diff --git a/go.mod b/go.mod index 95679ff74..c3f43a5f3 100644 --- a/go.mod +++ b/go.mod @@ -2,7 +2,7 @@ module github.com/openshift/cluster-version-operator go 1.23.0 -toolchain go1.23.6 +toolchain go1.23.4 require ( github.com/blang/semver/v4 v4.0.0 @@ -12,10 +12,10 @@ require ( github.com/google/uuid v1.6.0 github.com/onsi/ginkgo/v2 v2.21.0 github.com/onsi/gomega v1.35.1 - github.com/openshift-eng/openshift-tests-extension v0.0.0-20250220212757-b9c4d98a0c45 - github.com/openshift/api v0.0.0-20250207102212-9e59a77ed2e0 - github.com/openshift/client-go v0.0.0-20250131180035-f7ec47e2d87a - github.com/openshift/library-go v0.0.0-20250203131244-80620876b7c2 + github.com/openshift-eng/openshift-tests-extension v0.0.0-20250522124649-4ffcd156ec7c + github.com/openshift/api v0.0.0-20250320170726-75d64d71980b + github.com/openshift/client-go v0.0.0-20250125113824-8e1f0b8fa9a7 + github.com/openshift/library-go v0.0.0-20231017173800-126f85ed0cc7 github.com/operator-framework/api v0.17.1 github.com/operator-framework/operator-lifecycle-manager v0.22.0 github.com/pkg/errors v0.9.1 @@ -23,8 +23,8 @@ require ( github.com/prometheus/client_model v0.6.1 github.com/prometheus/common v0.55.0 github.com/spf13/cobra v1.8.1 - golang.org/x/crypto v0.29.0 - golang.org/x/net v0.31.0 + golang.org/x/crypto v0.28.0 + golang.org/x/net v0.30.0 golang.org/x/time v0.7.0 gopkg.in/fsnotify.v1 v1.4.7 k8s.io/api v0.32.1 @@ -73,9 +73,9 @@ require ( go.opentelemetry.io/otel/trace v1.28.0 // indirect golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 // indirect golang.org/x/oauth2 v0.23.0 // indirect - golang.org/x/sys v0.27.0 // indirect - golang.org/x/term v0.26.0 // indirect - golang.org/x/text v0.20.0 // indirect + golang.org/x/sys v0.26.0 // indirect + golang.org/x/term v0.25.0 // indirect + golang.org/x/text v0.19.0 // indirect golang.org/x/tools v0.26.0 // indirect google.golang.org/genproto/googleapis/api v0.0.0-20240826202546-f6391c0de4c7 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20240924160255-9d4c2d233b61 // indirect @@ -93,4 +93,4 @@ require ( sigs.k8s.io/yaml v1.4.0 // indirect ) -replace github.com/onsi/ginkgo/v2 => github.com/openshift/onsi-ginkgo/v2 v2.6.1-0.20241205171354-8006f302fd12 +replace github.com/openshift/library-go => github.com/liouk/library-go v0.0.0-20250521100733-a5d70f15df7a diff --git a/go.sum b/go.sum index 0f1cba09b..5eee80976 100644 --- a/go.sum +++ b/go.sum @@ -69,6 +69,8 @@ github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= +github.com/liouk/library-go v0.0.0-20250521100733-a5d70f15df7a h1:UtIKsNv49oV4PWWJeEES0xpcAP2Gr3V2Afsw4xP1dXc= +github.com/liouk/library-go v0.0.0-20250521100733-a5d70f15df7a/go.mod h1:DAa3BGl0CFtkfJn/g5rU8kDDTErfMVA/QlFm4cvU+MI= github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= @@ -84,18 +86,16 @@ github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE= github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU= github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= +github.com/onsi/ginkgo/v2 v2.21.0 h1:7rg/4f3rB88pb5obDgNZrNHrQ4e6WpjonchcpuBRnZM= +github.com/onsi/ginkgo/v2 v2.21.0/go.mod h1:7Du3c42kxCUegi0IImZ1wUQzMBVecgIHjR1C+NkhLQo= github.com/onsi/gomega v1.35.1 h1:Cwbd75ZBPxFSuZ6T+rN/WCb/gOc6YgFBXLlZLhC7Ds4= github.com/onsi/gomega v1.35.1/go.mod h1:PvZbdDc8J6XJEpDK4HCuRBm8a6Fzp9/DmhC9C7yFlog= -github.com/openshift-eng/openshift-tests-extension v0.0.0-20250220212757-b9c4d98a0c45 h1:hXpbYtP3iTh8oy/RKwKkcMziwchY3fIk95ciczf7cOA= -github.com/openshift-eng/openshift-tests-extension v0.0.0-20250220212757-b9c4d98a0c45/go.mod h1:6gkP5f2HL0meusT0Aim8icAspcD1cG055xxBZ9yC68M= -github.com/openshift/api v0.0.0-20250207102212-9e59a77ed2e0 h1:5n8BKML7fkmR4tz81WI0jc722rbta4t7pzT21lcd/Ec= -github.com/openshift/api v0.0.0-20250207102212-9e59a77ed2e0/go.mod h1:yk60tHAmHhtVpJQo3TwVYq2zpuP70iJIFDCmeKMIzPw= -github.com/openshift/client-go v0.0.0-20250131180035-f7ec47e2d87a h1:duO3JMrUOqVx50QhzxvDeOYIwTNOB8/EEuRLPyvAMBg= -github.com/openshift/client-go v0.0.0-20250131180035-f7ec47e2d87a/go.mod h1:Qw3ThpzVZ0bfTILpBNYg4LGyjtNxfyCiGh/uDLOOTP8= -github.com/openshift/library-go v0.0.0-20250203131244-80620876b7c2 h1:LaJmI+EeFnpbxs5H4Y6KOiNXhtPjldqvNzVfPpNM+dI= -github.com/openshift/library-go v0.0.0-20250203131244-80620876b7c2/go.mod h1:GHwvopE5KXXCz4ULHp871sTPLLW+FB+hu/RIzlNwxx8= -github.com/openshift/onsi-ginkgo/v2 v2.6.1-0.20241205171354-8006f302fd12 h1:AKx/w1qpS8We43bsRgf8Nll3CGlDHpr/WAXvuedTNZI= -github.com/openshift/onsi-ginkgo/v2 v2.6.1-0.20241205171354-8006f302fd12/go.mod h1:7Du3c42kxCUegi0IImZ1wUQzMBVecgIHjR1C+NkhLQo= +github.com/openshift-eng/openshift-tests-extension v0.0.0-20250522124649-4ffcd156ec7c h1:R5dI2oOF2RtS1sKtLrhW9KMg0ydzF0XM2Q//ma55nWI= +github.com/openshift-eng/openshift-tests-extension v0.0.0-20250522124649-4ffcd156ec7c/go.mod h1:6gkP5f2HL0meusT0Aim8icAspcD1cG055xxBZ9yC68M= +github.com/openshift/api v0.0.0-20250320170726-75d64d71980b h1:GGuFSHESP0BSOu70AqV4u9IVrjYdaeu4Id+HXRIOvkw= +github.com/openshift/api v0.0.0-20250320170726-75d64d71980b/go.mod h1:yk60tHAmHhtVpJQo3TwVYq2zpuP70iJIFDCmeKMIzPw= +github.com/openshift/client-go v0.0.0-20250125113824-8e1f0b8fa9a7 h1:4iliLcvr1P9EUMZgIaSNEKNQQzBn+L6PSequlFOuB6Q= +github.com/openshift/client-go v0.0.0-20250125113824-8e1f0b8fa9a7/go.mod h1:2tcufBE4Cu6RNgDCxcUJepa530kGo5GFVfR9BSnndhI= github.com/operator-framework/api v0.17.1 h1:J/6+Xj4IEV8C7hcirqUFwOiZAU3PbnJhWvB0/bB51c4= github.com/operator-framework/api v0.17.1/go.mod h1:kk8xJahHJR3bKqrA+A+1VIrhOTmyV76k+ARv+iV+u1Q= github.com/operator-framework/operator-lifecycle-manager v0.22.0 h1:7DEWOq24HQ0l5xPOXMhn17XaJACgwoipz+JfQ7QCXZw= @@ -149,8 +149,8 @@ go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.29.0 h1:L5SG1JTTXupVV3n6sUqMTeWbjAyfPwoda2DLX8J8FrQ= -golang.org/x/crypto v0.29.0/go.mod h1:+F4F4N5hv6v38hfeYwTdx20oUvLLc+QfrE9Ax9HtgRg= +golang.org/x/crypto v0.28.0 h1:GBDwsMXVQi34v5CCYUm2jkJvu4cbtru2U4TN2PSyQnw= +golang.org/x/crypto v0.28.0/go.mod h1:rmgy+3RHxRZMyY0jjAJShp2zgEdOqj2AO7U0pYmeQ7U= golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 h1:2dVuKD2vS7b0QIHQbpyTISPd0LeHDbnYEryqj5Q1ug8= golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= @@ -159,8 +159,8 @@ golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.31.0 h1:68CPQngjLL0r2AlUKiSxtQFKvzRVbnzLwMUn5SzcLHo= -golang.org/x/net v0.31.0/go.mod h1:P4fl1q7dY2hnZFxEk4pPSkDHF+QqjitcnDjUQyMM+pM= +golang.org/x/net v0.30.0 h1:AcW1SDZMkb8IpzCdQUaIq2sP4sZ4zw+55h6ynffypl4= +golang.org/x/net v0.30.0/go.mod h1:2wGyMJ5iFasEhkwi13ChkO/t1ECNC4X4eBKkVFyYFlU= golang.org/x/oauth2 v0.23.0 h1:PbgcYx2W7i4LvjJWEbf0ngHV6qJYr86PkAV3bXdLEbs= golang.org/x/oauth2 v0.23.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -170,14 +170,14 @@ golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5h golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.27.0 h1:wBqf8DvsY9Y/2P8gAfPDEYNuS30J4lPHJxXSb/nJZ+s= -golang.org/x/sys v0.27.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/term v0.26.0 h1:WEQa6V3Gja/BhNxg540hBip/kkaYtRg3cxg4oXSw4AU= -golang.org/x/term v0.26.0/go.mod h1:Si5m1o57C5nBNQo5z1iq+XDijt21BDBDp2bK0QI8e3E= +golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo= +golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/term v0.25.0 h1:WtHI/ltw4NvSUig5KARz9h521QvRC8RmF/cuYqifU24= +golang.org/x/term v0.25.0/go.mod h1:RPyXicDX+6vLxogjjRxjgD2TKtmAO6NZBsBRfrOLu7M= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.20.0 h1:gK/Kv2otX8gz+wn7Rmb3vT96ZwuoxnQlY+HlJVj7Qug= -golang.org/x/text v0.20.0/go.mod h1:D4IsuqiFMhST5bX19pQ9ikHC2GsaKyk/oF+pn3ducp4= +golang.org/x/text v0.19.0 h1:kTxAhCbGbxhK0IwgSKiMO5awPoDQ0RpfiVYBfK860YM= +golang.org/x/text v0.19.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= golang.org/x/time v0.7.0 h1:ntUhktv3OPE6TgYxXWv9vKvUSJyIFJlyohwbkEwPrKQ= golang.org/x/time v0.7.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= diff --git a/vendor/github.com/onsi/ginkgo/v2/OWNERS b/vendor/github.com/onsi/ginkgo/v2/OWNERS deleted file mode 100644 index 2d1f6c71e..000000000 --- a/vendor/github.com/onsi/ginkgo/v2/OWNERS +++ /dev/null @@ -1,4 +0,0 @@ -reviewers: -approvers: - - bertinatto - - stbenjam diff --git a/vendor/github.com/onsi/ginkgo/v2/core_dsl_patch.go b/vendor/github.com/onsi/ginkgo/v2/core_dsl_patch.go deleted file mode 100644 index bf60ceb52..000000000 --- a/vendor/github.com/onsi/ginkgo/v2/core_dsl_patch.go +++ /dev/null @@ -1,33 +0,0 @@ -package ginkgo - -import ( - "io" - - "github.com/onsi/ginkgo/v2/internal" - "github.com/onsi/ginkgo/v2/internal/global" - "github.com/onsi/ginkgo/v2/types" -) - -func AppendSpecText(test *internal.Spec, text string) { - test.AppendText(text) -} - -func GetSuite() *internal.Suite { - return global.Suite -} - -func GetFailer() *internal.Failer { - return global.Failer -} - -func NewWriter(w io.Writer) *internal.Writer { - return internal.NewWriter(w) -} - -func GetWriter() *internal.Writer { - return GinkgoWriter.(*internal.Writer) -} - -func SetReporterConfig(r types.ReporterConfig) { - reporterConfig = r -} diff --git a/vendor/github.com/onsi/ginkgo/v2/internal/spec_patch.go b/vendor/github.com/onsi/ginkgo/v2/internal/spec_patch.go deleted file mode 100644 index 2d0bcc914..000000000 --- a/vendor/github.com/onsi/ginkgo/v2/internal/spec_patch.go +++ /dev/null @@ -1,22 +0,0 @@ -package internal - -import ( - "github.com/onsi/ginkgo/v2/types" -) - -func (s Spec) CodeLocations() []types.CodeLocation { - return s.Nodes.CodeLocations() -} - -func (s Spec) AppendText(text string) { - s.Nodes[len(s.Nodes)-1].Text += text -} - -func (s Spec) Labels() []string { - var labels []string - for _, n := range s.Nodes { - labels = append(labels, n.Labels...) - } - - return labels -} diff --git a/vendor/github.com/onsi/ginkgo/v2/internal/suite.go b/vendor/github.com/onsi/ginkgo/v2/internal/suite.go index 12e50b8a9..a3c9e6bf1 100644 --- a/vendor/github.com/onsi/ginkgo/v2/internal/suite.go +++ b/vendor/github.com/onsi/ginkgo/v2/internal/suite.go @@ -65,8 +65,6 @@ type Suite struct { selectiveLock *sync.Mutex client parallel_support.Client - - annotateFn AnnotateFunc } func NewSuite() *Suite { @@ -112,11 +110,6 @@ func (suite *Suite) Run(description string, suiteLabels Labels, suitePath string } ApplyNestedFocusPolicyToTree(suite.tree) specs := GenerateSpecsFromTreeRoot(suite.tree) - if suite.annotateFn != nil { - for _, spec := range specs { - suite.annotateFn(spec.Text(), spec) - } - } specs, hasProgrammaticFocus := ApplyFocusToSpecs(specs, description, suiteLabels, suiteConfig) suite.phase = PhaseRun diff --git a/vendor/github.com/onsi/ginkgo/v2/internal/suite_patch.go b/vendor/github.com/onsi/ginkgo/v2/internal/suite_patch.go deleted file mode 100644 index 29eae0283..000000000 --- a/vendor/github.com/onsi/ginkgo/v2/internal/suite_patch.go +++ /dev/null @@ -1,71 +0,0 @@ -package internal - -import ( - "time" - - "github.com/onsi/ginkgo/v2/internal/interrupt_handler" - "github.com/onsi/ginkgo/v2/reporters" - "github.com/onsi/ginkgo/v2/types" -) - -type AnnotateFunc func(testName string, test types.TestSpec) - -func (suite *Suite) SetAnnotateFn(fn AnnotateFunc) { - suite.annotateFn = fn -} - -func (suite *Suite) GetReport() types.Report { - return suite.report -} - -func (suite *Suite) WalkTests(fn AnnotateFunc) { - if suite.phase != PhaseBuildTree { - panic("cannot run before building the tree = call suite.BuildTree() first") - } - ApplyNestedFocusPolicyToTree(suite.tree) - specs := GenerateSpecsFromTreeRoot(suite.tree) - for _, spec := range specs { - fn(spec.Text(), spec) - } -} - -func (suite *Suite) InPhaseBuildTree() bool { - return suite.phase == PhaseBuildTree -} - -func (suite *Suite) ClearBeforeAndAfterSuiteNodes() { - // Don't build the tree multiple times, it results in multiple initing of tests - if !suite.InPhaseBuildTree() { - suite.BuildTree() - } - newNodes := Nodes{} - for _, node := range suite.suiteNodes { - if node.NodeType == types.NodeTypeBeforeSuite || node.NodeType == types.NodeTypeAfterSuite || node.NodeType == types.NodeTypeSynchronizedBeforeSuite || node.NodeType == types.NodeTypeSynchronizedAfterSuite { - continue - } - newNodes = append(newNodes, node) - } - suite.suiteNodes = newNodes -} - -func (suite *Suite) RunSpec(spec types.TestSpec, suiteLabels Labels, suiteDescription, suitePath string, failer *Failer, writer WriterInterface, suiteConfig types.SuiteConfig, reporterConfig types.ReporterConfig) (bool, bool) { - if suite.phase != PhaseBuildTree { - panic("cannot run before building the tree = call suite.BuildTree() first") - } - - suite.phase = PhaseRun - suite.client = nil - suite.failer = failer - suite.reporter = reporters.NewDefaultReporter(reporterConfig, writer) - suite.writer = writer - suite.outputInterceptor = NoopOutputInterceptor{} - if suite.config.Timeout > 0 { - suite.deadline = time.Now().Add(suiteConfig.Timeout) - } - suite.interruptHandler = interrupt_handler.NewInterruptHandler(nil) - suite.config = suiteConfig - - success := suite.runSpecs(suiteDescription, suiteLabels, suitePath, false, []Spec{spec.(Spec)}) - - return success, false -} diff --git a/vendor/github.com/onsi/ginkgo/v2/types/types_patch.go b/vendor/github.com/onsi/ginkgo/v2/types/types_patch.go deleted file mode 100644 index 02d319bba..000000000 --- a/vendor/github.com/onsi/ginkgo/v2/types/types_patch.go +++ /dev/null @@ -1,8 +0,0 @@ -package types - -type TestSpec interface { - CodeLocations() []CodeLocation - Text() string - AppendText(text string) - Labels() []string -} diff --git a/vendor/github.com/openshift-eng/openshift-tests-extension/pkg/cmd/cmdrun/runsuite.go b/vendor/github.com/openshift-eng/openshift-tests-extension/pkg/cmd/cmdrun/runsuite.go index c79b3ff78..8dac95b7e 100644 --- a/vendor/github.com/openshift-eng/openshift-tests-extension/pkg/cmd/cmdrun/runsuite.go +++ b/vendor/github.com/openshift-eng/openshift-tests-extension/pkg/cmd/cmdrun/runsuite.go @@ -24,8 +24,9 @@ func NewRunSuiteCommand(registry *extension.Registry) *cobra.Command { } cmd := &cobra.Command{ - Use: "run-suite NAME", - Short: "Run a group of tests by suite", + Use: "run-suite NAME", + Short: "Run a group of tests by suite. This is more limited than origin, and intended for light local " + + "development use. Orchestration parameters, scheduling, isolation, etc are not obeyed, and Ginkgo tests are executed serially.", SilenceUsage: true, RunE: func(cmd *cobra.Command, args []string) error { ext := registry.Get(opts.componentFlags.Component) diff --git a/vendor/github.com/openshift-eng/openshift-tests-extension/pkg/extension/extensiontests/environment.go b/vendor/github.com/openshift-eng/openshift-tests-extension/pkg/extension/extensiontests/environment.go index ead41358a..b5116a535 100644 --- a/vendor/github.com/openshift-eng/openshift-tests-extension/pkg/extension/extensiontests/environment.go +++ b/vendor/github.com/openshift-eng/openshift-tests-extension/pkg/extension/extensiontests/environment.go @@ -29,6 +29,22 @@ func ArchitectureEquals(arch string) string { return fmt.Sprintf(`architecture=="%s"`, arch) } +func APIGroupEnabled(apiGroup string) string { + return fmt.Sprintf(`apiGroups.exists(api, api=="%s")`, apiGroup) +} + +func APIGroupDisabled(apiGroup string) string { + return fmt.Sprintf(`!apiGroups.exists(api, api=="%s")`, apiGroup) +} + +func FeatureGateEnabled(featureGate string) string { + return fmt.Sprintf(`featureGates.exists(fg, fg=="%s")`, featureGate) +} + +func FeatureGateDisabled(featureGate string) string { + return fmt.Sprintf(`!featureGates.exists(fg, fg=="%s")`, featureGate) +} + func ExternalConnectivityEquals(externalConnectivity string) string { return fmt.Sprintf(`externalConnectivity=="%s"`, externalConnectivity) } diff --git a/vendor/github.com/openshift-eng/openshift-tests-extension/pkg/extension/extensiontests/spec.go b/vendor/github.com/openshift-eng/openshift-tests-extension/pkg/extension/extensiontests/spec.go index 08bae7583..9d889c205 100644 --- a/vendor/github.com/openshift-eng/openshift-tests-extension/pkg/extension/extensiontests/spec.go +++ b/vendor/github.com/openshift-eng/openshift-tests-extension/pkg/extension/extensiontests/spec.go @@ -10,9 +10,9 @@ import ( "github.com/google/cel-go/cel" "github.com/google/cel-go/checker/decls" "github.com/google/cel-go/common/types" - "github.com/openshift-eng/openshift-tests-extension/pkg/flags" "github.com/openshift-eng/openshift-tests-extension/pkg/dbtime" + "github.com/openshift-eng/openshift-tests-extension/pkg/flags" ) // Walk iterates over all test specs, and executions the function provided. The test spec can be mutated. @@ -38,6 +38,17 @@ func (specs ExtensionTestSpecs) Select(selectFn SelectFunction) ExtensionTestSpe return filtered } +// MustSelect filters the ExtensionTestSpecs to only those that match the provided SelectFunction. +// if no specs are selected, it will throw an error +func (specs ExtensionTestSpecs) MustSelect(selectFn SelectFunction) (ExtensionTestSpecs, error) { + filtered := specs.Select(selectFn) + if len(filtered) == 0 { + return filtered, fmt.Errorf("no specs selected with specified SelectFunctions") + } + + return filtered, nil +} + // SelectAny filters the ExtensionTestSpecs to only those that match any of the provided SelectFunctions func (specs ExtensionTestSpecs) SelectAny(selectFns []SelectFunction) ExtensionTestSpecs { filtered := ExtensionTestSpecs{} @@ -53,6 +64,17 @@ func (specs ExtensionTestSpecs) SelectAny(selectFns []SelectFunction) ExtensionT return filtered } +// MustSelectAny filters the ExtensionTestSpecs to only those that match any of the provided SelectFunctions. +// if no specs are selected, it will throw an error +func (specs ExtensionTestSpecs) MustSelectAny(selectFns []SelectFunction) (ExtensionTestSpecs, error) { + filtered := specs.SelectAny(selectFns) + if len(filtered) == 0 { + return filtered, fmt.Errorf("no specs selected with specified SelectFunctions") + } + + return filtered, nil +} + // SelectAll filters the ExtensionTestSpecs to only those that match all the provided SelectFunctions func (specs ExtensionTestSpecs) SelectAll(selectFns []SelectFunction) ExtensionTestSpecs { filtered := ExtensionTestSpecs{} @@ -72,6 +94,38 @@ func (specs ExtensionTestSpecs) SelectAll(selectFns []SelectFunction) ExtensionT return filtered } +// MustSelectAll filters the ExtensionTestSpecs to only those that match all the provided SelectFunctions. +// if no specs are selected, it will throw an error +func (specs ExtensionTestSpecs) MustSelectAll(selectFns []SelectFunction) (ExtensionTestSpecs, error) { + filtered := specs.SelectAll(selectFns) + if len(filtered) == 0 { + return filtered, fmt.Errorf("no specs selected with specified SelectFunctions") + } + + return filtered, nil +} + +// ModuleTestsOnly ensures that ginkgo tests from vendored sources aren't selected. +func ModuleTestsOnly() SelectFunction { + return func(spec *ExtensionTestSpec) bool { + for _, cl := range spec.CodeLocations { + if strings.Contains(cl, "/vendor/") { + return false + } + } + + return true + } +} + +// AllTestsIncludingVendored is an alternative to ModuleTestsOnly, which would explicitly opt-in +// to including vendored tests. +func AllTestsIncludingVendored() SelectFunction { + return func(spec *ExtensionTestSpec) bool { + return true + } +} + // NameContains returns a function that selects specs whose name contains the provided string func NameContains(name string) SelectFunction { return func(spec *ExtensionTestSpec) bool { @@ -251,6 +305,7 @@ func (specs ExtensionTestSpecs) Filter(celExprs []string) (ExtensionTestSpecs, e decls.NewVar("name", decls.String), decls.NewVar("originalName", decls.String), decls.NewVar("labels", decls.NewListType(decls.String)), + decls.NewVar("codeLocations", decls.NewListType(decls.String)), decls.NewVar("tags", decls.NewMapType(decls.String, decls.String)), ), ) @@ -267,11 +322,12 @@ func (specs ExtensionTestSpecs) Filter(celExprs []string) (ExtensionTestSpecs, e return nil, err } out, _, err := prg.Eval(map[string]interface{}{ - "name": spec.Name, - "source": spec.Source, - "originalName": spec.OriginalName, - "labels": spec.Labels.UnsortedList(), - "tags": spec.Tags, + "name": spec.Name, + "source": spec.Source, + "originalName": spec.OriginalName, + "labels": spec.Labels.UnsortedList(), + "codeLocations": spec.CodeLocations, + "tags": spec.Tags, }) if err != nil { return nil, fmt.Errorf("error evaluating CEL expression: %v", err) @@ -325,16 +381,18 @@ func (specs ExtensionTestSpecs) FilterByEnvironment(envFlags flags.Environmental env, err := cel.NewEnv( cel.Declarations( - decls.NewVar("platform", decls.String), - decls.NewVar("network", decls.String), - decls.NewVar("networkStack", decls.String), - decls.NewVar("upgrade", decls.String), - decls.NewVar("topology", decls.String), + decls.NewVar("apiGroups", decls.NewListType(decls.String)), decls.NewVar("architecture", decls.String), decls.NewVar("externalConnectivity", decls.String), - decls.NewVar("optionalCapabilities", decls.NewListType(decls.String)), - decls.NewVar("facts", decls.NewMapType(decls.String, decls.String)), decls.NewVar("fact_keys", decls.NewListType(decls.String)), + decls.NewVar("facts", decls.NewMapType(decls.String, decls.String)), + decls.NewVar("featureGates", decls.NewListType(decls.String)), + decls.NewVar("network", decls.String), + decls.NewVar("networkStack", decls.String), + decls.NewVar("optionalCapabilities", decls.NewListType(decls.String)), + decls.NewVar("platform", decls.String), + decls.NewVar("topology", decls.String), + decls.NewVar("upgrade", decls.String), decls.NewVar("version", decls.String), ), ) @@ -346,16 +404,18 @@ func (specs ExtensionTestSpecs) FilterByEnvironment(envFlags flags.Environmental factKeys = append(factKeys, k) } vars := map[string]interface{}{ - "platform": envFlags.Platform, - "network": envFlags.Network, - "networkStack": envFlags.NetworkStack, - "upgrade": envFlags.Upgrade, - "topology": envFlags.Topology, + "apiGroups": envFlags.APIGroups, "architecture": envFlags.Architecture, "externalConnectivity": envFlags.ExternalConnectivity, - "optionalCapabilities": envFlags.OptionalCapabilities, - "facts": envFlags.Facts, "fact_keys": factKeys, + "facts": envFlags.Facts, + "featureGates": envFlags.FeatureGates, + "network": envFlags.Network, + "networkStack": envFlags.NetworkStack, + "optionalCapabilities": envFlags.OptionalCapabilities, + "platform": envFlags.Platform, + "topology": envFlags.Topology, + "upgrade": envFlags.Upgrade, "version": envFlags.Version, } diff --git a/vendor/github.com/openshift-eng/openshift-tests-extension/pkg/extension/extensiontests/types.go b/vendor/github.com/openshift-eng/openshift-tests-extension/pkg/extension/extensiontests/types.go index 445e2d5a8..2ec0444b6 100644 --- a/vendor/github.com/openshift-eng/openshift-tests-extension/pkg/extension/extensiontests/types.go +++ b/vendor/github.com/openshift-eng/openshift-tests-extension/pkg/extension/extensiontests/types.go @@ -31,6 +31,9 @@ type ExtensionTestSpec struct { // Source is the origin of the test. Source string `json:"source"` + // CodeLocations are the files where the spec originates from. + CodeLocations []string `json:"codeLocations,omitempty"` + // Lifecycle informs the executor whether the test is informing only, and should not cause the // overall job run to fail, or if it's blocking where a failure of the test is fatal. // Informing lifecycle tests can be used temporarily to gather information about a test's stability. diff --git a/vendor/github.com/openshift-eng/openshift-tests-extension/pkg/extension/types.go b/vendor/github.com/openshift-eng/openshift-tests-extension/pkg/extension/types.go index 7bc0c416e..3b51674f4 100644 --- a/vendor/github.com/openshift-eng/openshift-tests-extension/pkg/extension/types.go +++ b/vendor/github.com/openshift-eng/openshift-tests-extension/pkg/extension/types.go @@ -1,11 +1,13 @@ package extension import ( + "time" + "github.com/openshift-eng/openshift-tests-extension/pkg/extension/extensiontests" "github.com/openshift-eng/openshift-tests-extension/pkg/util/sets" ) -const CurrentExtensionAPIVersion = "v1.0" +const CurrentExtensionAPIVersion = "v1.1" // Extension represents an extension to openshift-tests. type Extension struct { @@ -45,14 +47,40 @@ type Component struct { Name string `json:"name"` } -// Suite represents additional suites the extension wants to advertise. +type ClusterStability string + +var ( + // ClusterStabilityStable means that at no point during testing do we expect a component to take downtime and upgrades are not happening. + ClusterStabilityStable ClusterStability = "Stable" + + // ClusterStabilityDisruptive means that the suite is expected to induce outages to the cluster. + ClusterStabilityDisruptive ClusterStability = "Disruptive" + + // ClusterStabilityUpgrade was previously defined, but was removed by @deads2k. Please contact him if you find a use + // case for it and needs to be reintroduced. + // ClusterStabilityUpgrade ClusterStability = "Upgrade" +) + +// Suite represents additional suites the extension wants to advertise. Child suites when being executed in the context +// of a parent will have their count, parallelism, stability, and timeout options superseded by the parent's suite. type Suite struct { - // The name of the suite. - Name string `json:"name"` - // Parent suites this suite is part of. + Name string `json:"name"` + Description string `json:"description"` + + // Parents are the parent suites this suite is part of. Parents []string `json:"parents,omitempty"` // Qualifiers are CEL expressions that are OR'd together for test selection that are members of the suite. Qualifiers []string `json:"qualifiers,omitempty"` + + // Count is the default number of times to execute each test in this suite. + Count int `json:"count,omitempty"` + // Parallelism is the maximum parallelism of this suite. + Parallelism int `json:"parallelism,omitempty"` + // ClusterStability informs openshift-tests whether this entire test suite is expected to be disruptive or not + // to normal cluster operations. + ClusterStability ClusterStability `json:"clusterStability,omitempty"` + // TestTimeout is the default timeout for tests in this suite. + TestTimeout *time.Duration `json:"testTimeout,omitempty"` } type Image struct { diff --git a/vendor/github.com/openshift-eng/openshift-tests-extension/pkg/flags/environment.go b/vendor/github.com/openshift-eng/openshift-tests-extension/pkg/flags/environment.go index d5783ab1f..af7a0258e 100644 --- a/vendor/github.com/openshift-eng/openshift-tests-extension/pkg/flags/environment.go +++ b/vendor/github.com/openshift-eng/openshift-tests-extension/pkg/flags/environment.go @@ -7,15 +7,17 @@ import ( ) type EnvironmentalFlags struct { - Platform string - Network string - NetworkStack string - Upgrade string - Topology string + APIGroups []string Architecture string ExternalConnectivity string - OptionalCapabilities []string Facts map[string]string + FeatureGates []string + Network string + NetworkStack string + OptionalCapabilities []string + Platform string + Topology string + Upgrade string Version string } @@ -24,10 +26,26 @@ func NewEnvironmentalFlags() *EnvironmentalFlags { } func (f *EnvironmentalFlags) BindFlags(fs *pflag.FlagSet) { - fs.StringVar(&f.Platform, - "platform", + fs.StringArrayVar(&f.APIGroups, + "api-group", + f.APIGroups, + "The API groups supported by this cluster. Since: v1.1") + fs.StringVar(&f.Architecture, + "architecture", "", - "The hardware or cloud platform (\"aws\", \"gcp\", \"metal\", ...). Since: v1.0") + "The CPU architecture of the target cluster (\"amd64\", \"arm64\"). Since: v1.0") + fs.StringVar(&f.ExternalConnectivity, + "external-connectivity", + "", + "The External Connectivity of the target cluster (\"Disconnected\", \"Direct\", \"Proxied\"). Since: v1.0") + fs.StringArrayVar(&f.FeatureGates, + "feature-gate", + f.FeatureGates, + "The feature gates enabled on this cluster. Since: v1.1") + fs.StringToStringVar(&f.Facts, + "fact", + make(map[string]string), + "Facts advertised by cluster components. Since: v1.0") fs.StringVar(&f.Network, "network", "", @@ -36,30 +54,22 @@ func (f *EnvironmentalFlags) BindFlags(fs *pflag.FlagSet) { "network-stack", "", "The network stack of the target cluster (\"ipv6\", \"ipv4\", \"dual\"). Since: v1.0") - fs.StringVar(&f.Upgrade, - "upgrade", + fs.StringSliceVar(&f.OptionalCapabilities, + "optional-capability", + []string{}, + "An Optional Capability of the target cluster. Can be passed multiple times. Since: v1.0") + fs.StringVar(&f.Platform, + "platform", "", - "The upgrade that was performed prior to the test run (\"micro\", \"minor\"). Since: v1.0") + "The hardware or cloud platform (\"aws\", \"gcp\", \"metal\", ...). Since: v1.0") fs.StringVar(&f.Topology, "topology", "", "The target cluster topology (\"ha\", \"microshift\", ...). Since: v1.0") - fs.StringVar(&f.Architecture, - "architecture", - "", - "The CPU architecture of the target cluster (\"amd64\", \"arm64\"). Since: v1.0") - fs.StringVar(&f.ExternalConnectivity, - "external-connectivity", + fs.StringVar(&f.Upgrade, + "upgrade", "", - "The External Connectivity of the target cluster (\"Disconnected\", \"Direct\", \"Proxied\"). Since: v1.0") - fs.StringSliceVar(&f.OptionalCapabilities, - "optional-capability", - []string{}, - "An Optional Capability of the target cluster. Can be passed multiple times. Since: v1.0") - fs.StringToStringVar(&f.Facts, - "fact", - make(map[string]string), - "Facts advertised by cluster components. Since: v1.0") + "The upgrade that was performed prior to the test run (\"micro\", \"minor\"). Since: v1.0") fs.StringVar(&f.Version, "version", "", @@ -89,14 +99,16 @@ func (f *EnvironmentalFlags) IsEmpty() bool { // EnvironmentFlagVersions holds the "Since" version metadata for each flag. var EnvironmentFlagVersions = map[string]string{ - "platform": "v1.0", - "network": "v1.0", - "network-stack": "v1.0", - "upgrade": "v1.0", - "topology": "v1.0", + "api-group": "v1.1", "architecture": "v1.0", "external-connectivity": "v1.0", - "optional-capability": "v1.0", "fact": "v1.0", + "feature-gate": "v1.1", + "network": "v1.0", + "network-stack": "v1.0", + "optional-capability": "v1.0", + "platform": "v1.0", + "topology": "v1.0", + "upgrade": "v1.0", "version": "v1.0", } diff --git a/vendor/github.com/openshift-eng/openshift-tests-extension/pkg/ginkgo/util.go b/vendor/github.com/openshift-eng/openshift-tests-extension/pkg/ginkgo/util.go index 7984c924d..2b7f5aa6d 100644 --- a/vendor/github.com/openshift-eng/openshift-tests-extension/pkg/ginkgo/util.go +++ b/vendor/github.com/openshift-eng/openshift-tests-extension/pkg/ginkgo/util.go @@ -10,9 +10,10 @@ import ( "github.com/onsi/ginkgo/v2" "github.com/onsi/ginkgo/v2/types" "github.com/onsi/gomega" - "github.com/openshift-eng/openshift-tests-extension/pkg/util/sets" "github.com/pkg/errors" + "github.com/openshift-eng/openshift-tests-extension/pkg/util/sets" + ext "github.com/openshift-eng/openshift-tests-extension/pkg/extension/extensiontests" ) @@ -40,8 +41,12 @@ func configureGinkgo() (*types.SuiteConfig, *types.ReporterConfig, error) { return &suiteConfig, &reporterConfig, nil } -func BuildExtensionTestSpecsFromOpenShiftGinkgoSuite() (ext.ExtensionTestSpecs, error) { - var tests []*ext.ExtensionTestSpec +// BuildExtensionTestSpecsFromOpenShiftGinkgoSuite generates OTE specs for Gingko tests. While OTE isn't limited to +// calling ginkgo tests, anything that implements the ExtensionTestSpec interface can be used, it's the most common +// course of action. The typical use case is to omit selectFns, but if provided, these will filter the returned list +// of specs, applied in the order provided. +func BuildExtensionTestSpecsFromOpenShiftGinkgoSuite(selectFns ...ext.SelectFunction) (ext.ExtensionTestSpecs, error) { + var specs ext.ExtensionTestSpecs var enforceSerialExecutionForGinkgo sync.Mutex // in-process parallelization for ginkgo is impossible so far if _, _, err := configureGinkgo(); err != nil { @@ -54,10 +59,16 @@ func BuildExtensionTestSpecsFromOpenShiftGinkgoSuite() (ext.ExtensionTestSpecs, } ginkgo.GetSuite().WalkTests(func(name string, spec types.TestSpec) { + var codeLocations []string + for _, cl := range spec.CodeLocations() { + codeLocations = append(codeLocations, cl.String()) + } + testCase := &ext.ExtensionTestSpec{ - Name: spec.Text(), - Labels: sets.New[string](spec.Labels()...), - Lifecycle: GetLifecycle(spec.Labels()), + Name: spec.Text(), + Labels: sets.New[string](spec.Labels()...), + CodeLocations: codeLocations, + Lifecycle: GetLifecycle(spec.Labels()), Run: func() *ext.ExtensionTestResult { enforceSerialExecutionForGinkgo.Lock() defer enforceSerialExecutionForGinkgo.Unlock() @@ -103,10 +114,23 @@ func BuildExtensionTestSpecsFromOpenShiftGinkgoSuite() (ext.ExtensionTestSpecs, return result }, } - tests = append(tests, testCase) + specs = append(specs, testCase) }) - return tests, nil + // Default select function is to exclude vendored specs. When relying on Kubernetes test framework for its helpers, + // it also unfortunately ends up importing *all* Gingko specs. This is unsafe: it would potentially override the + // kube specs already present in origin. The best course of action is enforce this behavior on everyone. If for + // some reason, you must include vendored specs, you can opt-in directly by supplying your own SelectFunctions or using + // AllTestsIncludedVendored(). + if len(selectFns) == 0 { + selectFns = []ext.SelectFunction{ext.ModuleTestsOnly()} + } + + for _, selectFn := range selectFns { + specs = specs.Select(selectFn) + } + + return specs, nil } func Informing() ginkgo.Labels { diff --git a/vendor/github.com/openshift/api/config/v1/types_authentication.go b/vendor/github.com/openshift/api/config/v1/types_authentication.go index 65dffddb0..a2af4d654 100644 --- a/vendor/github.com/openshift/api/config/v1/types_authentication.go +++ b/vendor/github.com/openshift/api/config/v1/types_authentication.go @@ -343,6 +343,7 @@ type OIDCClientStatus struct { // // +listType=map // +listMapKey=type + // +optional Conditions []metav1.Condition `json:"conditions,omitempty"` } diff --git a/vendor/github.com/openshift/api/config/v1/types_cluster_version.go b/vendor/github.com/openshift/api/config/v1/types_cluster_version.go index 8994ca97c..092bebff0 100644 --- a/vendor/github.com/openshift/api/config/v1/types_cluster_version.go +++ b/vendor/github.com/openshift/api/config/v1/types_cluster_version.go @@ -62,7 +62,7 @@ type ClusterVersionSpec struct { // // Some of the fields are inter-related with restrictions and meanings described here. // 1. image is specified, version is specified, architecture is specified. API validation error. - // 2. image is specified, version is specified, architecture is not specified. You should not do this. version is silently ignored and image is used. + // 2. image is specified, version is specified, architecture is not specified. The version extracted from the referenced image must match the specified version. // 3. image is specified, version is not specified, architecture is specified. API validation error. // 4. image is specified, version is not specified, architecture is not specified. image is used. // 5. image is not specified, version is specified, architecture is specified. version and desired architecture are used to select an image. @@ -702,16 +702,16 @@ type Update struct { Architecture ClusterVersionArchitecture `json:"architecture"` // version is a semantic version identifying the update version. - // version is ignored if image is specified and required if - // architecture is specified. + // version is required if architecture is specified. + // If both version and image are set, the version extracted from the referenced image must match the specified version. // // +optional Version string `json:"version"` // image is a container image location that contains the update. // image should be used when the desired version does not exist in availableUpdates or history. - // When image is set, version is ignored. When image is set, version should be empty. // When image is set, architecture cannot be specified. + // If both version and image are set, the version extracted from the referenced image must match the specified version. // // +optional Image string `json:"image"` @@ -796,11 +796,10 @@ type ConditionalUpdate struct { // conditions represents the observations of the conditional update's // current status. Known types are: // * Recommended, for whether the update is recommended for the current cluster. - // +patchMergeKey=type - // +patchStrategy=merge // +listType=map // +listMapKey=type - Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` + // +optional + Conditions []metav1.Condition `json:"conditions,omitempty"` } // ConditionalUpdateRisk represents a reason and cluster-state diff --git a/vendor/github.com/openshift/api/config/v1/types_feature.go b/vendor/github.com/openshift/api/config/v1/types_feature.go index 81bc14f2c..0709a75ae 100644 --- a/vendor/github.com/openshift/api/config/v1/types_feature.go +++ b/vendor/github.com/openshift/api/config/v1/types_feature.go @@ -99,6 +99,7 @@ type FeatureGateStatus struct { // Known .status.conditions.type are: "DeterminationDegraded" // +listType=map // +listMapKey=type + // +optional Conditions []metav1.Condition `json:"conditions,omitempty"` // featureGates contains a list of enabled and disabled featureGates that are keyed by payloadVersion. diff --git a/vendor/github.com/openshift/api/config/v1/types_image.go b/vendor/github.com/openshift/api/config/v1/types_image.go index 3db935c7f..82f46c8b6 100644 --- a/vendor/github.com/openshift/api/config/v1/types_image.go +++ b/vendor/github.com/openshift/api/config/v1/types_image.go @@ -161,6 +161,8 @@ type RegistryLocation struct { } // RegistrySources holds cluster-wide information about how to handle the registries config. +// +// +kubebuilder:validation:XValidation:rule="has(self.blockedRegistries) ? !has(self.allowedRegistries) : true",message="Only one of blockedRegistries or allowedRegistries may be set" type RegistrySources struct { // insecureRegistries are registries which do not have a valid TLS certificates or only support HTTP connections. // +optional diff --git a/vendor/github.com/openshift/api/config/v1/types_infrastructure.go b/vendor/github.com/openshift/api/config/v1/types_infrastructure.go index 0293603d7..f10ccb855 100644 --- a/vendor/github.com/openshift/api/config/v1/types_infrastructure.go +++ b/vendor/github.com/openshift/api/config/v1/types_infrastructure.go @@ -99,7 +99,7 @@ type InfrastructureStatus struct { // its components are not visible within the cluster. // +kubebuilder:default=HighlyAvailable // +openshift:validation:FeatureGateAwareEnum:featureGate="",enum=HighlyAvailable;SingleReplica;External - // +openshift:validation:FeatureGateAwareEnum:featureGate=HighlyAvailableArbiter,enum=HighlyAvailable;HighlyAvailableArbiter;SingleReplica;External + // +openshift:validation:FeatureGateAwareEnum:featureGate=HighlyAvailableArbiter;DualReplica,enum=HighlyAvailable;HighlyAvailableArbiter;SingleReplica;DualReplica;External ControlPlaneTopology TopologyMode `json:"controlPlaneTopology"` // infrastructureTopology expresses the expectations for infrastructure services that do not run on control @@ -142,6 +142,9 @@ const ( // "SingleReplica" is for operators to avoid spending resources for high-availability purpose. SingleReplicaTopologyMode TopologyMode = "SingleReplica" + // "DualReplica" is for operators to configure for two node topology. + DualReplicaTopologyMode TopologyMode = "DualReplica" + // "External" indicates that the component is running externally to the cluster. When specified // as the control plane topology, operators should avoid scheduling workloads to masters or assume // that any of the control plane components such as kubernetes API server or etcd are visible within @@ -528,18 +531,22 @@ type AWSPlatformStatus struct { // AWSResourceTag is a tag to apply to AWS resources created for the cluster. type AWSResourceTag struct { - // key is the key of the tag + // key sets the key of the AWS resource tag key-value pair. Key is required when defining an AWS resource tag. + // Key should consist of between 1 and 128 characters, and may + // contain only the set of alphanumeric characters, space (' '), '_', '.', '/', '=', '+', '-', ':', and '@'. // +kubebuilder:validation:MinLength=1 // +kubebuilder:validation:MaxLength=128 - // +kubebuilder:validation:Pattern=`^[0-9A-Za-z_.:/=+-@]+$` + // +kubebuilder:validation:XValidation:rule=`self.matches('^[0-9A-Za-z_.:/=+-@ ]+$')`,message="invalid AWS resource tag key. The string can contain only the set of alphanumeric characters, space (' '), '_', '.', '/', '=', '+', '-', ':', '@'" // +required Key string `json:"key"` - // value is the value of the tag. + // value sets the value of the AWS resource tag key-value pair. Value is required when defining an AWS resource tag. + // Value should consist of between 1 and 256 characters, and may + // contain only the set of alphanumeric characters, space (' '), '_', '.', '/', '=', '+', '-', ':', and '@'. // Some AWS service do not support empty values. Since tags are added to resources in many services, the // length of the tag value must meet the requirements of all services. // +kubebuilder:validation:MinLength=1 // +kubebuilder:validation:MaxLength=256 - // +kubebuilder:validation:Pattern=`^[0-9A-Za-z_.:/=+-@]+$` + // +kubebuilder:validation:XValidation:rule=`self.matches('^[0-9A-Za-z_.:/=+-@ ]+$')`,message="invalid AWS resource tag value. The string can contain only the set of alphanumeric characters, space (' '), '_', '.', '/', '=', '+', '-', ':', '@'" // +required Value string `json:"value"` } @@ -620,6 +627,69 @@ const ( AzureStackCloud AzureCloudEnvironment = "AzureStackCloud" ) +// GCPServiceEndpointName is the name of the GCP Service Endpoint. +// +kubebuilder:validation:Enum=Compute;Container;CloudResourceManager;DNS;File;IAM;ServiceUsage;Storage;TagManager +type GCPServiceEndpointName string + +const ( + // GCPServiceEndpointNameCompute is the name used for the GCP Compute Service endpoint. + GCPServiceEndpointNameCompute GCPServiceEndpointName = "Compute" + + // GCPServiceEndpointNameContainer is the name used for the GCP Container Service endpoint. + GCPServiceEndpointNameContainer GCPServiceEndpointName = "Container" + + // GCPServiceEndpointNameCloudResource is the name used for the GCP Resource Manager Service endpoint. + GCPServiceEndpointNameCloudResource GCPServiceEndpointName = "CloudResourceManager" + + // GCPServiceEndpointNameDNS is the name used for the GCP DNS Service endpoint. + GCPServiceEndpointNameDNS GCPServiceEndpointName = "DNS" + + // GCPServiceEndpointNameFile is the name used for the GCP File Service endpoint. + GCPServiceEndpointNameFile GCPServiceEndpointName = "File" + + // GCPServiceEndpointNameIAM is the name used for the GCP IAM Service endpoint. + GCPServiceEndpointNameIAM GCPServiceEndpointName = "IAM" + + // GCPServiceEndpointNameServiceUsage is the name used for the GCP Service Usage Service endpoint. + GCPServiceEndpointNameServiceUsage GCPServiceEndpointName = "ServiceUsage" + + // GCPServiceEndpointNameStorage is the name used for the GCP Storage Service endpoint. + GCPServiceEndpointNameStorage GCPServiceEndpointName = "Storage" + + // GCPServiceEndpointNameTagManager is the name used for the GCP Tag Manager Service endpoint. + GCPServiceEndpointNameTagManager GCPServiceEndpointName = "TagManager" +) + +// GCPServiceEndpoint store the configuration of a custom url to +// override existing defaults of GCP Services. +type GCPServiceEndpoint struct { + // name is the name of the GCP service whose endpoint is being overridden. + // This must be provided and cannot be empty. + // + // Allowed values are Compute, Container, CloudResourceManager, DNS, File, IAM, ServiceUsage, + // Storage, and TagManager. + // + // As an example, when setting the name to Compute all requests made by the caller to the GCP Compute + // Service will be directed to the endpoint specified in the url field. + // + // +required + Name GCPServiceEndpointName `json:"name"` + + // url is a fully qualified URI that overrides the default endpoint for a client using the GCP service specified + // in the name field. + // url is required, must use the scheme https, must not be more than 253 characters in length, + // and must be a valid URL according to Go's net/url package (https://pkg.go.dev/net/url#URL) + // + // An example of a valid endpoint that overrides the Compute Service: "https://compute-myendpoint1.p.googleapis.com" + // + // +required + // +kubebuilder:validation:MaxLength=253 + // +kubebuilder:validation:XValidation:rule="isURL(self)",message="must be a valid URL" + // +kubebuilder:validation:XValidation:rule="isURL(self) ? (url(self).getScheme() == \"https\") : true",message="scheme must be https" + // +kubebuilder:validation:XValidation:rule="url(self).getEscapedPath() == \"\" || url(self).getEscapedPath() == \"/\"",message="url must consist only of a scheme and domain. The url path must be empty." + URL string `json:"url"` +} + // GCPPlatformSpec holds the desired state of the Google Cloud Platform infrastructure provider. // This only includes fields that can be modified in the cluster. type GCPPlatformSpec struct{} @@ -675,6 +745,19 @@ type GCPPlatformStatus struct { // +optional // +nullable CloudLoadBalancerConfig *CloudLoadBalancerConfig `json:"cloudLoadBalancerConfig,omitempty"` + + // serviceEndpoints specifies endpoints that override the default endpoints + // used when creating clients to interact with GCP services. + // When not specified, the default endpoint for the GCP region will be used. + // Only 1 endpoint override is permitted for each GCP service. + // The maximum number of endpoint overrides allowed is 9. + // +listType=map + // +listMapKey=name + // +kubebuilder:validation:MaxItems=9 + // +kubebuilder:validation:XValidation:rule="self.all(x, self.exists_one(y, x.name == y.name))",message="only 1 endpoint override is permitted per GCP service name" + // +optional + // +openshift:enable:FeatureGate=GCPCustomAPIEndpoints + ServiceEndpoints []GCPServiceEndpoint `json:"serviceEndpoints,omitempty"` } // GCPResourceLabel is a label to apply to GCP resources created for the cluster. @@ -1615,17 +1698,35 @@ type IBMCloudServiceEndpoint struct { // url is fully qualified URI with scheme https, that overrides the default generated // endpoint for a client. - // This must be provided and cannot be empty. + // This must be provided and cannot be empty. The path must follow the pattern + // /v[0,9]+ or /api/v[0,9]+ // // +required // +kubebuilder:validation:Type=string + // +kubebuilder:validation:MaxLength=300 // +kubebuilder:validation:XValidation:rule="isURL(self)",message="url must be a valid absolute URL" + // +openshift:validation:FeatureGateAwareXValidation:featureGate=DyanmicServiceEndpointIBMCloud,rule="url(self).getScheme() == \"https\"",message="url must use https scheme" + // +openshift:validation:FeatureGateAwareXValidation:featureGate=DyanmicServiceEndpointIBMCloud,rule=`matches((url(self).getEscapedPath()), '^/(api/)?v[0-9]+/{0,1}$')`,message="url path must match /v[0,9]+ or /api/v[0,9]+" URL string `json:"url"` } // IBMCloudPlatformSpec holds the desired state of the IBMCloud infrastructure provider. // This only includes fields that can be modified in the cluster. -type IBMCloudPlatformSpec struct{} +type IBMCloudPlatformSpec struct { + // serviceEndpoints is a list of custom endpoints which will override the default + // service endpoints of an IBM service. These endpoints are used by components + // within the cluster when trying to reach the IBM Cloud Services that have been + // overriden. The CCCMO reads in the IBMCloudPlatformSpec and validates each + // endpoint is resolvable. Once validated, the cloud config and IBMCloudPlatformStatus + // are updated to reflect the same custom endpoints. + // A maximum of 13 service endpoints overrides are supported. + // +kubebuilder:validation:MaxItems=13 + // +listType=map + // +listMapKey=name + // +optional + // +openshift:enable:FeatureGate=DyanmicServiceEndpointIBMCloud + ServiceEndpoints []IBMCloudServiceEndpoint `json:"serviceEndpoints,omitempty"` +} // IBMCloudPlatformStatus holds the current status of the IBMCloud infrastructure provider. type IBMCloudPlatformStatus struct { @@ -1647,8 +1748,12 @@ type IBMCloudPlatformStatus struct { DNSInstanceCRN string `json:"dnsInstanceCRN,omitempty"` // serviceEndpoints is a list of custom endpoints which will override the default - // service endpoints of an IBM Cloud service. These endpoints are consumed by - // components within the cluster to reach the respective IBM Cloud Services. + // service endpoints of an IBM service. These endpoints are used by components + // within the cluster when trying to reach the IBM Cloud Services that have been + // overriden. The CCCMO reads in the IBMCloudPlatformSpec and validates each + // endpoint is resolvable. Once validated, the cloud config and IBMCloudPlatformStatus + // are updated to reflect the same custom endpoints. + // +openshift:validation:FeatureGateAwareMaxItems:featureGate=DyanmicServiceEndpointIBMCloud,maxItems=13 // +listType=map // +listMapKey=name // +optional diff --git a/vendor/github.com/openshift/api/config/v1/types_network.go b/vendor/github.com/openshift/api/config/v1/types_network.go index 95e55a7ff..41dc2eb97 100644 --- a/vendor/github.com/openshift/api/config/v1/types_network.go +++ b/vendor/github.com/openshift/api/config/v1/types_network.go @@ -112,12 +112,10 @@ type NetworkStatus struct { // conditions represents the observations of a network.config current state. // Known .status.conditions.type are: "NetworkDiagnosticsAvailable" // +optional - // +patchMergeKey=type - // +patchStrategy=merge // +listType=map // +listMapKey=type // +openshift:enable:FeatureGate=NetworkDiagnosticsConfig - Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"` + Conditions []metav1.Condition `json:"conditions,omitempty"` } // ClusterNetworkEntry is a contiguous block of IP addresses from which pod IPs diff --git a/vendor/github.com/openshift/api/config/v1/types_node.go b/vendor/github.com/openshift/api/config/v1/types_node.go index 3fc7bc0c3..3977f9f14 100644 --- a/vendor/github.com/openshift/api/config/v1/types_node.go +++ b/vendor/github.com/openshift/api/config/v1/types_node.go @@ -68,12 +68,10 @@ type NodeSpec struct { type NodeStatus struct { // conditions contain the details and the current state of the nodes.config object - // +patchMergeKey=type - // +patchStrategy=merge // +listType=map // +listMapKey=type // +optional - Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"` + Conditions []metav1.Condition `json:"conditions,omitempty"` } // +kubebuilder:validation:Enum=v1;v2;"" diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-CustomNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-CustomNoUpgrade.crd.yaml index 5061a69c6..f800eeb2a 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-CustomNoUpgrade.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-CustomNoUpgrade.crd.yaml @@ -141,7 +141,7 @@ spec: Some of the fields are inter-related with restrictions and meanings described here. 1. image is specified, version is specified, architecture is specified. API validation error. - 2. image is specified, version is specified, architecture is not specified. You should not do this. version is silently ignored and image is used. + 2. image is specified, version is specified, architecture is not specified. The version extracted from the referenced image must match the specified version. 3. image is specified, version is not specified, architecture is specified. API validation error. 4. image is specified, version is not specified, architecture is not specified. image is used. 5. image is not specified, version is specified, architecture is specified. version and desired architecture are used to select an image. @@ -181,14 +181,14 @@ spec: description: |- image is a container image location that contains the update. image should be used when the desired version does not exist in availableUpdates or history. - When image is set, version is ignored. When image is set, version should be empty. When image is set, architecture cannot be specified. + If both version and image are set, the version extracted from the referenced image must match the specified version. type: string version: description: |- version is a semantic version identifying the update version. - version is ignored if image is specified and required if - architecture is specified. + version is required if architecture is specified. + If both version and image are set, the version extracted from the referenced image must match the specified version. type: string type: object x-kubernetes-validations: diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-Default.crd.yaml b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-Default.crd.yaml index caeeb9064..da1d0f028 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-Default.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-Default.crd.yaml @@ -141,7 +141,7 @@ spec: Some of the fields are inter-related with restrictions and meanings described here. 1. image is specified, version is specified, architecture is specified. API validation error. - 2. image is specified, version is specified, architecture is not specified. You should not do this. version is silently ignored and image is used. + 2. image is specified, version is specified, architecture is not specified. The version extracted from the referenced image must match the specified version. 3. image is specified, version is not specified, architecture is specified. API validation error. 4. image is specified, version is not specified, architecture is not specified. image is used. 5. image is not specified, version is specified, architecture is specified. version and desired architecture are used to select an image. @@ -181,14 +181,14 @@ spec: description: |- image is a container image location that contains the update. image should be used when the desired version does not exist in availableUpdates or history. - When image is set, version is ignored. When image is set, version should be empty. When image is set, architecture cannot be specified. + If both version and image are set, the version extracted from the referenced image must match the specified version. type: string version: description: |- version is a semantic version identifying the update version. - version is ignored if image is specified and required if - architecture is specified. + version is required if architecture is specified. + If both version and image are set, the version extracted from the referenced image must match the specified version. type: string type: object x-kubernetes-validations: diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-DevPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-DevPreviewNoUpgrade.crd.yaml index d7319febe..39e37aaae 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-DevPreviewNoUpgrade.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-DevPreviewNoUpgrade.crd.yaml @@ -141,7 +141,7 @@ spec: Some of the fields are inter-related with restrictions and meanings described here. 1. image is specified, version is specified, architecture is specified. API validation error. - 2. image is specified, version is specified, architecture is not specified. You should not do this. version is silently ignored and image is used. + 2. image is specified, version is specified, architecture is not specified. The version extracted from the referenced image must match the specified version. 3. image is specified, version is not specified, architecture is specified. API validation error. 4. image is specified, version is not specified, architecture is not specified. image is used. 5. image is not specified, version is specified, architecture is specified. version and desired architecture are used to select an image. @@ -181,14 +181,14 @@ spec: description: |- image is a container image location that contains the update. image should be used when the desired version does not exist in availableUpdates or history. - When image is set, version is ignored. When image is set, version should be empty. When image is set, architecture cannot be specified. + If both version and image are set, the version extracted from the referenced image must match the specified version. type: string version: description: |- version is a semantic version identifying the update version. - version is ignored if image is specified and required if - architecture is specified. + version is required if architecture is specified. + If both version and image are set, the version extracted from the referenced image must match the specified version. type: string type: object x-kubernetes-validations: diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-TechPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-TechPreviewNoUpgrade.crd.yaml index 438024887..6a9c34260 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-TechPreviewNoUpgrade.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-TechPreviewNoUpgrade.crd.yaml @@ -141,7 +141,7 @@ spec: Some of the fields are inter-related with restrictions and meanings described here. 1. image is specified, version is specified, architecture is specified. API validation error. - 2. image is specified, version is specified, architecture is not specified. You should not do this. version is silently ignored and image is used. + 2. image is specified, version is specified, architecture is not specified. The version extracted from the referenced image must match the specified version. 3. image is specified, version is not specified, architecture is specified. API validation error. 4. image is specified, version is not specified, architecture is not specified. image is used. 5. image is not specified, version is specified, architecture is specified. version and desired architecture are used to select an image. @@ -181,14 +181,14 @@ spec: description: |- image is a container image location that contains the update. image should be used when the desired version does not exist in availableUpdates or history. - When image is set, version is ignored. When image is set, version should be empty. When image is set, architecture cannot be specified. + If both version and image are set, the version extracted from the referenced image must match the specified version. type: string version: description: |- version is a semantic version identifying the update version. - version is ignored if image is specified and required if - architecture is specified. + version is required if architecture is specified. + If both version and image are set, the version extracted from the referenced image must match the specified version. type: string type: object x-kubernetes-validations: diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_images-CustomNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_images-CustomNoUpgrade.crd.yaml index 67e097af3..0477bd983 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_images-CustomNoUpgrade.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_images-CustomNoUpgrade.crd.yaml @@ -164,6 +164,11 @@ spec: type: array x-kubernetes-list-type: atomic type: object + x-kubernetes-validations: + - message: Only one of blockedRegistries or allowedRegistries may + be set + rule: 'has(self.blockedRegistries) ? !has(self.allowedRegistries) + : true' type: object status: description: status holds observed values from the cluster. They may not diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_images-Default.crd.yaml b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_images-Default.crd.yaml index a622c7d37..34c6dbeff 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_images-Default.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_images-Default.crd.yaml @@ -146,6 +146,11 @@ spec: type: array x-kubernetes-list-type: atomic type: object + x-kubernetes-validations: + - message: Only one of blockedRegistries or allowedRegistries may + be set + rule: 'has(self.blockedRegistries) ? !has(self.allowedRegistries) + : true' type: object status: description: status holds observed values from the cluster. They may not diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_images-DevPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_images-DevPreviewNoUpgrade.crd.yaml index 89ad329c7..8ff715e26 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_images-DevPreviewNoUpgrade.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_images-DevPreviewNoUpgrade.crd.yaml @@ -164,6 +164,11 @@ spec: type: array x-kubernetes-list-type: atomic type: object + x-kubernetes-validations: + - message: Only one of blockedRegistries or allowedRegistries may + be set + rule: 'has(self.blockedRegistries) ? !has(self.allowedRegistries) + : true' type: object status: description: status holds observed values from the cluster. They may not diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_images-TechPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_images-TechPreviewNoUpgrade.crd.yaml index 66bebe4aa..ccc1c72e5 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_images-TechPreviewNoUpgrade.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_images-TechPreviewNoUpgrade.crd.yaml @@ -164,6 +164,11 @@ spec: type: array x-kubernetes-list-type: atomic type: object + x-kubernetes-validations: + - message: Only one of blockedRegistries or allowedRegistries may + be set + rule: 'has(self.blockedRegistries) ? !has(self.allowedRegistries) + : true' type: object status: description: status holds observed values from the cluster. They may not diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-CustomNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-CustomNoUpgrade.crd.yaml index 299a6d52a..d984f8f9c 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-CustomNoUpgrade.