From 5d1c91f8e4a4634c7dddf0115146cfa7b185ec1c Mon Sep 17 00:00:00 2001 From: "Dr. Stefan Schimanski" Date: Mon, 28 Oct 2019 11:22:05 +0100 Subject: [PATCH 1/2] Dockerfile: copy CRDs from openshift/api --- Dockerfile | 2 + Dockerfile.rhel7 | 2 + Gopkg.toml | 4 + hack/test-prerequisites.go | 4 +- ...rsion-operator_01_clusteroperator.crd.yaml | 531 ------------- ...ersion-operator_01_clusterversion.crd.yaml | 697 ------------------ 6 files changed, 10 insertions(+), 1230 deletions(-) delete mode 100644 install/0000_00_cluster-version-operator_01_clusteroperator.crd.yaml delete mode 100644 install/0000_00_cluster-version-operator_01_clusterversion.crd.yaml diff --git a/Dockerfile b/Dockerfile index a5a6f3d9b6..f954d81d00 100644 --- a/Dockerfile +++ b/Dockerfile @@ -6,5 +6,7 @@ RUN hack/build-go.sh FROM registry.svc.ci.openshift.org/openshift/origin-v4.0:base COPY --from=builder /go/src/github.com/openshift/cluster-version-operator/_output/linux/amd64/cluster-version-operator /usr/bin/ COPY install /manifests +COPY vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusterversion.crd.yaml /manifests/ +COPY vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusteroperator.crd.yaml /manifests/ COPY bootstrap /bootstrap ENTRYPOINT ["/usr/bin/cluster-version-operator"] diff --git a/Dockerfile.rhel7 b/Dockerfile.rhel7 index 025c876f91..fc243461d0 100644 --- a/Dockerfile.rhel7 +++ b/Dockerfile.rhel7 @@ -8,5 +8,7 @@ RUN hack/build-go.sh; \ FROM registry.svc.ci.openshift.org/ocp/4.0:base COPY --from=builder /tmp/build/cluster-version-operator /usr/bin/ COPY install /manifests +COPY vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusterversion.crd.yaml /manifests/ +COPY vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusteroperator.crd.yaml /manifests/ COPY bootstrap /bootstrap ENTRYPOINT ["/usr/bin/cluster-version-operator"] diff --git a/Gopkg.toml b/Gopkg.toml index af604f825a..d91c5e4476 100644 --- a/Gopkg.toml +++ b/Gopkg.toml @@ -20,6 +20,10 @@ required = [ "k8s.io/code-generator/cmd/client-gen", "k8s.io/gengo/types" ] non-go = false unused-packages = false +[[prune.project]] + name = "github.com/openshift/api" + non-go = false + [[constraint]] name = "github.com/google/uuid" version = "v1.1.1" diff --git a/hack/test-prerequisites.go b/hack/test-prerequisites.go index e158333cc8..ef93612c77 100644 --- a/hack/test-prerequisites.go +++ b/hack/test-prerequisites.go @@ -24,8 +24,8 @@ func main() { client := apiext.NewForConfigOrDie(cfg) for _, path := range []string{ - "install/0000_00_cluster-version-operator_01_clusterversion.crd.yaml", - "install/0000_00_cluster-version-operator_01_clusteroperator.crd.yaml", + "vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusterversion.crd.yaml", + "vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusteroperator.crd.yaml", } { var name string err := wait.PollImmediate(time.Second, 30*time.Second, func() (bool, error) { diff --git a/install/0000_00_cluster-version-operator_01_clusteroperator.crd.yaml b/install/0000_00_cluster-version-operator_01_clusteroperator.crd.yaml deleted file mode 100644 index 1a06c8e2b7..0000000000 --- a/install/0000_00_cluster-version-operator_01_clusteroperator.crd.yaml +++ /dev/null @@ -1,531 +0,0 @@ -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: clusteroperators.config.openshift.io -spec: - additionalPrinterColumns: - - JSONPath: .status.versions[?(@.name=="operator")].version - description: The version the operator is at. - name: Version - type: string - - JSONPath: .status.conditions[?(@.type=="Available")].status - description: Whether the operator is running and stable. - name: Available - type: string - - JSONPath: .status.conditions[?(@.type=="Progressing")].status - description: Whether the operator is processing changes. - name: Progressing - type: string - - JSONPath: .status.conditions[?(@.type=="Degraded")].status - description: Whether the operator is degraded. - name: Degraded - type: string - - JSONPath: .status.conditions[?(@.type=="Available")].lastTransitionTime - description: The time the operator's Available status last changed. - name: Since - type: date - group: config.openshift.io - names: - kind: ClusterOperator - listKind: ClusterOperatorList - plural: clusteroperators - singular: clusteroperator - shortNames: - - co - scope: Cluster - subresources: - status: {} - version: v1 - versions: - - name: v1 - served: true - storage: true - validation: - openAPIV3Schema: - description: ClusterOperator is the Custom Resource object which holds the current - state of an operator. This object is used by operators to convey their state - to the rest of the cluster. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - description: ObjectMeta is metadata that all persisted resources must have, - which includes all objects users must create. - properties: - annotations: - additionalProperties: - type: string - description: 'Annotations is an unstructured key value map stored with - a resource that may be set by external tools to store and retrieve - arbitrary metadata. They are not queryable and should be preserved - when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - clusterName: - description: The name of the cluster which the object belongs to. This - is used to distinguish resources with same name and namespace in different - clusters. This field is not set anywhere right now and apiserver is - going to ignore it if set in create or update request. - type: string - creationTimestamp: - description: "CreationTimestamp is a timestamp representing the server - time when this object was created. It is not guaranteed to be set - in happens-before order across separate operations. Clients may not - set this value. It is represented in RFC3339 form and is in UTC. \n - Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata" - format: date-time - type: string - deletionGracePeriodSeconds: - description: Number of seconds allowed for this object to gracefully - terminate before it will be removed from the system. Only set when - deletionTimestamp is also set. May only be shortened. Read-only. - format: int64 - type: integer - deletionTimestamp: - description: "DeletionTimestamp is RFC 3339 date and time at which this - resource will be deleted. This field is set by the server when a graceful - deletion is requested by the user, and is not directly settable by - a client. The resource is expected to be deleted (no longer visible - from resource lists, and not reachable by name) after the time in - this field, once the finalizers list is empty. As long as the finalizers - list contains items, deletion is blocked. Once the deletionTimestamp - is set, this value may not be unset or be set further into the future, - although it may be shortened or the resource may be deleted prior - to this time. For example, a user may request that a pod is deleted - in 30 seconds. The Kubelet will react by sending a graceful termination - signal to the containers in the pod. After that 30 seconds, the Kubelet - will send a hard termination signal (SIGKILL) to the container and - after cleanup, remove the pod from the API. In the presence of network - partitions, this object may still exist after this timestamp, until - an administrator or automated process can determine the resource is - fully terminated. If not set, graceful deletion of the object has - not been requested. \n Populated by the system when a graceful deletion - is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata" - format: date-time - type: string - finalizers: - description: Must be empty before the object is deleted from the registry. - Each entry is an identifier for the responsible component that will - remove the entry from the list. If the deletionTimestamp of the object - is non-nil, entries in this list can only be removed. - items: - type: string - type: array - generateName: - description: "GenerateName is an optional prefix, used by the server, - to generate a unique name ONLY IF the Name field has not been provided. - If this field is used, the name returned to the client will be different - than the name passed. This value will also be combined with a unique - suffix. The provided value has the same validation rules as the Name - field, and may be truncated by the length of the suffix required to - make the value unique on the server. \n If this field is specified - and the generated name exists, the server will NOT return a 409 - - instead, it will either return 201 Created or 500 with Reason ServerTimeout - indicating a unique name could not be found in the time allotted, - and the client should retry (optionally after the time indicated in - the Retry-After header). \n Applied only if Name is not specified. - More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#idempotency" - type: string - generation: - description: A sequence number representing a specific generation of - the desired state. Populated by the system. Read-only. - format: int64 - type: integer - initializers: - description: "An initializer is a controller which enforces some system - invariant at object creation time. This field is a list of initializers - that have not yet acted on this object. If nil or empty, this object - has been completely initialized. Otherwise, the object is considered - uninitialized and is hidden (in list/watch and get calls) from clients - that haven't explicitly asked to observe uninitialized objects. \n - When an object is created, the system will populate this list with - the current set of initializers. Only privileged users may set or - modify this list. Once it is empty, it may not be modified further - by any user. \n DEPRECATED - initializers are an alpha field and will - be removed in v1.15." - properties: - pending: - description: Pending is a list of initializers that must execute - in order before this object is visible. When the last pending - initializer is removed, and no failing result is set, the initializers - struct will be set to nil and the object is considered as initialized - and visible to all clients. - items: - description: Initializer is information about an initializer that - has not yet completed. - properties: - name: - description: name of the process that is responsible for initializing - this object. - type: string - required: - - name - type: object - type: array - result: - description: If result is set with the Failure field, the object - will be persisted to storage and then deleted, ensuring that other - clients can observe the deletion. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this - representation of an object. Servers should convert recognized - schemas to the latest internal value, and may reject unrecognized - values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - code: - description: Suggested HTTP return code for this status, 0 if - not set. - format: int32 - type: integer - details: - description: Extended data associated with the reason. Each - reason may define its own extended details. This field is - optional and the data returned is not guaranteed to conform - to any schema except that defined by the reason type. - properties: - causes: - description: The Causes array includes more details associated - with the StatusReason failure. Not all StatusReasons may - provide detailed causes. - items: - description: StatusCause provides more information about - an api.Status failure, including cases when multiple - errors are encountered. - properties: - field: - description: "The field of the resource that has caused - this error, as named by its JSON serialization. - May include dot and postfix notation for nested - attributes. Arrays are zero-indexed. Fields may - appear more than once in an array of causes due - to fields having multiple errors. Optional. \n Examples: - \ \"name\" - the field \"name\" on the current - resource \"items[0].name\" - the field \"name\" - on the first array entry in \"items\"" - type: string - message: - description: A human-readable description of the cause - of the error. This field may be presented as-is - to a reader. - type: string - reason: - description: A machine-readable description of the - cause of the error. If this value is empty there - is no information available. - type: string - type: object - type: array - group: - description: The group attribute of the resource associated - with the status StatusReason. - type: string - kind: - description: 'The kind attribute of the resource associated - with the status StatusReason. On some operations may differ - from the requested resource Kind. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - name: - description: The name attribute of the resource associated - with the status StatusReason (when there is a single name - which can be described). - type: string - retryAfterSeconds: - description: If specified, the time in seconds before the - operation should be retried. Some errors may indicate - the client must take an alternate action - for those errors - this field may indicate how long to wait before taking - the alternate action. - format: int32 - type: integer - uid: - description: 'UID of the resource. (when there is a single - resource which can be described). More info: http://kubernetes.io/docs/user-guide/identifiers#uids' - type: string - type: object - kind: - description: 'Kind is a string value representing the REST resource - this object represents. Servers may infer this from the endpoint - the client submits requests to. Cannot be updated. In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - message: - description: A human-readable description of the status of this - operation. - type: string - metadata: - description: 'Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - properties: - continue: - description: continue may be set if the user set a limit - on the number of items returned, and indicates that the - server has more data available. The value is opaque and - may be used to issue another request to the endpoint that - served this list to retrieve the next set of available - objects. Continuing a consistent list may not be possible - if the server configuration has changed or more than a - few minutes have passed. The resourceVersion field returned - when using this continue value will be identical to the - value in the first response, unless you have received - this token from an error message. - type: string - resourceVersion: - description: 'String that identifies the server''s internal - version of this object that can be used by clients to - determine when objects have changed. Value must be treated - as opaque by clients and passed unmodified back to the - server. Populated by the system. Read-only. More info: - https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency' - type: string - selfLink: - description: selfLink is a URL representing this object. - Populated by the system. Read-only. - type: string - type: object - reason: - description: A machine-readable description of why this operation - is in the "Failure" status. If this value is empty there is - no information available. A Reason clarifies an HTTP status - code but does not override it. - type: string - status: - description: 'Status of the operation. One of: "Success" or - "Failure". More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status' - type: string - type: object - required: - - pending - type: object - labels: - additionalProperties: - type: string - description: 'Map of string keys and values that can be used to organize - and categorize (scope and select) objects. May match selectors of - replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' - type: object - managedFields: - description: "ManagedFields maps workflow-id and version to the set - of fields that are managed by that workflow. This is mostly for internal - housekeeping, and users typically shouldn't need to set or understand - this field. A workflow can be the user's name, a controller's name, - or the name of a specific apply path like \"ci-cd\". The set of fields - is always in the version that the workflow used when modifying the - object. \n This field is alpha and can be changed or removed without - notice." - items: - description: ManagedFieldsEntry is a workflow-id, a FieldSet and the - group version of the resource that the fieldset applies to. - properties: - apiVersion: - description: APIVersion defines the version of this resource that - this field set applies to. The format is "group/version" just - like the top-level APIVersion field. It is necessary to track - the version of a field set because it cannot be automatically - converted. - type: string - fields: - additionalProperties: true - description: Fields identifies a set of fields. - type: object - manager: - description: Manager is an identifier of the workflow managing - these fields. - type: string - operation: - description: Operation is the type of operation which lead to - this ManagedFieldsEntry being created. The only valid values - for this field are 'Apply' and 'Update'. - type: string - time: - description: Time is timestamp of when these fields were set. - It should always be empty if Operation is 'Apply' - format: date-time - type: string - type: object - type: array - name: - description: 'Name must be unique within a namespace. Is required when - creating resources, although some resources may allow a client to - request the generation of an appropriate name automatically. Name - is primarily intended for creation idempotence and configuration definition. - Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' - type: string - namespace: - description: "Namespace defines the space within each name must be unique. - An empty namespace is equivalent to the \"default\" namespace, but - \"default\" is the canonical representation. Not all objects are required - to be scoped to a namespace - the value of this field for those objects - will be empty. \n Must be a DNS_LABEL. Cannot be updated. More info: - http://kubernetes.io/docs/user-guide/namespaces" - type: string - ownerReferences: - description: List of objects depended by this object. If ALL objects - in the list have been deleted, this object will be garbage collected. - If this object is managed by a controller, then an entry in this list - will point to this controller, with the controller field set to true. - There cannot be more than one managing controller. - items: - description: OwnerReference contains enough information to let you - identify an owning object. An owning object must be in the same - namespace as the dependent, or be cluster-scoped, so there is no - namespace field. - properties: - apiVersion: - description: API version of the referent. - type: string - blockOwnerDeletion: - description: If true, AND if the owner has the "foregroundDeletion" - finalizer, then the owner cannot be deleted from the key-value - store until this reference is removed. Defaults to false. To - set this field, a user needs "delete" permission of the owner, - otherwise 422 (Unprocessable Entity) will be returned. - type: boolean - controller: - description: If true, this reference points to the managing controller. - type: boolean - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names' - type: string - uid: - description: 'UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids' - type: string - required: - - apiVersion - - kind - - name - - uid - type: object - type: array - resourceVersion: - description: "An opaque value that represents the internal version of - this object that can be used by clients to determine when objects - have changed. May be used for optimistic concurrency, change detection, - and the watch operation on a resource or set of resources. Clients - must treat these values as opaque and passed unmodified back to the - server. They may only be valid for a particular resource or set of - resources. \n Populated by the system. Read-only. Value must be treated - as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency" - type: string - selfLink: - description: SelfLink is a URL representing this object. Populated by - the system. Read-only. - type: string - uid: - description: "UID is the unique in time and space value for this object. - It is typically generated by the server on successful creation of - a resource and is not allowed to change on PUT operations. \n Populated - by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids" - type: string - type: object - spec: - description: spec hold the intent of how this operator should behave. - type: object - status: - description: status holds the information about the state of an operator. It - is consistent with status information across the kube ecosystem. - properties: - conditions: - description: conditions describes the state of the operator's reconciliation - functionality. - items: - description: ClusterOperatorStatusCondition represents the state of - the operator's reconciliation functionality. - properties: - lastTransitionTime: - description: lastTransitionTime is the time of the last update - to the current status object. - format: date-time - type: string - message: - description: message provides additional information about the - current condition. This is only to be consumed by humans. - type: string - reason: - description: reason is the reason for the condition's last transition. Reasons - are CamelCase - type: string - status: - description: status of the condition, one of True, False, Unknown. - type: string - type: - description: type specifies the state of the operator's reconciliation - functionality. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - extension: - description: extension contains any additional status information specific - to the operator which owns this status object. - nullable: true - type: object - relatedObjects: - description: 'relatedObjects is a list of objects that are "interesting" - or related to this operator. Common uses are: 1. the detailed resource - driving the operator 2. operator namespaces 3. operand namespaces' - items: - description: ObjectReference contains enough information to let you - inspect or modify the referred object. - properties: - group: - description: group of the referent. - type: string - name: - description: name of the referent. - type: string - namespace: - description: namespace of the referent. - type: string - resource: - description: resource of the referent. - type: string - required: - - group - - name - - resource - type: object - type: array - versions: - description: versions is a slice of operand version tuples. Operators - which manage multiple operands will have multiple entries in the array. If - an operator is Available, it must have at least one entry. You must - report the version of the operator itself with the name "operator". - items: - properties: - name: - description: name is the name of the particular operand this version - is for. It usually matches container images, not operators. - type: string - version: - description: version indicates which version of a particular operand - is currently being manage. It must always match the Available - condition. If 1.0.0 is Available, then this must indicate 1.0.0 - even if the operator is trying to rollout 1.1.0 - type: string - required: - - name - - version - type: object - type: array - type: object - required: - - metadata - - spec - type: object - versions: - - name: v1 - served: true - storage: true diff --git a/install/0000_00_cluster-version-operator_01_clusterversion.crd.yaml b/install/0000_00_cluster-version-operator_01_clusterversion.crd.yaml deleted file mode 100644 index 4d786cc0ff..0000000000 --- a/install/0000_00_cluster-version-operator_01_clusterversion.crd.yaml +++ /dev/null @@ -1,697 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: clusterversions.config.openshift.io -spec: - group: config.openshift.io - versions: - - name: v1 - served: true - storage: true - scope: Cluster - subresources: - status: {} - names: - plural: clusterversions - singular: clusterversion - kind: ClusterVersion - additionalPrinterColumns: - - name: Version - type: string - JSONPath: .status.history[?(@.state=="Completed")].version - - name: Available - type: string - JSONPath: .status.conditions[?(@.type=="Available")].status - - name: Progressing - type: string - JSONPath: .status.conditions[?(@.type=="Progressing")].status - - name: Since - type: date - JSONPath: .status.conditions[?(@.type=="Progressing")].lastTransitionTime - - name: Status - type: string - JSONPath: .status.conditions[?(@.type=="Progressing")].message - validation: - openAPIV3Schema: - description: ClusterVersion is the configuration for the ClusterVersionOperator. - This is where parameters related to automatic updates can be set. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - description: ObjectMeta is metadata that all persisted resources must have, - which includes all objects users must create. - properties: - annotations: - additionalProperties: - type: string - description: 'Annotations is an unstructured key value map stored with - a resource that may be set by external tools to store and retrieve - arbitrary metadata. They are not queryable and should be preserved - when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - clusterName: - description: The name of the cluster which the object belongs to. This - is used to distinguish resources with same name and namespace in different - clusters. This field is not set anywhere right now and apiserver is - going to ignore it if set in create or update request. - type: string - creationTimestamp: - description: "CreationTimestamp is a timestamp representing the server - time when this object was created. It is not guaranteed to be set - in happens-before order across separate operations. Clients may not - set this value. It is represented in RFC3339 form and is in UTC. \n - Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata" - format: date-time - type: string - deletionGracePeriodSeconds: - description: Number of seconds allowed for this object to gracefully - terminate before it will be removed from the system. Only set when - deletionTimestamp is also set. May only be shortened. Read-only. - format: int64 - type: integer - deletionTimestamp: - description: "DeletionTimestamp is RFC 3339 date and time at which this - resource will be deleted. This field is set by the server when a graceful - deletion is requested by the user, and is not directly settable by - a client. The resource is expected to be deleted (no longer visible - from resource lists, and not reachable by name) after the time in - this field, once the finalizers list is empty. As long as the finalizers - list contains items, deletion is blocked. Once the deletionTimestamp - is set, this value may not be unset or be set further into the future, - although it may be shortened or the resource may be deleted prior - to this time. For example, a user may request that a pod is deleted - in 30 seconds. The Kubelet will react by sending a graceful termination - signal to the containers in the pod. After that 30 seconds, the Kubelet - will send a hard termination signal (SIGKILL) to the container and - after cleanup, remove the pod from the API. In the presence of network - partitions, this object may still exist after this timestamp, until - an administrator or automated process can determine the resource is - fully terminated. If not set, graceful deletion of the object has - not been requested. \n Populated by the system when a graceful deletion - is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata" - format: date-time - type: string - finalizers: - description: Must be empty before the object is deleted from the registry. - Each entry is an identifier for the responsible component that will - remove the entry from the list. If the deletionTimestamp of the object - is non-nil, entries in this list can only be removed. - items: - type: string - type: array - generateName: - description: "GenerateName is an optional prefix, used by the server, - to generate a unique name ONLY IF the Name field has not been provided. - If this field is used, the name returned to the client will be different - than the name passed. This value will also be combined with a unique - suffix. The provided value has the same validation rules as the Name - field, and may be truncated by the length of the suffix required to - make the value unique on the server. \n If this field is specified - and the generated name exists, the server will NOT return a 409 - - instead, it will either return 201 Created or 500 with Reason ServerTimeout - indicating a unique name could not be found in the time allotted, - and the client should retry (optionally after the time indicated in - the Retry-After header). \n Applied only if Name is not specified. - More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#idempotency" - type: string - generation: - description: A sequence number representing a specific generation of - the desired state. Populated by the system. Read-only. - format: int64 - type: integer - initializers: - description: "An initializer is a controller which enforces some system - invariant at object creation time. This field is a list of initializers - that have not yet acted on this object. If nil or empty, this object - has been completely initialized. Otherwise, the object is considered - uninitialized and is hidden (in list/watch and get calls) from clients - that haven't explicitly asked to observe uninitialized objects. \n - When an object is created, the system will populate this list with - the current set of initializers. Only privileged users may set or - modify this list. Once it is empty, it may not be modified further - by any user. \n DEPRECATED - initializers are an alpha field and will - be removed in v1.15." - properties: - pending: - description: Pending is a list of initializers that must execute - in order before this object is visible. When the last pending - initializer is removed, and no failing result is set, the initializers - struct will be set to nil and the object is considered as initialized - and visible to all clients. - items: - description: Initializer is information about an initializer that - has not yet completed. - properties: - name: - description: name of the process that is responsible for initializing - this object. - type: string - required: - - name - type: object - type: array - result: - description: If result is set with the Failure field, the object - will be persisted to storage and then deleted, ensuring that other - clients can observe the deletion. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this - representation of an object. Servers should convert recognized - schemas to the latest internal value, and may reject unrecognized - values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - code: - description: Suggested HTTP return code for this status, 0 if - not set. - format: int32 - type: integer - details: - description: Extended data associated with the reason. Each - reason may define its own extended details. This field is - optional and the data returned is not guaranteed to conform - to any schema except that defined by the reason type. - properties: - causes: - description: The Causes array includes more details associated - with the StatusReason failure. Not all StatusReasons may - provide detailed causes. - items: - description: StatusCause provides more information about - an api.Status failure, including cases when multiple - errors are encountered. - properties: - field: - description: "The field of the resource that has caused - this error, as named by its JSON serialization. - May include dot and postfix notation for nested - attributes. Arrays are zero-indexed. Fields may - appear more than once in an array of causes due - to fields having multiple errors. Optional. \n Examples: - \ \"name\" - the field \"name\" on the current - resource \"items[0].name\" - the field \"name\" - on the first array entry in \"items\"" - type: string - message: - description: A human-readable description of the cause - of the error. This field may be presented as-is - to a reader. - type: string - reason: - description: A machine-readable description of the - cause of the error. If this value is empty there - is no information available. - type: string - type: object - type: array - group: - description: The group attribute of the resource associated - with the status StatusReason. - type: string - kind: - description: 'The kind attribute of the resource associated - with the status StatusReason. On some operations may differ - from the requested resource Kind. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - name: - description: The name attribute of the resource associated - with the status StatusReason (when there is a single name - which can be described). - type: string - retryAfterSeconds: - description: If specified, the time in seconds before the - operation should be retried. Some errors may indicate - the client must take an alternate action - for those errors - this field may indicate how long to wait before taking - the alternate action. - format: int32 - type: integer - uid: - description: 'UID of the resource. (when there is a single - resource which can be described). More info: http://kubernetes.io/docs/user-guide/identifiers#uids' - type: string - type: object - kind: - description: 'Kind is a string value representing the REST resource - this object represents. Servers may infer this from the endpoint - the client submits requests to. Cannot be updated. In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - message: - description: A human-readable description of the status of this - operation. - type: string - metadata: - description: 'Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - properties: - continue: - description: continue may be set if the user set a limit - on the number of items returned, and indicates that the - server has more data available. The value is opaque and - may be used to issue another request to the endpoint that - served this list to retrieve the next set of available - objects. Continuing a consistent list may not be possible - if the server configuration has changed or more than a - few minutes have passed. The resourceVersion field returned - when using this continue value will be identical to the - value in the first response, unless you have received - this token from an error message. - type: string - resourceVersion: - description: 'String that identifies the server''s internal - version of this object that can be used by clients to - determine when objects have changed. Value must be treated - as opaque by clients and passed unmodified back to the - server. Populated by the system. Read-only. More info: - https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency' - type: string - selfLink: - description: selfLink is a URL representing this object. - Populated by the system. Read-only. - type: string - type: object - reason: - description: A machine-readable description of why this operation - is in the "Failure" status. If this value is empty there is - no information available. A Reason clarifies an HTTP status - code but does not override it. - type: string - status: - description: 'Status of the operation. One of: "Success" or - "Failure". More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status' - type: string - type: object - required: - - pending - type: object - labels: - additionalProperties: - type: string - description: 'Map of string keys and values that can be used to organize - and categorize (scope and select) objects. May match selectors of - replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' - type: object - managedFields: - description: "ManagedFields maps workflow-id and version to the set - of fields that are managed by that workflow. This is mostly for internal - housekeeping, and users typically shouldn't need to set or understand - this field. A workflow can be the user's name, a controller's name, - or the name of a specific apply path like \"ci-cd\". The set of fields - is always in the version that the workflow used when modifying the - object. \n This field is alpha and can be changed or removed without - notice." - items: - description: ManagedFieldsEntry is a workflow-id, a FieldSet and the - group version of the resource that the fieldset applies to. - properties: - apiVersion: - description: APIVersion defines the version of this resource that - this field set applies to. The format is "group/version" just - like the top-level APIVersion field. It is necessary to track - the version of a field set because it cannot be automatically - converted. - type: string - fields: - additionalProperties: true - description: Fields identifies a set of fields. - type: object - manager: - description: Manager is an identifier of the workflow managing - these fields. - type: string - operation: - description: Operation is the type of operation which lead to - this ManagedFieldsEntry being created. The only valid values - for this field are 'Apply' and 'Update'. - type: string - time: - description: Time is timestamp of when these fields were set. - It should always be empty if Operation is 'Apply' - format: date-time - type: string - type: object - type: array - name: - description: 'Name must be unique within a namespace. Is required when - creating resources, although some resources may allow a client to - request the generation of an appropriate name automatically. Name - is primarily intended for creation idempotence and configuration definition. - Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' - type: string - namespace: - description: "Namespace defines the space within each name must be unique. - An empty namespace is equivalent to the \"default\" namespace, but - \"default\" is the canonical representation. Not all objects are required - to be scoped to a namespace - the value of this field for those objects - will be empty. \n Must be a DNS_LABEL. Cannot be updated. More info: - http://kubernetes.io/docs/user-guide/namespaces" - type: string - ownerReferences: - description: List of objects depended by this object. If ALL objects - in the list have been deleted, this object will be garbage collected. - If this object is managed by a controller, then an entry in this list - will point to this controller, with the controller field set to true. - There cannot be more than one managing controller. - items: - description: OwnerReference contains enough information to let you - identify an owning object. An owning object must be in the same - namespace as the dependent, or be cluster-scoped, so there is no - namespace field. - properties: - apiVersion: - description: API version of the referent. - type: string - blockOwnerDeletion: - description: If true, AND if the owner has the "foregroundDeletion" - finalizer, then the owner cannot be deleted from the key-value - store until this reference is removed. Defaults to false. To - set this field, a user needs "delete" permission of the owner, - otherwise 422 (Unprocessable Entity) will be returned. - type: boolean - controller: - description: If true, this reference points to the managing controller. - type: boolean - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names' - type: string - uid: - description: 'UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids' - type: string - required: - - apiVersion - - kind - - name - - uid - type: object - type: array - resourceVersion: - description: "An opaque value that represents the internal version of - this object that can be used by clients to determine when objects - have changed. May be used for optimistic concurrency, change detection, - and the watch operation on a resource or set of resources. Clients - must treat these values as opaque and passed unmodified back to the - server. They may only be valid for a particular resource or set of - resources. \n Populated by the system. Read-only. Value must be treated - as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency" - type: string - selfLink: - description: SelfLink is a URL representing this object. Populated by - the system. Read-only. - type: string - uid: - description: "UID is the unique in time and space value for this object. - It is typically generated by the server on successful creation of - a resource and is not allowed to change on PUT operations. \n Populated - by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids" - type: string - type: object - spec: - description: spec is the desired state of the cluster version - the operator - will work to ensure that the desired version is applied to the cluster. - properties: - channel: - description: channel is an identifier for explicitly requesting that - a non-default set of updates be applied to this cluster. The default - channel will be contain stable updates that are appropriate for production - clusters. - type: string - clusterID: - description: clusterID uniquely identifies this cluster. This is expected - to be an RFC4122 UUID value (xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx - in hexadecimal values). This is a required field. - type: string - desiredUpdate: - description: "desiredUpdate is an optional field that indicates the - desired value of the cluster version. Setting this value will trigger - an upgrade (if the current version does not match the desired version). - The set of recommended update values is listed as part of available - updates in status, and setting values outside that range may cause - the upgrade to fail. You may specify the version field without setting - image if an update exists with that version in the availableUpdates - or history. \n If an upgrade fails the operator will halt and report - status about the failing component. Setting the desired update value - back to the previous version will cause a rollback to be attempted. - Not all rollbacks will succeed." - properties: - force: - description: "force allows an administrator to update to an image - that has failed verification, does not appear in the availableUpdates - list, or otherwise would be blocked by normal protections on update. - This option should only be used when the authenticity of the provided - image has been verified out of band because the provided image - will run with full administrative access to the cluster. Do not - use this flag with images that comes from unknown or potentially - malicious sources. \n This flag does not override other forms - of consistency checking that are required before a new update - is deployed." - type: boolean - image: - description: image is a container image location that contains the - update. When this field is part of spec, image is optional if - version is specified and the availableUpdates field contains a - matching version. - type: string - version: - description: version is a semantic versioning identifying the update - version. When this field is part of spec, version is optional - if image is specified. - type: string - type: object - overrides: - description: overrides is list of overides for components that are managed - by cluster version operator. Marking a component unmanaged will prevent - the operator from creating or updating the object. - items: - description: ComponentOverride allows overriding cluster version operator's - behavior for a component. - properties: - group: - description: group identifies the API group that the kind is in. - type: string - kind: - description: kind indentifies which object to override. - type: string - name: - description: name is the component's name. - type: string - namespace: - description: namespace is the component's namespace. If the resource - is cluster scoped, the namespace should be empty. - type: string - unmanaged: - description: 'unmanaged controls if cluster version operator should - stop managing the resources in this cluster. Default: false' - type: boolean - required: - - group - - kind - - name - - namespace - - unmanaged - type: object - type: array - upstream: - description: upstream may be used to specify the preferred update server. - By default it will use the appropriate update server for the cluster - and region. - type: string - required: - - clusterID - type: object - status: - description: status contains information about the available updates and - any in-progress updates. - properties: - availableUpdates: - description: availableUpdates contains the list of updates that are - appropriate for this cluster. This list may be empty if no updates - are recommended, if the update service is unavailable, or if an invalid - channel has been specified. - items: - description: Update represents a release of the ClusterVersionOperator, - referenced by the Image member. - properties: - force: - description: "force allows an administrator to update to an image - that has failed verification, does not appear in the availableUpdates - list, or otherwise would be blocked by normal protections on - update. This option should only be used when the authenticity - of the provided image has been verified out of band because - the provided image will run with full administrative access - to the cluster. Do not use this flag with images that comes - from unknown or potentially malicious sources. \n This flag - does not override other forms of consistency checking that are - required before a new update is deployed." - type: boolean - image: - description: image is a container image location that contains - the update. When this field is part of spec, image is optional - if version is specified and the availableUpdates field contains - a matching version. - type: string - version: - description: version is a semantic versioning identifying the - update version. When this field is part of spec, version is - optional if image is specified. - type: string - type: object - nullable: true - type: array - conditions: - description: conditions provides information about the cluster version. - The condition "Available" is set to true if the desiredUpdate has - been reached. The condition "Progressing" is set to true if an update - is being applied. The condition "Degraded" is set to true if an update - is currently blocked by a temporary or permanent error. Conditions - are only valid for the current desiredUpdate when metadata.generation - is equal to status.generation. - items: - description: ClusterOperatorStatusCondition represents the state of - the operator's reconciliation functionality. - properties: - lastTransitionTime: - description: lastTransitionTime is the time of the last update - to the current status object. - format: date-time - type: string - message: - description: message provides additional information about the - current condition. This is only to be consumed by humans. - type: string - reason: - description: reason is the reason for the condition's last transition. Reasons - are CamelCase - type: string - status: - description: status of the condition, one of True, False, Unknown. - type: string - type: - description: type specifies the state of the operator's reconciliation - functionality. