openshift · TheRealJon · Jan 18, 2022 · Jan 18, 2022 · Jan 19, 2022
diff --git a/bindata/configmaps/console-configmap.yaml b/bindata/configmaps/console-configmap.yaml
@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: openshift-console
+  labels:
+    app: "console"
+  annotations: {}
diff --git a/bindata/configmaps/console-managed-cluster-ingress-cert-configmap.yaml b/bindata/configmaps/console-managed-cluster-ingress-cert-configmap.yaml
diff --git a/bindata/deployments/console-deployment.yaml b/bindata/deployments/console-deployment.yaml
@@ -23,7 +23,7 @@ spec:
         target.workload.openshift.io/management: '{"effect": "PreferredDuringScheduling"}'
     spec:
       nodeSelector:
-        node-role.kubernetes.io/master: ''
+        node-role.kubernetes.io/master: ""
       restartPolicy: Always
       serviceAccountName: console
       schedulerName: default-scheduler
@@ -49,13 +49,13 @@ spec:
               exec:
                 command:
                   - sleep
-                  - '25'
+                  - "25"
           name: console
           command:
             - /opt/bridge/bin/bridge
-            - '--public-dir=/opt/bridge/static'
-            - '--config=/var/console-config/console-config.yaml'
-            - '--service-ca-file=/var/service-ca/service-ca.crt'
+            - "--public-dir=/opt/bridge/static"
+            - "--config=/var/console-config/console-config.yaml"
+            - "--service-ca-file=/var/service-ca/service-ca.crt"
           livenessProbe:
             httpGet:
               path: /health

diff --git a/...d-cluster-action-create-oauth-client.yaml → ...ractions/console-create-oauth-client.yaml b/...d-cluster-action-create-oauth-client.yaml → ...ractions/console-create-oauth-client.yaml
@@ -1,14 +1,10 @@
 apiVersion: action.open-cluster-management.io/v1beta1
 kind: ManagedClusterAction
-metadata:
-  name: console-managed-cluster-action-oauth-create
 spec:
   actionType: Create
   kube:
     resource: OAuthClient
     template:
       apiVersion: oauth.openshift.io/v1
       kind: OAuthClient
-      metadata:
-        name: console-managed-cluster-oauth-client
-      grantMethod: auto
+      grantMethod: auto
diff --git a/...le-managed-cluster-view-oauth-client.yaml → ...gedclusterviews/console-oauth-client.yaml b/...le-managed-cluster-view-oauth-client.yaml → ...gedclusterviews/console-oauth-client.yaml
@@ -1,7 +1,5 @@
 apiVersion: view.open-cluster-management.io/v1beta1
 kind: ManagedClusterView
-metadata:
-  name: console-managed-cluster-view-oauth
 spec:
   scope:
     apiVersion: oauth.openshift.io/v1

diff --git a/...le-managed-cluster-view-ingress-cert.yaml → ...usterviews/console-oauth-server-cert.yaml b/...le-managed-cluster-view-ingress-cert.yaml → ...usterviews/console-oauth-server-cert.yaml
@@ -1,7 +1,5 @@
 apiVersion: view.open-cluster-management.io/v1beta1
 kind: ManagedClusterView
-metadata:
-  name: console-managed-cluster-view-ingress-cert
 spec:
   scope:
     kind: ConfigMap

diff --git a/examples/cvo-unmanage-operator.yaml b/examples/cvo-unmanage-operator.yaml
@@ -9,4 +9,9 @@ spec:
       name: console-operator
       namespace: openshift-console-operator
       unmanaged: true
-      group: apps/v1
+      group: apps
+    - kind: ClusterRole
+      name: console-operator
+      namespace: ""
+      unmanaged: true
+      group: rbac.authorization.k8s.io
diff --git a/go.mod b/go.mod
@@ -11,7 +11,7 @@ require (
 	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/open-cluster-management/api v0.0.0-20210527013639-a6845f2ebcb1
 	github.com/openshift/api v0.0.0-20210729103544-e4a0474d1519
-	github.com/openshift/build-machinery-go v0.0.0-20210712174854-1bb7fd1518d3
+	github.com/openshift/build-machinery-go v0.0.0-20211213093930-7e33a7eb4ce3
 	github.com/openshift/client-go v0.0.0-20210112160336-8889f8b15bd6
 	github.com/openshift/library-go v0.0.0-20210330121117-68dd4a4c9d9e
 	github.com/pkg/profile v1.4.0 // indirect

