.project.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.project.testsuite.yaml new file mode 100644 index 0000000000..0144ad32f2 --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/stable.project.testsuite.yaml @@ -0,0 +1,14 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "[Stable] Project" +crd: 0000_10_config-operator_01_project.crd.yaml +tests: + onCreate: + - name: Should be able to create a minimal Project + initial: | + apiVersion: config.openshift.io/v1 + kind: Project + spec: {} # No spec is required for a Project + expected: | + apiVersion: config.openshift.io/v1 + kind: Project + spec: {} diff --git a/vendor/github.com/openshift/api/config/v1/stable.proxy.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.proxy.testsuite.yaml new file mode 100644 index 0000000000..d49b83247a --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/stable.proxy.testsuite.yaml @@ -0,0 +1,14 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "[Stable] Proxy" +crd: 0000_03_config-operator_01_proxy.crd.yaml +tests: + onCreate: + - name: Should be able to create a minimal Proxy + initial: | + apiVersion: config.openshift.io/v1 + kind: Proxy + spec: {} # No spec is required for a Proxy + expected: | + apiVersion: config.openshift.io/v1 + kind: Proxy + spec: {} diff --git a/vendor/github.com/openshift/api/config/v1/stable.scheduler.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.scheduler.testsuite.yaml new file mode 100644 index 0000000000..d9333b558c --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/stable.scheduler.testsuite.yaml @@ -0,0 +1,14 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "[Stable] Scheduler" +crd: 0000_10_config-operator_01_scheduler.crd.yaml +tests: + onCreate: + - name: Should be able to create a minimal Scheduler + initial: | + apiVersion: config.openshift.io/v1 + kind: Scheduler + spec: {} # No spec is required for a Scheduler + expected: | + apiVersion: config.openshift.io/v1 + kind: Scheduler + spec: {} diff --git a/vendor/github.com/openshift/api/config/v1/techpreview.infrastructure.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/techpreview.infrastructure.testsuite.yaml new file mode 100644 index 0000000000..23580beea3 --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/techpreview.infrastructure.testsuite.yaml @@ -0,0 +1,14 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "[TechPreviewNoUpgrade] Infrastructure" +crd: 0000_10_config-operator_01_infrastructure-TechPreviewNoUpgrade.crd.yaml +tests: + onCreate: + - name: Should be able to create a minimal Infrastructure + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} # No spec is required for a Infrastructure + expected: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} diff --git a/vendor/github.com/openshift/api/config/v1/types.go b/vendor/github.com/openshift/api/config/v1/types.go index ca36f67775..56d00648ee 100644 --- a/vendor/github.com/openshift/api/config/v1/types.go +++ b/vendor/github.com/openshift/api/config/v1/types.go @@ -167,6 +167,7 @@ type AdmissionPluginConfig struct { // Configuration is an embedded configuration object to be used as the plugin's // configuration. If present, it will be used instead of the path to the configuration file. // +nullable + // +kubebuilder:pruning:PreserveUnknownFields Configuration runtime.RawExtension `json:"configuration"` } @@ -210,6 +211,7 @@ type AuditConfig struct { // as the audit policy configuration. If present, it will be used instead of // the path to the policy file. // +nullable + // +kubebuilder:pruning:PreserveUnknownFields PolicyConfiguration runtime.RawExtension `json:"policyConfiguration"` // Format of saved audits (legacy or json). @@ -308,3 +310,91 @@ type DelegatedAuthorization struct { // disabled indicates that authorization should be disabled. By default it will use delegated authorization. Disabled bool `json:"disabled,omitempty"` } +type RequiredHSTSPolicy struct { + // namespaceSelector specifies a label selector such that the policy applies only to those routes that + // are in namespaces with labels that match the selector, and are in one of the DomainPatterns. + // Defaults to the empty LabelSelector, which matches everything. + // +optional + NamespaceSelector *metav1.LabelSelector `json:"namespaceSelector,omitempty"` + + // domainPatterns is a list of domains for which the desired HSTS annotations are required. + // If domainPatterns is specified and a route is created with a spec.host matching one of the domains, + // the route must specify the HSTS Policy components described in the matching RequiredHSTSPolicy. + // + // The use of wildcards is allowed like this: *.foo.com matches everything under foo.com. + // foo.com only matches foo.com, so to cover foo.com and everything under it, you must specify *both*. + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:Required + // +required + DomainPatterns []string `json:"domainPatterns"` + + // maxAge is the delta time range in seconds during which hosts are regarded as HSTS hosts. + // If set to 0, it negates the effect, and hosts are removed as HSTS hosts. + // If set to 0 and includeSubdomains is specified, all subdomains of the host are also removed as HSTS hosts. + // maxAge is a time-to-live value, and if this policy is not refreshed on a client, the HSTS + // policy will eventually expire on that client. + MaxAge MaxAgePolicy `json:"maxAge"` + + // preloadPolicy directs the client to include hosts in its host preload list so that + // it never needs to do an initial load to get the HSTS header (note that this is not defined + // in RFC 6797 and is therefore client implementation-dependent). + // +optional + PreloadPolicy PreloadPolicy `json:"preloadPolicy,omitempty"` + + // includeSubDomainsPolicy means the HSTS Policy should apply to any subdomains of the host's + // domain name. Thus, for the host bar.foo.com, if includeSubDomainsPolicy was set to RequireIncludeSubDomains: + // - the host app.bar.foo.com would inherit the HSTS Policy of bar.foo.com + // - the host bar.foo.com would inherit the HSTS Policy of bar.foo.com + // - the host foo.com would NOT inherit the HSTS Policy of bar.foo.com + // - the host def.foo.com would NOT inherit the HSTS Policy of bar.foo.com + // +optional + IncludeSubDomainsPolicy IncludeSubDomainsPolicy `json:"includeSubDomainsPolicy,omitempty"` +} + +// MaxAgePolicy contains a numeric range for specifying a compliant HSTS max-age for the enclosing RequiredHSTSPolicy +type MaxAgePolicy struct { + // The largest allowed value (in seconds) of the RequiredHSTSPolicy max-age + // This value can be left unspecified, in which case no upper limit is enforced. + // +kubebuilder:validation:Minimum=0 + // +kubebuilder:validation:Maximum=2147483647 + LargestMaxAge *int32 `json:"largestMaxAge,omitempty"` + + // The smallest allowed value (in seconds) of the RequiredHSTSPolicy max-age + // Setting max-age=0 allows the deletion of an existing HSTS header from a host. This is a necessary + // tool for administrators to quickly correct mistakes. + // This value can be left unspecified, in which case no lower limit is enforced. + // +kubebuilder:validation:Minimum=0 + // +kubebuilder:validation:Maximum=2147483647 + SmallestMaxAge *int32 `json:"smallestMaxAge,omitempty"` +} + +// PreloadPolicy contains a value for specifying a compliant HSTS preload policy for the enclosing RequiredHSTSPolicy +// +kubebuilder:validation:Enum=RequirePreload;RequireNoPreload;NoOpinion +type PreloadPolicy string + +const ( + // RequirePreloadPolicy means HSTS "preload" is required by the RequiredHSTSPolicy + RequirePreloadPolicy PreloadPolicy = "RequirePreload" + + // RequireNoPreloadPolicy means HSTS "preload" is forbidden by the RequiredHSTSPolicy + RequireNoPreloadPolicy PreloadPolicy = "RequireNoPreload" + + // NoOpinionPreloadPolicy means HSTS "preload" doesn't matter to the RequiredHSTSPolicy + NoOpinionPreloadPolicy PreloadPolicy = "NoOpinion" +) + +// IncludeSubDomainsPolicy contains a value for specifying a compliant HSTS includeSubdomains policy +// for the enclosing RequiredHSTSPolicy +// +kubebuilder:validation:Enum=RequireIncludeSubDomains;RequireNoIncludeSubDomains;NoOpinion +type IncludeSubDomainsPolicy string + +const ( + // RequireIncludeSubDomains means HSTS "includeSubDomains" is required by the RequiredHSTSPolicy + RequireIncludeSubDomains IncludeSubDomainsPolicy = "RequireIncludeSubDomains" + + // RequireNoIncludeSubDomains means HSTS "includeSubDomains" is forbidden by the RequiredHSTSPolicy + RequireNoIncludeSubDomains IncludeSubDomainsPolicy = "RequireNoIncludeSubDomains" + + // NoOpinionIncludeSubDomains means HSTS "includeSubDomains" doesn't matter to the RequiredHSTSPolicy + NoOpinionIncludeSubDomains IncludeSubDomainsPolicy = "NoOpinion" +) diff --git a/vendor/github.com/openshift/api/config/v1/types_apiserver.go b/vendor/github.com/openshift/api/config/v1/types_apiserver.go index ea76aec02c..31801aacf0 100644 --- a/vendor/github.com/openshift/api/config/v1/types_apiserver.go +++ b/vendor/github.com/openshift/api/config/v1/types_apiserver.go @@ -11,12 +11,17 @@ import ( // APIServer holds configuration (like serving certificates, client CA and CORS domains) // shared by all API servers in the system, among them especially kube-apiserver // and openshift-apiserver. The canonical name of an instance is 'cluster'. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type APIServer struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` + // spec holds user settable values for configuration // +kubebuilder:validation:Required // +required Spec APIServerSpec `json:"spec"` + // status holds observed values from the cluster. They may not be overridden. // +optional Status APIServerStatus `json:"status"` } @@ -39,6 +44,102 @@ type APIServerSpec struct { // The values are regular expressions that correspond to the Golang regular expression language. // +optional AdditionalCORSAllowedOrigins []string `json:"additionalCORSAllowedOrigins,omitempty"` + // encryption allows the configuration of encryption of resources at the datastore layer. + // +optional + Encryption APIServerEncryption `json:"encryption"` + // tlsSecurityProfile specifies settings for TLS connections for externally exposed servers. + // + // If unset, a default (which may change between releases) is chosen. Note that only Old, + // Intermediate and Custom profiles are currently supported, and the maximum available + // MinTLSVersions is VersionTLS12. + // +optional + TLSSecurityProfile *TLSSecurityProfile `json:"tlsSecurityProfile,omitempty"` + // audit specifies the settings for audit configuration to be applied to all OpenShift-provided + // API servers in the cluster. + // +optional + // +kubebuilder:default={profile: Default} + Audit Audit `json:"audit"` +} + +// AuditProfileType defines the audit policy profile type. +// +kubebuilder:validation:Enum=Default;WriteRequestBodies;AllRequestBodies;None +type AuditProfileType string + +const ( + // "None" disables audit logs. + NoneAuditProfileType AuditProfileType = "None" + + // "Default" is the existing default audit configuration policy. + DefaultAuditProfileType AuditProfileType = "Default" + + // "WriteRequestBodies" is similar to Default but it logs request and response + // HTTP payloads for write requests (create, update, patch) + WriteRequestBodiesAuditProfileType AuditProfileType = "WriteRequestBodies" + + // "AllRequestBodies" is similar to WriteRequestBodies, but also logs request + // and response HTTP payloads for read requests (get, list). + AllRequestBodiesAuditProfileType AuditProfileType = "AllRequestBodies" +) + +type Audit struct { + // profile specifies the name of the desired top-level audit profile to be applied to all requests + // sent to any of the OpenShift-provided API servers in the cluster (kube-apiserver, + // openshift-apiserver and oauth-apiserver), with the exception of those requests that match + // one or more of the customRules. + // + // The following profiles are provided: + // - Default: default policy which means MetaData level logging with the exception of events + // (not logged at all), oauthaccesstokens and oauthauthorizetokens (both logged at RequestBody + // level). + // - WriteRequestBodies: like 'Default', but logs request and response HTTP payloads for + // write requests (create, update, patch). + // - AllRequestBodies: like 'WriteRequestBodies', but also logs request and response + // HTTP payloads for read requests (get, list). + // - None: no requests are logged at all, not even oauthaccesstokens and oauthauthorizetokens. + // + // Warning: It is not recommended to disable audit logging by using the `None` profile unless you + // are fully aware of the risks of not logging data that can be beneficial when troubleshooting issues. + // If you disable audit logging and a support situation arises, you might need to enable audit logging + // and reproduce the issue in order to troubleshoot properly. + // + // If unset, the 'Default' profile is used as the default. + // + // +kubebuilder:default=Default + Profile AuditProfileType `json:"profile,omitempty"` + // customRules specify profiles per group. These profile take precedence over the + // top-level profile field if they apply. They are evaluation from top to bottom and + // the first one that matches, applies. + // +listType=map + // +listMapKey=group + // +optional + CustomRules []AuditCustomRule `json:"customRules,omitempty"` +} + +// AuditCustomRule describes a custom rule for an audit profile that takes precedence over +// the top-level profile. +type AuditCustomRule struct { + // group is a name of group a request user must be member of in order to this profile to apply. + // + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinLength=1 + // +required + Group string `json:"group"` + // profile specifies the name of the desired audit policy configuration to be deployed to + // all OpenShift-provided API servers in the cluster. + // + // The following profiles are provided: + // - Default: the existing default policy. + // - WriteRequestBodies: like 'Default', but logs request and response HTTP payloads for + // write requests (create, update, patch). + // - AllRequestBodies: like 'WriteRequestBodies', but also logs request and response + // HTTP payloads for read requests (get, list). + // - None: no requests are logged at all, not even oauthaccesstokens and oauthauthorizetokens. + // + // If unset, the 'Default' profile is used as the default. + // + // +kubebuilder:validation:Required + // +required + Profile AuditProfileType `json:"profile,omitempty"` } type APIServerServingCerts struct { @@ -63,11 +164,46 @@ type APIServerNamedServingCert struct { ServingCertificate SecretNameReference `json:"servingCertificate"` } +type APIServerEncryption struct { + // type defines what encryption type should be used to encrypt resources at the datastore layer. + // When this field is unset (i.e. when it is set to the empty string), identity is implied. + // The behavior of unset can and will change over time. Even if encryption is enabled by default, + // the meaning of unset may change to a different encryption type based on changes in best practices. + // + // When encryption is enabled, all sensitive resources shipped with the platform are encrypted. + // This list of sensitive resources can and will change over time. The current authoritative list is: + // + // 1. secrets + // 2. configmaps + // 3. routes.route.openshift.io + // 4. oauthaccesstokens.oauth.openshift.io + // 5. oauthauthorizetokens.oauth.openshift.io + // + // +unionDiscriminator + // +optional + Type EncryptionType `json:"type,omitempty"` +} + +// +kubebuilder:validation:Enum="";identity;aescbc +type EncryptionType string + +const ( + // identity refers to a type where no encryption is performed at the datastore layer. + // Resources are written as-is without encryption. + EncryptionTypeIdentity EncryptionType = "identity" + + // aescbc refers to a type where AES-CBC with PKCS#7 padding and a 32-byte key + // is used to perform encryption at the datastore layer. + EncryptionTypeAESCBC EncryptionType = "aescbc" +) + type APIServerStatus struct { } // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type APIServerList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata"` diff --git a/vendor/github.com/openshift/api/config/v1/types_authentication.go b/vendor/github.com/openshift/api/config/v1/types_authentication.go index 0722ddbfc7..f00baa163b 100644 --- a/vendor/github.com/openshift/api/config/v1/types_authentication.go +++ b/vendor/github.com/openshift/api/config/v1/types_authentication.go @@ -8,9 +8,11 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" // Authentication specifies cluster-wide settings for authentication (like OAuth and // webhook token authenticators). The canonical name of an instance is `cluster`. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type Authentication struct { - metav1.TypeMeta `json:",inline"` - // Standard object's metadata. + metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` // spec holds user settable values for configuration @@ -44,13 +46,26 @@ type AuthenticationSpec struct { // +optional OAuthMetadata ConfigMapNameReference `json:"oauthMetadata"` - // webhookTokenAuthenticators configures remote token reviewers. + // webhookTokenAuthenticators is DEPRECATED, setting it has no effect. + WebhookTokenAuthenticators []DeprecatedWebhookTokenAuthenticator `json:"webhookTokenAuthenticators,omitempty"` + + // webhookTokenAuthenticator configures a remote token reviewer. // These remote authentication webhooks can be used to verify bearer tokens - // via the tokenreviews.authentication.k8s.io REST API. This is required to + // via the tokenreviews.authentication.k8s.io REST API. This is required to // honor bearer tokens that are provisioned by an external authentication service. - // The namespace for these secrets is openshift-config. // +optional - WebhookTokenAuthenticators []WebhookTokenAuthenticator `json:"webhookTokenAuthenticators,omitempty"` + WebhookTokenAuthenticator *WebhookTokenAuthenticator `json:"webhookTokenAuthenticator,omitempty"` + + // serviceAccountIssuer is the identifier of the bound service account token + // issuer. + // The default is https://kubernetes.default.svc + // WARNING: Updating this field will not result in immediate invalidation of all bound tokens with the + // previous issuer value. Instead, the tokens issued by previous service account issuer will continue to + // be trusted for a time period chosen by the platform (currently set to 24h). + // This time period is subject to change over time. + // This allows internal components to transition to use new service account issuer without service distruption. + // +optional + ServiceAccountIssuer string `json:"serviceAccountIssuer"` } type AuthenticationStatus struct { @@ -75,9 +90,10 @@ type AuthenticationStatus struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type AuthenticationList struct { metav1.TypeMeta `json:",inline"` - // Standard object's metadata. metav1.ListMeta `json:"metadata"` Items []Authentication `json:"items"` @@ -99,8 +115,9 @@ const ( // AuthenticationTypeKeycloak AuthenticationType = "Keycloak" ) -// webhookTokenAuthenticator holds the necessary configuration options for a remote token authenticator -type WebhookTokenAuthenticator struct { +// deprecatedWebhookTokenAuthenticator holds the necessary configuration options for a remote token authenticator. +// It's the same as WebhookTokenAuthenticator but it's missing the 'required' validation on KubeConfig field. +type DeprecatedWebhookTokenAuthenticator struct { // kubeConfig contains kube config file data which describes how to access the remote webhook service. // For further details, see: // https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication @@ -111,6 +128,24 @@ type WebhookTokenAuthenticator struct { KubeConfig SecretNameReference `json:"kubeConfig"` } +// webhookTokenAuthenticator holds the necessary configuration options for a remote token authenticator +type WebhookTokenAuthenticator struct { + // kubeConfig references a secret that contains kube config file data which + // describes how to access the remote webhook service. + // The namespace for the referenced secret is openshift-config. + // + // For further details, see: + // + // https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication + // + // The key "kubeConfig" is used to locate the data. + // If the secret or expected key is not found, the webhook is not honored. + // If the specified kube config data is not valid, the webhook is not honored. + // +kubebuilder:validation:Required + // +required + KubeConfig SecretNameReference `json:"kubeConfig"` +} + const ( // OAuthMetadataKey is the key for the oauth authorization server metadata OAuthMetadataKey = "oauthMetadata" diff --git a/vendor/github.com/openshift/api/config/v1/types_build.go b/vendor/github.com/openshift/api/config/v1/types_build.go index fa4088ca7e..34f46a1f90 100644 --- a/vendor/github.com/openshift/api/config/v1/types_build.go +++ b/vendor/github.com/openshift/api/config/v1/types_build.go @@ -13,9 +13,13 @@ import ( // This includes default settings that can be overridden in BuildConfig objects, and overrides which are applied to all builds. // // The canonical name is "cluster" +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type Build struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` + // Spec holds user-settable values for the build controller configuration // +kubebuilder:validation:Required // +required @@ -96,13 +100,22 @@ type BuildOverrides struct { // tolerations set on a build pod. // +optional Tolerations []corev1.Toleration `json:"tolerations,omitempty"` + + // ForcePull overrides, if set, the equivalent value in the builds, + // i.e. false disables force pull for all builds, + // true enables force pull for all builds, + // independently of what each build specifies itself + // +optional + ForcePull *bool `json:"forcePull,omitempty"` } // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type BuildList struct { metav1.TypeMeta `json:",inline"` - // Standard object's metadata. metav1.ListMeta `json:"metadata"` - Items []Build `json:"items"` + + Items []Build `json:"items"` } diff --git a/vendor/github.com/openshift/api/config/v1/types_cluster_operator.go b/vendor/github.com/openshift/api/config/v1/types_cluster_operator.go index af2ce846ca..7ce85f811f 100644 --- a/vendor/github.com/openshift/api/config/v1/types_cluster_operator.go +++ b/vendor/github.com/openshift/api/config/v1/types_cluster_operator.go @@ -12,17 +12,20 @@ import ( // ClusterOperator is the Custom Resource object which holds the current state // of an operator. This object is used by operators to convey their state to // the rest of the cluster. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type ClusterOperator struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata"` - // spec hold the intent of how this operator should behave. + // spec holds configuration that could apply to any operator. // +kubebuilder:validation:Required // +required Spec ClusterOperatorSpec `json:"spec"` // status holds the information about the state of an operator. It is consistent with status information across - // the kube ecosystem. + // the Kubernetes ecosystem. // +optional Status ClusterOperatorStatus `json:"status"` } @@ -34,15 +37,15 @@ type ClusterOperatorSpec struct { // ClusterOperatorStatus provides information about the status of the operator. // +k8s:deepcopy-gen=true type ClusterOperatorStatus struct { - // conditions describes the state of the operator's reconciliation functionality. + // conditions describes the state of the operator's managed and monitored components. // +patchMergeKey=type // +patchStrategy=merge // +optional Conditions []ClusterOperatorStatusCondition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"` - // versions is a slice of operand version tuples. Operators which manage multiple operands will have multiple - // entries in the array. If an operator is Available, it must have at least one entry. You must report the version of - // the operator itself with the name "operator". + // versions is a slice of operator and operand version tuples. Operators which manage multiple operands will have multiple + // operand entries in the array. Available operators must report the version of the operator itself with the name "operator". + // An operator reports a new "operator" version when it has rolled out the new version to all of its operands. // +optional Versions []OperandVersion `json:"versions,omitempty"` @@ -57,29 +60,40 @@ type ClusterOperatorStatus struct { // operator which owns this status object. // +nullable // +optional + // +kubebuilder:pruning:PreserveUnknownFields Extension runtime.RawExtension `json:"extension"` } type OperandVersion struct { // name is the name of the particular operand this version is for. It usually matches container images, not operators. + // +kubebuilder:validation:Required + // +required Name string `json:"name"` - // version indicates which version of a particular operand is currently being manage. It must always match the Available - // condition. If 1.0.0 is Available, then this must indicate 1.0.0 even if the operator is trying to rollout + // version indicates which version of a particular operand is currently being managed. It must always match the Available + // operand. If 1.0.0 is Available, then this must indicate 1.0.0 even if the operator is trying to rollout // 1.1.0 + // +kubebuilder:validation:Required + // +required Version string `json:"version"` } // ObjectReference contains enough information to let you inspect or modify the referred object. type ObjectReference struct { // group of the referent. + // +kubebuilder:validation:Required + // +required Group string `json:"group"` // resource of the referent. + // +kubebuilder:validation:Required + // +required Resource string `json:"resource"` // namespace of the referent. // +optional Namespace string `json:"namespace,omitempty"` // name of the referent. + // +kubebuilder:validation:Required + // +required Name string `json:"name"` } @@ -96,52 +110,98 @@ const ( ) // ClusterOperatorStatusCondition represents the state of the operator's -// reconciliation functionality. +// managed and monitored components. // +k8s:deepcopy-gen=true type ClusterOperatorStatusCondition struct { - // type specifies the state of the operator's reconciliation functionality. + // type specifies the aspect reported by this condition. + // +kubebuilder:validation:Required + // +required Type ClusterStatusConditionType `json:"type"` // status of the condition, one of True, False, Unknown. + // +kubebuilder:validation:Required + // +required Status ConditionStatus `json:"status"` - // lastTransitionTime is the time of the last update to the current status object. + // lastTransitionTime is the time of the last update to the current status property. + // +kubebuilder:validation:Required + // +required LastTransitionTime metav1.Time `json:"lastTransitionTime"` - // reason is the reason for the condition's last transition. Reasons are CamelCase + // reason is the CamelCase reason for the condition's current status. + // +optional Reason string `json:"reason,omitempty"` // message provides additional information about the current condition. - // This is only to be consumed by humans. + // This is only to be consumed by humans. It may contain Line Feed + // characters (U+000A), which should be rendered as new lines. + // +optional Message string `json:"message,omitempty"` } -// ClusterStatusConditionType is the state of the operator's reconciliation functionality. +// ClusterStatusConditionType is an aspect of operator state. type ClusterStatusConditionType string const ( - // Available indicates that the binary maintained by the operator (eg: openshift-apiserver for the - // openshift-apiserver-operator), is functional and available in the cluster. + // Available indicates that the component (operator and all configured operands) + // is functional and available in the cluster. Available=False means at least + // part of the component is non-functional, and that the condition requires + // immediate administrator intervention. OperatorAvailable ClusterStatusConditionType = "Available" - // Progressing indicates that the operator is actively making changes to the binary maintained by the - // operator (eg: openshift-apiserver for the openshift-apiserver-operator). + // Progressing indicates that the component (operator and all configured operands) + // is actively rolling out new code, propagating config changes, or otherwise + // moving from one steady state to another. Operators should not report + // progressing when they are reconciling (without action) a previously known + // state. If the observed cluster state has changed and the component is + // reacting to it (scaling up for instance), Progressing should become true + // since it is moving from one steady state to another. OperatorProgressing ClusterStatusConditionType = "Progressing" - // Degraded indicates that the operand is not functioning completely. An example of a degraded state - // would be if there should be 5 copies of the operand running but only 4 are running. It may still be available, - // but it is degraded + // Degraded indicates that the component (operator and all configured operands) + // does not match its desired state over a period of time resulting in a lower + // quality of service. The period of time may vary by component, but a Degraded + // state represents persistent observation of a condition. As a result, a + // component should not oscillate in and out of Degraded state. A component may + // be Available even if its degraded. For example, a component may desire 3 + // running pods, but 1 pod is crash-looping. The component is Available but + // Degraded because it may have a lower quality of service. A component may be + // Progressing but not Degraded because the transition from one state to + // another does not persist over a long enough period to report Degraded. A + // component should not report Degraded during the course of a normal upgrade. + // A component may report Degraded in response to a persistent infrastructure + // failure that requires eventual administrator intervention. For example, if + // a control plane host is unhealthy and must be replaced. A component should + // report Degraded if unexpected errors occur over a period, but the + // expectation is that all unexpected errors are handled as operators mature. OperatorDegraded ClusterStatusConditionType = "Degraded" - // Upgradeable indicates whether the operator is in a state that is safe to upgrade. When status is `False` - // administrators should not upgrade their cluster and the message field should contain a human readable description - // of what the administrator should do to allow the operator to successfully update. A missing condition, True, - // and Unknown are all treated by the CVO as allowing an upgrade. + // Upgradeable indicates whether the component (operator and all configured + // operands) is safe to upgrade based on the current cluster state. When + // Upgradeable is False, the cluster-version operator will prevent the + // cluster from performing impacted updates unless forced. When set on + // ClusterVersion, the message will explain which updates (minor or patch) + // are impacted. When set on ClusterOperator, False will block minor + // OpenShift updates. The message field should contain a human readable + // description of what the administrator should do to allow the cluster or + // component to successfully update. The cluster-version operator will + // allow updates when this condition is not False, including when it is + // missing, True, or Unknown. OperatorUpgradeable ClusterStatusConditionType = "Upgradeable" + + // EvaluationConditionsDetected is used to indicate the result of the detection + // logic that was added to a component to evaluate the introduction of an + // invasive change that could potentially result in highly visible alerts, + // breakages or upgrade failures. You can concatenate multiple Reason using + // the "::" delimiter if you need to evaluate the introduction of multiple changes. + EvaluationConditionsDetected ClusterStatusConditionType = "EvaluationConditionsDetected" ) // ClusterOperatorList is a list of OperatorStatus resources. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +openshift:compatibility-gen:level=1 type ClusterOperatorList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata"` diff --git a/vendor/github.com/openshift/api/config/v1/types_cluster_version.go b/vendor/github.com/openshift/api/config/v1/types_cluster_version.go index c6c2e7e430..1a7697ad15 100644 --- a/vendor/github.com/openshift/api/config/v1/types_cluster_version.go +++ b/vendor/github.com/openshift/api/config/v1/types_cluster_version.go @@ -10,6 +10,9 @@ import ( // ClusterVersion is the configuration for the ClusterVersionOperator. This is where // parameters related to automatic updates can be set. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type ClusterVersion struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` @@ -33,6 +36,8 @@ type ClusterVersionSpec struct { // clusterID uniquely identifies this cluster. This is expected to be // an RFC4122 UUID value (xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx in // hexadecimal values). This is a required field. + // +kubebuilder:validation:Required + // +required ClusterID ClusterID `json:"clusterID"` // desiredUpdate is an optional field that indicates the desired value of @@ -40,8 +45,17 @@ type ClusterVersionSpec struct { // the current version does not match the desired version). The set of // recommended update values is listed as part of available updates in // status, and setting values outside that range may cause the upgrade - // to fail. You may specify the version field without setting image if - // an update exists with that version in the availableUpdates or history. + // to fail. + // + // Some of the fields are inter-related with restrictions and meanings described here. + // 1. image is specified, version is specified, architecture is specified. API validation error. + // 2. image is specified, version is specified, architecture is not specified. You should not do this. version is silently ignored and image is used. + // 3. image is specified, version is not specified, architecture is specified. API validation error. + // 4. image is specified, version is not specified, architecture is not specified. image is used. + // 5. image is not specified, version is specified, architecture is specified. version and desired architecture are used to select an image. + // 6. image is not specified, version is specified, architecture is not specified. version and current architecture are used to select an image. + // 7. image is not specified, version is not specified, architecture is specified. API validation error. + // 8. image is not specified, version is not specified, architecture is not specified. API validation error. // // If an upgrade fails the operator will halt and report status // about the failing component. Setting the desired update value back to @@ -63,6 +77,12 @@ type ClusterVersionSpec struct { // +optional Channel string `json:"channel,omitempty"` + // capabilities configures the installation of optional, core + // cluster components. A null value here is identical to an + // empty object; see the child properties for default semantics. + // +optional + Capabilities *ClusterVersionCapabilitiesSpec `json:"capabilities,omitempty"` + // overrides is list of overides for components that are managed by // cluster version operator. Marking a component unmanaged will prevent // the operator from creating or updating the object. @@ -80,7 +100,9 @@ type ClusterVersionStatus struct { // desired is the version that the cluster is reconciling towards. // If the cluster is not yet fully initialized desired will be set // with the information available, which may be an image or a tag. - Desired Update `json:"desired"` + // +kubebuilder:validation:Required + // +required + Desired Release `json:"desired"` // history contains a list of the most recent versions applied to the cluster. // This value may be empty during cluster startup, and then will be updated @@ -94,14 +116,21 @@ type ClusterVersionStatus struct { // observedGeneration reports which version of the spec is being synced. // If this value is not equal to metadata.generation, then the desired - // and conditions fields may represent from a previous version. + // and conditions fields may represent a previous version. + // +kubebuilder:validation:Required + // +required ObservedGeneration int64 `json:"observedGeneration"` // versionHash is a fingerprint of the content that the cluster will be // updated with. It is used by the operator to avoid unnecessary work // and is for internal use only. + // +kubebuilder:validation:Required + // +required VersionHash string `json:"versionHash"` + // capabilities describes the state of optional, core cluster components. + Capabilities ClusterVersionCapabilitiesStatus `json:"capabilities"` + // conditions provides information about the cluster version. The condition // "Available" is set to true if the desiredUpdate has been reached. The // condition "Progressing" is set to true if an update is being applied. @@ -112,12 +141,26 @@ type ClusterVersionStatus struct { // +optional Conditions []ClusterOperatorStatusCondition `json:"conditions,omitempty"` - // availableUpdates contains the list of updates that are appropriate - // for this cluster. This list may be empty if no updates are recommended, - // if the update service is unavailable, or if an invalid channel has - // been specified. + // availableUpdates contains updates recommended for this + // cluster. Updates which appear in conditionalUpdates but not in + // availableUpdates may expose this cluster to known issues. This list + // may be empty if no updates are recommended, if the update service + // is unavailable, or if an invalid channel has been specified. // +nullable - AvailableUpdates []Update `json:"availableUpdates"` + // +kubebuilder:validation:Required + // +required + AvailableUpdates []Release `json:"availableUpdates"` + + // conditionalUpdates contains the list of updates that may be + // recommended for this cluster if it meets specific required + // conditions. Consumers interested in the set of updates that are + // actually recommended for this cluster should use + // availableUpdates. This list may be empty if no updates are + // recommended, if the update service is unavailable, or if an empty + // or invalid channel has been specified. + // +listType=atomic + // +optional + ConditionalUpdates []ConditionalUpdate `json:"conditionalUpdates,omitempty"` } // UpdateState is a constant representing whether an update was successfully @@ -139,96 +182,460 @@ type UpdateHistory struct { // indicates the update is not fully applied, while the Completed state // indicates the update was successfully rolled out at least once (all // parts of the update successfully applied). + // +kubebuilder:validation:Required + // +required State UpdateState `json:"state"` // startedTime is the time at which the update was started. + // +kubebuilder:validation:Required + // +required StartedTime metav1.Time `json:"startedTime"` + // completionTime, if set, is when the update was fully applied. The update // that is currently being applied will have a null completion time. // Completion time will always be set for entries that are not the current // update (usually to the started time of the next update). + // +kubebuilder:validation:Required + // +required // +nullable CompletionTime *metav1.Time `json:"completionTime"` - // version is a semantic versioning identifying the update version. If the + // version is a semantic version identifying the update version. If the // requested image does not define a version, or if a failure occurs // retrieving the image, this value may be empty. // // +optional Version string `json:"version"` + // image is a container image location that contains the update. This value // is always populated. + // +kubebuilder:validation:Required + // +required Image string `json:"image"` + // verified indicates whether the provided update was properly verified // before it was installed. If this is false the cluster may not be trusted. + // Verified does not cover upgradeable checks that depend on the cluster + // state at the time when the update target was accepted. + // +kubebuilder:validation:Required + // +required Verified bool `json:"verified"` + + // acceptedRisks records risks which were accepted to initiate the update. + // For example, it may menition an Upgradeable=False or missing signature + // that was overriden via desiredUpdate.force, or an update that was + // initiated despite not being in the availableUpdates set of recommended + // update targets. + // +optional + AcceptedRisks string `json:"acceptedRisks,omitempty"` } // ClusterID is string RFC4122 uuid. type ClusterID string +// ClusterVersionArchitecture enumerates valid cluster architectures. +// +kubebuilder:validation:Enum="Multi";"" +type ClusterVersionArchitecture string + +const ( + // ClusterVersionArchitectureMulti identifies a multi architecture. A multi + // architecture cluster is capable of running nodes with multiple architectures. + ClusterVersionArchitectureMulti ClusterVersionArchitecture = "Multi" +) + +// ClusterVersionCapability enumerates optional, core cluster components. +// +kubebuilder:validation:Enum=openshift-samples;baremetal;marketplace;Console;Insights;Storage;CSISnapshot;NodeTuning +type ClusterVersionCapability string + +const ( + // ClusterVersionCapabilityOpenShiftSamples manages the sample + // image streams and templates stored in the openshift + // namespace, and any registry credentials, stored as a secret, + // needed for the image streams to import the images they + // reference. + ClusterVersionCapabilityOpenShiftSamples ClusterVersionCapability = "openshift-samples" + + // ClusterVersionCapabilityBaremetal manages the cluster + // baremetal operator which is responsible for running the metal3 + // deployment. + ClusterVersionCapabilityBaremetal ClusterVersionCapability = "baremetal" + + // ClusterVersionCapabilityMarketplace manages the Marketplace operator which + // supplies Operator Lifecycle Manager (OLM) users with default catalogs of + // "optional" operators. + ClusterVersionCapabilityMarketplace ClusterVersionCapability = "marketplace" + + // ClusterVersionCapabilityConsole manages the Console operator which + // installs and maintains the web console. + ClusterVersionCapabilityConsole ClusterVersionCapability = "Console" + + // ClusterVersionCapabilityInsights manages the Insights operator which + // collects anonymized information about the cluster to generate + // recommendations for possible cluster issues. + ClusterVersionCapabilityInsights ClusterVersionCapability = "Insights" + + // ClusterVersionCapabilityStorage manages the storage operator which + // is responsible for providing cluster-wide storage defaults + // WARNING: Do not disable this capability when deployed to + // RHEV and OpenStack without reading the docs. + // These clusters heavily rely on that capability and may cause + // damage to the cluster. + ClusterVersionCapabilityStorage ClusterVersionCapability = "Storage" + + // ClusterVersionCapabilityCSISnapshot manages the csi snapshot + // controller operator which is responsible for watching the + // VolumeSnapshot CRD objects and manages the creation and deletion + // lifecycle of volume snapshots + ClusterVersionCapabilityCSISnapshot ClusterVersionCapability = "CSISnapshot" + + // ClusterVersionCapabilityNodeTuning manages the Node Tuning Operator + // which is responsible for watching the Tuned and Profile CRD + // objects and manages the containerized TuneD daemon which controls + // system level tuning of Nodes + ClusterVersionCapabilityNodeTuning ClusterVersionCapability = "NodeTuning" +) + +// KnownClusterVersionCapabilities includes all known optional, core cluster components. +var KnownClusterVersionCapabilities = []ClusterVersionCapability{ + ClusterVersionCapabilityBaremetal, + ClusterVersionCapabilityConsole, + ClusterVersionCapabilityInsights, + ClusterVersionCapabilityMarketplace, + ClusterVersionCapabilityStorage, + ClusterVersionCapabilityOpenShiftSamples, + ClusterVersionCapabilityCSISnapshot, + ClusterVersionCapabilityNodeTuning, +} + +// ClusterVersionCapabilitySet defines sets of cluster version capabilities. +// +kubebuilder:validation:Enum=None;v4.11;v4.12;v4.13;vCurrent +type ClusterVersionCapabilitySet string + +const ( + // ClusterVersionCapabilitySetNone is an empty set enabling + // no optional capabilities. + ClusterVersionCapabilitySetNone ClusterVersionCapabilitySet = "None" + + // ClusterVersionCapabilitySet4_11 is the recommended set of + // optional capabilities to enable for the 4.11 version of + // OpenShift. This list will remain the same no matter which + // version of OpenShift is installed. + ClusterVersionCapabilitySet4_11 ClusterVersionCapabilitySet = "v4.11" + + // ClusterVersionCapabilitySet4_12 is the recommended set of + // optional capabilities to enable for the 4.12 version of + // OpenShift. This list will remain the same no matter which + // version of OpenShift is installed. + ClusterVersionCapabilitySet4_12 ClusterVersionCapabilitySet = "v4.12" + + // ClusterVersionCapabilitySet4_13 is the recommended set of + // optional capabilities to enable for the 4.13 version of + // OpenShift. This list will remain the same no matter which + // version of OpenShift is installed. + ClusterVersionCapabilitySet4_13 ClusterVersionCapabilitySet = "v4.13" + + // ClusterVersionCapabilitySetCurrent is the recommended set + // of optional capabilities to enable for the cluster's + // current version of OpenShift. + ClusterVersionCapabilitySetCurrent ClusterVersionCapabilitySet = "vCurrent" +) + +// ClusterVersionCapabilitySets defines sets of cluster version capabilities. +var ClusterVersionCapabilitySets = map[ClusterVersionCapabilitySet][]ClusterVersionCapability{ + ClusterVersionCapabilitySetNone: {}, + ClusterVersionCapabilitySet4_11: { + ClusterVersionCapabilityBaremetal, + ClusterVersionCapabilityMarketplace, + ClusterVersionCapabilityOpenShiftSamples, + }, + ClusterVersionCapabilitySet4_12: { + ClusterVersionCapabilityBaremetal, + ClusterVersionCapabilityConsole, + ClusterVersionCapabilityInsights, + ClusterVersionCapabilityMarketplace, + ClusterVersionCapabilityStorage, + ClusterVersionCapabilityOpenShiftSamples, + ClusterVersionCapabilityCSISnapshot, + }, + ClusterVersionCapabilitySet4_13: { + ClusterVersionCapabilityBaremetal, + ClusterVersionCapabilityConsole, + ClusterVersionCapabilityInsights, + ClusterVersionCapabilityMarketplace, + ClusterVersionCapabilityStorage, + ClusterVersionCapabilityOpenShiftSamples, + ClusterVersionCapabilityCSISnapshot, + ClusterVersionCapabilityNodeTuning, + }, + ClusterVersionCapabilitySetCurrent: { + ClusterVersionCapabilityBaremetal, + ClusterVersionCapabilityConsole, + ClusterVersionCapabilityInsights, + ClusterVersionCapabilityMarketplace, + ClusterVersionCapabilityStorage, + ClusterVersionCapabilityOpenShiftSamples, + ClusterVersionCapabilityCSISnapshot, + ClusterVersionCapabilityNodeTuning, + }, +} + +// ClusterVersionCapabilitiesSpec selects the managed set of +// optional, core cluster components. +// +k8s:deepcopy-gen=true +type ClusterVersionCapabilitiesSpec struct { + // baselineCapabilitySet selects an initial set of + // optional capabilities to enable, which can be extended via + // additionalEnabledCapabilities. If unset, the cluster will + // choose a default, and the default may change over time. + // The current default is vCurrent. + // +optional + BaselineCapabilitySet ClusterVersionCapabilitySet `json:"baselineCapabilitySet,omitempty"` + + // additionalEnabledCapabilities extends the set of managed + // capabilities beyond the baseline defined in + // baselineCapabilitySet. The default is an empty set. + // +listType=atomic + // +optional + AdditionalEnabledCapabilities []ClusterVersionCapability `json:"additionalEnabledCapabilities,omitempty"` +} + +// ClusterVersionCapabilitiesStatus describes the state of optional, +// core cluster components. +// +k8s:deepcopy-gen=true +type ClusterVersionCapabilitiesStatus struct { + // enabledCapabilities lists all the capabilities that are currently managed. + // +listType=atomic + // +optional + EnabledCapabilities []ClusterVersionCapability `json:"enabledCapabilities,omitempty"` + + // knownCapabilities lists all the capabilities known to the current cluster. + // +listType=atomic + // +optional + KnownCapabilities []ClusterVersionCapability `json:"knownCapabilities,omitempty"` +} + // ComponentOverride allows overriding cluster version operator's behavior // for a component. // +k8s:deepcopy-gen=true type ComponentOverride struct { // kind indentifies which object to override. + // +kubebuilder:validation:Required + // +required Kind string `json:"kind"` // group identifies the API group that the kind is in. + // +kubebuilder:validation:Required + // +required Group string `json:"group"` // namespace is the component's namespace. If the resource is cluster // scoped, the namespace should be empty. + // +kubebuilder:validation:Required + // +required Namespace string `json:"namespace"` // name is the component's name. + // +kubebuilder:validation:Required + // +required Name string `json:"name"` // unmanaged controls if cluster version operator should stop managing the // resources in this cluster. // Default: false + // +kubebuilder:validation:Required + // +required Unmanaged bool `json:"unmanaged"` } // URL is a thin wrapper around string that ensures the string is a valid URL. type URL string -// Update represents a release of the ClusterVersionOperator, referenced by the -// Image member. +// Update represents an administrator update request. +// +kubebuilder:validation:XValidation:rule="has(self.architecture) && has(self.image) ? (self.architecture == '' || self.image == '') : true",message="cannot set both Architecture and Image" +// +kubebuilder:validation:XValidation:rule="has(self.architecture) && self.architecture != '' ? self.version != '' : true",message="Version must be set if Architecture is set" // +k8s:deepcopy-gen=true type Update struct { - // version is a semantic versioning identifying the update version. When this - // field is part of spec, version is optional if image is specified. + // architecture is an optional field that indicates the desired + // value of the cluster architecture. In this context cluster + // architecture means either a single architecture or a multi + // architecture. architecture can only be set to Multi thereby + // only allowing updates from single to multi architecture. If + // architecture is set, image cannot be set and version must be + // set. + // Valid values are 'Multi' and empty. + // + // +optional + Architecture ClusterVersionArchitecture `json:"architecture"` + + // version is a semantic version identifying the update version. + // version is ignored if image is specified and required if + // architecture is specified. // // +optional Version string `json:"version"` - // image is a container image location that contains the update. When this - // field is part of spec, image is optional if version is specified and the - // availableUpdates field contains a matching version. + + // image is a container image location that contains the update. + // image should be used when the desired version does not exist in availableUpdates or history. + // When image is set, version is ignored. When image is set, version should be empty. + // When image is set, architecture cannot be specified. // // +optional Image string `json:"image"` + // force allows an administrator to update to an image that has failed - // verification, does not appear in the availableUpdates list, or otherwise - // would be blocked by normal protections on update. This option should only + // verification or upgradeable checks. This option should only // be used when the authenticity of the provided image has been verified out // of band because the provided image will run with full administrative access // to the cluster. Do not use this flag with images that comes from unknown // or potentially malicious sources. // - // This flag does not override other forms of consistency checking that are - // required before a new update is deployed. - // // +optional Force bool `json:"force"` } +// Release represents an OpenShift release image and associated metadata. +// +k8s:deepcopy-gen=true +type Release struct { + // version is a semantic version identifying the update version. When this + // field is part of spec, version is optional if image is specified. + // +required + Version string `json:"version"` + + // image is a container image location that contains the update. When this + // field is part of spec, image is optional if version is specified and the + // availableUpdates field contains a matching version. + // +required + Image string `json:"image"` + + // url contains information about this release. This URL is set by + // the 'url' metadata property on a release or the metadata returned by + // the update API and should be displayed as a link in user + // interfaces. The URL field may not be set for test or nightly + // releases. + // +optional + URL URL `json:"url,omitempty"` + + // channels is the set of Cincinnati channels to which the release + // currently belongs. + // +optional + Channels []string `json:"channels,omitempty"` +} + // RetrievedUpdates reports whether available updates have been retrieved from // the upstream update server. The condition is Unknown before retrieval, False // if the updates could not be retrieved or recently failed, or True if the // availableUpdates field is accurate and recent. const RetrievedUpdates ClusterStatusConditionType = "RetrievedUpdates" +// ConditionalUpdate represents an update which is recommended to some +// clusters on the version the current cluster is reconciling, but which +// may not be recommended for the current cluster. +type ConditionalUpdate struct { + // release is the target of the update. + // +kubebuilder:validation:Required + // +required + Release Release `json:"release"` + + // risks represents the range of issues associated with + // updating to the target release. The cluster-version + // operator will evaluate all entries, and only recommend the + // update if there is at least one entry and all entries + // recommend the update. + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinItems=1 + // +patchMergeKey=name + // +patchStrategy=merge + // +listType=map + // +listMapKey=name + // +required + Risks []ConditionalUpdateRisk `json:"risks" patchStrategy:"merge" patchMergeKey:"name"` + + // conditions represents the observations of the conditional update's + // current status. Known types are: + // * Evaluating, for whether the cluster-version operator will attempt to evaluate any risks[].matchingRules. + // * Recommended, for whether the update is recommended for the current cluster. + // +patchMergeKey=type + // +patchStrategy=merge + // +listType=map + // +listMapKey=type + Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` +} + +// ConditionalUpdateRisk represents a reason and cluster-state +// for not recommending a conditional update. +// +k8s:deepcopy-gen=true +type ConditionalUpdateRisk struct { + // url contains information about this risk. + // +kubebuilder:validation:Required + // +kubebuilder:validation:Format=uri + // +kubebuilder:validation:MinLength=1 + // +required + URL string `json:"url"` + + // name is the CamelCase reason for not recommending a + // conditional update, in the event that matchingRules match the + // cluster state. + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinLength=1 + // +required + Name string `json:"name"` + + // message provides additional information about the risk of + // updating, in the event that matchingRules match the cluster + // state. This is only to be consumed by humans. It may + // contain Line Feed characters (U+000A), which should be + // rendered as new lines. + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinLength=1 + // +required + Message string `json:"message"` + + // matchingRules is a slice of conditions for deciding which + // clusters match the risk and which do not. The slice is + // ordered by decreasing precedence. The cluster-version + // operator will walk the slice in order, and stop after the + // first it can successfully evaluate. If no condition can be + // successfully evaluated, the update will not be recommended. + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinItems=1 + // +listType=atomic + // +required + MatchingRules []ClusterCondition `json:"matchingRules"` +} + +// ClusterCondition is a union of typed cluster conditions. The 'type' +// property determines which of the type-specific properties are relevant. +// When evaluated on a cluster, the condition may match, not match, or +// fail to evaluate. +// +k8s:deepcopy-gen=true +type ClusterCondition struct { + // type represents the cluster-condition type. This defines + // the members and semantics of any additional properties. + // +kubebuilder:validation:Required + // +kubebuilder:validation:Enum={"Always","PromQL"} + // +required + Type string `json:"type"` + + // promQL represents a cluster condition based on PromQL. + // +optional + PromQL *PromQLClusterCondition `json:"promql,omitempty"` +} + +// PromQLClusterCondition represents a cluster condition based on PromQL. +type PromQLClusterCondition struct { + // PromQL is a PromQL query classifying clusters. This query + // query should return a 1 in the match case and a 0 in the + // does-not-match case. Queries which return no time + // series, or which return values besides 0 or 1, are + // evaluation failures. + // +kubebuilder:validation:Required + // +required + PromQL string `json:"promql"` +} + // ClusterVersionList is a list of ClusterVersion resources. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +openshift:compatibility-gen:level=1 type ClusterVersionList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata"` diff --git a/vendor/github.com/openshift/api/config/v1/types_console.go b/vendor/github.com/openshift/api/config/v1/types_console.go index 9cda3f83b6..e1a1288276 100644 --- a/vendor/github.com/openshift/api/config/v1/types_console.go +++ b/vendor/github.com/openshift/api/config/v1/types_console.go @@ -1,6 +1,8 @@ package v1 -import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) // +genclient // +genclient:nonNamespaced @@ -9,9 +11,11 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" // Console holds cluster-wide configuration for the web console, including the // logout URL, and reports the public URL of the console. The canonical name is // `cluster`. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type Console struct { - metav1.TypeMeta `json:",inline"` - // Standard object's metadata. + metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` // spec holds user settable values for configuration @@ -38,11 +42,13 @@ type ConsoleStatus struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type ConsoleList struct { metav1.TypeMeta `json:",inline"` - // Standard object's metadata. metav1.ListMeta `json:"metadata"` - Items []Console `json:"items"` + + Items []Console `json:"items"` } // ConsoleAuthentication defines a list of optional configuration for console authentication. @@ -58,6 +64,6 @@ type ConsoleAuthentication struct { // provides the user the option to perform single logout (SLO) through the identity // provider to destroy their single sign-on session. // +optional - // +kubebuilder:validation:Pattern=^$|^((https):\/\/?)[^\s()<>]+(?:\([\w\d]+\)|([^[:punct:]\s]|\/?))$ + // +kubebuilder:validation:Pattern=`^$|^((https):\/\/?)[^\s()<>]+(?:\([\w\d]+\)|([^[:punct:]\s]|\/?))$` LogoutRedirect string `json:"logoutRedirect,omitempty"` } diff --git a/vendor/github.com/openshift/api/config/v1/types_dns.go b/vendor/github.com/openshift/api/config/v1/types_dns.go index ef04f7a67f..c223f828e1 100644 --- a/vendor/github.com/openshift/api/config/v1/types_dns.go +++ b/vendor/github.com/openshift/api/config/v1/types_dns.go @@ -7,9 +7,11 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // DNS holds cluster-wide information about DNS. The canonical name is `cluster` +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type DNS struct { - metav1.TypeMeta `json:",inline"` - // Standard object's metadata. + metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` // spec holds user settable values for configuration @@ -80,9 +82,11 @@ type DNSStatus struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type DNSList struct { metav1.TypeMeta `json:",inline"` - // Standard object's metadata. metav1.ListMeta `json:"metadata"` - Items []DNS `json:"items"` + + Items []DNS `json:"items"` } diff --git a/vendor/github.com/openshift/api/config/v1/types_feature.go b/vendor/github.com/openshift/api/config/v1/types_feature.go index 536bad191f..757517d2cc 100644 --- a/vendor/github.com/openshift/api/config/v1/types_feature.go +++ b/vendor/github.com/openshift/api/config/v1/types_feature.go @@ -7,9 +7,11 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // Feature holds cluster-wide information about feature gates. The canonical name is `cluster` +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type FeatureGate struct { - metav1.TypeMeta `json:",inline"` - // Standard object's metadata. + metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` // spec holds user settable values for configuration @@ -35,6 +37,9 @@ var ( // Because of its nature, this setting cannot be validated. If you have any typos or accidentally apply invalid combinations // your cluster may fail in an unrecoverable way. CustomNoUpgrade FeatureSet = "CustomNoUpgrade" + + // TopologyManager enables ToplogyManager support. Upgrades are enabled with this feature. + LatencySensitive FeatureSet = "LatencySensitive" ) type FeatureGateSpec struct { @@ -71,11 +76,13 @@ type FeatureGateStatus struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type FeatureGateList struct { metav1.TypeMeta `json:",inline"` - // Standard object's metadata. metav1.ListMeta `json:"metadata"` - Items []FeatureGate `json:"items"` + + Items []FeatureGate `json:"items"` } type FeatureGateEnabledDisabled struct { @@ -91,28 +98,111 @@ type FeatureGateEnabledDisabled struct { // version of this file. In this upgrade scenario the map could return nil. // // example: -// if featureSet, ok := FeatureSets["SomeNewFeature"]; ok { } +// +// if featureSet, ok := FeatureSets["SomeNewFeature"]; ok { } // // If you put an item in either of these lists, put your area and name on it so we can find owners. var FeatureSets = map[FeatureSet]*FeatureGateEnabledDisabled{ - Default: { - Enabled: []string{ - "ExperimentalCriticalPodAnnotation", // sig-pod, sjenning - "RotateKubeletServerCertificate", // sig-pod, sjenning - "SupportPodPidsLimit", // sig-pod, sjenning - }, - Disabled: []string{ - "LocalStorageCapacityIsolation", // sig-pod, sjenning - }, + Default: defaultFeatures, + CustomNoUpgrade: { + Enabled: []string{}, + Disabled: []string{}, }, - TechPreviewNoUpgrade: { - Enabled: []string{ - "ExperimentalCriticalPodAnnotation", // sig-pod, sjenning - "RotateKubeletServerCertificate", // sig-pod, sjenning - "SupportPodPidsLimit", // sig-pod, sjenning - }, - Disabled: []string{ - "LocalStorageCapacityIsolation", // sig-pod, sjenning - }, + TechPreviewNoUpgrade: newDefaultFeatures(). + with("ExternalCloudProvider"). // sig-cloud-provider, jspeed, OCP specific + with("CSIDriverSharedResource"). // sig-build, adkaplan, OCP specific + with("BuildCSIVolumes"). // sig-build, adkaplan, OCP specific + with("NodeSwap"). // sig-node, ehashman, Kubernetes feature gate + with("MachineAPIProviderOpenStack"). // openstack, egarcia (#forum-openstack), OCP specific + with("CGroupsV2"). // sig-node, harche, OCP specific + with("Crun"). // sig-node, haircommander, OCP specific + with("InsightsConfigAPI"). // insights, tremes (#ccx), OCP specific + with("CSIInlineVolumeAdmission"). // sig-storage, jdobson, OCP specific + with("MatchLabelKeysInPodTopologySpread"). // sig-scheduling, ingvagabund (#forum-workloads), Kubernetes feature gate + toFeatures(), + LatencySensitive: newDefaultFeatures(). + with( + "TopologyManager", // sig-pod, sjenning + ). + toFeatures(), +} + +var defaultFeatures = &FeatureGateEnabledDisabled{ + Enabled: []string{ + "APIPriorityAndFairness", // sig-apimachinery, deads2k + "RotateKubeletServerCertificate", // sig-pod, sjenning + "DownwardAPIHugePages", // sig-node, rphillips + "OpenShiftPodSecurityAdmission", // bz-auth, stlaz, OCP specific }, + Disabled: []string{}, +} + +type featureSetBuilder struct { + forceOn []string + forceOff []string +} + +func newDefaultFeatures() *featureSetBuilder { + return &featureSetBuilder{} +} + +func (f *featureSetBuilder) with(forceOn ...string) *featureSetBuilder { + f.forceOn = append(f.forceOn, forceOn...) + return f +} + +func (f *featureSetBuilder) without(forceOff ...string) *featureSetBuilder { + f.forceOff = append(f.forceOff, forceOff...) + return f +} + +func (f *featureSetBuilder) isForcedOff(needle string) bool { + for _, forcedOff := range f.forceOff { + if needle == forcedOff { + return true + } + } + return false +} + +func (f *featureSetBuilder) isForcedOn(needle string) bool { + for _, forceOn := range f.forceOn { + if needle == forceOn { + return true + } + } + return false +} + +func (f *featureSetBuilder) toFeatures() *FeatureGateEnabledDisabled { + finalOn := []string{} + finalOff := []string{} + + // only add the default enabled features if they haven't been explicitly set off + for _, defaultOn := range defaultFeatures.Enabled { + if !f.isForcedOff(defaultOn) { + finalOn = append(finalOn, defaultOn) + } + } + for _, currOn := range f.forceOn { + if f.isForcedOff(currOn) { + panic("coding error, you can't have features both on and off") + } + finalOn = append(finalOn, currOn) + } + + // only add the default disabled features if they haven't been explicitly set on + for _, defaultOff := range defaultFeatures.Disabled { + if !f.isForcedOn(defaultOff) { + finalOff = append(finalOff, defaultOff) + } + } + for _, currOff := range f.forceOff { + finalOff = append(finalOff, currOff) + } + + return &FeatureGateEnabledDisabled{ + Enabled: finalOn, + Disabled: finalOff, + } } diff --git a/vendor/github.com/openshift/api/config/v1/types_image.go b/vendor/github.com/openshift/api/config/v1/types_image.go index 94eb741167..08a31072d9 100644 --- a/vendor/github.com/openshift/api/config/v1/types_image.go +++ b/vendor/github.com/openshift/api/config/v1/types_image.go @@ -9,12 +9,14 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" // Image governs policies related to imagestream imports and runtime configuration // for external registries. It allows cluster admins to configure which registries // OpenShift is allowed to import images from, extra CA trust bundles for external -// registries, and policies to blacklist/whitelist registry hostnames. +// registries, and policies to block or allow registry hostnames. // When exposing OpenShift's image registry to the public, this also lets cluster // admins specify the external hostname. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type Image struct { - metav1.TypeMeta `json:",inline"` - // Standard object's metadata. + metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` // spec holds user settable values for configuration @@ -78,11 +80,13 @@ type ImageStatus struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type ImageList struct { metav1.TypeMeta `json:",inline"` - // Standard object's metadata. metav1.ListMeta `json:"metadata"` - Items []Image `json:"items"` + + Items []Image `json:"items"` } // RegistryLocation contains a location of the registry specified by the registry domain @@ -103,14 +107,22 @@ type RegistrySources struct { // insecureRegistries are registries which do not have a valid TLS certificates or only support HTTP connections. // +optional InsecureRegistries []string `json:"insecureRegistries,omitempty"` - // blockedRegistries are blacklisted from image pull/push. All other registries are allowed. + // blockedRegistries cannot be used for image pull and push actions. All other registries are permitted. // // Only one of BlockedRegistries or AllowedRegistries may be set. // +optional BlockedRegistries []string `json:"blockedRegistries,omitempty"` - // allowedRegistries are whitelisted for image pull/push. All other registries are blocked. + // allowedRegistries are the only registries permitted for image pull and push actions. All other registries are denied. // // Only one of BlockedRegistries or AllowedRegistries may be set. // +optional AllowedRegistries []string `json:"allowedRegistries,omitempty"` + // containerRuntimeSearchRegistries are registries that will be searched when pulling images that do not have fully qualified + // domains in their pull specs. Registries will be searched in the order provided in the list. + // Note: this search list only works with the container runtime, i.e CRI-O. Will NOT work with builds or imagestream imports. + // +optional + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:Format=hostname + // +listType=set + ContainerRuntimeSearchRegistries []string `json:"containerRuntimeSearchRegistries,omitempty"` } diff --git a/vendor/github.com/openshift/api/config/v1/types_image_content_policy.go b/vendor/github.com/openshift/api/config/v1/types_image_content_policy.go new file mode 100644 index 0000000000..8ccad9c53e --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/types_image_content_policy.go @@ -0,0 +1,89 @@ +package v1 + +import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + +// +genclient +// +genclient:nonNamespaced +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// ImageContentPolicy holds cluster-wide information about how to handle registry mirror rules. +// When multiple policies are defined, the outcome of the behavior is defined on each field. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +type ImageContentPolicy struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + // spec holds user settable values for configuration + // +kubebuilder:validation:Required + // +required + Spec ImageContentPolicySpec `json:"spec"` +} + +// ImageContentPolicySpec is the specification of the ImageContentPolicy CRD. +type ImageContentPolicySpec struct { + // repositoryDigestMirrors allows images referenced by image digests in pods to be + // pulled from alternative mirrored repository locations. The image pull specification + // provided to the pod will be compared to the source locations described in RepositoryDigestMirrors + // and the image may be pulled down from any of the mirrors in the list instead of the + // specified repository allowing administrators to choose a potentially faster mirror. + // To pull image from mirrors by tags, should set the "allowMirrorByTags". + // + // Each “source” repository is treated independently; configurations for different “source” + // repositories don’t interact. + // + // If the "mirrors" is not specified, the image will continue to be pulled from the specified + // repository in the pull spec. + // + // When multiple policies are defined for the same “source” repository, the sets of defined + // mirrors will be merged together, preserving the relative order of the mirrors, if possible. + // For example, if policy A has mirrors `a, b, c` and policy B has mirrors `c, d, e`, the + // mirrors will be used in the order `a, b, c, d, e`. If the orders of mirror entries conflict + // (e.g. `a, b` vs. `b, a`) the configuration is not rejected but the resulting order is unspecified. + // +optional + // +listType=map + // +listMapKey=source + RepositoryDigestMirrors []RepositoryDigestMirrors `json:"repositoryDigestMirrors"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// ImageContentPolicyList lists the items in the ImageContentPolicy CRD. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +type ImageContentPolicyList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata"` + + Items []ImageContentPolicy `json:"items"` +} + +// RepositoryDigestMirrors holds cluster-wide information about how to handle mirrors in the registries config. +type RepositoryDigestMirrors struct { + // source is the repository that users refer to, e.g. in image pull specifications. + // +required + // +kubebuilder:validation:Required + // +kubebuilder:validation:Pattern=`^(([a-zA-Z]|[a-zA-Z][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z]|[A-Za-z][A-Za-z0-9\-]*[A-Za-z0-9])(:[0-9]+)?(\/[^\/:\n]+)*(\/[^\/:\n]+((:[^\/:\n]+)|(@[^\n]+)))?$` + Source string `json:"source"` + // allowMirrorByTags if true, the mirrors can be used to pull the images that are referenced by their tags. Default is false, the mirrors only work when pulling the images that are referenced by their digests. + // Pulling images by tag can potentially yield different images, depending on which endpoint + // we pull from. Forcing digest-pulls for mirrors avoids that issue. + // +optional + AllowMirrorByTags bool `json:"allowMirrorByTags,omitempty"` + // mirrors is zero or more repositories that may also contain the same images. + // If the "mirrors" is not specified, the image will continue to be pulled from the specified + // repository in the pull spec. No mirror will be configured. + // The order of mirrors in this list is treated as the user's desired priority, while source + // is by default considered lower priority than all mirrors. Other cluster configuration, + // including (but not limited to) other repositoryDigestMirrors objects, + // may impact the exact order mirrors are contacted in, or some mirrors may be contacted + // in parallel, so this should be considered a preference rather than a guarantee of ordering. + // +optional + // +listType=set + Mirrors []Mirror `json:"mirrors,omitempty"` +} + +// +kubebuilder:validation:Pattern=`^(([a-zA-Z]|[a-zA-Z][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z]|[A-Za-z][A-Za-z0-9\-]*[A-Za-z0-9])(:[0-9]+)?(\/[^\/:\n]+)*(\/[^\/:\n]+((:[^\/:\n]+)|(@[^\n]+)))?$` +type Mirror string diff --git a/vendor/github.com/openshift/api/config/v1/types_image_digest_mirror_set.go b/vendor/github.com/openshift/api/config/v1/types_image_digest_mirror_set.go new file mode 100644 index 0000000000..b84f65e119 --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/types_image_digest_mirror_set.go @@ -0,0 +1,131 @@ +package v1 + +import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + +// +genclient +// +genclient:nonNamespaced +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// ImageDigestMirrorSet holds cluster-wide information about how to handle registry mirror rules on using digest pull specification. +// When multiple policies are defined, the outcome of the behavior is defined on each field. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +type ImageDigestMirrorSet struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + // spec holds user settable values for configuration + // +kubebuilder:validation:Required + // +required + Spec ImageDigestMirrorSetSpec `json:"spec"` + // status contains the observed state of the resource. + // +optional + Status ImageDigestMirrorSetStatus `json:"status,omitempty"` +} + +// ImageDigestMirrorSetSpec is the specification of the ImageDigestMirrorSet CRD. +type ImageDigestMirrorSetSpec struct { + // imageDigestMirrors allows images referenced by image digests in pods to be + // pulled from alternative mirrored repository locations. The image pull specification + // provided to the pod will be compared to the source locations described in imageDigestMirrors + // and the image may be pulled down from any of the mirrors in the list instead of the + // specified repository allowing administrators to choose a potentially faster mirror. + // To use mirrors to pull images using tag specification, users should configure + // a list of mirrors using "ImageTagMirrorSet" CRD. + // + // If the image pull specification matches the repository of "source" in multiple imagedigestmirrorset objects, + // only the objects which define the most specific namespace match will be used. + // For example, if there are objects using quay.io/libpod and quay.io/libpod/busybox as + // the "source", only the objects using quay.io/libpod/busybox are going to apply + // for pull specification quay.io/libpod/busybox. + // Each “source” repository is treated independently; configurations for different “source” + // repositories don’t interact. + // + // If the "mirrors" is not specified, the image will continue to be pulled from the specified + // repository in the pull spec. + // + // When multiple policies are defined for the same “source” repository, the sets of defined + // mirrors will be merged together, preserving the relative order of the mirrors, if possible. + // For example, if policy A has mirrors `a, b, c` and policy B has mirrors `c, d, e`, the + // mirrors will be used in the order `a, b, c, d, e`. If the orders of mirror entries conflict + // (e.g. `a, b` vs. `b, a`) the configuration is not rejected but the resulting order is unspecified. + // Users who want to use a specific order of mirrors, should configure them into one list of mirrors using the expected order. + // +optional + // +listType=atomic + ImageDigestMirrors []ImageDigestMirrors `json:"imageDigestMirrors"` +} + +type ImageDigestMirrorSetStatus struct{} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// ImageDigestMirrorSetList lists the items in the ImageDigestMirrorSet CRD. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +type ImageDigestMirrorSetList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata"` + + Items []ImageDigestMirrorSet `json:"items"` +} + +// +kubebuilder:validation:Pattern=`^((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:(?:\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+)?(?::[0-9]+)?)(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$` +type ImageMirror string + +// MirrorSourcePolicy defines the fallback policy if fails to pull image from the mirrors. +// +kubebuilder:validation:Enum=NeverContactSource;AllowContactingSource +type MirrorSourcePolicy string + +const ( + // NeverContactSource prevents image pull from the specified repository in the pull spec if the image pull from the mirror list fails. + NeverContactSource MirrorSourcePolicy = "NeverContactSource" + + // AllowContactingSource allows falling back to the specified repository in the pull spec if the image pull from the mirror list fails. + AllowContactingSource MirrorSourcePolicy = "AllowContactingSource" +) + +// ImageDigestMirrors holds cluster-wide information about how to handle mirrors in the registries config. +type ImageDigestMirrors struct { + // source matches the repository that users refer to, e.g. in image pull specifications. Setting source to a registry hostname + // e.g. docker.io. quay.io, or registry.redhat.io, will match the image pull specification of corressponding registry. + // "source" uses one of the following formats: + // host[:port] + // host[:port]/namespace[/namespace…] + // host[:port]/namespace[/namespace…]/repo + // [*.]host + // for more information about the format, see the document about the location field: + // https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md#choosing-a-registry-toml-table + // +required + // +kubebuilder:validation:Required + // +kubebuilder:validation:Pattern=`^\*(?:\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+$|^((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:(?:\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+)?(?::[0-9]+)?)(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$` + Source string `json:"source"` + // mirrors is zero or more locations that may also contain the same images. No mirror will be configured if not specified. + // Images can be pulled from these mirrors only if they are referenced by their digests. + // The mirrored location is obtained by replacing the part of the input reference that + // matches source by the mirrors entry, e.g. for registry.redhat.io/product/repo reference, + // a (source, mirror) pair *.redhat.io, mirror.local/redhat causes a mirror.local/redhat/product/repo + // repository to be used. + // The order of mirrors in this list is treated as the user's desired priority, while source + // is by default considered lower priority than all mirrors. + // If no mirror is specified or all image pulls from the mirror list fail, the image will continue to be + // pulled from the repository in the pull spec unless explicitly prohibited by "mirrorSourcePolicy" + // Other cluster configuration, including (but not limited to) other imageDigestMirrors objects, + // may impact the exact order mirrors are contacted in, or some mirrors may be contacted + // in parallel, so this should be considered a preference rather than a guarantee of ordering. + // "mirrors" uses one of the following formats: + // host[:port] + // host[:port]/namespace[/namespace…] + // host[:port]/namespace[/namespace…]/repo + // for more information about the format, see the document about the location field: + // https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md#choosing-a-registry-toml-table + // +optional + // +listType=set + Mirrors []ImageMirror `json:"mirrors,omitempty"` + // mirrorSourcePolicy defines the fallback policy if fails to pull image from the mirrors. + // If unset, the image will continue to be pulled from the the repository in the pull spec. + // sourcePolicy is valid configuration only when one or more mirrors are in the mirror list. + // +optional + MirrorSourcePolicy MirrorSourcePolicy `json:"mirrorSourcePolicy,omitempty"` +} diff --git a/vendor/github.com/openshift/api/config/v1/types_image_tag_mirror_set.go b/vendor/github.com/openshift/api/config/v1/types_image_tag_mirror_set.go new file mode 100644 index 0000000000..9d643e7082 --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/types_image_tag_mirror_set.go @@ -0,0 +1,118 @@ +package v1 + +import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + +// +genclient +// +genclient:nonNamespaced +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// ImageTagMirrorSet holds cluster-wide information about how to handle registry mirror rules on using tag pull specification. +// When multiple policies are defined, the outcome of the behavior is defined on each field. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +type ImageTagMirrorSet struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + // spec holds user settable values for configuration + // +kubebuilder:validation:Required + // +required + Spec ImageTagMirrorSetSpec `json:"spec"` + // status contains the observed state of the resource. + // +optional + Status ImageTagMirrorSetStatus `json:"status,omitempty"` +} + +// ImageTagMirrorSetSpec is the specification of the ImageTagMirrorSet CRD. +type ImageTagMirrorSetSpec struct { + // imageTagMirrors allows images referenced by image tags in pods to be + // pulled from alternative mirrored repository locations. The image pull specification + // provided to the pod will be compared to the source locations described in imageTagMirrors + // and the image may be pulled down from any of the mirrors in the list instead of the + // specified repository allowing administrators to choose a potentially faster mirror. + // To use mirrors to pull images using digest specification only, users should configure + // a list of mirrors using "ImageDigestMirrorSet" CRD. + // + // If the image pull specification matches the repository of "source" in multiple imagetagmirrorset objects, + // only the objects which define the most specific namespace match will be used. + // For example, if there are objects using quay.io/libpod and quay.io/libpod/busybox as + // the "source", only the objects using quay.io/libpod/busybox are going to apply + // for pull specification quay.io/libpod/busybox. + // Each “source” repository is treated independently; configurations for different “source” + // repositories don’t interact. + // + // If the "mirrors" is not specified, the image will continue to be pulled from the specified + // repository in the pull spec. + // + // When multiple policies are defined for the same “source” repository, the sets of defined + // mirrors will be merged together, preserving the relative order of the mirrors, if possible. + // For example, if policy A has mirrors `a, b, c` and policy B has mirrors `c, d, e`, the + // mirrors will be used in the order `a, b, c, d, e`. If the orders of mirror entries conflict + // (e.g. `a, b` vs. `b, a`) the configuration is not rejected but the resulting order is unspecified. + // Users who want to use a deterministic order of mirrors, should configure them into one list of mirrors using the expected order. + // +optional + // +listType=atomic + ImageTagMirrors []ImageTagMirrors `json:"imageTagMirrors"` +} + +type ImageTagMirrorSetStatus struct{} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// ImageTagMirrorSetList lists the items in the ImageTagMirrorSet CRD. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +type ImageTagMirrorSetList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata"` + + Items []ImageTagMirrorSet `json:"items"` +} + +// ImageTagMirrors holds cluster-wide information about how to handle mirrors in the registries config. +type ImageTagMirrors struct { + // source matches the repository that users refer to, e.g. in image pull specifications. Setting source to a registry hostname + // e.g. docker.io. quay.io, or registry.redhat.io, will match the image pull specification of corressponding registry. + // "source" uses one of the following formats: + // host[:port] + // host[:port]/namespace[/namespace…] + // host[:port]/namespace[/namespace…]/repo + // [*.]host + // for more information about the format, see the document about the location field: + // https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md#choosing-a-registry-toml-table + // +required + // +kubebuilder:validation:Required + // +kubebuilder:validation:Pattern=`^\*(?:\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+$|^((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:(?:\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+)?(?::[0-9]+)?)(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$` + Source string `json:"source"` + // mirrors is zero or more locations that may also contain the same images. No mirror will be configured if not specified. + // Images can be pulled from these mirrors only if they are referenced by their tags. + // The mirrored location is obtained by replacing the part of the input reference that + // matches source by the mirrors entry, e.g. for registry.redhat.io/product/repo reference, + // a (source, mirror) pair *.redhat.io, mirror.local/redhat causes a mirror.local/redhat/product/repo + // repository to be used. + // Pulling images by tag can potentially yield different images, depending on which endpoint we pull from. + // Configuring a list of mirrors using "ImageDigestMirrorSet" CRD and forcing digest-pulls for mirrors avoids that issue. + // The order of mirrors in this list is treated as the user's desired priority, while source + // is by default considered lower priority than all mirrors. + // If no mirror is specified or all image pulls from the mirror list fail, the image will continue to be + // pulled from the repository in the pull spec unless explicitly prohibited by "mirrorSourcePolicy". + // Other cluster configuration, including (but not limited to) other imageTagMirrors objects, + // may impact the exact order mirrors are contacted in, or some mirrors may be contacted + // in parallel, so this should be considered a preference rather than a guarantee of ordering. + // "mirrors" uses one of the following formats: + // host[:port] + // host[:port]/namespace[/namespace…] + // host[:port]/namespace[/namespace…]/repo + // for more information about the format, see the document about the location field: + // https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md#choosing-a-registry-toml-table + // +optional + // +listType=set + Mirrors []ImageMirror `json:"mirrors,omitempty"` + // mirrorSourcePolicy defines the fallback policy if fails to pull image from the mirrors. + // If unset, the image will continue to be pulled from the repository in the pull spec. + // sourcePolicy is valid configuration only when one or more mirrors are in the mirror list. + // +optional + MirrorSourcePolicy MirrorSourcePolicy `json:"mirrorSourcePolicy,omitempty"` +} diff --git a/vendor/github.com/openshift/api/config/v1/types_infrastructure.go b/vendor/github.com/openshift/api/config/v1/types_infrastructure.go index 4632e6ada0..f1f1697a70 100644 --- a/vendor/github.com/openshift/api/config/v1/types_infrastructure.go +++ b/vendor/github.com/openshift/api/config/v1/types_infrastructure.go @@ -5,11 +5,14 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" // +genclient // +genclient:nonNamespaced // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:subresource:status // Infrastructure holds cluster-wide information about Infrastructure. The canonical name is `cluster` +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type Infrastructure struct { - metav1.TypeMeta `json:",inline"` - // Standard object's metadata. + metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` // spec holds user settable values for configuration @@ -27,8 +30,21 @@ type InfrastructureSpec struct { // This configuration file is used to configure the Kubernetes cloud provider integration // when using the built-in cloud provider integration or the external cloud controller manager. // The namespace for this config map is openshift-config. + // + // cloudConfig should only be consumed by the kube_cloud_config controller. + // The controller is responsible for using the user configuration in the spec + // for various platforms and combining that with the user provided ConfigMap in this field + // to create a stitched kube cloud config. + // The controller generates a ConfigMap `kube-cloud-config` in `openshift-config-managed` namespace + // with the kube cloud config is stored in `cloud.conf` key. + // All the clients are expected to use the generated ConfigMap only. + // // +optional CloudConfig ConfigMapFileReference `json:"cloudConfig"` + + // platformSpec holds desired information specific to the underlying + // infrastructure provider. + PlatformSpec PlatformSpec `json:"platformSpec,omitempty"` } // InfrastructureStatus describes the infrastructure the cluster is leveraging. @@ -51,21 +67,64 @@ type InfrastructureStatus struct { // etcdDiscoveryDomain is the domain used to fetch the SRV records for discovering // etcd servers and clients. // For more info: https://github.com/etcd-io/etcd/blob/329be66e8b3f9e2e6af83c123ff89297e49ebd15/Documentation/op-guide/clustering.md#dns-discovery + // deprecated: as of 4.7, this field is no longer set or honored. It will be removed in a future release. EtcdDiscoveryDomain string `json:"etcdDiscoveryDomain"` - // apiServerURL is a valid URI with scheme(http/https), address and - // port. apiServerURL can be used by components like the web console + // apiServerURL is a valid URI with scheme 'https', address and + // optionally a port (defaulting to 443). apiServerURL can be used by components like the web console // to tell users where to find the Kubernetes API. APIServerURL string `json:"apiServerURL"` - // apiServerInternalURL is a valid URI with scheme(http/https), - // address and port. apiServerInternalURL can be used by components + // apiServerInternalURL is a valid URI with scheme 'https', + // address and optionally a port (defaulting to 443). apiServerInternalURL can be used by components // like kubelets, to contact the Kubernetes API server using the // infrastructure provider rather than Kubernetes networking. APIServerInternalURL string `json:"apiServerInternalURI"` + + // controlPlaneTopology expresses the expectations for operands that normally run on control nodes. + // The default is 'HighlyAvailable', which represents the behavior operators have in a "normal" cluster. + // The 'SingleReplica' mode will be used in single-node deployments + // and the operators should not configure the operand for highly-available operation + // The 'External' mode indicates that the control plane is hosted externally to the cluster and that + // its components are not visible within the cluster. + // +kubebuilder:default=HighlyAvailable + // +kubebuilder:validation:Enum=HighlyAvailable;SingleReplica;External + ControlPlaneTopology TopologyMode `json:"controlPlaneTopology"` + + // infrastructureTopology expresses the expectations for infrastructure services that do not run on control + // plane nodes, usually indicated by a node selector for a `role` value + // other than `master`. + // The default is 'HighlyAvailable', which represents the behavior operators have in a "normal" cluster. + // The 'SingleReplica' mode will be used in single-node deployments + // and the operators should not configure the operand for highly-available operation + // NOTE: External topology mode is not applicable for this field. + // +kubebuilder:default=HighlyAvailable + // +kubebuilder:validation:Enum=HighlyAvailable;SingleReplica + InfrastructureTopology TopologyMode `json:"infrastructureTopology"` } +// TopologyMode defines the topology mode of the control/infra nodes. +// NOTE: Enum validation is specified in each field that uses this type, +// given that External value is not applicable to the InfrastructureTopology +// field. +type TopologyMode string + +const ( + // "HighlyAvailable" is for operators to configure high-availability as much as possible. + HighlyAvailableTopologyMode TopologyMode = "HighlyAvailable" + + // "SingleReplica" is for operators to avoid spending resources for high-availability purpose. + SingleReplicaTopologyMode TopologyMode = "SingleReplica" + + // "External" indicates that the component is running externally to the cluster. When specified + // as the control plane topology, operators should avoid scheduling workloads to masters or assume + // that any of the control plane components such as kubernetes API server or etcd are visible within + // the cluster. + ExternalTopologyMode TopologyMode = "External" +) + // PlatformType is a specific supported infrastructure provider. +// +kubebuilder:validation:Enum="";AWS;Azure;BareMetal;GCP;Libvirt;OpenStack;None;VSphere;oVirt;IBMCloud;KubeVirt;EquinixMetal;PowerVS;AlibabaCloud;Nutanix;External type PlatformType string const ( @@ -95,8 +154,165 @@ const ( // OvirtPlatformType represents oVirt/RHV infrastructure. OvirtPlatformType PlatformType = "oVirt" + + // IBMCloudPlatformType represents IBM Cloud infrastructure. + IBMCloudPlatformType PlatformType = "IBMCloud" + + // KubevirtPlatformType represents KubeVirt/Openshift Virtualization infrastructure. + KubevirtPlatformType PlatformType = "KubeVirt" + + // EquinixMetalPlatformType represents Equinix Metal infrastructure. + EquinixMetalPlatformType PlatformType = "EquinixMetal" + + // PowerVSPlatformType represents IBM Power Systems Virtual Servers infrastructure. + PowerVSPlatformType PlatformType = "PowerVS" + + // AlibabaCloudPlatformType represents Alibaba Cloud infrastructure. + AlibabaCloudPlatformType PlatformType = "AlibabaCloud" + + // NutanixPlatformType represents Nutanix infrastructure. + NutanixPlatformType PlatformType = "Nutanix" + + // ExternalPlatformType represents generic infrastructure provider. Platform-specific components should be supplemented separately. + ExternalPlatformType PlatformType = "External" ) +// IBMCloudProviderType is a specific supported IBM Cloud provider cluster type +type IBMCloudProviderType string + +const ( + // Classic means that the IBM Cloud cluster is using classic infrastructure + IBMCloudProviderTypeClassic IBMCloudProviderType = "Classic" + + // VPC means that the IBM Cloud cluster is using VPC infrastructure + IBMCloudProviderTypeVPC IBMCloudProviderType = "VPC" + + // IBMCloudProviderTypeUPI means that the IBM Cloud cluster is using user provided infrastructure. + // This is utilized in IBM Cloud Satellite environments. + IBMCloudProviderTypeUPI IBMCloudProviderType = "UPI" +) + +// CloudControllerManagerState defines whether Cloud Controller Manager presence is expected or not +type CloudControllerManagerState string + +const ( + // Cloud Controller Manager is enabled and expected to be installed. + // This value indicates that new nodes should be tainted as uninitialized when created, + // preventing them from running workloads until they are initialized by the cloud controller manager. + CloudControllerManagerExternal CloudControllerManagerState = "External" + + // Cloud Controller Manager is disabled and not expected to be installed. + // This value indicates that new nodes should not be tainted + // and no extra node initialization is expected from the cloud controller manager. + CloudControllerManagerNone CloudControllerManagerState = "None" +) + +// CloudControllerManagerSpec holds Cloud Controller Manager (a.k.a. CCM or CPI) related settings +type CloudControllerManagerSpec struct { + // state determines whether or not an external Cloud Controller Manager is expected to + // be installed within the cluster. + // https://kubernetes.io/docs/tasks/administer-cluster/running-cloud-controller/#running-cloud-controller-manager + // + // When set to "External", new nodes will be tainted as uninitialized when created, + // preventing them from running workloads until they are initialized by the cloud controller manager. + // When omitted or set to "None", new nodes will be not tainted + // and no extra initialization from the cloud controller manager is expected. + // +kubebuilder:validation:Enum="";External;None + // +optional + State CloudControllerManagerState `json:"state"` +} + +// ExternalPlatformSpec holds the desired state for the generic External infrastructure provider. +type ExternalPlatformSpec struct { + // PlatformName holds the arbitrary string representing the infrastructure provider name, expected to be set at the installation time. + // This field is solely for informational and reporting purposes and is not expected to be used for decision-making. + // +kubebuilder:default:="Unknown" + // +default="Unknown" + // +kubebuilder:validation:XValidation:rule="oldSelf == 'Unknown' || self == oldSelf",message="platform name cannot be changed once set" + // +optional + PlatformName string `json:"platformName,omitempty"` + // CloudControllerManager contains settings specific to the external Cloud Controller Manager (a.k.a. CCM or CPI) + // +optional + CloudControllerManager CloudControllerManagerSpec `json:"cloudControllerManager"` +} + +// PlatformSpec holds the desired state specific to the underlying infrastructure provider +// of the current cluster. Since these are used at spec-level for the underlying cluster, it +// is supposed that only one of the spec structs is set. +type PlatformSpec struct { + // type is the underlying infrastructure provider for the cluster. This + // value controls whether infrastructure automation such as service load + // balancers, dynamic volume provisioning, machine creation and deletion, and + // other integrations are enabled. If None, no infrastructure automation is + // enabled. Allowed values are "AWS", "Azure", "BareMetal", "GCP", "Libvirt", + // "OpenStack", "VSphere", "oVirt", "KubeVirt", "EquinixMetal", "PowerVS", + // "AlibabaCloud", "Nutanix" and "None". Individual components may not support all platforms, + // and must handle unrecognized platforms as None if they do not support that platform. + // + // +unionDiscriminator + Type PlatformType `json:"type"` + + // AWS contains settings specific to the Amazon Web Services infrastructure provider. + // +optional + AWS *AWSPlatformSpec `json:"aws,omitempty"` + + // Azure contains settings specific to the Azure infrastructure provider. + // +optional + Azure *AzurePlatformSpec `json:"azure,omitempty"` + + // GCP contains settings specific to the Google Cloud Platform infrastructure provider. + // +optional + GCP *GCPPlatformSpec `json:"gcp,omitempty"` + + // BareMetal contains settings specific to the BareMetal platform. + // +optional + BareMetal *BareMetalPlatformSpec `json:"baremetal,omitempty"` + + // OpenStack contains settings specific to the OpenStack infrastructure provider. + // +optional + OpenStack *OpenStackPlatformSpec `json:"openstack,omitempty"` + + // Ovirt contains settings specific to the oVirt infrastructure provider. + // +optional + Ovirt *OvirtPlatformSpec `json:"ovirt,omitempty"` + + // VSphere contains settings specific to the VSphere infrastructure provider. + // +optional + VSphere *VSpherePlatformSpec `json:"vsphere,omitempty"` + + // IBMCloud contains settings specific to the IBMCloud infrastructure provider. + // +optional + IBMCloud *IBMCloudPlatformSpec `json:"ibmcloud,omitempty"` + + // Kubevirt contains settings specific to the kubevirt infrastructure provider. + // +optional + Kubevirt *KubevirtPlatformSpec `json:"kubevirt,omitempty"` + + // EquinixMetal contains settings specific to the Equinix Metal infrastructure provider. + // +optional + EquinixMetal *EquinixMetalPlatformSpec `json:"equinixMetal,omitempty"` + + // PowerVS contains settings specific to the IBM Power Systems Virtual Servers infrastructure provider. + // +optional + PowerVS *PowerVSPlatformSpec `json:"powervs,omitempty"` + + // AlibabaCloud contains settings specific to the Alibaba Cloud infrastructure provider. + // +optional + AlibabaCloud *AlibabaCloudPlatformSpec `json:"alibabaCloud,omitempty"` + + // Nutanix contains settings specific to the Nutanix infrastructure provider. + // +optional + Nutanix *NutanixPlatformSpec `json:"nutanix,omitempty"` + + // ExternalPlatformType represents generic infrastructure provider. + // Platform-specific components should be supplemented separately. + // +optional + External *ExternalPlatformSpec `json:"external,omitempty"` +} + +// ExternalPlatformStatus holds the current status of the generic External infrastructure provider. +type ExternalPlatformStatus struct{} + // PlatformStatus holds the current status specific to the underlying infrastructure provider // of the current cluster. Since these are used at status-level for the underlying cluster, it // is supposed that only one of the status structs is set. @@ -106,9 +322,12 @@ type PlatformStatus struct { // balancers, dynamic volume provisioning, machine creation and deletion, and // other integrations are enabled. If None, no infrastructure automation is // enabled. Allowed values are "AWS", "Azure", "BareMetal", "GCP", "Libvirt", - // "OpenStack", "VSphere", "oVirt", and "None". Individual components may not support - // all platforms, and must handle unrecognized platforms as None if they do - // not support that platform. + // "OpenStack", "VSphere", "oVirt", "EquinixMetal", "PowerVS", "AlibabaCloud", "Nutanix" and "None". + // Individual components may not support all platforms, and must handle + // unrecognized platforms as None if they do not support that platform. + // + // This value will be synced with to the `status.platform` and `status.platformStatus.type`. + // Currently this value cannot be changed once set. Type PlatformType `json:"type"` // AWS contains settings specific to the Amazon Web Services infrastructure provider. @@ -130,20 +349,162 @@ type PlatformStatus struct { // OpenStack contains settings specific to the OpenStack infrastructure provider. // +optional OpenStack *OpenStackPlatformStatus `json:"openstack,omitempty"` + + // Ovirt contains settings specific to the oVirt infrastructure provider. + // +optional + Ovirt *OvirtPlatformStatus `json:"ovirt,omitempty"` + + // VSphere contains settings specific to the VSphere infrastructure provider. + // +optional + VSphere *VSpherePlatformStatus `json:"vsphere,omitempty"` + + // IBMCloud contains settings specific to the IBMCloud infrastructure provider. + // +optional + IBMCloud *IBMCloudPlatformStatus `json:"ibmcloud,omitempty"` + + // Kubevirt contains settings specific to the kubevirt infrastructure provider. + // +optional + Kubevirt *KubevirtPlatformStatus `json:"kubevirt,omitempty"` + + // EquinixMetal contains settings specific to the Equinix Metal infrastructure provider. + // +optional + EquinixMetal *EquinixMetalPlatformStatus `json:"equinixMetal,omitempty"` + + // PowerVS contains settings specific to the Power Systems Virtual Servers infrastructure provider. + // +optional + PowerVS *PowerVSPlatformStatus `json:"powervs,omitempty"` + + // AlibabaCloud contains settings specific to the Alibaba Cloud infrastructure provider. + // +optional + AlibabaCloud *AlibabaCloudPlatformStatus `json:"alibabaCloud,omitempty"` + + // Nutanix contains settings specific to the Nutanix infrastructure provider. + // +optional + Nutanix *NutanixPlatformStatus `json:"nutanix,omitempty"` + + // External contains settings specific to the generic External infrastructure provider. + // +optional + External *ExternalPlatformStatus `json:"external,omitempty"` +} + +// AWSServiceEndpoint store the configuration of a custom url to +// override existing defaults of AWS Services. +type AWSServiceEndpoint struct { + // name is the name of the AWS service. + // The list of all the service names can be found at https://docs.aws.amazon.com/general/latest/gr/aws-service-information.html + // This must be provided and cannot be empty. + // + // +kubebuilder:validation:Pattern=`^[a-z0-9-]+$` + Name string `json:"name"` + + // url is fully qualified URI with scheme https, that overrides the default generated + // endpoint for a client. + // This must be provided and cannot be empty. + // + // +kubebuilder:validation:Pattern=`^https://` + URL string `json:"url"` +} + +// AWSPlatformSpec holds the desired state of the Amazon Web Services infrastructure provider. +// This only includes fields that can be modified in the cluster. +type AWSPlatformSpec struct { + // serviceEndpoints list contains custom endpoints which will override default + // service endpoint of AWS Services. + // There must be only one ServiceEndpoint for a service. + // +optional + ServiceEndpoints []AWSServiceEndpoint `json:"serviceEndpoints,omitempty"` } // AWSPlatformStatus holds the current status of the Amazon Web Services infrastructure provider. type AWSPlatformStatus struct { // region holds the default AWS region for new AWS resources created by the cluster. Region string `json:"region"` + + // ServiceEndpoints list contains custom endpoints which will override default + // service endpoint of AWS Services. + // There must be only one ServiceEndpoint for a service. + // +optional + ServiceEndpoints []AWSServiceEndpoint `json:"serviceEndpoints,omitempty"` + + // resourceTags is a list of additional tags to apply to AWS resources created for the cluster. + // See https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html for information on tagging AWS resources. + // AWS supports a maximum of 50 tags per resource. OpenShift reserves 25 tags for its use, leaving 25 tags + // available for the user. + // +kubebuilder:validation:MaxItems=25 + // +optional + ResourceTags []AWSResourceTag `json:"resourceTags,omitempty"` } +// AWSResourceTag is a tag to apply to AWS resources created for the cluster. +type AWSResourceTag struct { + // key is the key of the tag + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=128 + // +kubebuilder:validation:Pattern=`^[0-9A-Za-z_.:/=+-@]+$` + // +required + Key string `json:"key"` + // value is the value of the tag. + // Some AWS service do not support empty values. Since tags are added to resources in many services, the + // length of the tag value must meet the requirements of all services. + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=256 + // +kubebuilder:validation:Pattern=`^[0-9A-Za-z_.:/=+-@]+$` + // +required + Value string `json:"value"` +} + +// AzurePlatformSpec holds the desired state of the Azure infrastructure provider. +// This only includes fields that can be modified in the cluster. +type AzurePlatformSpec struct{} + // AzurePlatformStatus holds the current status of the Azure infrastructure provider. type AzurePlatformStatus struct { // resourceGroupName is the Resource Group for new Azure resources created for the cluster. ResourceGroupName string `json:"resourceGroupName"` + + // networkResourceGroupName is the Resource Group for network resources like the Virtual Network and Subnets used by the cluster. + // If empty, the value is same as ResourceGroupName. + // +optional + NetworkResourceGroupName string `json:"networkResourceGroupName,omitempty"` + + // cloudName is the name of the Azure cloud environment which can be used to configure the Azure SDK + // with the appropriate Azure API endpoints. + // If empty, the value is equal to `AzurePublicCloud`. + // +optional + CloudName AzureCloudEnvironment `json:"cloudName,omitempty"` + + // armEndpoint specifies a URL to use for resource management in non-soverign clouds such as Azure Stack. + // +optional + ARMEndpoint string `json:"armEndpoint,omitempty"` } +// AzureCloudEnvironment is the name of the Azure cloud environment +// +kubebuilder:validation:Enum="";AzurePublicCloud;AzureUSGovernmentCloud;AzureChinaCloud;AzureGermanCloud;AzureStackCloud +type AzureCloudEnvironment string + +const ( + // AzurePublicCloud is the general-purpose, public Azure cloud environment. + AzurePublicCloud AzureCloudEnvironment = "AzurePublicCloud" + + // AzureUSGovernmentCloud is the Azure cloud environment for the US government. + AzureUSGovernmentCloud AzureCloudEnvironment = "AzureUSGovernmentCloud" + + // AzureChinaCloud is the Azure cloud environment used in China. + AzureChinaCloud AzureCloudEnvironment = "AzureChinaCloud" + + // AzureGermanCloud is the Azure cloud environment used in Germany. + AzureGermanCloud AzureCloudEnvironment = "AzureGermanCloud" + + // AzureStackCloud is the Azure cloud environment used at the edge and on premises. + AzureStackCloud AzureCloudEnvironment = "AzureStackCloud" +) + +// GCPPlatformSpec holds the desired state of the Google Cloud Platform infrastructure provider. +// This only includes fields that can be modified in the cluster. +type GCPPlatformSpec struct{} + // GCPPlatformStatus holds the current status of the Google Cloud Platform infrastructure provider. type GCPPlatformStatus struct { // resourceGroupName is the Project ID for new GCP resources created for the cluster. @@ -153,18 +514,47 @@ type GCPPlatformStatus struct { Region string `json:"region"` } +// BareMetalPlatformSpec holds the desired state of the BareMetal infrastructure provider. +// This only includes fields that can be modified in the cluster. +type BareMetalPlatformSpec struct{} + // BareMetalPlatformStatus holds the current status of the BareMetal infrastructure provider. +// For more information about the network architecture used with the BareMetal platform type, see: +// https://github.com/openshift/installer/blob/master/docs/design/baremetal/networking-infrastructure.md type BareMetalPlatformStatus struct { // apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used // by components inside the cluster, like kubelets using the infrastructure rather // than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI // points to. It is the IP for a self-hosted load balancer in front of the API servers. + // + // Deprecated: Use APIServerInternalIPs instead. APIServerInternalIP string `json:"apiServerInternalIP,omitempty"` + // apiServerInternalIPs are the IP addresses to contact the Kubernetes API + // server that can be used by components inside the cluster, like kubelets + // using the infrastructure rather than Kubernetes networking. These are the + // IPs for a self-hosted load balancer in front of the API servers. In dual + // stack clusters this list contains two IPs otherwise only one. + // + // +kubebuilder:validation:Format=ip + // +kubebuilder:validation:MaxItems=2 + APIServerInternalIPs []string `json:"apiServerInternalIPs"` + // ingressIP is an external IP which routes to the default ingress controller. // The IP is a suitable target of a wildcard DNS record used to resolve default route host names. + // + // Deprecated: Use IngressIPs instead. IngressIP string `json:"ingressIP,omitempty"` + // ingressIPs are the external IPs which route to the default ingress + // controller. The IPs are suitable targets of a wildcard DNS record used to + // resolve default route host names. In dual stack clusters this list + // contains two IPs otherwise only one. + // + // +kubebuilder:validation:Format=ip + // +kubebuilder:validation:MaxItems=2 + IngressIPs []string `json:"ingressIPs"` + // nodeDNSIP is the IP address for the internal DNS used by the // nodes. Unlike the one managed by the DNS operator, `NodeDNSIP` // provides name resolution for the nodes themselves. There is no DNS-as-a-service for @@ -174,22 +564,49 @@ type BareMetalPlatformStatus struct { NodeDNSIP string `json:"nodeDNSIP,omitempty"` } +// OpenStackPlatformSpec holds the desired state of the OpenStack infrastructure provider. +// This only includes fields that can be modified in the cluster. +type OpenStackPlatformSpec struct{} + // OpenStackPlatformStatus holds the current status of the OpenStack infrastructure provider. type OpenStackPlatformStatus struct { // apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used // by components inside the cluster, like kubelets using the infrastructure rather // than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI // points to. It is the IP for a self-hosted load balancer in front of the API servers. + // + // Deprecated: Use APIServerInternalIPs instead. APIServerInternalIP string `json:"apiServerInternalIP,omitempty"` + // apiServerInternalIPs are the IP addresses to contact the Kubernetes API + // server that can be used by components inside the cluster, like kubelets + // using the infrastructure rather than Kubernetes networking. These are the + // IPs for a self-hosted load balancer in front of the API servers. In dual + // stack clusters this list contains two IPs otherwise only one. + // + // +kubebuilder:validation:Format=ip + // +kubebuilder:validation:MaxItems=2 + APIServerInternalIPs []string `json:"apiServerInternalIPs"` + // cloudName is the name of the desired OpenStack cloud in the // client configuration file (`clouds.yaml`). CloudName string `json:"cloudName,omitempty"` // ingressIP is an external IP which routes to the default ingress controller. // The IP is a suitable target of a wildcard DNS record used to resolve default route host names. + // + // Deprecated: Use IngressIPs instead. IngressIP string `json:"ingressIP,omitempty"` + // ingressIPs are the external IPs which route to the default ingress + // controller. The IPs are suitable targets of a wildcard DNS record used to + // resolve default route host names. In dual stack clusters this list + // contains two IPs otherwise only one. + // + // +kubebuilder:validation:Format=ip + // +kubebuilder:validation:MaxItems=2 + IngressIPs []string `json:"ingressIPs"` + // nodeDNSIP is the IP address for the internal DNS used by the // nodes. Unlike the one managed by the DNS operator, `NodeDNSIP` // provides name resolution for the nodes themselves. There is no DNS-as-a-service for @@ -199,12 +616,541 @@ type OpenStackPlatformStatus struct { NodeDNSIP string `json:"nodeDNSIP,omitempty"` } +// OvirtPlatformSpec holds the desired state of the oVirt infrastructure provider. +// This only includes fields that can be modified in the cluster. +type OvirtPlatformSpec struct{} + +// OvirtPlatformStatus holds the current status of the oVirt infrastructure provider. +type OvirtPlatformStatus struct { + // apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used + // by components inside the cluster, like kubelets using the infrastructure rather + // than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI + // points to. It is the IP for a self-hosted load balancer in front of the API servers. + // + // Deprecated: Use APIServerInternalIPs instead. + APIServerInternalIP string `json:"apiServerInternalIP,omitempty"` + + // apiServerInternalIPs are the IP addresses to contact the Kubernetes API + // server that can be used by components inside the cluster, like kubelets + // using the infrastructure rather than Kubernetes networking. These are the + // IPs for a self-hosted load balancer in front of the API servers. In dual + // stack clusters this list contains two IPs otherwise only one. + // + // +kubebuilder:validation:Format=ip + // +kubebuilder:validation:MaxItems=2 + APIServerInternalIPs []string `json:"apiServerInternalIPs"` + + // ingressIP is an external IP which routes to the default ingress controller. + // The IP is a suitable target of a wildcard DNS record used to resolve default route host names. + // + // Deprecated: Use IngressIPs instead. + IngressIP string `json:"ingressIP,omitempty"` + + // ingressIPs are the external IPs which route to the default ingress + // controller. The IPs are suitable targets of a wildcard DNS record used to + // resolve default route host names. In dual stack clusters this list + // contains two IPs otherwise only one. + // + // +kubebuilder:validation:Format=ip + // +kubebuilder:validation:MaxItems=2 + IngressIPs []string `json:"ingressIPs"` + + // deprecated: as of 4.6, this field is no longer set or honored. It will be removed in a future release. + NodeDNSIP string `json:"nodeDNSIP,omitempty"` +} + +// VSpherePlatformFailureDomainSpec holds the region and zone failure domain and +// the vCenter topology of that failure domain. +type VSpherePlatformFailureDomainSpec struct { + // name defines the arbitrary but unique name + // of a failure domain. + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=256 + Name string `json:"name"` + + // region defines the name of a region tag that will + // be attached to a vCenter datacenter. The tag + // category in vCenter must be named openshift-region. + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=80 + // +kubebuilder:validation:Required + Region string `json:"region"` + + // zone defines the name of a zone tag that will + // be attached to a vCenter cluster. The tag + // category in vCenter must be named openshift-zone. + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=80 + // +kubebuilder:validation:Required + Zone string `json:"zone"` + + // server is the fully-qualified domain name or the IP address of the vCenter server. + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=255 + // --- + // + Validation is applied via a patch, we validate the format as either ipv4, ipv6 or hostname + Server string `json:"server"` + + // Topology describes a given failure domain using vSphere constructs + // +kubebuilder:validation:Required + Topology VSpherePlatformTopology `json:"topology"` +} + +// VSpherePlatformTopology holds the required and optional vCenter objects - datacenter, +// computeCluster, networks, datastore and resourcePool - to provision virtual machines. +type VSpherePlatformTopology struct { + // datacenter is the name of vCenter datacenter in which virtual machines will be located. + // The maximum length of the datacenter name is 80 characters. + // +kubebuilder:validation:Required + // +kubebuilder:validation:MaxLength=80 + Datacenter string `json:"datacenter"` + + // computeCluster the absolute path of the vCenter cluster + // in which virtual machine will be located. + // The absolute path is of the form //host/. + // The maximum length of the path is 2048 characters. + // +kubebuilder:validation:Required + // +kubebuilder:validation:MaxLength=2048 + // +kubebuilder:validation:Pattern=`^/.