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-CustomNoUpgrade.crd.yaml @@ -223,6 +223,68 @@ spec: ibmcloud: description: ibmcloud contains settings specific to the IBMCloud infrastructure provider. + properties: + serviceEndpoints: + description: |- + serviceEndpoints is a list of custom endpoints which will override the default + service endpoints of an IBM service. These endpoints are used by components + within the cluster when trying to reach the IBM Cloud Services that have been + overriden. The CCCMO reads in the IBMCloudPlatformSpec and validates each + endpoint is resolvable. Once validated, the cloud config and IBMCloudPlatformStatus + are updated to reflect the same custom endpoints. + A maximum of 13 service endpoints overrides are supported. + items: + description: |- + IBMCloudServiceEndpoint stores the configuration of a custom url to + override existing defaults of IBM Cloud Services. + properties: + name: + description: |- + name is the name of the IBM Cloud service. + Possible values are: CIS, COS, COSConfig, DNSServices, GlobalCatalog, GlobalSearch, GlobalTagging, HyperProtect, IAM, KeyProtect, ResourceController, ResourceManager, or VPC. + For example, the IBM Cloud Private IAM service could be configured with the + service `name` of `IAM` and `url` of `https://private.iam.cloud.ibm.com` + Whereas the IBM Cloud Private VPC service for US South (Dallas) could be configured + with the service `name` of `VPC` and `url` of `https://us.south.private.iaas.cloud.ibm.com` + enum: + - CIS + - COS + - COSConfig + - DNSServices + - GlobalCatalog + - GlobalSearch + - GlobalTagging + - HyperProtect + - IAM + - KeyProtect + - ResourceController + - ResourceManager + - VPC + type: string + url: + description: |- + url is fully qualified URI with scheme https, that overrides the default generated + endpoint for a client. + This must be provided and cannot be empty. The path must follow the pattern + /v[0,9]+ or /api/v[0,9]+ + maxLength: 300 + type: string + x-kubernetes-validations: + - message: url must use https scheme + rule: url(self).getScheme() == "https" + - message: url path must match /v[0,9]+ or /api/v[0,9]+ + rule: matches((url(self).getEscapedPath()), '^/(api/)?v[0-9]+/{0,1}$') + - message: url must be a valid absolute URL + rule: isURL(self) + required: + - name + - url + type: object + maxItems: 13 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map type: object kubevirt: description: kubevirt contains settings specific to the kubevirt @@ -1068,6 +1130,7 @@ spec: - HighlyAvailable - HighlyAvailableArbiter - SingleReplica + - DualReplica - External type: string cpuPartitioning: @@ -1305,20 +1368,35 @@ spec: created for the cluster. properties: key: - description: key is the key of the tag + description: |- + key sets the key of the AWS resource tag key-value pair. Key is required when defining an AWS resource tag. + Key should consist of between 1 and 128 characters, and may + contain only the set of alphanumeric characters, space (' '), '_', '.', '/', '=', '+', '-', ':', and '@'. maxLength: 128 minLength: 1 - pattern: ^[0-9A-Za-z_.:/=+-@]+$ type: string + x-kubernetes-validations: + - message: invalid AWS resource tag key. The string + can contain only the set of alphanumeric characters, + space (' '), '_', '.', '/', '=', '+', '-', ':', + '@' + rule: self.matches('^[0-9A-Za-z_.:/=+-@ ]+$') value: description: |- - value is the value of the tag. + value sets the value of the AWS resource tag key-value pair. Value is required when defining an AWS resource tag. + Value should consist of between 1 and 256 characters, and may + contain only the set of alphanumeric characters, space (' '), '_', '.', '/', '=', '+', '-', ':', and '@'. Some AWS service do not support empty values. Since tags are added to resources in many services, the length of the tag value must meet the requirements of all services. maxLength: 256 minLength: 1 - pattern: ^[0-9A-Za-z_.:/=+-@]+$ type: string + x-kubernetes-validations: + - message: invalid AWS resource tag value. The string + can contain only the set of alphanumeric characters, + space (' '), '_', '.', '/', '=', '+', '-', ':', + '@' + rule: self.matches('^[0-9A-Za-z_.:/=+-@ ]+$') required: - key - value @@ -1808,6 +1886,72 @@ spec: - message: resourceTags are immutable and may only be configured during installation rule: self.all(x, x in oldSelf) && oldSelf.all(x, x in self) + serviceEndpoints: + description: |- + serviceEndpoints specifies endpoints that override the default endpoints + used when creating clients to interact with GCP services. + When not specified, the default endpoint for the GCP region will be used. + Only 1 endpoint override is permitted for each GCP service. + The maximum number of endpoint overrides allowed is 9. + items: + description: |- + GCPServiceEndpoint store the configuration of a custom url to + override existing defaults of GCP Services. + properties: + name: + description: |- + name is the name of the GCP service whose endpoint is being overridden. + This must be provided and cannot be empty. + + Allowed values are Compute, Container, CloudResourceManager, DNS, File, IAM, ServiceUsage, + Storage, and TagManager. + + As an example, when setting the name to Compute all requests made by the caller to the GCP Compute + Service will be directed to the endpoint specified in the url field. + enum: + - Compute + - Container + - CloudResourceManager + - DNS + - File + - IAM + - ServiceUsage + - Storage + - TagManager + type: string + url: + description: |- + url is a fully qualified URI that overrides the default endpoint for a client using the GCP service specified + in the name field. + url is required, must use the scheme https, must not be more than 253 characters in length, + and must be a valid URL according to Go's net/url package (https://pkg.go.dev/net/url#URL) + + An example of a valid endpoint that overrides the Compute Service: "https://compute-myendpoint1.p.googleapis.com" + maxLength: 253 + type: string + x-kubernetes-validations: + - message: must be a valid URL + rule: isURL(self) + - message: scheme must be https + rule: 'isURL(self) ? (url(self).getScheme() == "https") + : true' + - message: url must consist only of a scheme and domain. + The url path must be empty. + rule: url(self).getEscapedPath() == "" || url(self).getEscapedPath() + == "/" + required: + - name + - url + type: object + maxItems: 9 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + x-kubernetes-validations: + - message: only 1 endpoint override is permitted per GCP service + name + rule: self.all(x, self.exists_one(y, x.name == y.name)) type: object x-kubernetes-validations: - message: resourceLabels may only be configured during installation @@ -1844,8 +1988,11 @@ spec: serviceEndpoints: description: |- serviceEndpoints is a list of custom endpoints which will override the default - service endpoints of an IBM Cloud service. These endpoints are consumed by - components within the cluster to reach the respective IBM Cloud Services. + service endpoints of an IBM service. These endpoints are used by components + within the cluster when trying to reach the IBM Cloud Services that have been + overriden. The CCCMO reads in the IBMCloudPlatformSpec and validates each + endpoint is resolvable. Once validated, the cloud config and IBMCloudPlatformStatus + are updated to reflect the same custom endpoints. items: description: |- IBMCloudServiceEndpoint stores the configuration of a custom url to @@ -1878,7 +2025,9 @@ spec: description: |- url is fully qualified URI with scheme https, that overrides the default generated endpoint for a client. - This must be provided and cannot be empty. + This must be provided and cannot be empty. The path must follow the pattern + /v[0,9]+ or /api/v[0,9]+ + maxLength: 300 type: string x-kubernetes-validations: - message: url must be a valid absolute URL @@ -1887,6 +2036,7 @@ spec: - name - url type: object + maxItems: 13 type: array x-kubernetes-list-map-keys: - name diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-Default.crd.yaml b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-Default.crd.yaml index 55ec17de5..5f569b44e 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-Default.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-Default.crd.yaml @@ -1185,20 +1185,35 @@ spec: created for the cluster. properties: key: - description: key is the key of the tag + description: |- + key sets the key of the AWS resource tag key-value pair. Key is required when defining an AWS resource tag. + Key should consist of between 1 and 128 characters, and may + contain only the set of alphanumeric characters, space (' '), '_', '.', '/', '=', '+', '-', ':', and '@'. maxLength: 128 minLength: 1 - pattern: ^[0-9A-Za-z_.:/=+-@]+$ type: string + x-kubernetes-validations: + - message: invalid AWS resource tag key. The string + can contain only the set of alphanumeric characters, + space (' '), '_', '.', '/', '=', '+', '-', ':', + '@' + rule: self.matches('^[0-9A-Za-z_.:/=+-@ ]+$') value: description: |- - value is the value of the tag. + value sets the value of the AWS resource tag key-value pair. Value is required when defining an AWS resource tag. + Value should consist of between 1 and 256 characters, and may + contain only the set of alphanumeric characters, space (' '), '_', '.', '/', '=', '+', '-', ':', and '@'. Some AWS service do not support empty values. Since tags are added to resources in many services, the length of the tag value must meet the requirements of all services. maxLength: 256 minLength: 1 - pattern: ^[0-9A-Za-z_.:/=+-@]+$ type: string + x-kubernetes-validations: + - message: invalid AWS resource tag value. The string + can contain only the set of alphanumeric characters, + space (' '), '_', '.', '/', '=', '+', '-', ':', + '@' + rule: self.matches('^[0-9A-Za-z_.:/=+-@ ]+$') required: - key - value @@ -1620,8 +1635,11 @@ spec: serviceEndpoints: description: |- serviceEndpoints is a list of custom endpoints which will override the default - service endpoints of an IBM Cloud service. These endpoints are consumed by - components within the cluster to reach the respective IBM Cloud Services. + service endpoints of an IBM service. These endpoints are used by components + within the cluster when trying to reach the IBM Cloud Services that have been + overriden. The CCCMO reads in the IBMCloudPlatformSpec and validates each + endpoint is resolvable. Once validated, the cloud config and IBMCloudPlatformStatus + are updated to reflect the same custom endpoints. items: description: |- IBMCloudServiceEndpoint stores the configuration of a custom url to @@ -1654,7 +1672,9 @@ spec: description: |- url is fully qualified URI with scheme https, that overrides the default generated endpoint for a client. - This must be provided and cannot be empty. + This must be provided and cannot be empty. The path must follow the pattern + /v[0,9]+ or /api/v[0,9]+ + maxLength: 300 type: string x-kubernetes-validations: - message: url must be a valid absolute URL diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-DevPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-DevPreviewNoUpgrade.crd.yaml index 9b6a6716a..7c16c2b68 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-DevPreviewNoUpgrade.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-DevPreviewNoUpgrade.crd.yaml @@ -223,6 +223,68 @@ spec: ibmcloud: description: ibmcloud contains settings specific to the IBMCloud infrastructure provider. + properties: + serviceEndpoints: + description: |- + serviceEndpoints is a list of custom endpoints which will override the default + service endpoints of an IBM service. These endpoints are used by components + within the cluster when trying to reach the IBM Cloud Services that have been + overriden. The CCCMO reads in the IBMCloudPlatformSpec and validates each + endpoint is resolvable. Once validated, the cloud config and IBMCloudPlatformStatus + are updated to reflect the same custom endpoints. + A maximum of 13 service endpoints overrides are supported. + items: + description: |- + IBMCloudServiceEndpoint stores the configuration of a custom url to + override existing defaults of IBM Cloud Services. + properties: + name: + description: |- + name is the name of the IBM Cloud service. + Possible values are: CIS, COS, COSConfig, DNSServices, GlobalCatalog, GlobalSearch, GlobalTagging, HyperProtect, IAM, KeyProtect, ResourceController, ResourceManager, or VPC. + For example, the IBM Cloud Private IAM service could be configured with the + service `name` of `IAM` and `url` of `https://private.iam.cloud.ibm.com` + Whereas the IBM Cloud Private VPC service for US South (Dallas) could be configured + with the service `name` of `VPC` and `url` of `https://us.south.private.iaas.cloud.ibm.com` + enum: + - CIS + - COS + - COSConfig + - DNSServices + - GlobalCatalog + - GlobalSearch + - GlobalTagging + - HyperProtect + - IAM + - KeyProtect + - ResourceController + - ResourceManager + - VPC + type: string + url: + description: |- + url is fully qualified URI with scheme https, that overrides the default generated + endpoint for a client. + This must be provided and cannot be empty. The path must follow the pattern + /v[0,9]+ or /api/v[0,9]+ + maxLength: 300 + type: string + x-kubernetes-validations: + - message: url must use https scheme + rule: url(self).getScheme() == "https" + - message: url path must match /v[0,9]+ or /api/v[0,9]+ + rule: matches((url(self).getEscapedPath()), '^/(api/)?v[0-9]+/{0,1}$') + - message: url must be a valid absolute URL + rule: isURL(self) + required: + - name + - url + type: object + maxItems: 13 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map type: object kubevirt: description: kubevirt contains settings specific to the kubevirt @@ -1068,6 +1130,7 @@ spec: - HighlyAvailable - HighlyAvailableArbiter - SingleReplica + - DualReplica - External type: string cpuPartitioning: @@ -1305,20 +1368,35 @@ spec: created for the cluster. properties: key: - description: key is the key of the tag + description: |- + key sets the key of the AWS resource tag key-value pair. Key is required when defining an AWS resource tag. + Key should consist of between 1 and 128 characters, and may + contain only the set of alphanumeric characters, space (' '), '_', '.', '/', '=', '+', '-', ':', and '@'. maxLength: 128 minLength: 1 - pattern: ^[0-9A-Za-z_.:/=+-@]+$ type: string + x-kubernetes-validations: + - message: invalid AWS resource tag key. The string + can contain only the set of alphanumeric characters, + space (' '), '_', '.', '/', '=', '+', '-', ':', + '@' + rule: self.matches('^[0-9A-Za-z_.:/=+-@ ]+$') value: description: |- - value is the value of the tag. + value sets the value of the AWS resource tag key-value pair. Value is required when defining an AWS resource tag. + Value should consist of between 1 and 256 characters, and may + contain only the set of alphanumeric characters, space (' '), '_', '.', '/', '=', '+', '-', ':', and '@'. Some AWS service do not support empty values. Since tags are added to resources in many services, the length of the tag value must meet the requirements of all services. maxLength: 256 minLength: 1 - pattern: ^[0-9A-Za-z_.:/=+-@]+$ type: string + x-kubernetes-validations: + - message: invalid AWS resource tag value. The string + can contain only the set of alphanumeric characters, + space (' '), '_', '.', '/', '=', '+', '-', ':', + '@' + rule: self.matches('^[0-9A-Za-z_.:/=+-@ ]+$') required: - key - value @@ -1808,6 +1886,72 @@ spec: - message: resourceTags are immutable and may only be configured during installation rule: self.all(x, x in oldSelf) && oldSelf.all(x, x in self) + serviceEndpoints: + description: |- + serviceEndpoints specifies endpoints that override the default endpoints + used when creating clients to interact with GCP services. + When not specified, the default endpoint for the GCP region will be used. + Only 1 endpoint override is permitted for each GCP service. + The maximum number of endpoint overrides allowed is 9. + items: + description: |- + GCPServiceEndpoint store the configuration of a custom url to + override existing defaults of GCP Services. + properties: + name: + description: |- + name is the name of the GCP service whose endpoint is being overridden. + This must be provided and cannot be empty. + + Allowed values are Compute, Container, CloudResourceManager, DNS, File, IAM, ServiceUsage, + Storage, and TagManager. + + As an example, when setting the name to Compute all requests made by the caller to the GCP Compute + Service will be directed to the endpoint specified in the url field. + enum: + - Compute + - Container + - CloudResourceManager + - DNS + - File + - IAM + - ServiceUsage + - Storage + - TagManager + type: string + url: + description: |- + url is a fully qualified URI that overrides the default endpoint for a client using the GCP service specified + in the name field. + url is required, must use the scheme https, must not be more than 253 characters in length, + and must be a valid URL according to Go's net/url package (https://pkg.go.dev/net/url#URL) + + An example of a valid endpoint that overrides the Compute Service: "https://compute-myendpoint1.p.googleapis.com" + maxLength: 253 + type: string + x-kubernetes-validations: + - message: must be a valid URL + rule: isURL(self) + - message: scheme must be https + rule: 'isURL(self) ? (url(self).getScheme() == "https") + : true' + - message: url must consist only of a scheme and domain. + The url path must be empty. + rule: url(self).getEscapedPath() == "" || url(self).getEscapedPath() + == "/" + required: + - name + - url + type: object + maxItems: 9 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + x-kubernetes-validations: + - message: only 1 endpoint override is permitted per GCP service + name + rule: self.all(x, self.exists_one(y, x.name == y.name)) type: object x-kubernetes-validations: - message: resourceLabels may only be configured during installation @@ -1844,8 +1988,11 @@ spec: serviceEndpoints: description: |- serviceEndpoints is a list of custom endpoints which will override the default - service endpoints of an IBM Cloud service. These endpoints are consumed by - components within the cluster to reach the respective IBM Cloud Services. + service endpoints of an IBM service. These endpoints are used by components + within the cluster when trying to reach the IBM Cloud Services that have been + overriden. The CCCMO reads in the IBMCloudPlatformSpec and validates each + endpoint is resolvable. Once validated, the cloud config and IBMCloudPlatformStatus + are updated to reflect the same custom endpoints. items: description: |- IBMCloudServiceEndpoint stores the configuration of a custom url to @@ -1878,7 +2025,9 @@ spec: description: |- url is fully qualified URI with scheme https, that overrides the default generated endpoint for a client. - This must be provided and cannot be empty. + This must be provided and cannot be empty. The path must follow the pattern + /v[0,9]+ or /api/v[0,9]+ + maxLength: 300 type: string x-kubernetes-validations: - message: url must be a valid absolute URL @@ -1887,6 +2036,7 @@ spec: - name - url type: object + maxItems: 13 type: array x-kubernetes-list-map-keys: - name diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-TechPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-TechPreviewNoUpgrade.crd.yaml index b0c12e2eb..a4d31c224 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-TechPreviewNoUpgrade.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-TechPreviewNoUpgrade.crd.yaml @@ -223,6 +223,68 @@ spec: ibmcloud: description: ibmcloud contains settings specific to the IBMCloud infrastructure provider. + properties: + serviceEndpoints: + description: |- + serviceEndpoints is a list of custom endpoints which will override the default + service endpoints of an IBM service. These endpoints are used by components + within the cluster when trying to reach the IBM Cloud Services that have been + overriden. The CCCMO reads in the IBMCloudPlatformSpec and validates each + endpoint is resolvable. Once validated, the cloud config and IBMCloudPlatformStatus + are updated to reflect the same custom endpoints. + A maximum of 13 service endpoints overrides are supported. + items: + description: |- + IBMCloudServiceEndpoint stores the configuration of a custom url to + override existing defaults of IBM Cloud Services. + properties: + name: + description: |- + name is the name of the IBM Cloud service. + Possible values are: CIS, COS, COSConfig, DNSServices, GlobalCatalog, GlobalSearch, GlobalTagging, HyperProtect, IAM, KeyProtect, ResourceController, ResourceManager, or VPC. + For example, the IBM Cloud Private IAM service could be configured with the + service `name` of `IAM` and `url` of `https://private.iam.cloud.ibm.com` + Whereas the IBM Cloud Private VPC service for US South (Dallas) could be configured + with the service `name` of `VPC` and `url` of `https://us.south.private.iaas.cloud.ibm.com` + enum: + - CIS + - COS + - COSConfig + - DNSServices + - GlobalCatalog + - GlobalSearch + - GlobalTagging + - HyperProtect + - IAM + - KeyProtect + - ResourceController + - ResourceManager + - VPC + type: string + url: + description: |- + url is fully qualified URI with scheme https, that overrides the default generated + endpoint for a client. + This must be provided and cannot be empty. The path must follow the pattern + /v[0,9]+ or /api/v[0,9]+ + maxLength: 300 + type: string + x-kubernetes-validations: + - message: url must use https scheme + rule: url(self).getScheme() == "https" + - message: url path must match /v[0,9]+ or /api/v[0,9]+ + rule: matches((url(self).getEscapedPath()), '^/(api/)?v[0-9]+/{0,1}$') + - message: url must be a valid absolute URL + rule: isURL(self) + required: + - name + - url + type: object + maxItems: 13 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map type: object kubevirt: description: kubevirt contains settings specific to the kubevirt @@ -1068,6 +1130,7 @@ spec: - HighlyAvailable - HighlyAvailableArbiter - SingleReplica + - DualReplica - External type: string cpuPartitioning: @@ -1305,20 +1368,35 @@ spec: created for the cluster. properties: key: - description: key is the key of the tag + description: |- + key sets the key of the AWS resource tag key-value pair. Key is required when defining an AWS resource tag. + Key should consist of between 1 and 128 characters, and may + contain only the set of alphanumeric characters, space (' '), '_', '.', '/', '=', '+', '-', ':', and '@'. maxLength: 128 minLength: 1 - pattern: ^[0-9A-Za-z_.:/=+-@]+$ type: string + x-kubernetes-validations: + - message: invalid AWS resource tag key. The string + can contain only the set of alphanumeric characters, + space (' '), '_', '.', '/', '=', '+', '-', ':', + '@' + rule: self.matches('^[0-9A-Za-z_.:/=+-@ ]+$') value: description: |- - value is the value of the tag. + value sets the value of the AWS resource tag key-value pair. Value is required when defining an AWS resource tag. + Value should consist of between 1 and 256 characters, and may + contain only the set of alphanumeric characters, space (' '), '_', '.', '/', '=', '+', '-', ':', and '@'. Some AWS service do not support empty values. Since tags are added to resources in many services, the length of the tag value must meet the requirements of all services. maxLength: 256 minLength: 1 - pattern: ^[0-9A-Za-z_.:/=+-@]+$ type: string + x-kubernetes-validations: + - message: invalid AWS resource tag value. The string + can contain only the set of alphanumeric characters, + space (' '), '_', '.', '/', '=', '+', '-', ':', + '@' + rule: self.matches('^[0-9A-Za-z_.:/=+-@ ]+$') required: - key - value @@ -1808,6 +1886,72 @@ spec: - message: resourceTags are immutable and may only be configured during installation rule: self.all(x, x in oldSelf) && oldSelf.all(x, x in self) + serviceEndpoints: + description: |- + serviceEndpoints specifies endpoints that override the default endpoints + used when creating clients to interact with GCP services. + When not specified, the default endpoint for the GCP region will be used. + Only 1 endpoint override is permitted for each GCP service. + The maximum number of endpoint overrides allowed is 9. + items: + description: |- + GCPServiceEndpoint store the configuration of a custom url to + override existing defaults of GCP Services. + properties: + name: + description: |- + name is the name of the GCP service whose endpoint is being overridden. + This must be provided and cannot be empty. + + Allowed values are Compute, Container, CloudResourceManager, DNS, File, IAM, ServiceUsage, + Storage, and TagManager. + + As an example, when setting the name to Compute all requests made by the caller to the GCP Compute + Service will be directed to the endpoint specified in the url field. + enum: + - Compute + - Container + - CloudResourceManager + - DNS + - File + - IAM + - ServiceUsage + - Storage + - TagManager + type: string + url: + description: |- + url is a fully qualified URI that overrides the default endpoint for a client using the GCP service specified + in the name field. + url is required, must use the scheme https, must not be more than 253 characters in length, + and must be a valid URL according to Go's net/url package (https://pkg.go.dev/net/url#URL) + + An example of a valid endpoint that overrides the Compute Service: "https://compute-myendpoint1.p.googleapis.com" + maxLength: 253 + type: string + x-kubernetes-validations: + - message: must be a valid URL + rule: isURL(self) + - message: scheme must be https + rule: 'isURL(self) ? (url(self).getScheme() == "https") + : true' + - message: url must consist only of a scheme and domain. + The url path must be empty. + rule: url(self).getEscapedPath() == "" || url(self).getEscapedPath() + == "/" + required: + - name + - url + type: object + maxItems: 9 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + x-kubernetes-validations: + - message: only 1 endpoint override is permitted per GCP service + name + rule: self.all(x, self.exists_one(y, x.name == y.name)) type: object x-kubernetes-validations: - message: resourceLabels may only be configured during installation @@ -1844,8 +1988,11 @@ spec: serviceEndpoints: description: |- serviceEndpoints is a list of custom endpoints which will override the default - service endpoints of an IBM Cloud service. These endpoints are consumed by - components within the cluster to reach the respective IBM Cloud Services. + service endpoints of an IBM service. These endpoints are used by components + within the cluster when trying to reach the IBM Cloud Services that have been + overriden. The CCCMO reads in the IBMCloudPlatformSpec and validates each + endpoint is resolvable. Once validated, the cloud config and IBMCloudPlatformStatus + are updated to reflect the same custom endpoints. items: description: |- IBMCloudServiceEndpoint stores the configuration of a custom url to @@ -1878,7 +2025,9 @@ spec: description: |- url is fully qualified URI with scheme https, that overrides the default generated endpoint for a client. - This must be provided and cannot be empty. + This must be provided and cannot be empty. The path must follow the pattern + /v[0,9]+ or /api/v[0,9]+ + maxLength: 300 type: string x-kubernetes-validations: - message: url must be a valid absolute URL @@ -1887,6 +2036,7 @@ spec: - name - url type: object + maxItems: 13 type: array x-kubernetes-list-map-keys: - name diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go index b013d4595..40b0c857b 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go @@ -2226,6 +2226,11 @@ func (in *GCPPlatformStatus) DeepCopyInto(out *GCPPlatformStatus) { *out = new(CloudLoadBalancerConfig) (*in).DeepCopyInto(*out) } + if in.ServiceEndpoints != nil { + in, out := &in.ServiceEndpoints, &out.ServiceEndpoints + *out = make([]GCPServiceEndpoint, len(*in)) + copy(*out, *in) + } return } @@ -2271,6 +2276,22 @@ func (in *GCPResourceTag) DeepCopy() *GCPResourceTag { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GCPServiceEndpoint) DeepCopyInto(out *GCPServiceEndpoint) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GCPServiceEndpoint. +func (in *GCPServiceEndpoint) DeepCopy() *GCPServiceEndpoint { + if in == nil { + return nil + } + out := new(GCPServiceEndpoint) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *GenericAPIServerConfig) DeepCopyInto(out *GenericAPIServerConfig) { *out = *in @@ -2450,6 +2471,11 @@ func (in *HubSourceStatus) DeepCopy() *HubSourceStatus { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *IBMCloudPlatformSpec) DeepCopyInto(out *IBMCloudPlatformSpec) { *out = *in + if in.ServiceEndpoints != nil { + in, out := &in.ServiceEndpoints, &out.ServiceEndpoints + *out = make([]IBMCloudServiceEndpoint, len(*in)) + copy(*out, *in) + } return } @@ -4689,7 +4715,7 @@ func (in *PlatformSpec) DeepCopyInto(out *PlatformSpec) { if in.IBMCloud != nil { in, out := &in.IBMCloud, &out.IBMCloud *out = new(IBMCloudPlatformSpec) - **out = **in + (*in).DeepCopyInto(*out) } if in.Kubevirt != nil { in, out := &in.Kubevirt, &out.Kubevirt diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml b/vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml index 78fd36f3f..f8182fffe 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml @@ -313,7 +313,10 @@ infrastructures.config.openshift.io: FeatureGates: - AWSClusterHostedDNS - BareMetalLoadBalancer + - DualReplica + - DyanmicServiceEndpointIBMCloud - GCPClusterHostedDNS + - GCPCustomAPIEndpoints - GCPLabelsTags - HighlyAvailableArbiter - NutanixMultiSubnets diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go index 0ac9c7ccd..819b713ad 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go @@ -698,7 +698,7 @@ func (ClusterVersionList) SwaggerDoc() map[string]string { var map_ClusterVersionSpec = map[string]string{ "": "ClusterVersionSpec is the desired version state of the cluster. It includes the version the cluster should be at, how the cluster is identified, and where the cluster should look for version updates.", "clusterID": "clusterID uniquely identifies this cluster. This is expected to be an RFC4122 UUID value (xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx in hexadecimal values). This is a required field.", - "desiredUpdate": "desiredUpdate is an optional field that indicates the desired value of the cluster version. Setting this value will trigger an upgrade (if the current version does not match the desired version). The set of recommended update values is listed as part of available updates in status, and setting values outside that range may cause the upgrade to fail.\n\nSome of the fields are inter-related with restrictions and meanings described here. 1. image is specified, version is specified, architecture is specified. API validation error. 2. image is specified, version is specified, architecture is not specified. You should not do this. version is silently ignored and image is used. 3. image is specified, version is not specified, architecture is specified. API validation error. 4. image is specified, version is not specified, architecture is not specified. image is used. 5. image is not specified, version is specified, architecture is specified. version and desired architecture are used to select an image. 6. image is not specified, version is specified, architecture is not specified. version and current architecture are used to select an image. 7. image is not specified, version is not specified, architecture is specified. API validation error. 8. image is not specified, version is not specified, architecture is not specified. API validation error.\n\nIf an upgrade fails the operator will halt and report status about the failing component. Setting the desired update value back to the previous version will cause a rollback to be attempted. Not all rollbacks will succeed.", + "desiredUpdate": "desiredUpdate is an optional field that indicates the desired value of the cluster version. Setting this value will trigger an upgrade (if the current version does not match the desired version). The set of recommended update values is listed as part of available updates in status, and setting values outside that range may cause the upgrade to fail.\n\nSome of the fields are inter-related with restrictions and meanings described here. 1. image is specified, version is specified, architecture is specified. API validation error. 2. image is specified, version is specified, architecture is not specified. The version extracted from the referenced image must match the specified version. 3. image is specified, version is not specified, architecture is specified. API validation error. 4. image is specified, version is not specified, architecture is not specified. image is used. 5. image is not specified, version is specified, architecture is specified. version and desired architecture are used to select an image. 6. image is not specified, version is specified, architecture is not specified. version and current architecture are used to select an image. 7. image is not specified, version is not specified, architecture is specified. API validation error. 8. image is not specified, version is not specified, architecture is not specified. API validation error.