diff --git a/go.sum b/go.sum
@@ -421,8 +421,9 @@ github.com/openshift/api v0.0.0-20210729103544-e4a0474d1519 h1:g9hT0d7niFH2GD9NT
 github.com/openshift/api v0.0.0-20210729103544-e4a0474d1519/go.mod h1:wf/SnvIX5Aq1NkALk26b2extjOGm3Q781gEgvr0+CDY=
 github.com/openshift/build-machinery-go v0.0.0-20200917070002-f171684f77ab/go.mod h1:b1BuldmJlbA/xYtdZvKi+7j5YGB44qJUJDZ9zwiNCfE=
 github.com/openshift/build-machinery-go v0.0.0-20210115170933-e575b44a7a94/go.mod h1:b1BuldmJlbA/xYtdZvKi+7j5YGB44qJUJDZ9zwiNCfE=
-github.com/openshift/build-machinery-go v0.0.0-20210712174854-1bb7fd1518d3 h1:hYMLjavR8LrcCva788SxDqYjRc1k2w0LNGi7eX9vY5Y=
 github.com/openshift/build-machinery-go v0.0.0-20210712174854-1bb7fd1518d3/go.mod h1:b1BuldmJlbA/xYtdZvKi+7j5YGB44qJUJDZ9zwiNCfE=
+github.com/openshift/build-machinery-go v0.0.0-20211213093930-7e33a7eb4ce3 h1:65oBhJYHzYK5VL0gF1eiYY37lLzyLZ47b9y5Kib1nf8=
+github.com/openshift/build-machinery-go v0.0.0-20211213093930-7e33a7eb4ce3/go.mod h1:b1BuldmJlbA/xYtdZvKi+7j5YGB44qJUJDZ9zwiNCfE=
 github.com/openshift/client-go v0.0.0-20201214125552-e615e336eb49/go.mod h1:9/jG4I6sh+5QublJpZZ4Zs/P4/QCXMsQQ/K/058bSB8=
 github.com/openshift/client-go v0.0.0-20210112160336-8889f8b15bd6 h1:nT3OoJhg9EO/sATO6oJFZkDmkNAq1ox4GJSp/rDcIqM=
 github.com/openshift/client-go v0.0.0-20210112160336-8889f8b15bd6/go.mod h1:u7NRAjtYVAKokiI9LouzTv4mhds8P4S1TwdVAfbjKSk=

diff --git a/manifests/03-rbac-role-cluster.yaml b/manifests/03-rbac-role-cluster.yaml
@@ -21,23 +21,10 @@ rules:
   - apiGroups:
       - config.openshift.io
     resources:
+      - featuregates
       - oauths
-    verbs:
-      - get
-      - list
-      - watch
-  - apiGroups:
-      - config.openshift.io
-    resources:
       - infrastructures
       - ingresses
-    verbs:
-      - get
-      - list
-      - watch
-  - apiGroups:
-      - config.openshift.io
-    resources:
       - proxies
     verbs:
       - get
@@ -88,28 +75,6 @@ rules:
       - get
       - list
       - watch
-  - apiGroups:
-      - action.open-cluster-management.io
-    resources:
-      - managedclusteractions
-    verbs:
-      - get
-      - list
-      - watch
-      - create
-      - update
-      - delete
-  - apiGroups:
-      - view.open-cluster-management.io
-    resources:
-      - managedclusterviews
-    verbs:
-      - get
-      - list
-      - watch
-      - create
-      - update
-      - delete
 ---
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
@@ -160,3 +125,34 @@ rules:
     verbs:
       - get
       - list
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: console-operator-tech-preview-only
+  annotations:
+    release.openshift.io/feature-gate: "TechPreviewNoUpgrade"
+    include.release.openshift.io/ibm-cloud-managed: "true"
+    include.release.openshift.io/self-managed-high-availability: "true"
+    include.release.openshift.io/single-node-developer: "true"
+rules:
+  - apiGroups:
+      - action.open-cluster-management.io
+    resources:
+      - managedclusteractions
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - delete
+  - apiGroups:
+      - view.open-cluster-management.io
+    resources:
+      - managedclusterviews
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - delete
diff --git a/manifests/04-rbac-rolebinding-cluster.yaml b/manifests/04-rbac-rolebinding-cluster.yaml
@@ -28,9 +28,9 @@ roleRef:
   name: console-extensions-reader
   apiGroup: rbac.authorization.k8s.io
 subjects:
-- kind: Group
-  name: system:authenticated
-  apiGroup: rbac.authorization.k8s.io
+  - kind: Group
+    name: system:authenticated
+    apiGroup: rbac.authorization.k8s.io
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
@@ -83,8 +83,26 @@ metadata:
 subjects:
   - kind: Group
     apiGroup: rbac.authorization.k8s.io
-    name: 'system:authenticated'
+    name: "system:authenticated"
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
   name: helm-chartrepos-viewer
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: console-operator-tech-preview-only
+  annotations:
+    release.openshift.io/feature-gate: "TechPreviewNoUpgrade"
+    include.release.openshift.io/ibm-cloud-managed: "true"
+    include.release.openshift.io/self-managed-high-availability: "true"
+    include.release.openshift.io/single-node-developer: "true"
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: console-operator-tech-preview-only
+subjects:
+  - kind: ServiceAccount
+    name: console-operator
+    namespace: openshift-console-operator
diff --git a/pkg/api/api.go b/pkg/api/api.go
@@ -1,51 +1,65 @@
 package api
 
