diff --git a/data/data/aws/bootstrap/main.tf b/data/data/aws/bootstrap/main.tf index c5e473ea60d..b8633d924f3 100644 --- a/data/data/aws/bootstrap/main.tf +++ b/data/data/aws/bootstrap/main.tf @@ -135,7 +135,7 @@ resource "aws_instance" "bootstrap" { tags = merge( { - "Name" = "${var.cluster_id}-bootstrap" + "Name" = "${var.cluster_id}-bootstrap" }, var.tags, ) @@ -150,7 +150,7 @@ resource "aws_instance" "bootstrap" { volume_tags = merge( { - "Name" = "${var.cluster_id}-bootstrap-vol" + "Name" = "${var.cluster_id}-bootstrap-vol" }, var.tags, ) @@ -174,7 +174,7 @@ resource "aws_security_group" "bootstrap" { tags = merge( { - "Name" = "${var.cluster_id}-bootstrap-sg" + "Name" = "${var.cluster_id}-bootstrap-sg" }, var.tags, ) diff --git a/data/data/aws/main.tf b/data/data/aws/main.tf index dfee8ebf329..755793d5940 100644 --- a/data/data/aws/main.tf +++ b/data/data/aws/main.tf @@ -10,15 +10,22 @@ locals { provider "aws" { region = var.aws_region - # Validation of AWS Bahrain region was added in AWS TF provider v2.22 - # so we skip when installing in me-south-1. - skip_region_validation = var.aws_region == "me-south-1" + skip_region_validation = var.aws_skip_region_validation + + endpoints { + ec2 = lookup(var.custom_endpoints, "ec2", null) + elb = lookup(var.custom_endpoints, "elasticloadbalancing", null) + iam = lookup(var.custom_endpoints, "iam", null) + route53 = lookup(var.custom_endpoints, "route53", null) + s3 = lookup(var.custom_endpoints, "s3", null) + sts = lookup(var.custom_endpoints, "sts", null) + } } module "bootstrap" { source = "./bootstrap" - ami = var.aws_ami + ami = var.aws_region == var.aws_ami_region ? var.aws_ami : aws_ami_copy.imported[0].id instance_type = var.aws_bootstrap_instance_type cluster_id = var.cluster_id ignition = var.ignition_bootstrap @@ -53,7 +60,7 @@ module "masters" { root_volume_kms_key_id = var.aws_master_root_volume_kms_key_id target_group_arns = module.vpc.aws_lb_target_group_arns target_group_arns_length = module.vpc.aws_lb_target_group_arns_length - ec2_ami = var.aws_ami + ec2_ami = var.aws_region == var.aws_ami_region ? var.aws_ami : aws_ami_copy.imported[0].id user_data_ign = var.ignition_master publish_strategy = var.aws_publish_strategy } @@ -102,3 +109,20 @@ module "vpc" { tags = local.tags } +resource "aws_ami_copy" "imported" { + count = var.aws_region != var.aws_ami_region ? 1 : 0 + name = "${var.cluster_id}-master" + source_ami_id = var.aws_ami + source_ami_region = var.aws_ami_region + encrypted = true + + tags = merge( + { + "Name" = "${var.cluster_id}-ami-${var.aws_region}" + "sourceAMI" = var.aws_ami + "sourceRegion" = var.aws_ami_region + }, + local.tags, + ) +} + diff --git a/data/data/aws/master/main.tf b/data/data/aws/master/main.tf index 8cb2957976c..2d7cf0159e7 100644 --- a/data/data/aws/master/main.tf +++ b/data/data/aws/master/main.tf @@ -126,7 +126,7 @@ resource "aws_network_interface" "master" { tags = merge( { - "Name" = "${var.cluster_id}-master-${count.index}" + "Name" = "${var.cluster_id}-master-${count.index}" }, var.tags, ) @@ -154,7 +154,7 @@ resource "aws_instance" "master" { tags = merge( { - "Name" = "${var.cluster_id}-master-${count.index}" + "Name" = "${var.cluster_id}-master-${count.index}" }, var.tags, ) @@ -169,7 +169,7 @@ resource "aws_instance" "master" { volume_tags = merge( { - "Name" = "${var.cluster_id}-master-${count.index}-vol" + "Name" = "${var.cluster_id}-master-${count.index}-vol" }, var.tags, ) diff --git a/data/data/aws/variables-aws.tf b/data/data/aws/variables-aws.tf index faa3c2c92f8..859c4f4972b 100644 --- a/data/data/aws/variables-aws.tf +++ b/data/data/aws/variables-aws.tf @@ -7,21 +7,39 @@ EOF default = "1.0" } +variable "custom_endpoints" { + type = map(string) + + description = < github.com/openshift/hashicorp-terraform-plugin-sdk v1.6.0-openshift // Pin to fork with public rpc types github.com/metal3-io/baremetal-operator => github.com/openshift/baremetal-operator v0.0.0-20200206190020-71b826cc0f0a // Use OpenShift fork github.com/metal3-io/cluster-api-provider-baremetal => github.com/openshift/cluster-api-provider-baremetal v0.0.0-20190821174549-a2a477909c1d // Pin OpenShift fork - github.com/openshift/api => github.com/openshift/api v0.0.0-20200210091934-a0e53e94816b // Pin API + github.com/openshift/api => github.com/openshift/api v0.0.0-20200413201024-c6e8c9b6eb9a // Pin API github.com/openshift/machine-config-operator => github.com/openshift/machine-config-operator v0.0.1-0.20200130220348-e5685c0cf530 // Pin MCO so it doesn't get downgraded github.com/terraform-providers/terraform-provider-azurerm => github.com/openshift/terraform-provider-azurerm v1.41.1-openshift-3 // Pin to openshift fork with IPv6 fixes google.golang.org/api => google.golang.org/api v0.13.0 // Pin to version required by tf-provider-google diff --git a/go.sum b/go.sum index 8852792fd98..1ababf8e90f 100644 --- a/go.sum +++ b/go.sum @@ -1762,13 +1762,13 @@ github.com/opencontainers/selinux v1.3.0/go.mod h1:+BLncwf63G4dgOzykXAxcmnFlUaOl github.com/opencontainers/selinux v1.3.1-0.20190929122143-5215b1806f52/go.mod h1:+BLncwf63G4dgOzykXAxcmnFlUaOlkDdmw/CqsW6pjs= github.com/openshift-metal3/terraform-provider-ironic v0.2.0 h1:MAImxv6UaTtvf2BkPG9YS+EvIqMsXQhNQNDfV7FE2D0= github.com/openshift-metal3/terraform-provider-ironic v0.2.0/go.mod h1:G79T6t60oBpYfZK/x960DRzYsNHdz5YVCHINx6QlmtU= -github.com/openshift/api v0.0.0-20200210091934-a0e53e94816b h1:BERD6sZj7w9Tt0RBpuw87AC0+SppyxEUgUG/Of5rI+E= -github.com/openshift/api v0.0.0-20200210091934-a0e53e94816b/go.mod h1:fT6U/JfG8uZzemTRwZA2kBDJP5nWz7v05UHnty/D+pk= +github.com/openshift/api v0.0.0-20200413201024-c6e8c9b6eb9a h1:fIIKps4VKnxrXSp3lhgSatm5C1xb1qfMtJsmyr3iMXw= +github.com/openshift/api v0.0.0-20200413201024-c6e8c9b6eb9a/go.mod h1:RKMJ5CBnljLfnej+BJ/xnOWc3kZDvJUaIAEq2oKSPtE= github.com/openshift/baremetal-operator v0.0.0-20200206190020-71b826cc0f0a h1:65ZuRkPnQGh9uo0z93KosrPlwEWJNxUjxnuM9lyGBHc= github.com/openshift/baremetal-operator v0.0.0-20200206190020-71b826cc0f0a/go.mod h1:cXwn0hhgHpORjBasg0RnZwhKaJGy9+r6qgj0HCXrs/Y= github.com/openshift/build-machinery-go v0.0.0-20200205161356-ef115f5adc73/go.mod h1:1CkcsT3aVebzRBzVTSbiKSkJMsC/CASqxesfqEMfJEc= +github.com/openshift/build-machinery-go v0.0.0-20200211121458-5e3d6e570160/go.mod h1:1CkcsT3aVebzRBzVTSbiKSkJMsC/CASqxesfqEMfJEc= github.com/openshift/client-go v0.0.0-20190617165122-8892c0adc000/go.mod h1:6rzn+JTr7+WYS2E1TExP4gByoABxMznR6y2SnUIkmxk= -github.com/openshift/client-go v0.0.0-20191001081553-3b0e988f8cb0 h1:U0rtkdPj1lTC5iQwN3Ev+FgyZUTsJFg60rc0ExTGLpc= github.com/openshift/client-go v0.0.0-20191001081553-3b0e988f8cb0/go.mod h1:6rzn+JTr7+WYS2E1TExP4gByoABxMznR6y2SnUIkmxk= github.com/openshift/client-go v0.0.0-20200116152001-92a2713fa240 h1:XYfJWv2Ch+qInGLDEedHRtDsJwnxyU1L8U7SY56NcA8= github.com/openshift/client-go v0.0.0-20200116152001-92a2713fa240/go.mod h1:4riOwdj99Hd/q+iAcJZfNCsQQQMwURnZV6RL4WHYS5w= @@ -1790,8 +1790,6 @@ github.com/openshift/cluster-api-provider-gcp v0.0.1-0.20200120152131-1b09fd9e71 github.com/openshift/cluster-api-provider-gcp v0.0.1-0.20200120152131-1b09fd9e7156/go.mod h1:KCyjaBfEkifs9bqV1HEXDJUyQylgeLSqiqt2QnMn7is= github.com/openshift/cluster-api-provider-libvirt v0.2.1-0.20191219173431-2336783d4603 h1:MC6BSZYxFPoqqKj9PdlGjHGVKcMsvn6Kv1NiVzQErZ8= github.com/openshift/cluster-api-provider-libvirt v0.2.1-0.20191219173431-2336783d4603/go.mod h1:7pQ9Bzha+ug/5zd+0ufbDEcnn2OnNlPwRwYrzhXk4NM= -github.com/openshift/cluster-api-provider-openstack v0.0.0-20200221124403-d699c3611b0c h1:Rn/Ip2nbWUhvOF9/EZaorxKVcQnm427cSOJQJIFXuHQ= -github.com/openshift/cluster-api-provider-openstack v0.0.0-20200221124403-d699c3611b0c/go.mod h1:ntMRKZlv++TExGO4g2jgsVIaHKJt8kKe72BAvMPV5vA= github.com/openshift/cluster-api-provider-openstack v0.0.0-20200323110431-3311de91e078 h1:Irj9ROcWhbeH6t2DEUDIpdIJgSLBaXww6AP/FMCmGmw= github.com/openshift/cluster-api-provider-openstack v0.0.0-20200323110431-3311de91e078/go.mod h1:ntMRKZlv++TExGO4g2jgsVIaHKJt8kKe72BAvMPV5vA= github.com/openshift/cluster-api-provider-ovirt v0.1.1-0.20200128081049-840376ca5c09 h1:QJxGgIB7f5BqNPEZOCgV29NsDf1P439Bs3q0B5O3fP8= @@ -1849,7 +1847,6 @@ github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtP github.com/pelletier/go-buffruneio v0.2.0/go.mod h1:JkE26KsDizTr40EUHkXVtNPvgGtbSNq5BcowyYOWdKo= github.com/pelletier/go-toml v1.1.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= -github.com/pelletier/go-toml v1.4.0 h1:u3Z1r+oOXJIkxqw34zVhyPgjBsm6X2wn21NWs/HfSeg= github.com/pelletier/go-toml v1.4.0/go.mod h1:PN7xzY2wHTK0K9p34ErDQMlFxa51Fk0OUruD3k1mMwo= github.com/performancecopilot/speed v3.0.0+incompatible/go.mod h1:/CLtqpZ5gBg1M9iaPbIdPPGyKcA8hKdoy6hAWba7Yac= github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= @@ -1975,7 +1972,6 @@ github.com/seccomp/containers-golang v0.3.1/go.mod h1:ZUNmbYf+/7mfX5qYV07/krJnTd github.com/seccomp/libseccomp-golang v0.9.0/go.mod h1:GbW5+tmTXfcxTToHLXlScSlAvWlF4P2Ca7zGrPiEpWo= github.com/seccomp/libseccomp-golang v0.9.1/go.mod h1:GbW5+tmTXfcxTToHLXlScSlAvWlF4P2Ca7zGrPiEpWo= github.com/securego/gosec v0.0.0-20191002120514-e680875ea14d/go.mod h1:w5+eXa0mYznDkHaMCXA4XYffjlH+cy1oyKbfzJXa2Do= -github.com/securego/gosec v0.0.0-20200103095621-79fbf3af8d83 h1:AtnWoOvTioyDXFvu96MWEeE8qj4COSQnJogzLy/u41A= github.com/securego/gosec v0.0.0-20200103095621-79fbf3af8d83/go.mod h1:vvbZ2Ae7AzSq3/kywjUDxSNq2SJ27RxCz2un0H3ePqE= github.com/segmentio/kafka-go v0.1.0/go.mod h1:X6itGqS9L4jDletMsxZ7Dz+JFWxM6JHfPOCvTvk+EJo= github.com/serenize/snaker v0.0.0-20171204205717-a683aaf2d516/go.mod h1:Yow6lPLSAXx2ifx470yD/nUe22Dv5vBvxK/UK9UUTVs= @@ -2038,7 +2034,6 @@ github.com/soheilhy/cmux v0.1.4 h1:0HKaf1o97UwFjHH9o5XsHUOF+tqmdA7KEzXLpiyaw0E= github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM= github.com/sony/gobreaker v0.4.1/go.mod h1:ZKptC7FHNvhBz7dN2LGjPVBz2sZJmc0/PkyDJOjmxWY= github.com/sourcegraph/annotate v0.0.0-20160123013949-f4cad6c6324d/go.mod h1:UdhH50NIW0fCiwBSr0co2m7BnFLdv4fQTgdqdJTHFeE= -github.com/sourcegraph/go-diff v0.5.1 h1:gO6i5zugwzo1RVTvgvfwCOSVegNuvnNi6bAD1QCmkHs= github.com/sourcegraph/go-diff v0.5.1/go.mod h1:j2dHj3m8aZgQO8lMTcTnBcXkRRRqi34cd2MNlA9u1mE= github.com/sourcegraph/syntaxhighlight v0.0.0-20170531221838-bd320f5d308e/go.mod h1:HuIsMU8RRBOtsCgI77wP899iHVBQpCmg4ErYMZB+2IA= github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= @@ -2049,7 +2044,6 @@ github.com/spf13/afero v1.2.1/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTd github.com/spf13/afero v1.2.2 h1:5jhuqJyZCZf2JRofRvN/nIFgIWNzPa3/Vz8mYylgbWc= github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk= github.com/spf13/cast v1.2.0/go.mod h1:r2rcYCSwa1IExKTDiTfzaxqT2FNHs8hODu4LnUfgKEg= -github.com/spf13/cast v1.3.0 h1:oget//CVOEoFewqQxwr0Ej5yjygnqGkvggSE/gB35Q8= github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= github.com/spf13/cobra v0.0.2/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= @@ -2058,7 +2052,6 @@ github.com/spf13/cobra v0.0.5 h1:f0B+LkLX6DtmRH1isoNA9VTtNUK9K8xYd28JNNfOv/s= github.com/spf13/cobra v0.0.5/go.mod h1:3K3wKZymM7VvHMDS9+Akkh4K60UwM26emMESw8tLCHU= github.com/spf13/jwalterweatherman v0.0.0-20180109140146-7c0cea34c8ec/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= -github.com/spf13/jwalterweatherman v1.1.0 h1:ue6voC5bR5F8YxI5S67j9i582FU4Qvo2bmqnqMYADFk= github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo= github.com/spf13/pflag v0.0.0-20170130214245-9ff6c6923cff/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= github.com/spf13/pflag v1.0.1/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= @@ -2072,7 +2065,6 @@ github.com/spf13/viper v1.3.0/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DM github.com/spf13/viper v1.3.1/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DMA2s= github.com/spf13/viper v1.3.2/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DMA2s= github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/yZzE= -github.com/spf13/viper