\n\nIf an upgrade fails the operator will halt and report status about the failing component. Setting the desired update value back to the previous version will cause a rollback to be attempted. Not all rollbacks will succeed.", "upstream": "upstream may be used to specify the preferred update server. By default it will use the appropriate update server for the cluster and region.", "channel": "channel is an identifier for explicitly requesting that a non-default set of updates be applied to this cluster. The default channel will be contain stable updates that are appropriate for production clusters.", "capabilities": "capabilities configures the installation of optional, core cluster components. A null value here is identical to an empty object; see the child properties for default semantics.", @@ -797,8 +797,8 @@ func (SignatureStore) SwaggerDoc() map[string]string { var map_Update = map[string]string{ "": "Update represents an administrator update request.", "architecture": "architecture is an optional field that indicates the desired value of the cluster architecture. In this context cluster architecture means either a single architecture or a multi architecture. architecture can only be set to Multi thereby only allowing updates from single to multi architecture. If architecture is set, image cannot be set and version must be set. Valid values are 'Multi' and empty.", - "version": "version is a semantic version identifying the update version. version is ignored if image is specified and required if architecture is specified.", - "image": "image is a container image location that contains the update. image should be used when the desired version does not exist in availableUpdates or history. When image is set, version is ignored. When image is set, version should be empty. When image is set, architecture cannot be specified.", + "version": "version is a semantic version identifying the update version. version is required if architecture is specified. If both version and image are set, the version extracted from the referenced image must match the specified version.", + "image": "image is a container image location that contains the update. image should be used when the desired version does not exist in availableUpdates or history. When image is set, architecture cannot be specified. If both version and image are set, the version extracted from the referenced image must match the specified version.", "force": "force allows an administrator to update to an image that has failed verification or upgradeable checks. This option should only be used when the authenticity of the provided image has been verified out of band because the provided image will run with full administrative access to the cluster. Do not use this flag with images that comes from unknown or potentially malicious sources.", } @@ -1198,8 +1198,8 @@ func (AWSPlatformStatus) SwaggerDoc() map[string]string { var map_AWSResourceTag = map[string]string{ "": "AWSResourceTag is a tag to apply to AWS resources created for the cluster.", - "key": "key is the key of the tag", - "value": "value is the value of the tag. Some AWS service do not support empty values. Since tags are added to resources in many services, the length of the tag value must meet the requirements of all services.", + "key": "key sets the key of the AWS resource tag key-value pair. Key is required when defining an AWS resource tag. Key should consist of between 1 and 128 characters, and may contain only the set of alphanumeric characters, space (' '), '_', '.', '/', '=', '+', '-', ':', and '@'.", + "value": "value sets the value of the AWS resource tag key-value pair. Value is required when defining an AWS resource tag. Value should consist of between 1 and 256 characters, and may contain only the set of alphanumeric characters, space (' '), '_', '.', '/', '=', '+', '-', ':', and '@'. Some AWS service do not support empty values. Since tags are added to resources in many services, the length of the tag value must meet the requirements of all services.", } func (AWSResourceTag) SwaggerDoc() map[string]string { @@ -1392,6 +1392,7 @@ var map_GCPPlatformStatus = map[string]string{ "resourceLabels": "resourceLabels is a list of additional labels to apply to GCP resources created for the cluster. See https://cloud.google.com/compute/docs/labeling-resources for information on labeling GCP resources. GCP supports a maximum of 64 labels per resource. OpenShift reserves 32 labels for internal use, allowing 32 labels for user configuration.", "resourceTags": "resourceTags is a list of additional tags to apply to GCP resources created for the cluster. See https://cloud.google.com/resource-manager/docs/tags/tags-overview for information on tagging GCP resources. GCP supports a maximum of 50 tags per resource.", "cloudLoadBalancerConfig": "cloudLoadBalancerConfig holds configuration related to DNS and cloud load balancers. It allows configuration of in-cluster DNS as an alternative to the platform default DNS implementation. When using the ClusterHosted DNS type, Load Balancer IP addresses must be provided for the API and internal API load balancers as well as the ingress load balancer.", + "serviceEndpoints": "serviceEndpoints specifies endpoints that override the default endpoints used when creating clients to interact with GCP services. When not specified, the default endpoint for the GCP region will be used. Only 1 endpoint override is permitted for each GCP service. The maximum number of endpoint overrides allowed is 9.", } func (GCPPlatformStatus) SwaggerDoc() map[string]string { @@ -1419,8 +1420,19 @@ func (GCPResourceTag) SwaggerDoc() map[string]string { return map_GCPResourceTag } +var map_GCPServiceEndpoint = map[string]string{ + "": "GCPServiceEndpoint store the configuration of a custom url to override existing defaults of GCP Services.", + "name": "name is the name of the GCP service whose endpoint is being overridden. This must be provided and cannot be empty.\n\nAllowed values are Compute, Container, CloudResourceManager, DNS, File, IAM, ServiceUsage, Storage, and TagManager.\n\nAs an example, when setting the name to Compute all requests made by the caller to the GCP Compute Service will be directed to the endpoint specified in the url field.", + "url": "url is a fully qualified URI that overrides the default endpoint for a client using the GCP service specified in the name field. url is required, must use the scheme https, must not be more than 253 characters in length, and must be a valid URL according to Go's net/url package (https://pkg.go.dev/net/url#URL)\n\nAn example of a valid endpoint that overrides the Compute Service: \"https://compute-myendpoint1.p.googleapis.com\"", +} + +func (GCPServiceEndpoint) SwaggerDoc() map[string]string { + return map_GCPServiceEndpoint +} + var map_IBMCloudPlatformSpec = map[string]string{ - "": "IBMCloudPlatformSpec holds the desired state of the IBMCloud infrastructure provider. This only includes fields that can be modified in the cluster.", + "": "IBMCloudPlatformSpec holds the desired state of the IBMCloud infrastructure provider. This only includes fields that can be modified in the cluster.", + "serviceEndpoints": "serviceEndpoints is a list of custom endpoints which will override the default service endpoints of an IBM service. These endpoints are used by components within the cluster when trying to reach the IBM Cloud Services that have been overriden. The CCCMO reads in the IBMCloudPlatformSpec and validates each endpoint is resolvable. Once validated, the cloud config and IBMCloudPlatformStatus are updated to reflect the same custom endpoints. A maximum of 13 service endpoints overrides are supported.", } func (IBMCloudPlatformSpec) SwaggerDoc() map[string]string { @@ -1434,7 +1446,7 @@ var map_IBMCloudPlatformStatus = map[string]string{ "providerType": "providerType indicates the type of cluster that was created", "cisInstanceCRN": "cisInstanceCRN is the CRN of the Cloud Internet Services instance managing the DNS zone for the cluster's base domain", "dnsInstanceCRN": "dnsInstanceCRN is the CRN of the DNS Services instance managing the DNS zone for the cluster's base domain", - "serviceEndpoints": "serviceEndpoints is a list of custom endpoints which will override the default service endpoints of an IBM Cloud service. These endpoints are consumed by components within the cluster to reach the respective IBM Cloud Services.", + "serviceEndpoints": "serviceEndpoints is a list of custom endpoints which will override the default service endpoints of an IBM service. These endpoints are used by components within the cluster when trying to reach the IBM Cloud Services that have been overriden. The CCCMO reads in the IBMCloudPlatformSpec and validates each endpoint is resolvable. Once validated, the cloud config and IBMCloudPlatformStatus are updated to reflect the same custom endpoints.", } func (IBMCloudPlatformStatus) SwaggerDoc() map[string]string { @@ -1444,7 +1456,7 @@ func (IBMCloudPlatformStatus) SwaggerDoc() map[string]string { var map_IBMCloudServiceEndpoint = map[string]string{ "": "IBMCloudServiceEndpoint stores the configuration of a custom url to override existing defaults of IBM Cloud Services.", "name": "name is the name of the IBM Cloud service. Possible values are: CIS, COS, COSConfig, DNSServices, GlobalCatalog, GlobalSearch, GlobalTagging, HyperProtect, IAM, KeyProtect, ResourceController, ResourceManager, or VPC. For example, the IBM Cloud Private IAM service could be configured with the service `name` of `IAM` and `url` of `https://private.iam.cloud.ibm.com` Whereas the IBM Cloud Private VPC service for US South (Dallas) could be configured with the service `name` of `VPC` and `url` of `https://us.south.private.iaas.cloud.ibm.com`", - "url": "url is fully qualified URI with scheme https, that overrides the default generated endpoint for a client. This must be provided and cannot be empty.", + "url": "url is fully qualified URI with scheme https, that overrides the default generated endpoint for a client. This must be provided and cannot be empty. The path must follow the pattern /v[0,9]+ or /api/v[0,9]+", } func (IBMCloudServiceEndpoint) SwaggerDoc() map[string]string { diff --git a/vendor/github.com/openshift/api/config/v1alpha1/types_cluster_image_policy.go b/vendor/github.com/openshift/api/config/v1alpha1/types_cluster_image_policy.go index 5eaeeea73..107b9e29a 100644 --- a/vendor/github.com/openshift/api/config/v1alpha1/types_cluster_image_policy.go +++ b/vendor/github.com/openshift/api/config/v1alpha1/types_cluster_image_policy.go @@ -59,6 +59,7 @@ type ClusterImagePolicyStatus struct { // conditions provide details on the status of this API Resource. // +listType=map // +listMapKey=type + // +optional Conditions []metav1.Condition `json:"conditions,omitempty"` } diff --git a/vendor/github.com/openshift/api/config/v1alpha1/types_image_policy.go b/vendor/github.com/openshift/api/config/v1alpha1/types_image_policy.go index 7f57d88f9..24ff257c9 100644 --- a/vendor/github.com/openshift/api/config/v1alpha1/types_image_policy.go +++ b/vendor/github.com/openshift/api/config/v1alpha1/types_image_policy.go @@ -73,10 +73,12 @@ type Policy struct { // +union // +kubebuilder:validation:XValidation:rule="has(self.policyType) && self.policyType == 'PublicKey' ? has(self.publicKey) : !has(self.publicKey)",message="publicKey is required when policyType is PublicKey, and forbidden otherwise" // +kubebuilder:validation:XValidation:rule="has(self.policyType) && self.policyType == 'FulcioCAWithRekor' ? has(self.fulcioCAWithRekor) : !has(self.fulcioCAWithRekor)",message="fulcioCAWithRekor is required when policyType is FulcioCAWithRekor, and forbidden otherwise" +// +openshift:validation:FeatureGateAwareXValidation:featureGate=SigstoreImageVerificationPKI,rule="has(self.policyType) && self.policyType == 'PKI' ? has(self.pki) : !has(self.pki)",message="pki is required when policyType is PKI, and forbidden otherwise" type PolicyRootOfTrust struct { // policyType serves as the union's discriminator. Users are required to assign a value to this field, choosing one of the policy types that define the root of trust. // "PublicKey" indicates that the policy relies on a sigstore publicKey and may optionally use a Rekor verification. // "FulcioCAWithRekor" indicates that the policy is based on the Fulcio certification and incorporates a Rekor verification. + // "PKI" is a DevPreview feature that indicates that the policy is based on the certificates from Bring Your Own Public Key Infrastructure (BYOPKI). This value is enabled by turning on the SigstoreImageVerificationPKI feature gate. // +unionDiscriminator // +required PolicyType PolicyType `json:"policyType"` @@ -88,14 +90,20 @@ type PolicyRootOfTrust struct { // https://github.com/sigstore/fulcio and https://github.com/sigstore/rekor // +optional FulcioCAWithRekor *FulcioCAWithRekor `json:"fulcioCAWithRekor,omitempty"` + // pki defines the root of trust based on Bring Your Own Public Key Infrastructure (BYOPKI) Root CA(s) and corresponding intermediate certificates. + // +optional + // +openshift:enable:FeatureGate=SigstoreImageVerificationPKI + PKI *PKI `json:"pki,omitempty"` } -// +kubebuilder:validation:Enum=PublicKey;FulcioCAWithRekor +// +openshift:validation:FeatureGateAwareEnum:featureGate="",enum=PublicKey;FulcioCAWithRekor +// +openshift:validation:FeatureGateAwareEnum:featureGate=SigstoreImageVerificationPKI,enum=PublicKey;FulcioCAWithRekor;PKI type PolicyType string const ( PublicKeyRootOfTrust PolicyType = "PublicKey" FulcioCAWithRekorRootOfTrust PolicyType = "FulcioCAWithRekor" + PKIRootOfTrust PolicyType = "PKI" ) // PublicKey defines the root of trust based on a sigstore public key. @@ -143,6 +151,48 @@ type PolicyFulcioSubject struct { SignedEmail string `json:"signedEmail"` } +// PKI defines the root of trust based on Root CA(s) and corresponding intermediate certificates. +type PKI struct { + // caRootsData contains base64-encoded data of a certificate bundle PEM file, which contains one or more CA roots in the PEM format. The total length of the data must not exceed 8192 characters. + // +required + // +kubebuilder:validation:MaxLength=8192 + // +kubebuilder:validation:XValidation:rule="string(self).startsWith('-----BEGIN CERTIFICATE-----')",message="the caRootsData must start with base64 encoding of '-----BEGIN CERTIFICATE-----'." + // +kubebuilder:validation:XValidation:rule="string(self).endsWith('-----END CERTIFICATE-----\\n') || string(self).endsWith('-----END CERTIFICATE-----')",message="the caRootsData must end with base64 encoding of '-----END CERTIFICATE-----'." + // +kubebuilder:validation:XValidation:rule="string(self).findAll('-----BEGIN CERTIFICATE-----').size() == string(self).findAll('-----END CERTIFICATE-----').size()",message="caRootsData must be base64 encoding of valid PEM format data contain the same number of '-----BEGIN CERTIFICATE-----' and '-----END CERTIFICATE-----' markers." + CertificateAuthorityRootsData []byte `json:"caRootsData"` + // caIntermediatesData contains base64-encoded data of a certificate bundle PEM file, which contains one or more intermediate certificates in the PEM format. The total length of the data must not exceed 8192 characters. + // caIntermediatesData requires caRootsData to be set. + // +optional + // +kubebuilder:validation:XValidation:rule="string(self).startsWith('-----BEGIN CERTIFICATE-----')",message="the caIntermediatesData must start with base64 encoding of '-----BEGIN CERTIFICATE-----'." + // +kubebuilder:validation:XValidation:rule="string(self).endsWith('-----END CERTIFICATE-----\\n') || string(self).endsWith('-----END CERTIFICATE-----')",message="the caIntermediatesData must end with base64 encoding of '-----END CERTIFICATE-----'." + // +kubebuilder:validation:XValidation:rule="string(self).findAll('-----BEGIN CERTIFICATE-----').size() == string(self).findAll('-----END CERTIFICATE-----').size()",message="caIntermediatesData must be base64 encoding of valid PEM format data contain the same number of '-----BEGIN CERTIFICATE-----' and '-----END CERTIFICATE-----' markers." + // +kubebuilder:validation:MaxLength=8192 + CertificateAuthorityIntermediatesData []byte `json:"caIntermediatesData,omitempty"` + + // pkiCertificateSubject defines the requirements imposed on the subject to which the certificate was issued. + // +required + PKICertificateSubject PKICertificateSubject `json:"pkiCertificateSubject"` +} + +// PKICertificateSubject defines the requirements imposed on the subject to which the certificate was issued. +// +kubebuilder:validation:XValidation:rule="has(self.email) || has(self.hostname)", message="at least one of email or hostname must be set in pkiCertificateSubject" +// +openshift:enable:FeatureGate=SigstoreImageVerificationPKI +type PKICertificateSubject struct { + // email specifies the expected email address imposed on the subject to which the certificate was issued, and must match the email address listed in the Subject Alternative Name (SAN) field of the certificate. + // The email should be a valid email address and at most 320 characters in length. + // +optional + // +kubebuilder:validation:MaxLength:=320 + // +kubebuilder:validation:XValidation:rule=`self.matches('^\\S+@\\S+$')`,message="invalid email address in pkiCertificateSubject" + Email string `json:"email,omitempty"` + // hostname specifies the expected hostname imposed on the subject to which the certificate was issued, and it must match the hostname listed in the Subject Alternative Name (SAN) DNS field of the certificate. + // The hostname should be a valid dns 1123 subdomain name, optionally prefixed by '*.', and at most 253 characters in length. + // It should consist only of lowercase alphanumeric characters, hyphens, periods and the optional preceding asterisk. + // +optional + // +kubebuilder:validation:MaxLength:=253 + // +kubebuilder:validation:XValidation:rule="self.startsWith('*.') ? !format.dns1123Subdomain().validate(self.replace('*.', '', 1)).hasValue() : !format.dns1123Subdomain().validate(self).hasValue()",message="hostname should be a valid dns 1123 subdomain name, optionally prefixed by '*.'. It should consist only of lowercase alphanumeric characters, hyphens, periods and the optional preceding asterisk." + Hostname string `json:"hostname,omitempty"` +} + // PolicyIdentity defines image identity the signature claims about the image. When omitted, the default matchPolicy is "MatchRepoDigestOrExact". // +kubebuilder:validation:XValidation:rule="(has(self.matchPolicy) && self.matchPolicy == 'ExactRepository') ? has(self.exactRepository) : !has(self.exactRepository)",message="exactRepository is required when matchPolicy is ExactRepository, and forbidden otherwise" // +kubebuilder:validation:XValidation:rule="(has(self.matchPolicy) && self.matchPolicy == 'RemapIdentity') ? has(self.remapIdentity) : !has(self.remapIdentity)",message="remapIdentity is required when matchPolicy is RemapIdentity, and forbidden otherwise" diff --git a/vendor/github.com/openshift/api/config/v1alpha1/types_insights.go b/vendor/github.com/openshift/api/config/v1alpha1/types_insights.go index 3ae4de157..46666ae3b 100644 --- a/vendor/github.com/openshift/api/config/v1alpha1/types_insights.go +++ b/vendor/github.com/openshift/api/config/v1alpha1/types_insights.go @@ -32,33 +32,97 @@ type InsightsDataGather struct { } type InsightsDataGatherSpec struct { - // gatherConfig spec attribute includes all the configuration options related to - // gathering of the Insights data and its uploading to the ingress. + // gatherConfig spec attribute includes all the configuration options related to gathering of the Insights data and its uploading to the ingress. // +optional GatherConfig GatherConfig `json:"gatherConfig,omitempty"` } -type InsightsDataGatherStatus struct { -} +type InsightsDataGatherStatus struct{} // gatherConfig provides data gathering configuration options. type GatherConfig struct { - // dataPolicy allows user to enable additional global obfuscation of the IP addresses and base domain - // in the Insights archive data. Valid values are "None" and "ObfuscateNetworking". + // dataPolicy allows user to enable additional global obfuscation of the IP addresses and base domain in the Insights archive data. + // Valid values are "None" and "ObfuscateNetworking". // When set to None the data is not obfuscated. // When set to ObfuscateNetworking the IP addresses and the cluster domain name are obfuscated. // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. - // The current default is None. // +optional DataPolicy DataPolicy `json:"dataPolicy,omitempty"` // disabledGatherers is a list of gatherers to be excluded from the gathering. All the gatherers can be disabled by providing "all" value. // If all the gatherers are disabled, the Insights operator does not gather any data. + // The format for the disabledGatherer should be: {gatherer}/{function} where the function is optional. + // Gatherer consists of a lowercase letters only that may include underscores (_). + // Function consists of a lowercase letters only that may include underscores (_) and is separated from the gatherer by a forward slash (/). // The particular gatherers IDs can be found at https://github.com/openshift/insights-operator/blob/master/docs/gathered-data.md. // Run the following command to get the names of last active gatherers: // "oc get insightsoperators.operator.openshift.io cluster -o json | jq '.status.gatherStatus.gatherers[].name'" // An example of disabling gatherers looks like this: `disabledGatherers: ["clusterconfig/machine_configs", "workloads/workload_info"]` + // +kubebuilder:validation:MaxItems=100 + // +optional + DisabledGatherers []DisabledGatherer `json:"disabledGatherers"` + // storage is an optional field that allows user to define persistent storage for gathering jobs to store the Insights data archive. + // If omitted, the gathering job will use ephemeral storage. + // +optional + StorageSpec *Storage `json:"storage,omitempty"` +} + +// disabledGatherer is a string that represents a gatherer that should be disabled +// +kubebuilder:validation:MaxLength=256 +// +kubebuilder:validation:XValidation:rule=`self.matches("^[a-z]+[_a-z]*[a-z]([/a-z][_a-z]*)?[a-z]$")`,message=`disabledGatherer must be in the format of {gatherer}/{function} where the gatherer and function are lowercase letters only that may include underscores (_) and are separated by a forward slash (/) if the function is provided` +type DisabledGatherer string + +// storage provides persistent storage configuration options for gathering jobs. +// If the type is set to PersistentVolume, then the PersistentVolume must be defined. +// If the type is set to Ephemeral, then the PersistentVolume must not be defined. +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'PersistentVolume' ? has(self.persistentVolume) : !has(self.persistentVolume)",message="persistentVolume is required when type is PersistentVolume, and forbidden otherwise" +type Storage struct { + // type is a required field that specifies the type of storage that will be used to store the Insights data archive. + // Valid values are "PersistentVolume" and "Ephemeral". + // When set to Ephemeral, the Insights data archive is stored in the ephemeral storage of the gathering job. + // When set to PersistentVolume, the Insights data archive is stored in the PersistentVolume that is defined by the persistentVolume field. + // +required + Type StorageType `json:"type"` + // persistentVolume is an optional field that specifies the PersistentVolume that will be used to store the Insights data archive. + // The PersistentVolume must be created in the openshift-insights namespace. // +optional - DisabledGatherers []string `json:"disabledGatherers"` + PersistentVolume *PersistentVolumeConfig `json:"persistentVolume,omitempty"` +} + +// storageType declares valid storage types +// +kubebuilder:validation:Enum=PersistentVolume;Ephemeral +type StorageType string + +const ( + // StorageTypePersistentVolume storage type + StorageTypePersistentVolume StorageType = "PersistentVolume" + // StorageTypeEphemeral storage type + StorageTypeEphemeral StorageType = "Ephemeral" +) + +// persistentVolumeConfig provides configuration options for PersistentVolume storage. +type PersistentVolumeConfig struct { + // claim is a required field that specifies the configuration of the PersistentVolumeClaim that will be used to store the Insights data archive. + // The PersistentVolumeClaim must be created in the openshift-insights namespace. + // +required + Claim PersistentVolumeClaimReference `json:"claim"` + // mountPath is an optional field specifying the directory where the PVC will be mounted inside the Insights data gathering Pod. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // The current default mount path is /var/lib/insights-operator + // The path may not exceed 1024 characters and must not contain a colon. + // +kubebuilder:validation:MaxLength=1024 + // +kubebuilder:validation:XValidation:rule="!self.contains(':')",message="mountPath must not contain a colon" + // +optional + MountPath string `json:"mountPath,omitempty"` +} + +// persistentVolumeClaimReference is a reference to a PersistentVolumeClaim. +type PersistentVolumeClaimReference struct { + // name is a string that follows the DNS1123 subdomain format. + // It must be at most 253 characters in length, and must consist only of lower case alphanumeric characters, '-' and '.', and must start and end with an alphanumeric character. + // +kubebuilder:validation:XValidation:rule="!format.dns1123Subdomain().validate(self).hasValue()",message="a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character." + // +kubebuilder:validation:MaxLength:=253 + // +required + Name string `json:"name"` } const ( diff --git a/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.deepcopy.go index 8e22e2d27..17d74e0fa 100644 --- a/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.deepcopy.go @@ -353,9 +353,14 @@ func (in *GatherConfig) DeepCopyInto(out *GatherConfig) { *out = *in if in.DisabledGatherers != nil { in, out := &in.DisabledGatherers, &out.DisabledGatherers - *out = make([]string, len(*in)) + *out = make([]DisabledGatherer, len(*in)) copy(*out, *in) } + if in.StorageSpec != nil { + in, out := &in.StorageSpec, &out.StorageSpec + *out = new(Storage) + (*in).DeepCopyInto(*out) + } return } @@ -569,6 +574,82 @@ func (in *InsightsDataGatherStatus) DeepCopy() *InsightsDataGatherStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PKI) DeepCopyInto(out *PKI) { + *out = *in + if in.CertificateAuthorityRootsData != nil { + in, out := &in.CertificateAuthorityRootsData, &out.CertificateAuthorityRootsData + *out = make([]byte, len(*in)) + copy(*out, *in) + } + if in.CertificateAuthorityIntermediatesData != nil { + in, out := &in.CertificateAuthorityIntermediatesData, &out.CertificateAuthorityIntermediatesData + *out = make([]byte, len(*in)) + copy(*out, *in) + } + out.PKICertificateSubject = in.PKICertificateSubject + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PKI. +func (in *PKI) DeepCopy() *PKI { + if in == nil { + return nil + } + out := new(PKI) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PKICertificateSubject) DeepCopyInto(out *PKICertificateSubject) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PKICertificateSubject. +func (in *PKICertificateSubject) DeepCopy() *PKICertificateSubject { + if in == nil { + return nil + } + out := new(PKICertificateSubject) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PersistentVolumeClaimReference) DeepCopyInto(out *PersistentVolumeClaimReference) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PersistentVolumeClaimReference. +func (in *PersistentVolumeClaimReference) DeepCopy() *PersistentVolumeClaimReference { + if in == nil { + return nil + } + out := new(PersistentVolumeClaimReference) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PersistentVolumeConfig) DeepCopyInto(out *PersistentVolumeConfig) { + *out = *in + out.Claim = in.Claim + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PersistentVolumeConfig. +func (in *PersistentVolumeConfig) DeepCopy() *PersistentVolumeConfig { + if in == nil { + return nil + } + out := new(PersistentVolumeConfig) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Policy) DeepCopyInto(out *Policy) { *out = *in @@ -674,6 +755,11 @@ func (in *PolicyRootOfTrust) DeepCopyInto(out *PolicyRootOfTrust) { *out = new(FulcioCAWithRekor) (*in).DeepCopyInto(*out) } + if in.PKI != nil { + in, out := &in.PKI, &out.PKI + *out = new(PKI) + (*in).DeepCopyInto(*out) + } return } @@ -771,6 +857,27 @@ func (in *RetentionSizeConfig) DeepCopy() *RetentionSizeConfig { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Storage) DeepCopyInto(out *Storage) { + *out = *in + if in.PersistentVolume != nil { + in, out := &in.PersistentVolume, &out.PersistentVolume + *out = new(PersistentVolumeConfig) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Storage. +func (in *Storage) DeepCopy() *Storage { + if in == nil { + return nil + } + out := new(Storage) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *UserDefinedMonitoring) DeepCopyInto(out *UserDefinedMonitoring) { *out = *in diff --git a/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.featuregated-crd-manifests.yaml b/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.featuregated-crd-manifests.yaml index 1d4a88d50..b9dca71a9 100644 --- a/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.featuregated-crd-manifests.yaml +++ b/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.featuregated-crd-manifests.yaml @@ -29,6 +29,7 @@ clusterimagepolicies.config.openshift.io: Category: "" FeatureGates: - SigstoreImageVerification + - SigstoreImageVerificationPKI FilenameOperatorName: config-operator FilenameOperatorOrdering: "01" FilenameRunLevel: "0000_10" @@ -76,6 +77,7 @@ imagepolicies.config.openshift.io: Category: "" FeatureGates: - SigstoreImageVerification + - SigstoreImageVerificationPKI FilenameOperatorName: config-operator FilenameOperatorOrdering: "01" FilenameRunLevel: "0000_10" diff --git a/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.swagger_doc_generated.go index 92ae6cc72..504281540 100644 --- a/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.swagger_doc_generated.go @@ -214,6 +214,27 @@ func (ImagePolicyStatus) SwaggerDoc() map[string]string { return map_ImagePolicyStatus } +var map_PKI = map[string]string{ + "": "PKI defines the root of trust based on Root CA(s) and corresponding intermediate certificates.", + "caRootsData": "caRootsData contains base64-encoded data of a certificate bundle PEM file, which contains one or more CA roots in the PEM format. The total length of the data must not exceed 8192 characters. ", + "caIntermediatesData": "caIntermediatesData contains base64-encoded data of a certificate bundle PEM file, which contains one or more intermediate certificates in the PEM format. The total length of the data must not exceed 8192 characters. caIntermediatesData requires caRootsData to be set. ", + "pkiCertificateSubject": "pkiCertificateSubject defines the requirements imposed on the subject to which the certificate was issued.", +} + +func (PKI) SwaggerDoc() map[string]string { + return map_PKI +} + +var map_PKICertificateSubject = map[string]string{ + "": "PKICertificateSubject defines the requirements imposed on the subject to which the certificate was issued.", + "email": "email specifies the expected email address imposed on the subject to which the certificate was issued, and must match the email address listed in the Subject Alternative Name (SAN) field of the certificate. The email should be a valid email address and at most 320 characters in length.", + "hostname": "hostname specifies the expected hostname imposed on the subject to which the certificate was issued, and it must match the hostname listed in the Subject Alternative Name (SAN) DNS field of the certificate. The hostname should be a valid dns 1123 subdomain name, optionally prefixed by '*.', and at most 253 characters in length. It should consist only of lowercase alphanumeric characters, hyphens, periods and the optional preceding asterisk.", +} + +func (PKICertificateSubject) SwaggerDoc() map[string]string { + return map_PKICertificateSubject +} + var map_Policy = map[string]string{ "": "Policy defines the verification policy for the items in the scopes list.", "rootOfTrust": "rootOfTrust specifies the root of trust for the policy.", @@ -264,9 +285,10 @@ func (PolicyMatchRemapIdentity) SwaggerDoc() map[string]string { var map_PolicyRootOfTrust = map[string]string{ "": "PolicyRootOfTrust defines the root of trust based on the selected policyType.", - "policyType": "policyType serves as the union's discriminator. Users are required to assign a value to this field, choosing one of the policy types that define the root of trust. \"PublicKey\" indicates that the policy relies on a sigstore publicKey and may optionally use a Rekor verification. \"FulcioCAWithRekor\" indicates that the policy is based on the Fulcio certification and incorporates a Rekor verification.", + "policyType": "policyType serves as the union's discriminator. Users are required to assign a value to this field, choosing one of the policy types that define the root of trust. \"PublicKey\" indicates that the policy relies on a sigstore publicKey and may optionally use a Rekor verification. \"FulcioCAWithRekor\" indicates that the policy is based on the Fulcio certification and incorporates a Rekor verification. \"PKI\" is a DevPreview feature that indicates that the policy is based on the certificates from Bring Your Own Public Key Infrastructure (BYOPKI). This value is enabled by turning on the SigstoreImageVerificationPKI feature gate.", "publicKey": "publicKey defines the root of trust based on a sigstore public key.", "fulcioCAWithRekor": "fulcioCAWithRekor defines the root of trust based on the Fulcio certificate and the Rekor public key. For more information about Fulcio and Rekor, please refer to the document at: https://github.com/sigstore/fulcio and https://github.com/sigstore/rekor", + "pki": "pki defines the root of trust based on Bring Your Own Public Key Infrastructure (BYOPKI) Root CA(s) and corresponding intermediate certificates.", } func (PolicyRootOfTrust) SwaggerDoc() map[string]string { @@ -285,8 +307,9 @@ func (PublicKey) SwaggerDoc() map[string]string { var map_GatherConfig = map[string]string{ "": "gatherConfig provides data gathering configuration options.", - "dataPolicy": "dataPolicy allows user to enable additional global obfuscation of the IP addresses and base domain in the Insights archive data. Valid values are \"None\" and \"ObfuscateNetworking\". When set to None the data is not obfuscated. When set to ObfuscateNetworking the IP addresses and the cluster domain name are obfuscated. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is None.", - "disabledGatherers": "disabledGatherers is a list of gatherers to be excluded from the gathering. All the gatherers can be disabled by providing \"all\" value. If all the gatherers are disabled, the Insights operator does not gather any data. The particular gatherers IDs can be found at https://github.com/openshift/insights-operator/blob/master/docs/gathered-data.md. Run the following command to get the names of last active gatherers: \"oc get insightsoperators.operator.openshift.io cluster -o json | jq '.status.gatherStatus.gatherers[].name'\" An example of disabling gatherers looks like this: `disabledGatherers: [\"clusterconfig/machine_configs\", \"workloads/workload_info\"]`", + "dataPolicy": "dataPolicy allows user to enable additional global obfuscation of the IP addresses and base domain in the Insights archive data. Valid values are \"None\" and \"ObfuscateNetworking\". When set to None the data is not obfuscated. When set to ObfuscateNetworking the IP addresses and the cluster domain name are obfuscated. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", + "disabledGatherers": "disabledGatherers is a list of gatherers to be excluded from the gathering. All the gatherers can be disabled by providing \"all\" value. If all the gatherers are disabled, the Insights operator does not gather any data. The format for the disabledGatherer should be: {gatherer}/{function} where the function is optional. Gatherer consists of a lowercase letters only that may include underscores (_). Function consists of a lowercase letters only that may include underscores (_) and is separated from the gatherer by a forward slash (/). The particular gatherers IDs can be found at https://github.com/openshift/insights-operator/blob/master/docs/gathered-data.md. Run the following command to get the names of last active gatherers: \"oc get insightsoperators.operator.openshift.io cluster -o json | jq '.status.gatherStatus.gatherers[].name'\" An example of disabling gatherers looks like this: `disabledGatherers: [\"clusterconfig/machine_configs\", \"workloads/workload_info\"]`", + "storage": "storage is an optional field that allows user to define persistent storage for gathering jobs to store the Insights data archive. If omitted, the gathering job will use ephemeral storage.", } func (GatherConfig) SwaggerDoc() map[string]string { @@ -321,4 +344,33 @@ func (InsightsDataGatherSpec) SwaggerDoc() map[string]string { return map_InsightsDataGatherSpec } +var map_PersistentVolumeClaimReference = map[string]string{ + "": "persistentVolumeClaimReference is a reference to a PersistentVolumeClaim.", + "name": "name is a string that follows the DNS1123 subdomain format. It must be at most 253 characters in length, and must consist only of lower case alphanumeric characters, '-' and '.', and must start and end with an alphanumeric character.", +} + +func (PersistentVolumeClaimReference) SwaggerDoc() map[string]string { + return map_PersistentVolumeClaimReference +} + +var map_PersistentVolumeConfig = map[string]string{ + "": "persistentVolumeConfig provides configuration options for PersistentVolume storage.", + "claim": "claim is a required field that specifies the configuration of the PersistentVolumeClaim that will be used to store the Insights data archive. The PersistentVolumeClaim must be created in the openshift-insights namespace.", + "mountPath": "mountPath is an optional field specifying the directory where the PVC will be mounted inside the Insights data gathering Pod. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default mount path is /var/lib/insights-operator The path may not exceed 1024 characters and must not contain a colon.", +} + +func (PersistentVolumeConfig) SwaggerDoc() map[string]string { + return map_PersistentVolumeConfig +} + +var map_Storage = map[string]string{ + "": "storage provides persistent storage configuration options for gathering jobs. If the type is set to PersistentVolume, then the PersistentVolume must be defined. If the type is set to Ephemeral, then the PersistentVolume must not be defined.", + "type": "type is a required field that specifies the type of storage that will be used to store the Insights data archive. Valid values are \"PersistentVolume\" and \"Ephemeral\". When set to Ephemeral, the Insights data archive is stored in the ephemeral storage of the gathering job. When set to PersistentVolume, the Insights data archive is stored in the PersistentVolume that is defined by the persistentVolume field.", + "persistentVolume": "persistentVolume is an optional field that specifies the PersistentVolume that will be used to store the Insights data archive. The PersistentVolume must be created in the openshift-insights namespace.", +} + +func (Storage) SwaggerDoc() map[string]string { + return map_Storage +} + // AUTO-GENERATED FUNCTIONS END HERE diff --git a/vendor/github.com/openshift/api/features/features.go b/vendor/github.com/openshift/api/features/features.go index d9013e470..8f30373e9 100644 --- a/vendor/github.com/openshift/api/features/features.go +++ b/vendor/github.com/openshift/api/features/features.go @@ -65,7 +65,7 @@ var ( contactPerson("miciah"). productScope(ocpSpecific). enhancementPR(legacyFeatureGateWithoutEnhancement). - enableIn(configv1.DevPreviewNoUpgrade). + enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() FeatureGateSetEIPForNLBIngressController = newFeatureGate("SetEIPForNLBIngressController"). @@ -171,6 +171,14 @@ var ( enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() + FeatureGateSigstoreImageVerificationPKI = newFeatureGate("SigstoreImageVerificationPKI"). + reportProblemsToJiraComponent("node"). + contactPerson("QiWang"). + productScope(ocpSpecific). + enhancementPR("https://github.com/openshift/enhancements/pull/1658"). + enableIn(configv1.DevPreviewNoUpgrade). + mustRegister() + FeatureGateGCPLabelsTags = newFeatureGate("GCPLabelsTags"). reportProblemsToJiraComponent("Installer"). contactPerson("bhb"). @@ -522,6 +530,14 @@ var ( enableForClusterProfile(SelfManaged, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade, configv1.Default). mustRegister() + FeatureGateNewOLMCatalogdAPIV1Metas = newFeatureGate("NewOLMCatalogdAPIV1Metas"). + reportProblemsToJiraComponent("olm"). + contactPerson("jordank"). + productScope(ocpSpecific). + enhancementPR("https://github.com/openshift/enhancements/pull/1749"). + enableForClusterProfile(SelfManaged, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + mustRegister() + FeatureGateInsightsOnDemandDataGather = newFeatureGate("InsightsOnDemandDataGather"). reportProblemsToJiraComponent("insights"). contactPerson("tremes"). @@ -724,8 +740,11 @@ var ( contactPerson("eggfoobar"). productScope(ocpSpecific). enhancementPR("https://github.com/openshift/enhancements/pull/1674"). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). - mustRegister() + // TODO: Do not go GA until jira issue is resolved: https://issues.redhat.com/browse/OCPEDGE-1637 + // Annotations must correctly handle either DualReplica or HighlyAvailableArbiter going GA with + // the other still in TechPreview. + enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + mustRegister() FeatureGateCVOConfiguration = newFeatureGate("ClusterVersionOperatorConfiguration"). reportProblemsToJiraComponent("Cluster Version Operator"). @@ -734,4 +753,76 @@ var ( enhancementPR("https://github.com/openshift/enhancements/pull/1492"). enableIn(configv1.DevPreviewNoUpgrade). mustRegister() + + FeatureGateGCPCustomAPIEndpoints = newFeatureGate("GCPCustomAPIEndpoints"). + reportProblemsToJiraComponent("Installer"). + contactPerson("barbacbd"). + productScope(ocpSpecific). + enhancementPR("https://github.com/openshift/enhancements/pull/1492"). + enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + mustRegister() + + FeatureGateDyanmicServiceEndpointIBMCloud = newFeatureGate("DyanmicServiceEndpointIBMCloud"). + reportProblemsToJiraComponent("Cloud Compute / IBM Provider"). + contactPerson("jared-hayes-dev"). + productScope(ocpSpecific). + enhancementPR("https://github.com/openshift/enhancements/pull/1712"). + enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + mustRegister() + + FeatureGateSELinuxChangePolicy = newFeatureGate("SELinuxChangePolicy"). + reportProblemsToJiraComponent("Storage / Kubernetes"). + contactPerson("jsafrane"). + productScope(kubernetes). + enhancementPR("https://github.com/kubernetes/enhancements/issues/1710"). + enableIn(configv1.DevPreviewNoUpgrade). + mustRegister() + + FeatureGateSELinuxMount = newFeatureGate("SELinuxMount"). + reportProblemsToJiraComponent("Storage / Kubernetes"). + contactPerson("jsafrane"). + productScope(kubernetes). + enhancementPR("https://github.com/kubernetes/enhancements/issues/1710"). + enableIn(configv1.DevPreviewNoUpgrade). + mustRegister() + + FeatureGateDualReplica = newFeatureGate("DualReplica"). + reportProblemsToJiraComponent("Two Node Fencing"). + contactPerson("jaypoulz"). + productScope(ocpSpecific). + enhancementPR("https://github.com/openshift/enhancements/pull/1675"). + // TODO: Do not go GA until jira issue is resolved: https://issues.redhat.com/browse/OCPEDGE-1637 + // Annotations must correctly handle either DualReplica or HighlyAvailableArbiter going GA with + // the other still in TechPreview. + enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + mustRegister() + + FeatureGateGatewayAPIController = newFeatureGate("GatewayAPIController"). + reportProblemsToJiraComponent("Routing"). + contactPerson("miciah"). + productScope(ocpSpecific). + // Previously, the "GatewayAPI" feature gate managed both the GatewayAPI CRDs + // and the Gateway Controller. However, with the introduction of Gateway CRD + // lifecycle management (EP#1756), these responsibilities were separated. + // A dedicated feature gate now controls the Gateway Controller to distinguish + // its production readiness from that of the CRDs. + enhancementPR("https://github.com/openshift/enhancements/pull/1756"). + enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + mustRegister() + + FeatureShortCertRotation = newFeatureGate("ShortCertRotation"). + reportProblemsToJiraComponent("kube-apiserver"). + contactPerson("vrutkovs"). + productScope(ocpSpecific). + enableIn(configv1.DevPreviewNoUpgrade). + enhancementPR("https://github.com/openshift/enhancements/pull/1670"). + mustRegister() + + FeatureGateVSphereConfigurableMaxAllowedBlockVolumesPerNode = newFeatureGate("VSphereConfigurableMaxAllowedBlockVolumesPerNode"). + reportProblemsToJiraComponent("Storage / Kubernetes External Components"). + contactPerson("rbednar"). + productScope(ocpSpecific). + enhancementPR("https://github.com/openshift/enhancements/pull/1748"). + enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + mustRegister() ) diff --git a/vendor/github.com/openshift/api/operator/v1/types.go b/vendor/github.com/openshift/api/operator/v1/types.go index 284dfe54d..4b0c48a10 100644 --- a/vendor/github.com/openshift/api/operator/v1/types.go +++ b/vendor/github.com/openshift/api/operator/v1/types.go @@ -258,15 +258,21 @@ type StaticPodOperatorStatus struct { // NodeStatus provides information about the current state of a particular node managed by this operator. // +kubebuilder:validation:XValidation:rule="has(self.currentRevision) || !has(oldSelf.currentRevision)",message="cannot be unset once set",fieldPath=".currentRevision" +// +kubebuilder:validation:XValidation:rule="oldSelf.hasValue() || !has(self.currentRevision)",message="currentRevision can not be set on creation of a nodeStatus",optionalOldSelf=true,fieldPath=.currentRevision +// +kubebuilder:validation:XValidation:rule="oldSelf.hasValue() || !has(self.targetRevision)",message="targetRevision can not be set on creation of a nodeStatus",optionalOldSelf=true,fieldPath=.targetRevision type NodeStatus struct { // nodeName is the name of the node // +required NodeName string `json:"nodeName"` - // currentRevision is the generation of the most recently successful deployment + // currentRevision is the generation of the most recently successful deployment. + // Can not be set on creation of a nodeStatus. Updates must only increase the value. // +kubebuilder:validation:XValidation:rule="self >= oldSelf",message="must only increase" - CurrentRevision int32 `json:"currentRevision"` - // targetRevision is the generation of the deployment we're trying to apply + // +optional + CurrentRevision int32 `json:"currentRevision,omitempty"` + // targetRevision is the generation of the deployment we're trying to apply. + // Can not be set on creation of a nodeStatus. + // +optional TargetRevision int32 `json:"targetRevision,omitempty"` // lastFailedRevision is the generation of the deployment we tried and failed to deploy. diff --git a/vendor/github.com/openshift/api/operator/v1/types_console.go b/vendor/github.com/openshift/api/operator/v1/types_console.go index 68d9daa45..c2f25e4e6 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_console.go +++ b/vendor/github.com/openshift/api/operator/v1/types_console.go @@ -143,8 +143,141 @@ type Capability struct { Visibility CapabilityVisibility `json:"visibility"` } +// ThemeMode is the value of the logo theme mode that determines the theme mode in the console UI. +// +kubebuilder:validation:Enum="Dark";"Light" +// +enum +type ThemeMode string + +// ThemeMode values +const ( + // ThemeModeDark represents the dark mode for a console theme. + ThemeModeDark ThemeMode = "Dark" + + // ThemeModeLight represents the light mode for a console theme. + ThemeModeLight ThemeMode = "Light" +) + +// LogoType is the value of the logo type that determines if the logo is for the masthead or the favicon in the console UI. +// The masthead logo is displayed in the masthead and about modal of the console UI. +// +kubebuilder:validation:Enum="Masthead";"Favicon" +// +enum +type LogoType string + +const ( + // Masthead represents the logo in the masthead. + LogoTypeMasthead LogoType = "Masthead" + + // Favicon represents the favicon logo. + LogoTypeFavicon LogoType = "Favicon" +) + +// SourceType defines the source type of the file reference. +// +kubebuilder:validation:Enum="ConfigMap" +// +enum +type SourceType string + +const ( + // SourceTypeConfigMap represents a ConfigMap source. + SourceTypeConfigMap SourceType = "ConfigMap" +) + +// ConfigMapFileReference references a specific file within a ConfigMap. +type ConfigMapFileReference struct { + // name is the name of the ConfigMap. + // name is a required field. + // Must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character. + // Must be at most 253 characters in length. + // +kubebuilder:validation:MaxLength=253 + // +kubebuilder:validation:XValidation:rule="!format.dns1123Subdomain().validate(self).hasValue()",message="a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character." + // +required + Name string `json:"name"` + + // key is the logo key inside the referenced ConfigMap. + // Must consist only of alphanumeric characters, dashes (-), underscores (_), and periods (.). + // Must be at most 253 characters in length. + // Must end in a valid file extension. + // A valid file extension must consist of a period followed by 2 to 5 alpha characters. + // +kubebuilder:validation:MaxLength=253 + // +kubebuilder:validation:XValidation:rule="self.matches('^[a-zA-Z0-9._-]+$')",message="The ConfigMap key must consist only of alphanumeric characters, dashes (-), underscores (_), and periods (.)." + // +kubebuilder:validation:XValidation:rule="self.matches('.*\\\\.[a-zA-Z]{2,5}$')",message="The ConfigMap key must end with a valid file extension (2 to 5 letters)." + // +required + Key string `json:"key"` +} +// FileReferenceSource is used by the console to locate the specified file containing a custom logo. +// +kubebuilder:validation:XValidation:rule="has(self.from) && self.from == 'ConfigMap' ? has(self.configMap) : !has(self.configMap)",message="configMap is required when from is 'ConfigMap', and forbidden otherwise." +type FileReferenceSource struct { + // from is a required field to specify the source type of the file reference. + // Allowed values are ConfigMap. + // When set to ConfigMap, the file will be sourced from a ConfigMap in the openshift-config namespace. The configMap field must be set when from is set to ConfigMap. + // +required + From SourceType `json:"from"` + + // configMap specifies the ConfigMap sourcing details such as the name of the ConfigMap and the key for the file. + // The ConfigMap must exist in the openshift-config namespace. + // Required when from is "ConfigMap", and forbidden otherwise. + // +optional + ConfigMap *ConfigMapFileReference `json:"configMap"` +} + +// Theme defines a theme mode for the console UI. +type Theme struct { + // mode is used to specify what theme mode a logo will apply to in the console UI. + // mode is a required field that allows values of Dark and Light. + // When set to Dark, the logo file referenced in the 'file' field will be used when an end-user of the console UI enables the Dark mode. + // When set to Light, the logo file referenced in the 'file' field will be used when an end-user of the console UI enables the Light mode. + // +required + Mode ThemeMode `json:"mode"` + + // source is used by the console to locate the specified file containing a custom logo. + // source is a required field that references a ConfigMap name and key that contains the custom logo file in the openshift-config namespace. + // You can create it with a command like: + // - 'oc create configmap custom-logos-config --namespace=openshift-config --from-file=/path/to/file' + // The ConfigMap key must include the file extension so that the console serves the file with the correct MIME type. + // The recommended file format for the Masthead and Favicon logos is SVG, but other file formats are allowed if supported by the browser. + // The logo image size must be less than 1 MB due to constraints on the ConfigMap size. + // For more information, see the documentation: https://docs.redhat.com/en/documentation/openshift_container_platform/4.19/html/web_console/customizing-web-console#customizing-web-console + // +required + Source FileReferenceSource `json:"source"` +} + +// Logo defines a configuration based on theme modes for the console UI logo. +type Logo struct { + // type specifies the type of the logo for the console UI. It determines whether the logo is for the masthead or favicon. + // type is a required field that allows values of Masthead and Favicon. + // When set to "Masthead", the logo will be used in the masthead and about modal of the console UI. + // When set to "Favicon", the logo will be used as the favicon of the console UI. + // +required + Type LogoType `json:"type"` + + // themes specifies the themes for the console UI logo. + // themes is a required field that allows a list of themes. Each item in the themes list must have a unique mode and a source field. + // Each mode determines whether the logo is for the dark or light mode of the console UI. + // If a theme is not specified, the default OpenShift logo will be displayed for that theme. + // There must be at least one entry and no more than 2 entries. + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=2 + // +listType=map + // +listMapKey=mode + // +required + Themes []Theme `json:"themes"` +} + // ConsoleCustomization defines a list of optional configuration for the console UI. +// Ensure that Logos and CustomLogoFile cannot be set at the same time. +// +kubebuilder:validation:XValidation:rule="!(has(self.logos) && has(self.customLogoFile))",message="Only one of logos or customLogoFile can be set." type ConsoleCustomization struct { + // logos is used to replace the OpenShift Masthead and Favicon logos in the console UI with custom logos. + // logos is an optional field that allows a list of logos. + // Only one of logos or customLogoFile can be set at a time. + // If logos is set, customLogoFile must be unset. + // When specified, there must be at least one entry and no more than 2 entries. + // Each type must appear only once in the list. + // +kubebuilder:validation:MaxItems=2 + // +listType=map + // +listMapKey=type + // +optional + Logos []Logo `json:"logos"` + // capabilities defines an array of capabilities that can be interacted with in the console UI. // Each capability defines a visual state that can be interacted with the console to render in the UI. // Available capabilities are LightspeedButton and GettingStartedBanner. @@ -172,14 +305,14 @@ type ConsoleCustomization struct { // +optional CustomProductName string `json:"customProductName,omitempty"` // customLogoFile replaces the default OpenShift logo in the masthead and about dialog. It is a reference to a + // Only one of customLogoFile or logos can be set at a time. // ConfigMap in the openshift-config namespace. This can be created with a command like // 'oc create configmap custom-logo --from-file=/path/to/file -n openshift-config'. // Image size must be less than 1 MB due to constraints on the ConfigMap size. // The ConfigMap key should include a file extension so that the console serves the file // with the correct MIME type. - // Recommended logo specifications: - // Dimensions: Max height of 68px and max width of 200px - // SVG format preferred + // The recommended file format for the logo is SVG, but other file formats are allowed if supported by the browser. + // Deprecated: Use logos instead. // +optional CustomLogoFile configv1.ConfigMapFileReference `json:"customLogoFile,omitempty"` // developerCatalog allows to configure the shown developer catalog categories (filters) and types (sub-catalogs). diff --git a/vendor/github.com/openshift/api/operator/v1/types_csi_cluster_driver.go b/vendor/github.com/openshift/api/operator/v1/types_csi_cluster_driver.go index 731323750..b25133a42 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_csi_cluster_driver.go +++ b/vendor/github.com/openshift/api/operator/v1/types_csi_cluster_driver.go @@ -369,6 +369,21 @@ type VSphereCSIDriverConfigSpec struct { // +openshift:enable:FeatureGate=VSphereDriverConfiguration // +optional GranularMaxSnapshotsPerBlockVolumeInVVOL *uint32 `json:"granularMaxSnapshotsPerBlockVolumeInVVOL,omitempty"` + + // maxAllowedBlockVolumesPerNode is an optional configuration parameter that allows setting a custom value for the + // limit of the number of PersistentVolumes attached to a node. In vSphere version 7 this limit was set to 59 by + // default, however in vSphere version 8 this limit was increased to 255. + // Before increasing this value above 59 the cluster administrator needs to ensure that every node forming the + // cluster is updated to ESXi version 8 or higher and that all nodes are running the same version. + // The limit must be between 1 and 255, which matches the vSphere version 8 maximum. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to + // change over time. + // The current default is 59, which matches the limit for vSphere version 7. + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=255 + // +openshift:enable:FeatureGate=VSphereConfigurableMaxAllowedBlockVolumesPerNode + // +optional + MaxAllowedBlockVolumesPerNode int32 `json:"maxAllowedBlockVolumesPerNode,omitempty"` } // ClusterCSIDriverStatus is the observed status of CSI driver operator diff --git a/vendor/github.com/openshift/api/operator/v1/types_machineconfiguration.go b/vendor/github.com/openshift/api/operator/v1/types_machineconfiguration.go index 88b89f818..4c53734d8 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_machineconfiguration.go +++ b/vendor/github.com/openshift/api/operator/v1/types_machineconfiguration.go @@ -41,8 +41,10 @@ type MachineConfigurationSpec struct { // managedBootImages allows configuration for the management of boot images for machine // resources within the cluster. This configuration allows users to select resources that should // be updated to the latest boot images during cluster upgrades, ensuring that new machines - // always boot with the current cluster version's boot image. When omitted, no boot images - // will be updated. + // always boot with the current cluster version's boot image. When omitted, this means no opinion + // and the platform is left to choose a reasonable default, which is subject to change over time. + // The default for each machine manager mode is All for GCP and AWS platforms, and None for all + // other platforms. // +openshift:enable:FeatureGate=ManagedBootImages // +optional ManagedBootImages ManagedBootImages `json:"managedBootImages"` @@ -62,11 +64,10 @@ type MachineConfigurationStatus struct { ObservedGeneration int64 `json:"observedGeneration,omitempty"` // conditions is a list of conditions and their status - // +patchMergeKey=type - // +patchStrategy=merge // +listType=map // +listMapKey=type - Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"` + // +optional + Conditions []metav1.Condition `json:"conditions,omitempty"` // Previously there was a StaticPodOperatorStatus here for legacy reasons. Many of the fields within // it are no longer relevant for the MachineConfiguration CRD's functions. The following remainder @@ -96,6 +97,12 @@ type MachineConfigurationStatus struct { // +openshift:enable:FeatureGate=NodeDisruptionPolicy // +optional NodeDisruptionPolicyStatus NodeDisruptionPolicyStatus `json:"nodeDisruptionPolicyStatus"` + + // managedBootImagesStatus reflects what the latest cluster-validated boot image configuration is + // and will be used by Machine Config Controller while performing boot image updates. + // +openshift:enable:FeatureGate=ManagedBootImages + // +optional + ManagedBootImagesStatus ManagedBootImages `json:"managedBootImagesStatus"` } // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object @@ -122,6 +129,7 @@ type ManagedBootImages struct { // +listType=map // +listMapKey=resource // +listMapKey=apiGroup + // +kubebuilder:validation:MaxItems=5 MachineManagers []MachineManager `json:"machineManagers"` } @@ -152,6 +160,7 @@ type MachineManagerSelector struct { // Valid values are All and Partial. // All means that every resource matched by the machine manager will be updated. // Partial requires specified selector(s) and allows customisation of which resources matched by the machine manager will be updated. + // None means that every resource matched by the machine manager will not be updated. // +unionDiscriminator // +required Mode MachineManagerSelectorMode `json:"mode"` @@ -170,7 +179,7 @@ type PartialSelector struct { } // MachineManagerSelectorMode is a string enum used in the MachineManagerSelector union discriminator. -// +kubebuilder:validation:Enum:="All";"Partial" +// +kubebuilder:validation:Enum:="All";"Partial";"None" type MachineManagerSelectorMode string const ( @@ -180,6 +189,9 @@ const ( // Partial represents a configuration mode that will register resources specified by the parent MachineManager only // if they match with the label selector. Partial MachineManagerSelectorMode = "Partial" + + // None represents a configuration mode that excludes all resources specified by the parent MachineManager from boot image updates. + None MachineManagerSelectorMode = "None" ) // MachineManagerManagedResourceType is a string enum used in the MachineManager type to describe the resource diff --git a/vendor/github.com/openshift/api/operator/v1/types_network.go b/vendor/github.com/openshift/api/operator/v1/types_network.go index b4b0a6d6d..713939ddb 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_network.go +++ b/vendor/github.com/openshift/api/operator/v1/types_network.go @@ -79,9 +79,10 @@ type NetworkSpec struct { // +listMapKey=name AdditionalNetworks []AdditionalNetworkDefinition `json:"additionalNetworks,omitempty"` - // disableMultiNetwork specifies whether or not multiple pod network - // support should be disabled. If unset, this property defaults to - // 'false' and multiple network support is enabled. + // disableMultiNetwork defaults to 'false' and this setting enables the pod multi-networking capability. + // disableMultiNetwork when set to 'true' at cluster install time does not install the components, typically the Multus CNI and the network-attachment-definition CRD, + // that enable the pod multi-networking capability. Setting the parameter to 'true' might be useful when you need install third-party CNI plugins, + // but these plugins are not supported by Red Hat. Changing the parameter value as a postinstallation cluster task has no effect. DisableMultiNetwork *bool `json:"disableMultiNetwork,omitempty"` // useMultiNetworkPolicy enables a controller which allows for @@ -440,7 +441,7 @@ type OVNKubernetesConfig struct { // any other subnet being used by OpenShift or by the node network. The size of the // subnet must be larger than the number of nodes. The value cannot be changed // after installation. - // Default is fd98::/48 + // Default is fd98::/64 // +optional V6InternalSubnet string `json:"v6InternalSubnet,omitempty"` // egressIPConfig holds the configuration for EgressIP options. @@ -529,7 +530,7 @@ type IPv6OVNKubernetesConfig struct { // subnet must be larger than the number of nodes. The value cannot be changed // after installation. // The subnet must be large enough to accomadate one IP per node in your cluster - // The current default value is fd98::/48 + // The current default value is fd98::/64 // The value must be in proper IPV6 CIDR format // Note that IPV6 dual addresses are not permitted // +kubebuilder:validation:MaxLength=48 @@ -579,8 +580,6 @@ type Encapsulation string const ( // EncapsulationAlways always enable UDP encapsulation regardless of whether NAT is detected. EncapsulationAlways = "Always" - // EncapsulationNever never enable UDP encapsulation even if NAT is present. - EncapsulationNever = "Never" // EncapsulationAuto enable UDP encapsulation based on the detection of NAT. EncapsulationAuto = "Auto" ) @@ -591,13 +590,12 @@ type IPsecFullModeConfig struct { // encapsulation option to configure libreswan on how inter-pod traffic across nodes // are encapsulated to handle NAT traversal. When configured it uses UDP port 4500 // for the encapsulation. - // Valid values are Always, Never, Auto and omitted. + // Valid values are Always, Auto and omitted. // Always means enable UDP encapsulation regardless of whether NAT is detected. - // Disable means never enable UDP encapsulation even if NAT is present. // Auto means enable UDP encapsulation based on the detection of NAT. // When omitted, this means no opinion and the platform is left to choose a reasonable // default, which is subject to change over time. The current default is Auto. - // +kubebuilder:validation:Enum:=Always;Never;Auto + // +kubebuilder:validation:Enum:=Always;Auto // +optional Encapsulation Encapsulation `json:"encapsulation,omitempty"` } diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go index 700ae5e69..1257a66e7 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go @@ -849,6 +849,22 @@ func (in *ConfigList) DeepCopyObject() runtime.Object { return nil } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ConfigMapFileReference) DeepCopyInto(out *ConfigMapFileReference) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConfigMapFileReference. +func (in *ConfigMapFileReference) DeepCopy() *ConfigMapFileReference { + if in == nil { + return nil + } + out := new(ConfigMapFileReference) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ConfigSpec) DeepCopyInto(out *ConfigSpec) { *out = *in @@ -931,6 +947,13 @@ func (in *ConsoleConfigRoute) DeepCopy() *ConsoleConfigRoute { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ConsoleCustomization) DeepCopyInto(out *ConsoleCustomization) { *out = *in + if in.Logos != nil { + in, out := &in.Logos, &out.Logos + *out = make([]Logo, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.Capabilities != nil { in, out := &in.Capabilities, &out.Capabilities *out = make([]Capability, len(*in)) @@ -1598,6 +1621,27 @@ func (in *FeaturesMigration) DeepCopy() *FeaturesMigration { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *FileReferenceSource) DeepCopyInto(out *FileReferenceSource) { + *out = *in + if in.ConfigMap != nil { + in, out := &in.ConfigMap, &out.ConfigMap + *out = new(ConfigMapFileReference) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FileReferenceSource. +func (in *FileReferenceSource) DeepCopy() *FileReferenceSource { + if in == nil { + return nil + } + out := new(FileReferenceSource) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ForwardPlugin) DeepCopyInto(out *ForwardPlugin) { *out = *in @@ -3035,6 +3079,29 @@ func (in *LoggingDestination) DeepCopy() *LoggingDestination { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Logo) DeepCopyInto(out *Logo) { + *out = *in + if in.Themes != nil { + in, out := &in.Themes, &out.Themes + *out = make([]Theme, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Logo. +func (in *Logo) DeepCopy() *Logo { + if in == nil { + return nil + } + out := new(Logo) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *MTUMigration) DeepCopyInto(out *MTUMigration) { *out = *in @@ -3178,6 +3245,7 @@ func (in *MachineConfigurationStatus) DeepCopyInto(out *MachineConfigurationStat } } in.NodeDisruptionPolicyStatus.DeepCopyInto(&out.NodeDisruptionPolicyStatus) + in.ManagedBootImagesStatus.DeepCopyInto(&out.ManagedBootImagesStatus) return } @@ -5276,6 +5344,23 @@ func (in *SyslogLoggingDestinationParameters) DeepCopy() *SyslogLoggingDestinati return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Theme) DeepCopyInto(out *Theme) { + *out = *in + in.Source.DeepCopyInto(&out.Source) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Theme. +func (in *Theme) DeepCopy() *Theme { + if in == nil { + return nil + } + out := new(Theme) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Upstream) DeepCopyInto(out *Upstream) { *out = *in diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.featuregated-crd-manifests.