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - desired: - description: desired is the version that the cluster is reconciling - towards. If the cluster is not yet fully initialized desired will - be set with the information available, which may be an image or a - tag. - properties: - force: - description: "force allows an administrator to update to an image - that has failed verification, does not appear in the availableUpdates - list, or otherwise would be blocked by normal protections on update. - This option should only be used when the authenticity of the provided - image has been verified out of band because the provided image - will run with full administrative access to the cluster. Do not - use this flag with images that comes from unknown or potentially - malicious sources. \n This flag does not override other forms - of consistency checking that are required before a new update - is deployed." - type: boolean - image: - description: image is a container image location that contains the - update. When this field is part of spec, image is optional if - version is specified and the availableUpdates field contains a - matching version. - type: string - version: - description: version is a semantic versioning identifying the update - version. When this field is part of spec, version is optional - if image is specified. - type: string - type: object - history: - description: history contains a list of the most recent versions applied - to the cluster. This value may be empty during cluster startup, and - then will be updated when a new update is being applied. The newest - update is first in the list and it is ordered by recency. Updates - in the history have state Completed if the rollout completed - if - an update was failing or halfway applied the state will be Partial. - Only a limited amount of update history is preserved. - items: - description: UpdateHistory is a single attempted update to the cluster. - properties: - completionTime: - description: completionTime, if set, is when the update was fully - applied. The update that is currently being applied will have - a null completion time. Completion time will always be set for - entries that are not the current update (usually to the started - time of the next update). - format: date-time - nullable: true - type: string - image: - description: image is a container image location that contains - the update. This value is always populated. - type: string - startedTime: - description: startedTime is the time at which the update was started. - format: date-time - type: string - state: - description: state reflects whether the update was fully applied. - The Partial state indicates the update is not fully applied, - while the Completed state indicates the update was successfully - rolled out at least once (all parts of the update successfully - applied). - type: string - verified: - description: verified indicates whether the provided update was - properly verified before it was installed. If this is false - the cluster may not be trusted. - type: boolean - version: - description: version is a semantic versioning identifying the - update version. If the requested image does not define a version, - or if a failure occurs retrieving the image, this value may - be empty. - type: string - required: - - completionTime - - image - - startedTime - - state - - verified - type: object - type: array - observedGeneration: - description: observedGeneration reports which version of the spec is - being synced. If this value is not equal to metadata.generation, then - the desired and conditions fields may represent from a previous version. - format: int64 - type: integer - versionHash: - description: versionHash is a fingerprint of the content that the cluster - will be updated with. It is used by the operator to avoid unnecessary - work and is for internal use only. - type: string - required: - - availableUpdates - - desired - - observedGeneration - - versionHash - type: object - required: - - spec - type: object - versions: - - name: v1 - served: true - storage: true From 92657d905c6058ab6d7602a56c1cadee2cb2e8a6 Mon Sep 17 00:00:00 2001 From: "Dr. Stefan Schimanski" Date: Mon, 28 Oct 2019 11:25:24 +0100 Subject: [PATCH 2/2] bump(github.com/openshift/api) --- Gopkg.lock | 22 +- ...rsion-operator_01_clusteroperator.crd.yaml | 162 +++++ ...ersion-operator_01_clusterversion.crd.yaml | 329 +++++++++ ...03_config-operator_01_operatorhub.crd.yaml | 101 +++ .../0000_03_config-operator_01_proxy.crd.yaml | 98 +++ ...0_10_config-operator_01_apiserver.crd.yaml | 214 ++++++ ...config-operator_01_authentication.crd.yaml | 123 ++++ .../0000_10_config-operator_01_build.crd.yaml | 366 ++++++++++ ...000_10_config-operator_01_console.crd.yaml | 70 ++ .../0000_10_config-operator_01_dns.crd.yaml | 100 +++ ...10_config-operator_01_featuregate.crd.yaml | 76 ++ .../0000_10_config-operator_01_image.crd.yaml | 144 ++++ ...config-operator_01_infrastructure.crd.yaml | 221 ++++++ ...000_10_config-operator_01_ingress.crd.yaml | 55 ++ ...000_10_config-operator_01_network.crd.yaml | 141 ++++ .../0000_10_config-operator_01_oauth.crd.yaml | 661 ++++++++++++++++++ ...000_10_config-operator_01_project.crd.yaml | 63 ++ ...0_10_config-operator_01_scheduler.crd.yaml | 88 +++ .../openshift/api/config/v1/types.go | 2 + .../api/config/v1/types_authentication.go | 4 +- .../openshift/api/config/v1/types_build.go | 5 +- .../api/config/v1/types_cluster_operator.go | 19 + .../api/config/v1/types_cluster_version.go | 30 + .../openshift/api/config/v1/types_console.go | 9 +- .../openshift/api/config/v1/types_dns.go | 7 +- .../openshift/api/config/v1/types_feature.go | 19 +- .../openshift/api/config/v1/types_image.go | 7 +- .../api/config/v1/types_infrastructure.go | 39 +- .../openshift/api/config/v1/types_ingress.go | 7 +- .../openshift/api/config/v1/types_network.go | 7 +- .../api/config/v1/types_operatorhub.go | 2 +- .../openshift/api/config/v1/types_project.go | 7 +- .../openshift/api/config/v1/types_proxy.go | 5 +- .../api/config/v1/types_scheduling.go | 7 +- .../api/config/v1/types_tlssecurityprofile.go | 131 +--- .../api/config/v1/zz_generated.deepcopy.go | 38 +- .../v1/zz_generated.swagger_doc_generated.go | 205 ++---- .../openshift/api/image/v1/generated.proto | 545 +++++++++++++++ .../openshift/api/image/v1/types.go | 29 +- .../v1/zz_generated.swagger_doc_generated.go | 51 +- ...0000_03_security-openshift_01_scc.crd.yaml | 315 +++++++++ .../openshift/api/security/v1/generated.proto | 342 +++++++++ .../openshift/api/security/v1/types.go | 13 +- .../v1/zz_generated.swagger_doc_generated.go | 18 +- .../x/tools/go/internal/gcimporter/iexport.go | 34 +- .../x/tools/go/internal/gcimporter/iimport.go | 28 +- .../golang.org/x/tools/go/packages/golist.go | 186 ++++- .../x/tools/go/packages/golist_overlay.go | 21 +- .../x/tools/internal/gopathwalk/walk.go | 6 +- .../x/tools/internal/imports/fix.go | 97 ++- .../x/tools/internal/imports/mod.go | 402 +++++++---- .../x/tools/internal/imports/mod_cache.go | 62 +- .../golang.org/x/tools/internal/span/parse.go | 100 +++ .../golang.org/x/tools/internal/span/span.go | 285 ++++++++ .../golang.org/x/tools/internal/span/token.go | 151 ++++ .../x/tools/internal/span/token111.go | 39 ++ .../x/tools/internal/span/token112.go | 16 + .../golang.org/x/tools/internal/span/uri.go | 152 ++++ .../golang.org/x/tools/internal/span/utf16.go | 94 +++ .../v1beta1/customresourcedefinition.go | 65 -- .../v1beta1/expansion_generated.go | 23 - .../client-go/discovery/cached/legacy.go | 30 - 62 files changed, 5895 insertions(+), 793 deletions(-) create mode 100644 vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusteroperator.crd.yaml create mode 100644 vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusterversion.crd.yaml create mode 100644 vendor/github.com/openshift/api/config/v1/0000_03_config-operator_01_operatorhub.crd.yaml create mode 100644 vendor/github.com/openshift/api/config/v1/0000_03_config-operator_01_proxy.crd.yaml create mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_apiserver.crd.yaml create mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd.yaml create mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_build.crd.yaml create mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_console.crd.yaml create mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_dns.crd.yaml create mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_featuregate.crd.yaml create mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_image.crd.yaml create mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure.crd.yaml create mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_ingress.crd.yaml create mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_network.crd.yaml create mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_oauth.crd.yaml create mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_project.crd.yaml create mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_scheduler.crd.yaml create mode 100644 vendor/github.com/openshift/api/image/v1/generated.proto create mode 100644 vendor/github.com/openshift/api/security/v1/0000_03_security-openshift_01_scc.crd.yaml create mode 100644 vendor/github.com/openshift/api/security/v1/generated.proto create mode 100644 vendor/golang.org/x/tools/internal/span/parse.go create mode 100644 vendor/golang.org/x/tools/internal/span/span.go create mode 100644 vendor/golang.org/x/tools/internal/span/token.go create mode 100644 vendor/golang.org/x/tools/internal/span/token111.go create mode 100644 vendor/golang.org/x/tools/internal/span/token112.go create mode 100644 vendor/golang.org/x/tools/internal/span/uri.go create mode 100644 vendor/golang.org/x/tools/internal/span/utf16.go delete mode 100644 vendor/k8s.io/apiextensions-apiserver/pkg/client/listers/apiextensions/v1beta1/customresourcedefinition.go delete mode 100644 vendor/k8s.io/apiextensions-apiserver/pkg/client/listers/apiextensions/v1beta1/expansion_generated.go delete mode 100644 vendor/k8s.io/client-go/discovery/cached/legacy.go diff --git a/Gopkg.lock b/Gopkg.lock index 64b17b21ee..4cd32be23b 100644 --- a/Gopkg.lock +++ b/Gopkg.lock @@ -177,7 +177,7 @@ [[projects]] branch = "master" - digest = "1:1999d654799bdb63e9ed03fda9c240119c4a8ac782dfe565e90214678f669125" + digest = "1:680939b9b56ebe46bbff646a1e8fcc18141a5a67ed99e061c0638583e9150f52" name = "github.com/openshift/api" packages = [ "config/v1", @@ -186,8 +186,8 @@ "image/v1", "security/v1", ] - pruneopts = "NUT" - revision = "d92789481b059132f1febccd9bb47cb27220f248" + pruneopts = "UT" + revision = "c556078b427fbf38b9645bb91b703b800195ddb1" [[projects]] branch = "master" @@ -367,7 +367,7 @@ [[projects]] branch = "master" - digest = "1:461f95709aa3b74651a3a26d25c816801e10b5adc2bdef8bff9671494fdd13ab" + digest = "1:e8074db5811031e438301937752755e84de48028d254d69ed9e3bbe74f9d0c0f" name = "golang.org/x/tools" packages = [ "go/ast/astutil", @@ -382,9 +382,10 @@ "internal/imports", "internal/module", "internal/semver", + "internal/span", ] pruneopts = "NUT" - revision = "9cd7e18f8ef73a428ee6125634aae52a8d0c94d4" + revision = "b2104f82a97df5456531b2816ef2022c7f4431c0" [[projects]] digest = "1:c8131c929081f0fa26901a27eec93162a44afb3fc89a38573520dd4e3f1b1621" @@ -466,7 +467,7 @@ version = "kubernetes-1.16.0" [[projects]] - digest = "1:ecf78750f1bf5f171896e0332a208e7c04e91085abcac3523d4f5317f1d24bb7" + digest = "1:6aab404e4451f049e6c4dfdb102d43fb209b445cdac708f7e74b5e70b41ddd90" name = "k8s.io/apiextensions-apiserver" packages = [ "pkg/apis/apiextensions", @@ -476,7 +477,6 @@ "pkg/client/clientset/clientset/scheme", "pkg/client/clientset/clientset/typed/apiextensions/v1", "pkg/client/clientset/clientset/typed/apiextensions/v1beta1", - "pkg/client/listers/apiextensions/v1beta1", ] pruneopts = "NUT" revision = "8f644eb6e783291c4b8cb8cb25a9983be1a74f5c" @@ -538,11 +538,10 @@ version = "kubernetes-1.16.0" [[projects]] - digest = "1:c58b46a5c3993704a92a2278f8102491ea45b137cf365979ba89e3bdd74d8b09" + digest = "1:845b5d54e096d577fdfedaf2c0cc6013d898d03d5b4731a0ec0ab597c344c6bc" name = "k8s.io/client-go" packages = [ "discovery", - "discovery/cached", "discovery/cached/memory", "discovery/fake", "dynamic", @@ -823,10 +822,11 @@ "k8s.io/api/core/v1", "k8s.io/api/rbac/v1", "k8s.io/api/rbac/v1beta1", + "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1", "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1", "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset", + "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset/typed/apiextensions/v1", "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset/typed/apiextensions/v1beta1", - "k8s.io/apiextensions-apiserver/pkg/client/listers/apiextensions/v1beta1", "k8s.io/apimachinery/pkg/api/equality", "k8s.io/apimachinery/pkg/api/errors", "k8s.io/apimachinery/pkg/api/meta", @@ -850,7 +850,7 @@ "k8s.io/apimachinery/pkg/util/yaml", "k8s.io/apimachinery/pkg/watch", "k8s.io/client-go/discovery", - "k8s.io/client-go/discovery/cached", + "k8s.io/client-go/discovery/cached/memory", "k8s.io/client-go/dynamic", "k8s.io/client-go/dynamic/fake", "k8s.io/client-go/informers", diff --git a/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusteroperator.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusteroperator.crd.yaml new file mode 100644 index 0000000000..294e4ee227 --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusteroperator.crd.yaml @@ -0,0 +1,162 @@ +kind: CustomResourceDefinition +apiVersion: apiextensions.k8s.io/v1beta1 +metadata: + name: clusteroperators.config.openshift.io +spec: + additionalPrinterColumns: + - JSONPath: .status.versions[?(@.name=="operator")].version + description: The version the operator is at. + name: Version + type: string + - JSONPath: .status.conditions[?(@.type=="Available")].status + description: Whether the operator is running and stable. + name: Available + type: string + - JSONPath: .status.conditions[?(@.type=="Progressing")].status + description: Whether the operator is processing changes. + name: Progressing + type: string + - JSONPath: .status.conditions[?(@.type=="Degraded")].status + description: Whether the operator is degraded. + name: Degraded + type: string + - JSONPath: .status.conditions[?(@.type=="Available")].lastTransitionTime + description: The time the operator's Available status last changed. + name: Since + type: date + group: config.openshift.io + names: + kind: ClusterOperator + listKind: ClusterOperatorList + plural: clusteroperators + singular: clusteroperator + shortNames: + - co + preserveUnknownFields: false + scope: Cluster + subresources: + status: {} + version: v1 + versions: + - name: v1 + served: true + storage: true + validation: + openAPIV3Schema: + description: ClusterOperator is the Custom Resource object which holds the current + state of an operator. This object is used by operators to convey their state + to the rest of the cluster. + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec hold the intent of how this operator should behave. + type: object + status: + description: status holds the information about the state of an operator. It + is consistent with status information across the kube ecosystem. + type: object + properties: + conditions: + description: conditions describes the state of the operator's reconciliation + functionality. + type: array + items: + description: ClusterOperatorStatusCondition represents the state of + the operator's reconciliation functionality. + type: object + required: + - lastTransitionTime + - status + - type + properties: + lastTransitionTime: + description: lastTransitionTime is the time of the last update + to the current status object. + type: string + format: date-time + message: + description: message provides additional information about the + current condition. This is only to be consumed by humans. + type: string + reason: + description: reason is the reason for the condition's last transition. Reasons + are CamelCase + type: string + status: + description: status of the condition, one of True, False, Unknown. + type: string + type: + description: type specifies the state of the operator's reconciliation + functionality. + type: string + extension: + description: extension contains any additional status information specific + to the operator which owns this status object. + type: object + nullable: true + relatedObjects: + description: 'relatedObjects is a list of objects that are "interesting" + or related to this operator. Common uses are: 1. the detailed resource + driving the operator 2. operator namespaces 3. operand namespaces' + type: array + items: + description: ObjectReference contains enough information to let you + inspect or modify the referred object. + type: object + required: + - group + - name + - resource + properties: + group: + description: group of the referent. + type: string + name: + description: name of the referent. + type: string + namespace: + description: namespace of the referent. + type: string + resource: + description: resource of the referent. + type: string + versions: + description: versions is a slice of operand version tuples. Operators + which manage multiple operands will have multiple entries in the array. If + an operator is Available, it must have at least one entry. You must + report the version of the operator itself with the name "operator". + type: array + items: + type: object + required: + - name + - version + properties: + name: + description: name is the name of the particular operand this version + is for. It usually matches container images, not operators. + type: string + version: + description: version indicates which version of a particular operand + is currently being manage. It must always match the Available + condition. If 1.0.0 is Available, then this must indicate 1.0.0 + even if the operator is trying to rollout 1.1.0 + type: string + versions: + - name: v1 + served: true + storage: true diff --git a/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusterversion.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusterversion.crd.yaml new file mode 100644 index 0000000000..37d6516e87 --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusterversion.crd.yaml @@ -0,0 +1,329 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: clusterversions.config.openshift.io +spec: + group: config.openshift.io + versions: + - name: v1 + served: true + storage: true + scope: Cluster + subresources: + status: {} + names: + plural: clusterversions + singular: clusterversion + kind: ClusterVersion + preserveUnknownFields: false + additionalPrinterColumns: + - name: Version + type: string + JSONPath: .status.history[?(@.state=="Completed")].version + - name: Available + type: string + JSONPath: .status.conditions[?(@.type=="Available")].status + - name: Progressing + type: string + JSONPath: .status.conditions[?(@.type=="Progressing")].status + - name: Since + type: date + JSONPath: .status.conditions[?(@.type=="Progressing")].lastTransitionTime + - name: Status + type: string + JSONPath: .status.conditions[?(@.type=="Progressing")].message + validation: + openAPIV3Schema: + description: ClusterVersion is the configuration for the ClusterVersionOperator. + This is where parameters related to automatic updates can be set. + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec is the desired state of the cluster version - the operator + will work to ensure that the desired version is applied to the cluster. + type: object + required: + - clusterID + properties: + channel: + description: channel is an identifier for explicitly requesting that + a non-default set of updates be applied to this cluster. The default + channel will be contain stable updates that are appropriate for production + clusters. + type: string + clusterID: + description: clusterID uniquely identifies this cluster. This is expected + to be an RFC4122 UUID value (xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx + in hexadecimal values). This is a required field. + type: string + desiredUpdate: + description: "desiredUpdate is an optional field that indicates the + desired value of the cluster version. Setting this value will trigger + an upgrade (if the current version does not match the desired version). + The set of recommended update values is listed as part of available + updates in status, and setting values outside that range may cause + the upgrade to fail. You may specify the version field without setting + image if an update exists with that version in the availableUpdates + or history. \n If an upgrade fails the operator will halt and report + status about the failing component. Setting the desired update value + back to the previous version will cause a rollback to be attempted. + Not all rollbacks will succeed." + type: object + properties: + force: + description: "force allows an administrator to update to an image + that has failed verification, does not appear in the availableUpdates + list, or otherwise would be blocked by normal protections on update. + This option should only be used when the authenticity of the provided + image has been verified out of band because the provided image + will run with full administrative access to the cluster. Do not + use this flag with images that comes from unknown or potentially + malicious sources. \n This flag does not override other forms + of consistency checking that are required before a new update + is deployed." + type: boolean + image: + description: image is a container image location that contains the + update. When this field is part of spec, image is optional if + version is specified and the availableUpdates field contains a + matching version. + type: string + version: + description: version is a semantic versioning identifying the update + version. When this field is part of spec, version is optional + if image is specified. + type: string + overrides: + description: overrides is list of overides for components that are managed + by cluster version operator. Marking a component unmanaged will prevent + the operator from creating or updating the object. + type: array + items: + description: ComponentOverride allows overriding cluster version operator's + behavior for a component. + type: object + required: + - group + - kind + - name + - namespace + - unmanaged + properties: + group: + description: group identifies the API group that the kind is in. + type: string + kind: + description: kind indentifies which object to override. + type: string + name: + description: name is the component's name. + type: string + namespace: + description: namespace is the component's namespace. If the resource + is cluster scoped, the namespace should be empty. + type: string + unmanaged: + description: 'unmanaged controls if cluster version operator should + stop managing the resources in this cluster. Default: false' + type: boolean + upstream: + description: upstream may be used to specify the preferred update server. + By default it will use the appropriate update server for the cluster + and region. + type: string + status: + description: status contains information about the available updates and + any in-progress updates. + type: object + required: + - availableUpdates + - desired + - observedGeneration + - versionHash + properties: + availableUpdates: + description: availableUpdates contains the list of updates that are + appropriate for this cluster. This list may be empty if no updates + are recommended, if the update service is unavailable, or if an invalid + channel has been specified. + type: array + items: + description: Update represents a release of the ClusterVersionOperator, + referenced by the Image member. + type: object + properties: + force: + description: "force allows an administrator to update to an image + that has failed verification, does not appear in the availableUpdates + list, or otherwise would be blocked by normal protections on + update. This option should only be used when the authenticity + of the provided image has been verified out of band because + the provided image will run with full administrative access + to the cluster. Do not use this flag with images that comes + from unknown or potentially malicious sources. \n This flag + does not override other forms of consistency checking that are + required before a new update is deployed." + type: boolean + image: + description: image is a container image location that contains + the update. When this field is part of spec, image is optional + if version is specified and the availableUpdates field contains + a matching version. + type: string + version: + description: version is a semantic versioning identifying the + update version. When this field is part of spec, version is + optional if image is specified. + type: string + nullable: true + conditions: + description: conditions provides information about the cluster version. + The condition "Available" is set to true if the desiredUpdate has + been reached. The condition "Progressing" is set to true if an update + is being applied. The condition "Degraded" is set to true if an update + is currently blocked by a temporary or permanent error. Conditions + are only valid for the current desiredUpdate when metadata.generation + is equal to status.generation. + type: array + items: + description: ClusterOperatorStatusCondition represents the state of + the operator's reconciliation functionality. + type: object + required: + - lastTransitionTime + - status + - type + properties: + lastTransitionTime: + description: lastTransitionTime is the time of the last update + to the current status object. + type: string + format: date-time + message: + description: message provides additional information about the + current condition. This is only to be consumed by humans. + type: string + reason: + description: reason is the reason for the condition's last transition. Reasons + are CamelCase + type: string + status: + description: status of the condition, one of True, False, Unknown. + type: string + type: + description: type specifies the state of the operator's reconciliation + functionality. + type: string + desired: + description: desired is the version that the cluster is reconciling + towards. If the cluster is not yet fully initialized desired will + be set with the information available, which may be an image or a + tag. + type: object + properties: + force: + description: "force allows an administrator to update to an image + that has failed verification, does not appear in the availableUpdates + list, or otherwise would be blocked by normal protections on update. + This option should only be used when the authenticity of the provided + image has been verified out of band because the provided image + will run with full administrative access to the cluster. Do not + use this flag with images that comes from unknown or potentially + malicious sources. \n This flag does not override other forms + of consistency checking that are required before a new update + is deployed." + type: boolean + image: + description: image is a container image location that contains the + update. When this field is part of spec, image is optional if + version is specified and the availableUpdates field contains a + matching version. + type: string + version: + description: version is a semantic versioning identifying the update + version. When this field is part of spec, version is optional + if image is specified. + type: string + history: + description: history contains a list of the most recent versions applied + to the cluster. This value may be empty during cluster startup, and + then will be updated when a new update is being applied. The newest + update is first in the list and it is ordered by recency. Updates + in the history have state Completed if the rollout completed - if + an update was failing or halfway applied the state will be Partial. + Only a limited amount of update history is preserved. + type: array + items: + description: UpdateHistory is a single attempted update to the cluster. + type: object + required: + - completionTime + - image + - startedTime + - state + - verified + properties: + completionTime: + description: completionTime, if set, is when the update was fully + applied. The update that is currently being applied will have + a null completion time. Completion time will always be set for + entries that are not the current update (usually to the started + time of the next update). + type: string + format: date-time + nullable: true + image: + description: image is a container image location that contains + the update. This value is always populated. + type: string + startedTime: + description: startedTime is the time at which the update was started. + type: string + format: date-time + state: + description: state reflects whether the update was fully applied. + The Partial state indicates the update is not fully applied, + while the Completed state indicates the update was successfully + rolled out at least once (all parts of the update successfully + applied). + type: string + verified: + description: verified indicates whether the provided update was + properly verified before it was installed. If this is false + the cluster may not be trusted. + type: boolean + version: + description: version is a semantic versioning identifying the + update version. If the requested image does not define a version, + or if a failure occurs retrieving the image, this value may + be empty. + type: string + observedGeneration: + description: observedGeneration reports which version of the spec is + being synced. If this value is not equal to metadata.generation, then + the desired and conditions fields may represent a previous version. + type: integer + format: int64 + versionHash: + description: versionHash is a fingerprint of the content that the cluster + will be updated with. It is used by the operator to avoid unnecessary + work and is for internal use only. + type: string + versions: + - name: v1 + served: true + storage: true diff --git a/vendor/github.com/openshift/api/config/v1/0000_03_config-operator_01_operatorhub.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_03_config-operator_01_operatorhub.crd.yaml new file mode 100644 index 0000000000..8c857d45a4 --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/0000_03_config-operator_01_operatorhub.crd.yaml @@ -0,0 +1,101 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: operatorhubs.config.openshift.io +spec: + group: config.openshift.io + names: + kind: OperatorHub + listKind: OperatorHubList + plural: operatorhubs + singular: operatorhub + scope: Cluster + preserveUnknownFields: false + subresources: + status: {} + version: v1 + versions: + - name: v1 + served: true + storage: true + "validation": + "openAPIV3Schema": + description: OperatorHub is the Schema for the operatorhubs API. It can be used + to change the state of the default hub sources for OperatorHub on the cluster + from enabled to disabled and vice versa. + type: object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: OperatorHubSpec defines the desired state of OperatorHub + type: object + properties: + disableAllDefaultSources: + description: disableAllDefaultSources allows you to disable all the + default hub sources. If this is true, a specific entry in sources + can be used to enable a default source. If this is false, a specific + entry in sources can be used to disable or enable a default source. + type: boolean + sources: + description: sources is the list of default hub sources and their configuration. + If the list is empty, it implies that the default hub sources are + enabled on the cluster unless disableAllDefaultSources is true. If + disableAllDefaultSources is true and sources is not empty, the configuration + present in sources will take precedence. The list of default hub sources + and their current state will always be reflected in the status block. + type: array + items: + description: HubSource is used to specify the hub source and its configuration + type: object + properties: + disabled: + description: disabled is used to disable a default hub source + on cluster + type: boolean + name: + description: name is the name of one of the default hub sources + type: string + maxLength: 253 + minLength: 1 + status: + description: OperatorHubStatus defines the observed state of OperatorHub. + The current state of the default hub sources will always be reflected + here. + type: object + properties: + sources: + description: sources encapsulates the result of applying the configuration + for each hub source + type: array + items: + description: HubSourceStatus is used to reflect the current state + of applying the configuration to a default source + type: object + properties: + disabled: + description: disabled is used to disable a default hub source + on cluster + type: boolean + message: + description: message provides more information regarding failures + type: string + name: + description: name is the name of one of the default hub sources + type: string + maxLength: 253 + minLength: 1 + status: + description: status indicates success or failure in applying the + configuration + type: string diff --git a/vendor/github.com/openshift/api/config/v1/0000_03_config-operator_01_proxy.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_03_config-operator_01_proxy.crd.yaml new file mode 100644 index 0000000000..afd0767479 --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/0000_03_config-operator_01_proxy.crd.yaml @@ -0,0 +1,98 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: proxies.config.openshift.io +spec: + group: config.openshift.io + scope: Cluster + preserveUnknownFields: false + versions: + - name: v1 + served: true + storage: true + names: + kind: Proxy + listKind: ProxyList + plural: proxies + singular: proxy + subresources: + status: {} + "validation": + "openAPIV3Schema": + description: Proxy holds cluster-wide information on how to configure default + proxies for the cluster. The canonical name is `cluster` + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec holds user-settable values for the proxy configuration + type: object + properties: + httpProxy: + description: httpProxy is the URL of the proxy for HTTP requests. Empty + means unset and will not result in an env var. + type: string + httpsProxy: + description: httpsProxy is the URL of the proxy for HTTPS requests. Empty + means unset and will not result in an env var. + type: string + noProxy: + description: noProxy is a comma-separated list of hostnames and/or CIDRs + for which the proxy should not be used. Empty means unset and will + not result in an env var. + type: string + readinessEndpoints: + description: readinessEndpoints is a list of endpoints used to verify + readiness of the proxy. + type: array + items: + type: string + trustedCA: + description: "trustedCA is a reference to a ConfigMap containing a CA + certificate bundle used for client egress HTTPS connections. The certificate + bundle must be from the CA that signed the proxy's certificate and + be signed for everything. The trustedCA field should only be consumed + by a proxy validator. The validator is responsible for reading the + certificate bundle from required key \"ca-bundle.crt\" and copying + it to a ConfigMap named \"trusted-ca-bundle\" in the \"openshift-config-managed\" + namespace. The namespace for the ConfigMap referenced by trustedCA + is \"openshift-config\". Here is an example ConfigMap (in yaml): \n + apiVersion: v1 kind: ConfigMap metadata: name: user-ca-bundle namespace: + openshift-config data: ca-bundle.crt: | -----BEGIN CERTIFICATE----- + \ Custom CA certificate bundle. -----END CERTIFICATE-----" + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced config + map + type: string + status: + description: status holds observed values from the cluster. They may not + be overridden. + type: object + properties: + httpProxy: + description: httpProxy is the URL of the proxy for HTTP requests. + type: string + httpsProxy: + description: httpsProxy is the URL of the proxy for HTTPS requests. + type: string + noProxy: + description: noProxy is a comma-separated list of hostnames and/or CIDRs + for which the proxy should not be used. + type: string diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_apiserver.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_apiserver.crd.yaml new file mode 100644 index 0000000000..d344078142 --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_apiserver.crd.yaml @@ -0,0 +1,214 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: apiservers.config.openshift.io +spec: + group: config.openshift.io + scope: Cluster + preserveUnknownFields: false + names: + kind: APIServer + singular: apiserver + plural: apiservers + listKind: APIServerList + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + "validation": + "openAPIV3Schema": + description: APIServer holds configuration (like serving certificates, client + CA and CORS domains) shared by all API servers in the system, among them especially + kube-apiserver and openshift-apiserver. The canonical name of an instance + is 'cluster'. + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + type: object + properties: + additionalCORSAllowedOrigins: + description: additionalCORSAllowedOrigins lists additional, user-defined + regular expressions describing hosts for which the API server allows + access using the CORS headers. This may be needed to access the API + and the integrated OAuth server from JavaScript applications. The + values are regular expressions that correspond to the Golang regular + expression language. + type: array + items: + type: string + clientCA: + description: 'clientCA references a ConfigMap containing a certificate + bundle for the signers that will be recognized for incoming client + certificates in addition to the operator managed signers. If this + is empty, then only operator managed signers are valid. You usually + only have to set this if you have your own PKI you wish to honor client + certificates from. The ConfigMap must exist in the openshift-config + namespace and contain the following required fields: - ConfigMap.Data["ca-bundle.crt"] + - CA bundle.' + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced config + map + type: string + encryption: + description: encryption allows the configuration of encryption of resources + at the datastore layer. + type: object + properties: + type: + description: "type defines what encryption type should be used to + encrypt resources at the datastore layer. When this field is unset + (i.e. when it is set to the empty string), identity is implied. + The behavior of unset can and will change over time. Even if + encryption is enabled by default, the meaning of unset may change + to a different encryption type based on changes in best practices. + \n When encryption is enabled, all sensitive resources shipped + with the platform are encrypted. This list of sensitive resources + can and will change over time. The current authoritative list + is: \n 1. secrets 2. configmaps 3. routes.route.openshift.io + \ 4. oauthaccesstokens.oauth.openshift.io 5. oauthauthorizetokens.oauth.openshift.io" + type: string + enum: + - "" + - identity + - aescbc + servingCerts: + description: servingCert is the TLS cert info for serving secure traffic. + If not specified, operator managed certificates will be used for serving + secure traffic. + type: object + properties: + namedCertificates: + description: namedCertificates references secrets containing the + TLS cert info for serving secure traffic to specific hostnames. + If no named certificates are provided, or no named certificates + match the server name as understood by a client, the defaultServingCertificate + will be used. + type: array + items: + description: APIServerNamedServingCert maps a server DNS name, + as understood by a client, to a certificate. + type: object + properties: + names: + description: names is a optional list of explicit DNS names + (leading wildcards allowed) that should use this certificate + to serve secure traffic. If no names are provided, the implicit + names will be extracted from the certificates. Exact names + trump over wildcard names. Explicit names defined here trump + over extracted implicit names. + type: array + items: + type: string + servingCertificate: + description: 'servingCertificate references a kubernetes.io/tls + type secret containing the TLS cert info for serving secure + traffic. The secret must exist in the openshift-config namespace + and contain the following required fields: - Secret.Data["tls.key"] + - TLS private key. - Secret.Data["tls.crt"] - TLS certificate.' + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced + secret + type: string + tlsSecurityProfile: + description: "tlsSecurityProfile specifies settings for TLS connections + for externally exposed servers. \n If unset, a default (which may + change between releases) is chosen." + type: object + properties: + custom: + description: "custom is a user-defined TLS security profile. Be + extremely careful using a custom profile as invalid configurations + can be catastrophic. An example custom profile looks like this: + \n ciphers: - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 + \ - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 + \ minTLSVersion: TLSv1.1" + type: object + properties: + ciphers: + description: "ciphers is used to specify the cipher algorithms + that are negotiated during the TLS handshake. Operators may + remove entries their operands do not support. For example, + to use DES-CBC3-SHA (yaml): \n ciphers: - DES-CBC3-SHA" + type: array + items: + type: string + minTLSVersion: + description: "minTLSVersion is used to specify the minimal version + of the TLS protocol that is negotiated during the TLS handshake. + For example, to use TLS versions 1.1, 1.2 and 1.3 (yaml): + \n minTLSVersion: TLSv1.1" + type: string + nullable: true + intermediate: + description: "intermediate is a TLS security profile based on: \n + https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29 + \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 + \ - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 + \ - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256 + \ - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384 + \ - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 + \ - DHE-RSA-AES128-GCM-SHA256 - DHE-RSA-AES256-GCM-SHA384 + \ minTLSVersion: TLSv1.2" + type: object + nullable: true + modern: + description: "modern is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility + \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 + \ - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 + \ minTLSVersion: TLSv1.3" + type: object + nullable: true + old: + description: "old is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility + \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 + \ - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 + \ - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256 + \ - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384 + \ - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 + \ - DHE-RSA-AES128-GCM-SHA256 - DHE-RSA-AES256-GCM-SHA384 + \ - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 + \ - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - + ECDHE-RSA-AES128-SHA - ECDHE-ECDSA-AES256-SHA384 - ECDHE-RSA-AES256-SHA384 + \ - ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA - + DHE-RSA-AES128-SHA256 - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 + \ - AES256-GCM-SHA384 - AES128-SHA256 - AES256-SHA256 + \ - AES128-SHA - AES256-SHA - DES-CBC3-SHA minTLSVersion: + TLSv1.0" + type: object + nullable: true + type: + description: "type is one of Old, Intermediate, Modern or Custom. + Custom provides the ability to specify individual TLS security + profile parameters. Old, Intermediate and Modern are TLS security + profiles based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations + \n The profiles are intent based, so they may change over time + as new ciphers are developed and existing ciphers are found to + be insecure. Depending on precisely which ciphers are available + to a process, the list may be reduced." + type: string + status: + type: object diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd.yaml new file mode 100644 index 0000000000..f21ac7ea8b --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd.yaml @@ -0,0 +1,123 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: authentications.config.openshift.io +spec: + group: config.openshift.io + names: + kind: Authentication + listKind: AuthenticationList + plural: authentications + singular: authentication + scope: Cluster + preserveUnknownFields: false + subresources: + status: {} + versions: + - name: v1 + served: true + storage: true + "validation": + "openAPIV3Schema": + description: Authentication specifies cluster-wide settings for authentication + (like OAuth and webhook token authenticators). The canonical name of an instance + is `cluster`. + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + type: object + properties: + oauthMetadata: + description: 'oauthMetadata contains the discovery endpoint data for + OAuth 2.0 Authorization Server Metadata for an external OAuth server. + This discovery document can be viewed from its served location: oc + get --raw ''/.well-known/oauth-authorization-server'' For further + details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 + If oauthMetadata.name is non-empty, this value has precedence over + any metadata reference stored in status. The key "oauthMetadata" is + used to locate the data. If specified and the config map or expected + key is not found, no metadata is served. If the specified metadata + is not valid, no metadata is served. The namespace for this config + map is openshift-config.' + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced config + map + type: string + type: + description: type identifies the cluster managed, user facing authentication + mode in use. Specifically, it manages the component that responds + to login attempts. The default is IntegratedOAuth. + type: string + webhookTokenAuthenticators: + description: webhookTokenAuthenticators configures remote token reviewers. + These remote authentication webhooks can be used to verify bearer + tokens via the tokenreviews.authentication.k8s.io REST API. This + is required to honor bearer tokens that are provisioned by an external + authentication service. The namespace for these secrets is openshift-config. + type: array + items: + description: webhookTokenAuthenticator holds the necessary configuration + options for a remote token authenticator + type: object + properties: + kubeConfig: + description: 'kubeConfig contains kube config file data which + describes how to access the remote webhook service. For further + details, see: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication + The key "kubeConfig" is used to locate the data. If the secret + or expected key is not found, the webhook is not honored. If + the specified kube config data is not valid, the webhook is + not honored. The namespace for this secret is determined by + the point of use.' + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced secret + type: string + status: + description: status holds observed values from the cluster. They may not + be overridden. + type: object + properties: + integratedOAuthMetadata: + description: 'integratedOAuthMetadata contains the discovery endpoint + data for OAuth 2.0 Authorization Server Metadata for the in-cluster + integrated OAuth server. This discovery document can be viewed from + its served location: oc get --raw ''/.well-known/oauth-authorization-server'' + For further details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 + This contains the observed value based on cluster state. An explicitly + set value in spec.oauthMetadata has precedence over this field. This + field has no meaning if authentication spec.type is not set to IntegratedOAuth. + The key "oauthMetadata" is used to locate the data. If the config + map or expected key is not found, no metadata is served. If the specified + metadata is not valid, no metadata is served. The namespace for this + config map is openshift-config-managed.' + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced config + map + type: string diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_build.