v1.6.1 h1:VPZzIkznI1YhVMRi6vNFLHSwhnhReBfgTxIPccpfdZk= github.com/spf13/viper v1.6.1/go.mod h1:t3iDnF5Jlj76alVNuyFBk5oUMCvsrkbvZK0WQdfDi5k= github.com/src-d/gcfg v1.4.0/go.mod h1:p/UMsR43ujA89BJY9duynAwIpvqEujIH/jFlfL7jWoI= github.com/stathat/go v1.0.0/go.mod h1:+9Eg2szqkcOGWv6gfheJmBBsmq9Qf5KDbzy8/aYYR0c= @@ -2084,7 +2076,6 @@ github.com/streadway/amqp v0.0.0-20190404075320-75d898a42a94/go.mod h1:AZpEONHx3 github.com/streadway/handy v0.0.0-20190108123426-d5acb3125c2a/go.mod h1:qNTQ5P5JnDBl6z3cMAg/SywNDC5ABu5ApDIw6lUbRmI= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/objx v0.2.0 h1:Hbg2NidpLE8veEBkEZTL3CvlkUIVzuU9jDplZO54c48= github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE= github.com/stretchr/testify v0.0.0-20151208002404-e3a8ff8ce365/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.2.0/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= @@ -2093,7 +2084,6 @@ github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXf github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJyk= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= -github.com/subosito/gotenv v1.2.0 h1:Slr1R9HxAlEKefgq5jn9U+DnETlIUa6HfgEzj0g5d7s= github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= github.com/svanharmelen/jsonapi v0.0.0-20180618144545-0c0828c3f16d h1:Z4EH+5EffvBEhh37F0C0DnpklTMh00JOkjW5zK3ofBI= github.com/svanharmelen/jsonapi v0.0.0-20180618144545-0c0828c3f16d/go.mod h1:BSTlc8jOjh0niykqEGVXOLXdi9o0r0kR8tCYiMvjFgw= @@ -2125,7 +2115,6 @@ github.com/terraform-providers/terraform-provider-vsphere v1.16.2/go.mod h1:yTPD github.com/thecodeteam/goscaleio v0.1.0/go.mod h1:68sdkZAsK8bvEwBlbQnlLS+xU+hvLYM/iQ8KXej1AwM= github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk= github.com/timakin/bodyclose v0.0.0-20190721030226-87058b9bfcec/go.mod h1:Qimiffbc6q9tBWlVV6x0P9sat/ao1xEkREYPPj9hphk= -github.com/timakin/bodyclose v0.0.0-20190930140734-f7f2e9bca95e h1:RumXZ56IrCj4CL+g1b9OL/oH0QnsF976bC8xQFYUD5Q= github.com/timakin/bodyclose v0.0.0-20190930140734-f7f2e9bca95e/go.mod h1:Qimiffbc6q9tBWlVV6x0P9sat/ao1xEkREYPPj9hphk= github.com/tinylib/msgp v1.1.0/go.mod h1:+d+yLhGm8mzTaHzB+wgMYrodPfmZrzkirds8fDWklFE= github.com/tj/go-elastic v0.0.0-20171221160941-36157cbbebc2/go.mod h1:WjeM0Oo1eNAjXGDx2yma7uG2XoyRZTq1uv3M/o7imD0= @@ -2137,7 +2126,6 @@ github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5 h1:LnC5Kc github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/tombuildsstuff/giovanni v0.7.1 h1:QJG5TJNIjcRbMsaQGF1HtWEpZbu8xLAOmZuMIk7wf14= github.com/tombuildsstuff/giovanni v0.7.1/go.mod h1:Xu/XU+DiRrKTDoCnJNGuh9ysD0eJyi/zU/naFh2aN9I= -github.com/tommy-muehle/go-mnd v1.1.1 h1:4D0wuPKjOTiK2garzuPGGvm4zZ/wLYDOH8TJSABC7KU= github.com/tommy-muehle/go-mnd v1.1.1/go.mod h1:dSUh0FtTP8VhvkL1S+gUR1OKd9ZnSaozuI6r3m6wOig= github.com/ttacon/chalk v0.0.0-20160626202418-22c06c80ed31/go.mod h1:onvgF043R+lC5RZ8IT9rBXDaEDnpnw/Cl+HFiw+v/7Q= github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM= @@ -2154,9 +2142,7 @@ github.com/ulikunitz/xz v0.5.5/go.mod h1:2bypXElzHzzJZwzH67Y6wb67pO62Rzfn7BSiF4A github.com/ulikunitz/xz v0.5.6 h1:jGHAfXawEGZQ3blwU5wnWKQJvAraT7Ftq9EXjnXYgt8= github.com/ulikunitz/xz v0.5.6/go.mod h1:2bypXElzHzzJZwzH67Y6wb67pO62Rzfn7BSiF4ABRW8= github.com/ultraware/funlen v0.0.1/go.mod h1:Dp4UiAus7Wdb9KUZsYWZEWiRzGuM2kXM1lPbfaF6xhA= -github.com/ultraware/funlen v0.0.2 h1:Av96YVBwwNSe4MLR7iI/BIa3VyI7/djnto/pK3Uxbdo= github.com/ultraware/funlen v0.0.2/go.mod h1:Dp4UiAus7Wdb9KUZsYWZEWiRzGuM2kXM1lPbfaF6xhA= -github.com/ultraware/whitespace v0.0.4 h1:If7Va4cM03mpgrNH9k49/VOicWpGoG70XPBFFODYDsg= github.com/ultraware/whitespace v0.0.4/go.mod h1:aVMh/gQve5Maj9hQ/hg+F75lr/X5A89uZnzAmWSineA= github.com/unrolled/secure v0.0.0-20180918153822-f340ee86eb8b/go.mod h1:mnPT77IAdsi/kV7+Es7y+pXALeV3h7G6dQF6mNYjcLA= github.com/unrolled/secure v0.0.0-20181005190816-ff9db2ff917f/go.mod h1:mnPT77IAdsi/kV7+Es7y+pXALeV3h7G6dQF6mNYjcLA= @@ -2166,7 +2152,6 @@ github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijb github.com/urfave/cli v1.21.0/go.mod h1:lxDj6qX9Q6lWQxIrbrT0nwecwUtRnhVZAJjJZrVUZZQ= github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= github.com/urfave/negroni v1.0.0/go.mod h1:Meg73S6kFm/4PpbYdq35yYWoCZ9mS/YSx+lKnmiohz4= -github.com/uudashr/gocognit v1.0.1 h1:MoG2fZ0b/Eo7NXoIwCVFLG5JED3qgQz5/NEE+rOsjPs= github.com/uudashr/gocognit v1.0.1/go.mod h1:j44Ayx2KW4+oB6SWMv8KsmHzZrOInQav7D3cQMJ5JUM= github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc= github.com/valyala/fasthttp v1.2.0/go.mod h1:4vX61m6KN+xDduDNwXrhIAVZaZaZiQ1luJk8LWSxF3s= @@ -2193,7 +2178,6 @@ github.com/vmihailenco/msgpack v4.0.4+incompatible h1:dSLoQfGFAo3F6OoNhwUmLwVgaU github.com/vmihailenco/msgpack v4.0.4+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk= github.com/vmware/govmomi v0.20.3/go.mod h1:URlwyTFZX72RmxtxuaFL2Uj3fD1JTvZdx59bHWk6aFU= github.com/vmware/govmomi v0.21.0/go.mod h1:zbnFoBQ9GIjs2RVETy8CNEpb+L+Lwkjs3XZUL0B3/m0= -github.com/vmware/govmomi v0.22.1 h1:ZIEYmBdAS2i+s7RctapqdHfbeGiUcL8LRN05uS4TfPc= github.com/vmware/govmomi v0.22.1/go.mod h1:Y+Wq4lst78L85Ge/F8+ORXIWiKYqaro1vhAulACy9Lc= github.com/vmware/govmomi v0.22.2 h1:hmLv4f+RMTTseqtJRijjOWzwELiaLMIoHv2D6H3bF4I= github.com/vmware/govmomi v0.22.2/go.mod h1:Y+Wq4lst78L85Ge/F8+ORXIWiKYqaro1vhAulACy9Lc= @@ -2348,7 +2332,6 @@ golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHl golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f h1:J5lckAjkw6qYlOZNj90mLYNTEKDvWeuc1yieZ8qUzUE= golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs= golang.org/x/lint v0.0.0-20200302205851-738671d3881b h1:Wh+f8QHJXR411sJR8/vRBTZ7YapZaRvUcLFFJhusH0k= golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= @@ -2414,7 +2397,6 @@ golang.org/x/net v0.0.0-20191004110552-13f9640d40b9/go.mod h1:z5CRVTTTmAJ677TzLL golang.org/x/net v0.0.0-20191009170851-d66e71096ffb/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20191126235420-ef20fe5d7933/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20191204025024-5ee1b9f4859a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553 h1:efeOvDhwQ29Dj3SdAV/MJf8oukgn+8D8WgaCaRMchF8= golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200202094626-16171245cfb2 h1:CCH4IOTTfewWjGOlSp+zGcjutRKlBEZQ6wTn8ozI/nI= golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= @@ -2633,10 +2615,8 @@ golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtn golang.org/x/tools v0.0.0-20191203134012-c197fd4bf371/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191204011308-9611592c72f6/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200102140908-9497f49d5709/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200115044656-831fdb1e1868 h1:6VZw2h4iwEB4GwgQU3Jvcsm8l9+yReTrErAEK1k6AC4= golang.org/x/tools v0.0.0-20200115044656-831fdb1e1868/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200204192400-7124308813f3 h1:Ms82wn6YK4ZycO6Bxyh0kxX3gFFVGo79CCuc52xgcys= golang.org/x/tools v0.0.0-20200204192400-7124308813f3/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200214201135-548b770e2dfa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200216192241-b320d3a0f5a2 h1:0sfSpGSa544Fwnbot3Oxq/U6SXqjty6Jy/3wRhVS7ig= @@ -2759,7 +2739,6 @@ gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.7 h1:VUgggvou5XRW9mHwD/yXxIYSMtY0zoKQf/v226p2nyo= gopkg.in/yaml.v2 v2.2.7/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= @@ -2838,12 +2817,9 @@ modernc.org/golex v1.0.0/go.mod h1:b/QX9oBD/LhixY6NDh+IdGv17hgB+51fET1i2kPSmvk= modernc.org/mathutil v1.0.0/go.mod h1:wU0vUrJsVWBZ4P6e7xtFJEhFSNsfRLJ8H458uRjg03k= modernc.org/strutil v1.0.0/go.mod h1:lstksw84oURvj9y3tn8lGvRxyRC1S2+g5uuIzNfIOBs= modernc.org/xc v1.0.0/go.mod h1:mRNCo0bvLjGhHO9WsyuKVU4q0ceiDDDoEeWDJHrNx8I= -mvdan.cc/interfacer v0.0.0-20180901003855-c20040233aed h1:WX1yoOaKQfddO/mLzdV4wptyWgoH/6hwLs7QHTixo0I= mvdan.cc/interfacer v0.0.0-20180901003855-c20040233aed/go.mod h1:Xkxe497xwlCKkIaQYRfC7CSLworTXY9RMqwhhCm+8Nc= -mvdan.cc/lint v0.0.0-20170908181259-adc824a0674b h1:DxJ5nJdkhDlLok9K6qO+5290kphDJbHOQO1DFFFTeBo= mvdan.cc/lint v0.0.0-20170908181259-adc824a0674b/go.mod h1:2odslEg/xrtNQqCYg2/jCoyKnw3vv5biOc3JnIcYfL4= mvdan.cc/unparam v0.0.0-20190209190245-fbb59629db34/go.mod h1:H6SUd1XjIs+qQCyskXg5OFSrilMRUkD8ePJpHKDPaeY= -mvdan.cc/unparam v0.0.0-20190720180237-d51796306d8f h1:Cq7MalBHYACRd6EesksG1Q8EoIAKOsiZviGKbOLIej4= mvdan.cc/unparam v0.0.0-20190720180237-d51796306d8f/go.mod h1:4G1h5nDURzA3bwVMZIVpwbkw+04kSxk3rAtzlimaUJw= rsc.io/binaryregexp v0.2.0 h1:HfqmD5MEmC0zvwBuF187nq9mdnXjXsSivRiXN7SmRkE= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= @@ -2871,7 +2847,6 @@ sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o= sourcegraph.com/sourcegraph/appdash v0.0.0-20190107175209-d9ea5c54f7dc/go.mod h1:hI742Nqp5OhwiqlzhgfbWU4mW4yO10fP+LoT9WOswdU= sourcegraph.com/sourcegraph/appdash-data v0.0.0-20151005221446-73f23eafcf67/go.mod h1:L5q+DGLGOQFpo1snNEkLOJT2d1YTW66rWNzatr3He1k= sourcegraph.com/sourcegraph/go-diff v0.5.0/go.mod h1:kuch7UrkMzY0X+p9CRK03kfuPQ2zzQcaEFbx8wA8rck= -sourcegraph.com/sqs/pbtypes v0.0.0-20180604144634-d3ebe8f20ae4 h1:JPJh2pk3+X4lXAkZIk2RuE/7/FoK9maXw+TNPJhVS/c= sourcegraph.com/sqs/pbtypes v0.0.0-20180604144634-d3ebe8f20ae4/go.mod h1:ketZ/q3QxT9HOBeFhu6RdvsftgpsbFHBF5Cas6cDKZ0= vbom.ml/util v0.0.0-20160121211510-db5cfe13f5cc/go.mod h1:so/NYdZXCz+E3ZpW0uAoCj6uzU2+8OWDFv/HxUSs7kI= vbom.ml/util v0.0.0-20180919145318-efcd4e0f9787/go.mod h1:so/NYdZXCz+E3ZpW0uAoCj6uzU2+8OWDFv/HxUSs7kI= diff --git a/pkg/asset/cluster/aws/aws.go b/pkg/asset/cluster/aws/aws.go index df5952417de..5ad02450446 100644 --- a/pkg/asset/cluster/aws/aws.go +++ b/pkg/asset/cluster/aws/aws.go @@ -23,6 +23,7 @@ func Metadata(clusterID, infraID string, config *types.InstallConfig) *awstypes. }, { "openshiftClusterID": clusterID, }}, + ServiceEndpoints: config.AWS.ServiceEndpoints, } } diff --git a/pkg/asset/cluster/tfvars.go b/pkg/asset/cluster/tfvars.go index 42622fcaccc..0ada5e1538b 100644 --- a/pkg/asset/cluster/tfvars.go +++ b/pkg/asset/cluster/tfvars.go @@ -9,6 +9,7 @@ import ( "net" "net/url" "os" + "strings" igntypes "github.com/coreos/ignition/config/v2_2/types" gcpprovider "github.com/openshift/cluster-api-provider-gcp/pkg/apis/gcpprovider/v1beta1" @@ -214,13 +215,22 @@ func (t *TerraformVariables) Generate(parents asset.Parents) error { for i, m := range workers { workerConfigs[i] = m.Spec.Template.Spec.ProviderSpec.Value.Object.