+import "k8s.io/apimachinery/pkg/runtime/schema"
+
 const (
 	TargetNamespace    = "openshift-console"
 	ConfigResourceName = "cluster"
 )
 
 // consts to maintain existing names of various sub-resources
 const (
-	ClusterOperatorName                     = "console"
-	OpenShiftConsoleName                    = "console"
-	OpenShiftConsoleNamespace               = TargetNamespace
-	OpenShiftConsoleOperatorNamespace       = "openshift-console-operator"
-	OpenShiftConsoleOperator                = "console-operator"
-	OpenShiftConsoleConfigMapName           = "console-config"
-	OpenShiftConsolePublicConfigMapName     = "console-public"
-	ServiceCAConfigMapName                  = "service-ca"
-	DefaultIngressCertConfigMapName         = "default-ingress-cert"
-	OAuthServingCertConfigMapName           = "oauth-serving-cert"
-	OAuthConfigMapName                      = "oauth-openshift"
-	OpenShiftConsoleDeploymentName          = OpenShiftConsoleName
-	OpenShiftConsoleServiceName             = OpenShiftConsoleName
-	OpenshiftConsoleRedirectServiceName     = "console-redirect"
-	OpenShiftConsoleRouteName               = OpenShiftConsoleName
-	OpenshiftConsoleCustomRouteName         = "console-custom"
-	DownloadsResourceName                   = "downloads"
-	OpenShiftConsoleDownloadsRouteName      = DownloadsResourceName
-	OpenShiftConsoleDownloadsDeploymentName = DownloadsResourceName
-	OAuthClientName                         = OpenShiftConsoleName
-	OpenShiftConfigManagedNamespace         = "openshift-config-managed"
-	OpenShiftConfigNamespace                = "openshift-config"
-	OpenShiftCustomLogoConfigMapName        = "custom-logo"
-	TrustedCAConfigMapName                  = "trusted-ca-bundle"
-	TrustedCABundleKey                      = "ca-bundle.crt"
-	TrustedCABundleMountDir                 = "/etc/pki/ca-trust/extracted/pem"
-	TrustedCABundleMountFile                = "tls-ca-bundle.pem"
-	OCCLIDownloadsCustomResourceName        = "oc-cli-downloads"
-	ODOCLIDownloadsCustomResourceName       = "odo-cli-downloads"
-	HubClusterName                          = "local-cluster"
-	ManagedClusterLabel                     = "managed-cluster"
-	ManagedClusterConfigMapName             = "managed-clusters"
-	ManagedClusterConfigMountDir            = "/var/managed-cluster-config"
-	ManagedClusterConfigKey                 = "managed-clusters.yaml"
-	ManagedClusterAPIServerCAMountDir       = "/var/managed-cluster-certs"
-	ManagedClusterAPIServerCAName           = "managed-cluster-api-server-ca"
-	ManagedClusterAPIServerCAKey            = "ca-bundle.crt"
-	ManagedClusterIngressCertName           = "managed-cluster-ingress-cert"
-	ManagedClusterIngressCertKey            = "ca-bundle.crt"
+	ClusterOperatorName                       = "console"
+	OpenShiftConsoleName                      = "console"
+	OpenShiftConsoleNamespace                 = TargetNamespace
+	OpenShiftConsoleOperatorNamespace         = "openshift-console-operator"
+	OpenShiftConsoleOperator                  = "console-operator"
+	OpenShiftConsoleConfigMapName             = "console-config"
+	OpenShiftConsolePublicConfigMapName       = "console-public"
+	ServiceCAConfigMapName                    = "service-ca"
+	DefaultIngressCertConfigMapName           = "default-ingress-cert"
+	OAuthServingCertConfigMapName             = "oauth-serving-cert"