*?/host/.*?` + ComputeCluster string `json:"computeCluster"` + + // networks is the list of port group network names within this failure domain. + // Currently, we only support a single interface per RHCOS virtual machine. + // The available networks (port groups) can be listed using + // `govc ls 'network/*'` + // The single interface should be the absolute path of the form + // //network/. + // +kubebuilder:validation:Required + // +kubebuilder:validation:MaxItems=1 + // +kubebuilder:validation:MinItems=1 + Networks []string `json:"networks"` + + // datastore is the absolute path of the datastore in which the + // virtual machine is located. + // The absolute path is of the form //datastore/ + // The maximum length of the path is 2048 characters. + // +kubebuilder:validation:Required + // +kubebuilder:validation:MaxLength=2048 + // +kubebuilder:validation:Pattern=`^/.*?/datastore/.*?` + Datastore string `json:"datastore"` + + // resourcePool is the absolute path of the resource pool where virtual machines will be + // created. The absolute path is of the form //host//Resources/. + // The maximum length of the path is 2048 characters. + // +kubebuilder:validation:MaxLength=2048 + // +kubebuilder:validation:Pattern=`^/.*?/host/.*?/Resources.*` + // +optional + ResourcePool string `json:"resourcePool,omitempty"` + + // folder is the absolute path of the folder where + // virtual machines are located. The absolute path + // is of the form //vm/. + // The maximum length of the path is 2048 characters. + // +kubebuilder:validation:MaxLength=2048 + // +kubebuilder:validation:Pattern=`^/.*?/vm/.*?` + // +optional + Folder string `json:"folder,omitempty"` +} + +// VSpherePlatformVCenterSpec stores the vCenter connection fields. +// This is used by the vSphere CCM. +type VSpherePlatformVCenterSpec struct { + + // server is the fully-qualified domain name or the IP address of the vCenter server. + // +kubebuilder:validation:Required + // +kubebuilder:validation:MaxLength=255 + // --- + // + Validation is applied via a patch, we validate the format as either ipv4, ipv6 or hostname + Server string `json:"server"` + + // port is the TCP port that will be used to communicate to + // the vCenter endpoint. + // When omitted, this means the user has no opinion and + // it is up to the platform to choose a sensible default, + // which is subject to change over time. + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=32767 + // +optional + Port int32 `json:"port,omitempty"` + + // The vCenter Datacenters in which the RHCOS + // vm guests are located. This field will + // be used by the Cloud Controller Manager. + // Each datacenter listed here should be used within + // a topology. + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinItems=1 + Datacenters []string `json:"datacenters"` +} + +// VSpherePlatformNodeNetworkingSpec holds the network CIDR(s) and port group name for +// including and excluding IP ranges in the cloud provider. +// This would be used for example when multiple network adapters are attached to +// a guest to help determine which IP address the cloud config manager should use +// for the external and internal node networking. +type VSpherePlatformNodeNetworkingSpec struct { + // networkSubnetCidr IP address on VirtualMachine's network interfaces included in the fields' CIDRs + // that will be used in respective status.addresses fields. + // --- + // + Validation is applied via a patch, we validate the format as cidr + // +optional + NetworkSubnetCIDR []string `json:"networkSubnetCidr,omitempty"` + + // network VirtualMachine's VM Network names that will be used to when searching + // for status.addresses fields. Note that if internal.networkSubnetCIDR and + // external.networkSubnetCIDR are not set, then the vNIC associated to this network must + // only have a single IP address assigned to it. + // The available networks (port groups) can be listed using + // `govc ls 'network/*'` + // +optional + Network string `json:"network,omitempty"` + + // excludeNetworkSubnetCidr IP addresses in subnet ranges will be excluded when selecting + // the IP address from the VirtualMachine's VM for use in the status.addresses fields. + // --- + // + Validation is applied via a patch, we validate the format as cidr + // +optional + ExcludeNetworkSubnetCIDR []string `json:"excludeNetworkSubnetCidr,omitempty"` +} + +// VSpherePlatformNodeNetworking holds the external and internal node networking spec. +type VSpherePlatformNodeNetworking struct { + // external represents the network configuration of the node that is externally routable. + // +optional + External VSpherePlatformNodeNetworkingSpec `json:"external"` + // internal represents the network configuration of the node that is routable only within the cluster. + // +optional + Internal VSpherePlatformNodeNetworkingSpec `json:"internal"` +} + +// VSpherePlatformSpec holds the desired state of the vSphere infrastructure provider. +// In the future the cloud provider operator, storage operator and machine operator will +// use these fields for configuration. +type VSpherePlatformSpec struct { + // vcenters holds the connection details for services to communicate with vCenter. + // Currently, only a single vCenter is supported. + // --- + // + If VCenters is not defined use the existing cloud-config configmap defined + // + in openshift-config. + // +openshift:enable:FeatureSets=TechPreviewNoUpgrade + // +kubebuilder:validation:MaxItems=1 + // +kubebuilder:validation:MinItems=0 + // +optional + VCenters []VSpherePlatformVCenterSpec `json:"vcenters,omitempty"` + + // failureDomains contains the definition of region, zone and the vCenter topology. + // If this is omitted failure domains (regions and zones) will not be used. + // +openshift:enable:FeatureSets=TechPreviewNoUpgrade + // +optional + FailureDomains []VSpherePlatformFailureDomainSpec `json:"failureDomains,omitempty"` + + // nodeNetworking contains the definition of internal and external network constraints for + // assigning the node's networking. + // If this field is omitted, networking defaults to the legacy + // address selection behavior which is to only support a single address and + // return the first one found. + // +openshift:enable:FeatureSets=TechPreviewNoUpgrade + // +optional + NodeNetworking VSpherePlatformNodeNetworking `json:"nodeNetworking,omitempty"` +} + +// VSpherePlatformStatus holds the current status of the vSphere infrastructure provider. +type VSpherePlatformStatus struct { + // apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used + // by components inside the cluster, like kubelets using the infrastructure rather + // than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI + // points to. It is the IP for a self-hosted load balancer in front of the API servers. + // + // Deprecated: Use APIServerInternalIPs instead. + APIServerInternalIP string `json:"apiServerInternalIP,omitempty"` + + // apiServerInternalIPs are the IP addresses to contact the Kubernetes API + // server that can be used by components inside the cluster, like kubelets + // using the infrastructure rather than Kubernetes networking. These are the + // IPs for a self-hosted load balancer in front of the API servers. In dual + // stack clusters this list contains two IPs otherwise only one. + // + // +kubebuilder:validation:Format=ip + // +kubebuilder:validation:MaxItems=2 + APIServerInternalIPs []string `json:"apiServerInternalIPs"` + + // ingressIP is an external IP which routes to the default ingress controller. + // The IP is a suitable target of a wildcard DNS record used to resolve default route host names. + // + // Deprecated: Use IngressIPs instead. + IngressIP string `json:"ingressIP,omitempty"` + + // ingressIPs are the external IPs which route to the default ingress + // controller. The IPs are suitable targets of a wildcard DNS record used to + // resolve default route host names. In dual stack clusters this list + // contains two IPs otherwise only one. + // + // +kubebuilder:validation:Format=ip + // +kubebuilder:validation:MaxItems=2 + IngressIPs []string `json:"ingressIPs"` + + // nodeDNSIP is the IP address for the internal DNS used by the + // nodes. Unlike the one managed by the DNS operator, `NodeDNSIP` + // provides name resolution for the nodes themselves. There is no DNS-as-a-service for + // vSphere deployments. In order to minimize necessary changes to the + // datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames + // to the nodes in the cluster. + NodeDNSIP string `json:"nodeDNSIP,omitempty"` +} + +// IBMCloudPlatformSpec holds the desired state of the IBMCloud infrastructure provider. +// This only includes fields that can be modified in the cluster. +type IBMCloudPlatformSpec struct{} + +// IBMCloudPlatformStatus holds the current status of the IBMCloud infrastructure provider. +type IBMCloudPlatformStatus struct { + // Location is where the cluster has been deployed + Location string `json:"location,omitempty"` + + // ResourceGroupName is the Resource Group for new IBMCloud resources created for the cluster. + ResourceGroupName string `json:"resourceGroupName,omitempty"` + + // ProviderType indicates the type of cluster that was created + ProviderType IBMCloudProviderType `json:"providerType,omitempty"` + + // CISInstanceCRN is the CRN of the Cloud Internet Services instance managing + // the DNS zone for the cluster's base domain + CISInstanceCRN string `json:"cisInstanceCRN,omitempty"` + + // DNSInstanceCRN is the CRN of the DNS Services instance managing the DNS zone + // for the cluster's base domain + DNSInstanceCRN string `json:"dnsInstanceCRN,omitempty"` +} + +// KubevirtPlatformSpec holds the desired state of the kubevirt infrastructure provider. +// This only includes fields that can be modified in the cluster. +type KubevirtPlatformSpec struct{} + +// KubevirtPlatformStatus holds the current status of the kubevirt infrastructure provider. +type KubevirtPlatformStatus struct { + // apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used + // by components inside the cluster, like kubelets using the infrastructure rather + // than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI + // points to. It is the IP for a self-hosted load balancer in front of the API servers. + APIServerInternalIP string `json:"apiServerInternalIP,omitempty"` + + // ingressIP is an external IP which routes to the default ingress controller. + // The IP is a suitable target of a wildcard DNS record used to resolve default route host names. + IngressIP string `json:"ingressIP,omitempty"` +} + +// EquinixMetalPlatformSpec holds the desired state of the Equinix Metal infrastructure provider. +// This only includes fields that can be modified in the cluster. +type EquinixMetalPlatformSpec struct{} + +// EquinixMetalPlatformStatus holds the current status of the Equinix Metal infrastructure provider. +type EquinixMetalPlatformStatus struct { + // apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used + // by components inside the cluster, like kubelets using the infrastructure rather + // than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI + // points to. It is the IP for a self-hosted load balancer in front of the API servers. + APIServerInternalIP string `json:"apiServerInternalIP,omitempty"` + + // ingressIP is an external IP which routes to the default ingress controller. + // The IP is a suitable target of a wildcard DNS record used to resolve default route host names. + IngressIP string `json:"ingressIP,omitempty"` +} + +// PowervsServiceEndpoint stores the configuration of a custom url to +// override existing defaults of PowerVS Services. +type PowerVSServiceEndpoint struct { + // name is the name of the Power VS service. + // Few of the services are + // IAM - https://cloud.ibm.com/apidocs/iam-identity-token-api + // ResourceController - https://cloud.ibm.com/apidocs/resource-controller/resource-controller + // Power Cloud - https://cloud.ibm.com/apidocs/power-cloud + // + // +kubebuilder:validation:Required + // +kubebuilder:validation:Pattern=`^[a-z0-9-]+$` + Name string `json:"name"` + + // url is fully qualified URI with scheme https, that overrides the default generated + // endpoint for a client. + // This must be provided and cannot be empty. + // + // +kubebuilder:validation:Required + // +kubebuilder:validation:Type=string + // +kubebuilder:validation:Format=uri + // +kubebuilder:validation:Pattern=`^https://` + URL string `json:"url"` +} + +// PowerVSPlatformSpec holds the desired state of the IBM Power Systems Virtual Servers infrastructure provider. +// This only includes fields that can be modified in the cluster. +type PowerVSPlatformSpec struct { + // serviceEndpoints is a list of custom endpoints which will override the default + // service endpoints of a Power VS service. + // +listType=map + // +listMapKey=name + // +optional + ServiceEndpoints []PowerVSServiceEndpoint `json:"serviceEndpoints,omitempty"` +} + +// PowerVSPlatformStatus holds the current status of the IBM Power Systems Virtual Servers infrastrucutre provider. +type PowerVSPlatformStatus struct { + // region holds the default Power VS region for new Power VS resources created by the cluster. + Region string `json:"region"` + + // zone holds the default zone for the new Power VS resources created by the cluster. + // Note: Currently only single-zone OCP clusters are supported + Zone string `json:"zone"` + + // serviceEndpoints is a list of custom endpoints which will override the default + // service endpoints of a Power VS service. + // +optional + ServiceEndpoints []PowerVSServiceEndpoint `json:"serviceEndpoints,omitempty"` + + // CISInstanceCRN is the CRN of the Cloud Internet Services instance managing + // the DNS zone for the cluster's base domain + CISInstanceCRN string `json:"cisInstanceCRN,omitempty"` + + // DNSInstanceCRN is the CRN of the DNS Services instance managing the DNS zone + // for the cluster's base domain + DNSInstanceCRN string `json:"dnsInstanceCRN,omitempty"` +} + +// AlibabaCloudPlatformSpec holds the desired state of the Alibaba Cloud infrastructure provider. +// This only includes fields that can be modified in the cluster. +type AlibabaCloudPlatformSpec struct{} + +// AlibabaCloudPlatformStatus holds the current status of the Alibaba Cloud infrastructure provider. +type AlibabaCloudPlatformStatus struct { + // region specifies the region for Alibaba Cloud resources created for the cluster. + // +kubebuilder:validation:Required + // +kubebuilder:validation:Pattern=`^[0-9A-Za-z-]+$` + // +required + Region string `json:"region"` + // resourceGroupID is the ID of the resource group for the cluster. + // +kubebuilder:validation:Pattern=`^(rg-[0-9A-Za-z]+)?$` + // +optional + ResourceGroupID string `json:"resourceGroupID,omitempty"` + // resourceTags is a list of additional tags to apply to Alibaba Cloud resources created for the cluster. + // +kubebuilder:validation:MaxItems=20 + // +listType=map + // +listMapKey=key + // +optional + ResourceTags []AlibabaCloudResourceTag `json:"resourceTags,omitempty"` +} + +// AlibabaCloudResourceTag is the set of tags to add to apply to resources. +type AlibabaCloudResourceTag struct { + // key is the key of the tag. + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=128 + // +required + Key string `json:"key"` + // value is the value of the tag. + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=128 + // +required + Value string `json:"value"` +} + +// NutanixPlatformSpec holds the desired state of the Nutanix infrastructure provider. +// This only includes fields that can be modified in the cluster. +type NutanixPlatformSpec struct { + // prismCentral holds the endpoint address and port to access the Nutanix Prism Central. + // When a cluster-wide proxy is installed, by default, this endpoint will be accessed via the proxy. + // Should you wish for communication with this endpoint not to be proxied, please add the endpoint to the + // proxy spec.noProxy list. + // +kubebuilder:validation:Required + PrismCentral NutanixPrismEndpoint `json:"prismCentral"` + + // prismElements holds one or more endpoint address and port data to access the Nutanix + // Prism Elements (clusters) of the Nutanix Prism Central. Currently we only support one + // Prism Element (cluster) for an OpenShift cluster, where all the Nutanix resources (VMs, subnets, volumes, etc.) + // used in the OpenShift cluster are located. In the future, we may support Nutanix resources (VMs, etc.) + // spread over multiple Prism Elements (clusters) of the Prism Central. + // +kubebuilder:validation:Required + // +listType=map + // +listMapKey=name + PrismElements []NutanixPrismElementEndpoint `json:"prismElements"` +} + +// NutanixPrismEndpoint holds the endpoint address and port to access the Nutanix Prism Central or Element (cluster) +type NutanixPrismEndpoint struct { + // address is the endpoint address (DNS name or IP address) of the Nutanix Prism Central or Element (cluster) + // +kubebuilder:validation:Required + // +kubebuilder:validation:MaxLength=256 + Address string `json:"address"` + + // port is the port number to access the Nutanix Prism Central or Element (cluster) + // +kubebuilder:validation:Required + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=65535 + Port int32 `json:"port"` +} + +// NutanixPrismElementEndpoint holds the name and endpoint data for a Prism Element (cluster) +type NutanixPrismElementEndpoint struct { + // name is the name of the Prism Element (cluster). This value will correspond with + // the cluster field configured on other resources (eg Machines, PVCs, etc). + // +kubebuilder:validation:Required + // +kubebuilder:validation:MaxLength=256 + Name string `json:"name"` + + // endpoint holds the endpoint address and port data of the Prism Element (cluster). + // When a cluster-wide proxy is installed, by default, this endpoint will be accessed via the proxy. + // Should you wish for communication with this endpoint not to be proxied, please add the endpoint to the + // proxy spec.noProxy list. + // +kubebuilder:validation:Required + Endpoint NutanixPrismEndpoint `json:"endpoint"` +} + +// NutanixPlatformStatus holds the current status of the Nutanix infrastructure provider. +type NutanixPlatformStatus struct { + // apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used + // by components inside the cluster, like kubelets using the infrastructure rather + // than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI + // points to. It is the IP for a self-hosted load balancer in front of the API servers. + // + // Deprecated: Use APIServerInternalIPs instead. + APIServerInternalIP string `json:"apiServerInternalIP,omitempty"` + + // apiServerInternalIPs are the IP addresses to contact the Kubernetes API + // server that can be used by components inside the cluster, like kubelets + // using the infrastructure rather than Kubernetes networking. These are the + // IPs for a self-hosted load balancer in front of the API servers. In dual + // stack clusters this list contains two IPs otherwise only one. + // + // +kubebuilder:validation:Format=ip + // +kubebuilder:validation:MaxItems=2 + APIServerInternalIPs []string `json:"apiServerInternalIPs"` + + // ingressIP is an external IP which routes to the default ingress controller. + // The IP is a suitable target of a wildcard DNS record used to resolve default route host names. + // + // Deprecated: Use IngressIPs instead. + IngressIP string `json:"ingressIP,omitempty"` + + // ingressIPs are the external IPs which route to the default ingress + // controller. The IPs are suitable targets of a wildcard DNS record used to + // resolve default route host names. In dual stack clusters this list + // contains two IPs otherwise only one. + // + // +kubebuilder:validation:Format=ip + // +kubebuilder:validation:MaxItems=2 + IngressIPs []string `json:"ingressIPs"` +} + // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // InfrastructureList is +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type InfrastructureList struct { metav1.TypeMeta `json:",inline"` - // Standard object's metadata. metav1.ListMeta `json:"metadata"` - Items []Infrastructure `json:"items"` + + Items []Infrastructure `json:"items"` } diff --git a/vendor/github.com/openshift/api/config/v1/types_ingress.go b/vendor/github.com/openshift/api/config/v1/types_ingress.go index d161eb8476..1dec6b1d33 100644 --- a/vendor/github.com/openshift/api/config/v1/types_ingress.go +++ b/vendor/github.com/openshift/api/config/v1/types_ingress.go @@ -1,6 +1,8 @@ package v1 -import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) // +genclient // +genclient:nonNamespaced @@ -8,9 +10,11 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" // Ingress holds cluster-wide information about ingress, including the default ingress domain // used for routes. The canonical name is `cluster`. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type Ingress struct { - metav1.TypeMeta `json:",inline"` - // Standard object's metadata. + metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` // spec holds user settable values for configuration @@ -32,16 +36,293 @@ type IngressSpec struct { // // Once set, changing domain is not currently supported. Domain string `json:"domain"` + + // appsDomain is an optional domain to use instead of the one specified + // in the domain field when a Route is created without specifying an explicit + // host. If appsDomain is nonempty, this value is used to generate default + // host values for Route. Unlike domain, appsDomain may be modified after + // installation. + // This assumes a new ingresscontroller has been setup with a wildcard + // certificate. + // +optional + AppsDomain string `json:"appsDomain,omitempty"` + + // componentRoutes is an optional list of routes that are managed by OpenShift components + // that a cluster-admin is able to configure the hostname and serving certificate for. + // The namespace and name of each route in this list should match an existing entry in the + // status.componentRoutes list. + // + // To determine the set of configurable Routes, look at namespace and name of entries in the + // .status.componentRoutes list, where participating operators write the status of + // configurable routes. + // +optional + // +listType=map + // +listMapKey=namespace + // +listMapKey=name + ComponentRoutes []ComponentRouteSpec `json:"componentRoutes,omitempty"` + + // requiredHSTSPolicies specifies HSTS policies that are required to be set on newly created or updated routes + // matching the domainPattern/s and namespaceSelector/s that are specified in the policy. + // Each requiredHSTSPolicy must have at least a domainPattern and a maxAge to validate a route HSTS Policy route + // annotation, and affect route admission. + // + // A candidate route is checked for HSTS Policies if it has the HSTS Policy route annotation: + // "haproxy.router.openshift.io/hsts_header" + // E.g. haproxy.router.openshift.io/hsts_header: max-age=31536000;preload;includeSubDomains + // + // - For each candidate route, if it matches a requiredHSTSPolicy domainPattern and optional namespaceSelector, + // then the maxAge, preloadPolicy, and includeSubdomainsPolicy must be valid to be admitted. Otherwise, the route + // is rejected. + // - The first match, by domainPattern and optional namespaceSelector, in the ordering of the RequiredHSTSPolicies + // determines the route's admission status. + // - If the candidate route doesn't match any requiredHSTSPolicy domainPattern and optional namespaceSelector, + // then it may use any HSTS Policy annotation. + // + // The HSTS policy configuration may be changed after routes have already been created. An update to a previously + // admitted route may then fail if the updated route does not conform to the updated HSTS policy configuration. + // However, changing the HSTS policy configuration will not cause a route that is already admitted to stop working. + // + // Note that if there are no RequiredHSTSPolicies, any HSTS Policy annotation on the route is valid. + // +optional + RequiredHSTSPolicies []RequiredHSTSPolicy `json:"requiredHSTSPolicies,omitempty"` + + // loadBalancer contains the load balancer details in general which are not only specific to the underlying infrastructure + // provider of the current cluster and are required for Ingress Controller to work on OpenShift. + // +optional + LoadBalancer LoadBalancer `json:"loadBalancer,omitempty"` +} + +// IngressPlatformSpec holds the desired state of Ingress specific to the underlying infrastructure provider +// of the current cluster. Since these are used at spec-level for the underlying cluster, it +// is supposed that only one of the spec structs is set. +// +union +type IngressPlatformSpec struct { + // type is the underlying infrastructure provider for the cluster. + // Allowed values are "AWS", "Azure", "BareMetal", "GCP", "Libvirt", + // "OpenStack", "VSphere", "oVirt", "KubeVirt", "EquinixMetal", "PowerVS", + // "AlibabaCloud", "Nutanix" and "None". Individual components may not support all platforms, + // and must handle unrecognized platforms as None if they do not support that platform. + // + // +unionDiscriminator + Type PlatformType `json:"type"` + + // aws contains settings specific to the Amazon Web Services infrastructure provider. + // +optional + AWS *AWSIngressSpec `json:"aws,omitempty"` +} + +type LoadBalancer struct { + // platform holds configuration specific to the underlying + // infrastructure provider for the ingress load balancers. + // When omitted, this means the user has no opinion and the platform is left + // to choose reasonable defaults. These defaults are subject to change over time. + // +optional + Platform IngressPlatformSpec `json:"platform,omitempty"` } +// AWSIngressSpec holds the desired state of the Ingress for Amazon Web Services infrastructure provider. +// This only includes fields that can be modified in the cluster. +// +union +type AWSIngressSpec struct { + // type allows user to set a load balancer type. + // When this field is set the default ingresscontroller will get created using the specified LBType. + // If this field is not set then the default ingress controller of LBType Classic will be created. + // Valid values are: + // + // * "Classic": A Classic Load Balancer that makes routing decisions at either + // the transport layer (TCP/SSL) or the application layer (HTTP/HTTPS). See + // the following for additional details: + // + // https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#clb + // + // * "NLB": A Network Load Balancer that makes routing decisions at the + // transport layer (TCP/SSL). See the following for additional details: + // + // https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#nlb + // +unionDiscriminator + // +kubebuilder:validation:Enum:=NLB;Classic + // +kubebuilder:validation:Required + Type AWSLBType `json:"type,omitempty"` +} + +type AWSLBType string + +const ( + // NLB is the Network Load Balancer Type of AWS. Using NLB one can set NLB load balancer type for the default ingress controller. + NLB AWSLBType = "NLB" + + // Classic is the Classic Load Balancer Type of AWS. Using CLassic one can set Classic load balancer type for the default ingress controller. + Classic AWSLBType = "Classic" +) + +// ConsumingUser is an alias for string which we add validation to. Currently only service accounts are supported. +// +kubebuilder:validation:Pattern="^system:serviceaccount:[a-z0-9]([-a-z0-9]*[a-z0-9])?:[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" +// +kubebuilder:validation:MinLength=1 +// +kubebuilder:validation:MaxLength=512 +type ConsumingUser string + +// Hostname is an alias for hostname string validation. +// +// The left operand of the | is the original kubebuilder hostname validation format, which is incorrect because it +// allows upper case letters, disallows hyphen or number in the TLD, and allows labels to start/end in non-alphanumeric +// characters. See https://bugzilla.redhat.com/show_bug.cgi?id=2039256. +// ^([a-zA-Z0-9\p{S}\p{L}]((-?[a-zA-Z0-9\p{S}\p{L}]{0,62})?)|([a-zA-Z0-9\p{S}\p{L}](([a-zA-Z0-9-\p{S}\p{L}]{0,61}[a-zA-Z0-9\p{S}\p{L}])?)(\.)){1,}([a-zA-Z\p{L}]){2,63})$ +// +// The right operand of the | is a new pattern that mimics the current API route admission validation on hostname, +// except that it allows hostnames longer than the maximum length: +// ^(([a-z0-9][-a-z0-9]{0,61}[a-z0-9]|[a-z0-9]{1,63})[\.]){0,}([a-z0-9][-a-z0-9]{0,61}[a-z0-9]|[a-z0-9]{1,63})$ +// +// Both operand patterns are made available so that modifications on ingress spec can still happen after an invalid hostname +// was saved via validation by the incorrect left operand of the | operator. +// +// +kubebuilder:validation:Pattern=`^([a-zA-Z0-9\p{S}\p{L}]((-?[a-zA-Z0-9\p{S}\p{L}]{0,62})?)|([a-zA-Z0-9\p{S}\p{L}](([a-zA-Z0-9-\p{S}\p{L}]{0,61}[a-zA-Z0-9\p{S}\p{L}])?)(\.)){1,}([a-zA-Z\p{L}]){2,63})$|^(([a-z0-9][-a-z0-9]{0,61}[a-z0-9]|[a-z0-9]{1,63})[\.]){0,}([a-z0-9][-a-z0-9]{0,61}[a-z0-9]|[a-z0-9]{1,63})$` +type Hostname string + type IngressStatus struct { + // componentRoutes is where participating operators place the current route status for routes whose + // hostnames and serving certificates can be customized by the cluster-admin. + // +optional + // +listType=map + // +listMapKey=namespace + // +listMapKey=name + ComponentRoutes []ComponentRouteStatus `json:"componentRoutes,omitempty"` + + // defaultPlacement is set at installation time to control which + // nodes will host the ingress router pods by default. The options are + // control-plane nodes or worker nodes. + // + // This field works by dictating how the Cluster Ingress Operator will + // consider unset replicas and nodePlacement fields in IngressController + // resources when creating the corresponding Deployments. + // + // See the documentation for the IngressController replicas and nodePlacement + // fields for more information. + // + // When omitted, the default value is Workers + // + // +kubebuilder:validation:Enum:="ControlPlane";"Workers";"" + // +optional + DefaultPlacement DefaultPlacement `json:"defaultPlacement"` } -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// ComponentRouteSpec allows for configuration of a route's hostname and serving certificate. +type ComponentRouteSpec struct { + // namespace is the namespace of the route to customize. + // + // The namespace and name of this componentRoute must match a corresponding + // entry in the list of status.componentRoutes if the route is to be customized. + // +kubebuilder:validation:Pattern=^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=63 + // +kubebuilder:validation:Required + // +required + Namespace string `json:"namespace"` + + // name is the logical name of the route to customize. + // + // The namespace and name of this componentRoute must match a corresponding + // entry in the list of status.componentRoutes if the route is to be customized. + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=256 + // +kubebuilder:validation:Required + // +required + Name string `json:"name"` + + // hostname is the hostname that should be used by the route. + // +kubebuilder:validation:Required + // +required + Hostname Hostname `json:"hostname"` + + // servingCertKeyPairSecret is a reference to a secret of type `kubernetes.io/tls` in the openshift-config namespace. + // The serving cert/key pair must match and will be used by the operator to fulfill the intent of serving with this name. + // If the custom hostname uses the default routing suffix of the cluster, + // the Secret specification for a serving certificate will not be needed. + // +optional + ServingCertKeyPairSecret SecretNameReference `json:"servingCertKeyPairSecret"` +} + +// ComponentRouteStatus contains information allowing configuration of a route's hostname and serving certificate. +type ComponentRouteStatus struct { + // namespace is the namespace of the route to customize. It must be a real namespace. Using an actual namespace + // ensures that no two components will conflict and the same component can be installed multiple times. + // + // The namespace and name of this componentRoute must match a corresponding + // entry in the list of spec.componentRoutes if the route is to be customized. + // +kubebuilder:validation:Pattern=^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=63 + // +kubebuilder:validation:Required + // +required + Namespace string `json:"namespace"` + + // name is the logical name of the route to customize. It does not have to be the actual name of a route resource + // but it cannot be renamed. + // + // The namespace and name of this componentRoute must match a corresponding + // entry in the list of spec.componentRoutes if the route is to be customized. + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=256 + // +kubebuilder:validation:Required + // +required + Name string `json:"name"` + + // defaultHostname is the hostname of this route prior to customization. + // +kubebuilder:validation:Required + // +required + DefaultHostname Hostname `json:"defaultHostname"` + + // consumingUsers is a slice of ServiceAccounts that need to have read permission on the servingCertKeyPairSecret secret. + // +kubebuilder:validation:MaxItems=5 + // +optional + ConsumingUsers []ConsumingUser `json:"consumingUsers,omitempty"` + + // currentHostnames is the list of current names used by the route. Typically, this list should consist of a single + // hostname, but if multiple hostnames are supported by the route the operator may write multiple entries to this list. + // +kubebuilder:validation:MinItems=1 + // +optional + CurrentHostnames []Hostname `json:"currentHostnames,omitempty"` + // conditions are used to communicate the state of the componentRoutes entry. + // + // Supported conditions include Available, Degraded and Progressing. + // + // If available is true, the content served by the route can be accessed by users. This includes cases + // where a default may continue to serve content while the customized route specified by the cluster-admin + // is being configured. + // + // If Degraded is true, that means something has gone wrong trying to handle the componentRoutes entry. + // The currentHostnames field may or may not be in effect. + // + // If Progressing is true, that means the component is taking some action related to the componentRoutes entry. + // +optional + // +listType=map + // +listMapKey=type + Conditions []metav1.Condition `json:"conditions,omitempty"` + + // relatedObjects is a list of resources which are useful when debugging or inspecting how spec.componentRoutes is applied. + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:Required + // +required + RelatedObjects []ObjectReference `json:"relatedObjects"` +} + +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +openshift:compatibility-gen:level=1 type IngressList struct { metav1.TypeMeta `json:",inline"` - // Standard object's metadata. metav1.ListMeta `json:"metadata"` - Items []Ingress `json:"items"` + + Items []Ingress `json:"items"` } + +// DefaultPlacement defines the default placement of ingress router pods. +type DefaultPlacement string + +const ( + // "Workers" is for having router pods placed on worker nodes by default. + DefaultPlacementWorkers DefaultPlacement = "Workers" + + // "ControlPlane" is for having router pods placed on control-plane nodes by default. + DefaultPlacementControlPlane DefaultPlacement = "ControlPlane" +) diff --git a/vendor/github.com/openshift/api/config/v1/types_network.go b/vendor/github.com/openshift/api/config/v1/types_network.go index 42ec977fd0..59392a96dd 100644 --- a/vendor/github.com/openshift/api/config/v1/types_network.go +++ b/vendor/github.com/openshift/api/config/v1/types_network.go @@ -8,9 +8,11 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" // Network holds cluster-wide information about Network. The canonical name is `cluster`. It is used to configure the desired network configuration, such as: IP address pools for services/pod IPs, network plugin, etc. // Please view network.spec for an explanation on what applies when configuring this resource. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type Network struct { - metav1.TypeMeta `json:",inline"` - // Standard object's metadata. + metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` // spec holds user settable values for configuration. @@ -52,6 +54,15 @@ type NetworkSpec struct { // not allowed to be set. // +optional ExternalIP *ExternalIPConfig `json:"externalIP,omitempty"` + + // The port range allowed for Services of type NodePort. + // If not specified, the default of 30000-32767 will be used. + // Such Services without a NodePort specified will have one + // automatically allocated from this range. + // This parameter can be updated after the cluster is + // installed. + // +kubebuilder:validation:Pattern=`^([0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])-([0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$` + ServiceNodePortRange string `json:"serviceNodePortRange,omitempty"` } // NetworkStatus is the current network configuration. @@ -68,6 +79,9 @@ type NetworkStatus struct { // ClusterNetworkMTU is the MTU for inter-pod networking. ClusterNetworkMTU int `json:"clusterNetworkMTU,omitempty"` + + // Migration contains the cluster network migration configuration. + Migration *NetworkMigration `json:"migration,omitempty"` } // ClusterNetworkEntry is a contiguous block of IP addresses from which pod IPs @@ -76,8 +90,11 @@ type ClusterNetworkEntry struct { // The complete block for pod IPs. CIDR string `json:"cidr"` - // The size (prefix) of block to allocate to each node. - HostPrefix uint32 `json:"hostPrefix"` + // The size (prefix) of block to allocate to each node. If this + // field is not used by the plugin, it can be left unset. + // +kubebuilder:validation:Minimum=0 + // +optional + HostPrefix uint32 `json:"hostPrefix,omitempty"` } // ExternalIPConfig specifies some IP blocks relevant for the ExternalIP field @@ -114,9 +131,47 @@ type ExternalIPPolicy struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type NetworkList struct { metav1.TypeMeta `json:",inline"` - // Standard object's metadata. metav1.ListMeta `json:"metadata"` - Items []Network `json:"items"` + + Items []Network `json:"items"` +} + +// NetworkMigration represents the cluster network configuration. +type NetworkMigration struct { + // NetworkType is the target plugin that is to be deployed. + // Currently supported values are: OpenShiftSDN, OVNKubernetes + // +kubebuilder:validation:Enum={"OpenShiftSDN","OVNKubernetes"} + // +optional + NetworkType string `json:"networkType,omitempty"` + + // MTU contains the MTU migration configuration. + // +optional + MTU *MTUMigration `json:"mtu,omitempty"` +} + +// MTUMigration contains infomation about MTU migration. +type MTUMigration struct { + // Network contains MTU migration configuration for the default network. + // +optional + Network *MTUMigrationValues `json:"network,omitempty"` + + // Machine contains MTU migration configuration for the machine's uplink. + // +optional + Machine *MTUMigrationValues `json:"machine,omitempty"` +} + +// MTUMigrationValues contains the values for a MTU migration. +type MTUMigrationValues struct { + // To is the MTU to migrate to. + // +kubebuilder:validation:Minimum=0 + To *uint32 `json:"to"` + + // From is the MTU to migrate from. + // +kubebuilder:validation:Minimum=0 + // +optional + From *uint32 `json:"from,omitempty"` } diff --git a/vendor/github.com/openshift/api/config/v1/types_node.go b/vendor/github.com/openshift/api/config/v1/types_node.go new file mode 100644 index 0000000000..10a8059027 --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/types_node.go @@ -0,0 +1,108 @@ +package v1 + +import ( + "time" + + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// +genclient +// +genclient:nonNamespaced +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// Node holds cluster-wide information about node specific features. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +// +kubebuilder:resource:path=nodes,scope=Cluster +// +kubebuilder:subresource:status +type Node struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + // spec holds user settable values for configuration + // +kubebuilder:validation:Required + // +required + Spec NodeSpec `json:"spec"` + + // status holds observed values. + // +optional + Status NodeStatus `json:"status"` +} + +type NodeSpec struct { + // CgroupMode determines the cgroups version on the node + // +optional + CgroupMode CgroupMode `json:"cgroupMode,omitempty"` + + // WorkerLatencyProfile determins the how fast the kubelet is updating + // the status and corresponding reaction of the cluster + // +optional + WorkerLatencyProfile WorkerLatencyProfileType `json:"workerLatencyProfile,omitempty"` +} + +type NodeStatus struct{} + +// +kubebuilder:validation:Enum=v1;v2;"" +type CgroupMode string + +const ( + CgroupModeEmpty CgroupMode = "" // Empty string indicates to honor user set value on the system that should not be overridden by OpenShift + CgroupModeV1 CgroupMode = "v1" + CgroupModeV2 CgroupMode = "v2" + CgroupModeDefault CgroupMode = CgroupModeV1 +) + +// +kubebuilder:validation:Enum=Default;MediumUpdateAverageReaction;LowUpdateSlowReaction +type WorkerLatencyProfileType string + +const ( + // Medium Kubelet Update Frequency (heart-beat) and Average Reaction Time to unresponsive Node + MediumUpdateAverageReaction WorkerLatencyProfileType = "MediumUpdateAverageReaction" + + // Low Kubelet Update Frequency (heart-beat) and Slow Reaction Time to unresponsive Node + LowUpdateSlowReaction WorkerLatencyProfileType = "LowUpdateSlowReaction" + + // Default values of relavent Kubelet, Kube Controller Manager and Kube API Server + DefaultUpdateDefaultReaction WorkerLatencyProfileType = "Default" +) + +const ( + // DefaultNodeStatusUpdateFrequency refers to the "--node-status-update-frequency" of the kubelet in case of DefaultUpdateDefaultReaction WorkerLatencyProfile type + DefaultNodeStatusUpdateFrequency = 10 * time.Second + // DefaultNodeMonitorGracePeriod refers to the "--node-monitor-grace-period" of the Kube Controller Manager in case of DefaultUpdateDefaultReaction WorkerLatencyProfile type + DefaultNodeMonitorGracePeriod = 40 * time.Second + // DefaultNotReadyTolerationSeconds refers to the "--default-not-ready-toleration-seconds" of the Kube API Server in case of DefaultUpdateDefaultReaction WorkerLatencyProfile type + DefaultNotReadyTolerationSeconds = 300 + // DefaultUnreachableTolerationSeconds refers to the "--default-unreachable-toleration-seconds" of the Kube API Server in case of DefaultUpdateDefaultReaction WorkerLatencyProfile type + DefaultUnreachableTolerationSeconds = 300 + + // MediumNodeStatusUpdateFrequency refers to the "--node-status-update-frequency" of the kubelet in case of MediumUpdateAverageReaction WorkerLatencyProfile type + MediumNodeStatusUpdateFrequency = 20 * time.Second + // MediumNodeMonitorGracePeriod refers to the "--node-monitor-grace-period" of the Kube Controller Manager in case of MediumUpdateAverageReaction WorkerLatencyProfile type + MediumNodeMonitorGracePeriod = 2 * time.Minute + // MediumNotReadyTolerationSeconds refers to the "--default-not-ready-toleration-seconds" of the Kube API Server in case of MediumUpdateAverageReaction WorkerLatencyProfile type + MediumNotReadyTolerationSeconds = 60 + // MediumUnreachableTolerationSeconds refers to the "--default-unreachable-toleration-seconds" of the Kube API Server in case of MediumUpdateAverageReaction WorkerLatencyProfile type + MediumUnreachableTolerationSeconds = 60 + + // LowNodeStatusUpdateFrequency refers to the "--node-status-update-frequency" of the kubelet in case of LowUpdateSlowReaction WorkerLatencyProfile type + LowNodeStatusUpdateFrequency = 1 * time.Minute + // LowNodeMonitorGracePeriod refers to the "--node-monitor-grace-period" of the Kube Controller Manager in case of LowUpdateSlowReaction WorkerLatencyProfile type + LowNodeMonitorGracePeriod = 5 * time.Minute + // LowNotReadyTolerationSeconds refers to the "--default-not-ready-toleration-seconds" of the Kube API Server in case of LowUpdateSlowReaction WorkerLatencyProfile type + LowNotReadyTolerationSeconds = 60 + // LowUnreachableTolerationSeconds refers to the "--default-unreachable-toleration-seconds" of the Kube API Server in case of LowUpdateSlowReaction WorkerLatencyProfile type + LowUnreachableTolerationSeconds = 60 +) + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +type NodeList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata"` + + Items []Node `json:"items"` +} diff --git a/vendor/github.com/openshift/api/config/v1/types_oauth.go b/vendor/github.com/openshift/api/config/v1/types_oauth.go index 15bc5b1c1a..02fbbf9d4b 100644 --- a/vendor/github.com/openshift/api/config/v1/types_oauth.go +++ b/vendor/github.com/openshift/api/config/v1/types_oauth.go @@ -11,13 +11,17 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" // OAuth holds cluster-wide information about OAuth. The canonical name is `cluster`. // It is used to configure the integrated OAuth server. // This configuration is only honored when the top level Authentication config has type set to IntegratedOAuth. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type OAuth struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata"` - + // spec holds user settable values for configuration // +kubebuilder:validation:Required // +required Spec OAuthSpec `json:"spec"` + // status holds observed values from the cluster. They may not be overridden. // +optional Status OAuthStatus `json:"status"` } @@ -27,6 +31,7 @@ type OAuthSpec struct { // identityProviders is an ordered list of ways for a user to identify themselves. // When this list is empty, no identities are provisioned for users. // +optional + // +listType=atomic IdentityProviders []IdentityProvider `json:"identityProviders,omitempty"` // tokenConfig contains options for authorization and access tokens @@ -45,21 +50,27 @@ type OAuthStatus struct { // TokenConfig holds the necessary configuration options for authorization and access tokens type TokenConfig struct { // accessTokenMaxAgeSeconds defines the maximum age of access tokens - AccessTokenMaxAgeSeconds int32 `json:"accessTokenMaxAgeSeconds"` + AccessTokenMaxAgeSeconds int32 `json:"accessTokenMaxAgeSeconds,omitempty"` - // accessTokenInactivityTimeoutSeconds defines the default token - // inactivity timeout for tokens granted by any client. + // accessTokenInactivityTimeoutSeconds - DEPRECATED: setting this field has no effect. + // +optional + AccessTokenInactivityTimeoutSeconds int32 `json:"accessTokenInactivityTimeoutSeconds,omitempty"` + + // accessTokenInactivityTimeout defines the token inactivity timeout + // for tokens granted by any client. // The value represents the maximum amount of time that can occur between // consecutive uses of the token. Tokens become invalid if they are not // used within this temporal window. The user will need to acquire a new - // token to regain access once a token times out. - // Valid values are integer values: - // x < 0 Tokens time out is enabled but tokens never timeout unless configured per client (e.g. `-1`) - // x = 0 Tokens time out is disabled (default) - // x > 0 Tokens time out if there is no activity for x seconds - // The current minimum allowed value for X is 300 (5 minutes) - // +optional - AccessTokenInactivityTimeoutSeconds int32 `json:"accessTokenInactivityTimeoutSeconds,omitempty"` + // token to regain access once a token times out. Takes valid time + // duration string such as "5m", "1.5h" or "2h45m". The minimum allowed + // value for duration is 300s (5 minutes). If the timeout is configured + // per client, then that value takes precedence. If the timeout value is + // not specified and the client does not override the value, then tokens + // are valid until their lifetime. + // + // WARNING: existing tokens' timeout will not be affected (lowered) by changing this value + // +optional + AccessTokenInactivityTimeout *metav1.Duration `json:"accessTokenInactivityTimeout,omitempty"` } const ( @@ -529,26 +540,43 @@ type OpenIDIdentityProvider struct { // iss Claim and the sub Claim." const UserIDClaim = "sub" +// OpenIDClaim represents a claim retrieved from an OpenID provider's tokens or userInfo +// responses +// +kubebuilder:validation:MinLength=1 +type OpenIDClaim string + // OpenIDClaims contains a list of OpenID claims to use when authenticating with an OpenID identity provider type OpenIDClaims struct { // preferredUsername is the list of claims whose values should be used as the preferred username. // If unspecified, the preferred username is determined from the value of the sub claim + // +listType=atomic // +optional PreferredUsername []string `json:"preferredUsername,omitempty"` // name is the list of claims whose values should be used as the display name. Optional. // If unspecified, no display name is set for the identity + // +listType=atomic // +optional Name []string `json:"name,omitempty"` // email is the list of claims whose values should be used as the email address. Optional. // If unspecified, no email is set for the identity + // +listType=atomic // +optional Email []string `json:"email,omitempty"` + + // groups is the list of claims value of which should be used to synchronize groups + // from the OIDC provider to OpenShift for the user. + // If multiple claims are specified, the first one with a non-empty value is used. + // +listType=atomic + // +optional + Groups []OpenIDClaim `json:"groups,omitempty"` } // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type OAuthList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata"` diff --git a/vendor/github.com/openshift/api/config/v1/types_operatorhub.go b/vendor/github.com/openshift/api/config/v1/types_operatorhub.go index 31291dec2f..67a0295294 100644 --- a/vendor/github.com/openshift/api/config/v1/types_operatorhub.go +++ b/vendor/github.com/openshift/api/config/v1/types_operatorhub.go @@ -36,8 +36,12 @@ type OperatorHubStatus struct { // OperatorHub is the Schema for the operatorhubs API. It can be used to change // the state of the default hub sources for OperatorHub on the cluster from // enabled to disabled and vice versa. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). // +kubebuilder:subresource:status +// +genclient // +genclient:nonNamespaced +// +openshift:compatibility-gen:level=1 type OperatorHub struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata"` @@ -49,6 +53,9 @@ type OperatorHub struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // OperatorHubList contains a list of OperatorHub +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type OperatorHubList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata"` @@ -70,7 +77,7 @@ type HubSource struct { // HubSourceStatus is used to reflect the current state of applying the // configuration to a default source type HubSourceStatus struct { - HubSource `json:"",omitempty` + HubSource `json:",omitempty"` // status indicates success or failure in applying the configuration Status string `json:"status,omitempty"` // message provides more information regarding failures diff --git a/vendor/github.com/openshift/api/config/v1/types_project.go b/vendor/github.com/openshift/api/config/v1/types_project.go index 61152a6f79..add6abf66b 100644 --- a/vendor/github.com/openshift/api/config/v1/types_project.go +++ b/vendor/github.com/openshift/api/config/v1/types_project.go @@ -7,9 +7,11 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // Project holds cluster-wide information about Project. The canonical name is `cluster` +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type Project struct { - metav1.TypeMeta `json:",inline"` - // Standard object's metadata. + metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` // spec holds user settable values for configuration @@ -47,9 +49,11 @@ type ProjectStatus struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type ProjectList struct { metav1.TypeMeta `json:",inline"` - // Standard object's metadata. metav1.ListMeta `json:"metadata"` - Items []Project `json:"items"` + + Items []Project `json:"items"` } diff --git a/vendor/github.com/openshift/api/config/v1/types_proxy.go b/vendor/github.com/openshift/api/config/v1/types_proxy.go index 1413a48caa..01ee4690df 100644 --- a/vendor/github.com/openshift/api/config/v1/types_proxy.go +++ b/vendor/github.com/openshift/api/config/v1/types_proxy.go @@ -9,9 +9,13 @@ import ( // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // Proxy holds cluster-wide information on how to configure default proxies for the cluster. The canonical name is `cluster` +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type Proxy struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` + // Spec holds user-settable values for the proxy configuration // +kubebuilder:validation:Required // +required @@ -31,7 +35,7 @@ type ProxySpec struct { // +optional HTTPSProxy string `json:"httpsProxy,omitempty"` - // noProxy is a comma-separated list of hostnames and/or CIDRs for which the proxy should not be used. + // noProxy is a comma-separated list of hostnames and/or CIDRs and/or IPs for which the proxy should not be used. // Empty means unset and will not result in an env var. // +optional NoProxy string `json:"noProxy,omitempty"` @@ -40,13 +44,17 @@ type ProxySpec struct { // +optional ReadinessEndpoints []string `json:"readinessEndpoints,omitempty"` - // trustedCA is a reference to a ConfigMap containing a CA certificate bundle used - // for client egress HTTPS connections. The certificate bundle must be from the CA - // that signed the proxy's certificate and be signed for everything. The trustedCA - // field should only be consumed by a proxy validator. The validator is responsible - // for reading the certificate bundle from required key "ca-bundle.crt" and copying - // it to a ConfigMap named "trusted-ca-bundle" in the "openshift-config-managed" - // namespace. The namespace for the ConfigMap referenced by trustedCA is + // trustedCA is a reference to a ConfigMap containing a CA certificate bundle. + // The trustedCA field should only be consumed by a proxy validator. The + // validator is responsible for reading the certificate bundle from the required + // key "ca-bundle.crt", merging it with the system default trust bundle, + // and writing the merged trust bundle to a ConfigMap named "trusted-ca-bundle" + // in the "openshift-config-managed" namespace. Clients that expect to make + // proxy connections must use the trusted-ca-bundle for all HTTPS requests to + // the proxy, and may use the trusted-ca-bundle for non-proxy HTTPS requests as + // well. + // + // The namespace for the ConfigMap referenced by trustedCA is // "openshift-config". Here is an example ConfigMap (in yaml): // // apiVersion: v1 @@ -81,9 +89,11 @@ type ProxyStatus struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type ProxyList struct { metav1.TypeMeta `json:",inline"` - // Standard object's metadata. metav1.ListMeta `json:"metadata"` - Items []Proxy `json:"items"` + + Items []Proxy `json:"items"` } diff --git a/vendor/github.com/openshift/api/config/v1/types_scheduling.go b/vendor/github.com/openshift/api/config/v1/types_scheduling.go index 9b8fa3a52a..a69d2a35c5 100644 --- a/vendor/github.com/openshift/api/config/v1/types_scheduling.go +++ b/vendor/github.com/openshift/api/config/v1/types_scheduling.go @@ -8,9 +8,11 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" // Scheduler holds cluster-wide config information to run the Kubernetes Scheduler // and influence its placement decisions. The canonical name for this config is `cluster`. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type Scheduler struct { - metav1.TypeMeta `json:",inline"` - // Standard object's metadata. + metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` // spec holds user settable values for configuration @@ -23,15 +25,24 @@ type Scheduler struct { } type SchedulerSpec struct { + // DEPRECATED: the scheduler Policy API has been deprecated and will be removed in a future release. // policy is a reference to a ConfigMap containing scheduler policy which has // user specified predicates and priorities. If this ConfigMap is not available // scheduler will default to use DefaultAlgorithmProvider. // The namespace for this configmap is openshift-config. // +optional - Policy ConfigMapNameReference `json:"policy"` + Policy ConfigMapNameReference `json:"policy,omitempty"` + // profile sets which scheduling profile should be set in order to configure scheduling + // decisions for new pods. + // + // Valid values are "LowNodeUtilization", "HighNodeUtilization", "NoScoring" + // Defaults to "LowNodeUtilization" + // +optional + Profile SchedulerProfile `json:"profile,omitempty"` // defaultNodeSelector helps set the cluster-wide default node selector to // restrict pod placement to specific nodes. This is applied to the pods - // created in all namespaces without a specified nodeSelector value. + // created in all namespaces and creates an intersection with any existing + // nodeSelectors already set on a pod, additionally constraining that pod's selector. // For example, // defaultNodeSelector: "type=user-node,region=east" would set nodeSelector // field in pod spec to "type=user-node,region=east" to all pods created @@ -62,14 +73,33 @@ type SchedulerSpec struct { MastersSchedulable bool `json:"mastersSchedulable"` } +// +kubebuilder:validation:Enum="";LowNodeUtilization;HighNodeUtilization;NoScoring +type SchedulerProfile string + +var ( + // LowNodeUtililization is the default, and defines a scheduling profile which prefers to + // spread pods evenly among nodes targeting low resource consumption on each node. + LowNodeUtilization SchedulerProfile = "LowNodeUtilization" + + // HighNodeUtilization defines a scheduling profile which packs as many pods as possible onto + // as few nodes as possible targeting a small node count but high resource usage on each node. + HighNodeUtilization SchedulerProfile = "HighNodeUtilization" + + // NoScoring defines a scheduling profile which tries to provide lower-latency scheduling + // at the expense of potentially less optimal pod placement decisions. + NoScoring SchedulerProfile = "NoScoring" +) + type SchedulerStatus struct { } // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type SchedulerList struct { metav1.TypeMeta `json:",inline"` - // Standard object's metadata. metav1.ListMeta `json:"metadata"` - Items []Scheduler `json:"items"` + + Items []Scheduler `json:"items"` } diff --git a/vendor/github.com/openshift/api/config/v1/types_tlssecurityprofile.go b/vendor/github.com/openshift/api/config/v1/types_tlssecurityprofile.go new file mode 100644 index 0000000000..9dbacb9966 --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/types_tlssecurityprofile.go @@ -0,0 +1,262 @@ +package v1 + +// TLSSecurityProfile defines the schema for a TLS security profile. This object +// is used by operators to apply TLS security settings to operands. +// +union +type TLSSecurityProfile struct { + // type is one of Old, Intermediate, Modern or Custom. Custom provides + // the ability to specify individual TLS security profile parameters. + // Old, Intermediate and Modern are TLS security profiles based on: + // + // https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations + // + // The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers + // are found to be insecure. Depending on precisely which ciphers are available to a process, the list may be + // reduced. + // + // Note that the Modern profile is currently not supported because it is not + // yet well adopted by common software libraries. + // + // +unionDiscriminator + // +optional + Type TLSProfileType `json:"type"` + // old is a TLS security profile based on: + // + // https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility + // + // and looks like this (yaml): + // + // ciphers: + // - TLS_AES_128_GCM_SHA256 + // - TLS_AES_256_GCM_SHA384 + // - TLS_CHACHA20_POLY1305_SHA256 + // - ECDHE-ECDSA-AES128-GCM-SHA256 + // - ECDHE-RSA-AES128-GCM-SHA256 + // - ECDHE-ECDSA-AES256-GCM-SHA384 + // - ECDHE-RSA-AES256-GCM-SHA384 + // - ECDHE-ECDSA-CHACHA20-POLY1305 + // - ECDHE-RSA-CHACHA20-POLY1305 + // - DHE-RSA-AES128-GCM-SHA256 + // - DHE-RSA-AES256-GCM-SHA384 + // - DHE-RSA-CHACHA20-POLY1305 + // - ECDHE-ECDSA-AES128-SHA256 + // - ECDHE-RSA-AES128-SHA256 + // - ECDHE-ECDSA-AES128-SHA + // - ECDHE-RSA-AES128-SHA + // - ECDHE-ECDSA-AES256-SHA384 + // - ECDHE-RSA-AES256-SHA384 + // - ECDHE-ECDSA-AES256-SHA + // - ECDHE-RSA-AES256-SHA + // - DHE-RSA-AES128-SHA256 + // - DHE-RSA-AES256-SHA256 + // - AES128-GCM-SHA256 + // - AES256-GCM-SHA384 + // - AES128-SHA256 + // - AES256-SHA256 + // - AES128-SHA + // - AES256-SHA + // - DES-CBC3-SHA + // minTLSVersion: TLSv1.0 + // + // +optional + // +nullable + Old *OldTLSProfile `json:"old,omitempty"` + // intermediate is a TLS security profile based on: + // + // https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29 + // + // and looks like this (yaml): + // + // ciphers: + // - TLS_AES_128_GCM_SHA256 + // - TLS_AES_256_GCM_SHA384 + // - TLS_CHACHA20_POLY1305_SHA256 + // - ECDHE-ECDSA-AES128-GCM-SHA256 + // - ECDHE-RSA-AES128-GCM-SHA256 + // - ECDHE-ECDSA-AES256-GCM-SHA384 + // - ECDHE-RSA-AES256-GCM-SHA384 + // - ECDHE-ECDSA-CHACHA20-POLY1305 + // - ECDHE-RSA-CHACHA20-POLY1305 + // - DHE-RSA-AES128-GCM-SHA256 + // - DHE-RSA-AES256-GCM-SHA384 + // minTLSVersion: TLSv1.2 + // + // +optional + // +nullable + Intermediate *IntermediateTLSProfile `json:"intermediate,omitempty"` + // modern is a TLS security profile based on: + // + // https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility + // + // and looks like this (yaml): + // + // ciphers: + // - TLS_AES_128_GCM_SHA256 + // - TLS_AES_256_GCM_SHA384 + // - TLS_CHACHA20_POLY1305_SHA256 + // minTLSVersion: TLSv1.3 + // + // NOTE: Currently unsupported. + // + // +optional + // +nullable + Modern *ModernTLSProfile `json:"modern,omitempty"` + // custom is a user-defined TLS security profile. Be extremely careful using a custom + // profile as invalid configurations can be catastrophic. An example custom profile + // looks like this: + // + // ciphers: + // - ECDHE-ECDSA-CHACHA20-POLY1305 + // - ECDHE-RSA-CHACHA20-POLY1305 + // - ECDHE-RSA-AES128-GCM-SHA256 + // - ECDHE-ECDSA-AES128-GCM-SHA256 + // minTLSVersion: TLSv1.1 + // + // +optional + // +nullable + Custom *CustomTLSProfile `json:"custom,omitempty"` +} + +// OldTLSProfile is a TLS security profile based on: +// https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility +type OldTLSProfile struct{} + +// IntermediateTLSProfile is a TLS security profile based on: +// https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28default.29 +type IntermediateTLSProfile struct{} + +// ModernTLSProfile is a TLS security profile based on: +// https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility +type ModernTLSProfile struct{} + +// CustomTLSProfile is a user-defined TLS security profile. Be extremely careful +// using a custom TLS profile as invalid configurations can be catastrophic. +type CustomTLSProfile struct { + TLSProfileSpec `json:",inline"` +} + +// TLSProfileType defines a TLS security profile type. +// +kubebuilder:validation:Enum=Old;Intermediate;Modern;Custom +type TLSProfileType string + +const ( + // Old is a TLS security profile based on: + // https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility + TLSProfileOldType TLSProfileType = "Old" + // Intermediate is a TLS security profile based on: + // https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28default.29 + TLSProfileIntermediateType TLSProfileType = "Intermediate" + // Modern is a TLS security profile based on: + // https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility + TLSProfileModernType TLSProfileType = "Modern" + // Custom is a TLS security profile that allows for user-defined parameters. + TLSProfileCustomType TLSProfileType = "Custom" +) + +// TLSProfileSpec is the desired behavior of a TLSSecurityProfile. +type TLSProfileSpec struct { + // ciphers is used to specify the cipher algorithms that are negotiated + // during the TLS handshake. Operators may remove entries their operands + // do not support. For example, to use DES-CBC3-SHA (yaml): + // + // ciphers: + // - DES-CBC3-SHA + // + Ciphers []string `json:"ciphers"` + // minTLSVersion is used to specify the minimal version of the TLS protocol + // that is negotiated during the TLS handshake. For example, to use TLS + // versions 1.1, 1.2 and 1.3 (yaml): + // + // minTLSVersion: TLSv1.1 + // + // NOTE: currently the highest minTLSVersion allowed is VersionTLS12 + // + MinTLSVersion TLSProtocolVersion `json:"minTLSVersion"` +} + +// TLSProtocolVersion is a way to specify the protocol version used for TLS connections. +// Protocol versions are based on the following most common TLS configurations: +// +// https://ssl-config.mozilla.org/ +// +// Note that SSLv3.0 is not a supported protocol version due to well known +// vulnerabilities such as POODLE: https://en.wikipedia.org/wiki/POODLE +// +kubebuilder:validation:Enum=VersionTLS10;VersionTLS11;VersionTLS12;VersionTLS13 +type TLSProtocolVersion string + +const ( + // VersionTLSv10 is version 1.0 of the TLS security protocol. + VersionTLS10 TLSProtocolVersion = "VersionTLS10" + // VersionTLSv11 is version 1.1 of the TLS security protocol. + VersionTLS11 TLSProtocolVersion = "VersionTLS11" + // VersionTLSv12 is version 1.2 of the TLS security protocol. + VersionTLS12 TLSProtocolVersion = "VersionTLS12" + // VersionTLSv13 is version 1.3 of the TLS security protocol. + VersionTLS13 TLSProtocolVersion = "VersionTLS13" +) + +// TLSProfiles Contains a map of TLSProfileType names to TLSProfileSpec. +// +// NOTE: The caller needs to make sure to check that these constants are valid for their binary. Not all +// entries map to values for all binaries. In the case of ties, the kube-apiserver wins. Do not fail, +// just be sure to whitelist only and everything will be ok. +var TLSProfiles = map[TLSProfileType]*TLSProfileSpec{ + TLSProfileOldType: { + Ciphers: []string{ + "TLS_AES_128_GCM_SHA256", + "TLS_AES_256_GCM_SHA384", + "TLS_CHACHA20_POLY1305_SHA256", + "ECDHE-ECDSA-AES128-GCM-SHA256", + "ECDHE-RSA-AES128-GCM-SHA256", + "ECDHE-ECDSA-AES256-GCM-SHA384", + "ECDHE-RSA-AES256-GCM-SHA384", + "ECDHE-ECDSA-CHACHA20-POLY1305", + "ECDHE-RSA-CHACHA20-POLY1305", + "DHE-RSA-AES128-GCM-SHA256", + "DHE-RSA-AES256-GCM-SHA384", + "DHE-RSA-CHACHA20-POLY1305", + "ECDHE-ECDSA-AES128-SHA256", + "ECDHE-RSA-AES128-SHA256", + "ECDHE-ECDSA-AES128-SHA", + "ECDHE-RSA-AES128-SHA", + "ECDHE-ECDSA-AES256-SHA384", + "ECDHE-RSA-AES256-SHA384", + "ECDHE-ECDSA-AES256-SHA", + "ECDHE-RSA-AES256-SHA", + "DHE-RSA-AES128-SHA256", + "DHE-RSA-AES256-SHA256", + "AES128-GCM-SHA256", + "AES256-GCM-SHA384", + "AES128-SHA256", + "AES256-SHA256", + "AES128-SHA", + "AES256-SHA", + "DES-CBC3-SHA", + }, + MinTLSVersion: VersionTLS10, + }, + TLSProfileIntermediateType: { + Ciphers: []string{ + "TLS_AES_128_GCM_SHA256", + "TLS_AES_256_GCM_SHA384", + "TLS_CHACHA20_POLY1305_SHA256", + "ECDHE-ECDSA-AES128-GCM-SHA256", + "ECDHE-RSA-AES128-GCM-SHA256", + "ECDHE-ECDSA-AES256-GCM-SHA384", + "ECDHE-RSA-AES256-GCM-SHA384", + "ECDHE-ECDSA-CHACHA20-POLY1305", + "ECDHE-RSA-CHACHA20-POLY1305", + "DHE-RSA-AES128-GCM-SHA256", + "DHE-RSA-AES256-GCM-SHA384", + }, + MinTLSVersion: VersionTLS12, + }, + TLSProfileModernType: { + Ciphers: []string{ + "TLS_AES_128_GCM_SHA256", + "TLS_AES_256_GCM_SHA384", + "TLS_CHACHA20_POLY1305_SHA256", + }, + MinTLSVersion: VersionTLS13, + }, +} diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go index d91dec9a60..a9babbc7f2 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go @@ -1,3 +1,4 @@ +//go:build !ignore_autogenerated // +build !ignore_autogenerated // Code generated by deepcopy-gen. DO NOT EDIT. @@ -6,6 +7,7 @@ package v1 import ( corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" runtime "k8s.io/apimachinery/pkg/runtime" ) @@ -37,6 +39,22 @@ func (in *APIServer) DeepCopyObject() runtime.Object { return nil } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *APIServerEncryption) DeepCopyInto(out *APIServerEncryption) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new APIServerEncryption. +func (in *APIServerEncryption) DeepCopy() *APIServerEncryption { + if in == nil { + return nil + } + out := new(APIServerEncryption) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *APIServerList) DeepCopyInto(out *APIServerList) { *out = *in @@ -125,6 +143,13 @@ func (in *APIServerSpec) DeepCopyInto(out *APIServerSpec) { *out = make([]string, len(*in)) copy(*out, *in) } + out.Encryption = in.Encryption + if in.TLSSecurityProfile != nil { + in, out := &in.TLSSecurityProfile, &out.TLSSecurityProfile + *out = new(TLSSecurityProfile) + (*in).DeepCopyInto(*out) + } + in.Audit.DeepCopyInto(&out.Audit) return } @@ -154,9 +179,56 @@ func (in *APIServerStatus) DeepCopy() *APIServerStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AWSIngressSpec) DeepCopyInto(out *AWSIngressSpec) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSIngressSpec. +func (in *AWSIngressSpec) DeepCopy() *AWSIngressSpec { + if in == nil { + return nil + } + out := new(AWSIngressSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AWSPlatformSpec) DeepCopyInto(out *AWSPlatformSpec) { + *out = *in + if in.ServiceEndpoints != nil { + in, out := &in.ServiceEndpoints, &out.ServiceEndpoints + *out = make([]AWSServiceEndpoint, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSPlatformSpec. +func (in *AWSPlatformSpec) DeepCopy() *AWSPlatformSpec { + if in == nil { + return nil + } + out := new(AWSPlatformSpec) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *AWSPlatformStatus) DeepCopyInto(out *AWSPlatformStatus) { *out = *in + if in.ServiceEndpoints != nil { + in, out := &in.ServiceEndpoints, &out.ServiceEndpoints + *out = make([]AWSServiceEndpoint, len(*in)) + copy(*out, *in) + } + if in.ResourceTags != nil { + in, out := &in.ResourceTags, &out.ResourceTags + *out = make([]AWSResourceTag, len(*in)) + copy(*out, *in) + } return } @@ -170,6 +242,38 @@ func (in *AWSPlatformStatus) DeepCopy() *AWSPlatformStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AWSResourceTag) DeepCopyInto(out *AWSResourceTag) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSResourceTag. +func (in *AWSResourceTag) DeepCopy() *AWSResourceTag { + if in == nil { + return nil + } + out := new(AWSResourceTag) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AWSServiceEndpoint) DeepCopyInto(out *AWSServiceEndpoint) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSServiceEndpoint. +func (in *AWSServiceEndpoint) DeepCopy() *AWSServiceEndpoint { + if in == nil { + return nil + } + out := new(AWSServiceEndpoint) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *AdmissionConfig) DeepCopyInto(out *AdmissionConfig) { *out = *in @@ -220,6 +324,80 @@ func (in *AdmissionPluginConfig) DeepCopy() *AdmissionPluginConfig { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AlibabaCloudPlatformSpec) DeepCopyInto(out *AlibabaCloudPlatformSpec) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AlibabaCloudPlatformSpec. +func (in *AlibabaCloudPlatformSpec) DeepCopy() *AlibabaCloudPlatformSpec { + if in == nil { + return nil + } + out := new(AlibabaCloudPlatformSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AlibabaCloudPlatformStatus) DeepCopyInto(out *AlibabaCloudPlatformStatus) { + *out = *in + if in.ResourceTags != nil { + in, out := &in.ResourceTags, &out.ResourceTags + *out = make([]AlibabaCloudResourceTag, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AlibabaCloudPlatformStatus. +func (in *AlibabaCloudPlatformStatus) DeepCopy() *AlibabaCloudPlatformStatus { + if in == nil { + return nil + } + out := new(AlibabaCloudPlatformStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AlibabaCloudResourceTag) DeepCopyInto(out *AlibabaCloudResourceTag) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AlibabaCloudResourceTag. +func (in *AlibabaCloudResourceTag) DeepCopy() *AlibabaCloudResourceTag { + if in == nil { + return nil + } + out := new(AlibabaCloudResourceTag) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Audit) DeepCopyInto(out *Audit) { + *out = *in + if in.CustomRules != nil { + in, out := &in.CustomRules, &out.CustomRules + *out = make([]AuditCustomRule, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Audit. +func (in *Audit) DeepCopy() *Audit { + if in == nil { + return nil + } + out := new(Audit) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *AuditConfig) DeepCopyInto(out *AuditConfig) { *out = *in @@ -237,6 +415,22 @@ func (in *AuditConfig) DeepCopy() *AuditConfig { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AuditCustomRule) DeepCopyInto(out *AuditCustomRule) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuditCustomRule. +func (in *AuditCustomRule) DeepCopy() *AuditCustomRule { + if in == nil { + return nil + } + out := new(AuditCustomRule) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Authentication) DeepCopyInto(out *Authentication) { *out = *in @@ -304,9 +498,14 @@ func (in *AuthenticationSpec) DeepCopyInto(out *AuthenticationSpec) { out.OAuthMetadata = in.OAuthMetadata if in.WebhookTokenAuthenticators != nil { in, out := &in.WebhookTokenAuthenticators, &out.WebhookTokenAuthenticators - *out = make([]WebhookTokenAuthenticator, len(*in)) + *out = make([]DeprecatedWebhookTokenAuthenticator, len(*in)) copy(*out, *in) } + if in.WebhookTokenAuthenticator != nil { + in, out := &in.WebhookTokenAuthenticator, &out.WebhookTokenAuthenticator + *out = new(WebhookTokenAuthenticator) + **out = **in + } return } @@ -337,6 +536,22 @@ func (in *AuthenticationStatus) DeepCopy() *AuthenticationStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AzurePlatformSpec) DeepCopyInto(out *AzurePlatformSpec) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzurePlatformSpec. +func (in *AzurePlatformSpec) DeepCopy() *AzurePlatformSpec { + if in == nil { + return nil + } + out := new(AzurePlatformSpec) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *AzurePlatformStatus) DeepCopyInto(out *AzurePlatformStatus) { *out = *in @@ -353,9 +568,35 @@ func (in *AzurePlatformStatus) DeepCopy() *AzurePlatformStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BareMetalPlatformSpec) DeepCopyInto(out *BareMetalPlatformSpec) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BareMetalPlatformSpec. +func (in *BareMetalPlatformSpec) DeepCopy() *BareMetalPlatformSpec { + if in == nil { + return nil + } + out := new(BareMetalPlatformSpec) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *BareMetalPlatformStatus) DeepCopyInto(out *BareMetalPlatformStatus) { *out = *in + if in.APIServerInternalIPs != nil { + in, out := &in.APIServerInternalIPs, &out.APIServerInternalIPs + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.IngressIPs != nil { + in, out := &in.IngressIPs, &out.IngressIPs + *out = make([]string, len(*in)) + copy(*out, *in) + } return } @@ -507,6 +748,11 @@ func (in *BuildOverrides) DeepCopyInto(out *BuildOverrides) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.ForcePull != nil { + in, out := &in.ForcePull, &out.ForcePull + *out = new(bool) + **out = **in + } return } @@ -571,6 +817,43 @@ func (in *ClientConnectionOverrides) DeepCopy() *ClientConnectionOverrides { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CloudControllerManagerSpec) DeepCopyInto(out *CloudControllerManagerSpec) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CloudControllerManagerSpec. +func (in *CloudControllerManagerSpec) DeepCopy() *CloudControllerManagerSpec { + if in == nil { + return nil + } + out := new(CloudControllerManagerSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterCondition) DeepCopyInto(out *ClusterCondition) { + *out = *in + if in.PromQL != nil { + in, out := &in.PromQL, &out.PromQL + *out = new(PromQLClusterCondition) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterCondition. +func (in *ClusterCondition) DeepCopy() *ClusterCondition { + if in == nil { + return nil + } + out := new(ClusterCondition) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ClusterNetworkEntry) DeepCopyInto(out *ClusterNetworkEntry) { *out = *in @@ -743,6 +1026,53 @@ func (in *ClusterVersion) DeepCopyObject() runtime.Object { return nil } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterVersionCapabilitiesSpec) DeepCopyInto(out *ClusterVersionCapabilitiesSpec) { + *out = *in + if in.AdditionalEnabledCapabilities != nil { + in, out := &in.AdditionalEnabledCapabilities, &out.AdditionalEnabledCapabilities + *out = make([]ClusterVersionCapability, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterVersionCapabilitiesSpec. +func (in *ClusterVersionCapabilitiesSpec) DeepCopy() *ClusterVersionCapabilitiesSpec { + if in == nil { + return nil + } + out := new(ClusterVersionCapabilitiesSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterVersionCapabilitiesStatus) DeepCopyInto(out *ClusterVersionCapabilitiesStatus) { + *out = *in + if in.EnabledCapabilities != nil { + in, out := &in.EnabledCapabilities, &out.EnabledCapabilities + *out = make([]ClusterVersionCapability, len(*in)) + copy(*out, *in) + } + if in.KnownCapabilities != nil { + in, out := &in.KnownCapabilities, &out.KnownCapabilities + *out = make([]ClusterVersionCapability, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterVersionCapabilitiesStatus. +func (in *ClusterVersionCapabilitiesStatus) DeepCopy() *ClusterVersionCapabilitiesStatus { + if in == nil { + return nil + } + out := new(ClusterVersionCapabilitiesStatus) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ClusterVersionList) DeepCopyInto(out *ClusterVersionList) { *out = *in @@ -784,6 +1114,11 @@ func (in *ClusterVersionSpec) DeepCopyInto(out *ClusterVersionSpec) { *out = new(Update) **out = **in } + if in.Capabilities != nil { + in, out := &in.Capabilities, &out.Capabilities + *out = new(ClusterVersionCapabilitiesSpec) + (*in).DeepCopyInto(*out) + } if in.Overrides != nil { in, out := &in.Overrides, &out.Overrides *out = make([]ComponentOverride, len(*in)) @@ -805,7 +1140,7 @@ func (in *ClusterVersionSpec) DeepCopy() *ClusterVersionSpec { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ClusterVersionStatus) DeepCopyInto(out *ClusterVersionStatus) { *out = *in - out.Desired = in.Desired + in.Desired.DeepCopyInto(&out.Desired) if in.History != nil { in, out := &in.History, &out.History *out = make([]UpdateHistory, len(*in)) @@ -813,6 +1148,7 @@ func (in *ClusterVersionStatus) DeepCopyInto(out *ClusterVersionStatus) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + in.Capabilities.DeepCopyInto(&out.Capabilities) if in.Conditions != nil { in, out := &in.Conditions, &out.Conditions *out = make([]ClusterOperatorStatusCondition, len(*in)) @@ -822,8 +1158,17 @@ func (in *ClusterVersionStatus) DeepCopyInto(out *ClusterVersionStatus) { } if in.AvailableUpdates != nil { in, out := &in.AvailableUpdates, &out.AvailableUpdates - *out = make([]Update, len(*in)) - copy(*out, *in) + *out = make([]Release, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.ConditionalUpdates != nil { + in, out := &in.ConditionalUpdates, &out.ConditionalUpdates + *out = make([]ConditionalUpdate, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } } return } @@ -855,39 +1200,148 @@ func (in *ComponentOverride) DeepCopy() *ComponentOverride { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ConfigMapFileReference) DeepCopyInto(out *ConfigMapFileReference) { +func (in *ComponentRouteSpec) DeepCopyInto(out *ComponentRouteSpec) { *out = *in + out.ServingCertKeyPairSecret = in.ServingCertKeyPairSecret return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConfigMapFileReference. -func (in *ConfigMapFileReference) DeepCopy() *ConfigMapFileReference { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComponentRouteSpec. +func (in *ComponentRouteSpec) DeepCopy() *ComponentRouteSpec { if in == nil { return nil } - out := new(ConfigMapFileReference) + out := new(ComponentRouteSpec) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ConfigMapNameReference) DeepCopyInto(out *ConfigMapNameReference) { +func (in *ComponentRouteStatus) DeepCopyInto(out *ComponentRouteStatus) { *out = *in + if in.ConsumingUsers != nil { + in, out := &in.ConsumingUsers, &out.ConsumingUsers + *out = make([]ConsumingUser, len(*in)) + copy(*out, *in) + } + if in.CurrentHostnames != nil { + in, out := &in.CurrentHostnames, &out.CurrentHostnames + *out = make([]Hostname, len(*in)) + copy(*out, *in) + } + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]metav1.Condition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.RelatedObjects != nil { + in, out := &in.RelatedObjects, &out.RelatedObjects + *out = make([]ObjectReference, len(*in)) + copy(*out, *in) + } return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConfigMapNameReference. -func (in *ConfigMapNameReference) DeepCopy() *ConfigMapNameReference { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComponentRouteStatus. +func (in *ComponentRouteStatus) DeepCopy() *ComponentRouteStatus { if in == nil { return nil } - out := new(ConfigMapNameReference) + out := new(ComponentRouteStatus) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Console) DeepCopyInto(out *Console) { +func (in *ConditionalUpdate) DeepCopyInto(out *ConditionalUpdate) { + *out = *in + in.Release.DeepCopyInto(&out.Release) + if in.Risks != nil { + in, out := &in.Risks, &out.Risks + *out = make([]ConditionalUpdateRisk, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]metav1.Condition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConditionalUpdate. +func (in *ConditionalUpdate) DeepCopy() *ConditionalUpdate { + if in == nil { + return nil + } + out := new(ConditionalUpdate) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ConditionalUpdateRisk) DeepCopyInto(out *ConditionalUpdateRisk) { + *out = *in + if in.MatchingRules != nil { + in, out := &in.MatchingRules, &out.MatchingRules + *out = make([]ClusterCondition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConditionalUpdateRisk. +func (in *ConditionalUpdateRisk) DeepCopy() *ConditionalUpdateRisk { + if in == nil { + return nil + } + out := new(ConditionalUpdateRisk) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ConfigMapFileReference) DeepCopyInto(out *ConfigMapFileReference) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConfigMapFileReference. +func (in *ConfigMapFileReference) DeepCopy() *ConfigMapFileReference { + if in == nil { + return nil + } + out := new(ConfigMapFileReference) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ConfigMapNameReference) DeepCopyInto(out *ConfigMapNameReference) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConfigMapNameReference. +func (in *ConfigMapNameReference) DeepCopy() *ConfigMapNameReference { + if in == nil { + return nil + } + out := new(ConfigMapNameReference) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Console) DeepCopyInto(out *Console) { *out = *in out.TypeMeta = in.TypeMeta in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) @@ -1022,6 +1476,23 @@ func (in *CustomFeatureGates) DeepCopy() *CustomFeatureGates { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CustomTLSProfile) DeepCopyInto(out *CustomTLSProfile) { + *out = *in + in.TLSProfileSpec.DeepCopyInto(&out.TLSProfileSpec) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CustomTLSProfile. +func (in *CustomTLSProfile) DeepCopy() *CustomTLSProfile { + if in == nil { + return nil + } + out := new(CustomTLSProfile) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *DNS) DeepCopyInto(out *DNS) { *out = *in @@ -1180,6 +1651,55 @@ func (in *DelegatedAuthorization) DeepCopy() *DelegatedAuthorization { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *DeprecatedWebhookTokenAuthenticator) DeepCopyInto(out *DeprecatedWebhookTokenAuthenticator) { + *out = *in + out.KubeConfig = in.KubeConfig + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DeprecatedWebhookTokenAuthenticator. +func (in *DeprecatedWebhookTokenAuthenticator) DeepCopy() *DeprecatedWebhookTokenAuthenticator { + if in == nil { + return nil + } + out := new(DeprecatedWebhookTokenAuthenticator) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *EquinixMetalPlatformSpec) DeepCopyInto(out *EquinixMetalPlatformSpec) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EquinixMetalPlatformSpec. +func (in *EquinixMetalPlatformSpec) DeepCopy() *EquinixMetalPlatformSpec { + if in == nil { + return nil + } + out := new(EquinixMetalPlatformSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *EquinixMetalPlatformStatus) DeepCopyInto(out *EquinixMetalPlatformStatus) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EquinixMetalPlatformStatus. +func (in *EquinixMetalPlatformStatus) DeepCopy() *EquinixMetalPlatformStatus { + if in == nil { + return nil + } + out := new(EquinixMetalPlatformStatus) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *EtcdConnectionInfo) DeepCopyInto(out *EtcdConnectionInfo) { *out = *in @@ -1271,6 +1791,39 @@ func (in *ExternalIPPolicy) DeepCopy() *ExternalIPPolicy { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ExternalPlatformSpec) DeepCopyInto(out *ExternalPlatformSpec) { + *out = *in + out.CloudControllerManager = in.CloudControllerManager + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalPlatformSpec. +func (in *ExternalPlatformSpec) DeepCopy() *ExternalPlatformSpec { + if in == nil { + return nil + } + out := new(ExternalPlatformSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ExternalPlatformStatus) DeepCopyInto(out *ExternalPlatformStatus) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalPlatformStatus. +func (in *ExternalPlatformStatus) DeepCopy() *ExternalPlatformStatus { + if in == nil { + return nil + } + out := new(ExternalPlatformStatus) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *FeatureGate) DeepCopyInto(out *FeatureGate) { *out = *in @@ -1412,6 +1965,22 @@ func (in *FeatureGateStatus) DeepCopy() *FeatureGateStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GCPPlatformSpec) DeepCopyInto(out *GCPPlatformSpec) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GCPPlatformSpec. +func (in *GCPPlatformSpec) DeepCopy() *GCPPlatformSpec { + if in == nil { + return nil + } + out := new(GCPPlatformSpec) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *GCPPlatformStatus) DeepCopyInto(out *GCPPlatformStatus) { *out = *in @@ -1604,6 +2173,38 @@ func (in *HubSourceStatus) DeepCopy() *HubSourceStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IBMCloudPlatformSpec) DeepCopyInto(out *IBMCloudPlatformSpec) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IBMCloudPlatformSpec. +func (in *IBMCloudPlatformSpec) DeepCopy() *IBMCloudPlatformSpec { + if in == nil { + return nil + } + out := new(IBMCloudPlatformSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IBMCloudPlatformStatus) DeepCopyInto(out *IBMCloudPlatformStatus) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IBMCloudPlatformStatus. +func (in *IBMCloudPlatformStatus) DeepCopy() *IBMCloudPlatformStatus { + if in == nil { + return nil + } + out := new(IBMCloudPlatformStatus) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *IdentityProvider) DeepCopyInto(out *IdentityProvider) { *out = *in @@ -1711,29 +2312,40 @@ func (in *Image) DeepCopyObject() runtime.Object { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ImageLabel) DeepCopyInto(out *ImageLabel) { +func (in *ImageContentPolicy) DeepCopyInto(out *ImageContentPolicy) { *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImageLabel. -func (in *ImageLabel) DeepCopy() *ImageLabel { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImageContentPolicy. +func (in *ImageContentPolicy) DeepCopy() *ImageContentPolicy { if in == nil { return nil } - out := new(ImageLabel) + out := new(ImageContentPolicy) in.DeepCopyInto(out) return out } +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ImageContentPolicy) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ImageList) DeepCopyInto(out *ImageList) { +func (in *ImageContentPolicyList) DeepCopyInto(out *ImageContentPolicyList) { *out = *in out.TypeMeta = in.TypeMeta in.ListMeta.DeepCopyInto(&out.ListMeta) if in.Items != nil { in, out := &in.Items, &out.Items - *out = make([]Image, len(*in)) + *out = make([]ImageContentPolicy, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } @@ -1741,18 +2353,18 @@ func (in *ImageList) DeepCopyInto(out *ImageList) { return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImageList. -func (in *ImageList) DeepCopy() *ImageList { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImageContentPolicyList. +func (in *ImageContentPolicyList) DeepCopy() *ImageContentPolicyList { if in == nil { return nil } - out := new(ImageList) + out := new(ImageContentPolicyList) in.DeepCopyInto(out) return out } // DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *ImageList) DeepCopyObject() runtime.Object { +func (in *ImageContentPolicyList) DeepCopyObject() runtime.Object { if c := in.DeepCopy(); c != nil { return c } @@ -1760,76 +2372,50 @@ func (in *ImageList) DeepCopyObject() runtime.Object { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ImageSpec) DeepCopyInto(out *ImageSpec) { - *out = *in - if in.AllowedRegistriesForImport != nil { - in, out := &in.AllowedRegistriesForImport, &out.AllowedRegistriesForImport - *out = make([]RegistryLocation, len(*in)) - copy(*out, *in) - } - if in.ExternalRegistryHostnames != nil { - in, out := &in.ExternalRegistryHostnames, &out.ExternalRegistryHostnames - *out = make([]string, len(*in)) - copy(*out, *in) - } - out.AdditionalTrustedCA = in.AdditionalTrustedCA - in.RegistrySources.DeepCopyInto(&out.RegistrySources) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImageSpec. -func (in *ImageSpec) DeepCopy() *ImageSpec { - if in == nil { - return nil - } - out := new(ImageSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ImageStatus) DeepCopyInto(out *ImageStatus) { +func (in *ImageContentPolicySpec) DeepCopyInto(out *ImageContentPolicySpec) { *out = *in - if in.ExternalRegistryHostnames != nil { - in, out := &in.ExternalRegistryHostnames, &out.ExternalRegistryHostnames - *out = make([]string, len(*in)) - copy(*out, *in) + if in.RepositoryDigestMirrors != nil { + in, out := &in.RepositoryDigestMirrors, &out.RepositoryDigestMirrors + *out = make([]RepositoryDigestMirrors, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } } return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImageStatus. -func (in *ImageStatus) DeepCopy() *ImageStatus { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImageContentPolicySpec. +func (in *ImageContentPolicySpec) DeepCopy() *ImageContentPolicySpec { if in == nil { return nil } - out := new(ImageStatus) + out := new(ImageContentPolicySpec) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Infrastructure) DeepCopyInto(out *Infrastructure) { +func (in *ImageDigestMirrorSet) DeepCopyInto(out *ImageDigestMirrorSet) { *out = *in out.TypeMeta = in.TypeMeta in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - out.Spec = in.Spec - in.Status.DeepCopyInto(&out.Status) + in.Spec.DeepCopyInto(&out.Spec) + out.Status = in.Status return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Infrastructure. -func (in *Infrastructure) DeepCopy() *Infrastructure { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImageDigestMirrorSet. +func (in *ImageDigestMirrorSet) DeepCopy() *ImageDigestMirrorSet { if in == nil { return nil } - out := new(Infrastructure) + out := new(ImageDigestMirrorSet) in.DeepCopyInto(out) return out } // DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *Infrastructure) DeepCopyObject() runtime.Object { +func (in *ImageDigestMirrorSet) DeepCopyObject() runtime.Object { if c := in.DeepCopy(); c != nil { return c } @@ -1837,13 +2423,13 @@ func (in *Infrastructure) DeepCopyObject() runtime.Object { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *InfrastructureList) DeepCopyInto(out *InfrastructureList) { +func (in *ImageDigestMirrorSetList) DeepCopyInto(out *ImageDigestMirrorSetList) { *out = *in out.TypeMeta = in.TypeMeta in.ListMeta.DeepCopyInto(&out.ListMeta) if in.Items != nil { in, out := &in.Items, &out.Items - *out = make([]Infrastructure, len(*in)) + *out = make([]ImageDigestMirrorSet, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } @@ -1851,18 +2437,18 @@ func (in *InfrastructureList) DeepCopyInto(out *InfrastructureList) { return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InfrastructureList. -func (in *InfrastructureList) DeepCopy() *InfrastructureList { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImageDigestMirrorSetList. +func (in *ImageDigestMirrorSetList) DeepCopy() *ImageDigestMirrorSetList { if in == nil { return nil } - out := new(InfrastructureList) + out := new(ImageDigestMirrorSetList) in.DeepCopyInto(out) return out } // DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *InfrastructureList) DeepCopyObject() runtime.Object { +func (in *ImageDigestMirrorSetList) DeepCopyObject() runtime.Object { if c := in.DeepCopy(); c != nil { return c } @@ -1870,79 +2456,89 @@ func (in *InfrastructureList) DeepCopyObject() runtime.Object { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *InfrastructureSpec) DeepCopyInto(out *InfrastructureSpec) { +func (in *ImageDigestMirrorSetSpec) DeepCopyInto(out *ImageDigestMirrorSetSpec) { *out = *in - out.CloudConfig = in.CloudConfig + if in.ImageDigestMirrors != nil { + in, out := &in.ImageDigestMirrors, &out.ImageDigestMirrors + *out = make([]ImageDigestMirrors, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InfrastructureSpec. -func (in *InfrastructureSpec) DeepCopy() *InfrastructureSpec { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImageDigestMirrorSetSpec. +func (in *ImageDigestMirrorSetSpec) DeepCopy() *ImageDigestMirrorSetSpec { if in == nil { return nil } - out := new(InfrastructureSpec) + out := new(ImageDigestMirrorSetSpec) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *InfrastructureStatus) DeepCopyInto(out *InfrastructureStatus) { +func (in *ImageDigestMirrorSetStatus) DeepCopyInto(out *ImageDigestMirrorSetStatus) { *out = *in - if in.PlatformStatus != nil { - in, out := &in.PlatformStatus, &out.PlatformStatus - *out = new(PlatformStatus) - (*in).DeepCopyInto(*out) - } return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InfrastructureStatus. -func (in *InfrastructureStatus) DeepCopy() *InfrastructureStatus { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImageDigestMirrorSetStatus. +func (in *ImageDigestMirrorSetStatus) DeepCopy() *ImageDigestMirrorSetStatus { if in == nil { return nil } - out := new(InfrastructureStatus) + out := new(ImageDigestMirrorSetStatus) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Ingress) DeepCopyInto(out *Ingress) { +func (in *ImageDigestMirrors) DeepCopyInto(out *ImageDigestMirrors) { *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - out.Spec = in.Spec - out.Status = in.Status + if in.Mirrors != nil { + in, out := &in.Mirrors, &out.Mirrors + *out = make([]ImageMirror, len(*in)) + copy(*out, *in) + } return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Ingress. -func (in *Ingress) DeepCopy() *Ingress { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImageDigestMirrors. +func (in *ImageDigestMirrors) DeepCopy() *ImageDigestMirrors { if in == nil { return nil } - out := new(Ingress) + out := new(ImageDigestMirrors) in.DeepCopyInto(out) return out } -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *Ingress) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ImageLabel) DeepCopyInto(out *ImageLabel) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImageLabel. +func (in *ImageLabel) DeepCopy() *ImageLabel { + if in == nil { + return nil } - return nil + out := new(ImageLabel) + in.DeepCopyInto(out) + return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *IngressList) DeepCopyInto(out *IngressList) { +func (in *ImageList) DeepCopyInto(out *ImageList) { *out = *in out.TypeMeta = in.TypeMeta in.ListMeta.DeepCopyInto(&out.ListMeta) if in.Items != nil { in, out := &in.Items, &out.Items - *out = make([]Ingress, len(*in)) + *out = make([]Image, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } @@ -1950,18 +2546,18 @@ func (in *IngressList) DeepCopyInto(out *IngressList) { return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressList. -func (in *IngressList) DeepCopy() *IngressList { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImageList. +func (in *ImageList) DeepCopy() *ImageList { if in == nil { return nil } - out := new(IngressList) + out := new(ImageList) in.DeepCopyInto(out) return out } // DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *IngressList) DeepCopyObject() runtime.Object { +func (in *ImageList) DeepCopyObject() runtime.Object { if c := in.DeepCopy(); c != nil { return c } @@ -1969,169 +2565,177 @@ func (in *IngressList) DeepCopyObject() runtime.Object { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *IngressSpec) DeepCopyInto(out *IngressSpec) { +func (in *ImageSpec) DeepCopyInto(out *ImageSpec) { *out = *in + if in.AllowedRegistriesForImport != nil { + in, out := &in.AllowedRegistriesForImport, &out.AllowedRegistriesForImport + *out = make([]RegistryLocation, len(*in)) + copy(*out, *in) + } + if in.ExternalRegistryHostnames != nil { + in, out := &in.ExternalRegistryHostnames, &out.ExternalRegistryHostnames + *out = make([]string, len(*in)) + copy(*out, *in) + } + out.AdditionalTrustedCA = in.AdditionalTrustedCA + in.RegistrySources.DeepCopyInto(&out.RegistrySources) return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressSpec. -func (in *IngressSpec) DeepCopy() *IngressSpec { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImageSpec. +func (in *ImageSpec) DeepCopy() *ImageSpec { if in == nil { return nil } - out := new(IngressSpec) + out := new(ImageSpec) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *IngressStatus) DeepCopyInto(out *IngressStatus) { +func (in *ImageStatus) DeepCopyInto(out *ImageStatus) { *out = *in + if in.ExternalRegistryHostnames != nil { + in, out := &in.ExternalRegistryHostnames, &out.ExternalRegistryHostnames + *out = make([]string, len(*in)) + copy(*out, *in) + } return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressStatus. -func (in *IngressStatus) DeepCopy() *IngressStatus { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImageStatus. +func (in *ImageStatus) DeepCopy() *ImageStatus { if in == nil { return nil } - out := new(IngressStatus) + out := new(ImageStatus) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *KeystoneIdentityProvider) DeepCopyInto(out *KeystoneIdentityProvider) { +func (in *ImageTagMirrorSet) DeepCopyInto(out *ImageTagMirrorSet) { *out = *in - out.OAuthRemoteConnectionInfo = in.OAuthRemoteConnectionInfo + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + out.Status = in.Status return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KeystoneIdentityProvider. -func (in *KeystoneIdentityProvider) DeepCopy() *KeystoneIdentityProvider { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImageTagMirrorSet. +func (in *ImageTagMirrorSet) DeepCopy() *ImageTagMirrorSet { if in == nil { return nil } - out := new(KeystoneIdentityProvider) + out := new(ImageTagMirrorSet) in.DeepCopyInto(out) return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *KubeClientConfig) DeepCopyInto(out *KubeClientConfig) { - *out = *in - out.ConnectionOverrides = in.ConnectionOverrides - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeClientConfig. -func (in *KubeClientConfig) DeepCopy() *KubeClientConfig { - if in == nil { - return nil +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ImageTagMirrorSet) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c } - out := new(KubeClientConfig) - in.DeepCopyInto(out) - return out + return nil } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *LDAPAttributeMapping) DeepCopyInto(out *LDAPAttributeMapping) { +func (in *ImageTagMirrorSetList) DeepCopyInto(out *ImageTagMirrorSetList) { *out = *in - if in.ID != nil { - in, out := &in.ID, &out.ID - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.PreferredUsername != nil { - in, out := &in.PreferredUsername, &out.PreferredUsername - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.Name != nil { - in, out := &in.Name, &out.Name - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.Email != nil { - in, out := &in.Email, &out.Email - *out = make([]string, len(*in)) - copy(*out, *in) + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]ImageTagMirrorSet, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } } return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LDAPAttributeMapping. -func (in *LDAPAttributeMapping) DeepCopy() *LDAPAttributeMapping { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImageTagMirrorSetList. +func (in *ImageTagMirrorSetList) DeepCopy() *ImageTagMirrorSetList { if in == nil { return nil } - out := new(LDAPAttributeMapping) + out := new(ImageTagMirrorSetList) in.DeepCopyInto(out) return out } +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ImageTagMirrorSetList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *LDAPIdentityProvider) DeepCopyInto(out *LDAPIdentityProvider) { +func (in *ImageTagMirrorSetSpec) DeepCopyInto(out *ImageTagMirrorSetSpec) { *out = *in - out.BindPassword = in.BindPassword - out.CA = in.CA - in.Attributes.DeepCopyInto(&out.Attributes) + if in.ImageTagMirrors != nil { + in, out := &in.ImageTagMirrors, &out.ImageTagMirrors + *out = make([]ImageTagMirrors, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LDAPIdentityProvider. -func (in *LDAPIdentityProvider) DeepCopy() *LDAPIdentityProvider { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImageTagMirrorSetSpec. +func (in *ImageTagMirrorSetSpec) DeepCopy() *ImageTagMirrorSetSpec { if in == nil { return nil } - out := new(LDAPIdentityProvider) + out := new(ImageTagMirrorSetSpec) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *LeaderElection) DeepCopyInto(out *LeaderElection) { +func (in *ImageTagMirrorSetStatus) DeepCopyInto(out *ImageTagMirrorSetStatus) { *out = *in - out.LeaseDuration = in.LeaseDuration - out.RenewDeadline = in.RenewDeadline - out.RetryPeriod = in.RetryPeriod return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LeaderElection. -func (in *LeaderElection) DeepCopy() *LeaderElection { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImageTagMirrorSetStatus. +func (in *ImageTagMirrorSetStatus) DeepCopy() *ImageTagMirrorSetStatus { if in == nil { return nil } - out := new(LeaderElection) + out := new(ImageTagMirrorSetStatus) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *NamedCertificate) DeepCopyInto(out *NamedCertificate) { +func (in *ImageTagMirrors) DeepCopyInto(out *ImageTagMirrors) { *out = *in - if in.Names != nil { - in, out := &in.Names, &out.Names - *out = make([]string, len(*in)) + if in.Mirrors != nil { + in, out := &in.Mirrors, &out.Mirrors + *out = make([]ImageMirror, len(*in)) copy(*out, *in) } - out.CertInfo = in.CertInfo return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NamedCertificate. -func (in *NamedCertificate) DeepCopy() *NamedCertificate { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImageTagMirrors. +func (in *ImageTagMirrors) DeepCopy() *ImageTagMirrors { if in == nil { return nil } - out := new(NamedCertificate) + out := new(ImageTagMirrors) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Network) DeepCopyInto(out *Network) { +func (in *Infrastructure) DeepCopyInto(out *Infrastructure) { *out = *in out.TypeMeta = in.TypeMeta in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) @@ -2140,18 +2744,18 @@ func (in *Network) DeepCopyInto(out *Network) { return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Network. -func (in *Network) DeepCopy() *Network { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Infrastructure. +func (in *Infrastructure) DeepCopy() *Infrastructure { if in == nil { return nil } - out := new(Network) + out := new(Infrastructure) in.DeepCopyInto(out) return out } // DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *Network) DeepCopyObject() runtime.Object { +func (in *Infrastructure) DeepCopyObject() runtime.Object { if c := in.DeepCopy(); c != nil { return c } @@ -2159,13 +2763,13 @@ func (in *Network) DeepCopyObject() runtime.Object { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *NetworkList) DeepCopyInto(out *NetworkList) { +func (in *InfrastructureList) DeepCopyInto(out *InfrastructureList) { *out = *in out.TypeMeta = in.TypeMeta in.ListMeta.DeepCopyInto(&out.ListMeta) if in.Items != nil { in, out := &in.Items, &out.Items - *out = make([]Network, len(*in)) + *out = make([]Infrastructure, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } @@ -2173,77 +2777,800 @@ func (in *NetworkList) DeepCopyInto(out *NetworkList) { return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkList. -func (in *NetworkList) DeepCopy() *NetworkList { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InfrastructureList. +func (in *InfrastructureList) DeepCopy() *InfrastructureList { + if in == nil { + return nil + } + out := new(InfrastructureList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *InfrastructureList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InfrastructureSpec) DeepCopyInto(out *InfrastructureSpec) { + *out = *in + out.CloudConfig = in.CloudConfig + in.PlatformSpec.DeepCopyInto(&out.PlatformSpec) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InfrastructureSpec. +func (in *InfrastructureSpec) DeepCopy() *InfrastructureSpec { + if in == nil { + return nil + } + out := new(InfrastructureSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InfrastructureStatus) DeepCopyInto(out *InfrastructureStatus) { + *out = *in + if in.PlatformStatus != nil { + in, out := &in.PlatformStatus, &out.PlatformStatus + *out = new(PlatformStatus) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InfrastructureStatus. +func (in *InfrastructureStatus) DeepCopy() *InfrastructureStatus { + if in == nil { + return nil + } + out := new(InfrastructureStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Ingress) DeepCopyInto(out *Ingress) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Ingress. +func (in *Ingress) DeepCopy() *Ingress { + if in == nil { + return nil + } + out := new(Ingress) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *Ingress) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IngressList) DeepCopyInto(out *IngressList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]Ingress, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressList. +func (in *IngressList) DeepCopy() *IngressList { + if in == nil { + return nil + } + out := new(IngressList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *IngressList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IngressPlatformSpec) DeepCopyInto(out *IngressPlatformSpec) { + *out = *in + if in.AWS != nil { + in, out := &in.AWS, &out.AWS + *out = new(AWSIngressSpec) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressPlatformSpec. +func (in *IngressPlatformSpec) DeepCopy() *IngressPlatformSpec { + if in == nil { + return nil + } + out := new(IngressPlatformSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IngressSpec) DeepCopyInto(out *IngressSpec) { + *out = *in + if in.ComponentRoutes != nil { + in, out := &in.ComponentRoutes, &out.ComponentRoutes + *out = make([]ComponentRouteSpec, len(*in)) + copy(*out, *in) + } + if in.RequiredHSTSPolicies != nil { + in, out := &in.RequiredHSTSPolicies, &out.RequiredHSTSPolicies + *out = make([]RequiredHSTSPolicy, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + in.LoadBalancer.DeepCopyInto(&out.LoadBalancer) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressSpec. +func (in *IngressSpec) DeepCopy() *IngressSpec { + if in == nil { + return nil + } + out := new(IngressSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IngressStatus) DeepCopyInto(out *IngressStatus) { + *out = *in + if in.ComponentRoutes != nil { + in, out := &in.ComponentRoutes, &out.ComponentRoutes + *out = make([]ComponentRouteStatus, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressStatus. +func (in *IngressStatus) DeepCopy() *IngressStatus { + if in == nil { + return nil + } + out := new(IngressStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IntermediateTLSProfile) DeepCopyInto(out *IntermediateTLSProfile) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IntermediateTLSProfile. +func (in *IntermediateTLSProfile) DeepCopy() *IntermediateTLSProfile { + if in == nil { + return nil + } + out := new(IntermediateTLSProfile) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KeystoneIdentityProvider) DeepCopyInto(out *KeystoneIdentityProvider) { + *out = *in + out.OAuthRemoteConnectionInfo = in.OAuthRemoteConnectionInfo + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KeystoneIdentityProvider. +func (in *KeystoneIdentityProvider) DeepCopy() *KeystoneIdentityProvider { + if in == nil { + return nil + } + out := new(KeystoneIdentityProvider) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KubeClientConfig) DeepCopyInto(out *KubeClientConfig) { + *out = *in + out.ConnectionOverrides = in.ConnectionOverrides + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeClientConfig. +func (in *KubeClientConfig) DeepCopy() *KubeClientConfig { + if in == nil { + return nil + } + out := new(KubeClientConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KubevirtPlatformSpec) DeepCopyInto(out *KubevirtPlatformSpec) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubevirtPlatformSpec. +func (in *KubevirtPlatformSpec) DeepCopy() *KubevirtPlatformSpec { + if in == nil { + return nil + } + out := new(KubevirtPlatformSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KubevirtPlatformStatus) DeepCopyInto(out *KubevirtPlatformStatus) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubevirtPlatformStatus. +func (in *KubevirtPlatformStatus) DeepCopy() *KubevirtPlatformStatus { + if in == nil { + return nil + } + out := new(KubevirtPlatformStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *LDAPAttributeMapping) DeepCopyInto(out *LDAPAttributeMapping) { + *out = *in + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.PreferredUsername != nil { + in, out := &in.PreferredUsername, &out.PreferredUsername + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.Name != nil { + in, out := &in.Name, &out.Name + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.Email != nil { + in, out := &in.Email, &out.Email + *out = make([]string, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LDAPAttributeMapping. +func (in *LDAPAttributeMapping) DeepCopy() *LDAPAttributeMapping { + if in == nil { + return nil + } + out := new(LDAPAttributeMapping) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *LDAPIdentityProvider) DeepCopyInto(out *LDAPIdentityProvider) { + *out = *in + out.BindPassword = in.BindPassword + out.CA = in.CA + in.Attributes.DeepCopyInto(&out.Attributes) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LDAPIdentityProvider. +func (in *LDAPIdentityProvider) DeepCopy() *LDAPIdentityProvider { + if in == nil { + return nil + } + out := new(LDAPIdentityProvider) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *LeaderElection) DeepCopyInto(out *LeaderElection) { + *out = *in + out.LeaseDuration = in.LeaseDuration + out.RenewDeadline = in.RenewDeadline + out.RetryPeriod = in.RetryPeriod + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LeaderElection. +func (in *LeaderElection) DeepCopy() *LeaderElection { + if in == nil { + return nil + } + out := new(LeaderElection) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *LoadBalancer) DeepCopyInto(out *LoadBalancer) { + *out = *in + in.Platform.DeepCopyInto(&out.Platform) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LoadBalancer. +func (in *LoadBalancer) DeepCopy() *LoadBalancer { + if in == nil { + return nil + } + out := new(LoadBalancer) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MTUMigration) DeepCopyInto(out *MTUMigration) { + *out = *in + if in.Network != nil { + in, out := &in.Network, &out.Network + *out = new(MTUMigrationValues) + (*in).DeepCopyInto(*out) + } + if in.Machine != nil { + in, out := &in.Machine, &out.Machine + *out = new(MTUMigrationValues) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MTUMigration. +func (in *MTUMigration) DeepCopy() *MTUMigration { + if in == nil { + return nil + } + out := new(MTUMigration) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MTUMigrationValues) DeepCopyInto(out *MTUMigrationValues) { + *out = *in + if in.To != nil { + in, out := &in.To, &out.To + *out = new(uint32) + **out = **in + } + if in.From != nil { + in, out := &in.From, &out.From + *out = new(uint32) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MTUMigrationValues. +func (in *MTUMigrationValues) DeepCopy() *MTUMigrationValues { + if in == nil { + return nil + } + out := new(MTUMigrationValues) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MaxAgePolicy) DeepCopyInto(out *MaxAgePolicy) { + *out = *in + if in.LargestMaxAge != nil { + in, out := &in.LargestMaxAge, &out.LargestMaxAge + *out = new(int32) + **out = **in + } + if in.SmallestMaxAge != nil { + in, out := &in.SmallestMaxAge, &out.SmallestMaxAge + *out = new(int32) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MaxAgePolicy. +func (in *MaxAgePolicy) DeepCopy() *MaxAgePolicy { + if in == nil { + return nil + } + out := new(MaxAgePolicy) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ModernTLSProfile) DeepCopyInto(out *ModernTLSProfile) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ModernTLSProfile. +func (in *ModernTLSProfile) DeepCopy() *ModernTLSProfile { + if in == nil { + return nil + } + out := new(ModernTLSProfile) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NamedCertificate) DeepCopyInto(out *NamedCertificate) { + *out = *in + if in.Names != nil { + in, out := &in.Names, &out.Names + *out = make([]string, len(*in)) + copy(*out, *in) + } + out.CertInfo = in.CertInfo + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NamedCertificate. +func (in *NamedCertificate) DeepCopy() *NamedCertificate { + if in == nil { + return nil + } + out := new(NamedCertificate) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Network) DeepCopyInto(out *Network) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Network. +func (in *Network) DeepCopy() *Network { + if in == nil { + return nil + } + out := new(Network) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *Network) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NetworkList) DeepCopyInto(out *NetworkList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]Network, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkList. +func (in *NetworkList) DeepCopy() *NetworkList { + if in == nil { + return nil + } + out := new(NetworkList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *NetworkList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NetworkMigration) DeepCopyInto(out *NetworkMigration) { + *out = *in + if in.MTU != nil { + in, out := &in.MTU, &out.MTU + *out = new(MTUMigration) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkMigration. +func (in *NetworkMigration) DeepCopy() *NetworkMigration { + if in == nil { + return nil + } + out := new(NetworkMigration) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NetworkSpec) DeepCopyInto(out *NetworkSpec) { + *out = *in + if in.ClusterNetwork != nil { + in, out := &in.ClusterNetwork, &out.ClusterNetwork + *out = make([]ClusterNetworkEntry, len(*in)) + copy(*out, *in) + } + if in.ServiceNetwork != nil { + in, out := &in.ServiceNetwork, &out.ServiceNetwork + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.ExternalIP != nil { + in, out := &in.ExternalIP, &out.ExternalIP + *out = new(ExternalIPConfig) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkSpec. +func (in *NetworkSpec) DeepCopy() *NetworkSpec { + if in == nil { + return nil + } + out := new(NetworkSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NetworkStatus) DeepCopyInto(out *NetworkStatus) { + *out = *in + if in.ClusterNetwork != nil { + in, out := &in.ClusterNetwork, &out.ClusterNetwork + *out = make([]ClusterNetworkEntry, len(*in)) + copy(*out, *in) + } + if in.ServiceNetwork != nil { + in, out := &in.ServiceNetwork, &out.ServiceNetwork + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.Migration != nil { + in, out := &in.Migration, &out.Migration + *out = new(NetworkMigration) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkStatus. +func (in *NetworkStatus) DeepCopy() *NetworkStatus { + if in == nil { + return nil + } + out := new(NetworkStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Node) DeepCopyInto(out *Node) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + out.Spec = in.Spec + out.Status = in.Status + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Node. +func (in *Node) DeepCopy() *Node { + if in == nil { + return nil + } + out := new(Node) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *Node) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodeList) DeepCopyInto(out *NodeList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]Node, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeList. +func (in *NodeList) DeepCopy() *NodeList { + if in == nil { + return nil + } + out := new(NodeList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *NodeList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodeSpec) DeepCopyInto(out *NodeSpec) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeSpec. +func (in *NodeSpec) DeepCopy() *NodeSpec { + if in == nil { + return nil + } + out := new(NodeSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodeStatus) DeepCopyInto(out *NodeStatus) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeStatus. +func (in *NodeStatus) DeepCopy() *NodeStatus { + if in == nil { + return nil + } + out := new(NodeStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NutanixPlatformSpec) DeepCopyInto(out *NutanixPlatformSpec) { + *out = *in + out.PrismCentral = in.PrismCentral + if in.PrismElements != nil { + in, out := &in.PrismElements, &out.PrismElements + *out = make([]NutanixPrismElementEndpoint, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NutanixPlatformSpec. +func (in *NutanixPlatformSpec) DeepCopy() *NutanixPlatformSpec { + if in == nil { + return nil + } + out := new(NutanixPlatformSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NutanixPlatformStatus) DeepCopyInto(out *NutanixPlatformStatus) { + *out = *in + if in.APIServerInternalIPs != nil { + in, out := &in.APIServerInternalIPs, &out.APIServerInternalIPs + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.IngressIPs != nil { + in, out := &in.IngressIPs, &out.IngressIPs + *out = make([]string, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NutanixPlatformStatus. +func (in *NutanixPlatformStatus) DeepCopy() *NutanixPlatformStatus { if in == nil { return nil } - out := new(NetworkList) + out := new(NutanixPlatformStatus) in.DeepCopyInto(out) return out } -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *NetworkList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *NetworkSpec) DeepCopyInto(out *NetworkSpec) { +func (in *NutanixPrismElementEndpoint) DeepCopyInto(out *NutanixPrismElementEndpoint) { *out = *in - if in.ClusterNetwork != nil { - in, out := &in.ClusterNetwork, &out.ClusterNetwork - *out = make([]ClusterNetworkEntry, len(*in)) - copy(*out, *in) - } - if in.ServiceNetwork != nil { - in, out := &in.ServiceNetwork, &out.ServiceNetwork - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.ExternalIP != nil { - in, out := &in.ExternalIP, &out.ExternalIP - *out = new(ExternalIPConfig) - (*in).DeepCopyInto(*out) - } + out.Endpoint = in.Endpoint return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkSpec. -func (in *NetworkSpec) DeepCopy() *NetworkSpec { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NutanixPrismElementEndpoint. +func (in *NutanixPrismElementEndpoint) DeepCopy() *NutanixPrismElementEndpoint { if in == nil { return nil } - out := new(NetworkSpec) + out := new(NutanixPrismElementEndpoint) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *NetworkStatus) DeepCopyInto(out *NetworkStatus) { +func (in *NutanixPrismEndpoint) DeepCopyInto(out *NutanixPrismEndpoint) { *out = *in - if in.ClusterNetwork != nil { - in, out := &in.ClusterNetwork, &out.ClusterNetwork - *out = make([]ClusterNetworkEntry, len(*in)) - copy(*out, *in) - } - if in.ServiceNetwork != nil { - in, out := &in.ServiceNetwork, &out.ServiceNetwork - *out = make([]string, len(*in)) - copy(*out, *in) - } return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkStatus. -func (in *NetworkStatus) DeepCopy() *NetworkStatus { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NutanixPrismEndpoint. +func (in *NutanixPrismEndpoint) DeepCopy() *NutanixPrismEndpoint { if in == nil { return nil } - out := new(NetworkStatus) + out := new(NutanixPrismEndpoint) in.DeepCopyInto(out) return out } @@ -2338,7 +3665,7 @@ func (in *OAuthSpec) DeepCopyInto(out *OAuthSpec) { (*in)[i].DeepCopyInto(&(*out)[i]) } } - out.TokenConfig = in.TokenConfig + in.TokenConfig.DeepCopyInto(&out.TokenConfig) out.Templates = in.Templates return } @@ -2404,6 +3731,22 @@ func (in *ObjectReference) DeepCopy() *ObjectReference { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OldTLSProfile) DeepCopyInto(out *OldTLSProfile) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OldTLSProfile. +func (in *OldTLSProfile) DeepCopy() *OldTLSProfile { + if in == nil { + return nil + } + out := new(OldTLSProfile) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *OpenIDClaims) DeepCopyInto(out *OpenIDClaims) { *out = *in @@ -2422,6 +3765,11 @@ func (in *OpenIDClaims) DeepCopyInto(out *OpenIDClaims) { *out = make([]string, len(*in)) copy(*out, *in) } + if in.Groups != nil { + in, out := &in.Groups, &out.Groups + *out = make([]OpenIDClaim, len(*in)) + copy(*out, *in) + } return } @@ -2466,9 +3814,35 @@ func (in *OpenIDIdentityProvider) DeepCopy() *OpenIDIdentityProvider { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OpenStackPlatformSpec) DeepCopyInto(out *OpenStackPlatformSpec) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OpenStackPlatformSpec. +func (in *OpenStackPlatformSpec) DeepCopy() *OpenStackPlatformSpec { + if in == nil { + return nil + } + out := new(OpenStackPlatformSpec) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *OpenStackPlatformStatus) DeepCopyInto(out *OpenStackPlatformStatus) { *out = *in + if in.APIServerInternalIPs != nil { + in, out := &in.APIServerInternalIPs, &out.APIServerInternalIPs + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.IngressIPs != nil { + in, out := &in.IngressIPs, &out.IngressIPs + *out = make([]string, len(*in)) + copy(*out, *in) + } return } @@ -2556,88 +3930,319 @@ func (in *OperatorHubList) DeepCopyObject() runtime.Object { if c := in.DeepCopy(); c != nil { return c } - return nil + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OperatorHubSpec) DeepCopyInto(out *OperatorHubSpec) { + *out = *in + if in.Sources != nil { + in, out := &in.Sources, &out.Sources + *out = make([]HubSource, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OperatorHubSpec. +func (in *OperatorHubSpec) DeepCopy() *OperatorHubSpec { + if in == nil { + return nil + } + out := new(OperatorHubSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OperatorHubStatus) DeepCopyInto(out *OperatorHubStatus) { + *out = *in + if in.Sources != nil { + in, out := &in.Sources, &out.Sources + *out = make([]HubSourceStatus, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OperatorHubStatus. +func (in *OperatorHubStatus) DeepCopy() *OperatorHubStatus { + if in == nil { + return nil + } + out := new(OperatorHubStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OvirtPlatformSpec) DeepCopyInto(out *OvirtPlatformSpec) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OvirtPlatformSpec. +func (in *OvirtPlatformSpec) DeepCopy() *OvirtPlatformSpec { + if in == nil { + return nil + } + out := new(OvirtPlatformSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OvirtPlatformStatus) DeepCopyInto(out *OvirtPlatformStatus) { + *out = *in + if in.APIServerInternalIPs != nil { + in, out := &in.APIServerInternalIPs, &out.APIServerInternalIPs + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.IngressIPs != nil { + in, out := &in.IngressIPs, &out.IngressIPs + *out = make([]string, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OvirtPlatformStatus. +func (in *OvirtPlatformStatus) DeepCopy() *OvirtPlatformStatus { + if in == nil { + return nil + } + out := new(OvirtPlatformStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PlatformSpec) DeepCopyInto(out *PlatformSpec) { + *out = *in + if in.AWS != nil { + in, out := &in.AWS, &out.AWS + *out = new(AWSPlatformSpec) + (*in).DeepCopyInto(*out) + } + if in.Azure != nil { + in, out := &in.Azure, &out.Azure + *out = new(AzurePlatformSpec) + **out = **in + } + if in.GCP != nil { + in, out := &in.GCP, &out.GCP + *out = new(GCPPlatformSpec) + **out = **in + } + if in.BareMetal != nil { + in, out := &in.BareMetal, &out.BareMetal + *out = new(BareMetalPlatformSpec) + **out = **in + } + if in.OpenStack != nil { + in, out := &in.OpenStack, &out.OpenStack + *out = new(OpenStackPlatformSpec) + **out = **in + } + if in.Ovirt != nil { + in, out := &in.Ovirt, &out.Ovirt + *out = new(OvirtPlatformSpec) + **out = **in + } + if in.VSphere != nil { + in, out := &in.VSphere, &out.VSphere + *out = new(VSpherePlatformSpec) + (*in).DeepCopyInto(*out) + } + if in.IBMCloud != nil { + in, out := &in.IBMCloud, &out.IBMCloud + *out = new(IBMCloudPlatformSpec) + **out = **in + } + if in.Kubevirt != nil { + in, out := &in.Kubevirt, &out.Kubevirt + *out = new(KubevirtPlatformSpec) + **out = **in + } + if in.EquinixMetal != nil { + in, out := &in.EquinixMetal, &out.EquinixMetal + *out = new(EquinixMetalPlatformSpec) + **out = **in + } + if in.PowerVS != nil { + in, out := &in.PowerVS, &out.PowerVS + *out = new(PowerVSPlatformSpec) + (*in).DeepCopyInto(*out) + } + if in.AlibabaCloud != nil { + in, out := &in.AlibabaCloud, &out.AlibabaCloud + *out = new(AlibabaCloudPlatformSpec) + **out = **in + } + if in.Nutanix != nil { + in, out := &in.Nutanix, &out.Nutanix + *out = new(NutanixPlatformSpec) + (*in).DeepCopyInto(*out) + } + if in.External != nil { + in, out := &in.External, &out.External + *out = new(ExternalPlatformSpec) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PlatformSpec. +func (in *PlatformSpec) DeepCopy() *PlatformSpec { + if in == nil { + return nil + } + out := new(PlatformSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PlatformStatus) DeepCopyInto(out *PlatformStatus) { + *out = *in + if in.AWS != nil { + in, out := &in.AWS, &out.AWS + *out = new(AWSPlatformStatus) + (*in).DeepCopyInto(*out) + } + if in.Azure != nil { + in, out := &in.Azure, &out.Azure + *out = new(AzurePlatformStatus) + **out = **in + } + if in.GCP != nil { + in, out := &in.GCP, &out.GCP + *out = new(GCPPlatformStatus) + **out = **in + } + if in.BareMetal != nil { + in, out := &in.BareMetal, &out.BareMetal + *out = new(BareMetalPlatformStatus) + (*in).DeepCopyInto(*out) + } + if in.OpenStack != nil { + in, out := &in.OpenStack, &out.OpenStack + *out = new(OpenStackPlatformStatus) + (*in).DeepCopyInto(*out) + } + if in.Ovirt != nil { + in, out := &in.Ovirt, &out.Ovirt + *out = new(OvirtPlatformStatus) + (*in).DeepCopyInto(*out) + } + if in.VSphere != nil { + in, out := &in.VSphere, &out.VSphere + *out = new(VSpherePlatformStatus) + (*in).DeepCopyInto(*out) + } + if in.IBMCloud != nil { + in, out := &in.IBMCloud, &out.IBMCloud + *out = new(IBMCloudPlatformStatus) + **out = **in + } + if in.Kubevirt != nil { + in, out := &in.Kubevirt, &out.Kubevirt + *out = new(KubevirtPlatformStatus) + **out = **in + } + if in.EquinixMetal != nil { + in, out := &in.EquinixMetal, &out.EquinixMetal + *out = new(EquinixMetalPlatformStatus) + **out = **in + } + if in.PowerVS != nil { + in, out := &in.PowerVS, &out.PowerVS + *out = new(PowerVSPlatformStatus) + (*in).DeepCopyInto(*out) + } + if in.AlibabaCloud != nil { + in, out := &in.AlibabaCloud, &out.AlibabaCloud + *out = new(AlibabaCloudPlatformStatus) + (*in).DeepCopyInto(*out) + } + if in.Nutanix != nil { + in, out := &in.Nutanix, &out.Nutanix + *out = new(NutanixPlatformStatus) + (*in).DeepCopyInto(*out) + } + if in.External != nil { + in, out := &in.External, &out.External + *out = new(ExternalPlatformStatus) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PlatformStatus. +func (in *PlatformStatus) DeepCopy() *PlatformStatus { + if in == nil { + return nil + } + out := new(PlatformStatus) + in.DeepCopyInto(out) + return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *OperatorHubSpec) DeepCopyInto(out *OperatorHubSpec) { +func (in *PowerVSPlatformSpec) DeepCopyInto(out *PowerVSPlatformSpec) { *out = *in - if in.Sources != nil { - in, out := &in.Sources, &out.Sources - *out = make([]HubSource, len(*in)) + if in.ServiceEndpoints != nil { + in, out := &in.ServiceEndpoints, &out.ServiceEndpoints + *out = make([]PowerVSServiceEndpoint, len(*in)) copy(*out, *in) } return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OperatorHubSpec. -func (in *OperatorHubSpec) DeepCopy() *OperatorHubSpec { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PowerVSPlatformSpec. +func (in *PowerVSPlatformSpec) DeepCopy() *PowerVSPlatformSpec { if in == nil { return nil } - out := new(OperatorHubSpec) + out := new(PowerVSPlatformSpec) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *OperatorHubStatus) DeepCopyInto(out *OperatorHubStatus) { +func (in *PowerVSPlatformStatus) DeepCopyInto(out *PowerVSPlatformStatus) { *out = *in - if in.Sources != nil { - in, out := &in.Sources, &out.Sources - *out = make([]HubSourceStatus, len(*in)) + if in.ServiceEndpoints != nil { + in, out := &in.ServiceEndpoints, &out.ServiceEndpoints + *out = make([]PowerVSServiceEndpoint, len(*in)) copy(*out, *in) } return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OperatorHubStatus. -func (in *OperatorHubStatus) DeepCopy() *OperatorHubStatus { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PowerVSPlatformStatus. +func (in *PowerVSPlatformStatus) DeepCopy() *PowerVSPlatformStatus { if in == nil { return nil } - out := new(OperatorHubStatus) + out := new(PowerVSPlatformStatus) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PlatformStatus) DeepCopyInto(out *PlatformStatus) { +func (in *PowerVSServiceEndpoint) DeepCopyInto(out *PowerVSServiceEndpoint) { *out = *in - if in.AWS != nil { - in, out := &in.AWS, &out.AWS - *out = new(AWSPlatformStatus) - **out = **in - } - if in.Azure != nil { - in, out := &in.Azure, &out.Azure - *out = new(AzurePlatformStatus) - **out = **in - } - if in.GCP != nil { - in, out := &in.GCP, &out.GCP - *out = new(GCPPlatformStatus) - **out = **in - } - if in.BareMetal != nil { - in, out := &in.BareMetal, &out.BareMetal - *out = new(BareMetalPlatformStatus) - **out = **in - } - if in.OpenStack != nil { - in, out := &in.OpenStack, &out.OpenStack - *out = new(OpenStackPlatformStatus) - **out = **in - } return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PlatformStatus. -func (in *PlatformStatus) DeepCopy() *PlatformStatus { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PowerVSServiceEndpoint. +func (in *PowerVSServiceEndpoint) DeepCopy() *PowerVSServiceEndpoint { if in == nil { return nil } - out := new(PlatformStatus) + out := new(PowerVSServiceEndpoint) in.DeepCopyInto(out) return out } @@ -2736,6 +4341,22 @@ func (in *ProjectStatus) DeepCopy() *ProjectStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PromQLClusterCondition) DeepCopyInto(out *PromQLClusterCondition) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PromQLClusterCondition. +func (in *PromQLClusterCondition) DeepCopy() *PromQLClusterCondition { + if in == nil { + return nil + } + out := new(PromQLClusterCondition) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Proxy) DeepCopyInto(out *Proxy) { *out = *in @@ -2869,6 +4490,11 @@ func (in *RegistrySources) DeepCopyInto(out *RegistrySources) { *out = make([]string, len(*in)) copy(*out, *in) } + if in.ContainerRuntimeSearchRegistries != nil { + in, out := &in.ContainerRuntimeSearchRegistries, &out.ContainerRuntimeSearchRegistries + *out = make([]string, len(*in)) + copy(*out, *in) + } return } @@ -2882,6 +4508,27 @@ func (in *RegistrySources) DeepCopy() *RegistrySources { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Release) DeepCopyInto(out *Release) { + *out = *in + if in.Channels != nil { + in, out := &in.Channels, &out.Channels + *out = make([]string, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Release. +func (in *Release) DeepCopy() *Release { + if in == nil { + return nil + } + out := new(Release) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *RemoteConnectionInfo) DeepCopyInto(out *RemoteConnectionInfo) { *out = *in @@ -2899,6 +4546,27 @@ func (in *RemoteConnectionInfo) DeepCopy() *RemoteConnectionInfo { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RepositoryDigestMirrors) DeepCopyInto(out *RepositoryDigestMirrors) { + *out = *in + if in.Mirrors != nil { + in, out := &in.Mirrors, &out.Mirrors + *out = make([]Mirror, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RepositoryDigestMirrors. +func (in *RepositoryDigestMirrors) DeepCopy() *RepositoryDigestMirrors { + if in == nil { + return nil + } + out := new(RepositoryDigestMirrors) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *RequestHeaderIdentityProvider) DeepCopyInto(out *RequestHeaderIdentityProvider) { *out = *in @@ -2941,6 +4609,33 @@ func (in *RequestHeaderIdentityProvider) DeepCopy() *RequestHeaderIdentityProvid return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RequiredHSTSPolicy) DeepCopyInto(out *RequiredHSTSPolicy) { + *out = *in + if in.NamespaceSelector != nil { + in, out := &in.NamespaceSelector, &out.NamespaceSelector + *out = new(metav1.LabelSelector) + (*in).DeepCopyInto(*out) + } + if in.DomainPatterns != nil { + in, out := &in.DomainPatterns, &out.DomainPatterns + *out = make([]string, len(*in)) + copy(*out, *in) + } + in.MaxAge.DeepCopyInto(&out.MaxAge) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RequiredHSTSPolicy. +func (in *RequiredHSTSPolicy) DeepCopy() *RequiredHSTSPolicy { + if in == nil { + return nil + } + out := new(RequiredHSTSPolicy) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Scheduler) DeepCopyInto(out *Scheduler) { *out = *in @@ -3113,6 +4808,63 @@ func (in *StringSourceSpec) DeepCopy() *StringSourceSpec { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TLSProfileSpec) DeepCopyInto(out *TLSProfileSpec) { + *out = *in + if in.Ciphers != nil { + in, out := &in.Ciphers, &out.Ciphers + *out = make([]string, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSProfileSpec. +func (in *TLSProfileSpec) DeepCopy() *TLSProfileSpec { + if in == nil { + return nil + } + out := new(TLSProfileSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TLSSecurityProfile) DeepCopyInto(out *TLSSecurityProfile) { + *out = *in + if in.Old != nil { + in, out := &in.Old, &out.Old + *out = new(OldTLSProfile) + **out = **in + } + if in.Intermediate != nil { + in, out := &in.Intermediate, &out.Intermediate + *out = new(IntermediateTLSProfile) + **out = **in + } + if in.Modern != nil { + in, out := &in.Modern, &out.Modern + *out = new(ModernTLSProfile) + **out = **in + } + if in.Custom != nil { + in, out := &in.Custom, &out.Custom + *out = new(CustomTLSProfile) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSSecurityProfile. +func (in *TLSSecurityProfile) DeepCopy() *TLSSecurityProfile { + if in == nil { + return nil + } + out := new(TLSSecurityProfile) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *TemplateReference) DeepCopyInto(out *TemplateReference) { *out = *in @@ -3132,6 +4884,11 @@ func (in *TemplateReference) DeepCopy() *TemplateReference { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *TokenConfig) DeepCopyInto(out *TokenConfig) { *out = *in + if in.AccessTokenInactivityTimeout != nil { + in, out := &in.AccessTokenInactivityTimeout, &out.AccessTokenInactivityTimeout + *out = new(metav1.Duration) + **out = **in + } return } @@ -3182,6 +4939,166 @@ func (in *UpdateHistory) DeepCopy() *UpdateHistory { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VSpherePlatformFailureDomainSpec) DeepCopyInto(out *VSpherePlatformFailureDomainSpec) { + *out = *in + in.Topology.DeepCopyInto(&out.Topology) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VSpherePlatformFailureDomainSpec. +func (in *VSpherePlatformFailureDomainSpec) DeepCopy() *VSpherePlatformFailureDomainSpec { + if in == nil { + return nil + } + out := new(VSpherePlatformFailureDomainSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VSpherePlatformNodeNetworking) DeepCopyInto(out *VSpherePlatformNodeNetworking) { + *out = *in + in.External.DeepCopyInto(&out.External) + in.Internal.DeepCopyInto(&out.Internal) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VSpherePlatformNodeNetworking. +func (in *VSpherePlatformNodeNetworking) DeepCopy() *VSpherePlatformNodeNetworking { + if in == nil { + return nil + } + out := new(VSpherePlatformNodeNetworking) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VSpherePlatformNodeNetworkingSpec) DeepCopyInto(out *VSpherePlatformNodeNetworkingSpec) { + *out = *in + if in.NetworkSubnetCIDR != nil { + in, out := &in.NetworkSubnetCIDR, &out.NetworkSubnetCIDR + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.ExcludeNetworkSubnetCIDR != nil { + in, out := &in.ExcludeNetworkSubnetCIDR, &out.ExcludeNetworkSubnetCIDR + *out = make([]string, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VSpherePlatformNodeNetworkingSpec. +func (in *VSpherePlatformNodeNetworkingSpec) DeepCopy() *VSpherePlatformNodeNetworkingSpec { + if in == nil { + return nil + } + out := new(VSpherePlatformNodeNetworkingSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VSpherePlatformSpec) DeepCopyInto(out *VSpherePlatformSpec) { + *out = *in + if in.VCenters != nil { + in, out := &in.VCenters, &out.VCenters + *out = make([]VSpherePlatformVCenterSpec, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.FailureDomains != nil { + in, out := &in.FailureDomains, &out.FailureDomains + *out = make([]VSpherePlatformFailureDomainSpec, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + in.NodeNetworking.DeepCopyInto(&out.NodeNetworking) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VSpherePlatformSpec. +func (in *VSpherePlatformSpec) DeepCopy() *VSpherePlatformSpec { + if in == nil { + return nil + } + out := new(VSpherePlatformSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VSpherePlatformStatus) DeepCopyInto(out *VSpherePlatformStatus) { + *out = *in + if in.APIServerInternalIPs != nil { + in, out := &in.APIServerInternalIPs, &out.APIServerInternalIPs + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.IngressIPs != nil { + in, out := &in.IngressIPs, &out.IngressIPs + *out = make([]string, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VSpherePlatformStatus. +func (in *VSpherePlatformStatus) DeepCopy() *VSpherePlatformStatus { + if in == nil { + return nil + } + out := new(VSpherePlatformStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VSpherePlatformTopology) DeepCopyInto(out *VSpherePlatformTopology) { + *out = *in + if in.Networks != nil { + in, out := &in.Networks, &out.Networks + *out = make([]string, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VSpherePlatformTopology. +func (in *VSpherePlatformTopology) DeepCopy() *VSpherePlatformTopology { + if in == nil { + return nil + } + out := new(VSpherePlatformTopology) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VSpherePlatformVCenterSpec) DeepCopyInto(out *VSpherePlatformVCenterSpec) { + *out = *in + if in.Datacenters != nil { + in, out := &in.Datacenters, &out.Datacenters + *out = make([]string, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VSpherePlatformVCenterSpec. +func (in *VSpherePlatformVCenterSpec) DeepCopy() *VSpherePlatformVCenterSpec { + if in == nil { + return nil + } + out := new(VSpherePlatformVCenterSpec) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *WebhookTokenAuthenticator) DeepCopyInto(out *WebhookTokenAuthenticator) { *out = *in diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go index 7e0abdd9b6..0f149c9900 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go @@ -181,6 +181,16 @@ func (LeaderElection) SwaggerDoc() map[string]string { return map_LeaderElection } +var map_MaxAgePolicy = map[string]string{ + "": "MaxAgePolicy contains a numeric range for specifying a compliant HSTS max-age for the enclosing RequiredHSTSPolicy", + "largestMaxAge": "The largest allowed value (in seconds) of the RequiredHSTSPolicy max-age This value can be left unspecified, in which case no upper limit is enforced.", + "smallestMaxAge": "The smallest allowed value (in seconds) of the RequiredHSTSPolicy max-age Setting max-age=0 allows the deletion of an existing HSTS header from a host. This is a necessary tool for administrators to quickly correct mistakes. This value can be left unspecified, in which case no lower limit is enforced.", +} + +func (MaxAgePolicy) SwaggerDoc() map[string]string { + return map_MaxAgePolicy +} + var map_NamedCertificate = map[string]string{ "": "NamedCertificate specifies a certificate/key, and the names it should be served for", "names": "Names is a list of DNS names this certificate should be used to secure A name can be a normal DNS name, or can contain leading wildcard segments.", @@ -200,6 +210,18 @@ func (RemoteConnectionInfo) SwaggerDoc() map[string]string { return map_RemoteConnectionInfo } +var map_RequiredHSTSPolicy = map[string]string{ + "namespaceSelector": "namespaceSelector specifies a label selector such that the policy applies only to those routes that are in namespaces with labels that match the selector, and are in one of the DomainPatterns. Defaults to the empty LabelSelector, which matches everything.", + "domainPatterns": "domainPatterns is a list of domains for which the desired HSTS annotations are required. If domainPatterns is specified and a route is created with a spec.host matching one of the domains, the route must specify the HSTS Policy components described in the matching RequiredHSTSPolicy.\n\nThe use of wildcards is allowed like this: *.foo.com matches everything under foo.com. foo.com only matches foo.com, so to cover foo.com and everything under it, you must specify *both*.", + "maxAge": "maxAge is the delta time range in seconds during which hosts are regarded as HSTS hosts. If set to 0, it negates the effect, and hosts are removed as HSTS hosts. If set to 0 and includeSubdomains is specified, all subdomains of the host are also removed as HSTS hosts. maxAge is a time-to-live value, and if this policy is not refreshed on a client, the HSTS policy will eventually expire on that client.", + "preloadPolicy": "preloadPolicy directs the client to include hosts in its host preload list so that it never needs to do an initial load to get the HSTS header (note that this is not defined in RFC 6797 and is therefore client implementation-dependent).", + "includeSubDomainsPolicy": "includeSubDomainsPolicy means the HSTS Policy should apply to any subdomains of the host's domain name. Thus, for the host bar.foo.com, if includeSubDomainsPolicy was set to RequireIncludeSubDomains: - the host app.bar.foo.com would inherit the HSTS Policy of bar.foo.com - the host bar.foo.com would inherit the HSTS Policy of bar.foo.com - the host foo.com would NOT inherit the HSTS Policy of bar.foo.com - the host def.foo.com would NOT inherit the HSTS Policy of bar.foo.com", +} + +func (RequiredHSTSPolicy) SwaggerDoc() map[string]string { + return map_RequiredHSTSPolicy +} + var map_SecretNameReference = map[string]string{ "": "SecretNameReference references a secret in a specific namespace. The namespace must be specified at the point of use.", "name": "name is the metadata.name of the referenced secret", @@ -244,13 +266,31 @@ func (StringSourceSpec) SwaggerDoc() map[string]string { } var map_APIServer = map[string]string{ - "": "APIServer holds configuration (like serving certificates, client CA and CORS domains) shared by all API servers in the system, among them especially kube-apiserver and openshift-apiserver. The canonical name of an instance is 'cluster'.", + "": "APIServer holds configuration (like serving certificates, client CA and CORS domains) shared by all API servers in the system, among them especially kube-apiserver and openshift-apiserver. The canonical name of an instance is 'cluster'.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "spec": "spec holds user settable values for configuration", + "status": "status holds observed values from the cluster. They may not be overridden.", } func (APIServer) SwaggerDoc() map[string]string { return map_APIServer } +var map_APIServerEncryption = map[string]string{ + "type": "type defines what encryption type should be used to encrypt resources at the datastore layer. When this field is unset (i.e. when it is set to the empty string), identity is implied. The behavior of unset can and will change over time. Even if encryption is enabled by default, the meaning of unset may change to a different encryption type based on changes in best practices.\n\nWhen encryption is enabled, all sensitive resources shipped with the platform are encrypted. This list of sensitive resources can and will change over time. The current authoritative list is:\n\n 1. secrets\n 2. configmaps\n 3. routes.route.openshift.io\n 4. oauthaccesstokens.oauth.openshift.io\n 5. oauthauthorizetokens.oauth.openshift.io", +} + +func (APIServerEncryption) SwaggerDoc() map[string]string { + return map_APIServerEncryption +} + +var map_APIServerList = map[string]string{ + "": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", +} + +func (APIServerList) SwaggerDoc() map[string]string { + return map_APIServerList +} + var map_APIServerNamedServingCert = map[string]string{ "": "APIServerNamedServingCert maps a server DNS name, as understood by a client, to a certificate.", "names": "names is a optional list of explicit DNS names (leading wildcards allowed) that should use this certificate to serve secure traffic. If no names are provided, the implicit names will be extracted from the certificates. Exact names trump over wildcard names. Explicit names defined here trump over extracted implicit names.", @@ -273,17 +313,38 @@ var map_APIServerSpec = map[string]string{ "servingCerts": "servingCert is the TLS cert info for serving secure traffic. If not specified, operator managed certificates will be used for serving secure traffic.", "clientCA": "clientCA references a ConfigMap containing a certificate bundle for the signers that will be recognized for incoming client certificates in addition to the operator managed signers. If this is empty, then only operator managed signers are valid. You usually only have to set this if you have your own PKI you wish to honor client certificates from. The ConfigMap must exist in the openshift-config namespace and contain the following required fields: - ConfigMap.Data[\"ca-bundle.crt\"] - CA bundle.", "additionalCORSAllowedOrigins": "additionalCORSAllowedOrigins lists additional, user-defined regular expressions describing hosts for which the API server allows access using the CORS headers. This may be needed to access the API and the integrated OAuth server from JavaScript applications. The values are regular expressions that correspond to the Golang regular expression language.", + "encryption": "encryption allows the configuration of encryption of resources at the datastore layer.", + "tlsSecurityProfile": "tlsSecurityProfile specifies settings for TLS connections for externally exposed servers.\n\nIf unset, a default (which may change between releases) is chosen. Note that only Old, Intermediate and Custom profiles are currently supported, and the maximum available MinTLSVersions is VersionTLS12.", + "audit": "audit specifies the settings for audit configuration to be applied to all OpenShift-provided API servers in the cluster.", } func (APIServerSpec) SwaggerDoc() map[string]string { return map_APIServerSpec } +var map_Audit = map[string]string{ + "profile": "profile specifies the name of the desired top-level audit profile to be applied to all requests sent to any of the OpenShift-provided API servers in the cluster (kube-apiserver, openshift-apiserver and oauth-apiserver), with the exception of those requests that match one or more of the customRules.\n\nThe following profiles are provided: - Default: default policy which means MetaData level logging with the exception of events\n (not logged at all), oauthaccesstokens and oauthauthorizetokens (both logged at RequestBody\n level).\n- WriteRequestBodies: like 'Default', but logs request and response HTTP payloads for write requests (create, update, patch). - AllRequestBodies: like 'WriteRequestBodies', but also logs request and response HTTP payloads for read requests (get, list). - None: no requests are logged at all, not even oauthaccesstokens and oauthauthorizetokens.\n\nWarning: It is not recommended to disable audit logging by using the `None` profile unless you are fully aware of the risks of not logging data that can be beneficial when troubleshooting issues. If you disable audit logging and a support situation arises, you might need to enable audit logging and reproduce the issue in order to troubleshoot properly.\n\nIf unset, the 'Default' profile is used as the default.", + "customRules": "customRules specify profiles per group. These profile take precedence over the top-level profile field if they apply. They are evaluation from top to bottom and the first one that matches, applies.", +} + +func (Audit) SwaggerDoc() map[string]string { + return map_Audit +} + +var map_AuditCustomRule = map[string]string{ + "": "AuditCustomRule describes a custom rule for an audit profile that takes precedence over the top-level profile.", + "group": "group is a name of group a request user must be member of in order to this profile to apply.", + "profile": "profile specifies the name of the desired audit policy configuration to be deployed to all OpenShift-provided API servers in the cluster.\n\nThe following profiles are provided: - Default: the existing default policy. - WriteRequestBodies: like 'Default', but logs request and response HTTP payloads for write requests (create, update, patch). - AllRequestBodies: like 'WriteRequestBodies', but also logs request and response HTTP payloads for read requests (get, list). - None: no requests are logged at all, not even oauthaccesstokens and oauthauthorizetokens.\n\nIf unset, the 'Default' profile is used as the default.", +} + +func (AuditCustomRule) SwaggerDoc() map[string]string { + return map_AuditCustomRule +} + var map_Authentication = map[string]string{ - "": "Authentication specifies cluster-wide settings for authentication (like OAuth and webhook token authenticators). The canonical name of an instance is `cluster`.", - "metadata": "Standard object's metadata.", - "spec": "spec holds user settable values for configuration", - "status": "status holds observed values from the cluster. They may not be overridden.", + "": "Authentication specifies cluster-wide settings for authentication (like OAuth and webhook token authenticators). The canonical name of an instance is `cluster`.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "spec": "spec holds user settable values for configuration", + "status": "status holds observed values from the cluster. They may not be overridden.", } func (Authentication) SwaggerDoc() map[string]string { @@ -291,7 +352,7 @@ func (Authentication) SwaggerDoc() map[string]string { } var map_AuthenticationList = map[string]string{ - "metadata": "Standard object's metadata.", + "": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", } func (AuthenticationList) SwaggerDoc() map[string]string { @@ -301,7 +362,9 @@ func (AuthenticationList) SwaggerDoc() map[string]string { var map_AuthenticationSpec = map[string]string{ "type": "type identifies the cluster managed, user facing authentication mode in use. Specifically, it manages the component that responds to login attempts. The default is IntegratedOAuth.", "oauthMetadata": "oauthMetadata contains the discovery endpoint data for OAuth 2.0 Authorization Server Metadata for an external OAuth server. This discovery document can be viewed from its served location: oc get --raw '/.well-known/oauth-authorization-server' For further details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 If oauthMetadata.name is non-empty, this value has precedence over any metadata reference stored in status. The key \"oauthMetadata\" is used to locate the data. If specified and the config map or expected key is not found, no metadata is served. If the specified metadata is not valid, no metadata is served. The namespace for this config map is openshift-config.", - "webhookTokenAuthenticators": "webhookTokenAuthenticators configures remote token reviewers. These remote authentication webhooks can be used to verify bearer tokens via the tokenreviews.authentication.k8s.io REST API. This is required to honor bearer tokens that are provisioned by an external authentication service. The namespace for these secrets is openshift-config.", + "webhookTokenAuthenticators": "webhookTokenAuthenticators is DEPRECATED, setting it has no effect.", + "webhookTokenAuthenticator": "webhookTokenAuthenticator configures a remote token reviewer. These remote authentication webhooks can be used to verify bearer tokens via the tokenreviews.authentication.k8s.io REST API. This is required to honor bearer tokens that are provisioned by an external authentication service.", + "serviceAccountIssuer": "serviceAccountIssuer is the identifier of the bound service account token issuer. The default is https://kubernetes.default.svc WARNING: Updating this field will not result in immediate invalidation of all bound tokens with the previous issuer value. Instead, the tokens issued by previous service account issuer will continue to be trusted for a time period chosen by the platform (currently set to 24h). This time period is subject to change over time. This allows internal components to transition to use new service account issuer without service distruption.", } func (AuthenticationSpec) SwaggerDoc() map[string]string { @@ -316,9 +379,18 @@ func (AuthenticationStatus) SwaggerDoc() map[string]string { return map_AuthenticationStatus } +var map_DeprecatedWebhookTokenAuthenticator = map[string]string{ + "": "deprecatedWebhookTokenAuthenticator holds the necessary configuration options for a remote token authenticator. It's the same as WebhookTokenAuthenticator but it's missing the 'required' validation on KubeConfig field.", + "kubeConfig": "kubeConfig contains kube config file data which describes how to access the remote webhook service. For further details, see: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication The key \"kubeConfig\" is used to locate the data. If the secret or expected key is not found, the webhook is not honored. If the specified kube config data is not valid, the webhook is not honored. The namespace for this secret is determined by the point of use.", +} + +func (DeprecatedWebhookTokenAuthenticator) SwaggerDoc() map[string]string { + return map_DeprecatedWebhookTokenAuthenticator +} + var map_WebhookTokenAuthenticator = map[string]string{ "": "webhookTokenAuthenticator holds the necessary configuration options for a remote token authenticator", - "kubeConfig": "kubeConfig contains kube config file data which describes how to access the remote webhook service. For further details, see: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication The key \"kubeConfig\" is used to locate the data. If the secret or expected key is not found, the webhook is not honored. If the specified kube config data is not valid, the webhook is not honored. The namespace for this secret is determined by the point of use.", + "kubeConfig": "kubeConfig references a secret that contains kube config file data which describes how to access the remote webhook service. The namespace for the referenced secret is openshift-config.\n\nFor further details, see:\n\nhttps://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication\n\nThe key \"kubeConfig\" is used to locate the data. If the secret or expected key is not found, the webhook is not honored. If the specified kube config data is not valid, the webhook is not honored.", } func (WebhookTokenAuthenticator) SwaggerDoc() map[string]string { @@ -326,7 +398,7 @@ func (WebhookTokenAuthenticator) SwaggerDoc() map[string]string { } var map_Build = map[string]string{ - "": "Build configures the behavior of OpenShift builds for the entire cluster. This includes default settings that can be overridden in BuildConfig objects, and overrides which are applied to all builds.\n\nThe canonical name is \"cluster\"", + "": "Build configures the behavior of OpenShift builds for the entire cluster. This includes default settings that can be overridden in BuildConfig objects, and overrides which are applied to all builds.\n\nThe canonical name is \"cluster\"\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "spec": "Spec holds user-settable values for the build controller configuration", } @@ -347,7 +419,7 @@ func (BuildDefaults) SwaggerDoc() map[string]string { } var map_BuildList = map[string]string{ - "metadata": "Standard object's metadata.", + "": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", } func (BuildList) SwaggerDoc() map[string]string { @@ -358,6 +430,7 @@ var map_BuildOverrides = map[string]string{ "imageLabels": "ImageLabels is a list of docker labels that are applied to the resulting image. If user provided a label in their Build/BuildConfig with the same name as one in this list, the user's label will be overwritten.", "nodeSelector": "NodeSelector is a selector which must be true for the build pod to fit on a node", "tolerations": "Tolerations is a list of Tolerations that will override any existing tolerations set on a build pod.", + "forcePull": "ForcePull overrides, if set, the equivalent value in the builds, i.e. false disables force pull for all builds, true enables force pull for all builds, independently of what each build specifies itself", } func (BuildOverrides) SwaggerDoc() map[string]string { @@ -384,9 +457,9 @@ func (ImageLabel) SwaggerDoc() map[string]string { } var map_ClusterOperator = map[string]string{ - "": "ClusterOperator is the Custom Resource object which holds the current state of an operator. This object is used by operators to convey their state to the rest of the cluster.", - "spec": "spec hold the intent of how this operator should behave.", - "status": "status holds the information about the state of an operator. It is consistent with status information across the kube ecosystem.", + "": "ClusterOperator is the Custom Resource object which holds the current state of an operator. This object is used by operators to convey their state to the rest of the cluster.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "spec": "spec holds configuration that could apply to any operator.", + "status": "status holds the information about the state of an operator. It is consistent with status information across the Kubernetes ecosystem.", } func (ClusterOperator) SwaggerDoc() map[string]string { @@ -394,7 +467,7 @@ func (ClusterOperator) SwaggerDoc() map[string]string { } var map_ClusterOperatorList = map[string]string{ - "": "ClusterOperatorList is a list of OperatorStatus resources.", + "": "ClusterOperatorList is a list of OperatorStatus resources.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", } func (ClusterOperatorList) SwaggerDoc() map[string]string { @@ -411,8 +484,8 @@ func (ClusterOperatorSpec) SwaggerDoc() map[string]string { var map_ClusterOperatorStatus = map[string]string{ "": "ClusterOperatorStatus provides information about the status of the operator.", - "conditions": "conditions describes the state of the operator's reconciliation functionality.", - "versions": "versions is a slice of operand version tuples. Operators which manage multiple operands will have multiple entries in the array. If an operator is Available, it must have at least one entry. You must report the version of the operator itself with the name \"operator\".", + "conditions": "conditions describes the state of the operator's managed and monitored components.", + "versions": "versions is a slice of operator and operand version tuples. Operators which manage multiple operands will have multiple operand entries in the array. Available operators must report the version of the operator itself with the name \"operator\". An operator reports a new \"operator\" version when it has rolled out the new version to all of its operands.", "relatedObjects": "relatedObjects is a list of objects that are \"interesting\" or related to this operator. Common uses are: 1. the detailed resource driving the operator 2. operator namespaces 3. operand namespaces", "extension": "extension contains any additional status information specific to the operator which owns this status object.", } @@ -422,12 +495,12 @@ func (ClusterOperatorStatus) SwaggerDoc() map[string]string { } var map_ClusterOperatorStatusCondition = map[string]string{ - "": "ClusterOperatorStatusCondition represents the state of the operator's reconciliation functionality.", - "type": "type specifies the state of the operator's reconciliation functionality.", + "": "ClusterOperatorStatusCondition represents the state of the operator's managed and monitored components.", + "type": "type specifies the aspect reported by this condition.", "status": "status of the condition, one of True, False, Unknown.", - "lastTransitionTime": "lastTransitionTime is the time of the last update to the current status object.", - "reason": "reason is the reason for the condition's last transition. Reasons are CamelCase", - "message": "message provides additional information about the current condition. This is only to be consumed by humans.", + "lastTransitionTime": "lastTransitionTime is the time of the last update to the current status property.", + "reason": "reason is the CamelCase reason for the condition's current status.", + "message": "message provides additional information about the current condition. This is only to be consumed by humans. It may contain Line Feed characters (U+000A), which should be rendered as new lines.", } func (ClusterOperatorStatusCondition) SwaggerDoc() map[string]string { @@ -448,15 +521,25 @@ func (ObjectReference) SwaggerDoc() map[string]string { var map_OperandVersion = map[string]string{ "name": "name is the name of the particular operand this version is for. It usually matches container images, not operators.", - "version": "version indicates which version of a particular operand is currently being manage. It must always match the Available condition. If 1.0.0 is Available, then this must indicate 1.0.0 even if the operator is trying to rollout 1.1.0", + "version": "version indicates which version of a particular operand is currently being managed. It must always match the Available operand. If 1.0.0 is Available, then this must indicate 1.0.0 even if the operator is trying to rollout 1.1.0", } func (OperandVersion) SwaggerDoc() map[string]string { return map_OperandVersion } +var map_ClusterCondition = map[string]string{ + "": "ClusterCondition is a union of typed cluster conditions. The 'type' property determines which of the type-specific properties are relevant. When evaluated on a cluster, the condition may match, not match, or fail to evaluate.", + "type": "type represents the cluster-condition type. This defines the members and semantics of any additional properties.", + "promql": "promQL represents a cluster condition based on PromQL.", +} + +func (ClusterCondition) SwaggerDoc() map[string]string { + return map_ClusterCondition +} + var map_ClusterVersion = map[string]string{ - "": "ClusterVersion is the configuration for the ClusterVersionOperator. This is where parameters related to automatic updates can be set.", + "": "ClusterVersion is the configuration for the ClusterVersionOperator. This is where parameters related to automatic updates can be set.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "spec": "spec is the desired state of the cluster version - the operator will work to ensure that the desired version is applied to the cluster.", "status": "status contains information about the available updates and any in-progress updates.", } @@ -465,8 +548,28 @@ func (ClusterVersion) SwaggerDoc() map[string]string { return map_ClusterVersion } +var map_ClusterVersionCapabilitiesSpec = map[string]string{ + "": "ClusterVersionCapabilitiesSpec selects the managed set of optional, core cluster components.", + "baselineCapabilitySet": "baselineCapabilitySet selects an initial set of optional capabilities to enable, which can be extended via additionalEnabledCapabilities. If unset, the cluster will choose a default, and the default may change over time. The current default is vCurrent.", + "additionalEnabledCapabilities": "additionalEnabledCapabilities extends the set of managed capabilities beyond the baseline defined in baselineCapabilitySet. The default is an empty set.", +} + +func (ClusterVersionCapabilitiesSpec) SwaggerDoc() map[string]string { + return map_ClusterVersionCapabilitiesSpec +} + +var map_ClusterVersionCapabilitiesStatus = map[string]string{ + "": "ClusterVersionCapabilitiesStatus describes the state of optional, core cluster components.", + "enabledCapabilities": "enabledCapabilities lists all the capabilities that are currently managed.", + "knownCapabilities": "knownCapabilities lists all the capabilities known to the current cluster.", +} + +func (ClusterVersionCapabilitiesStatus) SwaggerDoc() map[string]string { + return map_ClusterVersionCapabilitiesStatus +} + var map_ClusterVersionList = map[string]string{ - "": "ClusterVersionList is a list of ClusterVersion resources.", + "": "ClusterVersionList is a list of ClusterVersion resources.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", } func (ClusterVersionList) SwaggerDoc() map[string]string { @@ -476,9 +579,10 @@ func (ClusterVersionList) SwaggerDoc() map[string]string { var map_ClusterVersionSpec = map[string]string{ "": "ClusterVersionSpec is the desired version state of the cluster. It includes the version the cluster should be at, how the cluster is identified, and where the cluster should look for version updates.", "clusterID": "clusterID uniquely identifies this cluster. This is expected to be an RFC4122 UUID value (xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx in hexadecimal values). This is a required field.", - "desiredUpdate": "desiredUpdate is an optional field that indicates the desired value of the cluster version. Setting this value will trigger an upgrade (if the current version does not match the desired version). The set of recommended update values is listed as part of available updates in status, and setting values outside that range may cause the upgrade to fail. You may specify the version field without setting image if an update exists with that version in the availableUpdates or history.\n\nIf an upgrade fails the operator will halt and report status about the failing component. Setting the desired update value back to the previous version will cause a rollback to be attempted. Not all rollbacks will succeed.", + "desiredUpdate": "desiredUpdate is an optional field that indicates the desired value of the cluster version. Setting this value will trigger an upgrade (if the current version does not match the desired version). The set of recommended update values is listed as part of available updates in status, and setting values outside that range may cause the upgrade to fail.\n\nSome of the fields are inter-related with restrictions and meanings described here. 1. image is specified, version is specified, architecture is specified. API validation error. 2. image is specified, version is specified, architecture is not specified. You should not do this. version is silently ignored and image is used. 3. image is specified, version is not specified, architecture is specified. API validation error. 4. image is specified, version is not specified, architecture is not specified. image is used. 5. image is not specified, version is specified, architecture is specified. version and desired architecture are used to select an image. 6. image is not specified, version is specified, architecture is not specified. version and current architecture are used to select an image. 7. image is not specified, version is not specified, architecture is specified. API validation error. 8. image is not specified, version is not specified, architecture is not specified. API validation error.\n\nIf an upgrade fails the operator will halt and report status about the failing component. Setting the desired update value back to the previous version will cause a rollback to be attempted. Not all rollbacks will succeed.", "upstream": "upstream may be used to specify the preferred update server. By default it will use the appropriate update server for the cluster and region.", "channel": "channel is an identifier for explicitly requesting that a non-default set of updates be applied to this cluster. The default channel will be contain stable updates that are appropriate for production clusters.", + "capabilities": "capabilities configures the installation of optional, core cluster components. A null value here is identical to an empty object; see the child properties for default semantics.", "overrides": "overrides is list of overides for components that are managed by cluster version operator. Marking a component unmanaged will prevent the operator from creating or updating the object.", } @@ -490,10 +594,12 @@ var map_ClusterVersionStatus = map[string]string{ "": "ClusterVersionStatus reports the status of the cluster versioning, including any upgrades that are in progress. The current field will be set to whichever version the cluster is reconciling to, and the conditions array will report whether the update succeeded, is in progress, or is failing.", "desired": "desired is the version that the cluster is reconciling towards. If the cluster is not yet fully initialized desired will be set with the information available, which may be an image or a tag.", "history": "history contains a list of the most recent versions applied to the cluster. This value may be empty during cluster startup, and then will be updated when a new update is being applied. The newest update is first in the list and it is ordered by recency. Updates in the history have state Completed if the rollout completed - if an update was failing or halfway applied the state will be Partial. Only a limited amount of update history is preserved.", - "observedGeneration": "observedGeneration reports which version of the spec is being synced. If this value is not equal to metadata.generation, then the desired and conditions fields may represent from a previous version.", + "observedGeneration": "observedGeneration reports which version of the spec is being synced. If this value is not equal to metadata.generation, then the desired and conditions fields may represent a previous version.", "versionHash": "versionHash is a fingerprint of the content that the cluster will be updated with. It is used by the operator to avoid unnecessary work and is for internal use only.", + "capabilities": "capabilities describes the state of optional, core cluster components.", "conditions": "conditions provides information about the cluster version. The condition \"Available\" is set to true if the desiredUpdate has been reached. The condition \"Progressing\" is set to true if an update is being applied. The condition \"Degraded\" is set to true if an update is currently blocked by a temporary or permanent error. Conditions are only valid for the current desiredUpdate when metadata.generation is equal to status.generation.", - "availableUpdates": "availableUpdates contains the list of updates that are appropriate for this cluster. This list may be empty if no updates are recommended, if the update service is unavailable, or if an invalid channel has been specified.", + "availableUpdates": "availableUpdates contains updates recommended for this cluster. Updates which appear in conditionalUpdates but not in availableUpdates may expose this cluster to known issues. This list may be empty if no updates are recommended, if the update service is unavailable, or if an invalid channel has been specified.", + "conditionalUpdates": "conditionalUpdates contains the list of updates that may be recommended for this cluster if it meets specific required conditions. Consumers interested in the set of updates that are actually recommended for this cluster should use availableUpdates. This list may be empty if no updates are recommended, if the update service is unavailable, or if an empty or invalid channel has been specified.", } func (ClusterVersionStatus) SwaggerDoc() map[string]string { @@ -513,11 +619,56 @@ func (ComponentOverride) SwaggerDoc() map[string]string { return map_ComponentOverride } +var map_ConditionalUpdate = map[string]string{ + "": "ConditionalUpdate represents an update which is recommended to some clusters on the version the current cluster is reconciling, but which may not be recommended for the current cluster.", + "release": "release is the target of the update.", + "risks": "risks represents the range of issues associated with updating to the target release. The cluster-version operator will evaluate all entries, and only recommend the update if there is at least one entry and all entries recommend the update.", + "conditions": "conditions represents the observations of the conditional update's current status. Known types are: * Evaluating, for whether the cluster-version operator will attempt to evaluate any risks[].matchingRules. * Recommended, for whether the update is recommended for the current cluster.", +} + +func (ConditionalUpdate) SwaggerDoc() map[string]string { + return map_ConditionalUpdate +} + +var map_ConditionalUpdateRisk = map[string]string{ + "": "ConditionalUpdateRisk represents a reason and cluster-state for not recommending a conditional update.", + "url": "url contains information about this risk.", + "name": "name is the CamelCase reason for not recommending a conditional update, in the event that matchingRules match the cluster state.", + "message": "message provides additional information about the risk of updating, in the event that matchingRules match the cluster state. This is only to be consumed by humans. It may contain Line Feed characters (U+000A), which should be rendered as new lines.", + "matchingRules": "matchingRules is a slice of conditions for deciding which clusters match the risk and which do not. The slice is ordered by decreasing precedence. The cluster-version operator will walk the slice in order, and stop after the first it can successfully evaluate. If no condition can be successfully evaluated, the update will not be recommended.", +} + +func (ConditionalUpdateRisk) SwaggerDoc() map[string]string { + return map_ConditionalUpdateRisk +} + +var map_PromQLClusterCondition = map[string]string{ + "": "PromQLClusterCondition represents a cluster condition based on PromQL.", + "promql": "PromQL is a PromQL query classifying clusters. This query query should return a 1 in the match case and a 0 in the does-not-match case. Queries which return no time series, or which return values besides 0 or 1, are evaluation failures.", +} + +func (PromQLClusterCondition) SwaggerDoc() map[string]string { + return map_PromQLClusterCondition +} + +var map_Release = map[string]string{ + "": "Release represents an OpenShift release image and associated metadata.", + "version": "version is a semantic version identifying the update version. When this field is part of spec, version is optional if image is specified.", + "image": "image is a container image location that contains the update. When this field is part of spec, image is optional if version is specified and the availableUpdates field contains a matching version.", + "url": "url contains information about this release. This URL is set by the 'url' metadata property on a release or the metadata returned by the update API and should be displayed as a link in user interfaces. The URL field may not be set for test or nightly releases.", + "channels": "channels is the set of Cincinnati channels to which the release currently belongs.", +} + +func (Release) SwaggerDoc() map[string]string { + return map_Release +} + var map_Update = map[string]string{ - "": "Update represents a release of the ClusterVersionOperator, referenced by the Image member.", - "version": "version is a semantic versioning identifying the update version. When this field is part of spec, version is optional if image is specified.", - "image": "image is a container image location that contains the update. When this field is part of spec, image is optional if version is specified and the availableUpdates field contains a matching version.", - "force": "force allows an administrator to update to an image that has failed verification, does not appear in the availableUpdates list, or otherwise would be blocked by normal protections on update. This option should only be used when the authenticity of the provided image has been verified out of band because the provided image will run with full administrative access to the cluster. Do not use this flag with images that comes from unknown or potentially malicious sources.\n\nThis flag does not override other forms of consistency checking that are required before a new update is deployed.", + "": "Update represents an administrator update request.", + "architecture": "architecture is an optional field that indicates the desired value of the cluster architecture. In this context cluster architecture means either a single architecture or a multi architecture. architecture can only be set to Multi thereby only allowing updates from single to multi architecture. If architecture is set, image cannot be set and version must be set. Valid values are 'Multi' and empty.", + "version": "version is a semantic version identifying the update version. version is ignored if image is specified and required if architecture is specified.", + "image": "image is a container image location that contains the update. image should be used when the desired version does not exist in availableUpdates or history. When image is set, version is ignored. When image is set, version should be empty. When image is set, architecture cannot be specified.", + "force": "force allows an administrator to update to an image that has failed verification or upgradeable checks. This option should only be used when the authenticity of the provided image has been verified out of band because the provided image will run with full administrative access to the cluster. Do not use this flag with images that comes from unknown or potentially malicious sources.", } func (Update) SwaggerDoc() map[string]string { @@ -529,9 +680,10 @@ var map_UpdateHistory = map[string]string{ "state": "state reflects whether the update was fully applied. The Partial state indicates the update is not fully applied, while the Completed state indicates the update was successfully rolled out at least once (all parts of the update successfully applied).", "startedTime": "startedTime is the time at which the update was started.", "completionTime": "completionTime, if set, is when the update was fully applied. The update that is currently being applied will have a null completion time. Completion time will always be set for entries that are not the current update (usually to the started time of the next update).", - "version": "version is a semantic versioning identifying the update version. If the requested image does not define a version, or if a failure occurs retrieving the image, this value may be empty.", + "version": "version is a semantic version identifying the update version. If the requested image does not define a version, or if a failure occurs retrieving the image, this value may be empty.", "image": "image is a container image location that contains the update. This value is always populated.", - "verified": "verified indicates whether the provided update was properly verified before it was installed. If this is false the cluster may not be trusted.", + "verified": "verified indicates whether the provided update was properly verified before it was installed. If this is false the cluster may not be trusted. Verified does not cover upgradeable checks that depend on the cluster state at the time when the update target was accepted.", + "acceptedRisks": "acceptedRisks records risks which were accepted to initiate the update. For example, it may menition an Upgradeable=False or missing signature that was overriden via desiredUpdate.force, or an update that was initiated despite not being in the availableUpdates set of recommended update targets.", } func (UpdateHistory) SwaggerDoc() map[string]string { @@ -539,10 +691,9 @@ func (UpdateHistory) SwaggerDoc() map[string]string { } var map_Console = map[string]string{ - "": "Console holds cluster-wide configuration for the web console, including the logout URL, and reports the public URL of the console. The canonical name is `cluster`.", - "metadata": "Standard object's metadata.", - "spec": "spec holds user settable values for configuration", - "status": "status holds observed values from the cluster. They may not be overridden.", + "": "Console holds cluster-wide configuration for the web console, including the logout URL, and reports the public URL of the console. The canonical name is `cluster`.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "spec": "spec holds user settable values for configuration", + "status": "status holds observed values from the cluster. They may not be overridden.", } func (Console) SwaggerDoc() map[string]string { @@ -559,7 +710,7 @@ func (ConsoleAuthentication) SwaggerDoc() map[string]string { } var map_ConsoleList = map[string]string{ - "metadata": "Standard object's metadata.", + "": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", } func (ConsoleList) SwaggerDoc() map[string]string { @@ -584,10 +735,9 @@ func (ConsoleStatus) SwaggerDoc() map[string]string { } var map_DNS = map[string]string{ - "": "DNS holds cluster-wide information about DNS. The canonical name is `cluster`", - "metadata": "Standard object's metadata.", - "spec": "spec holds user settable values for configuration", - "status": "status holds observed values from the cluster. They may not be overridden.", + "": "DNS holds cluster-wide information about DNS. The canonical name is `cluster`\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "spec": "spec holds user settable values for configuration", + "status": "status holds observed values from the cluster. They may not be overridden.", } func (DNS) SwaggerDoc() map[string]string { @@ -595,7 +745,7 @@ func (DNS) SwaggerDoc() map[string]string { } var map_DNSList = map[string]string{ - "metadata": "Standard object's metadata.", + "": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", } func (DNSList) SwaggerDoc() map[string]string { @@ -632,10 +782,9 @@ func (CustomFeatureGates) SwaggerDoc() map[string]string { } var map_FeatureGate = map[string]string{ - "": "Feature holds cluster-wide information about feature gates. The canonical name is `cluster`", - "metadata": "Standard object's metadata.", - "spec": "spec holds user settable values for configuration", - "status": "status holds observed values from the cluster. They may not be overridden.", + "": "Feature holds cluster-wide information about feature gates. The canonical name is `cluster`\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "spec": "spec holds user settable values for configuration", + "status": "status holds observed values from the cluster. They may not be overridden.", } func (FeatureGate) SwaggerDoc() map[string]string { @@ -643,7 +792,7 @@ func (FeatureGate) SwaggerDoc() map[string]string { } var map_FeatureGateList = map[string]string{ - "metadata": "Standard object's metadata.", + "": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", } func (FeatureGateList) SwaggerDoc() map[string]string { @@ -660,10 +809,9 @@ func (FeatureGateSelection) SwaggerDoc() map[string]string { } var map_Image = map[string]string{ - "": "Image governs policies related to imagestream imports and runtime configuration for external registries. It allows cluster admins to configure which registries OpenShift is allowed to import images from, extra CA trust bundles for external registries, and policies to blacklist/whitelist registry hostnames. When exposing OpenShift's image registry to the public, this also lets cluster admins specify the external hostname.", - "metadata": "Standard object's metadata.", - "spec": "spec holds user settable values for configuration", - "status": "status holds observed values from the cluster. They may not be overridden.", + "": "Image governs policies related to imagestream imports and runtime configuration for external registries. It allows cluster admins to configure which registries OpenShift is allowed to import images from, extra CA trust bundles for external registries, and policies to block or allow registry hostnames. When exposing OpenShift's image registry to the public, this also lets cluster admins specify the external hostname.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "spec": "spec holds user settable values for configuration", + "status": "status holds observed values from the cluster. They may not be overridden.", } func (Image) SwaggerDoc() map[string]string { @@ -671,7 +819,7 @@ func (Image) SwaggerDoc() map[string]string { } var map_ImageList = map[string]string{ - "metadata": "Standard object's metadata.", + "": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", } func (ImageList) SwaggerDoc() map[string]string { @@ -709,45 +857,293 @@ func (RegistryLocation) SwaggerDoc() map[string]string { } var map_RegistrySources = map[string]string{ - "": "RegistrySources holds cluster-wide information about how to handle the registries config.", - "insecureRegistries": "insecureRegistries are registries which do not have a valid TLS certificates or only support HTTP connections.", - "blockedRegistries": "blockedRegistries are blacklisted from image pull/push. All other registries are allowed.\n\nOnly one of BlockedRegistries or AllowedRegistries may be set.", - "allowedRegistries": "allowedRegistries are whitelisted for image pull/push. All other registries are blocked.\n\nOnly one of BlockedRegistries or AllowedRegistries may be set.", + "": "RegistrySources holds cluster-wide information about how to handle the registries config.", + "insecureRegistries": "insecureRegistries are registries which do not have a valid TLS certificates or only support HTTP connections.", + "blockedRegistries": "blockedRegistries cannot be used for image pull and push actions. All other registries are permitted.\n\nOnly one of BlockedRegistries or AllowedRegistries may be set.", + "allowedRegistries": "allowedRegistries are the only registries permitted for image pull and push actions. All other registries are denied.\n\nOnly one of BlockedRegistries or AllowedRegistries may be set.", + "containerRuntimeSearchRegistries": "containerRuntimeSearchRegistries are registries that will be searched when pulling images that do not have fully qualified domains in their pull specs. Registries will be searched in the order provided in the list. Note: this search list only works with the container runtime, i.e CRI-O. Will NOT work with builds or imagestream imports.", } func (RegistrySources) SwaggerDoc() map[string]string { return map_RegistrySources } +var map_ImageContentPolicy = map[string]string{ + "": "ImageContentPolicy holds cluster-wide information about how to handle registry mirror rules. When multiple policies are defined, the outcome of the behavior is defined on each field.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "spec": "spec holds user settable values for configuration", +} + +func (ImageContentPolicy) SwaggerDoc() map[string]string { + return map_ImageContentPolicy +} + +var map_ImageContentPolicyList = map[string]string{ + "": "ImageContentPolicyList lists the items in the ImageContentPolicy CRD.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", +} + +func (ImageContentPolicyList) SwaggerDoc() map[string]string { + return map_ImageContentPolicyList +} + +var map_ImageContentPolicySpec = map[string]string{ + "": "ImageContentPolicySpec is the specification of the ImageContentPolicy CRD.", + "repositoryDigestMirrors": "repositoryDigestMirrors allows images referenced by image digests in pods to be pulled from alternative mirrored repository locations. The image pull specification provided to the pod will be compared to the source locations described in RepositoryDigestMirrors and the image may be pulled down from any of the mirrors in the list instead of the specified repository allowing administrators to choose a potentially faster mirror. To pull image from mirrors by tags, should set the \"allowMirrorByTags\".\n\nEach “source” repository is treated independently; configurations for different “source” repositories don’t interact.\n\nIf the \"mirrors\" is not specified, the image will continue to be pulled from the specified repository in the pull spec.\n\nWhen multiple policies are defined for the same “source” repository, the sets of defined mirrors will be merged together, preserving the relative order of the mirrors, if possible. For example, if policy A has mirrors `a, b, c` and policy B has mirrors `c, d, e`, the mirrors will be used in the order `a, b, c, d, e`. If the orders of mirror entries conflict (e.g. `a, b` vs. `b, a`) the configuration is not rejected but the resulting order is unspecified.", +} + +func (ImageContentPolicySpec) SwaggerDoc() map[string]string { + return map_ImageContentPolicySpec +} + +var map_RepositoryDigestMirrors = map[string]string{ + "": "RepositoryDigestMirrors holds cluster-wide information about how to handle mirrors in the registries config.", + "source": "source is the repository that users refer to, e.g. in image pull specifications.", + "allowMirrorByTags": "allowMirrorByTags if true, the mirrors can be used to pull the images that are referenced by their tags. Default is false, the mirrors only work when pulling the images that are referenced by their digests. Pulling images by tag can potentially yield different images, depending on which endpoint we pull from. Forcing digest-pulls for mirrors avoids that issue.", + "mirrors": "mirrors is zero or more repositories that may also contain the same images. If the \"mirrors\" is not specified, the image will continue to be pulled from the specified repository in the pull spec. No mirror will be configured. The order of mirrors in this list is treated as the user's desired priority, while source is by default considered lower priority than all mirrors. Other cluster configuration, including (but not limited to) other repositoryDigestMirrors objects, may impact the exact order mirrors are contacted in, or some mirrors may be contacted in parallel, so this should be considered a preference rather than a guarantee of ordering.", +} + +func (RepositoryDigestMirrors) SwaggerDoc() map[string]string { + return map_RepositoryDigestMirrors +} + +var map_ImageDigestMirrorSet = map[string]string{ + "": "ImageDigestMirrorSet holds cluster-wide information about how to handle registry mirror rules on using digest pull specification. When multiple policies are defined, the outcome of the behavior is defined on each field.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "spec": "spec holds user settable values for configuration", + "status": "status contains the observed state of the resource.", +} + +func (ImageDigestMirrorSet) SwaggerDoc() map[string]string { + return map_ImageDigestMirrorSet +} + +var map_ImageDigestMirrorSetList = map[string]string{ + "": "ImageDigestMirrorSetList lists the items in the ImageDigestMirrorSet CRD.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", +} + +func (ImageDigestMirrorSetList) SwaggerDoc() map[string]string { + return map_ImageDigestMirrorSetList +} + +var map_ImageDigestMirrorSetSpec = map[string]string{ + "": "ImageDigestMirrorSetSpec is the specification of the ImageDigestMirrorSet CRD.", + "imageDigestMirrors": "imageDigestMirrors allows images referenced by image digests in pods to be pulled from alternative mirrored repository locations. The image pull specification provided to the pod will be compared to the source locations described in imageDigestMirrors and the image may be pulled down from any of the mirrors in the list instead of the specified repository allowing administrators to choose a potentially faster mirror. To use mirrors to pull images using tag specification, users should configure a list of mirrors using \"ImageTagMirrorSet\" CRD.\n\nIf the image pull specification matches the repository of \"source\" in multiple imagedigestmirrorset objects, only the objects which define the most specific namespace match will be used. For example, if there are objects using quay.io/libpod and quay.io/libpod/busybox as the \"source\", only the objects using quay.io/libpod/busybox are going to apply for pull specification quay.io/libpod/busybox. Each “source” repository is treated independently; configurations for different “source” repositories don’t interact.\n\nIf the \"mirrors\" is not specified, the image will continue to be pulled from the specified repository in the pull spec.\n\nWhen multiple policies are defined for the same “source” repository, the sets of defined mirrors will be merged together, preserving the relative order of the mirrors, if possible. For example, if policy A has mirrors `a, b, c` and policy B has mirrors `c, d, e`, the mirrors will be used in the order `a, b, c, d, e`. If the orders of mirror entries conflict (e.g. `a, b` vs. `b, a`) the configuration is not rejected but the resulting order is unspecified. Users who want to use a specific order of mirrors, should configure them into one list of mirrors using the expected order.", +} + +func (ImageDigestMirrorSetSpec) SwaggerDoc() map[string]string { + return map_ImageDigestMirrorSetSpec +} + +var map_ImageDigestMirrors = map[string]string{ + "": "ImageDigestMirrors holds cluster-wide information about how to handle mirrors in the registries config.", + "source": "source matches the repository that users refer to, e.g. in image pull specifications. Setting source to a registry hostname e.g. docker.io. quay.io, or registry.redhat.io, will match the image pull specification of corressponding registry. \"source\" uses one of the following formats: host[:port] host[:port]/namespace[/namespace…] host[:port]/namespace[/namespace…]/repo [*.]host for more information about the format, see the document about the location field: https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md#choosing-a-registry-toml-table", + "mirrors": "mirrors is zero or more locations that may also contain the same images. No mirror will be configured if not specified. Images can be pulled from these mirrors only if they are referenced by their digests. The mirrored location is obtained by replacing the part of the input reference that matches source by the mirrors entry, e.g. for registry.redhat.io/product/repo reference, a (source, mirror) pair *.redhat.io, mirror.local/redhat causes a mirror.local/redhat/product/repo repository to be used. The order of mirrors in this list is treated as the user's desired priority, while source is by default considered lower priority than all mirrors. If no mirror is specified or all image pulls from the mirror list fail, the image will continue to be pulled from the repository in the pull spec unless explicitly prohibited by \"mirrorSourcePolicy\" Other cluster configuration, including (but not limited to) other imageDigestMirrors objects, may impact the exact order mirrors are contacted in, or some mirrors may be contacted in parallel, so this should be considered a preference rather than a guarantee of ordering. \"mirrors\" uses one of the following formats: host[:port] host[:port]/namespace[/namespace…] host[:port]/namespace[/namespace…]/repo for more information about the format, see the document about the location field: https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md#choosing-a-registry-toml-table", + "mirrorSourcePolicy": "mirrorSourcePolicy defines the fallback policy if fails to pull image from the mirrors. If unset, the image will continue to be pulled from the the repository in the pull spec. sourcePolicy is valid configuration only when one or more mirrors are in the mirror list.", +} + +func (ImageDigestMirrors) SwaggerDoc() map[string]string { + return map_ImageDigestMirrors +} + +var map_ImageTagMirrorSet = map[string]string{ + "": "ImageTagMirrorSet holds cluster-wide information about how to handle registry mirror rules on using tag pull specification. When multiple policies are defined, the outcome of the behavior is defined on each field.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "spec": "spec holds user settable values for configuration", + "status": "status contains the observed state of the resource.", +} + +func (ImageTagMirrorSet) SwaggerDoc() map[string]string { + return map_ImageTagMirrorSet +} + +var map_ImageTagMirrorSetList = map[string]string{ + "": "ImageTagMirrorSetList lists the items in the ImageTagMirrorSet CRD.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", +} + +func (ImageTagMirrorSetList) SwaggerDoc() map[string]string { + return map_ImageTagMirrorSetList +} + +var map_ImageTagMirrorSetSpec = map[string]string{ + "": "ImageTagMirrorSetSpec is the specification of the ImageTagMirrorSet CRD.", + "imageTagMirrors": "imageTagMirrors allows images referenced by image tags in pods to be pulled from alternative mirrored repository locations. The image pull specification provided to the pod will be compared to the source locations described in imageTagMirrors and the image may be pulled down from any of the mirrors in the list instead of the specified repository allowing administrators to choose a potentially faster mirror. To use mirrors to pull images using digest specification only, users should configure a list of mirrors using \"ImageDigestMirrorSet\" CRD.\n\nIf the image pull specification matches the repository of \"source\" in multiple imagetagmirrorset objects, only the objects which define the most specific namespace match will be used. For example, if there are objects using quay.io/libpod and quay.io/libpod/busybox as the \"source\", only the objects using quay.io/libpod/busybox are going to apply for pull specification quay.io/libpod/busybox. Each “source” repository is treated independently; configurations for different “source” repositories don’t interact.\n\nIf the \"mirrors\" is not specified, the image will continue to be pulled from the specified repository in the pull spec.\n\nWhen multiple policies are defined for the same “source” repository, the sets of defined mirrors will be merged together, preserving the relative order of the mirrors, if possible. For example, if policy A has mirrors `a, b, c` and policy B has mirrors `c, d, e`, the mirrors will be used in the order `a, b, c, d, e`. If the orders of mirror entries conflict (e.g. `a, b` vs. `b, a`) the configuration is not rejected but the resulting order is unspecified. Users who want to use a deterministic order of mirrors, should configure them into one list of mirrors using the expected order.", +} + +func (ImageTagMirrorSetSpec) SwaggerDoc() map[string]string { + return map_ImageTagMirrorSetSpec +} + +var map_ImageTagMirrors = map[string]string{ + "": "ImageTagMirrors holds cluster-wide information about how to handle mirrors in the registries config.", + "source": "source matches the repository that users refer to, e.g. in image pull specifications. Setting source to a registry hostname e.g. docker.io. quay.io, or registry.redhat.io, will match the image pull specification of corressponding registry. \"source\" uses one of the following formats: host[:port] host[:port]/namespace[/namespace…] host[:port]/namespace[/namespace…]/repo [*.]host for more information about the format, see the document about the location field: https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md#choosing-a-registry-toml-table", + "mirrors": "mirrors is zero or more locations that may also contain the same images. No mirror will be configured if not specified. Images can be pulled from these mirrors only if they are referenced by their tags. The mirrored location is obtained by replacing the part of the input reference that matches source by the mirrors entry, e.g. for registry.redhat.io/product/repo reference, a (source, mirror) pair *.redhat.io, mirror.local/redhat causes a mirror.local/redhat/product/repo repository to be used. Pulling images by tag can potentially yield different images, depending on which endpoint we pull from. Configuring a list of mirrors using \"ImageDigestMirrorSet\" CRD and forcing digest-pulls for mirrors avoids that issue. The order of mirrors in this list is treated as the user's desired priority, while source is by default considered lower priority than all mirrors. If no mirror is specified or all image pulls from the mirror list fail, the image will continue to be pulled from the repository in the pull spec unless explicitly prohibited by \"mirrorSourcePolicy\". Other cluster configuration, including (but not limited to) other imageTagMirrors objects, may impact the exact order mirrors are contacted in, or some mirrors may be contacted in parallel, so this should be considered a preference rather than a guarantee of ordering. \"mirrors\" uses one of the following formats: host[:port] host[:port]/namespace[/namespace…] host[:port]/namespace[/namespace…]/repo for more information about the format, see the document about the location field: https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md#choosing-a-registry-toml-table", + "mirrorSourcePolicy": "mirrorSourcePolicy defines the fallback policy if fails to pull image from the mirrors. If unset, the image will continue to be pulled from the repository in the pull spec. sourcePolicy is valid configuration only when one or more mirrors are in the mirror list.", +} + +func (ImageTagMirrors) SwaggerDoc() map[string]string { + return map_ImageTagMirrors +} + +var map_AWSPlatformSpec = map[string]string{ + "": "AWSPlatformSpec holds the desired state of the Amazon Web Services infrastructure provider. This only includes fields that can be modified in the cluster.", + "serviceEndpoints": "serviceEndpoints list contains custom endpoints which will override default service endpoint of AWS Services. There must be only one ServiceEndpoint for a service.", +} + +func (AWSPlatformSpec) SwaggerDoc() map[string]string { + return map_AWSPlatformSpec +} + var map_AWSPlatformStatus = map[string]string{ - "": "AWSPlatformStatus holds the current status of the Amazon Web Services infrastructure provider.", - "region": "region holds the default AWS region for new AWS resources created by the cluster.", + "": "AWSPlatformStatus holds the current status of the Amazon Web Services infrastructure provider.", + "region": "region holds the default AWS region for new AWS resources created by the cluster.", + "serviceEndpoints": "ServiceEndpoints list contains custom endpoints which will override default service endpoint of AWS Services. There must be only one ServiceEndpoint for a service.", + "resourceTags": "resourceTags is a list of additional tags to apply to AWS resources created for the cluster. See https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html for information on tagging AWS resources. AWS supports a maximum of 50 tags per resource. OpenShift reserves 25 tags for its use, leaving 25 tags available for the user.", } func (AWSPlatformStatus) SwaggerDoc() map[string]string { return map_AWSPlatformStatus } +var map_AWSResourceTag = map[string]string{ + "": "AWSResourceTag is a tag to apply to AWS resources created for the cluster.", + "key": "key is the key of the tag", + "value": "value is the value of the tag. Some AWS service do not support empty values. Since tags are added to resources in many services, the length of the tag value must meet the requirements of all services.", +} + +func (AWSResourceTag) SwaggerDoc() map[string]string { + return map_AWSResourceTag +} + +var map_AWSServiceEndpoint = map[string]string{ + "": "AWSServiceEndpoint store the configuration of a custom url to override existing defaults of AWS Services.", + "name": "name is the name of the AWS service. The list of all the service names can be found at https://docs.aws.amazon.com/general/latest/gr/aws-service-information.html This must be provided and cannot be empty.", + "url": "url is fully qualified URI with scheme https, that overrides the default generated endpoint for a client. This must be provided and cannot be empty.", +} + +func (AWSServiceEndpoint) SwaggerDoc() map[string]string { + return map_AWSServiceEndpoint +} + +var map_AlibabaCloudPlatformSpec = map[string]string{ + "": "AlibabaCloudPlatformSpec holds the desired state of the Alibaba Cloud infrastructure provider. This only includes fields that can be modified in the cluster.", +} + +func (AlibabaCloudPlatformSpec) SwaggerDoc() map[string]string { + return map_AlibabaCloudPlatformSpec +} + +var map_AlibabaCloudPlatformStatus = map[string]string{ + "": "AlibabaCloudPlatformStatus holds the current status of the Alibaba Cloud infrastructure provider.", + "region": "region specifies the region for Alibaba Cloud resources created for the cluster.", + "resourceGroupID": "resourceGroupID is the ID of the resource group for the cluster.", + "resourceTags": "resourceTags is a list of additional tags to apply to Alibaba Cloud resources created for the cluster.", +} + +func (AlibabaCloudPlatformStatus) SwaggerDoc() map[string]string { + return map_AlibabaCloudPlatformStatus +} + +var map_AlibabaCloudResourceTag = map[string]string{ + "": "AlibabaCloudResourceTag is the set of tags to add to apply to resources.", + "key": "key is the key of the tag.", + "value": "value is the value of the tag.", +} + +func (AlibabaCloudResourceTag) SwaggerDoc() map[string]string { + return map_AlibabaCloudResourceTag +} + +var map_AzurePlatformSpec = map[string]string{ + "": "AzurePlatformSpec holds the desired state of the Azure infrastructure provider. This only includes fields that can be modified in the cluster.", +} + +func (AzurePlatformSpec) SwaggerDoc() map[string]string { + return map_AzurePlatformSpec +} + var map_AzurePlatformStatus = map[string]string{ - "": "AzurePlatformStatus holds the current status of the Azure infrastructure provider.", - "resourceGroupName": "resourceGroupName is the Resource Group for new Azure resources created for the cluster.", + "": "AzurePlatformStatus holds the current status of the Azure infrastructure provider.", + "resourceGroupName": "resourceGroupName is the Resource Group for new Azure resources created for the cluster.", + "networkResourceGroupName": "networkResourceGroupName is the Resource Group for network resources like the Virtual Network and Subnets used by the cluster. If empty, the value is same as ResourceGroupName.", + "cloudName": "cloudName is the name of the Azure cloud environment which can be used to configure the Azure SDK with the appropriate Azure API endpoints. If empty, the value is equal to `AzurePublicCloud`.", + "armEndpoint": "armEndpoint specifies a URL to use for resource management in non-soverign clouds such as Azure Stack.", } func (AzurePlatformStatus) SwaggerDoc() map[string]string { return map_AzurePlatformStatus } +var map_BareMetalPlatformSpec = map[string]string{ + "": "BareMetalPlatformSpec holds the desired state of the BareMetal infrastructure provider. This only includes fields that can be modified in the cluster.", +} + +func (BareMetalPlatformSpec) SwaggerDoc() map[string]string { + return map_BareMetalPlatformSpec +} + var map_BareMetalPlatformStatus = map[string]string{ - "": "BareMetalPlatformStatus holds the current status of the BareMetal infrastructure provider.", - "apiServerInternalIP": "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers.", - "ingressIP": "ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names.", - "nodeDNSIP": "nodeDNSIP is the IP address for the internal DNS used by the nodes. Unlike the one managed by the DNS operator, `NodeDNSIP` provides name resolution for the nodes themselves. There is no DNS-as-a-service for BareMetal deployments. In order to minimize necessary changes to the datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames to the nodes in the cluster.", + "": "BareMetalPlatformStatus holds the current status of the BareMetal infrastructure provider. For more information about the network architecture used with the BareMetal platform type, see: https://github.com/openshift/installer/blob/master/docs/design/baremetal/networking-infrastructure.md", + "apiServerInternalIP": "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers.\n\nDeprecated: Use APIServerInternalIPs instead.", + "apiServerInternalIPs": "apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IPs otherwise only one.", + "ingressIP": "ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names.\n\nDeprecated: Use IngressIPs instead.", + "ingressIPs": "ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IPs otherwise only one.", + "nodeDNSIP": "nodeDNSIP is the IP address for the internal DNS used by the nodes. Unlike the one managed by the DNS operator, `NodeDNSIP` provides name resolution for the nodes themselves. There is no DNS-as-a-service for BareMetal deployments. In order to minimize necessary changes to the datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames to the nodes in the cluster.", } func (BareMetalPlatformStatus) SwaggerDoc() map[string]string { return map_BareMetalPlatformStatus } +var map_CloudControllerManagerSpec = map[string]string{ + "": "CloudControllerManagerSpec holds Cloud Controller Manager (a.k.a. CCM or CPI) related settings", + "state": "state determines whether or not an external Cloud Controller Manager is expected to be installed within the cluster. https://kubernetes.io/docs/tasks/administer-cluster/running-cloud-controller/#running-cloud-controller-manager\n\nWhen set to \"External\", new nodes will be tainted as uninitialized when created, preventing them from running workloads until they are initialized by the cloud controller manager. When omitted or set to \"None\", new nodes will be not tainted and no extra initialization from the cloud controller manager is expected.", +} + +func (CloudControllerManagerSpec) SwaggerDoc() map[string]string { + return map_CloudControllerManagerSpec +} + +var map_EquinixMetalPlatformSpec = map[string]string{ + "": "EquinixMetalPlatformSpec holds the desired state of the Equinix Metal infrastructure provider. This only includes fields that can be modified in the cluster.", +} + +func (EquinixMetalPlatformSpec) SwaggerDoc() map[string]string { + return map_EquinixMetalPlatformSpec +} + +var map_EquinixMetalPlatformStatus = map[string]string{ + "": "EquinixMetalPlatformStatus holds the current status of the Equinix Metal infrastructure provider.", + "apiServerInternalIP": "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers.", + "ingressIP": "ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names.", +} + +func (EquinixMetalPlatformStatus) SwaggerDoc() map[string]string { + return map_EquinixMetalPlatformStatus +} + +var map_ExternalPlatformSpec = map[string]string{ + "": "ExternalPlatformSpec holds the desired state for the generic External infrastructure provider.", + "platformName": "PlatformName holds the arbitrary string representing the infrastructure provider name, expected to be set at the installation time. This field is solely for informational and reporting purposes and is not expected to be used for decision-making.", + "cloudControllerManager": "CloudControllerManager contains settings specific to the external Cloud Controller Manager (a.k.a. CCM or CPI)", +} + +func (ExternalPlatformSpec) SwaggerDoc() map[string]string { + return map_ExternalPlatformSpec +} + +var map_ExternalPlatformStatus = map[string]string{ + "": "ExternalPlatformStatus holds the current status of the generic External infrastructure provider.", +} + +func (ExternalPlatformStatus) SwaggerDoc() map[string]string { + return map_ExternalPlatformStatus +} + +var map_GCPPlatformSpec = map[string]string{ + "": "GCPPlatformSpec holds the desired state of the Google Cloud Platform infrastructure provider. This only includes fields that can be modified in the cluster.", +} + +func (GCPPlatformSpec) SwaggerDoc() map[string]string { + return map_GCPPlatformSpec +} + var map_GCPPlatformStatus = map[string]string{ "": "GCPPlatformStatus holds the current status of the Google Cloud Platform infrastructure provider.", "projectID": "resourceGroupName is the Project ID for new GCP resources created for the cluster.", @@ -758,11 +1154,31 @@ func (GCPPlatformStatus) SwaggerDoc() map[string]string { return map_GCPPlatformStatus } +var map_IBMCloudPlatformSpec = map[string]string{ + "": "IBMCloudPlatformSpec holds the desired state of the IBMCloud infrastructure provider. This only includes fields that can be modified in the cluster.", +} + +func (IBMCloudPlatformSpec) SwaggerDoc() map[string]string { + return map_IBMCloudPlatformSpec +} + +var map_IBMCloudPlatformStatus = map[string]string{ + "": "IBMCloudPlatformStatus holds the current status of the IBMCloud infrastructure provider.", + "location": "Location is where the cluster has been deployed", + "resourceGroupName": "ResourceGroupName is the Resource Group for new IBMCloud resources created for the cluster.", + "providerType": "ProviderType indicates the type of cluster that was created", + "cisInstanceCRN": "CISInstanceCRN is the CRN of the Cloud Internet Services instance managing the DNS zone for the cluster's base domain", + "dnsInstanceCRN": "DNSInstanceCRN is the CRN of the DNS Services instance managing the DNS zone for the cluster's base domain", +} + +func (IBMCloudPlatformStatus) SwaggerDoc() map[string]string { + return map_IBMCloudPlatformStatus +} + var map_Infrastructure = map[string]string{ - "": "Infrastructure holds cluster-wide information about Infrastructure. The canonical name is `cluster`", - "metadata": "Standard object's metadata.", - "spec": "spec holds user settable values for configuration", - "status": "status holds observed values from the cluster. They may not be overridden.", + "": "Infrastructure holds cluster-wide information about Infrastructure. The canonical name is `cluster`\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "spec": "spec holds user settable values for configuration", + "status": "status holds observed values from the cluster. They may not be overridden.", } func (Infrastructure) SwaggerDoc() map[string]string { @@ -770,8 +1186,7 @@ func (Infrastructure) SwaggerDoc() map[string]string { } var map_InfrastructureList = map[string]string{ - "": "InfrastructureList is", - "metadata": "Standard object's metadata.", + "": "InfrastructureList is\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", } func (InfrastructureList) SwaggerDoc() map[string]string { @@ -779,8 +1194,9 @@ func (InfrastructureList) SwaggerDoc() map[string]string { } var map_InfrastructureSpec = map[string]string{ - "": "InfrastructureSpec contains settings that apply to the cluster infrastructure.", - "cloudConfig": "cloudConfig is a reference to a ConfigMap containing the cloud provider configuration file. This configuration file is used to configure the Kubernetes cloud provider integration when using the built-in cloud provider integration or the external cloud controller manager. The namespace for this config map is openshift-config.", + "": "InfrastructureSpec contains settings that apply to the cluster infrastructure.", + "cloudConfig": "cloudConfig is a reference to a ConfigMap containing the cloud provider configuration file. This configuration file is used to configure the Kubernetes cloud provider integration when using the built-in cloud provider integration or the external cloud controller manager. The namespace for this config map is openshift-config.\n\ncloudConfig should only be consumed by the kube_cloud_config controller. The controller is responsible for using the user configuration in the spec for various platforms and combining that with the user provided ConfigMap in this field to create a stitched kube cloud config. The controller generates a ConfigMap `kube-cloud-config` in `openshift-config-managed` namespace with the kube cloud config is stored in `cloud.conf` key. All the clients are expected to use the generated ConfigMap only.", + "platformSpec": "platformSpec holds desired information specific to the underlying infrastructure provider.", } func (InfrastructureSpec) SwaggerDoc() map[string]string { @@ -788,50 +1204,325 @@ func (InfrastructureSpec) SwaggerDoc() map[string]string { } var map_InfrastructureStatus = map[string]string{ - "": "InfrastructureStatus describes the infrastructure the cluster is leveraging.", - "infrastructureName": "infrastructureName uniquely identifies a cluster with a human friendly name. Once set it should not be changed. Must be of max length 27 and must have only alphanumeric or hyphen characters.", - "platform": "platform is the underlying infrastructure provider for the cluster.\n\nDeprecated: Use platformStatus.type instead.", - "platformStatus": "platformStatus holds status information specific to the underlying infrastructure provider.", - "etcdDiscoveryDomain": "etcdDiscoveryDomain is the domain used to fetch the SRV records for discovering etcd servers and clients. For more info: https://github.com/etcd-io/etcd/blob/329be66e8b3f9e2e6af83c123ff89297e49ebd15/Documentation/op-guide/clustering.md#dns-discovery", - "apiServerURL": "apiServerURL is a valid URI with scheme(http/https), address and port. apiServerURL can be used by components like the web console to tell users where to find the Kubernetes API.", - "apiServerInternalURI": "apiServerInternalURL is a valid URI with scheme(http/https), address and port. apiServerInternalURL can be used by components like kubelets, to contact the Kubernetes API server using the infrastructure provider rather than Kubernetes networking.", + "": "InfrastructureStatus describes the infrastructure the cluster is leveraging.", + "infrastructureName": "infrastructureName uniquely identifies a cluster with a human friendly name. Once set it should not be changed. Must be of max length 27 and must have only alphanumeric or hyphen characters.", + "platform": "platform is the underlying infrastructure provider for the cluster.\n\nDeprecated: Use platformStatus.type instead.", + "platformStatus": "platformStatus holds status information specific to the underlying infrastructure provider.", + "etcdDiscoveryDomain": "etcdDiscoveryDomain is the domain used to fetch the SRV records for discovering etcd servers and clients. For more info: https://github.com/etcd-io/etcd/blob/329be66e8b3f9e2e6af83c123ff89297e49ebd15/Documentation/op-guide/clustering.md#dns-discovery deprecated: as of 4.7, this field is no longer set or honored. It will be removed in a future release.", + "apiServerURL": "apiServerURL is a valid URI with scheme 'https', address and optionally a port (defaulting to 443). apiServerURL can be used by components like the web console to tell users where to find the Kubernetes API.", + "apiServerInternalURI": "apiServerInternalURL is a valid URI with scheme 'https', address and optionally a port (defaulting to 443). apiServerInternalURL can be used by components like kubelets, to contact the Kubernetes API server using the infrastructure provider rather than Kubernetes networking.", + "controlPlaneTopology": "controlPlaneTopology expresses the expectations for operands that normally run on control nodes. The default is 'HighlyAvailable', which represents the behavior operators have in a \"normal\" cluster. The 'SingleReplica' mode will be used in single-node deployments and the operators should not configure the operand for highly-available operation The 'External' mode indicates that the control plane is hosted externally to the cluster and that its components are not visible within the cluster.", + "infrastructureTopology": "infrastructureTopology expresses the expectations for infrastructure services that do not run on control plane nodes, usually indicated by a node selector for a `role` value other than `master`. The default is 'HighlyAvailable', which represents the behavior operators have in a \"normal\" cluster. The 'SingleReplica' mode will be used in single-node deployments and the operators should not configure the operand for highly-available operation NOTE: External topology mode is not applicable for this field.", } func (InfrastructureStatus) SwaggerDoc() map[string]string { return map_InfrastructureStatus } -var map_OpenStackPlatformStatus = map[string]string{ - "": "OpenStackPlatformStatus holds the current status of the OpenStack infrastructure provider.", +var map_KubevirtPlatformSpec = map[string]string{ + "": "KubevirtPlatformSpec holds the desired state of the kubevirt infrastructure provider. This only includes fields that can be modified in the cluster.", +} + +func (KubevirtPlatformSpec) SwaggerDoc() map[string]string { + return map_KubevirtPlatformSpec +} + +var map_KubevirtPlatformStatus = map[string]string{ + "": "KubevirtPlatformStatus holds the current status of the kubevirt infrastructure provider.", "apiServerInternalIP": "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers.", - "cloudName": "cloudName is the name of the desired OpenStack cloud in the client configuration file (`clouds.yaml`).", "ingressIP": "ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names.", - "nodeDNSIP": "nodeDNSIP is the IP address for the internal DNS used by the nodes. Unlike the one managed by the DNS operator, `NodeDNSIP` provides name resolution for the nodes themselves. There is no DNS-as-a-service for OpenStack deployments. In order to minimize necessary changes to the datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames to the nodes in the cluster.", +} + +func (KubevirtPlatformStatus) SwaggerDoc() map[string]string { + return map_KubevirtPlatformStatus +} + +var map_NutanixPlatformSpec = map[string]string{ + "": "NutanixPlatformSpec holds the desired state of the Nutanix infrastructure provider. This only includes fields that can be modified in the cluster.", + "prismCentral": "prismCentral holds the endpoint address and port to access the Nutanix Prism Central. When a cluster-wide proxy is installed, by default, this endpoint will be accessed via the proxy. Should you wish for communication with this endpoint not to be proxied, please add the endpoint to the proxy spec.noProxy list.", + "prismElements": "prismElements holds one or more endpoint address and port data to access the Nutanix Prism Elements (clusters) of the Nutanix Prism Central. Currently we only support one Prism Element (cluster) for an OpenShift cluster, where all the Nutanix resources (VMs, subnets, volumes, etc.) used in the OpenShift cluster are located. In the future, we may support Nutanix resources (VMs, etc.) spread over multiple Prism Elements (clusters) of the Prism Central.", +} + +func (NutanixPlatformSpec) SwaggerDoc() map[string]string { + return map_NutanixPlatformSpec +} + +var map_NutanixPlatformStatus = map[string]string{ + "": "NutanixPlatformStatus holds the current status of the Nutanix infrastructure provider.", + "apiServerInternalIP": "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers.\n\nDeprecated: Use APIServerInternalIPs instead.", + "apiServerInternalIPs": "apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IPs otherwise only one.", + "ingressIP": "ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names.\n\nDeprecated: Use IngressIPs instead.", + "ingressIPs": "ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IPs otherwise only one.", +} + +func (NutanixPlatformStatus) SwaggerDoc() map[string]string { + return map_NutanixPlatformStatus +} + +var map_NutanixPrismElementEndpoint = map[string]string{ + "": "NutanixPrismElementEndpoint holds the name and endpoint data for a Prism Element (cluster)", + "name": "name is the name of the Prism Element (cluster). This value will correspond with the cluster field configured on other resources (eg Machines, PVCs, etc).", + "endpoint": "endpoint holds the endpoint address and port data of the Prism Element (cluster). When a cluster-wide proxy is installed, by default, this endpoint will be accessed via the proxy. Should you wish for communication with this endpoint not to be proxied, please add the endpoint to the proxy spec.noProxy list.", +} + +func (NutanixPrismElementEndpoint) SwaggerDoc() map[string]string { + return map_NutanixPrismElementEndpoint +} + +var map_NutanixPrismEndpoint = map[string]string{ + "": "NutanixPrismEndpoint holds the endpoint address and port to access the Nutanix Prism Central or Element (cluster)", + "address": "address is the endpoint address (DNS name or IP address) of the Nutanix Prism Central or Element (cluster)", + "port": "port is the port number to access the Nutanix Prism Central or Element (cluster)", +} + +func (NutanixPrismEndpoint) SwaggerDoc() map[string]string { + return map_NutanixPrismEndpoint +} + +var map_OpenStackPlatformSpec = map[string]string{ + "": "OpenStackPlatformSpec holds the desired state of the OpenStack infrastructure provider. This only includes fields that can be modified in the cluster.", +} + +func (OpenStackPlatformSpec) SwaggerDoc() map[string]string { + return map_OpenStackPlatformSpec +} + +var map_OpenStackPlatformStatus = map[string]string{ + "": "OpenStackPlatformStatus holds the current status of the OpenStack infrastructure provider.", + "apiServerInternalIP": "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers.\n\nDeprecated: Use APIServerInternalIPs instead.", + "apiServerInternalIPs": "apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IPs otherwise only one.", + "cloudName": "cloudName is the name of the desired OpenStack cloud in the client configuration file (`clouds.yaml`).", + "ingressIP": "ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names.\n\nDeprecated: Use IngressIPs instead.", + "ingressIPs": "ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IPs otherwise only one.", + "nodeDNSIP": "nodeDNSIP is the IP address for the internal DNS used by the nodes. Unlike the one managed by the DNS operator, `NodeDNSIP` provides name resolution for the nodes themselves. There is no DNS-as-a-service for OpenStack deployments. In order to minimize necessary changes to the datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames to the nodes in the cluster.", } func (OpenStackPlatformStatus) SwaggerDoc() map[string]string { return map_OpenStackPlatformStatus } +var map_OvirtPlatformSpec = map[string]string{ + "": "OvirtPlatformSpec holds the desired state of the oVirt infrastructure provider. This only includes fields that can be modified in the cluster.", +} + +func (OvirtPlatformSpec) SwaggerDoc() map[string]string { + return map_OvirtPlatformSpec +} + +var map_OvirtPlatformStatus = map[string]string{ + "": "OvirtPlatformStatus holds the current status of the oVirt infrastructure provider.", + "apiServerInternalIP": "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers.\n\nDeprecated: Use APIServerInternalIPs instead.", + "apiServerInternalIPs": "apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IPs otherwise only one.", + "ingressIP": "ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names.\n\nDeprecated: Use IngressIPs instead.", + "ingressIPs": "ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IPs otherwise only one.", + "nodeDNSIP": "deprecated: as of 4.6, this field is no longer set or honored. It will be removed in a future release.", +} + +func (OvirtPlatformStatus) SwaggerDoc() map[string]string { + return map_OvirtPlatformStatus +} + +var map_PlatformSpec = map[string]string{ + "": "PlatformSpec holds the desired state specific to the underlying infrastructure provider of the current cluster. Since these are used at spec-level for the underlying cluster, it is supposed that only one of the spec structs is set.", + "type": "type is the underlying infrastructure provider for the cluster. This value controls whether infrastructure automation such as service load balancers, dynamic volume provisioning, machine creation and deletion, and other integrations are enabled. If None, no infrastructure automation is enabled. Allowed values are \"AWS\", \"Azure\", \"BareMetal\", \"GCP\", \"Libvirt\", \"OpenStack\", \"VSphere\", \"oVirt\", \"KubeVirt\", \"EquinixMetal\", \"PowerVS\", \"AlibabaCloud\", \"Nutanix\" and \"None\". Individual components may not support all platforms, and must handle unrecognized platforms as None if they do not support that platform.", + "aws": "AWS contains settings specific to the Amazon Web Services infrastructure provider.", + "azure": "Azure contains settings specific to the Azure infrastructure provider.", + "gcp": "GCP contains settings specific to the Google Cloud Platform infrastructure provider.", + "baremetal": "BareMetal contains settings specific to the BareMetal platform.", + "openstack": "OpenStack contains settings specific to the OpenStack infrastructure provider.", + "ovirt": "Ovirt contains settings specific to the oVirt infrastructure provider.", + "vsphere": "VSphere contains settings specific to the VSphere infrastructure provider.", + "ibmcloud": "IBMCloud contains settings specific to the IBMCloud infrastructure provider.", + "kubevirt": "Kubevirt contains settings specific to the kubevirt infrastructure provider.", + "equinixMetal": "EquinixMetal contains settings specific to the Equinix Metal infrastructure provider.", + "powervs": "PowerVS contains settings specific to the IBM Power Systems Virtual Servers infrastructure provider.", + "alibabaCloud": "AlibabaCloud contains settings specific to the Alibaba Cloud infrastructure provider.", + "nutanix": "Nutanix contains settings specific to the Nutanix infrastructure provider.", + "external": "ExternalPlatformType represents generic infrastructure provider. Platform-specific components should be supplemented separately.", +} + +func (PlatformSpec) SwaggerDoc() map[string]string { + return map_PlatformSpec +} + var map_PlatformStatus = map[string]string{ - "": "PlatformStatus holds the current status specific to the underlying infrastructure provider of the current cluster. Since these are used at status-level for the underlying cluster, it is supposed that only one of the status structs is set.", - "type": "type is the underlying infrastructure provider for the cluster. This value controls whether infrastructure automation such as service load balancers, dynamic volume provisioning, machine creation and deletion, and other integrations are enabled. If None, no infrastructure automation is enabled. Allowed values are \"AWS\", \"Azure\", \"BareMetal\", \"GCP\", \"Libvirt\", \"OpenStack\", \"VSphere\", \"oVirt\", and \"None\". Individual components may not support all platforms, and must handle unrecognized platforms as None if they do not support that platform.", - "aws": "AWS contains settings specific to the Amazon Web Services infrastructure provider.", - "azure": "Azure contains settings specific to the Azure infrastructure provider.", - "gcp": "GCP contains settings specific to the Google Cloud Platform infrastructure provider.", - "baremetal": "BareMetal contains settings specific to the BareMetal platform.", - "openstack": "OpenStack contains settings specific to the OpenStack infrastructure provider.", + "": "PlatformStatus holds the current status specific to the underlying infrastructure provider of the current cluster. Since these are used at status-level for the underlying cluster, it is supposed that only one of the status structs is set.", + "type": "type is the underlying infrastructure provider for the cluster. This value controls whether infrastructure automation such as service load balancers, dynamic volume provisioning, machine creation and deletion, and other integrations are enabled. If None, no infrastructure automation is enabled. Allowed values are \"AWS\", \"Azure\", \"BareMetal\", \"GCP\", \"Libvirt\", \"OpenStack\", \"VSphere\", \"oVirt\", \"EquinixMetal\", \"PowerVS\", \"AlibabaCloud\", \"Nutanix\" and \"None\". Individual components may not support all platforms, and must handle unrecognized platforms as None if they do not support that platform.\n\nThis value will be synced with to the `status.platform` and `status.platformStatus.type`. Currently this value cannot be changed once set.", + "aws": "AWS contains settings specific to the Amazon Web Services infrastructure provider.", + "azure": "Azure contains settings specific to the Azure infrastructure provider.", + "gcp": "GCP contains settings specific to the Google Cloud Platform infrastructure provider.", + "baremetal": "BareMetal contains settings specific to the BareMetal platform.", + "openstack": "OpenStack contains settings specific to the OpenStack infrastructure provider.", + "ovirt": "Ovirt contains settings specific to the oVirt infrastructure provider.", + "vsphere": "VSphere contains settings specific to the VSphere infrastructure provider.", + "ibmcloud": "IBMCloud contains settings specific to the IBMCloud infrastructure provider.", + "kubevirt": "Kubevirt contains settings specific to the kubevirt infrastructure provider.", + "equinixMetal": "EquinixMetal contains settings specific to the Equinix Metal infrastructure provider.", + "powervs": "PowerVS contains settings specific to the Power Systems Virtual Servers infrastructure provider.", + "alibabaCloud": "AlibabaCloud contains settings specific to the Alibaba Cloud infrastructure provider.", + "nutanix": "Nutanix contains settings specific to the Nutanix infrastructure provider.", + "external": "External contains settings specific to the generic External infrastructure provider.", } func (PlatformStatus) SwaggerDoc() map[string]string { return map_PlatformStatus } +var map_PowerVSPlatformSpec = map[string]string{ + "": "PowerVSPlatformSpec holds the desired state of the IBM Power Systems Virtual Servers infrastructure provider. This only includes fields that can be modified in the cluster.", + "serviceEndpoints": "serviceEndpoints is a list of custom endpoints which will override the default service endpoints of a Power VS service.", +} + +func (PowerVSPlatformSpec) SwaggerDoc() map[string]string { + return map_PowerVSPlatformSpec +} + +var map_PowerVSPlatformStatus = map[string]string{ + "": "PowerVSPlatformStatus holds the current status of the IBM Power Systems Virtual Servers infrastrucutre provider.", + "region": "region holds the default Power VS region for new Power VS resources created by the cluster.", + "zone": "zone holds the default zone for the new Power VS resources created by the cluster. Note: Currently only single-zone OCP clusters are supported", + "serviceEndpoints": "serviceEndpoints is a list of custom endpoints which will override the default service endpoints of a Power VS service.", + "cisInstanceCRN": "CISInstanceCRN is the CRN of the Cloud Internet Services instance managing the DNS zone for the cluster's base domain", + "dnsInstanceCRN": "DNSInstanceCRN is the CRN of the DNS Services instance managing the DNS zone for the cluster's base domain", +} + +func (PowerVSPlatformStatus) SwaggerDoc() map[string]string { + return map_PowerVSPlatformStatus +} + +var map_PowerVSServiceEndpoint = map[string]string{ + "": "PowervsServiceEndpoint stores the configuration of a custom url to override existing defaults of PowerVS Services.", + "name": "name is the name of the Power VS service. Few of the services are IAM - https://cloud.ibm.com/apidocs/iam-identity-token-api ResourceController - https://cloud.ibm.com/apidocs/resource-controller/resource-controller Power Cloud - https://cloud.ibm.com/apidocs/power-cloud", + "url": "url is fully qualified URI with scheme https, that overrides the default generated endpoint for a client. This must be provided and cannot be empty.", +} + +func (PowerVSServiceEndpoint) SwaggerDoc() map[string]string { + return map_PowerVSServiceEndpoint +} + +var map_VSpherePlatformFailureDomainSpec = map[string]string{ + "": "VSpherePlatformFailureDomainSpec holds the region and zone failure domain and the vCenter topology of that failure domain.", + "name": "name defines the arbitrary but unique name of a failure domain.", + "region": "region defines the name of a region tag that will be attached to a vCenter datacenter. The tag category in vCenter must be named openshift-region.", + "zone": "zone defines the name of a zone tag that will be attached to a vCenter cluster. The tag category in vCenter must be named openshift-zone.", + "server": "server is the fully-qualified domain name or the IP address of the vCenter server.", + "topology": "Topology describes a given failure domain using vSphere constructs", +} + +func (VSpherePlatformFailureDomainSpec) SwaggerDoc() map[string]string { + return map_VSpherePlatformFailureDomainSpec +} + +var map_VSpherePlatformNodeNetworking = map[string]string{ + "": "VSpherePlatformNodeNetworking holds the external and internal node networking spec.", + "external": "external represents the network configuration of the node that is externally routable.", + "internal": "internal represents the network configuration of the node that is routable only within the cluster.", +} + +func (VSpherePlatformNodeNetworking) SwaggerDoc() map[string]string { + return map_VSpherePlatformNodeNetworking +} + +var map_VSpherePlatformNodeNetworkingSpec = map[string]string{ + "": "VSpherePlatformNodeNetworkingSpec holds the network CIDR(s) and port group name for including and excluding IP ranges in the cloud provider. This would be used for example when multiple network adapters are attached to a guest to help determine which IP address the cloud config manager should use for the external and internal node networking.", + "networkSubnetCidr": "networkSubnetCidr IP address on VirtualMachine's network interfaces included in the fields' CIDRs that will be used in respective status.addresses fields.", + "network": "network VirtualMachine's VM Network names that will be used to when searching for status.addresses fields. Note that if internal.networkSubnetCIDR and external.networkSubnetCIDR are not set, then the vNIC associated to this network must only have a single IP address assigned to it. The available networks (port groups) can be listed using `govc ls 'network/*'`", + "excludeNetworkSubnetCidr": "excludeNetworkSubnetCidr IP addresses in subnet ranges will be excluded when selecting the IP address from the VirtualMachine's VM for use in the status.addresses fields.", +} + +func (VSpherePlatformNodeNetworkingSpec) SwaggerDoc() map[string]string { + return map_VSpherePlatformNodeNetworkingSpec +} + +var map_VSpherePlatformSpec = map[string]string{ + "": "VSpherePlatformSpec holds the desired state of the vSphere infrastructure provider. In the future the cloud provider operator, storage operator and machine operator will use these fields for configuration.", + "vcenters": "vcenters holds the connection details for services to communicate with vCenter. Currently, only a single vCenter is supported.", + "failureDomains": "failureDomains contains the definition of region, zone and the vCenter topology. If this is omitted failure domains (regions and zones) will not be used.", + "nodeNetworking": "nodeNetworking contains the definition of internal and external network constraints for assigning the node's networking. If this field is omitted, networking defaults to the legacy address selection behavior which is to only support a single address and return the first one found.", +} + +func (VSpherePlatformSpec) SwaggerDoc() map[string]string { + return map_VSpherePlatformSpec +} + +var map_VSpherePlatformStatus = map[string]string{ + "": "VSpherePlatformStatus holds the current status of the vSphere infrastructure provider.", + "apiServerInternalIP": "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers.\n\nDeprecated: Use APIServerInternalIPs instead.", + "apiServerInternalIPs": "apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IPs otherwise only one.", + "ingressIP": "ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names.\n\nDeprecated: Use IngressIPs instead.", + "ingressIPs": "ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IPs otherwise only one.", + "nodeDNSIP": "nodeDNSIP is the IP address for the internal DNS used by the nodes. Unlike the one managed by the DNS operator, `NodeDNSIP` provides name resolution for the nodes themselves. There is no DNS-as-a-service for vSphere deployments. In order to minimize necessary changes to the datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames to the nodes in the cluster.", +} + +func (VSpherePlatformStatus) SwaggerDoc() map[string]string { + return map_VSpherePlatformStatus +} + +var map_VSpherePlatformTopology = map[string]string{ + "": "VSpherePlatformTopology holds the required and optional vCenter objects - datacenter, computeCluster, networks, datastore and resourcePool - to provision virtual machines.", + "datacenter": "datacenter is the name of vCenter datacenter in which virtual machines will be located. The maximum length of the datacenter name is 80 characters.", + "computeCluster": "computeCluster the absolute path of the vCenter cluster in which virtual machine will be located. The absolute path is of the form //host/. The maximum length of the path is 2048 characters.", + "networks": "networks is the list of port group network names within this failure domain. Currently, we only support a single interface per RHCOS virtual machine. The available networks (port groups) can be listed using `govc ls 'network/*'` The single interface should be the absolute path of the form //network/.", + "datastore": "datastore is the absolute path of the datastore in which the virtual machine is located. The absolute path is of the form //datastore/ The maximum length of the path is 2048 characters.", + "resourcePool": "resourcePool is the absolute path of the resource pool where virtual machines will be created. The absolute path is of the form //host//Resources/. The maximum length of the path is 2048 characters.", + "folder": "folder is the absolute path of the folder where virtual machines are located. The absolute path is of the form //vm/. The maximum length of the path is 2048 characters.", +} + +func (VSpherePlatformTopology) SwaggerDoc() map[string]string { + return map_VSpherePlatformTopology +} + +var map_VSpherePlatformVCenterSpec = map[string]string{ + "": "VSpherePlatformVCenterSpec stores the vCenter connection fields. This is used by the vSphere CCM.", + "server": "server is the fully-qualified domain name or the IP address of the vCenter server.", + "port": "port is the TCP port that will be used to communicate to the vCenter endpoint. When omitted, this means the user has no opinion and it is up to the platform to choose a sensible default, which is subject to change over time.", + "datacenters": "The vCenter Datacenters in which the RHCOS vm guests are located. This field will be used by the Cloud Controller Manager. Each datacenter listed here should be used within a topology.", +} + +func (VSpherePlatformVCenterSpec) SwaggerDoc() map[string]string { + return map_VSpherePlatformVCenterSpec +} + +var map_AWSIngressSpec = map[string]string{ + "": "AWSIngressSpec holds the desired state of the Ingress for Amazon Web Services infrastructure provider. This only includes fields that can be modified in the cluster.", + "type": "type allows user to set a load balancer type. When this field is set the default ingresscontroller will get created using the specified LBType. If this field is not set then the default ingress controller of LBType Classic will be created. Valid values are:\n\n* \"Classic\": A Classic Load Balancer that makes routing decisions at either\n the transport layer (TCP/SSL) or the application layer (HTTP/HTTPS). See\n the following for additional details:\n\n https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#clb\n\n* \"NLB\": A Network Load Balancer that makes routing decisions at the\n transport layer (TCP/SSL). See the following for additional details:\n\n https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#nlb", +} + +func (AWSIngressSpec) SwaggerDoc() map[string]string { + return map_AWSIngressSpec +} + +var map_ComponentRouteSpec = map[string]string{ + "": "ComponentRouteSpec allows for configuration of a route's hostname and serving certificate.", + "namespace": "namespace is the namespace of the route to customize.\n\nThe namespace and name of this componentRoute must match a corresponding entry in the list of status.componentRoutes if the route is to be customized.", + "name": "name is the logical name of the route to customize.\n\nThe namespace and name of this componentRoute must match a corresponding entry in the list of status.componentRoutes if the route is to be customized.", + "hostname": "hostname is the hostname that should be used by the route.", + "servingCertKeyPairSecret": "servingCertKeyPairSecret is a reference to a secret of type `kubernetes.io/tls` in the openshift-config namespace. The serving cert/key pair must match and will be used by the operator to fulfill the intent of serving with this name. If the custom hostname uses the default routing suffix of the cluster, the Secret specification for a serving certificate will not be needed.", +} + +func (ComponentRouteSpec) SwaggerDoc() map[string]string { + return map_ComponentRouteSpec +} + +var map_ComponentRouteStatus = map[string]string{ + "": "ComponentRouteStatus contains information allowing configuration of a route's hostname and serving certificate.", + "namespace": "namespace is the namespace of the route to customize. It must be a real namespace. Using an actual namespace ensures that no two components will conflict and the same component can be installed multiple times.\n\nThe namespace and name of this componentRoute must match a corresponding entry in the list of spec.componentRoutes if the route is to be customized.", + "name": "name is the logical name of the route to customize. It does not have to be the actual name of a route resource but it cannot be renamed.\n\nThe namespace and name of this componentRoute must match a corresponding entry in the list of spec.componentRoutes if the route is to be customized.", + "defaultHostname": "defaultHostname is the hostname of this route prior to customization.", + "consumingUsers": "consumingUsers is a slice of ServiceAccounts that need to have read permission on the servingCertKeyPairSecret secret.", + "currentHostnames": "currentHostnames is the list of current names used by the route. Typically, this list should consist of a single hostname, but if multiple hostnames are supported by the route the operator may write multiple entries to this list.", + "conditions": "conditions are used to communicate the state of the componentRoutes entry.\n\nSupported conditions include Available, Degraded and Progressing.\n\nIf available is true, the content served by the route can be accessed by users. This includes cases where a default may continue to serve content while the customized route specified by the cluster-admin is being configured.\n\nIf Degraded is true, that means something has gone wrong trying to handle the componentRoutes entry. The currentHostnames field may or may not be in effect.\n\nIf Progressing is true, that means the component is taking some action related to the componentRoutes entry.", + "relatedObjects": "relatedObjects is a list of resources which are useful when debugging or inspecting how spec.componentRoutes is applied.", +} + +func (ComponentRouteStatus) SwaggerDoc() map[string]string { + return map_ComponentRouteStatus +} + var map_Ingress = map[string]string{ - "": "Ingress holds cluster-wide information about ingress, including the default ingress domain used for routes. The canonical name is `cluster`.", - "metadata": "Standard object's metadata.", - "spec": "spec holds user settable values for configuration", - "status": "status holds observed values from the cluster. They may not be overridden.", + "": "Ingress holds cluster-wide information about ingress, including the default ingress domain used for routes. The canonical name is `cluster`.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "spec": "spec holds user settable values for configuration", + "status": "status holds observed values from the cluster. They may not be overridden.", } func (Ingress) SwaggerDoc() map[string]string { @@ -839,25 +1530,56 @@ func (Ingress) SwaggerDoc() map[string]string { } var map_IngressList = map[string]string{ - "metadata": "Standard object's metadata.", + "": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", } func (IngressList) SwaggerDoc() map[string]string { return map_IngressList } +var map_IngressPlatformSpec = map[string]string{ + "": "IngressPlatformSpec holds the desired state of Ingress specific to the underlying infrastructure provider of the current cluster. Since these are used at spec-level for the underlying cluster, it is supposed that only one of the spec structs is set.", + "type": "type is the underlying infrastructure provider for the cluster. Allowed values are \"AWS\", \"Azure\", \"BareMetal\", \"GCP\", \"Libvirt\", \"OpenStack\", \"VSphere\", \"oVirt\", \"KubeVirt\", \"EquinixMetal\", \"PowerVS\", \"AlibabaCloud\", \"Nutanix\" and \"None\". Individual components may not support all platforms, and must handle unrecognized platforms as None if they do not support that platform.", + "aws": "aws contains settings specific to the Amazon Web Services infrastructure provider.", +} + +func (IngressPlatformSpec) SwaggerDoc() map[string]string { + return map_IngressPlatformSpec +} + var map_IngressSpec = map[string]string{ - "domain": "domain is used to generate a default host name for a route when the route's host name is empty. The generated host name will follow this pattern: \"..\".\n\nIt is also used as the default wildcard domain suffix for ingress. The default ingresscontroller domain will follow this pattern: \"*.\".\n\nOnce set, changing domain is not currently supported.", + "domain": "domain is used to generate a default host name for a route when the route's host name is empty. The generated host name will follow this pattern: \"..\".\n\nIt is also used as the default wildcard domain suffix for ingress. The default ingresscontroller domain will follow this pattern: \"*.\".\n\nOnce set, changing domain is not currently supported.", + "appsDomain": "appsDomain is an optional domain to use instead of the one specified in the domain field when a Route is created without specifying an explicit host. If appsDomain is nonempty, this value is used to generate default host values for Route. Unlike domain, appsDomain may be modified after installation. This assumes a new ingresscontroller has been setup with a wildcard certificate.", + "componentRoutes": "componentRoutes is an optional list of routes that are managed by OpenShift components that a cluster-admin is able to configure the hostname and serving certificate for. The namespace and name of each route in this list should match an existing entry in the status.componentRoutes list.\n\nTo determine the set of configurable Routes, look at namespace and name of entries in the .status.componentRoutes list, where participating operators write the status of configurable routes.", + "requiredHSTSPolicies": "requiredHSTSPolicies specifies HSTS policies that are required to be set on newly created or updated routes matching the domainPattern/s and namespaceSelector/s that are specified in the policy. Each requiredHSTSPolicy must have at least a domainPattern and a maxAge to validate a route HSTS Policy route annotation, and affect route admission.\n\nA candidate route is checked for HSTS Policies if it has the HSTS Policy route annotation: \"haproxy.router.openshift.io/hsts_header\" E.g. haproxy.router.openshift.io/hsts_header: max-age=31536000;preload;includeSubDomains\n\n- For each candidate route, if it matches a requiredHSTSPolicy domainPattern and optional namespaceSelector, then the maxAge, preloadPolicy, and includeSubdomainsPolicy must be valid to be admitted. Otherwise, the route is rejected. - The first match, by domainPattern and optional namespaceSelector, in the ordering of the RequiredHSTSPolicies determines the route's admission status. - If the candidate route doesn't match any requiredHSTSPolicy domainPattern and optional namespaceSelector, then it may use any HSTS Policy annotation.\n\nThe HSTS policy configuration may be changed after routes have already been created. An update to a previously admitted route may then fail if the updated route does not conform to the updated HSTS policy configuration. However, changing the HSTS policy configuration will not cause a route that is already admitted to stop working.\n\nNote that if there are no RequiredHSTSPolicies, any HSTS Policy annotation on the route is valid.", + "loadBalancer": "loadBalancer contains the load balancer details in general which are not only specific to the underlying infrastructure provider of the current cluster and are required for Ingress Controller to work on OpenShift.", } func (IngressSpec) SwaggerDoc() map[string]string { return map_IngressSpec } +var map_IngressStatus = map[string]string{ + "componentRoutes": "componentRoutes is where participating operators place the current route status for routes whose hostnames and serving certificates can be customized by the cluster-admin.", + "defaultPlacement": "defaultPlacement is set at installation time to control which nodes will host the ingress router pods by default. The options are control-plane nodes or worker nodes.\n\nThis field works by dictating how the Cluster Ingress Operator will consider unset replicas and nodePlacement fields in IngressController resources when creating the corresponding Deployments.\n\nSee the documentation for the IngressController replicas and nodePlacement fields for more information.\n\nWhen omitted, the default value is Workers", +} + +func (IngressStatus) SwaggerDoc() map[string]string { + return map_IngressStatus +} + +var map_LoadBalancer = map[string]string{ + "platform": "platform holds configuration specific to the underlying infrastructure provider for the ingress load balancers. When omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time.", +} + +func (LoadBalancer) SwaggerDoc() map[string]string { + return map_LoadBalancer +} + var map_ClusterNetworkEntry = map[string]string{ "": "ClusterNetworkEntry is a contiguous block of IP addresses from which pod IPs are allocated.", "cidr": "The complete block for pod IPs.", - "hostPrefix": "The size (prefix) of block to allocate to each node.", + "hostPrefix": "The size (prefix) of block to allocate to each node. If this field is not used by the plugin, it can be left unset.", } func (ClusterNetworkEntry) SwaggerDoc() map[string]string { @@ -884,11 +1606,30 @@ func (ExternalIPPolicy) SwaggerDoc() map[string]string { return map_ExternalIPPolicy } +var map_MTUMigration = map[string]string{ + "": "MTUMigration contains infomation about MTU migration.", + "network": "Network contains MTU migration configuration for the default network.", + "machine": "Machine contains MTU migration configuration for the machine's uplink.", +} + +func (MTUMigration) SwaggerDoc() map[string]string { + return map_MTUMigration +} + +var map_MTUMigrationValues = map[string]string{ + "": "MTUMigrationValues contains the values for a MTU migration.", + "to": "To is the MTU to migrate to.", + "from": "From is the MTU to migrate from.", +} + +func (MTUMigrationValues) SwaggerDoc() map[string]string { + return map_MTUMigrationValues +} + var map_Network = map[string]string{ - "": "Network holds cluster-wide information about Network. The canonical name is `cluster`. It is used to configure the desired network configuration, such as: IP address pools for services/pod IPs, network plugin, etc. Please view network.spec for an explanation on what applies when configuring this resource.", - "metadata": "Standard object's metadata.", - "spec": "spec holds user settable values for configuration. As a general rule, this SHOULD NOT be read directly. Instead, you should consume the NetworkStatus, as it indicates the currently deployed configuration. Currently, most spec fields are immutable after installation. Please view the individual ones for further details on each.", - "status": "status holds observed values from the cluster. They may not be overridden.", + "": "Network holds cluster-wide information about Network. The canonical name is `cluster`. It is used to configure the desired network configuration, such as: IP address pools for services/pod IPs, network plugin, etc. Please view network.spec for an explanation on what applies when configuring this resource.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "spec": "spec holds user settable values for configuration. As a general rule, this SHOULD NOT be read directly. Instead, you should consume the NetworkStatus, as it indicates the currently deployed configuration. Currently, most spec fields are immutable after installation. Please view the individual ones for further details on each.", + "status": "status holds observed values from the cluster. They may not be overridden.", } func (Network) SwaggerDoc() map[string]string { @@ -896,19 +1637,30 @@ func (Network) SwaggerDoc() map[string]string { } var map_NetworkList = map[string]string{ - "metadata": "Standard object's metadata.", + "": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", } func (NetworkList) SwaggerDoc() map[string]string { return map_NetworkList } +var map_NetworkMigration = map[string]string{ + "": "NetworkMigration represents the cluster network configuration.", + "networkType": "NetworkType is the target plugin that is to be deployed. Currently supported values are: OpenShiftSDN, OVNKubernetes", + "mtu": "MTU contains the MTU migration configuration.", +} + +func (NetworkMigration) SwaggerDoc() map[string]string { + return map_NetworkMigration +} + var map_NetworkSpec = map[string]string{ - "": "NetworkSpec is the desired network configuration. As a general rule, this SHOULD NOT be read directly. Instead, you should consume the NetworkStatus, as it indicates the currently deployed configuration. Currently, most spec fields are immutable after installation. Please view the individual ones for further details on each.", - "clusterNetwork": "IP address pool to use for pod IPs. This field is immutable after installation.", - "serviceNetwork": "IP address pool for services. Currently, we only support a single entry here. This field is immutable after installation.", - "networkType": "NetworkType is the plugin that is to be deployed (e.g. OpenShiftSDN). This should match a value that the cluster-network-operator understands, or else no networking will be installed. Currently supported values are: - OpenShiftSDN This field is immutable after installation.", - "externalIP": "externalIP defines configuration for controllers that affect Service.ExternalIP. If nil, then ExternalIP is not allowed to be set.", + "": "NetworkSpec is the desired network configuration. As a general rule, this SHOULD NOT be read directly. Instead, you should consume the NetworkStatus, as it indicates the currently deployed configuration. Currently, most spec fields are immutable after installation. Please view the individual ones for further details on each.", + "clusterNetwork": "IP address pool to use for pod IPs. This field is immutable after installation.", + "serviceNetwork": "IP address pool for services. Currently, we only support a single entry here. This field is immutable after installation.", + "networkType": "NetworkType is the plugin that is to be deployed (e.g. OpenShiftSDN). This should match a value that the cluster-network-operator understands, or else no networking will be installed. Currently supported values are: - OpenShiftSDN This field is immutable after installation.", + "externalIP": "externalIP defines configuration for controllers that affect Service.ExternalIP. If nil, then ExternalIP is not allowed to be set.", + "serviceNodePortRange": "The port range allowed for Services of type NodePort. If not specified, the default of 30000-32767 will be used. Such Services without a NodePort specified will have one automatically allocated from this range. This parameter can be updated after the cluster is installed.", } func (NetworkSpec) SwaggerDoc() map[string]string { @@ -921,12 +1673,40 @@ var map_NetworkStatus = map[string]string{ "serviceNetwork": "IP address pool for services. Currently, we only support a single entry here.", "networkType": "NetworkType is the plugin that is deployed (e.g. OpenShiftSDN).", "clusterNetworkMTU": "ClusterNetworkMTU is the MTU for inter-pod networking.", + "migration": "Migration contains the cluster network migration configuration.", } func (NetworkStatus) SwaggerDoc() map[string]string { return map_NetworkStatus } +var map_Node = map[string]string{ + "": "Node holds cluster-wide information about node specific features.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "spec": "spec holds user settable values for configuration", + "status": "status holds observed values.", +} + +func (Node) SwaggerDoc() map[string]string { + return map_Node +} + +var map_NodeList = map[string]string{ + "": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", +} + +func (NodeList) SwaggerDoc() map[string]string { + return map_NodeList +} + +var map_NodeSpec = map[string]string{ + "cgroupMode": "CgroupMode determines the cgroups version on the node", + "workerLatencyProfile": "WorkerLatencyProfile determins the how fast the kubelet is updating the status and corresponding reaction of the cluster", +} + +func (NodeSpec) SwaggerDoc() map[string]string { + return map_NodeSpec +} + var map_BasicAuthIdentityProvider = map[string]string{ "": "BasicAuthPasswordIdentityProvider provides identities for users authenticating using HTTP basic auth credentials", } @@ -1045,13 +1825,23 @@ func (LDAPIdentityProvider) SwaggerDoc() map[string]string { } var map_OAuth = map[string]string{ - "": "OAuth holds cluster-wide information about OAuth. The canonical name is `cluster`. It is used to configure the integrated OAuth server. This configuration is only honored when the top level Authentication config has type set to IntegratedOAuth.", + "": "OAuth holds cluster-wide information about OAuth. The canonical name is `cluster`. It is used to configure the integrated OAuth server. This configuration is only honored when the top level Authentication config has type set to IntegratedOAuth.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "spec": "spec holds user settable values for configuration", + "status": "status holds observed values from the cluster. They may not be overridden.", } func (OAuth) SwaggerDoc() map[string]string { return map_OAuth } +var map_OAuthList = map[string]string{ + "": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", +} + +func (OAuthList) SwaggerDoc() map[string]string { + return map_OAuthList +} + var map_OAuthRemoteConnectionInfo = map[string]string{ "": "OAuthRemoteConnectionInfo holds information necessary for establishing a remote connection", "url": "url is the remote URL to connect to", @@ -1099,6 +1889,7 @@ var map_OpenIDClaims = map[string]string{ "preferredUsername": "preferredUsername is the list of claims whose values should be used as the preferred username. If unspecified, the preferred username is determined from the value of the sub claim", "name": "name is the list of claims whose values should be used as the display name. Optional. If unspecified, no display name is set for the identity", "email": "email is the list of claims whose values should be used as the email address. Optional. If unspecified, no email is set for the identity", + "groups": "groups is the list of claims value of which should be used to synchronize groups from the OIDC provider to OpenShift for the user. If multiple claims are specified, the first one with a non-empty value is used.", } func (OpenIDClaims) SwaggerDoc() map[string]string { @@ -1139,7 +1930,8 @@ func (RequestHeaderIdentityProvider) SwaggerDoc() map[string]string { var map_TokenConfig = map[string]string{ "": "TokenConfig holds the necessary configuration options for authorization and access tokens", "accessTokenMaxAgeSeconds": "accessTokenMaxAgeSeconds defines the maximum age of access tokens", - "accessTokenInactivityTimeoutSeconds": "accessTokenInactivityTimeoutSeconds defines the default token inactivity timeout for tokens granted by any client. The value represents the maximum amount of time that can occur between consecutive uses of the token. Tokens become invalid if they are not used within this temporal window. The user will need to acquire a new token to regain access once a token times out. Valid values are integer values:\n x < 0 Tokens time out is enabled but tokens never timeout unless configured per client (e.g. `-1`)\n x = 0 Tokens time out is disabled (default)\n x > 0 Tokens time out if there is no activity for x seconds\nThe current minimum allowed value for X is 300 (5 minutes)", + "accessTokenInactivityTimeoutSeconds": "accessTokenInactivityTimeoutSeconds - DEPRECATED: setting this field has no effect.", + "accessTokenInactivityTimeout": "accessTokenInactivityTimeout defines the token inactivity timeout for tokens granted by any client. The value represents the maximum amount of time that can occur between consecutive uses of the token. Tokens become invalid if they are not used within this temporal window. The user will need to acquire a new token to regain access once a token times out. Takes valid time duration string such as \"5m\", \"1.5h\" or \"2h45m\". The minimum allowed value for duration is 300s (5 minutes). If the timeout is configured per client, then that value takes precedence. If the timeout value is not specified and the client does not override the value, then tokens are valid until their lifetime.\n\nWARNING: existing tokens' timeout will not be affected (lowered) by changing this value", } func (TokenConfig) SwaggerDoc() map[string]string { @@ -1167,7 +1959,7 @@ func (HubSourceStatus) SwaggerDoc() map[string]string { } var map_OperatorHub = map[string]string{ - "": "OperatorHub is the Schema for the operatorhubs API. It can be used to change the state of the default hub sources for OperatorHub on the cluster from enabled to disabled and vice versa.", + "": "OperatorHub is the Schema for the operatorhubs API. It can be used to change the state of the default hub sources for OperatorHub on the cluster from enabled to disabled and vice versa.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", } func (OperatorHub) SwaggerDoc() map[string]string { @@ -1175,7 +1967,7 @@ func (OperatorHub) SwaggerDoc() map[string]string { } var map_OperatorHubList = map[string]string{ - "": "OperatorHubList contains a list of OperatorHub", + "": "OperatorHubList contains a list of OperatorHub\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", } func (OperatorHubList) SwaggerDoc() map[string]string { @@ -1202,10 +1994,9 @@ func (OperatorHubStatus) SwaggerDoc() map[string]string { } var map_Project = map[string]string{ - "": "Project holds cluster-wide information about Project. The canonical name is `cluster`", - "metadata": "Standard object's metadata.", - "spec": "spec holds user settable values for configuration", - "status": "status holds observed values from the cluster. They may not be overridden.", + "": "Project holds cluster-wide information about Project. The canonical name is `cluster`\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "spec": "spec holds user settable values for configuration", + "status": "status holds observed values from the cluster. They may not be overridden.", } func (Project) SwaggerDoc() map[string]string { @@ -1213,7 +2004,7 @@ func (Project) SwaggerDoc() map[string]string { } var map_ProjectList = map[string]string{ - "metadata": "Standard object's metadata.", + "": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", } func (ProjectList) SwaggerDoc() map[string]string { @@ -1240,7 +2031,7 @@ func (TemplateReference) SwaggerDoc() map[string]string { } var map_Proxy = map[string]string{ - "": "Proxy holds cluster-wide information on how to configure default proxies for the cluster. The canonical name is `cluster`", + "": "Proxy holds cluster-wide information on how to configure default proxies for the cluster. The canonical name is `cluster`\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "spec": "Spec holds user-settable values for the proxy configuration", "status": "status holds observed values from the cluster. They may not be overridden.", } @@ -1250,7 +2041,7 @@ func (Proxy) SwaggerDoc() map[string]string { } var map_ProxyList = map[string]string{ - "metadata": "Standard object's metadata.", + "": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", } func (ProxyList) SwaggerDoc() map[string]string { @@ -1261,9 +2052,9 @@ var map_ProxySpec = map[string]string{ "": "ProxySpec contains cluster proxy creation configuration.", "httpProxy": "httpProxy is the URL of the proxy for HTTP requests. Empty means unset and will not result in an env var.", "httpsProxy": "httpsProxy is the URL of the proxy for HTTPS requests. Empty means unset and will not result in an env var.", - "noProxy": "noProxy is a comma-separated list of hostnames and/or CIDRs for which the proxy should not be used. Empty means unset and will not result in an env var.", + "noProxy": "noProxy is a comma-separated list of hostnames and/or CIDRs and/or IPs for which the proxy should not be used. Empty means unset and will not result in an env var.", "readinessEndpoints": "readinessEndpoints is a list of endpoints used to verify readiness of the proxy.", - "trustedCA": "trustedCA is a reference to a ConfigMap containing a CA certificate bundle used for client egress HTTPS connections. The certificate bundle must be from the CA that signed the proxy's certificate and be signed for everything. The trustedCA field should only be consumed by a proxy validator. The validator is responsible for reading the certificate bundle from required key \"ca-bundle.crt\" and copying it to a ConfigMap named \"trusted-ca-bundle\" in the \"openshift-config-managed\" namespace. The namespace for the ConfigMap referenced by trustedCA is \"openshift-config\". Here is an example ConfigMap (in yaml):\n\napiVersion: v1 kind: ConfigMap metadata:\n name: user-ca-bundle\n namespace: openshift-config\n data:\n ca-bundle.crt: |", + "trustedCA": "trustedCA is a reference to a ConfigMap containing a CA certificate bundle. The trustedCA field should only be consumed by a proxy validator. The validator is responsible for reading the certificate bundle from the required key \"ca-bundle.crt\", merging it with the system default trust bundle, and writing the merged trust bundle to a ConfigMap named \"trusted-ca-bundle\" in the \"openshift-config-managed\" namespace. Clients that expect to make proxy connections must use the trusted-ca-bundle for all HTTPS requests to the proxy, and may use the trusted-ca-bundle for non-proxy HTTPS requests as well.\n\nThe namespace for the ConfigMap referenced by trustedCA is \"openshift-config\". Here is an example ConfigMap (in yaml):\n\napiVersion: v1 kind: ConfigMap metadata:\n name: user-ca-bundle\n namespace: openshift-config\n data:\n ca-bundle.crt: |", } func (ProxySpec) SwaggerDoc() map[string]string { @@ -1282,10 +2073,9 @@ func (ProxyStatus) SwaggerDoc() map[string]string { } var map_Scheduler = map[string]string{ - "": "Scheduler holds cluster-wide config information to run the Kubernetes Scheduler and influence its placement decisions. The canonical name for this config is `cluster`.", - "metadata": "Standard object's metadata.", - "spec": "spec holds user settable values for configuration", - "status": "status holds observed values from the cluster. They may not be overridden.", + "": "Scheduler holds cluster-wide config information to run the Kubernetes Scheduler and influence its placement decisions. The canonical name for this config is `cluster`.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "spec": "spec holds user settable values for configuration", + "status": "status holds observed values from the cluster. They may not be overridden.", } func (Scheduler) SwaggerDoc() map[string]string { @@ -1293,7 +2083,7 @@ func (Scheduler) SwaggerDoc() map[string]string { } var map_SchedulerList = map[string]string{ - "metadata": "Standard object's metadata.", + "": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", } func (SchedulerList) SwaggerDoc() map[string]string { @@ -1301,8 +2091,9 @@ func (SchedulerList) SwaggerDoc() map[string]string { } var map_SchedulerSpec = map[string]string{ - "policy": "policy is a reference to a ConfigMap containing scheduler policy which has user specified predicates and priorities. If this ConfigMap is not available scheduler will default to use DefaultAlgorithmProvider. The namespace for this configmap is openshift-config.", - "defaultNodeSelector": "defaultNodeSelector helps set the cluster-wide default node selector to restrict pod placement to specific nodes. This is applied to the pods created in all namespaces without a specified nodeSelector value. For example, defaultNodeSelector: \"type=user-node,region=east\" would set nodeSelector field in pod spec to \"type=user-node,region=east\" to all pods created in all namespaces. Namespaces having project-wide node selectors won't be impacted even if this field is set. This adds an annotation section to the namespace. For example, if a new namespace is created with node-selector='type=user-node,region=east', the annotation openshift.io/node-selector: type=user-node,region=east gets added to the project. When the openshift.io/node-selector annotation is set on the project the value is used in preference to the value we are setting for defaultNodeSelector field. For instance, openshift.io/node-selector: \"type=user-node,region=west\" means that the default of \"type=user-node,region=east\" set in defaultNodeSelector would not be applied.", + "policy": "DEPRECATED: the scheduler Policy API has been deprecated and will be removed in a future release. policy is a reference to a ConfigMap containing scheduler policy which has user specified predicates and priorities. If this ConfigMap is not available scheduler will default to use DefaultAlgorithmProvider. The namespace for this configmap is openshift-config.", + "profile": "profile sets which scheduling profile should be set in order to configure scheduling decisions for new pods.\n\nValid values are \"LowNodeUtilization\", \"HighNodeUtilization\", \"NoScoring\" Defaults to \"LowNodeUtilization\"", + "defaultNodeSelector": "defaultNodeSelector helps set the cluster-wide default node selector to restrict pod placement to specific nodes. This is applied to the pods created in all namespaces and creates an intersection with any existing nodeSelectors already set on a pod, additionally constraining that pod's selector. For example, defaultNodeSelector: \"type=user-node,region=east\" would set nodeSelector field in pod spec to \"type=user-node,region=east\" to all pods created in all namespaces. Namespaces having project-wide node selectors won't be impacted even if this field is set. This adds an annotation section to the namespace. For example, if a new namespace is created with node-selector='type=user-node,region=east', the annotation openshift.io/node-selector: type=user-node,region=east gets added to the project. When the openshift.io/node-selector annotation is set on the project the value is used in preference to the value we are setting for defaultNodeSelector field. For instance, openshift.io/node-selector: \"type=user-node,region=west\" means that the default of \"type=user-node,region=east\" set in defaultNodeSelector would not be applied.", "mastersSchedulable": "MastersSchedulable allows masters nodes to be schedulable. When this flag is turned on, all the master nodes in the cluster will be made schedulable, so that workload pods can run on them. The default value for this field is false, meaning none of the master nodes are schedulable. Important Note: Once the workload pods start running on the master nodes, extreme care must be taken to ensure that cluster-critical control plane components are not impacted. Please turn on this field after doing due diligence.", } @@ -1310,4 +2101,59 @@ func (SchedulerSpec) SwaggerDoc() map[string]string { return map_SchedulerSpec } +var map_CustomTLSProfile = map[string]string{ + "": "CustomTLSProfile is a user-defined TLS security profile. Be extremely careful using a custom TLS profile as invalid configurations can be catastrophic.", +} + +func (CustomTLSProfile) SwaggerDoc() map[string]string { + return map_CustomTLSProfile +} + +var map_IntermediateTLSProfile = map[string]string{ + "": "IntermediateTLSProfile is a TLS security profile based on: https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28default.29", +} + +func (IntermediateTLSProfile) SwaggerDoc() map[string]string { + return map_IntermediateTLSProfile +} + +var map_ModernTLSProfile = map[string]string{ + "": "ModernTLSProfile is a TLS security profile based on: https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility", +} + +func (ModernTLSProfile) SwaggerDoc() map[string]string { + return map_ModernTLSProfile +} + +var map_OldTLSProfile = map[string]string{ + "": "OldTLSProfile is a TLS security profile based on: https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility", +} + +func (OldTLSProfile) SwaggerDoc() map[string]string { + return map_OldTLSProfile +} + +var map_TLSProfileSpec = map[string]string{ + "": "TLSProfileSpec is the desired behavior of a TLSSecurityProfile.", + "ciphers": "ciphers is used to specify the cipher algorithms that are negotiated during the TLS handshake. Operators may remove entries their operands do not support. For example, to use DES-CBC3-SHA (yaml):\n\n ciphers:\n - DES-CBC3-SHA", + "minTLSVersion": "minTLSVersion is used to specify the minimal version of the TLS protocol that is negotiated during the TLS handshake. For example, to use TLS versions 1.1, 1.2 and 1.3 (yaml):\n\n minTLSVersion: TLSv1.1\n\nNOTE: currently the highest minTLSVersion allowed is VersionTLS12", +} + +func (TLSProfileSpec) SwaggerDoc() map[string]string { + return map_TLSProfileSpec +} + +var map_TLSSecurityProfile = map[string]string{ + "": "TLSSecurityProfile defines the schema for a TLS security profile. This object is used by operators to apply TLS security settings to operands.", + "type": "type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. Old, Intermediate and Modern are TLS security profiles based on:\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations\n\nThe profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on precisely which ciphers are available to a process, the list may be reduced.\n\nNote that the Modern profile is currently not supported because it is not yet well adopted by common software libraries.", + "old": "old is a TLS security profile based on:\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility\n\nand looks like this (yaml):\n\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES256-GCM-SHA384\n - ECDHE-RSA-AES256-GCM-SHA384\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - DHE-RSA-AES128-GCM-SHA256\n - DHE-RSA-AES256-GCM-SHA384\n - DHE-RSA-CHACHA20-POLY1305\n - ECDHE-ECDSA-AES128-SHA256\n - ECDHE-RSA-AES128-SHA256\n - ECDHE-ECDSA-AES128-SHA\n - ECDHE-RSA-AES128-SHA\n - ECDHE-ECDSA-AES256-SHA384\n - ECDHE-RSA-AES256-SHA384\n - ECDHE-ECDSA-AES256-SHA\n - ECDHE-RSA-AES256-SHA\n - DHE-RSA-AES128-SHA256\n - DHE-RSA-AES256-SHA256\n - AES128-GCM-SHA256\n - AES256-GCM-SHA384\n - AES128-SHA256\n - AES256-SHA256\n - AES128-SHA\n - AES256-SHA\n - DES-CBC3-SHA\n minTLSVersion: TLSv1.0", + "intermediate": "intermediate is a TLS security profile based on:\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29\n\nand looks like this (yaml):\n\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES256-GCM-SHA384\n - ECDHE-RSA-AES256-GCM-SHA384\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - DHE-RSA-AES128-GCM-SHA256\n - DHE-RSA-AES256-GCM-SHA384\n minTLSVersion: TLSv1.2", + "modern": "modern is a TLS security profile based on:\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility\n\nand looks like this (yaml):\n\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n minTLSVersion: TLSv1.3\n\nNOTE: Currently unsupported.", + "custom": "custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic. An example custom profile looks like this:\n\n ciphers:\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n minTLSVersion: TLSv1.1", +} + +func (TLSSecurityProfile) SwaggerDoc() map[string]string { + return map_TLSSecurityProfile +} + // AUTO-GENERATED FUNCTIONS END HERE diff --git a/vendor/github.com/openshift/api/console/v1/0000_10_consoleclidownload.crd.yaml b/vendor/github.com/openshift/api/console/v1/0000_10_consoleclidownload.crd.yaml new file mode 100644 index 0000000000..4595ef4703 --- /dev/null +++ b/vendor/github.com/openshift/api/console/v1/0000_10_consoleclidownload.crd.yaml @@ -0,0 +1,77 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/481 + capability.openshift.io/name: Console + description: Extension for configuring openshift web console command line interface (CLI) downloads. + displayName: ConsoleCLIDownload + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" + name: consoleclidownloads.console.openshift.io +spec: + group: console.openshift.io + names: + kind: ConsoleCLIDownload + listKind: ConsoleCLIDownloadList + plural: consoleclidownloads + singular: consoleclidownload + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .spec.displayName + name: Display name + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: string + name: v1 + schema: + openAPIV3Schema: + description: "ConsoleCLIDownload is an extension for configuring openshift web console command line interface (CLI) downloads. \n Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer)." + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ConsoleCLIDownloadSpec is the desired cli download configuration. + type: object + required: + - description + - displayName + - links + properties: + description: + description: description is the description of the CLI download (can include markdown). + type: string + displayName: + description: displayName is the display name of the CLI download. + type: string + links: + description: links is a list of objects that provide CLI download link details. + type: array + items: + type: object + required: + - href + properties: + href: + description: href is the absolute secure URL for the link (must use https) + type: string + pattern: ^https:// + text: + description: text is the display text for the link + type: string + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/console/v1/0000_10_consoleexternalloglink.crd.yaml b/vendor/github.com/openshift/api/console/v1/0000_10_consoleexternalloglink.crd.yaml new file mode 100644 index 0000000000..21613efcb1 --- /dev/null +++ b/vendor/github.com/openshift/api/console/v1/0000_10_consoleexternalloglink.crd.yaml @@ -0,0 +1,68 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/481 + capability.openshift.io/name: Console + description: ConsoleExternalLogLink is an extension for customizing OpenShift web console log links. + displayName: ConsoleExternalLogLinks + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" + name: consoleexternalloglinks.console.openshift.io +spec: + group: console.openshift.io + names: + kind: ConsoleExternalLogLink + listKind: ConsoleExternalLogLinkList + plural: consoleexternalloglinks + singular: consoleexternalloglink + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .spec.text + name: Text + type: string + - jsonPath: .spec.hrefTemplate + name: HrefTemplate + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + description: "ConsoleExternalLogLink is an extension for customizing OpenShift web console log links. \n Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer)." + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ConsoleExternalLogLinkSpec is the desired log link configuration. The log link will appear on the logs tab of the pod details page. + type: object + required: + - hrefTemplate + - text + properties: + hrefTemplate: + description: "hrefTemplate is an absolute secure URL (must use https) for the log link including variables to be replaced. Variables are specified in the URL with the format ${variableName}, for instance, ${containerName} and will be replaced with the corresponding values from the resource. Resource is a pod. Supported variables are: - ${resourceName} - name of the resource which containes the logs - ${resourceUID} - UID of the resource which contains the logs - e.g. `11111111-2222-3333-4444-555555555555` - ${containerName} - name of the resource's container that contains the logs - ${resourceNamespace} - namespace of the resource that contains the logs - ${resourceNamespaceUID} - namespace UID of the resource that contains the logs - ${podLabels} - JSON representation of labels matching the pod with the logs - e.g. `{\"key1\":\"value1\",\"key2\":\"value2\"}` \n e.g., https://example.com/logs?resourceName=${resourceName}&containerName=${containerName}&resourceNamespace=${resourceNamespace}&podLabels=${podLabels}" + type: string + pattern: ^https:// + namespaceFilter: + description: namespaceFilter is a regular expression used to restrict a log link to a matching set of namespaces (e.g., `^openshift-`). The string is converted into a regular expression using the JavaScript RegExp constructor. If not specified, links will be displayed for all the namespaces. + type: string + text: + description: text is the display text for the link + type: string + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/console/v1/0000_10_consolelink.crd.yaml b/vendor/github.com/openshift/api/console/v1/0000_10_consolelink.crd.yaml new file mode 100644 index 0000000000..766ef66d9e --- /dev/null +++ b/vendor/github.com/openshift/api/console/v1/0000_10_consolelink.crd.yaml @@ -0,0 +1,125 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/481 + capability.openshift.io/name: Console + description: Extension for customizing OpenShift web console links + displayName: ConsoleLinks + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" + name: consolelinks.console.openshift.io +spec: + group: console.openshift.io + names: + kind: ConsoleLink + listKind: ConsoleLinkList + plural: consolelinks + singular: consolelink + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .spec.text + name: Text + type: string + - jsonPath: .spec.href + name: URL + type: string + - jsonPath: .spec.menu + name: Menu + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + description: "ConsoleLink is an extension for customizing OpenShift web console links. \n Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer)." + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ConsoleLinkSpec is the desired console link configuration. + type: object + required: + - href + - location + - text + properties: + applicationMenu: + description: applicationMenu holds information about section and icon used for the link in the application menu, and it is applicable only when location is set to ApplicationMenu. + type: object + required: + - section + properties: + imageURL: + description: imageUrl is the URL for the icon used in front of the link in the application menu. The URL must be an HTTPS URL or a Data URI. The image should be square and will be shown at 24x24 pixels. + type: string + section: + description: section is the section of the application menu in which the link should appear. This can be any text that will appear as a subheading in the application menu dropdown. A new section will be created if the text does not match text of an existing section. + type: string + href: + description: href is the absolute secure URL for the link (must use https) + type: string + pattern: ^https:// + location: + description: location determines which location in the console the link will be appended to (ApplicationMenu, HelpMenu, UserMenu, NamespaceDashboard). + type: string + pattern: ^(ApplicationMenu|HelpMenu|UserMenu|NamespaceDashboard)$ + namespaceDashboard: + description: namespaceDashboard holds information about namespaces in which the dashboard link should appear, and it is applicable only when location is set to NamespaceDashboard. If not specified, the link will appear in all namespaces. + type: object + properties: + namespaceSelector: + description: namespaceSelector is used to select the Namespaces that should contain dashboard link by label. If the namespace labels match, dashboard link will be shown for the namespaces. + type: object + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + type: array + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + type: object + required: + - key + - operator + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + type: array + items: + type: string + matchLabels: + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + additionalProperties: + type: string + x-kubernetes-map-type: atomic + namespaces: + description: namespaces is an array of namespace names in which the dashboard link should appear. + type: array + items: + type: string + text: + description: text is the display text for the link + type: string + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/console/v1/0000_10_consolenotification.crd.yaml b/vendor/github.com/openshift/api/console/v1/0000_10_consolenotification.crd.yaml new file mode 100644 index 0000000000..9206ebcbce --- /dev/null +++ b/vendor/github.com/openshift/api/console/v1/0000_10_consolenotification.crd.yaml @@ -0,0 +1,84 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/481 + capability.openshift.io/name: Console + description: Extension for configuring openshift web console notifications. + displayName: ConsoleNotification + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" + name: consolenotifications.console.openshift.io +spec: + group: console.openshift.io + names: + kind: ConsoleNotification + listKind: ConsoleNotificationList + plural: consolenotifications + singular: consolenotification + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .spec.text + name: Text + type: string + - jsonPath: .spec.location + name: Location + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + description: "ConsoleNotification is the extension for configuring openshift web console notifications. \n Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer)." + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ConsoleNotificationSpec is the desired console notification configuration. + type: object + required: + - text + properties: + backgroundColor: + description: backgroundColor is the color of the background for the notification as CSS data type color. + type: string + color: + description: color is the color of the text for the notification as CSS data type color. + type: string + link: + description: link is an object that holds notification link details. + type: object + required: + - href + - text + properties: + href: + description: href is the absolute secure URL for the link (must use https) + type: string + pattern: ^https:// + text: + description: text is the display text for the link + type: string + location: + description: 'location is the location of the notification in the console. Valid values are: "BannerTop", "BannerBottom", "BannerTopBottom".' + type: string + pattern: ^(BannerTop|BannerBottom|BannerTopBottom)$ + text: + description: text is the visible text of the notification. + type: string + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/console/v1/0000_10_consoleplugin.crd.yaml b/vendor/github.com/openshift/api/console/v1/0000_10_consoleplugin.crd.yaml new file mode 100644 index 0000000000..5734ebe0b6 --- /dev/null +++ b/vendor/github.com/openshift/api/console/v1/0000_10_consoleplugin.crd.yaml @@ -0,0 +1,294 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/1186 + capability.openshift.io/name: Console + description: Extension for configuring openshift web console plugins. + displayName: ConsolePlugin + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" + service.beta.openshift.io/inject-cabundle: "true" + name: consoleplugins.console.openshift.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: webhook + namespace: openshift-console-operator + path: /crdconvert + port: 9443 + conversionReviewVersions: + - v1 + - v1alpha1 + group: console.openshift.io + names: + kind: ConsolePlugin + listKind: ConsolePluginList + plural: consoleplugins + singular: consoleplugin + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: "ConsolePlugin is an extension for customizing OpenShift web console by dynamically loading code from another service running on the cluster. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." + type: object + required: + - metadata + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ConsolePluginSpec is the desired plugin configuration. + type: object + required: + - backend + - displayName + properties: + backend: + description: backend holds the configuration of backend which is serving console's plugin . + type: object + required: + - type + properties: + service: + description: service is a Kubernetes Service that exposes the plugin using a deployment with an HTTP server. The Service must use HTTPS and Service serving certificate. The console backend will proxy the plugins assets from the Service using the service CA bundle. + type: object + required: + - name + - namespace + - port + properties: + basePath: + description: basePath is the path to the plugin's assets. The primary asset it the manifest file called `plugin-manifest.json`, which is a JSON document that contains metadata about the plugin and the extensions. + type: string + default: / + maxLength: 256 + minLength: 1 + pattern: ^[a-zA-Z0-9.\-_~!$&'()*+,;=:@\/]*$ + name: + description: name of Service that is serving the plugin assets. + type: string + maxLength: 128 + minLength: 1 + namespace: + description: namespace of Service that is serving the plugin assets. + type: string + maxLength: 128 + minLength: 1 + port: + description: port on which the Service that is serving the plugin is listening to. + type: integer + format: int32 + maximum: 65535 + minimum: 1 + type: + description: "type is the backend type which servers the console's plugin. Currently only \"Service\" is supported. \n ---" + type: string + enum: + - Service + displayName: + description: displayName is the display name of the plugin. The dispalyName should be between 1 and 128 characters. + type: string + maxLength: 128 + minLength: 1 + i18n: + description: i18n is the configuration of plugin's localization resources. + type: object + required: + - loadType + properties: + loadType: + description: loadType indicates how the plugin's localization resource should be loaded. Valid values are Preload, Lazy and the empty string. When set to Preload, all localization resources are fetched when the plugin is loaded. When set to Lazy, localization resources are lazily loaded as and when they are required by the console. When omitted or set to the empty string, the behaviour is equivalent to Lazy type. + type: string + enum: + - Preload + - Lazy + - "" + proxy: + description: proxy is a list of proxies that describe various service type to which the plugin needs to connect to. + type: array + items: + description: ConsolePluginProxy holds information on various service types to which console's backend will proxy the plugin's requests. + type: object + required: + - alias + - endpoint + properties: + alias: + description: "alias is a proxy name that identifies the plugin's proxy. An alias name should be unique per plugin. The console backend exposes following proxy endpoint: \n /api/proxy/plugin///? \n Request example path: \n /api/proxy/plugin/acm/search/pods?namespace=openshift-apiserver" + type: string + maxLength: 128 + minLength: 1 + pattern: ^[A-Za-z0-9-_]+$ + authorization: + description: authorization provides information about authorization type, which the proxied request should contain + type: string + default: None + enum: + - UserToken + - None + caCertificate: + description: caCertificate provides the cert authority certificate contents, in case the proxied Service is using custom service CA. By default, the service CA bundle provided by the service-ca operator is used. + type: string + pattern: ^-----BEGIN CERTIFICATE-----([\s\S]*)-----END CERTIFICATE-----\s?$ + endpoint: + description: endpoint provides information about endpoint to which the request is proxied to. + type: object + required: + - type + properties: + service: + description: 'service is an in-cluster Service that the plugin will connect to. The Service must use HTTPS. The console backend exposes an endpoint in order to proxy communication between the plugin and the Service. Note: service field is required for now, since currently only "Service" type is supported.' + type: object + required: + - name + - namespace + - port + properties: + name: + description: name of Service that the plugin needs to connect to. + type: string + maxLength: 128 + minLength: 1 + namespace: + description: namespace of Service that the plugin needs to connect to + type: string + maxLength: 128 + minLength: 1 + port: + description: port on which the Service that the plugin needs to connect to is listening on. + type: integer + format: int32 + maximum: 65535 + minimum: 1 + type: + description: "type is the type of the console plugin's proxy. Currently only \"Service\" is supported. \n ---" + type: string + enum: + - Service + served: true + storage: false + - name: v1alpha1 + schema: + openAPIV3Schema: + description: "ConsolePlugin is an extension for customizing OpenShift web console by dynamically loading code from another service running on the cluster. \n Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support." + type: object + required: + - metadata + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ConsolePluginSpec is the desired plugin configuration. + type: object + required: + - service + properties: + displayName: + description: displayName is the display name of the plugin. + type: string + minLength: 1 + proxy: + description: proxy is a list of proxies that describe various service type to which the plugin needs to connect to. + type: array + items: + description: ConsolePluginProxy holds information on various service types to which console's backend will proxy the plugin's requests. + type: object + required: + - alias + - type + properties: + alias: + description: "alias is a proxy name that identifies the plugin's proxy. An alias name should be unique per plugin. The console backend exposes following proxy endpoint: \n /api/proxy/plugin///? \n Request example path: \n /api/proxy/plugin/acm/search/pods?namespace=openshift-apiserver" + type: string + maxLength: 128 + minLength: 1 + pattern: ^[A-Za-z0-9-_]+$ + authorize: + description: "authorize indicates if the proxied request should contain the logged-in user's OpenShift access token in the \"Authorization\" request header. For example: \n Authorization: Bearer sha256~kV46hPnEYhCWFnB85r5NrprAxggzgb6GOeLbgcKNsH0 \n By default the access token is not part of the proxied request." + type: boolean + default: false + caCertificate: + description: caCertificate provides the cert authority certificate contents, in case the proxied Service is using custom service CA. By default, the service CA bundle provided by the service-ca operator is used. + type: string + pattern: ^-----BEGIN CERTIFICATE-----([\s\S]*)-----END CERTIFICATE-----\s?$ + service: + description: 'service is an in-cluster Service that the plugin will connect to. The Service must use HTTPS. The console backend exposes an endpoint in order to proxy communication between the plugin and the Service. Note: service field is required for now, since currently only "Service" type is supported.' + type: object + required: + - name + - namespace + - port + properties: + name: + description: name of Service that the plugin needs to connect to. + type: string + maxLength: 128 + minLength: 1 + namespace: + description: namespace of Service that the plugin needs to connect to + type: string + maxLength: 128 + minLength: 1 + port: + description: port on which the Service that the plugin needs to connect to is listening on. + type: integer + format: int32 + maximum: 65535 + minimum: 1 + type: + description: type is the type of the console plugin's proxy. Currently only "Service" is supported. + type: string + pattern: ^(Service)$ + service: + description: service is a Kubernetes Service that exposes the plugin using a deployment with an HTTP server. The Service must use HTTPS and Service serving certificate. The console backend will proxy the plugins assets from the Service using the service CA bundle. + type: object + required: + - basePath + - name + - namespace + - port + properties: + basePath: + description: basePath is the path to the plugin's assets. The primary asset it the manifest file called `plugin-manifest.json`, which is a JSON document that contains metadata about the plugin and the extensions. + type: string + default: / + minLength: 1 + pattern: ^/ + name: + description: name of Service that is serving the plugin assets. + type: string + maxLength: 128 + minLength: 1 + namespace: + description: namespace of Service that is serving the plugin assets. + type: string + maxLength: 128 + minLength: 1 + port: + description: port on which the Service that is serving the plugin is listening to. + type: integer + format: int32 + maximum: 65535 + minimum: 1 + served: true + storage: true diff --git a/vendor/github.com/openshift/api/console/v1/0000_10_consolequickstart.crd.yaml b/vendor/github.com/openshift/api/console/v1/0000_10_consolequickstart.crd.yaml new file mode 100644 index 0000000000..c2670d9a8c --- /dev/null +++ b/vendor/github.com/openshift/api/console/v1/0000_10_consolequickstart.crd.yaml @@ -0,0 +1,165 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/750 + capability.openshift.io/name: Console + description: Extension for guiding user through various workflows in the OpenShift web console. + displayName: ConsoleQuickStart + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" + name: consolequickstarts.console.openshift.io +spec: + group: console.openshift.io + names: + kind: ConsoleQuickStart + listKind: ConsoleQuickStartList + plural: consolequickstarts + singular: consolequickstart + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: "ConsoleQuickStart is an extension for guiding user through various workflows in the OpenShift web console. \n Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer)." + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ConsoleQuickStartSpec is the desired quick start configuration. + type: object + required: + - description + - displayName + - durationMinutes + - introduction + - tasks + properties: + accessReviewResources: + description: accessReviewResources contains a list of resources that the user's access will be reviewed against in order for the user to complete the Quick Start. The Quick Start will be hidden if any of the access reviews fail. + type: array + items: + description: ResourceAttributes includes the authorization attributes available for resource requests to the Authorizer interface + type: object + properties: + group: + description: Group is the API Group of the Resource. "*" means all. + type: string + name: + description: Name is the name of the resource being requested for a "get" or deleted for a "delete". "" (empty) means all. + type: string + namespace: + description: Namespace is the namespace of the action being requested. Currently, there is no distinction between no namespace and all namespaces "" (empty) is defaulted for LocalSubjectAccessReviews "" (empty) is empty for cluster-scoped resources "" (empty) means "all" for namespace scoped resources from a SubjectAccessReview or SelfSubjectAccessReview + type: string + resource: + description: Resource is one of the existing resource types. "*" means all. + type: string + subresource: + description: Subresource is one of the existing resource types. "" means none. + type: string + verb: + description: 'Verb is a kubernetes resource API verb, like: get, list, watch, create, update, delete, proxy. "*" means all.' + type: string + version: + description: Version is the API Version of the Resource. "*" means all. + type: string + conclusion: + description: conclusion sums up the Quick Start and suggests the possible next steps. (includes markdown) + type: string + description: + description: description is the description of the Quick Start. (includes markdown) + type: string + maxLength: 256 + minLength: 1 + displayName: + description: displayName is the display name of the Quick Start. + type: string + minLength: 1 + durationMinutes: + description: durationMinutes describes approximately how many minutes it will take to complete the Quick Start. + type: integer + minimum: 1 + icon: + description: icon is a base64 encoded image that will be displayed beside the Quick Start display name. The icon should be an vector image for easy scaling. The size of the icon should be 40x40. + type: string + introduction: + description: introduction describes the purpose of the Quick Start. (includes markdown) + type: string + minLength: 1 + nextQuickStart: + description: nextQuickStart is a list of the following Quick Starts, suggested for the user to try. + type: array + items: + type: string + prerequisites: + description: prerequisites contains all prerequisites that need to be met before taking a Quick Start. (includes markdown) + type: array + items: + type: string + tags: + description: tags is a list of strings that describe the Quick Start. + type: array + items: + type: string + tasks: + description: tasks is the list of steps the user has to perform to complete the Quick Start. + type: array + minItems: 1 + items: + description: ConsoleQuickStartTask is a single step in a Quick Start. + type: object + required: + - description + - title + properties: + description: + description: description describes the steps needed to complete the task. (includes markdown) + type: string + minLength: 1 + review: + description: review contains instructions to validate the task is complete. The user will select 'Yes' or 'No'. using a radio button, which indicates whether the step was completed successfully. + type: object + required: + - failedTaskHelp + - instructions + properties: + failedTaskHelp: + description: failedTaskHelp contains suggestions for a failed task review and is shown at the end of task. (includes markdown) + type: string + minLength: 1 + instructions: + description: instructions contains steps that user needs to take in order to validate his work after going through a task. (includes markdown) + type: string + minLength: 1 + summary: + description: summary contains information about the passed step. + type: object + required: + - failed + - success + properties: + failed: + description: failed briefly describes the unsuccessfully passed task. (includes markdown) + type: string + maxLength: 128 + minLength: 1 + success: + description: success describes the succesfully passed task. + type: string + minLength: 1 + title: + description: title describes the task and is displayed as a step heading. + type: string + minLength: 1 + served: true + storage: true diff --git a/vendor/github.com/openshift/api/console/v1/0000_10_consoleyamlsample.crd.yaml b/vendor/github.com/openshift/api/console/v1/0000_10_consoleyamlsample.crd.yaml new file mode 100644 index 0000000000..c9bebdfb1c --- /dev/null +++ b/vendor/github.com/openshift/api/console/v1/0000_10_consoleyamlsample.crd.yaml @@ -0,0 +1,74 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/481 + capability.openshift.io/name: Console + description: Extension for configuring openshift web console YAML samples. + displayName: ConsoleYAMLSample + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" + name: consoleyamlsamples.console.openshift.io +spec: + group: console.openshift.io + names: + kind: ConsoleYAMLSample + listKind: ConsoleYAMLSampleList + plural: consoleyamlsamples + singular: consoleyamlsample + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: "ConsoleYAMLSample is an extension for customizing OpenShift web console YAML samples. \n Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer)." + type: object + required: + - metadata + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ConsoleYAMLSampleSpec is the desired YAML sample configuration. Samples will appear with their descriptions in a samples sidebar when creating a resources in the web console. + type: object + required: + - description + - targetResource + - title + - yaml + properties: + description: + description: description of the YAML sample. + type: string + pattern: ^(.|\s)*\S(.|\s)*$ + snippet: + description: snippet indicates that the YAML sample is not the full YAML resource definition, but a fragment that can be inserted into the existing YAML document at the user's cursor. + type: boolean + targetResource: + description: targetResource contains apiVersion and kind of the resource YAML sample is representating. + type: object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + title: + description: title of the YAML sample. + type: string + pattern: ^(.|\s)*\S(.|\s)*$ + yaml: + description: yaml is the YAML sample to display. + type: string + pattern: ^(.|\s)*\S(.|\s)*$ + served: true + storage: true diff --git a/vendor/github.com/openshift/api/console/v1/Makefile b/vendor/github.com/openshift/api/console/v1/Makefile new file mode 100644 index 0000000000..8c350e0a4a --- /dev/null +++ b/vendor/github.com/openshift/api/console/v1/Makefile @@ -0,0 +1,3 @@ +.PHONY: test +test: + make -C ../../tests test GINKGO_EXTRA_ARGS=--focus="console.openshift.io/v1" diff --git a/vendor/github.com/openshift/api/console/v1/register.go b/vendor/github.com/openshift/api/console/v1/register.go index 98363daa3e..bed83f7395 100644 --- a/vendor/github.com/openshift/api/console/v1/register.go +++ b/vendor/github.com/openshift/api/console/v1/register.go @@ -39,6 +39,12 @@ func addKnownTypes(scheme *runtime.Scheme) error { &ConsoleNotificationList{}, &ConsoleExternalLogLink{}, &ConsoleExternalLogLinkList{}, + &ConsoleYAMLSample{}, + &ConsoleYAMLSampleList{}, + &ConsoleQuickStart{}, + &ConsoleQuickStartList{}, + &ConsolePlugin{}, + &ConsolePluginList{}, ) metav1.AddToGroupVersion(scheme, GroupVersion) return nil diff --git a/vendor/github.com/openshift/api/console/v1/stable.consoleclidownload.testsuite.yaml b/vendor/github.com/openshift/api/console/v1/stable.consoleclidownload.testsuite.yaml new file mode 100644 index 0000000000..0f1b27db92 --- /dev/null +++ b/vendor/github.com/openshift/api/console/v1/stable.consoleclidownload.testsuite.yaml @@ -0,0 +1,20 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "[Stable] ConsoleCLIDownload" +crd: 0000_10_consoleclidownload.crd.yaml +tests: + onCreate: + - name: Should be able to create a minimal ConsoleCLIDownload + initial: | + apiVersion: console.openshift.io/v1 + kind: ConsoleCLIDownload + spec: + description: foo + displayName: foo + links: [] + expected: | + apiVersion: console.openshift.io/v1 + kind: ConsoleCLIDownload + spec: + description: foo + displayName: foo + links: [] diff --git a/vendor/github.com/openshift/api/console/v1/stable.consoleexternalloglink.testsuite.yaml b/vendor/github.com/openshift/api/console/v1/stable.consoleexternalloglink.testsuite.yaml new file mode 100644 index 0000000000..76846597f9 --- /dev/null +++ b/vendor/github.com/openshift/api/console/v1/stable.consoleexternalloglink.testsuite.yaml @@ -0,0 +1,18 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "[Stable] ConsoleExternalLogLink" +crd: 0000_10_consoleexternalloglink.crd.yaml +tests: + onCreate: + - name: Should be able to create a minimal ConsoleExternalLogLink + initial: | + apiVersion: console.openshift.io/v1 + kind: ConsoleExternalLogLink + spec: + text: foo + hrefTemplate: "https://" + expected: | + apiVersion: console.openshift.io/v1 + kind: ConsoleExternalLogLink + spec: + text: foo + hrefTemplate: "https://" diff --git a/vendor/github.com/openshift/api/console/v1/stable.consolelink.testsuite.yaml b/vendor/github.com/openshift/api/console/v1/stable.consolelink.testsuite.yaml new file mode 100644 index 0000000000..9ab5596427 --- /dev/null +++ b/vendor/github.com/openshift/api/console/v1/stable.consolelink.testsuite.yaml @@ -0,0 +1,20 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "[Stable] ConsoleLink" +crd: 0000_10_consolelink.crd.yaml +tests: + onCreate: + - name: Should be able to create a minimal ConsoleLink + initial: | + apiVersion: console.openshift.io/v1 + kind: ConsoleLink + spec: + href: "https://" + location: HelpMenu + text: foo + expected: | + apiVersion: console.openshift.io/v1 + kind: ConsoleLink + spec: + href: "https://" + location: HelpMenu + text: foo diff --git a/vendor/github.com/openshift/api/console/v1/stable.consolenotification.testsuite.yaml b/vendor/github.com/openshift/api/console/v1/stable.consolenotification.testsuite.yaml new file mode 100644 index 0000000000..ade1c6ac69 --- /dev/null +++ b/vendor/github.com/openshift/api/console/v1/stable.consolenotification.testsuite.yaml @@ -0,0 +1,16 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "[Stable] ConsoleNotification" +crd: 0000_10_consolenotification.crd.yaml +tests: + onCreate: + - name: Should be able to create a minimal ConsoleNotification + initial: | + apiVersion: console.openshift.io/v1 + kind: ConsoleNotification + spec: + text: foo + expected: | + apiVersion: console.openshift.io/v1 + kind: ConsoleNotification + spec: + text: foo diff --git a/vendor/github.com/openshift/api/console/v1/stable.consoleplugin.testsuite.yaml b/vendor/github.com/openshift/api/console/v1/stable.consoleplugin.testsuite.yaml new file mode 100644 index 0000000000..627cea6f38 --- /dev/null +++ b/vendor/github.com/openshift/api/console/v1/stable.consoleplugin.testsuite.yaml @@ -0,0 +1,88 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "[Stable] ConsolePlugin" +crd: 0000_10_consoleplugin.crd.yaml +tests: + onCreate: + - name: Should be able to create a minimal ConsolePlugin + initial: | + apiVersion: console.openshift.io/v1 + kind: ConsolePlugin + spec: + displayName: foo + backend: + type: Service + expected: | + apiVersion: console.openshift.io/v1 + kind: ConsolePlugin + spec: + displayName: foo + backend: + type: Service + - name: Should be able to create a ConsolePlugin with default i18n loadType + initial: | + apiVersion: console.openshift.io/v1 + kind: ConsolePlugin + spec: + displayName: foo + backend: + type: Service + i18n: + loadType: "" + expected: | + apiVersion: console.openshift.io/v1 + kind: ConsolePlugin + spec: + displayName: foo + backend: + type: Service + i18n: + loadType: "" + - name: Should be able to create a ConsolePlugin with Preload i18n loadType + initial: | + apiVersion: console.openshift.io/v1 + kind: ConsolePlugin + spec: + displayName: foo + backend: + type: Service + i18n: + loadType: Preload + expected: | + apiVersion: console.openshift.io/v1 + kind: ConsolePlugin + spec: + displayName: foo + backend: + type: Service + i18n: + loadType: Preload + - name: Should be able to create a ConsolePlugin with Lazy i18n loadType + initial: | + apiVersion: console.openshift.io/v1 + kind: ConsolePlugin + spec: + displayName: foo + backend: + type: Service + i18n: + loadType: Lazy + expected: | + apiVersion: console.openshift.io/v1 + kind: ConsolePlugin + spec: + displayName: foo + backend: + type: Service + i18n: + loadType: Lazy + - name: Should reject to create a ConsolePlugin with invalid i18n loadType + initial: | + apiVersion: console.openshift.io/v1 + kind: ConsolePlugin + spec: + displayName: foo + backend: + type: Service + i18n: + loadType: Invalid + expectedError: "Unsupported value: \"Invalid\"" diff --git a/vendor/github.com/openshift/api/console/v1/stable.consolequickstart.testsuite.yaml b/vendor/github.com/openshift/api/console/v1/stable.consolequickstart.testsuite.yaml new file mode 100644 index 0000000000..b5a403be59 --- /dev/null +++ b/vendor/github.com/openshift/api/console/v1/stable.consolequickstart.testsuite.yaml @@ -0,0 +1,28 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "[Stable] ConsoleQuickStart" +crd: 0000_10_consolequickstart.crd.yaml +tests: + onCreate: + - name: Should be able to create a minimal ConsoleQuickStart + initial: | + apiVersion: console.openshift.io/v1 + kind: ConsoleQuickStart + spec: + description: foo + displayName: foo + durationMinutes: 10 + introduction: foo + tasks: + - title: foo + description: foo + expected: | + apiVersion: console.openshift.io/v1 + kind: ConsoleQuickStart + spec: + description: foo + displayName: foo + durationMinutes: 10 + introduction: foo + tasks: + - title: foo + description: foo diff --git a/vendor/github.com/openshift/api/console/v1/stable.consoleyamlsample.testsuite.yaml b/vendor/github.com/openshift/api/console/v1/stable.consoleyamlsample.testsuite.yaml new file mode 100644 index 0000000000..661c48fe07 --- /dev/null +++ b/vendor/github.com/openshift/api/console/v1/stable.consoleyamlsample.testsuite.yaml @@ -0,0 +1,26 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "[Stable] ConsoleYAMLSample" +crd: 0000_10_consoleyamlsample.crd.yaml +tests: + onCreate: + - name: Should be able to create a minimal ConsoleYAMLSample + initial: | + apiVersion: console.openshift.io/v1 + kind: ConsoleYAMLSample + spec: + description: foo + targetResource: + apiVersion: foo + kind: foo + title: foo + yaml: foo + expected: | + apiVersion: console.openshift.io/v1 + kind: ConsoleYAMLSample + spec: + description: foo + targetResource: + apiVersion: foo + kind: foo + title: foo + yaml: foo diff --git a/vendor/github.com/openshift/api/console/v1/types.go b/vendor/github.com/openshift/api/console/v1/types.go index 3dea7005ab..416eaa3e87 100644 --- a/vendor/github.com/openshift/api/console/v1/types.go +++ b/vendor/github.com/openshift/api/console/v1/types.go @@ -5,5 +5,6 @@ type Link struct { // text is the display text for the link Text string `json:"text"` // href is the absolute secure URL for the link (must use https) + // +kubebuilder:validation:Pattern=`^https://` Href string `json:"href"` } diff --git a/vendor/github.com/openshift/api/console/v1/types_console_cli_download.go b/vendor/github.com/openshift/api/console/v1/types_console_cli_download.go index 00844a03c6..fde4d9d41d 100644 --- a/vendor/github.com/openshift/api/console/v1/types_console_cli_download.go +++ b/vendor/github.com/openshift/api/console/v1/types_console_cli_download.go @@ -7,11 +7,14 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // ConsoleCLIDownload is an extension for configuring openshift web console command line interface (CLI) downloads. +// +// Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=2 type ConsoleCLIDownload struct { - metav1.TypeMeta `json:",inline"` - // Standard object's metadata. + metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` - Spec ConsoleCLIDownloadSpec `json:"spec"` + + Spec ConsoleCLIDownloadSpec `json:"spec"` } // ConsoleCLIDownloadSpec is the desired cli download configuration. @@ -21,14 +24,25 @@ type ConsoleCLIDownloadSpec struct { // description is the description of the CLI download (can include markdown). Description string `json:"description"` // links is a list of objects that provide CLI download link details. - Links []Link `json:"links"` + Links []CLIDownloadLink `json:"links"` +} + +type CLIDownloadLink struct { + // text is the display text for the link + // +optional + Text string `json:"text"` + // href is the absolute secure URL for the link (must use https) + // +kubebuilder:validation:Pattern=`^https://` + Href string `json:"href"` } // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=2 type ConsoleCLIDownloadList struct { metav1.TypeMeta `json:",inline"` - // Standard object's metadata. metav1.ListMeta `json:"metadata"` - Items []ConsoleCLIDownload `json:"items"` + + Items []ConsoleCLIDownload `json:"items"` } diff --git a/vendor/github.com/openshift/api/console/v1/types_console_external_log_links.go b/vendor/github.com/openshift/api/console/v1/types_console_external_log_links.go index c9c3317d51..a152f801ad 100644 --- a/vendor/github.com/openshift/api/console/v1/types_console_external_log_links.go +++ b/vendor/github.com/openshift/api/console/v1/types_console_external_log_links.go @@ -7,11 +7,14 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // ConsoleExternalLogLink is an extension for customizing OpenShift web console log links. +// +// Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=2 type ConsoleExternalLogLink struct { - metav1.TypeMeta `json:",inline"` - // Standard object's metadata. + metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` - Spec ConsoleExternalLogLinkSpec `json:"spec"` + + Spec ConsoleExternalLogLinkSpec `json:"spec"` } // ConsoleExternalLogLinkSpec is the desired log link configuration. @@ -29,24 +32,28 @@ type ConsoleExternalLogLinkSpec struct { // - e.g. `11111111-2222-3333-4444-555555555555` // - ${containerName} - name of the resource's container that contains the logs // - ${resourceNamespace} - namespace of the resource that contains the logs + // - ${resourceNamespaceUID} - namespace UID of the resource that contains the logs // - ${podLabels} - JSON representation of labels matching the pod with the logs // - e.g. `{"key1":"value1","key2":"value2"}` // // e.g., https://example.com/logs?resourceName=${resourceName}&containerName=${containerName}&resourceNamespace=${resourceNamespace}&podLabels=${podLabels} + // +kubebuilder:validation:Pattern=`^https://` HrefTemplate string `json:"hrefTemplate"` // namespaceFilter is a regular expression used to restrict a log link to a // matching set of namespaces (e.g., `^openshift-`). The string is converted // into a regular expression using the JavaScript RegExp constructor. // If not specified, links will be displayed for all the namespaces. - // + optional + // +optional NamespaceFilter string `json:"namespaceFilter,omitempty"` } // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=2 type ConsoleExternalLogLinkList struct { metav1.TypeMeta `json:",inline"` - // Standard object's metadata. metav1.ListMeta `json:"metadata"` - Items []ConsoleExternalLogLink `json:"items"` + + Items []ConsoleExternalLogLink `json:"items"` } diff --git a/vendor/github.com/openshift/api/console/v1/types_console_link.go b/vendor/github.com/openshift/api/console/v1/types_console_link.go index 40f9262f39..1592377ef8 100644 --- a/vendor/github.com/openshift/api/console/v1/types_console_link.go +++ b/vendor/github.com/openshift/api/console/v1/types_console_link.go @@ -7,28 +7,39 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // ConsoleLink is an extension for customizing OpenShift web console links. +// +// Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=2 type ConsoleLink struct { - metav1.TypeMeta `json:",inline"` - // Standard object's metadata. + metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` - Spec ConsoleLinkSpec `json:"spec"` + + Spec ConsoleLinkSpec `json:"spec"` } // ConsoleLinkSpec is the desired console link configuration. type ConsoleLinkSpec struct { Link `json:",inline"` - // location determines which location in the console the link will be appended to. + // location determines which location in the console the link will be appended to (ApplicationMenu, HelpMenu, UserMenu, NamespaceDashboard). Location ConsoleLinkLocation `json:"location"` // applicationMenu holds information about section and icon used for the link in the // application menu, and it is applicable only when location is set to ApplicationMenu. // // +optional ApplicationMenu *ApplicationMenuSpec `json:"applicationMenu,omitempty"` + // namespaceDashboard holds information about namespaces in which the dashboard link should + // appear, and it is applicable only when location is set to NamespaceDashboard. + // If not specified, the link will appear in all namespaces. + // + // +optional + NamespaceDashboard *NamespaceDashboardSpec `json:"namespaceDashboard,omitempty"` } // ApplicationMenuSpec is the specification of the desired section and icon used for the link in the application menu. type ApplicationMenuSpec struct { // section is the section of the application menu in which the link should appear. + // This can be any text that will appear as a subheading in the application menu dropdown. + // A new section will be created if the text does not match text of an existing section. Section string `json:"section"` // imageUrl is the URL for the icon used in front of the link in the application menu. // The URL must be an HTTPS URL or a Data URI. The image should be square and will be shown at 24x24 pixels. @@ -36,7 +47,22 @@ type ApplicationMenuSpec struct { ImageURL string `json:"imageURL,omitempty"` } +// NamespaceDashboardSpec is a specification of namespaces in which the dashboard link should appear. +// If both namespaces and namespaceSelector are specified, the link will appear in namespaces that match either +type NamespaceDashboardSpec struct { + // namespaces is an array of namespace names in which the dashboard link should appear. + // + // +optional + Namespaces []string `json:"namespaces,omitempty"` + // namespaceSelector is used to select the Namespaces that should contain dashboard link by label. + // If the namespace labels match, dashboard link will be shown for the namespaces. + // + // +optional + NamespaceSelector *metav1.LabelSelector `json:"namespaceSelector,omitempty"` +} + // ConsoleLinkLocationSelector is a set of possible menu targets to which a link may be appended. +// +kubebuilder:validation:Pattern=`^(ApplicationMenu|HelpMenu|UserMenu|NamespaceDashboard)$` type ConsoleLinkLocation string const ( @@ -46,13 +72,17 @@ const ( UserMenu ConsoleLinkLocation = "UserMenu" // ApplicationMenu indicates that the link should appear inside the application menu of the console. ApplicationMenu ConsoleLinkLocation = "ApplicationMenu" + // NamespaceDashboard indicates that the link should appear in the namespaced dashboard of the console. + NamespaceDashboard ConsoleLinkLocation = "NamespaceDashboard" ) // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=2 type ConsoleLinkList struct { metav1.TypeMeta `json:",inline"` - // Standard object's metadata. metav1.ListMeta `json:"metadata"` - Items []ConsoleLink `json:"items"` + + Items []ConsoleLink `json:"items"` } diff --git a/vendor/github.com/openshift/api/console/v1/types_console_notification.go b/vendor/github.com/openshift/api/console/v1/types_console_notification.go index b4347fe3a3..52695cda47 100644 --- a/vendor/github.com/openshift/api/console/v1/types_console_notification.go +++ b/vendor/github.com/openshift/api/console/v1/types_console_notification.go @@ -7,11 +7,14 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // ConsoleNotification is the extension for configuring openshift web console notifications. +// +// Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=2 type ConsoleNotification struct { - metav1.TypeMeta `json:",inline"` - // Standard object's metadata. + metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` - Spec ConsoleNotificationSpec `json:"spec"` + + Spec ConsoleNotificationSpec `json:"spec"` } // ConsoleNotificationSpec is the desired console notification configuration. @@ -19,6 +22,7 @@ type ConsoleNotificationSpec struct { // text is the visible text of the notification. Text string `json:"text"` // location is the location of the notification in the console. + // Valid values are: "BannerTop", "BannerBottom", "BannerTopBottom". // +optional Location ConsoleNotificationLocation `json:"location,omitempty"` // link is an object that holds notification link details. @@ -34,6 +38,7 @@ type ConsoleNotificationSpec struct { // ConsoleNotificationLocationSelector is a set of possible notification targets // to which a notification may be appended. +// +kubebuilder:validation:Pattern=`^(BannerTop|BannerBottom|BannerTopBottom)$` type ConsoleNotificationLocation string const ( @@ -47,9 +52,11 @@ const ( // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=2 type ConsoleNotificationList struct { metav1.TypeMeta `json:",inline"` - // Standard object's metadata. metav1.ListMeta `json:"metadata"` - Items []ConsoleNotification `json:"items"` + + Items []ConsoleNotification `json:"items"` } diff --git a/vendor/github.com/openshift/api/console/v1/types_console_plugin.go b/vendor/github.com/openshift/api/console/v1/types_console_plugin.go new file mode 100644 index 0000000000..749a1fd604 --- /dev/null +++ b/vendor/github.com/openshift/api/console/v1/types_console_plugin.go @@ -0,0 +1,238 @@ +package v1 + +import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + +// +genclient +// +genclient:nonNamespaced +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +openshift:compatibility-gen:level=1 + +// ConsolePlugin is an extension for customizing OpenShift web console by +// dynamically loading code from another service running on the cluster. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +type ConsolePlugin struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata"` + + // +kubebuilder:validation:Required + Spec ConsolePluginSpec `json:"spec"` +} + +// ConsolePluginSpec is the desired plugin configuration. +type ConsolePluginSpec struct { + // displayName is the display name of the plugin. + // The dispalyName should be between 1 and 128 characters. + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=128 + DisplayName string `json:"displayName"` + // backend holds the configuration of backend which is serving console's plugin . + // +kubebuilder:validation:Required + Backend ConsolePluginBackend `json:"backend"` + // proxy is a list of proxies that describe various service type + // to which the plugin needs to connect to. + // +optional + Proxy []ConsolePluginProxy `json:"proxy,omitempty"` + // i18n is the configuration of plugin's localization resources. + // +optional + I18n ConsolePluginI18n `json:"i18n"` +} + +// LoadType is an enumeration of i18n loading types +// +kubebuilder:validation:Enum:=Preload;Lazy;"" +type LoadType string + +const ( + // Preload will load all plugin's localization resources during + // loading of the plugin. + Preload LoadType = "Preload" + // Lazy wont preload any plugin's localization resources, instead + // will leave thier loading to runtime's lazy-loading. + Lazy LoadType = "Lazy" + // Empty is the default value of the LoadType field and it's + // purpose is to improve discoverability of the field. The + // the behaviour is equivalent to Lazy type. + Empty LoadType = "" +) + +// ConsolePluginI18n holds information on localization resources that are served by +// the dynamic plugin. +type ConsolePluginI18n struct { + // loadType indicates how the plugin's localization resource should be loaded. + // Valid values are Preload, Lazy and the empty string. + // When set to Preload, all localization resources are fetched when the plugin is loaded. + // When set to Lazy, localization resources are lazily loaded as and when they are required by the console. + // When omitted or set to the empty string, the behaviour is equivalent to Lazy type. + // +kubebuilder:validation:Required + LoadType LoadType `json:"loadType"` +} + +// ConsolePluginProxy holds information on various service types +// to which console's backend will proxy the plugin's requests. +type ConsolePluginProxy struct { + // endpoint provides information about endpoint to which the request is proxied to. + // +kubebuilder:validation:Required + Endpoint ConsolePluginProxyEndpoint `json:"endpoint"` + // alias is a proxy name that identifies the plugin's proxy. An alias name + // should be unique per plugin. The console backend exposes following + // proxy endpoint: + // + // /api/proxy/plugin///? + // + // Request example path: + // + // /api/proxy/plugin/acm/search/pods?namespace=openshift-apiserver + // + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=128 + // +kubebuilder:validation:Pattern=`^[A-Za-z0-9-_]+$` + Alias string `json:"alias"` + // caCertificate provides the cert authority certificate contents, + // in case the proxied Service is using custom service CA. + // By default, the service CA bundle provided by the service-ca operator is used. + // +kubebuilder:validation:Pattern=`^-----BEGIN CERTIFICATE-----([\s\S]*)-----END CERTIFICATE-----\s?$` + // +optional + CACertificate string `json:"caCertificate,omitempty"` + // authorization provides information about authorization type, + // which the proxied request should contain + // +kubebuilder:default:="None" + // +optional + Authorization AuthorizationType `json:"authorization,omitempty"` +} + +// ConsolePluginProxyEndpoint holds information about the endpoint to which +// request will be proxied to. +// +union +type ConsolePluginProxyEndpoint struct { + // type is the type of the console plugin's proxy. Currently only "Service" is supported. + // + // --- + // + When handling unknown values, consumers should report an error and stop processing the plugin. + // + // +kubebuilder:validation:Required + // +unionDiscriminator + Type ConsolePluginProxyType `json:"type"` + // service is an in-cluster Service that the plugin will connect to. + // The Service must use HTTPS. The console backend exposes an endpoint + // in order to proxy communication between the plugin and the Service. + // Note: service field is required for now, since currently only "Service" + // type is supported. + // +optional + Service *ConsolePluginProxyServiceConfig `json:"service,omitempty"` +} + +// ProxyType is an enumeration of available proxy types +// +kubebuilder:validation:Enum:=Service +type ConsolePluginProxyType string + +const ( + // ProxyTypeService is used when proxying communication to a Service + ProxyTypeService ConsolePluginProxyType = "Service" +) + +// AuthorizationType is an enumerate of available authorization types +// +kubebuilder:validation:Enum:=UserToken;None +type AuthorizationType string + +const ( + // UserToken indicates that the proxied request should contain the logged-in user's + // OpenShift access token in the "Authorization" request header. For example: + // + // Authorization: Bearer sha256~kV46hPnEYhCWFnB85r5NrprAxggzgb6GOeLbgcKNsH0 + // + UserToken AuthorizationType = "UserToken" + // None indicates that proxied request wont contain authorization of any type. + None AuthorizationType = "None" +) + +// ProxyTypeServiceConfig holds information on Service to which +// console's backend will proxy the plugin's requests. +type ConsolePluginProxyServiceConfig struct { + // name of Service that the plugin needs to connect to. + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=128 + Name string `json:"name"` + // namespace of Service that the plugin needs to connect to + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=128 + Namespace string `json:"namespace"` + // port on which the Service that the plugin needs to connect to + // is listening on. + // +kubebuilder:validation:Required + // +kubebuilder:validation:Maximum:=65535 + // +kubebuilder:validation:Minimum:=1 + Port int32 `json:"port"` +} + +// ConsolePluginBackendType is an enumeration of available backend types +// +kubebuilder:validation:Enum:=Service +type ConsolePluginBackendType string + +const ( + // Service is used when plugin's backend is served by a Kubernetes Service + Service ConsolePluginBackendType = "Service" +) + +// ConsolePluginBackend holds information about the endpoint which serves +// the console's plugin +// +union +type ConsolePluginBackend struct { + // type is the backend type which servers the console's plugin. Currently only "Service" is supported. + // + // --- + // + When handling unknown values, consumers should report an error and stop processing the plugin. + // + // +kubebuilder:validation:Required + // +unionDiscriminator + Type ConsolePluginBackendType `json:"type"` + // service is a Kubernetes Service that exposes the plugin using a + // deployment with an HTTP server. The Service must use HTTPS and + // Service serving certificate. The console backend will proxy the + // plugins assets from the Service using the service CA bundle. + // +optional + Service *ConsolePluginService `json:"service"` +} + +// ConsolePluginService holds information on Service that is serving +// console dynamic plugin assets. +type ConsolePluginService struct { + // name of Service that is serving the plugin assets. + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=128 + Name string `json:"name"` + // namespace of Service that is serving the plugin assets. + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=128 + Namespace string `json:"namespace"` + // port on which the Service that is serving the plugin is listening to. + // +kubebuilder:validation:Required + // +kubebuilder:validation:Maximum:=65535 + // +kubebuilder:validation:Minimum:=1 + Port int32 `json:"port"` + // basePath is the path to the plugin's assets. The primary asset it the + // manifest file called `plugin-manifest.json`, which is a JSON document + // that contains metadata about the plugin and the extensions. + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=256 + // +kubebuilder:validation:Pattern=`^[a-zA-Z0-9.\-_~!$&'()*+,;=:@\/]*$` + // +kubebuilder:default:="/" + // +optional + BasePath string `json:"basePath"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +openshift:compatibility-gen:level=1 + +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +type ConsolePluginList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata"` + + Items []ConsolePlugin `json:"items"` +} diff --git a/vendor/github.com/openshift/api/console/v1/types_console_quick_start.go b/vendor/github.com/openshift/api/console/v1/types_console_quick_start.go new file mode 100644 index 0000000000..0c58c9378d --- /dev/null +++ b/vendor/github.com/openshift/api/console/v1/types_console_quick_start.go @@ -0,0 +1,137 @@ +package v1 + +import ( + authorizationv1 "k8s.io/api/authorization/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// +genclient +// +genclient:nonNamespaced +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// ConsoleQuickStart is an extension for guiding user through various +// workflows in the OpenShift web console. +// +// Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=2 +type ConsoleQuickStart struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + // +kubebuilder:validation:Required + // +required + Spec ConsoleQuickStartSpec `json:"spec"` +} + +// ConsoleQuickStartSpec is the desired quick start configuration. +type ConsoleQuickStartSpec struct { + // displayName is the display name of the Quick Start. + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinLength=1 + // +required + DisplayName string `json:"displayName"` + // icon is a base64 encoded image that will be displayed beside the Quick Start display name. + // The icon should be an vector image for easy scaling. The size of the icon should be 40x40. + // +optional + Icon string `json:"icon,omitempty"` + // tags is a list of strings that describe the Quick Start. + // +optional + Tags []string `json:"tags,omitempty"` + // durationMinutes describes approximately how many minutes it will take to complete the Quick Start. + // +kubebuilder:validation:Required + // +kubebuilder:validation:Minimum=1 + // +required + DurationMinutes int `json:"durationMinutes"` + // description is the description of the Quick Start. (includes markdown) + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=256 + // +required + Description string `json:"description"` + // prerequisites contains all prerequisites that need to be met before taking a Quick Start. (includes markdown) + // +optional + Prerequisites []string `json:"prerequisites,omitempty"` + // introduction describes the purpose of the Quick Start. (includes markdown) + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinLength=1 + // +required + Introduction string `json:"introduction"` + // tasks is the list of steps the user has to perform to complete the Quick Start. + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinItems=1 + // +required + Tasks []ConsoleQuickStartTask `json:"tasks"` + // conclusion sums up the Quick Start and suggests the possible next steps. (includes markdown) + // +optional + Conclusion string `json:"conclusion,omitempty"` + // nextQuickStart is a list of the following Quick Starts, suggested for the user to try. + // +optional + NextQuickStart []string `json:"nextQuickStart,omitempty"` + // accessReviewResources contains a list of resources that the user's access + // will be reviewed against in order for the user to complete the Quick Start. + // The Quick Start will be hidden if any of the access reviews fail. + // +optional + AccessReviewResources []authorizationv1.ResourceAttributes `json:"accessReviewResources,omitempty"` +} + +// ConsoleQuickStartTask is a single step in a Quick Start. +type ConsoleQuickStartTask struct { + // title describes the task and is displayed as a step heading. + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinLength=1 + // +required + Title string `json:"title"` + // description describes the steps needed to complete the task. (includes markdown) + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinLength=1 + // +required + Description string `json:"description"` + // review contains instructions to validate the task is complete. The user will select 'Yes' or 'No'. + // using a radio button, which indicates whether the step was completed successfully. + // +optional + Review *ConsoleQuickStartTaskReview `json:"review,omitempty"` + // summary contains information about the passed step. + // +optional + Summary *ConsoleQuickStartTaskSummary `json:"summary,omitempty"` +} + +// ConsoleQuickStartTaskReview contains instructions that validate a task was completed successfully. +type ConsoleQuickStartTaskReview struct { + // instructions contains steps that user needs to take in order + // to validate his work after going through a task. (includes markdown) + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinLength=1 + // +required + Instructions string `json:"instructions"` + // failedTaskHelp contains suggestions for a failed task review and is shown at the end of task. (includes markdown) + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinLength=1 + // +required + FailedTaskHelp string `json:"failedTaskHelp"` +} + +// ConsoleQuickStartTaskSummary contains information about a passed step. +type ConsoleQuickStartTaskSummary struct { + // success describes the succesfully passed task. + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinLength=1 + // +required + Success string `json:"success"` + // failed briefly describes the unsuccessfully passed task. (includes markdown) + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=128 + // +required + Failed string `json:"failed"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=2 +type ConsoleQuickStartList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata"` + + Items []ConsoleQuickStart `json:"items"` +} diff --git a/vendor/github.com/openshift/api/console/v1/types_console_yaml_sample.go b/vendor/github.com/openshift/api/console/v1/types_console_yaml_sample.go new file mode 100644 index 0000000000..2290739744 --- /dev/null +++ b/vendor/github.com/openshift/api/console/v1/types_console_yaml_sample.go @@ -0,0 +1,61 @@ +package v1 + +import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + +// +genclient +// +genclient:nonNamespaced +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// ConsoleYAMLSample is an extension for customizing OpenShift web console YAML samples. +// +// Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=2 +type ConsoleYAMLSample struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata"` + + Spec ConsoleYAMLSampleSpec `json:"spec"` +} + +// ConsoleYAMLSampleSpec is the desired YAML sample configuration. +// Samples will appear with their descriptions in a samples sidebar +// when creating a resources in the web console. +type ConsoleYAMLSampleSpec struct { + // targetResource contains apiVersion and kind of the resource + // YAML sample is representating. + TargetResource metav1.TypeMeta `json:"targetResource"` + // title of the YAML sample. + Title ConsoleYAMLSampleTitle `json:"title"` + // description of the YAML sample. + Description ConsoleYAMLSampleDescription `json:"description"` + // yaml is the YAML sample to display. + YAML ConsoleYAMLSampleYAML `json:"yaml"` + // snippet indicates that the YAML sample is not the full YAML resource + // definition, but a fragment that can be inserted into the existing + // YAML document at the user's cursor. + // +optional + Snippet bool `json:"snippet"` +} + +// ConsoleYAMLSampleTitle of the YAML sample. +// +kubebuilder:validation:Pattern=`^(.|\s)*\S(.|\s)*$` +type ConsoleYAMLSampleTitle string + +// ConsoleYAMLSampleDescription of the YAML sample. +// +kubebuilder:validation:Pattern=`^(.|\s)*\S(.|\s)*$` +type ConsoleYAMLSampleDescription string + +// ConsoleYAMLSampleYAML is the YAML sample to display. +// +kubebuilder:validation:Pattern=`^(.|\s)*\S(.|\s)*$` +type ConsoleYAMLSampleYAML string + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=2 +type ConsoleYAMLSampleList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata"` + + Items []ConsoleYAMLSample `json:"items"` +} diff --git a/vendor/github.com/openshift/api/console/v1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/console/v1/zz_generated.deepcopy.go index 80ac8db1c4..7266afa477 100644 --- a/vendor/github.com/openshift/api/console/v1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/console/v1/zz_generated.deepcopy.go @@ -1,3 +1,4 @@ +//go:build !ignore_autogenerated // +build !ignore_autogenerated // Code generated by deepcopy-gen. DO NOT EDIT. @@ -5,6 +6,8 @@ package v1 import ( + authorizationv1 "k8s.io/api/authorization/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" runtime "k8s.io/apimachinery/pkg/runtime" ) @@ -24,6 +27,22 @@ func (in *ApplicationMenuSpec) DeepCopy() *ApplicationMenuSpec { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CLIDownloadLink) DeepCopyInto(out *CLIDownloadLink) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CLIDownloadLink. +func (in *CLIDownloadLink) DeepCopy() *CLIDownloadLink { + if in == nil { + return nil + } + out := new(CLIDownloadLink) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ConsoleCLIDownload) DeepCopyInto(out *ConsoleCLIDownload) { *out = *in @@ -89,7 +108,7 @@ func (in *ConsoleCLIDownloadSpec) DeepCopyInto(out *ConsoleCLIDownloadSpec) { *out = *in if in.Links != nil { in, out := &in.Links, &out.Links - *out = make([]Link, len(*in)) + *out = make([]CLIDownloadLink, len(*in)) copy(*out, *in) } return @@ -250,6 +269,11 @@ func (in *ConsoleLinkSpec) DeepCopyInto(out *ConsoleLinkSpec) { *out = new(ApplicationMenuSpec) **out = **in } + if in.NamespaceDashboard != nil { + in, out := &in.NamespaceDashboard, &out.NamespaceDashboard + *out = new(NamespaceDashboardSpec) + (*in).DeepCopyInto(*out) + } return } @@ -344,6 +368,436 @@ func (in *ConsoleNotificationSpec) DeepCopy() *ConsoleNotificationSpec { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ConsolePlugin) DeepCopyInto(out *ConsolePlugin) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConsolePlugin. +func (in *ConsolePlugin) DeepCopy() *ConsolePlugin { + if in == nil { + return nil + } + out := new(ConsolePlugin) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ConsolePlugin) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ConsolePluginBackend) DeepCopyInto(out *ConsolePluginBackend) { + *out = *in + if in.Service != nil { + in, out := &in.Service, &out.Service + *out = new(ConsolePluginService) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConsolePluginBackend. +func (in *ConsolePluginBackend) DeepCopy() *ConsolePluginBackend { + if in == nil { + return nil + } + out := new(ConsolePluginBackend) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ConsolePluginI18n) DeepCopyInto(out *ConsolePluginI18n) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConsolePluginI18n. +func (in *ConsolePluginI18n) DeepCopy() *ConsolePluginI18n { + if in == nil { + return nil + } + out := new(ConsolePluginI18n) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ConsolePluginList) DeepCopyInto(out *ConsolePluginList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]ConsolePlugin, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConsolePluginList. +func (in *ConsolePluginList) DeepCopy() *ConsolePluginList { + if in == nil { + return nil + } + out := new(ConsolePluginList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ConsolePluginList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ConsolePluginProxy) DeepCopyInto(out *ConsolePluginProxy) { + *out = *in + in.Endpoint.DeepCopyInto(&out.Endpoint) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConsolePluginProxy. +func (in *ConsolePluginProxy) DeepCopy() *ConsolePluginProxy { + if in == nil { + return nil + } + out := new(ConsolePluginProxy) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ConsolePluginProxyEndpoint) DeepCopyInto(out *ConsolePluginProxyEndpoint) { + *out = *in + if in.Service != nil { + in, out := &in.Service, &out.Service + *out = new(ConsolePluginProxyServiceConfig) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConsolePluginProxyEndpoint. +func (in *ConsolePluginProxyEndpoint) DeepCopy() *ConsolePluginProxyEndpoint { + if in == nil { + return nil + } + out := new(ConsolePluginProxyEndpoint) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ConsolePluginProxyServiceConfig) DeepCopyInto(out *ConsolePluginProxyServiceConfig) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConsolePluginProxyServiceConfig. +func (in *ConsolePluginProxyServiceConfig) DeepCopy() *ConsolePluginProxyServiceConfig { + if in == nil { + return nil + } + out := new(ConsolePluginProxyServiceConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ConsolePluginService) DeepCopyInto(out *ConsolePluginService) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConsolePluginService. +func (in *ConsolePluginService) DeepCopy() *ConsolePluginService { + if in == nil { + return nil + } + out := new(ConsolePluginService) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ConsolePluginSpec) DeepCopyInto(out *ConsolePluginSpec) { + *out = *in + in.Backend.DeepCopyInto(&out.Backend) + if in.Proxy != nil { + in, out := &in.Proxy, &out.Proxy + *out = make([]ConsolePluginProxy, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + out.I18n = in.I18n + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConsolePluginSpec. +func (in *ConsolePluginSpec) DeepCopy() *ConsolePluginSpec { + if in == nil { + return nil + } + out := new(ConsolePluginSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ConsoleQuickStart) DeepCopyInto(out *ConsoleQuickStart) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConsoleQuickStart. +func (in *ConsoleQuickStart) DeepCopy() *ConsoleQuickStart { + if in == nil { + return nil + } + out := new(ConsoleQuickStart) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ConsoleQuickStart) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ConsoleQuickStartList) DeepCopyInto(out *ConsoleQuickStartList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]ConsoleQuickStart, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConsoleQuickStartList. +func (in *ConsoleQuickStartList) DeepCopy() *ConsoleQuickStartList { + if in == nil { + return nil + } + out := new(ConsoleQuickStartList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ConsoleQuickStartList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ConsoleQuickStartSpec) DeepCopyInto(out *ConsoleQuickStartSpec) { + *out = *in + if in.Tags != nil { + in, out := &in.Tags, &out.Tags + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.Prerequisites != nil { + in, out := &in.Prerequisites, &out.Prerequisites + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.Tasks != nil { + in, out := &in.Tasks, &out.Tasks + *out = make([]ConsoleQuickStartTask, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.NextQuickStart != nil { + in, out := &in.NextQuickStart, &out.NextQuickStart + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.AccessReviewResources != nil { + in, out := &in.AccessReviewResources, &out.AccessReviewResources + *out = make([]authorizationv1.ResourceAttributes, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConsoleQuickStartSpec. +func (in *ConsoleQuickStartSpec) DeepCopy() *ConsoleQuickStartSpec { + if in == nil { + return nil + } + out := new(ConsoleQuickStartSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ConsoleQuickStartTask) DeepCopyInto(out *ConsoleQuickStartTask) { + *out = *in + if in.Review != nil { + in, out := &in.Review, &out.Review + *out = new(ConsoleQuickStartTaskReview) + **out = **in + } + if in.Summary != nil { + in, out := &in.Summary, &out.Summary + *out = new(ConsoleQuickStartTaskSummary) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConsoleQuickStartTask. +func (in *ConsoleQuickStartTask) DeepCopy() *ConsoleQuickStartTask { + if in == nil { + return nil + } + out := new(ConsoleQuickStartTask) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ConsoleQuickStartTaskReview) DeepCopyInto(out *ConsoleQuickStartTaskReview) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConsoleQuickStartTaskReview. +func (in *ConsoleQuickStartTaskReview) DeepCopy() *ConsoleQuickStartTaskReview { + if in == nil { + return nil + } + out := new(ConsoleQuickStartTaskReview) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ConsoleQuickStartTaskSummary) DeepCopyInto(out *ConsoleQuickStartTaskSummary) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConsoleQuickStartTaskSummary. +func (in *ConsoleQuickStartTaskSummary) DeepCopy() *ConsoleQuickStartTaskSummary { + if in == nil { + return nil + } + out := new(ConsoleQuickStartTaskSummary) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ConsoleYAMLSample) DeepCopyInto(out *ConsoleYAMLSample) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + out.Spec = in.Spec + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConsoleYAMLSample. +func (in *ConsoleYAMLSample) DeepCopy() *ConsoleYAMLSample { + if in == nil { + return nil + } + out := new(ConsoleYAMLSample) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ConsoleYAMLSample) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ConsoleYAMLSampleList) DeepCopyInto(out *ConsoleYAMLSampleList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]ConsoleYAMLSample, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConsoleYAMLSampleList. +func (in *ConsoleYAMLSampleList) DeepCopy() *ConsoleYAMLSampleList { + if in == nil { + return nil + } + out := new(ConsoleYAMLSampleList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ConsoleYAMLSampleList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ConsoleYAMLSampleSpec) DeepCopyInto(out *ConsoleYAMLSampleSpec) { + *out = *in + out.TargetResource = in.TargetResource + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConsoleYAMLSampleSpec. +func (in *ConsoleYAMLSampleSpec) DeepCopy() *ConsoleYAMLSampleSpec { + if in == nil { + return nil + } + out := new(ConsoleYAMLSampleSpec) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Link) DeepCopyInto(out *Link) { *out = *in @@ -359,3 +813,29 @@ func (in *Link) DeepCopy() *Link { in.DeepCopyInto(out) return out } + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NamespaceDashboardSpec) DeepCopyInto(out *NamespaceDashboardSpec) { + *out = *in + if in.Namespaces != nil { + in, out := &in.Namespaces, &out.Namespaces + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.NamespaceSelector != nil { + in, out := &in.NamespaceSelector, &out.NamespaceSelector + *out = new(metav1.LabelSelector) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NamespaceDashboardSpec. +func (in *NamespaceDashboardSpec) DeepCopy() *NamespaceDashboardSpec { + if in == nil { + return nil + } + out := new(NamespaceDashboardSpec) + in.DeepCopyInto(out) + return out +} diff --git a/vendor/github.com/openshift/api/console/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/console/v1/zz_generated.swagger_doc_generated.go index 4dbec77d04..acfa9e1dd8 100644 --- a/vendor/github.com/openshift/api/console/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/console/v1/zz_generated.swagger_doc_generated.go @@ -21,9 +21,17 @@ func (Link) SwaggerDoc() map[string]string { return map_Link } +var map_CLIDownloadLink = map[string]string{ + "text": "text is the display text for the link", + "href": "href is the absolute secure URL for the link (must use https)", +} + +func (CLIDownloadLink) SwaggerDoc() map[string]string { + return map_CLIDownloadLink +} + var map_ConsoleCLIDownload = map[string]string{ - "": "ConsoleCLIDownload is an extension for configuring openshift web console command line interface (CLI) downloads.", - "metadata": "Standard object's metadata.", + "": "ConsoleCLIDownload is an extension for configuring openshift web console command line interface (CLI) downloads.