(*awsprovider.AWSMachineProviderConfig) } + osImage := strings.SplitN(string(*rhcosImage), ",", 2) + osImageID := osImage[0] + osImageRegion := installConfig.Config.AWS.Region + if len(osImage) == 2 { + osImageRegion = osImage[1] + } data, err := awstfvars.TFVars(awstfvars.TFVarsSources{ VPC: vpc, PrivateSubnets: privateSubnets, PublicSubnets: publicSubnets, + Services: installConfig.Config.AWS.ServiceEndpoints, Publish: installConfig.Config.Publish, MasterConfigs: masterConfigs, WorkerConfigs: workerConfigs, + AMIID: osImageID, + AMIRegion: osImageRegion, }) if err != nil { return errors.Wrapf(err, "failed to get %s Terraform variables", platform) diff --git a/pkg/asset/installconfig/aws/basedomain.go b/pkg/asset/installconfig/aws/basedomain.go index d0f764c7eaa..fb30f9803d9 100644 --- a/pkg/asset/installconfig/aws/basedomain.go +++ b/pkg/asset/installconfig/aws/basedomain.go @@ -7,6 +7,7 @@ import ( "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/aws/awserr" + "github.com/aws/aws-sdk-go/aws/session" "github.com/aws/aws-sdk-go/service/route53" "github.com/pkg/errors" "github.com/sirupsen/logrus" @@ -75,7 +76,7 @@ func GetBaseDomain() (string, error) { } // GetPublicZone returns a public route53 zone that matches the name. -func GetPublicZone(name string) (*route53.HostedZone, error) { +func GetPublicZone(sess *session.Session, name string) (*route53.HostedZone, error) { var res *route53.HostedZone f := func(resp *route53.ListHostedZonesOutput, lastPage bool) (shouldContinue bool) { for idx, zone := range resp.HostedZones { @@ -87,11 +88,7 @@ func GetPublicZone(name string) (*route53.HostedZone, error) { return !lastPage } - session, err := GetSession() - if err != nil { - return nil, errors.Wrap(err, "getting AWS session") - } - client := route53.New(session) + client := route53.New(sess) if err := client.ListHostedZonesPages(&route53.ListHostedZonesInput{}, f); err != nil { return nil, errors.Wrap(err, "listing hosted zones") } diff --git a/pkg/asset/installconfig/aws/metadata.go b/pkg/asset/installconfig/aws/metadata.go index 39b4b0abffb..47a736c7a11 100644 --- a/pkg/asset/installconfig/aws/metadata.go +++ b/pkg/asset/installconfig/aws/metadata.go @@ -6,6 +6,8 @@ import ( "github.com/aws/aws-sdk-go/aws/session" "github.com/pkg/errors" + + typesaws "github.com/openshift/installer/pkg/types/aws" ) // Metadata holds additional metadata for InstallConfig resources that @@ -16,15 +18,18 @@ type Metadata struct { availabilityZones []string privateSubnets map[string]Subnet publicSubnets map[string]Subnet - Region string `json:"region,omitempty"` - Subnets []string `json:"subnets,omitempty"` vpc string - mutex sync.Mutex + + Region string `json:"region,omitempty"` + Subnets []string `json:"subnets,omitempty"` + Services []typesaws.ServiceEndpoint `json:"services,omitempty"` + + mutex sync.Mutex } // NewMetadata initializes a new Metadata object. -func NewMetadata(region string, subnets []string) *Metadata { - return &Metadata{Region: region, Subnets: subnets} +func NewMetadata(region string, subnets []string, services []typesaws.ServiceEndpoint) *Metadata { + return &Metadata{Region: region, Subnets: subnets, Services: services} } // Session holds an AWS session which can be used for AWS API calls @@ -39,7 +44,7 @@ func (m *Metadata) Session(ctx context.Context) (*session.Session, error) { func (m *Metadata) unlockedSession(ctx context.Context) (*session.Session, error) { if m.session == nil { var err error - m.session, err = GetSession() + m.session, err = GetSessionWithOptions(WithRegion(m.Region), WithServiceEndpoints(m.Region, m.Services)) if err != nil { return nil, errors.Wrap(err, "creating AWS session") } diff --git a/pkg/asset/installconfig/aws/platform.go b/pkg/asset/installconfig/aws/platform.go index adde4835137..78ffa8f3114 100644 --- a/pkg/asset/installconfig/aws/platform.go +++ b/pkg/asset/installconfig/aws/platform.go @@ -5,18 +5,19 @@ import ( "sort" "strings" - "github.com/openshift/installer/pkg/types/aws" - "github.com/openshift/installer/pkg/types/aws/validation" "github.com/pkg/errors" "github.com/sirupsen/logrus" survey "gopkg.in/AlecAivazis/survey.v1" + + "github.com/openshift/installer/pkg/types/aws" ) // Platform collects AWS-specific configuration. func Platform() (*aws.Platform, error) { - longRegions := make([]string, 0, len(validation.Regions)) - shortRegions := make([]string, 0, len(validation.Regions)) - for id, location := range validation.Regions { + regions := knownRegions() + longRegions := make([]string, 0, len(regions)) + shortRegions := make([]string, 0, len(regions)) + for id, location := range regions { longRegions = append(longRegions, fmt.Sprintf("%s (%s)", id, location)) shortRegions = append(shortRegions, id) } @@ -25,8 +26,7 @@ func Platform() (*aws.Platform, error) { }) defaultRegion := "us-east-1" - _, ok := validation.Regions[defaultRegion] - if !ok { + if !IsKnownRegion(defaultRegion) { panic(fmt.Sprintf("installer bug: invalid default AWS region %q", defaultRegion)) } @@ -37,8 +37,7 @@ func Platform() (*aws.Platform, error) { defaultRegionPointer := ssn.Config.Region if defaultRegionPointer != nil && *defaultRegionPointer != "" { - _, ok := validation.Regions[*defaultRegionPointer] - if ok { + if IsKnownRegion(*defaultRegionPointer) { defaultRegion = *defaultRegionPointer } else { logrus.Warnf("Unrecognized AWS region %q, defaulting to %s", *defaultRegionPointer, defaultRegion) @@ -54,7 +53,7 @@ func Platform() (*aws.Platform, error) { Prompt: &survey.Select{ Message: "Region", Help: "The AWS region to be used for installation.", - Default: fmt.Sprintf("%s (%s)", defaultRegion, validation.Regions[defaultRegion]), + Default: fmt.Sprintf("%s (%s)", defaultRegion, regions[defaultRegion]), Options: longRegions, }, Validate: survey.ComposeValidators(survey.Required, func(ans interface{}) error { diff --git a/pkg/asset/installconfig/aws/regions.go b/pkg/asset/installconfig/aws/regions.go new file mode 100644 index 00000000000..b9a866bc8dd --- /dev/null +++ b/pkg/asset/installconfig/aws/regions.go @@ -0,0 +1,35 @@ +package aws + +import ( + "github.com/aws/aws-sdk-go/aws/endpoints" + "k8s.io/apimachinery/pkg/util/sets" + + "github.com/openshift/installer/pkg/rhcos" +) + +// knownRegions is a list of AWS regions that the installer recognizes. +// This is subset of AWS regions and the regions where RHEL CoreOS images are published. +// The result is a map of region identifier to region description +func knownRegions() map[string]string { + required := sets.NewString(rhcos.AMIRegions...) + + regions := make(map[string]string) + for _, partition := range endpoints.DefaultPartitions() { + for _, partitionRegion := range partition.Regions() { + partitionRegion := partitionRegion + if required.Has(partitionRegion.ID()) { + regions[partitionRegion.ID()] = partitionRegion.Description() + } + } + } + return regions +} + +// IsKnownRegion return true is a specified region is Known to the installer. +// A known region is subset of AWS regions and the regions where RHEL CoreOS images are published. +func IsKnownRegion(region string) bool { + if _, ok := knownRegions()[region]; ok { + return true + } + return false +} diff --git a/pkg/asset/installconfig/aws/session.go b/pkg/asset/installconfig/aws/session.go index e695e35d104..aa7d17e37ce 100644 --- a/pkg/asset/installconfig/aws/session.go +++ b/pkg/asset/installconfig/aws/session.go @@ -8,6 +8,7 @@ import ( "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/aws/credentials" "github.com/aws/aws-sdk-go/aws/defaults" + "github.com/aws/aws-sdk-go/aws/endpoints" "github.com/aws/aws-sdk-go/aws/request" "github.com/aws/aws-sdk-go/aws/session" "github.com/pkg/errors" @@ -15,6 +16,7 @@ import ( survey "gopkg.in/AlecAivazis/survey.v1" ini "gopkg.in/ini.v1" + typesaws "github.com/openshift/installer/pkg/types/aws" "github.com/openshift/installer/pkg/version" ) @@ -30,12 +32,41 @@ var ( } ) +// SessionOptions is a function that modifies the provided session.Option. +type SessionOptions func(sess *session.Options) + +// WithRegion configures the session.Option to set the AWS region. +func WithRegion(region string) SessionOptions { + return func(sess *session.Options) { + cfg := aws.NewConfig().WithRegion(region) + sess.Config.MergeIn(cfg) + } +} + +// WithServiceEndpoints configures the session.Option to use provides services for AWS endpoints. +func WithServiceEndpoints(region string, services []typesaws.ServiceEndpoint) SessionOptions { + return func(sess *session.Options) { + resolver := newAWSResolver(region, services) + cfg := aws.NewConfig().WithEndpointResolver(resolver) + sess.Config.MergeIn(cfg) + } +} + // GetSession returns an AWS session by checking credentials // and, if no creds are found, asks for them and stores them on disk in a config file -func GetSession() (*session.Session, error) { - ssn := session.Must(session.NewSessionWithOptions(session.Options{ +func GetSession() (*session.Session, error) { return GetSessionWithOptions() } + +// GetSessionWithOptions returns an AWS session by checking credentials +// and, if no creds are found, asks for them and stores them on disk in a config file +func GetSessionWithOptions(optFuncs ...SessionOptions) (*session.Session, error) { + options := session.Options{ SharedConfigState: session.SharedConfigEnable, - })) + } + for _, optFunc := range optFuncs { + optFunc(&options) + } + + ssn := session.Must(session.NewSessionWithOptions(options)) sharedCredentialsProvider := &credentials.SharedCredentialsProvider{} ssn.Config.Credentials = credentials.NewChainCredentials([]credentials.Provider{ @@ -140,3 +171,68 @@ func getCredentials() error { return os.Rename(tempPath, path) } + +type awsResolver struct { + region string + services map[string]typesaws.ServiceEndpoint + + // this is a list of known default endpoints for specific regions that would + // otherwise require user to set the service overrides. + // it's a map of region => service => resolved endpoint + // this is only used when the user hasn't specified a override for the service in that region. + defaultEndpoints map[string]map[string]endpoints.ResolvedEndpoint +} + +func newAWSResolver(region string, services []typesaws.ServiceEndpoint) *awsResolver { + resolver := &awsResolver{ + region: region, + services: make(map[string]typesaws.ServiceEndpoint), + defaultEndpoints: defaultEndpoints(), + } + for _, service := range services { + service := service + resolver.services[resolverKey(service.Name)] = service + } + return resolver +} + +func (ar *awsResolver) EndpointFor(service, region string, optFns ...func(*endpoints.Options)) (endpoints.ResolvedEndpoint, error) { + if s, ok := ar.services[resolverKey(service)]; ok { + logrus.Debugf("resolved AWS service %s (%s) to %q", service, region, s.URL) + return endpoints.ResolvedEndpoint{ + URL: s.URL, + SigningRegion: ar.region, + }, nil + } + if rv, ok := ar.defaultEndpoints[region]; ok { + if v, ok := rv[service]; ok { + return v, nil + } + } + return endpoints.DefaultResolver().EndpointFor(service, region, optFns...) +} + +func resolverKey(service string) string { + return service +} + +// this is a list of known default endpoints for specific regions that would +// otherwise require user to set the service overrides. +// it's a map of region => service => resolved endpoint +// this is only used when the user hasn't specified a override for the service in that region. +func defaultEndpoints() map[string]map[string]endpoints.ResolvedEndpoint { + return map[string]map[string]endpoints.ResolvedEndpoint{ + endpoints.CnNorth1RegionID: { + "route53": { + URL: "https://route53.amazonaws.com.cn", + SigningRegion: endpoints.CnNorthwest1RegionID, + }, + }, + endpoints.CnNorthwest1RegionID: { + "route53": { + URL: "https://route53.amazonaws.com.cn", + SigningRegion: endpoints.CnNorthwest1RegionID, + }, + }, + } +} diff --git a/pkg/asset/installconfig/aws/session_test.go b/pkg/asset/installconfig/aws/session_test.go new file mode 100644 index 00000000000..b6fa704179d --- /dev/null +++ b/pkg/asset/installconfig/aws/session_test.go @@ -0,0 +1,53 @@ +package aws + +import ( + "fmt" + "testing" + + "github.com/stretchr/testify/assert" + + typesaws "github.com/openshift/installer/pkg/types/aws" +) + +func TestAWSResolver(t *testing.T) { + overrides := []typesaws.ServiceEndpoint{{ + Name: "ec2", + URL: "test-ec2.local", + }, { + Name: "s3", + URL: "https://test-s3.local", + }} + + cases := []struct { + iservice, iregion string + overrides []typesaws.ServiceEndpoint + expected string + }{{ + iservice: "ec2", + iregion: "us-east-1", + expected: "https://ec2.us-east-1.amazonaws.com", + }, { + iservice: "ec2", + iregion: "us-east-1", + overrides: overrides, + expected: "test-ec2.local", + }, { + iservice: "s3", + iregion: "us-east-1", + overrides: overrides, + expected: "https://test-s3.local", + }, { + iservice: "elasticloadbalancing", + iregion: "us-east-1", + overrides: overrides, + expected: "https://elasticloadbalancing.us-east-1.amazonaws.com", + }} + for idx, test := range cases { + t.Run(fmt.Sprintf("%d", idx), func(t *testing.T) { + resolvers := newAWSResolver(test.iregion, test.overrides) + endpoint, err := resolvers.EndpointFor(test.iservice, test.iregion) + assert.NoError(t, err) + assert.Equal(t, test.expected, endpoint.URL) + }) + } +} diff --git a/pkg/asset/installconfig/aws/validation.go b/pkg/asset/installconfig/aws/validation.go