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_build.crd.yaml new file mode 100644 index 0000000000..961f4478b7 --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_build.crd.yaml @@ -0,0 +1,366 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: builds.config.openshift.io +spec: + group: config.openshift.io + scope: Cluster + preserveUnknownFields: false + names: + kind: Build + singular: build + plural: builds + listKind: BuildList + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + "validation": + "openAPIV3Schema": + description: "Build configures the behavior of OpenShift builds for the entire + cluster. This includes default settings that can be overridden in BuildConfig + objects, and overrides which are applied to all builds. \n The canonical name + is \"cluster\"" + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec holds user-settable values for the build controller configuration + type: object + properties: + additionalTrustedCA: + description: "AdditionalTrustedCA is a reference to a ConfigMap containing + additional CAs that should be trusted for image pushes and pulls during + builds. The namespace for this config map is openshift-config. \n + DEPRECATED: Additional CAs for image pull and push should be set on + image.config.openshift.io/cluster instead." + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced config + map + type: string + buildDefaults: + description: BuildDefaults controls the default information for Builds + type: object + properties: + defaultProxy: + description: "DefaultProxy contains the default proxy settings for + all build operations, including image pull/push and source download. + \n Values can be overrode by setting the `HTTP_PROXY`, `HTTPS_PROXY`, + and `NO_PROXY` environment variables in the build config's strategy." + type: object + properties: + httpProxy: + description: httpProxy is the URL of the proxy for HTTP requests. Empty + means unset and will not result in an env var. + type: string + httpsProxy: + description: httpsProxy is the URL of the proxy for HTTPS requests. Empty + means unset and will not result in an env var. + type: string + noProxy: + description: noProxy is a comma-separated list of hostnames + and/or CIDRs for which the proxy should not be used. Empty + means unset and will not result in an env var. + type: string + readinessEndpoints: + description: readinessEndpoints is a list of endpoints used + to verify readiness of the proxy. + type: array + items: + type: string + trustedCA: + description: "trustedCA is a reference to a ConfigMap containing + a CA certificate bundle used for client egress HTTPS connections. + The certificate bundle must be from the CA that signed the + proxy's certificate and be signed for everything. The trustedCA + field should only be consumed by a proxy validator. The validator + is responsible for reading the certificate bundle from required + key \"ca-bundle.crt\" and copying it to a ConfigMap named + \"trusted-ca-bundle\" in the \"openshift-config-managed\" + namespace. The namespace for the ConfigMap referenced by trustedCA + is \"openshift-config\". Here is an example ConfigMap (in + yaml): \n apiVersion: v1 kind: ConfigMap metadata: name: + user-ca-bundle namespace: openshift-config data: ca-bundle.crt: + | -----BEGIN CERTIFICATE----- Custom CA certificate + bundle. -----END CERTIFICATE-----" + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced + config map + type: string + env: + description: Env is a set of default environment variables that + will be applied to the build if the specified variables do not + exist on the build + type: array + items: + description: EnvVar represents an environment variable present + in a Container. + type: object + required: + - name + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a variable + cannot be resolved, the reference in the input string will + be unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable exists or + not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + type: object + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + type: object + required: + - key + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP.' + type: object + required: + - fieldPath + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + type: object + required: + - resource + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the exposed + resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + type: object + required: + - key + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + gitProxy: + description: "GitProxy contains the proxy settings for git operations + only. If set, this will override any Proxy settings for all git + commands, such as git clone. \n Values that are not set here will + be inherited from DefaultProxy." + type: object + properties: + httpProxy: + description: httpProxy is the URL of the proxy for HTTP requests. Empty + means unset and will not result in an env var. + type: string + httpsProxy: + description: httpsProxy is the URL of the proxy for HTTPS requests. Empty + means unset and will not result in an env var. + type: string + noProxy: + description: noProxy is a comma-separated list of hostnames + and/or CIDRs for which the proxy should not be used. Empty + means unset and will not result in an env var. + type: string + readinessEndpoints: + description: readinessEndpoints is a list of endpoints used + to verify readiness of the proxy. + type: array + items: + type: string + trustedCA: + description: "trustedCA is a reference to a ConfigMap containing + a CA certificate bundle used for client egress HTTPS connections. + The certificate bundle must be from the CA that signed the + proxy's certificate and be signed for everything. The trustedCA + field should only be consumed by a proxy validator. The validator + is responsible for reading the certificate bundle from required + key \"ca-bundle.crt\" and copying it to a ConfigMap named + \"trusted-ca-bundle\" in the \"openshift-config-managed\" + namespace. The namespace for the ConfigMap referenced by trustedCA + is \"openshift-config\". Here is an example ConfigMap (in + yaml): \n apiVersion: v1 kind: ConfigMap metadata: name: + user-ca-bundle namespace: openshift-config data: ca-bundle.crt: + | -----BEGIN CERTIFICATE----- Custom CA certificate + bundle. -----END CERTIFICATE-----" + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced + config map + type: string + imageLabels: + description: ImageLabels is a list of docker labels that are applied + to the resulting image. User can override a default label by providing + a label with the same name in their Build/BuildConfig. + type: array + items: + type: object + properties: + name: + description: Name defines the name of the label. It must have + non-zero length. + type: string + value: + description: Value defines the literal value of the label. + type: string + resources: + description: Resources defines resource requirements to execute + the build. + type: object + properties: + limits: + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + additionalProperties: + type: string + requests: + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + additionalProperties: + type: string + buildOverrides: + description: BuildOverrides controls override settings for builds + type: object + properties: + imageLabels: + description: ImageLabels is a list of docker labels that are applied + to the resulting image. If user provided a label in their Build/BuildConfig + with the same name as one in this list, the user's label will + be overwritten. + type: array + items: + type: object + properties: + name: + description: Name defines the name of the label. It must have + non-zero length. + type: string + value: + description: Value defines the literal value of the label. + type: string + nodeSelector: + description: NodeSelector is a selector which must be true for the + build pod to fit on a node + type: object + additionalProperties: + type: string + tolerations: + description: Tolerations is a list of Tolerations that will override + any existing tolerations set on a build pod. + type: array + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using the + matching operator . + type: object + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the + value. Valid operators are Exists and Equal. Defaults to + Equal. Exists is equivalent to wildcard for value, so that + a pod can tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time + the toleration (which must be of effect NoExecute, otherwise + this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do + not evict). Zero and negative values will be treated as + 0 (evict immediately) by the system. + type: integer + format: int64 + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_console.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_console.crd.yaml new file mode 100644 index 0000000000..b527f7aa32 --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_console.crd.yaml @@ -0,0 +1,70 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: consoles.config.openshift.io +spec: + scope: Cluster + preserveUnknownFields: false + group: config.openshift.io + names: + kind: Console + listKind: ConsoleList + plural: consoles + singular: console + subresources: + status: {} + versions: + - name: v1 + served: true + storage: true + "validation": + "openAPIV3Schema": + description: Console holds cluster-wide configuration for the web console, including + the logout URL, and reports the public URL of the console. The canonical name + is `cluster`. + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + type: object + properties: + authentication: + description: ConsoleAuthentication defines a list of optional configuration + for console authentication. + type: object + properties: + logoutRedirect: + description: 'An optional, absolute URL to redirect web browsers + to after logging out of the console. If not specified, it will + redirect to the default login page. This is required when using + an identity provider that supports single sign-on (SSO) such as: + - OpenID (Keycloak, Azure) - RequestHeader (GSSAPI, SSPI, SAML) + - OAuth (GitHub, GitLab, Google) Logging out of the console will + destroy the user''s token. The logoutRedirect provides the user + the option to perform single logout (SLO) through the identity + provider to destroy their single sign-on session.' + type: string + pattern: ^$|^((https):\/\/?)[^\s()<>]+(?:\([\w\d]+\)|([^[:punct:]\s]|\/?))$ + status: + description: status holds observed values from the cluster. They may not + be overridden. + type: object + properties: + consoleURL: + description: The URL for the console. This will be derived from the + host for the route that is created for the console. + type: string diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_dns.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_dns.crd.yaml new file mode 100644 index 0000000000..c883ee0f0c --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_dns.crd.yaml @@ -0,0 +1,100 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: dnses.config.openshift.io +spec: + group: config.openshift.io + names: + kind: DNS + listKind: DNSList + plural: dnses + singular: dns + scope: Cluster + preserveUnknownFields: false + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + "validation": + "openAPIV3Schema": + description: DNS holds cluster-wide information about DNS. The canonical name + is `cluster` + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + type: object + properties: + baseDomain: + description: "baseDomain is the base domain of the cluster. All managed + DNS records will be sub-domains of this base. \n For example, given + the base domain `openshift.example.com`, an API server DNS record + may be created for `cluster-api.openshift.example.com`. \n Once set, + this field cannot be changed." + type: string + privateZone: + description: "privateZone is the location where all the DNS records + that are only available internally to the cluster exist. \n If this + field is nil, no private records should be created. \n Once set, this + field cannot be changed." + type: object + properties: + id: + description: "id is the identifier that can be used to find the + DNS hosted zone. \n on AWS zone can be fetched using `ID` as id + in [1] on Azure zone can be fetched using `ID` as a pre-determined + name in [2], on GCP zone can be fetched using `ID` as a pre-determined + name in [3]. \n [1]: https://docs.aws.amazon.com/cli/latest/reference/route53/get-hosted-zone.html#options + [2]: https://docs.microsoft.com/en-us/cli/azure/network/dns/zone?view=azure-cli-latest#az-network-dns-zone-show + [3]: https://cloud.google.com/dns/docs/reference/v1/managedZones/get" + type: string + tags: + description: "tags can be used to query the DNS hosted zone. \n + on AWS, resourcegroupstaggingapi [1] can be used to fetch a zone + using `Tags` as tag-filters, \n [1]: https://docs.aws.amazon.com/cli/latest/reference/resourcegroupstaggingapi/get-resources.html#options" + type: object + additionalProperties: + type: string + publicZone: + description: "publicZone is the location where all the DNS records that + are publicly accessible to the internet exist. \n If this field is + nil, no public records should be created. \n Once set, this field + cannot be changed." + type: object + properties: + id: + description: "id is the identifier that can be used to find the + DNS hosted zone. \n on AWS zone can be fetched using `ID` as id + in [1] on Azure zone can be fetched using `ID` as a pre-determined + name in [2], on GCP zone can be fetched using `ID` as a pre-determined + name in [3]. \n [1]: https://docs.aws.amazon.com/cli/latest/reference/route53/get-hosted-zone.html#options + [2]: https://docs.microsoft.com/en-us/cli/azure/network/dns/zone?view=azure-cli-latest#az-network-dns-zone-show + [3]: https://cloud.google.com/dns/docs/reference/v1/managedZones/get" + type: string + tags: + description: "tags can be used to query the DNS hosted zone. \n + on AWS, resourcegroupstaggingapi [1] can be used to fetch a zone + using `Tags` as tag-filters, \n [1]: https://docs.aws.amazon.com/cli/latest/reference/resourcegroupstaggingapi/get-resources.html#options" + type: object + additionalProperties: + type: string + status: + description: status holds observed values from the cluster. They may not + be overridden. + type: object diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_featuregate.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_featuregate.crd.yaml new file mode 100644 index 0000000000..89084a33f5 --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_featuregate.crd.yaml @@ -0,0 +1,76 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: featuregates.config.openshift.io +spec: + group: config.openshift.io + version: v1 + scope: Cluster + preserveUnknownFields: false + names: + kind: FeatureGate + singular: featuregate + plural: featuregates + listKind: FeatureGateList + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + "validation": + "openAPIV3Schema": + description: Feature holds cluster-wide information about feature gates. The + canonical name is `cluster` + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + type: object + properties: + customNoUpgrade: + description: customNoUpgrade allows the enabling or disabling of any + feature. Turning this feature set on IS NOT SUPPORTED, CANNOT BE UNDONE, + and PREVENTS UPGRADES. Because of its nature, this setting cannot + be validated. If you have any typos or accidentally apply invalid + combinations your cluster may fail in an unrecoverable way. featureSet + must equal "CustomNoUpgrade" must be set to use this field. + type: object + properties: + disabled: + description: disabled is a list of all feature gates that you want + to force off + type: array + items: + type: string + enabled: + description: enabled is a list of all feature gates that you want + to force on + type: array + items: + type: string + nullable: true + featureSet: + description: featureSet changes the list of features in the cluster. The + default is empty. Be very careful adjusting this setting. Turning + on or off features may cause irreversible changes in your cluster + which cannot be undone. + type: string + status: + description: status holds observed values from the cluster. They may not + be overridden. + type: object diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_image.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_image.crd.yaml new file mode 100644 index 0000000000..a0fd487092 --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_image.crd.yaml @@ -0,0 +1,144 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: images.config.openshift.io +spec: + group: config.openshift.io + scope: Cluster + preserveUnknownFields: false + names: + kind: Image + singular: image + plural: images + listKind: ImageList + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + "validation": + "openAPIV3Schema": + description: Image governs policies related to imagestream imports and runtime + configuration for external registries. It allows cluster admins to configure + which registries OpenShift is allowed to import images from, extra CA trust + bundles for external registries, and policies to blacklist/whitelist registry + hostnames. When exposing OpenShift's image registry to the public, this also + lets cluster admins specify the external hostname. + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + type: object + properties: + additionalTrustedCA: + description: additionalTrustedCA is a reference to a ConfigMap containing + additional CAs that should be trusted during imagestream import, pod + image pull, build image pull, and imageregistry pullthrough. The namespace + for this config map is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced config + map + type: string + allowedRegistriesForImport: + description: allowedRegistriesForImport limits the container image registries + that normal users may import images from. Set this list to the registries + that you trust to contain valid Docker images and that you want applications + to be able to import from. Users with permission to create Images + or ImageStreamMappings via the API are not affected by this policy + - typically only administrators or system integrations will have those + permissions. + type: array + items: + description: RegistryLocation contains a location of the registry + specified by the registry domain name. The domain name might include + wildcards, like '*' or '??'. + type: object + properties: + domainName: + description: domainName specifies a domain name for the registry + In case the registry use non-standard (80 or 443) port, the + port should be included in the domain name as well. + type: string + insecure: + description: insecure indicates whether the registry is secure + (https) or insecure (http) By default (if not specified) the + registry is assumed as secure. + type: boolean + externalRegistryHostnames: + description: externalRegistryHostnames provides the hostnames for the + default external image registry. The external hostname should be set + only when the image registry is exposed externally. The first value + is used in 'publicDockerImageRepository' field in ImageStreams. The + value must be in "hostname[:port]" format. + type: array + items: + type: string + registrySources: + description: registrySources contains configuration that determines + how the container runtime should treat individual registries when + accessing images for builds+pods. (e.g. whether or not to allow insecure + access). It does not contain configuration for the internal cluster + registry. + type: object + properties: + allowedRegistries: + description: "allowedRegistries are whitelisted for image pull/push. + All other registries are blocked. \n Only one of BlockedRegistries + or AllowedRegistries may be set." + type: array + items: + type: string + blockedRegistries: + description: "blockedRegistries are blacklisted from image pull/push. + All other registries are allowed. \n Only one of BlockedRegistries + or AllowedRegistries may be set." + type: array + items: + type: string + insecureRegistries: + description: insecureRegistries are registries which do not have + a valid TLS certificates or only support HTTP connections. + type: array + items: + type: string + status: + description: status holds observed values from the cluster. They may not + be overridden. + type: object + properties: + externalRegistryHostnames: + description: externalRegistryHostnames provides the hostnames for the + default external image registry. The external hostname should be set + only when the image registry is exposed externally. The first value + is used in 'publicDockerImageRepository' field in ImageStreams. The + value must be in "hostname[:port]" format. + type: array + items: + type: string + internalRegistryHostname: + description: internalRegistryHostname sets the hostname for the default + internal image registry. The value must be in "hostname[:port]" format. + This value is set by the image registry operator which controls the + internal registry hostname. For backward compatibility, users can + still use OPENSHIFT_DEFAULT_REGISTRY environment variable but this + setting overrides the environment variable. + type: string diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure.crd.yaml new file mode 100644 index 0000000000..2aba542dae --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure.crd.yaml @@ -0,0 +1,221 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: infrastructures.config.openshift.io +spec: + group: config.openshift.io + names: + kind: Infrastructure + listKind: InfrastructureList + plural: infrastructures + singular: infrastructure + scope: Cluster + preserveUnknownFields: false + versions: + - name: v1 + served: true + storage: true + "validation": + "openAPIV3Schema": + description: Infrastructure holds cluster-wide information about Infrastructure. The + canonical name is `cluster` + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + type: object + properties: + cloudConfig: + description: cloudConfig is a reference to a ConfigMap containing the + cloud provider configuration file. This configuration file is used + to configure the Kubernetes cloud provider integration when using + the built-in cloud provider integration or the external cloud controller + manager. The namespace for this config map is openshift-config. + type: object + properties: + key: + description: Key allows pointing to a specific key/value inside + of the configmap. This is useful for logical file references. + type: string + name: + type: string + status: + description: status holds observed values from the cluster. They may not + be overridden. + type: object + properties: + apiServerInternalURI: + description: apiServerInternalURL is a valid URI with scheme(http/https), + address and port. apiServerInternalURL can be used by components + like kubelets, to contact the Kubernetes API server using the infrastructure + provider rather than Kubernetes networking. + type: string + apiServerURL: + description: apiServerURL is a valid URI with scheme(http/https), address + and port. apiServerURL can be used by components like the web console + to tell users where to find the Kubernetes API. + type: string + etcdDiscoveryDomain: + description: 'etcdDiscoveryDomain is the domain used to fetch the SRV + records for discovering etcd servers and clients. For more info: https://github.com/etcd-io/etcd/blob/329be66e8b3f9e2e6af83c123ff89297e49ebd15/Documentation/op-guide/clustering.md#dns-discovery' + type: string + infrastructureName: + description: infrastructureName uniquely identifies a cluster with a + human friendly name. Once set it should not be changed. Must be of + max length 27 and must have only alphanumeric or hyphen characters. + type: string + platform: + description: "platform is the underlying infrastructure provider for + the cluster. \n Deprecated: Use platformStatus.type instead." + type: string + platformStatus: + description: platformStatus holds status information specific to the + underlying infrastructure provider. + type: object + properties: + aws: + description: AWS contains settings specific to the Amazon Web Services + infrastructure provider. + type: object + properties: + region: + description: region holds the default AWS region for new AWS + resources created by the cluster. + type: string + azure: + description: Azure contains settings specific to the Azure infrastructure + provider. + type: object + properties: + networkResourceGroupName: + description: networkResourceGroupName is the Resource Group + for network resources like the Virtual Network and Subnets + used by the cluster. If empty, the value is same as ResourceGroupName. + type: string + resourceGroupName: + description: resourceGroupName is the Resource Group for new + Azure resources created for the cluster. + type: string + baremetal: + description: BareMetal contains settings specific to the BareMetal + platform. + type: object + properties: + apiServerInternalIP: + description: apiServerInternalIP is an IP address to contact + the Kubernetes API server that can be used by components inside + the cluster, like kubelets using the infrastructure rather + than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI + points to. It is the IP for a self-hosted load balancer in + front of the API servers. + type: string + ingressIP: + description: ingressIP is an external IP which routes to the + default ingress controller. The IP is a suitable target of + a wildcard DNS record used to resolve default route host names. + type: string + nodeDNSIP: + description: nodeDNSIP is the IP address for the internal DNS + used by the nodes. Unlike the one managed by the DNS operator, + `NodeDNSIP` provides name resolution for the nodes themselves. + There is no DNS-as-a-service for BareMetal deployments. In + order to minimize necessary changes to the datacenter DNS, + a DNS service is hosted as a static pod to serve those hostnames + to the nodes in the cluster. + type: string + gcp: + description: GCP contains settings specific to the Google Cloud + Platform infrastructure provider. + type: object + properties: + projectID: + description: resourceGroupName is the Project ID for new GCP + resources created for the cluster. + type: string + region: + description: region holds the region for new GCP resources created + for the cluster. + type: string + openstack: + description: OpenStack contains settings specific to the OpenStack + infrastructure provider. + type: object + properties: + apiServerInternalIP: + description: apiServerInternalIP is an IP address to contact + the Kubernetes API server that can be used by components inside + the cluster, like kubelets using the infrastructure rather + than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI + points to. It is the IP for a self-hosted load balancer in + front of the API servers. + type: string + cloudName: + description: cloudName is the name of the desired OpenStack + cloud in the client configuration file (`clouds.yaml`). + type: string + ingressIP: + description: ingressIP is an external IP which routes to the + default ingress controller. The IP is a suitable target of + a wildcard DNS record used to resolve default route host names. + type: string + nodeDNSIP: + description: nodeDNSIP is the IP address for the internal DNS + used by the nodes. Unlike the one managed by the DNS operator, + `NodeDNSIP` provides name resolution for the nodes themselves. + There is no DNS-as-a-service for OpenStack deployments. In + order to minimize necessary changes to the datacenter DNS, + a DNS service is hosted as a static pod to serve those hostnames + to the nodes in the cluster. + type: string + ovirt: + description: Ovirt contains settings specific to the oVirt infrastructure + provider. + type: object + properties: + apiServerInternalIP: + description: apiServerInternalIP is an IP address to contact + the Kubernetes API server that can be used by components inside + the cluster, like kubelets using the infrastructure rather + than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI + points to. It is the IP for a self-hosted load balancer in + front of the API servers. + type: string + ingressIP: + description: ingressIP is an external IP which routes to the + default ingress controller. The IP is a suitable target of + a wildcard DNS record used to resolve default route host names. + type: string + nodeDNSIP: + description: nodeDNSIP is the IP address for the internal DNS + used by the nodes. Unlike the one managed by the DNS operator, + `NodeDNSIP` provides name resolution for the nodes themselves. + There is no DNS-as-a-service for oVirt deployments. In order + to minimize necessary changes to the datacenter DNS, a DNS + service is hosted as a static pod to serve those hostnames + to the nodes in the cluster. + type: string + type: + description: type is the underlying infrastructure provider for + the cluster. This value controls whether infrastructure automation + such as service load balancers, dynamic volume provisioning, machine + creation and deletion, and other integrations are enabled. If + None, no infrastructure automation is enabled. Allowed values + are "AWS", "Azure", "BareMetal", "GCP", "Libvirt", "OpenStack", + "VSphere", "oVirt", and "None". Individual components may not + support all platforms, and must handle unrecognized platforms + as None if they do not support that platform. + type: string diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_ingress.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_ingress.crd.yaml new file mode 100644 index 0000000000..ada4404256 --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_ingress.crd.yaml @@ -0,0 +1,55 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: ingresses.config.openshift.io +spec: + group: config.openshift.io + names: + kind: Ingress + listKind: IngressList + plural: ingresses + singular: ingress + scope: Cluster + preserveUnknownFields: false + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + "validation": + "openAPIV3Schema": + description: Ingress holds cluster-wide information about ingress, including + the default ingress domain used for routes. The canonical name is `cluster`. + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + type: object + properties: + domain: + description: "domain is used to generate a default host name for a route + when the route's host name is empty. The generated host name will + follow this pattern: \"..\". + \n It is also used as the default wildcard domain suffix for ingress. + The default ingresscontroller domain will follow this pattern: \"*.\". + \n Once set, changing domain is not currently supported." + type: string + status: + description: status holds observed values from the cluster. They may not + be overridden. + type: object diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_network.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_network.crd.yaml new file mode 100644 index 0000000000..bc3b62a871 --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_network.crd.yaml @@ -0,0 +1,141 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: networks.config.openshift.io +spec: + group: config.openshift.io + names: + kind: Network + listKind: NetworkList + plural: networks + singular: network + scope: Cluster + preserveUnknownFields: false + versions: + - name: v1 + served: true + storage: true + "validation": + "openAPIV3Schema": + description: 'Network holds cluster-wide information about Network. The canonical + name is `cluster`. It is used to configure the desired network configuration, + such as: IP address pools for services/pod IPs, network plugin, etc. Please + view network.spec for an explanation on what applies when configuring this + resource.' + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration. As a general + rule, this SHOULD NOT be read directly. Instead, you should consume the + NetworkStatus, as it indicates the currently deployed configuration. Currently, + most spec fields are immutable after installation. Please view the individual + ones for further details on each. + type: object + properties: + clusterNetwork: + description: IP address pool to use for pod IPs. This field is immutable + after installation. + type: array + items: + description: ClusterNetworkEntry is a contiguous block of IP addresses + from which pod IPs are allocated. + type: object + properties: + cidr: + description: The complete block for pod IPs. + type: string + hostPrefix: + description: The size (prefix) of block to allocate to each node. + type: integer + format: int32 + minimum: 0 + externalIP: + description: externalIP defines configuration for controllers that affect + Service.ExternalIP. If nil, then ExternalIP is not allowed to be set. + type: object + properties: + autoAssignCIDRs: + description: autoAssignCIDRs is a list of CIDRs from which to automatically + assign Service.ExternalIP. These are assigned when the service + is of type LoadBalancer. In general, this is only useful for bare-metal + clusters. In Openshift 3.x, this was misleadingly called "IngressIPs". + Automatically assigned External IPs are not affected by any ExternalIPPolicy + rules. Currently, only one entry may be provided. + type: array + items: + type: string + policy: + description: policy is a set of restrictions applied to the ExternalIP + field. If nil or empty, then ExternalIP is not allowed to be set. + type: object + properties: + allowedCIDRs: + description: allowedCIDRs is the list of allowed CIDRs. + type: array + items: + type: string + rejectedCIDRs: + description: rejectedCIDRs is the list of disallowed CIDRs. + These take precedence over allowedCIDRs. + type: array + items: + type: string + networkType: + description: 'NetworkType is the plugin that is to be deployed (e.g. + OpenShiftSDN). This should match a value that the cluster-network-operator + understands, or else no networking will be installed. Currently supported + values are: - OpenShiftSDN This field is immutable after installation.' + type: string + serviceNetwork: + description: IP address pool for services. Currently, we only support + a single entry here. This field is immutable after installation. + type: array + items: + type: string + status: + description: status holds observed values from the cluster. They may not + be overridden. + type: object + properties: + clusterNetwork: + description: IP address pool to use for pod IPs. + type: array + items: + description: ClusterNetworkEntry is a contiguous block of IP addresses + from which pod IPs are allocated. + type: object + properties: + cidr: + description: The complete block for pod IPs. + type: string + hostPrefix: + description: The size (prefix) of block to allocate to each node. + type: integer + format: int32 + minimum: 0 + clusterNetworkMTU: + description: ClusterNetworkMTU is the MTU for inter-pod networking. + type: integer + networkType: + description: NetworkType is the plugin that is deployed (e.g. OpenShiftSDN). + type: string + serviceNetwork: + description: IP address pool for services. Currently, we only support + a single entry here. + type: array + items: + type: string diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_oauth.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_oauth.crd.yaml new file mode 100644 index 0000000000..fd763d0477 --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_oauth.crd.yaml @@ -0,0 +1,661 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: oauths.config.openshift.io +spec: + group: config.openshift.io + names: + kind: OAuth + listKind: OAuthList + plural: oauths + singular: oauth + scope: Cluster + preserveUnknownFields: false + subresources: + status: {} + versions: + - name: v1 + served: true + storage: true + "validation": + "openAPIV3Schema": + description: OAuth holds cluster-wide information about OAuth. The canonical + name is `cluster`. It is used to configure the integrated OAuth server. This + configuration is only honored when the top level Authentication config has + type set to IntegratedOAuth. + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: OAuthSpec contains desired cluster auth configuration + type: object + properties: + identityProviders: + description: identityProviders is an ordered list of ways for a user + to identify themselves. When this list is empty, no identities are + provisioned for users. + type: array + items: + description: IdentityProvider provides identities for users authenticating + using credentials + type: object + properties: + basicAuth: + description: basicAuth contains configuration options for the + BasicAuth IdP + type: object + properties: + ca: + description: ca is an optional reference to a config map by + name containing the PEM-encoded CA bundle. It is used as + a trust anchor to validate the TLS certificate presented + by the remote server. The key "ca.crt" is used to locate + the data. If specified and the config map or expected key + is not found, the identity provider is not honored. If the + specified ca data is not valid, the identity provider is + not honored. If empty, the default system roots are used. + The namespace for this config map is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced + config map + type: string + tlsClientCert: + description: tlsClientCert is an optional reference to a secret + by name that contains the PEM-encoded TLS client certificate + to present when connecting to the server. The key "tls.crt" + is used to locate the data. If specified and the secret + or expected key is not found, the identity provider is not + honored. If the specified certificate data is not valid, + the identity provider is not honored. The namespace for + this secret is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced + secret + type: string + tlsClientKey: + description: tlsClientKey is an optional reference to a secret + by name that contains the PEM-encoded TLS private key for + the client certificate referenced in tlsClientCert. The + key "tls.key" is used to locate the data. If specified and + the secret or expected key is not found, the identity provider + is not honored. If the specified certificate data is not + valid, the identity provider is not honored. The namespace + for this secret is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced + secret + type: string + url: + description: url is the remote URL to connect to + type: string + github: + description: github enables user authentication using GitHub credentials + type: object + properties: + ca: + description: ca is an optional reference to a config map by + name containing the PEM-encoded CA bundle. It is used as + a trust anchor to validate the TLS certificate presented + by the remote server. The key "ca.crt" is used to locate + the data. If specified and the config map or expected key + is not found, the identity provider is not honored. If the + specified ca data is not valid, the identity provider is + not honored. If empty, the default system roots are used. + This can only be configured when hostname is set to a non-empty + value. The namespace for this config map is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced + config map + type: string + clientID: + description: clientID is the oauth client ID + type: string + clientSecret: + description: clientSecret is a required reference to the secret + by name containing the oauth client secret. The key "clientSecret" + is used to locate the data. If the secret or expected key + is not found, the identity provider is not honored. The + namespace for this secret is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced + secret + type: string + hostname: + description: hostname is the optional domain (e.g. "mycompany.com") + for use with a hosted instance of GitHub Enterprise. It + must match the GitHub Enterprise settings value configured + at /setup/settings#hostname. + type: string + organizations: + description: organizations optionally restricts which organizations + are allowed to log in + type: array + items: + type: string + teams: + description: teams optionally restricts which teams are allowed + to log in. Format is /. + type: array + items: + type: string + gitlab: + description: gitlab enables user authentication using GitLab credentials + type: object + properties: + ca: + description: ca is an optional reference to a config map by + name containing the PEM-encoded CA bundle. It is used as + a trust anchor to validate the TLS certificate presented + by the remote server. The key "ca.crt" is used to locate + the data. If specified and the config map or expected key + is not found, the identity provider is not honored. If the + specified ca data is not valid, the identity provider is + not honored. If empty, the default system roots are used. + The namespace for this config map is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced + config map + type: string + clientID: + description: clientID is the oauth client ID + type: string + clientSecret: + description: clientSecret is a required reference to the secret + by name containing the oauth client secret. The key "clientSecret" + is used to locate the data. If the secret or expected key + is not found, the identity provider is not honored. The + namespace for this secret is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced + secret + type: string + url: + description: url is the oauth server base URL + type: string + google: + description: google enables user authentication using Google credentials + type: object + properties: + clientID: + description: clientID is the oauth client ID + type: string + clientSecret: + description: clientSecret is a required reference to the secret + by name containing the oauth client secret. The key "clientSecret" + is used to locate the data. If the secret or expected key + is not found, the identity provider is not honored. The + namespace for this secret is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced + secret + type: string + hostedDomain: + description: hostedDomain is the optional Google App domain + (e.g. "mycompany.com") to restrict logins to + type: string + htpasswd: + description: htpasswd enables user authentication using an HTPasswd + file to validate credentials + type: object + properties: + fileData: + description: fileData is a required reference to a secret + by name containing the data to use as the htpasswd