\n\nCompatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", } func (ConsoleCLIDownload) SwaggerDoc() map[string]string { @@ -31,7 +39,7 @@ func (ConsoleCLIDownload) SwaggerDoc() map[string]string { } var map_ConsoleCLIDownloadList = map[string]string{ - "metadata": "Standard object's metadata.", + "": "Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", } func (ConsoleCLIDownloadList) SwaggerDoc() map[string]string { @@ -50,8 +58,7 @@ func (ConsoleCLIDownloadSpec) SwaggerDoc() map[string]string { } var map_ConsoleExternalLogLink = map[string]string{ - "": "ConsoleExternalLogLink is an extension for customizing OpenShift web console log links.", - "metadata": "Standard object's metadata.", + "": "ConsoleExternalLogLink is an extension for customizing OpenShift web console log links.\n\nCompatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", } func (ConsoleExternalLogLink) SwaggerDoc() map[string]string { @@ -59,7 +66,7 @@ func (ConsoleExternalLogLink) SwaggerDoc() map[string]string { } var map_ConsoleExternalLogLinkList = map[string]string{ - "metadata": "Standard object's metadata.", + "": "Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", } func (ConsoleExternalLogLinkList) SwaggerDoc() map[string]string { @@ -69,7 +76,7 @@ func (ConsoleExternalLogLinkList) SwaggerDoc() map[string]string { var map_ConsoleExternalLogLinkSpec = map[string]string{ "": "ConsoleExternalLogLinkSpec is the desired log link configuration. The log link will appear on the logs tab of the pod details page.", "text": "text is the display text for the link", - "hrefTemplate": "hrefTemplate is an absolute secure URL (must use https) for the log link including variables to be replaced. Variables are specified in the URL with the format ${variableName}, for instance, ${containerName} and will be replaced with the corresponding values from the resource. Resource is a pod. Supported variables are: - ${resourceName} - name of the resource which containes the logs - ${resourceUID} - UID of the resource which contains the logs\n - e.g. `11111111-2222-3333-4444-555555555555`\n- ${containerName} - name of the resource's container that contains the logs - ${resourceNamespace} - namespace of the resource that contains the logs - ${podLabels} - JSON representation of labels matching the pod with the logs\n - e.g. `{\"key1\":\"value1\",\"key2\":\"value2\"}`\n\ne.g., https://example.com/logs?resourceName=${resourceName}&containerName=${containerName}&resourceNamespace=${resourceNamespace}&podLabels=${podLabels}", + "hrefTemplate": "hrefTemplate is an absolute secure URL (must use https) for the log link including variables to be replaced. Variables are specified in the URL with the format ${variableName}, for instance, ${containerName} and will be replaced with the corresponding values from the resource. Resource is a pod. Supported variables are: - ${resourceName} - name of the resource which containes the logs - ${resourceUID} - UID of the resource which contains the logs\n - e.g. `11111111-2222-3333-4444-555555555555`\n- ${containerName} - name of the resource's container that contains the logs - ${resourceNamespace} - namespace of the resource that contains the logs - ${resourceNamespaceUID} - namespace UID of the resource that contains the logs - ${podLabels} - JSON representation of labels matching the pod with the logs\n - e.g. `{\"key1\":\"value1\",\"key2\":\"value2\"}`\n\ne.g., https://example.com/logs?resourceName=${resourceName}&containerName=${containerName}&resourceNamespace=${resourceNamespace}&podLabels=${podLabels}", "namespaceFilter": "namespaceFilter is a regular expression used to restrict a log link to a matching set of namespaces (e.g., `^openshift-`). The string is converted into a regular expression using the JavaScript RegExp constructor. If not specified, links will be displayed for all the namespaces.", } @@ -79,7 +86,7 @@ func (ConsoleExternalLogLinkSpec) SwaggerDoc() map[string]string { var map_ApplicationMenuSpec = map[string]string{ "": "ApplicationMenuSpec is the specification of the desired section and icon used for the link in the application menu.", - "section": "section is the section of the application menu in which the link should appear.", + "section": "section is the section of the application menu in which the link should appear. This can be any text that will appear as a subheading in the application menu dropdown. A new section will be created if the text does not match text of an existing section.", "imageURL": "imageUrl is the URL for the icon used in front of the link in the application menu. The URL must be an HTTPS URL or a Data URI. The image should be square and will be shown at 24x24 pixels.", } @@ -88,8 +95,7 @@ func (ApplicationMenuSpec) SwaggerDoc() map[string]string { } var map_ConsoleLink = map[string]string{ - "": "ConsoleLink is an extension for customizing OpenShift web console links.", - "metadata": "Standard object's metadata.", + "": "ConsoleLink is an extension for customizing OpenShift web console links.\n\nCompatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", } func (ConsoleLink) SwaggerDoc() map[string]string { @@ -97,7 +103,7 @@ func (ConsoleLink) SwaggerDoc() map[string]string { } var map_ConsoleLinkList = map[string]string{ - "metadata": "Standard object's metadata.", + "": "Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", } func (ConsoleLinkList) SwaggerDoc() map[string]string { @@ -105,18 +111,28 @@ func (ConsoleLinkList) SwaggerDoc() map[string]string { } var map_ConsoleLinkSpec = map[string]string{ - "": "ConsoleLinkSpec is the desired console link configuration.", - "location": "location determines which location in the console the link will be appended to.", - "applicationMenu": "applicationMenu holds information about section and icon used for the link in the application menu, and it is applicable only when location is set to ApplicationMenu.", + "": "ConsoleLinkSpec is the desired console link configuration.", + "location": "location determines which location in the console the link will be appended to (ApplicationMenu, HelpMenu, UserMenu, NamespaceDashboard).", + "applicationMenu": "applicationMenu holds information about section and icon used for the link in the application menu, and it is applicable only when location is set to ApplicationMenu.", + "namespaceDashboard": "namespaceDashboard holds information about namespaces in which the dashboard link should appear, and it is applicable only when location is set to NamespaceDashboard. If not specified, the link will appear in all namespaces.", } func (ConsoleLinkSpec) SwaggerDoc() map[string]string { return map_ConsoleLinkSpec } +var map_NamespaceDashboardSpec = map[string]string{ + "": "NamespaceDashboardSpec is a specification of namespaces in which the dashboard link should appear. If both namespaces and namespaceSelector are specified, the link will appear in namespaces that match either", + "namespaces": "namespaces is an array of namespace names in which the dashboard link should appear.", + "namespaceSelector": "namespaceSelector is used to select the Namespaces that should contain dashboard link by label. If the namespace labels match, dashboard link will be shown for the namespaces.", +} + +func (NamespaceDashboardSpec) SwaggerDoc() map[string]string { + return map_NamespaceDashboardSpec +} + var map_ConsoleNotification = map[string]string{ - "": "ConsoleNotification is the extension for configuring openshift web console notifications.", - "metadata": "Standard object's metadata.", + "": "ConsoleNotification is the extension for configuring openshift web console notifications.\n\nCompatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", } func (ConsoleNotification) SwaggerDoc() map[string]string { @@ -124,7 +140,7 @@ func (ConsoleNotification) SwaggerDoc() map[string]string { } var map_ConsoleNotificationList = map[string]string{ - "metadata": "Standard object's metadata.", + "": "Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", } func (ConsoleNotificationList) SwaggerDoc() map[string]string { @@ -134,7 +150,7 @@ func (ConsoleNotificationList) SwaggerDoc() map[string]string { var map_ConsoleNotificationSpec = map[string]string{ "": "ConsoleNotificationSpec is the desired console notification configuration.", "text": "text is the visible text of the notification.", - "location": "location is the location of the notification in the console.", + "location": "location is the location of the notification in the console. Valid values are: \"BannerTop\", \"BannerBottom\", \"BannerTopBottom\".", "link": "link is an object that holds notification link details.", "color": "color is the color of the text for the notification as CSS data type color.", "backgroundColor": "backgroundColor is the color of the background for the notification as CSS data type color.", @@ -144,4 +160,192 @@ func (ConsoleNotificationSpec) SwaggerDoc() map[string]string { return map_ConsoleNotificationSpec } +var map_ConsolePlugin = map[string]string{ + "": "ConsolePlugin is an extension for customizing OpenShift web console by dynamically loading code from another service running on the cluster.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", +} + +func (ConsolePlugin) SwaggerDoc() map[string]string { + return map_ConsolePlugin +} + +var map_ConsolePluginBackend = map[string]string{ + "": "ConsolePluginBackend holds information about the endpoint which serves the console's plugin", + "type": "type is the backend type which servers the console's plugin. Currently only \"Service\" is supported.", + "service": "service is a Kubernetes Service that exposes the plugin using a deployment with an HTTP server. The Service must use HTTPS and Service serving certificate. The console backend will proxy the plugins assets from the Service using the service CA bundle.", +} + +func (ConsolePluginBackend) SwaggerDoc() map[string]string { + return map_ConsolePluginBackend +} + +var map_ConsolePluginI18n = map[string]string{ + "": "ConsolePluginI18n holds information on localization resources that are served by the dynamic plugin.", + "loadType": "loadType indicates how the plugin's localization resource should be loaded. Valid values are Preload, Lazy and the empty string. When set to Preload, all localization resources are fetched when the plugin is loaded. When set to Lazy, localization resources are lazily loaded as and when they are required by the console. When omitted or set to the empty string, the behaviour is equivalent to Lazy type.", +} + +func (ConsolePluginI18n) SwaggerDoc() map[string]string { + return map_ConsolePluginI18n +} + +var map_ConsolePluginList = map[string]string{ + "": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", +} + +func (ConsolePluginList) SwaggerDoc() map[string]string { + return map_ConsolePluginList +} + +var map_ConsolePluginProxy = map[string]string{ + "": "ConsolePluginProxy holds information on various service types to which console's backend will proxy the plugin's requests.", + "endpoint": "endpoint provides information about endpoint to which the request is proxied to.", + "alias": "alias is a proxy name that identifies the plugin's proxy. An alias name should be unique per plugin. The console backend exposes following proxy endpoint:\n\n/api/proxy/plugin///?\n\nRequest example path:\n\n/api/proxy/plugin/acm/search/pods?namespace=openshift-apiserver", + "caCertificate": "caCertificate provides the cert authority certificate contents, in case the proxied Service is using custom service CA. By default, the service CA bundle provided by the service-ca operator is used. ", + "authorization": "authorization provides information about authorization type, which the proxied request should contain", +} + +func (ConsolePluginProxy) SwaggerDoc() map[string]string { + return map_ConsolePluginProxy +} + +var map_ConsolePluginProxyEndpoint = map[string]string{ + "": "ConsolePluginProxyEndpoint holds information about the endpoint to which request will be proxied to.", + "type": "type is the type of the console plugin's proxy. Currently only \"Service\" is supported.", + "service": "service is an in-cluster Service that the plugin will connect to. The Service must use HTTPS. The console backend exposes an endpoint in order to proxy communication between the plugin and the Service. Note: service field is required for now, since currently only \"Service\" type is supported.", +} + +func (ConsolePluginProxyEndpoint) SwaggerDoc() map[string]string { + return map_ConsolePluginProxyEndpoint +} + +var map_ConsolePluginProxyServiceConfig = map[string]string{ + "": "ProxyTypeServiceConfig holds information on Service to which console's backend will proxy the plugin's requests.", + "name": "name of Service that the plugin needs to connect to.", + "namespace": "namespace of Service that the plugin needs to connect to", + "port": "port on which the Service that the plugin needs to connect to is listening on.", +} + +func (ConsolePluginProxyServiceConfig) SwaggerDoc() map[string]string { + return map_ConsolePluginProxyServiceConfig +} + +var map_ConsolePluginService = map[string]string{ + "": "ConsolePluginService holds information on Service that is serving console dynamic plugin assets.", + "name": "name of Service that is serving the plugin assets.", + "namespace": "namespace of Service that is serving the plugin assets.", + "port": "port on which the Service that is serving the plugin is listening to.", + "basePath": "basePath is the path to the plugin's assets. The primary asset it the manifest file called `plugin-manifest.json`, which is a JSON document that contains metadata about the plugin and the extensions.", +} + +func (ConsolePluginService) SwaggerDoc() map[string]string { + return map_ConsolePluginService +} + +var map_ConsolePluginSpec = map[string]string{ + "": "ConsolePluginSpec is the desired plugin configuration.", + "displayName": "displayName is the display name of the plugin. The dispalyName should be between 1 and 128 characters.", + "backend": "backend holds the configuration of backend which is serving console's plugin .", + "proxy": "proxy is a list of proxies that describe various service type to which the plugin needs to connect to.", + "i18n": "i18n is the configuration of plugin's localization resources.", +} + +func (ConsolePluginSpec) SwaggerDoc() map[string]string { + return map_ConsolePluginSpec +} + +var map_ConsoleQuickStart = map[string]string{ + "": "ConsoleQuickStart is an extension for guiding user through various workflows in the OpenShift web console.\n\nCompatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", +} + +func (ConsoleQuickStart) SwaggerDoc() map[string]string { + return map_ConsoleQuickStart +} + +var map_ConsoleQuickStartList = map[string]string{ + "": "Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", +} + +func (ConsoleQuickStartList) SwaggerDoc() map[string]string { + return map_ConsoleQuickStartList +} + +var map_ConsoleQuickStartSpec = map[string]string{ + "": "ConsoleQuickStartSpec is the desired quick start configuration.", + "displayName": "displayName is the display name of the Quick Start.", + "icon": "icon is a base64 encoded image that will be displayed beside the Quick Start display name. The icon should be an vector image for easy scaling. The size of the icon should be 40x40.", + "tags": "tags is a list of strings that describe the Quick Start.", + "durationMinutes": "durationMinutes describes approximately how many minutes it will take to complete the Quick Start.", + "description": "description is the description of the Quick Start. (includes markdown)", + "prerequisites": "prerequisites contains all prerequisites that need to be met before taking a Quick Start. (includes markdown)", + "introduction": "introduction describes the purpose of the Quick Start. (includes markdown)", + "tasks": "tasks is the list of steps the user has to perform to complete the Quick Start.", + "conclusion": "conclusion sums up the Quick Start and suggests the possible next steps. (includes markdown)", + "nextQuickStart": "nextQuickStart is a list of the following Quick Starts, suggested for the user to try.", + "accessReviewResources": "accessReviewResources contains a list of resources that the user's access will be reviewed against in order for the user to complete the Quick Start. The Quick Start will be hidden if any of the access reviews fail.", +} + +func (ConsoleQuickStartSpec) SwaggerDoc() map[string]string { + return map_ConsoleQuickStartSpec +} + +var map_ConsoleQuickStartTask = map[string]string{ + "": "ConsoleQuickStartTask is a single step in a Quick Start.", + "title": "title describes the task and is displayed as a step heading.", + "description": "description describes the steps needed to complete the task. (includes markdown)", + "review": "review contains instructions to validate the task is complete. The user will select 'Yes' or 'No'. using a radio button, which indicates whether the step was completed successfully.", + "summary": "summary contains information about the passed step.", +} + +func (ConsoleQuickStartTask) SwaggerDoc() map[string]string { + return map_ConsoleQuickStartTask +} + +var map_ConsoleQuickStartTaskReview = map[string]string{ + "": "ConsoleQuickStartTaskReview contains instructions that validate a task was completed successfully.", + "instructions": "instructions contains steps that user needs to take in order to validate his work after going through a task. (includes markdown)", + "failedTaskHelp": "failedTaskHelp contains suggestions for a failed task review and is shown at the end of task. (includes markdown)", +} + +func (ConsoleQuickStartTaskReview) SwaggerDoc() map[string]string { + return map_ConsoleQuickStartTaskReview +} + +var map_ConsoleQuickStartTaskSummary = map[string]string{ + "": "ConsoleQuickStartTaskSummary contains information about a passed step.", + "success": "success describes the succesfully passed task.", + "failed": "failed briefly describes the unsuccessfully passed task. (includes markdown)", +} + +func (ConsoleQuickStartTaskSummary) SwaggerDoc() map[string]string { + return map_ConsoleQuickStartTaskSummary +} + +var map_ConsoleYAMLSample = map[string]string{ + "": "ConsoleYAMLSample is an extension for customizing OpenShift web console YAML samples.\n\nCompatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", +} + +func (ConsoleYAMLSample) SwaggerDoc() map[string]string { + return map_ConsoleYAMLSample +} + +var map_ConsoleYAMLSampleList = map[string]string{ + "": "Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", +} + +func (ConsoleYAMLSampleList) SwaggerDoc() map[string]string { + return map_ConsoleYAMLSampleList +} + +var map_ConsoleYAMLSampleSpec = map[string]string{ + "": "ConsoleYAMLSampleSpec is the desired YAML sample configuration. Samples will appear with their descriptions in a samples sidebar when creating a resources in the web console.", + "targetResource": "targetResource contains apiVersion and kind of the resource YAML sample is representating.", + "title": "title of the YAML sample.", + "description": "description of the YAML sample.", + "yaml": "yaml is the YAML sample to display.", + "snippet": "snippet indicates that the YAML sample is not the full YAML resource definition, but a fragment that can be inserted into the existing YAML document at the user's cursor.", +} + +func (ConsoleYAMLSampleSpec) SwaggerDoc() map[string]string { + return map_ConsoleYAMLSampleSpec +} + // AUTO-GENERATED FUNCTIONS END HERE diff --git a/vendor/github.com/openshift/api/oauth/v1/generated.pb.go b/vendor/github.com/openshift/api/oauth/v1/generated.pb.go index 9ff61e190d..a79c468020 100644 --- a/vendor/github.com/openshift/api/oauth/v1/generated.pb.go +++ b/vendor/github.com/openshift/api/oauth/v1/generated.pb.go @@ -25,7 +25,7 @@ var _ = math.Inf // is compatible with the proto package it is being compiled against. // A compilation error at this line likely means your copy of the // proto package needs to be updated. -const _ = proto.GoGoProtoPackageIsVersion2 // please upgrade the proto package +const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package func (m *ClusterRoleScopeRestriction) Reset() { *m = ClusterRoleScopeRestriction{} } func (*ClusterRoleScopeRestriction) ProtoMessage() {} @@ -363,6 +363,62 @@ func (m *ScopeRestriction) XXX_DiscardUnknown() { var xxx_messageInfo_ScopeRestriction proto.InternalMessageInfo +func (m *UserOAuthAccessToken) Reset() { *m = UserOAuthAccessToken{} } +func (*UserOAuthAccessToken) ProtoMessage() {} +func (*UserOAuthAccessToken) Descriptor() ([]byte, []int) { + return fileDescriptor_bd688dca7ea39c8a, []int{12} +} +func (m *UserOAuthAccessToken) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *UserOAuthAccessToken) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil +} +func (m *UserOAuthAccessToken) XXX_Merge(src proto.Message) { + xxx_messageInfo_UserOAuthAccessToken.Merge(m, src) +} +func (m *UserOAuthAccessToken) XXX_Size() int { + return m.Size() +} +func (m *UserOAuthAccessToken) XXX_DiscardUnknown() { + xxx_messageInfo_UserOAuthAccessToken.DiscardUnknown(m) +} + +var xxx_messageInfo_UserOAuthAccessToken proto.InternalMessageInfo + +func (m *UserOAuthAccessTokenList) Reset() { *m = UserOAuthAccessTokenList{} } +func (*UserOAuthAccessTokenList) ProtoMessage() {} +func (*UserOAuthAccessTokenList) Descriptor() ([]byte, []int) { + return fileDescriptor_bd688dca7ea39c8a, []int{13} +} +func (m *UserOAuthAccessTokenList) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *UserOAuthAccessTokenList) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil +} +func (m *UserOAuthAccessTokenList) XXX_Merge(src proto.Message) { + xxx_messageInfo_UserOAuthAccessTokenList.Merge(m, src) +} +func (m *UserOAuthAccessTokenList) XXX_Size() int { + return m.Size() +} +func (m *UserOAuthAccessTokenList) XXX_DiscardUnknown() { + xxx_messageInfo_UserOAuthAccessTokenList.DiscardUnknown(m) +} + +var xxx_messageInfo_UserOAuthAccessTokenList proto.InternalMessageInfo + func init() { proto.RegisterType((*ClusterRoleScopeRestriction)(nil), "github.com.openshift.api.oauth.v1.ClusterRoleScopeRestriction") proto.RegisterType((*OAuthAccessToken)(nil), "github.com.openshift.api.oauth.v1.OAuthAccessToken") @@ -376,6 +432,8 @@ func init() { proto.RegisterType((*OAuthRedirectReference)(nil), "github.com.openshift.api.oauth.v1.OAuthRedirectReference") proto.RegisterType((*RedirectReference)(nil), "github.com.openshift.api.oauth.v1.RedirectReference") proto.RegisterType((*ScopeRestriction)(nil), "github.com.openshift.api.oauth.v1.ScopeRestriction") + proto.RegisterType((*UserOAuthAccessToken)(nil), "github.com.openshift.api.oauth.v1.UserOAuthAccessToken") + proto.RegisterType((*UserOAuthAccessTokenList)(nil), "github.com.openshift.api.oauth.v1.UserOAuthAccessTokenList") } func init() { @@ -383,84 +441,87 @@ func init() { } var fileDescriptor_bd688dca7ea39c8a = []byte{ - // 1228 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0x57, 0xcd, 0x6f, 0x1b, 0xc5, - 0x1b, 0xce, 0x26, 0xb6, 0x63, 0x8f, 0x9b, 0x0f, 0x4f, 0x9a, 0x76, 0x7f, 0x6d, 0x7f, 0xb6, 0x71, - 0x24, 0x6a, 0x04, 0xac, 0x49, 0x28, 0x55, 0xa5, 0x4a, 0x95, 0x6c, 0x53, 0x15, 0x0b, 0xd2, 0x4a, - 0xe3, 0x06, 0x2a, 0xe8, 0xa1, 0x93, 0xdd, 0x37, 0xf6, 0x90, 0xf5, 0xee, 0xb2, 0x33, 0x0e, 0x09, - 0xea, 0x81, 0x0b, 0x77, 0xfe, 0x11, 0x2e, 0xdc, 0x39, 0x20, 0x71, 0xc8, 0x09, 0xf5, 0xc0, 0xa1, - 0x27, 0x8b, 0x18, 0xf1, 0x4f, 0x70, 0x42, 0x3b, 0xbb, 0xde, 0x0f, 0x7f, 0x10, 0xe7, 0x12, 0x71, - 0xe0, 0xb6, 0xfb, 0x3e, 0xcf, 0xf3, 0xce, 0xc7, 0xbe, 0xcf, 0x3b, 0xb3, 0x68, 0xbb, 0xc3, 0x44, - 0xb7, 0xbf, 0xaf, 0xe9, 0x76, 0xaf, 0x66, 0x3b, 0x60, 0xf1, 0x2e, 0x3b, 0x10, 0x35, 0xea, 0xb0, - 0x9a, 0x4d, 0xfb, 0xa2, 0x5b, 0x3b, 0xda, 0xae, 0x75, 0xc0, 0x02, 0x97, 0x0a, 0x30, 0x34, 0xc7, - 0xb5, 0x85, 0x8d, 0xdf, 0x88, 0x24, 0x5a, 0x28, 0xd1, 0xa8, 0xc3, 0x34, 0x29, 0xd1, 0x8e, 0xb6, - 0x6f, 0xbc, 0x1b, 0xcb, 0xda, 0xb1, 0x3b, 0x76, 0x4d, 0x2a, 0xf7, 0xfb, 0x07, 0xf2, 0x4d, 0xbe, - 0xc8, 0x27, 0x3f, 0xe3, 0x8d, 0x3b, 0x87, 0xf7, 0xb8, 0xc6, 0x6c, 0x6f, 0xd8, 0x1e, 0xd5, 0xbb, - 0xcc, 0x02, 0xf7, 0xa4, 0xe6, 0x1c, 0x76, 0xbc, 0x00, 0xaf, 0xf5, 0x40, 0xd0, 0x29, 0xf3, 0xb8, - 0x71, 0x77, 0x96, 0xca, 0xed, 0x5b, 0x82, 0xf5, 0xa0, 0xc6, 0xf5, 0x2e, 0xf4, 0xe8, 0xb8, 0xae, - 0xf2, 0x93, 0x82, 0x6e, 0x36, 0xcd, 0x3e, 0x17, 0xe0, 0x12, 0xdb, 0x84, 0xb6, 0x6e, 0x3b, 0x40, - 0x80, 0x0b, 0x97, 0xe9, 0x82, 0xd9, 0x16, 0x7e, 0x1b, 0xe5, 0x5c, 0xdb, 0x84, 0xc7, 0xb4, 0x07, - 0x5c, 0x55, 0xca, 0x4b, 0xd5, 0x5c, 0x63, 0x65, 0x38, 0x28, 0xe5, 0xc8, 0x28, 0x48, 0x22, 0x1c, - 0x6b, 0x08, 0x59, 0xde, 0x83, 0x43, 0x75, 0xe0, 0xea, 0xa2, 0x64, 0xaf, 0x0e, 0x07, 0x25, 0xf4, - 0x38, 0x8c, 0x92, 0x18, 0x03, 0xd7, 0xd1, 0x1a, 0x35, 0x4d, 0xfb, 0xeb, 0x87, 0x5c, 0xa7, 0x26, - 0xf5, 0xc6, 0x53, 0x97, 0xca, 0x4a, 0x35, 0xdb, 0xb8, 0x7e, 0x3a, 0x28, 0x2d, 0x0c, 0x07, 0xa5, - 0xb5, 0x7a, 0x12, 0x26, 0xe3, 0xfc, 0xca, 0x9f, 0x29, 0xb4, 0xfe, 0xa4, 0xde, 0x17, 0xdd, 0xba, - 0xae, 0x03, 0xe7, 0x4f, 0xed, 0x43, 0xb0, 0xf0, 0x0b, 0x94, 0xf5, 0xf6, 0xc9, 0xa0, 0x82, 0xaa, - 0x4a, 0x59, 0xa9, 0xe6, 0x77, 0xde, 0xd3, 0xfc, 0xfd, 0xd1, 0xe2, 0xfb, 0xa3, 0x39, 0x87, 0x1d, - 0x2f, 0xc0, 0x35, 0x8f, 0xad, 0x1d, 0x6d, 0x6b, 0x4f, 0xf6, 0xbf, 0x04, 0x5d, 0xec, 0x82, 0xa0, - 0x0d, 0x1c, 0x4c, 0x01, 0x45, 0x31, 0x12, 0x66, 0xc5, 0x3b, 0x08, 0xe9, 0x26, 0x03, 0x4b, 0x78, - 0x2b, 0x53, 0x17, 0xcb, 0x4a, 0x35, 0x17, 0x29, 0x9a, 0x21, 0x42, 0x62, 0x2c, 0x5c, 0x43, 0x39, - 0x38, 0x76, 0x98, 0x0b, 0xbc, 0xe5, 0xaf, 0x73, 0xa9, 0x51, 0x08, 0x24, 0xb9, 0x87, 0x23, 0x80, - 0x44, 0x1c, 0x5c, 0x41, 0x19, 0xee, 0x7d, 0x0f, 0xae, 0xa6, 0xe4, 0x56, 0xa2, 0xe1, 0xa0, 0x94, - 0x91, 0x5f, 0x88, 0x93, 0x00, 0xc1, 0x1f, 0xa0, 0xbc, 0x0b, 0x06, 0x73, 0x41, 0x17, 0x7b, 0xa4, - 0xa5, 0xa6, 0xe5, 0x4c, 0x36, 0x82, 0xb4, 0x79, 0x12, 0x41, 0x24, 0xce, 0xc3, 0xef, 0xa0, 0x6c, - 0x9f, 0x83, 0x2b, 0x67, 0x9f, 0x91, 0x9a, 0xf5, 0x40, 0x93, 0xdd, 0x0b, 0xe2, 0x24, 0x64, 0xe0, - 0xb7, 0xd0, 0xb2, 0xf7, 0xbc, 0xd7, 0xfa, 0x50, 0x5d, 0x96, 0xe4, 0xb5, 0x80, 0xbc, 0xbc, 0xe7, - 0x87, 0xc9, 0x08, 0xc7, 0x0f, 0xd0, 0xaa, 0x57, 0xf7, 0xb6, 0xcb, 0xbe, 0x01, 0xf9, 0x31, 0xd4, - 0xac, 0x54, 0x5c, 0x0b, 0x14, 0xab, 0xf5, 0x04, 0x4a, 0xc6, 0xd8, 0xf8, 0x1e, 0xba, 0xe2, 0xc2, - 0x81, 0x0b, 0xbc, 0xeb, 0xab, 0x73, 0x52, 0x7d, 0x35, 0x50, 0x5f, 0x21, 0x31, 0x8c, 0x24, 0x98, - 0xf8, 0x39, 0x52, 0x99, 0x45, 0x75, 0xc1, 0x8e, 0x98, 0x38, 0x79, 0xca, 0x7a, 0x60, 0xf7, 0x45, - 0x1b, 0x74, 0xdb, 0x32, 0xb8, 0x8a, 0xca, 0x4a, 0x35, 0xdd, 0x28, 0x07, 0x59, 0xd4, 0xd6, 0x0c, - 0x1e, 0x99, 0x99, 0xa1, 0xf2, 0xab, 0x82, 0xae, 0x8e, 0xd7, 0xd9, 0x27, 0x8c, 0x0b, 0xfc, 0x7c, - 0xa2, 0xd6, 0xb4, 0xf9, 0x6a, 0xcd, 0x53, 0xcb, 0x4a, 0x0b, 0x77, 0x7e, 0x14, 0x89, 0xd5, 0xd9, - 0x33, 0x94, 0x66, 0x02, 0x7a, 0xbe, 0x99, 0xf2, 0x3b, 0xef, 0x6b, 0xe7, 0xb6, 0x1b, 0x6d, 0x7c, - 0x96, 0x8d, 0x95, 0x20, 0x7f, 0xba, 0xe5, 0x65, 0x22, 0x7e, 0xc2, 0xca, 0xcf, 0x29, 0xb4, 0xe1, - 0x53, 0x93, 0x1f, 0xe0, 0x3f, 0xef, 0x9c, 0xe7, 0x9d, 0x2d, 0x94, 0xe6, 0x82, 0x8a, 0x91, 0x71, - 0xc2, 0xed, 0x6d, 0x7b, 0x41, 0xe2, 0x63, 0x09, 0x83, 0x2d, 0x5f, 0xc4, 0x60, 0xd9, 0x73, 0x0c, - 0x76, 0x1f, 0xad, 0xe8, 0xb6, 0x01, 0xcd, 0x2e, 0x35, 0x4d, 0xb0, 0x3a, 0x10, 0x38, 0x64, 0x33, - 0x10, 0xac, 0x34, 0xe3, 0x20, 0x49, 0x72, 0xf1, 0x2e, 0xda, 0x48, 0x04, 0x76, 0x41, 0x74, 0x6d, - 0x43, 0xda, 0x23, 0xd7, 0xb8, 0x19, 0xa4, 0xd8, 0x68, 0x4e, 0x52, 0xc8, 0x34, 0x5d, 0xe5, 0x37, - 0x05, 0x5d, 0x9f, 0x52, 0x43, 0x97, 0xe0, 0x8b, 0x2f, 0x92, 0xbe, 0xb8, 0x3b, 0xb7, 0x2f, 0x12, - 0x13, 0x9d, 0x61, 0x8d, 0xef, 0x32, 0x28, 0x2f, 0xd9, 0x7e, 0x31, 0x5e, 0x82, 0x25, 0xde, 0x44, - 0x19, 0x0e, 0xba, 0x0b, 0x22, 0xb0, 0xc3, 0x6a, 0xc0, 0xce, 0xb4, 0x65, 0x94, 0x04, 0x28, 0x6e, - 0xa2, 0x02, 0x35, 0x0c, 0xe6, 0x9d, 0x7c, 0xd4, 0xf4, 0x31, 0xae, 0x2e, 0xc9, 0x02, 0xdf, 0x1c, - 0x0e, 0x4a, 0x85, 0xfa, 0x38, 0x48, 0x26, 0xf9, 0xb8, 0x8d, 0x36, 0x5d, 0xe0, 0x8e, 0x6d, 0x19, - 0x9f, 0x31, 0xd1, 0x0d, 0xbf, 0xa9, 0xe7, 0x14, 0xef, 0xec, 0xfd, 0x7f, 0x30, 0xf6, 0x26, 0x99, - 0x46, 0x22, 0xd3, 0xb5, 0xf8, 0x8e, 0xd7, 0xb7, 0x43, 0x8f, 0x70, 0x35, 0x2d, 0x27, 0xb5, 0xee, - 0xf7, 0xec, 0x28, 0x4e, 0x12, 0x2c, 0xdc, 0x42, 0xf9, 0x8e, 0x4b, 0x2d, 0x11, 0xd4, 0xa1, 0x6f, - 0xa8, 0xdb, 0x23, 0x07, 0x3e, 0x8a, 0xa0, 0xbf, 0x06, 0xa5, 0x75, 0xf9, 0xfa, 0x11, 0xb5, 0x0c, - 0x13, 0xdc, 0xa7, 0x27, 0x0e, 0x90, 0xb8, 0x16, 0xbf, 0x44, 0x05, 0x3e, 0x76, 0x79, 0xe1, 0xea, - 0xf2, 0xdc, 0x5d, 0x73, 0xfc, 0xe2, 0xd3, 0xf8, 0x5f, 0x30, 0x8b, 0xc2, 0x38, 0xc2, 0xc9, 0xe4, - 0x40, 0xf8, 0x19, 0x52, 0x69, 0xd4, 0x72, 0x77, 0xe9, 0x71, 0xbd, 0x03, 0xa3, 0xc3, 0x27, 0x2b, - 0x0f, 0x9f, 0x5b, 0xde, 0xc1, 0x53, 0x9f, 0xc1, 0x21, 0x33, 0xd5, 0xf8, 0x04, 0x6d, 0xc5, 0xb0, - 0x59, 0x27, 0x97, 0xec, 0x02, 0xe9, 0xc6, 0xed, 0xe1, 0xa0, 0xb4, 0x55, 0x3f, 0x9f, 0x4e, 0xe6, - 0xc9, 0x59, 0xf9, 0x61, 0x11, 0xa9, 0x31, 0x1f, 0x8c, 0xbc, 0x23, 0x2f, 0x5e, 0xff, 0xd2, 0x73, - 0x22, 0xde, 0x76, 0x97, 0x2e, 0xd2, 0x76, 0x53, 0xe7, 0xb4, 0xdd, 0xe8, 0x3c, 0x49, 0xcf, 0x3a, - 0x4f, 0x2a, 0x03, 0x05, 0xdd, 0x9a, 0xb5, 0x5f, 0x97, 0xd0, 0x13, 0x5f, 0x24, 0x7b, 0xe2, 0xfd, - 0x79, 0x7b, 0xe2, 0x94, 0xd9, 0xce, 0x68, 0x8c, 0xbf, 0x28, 0x68, 0x2d, 0x26, 0xb9, 0x84, 0x35, - 0xb5, 0x93, 0x6b, 0xd2, 0x2e, 0xb6, 0xa6, 0x19, 0xcb, 0x38, 0x53, 0xd0, 0x35, 0xc9, 0x1a, 0x75, - 0x26, 0x02, 0x07, 0xe0, 0x82, 0xa5, 0xc3, 0x25, 0x54, 0x35, 0xa0, 0x9c, 0x3b, 0x1a, 0x4e, 0x16, - 0x75, 0x7e, 0xe7, 0xce, 0x1c, 0xab, 0x9a, 0x98, 0x6a, 0x74, 0xff, 0x09, 0x43, 0x24, 0xca, 0x5c, - 0x79, 0x89, 0x0a, 0x93, 0xab, 0xdb, 0x42, 0xe9, 0x8e, 0x6b, 0xf7, 0x1d, 0xb9, 0xb4, 0xd8, 0xcd, - 0xe5, 0x91, 0x17, 0x24, 0x3e, 0x86, 0xcb, 0x28, 0x75, 0xc8, 0x2c, 0x23, 0x30, 0xdc, 0x95, 0x80, - 0x93, 0xfa, 0x98, 0x59, 0x06, 0x91, 0x88, 0xc7, 0xb0, 0x22, 0x83, 0x85, 0x0c, 0x69, 0x2e, 0x89, - 0x54, 0x7e, 0x54, 0xd0, 0xfa, 0x94, 0x5f, 0xc9, 0xac, 0xc9, 0x04, 0xb8, 0xd4, 0x1c, 0xfd, 0x49, - 0xae, 0x79, 0x5d, 0xfe, 0xe1, 0x31, 0xd5, 0xc5, 0xa7, 0xd4, 0xec, 0x03, 0x27, 0x21, 0x01, 0x7f, - 0x85, 0xf2, 0x7a, 0xf4, 0x5b, 0x1a, 0x6c, 0xd4, 0x83, 0x39, 0x36, 0xea, 0x1f, 0x7e, 0x66, 0xfd, - 0xf1, 0x62, 0x04, 0x12, 0x1f, 0xa3, 0x51, 0x3d, 0x3d, 0x2b, 0x2e, 0xbc, 0x3a, 0x2b, 0x2e, 0xbc, - 0x3e, 0x2b, 0x2e, 0x7c, 0x3b, 0x2c, 0x2a, 0xa7, 0xc3, 0xa2, 0xf2, 0x6a, 0x58, 0x54, 0x5e, 0x0f, - 0x8b, 0xca, 0xef, 0xc3, 0xa2, 0xf2, 0xfd, 0x1f, 0xc5, 0x85, 0xcf, 0x17, 0x8f, 0xb6, 0xff, 0x0e, - 0x00, 0x00, 0xff, 0xff, 0xd3, 0xf9, 0x68, 0xbb, 0x28, 0x10, 0x00, 0x00, + // 1272 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0x58, 0xcf, 0x6f, 0x1b, 0xc5, + 0x17, 0xcf, 0x36, 0x76, 0x62, 0x3f, 0x37, 0xbf, 0x26, 0x4d, 0xbb, 0xdf, 0xb6, 0x5f, 0xdb, 0x75, + 0x24, 0x1a, 0x04, 0xac, 0x49, 0x28, 0xa5, 0x52, 0xa5, 0x4a, 0x76, 0xa8, 0x4a, 0x04, 0x69, 0xa5, + 0x49, 0x03, 0x15, 0xf4, 0xd0, 0xe9, 0xee, 0x8b, 0x3d, 0x64, 0xbd, 0xbb, 0xec, 0x8c, 0x43, 0x83, + 0x7a, 0xe0, 0xc2, 0x9d, 0x7f, 0x84, 0x0b, 0x77, 0x0e, 0x48, 0x1c, 0x7a, 0x42, 0x3d, 0x20, 0xd4, + 0x93, 0x45, 0x8c, 0x38, 0xf0, 0x2f, 0x70, 0x42, 0x3b, 0xbb, 0xde, 0x1f, 0x8e, 0x4d, 0xdc, 0x03, + 0x11, 0x87, 0xde, 0xbc, 0xef, 0x7d, 0x3e, 0x6f, 0xde, 0xcc, 0xbc, 0xcf, 0x9b, 0x19, 0xc3, 0x7a, + 0x8b, 0xcb, 0x76, 0xf7, 0xb1, 0x61, 0xba, 0x9d, 0xba, 0xeb, 0xa1, 0x23, 0xda, 0x7c, 0x4f, 0xd6, + 0x99, 0xc7, 0xeb, 0x2e, 0xeb, 0xca, 0x76, 0xfd, 0x60, 0xbd, 0xde, 0x42, 0x07, 0x7d, 0x26, 0xd1, + 0x32, 0x3c, 0xdf, 0x95, 0x2e, 0xb9, 0x92, 0x50, 0x8c, 0x98, 0x62, 0x30, 0x8f, 0x1b, 0x8a, 0x62, + 0x1c, 0xac, 0x5f, 0x7c, 0x2b, 0x15, 0xb5, 0xe5, 0xb6, 0xdc, 0xba, 0x62, 0x3e, 0xee, 0xee, 0xa9, + 0x2f, 0xf5, 0xa1, 0x7e, 0x85, 0x11, 0x2f, 0x5e, 0xdb, 0xbf, 0x21, 0x0c, 0xee, 0x06, 0xc3, 0x76, + 0x98, 0xd9, 0xe6, 0x0e, 0xfa, 0x87, 0x75, 0x6f, 0xbf, 0x15, 0x18, 0x44, 0xbd, 0x83, 0x92, 0x8d, + 0xc8, 0xe3, 0xe2, 0xf5, 0x71, 0x2c, 0xbf, 0xeb, 0x48, 0xde, 0xc1, 0xba, 0x30, 0xdb, 0xd8, 0x61, + 0xc3, 0xbc, 0xda, 0x0f, 0x1a, 0x5c, 0xda, 0xb4, 0xbb, 0x42, 0xa2, 0x4f, 0x5d, 0x1b, 0x77, 0x4c, + 0xd7, 0x43, 0x8a, 0x42, 0xfa, 0xdc, 0x94, 0xdc, 0x75, 0xc8, 0x1b, 0x50, 0xf4, 0x5d, 0x1b, 0xef, + 0xb2, 0x0e, 0x0a, 0x5d, 0xab, 0x4e, 0xaf, 0x15, 0x9b, 0x73, 0xfd, 0x5e, 0xa5, 0x48, 0x07, 0x46, + 0x9a, 0xf8, 0x89, 0x01, 0xe0, 0x04, 0x3f, 0x3c, 0x66, 0xa2, 0xd0, 0xcf, 0x28, 0xf4, 0x7c, 0xbf, + 0x57, 0x81, 0xbb, 0xb1, 0x95, 0xa6, 0x10, 0xa4, 0x01, 0x0b, 0xcc, 0xb6, 0xdd, 0x2f, 0x6f, 0x0b, + 0x93, 0xd9, 0x2c, 0x18, 0x4f, 0x9f, 0xae, 0x6a, 0x6b, 0x85, 0xe6, 0x85, 0x67, 0xbd, 0xca, 0x54, + 0xbf, 0x57, 0x59, 0x68, 0x64, 0xdd, 0x74, 0x18, 0x5f, 0xfb, 0x23, 0x07, 0x8b, 0xf7, 0x1a, 0x5d, + 0xd9, 0x6e, 0x98, 0x26, 0x0a, 0x71, 0xdf, 0xdd, 0x47, 0x87, 0x3c, 0x82, 0x42, 0xb0, 0x4e, 0x16, + 0x93, 0x4c, 0xd7, 0xaa, 0xda, 0x5a, 0x69, 0xe3, 0x6d, 0x23, 0x5c, 0x1f, 0x23, 0xbd, 0x3e, 0x86, + 0xb7, 0xdf, 0x0a, 0x0c, 0xc2, 0x08, 0xd0, 0xc6, 0xc1, 0xba, 0x71, 0xef, 0xf1, 0xe7, 0x68, 0xca, + 0x6d, 0x94, 0xac, 0x49, 0xa2, 0x14, 0x20, 0xb1, 0xd1, 0x38, 0x2a, 0xd9, 0x00, 0x30, 0x6d, 0x8e, + 0x8e, 0x0c, 0x66, 0xa6, 0x9f, 0xa9, 0x6a, 0x6b, 0xc5, 0x84, 0xb1, 0x19, 0x7b, 0x68, 0x0a, 0x45, + 0xea, 0x50, 0xc4, 0x27, 0x1e, 0xf7, 0x51, 0x6c, 0x85, 0xf3, 0x9c, 0x6e, 0x2e, 0x45, 0x94, 0xe2, + 0xed, 0x81, 0x83, 0x26, 0x18, 0x52, 0x83, 0x19, 0x11, 0xec, 0x87, 0xd0, 0x73, 0x6a, 0x29, 0xa1, + 0xdf, 0xab, 0xcc, 0xa8, 0x1d, 0x12, 0x34, 0xf2, 0x90, 0x77, 0xa1, 0xe4, 0xa3, 0xc5, 0x7d, 0x34, + 0xe5, 0x2e, 0xdd, 0xd2, 0xf3, 0x2a, 0x93, 0xe5, 0x28, 0x6c, 0x89, 0x26, 0x2e, 0x9a, 0xc6, 0x91, + 0x37, 0xa1, 0xd0, 0x15, 0xe8, 0xab, 0xec, 0x67, 0x14, 0x67, 0x31, 0xe2, 0x14, 0x76, 0x23, 0x3b, + 0x8d, 0x11, 0xe4, 0x75, 0x98, 0x0d, 0x7e, 0xef, 0x6e, 0xbd, 0xaf, 0xcf, 0x2a, 0xf0, 0x42, 0x04, + 0x9e, 0xdd, 0x0d, 0xcd, 0x74, 0xe0, 0x27, 0xb7, 0x60, 0x3e, 0xa8, 0x7b, 0xd7, 0xe7, 0x5f, 0xa1, + 0xda, 0x0c, 0xbd, 0xa0, 0x18, 0xe7, 0x23, 0xc6, 0x7c, 0x23, 0xe3, 0xa5, 0x43, 0x68, 0x72, 0x03, + 0xce, 0xfa, 0xb8, 0xe7, 0xa3, 0x68, 0x87, 0xec, 0xa2, 0x62, 0x9f, 0x8b, 0xd8, 0x67, 0x69, 0xca, + 0x47, 0x33, 0x48, 0xf2, 0x10, 0x74, 0xee, 0x30, 0x53, 0xf2, 0x03, 0x2e, 0x0f, 0xef, 0xf3, 0x0e, + 0xba, 0x5d, 0xb9, 0x83, 0xa6, 0xeb, 0x58, 0x42, 0x87, 0xaa, 0xb6, 0x96, 0x6f, 0x56, 0xa3, 0x28, + 0xfa, 0xd6, 0x18, 0x1c, 0x1d, 0x1b, 0xa1, 0xf6, 0xb3, 0x06, 0xe7, 0x86, 0xeb, 0xec, 0x23, 0x2e, + 0x24, 0x79, 0x78, 0xac, 0xd6, 0x8c, 0xc9, 0x6a, 0x2d, 0x60, 0xab, 0x4a, 0x8b, 0x57, 0x7e, 0x60, + 0x49, 0xd5, 0xd9, 0x03, 0xc8, 0x73, 0x89, 0x9d, 0x50, 0x4c, 0xa5, 0x8d, 0x77, 0x8c, 0x13, 0xdb, + 0x8d, 0x31, 0x9c, 0x65, 0x73, 0x2e, 0x8a, 0x9f, 0xdf, 0x0a, 0x22, 0xd1, 0x30, 0x60, 0xed, 0xc7, + 0x1c, 0x2c, 0x87, 0xd0, 0xec, 0x06, 0xbc, 0xd2, 0xce, 0x49, 0xda, 0x59, 0x85, 0xbc, 0x90, 0x4c, + 0x0e, 0x84, 0x13, 0x2f, 0xef, 0x4e, 0x60, 0xa4, 0xa1, 0x2f, 0x23, 0xb0, 0xd9, 0x97, 0x11, 0x58, + 0xe1, 0x04, 0x81, 0xdd, 0x84, 0x39, 0xd3, 0xb5, 0x70, 0xb3, 0xcd, 0x6c, 0x1b, 0x9d, 0x16, 0x46, + 0x0a, 0x59, 0x89, 0x08, 0x73, 0x9b, 0x69, 0x27, 0xcd, 0x62, 0xc9, 0x36, 0x2c, 0x67, 0x0c, 0xdb, + 0x28, 0xdb, 0xae, 0xa5, 0xe4, 0x51, 0x6c, 0x5e, 0x8a, 0x42, 0x2c, 0x6f, 0x1e, 0x87, 0xd0, 0x51, + 0xbc, 0xda, 0x2f, 0x1a, 0x5c, 0x18, 0x51, 0x43, 0xa7, 0xa0, 0x8b, 0xcf, 0xb2, 0xba, 0xb8, 0x3e, + 0xb1, 0x2e, 0x32, 0x89, 0x8e, 0x91, 0xc6, 0x37, 0x33, 0x50, 0x52, 0xe8, 0xb0, 0x18, 0x4f, 0x41, + 0x12, 0xaf, 0xc1, 0x8c, 0x40, 0xd3, 0x47, 0x19, 0xc9, 0x61, 0x3e, 0x42, 0xcf, 0xec, 0x28, 0x2b, + 0x8d, 0xbc, 0x64, 0x13, 0x96, 0x98, 0x65, 0xf1, 0xe0, 0xe4, 0x63, 0x76, 0xe8, 0x13, 0xfa, 0xb4, + 0x2a, 0xf0, 0x95, 0x7e, 0xaf, 0xb2, 0xd4, 0x18, 0x76, 0xd2, 0xe3, 0x78, 0xb2, 0x03, 0x2b, 0x3e, + 0x0a, 0xcf, 0x75, 0xac, 0x4f, 0xb8, 0x6c, 0xc7, 0x7b, 0x1a, 0x28, 0x25, 0x38, 0x7b, 0xff, 0x1f, + 0x8d, 0xbd, 0x42, 0x47, 0x81, 0xe8, 0x68, 0x2e, 0xb9, 0x16, 0xf4, 0xed, 0x58, 0x23, 0x42, 0xcf, + 0xab, 0xa4, 0x16, 0xc3, 0x9e, 0x9d, 0xd8, 0x69, 0x06, 0x45, 0xb6, 0xa0, 0xd4, 0xf2, 0x99, 0x23, + 0xa3, 0x3a, 0x0c, 0x05, 0x75, 0x75, 0xa0, 0xc0, 0x3b, 0x89, 0xeb, 0xaf, 0x5e, 0x65, 0x51, 0x7d, + 0x7e, 0xc0, 0x1c, 0xcb, 0x46, 0xff, 0xfe, 0xa1, 0x87, 0x34, 0xcd, 0x25, 0x4f, 0x61, 0x49, 0x0c, + 0x5d, 0x5e, 0x84, 0x3e, 0x3b, 0x71, 0xd7, 0x1c, 0xbe, 0xf8, 0x34, 0xff, 0x17, 0x65, 0xb1, 0x34, + 0xec, 0x11, 0xf4, 0xf8, 0x40, 0xe4, 0x01, 0xe8, 0x2c, 0x69, 0xb9, 0xdb, 0xec, 0x49, 0xa3, 0x85, + 0x83, 0xc3, 0xa7, 0xa0, 0x0e, 0x9f, 0xcb, 0xc1, 0xc1, 0xd3, 0x18, 0x83, 0xa1, 0x63, 0xd9, 0xe4, + 0x10, 0x56, 0x53, 0xbe, 0x71, 0x27, 0x97, 0xea, 0x02, 0xf9, 0xe6, 0xd5, 0x7e, 0xaf, 0xb2, 0xda, + 0x38, 0x19, 0x4e, 0x27, 0x89, 0x59, 0xfb, 0xee, 0x0c, 0xe8, 0x29, 0x1d, 0x0c, 0xb4, 0xa3, 0x2e, + 0x5e, 0xff, 0xd1, 0x73, 0x22, 0xdd, 0x76, 0xa7, 0x5f, 0xa6, 0xed, 0xe6, 0x4e, 0x68, 0xbb, 0xc9, + 0x79, 0x92, 0x1f, 0x77, 0x9e, 0xd4, 0x7a, 0x1a, 0x5c, 0x1e, 0xb7, 0x5e, 0xa7, 0xd0, 0x13, 0x1f, + 0x65, 0x7b, 0xe2, 0xcd, 0x49, 0x7b, 0xe2, 0x88, 0x6c, 0xc7, 0x34, 0xc6, 0x9f, 0x34, 0x58, 0x48, + 0x51, 0x4e, 0x61, 0x4e, 0x3b, 0xd9, 0x39, 0x19, 0x2f, 0x37, 0xa7, 0x31, 0xd3, 0x38, 0xd2, 0xe0, + 0xbc, 0x42, 0x0d, 0x3a, 0x13, 0xc5, 0x3d, 0xf4, 0xd1, 0x31, 0xf1, 0x14, 0xaa, 0x1a, 0xa1, 0xe8, + 0x0f, 0x86, 0x53, 0x45, 0x5d, 0xda, 0xb8, 0x36, 0xc1, 0xac, 0x8e, 0xa5, 0x9a, 0xdc, 0x7f, 0x62, + 0x13, 0x4d, 0x22, 0xd7, 0x9e, 0xc2, 0xd2, 0xf1, 0xd9, 0xad, 0x42, 0xbe, 0xe5, 0xbb, 0x5d, 0x4f, + 0x4d, 0x2d, 0x75, 0x73, 0xb9, 0x13, 0x18, 0x69, 0xe8, 0x23, 0x55, 0xc8, 0xed, 0x73, 0xc7, 0x8a, + 0x04, 0x77, 0x36, 0xc2, 0xe4, 0x3e, 0xe4, 0x8e, 0x45, 0x95, 0x27, 0x40, 0x38, 0x89, 0xc0, 0x62, + 0x84, 0x12, 0x97, 0xf2, 0xd4, 0xbe, 0xd7, 0x60, 0x71, 0xc4, 0x53, 0xb2, 0x60, 0x73, 0x89, 0x3e, + 0xb3, 0x07, 0x2f, 0xc9, 0x85, 0xa0, 0xcb, 0xdf, 0x7e, 0xc2, 0x4c, 0xf9, 0x31, 0xb3, 0xbb, 0x28, + 0x68, 0x0c, 0x20, 0x5f, 0x40, 0xc9, 0x4c, 0x9e, 0xa5, 0xd1, 0x42, 0xdd, 0x9a, 0x60, 0xa1, 0xfe, + 0xe1, 0x31, 0x1b, 0x8e, 0x97, 0x02, 0xd0, 0xf4, 0x18, 0xb5, 0x3f, 0x73, 0x70, 0x2e, 0xd0, 0xfd, + 0xab, 0xe7, 0xe4, 0xab, 0xe7, 0xe4, 0xbf, 0xfd, 0x9c, 0xfc, 0x55, 0x03, 0x7d, 0x54, 0xad, 0x9d, + 0x42, 0x4b, 0x7d, 0x98, 0x6d, 0xa9, 0xef, 0x4d, 0xa0, 0xa9, 0x51, 0x99, 0x8e, 0xee, 0xad, 0xcd, + 0x3b, 0xcf, 0x8e, 0xca, 0x53, 0xcf, 0x8f, 0xca, 0x53, 0x2f, 0x8e, 0xca, 0x53, 0x5f, 0xf7, 0xcb, + 0xda, 0xb3, 0x7e, 0x59, 0x7b, 0xde, 0x2f, 0x6b, 0x2f, 0xfa, 0x65, 0xed, 0xb7, 0x7e, 0x59, 0xfb, + 0xf6, 0xf7, 0xf2, 0xd4, 0xa7, 0x57, 0x4e, 0xfc, 0xa3, 0xed, 0xef, 0x00, 0x00, 0x00, 0xff, 0xff, + 0xc6, 0xcf, 0x36, 0xd6, 0x8c, 0x13, 0x00, 0x00, } func (m *ClusterRoleScopeRestriction) Marshal() (dAtA []byte, err error) { @@ -1133,6 +1194,131 @@ func (m *ScopeRestriction) MarshalToSizedBuffer(dAtA []byte) (int, error) { return len(dAtA) - i, nil } +func (m *UserOAuthAccessToken) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *UserOAuthAccessToken) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *UserOAuthAccessToken) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + i = encodeVarintGenerated(dAtA, i, uint64(m.InactivityTimeoutSeconds)) + i-- + dAtA[i] = 0x50 + i -= len(m.RefreshToken) + copy(dAtA[i:], m.RefreshToken) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.RefreshToken))) + i-- + dAtA[i] = 0x4a + i -= len(m.AuthorizeToken) + copy(dAtA[i:], m.AuthorizeToken) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.AuthorizeToken))) + i-- + dAtA[i] = 0x42 + i -= len(m.UserUID) + copy(dAtA[i:], m.UserUID) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.UserUID))) + i-- + dAtA[i] = 0x3a + i -= len(m.UserName) + copy(dAtA[i:], m.UserName) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.UserName))) + i-- + dAtA[i] = 0x32 + i -= len(m.RedirectURI) + copy(dAtA[i:], m.RedirectURI) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.RedirectURI))) + i-- + dAtA[i] = 0x2a + if len(m.Scopes) > 0 { + for iNdEx := len(m.Scopes) - 1; iNdEx >= 0; iNdEx-- { + i -= len(m.Scopes[iNdEx]) + copy(dAtA[i:], m.Scopes[iNdEx]) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.Scopes[iNdEx]))) + i-- + dAtA[i] = 0x22 + } + } + i = encodeVarintGenerated(dAtA, i, uint64(m.ExpiresIn)) + i-- + dAtA[i] = 0x18 + i -= len(m.ClientName) + copy(dAtA[i:], m.ClientName) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.ClientName))) + i-- + dAtA[i] = 0x12 + { + size, err := m.ObjectMeta.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0xa + return len(dAtA) - i, nil +} + +func (m *UserOAuthAccessTokenList) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *UserOAuthAccessTokenList) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *UserOAuthAccessTokenList) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if len(m.Items) > 0 { + for iNdEx := len(m.Items) - 1; iNdEx >= 0; iNdEx-- { + { + size, err := m.Items[iNdEx].MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x12 + } + } + { + size, err := m.ListMeta.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0xa + return len(dAtA) - i, nil +} + func encodeVarintGenerated(dAtA []byte, offset int, v uint64) int { offset -= sovGenerated(v) base := offset @@ -1407,6 +1593,54 @@ func (m *ScopeRestriction) Size() (n int) { return n } +func (m *UserOAuthAccessToken) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = m.ObjectMeta.Size() + n += 1 + l + sovGenerated(uint64(l)) + l = len(m.ClientName) + n += 1 + l + sovGenerated(uint64(l)) + n += 1 + sovGenerated(uint64(m.ExpiresIn)) + if len(m.Scopes) > 0 { + for _, s := range m.Scopes { + l = len(s) + n += 1 + l + sovGenerated(uint64(l)) + } + } + l = len(m.RedirectURI) + n += 1 + l + sovGenerated(uint64(l)) + l = len(m.UserName) + n += 1 + l + sovGenerated(uint64(l)) + l = len(m.UserUID) + n += 1 + l + sovGenerated(uint64(l)) + l = len(m.AuthorizeToken) + n += 1 + l + sovGenerated(uint64(l)) + l = len(m.RefreshToken) + n += 1 + l + sovGenerated(uint64(l)) + n += 1 + sovGenerated(uint64(m.InactivityTimeoutSeconds)) + return n +} + +func (m *UserOAuthAccessTokenList) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = m.ListMeta.Size() + n += 1 + l + sovGenerated(uint64(l)) + if len(m.Items) > 0 { + for _, e := range m.Items { + l = e.Size() + n += 1 + l + sovGenerated(uint64(l)) + } + } + return n +} + func sovGenerated(x uint64) (n int) { return (math_bits.Len64(x|1) + 6) / 7 } @@ -1598,6 +1832,41 @@ func (this *ScopeRestriction) String() string { }, "") return s } +func (this *UserOAuthAccessToken) String() string { + if this == nil { + return "nil" + } + s := strings.Join([]string{`&UserOAuthAccessToken{`, + `ObjectMeta:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.ObjectMeta), "ObjectMeta", "v1.ObjectMeta", 1), `&`, ``, 1) + `,`, + `ClientName:` + fmt.Sprintf("%v", this.ClientName) + `,`, + `ExpiresIn:` + fmt.Sprintf("%v", this.ExpiresIn) + `,`, + `Scopes:` + fmt.Sprintf("%v", this.Scopes) + `,`, + `RedirectURI:` + fmt.Sprintf("%v", this.RedirectURI) + `,`, + `UserName:` + fmt.Sprintf("%v", this.UserName) + `,`, + `UserUID:` + fmt.Sprintf("%v", this.UserUID) + `,`, + `AuthorizeToken:` + fmt.Sprintf("%v", this.AuthorizeToken) + `,`, + `RefreshToken:` + fmt.Sprintf("%v", this.RefreshToken) + `,`, + `InactivityTimeoutSeconds:` + fmt.Sprintf("%v", this.InactivityTimeoutSeconds) + `,`, + `}`, + }, "") + return s +} +func (this *UserOAuthAccessTokenList) String() string { + if this == nil { + return "nil" + } + repeatedStringForItems := "[]UserOAuthAccessToken{" + for _, f := range this.Items { + repeatedStringForItems += strings.Replace(strings.Replace(f.String(), "UserOAuthAccessToken", "UserOAuthAccessToken", 1), `&`, ``, 1) + "," + } + repeatedStringForItems += "}" + s := strings.Join([]string{`&UserOAuthAccessTokenList{`, + `ListMeta:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.ListMeta), "ListMeta", "v1.ListMeta", 1), `&`, ``, 1) + `,`, + `Items:` + repeatedStringForItems + `,`, + `}`, + }, "") + return s +} func valueToStringGenerated(v interface{}) string { rv := reflect.ValueOf(v) if rv.IsNil() { @@ -1725,10 +1994,7 @@ func (m *ClusterRoleScopeRestriction) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthGenerated - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthGenerated } if (iNdEx + skippy) > l { @@ -2073,10 +2339,7 @@ func (m *OAuthAccessToken) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthGenerated - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthGenerated } if (iNdEx + skippy) > l { @@ -2193,10 +2456,7 @@ func (m *OAuthAccessTokenList) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthGenerated - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthGenerated } if (iNdEx + skippy) > l { @@ -2554,10 +2814,7 @@ func (m *OAuthAuthorizeToken) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthGenerated - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthGenerated } if (iNdEx + skippy) > l { @@ -2674,10 +2931,7 @@ func (m *OAuthAuthorizeTokenList) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthGenerated - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthGenerated } if (iNdEx + skippy) > l { @@ -2982,10 +3236,7 @@ func (m *OAuthClient) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthGenerated - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthGenerated } if (iNdEx + skippy) > l { @@ -3196,10 +3447,7 @@ func (m *OAuthClientAuthorization) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthGenerated - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthGenerated } if (iNdEx + skippy) > l { @@ -3316,10 +3564,7 @@ func (m *OAuthClientAuthorizationList) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthGenerated - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthGenerated } if (iNdEx + skippy) > l { @@ -3436,10 +3681,7 @@ func (m *OAuthClientList) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthGenerated - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthGenerated } if (iNdEx + skippy) > l { @@ -3555,10 +3797,7 @@ func (m *OAuthRedirectReference) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthGenerated - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthGenerated } if (iNdEx + skippy) > l { @@ -3704,10 +3943,7 @@ func (m *RedirectReference) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthGenerated - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthGenerated } if (iNdEx + skippy) > l { @@ -3825,10 +4061,7 @@ func (m *ScopeRestriction) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthGenerated - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthGenerated } if (iNdEx + skippy) > l { @@ -3843,17 +4076,480 @@ func (m *ScopeRestriction) Unmarshal(dAtA []byte) error { } return nil } -func skipGenerated(dAtA []byte) (n int, err error) { +func (m *UserOAuthAccessToken) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { + preIndex := iNdEx var wire uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { - return 0, ErrIntOverflowGenerated + return ErrIntOverflowGenerated } if iNdEx >= l { - return 0, io.ErrUnexpectedEOF + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: UserOAuthAccessToken: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: UserOAuthAccessToken: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ObjectMeta", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.ObjectMeta.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ClientName", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.ClientName = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 3: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field ExpiresIn", wireType) + } + m.ExpiresIn = 0 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + m.ExpiresIn |= int64(b&0x7F) << shift + if b < 0x80 { + break + } + } + case 4: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Scopes", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Scopes = append(m.Scopes, string(dAtA[iNdEx:postIndex])) + iNdEx = postIndex + case 5: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field RedirectURI", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.RedirectURI = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 6: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field UserName", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.UserName = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 7: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field UserUID", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.UserUID = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 8: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field AuthorizeToken", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.AuthorizeToken = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 9: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field RefreshToken", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.RefreshToken = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 10: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field InactivityTimeoutSeconds", wireType) + } + m.InactivityTimeoutSeconds = 0 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + m.InactivityTimeoutSeconds |= int32(b&0x7F) << shift + if b < 0x80 { + break + } + } + default: + iNdEx = preIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *UserOAuthAccessTokenList) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: UserOAuthAccessTokenList: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: UserOAuthAccessTokenList: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ListMeta", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.ListMeta.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Items", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Items = append(m.Items, UserOAuthAccessToken{}) + if err := m.Items[len(m.Items)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func skipGenerated(dAtA []byte) (n int, err error) { + l := len(dAtA) + iNdEx := 0 + depth := 0 + for iNdEx < l { + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return 0, ErrIntOverflowGenerated + } + if iNdEx >= l { + return 0, io.ErrUnexpectedEOF } b := dAtA[iNdEx] iNdEx++ @@ -3877,10 +4573,8 @@ func skipGenerated(dAtA []byte) (n int, err error) { break } } - return iNdEx, nil case 1: iNdEx += 8 - return iNdEx, nil case 2: var length int for shift := uint(0); ; shift += 7 { @@ -3901,55 +4595,30 @@ func skipGenerated(dAtA []byte) (n int, err error) { return 0, ErrInvalidLengthGenerated } iNdEx += length - if iNdEx < 0 { - return 0, ErrInvalidLengthGenerated - } - return iNdEx, nil case 3: - for { - var innerWire uint64 - var start int = iNdEx - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return 0, ErrIntOverflowGenerated - } - if iNdEx >= l { - return 0, io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - innerWire |= (uint64(b) & 0x7F) << shift - if b < 0x80 { - break - } - } - innerWireType := int(innerWire & 0x7) - if innerWireType == 4 { - break - } - next, err := skipGenerated(dAtA[start:]) - if err != nil { - return 0, err - } - iNdEx = start + next - if iNdEx < 0 { - return 0, ErrInvalidLengthGenerated - } - } - return iNdEx, nil + depth++ case 4: - return iNdEx, nil + if depth == 0 { + return 0, ErrUnexpectedEndOfGroupGenerated + } + depth-- case 5: iNdEx += 4 - return iNdEx, nil default: return 0, fmt.Errorf("proto: illegal wireType %d", wireType) } + if iNdEx < 0 { + return 0, ErrInvalidLengthGenerated + } + if depth == 0 { + return iNdEx, nil + } } - panic("unreachable") + return 0, io.ErrUnexpectedEOF } var ( - ErrInvalidLengthGenerated = fmt.Errorf("proto: negative length found during unmarshaling") - ErrIntOverflowGenerated = fmt.Errorf("proto: integer overflow") + ErrInvalidLengthGenerated = fmt.Errorf("proto: negative length found during unmarshaling") + ErrIntOverflowGenerated = fmt.Errorf("proto: integer overflow") + ErrUnexpectedEndOfGroupGenerated = fmt.Errorf("proto: unexpected end of group") ) diff --git a/vendor/github.com/openshift/api/oauth/v1/generated.proto b/vendor/github.com/openshift/api/oauth/v1/generated.proto index 16a1b6cccd..ad6597d334 100644 --- a/vendor/github.com/openshift/api/oauth/v1/generated.proto +++ b/vendor/github.com/openshift/api/oauth/v1/generated.proto @@ -1,7 +1,7 @@ // This file was autogenerated by go-to-protobuf. Do not edit it manually! -syntax = 'proto2'; +syntax = "proto2"; package github.com.openshift.api.oauth.v1; @@ -9,7 +9,7 @@ import "k8s.io/apimachinery/pkg/apis/meta/v1/generated.proto"; import "k8s.io/apimachinery/pkg/runtime/schema/generated.proto"; // Package-wide variables from generator "generated". -option go_package = "v1"; +option go_package = "github.com/openshift/api/oauth/v1"; // ClusterRoleScopeRestriction describes restrictions on cluster role scopes message ClusterRoleScopeRestriction { @@ -23,9 +23,16 @@ message ClusterRoleScopeRestriction { optional bool allowEscalation = 3; } -// OAuthAccessToken describes an OAuth access token +// OAuthAccessToken describes an OAuth access token. +// The name of a token must be prefixed with a `sha256~` string, must not contain "/" or "%" characters and must be at +// least 32 characters long. +// +// The name of the token is constructed from the actual token by sha256-hashing it and using URL-safe unpadded +// base64-encoding (as described in RFC4648) on the hashed result. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message OAuthAccessToken { - // Standard object's metadata. optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; // ClientName references the client that created this token. @@ -59,8 +66,10 @@ message OAuthAccessToken { } // OAuthAccessTokenList is a collection of OAuth access tokens +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message OAuthAccessTokenList { - // Standard object's metadata. optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; // Items is the list of OAuth access tokens @@ -68,8 +77,10 @@ message OAuthAccessTokenList { } // OAuthAuthorizeToken describes an OAuth authorization token +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message OAuthAuthorizeToken { - // Standard object's metadata. optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; // ClientName references the client that created this token. @@ -102,8 +113,10 @@ message OAuthAuthorizeToken { } // OAuthAuthorizeTokenList is a collection of OAuth authorization tokens +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message OAuthAuthorizeTokenList { - // Standard object's metadata. optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; // Items is the list of OAuth authorization tokens @@ -111,8 +124,10 @@ message OAuthAuthorizeTokenList { } // OAuthClient describes an OAuth client +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message OAuthClient { - // Standard object's metadata. optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; // Secret is the unique secret associated with a client @@ -129,11 +144,10 @@ message OAuthClient { // +patchStrategy=merge repeated string redirectURIs = 5; - // GrantMethod determines how to handle grants for this client. If no method is provided, the - // cluster default grant handling method will be used. Valid grant handling methods are: + // GrantMethod is a required field which determines how to handle grants for this client. + // Valid grant handling methods are: // - auto: always approves grant requests, useful for trusted clients // - prompt: prompts the end user for approval of grant requests, useful for third-party clients - // - deny: always denies grant requests, useful for black-listed clients optional string grantMethod = 6; // ScopeRestrictions describes which scopes this client can request. Each requested scope @@ -156,12 +170,16 @@ message OAuthClient { // - 0: Tokens for this client never time out // - X: Tokens time out if there is no activity for X seconds // The current minimum allowed value for X is 300 (5 minutes) + // + // WARNING: existing tokens' timeout will not be affected (lowered) by changing this value optional int32 accessTokenInactivityTimeoutSeconds = 9; } // OAuthClientAuthorization describes an authorization created by an OAuth client +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message OAuthClientAuthorization { - // Standard object's metadata. optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; // ClientName references the client that created this authorization @@ -179,8 +197,10 @@ message OAuthClientAuthorization { } // OAuthClientAuthorizationList is a collection of OAuth client authorizations +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message OAuthClientAuthorizationList { - // Standard object's metadata. optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; // Items is the list of OAuth client authorizations @@ -188,8 +208,10 @@ message OAuthClientAuthorizationList { } // OAuthClientList is a collection of OAuth clients +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message OAuthClientList { - // Standard object's metadata. optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; // Items is the list of OAuth clients @@ -197,8 +219,10 @@ message OAuthClientList { } // OAuthRedirectReference is a reference to an OAuth redirect object. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message OAuthRedirectReference { - // Standard object's metadata. optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; // The reference to an redirect object in the current namespace. @@ -226,3 +250,50 @@ message ScopeRestriction { optional ClusterRoleScopeRestriction clusterRole = 2; } +// UserOAuthAccessToken is a virtual resource to mirror OAuthAccessTokens to +// the user the access token was issued for +// +openshift:compatibility-gen:level=1 +message UserOAuthAccessToken { + optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; + + // ClientName references the client that created this token. + optional string clientName = 2; + + // ExpiresIn is the seconds from CreationTime before this token expires. + optional int64 expiresIn = 3; + + // Scopes is an array of the requested scopes. + repeated string scopes = 4; + + // RedirectURI is the redirection associated with the token. + optional string redirectURI = 5; + + // UserName is the user name associated with this token + optional string userName = 6; + + // UserUID is the unique UID associated with this token + optional string userUID = 7; + + // AuthorizeToken contains the token that authorized this token + optional string authorizeToken = 8; + + // RefreshToken is the value by which this token can be renewed. Can be blank. + optional string refreshToken = 9; + + // InactivityTimeoutSeconds is the value in seconds, from the + // CreationTimestamp, after which this token can no longer be used. + // The value is automatically incremented when the token is used. + optional int32 inactivityTimeoutSeconds = 10; +} + +// UserOAuthAccessTokenList is a collection of access tokens issued on behalf of +// the requesting user +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +message UserOAuthAccessTokenList { + optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; + + repeated UserOAuthAccessToken items = 2; +} + diff --git a/vendor/github.com/openshift/api/oauth/v1/register.go b/vendor/github.com/openshift/api/oauth/v1/register.go index 37278c6414..9992dffea9 100644 --- a/vendor/github.com/openshift/api/oauth/v1/register.go +++ b/vendor/github.com/openshift/api/oauth/v1/register.go @@ -39,6 +39,8 @@ func addKnownTypes(scheme *runtime.Scheme) error { &OAuthClientAuthorization{}, &OAuthClientAuthorizationList{}, &OAuthRedirectReference{}, + &UserOAuthAccessToken{}, + &UserOAuthAccessTokenList{}, ) metav1.AddToGroupVersion(scheme, GroupVersion) return nil diff --git a/vendor/github.com/openshift/api/oauth/v1/types.go b/vendor/github.com/openshift/api/oauth/v1/types.go index 0863afbc06..12ccd2eec8 100644 --- a/vendor/github.com/openshift/api/oauth/v1/types.go +++ b/vendor/github.com/openshift/api/oauth/v1/types.go @@ -8,10 +8,17 @@ import ( // +genclient:nonNamespaced // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -// OAuthAccessToken describes an OAuth access token +// OAuthAccessToken describes an OAuth access token. +// The name of a token must be prefixed with a `sha256~` string, must not contain "/" or "%" characters and must be at +// least 32 characters long. +// +// The name of the token is constructed from the actual token by sha256-hashing it and using URL-safe unpadded +// base64-encoding (as described in RFC4648) on the hashed result. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type OAuthAccessToken struct { - metav1.TypeMeta `json:",inline"` - // Standard object's metadata. + metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` // ClientName references the client that created this token. @@ -49,9 +56,11 @@ type OAuthAccessToken struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // OAuthAuthorizeToken describes an OAuth authorization token +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type OAuthAuthorizeToken struct { - metav1.TypeMeta `json:",inline"` - // Standard object's metadata. + metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` // ClientName references the client that created this token. @@ -88,9 +97,11 @@ type OAuthAuthorizeToken struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // OAuthClient describes an OAuth client +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type OAuthClient struct { - metav1.TypeMeta `json:",inline"` - // Standard object's metadata. + metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` // Secret is the unique secret associated with a client @@ -107,11 +118,10 @@ type OAuthClient struct { // +patchStrategy=merge RedirectURIs []string `json:"redirectURIs,omitempty" patchStrategy:"merge" protobuf:"bytes,5,rep,name=redirectURIs"` - // GrantMethod determines how to handle grants for this client. If no method is provided, the - // cluster default grant handling method will be used. Valid grant handling methods are: + // GrantMethod is a required field which determines how to handle grants for this client. + // Valid grant handling methods are: // - auto: always approves grant requests, useful for trusted clients // - prompt: prompts the end user for approval of grant requests, useful for third-party clients - // - deny: always denies grant requests, useful for black-listed clients GrantMethod GrantHandlerType `json:"grantMethod,omitempty" protobuf:"bytes,6,opt,name=grantMethod,casttype=GrantHandlerType"` // ScopeRestrictions describes which scopes this client can request. Each requested scope @@ -134,6 +144,8 @@ type OAuthClient struct { // - 0: Tokens for this client never time out // - X: Tokens time out if there is no activity for X seconds // The current minimum allowed value for X is 300 (5 minutes) + // + // WARNING: existing tokens' timeout will not be affected (lowered) by changing this value AccessTokenInactivityTimeoutSeconds *int32 `json:"accessTokenInactivityTimeoutSeconds,omitempty" protobuf:"varint,9,opt,name=accessTokenInactivityTimeoutSeconds"` } @@ -172,9 +184,11 @@ type ClusterRoleScopeRestriction struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // OAuthClientAuthorization describes an authorization created by an OAuth client +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type OAuthClientAuthorization struct { - metav1.TypeMeta `json:",inline"` - // Standard object's metadata. + metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` // ClientName references the client that created this authorization @@ -194,10 +208,13 @@ type OAuthClientAuthorization struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // OAuthAccessTokenList is a collection of OAuth access tokens +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type OAuthAccessTokenList struct { metav1.TypeMeta `json:",inline"` - // Standard object's metadata. metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` + // Items is the list of OAuth access tokens Items []OAuthAccessToken `json:"items" protobuf:"bytes,2,rep,name=items"` } @@ -205,10 +222,13 @@ type OAuthAccessTokenList struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // OAuthAuthorizeTokenList is a collection of OAuth authorization tokens +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type OAuthAuthorizeTokenList struct { metav1.TypeMeta `json:",inline"` - // Standard object's metadata. metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` + // Items is the list of OAuth authorization tokens Items []OAuthAuthorizeToken `json:"items" protobuf:"bytes,2,rep,name=items"` } @@ -216,10 +236,13 @@ type OAuthAuthorizeTokenList struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // OAuthClientList is a collection of OAuth clients +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type OAuthClientList struct { metav1.TypeMeta `json:",inline"` - // Standard object's metadata. metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` + // Items is the list of OAuth clients Items []OAuthClient `json:"items" protobuf:"bytes,2,rep,name=items"` } @@ -227,10 +250,13 @@ type OAuthClientList struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // OAuthClientAuthorizationList is a collection of OAuth client authorizations +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type OAuthClientAuthorizationList struct { metav1.TypeMeta `json:",inline"` - // Standard object's metadata. metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` + // Items is the list of OAuth client authorizations Items []OAuthClientAuthorization `json:"items" protobuf:"bytes,2,rep,name=items"` } @@ -238,10 +264,13 @@ type OAuthClientAuthorizationList struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // OAuthRedirectReference is a reference to an OAuth redirect object. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type OAuthRedirectReference struct { - metav1.TypeMeta `json:",inline"` - // Standard object's metadata. + metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` + // The reference to an redirect object in the current namespace. Reference RedirectReference `json:"reference,omitempty" protobuf:"bytes,2,opt,name=reference"` } @@ -257,3 +286,26 @@ type RedirectReference struct { // The name of the target that is being referred to. e.g. name of the Route. Name string `json:"name" protobuf:"bytes,3,opt,name=name"` } + +// +genclient +// +genclient:nonNamespaced +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// UserOAuthAccessToken is a virtual resource to mirror OAuthAccessTokens to +// the user the access token was issued for +// +openshift:compatibility-gen:level=1 +type UserOAuthAccessToken OAuthAccessToken + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// UserOAuthAccessTokenList is a collection of access tokens issued on behalf of +// the requesting user +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +type UserOAuthAccessTokenList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` + + Items []UserOAuthAccessToken `json:"items" protobuf:"bytes,2,rep,name=items"` +} diff --git a/vendor/github.com/openshift/api/oauth/v1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/oauth/v1/zz_generated.deepcopy.go index 4506548c69..f1af9dc5f0 100644 --- a/vendor/github.com/openshift/api/oauth/v1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/oauth/v1/zz_generated.deepcopy.go @@ -1,3 +1,4 @@ +//go:build !ignore_autogenerated // +build !ignore_autogenerated // Code generated by deepcopy-gen. DO NOT EDIT. @@ -380,3 +381,67 @@ func (in *ScopeRestriction) DeepCopy() *ScopeRestriction { in.DeepCopyInto(out) return out } + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *UserOAuthAccessToken) DeepCopyInto(out *UserOAuthAccessToken) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + if in.Scopes != nil { + in, out := &in.Scopes, &out.Scopes + *out = make([]string, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UserOAuthAccessToken. +func (in *UserOAuthAccessToken) DeepCopy() *UserOAuthAccessToken { + if in == nil { + return nil + } + out := new(UserOAuthAccessToken) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *UserOAuthAccessToken) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *UserOAuthAccessTokenList) DeepCopyInto(out *UserOAuthAccessTokenList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]UserOAuthAccessToken, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UserOAuthAccessTokenList. +func (in *UserOAuthAccessTokenList) DeepCopy() *UserOAuthAccessTokenList { + if in == nil { + return nil + } + out := new(UserOAuthAccessTokenList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *UserOAuthAccessTokenList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} diff --git a/vendor/github.com/openshift/api/oauth/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/oauth/v1/zz_generated.swagger_doc_generated.go index 2742cd70da..e1c5a16853 100644 --- a/vendor/github.com/openshift/api/oauth/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/oauth/v1/zz_generated.swagger_doc_generated.go @@ -23,8 +23,7 @@ func (ClusterRoleScopeRestriction) SwaggerDoc() map[string]string { } var map_OAuthAccessToken = map[string]string{ - "": "OAuthAccessToken describes an OAuth access token", - "metadata": "Standard object's metadata.", + "": "OAuthAccessToken describes an OAuth access token. The name of a token must be prefixed with a `sha256~` string, must not contain \"/\" or \"%\" characters and must be at least 32 characters long.\n\nThe name of the token is constructed from the actual token by sha256-hashing it and using URL-safe unpadded base64-encoding (as described in RFC4648) on the hashed result.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "clientName": "ClientName references the client that created this token.", "expiresIn": "ExpiresIn is the seconds from CreationTime before this token expires.", "scopes": "Scopes is an array of the requested scopes.", @@ -41,9 +40,8 @@ func (OAuthAccessToken) SwaggerDoc() map[string]string { } var map_OAuthAccessTokenList = map[string]string{ - "": "OAuthAccessTokenList is a collection of OAuth access tokens", - "metadata": "Standard object's metadata.", - "items": "Items is the list of OAuth access tokens", + "": "OAuthAccessTokenList is a collection of OAuth access tokens\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "items": "Items is the list of OAuth access tokens", } func (OAuthAccessTokenList) SwaggerDoc() map[string]string { @@ -51,8 +49,7 @@ func (OAuthAccessTokenList) SwaggerDoc() map[string]string { } var map_OAuthAuthorizeToken = map[string]string{ - "": "OAuthAuthorizeToken describes an OAuth authorization token", - "metadata": "Standard object's metadata.", + "": "OAuthAuthorizeToken describes an OAuth authorization token\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "clientName": "ClientName references the client that created this token.", "expiresIn": "ExpiresIn is the seconds from CreationTime before this token expires.", "scopes": "Scopes is an array of the requested scopes.", @@ -69,9 +66,8 @@ func (OAuthAuthorizeToken) SwaggerDoc() map[string]string { } var map_OAuthAuthorizeTokenList = map[string]string{ - "": "OAuthAuthorizeTokenList is a collection of OAuth authorization tokens", - "metadata": "Standard object's metadata.", - "items": "Items is the list of OAuth authorization tokens", + "": "OAuthAuthorizeTokenList is a collection of OAuth authorization tokens\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "items": "Items is the list of OAuth authorization tokens", } func (OAuthAuthorizeTokenList) SwaggerDoc() map[string]string { @@ -79,16 +75,15 @@ func (OAuthAuthorizeTokenList) SwaggerDoc() map[string]string { } var map_OAuthClient = map[string]string{ - "": "OAuthClient describes an OAuth client", - "metadata": "Standard object's metadata.", + "": "OAuthClient describes an OAuth client\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "secret": "Secret is the unique secret associated with a client", "additionalSecrets": "AdditionalSecrets holds other secrets that may be used to identify the client. This is useful for rotation and for service account token validation", "respondWithChallenges": "RespondWithChallenges indicates whether the client wants authentication needed responses made in the form of challenges instead of redirects", "redirectURIs": "RedirectURIs is the valid redirection URIs associated with a client", - "grantMethod": "GrantMethod determines how to handle grants for this client. If no method is provided, the cluster default grant handling method will be used. Valid grant handling methods are:\n - auto: always approves grant requests, useful for trusted clients\n - prompt: prompts the end user for approval of grant requests, useful for third-party clients\n - deny: always denies grant requests, useful for black-listed clients", + "grantMethod": "GrantMethod is a required field which determines how to handle grants for this client. Valid grant handling methods are:\n - auto: always approves grant requests, useful for trusted clients\n - prompt: prompts the end user for approval of grant requests, useful for third-party clients", "scopeRestrictions": "ScopeRestrictions describes which scopes this client can request. Each requested scope is checked against each restriction. If any restriction matches, then the scope is allowed. If no restriction matches, then the scope is denied.", "accessTokenMaxAgeSeconds": "AccessTokenMaxAgeSeconds overrides the default access token max age for tokens granted to this client. 0 means no expiration.", - "accessTokenInactivityTimeoutSeconds": "AccessTokenInactivityTimeoutSeconds overrides the default token inactivity timeout for tokens granted to this client. The value represents the maximum amount of time that can occur between consecutive uses of the token. Tokens become invalid if they are not used within this temporal window. The user will need to acquire a new token to regain access once a token times out. This value needs to be set only if the default set in configuration is not appropriate for this client. Valid values are: - 0: Tokens for this client never time out - X: Tokens time out if there is no activity for X seconds The current minimum allowed value for X is 300 (5 minutes)", + "accessTokenInactivityTimeoutSeconds": "AccessTokenInactivityTimeoutSeconds overrides the default token inactivity timeout for tokens granted to this client. The value represents the maximum amount of time that can occur between consecutive uses of the token. Tokens become invalid if they are not used within this temporal window. The user will need to acquire a new token to regain access once a token times out. This value needs to be set only if the default set in configuration is not appropriate for this client. Valid values are: - 0: Tokens for this client never time out - X: Tokens time out if there is no activity for X seconds The current minimum allowed value for X is 300 (5 minutes)\n\nWARNING: existing tokens' timeout will not be affected (lowered) by changing this value", } func (OAuthClient) SwaggerDoc() map[string]string { @@ -96,8 +91,7 @@ func (OAuthClient) SwaggerDoc() map[string]string { } var map_OAuthClientAuthorization = map[string]string{ - "": "OAuthClientAuthorization describes an authorization created by an OAuth client", - "metadata": "Standard object's metadata.", + "": "OAuthClientAuthorization describes an authorization created by an OAuth client\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "clientName": "ClientName references the client that created this authorization", "userName": "UserName is the user name that authorized this client", "userUID": "UserUID is the unique UID associated with this authorization. UserUID and UserName must both match for this authorization to be valid.", @@ -109,9 +103,8 @@ func (OAuthClientAuthorization) SwaggerDoc() map[string]string { } var map_OAuthClientAuthorizationList = map[string]string{ - "": "OAuthClientAuthorizationList is a collection of OAuth client authorizations", - "metadata": "Standard object's metadata.", - "items": "Items is the list of OAuth client authorizations", + "": "OAuthClientAuthorizationList is a collection of OAuth client authorizations\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "items": "Items is the list of OAuth client authorizations", } func (OAuthClientAuthorizationList) SwaggerDoc() map[string]string { @@ -119,9 +112,8 @@ func (OAuthClientAuthorizationList) SwaggerDoc() map[string]string { } var map_OAuthClientList = map[string]string{ - "": "OAuthClientList is a collection of OAuth clients", - "metadata": "Standard object's metadata.", - "items": "Items is the list of OAuth clients", + "": "OAuthClientList is a collection of OAuth clients\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "items": "Items is the list of OAuth clients", } func (OAuthClientList) SwaggerDoc() map[string]string { @@ -129,8 +121,7 @@ func (OAuthClientList) SwaggerDoc() map[string]string { } var map_OAuthRedirectReference = map[string]string{ - "": "OAuthRedirectReference is a reference to an OAuth redirect object.", - "metadata": "Standard object's metadata.", + "": "OAuthRedirectReference is a reference to an OAuth redirect object.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "reference": "The reference to an redirect object in the current namespace.", } @@ -159,4 +150,12 @@ func (ScopeRestriction) SwaggerDoc() map[string]string { return map_ScopeRestriction } +var map_UserOAuthAccessTokenList = map[string]string{ + "": "UserOAuthAccessTokenList is a collection of access tokens issued on behalf of the requesting user\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", +} + +func (UserOAuthAccessTokenList) SwaggerDoc() map[string]string { + return map_UserOAuthAccessTokenList +} + // AUTO-GENERATED FUNCTIONS END HERE diff --git a/vendor/github.com/openshift/api/pkg/serialization/serialization.go b/vendor/github.com/openshift/api/pkg/serialization/serialization.go new file mode 100644 index 0000000000..70c8e7a994 --- /dev/null +++ b/vendor/github.com/openshift/api/pkg/serialization/serialization.go @@ -0,0 +1,45 @@ +package serialization + +import ( + "k8s.io/apimachinery/pkg/runtime" +) + +// DecodeNestedRawExtensionOrUnknown +func DecodeNestedRawExtensionOrUnknown(d runtime.Decoder, ext *runtime.RawExtension) { + if ext.Raw == nil || ext.Object != nil { + return + } + obj, gvk, err := d.Decode(ext.Raw, nil, nil) + if err != nil { + unk := &runtime.Unknown{Raw: ext.Raw} + if runtime.IsNotRegisteredError(err) { + if _, gvk, err := d.Decode(ext.Raw, nil, unk); err == nil { + unk.APIVersion = gvk.GroupVersion().String() + unk.Kind = gvk.Kind + ext.Object = unk + return + } + } + // TODO: record mime-type with the object + if gvk != nil { + unk.APIVersion = gvk.GroupVersion().String() + unk.Kind = gvk.Kind + } + obj = unk + } + ext.Object = obj +} + +// EncodeNestedRawExtension will encode the object in the RawExtension (if not nil) or +// return an error. +func EncodeNestedRawExtension(e runtime.Encoder, ext *runtime.RawExtension) error { + if ext.Raw != nil || ext.Object == nil { + return nil + } + data, err := runtime.Encode(e, ext.Object) + if err != nil { + return err + } + ext.Raw = data + return nil +} diff --git a/vendor/github.com/openshift/api/project/v1/generated.pb.go b/vendor/github.com/openshift/api/project/v1/generated.pb.go index f6f1737b21..822dbbc301 100644 --- a/vendor/github.com/openshift/api/project/v1/generated.pb.go +++ b/vendor/github.com/openshift/api/project/v1/generated.pb.go @@ -27,7 +27,7 @@ var _ = math.Inf // is compatible with the proto package it is being compiled against. // A compilation error at this line likely means your copy of the // proto package needs to be updated. -const _ = proto.GoGoProtoPackageIsVersion2 // please upgrade the proto package +const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package func (m *Project) Reset() { *m = Project{} } func (*Project) ProtoMessage() {} @@ -182,43 +182,43 @@ func init() { } var fileDescriptor_fbf46eaac05029bf = []byte{ - // 570 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x93, 0x3d, 0x8f, 0xd3, 0x30, - 0x18, 0xc7, 0x9b, 0xf6, 0x7a, 0x5c, 0x5d, 0xee, 0x84, 0xc2, 0x52, 0x75, 0x48, 0x4b, 0x90, 0x50, - 0x07, 0x70, 0x68, 0x79, 0x11, 0x73, 0x40, 0x08, 0x24, 0x5e, 0x0e, 0xb3, 0x55, 0x0c, 0xb8, 0xa9, - 0x9b, 0x9a, 0x5e, 0x62, 0x13, 0xbb, 0x95, 0x8e, 0x89, 0x8f, 0xc0, 0xce, 0xe7, 0x60, 0x65, 0xee, - 0x78, 0xe3, 0x4d, 0xd5, 0x35, 0x7c, 0x8b, 0x9b, 0x90, 0x1d, 0x37, 0x09, 0x5c, 0x91, 0xee, 0x16, - 0xb6, 0xfa, 0xc9, 0xff, 0xf7, 0xb3, 0xfd, 0x3c, 0x2e, 0x78, 0x10, 0x52, 0x39, 0x9d, 0x8f, 0x60, - 0xc0, 0x22, 0x8f, 0x71, 0x12, 0x8b, 0x29, 0x9d, 0x48, 0x0f, 0x73, 0xea, 0xf1, 0x84, 0x7d, 0x22, - 0x81, 0xf4, 0x16, 0x7d, 0x2f, 0x24, 0x31, 0x49, 0xb0, 0x24, 0x63, 0xc8, 0x13, 0x26, 0x99, 0x7d, - 0xbb, 0x80, 0x60, 0x0e, 0x41, 0xcc, 0x29, 0x34, 0x10, 0x5c, 0xf4, 0xdb, 0xf7, 0x4a, 0xe6, 0x90, - 0x85, 0xcc, 0xd3, 0xec, 0x68, 0x3e, 0xd1, 0x2b, 0xbd, 0xd0, 0xbf, 0x32, 0x67, 0xdb, 0x9d, 0x3d, - 0x11, 0x90, 0x32, 0xbd, 0x75, 0xc0, 0x12, 0xb2, 0x65, 0xdf, 0xf6, 0xc3, 0x22, 0x13, 0xe1, 0x60, - 0x4a, 0x63, 0x92, 0x1c, 0x7b, 0x7c, 0x16, 0xaa, 0x82, 0xf0, 0x22, 0x22, 0xf1, 0x36, 0xea, 0xf1, - 0xbf, 0xa8, 0x64, 0x1e, 0x4b, 0x1a, 0x11, 0x4f, 0x04, 0x53, 0x12, 0xe1, 0xbf, 0x39, 0xf7, 0x7b, - 0x15, 0x5c, 0x3b, 0xcc, 0xee, 0x63, 0x7f, 0x04, 0x7b, 0x4a, 0x3f, 0xc6, 0x12, 0xb7, 0xac, 0xae, - 0xd5, 0x6b, 0x0e, 0xee, 0xc3, 0x4c, 0x0b, 0xcb, 0x5a, 0xc8, 0x67, 0xa1, 0x2a, 0x08, 0xa8, 0xd2, - 0x70, 0xd1, 0x87, 0x6f, 0x47, 0x8a, 0x7f, 0x4d, 0x24, 0xf6, 0xed, 0xe5, 0xaa, 0x53, 0x49, 0x57, - 0x1d, 0x50, 0xd4, 0x50, 0x6e, 0xb5, 0x11, 0xd8, 0x11, 0x9c, 0x04, 0xad, 0xaa, 0xb1, 0x5f, 0xa2, - 0xc5, 0xd0, 0x9c, 0xee, 0x3d, 0x27, 0x81, 0x7f, 0xdd, 0xd8, 0x77, 0xd4, 0x0a, 0x69, 0x97, 0x3d, - 0x04, 0xbb, 0x42, 0x62, 0x39, 0x17, 0xad, 0x9a, 0xb6, 0x0e, 0xae, 0x64, 0xd5, 0xa4, 0x7f, 0x60, - 0xbc, 0xbb, 0xd9, 0x1a, 0x19, 0xa3, 0xfb, 0xd3, 0x02, 0x4d, 0x93, 0x7c, 0x45, 0x85, 0xb4, 0x3f, - 0x5c, 0xe8, 0x10, 0xbc, 0x5c, 0x87, 0x14, 0xad, 0xfb, 0x73, 0xc3, 0xec, 0xb4, 0xb7, 0xa9, 0x94, - 0xba, 0xf3, 0x0e, 0xd4, 0xa9, 0x24, 0x91, 0x68, 0x55, 0xbb, 0xb5, 0x5e, 0x73, 0x70, 0xf7, 0x2a, - 0x17, 0xf1, 0xf7, 0x8d, 0xb8, 0xfe, 0x52, 0x29, 0x50, 0x66, 0x72, 0xcf, 0x2c, 0x70, 0x60, 0x12, - 0x88, 0x7c, 0x9e, 0x13, 0xf1, 0x3f, 0xa6, 0xfc, 0x08, 0x34, 0xc7, 0x54, 0xf0, 0x23, 0x7c, 0xfc, - 0x06, 0x47, 0x44, 0x0f, 0xbb, 0xe1, 0xdf, 0x34, 0x48, 0xf3, 0x59, 0xf1, 0x09, 0x95, 0x73, 0x1a, - 0x23, 0x22, 0x48, 0x28, 0x97, 0x94, 0xc5, 0x7a, 0x9a, 0x65, 0xac, 0xf8, 0x84, 0xca, 0x39, 0x17, - 0xe7, 0x23, 0x52, 0x8f, 0xc2, 0x46, 0x00, 0x4c, 0x68, 0x8c, 0x8f, 0xe8, 0x17, 0x92, 0x88, 0x96, - 0xd5, 0xad, 0xf5, 0x1a, 0xfe, 0x40, 0x1d, 0xf5, 0x79, 0x5e, 0x3d, 0x5f, 0x75, 0xba, 0x17, 0xff, - 0x88, 0x30, 0x0f, 0xe8, 0xa3, 0x95, 0x2c, 0xee, 0x0f, 0x0b, 0xec, 0xff, 0xf1, 0x60, 0xec, 0x17, - 0xa0, 0xce, 0xa7, 0x58, 0x10, 0xdd, 0xc1, 0x86, 0x3f, 0xd8, 0x34, 0xff, 0x50, 0x15, 0xcf, 0x57, - 0x9d, 0x5b, 0x5b, 0xfc, 0x4a, 0x2b, 0x38, 0x0e, 0x88, 0x0e, 0xa1, 0x4c, 0x60, 0x0f, 0x01, 0x08, - 0x58, 0x3c, 0xa6, 0xea, 0x2e, 0x9b, 0xc9, 0xdf, 0x29, 0x0d, 0x04, 0x2a, 0x1c, 0x96, 0xf1, 0xa7, - 0x9b, 0x78, 0x31, 0x86, 0xbc, 0x24, 0x50, 0xc9, 0xe6, 0xf7, 0x96, 0x6b, 0xa7, 0x72, 0xb2, 0x76, - 0x2a, 0xa7, 0x6b, 0xa7, 0xf2, 0x35, 0x75, 0xac, 0x65, 0xea, 0x58, 0x27, 0xa9, 0x63, 0x9d, 0xa6, - 0x8e, 0x75, 0x96, 0x3a, 0xd6, 0xb7, 0x5f, 0x4e, 0x65, 0x58, 0x5d, 0xf4, 0x7f, 0x07, 0x00, 0x00, - 0xff, 0xff, 0x0a, 0xd0, 0xf2, 0xe0, 0x22, 0x05, 0x00, 0x00, + // 573 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x94, 0x4d, 0x6f, 0xd3, 0x30, + 0x18, 0xc7, 0x9b, 0x6d, 0x1d, 0xab, 0xcb, 0x26, 0x14, 0x2e, 0x55, 0x0f, 0x69, 0xc9, 0x24, 0xd4, + 0x03, 0x38, 0xb4, 0xbc, 0x88, 0x73, 0x40, 0x88, 0x49, 0xbc, 0x0c, 0x73, 0xab, 0x38, 0xe0, 0xa6, + 0x6e, 0x6a, 0xba, 0xc4, 0x26, 0x76, 0x2b, 0x8d, 0x13, 0x1f, 0x81, 0x3b, 0x9f, 0x83, 0x2b, 0xe7, + 0x1e, 0x77, 0xdc, 0xa9, 0x5a, 0xc3, 0xb7, 0xd8, 0x09, 0xd9, 0x71, 0x93, 0xc0, 0x8a, 0xd4, 0x5d, + 0xb8, 0xd5, 0x4f, 0xfe, 0xbf, 0x9f, 0xed, 0xe7, 0x49, 0x03, 0x1e, 0x86, 0x54, 0x8e, 0xa7, 0x03, + 0x18, 0xb0, 0xc8, 0x63, 0x9c, 0xc4, 0x62, 0x4c, 0x47, 0xd2, 0xc3, 0x9c, 0x7a, 0x3c, 0x61, 0x9f, + 0x48, 0x20, 0xbd, 0x59, 0xd7, 0x0b, 0x49, 0x4c, 0x12, 0x2c, 0xc9, 0x10, 0xf2, 0x84, 0x49, 0x66, + 0x1f, 0x16, 0x10, 0xcc, 0x21, 0x88, 0x39, 0x85, 0x06, 0x82, 0xb3, 0x6e, 0xf3, 0x7e, 0xc9, 0x1c, + 0xb2, 0x90, 0x79, 0x9a, 0x1d, 0x4c, 0x47, 0x7a, 0xa5, 0x17, 0xfa, 0x57, 0xe6, 0x6c, 0xba, 0x93, + 0xa7, 0x02, 0x52, 0xa6, 0xb7, 0x0e, 0x58, 0x42, 0xd6, 0xec, 0xdb, 0x7c, 0x54, 0x64, 0x22, 0x1c, + 0x8c, 0x69, 0x4c, 0x92, 0x53, 0x8f, 0x4f, 0x42, 0x55, 0x10, 0x5e, 0x44, 0x24, 0x5e, 0x47, 0x3d, + 0xf9, 0x17, 0x95, 0x4c, 0x63, 0x49, 0x23, 0xe2, 0x89, 0x60, 0x4c, 0x22, 0xfc, 0x37, 0xe7, 0x7e, + 0xdf, 0x02, 0x37, 0x8e, 0xb3, 0xfb, 0xd8, 0x1f, 0xc1, 0x9e, 0xd2, 0x0f, 0xb1, 0xc4, 0x0d, 0xab, + 0x6d, 0x75, 0xea, 0xbd, 0x07, 0x30, 0xd3, 0xc2, 0xb2, 0x16, 0xf2, 0x49, 0xa8, 0x0a, 0x02, 0xaa, + 0x34, 0x9c, 0x75, 0xe1, 0xdb, 0x81, 0xe2, 0x5f, 0x13, 0x89, 0x7d, 0x7b, 0xbe, 0x68, 0x55, 0xd2, + 0x45, 0x0b, 0x14, 0x35, 0x94, 0x5b, 0x6d, 0x04, 0x76, 0x04, 0x27, 0x41, 0x63, 0xcb, 0xd8, 0x37, + 0x68, 0x31, 0x34, 0xa7, 0x7b, 0xcf, 0x49, 0xe0, 0xdf, 0x34, 0xf6, 0x1d, 0xb5, 0x42, 0xda, 0x65, + 0xf7, 0xc1, 0xae, 0x90, 0x58, 0x4e, 0x45, 0x63, 0x5b, 0x5b, 0x7b, 0xd7, 0xb2, 0x6a, 0xd2, 0x3f, + 0x30, 0xde, 0xdd, 0x6c, 0x8d, 0x8c, 0xd1, 0xfd, 0x69, 0x81, 0xba, 0x49, 0xbe, 0xa2, 0x42, 0xda, + 0x1f, 0xae, 0x74, 0x08, 0x6e, 0xd6, 0x21, 0x45, 0xeb, 0xfe, 0xdc, 0x32, 0x3b, 0xed, 0xad, 0x2a, + 0xa5, 0xee, 0xbc, 0x03, 0x55, 0x2a, 0x49, 0x24, 0x1a, 0x5b, 0xed, 0xed, 0x4e, 0xbd, 0x77, 0xef, + 0x3a, 0x17, 0xf1, 0xf7, 0x8d, 0xb8, 0x7a, 0xa4, 0x14, 0x28, 0x33, 0xb9, 0x17, 0x16, 0x38, 0x30, + 0x09, 0x44, 0x3e, 0x4f, 0x89, 0xf8, 0x1f, 0x53, 0x7e, 0x0c, 0xea, 0x43, 0x2a, 0xf8, 0x09, 0x3e, + 0x7d, 0x83, 0x23, 0xa2, 0x87, 0x5d, 0xf3, 0x6f, 0x1b, 0xa4, 0xfe, 0xbc, 0x78, 0x84, 0xca, 0x39, + 0x8d, 0x11, 0x11, 0x24, 0x94, 0x4b, 0xca, 0x62, 0x3d, 0xcd, 0x32, 0x56, 0x3c, 0x42, 0xe5, 0x9c, + 0x8b, 0xf3, 0x11, 0xa9, 0x97, 0xc2, 0x46, 0x00, 0x8c, 0x68, 0x8c, 0x4f, 0xe8, 0x17, 0x92, 0x88, + 0x86, 0xd5, 0xde, 0xee, 0xd4, 0xfc, 0x9e, 0x3a, 0xea, 0x8b, 0xbc, 0x7a, 0xb9, 0x68, 0xb5, 0xaf, + 0xfe, 0x11, 0x61, 0x1e, 0xd0, 0x47, 0x2b, 0x59, 0xdc, 0x1f, 0x16, 0xd8, 0xff, 0xe3, 0x85, 0xb1, + 0x5f, 0x82, 0x2a, 0x1f, 0x63, 0x41, 0x74, 0x07, 0x6b, 0x7e, 0x6f, 0xd5, 0xfc, 0x63, 0x55, 0xbc, + 0x5c, 0xb4, 0xee, 0xac, 0xf1, 0x2b, 0xad, 0xe0, 0x38, 0x20, 0x3a, 0x84, 0x32, 0x81, 0xdd, 0x07, + 0x20, 0x60, 0xf1, 0x90, 0xaa, 0xbb, 0xac, 0x26, 0x7f, 0xb7, 0x34, 0x10, 0xa8, 0x70, 0x58, 0xc6, + 0x9f, 0xad, 0xe2, 0xc5, 0x18, 0xf2, 0x92, 0x40, 0x25, 0x9b, 0x7f, 0x34, 0x5f, 0x3a, 0x95, 0xb3, + 0xa5, 0x53, 0x39, 0x5f, 0x3a, 0x95, 0xaf, 0xa9, 0x63, 0xcd, 0x53, 0xc7, 0x3a, 0x4b, 0x1d, 0xeb, + 0x3c, 0x75, 0xac, 0x8b, 0xd4, 0xb1, 0xbe, 0xfd, 0x72, 0x2a, 0xfd, 0xc3, 0x0d, 0xbe, 0x8e, 0xbf, + 0x03, 0x00, 0x00, 0xff, 0xff, 0xb3, 0x9b, 0x1f, 0xba, 0x43, 0x05, 0x00, 0x00, } func (m *Project) Marshal() (dAtA []byte, err error) { @@ -742,10 +742,7 @@ func (m *Project) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthGenerated - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthGenerated } if (iNdEx + skippy) > l { @@ -862,10 +859,7 @@ func (m *ProjectList) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthGenerated - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthGenerated } if (iNdEx + skippy) > l { @@ -1012,10 +1006,7 @@ func (m *ProjectRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthGenerated - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthGenerated } if (iNdEx + skippy) > l { @@ -1097,10 +1088,7 @@ func (m *ProjectSpec) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthGenerated - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthGenerated } if (iNdEx + skippy) > l { @@ -1216,10 +1204,7 @@ func (m *ProjectStatus) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthGenerated - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthGenerated } if (iNdEx + skippy) > l { @@ -1237,6 +1222,7 @@ func (m *ProjectStatus) Unmarshal(dAtA []byte) error { func skipGenerated(dAtA []byte) (n int, err error) { l := len(dAtA) iNdEx := 0 + depth := 0 for iNdEx < l { var wire uint64 for shift := uint(0); ; shift += 7 { @@ -1268,10 +1254,8 @@ func skipGenerated(dAtA []byte) (n int, err error) { break } } - return iNdEx, nil case 1: iNdEx += 8 - return iNdEx, nil case 2: var length int for shift := uint(0); ; shift += 7 { @@ -1292,55 +1276,30 @@ func skipGenerated(dAtA []byte) (n int, err error) { return 0, ErrInvalidLengthGenerated } iNdEx += length - if iNdEx < 0 { - return 0, ErrInvalidLengthGenerated - } - return iNdEx, nil case 3: - for { - var innerWire uint64 - var start int = iNdEx - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return 0, ErrIntOverflowGenerated - } - if iNdEx >= l { - return 0, io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - innerWire |= (uint64(b) & 0x7F) << shift - if b < 0x80 { - break - } - } - innerWireType := int(innerWire & 0x7) - if innerWireType == 4 { - break - } - next, err := skipGenerated(dAtA[start:]) - if err != nil { - return 0, err - } - iNdEx = start + next - if iNdEx < 0 { - return 0, ErrInvalidLengthGenerated - } - } - return iNdEx, nil + depth++ case 4: - return iNdEx, nil + if depth == 0 { + return 0, ErrUnexpectedEndOfGroupGenerated + } + depth-- case 5: iNdEx += 4 - return iNdEx, nil default: return 0, fmt.Errorf("proto: illegal wireType %d", wireType) } + if iNdEx < 0 { + return 0, ErrInvalidLengthGenerated + } + if depth == 0 { + return iNdEx, nil + } } - panic("unreachable") + return 0, io.ErrUnexpectedEOF } var ( - ErrInvalidLengthGenerated = fmt.Errorf("proto: negative length found during unmarshaling") - ErrIntOverflowGenerated = fmt.Errorf("proto: integer overflow") + ErrInvalidLengthGenerated = fmt.Errorf("proto: negative length found during unmarshaling") + ErrIntOverflowGenerated = fmt.Errorf("proto: integer overflow") + ErrUnexpectedEndOfGroupGenerated = fmt.Errorf("proto: unexpected end of group") ) diff --git a/vendor/github.com/openshift/api/project/v1/generated.proto b/vendor/github.com/openshift/api/project/v1/generated.proto index dec0f1e4b4..5f0691e7d3 100644 --- a/vendor/github.com/openshift/api/project/v1/generated.proto +++ b/vendor/github.com/openshift/api/project/v1/generated.proto @@ -1,7 +1,7 @@ // This file was autogenerated by go-to-protobuf. Do not edit it manually! -syntax = 'proto2'; +syntax = "proto2"; package github.com.openshift.api.project.v1; @@ -10,7 +10,7 @@ import "k8s.io/apimachinery/pkg/apis/meta/v1/generated.proto"; import "k8s.io/apimachinery/pkg/runtime/schema/generated.proto"; // Package-wide variables from generator "generated". -option go_package = "v1"; +option go_package = "github.com/openshift/api/project/v1"; // Projects are the unit of isolation and collaboration in OpenShift. A project has one or more members, // a quota on the resources that the project may consume, and the security controls on the resources in @@ -24,29 +24,36 @@ option go_package = "v1"; // An OpenShift project is an alternative representation of a Kubernetes namespace. Projects are exposed // as editable to end users while namespaces are not. Direct creation of a project is typically restricted // to administrators, while end users should use the requestproject resource. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message Project { - // Standard object's metadata. optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; // Spec defines the behavior of the Namespace. optional ProjectSpec spec = 2; // Status describes the current status of a Namespace + // +optional optional ProjectStatus status = 3; } // ProjectList is a list of Project objects. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message ProjectList { - // Standard object's metadata. optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; // Items is the list of projects repeated Project items = 2; } -// ProjecRequest is the set of options necessary to fully qualify a project request +// ProjectRequest is the set of options necessary to fully qualify a project request +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message ProjectRequest { - // Standard object's metadata. optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; // DisplayName is the display name to apply to a project diff --git a/vendor/github.com/openshift/api/project/v1/types.go b/vendor/github.com/openshift/api/project/v1/types.go index 51829507af..87bedcf487 100644 --- a/vendor/github.com/openshift/api/project/v1/types.go +++ b/vendor/github.com/openshift/api/project/v1/types.go @@ -8,10 +8,13 @@ import ( // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // ProjectList is a list of Project objects. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type ProjectList struct { metav1.TypeMeta `json:",inline"` - // Standard object's metadata. metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` + // Items is the list of projects Items []Project `json:"items" protobuf:"bytes,2,rep,name=items"` } @@ -63,15 +66,18 @@ type ProjectStatus struct { // An OpenShift project is an alternative representation of a Kubernetes namespace. Projects are exposed // as editable to end users while namespaces are not. Direct creation of a project is typically restricted // to administrators, while end users should use the requestproject resource. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type Project struct { - metav1.TypeMeta `json:",inline"` - // Standard object's metadata. + metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` // Spec defines the behavior of the Namespace. Spec ProjectSpec `json:"spec,omitempty" protobuf:"bytes,2,opt,name=spec"` // Status describes the current status of a Namespace + // +optional Status ProjectStatus `json:"status,omitempty" protobuf:"bytes,3,opt,name=status"` } @@ -81,11 +87,14 @@ type Project struct { // +genclient:skipVerbs=get,list,create,update,patch,delete,deleteCollection,watch // +genclient:method=Create,verb=create,result=Project -// ProjecRequest is the set of options necessary to fully qualify a project request +// ProjectRequest is the set of options necessary to fully qualify a project request +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type ProjectRequest struct { - metav1.TypeMeta `json:",inline"` - // Standard object's metadata. + metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` + // DisplayName is the display name to apply to a project DisplayName string `json:"displayName,omitempty" protobuf:"bytes,2,opt,name=displayName"` // Description is the description to apply to a project diff --git a/vendor/github.com/openshift/api/project/v1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/project/v1/zz_generated.deepcopy.go index 763383030f..ddbdda971d 100644 --- a/vendor/github.com/openshift/api/project/v1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/project/v1/zz_generated.deepcopy.go @@ -1,3 +1,4 @@ +//go:build !ignore_autogenerated // +build !ignore_autogenerated // Code generated by deepcopy-gen. DO NOT EDIT. diff --git a/vendor/github.com/openshift/api/project/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/project/v1/zz_generated.swagger_doc_generated.go index 295892251a..03f74cec3b 100644 --- a/vendor/github.com/openshift/api/project/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/project/v1/zz_generated.swagger_doc_generated.go @@ -12,10 +12,9 @@ package v1 // AUTO-GENERATED FUNCTIONS START HERE var map_Project = map[string]string{ - "": "Projects are the unit of isolation and collaboration in OpenShift. A project has one or more members, a quota on the resources that the project may consume, and the security controls on the resources in the project. Within a project, members may have different roles - project administrators can set membership, editors can create and manage the resources, and viewers can see but not access running containers. In a normal cluster project administrators are not able to alter their quotas - that is restricted to cluster administrators.\n\nListing or watching projects will return only projects the user has the reader role on.\n\nAn OpenShift project is an alternative representation of a Kubernetes namespace. Projects are exposed as editable to end users while namespaces are not. Direct creation of a project is typically restricted to administrators, while end users should use the requestproject resource.", - "metadata": "Standard object's metadata.", - "spec": "Spec defines the behavior of the Namespace.", - "status": "Status describes the current status of a Namespace", + "": "Projects are the unit of isolation and collaboration in OpenShift. A project has one or more members, a quota on the resources that the project may consume, and the security controls on the resources in the project. Within a project, members may have different roles - project administrators can set membership, editors can create and manage the resources, and viewers can see but not access running containers. In a normal cluster project administrators are not able to alter their quotas - that is restricted to cluster administrators.\n\nListing or watching projects will return only projects the user has the reader role on.\n\nAn OpenShift project is an alternative representation of a Kubernetes namespace. Projects are exposed as editable to end users while namespaces are not. Direct creation of a project is typically restricted to administrators, while end users should use the requestproject resource.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "spec": "Spec defines the behavior of the Namespace.", + "status": "Status describes the current status of a Namespace", } func (Project) SwaggerDoc() map[string]string { @@ -23,9 +22,8 @@ func (Project) SwaggerDoc() map[string]string { } var map_ProjectList = map[string]string{ - "": "ProjectList is a list of Project objects.", - "metadata": "Standard object's metadata.", - "items": "Items is the list of projects", + "": "ProjectList is a list of Project objects.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "items": "Items is the list of projects", } func (ProjectList) SwaggerDoc() map[string]string { @@ -33,8 +31,7 @@ func (ProjectList) SwaggerDoc() map[string]string { } var map_ProjectRequest = map[string]string{ - "": "ProjecRequest is the set of options necessary to fully qualify a project request", - "metadata": "Standard object's metadata.", + "": "ProjectRequest is the set of options necessary to fully qualify a project request\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "displayName": "DisplayName is the display name to apply to a project", "description": "Description is the description to apply to a project", } diff --git a/vendor/github.com/openshift/api/route/v1/Makefile b/vendor/github.com/openshift/api/route/v1/Makefile new file mode 100644 index 0000000000..0e60576207 --- /dev/null +++ b/vendor/github.com/openshift/api/route/v1/Makefile @@ -0,0 +1,3 @@ +.PHONY: test +test: + make -C ../../tests test GINKGO_EXTRA_ARGS=--focus="route.openshift.io/v1" diff --git a/vendor/github.com/openshift/api/route/v1/generated.pb.go b/vendor/github.com/openshift/api/route/v1/generated.pb.go index 38543a90fd..c80012bc30 100644 --- a/vendor/github.com/openshift/api/route/v1/generated.pb.go +++ b/vendor/github.com/openshift/api/route/v1/generated.pb.go @@ -28,7 +28,7 @@ var _ = math.Inf // is compatible with the proto package it is being compiled against. // A compilation error at this line likely means your copy of the // proto package needs to be updated. -const _ = proto.GoGoProtoPackageIsVersion2 // please upgrade the proto package +const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package func (m *Route) Reset() { *m = Route{} } func (*Route) ProtoMessage() {} @@ -328,80 +328,80 @@ func init() { } var fileDescriptor_373b8fa7ff738721 = []byte{ - // 1163 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xa4, 0x55, 0x4f, 0x6f, 0x1b, 0x45, - 0x14, 0xcf, 0xfa, 0x5f, 0xe2, 0x71, 0x1b, 0xc8, 0x40, 0xa9, 0x1b, 0x29, 0x76, 0xba, 0x07, 0x94, - 0xa2, 0xb2, 0x4b, 0x42, 0x81, 0x4a, 0x88, 0x43, 0x9d, 0x22, 0x48, 0xe3, 0xa4, 0xd1, 0xd8, 0xa2, - 0xa2, 0xea, 0x81, 0xc9, 0xee, 0x78, 0x3d, 0xd8, 0x9e, 0x5d, 0x66, 0xc6, 0x29, 0xbe, 0xa0, 0x4a, - 0x7c, 0x81, 0xf2, 0x6d, 0xb8, 0x73, 0xc9, 0xb1, 0xc7, 0x1e, 0x90, 0x45, 0xcc, 0x91, 0x6f, 0x90, - 0x13, 0x9a, 0xd9, 0xb1, 0x77, 0xed, 0x38, 0xa9, 0x0b, 0xb7, 0xdd, 0xf7, 0x7e, 0xbf, 0xdf, 0x7b, - 0xf3, 0xde, 0x9b, 0x37, 0x60, 0x3b, 0xa0, 0xb2, 0xdd, 0x3f, 0x76, 0xbc, 0xb0, 0xe7, 0x86, 0x11, - 0x61, 0xa2, 0x4d, 0x5b, 0xd2, 0xc5, 0x11, 0x75, 0x79, 0xd8, 0x97, 0xc4, 0x3d, 0xd9, 0x76, 0x03, - 0xc2, 0x08, 0xc7, 0x92, 0xf8, 0x4e, 0xc4, 0x43, 0x19, 0xc2, 0xdb, 0x09, 0xc5, 0x99, 0x50, 0x1c, - 0x1c, 0x51, 0x47, 0x53, 0x9c, 0x93, 0xed, 0xf5, 0x8f, 0x53, 0xaa, 0x41, 0x18, 0x84, 0xae, 0x66, - 0x1e, 0xf7, 0x5b, 0xfa, 0x4f, 0xff, 0xe8, 0xaf, 0x58, 0x71, 0xdd, 0xee, 0xdc, 0x17, 0x0e, 0x0d, - 0x75, 0x58, 0x2f, 0xe4, 0xf3, 0xa2, 0xae, 0xdf, 0x4b, 0x30, 0x3d, 0xec, 0xb5, 0x29, 0x23, 0x7c, - 0xe0, 0x46, 0x9d, 0x40, 0x19, 0x84, 0xdb, 0x23, 0x12, 0xcf, 0x63, 0x7d, 0x7e, 0x19, 0x8b, 0xf7, - 0x99, 0xa4, 0x3d, 0xe2, 0x0a, 0xaf, 0x4d, 0x7a, 0xf8, 0x02, 0xef, 0xd3, 0xcb, 0x78, 0x7d, 0x49, - 0xbb, 0x2e, 0x65, 0x52, 0x48, 0x3e, 0x4b, 0xb2, 0x7f, 0xcb, 0x80, 0x3c, 0x52, 0x25, 0x80, 0x3f, - 0x80, 0x15, 0x95, 0x91, 0x8f, 0x25, 0x2e, 0x5b, 0x9b, 0xd6, 0x56, 0x69, 0xe7, 0x13, 0x27, 0x56, - 0x74, 0xd2, 0x8a, 0x4e, 0xd4, 0x09, 0x94, 0x41, 0x38, 0x0a, 0xed, 0x9c, 0x6c, 0x3b, 0x8f, 0x8f, - 0x7f, 0x24, 0x9e, 0x3c, 0x20, 0x12, 0xd7, 0xe0, 0xe9, 0xb0, 0xba, 0x34, 0x1a, 0x56, 0x41, 0x62, - 0x43, 0x13, 0x55, 0x78, 0x08, 0x72, 0x22, 0x22, 0x5e, 0x39, 0xa3, 0xd5, 0xef, 0x3a, 0x6f, 0xec, - 0x89, 0xa3, 0x33, 0x6b, 0x44, 0xc4, 0xab, 0x5d, 0x33, 0xca, 0x39, 0xf5, 0x87, 0xb4, 0x0e, 0xfc, - 0x0e, 0x14, 0x84, 0xc4, 0xb2, 0x2f, 0xca, 0x59, 0xad, 0xe8, 0x2c, 0xac, 0xa8, 0x59, 0xb5, 0x55, - 0xa3, 0x59, 0x88, 0xff, 0x91, 0x51, 0xb3, 0x7f, 0xcd, 0x82, 0x6b, 0x1a, 0xb7, 0xc7, 0x02, 0x4e, - 0x84, 0x80, 0x9b, 0x20, 0xd7, 0x0e, 0x85, 0xd4, 0x65, 0x29, 0x26, 0xa9, 0x7c, 0x1b, 0x0a, 0x89, - 0xb4, 0x07, 0xee, 0x00, 0xa0, 0x43, 0xf0, 0x43, 0xdc, 0x23, 0xfa, 0x80, 0xc5, 0xa4, 0x18, 0x68, - 0xe2, 0x41, 0x29, 0x14, 0xec, 0x02, 0xe0, 0x85, 0xcc, 0xa7, 0x92, 0x86, 0x4c, 0x1d, 0x21, 0xbb, - 0x55, 0xda, 0xb9, 0xbf, 0xe8, 0x11, 0x4c, 0x6a, 0xbb, 0x63, 0x81, 0x24, 0xda, 0xc4, 0x24, 0x50, - 0x4a, 0x1f, 0x36, 0xc1, 0xea, 0x73, 0xda, 0xf5, 0x3d, 0xcc, 0xfd, 0xa3, 0xb0, 0x4b, 0xbd, 0x41, - 0x39, 0xa7, 0xb3, 0xbc, 0x6b, 0x78, 0xab, 0x4f, 0xa6, 0xbc, 0xe7, 0xc3, 0x2a, 0x9c, 0xb6, 0x34, - 0x07, 0x11, 0x41, 0x33, 0x1a, 0xf0, 0x7b, 0x70, 0x33, 0x3e, 0xd1, 0x2e, 0x66, 0x21, 0xa3, 0x1e, - 0xee, 0xaa, 0xa2, 0x30, 0x55, 0x84, 0xbc, 0x96, 0xaf, 0x1a, 0xf9, 0x9b, 0x68, 0x3e, 0x0c, 0x5d, - 0xc6, 0xb7, 0xff, 0xc9, 0x80, 0x1b, 0x73, 0x8f, 0x0a, 0xbf, 0x02, 0x39, 0x39, 0x88, 0x88, 0x69, - 0xc7, 0x9d, 0x71, 0x3b, 0x54, 0x82, 0xe7, 0xc3, 0xea, 0xad, 0xb9, 0x24, 0x9d, 0xbd, 0xa6, 0xc1, - 0xfa, 0x64, 0x6c, 0xe2, 0x3e, 0xdd, 0x9b, 0x1e, 0x83, 0xf3, 0x61, 0x75, 0xce, 0xdd, 0x76, 0x26, - 0x4a, 0xd3, 0xc3, 0x02, 0x3f, 0x04, 0x05, 0x4e, 0xb0, 0x08, 0x99, 0x1e, 0xc2, 0x62, 0x32, 0x54, - 0x48, 0x5b, 0x91, 0xf1, 0xc2, 0x3b, 0x60, 0xb9, 0x47, 0x84, 0xc0, 0x01, 0x31, 0x85, 0x7f, 0xc7, - 0x00, 0x97, 0x0f, 0x62, 0x33, 0x1a, 0xfb, 0x21, 0x07, 0xb0, 0x8b, 0x85, 0x6c, 0x72, 0xcc, 0x44, - 0x9c, 0x3c, 0x35, 0xf5, 0x2c, 0xed, 0x7c, 0xb4, 0xd8, 0x9d, 0x54, 0x8c, 0xda, 0x07, 0xa3, 0x61, - 0x15, 0xd6, 0x2f, 0x28, 0xa1, 0x39, 0xea, 0xf6, 0xef, 0x16, 0x28, 0xea, 0xc2, 0xd5, 0xa9, 0x90, - 0xf0, 0xd9, 0x85, 0x5d, 0xe0, 0x2c, 0x16, 0x57, 0xb1, 0xf5, 0x26, 0x78, 0xd7, 0x9c, 0x6e, 0x65, - 0x6c, 0x49, 0xed, 0x81, 0x03, 0x90, 0xa7, 0x92, 0xf4, 0x54, 0xfd, 0xd5, 0xcc, 0x6f, 0x2d, 0x3a, - 0xf3, 0xb5, 0xeb, 0x46, 0x34, 0xbf, 0xa7, 0xe8, 0x28, 0x56, 0xb1, 0x7f, 0x32, 0x99, 0x1f, 0x85, - 0x5c, 0x42, 0x1f, 0x00, 0x89, 0x79, 0x40, 0xa4, 0xfa, 0x7b, 0xe3, 0x1e, 0x53, 0x9b, 0xd1, 0x89, - 0x37, 0xa3, 0xb3, 0xc7, 0xe4, 0x63, 0xde, 0x90, 0x9c, 0xb2, 0x20, 0xb9, 0x4c, 0xcd, 0x89, 0x16, - 0x4a, 0xe9, 0xda, 0x7f, 0xe4, 0x4c, 0x4c, 0xb5, 0x8d, 0x16, 0x58, 0x0f, 0x2e, 0x28, 0x8a, 0xfe, - 0xb1, 0x1f, 0xf6, 0x30, 0x65, 0xe5, 0x15, 0x0d, 0x5b, 0x33, 0xb0, 0x62, 0x63, 0xec, 0x40, 0x09, - 0x46, 0x49, 0x46, 0x58, 0xb6, 0xcd, 0x84, 0x4e, 0x24, 0x8f, 0xb0, 0x6c, 0x23, 0xed, 0x81, 0x0d, - 0x90, 0x91, 0xa1, 0x59, 0x7c, 0x5f, 0x2c, 0x5a, 0xc1, 0xf8, 0x38, 0x88, 0xb4, 0x08, 0x27, 0xcc, - 0x23, 0x35, 0x60, 0x84, 0x33, 0xcd, 0x10, 0x65, 0x64, 0x08, 0x5f, 0x58, 0x60, 0x0d, 0x77, 0x25, - 0xe1, 0x0c, 0x4b, 0x52, 0xc3, 0x5e, 0x87, 0x30, 0x5f, 0x94, 0x73, 0xba, 0x4d, 0xff, 0x39, 0xc8, - 0x2d, 0x13, 0x64, 0xed, 0xc1, 0xac, 0x32, 0xba, 0x18, 0x0c, 0x3e, 0x02, 0xb9, 0x48, 0xb5, 0x2e, - 0xff, 0x76, 0x8f, 0x84, 0x6a, 0x4b, 0x6d, 0x45, 0xd7, 0x48, 0x35, 0x4b, 0x6b, 0xc0, 0x6f, 0x40, - 0x56, 0x76, 0x45, 0xb9, 0xb0, 0xb0, 0x54, 0xb3, 0xde, 0xd8, 0x0d, 0x59, 0x8b, 0x06, 0xb5, 0xe5, - 0xd1, 0xb0, 0x9a, 0x6d, 0xd6, 0x1b, 0x48, 0x29, 0xcc, 0x59, 0x9e, 0xcb, 0xff, 0x7f, 0x79, 0xda, - 0x14, 0x94, 0x52, 0xcf, 0x11, 0x7c, 0x0a, 0x96, 0x69, 0xbc, 0xb5, 0xca, 0x96, 0xae, 0xb8, 0xfb, - 0x96, 0x8f, 0x41, 0xb2, 0x52, 0x8c, 0x01, 0x8d, 0x05, 0xed, 0x5f, 0xc0, 0xfb, 0xf3, 0x7a, 0xa3, - 0xe6, 0xac, 0x43, 0x99, 0x3f, 0x3b, 0xba, 0xfb, 0x94, 0xf9, 0x48, 0x7b, 0x14, 0x82, 0x25, 0x6f, - 0xda, 0x04, 0xa1, 0x5f, 0x33, 0xed, 0x81, 0x36, 0x28, 0x3c, 0x27, 0x34, 0x68, 0x4b, 0x3d, 0x8d, - 0xf9, 0x1a, 0x50, 0xdb, 0xef, 0x89, 0xb6, 0x20, 0xe3, 0xb1, 0x43, 0x73, 0x54, 0xde, 0x68, 0x63, - 0xee, 0xeb, 0xfb, 0xa0, 0x3e, 0xf4, 0x6b, 0x69, 0xcd, 0xdc, 0x87, 0xb1, 0x03, 0x25, 0x18, 0x45, - 0xf0, 0x99, 0x68, 0xf4, 0x5b, 0x2d, 0xfa, 0xb3, 0x49, 0x65, 0x42, 0x78, 0x78, 0xd8, 0x88, 0x1d, - 0x28, 0xc1, 0xd8, 0x7f, 0x66, 0x41, 0x71, 0xd2, 0x4d, 0xb8, 0x0f, 0x4a, 0x92, 0xf0, 0x1e, 0x65, - 0x58, 0x2d, 0xbc, 0x99, 0x87, 0xa3, 0xd4, 0x4c, 0x5c, 0xaa, 0x73, 0xcd, 0x7a, 0x23, 0x65, 0xd1, - 0x9d, 0x4b, 0xb3, 0xe1, 0x67, 0xa0, 0xe4, 0x11, 0x2e, 0x69, 0x8b, 0x7a, 0x58, 0x8e, 0x0b, 0xf3, - 0xde, 0x58, 0x6c, 0x37, 0x71, 0xa1, 0x34, 0x0e, 0x6e, 0x80, 0x6c, 0x87, 0x0c, 0xcc, 0x2b, 0x51, - 0x32, 0xf0, 0xec, 0x3e, 0x19, 0x20, 0x65, 0x87, 0x5f, 0x82, 0xeb, 0x1e, 0x4e, 0x91, 0xcd, 0x2b, - 0x71, 0xc3, 0x00, 0xaf, 0xef, 0x3e, 0x48, 0x2b, 0x4f, 0x63, 0xe1, 0x33, 0x50, 0xf6, 0x89, 0x90, - 0x26, 0xc3, 0x29, 0xa8, 0x79, 0x87, 0x37, 0x8d, 0x4e, 0xf9, 0xe1, 0x25, 0x38, 0x74, 0xa9, 0x02, - 0x7c, 0x69, 0x81, 0x0d, 0xca, 0x04, 0xf1, 0xfa, 0x9c, 0x7c, 0xed, 0x07, 0x24, 0x55, 0x1d, 0x73, - 0x1b, 0x0a, 0x3a, 0xc6, 0x23, 0x13, 0x63, 0x63, 0xef, 0x2a, 0xf0, 0xf9, 0xb0, 0x7a, 0xfb, 0x4a, - 0x80, 0xae, 0xf8, 0xd5, 0x01, 0x6b, 0x5b, 0xa7, 0x67, 0x95, 0xa5, 0x57, 0x67, 0x95, 0xa5, 0xd7, - 0x67, 0x95, 0xa5, 0x17, 0xa3, 0x8a, 0x75, 0x3a, 0xaa, 0x58, 0xaf, 0x46, 0x15, 0xeb, 0xf5, 0xa8, - 0x62, 0xfd, 0x35, 0xaa, 0x58, 0x2f, 0xff, 0xae, 0x2c, 0x3d, 0xcd, 0x9c, 0x6c, 0xff, 0x1b, 0x00, - 0x00, 0xff, 0xff, 0x26, 0x8b, 0x83, 0xf6, 0x2d, 0x0c, 0x00, 0x00, + // 1168 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xa4, 0x57, 0xcf, 0x6f, 0x1b, 0xc5, + 0x17, 0xcf, 0xfa, 0x57, 0xe2, 0x71, 0xdb, 0xef, 0xb7, 0x03, 0xa5, 0x6e, 0xa4, 0xd8, 0xc9, 0x1e, + 0x50, 0x8a, 0xca, 0x2e, 0x09, 0x05, 0x2a, 0x21, 0x0e, 0x75, 0x8a, 0x4a, 0x1a, 0x27, 0x8d, 0xc6, + 0x16, 0x15, 0x55, 0x0f, 0x4c, 0x76, 0xc7, 0xeb, 0xc1, 0xf6, 0xec, 0x32, 0x33, 0x4e, 0xf1, 0x05, + 0x55, 0xe2, 0x1f, 0x28, 0xff, 0x0d, 0x77, 0x2e, 0x39, 0xf6, 0xd8, 0x03, 0xb2, 0x88, 0x39, 0xf2, + 0x1f, 0xe4, 0x84, 0x66, 0x76, 0xec, 0x5d, 0x3b, 0x4e, 0xe2, 0xc2, 0xcd, 0xfb, 0xde, 0xe7, 0xf3, + 0x79, 0x6f, 0xde, 0x7b, 0xf3, 0x46, 0x06, 0x5b, 0x01, 0x95, 0xed, 0xfe, 0x91, 0xe3, 0x85, 0x3d, + 0x37, 0x8c, 0x08, 0x13, 0x6d, 0xda, 0x92, 0x2e, 0x8e, 0xa8, 0xcb, 0xc3, 0xbe, 0x24, 0xee, 0xf1, + 0x96, 0x1b, 0x10, 0x46, 0x38, 0x96, 0xc4, 0x77, 0x22, 0x1e, 0xca, 0x10, 0x6e, 0x24, 0x14, 0x67, + 0x42, 0x71, 0x70, 0x44, 0x1d, 0x4d, 0x71, 0x8e, 0xb7, 0x56, 0x3f, 0x4e, 0xa9, 0x06, 0x61, 0x10, + 0xba, 0x9a, 0x79, 0xd4, 0x6f, 0xe9, 0x2f, 0xfd, 0xa1, 0x7f, 0xc5, 0x8a, 0xab, 0x76, 0xe7, 0x81, + 0x70, 0x68, 0xa8, 0xc3, 0x7a, 0x21, 0x9f, 0x17, 0x75, 0xf5, 0x7e, 0x82, 0xe9, 0x61, 0xaf, 0x4d, + 0x19, 0xe1, 0x03, 0x37, 0xea, 0x04, 0xca, 0x20, 0xdc, 0x1e, 0x91, 0x78, 0x1e, 0xeb, 0xf3, 0x8b, + 0x58, 0xbc, 0xcf, 0x24, 0xed, 0x11, 0x57, 0x78, 0x6d, 0xd2, 0xc3, 0xe7, 0x78, 0x9f, 0x5e, 0xc4, + 0xeb, 0x4b, 0xda, 0x75, 0x29, 0x93, 0x42, 0xf2, 0x59, 0x92, 0xfd, 0x6b, 0x06, 0xe4, 0x91, 0x2a, + 0x01, 0xfc, 0x1e, 0xac, 0xa8, 0x8c, 0x7c, 0x2c, 0x71, 0xd9, 0x5a, 0xb7, 0x36, 0x4b, 0xdb, 0x9f, + 0x38, 0xb1, 0xa2, 0x93, 0x56, 0x74, 0xa2, 0x4e, 0xa0, 0x0c, 0xc2, 0x51, 0x68, 0xe7, 0x78, 0xcb, + 0x79, 0x7a, 0xf4, 0x03, 0xf1, 0xe4, 0x3e, 0x91, 0xb8, 0x06, 0x4f, 0x86, 0xd5, 0xa5, 0xd1, 0xb0, + 0x0a, 0x12, 0x1b, 0x9a, 0xa8, 0xc2, 0x03, 0x90, 0x13, 0x11, 0xf1, 0xca, 0x19, 0xad, 0x7e, 0xcf, + 0xb9, 0xb2, 0x27, 0x8e, 0xce, 0xac, 0x11, 0x11, 0xaf, 0x76, 0xcd, 0x28, 0xe7, 0xd4, 0x17, 0xd2, + 0x3a, 0xf0, 0x5b, 0x50, 0x10, 0x12, 0xcb, 0xbe, 0x28, 0x67, 0xb5, 0xa2, 0xb3, 0xb0, 0xa2, 0x66, + 0xd5, 0x6e, 0x18, 0xcd, 0x42, 0xfc, 0x8d, 0x8c, 0x9a, 0xfd, 0x4b, 0x16, 0x5c, 0xd3, 0xb8, 0x5d, + 0x16, 0x70, 0x22, 0x04, 0x5c, 0x07, 0xb9, 0x76, 0x28, 0xa4, 0x2e, 0x4b, 0x31, 0x49, 0xe5, 0x9b, + 0x50, 0x48, 0xa4, 0x3d, 0x70, 0x1b, 0x00, 0x1d, 0x82, 0x1f, 0xe0, 0x1e, 0xd1, 0x07, 0x2c, 0x26, + 0xc5, 0x40, 0x13, 0x0f, 0x4a, 0xa1, 0x60, 0x17, 0x00, 0x2f, 0x64, 0x3e, 0x95, 0x34, 0x64, 0xea, + 0x08, 0xd9, 0xcd, 0xd2, 0xf6, 0x83, 0x45, 0x8f, 0x60, 0x52, 0xdb, 0x19, 0x0b, 0x24, 0xd1, 0x26, + 0x26, 0x81, 0x52, 0xfa, 0xb0, 0x09, 0x6e, 0xbc, 0xa4, 0x5d, 0xdf, 0xc3, 0xdc, 0x3f, 0x0c, 0xbb, + 0xd4, 0x1b, 0x94, 0x73, 0x3a, 0xcb, 0x7b, 0x86, 0x77, 0xe3, 0xd9, 0x94, 0xf7, 0x6c, 0x58, 0x85, + 0xd3, 0x96, 0xe6, 0x20, 0x22, 0x68, 0x46, 0x03, 0x7e, 0x07, 0x6e, 0xc7, 0x27, 0xda, 0xc1, 0x2c, + 0x64, 0xd4, 0xc3, 0x5d, 0x55, 0x14, 0xa6, 0x8a, 0x90, 0xd7, 0xf2, 0x55, 0x23, 0x7f, 0x1b, 0xcd, + 0x87, 0xa1, 0x8b, 0xf8, 0xf6, 0xdf, 0x19, 0x70, 0x6b, 0xee, 0x51, 0xe1, 0x57, 0x20, 0x27, 0x07, + 0x11, 0x31, 0xed, 0xb8, 0x3b, 0x6e, 0x87, 0x4a, 0xf0, 0x6c, 0x58, 0xbd, 0x33, 0x97, 0xa4, 0xb3, + 0xd7, 0x34, 0x58, 0x9f, 0x8c, 0x4d, 0xdc, 0xa7, 0xfb, 0xd3, 0x63, 0x70, 0x36, 0xac, 0xce, 0xb9, + 0xdb, 0xce, 0x44, 0x69, 0x7a, 0x58, 0xe0, 0x87, 0xa0, 0xc0, 0x09, 0x16, 0x21, 0xd3, 0x43, 0x58, + 0x4c, 0x86, 0x0a, 0x69, 0x2b, 0x32, 0x5e, 0x78, 0x17, 0x2c, 0xf7, 0x88, 0x10, 0x38, 0x20, 0xa6, + 0xf0, 0xff, 0x33, 0xc0, 0xe5, 0xfd, 0xd8, 0x8c, 0xc6, 0x7e, 0xc8, 0x01, 0xec, 0x62, 0x21, 0x9b, + 0x1c, 0x33, 0x11, 0x27, 0x4f, 0x4d, 0x3d, 0x4b, 0xdb, 0x1f, 0x2d, 0x76, 0x27, 0x15, 0xa3, 0xf6, + 0xc1, 0x68, 0x58, 0x85, 0xf5, 0x73, 0x4a, 0x68, 0x8e, 0xba, 0xfd, 0x9b, 0x05, 0x8a, 0xba, 0x70, + 0x75, 0x2a, 0x24, 0x7c, 0x71, 0x6e, 0x17, 0x38, 0x8b, 0xc5, 0x55, 0x6c, 0xbd, 0x09, 0xfe, 0x6f, + 0x4e, 0xb7, 0x32, 0xb6, 0xa4, 0xf6, 0xc0, 0x3e, 0xc8, 0x53, 0x49, 0x7a, 0xaa, 0xfe, 0x6a, 0xe6, + 0x37, 0x17, 0x9d, 0xf9, 0xda, 0x75, 0x23, 0x9a, 0xdf, 0x55, 0x74, 0x14, 0xab, 0xd8, 0x3f, 0x9a, + 0xcc, 0x0f, 0x43, 0x2e, 0xa1, 0x0f, 0x80, 0xc4, 0x3c, 0x20, 0x52, 0x7d, 0x5d, 0xb9, 0xc7, 0xd4, + 0x66, 0x74, 0xe2, 0xcd, 0xe8, 0xec, 0x32, 0xf9, 0x94, 0x37, 0x24, 0xa7, 0x2c, 0x48, 0x2e, 0x53, + 0x73, 0xa2, 0x85, 0x52, 0xba, 0xf6, 0xef, 0x39, 0x13, 0x53, 0x6d, 0xa3, 0x05, 0xd6, 0x83, 0x0b, + 0x8a, 0xa2, 0x7f, 0xe4, 0x87, 0x3d, 0x4c, 0x59, 0x79, 0x45, 0xc3, 0x6e, 0x1a, 0x58, 0xb1, 0x31, + 0x76, 0xa0, 0x04, 0xa3, 0x24, 0x23, 0x2c, 0xdb, 0x66, 0x42, 0x27, 0x92, 0x87, 0x58, 0xb6, 0x91, + 0xf6, 0xc0, 0x06, 0xc8, 0xc8, 0xd0, 0x2c, 0xbe, 0x2f, 0x16, 0xad, 0x60, 0x7c, 0x1c, 0x44, 0x5a, + 0x84, 0x13, 0xe6, 0x91, 0x1a, 0x30, 0xc2, 0x99, 0x66, 0x88, 0x32, 0x32, 0x84, 0xaf, 0x2c, 0x70, + 0x13, 0x77, 0x25, 0xe1, 0x0c, 0x4b, 0x52, 0xc3, 0x5e, 0x87, 0x30, 0x5f, 0x94, 0x73, 0xba, 0x4d, + 0xff, 0x3a, 0xc8, 0x1d, 0x13, 0xe4, 0xe6, 0xc3, 0x59, 0x65, 0x74, 0x3e, 0x18, 0x7c, 0x02, 0x72, + 0x91, 0x6a, 0x5d, 0xfe, 0xdd, 0x1e, 0x09, 0xd5, 0x96, 0xda, 0x8a, 0xae, 0x91, 0x6a, 0x96, 0xd6, + 0x80, 0x8f, 0x41, 0x56, 0x76, 0x45, 0xb9, 0xb0, 0xb0, 0x54, 0xb3, 0xde, 0xd8, 0x09, 0x59, 0x8b, + 0x06, 0xb5, 0xe5, 0xd1, 0xb0, 0x9a, 0x6d, 0xd6, 0x1b, 0x48, 0x29, 0xcc, 0x59, 0x9e, 0xcb, 0xff, + 0x7d, 0x79, 0xda, 0x14, 0x94, 0x52, 0xcf, 0x11, 0x7c, 0x0e, 0x96, 0x69, 0xbc, 0xb5, 0xca, 0x96, + 0xae, 0xb8, 0xfb, 0x8e, 0x8f, 0x41, 0xb2, 0x52, 0x8c, 0x01, 0x8d, 0x05, 0xed, 0x9f, 0xc1, 0xfb, + 0xf3, 0x7a, 0xa3, 0xe6, 0xac, 0x43, 0x99, 0x3f, 0x3b, 0xba, 0x7b, 0x94, 0xf9, 0x48, 0x7b, 0x14, + 0x82, 0x25, 0x6f, 0xda, 0x04, 0xa1, 0x5f, 0x33, 0xed, 0x81, 0x36, 0x28, 0xbc, 0x24, 0x34, 0x68, + 0x4b, 0x3d, 0x8d, 0xf9, 0x1a, 0x50, 0xdb, 0xef, 0x99, 0xb6, 0x20, 0xe3, 0xb1, 0x43, 0x73, 0x54, + 0xde, 0x68, 0x63, 0xee, 0xeb, 0xfb, 0xa0, 0x7e, 0xe8, 0xd7, 0xd2, 0x9a, 0xb9, 0x0f, 0x63, 0x07, + 0x4a, 0x30, 0x8a, 0xe0, 0x33, 0xd1, 0xe8, 0xb7, 0x5a, 0xf4, 0x27, 0x93, 0xca, 0x84, 0xf0, 0xe8, + 0xa0, 0x11, 0x3b, 0x50, 0x82, 0xb1, 0xff, 0xc8, 0x82, 0xe2, 0xa4, 0x9b, 0x70, 0x0f, 0x94, 0x24, + 0xe1, 0x3d, 0xca, 0xb0, 0x5a, 0x78, 0x33, 0x0f, 0x47, 0xa9, 0x99, 0xb8, 0x54, 0xe7, 0x9a, 0xf5, + 0x46, 0xca, 0xa2, 0x3b, 0x97, 0x66, 0xc3, 0xcf, 0x40, 0xc9, 0x23, 0x5c, 0xd2, 0x16, 0xf5, 0xb0, + 0x1c, 0x17, 0xe6, 0xbd, 0xb1, 0xd8, 0x4e, 0xe2, 0x42, 0x69, 0x1c, 0x5c, 0x03, 0xd9, 0x0e, 0x19, + 0x98, 0x57, 0xa2, 0x64, 0xe0, 0xd9, 0x3d, 0x32, 0x40, 0xca, 0x0e, 0xbf, 0x04, 0xd7, 0x3d, 0x9c, + 0x22, 0x9b, 0x57, 0xe2, 0x96, 0x01, 0x5e, 0xdf, 0x79, 0x98, 0x56, 0x9e, 0xc6, 0xc2, 0x17, 0xa0, + 0xec, 0x13, 0x21, 0x4d, 0x86, 0x53, 0x50, 0xf3, 0x0e, 0xaf, 0x1b, 0x9d, 0xf2, 0xa3, 0x0b, 0x70, + 0xe8, 0x42, 0x05, 0xf8, 0xda, 0x02, 0x6b, 0x94, 0x09, 0xe2, 0xf5, 0x39, 0xf9, 0xda, 0x0f, 0x48, + 0xaa, 0x3a, 0xe6, 0x36, 0x14, 0x74, 0x8c, 0x27, 0x26, 0xc6, 0xda, 0xee, 0x65, 0xe0, 0xb3, 0x61, + 0x75, 0xe3, 0x52, 0x80, 0xae, 0xf8, 0xe5, 0x01, 0x6b, 0x8f, 0x4f, 0x4e, 0x2b, 0x4b, 0x6f, 0x4e, + 0x2b, 0x4b, 0x6f, 0x4f, 0x2b, 0x4b, 0xaf, 0x46, 0x15, 0xeb, 0x64, 0x54, 0xb1, 0xde, 0x8c, 0x2a, + 0xd6, 0xdb, 0x51, 0xc5, 0xfa, 0x73, 0x54, 0xb1, 0x5e, 0xff, 0x55, 0x59, 0x7a, 0xbe, 0x71, 0xe5, + 0x1f, 0x85, 0x7f, 0x02, 0x00, 0x00, 0xff, 0xff, 0x2a, 0x8e, 0xb3, 0x95, 0x4c, 0x0c, 0x00, 0x00, } func (m *Route) Marshal() (dAtA []byte, err error) { @@ -1391,10 +1391,7 @@ func (m *Route) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthGenerated - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthGenerated } if (iNdEx + skippy) > l { @@ -1606,10 +1603,7 @@ func (m *RouteIngress) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthGenerated - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthGenerated } if (iNdEx + skippy) > l { @@ -1823,10 +1817,7 @@ func (m *RouteIngressCondition) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthGenerated - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthGenerated } if (iNdEx + skippy) > l { @@ -1943,10 +1934,7 @@ func (m *RouteList) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthGenerated - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthGenerated } if (iNdEx + skippy) > l { @@ -2029,10 +2017,7 @@ func (m *RoutePort) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthGenerated - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthGenerated } if (iNdEx + skippy) > l { @@ -2349,10 +2334,7 @@ func (m *RouteSpec) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthGenerated - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthGenerated } if (iNdEx + skippy) > l { @@ -2436,10 +2418,7 @@ func (m *RouteStatus) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthGenerated - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthGenerated } if (iNdEx + skippy) > l { @@ -2573,10 +2552,7 @@ func (m *RouteTargetReference) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthGenerated - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthGenerated } if (iNdEx + skippy) > l { @@ -2690,10 +2666,7 @@ func (m *RouterShard) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthGenerated - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthGenerated } if (iNdEx + skippy) > l { @@ -2935,10 +2908,7 @@ func (m *TLSConfig) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthGenerated - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthGenerated } if (iNdEx + skippy) > l { @@ -2956,6 +2926,7 @@ func (m *TLSConfig) Unmarshal(dAtA []byte) error { func skipGenerated(dAtA []byte) (n int, err error) { l := len(dAtA) iNdEx := 0 + depth := 0 for iNdEx < l { var wire uint64 for shift := uint(0); ; shift += 7 { @@ -2987,10 +2958,8 @@ func skipGenerated(dAtA []byte) (n int, err error) { break } } - return iNdEx, nil case 1: iNdEx += 8 - return iNdEx, nil case 2: var length int for shift := uint(0); ; shift += 7 { @@ -3011,55 +2980,30 @@ func skipGenerated(dAtA []byte) (n int, err error) { return 0, ErrInvalidLengthGenerated } iNdEx += length - if iNdEx < 0 { - return 0, ErrInvalidLengthGenerated - } - return iNdEx, nil case 3: - for { - var innerWire uint64 - var start int = iNdEx - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return 0, ErrIntOverflowGenerated - } - if iNdEx >= l { - return 0, io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - innerWire |= (uint64(b) & 0x7F) << shift - if b < 0x80 { - break - } - } - innerWireType := int(innerWire & 0x7) - if innerWireType == 4 { - break - } - next, err := skipGenerated(dAtA[start:]) - if err != nil { - return 0, err - } - iNdEx = start + next - if iNdEx < 0 { - return 0, ErrInvalidLengthGenerated - } - } - return iNdEx, nil + depth++ case 4: - return iNdEx, nil + if depth == 0 { + return 0, ErrUnexpectedEndOfGroupGenerated + } + depth-- case 5: iNdEx += 4 - return iNdEx, nil default: return 0, fmt.Errorf("proto: illegal wireType %d", wireType) } + if iNdEx < 0 { + return 0, ErrInvalidLengthGenerated + } + if depth == 0 { + return iNdEx, nil + } } - panic("unreachable") + return 0, io.ErrUnexpectedEOF } var ( - ErrInvalidLengthGenerated = fmt.Errorf("proto: negative length found during unmarshaling") - ErrIntOverflowGenerated = fmt.Errorf("proto: integer overflow") + ErrInvalidLengthGenerated = fmt.Errorf("proto: negative length found during unmarshaling") + ErrIntOverflowGenerated = fmt.Errorf("proto: integer overflow") + ErrUnexpectedEndOfGroupGenerated = fmt.Errorf("proto: unexpected end of group") ) diff --git a/vendor/github.com/openshift/api/route/v1/generated.proto b/vendor/github.com/openshift/api/route/v1/generated.proto index d4dfcdd628..61a777ae7c 100644 --- a/vendor/github.com/openshift/api/route/v1/generated.proto +++ b/vendor/github.com/openshift/api/route/v1/generated.proto @@ -1,7 +1,7 @@ // This file was autogenerated by go-to-protobuf. Do not edit it manually! -syntax = 'proto2'; +syntax = "proto2"; package github.com.openshift.api.route.v1; @@ -11,7 +11,7 @@ import "k8s.io/apimachinery/pkg/runtime/schema/generated.proto"; import "k8s.io/apimachinery/pkg/util/intstr/generated.proto"; // Package-wide variables from generator "generated". -option go_package = "v1"; +option go_package = "github.com/openshift/api/route/v1"; // A route allows developers to expose services through an HTTP(S) aware load balancing and proxy // layer via a public DNS entry. The route may further specify TLS options and a certificate, or @@ -30,14 +30,25 @@ option go_package = "v1"; // return information to clients about the names and states of the route under each router. // If a client chooses a duplicate name, for instance, the route status conditions are used // to indicate the route cannot be chosen. +// +// To enable HTTP/2 ALPN on a route it requires a custom +// (non-wildcard) certificate. This prevents connection coalescing by +// clients, notably web browsers. We do not support HTTP/2 ALPN on +// routes that use the default certificate because of the risk of +// connection re-use/coalescing. Routes that do not have their own +// custom certificate will not be HTTP/2 ALPN-enabled on either the +// frontend or the backend. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message Route { - // Standard object metadata. optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; // spec is the desired state of the route optional RouteSpec spec = 2; // status is the current state of the route + // +optional optional RouteStatus status = 3; } @@ -64,7 +75,7 @@ message RouteIngress { // router. message RouteIngressCondition { // Type is the type of the condition. - // Currently only Ready. + // Currently only Admitted. optional string type = 1; // Status is the status of the condition. @@ -83,8 +94,10 @@ message RouteIngressCondition { } // RouteList is a collection of Routes. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message RouteList { - // Standard object metadata. optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; // items is a list of routes @@ -119,6 +132,10 @@ message RouteSpec { // If not specified a route name will typically be automatically // chosen. // Must follow DNS952 subdomain conventions. + // + // +optional + // +kubebuilder:validation:MaxLength=253 + // +kubebuilder:validation:Pattern=`^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$` optional string host = 1; // subdomain is a DNS subdomain that is requested within the ingress controller's @@ -135,9 +152,14 @@ message RouteSpec { // `apps.mycluster.com` to have a full hostname `frontend.apps.mycluster.com`. // // +optional + // +kubebuilder:validation:MaxLength=253 + // +kubebuilder:validation:Pattern=`^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$` optional string subdomain = 8; // path that the router watches for, to route traffic for to the service. Optional + // + // +optional + // +kubebuilder:validation:Pattern=`^/` optional string path = 2; // to is an object the route should use as the primary backend. Only the Service kind @@ -148,6 +170,8 @@ message RouteSpec { // alternateBackends allows up to 3 additional backends to be assigned to the route. // Only the Service kind is allowed, and it will be defaulted to Service. // Use the weight field in RouteTargetReference object to specify relative preference. + // + // +kubebuilder:validation:MaxItems=3 repeated RouteTargetReference alternateBackends = 4; // If specified, the port to be used by the router. Most routers will use all @@ -160,6 +184,9 @@ message RouteSpec { // Wildcard policy if any for the route. // Currently only 'Subdomain' or 'None' is allowed. + // + // +kubebuilder:validation:Enum=None;Subdomain;"" + // +kubebuilder:default=None optional string wildcardPolicy = 7; } @@ -176,13 +203,23 @@ message RouteStatus { // kind is allowed. Use 'weight' field to emphasize one over others. message RouteTargetReference { // The kind of target that the route is referring to. Currently, only 'Service' is allowed + // + // +kubebuilder:validation:Enum=Service;"" + // +kubebuilder:default=Service optional string kind = 1; // name of the service/target that is being referred to. e.g. name of the service + // + // +kubebuilder:validation:MinLength=1 optional string name = 2; // weight as an integer between 0 and 256, default 100, that specifies the target's relative weight // against other target reference objects. 0 suppresses requests to this backend. + // + // +optional + // +kubebuilder:validation:Minimum=0 + // +kubebuilder:validation:Maximum=256 + // +kubebuilder:default=100 optional int32 weight = 3; } @@ -190,7 +227,7 @@ message RouteTargetReference { // generate host names and routing table entries when a routing shard is // allocated for a specific route. // Caveat: This is WIP and will likely undergo modifications when sharding -// support is added. +// support is added. message RouterShard { // shardName uniquely identifies a router shard in the "set" of // routers used for routing traffic to the services. @@ -203,9 +240,16 @@ message RouterShard { // TLSConfig defines config used to secure a route and provide termination message TLSConfig { // termination indicates termination type. + // + // * edge - TLS termination is done by the router and http is used to communicate with the backend (default) + // * passthrough - Traffic is sent straight to the destination without the router providing TLS termination + // * reencrypt - TLS termination is done by the router and https is used to communicate with the backend + // + // +kubebuilder:validation:Enum=edge;reencrypt;passthrough optional string termination = 1; - // certificate provides certificate contents + // certificate provides certificate contents. This should be a single serving certificate, not a certificate + // chain. Do not include a CA certificate. optional string certificate = 2; // key provides key file contents diff --git a/vendor/github.com/openshift/api/route/v1/route.crd.yaml b/vendor/github.com/openshift/api/route/v1/route.crd.yaml new file mode 100644 index 0000000000..84aba660ba --- /dev/null +++ b/vendor/github.com/openshift/api/route/v1/route.crd.yaml @@ -0,0 +1,298 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/1228 + name: routes.route.openshift.io +spec: + group: route.openshift.io + names: + kind: Route + plural: routes + singular: route + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.ingress[0].host + name: Host + type: string + - jsonPath: .status.ingress[0].conditions[?(@.type=="Admitted")].status + name: Admitted + type: string + - jsonPath: .spec.to.name + name: Service + type: string + - jsonPath: .spec.tls.type + name: TLS + type: string + name: v1 + schema: + openAPIV3Schema: + description: "A route allows developers to expose services through an HTTP(S) aware load balancing and proxy layer via a public DNS entry. The route may further specify TLS options and a certificate, or specify a public CNAME that the router should also accept for HTTP and HTTPS traffic. An administrator typically configures their router to be visible outside the cluster firewall, and may also add additional security, caching, or traffic controls on the service content. Routers usually talk directly to the service endpoints. \n Once a route is created, the `host` field may not be changed. Generally, routers use the oldest route with a given host when resolving conflicts. \n Routers are subject to additional customization and may support additional controls via the annotations field. \n Because administrators may configure multiple routers, the route status field is used to return information to clients about the names and states of the route under each router. If a client chooses a duplicate name, for instance, the route status conditions are used to indicate the route cannot be chosen. \n To enable HTTP/2 ALPN on a route it requires a custom (non-wildcard) certificate. This prevents connection coalescing by clients, notably web browsers. We do not support HTTP/2 ALPN on routes that use the default certificate because of the risk of connection re-use/coalescing. Routes that do not have their own custom certificate will not be HTTP/2 ALPN-enabled on either the frontend or the backend. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + allOf: + - anyOf: + - properties: + path: + maxLength: 0 + - properties: + tls: + enum: + - null + - not: + properties: + tls: + properties: + termination: + enum: + - passthrough + - anyOf: + - not: + properties: + host: + maxLength: 0 + - not: + properties: + wildcardPolicy: + enum: + - Subdomain + description: spec is the desired state of the route + properties: + alternateBackends: + description: alternateBackends allows up to 3 additional backends to be assigned to the route. Only the Service kind is allowed, and it will be defaulted to Service. Use the weight field in RouteTargetReference object to specify relative preference. + items: + description: RouteTargetReference specifies the target that resolve into endpoints. Only the 'Service' kind is allowed. Use 'weight' field to emphasize one over others. + properties: + kind: + default: Service + description: The kind of target that the route is referring to. Currently, only 'Service' is allowed + enum: + - Service + - "" + type: string + name: + description: name of the service/target that is being referred to. e.g. name of the service + minLength: 1 + type: string + weight: + default: 100 + description: weight as an integer between 0 and 256, default 100, that specifies the target's relative weight against other target reference objects. 0 suppresses requests to this backend. + format: int32 + maximum: 256 + minimum: 0 + type: integer + required: + - kind + - name + type: object + maxItems: 3 + type: array + host: + description: host is an alias/DNS that points to the service. Optional. If not specified a route name will typically be automatically chosen. Must follow DNS952 subdomain conventions. + maxLength: 253 + pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ + type: string + path: + description: path that the router watches for, to route traffic for to the service. Optional + pattern: ^/ + type: string + port: + description: If specified, the port to be used by the router. Most routers will use all endpoints exposed by the service by default - set this value to instruct routers which port to use. + properties: + targetPort: + allOf: + - not: + enum: + - 0 + - not: + enum: + - "" + x-kubernetes-int-or-string: true + required: + - targetPort + type: object + subdomain: + description: "subdomain is a DNS subdomain that is requested within the ingress controller's domain (as a subdomain). If host is set this field is ignored. An ingress controller may choose to ignore this suggested name, in which case the controller will report the assigned name in the status.ingress array or refuse to admit the route. If this value is set and the server does not support this field host will be populated automatically. Otherwise host is left empty. The field may have multiple parts separated by a dot, but not all ingress controllers may honor the request. This field may not be changed after creation except by a user with the update routes/custom-host permission. \n Example: subdomain `frontend` automatically receives the router subdomain `apps.mycluster.com` to have a full hostname `frontend.apps.mycluster.com`." + maxLength: 253 + pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ + type: string + tls: + allOf: + - anyOf: + - properties: + caCertificate: + maxLength: 0 + certificate: + maxLength: 0 + destinationCACertificate: + maxLength: 0 + key: + maxLength: 0 + - not: + properties: + termination: + enum: + - passthrough + - anyOf: + - properties: + destinationCACertificate: + maxLength: 0 + - not: + properties: + termination: + enum: + - edge + - anyOf: + - properties: + insecureEdgeTerminationPolicy: + enum: + - "" + - None + - Allow + - Redirect + - not: + properties: + termination: + enum: + - edge + - reencrypt + - anyOf: + - properties: + insecureEdgeTerminationPolicy: + enum: + - "" + - None + - Redirect + - not: + properties: + termination: + enum: + - passthrough + description: The tls field provides the ability to configure certificates and termination for the route. + properties: + caCertificate: + description: caCertificate provides the cert authority certificate contents + type: string + certificate: + description: certificate provides certificate contents. This should be a single serving certificate, not a certificate chain. Do not include a CA certificate. + type: string + destinationCACertificate: + description: destinationCACertificate provides the contents of the ca certificate of the final destination. When using reencrypt termination this file should be provided in order to have routers use it for health checks on the secure connection. If this field is not specified, the router may provide its own destination CA and perform hostname validation using the short service name (service.namespace.svc), which allows infrastructure generated certificates to automatically verify. + type: string + insecureEdgeTerminationPolicy: + description: "insecureEdgeTerminationPolicy indicates the desired behavior for insecure connections to a route. While each router may make its own decisions on which ports to expose, this is normally port 80. \n * Allow - traffic is sent to the server on the insecure port (default) * Disable - no traffic is allowed on the insecure port. * Redirect - clients are redirected to the secure port." + type: string + key: + description: key provides key file contents + type: string + termination: + description: "termination indicates termination type. \n * edge - TLS termination is done by the router and http is used to communicate with the backend (default) * passthrough - Traffic is sent straight to the destination without the router providing TLS termination * reencrypt - TLS termination is done by the router and https is used to communicate with the backend" + enum: + - edge + - reencrypt + - passthrough + type: string + required: + - termination + type: object + to: + description: to is an object the route should use as the primary backend. Only the Service kind is allowed, and it will be defaulted to Service. If the weight field (0-256 default 100) is set to zero, no traffic will be sent to this backend. + properties: + kind: + default: Service + description: The kind of target that the route is referring to. Currently, only 'Service' is allowed + enum: + - Service + - "" + type: string + name: + description: name of the service/target that is being referred to. e.g. name of the service + minLength: 1 + type: string + weight: + default: 100 + description: weight as an integer between 0 and 256, default 100, that specifies the target's relative weight against other target reference objects. 0 suppresses requests to this backend. + format: int32 + maximum: 256 + minimum: 0 + type: integer + required: + - kind + - name + type: object + wildcardPolicy: + default: None + description: Wildcard policy if any for the route. Currently only 'Subdomain' or 'None' is allowed. + enum: + - None + - Subdomain + - "" + type: string + required: + - to + type: object + status: + description: status is the current state of the route + properties: + ingress: + description: ingress describes the places where the route may be exposed. The list of ingress points may contain duplicate Host or RouterName values. Routes are considered live once they are `Ready` + items: + description: RouteIngress holds information about the places where a route is exposed. + properties: + conditions: + description: Conditions is the state of the route, may be empty. + items: + description: RouteIngressCondition contains details for the current condition of this route on a particular router. + properties: + lastTransitionTime: + description: RFC 3339 date and time when this condition last transitioned + format: date-time + type: string + message: + description: Human readable message indicating details about last transition. + type: string + reason: + description: (brief) reason for the condition's last transition, and is usually a machine and human readable constant + type: string + status: + description: Status is the status of the condition. Can be True, False, Unknown. + type: string + type: + description: Type is the type of the condition. Currently only Admitted. + type: string + required: + - status + - type + type: object + type: array + host: + description: Host is the host string under which the route is exposed; this value is required + type: string + routerCanonicalHostname: + description: CanonicalHostname is the external host name for the router that can be used as a CNAME for the host requested for this route. This value is optional and may not be set in all cases. + type: string + routerName: + description: Name is a name chosen by the router to identify itself; this value is required + type: string + wildcardPolicy: + description: Wildcard policy is the wildcard policy that was allowed where this route is exposed. + type: string + type: object + type: array + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/route/v1/route.crd.yaml-patch b/vendor/github.com/openshift/api/route/v1/route.crd.yaml-patch new file mode 100644 index 0000000000..47fbb5da8d --- /dev/null +++ b/vendor/github.com/openshift/api/route/v1/route.crd.yaml-patch @@ -0,0 +1,86 @@ +- op: add + path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/spec/allOf + value: + # spec.path must be empty when using passthrough TLS. + - anyOf: + - properties: + path: + maxLength: 0 + - properties: + tls: + enum: [null] + - not: + properties: + tls: + properties: + termination: + enum: ["passthrough"] + # spec.host must be nonempty for a wildcard route. + - anyOf: + - not: + properties: + host: + maxLength: 0 + - not: + properties: + wildcardPolicy: + enum: ["Subdomain"] +- op: add + path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/spec/properties/port/properties/targetPort + value: + # spec.port.targetPort cannot be the integer 0 or the empty string. (Note + # that negative integer values are allowed, as is the string "0".) + allOf: + - not: + enum: [0] + - not: + enum: [""] + x-kubernetes-int-or-string: true +- op: add + path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/spec/properties/tls/allOf + value: + # spec.tls.certificate, spec.tls.key, spec.tls.caCertificate, and + # spec.tls.destinationCACertificate must omitted when using passthrough TLS. + - anyOf: + - properties: + certificate: + maxLength: 0 + key: + maxLength: 0 + caCertificate: + maxLength: 0 + destinationCACertificate: + maxLength: 0 + - not: + properties: + termination: + enum: ["passthrough"] + # spec.tls.destinationCACertificate must be omitted when using edge-terminated + # TLS. + - anyOf: + - properties: + destinationCACertificate: + maxLength: 0 + - not: + properties: + termination: + enum: ["edge"] + # Any insecure edge-termination policy may be used if we terminate TLS. + - anyOf: + - properties: + insecureEdgeTerminationPolicy: + enum: ["", "None", "Allow", "Redirect"] + - not: + properties: + termination: + enum: ["edge","reencrypt"] + # Any insecure edge-termination policy *except* for "Allow" maybe used when + # using passthrough TLS. + - anyOf: + - properties: + insecureEdgeTerminationPolicy: + enum: ["", "None", "Redirect"] + - not: + properties: + termination: + enum: ["passthrough"] diff --git a/vendor/github.com/openshift/api/route/v1/stable.route.testsuite.yaml b/vendor/github.com/openshift/api/route/v1/stable.route.testsuite.yaml new file mode 100644 index 0000000000..68e144b642 --- /dev/null +++ b/vendor/github.com/openshift/api/route/v1/stable.route.testsuite.yaml @@ -0,0 +1,22 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "[Stable] Route" +crd: route.crd.yaml +tests: + onCreate: + - name: Should be able to create a minimal Route + initial: | + apiVersion: route.openshift.io/v1 + kind: Route + spec: + to: + kind: Service + name: foo + expected: | + apiVersion: route.openshift.io/v1 + kind: Route + spec: + to: + kind: Service + name: foo + weight: 100 + wildcardPolicy: None diff --git a/vendor/github.com/openshift/api/route/v1/test-route-validation.sh b/vendor/github.com/openshift/api/route/v1/test-route-validation.sh new file mode 100644 index 0000000000..f1192d4a16 --- /dev/null +++ b/vendor/github.com/openshift/api/route/v1/test-route-validation.sh @@ -0,0 +1,476 @@ +#!/bin/bash + +# This shell script runs a series of `oc` commands to create various OpenShift +# route objects, some invalid and some valid, and verifies that the API rejects +# the invalid ones and admits the valid ones. Note that this script does not +# verify defaulting behavior and does not examine the rejection reason; it only +# checks whether the `oc create` command succeeds or fails. This script +# requires a cluster and a kubeconfig in a location where oc will find it. + +set -uo pipefail + +expect_pass() { + rc=$? + if [[ $rc != 0 ]] + then + tput setaf 1 + echo "expected success: $*, got exit code $rc" + tput sgr0 + exit 1 + fi + tput setaf 2 + echo "got expected success: $*" + tput sgr0 +} + +expect_fail() { + rc=$? + if [[ $rc = 0 ]] + then + tput setaf 1 + echo "expected failure: $*, got exit code $rc" + exit 1 + fi + tput setaf 2 + echo "got expected failure: $*" + tput sgr0 +} + +delete_route() { + oc -n openshift-ingress delete routes.route/testroute || exit 1 +} + +oc create -f - <<'EOF' +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + namespace: openshift-ingress + name: testroute +spec: + host: test.foo + path: / + tls: + termination: passthrough + to: + kind: Service + name: router-internal-default +EOF +expect_fail 'passthrough with nonempty path' + +oc create -f - <<'EOF' +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + namespace: openshift-ingress + name: testroute +spec: + host: test.foo + path: / + to: + kind: Service + name: router-internal-default +EOF +expect_pass 'non-TLS with nonempty path' +delete_route + +oc create -f - <<'EOF' +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + namespace: openshift-ingress + name: testroute +spec: + host: test.foo + path: / + tls: + termination: edge + to: + kind: Service + name: router-internal-default +EOF +expect_pass 'edge-terminated with nonempty path' +delete_route + +oc create -f - <<'EOF' +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + namespace: openshift-ingress + name: testroute +spec: + host: test.foo + path: x + tls: + termination: edge + to: + kind: Service + name: router-internal-default +EOF +expect_fail 'path starting with non-slash character' + +oc create -f - <<'EOF' +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + namespace: openshift-ingress + name: testroute +spec: + to: + kind: Service + name: router-internal-default + wildcardPolicy: Subdomain +EOF +expect_fail 'spec.wildcardPolicy: Subdomain requires a nonempty value for spec.host' + +oc create -f - <<'EOF' +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + namespace: openshift-ingress + name: testroute +spec: + host: test.foo + to: + name: router-internal-default + port: + targetPort: "" +EOF +expect_fail 'cannot have empty spec.port.targetPort' + +oc create -f - <<'EOF' +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + namespace: openshift-ingress + name: testroute +spec: + host: test.foo + to: + name: router-internal-default + port: + targetPort: 0 +EOF +expect_fail 'cannot have numeric 0 value for spec.port.targetPort' + +oc create -f - <<'EOF' +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + namespace: openshift-ingress + name: testroute +spec: + host: test.foo + to: + name: router-internal-default + port: + targetPort: "0" +EOF +expect_pass 'can have string "0" value for spec.port.targetPort' +delete_route + +oc create -f - <<'EOF' +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + namespace: openshift-ingress + name: testroute +spec: + host: test.foo + to: + name: router-internal-default + port: + targetPort: 1 +EOF +expect_pass 'can have numeric 1 value for spec.port.targetPort' +delete_route + +oc create -f - <<'EOF' +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + namespace: openshift-ingress + name: testroute +spec: + host: test.foo + to: + name: router-internal-default + port: + targetPort: x +EOF +expect_pass 'can have string "x" value for spec.port.targetPort' +delete_route + +oc create -f - <<'EOF' +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + namespace: openshift-ingress + name: testroute +spec: + host: test.foo + tls: + termination: passthrough + to: + kind: Nonsense + name: router-internal-default +EOF +expect_fail 'nonsense value for spec.to.kind' + + +oc create -f - <<'EOF' +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + namespace: openshift-ingress + name: testroute +spec: + host: test.foo + tls: + termination: passthrough + to: + kind: Service + name: "" +EOF +expect_fail 'spec.to.name cannot be empty' + +oc create -f - <<'EOF' +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + namespace: openshift-ingress + name: testroute +spec: + host: test.foo + to: + name: router-internal-default + weight: -1 +EOF +expect_fail 'spec.to.weight cannot be negative' + +oc create -f - <<'EOF' +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + namespace: openshift-ingress + name: testroute +spec: + host: test.foo + to: + name: router-internal-default + weight: 300 +EOF +expect_fail 'spec.to.weight cannot exceed 256' + +oc create -f - <<'EOF' +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + namespace: openshift-ingress + name: testroute +spec: + host: test.foo + to: + name: router-internal-default + weight: 100 +EOF +expect_pass 'spec.to.weight has a valid value' +delete_route + +oc create -f - <<'EOF' +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + namespace: openshift-ingress + name: testroute +spec: + host: test.foo + to: + name: router-internal-default + alternateBackends: + - name: router-internal-default + - name: router-internal-default + - name: router-internal-default + - name: router-internal-default +EOF +expect_fail 'cannot have >3 values under spec.alternateBackends' + +oc create -f - <<'EOF' +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + namespace: openshift-ingress + name: testroute +spec: + host: test.foo + to: + name: router-internal-default + alternateBackends: + - name: router-internal-default + - name: "" + - name: router-internal-default +EOF +expect_fail 'cannot have empty spec.alternateBackends[*].name' + +oc create -f - <<'EOF' +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + namespace: openshift-ingress + name: testroute +spec: + host: test.foo + to: + name: router-internal-default + alternateBackends: + - name: router-internal-default + - name: router-internal-default + - name: router-internal-default +EOF +expect_pass 'valid spec.alternateBackends' +delete_route + +oc create -f - <<'EOF' +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + namespace: openshift-ingress + name: testroute +spec: + host: test.foo + to: + name: router-internal-default + tls: + termination: passthrough + certificate: "x" +EOF +expect_fail 'cannot have both spec.tls.termination: passthrough and nonempty spec.tls.certificate' + +oc create -f - <<'EOF' +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + namespace: openshift-ingress + name: testroute +spec: + host: test.foo + to: + name: router-internal-default + tls: + termination: passthrough + key: "x" +EOF +expect_fail 'cannot have both spec.tls.termination: passthrough and nonempty spec.tls.key' + +oc create -f - <<'EOF' +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + namespace: openshift-ingress + name: testroute +spec: + host: test.foo + to: + name: router-internal-default + tls: + termination: passthrough + caCertificate: "x" +EOF +expect_fail 'cannot have both spec.tls.termination: passthrough and nonempty spec.tls.caCertificate' + +oc create -f - <<'EOF' +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + namespace: openshift-ingress + name: testroute +spec: + host: test.foo + to: + name: router-internal-default + tls: + termination: passthrough + destinationCACertificate: "x" +EOF +expect_fail 'cannot have both spec.tls.termination: passthrough and nonempty spec.tls.destinationCACertificate' + +oc create -f - <<'EOF' +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + namespace: openshift-ingress + name: testroute +spec: + host: test.foo + to: + name: router-internal-default + tls: + termination: edge + destinationCACertificate: "x" +EOF +expect_fail 'cannot have both spec.tls.termination: edge and nonempty spec.tls.destinationCACertificate' + +oc create -f - <<'EOF' +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + namespace: openshift-ingress + name: testroute +spec: + host: test.foo + to: + name: router-internal-default + tls: + termination: edge + insecureEdgeTerminationPolicy: nonsense +EOF +expect_fail 'cannot have nonsense value for spec.tls.insecureEdgeTerminationPolicy' + +oc create -f - <<'EOF' +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + namespace: openshift-ingress + name: testroute +spec: + host: test.foo + to: + name: router-internal-default + tls: + termination: passthrough + insecureEdgeTerminationPolicy: Allow +EOF +expect_fail 'cannot have both spec.tls.termination: passthrough and spec.tls.insecureEdgeTerminationPolicy: Allow' + +oc create -f - <<'EOF' +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + namespace: openshift-ingress + name: testroute +spec: + host: test.foo + to: + name: router-internal-default + tls: + termination: passthrough + insecureEdgeTerminationPolicy: Redirect +EOF +expect_pass 'spec.tls.termination: passthrough is compatible with spec.tls.insecureEdgeTerminationPolicy: Redirect' +delete_route + +oc create -f - <<'EOF' +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + namespace: openshift-ingress + name: testroute +spec: + host: test.foo + to: + name: router-internal-default + tls: + termination: passthrough + insecureEdgeTerminationPolicy: None +EOF +expect_pass 'spec.tls.termination: passthrough is compatible with spec.tls.insecureEdgeTerminationPolicy: None' +delete_route diff --git a/vendor/github.com/openshift/api/route/v1/types.go b/vendor/github.com/openshift/api/route/v1/types.go index 4ea1881950..d77fc555fc 100644 --- a/vendor/github.com/openshift/api/route/v1/types.go +++ b/vendor/github.com/openshift/api/route/v1/types.go @@ -8,6 +8,8 @@ import ( // +genclient // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:object:root=true +// +kubebuilder:subresource:status // A route allows developers to expose services through an HTTP(S) aware load balancing and proxy // layer via a public DNS entry. The route may further specify TLS options and a certificate, or @@ -26,23 +28,36 @@ import ( // return information to clients about the names and states of the route under each router. // If a client chooses a duplicate name, for instance, the route status conditions are used // to indicate the route cannot be chosen. +// +// To enable HTTP/2 ALPN on a route it requires a custom +// (non-wildcard) certificate. This prevents connection coalescing by +// clients, notably web browsers. We do not support HTTP/2 ALPN on +// routes that use the default certificate because of the risk of +// connection re-use/coalescing. Routes that do not have their own +// custom certificate will not be HTTP/2 ALPN-enabled on either the +// frontend or the backend. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type Route struct { - metav1.TypeMeta `json:",inline"` - // Standard object metadata. + metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` // spec is the desired state of the route Spec RouteSpec `json:"spec" protobuf:"bytes,2,opt,name=spec"` // status is the current state of the route - Status RouteStatus `json:"status" protobuf:"bytes,3,opt,name=status"` + // +optional + Status RouteStatus `json:"status,omitempty" protobuf:"bytes,3,opt,name=status"` } // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // RouteList is a collection of Routes. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type RouteList struct { metav1.TypeMeta `json:",inline"` - // Standard object metadata. metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` // items is a list of routes @@ -69,7 +84,11 @@ type RouteSpec struct { // If not specified a route name will typically be automatically // chosen. // Must follow DNS952 subdomain conventions. - Host string `json:"host" protobuf:"bytes,1,opt,name=host"` + // + // +optional + // +kubebuilder:validation:MaxLength=253 + // +kubebuilder:validation:Pattern=`^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$` + Host string `json:"host,omitempty" protobuf:"bytes,1,opt,name=host"` // subdomain is a DNS subdomain that is requested within the ingress controller's // domain (as a subdomain). If host is set this field is ignored. An ingress // controller may choose to ignore this suggested name, in which case the controller @@ -84,9 +103,14 @@ type RouteSpec struct { // `apps.mycluster.com` to have a full hostname `frontend.apps.mycluster.com`. // // +optional + // +kubebuilder:validation:MaxLength=253 + // +kubebuilder:validation:Pattern=`^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$` Subdomain string `json:"subdomain,omitempty" protobuf:"bytes,8,opt,name=subdomain"` // path that the router watches for, to route traffic for to the service. Optional + // + // +optional + // +kubebuilder:validation:Pattern=`^/` Path string `json:"path,omitempty" protobuf:"bytes,2,opt,name=path"` // to is an object the route should use as the primary backend. Only the Service kind @@ -97,6 +121,8 @@ type RouteSpec struct { // alternateBackends allows up to 3 additional backends to be assigned to the route. // Only the Service kind is allowed, and it will be defaulted to Service. // Use the weight field in RouteTargetReference object to specify relative preference. + // + // +kubebuilder:validation:MaxItems=3 AlternateBackends []RouteTargetReference `json:"alternateBackends,omitempty" protobuf:"bytes,4,rep,name=alternateBackends"` // If specified, the port to be used by the router. Most routers will use all @@ -109,6 +135,9 @@ type RouteSpec struct { // Wildcard policy if any for the route. // Currently only 'Subdomain' or 'None' is allowed. + // + // +kubebuilder:validation:Enum=None;Subdomain;"" + // +kubebuilder:default=None WildcardPolicy WildcardPolicyType `json:"wildcardPolicy,omitempty" protobuf:"bytes,7,opt,name=wildcardPolicy"` } @@ -116,13 +145,23 @@ type RouteSpec struct { // kind is allowed. Use 'weight' field to emphasize one over others. type RouteTargetReference struct { // The kind of target that the route is referring to. Currently, only 'Service' is allowed + // + // +kubebuilder:validation:Enum=Service;"" + // +kubebuilder:default=Service Kind string `json:"kind" protobuf:"bytes,1,opt,name=kind"` // name of the service/target that is being referred to. e.g. name of the service + // + // +kubebuilder:validation:MinLength=1 Name string `json:"name" protobuf:"bytes,2,opt,name=name"` // weight as an integer between 0 and 256, default 100, that specifies the target's relative weight // against other target reference objects. 0 suppresses requests to this backend. + // + // +optional + // +kubebuilder:validation:Minimum=0 + // +kubebuilder:validation:Maximum=256 + // +kubebuilder:default=100 Weight *int32 `json:"weight" protobuf:"varint,3,opt,name=weight"` } @@ -140,7 +179,7 @@ type RouteStatus struct { // ingress describes the places where the route may be exposed. The list of // ingress points may contain duplicate Host or RouterName values. Routes // are considered live once they are `Ready` - Ingress []RouteIngress `json:"ingress" protobuf:"bytes,1,rep,name=ingress"` + Ingress []RouteIngress `json:"ingress,omitempty" protobuf:"bytes,1,rep,name=ingress"` } // RouteIngress holds information about the places where a route is exposed. @@ -172,7 +211,7 @@ const ( // router. type RouteIngressCondition struct { // Type is the type of the condition. - // Currently only Ready. + // Currently only Admitted. Type RouteIngressConditionType `json:"type" protobuf:"bytes,1,opt,name=type,casttype=RouteIngressConditionType"` // Status is the status of the condition. // Can be True, False, Unknown. @@ -190,7 +229,7 @@ type RouteIngressCondition struct { // generate host names and routing table entries when a routing shard is // allocated for a specific route. // Caveat: This is WIP and will likely undergo modifications when sharding -// support is added. +// support is added. type RouterShard struct { // shardName uniquely identifies a router shard in the "set" of // routers used for routing traffic to the services. @@ -203,9 +242,16 @@ type RouterShard struct { // TLSConfig defines config used to secure a route and provide termination type TLSConfig struct { // termination indicates termination type. + // + // * edge - TLS termination is done by the router and http is used to communicate with the backend (default) + // * passthrough - Traffic is sent straight to the destination without the router providing TLS termination + // * reencrypt - TLS termination is done by the router and https is used to communicate with the backend + // + // +kubebuilder:validation:Enum=edge;reencrypt;passthrough Termination TLSTerminationType `json:"termination" protobuf:"bytes,1,opt,name=termination,casttype=TLSTerminationType"` - // certificate provides certificate contents + // certificate provides certificate contents. This should be a single serving certificate, not a certificate + // chain. Do not include a CA certificate. Certificate string `json:"certificate,omitempty" protobuf:"bytes,2,opt,name=certificate"` // key provides key file contents @@ -269,3 +315,32 @@ const ( // Note that this will not match acme.test only *.acme.test WildcardPolicySubdomain WildcardPolicyType = "Subdomain" ) + +// Route Annotations +const ( + // AllowNonDNSCompliantHostAnnotation indicates that the host name in a route + // configuration is not required to follow strict DNS compliance. + // Unless the annotation is set to true, the route host name must have at least one label. + // Labels must have no more than 63 characters from the set of + // alphanumeric characters, '-' or '.', and must start and end with an alphanumeric + // character. A trailing dot is not allowed. The total host name length must be no more + // than 253 characters. + // + // When the annotation is set to true, the host name must pass a smaller set of + // requirements, i.e.: character set as described above, and total host name + // length must be no more than 253 characters. + // + // NOTE: use of this annotation may validate routes that cannot be admitted and will + // not function. The annotation is provided to allow a custom scenario, e.g. a custom + // ingress controller that relies on the route API, but for some customized purpose + // needs to use routes with invalid hosts. + AllowNonDNSCompliantHostAnnotation = "route.openshift.io/allow-non-dns-compliant-host" +) + +// Ingress-to-route controller +const ( + // IngressToRouteIngressClassControllerName is the name of the + // controller that translates ingresses into routes. This value is + // intended to be used for the spec.controller field of ingressclasses. + IngressToRouteIngressClassControllerName = "openshift.io/ingress-to-route" +) diff --git a/vendor/github.com/openshift/api/route/v1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/route/v1/zz_generated.deepcopy.go index a9576c414c..ad8aa77fc7 100644 --- a/vendor/github.com/openshift/api/route/v1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/route/v1/zz_generated.deepcopy.go @@ -1,3 +1,4 @@ +//go:build !ignore_autogenerated // +build !ignore_autogenerated // Code generated by deepcopy-gen. DO NOT EDIT. diff --git a/vendor/github.com/openshift/api/route/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/route/v1/zz_generated.swagger_doc_generated.go index d68df44981..594e564b5a 100644 --- a/vendor/github.com/openshift/api/route/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/route/v1/zz_generated.swagger_doc_generated.go @@ -12,10 +12,9 @@ package v1 // AUTO-GENERATED FUNCTIONS START HERE var map_Route = map[string]string{ - "": "A route allows developers to expose services through an HTTP(S) aware load balancing and proxy layer via a public DNS entry. The route may further specify TLS options and a certificate, or specify a public CNAME that the router should also accept for HTTP and HTTPS traffic. An administrator typically configures their router to be visible outside the cluster firewall, and may also add additional security, caching, or traffic controls on the service content. Routers usually talk directly to the service endpoints.\n\nOnce a route is created, the `host` field may not be changed. Generally, routers use the oldest route with a given host when resolving conflicts.\n\nRouters are subject to additional customization and may support additional controls via the annotations field.\n\nBecause administrators may configure multiple routers, the route status field is used to return information to clients about the names and states of the route under each router. If a client chooses a duplicate name, for instance, the route status conditions are used to indicate the route cannot be chosen.", - "metadata": "Standard object metadata.", - "spec": "spec is the desired state of the route", - "status": "status is the current state of the route", + "": "A route allows developers to expose services through an HTTP(S) aware load balancing and proxy layer via a public DNS entry. The route may further specify TLS options and a certificate, or specify a public CNAME that the router should also accept for HTTP and HTTPS traffic. An administrator typically configures their router to be visible outside the cluster firewall, and may also add additional security, caching, or traffic controls on the service content. Routers usually talk directly to the service endpoints.\n\nOnce a route is created, the `host` field may not be changed. Generally, routers use the oldest route with a given host when resolving conflicts.\n\nRouters are subject to additional customization and may support additional controls via the annotations field.\n\nBecause administrators may configure multiple routers, the route status field is used to return information to clients about the names and states of the route under each router. If a client chooses a duplicate name, for instance, the route status conditions are used to indicate the route cannot be chosen.\n\nTo enable HTTP/2 ALPN on a route it requires a custom (non-wildcard) certificate. This prevents connection coalescing by clients, notably web browsers. We do not support HTTP/2 ALPN on routes that use the default certificate because of the risk of connection re-use/coalescing. Routes that do not have their own custom certificate will not be HTTP/2 ALPN-enabled on either the frontend or the backend.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "spec": "spec is the desired state of the route", + "status": "status is the current state of the route", } func (Route) SwaggerDoc() map[string]string { @@ -37,7 +36,7 @@ func (RouteIngress) SwaggerDoc() map[string]string { var map_RouteIngressCondition = map[string]string{ "": "RouteIngressCondition contains details for the current condition of this route on a particular router.", - "type": "Type is the type of the condition. Currently only Ready.", + "type": "Type is the type of the condition. Currently only Admitted.", "status": "Status is the status of the condition. Can be True, False, Unknown.", "reason": "(brief) reason for the condition's last transition, and is usually a machine and human readable constant", "message": "Human readable message indicating details about last transition.", @@ -49,9 +48,8 @@ func (RouteIngressCondition) SwaggerDoc() map[string]string { } var map_RouteList = map[string]string{ - "": "RouteList is a collection of Routes.", - "metadata": "Standard object metadata.", - "items": "items is a list of routes", + "": "RouteList is a collection of Routes.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "items": "items is a list of routes", } func (RouteList) SwaggerDoc() map[string]string { @@ -104,7 +102,7 @@ func (RouteTargetReference) SwaggerDoc() map[string]string { } var map_RouterShard = map[string]string{ - "": "RouterShard has information of a routing shard and is used to generate host names and routing table entries when a routing shard is allocated for a specific route. Caveat: This is WIP and will likely undergo modifications when sharding\n support is added.", + "": "RouterShard has information of a routing shard and is used to generate host names and routing table entries when a routing shard is allocated for a specific route. Caveat: This is WIP and will likely undergo modifications when sharding support is added.", "shardName": "shardName uniquely identifies a router shard in the \"set\" of routers used for routing traffic to the services.", "dnsSuffix": "dnsSuffix for the shard ala: shard-1.v3.openshift.com", } @@ -115,8 +113,8 @@ func (RouterShard) SwaggerDoc() map[string]string { var map_TLSConfig = map[string]string{ "": "TLSConfig defines config used to secure a route and provide termination", - "termination": "termination indicates termination type.", - "certificate": "certificate provides certificate contents", + "termination": "termination indicates termination type.\n\n* edge - TLS termination is done by the router and http is used to communicate with the backend (default) * passthrough - Traffic is sent straight to the destination without the router providing TLS termination * reencrypt - TLS termination is done by the router and https is used to communicate with the backend", + "certificate": "certificate provides certificate contents. This should be a single serving certificate, not a certificate chain. Do not include a CA certificate.", "key": "key provides key file contents", "caCertificate": "caCertificate provides the cert authority certificate contents", "destinationCACertificate": "destinationCACertificate provides the contents of the ca certificate of the final destination. When using reencrypt termination this file should be provided in order to have routers use it for health checks on the secure connection. If this field is not specified, the router may provide its own destination CA and perform hostname validation using the short service name (service.namespace.svc), which allows infrastructure generated certificates to automatically verify.", diff --git a/vendor/github.com/openshift/api/security/v1/0000_03_security-openshift_01_scc.crd.yaml b/vendor/github.com/openshift/api/security/v1/0000_03_security-openshift_01_scc.crd.yaml new file mode 100644 index 0000000000..f08d16578a --- /dev/null +++ b/vendor/github.com/openshift/api/security/v1/0000_03_security-openshift_01_scc.crd.yaml @@ -0,0 +1,279 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/470 + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" + name: securitycontextconstraints.security.openshift.io +spec: + group: security.openshift.io + names: + kind: SecurityContextConstraints + listKind: SecurityContextConstraintsList + plural: securitycontextconstraints + singular: securitycontextconstraints + scope: Cluster + versions: + - additionalPrinterColumns: + - description: Determines if a container can request to be run as privileged + jsonPath: .allowPrivilegedContainer + name: Priv + type: string + - description: A list of capabilities that can be requested to add to the container + jsonPath: .allowedCapabilities + name: Caps + type: string + - description: Strategy that will dictate what labels will be set in the SecurityContext + jsonPath: .seLinuxContext.type + name: SELinux + type: string + - description: Strategy that will dictate what RunAsUser is used in the SecurityContext + jsonPath: .runAsUser.type + name: RunAsUser + type: string + - description: Strategy that will dictate what fs group is used by the SecurityContext + jsonPath: .fsGroup.type + name: FSGroup + type: string + - description: Strategy that will dictate what supplemental groups are used by the SecurityContext + jsonPath: .supplementalGroups.type + name: SupGroup + type: string + - description: Sort order of SCCs + jsonPath: .priority + name: Priority + type: string + - description: Force containers to run with a read only root file system + jsonPath: .readOnlyRootFilesystem + name: ReadOnlyRootFS + type: string + - description: White list of allowed volume plugins + jsonPath: .volumes + name: Volumes + type: string + name: v1 + schema: + openAPIV3Schema: + description: "SecurityContextConstraints governs the ability to make requests that affect the SecurityContext that will be applied to a container. For historical reasons SCC was exposed under the core Kubernetes API group. That exposure is deprecated and will be removed in a future release - users should instead use the security.openshift.io group to manage SecurityContextConstraints. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." + type: object + required: + - allowHostDirVolumePlugin + - allowHostIPC + - allowHostNetwork + - allowHostPID + - allowHostPorts + - allowPrivilegedContainer + - allowedCapabilities + - defaultAddCapabilities + - priority + - readOnlyRootFilesystem + - requiredDropCapabilities + - volumes + properties: + allowHostDirVolumePlugin: + description: AllowHostDirVolumePlugin determines if the policy allow containers to use the HostDir volume plugin + type: boolean + allowHostIPC: + description: AllowHostIPC determines if the policy allows host ipc in the containers. + type: boolean + allowHostNetwork: + description: AllowHostNetwork determines if the policy allows the use of HostNetwork in the pod spec. + type: boolean + allowHostPID: + description: AllowHostPID determines if the policy allows host pid in the containers. + type: boolean + allowHostPorts: + description: AllowHostPorts determines if the policy allows host ports in the containers. + type: boolean + allowPrivilegeEscalation: + description: AllowPrivilegeEscalation determines if a pod can request to allow privilege escalation. If unspecified, defaults to true. + type: boolean + nullable: true + allowPrivilegedContainer: + description: AllowPrivilegedContainer determines if a container can request to be run as privileged. + type: boolean + allowedCapabilities: + description: AllowedCapabilities is a list of capabilities that can be requested to add to the container. Capabilities in this field maybe added at the pod author's discretion. You must not list a capability in both AllowedCapabilities and RequiredDropCapabilities. To allow all capabilities you may use '*'. + type: array + items: + description: Capability represent POSIX capabilities type + type: string + nullable: true + allowedFlexVolumes: + description: AllowedFlexVolumes is a whitelist of allowed Flexvolumes. Empty or nil indicates that all Flexvolumes may be used. This parameter is effective only when the usage of the Flexvolumes is allowed in the "Volumes" field. + type: array + items: + description: AllowedFlexVolume represents a single Flexvolume that is allowed to be used. + type: object + required: + - driver + properties: + driver: + description: Driver is the name of the Flexvolume driver. + type: string + nullable: true + allowedUnsafeSysctls: + description: "AllowedUnsafeSysctls is a list of explicitly allowed unsafe sysctls, defaults to none. Each entry is either a plain sysctl name or ends in \"*\" in which case it is considered as a prefix of allowed sysctls. Single * means all unsafe sysctls are allowed. Kubelet has to whitelist all allowed unsafe sysctls explicitly to avoid rejection. \n Examples: e.g. \"foo/*\" allows \"foo/bar\", \"foo/baz\", etc. e.g. \"foo.*\" allows \"foo.bar\", \"foo.baz\", etc." + type: array + items: + type: string + nullable: true + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + defaultAddCapabilities: + description: DefaultAddCapabilities is the default set of capabilities that will be added to the container unless the pod spec specifically drops the capability. You may not list a capabiility in both DefaultAddCapabilities and RequiredDropCapabilities. + type: array + items: + description: Capability represent POSIX capabilities type + type: string + nullable: true + defaultAllowPrivilegeEscalation: + description: DefaultAllowPrivilegeEscalation controls the default setting for whether a process can gain more privileges than its parent process. + type: boolean + nullable: true + forbiddenSysctls: + description: "ForbiddenSysctls is a list of explicitly forbidden sysctls, defaults to none. Each entry is either a plain sysctl name or ends in \"*\" in which case it is considered as a prefix of forbidden sysctls. Single * means all sysctls are forbidden. \n Examples: e.g. \"foo/*\" forbids \"foo/bar\", \"foo/baz\", etc. e.g. \"foo.*\" forbids \"foo.bar\", \"foo.baz\", etc." + type: array + items: + type: string + nullable: true + fsGroup: + description: FSGroup is the strategy that will dictate what fs group is used by the SecurityContext. + type: object + properties: + ranges: + description: Ranges are the allowed ranges of fs groups. If you would like to force a single fs group then supply a single range with the same start and end. + type: array + items: + description: 'IDRange provides a min/max of an allowed range of IDs. TODO: this could be reused for UIDs.' + type: object + properties: + max: + description: Max is the end of the range, inclusive. + type: integer + format: int64 + min: + description: Min is the start of the range, inclusive. + type: integer + format: int64 + type: + description: Type is the strategy that will dictate what FSGroup is used in the SecurityContext. + type: string + nullable: true + groups: + description: The groups that have permission to use this security context constraints + type: array + items: + type: string + nullable: true + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + priority: + description: Priority influences the sort order of SCCs when evaluating which SCCs to try first for a given pod request based on access in the Users and Groups fields. The higher the int, the higher priority. An unset value is considered a 0 priority. If scores for multiple SCCs are equal they will be sorted from most restrictive to least restrictive. If both priorities and restrictions are equal the SCCs will be sorted by name. + type: integer + format: int32 + nullable: true + readOnlyRootFilesystem: + description: ReadOnlyRootFilesystem when set to true will force containers to run with a read only root file system. If the container specifically requests to run with a non-read only root file system the SCC should deny the pod. If set to false the container may run with a read only root file system if it wishes but it will not be forced to. + type: boolean + requiredDropCapabilities: + description: RequiredDropCapabilities are the capabilities that will be dropped from the container. These are required to be dropped and cannot be added. + type: array + items: + description: Capability represent POSIX capabilities type + type: string + nullable: true + runAsUser: + description: RunAsUser is the strategy that will dictate what RunAsUser is used in the SecurityContext. + type: object + properties: + type: + description: Type is the strategy that will dictate what RunAsUser is used in the SecurityContext. + type: string + uid: + description: UID is the user id that containers must run as. Required for the MustRunAs strategy if not using namespace/service account allocated uids. + type: integer + format: int64 + uidRangeMax: + description: UIDRangeMax defines the max value for a strategy that allocates by range. + type: integer + format: int64 + uidRangeMin: + description: UIDRangeMin defines the min value for a strategy that allocates by range. + type: integer + format: int64 + nullable: true + seLinuxContext: + description: SELinuxContext is the strategy that will dictate what labels will be set in the SecurityContext. + type: object + properties: + seLinuxOptions: + description: seLinuxOptions required to run as; required for MustRunAs + type: object + properties: + level: + description: Level is SELinux level label that applies to the container. + type: string + role: + description: Role is a SELinux role label that applies to the container. + type: string + type: + description: Type is a SELinux type label that applies to the container. + type: string + user: + description: User is a SELinux user label that applies to the container. + type: string + type: + description: Type is the strategy that will dictate what SELinux context is used in the SecurityContext. + type: string + nullable: true + seccompProfiles: + description: "SeccompProfiles lists the allowed profiles that may be set for the pod or container's seccomp annotations. An unset (nil) or empty value means that no profiles may be specifid by the pod or container.\tThe wildcard '*' may be used to allow all profiles. When used to generate a value for a pod the first non-wildcard profile will be used as the default." + type: array + items: + type: string + nullable: true + supplementalGroups: + description: SupplementalGroups is the strategy that will dictate what supplemental groups are used by the SecurityContext. + type: object + properties: + ranges: + description: Ranges are the allowed ranges of supplemental groups. If you would like to force a single supplemental group then supply a single range with the same start and end. + type: array + items: + description: 'IDRange provides a min/max of an allowed range of IDs. TODO: this could be reused for UIDs.' + type: object + properties: + max: + description: Max is the end of the range, inclusive. + type: integer + format: int64 + min: + description: Min is the start of the range, inclusive. + type: integer + format: int64 + type: + description: Type is the strategy that will dictate what supplemental groups is used in the SecurityContext. + type: string + nullable: true + users: + description: The users who have permissions to use this security context constraints + type: array + items: + type: string + nullable: true + volumes: + description: Volumes is a white list of allowed volume plugins. FSType corresponds directly with the field names of a VolumeSource (azureFile, configMap, emptyDir). To allow all volumes you may use "*". To allow no volumes, set to ["none"]. + type: array + items: + description: FS Type gives strong typing to different file systems that are used by volumes. + type: string + nullable: true + served: true + storage: true diff --git a/vendor/github.com/openshift/api/security/v1/Makefile b/vendor/github.com/openshift/api/security/v1/Makefile new file mode 100644 index 0000000000..096e6fa2c9 --- /dev/null +++ b/vendor/github.com/openshift/api/security/v1/Makefile @@ -0,0 +1,3 @@ +.PHONY: test +test: + make -C ../../tests test GINKGO_EXTRA_ARGS=--focus="security.openshift.io/v1" diff --git a/vendor/github.com/openshift/api/security/v1/generated.pb.go b/vendor/github.com/openshift/api/security/v1/generated.pb.go index 71d1a1f485..d57b162c48 100644 --- a/vendor/github.com/openshift/api/security/v1/generated.pb.go +++ b/vendor/github.com/openshift/api/security/v1/generated.pb.go @@ -27,7 +27,7 @@ var _ = math.Inf // is compatible with the proto package it is being compiled against. // A compilation error at this line likely means your copy of the // proto package needs to be updated. -const _ = proto.GoGoProtoPackageIsVersion2 // please upgrade the proto package +const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package func (m *AllowedFlexVolume) Reset() { *m = AllowedFlexVolume{} } func (*AllowedFlexVolume) ProtoMessage() {} @@ -592,117 +592,117 @@ func init() { } var fileDescriptor_af65d9655aa67551 = []byte{ - // 1748 bytes of a gzipped FileDescriptorProto + // 1750 bytes of a gzipped FileDescriptorProto 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xcc, 0x58, 0xcd, 0x6f, 0x1c, 0x49, - 0x15, 0x77, 0x7b, 0xfc, 0x35, 0x65, 0xc7, 0x1f, 0x65, 0xc7, 0xe9, 0x35, 0xeb, 0x19, 0xd3, 0x0e, - 0x2b, 0x0b, 0xd8, 0x19, 0x1c, 0x2d, 0x6c, 0xd0, 0xb2, 0xd1, 0x4e, 0x7b, 0xd6, 0x59, 0x23, 0x27, - 0x99, 0xad, 0x59, 0x47, 0x28, 0x8a, 0x10, 0xe5, 0x9e, 0x9a, 0x71, 0xc5, 0xfd, 0x45, 0x57, 0xf5, - 0xc4, 0x23, 0x2e, 0x91, 0xb8, 0x70, 0x44, 0xe2, 0x8a, 0x38, 0xc3, 0x3f, 0xc0, 0x05, 0x01, 0xd7, - 0x48, 0x20, 0x91, 0x13, 0xca, 0x69, 0x44, 0x06, 0x71, 0xe2, 0xc8, 0x2d, 0x27, 0x54, 0x35, 0x35, - 0x1f, 0xdd, 0xd3, 0x3d, 0x9e, 0x84, 0x24, 0xe2, 0x36, 0xfd, 0x3e, 0x7e, 0xbf, 0xf7, 0x5e, 0xbf, - 0x7e, 0xf5, 0x6a, 0xc0, 0x47, 0x0d, 0xca, 0xcf, 0xc2, 0xd3, 0x82, 0xe5, 0x39, 0x45, 0xcf, 0x27, - 0x2e, 0x3b, 0xa3, 0x75, 0x5e, 0xc4, 0x3e, 0x2d, 0x32, 0x62, 0x85, 0x01, 0xe5, 0xad, 0x62, 0x73, - 0xbf, 0xd8, 0x20, 0x2e, 0x09, 0x30, 0x27, 0xb5, 0x82, 0x1f, 0x78, 0xdc, 0x83, 0xd7, 0x07, 0x5e, - 0x85, 0xbe, 0x57, 0x01, 0xfb, 0xb4, 0xd0, 0xf3, 0x2a, 0x34, 0xf7, 0xb7, 0x3e, 0x1c, 0xc2, 0x6e, - 0x78, 0x0d, 0xaf, 0x28, 0x9d, 0x4f, 0xc3, 0xba, 0x7c, 0x92, 0x0f, 0xf2, 0x57, 0x17, 0x74, 0xcb, - 0x38, 0xbf, 0xc9, 0x0a, 0xd4, 0x93, 0xe4, 0x96, 0x17, 0x90, 0x04, 0xe2, 0xad, 0x8f, 0x06, 0x36, - 0x0e, 0xb6, 0xce, 0xa8, 0x4b, 0x82, 0x56, 0xd1, 0x3f, 0x6f, 0x08, 0x01, 0x2b, 0x3a, 0x84, 0xe3, - 0x24, 0xaf, 0xef, 0xa5, 0x79, 0x05, 0xa1, 0xcb, 0xa9, 0x43, 0x8a, 0xcc, 0x3a, 0x23, 0x0e, 0x8e, - 0xfb, 0x19, 0x9f, 0x80, 0xb5, 0x92, 0x6d, 0x7b, 0x8f, 0x49, 0xed, 0xd0, 0x26, 0x17, 0xf7, 0x3d, - 0x3b, 0x74, 0x08, 0xfc, 0x00, 0xcc, 0xd5, 0x02, 0xda, 0x24, 0x81, 0xae, 0xed, 0x68, 0x7b, 0x59, - 0x73, 0xf9, 0x69, 0x3b, 0x3f, 0xd5, 0x69, 0xe7, 0xe7, 0xca, 0x52, 0x8a, 0x94, 0xd6, 0xf8, 0xad, - 0x06, 0x36, 0x0f, 0xab, 0xb7, 0x03, 0x2f, 0xf4, 0xab, 0x5c, 0xa0, 0x36, 0x5a, 0xf7, 0x7c, 0x4e, - 0x3d, 0x97, 0xc1, 0x8f, 0xc1, 0x0c, 0x6f, 0xf9, 0x44, 0x01, 0xec, 0x2a, 0x80, 0x99, 0xaf, 0x5a, - 0x3e, 0x79, 0xd9, 0xce, 0xaf, 0xc7, 0xbc, 0x84, 0x18, 0x49, 0x07, 0x78, 0x02, 0xe6, 0x02, 0xec, - 0x36, 0x08, 0xd3, 0xa7, 0x77, 0x32, 0x7b, 0x8b, 0x37, 0x3e, 0x2c, 0x4c, 0xf2, 0x22, 0x0a, 0x47, - 0x65, 0x24, 0xbc, 0x06, 0xa1, 0xca, 0x47, 0x86, 0x14, 0x98, 0x71, 0x1b, 0xcc, 0x2b, 0x13, 0xb8, - 0x0d, 0x32, 0x0e, 0x75, 0x65, 0x64, 0x19, 0x73, 0x51, 0xd9, 0x67, 0xee, 0x50, 0x17, 0x09, 0xb9, - 0x54, 0xe3, 0x0b, 0x7d, 0x3a, 0xa6, 0xc6, 0x17, 0x48, 0xc8, 0x8d, 0x7f, 0x6b, 0xe0, 0x5a, 0xc5, - 0xab, 0x55, 0x15, 0x77, 0xc5, 0xb3, 0xa9, 0xd5, 0x42, 0xa4, 0x49, 0xc9, 0x63, 0x68, 0x81, 0x19, - 0xe6, 0x13, 0x4b, 0x42, 0x2f, 0xde, 0x28, 0x4d, 0x16, 0x79, 0x0a, 0x58, 0xd5, 0x27, 0x96, 0xb9, - 0xd4, 0xab, 0x9b, 0x78, 0x42, 0x12, 0x1c, 0x9e, 0x83, 0x39, 0xc6, 0x31, 0x0f, 0x99, 0x0c, 0x71, - 0xf1, 0xc6, 0xc1, 0xff, 0x46, 0x23, 0xa1, 0x06, 0x65, 0xeb, 0x3e, 0x23, 0x45, 0x61, 0xfc, 0x41, - 0x03, 0x5f, 0x1b, 0x13, 0x20, 0xfc, 0x12, 0x2c, 0x70, 0xe2, 0xf8, 0x36, 0xe6, 0x44, 0x65, 0xbd, - 0x5b, 0xe8, 0x76, 0xa2, 0x0c, 0x40, 0xf4, 0xb8, 0x22, 0xff, 0x4a, 0x99, 0xc9, 0xbc, 0x56, 0x15, - 0xdd, 0x42, 0x4f, 0x8a, 0xfa, 0x30, 0xf0, 0x08, 0xac, 0x33, 0x12, 0x34, 0xa9, 0x45, 0x4a, 0x96, - 0xe5, 0x85, 0x2e, 0xbf, 0x8b, 0x1d, 0xd5, 0x0d, 0x59, 0xf3, 0x5a, 0xa7, 0x9d, 0x5f, 0xaf, 0x8e, - 0xaa, 0x51, 0x92, 0x8f, 0xf1, 0x17, 0x0d, 0x6c, 0x8f, 0xcd, 0x1b, 0xfe, 0x4e, 0x03, 0x9b, 0xb8, - 0xdb, 0xff, 0x51, 0x54, 0xa6, 0x6b, 0xb2, 0xfd, 0xbe, 0x9c, 0xac, 0xba, 0x51, 0xe7, 0xf1, 0xb5, - 0xce, 0xa9, 0xe4, 0x37, 0x4b, 0x89, 0xc4, 0x28, 0x25, 0x20, 0xe3, 0x17, 0xd3, 0xc0, 0x18, 0x41, - 0xae, 0x12, 0xbb, 0x5e, 0x0d, 0x4f, 0x1f, 0x11, 0x8b, 0xab, 0x26, 0x74, 0x23, 0x4d, 0x78, 0xfc, - 0x9a, 0xdd, 0x31, 0x82, 0x9b, 0xda, 0x8f, 0x41, 0xac, 0x1f, 0x7f, 0xf8, 0xba, 0x8c, 0x11, 0xb6, - 0xf1, 0x6d, 0xf9, 0x33, 0xf0, 0xc1, 0x64, 0x11, 0xbf, 0x85, 0x06, 0x35, 0x9e, 0x4c, 0x83, 0xdc, - 0xf8, 0xe8, 0xe1, 0xa3, 0xc8, 0x3b, 0xf8, 0xe2, 0x8d, 0x54, 0xe4, 0xff, 0xa9, 0xfe, 0x7f, 0xd4, - 0x92, 0x5a, 0xf1, 0x1d, 0x14, 0x1f, 0xee, 0x80, 0x99, 0x90, 0x91, 0x40, 0xe6, 0x9a, 0x1d, 0xd4, - 0xe3, 0x84, 0x91, 0x00, 0x49, 0x0d, 0x34, 0xc0, 0x5c, 0x43, 0x9c, 0x2d, 0x4c, 0xcf, 0xc8, 0x91, - 0x01, 0x44, 0xfc, 0xf2, 0xb4, 0x61, 0x48, 0x69, 0x8c, 0xff, 0x68, 0xe0, 0xfa, 0x24, 0x05, 0x80, - 0x15, 0x90, 0x55, 0x5f, 0xa3, 0xd9, 0x1a, 0x97, 0xc2, 0x3d, 0xe5, 0x5a, 0x27, 0x01, 0x71, 0x2d, - 0x62, 0x5e, 0xe9, 0xb4, 0xf3, 0xd9, 0x52, 0xcf, 0x13, 0x0d, 0x40, 0xc4, 0xd9, 0x1a, 0x10, 0xcc, - 0x3c, 0x57, 0xa5, 0x30, 0x38, 0xb0, 0xa4, 0x14, 0x29, 0x6d, 0xa4, 0x76, 0x99, 0x37, 0xd3, 0xb8, - 0xbf, 0xd7, 0xc0, 0x8a, 0x3c, 0x02, 0x45, 0x60, 0x16, 0x16, 0x07, 0x35, 0xfc, 0x09, 0x58, 0x10, - 0x2b, 0x45, 0x0d, 0x73, 0xac, 0xf2, 0xfb, 0xce, 0x10, 0x4d, 0x7f, 0x95, 0x28, 0xf8, 0xe7, 0x0d, - 0x21, 0x60, 0x05, 0x61, 0x3d, 0xc8, 0xf8, 0x0e, 0xe1, 0xd8, 0x84, 0x8a, 0x13, 0x0c, 0x64, 0xa8, - 0x8f, 0x0a, 0x77, 0xc1, 0xac, 0x3c, 0x83, 0x55, 0xbe, 0x57, 0x94, 0xf1, 0xac, 0x8c, 0x04, 0x75, - 0x75, 0xf0, 0x7d, 0x30, 0x23, 0x43, 0x10, 0x99, 0x2e, 0x99, 0x0b, 0xe2, 0x95, 0x96, 0x31, 0xc7, - 0x48, 0x4a, 0x8d, 0xbf, 0x69, 0x60, 0x3d, 0x16, 0xf8, 0x31, 0x65, 0x1c, 0x3e, 0x1c, 0x09, 0xbe, - 0x30, 0x59, 0xf0, 0xc2, 0x5b, 0x86, 0xde, 0x2f, 0x57, 0x4f, 0x32, 0x14, 0xf8, 0x03, 0x30, 0x4b, - 0x39, 0x71, 0x7a, 0x8b, 0xc8, 0x77, 0x27, 0xfb, 0xae, 0x62, 0x71, 0x0e, 0xf2, 0x3d, 0x12, 0x58, - 0xa8, 0x0b, 0x69, 0xfc, 0x5d, 0x03, 0x3a, 0x0a, 0xdd, 0x12, 0x13, 0x8d, 0x1b, 0xdf, 0x9d, 0xbe, - 0x1f, 0xd9, 0x9d, 0xbe, 0x11, 0xdb, 0x9d, 0xae, 0x8e, 0xf8, 0x0d, 0x6d, 0x4f, 0xef, 0x81, 0x4c, - 0x48, 0x6b, 0x6a, 0x79, 0x99, 0x17, 0x8b, 0xcb, 0xc9, 0x51, 0x19, 0x09, 0x19, 0xdc, 0x07, 0x8b, - 0x21, 0xad, 0xc9, 0xf0, 0xee, 0x50, 0x57, 0x56, 0x3a, 0x63, 0xae, 0x74, 0xda, 0xf9, 0xc5, 0x13, - 0xb5, 0x19, 0x89, 0x15, 0x68, 0xd8, 0x26, 0xe2, 0x82, 0x2f, 0xf4, 0x99, 0x04, 0x17, 0x7c, 0x81, - 0x86, 0x6d, 0x8c, 0x3f, 0x6b, 0x60, 0xbb, 0xfa, 0xf9, 0x31, 0x75, 0xc3, 0x8b, 0x03, 0xcf, 0xe5, - 0xe4, 0x82, 0xc7, 0xb3, 0xbb, 0x15, 0xc9, 0xee, 0x9b, 0xb1, 0xec, 0xb6, 0x92, 0x9d, 0x87, 0x52, - 0xfc, 0x31, 0x58, 0x66, 0x44, 0xda, 0x28, 0x44, 0x35, 0xf7, 0x8c, 0xa4, 0xcf, 0x43, 0xa1, 0x29, - 0x4b, 0x13, 0x76, 0xda, 0xf9, 0xe5, 0xa8, 0x0c, 0xc5, 0xd0, 0x8c, 0x5f, 0xaf, 0x81, 0xad, 0xde, - 0x60, 0x50, 0x51, 0x1c, 0x78, 0x2e, 0xe3, 0x01, 0xa6, 0x2e, 0x67, 0xef, 0xe0, 0x83, 0xd9, 0x03, - 0x0b, 0x7e, 0x40, 0x3d, 0xc1, 0x2f, 0x53, 0x9b, 0x35, 0x97, 0x44, 0x87, 0x56, 0x94, 0x0c, 0xf5, - 0xb5, 0xf0, 0x21, 0xd0, 0xe5, 0x60, 0xa9, 0x04, 0xb4, 0x49, 0x6d, 0xd2, 0x20, 0x35, 0x11, 0x30, - 0x16, 0x01, 0xc8, 0xf7, 0xbb, 0x60, 0xee, 0x28, 0x26, 0xbd, 0x94, 0x62, 0x87, 0x52, 0x11, 0x20, - 0x03, 0x9b, 0x35, 0x52, 0xc7, 0xa1, 0xcd, 0x4b, 0xb5, 0xda, 0x01, 0xf6, 0xf1, 0x29, 0xb5, 0x29, - 0xa7, 0x84, 0xe9, 0x33, 0x72, 0xb0, 0x7e, 0x22, 0x76, 0x98, 0x72, 0xa2, 0xc5, 0xcb, 0x76, 0x7e, - 0x7b, 0xf4, 0xaa, 0x53, 0xe8, 0x9b, 0xb4, 0x50, 0x0a, 0x34, 0x6c, 0x01, 0x3d, 0x20, 0x3f, 0x0d, - 0x69, 0x40, 0x6a, 0xe5, 0xc0, 0xf3, 0x23, 0xb4, 0xb3, 0x92, 0xf6, 0x53, 0x91, 0x0e, 0x4a, 0xb1, - 0xb9, 0x9c, 0x38, 0x15, 0x1e, 0x3e, 0x02, 0xeb, 0x6a, 0x4c, 0x47, 0x58, 0xe7, 0x24, 0xeb, 0x4d, - 0xb1, 0x78, 0x96, 0x46, 0xd5, 0x97, 0x13, 0x26, 0x81, 0xf6, 0xdf, 0xdc, 0x17, 0x1e, 0xe3, 0x65, - 0x1a, 0x74, 0xef, 0x5d, 0x15, 0x3b, 0x6c, 0x50, 0x57, 0x9f, 0x4f, 0x78, 0x73, 0x09, 0x76, 0x28, - 0x15, 0x01, 0x16, 0xc1, 0x7c, 0x53, 0x3e, 0x33, 0x7d, 0x41, 0x46, 0x7f, 0xb5, 0xd3, 0xce, 0xcf, - 0x77, 0x4d, 0x44, 0xc4, 0x73, 0x87, 0x55, 0xf9, 0x41, 0xf5, 0xac, 0xe0, 0xcf, 0x35, 0x00, 0x71, - 0xfc, 0x1a, 0xc8, 0xf4, 0xab, 0x72, 0xf0, 0x7d, 0x3c, 0xd9, 0xe0, 0x1b, 0xb9, 0x46, 0x9a, 0x5b, - 0x2a, 0x05, 0x38, 0xa2, 0x62, 0x28, 0x81, 0x0e, 0x96, 0xc1, 0x6a, 0x3f, 0xa5, 0xbb, 0x84, 0x3f, - 0xf6, 0x82, 0x73, 0x3d, 0x2b, 0x8b, 0xa1, 0x2b, 0xa4, 0xd5, 0x52, 0x4c, 0x8f, 0x46, 0x3c, 0xe0, - 0x2d, 0xb0, 0xdc, 0x97, 0x55, 0xbc, 0x80, 0x33, 0x1d, 0x48, 0x8c, 0x4d, 0x85, 0xb1, 0x5c, 0x8a, - 0x68, 0x51, 0xcc, 0x1a, 0xde, 0x04, 0x4b, 0x03, 0xc9, 0x51, 0x59, 0x5f, 0x94, 0xde, 0x1b, 0xca, - 0x7b, 0xa9, 0x34, 0xa4, 0x43, 0x11, 0xcb, 0x88, 0xe7, 0x51, 0xe5, 0x40, 0x5f, 0x4a, 0xf1, 0x3c, - 0xaa, 0x1c, 0xa0, 0x88, 0x25, 0x74, 0x40, 0xbe, 0xf7, 0x3d, 0x44, 0xbe, 0xc6, 0xcf, 0x99, 0x85, - 0x6d, 0x79, 0x8e, 0xe8, 0x9b, 0x12, 0x6c, 0xb7, 0xd3, 0xce, 0xe7, 0xcb, 0xe3, 0x4d, 0xd1, 0x65, - 0x58, 0xf0, 0x47, 0xf1, 0xb9, 0x31, 0xc4, 0x73, 0x4d, 0xf2, 0xbc, 0x3f, 0x3a, 0x33, 0x86, 0x08, - 0x52, 0xbd, 0x45, 0x23, 0xf5, 0xe6, 0xa9, 0x9a, 0x9d, 0xfa, 0x95, 0x57, 0xb9, 0xa5, 0x8e, 0x3d, - 0x3a, 0x06, 0xaf, 0x30, 0x6a, 0x86, 0x62, 0x94, 0xd0, 0x03, 0xd9, 0xa0, 0x77, 0x48, 0xea, 0xcb, - 0x92, 0xff, 0xd6, 0x84, 0xa7, 0x77, 0xca, 0x99, 0x6c, 0xae, 0x29, 0xea, 0x6c, 0xdf, 0x02, 0x0d, - 0x38, 0xe0, 0xaf, 0x34, 0x00, 0x59, 0xe8, 0xfb, 0x36, 0x71, 0x88, 0xcb, 0xb1, 0xdd, 0x5d, 0x37, - 0xf5, 0x15, 0x49, 0x7d, 0x7b, 0xc2, 0xd4, 0x47, 0xfc, 0xe3, 0x31, 0xf4, 0xbf, 0xa7, 0x51, 0x53, - 0x94, 0x40, 0x0f, 0x1b, 0x60, 0xbe, 0xce, 0xe4, 0x6f, 0x7d, 0x55, 0x46, 0xf2, 0x83, 0xc9, 0x22, - 0x49, 0xfe, 0x4b, 0xc7, 0x5c, 0x51, 0xf4, 0xf3, 0x4a, 0x8f, 0x7a, 0xe8, 0xf0, 0x3e, 0xd8, 0x0c, - 0x08, 0xae, 0xdd, 0x73, 0xed, 0x16, 0xf2, 0x3c, 0x7e, 0x48, 0x6d, 0xc2, 0x5a, 0x8c, 0x13, 0x47, - 0x5f, 0x93, 0xdd, 0xd4, 0xbf, 0xf1, 0xa2, 0x44, 0x2b, 0x94, 0xe2, 0x0d, 0xf3, 0x60, 0x56, 0xac, - 0xf4, 0x4c, 0x87, 0x72, 0x8a, 0x65, 0xc5, 0x1a, 0x25, 0xea, 0xcd, 0x50, 0x57, 0x3e, 0xb4, 0xeb, - 0xaf, 0xa7, 0xed, 0xfa, 0xf0, 0x53, 0xb0, 0xc2, 0x88, 0x65, 0x79, 0x8e, 0x5f, 0x09, 0xbc, 0xba, - 0x00, 0xd7, 0x37, 0xa4, 0xf1, 0x7a, 0xa7, 0x9d, 0x5f, 0xa9, 0x46, 0x55, 0x28, 0x6e, 0x0b, 0x8f, - 0xc1, 0x86, 0x1a, 0x55, 0x27, 0x2e, 0xc3, 0x75, 0x52, 0x6d, 0x31, 0x8b, 0xdb, 0x4c, 0xd7, 0x25, - 0x86, 0xde, 0x69, 0xe7, 0x37, 0x4a, 0x09, 0x7a, 0x94, 0xe8, 0x05, 0x3f, 0x03, 0xab, 0x75, 0x2f, - 0x38, 0xa5, 0xb5, 0x1a, 0x71, 0x7b, 0x48, 0xef, 0x49, 0xa4, 0x0d, 0x31, 0xde, 0x0e, 0x63, 0x3a, - 0x34, 0x62, 0x6d, 0xfc, 0x4b, 0x03, 0xb9, 0xf4, 0xf5, 0xe4, 0x1d, 0xac, 0xc5, 0x24, 0xba, 0x16, - 0x7f, 0x36, 0xe9, 0x1f, 0x24, 0x69, 0x21, 0xa7, 0x6c, 0xc8, 0xbf, 0x99, 0x06, 0xdf, 0x7a, 0x85, - 0x7f, 0x55, 0xe0, 0x5f, 0x35, 0x70, 0xdd, 0x9f, 0xe0, 0x4a, 0xa7, 0x2a, 0xf2, 0x26, 0x6f, 0xc9, - 0xdf, 0x56, 0x09, 0x4c, 0x74, 0xa5, 0x44, 0x13, 0x45, 0x29, 0xee, 0xb9, 0x2e, 0x76, 0x48, 0xfc, - 0x9e, 0x7b, 0x17, 0x3b, 0x04, 0x49, 0x8d, 0xf1, 0x27, 0x0d, 0x7c, 0xfd, 0xd2, 0x99, 0x01, 0xcd, - 0xc8, 0xb6, 0x5d, 0x88, 0x6d, 0xdb, 0xb9, 0x74, 0x80, 0xb7, 0xfe, 0x97, 0xac, 0xb9, 0xf7, 0xf4, - 0x45, 0x6e, 0xea, 0xd9, 0x8b, 0xdc, 0xd4, 0xf3, 0x17, 0xb9, 0xa9, 0x27, 0x9d, 0x9c, 0xf6, 0xb4, - 0x93, 0xd3, 0x9e, 0x75, 0x72, 0xda, 0xf3, 0x4e, 0x4e, 0xfb, 0x47, 0x27, 0xa7, 0xfd, 0xf2, 0x9f, - 0xb9, 0xa9, 0x07, 0xd3, 0xcd, 0xfd, 0xff, 0x06, 0x00, 0x00, 0xff, 0xff, 0x93, 0x11, 0x3a, 0xff, - 0xc2, 0x17, 0x00, 0x00, + 0x15, 0x77, 0x7b, 0xfc, 0x35, 0x65, 0xc7, 0x1f, 0x65, 0xc7, 0xe9, 0x35, 0xeb, 0x19, 0xd3, 0x36, + 0xab, 0x08, 0xd8, 0x19, 0x12, 0x2d, 0x6c, 0xd0, 0xb2, 0xd1, 0x4e, 0x7b, 0xd6, 0x59, 0xaf, 0x9c, + 0x64, 0xb6, 0x66, 0xbd, 0x42, 0xab, 0x15, 0xa2, 0xdc, 0x53, 0x33, 0xae, 0xb8, 0xbf, 0xe8, 0xaa, + 0x76, 0x3c, 0xe2, 0x12, 0x89, 0x0b, 0x47, 0x24, 0xae, 0x88, 0x33, 0xfc, 0x03, 0x5c, 0x10, 0x70, + 0x8d, 0x04, 0x12, 0x39, 0xa1, 0x9c, 0x46, 0x64, 0x10, 0x27, 0x8e, 0xdc, 0x72, 0x42, 0x55, 0x53, + 0xf3, 0xd1, 0x3d, 0xdd, 0xe3, 0x4e, 0x48, 0xa2, 0xbd, 0x4d, 0xbf, 0x8f, 0xdf, 0xef, 0xbd, 0xd7, + 0xaf, 0x5f, 0xbd, 0x1a, 0xf0, 0x5e, 0x8b, 0xf2, 0xd3, 0xf0, 0xa4, 0x64, 0x79, 0x4e, 0xd9, 0xf3, + 0x89, 0xcb, 0x4e, 0x69, 0x93, 0x97, 0xb1, 0x4f, 0xcb, 0x8c, 0x58, 0x61, 0x40, 0x79, 0xbb, 0x7c, + 0x7e, 0xa3, 0xdc, 0x22, 0x2e, 0x09, 0x30, 0x27, 0x8d, 0x92, 0x1f, 0x78, 0xdc, 0x83, 0x7b, 0x43, + 0xaf, 0xd2, 0xc0, 0xab, 0x84, 0x7d, 0x5a, 0xea, 0x7b, 0x95, 0xce, 0x6f, 0x6c, 0xbd, 0x3b, 0x82, + 0xdd, 0xf2, 0x5a, 0x5e, 0x59, 0x3a, 0x9f, 0x84, 0x4d, 0xf9, 0x24, 0x1f, 0xe4, 0xaf, 0x1e, 0xe8, + 0x96, 0x71, 0x76, 0x8b, 0x95, 0xa8, 0x27, 0xc9, 0x2d, 0x2f, 0x20, 0x09, 0xc4, 0x5b, 0xef, 0x0d, + 0x6d, 0x1c, 0x6c, 0x9d, 0x52, 0x97, 0x04, 0xed, 0xb2, 0x7f, 0xd6, 0x12, 0x02, 0x56, 0x76, 0x08, + 0xc7, 0x49, 0x5e, 0x3f, 0x48, 0xf3, 0x0a, 0x42, 0x97, 0x53, 0x87, 0x94, 0x99, 0x75, 0x4a, 0x1c, + 0x1c, 0xf7, 0x33, 0x3e, 0x00, 0x6b, 0x15, 0xdb, 0xf6, 0x1e, 0x92, 0xc6, 0x81, 0x4d, 0x2e, 0xbe, + 0xf0, 0xec, 0xd0, 0x21, 0xf0, 0x1d, 0x30, 0xd7, 0x08, 0xe8, 0x39, 0x09, 0x74, 0x6d, 0x47, 0xbb, + 0x9e, 0x37, 0x97, 0x1f, 0x77, 0x8a, 0x53, 0xdd, 0x4e, 0x71, 0xae, 0x2a, 0xa5, 0x48, 0x69, 0x8d, + 0xdf, 0x69, 0x60, 0xf3, 0xa0, 0x7e, 0x27, 0xf0, 0x42, 0xbf, 0xce, 0x05, 0x6a, 0xab, 0x7d, 0xdf, + 0xe7, 0xd4, 0x73, 0x19, 0x7c, 0x1f, 0xcc, 0xf0, 0xb6, 0x4f, 0x14, 0xc0, 0xae, 0x02, 0x98, 0xf9, + 0xbc, 0xed, 0x93, 0xe7, 0x9d, 0xe2, 0x7a, 0xcc, 0x4b, 0x88, 0x91, 0x74, 0x80, 0xc7, 0x60, 0x2e, + 0xc0, 0x6e, 0x8b, 0x30, 0x7d, 0x7a, 0x27, 0x77, 0x7d, 0xf1, 0xe6, 0xbb, 0xa5, 0x2c, 0x2f, 0xa2, + 0x74, 0x58, 0x45, 0xc2, 0x6b, 0x18, 0xaa, 0x7c, 0x64, 0x48, 0x81, 0x19, 0x77, 0xc0, 0xbc, 0x32, + 0x81, 0xdb, 0x20, 0xe7, 0x50, 0x57, 0x46, 0x96, 0x33, 0x17, 0x95, 0x7d, 0xee, 0x2e, 0x75, 0x91, + 0x90, 0x4b, 0x35, 0xbe, 0xd0, 0xa7, 0x63, 0x6a, 0x7c, 0x81, 0x84, 0xdc, 0xf8, 0x8f, 0x06, 0xae, + 0xd5, 0xbc, 0x46, 0x5d, 0x71, 0xd7, 0x3c, 0x9b, 0x5a, 0x6d, 0x44, 0xce, 0x29, 0x79, 0x08, 0x2d, + 0x30, 0xc3, 0x7c, 0x62, 0x49, 0xe8, 0xc5, 0x9b, 0x95, 0x6c, 0x91, 0xa7, 0x80, 0xd5, 0x7d, 0x62, + 0x99, 0x4b, 0xfd, 0xba, 0x89, 0x27, 0x24, 0xc1, 0xe1, 0x19, 0x98, 0x63, 0x1c, 0xf3, 0x90, 0xc9, + 0x10, 0x17, 0x6f, 0xee, 0xff, 0x7f, 0x34, 0x12, 0x6a, 0x58, 0xb6, 0xde, 0x33, 0x52, 0x14, 0xc6, + 0x1f, 0x35, 0xf0, 0x8d, 0x09, 0x01, 0xc2, 0xcf, 0xc0, 0x02, 0x27, 0x8e, 0x6f, 0x63, 0x4e, 0x54, + 0xd6, 0xbb, 0xa5, 0x5e, 0x27, 0xca, 0x00, 0x44, 0x8f, 0x2b, 0xf2, 0xcf, 0x95, 0x99, 0xcc, 0x6b, + 0x55, 0xd1, 0x2d, 0xf4, 0xa5, 0x68, 0x00, 0x03, 0x0f, 0xc1, 0x3a, 0x23, 0xc1, 0x39, 0xb5, 0x48, + 0xc5, 0xb2, 0xbc, 0xd0, 0xe5, 0xf7, 0xb0, 0xa3, 0xba, 0x21, 0x6f, 0x5e, 0xeb, 0x76, 0x8a, 0xeb, + 0xf5, 0x71, 0x35, 0x4a, 0xf2, 0x31, 0xfe, 0xaa, 0x81, 0xed, 0x89, 0x79, 0xc3, 0xdf, 0x6b, 0x60, + 0x13, 0xf7, 0xfa, 0x3f, 0x8a, 0xca, 0x74, 0x4d, 0xb6, 0xdf, 0x67, 0xd9, 0xaa, 0x1b, 0x75, 0x9e, + 0x5c, 0xeb, 0x82, 0x4a, 0x7e, 0xb3, 0x92, 0x48, 0x8c, 0x52, 0x02, 0x32, 0x7e, 0x39, 0x0d, 0x8c, + 0x31, 0xe4, 0x3a, 0xb1, 0x9b, 0xf5, 0xf0, 0xe4, 0x01, 0xb1, 0xb8, 0x6a, 0x42, 0x37, 0xd2, 0x84, + 0x47, 0x2f, 0xd9, 0x1d, 0x63, 0xb8, 0xa9, 0xfd, 0x18, 0xc4, 0xfa, 0xf1, 0xd3, 0x97, 0x65, 0x8c, + 0xb0, 0x4d, 0x6e, 0xcb, 0x9f, 0x83, 0x77, 0xb2, 0x45, 0xfc, 0x1a, 0x1a, 0xd4, 0x78, 0x34, 0x0d, + 0x0a, 0x93, 0xa3, 0x87, 0x0f, 0x22, 0xef, 0xe0, 0x93, 0x57, 0x52, 0x91, 0xaf, 0x53, 0xfd, 0xff, + 0xa4, 0x25, 0xb5, 0xe2, 0x1b, 0x28, 0x3e, 0xdc, 0x01, 0x33, 0x21, 0x23, 0x81, 0xcc, 0x35, 0x3f, + 0xac, 0xc7, 0x31, 0x23, 0x01, 0x92, 0x1a, 0x68, 0x80, 0xb9, 0x96, 0x38, 0x5b, 0x98, 0x9e, 0x93, + 0x23, 0x03, 0x88, 0xf8, 0xe5, 0x69, 0xc3, 0x90, 0xd2, 0x18, 0xff, 0xd5, 0xc0, 0x5e, 0x96, 0x02, + 0xc0, 0x1a, 0xc8, 0xab, 0xaf, 0xd1, 0x6c, 0x4f, 0x4a, 0xe1, 0xbe, 0x72, 0x6d, 0x92, 0x80, 0xb8, + 0x16, 0x31, 0xaf, 0x74, 0x3b, 0xc5, 0x7c, 0xa5, 0xef, 0x89, 0x86, 0x20, 0xe2, 0x6c, 0x0d, 0x08, + 0x66, 0x9e, 0xab, 0x52, 0x18, 0x1e, 0x58, 0x52, 0x8a, 0x94, 0x36, 0x52, 0xbb, 0xdc, 0xab, 0x69, + 0xdc, 0x3f, 0x68, 0x60, 0x45, 0x1e, 0x81, 0x22, 0x30, 0x0b, 0x8b, 0x83, 0x1a, 0xfe, 0x14, 0x2c, + 0x88, 0x95, 0xa2, 0x81, 0x39, 0x56, 0xf9, 0x7d, 0x6f, 0x84, 0x66, 0xb0, 0x4a, 0x94, 0xfc, 0xb3, + 0x96, 0x10, 0xb0, 0x92, 0xb0, 0x1e, 0x66, 0x7c, 0x97, 0x70, 0x6c, 0x42, 0xc5, 0x09, 0x86, 0x32, + 0x34, 0x40, 0x85, 0xbb, 0x60, 0x56, 0x9e, 0xc1, 0x2a, 0xdf, 0x2b, 0xca, 0x78, 0x56, 0x46, 0x82, + 0x7a, 0x3a, 0xf8, 0x36, 0x98, 0x91, 0x21, 0x88, 0x4c, 0x97, 0xcc, 0x05, 0xf1, 0x4a, 0xab, 0x98, + 0x63, 0x24, 0xa5, 0xc6, 0xdf, 0x35, 0xb0, 0x1e, 0x0b, 0xfc, 0x88, 0x32, 0x0e, 0xbf, 0x1a, 0x0b, + 0xbe, 0x94, 0x2d, 0x78, 0xe1, 0x2d, 0x43, 0x1f, 0x94, 0xab, 0x2f, 0x19, 0x09, 0xfc, 0x4b, 0x30, + 0x4b, 0x39, 0x71, 0xfa, 0x8b, 0xc8, 0xf7, 0xb3, 0x7d, 0x57, 0xb1, 0x38, 0x87, 0xf9, 0x1e, 0x0a, + 0x2c, 0xd4, 0x83, 0x34, 0xfe, 0xa1, 0x01, 0x1d, 0x85, 0x6e, 0x85, 0x89, 0xc6, 0x8d, 0xef, 0x4e, + 0x3f, 0x8c, 0xec, 0x4e, 0xdf, 0x8a, 0xed, 0x4e, 0x57, 0xc7, 0xfc, 0x46, 0xb6, 0xa7, 0xb7, 0x40, + 0x2e, 0xa4, 0x0d, 0xb5, 0xbc, 0xcc, 0x8b, 0xc5, 0xe5, 0xf8, 0xb0, 0x8a, 0x84, 0x0c, 0xde, 0x00, + 0x8b, 0x21, 0x6d, 0xc8, 0xf0, 0xee, 0x52, 0x57, 0x56, 0x3a, 0x67, 0xae, 0x74, 0x3b, 0xc5, 0xc5, + 0x63, 0xb5, 0x19, 0x89, 0x15, 0x68, 0xd4, 0x26, 0xe2, 0x82, 0x2f, 0xf4, 0x99, 0x04, 0x17, 0x7c, + 0x81, 0x46, 0x6d, 0x8c, 0xbf, 0x68, 0x60, 0xbb, 0xfe, 0xf1, 0x11, 0x75, 0xc3, 0x8b, 0x7d, 0xcf, + 0xe5, 0xe4, 0x82, 0xc7, 0xb3, 0xbb, 0x1d, 0xc9, 0xee, 0xdb, 0xb1, 0xec, 0xb6, 0x92, 0x9d, 0x47, + 0x52, 0xfc, 0x09, 0x58, 0x66, 0x44, 0xda, 0x28, 0x44, 0x35, 0xf7, 0x8c, 0xa4, 0xcf, 0x43, 0xa1, + 0x29, 0x4b, 0x13, 0x76, 0x3b, 0xc5, 0xe5, 0xa8, 0x0c, 0xc5, 0xd0, 0x8c, 0xdf, 0xac, 0x81, 0xad, + 0xfe, 0x60, 0x50, 0x51, 0xec, 0x7b, 0x2e, 0xe3, 0x01, 0xa6, 0x2e, 0x67, 0x6f, 0xe0, 0x83, 0xb9, + 0x0e, 0x16, 0xfc, 0x80, 0x7a, 0x82, 0x5f, 0xa6, 0x36, 0x6b, 0x2e, 0x89, 0x0e, 0xad, 0x29, 0x19, + 0x1a, 0x68, 0xe1, 0x57, 0x40, 0x97, 0x83, 0xa5, 0x16, 0xd0, 0x73, 0x6a, 0x93, 0x16, 0x69, 0x88, + 0x80, 0xb1, 0x08, 0x40, 0xbe, 0xdf, 0x05, 0x73, 0x47, 0x31, 0xe9, 0x95, 0x14, 0x3b, 0x94, 0x8a, + 0x00, 0x19, 0xd8, 0x6c, 0x90, 0x26, 0x0e, 0x6d, 0x5e, 0x69, 0x34, 0xf6, 0xb1, 0x8f, 0x4f, 0xa8, + 0x4d, 0x39, 0x25, 0x4c, 0x9f, 0x91, 0x83, 0xf5, 0x03, 0xb1, 0xc3, 0x54, 0x13, 0x2d, 0x9e, 0x77, + 0x8a, 0xdb, 0xe3, 0x57, 0x9d, 0xd2, 0xc0, 0xa4, 0x8d, 0x52, 0xa0, 0x61, 0x1b, 0xe8, 0x01, 0xf9, + 0x59, 0x48, 0x03, 0xd2, 0xa8, 0x06, 0x9e, 0x1f, 0xa1, 0x9d, 0x95, 0xb4, 0x1f, 0x8a, 0x74, 0x50, + 0x8a, 0xcd, 0xe5, 0xc4, 0xa9, 0xf0, 0xf0, 0x01, 0x58, 0x57, 0x63, 0x3a, 0xc2, 0x3a, 0x27, 0x59, + 0x6f, 0x89, 0xc5, 0xb3, 0x32, 0xae, 0xbe, 0x9c, 0x30, 0x09, 0x74, 0xf0, 0xe6, 0x3e, 0xf1, 0x18, + 0xaf, 0xd2, 0xa0, 0x77, 0xef, 0xaa, 0xd9, 0x61, 0x8b, 0xba, 0xfa, 0x7c, 0xc2, 0x9b, 0x4b, 0xb0, + 0x43, 0xa9, 0x08, 0xb0, 0x0c, 0xe6, 0xcf, 0xe5, 0x33, 0xd3, 0x17, 0x64, 0xf4, 0x57, 0xbb, 0x9d, + 0xe2, 0x7c, 0xcf, 0x44, 0x44, 0x3c, 0x77, 0x50, 0x97, 0x1f, 0x54, 0xdf, 0x0a, 0xfe, 0x42, 0x03, + 0x10, 0xc7, 0xaf, 0x81, 0x4c, 0xbf, 0x2a, 0x07, 0xdf, 0xfb, 0xd9, 0x06, 0xdf, 0xd8, 0x35, 0xd2, + 0xdc, 0x52, 0x29, 0xc0, 0x31, 0x15, 0x43, 0x09, 0x74, 0xb0, 0x0a, 0x56, 0x07, 0x29, 0xdd, 0x23, + 0xfc, 0xa1, 0x17, 0x9c, 0xe9, 0x79, 0x59, 0x0c, 0x5d, 0x21, 0xad, 0x56, 0x62, 0x7a, 0x34, 0xe6, + 0x01, 0x6f, 0x83, 0xe5, 0x81, 0xac, 0xe6, 0x05, 0x9c, 0xe9, 0x40, 0x62, 0x6c, 0x2a, 0x8c, 0xe5, + 0x4a, 0x44, 0x8b, 0x62, 0xd6, 0xf0, 0x16, 0x58, 0x1a, 0x4a, 0x0e, 0xab, 0xfa, 0xa2, 0xf4, 0xde, + 0x50, 0xde, 0x4b, 0x95, 0x11, 0x1d, 0x8a, 0x58, 0x46, 0x3c, 0x0f, 0x6b, 0xfb, 0xfa, 0x52, 0x8a, + 0xe7, 0x61, 0x6d, 0x1f, 0x45, 0x2c, 0xa1, 0x03, 0x8a, 0xfd, 0xef, 0x21, 0xf2, 0x35, 0x7e, 0xcc, + 0x2c, 0x6c, 0xcb, 0x73, 0x44, 0xdf, 0x94, 0x60, 0xbb, 0xdd, 0x4e, 0xb1, 0x58, 0x9d, 0x6c, 0x8a, + 0x2e, 0xc3, 0x82, 0x3f, 0x8e, 0xcf, 0x8d, 0x11, 0x9e, 0x6b, 0x92, 0xe7, 0xed, 0xf1, 0x99, 0x31, + 0x42, 0x90, 0xea, 0x2d, 0x1a, 0xa9, 0x3f, 0x4f, 0xd5, 0xec, 0xd4, 0xaf, 0xbc, 0xc8, 0x2d, 0x75, + 0xe2, 0xd1, 0x31, 0x7c, 0x85, 0x51, 0x33, 0x14, 0xa3, 0x84, 0x1e, 0xc8, 0x07, 0xfd, 0x43, 0x52, + 0x5f, 0x96, 0xfc, 0xb7, 0x33, 0x9e, 0xde, 0x29, 0x67, 0xb2, 0xb9, 0xa6, 0xa8, 0xf3, 0x03, 0x0b, + 0x34, 0xe4, 0x80, 0xbf, 0xd6, 0x00, 0x64, 0xa1, 0xef, 0xdb, 0xc4, 0x21, 0x2e, 0xc7, 0x76, 0x6f, + 0xdd, 0xd4, 0x57, 0x24, 0xf5, 0x9d, 0x8c, 0xa9, 0x8f, 0xf9, 0xc7, 0x63, 0x18, 0x7c, 0x4f, 0xe3, + 0xa6, 0x28, 0x81, 0x1e, 0xb6, 0xc0, 0x7c, 0x93, 0xc9, 0xdf, 0xfa, 0xaa, 0x8c, 0xe4, 0x47, 0xd9, + 0x22, 0x49, 0xfe, 0x4b, 0xc7, 0x5c, 0x51, 0xf4, 0xf3, 0x4a, 0x8f, 0xfa, 0xe8, 0xf0, 0x0b, 0xb0, + 0x19, 0x10, 0xdc, 0xb8, 0xef, 0xda, 0x6d, 0xe4, 0x79, 0xfc, 0x80, 0xda, 0x84, 0xb5, 0x19, 0x27, + 0x8e, 0xbe, 0x26, 0xbb, 0x69, 0x70, 0xe3, 0x45, 0x89, 0x56, 0x28, 0xc5, 0x1b, 0x16, 0xc1, 0xac, + 0x58, 0xe9, 0x99, 0x0e, 0xe5, 0x14, 0xcb, 0x8b, 0x35, 0x4a, 0xd4, 0x9b, 0xa1, 0x9e, 0x7c, 0x64, + 0xd7, 0x5f, 0x4f, 0xdb, 0xf5, 0xe1, 0x87, 0x60, 0x85, 0x11, 0xcb, 0xf2, 0x1c, 0xbf, 0x16, 0x78, + 0x4d, 0x01, 0xae, 0x6f, 0x48, 0xe3, 0xf5, 0x6e, 0xa7, 0xb8, 0x52, 0x8f, 0xaa, 0x50, 0xdc, 0x16, + 0x1e, 0x81, 0x0d, 0x35, 0xaa, 0x8e, 0x5d, 0x86, 0x9b, 0xa4, 0xde, 0x66, 0x16, 0xb7, 0x99, 0xae, + 0x4b, 0x0c, 0xbd, 0xdb, 0x29, 0x6e, 0x54, 0x12, 0xf4, 0x28, 0xd1, 0x0b, 0x7e, 0x04, 0x56, 0x9b, + 0x5e, 0x70, 0x42, 0x1b, 0x0d, 0xe2, 0xf6, 0x91, 0xde, 0x92, 0x48, 0x1b, 0x62, 0xbc, 0x1d, 0xc4, + 0x74, 0x68, 0xcc, 0xda, 0xf8, 0xb7, 0x06, 0x0a, 0xe9, 0xeb, 0xc9, 0x1b, 0x58, 0x8b, 0x49, 0x74, + 0x2d, 0xfe, 0x28, 0xeb, 0x1f, 0x24, 0x69, 0x21, 0xa7, 0x6c, 0xc8, 0xbf, 0x9d, 0x06, 0xdf, 0x79, + 0x81, 0x7f, 0x55, 0xe0, 0xdf, 0x34, 0xb0, 0xe7, 0x67, 0xb8, 0xd2, 0xa9, 0x8a, 0xbc, 0xca, 0x5b, + 0xf2, 0x77, 0x55, 0x02, 0x99, 0xae, 0x94, 0x28, 0x53, 0x94, 0xe2, 0x9e, 0xeb, 0x62, 0x87, 0xc4, + 0xef, 0xb9, 0xf7, 0xb0, 0x43, 0x90, 0xd4, 0x18, 0x7f, 0xd6, 0xc0, 0x37, 0x2f, 0x9d, 0x19, 0xd0, + 0x8c, 0x6c, 0xdb, 0xa5, 0xd8, 0xb6, 0x5d, 0x48, 0x07, 0x78, 0xed, 0x7f, 0xc9, 0x9a, 0x9f, 0x3e, + 0x7e, 0x56, 0x98, 0x7a, 0xf2, 0xac, 0x30, 0xf5, 0xf4, 0x59, 0x61, 0xea, 0x51, 0xb7, 0xa0, 0x3d, + 0xee, 0x16, 0xb4, 0x27, 0xdd, 0x82, 0xf6, 0xb4, 0x5b, 0xd0, 0xfe, 0xd9, 0x2d, 0x68, 0xbf, 0xfa, + 0x57, 0x61, 0xea, 0xcb, 0xbd, 0x2c, 0xff, 0xde, 0xff, 0x2f, 0x00, 0x00, 0xff, 0xff, 0xc3, 0x31, + 0x4b, 0x4e, 0xe4, 0x17, 0x00, 0x00, } func (m *AllowedFlexVolume) Marshal() (dAtA []byte, err error) { @@ -2437,10 +2437,7 @@ func (m *AllowedFlexVolume) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthGenerated - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthGenerated } if (iNdEx + skippy) > l { @@ -2556,10 +2553,7 @@ func (m *FSGroupStrategyOptions) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthGenerated - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthGenerated } if (iNdEx + skippy) > l { @@ -2647,10 +2641,7 @@ func (m *IDRange) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthGenerated - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthGenerated } if (iNdEx + skippy) > l { @@ -2766,10 +2757,7 @@ func (m *PodSecurityPolicyReview) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthGenerated - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthGenerated } if (iNdEx + skippy) > l { @@ -2884,10 +2872,7 @@ func (m *PodSecurityPolicyReviewSpec) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthGenerated - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthGenerated } if (iNdEx + skippy) > l { @@ -2971,10 +2956,7 @@ func (m *PodSecurityPolicyReviewStatus) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthGenerated - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthGenerated } if (iNdEx + skippy) > l { @@ -3090,10 +3072,7 @@ func (m *PodSecurityPolicySelfSubjectReview) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthGenerated - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthGenerated } if (iNdEx + skippy) > l { @@ -3176,10 +3155,7 @@ func (m *PodSecurityPolicySelfSubjectReviewSpec) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthGenerated - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthGenerated } if (iNdEx + skippy) > l { @@ -3295,10 +3271,7 @@ func (m *PodSecurityPolicySubjectReview) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthGenerated - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthGenerated } if (iNdEx + skippy) > l { @@ -3445,10 +3418,7 @@ func (m *PodSecurityPolicySubjectReviewSpec) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthGenerated - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthGenerated } if (iNdEx + skippy) > l { @@ -3599,10 +3569,7 @@ func (m *PodSecurityPolicySubjectReviewStatus) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthGenerated - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthGenerated } if (iNdEx + skippy) > l { @@ -3751,10 +3718,7 @@ func (m *RangeAllocation) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthGenerated - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthGenerated } if (iNdEx + skippy) > l { @@ -3871,10 +3835,7 @@ func (m *RangeAllocationList) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthGenerated - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthGenerated } if (iNdEx + skippy) > l { @@ -4016,10 +3977,7 @@ func (m *RunAsUserStrategyOptions) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthGenerated - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthGenerated } if (iNdEx + skippy) > l { @@ -4137,10 +4095,7 @@ func (m *SELinuxContextStrategyOptions) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthGenerated - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthGenerated } if (iNdEx + skippy) > l { @@ -4879,10 +4834,7 @@ func (m *SecurityContextConstraints) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthGenerated - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthGenerated } if (iNdEx + skippy) > l { @@ -4999,10 +4951,7 @@ func (m *SecurityContextConstraintsList) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthGenerated - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthGenerated } if (iNdEx + skippy) > l { @@ -5117,10 +5066,7 @@ func (m *ServiceAccountPodSecurityPolicyReviewStatus) Unmarshal(dAtA []byte) err if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthGenerated - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthGenerated } if (iNdEx + skippy) > l { @@ -5236,10 +5182,7 @@ func (m *SupplementalGroupsStrategyOptions) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthGenerated - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthGenerated } if (iNdEx + skippy) > l { @@ -5257,6 +5200,7 @@ func (m *SupplementalGroupsStrategyOptions) Unmarshal(dAtA []byte) error { func skipGenerated(dAtA []byte) (n int, err error) { l := len(dAtA) iNdEx := 0 + depth := 0 for iNdEx < l { var wire uint64 for shift := uint(0); ; shift += 7 { @@ -5288,10 +5232,8 @@ func skipGenerated(dAtA []byte) (n int, err error) { break } } - return iNdEx, nil case 1: iNdEx += 8 - return iNdEx, nil case 2: var length int for shift := uint(0); ; shift += 7 { @@ -5312,55 +5254,30 @@ func skipGenerated(dAtA []byte) (n int, err error) { return 0, ErrInvalidLengthGenerated } iNdEx += length - if iNdEx < 0 { - return 0, ErrInvalidLengthGenerated - } - return iNdEx, nil case 3: - for { - var innerWire uint64 - var start int = iNdEx - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return 0, ErrIntOverflowGenerated - } - if iNdEx >= l { - return 0, io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - innerWire |= (uint64(b) & 0x7F) << shift - if b < 0x80 { - break - } - } - innerWireType := int(innerWire & 0x7) - if innerWireType == 4 { - break - } - next, err := skipGenerated(dAtA[start:]) - if err != nil { - return 0, err - } - iNdEx = start + next - if iNdEx < 0 { - return 0, ErrInvalidLengthGenerated - } - } - return iNdEx, nil + depth++ case 4: - return iNdEx, nil + if depth == 0 { + return 0, ErrUnexpectedEndOfGroupGenerated + } + depth-- case 5: iNdEx += 4 - return iNdEx, nil default: return 0, fmt.Errorf("proto: illegal wireType %d", wireType) } + if iNdEx < 0 { + return 0, ErrInvalidLengthGenerated + } + if depth == 0 { + return iNdEx, nil + } } - panic("unreachable") + return 0, io.ErrUnexpectedEOF } var ( - ErrInvalidLengthGenerated = fmt.Errorf("proto: negative length found during unmarshaling") - ErrIntOverflowGenerated = fmt.Errorf("proto: integer overflow") + ErrInvalidLengthGenerated = fmt.Errorf("proto: negative length found during unmarshaling") + ErrIntOverflowGenerated = fmt.Errorf("proto: integer overflow") + ErrUnexpectedEndOfGroupGenerated = fmt.Errorf("proto: unexpected end of group") ) diff --git a/vendor/github.com/openshift/api/security/v1/generated.proto b/vendor/github.com/openshift/api/security/v1/generated.proto index 0a16d746f5..2c8bfdb91a 100644 --- a/vendor/github.com/openshift/api/security/v1/generated.proto +++ b/vendor/github.com/openshift/api/security/v1/generated.proto @@ -1,7 +1,7 @@ // This file was autogenerated by go-to-protobuf. Do not edit it manually! -syntax = 'proto2'; +syntax = "proto2"; package github.com.openshift.api.security.v1; @@ -10,7 +10,7 @@ import "k8s.io/apimachinery/pkg/apis/meta/v1/generated.proto"; import "k8s.io/apimachinery/pkg/runtime/schema/generated.proto"; // Package-wide variables from generator "generated". -option go_package = "v1"; +option go_package = "github.com/openshift/api/security/v1"; // AllowedFlexVolume represents a single Flexvolume that is allowed to be used. message AllowedFlexVolume { @@ -39,6 +39,9 @@ message IDRange { } // PodSecurityPolicyReview checks which service accounts (not users, since that would be cluster-wide) can create the `PodTemplateSpec` in question. +// +// Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=2 message PodSecurityPolicyReview { // spec is the PodSecurityPolicy to check. optional PodSecurityPolicyReviewSpec spec = 1; @@ -69,6 +72,9 @@ message PodSecurityPolicyReviewStatus { } // PodSecurityPolicySelfSubjectReview checks whether this user/SA tuple can create the PodTemplateSpec +// +// Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=2 message PodSecurityPolicySelfSubjectReview { // spec defines specification the PodSecurityPolicySelfSubjectReview. optional PodSecurityPolicySelfSubjectReviewSpec spec = 1; @@ -84,6 +90,9 @@ message PodSecurityPolicySelfSubjectReviewSpec { } // PodSecurityPolicySubjectReview checks whether a particular user/SA tuple can create the PodTemplateSpec. +// +// Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=2 message PodSecurityPolicySubjectReview { // spec defines specification for the PodSecurityPolicySubjectReview. optional PodSecurityPolicySubjectReviewSpec spec = 1; @@ -124,10 +133,10 @@ message PodSecurityPolicySubjectReviewStatus { } // RangeAllocation is used so we can easily expose a RangeAllocation typed for security group +// +// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +// +openshift:compatibility-gen:level=4 message RangeAllocation { - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata - // +optional optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; // range is a string representing a unique label for a range of uids, "1000000000-2000000000/10000". @@ -139,8 +148,10 @@ message RangeAllocation { } // RangeAllocationList is a list of RangeAllocations objects +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message RangeAllocationList { - // More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#metadata optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; // List of RangeAllocations. @@ -178,10 +189,20 @@ message SELinuxContextStrategyOptions { // That exposure is deprecated and will be removed in a future release - users // should instead use the security.openshift.io group to manage // SecurityContextConstraints. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +kubebuilder:printcolumn:name="Priv",type=string,JSONPath=`.allowPrivilegedContainer`,description="Determines if a container can request to be run as privileged" +// +kubebuilder:printcolumn:name="Caps",type=string,JSONPath=`.allowedCapabilities`,description="A list of capabilities that can be requested to add to the container" +// +kubebuilder:printcolumn:name="SELinux",type=string,JSONPath=`.seLinuxContext.type`,description="Strategy that will dictate what labels will be set in the SecurityContext" +// +kubebuilder:printcolumn:name="RunAsUser",type=string,JSONPath=`.runAsUser.type`,description="Strategy that will dictate what RunAsUser is used in the SecurityContext" +// +kubebuilder:printcolumn:name="FSGroup",type=string,JSONPath=`.fsGroup.type`,description="Strategy that will dictate what fs group is used by the SecurityContext" +// +kubebuilder:printcolumn:name="SupGroup",type=string,JSONPath=`.supplementalGroups.type`,description="Strategy that will dictate what supplemental groups are used by the SecurityContext" +// +kubebuilder:printcolumn:name="Priority",type=string,JSONPath=`.priority`,description="Sort order of SCCs" +// +kubebuilder:printcolumn:name="ReadOnlyRootFS",type=string,JSONPath=`.readOnlyRootFilesystem`,description="Force containers to run with a read only root file system" +// +kubebuilder:printcolumn:name="Volumes",type=string,JSONPath=`.volumes`,description="White list of allowed volume plugins" // +kubebuilder:singular=securitycontextconstraint +// +openshift:compatibility-gen:level=1 message SecurityContextConstraints { - // Standard object's metadata. - // More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#metadata optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; // Priority influences the sort order of SCCs when evaluating which SCCs to try first for @@ -321,8 +342,10 @@ message SecurityContextConstraints { } // SecurityContextConstraintsList is a list of SecurityContextConstraints objects +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message SecurityContextConstraintsList { - // More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#metadata optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; // List of security context constraints. diff --git a/vendor/github.com/openshift/api/security/v1/stable.securitycontextconstraints.testsuite.yaml b/vendor/github.com/openshift/api/security/v1/stable.securitycontextconstraints.testsuite.yaml new file mode 100644 index 0000000000..d663b94c26 --- /dev/null +++ b/vendor/github.com/openshift/api/security/v1/stable.securitycontextconstraints.testsuite.yaml @@ -0,0 +1,36 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "[Stable] SecurityContextConstraints" +crd: 0000_03_security-openshift_01_scc.crd.yaml +tests: + onCreate: + - name: Should be able to create a minimal SecurityContextConstraints + initial: | + apiVersion: security.openshift.io/v1 + kind: SecurityContextConstraints + allowHostDirVolumePlugin: false + allowHostIPC: false + allowHostNetwork: false + allowHostPID: false + allowHostPorts: false + allowPrivilegedContainer: false + allowedCapabilities: [] + defaultAddCapabilities: [] + priority: 0 + readOnlyRootFilesystem: false + requiredDropCapabilities: [] + volumes: [] + expected: | + apiVersion: security.openshift.io/v1 + kind: SecurityContextConstraints + allowHostDirVolumePlugin: false + allowHostIPC: false + allowHostNetwork: false + allowHostPID: false + allowHostPorts: false + allowPrivilegedContainer: false + allowedCapabilities: [] + defaultAddCapabilities: [] + priority: 0 + readOnlyRootFilesystem: false + requiredDropCapabilities: [] + volumes: [] diff --git a/vendor/github.com/openshift/api/security/v1/types.go b/vendor/github.com/openshift/api/security/v1/types.go index 2232a83dcb..06bc4acfec 100644 --- a/vendor/github.com/openshift/api/security/v1/types.go +++ b/vendor/github.com/openshift/api/security/v1/types.go @@ -20,11 +20,21 @@ var AllowAllCapabilities corev1.Capability = "*" // That exposure is deprecated and will be removed in a future release - users // should instead use the security.openshift.io group to manage // SecurityContextConstraints. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +kubebuilder:printcolumn:name="Priv",type=string,JSONPath=`.allowPrivilegedContainer`,description="Determines if a container can request to be run as privileged" +// +kubebuilder:printcolumn:name="Caps",type=string,JSONPath=`.allowedCapabilities`,description="A list of capabilities that can be requested to add to the container" +// +kubebuilder:printcolumn:name="SELinux",type=string,JSONPath=`.seLinuxContext.type`,description="Strategy that will dictate what labels will be set in the SecurityContext" +// +kubebuilder:printcolumn:name="RunAsUser",type=string,JSONPath=`.runAsUser.type`,description="Strategy that will dictate what RunAsUser is used in the SecurityContext" +// +kubebuilder:printcolumn:name="FSGroup",type=string,JSONPath=`.fsGroup.type`,description="Strategy that will dictate what fs group is used by the SecurityContext" +// +kubebuilder:printcolumn:name="SupGroup",type=string,JSONPath=`.supplementalGroups.type`,description="Strategy that will dictate what supplemental groups are used by the SecurityContext" +// +kubebuilder:printcolumn:name="Priority",type=string,JSONPath=`.priority`,description="Sort order of SCCs" +// +kubebuilder:printcolumn:name="ReadOnlyRootFS",type=string,JSONPath=`.readOnlyRootFilesystem`,description="Force containers to run with a read only root file system" +// +kubebuilder:printcolumn:name="Volumes",type=string,JSONPath=`.volumes`,description="White list of allowed volume plugins" // +kubebuilder:singular=securitycontextconstraint +// +openshift:compatibility-gen:level=1 type SecurityContextConstraints struct { - metav1.TypeMeta `json:",inline"` - // Standard object's metadata. - // More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#metadata + metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` // Priority influences the sort order of SCCs when evaluating which SCCs to try first for @@ -176,6 +186,7 @@ var ( FSScaleIO FSType = "scaleIO" FSStorageOS FSType = "storageOS" FSTypeCSI FSType = "csi" + FSTypeEphemeral FSType = "ephemeral" FSTypeAll FSType = "*" FSTypeNone FSType = "none" ) @@ -279,10 +290,11 @@ const ( // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // SecurityContextConstraintsList is a list of SecurityContextConstraints objects +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type SecurityContextConstraintsList struct { metav1.TypeMeta `json:",inline"` - - // More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#metadata metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` // List of security context constraints. @@ -294,6 +306,9 @@ type SecurityContextConstraintsList struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // PodSecurityPolicySubjectReview checks whether a particular user/SA tuple can create the PodTemplateSpec. +// +// Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=2 type PodSecurityPolicySubjectReview struct { metav1.TypeMeta `json:",inline"` @@ -340,6 +355,9 @@ type PodSecurityPolicySubjectReviewStatus struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // PodSecurityPolicySelfSubjectReview checks whether this user/SA tuple can create the PodTemplateSpec +// +// Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=2 type PodSecurityPolicySelfSubjectReview struct { metav1.TypeMeta `json:",inline"` @@ -361,6 +379,9 @@ type PodSecurityPolicySelfSubjectReviewSpec struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // PodSecurityPolicyReview checks which service accounts (not users, since that would be cluster-wide) can create the `PodTemplateSpec` in question. +// +// Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=2 type PodSecurityPolicyReview struct { metav1.TypeMeta `json:",inline"` @@ -405,11 +426,11 @@ type ServiceAccountPodSecurityPolicyReviewStatus struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // RangeAllocation is used so we can easily expose a RangeAllocation typed for security group +// +// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +// +openshift:compatibility-gen:level=4 type RangeAllocation struct { - metav1.TypeMeta `json:",inline"` - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata - // +optional + metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` // range is a string representing a unique label for a range of uids, "1000000000-2000000000/10000". @@ -423,10 +444,11 @@ type RangeAllocation struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // RangeAllocationList is a list of RangeAllocations objects +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type RangeAllocationList struct { metav1.TypeMeta `json:",inline"` - - // More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#metadata metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` // List of RangeAllocations. diff --git a/vendor/github.com/openshift/api/security/v1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/security/v1/zz_generated.deepcopy.go index e6587b0462..26c88f7de8 100644 --- a/vendor/github.com/openshift/api/security/v1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/security/v1/zz_generated.deepcopy.go @@ -1,3 +1,4 @@ +//go:build !ignore_autogenerated // +build !ignore_autogenerated // Code generated by deepcopy-gen. DO NOT EDIT. diff --git a/vendor/github.com/openshift/api/security/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/security/v1/zz_generated.swagger_doc_generated.go index 60a167915e..3211967882 100644 --- a/vendor/github.com/openshift/api/security/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/security/v1/zz_generated.swagger_doc_generated.go @@ -41,7 +41,7 @@ func (IDRange) SwaggerDoc() map[string]string { } var map_PodSecurityPolicyReview = map[string]string{ - "": "PodSecurityPolicyReview checks which service accounts (not users, since that would be cluster-wide) can create the `PodTemplateSpec` in question.", + "": "PodSecurityPolicyReview checks which service accounts (not users, since that would be cluster-wide) can create the `PodTemplateSpec` in question.\n\nCompatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", "spec": "spec is the PodSecurityPolicy to check.", "status": "status represents the current information/status for the PodSecurityPolicyReview.", } @@ -70,7 +70,7 @@ func (PodSecurityPolicyReviewStatus) SwaggerDoc() map[string]string { } var map_PodSecurityPolicySelfSubjectReview = map[string]string{ - "": "PodSecurityPolicySelfSubjectReview checks whether this user/SA tuple can create the PodTemplateSpec", + "": "PodSecurityPolicySelfSubjectReview checks whether this user/SA tuple can create the PodTemplateSpec\n\nCompatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", "spec": "spec defines specification the PodSecurityPolicySelfSubjectReview.", "status": "status represents the current information/status for the PodSecurityPolicySelfSubjectReview.", } @@ -89,7 +89,7 @@ func (PodSecurityPolicySelfSubjectReviewSpec) SwaggerDoc() map[string]string { } var map_PodSecurityPolicySubjectReview = map[string]string{ - "": "PodSecurityPolicySubjectReview checks whether a particular user/SA tuple can create the PodTemplateSpec.", + "": "PodSecurityPolicySubjectReview checks whether a particular user/SA tuple can create the PodTemplateSpec.\n\nCompatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", "spec": "spec defines specification for the PodSecurityPolicySubjectReview.", "status": "status represents the current information/status for the PodSecurityPolicySubjectReview.", } @@ -121,10 +121,9 @@ func (PodSecurityPolicySubjectReviewStatus) SwaggerDoc() map[string]string { } var map_RangeAllocation = map[string]string{ - "": "RangeAllocation is used so we can easily expose a RangeAllocation typed for security group", - "metadata": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata", - "range": "range is a string representing a unique label for a range of uids, \"1000000000-2000000000/10000\".", - "data": "data is a byte array representing the serialized state of a range allocation. It is a bitmap with each bit set to one to represent a range is taken.", + "": "RangeAllocation is used so we can easily expose a RangeAllocation typed for security group\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "range": "range is a string representing a unique label for a range of uids, \"1000000000-2000000000/10000\".", + "data": "data is a byte array representing the serialized state of a range allocation. It is a bitmap with each bit set to one to represent a range is taken.", } func (RangeAllocation) SwaggerDoc() map[string]string { @@ -132,9 +131,8 @@ func (RangeAllocation) SwaggerDoc() map[string]string { } var map_RangeAllocationList = map[string]string{ - "": "RangeAllocationList is a list of RangeAllocations objects", - "metadata": "More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#metadata", - "items": "List of RangeAllocations.", + "": "RangeAllocationList is a list of RangeAllocations objects\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "items": "List of RangeAllocations.", } func (RangeAllocationList) SwaggerDoc() map[string]string { @@ -164,8 +162,7 @@ func (SELinuxContextStrategyOptions) SwaggerDoc() map[string]string { } var map_SecurityContextConstraints = map[string]string{ - "": "SecurityContextConstraints governs the ability to make requests that affect the SecurityContext that will be applied to a container. For historical reasons SCC was exposed under the core Kubernetes API group. That exposure is deprecated and will be removed in a future release - users should instead use the security.openshift.io group to manage SecurityContextConstraints.", - "metadata": "Standard object's metadata. More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#metadata", + "": "SecurityContextConstraints governs the ability to make requests that affect the SecurityContext that will be applied to a container. For historical reasons SCC was exposed under the core Kubernetes API group. That exposure is deprecated and will be removed in a future release - users should instead use the security.openshift.io group to manage SecurityContextConstraints.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "priority": "Priority influences the sort order of SCCs when evaluating which SCCs to try first for a given pod request based on access in the Users and Groups fields. The higher the int, the higher priority. An unset value is considered a 0 priority. If scores for multiple SCCs are equal they will be sorted from most restrictive to least restrictive. If both priorities and restrictions are equal the SCCs will be sorted by name.", "allowPrivilegedContainer": "AllowPrivilegedContainer determines if a container can request to be run as privileged.", "defaultAddCapabilities": "DefaultAddCapabilities is the default set of capabilities that will be added to the container unless the pod spec specifically drops the capability. You may not list a capabiility in both DefaultAddCapabilities and RequiredDropCapabilities.", @@ -197,9 +194,8 @@ func (SecurityContextConstraints) SwaggerDoc() map[string]string { } var map_SecurityContextConstraintsList = map[string]string{ - "": "SecurityContextConstraintsList is a list of SecurityContextConstraints objects", - "metadata": "More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#metadata", - "items": "List of security context constraints.", + "": "SecurityContextConstraintsList is a list of SecurityContextConstraints objects\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "items": "List of security context constraints.", } func (SecurityContextConstraintsList) SwaggerDoc() map[string]string { diff --git a/vendor/github.com/openshift/api/template/v1/codec.go b/vendor/github.com/openshift/api/template/v1/codec.go new file mode 100644 index 0000000000..9e9177ed6a --- /dev/null +++ b/vendor/github.com/openshift/api/template/v1/codec.go @@ -0,0 +1,33 @@ +package v1 + +import ( + "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" + "k8s.io/apimachinery/pkg/runtime" + + "github.com/openshift/api/pkg/serialization" +) + +var _ runtime.NestedObjectDecoder = &Template{} +var _ runtime.NestedObjectEncoder = &Template{} + +// DecodeNestedObjects decodes the object as a runtime.Unknown with JSON content. +func (c *Template) DecodeNestedObjects(d runtime.Decoder) error { + for i := range c.Objects { + if c.Objects[i].Object != nil { + continue + } + c.Objects[i].Object = &runtime.Unknown{ + ContentType: "application/json", + Raw: c.Objects[i].Raw, + } + } + return nil +} +func (c *Template) EncodeNestedObjects(e runtime.Encoder) error { + for i := range c.Objects { + if err := serialization.EncodeNestedRawExtension(unstructured.UnstructuredJSONScheme, &c.Objects[i]); err != nil { + return err + } + } + return nil +} diff --git a/vendor/github.com/openshift/api/template/v1/consts.go b/vendor/github.com/openshift/api/template/v1/consts.go new file mode 100644 index 0000000000..cc8b49d55f --- /dev/null +++ b/vendor/github.com/openshift/api/template/v1/consts.go @@ -0,0 +1,16 @@ +package v1 + +const ( + // TemplateInstanceFinalizer is used to clean up the objects created by the template instance, + // when the template instance is deleted. + TemplateInstanceFinalizer = "template.openshift.io/finalizer" + + // TemplateInstanceOwner is a label applied to all objects created from a template instance + // which contains the uid of the template instance. + TemplateInstanceOwner = "template.openshift.io/template-instance-owner" + + // WaitForReadyAnnotation indicates that the TemplateInstance controller + // should wait for the object to be ready before reporting the template + // instantiation complete. + WaitForReadyAnnotation = "template.alpha.openshift.io/wait-for-ready" +) diff --git a/vendor/github.com/openshift/api/template/v1/doc.go b/vendor/github.com/openshift/api/template/v1/doc.go new file mode 100644 index 0000000000..34f9f8d455 --- /dev/null +++ b/vendor/github.com/openshift/api/template/v1/doc.go @@ -0,0 +1,8 @@ +// +k8s:deepcopy-gen=package,register +// +k8s:conversion-gen=github.com/openshift/origin/pkg/template/apis/template +// +k8s:defaulter-gen=TypeMeta +// +k8s:openapi-gen=true + +// +groupName=template.openshift.io +// Package v1 is the v1 version of the API. +package v1 diff --git a/vendor/github.com/openshift/api/template/v1/generated.pb.go b/vendor/github.com/openshift/api/template/v1/generated.pb.go new file mode 100644 index 0000000000..df724d89d4 --- /dev/null +++ b/vendor/github.com/openshift/api/template/v1/generated.pb.go @@ -0,0 +1,4115 @@ +// Code generated by protoc-gen-gogo. DO NOT EDIT. +// source: github.com/openshift/api/template/v1/generated.proto + +package v1 + +import ( + fmt "fmt" + + io "io" + + proto "github.com/gogo/protobuf/proto" + github_com_gogo_protobuf_sortkeys "github.com/gogo/protobuf/sortkeys" + k8s_io_api_core_v1 "k8s.io/api/core/v1" + v11 "k8s.io/api/core/v1" + runtime "k8s.io/apimachinery/pkg/runtime" + + math "math" + math_bits "math/bits" + reflect "reflect" + strings "strings" +) + +// Reference imports to suppress errors if they are not otherwise used. +var _ = proto.Marshal +var _ = fmt.Errorf +var _ = math.Inf + +// This is a compile-time assertion to ensure that this generated file +// is compatible with the proto package it is being compiled against. +// A compilation error at this line likely means your copy of the +// proto package needs to be updated. +const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package + +func (m *BrokerTemplateInstance) Reset() { *m = BrokerTemplateInstance{} } +func (*BrokerTemplateInstance) ProtoMessage() {} +func (*BrokerTemplateInstance) Descriptor() ([]byte, []int) { + return fileDescriptor_8d3ee9f55fa8363e, []int{0} +} +func (m *BrokerTemplateInstance) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *BrokerTemplateInstance) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil +} +func (m *BrokerTemplateInstance) XXX_Merge(src proto.Message) { + xxx_messageInfo_BrokerTemplateInstance.Merge(m, src) +} +func (m *BrokerTemplateInstance) XXX_Size() int { + return m.Size() +} +func (m *BrokerTemplateInstance) XXX_DiscardUnknown() { + xxx_messageInfo_BrokerTemplateInstance.DiscardUnknown(m) +} + +var xxx_messageInfo_BrokerTemplateInstance proto.InternalMessageInfo + +func (m *BrokerTemplateInstanceList) Reset() { *m = BrokerTemplateInstanceList{} } +func (*BrokerTemplateInstanceList) ProtoMessage() {} +func (*BrokerTemplateInstanceList) Descriptor() ([]byte, []int) { + return fileDescriptor_8d3ee9f55fa8363e, []int{1} +} +func (m *BrokerTemplateInstanceList) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *BrokerTemplateInstanceList) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil +} +func (m *BrokerTemplateInstanceList) XXX_Merge(src proto.Message) { + xxx_messageInfo_BrokerTemplateInstanceList.Merge(m, src) +} +func (m *BrokerTemplateInstanceList) XXX_Size() int { + return m.Size() +} +func (m *BrokerTemplateInstanceList) XXX_DiscardUnknown() { + xxx_messageInfo_BrokerTemplateInstanceList.DiscardUnknown(m) +} + +var xxx_messageInfo_BrokerTemplateInstanceList proto.InternalMessageInfo + +func (m *BrokerTemplateInstanceSpec) Reset() { *m = BrokerTemplateInstanceSpec{} } +func (*BrokerTemplateInstanceSpec) ProtoMessage() {} +func (*BrokerTemplateInstanceSpec) Descriptor() ([]byte, []int) { + return fileDescriptor_8d3ee9f55fa8363e, []int{2} +} +func (m *BrokerTemplateInstanceSpec) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *BrokerTemplateInstanceSpec) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil +} +func (m *BrokerTemplateInstanceSpec) XXX_Merge(src proto.Message) { + xxx_messageInfo_BrokerTemplateInstanceSpec.Merge(m, src) +} +func (m *BrokerTemplateInstanceSpec) XXX_Size() int { + return m.Size() +} +func (m *BrokerTemplateInstanceSpec) XXX_DiscardUnknown() { + xxx_messageInfo_BrokerTemplateInstanceSpec.DiscardUnknown(m) +} + +var xxx_messageInfo_BrokerTemplateInstanceSpec proto.InternalMessageInfo + +func (m *ExtraValue) Reset() { *m = ExtraValue{} } +func (*ExtraValue) ProtoMessage() {} +func (*ExtraValue) Descriptor() ([]byte, []int) { + return fileDescriptor_8d3ee9f55fa8363e, []int{3} +} +func (m *ExtraValue) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *ExtraValue) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil +} +func (m *ExtraValue) XXX_Merge(src proto.Message) { + xxx_messageInfo_ExtraValue.Merge(m, src) +} +func (m *ExtraValue) XXX_Size() int { + return m.Size() +} +func (m *ExtraValue) XXX_DiscardUnknown() { + xxx_messageInfo_ExtraValue.DiscardUnknown(m) +} + +var xxx_messageInfo_ExtraValue proto.InternalMessageInfo + +func (m *Parameter) Reset() { *m = Parameter{} } +func (*Parameter) ProtoMessage() {} +func (*Parameter) Descriptor() ([]byte, []int) { + return fileDescriptor_8d3ee9f55fa8363e, []int{4} +} +func (m *Parameter) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *Parameter) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil +} +func (m *Parameter) XXX_Merge(src proto.Message) { + xxx_messageInfo_Parameter.Merge(m, src) +} +func (m *Parameter) XXX_Size() int { + return m.Size() +} +func (m *Parameter) XXX_DiscardUnknown() { + xxx_messageInfo_Parameter.DiscardUnknown(m) +} + +var xxx_messageInfo_Parameter proto.InternalMessageInfo + +func (m *Template) Reset() { *m = Template{} } +func (*Template) ProtoMessage() {} +func (*Template) Descriptor() ([]byte, []int) { + return fileDescriptor_8d3ee9f55fa8363e, []int{5} +} +func (m *Template) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *Template) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil +} +func (m *Template) XXX_Merge(src proto.Message) { + xxx_messageInfo_Template.Merge(m, src) +} +func (m *Template) XXX_Size() int { + return m.Size() +} +func (m *Template) XXX_DiscardUnknown() { + xxx_messageInfo_Template.DiscardUnknown(m) +} + +var xxx_messageInfo_Template proto.InternalMessageInfo + +func (m *TemplateInstance) Reset() { *m = TemplateInstance{} } +func (*TemplateInstance) ProtoMessage() {} +func (*TemplateInstance) Descriptor() ([]byte, []int) { + return fileDescriptor_8d3ee9f55fa8363e, []int{6} +} +func (m *TemplateInstance) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *TemplateInstance) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil +} +func (m *TemplateInstance) XXX_Merge(src proto.Message) { + xxx_messageInfo_TemplateInstance.Merge(m, src) +} +func (m *TemplateInstance) XXX_Size() int { + return m.Size() +} +func (m *TemplateInstance) XXX_DiscardUnknown() { + xxx_messageInfo_TemplateInstance.DiscardUnknown(m) +} + +var xxx_messageInfo_TemplateInstance proto.InternalMessageInfo + +func (m *TemplateInstanceCondition) Reset() { *m = TemplateInstanceCondition{} } +func (*TemplateInstanceCondition) ProtoMessage() {} +func (*TemplateInstanceCondition) Descriptor() ([]byte, []int) { + return fileDescriptor_8d3ee9f55fa8363e, []int{7} +} +func (m *TemplateInstanceCondition) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *TemplateInstanceCondition) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil +} +func (m *TemplateInstanceCondition) XXX_Merge(src proto.Message) { + xxx_messageInfo_TemplateInstanceCondition.Merge(m, src) +} +func (m *TemplateInstanceCondition) XXX_Size() int { + return m.Size() +} +func (m *TemplateInstanceCondition) XXX_DiscardUnknown() { + xxx_messageInfo_TemplateInstanceCondition.DiscardUnknown(m) +} + +var xxx_messageInfo_TemplateInstanceCondition proto.InternalMessageInfo + +func (m *TemplateInstanceList) Reset() { *m = TemplateInstanceList{} } +func (*TemplateInstanceList) ProtoMessage() {} +func (*TemplateInstanceList) Descriptor() ([]byte, []int) { + return fileDescriptor_8d3ee9f55fa8363e, []int{8} +} +func (m *TemplateInstanceList) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *TemplateInstanceList) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil +} +func (m *TemplateInstanceList) XXX_Merge(src proto.Message) { + xxx_messageInfo_TemplateInstanceList.Merge(m, src) +} +func (m *TemplateInstanceList) XXX_Size() int { + return m.Size() +} +func (m *TemplateInstanceList) XXX_DiscardUnknown() { + xxx_messageInfo_TemplateInstanceList.DiscardUnknown(m) +} + +var xxx_messageInfo_TemplateInstanceList proto.InternalMessageInfo + +func (m *TemplateInstanceObject) Reset() { *m = TemplateInstanceObject{} } +func (*TemplateInstanceObject) ProtoMessage() {} +func (*TemplateInstanceObject) Descriptor() ([]byte, []int) { + return fileDescriptor_8d3ee9f55fa8363e, []int{9} +} +func (m *TemplateInstanceObject) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *TemplateInstanceObject) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil +} +func (m *TemplateInstanceObject) XXX_Merge(src proto.Message) { + xxx_messageInfo_TemplateInstanceObject.Merge(m, src) +} +func (m *TemplateInstanceObject) XXX_Size() int { + return m.Size() +} +func (m *TemplateInstanceObject) XXX_DiscardUnknown() { + xxx_messageInfo_TemplateInstanceObject.DiscardUnknown(m) +} + +var xxx_messageInfo_TemplateInstanceObject proto.InternalMessageInfo + +func (m *TemplateInstanceRequester) Reset() { *m = TemplateInstanceRequester{} } +func (*TemplateInstanceRequester) ProtoMessage() {} +func (*TemplateInstanceRequester) Descriptor() ([]byte, []int) { + return fileDescriptor_8d3ee9f55fa8363e, []int{10} +} +func (m *TemplateInstanceRequester) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *TemplateInstanceRequester) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil +} +func (m *TemplateInstanceRequester) XXX_Merge(src proto.Message) { + xxx_messageInfo_TemplateInstanceRequester.Merge(m, src) +} +func (m *TemplateInstanceRequester) XXX_Size() int { + return m.Size() +} +func (m *TemplateInstanceRequester) XXX_DiscardUnknown() { + xxx_messageInfo_TemplateInstanceRequester.DiscardUnknown(m) +} + +var xxx_messageInfo_TemplateInstanceRequester proto.InternalMessageInfo + +func (m *TemplateInstanceSpec) Reset() { *m = TemplateInstanceSpec{} } +func (*TemplateInstanceSpec) ProtoMessage() {} +func (*TemplateInstanceSpec) Descriptor() ([]byte, []int) { + return fileDescriptor_8d3ee9f55fa8363e, []int{11} +} +func (m *TemplateInstanceSpec) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *TemplateInstanceSpec) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil +} +func (m *TemplateInstanceSpec) XXX_Merge(src proto.Message) { + xxx_messageInfo_TemplateInstanceSpec.Merge(m, src) +} +func (m *TemplateInstanceSpec) XXX_Size() int { + return m.Size() +} +func (m *TemplateInstanceSpec) XXX_DiscardUnknown() { + xxx_messageInfo_TemplateInstanceSpec.DiscardUnknown(m) +} + +var xxx_messageInfo_TemplateInstanceSpec proto.InternalMessageInfo + +func (m *TemplateInstanceStatus) Reset() { *m = TemplateInstanceStatus{} } +func (*TemplateInstanceStatus) ProtoMessage() {} +func (*TemplateInstanceStatus) Descriptor() ([]byte, []int) { + return fileDescriptor_8d3ee9f55fa8363e, []int{12} +} +func (m *TemplateInstanceStatus) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *TemplateInstanceStatus) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil +} +func (m *TemplateInstanceStatus) XXX_Merge(src proto.Message) { + xxx_messageInfo_TemplateInstanceStatus.Merge(m, src) +} +func (m *TemplateInstanceStatus) XXX_Size() int { + return m.Size() +} +func (m *TemplateInstanceStatus) XXX_DiscardUnknown() { + xxx_messageInfo_TemplateInstanceStatus.DiscardUnknown(m) +} + +var xxx_messageInfo_TemplateInstanceStatus proto.InternalMessageInfo + +func (m *TemplateList) Reset() { *m = TemplateList{} } +func (*TemplateList) ProtoMessage() {} +func (*TemplateList) Descriptor() ([]byte, []int) { + return fileDescriptor_8d3ee9f55fa8363e, []int{13} +} +func (m *TemplateList) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *TemplateList) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil +} +func (m *TemplateList) XXX_Merge(src proto.Message) { + xxx_messageInfo_TemplateList.Merge(m, src) +} +func (m *TemplateList) XXX_Size() int { + return m.Size() +} +func (m *TemplateList) XXX_DiscardUnknown() { + xxx_messageInfo_TemplateList.DiscardUnknown(m) +} + +var xxx_messageInfo_TemplateList proto.InternalMessageInfo + +func init() { + proto.RegisterType((*BrokerTemplateInstance)(nil), "github.com.openshift.api.template.v1.BrokerTemplateInstance") + proto.RegisterType((*BrokerTemplateInstanceList)(nil), "github.com.openshift.api.template.v1.BrokerTemplateInstanceList") + proto.RegisterType((*BrokerTemplateInstanceSpec)(nil), "github.com.openshift.api.template.v1.BrokerTemplateInstanceSpec") + proto.RegisterType((*ExtraValue)(nil), "github.com.openshift.api.template.v1.ExtraValue") + proto.RegisterType((*Parameter)(nil), "github.com.openshift.api.template.v1.Parameter") + proto.RegisterType((*Template)(nil), "github.com.openshift.api.template.v1.Template") + proto.RegisterMapType((map[string]string)(nil), "github.com.openshift.api.template.v1.Template.LabelsEntry") + proto.RegisterType((*TemplateInstance)(nil), "github.com.openshift.api.template.v1.TemplateInstance") + proto.RegisterType((*TemplateInstanceCondition)(nil), "github.com.openshift.api.template.v1.TemplateInstanceCondition") + proto.RegisterType((*TemplateInstanceList)(nil), "github.com.openshift.api.template.v1.TemplateInstanceList") + proto.RegisterType((*TemplateInstanceObject)(nil), "github.com.openshift.api.template.v1.TemplateInstanceObject") + proto.RegisterType((*TemplateInstanceRequester)(nil), "github.com.openshift.api.template.v1.TemplateInstanceRequester") + proto.RegisterMapType((map[string]ExtraValue)(nil), "github.com.openshift.api.template.v1.TemplateInstanceRequester.ExtraEntry") + proto.RegisterType((*TemplateInstanceSpec)(nil), "github.com.openshift.api.template.v1.TemplateInstanceSpec") + proto.RegisterType((*TemplateInstanceStatus)(nil), "github.com.openshift.api.template.v1.TemplateInstanceStatus") + proto.RegisterType((*TemplateList)(nil), "github.com.openshift.api.template.v1.TemplateList") +} + +func init() { + proto.RegisterFile("github.com/openshift/api/template/v1/generated.proto", fileDescriptor_8d3ee9f55fa8363e) +} + +var fileDescriptor_8d3ee9f55fa8363e = []byte{ + // 1246 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xc4, 0x57, 0x4d, 0x6f, 0x5b, 0x45, + 0x17, 0xf6, 0xf5, 0x57, 0xec, 0x71, 0xdb, 0x37, 0x9a, 0xb7, 0xaa, 0x2e, 0x96, 0x6a, 0x5b, 0xb7, + 0x15, 0x0a, 0xa8, 0xb9, 0x26, 0x51, 0x28, 0x25, 0x42, 0x02, 0x2e, 0x49, 0xab, 0x94, 0x14, 0xd0, + 0x24, 0x45, 0x08, 0xb2, 0x60, 0x7c, 0x3d, 0x76, 0x6e, 0xe3, 0xfb, 0xc1, 0xcc, 0x38, 0xd4, 0xbb, + 0x2e, 0xf8, 0x01, 0x2c, 0x59, 0xf2, 0x13, 0x58, 0xb2, 0x42, 0x62, 0x97, 0x65, 0xd9, 0x75, 0x01, + 0x16, 0x31, 0x2b, 0xfe, 0x00, 0x48, 0x65, 0x83, 0x66, 0xee, 0xdc, 0x0f, 0x7f, 0x51, 0x27, 0x95, + 0xda, 0x9d, 0xef, 0x99, 0xf3, 0x3c, 0x67, 0xce, 0x99, 0x33, 0xcf, 0x1c, 0x83, 0x8d, 0xae, 0xc3, + 0x0f, 0xfb, 0x2d, 0xd3, 0xf6, 0xdd, 0xa6, 0x1f, 0x10, 0x8f, 0x1d, 0x3a, 0x1d, 0xde, 0xc4, 0x81, + 0xd3, 0xe4, 0xc4, 0x0d, 0x7a, 0x98, 0x93, 0xe6, 0xf1, 0x5a, 0xb3, 0x4b, 0x3c, 0x42, 0x31, 0x27, + 0x6d, 0x33, 0xa0, 0x3e, 0xf7, 0xe1, 0xf5, 0x04, 0x65, 0xc6, 0x28, 0x13, 0x07, 0x8e, 0x19, 0xa1, + 0xcc, 0xe3, 0xb5, 0xea, 0x6a, 0x8a, 0xbb, 0xeb, 0x77, 0xfd, 0xa6, 0x04, 0xb7, 0xfa, 0x1d, 0xf9, + 0x25, 0x3f, 0xe4, 0xaf, 0x90, 0xb4, 0x6a, 0x1c, 0xdd, 0x62, 0xa6, 0xe3, 0xcb, 0xe0, 0xb6, 0x4f, + 0x67, 0x05, 0xae, 0x6e, 0x24, 0x3e, 0x2e, 0xb6, 0x0f, 0x1d, 0x8f, 0xd0, 0x41, 0x33, 0x38, 0xea, + 0x0a, 0x03, 0x6b, 0xba, 0x84, 0xe3, 0x59, 0xa8, 0xe6, 0x3c, 0x14, 0xed, 0x7b, 0xdc, 0x71, 0xc9, + 0x14, 0xe0, 0xe6, 0xb3, 0x00, 0xcc, 0x3e, 0x24, 0x2e, 0x9e, 0xc4, 0x19, 0x43, 0x0d, 0x5c, 0xb1, + 0xa8, 0x7f, 0x44, 0xe8, 0xbe, 0xaa, 0xc3, 0x8e, 0xc7, 0x38, 0xf6, 0x6c, 0x02, 0xbf, 0x04, 0x25, + 0xb1, 0xbd, 0x36, 0xe6, 0x58, 0xd7, 0x1a, 0xda, 0x4a, 0x65, 0xfd, 0x0d, 0x33, 0x8c, 0x62, 0xa6, + 0xa3, 0x98, 0xc1, 0x51, 0x57, 0x18, 0x98, 0x29, 0xbc, 0xcd, 0xe3, 0x35, 0xf3, 0xe3, 0xd6, 0x03, + 0x62, 0xf3, 0x7b, 0x84, 0x63, 0x0b, 0x9e, 0x0c, 0xeb, 0x99, 0xd1, 0xb0, 0x0e, 0x12, 0x1b, 0x8a, + 0x59, 0x61, 0x0b, 0xe4, 0x59, 0x40, 0x6c, 0x3d, 0x2b, 0xd9, 0xdf, 0x33, 0x17, 0x39, 0x23, 0x73, + 0xf6, 0x6e, 0xf7, 0x02, 0x62, 0x5b, 0x17, 0x54, 0xb4, 0xbc, 0xf8, 0x42, 0x92, 0xdb, 0xf8, 0x4d, + 0x03, 0xd5, 0xd9, 0x90, 0x5d, 0x87, 0x71, 0x78, 0x30, 0x95, 0xa4, 0xb9, 0x58, 0x92, 0x02, 0x2d, + 0x53, 0x5c, 0x56, 0x41, 0x4b, 0x91, 0x25, 0x95, 0x20, 0x06, 0x05, 0x87, 0x13, 0x97, 0xe9, 0xd9, + 0x46, 0x6e, 0xa5, 0xb2, 0xfe, 0xce, 0xf3, 0x64, 0x68, 0x5d, 0x54, 0x81, 0x0a, 0x3b, 0x82, 0x12, + 0x85, 0xcc, 0xc6, 0x37, 0xd9, 0x79, 0xf9, 0x89, 0x22, 0x40, 0x07, 0x2c, 0xf3, 0x09, 0xbb, 0xca, + 0xf3, 0x5a, 0x2a, 0x4f, 0x53, 0x74, 0x6f, 0x72, 0x74, 0x88, 0x74, 0x08, 0x25, 0x22, 0xa6, 0xae, + 0x62, 0x2e, 0x4f, 0x92, 0xa3, 0x29, 0x5a, 0xf8, 0x21, 0x28, 0x32, 0x62, 0x53, 0xc2, 0xd5, 0x79, + 0x2e, 0x14, 0xe0, 0x92, 0x0a, 0x50, 0xdc, 0x93, 0x50, 0xa4, 0x28, 0xa0, 0x09, 0x40, 0xcb, 0xf1, + 0xda, 0x8e, 0xd7, 0xdd, 0xd9, 0x62, 0x7a, 0xae, 0x91, 0x5b, 0x29, 0x5b, 0x97, 0x44, 0x23, 0x59, + 0xb1, 0x15, 0xa5, 0x3c, 0x8c, 0xb7, 0x00, 0xd8, 0x7e, 0xc8, 0x29, 0xfe, 0x14, 0xf7, 0xfa, 0x04, + 0xd6, 0xa3, 0xba, 0x6b, 0x12, 0x58, 0x9e, 0xac, 0xda, 0x66, 0xe9, 0xbb, 0xef, 0xeb, 0x99, 0x47, + 0xbf, 0x36, 0x32, 0xc6, 0x4f, 0x59, 0x50, 0xfe, 0x04, 0x53, 0xec, 0x12, 0x4e, 0x28, 0x6c, 0x80, + 0xbc, 0x87, 0xdd, 0xb0, 0x44, 0xe5, 0xa4, 0x9f, 0x3e, 0xc2, 0x2e, 0x41, 0x72, 0x05, 0xbe, 0x09, + 0x2a, 0x6d, 0x87, 0x05, 0x3d, 0x3c, 0x10, 0x46, 0x99, 0x6a, 0xd9, 0xfa, 0xbf, 0x72, 0xac, 0x6c, + 0x25, 0x4b, 0x28, 0xed, 0x27, 0x61, 0x84, 0xd9, 0xd4, 0x09, 0xb8, 0xe3, 0x7b, 0x7a, 0x6e, 0x02, + 0x96, 0x2c, 0xa1, 0xb4, 0x1f, 0xbc, 0x06, 0x0a, 0xc7, 0x22, 0x23, 0x3d, 0x2f, 0x01, 0x71, 0x0b, + 0xc8, 0x34, 0x51, 0xb8, 0x06, 0x6f, 0x80, 0x52, 0x74, 0xad, 0xf5, 0x82, 0xf4, 0x8b, 0x7b, 0xf2, + 0x8e, 0xb2, 0xa3, 0xd8, 0x43, 0xa4, 0xd8, 0xa1, 0xbe, 0xab, 0x17, 0xc7, 0x53, 0xbc, 0x4d, 0x7d, + 0x17, 0xc9, 0x15, 0xc1, 0x47, 0xc9, 0x57, 0x7d, 0x87, 0x92, 0xb6, 0xbe, 0xd4, 0xd0, 0x56, 0x4a, + 0x09, 0x1f, 0x52, 0x76, 0x14, 0x7b, 0x18, 0xff, 0xe4, 0x40, 0x29, 0xea, 0x8e, 0x17, 0xa0, 0x19, + 0xaf, 0x81, 0x25, 0x97, 0x30, 0x86, 0xbb, 0x51, 0xed, 0xff, 0xa7, 0xdc, 0x97, 0xee, 0x85, 0x66, + 0x14, 0xad, 0xc3, 0xcf, 0xc0, 0x92, 0x2f, 0x29, 0xc2, 0x06, 0xaa, 0xac, 0xaf, 0xce, 0xdd, 0x8b, + 0x52, 0x49, 0x13, 0xe1, 0xaf, 0xb7, 0x1f, 0x72, 0xe2, 0x31, 0xc7, 0xf7, 0x12, 0xe6, 0x70, 0x23, + 0x0c, 0x45, 0x74, 0xd0, 0x06, 0x20, 0x88, 0x7a, 0x86, 0xe9, 0x79, 0x49, 0xde, 0x5c, 0xec, 0x72, + 0xc7, 0xbd, 0x96, 0xe4, 0x19, 0x9b, 0x18, 0x4a, 0xd1, 0xc2, 0x43, 0x50, 0xec, 0xe1, 0x16, 0xe9, + 0x31, 0xbd, 0x20, 0x03, 0x6c, 0x2e, 0x16, 0x20, 0x3a, 0x0b, 0x73, 0x57, 0x82, 0xb7, 0x3d, 0x4e, + 0x07, 0xd6, 0x65, 0x15, 0xeb, 0x42, 0x98, 0x4a, 0xb8, 0x84, 0x14, 0x7f, 0xf5, 0x6d, 0x50, 0x49, + 0x39, 0xc3, 0x65, 0x90, 0x3b, 0x22, 0x83, 0xf0, 0x0e, 0x20, 0xf1, 0x13, 0x5e, 0x8e, 0xda, 0x50, + 0x96, 0x5c, 0xf5, 0xdd, 0x66, 0xf6, 0x96, 0x66, 0xfc, 0x98, 0x05, 0xcb, 0x2f, 0xe1, 0xe5, 0x38, + 0x18, 0x7b, 0x39, 0xce, 0x58, 0x99, 0x67, 0xbd, 0x19, 0xb0, 0x0d, 0x8a, 0x8c, 0x63, 0xde, 0x67, + 0xf2, 0x9e, 0x2e, 0xac, 0xdb, 0x53, 0xfc, 0x92, 0x23, 0x25, 0x71, 0xf2, 0x1b, 0x29, 0x6e, 0xe3, + 0xef, 0x2c, 0x78, 0x65, 0x12, 0xf2, 0x81, 0xef, 0xb5, 0x1d, 0x79, 0xf3, 0xdf, 0x07, 0x79, 0x3e, + 0x08, 0x22, 0x25, 0x5a, 0x8d, 0x76, 0xb9, 0x3f, 0x08, 0xc8, 0xd3, 0x61, 0xfd, 0xea, 0x5c, 0xa0, + 0x70, 0x40, 0x12, 0x0a, 0x77, 0xe3, 0x34, 0xc2, 0x9b, 0xb2, 0x31, 0xbe, 0x91, 0xa7, 0xc3, 0xfa, + 0x8c, 0x01, 0xc6, 0x8c, 0x99, 0xc6, 0xb7, 0x0b, 0x8f, 0x01, 0xec, 0x61, 0xc6, 0xf7, 0x29, 0xf6, + 0x58, 0x18, 0xc9, 0x71, 0x89, 0x2a, 0xd0, 0xeb, 0x8b, 0x1d, 0xaf, 0x40, 0x58, 0x55, 0xb5, 0x0b, + 0xb8, 0x3b, 0xc5, 0x86, 0x66, 0x44, 0x80, 0xaf, 0x82, 0x22, 0x25, 0x98, 0xf9, 0x9e, 0xd2, 0xc0, + 0xb8, 0x9c, 0x48, 0x5a, 0x91, 0x5a, 0x4d, 0x0b, 0x43, 0xe1, 0xbf, 0x85, 0xc1, 0xf8, 0x45, 0x03, + 0x97, 0x5f, 0xc2, 0x34, 0xf0, 0xc5, 0xf8, 0x34, 0x70, 0xf3, 0x7c, 0x5d, 0x35, 0x67, 0x0e, 0x38, + 0x00, 0x57, 0x26, 0x3d, 0xc3, 0x9b, 0x03, 0x2d, 0x90, 0xa3, 0xa4, 0x73, 0x96, 0x57, 0xbf, 0xa2, + 0x22, 0xe4, 0x10, 0xe9, 0x20, 0x01, 0x36, 0xfe, 0x9c, 0xd1, 0xab, 0xe2, 0x2d, 0x20, 0x4c, 0xbc, + 0x9a, 0x37, 0x40, 0xa9, 0xcf, 0x08, 0x4d, 0xbd, 0x9c, 0x71, 0x19, 0xee, 0x2b, 0x3b, 0x8a, 0x3d, + 0xe0, 0x55, 0x90, 0xeb, 0x3b, 0x6d, 0xd5, 0x93, 0x71, 0xa8, 0xfb, 0x3b, 0x5b, 0x48, 0xd8, 0xa1, + 0x01, 0x8a, 0x5d, 0xea, 0xf7, 0x83, 0xe8, 0xd5, 0x07, 0xe2, 0xac, 0xef, 0x48, 0x0b, 0x52, 0x2b, + 0xd0, 0x07, 0x05, 0x22, 0x5e, 0x7b, 0x25, 0xbd, 0x77, 0xcf, 0x57, 0xc9, 0x38, 0x01, 0x53, 0x8e, + 0x0e, 0xa1, 0x52, 0xc6, 0xd5, 0x95, 0x36, 0x14, 0xc6, 0xa9, 0x3e, 0x50, 0xe3, 0xc5, 0x3c, 0x81, + 0xbc, 0x9d, 0x16, 0x48, 0x21, 0x77, 0x0b, 0x6d, 0x28, 0x99, 0x58, 0xd2, 0x92, 0xfa, 0x43, 0x76, + 0xba, 0x3b, 0xe5, 0x2c, 0x77, 0x00, 0x4a, 0x11, 0x3a, 0xee, 0xce, 0x33, 0x25, 0x9e, 0x1c, 0x4b, + 0x64, 0x41, 0x31, 0xa3, 0x54, 0x8b, 0xf4, 0xf8, 0xb6, 0x32, 0xab, 0x53, 0x76, 0x7d, 0x1b, 0xf7, + 0x26, 0xdb, 0x05, 0xcc, 0x98, 0xdf, 0x7a, 0xa0, 0x4c, 0xa3, 0xf2, 0x2a, 0x91, 0x78, 0xf7, 0x39, + 0x4f, 0xc9, 0xba, 0x38, 0x1a, 0xd6, 0xcb, 0xf1, 0x27, 0x4a, 0x02, 0x18, 0x7f, 0x69, 0xd3, 0xdd, + 0x1f, 0xca, 0x17, 0x64, 0x00, 0xd8, 0x91, 0xa2, 0x85, 0xf3, 0xe0, 0xb9, 0x77, 0x12, 0x2b, 0x63, + 0xf2, 0x38, 0xc5, 0x26, 0x86, 0x52, 0x61, 0x60, 0x37, 0x99, 0x3c, 0xce, 0x34, 0xf9, 0xcf, 0xbe, + 0xc1, 0xf3, 0x07, 0x11, 0xe3, 0x67, 0x0d, 0x5c, 0x88, 0x40, 0x2f, 0x40, 0xc1, 0xf6, 0xc6, 0x15, + 0xec, 0xac, 0xed, 0x37, 0x53, 0xb9, 0xac, 0xbb, 0x27, 0xa7, 0xb5, 0xcc, 0xe3, 0xd3, 0x5a, 0xe6, + 0xc9, 0x69, 0x2d, 0xf3, 0x68, 0x54, 0xd3, 0x4e, 0x46, 0x35, 0xed, 0xf1, 0xa8, 0xa6, 0x3d, 0x19, + 0xd5, 0xb4, 0xdf, 0x47, 0x35, 0xed, 0xdb, 0x3f, 0x6a, 0x99, 0xcf, 0xaf, 0x2f, 0xf2, 0xb7, 0xff, + 0xdf, 0x00, 0x00, 0x00, 0xff, 0xff, 0xd0, 0x61, 0xc4, 0xab, 0x1d, 0x10, 0x00, 0x00, +} + +func (m *BrokerTemplateInstance) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *BrokerTemplateInstance) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *BrokerTemplateInstance) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + { + size, err := m.Spec.