index 7f3bdb3ad87..be8fc9d0a13 100644 --- a/pkg/asset/installconfig/aws/validation.go +++ b/pkg/asset/installconfig/aws/validation.go @@ -6,7 +6,9 @@ import ( "net" "sort" + "github.com/aws/aws-sdk-go/aws/endpoints" "github.com/pkg/errors" + utilerrors "k8s.io/apimachinery/pkg/util/errors" "k8s.io/apimachinery/pkg/util/sets" "k8s.io/apimachinery/pkg/util/validation/field" @@ -37,9 +39,17 @@ func Validate(ctx context.Context, meta *Metadata, config *types.InstallConfig) func validatePlatform(ctx context.Context, meta *Metadata, fldPath *field.Path, platform *awstypes.Platform, networking *types.Networking, publish types.PublishingStrategy) field.ErrorList { allErrs := field.ErrorList{} + + if !isAWSSDKRegion(platform.Region) && platform.AMIID == "" { + allErrs = append(allErrs, field.Required(fldPath.Child("amiID"), "AMI must be provided")) + } + if len(platform.Subnets) > 0 { allErrs = append(allErrs, validateSubnets(ctx, meta, fldPath.Child("subnets"), platform.Subnets, networking, publish)...) } + if err := validateServiceEndpoints(fldPath.Child("serviceEndpoints"), platform.Region, platform.ServiceEndpoints); err != nil { + allErrs = append(allErrs, field.Invalid(fldPath.Child("serviceEndpoints"), platform.ServiceEndpoints, err.Error())) + } if platform.DefaultMachinePlatform != nil { allErrs = append(allErrs, validateMachinePool(ctx, meta, fldPath.Child("defaultMachinePlatform"), platform, platform.DefaultMachinePlatform)...) } @@ -165,3 +175,40 @@ func validateDuplicateSubnetZones(fldPath *field.Path, subnets map[string]Subnet } return allErrs } + +func validateServiceEndpoints(fldPath *field.Path, region string, services []awstypes.ServiceEndpoint) error { + if isAWSSDKRegion(region) { + return nil + } + + resolver := newAWSResolver(region, services) + var errs []error + for _, service := range requiredServices { + _, err := resolver.EndpointFor(service, region, endpoints.StrictMatchingOption) + if err != nil { + errs = append(errs, errors.Wrapf(err, "failed to find endpoint for service %q", service)) + } + } + return utilerrors.NewAggregate(errs) +} + +func isAWSSDKRegion(region string) bool { + for _, partition := range endpoints.DefaultPartitions() { + for _, partitionRegion := range partition.Regions() { + if region == partitionRegion.ID() { + return true + } + } + } + return false +} + +var requiredServices = []string{ + "ec2", + "elasticloadbalancing", + "iam", + "route53", + "s3", + "sts", + "tagging", +} diff --git a/pkg/asset/installconfig/aws/validation_test.go b/pkg/asset/installconfig/aws/validation_test.go index 6613d5b7ea8..9dbf3960db8 100644 --- a/pkg/asset/installconfig/aws/validation_test.go +++ b/pkg/asset/installconfig/aws/validation_test.go @@ -25,6 +25,7 @@ func validInstallConfig() *types.InstallConfig { Publish: types.ExternalPublishingStrategy, Platform: types.Platform{ AWS: &aws.Platform{ + Region: "us-east-1", Subnets: []string{ "valid-private-subnet-a", "valid-private-subnet-b", @@ -90,6 +91,31 @@ func validPublicSubnets() map[string]Subnet { } } +func validServiceEndpoints() []aws.ServiceEndpoint { + return []aws.ServiceEndpoint{{ + Name: "ec2", + URL: "e2e.local", + }, { + Name: "s3", + URL: "e2e.local", + }, { + Name: "iam", + URL: "e2e.local", + }, { + Name: "elasticloadbalancing", + URL: "e2e.local", + }, { + Name: "tagging", + URL: "e2e.local", + }, { + Name: "route53", + URL: "e2e.local", + }, { + Name: "sts", + URL: "e2e.local", + }} +} + func TestValidate(t *testing.T) { tests := []struct { name string @@ -102,7 +128,7 @@ func TestValidate(t *testing.T) { name: "valid no byo", installConfig: func() *types.InstallConfig { c := validInstallConfig() - c.Platform.AWS = &aws.Platform{} + c.Platform.AWS = &aws.Platform{Region: "us-east-1"} return c }(), availZones: validAvailZones(), @@ -315,6 +341,55 @@ func TestValidate(t *testing.T) { privateSubnets: validPrivateSubnets(), publicSubnets: validPublicSubnets(), exptectErr: `^\[compute\[0\]\.platform\.aws\.zones: Invalid value: \[\]string{\"a\", \"b\", \"c\", \"d\"}: No subnets provided for zones \[d\], compute\[1\]\.platform\.aws\.zones: Invalid value: \[\]string{\"a\", \"b\", \"e\"}: No subnets provided for zones \[e\]\]$`, + }, { + name: "custom region invalid service endpoints none provided", + installConfig: func() *types.InstallConfig { + c := validInstallConfig() + c.Platform.AWS.Region = "test-region" + c.Platform.AWS.AMIID = "dummy-id" + return c + }(), + availZones: validAvailZones(), + privateSubnets: validPrivateSubnets(), + publicSubnets: validPublicSubnets(), + exptectErr: `^platform\.aws\.serviceEndpoints: Invalid value: (.|\n)*: \[failed to find endpoint for service "ec2": (.|\n)*, failed to find endpoint for service "elasticloadbalancing": (.|\n)*, failed to find endpoint for service "iam": (.|\n)*, failed to find endpoint for service "route53": (.|\n)*, failed to find endpoint for service "s3": (.|\n)*, failed to find endpoint for service "sts": (.|\n)*, failed to find endpoint for service "tagging": (.|\n)*\]$`, + }, { + name: "custom region invalid service endpoints some provided", + installConfig: func() *types.InstallConfig { + c := validInstallConfig() + c.Platform.AWS.Region = "test-region" + c.Platform.AWS.AMIID = "dummy-id" + c.Platform.AWS.ServiceEndpoints = validServiceEndpoints()[:3] + return c + }(), + availZones: validAvailZones(), + privateSubnets: validPrivateSubnets(), + publicSubnets: validPublicSubnets(), + exptectErr: `^platform\.aws\.serviceEndpoints: Invalid value: (.|\n)*: \[failed to find endpoint for service "elasticloadbalancing": (.|\n)*, failed to find endpoint for service "route53": (.|\n)*, failed to find endpoint for service "sts": (.|\n)*, failed to find endpoint for service "tagging": (.|\n)*$`, + }, { + name: "custom region valid service endpoints", + installConfig: func() *types.InstallConfig { + c := validInstallConfig() + c.Platform.AWS.Region = "test-region" + c.Platform.AWS.AMIID = "dummy-id" + c.Platform.AWS.ServiceEndpoints = validServiceEndpoints() + return c + }(), + availZones: validAvailZones(), + privateSubnets: validPrivateSubnets(), + publicSubnets: validPublicSubnets(), + }, { + name: "AMI not provided for unknown region", + installConfig: func() *types.InstallConfig { + c := validInstallConfig() + c.Platform.AWS.Region = "test-region" + c.Platform.AWS.ServiceEndpoints = validServiceEndpoints() + return c + }(), + availZones: validAvailZones(), + privateSubnets: validPrivateSubnets(), + publicSubnets: validPublicSubnets(), + exptectErr: `^platform\.aws\.amiID: Required value: AMI must be provided$`, }} for _, test := range tests { diff --git a/pkg/asset/installconfig/installconfig.go b/pkg/asset/installconfig/installconfig.go index b3049e005e3..76d7882bfb8 100644 --- a/pkg/asset/installconfig/installconfig.go +++ b/pkg/asset/installconfig/installconfig.go @@ -131,7 +131,7 @@ func (a *InstallConfig) finish(filename string) error { defaults.SetInstallConfigDefaults(a.Config) if a.Config.AWS != nil { - a.AWS = aws.NewMetadata(a.Config.Platform.AWS.Region, a.Config.Platform.AWS.Subnets) + a.AWS = aws.NewMetadata(a.Config.Platform.AWS.Region, a.Config.Platform.AWS.Subnets, a.Config.AWS.ServiceEndpoints) } if err := validation.ValidateInstallConfig(a.Config, icopenstack.NewValidValuesFetcher()).ToAggregate(); err != nil { diff --git a/pkg/asset/machines/aws/machines.go b/pkg/asset/machines/aws/machines.go index a75e1891f22..3e12865fbbb 100644 --- a/pkg/asset/machines/aws/machines.go +++ b/pkg/asset/machines/aws/machines.go @@ -79,7 +79,6 @@ func Machines(clusterID string, region string, subnets map[string]string, pool * } func provider(clusterID string, region string, subnet string, instanceType string, root *aws.EC2RootVolume, osImage string, zone, role, userDataSecret string, userTags map[string]string) (*awsprovider.AWSMachineProviderConfig, error) { - amiID := osImage tags, err := tagsFromUserTags(clusterID, userTags) if err != nil { return nil, errors.Wrap(err, "failed to create awsprovider.TagSpecifications from UserTags") @@ -102,7 +101,6 @@ func provider(clusterID string, region string, subnet string, instanceType strin }, }, }, - AMI: awsprovider.AWSResourceReference{ID: &amiID}, Tags: tags, IAMInstanceProfile: &awsprovider.AWSResourceReference{ID: pointer.StringPtr(fmt.Sprintf("%s-%s-profile", clusterID, role))}, UserDataSecret: &corev1.LocalObjectReference{Name: userDataSecret}, @@ -125,6 +123,15 @@ func provider(clusterID string, region string, subnet string, instanceType strin config.Subnet.ID = pointer.StringPtr(subnet) } + if osImage == "" { + config.AMI.Filters = []awsprovider.Filter{{ + Name: "tag:Name", + Values: []string{fmt.Sprintf("%s-ami-%s", clusterID, region)}, + }} + } else { + config.AMI.ID = pointer.StringPtr(osImage) + } + return config, nil } diff --git a/pkg/asset/machines/master.go b/pkg/asset/machines/master.go index ad1a1406b4a..4fa7f64af6e 100644 --- a/pkg/asset/machines/master.go +++ b/pkg/asset/machines/master.go @@ -5,6 +5,7 @@ import ( "fmt" "os" "path/filepath" + "strings" "github.com/ghodss/yaml" baremetalapi "github.com/metal3-io/cluster-api-provider-baremetal/pkg/apis" @@ -159,7 +160,14 @@ func (m *Master) Generate(dependencies asset.Parents) error { } mpool := defaultAWSMachinePoolPlatform() - mpool.AMIID = string(*rhcosImage) + + osImage := strings.SplitN(string(*rhcosImage), ",", 2) + osImageID := osImage[0] + if len(osImage) == 2 { + osImageID = "" // the AMI will be generated later on + } + mpool.AMIID = osImageID + mpool.Set(ic.Platform.AWS.DefaultMachinePlatform) mpool.Set(pool.Platform.AWS) if len(mpool.Zones) == 0 { diff --git a/pkg/asset/machines/worker.go b/pkg/asset/machines/worker.go index f224f37dfe4..8b9dac85c97 100644 --- a/pkg/asset/machines/worker.go +++ b/pkg/asset/machines/worker.go @@ -5,6 +5,7 @@ import ( "fmt" "os" "path/filepath" + "strings" "github.com/ghodss/yaml" baremetalapi "github.com/metal3-io/cluster-api-provider-baremetal/pkg/apis" @@ -195,7 +196,14 @@ func (w *Worker) Generate(dependencies asset.Parents) error { } mpool := defaultAWSMachinePoolPlatform() - mpool.AMIID = string(*rhcosImage) + + osImage := strings.SplitN(string(*rhcosImage), ",", 2) + osImageID := osImage[0] + if len(osImage) == 2 { + osImageID = "" // the AMI will be generated later on + } + mpool.AMIID = osImageID + mpool.Set(ic.Platform.AWS.DefaultMachinePlatform) mpool.Set(pool.Platform.AWS) if len(mpool.Zones) == 0 { diff --git a/pkg/asset/manifests/dns.go b/pkg/asset/manifests/dns.go index 7d96b5c9672..c8407b9f847 100644 --- a/pkg/asset/manifests/dns.go +++ b/pkg/asset/manifests/dns.go @@ -81,7 +81,11 @@ func (d *DNS) Generate(dependencies asset.Parents) error { switch installConfig.Config.Platform.Name() { case awstypes.Name: if installConfig.Config.Publish == types.ExternalPublishingStrategy { - zone, err := icaws.GetPublicZone(installConfig.Config.BaseDomain) + sess, err := installConfig.AWS.Session(context.TODO()) + if err != nil { + return errors.Wrap(err, "failed to initialize session") + } + zone, err := icaws.GetPublicZone(sess, installConfig.Config.BaseDomain) if err != nil { return errors.Wrapf(err, "getting public zone for %q", installConfig.Config.BaseDomain) } diff --git a/pkg/asset/manifests/infrastructure.go b/pkg/asset/manifests/infrastructure.go index cef81a46a8d..1711386c574 100644 --- a/pkg/asset/manifests/infrastructure.go +++ b/pkg/asset/manifests/infrastructure.go @@ -3,6 +3,7 @@ package manifests import ( "fmt" "path/filepath" + "sort" "github.com/ghodss/yaml" "github.com/pkg/errors" @@ -70,6 +71,9 @@ func (i *Infrastructure) Generate(dependencies asset.Parents) error { Name: "cluster", // not namespaced }, + Spec: configv1.InfrastructureSpec{ + PlatformSpec: configv1.PlatformSpec{}, + }, Status: configv1.InfrastructureStatus{ InfrastructureName: clusterID.InfraID, APIServerURL: getAPIServerURL(installConfig.Config), @@ -81,12 +85,28 @@ func (i *Infrastructure) Generate(dependencies asset.Parents) error { switch installConfig.Config.Platform.Name() { case aws.Name: - config.Status.PlatformStatus.Type = configv1.AWSPlatformType + config.Spec.PlatformSpec.Type = configv1.AWSPlatformType + config.Spec.PlatformSpec.AWS = &configv1.AWSPlatformSpec{} config.Status.PlatformStatus.AWS = &configv1.AWSPlatformStatus{ Region: installConfig.Config.Platform.AWS.Region, } + + for _, service := range installConfig.Config.Platform.AWS.ServiceEndpoints { + config.Spec.PlatformSpec.AWS.ServiceEndpoints = append(config.Spec.PlatformSpec.AWS.ServiceEndpoints, configv1.AWSServiceEndpoint{ + Name: service.Name, + URL: service.URL, + }) + config.Status.PlatformStatus.AWS.ServiceEndpoints = append(config.Status.PlatformStatus.AWS.ServiceEndpoints, configv1.AWSServiceEndpoint{ + Name: service.Name, + URL: service.URL, + }) + sort.Slice(config.Status.PlatformStatus.AWS.ServiceEndpoints, func(i, j int) bool { + return config.Status.PlatformStatus.AWS.ServiceEndpoints[i].Name < + config.Status.PlatformStatus.AWS.ServiceEndpoints[j].Name + }) + } case azure.Name: - config.Status.PlatformStatus.Type = configv1.AzurePlatformType + config.Spec.PlatformSpec.Type = configv1.AzurePlatformType rg := fmt.Sprintf("%s-rg", clusterID.InfraID) config.Status.PlatformStatus.Azure = &configv1.AzurePlatformStatus{ @@ -97,14 +117,14 @@ func (i *Infrastructure) Generate(dependencies asset.Parents) error { config.Status.PlatformStatus.Azure.NetworkResourceGroupName = nrg } case baremetal.Name: - config.Status.PlatformStatus.Type = configv1.BareMetalPlatformType + config.Spec.PlatformSpec.Type = configv1.BareMetalPlatformType config.Status.PlatformStatus.BareMetal = &configv1.BareMetalPlatformStatus{ APIServerInternalIP: installConfig.Config.Platform.BareMetal.APIVIP, NodeDNSIP: installConfig.Config.Platform.BareMetal.DNSVIP, IngressIP: installConfig.Config.Platform.BareMetal.IngressVIP, } case gcp.Name: - config.Status.PlatformStatus.Type = configv1.GCPPlatformType + config.Spec.PlatformSpec.Type = configv1.GCPPlatformType config.Status.PlatformStatus.GCP = &configv1.GCPPlatformStatus{ ProjectID: installConfig.Config.Platform.GCP.ProjectID, Region: installConfig.Config.Platform.GCP.Region, @@ -119,11 +139,11 @@ func (i *Infrastructure) Generate(dependencies asset.Parents) error { Data: content, }) case libvirt.Name: - config.Status.PlatformStatus.Type = configv1.LibvirtPlatformType + config.Spec.PlatformSpec.Type = configv1.LibvirtPlatformType case none.Name: - config.Status.PlatformStatus.Type = configv1.NonePlatformType + config.Spec.PlatformSpec.Type = configv1.NonePlatformType case openstack.Name: - config.Status.PlatformStatus.Type = configv1.OpenStackPlatformType + config.Spec.PlatformSpec.Type = configv1.OpenStackPlatformType dnsVIP, err := openstackdefaults.DNSVIP(installConfig.Config.Networking) if err != nil { return err @@ -134,7 +154,7 @@ func (i *Infrastructure) Generate(dependencies asset.Parents) error { IngressIP: installConfig.Config.OpenStack.IngressVIP, } case vsphere.Name: - config.Status.PlatformStatus.Type = configv1.VSpherePlatformType + config.Spec.PlatformSpec.Type = configv1.VSpherePlatformType if installConfig.Config.VSphere.APIVIP != "" { config.Status.PlatformStatus.VSphere = &configv1.VSpherePlatformStatus{ APIServerInternalIP: installConfig.Config.VSphere.APIVIP, @@ -143,16 +163,17 @@ func (i *Infrastructure) Generate(dependencies asset.Parents) error { } } case ovirt.Name: - config.Status.PlatformStatus.Type = configv1.OvirtPlatformType + config.Spec.PlatformSpec.Type = configv1.OvirtPlatformType config.Status.PlatformStatus.Ovirt = &configv1.OvirtPlatformStatus{ APIServerInternalIP: installConfig.Config.Ovirt.APIVIP, NodeDNSIP: installConfig.Config.Ovirt.DNSVIP, IngressIP: installConfig.Config.Ovirt.IngressVIP, } default: - config.Status.PlatformStatus.Type = configv1.NonePlatformType + config.Spec.PlatformSpec.Type = configv1.NonePlatformType } - config.Status.Platform = config.Status.PlatformStatus.Type + config.Status.Platform = config.Spec.PlatformSpec.Type + config.Status.PlatformStatus.Type = config.Spec.PlatformSpec.Type if cloudproviderconfig.ConfigMap != nil { // set the configmap reference. diff --git a/pkg/asset/rhcos/image.go b/pkg/asset/rhcos/image.go index 926769da8cc..56dbbaa0fa4 100644 --- a/pkg/asset/rhcos/image.go +++ b/pkg/asset/rhcos/image.go @@ -3,7 +3,7 @@ package rhcos import ( "context" - "github.com/openshift/installer/pkg/types/ovirt" + "fmt" "os" "time" @@ -12,6 +12,7 @@ import ( "github.com/openshift/installer/pkg/asset" "github.com/openshift/installer/pkg/asset/installconfig" + configaws "github.com/openshift/installer/pkg/asset/installconfig/aws" "github.com/openshift/installer/pkg/rhcos" "github.com/openshift/installer/pkg/types" "github.com/openshift/installer/pkg/types/aws" @@ -21,6 +22,7 @@ import ( "github.com/openshift/installer/pkg/types/libvirt" "github.com/openshift/installer/pkg/types/none" "github.com/openshift/installer/pkg/types/openstack" + "github.com/openshift/installer/pkg/types/ovirt" "github.com/openshift/installer/pkg/types/vsphere" ) @@ -75,7 +77,14 @@ func osImage(config *types.InstallConfig) (string, error) { osimage = config.Platform.AWS.AMIID break } - osimage, err = rhcos.AMI(ctx, arch, config.Platform.AWS.Region) + region := config.Platform.AWS.Region + if !configaws.IsKnownRegion(config.Platform.AWS.Region) { + region = "us-east-1" + } + osimage, err = rhcos.AMI(ctx, arch, region) + if region != config.Platform.AWS.Region { + osimage = fmt.Sprintf("%s,%s", osimage, region) + } case gcp.Name: osimage, err = rhcos.GCP(ctx, arch) case libvirt.Name: diff --git a/pkg/destroy/aws/aws.go b/pkg/destroy/aws/aws.go index d07de4f2063..db472a12de9 100644 --- a/pkg/destroy/aws/aws.go +++ b/pkg/destroy/aws/aws.go @@ -74,15 +74,18 @@ func New(logger logrus.FieldLogger, metadata *types.ClusterMetadata) (providers. for _, filter := range metadata.ClusterPlatformMetadata.AWS.Identifier { filters = append(filters, filter) } - - session, err := awssession.GetSession() + region := metadata.ClusterPlatformMetadata.AWS.Region + session, err := awssession.GetSessionWithOptions( + awssession.WithRegion(region), + awssession.WithServiceEndpoints(region, metadata.ClusterPlatformMetadata.AWS.ServiceEndpoints), + ) if err != nil { return nil, err } return &ClusterUninstaller{ Filters: filters, - Region: metadata.ClusterPlatformMetadata.AWS.Region, + Region: region, Logger: logger, ClusterID: metadata.InfraID, Session: session, @@ -103,16 +106,13 @@ func (o *ClusterUninstaller) Run() error { return err } - awsConfig := &aws.Config{Region: aws.String(o.Region)} awsSession := o.Session if awsSession == nil { // Relying on appropriate AWS ENV vars (eg AWS_PROFILE, AWS_ACCESS_KEY_ID, etc) - awsSession, err = session.NewSession(awsConfig) + awsSession, err = session.NewSession(aws.NewConfig().WithRegion(o.Region)) if err != nil { return err } - } else { - awsSession = awsSession.Copy(awsConfig) } awsSession.Handlers.Build.PushBackNamed(request.NamedHandler{ Name: "openshiftInstaller.OpenshiftInstallerUserAgentHandler", @@ -125,12 +125,21 @@ func (o *ClusterUninstaller) Run() error { tagClientNames := map[*resourcegroupstaggingapi.ResourceGroupsTaggingAPI]string{ tagClients[0]: o.Region, } - if o.Region != "us-east-1" { - tagClient := resourcegroupstaggingapi.New( - awsSession, aws.NewConfig().WithRegion("us-east-1"), - ) - tagClients = append(tagClients, tagClient) - tagClientNames[tagClient] = "us-east-1" + + switch o.Region { + case endpoints.CnNorth1RegionID, endpoints.CnNorthwest1RegionID: + if o.Region != endpoints.CnNorthwest1RegionID { + tagClient := resourcegroupstaggingapi.New(awsSession, aws.NewConfig().WithRegion(endpoints.CnNorthwest1RegionID)) + tagClients = append(tagClients, tagClient) + tagClientNames[tagClient] = endpoints.CnNorthwest1RegionID + } + + default: + if o.Region != endpoints.UsEast1RegionID { + tagClient := resourcegroupstaggingapi.New(awsSession, aws.NewConfig().WithRegion(endpoints.UsEast1RegionID)) + tagClients = append(tagClients, tagClient) + tagClientNames[tagClient] = endpoints.UsEast1RegionID + } } iamClient := iam.New(awsSession) diff --git a/pkg/rhcos/ami.go b/pkg/rhcos/ami.go index 625ba9e80ac..04cb15db911 100644 --- a/pkg/rhcos/ami.go +++ b/pkg/rhcos/ami.go @@ -1,3 +1,5 @@ +//go:generate go run ami_regions_generate.go rhcos ../../data/data/rhcos-amd64.json ami_regions.go + package rhcos import ( diff --git a/pkg/rhcos/ami_regions.go b/pkg/rhcos/ami_regions.go new file mode 100644 index 00000000000..aebc16fe8a0 --- /dev/null +++ b/pkg/rhcos/ami_regions.go @@ -0,0 +1,24 @@ +// Code generated by ami_regions_generate.go; DO NOT EDIT. + +package rhcos + +// AMIRegoins is a list of regions where the RHEL CoreOS is published. +var AMIRegions = []string{ + "ap-northeast-1", + "ap-northeast-2", + "ap-south-1", + "ap-southeast-1", + "ap-southeast-2", + "ca-central-1", + "eu-central-1", + "eu-north-1", + "eu-west-1", + "eu-west-2", + "eu-west-3", + "me-south-1", + "sa-east-1", + "us-east-1", + "us-east-2", + "us-west-1", + "us-west-2", +} diff --git a/pkg/rhcos/ami_regions_generate.go b/pkg/rhcos/ami_regions_generate.go new file mode 100644 index 00000000000..7495cc42002 --- /dev/null +++ b/pkg/rhcos/ami_regions_generate.go @@ -0,0 +1,83 @@ +// +build tools + +package main + +import ( + "bytes" + "encoding/json" + "fmt" + "io/ioutil" + "log" + "os" + "path/filepath" + "sort" + "text/template" +) + +func main() { + if len(os.Args) != 4 { + log.Fatalln("exactly 4 arguments must be provided") + } + argsWithoutProg := os.Args[1:] + + pkg := argsWithoutProg[0] + srcPath, err := filepath.Abs(argsWithoutProg[1]) + log.Println("srcPath: ", srcPath) + if err != nil { + log.Fatalln("failed to load absolute path for the source") + } + dstPath, err := filepath.Abs(argsWithoutProg[2]) + log.Println("dstPath: ", dstPath) + if err != nil { + log.Fatalln("failed to load absolute path for the source") + } + + srcData, err := ioutil.ReadFile(srcPath) + if err != nil { + log.Fatalln(err) + } + + var m metadata + if err := json.Unmarshal(srcData, &m); err != nil { + log.Fatalln(fmt.Errorf("failed to unmarshal source: %v", err)) + } + + regions := make([]string, 0, len(m.AMIs)) + for region := range m.AMIs { + regions = append(regions, region) + } + sort.Strings(regions) + + tinput := struct { + Pkg string + Regions []string + }{Pkg: pkg, Regions: regions} + + t := template.Must(template.New("ami_regions").Parse(tmpl)) + buf := &bytes.Buffer{} + if err := t.Execute(buf, tinput); err != nil { + log.Fatalln(fmt.Errorf("failed to execute the template: %v", err)) + } + + if err := ioutil.WriteFile(dstPath, buf.Bytes(), 0664); err != nil { + log.Fatalln(err) + } +} + +type metadata struct { + AMIs map[string]struct { + HVM string `json:"hvm"` + } `json:"amis"` +} + +var tmpl = `// Code generated by ami_regions_generate.go; DO NOT EDIT. + +package {{ .Pkg }} + +// AMIRegoins is a list of regions where the RHEL CoreOS is published. +var AMIRegions = []string{ +{{- range $region := .Regions}} + "{{ $region }}", +{{- end}} +} +` diff --git a/pkg/tfvars/aws/aws.go b/pkg/tfvars/aws/aws.go index 815337d7053..04de2b5a202 100644 --- a/pkg/tfvars/aws/aws.go +++ b/pkg/tfvars/aws/aws.go @@ -8,12 +8,16 @@ import ( "github.com/pkg/errors" "sigs.k8s.io/cluster-api-provider-aws/pkg/apis/awsproviderconfig/v1beta1" + configaws "github.com/openshift/installer/pkg/asset/installconfig/aws" "github.com/openshift/installer/pkg/types" + typesaws "github.com/openshift/installer/pkg/types/aws" "github.com/openshift/installer/pkg/types/aws/defaults" ) type config struct { AMI string `json:"aws_ami"` + AMIRegion string `json:"aws_ami_region"` + CustomEndpoints map[string]string `json:"custom_endpoints,omitempty"` ExtraTags map[string]string `json:"aws_extra_tags,omitempty"` BootstrapInstanceType string `json:"aws_bootstrap_instance_type,omitempty"` MasterInstanceType string `json:"aws_master_instance_type,omitempty"` @@ -29,15 +33,19 @@ type config struct { PrivateSubnets []string `json:"aws_private_subnets,omitempty"` PublicSubnets *[]string `json:"aws_public_subnets,omitempty"` PublishStrategy string `json:"aws_publish_strategy,omitempty"` + SkipRegionCheck bool `json:"aws_skip_region_validation"` } // TFVarsSources contains the parameters to be converted into Terraform variables type TFVarsSources struct { VPC string PrivateSubnets, PublicSubnets []string + Services []typesaws.ServiceEndpoint Publish types.PublishingStrategy + AMIID, AMIRegion string + MasterConfigs, WorkerConfigs []*v1beta1.AWSMachineProviderConfig } @@ -45,6 +53,12 @@ type TFVarsSources struct { func TFVars(sources TFVarsSources) ([]byte, error) { masterConfig := sources.MasterConfigs[0] + endpoints := make(map[string]string) + for _, service := range sources.Services { + service := service + endpoints[service.Name] = service.URL + } + tags := make(map[string]string, len(masterConfig.Tags)) for _, tag := range masterConfig.Tags { tags[tag.Name] = tag.Value @@ -89,9 +103,9 @@ func TFVars(sources TFVarsSources) ([]byte, error) { instanceClass := defaults.InstanceClass(masterConfig.Placement.Region) cfg := &config{ + CustomEndpoints: endpoints, Region: masterConfig.Placement.Region, ExtraTags: tags, - AMI: *masterConfig.AMI.ID, MasterAvailabilityZones: masterAvailabilityZones, WorkerAvailabilityZones: workerAvailabilityZones, BootstrapInstanceType: fmt.Sprintf("%s.large", instanceClass), @@ -101,6 +115,7 @@ func TFVars(sources TFVarsSources) ([]byte, error) { VPC: sources.VPC, PrivateSubnets: sources.PrivateSubnets, PublishStrategy: string(sources.Publish), + SkipRegionCheck: !configaws.IsKnownRegion(masterConfig.Placement.Region), } if len(sources.PublicSubnets) == 0 { @@ -125,5 +140,13 @@ func TFVars(sources TFVarsSources) ([]byte, error) { cfg.KMSKeyID = *rootVolume.EBS.KMSKey.ARN } + if masterConfig.AMI.ID != nil && *masterConfig.AMI.ID != "" { + cfg.AMI = *masterConfig.AMI.ID + cfg.AMIRegion = masterConfig.Placement.Region + } else { + cfg.AMI = sources.AMIID + cfg.AMIRegion = sources.AMIRegion + } + return json.MarshalIndent(cfg, "", " ") } diff --git a/pkg/types/aws/metadata.go b/pkg/types/aws/metadata.go index 08d18257a9f..300077f037f 100644 --- a/pkg/types/aws/metadata.go +++ b/pkg/types/aws/metadata.go @@ -4,6 +4,12 @@ package aws type Metadata struct { Region string `json:"region"` + // ServiceEndpoints list contains custom endpoints which will override default + // service endpoint of AWS Services. + // There must be only one ServiceEndpoint for a service. + // +optional + ServiceEndpoints []ServiceEndpoint `json:"serviceEndpoints,omitempty"` + // Identifier holds a slice of filter maps. The maps hold the // key/value pairs for the tags we will be matching against. A // resource matches the map if all of the key/value pairs are in its diff --git a/pkg/types/aws/platform.go b/pkg/types/aws/platform.go index 45d0911ec51..e78533f050a 100644 --- a/pkg/types/aws/platform.go +++ b/pkg/types/aws/platform.go @@ -21,9 +21,28 @@ type Platform struct { // +optional UserTags map[string]string `json:"userTags,omitempty"` + // ServiceEndpoints list contains custom endpoints which will override default + // service endpoint of AWS Services. + // There must be only one ServiceEndpoint for a service. + // +optional + ServiceEndpoints []ServiceEndpoint `json:"serviceEndpoints,omitempty"` + // DefaultMachinePlatform is the default configuration used when // installing on AWS for machine pools which do not define their own // platform configuration. // +optional DefaultMachinePlatform *MachinePool `json:"defaultMachinePlatform,omitempty"` } + +// ServiceEndpoint store the configuration for services to +// override existing defaults of AWS Services. +type ServiceEndpoint struct { + // Name is the name of the AWS service. + // This must be provided and cannot be empty. + Name string `json:"name"` + + // URL is fully qualified URI with scheme https, that overrides the default generated + // endpoint for a client. + // This must be provided and cannot be empty. + URL string `json:"url"` +} diff --git a/pkg/types/aws/validation/platform.go b/pkg/types/aws/validation/platform.go index 183bfb13e8f..64bdf4d11e0 100644 --- a/pkg/types/aws/validation/platform.go +++ b/pkg/types/aws/validation/platform.go @@ -1,63 +1,71 @@ package validation import ( - "sort" + "fmt" + "net/url" + "regexp" "k8s.io/apimachinery/pkg/util/validation/field" "github.com/openshift/installer/pkg/types/aws" ) -var ( - // Regions is a map of the known AWS regions. The key of the map is - // the short name of the region. The value of the map is the long - // name of the region. - Regions = map[string]string{ - //"ap-east-1": "Hong Kong", - "ap-northeast-1": "Tokyo", - "ap-northeast-2": "Seoul", - //"ap-northeast-3": "Osaka-Local", - "ap-south-1": "Mumbai", - "ap-southeast-1": "Singapore", - "ap-southeast-2": "Sydney", - "ca-central-1": "Central", - //"cn-north-1": "Beijing", - //"cn-northwest-1": "Ningxia", - "eu-central-1": "Frankfurt", - "eu-north-1": "Stockholm", - "eu-west-1": "Ireland", - "eu-west-2": "London", - "eu-west-3": "Paris", - "me-south-1": "Bahrain", - "sa-east-1": "São Paulo", - "us-east-1": "N. Virginia", - "us-east-2": "Ohio", - //"us-gov-east-1": "AWS GovCloud (US-East)", - //"us-gov-west-1": "AWS GovCloud (US-West)", - "us-west-1": "N. California", - "us-west-2": "Oregon", - } - - validRegionValues = func() []string { - validValues := make([]string, len(Regions)) - i := 0 - for r := range Regions { - validValues[i] = r - i++ - } - sort.Strings(validValues) - return validValues - }() -) - // ValidatePlatform checks that the specified platform is valid. func ValidatePlatform(p *aws.Platform, fldPath *field.Path) field.ErrorList { allErrs := field.ErrorList{} - if _, ok := Regions[p.Region]; !ok { - allErrs = append(allErrs, field.NotSupported(fldPath.Child("region"), p.Region, validRegionValues)) + + if p.Region == "" { + allErrs = append(allErrs, field.Required(fldPath.Child("region"), "region must be specified")) } + + allErrs = append(allErrs, validateServiceEndpoints(p.ServiceEndpoints, fldPath.Child("serviceEndpoints"))...) + if p.DefaultMachinePlatform != nil { allErrs = append(allErrs, ValidateMachinePool(p, p.DefaultMachinePlatform, fldPath.Child("defaultMachinePlatform"))...) } return allErrs } + +func validateServiceEndpoints(endpoints []aws.ServiceEndpoint, fldPath *field.Path) field.ErrorList { + allErrs := field.ErrorList{} + tracker := map[string]int{} + for idx, e := range endpoints { + fldp := fldPath.Index(idx) + if eidx, ok := tracker[e.Name]; ok { + allErrs = append(allErrs, field.Invalid(fldp.Child("name"), e.Name, fmt.Sprintf("duplicate service endpoint not allowed for %s, service endpoint already defined at %s", e.Name, fldPath.Index(eidx)))) + } else { + tracker[e.Name] = idx + } + + if err := validateServiceURL(e.URL); err != nil { + allErrs = append(allErrs, field.Invalid(fldp.Child("url"), e.URL, err.Error())) + } + } + return allErrs +} + +var schemeRE = regexp.MustCompile("^([^:]+)://") + +func validateServiceURL(uri string) error { + endpoint := uri + if !schemeRE.MatchString(endpoint) { + scheme := "https" + endpoint = fmt.Sprintf("%s://%s", scheme, endpoint) + } + + u, err := url.Parse(endpoint) + if err != nil { + return err + } + if u.Hostname() == "" { + return fmt.Errorf("host cannot be empty, empty host provided") + } + if s := u.Scheme; s != "https" { + return fmt.Errorf("invalid scheme %s, only https allowed", s) + } + if r := u.RequestURI(); r != "/" { + return fmt.Errorf("no path or request parameters must be provided, %q was provided", r) + } + + return nil +} diff --git a/pkg/types/aws/validation/platform_test.go b/pkg/types/aws/validation/platform_test.go index 957cc38f81e..3626d7e0f36 100644 --- a/pkg/types/aws/validation/platform_test.go +++ b/pkg/types/aws/validation/platform_test.go @@ -13,21 +13,90 @@ func TestValidatePlatform(t *testing.T) { cases := []struct { name string platform *aws.Platform - valid bool + expected string }{ { name: "minimal", platform: &aws.Platform{ Region: "us-east-1", }, - valid: true, }, { name: "invalid region", platform: &aws.Platform{ - Region: "bad-region", + Region: "", }, - valid: false, + expected: `^test-path\.region: Required value: region must be specified$`, + }, + { + name: "invalid url for service endpoint", + platform: &aws.Platform{ + Region: "us-east-1", + ServiceEndpoints: []aws.ServiceEndpoint{{ + Name: "ec2", + URL: "/path/some", + }}, + }, + expected: `^test-path\.serviceEndpoints\[0\]\.url: Invalid value: "(.*)": host cannot be empty, empty host provided$`, + }, + { + name: "invalid url for service endpoint", + platform: &aws.Platform{ + Region: "us-east-1", + ServiceEndpoints: []aws.ServiceEndpoint{{ + Name: "ec2", + URL: "https://test-ec2.random.local/path/some", + }}, + }, + expected: `^test-path\.serviceEndpoints\[0\]\.url: Invalid value: "(.*)": no path or request parameters must be provided, "/path/some" was provided$`, + }, + { + name: "invalid url for service endpoint", + platform: &aws.Platform{ + Region: "us-east-1", + ServiceEndpoints: []aws.ServiceEndpoint{{ + Name: "ec2", + URL: "https://test-ec2.random.local?foo=some", + }}, + }, + expected: `^test-path\.serviceEndpoints\[0\]\.url: Invalid value: "(.*)": no path or request parameters must be provided, "/\?foo=some" was provided$`, + }, + { + name: "valid url for service endpoint", + platform: &aws.Platform{ + Region: "us-east-1", + ServiceEndpoints: []aws.ServiceEndpoint{{ + Name: "ec2", + URL: "test-ec2.random.local", + }}, + }, + }, + { + name: "valid url for service endpoint", + platform: &aws.Platform{ + Region: "us-east-1", + ServiceEndpoints: []aws.ServiceEndpoint{{ + Name: "ec2", + URL: "https://test-ec2.random.local", + }}, + }, + }, + { + name: "duplicate service endpoints", + platform: &aws.Platform{ + Region: "us-east-1", + ServiceEndpoints: []aws.ServiceEndpoint{{ + Name: "ec2", + URL: "test-ec2.random.local", + }, { + Name: "s3", + URL: "test-ec2.random.local", + }, { + Name: "ec2", + URL: "test-ec2.random.local", + }}, + }, + expected: `^test-path\.serviceEndpoints\[2\]\.name: Invalid value: "ec2": duplicate service endpoint not allowed for ec2, service endpoint already defined at test-path\.serviceEndpoints\[0\]$`, }, { name: "valid machine pool", @@ -35,7 +104,6 @@ func TestValidatePlatform(t *testing.T) { Region: "us-east-1", DefaultMachinePlatform: &aws.MachinePool{}, }, - valid: true, }, { name: "invalid machine pool", @@ -47,16 +115,16 @@ func TestValidatePlatform(t *testing.T) { }, }, }, - valid: false, + expected: `^test-path\.defaultMachinePlatform\.iops: Invalid value: -10: Storage IOPS must be positive$`, }, } for _, tc := range cases { t.Run(tc.name, func(t *testing.T) { err := ValidatePlatform(tc.platform, field.NewPath("test-path")).ToAggregate() - if tc.valid { + if tc.expected == "" { assert.NoError(t, err) } else { - assert.Error(t, err) + assert.Regexp(t, tc.expected, err) } }) } diff --git a/pkg/types/validation/installconfig_test.go b/pkg/types/validation/installconfig_test.go index 1465d31c3f3..18d02fc1703 100644 --- a/pkg/types/validation/installconfig_test.go +++ b/pkg/types/validation/installconfig_test.go @@ -518,7 +518,7 @@ func TestValidateInstallConfig(t *testing.T) { } return c }(), - expectedError: `^platform\.aws\.region: Unsupported value: "": supported values: "ap-northeast-1", "ap-northeast-2", "ap-south-1", "ap-southeast-1", "ap-southeast-2", "ca-central-1", "eu-central-1", "eu-north-1", "eu-west-1", "eu-west-2", "eu-west-3", "me-south-1", "sa-east-1", "us-east-1", "us-east-2", "us-west-1", "us-west-2"$`, + expectedError: `^platform\.aws\.region: Required value: region must be specified$`, }, { name: "valid libvirt platform", diff --git