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.featuregated-crd-manifests.yaml index 6d4e3cf23..81f2a87a9 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.featuregated-crd-manifests.yaml +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.featuregated-crd-manifests.yaml @@ -70,6 +70,7 @@ clustercsidrivers.operator.openshift.io: Category: "" FeatureGates: - AWSEFSDriverVolumeMetrics + - VSphereConfigurableMaxAllowedBlockVolumesPerNode - VSphereDriverConfiguration FilenameOperatorName: csi-driver FilenameOperatorOrdering: "01" diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go index 93eca5730..a0fa4fe47 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go @@ -37,8 +37,8 @@ func (MyOperatorResource) SwaggerDoc() map[string]string { var map_NodeStatus = map[string]string{ "": "NodeStatus provides information about the current state of a particular node managed by this operator.", "nodeName": "nodeName is the name of the node", - "currentRevision": "currentRevision is the generation of the most recently successful deployment", - "targetRevision": "targetRevision is the generation of the deployment we're trying to apply", + "currentRevision": "currentRevision is the generation of the most recently successful deployment. Can not be set on creation of a nodeStatus. Updates must only increase the value.", + "targetRevision": "targetRevision is the generation of the deployment we're trying to apply. Can not be set on creation of a nodeStatus.", "lastFailedRevision": "lastFailedRevision is the generation of the deployment we tried and failed to deploy.", "lastFailedTime": "lastFailedTime is the time the last failed revision failed the last time.", "lastFailedReason": "lastFailedReason is a machine readable failure reason string.", @@ -227,6 +227,16 @@ func (CapabilityVisibility) SwaggerDoc() map[string]string { return map_CapabilityVisibility } +var map_ConfigMapFileReference = map[string]string{ + "": "ConfigMapFileReference references a specific file within a ConfigMap.", + "name": "name is the name of the ConfigMap. name is a required field. Must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character. Must be at most 253 characters in length.", + "key": "key is the logo key inside the referenced ConfigMap. Must consist only of alphanumeric characters, dashes (-), underscores (_), and periods (.). Must be at most 253 characters in length. Must end in a valid file extension. A valid file extension must consist of a period followed by 2 to 5 alpha characters.", +} + +func (ConfigMapFileReference) SwaggerDoc() map[string]string { + return map_ConfigMapFileReference +} + var map_Console = map[string]string{ "": "Console provides a means to configure an operator to manage the console.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", @@ -247,12 +257,13 @@ func (ConsoleConfigRoute) SwaggerDoc() map[string]string { } var map_ConsoleCustomization = map[string]string{ - "": "ConsoleCustomization defines a list of optional configuration for the console UI.", + "": "ConsoleCustomization defines a list of optional configuration for the console UI. Ensure that Logos and CustomLogoFile cannot be set at the same time.", + "logos": "logos is used to replace the OpenShift Masthead and Favicon logos in the console UI with custom logos. logos is an optional field that allows a list of logos. Only one of logos or customLogoFile can be set at a time. If logos is set, customLogoFile must be unset. When specified, there must be at least one entry and no more than 2 entries. Each type must appear only once in the list.", "capabilities": "capabilities defines an array of capabilities that can be interacted with in the console UI. Each capability defines a visual state that can be interacted with the console to render in the UI. Available capabilities are LightspeedButton and GettingStartedBanner. Each of the available capabilities may appear only once in the list.", "brand": "brand is the default branding of the web console which can be overridden by providing the brand field. There is a limited set of specific brand options. This field controls elements of the console such as the logo. Invalid value will prevent a console rollout.", "documentationBaseURL": "documentationBaseURL links to external documentation are shown in various sections of the web console. Providing documentationBaseURL will override the default documentation URL. Invalid value will prevent a console rollout.", "customProductName": "customProductName is the name that will be displayed in page titles, logo alt text, and the about dialog instead of the normal OpenShift product name.", - "customLogoFile": "customLogoFile replaces the default OpenShift logo in the masthead and about dialog. It is a reference to a ConfigMap in the openshift-config namespace. This can be created with a command like 'oc create configmap custom-logo --from-file=/path/to/file -n openshift-config'. Image size must be less than 1 MB due to constraints on the ConfigMap size. The ConfigMap key should include a file extension so that the console serves the file with the correct MIME type. Recommended logo specifications: Dimensions: Max height of 68px and max width of 200px SVG format preferred", + "customLogoFile": "customLogoFile replaces the default OpenShift logo in the masthead and about dialog. It is a reference to a Only one of customLogoFile or logos can be set at a time. ConfigMap in the openshift-config namespace. This can be created with a command like 'oc create configmap custom-logo --from-file=/path/to/file -n openshift-config'. Image size must be less than 1 MB due to constraints on the ConfigMap size. The ConfigMap key should include a file extension so that the console serves the file with the correct MIME type. The recommended file format for the logo is SVG, but other file formats are allowed if supported by the browser. Deprecated: Use logos instead.", "developerCatalog": "developerCatalog allows to configure the shown developer catalog categories (filters) and types (sub-catalogs).", "projectAccess": "projectAccess allows customizing the available list of ClusterRoles in the Developer perspective Project access page which can be used by a project admin to specify roles to other users and restrict access within the project. If set, the list will replace the default ClusterRole options.", "quickStarts": "quickStarts allows customization of available ConsoleQuickStart resources in console.", @@ -344,6 +355,16 @@ func (DeveloperConsoleCatalogTypes) SwaggerDoc() map[string]string { return map_DeveloperConsoleCatalogTypes } +var map_FileReferenceSource = map[string]string{ + "": "FileReferenceSource is used by the console to locate the specified file containing a custom logo.", + "from": "from is a required field to specify the source type of the file reference. Allowed values are ConfigMap. When set to ConfigMap, the file will be sourced from a ConfigMap in the openshift-config namespace. The configMap field must be set when from is set to ConfigMap.", + "configMap": "configMap specifies the ConfigMap sourcing details such as the name of the ConfigMap and the key for the file. The ConfigMap must exist in the openshift-config namespace. Required when from is \"ConfigMap\", and forbidden otherwise.", +} + +func (FileReferenceSource) SwaggerDoc() map[string]string { + return map_FileReferenceSource +} + var map_Ingress = map[string]string{ "": "Ingress allows cluster admin to configure alternative ingress for the console.", "consoleURL": "consoleURL is a URL to be used as the base console address. If not specified, the console route hostname will be used. This field is required for clusters without ingress capability, where access to routes is not possible. Make sure that appropriate ingress is set up at this URL. The console operator will monitor the URL and may go degraded if it's unreachable for an extended period. Must use the HTTPS scheme.", @@ -354,6 +375,16 @@ func (Ingress) SwaggerDoc() map[string]string { return map_Ingress } +var map_Logo = map[string]string{ + "": "Logo defines a configuration based on theme modes for the console UI logo.", + "type": "type specifies the type of the logo for the console UI. It determines whether the logo is for the masthead or favicon. type is a required field that allows values of Masthead and Favicon. When set to \"Masthead\", the logo will be used in the masthead and about modal of the console UI. When set to \"Favicon\", the logo will be used as the favicon of the console UI.", + "themes": "themes specifies the themes for the console UI logo. themes is a required field that allows a list of themes. Each item in the themes list must have a unique mode and a source field. Each mode determines whether the logo is for the dark or light mode of the console UI. If a theme is not specified, the default OpenShift logo will be displayed for that theme. There must be at least one entry and no more than 2 entries.", +} + +func (Logo) SwaggerDoc() map[string]string { + return map_Logo +} + var map_Perspective = map[string]string{ "": "Perspective defines a perspective that cluster admins want to show/hide in the perspective switcher dropdown", "id": "id defines the id of the perspective. Example: \"dev\", \"admin\". The available perspective ids can be found in the code snippet section next to the yaml editor. Incorrect or unknown ids will be ignored.", @@ -423,6 +454,16 @@ func (StatuspageProvider) SwaggerDoc() map[string]string { return map_StatuspageProvider } +var map_Theme = map[string]string{ + "": "Theme defines a theme mode for the console UI.", + "mode": "mode is used to specify what theme mode a logo will apply to in the console UI. mode is a required field that allows values of Dark and Light. When set to Dark, the logo file referenced in the 'file' field will be used when an end-user of the console UI enables the Dark mode. When set to Light, the logo file referenced in the 'file' field will be used when an end-user of the console UI enables the Light mode.", + "source": "source is used by the console to locate the specified file containing a custom logo. source is a required field that references a ConfigMap name and key that contains the custom logo file in the openshift-config namespace. You can create it with a command like: - 'oc create configmap custom-logos-config --namespace=openshift-config --from-file=/path/to/file' The ConfigMap key must include the file extension so that the console serves the file with the correct MIME type. The recommended file format for the Masthead and Favicon logos is SVG, but other file formats are allowed if supported by the browser. The logo image size must be less than 1 MB due to constraints on the ConfigMap size. For more information, see the documentation: https://docs.redhat.com/en/documentation/openshift_container_platform/4.19/html/web_console/customizing-web-console#customizing-web-console", +} + +func (Theme) SwaggerDoc() map[string]string { + return map_Theme +} + var map_AWSCSIDriverConfigSpec = map[string]string{ "": "AWSCSIDriverConfigSpec defines properties that can be configured for the AWS CSI driver.", "kmsKeyARN": "kmsKeyARN sets the cluster default storage class to encrypt volumes with a user-defined KMS key, rather than the default KMS key used by AWS. The value may be either the ARN or Alias ARN of a KMS key.", @@ -561,6 +602,7 @@ var map_VSphereCSIDriverConfigSpec = map[string]string{ "globalMaxSnapshotsPerBlockVolume": "globalMaxSnapshotsPerBlockVolume is a global configuration parameter that applies to volumes on all kinds of datastores. If omitted, the platform chooses a default, which is subject to change over time, currently that default is 3. Snapshots can not be disabled using this parameter. Increasing number of snapshots above 3 can have negative impact on performance, for more details see: https://kb.vmware.com/s/article/1025279 Volume snapshot documentation: https://docs.vmware.com/en/VMware-vSphere-Container-Storage-Plug-in/3.0/vmware-vsphere-csp-getting-started/GUID-E0B41C69-7EEB-450F-A73D-5FD2FF39E891.html", "granularMaxSnapshotsPerBlockVolumeInVSAN": "granularMaxSnapshotsPerBlockVolumeInVSAN is a granular configuration parameter on vSAN datastore only. It overrides GlobalMaxSnapshotsPerBlockVolume if set, while it falls back to the global constraint if unset. Snapshots for VSAN can not be disabled using this parameter.", "granularMaxSnapshotsPerBlockVolumeInVVOL": "granularMaxSnapshotsPerBlockVolumeInVVOL is a granular configuration parameter on Virtual Volumes datastore only. It overrides GlobalMaxSnapshotsPerBlockVolume if set, while it falls back to the global constraint if unset. Snapshots for VVOL can not be disabled using this parameter.", + "maxAllowedBlockVolumesPerNode": "maxAllowedBlockVolumesPerNode is an optional configuration parameter that allows setting a custom value for the limit of the number of PersistentVolumes attached to a node. In vSphere version 7 this limit was set to 59 by default, however in vSphere version 8 this limit was increased to 255. Before increasing this value above 59 the cluster administrator needs to ensure that every node forming the cluster is updated to ESXi version 8 or higher and that all nodes are running the same version. The limit must be between 1 and 255, which matches the vSphere version 8 maximum. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is 59, which matches the limit for vSphere version 7.", } func (VSphereCSIDriverConfigSpec) SwaggerDoc() map[string]string { @@ -1359,7 +1401,7 @@ func (MachineConfigurationList) SwaggerDoc() map[string]string { } var map_MachineConfigurationSpec = map[string]string{ - "managedBootImages": "managedBootImages allows configuration for the management of boot images for machine resources within the cluster. This configuration allows users to select resources that should be updated to the latest boot images during cluster upgrades, ensuring that new machines always boot with the current cluster version's boot image. When omitted, no boot images will be updated.", + "managedBootImages": "managedBootImages allows configuration for the management of boot images for machine resources within the cluster. This configuration allows users to select resources that should be updated to the latest boot images during cluster upgrades, ensuring that new machines always boot with the current cluster version's boot image. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default for each machine manager mode is All for GCP and AWS platforms, and None for all other platforms.", "nodeDisruptionPolicy": "nodeDisruptionPolicy allows an admin to set granular node disruption actions for MachineConfig-based updates, such as drains, service reloads, etc. Specifying this will allow for less downtime when doing small configuration updates to the cluster. This configuration has no effect on cluster upgrades which will still incur node disruption where required.", } @@ -1371,6 +1413,7 @@ var map_MachineConfigurationStatus = map[string]string{ "observedGeneration": "observedGeneration is the last generation change you've dealt with", "conditions": "conditions is a list of conditions and their status", "nodeDisruptionPolicyStatus": "nodeDisruptionPolicyStatus status reflects what the latest cluster-validated policies are, and will be used by the Machine Config Daemon during future node updates.", + "managedBootImagesStatus": "managedBootImagesStatus reflects what the latest cluster-validated boot image configuration is and will be used by Machine Config Controller while performing boot image updates.", } func (MachineConfigurationStatus) SwaggerDoc() map[string]string { @@ -1389,7 +1432,7 @@ func (MachineManager) SwaggerDoc() map[string]string { } var map_MachineManagerSelector = map[string]string{ - "mode": "mode determines how machine managers will be selected for updates. Valid values are All and Partial. All means that every resource matched by the machine manager will be updated. Partial requires specified selector(s) and allows customisation of which resources matched by the machine manager will be updated.", + "mode": "mode determines how machine managers will be selected for updates. Valid values are All and Partial. All means that every resource matched by the machine manager will be updated. Partial requires specified selector(s) and allows customisation of which resources matched by the machine manager will be updated. None means that every resource matched by the machine manager will not be updated.", "partial": "partial provides label selector(s) that can be used to match machine management resources. Only permitted when mode is set to \"Partial\".", } @@ -1660,7 +1703,7 @@ func (IPsecConfig) SwaggerDoc() map[string]string { var map_IPsecFullModeConfig = map[string]string{ "": "IPsecFullModeConfig defines configuration parameters for the IPsec `Full` mode.", - "encapsulation": "encapsulation option to configure libreswan on how inter-pod traffic across nodes are encapsulated to handle NAT traversal. When configured it uses UDP port 4500 for the encapsulation. Valid values are Always, Never, Auto and omitted. Always means enable UDP encapsulation regardless of whether NAT is detected. Disable means never enable UDP encapsulation even if NAT is present. Auto means enable UDP encapsulation based on the detection of NAT. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is Auto.", + "encapsulation": "encapsulation option to configure libreswan on how inter-pod traffic across nodes are encapsulated to handle NAT traversal. When configured it uses UDP port 4500 for the encapsulation. Valid values are Always, Auto and omitted. Always means enable UDP encapsulation regardless of whether NAT is detected. Auto means enable UDP encapsulation based on the detection of NAT. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is Auto.", } func (IPsecFullModeConfig) SwaggerDoc() map[string]string { @@ -1696,7 +1739,7 @@ func (IPv6GatewayConfig) SwaggerDoc() map[string]string { var map_IPv6OVNKubernetesConfig = map[string]string{ "internalTransitSwitchSubnet": "internalTransitSwitchSubnet is a v4 subnet in IPV4 CIDR format used internally by OVN-Kubernetes for the distributed transit switch in the OVN Interconnect architecture that connects the cluster routers on each node together to enable east west traffic. The subnet chosen should not overlap with other networks specified for OVN-Kubernetes as well as other networks used on the host. The value cannot be changed after installation. When ommitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. The subnet must be large enough to accomadate one IP per node in your cluster The current default subnet is fd97::/64 The value must be in proper IPV6 CIDR format Note that IPV6 dual addresses are not permitted", - "internalJoinSubnet": "internalJoinSubnet is a v6 subnet used internally by ovn-kubernetes in case the default one is being already used by something else. It must not overlap with any other subnet being used by OpenShift or by the node network. The size of the subnet must be larger than the number of nodes. The value cannot be changed after installation. The subnet must be large enough to accomadate one IP per node in your cluster The current default value is fd98::/48 The value must be in proper IPV6 CIDR format Note that IPV6 dual addresses are not permitted", + "internalJoinSubnet": "internalJoinSubnet is a v6 subnet used internally by ovn-kubernetes in case the default one is being already used by something else. It must not overlap with any other subnet being used by OpenShift or by the node network. The size of the subnet must be larger than the number of nodes. The value cannot be changed after installation. The subnet must be large enough to accomadate one IP per node in your cluster The current default value is fd98::/64 The value must be in proper IPV6 CIDR format Note that IPV6 dual addresses are not permitted", } func (IPv6OVNKubernetesConfig) SwaggerDoc() map[string]string { @@ -1767,7 +1810,7 @@ var map_NetworkSpec = map[string]string{ "serviceNetwork": "serviceNetwork is the ip address pool to use for Service IPs Currently, all existing network providers only support a single value here, but this is an array to allow for growth.", "defaultNetwork": "defaultNetwork is the \"default\" network that all pods will receive", "additionalNetworks": "additionalNetworks is a list of extra networks to make available to pods when multiple networks are enabled.", - "disableMultiNetwork": "disableMultiNetwork specifies whether or not multiple pod network support should be disabled. If unset, this property defaults to 'false' and multiple network support is enabled.", + "disableMultiNetwork": "disableMultiNetwork defaults to 'false' and this setting enables the pod multi-networking capability. disableMultiNetwork when set to 'true' at cluster install time does not install the components, typically the Multus CNI and the network-attachment-definition CRD, that enable the pod multi-networking capability. Setting the parameter to 'true' might be useful when you need install third-party CNI plugins, but these plugins are not supported by Red Hat. Changing the parameter value as a postinstallation cluster task has no effect.", "useMultiNetworkPolicy": "useMultiNetworkPolicy enables a controller which allows for MultiNetworkPolicy objects to be used on additional networks as created by Multus CNI. MultiNetworkPolicy are similar to NetworkPolicy objects, but NetworkPolicy objects only apply to the primary interface. With MultiNetworkPolicy, you can control the traffic that a pod can receive over the secondary interfaces. If unset, this property defaults to 'false' and MultiNetworkPolicy objects are ignored. If 'disableMultiNetwork' is 'true' then the value of this field is ignored.", "deployKubeProxy": "deployKubeProxy specifies whether or not a standalone kube-proxy should be deployed by the operator. Some network providers include kube-proxy or similar functionality. If unset, the plugin will attempt to select the correct value, which is false when ovn-kubernetes is used and true otherwise.", "disableNetworkDiagnostics": "disableNetworkDiagnostics specifies whether or not PodNetworkConnectivityCheck CRs from a test pod to every node, apiserver and LB should be disabled or not. If unset, this property defaults to 'false' and network diagnostics is enabled. Setting this to 'true' would reduce the additional load of the pods performing the checks.", @@ -1798,7 +1841,7 @@ var map_OVNKubernetesConfig = map[string]string{ "policyAuditConfig": "policyAuditConfig is the configuration for network policy audit events. If unset, reported defaults are used.", "gatewayConfig": "gatewayConfig holds the configuration for node gateway options.", "v4InternalSubnet": "v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the default one is being already used by something else. It must not overlap with any other subnet being used by OpenShift or by the node network. The size of the subnet must be larger than the number of nodes. The value cannot be changed after installation. Default is 100.64.0.0/16", - "v6InternalSubnet": "v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the default one is being already used by something else. It must not overlap with any other subnet being used by OpenShift or by the node network. The size of the subnet must be larger than the number of nodes. The value cannot be changed after installation. Default is fd98::/48", + "v6InternalSubnet": "v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the default one is being already used by something else. It must not overlap with any other subnet being used by OpenShift or by the node network. The size of the subnet must be larger than the number of nodes. The value cannot be changed after installation. Default is fd98::/64", "egressIPConfig": "egressIPConfig holds the configuration for EgressIP options.", "ipv4": "ipv4 allows users to configure IP settings for IPv4 connections. When ommitted, this means no opinions and the default configuration is used. Check individual fields within ipv4 for details of default values.", "ipv6": "ipv6 allows users to configure IP settings for IPv6 connections. When ommitted, this means no opinions and the default configuration is used. Check individual fields within ipv4 for details of default values.", diff --git a/vendor/github.com/openshift/api/operator/v1alpha1/types_etcdbackup.go b/vendor/github.com/openshift/api/operator/v1alpha1/types_etcdbackup.go index 3c6f344b1..fe56b0eab 100644 --- a/vendor/github.com/openshift/api/operator/v1alpha1/types_etcdbackup.go +++ b/vendor/github.com/openshift/api/operator/v1alpha1/types_etcdbackup.go @@ -44,12 +44,10 @@ type EtcdBackupSpec struct { // +kubebuilder:validation:Optional type EtcdBackupStatus struct { // conditions provide details on the status of the etcd backup job. - // +patchMergeKey=type - // +patchStrategy=merge // +listType=map // +listMapKey=type // +optional - Conditions []metav1.Condition `json:"conditions" patchStrategy:"merge" patchMergeKey:"type"` + Conditions []metav1.Condition `json:"conditions,omitempty"` // backupJob is the reference to the Job that executes the backup. // Optional diff --git a/vendor/github.com/openshift/api/security/v1/consts.go b/vendor/github.com/openshift/api/security/v1/consts.go index 7e8adf6e6..92147d3c5 100644 --- a/vendor/github.com/openshift/api/security/v1/consts.go +++ b/vendor/github.com/openshift/api/security/v1/consts.go @@ -13,4 +13,9 @@ const ( // MinimallySufficientPodSecurityStandard indicates the PodSecurityStandard that matched the SCCs available to the users of the namespace. MinimallySufficientPodSecurityStandard = "security.openshift.io/MinimallySufficientPodSecurityStandard" + + // ValidatedSCCSubjectTypeAnnotation indicates the subject type that allowed the + // SCC admission. This can be used by controllers to detect potential issues + // between user-driven SCC usage and the ServiceAccount-driven SCC usage. + ValidatedSCCSubjectTypeAnnotation = "security.openshift.io/validated-scc-subject-type" ) diff --git a/vendor/github.com/openshift/library-go/pkg/crypto/crypto.go b/vendor/github.com/openshift/library-go/pkg/crypto/crypto.go index e6651fecc..d729e5e7e 100644 --- a/vendor/github.com/openshift/library-go/pkg/crypto/crypto.go +++ b/vendor/github.com/openshift/library-go/pkg/crypto/crypto.go @@ -110,15 +110,6 @@ func DefaultTLSVersion() uint16 { return tls.VersionTLS12 } -// ciphersTLS13 copies golang 1.13 implementation, where TLS1.3 suites are not -// configurable (cipherSuites field is ignored for TLS1.3 flows and all of the -// below three - and none other - are used) -var ciphersTLS13 = map[string]uint16{ - "TLS_AES_128_GCM_SHA256": tls.TLS_AES_128_GCM_SHA256, - "TLS_AES_256_GCM_SHA384": tls.TLS_AES_256_GCM_SHA384, - "TLS_CHACHA20_POLY1305_SHA256": tls.TLS_CHACHA20_POLY1305_SHA256, -} - var ciphers = map[string]uint16{ "TLS_RSA_WITH_RC4_128_SHA": tls.TLS_RSA_WITH_RC4_128_SHA, "TLS_RSA_WITH_3DES_EDE_CBC_SHA": tls.TLS_RSA_WITH_3DES_EDE_CBC_SHA, @@ -144,6 +135,9 @@ var ciphers = map[string]uint16{ "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305": tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256": tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256": tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, + "TLS_AES_128_GCM_SHA256": tls.TLS_AES_128_GCM_SHA256, + "TLS_AES_256_GCM_SHA384": tls.TLS_AES_256_GCM_SHA384, + "TLS_CHACHA20_POLY1305_SHA256": tls.TLS_CHACHA20_POLY1305_SHA256, } // openSSLToIANACiphersMap maps OpenSSL cipher suite names to IANA names @@ -223,10 +217,6 @@ func CipherSuite(cipherName string) (uint16, error) { return cipher, nil } - if _, ok := ciphersTLS13[cipherName]; ok { - return 0, fmt.Errorf("all golang TLSv1.3 ciphers are always used for TLSv1.3 flows") - } - return 0, fmt.Errorf("unknown cipher name %q", cipherName) } @@ -270,17 +260,20 @@ func DefaultCiphers() []uint16 { tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, // forbidden by http/2, not flagged by http2isBadCipher() in go1.8 tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, // forbidden by http/2 tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, // forbidden by http/2 - tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, // forbidden by http/2 - tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, // forbidden by http/2 - tls.TLS_RSA_WITH_AES_128_GCM_SHA256, // forbidden by http/2 - tls.TLS_RSA_WITH_AES_256_GCM_SHA384, // forbidden by http/2 + // tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, // forbidden by http/2 + // tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, // forbidden by http/2 + tls.TLS_RSA_WITH_AES_128_GCM_SHA256, // forbidden by http/2 + tls.TLS_RSA_WITH_AES_256_GCM_SHA384, // forbidden by http/2 // the next one is in the intermediate suite, but go1.8 http2isBadCipher() complains when it is included at the recommended index // because it comes after ciphers forbidden by the http/2 spec // tls.TLS_RSA_WITH_AES_128_CBC_SHA256, // tls.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, // forbidden by http/2, disabled to mitigate SWEET32 attack // tls.TLS_RSA_WITH_3DES_EDE_CBC_SHA, // forbidden by http/2, disabled to mitigate SWEET32 attack - tls.TLS_RSA_WITH_AES_128_CBC_SHA, // forbidden by http/2 - tls.TLS_RSA_WITH_AES_256_CBC_SHA, // forbidden by http/2 + // tls.TLS_RSA_WITH_AES_128_CBC_SHA, // forbidden by http/2 + // tls.TLS_RSA_WITH_AES_256_CBC_SHA, // forbidden by http/2 + tls.TLS_AES_128_GCM_SHA256, + tls.TLS_AES_256_GCM_SHA384, + tls.TLS_CHACHA20_POLY1305_SHA256, } } @@ -393,7 +386,7 @@ func GetTLSCertificateConfig(certFile, keyFile string) (*TLSCertificateConfig, e } certs, err := cert.ParseCertsPEM(certPEMBlock) if err != nil { - return nil, fmt.Errorf("Error reading %s: %s", certFile, err) + return nil, fmt.Errorf("error reading %s: %s", certFile, err) } keyPEMBlock, err := os.ReadFile(keyFile) @@ -419,7 +412,7 @@ func GetTLSCertificateConfigFromBytes(certBytes, keyBytes []byte) (*TLSCertifica certs, err := cert.ParseCertsPEM(certBytes) if err != nil { - return nil, fmt.Errorf("Error reading cert: %s", err) + return nil, fmt.Errorf("error reading cert: %s", err) } keyPairCert, err := tls.X509KeyPair(certBytes, keyBytes) @@ -432,8 +425,8 @@ func GetTLSCertificateConfigFromBytes(certBytes, keyBytes []byte) (*TLSCertifica } const ( - DefaultCertificateLifetimeInDays = 365 * 2 // 2 years - DefaultCACertificateLifetimeInDays = 365 * 5 // 5 years + DefaultCertificateLifetimeDuration = time.Hour * 24 * 365 * 2 // 2 years + DefaultCACertificateLifetimeDuration = time.Hour * 24 * 365 * 5 // 5 years // Default keys are 2048 bits keyBits = 2048 @@ -553,11 +546,11 @@ func randomSerialNumber() int64 { // EnsureCA returns a CA, whether it was created (as opposed to pre-existing), and any error // if serialFile is empty, a RandomSerialGenerator will be used -func EnsureCA(certFile, keyFile, serialFile, name string, expireDays int) (*CA, bool, error) { +func EnsureCA(certFile, keyFile, serialFile, name string, lifetime time.Duration) (*CA, bool, error) { if ca, err := GetCA(certFile, keyFile, serialFile); err == nil { return ca, false, err } - ca, err := MakeSelfSignedCA(certFile, keyFile, serialFile, name, expireDays) + ca, err := MakeSelfSignedCA(certFile, keyFile, serialFile, name, lifetime) return ca, true, err } @@ -597,10 +590,10 @@ func GetCAFromBytes(certBytes, keyBytes []byte) (*CA, error) { } // if serialFile is empty, a RandomSerialGenerator will be used -func MakeSelfSignedCA(certFile, keyFile, serialFile, name string, expireDays int) (*CA, error) { +func MakeSelfSignedCA(certFile, keyFile, serialFile, name string, lifetime time.Duration) (*CA, error) { klog.V(2).Infof("Generating new CA for %s cert, and key in %s, %s", name, certFile, keyFile) - caConfig, err := MakeSelfSignedCAConfig(name, expireDays) + caConfig, err := MakeSelfSignedCAConfig(name, lifetime) if err != nil { return nil, err } @@ -628,23 +621,21 @@ func MakeSelfSignedCA(certFile, keyFile, serialFile, name string, expireDays int }, nil } -func MakeSelfSignedCAConfig(name string, expireDays int) (*TLSCertificateConfig, error) { +func MakeSelfSignedCAConfig(name string, lifetime time.Duration) (*TLSCertificateConfig, error) { subject := pkix.Name{CommonName: name} - return MakeSelfSignedCAConfigForSubject(subject, expireDays) + return MakeSelfSignedCAConfigForSubject(subject, lifetime) } -func MakeSelfSignedCAConfigForSubject(subject pkix.Name, expireDays int) (*TLSCertificateConfig, error) { - var caLifetimeInDays = DefaultCACertificateLifetimeInDays - if expireDays > 0 { - caLifetimeInDays = expireDays +func MakeSelfSignedCAConfigForSubject(subject pkix.Name, lifetime time.Duration) (*TLSCertificateConfig, error) { + if lifetime <= 0 { + lifetime = DefaultCACertificateLifetimeDuration + fmt.Fprintf(os.Stderr, "Validity period of the certificate for %q is unset, resetting to %d years!