+	OAuthConfigMapName                        = "oauth-openshift"
+	OpenShiftConsoleDeploymentName            = OpenShiftConsoleName
+	OpenShiftConsoleServiceName               = OpenShiftConsoleName
+	OpenshiftConsoleRedirectServiceName       = "console-redirect"
+	OpenShiftConsoleRouteName                 = OpenShiftConsoleName
+	OpenshiftConsoleCustomRouteName           = "console-custom"
+	DownloadsResourceName                     = "downloads"
+	OpenShiftConsoleDownloadsRouteName        = DownloadsResourceName
+	OpenShiftConsoleDownloadsDeploymentName   = DownloadsResourceName
+	OAuthClientName                           = OpenShiftConsoleName
+	OpenShiftConfigManagedNamespace           = "openshift-config-managed"
+	OpenShiftConfigNamespace                  = "openshift-config"
+	OpenShiftCustomLogoConfigMapName          = "custom-logo"
+	TrustedCAConfigMapName                    = "trusted-ca-bundle"
+	TrustedCABundleKey                        = "ca-bundle.crt"
+	TrustedCABundleMountDir                   = "/etc/pki/ca-trust/extracted/pem"
+	TrustedCABundleMountFile                  = "tls-ca-bundle.pem"
+	OCCLIDownloadsCustomResourceName          = "oc-cli-downloads"
+	ODOCLIDownloadsCustomResourceName         = "odo-cli-downloads"
+	HubClusterName                            = "local-cluster"
+	ManagedClusterLabel                       = "managed-cluster"
+	ManagedClusterConfigMapName               = "managed-clusters"
+	ManagedClusterConfigMountDir              = "/var/managed-cluster-config"
+	ManagedClusterConfigKey                   = "managed-clusters.yaml"
+	ManagedClusterAPIServerCertMountDir       = "/var/managed-cluster-api-server-certs"
+	ManagedClusterAPIServerCertName           = "managed-cluster-api-server-cert"
+	ManagedClusterAPIServerCertKey            = "ca-bundle.crt"
+	ManagedClusterOAuthServerCertMountDir     = "/var/managed-cluster-oauth-server-certs"
+	ManagedClusterOAuthServerCertName         = "managed-cluster-oauth-server-cert"
+	ManagedClusterOAuthServerCertKey          = "ca-bundle.crt"
+	ManagedClusterOAuthClientName             = "console-managed-cluster-oauth-client"
+	OAuthClientManagedClusterViewName         = "console-oauth-client"
+	CreateOAuthClientManagedClusterActionName = "console-create-oauth-client"
+	OAuthServerCertManagedClusterViewName     = "console-oauth-server-cert"
+
+	ManagedClusterViewAPIGroup     = "view.open-cluster-management.io"
+	ManagedClusterViewAPIVersion   = "v1beta1"
+	ManagedClusterViewResource     = "managedclusterviews"
+	ManagedClusterActionAPIGroup   = "action.open-cluster-management.io"
+	ManagedClusterActionAPIVersion = "v1beta1"
+	ManagedClusterActionResource   = "managedclusteractions"
 
 	ConsoleContainerPortName    = "https"
 	ConsoleContainerPort        = 443
@@ -57,3 +71,16 @@ const (
 	DownloadsPortName           = "http"
 	DownloadsPort               = 8080
 )
+
+var (
+	ManagedClusterViewGroupVersionResource = schema.GroupVersionResource{
+		Group:    ManagedClusterViewAPIGroup,
+		Version:  ManagedClusterViewAPIVersion,
+		Resource: ManagedClusterViewResource,
+	}
+	ManagedClusterActionGroupVersionResource = schema.GroupVersionResource{
+		Group:    ManagedClusterActionAPIGroup,
+		Version:  ManagedClusterActionAPIVersion,
+		Resource: ManagedClusterActionResource,
+	}
+)