a/platformtests/aws/README.md b/platformtests/aws/README.md deleted file mode 100644 index e090126a376..00000000000 --- a/platformtests/aws/README.md +++ /dev/null @@ -1,12 +0,0 @@ -# AWS Tests - -This directory contains test suites checking AWS-specific assumptions. -Run with: - -```console -$ AWS_PROFILE=your-profile go test . -``` - -or similar (it needs access to [your AWS credentials][credentials]). - -[credentials]: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html diff --git a/platformtests/aws/default_instance_class_test.go b/platformtests/aws/default_instance_class_test.go deleted file mode 100644 index 365646ead84..00000000000 --- a/platformtests/aws/default_instance_class_test.go +++ /dev/null @@ -1,180 +0,0 @@ -package aws - -import ( - "fmt" - "reflect" - "strings" - "testing" - - "github.com/aws/aws-sdk-go/aws" - "github.com/aws/aws-sdk-go/service/ec2" - "github.com/aws/aws-sdk-go/service/pricing" - awsutil "github.com/openshift/installer/pkg/asset/installconfig/aws" - "github.com/openshift/installer/pkg/types/aws/defaults" - "github.com/openshift/installer/pkg/types/aws/validation" - "github.com/stretchr/testify/assert" -) - -func TestGetDefaultInstanceClass(t *testing.T) { - preferredInstanceClasses := []string{"m4", "m5"} // decreasing precedence - - ssn, err := awsutil.GetSession() - if err != nil { - t.Fatal(err) - } - - exists := struct{}{} - pricingInstanceClasses := map[string]map[string]struct{}{} - - pricingClient := pricing.New(ssn, aws.NewConfig().WithRegion("us-east-1")) - err = pricingClient.GetProductsPages( - &pricing.GetProductsInput{ - ServiceCode: aws.String("AmazonEC2"), - Filters: []*pricing.Filter{ - { - Field: aws.String("tenancy"), - Type: aws.String("TERM_MATCH"), - Value: aws.String("Shared"), - }, - { - Field: aws.String("productFamily"), - Type: aws.String("TERM_MATCH"), - Value: aws.String("Compute Instance"), - }, - { - Field: aws.String("operatingSystem"), - Type: aws.String("TERM_MATCH"), - Value: aws.String("Linux"), - }, - { - Field: aws.String("instanceFamily"), - Type: aws.String("TERM_MATCH"), - Value: aws.String("General purpose"), - }, - }, - }, - func(result *pricing.GetProductsOutput, lastPage bool) bool { - for _, priceList := range result.PriceList { - product := priceList["product"].(map[string]interface{}) - attr := product["attributes"].(map[string]interface{}) - location := attr["location"].(string) - instanceType := attr["instanceType"].(string) - instanceClassSlice := strings.Split(instanceType, ".") - instanceClass := instanceClassSlice[0] - _, ok := pricingInstanceClasses[location] - if ok { - pricingInstanceClasses[location][instanceClass] = exists - } else { - pricingInstanceClasses[location] = map[string]struct{}{instanceClass: exists} - } - } - return !lastPage - }, - ) - if err != nil { - t.Fatal(err) - } - - regions := map[string]string{ // seed with locations that don't match AWS's usual names - "AWS GovCloud (US)": "us-gov-west-1", - "AWS GovCloud (US-East)": "us-gov-east-1", - "Asia Pacific (Hong Kong)": "ap-east-1", - "Asia Pacific (Osaka-Local)": "ap-northeast-3", - "EU (Stockholm)": "eu-north-1", - "Middle East (Bahrain)": "me-south-1", - "South America (Sao Paulo)": "sa-east-1", - } - - for location, classes := range pricingInstanceClasses { - t.Run(location, func(t *testing.T) { - region, ok := regions[location] - if !ok { - for slug, name := range validation.Regions { - if strings.Contains(location, name) { - regions[location] = slug - region = slug - break - } - } - if region == "" { - t.Fatal("not a recognized region") - } - } - - ec2Client := ec2.New(ssn, aws.NewConfig().WithRegion(region)) - zonesResponse, err := ec2Client.DescribeAvailabilityZones(nil) - if err != nil { - t.Logf("no direct access to region, assuming full support: %v", err) - - var match string - for _, instanceClass := range preferredInstanceClasses { - if _, ok := classes[instanceClass]; ok { - match = instanceClass - break - } - } - - if match == "" { - t.Fatalf("none of the preferred instance classes are priced: %v", classes) - } - - t.Log(classes) - assert.Equal(t, defaults.InstanceClass(region), match) - return - } - - zones := make(map[string]struct{}, len(zonesResponse.AvailabilityZones)) - for _, zone := range zonesResponse.AvailabilityZones { - zones[*zone.ZoneName] = exists - } - - available := make(map[string]map[string]struct{}, len(preferredInstanceClasses)) - var allowed []string - - for _, instanceClass := range preferredInstanceClasses { - if _, ok := classes[instanceClass]; !ok { - t.Logf("skip the unpriced %s", instanceClass) - continue - } - - available[instanceClass] = make(map[string]struct{}, len(zones)) - exampleInstanceType := fmt.Sprintf("%s.large", instanceClass) - err := ec2Client.DescribeReservedInstancesOfferingsPages( - &ec2.DescribeReservedInstancesOfferingsInput{ - Filters: []*ec2.Filter{ - {Name: aws.String("scope"), Values: []*string{aws.String("Availability Zone")}}, - }, - InstanceTenancy: aws.String("default"), - InstanceType: &exampleInstanceType, - ProductDescription: aws.String("Linux/UNIX"), - }, - func(results *ec2.DescribeReservedInstancesOfferingsOutput, lastPage bool) bool { - for _, offering := range results.ReservedInstancesOfferings { - if offering.AvailabilityZone == nil { - continue - } - - available[instanceClass][*offering.AvailabilityZone] = exists - } - - return !lastPage - }, - ) - if err != nil { - t.Fatal(err) - } - - if reflect.DeepEqual(available[instanceClass], zones) { - allowed = append(allowed, instanceClass) - } - } - - if len(allowed) == 0 { - t.Fatalf("none of the preferred instance classes are fully supported: %v", available) - } - - t.Log(available) - assert.Contains(t, allowed, defaults.InstanceClass(region)) - }) - } -} diff --git a/vendor/github.com/openshift/api/LICENSE b/vendor/github.com/openshift/api/LICENSE index 8dada3edaf5..5c389317ecc 100644 --- a/vendor/github.com/openshift/api/LICENSE +++ b/vendor/github.com/openshift/api/LICENSE @@ -1,3 +1,4 @@ + Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ @@ -175,18 +176,7 @@ END OF TERMS AND CONDITIONS - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "{}" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright {yyyy} {name of copyright owner} + Copyright 2020 Red Hat, Inc. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_apiserver.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_apiserver.crd.yaml index 4e1fdac3704..ebabc900951 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_apiserver.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_apiserver.crd.yaml @@ -165,6 +165,11 @@ spec: \n minTLSVersion: TLSv1.1 \n NOTE: currently the highest minTLSVersion allowed is VersionTLS12" type: string + enum: + - VersionTLS10 + - VersionTLS11 + - VersionTLS12 + - VersionTLS13 nullable: true intermediate: description: "intermediate is a TLS security profile based on: \n @@ -215,5 +220,10 @@ spec: profile is currently not supported because it is not yet well adopted by common software libraries." type: string + enum: + - Old + - Intermediate + - Modern + - Custom status: type: object diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd.yaml index bb95918d9da..0fbf020bd81 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd.yaml @@ -64,7 +64,7 @@ spec: type: string serviceAccountIssuer: description: serviceAccountIssuer is the identifier of the bound service - account token issuer. The default is auth.openshift.io. + account token issuer. The default is https://kubernetes.default.svc type: string type: description: type identifies the cluster managed, user facing authentication diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure.crd.yaml index 8da8bb45ad4..80e2de3b803 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure.crd.yaml @@ -53,6 +53,89 @@ spec: type: string name: type: string + platformSpec: + description: platformSpec holds desired information specific to the + underlying infrastructure provider. + type: object + properties: + aws: + description: AWS contains settings specific to the Amazon Web Services + infrastructure provider. + type: object + properties: + serviceEndpoints: + description: serviceEndpoints list contains custom endpoints + which will override default service endpoint of AWS Services. + There must be only one ServiceEndpoint for a service. + type: array + items: + description: AWSServiceEndpoint store the configuration of + a custom url to override existing defaults of AWS Services. + type: object + properties: + name: + description: name is the name of the AWS service. The + list of all the service names can be found at https://docs.aws.amazon.com/general/latest/gr/aws-service-information.html + This must be provided and cannot be empty. + type: string + pattern: ^[a-z0-9-]+$ + url: + description: url is fully qualified URI with scheme https, + that overrides the default generated endpoint for a + client. This must be provided and cannot be empty. + type: string + pattern: ^https:// + azure: + description: Azure contains settings specific to the Azure infrastructure + provider. + type: object + baremetal: + description: BareMetal contains settings specific to the BareMetal + platform. + type: object + gcp: + description: GCP contains settings specific to the Google Cloud + Platform infrastructure provider. + type: object + ibmcloud: + description: IBMCloud contains settings specific to the IBMCloud + infrastructure provider. + type: object + openstack: + description: OpenStack contains settings specific to the OpenStack + infrastructure provider. + type: object + ovirt: + description: Ovirt contains settings specific to the oVirt infrastructure + provider. + type: object + type: + description: type is the underlying infrastructure provider for + the cluster. This value controls whether infrastructure automation + such as service load balancers, dynamic volume provisioning, machine + creation and deletion, and other integrations are enabled. If + None, no infrastructure automation is enabled. Allowed values + are "AWS", "Azure", "BareMetal", "GCP", "Libvirt", "OpenStack", + "VSphere", "oVirt", and "None". Individual components may not + support all platforms, and must handle unrecognized platforms + as None if they do not support that platform. + type: string + enum: + - "" + - AWS + - Azure + - BareMetal + - GCP + - Libvirt + - OpenStack + - None + - VSphere + - oVirt + - IBMCloud + vsphere: + description: VSphere contains settings specific to the VSphere infrastructure + provider. + type: object status: description: status holds observed values from the cluster. They may not be overridden. @@ -82,6 +165,18 @@ spec: description: "platform is the underlying infrastructure provider for the cluster. \n Deprecated: Use platformStatus.type instead." type: string + enum: + - "" + - AWS + - Azure + - BareMetal + - GCP + - Libvirt + - OpenStack + - None + - VSphere + - oVirt + - IBMCloud platformStatus: description: platformStatus holds status information specific to the underlying infrastructure provider. @@ -96,6 +191,28 @@ spec: description: region holds the default AWS region for new AWS resources created by the cluster. type: string + serviceEndpoints: + description: ServiceEndpoints list contains custom endpoints + which will override default service endpoint of AWS Services. + There must be only one ServiceEndpoint for a service. + type: array + items: + description: AWSServiceEndpoint store the configuration of + a custom url to override existing defaults of AWS Services. + type: object + properties: + name: + description: name is the name of the AWS service. The + list of all the service names can be found at https://docs.aws.amazon.com/general/latest/gr/aws-service-information.html + This must be provided and cannot be empty. + type: string + pattern: ^[a-z0-9-]+$ + url: + description: url is fully qualified URI with scheme https, + that overrides