\n", subject.CommonName, lifetime) } - if caLifetimeInDays > DefaultCACertificateLifetimeInDays { - warnAboutCertificateLifeTime(subject.CommonName, DefaultCACertificateLifetimeInDays) + if lifetime > DefaultCACertificateLifetimeDuration { + warnAboutCertificateLifeTime(subject.CommonName, DefaultCACertificateLifetimeDuration) } - - caLifetime := time.Duration(caLifetimeInDays) * 24 * time.Hour - return makeSelfSignedCAConfigForSubjectAndDuration(subject, time.Now, caLifetime) + return makeSelfSignedCAConfigForSubjectAndDuration(subject, time.Now, lifetime) } func MakeSelfSignedCAConfigForDuration(name string, caLifetime time.Duration) (*TLSCertificateConfig, error) { @@ -702,21 +693,21 @@ func MakeCAConfigForDuration(name string, caLifetime time.Duration, issuer *CA) // (as opposed to pre-existing), and any error that might occur during the subCA // creation. // If serialFile is an empty string, a RandomSerialGenerator will be used. -func (ca *CA) EnsureSubCA(certFile, keyFile, serialFile, name string, expireDays int) (*CA, bool, error) { +func (ca *CA) EnsureSubCA(certFile, keyFile, serialFile, name string, lifetime time.Duration) (*CA, bool, error) { if subCA, err := GetCA(certFile, keyFile, serialFile); err == nil { return subCA, false, err } - subCA, err := ca.MakeAndWriteSubCA(certFile, keyFile, serialFile, name, expireDays) + subCA, err := ca.MakeAndWriteSubCA(certFile, keyFile, serialFile, name, lifetime) return subCA, true, err } // MakeAndWriteSubCA returns a new sub-CA configuration. New cert/key pair is generated // while using this function. // If serialFile is an empty string, a RandomSerialGenerator will be used. -func (ca *CA) MakeAndWriteSubCA(certFile, keyFile, serialFile, name string, expireDays int) (*CA, error) { +func (ca *CA) MakeAndWriteSubCA(certFile, keyFile, serialFile, name string, lifetime time.Duration) (*CA, error) { klog.V(4).Infof("Generating sub-CA certificate in %s, key in %s, serial in %s", certFile, keyFile, serialFile) - subCAConfig, err := MakeCAConfigForDuration(name, time.Duration(expireDays)*time.Hour*24, ca) + subCAConfig, err := MakeCAConfigForDuration(name, lifetime, ca) if err != nil { return nil, err } @@ -746,10 +737,10 @@ func (ca *CA) MakeAndWriteSubCA(certFile, keyFile, serialFile, name string, expi }, nil } -func (ca *CA) EnsureServerCert(certFile, keyFile string, hostnames sets.Set[string], expireDays int) (*TLSCertificateConfig, bool, error) { +func (ca *CA) EnsureServerCert(certFile, keyFile string, hostnames sets.Set[string], lifetime time.Duration) (*TLSCertificateConfig, bool, error) { certConfig, err := GetServerCert(certFile, keyFile, hostnames) if err != nil { - certConfig, err = ca.MakeAndWriteServerCert(certFile, keyFile, hostnames, expireDays) + certConfig, err = ca.MakeAndWriteServerCert(certFile, keyFile, hostnames, lifetime) return certConfig, true, err } @@ -773,13 +764,13 @@ func GetServerCert(certFile, keyFile string, hostnames sets.Set[string]) (*TLSCe return server, nil } - return nil, fmt.Errorf("Existing server certificate in %s does not match required hostnames.", certFile) + return nil, fmt.Errorf("existing server certificate in %s does not match required hostnames", certFile) } -func (ca *CA) MakeAndWriteServerCert(certFile, keyFile string, hostnames sets.Set[string], expireDays int) (*TLSCertificateConfig, error) { +func (ca *CA) MakeAndWriteServerCert(certFile, keyFile string, hostnames sets.Set[string], lifetime time.Duration) (*TLSCertificateConfig, error) { klog.V(4).Infof("Generating server certificate in %s, key in %s", certFile, keyFile) - server, err := ca.MakeServerCert(hostnames, expireDays) + server, err := ca.MakeServerCert(hostnames, lifetime) if err != nil { return nil, err } @@ -793,11 +784,11 @@ func (ca *CA) MakeAndWriteServerCert(certFile, keyFile string, hostnames sets.Se // if the extension attempt failed. type CertificateExtensionFunc func(*x509.Certificate) error -func (ca *CA) MakeServerCert(hostnames sets.Set[string], expireDays int, fns ...CertificateExtensionFunc) (*TLSCertificateConfig, error) { +func (ca *CA) MakeServerCert(hostnames sets.Set[string], lifetime time.Duration, fns ...CertificateExtensionFunc) (*TLSCertificateConfig, error) { serverPublicKey, serverPrivateKey, publicKeyHash, _ := newKeyPairWithHash() authorityKeyId := ca.Config.Certs[0].SubjectKeyId subjectKeyId := publicKeyHash - serverTemplate := newServerCertificateTemplate(pkix.Name{CommonName: sets.List(hostnames)[0]}, sets.List(hostnames), expireDays, time.Now, authorityKeyId, subjectKeyId) + serverTemplate := newServerCertificateTemplate(pkix.Name{CommonName: sets.List(hostnames)[0]}, sets.List(hostnames), lifetime, time.Now, authorityKeyId, subjectKeyId) for _, fn := range fns { if err := fn(serverTemplate); err != nil { return nil, err @@ -835,10 +826,10 @@ func (ca *CA) MakeServerCertForDuration(hostnames sets.Set[string], lifetime tim return server, nil } -func (ca *CA) EnsureClientCertificate(certFile, keyFile string, u user.Info, expireDays int) (*TLSCertificateConfig, bool, error) { +func (ca *CA) EnsureClientCertificate(certFile, keyFile string, u user.Info, lifetime time.Duration) (*TLSCertificateConfig, bool, error) { certConfig, err := GetClientCertificate(certFile, keyFile, u) if err != nil { - certConfig, err = ca.MakeClientCertificate(certFile, keyFile, u, expireDays) + certConfig, err = ca.MakeClientCertificate(certFile, keyFile, u, lifetime) return certConfig, true, err // true indicates we wrote the files. } return certConfig, false, nil @@ -867,7 +858,7 @@ func subjectChanged(existing, expected pkix.Name) bool { !reflect.DeepEqual(existing.Organization, expected.Organization) } -func (ca *CA) MakeClientCertificate(certFile, keyFile string, u user.Info, expireDays int) (*TLSCertificateConfig, error) { +func (ca *CA) MakeClientCertificate(certFile, keyFile string, u user.Info, lifetime time.Duration) (*TLSCertificateConfig, error) { klog.V(4).Infof("Generating client cert in %s and key in %s", certFile, keyFile) // ensure parent dirs if err := os.MkdirAll(filepath.Dir(certFile), os.FileMode(0755)); err != nil { @@ -878,7 +869,7 @@ func (ca *CA) MakeClientCertificate(certFile, keyFile string, u user.Info, expir } clientPublicKey, clientPrivateKey, _ := NewKeyPair() - clientTemplate := NewClientCertificateTemplate(UserToSubject(u), expireDays, time.Now) + clientTemplate := NewClientCertificateTemplate(UserToSubject(u), lifetime, time.Now) clientCrt, err := ca.SignCertificate(clientTemplate, clientPublicKey) if err != nil { return nil, err @@ -1024,18 +1015,16 @@ func newSigningCertificateTemplateForDuration(subject pkix.Name, caLifetime time } // Can be used for ListenAndServeTLS -func newServerCertificateTemplate(subject pkix.Name, hosts []string, expireDays int, currentTime func() time.Time, authorityKeyId, subjectKeyId []byte) *x509.Certificate { - var lifetimeInDays = DefaultCertificateLifetimeInDays - if expireDays > 0 { - lifetimeInDays = expireDays +func newServerCertificateTemplate(subject pkix.Name, hosts []string, lifetime time.Duration, currentTime func() time.Time, authorityKeyId, subjectKeyId []byte) *x509.Certificate { + if lifetime <= 0 { + lifetime = DefaultCertificateLifetimeDuration + fmt.Fprintf(os.Stderr, "Validity period of the certificate for %q is unset, resetting to %d years!\n", subject.CommonName, lifetime) } - if lifetimeInDays > DefaultCertificateLifetimeInDays { - warnAboutCertificateLifeTime(subject.CommonName, DefaultCertificateLifetimeInDays) + if lifetime > DefaultCertificateLifetimeDuration { + warnAboutCertificateLifeTime(subject.CommonName, DefaultCertificateLifetimeDuration) } - lifetime := time.Duration(lifetimeInDays) * 24 * time.Hour - return newServerCertificateTemplateForDuration(subject, hosts, lifetime, currentTime, authorityKeyId, subjectKeyId) } @@ -1107,24 +1096,22 @@ func CertsFromPEM(pemCerts []byte) ([]*x509.Certificate, error) { } if !ok { - return certs, errors.New("Could not read any certificates") + return certs, errors.New("could not read any certificates") } return certs, nil } // Can be used as a certificate in http.Transport TLSClientConfig -func NewClientCertificateTemplate(subject pkix.Name, expireDays int, currentTime func() time.Time) *x509.Certificate { - var lifetimeInDays = DefaultCertificateLifetimeInDays - if expireDays > 0 { - lifetimeInDays = expireDays +func NewClientCertificateTemplate(subject pkix.Name, lifetime time.Duration, currentTime func() time.Time) *x509.Certificate { + if lifetime <= 0 { + lifetime = DefaultCertificateLifetimeDuration + fmt.Fprintf(os.Stderr, "Validity period of the certificate for %q is unset, resetting to %d years!\n", subject.CommonName, lifetime) } - if lifetimeInDays > DefaultCertificateLifetimeInDays { - warnAboutCertificateLifeTime(subject.CommonName, DefaultCertificateLifetimeInDays) + if lifetime > DefaultCertificateLifetimeDuration { + warnAboutCertificateLifeTime(subject.CommonName, DefaultCertificateLifetimeDuration) } - lifetime := time.Duration(lifetimeInDays) * 24 * time.Hour - return NewClientCertificateTemplateForDuration(subject, lifetime, currentTime) } @@ -1145,8 +1132,8 @@ func NewClientCertificateTemplateForDuration(subject pkix.Name, lifetime time.Du } } -func warnAboutCertificateLifeTime(name string, defaultLifetimeInDays int) { - defaultLifetimeInYears := defaultLifetimeInDays / 365 +func warnAboutCertificateLifeTime(name string, defaultLifetimeDuration time.Duration) { + defaultLifetimeInYears := defaultLifetimeDuration / 365 / 24 fmt.Fprintf(os.Stderr, "WARNING: Validity period of the certificate for %q is greater than %d years!\n", name, defaultLifetimeInYears) fmt.Fprintln(os.Stderr, "WARNING: By security reasons it is strongly recommended to change this period and make it smaller!") } @@ -1161,7 +1148,7 @@ func signCertificate(template *x509.Certificate, requestKey crypto.PublicKey, is return nil, err } if len(certs) != 1 { - return nil, errors.New("Expected a single certificate") + return nil, errors.New("expected a single certificate") } return certs[0], nil } @@ -1191,7 +1178,7 @@ func EncodeKey(key crypto.PrivateKey) ([]byte, error) { return []byte{}, err } default: - return []byte{}, errors.New("Unrecognized key type") + return []byte{}, errors.New("unrecognized key type") } return b.Bytes(), nil diff --git a/vendor/golang.org/x/net/html/doc.go b/vendor/golang.org/x/net/html/doc.go index 885c4c593..3a7e5ab17 100644 --- a/vendor/golang.org/x/net/html/doc.go +++ b/vendor/golang.org/x/net/html/doc.go @@ -78,11 +78,16 @@ example, to process each anchor node in depth-first order: if err != nil { // ... } - for n := range doc.Descendants() { + var f func(*html.Node) + f = func(n *html.Node) { if n.Type == html.ElementNode && n.Data == "a" { // Do something with n... } + for c := n.FirstChild; c != nil; c = c.NextSibling { + f(c) + } } + f(doc) The relevant specifications include: https://html.spec.whatwg.org/multipage/syntax.html and diff --git a/vendor/golang.org/x/net/html/iter.go b/vendor/golang.org/x/net/html/iter.go deleted file mode 100644 index 54be8fd30..000000000 --- a/vendor/golang.org/x/net/html/iter.go +++ /dev/null @@ -1,56 +0,0 @@ -// Copyright 2024 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -//go:build go1.23 - -package html - -import "iter" - -// Ancestors returns an iterator over the ancestors of n, starting with n.Parent. -// -// Mutating a Node or its parents while iterating may have unexpected results. -func (n *Node) Ancestors() iter.Seq[*Node] { - _ = n.Parent // eager nil check - - return func(yield func(*Node) bool) { - for p := n.Parent; p != nil && yield(p); p = p.Parent { - } - } -} - -// ChildNodes returns an iterator over the immediate children of n, -// starting with n.FirstChild. -// -// Mutating a Node or its children while iterating may have unexpected results. -func (n *Node) ChildNodes() iter.Seq[*Node] { - _ = n.FirstChild // eager nil check - - return func(yield func(*Node) bool) { - for c := n.FirstChild; c != nil && yield(c); c = c.NextSibling { - } - } - -} - -// Descendants returns an iterator over all nodes recursively beneath -// n, excluding n itself. Nodes are visited in depth-first preorder. -// -// Mutating a Node or its descendants while iterating may have unexpected results. -func (n *Node) Descendants() iter.Seq[*Node] { - _ = n.FirstChild // eager nil check - - return func(yield func(*Node) bool) { - n.descendants(yield) - } -} - -func (n *Node) descendants(yield func(*Node) bool) bool { - for c := range n.ChildNodes() { - if !yield(c) || !c.descendants(yield) { - return false - } - } - return true -} diff --git a/vendor/golang.org/x/net/html/node.go b/vendor/golang.org/x/net/html/node.go index 77741a195..1350eef22 100644 --- a/vendor/golang.org/x/net/html/node.go +++ b/vendor/golang.org/x/net/html/node.go @@ -38,10 +38,6 @@ var scopeMarker = Node{Type: scopeMarkerNode} // that it looks like "a cc.idleTimeout + return cc.idleTimeout != 0 && !cc.lastIdle.IsZero() && time.Since(cc.lastIdle.Round(0)) > cc.idleTimeout } // onIdleTimeout is called from a time.AfterFunc goroutine. It will @@ -1668,7 +1578,6 @@ func (cs *clientStream) cleanupWriteRequest(err error) { cs.reqBodyClosed = make(chan struct{}) } bodyClosed := cs.reqBodyClosed - closeOnIdle := cc.singleUse || cc.doNotReuse || cc.t.disableKeepAlives() || cc.goAway != nil cc.mu.Unlock() if mustCloseBody { cs.reqBody.Close() @@ -1693,40 +1602,16 @@ func (cs *clientStream) cleanupWriteRequest(err error) { if cs.sentHeaders { if se, ok := err.(StreamError); ok { if se.Cause != errFromPeer { - cc.writeStreamReset(cs.ID, se.Code, false, err) + cc.writeStreamReset(cs.ID, se.Code, err) } } else { - // We're cancelling an in-flight request. - // - // This could be due to the server becoming unresponsive. - // To avoid sending too many requests on a dead connection, - // we let the request continue to consume a concurrency slot - // until we can confirm the server is still responding. - // We do this by sending a PING frame along with the RST_STREAM - // (unless a ping is already in flight). - // - // For simplicity, we don't bother tracking the PING payload: - // We reset cc.pendingResets any time we receive a PING ACK. - // - // We skip this if the conn is going to be closed on idle, - // because it's short lived and will probably be closed before - // we get the ping response. - ping := false - if !closeOnIdle { - cc.mu.Lock() - if cc.pendingResets == 0 { - ping = true - } - cc.pendingResets++ - cc.mu.Unlock() - } - cc.writeStreamReset(cs.ID, ErrCodeCancel, ping, err) + cc.writeStreamReset(cs.ID, ErrCodeCancel, err) } } cs.bufPipe.CloseWithError(err) // no-op if already closed } else { if cs.sentHeaders && !cs.sentEndStream { - cc.writeStreamReset(cs.ID, ErrCodeNo, false, nil) + cc.writeStreamReset(cs.ID, ErrCodeNo, nil) } cs.bufPipe.CloseWithError(errRequestCanceled) } @@ -1748,17 +1633,12 @@ func (cs *clientStream) cleanupWriteRequest(err error) { // Must hold cc.mu. func (cc *ClientConn) awaitOpenSlotForStreamLocked(cs *clientStream) error { for { - if cc.closed && cc.nextStreamID == 1 && cc.streamsReserved == 0 { - // This is the very first request sent to this connection. - // Return a fatal error which aborts the retry loop. - return errClientConnNotEstablished - } - cc.lastActive = cc.t.now() + cc.lastActive = time.Now() if cc.closed || !cc.canTakeNewRequestLocked() { return errClientConnUnusable } cc.lastIdle = time.Time{} - if cc.currentRequestCountLocked() < int(cc.maxConcurrentStreams) { + if int64(len(cc.streams)) < int64(cc.maxConcurrentStreams) { return nil } cc.pendingRequests++ @@ -2300,10 +2180,10 @@ func (cc *ClientConn) forgetStreamID(id uint32) { if len(cc.streams) != slen-1 { panic("forgetting unknown stream id") } - cc.lastActive = cc.t.now() + cc.lastActive = time.Now() if len(cc.streams) == 0 && cc.idleTimer != nil { cc.idleTimer.Reset(cc.idleTimeout) - cc.lastIdle = cc.t.now() + cc.lastIdle = time.Now() } // Wake up writeRequestBody via clientStream.awaitFlowControl and // wake up RoundTrip if there is a pending request. @@ -2363,6 +2243,7 @@ func isEOFOrNetReadError(err error) bool { func (rl *clientConnReadLoop) cleanup() { cc := rl.cc + cc.t.connPool().MarkDead(cc) defer cc.closeConn() defer close(cc.readerDone) @@ -2386,24 +2267,6 @@ func (rl *clientConnReadLoop) cleanup() { } cc.closed = true - // If the connection has never been used, and has been open for only a short time, - // leave it in the connection pool for a little while. - // - // This avoids a situation where new connections are constantly created, - // added to the pool, fail, and are removed from the pool, without any error - // being surfaced to the user. - const unusedWaitTime = 5 * time.Second - idleTime := cc.t.now().Sub(cc.lastActive) - if atomic.LoadUint32(&cc.atomicReused) == 0 && idleTime < unusedWaitTime { - cc.idleTimer = cc.t.afterFunc(unusedWaitTime-idleTime, func() { - cc.t.connPool().MarkDead(cc) - }) - } else { - cc.mu.Unlock() // avoid any deadlocks in MarkDead - cc.t.connPool().MarkDead(cc) - cc.mu.Lock() - } - for _, cs := range cc.streams { select { case <-cs.peerClosed: @@ -2631,34 +2494,15 @@ func (rl *clientConnReadLoop) handleResponse(cs *clientStream, f *MetaHeadersFra if f.StreamEnded() { return nil, errors.New("1xx informational response with END_STREAM flag") } + cs.num1xx++ + const max1xxResponses = 5 // arbitrary bound on number of informational responses, same as net/http + if cs.num1xx > max1xxResponses { + return nil, errors.New("http2: too many 1xx informational responses") + } if fn := cs.get1xxTraceFunc(); fn != nil { - // If the 1xx response is being delivered to the user, - // then they're responsible for limiting the number - // of responses. if err := fn(statusCode, textproto.MIMEHeader(header)); err != nil { return nil, err } - } else { - // If the user didn't examine the 1xx response, then we - // limit the size of all 1xx headers. - // - // This differs a bit from the HTTP/1 implementation, which - // limits the size of all 1xx headers plus the final response. - // Use the larger limit of MaxHeaderListSize and - // net/http.Transport.MaxResponseHeaderBytes. - limit := int64(cs.cc.t.maxHeaderListSize()) - if t1 := cs.cc.t.t1; t1 != nil && t1.MaxResponseHeaderBytes > limit { - limit = t1.MaxResponseHeaderBytes - } - for _, h := range f.Fields { - cs.totalHeaderSize += int64(h.Size()) - } - if cs.totalHeaderSize > limit { - if VerboseLogs { - log.Printf("http2: 1xx informational responses too large") - } - return nil, errors.New("header list too large") - } } if statusCode == 100 { traceGot100Continue(cs.trace) @@ -3202,11 +3046,6 @@ func (rl *clientConnReadLoop) processPing(f *PingFrame) error { close(c) delete(cc.pings, f.Data) } - if cc.pendingResets > 0 { - // See clientStream.cleanupWriteRequest. - cc.pendingResets = 0 - cc.cond.Broadcast() - } return nil } cc := rl.cc @@ -3229,20 +3068,13 @@ func (rl *clientConnReadLoop) processPushPromise(f *PushPromiseFrame) error { return ConnectionError(ErrCodeProtocol) } -// writeStreamReset sends a RST_STREAM frame. -// When ping is true, it also sends a PING frame with a random payload. -func (cc *ClientConn) writeStreamReset(streamID uint32, code ErrCode, ping bool, err error) { +func (cc *ClientConn) writeStreamReset(streamID uint32, code ErrCode, err error) { // TODO: map err to more interesting error codes, once the // HTTP community comes up with some. But currently for // RST_STREAM there's no equivalent to GOAWAY frame's debug // data, and the error codes are all pretty vague ("cancel"). cc.wmu.Lock() cc.fr.WriteRSTStream(streamID, code) - if ping { - var payload [8]byte - rand.Read(payload[:]) - cc.fr.WritePing(false, payload) - } cc.bw.Flush() cc.wmu.Unlock() } @@ -3396,7 +3228,7 @@ func traceGotConn(req *http.Request, cc *ClientConn, reused bool) { cc.mu.Lock() ci.WasIdle = len(cc.streams) == 0 && reused if ci.WasIdle && !cc.lastActive.IsZero() { - ci.IdleTime = cc.t.timeSince(cc.lastActive) + ci.IdleTime = time.Since(cc.lastActive) } cc.mu.Unlock() diff --git a/vendor/golang.org/x/net/http2/unencrypted.go b/vendor/golang.org/x/net/http2/unencrypted.go deleted file mode 100644 index b2de21161..000000000 --- a/vendor/golang.org/x/net/http2/unencrypted.go +++ /dev/null @@ -1,32 +0,0 @@ -// Copyright 2024 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package http2 - -import ( - "crypto/tls" - "errors" - "net" -) - -const nextProtoUnencryptedHTTP2 = "unencrypted_http2" - -// unencryptedNetConnFromTLSConn retrieves a net.Conn wrapped in a *tls.Conn. -// -// TLSNextProto functions accept a *tls.Conn. -// -// When passing an unencrypted HTTP/2 connection to a TLSNextProto function, -// we pass a *tls.Conn with an underlying net.Conn containing the unencrypted connection. -// To be extra careful about mistakes (accidentally dropping TLS encryption in a place -// where we want it), the tls.Conn contains a net.Conn with an UnencryptedNetConn method -// that returns the actual connection we want to use. -func unencryptedNetConnFromTLSConn(tc *tls.Conn) (net.Conn, error) { - conner, ok := tc.NetConn().(interface { - UnencryptedNetConn() net.Conn - }) - if !ok { - return nil, errors.New("http2: TLS conn unexpectedly found in unencrypted handoff") - } - return conner.UnencryptedNetConn(), nil -} diff --git a/vendor/golang.org/x/sys/unix/ioctl_linux.go b/vendor/golang.org/x/sys/unix/ioctl_linux.go index 7ca4fa12a..dbe680eab 100644 --- a/vendor/golang.org/x/sys/unix/ioctl_linux.go +++ b/vendor/golang.org/x/sys/unix/ioctl_linux.go @@ -58,102 +58,6 @@ func IoctlGetEthtoolDrvinfo(fd int, ifname string) (*EthtoolDrvinfo, error) { return &value, err } -// IoctlGetEthtoolTsInfo fetches ethtool timestamping and PHC -// association for the network device specified by ifname. -func IoctlGetEthtoolTsInfo(fd int, ifname string) (*EthtoolTsInfo, error) { - ifr, err := NewIfreq(ifname) - if err != nil { - return nil, err - } - - value := EthtoolTsInfo{Cmd: ETHTOOL_GET_TS_INFO} - ifrd := ifr.withData(unsafe.Pointer(&value)) - - err = ioctlIfreqData(fd, SIOCETHTOOL, &ifrd) - return &value, err -} - -// IoctlGetHwTstamp retrieves the hardware timestamping configuration -// for the network device specified by ifname. -func IoctlGetHwTstamp(fd int, ifname string) (*HwTstampConfig, error) { - ifr, err := NewIfreq(ifname) - if err != nil { - return nil, err - } - - value := HwTstampConfig{} - ifrd := ifr.withData(unsafe.Pointer(&value)) - - err = ioctlIfreqData(fd, SIOCGHWTSTAMP, &ifrd) - return &value, err -} - -// IoctlSetHwTstamp updates the hardware timestamping configuration for -// the network device specified by ifname. -func IoctlSetHwTstamp(fd int, ifname string, cfg *HwTstampConfig) error { - ifr, err := NewIfreq(ifname) - if err != nil { - return err - } - ifrd := ifr.withData(unsafe.Pointer(cfg)) - return ioctlIfreqData(fd, SIOCSHWTSTAMP, &ifrd) -} - -// FdToClockID derives the clock ID from the file descriptor number -// - see clock_gettime(3), FD_TO_CLOCKID macros. The resulting ID is -// suitable for system calls like ClockGettime. -func FdToClockID(fd int) int32 { return int32((int(^fd) << 3) | 3) } - -// IoctlPtpClockGetcaps returns the description of a given PTP device. -func IoctlPtpClockGetcaps(fd int) (*PtpClockCaps, error) { - var value PtpClockCaps - err := ioctlPtr(fd, PTP_CLOCK_GETCAPS2, unsafe.Pointer(&value)) - return &value, err -} - -// IoctlPtpSysOffsetPrecise returns a description of the clock -// offset compared to the system clock. -func IoctlPtpSysOffsetPrecise(fd int) (*PtpSysOffsetPrecise, error) { - var value PtpSysOffsetPrecise - err := ioctlPtr(fd, PTP_SYS_OFFSET_PRECISE2, unsafe.Pointer(&value)) - return &value, err -} - -// IoctlPtpSysOffsetExtended returns an extended description of the -// clock offset compared to the system clock. The samples parameter -// specifies the desired number of measurements. -func IoctlPtpSysOffsetExtended(fd int, samples uint) (*PtpSysOffsetExtended, error) { - value := PtpSysOffsetExtended{Samples: uint32(samples)} - err := ioctlPtr(fd, PTP_SYS_OFFSET_EXTENDED2, unsafe.Pointer(&value)) - return &value, err -} - -// IoctlPtpPinGetfunc returns the configuration of the specified -// I/O pin on given PTP device. -func IoctlPtpPinGetfunc(fd int, index uint) (*PtpPinDesc, error) { - value := PtpPinDesc{Index: uint32(index)} - err := ioctlPtr(fd, PTP_PIN_GETFUNC2, unsafe.Pointer(&value)) - return &value, err -} - -// IoctlPtpPinSetfunc updates configuration of the specified PTP -// I/O pin. -func IoctlPtpPinSetfunc(fd int, pd *PtpPinDesc) error { - return ioctlPtr(fd, PTP_PIN_SETFUNC2, unsafe.Pointer(pd)) -} - -// IoctlPtpPeroutRequest configures the periodic output mode of the -// PTP I/O pins. -func IoctlPtpPeroutRequest(fd int, r *PtpPeroutRequest) error { - return ioctlPtr(fd, PTP_PEROUT_REQUEST2, unsafe.Pointer(r)) -} - -// IoctlPtpExttsRequest configures the external timestamping mode -// of the PTP I/O pins. -func IoctlPtpExttsRequest(fd int, r *PtpExttsRequest) error { - return ioctlPtr(fd, PTP_EXTTS_REQUEST2, unsafe.Pointer(r)) -} - // IoctlGetWatchdogInfo fetches information about a watchdog device from the // Linux watchdog API. For more information, see: // https://www.kernel.org/doc/html/latest/watchdog/watchdog-api.html. diff --git a/vendor/golang.org/x/sys/unix/mkerrors.sh b/vendor/golang.org/x/sys/unix/mkerrors.sh index 6ab02b6c3..ac54ecaba 100644 --- a/vendor/golang.org/x/sys/unix/mkerrors.sh +++ b/vendor/golang.org/x/sys/unix/mkerrors.sh @@ -158,16 +158,6 @@ includes_Linux=' #endif #define _GNU_SOURCE -// See the description in unix/linux/types.go -#if defined(__ARM_EABI__) || \ - (defined(__mips__) && (_MIPS_SIM == _ABIO32)) || \ - (defined(__powerpc__) && (!defined(__powerpc64__))) -# ifdef _TIME_BITS -# undef _TIME_BITS -# endif -# define _TIME_BITS 32 -#endif - // is broken on powerpc64, as it fails to include definitions of // these structures. We just include them copied from . #if defined(__powerpc__) @@ -266,7 +256,6 @@ struct ltchars { #include #include #include -#include #include #include #include @@ -538,7 +527,6 @@ ccflags="$@" $2 ~ /^(AF|SOCK|SO|SOL|IPPROTO|IP|IPV6|TCP|MCAST|EVFILT|NOTE|SHUT|PROT|MAP|MREMAP|MFD|T?PACKET|MSG|SCM|MCL|DT|MADV|PR|LOCAL|TCPOPT|UDP)_/ || $2 ~ /^NFC_(GENL|PROTO|COMM|RF|SE|DIRECTION|LLCP|SOCKPROTO)_/ || $2 ~ /^NFC_.*_(MAX)?SIZE$/ || - $2 ~ /^PTP_/ || $2 ~ /^RAW_PAYLOAD_/ || $2 ~ /^[US]F_/ || $2 ~ /^TP_STATUS_/ || diff --git a/vendor/golang.org/x/sys/unix/syscall_linux.go b/vendor/golang.org/x/sys/unix/syscall_linux.go index 230a94549..f08abd434 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux.go @@ -1860,7 +1860,6 @@ func Sendfile(outfd int, infd int, offset *int64, count int) (written int, err e //sys ClockAdjtime(clockid int32, buf *Timex) (state int, err error) //sys ClockGetres(clockid int32, res *Timespec) (err error) //sys ClockGettime(clockid int32, time *Timespec) (err error) -//sys ClockSettime(clockid int32, time *Timespec) (err error) //sys ClockNanosleep(clockid int32, flags int, request *Timespec, remain *Timespec) (err error) //sys Close(fd int) (err error) //sys CloseRange(first uint, last uint, flags uint) (err error) diff --git a/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go b/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go index 7bf5c04bb..312ae6ac1 100644 --- a/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go +++ b/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go @@ -768,15 +768,6 @@ func Munmap(b []byte) (err error) { return mapper.Munmap(b) } -func MmapPtr(fd int, offset int64, addr unsafe.Pointer, length uintptr, prot int, flags int) (ret unsafe.Pointer, err error) { - xaddr, err := mapper.mmap(uintptr(addr), length, prot, flags, fd, offset) - return unsafe.Pointer(xaddr), err -} - -func MunmapPtr(addr unsafe.Pointer, length uintptr) (err error) { - return mapper.munmap(uintptr(addr), length) -} - //sys Gethostname(buf []byte) (err error) = SYS___GETHOSTNAME_A //sysnb Getgid() (gid int) //sysnb Getpid() (pid int) @@ -825,10 +816,10 @@ func Lstat(path string, stat *Stat_t) (err error) { // for checking symlinks begins with $VERSION/ $SYSNAME/ $SYSSYMR/ $SYSSYMA/ func isSpecialPath(path []byte) (v bool) { var special = [4][8]byte{ - {'V', 'E', 'R', 'S', 'I', 'O', 'N', '/'}, - {'S', 'Y', 'S', 'N', 'A', 'M', 'E', '/'}, - {'S', 'Y', 'S', 'S', 'Y', 'M', 'R', '/'}, - {'S', 'Y', 'S', 'S', 'Y', 'M', 'A', '/'}} + [8]byte{'V', 'E', 'R', 'S', 'I', 'O', 'N', '/'}, + [8]byte{'S', 'Y', 'S', 'N', 'A', 'M', 'E', '/'}, + [8]byte{'S', 'Y', 'S', 'S', 'Y', 'M', 'R', '/'}, + [8]byte{'S', 'Y', 'S', 'S', 'Y', 'M', 'A', '/'}} var i, j int for i = 0; i < len(special); i++ { @@ -3124,90 +3115,3 @@ func legacy_Mkfifoat(dirfd int, path string, mode uint32) (err error) { //sys Posix_openpt(oflag int) (fd int, err error) = SYS_POSIX_OPENPT //sys Grantpt(fildes int) (rc int, err error) = SYS_GRANTPT //sys Unlockpt(fildes int) (rc int, err error) = SYS_UNLOCKPT - -func fcntlAsIs(fd uintptr, cmd int, arg uintptr) (val int, err error) { - runtime.EnterSyscall() - r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_FCNTL<<4, uintptr(fd), uintptr(cmd), arg) - runtime.ExitSyscall() - val = int(r0) - if int64(r0) == -1 { - err = errnoErr2(e1, e2) - } - return -} - -func Fcntl(fd uintptr, cmd int, op interface{}) (ret int, err error) { - switch op.(type) { - case *Flock_t: - err = FcntlFlock(fd, cmd, op.(*Flock_t)) - if err != nil { - ret = -1 - } - return - case int: - return FcntlInt(fd, cmd, op.(int)) - case *F_cnvrt: - return fcntlAsIs(fd, cmd, uintptr(unsafe.Pointer(op.(*F_cnvrt)))) - case unsafe.Pointer: - return fcntlAsIs(fd, cmd, uintptr(op.(unsafe.Pointer))) - default: - return -1, EINVAL - } - return -} - -func Sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) { - if raceenabled { - raceReleaseMerge(unsafe.Pointer(&ioSync)) - } - return sendfile(outfd, infd, offset, count) -} - -func sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) { - // TODO: use LE call instead if the call is implemented - originalOffset, err := Seek(infd, 0, SEEK_CUR) - if err != nil { - return -1, err - } - //start reading data from in_fd - if offset != nil { - _, err := Seek(infd, *offset, SEEK_SET) - if err != nil { - return -1, err - } - } - - buf := make([]byte, count) - readBuf := make([]byte, 0) - var n int = 0 - for i := 0; i < count; i += n { - n, err := Read(infd, buf) - if n == 0 { - if err != nil { - return -1, err - } else { // EOF - break - } - } - readBuf = append(readBuf, buf...) - buf = buf[0:0] - } - - n2, err := Write(outfd, readBuf) - if err != nil { - return -1, err - } - - //When sendfile() returns, this variable will be set to the - // offset of the byte following the last byte that was read. - if offset != nil { - *offset = *offset + int64(n) - // If offset is not NULL, then sendfile() does not modify the file - // offset of in_fd - _, err := Seek(infd, originalOffset, SEEK_SET) - if err != nil { - return -1, err - } - } - return n2, nil -} diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux.go b/vendor/golang.org/x/sys/unix/zerrors_linux.go index ccba391c9..de3b46248 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux.go @@ -2625,28 +2625,6 @@ const ( PR_UNALIGN_NOPRINT = 0x1 PR_UNALIGN_SIGBUS = 0x2 PSTOREFS_MAGIC = 0x6165676c - PTP_CLK_MAGIC = '=' - PTP_ENABLE_FEATURE = 0x1 - PTP_EXTTS_EDGES = 0x6 - PTP_EXTTS_EVENT_VALID = 0x1 - PTP_EXTTS_V1_VALID_FLAGS = 0x7 - PTP_EXTTS_VALID_FLAGS = 0x1f - PTP_EXT_OFFSET = 0x10 - PTP_FALLING_EDGE = 0x4 - PTP_MAX_SAMPLES = 0x19 - PTP_PEROUT_DUTY_CYCLE = 0x2 - PTP_PEROUT_ONE_SHOT = 0x1 - PTP_PEROUT_PHASE = 0x4 - PTP_PEROUT_V1_VALID_FLAGS = 0x0 - PTP_PEROUT_VALID_FLAGS = 0x7 - PTP_PIN_GETFUNC = 0xc0603d06 - PTP_PIN_GETFUNC2 = 0xc0603d0f - PTP_RISING_EDGE = 0x2 - PTP_STRICT_FLAGS = 0x8 - PTP_SYS_OFFSET_EXTENDED = 0xc4c03d09 - PTP_SYS_OFFSET_EXTENDED2 = 0xc4c03d12 - PTP_SYS_OFFSET_PRECISE = 0xc0403d08 - PTP_SYS_OFFSET_PRECISE2 = 0xc0403d11 PTRACE_ATTACH = 0x10 PTRACE_CONT = 0x7 PTRACE_DETACH = 0x11 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_386.go b/vendor/golang.org/x/sys/unix/zerrors_linux_386.go index 0c00cb3f3..8aa6d77c0 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_386.