Add add-crd-gen line to Makefile, regenerate console extension CRDs

Makefile

@@ -36,6 +36,8 @@ clean:
 CRD_SCHEMA_GEN_APIS := $(shell echo ./vendor/github.com/openshift/api/{authorization/v1,config/v1,quota/v1,security/v1,operator/v1alpha1,console/v1})
 CRD_SCHEMA_GEN_VERSION :=v0.2.1
 
+$(call add-crd-gen,manifests,$(CRD_SCHEMA_GEN_APIS),./manifests,./manifests)
+
 update-codegen: update-codegen-crds
 .PHONY: update-codegen
 

manifests/0000_10_config-operator_01_apiserver.crd.yaml

@@ -132,5 +132,78 @@ spec:
                             description: name is the metadata.name of the referenced
                               secret
                             type: string
+            tlsSecurityProfile:
+              description: "tlsSecurityProfile specifies settings for TLS connections
+                for externally exposed servers. \n If unset, a default (which may
+                change between releases) is chosen."
+              type: object
+              properties:
+                custom:
+                  description: "custom is a user-defined TLS security profile. Be
+                    extremely careful using a custom profile as invalid configurations
+                    can be catastrophic. An example custom profile looks like this:
+                    \n   ciphers:     - ECDHE-ECDSA-CHACHA20-POLY1305     - ECDHE-RSA-CHACHA20-POLY1305
+                    \    - ECDHE-RSA-AES128-GCM-SHA256     - ECDHE-ECDSA-AES128-GCM-SHA256
+                    \  minTLSVersion: TLSv1.1"
+                  type: object
+                  properties:
+                    ciphers:
+                      description: "ciphers is used to specify the cipher algorithms
+                        that are negotiated during the TLS handshake.  Operators may
+                        remove entries their operands do not support.  For example,
+                        to use DES-CBC3-SHA  (yaml): \n   ciphers:     - DES-CBC3-SHA"
+                      type: array
+                      items:
+                        type: string
+                    minTLSVersion:
+                      description: "minTLSVersion is used to specify the minimal version
+                        of the TLS protocol that is negotiated during the TLS handshake.
+                        For example, to use TLS versions 1.1, 1.2 and 1.3 (yaml):
+                        \n   minTLSVersion: TLSv1.1"
+                      type: string
+                  nullable: true
+                intermediate:
+                  description: "intermediate is a TLS security profile based on: \n
+                    https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29
+                    \n and looks like this (yaml): \n   ciphers:     - TLS_AES_128_GCM_SHA256
+                    \    - TLS_AES_256_GCM_SHA384     - TLS_CHACHA20_POLY1305_SHA256
+                    \    - ECDHE-ECDSA-AES128-GCM-SHA256     - ECDHE-RSA-AES128-GCM-SHA256
+                    \    - ECDHE-ECDSA-AES256-GCM-SHA384     - ECDHE-RSA-AES256-GCM-SHA384
+                    \    - ECDHE-ECDSA-CHACHA20-POLY1305     - ECDHE-RSA-CHACHA20-POLY1305
+                    \  minTLSVersion: TLSv1.2"
+                  type: object
+                  nullable: true
+                modern:
+                  description: "modern is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility
+                    \n and looks like this (yaml): \n   ciphers:     - TLS_AES_128_GCM_SHA256
+                    \    - TLS_AES_256_GCM_SHA384     - TLS_CHACHA20_POLY1305_SHA256
+                    \  minTLSVersion: TLSv1.3"
+                  type: object
+                  nullable: true
+                old:
+                  description: "old is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility
+                    \n and looks like this (yaml): \n   ciphers:     - TLS_AES_128_GCM_SHA256
+                    \    - TLS_AES_256_GCM_SHA384     - TLS_CHACHA20_POLY1305_SHA256
+                    \    - ECDHE-ECDSA-AES128-GCM-SHA256     - ECDHE-RSA-AES128-GCM-SHA256
+                    \    - ECDHE-ECDSA-AES256-GCM-SHA384     - ECDHE-RSA-AES256-GCM-SHA384
+                    \    - ECDHE-ECDSA-CHACHA20-POLY1305     - ECDHE-RSA-CHACHA20-POLY1305
+                    \    - ECDHE-ECDSA-AES128-SHA256     - ECDHE-RSA-AES128-SHA256
+                    \    - ECDHE-ECDSA-AES128-SHA     - ECDHE-RSA-AES128-SHA     -
+                    ECDHE-RSA-AES256-SHA384     - ECDHE-ECDSA-AES256-SHA     - ECDHE-RSA-AES256-SHA
+                    \    - AES128-GCM-SHA256     - AES256-GCM-SHA384     - AES128-SHA256
+                    \    - AES128-SHA     - AES256-SHA     - DES-CBC3-SHA   minTLSVersion:
+                    TLSv1.0"
+                  type: object
+                  nullable: true
+                type:
+                  description: "type is one of Old, Intermediate, Modern or Custom.
+                    Custom provides the ability to specify individual TLS security
+                    profile parameters. Old, Intermediate and Modern are TLS security
+                    profiles based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations
+                    \n The profiles are intent based, so they may change over time
+                    as new ciphers are developed and existing ciphers are found to
+                    be insecure.  Depending on precisely which ciphers are available
+                    to a process, the list may be reduced."
+                  type: string
         status:
           type: object