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x12 + { + size, err := m.ObjectMeta.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0xa + return len(dAtA) - i, nil +} + +func (m *BrokerTemplateInstanceList) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *BrokerTemplateInstanceList) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *BrokerTemplateInstanceList) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if len(m.Items) > 0 { + for iNdEx := len(m.Items) - 1; iNdEx >= 0; iNdEx-- { + { + size, err := m.Items[iNdEx].MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x12 + } + } + { + size, err := m.ListMeta.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0xa + return len(dAtA) - i, nil +} + +func (m *BrokerTemplateInstanceSpec) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *BrokerTemplateInstanceSpec) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *BrokerTemplateInstanceSpec) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if len(m.BindingIDs) > 0 { + for iNdEx := len(m.BindingIDs) - 1; iNdEx >= 0; iNdEx-- { + i -= len(m.BindingIDs[iNdEx]) + copy(dAtA[i:], m.BindingIDs[iNdEx]) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.BindingIDs[iNdEx]))) + i-- + dAtA[i] = 0x1a + } + } + { + size, err := m.Secret.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x12 + { + size, err := m.TemplateInstance.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0xa + return len(dAtA) - i, nil +} + +func (m ExtraValue) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m ExtraValue) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m ExtraValue) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if len(m) > 0 { + for iNdEx := len(m) - 1; iNdEx >= 0; iNdEx-- { + i -= len(m[iNdEx]) + copy(dAtA[i:], m[iNdEx]) + i = encodeVarintGenerated(dAtA, i, uint64(len(m[iNdEx]))) + i-- + dAtA[i] = 0xa + } + } + return len(dAtA) - i, nil +} + +func (m *Parameter) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *Parameter) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *Parameter) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + i-- + if m.Required { + dAtA[i] = 1 + } else { + dAtA[i] = 0 + } + i-- + dAtA[i] = 0x38 + i -= len(m.From) + copy(dAtA[i:], m.From) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.From))) + i-- + dAtA[i] = 0x32 + i -= len(m.Generate) + copy(dAtA[i:], m.Generate) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.Generate))) + i-- + dAtA[i] = 0x2a + i -= len(m.Value) + copy(dAtA[i:], m.Value) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.Value))) + i-- + dAtA[i] = 0x22 + i -= len(m.Description) + copy(dAtA[i:], m.Description) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.Description))) + i-- + dAtA[i] = 0x1a + i -= len(m.DisplayName) + copy(dAtA[i:], m.DisplayName) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.DisplayName))) + i-- + dAtA[i] = 0x12 + i -= len(m.Name) + copy(dAtA[i:], m.Name) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.Name))) + i-- + dAtA[i] = 0xa + return len(dAtA) - i, nil +} + +func (m *Template) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *Template) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *Template) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if len(m.ObjectLabels) > 0 { + keysForObjectLabels := make([]string, 0, len(m.ObjectLabels)) + for k := range m.ObjectLabels { + keysForObjectLabels = append(keysForObjectLabels, string(k)) + } + github_com_gogo_protobuf_sortkeys.Strings(keysForObjectLabels) + for iNdEx := len(keysForObjectLabels) - 1; iNdEx >= 0; iNdEx-- { + v := m.ObjectLabels[string(keysForObjectLabels[iNdEx])] + baseI := i + i -= len(v) + copy(dAtA[i:], v) + i = encodeVarintGenerated(dAtA, i, uint64(len(v))) + i-- + dAtA[i] = 0x12 + i -= len(keysForObjectLabels[iNdEx]) + copy(dAtA[i:], keysForObjectLabels[iNdEx]) + i = encodeVarintGenerated(dAtA, i, uint64(len(keysForObjectLabels[iNdEx]))) + i-- + dAtA[i] = 0xa + i = encodeVarintGenerated(dAtA, i, uint64(baseI-i)) + i-- + dAtA[i] = 0x2a + } + } + if len(m.Parameters) > 0 { + for iNdEx := len(m.Parameters) - 1; iNdEx >= 0; iNdEx-- { + { + size, err := m.Parameters[iNdEx].MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x22 + } + } + if len(m.Objects) > 0 { + for iNdEx := len(m.Objects) - 1; iNdEx >= 0; iNdEx-- { + { + size, err := m.Objects[iNdEx].MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x1a + } + } + i -= len(m.Message) + copy(dAtA[i:], m.Message) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.Message))) + i-- + dAtA[i] = 0x12 + { + size, err := m.ObjectMeta.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0xa + return len(dAtA) - i, nil +} + +func (m *TemplateInstance) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *TemplateInstance) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *TemplateInstance) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + { + size, err := m.Status.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x1a + { + size, err := m.Spec.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x12 + { + size, err := m.ObjectMeta.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0xa + return len(dAtA) - i, nil +} + +func (m *TemplateInstanceCondition) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *TemplateInstanceCondition) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *TemplateInstanceCondition) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + i -= len(m.Message) + copy(dAtA[i:], m.Message) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.Message))) + i-- + dAtA[i] = 0x2a + i -= len(m.Reason) + copy(dAtA[i:], m.Reason) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.Reason))) + i-- + dAtA[i] = 0x22 + { + size, err := m.LastTransitionTime.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x1a + i -= len(m.Status) + copy(dAtA[i:], m.Status) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.Status))) + i-- + dAtA[i] = 0x12 + i -= len(m.Type) + copy(dAtA[i:], m.Type) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.Type))) + i-- + dAtA[i] = 0xa + return len(dAtA) - i, nil +} + +func (m *TemplateInstanceList) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *TemplateInstanceList) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *TemplateInstanceList) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if len(m.Items) > 0 { + for iNdEx := len(m.Items) - 1; iNdEx >= 0; iNdEx-- { + { + size, err := m.Items[iNdEx].MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x12 + } + } + { + size, err := m.ListMeta.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0xa + return len(dAtA) - i, nil +} + +func (m *TemplateInstanceObject) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *TemplateInstanceObject) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *TemplateInstanceObject) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + { + size, err := m.Ref.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0xa + return len(dAtA) - i, nil +} + +func (m *TemplateInstanceRequester) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *TemplateInstanceRequester) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *TemplateInstanceRequester) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if len(m.Extra) > 0 { + keysForExtra := make([]string, 0, len(m.Extra)) + for k := range m.Extra { + keysForExtra = append(keysForExtra, string(k)) + } + github_com_gogo_protobuf_sortkeys.Strings(keysForExtra) + for iNdEx := len(keysForExtra) - 1; iNdEx >= 0; iNdEx-- { + v := m.Extra[string(keysForExtra[iNdEx])] + baseI := i + { + size, err := (&v).MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x12 + i -= len(keysForExtra[iNdEx]) + copy(dAtA[i:], keysForExtra[iNdEx]) + i = encodeVarintGenerated(dAtA, i, uint64(len(keysForExtra[iNdEx]))) + i-- + dAtA[i] = 0xa + i = encodeVarintGenerated(dAtA, i, uint64(baseI-i)) + i-- + dAtA[i] = 0x22 + } + } + if len(m.Groups) > 0 { + for iNdEx := len(m.Groups) - 1; iNdEx >= 0; iNdEx-- { + i -= len(m.Groups[iNdEx]) + copy(dAtA[i:], m.Groups[iNdEx]) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.Groups[iNdEx]))) + i-- + dAtA[i] = 0x1a + } + } + i -= len(m.UID) + copy(dAtA[i:], m.UID) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.UID))) + i-- + dAtA[i] = 0x12 + i -= len(m.Username) + copy(dAtA[i:], m.Username) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.Username))) + i-- + dAtA[i] = 0xa + return len(dAtA) - i, nil +} + +func (m *TemplateInstanceSpec) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *TemplateInstanceSpec) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *TemplateInstanceSpec) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if m.Requester != nil { + { + size, err := m.Requester.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x1a + } + if m.Secret != nil { + { + size, err := m.Secret.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x12 + } + { + size, err := m.Template.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0xa + return len(dAtA) - i, nil +} + +func (m *TemplateInstanceStatus) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *TemplateInstanceStatus) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *TemplateInstanceStatus) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if len(m.Objects) > 0 { + for iNdEx := len(m.Objects) - 1; iNdEx >= 0; iNdEx-- { + { + size, err := m.Objects[iNdEx].MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x12 + } + } + if len(m.Conditions) > 0 { + for iNdEx := len(m.Conditions) - 1; iNdEx >= 0; iNdEx-- { + { + size, err := m.Conditions[iNdEx].MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0xa + } + } + return len(dAtA) - i, nil +} + +func (m *TemplateList) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *TemplateList) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *TemplateList) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if len(m.Items) > 0 { + for iNdEx := len(m.Items) - 1; iNdEx >= 0; iNdEx-- { + { + size, err := m.Items[iNdEx].MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x12 + } + } + { + size, err := m.ListMeta.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0xa + return len(dAtA) - i, nil +} + +func encodeVarintGenerated(dAtA []byte, offset int, v uint64) int { + offset -= sovGenerated(v) + base := offset + for v >= 1<<7 { + dAtA[offset] = uint8(v&0x7f | 0x80) + v >>= 7 + offset++ + } + dAtA[offset] = uint8(v) + return base +} +func (m *BrokerTemplateInstance) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = m.ObjectMeta.Size() + n += 1 + l + sovGenerated(uint64(l)) + l = m.Spec.Size() + n += 1 + l + sovGenerated(uint64(l)) + return n +} + +func (m *BrokerTemplateInstanceList) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = m.ListMeta.Size() + n += 1 + l + sovGenerated(uint64(l)) + if len(m.Items) > 0 { + for _, e := range m.Items { + l = e.Size() + n += 1 + l + sovGenerated(uint64(l)) + } + } + return n +} + +func (m *BrokerTemplateInstanceSpec) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = m.TemplateInstance.Size() + n += 1 + l + sovGenerated(uint64(l)) + l = m.Secret.Size() + n += 1 + l + sovGenerated(uint64(l)) + if len(m.BindingIDs) > 0 { + for _, s := range m.BindingIDs { + l = len(s) + n += 1 + l + sovGenerated(uint64(l)) + } + } + return n +} + +func (m ExtraValue) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + if len(m) > 0 { + for _, s := range m { + l = len(s) + n += 1 + l + sovGenerated(uint64(l)) + } + } + return n +} + +func (m *Parameter) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.Name) + n += 1 + l + sovGenerated(uint64(l)) + l = len(m.DisplayName) + n += 1 + l + sovGenerated(uint64(l)) + l = len(m.Description) + n += 1 + l + sovGenerated(uint64(l)) + l = len(m.Value) + n += 1 + l + sovGenerated(uint64(l)) + l = len(m.Generate) + n += 1 + l + sovGenerated(uint64(l)) + l = len(m.From) + n += 1 + l + sovGenerated(uint64(l)) + n += 2 + return n +} + +func (m *Template) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = m.ObjectMeta.Size() + n += 1 + l + sovGenerated(uint64(l)) + l = len(m.Message) + n += 1 + l + sovGenerated(uint64(l)) + if len(m.Objects) > 0 { + for _, e := range m.Objects { + l = e.Size() + n += 1 + l + sovGenerated(uint64(l)) + } + } + if len(m.Parameters) > 0 { + for _, e := range m.Parameters { + l = e.Size() + n += 1 + l + sovGenerated(uint64(l)) + } + } + if len(m.ObjectLabels) > 0 { + for k, v := range m.ObjectLabels { + _ = k + _ = v + mapEntrySize := 1 + len(k) + sovGenerated(uint64(len(k))) + 1 + len(v) + sovGenerated(uint64(len(v))) + n += mapEntrySize + 1 + sovGenerated(uint64(mapEntrySize)) + } + } + return n +} + +func (m *TemplateInstance) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = m.ObjectMeta.Size() + n += 1 + l + sovGenerated(uint64(l)) + l = m.Spec.Size() + n += 1 + l + sovGenerated(uint64(l)) + l = m.Status.Size() + n += 1 + l + sovGenerated(uint64(l)) + return n +} + +func (m *TemplateInstanceCondition) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.Type) + n += 1 + l + sovGenerated(uint64(l)) + l = len(m.Status) + n += 1 + l + sovGenerated(uint64(l)) + l = m.LastTransitionTime.Size() + n += 1 + l + sovGenerated(uint64(l)) + l = len(m.Reason) + n += 1 + l + sovGenerated(uint64(l)) + l = len(m.Message) + n += 1 + l + sovGenerated(uint64(l)) + return n +} + +func (m *TemplateInstanceList) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = m.ListMeta.Size() + n += 1 + l + sovGenerated(uint64(l)) + if len(m.Items) > 0 { + for _, e := range m.Items { + l = e.Size() + n += 1 + l + sovGenerated(uint64(l)) + } + } + return n +} + +func (m *TemplateInstanceObject) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = m.Ref.Size() + n += 1 + l + sovGenerated(uint64(l)) + return n +} + +func (m *TemplateInstanceRequester) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.Username) + n += 1 + l + sovGenerated(uint64(l)) + l = len(m.UID) + n += 1 + l + sovGenerated(uint64(l)) + if len(m.Groups) > 0 { + for _, s := range m.Groups { + l = len(s) + n += 1 + l + sovGenerated(uint64(l)) + } + } + if len(m.Extra) > 0 { + for k, v := range m.Extra { + _ = k + _ = v + l = v.Size() + mapEntrySize := 1 + len(k) + sovGenerated(uint64(len(k))) + 1 + l + sovGenerated(uint64(l)) + n += mapEntrySize + 1 + sovGenerated(uint64(mapEntrySize)) + } + } + return n +} + +func (m *TemplateInstanceSpec) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = m.Template.Size() + n += 1 + l + sovGenerated(uint64(l)) + if m.Secret != nil { + l = m.Secret.Size() + n += 1 + l + sovGenerated(uint64(l)) + } + if m.Requester != nil { + l = m.Requester.Size() + n += 1 + l + sovGenerated(uint64(l)) + } + return n +} + +func (m *TemplateInstanceStatus) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + if len(m.Conditions) > 0 { + for _, e := range m.Conditions { + l = e.Size() + n += 1 + l + sovGenerated(uint64(l)) + } + } + if len(m.Objects) > 0 { + for _, e := range m.Objects { + l = e.Size() + n += 1 + l + sovGenerated(uint64(l)) + } + } + return n +} + +func (m *TemplateList) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = m.ListMeta.Size() + n += 1 + l + sovGenerated(uint64(l)) + if len(m.Items) > 0 { + for _, e := range m.Items { + l = e.Size() + n += 1 + l + sovGenerated(uint64(l)) + } + } + return n +} + +func sovGenerated(x uint64) (n int) { + return (math_bits.Len64(x|1) + 6) / 7 +} +func sozGenerated(x uint64) (n int) { + return sovGenerated(uint64((x << 1) ^ uint64((int64(x) >> 63)))) +} +func (this *BrokerTemplateInstance) String() string { + if this == nil { + return "nil" + } + s := strings.Join([]string{`&BrokerTemplateInstance{`, + `ObjectMeta:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.ObjectMeta), "ObjectMeta", "v1.ObjectMeta", 1), `&`, ``, 1) + `,`, + `Spec:` + strings.Replace(strings.Replace(this.Spec.String(), "BrokerTemplateInstanceSpec", "BrokerTemplateInstanceSpec", 1), `&`, ``, 1) + `,`, + `}`, + }, "") + return s +} +func (this *BrokerTemplateInstanceList) String() string { + if this == nil { + return "nil" + } + repeatedStringForItems := "[]BrokerTemplateInstance{" + for _, f := range this.Items { + repeatedStringForItems += strings.Replace(strings.Replace(f.String(), "BrokerTemplateInstance", "BrokerTemplateInstance", 1), `&`, ``, 1) + "," + } + repeatedStringForItems += "}" + s := strings.Join([]string{`&BrokerTemplateInstanceList{`, + `ListMeta:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.ListMeta), "ListMeta", "v1.ListMeta", 1), `&`, ``, 1) + `,`, + `Items:` + repeatedStringForItems + `,`, + `}`, + }, "") + return s +} +func (this *BrokerTemplateInstanceSpec) String() string { + if this == nil { + return "nil" + } + s := strings.Join([]string{`&BrokerTemplateInstanceSpec{`, + `TemplateInstance:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.TemplateInstance), "ObjectReference", "v11.ObjectReference", 1), `&`, ``, 1) + `,`, + `Secret:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.Secret), "ObjectReference", "v11.ObjectReference", 1), `&`, ``, 1) + `,`, + `BindingIDs:` + fmt.Sprintf("%v", this.BindingIDs) + `,`, + `}`, + }, "") + return s +} +func (this *Parameter) String() string { + if this == nil { + return "nil" + } + s := strings.Join([]string{`&Parameter{`, + `Name:` + fmt.Sprintf("%v", this.Name) + `,`, + `DisplayName:` + fmt.Sprintf("%v", this.DisplayName) + `,`, + `Description:` + fmt.Sprintf("%v", this.Description) + `,`, + `Value:` + fmt.Sprintf("%v", this.Value) + `,`, + `Generate:` + fmt.Sprintf("%v", this.Generate) + `,`, + `From:` + fmt.Sprintf("%v", this.From) + `,`, + `Required:` + fmt.Sprintf("%v", this.Required) + `,`, + `}`, + }, "") + return s +} +func (this *Template) String() string { + if this == nil { + return "nil" + } + repeatedStringForObjects := "[]RawExtension{" + for _, f := range this.Objects { + repeatedStringForObjects += fmt.Sprintf("%v", f) + "," + } + repeatedStringForObjects += "}" + repeatedStringForParameters := "[]Parameter{" + for _, f := range this.Parameters { + repeatedStringForParameters += strings.Replace(strings.Replace(f.String(), "Parameter", "Parameter", 1), `&`, ``, 1) + "," + } + repeatedStringForParameters += "}" + keysForObjectLabels := make([]string, 0, len(this.ObjectLabels)) + for k := range this.ObjectLabels { + keysForObjectLabels = append(keysForObjectLabels, k) + } + github_com_gogo_protobuf_sortkeys.Strings(keysForObjectLabels) + mapStringForObjectLabels := "map[string]string{" + for _, k := range keysForObjectLabels { + mapStringForObjectLabels += fmt.Sprintf("%v: %v,", k, this.ObjectLabels[k]) + } + mapStringForObjectLabels += "}" + s := strings.Join([]string{`&Template{`, + `ObjectMeta:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.ObjectMeta), "ObjectMeta", "v1.ObjectMeta", 1), `&`, ``, 1) + `,`, + `Message:` + fmt.Sprintf("%v", this.Message) + `,`, + `Objects:` + repeatedStringForObjects + `,`, + `Parameters:` + repeatedStringForParameters + `,`, + `ObjectLabels:` + mapStringForObjectLabels + `,`, + `}`, + }, "") + return s +} +func (this *TemplateInstance) String() string { + if this == nil { + return "nil" + } + s := strings.Join([]string{`&TemplateInstance{`, + `ObjectMeta:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.ObjectMeta), "ObjectMeta", "v1.ObjectMeta", 1), `&`, ``, 1) + `,`, + `Spec:` + strings.Replace(strings.Replace(this.Spec.String(), "TemplateInstanceSpec", "TemplateInstanceSpec", 1), `&`, ``, 1) + `,`, + `Status:` + strings.Replace(strings.Replace(this.Status.String(), "TemplateInstanceStatus", "TemplateInstanceStatus", 1), `&`, ``, 1) + `,`, + `}`, + }, "") + return s +} +func (this *TemplateInstanceCondition) String() string { + if this == nil { + return "nil" + } + s := strings.Join([]string{`&TemplateInstanceCondition{`, + `Type:` + fmt.Sprintf("%v", this.Type) + `,`, + `Status:` + fmt.Sprintf("%v", this.Status) + `,`, + `LastTransitionTime:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.LastTransitionTime), "Time", "v1.Time", 1), `&`, ``, 1) + `,`, + `Reason:` + fmt.Sprintf("%v", this.Reason) + `,`, + `Message:` + fmt.Sprintf("%v", this.Message) + `,`, + `}`, + }, "") + return s +} +func (this *TemplateInstanceList) String() string { + if this == nil { + return "nil" + } + repeatedStringForItems := "[]TemplateInstance{" + for _, f := range this.Items { + repeatedStringForItems += strings.Replace(strings.Replace(f.String(), "TemplateInstance", "TemplateInstance", 1), `&`, ``, 1) + "," + } + repeatedStringForItems += "}" + s := strings.Join([]string{`&TemplateInstanceList{`, + `ListMeta:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.ListMeta), "ListMeta", "v1.ListMeta", 1), `&`, ``, 1) + `,`, + `Items:` + repeatedStringForItems + `,`, + `}`, + }, "") + return s +} +func (this *TemplateInstanceObject) String() string { + if this == nil { + return "nil" + } + s := strings.Join([]string{`&TemplateInstanceObject{`, + `Ref:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.Ref), "ObjectReference", "v11.ObjectReference", 1), `&`, ``, 1) + `,`, + `}`, + }, "") + return s +} +func (this *TemplateInstanceRequester) String() string { + if this == nil { + return "nil" + } + keysForExtra := make([]string, 0, len(this.Extra)) + for k := range this.Extra { + keysForExtra = append(keysForExtra, k) + } + github_com_gogo_protobuf_sortkeys.Strings(keysForExtra) + mapStringForExtra := "map[string]ExtraValue{" + for _, k := range keysForExtra { + mapStringForExtra += fmt.Sprintf("%v: %v,", k, this.Extra[k]) + } + mapStringForExtra += "}" + s := strings.Join([]string{`&TemplateInstanceRequester{`, + `Username:` + fmt.Sprintf("%v", this.Username) + `,`, + `UID:` + fmt.Sprintf("%v", this.UID) + `,`, + `Groups:` + fmt.Sprintf("%v", this.Groups) + `,`, + `Extra:` + mapStringForExtra + `,`, + `}`, + }, "") + return s +} +func (this *TemplateInstanceSpec) String() string { + if this == nil { + return "nil" + } + s := strings.Join([]string{`&TemplateInstanceSpec{`, + `Template:` + strings.Replace(strings.Replace(this.Template.String(), "Template", "Template", 1), `&`, ``, 1) + `,`, + `Secret:` + strings.Replace(fmt.Sprintf("%v", this.Secret), "LocalObjectReference", "v11.LocalObjectReference", 1) + `,`, + `Requester:` + strings.Replace(this.Requester.String(), "TemplateInstanceRequester", "TemplateInstanceRequester", 1) + `,`, + `}`, + }, "") + return s +} +func (this *TemplateInstanceStatus) String() string { + if this == nil { + return "nil" + } + repeatedStringForConditions := "[]TemplateInstanceCondition{" + for _, f := range this.Conditions { + repeatedStringForConditions += strings.Replace(strings.Replace(f.String(), "TemplateInstanceCondition", "TemplateInstanceCondition", 1), `&`, ``, 1) + "," + } + repeatedStringForConditions += "}" + repeatedStringForObjects := "[]TemplateInstanceObject{" + for _, f := range this.Objects { + repeatedStringForObjects += strings.Replace(strings.Replace(f.String(), "TemplateInstanceObject", "TemplateInstanceObject", 1), `&`, ``, 1) + "," + } + repeatedStringForObjects += "}" + s := strings.Join([]string{`&TemplateInstanceStatus{`, + `Conditions:` + repeatedStringForConditions + `,`, + `Objects:` + repeatedStringForObjects + `,`, + `}`, + }, "") + return s +} +func (this *TemplateList) String() string { + if this == nil { + return "nil" + } + repeatedStringForItems := "[]Template{" + for _, f := range this.Items { + repeatedStringForItems += strings.Replace(strings.Replace(f.String(), "Template", "Template", 1), `&`, ``, 1) + "," + } + repeatedStringForItems += "}" + s := strings.Join([]string{`&TemplateList{`, + `ListMeta:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.ListMeta), "ListMeta", "v1.ListMeta", 1), `&`, ``, 1) + `,`, + `Items:` + repeatedStringForItems + `,`, + `}`, + }, "") + return s +} +func valueToStringGenerated(v interface{}) string { + rv := reflect.ValueOf(v) + if rv.IsNil() { + return "nil" + } + pv := reflect.Indirect(rv).Interface() + return fmt.Sprintf("*%v", pv) +} +func (m *BrokerTemplateInstance) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: BrokerTemplateInstance: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: BrokerTemplateInstance: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ObjectMeta", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.ObjectMeta.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Spec", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.Spec.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *BrokerTemplateInstanceList) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: BrokerTemplateInstanceList: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: BrokerTemplateInstanceList: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ListMeta", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.ListMeta.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Items", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Items = append(m.Items, BrokerTemplateInstance{}) + if err := m.Items[len(m.Items)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *BrokerTemplateInstanceSpec) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: BrokerTemplateInstanceSpec: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: BrokerTemplateInstanceSpec: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field TemplateInstance", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.TemplateInstance.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Secret", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.Secret.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field BindingIDs", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.BindingIDs = append(m.BindingIDs, string(dAtA[iNdEx:postIndex])) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *ExtraValue) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: ExtraValue: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: ExtraValue: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Items", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + *m = append(*m, string(dAtA[iNdEx:postIndex])) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *Parameter) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: Parameter: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: Parameter: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Name = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field DisplayName", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.DisplayName = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Description", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Description = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 4: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Value", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Value = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 5: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Generate", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Generate = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 6: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field From", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.From = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 7: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field Required", wireType) + } + var v int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + v |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + m.Required = bool(v != 0) + default: + iNdEx = preIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *Template) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: Template: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: Template: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ObjectMeta", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.ObjectMeta.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Message", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Message = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Objects", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Objects = append(m.Objects, runtime.RawExtension{}) + if err := m.Objects[len(m.Objects)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 4: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Parameters", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Parameters = append(m.Parameters, Parameter{}) + if err := m.Parameters[len(m.Parameters)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 5: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ObjectLabels", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.ObjectLabels == nil { + m.ObjectLabels = make(map[string]string) + } + var mapkey string + var mapvalue string + for iNdEx < postIndex { + entryPreIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + if fieldNum == 1 { + var stringLenmapkey uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLenmapkey |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLenmapkey := int(stringLenmapkey) + if intStringLenmapkey < 0 { + return ErrInvalidLengthGenerated + } + postStringIndexmapkey := iNdEx + intStringLenmapkey + if postStringIndexmapkey < 0 { + return ErrInvalidLengthGenerated + } + if postStringIndexmapkey > l { + return io.ErrUnexpectedEOF + } + mapkey = string(dAtA[iNdEx:postStringIndexmapkey]) + iNdEx = postStringIndexmapkey + } else if fieldNum == 2 { + var stringLenmapvalue uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLenmapvalue |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLenmapvalue := int(stringLenmapvalue) + if intStringLenmapvalue < 0 { + return ErrInvalidLengthGenerated + } + postStringIndexmapvalue := iNdEx + intStringLenmapvalue + if postStringIndexmapvalue < 0 { + return ErrInvalidLengthGenerated + } + if postStringIndexmapvalue > l { + return io.ErrUnexpectedEOF + } + mapvalue = string(dAtA[iNdEx:postStringIndexmapvalue]) + iNdEx = postStringIndexmapvalue + } else { + iNdEx = entryPreIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > postIndex { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + m.ObjectLabels[mapkey] = mapvalue + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *TemplateInstance) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: TemplateInstance: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: TemplateInstance: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ObjectMeta", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.ObjectMeta.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Spec", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.Spec.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Status", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.Status.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *TemplateInstanceCondition) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: TemplateInstanceCondition: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: TemplateInstanceCondition: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Type", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Type = TemplateInstanceConditionType(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Status", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Status = k8s_io_api_core_v1.ConditionStatus(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field LastTransitionTime", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.LastTransitionTime.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 4: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Reason", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Reason = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 5: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Message", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Message = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *TemplateInstanceList) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: TemplateInstanceList: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: TemplateInstanceList: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ListMeta", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.ListMeta.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Items", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Items = append(m.Items, TemplateInstance{}) + if err := m.Items[len(m.Items)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *TemplateInstanceObject) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: TemplateInstanceObject: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: TemplateInstanceObject: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Ref", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.Ref.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *TemplateInstanceRequester) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: TemplateInstanceRequester: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: TemplateInstanceRequester: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Username", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Username = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field UID", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.UID = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Groups", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Groups = append(m.Groups, string(dAtA[iNdEx:postIndex])) + iNdEx = postIndex + case 4: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Extra", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.Extra == nil { + m.Extra = make(map[string]ExtraValue) + } + var mapkey string + mapvalue := &ExtraValue{} + for iNdEx < postIndex { + entryPreIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + if fieldNum == 1 { + var stringLenmapkey uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLenmapkey |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLenmapkey := int(stringLenmapkey) + if intStringLenmapkey < 0 { + return ErrInvalidLengthGenerated + } + postStringIndexmapkey := iNdEx + intStringLenmapkey + if postStringIndexmapkey < 0 { + return ErrInvalidLengthGenerated + } + if postStringIndexmapkey > l { + return io.ErrUnexpectedEOF + } + mapkey = string(dAtA[iNdEx:postStringIndexmapkey]) + iNdEx = postStringIndexmapkey + } else if fieldNum == 2 { + var mapmsglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + mapmsglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if mapmsglen < 0 { + return ErrInvalidLengthGenerated + } + postmsgIndex := iNdEx + mapmsglen + if postmsgIndex < 0 { + return ErrInvalidLengthGenerated + } + if postmsgIndex > l { + return io.ErrUnexpectedEOF + } + mapvalue = &ExtraValue{} + if err := mapvalue.Unmarshal(dAtA[iNdEx:postmsgIndex]); err != nil { + return err + } + iNdEx = postmsgIndex + } else { + iNdEx = entryPreIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > postIndex { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + m.Extra[mapkey] = *mapvalue + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *TemplateInstanceSpec) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: TemplateInstanceSpec: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: TemplateInstanceSpec: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Template", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.Template.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Secret", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.Secret == nil { + m.Secret = &v11.LocalObjectReference{} + } + if err := m.Secret.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Requester", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.Requester == nil { + m.Requester = &TemplateInstanceRequester{} + } + if err := m.Requester.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *TemplateInstanceStatus) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: TemplateInstanceStatus: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: TemplateInstanceStatus: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Conditions", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Conditions = append(m.Conditions, TemplateInstanceCondition{}) + if err := m.Conditions[len(m.Conditions)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Objects", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Objects = append(m.Objects, TemplateInstanceObject{}) + if err := m.Objects[len(m.Objects)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *TemplateList) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: TemplateList: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: TemplateList: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ListMeta", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.ListMeta.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Items", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Items = append(m.Items, Template{}) + if err := m.Items[len(m.Items)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func skipGenerated(dAtA []byte) (n int, err error) { + l := len(dAtA) + iNdEx := 0 + depth := 0 + for iNdEx < l { + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return 0, ErrIntOverflowGenerated + } + if iNdEx >= l { + return 0, io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + wireType := int(wire & 0x7) + switch wireType { + case 0: + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return 0, ErrIntOverflowGenerated + } + if iNdEx >= l { + return 0, io.ErrUnexpectedEOF + } + iNdEx++ + if dAtA[iNdEx-1] < 0x80 { + break + } + } + case 1: + iNdEx += 8 + case 2: + var length int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return 0, ErrIntOverflowGenerated + } + if iNdEx >= l { + return 0, io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + length |= (int(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + if length < 0 { + return 0, ErrInvalidLengthGenerated + } + iNdEx += length + case 3: + depth++ + case 4: + if depth == 0 { + return 0, ErrUnexpectedEndOfGroupGenerated + } + depth-- + case 5: + iNdEx += 4 + default: + return 0, fmt.Errorf("proto: illegal wireType %d", wireType) + } + if iNdEx < 0 { + return 0, ErrInvalidLengthGenerated + } + if depth == 0 { + return iNdEx, nil + } + } + return 0, io.ErrUnexpectedEOF +} + +var ( + ErrInvalidLengthGenerated = fmt.Errorf("proto: negative length found during unmarshaling") + ErrIntOverflowGenerated = fmt.Errorf("proto: integer overflow") + ErrUnexpectedEndOfGroupGenerated = fmt.Errorf("proto: unexpected end of group") +) diff --git a/vendor/github.com/openshift/api/template/v1/generated.proto b/vendor/github.com/openshift/api/template/v1/generated.proto new file mode 100644 index 0000000000..261e3a3c55 --- /dev/null +++ b/vendor/github.com/openshift/api/template/v1/generated.proto @@ -0,0 +1,250 @@ + +// This file was autogenerated by go-to-protobuf. Do not edit it manually! + +syntax = "proto2"; + +package github.com.openshift.api.template.v1; + +import "k8s.io/api/core/v1/generated.proto"; +import "k8s.io/apimachinery/pkg/apis/meta/v1/generated.proto"; +import "k8s.io/apimachinery/pkg/runtime/generated.proto"; +import "k8s.io/apimachinery/pkg/runtime/schema/generated.proto"; + +// Package-wide variables from generator "generated". +option go_package = "github.com/openshift/api/template/v1"; + +// BrokerTemplateInstance holds the service broker-related state associated with +// a TemplateInstance. BrokerTemplateInstance is part of an experimental API. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +message BrokerTemplateInstance { + optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; + + // spec describes the state of this BrokerTemplateInstance. + optional BrokerTemplateInstanceSpec spec = 2; +} + +// BrokerTemplateInstanceList is a list of BrokerTemplateInstance objects. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +message BrokerTemplateInstanceList { + optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; + + // items is a list of BrokerTemplateInstances + repeated BrokerTemplateInstance items = 2; +} + +// BrokerTemplateInstanceSpec describes the state of a BrokerTemplateInstance. +message BrokerTemplateInstanceSpec { + // templateinstance is a reference to a TemplateInstance object residing + // in a namespace. + optional k8s.io.api.core.v1.ObjectReference templateInstance = 1; + + // secret is a reference to a Secret object residing in a namespace, + // containing the necessary template parameters. + optional k8s.io.api.core.v1.ObjectReference secret = 2; + + // bindingids is a list of 'binding_id's provided during successive bind + // calls to the template service broker. + repeated string bindingIDs = 3; +} + +// ExtraValue masks the value so protobuf can generate +// +protobuf.nullable=true +// +protobuf.options.(gogoproto.goproto_stringer)=false +message ExtraValue { + // items, if empty, will result in an empty slice + + repeated string items = 1; +} + +// Parameter defines a name/value variable that is to be processed during +// the Template to Config transformation. +message Parameter { + // Name must be set and it can be referenced in Template + // Items using ${PARAMETER_NAME}. Required. + optional string name = 1; + + // Optional: The name that will show in UI instead of parameter 'Name' + optional string displayName = 2; + + // Description of a parameter. Optional. + optional string description = 3; + + // Value holds the Parameter data. If specified, the generator will be + // ignored. The value replaces all occurrences of the Parameter ${Name} + // expression during the Template to Config transformation. Optional. + optional string value = 4; + + // generate specifies the generator to be used to generate random string + // from an input value specified by From field. The result string is + // stored into Value field. If empty, no generator is being used, leaving + // the result Value untouched. Optional. + // + // The only supported generator is "expression", which accepts a "from" + // value in the form of a simple regular expression containing the + // range expression "[a-zA-Z0-9]", and the length expression "a{length}". + // + // Examples: + // + // from | value + // ----------------------------- + // "test[0-9]{1}x" | "test7x" + // "[0-1]{8}" | "01001100" + // "0x[A-F0-9]{4}" | "0xB3AF" + // "[a-zA-Z0-9]{8}" | "hW4yQU5i" + optional string generate = 5; + + // From is an input value for the generator. Optional. + optional string from = 6; + + // Optional: Indicates the parameter must have a value. Defaults to false. + optional bool required = 7; +} + +// Template contains the inputs needed to produce a Config. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +message Template { + optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; + + // message is an optional instructional message that will + // be displayed when this template is instantiated. + // This field should inform the user how to utilize the newly created resources. + // Parameter substitution will be performed on the message before being + // displayed so that generated credentials and other parameters can be + // included in the output. + optional string message = 2; + + // objects is an array of resources to include in this template. + // If a namespace value is hardcoded in the object, it will be removed + // during template instantiation, however if the namespace value + // is, or contains, a ${PARAMETER_REFERENCE}, the resolved + // value after parameter substitution will be respected and the object + // will be created in that namespace. + // +kubebuilder:pruning:PreserveUnknownFields + repeated k8s.io.apimachinery.pkg.runtime.RawExtension objects = 3; + + // parameters is an optional array of Parameters used during the + // Template to Config transformation. + repeated Parameter parameters = 4; + + // labels is a optional set of labels that are applied to every + // object during the Template to Config transformation. + map labels = 5; +} + +// TemplateInstance requests and records the instantiation of a Template. +// TemplateInstance is part of an experimental API. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +message TemplateInstance { + optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; + + // spec describes the desired state of this TemplateInstance. + optional TemplateInstanceSpec spec = 2; + + // status describes the current state of this TemplateInstance. + // +optional + optional TemplateInstanceStatus status = 3; +} + +// TemplateInstanceCondition contains condition information for a +// TemplateInstance. +message TemplateInstanceCondition { + // Type of the condition, currently Ready or InstantiateFailure. + optional string type = 1; + + // Status of the condition, one of True, False or Unknown. + optional string status = 2; + + // LastTransitionTime is the last time a condition status transitioned from + // one state to another. + optional k8s.io.apimachinery.pkg.apis.meta.v1.Time lastTransitionTime = 3; + + // Reason is a brief machine readable explanation for the condition's last + // transition. + optional string reason = 4; + + // Message is a human readable description of the details of the last + // transition, complementing reason. + optional string message = 5; +} + +// TemplateInstanceList is a list of TemplateInstance objects. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +message TemplateInstanceList { + optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; + + // items is a list of Templateinstances + repeated TemplateInstance items = 2; +} + +// TemplateInstanceObject references an object created by a TemplateInstance. +message TemplateInstanceObject { + // ref is a reference to the created object. When used under .spec, only + // name and namespace are used; these can contain references to parameters + // which will be substituted following the usual rules. + optional k8s.io.api.core.v1.ObjectReference ref = 1; +} + +// TemplateInstanceRequester holds the identity of an agent requesting a +// template instantiation. +message TemplateInstanceRequester { + // username uniquely identifies this user among all active users. + optional string username = 1; + + // uid is a unique value that identifies this user across time; if this user is + // deleted and another user by the same name is added, they will have + // different UIDs. + optional string uid = 2; + + // groups represent the groups this user is a part of. + repeated string groups = 3; + + // extra holds additional information provided by the authenticator. + map extra = 4; +} + +// TemplateInstanceSpec describes the desired state of a TemplateInstance. +message TemplateInstanceSpec { + // template is a full copy of the template for instantiation. + optional Template template = 1; + + // secret is a reference to a Secret object containing the necessary + // template parameters. + optional k8s.io.api.core.v1.LocalObjectReference secret = 2; + + // requester holds the identity of the agent requesting the template + // instantiation. + // +optional + optional TemplateInstanceRequester requester = 3; +} + +// TemplateInstanceStatus describes the current state of a TemplateInstance. +message TemplateInstanceStatus { + // conditions represent the latest available observations of a + // TemplateInstance's current state. + repeated TemplateInstanceCondition conditions = 1; + + // Objects references the objects created by the TemplateInstance. + repeated TemplateInstanceObject objects = 2; +} + +// TemplateList is a list of Template objects. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +message TemplateList { + optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; + + // Items is a list of templates + repeated Template items = 2; +} + diff --git a/vendor/github.com/openshift/api/template/v1/legacy.go b/vendor/github.com/openshift/api/template/v1/legacy.go new file mode 100644 index 0000000000..9266f3ac9e --- /dev/null +++ b/vendor/github.com/openshift/api/template/v1/legacy.go @@ -0,0 +1,24 @@ +package v1 + +import ( + corev1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" +) + +var ( + legacyGroupVersion = schema.GroupVersion{Group: "", Version: "v1"} + legacySchemeBuilder = runtime.NewSchemeBuilder(addLegacyKnownTypes, corev1.AddToScheme) + DeprecatedInstallWithoutGroup = legacySchemeBuilder.AddToScheme +) + +func addLegacyKnownTypes(scheme *runtime.Scheme) error { + types := []runtime.Object{ + &Template{}, + &TemplateList{}, + } + scheme.AddKnownTypes(legacyGroupVersion, types...) + scheme.AddKnownTypeWithName(legacyGroupVersion.WithKind("TemplateConfig"), &Template{}) + scheme.AddKnownTypeWithName(legacyGroupVersion.WithKind("ProcessedTemplate"), &Template{}) + return nil +} diff --git a/vendor/github.com/openshift/api/template/v1/register.go b/vendor/github.com/openshift/api/template/v1/register.go new file mode 100644 index 0000000000..e34ff5610b --- /dev/null +++ b/vendor/github.com/openshift/api/template/v1/register.go @@ -0,0 +1,43 @@ +package v1 + +import ( + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" +) + +var ( + GroupName = "template.openshift.io" + GroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1"} + schemeBuilder = runtime.NewSchemeBuilder(addKnownTypes, corev1.AddToScheme) + // Install is a function which adds this version to a scheme + Install = schemeBuilder.AddToScheme + + // SchemeGroupVersion generated code relies on this name + // Deprecated + SchemeGroupVersion = GroupVersion + // AddToScheme exists solely to keep the old generators creating valid code + // DEPRECATED + AddToScheme = schemeBuilder.AddToScheme +) + +// Resource generated code relies on this being here, but it logically belongs to the group +// DEPRECATED +func Resource(resource string) schema.GroupResource { + return schema.GroupResource{Group: GroupName, Resource: resource} +} + +// Adds the list of known types to api.Scheme. +func addKnownTypes(scheme *runtime.Scheme) error { + scheme.AddKnownTypes(GroupVersion, + &Template{}, + &TemplateList{}, + &TemplateInstance{}, + &TemplateInstanceList{}, + &BrokerTemplateInstance{}, + &BrokerTemplateInstanceList{}, + ) + metav1.AddToGroupVersion(scheme, GroupVersion) + return nil +} diff --git a/vendor/github.com/openshift/api/template/v1/types.go b/vendor/github.com/openshift/api/template/v1/types.go new file mode 100644 index 0000000000..15e094da51 --- /dev/null +++ b/vendor/github.com/openshift/api/template/v1/types.go @@ -0,0 +1,276 @@ +package v1 + +import ( + "fmt" + + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" +) + +// +genclient +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// Template contains the inputs needed to produce a Config. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +type Template struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` + + // message is an optional instructional message that will + // be displayed when this template is instantiated. + // This field should inform the user how to utilize the newly created resources. + // Parameter substitution will be performed on the message before being + // displayed so that generated credentials and other parameters can be + // included in the output. + Message string `json:"message,omitempty" protobuf:"bytes,2,opt,name=message"` + + // objects is an array of resources to include in this template. + // If a namespace value is hardcoded in the object, it will be removed + // during template instantiation, however if the namespace value + // is, or contains, a ${PARAMETER_REFERENCE}, the resolved + // value after parameter substitution will be respected and the object + // will be created in that namespace. + // +kubebuilder:pruning:PreserveUnknownFields + Objects []runtime.RawExtension `json:"objects" protobuf:"bytes,3,rep,name=objects"` + + // parameters is an optional array of Parameters used during the + // Template to Config transformation. + Parameters []Parameter `json:"parameters,omitempty" protobuf:"bytes,4,rep,name=parameters"` + + // labels is a optional set of labels that are applied to every + // object during the Template to Config transformation. + ObjectLabels map[string]string `json:"labels,omitempty" protobuf:"bytes,5,rep,name=labels"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// TemplateList is a list of Template objects. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +type TemplateList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` + + // Items is a list of templates + Items []Template `json:"items" protobuf:"bytes,2,rep,name=items"` +} + +// Parameter defines a name/value variable that is to be processed during +// the Template to Config transformation. +type Parameter struct { + // Name must be set and it can be referenced in Template + // Items using ${PARAMETER_NAME}. Required. + Name string `json:"name" protobuf:"bytes,1,opt,name=name"` + + // Optional: The name that will show in UI instead of parameter 'Name' + DisplayName string `json:"displayName,omitempty" protobuf:"bytes,2,opt,name=displayName"` + + // Description of a parameter. Optional. + Description string `json:"description,omitempty" protobuf:"bytes,3,opt,name=description"` + + // Value holds the Parameter data. If specified, the generator will be + // ignored. The value replaces all occurrences of the Parameter ${Name} + // expression during the Template to Config transformation. Optional. + Value string `json:"value,omitempty" protobuf:"bytes,4,opt,name=value"` + + // generate specifies the generator to be used to generate random string + // from an input value specified by From field. The result string is + // stored into Value field. If empty, no generator is being used, leaving + // the result Value untouched. Optional. + // + // The only supported generator is "expression", which accepts a "from" + // value in the form of a simple regular expression containing the + // range expression "[a-zA-Z0-9]", and the length expression "a{length}". + // + // Examples: + // + // from | value + // ----------------------------- + // "test[0-9]{1}x" | "test7x" + // "[0-1]{8}" | "01001100" + // "0x[A-F0-9]{4}" | "0xB3AF" + // "[a-zA-Z0-9]{8}" | "hW4yQU5i" + // + Generate string `json:"generate,omitempty" protobuf:"bytes,5,opt,name=generate"` + + // From is an input value for the generator. Optional. + From string `json:"from,omitempty" protobuf:"bytes,6,opt,name=from"` + + // Optional: Indicates the parameter must have a value. Defaults to false. + Required bool `json:"required,omitempty" protobuf:"varint,7,opt,name=required"` +} + +// +genclient +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// TemplateInstance requests and records the instantiation of a Template. +// TemplateInstance is part of an experimental API. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +type TemplateInstance struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` + + // spec describes the desired state of this TemplateInstance. + Spec TemplateInstanceSpec `json:"spec" protobuf:"bytes,2,opt,name=spec"` + + // status describes the current state of this TemplateInstance. + // +optional + Status TemplateInstanceStatus `json:"status" protobuf:"bytes,3,opt,name=status"` +} + +// TemplateInstanceSpec describes the desired state of a TemplateInstance. +type TemplateInstanceSpec struct { + // template is a full copy of the template for instantiation. + Template Template `json:"template" protobuf:"bytes,1,opt,name=template"` + + // secret is a reference to a Secret object containing the necessary + // template parameters. + Secret *corev1.LocalObjectReference `json:"secret,omitempty" protobuf:"bytes,2,opt,name=secret"` + + // requester holds the identity of the agent requesting the template + // instantiation. + // +optional + Requester *TemplateInstanceRequester `json:"requester" protobuf:"bytes,3,opt,name=requester"` +} + +// TemplateInstanceRequester holds the identity of an agent requesting a +// template instantiation. +type TemplateInstanceRequester struct { + // username uniquely identifies this user among all active users. + Username string `json:"username,omitempty" protobuf:"bytes,1,opt,name=username"` + + // uid is a unique value that identifies this user across time; if this user is + // deleted and another user by the same name is added, they will have + // different UIDs. + UID string `json:"uid,omitempty" protobuf:"bytes,2,opt,name=uid"` + + // groups represent the groups this user is a part of. + Groups []string `json:"groups,omitempty" protobuf:"bytes,3,rep,name=groups"` + + // extra holds additional information provided by the authenticator. + Extra map[string]ExtraValue `json:"extra,omitempty" protobuf:"bytes,4,rep,name=extra"` +} + +// ExtraValue masks the value so protobuf can generate +// +protobuf.nullable=true +// +protobuf.options.(gogoproto.goproto_stringer)=false +type ExtraValue []string + +func (t ExtraValue) String() string { + return fmt.Sprintf("%v", []string(t)) +} + +// TemplateInstanceStatus describes the current state of a TemplateInstance. +type TemplateInstanceStatus struct { + // conditions represent the latest available observations of a + // TemplateInstance's current state. + Conditions []TemplateInstanceCondition `json:"conditions,omitempty" protobuf:"bytes,1,rep,name=conditions"` + + // Objects references the objects created by the TemplateInstance. + Objects []TemplateInstanceObject `json:"objects,omitempty" protobuf:"bytes,2,rep,name=objects"` +} + +// TemplateInstanceCondition contains condition information for a +// TemplateInstance. +type TemplateInstanceCondition struct { + // Type of the condition, currently Ready or InstantiateFailure. + Type TemplateInstanceConditionType `json:"type" protobuf:"bytes,1,opt,name=type,casttype=TemplateInstanceConditionType"` + // Status of the condition, one of True, False or Unknown. + Status corev1.ConditionStatus `json:"status" protobuf:"bytes,2,opt,name=status"` + // LastTransitionTime is the last time a condition status transitioned from + // one state to another. + LastTransitionTime metav1.Time `json:"lastTransitionTime" protobuf:"bytes,3,opt,name=lastTransitionTime"` + // Reason is a brief machine readable explanation for the condition's last + // transition. + Reason string `json:"reason" protobuf:"bytes,4,opt,name=reason"` + // Message is a human readable description of the details of the last + // transition, complementing reason. + Message string `json:"message" protobuf:"bytes,5,opt,name=message"` +} + +// TemplateInstanceConditionType is the type of condition pertaining to a +// TemplateInstance. +type TemplateInstanceConditionType string + +const ( + // TemplateInstanceReady indicates the readiness of the template + // instantiation. + TemplateInstanceReady TemplateInstanceConditionType = "Ready" + // TemplateInstanceInstantiateFailure indicates the failure of the template + // instantiation + TemplateInstanceInstantiateFailure TemplateInstanceConditionType = "InstantiateFailure" +) + +// TemplateInstanceObject references an object created by a TemplateInstance. +type TemplateInstanceObject struct { + // ref is a reference to the created object. When used under .spec, only + // name and namespace are used; these can contain references to parameters + // which will be substituted following the usual rules. + Ref corev1.ObjectReference `json:"ref,omitempty" protobuf:"bytes,1,opt,name=ref"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// TemplateInstanceList is a list of TemplateInstance objects. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +type TemplateInstanceList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` + + // items is a list of Templateinstances + Items []TemplateInstance `json:"items" protobuf:"bytes,2,rep,name=items"` +} + +// +genclient +// +genclient:nonNamespaced +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// BrokerTemplateInstance holds the service broker-related state associated with +// a TemplateInstance. BrokerTemplateInstance is part of an experimental API. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +type BrokerTemplateInstance struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` + + // spec describes the state of this BrokerTemplateInstance. + Spec BrokerTemplateInstanceSpec `json:"spec" protobuf:"bytes,2,opt,name=spec"` +} + +// BrokerTemplateInstanceSpec describes the state of a BrokerTemplateInstance. +type BrokerTemplateInstanceSpec struct { + // templateinstance is a reference to a TemplateInstance object residing + // in a namespace. + TemplateInstance corev1.ObjectReference `json:"templateInstance" protobuf:"bytes,1,opt,name=templateInstance"` + + // secret is a reference to a Secret object residing in a namespace, + // containing the necessary template parameters. + Secret corev1.ObjectReference `json:"secret" protobuf:"bytes,2,opt,name=secret"` + + // bindingids is a list of 'binding_id's provided during successive bind + // calls to the template service broker. + BindingIDs []string `json:"bindingIDs,omitempty" protobuf:"bytes,3,rep,name=bindingIDs"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// BrokerTemplateInstanceList is a list of BrokerTemplateInstance objects. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +type BrokerTemplateInstanceList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` + + // items is a list of BrokerTemplateInstances + Items []BrokerTemplateInstance `json:"items" protobuf:"bytes,2,rep,name=items"` +} diff --git a/vendor/github.com/openshift/api/template/v1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/template/v1/zz_generated.deepcopy.go new file mode 100644 index 0000000000..ff14f246bd --- /dev/null +++ b/vendor/github.com/openshift/api/template/v1/zz_generated.deepcopy.go @@ -0,0 +1,394 @@ +//go:build !ignore_autogenerated +// +build !ignore_autogenerated + +// Code generated by deepcopy-gen. DO NOT EDIT. + +package v1 + +import ( + corev1 "k8s.io/api/core/v1" + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BrokerTemplateInstance) DeepCopyInto(out *BrokerTemplateInstance) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BrokerTemplateInstance. +func (in *BrokerTemplateInstance) DeepCopy() *BrokerTemplateInstance { + if in == nil { + return nil + } + out := new(BrokerTemplateInstance) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *BrokerTemplateInstance) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BrokerTemplateInstanceList) DeepCopyInto(out *BrokerTemplateInstanceList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]BrokerTemplateInstance, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BrokerTemplateInstanceList. +func (in *BrokerTemplateInstanceList) DeepCopy() *BrokerTemplateInstanceList { + if in == nil { + return nil + } + out := new(BrokerTemplateInstanceList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *BrokerTemplateInstanceList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BrokerTemplateInstanceSpec) DeepCopyInto(out *BrokerTemplateInstanceSpec) { + *out = *in + out.TemplateInstance = in.TemplateInstance + out.Secret = in.Secret + if in.BindingIDs != nil { + in, out := &in.BindingIDs, &out.BindingIDs + *out = make([]string, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BrokerTemplateInstanceSpec. +func (in *BrokerTemplateInstanceSpec) DeepCopy() *BrokerTemplateInstanceSpec { + if in == nil { + return nil + } + out := new(BrokerTemplateInstanceSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in ExtraValue) DeepCopyInto(out *ExtraValue) { + { + in := &in + *out = make(ExtraValue, len(*in)) + copy(*out, *in) + return + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExtraValue. +func (in ExtraValue) DeepCopy() ExtraValue { + if in == nil { + return nil + } + out := new(ExtraValue) + in.DeepCopyInto(out) + return *out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Parameter) DeepCopyInto(out *Parameter) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Parameter. +func (in *Parameter) DeepCopy() *Parameter { + if in == nil { + return nil + } + out := new(Parameter) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Template) DeepCopyInto(out *Template) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + if in.Objects != nil { + in, out := &in.Objects, &out.Objects + *out = make([]runtime.RawExtension, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Parameters != nil { + in, out := &in.Parameters, &out.Parameters + *out = make([]Parameter, len(*in)) + copy(*out, *in) + } + if in.ObjectLabels != nil { + in, out := &in.ObjectLabels, &out.ObjectLabels + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Template. +func (in *Template) DeepCopy() *Template { + if in == nil { + return nil + } + out := new(Template) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *Template) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TemplateInstance) DeepCopyInto(out *TemplateInstance) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TemplateInstance. +func (in *TemplateInstance) DeepCopy() *TemplateInstance { + if in == nil { + return nil + } + out := new(TemplateInstance) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *TemplateInstance) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TemplateInstanceCondition) DeepCopyInto(out *TemplateInstanceCondition) { + *out = *in + in.LastTransitionTime.DeepCopyInto(&out.LastTransitionTime) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TemplateInstanceCondition. +func (in *TemplateInstanceCondition) DeepCopy() *TemplateInstanceCondition { + if in == nil { + return nil + } + out := new(TemplateInstanceCondition) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TemplateInstanceList) DeepCopyInto(out *TemplateInstanceList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]TemplateInstance, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TemplateInstanceList. +func (in *TemplateInstanceList) DeepCopy() *TemplateInstanceList { + if in == nil { + return nil + } + out := new(TemplateInstanceList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *TemplateInstanceList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TemplateInstanceObject) DeepCopyInto(out *TemplateInstanceObject) { + *out = *in + out.Ref = in.Ref + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TemplateInstanceObject. +func (in *TemplateInstanceObject) DeepCopy() *TemplateInstanceObject { + if in == nil { + return nil + } + out := new(TemplateInstanceObject) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TemplateInstanceRequester) DeepCopyInto(out *TemplateInstanceRequester) { + *out = *in + if in.Groups != nil { + in, out := &in.Groups, &out.Groups + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.Extra != nil { + in, out := &in.Extra, &out.Extra + *out = make(map[string]ExtraValue, len(*in)) + for key, val := range *in { + var outVal []string + if val == nil { + (*out)[key] = nil + } else { + in, out := &val, &outVal + *out = make(ExtraValue, len(*in)) + copy(*out, *in) + } + (*out)[key] = outVal + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TemplateInstanceRequester. +func (in *TemplateInstanceRequester) DeepCopy() *TemplateInstanceRequester { + if in == nil { + return nil + } + out := new(TemplateInstanceRequester) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TemplateInstanceSpec) DeepCopyInto(out *TemplateInstanceSpec) { + *out = *in + in.Template.DeepCopyInto(&out.Template) + if in.Secret != nil { + in, out := &in.Secret, &out.Secret + *out = new(corev1.LocalObjectReference) + **out = **in + } + if in.Requester != nil { + in, out := &in.Requester, &out.Requester + *out = new(TemplateInstanceRequester) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TemplateInstanceSpec. +func (in *TemplateInstanceSpec) DeepCopy() *TemplateInstanceSpec { + if in == nil { + return nil + } + out := new(TemplateInstanceSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TemplateInstanceStatus) DeepCopyInto(out *TemplateInstanceStatus) { + *out = *in + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]TemplateInstanceCondition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Objects != nil { + in, out := &in.Objects, &out.Objects + *out = make([]TemplateInstanceObject, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TemplateInstanceStatus. +func (in *TemplateInstanceStatus) DeepCopy() *TemplateInstanceStatus { + if in == nil { + return nil + } + out := new(TemplateInstanceStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TemplateList) DeepCopyInto(out *TemplateList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]Template, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TemplateList. +func (in *TemplateList) DeepCopy() *TemplateList { + if in == nil { + return nil + } + out := new(TemplateList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *TemplateList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} diff --git a/vendor/github.com/openshift/api/template/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/template/v1/zz_generated.swagger_doc_generated.go new file mode 100644 index 0000000000..335308a82b --- /dev/null +++ b/vendor/github.com/openshift/api/template/v1/zz_generated.swagger_doc_generated.go @@ -0,0 +1,153 @@ +package v1 + +// This file contains a collection of methods that can be used from go-restful to +// generate Swagger API documentation for its models. Please read this PR for more +// information on the implementation: https://github.com/emicklei/go-restful/pull/215 +// +// TODOs are ignored from the parser (e.g. TODO(andronat):... || TODO:...) if and only if +// they are on one line! For multiple line or blocks that you want to ignore use ---. +// Any context after a --- is ignored. +// +// Those methods can be generated by using hack/update-swagger-docs.sh + +// AUTO-GENERATED FUNCTIONS START HERE +var map_BrokerTemplateInstance = map[string]string{ + "": "BrokerTemplateInstance holds the service broker-related state associated with a TemplateInstance. BrokerTemplateInstance is part of an experimental API.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "spec": "spec describes the state of this BrokerTemplateInstance.", +} + +func (BrokerTemplateInstance) SwaggerDoc() map[string]string { + return map_BrokerTemplateInstance +} + +var map_BrokerTemplateInstanceList = map[string]string{ + "": "BrokerTemplateInstanceList is a list of BrokerTemplateInstance objects.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "items": "items is a list of BrokerTemplateInstances", +} + +func (BrokerTemplateInstanceList) SwaggerDoc() map[string]string { + return map_BrokerTemplateInstanceList +} + +var map_BrokerTemplateInstanceSpec = map[string]string{ + "": "BrokerTemplateInstanceSpec describes the state of a BrokerTemplateInstance.", + "templateInstance": "templateinstance is a reference to a TemplateInstance object residing in a namespace.", + "secret": "secret is a reference to a Secret object residing in a namespace, containing the necessary template parameters.", + "bindingIDs": "bindingids is a list of 'binding_id's provided during successive bind calls to the template service broker.", +} + +func (BrokerTemplateInstanceSpec) SwaggerDoc() map[string]string { + return map_BrokerTemplateInstanceSpec +} + +var map_Parameter = map[string]string{ + "": "Parameter defines a name/value variable that is to be processed during the Template to Config transformation.", + "name": "Name must be set and it can be referenced in Template Items using ${PARAMETER_NAME}. Required.", + "displayName": "Optional: The name that will show in UI instead of parameter 'Name'", + "description": "Description of a parameter. Optional.", + "value": "Value holds the Parameter data. If specified, the generator will be ignored. The value replaces all occurrences of the Parameter ${Name} expression during the Template to Config transformation. Optional.", + "generate": "generate specifies the generator to be used to generate random string from an input value specified by From field. The result string is stored into Value field. If empty, no generator is being used, leaving the result Value untouched. Optional.\n\nThe only supported generator is \"expression\", which accepts a \"from\" value in the form of a simple regular expression containing the range expression \"[a-zA-Z0-9]\", and the length expression \"a{length}\".\n\nExamples:\n\nfrom | value", + "from": "From is an input value for the generator. Optional.", + "required": "Optional: Indicates the parameter must have a value. Defaults to false.", +} + +func (Parameter) SwaggerDoc() map[string]string { + return map_Parameter +} + +var map_Template = map[string]string{ + "": "Template contains the inputs needed to produce a Config.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "message": "message is an optional instructional message that will be displayed when this template is instantiated. This field should inform the user how to utilize the newly created resources. Parameter substitution will be performed on the message before being displayed so that generated credentials and other parameters can be included in the output.", + "objects": "objects is an array of resources to include in this template. If a namespace value is hardcoded in the object, it will be removed during template instantiation, however if the namespace value is, or contains, a ${PARAMETER_REFERENCE}, the resolved value after parameter substitution will be respected and the object will be created in that namespace.", + "parameters": "parameters is an optional array of Parameters used during the Template to Config transformation.", + "labels": "labels is a optional set of labels that are applied to every object during the Template to Config transformation.", +} + +func (Template) SwaggerDoc() map[string]string { + return map_Template +} + +var map_TemplateInstance = map[string]string{ + "": "TemplateInstance requests and records the instantiation of a Template. TemplateInstance is part of an experimental API.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "spec": "spec describes the desired state of this TemplateInstance.", + "status": "status describes the current state of this TemplateInstance.", +} + +func (TemplateInstance) SwaggerDoc() map[string]string { + return map_TemplateInstance +} + +var map_TemplateInstanceCondition = map[string]string{ + "": "TemplateInstanceCondition contains condition information for a TemplateInstance.", + "type": "Type of the condition, currently Ready or InstantiateFailure.", + "status": "Status of the condition, one of True, False or Unknown.", + "lastTransitionTime": "LastTransitionTime is the last time a condition status transitioned from one state to another.", + "reason": "Reason is a brief machine readable explanation for the condition's last transition.", + "message": "Message is a human readable description of the details of the last transition, complementing reason.", +} + +func (TemplateInstanceCondition) SwaggerDoc() map[string]string { + return map_TemplateInstanceCondition +} + +var map_TemplateInstanceList = map[string]string{ + "": "TemplateInstanceList is a list of TemplateInstance objects.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "items": "items is a list of Templateinstances", +} + +func (TemplateInstanceList) SwaggerDoc() map[string]string { + return map_TemplateInstanceList +} + +var map_TemplateInstanceObject = map[string]string{ + "": "TemplateInstanceObject references an object created by a TemplateInstance.", + "ref": "ref is a reference to the created object. When used under .spec, only name and namespace are used; these can contain references to parameters which will be substituted following the usual rules.", +} + +func (TemplateInstanceObject) SwaggerDoc() map[string]string { + return map_TemplateInstanceObject +} + +var map_TemplateInstanceRequester = map[string]string{ + "": "TemplateInstanceRequester holds the identity of an agent requesting a template instantiation.", + "username": "username uniquely identifies this user among all active users.", + "uid": "uid is a unique value that identifies this user across time; if this user is deleted and another user by the same name is added, they will have different UIDs.", + "groups": "groups represent the groups this user is a part of.", + "extra": "extra holds additional information provided by the authenticator.", +} + +func (TemplateInstanceRequester) SwaggerDoc() map[string]string { + return map_TemplateInstanceRequester +} + +var map_TemplateInstanceSpec = map[string]string{ + "": "TemplateInstanceSpec describes the desired state of a TemplateInstance.", + "template": "template is a full copy of the template for instantiation.", + "secret": "secret is a reference to a Secret object containing the necessary template parameters.", + "requester": "requester holds the identity of the agent requesting the template instantiation.", +} + +func (TemplateInstanceSpec) SwaggerDoc() map[string]string { + return map_TemplateInstanceSpec +} + +var map_TemplateInstanceStatus = map[string]string{ + "": "TemplateInstanceStatus describes the current state of a TemplateInstance.", + "conditions": "conditions represent the latest available observations of a TemplateInstance's current state.", + "objects": "Objects references the objects created by the TemplateInstance.", +} + +func (TemplateInstanceStatus) SwaggerDoc() map[string]string { + return map_TemplateInstanceStatus +} + +var map_TemplateList = map[string]string{ + "": "TemplateList is a list of Template objects.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "items": "Items is a list of templates", +} + +func (TemplateList) SwaggerDoc() map[string]string { + return map_TemplateList +} + +// AUTO-GENERATED FUNCTIONS END HERE diff --git a/vendor/github.com/openshift/api/user/v1/generated.pb.go b/vendor/github.com/openshift/api/user/v1/generated.pb.go index 7e456203a8..0689ed3899 100644 --- a/vendor/github.com/openshift/api/user/v1/generated.pb.go +++ b/vendor/github.com/openshift/api/user/v1/generated.pb.go @@ -26,7 +26,7 @@ var _ = math.Inf // is compatible with the proto package it is being compiled against. // A compilation error at this line likely means your copy of the // proto package needs to be updated. -const _ = proto.GoGoProtoPackageIsVersion2 // please upgrade the proto package +const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package func (m *Group) Reset() { *m = Group{} } func (*Group) ProtoMessage() {} @@ -269,53 +269,53 @@ func init() { } var fileDescriptor_ea159b02d89a1362 = []byte{ - // 724 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x54, 0x3d, 0x6f, 0x13, 0x4b, - 0x14, 0xf5, 0xd8, 0xde, 0xc8, 0x9e, 0x38, 0x4f, 0xd6, 0xbe, 0x14, 0x96, 0x8b, 0xb5, 0xb5, 0x4f, - 0x7a, 0xcf, 0x7a, 0x82, 0xd9, 0x38, 0x02, 0x64, 0xa5, 0xb4, 0x08, 0x28, 0x22, 0x21, 0x61, 0x24, - 0x9a, 0x88, 0x82, 0x89, 0x3d, 0x5e, 0x0f, 0xf6, 0x7e, 0x68, 0x77, 0xd6, 0xc2, 0x5d, 0x7e, 0x02, - 0x74, 0x94, 0xfc, 0x09, 0x44, 0x81, 0xe8, 0x43, 0x97, 0x32, 0x05, 0xb2, 0xc8, 0xd2, 0xf1, 0x2b, - 0xd0, 0xcc, 0x7e, 0x78, 0x9d, 0x0f, 0x39, 0x12, 0x92, 0xbb, 0x9d, 0x3b, 0xf7, 0x9c, 0x39, 0xf7, - 0xdc, 0x7b, 0x17, 0x6e, 0x99, 0x8c, 0x0f, 0x83, 0x13, 0xd4, 0x73, 0x2c, 0xc3, 0x71, 0xa9, 0xed, - 0x0f, 0xd9, 0x80, 0x1b, 0xc4, 0x65, 0x46, 0xe0, 0x53, 0xcf, 0x98, 0xb4, 0x0d, 0x93, 0xda, 0xd4, - 0x23, 0x9c, 0xf6, 0x91, 0xeb, 0x39, 0xdc, 0x51, 0x9b, 0x73, 0x04, 0x4a, 0x11, 0x88, 0xb8, 0x0c, - 0x09, 0x04, 0x9a, 0xb4, 0xeb, 0xf7, 0x33, 0x9c, 0xa6, 0x63, 0x3a, 0x86, 0x04, 0x9e, 0x04, 0x03, - 0x79, 0x92, 0x07, 0xf9, 0x15, 0x11, 0xd6, 0xf5, 0x51, 0xc7, 0x47, 0xcc, 0x91, 0x8f, 0xf6, 0x1c, - 0x8f, 0xde, 0xf0, 0x68, 0xfd, 0xc1, 0x3c, 0xc7, 0x22, 0xbd, 0x21, 0xb3, 0xa9, 0x37, 0x35, 0xdc, - 0x91, 0x29, 0x02, 0xbe, 0x61, 0x51, 0x4e, 0x6e, 0x42, 0x3d, 0xba, 0x0d, 0xe5, 0x05, 0x36, 0x67, - 0x16, 0x35, 0xfc, 0xde, 0x90, 0x5a, 0xe4, 0x2a, 0x4e, 0xff, 0x02, 0xa0, 0xf2, 0xd4, 0x73, 0x02, - 0x57, 0x7d, 0x0d, 0x4b, 0x82, 0xbc, 0x4f, 0x38, 0xa9, 0x81, 0x26, 0x68, 0xad, 0x6f, 0x6f, 0xa1, - 0x88, 0x14, 0x65, 0x49, 0x91, 0x3b, 0x32, 0x45, 0xc0, 0x47, 0x22, 0x1b, 0x4d, 0xda, 0xe8, 0xf0, - 0xe4, 0x0d, 0xed, 0xf1, 0x03, 0xca, 0x49, 0x57, 0x3d, 0x9b, 0x35, 0x72, 0xe1, 0xac, 0x01, 0xe7, - 0x31, 0x9c, 0xb2, 0xaa, 0x47, 0x50, 0x11, 0xbe, 0xf9, 0xb5, 0xbc, 0xa4, 0x37, 0xd0, 0x32, 0x7b, - 0xd1, 0xa1, 0xcb, 0x99, 0x63, 0x93, 0xf1, 0x73, 0x62, 0x51, 0xbf, 0x5b, 0x0e, 0x67, 0x0d, 0xe5, - 0xa5, 0x60, 0xc0, 0x11, 0x91, 0xfe, 0x19, 0xc0, 0xb2, 0x54, 0xbf, 0xcf, 0x7c, 0xae, 0xbe, 0xba, - 0x56, 0x01, 0xba, 0x5b, 0x05, 0x02, 0x2d, 0xf5, 0x57, 0x63, 0xfd, 0xa5, 0x24, 0x92, 0x51, 0xbf, - 0x0f, 0x15, 0xc6, 0xa9, 0x25, 0xd4, 0x17, 0x5a, 0xeb, 0xdb, 0xff, 0x2d, 0x57, 0x2f, 0x95, 0x75, - 0x37, 0x62, 0x4e, 0x65, 0x4f, 0xa0, 0x71, 0x44, 0xa2, 0x7f, 0x2b, 0xc0, 0xd2, 0x5e, 0x9f, 0xda, - 0x9c, 0xf1, 0xe9, 0x0a, 0xac, 0xef, 0xc0, 0x8a, 0xeb, 0x39, 0x13, 0xd6, 0xa7, 0x9e, 0xf0, 0x52, - 0x76, 0xa0, 0xdc, 0xdd, 0x8c, 0x31, 0x95, 0xa3, 0xcc, 0x1d, 0x5e, 0xc8, 0x54, 0x1f, 0xc3, 0x6a, - 0x72, 0x16, 0xd6, 0x4b, 0x74, 0x41, 0xa2, 0x6b, 0x31, 0xba, 0x7a, 0x74, 0xe5, 0x1e, 0x5f, 0x43, - 0xa8, 0xbb, 0xb0, 0x28, 0x5c, 0xa9, 0x15, 0x65, 0x75, 0xff, 0x64, 0xaa, 0x43, 0x62, 0x0f, 0xe6, - 0xb5, 0x60, 0x3a, 0xa0, 0x1e, 0xb5, 0x7b, 0xb4, 0x5b, 0x89, 0xe9, 0x8b, 0x82, 0x04, 0x4b, 0xb8, - 0x7a, 0x0c, 0x15, 0xfa, 0x96, 0x7b, 0xa4, 0xa6, 0xc8, 0x1e, 0x3c, 0x5c, 0xde, 0x83, 0xc4, 0x63, - 0xb4, 0x2b, 0x70, 0xbb, 0x36, 0xf7, 0xa6, 0xf3, 0x8e, 0xc8, 0x18, 0x8e, 0x28, 0xeb, 0x1d, 0x08, - 0xe7, 0x39, 0x6a, 0x15, 0x16, 0x46, 0x74, 0x2a, 0xbb, 0x51, 0xc6, 0xe2, 0x53, 0xdd, 0x84, 0xca, - 0x84, 0x8c, 0x83, 0xd8, 0x3b, 0x1c, 0x1d, 0x76, 0xf2, 0x1d, 0xa0, 0x7f, 0x05, 0xb0, 0x92, 0xbc, - 0xb3, 0x82, 0x41, 0x3c, 0x5c, 0x1c, 0xc4, 0xff, 0xef, 0x6e, 0xc2, 0x2d, 0xb3, 0xb8, 0x03, 0x37, - 0x16, 0x16, 0x4d, 0x6d, 0x24, 0x2f, 0x80, 0x66, 0xa1, 0x55, 0x8e, 0xf6, 0x2e, 0x8b, 0xd8, 0x29, - 0x7d, 0xf8, 0xd8, 0xc8, 0x9d, 0x7e, 0x6f, 0xe6, 0xf4, 0x5f, 0x00, 0xca, 0x06, 0xad, 0x60, 0x86, - 0xef, 0xc1, 0xd2, 0x20, 0x18, 0x8f, 0x33, 0xf3, 0x9b, 0xba, 0xf4, 0x24, 0x8e, 0xe3, 0x34, 0x43, - 0x45, 0x10, 0xb2, 0xa8, 0x6c, 0x46, 0xfd, 0x5a, 0x41, 0x16, 0xf2, 0x97, 0xe0, 0xde, 0x4b, 0xa3, - 0x38, 0x93, 0xa1, 0xea, 0x70, 0xcd, 0x14, 0xfb, 0xea, 0xd7, 0x8a, 0x32, 0x17, 0x86, 0xb3, 0xc6, - 0x9a, 0xdc, 0x60, 0x1f, 0xc7, 0x37, 0xfa, 0xfb, 0x3c, 0xfc, 0x5b, 0x14, 0x9b, 0xf8, 0x79, 0x40, - 0x5c, 0x97, 0xd9, 0xe6, 0x0a, 0x6a, 0x7f, 0x01, 0x4b, 0xb1, 0xd6, 0x69, 0xfc, 0xf7, 0xbc, 0xd3, - 0x0e, 0xa5, 0x06, 0x25, 0x8a, 0x71, 0x4a, 0x93, 0xae, 0x64, 0xe1, 0x8f, 0x56, 0x52, 0xff, 0x04, - 0x60, 0x49, 0x1c, 0x57, 0x30, 0xf8, 0xcf, 0x16, 0x07, 0xff, 0xdf, 0xe5, 0x83, 0x2f, 0x84, 0xdd, - 0x3c, 0xf4, 0xdd, 0xd6, 0xd9, 0xa5, 0x96, 0x3b, 0xbf, 0xd4, 0x72, 0x17, 0x97, 0x5a, 0xee, 0x34, - 0xd4, 0xc0, 0x59, 0xa8, 0x81, 0xf3, 0x50, 0x03, 0x17, 0xa1, 0x06, 0x7e, 0x84, 0x1a, 0x78, 0xf7, - 0x53, 0xcb, 0x1d, 0xe7, 0x27, 0xed, 0xdf, 0x01, 0x00, 0x00, 0xff, 0xff, 0x87, 0x3b, 0x61, 0x21, - 0x38, 0x08, 0x00, 0x00, + // 726 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x56, 0x3d, 0x6f, 0x13, 0x4b, + 0x14, 0xf5, 0xc4, 0xde, 0xc8, 0x9e, 0x38, 0x4f, 0xd6, 0xbe, 0x14, 0x2b, 0x17, 0x6b, 0x6b, 0x9f, + 0xf4, 0x88, 0x10, 0xcc, 0x26, 0x11, 0x20, 0x2b, 0xa5, 0x45, 0x82, 0x22, 0x12, 0x12, 0x46, 0xa2, + 0x89, 0x28, 0x98, 0xd8, 0xe3, 0xf5, 0x60, 0xef, 0x87, 0x76, 0x67, 0x2d, 0xdc, 0xe5, 0x27, 0x40, + 0x47, 0xc9, 0x9f, 0x40, 0x14, 0x88, 0x3e, 0x74, 0x29, 0x53, 0x20, 0x8b, 0x2c, 0x1d, 0xbf, 0x02, + 0xcd, 0xec, 0x87, 0xd7, 0xf9, 0x90, 0x23, 0x21, 0xb9, 0xdb, 0xb9, 0x73, 0xcf, 0x99, 0x73, 0xcf, + 0xbd, 0xd7, 0x32, 0xdc, 0xb0, 0x18, 0xef, 0x87, 0x27, 0xa8, 0xe3, 0xda, 0xa6, 0xeb, 0x51, 0x27, + 0xe8, 0xb3, 0x1e, 0x37, 0x89, 0xc7, 0xcc, 0x30, 0xa0, 0xbe, 0x39, 0xda, 0x34, 0x2d, 0xea, 0x50, + 0x9f, 0x70, 0xda, 0x45, 0x9e, 0xef, 0x72, 0x57, 0x6d, 0x4e, 0x11, 0x28, 0x43, 0x20, 0xe2, 0x31, + 0x24, 0x10, 0x68, 0xb4, 0x59, 0x7f, 0x98, 0xe3, 0xb4, 0x5c, 0xcb, 0x35, 0x25, 0xf0, 0x24, 0xec, + 0xc9, 0x93, 0x3c, 0xc8, 0xaf, 0x98, 0xb0, 0x6e, 0x0c, 0x5a, 0x01, 0x62, 0xae, 0x7c, 0xb4, 0xe3, + 0xfa, 0xf4, 0x86, 0x47, 0xeb, 0x8f, 0xa6, 0x39, 0x36, 0xe9, 0xf4, 0x99, 0x43, 0xfd, 0xb1, 0xe9, + 0x0d, 0x2c, 0x11, 0x08, 0x4c, 0x9b, 0x72, 0x72, 0x13, 0xea, 0xc9, 0x6d, 0x28, 0x3f, 0x74, 0x38, + 0xb3, 0xa9, 0x19, 0x74, 0xfa, 0xd4, 0x26, 0x57, 0x71, 0xc6, 0x57, 0x00, 0x95, 0x67, 0xbe, 0x1b, + 0x7a, 0xea, 0x1b, 0x58, 0x16, 0xe4, 0x5d, 0xc2, 0x89, 0x06, 0x9a, 0x60, 0x7d, 0x65, 0x6b, 0x03, + 0xc5, 0xa4, 0x28, 0x4f, 0x8a, 0xbc, 0x81, 0x25, 0x02, 0x01, 0x12, 0xd9, 0x68, 0xb4, 0x89, 0x0e, + 0x4f, 0xde, 0xd2, 0x0e, 0x3f, 0xa0, 0x9c, 0xb4, 0xd5, 0xb3, 0x49, 0xa3, 0x10, 0x4d, 0x1a, 0x70, + 0x1a, 0xc3, 0x19, 0xab, 0x7a, 0x04, 0x15, 0xe1, 0x5b, 0xa0, 0x2d, 0x49, 0x7a, 0x13, 0xcd, 0xb3, + 0x17, 0x1d, 0x7a, 0x9c, 0xb9, 0x0e, 0x19, 0xbe, 0x20, 0x36, 0x0d, 0xda, 0x95, 0x68, 0xd2, 0x50, + 0x5e, 0x09, 0x06, 0x1c, 0x13, 0x19, 0x5f, 0x00, 0xac, 0x48, 0xf5, 0xfb, 0x2c, 0xe0, 0xea, 0xeb, + 0x6b, 0x15, 0xa0, 0xbb, 0x55, 0x20, 0xd0, 0x52, 0x7f, 0x2d, 0xd1, 0x5f, 0x4e, 0x23, 0x39, 0xf5, + 0xfb, 0x50, 0x61, 0x9c, 0xda, 0x42, 0x7d, 0x71, 0x7d, 0x65, 0xeb, 0xde, 0x7c, 0xf5, 0x52, 0x59, + 0x7b, 0x35, 0xe1, 0x54, 0xf6, 0x04, 0x1a, 0xc7, 0x24, 0xc6, 0xf7, 0x22, 0x2c, 0xef, 0x75, 0xa9, + 0xc3, 0x19, 0x1f, 0x2f, 0xc0, 0xfa, 0x16, 0xac, 0x7a, 0xbe, 0x3b, 0x62, 0x5d, 0xea, 0x0b, 0x2f, + 0x65, 0x07, 0x2a, 0xed, 0xb5, 0x04, 0x53, 0x3d, 0xca, 0xdd, 0xe1, 0x99, 0x4c, 0xf5, 0x29, 0xac, + 0xa5, 0x67, 0x61, 0xbd, 0x44, 0x17, 0x25, 0x5a, 0x4b, 0xd0, 0xb5, 0xa3, 0x2b, 0xf7, 0xf8, 0x1a, + 0x42, 0xdd, 0x81, 0x25, 0xe1, 0x8a, 0x56, 0x92, 0xd5, 0xfd, 0x97, 0xab, 0x0e, 0x89, 0x3d, 0x98, + 0xd6, 0x82, 0x69, 0x8f, 0xfa, 0xd4, 0xe9, 0xd0, 0x76, 0x35, 0xa1, 0x2f, 0x09, 0x12, 0x2c, 0xe1, + 0xea, 0x31, 0x54, 0xe8, 0x3b, 0xee, 0x13, 0x4d, 0x91, 0x3d, 0x78, 0x3c, 0xbf, 0x07, 0xa9, 0xc7, + 0x68, 0x47, 0xe0, 0x76, 0x1c, 0xee, 0x8f, 0xa7, 0x1d, 0x91, 0x31, 0x1c, 0x53, 0xd6, 0x5b, 0x10, + 0x4e, 0x73, 0xd4, 0x1a, 0x2c, 0x0e, 0xe8, 0x58, 0x76, 0xa3, 0x82, 0xc5, 0xa7, 0xba, 0x06, 0x95, + 0x11, 0x19, 0x86, 0x89, 0x77, 0x38, 0x3e, 0x6c, 0x2f, 0xb5, 0x80, 0xf1, 0x0d, 0xc0, 0x6a, 0xfa, + 0xce, 0x02, 0x06, 0xf1, 0x70, 0x76, 0x10, 0xef, 0xdf, 0xdd, 0x84, 0x5b, 0x66, 0x71, 0x1b, 0xae, + 0xce, 0x2c, 0x9a, 0xda, 0x48, 0x5f, 0x00, 0xcd, 0xe2, 0x7a, 0x25, 0xde, 0xbb, 0x3c, 0x62, 0xbb, + 0xfc, 0xf1, 0x53, 0xa3, 0x70, 0xfa, 0xa3, 0x59, 0x30, 0x7e, 0x03, 0x28, 0x1b, 0xb4, 0x80, 0x19, + 0x7e, 0x00, 0xcb, 0xbd, 0x70, 0x38, 0xcc, 0xcd, 0x6f, 0xe6, 0xd2, 0x6e, 0x12, 0xc7, 0x59, 0x86, + 0x8a, 0x20, 0x64, 0x71, 0xd9, 0x8c, 0x06, 0x5a, 0x51, 0x16, 0xf2, 0x8f, 0xe0, 0xde, 0xcb, 0xa2, + 0x38, 0x97, 0xa1, 0x1a, 0x70, 0xd9, 0x12, 0xfb, 0x1a, 0x68, 0x25, 0x99, 0x0b, 0xa3, 0x49, 0x63, + 0x59, 0x6e, 0x70, 0x80, 0x93, 0x1b, 0xe3, 0xc3, 0x12, 0xfc, 0x57, 0x14, 0x9b, 0xfa, 0x79, 0x40, + 0x3c, 0x8f, 0x39, 0xd6, 0x02, 0x6a, 0x7f, 0x09, 0xcb, 0x89, 0xd6, 0x71, 0xf2, 0xeb, 0x79, 0xa7, + 0x1d, 0xca, 0x0c, 0x4a, 0x15, 0xe3, 0x8c, 0x26, 0x5b, 0xc9, 0xe2, 0x5f, 0xad, 0xa4, 0xf1, 0x19, + 0xc0, 0xb2, 0x38, 0x2e, 0x60, 0xf0, 0x9f, 0xcf, 0x0e, 0xfe, 0xff, 0xf3, 0x07, 0x5f, 0x08, 0xbb, + 0x79, 0xe8, 0xdb, 0xbb, 0x67, 0x97, 0x7a, 0xe1, 0xfc, 0x52, 0x2f, 0x5c, 0x5c, 0xea, 0x85, 0xd3, + 0x48, 0x07, 0x67, 0x91, 0x0e, 0xce, 0x23, 0x1d, 0x5c, 0x44, 0x3a, 0xf8, 0x19, 0xe9, 0xe0, 0xfd, + 0x2f, 0xbd, 0x70, 0xdc, 0x9c, 0xf7, 0x9f, 0xe1, 0x4f, 0x00, 0x00, 0x00, 0xff, 0xff, 0x45, 0x85, + 0x81, 0x86, 0x56, 0x08, 0x00, 0x00, } func (m *Group) Marshal() (dAtA []byte, err error) { @@ -1105,10 +1105,7 @@ func (m *Group) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthGenerated - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthGenerated } if (iNdEx + skippy) > l { @@ -1225,10 +1222,7 @@ func (m *GroupList) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthGenerated - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthGenerated } if (iNdEx + skippy) > l { @@ -1518,7 +1512,7 @@ func (m *Identity) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthGenerated } if (iNdEx + skippy) > postIndex { @@ -1535,10 +1529,7 @@ func (m *Identity) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthGenerated - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthGenerated } if (iNdEx + skippy) > l { @@ -1655,10 +1646,7 @@ func (m *IdentityList) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthGenerated - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthGenerated } if (iNdEx + skippy) > l { @@ -1740,10 +1728,7 @@ func (m *OptionalNames) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthGenerated - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthGenerated } if (iNdEx + skippy) > l { @@ -1922,10 +1907,7 @@ func (m *User) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthGenerated - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthGenerated } if (iNdEx + skippy) > l { @@ -2074,10 +2056,7 @@ func (m *UserIdentityMapping) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthGenerated - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthGenerated } if (iNdEx + skippy) > l { @@ -2194,10 +2173,7 @@ func (m *UserList) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthGenerated - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthGenerated } if (iNdEx + skippy) > l { @@ -2215,6 +2191,7 @@ func (m *UserList) Unmarshal(dAtA []byte) error { func skipGenerated(dAtA []byte) (n int, err error) { l := len(dAtA) iNdEx := 0 + depth := 0 for iNdEx < l { var wire uint64 for shift := uint(0); ; shift += 7 { @@ -2246,10 +2223,8 @@ func skipGenerated(dAtA []byte) (n int, err error) { break } } - return iNdEx, nil case 1: iNdEx += 8 - return iNdEx, nil case 2: var length int for shift := uint(0); ; shift += 7 { @@ -2270,55 +2245,30 @@ func skipGenerated(dAtA []byte) (n int, err error) { return 0, ErrInvalidLengthGenerated } iNdEx += length - if iNdEx < 0 { - return 0, ErrInvalidLengthGenerated - } - return iNdEx, nil case 3: - for { - var innerWire uint64 - var start int = iNdEx - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return 0, ErrIntOverflowGenerated - } - if iNdEx >= l { - return 0, io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - innerWire |= (uint64(b) & 0x7F) << shift - if b < 0x80 { - break - } - } - innerWireType := int(innerWire & 0x7) - if innerWireType == 4 { - break - } - next, err := skipGenerated(dAtA[start:]) - if err != nil { - return 0, err - } - iNdEx = start + next - if iNdEx < 0 { - return 0, ErrInvalidLengthGenerated - } - } - return iNdEx, nil + depth++ case 4: - return iNdEx, nil + if depth == 0 { + return 0, ErrUnexpectedEndOfGroupGenerated + } + depth-- case 5: iNdEx += 4 - return iNdEx, nil default: return 0, fmt.Errorf("proto: illegal wireType %d", wireType) } + if iNdEx < 0 { + return 0, ErrInvalidLengthGenerated + } + if depth == 0 { + return iNdEx, nil + } } - panic("unreachable") + return 0, io.ErrUnexpectedEOF } var ( - ErrInvalidLengthGenerated = fmt.Errorf("proto: negative length found during unmarshaling") - ErrIntOverflowGenerated = fmt.Errorf("proto: integer overflow") + ErrInvalidLengthGenerated = fmt.Errorf("proto: negative length found during unmarshaling") + ErrIntOverflowGenerated = fmt.Errorf("proto: integer overflow") + ErrUnexpectedEndOfGroupGenerated = fmt.Errorf("proto: unexpected end of group") ) diff --git a/vendor/github.com/openshift/api/user/v1/generated.proto b/vendor/github.com/openshift/api/user/v1/generated.proto index 042e02a533..f7546854f8 100644 --- a/vendor/github.com/openshift/api/user/v1/generated.proto +++ b/vendor/github.com/openshift/api/user/v1/generated.proto @@ -1,7 +1,7 @@ // This file was autogenerated by go-to-protobuf. Do not edit it manually! -syntax = 'proto2'; +syntax = "proto2"; package github.com.openshift.api.user.v1; @@ -10,11 +10,13 @@ import "k8s.io/apimachinery/pkg/apis/meta/v1/generated.proto"; import "k8s.io/apimachinery/pkg/runtime/schema/generated.proto"; // Package-wide variables from generator "generated". -option go_package = "v1"; +option go_package = "github.com/openshift/api/user/v1"; // Group represents a referenceable set of Users +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message Group { - // Standard object's metadata. optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; // Users is the list of users in this group. @@ -22,8 +24,10 @@ message Group { } // GroupList is a collection of Groups +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message GroupList { - // Standard object's metadata. optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; // Items is the list of groups @@ -35,8 +39,10 @@ message GroupList { // is then associated with a single user object. Multiple identities can reference a single // user. Information retrieved from the authentication provider is stored in the extra field // using a schema determined by the provider. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message Identity { - // Standard object's metadata. optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; // ProviderName is the source of identity information @@ -54,8 +60,10 @@ message Identity { } // IdentityList is a collection of Identities +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message IdentityList { - // Standard object's metadata. optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; // Items is the list of identities @@ -76,14 +84,17 @@ message OptionalNames { // via the API. The user name is unique and is chosen based on the value provided by the // identity provider - if a user already exists with the incoming name, the user name may have // a number appended to it depending on the configuration of the system. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message User { - // Standard object's metadata. optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; // FullName is the full name of user optional string fullName = 2; // Identities are the identities associated with this user + // +optional repeated string identities = 3; // Groups specifies group names this user is a member of. @@ -93,8 +104,10 @@ message User { } // UserIdentityMapping maps a user to an identity +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message UserIdentityMapping { - // Standard object's metadata. optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; // Identity is a reference to an identity @@ -105,8 +118,10 @@ message UserIdentityMapping { } // UserList is a collection of Users +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message UserList { - // Standard object's metadata. optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; // Items is the list of users diff --git a/vendor/github.com/openshift/api/user/v1/types.go b/vendor/github.com/openshift/api/user/v1/types.go index 6881b1728e..7f666c0f16 100644 --- a/vendor/github.com/openshift/api/user/v1/types.go +++ b/vendor/github.com/openshift/api/user/v1/types.go @@ -16,16 +16,19 @@ import ( // via the API. The user name is unique and is chosen based on the value provided by the // identity provider - if a user already exists with the incoming name, the user name may have // a number appended to it depending on the configuration of the system. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type User struct { - metav1.TypeMeta `json:",inline"` - // Standard object's metadata. + metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` // FullName is the full name of user FullName string `json:"fullName,omitempty" protobuf:"bytes,2,opt,name=fullName"` // Identities are the identities associated with this user - Identities []string `json:"identities" protobuf:"bytes,3,rep,name=identities"` + // +optional + Identities []string `json:"identities,omitempty" protobuf:"bytes,3,rep,name=identities"` // Groups specifies group names this user is a member of. // This field is deprecated and will be removed in a future release. @@ -36,10 +39,13 @@ type User struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // UserList is a collection of Users +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type UserList struct { metav1.TypeMeta `json:",inline"` - // Standard object's metadata. metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` + // Items is the list of users Items []User `json:"items" protobuf:"bytes,2,rep,name=items"` } @@ -53,9 +59,11 @@ type UserList struct { // is then associated with a single user object. Multiple identities can reference a single // user. Information retrieved from the authentication provider is stored in the extra field // using a schema determined by the provider. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type Identity struct { - metav1.TypeMeta `json:",inline"` - // Standard object's metadata. + metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` // ProviderName is the source of identity information @@ -75,10 +83,13 @@ type Identity struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // IdentityList is a collection of Identities +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type IdentityList struct { metav1.TypeMeta `json:",inline"` - // Standard object's metadata. metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` + // Items is the list of identities Items []Identity `json:"items" protobuf:"bytes,2,rep,name=items"` } @@ -89,9 +100,11 @@ type IdentityList struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // UserIdentityMapping maps a user to an identity +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type UserIdentityMapping struct { - metav1.TypeMeta `json:",inline"` - // Standard object's metadata. + metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` // Identity is a reference to an identity @@ -114,9 +127,11 @@ func (t OptionalNames) String() string { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // Group represents a referenceable set of Users +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type Group struct { - metav1.TypeMeta `json:",inline"` - // Standard object's metadata. + metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` // Users is the list of users in this group. @@ -126,10 +141,13 @@ type Group struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // GroupList is a collection of Groups +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type GroupList struct { metav1.TypeMeta `json:",inline"` - // Standard object's metadata. metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` + // Items is the list of groups Items []Group `json:"items" protobuf:"bytes,2,rep,name=items"` } diff --git a/vendor/github.com/openshift/api/user/v1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/user/v1/zz_generated.deepcopy.go index 6e45450adb..e6b2fb867c 100644 --- a/vendor/github.com/openshift/api/user/v1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/user/v1/zz_generated.deepcopy.go @@ -1,3 +1,4 @@ +//go:build !ignore_autogenerated // +build !ignore_autogenerated // Code generated by deepcopy-gen. DO NOT EDIT. diff --git a/vendor/github.com/openshift/api/user/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/user/v1/zz_generated.swagger_doc_generated.go index 0b30f12b83..e2ff149ee3 100644 --- a/vendor/github.com/openshift/api/user/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/user/v1/zz_generated.swagger_doc_generated.go @@ -12,9 +12,8 @@ package v1 // AUTO-GENERATED FUNCTIONS START HERE var map_Group = map[string]string{ - "": "Group represents a referenceable set of Users", - "metadata": "Standard object's metadata.", - "users": "Users is the list of users in this group.", + "": "Group represents a referenceable set of Users\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "users": "Users is the list of users in this group.", } func (Group) SwaggerDoc() map[string]string { @@ -22,9 +21,8 @@ func (Group) SwaggerDoc() map[string]string { } var map_GroupList = map[string]string{ - "": "GroupList is a collection of Groups", - "metadata": "Standard object's metadata.", - "items": "Items is the list of groups", + "": "GroupList is a collection of Groups\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "items": "Items is the list of groups", } func (GroupList) SwaggerDoc() map[string]string { @@ -32,8 +30,7 @@ func (GroupList) SwaggerDoc() map[string]string { } var map_Identity = map[string]string{ - "": "Identity records a successful authentication of a user with an identity provider. The information about the source of authentication is stored on the identity, and the identity is then associated with a single user object. Multiple identities can reference a single user. Information retrieved from the authentication provider is stored in the extra field using a schema determined by the provider.", - "metadata": "Standard object's metadata.", + "": "Identity records a successful authentication of a user with an identity provider. The information about the source of authentication is stored on the identity, and the identity is then associated with a single user object. Multiple identities can reference a single user. Information retrieved from the authentication provider is stored in the extra field using a schema determined by the provider.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "providerName": "ProviderName is the source of identity information", "providerUserName": "ProviderUserName uniquely represents this identity in the scope of the provider", "user": "User is a reference to the user this identity is associated with Both Name and UID must be set", @@ -45,9 +42,8 @@ func (Identity) SwaggerDoc() map[string]string { } var map_IdentityList = map[string]string{ - "": "IdentityList is a collection of Identities", - "metadata": "Standard object's metadata.", - "items": "Items is the list of identities", + "": "IdentityList is a collection of Identities\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "items": "Items is the list of identities", } func (IdentityList) SwaggerDoc() map[string]string { @@ -55,8 +51,7 @@ func (IdentityList) SwaggerDoc() map[string]string { } var map_User = map[string]string{ - "": "Upon log in, every user of the system receives a User and Identity resource. Administrators may directly manipulate the attributes of the users for their own tracking, or set groups via the API. The user name is unique and is chosen based on the value provided by the identity provider - if a user already exists with the incoming name, the user name may have a number appended to it depending on the configuration of the system.", - "metadata": "Standard object's metadata.", + "": "Upon log in, every user of the system receives a User and Identity resource. Administrators may directly manipulate the attributes of the users for their own tracking, or set groups via the API. The user name is unique and is chosen based on the value provided by the identity provider - if a user already exists with the incoming name, the user name may have a number appended to it depending on the configuration of the system.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "fullName": "FullName is the full name of user", "identities": "Identities are the identities associated with this user", "groups": "Groups specifies group names this user is a member of. This field is deprecated and will be removed in a future release. Instead, create a Group object containing the name of this User.", @@ -67,8 +62,7 @@ func (User) SwaggerDoc() map[string]string { } var map_UserIdentityMapping = map[string]string{ - "": "UserIdentityMapping maps a user to an identity", - "metadata": "Standard object's metadata.", + "": "UserIdentityMapping maps a user to an identity\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "identity": "Identity is a reference to an identity", "user": "User is a reference to a user", } @@ -78,9 +72,8 @@ func (UserIdentityMapping) SwaggerDoc() map[string]string { } var map_UserList = map[string]string{ - "": "UserList is a collection of Users", - "metadata": "Standard object's metadata.", - "items": "Items is the list of users", + "": "UserList is a collection of Users\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "items": "Items is the list of users", } func (UserList) SwaggerDoc() map[string]string { diff --git a/vendor/modules.txt b/vendor/modules.txt index 17aee4368e..d7739ddc52 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -139,14 +139,16 @@ github.com/munnerz/goautoneg ## explicit github.com/onsi/gomega/gstruct/errors github.com/onsi/gomega/types -# github.com/openshift/api v0.0.0-20200331152225-585af27e34fd => github.com/openshift/api v0.0.0-20190924102528-32369d4db2ad -## explicit +# github.com/openshift/api v0.0.0-20230120182048-88b476f987ed => github.com/openshift/api v0.0.0-20230120182048-88b476f987ed +## explicit; go 1.19 github.com/openshift/api/config/v1 github.com/openshift/api/console/v1 github.com/openshift/api/oauth/v1 +github.com/openshift/api/pkg/serialization github.com/openshift/api/project/v1 github.com/openshift/api/route/v1 github.com/openshift/api/security/v1 +github.com/openshift/api/template/v1 github.com/openshift/api/user/v1 # github.com/operator-framework/api v0.10.0 ## explicit; go 1.15 @@ -1088,7 +1090,7 @@ sigs.k8s.io/yaml # github.com/opencontainers/image-spec => github.com/opencontainers/image-spec v1.0.2-0.20190823105129-775207bd45b6 # github.com/opencontainers/runc => github.com/opencontainers/runc v1.0.0-rc2.0.20190611121236-6cc515888830 # github.com/opencontainers/runtime-spec => github.com/opencontainers/runtime-spec v1.0.0 -# github.com/openshift/api => github.com/openshift/api v0.0.0-20190924102528-32369d4db2ad +# github.com/openshift/api => github.com/openshift/api v0.0.0-20230120182048-88b476f987ed # github.com/openshift/client-go => github.com/openshift/client-go v0.0.0-20200326155132-2a6cd50aedd0 # github.com/opentracing/opentracing-go => github.com/opentracing/opentracing-go v1.1.0 # github.com/operator-framework/operator-registry => github.com/operator-framework/operator-registry v1.13.6 From 1f529283e1ce66cf81ef7787f0b2811d788d7323 Mon Sep 17 00:00:00 2001 From: Anatolii Bazko Date: Fri, 25 Oct 2024 10:50:25 +0200 Subject: [PATCH 02/10] Fixup Signed-off-by: Anatolii Bazko --- .../usernamespace/workspace_cm_syncer.go | 2 +- .../usernamespace/workspace_pvc_syncer.go | 2 +- .../usernamespace/workspace_secret_syncer.go | 2 +- .../workspace_unstructured_syncer.go | 33 ++----------------- .../workspace_unstructured_syncer_test.go | 3 +- .../workspaces_config_controller.go | 29 +++++++++------- .../workspaces_config_controller_test.go | 3 +- 7 files changed, 27 insertions(+), 47 deletions(-) diff --git a/controllers/usernamespace/workspace_cm_syncer.go b/controllers/usernamespace/workspace_cm_syncer.go index 432a954de4..97a426e138 100644 --- a/controllers/usernamespace/workspace_cm_syncer.go +++ b/controllers/usernamespace/workspace_cm_syncer.go @@ -38,7 +38,7 @@ func (p *cmWorkspaceSyncObject) getSrcObject() client.Object { return p.cm } -func (p *cmWorkspaceSyncObject) getSrcObjectGKV() schema.GroupVersionKind { +func (p *cmWorkspaceSyncObject) getGKV() schema.GroupVersionKind { return v1ConfigMapGKV } diff --git a/controllers/usernamespace/workspace_pvc_syncer.go b/controllers/usernamespace/workspace_pvc_syncer.go index 17d434b43b..cb3a286427 100644 --- a/controllers/usernamespace/workspace_pvc_syncer.go +++ b/controllers/usernamespace/workspace_pvc_syncer.go @@ -35,7 +35,7 @@ func newPvcWorkspaceSyncObject(pvc *corev1.PersistentVolumeClaim) *pvcWorkspaceS } } -func (p *pvcWorkspaceSyncObject) getSrcObjectGKV() schema.GroupVersionKind { +func (p *pvcWorkspaceSyncObject) getGKV() schema.GroupVersionKind { return v1PvcGKV } diff --git a/controllers/usernamespace/workspace_secret_syncer.go b/controllers/usernamespace/workspace_secret_syncer.go index d6e4e0c6c2..4ad3661f40 100644 --- a/controllers/usernamespace/workspace_secret_syncer.go +++ b/controllers/usernamespace/workspace_secret_syncer.go @@ -36,7 +36,7 @@ func newSecretWorkspaceSyncObject(secret *corev1.Secret) *secretWorkspaceSyncObj } } -func (p *secretWorkspaceSyncObject) getSrcObjectGKV() schema.GroupVersionKind { +func (p *secretWorkspaceSyncObject) getGKV() schema.GroupVersionKind { return v1SecretGKV } diff --git a/controllers/usernamespace/workspace_unstructured_syncer.go b/controllers/usernamespace/workspace_unstructured_syncer.go index 00617f260d..f390a5e7f9 100644 --- a/controllers/usernamespace/workspace_unstructured_syncer.go +++ b/controllers/usernamespace/workspace_unstructured_syncer.go @@ -13,15 +13,13 @@ package usernamespace import ( + "strings" + "github.com/eclipse-che/che-operator/pkg/common/utils" - "github.com/google/go-cmp/cmp" - "github.com/google/go-cmp/cmp/cmpopts" - corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/apimachinery/pkg/runtime/schema" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/yaml" - "strings" ) const ( @@ -66,7 +64,7 @@ func (p *unstructuredSyncer) getSrcObject() client.Object { return p.srcObj } -func (p *unstructuredSyncer) getSrcObjectGKV() schema.GroupVersionKind { +func (p *unstructuredSyncer) getGKV() schema.GroupVersionKind { return p.srcObj.GetObjectKind().GroupVersionKind() } @@ -74,31 +72,6 @@ func (p *unstructuredSyncer) newDstObject() client.Object { return p.dstObj.DeepCopyObject().(client.Object) } -func (p *unstructuredSyncer) isExistedObjChanged(dstObj client.Object, existedDstObj client.Object) bool { - if dstObj.GetLabels() != nil { - for key, value := range dstObj.GetLabels() { - if existedDstObj.GetLabels()[key] != value { - return true - } - } - } - - if dstObj.GetAnnotations() != nil { - for key, value := range dstObj.GetAnnotations() { - if existedDstObj.GetAnnotations()[key] != value { - return true - } - } - } - - return cmp.Diff( - dstObj, - existedDstObj, - cmp.Options{ - cmpopts.IgnoreFields(corev1.ConfigMap{}, "TypeMeta", "ObjectMeta"), - }) != "" -} - func (p *unstructuredSyncer) getSrcObjectVersion() string { return p.hash } diff --git a/controllers/usernamespace/workspace_unstructured_syncer_test.go b/controllers/usernamespace/workspace_unstructured_syncer_test.go index fa6c8ce332..104313984c 100644 --- a/controllers/usernamespace/workspace_unstructured_syncer_test.go +++ b/controllers/usernamespace/workspace_unstructured_syncer_test.go @@ -14,10 +14,11 @@ package usernamespace import ( "context" - "k8s.io/apimachinery/pkg/types" "sync" "testing" + "k8s.io/apimachinery/pkg/types" + "github.com/devfile/devworkspace-operator/pkg/infrastructure" "github.com/eclipse-che/che-operator/pkg/deploy" templatev1 "github.com/openshift/api/template/v1" diff --git a/controllers/usernamespace/workspaces_config_controller.go b/controllers/usernamespace/workspaces_config_controller.go index 048f08087d..01bec709e0 100644 --- a/controllers/usernamespace/workspaces_config_controller.go +++ b/controllers/usernamespace/workspaces_config_controller.go @@ -17,6 +17,8 @@ import ( "fmt" "strings" + rbacv1 "k8s.io/api/rbac/v1" + "github.com/devfile/devworkspace-operator/pkg/infrastructure" "github.com/eclipse-che/che-operator/pkg/common/utils" "github.com/google/go-cmp/cmp" @@ -50,9 +52,9 @@ type WorkspacesConfigReconciler struct { } type WorkspaceSyncObject interface { + getGKV() schema.GroupVersionKind hasROSpec() bool getSrcObject() client.Object - getSrcObjectGKV() schema.GroupVersionKind getSrcObjectVersion() string newDstObject() client.Object } @@ -94,7 +96,10 @@ func (r *WorkspacesConfigReconciler) SetupWithManager(mgr ctrl.Manager) error { Watches(&source.Kind{Type: &corev1.Secret{}}, r.watchRules(ctx, true, true)). Watches(&source.Kind{Type: &corev1.ConfigMap{}}, r.watchRules(ctx, true, true)). Watches(&source.Kind{Type: &corev1.ResourceQuota{}}, r.watchRules(ctx, false, true)). - Watches(&source.Kind{Type: &corev1.LimitRange{}}, r.watchRules(ctx, false, true)) + Watches(&source.Kind{Type: &corev1.LimitRange{}}, r.watchRules(ctx, false, true)). + Watches(&source.Kind{Type: &corev1.ServiceAccount{}}, r.watchRules(ctx, false, true)). + Watches(&source.Kind{Type: &rbacv1.Role{}}, r.watchRules(ctx, false, true)). + Watches(&source.Kind{Type: &rbacv1.RoleBinding{}}, r.watchRules(ctx, false, true)) if infrastructure.IsOpenShift() { bld.Watches(&source.Kind{Type: &templatev1.Template{}}, r.watchRules(ctx, true, false)) @@ -424,7 +429,7 @@ func (r *WorkspacesConfigReconciler) syncTemplates( return err } - srcObjKey := buildKey(wsSyncObject.getSrcObjectGKV(), wsSyncObject.getSrcObject().GetName(), srcNamespace) + srcObjKey := buildKey(wsSyncObject.getGKV(), wsSyncObject.getSrcObject().GetName(), srcNamespace) syncedSrcObjKeys[srcObjKey] = true } } @@ -452,7 +457,7 @@ func (r *WorkspacesConfigReconciler) syncObject(syncContext *syncContext) error if err := r.syncObjectIfDiffers(syncContext, dstObj); err != nil { logger.Error(err, "Failed to sync object", "namespace", syncContext.dstNamespace, - "kind", gvk2PrintString(syncContext.wsSyncObject.getSrcObjectGKV()), + "kind", gvk2PrintString(syncContext.wsSyncObject.getGKV()), "name", dstObj.GetName()) return err } @@ -466,7 +471,7 @@ func (r *WorkspacesConfigReconciler) syncObjectIfDiffers( syncContext *syncContext, dstObj client.Object) error { - existedDstObj, err := r.scheme.New(syncContext.wsSyncObject.getSrcObjectGKV()) + existedDstObj, err := r.scheme.New(syncContext.wsSyncObject.getGKV()) if err != nil { return err } @@ -479,8 +484,8 @@ func (r *WorkspacesConfigReconciler) syncObjectIfDiffers( if err == nil { srcObj := syncContext.wsSyncObject.getSrcObject() - srcObjKey := buildKey(syncContext.wsSyncObject.getSrcObjectGKV(), srcObj.GetName(), syncContext.srcNamespace) - dstObjKey := buildKey(syncContext.wsSyncObject.getSrcObjectGKV(), dstObj.GetName(), syncContext.dstNamespace) + srcObjKey := buildKey(syncContext.wsSyncObject.getGKV(), srcObj.GetName(), syncContext.srcNamespace) + dstObjKey := buildKey(syncContext.wsSyncObject.getGKV(), dstObj.GetName(), syncContext.dstNamespace) srcHasBeenChanged := syncContext.syncConfig[srcObjKey] != syncContext.wsSyncObject.getSrcObjectVersion() dstHasBeenChanged := syncContext.syncConfig[dstObjKey] != existedDstObj.