file. + The key "htpasswd" is used to locate the data. If the secret + or expected key is not found, the identity provider is not + honored. If the specified htpasswd data is not valid, the + identity provider is not honored. The namespace for this + secret is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced + secret + type: string + keystone: + description: keystone enables user authentication using keystone + password credentials + type: object + properties: + ca: + description: ca is an optional reference to a config map by + name containing the PEM-encoded CA bundle. It is used as + a trust anchor to validate the TLS certificate presented + by the remote server. The key "ca.crt" is used to locate + the data. If specified and the config map or expected key + is not found, the identity provider is not honored. If the + specified ca data is not valid, the identity provider is + not honored. If empty, the default system roots are used. + The namespace for this config map is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced + config map + type: string + domainName: + description: domainName is required for keystone v3 + type: string + tlsClientCert: + description: tlsClientCert is an optional reference to a secret + by name that contains the PEM-encoded TLS client certificate + to present when connecting to the server. The key "tls.crt" + is used to locate the data. If specified and the secret + or expected key is not found, the identity provider is not + honored. If the specified certificate data is not valid, + the identity provider is not honored. The namespace for + this secret is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced + secret + type: string + tlsClientKey: + description: tlsClientKey is an optional reference to a secret + by name that contains the PEM-encoded TLS private key for + the client certificate referenced in tlsClientCert. The + key "tls.key" is used to locate the data. If specified and + the secret or expected key is not found, the identity provider + is not honored. If the specified certificate data is not + valid, the identity provider is not honored. The namespace + for this secret is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced + secret + type: string + url: + description: url is the remote URL to connect to + type: string + ldap: + description: ldap enables user authentication using LDAP credentials + type: object + properties: + attributes: + description: attributes maps LDAP attributes to identities + type: object + properties: + email: + description: email is the list of attributes whose values + should be used as the email address. Optional. If unspecified, + no email is set for the identity + type: array + items: + type: string + id: + description: id is the list of attributes whose values + should be used as the user ID. Required. First non-empty + attribute is used. At least one attribute is required. + If none of the listed attribute have a value, authentication + fails. LDAP standard identity attribute is "dn" + type: array + items: + type: string + name: + description: name is the list of attributes whose values + should be used as the display name. Optional. If unspecified, + no display name is set for the identity LDAP standard + display name attribute is "cn" + type: array + items: + type: string + preferredUsername: + description: preferredUsername is the list of attributes + whose values should be used as the preferred username. + LDAP standard login attribute is "uid" + type: array + items: + type: string + bindDN: + description: bindDN is an optional DN to bind with during + the search phase. + type: string + bindPassword: + description: bindPassword is an optional reference to a secret + by name containing a password to bind with during the search + phase. The key "bindPassword" is used to locate the data. + If specified and the secret or expected key is not found, + the identity provider is not honored. The namespace for + this secret is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced + secret + type: string + ca: + description: ca is an optional reference to a config map by + name containing the PEM-encoded CA bundle. It is used as + a trust anchor to validate the TLS certificate presented + by the remote server. The key "ca.crt" is used to locate + the data. If specified and the config map or expected key + is not found, the identity provider is not honored. If the + specified ca data is not valid, the identity provider is + not honored. If empty, the default system roots are used. + The namespace for this config map is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced + config map + type: string + insecure: + description: 'insecure, if true, indicates the connection + should not use TLS WARNING: Should not be set to `true` + with the URL scheme "ldaps://" as "ldaps://" URLs always attempt + to connect using TLS, even when `insecure` is set to `true` + When `true`, "ldap://" URLS connect insecurely. When `false`, + "ldap://" URLs are upgraded to a TLS connection using StartTLS + as specified in https://tools.ietf.org/html/rfc2830.' + type: boolean + url: + description: 'url is an RFC 2255 URL which specifies the LDAP + search parameters to use. The syntax of the URL is: ldap://host:port/basedn?attribute?scope?filter' + type: string + mappingMethod: + description: mappingMethod determines how identities from this + provider are mapped to users Defaults to "claim" + type: string + name: + description: 'name is used to qualify the identities returned + by this provider. - It MUST be unique and not shared by any + other identity provider used - It MUST be a valid path segment: + name cannot equal "." or ".." or contain "/" or "%" or ":" Ref: + https://godoc.org/github.com/openshift/origin/pkg/user/apis/user/validation#ValidateIdentityProviderName' + type: string + openID: + description: openID enables user authentication using OpenID credentials + type: object + properties: + ca: + description: ca is an optional reference to a config map by + name containing the PEM-encoded CA bundle. It is used as + a trust anchor to validate the TLS certificate presented + by the remote server. The key "ca.crt" is used to locate + the data. If specified and the config map or expected key + is not found, the identity provider is not honored. If the + specified ca data is not valid, the identity provider is + not honored. If empty, the default system roots are used. + The namespace for this config map is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced + config map + type: string + claims: + description: claims mappings + type: object + properties: + email: + description: email is the list of claims whose values + should be used as the email address. Optional. If unspecified, + no email is set for the identity + type: array + items: + type: string + name: + description: name is the list of claims whose values should + be used as the display name. Optional. If unspecified, + no display name is set for the identity + type: array + items: + type: string + preferredUsername: + description: preferredUsername is the list of claims whose + values should be used as the preferred username. If + unspecified, the preferred username is determined from + the value of the sub claim + type: array + items: + type: string + clientID: + description: clientID is the oauth client ID + type: string + clientSecret: + description: clientSecret is a required reference to the secret + by name containing the oauth client secret. The key "clientSecret" + is used to locate the data. If the secret or expected key + is not found, the identity provider is not honored. The + namespace for this secret is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced + secret + type: string + extraAuthorizeParameters: + description: extraAuthorizeParameters are any custom parameters + to add to the authorize request. + type: object + additionalProperties: + type: string + extraScopes: + description: extraScopes are any scopes to request in addition + to the standard "openid" scope. + type: array + items: + type: string + issuer: + description: issuer is the URL that the OpenID Provider asserts + as its Issuer Identifier. It must use the https scheme with + no query or fragment component. + type: string + requestHeader: + description: requestHeader enables user authentication using request + header credentials + type: object + properties: + ca: + description: ca is a required reference to a config map by + name containing the PEM-encoded CA bundle. It is used as + a trust anchor to validate the TLS certificate presented + by the remote server. Specifically, it allows verification + of incoming requests to prevent header spoofing. The key + "ca.crt" is used to locate the data. If the config map or + expected key is not found, the identity provider is not + honored. If the specified ca data is not valid, the identity + provider is not honored. The namespace for this config map + is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced + config map + type: string + challengeURL: + description: challengeURL is a URL to redirect unauthenticated + /authorize requests to Unauthenticated requests from OAuth + clients which expect WWW-Authenticate challenges will be + redirected here. ${url} is replaced with the current URL, + escaped to be safe in a query parameter https://www.example.com/sso-login?then=${url} + ${query} is replaced with the current query string https://www.example.com/auth-proxy/oauth/authorize?${query} + Required when challenge is set to true. + type: string + clientCommonNames: + description: clientCommonNames is an optional list of common + names to require a match from. If empty, any client certificate + validated against the clientCA bundle is considered authoritative. + type: array + items: + type: string + emailHeaders: + description: emailHeaders is the set of headers to check for + the email address + type: array + items: + type: string + headers: + description: headers is the set of headers to check for identity + information + type: array + items: + type: string + loginURL: + description: loginURL is a URL to redirect unauthenticated + /authorize requests to Unauthenticated requests from OAuth + clients which expect interactive logins will be redirected + here ${url} is replaced with the current URL, escaped to + be safe in a query parameter https://www.example.com/sso-login?then=${url} + ${query} is replaced with the current query string https://www.example.com/auth-proxy/oauth/authorize?${query} + Required when login is set to true. + type: string + nameHeaders: + description: nameHeaders is the set of headers to check for + the display name + type: array + items: + type: string + preferredUsernameHeaders: + description: preferredUsernameHeaders is the set of headers + to check for the preferred username + type: array + items: + type: string + type: + description: type identifies the identity provider type for this + entry. + type: string + templates: + description: templates allow you to customize pages like the login page. + type: object + properties: + error: + description: error is the name of a secret that specifies a go template + to use to render error pages during the authentication or grant + flow. The key "errors.html" is used to locate the template data. + If specified and the secret or expected key is not found, the + default error page is used. If the specified template is not valid, + the default error page is used. If unspecified, the default error + page is used. The namespace for this secret is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced secret + type: string + login: + description: login is the name of a secret that specifies a go template + to use to render the login page. The key "login.html" is used + to locate the template data. If specified and the secret or expected + key is not found, the default login page is used. If the specified + template is not valid, the default login page is used. If unspecified, + the default login page is used. The namespace for this secret + is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced secret + type: string + providerSelection: + description: providerSelection is the name of a secret that specifies + a go template to use to render the provider selection page. The + key "providers.html" is used to locate the template data. If specified + and the secret or expected key is not found, the default provider + selection page is used. If the specified template is not valid, + the default provider selection page is used. If unspecified, the + default provider selection page is used. The namespace for this + secret is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced secret + type: string + tokenConfig: + description: tokenConfig contains options for authorization and access + tokens + type: object + properties: + accessTokenInactivityTimeoutSeconds: + description: 'accessTokenInactivityTimeoutSeconds defines the default + token inactivity timeout for tokens granted by any client. The + value represents the maximum amount of time that can occur between + consecutive uses of the token. Tokens become invalid if they are + not used within this temporal window. The user will need to acquire + a new token to regain access once a token times out. Valid values + are integer values: x < 0 Tokens time out is enabled but tokens + never timeout unless configured per client (e.g. `-1`) x = 0 Tokens + time out is disabled (default) x > 0 Tokens time out if there + is no activity for x seconds The current minimum allowed value + for X is 300 (5 minutes)' + type: integer + format: int32 + accessTokenMaxAgeSeconds: + description: accessTokenMaxAgeSeconds defines the maximum age of + access tokens + type: integer + format: int32 + status: + description: OAuthStatus shows current known state of OAuth server in the + cluster + type: object diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_project.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_project.crd.yaml new file mode 100644 index 0000000000..a625aa6171 --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_project.crd.yaml @@ -0,0 +1,63 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: projects.config.openshift.io +spec: + group: config.openshift.io + scope: Cluster + preserveUnknownFields: false + versions: + - name: v1 + served: true + storage: true + names: + kind: Project + listKind: ProjectList + plural: projects + singular: project + subresources: + status: {} + "validation": + "openAPIV3Schema": + description: Project holds cluster-wide information about Project. The canonical + name is `cluster` + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + type: object + properties: + projectRequestMessage: + description: projectRequestMessage is the string presented to a user + if they are unable to request a project via the projectrequest api + endpoint + type: string + projectRequestTemplate: + description: projectRequestTemplate is the template to use for creating + projects in response to projectrequest. This must point to a template + in 'openshift-config' namespace. It is optional. If it is not specified, + a default template is used. + type: object + properties: + name: + description: name is the metadata.name of the referenced project + request template + type: string + status: + description: status holds observed values from the cluster. They may not + be overridden. + type: object diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_scheduler.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_scheduler.crd.yaml new file mode 100644 index 0000000000..6f5336c8f6 --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_scheduler.crd.yaml @@ -0,0 +1,88 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: schedulers.config.openshift.io +spec: + group: config.openshift.io + scope: Cluster + preserveUnknownFields: false + names: + kind: Scheduler + singular: scheduler + plural: schedulers + listKind: SchedulerList + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + "validation": + "openAPIV3Schema": + description: Scheduler holds cluster-wide config information to run the Kubernetes + Scheduler and influence its placement decisions. The canonical name for this + config is `cluster`. + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + type: object + properties: + defaultNodeSelector: + description: 'defaultNodeSelector helps set the cluster-wide default + node selector to restrict pod placement to specific nodes. This is + applied to the pods created in all namespaces without a specified + nodeSelector value. For example, defaultNodeSelector: "type=user-node,region=east" + would set nodeSelector field in pod spec to "type=user-node,region=east" + to all pods created in all namespaces. Namespaces having project-wide + node selectors won''t be impacted even if this field is set. This + adds an annotation section to the namespace. For example, if a new + namespace is created with node-selector=''type=user-node,region=east'', + the annotation openshift.io/node-selector: type=user-node,region=east + gets added to the project. When the openshift.io/node-selector annotation + is set on the project the value is used in preference to the value + we are setting for defaultNodeSelector field. For instance, openshift.io/node-selector: + "type=user-node,region=west" means that the default of "type=user-node,region=east" + set in defaultNodeSelector would not be applied.' + type: string + mastersSchedulable: + description: 'MastersSchedulable allows masters nodes to be schedulable. + When this flag is turned on, all the master nodes in the cluster will + be made schedulable, so that workload pods can run on them. The default + value for this field is false, meaning none of the master nodes are + schedulable. Important Note: Once the workload pods start running + on the master nodes, extreme care must be taken to ensure that cluster-critical + control plane components are not impacted. Please turn on this field + after doing due diligence.' + type: boolean + policy: + description: policy is a reference to a ConfigMap containing scheduler + policy which has user specified predicates and priorities. If this + ConfigMap is not available scheduler will default to use DefaultAlgorithmProvider. + The namespace for this configmap is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced config + map + type: string + status: + description: status holds observed values from the cluster. They may not + be overridden. + type: object diff --git a/vendor/github.com/openshift/api/config/v1/types.go b/vendor/github.com/openshift/api/config/v1/types.go index ca36f67775..dcec0ccf5d 100644 --- a/vendor/github.com/openshift/api/config/v1/types.go +++ b/vendor/github.com/openshift/api/config/v1/types.go @@ -167,6 +167,7 @@ type AdmissionPluginConfig struct { // Configuration is an embedded configuration object to be used as the plugin's // configuration. If present, it will be used instead of the path to the configuration file. // +nullable + // +kubebuilder:validation:PreserveUnknownFields Configuration runtime.RawExtension `json:"configuration"` } @@ -210,6 +211,7 @@ type AuditConfig struct { // as the audit policy configuration. If present, it will be used instead of // the path to the policy file. // +nullable + // +kubebuilder:validation:PreserveUnknownFields PolicyConfiguration runtime.RawExtension `json:"policyConfiguration"` // Format of saved audits (legacy or json). diff --git a/vendor/github.com/openshift/api/config/v1/types_authentication.go b/vendor/github.com/openshift/api/config/v1/types_authentication.go index 0722ddbfc7..eecfe75e7c 100644 --- a/vendor/github.com/openshift/api/config/v1/types_authentication.go +++ b/vendor/github.com/openshift/api/config/v1/types_authentication.go @@ -9,8 +9,7 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" // Authentication specifies cluster-wide settings for authentication (like OAuth and // webhook token authenticators). The canonical name of an instance is `cluster`. type Authentication struct { - metav1.TypeMeta `json:",inline"` - // Standard object's metadata. + metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` // spec holds user settable values for configuration @@ -77,7 +76,6 @@ type AuthenticationStatus struct { type AuthenticationList struct { metav1.TypeMeta `json:",inline"` - // Standard object's metadata. metav1.ListMeta `json:"metadata"` Items []Authentication `json:"items"` diff --git a/vendor/github.com/openshift/api/config/v1/types_build.go b/vendor/github.com/openshift/api/config/v1/types_build.go index fa4088ca7e..ef4512aa17 100644 --- a/vendor/github.com/openshift/api/config/v1/types_build.go +++ b/vendor/github.com/openshift/api/config/v1/types_build.go @@ -16,6 +16,7 @@ import ( type Build struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` + // Spec holds user-settable values for the build controller configuration // +kubebuilder:validation:Required // +required @@ -102,7 +103,7 @@ type BuildOverrides struct { type BuildList struct { metav1.TypeMeta `json:",inline"` - // Standard object's metadata. metav1.ListMeta `json:"metadata"` - Items []Build `json:"items"` + + Items []Build `json:"items"` } diff --git a/vendor/github.com/openshift/api/config/v1/types_cluster_operator.go b/vendor/github.com/openshift/api/config/v1/types_cluster_operator.go index af2ce846ca..8be68e0ddc 100644 --- a/vendor/github.com/openshift/api/config/v1/types_cluster_operator.go +++ b/vendor/github.com/openshift/api/config/v1/types_cluster_operator.go @@ -57,29 +57,40 @@ type ClusterOperatorStatus struct { // operator which owns this status object. // +nullable // +optional + // +kubebuilder:validation:PreserveUnknownFields Extension runtime.RawExtension `json:"extension"` } type OperandVersion struct { // name is the name of the particular operand this version is for. It usually matches container images, not operators. + // +kubebuilder:validation:Required + // +required Name string `json:"name"` // version indicates which version of a particular operand is currently being manage. It must always match the Available // condition. If 1.0.0 is Available, then this must indicate 1.0.0 even if the operator is trying to rollout // 1.1.0 + // +kubebuilder:validation:Required + // +required Version string `json:"version"` } // ObjectReference contains enough information to let you inspect or modify the referred object. type ObjectReference struct { // group of the referent. + // +kubebuilder:validation:Required + // +required Group string `json:"group"` // resource of the referent. + // +kubebuilder:validation:Required + // +required Resource string `json:"resource"` // namespace of the referent. // +optional Namespace string `json:"namespace,omitempty"` // name of the referent. + // +kubebuilder:validation:Required + // +required Name string `json:"name"` } @@ -100,19 +111,27 @@ const ( // +k8s:deepcopy-gen=true type ClusterOperatorStatusCondition struct { // type specifies the state of the operator's reconciliation functionality. + // +kubebuilder:validation:Required + // +required Type ClusterStatusConditionType `json:"type"` // status of the condition, one of True, False, Unknown. + // +kubebuilder:validation:Required + // +required Status ConditionStatus `json:"status"` // lastTransitionTime is the time of the last update to the current status object. + // +kubebuilder:validation:Required + // +required LastTransitionTime metav1.Time `json:"lastTransitionTime"` // reason is the reason for the condition's last transition. Reasons are CamelCase + // +optional Reason string `json:"reason,omitempty"` // message provides additional information about the current condition. // This is only to be consumed by humans. + // +optional Message string `json:"message,omitempty"` } diff --git a/vendor/github.com/openshift/api/config/v1/types_cluster_version.go b/vendor/github.com/openshift/api/config/v1/types_cluster_version.go index f9f7232351..771e962add 100644 --- a/vendor/github.com/openshift/api/config/v1/types_cluster_version.go +++ b/vendor/github.com/openshift/api/config/v1/types_cluster_version.go @@ -33,6 +33,8 @@ type ClusterVersionSpec struct { // clusterID uniquely identifies this cluster. This is expected to be // an RFC4122 UUID value (xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx in // hexadecimal values). This is a required field. + // +kubebuilder:validation:Required + // +required ClusterID ClusterID `json:"clusterID"` // desiredUpdate is an optional field that indicates the desired value of @@ -80,6 +82,8 @@ type ClusterVersionStatus struct { // desired is the version that the cluster is reconciling towards. // If the cluster is not yet fully initialized desired will be set // with the information available, which may be an image or a tag. + // +kubebuilder:validation:Required + // +required Desired Update `json:"desired"` // history contains a list of the most recent versions applied to the cluster. @@ -95,11 +99,15 @@ type ClusterVersionStatus struct { // observedGeneration reports which version of the spec is being synced. // If this value is not equal to metadata.generation, then the desired // and conditions fields may represent a previous version. + // +kubebuilder:validation:Required + // +required ObservedGeneration int64 `json:"observedGeneration"` // versionHash is a fingerprint of the content that the cluster will be // updated with. It is used by the operator to avoid unnecessary work // and is for internal use only. + // +kubebuilder:validation:Required + // +required VersionHash string `json:"versionHash"` // conditions provides information about the cluster version. The condition @@ -117,6 +125,8 @@ type ClusterVersionStatus struct { // if the update service is unavailable, or if an invalid channel has // been specified. // +nullable + // +kubebuilder:validation:Required + // +required AvailableUpdates []Update `json:"availableUpdates"` } @@ -139,14 +149,20 @@ type UpdateHistory struct { // indicates the update is not fully applied, while the Completed state // indicates the update was successfully rolled out at least once (all // parts of the update successfully applied). + // +kubebuilder:validation:Required + // +required State UpdateState `json:"state"` // startedTime is the time at which the update was started. + // +kubebuilder:validation:Required + // +required StartedTime metav1.Time `json:"startedTime"` // completionTime, if set, is when the update was fully applied. The update // that is currently being applied will have a null completion time. // Completion time will always be set for entries that are not the current // update (usually to the started time of the next update). + // +kubebuilder:validation:Required + // +required // +nullable CompletionTime *metav1.Time `json:"completionTime"` @@ -158,9 +174,13 @@ type UpdateHistory struct { Version string `json:"version"` // image is a container image location that contains the update. This value // is always populated. + // +kubebuilder:validation:Required + // +required Image string `json:"image"` // verified indicates whether the provided update was properly verified // before it was installed. If this is false the cluster may not be trusted. + // +kubebuilder:validation:Required + // +required Verified bool `json:"verified"` } @@ -172,19 +192,29 @@ type ClusterID string // +k8s:deepcopy-gen=true type ComponentOverride struct { // kind indentifies which object to override. + // +kubebuilder:validation:Required + // +required Kind string `json:"kind"` // group identifies the API group that the kind is in. + // +kubebuilder:validation:Required + // +required Group string `json:"group"` // namespace is the component's namespace. If the resource is cluster // scoped, the namespace should be empty. + // +kubebuilder:validation:Required + // +required Namespace string `json:"namespace"` // name is the component's name. + // +kubebuilder:validation:Required + // +required Name string `json:"name"` // unmanaged controls if cluster version operator should stop managing the // resources in this cluster. // Default: false + // +kubebuilder:validation:Required + // +required Unmanaged bool `json:"unmanaged"` } diff --git a/vendor/github.com/openshift/api/config/v1/types_console.go b/vendor/github.com/openshift/api/config/v1/types_console.go index 9cda3f83b6..22b0b5160a 100644 --- a/vendor/github.com/openshift/api/config/v1/types_console.go +++ b/vendor/github.com/openshift/api/config/v1/types_console.go @@ -10,8 +10,7 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" // logout URL, and reports the public URL of the console. The canonical name is // `cluster`. type Console struct { - metav1.TypeMeta `json:",inline"` - // Standard object's metadata. + metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` // spec holds user settable values for configuration @@ -40,9 +39,9 @@ type ConsoleStatus struct { type ConsoleList struct { metav1.TypeMeta `json:",inline"` - // Standard object's metadata. metav1.ListMeta `json:"metadata"` - Items []Console `json:"items"` + + Items []Console `json:"items"` } // ConsoleAuthentication defines a list of optional configuration for console authentication. @@ -58,6 +57,6 @@ type ConsoleAuthentication struct { // provides the user the option to perform single logout (SLO) through the identity // provider to destroy their single sign-on session. // +optional - // +kubebuilder:validation:Pattern=^$|^((https):\/\/?)[^\s()<>]+(?:\([\w\d]+\)|([^[:punct:]\s]|\/?))$ + // +kubebuilder:validation:Pattern=`^$|^((https):\/\/?)[^\s()<>]+(?:\([\w\d]+\)|([^[:punct:]\s]|\/?))$` LogoutRedirect string `json:"logoutRedirect,omitempty"` } diff --git a/vendor/github.com/openshift/api/config/v1/types_dns.go b/vendor/github.com/openshift/api/config/v1/types_dns.go index ef04f7a67f..989ef99c3c 100644 --- a/vendor/github.com/openshift/api/config/v1/types_dns.go +++ b/vendor/github.com/openshift/api/config/v1/types_dns.go @@ -8,8 +8,7 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" // DNS holds cluster-wide information about DNS. The canonical name is `cluster` type DNS struct { - metav1.TypeMeta `json:",inline"` - // Standard object's metadata. + metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` // spec holds user settable values for configuration @@ -82,7 +81,7 @@ type DNSStatus struct { type DNSList struct { metav1.TypeMeta `json:",inline"` - // Standard object's metadata. metav1.ListMeta `json:"metadata"` - Items []DNS `json:"items"` + + Items []DNS `json:"items"` } diff --git a/vendor/github.com/openshift/api/config/v1/types_feature.go b/vendor/github.com/openshift/api/config/v1/types_feature.go index 4b7bed9c40..0dceba6b32 100644 --- a/vendor/github.com/openshift/api/config/v1/types_feature.go +++ b/vendor/github.com/openshift/api/config/v1/types_feature.go @@ -8,8 +8,7 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" // Feature holds cluster-wide information about feature gates. The canonical name is `cluster` type FeatureGate struct { - metav1.TypeMeta `json:",inline"` - // Standard object's metadata. + metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` // spec holds user settable values for configuration @@ -76,9 +75,9 @@ type FeatureGateStatus struct { type FeatureGateList struct { metav1.TypeMeta `json:",inline"` - // Standard object's metadata. metav1.ListMeta `json:"metadata"` - Items []FeatureGate `json:"items"` + + Items []FeatureGate `json:"items"` } type FeatureGateEnabledDisabled struct { @@ -104,9 +103,11 @@ var FeatureSets = map[FeatureSet]*FeatureGateEnabledDisabled{ "RotateKubeletServerCertificate", // sig-pod, sjenning "SupportPodPidsLimit", // sig-pod, sjenning "TLSSecurityProfile", // sig-network, danehans + "NodeDisruptionExclusion", // sig-scheduling, ccoleman + "ServiceNodeExclusion", // sig-scheduling, ccoleman }, Disabled: []string{ - "LocalStorageCapacityIsolation", // sig-pod, sjenning + "LegacyNodeRoleBehavior", // sig-scheduling, ccoleman }, }, CustomNoUpgrade: { @@ -119,9 +120,11 @@ var FeatureSets = map[FeatureSet]*FeatureGateEnabledDisabled{ "RotateKubeletServerCertificate", // sig-pod, sjenning "SupportPodPidsLimit", // sig-pod, sjenning "TLSSecurityProfile", // sig-network, danehans + "NodeDisruptionExclusion", // sig-scheduling, ccoleman + "ServiceNodeExclusion", // sig-scheduling, ccoleman }, Disabled: []string{ - "LocalStorageCapacityIsolation", // sig-pod, sjenning + "LegacyNodeRoleBehavior", // sig-scheduling, ccoleman }, }, LatencySensitive: { @@ -130,9 +133,11 @@ var FeatureSets = map[FeatureSet]*FeatureGateEnabledDisabled{ "RotateKubeletServerCertificate", // sig-pod, sjenning "SupportPodPidsLimit", // sig-pod, sjenning "TopologyManager", // sig-pod, sjenning + "NodeDisruptionExclusion", // sig-scheduling, ccoleman + "ServiceNodeExclusion", // sig-scheduling, ccoleman }, Disabled: []string{ - "LocalStorageCapacityIsolation", // sig-pod, sjenning + "LegacyNodeRoleBehavior", // sig-scheduling, ccoleman }, }, } diff --git a/vendor/github.com/openshift/api/config/v1/types_image.go b/vendor/github.com/openshift/api/config/v1/types_image.go index 94eb741167..bf594c1b77 100644 --- a/vendor/github.com/openshift/api/config/v1/types_image.go +++ b/vendor/github.com/openshift/api/config/v1/types_image.go @@ -13,8 +13,7 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" // When exposing OpenShift's image registry to the public, this also lets cluster // admins specify the external hostname. type Image struct { - metav1.TypeMeta `json:",inline"` - // Standard object's metadata. + metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` // spec holds user settable values for configuration @@ -80,9 +79,9 @@ type ImageStatus struct { type ImageList struct { metav1.TypeMeta `json:",inline"` - // Standard object's metadata. metav1.ListMeta `json:"metadata"` - Items []Image `json:"items"` + + Items []Image `json:"items"` } // RegistryLocation contains a location of the registry specified by the registry domain diff --git a/vendor/github.com/openshift/api/config/v1/types_infrastructure.go b/vendor/github.com/openshift/api/config/v1/types_infrastructure.go index 4632e6ada0..ac1e5048ee 100644 --- a/vendor/github.com/openshift/api/config/v1/types_infrastructure.go +++ b/vendor/github.com/openshift/api/config/v1/types_infrastructure.go @@ -8,8 +8,7 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" // Infrastructure holds cluster-wide information about Infrastructure. The canonical name is `cluster` type Infrastructure struct { - metav1.TypeMeta `json:",inline"` - // Standard object's metadata. + metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` // spec holds user settable values for configuration @@ -130,6 +129,10 @@ type PlatformStatus struct { // OpenStack contains settings specific to the OpenStack infrastructure provider. // +optional OpenStack *OpenStackPlatformStatus `json:"openstack,omitempty"` + + // Ovirt contains settings specific to the oVirt infrastructure provider. + // +optional + Ovirt *OvirtPlatformStatus `json:"ovirt,omitempty"` } // AWSPlatformStatus holds the current status of the Amazon Web Services infrastructure provider. @@ -142,6 +145,11 @@ type AWSPlatformStatus struct { type AzurePlatformStatus struct { // resourceGroupName is the Resource Group for new Azure resources created for the cluster. ResourceGroupName string `json:"resourceGroupName"` + + // networkResourceGroupName is the Resource Group for network resources like the Virtual Network and Subnets used by the cluster. + // If empty, the value is same as ResourceGroupName. + // +optional + NetworkResourceGroupName string `json:"networkResourceGroupName,omitempty"` } // GCPPlatformStatus holds the current status of the Google Cloud Platform infrastructure provider. @@ -154,6 +162,8 @@ type GCPPlatformStatus struct { } // BareMetalPlatformStatus holds the current status of the BareMetal infrastructure provider. +// For more information about the network architecture used with the BareMetal platform type, see: +// https://github.com/openshift/installer/blob/master/docs/design/baremetal/networking-infrastructure.md type BareMetalPlatformStatus struct { // apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used // by components inside the cluster, like kubelets using the infrastructure rather @@ -199,12 +209,33 @@ type OpenStackPlatformStatus struct { NodeDNSIP string `json:"nodeDNSIP,omitempty"` } +// OvirtPlatformStatus holds the current status of the oVirt infrastructure provider. +type OvirtPlatformStatus struct { + // apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used + // by components inside the cluster, like kubelets using the infrastructure rather + // than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI + // points to. It is the IP for a self-hosted load balancer in front of the API servers. + APIServerInternalIP string `json:"apiServerInternalIP,omitempty"` + + // ingressIP is an external IP which routes to the default ingress controller. + // The IP is a suitable target of a wildcard DNS record used to resolve default route host names. + IngressIP string `json:"ingressIP,omitempty"` + + // nodeDNSIP is the IP address for the internal DNS used by the + // nodes. Unlike the one managed by the DNS operator, `NodeDNSIP` + // provides name resolution for the nodes themselves. There is no DNS-as-a-service for + // oVirt deployments. In order to minimize necessary changes to the + // datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames + // to the nodes in the cluster. + NodeDNSIP string `json:"nodeDNSIP,omitempty"` +} + // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // InfrastructureList is type InfrastructureList struct { metav1.TypeMeta `json:",inline"` - // Standard object's metadata. metav1.ListMeta `json:"metadata"` - Items []Infrastructure `json:"items"` + + Items []Infrastructure `json:"items"` } diff --git a/vendor/github.com/openshift/api/config/v1/types_ingress.go b/vendor/github.com/openshift/api/config/v1/types_ingress.go index d161eb8476..0216919ad8 100644 --- a/vendor/github.com/openshift/api/config/v1/types_ingress.go +++ b/vendor/github.com/openshift/api/config/v1/types_ingress.go @@ -9,8 +9,7 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" // Ingress holds cluster-wide information about ingress, including the default ingress domain // used for routes. The canonical name is `cluster`. type Ingress struct { - metav1.TypeMeta `json:",inline"` - // Standard object's metadata. + metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` // spec holds user settable values for configuration @@ -41,7 +40,7 @@ type IngressStatus struct { type IngressList struct { metav1.TypeMeta `json:",inline"` - // Standard object's metadata. metav1.ListMeta `json:"metadata"` - Items []Ingress `json:"items"` + + Items []Ingress `json:"items"` } diff --git a/vendor/github.com/openshift/api/config/v1/types_network.go b/vendor/github.com/openshift/api/config/v1/types_network.go index 9a88fb5d1b..a09c5fe8ed 100644 --- a/vendor/github.com/openshift/api/config/v1/types_network.go +++ b/vendor/github.com/openshift/api/config/v1/types_network.go @@ -9,8 +9,7 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" // Network holds cluster-wide information about Network. The canonical name is `cluster`. It is used to configure the desired network configuration, such as: IP address pools for services/pod IPs, network plugin, etc. // Please view network.spec for an explanation on what applies when configuring this resource. type Network struct { - metav1.TypeMeta `json:",inline"` - // Standard object's metadata. + metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` // spec holds user settable values for configuration. @@ -117,7 +116,7 @@ type ExternalIPPolicy struct { type NetworkList struct { metav1.TypeMeta `json:",inline"` - // Standard object's metadata. metav1.ListMeta `json:"metadata"` - Items []Network `json:"items"` + + Items []Network `json:"items"` } diff --git a/vendor/github.com/openshift/api/config/v1/types_operatorhub.go b/vendor/github.com/openshift/api/config/v1/types_operatorhub.go index 31291dec2f..1d998bf37d 100644 --- a/vendor/github.com/openshift/api/config/v1/types_operatorhub.go +++ b/vendor/github.com/openshift/api/config/v1/types_operatorhub.go @@ -70,7 +70,7 @@ type HubSource struct { // HubSourceStatus is used to reflect the current state of applying the // configuration to a default source type HubSourceStatus struct { - HubSource `json:"",omitempty` + HubSource `json:",omitempty"` // status indicates success or failure in applying the configuration Status string `json:"status,omitempty"` // message provides more information regarding failures diff --git a/vendor/github.com/openshift/api/config/v1/types_project.go b/vendor/github.com/openshift/api/config/v1/types_project.go index 61152a6f79..244ce3ef8f 100644 --- a/vendor/github.com/openshift/api/config/v1/types_project.go +++ b/vendor/github.com/openshift/api/config/v1/types_project.go @@ -8,8 +8,7 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" // Project holds cluster-wide information about Project. The canonical name is `cluster` type Project struct { - metav1.TypeMeta `json:",inline"` - // Standard object's metadata. + metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` // spec holds user settable values for configuration @@ -49,7 +48,7 @@ type ProjectStatus struct { type ProjectList struct { metav1.TypeMeta `json:",inline"` - // Standard object's metadata. metav1.ListMeta `json:"metadata"` - Items []Project `json:"items"` + + Items []Project `json:"items"` } diff --git a/vendor/github.com/openshift/api/config/v1/types_proxy.go b/vendor/github.com/openshift/api/config/v1/types_proxy.go index 1413a48caa..93f4c487e4 100644 --- a/vendor/github.com/openshift/api/config/v1/types_proxy.go +++ b/vendor/github.com/openshift/api/config/v1/types_proxy.go @@ -12,6 +12,7 @@ import ( type Proxy struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` + // Spec holds user-settable values for the proxy configuration // +kubebuilder:validation:Required // +required @@ -83,7 +84,7 @@ type ProxyStatus struct { type ProxyList struct { metav1.TypeMeta `json:",inline"` - // Standard object's metadata. metav1.ListMeta `json:"metadata"` - Items []Proxy `json:"items"` + + Items []Proxy `json:"items"` } diff --git a/vendor/github.com/openshift/api/config/v1/types_scheduling.go b/vendor/github.com/openshift/api/config/v1/types_scheduling.go index 9b8fa3a52a..d5bf0c3627 100644 --- a/vendor/github.com/openshift/api/config/v1/types_scheduling.go +++ b/vendor/github.com/openshift/api/config/v1/types_scheduling.go @@ -9,8 +9,7 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" // Scheduler holds cluster-wide config information to run the Kubernetes Scheduler // and influence its placement decisions. The canonical name for this config is `cluster`. type Scheduler struct { - metav1.TypeMeta `json:",inline"` - // Standard object's metadata. + metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` // spec holds user settable values for configuration @@ -69,7 +68,7 @@ type SchedulerStatus struct { type SchedulerList struct { metav1.TypeMeta `json:",inline"` - // Standard object's metadata. metav1.ListMeta `json:"metadata"` - Items []Scheduler `json:"items"` + + Items []Scheduler `json:"items"` } diff --git a/vendor/github.com/openshift/api/config/v1/types_tlssecurityprofile.go b/vendor/github.com/openshift/api/config/v1/types_tlssecurityprofile.go index ab2b71d10b..f72089db3c 100644 --- a/vendor/github.com/openshift/api/config/v1/types_tlssecurityprofile.go +++ b/vendor/github.com/openshift/api/config/v1/types_tlssecurityprofile.go @@ -53,10 +53,7 @@ type TLSSecurityProfile struct { // - AES128-SHA // - AES256-SHA // - DES-CBC3-SHA - // tlsVersion: - // minimumVersion: TLSv1.0 - // maximumVersion: TLSv1.3 - // dhParamSize: 1024 + // minTLSVersion: TLSv1.0 // // +optional // +nullable @@ -79,10 +76,7 @@ type TLSSecurityProfile struct { // - ECDHE-RSA-CHACHA20-POLY1305 // - DHE-RSA-AES128-GCM-SHA256 // - DHE-RSA-AES256-GCM-SHA384 - // tlsVersion: - // minimumVersion: TLSv1.2 - // maximumVersion: TLSv1.3 - // dhParamSize: 2048 + // minTLSVersion: TLSv1.2 // // +optional // +nullable @@ -97,10 +91,7 @@ type TLSSecurityProfile struct { // - TLS_AES_128_GCM_SHA256 // - TLS_AES_256_GCM_SHA384 // - TLS_CHACHA20_POLY1305_SHA256 - // tlsVersion: - // minimumVersion: TLSv1.3 - // maximumVersion: TLSv1.3 - // dhParamSize: 2048 + // minTLSVersion: TLSv1.3 // // +optional // +nullable @@ -114,10 +105,7 @@ type TLSSecurityProfile struct { // - ECDHE-RSA-CHACHA20-POLY1305 // - ECDHE-RSA-AES128-GCM-SHA256 // - ECDHE-ECDSA-AES128-GCM-SHA256 - // tlsVersion: - // minimumVersion: TLSv1.1 - // maximumVersion: TLSv1.2 - // dhParamSize: 1024 + // minTLSVersion: TLSv1.1 // // +optional // +nullable @@ -163,76 +151,19 @@ const ( type TLSProfileSpec struct { // ciphers is used to specify the cipher algorithms that are negotiated // during the TLS handshake. Operators may remove entries their operands - // do not support. For example, to use 3DES (yaml): + // do not support. For example, to use DES-CBC3-SHA (yaml): // // ciphers: - // - 3DES + // - DES-CBC3-SHA // Ciphers []string `json:"ciphers"` - // tlsVersion is used to specify one or more versions of the TLS protocol + // minTLSVersion is used to specify the minimal version of the TLS protocol // that is negotiated during the TLS handshake. For example, to use TLS // versions 1.1, 1.2 and 1.3 (yaml): // - // tlsVersion: - // minimumVersion: TLSv1.1 - // maximumVersion: TLSv1.3 - // - TLSVersion TLSVersion `json:"tlsVersion"` - // dhParamSize sets the maximum size of the Diffie-Hellman parameters used for generating - // the ephemeral/temporary Diffie-Hellman key in case of DHE key exchange. The final size - // will try to match the size of the server's RSA (or DSA) key (e.g, a 2048 bits temporary - // DH key for a 2048 bits RSA key), but will not exceed this maximum value. - // - // Available DH Parameter sizes are: - // - // "2048": A Diffie-Hellman parameter of 2048 bits. - // "1024": A Diffie-Hellman parameter of 1024 