manifests/0000_10_config-operator_01_consoleclidownload.crd.yaml

@@ -71,17 +71,15 @@ spec:
                 details.
               type: array
               items:
-                description: Represents a standard link that could be generated in
-                  HTML
                 type: object
                 required:
                 - href
-                - text
                 properties:
                   href:
                     description: href is the absolute secure URL for the link (must
                       use https)
                     type: string
+                    pattern: ^https://([\w-]+.)+[\w-]+(/[\w- ./?%&=])?$
                   text:
                     description: text is the display text for the link
                     type: string

manifests/0000_10_config-operator_01_consoleexternalloglink.crd.yaml

@@ -69,10 +69,12 @@ spec:
                 UID of the resource which contains the logs               - e.g. `11111111-2222-3333-4444-555555555555`
                 - ${containerName} - name of the resource's container that contains
                 the logs - ${resourceNamespace} - namespace of the resource that contains
-                the logs - ${podLabels} - JSON representation of labels matching the
-                pod with the logs             - e.g. `{\"key1\":\"value1\",\"key2\":\"value2\"}`
+                the logs - ${resourceNamespaceUID} - namespace UID of the resource
+                that contains the logs - ${podLabels} - JSON representation of labels
+                matching the pod with the logs             - e.g. `{\"key1\":\"value1\",\"key2\":\"value2\"}`
                 \n e.g., https://example.com/logs?resourceName=${resourceName}&containerName=${containerName}&resourceNamespace=${resourceNamespace}&podLabels=${podLabels}"
               type: string
+              pattern: ^https://
             namespaceFilter:
               description: namespaceFilter is a regular expression used to restrict
                 a log link to a matching set of namespaces (e.g., `^openshift-`).

manifests/0000_10_config-operator_01_consolelink.crd.yaml

@@ -77,16 +77,21 @@ spec:
                   type: string
                 section:
                   description: section is the section of the application menu in which
-                    the link should appear.
+                    the link should appear. This can be any text that will appear
+                    as a subheading in the application menu dropdown. A new section
+                    will be created if the text does not match text of an existing
+                    section.
                   type: string
             href:
               description: href is the absolute secure URL for the link (must use
                 https)
               type: string
+              pattern: ^https://([\w-]+.)+[\w-]+(/[\w- ./?%&=])?$
             location:
               description: location determines which location in the console the link
-                will be appended to.
+                will be appended to (ApplicationMenu, HelpMenu, UserMenu, NamespaceDashboard).
               type: string
+              pattern: ^(ApplicationMenu|HelpMenu|UserMenu|NamespaceDashboard)$
             namespaceDashboard:
               description: namespaceDashboard holds information about namespaces in
                 which the dashboard link should appear, and it is applicable only

manifests/0000_10_config-operator_01_consolenotification.crd.yaml

@@ -76,12 +76,14 @@ spec:
                   description: href is the absolute secure URL for the link (must
                     use https)
                   type: string
+                  pattern: ^https://([\w-]+.)+[\w-]+(/[\w- ./?%&=])?$
                 text:
                   description: text is the display text for the link
                   type: string
             location:
               description: location is the location of the notification in the console.
               type: string
+              pattern: ^(BannerTop|BannerBottom|BannerTopBottom)$
             text:
               description: text is the visible text of the notification.
               type: string

manifests/0000_10_config-operator_01_infrastructure.crd.yaml

@@ -101,6 +101,11 @@ spec:
                     provider.
                   type: object
                   properties:
+                    networkResourceGroupName:
+                      description: networkResourceGroupName is the Resource Group
+                        for network resources like the Virtual Network and Subnets
+                        used by the cluster. If empty, the value is same as ResourceGroupName.
+                      type: string
                     resourceGroupName:
                       description: resourceGroupName is the Resource Group for new
                         Azure resources created for the cluster.
@@ -176,6 +181,33 @@ spec:
                         a DNS service is hosted as a static pod to serve those hostnames
                         to the nodes in the cluster.
                       type: string
+                ovirt:
+                  description: Ovirt contains settings specific to the oVirt infrastructure
+                    provider.
+                  type: object
+                  properties:
+                    apiServerInternalIP:
+                      description: apiServerInternalIP is an IP address to contact
+                        the Kubernetes API server that can be used by components inside
+                        the cluster, like kubelets using the infrastructure rather
+                        than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI
+                        points to. It is the IP for a self-hosted load balancer in
+                        front of the API servers.
+                      type: string
+                    ingressIP:
+                      description: ingressIP is an external IP which routes to the
+                        default ingress controller. The IP is a suitable target of
+                        a wildcard DNS record used to resolve default route host names.
+                      type: string
+                    nodeDNSIP:
+                      description: nodeDNSIP is the IP address for the internal DNS
+                        used by the nodes. Unlike the one managed by the DNS operator,
+                        `NodeDNSIP` provides name resolution for the nodes themselves.
+                        There is no DNS-as-a-service for oVirt deployments. In order
+                        to minimize necessary changes to the datacenter DNS, a DNS
+                        service is hosted as a static pod to serve those hostnames
+                        to the nodes in the cluster.
+                      type: string
                 type:
                   description: type is the underlying infrastructure provider for
                     the cluster. This value controls whether infrastructure automation