(client.Object).GetResourceVersion() @@ -493,7 +498,7 @@ func (r *WorkspacesConfigReconciler) syncObjectIfDiffers( // Admin has to re-create them to update just update resource versions logger.Info("Object skipped since has readonly spec, re-create it to update", "namespace", dstObj.GetNamespace(), - "kind", gvk2PrintString(syncContext.wsSyncObject.getSrcObjectGKV()), + "kind", gvk2PrintString(syncContext.wsSyncObject.getGKV()), "name", dstObj.GetName()) r.doUpdateSyncConfig(syncContext, existedDstObj.(client.Object)) @@ -528,7 +533,7 @@ func (r *WorkspacesConfigReconciler) doCreateObject( } logger.Info("Object created", "namespace", dstObj.GetNamespace(), - "kind", gvk2PrintString(syncContext.wsSyncObject.getSrcObjectGKV()), + "kind", gvk2PrintString(syncContext.wsSyncObject.getGKV()), "name", dstObj.GetName()) r.doUpdateSyncConfig(syncContext, dstObj) @@ -563,7 +568,7 @@ func (r *WorkspacesConfigReconciler) doUpdateObject( } logger.Info("Object updated", "namespace", dstObj.GetNamespace(), - "kind", gvk2PrintString(syncContext.wsSyncObject.getSrcObjectGKV()), + "kind", gvk2PrintString(syncContext.wsSyncObject.getGKV()), "name", dstObj.GetName()) r.doUpdateSyncConfig(syncContext, dstObj) @@ -574,8 +579,8 @@ func (r *WorkspacesConfigReconciler) doUpdateObject( func (r *WorkspacesConfigReconciler) doUpdateSyncConfig(syncContext *syncContext, dstObj client.Object) { srcObj := syncContext.wsSyncObject.getSrcObject() - srcObjKey := buildKey(syncContext.wsSyncObject.getSrcObjectGKV(), srcObj.GetName(), syncContext.srcNamespace) - dstObjKey := buildKey(syncContext.wsSyncObject.getSrcObjectGKV(), dstObj.GetName(), syncContext.dstNamespace) + srcObjKey := buildKey(syncContext.wsSyncObject.getGKV(), srcObj.GetName(), syncContext.srcNamespace) + dstObjKey := buildKey(syncContext.wsSyncObject.getGKV(), dstObj.GetName(), syncContext.dstNamespace) syncContext.syncConfig[srcObjKey] = syncContext.wsSyncObject.getSrcObjectVersion() syncContext.syncConfig[dstObjKey] = dstObj.GetResourceVersion() diff --git a/controllers/usernamespace/workspaces_config_controller_test.go b/controllers/usernamespace/workspaces_config_controller_test.go index b65c1d90a0..c798939999 100644 --- a/controllers/usernamespace/workspaces_config_controller_test.go +++ b/controllers/usernamespace/workspaces_config_controller_test.go @@ -14,12 +14,13 @@ package usernamespace import ( "context" + "testing" + "github.com/eclipse-che/che-operator/pkg/common/constants" "github.com/eclipse-che/che-operator/pkg/common/test" "github.com/eclipse-che/che-operator/pkg/deploy" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/types" - "testing" "github.com/stretchr/testify/assert" corev1 "k8s.io/api/core/v1" From eda7a6a7951051c81b75e3c2a58f335eb65068b2 Mon Sep 17 00:00:00 2001 From: Anatolii Bazko Date: Fri, 25 Oct 2024 11:06:26 +0200 Subject: [PATCH 03/10] Update DEPENDENCIES.md Signed-off-by: Anatolii Bazko --- DEPENDENCIES.md | 1 + 1 file changed, 1 insertion(+) diff --git a/DEPENDENCIES.md b/DEPENDENCIES.md index 802dc3144f..4c77672a42 100644 --- a/DEPENDENCIES.md +++ b/DEPENDENCIES.md @@ -589,3 +589,4 @@ | [sigs.k8s.io/json@v0.0.0-20220713155537-f223a00ba0e2](https://github.com/kubernetes-sigs/json) | Apache-2.0 AND BSD-3-Clause AND NOASSERTION | [clearlydefined](https://clearlydefined.io/definitions/git/github/kubernetes-sigs/json/f223a00ba0e27f539157f69f9c919c204ea7f40b) | | [github.com/google/gnostic@v0.5.7-v3refs](https://github.com/kubernetes-sigs/json) | Apache-2.0 | [clearlydefined](https://clearlydefined.io/definitions/go/golang/github.com%2Fgoogle/gnostic/v0.5.7-v3refs) | | [github.com/go-task/slim-sprig@v0.0.0-20230315185526-52ccab3ef572](https://github.com/go-task/slim-sprig.git) | MIT | [clearlydefined](https://clearlydefined.io/definitions/git/github/go-task/slim-sprig/52ccab3ef572c7e1a2c258be183f9a9296d60152) | +| [github.com/josharian/intern@v1.0.0](https://github.com/josharian/intern.git) | MIT | [clearlydefined](https://clearlydefined.io/definitions/git/github/josharian/intern/8e6ff32b3e7c0b018c43953085fe2ac330fe9acd) | From 059221631866c8cd53eebdbe3b168e46a4c307f2 Mon Sep 17 00:00:00 2001 From: Anatolii Bazko Date: Mon, 28 Oct 2024 11:07:57 +0100 Subject: [PATCH 04/10] fixups Signed-off-by: Anatolii Bazko --- .../usernamespace/workspace_cm_syncer.go | 2 ++ .../usernamespace/workspace_cm_syncer_test.go | 25 +++++++++++++-- .../usernamespace/workspace_pvc_syncer.go | 15 ++------- .../workspace_pvc_syncer_test.go | 15 ++++++++- .../usernamespace/workspace_secret_syncer.go | 2 ++ .../workspace_secret_syncer_test.go | 27 ++++++++++++++-- .../workspace_unstructured_syncer.go | 32 ++++++++++++++++++- .../workspaces_config_controller.go | 26 ++++++++++++--- pkg/deploy/reconcile_manager.go | 4 +-- 9 files changed, 122 insertions(+), 26 deletions(-) diff --git a/controllers/usernamespace/workspace_cm_syncer.go b/controllers/usernamespace/workspace_cm_syncer.go index 97a426e138..6bcbd577a7 100644 --- a/controllers/usernamespace/workspace_cm_syncer.go +++ b/controllers/usernamespace/workspace_cm_syncer.go @@ -44,6 +44,8 @@ func (p *cmWorkspaceSyncObject) getGKV() schema.GroupVersionKind { func (p *cmWorkspaceSyncObject) newDstObject() client.Object { dst := p.cm.DeepCopyObject() + // We have to set the ObjectMeta fields explicitly, because + // existed object contains unnecessary fields that we don't want to copy dst.(*corev1.ConfigMap).ObjectMeta = metav1.ObjectMeta{ Name: p.cm.GetName(), Annotations: p.cm.GetAnnotations(), diff --git a/controllers/usernamespace/workspace_cm_syncer_test.go b/controllers/usernamespace/workspace_cm_syncer_test.go index a65db9e917..78b324f17a 100644 --- a/controllers/usernamespace/workspace_cm_syncer_test.go +++ b/controllers/usernamespace/workspace_cm_syncer_test.go @@ -14,6 +14,7 @@ package usernamespace import ( "context" + "sync" "testing" "github.com/eclipse-che/che-operator/pkg/common/constants" @@ -68,7 +69,17 @@ func TestSyncConfigMap(t *testing.T) { workspaceConfigReconciler := NewWorkspacesConfigReconciler( deployContext.ClusterAPI.Client, deployContext.ClusterAPI.Scheme, - NewNamespaceCache(deployContext.ClusterAPI.NonCachingClient)) + &namespaceCache{ + client: deployContext.ClusterAPI.Client, + knownNamespaces: map[string]namespaceInfo{ + userNamespace: { + IsWorkspaceNamespace: true, + Username: "user", + CheCluster: &types.NamespacedName{Name: "eclipse-che", Namespace: "eclipse-che"}, + }, + }, + lock: sync.Mutex{}, + }) // Sync ConfigMap err := workspaceConfigReconciler.syncWorkspace(context.TODO(), userNamespace) @@ -224,7 +235,17 @@ func TestSyncConfigMapShouldMergeLabelsAndAnnotationsOnUpdate(t *testing.T) { workspaceConfigReconciler := NewWorkspacesConfigReconciler( deployContext.ClusterAPI.Client, deployContext.ClusterAPI.Scheme, - NewNamespaceCache(deployContext.ClusterAPI.NonCachingClient)) + &namespaceCache{ + client: deployContext.ClusterAPI.Client, + knownNamespaces: map[string]namespaceInfo{ + userNamespace: { + IsWorkspaceNamespace: true, + Username: "user", + CheCluster: &types.NamespacedName{Name: "eclipse-che", Namespace: "eclipse-che"}, + }, + }, + lock: sync.Mutex{}, + }) // Sync ConfigMap err := workspaceConfigReconciler.syncWorkspace(context.TODO(), userNamespace) diff --git a/controllers/usernamespace/workspace_pvc_syncer.go b/controllers/usernamespace/workspace_pvc_syncer.go index cb3a286427..e87d1ba0e9 100644 --- a/controllers/usernamespace/workspace_pvc_syncer.go +++ b/controllers/usernamespace/workspace_pvc_syncer.go @@ -15,7 +15,6 @@ package usernamespace import ( corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime/schema" "sigs.k8s.io/controller-runtime/pkg/client" ) @@ -39,24 +38,14 @@ func (p *pvcWorkspaceSyncObject) getGKV() schema.GroupVersionKind { return v1PvcGKV } -func (p *pvcWorkspaceSyncObject) newDstObj(src client.Object) client.Object { - dst := src.(runtime.Object).DeepCopyObject() - dst.(*corev1.PersistentVolumeClaim).ObjectMeta = metav1.ObjectMeta{ - Name: src.GetName(), - Annotations: src.GetAnnotations(), - Labels: src.GetLabels(), - } - dst.(*corev1.PersistentVolumeClaim).Status = corev1.PersistentVolumeClaimStatus{} - - return dst.(client.Object) -} - func (p *pvcWorkspaceSyncObject) getSrcObject() client.Object { return p.pvc } func (p *pvcWorkspaceSyncObject) newDstObject() client.Object { dst := p.pvc.DeepCopyObject() + // We have to set the ObjectMeta fields explicitly, because + // existed object contains unnecessary fields that we don't want to copy dst.(*corev1.PersistentVolumeClaim).ObjectMeta = metav1.ObjectMeta{ Name: p.pvc.GetName(), Annotations: p.pvc.GetAnnotations(), diff --git a/controllers/usernamespace/workspace_pvc_syncer_test.go b/controllers/usernamespace/workspace_pvc_syncer_test.go index d130879e31..0881b7b131 100644 --- a/controllers/usernamespace/workspace_pvc_syncer_test.go +++ b/controllers/usernamespace/workspace_pvc_syncer_test.go @@ -14,8 +14,11 @@ package usernamespace import ( "context" + "sync" "testing" + "k8s.io/apimachinery/pkg/types" + "github.com/eclipse-che/che-operator/pkg/deploy" "k8s.io/apimachinery/pkg/api/errors" @@ -55,7 +58,17 @@ func TestSyncPVC(t *testing.T) { workspaceConfigReconciler := NewWorkspacesConfigReconciler( deployContext.ClusterAPI.Client, deployContext.ClusterAPI.Scheme, - NewNamespaceCache(deployContext.ClusterAPI.NonCachingClient)) + &namespaceCache{ + client: deployContext.ClusterAPI.Client, + knownNamespaces: map[string]namespaceInfo{ + userNamespace: { + IsWorkspaceNamespace: true, + Username: "user", + CheCluster: &types.NamespacedName{Name: "eclipse-che", Namespace: "eclipse-che"}, + }, + }, + lock: sync.Mutex{}, + }) assertSyncConfig(t, workspaceConfigReconciler, 0, v1PvcGKV) diff --git a/controllers/usernamespace/workspace_secret_syncer.go b/controllers/usernamespace/workspace_secret_syncer.go index 4ad3661f40..4e807c5244 100644 --- a/controllers/usernamespace/workspace_secret_syncer.go +++ b/controllers/usernamespace/workspace_secret_syncer.go @@ -46,6 +46,8 @@ func (p *secretWorkspaceSyncObject) getSrcObject() client.Object { func (p *secretWorkspaceSyncObject) newDstObject() client.Object { dst := p.secret.DeepCopyObject() + // We have to set the ObjectMeta fields explicitly, because + // existed object contains unnecessary fields that we don't want to copy dst.(*corev1.Secret).ObjectMeta = metav1.ObjectMeta{ Name: p.secret.GetName(), Annotations: p.secret.GetAnnotations(), diff --git a/controllers/usernamespace/workspace_secret_syncer_test.go b/controllers/usernamespace/workspace_secret_syncer_test.go index 8edf4c9895..6d4781e429 100644 --- a/controllers/usernamespace/workspace_secret_syncer_test.go +++ b/controllers/usernamespace/workspace_secret_syncer_test.go @@ -14,8 +14,11 @@ package usernamespace import ( "context" + "sync" "testing" + "k8s.io/apimachinery/pkg/types" + "github.com/eclipse-che/che-operator/pkg/common/utils" "github.com/eclipse-che/che-operator/pkg/deploy" @@ -57,7 +60,17 @@ func TestSyncSecrets(t *testing.T) { workspaceConfigReconciler := NewWorkspacesConfigReconciler( deployContext.ClusterAPI.Client, deployContext.ClusterAPI.Scheme, - NewNamespaceCache(deployContext.ClusterAPI.NonCachingClient)) + &namespaceCache{ + client: deployContext.ClusterAPI.Client, + knownNamespaces: map[string]namespaceInfo{ + userNamespace: { + IsWorkspaceNamespace: true, + Username: "user", + CheCluster: &types.NamespacedName{Name: "eclipse-che", Namespace: "eclipse-che"}, + }, + }, + lock: sync.Mutex{}, + }) // Sync Secret err := workspaceConfigReconciler.syncWorkspace(context.TODO(), userNamespace) @@ -222,7 +235,17 @@ func TestSyncSecretShouldMergeLabelsAndAnnotationsOnUpdate(t *testing.T) { workspaceConfigReconciler := NewWorkspacesConfigReconciler( deployContext.ClusterAPI.Client, deployContext.ClusterAPI.Scheme, - NewNamespaceCache(deployContext.ClusterAPI.NonCachingClient)) + &namespaceCache{ + client: deployContext.ClusterAPI.Client, + knownNamespaces: map[string]namespaceInfo{ + userNamespace: { + IsWorkspaceNamespace: true, + Username: "user", + CheCluster: &types.NamespacedName{Name: "eclipse-che", Namespace: "eclipse-che"}, + }, + }, + lock: sync.Mutex{}, + }) // Sync Secret err := workspaceConfigReconciler.syncWorkspace(context.TODO(), userNamespace) diff --git a/controllers/usernamespace/workspace_unstructured_syncer.go b/controllers/usernamespace/workspace_unstructured_syncer.go index f390a5e7f9..4d0c78bdf9 100644 --- a/controllers/usernamespace/workspace_unstructured_syncer.go +++ b/controllers/usernamespace/workspace_unstructured_syncer.go @@ -15,6 +15,8 @@ package usernamespace import ( "strings" + dwconstants "github.com/devfile/devworkspace-operator/pkg/constants" + "github.com/eclipse-che/che-operator/pkg/common/utils" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/apimachinery/pkg/runtime/schema" @@ -23,6 +25,7 @@ import ( ) const ( + // Supported templates parameters PROJECT_REQUESTING_USER = "${PROJECT_REQUESTING_USER}" PROJECT_NAME = "${PROJECT_NAME}" ) @@ -69,7 +72,30 @@ func (p *unstructuredSyncer) getGKV() schema.GroupVersionKind { } func (p *unstructuredSyncer) newDstObject() client.Object { - return p.dstObj.DeepCopyObject().(client.Object) + dstObj := p.dstObj.DeepCopyObject().(client.Object) + + switch dstObj.GetObjectKind().GroupVersionKind().String() { + case v1ConfigMapGKV.String(): + dstObj.SetLabels(utils.MergeMaps([]map[string]string{ + dstObj.GetLabels(), + { + dwconstants.DevWorkspaceWatchConfigMapLabel: "true", + dwconstants.DevWorkspaceMountLabel: "true", + }}), + ) + break + case v1SecretGKV.String(): + dstObj.SetLabels(utils.MergeMaps([]map[string]string{ + dstObj.GetLabels(), + { + dwconstants.DevWorkspaceWatchSecretLabel: "true", + dwconstants.DevWorkspaceMountLabel: "true", + }}), + ) + break + } + + return dstObj } func (p *unstructuredSyncer) getSrcObjectVersion() string { @@ -77,5 +103,9 @@ func (p *unstructuredSyncer) getSrcObjectVersion() string { } func (p *unstructuredSyncer) hasROSpec() bool { + switch p.dstObj.GetObjectKind().GroupVersionKind().String() { + case v1PvcGKV.String(): + return true + } return false } diff --git a/controllers/usernamespace/workspaces_config_controller.go b/controllers/usernamespace/workspaces_config_controller.go index 01bec709e0..f81de72cee 100644 --- a/controllers/usernamespace/workspaces_config_controller.go +++ b/controllers/usernamespace/workspaces_config_controller.go @@ -191,7 +191,16 @@ func (r *WorkspacesConfigReconciler) syncWorkspace(ctx context.Context, dstNames syncConfig, err := r.getSyncConfig(ctx, dstNamespace) if err != nil { - logger.Error(err, "Failed to get workspace sync config", "namespace", dstNamespace) + return err + } + + info, err := r.namespaceCache.GetNamespaceInfo(context.TODO(), dstNamespace) + if err != nil { + return err + } + + if info.Username == "" { + logger.Info("Username is not set for the namespace", "namespace", dstNamespace) return nil } @@ -444,6 +453,7 @@ func (r *WorkspacesConfigReconciler) syncObject(syncContext *syncContext) error dstObj.SetNamespace(syncContext.dstNamespace) // ensure the name is the same as the source object dstObj.SetName(syncContext.wsSyncObject.getSrcObject().GetName()) + // set mandatory labels dstObj.SetLabels(utils.MergeMaps( []map[string]string{ dstObj.GetLabels(), @@ -505,7 +515,11 @@ func (r *WorkspacesConfigReconciler) syncObjectIfDiffers( return nil } else { if isDiff(dstObj, existedDstObj.(client.Object)) { - return r.doUpdateObject(syncContext, dstObj, existedDstObj.(client.Object)) + if err = r.doUpdateObject(syncContext, dstObj, existedDstObj.(client.Object)); err != nil { + return err + } + r.doUpdateSyncConfig(syncContext, dstObj) + return nil } else { // nothing to update objects are equal just update resource versions r.doUpdateSyncConfig(syncContext, existedDstObj.(client.Object)) @@ -515,7 +529,11 @@ func (r *WorkspacesConfigReconciler) syncObjectIfDiffers( } } else if errors.IsNotFound(err) { // destination object does not exist, so it will be created - return r.doCreateObject(syncContext, dstObj) + if err = r.doCreateObject(syncContext, dstObj); err != nil { + return err + } + r.doUpdateSyncConfig(syncContext, dstObj) + return nil } else { return err } @@ -536,7 +554,6 @@ func (r *WorkspacesConfigReconciler) doCreateObject( "kind", gvk2PrintString(syncContext.wsSyncObject.getGKV()), "name", dstObj.GetName()) - r.doUpdateSyncConfig(syncContext, dstObj) return nil } @@ -571,7 +588,6 @@ func (r *WorkspacesConfigReconciler) doUpdateObject( "kind", gvk2PrintString(syncContext.wsSyncObject.getGKV()), "name", dstObj.GetName()) - r.doUpdateSyncConfig(syncContext, dstObj) return nil } diff --git a/pkg/deploy/reconcile_manager.go b/pkg/deploy/reconcile_manager.go index 34ef3b549e..d3c292c60d 100644 --- a/pkg/deploy/reconcile_manager.go +++ b/pkg/deploy/reconcile_manager.go @@ -61,9 +61,9 @@ func (manager *ReconcileManager) ReconcileAll(ctx *chetypes.DeployContext) (reco for _, reconciler := range manager.reconcilers { reconcilerName := GetObjectType(reconciler) - reconcilerLogger.Info("Reconciling started", "reconciler", reconcilerName) + //reconcilerLogger.Info("Reconciling started", "reconciler", reconcilerName) result, done, err := reconciler.Reconcile(ctx) - reconcilerLogger.Info("Reconciled completed", "reconciler", reconcilerName, "done", done) + //reconcilerLogger.Info("Reconciled completed", "reconciler", reconcilerName, "done", done) if err != nil { // set failed reconciler From a460b139d47cd8042646a40f71bceb658a4dbf9b Mon Sep 17 00:00:00 2001 From: Anatolii Bazko Date: Mon, 28 Oct 2024 14:01:35 +0100 Subject: [PATCH 05/10] fixup Signed-off-by: Anatolii Bazko --- .../workspace_unstructured_syncer.go | 6 +- .../workspace_unstructured_syncer_test.go | 2 +- .../workspaces_config_controller.go | 8 +-- .../workspaces_config_controller_test.go | 60 +++++++++++++++++++ 4 files changed, 68 insertions(+), 8 deletions(-) diff --git a/controllers/usernamespace/workspace_unstructured_syncer.go b/controllers/usernamespace/workspace_unstructured_syncer.go index 4d0c78bdf9..e13521e1d1 100644 --- a/controllers/usernamespace/workspace_unstructured_syncer.go +++ b/controllers/usernamespace/workspace_unstructured_syncer.go @@ -26,8 +26,8 @@ import ( const ( // Supported templates parameters - PROJECT_REQUESTING_USER = "${PROJECT_REQUESTING_USER}" - PROJECT_NAME = "${PROJECT_NAME}" + PROJECT_USER = "${PROJECT_USER}" + PROJECT_NAME = "${PROJECT_NAME}" ) type unstructuredSyncer struct { @@ -46,7 +46,7 @@ func newUnstructuredSyncer( hash := utils.ComputeHash256(raw) objAsString := string(raw) - objAsString = strings.ReplaceAll(objAsString, PROJECT_REQUESTING_USER, user) + objAsString = strings.ReplaceAll(objAsString, PROJECT_USER, user) objAsString = strings.ReplaceAll(objAsString, PROJECT_NAME, project) srcObj := &unstructured.Unstructured{} diff --git a/controllers/usernamespace/workspace_unstructured_syncer_test.go b/controllers/usernamespace/workspace_unstructured_syncer_test.go index 104313984c..f0b6eabc9f 100644 --- a/controllers/usernamespace/workspace_unstructured_syncer_test.go +++ b/controllers/usernamespace/workspace_unstructured_syncer_test.go @@ -65,7 +65,7 @@ func TestSyncTemplateWithLimitRange(t *testing.T) { ObjectMeta: metav1.ObjectMeta{ Name: objectName, Labels: map[string]string{ - "user": "${PROJECT_REQUESTING_USER}", + "user": "${PROJECT_USER}", "namespace": "${PROJECT_NAME}", }, }, diff --git a/controllers/usernamespace/workspaces_config_controller.go b/controllers/usernamespace/workspaces_config_controller.go index f81de72cee..158695a35a 100644 --- a/controllers/usernamespace/workspaces_config_controller.go +++ b/controllers/usernamespace/workspaces_config_controller.go @@ -722,17 +722,17 @@ func buildKey(gvk schema.GroupVersionKind, name string, namespace string) string func getGkvItem(key string) string { splits := strings.Split(key, ".") - return splits[0] + return strings.ReplaceAll(splits[0], "#", ".") } func getNameItem(key string) string { splits := strings.Split(key, ".") - return splits[1] + return strings.Join(splits[1:len(splits)-1], ".") } func getNamespaceItem(key string) string { splits := strings.Split(key, ".") - return splits[2] + return splits[len(splits)-1] } // gvk2Item returns a key item for GroupVersionKind. @@ -740,7 +740,7 @@ func gvk2Item(gvk schema.GroupVersionKind) string { if gvk.Group == "" { return fmt.Sprintf("%s_%s", gvk.Version, gvk.Kind) } - return fmt.Sprintf("%s_%s_%s", gvk.Group, gvk.Version, gvk.Kind) + return fmt.Sprintf("%s_%s_%s", strings.ReplaceAll(gvk.Group, ".", "#"), gvk.Version, gvk.Kind) } func item2gkv(item string) schema.GroupVersionKind { diff --git a/controllers/usernamespace/workspaces_config_controller_test.go b/controllers/usernamespace/workspaces_config_controller_test.go index c798939999..586d42d96a 100644 --- a/controllers/usernamespace/workspaces_config_controller_test.go +++ b/controllers/usernamespace/workspaces_config_controller_test.go @@ -14,8 +14,12 @@ package usernamespace import ( "context" + "fmt" "testing" + rbacv1 "k8s.io/api/rbac/v1" + "k8s.io/apimachinery/pkg/runtime/schema" + "github.com/eclipse-che/che-operator/pkg/common/constants" "github.com/eclipse-che/che-operator/pkg/common/test" "github.com/eclipse-che/che-operator/pkg/deploy" @@ -142,3 +146,59 @@ func TestIsDiff(t *testing.T) { changed := isDiff(src, dst) assert.False(t, changed) } + +func TestBuildKey(t *testing.T) { + type testCase struct { + name string + namespace string + gkv schema.GroupVersionKind + } + + testCases := []testCase{ + { + name: "test", + namespace: "eclipse-che", + gkv: corev1.SchemeGroupVersion.WithKind("ConfigMap"), + }, + { + name: "test.test", + namespace: "eclipse-che", + gkv: corev1.SchemeGroupVersion.WithKind("ConfigMap"), + }, + { + name: "test", + namespace: "eclipse-che", + gkv: corev1.SchemeGroupVersion.WithKind("Secret"), + }, + { + name: "test", + namespace: "eclipse-che", + gkv: corev1.SchemeGroupVersion.WithKind("PersistentVolumeClaim"), + }, + { + name: "test", + namespace: "eclipse-che", + gkv: rbacv1.SchemeGroupVersion.WithKind("Role"), + }, + { + name: "test", + namespace: "eclipse-che", + gkv: rbacv1.SchemeGroupVersion.WithKind("ClusterRole"), + }, + { + name: "test.test", + namespace: "eclipse-che", + gkv: rbacv1.SchemeGroupVersion.WithKind("ClusterRole"), + }, + } + + for i, testCase := range testCases { + t.Run(fmt.Sprintf("case #%d", i), func(t *testing.T) { + key := buildKey(testCase.gkv, testCase.name, testCase.namespace) + + assert.Equal(t, testCase.name, getNameItem(key)) + assert.Equal(t, testCase.namespace, getNamespaceItem(key)) + assert.Equal(t, testCase.gkv.String(), item2gkv(getGkvItem(key)).String()) + }) + } +} From f56f130447960d0e45717860dfba0405df56c3e0 Mon Sep 17 00:00:00 2001 From: Anatolii Bazko Date: Mon, 28 Oct 2024 14:08:41 +0100 Subject: [PATCH 06/10] fixup Signed-off-by: Anatolii Bazko --- .../che-operator.clusterserviceversion.yaml | 30 +++++++++++++++++-- 1 file changed, 28 insertions(+), 2 deletions(-) diff --git a/bundle/next/eclipse-che/manifests/che-operator.clusterserviceversion.yaml b/bundle/next/eclipse-che/manifests/che-operator.clusterserviceversion.yaml index 1e80c998db..1bd953bd0e 100644 --- a/bundle/next/eclipse-che/manifests/che-operator.clusterserviceversion.yaml +++ b/bundle/next/eclipse-che/manifests/che-operator.clusterserviceversion.yaml @@ -104,7 +104,7 @@ metadata: operators.operatorframework.io/project_layout: go.kubebuilder.io/v3 repository: https://github.com/eclipse-che/che-operator support: Eclipse Foundation - name: eclipse-che.v7.94.0-891.next + name: eclipse-che.v7.94.0-892.next namespace: placeholder spec: apiservicedefinitions: {} @@ -828,7 +828,33 @@ spec: resources: - limitranges verbs: + - create + - delete + - get + - update + - patch + - watch - list + - apiGroups: + - "" + resources: + - resourcequotas + verbs: + - create + - delete + - get + - update + - patch + - watch + - list + - apiGroups: + - template.openshift.io + resources: + - templates + verbs: + - get + - list + - watch - apiGroups: - monitoring.coreos.com resources: @@ -1035,7 +1061,7 @@ spec: minKubeVersion: 1.19.0 provider: name: Eclipse Foundation - version: 7.94.0-891.next + version: 7.94.0-892.next webhookdefinitions: - admissionReviewVersions: - v1 From 979402eb08fbcf764ae3abd26ef60787042d31ae Mon Sep 17 00:00:00 2001 From: Anatolii Bazko Date: Tue, 29 Oct 2024 15:07:12 +0100 Subject: [PATCH 07/10] fixup Signed-off-by: Anatolii Bazko --- .../usernamespace/workspace_cm_syncer_test.go | 18 +- .../workspace_pvc_syncer_test.go | 8 +- .../workspace_secret_syncer_test.go | 18 +- .../workspace_unstructured_syncer.go | 24 +- .../workspace_unstructured_syncer_test.go | 14 +- .../workspaces_config_controller.go | 45 ++-- .../workspaces_config_controller_test.go | 2 +- pkg/deploy/sync/sync.go | 231 ++++++++++++++++++ 8 files changed, 293 insertions(+), 67 deletions(-) create mode 100644 pkg/deploy/sync/sync.go diff --git a/controllers/usernamespace/workspace_cm_syncer_test.go b/controllers/usernamespace/workspace_cm_syncer_test.go index 78b324f17a..2a7bf838ec 100644 --- a/controllers/usernamespace/workspace_cm_syncer_test.go +++ b/controllers/usernamespace/workspace_cm_syncer_test.go @@ -82,7 +82,7 @@ func TestSyncConfigMap(t *testing.T) { }) // Sync ConfigMap - err := workspaceConfigReconciler.syncWorkspace(context.TODO(), userNamespace) + err := workspaceConfigReconciler.syncWorkspace(context.TODO(), eclipseCheNamespace, userNamespace) assert.Nil(t, err) assertSyncConfig(t, workspaceConfigReconciler, 2, v1ConfigMapGKV) @@ -106,7 +106,7 @@ func TestSyncConfigMap(t *testing.T) { assert.Nil(t, err) // Sync ConfigMap - err = workspaceConfigReconciler.syncWorkspace(context.TODO(), userNamespace) + err = workspaceConfigReconciler.syncWorkspace(context.TODO(), eclipseCheNamespace, userNamespace) assert.Nil(t, err) assertSyncConfig(t, workspaceConfigReconciler, 2, v1ConfigMapGKV) @@ -130,7 +130,7 @@ func TestSyncConfigMap(t *testing.T) { assert.Nil(t, err) // Sync ConfigMap - err = workspaceConfigReconciler.syncWorkspace(context.TODO(), userNamespace) + err = workspaceConfigReconciler.syncWorkspace(context.TODO(), eclipseCheNamespace, userNamespace) assert.Nil(t, err) assertSyncConfig(t, workspaceConfigReconciler, 2, v1ConfigMapGKV) @@ -155,7 +155,7 @@ func TestSyncConfigMap(t *testing.T) { assert.Nil(t, err) // Sync ConfigMap - err = workspaceConfigReconciler.syncWorkspace(context.TODO(), userNamespace) + err = workspaceConfigReconciler.syncWorkspace(context.TODO(), eclipseCheNamespace, userNamespace) assert.Nil(t, err) assertSyncConfig(t, workspaceConfigReconciler, 2, v1ConfigMapGKV) @@ -177,7 +177,7 @@ func TestSyncConfigMap(t *testing.T) { assert.Nil(t, err) // Sync ConfigMap - err = workspaceConfigReconciler.syncWorkspace(context.TODO(), userNamespace) + err = workspaceConfigReconciler.syncWorkspace(context.TODO(), eclipseCheNamespace, userNamespace) assert.Nil(t, err) assertSyncConfig(t, workspaceConfigReconciler, 2, v1ConfigMapGKV) @@ -197,7 +197,7 @@ func TestSyncConfigMap(t *testing.T) { assert.Nil(t, err) // Sync ConfigMap - err = workspaceConfigReconciler.syncWorkspace(context.TODO(), userNamespace) + err = workspaceConfigReconciler.syncWorkspace(context.TODO(), eclipseCheNamespace, userNamespace) assert.Nil(t, err) assertSyncConfig(t, workspaceConfigReconciler, 0, v1ConfigMapGKV) @@ -248,7 +248,7 @@ func TestSyncConfigMapShouldMergeLabelsAndAnnotationsOnUpdate(t *testing.T) { }) // Sync ConfigMap - err := workspaceConfigReconciler.syncWorkspace(context.TODO(), userNamespace) + err := workspaceConfigReconciler.syncWorkspace(context.TODO(), eclipseCheNamespace, userNamespace) assert.Nil(t, err) assertSyncConfig(t, workspaceConfigReconciler, 2, v1ConfigMapGKV) @@ -273,7 +273,7 @@ func TestSyncConfigMapShouldMergeLabelsAndAnnotationsOnUpdate(t *testing.T) { assert.Nil(t, err) // Sync ConfigMap - err = workspaceConfigReconciler.syncWorkspace(context.TODO(), userNamespace) + err = workspaceConfigReconciler.syncWorkspace(context.TODO(), eclipseCheNamespace, userNamespace) assert.Nil(t, err) assertSyncConfig(t, workspaceConfigReconciler, 2, v1ConfigMapGKV) @@ -301,7 +301,7 @@ func TestSyncConfigMapShouldMergeLabelsAndAnnotationsOnUpdate(t *testing.T) { assert.Nil(t, err) // Sync ConfigMap - err = workspaceConfigReconciler.syncWorkspace(context.TODO(), userNamespace) + err = workspaceConfigReconciler.syncWorkspace(context.TODO(), eclipseCheNamespace, userNamespace) assert.Nil(t, err) assertSyncConfig(t, workspaceConfigReconciler, 2, v1ConfigMapGKV) diff --git a/controllers/usernamespace/workspace_pvc_syncer_test.go b/controllers/usernamespace/workspace_pvc_syncer_test.go index 0881b7b131..768bba6ee6 100644 --- a/controllers/usernamespace/workspace_pvc_syncer_test.go +++ b/controllers/usernamespace/workspace_pvc_syncer_test.go @@ -73,7 +73,7 @@ func TestSyncPVC(t *testing.T) { assertSyncConfig(t, workspaceConfigReconciler, 0, v1PvcGKV) // Sync PVC to a user namespace - err := workspaceConfigReconciler.syncWorkspace(context.TODO(), userNamespace) + err := workspaceConfigReconciler.syncWorkspace(context.TODO(), eclipseCheNamespace, userNamespace) assert.Nil(t, err) assertSyncConfig(t, workspaceConfigReconciler, 2, v1PvcGKV) @@ -93,7 +93,7 @@ func TestSyncPVC(t *testing.T) { err = workspaceConfigReconciler.client.Update(context.TODO(), pvc) // Sync PVC - err = workspaceConfigReconciler.syncWorkspace(context.TODO(), userNamespace) + err = workspaceConfigReconciler.syncWorkspace(context.TODO(), eclipseCheNamespace, userNamespace) assert.Nil(t, err) assertSyncConfig(t, workspaceConfigReconciler, 2, v1PvcGKV) @@ -110,7 +110,7 @@ func TestSyncPVC(t *testing.T) { assert.Nil(t, err) // Sync PVC - err = workspaceConfigReconciler.syncWorkspace(context.TODO(), userNamespace) + err = workspaceConfigReconciler.syncWorkspace(context.TODO(), eclipseCheNamespace, userNamespace) assert.Nil(t, err) assertSyncConfig(t, workspaceConfigReconciler, 2, v1PvcGKV) @@ -127,7 +127,7 @@ func TestSyncPVC(t *testing.T) { assert.Nil(t, err) // Sync PVC - err = workspaceConfigReconciler.syncWorkspace(context.TODO(), userNamespace) + err = workspaceConfigReconciler.syncWorkspace(context.TODO(), eclipseCheNamespace, userNamespace) assert.Nil(t, err) assertSyncConfig(t, workspaceConfigReconciler, 0, v1PvcGKV) diff --git a/controllers/usernamespace/workspace_secret_syncer_test.go b/controllers/usernamespace/workspace_secret_syncer_test.go index 6d4781e429..009ba49e19 100644 --- a/controllers/usernamespace/workspace_secret_syncer_test.go +++ b/controllers/usernamespace/workspace_secret_syncer_test.go @@ -73,7 +73,7 @@ func TestSyncSecrets(t *testing.T) { }) // Sync Secret - err := workspaceConfigReconciler.syncWorkspace(context.TODO(), userNamespace) + err := workspaceConfigReconciler.syncWorkspace(context.TODO(), eclipseCheNamespace, userNamespace) assert.Nil(t, err) assertSyncConfig(t, workspaceConfigReconciler, 2, v1SecretGKV) @@ -101,7 +101,7 @@ func TestSyncSecrets(t *testing.T) { assert.Nil(t, err) // Sync Secret - err = workspaceConfigReconciler.syncWorkspace(context.TODO(), userNamespace) + err = workspaceConfigReconciler.syncWorkspace(context.TODO(), eclipseCheNamespace, userNamespace) assert.Nil(t, err) assertSyncConfig(t, workspaceConfigReconciler, 2, v1SecretGKV) @@ -127,7 +127,7 @@ func TestSyncSecrets(t *testing.T) { assert.Nil(t, err) // Sync Secret - err = workspaceConfigReconciler.syncWorkspace(context.TODO(), userNamespace) + err = workspaceConfigReconciler.syncWorkspace(context.TODO(), eclipseCheNamespace, userNamespace) assert.Nil(t, err) assertSyncConfig(t, workspaceConfigReconciler, 2, v1SecretGKV) @@ -153,7 +153,7 @@ func TestSyncSecrets(t *testing.T) { assert.Nil(t, err) // Sync Secret - err = workspaceConfigReconciler.syncWorkspace(context.TODO(), userNamespace) + err = workspaceConfigReconciler.syncWorkspace(context.TODO(), eclipseCheNamespace, userNamespace) assert.Nil(t, err) assertSyncConfig(t, workspaceConfigReconciler, 2, v1SecretGKV) @@ -176,7 +176,7 @@ func TestSyncSecrets(t *testing.T) { assert.Nil(t, err) // Sync Secret - err = workspaceConfigReconciler.syncWorkspace(context.TODO(), userNamespace) + err = workspaceConfigReconciler.syncWorkspace(context.TODO(), eclipseCheNamespace, userNamespace) assert.Nil(t, err) assertSyncConfig(t, workspaceConfigReconciler, 2, v1SecretGKV) @@ -197,7 +197,7 @@ func TestSyncSecrets(t *testing.T) { assert.Nil(t, err) // Sync Secret - err = workspaceConfigReconciler.syncWorkspace(context.TODO(), userNamespace) + err = workspaceConfigReconciler.syncWorkspace(context.TODO(), eclipseCheNamespace, userNamespace) assert.Nil(t, err) assertSyncConfig(t, workspaceConfigReconciler, 0, v1SecretGKV) @@ -248,7 +248,7 @@ func TestSyncSecretShouldMergeLabelsAndAnnotationsOnUpdate(t *testing.T) { }) // Sync Secret - err := workspaceConfigReconciler.syncWorkspace(context.TODO(), userNamespace) + err := workspaceConfigReconciler.syncWorkspace(context.TODO(), eclipseCheNamespace, userNamespace) assert.Nil(t, err) assertSyncConfig(t, workspaceConfigReconciler, 2, v1SecretGKV) @@ -273,7 +273,7 @@ func TestSyncSecretShouldMergeLabelsAndAnnotationsOnUpdate(t *testing.T) { assert.Nil(t, err) // Sync Secret - err = workspaceConfigReconciler.syncWorkspace(context.TODO(), userNamespace) + err = workspaceConfigReconciler.syncWorkspace(context.TODO(), eclipseCheNamespace, userNamespace) assert.Nil(t, err) assertSyncConfig(t, workspaceConfigReconciler, 2, v1SecretGKV) @@ -301,7 +301,7 @@ func TestSyncSecretShouldMergeLabelsAndAnnotationsOnUpdate(t *testing.T) { assert.Nil(t, err) // Sync Secret - err = workspaceConfigReconciler.syncWorkspace(context.TODO(), userNamespace) + err = workspaceConfigReconciler.syncWorkspace(context.TODO(), eclipseCheNamespace, userNamespace) assert.Nil(t, err) assertSyncConfig(t, workspaceConfigReconciler, 2, v1SecretGKV) diff --git a/controllers/usernamespace/workspace_unstructured_syncer.go b/controllers/usernamespace/workspace_unstructured_syncer.go index e13521e1d1..827513aff9 100644 --- a/controllers/usernamespace/workspace_unstructured_syncer.go +++ b/controllers/usernamespace/workspace_unstructured_syncer.go @@ -26,8 +26,8 @@ import ( const ( // Supported templates parameters - PROJECT_USER = "${PROJECT_USER}" - PROJECT_NAME = "${PROJECT_NAME}" + PROJECT_ADMIN_USER = "${PROJECT_ADMIN_USER}" + PROJECT_NAME = "${PROJECT_NAME}" ) type unstructuredSyncer struct { @@ -40,14 +40,14 @@ type unstructuredSyncer struct { func newUnstructuredSyncer( raw []byte, - user string, - project string) (*unstructuredSyncer, error) { + userName string, + namespaceName string) (*unstructuredSyncer, error) { hash := utils.ComputeHash256(raw) objAsString := string(raw) - objAsString = strings.ReplaceAll(objAsString, PROJECT_USER, user) - objAsString = strings.ReplaceAll(objAsString, PROJECT_NAME, project) + objAsString = strings.ReplaceAll(objAsString, PROJECT_ADMIN_USER, userName) + objAsString = strings.ReplaceAll(objAsString, PROJECT_NAME, namespaceName) srcObj := &unstructured.Unstructured{} if err := yaml.Unmarshal([]byte(objAsString), srcObj); err != nil { @@ -74,8 +74,8 @@ func (p *unstructuredSyncer) getGKV() schema.GroupVersionKind { func (p *unstructuredSyncer) newDstObject() client.Object { dstObj := p.dstObj.DeepCopyObject().(client.Object) - switch dstObj.GetObjectKind().GroupVersionKind().String() { - case v1ConfigMapGKV.String(): + switch dstObj.GetObjectKind().GroupVersionKind() { + case v1ConfigMapGKV: dstObj.SetLabels(utils.MergeMaps([]map[string]string{ dstObj.GetLabels(), { @@ -84,7 +84,7 @@ func (p *unstructuredSyncer) newDstObject() client.Object { }}), ) break - case v1SecretGKV.String(): + case v1SecretGKV: dstObj.SetLabels(utils.MergeMaps([]map[string]string{ dstObj.GetLabels(), { @@ -103,9 +103,5 @@ func (p *unstructuredSyncer) getSrcObjectVersion() string { } func (p *unstructuredSyncer) hasROSpec() bool { - switch p.dstObj.GetObjectKind().GroupVersionKind().String() { - case v1PvcGKV.String(): - return true - } - return false + return p.dstObj.GetObjectKind().GroupVersionKind() == v1PvcGKV } diff --git a/controllers/usernamespace/workspace_unstructured_syncer_test.go b/controllers/usernamespace/workspace_unstructured_syncer_test.go index f0b6eabc9f..16cc298a9f 100644 --- a/controllers/usernamespace/workspace_unstructured_syncer_test.go +++ b/controllers/usernamespace/workspace_unstructured_syncer_test.go @@ -65,7 +65,7 @@ func TestSyncTemplateWithLimitRange(t *testing.T) { ObjectMeta: metav1.ObjectMeta{ Name: objectName, Labels: map[string]string{ - "user": "${PROJECT_USER}", + "user": "${PROJECT_ADMIN_USER}", "namespace": "${PROJECT_NAME}", }, }, @@ -97,7 +97,7 @@ func TestSyncTemplateWithLimitRange(t *testing.T) { }) // Sync Template - err := workspaceConfigReconciler.syncWorkspace(context.TODO(), userNamespace) + err := workspaceConfigReconciler.syncWorkspace(context.TODO(), eclipseCheNamespace, userNamespace) assert.Nil(t, err) assertSyncConfig(t, workspaceConfigReconciler, 2, v1LimitRangeGKV) @@ -139,7 +139,7 @@ func TestSyncTemplateWithLimitRange(t *testing.T) { assert.Nil(t, err) // Sync Template - err = workspaceConfigReconciler.syncWorkspace(context.TODO(), userNamespace) + err = workspaceConfigReconciler.syncWorkspace(context.TODO(), eclipseCheNamespace, userNamespace) assert.Nil(t, err) assertSyncConfig(t, workspaceConfigReconciler, 2, v1LimitRangeGKV) @@ -160,7 +160,7 @@ func TestSyncTemplateWithLimitRange(t *testing.T) { assert.Nil(t, err) // Sync Template - err = workspaceConfigReconciler.syncWorkspace(context.TODO(), userNamespace) + err = workspaceConfigReconciler.syncWorkspace(context.TODO(), eclipseCheNamespace, userNamespace) assert.Nil(t, err) assertSyncConfig(t, workspaceConfigReconciler, 2, v1LimitRangeGKV) @@ -182,7 +182,7 @@ func TestSyncTemplateWithLimitRange(t *testing.T) { assert.Nil(t, err) // Sync Template - err = workspaceConfigReconciler.syncWorkspace(context.TODO(), userNamespace) + err = workspaceConfigReconciler.syncWorkspace(context.TODO(), eclipseCheNamespace, userNamespace) assert.Nil(t, err) assertSyncConfig(t, workspaceConfigReconciler, 2, v1LimitRangeGKV) @@ -201,7 +201,7 @@ func TestSyncTemplateWithLimitRange(t *testing.T) { assert.Nil(t, err) // Sync Template - err = workspaceConfigReconciler.syncWorkspace(context.TODO(), userNamespace) + err = workspaceConfigReconciler.syncWorkspace(context.TODO(), eclipseCheNamespace, userNamespace) assert.Nil(t, err) assertSyncConfig(t, workspaceConfigReconciler, 2, v1LimitRangeGKV) @@ -218,7 +218,7 @@ func TestSyncTemplateWithLimitRange(t *testing.T) { assert.Nil(t, err) // Sync Template - err = workspaceConfigReconciler.syncWorkspace(context.TODO(), userNamespace) + err = workspaceConfigReconciler.syncWorkspace(context.TODO(), eclipseCheNamespace, userNamespace) assert.Nil(t, err) assertSyncConfig(t, workspaceConfigReconciler, 0, v1LimitRangeGKV) diff --git a/controllers/usernamespace/workspaces_config_controller.go b/controllers/usernamespace/workspaces_config_controller.go index 158695a35a..ce61f3ee30 100644 --- a/controllers/usernamespace/workspaces_config_controller.go +++ b/controllers/usernamespace/workspaces_config_controller.go @@ -113,6 +113,12 @@ func (r *WorkspacesConfigReconciler) Reconcile(ctx context.Context, req ctrl.Req return ctrl.Result{}, nil } + checluster, err := deploy.FindCheClusterCRInNamespace(r.client, "") + if checluster == nil { + // There is no CheCluster CR, the source namespace is unknown + return ctrl.Result{}, nil + } + info, err := r.namespaceCache.ExamineNamespace(ctx, req.Name) if err != nil { logger.Error(err, "Failed to examine namespace", "namespace", req.Name) @@ -124,7 +130,12 @@ func (r *WorkspacesConfigReconciler) Reconcile(ctx context.Context, req ctrl.Req return ctrl.Result{}, nil } - if err = r.syncWorkspace(ctx, req.Name); err != nil { + if info.Username == "" { + logger.Info("Username is not set for the namespace", "namespace", req.Name) + return ctrl.Result{}, nil + } + + if err = r.syncWorkspace(ctx, checluster.Namespace, req.Name); err != nil { logger.Error(err, "Failed to sync workspace configs", "namespace", req.Name) return ctrl.Result{}, err } @@ -182,28 +193,16 @@ func (r *WorkspacesConfigReconciler) watchRules( // syncWorkspace sync user namespace. // Iterates over all objects in the source namespace labeled as `app.kubernetes.io/component=workspaces-config` // and syncs them to the target user namespace. -func (r *WorkspacesConfigReconciler) syncWorkspace(ctx context.Context, dstNamespace string) error { - checluster, err := deploy.FindCheClusterCRInNamespace(r.client, "") - if checluster == nil { - // There is no CheCluster CR, the source namespace is unknown - return nil - } - +func (r *WorkspacesConfigReconciler) syncWorkspace( + ctx context.Context, + srcNamespace string, + dstNamespace string, +) error { syncConfig, err := r.getSyncConfig(ctx, dstNamespace) if err != nil { return err } - info, err := r.namespaceCache.GetNamespaceInfo(context.TODO(), dstNamespace) - if err != nil { - return err - } - - if info.Username == "" { - logger.Info("Username is not set for the namespace", "namespace", dstNamespace) - return nil - } - defer func() { // Update sync config in the end of the reconciliation // despite the result of the reconciliation @@ -226,7 +225,7 @@ func (r *WorkspacesConfigReconciler) syncWorkspace(ctx context.Context, dstNames if infrastructure.IsOpenShift() { if err = r.syncTemplates( ctx, - checluster.Namespace, + srcNamespace, dstNamespace, syncConfig.Data, syncedSrcObjKeys, @@ -237,7 +236,7 @@ func (r *WorkspacesConfigReconciler) syncWorkspace(ctx context.Context, dstNames if err = r.syncConfigMaps( ctx, - checluster.Namespace, + srcNamespace, dstNamespace, syncConfig.Data, syncedSrcObjKeys, @@ -247,7 +246,7 @@ func (r *WorkspacesConfigReconciler) syncWorkspace(ctx context.Context, dstNames if err = r.syncSecretes( ctx, - checluster.Namespace, + srcNamespace, dstNamespace, syncConfig.Data, syncedSrcObjKeys, @@ -257,7 +256,7 @@ func (r *WorkspacesConfigReconciler) syncWorkspace(ctx context.Context, dstNames if err = r.syncPVCs( ctx, - checluster.Namespace, + srcNamespace, dstNamespace, syncConfig.Data, syncedSrcObjKeys, @@ -271,7 +270,7 @@ func (r *WorkspacesConfigReconciler) syncWorkspace(ctx context.Context, dstNames if err := r.deleteIfObjectIsObsolete( objKey, ctx, - checluster.Namespace, + srcNamespace, dstNamespace, syncConfig.Data, syncedSrcObjKeys); err != nil { diff --git a/controllers/usernamespace/workspaces_config_controller_test.go b/controllers/usernamespace/workspaces_config_controller_test.go index 586d42d96a..5becdfbf14 100644 --- a/controllers/usernamespace/workspaces_config_controller_test.go +++ b/controllers/usernamespace/workspaces_config_controller_test.go @@ -198,7 +198,7 @@ func TestBuildKey(t *testing.T) { assert.Equal(t, testCase.name, getNameItem(key)) assert.Equal(t, testCase.namespace, getNamespaceItem(key)) - assert.Equal(t, testCase.gkv.String(), item2gkv(getGkvItem(key)).String()) + assert.Equal(t, testCase.gkv, item2gkv(getGkvItem(key))) }) } } diff --git a/pkg/deploy/sync/sync.go b/pkg/deploy/sync/sync.go new file mode 100644 index 0000000000..c884e9f677 --- /dev/null +++ b/pkg/deploy/sync/sync.go @@ -0,0 +1,231 @@ +// +// Copyright (c) 2019-2024 Red Hat, Inc. +// This program and the accompanying materials are made +// available under the terms of the Eclipse Public License 2.0 +// which is available at https://www.eclipse.org/legal/epl-2.0/ +// +// SPDX-License-Identifier: EPL-2.0 +// +// Contributors: +// Red Hat, Inc. - initial API and implementation +// + +package sync + +import ( + "context" + "fmt" + "reflect" + + chev2 "github.com/eclipse-che/che-operator/api/v2" + "github.com/google/go-cmp/cmp" + "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/types" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/client" + "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil" +) + +var ( + syncLog = ctrl.Log.WithName("sync") +) + +type Syncer interface { + // Get reads object. + // Returns true if object exists otherwise returns false. + // Returns error if object cannot be retrieved otherwise returns nil. + Get(key client.ObjectKey, actual client.Object) (bool, error) + // CreateIgnoreIfExists creates object. + // Set owner reference for Eclipse Che namespace objects. + // Return true if a new object is created or object already exists, otherwise returns false. + // Returns error if object cannot be created otherwise returns nil. + CreateIgnoreIfExists(blueprint client.Object) (bool, error) + // Delete deletes object. + // Returns true if object deleted or not found otherwise returns false. + // Returns error if object cannot be deleted otherwise returns nil. + Delete(key client.ObjectKey, objectMeta client.Object) (bool, error) + // Sync syncs the blueprint to the cluster in a generic (as much as Go allows) manner. + // Returns true if object is up-to-date otherwise returns false + // Returns error if object cannot be created/updated otherwise returns nil. + Sync(blueprint client.Object, diffOpts ...cmp.Option) (bool, error) +} + +type ObjSyncer struct { + Syncer + + cheCluster *chev2.CheCluster + scheme *runtime.Scheme + cli client.Client + ctx context.Context +} + +func (s *ObjSyncer) Get(key client.ObjectKey, actual client.Object) (bool, error) { + return s.doGet(key, actual) +} + +func (s *ObjSyncer) CreateIgnoreIfExists(blueprint client.Object) (bool, error) { + return s.doCreate(blueprint, true) +} + +func (s *ObjSyncer) Delete(key client.ObjectKey, objectMeta client.Object) (bool, error) { + return s.doDelete(key, objectMeta) +} + +func (s *ObjSyncer) Sync(blueprint client.Object, diffOpts ...cmp.Option) (bool, error) { + runtimeObject, ok := blueprint.(runtime.Object) + if !ok { + return false, fmt.Errorf("object %T is not a runtime.Object. Cannot sync it", runtimeObject) + } + + // we will compare this object later with blueprint + // we can't use runtimeObject.DeepCopyObject() + actual, err := s.scheme.New(runtimeObject.GetObjectKind().GroupVersionKind()) + if err != nil { + return false, err + } + + key := types.NamespacedName{Name: blueprint.GetName(), Namespace: blueprint.GetNamespace()} + exists, err := s.doGet(key, actual.(client.Object)) + if err != nil { + return false, err + } + + // set GroupVersionKind (it might be empty) + actual.GetObjectKind().SetGroupVersionKind(runtimeObject.GetObjectKind().GroupVersionKind()) + if !exists { + return s.doCreate(blueprint, false) + } + + return s.doUpdate(actual.(client.Object), blueprint, diffOpts...) +} + +func (s *ObjSyncer) doUpdate( + actual client.Object, + blueprint client.Object, + diffOpts ...cmp.Option, +) (bool, error) { + actualMeta, ok := actual.(metav1.Object) + if !ok { + return false, fmt.Errorf("object %T is not a metav1.Object. Cannot update it", actualMeta) + } + + diff := cmp.Diff(actual, blueprint, diffOpts...) + if len(diff) > 0 { + // don't print difference if there are no diffOpts mainly to avoid huge output + if len(diffOpts) != 0 { + fmt.Printf("Difference:\n%s", diff) + } + + if isUpdateUsingDeleteCreate(actual.GetObjectKind().GroupVersionKind().Kind) { + done, err := s.doDeleteIgnoreIfNotFound(actual) + if !done { + return false, err + } + return s.doCreate(blueprint, false) + } else { + err := s.setOwnerReferenceForCheNamespaceObject(blueprint) + if err != nil { + return false, err + } + + // to be able to update, we need to set the resource version of the object that we know of + blueprint.(metav1.Object).SetResourceVersion(actualMeta.GetResourceVersion()) + err = s.cli.Update(context.TODO(), blueprint) + if err == nil { + syncLog.Info("Object updated", "namespace", actual.GetNamespace(), "kind", GetObjectType(actual), "name", actual.GetName()) + } + return false, err + } + } + + return true, nil +} + +func (s *ObjSyncer) doDelete(key client.ObjectKey, objectMeta client.Object) (bool, error) { + runtimeObject, ok := objectMeta.(runtime.Object) + if !ok { + return false, fmt.Errorf("object %T is not a runtime.Object. Cannot delete it", runtimeObject) + } + + actual := runtimeObject.DeepCopyObject().(client.Object) + exists, err := s.doGet(key, actual) + if !exists { + return true, nil + } else if err != nil { + return false, err + } + + return s.doDeleteIgnoreIfNotFound(actual) +} + +func (s *ObjSyncer) doDeleteIgnoreIfNotFound(actual client.Object) (bool, error) { + err := s.cli.Delete(s.ctx, actual) + if err == nil { + if errors.IsNotFound(err) { + syncLog.Info("Object not found", "namespace", actual.GetNamespace(), "kind", GetObjectType(actual), "name", actual.GetName()) + } else { + syncLog.Info("Object deleted", "namespace", actual.GetNamespace(), "kind", GetObjectType(actual), "name", actual.GetName()) + } + return true, nil + } else { + return false, err + } +} + +func (s *ObjSyncer) doGet( + key client.ObjectKey, + object client.Object, +) (bool, error) { + err := s.cli.Get(s.ctx, key, object) + if err == nil { + return true, nil + } else if errors.IsNotFound(err) { + return false, nil + } else { + return false, err + } +} + +func (s *ObjSyncer) doCreate( + blueprint client.Object, + returnTrueIfAlreadyExists bool, +) (bool, error) { + err := s.setOwnerReferenceForCheNamespaceObject(blueprint) + if err != nil { + return false, err + } + + err = s.cli.Create(s.ctx, blueprint) + if err == nil { + syncLog.Info("Object created", "namespace", blueprint.GetNamespace(), "kind", GetObjectType(blueprint), "name", blueprint.GetName()) + return true, nil + } else if errors.IsAlreadyExists(err) { + return returnTrueIfAlreadyExists, nil + } else { + return false, err + } +} + +func (s *ObjSyncer) setOwnerReferenceForCheNamespaceObject(blueprint metav1.Object) error { + if blueprint.GetNamespace() == s.cheCluster.Namespace { + return controllerutil.SetControllerReference(s.cheCluster, blueprint, s.scheme) + } + + // cluster scope object (empty workspace) or object in another namespace + return nil +} + +func GetObjectType(obj interface{}) string { + objType := reflect.TypeOf(obj).String() + if reflect.TypeOf(obj).Kind().String() == "ptr" { + objType = objType[1:] + } + + return objType +} + +func isUpdateUsingDeleteCreate(kind string) bool { + return "Service" == kind || "Ingress" == kind || "Route" == kind || "Job" == kind || "Secret" == kind +} From 2961586dbac0941166bff267e38916ef3e018412 Mon Sep 17 00:00:00 2001 From: Anatolii Bazko Date: Wed, 30 Oct 2024 14:58:14 +0100 Subject: [PATCH 08/10] fixup Signed-off-by: Anatolii Bazko --- .../workspaces_config_controller.go | 4 +-- .../workspaces_config_controller_test.go | 31 +++++++++++++++++++ 2 files changed, 33 insertions(+), 2 deletions(-) diff --git a/controllers/usernamespace/workspaces_config_controller.go b/controllers/usernamespace/workspaces_config_controller.go index ce61f3ee30..38e9857168 100644 --- a/controllers/usernamespace/workspaces_config_controller.go +++ b/controllers/usernamespace/workspaces_config_controller.go @@ -721,7 +721,7 @@ func buildKey(gvk schema.GroupVersionKind, name string, namespace string) string func getGkvItem(key string) string { splits := strings.Split(key, ".") - return strings.ReplaceAll(splits[0], "#", ".") + return strings.ReplaceAll(splits[0], "-", ".") } func getNameItem(key string) string { @@ -739,7 +739,7 @@ func gvk2Item(gvk schema.GroupVersionKind) string { if gvk.Group == "" { return fmt.Sprintf("%s_%s", gvk.Version, gvk.Kind) } - return fmt.Sprintf("%s_%s_%s", strings.ReplaceAll(gvk.Group, ".", "#"), gvk.Version, gvk.Kind) + return fmt.Sprintf("%s_%s_%s", strings.ReplaceAll(gvk.Group, ".", "-"), gvk.Version, gvk.Kind) } func item2gkv(item string) schema.GroupVersionKind { diff --git a/controllers/usernamespace/workspaces_config_controller_test.go b/controllers/usernamespace/workspaces_config_controller_test.go index 5becdfbf14..b46d00ba4b 100644 --- a/controllers/usernamespace/workspaces_config_controller_test.go +++ b/controllers/usernamespace/workspaces_config_controller_test.go @@ -165,6 +165,22 @@ func TestBuildKey(t *testing.T) { namespace: "eclipse-che", gkv: corev1.SchemeGroupVersion.WithKind("ConfigMap"), }, + { + name: "test_test", + namespace: "eclipse-che", + gkv: corev1.SchemeGroupVersion.WithKind("ConfigMap"), + }, + { + name: "test-test", + namespace: "eclipse-che", + gkv: corev1.SchemeGroupVersion.WithKind("ConfigMap"), + }, + { + name: "test-test_test.test-test_test.test", + namespace: "eclipse-che", + gkv: corev1.SchemeGroupVersion.WithKind("ConfigMap"), + }, + { name: "test", namespace: "eclipse-che", @@ -190,6 +206,21 @@ func TestBuildKey(t *testing.T) { namespace: "eclipse-che", gkv: rbacv1.SchemeGroupVersion.WithKind("ClusterRole"), }, + { + name: "test_test", + namespace: "eclipse-che", + gkv: rbacv1.SchemeGroupVersion.WithKind("ClusterRole"), + }, + { + name: "test-test", + namespace: "eclipse-che", + gkv: rbacv1.SchemeGroupVersion.WithKind("ClusterRole"), + }, + { + name: "test-test_test.test-test_test.test", + namespace: "eclipse-che", + gkv: rbacv1.SchemeGroupVersion.WithKind("ClusterRole"), + }, } for i, testCase := range testCases { From 69912e24d6187cb6f37a9efc15ce43ccf33ddd9e Mon Sep 17 00:00:00 2001 From: Anatolii Bazko Date: Thu, 31 Oct 2024 13:40:11 +0100 Subject: [PATCH 09/10] fixup Signed-off-by: Anatolii Bazko --- ...rkspace_cm_syncer.go => configmap2sync.go} | 31 ++++-- ..._syncer_test.go => configmap2sync_test.go} | 0 .../{workspace_pvc_syncer.go => pvc2sync.go} | 32 ++++-- ...ce_pvc_syncer_test.go => pvc2sync_test.go} | 0 ...kspace_secret_syncer.go => secret2sync.go} | 31 ++++-- ...ret_syncer_test.go => secret2sync_test.go} | 0 ...uctured_syncer.go => unstructured2sync.go} | 24 +++-- ...ncer_test.go => unstructured2sync_test.go} | 0 .../workspaces_config_controller.go | 88 +++++------------ .../workspaces_config_controller_test.go | 31 ------ .../workspaces_config_diff_helper.go | 99 +++++++++++++++++++ .../workspaces_config_diff_helper_test.go | 83 ++++++++++++++++ 12 files changed, 289 insertions(+), 130 deletions(-) rename controllers/usernamespace/{workspace_cm_syncer.go => configmap2sync.go} (65%) rename controllers/usernamespace/{workspace_cm_syncer_test.go => configmap2sync_test.go} (100%) rename controllers/usernamespace/{workspace_pvc_syncer.go => pvc2sync.go} (62%) rename controllers/usernamespace/{workspace_pvc_syncer_test.go => pvc2sync_test.go} (100%) rename controllers/usernamespace/{workspace_secret_syncer.go => secret2sync.go} (66%) rename controllers/usernamespace/{workspace_secret_syncer_test.go => secret2sync_test.go} (100%) rename controllers/usernamespace/{workspace_unstructured_syncer.go => unstructured2sync.go} (78%) rename controllers/usernamespace/{workspace_unstructured_syncer_test.go => unstructured2sync_test.go} (100%) create mode 100644 controllers/usernamespace/workspaces_config_diff_helper.go create mode 100644 controllers/usernamespace/workspaces_config_diff_helper_test.go diff --git a/controllers/usernamespace/workspace_cm_syncer.go b/controllers/usernamespace/configmap2sync.go similarity index 65% rename from controllers/usernamespace/workspace_cm_syncer.go rename to controllers/usernamespace/configmap2sync.go index 6bcbd577a7..64f1775454 100644 --- a/controllers/usernamespace/workspace_cm_syncer.go +++ b/controllers/usernamespace/configmap2sync.go @@ -15,6 +15,8 @@ package usernamespace import ( dwconstants "github.com/devfile/devworkspace-operator/pkg/constants" "github.com/eclipse-che/che-operator/pkg/common/utils" + "github.com/google/go-cmp/cmp" + "github.com/google/go-cmp/cmp/cmpopts" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime/schema" @@ -25,24 +27,24 @@ var ( v1ConfigMapGKV = corev1.SchemeGroupVersion.WithKind("ConfigMap") ) -type cmWorkspaceSyncObject struct { - WorkspaceSyncObject +type configMap2Sync struct { + Object2Sync cm *corev1.ConfigMap } -func newCMWorkspaceSyncObject(cm *corev1.ConfigMap) *cmWorkspaceSyncObject { - return &cmWorkspaceSyncObject{cm: cm} +func newCM2Sync(cm *corev1.ConfigMap) *configMap2Sync { + return &configMap2Sync{cm: cm} } -func (p *cmWorkspaceSyncObject) getSrcObject() client.Object { +func (p *configMap2Sync) getSrcObject() client.Object { return p.cm } -func (p *cmWorkspaceSyncObject) getGKV() schema.GroupVersionKind { +func (p *configMap2Sync) getGKV() schema.GroupVersionKind { return v1ConfigMapGKV } -func (p *cmWorkspaceSyncObject) newDstObject() client.Object { +func (p *configMap2Sync) newDstObject() client.Object { dst := p.cm.DeepCopyObject() // We have to set the ObjectMeta fields explicitly, because // existed object contains unnecessary fields that we don't want to copy @@ -60,10 +62,21 @@ func (p *cmWorkspaceSyncObject) newDstObject() client.Object { return dst.(client.Object) } -func (p *cmWorkspaceSyncObject) getSrcObjectVersion() string { +func (p *configMap2Sync) getSrcObjectVersion() string { return p.cm.GetResourceVersion() } -func (p *cmWorkspaceSyncObject) hasROSpec() bool { +func (p *configMap2Sync) hasROSpec() bool { return false } + +func (p *configMap2Sync) isDiff(obj client.Object) bool { + return isLabelsOrAnnotationsDiff(p.cm, obj) || + cmp.Diff( + p.cm, + obj, + cmp.Options{ + cmpopts.IgnoreTypes(metav1.ObjectMeta{}), + cmpopts.IgnoreTypes(metav1.TypeMeta{}), + }) != "" +} diff --git a/controllers/usernamespace/workspace_cm_syncer_test.go b/controllers/usernamespace/configmap2sync_test.go similarity index 100% rename from controllers/usernamespace/workspace_cm_syncer_test.go rename to controllers/usernamespace/configmap2sync_test.go diff --git a/controllers/usernamespace/workspace_pvc_syncer.go b/controllers/usernamespace/pvc2sync.go similarity index 62% rename from controllers/usernamespace/workspace_pvc_syncer.go rename to controllers/usernamespace/pvc2sync.go index e87d1ba0e9..58ae367b1a 100644 --- a/controllers/usernamespace/workspace_pvc_syncer.go +++ b/controllers/usernamespace/pvc2sync.go @@ -13,6 +13,8 @@ package usernamespace import ( + "github.com/google/go-cmp/cmp" + "github.com/google/go-cmp/cmp/cmpopts" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime/schema" @@ -23,26 +25,26 @@ var ( v1PvcGKV = corev1.SchemeGroupVersion.WithKind("PersistentVolumeClaim") ) -type pvcWorkspaceSyncObject struct { - WorkspaceSyncObject +type pvc2Sync struct { + Object2Sync pvc *corev1.PersistentVolumeClaim } -func newPvcWorkspaceSyncObject(pvc *corev1.PersistentVolumeClaim) *pvcWorkspaceSyncObject { - return &pvcWorkspaceSyncObject{ +func newPvc2Sync(pvc *corev1.PersistentVolumeClaim) *pvc2Sync { + return &pvc2Sync{ pvc: pvc, } } -func (p *pvcWorkspaceSyncObject) getGKV() schema.GroupVersionKind { +func (p *pvc2Sync) getGKV() schema.GroupVersionKind { return v1PvcGKV } -func (p *pvcWorkspaceSyncObject) getSrcObject() client.Object { +func (p *pvc2Sync) getSrcObject() client.Object { return p.pvc } -func (p *pvcWorkspaceSyncObject) newDstObject() client.Object { +func (p *pvc2Sync) newDstObject() client.Object { dst := p.pvc.DeepCopyObject() // We have to set the ObjectMeta fields explicitly, because // existed object contains unnecessary fields that we don't want to copy @@ -56,10 +58,22 @@ func (p *pvcWorkspaceSyncObject) newDstObject() client.Object { return dst.(client.Object) } -func (p *pvcWorkspaceSyncObject) getSrcObjectVersion() string { +func (p *pvc2Sync) getSrcObjectVersion() string { return p.pvc.GetResourceVersion() } -func (p *pvcWorkspaceSyncObject) hasROSpec() bool { +func (p *pvc2Sync) hasROSpec() bool { return true } + +func (p *pvc2Sync) isDiff(obj client.Object) bool { + return isLabelsOrAnnotationsDiff(p.pvc, obj) || + cmp.Diff( + p.pvc, + obj, + cmp.Options{ + cmpopts.IgnoreTypes(metav1.ObjectMeta{}), + cmpopts.IgnoreTypes(metav1.TypeMeta{}), + cmpopts.IgnoreTypes(corev1.PersistentVolumeClaimStatus{}), + }) != "" +} diff --git a/controllers/usernamespace/workspace_pvc_syncer_test.go b/controllers/usernamespace/pvc2sync_test.go similarity index 100% rename from controllers/usernamespace/workspace_pvc_syncer_test.go rename to controllers/usernamespace/pvc2sync_test.go diff --git a/controllers/usernamespace/workspace_secret_syncer.go b/controllers/usernamespace/secret2sync.go similarity index 66% rename from controllers/usernamespace/workspace_secret_syncer.go rename to controllers/usernamespace/secret2sync.go index 4e807c5244..5b553651cb 100644 --- a/controllers/usernamespace/workspace_secret_syncer.go +++ b/controllers/usernamespace/secret2sync.go @@ -15,6 +15,8 @@ package usernamespace import ( dwconstants "github.com/devfile/devworkspace-operator/pkg/constants" "github.com/eclipse-che/che-operator/pkg/common/utils" + "github.com/google/go-cmp/cmp" + "github.com/google/go-cmp/cmp/cmpopts" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime/schema" @@ -25,26 +27,26 @@ var ( v1SecretGKV = corev1.SchemeGroupVersion.WithKind("Secret") ) -type secretWorkspaceSyncObject struct { - WorkspaceSyncObject +type secret2Sync struct { + Object2Sync secret *corev1.Secret } -func newSecretWorkspaceSyncObject(secret *corev1.Secret) *secretWorkspaceSyncObject { - return &secretWorkspaceSyncObject{ +func newSecret2Sync(secret *corev1.Secret) *secret2Sync { + return &secret2Sync{ secret: secret, } } -func (p *secretWorkspaceSyncObject) getGKV() schema.GroupVersionKind { +func (p *secret2Sync) getGKV() schema.GroupVersionKind { return v1SecretGKV } -func (p *secretWorkspaceSyncObject) getSrcObject() client.Object { +func (p *secret2Sync) getSrcObject() client.Object { return p.secret } -func (p *secretWorkspaceSyncObject) newDstObject() client.Object { +func (p *secret2Sync) newDstObject() client.Object { dst := p.secret.DeepCopyObject() // We have to set the ObjectMeta fields explicitly, because // existed object contains unnecessary fields that we don't want to copy @@ -62,10 +64,21 @@ func (p *secretWorkspaceSyncObject) newDstObject() client.Object { return dst.(client.Object) } -func (p *secretWorkspaceSyncObject) getSrcObjectVersion() string { +func (p *secret2Sync) getSrcObjectVersion() string { return p.secret.GetResourceVersion() } -func (p *secretWorkspaceSyncObject) hasROSpec() bool { +func (p *secret2Sync) hasROSpec() bool { return false } + +func (p *secret2Sync) isDiff(obj client.Object) bool { + return isLabelsOrAnnotationsDiff(p.secret, obj) || + cmp.Diff( + p.secret, + obj, + cmp.Options{ + cmpopts.IgnoreTypes(metav1.ObjectMeta{}), + cmpopts.IgnoreTypes(metav1.TypeMeta{}), + }) != "" +} diff --git a/controllers/usernamespace/workspace_secret_syncer_test.go b/controllers/usernamespace/secret2sync_test.go similarity index 100% rename from controllers/usernamespace/workspace_secret_syncer_test.go rename to controllers/usernamespace/secret2sync_test.go diff --git a/controllers/usernamespace/workspace_unstructured_syncer.go b/controllers/usernamespace/unstructured2sync.go similarity index 78% rename from controllers/usernamespace/workspace_unstructured_syncer.go rename to controllers/usernamespace/unstructured2sync.go index 827513aff9..d3bef5a3ea 100644 --- a/controllers/usernamespace/workspace_unstructured_syncer.go +++ b/controllers/usernamespace/unstructured2sync.go @@ -30,18 +30,18 @@ const ( PROJECT_NAME = "${PROJECT_NAME}" ) -type unstructuredSyncer struct { - WorkspaceSyncObject +type unstructured2Sync struct { + Object2Sync srcObj client.Object dstObj client.Object hash string } -func newUnstructuredSyncer( +func newUnstructured2Sync( raw []byte, userName string, - namespaceName string) (*unstructuredSyncer, error) { + namespaceName string) (*unstructured2Sync, error) { hash := utils.ComputeHash256(raw) @@ -56,22 +56,22 @@ func newUnstructuredSyncer( dstObj := srcObj.DeepCopyObject() - return &unstructuredSyncer{ + return &unstructured2Sync{ srcObj: srcObj, dstObj: dstObj.(client.Object), hash: hash, }, nil } -func (p *unstructuredSyncer) getSrcObject() client.Object { +func (p *unstructured2Sync) getSrcObject() client.Object { return p.srcObj } -func (p *unstructuredSyncer) getGKV() schema.GroupVersionKind { +func (p *unstructured2Sync) getGKV() schema.GroupVersionKind { return p.srcObj.GetObjectKind().GroupVersionKind() } -func (p *unstructuredSyncer) newDstObject() client.Object { +func (p *unstructured2Sync) newDstObject() client.Object { dstObj := p.dstObj.DeepCopyObject().(client.Object) switch dstObj.GetObjectKind().GroupVersionKind() { @@ -98,10 +98,14 @@ func (p *unstructuredSyncer) newDstObject() client.Object { return dstObj } -func (p *unstructuredSyncer) getSrcObjectVersion() string { +func (p *unstructured2Sync) getSrcObjectVersion() string { return p.hash } -func (p *unstructuredSyncer) hasROSpec() bool { +func (p *unstructured2Sync) hasROSpec() bool { return p.dstObj.GetObjectKind().GroupVersionKind() == v1PvcGKV } + +func (p *unstructured2Sync) isDiff(obj client.Object) bool { + return isLabelsOrAnnotationsDiff(p.srcObj, obj) || isUnstructuredDiff(p.srcObj, obj) +} diff --git a/controllers/usernamespace/workspace_unstructured_syncer_test.go b/controllers/usernamespace/unstructured2sync_test.go similarity index 100% rename from controllers/usernamespace/workspace_unstructured_syncer_test.go rename to controllers/usernamespace/unstructured2sync_test.go diff --git a/controllers/usernamespace/workspaces_config_controller.go b/controllers/usernamespace/workspaces_config_controller.go index 38e9857168..2b9b2449c9 100644 --- a/controllers/usernamespace/workspaces_config_controller.go +++ b/controllers/usernamespace/workspaces_config_controller.go @@ -20,11 +20,8 @@ import ( rbacv1 "k8s.io/api/rbac/v1" "github.com/devfile/devworkspace-operator/pkg/infrastructure" - "github.com/eclipse-che/che-operator/pkg/common/utils" - "github.com/google/go-cmp/cmp" - "github.com/google/go-cmp/cmp/cmpopts" - "github.com/eclipse-che/che-operator/pkg/common/constants" + "github.com/eclipse-che/che-operator/pkg/common/utils" "github.com/eclipse-che/che-operator/pkg/deploy" templatev1 "github.com/openshift/api/template/v1" corev1 "k8s.io/api/core/v1" @@ -51,19 +48,20 @@ type WorkspacesConfigReconciler struct { namespaceCache *namespaceCache } -type WorkspaceSyncObject interface { +type Object2Sync interface { getGKV() schema.GroupVersionKind hasROSpec() bool getSrcObject() client.Object getSrcObjectVersion() string newDstObject() client.Object + isDiff(obj client.Object) bool } type syncContext struct { dstNamespace string srcNamespace string ctx context.Context - wsSyncObject WorkspaceSyncObject + object2Sync Object2Sync syncConfig map[string]string } @@ -308,7 +306,7 @@ func (r *WorkspacesConfigReconciler) syncConfigMaps( &syncContext{ dstNamespace: dstNamespace, srcNamespace: srcNamespace, - wsSyncObject: newCMWorkspaceSyncObject(&cm), + object2Sync: newCM2Sync(&cm), syncConfig: syncConfig, ctx: ctx, }); err != nil { @@ -345,7 +343,7 @@ func (r *WorkspacesConfigReconciler) syncSecretes( &syncContext{ dstNamespace: dstNamespace, srcNamespace: srcNamespace, - wsSyncObject: newSecretWorkspaceSyncObject(&secret), + object2Sync: newSecret2Sync(&secret), syncConfig: syncConfig, ctx: ctx, }); err != nil { @@ -382,7 +380,7 @@ func (r *WorkspacesConfigReconciler) syncPVCs( &syncContext{ dstNamespace: dstNamespace, srcNamespace: srcNamespace, - wsSyncObject: newPvcWorkspaceSyncObject(&pvc), + object2Sync: newPvc2Sync(&pvc), syncConfig: syncConfig, ctx: ctx, }); err != nil { @@ -421,7 +419,7 @@ func (r *WorkspacesConfigReconciler) syncTemplates( for _, template := range templates.Items { for _, object := range template.Objects { - wsSyncObject, err := newUnstructuredSyncer(object.Raw, nsInfo.Username, dstNamespace) + object2Sync, err := newUnstructured2Sync(object.Raw, nsInfo.Username, dstNamespace) if err != nil { return err } @@ -430,14 +428,14 @@ func (r *WorkspacesConfigReconciler) syncTemplates( &syncContext{ dstNamespace: dstNamespace, srcNamespace: srcNamespace, - wsSyncObject: wsSyncObject, + object2Sync: object2Sync, syncConfig: syncConfig, ctx: ctx, }); err != nil { return err } - srcObjKey := buildKey(wsSyncObject.getGKV(), wsSyncObject.getSrcObject().GetName(), srcNamespace) + srcObjKey := buildKey(object2Sync.getGKV(), object2Sync.getSrcObject().GetName(), srcNamespace) syncedSrcObjKeys[srcObjKey] = true } } @@ -448,10 +446,10 @@ func (r *WorkspacesConfigReconciler) syncTemplates( // syncObject syncs object to a user destination namespace. // Returns error if sync failed in a destination namespace. func (r *WorkspacesConfigReconciler) syncObject(syncContext *syncContext) error { - dstObj := syncContext.wsSyncObject.newDstObject() + dstObj := syncContext.object2Sync.newDstObject() dstObj.SetNamespace(syncContext.dstNamespace) // ensure the name is the same as the source object - dstObj.SetName(syncContext.wsSyncObject.getSrcObject().GetName()) + dstObj.SetName(syncContext.object2Sync.getSrcObject().GetName()) // set mandatory labels dstObj.SetLabels(utils.MergeMaps( []map[string]string{ @@ -466,7 +464,7 @@ func (r *WorkspacesConfigReconciler) syncObject(syncContext *syncContext) error if err := r.syncObjectIfDiffers(syncContext, dstObj); err != nil { logger.Error(err, "Failed to sync object", "namespace", syncContext.dstNamespace, - "kind", gvk2PrintString(syncContext.wsSyncObject.getGKV()), + "kind", gvk2PrintString(syncContext.object2Sync.getGKV()), "name", dstObj.GetName()) return err } @@ -480,7 +478,7 @@ func (r *WorkspacesConfigReconciler) syncObjectIfDiffers( syncContext *syncContext, dstObj client.Object) error { - existedDstObj, err := r.scheme.New(syncContext.wsSyncObject.getGKV()) + existedDstObj, err := r.scheme.New(syncContext.object2Sync.getGKV()) if err != nil { return err } @@ -491,23 +489,23 @@ func (r *WorkspacesConfigReconciler) syncObjectIfDiffers( err = r.client.Get(syncContext.ctx, existedDstObjKey, existedDstObj.(client.Object)) if err == nil { - srcObj := syncContext.wsSyncObject.getSrcObject() + srcObj := syncContext.object2Sync.getSrcObject() - srcObjKey := buildKey(syncContext.wsSyncObject.getGKV(), srcObj.GetName(), syncContext.srcNamespace) - dstObjKey := buildKey(syncContext.wsSyncObject.getGKV(), dstObj.GetName(), syncContext.dstNamespace) + srcObjKey := buildKey(syncContext.object2Sync.getGKV(), srcObj.GetName(), syncContext.srcNamespace) + dstObjKey := buildKey(syncContext.object2Sync.getGKV(), dstObj.GetName(), syncContext.dstNamespace) - srcHasBeenChanged := syncContext.syncConfig[srcObjKey] != syncContext.wsSyncObject.getSrcObjectVersion() + srcHasBeenChanged := syncContext.syncConfig[srcObjKey] != syncContext.object2Sync.getSrcObjectVersion() dstHasBeenChanged := syncContext.syncConfig[dstObjKey] != existedDstObj.(client.Object).GetResourceVersion() if srcHasBeenChanged || dstHasBeenChanged { // destination object exists, and it differs from the source object, // so it will be updated - if syncContext.wsSyncObject.hasROSpec() { + if syncContext.object2Sync.hasROSpec() { // Skip updating objects with readonly spec. // Admin has to re-create them to update just update resource versions logger.Info("Object skipped since has readonly spec, re-create it to update", "namespace", dstObj.GetNamespace(), - "kind", gvk2PrintString(syncContext.wsSyncObject.getGKV()), + "kind", gvk2PrintString(syncContext.object2Sync.getGKV()), "name", dstObj.GetName()) r.doUpdateSyncConfig(syncContext, existedDstObj.(client.Object)) @@ -550,7 +548,7 @@ func (r *WorkspacesConfigReconciler) doCreateObject( } logger.Info("Object created", "namespace", dstObj.GetNamespace(), - "kind", gvk2PrintString(syncContext.wsSyncObject.getGKV()), + "kind", gvk2PrintString(syncContext.object2Sync.getGKV()), "name", dstObj.GetName()) return nil @@ -584,7 +582,7 @@ func (r *WorkspacesConfigReconciler) doUpdateObject( } logger.Info("Object updated", "namespace", dstObj.GetNamespace(), - "kind", gvk2PrintString(syncContext.wsSyncObject.getGKV()), + "kind", gvk2PrintString(syncContext.object2Sync.getGKV()), "name", dstObj.GetName()) return nil @@ -592,12 +590,12 @@ func (r *WorkspacesConfigReconciler) doUpdateObject( // doUpdateSyncConfig updates sync config with resource versions of synced objects. func (r *WorkspacesConfigReconciler) doUpdateSyncConfig(syncContext *syncContext, dstObj client.Object) { - srcObj := syncContext.wsSyncObject.getSrcObject() + srcObj := syncContext.object2Sync.getSrcObject() - srcObjKey := buildKey(syncContext.wsSyncObject.getGKV(), srcObj.GetName(), syncContext.srcNamespace) - dstObjKey := buildKey(syncContext.wsSyncObject.getGKV(), dstObj.GetName(), syncContext.dstNamespace) + srcObjKey := buildKey(syncContext.object2Sync.getGKV(), srcObj.GetName(), syncContext.srcNamespace) + dstObjKey := buildKey(syncContext.object2Sync.getGKV(), dstObj.GetName(), syncContext.dstNamespace) - syncContext.syncConfig[srcObjKey] = syncContext.wsSyncObject.getSrcObjectVersion() + syncContext.syncConfig[srcObjKey] = syncContext.object2Sync.getSrcObjectVersion() syncContext.syncConfig[dstObjKey] = dstObj.GetResourceVersion() } @@ -643,40 +641,6 @@ func (r *WorkspacesConfigReconciler) deleteIfObjectIsObsolete( return nil } -// isDiff checks if the given objects are different. -// The rules are following: -// - if labels of the source object are absent in the destination object, -// then the objects considered different -// - if annotations of the source object are absent in the destination object, -// then the objects considered different -// - if the rest fields of the objects are different, -// then the objects considered different -func isDiff(src client.Object, dst client.Object) bool { - if src.GetLabels() != nil { - for key, value := range src.GetLabels() { - if dst.GetLabels()[key] != value { - return true - } - } - } - - if src.GetAnnotations() != nil { - for key, value := range src.GetAnnotations() { - if dst.GetAnnotations()[key] != value { - return true - } - } - } - - return cmp.Diff( - src, - dst, - cmp.Options{ - cmpopts.IgnoreTypes(metav1.ObjectMeta{}), - cmpopts.IgnoreTypes(metav1.TypeMeta{}), - }) != "" -} - // getSyncConfig returns ConfigMap with synced objects resource versions. // Returns error if ConfigMap failed to be retrieved. func (r *WorkspacesConfigReconciler) getSyncConfig(ctx context.Context, namespace string) (*corev1.ConfigMap, error) { diff --git a/controllers/usernamespace/workspaces_config_controller_test.go b/controllers/usernamespace/workspaces_config_controller_test.go index b46d00ba4b..c266a1f307 100644 --- a/controllers/usernamespace/workspaces_config_controller_test.go +++ b/controllers/usernamespace/workspaces_config_controller_test.go @@ -116,37 +116,6 @@ func TestGetEmptySyncConfig(t *testing.T) { assert.Equal(t, deploy.GetManagedByLabel(), cm.Labels[constants.KubernetesManagedByLabelKey]) } -func TestIsDiff(t *testing.T) { - src := &corev1.ConfigMap{ - TypeMeta: metav1.TypeMeta{ - Kind: "ConfigMap", - APIVersion: "v1", - }, - ObjectMeta: metav1.ObjectMeta{ - Name: "test", - Namespace: "eclipse-che", - Labels: map[string]string{}, - Annotations: map[string]string{}, - }, - } - - dst := &corev1.ConfigMap{ - TypeMeta: metav1.TypeMeta{ - Kind: "ConfigMap", - APIVersion: "v1", - }, - ObjectMeta: metav1.ObjectMeta{ - Name: "test", - Namespace: "eclipse-che", - Labels: map[string]string{"a": "b"}, - Annotations: map[string]string{"c": "d"}, - }, - } - - changed := isDiff(src, dst) - assert.False(t, changed) -} - func TestBuildKey(t *testing.T) { type testCase struct { name string diff --git a/controllers/usernamespace/workspaces_config_diff_helper.go b/controllers/usernamespace/workspaces_config_diff_helper.go new file mode 100644 index 0000000000..80b98ad7ea --- /dev/null +++ b/controllers/usernamespace/workspaces_config_diff_helper.go @@ -0,0 +1,99 @@ +// +// Copyright (c) 2019-2024 Red Hat, Inc. +// This program and the accompanying materials are made +// available under the terms of the Eclipse Public License 2.0 +// which is available at https://www.eclipse.org/legal/epl-2.0/ +// +// SPDX-License-Identifier: EPL-2.0 +// +// Contributors: +// Red Hat, Inc. - initial API and implementation +// + +package usernamespace + +import ( + "encoding/json" + + "github.com/google/go-cmp/cmp" + "github.com/google/go-cmp/cmp/cmpopts" + "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" + + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "sigs.k8s.io/controller-runtime/pkg/client" +) + +// isDiff checks if the given objects are different. +// The rules are following: +// - if labels of the source object are absent in the destination object, +// then the objects considered different +// - if annotations of the source object are absent in the destination object, +// then the objects considered different +// - if the rest fields of the objects are different, +// then the objects considered different +func isDiff(src client.Object, dst client.Object) bool { + _, isSrcUnstructured := src.(*unstructured.Unstructured) + _, isDstUnstructured := dst.(*unstructured.Unstructured) + + if !isSrcUnstructured && !isDstUnstructured { + return isLabelsOrAnnotationsDiff(src, dst) || + cmp.Diff( + src, + dst, + cmp.Options{ + cmpopts.IgnoreTypes(metav1.ObjectMeta{}), + cmpopts.IgnoreTypes(metav1.TypeMeta{}), + }) != "" + } + + return isUnstructuredDiff(src, dst) +} + +func isUnstructuredDiff(src client.Object, dst client.Object) bool { + srcUnstructured := toUnstructured(src) + delete(srcUnstructured.Object, "metadata") + delete(srcUnstructured.Object, "status") + + dstUnstructured := toUnstructured(dst) + delete(dstUnstructured.Object, "metadata") + delete(dstUnstructured.Object, "status") + + return cmp.Diff(srcUnstructured, dstUnstructured) != "" +} + +func isLabelsOrAnnotationsDiff(src client.Object, dst client.Object) bool { + if src.GetLabels() != nil { + for key, value := range src.GetLabels() { + if dst.GetLabels()[key] != value { + return true + } + } + } + + if src.GetAnnotations() != nil { + for key, value := range src.GetAnnotations() { + if dst.GetAnnotations()[key] != value { + return true + } + } + } + + return false +} + +func toUnstructured(src client.Object) *unstructured.Unstructured { + data, err := json.Marshal(src) + if err != nil { + logger.Error(err, "Failed to marshal object") + return nil + } + + unstructuredObj := &unstructured.Unstructured{} + err = unstructuredObj.UnmarshalJSON(data) + if err != nil { + logger.Error(err, "Failed to unmarshal object") + return nil + } + + return unstructuredObj +} diff --git a/controllers/usernamespace/workspaces_config_diff_helper_test.go b/controllers/usernamespace/workspaces_config_diff_helper_test.go new file mode 100644 index 0000000000..1d191e4d41 --- /dev/null +++ b/controllers/usernamespace/workspaces_config_diff_helper_test.go @@ -0,0 +1,83 @@ +// +// Copyright (c) 2019-2024 Red Hat, Inc. +// This program and the accompanying materials are made +// available under the terms of the Eclipse Public License 2.0 +// which is available at https://www.eclipse.org/legal/epl-2.0/ +// +// SPDX-License-Identifier: EPL-2.0 +// +// Contributors: +// Red Hat, Inc. - initial API and implementation +// + +package usernamespace + +import ( + "testing" + + "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" + "sigs.k8s.io/yaml" + + "github.com/stretchr/testify/assert" + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +func TestIsDiff(t *testing.T) { + src := &corev1.ConfigMap{ + TypeMeta: metav1.TypeMeta{ + Kind: "ConfigMap", + APIVersion: "v1", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "test", + Namespace: "eclipse-che", + Labels: map[string]string{}, + Annotations: map[string]string{}, + }, + } + + dst := &corev1.ConfigMap{ + TypeMeta: metav1.TypeMeta{ + Kind: "ConfigMap", + APIVersion: "v1", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "test", + Namespace: "eclipse-che", + Labels: map[string]string{"a": "b"}, + Annotations: map[string]string{"c": "d"}, + }, + } + + changed := isDiff(src, dst) + assert.False(t, changed) +} + +func TestIsDiffUnstructured(t *testing.T) { + pvc := &corev1.PersistentVolumeClaim{ + TypeMeta: metav1.TypeMeta{ + Kind: "PersistentVolumeClaim", + APIVersion: "v1", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "test", + Namespace: "eclipse-che", + Labels: map[string]string{}, + Annotations: map[string]string{}, + }, + Spec: corev1.PersistentVolumeClaimSpec{ + VolumeName: "test", + }, + } + + data, err := yaml.Marshal(pvc) + assert.NoError(t, err) + + unstructuredPvc := &unstructured.Unstructured{} + err = yaml.Unmarshal(data, unstructuredPvc) + assert.NoError(t, err) + + changed := isDiff(pvc, unstructuredPvc) + assert.False(t, changed) +} From 09487842756d66fd827c2d89a3aa769035a34377 Mon Sep 17 00:00:00 2001 From: Anatolii Bazko Date: Mon, 4 Nov 2024 14:56:23 +0100 Subject: [PATCH 10/10] fixup Signed-off-by: Anatolii Bazko --- .../che-operator.clusterserviceversion.yaml | 16 +- config/rbac/cluster_role.yaml | 12 ++ controllers/usernamespace/configmap2sync.go | 28 +--- .../usernamespace/configmap2sync_test.go | 18 +-- .../usernamespace/object2sync_factory.go | 114 ++++++++++++++ controllers/usernamespace/pvc2sync.go | 31 +--- controllers/usernamespace/pvc2sync_test.go | 8 +- controllers/usernamespace/secret2sync.go | 30 +--- controllers/usernamespace/secret2sync_test.go | 18 +-- .../usernamespace/unstructured2sync.go | 74 +-------- .../usernamespace/unstructured2sync_test.go | 12 +- .../workspaces_config_controller.go | 149 +++++------------- .../workspaces_config_diff_helper.go | 64 +++++--- deploy/deployment/kubernetes/combined.yaml | 12 ++ .../objects/che-operator.ClusterRole.yaml | 12 ++ deploy/deployment/openshift/combined.yaml | 12 ++ .../objects/che-operator.ClusterRole.yaml | 12 ++ .../templates/che-operator.ClusterRole.yaml | 12 ++ main.go | 3 + 19 files changed, 334 insertions(+), 303 deletions(-) create mode 100644 controllers/usernamespace/object2sync_factory.go diff --git a/bundle/next/eclipse-che/manifests/che-operator.clusterserviceversion.yaml b/bundle/next/eclipse-che/manifests/che-operator.clusterserviceversion.yaml index 1bd953bd0e..24bc9be38e 100644 --- a/bundle/next/eclipse-che/manifests/che-operator.clusterserviceversion.yaml +++ b/bundle/next/eclipse-che/manifests/che-operator.clusterserviceversion.yaml @@ -104,7 +104,7 @@ metadata: operators.operatorframework.io/project_layout: go.kubebuilder.io/v3 repository: https://github.com/eclipse-che/che-operator support: Eclipse Foundation - name: eclipse-che.v7.94.0-892.next + name: eclipse-che.v7.94.0-893.next namespace: placeholder spec: apiservicedefinitions: {} @@ -847,6 +847,18 @@ spec: - patch - watch - list + - apiGroups: + - networking.k8s.io + resources: + - networkpolicies + verbs: + - create + - delete + - get + - update + - patch + - watch + - list - apiGroups: - template.openshift.io resources: @@ -1061,7 +1073,7 @@ spec: minKubeVersion: 1.19.0 provider: name: Eclipse Foundation - version: 7.94.0-892.next + version: 7.94.0-893.next webhookdefinitions: - admissionReviewVersions: - v1 diff --git a/config/rbac/cluster_role.yaml b/config/rbac/cluster_role.yaml index ecb1f1aa98..109b539ed8 100644 --- a/config/rbac/cluster_role.yaml +++ b/config/rbac/cluster_role.yaml @@ -358,6 +358,18 @@ rules: - patch - watch - list + - apiGroups: + - networking.k8s.io + resources: + - networkpolicies + verbs: + - create + - delete + - get + - update + - patch + - watch + - list - apiGroups: - template.openshift.io resources: diff --git a/controllers/usernamespace/configmap2sync.go b/controllers/usernamespace/configmap2sync.go index 64f1775454..ad7200a09e 100644 --- a/controllers/usernamespace/configmap2sync.go +++ b/controllers/usernamespace/configmap2sync.go @@ -15,25 +15,17 @@ package usernamespace import ( dwconstants "github.com/devfile/devworkspace-operator/pkg/constants" "github.com/eclipse-che/che-operator/pkg/common/utils" - "github.com/google/go-cmp/cmp" - "github.com/google/go-cmp/cmp/cmpopts" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime/schema" "sigs.k8s.io/controller-runtime/pkg/client" ) -var ( - v1ConfigMapGKV = corev1.SchemeGroupVersion.WithKind("ConfigMap") -) - type configMap2Sync struct { Object2Sync - cm *corev1.ConfigMap -} -func newCM2Sync(cm *corev1.ConfigMap) *configMap2Sync { - return &configMap2Sync{cm: cm} + cm *corev1.ConfigMap + version string } func (p *configMap2Sync) getSrcObject() client.Object { @@ -63,20 +55,12 @@ func (p *configMap2Sync) newDstObject() client.Object { } func (p *configMap2Sync) getSrcObjectVersion() string { - return p.cm.GetResourceVersion() + if len(p.version) == 0 { + return p.cm.GetResourceVersion() + } + return p.version } func (p *configMap2Sync) hasROSpec() bool { return false } - -func (p *configMap2Sync) isDiff(obj client.Object) bool { - return isLabelsOrAnnotationsDiff(p.cm, obj) || - cmp.Diff( - p.cm, - obj, - cmp.Options{ - cmpopts.IgnoreTypes(metav1.ObjectMeta{}), - cmpopts.IgnoreTypes(metav1.TypeMeta{}), - }) != "" -} diff --git a/controllers/usernamespace/configmap2sync_test.go b/controllers/usernamespace/configmap2sync_test.go index 2a7bf838ec..6f151ac253 100644 --- a/controllers/usernamespace/configmap2sync_test.go +++ b/controllers/usernamespace/configmap2sync_test.go @@ -82,7 +82,7 @@ func TestSyncConfigMap(t *testing.T) { }) // Sync ConfigMap - err := workspaceConfigReconciler.syncWorkspace(context.TODO(), eclipseCheNamespace, userNamespace) + err := workspaceConfigReconciler.syncNamespace(context.TODO(), eclipseCheNamespace, userNamespace) assert.Nil(t, err) assertSyncConfig(t, workspaceConfigReconciler, 2, v1ConfigMapGKV) @@ -106,7 +106,7 @@ func TestSyncConfigMap(t *testing.T) { assert.Nil(t, err) // Sync ConfigMap - err = workspaceConfigReconciler.syncWorkspace(context.TODO(), eclipseCheNamespace, userNamespace) + err = workspaceConfigReconciler.syncNamespace(context.TODO(), eclipseCheNamespace, userNamespace) assert.Nil(t, err) assertSyncConfig(t, workspaceConfigReconciler, 2, v1ConfigMapGKV) @@ -130,7 +130,7 @@ func TestSyncConfigMap(t *testing.T) { assert.Nil(t, err) // Sync ConfigMap - err = workspaceConfigReconciler.syncWorkspace(context.TODO(), eclipseCheNamespace, userNamespace) + err = workspaceConfigReconciler.syncNamespace(context.TODO(), eclipseCheNamespace, userNamespace) assert.Nil(t, err) assertSyncConfig(t, workspaceConfigReconciler, 2, v1ConfigMapGKV) @@ -155,7 +155,7 @@ func TestSyncConfigMap(t *testing.T) { assert.Nil(t, err) // Sync ConfigMap - err = workspaceConfigReconciler.syncWorkspace(context.TODO(), eclipseCheNamespace, userNamespace) + err = workspaceConfigReconciler.syncNamespace(context.TODO(), eclipseCheNamespace, userNamespace) assert.Nil(t, err) assertSyncConfig(t, workspaceConfigReconciler, 2, v1ConfigMapGKV) @@ -177,7 +177,7 @@ func TestSyncConfigMap(t *testing.T) { assert.Nil(t, err) // Sync ConfigMap - err = workspaceConfigReconciler.syncWorkspace(context.TODO(), eclipseCheNamespace, userNamespace) + err = workspaceConfigReconciler.syncNamespace(context.TODO(), eclipseCheNamespace, userNamespace) assert.Nil(t, err) assertSyncConfig(t, workspaceConfigReconciler, 2, v1ConfigMapGKV) @@ -197,7 +197,7 @@ func TestSyncConfigMap(t *testing.T) { assert.Nil(t, err) // Sync ConfigMap - err = workspaceConfigReconciler.syncWorkspace(context.TODO(), eclipseCheNamespace, userNamespace) + err = workspaceConfigReconciler.syncNamespace(context.TODO(), eclipseCheNamespace, userNamespace) assert.Nil(t, err) assertSyncConfig(t, workspaceConfigReconciler, 0, v1ConfigMapGKV) @@ -248,7 +248,7 @@ func TestSyncConfigMapShouldMergeLabelsAndAnnotationsOnUpdate(t *testing.T) { }) // Sync ConfigMap - err := workspaceConfigReconciler.syncWorkspace(context.TODO(), eclipseCheNamespace, userNamespace) + err := workspaceConfigReconciler.syncNamespace(context.TODO(), eclipseCheNamespace, userNamespace) assert.Nil(t, err) assertSyncConfig(t, workspaceConfigReconciler, 2, v1ConfigMapGKV) @@ -273,7 +273,7 @@ func TestSyncConfigMapShouldMergeLabelsAndAnnotationsOnUpdate(t *testing.T) { assert.Nil(t, err) // Sync ConfigMap - err = workspaceConfigReconciler.syncWorkspace(context.TODO(), eclipseCheNamespace, userNamespace) + err = workspaceConfigReconciler.syncNamespace(context.TODO(), eclipseCheNamespace, userNamespace) assert.Nil(t, err) assertSyncConfig(t, workspaceConfigReconciler, 2, v1ConfigMapGKV) @@ -301,7 +301,7 @@ func TestSyncConfigMapShouldMergeLabelsAndAnnotationsOnUpdate(t *testing.T) { assert.Nil(t, err) // Sync ConfigMap - err = workspaceConfigReconciler.syncWorkspace(context.TODO(), eclipseCheNamespace, userNamespace) + err = workspaceConfigReconciler.syncNamespace(context.TODO(), eclipseCheNamespace, userNamespace) assert.Nil(t, err) assertSyncConfig(t, workspaceConfigReconciler, 2, v1ConfigMapGKV) diff --git a/controllers/usernamespace/object2sync_factory.go b/controllers/usernamespace/object2sync_factory.go new file mode 100644 index 0000000000..cdbfc0f42b --- /dev/null +++ b/controllers/usernamespace/object2sync_factory.go @@ -0,0 +1,114 @@ +// +// Copyright (c) 2019-2024 Red Hat, Inc. +// This program and the accompanying materials are made +// available under the terms of the Eclipse Public License 2.0 +// which is available at https://www.eclipse.org/legal/epl-2.0/ +// +// SPDX-License-Identifier: EPL-2.0 +// +// Contributors: +// Red Hat, Inc. - initial API and implementation +// + +package usernamespace + +import ( + "strings" + + corev1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/runtime" + + "github.com/eclipse-che/che-operator/pkg/common/utils" + "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" + "sigs.k8s.io/yaml" +) + +const ( + // Supported templates parameters + PROJECT_ADMIN_USER = "${PROJECT_ADMIN_USER}" + PROJECT_NAME = "${PROJECT_NAME}" +) + +var ( + v1ConfigMapGKV = corev1.SchemeGroupVersion.WithKind("ConfigMap") + v1SecretGKV = corev1.SchemeGroupVersion.WithKind("Secret") + v1PvcGKV = corev1.SchemeGroupVersion.WithKind("PersistentVolumeClaim") +) + +func createObject2SyncFromRaw( + raw []byte, + userName string, + namespaceName string) (Object2Sync, error) { + + hash := utils.ComputeHash256(raw) + + objAsString := string(raw) + objAsString = strings.ReplaceAll(objAsString, PROJECT_ADMIN_USER, userName) + objAsString = strings.ReplaceAll(objAsString, PROJECT_NAME, namespaceName) + + srcObj := &unstructured.Unstructured{} + if err := yaml.Unmarshal([]byte(objAsString), srcObj); err != nil { + return nil, err + } + + gkv := srcObj.GetObjectKind().GroupVersionKind() + switch gkv { + case v1ConfigMapGKV: + cm := &corev1.ConfigMap{} + if err := yaml.Unmarshal([]byte(objAsString), cm); err != nil { + return nil, err + } + + return &configMap2Sync{ + cm: cm, + version: hash, + }, nil + + case v1SecretGKV: + secret := &corev1.Secret{} + if err := yaml.Unmarshal([]byte(objAsString), secret); err != nil { + return nil, err + } + + return &secret2Sync{ + secret: secret, + version: hash, + }, nil + + case v1PvcGKV: + pvc := &corev1.PersistentVolumeClaim{} + if err := yaml.Unmarshal([]byte(objAsString), pvc); err != nil { + return nil, err + } + + return &pvc2Sync{ + pvc: pvc, + version: hash, + }, nil + } + + return &unstructured2Sync{ + srcObj: srcObj, + dstObj: srcObj, + version: hash, + }, nil +} + +func createObject2SyncFromRuntimeObject(obj runtime.Object) Object2Sync { + gkv := obj.GetObjectKind().GroupVersionKind() + switch gkv { + case v1ConfigMapGKV: + cm := obj.(*corev1.ConfigMap) + return &configMap2Sync{cm: cm} + + case v1SecretGKV: + secret := obj.(*corev1.Secret) + return &secret2Sync{secret: secret} + + case v1PvcGKV: + pvc := obj.(*corev1.PersistentVolumeClaim) + return &pvc2Sync{pvc: pvc} + } + + return nil +} diff --git a/controllers/usernamespace/pvc2sync.go b/controllers/usernamespace/pvc2sync.go index 58ae367b1a..977d609198 100644 --- a/controllers/usernamespace/pvc2sync.go +++ b/controllers/usernamespace/pvc2sync.go @@ -13,27 +13,17 @@ package usernamespace import ( - "github.com/google/go-cmp/cmp" - "github.com/google/go-cmp/cmp/cmpopts" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime/schema" "sigs.k8s.io/controller-runtime/pkg/client" ) -var ( - v1PvcGKV = corev1.SchemeGroupVersion.WithKind("PersistentVolumeClaim") -) - type pvc2Sync struct { Object2Sync - pvc *corev1.PersistentVolumeClaim -} -func newPvc2Sync(pvc *corev1.PersistentVolumeClaim) *pvc2Sync { - return &pvc2Sync{ - pvc: pvc, - } + pvc *corev1.PersistentVolumeClaim + version string } func (p *pvc2Sync) getGKV() schema.GroupVersionKind { @@ -59,21 +49,12 @@ func (p *pvc2Sync) newDstObject() client.Object { } func (p *pvc2Sync) getSrcObjectVersion() string { - return p.pvc.GetResourceVersion() + if len(p.version) == 0 { + return p.pvc.GetResourceVersion() + } + return p.version } func (p *pvc2Sync) hasROSpec() bool { return true } - -func (p *pvc2Sync) isDiff(obj client.Object) bool { - return isLabelsOrAnnotationsDiff(p.pvc, obj) || - cmp.Diff( - p.pvc, - obj, - cmp.Options{ - cmpopts.IgnoreTypes(metav1.ObjectMeta{}), - cmpopts.IgnoreTypes(metav1.TypeMeta{}), - cmpopts.IgnoreTypes(corev1.PersistentVolumeClaimStatus{}), - }) != "" -} diff --git a/controllers/usernamespace/pvc2sync_test.go b/controllers/usernamespace/pvc2sync_test.go index 768bba6ee6..9f50b21cff 100644 --- a/controllers/usernamespace/pvc2sync_test.go +++ b/controllers/usernamespace/pvc2sync_test.go @@ -73,7 +73,7 @@ func TestSyncPVC(t *testing.T) { assertSyncConfig(t, workspaceConfigReconciler, 0, v1PvcGKV) // Sync PVC to a user namespace - err := workspaceConfigReconciler.syncWorkspace(context.TODO(), eclipseCheNamespace, userNamespace) + err := workspaceConfigReconciler.syncNamespace(context.TODO(), eclipseCheNamespace, userNamespace) assert.Nil(t, err) assertSyncConfig(t, workspaceConfigReconciler, 2, v1PvcGKV) @@ -93,7 +93,7 @@ func TestSyncPVC(t *testing.T) { err = workspaceConfigReconciler.client.Update(context.TODO(), pvc) // Sync PVC - err = workspaceConfigReconciler.syncWorkspace(context.TODO(), eclipseCheNamespace, userNamespace) + err = workspaceConfigReconciler.syncNamespace(context.TODO(), eclipseCheNamespace, userNamespace) assert.Nil(t, err) assertSyncConfig(t, workspaceConfigReconciler, 2, v1PvcGKV) @@ -110,7 +110,7 @@ func TestSyncPVC(t *testing.T) { assert.Nil(t, err) // Sync PVC - err = workspaceConfigReconciler.syncWorkspace(context.TODO(), eclipseCheNamespace, userNamespace) + err = workspaceConfigReconciler.syncNamespace(context.TODO(), eclipseCheNamespace, userNamespace) assert.Nil(t, err) assertSyncConfig(t, workspaceConfigReconciler, 2, v1PvcGKV) @@ -127,7 +127,7 @@ func TestSyncPVC(t *testing.T) { assert.Nil(t, err) // Sync PVC - err = workspaceConfigReconciler.syncWorkspace(context.TODO(), eclipseCheNamespace, userNamespace) + err = workspaceConfigReconciler.syncNamespace(context.TODO(), eclipseCheNamespace, userNamespace) assert.Nil(t, err) assertSyncConfig(t, workspaceConfigReconciler, 0, v1PvcGKV) diff --git a/controllers/usernamespace/secret2sync.go b/controllers/usernamespace/secret2sync.go index 5b553651cb..7a92cb70c6 100644 --- a/controllers/usernamespace/secret2sync.go +++ b/controllers/usernamespace/secret2sync.go @@ -15,27 +15,17 @@ package usernamespace import ( dwconstants "github.com/devfile/devworkspace-operator/pkg/constants" "github.com/eclipse-che/che-operator/pkg/common/utils" - "github.com/google/go-cmp/cmp" - "github.com/google/go-cmp/cmp/cmpopts" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime/schema" "sigs.k8s.io/controller-runtime/pkg/client" ) -var ( - v1SecretGKV = corev1.SchemeGroupVersion.WithKind("Secret") -) - type secret2Sync struct { Object2Sync - secret *corev1.Secret -} -func newSecret2Sync(secret *corev1.Secret) *secret2Sync { - return &secret2Sync{ - secret: secret, - } + secret *corev1.Secret + version string } func (p *secret2Sync) getGKV() schema.GroupVersionKind { @@ -65,20 +55,12 @@ func (p *secret2Sync) newDstObject() client.Object { } func (p *secret2Sync) getSrcObjectVersion() string { - return p.secret.GetResourceVersion() + if len(p.version) == 0 { + return p.secret.GetResourceVersion() + } + return p.version } func (p *secret2Sync) hasROSpec() bool { return false } - -func (p *secret2Sync) isDiff(obj client.Object) bool { - return isLabelsOrAnnotationsDiff(p.secret, obj) || - cmp.Diff( - p.secret, - obj, - cmp.Options{ - cmpopts.IgnoreTypes(metav1.ObjectMeta{}), - cmpopts.IgnoreTypes(metav1.TypeMeta{}), - }) != "" -} diff --git a/controllers/usernamespace/secret2sync_test.go b/controllers/usernamespace/secret2sync_test.go index 009ba49e19..4c112a4fdf 100644 --- a/controllers/usernamespace/secret2sync_test.go +++ b/controllers/usernamespace/secret2sync_test.go @@ -73,7 +73,7 @@ func TestSyncSecrets(t *testing.T) { }) // Sync Secret - err := workspaceConfigReconciler.syncWorkspace(context.TODO(), eclipseCheNamespace, userNamespace) + err := workspaceConfigReconciler.syncNamespace(context.TODO(), eclipseCheNamespace, userNamespace) assert.Nil(t, err) assertSyncConfig(t, workspaceConfigReconciler, 2, v1SecretGKV) @@ -101,7 +101,7 @@ func TestSyncSecrets(t *testing.T) { assert.Nil(t, err) // Sync Secret - err = workspaceConfigReconciler.syncWorkspace(context.TODO(), eclipseCheNamespace, userNamespace) + err = workspaceConfigReconciler.syncNamespace(context.TODO(), eclipseCheNamespace, userNamespace) assert.Nil(t, err) assertSyncConfig(t, workspaceConfigReconciler, 2, v1SecretGKV) @@ -127,7 +127,7 @@ func TestSyncSecrets(t *testing.T) { assert.Nil(t, err) // Sync Secret - err = workspaceConfigReconciler.syncWorkspace(context.TODO(), eclipseCheNamespace, userNamespace) + err = workspaceConfigReconciler.syncNamespace(context.TODO(), eclipseCheNamespace, userNamespace) assert.Nil(t, err) assertSyncConfig(t, workspaceConfigReconciler, 2, v1SecretGKV) @@ -153,7 +153,7 @@ func TestSyncSecrets(t *testing.T) { assert.Nil(t, err) // Sync Secret - err = workspaceConfigReconciler.syncWorkspace(context.TODO(), eclipseCheNamespace, userNamespace) + err = workspaceConfigReconciler.syncNamespace(context.TODO(), eclipseCheNamespace, userNamespace) assert.Nil(t, err) assertSyncConfig(t, workspaceConfigReconciler, 2, v1SecretGKV) @@ -176,7 +176,7 @@ func TestSyncSecrets(t *testing.T) { assert.Nil(t, err) // Sync Secret - err = workspaceConfigReconciler.syncWorkspace(context.TODO(), eclipseCheNamespace, userNamespace) + err = workspaceConfigReconciler.syncNamespace(context.TODO(), eclipseCheNamespace, userNamespace) assert.Nil(t, err) assertSyncConfig(t, workspaceConfigReconciler, 2, v1SecretGKV) @@ -197,7 +197,7 @@ func TestSyncSecrets(t *testing.T) { assert.Nil(t, err) // Sync Secret - err = workspaceConfigReconciler.syncWorkspace(context.TODO(), eclipseCheNamespace, userNamespace) + err = workspaceConfigReconciler.syncNamespace(context.TODO(), eclipseCheNamespace, userNamespace) assert.Nil(t, err) assertSyncConfig(t, workspaceConfigReconciler, 0, v1SecretGKV) @@ -248,7 +248,7 @@ func TestSyncSecretShouldMergeLabelsAndAnnotationsOnUpdate(t *testing.T) { }) // Sync Secret - err := workspaceConfigReconciler.syncWorkspace(context.TODO(), eclipseCheNamespace, userNamespace) + err := workspaceConfigReconciler.syncNamespace(context.TODO(), eclipseCheNamespace, userNamespace) assert.Nil(t, err) assertSyncConfig(t, workspaceConfigReconciler, 2, v1SecretGKV) @@ -273,7 +273,7 @@ func TestSyncSecretShouldMergeLabelsAndAnnotationsOnUpdate(t *testing.T) { assert.Nil(t, err) // Sync Secret - err = workspaceConfigReconciler.syncWorkspace(context.TODO(), eclipseCheNamespace, userNamespace) + err = workspaceConfigReconciler.syncNamespace(context.TODO(), eclipseCheNamespace, userNamespace) assert.Nil(t, err) assertSyncConfig(t, workspaceConfigReconciler, 2, v1SecretGKV) @@ -301,7 +301,7 @@ func TestSyncSecretShouldMergeLabelsAndAnnotationsOnUpdate(t *testing.T) { assert.Nil(t, err) // Sync Secret - err = workspaceConfigReconciler.syncWorkspace(context.TODO(), eclipseCheNamespace, userNamespace) + err = workspaceConfigReconciler.syncNamespace(context.TODO(), eclipseCheNamespace, userNamespace) assert.Nil(t, err) assertSyncConfig(t, workspaceConfigReconciler, 2, v1SecretGKV) diff --git a/controllers/usernamespace/unstructured2sync.go b/controllers/usernamespace/unstructured2sync.go index d3bef5a3ea..d2115b7d22 100644 --- a/controllers/usernamespace/unstructured2sync.go +++ b/controllers/usernamespace/unstructured2sync.go @@ -13,54 +13,16 @@ package usernamespace import ( - "strings" - - dwconstants "github.com/devfile/devworkspace-operator/pkg/constants" - - "github.com/eclipse-che/che-operator/pkg/common/utils" - "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/apimachinery/pkg/runtime/schema" "sigs.k8s.io/controller-runtime/pkg/client" - "sigs.k8s.io/yaml" -) - -const ( - // Supported templates parameters - PROJECT_ADMIN_USER = "${PROJECT_ADMIN_USER}" - PROJECT_NAME = "${PROJECT_NAME}" ) type unstructured2Sync struct { Object2Sync - srcObj client.Object - dstObj client.Object - hash string -} - -func newUnstructured2Sync( - raw []byte, - userName string, - namespaceName string) (*unstructured2Sync, error) { - - hash := utils.ComputeHash256(raw) - - objAsString := string(raw) - objAsString = strings.ReplaceAll(objAsString, PROJECT_ADMIN_USER, userName) - objAsString = strings.ReplaceAll(objAsString, PROJECT_NAME, namespaceName) - - srcObj := &unstructured.Unstructured{} - if err := yaml.Unmarshal([]byte(objAsString), srcObj); err != nil { - return nil, err - } - - dstObj := srcObj.DeepCopyObject() - - return &unstructured2Sync{ - srcObj: srcObj, - dstObj: dstObj.(client.Object), - hash: hash, - }, nil + srcObj client.Object + dstObj client.Object + version string } func (p *unstructured2Sync) getSrcObject() client.Object { @@ -73,39 +35,13 @@ func (p *unstructured2Sync) getGKV() schema.GroupVersionKind { func (p *unstructured2Sync) newDstObject() client.Object { dstObj := p.dstObj.DeepCopyObject().(client.Object) - - switch dstObj.GetObjectKind().GroupVersionKind() { - case v1ConfigMapGKV: - dstObj.SetLabels(utils.MergeMaps([]map[string]string{ - dstObj.GetLabels(), - { - dwconstants.DevWorkspaceWatchConfigMapLabel: "true", - dwconstants.DevWorkspaceMountLabel: "true", - }}), - ) - break - case v1SecretGKV: - dstObj.SetLabels(utils.MergeMaps([]map[string]string{ - dstObj.GetLabels(), - { - dwconstants.DevWorkspaceWatchSecretLabel: "true", - dwconstants.DevWorkspaceMountLabel: "true", - }}), - ) - break - } - return dstObj } func (p *unstructured2Sync) getSrcObjectVersion() string { - return p.hash + return p.version } func (p *unstructured2Sync) hasROSpec() bool { - return p.dstObj.GetObjectKind().GroupVersionKind() == v1PvcGKV -} - -func (p *unstructured2Sync) isDiff(obj client.Object) bool { - return isLabelsOrAnnotationsDiff(p.srcObj, obj) || isUnstructuredDiff(p.srcObj, obj) + return false } diff --git a/controllers/usernamespace/unstructured2sync_test.go b/controllers/usernamespace/unstructured2sync_test.go index 16cc298a9f..a9842de926 100644 --- a/controllers/usernamespace/unstructured2sync_test.go +++ b/controllers/usernamespace/unstructured2sync_test.go @@ -97,7 +97,7 @@ func TestSyncTemplateWithLimitRange(t *testing.T) { }) // Sync Template - err := workspaceConfigReconciler.syncWorkspace(context.TODO(), eclipseCheNamespace, userNamespace) + err := workspaceConfigReconciler.syncNamespace(context.TODO(), eclipseCheNamespace, userNamespace) assert.Nil(t, err) assertSyncConfig(t, workspaceConfigReconciler, 2, v1LimitRangeGKV) @@ -139,7 +139,7 @@ func TestSyncTemplateWithLimitRange(t *testing.T) { assert.Nil(t, err) // Sync Template - err = workspaceConfigReconciler.syncWorkspace(context.TODO(), eclipseCheNamespace, userNamespace) + err = workspaceConfigReconciler.syncNamespace(context.TODO(), eclipseCheNamespace, userNamespace) assert.Nil(t, err) assertSyncConfig(t, workspaceConfigReconciler, 2, v1LimitRangeGKV) @@ -160,7 +160,7 @@ func TestSyncTemplateWithLimitRange(t *testing.T) { assert.Nil(t, err) // Sync Template - err = workspaceConfigReconciler.syncWorkspace(context.TODO(), eclipseCheNamespace, userNamespace) + err = workspaceConfigReconciler.syncNamespace(context.TODO(), eclipseCheNamespace, userNamespace) assert.Nil(t, err) assertSyncConfig(t, workspaceConfigReconciler, 2, v1LimitRangeGKV) @@ -182,7 +182,7 @@ func TestSyncTemplateWithLimitRange(t *testing.T) { assert.Nil(t, err) // Sync Template - err = workspaceConfigReconciler.syncWorkspace(context.TODO(), eclipseCheNamespace, userNamespace) + err = workspaceConfigReconciler.syncNamespace(context.TODO(), eclipseCheNamespace, userNamespace) assert.Nil(t, err) assertSyncConfig(t, workspaceConfigReconciler, 2, v1LimitRangeGKV) @@ -201,7 +201,7 @@ func TestSyncTemplateWithLimitRange(t *testing.T) { assert.Nil(t, err) // Sync Template - err = workspaceConfigReconciler.syncWorkspace(context.TODO(), eclipseCheNamespace, userNamespace) + err = workspaceConfigReconciler.syncNamespace(context.TODO(), eclipseCheNamespace, userNamespace) assert.Nil(t, err) assertSyncConfig(t, workspaceConfigReconciler, 2, v1LimitRangeGKV) @@ -218,7 +218,7 @@ func TestSyncTemplateWithLimitRange(t *testing.T) { assert.Nil(t, err) // Sync Template - err = workspaceConfigReconciler.syncWorkspace(context.TODO(), eclipseCheNamespace, userNamespace) + err = workspaceConfigReconciler.syncNamespace(context.TODO(), eclipseCheNamespace, userNamespace) assert.Nil(t, err) assertSyncConfig(t, workspaceConfigReconciler, 0, v1LimitRangeGKV) diff --git a/controllers/usernamespace/workspaces_config_controller.go b/controllers/usernamespace/workspaces_config_controller.go index 2b9b2449c9..222705f4fc 100644 --- a/controllers/usernamespace/workspaces_config_controller.go +++ b/controllers/usernamespace/workspaces_config_controller.go @@ -17,6 +17,9 @@ import ( "fmt" "strings" + networkingv1 "k8s.io/api/networking/v1" + "k8s.io/apimachinery/pkg/api/meta" + rbacv1 "k8s.io/api/rbac/v1" "github.com/devfile/devworkspace-operator/pkg/infrastructure" @@ -54,7 +57,6 @@ type Object2Sync interface { getSrcObject() client.Object getSrcObjectVersion() string newDstObject() client.Object - isDiff(obj client.Object) bool } type syncContext struct { @@ -97,7 +99,8 @@ func (r *WorkspacesConfigReconciler) SetupWithManager(mgr ctrl.Manager) error { Watches(&source.Kind{Type: &corev1.LimitRange{}}, r.watchRules(ctx, false, true)). Watches(&source.Kind{Type: &corev1.ServiceAccount{}}, r.watchRules(ctx, false, true)). Watches(&source.Kind{Type: &rbacv1.Role{}}, r.watchRules(ctx, false, true)). - Watches(&source.Kind{Type: &rbacv1.RoleBinding{}}, r.watchRules(ctx, false, true)) + Watches(&source.Kind{Type: &rbacv1.RoleBinding{}}, r.watchRules(ctx, false, true)). + Watches(&source.Kind{Type: &networkingv1.NetworkPolicy{}}, r.watchRules(ctx, false, true)) if infrastructure.IsOpenShift() { bld.Watches(&source.Kind{Type: &templatev1.Template{}}, r.watchRules(ctx, true, false)) @@ -133,7 +136,7 @@ func (r *WorkspacesConfigReconciler) Reconcile(ctx context.Context, req ctrl.Req return ctrl.Result{}, nil } - if err = r.syncWorkspace(ctx, checluster.Namespace, req.Name); err != nil { + if err = r.syncNamespace(ctx, checluster.Namespace, req.Name); err != nil { logger.Error(err, "Failed to sync workspace configs", "namespace", req.Name) return ctrl.Result{}, err } @@ -188,10 +191,10 @@ func (r *WorkspacesConfigReconciler) watchRules( }) } -// syncWorkspace sync user namespace. +// syncNamespace sync user namespace. // Iterates over all objects in the source namespace labeled as `app.kubernetes.io/component=workspaces-config` // and syncs them to the target user namespace. -func (r *WorkspacesConfigReconciler) syncWorkspace( +func (r *WorkspacesConfigReconciler) syncNamespace( ctx context.Context, srcNamespace string, dstNamespace string, @@ -232,34 +235,22 @@ func (r *WorkspacesConfigReconciler) syncWorkspace( } } - if err = r.syncConfigMaps( - ctx, - srcNamespace, - dstNamespace, - syncConfig.Data, - syncedSrcObjKeys, - ); err != nil { - return err - } - - if err = r.syncSecretes( - ctx, - srcNamespace, - dstNamespace, - syncConfig.Data, - syncedSrcObjKeys, - ); err != nil { - return err + objsList := []client.ObjectList{ + &corev1.ConfigMapList{}, + &corev1.SecretList{}, + &corev1.PersistentVolumeClaimList{}, } - - if err = r.syncPVCs( - ctx, - srcNamespace, - dstNamespace, - syncConfig.Data, - syncedSrcObjKeys, - ); err != nil { - return err + for _, objList := range objsList { + if err = r.syncObjectsList( + ctx, + srcNamespace, + dstNamespace, + syncConfig.Data, + syncedSrcObjKeys, + objList, + ); err != nil { + return err + } } // Iterates over sync config and deletes obsolete objects, if so. @@ -283,111 +274,49 @@ func (r *WorkspacesConfigReconciler) syncWorkspace( return nil } -// syncConfigMaps syncs all ConfigMaps labeled as `app.kubernetes.io/component=workspaces-config` +// syncObjectsList syncs objects labeled as `app.kubernetes.io/component=workspaces-config` // from source namespace to a target user namespace. -func (r *WorkspacesConfigReconciler) syncConfigMaps( +func (r *WorkspacesConfigReconciler) syncObjectsList( ctx context.Context, srcNamespace string, dstNamespace string, syncConfig map[string]string, - syncedSrcObjKeys map[string]bool) error { + syncedSrcObjKeys map[string]bool, + srcObjList client.ObjectList) error { - cmList := &corev1.ConfigMapList{} opts := &client.ListOptions{ Namespace: srcNamespace, LabelSelector: wsConfigComponentSelector, } - if err := r.client.List(ctx, cmList, opts); err != nil { + if err := r.client.List(ctx, srcObjList, opts); err != nil { return err } - for _, cm := range cmList.Items { - if err := r.syncObject( - &syncContext{ - dstNamespace: dstNamespace, - srcNamespace: srcNamespace, - object2Sync: newCM2Sync(&cm), - syncConfig: syncConfig, - ctx: ctx, - }); err != nil { - return err - } - - srcObjKey := buildKey(cm.GroupVersionKind(), cm.GetName(), srcNamespace) - syncedSrcObjKeys[srcObjKey] = true - } - - return nil -} - -// syncSecretes syncs all Secrets labeled as `app.kubernetes.io/component=workspaces-config` -// from source namespace to a target user namespace. -func (r *WorkspacesConfigReconciler) syncSecretes( - ctx context.Context, - srcNamespace string, - dstNamespace string, - syncConfig map[string]string, - syncedSrcObjKeys map[string]bool) error { - - secretList := &corev1.SecretList{} - opts := &client.ListOptions{ - Namespace: srcNamespace, - LabelSelector: wsConfigComponentSelector, - } - if err := r.client.List(ctx, secretList, opts); err != nil { + srcObjs, err := meta.ExtractList(srcObjList) + if err != nil { return err } - for _, secret := range secretList.Items { - if err := r.syncObject( - &syncContext{ - dstNamespace: dstNamespace, - srcNamespace: srcNamespace, - object2Sync: newSecret2Sync(&secret), - syncConfig: syncConfig, - ctx: ctx, - }); err != nil { - return err + for _, srcObj := range srcObjs { + obj2Sync := createObject2SyncFromRuntimeObject(srcObj) + if obj2Sync == nil { + logger.Info("Object skipped since has unsupported kind", + "kind", gvk2PrintString(srcObj.GetObjectKind().GroupVersionKind())) + break } - srcObjKey := buildKey(secret.GroupVersionKind(), secret.GetName(), srcNamespace) - syncedSrcObjKeys[srcObjKey] = true - } - - return nil -} - -// syncPVCs syncs all PVCs labeled as `app.kubernetes.io/component=workspaces-config` -// from source namespace to a target user namespace. -func (r *WorkspacesConfigReconciler) syncPVCs( - ctx context.Context, - srcNamespace string, - dstNamespace string, - syncConfig map[string]string, - syncedSrcObjKeys map[string]bool) error { - - pvcList := &corev1.PersistentVolumeClaimList{} - opts := &client.ListOptions{ - Namespace: srcNamespace, - LabelSelector: wsConfigComponentSelector, - } - if err := r.client.List(ctx, pvcList, opts); err != nil { - return err - } - - for _, pvc := range pvcList.Items { if err := r.syncObject( &syncContext{ dstNamespace: dstNamespace, srcNamespace: srcNamespace, - object2Sync: newPvc2Sync(&pvc), + object2Sync: obj2Sync, syncConfig: syncConfig, ctx: ctx, }); err != nil { return err } - srcObjKey := buildKey(pvc.GroupVersionKind(), pvc.GetName(), srcNamespace) + srcObjKey := buildKey(obj2Sync.getGKV(), obj2Sync.getSrcObject().GetName(), srcNamespace) syncedSrcObjKeys[srcObjKey] = true } @@ -419,7 +348,7 @@ func (r *WorkspacesConfigReconciler) syncTemplates( for _, template := range templates.Items { for _, object := range template.Objects { - object2Sync, err := newUnstructured2Sync(object.Raw, nsInfo.Username, dstNamespace) + object2Sync, err := createObject2SyncFromRaw(object.Raw, nsInfo.Username, dstNamespace) if err != nil { return err } diff --git a/controllers/usernamespace/workspaces_config_diff_helper.go b/controllers/usernamespace/workspaces_config_diff_helper.go index 80b98ad7ea..2b6b0a1efd 100644 --- a/controllers/usernamespace/workspaces_config_diff_helper.go +++ b/controllers/usernamespace/workspaces_config_diff_helper.go @@ -29,38 +29,29 @@ import ( // then the objects considered different // - if annotations of the source object are absent in the destination object, // then the objects considered different -// - if the rest fields of the objects are different, +// - if the rest fields of the objects are different ignoring metadata, // then the objects considered different func isDiff(src client.Object, dst client.Object) bool { + if isLabelsOrAnnotationsDiff(src, dst) { + return true + } + _, isSrcUnstructured := src.(*unstructured.Unstructured) _, isDstUnstructured := dst.(*unstructured.Unstructured) if !isSrcUnstructured && !isDstUnstructured { - return isLabelsOrAnnotationsDiff(src, dst) || - cmp.Diff( - src, - dst, - cmp.Options{ - cmpopts.IgnoreTypes(metav1.ObjectMeta{}), - cmpopts.IgnoreTypes(metav1.TypeMeta{}), - }) != "" + return cmp.Diff( + src, + dst, + cmp.Options{ + cmpopts.IgnoreTypes(metav1.ObjectMeta{}), + cmpopts.IgnoreTypes(metav1.TypeMeta{}), + }) != "" } return isUnstructuredDiff(src, dst) } -func isUnstructuredDiff(src client.Object, dst client.Object) bool { - srcUnstructured := toUnstructured(src) - delete(srcUnstructured.Object, "metadata") - delete(srcUnstructured.Object, "status") - - dstUnstructured := toUnstructured(dst) - delete(dstUnstructured.Object, "metadata") - delete(dstUnstructured.Object, "status") - - return cmp.Diff(srcUnstructured, dstUnstructured) != "" -} - func isLabelsOrAnnotationsDiff(src client.Object, dst client.Object) bool { if src.GetLabels() != nil { for key, value := range src.GetLabels() { @@ -81,8 +72,35 @@ func isLabelsOrAnnotationsDiff(src client.Object, dst client.Object) bool { return false } -func toUnstructured(src client.Object) *unstructured.Unstructured { - data, err := json.Marshal(src) +// isUnstructuredDiff checks if the given unstructured objects are different. +// The rules are following: +// - if the fields of the objects are different ignoring metadata and status, +// then the objects considered different +func isUnstructuredDiff(src client.Object, dst client.Object) bool { + srcUnstructured := toUnstructured(src) + if srcUnstructured == nil { + return false + } + delete(srcUnstructured.Object, "metadata") + delete(srcUnstructured.Object, "status") + + dstUnstructured := toUnstructured(dst) + if dstUnstructured == nil { + return false + } + delete(dstUnstructured.Object, "metadata") + delete(dstUnstructured.Object, "status") + + return cmp.Diff(srcUnstructured, dstUnstructured) != "" +} + +func toUnstructured(obj client.Object) *unstructured.Unstructured { + _, isUnstructured := obj.(*unstructured.Unstructured) + if isUnstructured { + return obj.DeepCopyObject().(*unstructured.Unstructured) + } + + data, err := json.Marshal(obj) if err != nil { logger.Error(err, "Failed to marshal object") return nil diff --git a/deploy/deployment/kubernetes/combined.yaml b/deploy/deployment/kubernetes/combined.yaml index e9195c58ad..4e351a077e 100644 --- a/deploy/deployment/kubernetes/combined.yaml +++ b/deploy/deployment/kubernetes/combined.yaml @@ -9016,6 +9016,18 @@ rules: - patch - watch - list +- apiGroups: + - networking.k8s.io + resources: + - networkpolicies + verbs: + - create + - delete + - get + - update + - patch + - watch + - list - apiGroups: - template.openshift.io resources: diff --git a/deploy/deployment/kubernetes/objects/che-operator.ClusterRole.yaml b/deploy/deployment/kubernetes/objects/che-operator.ClusterRole.yaml index ca69f645e7..5736411fcd 100644 --- a/deploy/deployment/kubernetes/objects/che-operator.ClusterRole.yaml +++ b/deploy/deployment/kubernetes/objects/che-operator.ClusterRole.yaml @@ -358,6 +358,18 @@ rules: - patch - watch - list +- apiGroups: + - networking.k8s.io + resources: + - networkpolicies + verbs: + - create + - delete + - get + - update + - patch + - watch + - list - apiGroups: - template.openshift.io resources: diff --git a/deploy/deployment/openshift/combined.yaml b/deploy/deployment/openshift/combined.yaml index 4da7b3a67d..5764868dcc 100644 --- a/deploy/deployment/openshift/combined.yaml +++ b/deploy/deployment/openshift/combined.yaml @@ -9016,6 +9016,18 @@ rules: - patch - watch - list +- apiGroups: + - networking.k8s.io + resources: + - networkpolicies + verbs: + - create + - delete + - get + - update + - patch + - watch + - list - apiGroups: - template.openshift.io resources: diff --git a/deploy/deployment/openshift/objects/che-operator.ClusterRole.yaml b/deploy/deployment/openshift/objects/che-operator.ClusterRole.yaml index ca69f645e7..5736411fcd 100644 --- a/deploy/deployment/openshift/objects/che-operator.ClusterRole.yaml +++ b/deploy/deployment/openshift/objects/che-operator.ClusterRole.yaml @@ -358,6 +358,18 @@ rules: - patch - watch - list +- apiGroups: + - networking.k8s.io + resources: + - networkpolicies + verbs: + - create + - delete + - get + - update + - patch + - watch + - list - apiGroups: - template.openshift.io resources: diff --git a/helmcharts/next/templates/che-operator.ClusterRole.yaml b/helmcharts/next/templates/che-operator.ClusterRole.yaml index ca69f645e7..5736411fcd 100644 --- a/helmcharts/next/templates/che-operator.ClusterRole.yaml +++ b/helmcharts/next/templates/che-operator.ClusterRole.yaml @@ -358,6 +358,18 @@ rules: - patch - watch - list +- apiGroups: + - networking.k8s.io + resources: + - networkpolicies + verbs: + - create + - delete + - get + - update + - patch + - watch + - list - apiGroups: - template.openshift.io resources: diff --git a/main.go b/main.go index 0e0a38fc5e..661ba91486 100644 --- a/main.go +++ b/main.go @@ -363,6 +363,9 @@ func getCacheFunc() (cache.NewCacheFunc, error) { &networkingv1.Ingress{}: { Label: partOfCheObjectSelector, }, + &networkingv1.NetworkPolicy{}: { + Label: partOfCheObjectSelector, + }, &corev1.ConfigMap{}: { Label: partOfCheObjectSelector, },