bits. - // - // For example, to use a Diffie-Hellman parameter of 2048 bits (yaml): - // - // dhParamSize: 2048 - // - DHParamSize DHParamSize `json:"dhParamSize"` -} - -// TLSVersion defines one or more versions of the TLS protocol that are negotiated -// during the TLS handshake. -type TLSVersion struct { - // minimumVersion enforces use of the specified TLSProtocolVersion or newer - // that are negotiated during the TLS handshake. minimumVersion must be lower - // than or equal to maximumVersion. - // - // If unset and maximumVersion is set, minimumVersion will be set - // to maximumVersion. If minimumVersion and maximumVersion are unset, - // the minimum version is determined by the TLS security profile type. - // - // TLSProfileType Modern: VersionTLS13 - // TLSProfileType Intermediate: VersionTLS12 - // TLSProfileType Old: VersionTLS10 - // - // Supported minimum versions are: + // minTLSVersion: TLSv1.1 // - // "TLSv1.3": Version 1.3 of the TLS security protocol. - // "TLSv1.2": Version 1.2 of the TLS security protocol. - // "TLSv1.1": Version 1.1 of the TLS security protocol. - // "TLSv1.0": Version 1.0 of the TLS security protocol. - // - MinimumVersion TLSProtocolVersion `json:"minimumVersion"` - // maximumVersion enforces use of the specified TLSProtocolVersion or older - // that are negotiated during the TLS handshake. maximumVersion must be higher - // than or equal to minimumVersion. - // - // If unset and minimumVersion is set, maximumVersion will be set - // to minimumVersion. If minimumVersion and maximumVersion are unset, - // the maximum version is determined by the TLS security profile type. - // - // TLSProfileType Modern: VersionTLS13 - // TLSProfileType Intermediate: VersionTLS13 - // TLSProfileType Old: VersionTLS13 - // - // Supported maximum versions are the same as minimum versions. - // - MaximumVersion TLSProtocolVersion `json:"maximumVersion"` + MinTLSVersion TLSProtocolVersion `json:"minTLSVersion"` } // TLSProtocolVersion is a way to specify the protocol version used for TLS connections. @@ -245,25 +176,14 @@ type TLSVersion struct { type TLSProtocolVersion string const ( - // TLSv1.0 is version 1.0 of the TLS security protocol. - VersionTLS10 TLSProtocolVersion = "TLSv1.0" - // TLSv1.1 is version 1.1 of the TLS security protocol. - VersionTLS11 TLSProtocolVersion = "TLSv1.1" - // TLSv1.2 is version 1.2 of the TLS security protocol. - VersionTLS12 TLSProtocolVersion = "TLSv1.2" - // TLSv1.3 is version 1.3 of the TLS security protocol. - VersionTLS13 TLSProtocolVersion = "TLSv1.3" -) - -// DHParamSize sets the maximum size of the Diffie-Hellman parameters used for -// generating the ephemeral/temporary Diffie-Hellman key. -type DHParamSize string - -const ( - // 1024 is a Diffie-Hellman parameter of 1024 bits. - DHParamSize1024 DHParamSize = "1024" - // 2048 is a Diffie-Hellman parameter of 2048 bits. - DHParamSize2048 DHParamSize = "2048" + // VersionTLSv10 is version 1.0 of the TLS security protocol. + VersionTLS10 TLSProtocolVersion = "VersionTLS10" + // VersionTLSv11 is version 1.1 of the TLS security protocol. + VersionTLS11 TLSProtocolVersion = "VersionTLS11" + // VersionTLSv12 is version 1.2 of the TLS security protocol. + VersionTLS12 TLSProtocolVersion = "VersionTLS12" + // VersionTLSv13 is version 1.3 of the TLS security protocol. + VersionTLS13 TLSProtocolVersion = "VersionTLS13" ) // TLSProfiles Contains a map of TLSProfileType names to TLSProfileSpec. @@ -304,11 +224,7 @@ var TLSProfiles = map[TLSProfileType]*TLSProfileSpec{ "AES256-SHA", "DES-CBC3-SHA", }, - TLSVersion: TLSVersion{ - MinimumVersion: VersionTLS10, - MaximumVersion: VersionTLS13, - }, - DHParamSize: DHParamSize1024, + MinTLSVersion: VersionTLS10, }, TLSProfileIntermediateType: { Ciphers: []string{ @@ -324,11 +240,7 @@ var TLSProfiles = map[TLSProfileType]*TLSProfileSpec{ "DHE-RSA-AES128-GCM-SHA256", "DHE-RSA-AES256-GCM-SHA384", }, - TLSVersion: TLSVersion{ - MinimumVersion: VersionTLS12, - MaximumVersion: VersionTLS13, - }, - DHParamSize: DHParamSize2048, + MinTLSVersion: VersionTLS12, }, TLSProfileModernType: { Ciphers: []string{ @@ -336,9 +248,6 @@ var TLSProfiles = map[TLSProfileType]*TLSProfileSpec{ "TLS_AES_256_GCM_SHA384", "TLS_CHACHA20_POLY1305_SHA256", }, - TLSVersion: TLSVersion{ - MinimumVersion: VersionTLS13, - MaximumVersion: VersionTLS13, - }, + MinTLSVersion: VersionTLS13, }, } diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go index 0b9fef231c..37888a9395 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go @@ -2688,6 +2688,22 @@ func (in *OperatorHubStatus) DeepCopy() *OperatorHubStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OvirtPlatformStatus) DeepCopyInto(out *OvirtPlatformStatus) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OvirtPlatformStatus. +func (in *OvirtPlatformStatus) DeepCopy() *OvirtPlatformStatus { + if in == nil { + return nil + } + out := new(OvirtPlatformStatus) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *PlatformStatus) DeepCopyInto(out *PlatformStatus) { *out = *in @@ -2716,6 +2732,11 @@ func (in *PlatformStatus) DeepCopyInto(out *PlatformStatus) { *out = new(OpenStackPlatformStatus) **out = **in } + if in.Ovirt != nil { + in, out := &in.Ovirt, &out.Ovirt + *out = new(OvirtPlatformStatus) + **out = **in + } return } @@ -3208,7 +3229,6 @@ func (in *TLSProfileSpec) DeepCopyInto(out *TLSProfileSpec) { *out = make([]string, len(*in)) copy(*out, *in) } - out.TLSVersion = in.TLSVersion return } @@ -3258,22 +3278,6 @@ func (in *TLSSecurityProfile) DeepCopy() *TLSSecurityProfile { return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TLSVersion) DeepCopyInto(out *TLSVersion) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSVersion. -func (in *TLSVersion) DeepCopy() *TLSVersion { - if in == nil { - return nil - } - out := new(TLSVersion) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *TemplateReference) DeepCopyInto(out *TemplateReference) { *out = *in diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go index 8f6874bbe2..fb64b94e67 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go @@ -290,24 +290,15 @@ func (APIServerSpec) SwaggerDoc() map[string]string { } var map_Authentication = map[string]string{ - "": "Authentication specifies cluster-wide settings for authentication (like OAuth and webhook token authenticators). The canonical name of an instance is `cluster`.", - "metadata": "Standard object's metadata.", - "spec": "spec holds user settable values for configuration", - "status": "status holds observed values from the cluster. They may not be overridden.", + "": "Authentication specifies cluster-wide settings for authentication (like OAuth and webhook token authenticators). The canonical name of an instance is `cluster`.", + "spec": "spec holds user settable values for configuration", + "status": "status holds observed values from the cluster. They may not be overridden.", } func (Authentication) SwaggerDoc() map[string]string { return map_Authentication } -var map_AuthenticationList = map[string]string{ - "metadata": "Standard object's metadata.", -} - -func (AuthenticationList) SwaggerDoc() map[string]string { - return map_AuthenticationList -} - var map_AuthenticationSpec = map[string]string{ "type": "type identifies the cluster managed, user facing authentication mode in use. Specifically, it manages the component that responds to login attempts. The default is IntegratedOAuth.", "oauthMetadata": "oauthMetadata contains the discovery endpoint data for OAuth 2.0 Authorization Server Metadata for an external OAuth server. This discovery document can be viewed from its served location: oc get --raw '/.well-known/oauth-authorization-server' For further details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 If oauthMetadata.name is non-empty, this value has precedence over any metadata reference stored in status. The key \"oauthMetadata\" is used to locate the data. If specified and the config map or expected key is not found, no metadata is served. If the specified metadata is not valid, no metadata is served. The namespace for this config map is openshift-config.", @@ -356,14 +347,6 @@ func (BuildDefaults) SwaggerDoc() map[string]string { return map_BuildDefaults } -var map_BuildList = map[string]string{ - "metadata": "Standard object's metadata.", -} - -func (BuildList) SwaggerDoc() map[string]string { - return map_BuildList -} - var map_BuildOverrides = map[string]string{ "imageLabels": "ImageLabels is a list of docker labels that are applied to the resulting image. If user provided a label in their Build/BuildConfig with the same name as one in this list, the user's label will be overwritten.", "nodeSelector": "NodeSelector is a selector which must be true for the build pod to fit on a node", @@ -549,10 +532,9 @@ func (UpdateHistory) SwaggerDoc() map[string]string { } var map_Console = map[string]string{ - "": "Console holds cluster-wide configuration for the web console, including the logout URL, and reports the public URL of the console. The canonical name is `cluster`.", - "metadata": "Standard object's metadata.", - "spec": "spec holds user settable values for configuration", - "status": "status holds observed values from the cluster. They may not be overridden.", + "": "Console holds cluster-wide configuration for the web console, including the logout URL, and reports the public URL of the console. The canonical name is `cluster`.", + "spec": "spec holds user settable values for configuration", + "status": "status holds observed values from the cluster. They may not be overridden.", } func (Console) SwaggerDoc() map[string]string { @@ -568,14 +550,6 @@ func (ConsoleAuthentication) SwaggerDoc() map[string]string { return map_ConsoleAuthentication } -var map_ConsoleList = map[string]string{ - "metadata": "Standard object's metadata.", -} - -func (ConsoleList) SwaggerDoc() map[string]string { - return map_ConsoleList -} - var map_ConsoleSpec = map[string]string{ "": "ConsoleSpec is the specification of the desired behavior of the Console.", } @@ -594,24 +568,15 @@ func (ConsoleStatus) SwaggerDoc() map[string]string { } var map_DNS = map[string]string{ - "": "DNS holds cluster-wide information about DNS. The canonical name is `cluster`", - "metadata": "Standard object's metadata.", - "spec": "spec holds user settable values for configuration", - "status": "status holds observed values from the cluster. They may not be overridden.", + "": "DNS holds cluster-wide information about DNS. The canonical name is `cluster`", + "spec": "spec holds user settable values for configuration", + "status": "status holds observed values from the cluster. They may not be overridden.", } func (DNS) SwaggerDoc() map[string]string { return map_DNS } -var map_DNSList = map[string]string{ - "metadata": "Standard object's metadata.", -} - -func (DNSList) SwaggerDoc() map[string]string { - return map_DNSList -} - var map_DNSSpec = map[string]string{ "baseDomain": "baseDomain is the base domain of the cluster. All managed DNS records will be sub-domains of this base.\n\nFor example, given the base domain `openshift.example.com`, an API server DNS record may be created for `cluster-api.openshift.example.com`.\n\nOnce set, this field cannot be changed.", "publicZone": "publicZone is the location where all the DNS records that are publicly accessible to the internet exist.\n\nIf this field is nil, no public records should be created.\n\nOnce set, this field cannot be changed.", @@ -642,24 +607,15 @@ func (CustomFeatureGates) SwaggerDoc() map[string]string { } var map_FeatureGate = map[string]string{ - "": "Feature holds cluster-wide information about feature gates. The canonical name is `cluster`", - "metadata": "Standard object's metadata.", - "spec": "spec holds user settable values for configuration", - "status": "status holds observed values from the cluster. They may not be overridden.", + "": "Feature holds cluster-wide information about feature gates. The canonical name is `cluster`", + "spec": "spec holds user settable values for configuration", + "status": "status holds observed values from the cluster. They may not be overridden.", } func (FeatureGate) SwaggerDoc() map[string]string { return map_FeatureGate } -var map_FeatureGateList = map[string]string{ - "metadata": "Standard object's metadata.", -} - -func (FeatureGateList) SwaggerDoc() map[string]string { - return map_FeatureGateList -} - var map_FeatureGateSelection = map[string]string{ "featureSet": "featureSet changes the list of features in the cluster. The default is empty. Be very careful adjusting this setting. Turning on or off features may cause irreversible changes in your cluster which cannot be undone.", "customNoUpgrade": "customNoUpgrade allows the enabling or disabling of any feature. Turning this feature set on IS NOT SUPPORTED, CANNOT BE UNDONE, and PREVENTS UPGRADES. Because of its nature, this setting cannot be validated. If you have any typos or accidentally apply invalid combinations your cluster may fail in an unrecoverable way. featureSet must equal \"CustomNoUpgrade\" must be set to use this field.", @@ -670,24 +626,15 @@ func (FeatureGateSelection) SwaggerDoc() map[string]string { } var map_Image = map[string]string{ - "": "Image governs policies related to imagestream imports and runtime configuration for external registries. It allows cluster admins to configure which registries OpenShift is allowed to import images from, extra CA trust bundles for external registries, and policies to blacklist/whitelist registry hostnames. When exposing OpenShift's image registry to the public, this also lets cluster admins specify the external hostname.", - "metadata": "Standard object's metadata.", - "spec": "spec holds user settable values for configuration", - "status": "status holds observed values from the cluster. They may not be overridden.", + "": "Image governs policies related to imagestream imports and runtime configuration for external registries. It allows cluster admins to configure which registries OpenShift is allowed to import images from, extra CA trust bundles for external registries, and policies to blacklist/whitelist registry hostnames. When exposing OpenShift's image registry to the public, this also lets cluster admins specify the external hostname.", + "spec": "spec holds user settable values for configuration", + "status": "status holds observed values from the cluster. They may not be overridden.", } func (Image) SwaggerDoc() map[string]string { return map_Image } -var map_ImageList = map[string]string{ - "metadata": "Standard object's metadata.", -} - -func (ImageList) SwaggerDoc() map[string]string { - return map_ImageList -} - var map_ImageSpec = map[string]string{ "allowedRegistriesForImport": "allowedRegistriesForImport limits the container image registries that normal users may import images from. Set this list to the registries that you trust to contain valid Docker images and that you want applications to be able to import from. Users with permission to create Images or ImageStreamMappings via the API are not affected by this policy - typically only administrators or system integrations will have those permissions.", "externalRegistryHostnames": "externalRegistryHostnames provides the hostnames for the default external image registry. The external hostname should be set only when the image registry is exposed externally. The first value is used in 'publicDockerImageRepository' field in ImageStreams. The value must be in \"hostname[:port]\" format.", @@ -739,8 +686,9 @@ func (AWSPlatformStatus) SwaggerDoc() map[string]string { } var map_AzurePlatformStatus = map[string]string{ - "": "AzurePlatformStatus holds the current status of the Azure infrastructure provider.", - "resourceGroupName": "resourceGroupName is the Resource Group for new Azure resources created for the cluster.", + "": "AzurePlatformStatus holds the current status of the Azure infrastructure provider.", + "resourceGroupName": "resourceGroupName is the Resource Group for new Azure resources created for the cluster.", + "networkResourceGroupName": "networkResourceGroupName is the Resource Group for network resources like the Virtual Network and Subnets used by the cluster. If empty, the value is same as ResourceGroupName.", } func (AzurePlatformStatus) SwaggerDoc() map[string]string { @@ -748,7 +696,7 @@ func (AzurePlatformStatus) SwaggerDoc() map[string]string { } var map_BareMetalPlatformStatus = map[string]string{ - "": "BareMetalPlatformStatus holds the current status of the BareMetal infrastructure provider.", + "": "BareMetalPlatformStatus holds the current status of the BareMetal infrastructure provider. For more information about the network architecture used with the BareMetal platform type, see: https://github.com/openshift/installer/blob/master/docs/design/baremetal/networking-infrastructure.md", "apiServerInternalIP": "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers.", "ingressIP": "ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names.", "nodeDNSIP": "nodeDNSIP is the IP address for the internal DNS used by the nodes. Unlike the one managed by the DNS operator, `NodeDNSIP` provides name resolution for the nodes themselves. There is no DNS-as-a-service for BareMetal deployments. In order to minimize necessary changes to the datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames to the nodes in the cluster.", @@ -769,10 +717,9 @@ func (GCPPlatformStatus) SwaggerDoc() map[string]string { } var map_Infrastructure = map[string]string{ - "": "Infrastructure holds cluster-wide information about Infrastructure. The canonical name is `cluster`", - "metadata": "Standard object's metadata.", - "spec": "spec holds user settable values for configuration", - "status": "status holds observed values from the cluster. They may not be overridden.", + "": "Infrastructure holds cluster-wide information about Infrastructure. The canonical name is `cluster`", + "spec": "spec holds user settable values for configuration", + "status": "status holds observed values from the cluster. They may not be overridden.", } func (Infrastructure) SwaggerDoc() map[string]string { @@ -780,8 +727,7 @@ func (Infrastructure) SwaggerDoc() map[string]string { } var map_InfrastructureList = map[string]string{ - "": "InfrastructureList is", - "metadata": "Standard object's metadata.", + "": "InfrastructureList is", } func (InfrastructureList) SwaggerDoc() map[string]string { @@ -823,6 +769,17 @@ func (OpenStackPlatformStatus) SwaggerDoc() map[string]string { return map_OpenStackPlatformStatus } +var map_OvirtPlatformStatus = map[string]string{ + "": "OvirtPlatformStatus holds the current status of the oVirt infrastructure provider.", + "apiServerInternalIP": "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers.", + "ingressIP": "ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names.", + "nodeDNSIP": "nodeDNSIP is the IP address for the internal DNS used by the nodes. Unlike the one managed by the DNS operator, `NodeDNSIP` provides name resolution for the nodes themselves. There is no DNS-as-a-service for oVirt deployments. In order to minimize necessary changes to the datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames to the nodes in the cluster.", +} + +func (OvirtPlatformStatus) SwaggerDoc() map[string]string { + return map_OvirtPlatformStatus +} + var map_PlatformStatus = map[string]string{ "": "PlatformStatus holds the current status specific to the underlying infrastructure provider of the current cluster. Since these are used at status-level for the underlying cluster, it is supposed that only one of the status structs is set.", "type": "type is the underlying infrastructure provider for the cluster. This value controls whether infrastructure automation such as service load balancers, dynamic volume provisioning, machine creation and deletion, and other integrations are enabled. If None, no infrastructure automation is enabled. Allowed values are \"AWS\", \"Azure\", \"BareMetal\", \"GCP\", \"Libvirt\", \"OpenStack\", \"VSphere\", \"oVirt\", and \"None\". Individual components may not support all platforms, and must handle unrecognized platforms as None if they do not support that platform.", @@ -831,6 +788,7 @@ var map_PlatformStatus = map[string]string{ "gcp": "GCP contains settings specific to the Google Cloud Platform infrastructure provider.", "baremetal": "BareMetal contains settings specific to the BareMetal platform.", "openstack": "OpenStack contains settings specific to the OpenStack infrastructure provider.", + "ovirt": "Ovirt contains settings specific to the oVirt infrastructure provider.", } func (PlatformStatus) SwaggerDoc() map[string]string { @@ -838,24 +796,15 @@ func (PlatformStatus) SwaggerDoc() map[string]string { } var map_Ingress = map[string]string{ - "": "Ingress holds cluster-wide information about ingress, including the default ingress domain used for routes. The canonical name is `cluster`.", - "metadata": "Standard object's metadata.", - "spec": "spec holds user settable values for configuration", - "status": "status holds observed values from the cluster. They may not be overridden.", + "": "Ingress holds cluster-wide information about ingress, including the default ingress domain used for routes. The canonical name is `cluster`.", + "spec": "spec holds user settable values for configuration", + "status": "status holds observed values from the cluster. They may not be overridden.", } func (Ingress) SwaggerDoc() map[string]string { return map_Ingress } -var map_IngressList = map[string]string{ - "metadata": "Standard object's metadata.", -} - -func (IngressList) SwaggerDoc() map[string]string { - return map_IngressList -} - var map_IngressSpec = map[string]string{ "domain": "domain is used to generate a default host name for a route when the route's host name is empty. The generated host name will follow this pattern: \"..\".\n\nIt is also used as the default wildcard domain suffix for ingress. The default ingresscontroller domain will follow this pattern: \"*.\".\n\nOnce set, changing domain is not currently supported.", } @@ -895,24 +844,15 @@ func (ExternalIPPolicy) SwaggerDoc() map[string]string { } var map_Network = map[string]string{ - "": "Network holds cluster-wide information about Network. The canonical name is `cluster`. It is used to configure the desired network configuration, such as: IP address pools for services/pod IPs, network plugin, etc. Please view network.spec for an explanation on what applies when configuring this resource.", - "metadata": "Standard object's metadata.", - "spec": "spec holds user settable values for configuration. As a general rule, this SHOULD NOT be read directly. Instead, you should consume the NetworkStatus, as it indicates the currently deployed configuration. Currently, most spec fields are immutable after installation. Please view the individual ones for further details on each.", - "status": "status holds observed values from the cluster. They may not be overridden.", + "": "Network holds cluster-wide information about Network. The canonical name is `cluster`. It is used to configure the desired network configuration, such as: IP address pools for services/pod IPs, network plugin, etc. Please view network.spec for an explanation on what applies when configuring this resource.", + "spec": "spec holds user settable values for configuration. As a general rule, this SHOULD NOT be read directly. Instead, you should consume the NetworkStatus, as it indicates the currently deployed configuration. Currently, most spec fields are immutable after installation. Please view the individual ones for further details on each.", + "status": "status holds observed values from the cluster. They may not be overridden.", } func (Network) SwaggerDoc() map[string]string { return map_Network } -var map_NetworkList = map[string]string{ - "metadata": "Standard object's metadata.", -} - -func (NetworkList) SwaggerDoc() map[string]string { - return map_NetworkList -} - var map_NetworkSpec = map[string]string{ "": "NetworkSpec is the desired network configuration. As a general rule, this SHOULD NOT be read directly. Instead, you should consume the NetworkStatus, as it indicates the currently deployed configuration. Currently, most spec fields are immutable after installation. Please view the individual ones for further details on each.", "clusterNetwork": "IP address pool to use for pod IPs. This field is immutable after installation.", @@ -1212,24 +1152,15 @@ func (OperatorHubStatus) SwaggerDoc() map[string]string { } var map_Project = map[string]string{ - "": "Project holds cluster-wide information about Project. The canonical name is `cluster`", - "metadata": "Standard object's metadata.", - "spec": "spec holds user settable values for configuration", - "status": "status holds observed values from the cluster. They may not be overridden.", + "": "Project holds cluster-wide information about Project. The canonical name is `cluster`", + "spec": "spec holds user settable values for configuration", + "status": "status holds observed values from the cluster. They may not be overridden.", } func (Project) SwaggerDoc() map[string]string { return map_Project } -var map_ProjectList = map[string]string{ - "metadata": "Standard object's metadata.", -} - -func (ProjectList) SwaggerDoc() map[string]string { - return map_ProjectList -} - var map_ProjectSpec = map[string]string{ "": "ProjectSpec holds the project creation configuration.", "projectRequestMessage": "projectRequestMessage is the string presented to a user if they are unable to request a project via the projectrequest api endpoint", @@ -1259,14 +1190,6 @@ func (Proxy) SwaggerDoc() map[string]string { return map_Proxy } -var map_ProxyList = map[string]string{ - "metadata": "Standard object's metadata.", -} - -func (ProxyList) SwaggerDoc() map[string]string { - return map_ProxyList -} - var map_ProxySpec = map[string]string{ "": "ProxySpec contains cluster proxy creation configuration.", "httpProxy": "httpProxy is the URL of the proxy for HTTP requests. Empty means unset and will not result in an env var.", @@ -1292,24 +1215,15 @@ func (ProxyStatus) SwaggerDoc() map[string]string { } var map_Scheduler = map[string]string{ - "": "Scheduler holds cluster-wide config information to run the Kubernetes Scheduler and influence its placement decisions. The canonical name for this config is `cluster`.", - "metadata": "Standard object's metadata.", - "spec": "spec holds user settable values for configuration", - "status": "status holds observed values from the cluster. They may not be overridden.", + "": "Scheduler holds cluster-wide config information to run the Kubernetes Scheduler and influence its placement decisions. The canonical name for this config is `cluster`.", + "spec": "spec holds user settable values for configuration", + "status": "status holds observed values from the cluster. They may not be overridden.", } func (Scheduler) SwaggerDoc() map[string]string { return map_Scheduler } -var map_SchedulerList = map[string]string{ - "metadata": "Standard object's metadata.", -} - -func (SchedulerList) SwaggerDoc() map[string]string { - return map_SchedulerList -} - var map_SchedulerSpec = map[string]string{ "policy": "policy is a reference to a ConfigMap containing scheduler policy which has user specified predicates and priorities. If this ConfigMap is not available scheduler will default to use DefaultAlgorithmProvider. The namespace for this configmap is openshift-config.", "defaultNodeSelector": "defaultNodeSelector helps set the cluster-wide default node selector to restrict pod placement to specific nodes. This is applied to the pods created in all namespaces without a specified nodeSelector value. For example, defaultNodeSelector: \"type=user-node,region=east\" would set nodeSelector field in pod spec to \"type=user-node,region=east\" to all pods created in all namespaces. Namespaces having project-wide node selectors won't be impacted even if this field is set. This adds an annotation section to the namespace. For example, if a new namespace is created with node-selector='type=user-node,region=east', the annotation openshift.io/node-selector: type=user-node,region=east gets added to the project. When the openshift.io/node-selector annotation is set on the project the value is used in preference to the value we are setting for defaultNodeSelector field. For instance, openshift.io/node-selector: \"type=user-node,region=west\" means that the default of \"type=user-node,region=east\" set in defaultNodeSelector would not be applied.", @@ -1353,10 +1267,9 @@ func (OldTLSProfile) SwaggerDoc() map[string]string { } var map_TLSProfileSpec = map[string]string{ - "": "TLSProfileSpec is the desired behavior of a TLSSecurityProfile.", - "ciphers": "ciphers is used to specify the cipher algorithms that are negotiated during the TLS handshake. Operators may remove entries their operands do not support. For example, to use 3DES (yaml):\n\n ciphers:\n - 3DES", - "tlsVersion": "tlsVersion is used to specify one or more versions of the TLS protocol that is negotiated during the TLS handshake. For example, to use TLS versions 1.1, 1.2 and 1.3 (yaml):\n\n tlsVersion:\n minimumVersion: TLSv1.1\n maximumVersion: TLSv1.3", - "dhParamSize": "dhParamSize sets the maximum size of the Diffie-Hellman parameters used for generating the ephemeral/temporary Diffie-Hellman key in case of DHE key exchange. The final size will try to match the size of the server's RSA (or DSA) key (e.g, a 2048 bits temporary DH key for a 2048 bits RSA key), but will not exceed this maximum value.\n\nAvailable DH Parameter sizes are:\n\n \"2048\": A Diffie-Hellman parameter of 2048 bits.\n \"1024\": A Diffie-Hellman parameter of 1024 bits.\n\nFor example, to use a Diffie-Hellman parameter of 2048 bits (yaml):\n\n dhParamSize: 2048", + "": "TLSProfileSpec is the desired behavior of a TLSSecurityProfile.", + "ciphers": "ciphers is used to specify the cipher algorithms that are negotiated during the TLS handshake. Operators may remove entries their operands do not support. For example, to use DES-CBC3-SHA (yaml):\n\n ciphers:\n - DES-CBC3-SHA", + "minTLSVersion": "minTLSVersion is used to specify the minimal version of the TLS protocol that is negotiated during the TLS handshake. For example, to use TLS versions 1.1, 1.2 and 1.3 (yaml):\n\n minTLSVersion: TLSv1.1", } func (TLSProfileSpec) SwaggerDoc() map[string]string { @@ -1366,24 +1279,14 @@ func (TLSProfileSpec) SwaggerDoc() map[string]string { var map_TLSSecurityProfile = map[string]string{ "": "TLSSecurityProfile defines the schema for a TLS security profile. This object is used by operators to apply TLS security settings to operands.", "type": "type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. Old, Intermediate and Modern are TLS security profiles based on:\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations\n\nThe profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on precisely which ciphers are available to a process, the list may be reduced.", - "old": "old is a TLS security profile based on:\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility\n\nand looks like this (yaml):\n\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES256-GCM-SHA384\n - ECDHE-RSA-AES256-GCM-SHA384\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - DHE-RSA-AES128-GCM-SHA256\n - DHE-RSA-AES256-GCM-SHA384\n - DHE-RSA-CHACHA20-POLY1305\n - ECDHE-ECDSA-AES128-SHA256\n - ECDHE-RSA-AES128-SHA256\n - ECDHE-ECDSA-AES128-SHA\n - ECDHE-RSA-AES128-SHA\n - ECDHE-ECDSA-AES256-SHA384\n - ECDHE-RSA-AES256-SHA384\n - ECDHE-ECDSA-AES256-SHA\n - ECDHE-RSA-AES256-SHA\n - DHE-RSA-AES128-SHA256\n - DHE-RSA-AES256-SHA256\n - AES128-GCM-SHA256\n - AES256-GCM-SHA384\n - AES128-SHA256\n - AES256-SHA256\n - AES128-SHA\n - AES256-SHA\n - DES-CBC3-SHA\n tlsVersion:\n minimumVersion: TLSv1.0\n maximumVersion: TLSv1.3\n dhParamSize: 1024", - "intermediate": "intermediate is a TLS security profile based on:\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29\n\nand looks like this (yaml):\n\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES256-GCM-SHA384\n - ECDHE-RSA-AES256-GCM-SHA384\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - DHE-RSA-AES128-GCM-SHA256\n - DHE-RSA-AES256-GCM-SHA384\n tlsVersion:\n minimumVersion: TLSv1.2\n maximumVersion: TLSv1.3\n dhParamSize: 2048", - "modern": "modern is a TLS security profile based on:\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility\n\nand looks like this (yaml):\n\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n tlsVersion:\n minimumVersion: TLSv1.3\n maximumVersion: TLSv1.3\n dhParamSize: 2048", - "custom": "custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic. An example custom profile looks like this:\n\n ciphers:\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n tlsVersion:\n minimumVersion: TLSv1.1\n maximumVersion: TLSv1.2\n dhParamSize: 1024", + "old": "old is a TLS security profile based on:\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility\n\nand looks like this (yaml):\n\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES256-GCM-SHA384\n - ECDHE-RSA-AES256-GCM-SHA384\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - DHE-RSA-AES128-GCM-SHA256\n - DHE-RSA-AES256-GCM-SHA384\n - DHE-RSA-CHACHA20-POLY1305\n - ECDHE-ECDSA-AES128-SHA256\n - ECDHE-RSA-AES128-SHA256\n - ECDHE-ECDSA-AES128-SHA\n - ECDHE-RSA-AES128-SHA\n - ECDHE-ECDSA-AES256-SHA384\n - ECDHE-RSA-AES256-SHA384\n - ECDHE-ECDSA-AES256-SHA\n - ECDHE-RSA-AES256-SHA\n - DHE-RSA-AES128-SHA256\n - DHE-RSA-AES256-SHA256\n - AES128-GCM-SHA256\n - AES256-GCM-SHA384\n - AES128-SHA256\n - AES256-SHA256\n - AES128-SHA\n - AES256-SHA\n - DES-CBC3-SHA\n minTLSVersion: TLSv1.0", + "intermediate": "intermediate is a TLS security profile based on:\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29\n\nand looks like this (yaml):\n\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES256-GCM-SHA384\n - ECDHE-RSA-AES256-GCM-SHA384\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - DHE-RSA-AES128-GCM-SHA256\n - DHE-RSA-AES256-GCM-SHA384\n minTLSVersion: TLSv1.2", + "modern": "modern is a TLS security profile based on:\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility\n\nand looks like this (yaml):\n\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n minTLSVersion: TLSv1.3", + "custom": "custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic. An example custom profile looks like this:\n\n ciphers:\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n minTLSVersion: TLSv1.1", } func (TLSSecurityProfile) SwaggerDoc() map[string]string { return map_TLSSecurityProfile } -var map_TLSVersion = map[string]string{ - "": "TLSVersion defines one or more versions of the TLS protocol that are negotiated during the TLS handshake.", - "minimumVersion": "minimumVersion enforces use of the specified TLSProtocolVersion or newer that are negotiated during the TLS handshake. minimumVersion must be lower than or equal to maximumVersion.\n\nIf unset and maximumVersion is set, minimumVersion will be set to maximumVersion. If minimumVersion and maximumVersion are unset, the minimum version is determined by the TLS security profile type.\n\n TLSProfileType Modern: VersionTLS13\n TLSProfileType Intermediate: VersionTLS12\n TLSProfileType Old: VersionTLS10\n\nSupported minimum versions are:\n\n \"TLSv1.3\": Version 1.3 of the TLS security protocol.\n \"TLSv1.2\": Version 1.2 of the TLS security protocol.\n \"TLSv1.1\": Version 1.1 of the TLS security protocol.\n \"TLSv1.0\": Version 1.0 of the TLS security protocol.", - "maximumVersion": "maximumVersion enforces use of the specified TLSProtocolVersion or older that are negotiated during the TLS handshake. maximumVersion must be higher than or equal to minimumVersion.\n\nIf unset and minimumVersion is set, maximumVersion will be set to minimumVersion. If minimumVersion and maximumVersion are unset, the maximum version is determined by the TLS security profile type.\n\n TLSProfileType Modern: VersionTLS13\n TLSProfileType Intermediate: VersionTLS13\n TLSProfileType Old: VersionTLS13\n\nSupported maximum versions are the same as minimum versions.", -} - -func (TLSVersion) SwaggerDoc() map[string]string { - return map_TLSVersion -} - // AUTO-GENERATED FUNCTIONS END HERE diff --git a/vendor/github.com/openshift/api/image/v1/generated.proto b/vendor/github.com/openshift/api/image/v1/generated.proto new file mode 100644 index 0000000000..1a667589a6 --- /dev/null +++ b/vendor/github.com/openshift/api/image/v1/generated.proto @@ -0,0 +1,545 @@ + +// This file was autogenerated by go-to-protobuf. Do not edit it manually! + +syntax = 'proto2'; + +package github.com.openshift.api.image.v1; + +import "k8s.io/api/core/v1/generated.proto"; +import "k8s.io/apimachinery/pkg/apis/meta/v1/generated.proto"; +import "k8s.io/apimachinery/pkg/runtime/generated.proto"; +import "k8s.io/apimachinery/pkg/runtime/schema/generated.proto"; + +// Package-wide variables from generator "generated". +option go_package = "v1"; + +// DockerImageReference points to a container image. +message DockerImageReference { + // Registry is the registry that contains the container image + optional string registry = 1; + + // Namespace is the namespace that contains the container image + optional string namespace = 2; + + // Name is the name of the container image + optional string name = 3; + + // Tag is which tag of the container image is being referenced + optional string tag = 4; + + // ID is the identifier for the container image + optional string iD = 5; +} + +// Image is an immutable representation of a container image and metadata at a point in time. +message Image { + optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; + + // DockerImageReference is the string that can be used to pull this image. + optional string dockerImageReference = 2; + + // DockerImageMetadata contains metadata about this image + // +patchStrategy=replace + // +kubebuilder:validation:PreserveUnknownFields + optional k8s.io.apimachinery.pkg.runtime.RawExtension dockerImageMetadata = 3; + + // DockerImageMetadataVersion conveys the version of the object, which if empty defaults to "1.0" + optional string dockerImageMetadataVersion = 4; + + // DockerImageManifest is the raw JSON of the manifest + optional string dockerImageManifest = 5; + + // DockerImageLayers represents the layers in the image. May not be set if the image does not define that data. + repeated ImageLayer dockerImageLayers = 6; + + // Signatures holds all signatures of the image. + // +patchMergeKey=name + // +patchStrategy=merge + repeated ImageSignature signatures = 7; + + // DockerImageSignatures provides the signatures as opaque blobs. This is a part of manifest schema v1. + repeated bytes dockerImageSignatures = 8; + + // DockerImageManifestMediaType specifies the mediaType of manifest. This is a part of manifest schema v2. + optional string dockerImageManifestMediaType = 9; + + // DockerImageConfig is a JSON blob that the runtime uses to set up the container. This is a part of manifest schema v2. + optional string dockerImageConfig = 10; +} + +// ImageBlobReferences describes the blob references within an image. +message ImageBlobReferences { + // imageMissing is true if the image is referenced by the image stream but the image + // object has been deleted from the API by an administrator. When this field is set, + // layers and config fields may be empty and callers that depend on the image metadata + // should consider the image to be unavailable for download or viewing. + // +optional + optional bool imageMissing = 3; + + // layers is the list of blobs that compose this image, from base layer to top layer. + // All layers referenced by this array will be defined in the blobs map. Some images + // may have zero layers. + // +optional + repeated string layers = 1; + + // config, if set, is the blob that contains the image config. Some images do + // not have separate config blobs and this field will be set to nil if so. + // +optional + optional string config = 2; +} + +// ImageImportSpec describes a request to import a specific image. +message ImageImportSpec { + // From is the source of an image to import; only kind DockerImage is allowed + optional k8s.io.api.core.v1.ObjectReference from = 1; + + // To is a tag in the current image stream to assign the imported image to, if name is not specified the default tag from from.name will be used + optional k8s.io.api.core.v1.LocalObjectReference to = 2; + + // ImportPolicy is the policy controlling how the image is imported + optional TagImportPolicy importPolicy = 3; + + // ReferencePolicy defines how other components should consume the image + optional TagReferencePolicy referencePolicy = 5; + + // IncludeManifest determines if the manifest for each image is returned in the response + optional bool includeManifest = 4; +} + +// ImageImportStatus describes the result of an image import. +message ImageImportStatus { + // Status is the status of the image import, including errors encountered while retrieving the image + optional k8s.io.apimachinery.pkg.apis.meta.v1.Status status = 1; + + // Image is the metadata of that image, if the image was located + optional Image image = 2; + + // Tag is the tag this image was located under, if any + optional string tag = 3; +} + +// ImageLayer represents a single layer of the image. Some images may have multiple layers. Some may have none. +message ImageLayer { + // Name of the layer as defined by the underlying store. + optional string name = 1; + + // Size of the layer in bytes as defined by the underlying store. + optional int64 size = 2; + + // MediaType of the referenced object. + optional string mediaType = 3; +} + +// ImageLayerData contains metadata about an image layer. +message ImageLayerData { + // Size of the layer in bytes as defined by the underlying store. This field is + // optional if the necessary information about size is not available. + optional int64 size = 1; + + // MediaType of the referenced object. + optional string mediaType = 2; +} + +// ImageList is a list of Image objects. +message ImageList { + optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; + + // Items is a list of images + repeated Image items = 2; +} + +// ImageLookupPolicy describes how an image stream can be used to override the image references +// used by pods, builds, and other resources in a namespace. +message ImageLookupPolicy { + // local will change the docker short image references (like "mysql" or + // "php:latest") on objects in this namespace to the image ID whenever they match + // this image stream, instead of reaching out to a remote registry. The name will + // be fully qualified to an image ID if found. The tag's referencePolicy is taken + // into account on the replaced value. Only works within the current namespace. + optional bool local = 3; +} + +// ImageSignature holds a signature of an image. It allows to verify image identity and possibly other claims +// as long as the signature is trusted. Based on this information it is possible to restrict runnable images +// to those matching cluster-wide policy. +// Mandatory fields should be parsed by clients doing image verification. The others are parsed from +// signature's content by the server. They serve just an informative purpose. +message ImageSignature { + optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; + + // Required: Describes a type of stored blob. + optional string type = 2; + + // Required: An opaque binary string which is an image's signature. + optional bytes content = 3; + + // Conditions represent the latest available observations of a signature's current state. + // +patchMergeKey=type + // +patchStrategy=merge + repeated SignatureCondition conditions = 4; + + // A human readable string representing image's identity. It could be a product name and version, or an + // image pull spec (e.g. "registry.access.redhat.com/rhel7/rhel:7.2"). + optional string imageIdentity = 5; + + // Contains claims from the signature. + map signedClaims = 6; + + // If specified, it is the time of signature's creation. + optional k8s.io.apimachinery.pkg.apis.meta.v1.Time created = 7; + + // If specified, it holds information about an issuer of signing certificate or key (a person or entity + // who signed the signing certificate or key). + optional SignatureIssuer issuedBy = 8; + + // If specified, it holds information about a subject of signing certificate or key (a person or entity + // who signed the image). + optional SignatureSubject issuedTo = 9; +} + +// ImageStream stores a mapping of tags to images, metadata overrides that are applied +// when images are tagged in a stream, and an optional reference to a container image +// repository on a registry. +message ImageStream { + optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; + + // Spec describes the desired state of this stream + optional ImageStreamSpec spec = 2; + + // Status describes the current state of this stream + optional ImageStreamStatus status = 3; +} + +// ImageStreamImage represents an Image that is retrieved by image name from an ImageStream. +message ImageStreamImage { + optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; + + // Image associated with the ImageStream and image name. + optional Image image = 2; +} + +// The image stream import resource provides an easy way for a user to find and import container images +// from other container image registries into the server. Individual images or an entire image repository may +// be imported, and users may choose to see the results of the import prior to tagging the resulting +// images into the specified image stream. +// +// This API is intended for end-user tools that need to see the metadata of the image prior to import +// (for instance, to generate an application from it). Clients that know the desired image can continue +// to create spec.tags directly into their image streams. +message ImageStreamImport { + optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; + + // Spec is