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_386.go @@ -237,20 +237,6 @@ const ( PPPIOCUNBRIDGECHAN = 0x7434 PPPIOCXFERUNIT = 0x744e PR_SET_PTRACER_ANY = 0xffffffff - PTP_CLOCK_GETCAPS = 0x80503d01 - PTP_CLOCK_GETCAPS2 = 0x80503d0a - PTP_ENABLE_PPS = 0x40043d04 - PTP_ENABLE_PPS2 = 0x40043d0d - PTP_EXTTS_REQUEST = 0x40103d02 - PTP_EXTTS_REQUEST2 = 0x40103d0b - PTP_MASK_CLEAR_ALL = 0x3d13 - PTP_MASK_EN_SINGLE = 0x40043d14 - PTP_PEROUT_REQUEST = 0x40383d03 - PTP_PEROUT_REQUEST2 = 0x40383d0c - PTP_PIN_SETFUNC = 0x40603d07 - PTP_PIN_SETFUNC2 = 0x40603d10 - PTP_SYS_OFFSET = 0x43403d05 - PTP_SYS_OFFSET2 = 0x43403d0e PTRACE_GETFPREGS = 0xe PTRACE_GETFPXREGS = 0x12 PTRACE_GET_THREAD_AREA = 0x19 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go index dfb364554..da428f425 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go @@ -237,20 +237,6 @@ const ( PPPIOCUNBRIDGECHAN = 0x7434 PPPIOCXFERUNIT = 0x744e PR_SET_PTRACER_ANY = 0xffffffffffffffff - PTP_CLOCK_GETCAPS = 0x80503d01 - PTP_CLOCK_GETCAPS2 = 0x80503d0a - PTP_ENABLE_PPS = 0x40043d04 - PTP_ENABLE_PPS2 = 0x40043d0d - PTP_EXTTS_REQUEST = 0x40103d02 - PTP_EXTTS_REQUEST2 = 0x40103d0b - PTP_MASK_CLEAR_ALL = 0x3d13 - PTP_MASK_EN_SINGLE = 0x40043d14 - PTP_PEROUT_REQUEST = 0x40383d03 - PTP_PEROUT_REQUEST2 = 0x40383d0c - PTP_PIN_SETFUNC = 0x40603d07 - PTP_PIN_SETFUNC2 = 0x40603d10 - PTP_SYS_OFFSET = 0x43403d05 - PTP_SYS_OFFSET2 = 0x43403d0e PTRACE_ARCH_PRCTL = 0x1e PTRACE_GETFPREGS = 0xe PTRACE_GETFPXREGS = 0x12 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go b/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go index d46dcf78a..bf45bfec7 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go @@ -234,20 +234,6 @@ const ( PPPIOCUNBRIDGECHAN = 0x7434 PPPIOCXFERUNIT = 0x744e PR_SET_PTRACER_ANY = 0xffffffff - PTP_CLOCK_GETCAPS = 0x80503d01 - PTP_CLOCK_GETCAPS2 = 0x80503d0a - PTP_ENABLE_PPS = 0x40043d04 - PTP_ENABLE_PPS2 = 0x40043d0d - PTP_EXTTS_REQUEST = 0x40103d02 - PTP_EXTTS_REQUEST2 = 0x40103d0b - PTP_MASK_CLEAR_ALL = 0x3d13 - PTP_MASK_EN_SINGLE = 0x40043d14 - PTP_PEROUT_REQUEST = 0x40383d03 - PTP_PEROUT_REQUEST2 = 0x40383d0c - PTP_PIN_SETFUNC = 0x40603d07 - PTP_PIN_SETFUNC2 = 0x40603d10 - PTP_SYS_OFFSET = 0x43403d05 - PTP_SYS_OFFSET2 = 0x43403d0e PTRACE_GETCRUNCHREGS = 0x19 PTRACE_GETFDPIC = 0x1f PTRACE_GETFDPIC_EXEC = 0x0 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go index 3af3248a7..71c67162b 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go @@ -240,20 +240,6 @@ const ( PROT_BTI = 0x10 PROT_MTE = 0x20 PR_SET_PTRACER_ANY = 0xffffffffffffffff - PTP_CLOCK_GETCAPS = 0x80503d01 - PTP_CLOCK_GETCAPS2 = 0x80503d0a - PTP_ENABLE_PPS = 0x40043d04 - PTP_ENABLE_PPS2 = 0x40043d0d - PTP_EXTTS_REQUEST = 0x40103d02 - PTP_EXTTS_REQUEST2 = 0x40103d0b - PTP_MASK_CLEAR_ALL = 0x3d13 - PTP_MASK_EN_SINGLE = 0x40043d14 - PTP_PEROUT_REQUEST = 0x40383d03 - PTP_PEROUT_REQUEST2 = 0x40383d0c - PTP_PIN_SETFUNC = 0x40603d07 - PTP_PIN_SETFUNC2 = 0x40603d10 - PTP_SYS_OFFSET = 0x43403d05 - PTP_SYS_OFFSET2 = 0x43403d0e PTRACE_PEEKMTETAGS = 0x21 PTRACE_POKEMTETAGS = 0x22 PTRACE_SYSEMU = 0x1f diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go index 292bcf028..9476628fa 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go @@ -238,20 +238,6 @@ const ( PPPIOCUNBRIDGECHAN = 0x7434 PPPIOCXFERUNIT = 0x744e PR_SET_PTRACER_ANY = 0xffffffffffffffff - PTP_CLOCK_GETCAPS = 0x80503d01 - PTP_CLOCK_GETCAPS2 = 0x80503d0a - PTP_ENABLE_PPS = 0x40043d04 - PTP_ENABLE_PPS2 = 0x40043d0d - PTP_EXTTS_REQUEST = 0x40103d02 - PTP_EXTTS_REQUEST2 = 0x40103d0b - PTP_MASK_CLEAR_ALL = 0x3d13 - PTP_MASK_EN_SINGLE = 0x40043d14 - PTP_PEROUT_REQUEST = 0x40383d03 - PTP_PEROUT_REQUEST2 = 0x40383d0c - PTP_PIN_SETFUNC = 0x40603d07 - PTP_PIN_SETFUNC2 = 0x40603d10 - PTP_SYS_OFFSET = 0x43403d05 - PTP_SYS_OFFSET2 = 0x43403d0e PTRACE_SYSEMU = 0x1f PTRACE_SYSEMU_SINGLESTEP = 0x20 RLIMIT_AS = 0x9 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go index 782b7110f..b9e85f3cf 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go @@ -234,20 +234,6 @@ const ( PPPIOCUNBRIDGECHAN = 0x20007434 PPPIOCXFERUNIT = 0x2000744e PR_SET_PTRACER_ANY = 0xffffffff - PTP_CLOCK_GETCAPS = 0x40503d01 - PTP_CLOCK_GETCAPS2 = 0x40503d0a - PTP_ENABLE_PPS = 0x80043d04 - PTP_ENABLE_PPS2 = 0x80043d0d - PTP_EXTTS_REQUEST = 0x80103d02 - PTP_EXTTS_REQUEST2 = 0x80103d0b - PTP_MASK_CLEAR_ALL = 0x20003d13 - PTP_MASK_EN_SINGLE = 0x80043d14 - PTP_PEROUT_REQUEST = 0x80383d03 - PTP_PEROUT_REQUEST2 = 0x80383d0c - PTP_PIN_SETFUNC = 0x80603d07 - PTP_PIN_SETFUNC2 = 0x80603d10 - PTP_SYS_OFFSET = 0x83403d05 - PTP_SYS_OFFSET2 = 0x83403d0e PTRACE_GETFPREGS = 0xe PTRACE_GET_THREAD_AREA = 0x19 PTRACE_GET_THREAD_AREA_3264 = 0xc4 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go index 84973fd92..a48b68a76 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go @@ -234,20 +234,6 @@ const ( PPPIOCUNBRIDGECHAN = 0x20007434 PPPIOCXFERUNIT = 0x2000744e PR_SET_PTRACER_ANY = 0xffffffffffffffff - PTP_CLOCK_GETCAPS = 0x40503d01 - PTP_CLOCK_GETCAPS2 = 0x40503d0a - PTP_ENABLE_PPS = 0x80043d04 - PTP_ENABLE_PPS2 = 0x80043d0d - PTP_EXTTS_REQUEST = 0x80103d02 - PTP_EXTTS_REQUEST2 = 0x80103d0b - PTP_MASK_CLEAR_ALL = 0x20003d13 - PTP_MASK_EN_SINGLE = 0x80043d14 - PTP_PEROUT_REQUEST = 0x80383d03 - PTP_PEROUT_REQUEST2 = 0x80383d0c - PTP_PIN_SETFUNC = 0x80603d07 - PTP_PIN_SETFUNC2 = 0x80603d10 - PTP_SYS_OFFSET = 0x83403d05 - PTP_SYS_OFFSET2 = 0x83403d0e PTRACE_GETFPREGS = 0xe PTRACE_GET_THREAD_AREA = 0x19 PTRACE_GET_THREAD_AREA_3264 = 0xc4 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go index 6d9cbc3b2..ea00e8522 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go @@ -234,20 +234,6 @@ const ( PPPIOCUNBRIDGECHAN = 0x20007434 PPPIOCXFERUNIT = 0x2000744e PR_SET_PTRACER_ANY = 0xffffffffffffffff - PTP_CLOCK_GETCAPS = 0x40503d01 - PTP_CLOCK_GETCAPS2 = 0x40503d0a - PTP_ENABLE_PPS = 0x80043d04 - PTP_ENABLE_PPS2 = 0x80043d0d - PTP_EXTTS_REQUEST = 0x80103d02 - PTP_EXTTS_REQUEST2 = 0x80103d0b - PTP_MASK_CLEAR_ALL = 0x20003d13 - PTP_MASK_EN_SINGLE = 0x80043d14 - PTP_PEROUT_REQUEST = 0x80383d03 - PTP_PEROUT_REQUEST2 = 0x80383d0c - PTP_PIN_SETFUNC = 0x80603d07 - PTP_PIN_SETFUNC2 = 0x80603d10 - PTP_SYS_OFFSET = 0x83403d05 - PTP_SYS_OFFSET2 = 0x83403d0e PTRACE_GETFPREGS = 0xe PTRACE_GET_THREAD_AREA = 0x19 PTRACE_GET_THREAD_AREA_3264 = 0xc4 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go index 5f9fedbce..91c646871 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go @@ -234,20 +234,6 @@ const ( PPPIOCUNBRIDGECHAN = 0x20007434 PPPIOCXFERUNIT = 0x2000744e PR_SET_PTRACER_ANY = 0xffffffff - PTP_CLOCK_GETCAPS = 0x40503d01 - PTP_CLOCK_GETCAPS2 = 0x40503d0a - PTP_ENABLE_PPS = 0x80043d04 - PTP_ENABLE_PPS2 = 0x80043d0d - PTP_EXTTS_REQUEST = 0x80103d02 - PTP_EXTTS_REQUEST2 = 0x80103d0b - PTP_MASK_CLEAR_ALL = 0x20003d13 - PTP_MASK_EN_SINGLE = 0x80043d14 - PTP_PEROUT_REQUEST = 0x80383d03 - PTP_PEROUT_REQUEST2 = 0x80383d0c - PTP_PIN_SETFUNC = 0x80603d07 - PTP_PIN_SETFUNC2 = 0x80603d10 - PTP_SYS_OFFSET = 0x83403d05 - PTP_SYS_OFFSET2 = 0x83403d0e PTRACE_GETFPREGS = 0xe PTRACE_GET_THREAD_AREA = 0x19 PTRACE_GET_THREAD_AREA_3264 = 0xc4 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go index bb0026ee0..8cbf38d63 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go @@ -237,20 +237,6 @@ const ( PPPIOCXFERUNIT = 0x2000744e PROT_SAO = 0x10 PR_SET_PTRACER_ANY = 0xffffffff - PTP_CLOCK_GETCAPS = 0x40503d01 - PTP_CLOCK_GETCAPS2 = 0x40503d0a - PTP_ENABLE_PPS = 0x80043d04 - PTP_ENABLE_PPS2 = 0x80043d0d - PTP_EXTTS_REQUEST = 0x80103d02 - PTP_EXTTS_REQUEST2 = 0x80103d0b - PTP_MASK_CLEAR_ALL = 0x20003d13 - PTP_MASK_EN_SINGLE = 0x80043d14 - PTP_PEROUT_REQUEST = 0x80383d03 - PTP_PEROUT_REQUEST2 = 0x80383d0c - PTP_PIN_SETFUNC = 0x80603d07 - PTP_PIN_SETFUNC2 = 0x80603d10 - PTP_SYS_OFFSET = 0x83403d05 - PTP_SYS_OFFSET2 = 0x83403d0e PTRACE_GETEVRREGS = 0x14 PTRACE_GETFPREGS = 0xe PTRACE_GETREGS64 = 0x16 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go index 46120db5c..a2df73419 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go @@ -237,20 +237,6 @@ const ( PPPIOCXFERUNIT = 0x2000744e PROT_SAO = 0x10 PR_SET_PTRACER_ANY = 0xffffffffffffffff - PTP_CLOCK_GETCAPS = 0x40503d01 - PTP_CLOCK_GETCAPS2 = 0x40503d0a - PTP_ENABLE_PPS = 0x80043d04 - PTP_ENABLE_PPS2 = 0x80043d0d - PTP_EXTTS_REQUEST = 0x80103d02 - PTP_EXTTS_REQUEST2 = 0x80103d0b - PTP_MASK_CLEAR_ALL = 0x20003d13 - PTP_MASK_EN_SINGLE = 0x80043d14 - PTP_PEROUT_REQUEST = 0x80383d03 - PTP_PEROUT_REQUEST2 = 0x80383d0c - PTP_PIN_SETFUNC = 0x80603d07 - PTP_PIN_SETFUNC2 = 0x80603d10 - PTP_SYS_OFFSET = 0x83403d05 - PTP_SYS_OFFSET2 = 0x83403d0e PTRACE_GETEVRREGS = 0x14 PTRACE_GETFPREGS = 0xe PTRACE_GETREGS64 = 0x16 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go index 5c951634f..247913792 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go @@ -237,20 +237,6 @@ const ( PPPIOCXFERUNIT = 0x2000744e PROT_SAO = 0x10 PR_SET_PTRACER_ANY = 0xffffffffffffffff - PTP_CLOCK_GETCAPS = 0x40503d01 - PTP_CLOCK_GETCAPS2 = 0x40503d0a - PTP_ENABLE_PPS = 0x80043d04 - PTP_ENABLE_PPS2 = 0x80043d0d - PTP_EXTTS_REQUEST = 0x80103d02 - PTP_EXTTS_REQUEST2 = 0x80103d0b - PTP_MASK_CLEAR_ALL = 0x20003d13 - PTP_MASK_EN_SINGLE = 0x80043d14 - PTP_PEROUT_REQUEST = 0x80383d03 - PTP_PEROUT_REQUEST2 = 0x80383d0c - PTP_PIN_SETFUNC = 0x80603d07 - PTP_PIN_SETFUNC2 = 0x80603d10 - PTP_SYS_OFFSET = 0x83403d05 - PTP_SYS_OFFSET2 = 0x83403d0e PTRACE_GETEVRREGS = 0x14 PTRACE_GETFPREGS = 0xe PTRACE_GETREGS64 = 0x16 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go index 11a84d5af..d265f146e 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go @@ -234,20 +234,6 @@ const ( PPPIOCUNBRIDGECHAN = 0x7434 PPPIOCXFERUNIT = 0x744e PR_SET_PTRACER_ANY = 0xffffffffffffffff - PTP_CLOCK_GETCAPS = 0x80503d01 - PTP_CLOCK_GETCAPS2 = 0x80503d0a - PTP_ENABLE_PPS = 0x40043d04 - PTP_ENABLE_PPS2 = 0x40043d0d - PTP_EXTTS_REQUEST = 0x40103d02 - PTP_EXTTS_REQUEST2 = 0x40103d0b - PTP_MASK_CLEAR_ALL = 0x3d13 - PTP_MASK_EN_SINGLE = 0x40043d14 - PTP_PEROUT_REQUEST = 0x40383d03 - PTP_PEROUT_REQUEST2 = 0x40383d0c - PTP_PIN_SETFUNC = 0x40603d07 - PTP_PIN_SETFUNC2 = 0x40603d10 - PTP_SYS_OFFSET = 0x43403d05 - PTP_SYS_OFFSET2 = 0x43403d0e PTRACE_GETFDPIC = 0x21 PTRACE_GETFDPIC_EXEC = 0x0 PTRACE_GETFDPIC_INTERP = 0x1 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go b/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go index f78c4617c..3f2d64439 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go @@ -234,20 +234,6 @@ const ( PPPIOCUNBRIDGECHAN = 0x7434 PPPIOCXFERUNIT = 0x744e PR_SET_PTRACER_ANY = 0xffffffffffffffff - PTP_CLOCK_GETCAPS = 0x80503d01 - PTP_CLOCK_GETCAPS2 = 0x80503d0a - PTP_ENABLE_PPS = 0x40043d04 - PTP_ENABLE_PPS2 = 0x40043d0d - PTP_EXTTS_REQUEST = 0x40103d02 - PTP_EXTTS_REQUEST2 = 0x40103d0b - PTP_MASK_CLEAR_ALL = 0x3d13 - PTP_MASK_EN_SINGLE = 0x40043d14 - PTP_PEROUT_REQUEST = 0x40383d03 - PTP_PEROUT_REQUEST2 = 0x40383d0c - PTP_PIN_SETFUNC = 0x40603d07 - PTP_PIN_SETFUNC2 = 0x40603d10 - PTP_SYS_OFFSET = 0x43403d05 - PTP_SYS_OFFSET2 = 0x43403d0e PTRACE_DISABLE_TE = 0x5010 PTRACE_ENABLE_TE = 0x5009 PTRACE_GET_LAST_BREAK = 0x5006 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go index aeb777c34..5d8b727a1 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go @@ -239,20 +239,6 @@ const ( PPPIOCUNBRIDGECHAN = 0x20007434 PPPIOCXFERUNIT = 0x2000744e PR_SET_PTRACER_ANY = 0xffffffffffffffff - PTP_CLOCK_GETCAPS = 0x40503d01 - PTP_CLOCK_GETCAPS2 = 0x40503d0a - PTP_ENABLE_PPS = 0x80043d04 - PTP_ENABLE_PPS2 = 0x80043d0d - PTP_EXTTS_REQUEST = 0x80103d02 - PTP_EXTTS_REQUEST2 = 0x80103d0b - PTP_MASK_CLEAR_ALL = 0x20003d13 - PTP_MASK_EN_SINGLE = 0x80043d14 - PTP_PEROUT_REQUEST = 0x80383d03 - PTP_PEROUT_REQUEST2 = 0x80383d0c - PTP_PIN_SETFUNC = 0x80603d07 - PTP_PIN_SETFUNC2 = 0x80603d10 - PTP_SYS_OFFSET = 0x83403d05 - PTP_SYS_OFFSET2 = 0x83403d0e PTRACE_GETFPAREGS = 0x14 PTRACE_GETFPREGS = 0xe PTRACE_GETFPREGS64 = 0x19 diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux.go b/vendor/golang.org/x/sys/unix/zsyscall_linux.go index 5cc1e8eb2..af30da557 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux.go @@ -592,16 +592,6 @@ func ClockGettime(clockid int32, time *Timespec) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func ClockSettime(clockid int32, time *Timespec) (err error) { - _, _, e1 := Syscall(SYS_CLOCK_SETTIME, uintptr(clockid), uintptr(unsafe.Pointer(time)), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func ClockNanosleep(clockid int32, flags int, request *Timespec, remain *Timespec) (err error) { _, _, e1 := Syscall6(SYS_CLOCK_NANOSLEEP, uintptr(clockid), uintptr(flags), uintptr(unsafe.Pointer(request)), uintptr(unsafe.Pointer(remain)), 0, 0) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux.go b/vendor/golang.org/x/sys/unix/ztypes_linux.go index 8daaf3faf..3a69e4549 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux.go @@ -1752,6 +1752,12 @@ const ( IFLA_IPVLAN_UNSPEC = 0x0 IFLA_IPVLAN_MODE = 0x1 IFLA_IPVLAN_FLAGS = 0x2 + NETKIT_NEXT = -0x1 + NETKIT_PASS = 0x0 + NETKIT_DROP = 0x2 + NETKIT_REDIRECT = 0x7 + NETKIT_L2 = 0x0 + NETKIT_L3 = 0x1 IFLA_NETKIT_UNSPEC = 0x0 IFLA_NETKIT_PEER_INFO = 0x1 IFLA_NETKIT_PRIMARY = 0x2 @@ -1790,7 +1796,6 @@ const ( IFLA_VXLAN_DF = 0x1d IFLA_VXLAN_VNIFILTER = 0x1e IFLA_VXLAN_LOCALBYPASS = 0x1f - IFLA_VXLAN_LABEL_POLICY = 0x20 IFLA_GENEVE_UNSPEC = 0x0 IFLA_GENEVE_ID = 0x1 IFLA_GENEVE_REMOTE = 0x2 @@ -1820,8 +1825,6 @@ const ( IFLA_GTP_ROLE = 0x4 IFLA_GTP_CREATE_SOCKETS = 0x5 IFLA_GTP_RESTART_COUNT = 0x6 - IFLA_GTP_LOCAL = 0x7 - IFLA_GTP_LOCAL6 = 0x8 IFLA_BOND_UNSPEC = 0x0 IFLA_BOND_MODE = 0x1 IFLA_BOND_ACTIVE_SLAVE = 0x2 @@ -1854,7 +1857,6 @@ const ( IFLA_BOND_AD_LACP_ACTIVE = 0x1d IFLA_BOND_MISSED_MAX = 0x1e IFLA_BOND_NS_IP6_TARGET = 0x1f - IFLA_BOND_COUPLED_CONTROL = 0x20 IFLA_BOND_AD_INFO_UNSPEC = 0x0 IFLA_BOND_AD_INFO_AGGREGATOR = 0x1 IFLA_BOND_AD_INFO_NUM_PORTS = 0x2 @@ -1923,7 +1925,6 @@ const ( IFLA_HSR_SEQ_NR = 0x5 IFLA_HSR_VERSION = 0x6 IFLA_HSR_PROTOCOL = 0x7 - IFLA_HSR_INTERLINK = 0x8 IFLA_STATS_UNSPEC = 0x0 IFLA_STATS_LINK_64 = 0x1 IFLA_STATS_LINK_XSTATS = 0x2 @@ -1976,15 +1977,6 @@ const ( IFLA_DSA_MASTER = 0x1 ) -const ( - NETKIT_NEXT = -0x1 - NETKIT_PASS = 0x0 - NETKIT_DROP = 0x2 - NETKIT_REDIRECT = 0x7 - NETKIT_L2 = 0x0 - NETKIT_L3 = 0x1 -) - const ( NF_INET_PRE_ROUTING = 0x0 NF_INET_LOCAL_IN = 0x1 @@ -4118,106 +4110,6 @@ type EthtoolDrvinfo struct { Regdump_len uint32 } -type EthtoolTsInfo struct { - Cmd uint32 - So_timestamping uint32 - Phc_index int32 - Tx_types uint32 - Tx_reserved [3]uint32 - Rx_filters uint32 - Rx_reserved [3]uint32 -} - -type HwTstampConfig struct { - Flags int32 - Tx_type int32 - Rx_filter int32 -} - -const ( - HWTSTAMP_FILTER_NONE = 0x0 - HWTSTAMP_FILTER_ALL = 0x1 - HWTSTAMP_FILTER_SOME = 0x2 - HWTSTAMP_FILTER_PTP_V1_L4_EVENT = 0x3 - HWTSTAMP_FILTER_PTP_V2_L4_EVENT = 0x6 - HWTSTAMP_FILTER_PTP_V2_L2_EVENT = 0x9 - HWTSTAMP_FILTER_PTP_V2_EVENT = 0xc -) - -const ( - HWTSTAMP_TX_OFF = 0x0 - HWTSTAMP_TX_ON = 0x1 - HWTSTAMP_TX_ONESTEP_SYNC = 0x2 -) - -type ( - PtpClockCaps struct { - Max_adj int32 - N_alarm int32 - N_ext_ts int32 - N_per_out int32 - Pps int32 - N_pins int32 - Cross_timestamping int32 - Adjust_phase int32 - Max_phase_adj int32 - Rsv [11]int32 - } - PtpClockTime struct { - Sec int64 - Nsec uint32 - Reserved uint32 - } - PtpExttsEvent struct { - T PtpClockTime - Index uint32 - Flags uint32 - Rsv [2]uint32 - } - PtpExttsRequest struct { - Index uint32 - Flags uint32 - Rsv [2]uint32 - } - PtpPeroutRequest struct { - StartOrPhase PtpClockTime - Period PtpClockTime - Index uint32 - Flags uint32 - On PtpClockTime - } - PtpPinDesc struct { - Name [64]byte - Index uint32 - Func uint32 - Chan uint32 - Rsv [5]uint32 - } - PtpSysOffset struct { - Samples uint32 - Rsv [3]uint32 - Ts [51]PtpClockTime - } - PtpSysOffsetExtended struct { - Samples uint32 - Rsv [3]uint32 - Ts [25][3]PtpClockTime - } - PtpSysOffsetPrecise struct { - Device PtpClockTime - Realtime PtpClockTime - Monoraw PtpClockTime - Rsv [4]uint32 - } -) - -const ( - PTP_PF_NONE = 0x0 - PTP_PF_EXTTS = 0x1 - PTP_PF_PEROUT = 0x2 - PTP_PF_PHYSYNC = 0x3 -) - type ( HIDRawReportDescriptor struct { Size uint32 diff --git a/vendor/golang.org/x/sys/unix/ztypes_zos_s390x.go b/vendor/golang.org/x/sys/unix/ztypes_zos_s390x.go index 2e5d5a443..d9a13af46 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_zos_s390x.go +++ b/vendor/golang.org/x/sys/unix/ztypes_zos_s390x.go @@ -377,12 +377,6 @@ type Flock_t struct { Pid int32 } -type F_cnvrt struct { - Cvtcmd int32 - Pccsid int16 - Fccsid int16 -} - type Termios struct { Cflag uint32 Iflag uint32 diff --git a/vendor/golang.org/x/sys/windows/syscall_windows.go b/vendor/golang.org/x/sys/windows/syscall_windows.go index 4510bfc3f..5cee9a314 100644 --- a/vendor/golang.org/x/sys/windows/syscall_windows.go +++ b/vendor/golang.org/x/sys/windows/syscall_windows.go @@ -725,12 +725,20 @@ func DurationSinceBoot() time.Duration { } func Ftruncate(fd Handle, length int64) (err error) { - type _FILE_END_OF_FILE_INFO struct { - EndOfFile int64 + curoffset, e := Seek(fd, 0, 1) + if e != nil { + return e + } + defer Seek(fd, curoffset, 0) + _, e = Seek(fd, length, 0) + if e != nil { + return e } - var info _FILE_END_OF_FILE_INFO - info.EndOfFile = length - return SetFileInformationByHandle(fd, FileEndOfFileInfo, (*byte)(unsafe.Pointer(&info)), uint32(unsafe.Sizeof(info))) + e = SetEndOfFile(fd) + if e != nil { + return e + } + return nil } func Gettimeofday(tv *Timeval) (err error) { @@ -886,11 +894,6 @@ const socket_error = uintptr(^uint32(0)) //sys GetACP() (acp uint32) = kernel32.GetACP //sys MultiByteToWideChar(codePage uint32, dwFlags uint32, str *byte, nstr int32, wchar *uint16, nwchar int32) (nwrite int32, err error) = kernel32.MultiByteToWideChar //sys getBestInterfaceEx(sockaddr unsafe.Pointer, pdwBestIfIndex *uint32) (errcode error) = iphlpapi.GetBestInterfaceEx -//sys GetIfEntry2Ex(level uint32, row *MibIfRow2) (errcode error) = iphlpapi.GetIfEntry2Ex -//sys GetUnicastIpAddressEntry(row *MibUnicastIpAddressRow) (errcode error) = iphlpapi.GetUnicastIpAddressEntry -//sys NotifyIpInterfaceChange(family uint16, callback uintptr, callerContext unsafe.Pointer, initialNotification bool, notificationHandle *Handle) (errcode error) = iphlpapi.NotifyIpInterfaceChange -//sys NotifyUnicastIpAddressChange(family uint16, callback uintptr, callerContext unsafe.Pointer, initialNotification bool, notificationHandle *Handle) (errcode error) = iphlpapi.NotifyUnicastIpAddressChange -//sys CancelMibChangeNotify2(notificationHandle Handle) (errcode error) = iphlpapi.CancelMibChangeNotify2 // For testing: clients can set this flag to force // creation of IPv6 sockets to return EAFNOSUPPORT. @@ -1682,16 +1685,13 @@ func (s NTStatus) Error() string { // do not use NTUnicodeString, and instead UTF16PtrFromString should be used for // the more common *uint16 string type. func NewNTUnicodeString(s string) (*NTUnicodeString, error) { - s16, err := UTF16FromString(s) + var u NTUnicodeString + s16, err := UTF16PtrFromString(s) if err != nil { return nil, err } - n := uint16(len(s16) * 2) - return &NTUnicodeString{ - Length: n - 2, // subtract 2 bytes for the NULL terminator - MaximumLength: n, - Buffer: &s16[0], - }, nil + RtlInitUnicodeString(&u, s16) + return &u, nil } // Slice returns a uint16 slice that aliases the data in the NTUnicodeString. diff --git a/vendor/golang.org/x/sys/windows/types_windows.go b/vendor/golang.org/x/sys/windows/types_windows.go index 51311e205..7b97a154c 100644 --- a/vendor/golang.org/x/sys/windows/types_windows.go +++ b/vendor/golang.org/x/sys/windows/types_windows.go @@ -2203,132 +2203,6 @@ const ( IfOperStatusLowerLayerDown = 7 ) -const ( - IF_MAX_PHYS_ADDRESS_LENGTH = 32 - IF_MAX_STRING_SIZE = 256 -) - -// MIB_IF_ENTRY_LEVEL enumeration from netioapi.h or -// https://learn.microsoft.com/en-us/windows/win32/api/netioapi/nf-netioapi-getifentry2ex. -const ( - MibIfEntryNormal = 0 - MibIfEntryNormalWithoutStatistics = 2 -) - -// MIB_NOTIFICATION_TYPE enumeration from netioapi.h or -// https://learn.microsoft.com/en-us/windows/win32/api/netioapi/ne-netioapi-mib_notification_type. -const ( - MibParameterNotification = 0 - MibAddInstance = 1 - MibDeleteInstance = 2 - MibInitialNotification = 3 -) - -// MibIfRow2 stores information about a particular interface. See -// https://learn.microsoft.com/en-us/windows/win32/api/netioapi/ns-netioapi-mib_if_row2. -type MibIfRow2 struct { - InterfaceLuid uint64 - InterfaceIndex uint32 - InterfaceGuid GUID - Alias [IF_MAX_STRING_SIZE + 1]uint16 - Description [IF_MAX_STRING_SIZE + 1]uint16 - PhysicalAddressLength uint32 - PhysicalAddress [IF_MAX_PHYS_ADDRESS_LENGTH]uint8 - PermanentPhysicalAddress [IF_MAX_PHYS_ADDRESS_LENGTH]uint8 - Mtu uint32 - Type uint32 - TunnelType uint32 - MediaType uint32 - PhysicalMediumType uint32 - AccessType uint32 - DirectionType uint32 - InterfaceAndOperStatusFlags uint8 - OperStatus uint32 - AdminStatus uint32 - MediaConnectState uint32 - NetworkGuid GUID - ConnectionType uint32 - TransmitLinkSpeed uint64 - ReceiveLinkSpeed uint64 - InOctets uint64 - InUcastPkts uint64 - InNUcastPkts uint64 - InDiscards uint64 - InErrors uint64 - InUnknownProtos uint64 - InUcastOctets uint64 - InMulticastOctets uint64 - InBroadcastOctets uint64 - OutOctets uint64 - OutUcastPkts uint64 - OutNUcastPkts uint64 - OutDiscards uint64 - OutErrors uint64 - OutUcastOctets uint64 - OutMulticastOctets uint64 - OutBroadcastOctets uint64 - OutQLen uint64 -} - -// MIB_UNICASTIPADDRESS_ROW stores information about a unicast IP address. See -// https://learn.microsoft.com/en-us/windows/win32/api/netioapi/ns-netioapi-mib_unicastipaddress_row. -type MibUnicastIpAddressRow struct { - Address RawSockaddrInet6 // SOCKADDR_INET union - InterfaceLuid uint64 - InterfaceIndex uint32 - PrefixOrigin uint32 - SuffixOrigin uint32 - ValidLifetime uint32 - PreferredLifetime uint32 - OnLinkPrefixLength uint8 - SkipAsSource uint8 - DadState uint32 - ScopeId uint32 - CreationTimeStamp Filetime -} - -const ScopeLevelCount = 16 - -// MIB_IPINTERFACE_ROW stores interface management information for a particular IP address family on a network interface. -// See https://learn.microsoft.com/en-us/windows/win32/api/netioapi/ns-netioapi-mib_ipinterface_row. -type MibIpInterfaceRow struct { - Family uint16 - InterfaceLuid uint64 - InterfaceIndex uint32 - MaxReassemblySize uint32 - InterfaceIdentifier uint64 - MinRouterAdvertisementInterval uint32 - MaxRouterAdvertisementInterval uint32 - AdvertisingEnabled uint8 - ForwardingEnabled uint8 - WeakHostSend uint8 - WeakHostReceive uint8 - UseAutomaticMetric uint8 - UseNeighborUnreachabilityDetection uint8 - ManagedAddressConfigurationSupported uint8 - OtherStatefulConfigurationSupported uint8 - AdvertiseDefaultRoute uint8 - RouterDiscoveryBehavior uint32 - DadTransmits uint32 - BaseReachableTime uint32 - RetransmitTime uint32 - PathMtuDiscoveryTimeout uint32 - LinkLocalAddressBehavior uint32 - LinkLocalAddressTimeout uint32 - ZoneIndices [ScopeLevelCount]uint32 - SitePrefixLength uint32 - Metric uint32 - NlMtu uint32 - Connected uint8 - SupportsWakeUpPatterns uint8 - SupportsNeighborDiscovery uint8 - SupportsRouterDiscovery uint8 - ReachableTime uint32 - TransmitOffload uint32 - ReceiveOffload uint32 - DisableDefaultRoutes uint8 -} - // Console related constants used for the mode parameter to SetConsoleMode. See // https://docs.microsoft.com/en-us/windows/console/setconsolemode for details. diff --git a/vendor/golang.org/x/sys/windows/zsyscall_windows.go b/vendor/golang.org/x/sys/windows/zsyscall_windows.go index 6f5252880..4c2e1bdc0 100644 --- a/vendor/golang.org/x/sys/windows/zsyscall_windows.go +++ b/vendor/golang.org/x/sys/windows/zsyscall_windows.go @@ -181,15 +181,10 @@ var ( procDnsRecordListFree = moddnsapi.NewProc("DnsRecordListFree") procDwmGetWindowAttribute = moddwmapi.NewProc("DwmGetWindowAttribute") procDwmSetWindowAttribute = moddwmapi.NewProc("DwmSetWindowAttribute") - procCancelMibChangeNotify2 = modiphlpapi.NewProc("CancelMibChangeNotify2") procGetAdaptersAddresses = modiphlpapi.NewProc("GetAdaptersAddresses") procGetAdaptersInfo = modiphlpapi.NewProc("GetAdaptersInfo") procGetBestInterfaceEx = modiphlpapi.NewProc("GetBestInterfaceEx") procGetIfEntry = modiphlpapi.NewProc("GetIfEntry") - procGetIfEntry2Ex = modiphlpapi.NewProc("GetIfEntry2Ex") - procGetUnicastIpAddressEntry = modiphlpapi.NewProc("GetUnicastIpAddressEntry") - procNotifyIpInterfaceChange = modiphlpapi.NewProc("NotifyIpInterfaceChange") - procNotifyUnicastIpAddressChange = modiphlpapi.NewProc("NotifyUnicastIpAddressChange") procAddDllDirectory = modkernel32.NewProc("AddDllDirectory") procAssignProcessToJobObject = modkernel32.NewProc("AssignProcessToJobObject") procCancelIo = modkernel32.NewProc("CancelIo") @@ -1611,14 +1606,6 @@ func DwmSetWindowAttribute(hwnd HWND, attribute uint32, value unsafe.Pointer, si return } -func CancelMibChangeNotify2(notificationHandle Handle) (errcode error) { - r0, _, _ := syscall.SyscallN(procCancelMibChangeNotify2.Addr(), uintptr(notificationHandle)) - if r0 != 0 { - errcode = syscall.Errno(r0) - } - return -} - func GetAdaptersAddresses(family uint32, flags uint32, reserved uintptr, adapterAddresses *IpAdapterAddresses, sizePointer *uint32) (errcode error) { r0, _, _ := syscall.Syscall6(procGetAdaptersAddresses.Addr(), 5, uintptr(family), uintptr(flags), uintptr(reserved), uintptr(unsafe.Pointer(adapterAddresses)), uintptr(unsafe.Pointer(sizePointer)), 0) if r0 != 0 { @@ -1651,46 +1638,6 @@ func GetIfEntry(pIfRow *MibIfRow) (errcode error) { return } -func GetIfEntry2Ex(level uint32, row *MibIfRow2) (errcode error) { - r0, _, _ := syscall.SyscallN(procGetIfEntry2Ex.Addr(), uintptr(level), uintptr(unsafe.Pointer(row))) - if r0 != 0 { - errcode = syscall.Errno(r0) - } - return -} - -func GetUnicastIpAddressEntry(row *MibUnicastIpAddressRow) (errcode error) { - r0, _, _ := syscall.SyscallN(procGetUnicastIpAddressEntry.Addr(), uintptr(unsafe.Pointer(row))) - if r0 != 0 { - errcode = syscall.Errno(r0) - } - return -} - -func NotifyIpInterfaceChange(family uint16, callback uintptr, callerContext unsafe.Pointer, initialNotification bool, notificationHandle *Handle) (errcode error) { - var _p0 uint32 - if initialNotification { - _p0 = 1 - } - r0, _, _ := syscall.SyscallN(procNotifyIpInterfaceChange.Addr(), uintptr(family), uintptr(callback), uintptr(callerContext), uintptr(_p0), uintptr(unsafe.Pointer(notificationHandle))) - if r0 != 0 { - errcode = syscall.Errno(r0) - } - return -} - -func NotifyUnicastIpAddressChange(family uint16, callback uintptr, callerContext unsafe.Pointer, initialNotification bool, notificationHandle *Handle) (errcode error) { - var _p0 uint32 - if initialNotification { - _p0 = 1 - } - r0, _, _ := syscall.SyscallN(procNotifyUnicastIpAddressChange.Addr(), uintptr(family), uintptr(callback), uintptr(callerContext), uintptr(_p0), uintptr(unsafe.Pointer(notificationHandle))) - if r0 != 0 { - errcode = syscall.Errno(r0) - } - return -} - func AddDllDirectory(path *uint16) (cookie uintptr, err error) { r0, _, e1 := syscall.Syscall(procAddDllDirectory.Addr(), 1, uintptr(unsafe.Pointer(path)), 0, 0) cookie = uintptr(r0) diff --git a/vendor/golang.org/x/term/README.md b/vendor/golang.org/x/term/README.md index 05ff623f9..d03d0aefe 100644 --- a/vendor/golang.org/x/term/README.md +++ b/vendor/golang.org/x/term/README.md @@ -4,13 +4,16 @@ This repository provides Go terminal and console support packages. +## Download/Install + +The easiest way to install is to run `go get -u golang.org/x/term`. You can +also manually git clone the repository to `$GOPATH/src/golang.org/x/term`. + ## Report Issues / Send Patches This repository uses Gerrit for code changes. To learn how to submit changes to -this repository, see https://go.dev/doc/contribute. - -The git repository is https://go.googlesource.com/term. +this repository, see https://golang.org/doc/contribute.html. The main issue tracker for the term repository is located at -https://go.dev/issues. Prefix your issue with "x/term:" in the +https://github.com/golang/go/issues. Prefix your issue with "x/term:" in the subject line, so it is easy to find. diff --git a/vendor/modules.txt b/vendor/modules.txt index 9dc5df17a..09f8d16a7 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -130,7 +130,7 @@ github.com/munnerz/goautoneg # github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f ## explicit github.com/mwitkow/go-conntrack -# github.com/onsi/ginkgo/v2 v2.21.0 => github.com/openshift/onsi-ginkgo/v2 v2.6.1-0.20241205171354-8006f302fd12 +# github.com/onsi/ginkgo/v2 v2.21.0 ## explicit; go 1.22.0 github.com/onsi/ginkgo/v2 github.com/onsi/ginkgo/v2/config @@ -164,7 +164,7 @@ github.com/onsi/gomega/matchers/support/goraph/edge github.com/onsi/gomega/matchers/support/goraph/node github.com/onsi/gomega/matchers/support/goraph/util github.com/onsi/gomega/types -# github.com/openshift-eng/openshift-tests-extension v0.0.0-20250220212757-b9c4d98a0c45 +# github.com/openshift-eng/openshift-tests-extension v0.0.0-20250522124649-4ffcd156ec7c ## explicit; go 1.23.0 github.com/openshift-eng/openshift-tests-extension/pkg/cmd github.com/openshift-eng/openshift-tests-extension/pkg/cmd/cmdimages @@ -179,7 +179,7 @@ github.com/openshift-eng/openshift-tests-extension/pkg/flags github.com/openshift-eng/openshift-tests-extension/pkg/ginkgo github.com/openshift-eng/openshift-tests-extension/pkg/util/sets github.com/openshift-eng/openshift-tests-extension/pkg/version -# github.com/openshift/api v0.0.0-20250207102212-9e59a77ed2e0 +# github.com/openshift/api v0.0.0-20250320170726-75d64d71980b ## explicit; go 1.23.0 github.com/openshift/api/config github.com/openshift/api/config/v1 @@ -193,7 +193,7 @@ github.com/openshift/api/operator/v1 github.com/openshift/api/operator/v1alpha1 github.com/openshift/api/operator/v1alpha1/zz_generated.crd-manifests github.com/openshift/api/security/v1 -# github.com/openshift/client-go v0.0.0-20250131180035-f7ec47e2d87a +# github.com/openshift/client-go v0.0.0-20250125113824-8e1f0b8fa9a7 ## explicit; go 1.23.0 github.com/openshift/client-go/config/applyconfigurations github.com/openshift/client-go/config/applyconfigurations/config/v1 @@ -243,7 +243,7 @@ github.com/openshift/client-go/security/clientset/versioned/fake github.com/openshift/client-go/security/clientset/versioned/scheme github.com/openshift/client-go/security/clientset/versioned/typed/security/v1 github.com/openshift/client-go/security/clientset/versioned/typed/security/v1/fake -# github.com/openshift/library-go v0.0.0-20250203131244-80620876b7c2 +# github.com/openshift/library-go v0.0.0-20231017173800-126f85ed0cc7 => github.com/liouk/library-go v0.0.0-20250521100733-a5d70f15df7a ## explicit; go 1.23.0 github.com/openshift/library-go/pkg/apiserver/jsonpatch github.com/openshift/library-go/pkg/config/clusterstatus @@ -326,7 +326,7 @@ go.opentelemetry.io/otel/internal/attribute ## explicit; go 1.21 go.opentelemetry.io/otel/trace go.opentelemetry.io/otel/trace/embedded -# golang.org/x/crypto v0.29.0 +# golang.org/x/crypto v0.28.0 ## explicit; go 1.20 golang.org/x/crypto/cast5 golang.org/x/crypto/openpgp @@ -339,7 +339,7 @@ golang.org/x/crypto/openpgp/s2k ## explicit; go 1.20 golang.org/x/exp/constraints golang.org/x/exp/slices -# golang.org/x/net v0.31.0 +# golang.org/x/net v0.30.0 ## explicit; go 1.18 golang.org/x/net/context golang.org/x/net/html @@ -357,15 +357,15 @@ golang.org/x/net/trace golang.org/x/oauth2 golang.org/x/oauth2/clientcredentials golang.org/x/oauth2/internal -# golang.org/x/sys v0.27.0 +# golang.org/x/sys v0.26.0 ## explicit; go 1.18 golang.org/x/sys/plan9 golang.org/x/sys/unix golang.org/x/sys/windows -# golang.org/x/term v0.26.0 +# golang.org/x/term v0.25.0 ## explicit; go 1.18 golang.org/x/term -# golang.org/x/text v0.20.0 +# golang.org/x/text v0.19.0 ## explicit; go 1.18 golang.org/x/text/encoding golang.org/x/text/encoding/charmap @@ -984,4 +984,4 @@ sigs.k8s.io/structured-merge-diff/v4/value ## explicit; go 1.12 sigs.k8s.io/yaml sigs.k8s.io/yaml/goyaml.v2 -# github.com/onsi/ginkgo/v2 => github.com/openshift/onsi-ginkgo/v2 v2.6.1-0.20241205171354-8006f302fd12 +# github.com/openshift/library-go => github.com/liouk/library-go v0.0.0-20250521100733-a5d70f15df7a