a description of the images that the user wishes to import + optional ImageStreamImportSpec spec = 2; + + // Status is the the result of importing the image + optional ImageStreamImportStatus status = 3; +} + +// ImageStreamImportSpec defines what images should be imported. +message ImageStreamImportSpec { + // Import indicates whether to perform an import - if so, the specified tags are set on the spec + // and status of the image stream defined by the type meta. + optional bool import = 1; + + // Repository is an optional import of an entire container image repository. A maximum limit on the + // number of tags imported this way is imposed by the server. + optional RepositoryImportSpec repository = 2; + + // Images are a list of individual images to import. + repeated ImageImportSpec images = 3; +} + +// ImageStreamImportStatus contains information about the status of an image stream import. +message ImageStreamImportStatus { + // Import is the image stream that was successfully updated or created when 'to' was set. + optional ImageStream import = 1; + + // Repository is set if spec.repository was set to the outcome of the import + optional RepositoryImportStatus repository = 2; + + // Images is set with the result of importing spec.images + repeated ImageImportStatus images = 3; +} + +// ImageStreamLayers describes information about the layers referenced by images in this +// image stream. +message ImageStreamLayers { + optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; + + // blobs is a map of blob name to metadata about the blob. + map blobs = 2; + + // images is a map between an image name and the names of the blobs and config that + // comprise the image. + map images = 3; +} + +// ImageStreamList is a list of ImageStream objects. +message ImageStreamList { + optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; + + // Items is a list of imageStreams + repeated ImageStream items = 2; +} + +// ImageStreamMapping represents a mapping from a single tag to a container image as +// well as the reference to the container image stream the image came from. +message ImageStreamMapping { + optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; + + // Image is a container image. + optional Image image = 2; + + // Tag is a string value this image can be located with inside the stream. + optional string tag = 3; +} + +// ImageStreamSpec represents options for ImageStreams. +message ImageStreamSpec { + // lookupPolicy controls how other resources reference images within this namespace. + optional ImageLookupPolicy lookupPolicy = 3; + + // dockerImageRepository is optional, if specified this stream is backed by a container repository on this server + // Deprecated: This field is deprecated as of v3.7 and will be removed in a future release. + // Specify the source for the tags to be imported in each tag via the spec.tags.from reference instead. + optional string dockerImageRepository = 1; + + // tags map arbitrary string values to specific image locators + // +patchMergeKey=name + // +patchStrategy=merge + repeated TagReference tags = 2; +} + +// ImageStreamStatus contains information about the state of this image stream. +message ImageStreamStatus { + // DockerImageRepository represents the effective location this stream may be accessed at. + // May be empty until the server determines where the repository is located + optional string dockerImageRepository = 1; + + // PublicDockerImageRepository represents the public location from where the image can + // be pulled outside the cluster. This field may be empty if the administrator + // has not exposed the integrated registry externally. + optional string publicDockerImageRepository = 3; + + // Tags are a historical record of images associated with each tag. The first entry in the + // TagEvent array is the currently tagged image. + // +patchMergeKey=tag + // +patchStrategy=merge + repeated NamedTagEventList tags = 2; +} + +// ImageStreamTag represents an Image that is retrieved by tag name from an ImageStream. +message ImageStreamTag { + optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; + + // tag is the spec tag associated with this image stream tag, and it may be null + // if only pushes have occurred to this image stream. + optional TagReference tag = 2; + + // generation is the current generation of the tagged image - if tag is provided + // and this value is not equal to the tag generation, a user has requested an + // import that has not completed, or conditions will be filled out indicating any + // error. + optional int64 generation = 3; + + // lookupPolicy indicates whether this tag will handle image references in this + // namespace. + optional ImageLookupPolicy lookupPolicy = 6; + + // conditions is an array of conditions that apply to the image stream tag. + repeated TagEventCondition conditions = 4; + + // image associated with the ImageStream and tag. + optional Image image = 5; +} + +// ImageStreamTagList is a list of ImageStreamTag objects. +message ImageStreamTagList { + optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; + + // Items is the list of image stream tags + repeated ImageStreamTag items = 2; +} + +// NamedTagEventList relates a tag to its image history. +message NamedTagEventList { + // Tag is the tag for which the history is recorded + optional string tag = 1; + + // Standard object's metadata. + repeated TagEvent items = 2; + + // Conditions is an array of conditions that apply to the tag event list. + repeated TagEventCondition conditions = 3; +} + +// RepositoryImportSpec describes a request to import images from a container image repository. +message RepositoryImportSpec { + // From is the source for the image repository to import; only kind DockerImage and a name of a container image repository is allowed + optional k8s.io.api.core.v1.ObjectReference from = 1; + + // ImportPolicy is the policy controlling how the image is imported + optional TagImportPolicy importPolicy = 2; + + // ReferencePolicy defines how other components should consume the image + optional TagReferencePolicy referencePolicy = 4; + + // IncludeManifest determines if the manifest for each image is returned in the response + optional bool includeManifest = 3; +} + +// RepositoryImportStatus describes the result of an image repository import +message RepositoryImportStatus { + // Status reflects whether any failure occurred during import + optional k8s.io.apimachinery.pkg.apis.meta.v1.Status status = 1; + + // Images is a list of images successfully retrieved by the import of the repository. + repeated ImageImportStatus images = 2; + + // AdditionalTags are tags that exist in the repository but were not imported because + // a maximum limit of automatic imports was applied. + repeated string additionalTags = 3; +} + +// SignatureCondition describes an image signature condition of particular kind at particular probe time. +message SignatureCondition { + // Type of signature condition, Complete or Failed. + optional string type = 1; + + // Status of the condition, one of True, False, Unknown. + optional string status = 2; + + // Last time the condition was checked. + optional k8s.io.apimachinery.pkg.apis.meta.v1.Time lastProbeTime = 3; + + // Last time the condition transit from one status to another. + optional k8s.io.apimachinery.pkg.apis.meta.v1.Time lastTransitionTime = 4; + + // (brief) reason for the condition's last transition. + optional string reason = 5; + + // Human readable message indicating details about last transition. + optional string message = 6; +} + +// SignatureGenericEntity holds a generic information about a person or entity who is an issuer or a subject +// of signing certificate or key. +message SignatureGenericEntity { + // Organization name. + optional string organization = 1; + + // Common name (e.g. openshift-signing-service). + optional string commonName = 2; +} + +// SignatureIssuer holds information about an issuer of signing certificate or key. +message SignatureIssuer { + optional SignatureGenericEntity signatureGenericEntity = 1; +} + +// SignatureSubject holds information about a person or entity who created the signature. +message SignatureSubject { + optional SignatureGenericEntity signatureGenericEntity = 1; + + // If present, it is a human readable key id of public key belonging to the subject used to verify image + // signature. It should contain at least 64 lowest bits of public key's fingerprint (e.g. + // 0x685ebe62bf278440). + optional string publicKeyID = 2; +} + +// TagEvent is used by ImageStreamStatus to keep a historical record of images associated with a tag. +message TagEvent { + // Created holds the time the TagEvent was created + optional k8s.io.apimachinery.pkg.apis.meta.v1.Time created = 1; + + // DockerImageReference is the string that can be used to pull this image + optional string dockerImageReference = 2; + + // Image is the image + optional string image = 3; + + // Generation is the spec tag generation that resulted in this tag being updated + optional int64 generation = 4; +} + +// TagEventCondition contains condition information for a tag event. +message TagEventCondition { + // Type of tag event condition, currently only ImportSuccess + optional string type = 1; + + // Status of the condition, one of True, False, Unknown. + optional string status = 2; + + // LastTransitionTIme is the time the condition transitioned from one status to another. + optional k8s.io.apimachinery.pkg.apis.meta.v1.Time lastTransitionTime = 3; + + // Reason is a brief machine readable explanation for the condition's last transition. + optional string reason = 4; + + // Message is a human readable description of the details about last transition, complementing reason. + optional string message = 5; + + // Generation is the spec tag generation that this status corresponds to + optional int64 generation = 6; +} + +// TagImportPolicy controls how images related to this tag will be imported. +message TagImportPolicy { + // Insecure is true if the server may bypass certificate verification or connect directly over HTTP during image import. + optional bool insecure = 1; + + // Scheduled indicates to the server that this tag should be periodically checked to ensure it is up to date, and imported + optional bool scheduled = 2; +} + +// TagReference specifies optional annotations for images using this tag and an optional reference to an ImageStreamTag, ImageStreamImage, or DockerImage this tag should track. +message TagReference { + // Name of the tag + optional string name = 1; + + // Optional; if specified, annotations that are applied to images retrieved via ImageStreamTags. + // +optional + map annotations = 2; + + // Optional; if specified, a reference to another image that this tag should point to. Valid values + // are ImageStreamTag, ImageStreamImage, and DockerImage. ImageStreamTag references + // can only reference a tag within this same ImageStream. + optional k8s.io.api.core.v1.ObjectReference from = 3; + + // Reference states if the tag will be imported. Default value is false, which means the tag will + // be imported. + optional bool reference = 4; + + // Generation is a counter that tracks mutations to the spec tag (user intent). When a tag reference + // is changed the generation is set to match the current stream generation (which is incremented every + // time spec is changed). Other processes in the system like the image importer observe that the + // generation of spec tag is newer than the generation recorded in the status and use that as a trigger + // to import the newest remote tag. To trigger a new import, clients may set this value to zero which + // will reset the generation to the latest stream generation. Legacy clients will send this value as + // nil which will be merged with the current tag generation. + // +optional + optional int64 generation = 5; + + // ImportPolicy is information that controls how images may be imported by the server. + optional TagImportPolicy importPolicy = 6; + + // ReferencePolicy defines how other components should consume the image. + optional TagReferencePolicy referencePolicy = 7; +} + +// TagReferencePolicy describes how pull-specs for images in this image stream tag are generated when +// image change triggers in deployment configs or builds are resolved. This allows the image stream +// author to control how images are accessed. +message TagReferencePolicy { + // Type determines how the image pull spec should be transformed when the image stream tag is used in + // deployment config triggers or new builds. The default value is `Source`, indicating the original + // location of the image should be used (if imported). The user may also specify `Local`, indicating + // that the pull spec should point to the integrated container image registry and leverage the registry's + // ability to proxy the pull to an upstream registry. `Local` allows the credentials used to pull this + // image to be managed from the image stream's namespace, so others on the platform can access a remote + // image but have no access to the remote secret. It also allows the image layers to be mirrored into + // the local registry which the images can still be pulled even if the upstream registry is unavailable. + optional string type = 1; +} + diff --git a/vendor/github.com/openshift/api/image/v1/types.go b/vendor/github.com/openshift/api/image/v1/types.go index 6524942500..ff89f400c0 100644 --- a/vendor/github.com/openshift/api/image/v1/types.go +++ b/vendor/github.com/openshift/api/image/v1/types.go @@ -11,7 +11,6 @@ import ( // ImageList is a list of Image objects. type ImageList struct { metav1.TypeMeta `json:",inline"` - // Standard object's metadata. metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` // Items is a list of images @@ -24,14 +23,14 @@ type ImageList struct { // Image is an immutable representation of a container image and metadata at a point in time. type Image struct { - metav1.TypeMeta `json:",inline"` - // Standard object's metadata. + metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` // DockerImageReference is the string that can be used to pull this image. DockerImageReference string `json:"dockerImageReference,omitempty" protobuf:"bytes,2,opt,name=dockerImageReference"` // DockerImageMetadata contains metadata about this image // +patchStrategy=replace + // +kubebuilder:validation:PreserveUnknownFields DockerImageMetadata runtime.RawExtension `json:"dockerImageMetadata,omitempty" patchStrategy:"replace" protobuf:"bytes,3,opt,name=dockerImageMetadata"` // DockerImageMetadataVersion conveys the version of the object, which if empty defaults to "1.0" DockerImageMetadataVersion string `json:"dockerImageMetadataVersion,omitempty" protobuf:"bytes,4,opt,name=dockerImageMetadataVersion"` @@ -72,8 +71,7 @@ type ImageLayer struct { // Mandatory fields should be parsed by clients doing image verification. The others are parsed from // signature's content by the server. They serve just an informative purpose. type ImageSignature struct { - metav1.TypeMeta `json:",inline"` - // Standard object's metadata. + metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` // Required: Describes a type of stored blob. @@ -150,7 +148,6 @@ type SignatureSubject struct { // ImageStreamList is a list of ImageStream objects. type ImageStreamList struct { metav1.TypeMeta `json:",inline"` - // Standard object's metadata. metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` // Items is a list of imageStreams @@ -166,8 +163,7 @@ type ImageStreamList struct { // when images are tagged in a stream, and an optional reference to a container image // repository on a registry. type ImageStream struct { - metav1.TypeMeta `json:",inline"` - // Standard object's metadata. + metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` // Spec describes the desired state of this stream @@ -337,8 +333,7 @@ type TagEventCondition struct { // ImageStreamMapping represents a mapping from a single tag to a container image as // well as the reference to the container image stream the image came from. type ImageStreamMapping struct { - metav1.TypeMeta `json:",inline"` - // Standard object's metadata. + metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` // Image is a container image. @@ -353,8 +348,7 @@ type ImageStreamMapping struct { // ImageStreamTag represents an Image that is retrieved by tag name from an ImageStream. type ImageStreamTag struct { - metav1.TypeMeta `json:",inline"` - // Standard object's metadata. + metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` // tag is the spec tag associated with this image stream tag, and it may be null @@ -383,7 +377,6 @@ type ImageStreamTag struct { // ImageStreamTagList is a list of ImageStreamTag objects. type ImageStreamTagList struct { metav1.TypeMeta `json:",inline"` - // Standard object's metadata. metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` // Items is the list of image stream tags @@ -396,8 +389,7 @@ type ImageStreamTagList struct { // ImageStreamImage represents an Image that is retrieved by image name from an ImageStream. type ImageStreamImage struct { - metav1.TypeMeta `json:",inline"` - // Standard object's metadata. + metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` // Image associated with the ImageStream and image name. @@ -423,9 +415,9 @@ type DockerImageReference struct { // ImageStreamLayers describes information about the layers referenced by images in this // image stream. type ImageStreamLayers struct { - metav1.TypeMeta `json:",inline"` - // Standard object's metadata. + metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` + // blobs is a map of blob name to metadata about the blob. Blobs map[string]ImageLayerData `json:"blobs" protobuf:"bytes,2,rep,name=blobs"` // images is a map between an image name and the names of the blobs and config that @@ -474,8 +466,7 @@ type ImageLayerData struct { // (for instance, to generate an application from it). Clients that know the desired image can continue // to create spec.tags directly into their image streams. type ImageStreamImport struct { - metav1.TypeMeta `json:",inline"` - // Standard object's metadata. + metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` // Spec is a description of the images that the user wishes to import diff --git a/vendor/github.com/openshift/api/image/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/image/v1/zz_generated.swagger_doc_generated.go index a31b6316cb..43e67e620b 100644 --- a/vendor/github.com/openshift/api/image/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/image/v1/zz_generated.swagger_doc_generated.go @@ -26,7 +26,6 @@ func (DockerImageReference) SwaggerDoc() map[string]string { var map_Image = map[string]string{ "": "Image is an immutable representation of a container image and metadata at a point in time.", - "metadata": "Standard object's metadata.", "dockerImageReference": "DockerImageReference is the string that can be used to pull this image.", "dockerImageMetadata": "DockerImageMetadata contains metadata about this image", "dockerImageMetadataVersion": "DockerImageMetadataVersion conveys the version of the object, which if empty defaults to \"1.0\"", @@ -99,9 +98,8 @@ func (ImageLayerData) SwaggerDoc() map[string]string { } var map_ImageList = map[string]string{ - "": "ImageList is a list of Image objects.", - "metadata": "Standard object's metadata.", - "items": "Items is a list of images", + "": "ImageList is a list of Image objects.", + "items": "Items is a list of images", } func (ImageList) SwaggerDoc() map[string]string { @@ -119,7 +117,6 @@ func (ImageLookupPolicy) SwaggerDoc() map[string]string { var map_ImageSignature = map[string]string{ "": "ImageSignature holds a signature of an image. It allows to verify image identity and possibly other claims as long as the signature is trusted. Based on this information it is possible to restrict runnable images to those matching cluster-wide policy. Mandatory fields should be parsed by clients doing image verification. The others are parsed from signature's content by the server. They serve just an informative purpose.", - "metadata": "Standard object's metadata.", "type": "Required: Describes a type of stored blob.", "content": "Required: An opaque binary string which is an image's signature.", "conditions": "Conditions represent the latest available observations of a signature's current state.", @@ -135,10 +132,9 @@ func (ImageSignature) SwaggerDoc() map[string]string { } var map_ImageStream = map[string]string{ - "": "ImageStream stores a mapping of tags to images, metadata overrides that are applied when images are tagged in a stream, and an optional reference to a container image repository on a registry.", - "metadata": "Standard object's metadata.", - "spec": "Spec describes the desired state of this stream", - "status": "Status describes the current state of this stream", + "": "ImageStream stores a mapping of tags to images, metadata overrides that are applied when images are tagged in a stream, and an optional reference to a container image repository on a registry.", + "spec": "Spec describes the desired state of this stream", + "status": "Status describes the current state of this stream", } func (ImageStream) SwaggerDoc() map[string]string { @@ -146,9 +142,8 @@ func (ImageStream) SwaggerDoc() map[string]string { } var map_ImageStreamImage = map[string]string{ - "": "ImageStreamImage represents an Image that is retrieved by image name from an ImageStream.", - "metadata": "Standard object's metadata.", - "image": "Image associated with the ImageStream and image name.", + "": "ImageStreamImage represents an Image that is retrieved by image name from an ImageStream.", + "image": "Image associated with the ImageStream and image name.", } func (ImageStreamImage) SwaggerDoc() map[string]string { @@ -156,10 +151,9 @@ func (ImageStreamImage) SwaggerDoc() map[string]string { } var map_ImageStreamImport = map[string]string{ - "": "The image stream import resource provides an easy way for a user to find and import container images from other container image registries into the server. Individual images or an entire image repository may be imported, and users may choose to see the results of the import prior to tagging the resulting images into the specified image stream.\n\nThis API is intended for end-user tools that need to see the metadata of the image prior to import (for instance, to generate an application from it). Clients that know the desired image can continue to create spec.tags directly into their image streams.", - "metadata": "Standard object's metadata.", - "spec": "Spec is a description of the images that the user wishes to import", - "status": "Status is the the result of importing the image", + "": "The image stream import resource provides an easy way for a user to find and import container images from other container image registries into the server. Individual images or an entire image repository may be imported, and users may choose to see the results of the import prior to tagging the resulting images into the specified image stream.\n\nThis API is intended for end-user tools that need to see the metadata of the image prior to import (for instance, to generate an application from it). Clients that know the desired image can continue to create spec.tags directly into their image streams.", + "spec": "Spec is a description of the images that the user wishes to import", + "status": "Status is the the result of importing the image", } func (ImageStreamImport) SwaggerDoc() map[string]string { @@ -189,10 +183,9 @@ func (ImageStreamImportStatus) SwaggerDoc() map[string]string { } var map_ImageStreamLayers = map[string]string{ - "": "ImageStreamLayers describes information about the layers referenced by images in this image stream.", - "metadata": "Standard object's metadata.", - "blobs": "blobs is a map of blob name to metadata about the blob.", - "images": "images is a map between an image name and the names of the blobs and config that comprise the image.", + "": "ImageStreamLayers describes information about the layers referenced by images in this image stream.", + "blobs": "blobs is a map of blob name to metadata about the blob.", + "images": "images is a map between an image name and the names of the blobs and config that comprise the image.", } func (ImageStreamLayers) SwaggerDoc() map[string]string { @@ -200,9 +193,8 @@ func (ImageStreamLayers) SwaggerDoc() map[string]string { } var map_ImageStreamList = map[string]string{ - "": "ImageStreamList is a list of ImageStream objects.", - "metadata": "Standard object's metadata.", - "items": "Items is a list of imageStreams", + "": "ImageStreamList is a list of ImageStream objects.", + "items": "Items is a list of imageStreams", } func (ImageStreamList) SwaggerDoc() map[string]string { @@ -210,10 +202,9 @@ func (ImageStreamList) SwaggerDoc() map[string]string { } var map_ImageStreamMapping = map[string]string{ - "": "ImageStreamMapping represents a mapping from a single tag to a container image as well as the reference to the container image stream the image came from.", - "metadata": "Standard object's metadata.", - "image": "Image is a container image.", - "tag": "Tag is a string value this image can be located with inside the stream.", + "": "ImageStreamMapping represents a mapping from a single tag to a container image as well as the reference to the container image stream the image came from.", + "image": "Image is a container image.", + "tag": "Tag is a string value this image can be located with inside the stream.", } func (ImageStreamMapping) SwaggerDoc() map[string]string { @@ -244,7 +235,6 @@ func (ImageStreamStatus) SwaggerDoc() map[string]string { var map_ImageStreamTag = map[string]string{ "": "ImageStreamTag represents an Image that is retrieved by tag name from an ImageStream.", - "metadata": "Standard object's metadata.", "tag": "tag is the spec tag associated with this image stream tag, and it may be null if only pushes have occurred to this image stream.", "generation": "generation is the current generation of the tagged image - if tag is provided and this value is not equal to the tag generation, a user has requested an import that has not completed, or conditions will be filled out indicating any error.", "lookupPolicy": "lookupPolicy indicates whether this tag will handle image references in this namespace.", @@ -257,9 +247,8 @@ func (ImageStreamTag) SwaggerDoc() map[string]string { } var map_ImageStreamTagList = map[string]string{ - "": "ImageStreamTagList is a list of ImageStreamTag objects.", - "metadata": "Standard object's metadata.", - "items": "Items is the list of image stream tags", + "": "ImageStreamTagList is a list of ImageStreamTag objects.", + "items": "Items is the list of image stream tags", } func (ImageStreamTagList) SwaggerDoc() map[string]string { diff --git a/vendor/github.com/openshift/api/security/v1/0000_03_security-openshift_01_scc.crd.yaml b/vendor/github.com/openshift/api/security/v1/0000_03_security-openshift_01_scc.crd.yaml new file mode 100644 index 0000000000..1f12c5ad51 --- /dev/null +++ b/vendor/github.com/openshift/api/security/v1/0000_03_security-openshift_01_scc.crd.yaml @@ -0,0 +1,315 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: securitycontextconstraints.security.openshift.io +spec: + group: security.openshift.io + names: + kind: SecurityContextConstraints + listKind: SecurityContextConstraintsList + plural: securitycontextconstraints + singular: securitycontextconstraints + scope: Cluster + preserveUnknownFields: false + versions: + - name: v1 + served: true + storage: true + "validation": + "openAPIV3Schema": + description: SecurityContextConstraints governs the ability to make requests + that affect the SecurityContext that will be applied to a container. For historical + reasons SCC was exposed under the core Kubernetes API group. That exposure + is deprecated and will be removed in a future release - users should instead + use the security.openshift.io group to manage SecurityContextConstraints. + type: object + required: + - allowHostDirVolumePlugin + - allowHostIPC + - allowHostNetwork + - allowHostPID + - allowHostPorts + - allowPrivilegedContainer + - allowedCapabilities + - defaultAddCapabilities + - priority + - readOnlyRootFilesystem + - requiredDropCapabilities + - volumes + properties: + allowHostDirVolumePlugin: + description: AllowHostDirVolumePlugin determines if the policy allow containers + to use the HostDir volume plugin + type: boolean + allowHostIPC: + description: AllowHostIPC determines if the policy allows host ipc in the + containers. + type: boolean + allowHostNetwork: + description: AllowHostNetwork determines if the policy allows the use of + HostNetwork in the pod spec. + type: boolean + allowHostPID: + description: AllowHostPID determines if the policy allows host pid in the + containers. + type: boolean + allowHostPorts: + description: AllowHostPorts determines if the policy allows host ports in + the containers. + type: boolean + allowPrivilegeEscalation: + description: AllowPrivilegeEscalation determines if a pod can request to + allow privilege escalation. If unspecified, defaults to true. + type: boolean + nullable: true + allowPrivilegedContainer: + description: AllowPrivilegedContainer determines if a container can request + to be run as privileged. + type: boolean + allowedCapabilities: + description: AllowedCapabilities is a list of capabilities that can be requested + to add to the container. Capabilities in this field maybe added at the + pod author's discretion. You must not list a capability in both AllowedCapabilities + and RequiredDropCapabilities. To allow all capabilities you may use '*'. + type: array + items: + description: Capability represent POSIX capabilities type + type: string + nullable: true + allowedFlexVolumes: + description: AllowedFlexVolumes is a whitelist of allowed Flexvolumes. Empty + or nil indicates that all Flexvolumes may be used. This parameter is + effective only when the usage of the Flexvolumes is allowed in the "Volumes" + field. + type: array + items: + description: AllowedFlexVolume represents a single Flexvolume that is + allowed to be used. + type: object + required: + - driver + properties: + driver: + description: Driver is the name of the Flexvolume driver. + type: string + nullable: true + allowedUnsafeSysctls: + description: "AllowedUnsafeSysctls is a list of explicitly allowed unsafe + sysctls, defaults to none. Each entry is either a plain sysctl name or + ends in \"*\" in which case it is considered as a prefix of allowed sysctls. + Single * means all unsafe sysctls are allowed. Kubelet has to whitelist + all allowed unsafe sysctls explicitly to avoid rejection. \n Examples: + e.g. \"foo/*\" allows \"foo/bar\", \"foo/baz\", etc. e.g. \"foo.*\" allows + \"foo.bar\", \"foo.baz\", etc." + type: array + items: + type: string + nullable: true + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + defaultAddCapabilities: + description: DefaultAddCapabilities is the default set of capabilities that + will be added to the container unless the pod spec specifically drops + the capability. You may not list a capabiility in both DefaultAddCapabilities + and RequiredDropCapabilities. + type: array + items: + description: Capability represent POSIX capabilities type + type: string + nullable: true + defaultAllowPrivilegeEscalation: + description: DefaultAllowPrivilegeEscalation controls the default setting + for whether a process can gain more privileges than its parent process. + type: boolean + nullable: true + forbiddenSysctls: + description: "ForbiddenSysctls is a list of explicitly forbidden sysctls, + defaults to none. Each entry is either a plain sysctl name or ends in + \"*\" in which case it is considered as a prefix of forbidden sysctls. + Single * means all sysctls are forbidden. \n Examples: e.g. \"foo/*\" + forbids \"foo/bar\", \"foo/baz\", etc. e.g. \"foo.*\" forbids \"foo.bar\", + \"foo.baz\", etc." + type: array + items: + type: string + nullable: true + fsGroup: + description: FSGroup is the strategy that will dictate what fs group is + used by the SecurityContext. + type: object + properties: + ranges: + description: Ranges are the allowed ranges of fs groups. If you would + like to force a single fs group then supply a single range with the + same start and end. + type: array + items: + description: 'IDRange provides a min/max of an allowed range of IDs. + TODO: this could be reused for UIDs.' + type: object + properties: + max: + description: Max is the end of the range, inclusive. + type: integer + format: int64 + min: + description: Min is the start of the range, inclusive. + type: integer + format: int64 + type: + description: Type is the strategy that will dictate what FSGroup is + used in the SecurityContext. + type: string + nullable: true + groups: + description: The groups that have permission to use this security context + constraints + type: array + items: + type: string + nullable: true + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + priority: + description: Priority influences the sort order of SCCs when evaluating + which SCCs to try first for a given pod request based on access in the + Users and Groups fields. The higher the int, the higher priority. An + unset value is considered a 0 priority. If scores for multiple SCCs are + equal they will be sorted from most restrictive to least restrictive. + If both priorities and restrictions are equal the SCCs will be sorted + by name. + type: integer + format: int32 + nullable: true + readOnlyRootFilesystem: + description: ReadOnlyRootFilesystem when set to true will force containers + to run with a read only root file system. If the container specifically + requests to run with a non-read only root file system the SCC should deny + the pod. If set to false the container may run with a read only root file + system if it wishes but it will not be forced to. + type: boolean + requiredDropCapabilities: + description: RequiredDropCapabilities are the capabilities that will be + dropped from the container. These are required to be dropped and cannot + be added. + type: array + items: + description: Capability represent POSIX capabilities type + type: string + nullable: true + runAsUser: + description: RunAsUser is the strategy that will dictate what RunAsUser + is used in the SecurityContext. + type: object + properties: + type: + description: Type is the strategy that will dictate what RunAsUser is + used in the SecurityContext. + type: string + uid: + description: UID is the user id that containers must run as. Required + for the MustRunAs strategy if not using namespace/service account + allocated uids. + type: integer + format: int64 + uidRangeMax: + description: UIDRangeMax defines the max value for a strategy that allocates + by range. + type: integer + format: int64 + uidRangeMin: + description: UIDRangeMin defines the min value for a strategy that allocates + by range. + type: integer + format: int64 + nullable: true + seLinuxContext: + description: SELinuxContext is the strategy that will dictate what labels + will be set in the SecurityContext. + type: object + properties: + seLinuxOptions: + description: seLinuxOptions required to run as; required for MustRunAs + type: object + properties: + level: + description: Level is SELinux level label that applies to the container. + type: string + role: + description: Role is a SELinux role label that applies to the container. + type: string + type: + description: Type is a SELinux type label that applies to the container. + type: string + user: + description: User is a SELinux user label that applies to the container. + type: string + type: + description: Type is the strategy that will dictate what SELinux context + is used in the SecurityContext. + type: string + nullable: true + seccompProfiles: + description: "SeccompProfiles lists the allowed profiles that may be set + for the pod or container's seccomp annotations. An unset (nil) or empty + value means that no profiles may be specifid by the pod or container.\tThe + wildcard '*' may be used to allow all profiles. When used to generate + a value for a pod the first non-wildcard profile will be used as the default." + type: array + items: + type: string + nullable: true + supplementalGroups: + description: SupplementalGroups is the strategy that will dictate what supplemental + groups are used by the SecurityContext. + type: object + properties: + ranges: + description: Ranges are the allowed ranges of supplemental groups. If + you would like to force a single supplemental group then supply a + single range with the same start and end. + type: array + items: + description: 'IDRange provides a min/max of an allowed range of IDs. + TODO: this could be reused for UIDs.' + type: object + properties: + max: + description: Max is the end of the range, inclusive. + type: integer + format: int64 + min: + description: Min is the start of the range, inclusive. + type: integer + format: int64 + type: + description: Type is the strategy that will dictate what supplemental + groups is used in the SecurityContext. + type: string + nullable: true + users: + description: The users who have permissions to use this security context + constraints + type: array + items: + type: string + nullable: true + volumes: + description: Volumes is a white list of allowed volume plugins. FSType + corresponds directly with the field names of a VolumeSource (azureFile, + configMap, emptyDir). To allow all volumes you may use "*". To allow + no volumes, set to ["none"]. + type: array + items: + description: FS Type gives strong typing to different file systems that + are used by volumes. + type: string + nullable: true diff --git a/vendor/github.com/openshift/api/security/v1/generated.proto b/vendor/github.com/openshift/api/security/v1/generated.proto new file mode 100644 index 0000000000..7cbba8eac0 --- /dev/null +++ b/vendor/github.com/openshift/api/security/v1/generated.proto @@ -0,0 +1,342 @@ + +// This file was autogenerated by go-to-protobuf. Do not edit it manually! + +syntax = 'proto2'; + +package github.com.openshift.api.security.v1; + +import "k8s.io/api/core/v1/generated.proto"; +import "k8s.io/apimachinery/pkg/apis/meta/v1/generated.proto"; +import "k8s.io/apimachinery/pkg/runtime/schema/generated.proto"; + +// Package-wide variables from generator "generated". +option go_package = "v1"; + +// AllowedFlexVolume represents a single Flexvolume that is allowed to be used. +message AllowedFlexVolume { + // Driver is the name of the Flexvolume driver. + optional string driver = 1; +} + +// FSGroupStrategyOptions defines the strategy type and options used to create the strategy. +message FSGroupStrategyOptions { + // Type is the strategy that will dictate what FSGroup is used in the SecurityContext. + optional string type = 1; + + // Ranges are the allowed ranges of fs groups. If you would like to force a single + // fs group then supply a single range with the same start and end. + repeated IDRange ranges = 2; +} + +// IDRange provides a min/max of an allowed range of IDs. +// TODO: this could be reused for UIDs. +message IDRange { + // Min is the start of the range, inclusive. + optional int64 min = 1; + + // Max is the end of the range, inclusive. + optional int64 max = 2; +} + +// PodSecurityPolicyReview checks which service accounts (not users, since that would be cluster-wide) can create the `PodTemplateSpec` in question. +message PodSecurityPolicyReview { + // spec is the PodSecurityPolicy to check. + optional PodSecurityPolicyReviewSpec spec = 1; + + // status represents the current information/status for the PodSecurityPolicyReview. + optional PodSecurityPolicyReviewStatus status = 2; +} + +// PodSecurityPolicyReviewSpec defines specification for PodSecurityPolicyReview +message PodSecurityPolicyReviewSpec { + // template is the PodTemplateSpec to check. The template.spec.serviceAccountName field is used + // if serviceAccountNames is empty, unless the template.spec.serviceAccountName is empty, + // in which case "default" is used. + // If serviceAccountNames is specified, template.spec.serviceAccountName is ignored. + optional k8s.io.api.core.v1.PodTemplateSpec template = 1; + + // serviceAccountNames is an optional set of ServiceAccounts to run the check with. + // If serviceAccountNames is empty, the template.spec.serviceAccountName is used, + // unless it's empty, in which case "default" is used instead. + // If serviceAccountNames is specified, template.spec.serviceAccountName is ignored. + repeated string serviceAccountNames = 2; +} + +// PodSecurityPolicyReviewStatus represents the status of PodSecurityPolicyReview. +message PodSecurityPolicyReviewStatus { + // allowedServiceAccounts returns the list of service accounts in *this* namespace that have the power to create the PodTemplateSpec. + repeated ServiceAccountPodSecurityPolicyReviewStatus allowedServiceAccounts = 1; +} + +// PodSecurityPolicySelfSubjectReview checks whether this user/SA tuple can create the PodTemplateSpec +message PodSecurityPolicySelfSubjectReview { + // spec defines specification the PodSecurityPolicySelfSubjectReview. + optional PodSecurityPolicySelfSubjectReviewSpec spec = 1; + + // status represents the current information/status for the PodSecurityPolicySelfSubjectReview. + optional PodSecurityPolicySubjectReviewStatus status = 2; +} + +// PodSecurityPolicySelfSubjectReviewSpec contains specification for PodSecurityPolicySelfSubjectReview. +message PodSecurityPolicySelfSubjectReviewSpec { + // template is the PodTemplateSpec to check. + optional k8s.io.api.core.v1.PodTemplateSpec template = 1; +} + +// PodSecurityPolicySubjectReview checks whether a particular user/SA tuple can create the PodTemplateSpec. +message PodSecurityPolicySubjectReview { + // spec defines specification for the PodSecurityPolicySubjectReview. + optional PodSecurityPolicySubjectReviewSpec spec = 1; + + // status represents the current information/status for the PodSecurityPolicySubjectReview. + optional PodSecurityPolicySubjectReviewStatus status = 2; +} + +// PodSecurityPolicySubjectReviewSpec defines specification for PodSecurityPolicySubjectReview +message PodSecurityPolicySubjectReviewSpec { + // template is the PodTemplateSpec to check. If template.spec.serviceAccountName is empty it will not be defaulted. + // If its non-empty, it will be checked. + optional k8s.io.api.core.v1.PodTemplateSpec template = 1; + + // user is the user you're testing for. + // If you specify "user" but not "group", then is it interpreted as "What if user were not a member of any groups. + // If user and groups are empty, then the check is performed using *only* the serviceAccountName in the template. + optional string user = 2; + + // groups is the groups you're testing for. + repeated string groups = 3; +} + +// PodSecurityPolicySubjectReviewStatus contains information/status for PodSecurityPolicySubjectReview. +message PodSecurityPolicySubjectReviewStatus { + // allowedBy is a reference to the rule that allows the PodTemplateSpec. + // A rule can be a SecurityContextConstraint or a PodSecurityPolicy + // A `nil`, indicates that it was denied. + optional k8s.io.api.core.v1.ObjectReference allowedBy = 1; + + // A machine-readable description of why this operation is in the + // "Failure" status. If this value is empty there + // is no information available. + optional string reason = 2; + + // template is the PodTemplateSpec after the defaulting is applied. + optional k8s.io.api.core.v1.PodTemplateSpec template = 3; +} + +// RangeAllocation is used so we can easily expose a RangeAllocation typed for security group +message RangeAllocation { + optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; + + // range is a string representing a unique label for a range of uids, "1000000000-2000000000/10000". + optional string range = 2; + + // data is a byte array representing the serialized state of a range allocation. It is a bitmap + // with each bit set to one to represent a range is taken. + optional bytes data = 3; +} + +// RangeAllocationList is a list of RangeAllocations objects +message RangeAllocationList { + optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; + + // List of RangeAllocations. + repeated RangeAllocation items = 2; +} + +// RunAsUserStrategyOptions defines the strategy type and any options used to create the strategy. +message RunAsUserStrategyOptions { + // Type is the strategy that will dictate what RunAsUser is used in the SecurityContext. + optional string type = 1; + + // UID is the user id that containers must run as. Required for the MustRunAs strategy if not using + // namespace/service account allocated uids. + optional int64 uid = 2; + + // UIDRangeMin defines the min value for a strategy that allocates by range. + optional int64 uidRangeMin = 3; + + // UIDRangeMax defines the max value for a strategy that allocates by range. + optional int64 uidRangeMax = 4; +} + +// SELinuxContextStrategyOptions defines the strategy type and any options used to create the strategy. +message SELinuxContextStrategyOptions { + // Type is the strategy that will dictate what SELinux context is used in the SecurityContext. + optional string type = 1; + + // seLinuxOptions required to run as; required for MustRunAs + optional k8s.io.api.core.v1.SELinuxOptions seLinuxOptions = 2; +} + +// SecurityContextConstraints governs the ability to make requests that affect the SecurityContext +// that will be applied to a container. +// For historical reasons SCC was exposed under the core Kubernetes API group. +// That exposure is deprecated and will be removed in a future release - users +// should instead use the security.openshift.io group to manage +// SecurityContextConstraints. +// +kubebuilder:singular=securitycontextconstraint +message SecurityContextConstraints { + optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; + + // Priority influences the sort order of SCCs when evaluating which SCCs to try first for + // a given pod request based on access in the Users and Groups fields. The higher the int, the + // higher priority. An unset value is considered a 0 priority. If scores + // for multiple SCCs are equal they will be sorted from most restrictive to + // least restrictive. If both priorities and restrictions are equal the + // SCCs will be sorted by name. + // +nullable + optional int32 priority = 2; + + // AllowPrivilegedContainer determines if a container can request to be run as privileged. + optional bool allowPrivilegedContainer = 3; + + // DefaultAddCapabilities is the default set of capabilities that will be added to the container + // unless the pod spec specifically drops the capability. You may not list a capabiility in both + // DefaultAddCapabilities and RequiredDropCapabilities. + // +nullable + repeated string defaultAddCapabilities = 4; + + // RequiredDropCapabilities are the capabilities that will be dropped from the container. These + // are required to be dropped and cannot be added. + // +nullable + repeated string requiredDropCapabilities = 5; + + // AllowedCapabilities is a list of capabilities that can be requested to add to the container. + // Capabilities in this field maybe added at the pod author's discretion. + // You must not list a capability in both AllowedCapabilities and RequiredDropCapabilities. + // To allow all capabilities you may use '*'. + // +nullable + repeated string allowedCapabilities = 6; + + // AllowHostDirVolumePlugin determines if the policy allow containers to use the HostDir volume plugin + // +k8s:conversion-gen=false + optional bool allowHostDirVolumePlugin = 7; + + // Volumes is a white list of allowed volume plugins. FSType corresponds directly with the field names + // of a VolumeSource (azureFile, configMap, emptyDir). To allow all volumes you may use "*". + // To allow no volumes, set to ["none"]. + // +nullable + repeated string volumes = 8; + + // AllowedFlexVolumes is a whitelist of allowed Flexvolumes. Empty or nil indicates that all + // Flexvolumes may be used. This parameter is effective only when the usage of the Flexvolumes + // is allowed in the "Volumes" field. + // +optional + // +nullable + repeated AllowedFlexVolume allowedFlexVolumes = 21; + + // AllowHostNetwork determines if the policy allows the use of HostNetwork in the pod spec. + optional bool allowHostNetwork = 9; + + // AllowHostPorts determines if the policy allows host ports in the containers. + optional bool allowHostPorts = 10; + + // AllowHostPID determines if the policy allows host pid in the containers. + optional bool allowHostPID = 11; + + // AllowHostIPC determines if the policy allows host ipc in the containers. + optional bool allowHostIPC = 12; + + // DefaultAllowPrivilegeEscalation controls the default setting for whether a + // process can gain more privileges than its parent process. + // +optional + // +nullable + optional bool defaultAllowPrivilegeEscalation = 22; + + // AllowPrivilegeEscalation determines if a pod can request to allow + // privilege escalation. If unspecified, defaults to true. + // +optional + // +nullable + optional bool allowPrivilegeEscalation = 23; + + // SELinuxContext is the strategy that will dictate what labels will be set in the SecurityContext. + // +nullable + optional SELinuxContextStrategyOptions seLinuxContext = 13; + + // RunAsUser is the strategy that will dictate what RunAsUser is used in the SecurityContext. + // +nullable + optional RunAsUserStrategyOptions runAsUser = 14; + + // SupplementalGroups is the strategy that will dictate what supplemental groups are used by the SecurityContext. + // +nullable + optional SupplementalGroupsStrategyOptions supplementalGroups = 15; + + // FSGroup is the strategy that will dictate what fs group is used by the SecurityContext. + // +nullable + optional FSGroupStrategyOptions fsGroup = 16; + + // ReadOnlyRootFilesystem when set to true will force containers to run with a read only root file + // system. If the container specifically requests to run with a non-read only root file system + // the SCC should deny the pod. + // If set to false the container may run with a read only root file system if it wishes but it + // will not be forced to. + optional bool readOnlyRootFilesystem = 17; + + // The users who have permissions to use this security context constraints + // +optional + // +nullable + repeated string users = 18; + + // The groups that have permission to use this security context constraints + // +optional + // +nullable + repeated string groups = 19; + + // SeccompProfiles lists the allowed profiles that may be set for the pod or + // container's seccomp annotations. An unset (nil) or empty value means that no profiles may + // be specifid by the pod or container. The wildcard '*' may be used to allow all profiles. When + // used to generate a value for a pod the first non-wildcard profile will be used as + // the default. + // +nullable + repeated string seccompProfiles = 20; + + // AllowedUnsafeSysctls is a list of explicitly allowed unsafe sysctls, defaults to none. + // Each entry is either a plain sysctl name or ends in "*" in which case it is considered + // as a prefix of allowed sysctls. Single * means all unsafe sysctls are allowed. + // Kubelet has to whitelist all allowed unsafe sysctls explicitly to avoid rejection. + // + // Examples: + // e.g. "foo/*" allows "foo/bar", "foo/baz", etc. + // e.g. "foo.*" allows "foo.bar", "foo.baz", etc. + // +optional + // +nullable + repeated string allowedUnsafeSysctls = 24; + + // ForbiddenSysctls is a list of explicitly forbidden sysctls, defaults to none. + // Each entry is either a plain sysctl name or ends in "*" in which case it is considered + // as a prefix of forbidden sysctls. Single * means all sysctls are forbidden. + // + // Examples: + // e.g. "foo/*" forbids "foo/bar", "foo/baz", etc. + // e.g. "foo.*" forbids "foo.bar", "foo.baz", etc. + // +optional + // +nullable + repeated string forbiddenSysctls = 25; +} + +// SecurityContextConstraintsList is a list of SecurityContextConstraints objects +message SecurityContextConstraintsList { + optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; + + // List of security context constraints. + repeated SecurityContextConstraints items = 2; +} + +// ServiceAccountPodSecurityPolicyReviewStatus represents ServiceAccount name and related review status +message ServiceAccountPodSecurityPolicyReviewStatus { + optional PodSecurityPolicySubjectReviewStatus podSecurityPolicySubjectReviewStatus = 1; + + // name contains the allowed and the denied ServiceAccount name + optional string name = 2; +} + +// SupplementalGroupsStrategyOptions defines the strategy type and options used to create the strategy. +message SupplementalGroupsStrategyOptions { + // Type is the strategy that will dictate what supplemental groups is used in the SecurityContext. + optional string type = 1; + + // Ranges are the allowed ranges of supplemental groups. If you would like to force a single + // supplemental group then supply a single range with the same start and end. + repeated IDRange ranges = 2; +} + diff --git a/vendor/github.com/openshift/api/security/v1/types.go b/vendor/github.com/openshift/api/security/v1/types.go index 2232a83dcb..5796a5f4e9 100644 --- a/vendor/github.com/openshift/api/security/v1/types.go +++ b/vendor/github.com/openshift/api/security/v1/types.go @@ -22,9 +22,7 @@ var AllowAllCapabilities corev1.Capability = "*" // SecurityContextConstraints. // +kubebuilder:singular=securitycontextconstraint type SecurityContextConstraints struct { - metav1.TypeMeta `json:",inline"` - // Standard object's metadata. - // More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#metadata + metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` // Priority influences the sort order of SCCs when evaluating which SCCs to try first for @@ -281,8 +279,6 @@ const ( // SecurityContextConstraintsList is a list of SecurityContextConstraints objects type SecurityContextConstraintsList struct { metav1.TypeMeta `json:",inline"` - - // More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#metadata metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` // List of security context constraints. @@ -406,10 +402,7 @@ type ServiceAccountPodSecurityPolicyReviewStatus struct { // RangeAllocation is used so we can easily expose a RangeAllocation typed for security group type RangeAllocation struct { - metav1.TypeMeta `json:",inline"` - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata - // +optional + metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` // range is a string representing a unique label for a range of uids, "1000000000-2000000000/10000". @@ -425,8 +418,6 @@ type RangeAllocation struct { // RangeAllocationList is a list of RangeAllocations objects type RangeAllocationList struct { metav1.TypeMeta `json:",inline"` - - // More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#metadata metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` // List of RangeAllocations. diff --git a/vendor/github.com/openshift/api/security/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/security/v1/zz_generated.swagger_doc_generated.go index 60a167915e..1077c04017 100644 --- a/vendor/github.com/openshift/api/security/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/security/v1/zz_generated.swagger_doc_generated.go @@ -121,10 +121,9 @@ func (PodSecurityPolicySubjectReviewStatus) SwaggerDoc() map[string]string { } var map_RangeAllocation = map[string]string{ - "": "RangeAllocation is used so we can easily expose a RangeAllocation typed for security group", - "metadata": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata", - "range": "range is a string representing a unique label for a range of uids, \"1000000000-2000000000/10000\".", - "data": "data is a byte array representing the serialized state of a range allocation. It is a bitmap with each bit set to one to represent a range is taken.", + "": "RangeAllocation is used so we can easily expose a RangeAllocation typed for security group", + "range": "range is a string representing a unique label for a range of uids, \"1000000000-2000000000/10000\".", + "data": "data is a byte array representing the serialized state of a range allocation. It is a bitmap with each bit set to one to represent a range is taken.", } func (RangeAllocation) SwaggerDoc() map[string]string { @@ -132,9 +131,8 @@ func (RangeAllocation) SwaggerDoc() map[string]string { } var map_RangeAllocationList = map[string]string{ - "": "RangeAllocationList is a list of RangeAllocations objects", - "metadata": "More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#metadata", - "items": "List of RangeAllocations.", + "": "RangeAllocationList is a list of RangeAllocations objects", + "items": "List of RangeAllocations.", } func (RangeAllocationList) SwaggerDoc() map[string]string { @@ -165,7 +163,6 @@ func (SELinuxContextStrategyOptions) SwaggerDoc() map[string]string { var map_SecurityContextConstraints = map[string]string{ "": "SecurityContextConstraints governs the ability to make requests that affect the SecurityContext that will be applied to a container. For historical reasons SCC was exposed under the core Kubernetes API group. That exposure is deprecated and will be removed in a future release - users should instead use the security.openshift.io group to manage SecurityContextConstraints.", - "metadata": "Standard object's metadata. More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#metadata", "priority": "Priority influences the sort order of SCCs when evaluating which SCCs to try first for a given pod request based on access in the Users and Groups fields. The higher the int, the higher priority. An unset value is considered a 0 priority. If scores for multiple SCCs are equal they will be sorted from most restrictive to least restrictive. If both priorities and restrictions are equal the SCCs will be sorted by name.", "allowPrivilegedContainer": "AllowPrivilegedContainer determines if a container can request to be run as privileged.", "defaultAddCapabilities": "DefaultAddCapabilities is the default set of capabilities that will be added to the container unless the pod spec specifically drops the capability. You may not list a capabiility in both DefaultAddCapabilities and RequiredDropCapabilities.", @@ -197,9 +194,8 @@ func (SecurityContextConstraints) SwaggerDoc() map[string]string { } var map_SecurityContextConstraintsList = map[string]string{ - "": "SecurityContextConstraintsList is a list of SecurityContextConstraints objects", - "metadata": "More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#metadata", - "items": "List of security context constraints.", + "": "SecurityContextConstraintsList is a list of SecurityContextConstraints objects", + "items": "List of security context constraints.", } func (SecurityContextConstraintsList) SwaggerDoc() map[string]string { diff --git a/vendor/golang.org/x/tools/go/internal/gcimporter/iexport.go b/vendor/golang.org/x/tools/go/internal/gcimporter/iexport.go index be671c79b7..4be32a2e55 100644 --- a/vendor/golang.org/x/tools/go/internal/gcimporter/iexport.go +++ b/vendor/golang.org/x/tools/go/internal/gcimporter/iexport.go @@ -6,8 +6,6 @@ // This file was derived from $GOROOT/src/cmd/compile/internal/gc/iexport.go; // see that file for specification of the format. -// +build go1.11 - package gcimporter import ( @@ -28,7 +26,10 @@ import ( const iexportVersion = 0 // IExportData returns the binary export data for pkg. +// // If no file set is provided, position info will be missing. +// The package path of the top-level package will not be recorded, +// so that calls to IImportData can override with a provided package path. func IExportData(fset *token.FileSet, pkg *types.Package) (b []byte, err error) { defer func() { if e := recover(); e != nil { @@ -48,6 +49,7 @@ func IExportData(fset *token.FileSet, pkg *types.Package) (b []byte, err error) stringIndex: map[string]uint64{}, declIndex: map[types.Object]uint64{}, typIndex: map[types.Type]uint64{}, + localpkg: pkg, } for i, pt := range predeclared() { @@ -73,7 +75,7 @@ func IExportData(fset *token.FileSet, pkg *types.Package) (b []byte, err error) // Append indices to data0 section. dataLen := uint64(p.data0.Len()) w := p.newWriter() - w.writeIndex(p.declIndex, pkg) + w.writeIndex(p.declIndex) w.flush() // Assemble header. @@ -95,14 +97,14 @@ func IExportData(fset *token.FileSet, pkg *types.Package) (b []byte, err error) // we're writing out the main index, which is also read by // non-compiler tools and includes a complete package description // (i.e., name and height). -func (w *exportWriter) writeIndex(index map[types.Object]uint64, localpkg *types.Package) { +func (w *exportWriter) writeIndex(index map[types.Object]uint64) { // Build a map from packages to objects from that package. pkgObjs := map[*types.Package][]types.Object{} // For the main index, make sure to include every package that // we reference, even if we're not exporting (or reexporting) // any symbols from it. - pkgObjs[localpkg] = nil + pkgObjs[w.p.localpkg] = nil for pkg := range w.p.allPkgs { pkgObjs[pkg] = nil } @@ -121,12 +123,12 @@ func (w *exportWriter) writeIndex(index map[types.Object]uint64, localpkg *types } sort.Slice(pkgs, func(i, j int) bool { - return pkgs[i].Path() < pkgs[j].Path() + return w.exportPath(pkgs[i]) < w.exportPath(pkgs[j]) }) w.uint64(uint64(len(pkgs))) for _, pkg := range pkgs { - w.string(pkg.Path()) + w.string(w.exportPath(pkg)) w.string(pkg.Name()) w.uint64(uint64(0)) // package height is not needed for go/types @@ -143,6 +145,8 @@ type iexporter struct { fset *token.FileSet out *bytes.Buffer + localpkg *types.Package + // allPkgs tracks all packages that have been referenced by // the export data, so we can ensure to include them in the // main index. @@ -195,6 +199,13 @@ type exportWriter struct { prevLine int64 } +func (w *exportWriter) exportPath(pkg *types.Package) string { + if pkg == w.p.localpkg { + return "" + } + return pkg.Path() +} + func (p *iexporter) doDecl(obj types.Object) { w := p.newWriter() w.setPkg(obj.Pkg(), false) @@ -267,6 +278,11 @@ func (w *exportWriter) tag(tag byte) { } func (w *exportWriter) pos(pos token.Pos) { + if w.p.fset == nil { + w.int64(0) + return + } + p := w.p.fset.Position(pos) file := p.Filename line := int64(p.Line) @@ -299,7 +315,7 @@ func (w *exportWriter) pkg(pkg *types.Package) { // Ensure any referenced packages are declared in the main index. w.p.allPkgs[pkg] = true - w.string(pkg.Path()) + w.string(w.exportPath(pkg)) } func (w *exportWriter) qualifiedIdent(obj types.Object) { @@ -394,7 +410,7 @@ func (w *exportWriter) doTyp(t types.Type, pkg *types.Package) { w.pos(f.Pos()) w.string(f.Name()) w.typ(f.Type(), pkg) - w.bool(f.Embedded()) + w.bool(f.Anonymous()) w.string(t.Tag(i)) // note (or tag) } diff --git a/vendor/golang.org/x/tools/go/internal/gcimporter/iimport.go b/vendor/golang.org/x/tools/go/internal/gcimporter/iimport.go index 3af95f4a16..a31a880263 100644 --- a/vendor/golang.org/x/tools/go/internal/gcimporter/iimport.go +++ b/vendor/golang.org/x/tools/go/internal/gcimporter/iimport.go @@ -147,24 +147,14 @@ func IImportData(fset *token.FileSet, imports map[string]*types.Package, data [] errorf("no packages found for %s", path) panic("unreachable") } - var localpkg *types.Package - for _, pkg := range pkgList { - if pkg.Path() == path { - localpkg = pkg - break - } - } - if localpkg == nil { - localpkg = pkgList[0] - } - - names := make([]string, 0, len(p.pkgIndex[localpkg])) - for name := range p.pkgIndex[localpkg] { + p.ipkg = pkgList[0] + names := make([]string, 0, len(p.pkgIndex[p.ipkg])) + for name := range p.pkgIndex[p.ipkg] { names = append(names, name) } sort.Strings(names) for _, name := range names { - p.doDecl(localpkg, name) + p.doDecl(p.ipkg, name) } for _, typ := range p.interfaceList { @@ -174,17 +164,18 @@ func IImportData(fset *token.FileSet, imports map[string]*types.Package, data [] // record all referenced packages as imports list := append(([]*types.Package)(nil), pkgList[1:]...) sort.Sort(byPath(list)) - localpkg.SetImports(list) + p.ipkg.SetImports(list) // package was imported completely and without errors - localpkg.MarkComplete() + p.ipkg.MarkComplete() consumed, _ := r.Seek(0, io.SeekCurrent) - return int(consumed), localpkg, nil + return int(consumed), p.ipkg, nil } type iimporter struct { ipath string + ipkg *types.Package version int stringData []byte @@ -236,6 +227,9 @@ func (p *iimporter) pkgAt(off uint64) *types.Package { return pkg } path := p.stringAt(off) + if path == p.ipath { + return p.ipkg + } errorf("missing package %q in %q", path, p.ipath) return nil } diff --git a/vendor/golang.org/x/tools/go/packages/golist.go b/vendor/golang.org/x/tools/go/packages/golist.go index 6b341b7e85..7eb88c0751 100644 --- a/vendor/golang.org/x/tools/go/packages/golist.go +++ b/vendor/golang.org/x/tools/go/packages/golist.go @@ -26,6 +26,7 @@ import ( "golang.org/x/tools/go/internal/packagesdriver" "golang.org/x/tools/internal/gopathwalk" "golang.org/x/tools/internal/semver" + "golang.org/x/tools/internal/span" ) // debug controls verbose logging. @@ -281,30 +282,42 @@ func runContainsQueries(cfg *Config, driver driver, response *responseDeduper, q return fmt.Errorf("could not determine absolute path of file= query path %q: %v", query, err) } dirResponse, err := driver(cfg, pattern) - if err != nil || (len(dirResponse.Packages) == 1 && len(dirResponse.Packages[0].Errors) == 1) { - // There was an error loading the package. Try to load the file as an ad-hoc package. - // Usually the error will appear in a returned package, but may not if we're in modules mode - // and the ad-hoc is located outside a module. + if err != nil { var queryErr error - dirResponse, queryErr = driver(cfg, query) - if queryErr != nil { - // Return the original error if the attempt to fall back failed. - return err + if dirResponse, queryErr = adHocPackage(cfg, driver, pattern, query); queryErr != nil { + return err // return the original error } - // Special case to handle issue #33482: - // If this is a file= query for ad-hoc packages where the file only exists on an overlay, - // and exists outside of a module, add the file in for the package. - if len(dirResponse.Packages) == 1 && len(dirResponse.Packages) == 1 && - dirResponse.Packages[0].ID == "command-line-arguments" && len(dirResponse.Packages[0].GoFiles) == 0 { - filename := filepath.Join(pattern, filepath.Base(query)) // avoid recomputing abspath - // TODO(matloob): check if the file is outside of a root dir? - for path := range cfg.Overlay { - if path == filename { - dirResponse.Packages[0].Errors = nil - dirResponse.Packages[0].GoFiles = []string{path} - dirResponse.Packages[0].CompiledGoFiles = []string{path} - } + } + // `go list` can report errors for files that are not listed as part of a package's GoFiles. + // In the case of an invalid Go file, we should assume that it is part of package if only + // one package is in the response. The file may have valid contents in an overlay. + if len(dirResponse.Packages) == 1 { + pkg := dirResponse.Packages[0] + for i, err := range pkg.Errors { + s := errorSpan(err) + if !s.IsValid() { + break } + if len(pkg.CompiledGoFiles) == 0 { + break + } + dir := filepath.Dir(pkg.CompiledGoFiles[0]) + filename := filepath.Join(dir, filepath.Base(s.URI().Filename())) + if info, err := os.Stat(filename); err != nil || info.IsDir() { + break + } + if !contains(pkg.CompiledGoFiles, filename) { + pkg.CompiledGoFiles = append(pkg.CompiledGoFiles, filename) + pkg.GoFiles = append(pkg.GoFiles, filename) + pkg.Errors = append(pkg.Errors[:i], pkg.Errors[i+1:]...) + } + } + } + // A final attempt to construct an ad-hoc package. + if len(dirResponse.Packages) == 1 && len(dirResponse.Packages[0].Errors) == 1 { + var queryErr error + if dirResponse, queryErr = adHocPackage(cfg, driver, pattern, query); queryErr != nil { + return err // return the original error } } isRoot := make(map[string]bool, len(dirResponse.Roots)) @@ -332,6 +345,74 @@ func runContainsQueries(cfg *Config, driver driver, response *responseDeduper, q return nil } +// adHocPackage attempts to construct an ad-hoc package given a query that failed. +func adHocPackage(cfg *Config, driver driver, pattern, query string) (*driverResponse, error) { + // There was an error loading the package. Try to load the file as an ad-hoc package. + // Usually the error will appear in a returned package, but may not if we're in modules mode + // and the ad-hoc is located outside a module. + dirResponse, err := driver(cfg, query) + if err != nil { + return nil, err + } + // If we get nothing back from `go list`, try to make this file into its own ad-hoc package. + if len(dirResponse.Packages) == 0 && err == nil { + dirResponse.Packages = append(dirResponse.Packages, &Package{ + ID: "command-line-arguments", + PkgPath: query, + GoFiles: []string{query}, + CompiledGoFiles: []string{query}, + Imports: make(map[string]*Package), + }) + dirResponse.Roots = append(dirResponse.Roots, "command-line-arguments") + } + // Special case to handle issue #33482: + // If this is a file= query for ad-hoc packages where the file only exists on an overlay, + // and exists outside of a module, add the file in for the package. + if len(dirResponse.Packages) == 1 && (dirResponse.Packages[0].ID == "command-line-arguments" || dirResponse.Packages[0].PkgPath == filepath.ToSlash(query)) { + if len(dirResponse.Packages[0].GoFiles) == 0 { + filename := filepath.Join(pattern, filepath.Base(query)) // avoid recomputing abspath + // TODO(matloob): check if the file is outside of a root dir? + for path := range cfg.Overlay { + if path == filename { + dirResponse.Packages[0].Errors = nil + dirResponse.Packages[0].GoFiles = []string{path} + dirResponse.Packages[0].CompiledGoFiles = []string{path} + } + } + } + } + return dirResponse, nil +} + +func contains(files []string, filename string) bool { + for _, f := range files { + if f == filename { + return true + } + } + return false +} + +// errorSpan attempts to parse a standard `go list` error message +// by stripping off the trailing error message. +// +// It works only on errors whose message is prefixed by colon, +// followed by a space (": "). For example: +// +// attributes.go:13:1: expected 'package', found 'type' +// +func errorSpan(err Error) span.Span { + if err.Pos == "" { + input := strings.TrimSpace(err.Msg) + msgIndex := strings.Index(input, ": ") + if msgIndex < 0 { + return span.Parse(input) + } + return span.Parse(input[:msgIndex]) + } + return span.Parse(err.Pos) +} + // modCacheRegexp splits a path in a module cache into module, module version, and package. var modCacheRegexp = regexp.MustCompile(`(.*)@([^/\\]*)(.*)`) @@ -395,6 +476,10 @@ func runNamedQueries(cfg *Config, driver driver, response *responseDeduper, quer } files, err := ioutil.ReadDir(modRoot) + if err != nil { + panic(err) // See above. + } + for _, f := range files { if strings.HasSuffix(f.Name(), ".go") { simpleMatches = append(simpleMatches, rel) @@ -462,7 +547,7 @@ func runNamedQueries(cfg *Config, driver driver, response *responseDeduper, quer // We're only trying to look at stuff in the module cache, so // disable the network. This should speed things up, and has // prevented errors in at least one case, #28518. - tmpCfg.Env = append(append([]string{"GOPROXY=off"}, cfg.Env...)) + tmpCfg.Env = append([]string{"GOPROXY=off"}, cfg.Env...) var err error tmpCfg.Dir, err = ioutil.TempDir("", "gopackages-modquery") @@ -510,17 +595,29 @@ func roots(cfg *Config) ([]gopathwalk.Root, string, error) { var roots []gopathwalk.Root // Always add GOROOT. - roots = append(roots, gopathwalk.Root{filepath.Join(goroot, "/src"), gopathwalk.RootGOROOT}) + roots = append(roots, gopathwalk.Root{ + Path: filepath.Join(goroot, "/src"), + Type: gopathwalk.RootGOROOT, + }) // If modules are enabled, scan the module dir. if modDir != "" { - roots = append(roots, gopathwalk.Root{modDir, gopathwalk.RootCurrentModule}) + roots = append(roots, gopathwalk.Root{ + Path: modDir, + Type: gopathwalk.RootCurrentModule, + }) } // Add either GOPATH/src or GOPATH/pkg/mod, depending on module mode. for _, p := range gopath { if modDir != "" { - roots = append(roots, gopathwalk.Root{filepath.Join(p, "/pkg/mod"), gopathwalk.RootModuleCache}) + roots = append(roots, gopathwalk.Root{ + Path: filepath.Join(p, "/pkg/mod"), + Type: gopathwalk.RootModuleCache, + }) } else { - roots = append(roots, gopathwalk.Root{filepath.Join(p, "/src"), gopathwalk.RootGOPATH}) + roots = append(roots, gopathwalk.Root{ + Path: filepath.Join(p, "/src"), + Type: gopathwalk.RootGOPATH, + }) } } @@ -682,7 +779,7 @@ func golistDriver(cfg *Config, rootsDirs func() *goInfo, words ...string) (*driv // contained in a known module or GOPATH entry. This will allow the package to be // properly "reclaimed" when overlays are processed. if filepath.IsAbs(p.ImportPath) && p.Error != nil { - pkgPath, ok := getPkgPath(p.ImportPath, rootsDirs) + pkgPath, ok := getPkgPath(cfg, p.ImportPath, rootsDirs) if ok { p.ImportPath = pkgPath } @@ -792,15 +889,31 @@ func golistDriver(cfg *Config, rootsDirs func() *goInfo, words ...string) (*driv } // getPkgPath finds the package path of a directory if it's relative to a root directory. -func getPkgPath(dir string, goInfo func() *goInfo) (string, bool) { +func getPkgPath(cfg *Config, dir string, goInfo func() *goInfo) (string, bool) { + absDir, err := filepath.Abs(dir) + if err != nil { + cfg.Logf("error getting absolute path of %s: %v", dir, err) + return "", false + } for rdir, rpath := range goInfo().rootDirs { + absRdir, err := filepath.Abs(rdir) + if err != nil { + cfg.Logf("error getting absolute path of %s: %v", rdir, err) + continue + } + // Make sure that the directory is in the module, + // to avoid creating a path relative to another module. + if !strings.HasPrefix(absDir, absRdir) { + cfg.Logf("%s does not have prefix %s", absDir, absRdir) + continue + } // TODO(matloob): This doesn't properly handle symlinks. r, err := filepath.Rel(rdir, dir) if err != nil { continue } if rpath != "" { - // We choose only ore root even though the directory even it can belong in multiple modules + // We choose only one root even though the directory even it can belong in multiple modules // or GOPATH entries. This is okay because we only need to work with absolute dirs when a // file is missing from disk, for instance when gopls calls go/packages in an overlay. // Once the file is saved, gopls, or the next invocation of the tool will get the correct @@ -808,6 +921,7 @@ func getPkgPath(dir string, goInfo func() *goInfo) (string, bool) { // TODO(matloob): Implement module tiebreaking? return path.Join(rpath, filepath.ToSlash(r)), true } + return filepath.ToSlash(r), true } return "", false } @@ -859,7 +973,7 @@ func invokeGo(cfg *Config, args ...string) (*bytes.Buffer, error) { cmd.Stdout = stdout cmd.Stderr = stderr defer func(start time.Time) { - cfg.Logf("%s for %v, stderr: <<%s>>\n", time.Since(start), cmdDebugStr(cmd, args...), stderr) + cfg.Logf("%s for %v, stderr: <<%s>> stdout: <<%s>>\n", time.Since(start), cmdDebugStr(cmd, args...), stderr, stdout) }(time.Now()) if err := cmd.Run(); err != nil { @@ -896,7 +1010,7 @@ func invokeGo(cfg *Config, args ...string) (*bytes.Buffer, error) { // (the Graphic characters without spaces) and may also exclude the // characters !"#$%&'()*,:;<=>?[\]^`{|} and the Unicode replacement character U+FFFD. return unicode.IsOneOf([]*unicode.RangeTable{unicode.L, unicode.M, unicode.N, unicode.P, unicode.S}, r) && - strings.IndexRune("!\"#$%&'()*,:;<=>?[\\]^`{|}\uFFFD", r) == -1 + !strings.ContainsRune("!\"#$%&'()*,:;<=>?[\\]^`{|}\uFFFD", r) } if len(stderr.String()) > 0 && strings.HasPrefix(stderr.String(), "# ") { if strings.HasPrefix(strings.TrimLeftFunc(stderr.String()[len("# "):], isPkgPathRune), "\n") { @@ -954,6 +1068,10 @@ func invokeGo(cfg *Config, args ...string) (*bytes.Buffer, error) { // status if there's a dependency on a package that doesn't exist. But it should return // a zero exit status and set an error on that package. if len(stderr.String()) > 0 && strings.Contains(stderr.String(), "no Go files in") { + // Don't clobber stdout if `go list` actually returned something. + if len(stdout.String()) > 0 { + return stdout, nil + } // try to extract package name from string stderrStr := stderr.String() var importPath string @@ -987,12 +1105,6 @@ func invokeGo(cfg *Config, args ...string) (*bytes.Buffer, error) { if len(stderr.Bytes()) != 0 && os.Getenv("GOPACKAGESPRINTGOLISTERRORS") != "" { fmt.Fprintf(os.Stderr, "%s stderr: <<%s>>\n", cmdDebugStr(cmd, args...), stderr) } - - // debugging - if false { - fmt.Fprintf(os.Stderr, "%s stdout: <<%s>>\n", cmdDebugStr(cmd, args...), stdout) - } - return stdout, nil } diff --git a/vendor/golang.org/x/tools/go/packages/golist_overlay.go b/vendor/golang.org/x/tools/go/packages/golist_overlay.go index 308e79c55c..a7de62299d 100644 --- a/vendor/golang.org/x/tools/go/packages/golist_overlay.go +++ b/vendor/golang.org/x/tools/go/packages/golist_overlay.go @@ -6,7 +6,6 @@ import ( "fmt" "go/parser" "go/token" - "path" "path/filepath" "strconv" "strings" @@ -87,26 +86,10 @@ func processGolistOverlay(cfg *Config, response *responseDeduper, rootDirs func( if pkg == nil { // Try to find the module or gopath dir the file is contained in. // Then for modules, add the module opath to the beginning. - var pkgPath string - for rdir, rpath := range rootDirs().rootDirs { - // TODO(matloob): This doesn't properly handle symlinks. - r, err := filepath.Rel(rdir, dir) - if err != nil { - continue - } - pkgPath = filepath.ToSlash(r) - if rpath != "" { - pkgPath = path.Join(rpath, pkgPath) - } - // We only create one new package even it can belong in multiple modules or GOPATH entries. - // This is okay because tools (such as the LSP) that use overlays will recompute the overlay - // once the file is saved, and golist will do the right thing. - // TODO(matloob): Implement module tiebreaking? + pkgPath, ok := getPkgPath(cfg, dir, rootDirs) + if !ok { break } - if pkgPath == "" { - continue - } isXTest := strings.HasSuffix(pkgName, "_test") if isXTest { pkgPath += "_test" diff --git a/vendor/golang.org/x/tools/internal/gopathwalk/walk.go b/vendor/golang.org/x/tools/internal/gopathwalk/walk.go index 60eb67b697..9a61bdbf5d 100644 --- a/vendor/golang.org/x/tools/internal/gopathwalk/walk.go +++ b/vendor/golang.org/x/tools/internal/gopathwalk/walk.go @@ -16,6 +16,7 @@ import ( "os" "path/filepath" "strings" + "time" "golang.org/x/tools/internal/fastwalk" ) @@ -83,8 +84,9 @@ func walkDir(root Root, add func(Root, string), skip func(root Root, dir string) } return } + start := time.Now() if opts.Debug { - log.Printf("scanning %s", root.Path) + log.Printf("gopathwalk: scanning %s", root.Path) } w := &walker{ root: root, @@ -98,7 +100,7 @@ func walkDir(root Root, add func(Root, string), skip func(root Root, dir string) } if opts.Debug { - log.Printf("scanned %s", root.Path) + log.Printf("gopathwalk: scanned %s in %v", root.Path, time.Since(start)) } } diff --git a/vendor/golang.org/x/tools/internal/imports/fix.go b/vendor/golang.org/x/tools/internal/imports/fix.go index bcfbb07ed8..11a076942f 100644 --- a/vendor/golang.org/x/tools/internal/imports/fix.go +++ b/vendor/golang.org/x/tools/internal/imports/fix.go @@ -475,9 +475,9 @@ func (p *pass) assumeSiblingImportsValid() { } for left, rights := range refs { if imp, ok := importsByName[left]; ok { - if _, ok := stdlib[imp.ImportPath]; ok { + if m, ok := stdlib[imp.ImportPath]; ok { // We have the stdlib in memory; no need to guess. - rights = stdlib[imp.ImportPath] + rights = copyExports(m) } p.addCandidate(imp, &packageInfo{ // no name; we already know it. @@ -586,18 +586,20 @@ func getFixes(fset *token.FileSet, f *ast.File, filename string, env *ProcessEnv // getAllCandidates gets all of the candidates to be imported, regardless of if they are needed. func getAllCandidates(filename string, env *ProcessEnv) ([]ImportFix, error) { - // TODO(suzmue): scan for additional candidates and filter out - // current package. + // TODO(heschi): filter out current package. (Don't forget x_test can import x.) - // Get the stdlib candidates and sort by import path. - var paths []string - for importPath := range stdlib { - paths = append(paths, importPath) + // Exclude goroot results -- getting them is relatively expensive, not cached, + // and generally redundant with the in-memory version. + exclude := []gopathwalk.RootType{gopathwalk.RootGOROOT} + // Only the go/packages resolver uses the first argument, and nobody uses that resolver. + pkgs, err := env.GetResolver().scan(nil, true, exclude) + if err != nil { + return nil, err } - sort.Strings(paths) + // Start off with the standard library. var imports []ImportFix - for _, importPath := range paths { + for importPath := range stdlib { imports = append(imports, ImportFix{ StmtInfo: ImportInfo{ ImportPath: importPath, @@ -606,6 +608,27 @@ func getAllCandidates(filename string, env *ProcessEnv) ([]ImportFix, error) { FixType: AddImport, }) } + + dupCheck := map[string]struct{}{} + for _, pkg := range pkgs { + if !canUse(filename, pkg.dir) { + continue + } + if _, ok := dupCheck[pkg.importPathShort]; ok { + continue + } + dupCheck[pkg.importPathShort] = struct{}{} + imports = append(imports, ImportFix{ + StmtInfo: ImportInfo{ + ImportPath: pkg.importPathShort, + }, + IdentName: pkg.packageName, + FixType: AddImport, + }) + } + sort.Slice(imports, func(i int, j int) bool { + return imports[i].StmtInfo.ImportPath < imports[j].StmtInfo.ImportPath + }) return imports, nil } @@ -712,9 +735,10 @@ func cmdDebugStr(cmd *exec.Cmd) string { func addStdlibCandidates(pass *pass, refs references) { add := func(pkg string) { + exports := copyExports(stdlib[pkg]) pass.addCandidate( &ImportInfo{ImportPath: pkg}, - &packageInfo{name: path.Base(pkg), exports: stdlib[pkg]}) + &packageInfo{name: path.Base(pkg), exports: exports}) } for left := range refs { if left == "rand" { @@ -735,8 +759,10 @@ func addStdlibCandidates(pass *pass, refs references) { type Resolver interface { // loadPackageNames loads the package names in importPaths. loadPackageNames(importPaths []string, srcDir string) (map[string]string, error) - // scan finds (at least) the packages satisfying refs. The returned slice is unordered. - scan(refs references) ([]*pkg, error) + // scan finds (at least) the packages satisfying refs. If loadNames is true, + // package names will be set on the results, and dirs whose package name + // could not be determined will be excluded. + scan(refs references, loadNames bool, exclude []gopathwalk.RootType) ([]*pkg, error) // loadExports returns the set of exported symbols in the package at dir. // It returns an error if the package name in dir does not match expectPackage. // loadExports may be called concurrently. @@ -772,7 +798,7 @@ func (r *goPackagesResolver) loadPackageNames(importPaths []string, srcDir strin } -func (r *goPackagesResolver) scan(refs references) ([]*pkg, error) { +func (r *goPackagesResolver) scan(refs references, _ bool, _ []gopathwalk.RootType) ([]*pkg, error) { var loadQueries []string for pkgName := range refs { loadQueries = append(loadQueries, "iamashamedtousethedisabledqueryname="+pkgName) @@ -790,6 +816,7 @@ func (r *goPackagesResolver) scan(refs references) ([]*pkg, error) { dir: filepath.Dir(goPackage.CompiledGoFiles[0]), importPathShort: VendorlessPath(goPackage.PkgPath), goPackage: goPackage, + packageName: goPackage.Name, }) } return scan, nil @@ -816,7 +843,7 @@ func (r *goPackagesResolver) loadExports(ctx context.Context, expectPackage stri } func addExternalCandidates(pass *pass, refs references, filename string) error { - dirScan, err := pass.env.GetResolver().scan(refs) + dirScan, err := pass.env.GetResolver().scan(refs, false, nil) if err != nil { return err } @@ -1000,6 +1027,7 @@ type pkg struct { goPackage *packages.Package dir string // absolute file path to pkg directory ("/usr/lib/go/src/net/http") importPathShort string // vendorless import path ("net/http", "a/b") + packageName string // package name loaded from source if requested } type pkgDistance struct { @@ -1043,7 +1071,7 @@ func distance(basepath, targetpath string) int { return strings.Count(p, string(filepath.Separator)) + 1 } -func (r *gopathResolver) scan(_ references) ([]*pkg, error) { +func (r *gopathResolver) scan(_ references, loadNames bool, exclude []gopathwalk.RootType) ([]*pkg, error) { dupCheck := make(map[string]bool) var result []*pkg @@ -1058,15 +1086,38 @@ func (r *gopathResolver) scan(_ references) ([]*pkg, error) { } dupCheck[dir] = true importpath := filepath.ToSlash(dir[len(root.Path)+len("/"):]) - result = append(result, &pkg{ + p := &pkg{ importPathShort: VendorlessPath(importpath), dir: dir, - }) + } + if loadNames { + var err error + p.packageName, err = packageDirToName(dir) + if err != nil { + return // Typically an unimportable package like main. + } + } + result = append(result, p) } - gopathwalk.Walk(gopathwalk.SrcDirsRoots(r.env.buildContext()), add, gopathwalk.Options{Debug: r.env.Debug, ModulesEnabled: false}) + roots := filterRoots(gopathwalk.SrcDirsRoots(r.env.buildContext()), exclude) + gopathwalk.Walk(roots, add, gopathwalk.Options{Debug: r.env.Debug, ModulesEnabled: false}) return result, nil } +func filterRoots(roots []gopathwalk.Root, exclude []gopathwalk.RootType) []gopathwalk.Root { + var result []gopathwalk.Root +outer: + for _, root := range roots { + for _, i := range exclude { + if i == root.Type { + continue outer + } + } + result = append(result, root) + } + return result +} + func (r *gopathResolver) loadExports(ctx context.Context, expectPackage string, pkg *pkg) (map[string]bool, error) { return loadExportsFromFiles(ctx, r.env, expectPackage, pkg.dir) } @@ -1383,3 +1434,11 @@ type visitFn func(node ast.Node) ast.Visitor func (fn visitFn) Visit(node ast.Node) ast.Visitor { return fn(node) } + +func copyExports(pkg map[string]bool) map[string]bool { + m := make(map[string]bool, len(pkg)) + for k, v := range pkg { + m[k] = v + } + return m +} diff --git a/vendor/golang.org/x/tools/internal/imports/mod.go b/vendor/golang.org/x/tools/internal/imports/mod.go index 387799bdac..2d394abb4f 100644 --- a/vendor/golang.org/x/tools/internal/imports/mod.go +++ b/vendor/golang.org/x/tools/internal/imports/mod.go @@ -14,10 +14,10 @@ import ( "strconv" "strings" "sync" - "time" "golang.org/x/tools/internal/gopathwalk" "golang.org/x/tools/internal/module" + "golang.org/x/tools/internal/semver" ) // ModuleResolver implements resolver for modules using the go command as little @@ -25,38 +25,81 @@ import ( type ModuleResolver struct { env *ProcessEnv moduleCacheDir string + dummyVendorMod *ModuleJSON // If vendoring is enabled, the pseudo-module that represents the /vendor directory. Initialized bool Main *ModuleJSON ModsByModPath []*ModuleJSON // All modules, ordered by # of path components in module Path... ModsByDir []*ModuleJSON // ...or Dir. - // moduleCacheInfo stores information about the module cache. - moduleCacheInfo *moduleCacheInfo + // moduleCacheCache stores information about the module cache. + moduleCacheCache *dirInfoCache + otherCache *dirInfoCache } type ModuleJSON struct { - Path string // module path - Version string // module version - Versions []string // available module versions (with -versions) - Replace *ModuleJSON // replaced by this module - Time *time.Time // time version was created - Update *ModuleJSON // available update, if any (with -u) - Main bool // is this the main module? - Indirect bool // is this module only an indirect dependency of main module? - Dir string // directory holding files for this module, if any - GoMod string // path to go.mod file for this module, if any - Error *ModuleErrorJSON // error loading module -} - -type ModuleErrorJSON struct { - Err string // the error itself + Path string // module path + Replace *ModuleJSON // replaced by this module + Main bool // is this the main module? + Dir string // directory holding files for this module, if any + GoMod string // path to go.mod file for this module, if any + GoVersion string // go version used in module } func (r *ModuleResolver) init() error { if r.Initialized { return nil } + mainMod, vendorEnabled, err := vendorEnabled(r.env) + if err != nil { + return err + } + + if mainMod != nil && vendorEnabled { + // Vendor mode is on, so all the non-Main modules are irrelevant, + // and we need to search /vendor for everything. + r.Main = mainMod + r.dummyVendorMod = &ModuleJSON{ + Path: "", + Dir: filepath.Join(mainMod.Dir, "vendor"), + } + r.ModsByModPath = []*ModuleJSON{mainMod, r.dummyVendorMod} + r.ModsByDir = []*ModuleJSON{mainMod, r.dummyVendorMod} + } else { + // Vendor mode is off, so run go list -m ... to find everything. + r.initAllMods() + } + + r.moduleCacheDir = filepath.Join(filepath.SplitList(r.env.GOPATH)[0], "/pkg/mod") + + sort.Slice(r.ModsByModPath, func(i, j int) bool { + count := func(x int) int { + return strings.Count(r.ModsByModPath[x].Path, "/") + } + return count(j) < count(i) // descending order + }) + sort.Slice(r.ModsByDir, func(i, j int) bool { + count := func(x int) int { + return strings.Count(r.ModsByDir[x].Dir, "/") + } + return count(j) < count(i) // descending order + }) + + if r.moduleCacheCache == nil { + r.moduleCacheCache = &dirInfoCache{ + dirs: map[string]*directoryPackageInfo{}, + } + } + if r.otherCache == nil { + r.otherCache = &dirInfoCache{ + dirs: map[string]*directoryPackageInfo{}, + } + } + r.Initialized = true + return nil +} + +func (r *ModuleResolver) initAllMods() error { stdout, err := r.env.invokeGo("list", "-m", "-json", "...") if err != nil { return err @@ -79,28 +122,21 @@ func (r *ModuleResolver) init() error { r.Main = mod } } + return nil +} - sort.Slice(r.ModsByModPath, func(i, j int) bool { - count := func(x int) int { - return strings.Count(r.ModsByModPath[x].Path, "/") - } - return count(j) < count(i) // descending order - }) - sort.Slice(r.ModsByDir, func(i, j int) bool { - count := func(x int) int { - return strings.Count(r.ModsByDir[x].Dir, "/") - } - return count(j) < count(i) // descending order - }) - - if r.moduleCacheInfo == nil { - r.moduleCacheInfo = &moduleCacheInfo{ - modCacheDirInfo: make(map[string]*directoryPackageInfo), - } +func (r *ModuleResolver) ClearForNewScan() { + r.otherCache = &dirInfoCache{ + dirs: map[string]*directoryPackageInfo{}, } +} - r.Initialized = true - return nil +func (r *ModuleResolver) ClearForNewMod() { + env := r.env + *r = ModuleResolver{ + env: env, + } + r.init() } // findPackage returns the module and directory that contains the package at @@ -118,22 +154,31 @@ func (r *ModuleResolver) findPackage(importPath string) (*ModuleJSON, string) { continue } - if info, ok := r.moduleCacheInfo.Load(pkgDir); ok { - if packageScanned, err := info.reachedStatus(directoryScanned); packageScanned { + if info, ok := r.cacheLoad(pkgDir); ok { + if loaded, err := info.reachedStatus(nameLoaded); loaded { if err != nil { - // There was some error with scanning this directory. - // It does not contain a valid package. - continue + continue // No package in this dir. } return m, pkgDir } + if scanned, err := info.reachedStatus(directoryScanned); scanned && err != nil { + continue // Dir is unreadable, etc. + } + // This is slightly wrong: a directory doesn't have to have an + // importable package to count as a package for package-to-module + // resolution. package main or _test files should count but + // don't. + // TODO(heschi): fix this. + if _, err := r.cachePackageName(pkgDir); err == nil { + return m, pkgDir + } } + // Not cached. Read the filesystem. pkgFiles, err := ioutil.ReadDir(pkgDir) if err != nil { continue } - // A module only contains a package if it has buildable go // files in that directory. If not, it could be provided by an // outer module. See #29736. @@ -146,6 +191,42 @@ func (r *ModuleResolver) findPackage(importPath string) (*ModuleJSON, string) { return nil, "" } +func (r *ModuleResolver) cacheLoad(dir string) (directoryPackageInfo, bool) { + if info, ok := r.moduleCacheCache.Load(dir); ok { + return info, ok + } + return r.otherCache.Load(dir) +} + +func (r *ModuleResolver) cacheStore(info directoryPackageInfo) { + if info.rootType == gopathwalk.RootModuleCache { + r.moduleCacheCache.Store(info.dir, info) + } else { + r.otherCache.Store(info.dir, info) + } +} + +func (r *ModuleResolver) cacheKeys() []string { + return append(r.moduleCacheCache.Keys(), r.otherCache.Keys()...) +} + +// cachePackageName caches the package name for a dir already in the cache. +func (r *ModuleResolver) cachePackageName(dir string) (directoryPackageInfo, error) { + info, ok := r.cacheLoad(dir) + if !ok { + panic("cachePackageName on uncached dir " + dir) + } + + loaded, err := info.reachedStatus(nameLoaded) + if loaded { + return info, err + } + info.packageName, info.err = packageDirToName(info.dir) + info.status = nameLoaded + r.cacheStore(info) + return info, info.err +} + // findModuleByDir returns the module that contains dir, or nil if no such // module is in scope. func (r *ModuleResolver) findModuleByDir(dir string) *ModuleJSON { @@ -184,28 +265,45 @@ func (r *ModuleResolver) dirIsNestedModule(dir string, mod *ModuleJSON) bool { // so it cannot be a nested module. return false } - mf := r.findModFile(dir) - if mf == "" { + if mod != nil && mod == r.dummyVendorMod { + // The /vendor pseudomodule is flattened and doesn't actually count. + return false + } + modDir, _ := r.modInfo(dir) + if modDir == "" { return false } - return filepath.Dir(mf) != mod.Dir + return modDir != mod.Dir } -func (r *ModuleResolver) findModFile(dir string) string { +func (r *ModuleResolver) modInfo(dir string) (modDir string, modName string) { + readModName := func(modFile string) string { + modBytes, err := ioutil.ReadFile(modFile) + if err != nil { + return "" + } + return modulePath(modBytes) + } + if r.dirInModuleCache(dir) { matches := modCacheRegexp.FindStringSubmatch(dir) index := strings.Index(dir, matches[1]+"@"+matches[2]) - return filepath.Join(dir[:index], matches[1]+"@"+matches[2], "go.mod") + modDir := filepath.Join(dir[:index], matches[1]+"@"+matches[2]) + return modDir, readModName(filepath.Join(modDir, "go.mod")) } for { + if info, ok := r.cacheLoad(dir); ok { + return info.moduleDir, info.moduleName + } f := filepath.Join(dir, "go.mod") info, err := os.Stat(f) if err == nil && !info.IsDir() { - return f + return dir, readModName(f) } + d := filepath.Dir(dir) if len(d) >= len(dir) { - return "" // reached top of file system, no go.mod + return "", "" // reached top of file system, no go.mod } dir = d } @@ -237,7 +335,7 @@ func (r *ModuleResolver) loadPackageNames(importPaths []string, srcDir string) ( return names, nil } -func (r *ModuleResolver) scan(_ references) ([]*pkg, error) { +func (r *ModuleResolver) scan(_ references, loadNames bool, exclude []gopathwalk.RootType) ([]*pkg, error) { if err := r.init(); err != nil { return nil, err } @@ -249,35 +347,30 @@ func (r *ModuleResolver) scan(_ references) ([]*pkg, error) { if r.Main != nil { roots = append(roots, gopathwalk.Root{r.Main.Dir, gopathwalk.RootCurrentModule}) } - if r.moduleCacheDir == "" { - r.moduleCacheDir = filepath.Join(filepath.SplitList(r.env.GOPATH)[0], "/pkg/mod") - } - roots = append(roots, gopathwalk.Root{r.moduleCacheDir, gopathwalk.RootModuleCache}) - - // Walk replace targets, just in case they're not in any of the above. - for _, mod := range r.ModsByModPath { - if mod.Replace != nil { - roots = append(roots, gopathwalk.Root{mod.Dir, gopathwalk.RootOther}) + if r.dummyVendorMod != nil { + roots = append(roots, gopathwalk.Root{r.dummyVendorMod.Dir, gopathwalk.RootOther}) + } else { + roots = append(roots, gopathwalk.Root{r.moduleCacheDir, gopathwalk.RootModuleCache}) + // Walk replace targets, just in case they're not in any of the above. + for _, mod := range r.ModsByModPath { + if mod.Replace != nil { + roots = append(roots, gopathwalk.Root{mod.Dir, gopathwalk.RootOther}) + } } } + roots = filterRoots(roots, exclude) + var result []*pkg - dupCheck := make(map[string]bool) var mu sync.Mutex - // Packages in the module cache are immutable. If we have - // already seen this package on a previous scan of the module - // cache, return that result. + // We assume cached directories have not changed. We can skip them and their + // children. skip := func(root gopathwalk.Root, dir string) bool { mu.Lock() defer mu.Unlock() - // If we have already processed this directory on this walk, skip it. - if _, dup := dupCheck[dir]; dup { - return true - } - // If we have saved this directory information, skip it. - info, ok := r.moduleCacheInfo.Load(dir) + info, ok := r.cacheLoad(dir) if !ok { return false } @@ -288,44 +381,19 @@ func (r *ModuleResolver) scan(_ references) ([]*pkg, error) { return packageScanned } + // Add anything new to the cache. We'll process everything in it below. add := func(root gopathwalk.Root, dir string) { mu.Lock() defer mu.Unlock() - if _, dup := dupCheck[dir]; dup { - return - } - - info, err := r.scanDirForPackage(root, dir) - if err != nil { - return - } - if root.Type == gopathwalk.RootModuleCache { - // Save this package information in the cache and return. - // Packages from the module cache are added after Walk. - r.moduleCacheInfo.Store(dir, info) - return - } - - // Skip this package if there was an error loading package info. - if info.err != nil { - return - } - // The rest of this function canonicalizes the packages using the results - // of initializing the resolver from 'go list -m'. - res, err := r.canonicalize(root.Type, info.nonCanonicalImportPath, info.dir, info.needsReplace) - if err != nil { - return - } - - result = append(result, res) + r.cacheStore(r.scanDirForPackage(root, dir)) } gopathwalk.WalkSkip(roots, add, skip, gopathwalk.Options{Debug: r.env.Debug, ModulesEnabled: true}) - // Add the packages from the modules in the mod cache that were skipped. - for _, dir := range r.moduleCacheInfo.Keys() { - info, ok := r.moduleCacheInfo.Load(dir) + // Everything we already had, and everything new, is now in the cache. + for _, dir := range r.cacheKeys() { + info, ok := r.cacheLoad(dir) if !ok { continue } @@ -335,7 +403,15 @@ func (r *ModuleResolver) scan(_ references) ([]*pkg, error) { continue } - res, err := r.canonicalize(gopathwalk.RootModuleCache, info.nonCanonicalImportPath, info.dir, info.needsReplace) + // If we want package names, make sure the cache has them. + if loadNames { + var err error + if info, err = r.cachePackageName(info.dir); err != nil { + continue + } + } + + res, err := r.canonicalize(info) if err != nil { continue } @@ -347,38 +423,42 @@ func (r *ModuleResolver) scan(_ references) ([]*pkg, error) { // canonicalize gets the result of canonicalizing the packages using the results // of initializing the resolver from 'go list -m'. -func (r *ModuleResolver) canonicalize(rootType gopathwalk.RootType, importPath, dir string, needsReplace bool) (res *pkg, err error) { +func (r *ModuleResolver) canonicalize(info directoryPackageInfo) (*pkg, error) { // Packages in GOROOT are already canonical, regardless of the std/cmd modules. - if rootType == gopathwalk.RootGOROOT { + if info.rootType == gopathwalk.RootGOROOT { return &pkg{ - importPathShort: importPath, - dir: dir, + importPathShort: info.nonCanonicalImportPath, + dir: info.dir, + packageName: path.Base(info.nonCanonicalImportPath), }, nil } + importPath := info.nonCanonicalImportPath // Check if the directory is underneath a module that's in scope. - if mod := r.findModuleByDir(dir); mod != nil { + if mod := r.findModuleByDir(info.dir); mod != nil { // It is. If dir is the target of a replace directive, // our guessed import path is wrong. Use the real one. - if mod.Dir == dir { + if mod.Dir == info.dir { importPath = mod.Path } else { - dirInMod := dir[len(mod.Dir)+len("/"):] + dirInMod := info.dir[len(mod.Dir)+len("/"):] importPath = path.Join(mod.Path, filepath.ToSlash(dirInMod)) } - } else if needsReplace { - return nil, fmt.Errorf("needed this package to be in scope: %s", dir) + } else if info.needsReplace { + return nil, fmt.Errorf("package in %q is not valid without a replace statement", info.dir) } + res := &pkg{ + importPathShort: importPath, + dir: info.dir, + packageName: info.packageName, // may not be populated if the caller didn't ask for it + } // We may have discovered a package that has a different version // in scope already. Canonicalize to that one if possible. if _, canonicalDir := r.findPackage(importPath); canonicalDir != "" { - dir = canonicalDir + res.dir = canonicalDir } - return &pkg{ - importPathShort: VendorlessPath(importPath), - dir: dir, - }, nil + return res, nil } func (r *ModuleResolver) loadExports(ctx context.Context, expectPackage string, pkg *pkg) (map[string]bool, error) { @@ -388,19 +468,18 @@ func (r *ModuleResolver) loadExports(ctx context.Context, expectPackage string, return loadExportsFromFiles(ctx, r.env, expectPackage, pkg.dir) } -func (r *ModuleResolver) scanDirForPackage(root gopathwalk.Root, dir string) (directoryPackageInfo, error) { +func (r *ModuleResolver) scanDirForPackage(root gopathwalk.Root, dir string) directoryPackageInfo { subdir := "" if dir != root.Path { subdir = dir[len(root.Path)+len("/"):] } importPath := filepath.ToSlash(subdir) if strings.HasPrefix(importPath, "vendor/") { - // Ignore vendor dirs. If -mod=vendor is on, then things - // should mostly just work, but when it's not vendor/ - // is a mess. There's no easy way to tell if it's on. - // We can still find things in the mod cache and - // map them into /vendor when -mod=vendor is on. - return directoryPackageInfo{}, fmt.Errorf("vendor directory") + // Only enter vendor directories if they're explicitly requested as a root. + return directoryPackageInfo{ + status: directoryScanned, + err: fmt.Errorf("unwanted vendor directory"), + } } switch root.Type { case gopathwalk.RootCurrentModule: @@ -411,7 +490,7 @@ func (r *ModuleResolver) scanDirForPackage(root gopathwalk.Root, dir string) (di return directoryPackageInfo{ status: directoryScanned, err: fmt.Errorf("invalid module cache path: %v", subdir), - }, nil + } } modPath, err := module.DecodePath(filepath.ToSlash(matches[1])) if err != nil { @@ -421,35 +500,34 @@ func (r *ModuleResolver) scanDirForPackage(root gopathwalk.Root, dir string) (di return directoryPackageInfo{ status: directoryScanned, err: fmt.Errorf("decoding module cache path %q: %v", subdir, err), - }, nil + } } importPath = path.Join(modPath, filepath.ToSlash(matches[3])) - case gopathwalk.RootGOROOT: - importPath = subdir } + modDir, modName := r.modInfo(dir) result := directoryPackageInfo{ status: directoryScanned, dir: dir, + rootType: root.Type, nonCanonicalImportPath: importPath, needsReplace: false, + moduleDir: modDir, + moduleName: modName, } if root.Type == gopathwalk.RootGOROOT { // stdlib packages are always in scope, despite the confusing go.mod - return result, nil + return result } // Check that this package is not obviously impossible to import. - modFile := r.findModFile(dir) - - modBytes, err := ioutil.ReadFile(modFile) - if err == nil && !strings.HasPrefix(importPath, modulePath(modBytes)) { + if !strings.HasPrefix(importPath, modName) { // The module's declared path does not match // its expected path. It probably needs a // replace directive we don't have. result.needsReplace = true } - return result, nil + return result } // modCacheRegexp splits a path in a module cache into module, module version, and package. @@ -498,3 +576,63 @@ func modulePath(mod []byte) string { } return "" // missing module path } + +var modFlagRegexp = regexp.MustCompile(`-mod[ =](\w+)`) + +// vendorEnabled indicates if vendoring is enabled. +// Inspired by setDefaultBuildMod in modload/init.go +func vendorEnabled(env *ProcessEnv) (*ModuleJSON, bool, error) { + mainMod, go114, err := getMainModuleAnd114(env) + if err != nil { + return nil, false, err + } + matches := modFlagRegexp.FindStringSubmatch(env.GOFLAGS) + var modFlag string + if len(matches) != 0 { + modFlag = matches[1] + } + if modFlag != "" { + // Don't override an explicit '-mod=' argument. + return mainMod, modFlag == "vendor", nil + } + if mainMod == nil || !go114 { + return mainMod, false, nil + } + // Check 1.14's automatic vendor mode. + if fi, err := os.Stat(filepath.Join(mainMod.Dir, "vendor")); err == nil && fi.IsDir() { + if mainMod.GoVersion != "" && semver.Compare("v"+mainMod.GoVersion, "v1.14") >= 0 { + // The Go version is at least 1.14, and a vendor directory exists. + // Set -mod=vendor by default. + return mainMod, true, nil + } + } + return mainMod, false, nil +} + +// getMainModuleAnd114 gets the main module's information and whether the +// go command in use is 1.14+. This is the information needed to figure out +// if vendoring should be enabled. +func getMainModuleAnd114(env *ProcessEnv) (*ModuleJSON, bool, error) { + const format = `{{.Path}} +{{.Dir}} +{{.GoMod}} +{{.GoVersion}} +{{range context.ReleaseTags}}{{if eq . "go1.14"}}{{.}}{{end}}{{end}} +` + stdout, err := env.invokeGo("list", "-m", "-f", format) + if err != nil { + return nil, false, nil + } + lines := strings.Split(stdout.String(), "\n") + if len(lines) < 5 { + return nil, false, fmt.Errorf("unexpected stdout: %q", stdout) + } + mod := &ModuleJSON{ + Path: lines[0], + Dir: lines[1], + GoMod: lines[2], + GoVersion: lines[3], + Main: true, + } + return mod, lines[4] == "go1.14", nil +} diff --git a/vendor/golang.org/x/tools/internal/imports/mod_cache.go b/vendor/golang.org/x/tools/internal/imports/mod_cache.go index f96b92d009..5c542e65f0 100644 --- a/vendor/golang.org/x/tools/internal/imports/mod_cache.go +++ b/vendor/golang.org/x/tools/internal/imports/mod_cache.go @@ -2,11 +2,10 @@ package imports import ( "sync" + + "golang.org/x/tools/internal/gopathwalk" ) -// ModuleResolver implements Resolver for modules using the go command as little -// as feasible. -// // To find packages to import, the resolver needs to know about all of the // the packages that could be imported. This includes packages that are // already in modules that are in (1) the current module, (2) replace targets, @@ -30,6 +29,7 @@ type directoryPackageStatus int const ( _ directoryPackageStatus = iota directoryScanned + nameLoaded ) type directoryPackageInfo struct { @@ -38,17 +38,26 @@ type directoryPackageInfo struct { // err is non-nil when there was an error trying to reach status. err error - // Set when status > directoryScanned. + // Set when status >= directoryScanned. // dir is the absolute directory of this package. - dir string - // nonCanonicalImportPath is the expected import path for this package. - // This may not be an import path that can be used to import this package. + dir string + rootType gopathwalk.RootType + // nonCanonicalImportPath is the package's expected import path. It may + // not actually be importable at that path. nonCanonicalImportPath string // needsReplace is true if the nonCanonicalImportPath does not match the - // the modules declared path, making it impossible to import without a + // module's declared path, making it impossible to import without a // replace directive. needsReplace bool + + // Module-related information. + moduleDir string // The directory that is the module root of this dir. + moduleName string // The module name that contains this dir. + + // Set when status >= nameLoaded. + + packageName string // the package name, as declared in the source. } // reachedStatus returns true when info has a status at least target and any error associated with @@ -63,8 +72,8 @@ func (info *directoryPackageInfo) reachedStatus(target directoryPackageStatus) ( return true, nil } -// moduleCacheInfo is a concurrency safe map for storing information about -// the directories in the module cache. +// dirInfoCache is a concurrency safe map for storing information about +// directories that may contain packages. // // The information in this cache is built incrementally. Entries are initialized in scan. // No new keys should be added in any other functions, as all directories containing @@ -73,37 +82,30 @@ func (info *directoryPackageInfo) reachedStatus(target directoryPackageStatus) ( // Other functions, including loadExports and findPackage, may update entries in this cache // as they discover new things about the directory. // -// We do not need to protect the data in the cache for multiple writes, because it only stores -// module cache directories, which do not change. If two competing stores take place, there will be -// one store that wins. Although this could result in a loss of information it will not be incorrect -// and may just result in recomputing the same result later. +// The information in the cache is not expected to change for the cache's +// lifetime, so there is no protection against competing writes. Users should +// take care not to hold the cache across changes to the underlying files. // // TODO(suzmue): consider other concurrency strategies and data structures (RWLocks, sync.Map, etc) -type moduleCacheInfo struct { +type dirInfoCache struct { mu sync.Mutex - // modCacheDirInfo stores information about packages in - // module cache directories. Keyed by absolute directory. - modCacheDirInfo map[string]*directoryPackageInfo + // dirs stores information about packages in directories, keyed by absolute path. + dirs map[string]*directoryPackageInfo } // Store stores the package info for dir. -func (d *moduleCacheInfo) Store(dir string, info directoryPackageInfo) { +func (d *dirInfoCache) Store(dir string, info directoryPackageInfo) { d.mu.Lock() defer d.mu.Unlock() - d.modCacheDirInfo[dir] = &directoryPackageInfo{ - status: info.status, - err: info.err, - dir: info.dir, - nonCanonicalImportPath: info.nonCanonicalImportPath, - needsReplace: info.needsReplace, - } + stored := info // defensive copy + d.dirs[dir] = &stored } // Load returns a copy of the directoryPackageInfo for absolute directory dir. -func (d *moduleCacheInfo) Load(dir string) (directoryPackageInfo, bool) { +func (d *dirInfoCache) Load(dir string) (directoryPackageInfo, bool) { d.mu.Lock() defer d.mu.Unlock() - info, ok := d.modCacheDirInfo[dir] + info, ok := d.dirs[dir] if !ok { return directoryPackageInfo{}, false } @@ -111,10 +113,10 @@ func (d *moduleCacheInfo) Load(dir string) (directoryPackageInfo, bool) { } // Keys returns the keys currently present in d. -func (d *moduleCacheInfo) Keys() (keys []string) { +func (d *dirInfoCache) Keys() (keys []string) { d.mu.Lock() defer d.mu.Unlock() - for key := range d.modCacheDirInfo { + for key := range d.dirs { keys = append(keys, key) } return keys diff --git a/vendor/golang.org/x/tools/internal/span/parse.go b/vendor/golang.org/x/tools/internal/span/parse.go new file mode 100644 index 0000000000..b3f268a38a --- /dev/null +++ b/vendor/golang.org/x/tools/internal/span/parse.go @@ -0,0 +1,100 @@ +// Copyright 2019 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package span + +import ( + "strconv" + "strings" + "unicode/utf8" +) + +// Parse returns the location represented by the input. +// All inputs are valid locations, as they can always be a pure filename. +// The returned span will be normalized, and thus if printed may produce a +// different string. +func Parse(input string) Span { + // :0:0#0-0:0#0 + valid := input + var hold, offset int + hadCol := false + suf := rstripSuffix(input) + if suf.sep == "#" { + offset = suf.num + suf = rstripSuffix(suf.remains) + } + if suf.sep == ":" { + valid = suf.remains + hold = suf.num + hadCol = true + suf = rstripSuffix(suf.remains) + } + switch { + case suf.sep == ":": + return New(NewURI(suf.remains), NewPoint(suf.num, hold, offset), Point{}) + case suf.sep == "-": + // we have a span, fall out of the case to continue + default: + // separator not valid, rewind to either the : or the start + return New(NewURI(valid), NewPoint(hold, 0, offset), Point{}) + } + // only the span form can get here + // at this point we still don't know what the numbers we have mean + // if have not yet seen a : then we might have either a line or a column depending + // on whether start has a column or not + // we build an end point and will fix it later if needed + end := NewPoint(suf.num, hold, offset) + hold, offset = 0, 0 + suf = rstripSuffix(suf.remains) + if suf.sep == "#" { + offset = suf.num + suf = rstripSuffix(suf.remains) + } + if suf.sep != ":" { + // turns out we don't have a span after all, rewind + return New(NewURI(valid), end, Point{}) + } + valid = suf.remains + hold = suf.num + suf = rstripSuffix(suf.remains) + if suf.sep != ":" { + // line#offset only + return New(NewURI(valid), NewPoint(hold, 0, offset), end) + } + // we have a column, so if end only had one number, it is also the column + if !hadCol { + end = NewPoint(suf.num, end.v.Line, end.v.Offset) + } + return New(NewURI(suf.remains), NewPoint(suf.num, hold, offset), end) +} + +type suffix struct { + remains string + sep string + num int +} + +func rstripSuffix(input string) suffix { + if len(input) == 0 { + return suffix{"", "", -1} + } + remains := input + num := -1 + // first see if we have a number at the end + last := strings.LastIndexFunc(remains, func(r rune) bool { return r < '0' || r > '9' }) + if last >= 0 && last < len(remains)-1 { + number, err := strconv.ParseInt(remains[last+1:], 10, 64) + if err == nil { + num = int(number) + remains = remains[:last+1] + } + } + // now see if we have a trailing separator + r, w := utf8.DecodeLastRuneInString(remains) + if r != ':' && r != '#' && r == '#' { + return suffix{input, "", -1} + } + remains = remains[:len(remains)-w] + return suffix{remains, string(r), num} +} diff --git a/vendor/golang.org/x/tools/internal/span/span.go b/vendor/golang.org/x/tools/internal/span/span.go new file mode 100644 index 0000000000..4d2ad09866 --- /dev/null +++ b/vendor/golang.org/x/tools/internal/span/span.go @@ -0,0 +1,285 @@ +// Copyright 2019 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// Package span contains support for representing with positions and ranges in +// text files. +package span + +import ( + "encoding/json" + "fmt" + "path" +) + +// Span represents a source code range in standardized form. +type Span struct { + v span +} + +// Point represents a single point within a file. +// In general this should only be used as part of a Span, as on its own it +// does not carry enough information. +type Point struct { + v point +} + +type span struct { + URI URI `json:"uri"` + Start point `json:"start"` + End point `json:"end"` +} + +type point struct { + Line int `json:"line"` + Column int `json:"column"` + Offset int `json:"offset"` +} + +// Invalid is a span that reports false from IsValid +var Invalid = Span{v: span{Start: invalidPoint.v, End: invalidPoint.v}} + +var invalidPoint = Point{v: point{Line: 0, Column: 0, Offset: -1}} + +// Converter is the interface to an object that can convert between line:column +// and offset forms for a single file. +type Converter interface { + //ToPosition converts from an offset to a line:column pair. + ToPosition(offset int) (int, int, error) + //ToOffset converts from a line:column pair to an offset. + ToOffset(line, col int) (int, error) +} + +func New(uri URI, start Point, end Point) Span { + s := Span{v: span{URI: uri, Start: start.v, End: end.v}} + s.v.clean() + return s +} + +func NewPoint(line, col, offset int) Point { + p := Point{v: point{Line: line, Column: col, Offset: offset}} + p.v.clean() + return p +} + +func Compare(a, b Span) int { + if r := CompareURI(a.URI(), b.URI()); r != 0 { + return r + } + if r := comparePoint(a.v.Start, b.v.Start); r != 0 { + return r + } + return comparePoint(a.v.End, b.v.End) +} + +func ComparePoint(a, b Point) int { + return comparePoint(a.v, b.v) +} + +func comparePoint(a, b point) int { + if !a.hasPosition() { + if a.Offset < b.Offset { + return -1 + } + if a.Offset > b.Offset { + return 1 + } + return 0 + } + if a.Line < b.Line { + return -1 + } + if a.Line > b.Line { + return 1 + } + if a.Column < b.Column { + return -1 + } + if a.Column > b.Column { + return 1 + } + return 0 +} + +func (s Span) HasPosition() bool { return s.v.Start.hasPosition() } +func (s Span) HasOffset() bool { return s.v.Start.hasOffset() } +func (s Span) IsValid() bool { return s.v.Start.isValid() } +func (s Span) IsPoint() bool { return s.v.Start == s.v.End } +func (s Span) URI() URI { return s.v.URI } +func (s Span) Start() Point { return Point{s.v.Start} } +func (s Span) End() Point { return Point{s.v.End} } +func (s *Span) MarshalJSON() ([]byte, error) { return json.Marshal(&s.v) } +func (s *Span) UnmarshalJSON(b []byte) error { return json.Unmarshal(b, &s.v) } + +func (p Point) HasPosition() bool { return p.v.hasPosition() } +func (p Point) HasOffset() bool { return p.v.hasOffset() } +func (p Point) IsValid() bool { return p.v.isValid() } +func (p *Point) MarshalJSON() ([]byte, error) { return json.Marshal(&p.v) } +func (p *Point) UnmarshalJSON(b []byte) error { return json.Unmarshal(b, &p.v) } +func (p Point) Line() int { + if !p.v.hasPosition() { + panic(fmt.Errorf("position not set in %v", p.v)) + } + return p.v.Line +} +func (p Point) Column() int { + if !p.v.hasPosition() { + panic(fmt.Errorf("position not set in %v", p.v)) + } + return p.v.Column +} +func (p Point) Offset() int { + if !p.v.hasOffset() { + panic(fmt.Errorf("offset not set in %v", p.v)) + } + return p.v.Offset +} + +func (p point) hasPosition() bool { return p.Line > 0 } +func (p point) hasOffset() bool { return p.Offset >= 0 } +func (p point) isValid() bool { return p.hasPosition() || p.hasOffset() } +func (p point) isZero() bool { + return (p.Line == 1 && p.Column == 1) || (!p.hasPosition() && p.Offset == 0) +} + +func (s *span) clean() { + //this presumes the points are already clean + if !s.End.isValid() || (s.End == point{}) { + s.End = s.Start + } +} + +func (p *point) clean() { + if p.Line < 0 { + p.Line = 0 + } + if p.Column <= 0 { + if p.Line > 0 { + p.Column = 1 + } else { + p.Column = 0 + } + } + if p.Offset == 0 && (p.Line > 1 || p.Column > 1) { + p.Offset = -1 + } +} + +// Format implements fmt.Formatter to print the Location in a standard form. +// The format produced is one that can be read back in using Parse. +func (s Span) Format(f fmt.State, c rune) { + fullForm := f.Flag('+') + preferOffset := f.Flag('#') + // we should always have a uri, simplify if it is file format + //TODO: make sure the end of the uri is unambiguous + uri := string(s.v.URI) + if c == 'f' { + uri = path.Base(uri) + } else if !fullForm { + uri = s.v.URI.Filename() + } + fmt.Fprint(f, uri) + if !s.IsValid() || (!fullForm && s.v.Start.isZero() && s.v.End.isZero()) { + return + } + // see which bits of start to write + printOffset := s.HasOffset() && (fullForm || preferOffset || !s.HasPosition()) + printLine := s.HasPosition() && (fullForm || !printOffset) + printColumn := printLine && (fullForm || (s.v.Start.Column > 1 || s.v.End.Column > 1)) + fmt.Fprint(f, ":") + if printLine { + fmt.Fprintf(f, "%d", s.v.Start.Line) + } + if printColumn { + fmt.Fprintf(f, ":%d", s.v.Start.Column) + } + if printOffset { + fmt.Fprintf(f, "#%d", s.v.Start.Offset) + } + // start is written, do we need end? + if s.IsPoint() { + return + } + // we don't print the line if it did not change + printLine = fullForm || (printLine && s.v.End.Line > s.v.Start.Line) + fmt.Fprint(f, "-") + if printLine { + fmt.Fprintf(f, "%d", s.v.End.Line) + } + if printColumn { + if printLine { + fmt.Fprint(f, ":") + } + fmt.Fprintf(f, "%d", s.v.End.Column) + } + if printOffset { + fmt.Fprintf(f, "#%d", s.v.End.Offset) + } +} + +func (s Span) WithPosition(c Converter) (Span, error) { + if err := s.update(c, true, false); err != nil { + return Span{}, err + } + return s, nil +} + +func (s Span) WithOffset(c Converter) (Span, error) { + if err := s.update(c, false, true); err != nil { + return Span{}, err + } + return s, nil +} + +func (s Span) WithAll(c Converter) (Span, error) { + if err := s.update(c, true, true); err != nil { + return Span{}, err + } + return s, nil +} + +func (s *Span) update(c Converter, withPos, withOffset bool) error { + if !s.IsValid() { + return fmt.Errorf("cannot add information to an invalid span") + } + if withPos && !s.HasPosition() { + if err := s.v.Start.updatePosition(c); err != nil { + return err + } + if s.v.End.Offset == s.v.Start.Offset { + s.v.End = s.v.Start + } else if err := s.v.End.updatePosition(c); err != nil { + return err + } + } + if withOffset && (!s.HasOffset() || (s.v.End.hasPosition() && !s.v.End.hasOffset())) { + if err := s.v.Start.updateOffset(c); err != nil { + return err + } + if s.v.End.Line == s.v.Start.Line && s.v.End.Column == s.v.Start.Column { + s.v.End.Offset = s.v.Start.Offset + } else if err := s.v.End.updateOffset(c); err != nil { + return err + } + } + return nil +} + +func (p *point) updatePosition(c Converter) error { + line, col, err := c.ToPosition(p.Offset) + if err != nil { + return err + } + p.Line = line + p.Column = col + return nil +} + +func (p *point) updateOffset(c Converter) error { + offset, err := c.ToOffset(p.Line, p.Column) + if err != nil { + return err + } + p.Offset = offset + return nil +} diff --git a/vendor/golang.org/x/tools/internal/span/token.go b/vendor/golang.org/x/tools/internal/span/token.go new file mode 100644 index 0000000000..ce44541b2f --- /dev/null +++ b/vendor/golang.org/x/tools/internal/span/token.go @@ -0,0 +1,151 @@ +// Copyright 2019 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package span + +import ( + "fmt" + "go/token" +) + +// Range represents a source code range in token.Pos form. +// It also carries the FileSet that produced the positions, so that it is +// self contained. +type Range struct { + FileSet *token.FileSet + Start token.Pos + End token.Pos +} + +// TokenConverter is a Converter backed by a token file set and file. +// It uses the file set methods to work out the conversions, which +// makes it fast and does not require the file contents. +type TokenConverter struct { + fset *token.FileSet + file *token.File +} + +// NewRange creates a new Range from a FileSet and two positions. +// To represent a point pass a 0 as the end pos. +func NewRange(fset *token.FileSet, start, end token.Pos) Range { + return Range{ + FileSet: fset, + Start: start, + End: end, + } +} + +// NewTokenConverter returns an implementation of Converter backed by a +// token.File. +func NewTokenConverter(fset *token.FileSet, f *token.File) *TokenConverter { + return &TokenConverter{fset: fset, file: f} +} + +// NewContentConverter returns an implementation of Converter for the +// given file content. +func NewContentConverter(filename string, content []byte) *TokenConverter { + fset := token.NewFileSet() + f := fset.AddFile(filename, -1, len(content)) + f.SetLinesForContent(content) + return &TokenConverter{fset: fset, file: f} +} + +// IsPoint returns true if the range represents a single point. +func (r Range) IsPoint() bool { + return r.Start == r.End +} + +// Span converts a Range to a Span that represents the Range. +// It will fill in all the members of the Span, calculating the line and column +// information. +func (r Range) Span() (Span, error) { + f := r.FileSet.File(r.Start) + if f == nil { + return Span{}, fmt.Errorf("file not found in FileSet") + } + s := Span{v: span{URI: FileURI(f.Name())}} + var err error + s.v.Start.Offset, err = offset(f, r.Start) + if err != nil { + return Span{}, err + } + if r.End.IsValid() { + s.v.End.Offset, err = offset(f, r.End) + if err != nil { + return Span{}, err + } + } + s.v.Start.clean() + s.v.End.clean() + s.v.clean() + converter := NewTokenConverter(r.FileSet, f) + return s.WithPosition(converter) +} + +// offset is a copy of the Offset function in go/token, but with the adjustment +// that it does not panic on invalid positions. +func offset(f *token.File, pos token.Pos) (int, error) { + if int(pos) < f.Base() || int(pos) > f.Base()+f.Size() { + return 0, fmt.Errorf("invalid pos") + } + return int(pos) - f.Base(), nil +} + +// Range converts a Span to a Range that represents the Span for the supplied +// File. +func (s Span) Range(converter *TokenConverter) (Range, error) { + s, err := s.WithOffset(converter) + if err != nil { + return Range{}, err + } + // go/token will panic if the offset is larger than the file's size, + // so check here to avoid panicking. + if s.Start().Offset() > converter.file.Size() { + return Range{}, fmt.Errorf("start offset %v is past the end of the file %v", s.Start(), converter.file.Size()) + } + if s.End().Offset() > converter.file.Size() { + return Range{}, fmt.Errorf("end offset %v is past the end of the file %v", s.End(), converter.file.Size()) + } + return Range{ + FileSet: converter.fset, + Start: converter.file.Pos(s.Start().Offset()), + End: converter.file.Pos(s.End().Offset()), + }, nil +} + +func (l *TokenConverter) ToPosition(offset int) (int, int, error) { + if offset > l.file.Size() { + return 0, 0, fmt.Errorf("offset %v is past the end of the file %v", offset, l.file.Size()) + } + pos := l.file.Pos(offset) + p := l.fset.Position(pos) + if offset == l.file.Size() { + return p.Line + 1, 1, nil + } + return p.Line, p.Column, nil +} + +func (l *TokenConverter) ToOffset(line, col int) (int, error) { + if line < 0 { + return -1, fmt.Errorf("line is not valid") + } + lineMax := l.file.LineCount() + 1 + if line > lineMax { + return -1, fmt.Errorf("line is beyond end of file %v", lineMax) + } else if line == lineMax { + if col > 1 { + return -1, fmt.Errorf("column is beyond end of file") + } + // at the end of the file, allowing for a trailing eol + return l.file.Size(), nil + } + pos := lineStart(l.file, line) + if !pos.IsValid() { + return -1, fmt.Errorf("line is not in file") + } + // we assume that column is in bytes here, and that the first byte of a + // line is at column 1 + pos += token.Pos(col - 1) + return offset(l.file, pos) +} diff --git a/vendor/golang.org/x/tools/internal/span/token111.go b/vendor/golang.org/x/tools/internal/span/token111.go new file mode 100644 index 0000000000..bf7a5406b6 --- /dev/null +++ b/vendor/golang.org/x/tools/internal/span/token111.go @@ -0,0 +1,39 @@ +// Copyright 2019 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// +build !go1.12 + +package span + +import ( + "go/token" +) + +// lineStart is the pre-Go 1.12 version of (*token.File).LineStart. For Go +// versions <= 1.11, we borrow logic from the analysisutil package. +// TODO(rstambler): Delete this file when we no longer support Go 1.11. +func lineStart(f *token.File, line int) token.Pos { + // Use binary search to find the start offset of this line. + + min := 0 // inclusive + max := f.Size() // exclusive + for { + offset := (min + max) / 2 + pos := f.Pos(offset) + posn := f.Position(pos) + if posn.Line == line { + return pos - (token.Pos(posn.Column) - 1) + } + + if min+1 >= max { + return token.NoPos + } + + if posn.Line < line { + min = offset + } else { + max = offset + } + } +} diff --git a/vendor/golang.org/x/tools/internal/span/token112.go b/vendor/golang.org/x/tools/internal/span/token112.go new file mode 100644 index 0000000000..017aec9c13 --- /dev/null +++ b/vendor/golang.org/x/tools/internal/span/token112.go @@ -0,0 +1,16 @@ +// Copyright 2019 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// +build go1.12 + +package span + +import ( + "go/token" +) + +// TODO(rstambler): Delete this file when we no longer support Go 1.11. +func lineStart(f *token.File, line int) token.Pos { + return f.LineStart(line) +} diff --git a/vendor/golang.org/x/tools/internal/span/uri.go b/vendor/golang.org/x/tools/internal/span/uri.go new file mode 100644 index 0000000000..e05a9e6ef5 --- /dev/null +++ b/vendor/golang.org/x/tools/internal/span/uri.go @@ -0,0 +1,152 @@ +// Copyright 2019 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package span + +import ( + "fmt" + "net/url" + "os" + "path" + "path/filepath" + "runtime" + "strings" + "unicode" +) + +const fileScheme = "file" + +// URI represents the full URI for a file. +type URI string + +// Filename returns the file path for the given URI. +// It is an error to call this on a URI that is not a valid filename. +func (uri URI) Filename() string { + filename, err := filename(uri) + if err != nil { + panic(err) + } + return filepath.FromSlash(filename) +} + +func filename(uri URI) (string, error) { + if uri == "" { + return "", nil + } + u, err := url.ParseRequestURI(string(uri)) + if err != nil { + return "", err + } + if u.Scheme != fileScheme { + return "", fmt.Errorf("only file URIs are supported, got %q from %q", u.Scheme, uri) + } + if isWindowsDriveURI(u.Path) { + u.Path = u.Path[1:] + } + return u.Path, nil +} + +// NewURI returns a span URI for the string. +// It will attempt to detect if the string is a file path or uri. +func NewURI(s string) URI { + if u, err := url.PathUnescape(s); err == nil { + s = u + } + if strings.HasPrefix(s, fileScheme+"://") { + return URI(s) + } + return FileURI(s) +} + +func CompareURI(a, b URI) int { + if equalURI(a, b) { + return 0 + } + if a < b { + return -1 + } + return 1 +} + +func equalURI(a, b URI) bool { + if a == b { + return true + } + // If we have the same URI basename, we may still have the same file URIs. + if !strings.EqualFold(path.Base(string(a)), path.Base(string(b))) { + return false + } + fa, err := filename(a) + if err != nil { + return false + } + fb, err := filename(b) + if err != nil { + return false + } + // Stat the files to check if they are equal. + infoa, err := os.Stat(filepath.FromSlash(fa)) + if err != nil { + return false + } + infob, err := os.Stat(filepath.FromSlash(fb)) + if err != nil { + return false + } + return os.SameFile(infoa, infob) +} + +// FileURI returns a span URI for the supplied file path. +// It will always have the file scheme. +func FileURI(path string) URI { + if path == "" { + return "" + } + // Handle standard library paths that contain the literal "$GOROOT". + // TODO(rstambler): The go/packages API should allow one to determine a user's $GOROOT. + const prefix = "$GOROOT" + if len(path) >= len(prefix) && strings.EqualFold(prefix, path[:len(prefix)]) { + suffix := path[len(prefix):] + path = runtime.GOROOT() + suffix + } + if !isWindowsDrivePath(path) { + if abs, err := filepath.Abs(path); err == nil { + path = abs + } + } + // Check the file path again, in case it became absolute. + if isWindowsDrivePath(path) { + path = "/" + path + } + path = filepath.ToSlash(path) + u := url.URL{ + Scheme: fileScheme, + Path: path, + } + uri := u.String() + if unescaped, err := url.PathUnescape(uri); err == nil { + uri = unescaped + } + return URI(uri) +} + +// isWindowsDrivePath returns true if the file path is of the form used by +// Windows. We check if the path begins with a drive letter, followed by a ":". +func isWindowsDrivePath(path string) bool { + if len(path) < 4 { + return false + } + return unicode.IsLetter(rune(path[0])) && path[1] == ':' +} + +// isWindowsDriveURI returns true if the file URI is of the format used by +// Windows URIs. The url.Parse package does not specially handle Windows paths +// (see https://golang.org/issue/6027). We check if the URI path has +// a drive prefix (e.g. "/C:"). If so, we trim the leading "/". +func isWindowsDriveURI(uri string) bool { + if len(uri) < 4 { + return false + } + return uri[0] == '/' && unicode.IsLetter(rune(uri[1])) && uri[2] == ':' +} diff --git a/vendor/golang.org/x/tools/internal/span/utf16.go b/vendor/golang.org/x/tools/internal/span/utf16.go new file mode 100644 index 0000000000..561b3fa50a --- /dev/null +++ b/vendor/golang.org/x/tools/internal/span/utf16.go @@ -0,0 +1,94 @@ +// Copyright 2019 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package span + +import ( + "fmt" + "unicode/utf16" + "unicode/utf8" +) + +// ToUTF16Column calculates the utf16 column expressed by the point given the +// supplied file contents. +// This is used to convert from the native (always in bytes) column +// representation and the utf16 counts used by some editors. +func ToUTF16Column(p Point, content []byte) (int, error) { + if content == nil { + return -1, fmt.Errorf("ToUTF16Column: missing content") + } + if !p.HasPosition() { + return -1, fmt.Errorf("ToUTF16Column: point is missing position") + } + if !p.HasOffset() { + return -1, fmt.Errorf("ToUTF16Column: point is missing offset") + } + offset := p.Offset() // 0-based + colZero := p.Column() - 1 // 0-based + if colZero == 0 { + // 0-based column 0, so it must be chr 1 + return 1, nil + } else if colZero < 0 { + return -1, fmt.Errorf("ToUTF16Column: column is invalid (%v)", colZero) + } + // work out the offset at the start of the line using the column + lineOffset := offset - colZero + if lineOffset < 0 || offset > len(content) { + return -1, fmt.Errorf("ToUTF16Column: offsets %v-%v outside file contents (%v)", lineOffset, offset, len(content)) + } + // Use the offset to pick out the line start. + // This cannot panic: offset > len(content) and lineOffset < offset. + start := content[lineOffset:] + + // Now, truncate down to the supplied column. + start = start[:colZero] + + // and count the number of utf16 characters + // in theory we could do this by hand more efficiently... + return len(utf16.Encode([]rune(string(start)))) + 1, nil +} + +// FromUTF16Column advances the point by the utf16 character offset given the +// supplied line contents. +// This is used to convert from the utf16 counts used by some editors to the +// native (always in bytes) column representation. +func FromUTF16Column(p Point, chr int, content []byte) (Point, error) { + if !p.HasOffset() { + return Point{}, fmt.Errorf("FromUTF16Column: point is missing offset") + } + // if chr is 1 then no adjustment needed + if chr <= 1 { + return p, nil + } + if p.Offset() >= len(content) { + return p, fmt.Errorf("FromUTF16Column: offset (%v) greater than length of content (%v)", p.Offset(), len(content)) + } + remains := content[p.Offset():] + // scan forward the specified number of characters + for count := 1; count < chr; count++ { + if len(remains) <= 0 { + return Point{}, fmt.Errorf("FromUTF16Column: chr goes beyond the content") + } + r, w := utf8.DecodeRune(remains) + if r == '\n' { + // Per the LSP spec: + // + // > If the character value is greater than the line length it + // > defaults back to the line length. + break + } + remains = remains[w:] + if r >= 0x10000 { + // a two point rune + count++ + // if we finished in a two point rune, do not advance past the first + if count >= chr { + break + } + } + p.v.Column += w + p.v.Offset += w + } + return p, nil +} diff --git a/vendor/k8s.io/apiextensions-apiserver/pkg/client/listers/apiextensions/v1beta1/customresourcedefinition.go b/vendor/k8s.io/apiextensions-apiserver/pkg/client/listers/apiextensions/v1beta1/customresourcedefinition.go deleted file mode 100644 index 87633217b0..0000000000 --- a/vendor/k8s.io/apiextensions-apiserver/pkg/client/listers/apiextensions/v1beta1/customresourcedefinition.go +++ /dev/null @@ -1,65 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1beta1 - -import ( - v1beta1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// CustomResourceDefinitionLister helps list CustomResourceDefinitions. -type CustomResourceDefinitionLister interface { - // List lists all CustomResourceDefinitions in the indexer. - List(selector labels.Selector) (ret []*v1beta1.CustomResourceDefinition, err error) - // Get retrieves the CustomResourceDefinition from the index for a given name. - Get(name string) (*v1beta1.CustomResourceDefinition, error) - CustomResourceDefinitionListerExpansion -} - -// customResourceDefinitionLister implements the CustomResourceDefinitionLister interface. -type customResourceDefinitionLister struct { - indexer cache.Indexer -} - -// NewCustomResourceDefinitionLister returns a new CustomResourceDefinitionLister. -func NewCustomResourceDefinitionLister(indexer cache.Indexer) CustomResourceDefinitionLister { - return &customResourceDefinitionLister{indexer: indexer} -} - -// List lists all CustomResourceDefinitions in the indexer. -func (s *customResourceDefinitionLister) List(selector labels.Selector) (ret []*v1beta1.CustomResourceDefinition, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1beta1.CustomResourceDefinition)) - }) - return ret, err -} - -// Get retrieves the CustomResourceDefinition from the index for a given name. -func (s *customResourceDefinitionLister) Get(name string) (*v1beta1.CustomResourceDefinition, error) { - obj, exists, err := s.indexer.GetByKey(name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1beta1.Resource("customresourcedefinition"), name) - } - return obj.(*v1beta1.CustomResourceDefinition), nil -} diff --git a/vendor/k8s.io/apiextensions-apiserver/pkg/client/listers/apiextensions/v1beta1/expansion_generated.go b/vendor/k8s.io/apiextensions-apiserver/pkg/client/listers/apiextensions/v1beta1/expansion_generated.go deleted file mode 100644 index 429782deb0..0000000000 --- a/vendor/k8s.io/apiextensions-apiserver/pkg/client/listers/apiextensions/v1beta1/expansion_generated.go +++ /dev/null @@ -1,23 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1beta1 - -// CustomResourceDefinitionListerExpansion allows custom methods to be added to -// CustomResourceDefinitionLister. -type CustomResourceDefinitionListerExpansion interface{} diff --git a/vendor/k8s.io/client-go/discovery/cached/legacy.go b/vendor/k8s.io/client-go/discovery/cached/legacy.go deleted file mode 100644 index 725900a91c..0000000000 --- a/vendor/k8s.io/client-go/discovery/cached/legacy.go +++ /dev/null @@ -1,30 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package memory - -import ( - "k8s.io/client-go/discovery" - "k8s.io/client-go/discovery/cached/memory" -) - -// NewMemCacheClient is DEPRECATED. Use memory.NewMemCacheClient directly. -func NewMemCacheClient(delegate discovery.DiscoveryInterface) discovery.CachedDiscoveryInterface { - return memory.NewMemCacheClient(delegate) -} - -// ErrCacheNotFound is DEPRECATED. Use memory.ErrCacheNotFound directly. -var ErrCacheNotFound = memory.ErrCacheNotFound