the default generated endpoint for a + client. This must be provided and cannot be empty. + type: string + pattern: ^https:// azure: description: Azure contains settings specific to the Azure infrastructure provider. @@ -150,6 +267,22 @@ spec: description: region holds the region for new GCP resources created for the cluster. type: string + ibmcloud: + description: IBMCloud contains settings specific to the IBMCloud + infrastructure provider. + type: object + properties: + location: + description: Location is where the cluster has been deployed + type: string + providerType: + description: ProviderType indicates the type of cluster that + was created + type: string + resourceGroupName: + description: ResourceGroupName is the Resource Group for new + IBMCloud resources created for the cluster. + type: string openstack: description: OpenStack contains settings specific to the OpenStack infrastructure provider. @@ -209,16 +342,30 @@ spec: to the nodes in the cluster. type: string type: - description: type is the underlying infrastructure provider for + description: "type is the underlying infrastructure provider for the cluster. This value controls whether infrastructure automation such as service load balancers, dynamic volume provisioning, machine creation and deletion, and other integrations are enabled. If None, no infrastructure automation is enabled. Allowed values - are "AWS", "Azure", "BareMetal", "GCP", "Libvirt", "OpenStack", - "VSphere", "oVirt", and "None". Individual components may not - support all platforms, and must handle unrecognized platforms - as None if they do not support that platform. + are \"AWS\", \"Azure\", \"BareMetal\", \"GCP\", \"Libvirt\", \"OpenStack\", + \"VSphere\", \"oVirt\", and \"None\". Individual components may + not support all platforms, and must handle unrecognized platforms + as None if they do not support that platform. \n This value will + be synced with to the `status.platform` and `status.platformStatus.type`. + Currently this value cannot be changed once set." type: string + enum: + - "" + - AWS + - Azure + - BareMetal + - GCP + - Libvirt + - OpenStack + - None + - VSphere + - oVirt + - IBMCloud vsphere: description: VSphere contains settings specific to the VSphere infrastructure provider. diff --git a/vendor/github.com/openshift/api/config/v1/types_authentication.go b/vendor/github.com/openshift/api/config/v1/types_authentication.go index df2cdf2b9ae..4f87bd5219d 100644 --- a/vendor/github.com/openshift/api/config/v1/types_authentication.go +++ b/vendor/github.com/openshift/api/config/v1/types_authentication.go @@ -53,7 +53,7 @@ type AuthenticationSpec struct { // serviceAccountIssuer is the identifier of the bound service account token // issuer. - // The default is auth.openshift.io. + // The default is https://kubernetes.default.svc // +optional ServiceAccountIssuer string `json:"serviceAccountIssuer"` } diff --git a/vendor/github.com/openshift/api/config/v1/types_console.go b/vendor/github.com/openshift/api/config/v1/types_console.go index 22b0b5160ae..d64219300dd 100644 --- a/vendor/github.com/openshift/api/config/v1/types_console.go +++ b/vendor/github.com/openshift/api/config/v1/types_console.go @@ -1,6 +1,8 @@ package v1 -import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) // +genclient // +genclient:nonNamespaced diff --git a/vendor/github.com/openshift/api/config/v1/types_feature.go b/vendor/github.com/openshift/api/config/v1/types_feature.go index ce901262729..8bbed607774 100644 --- a/vendor/github.com/openshift/api/config/v1/types_feature.go +++ b/vendor/github.com/openshift/api/config/v1/types_feature.go @@ -112,6 +112,7 @@ var FeatureSets = map[FeatureSet]*FeatureGateEnabledDisabled{ var defaultFeatures = &FeatureGateEnabledDisabled{ Enabled: []string{ + "APIPriorityAndFairness", // sig-apimachinery, deads2k "RotateKubeletServerCertificate", // sig-pod, sjenning "SupportPodPidsLimit", // sig-pod, sjenning "NodeDisruptionExclusion", // sig-scheduling, ccoleman diff --git a/vendor/github.com/openshift/api/config/v1/types_infrastructure.go b/vendor/github.com/openshift/api/config/v1/types_infrastructure.go index 02e38beb057..ece13868b7a 100644 --- a/vendor/github.com/openshift/api/config/v1/types_infrastructure.go +++ b/vendor/github.com/openshift/api/config/v1/types_infrastructure.go @@ -28,6 +28,10 @@ type InfrastructureSpec struct { // The namespace for this config map is openshift-config. // +optional CloudConfig ConfigMapFileReference `json:"cloudConfig"` + + // platformSpec holds desired information specific to the underlying + // infrastructure provider. + PlatformSpec PlatformSpec `json:"platformSpec,omitempty"` } // InfrastructureStatus describes the infrastructure the cluster is leveraging. @@ -65,6 +69,7 @@ type InfrastructureStatus struct { } // PlatformType is a specific supported infrastructure provider. +// +kubebuilder:validation:Enum="";AWS;Azure;BareMetal;GCP;Libvirt;OpenStack;None;VSphere;oVirt;IBMCloud type PlatformType string const ( @@ -110,6 +115,55 @@ const ( IBMCloudProviderTypeVPC IBMCloudProviderType = "VPC" ) +// PlatformSpec holds the desired state specific to the underlying infrastructure provider +// of the current cluster. Since these are used at spec-level for the underlying cluster, it +// is supposed that only one of the spec structs is set. +type PlatformSpec struct { + // type is the underlying infrastructure provider for the cluster. This + // value controls whether infrastructure automation such as service load + // balancers, dynamic volume provisioning, machine creation and deletion, and + // other integrations are enabled. If None, no infrastructure automation is + // enabled. Allowed values are "AWS", "Azure", "BareMetal", "GCP", "Libvirt", + // "OpenStack", "VSphere", "oVirt", and "None". Individual components may not support + // all platforms, and must handle unrecognized platforms as None if they do + // not support that platform. + // + // +unionDiscriminator + Type PlatformType `json:"type"` + + // AWS contains settings specific to the Amazon Web Services infrastructure provider. + // +optional + AWS *AWSPlatformSpec `json:"aws,omitempty"` + + // Azure contains settings specific to the Azure infrastructure provider. + // +optional + Azure *AzurePlatformSpec `json:"azure,omitempty"` + + // GCP contains settings specific to the Google Cloud Platform infrastructure provider. + // +optional + GCP *GCPPlatformSpec `json:"gcp,omitempty"` + + // BareMetal contains settings specific to the BareMetal platform. + // +optional + BareMetal *BareMetalPlatformSpec `json:"baremetal,omitempty"` + + // OpenStack contains settings specific to the OpenStack infrastructure provider. + // +optional + OpenStack *OpenStackPlatformSpec `json:"openstack,omitempty"` + + // Ovirt contains settings specific to the oVirt infrastructure provider. + // +optional + Ovirt *OvirtPlatformSpec `json:"ovirt,omitempty"` + + // VSphere contains settings specific to the VSphere infrastructure provider. + // +optional + VSphere *VSpherePlatformSpec `json:"vsphere,omitempty"` + + // IBMCloud contains settings specific to the IBMCloud infrastructure provider. + // +optional + IBMCloud *IBMCloudPlatformSpec `json:"ibmcloud,omitempty"` +} + // PlatformStatus holds the current status specific to the underlying infrastructure provider // of the current cluster. Since these are used at status-level for the underlying cluster, it // is supposed that only one of the status structs is set. @@ -122,6 +176,9 @@ type PlatformStatus struct { // "OpenStack", "VSphere", "oVirt", and "None". Individual components may not support // all platforms, and must handle unrecognized platforms as None if they do // not support that platform. + // + // This value will be synced with to the `status.platform` and `status.platformStatus.type`. + // Currently this value cannot be changed once set. Type PlatformType `json:"type"` // AWS contains settings specific to the Amazon Web Services infrastructure provider. @@ -151,14 +208,56 @@ type PlatformStatus struct { // VSphere contains settings specific to the VSphere infrastructure provider. // +optional VSphere *VSpherePlatformStatus `json:"vsphere,omitempty"` + + // IBMCloud contains settings specific to the IBMCloud infrastructure provider. + // +optional + IBMCloud *IBMCloudPlatformStatus `json:"ibmcloud,omitempty"` +} + +// AWSServiceEndpoint store the configuration of a custom url to +// override existing defaults of AWS Services. +type AWSServiceEndpoint struct { + // name is the name of the AWS service. + // The list of all the service names can be found at https://docs.aws.amazon.com/general/latest/gr/aws-service-information.html + // This must be provided and cannot be empty. + // + // +kubebuilder:validation:Pattern=`^[a-z0-9-]+$` + Name string `json:"name"` + + // url is fully qualified URI with scheme https, that overrides the default generated + // endpoint for a client. + // This must be provided and cannot be empty. + // + // +kubebuilder:validation:Pattern=`^https://` + URL string `json:"url"` +} + +// AWSPlatformSpec holds the desired state of the Amazon Web Services infrastructure provider. +// This only includes fields that can be modified in the cluster. +type AWSPlatformSpec struct { + // serviceEndpoints list contains custom endpoints which will override default + // service endpoint of AWS Services. + // There must be only one ServiceEndpoint for a service. + // +optional + ServiceEndpoints []AWSServiceEndpoint `json:"serviceEndpoints,omitempty"` } // AWSPlatformStatus holds the current status of the Amazon Web Services infrastructure provider. type AWSPlatformStatus struct { // region holds the default AWS region for new AWS resources created by the cluster. Region string `json:"region"` + + // ServiceEndpoints list contains custom endpoints which will override default + // service endpoint of AWS Services. + // There must be only one ServiceEndpoint for a service. + // +optional + ServiceEndpoints []AWSServiceEndpoint `json:"serviceEndpoints,omitempty"` } +// AzurePlatformSpec holds the desired state of the Azure infrastructure provider. +// This only includes fields that can be modified in the cluster. +type AzurePlatformSpec struct{} + // AzurePlatformStatus holds the current status of the Azure infrastructure provider. type AzurePlatformStatus struct { // resourceGroupName is the Resource Group for new Azure resources created for the cluster. @@ -170,6 +269,10 @@ type AzurePlatformStatus struct { NetworkResourceGroupName string `json:"networkResourceGroupName,omitempty"` } +// GCPPlatformSpec holds the desired state of the Google Cloud Platform infrastructure provider. +// This only includes fields that can be modified in the cluster. +type GCPPlatformSpec struct{} + // GCPPlatformStatus holds the current status of the Google Cloud Platform infrastructure provider. type GCPPlatformStatus struct { // resourceGroupName is the Project ID for new GCP resources created for the cluster. @@ -179,6 +282,10 @@ type GCPPlatformStatus struct { Region string `json:"region"` } +// BareMetalPlatformSpec holds the desired state of the BareMetal infrastructure provider. +// This only includes fields that can be modified in the cluster. +type BareMetalPlatformSpec struct{} + // BareMetalPlatformStatus holds the current status of the BareMetal infrastructure provider. // For more information about the network architecture used with the BareMetal platform type, see: // https://github.com/openshift/installer/blob/master/docs/design/baremetal/networking-infrastructure.md @@ -202,6 +309,10 @@ type BareMetalPlatformStatus struct { NodeDNSIP string `json:"nodeDNSIP,omitempty"` } +// OpenStackPlatformSpec holds the desired state of the OpenStack infrastructure provider. +// This only includes fields that can be modified in the cluster. +type OpenStackPlatformSpec struct{} + // OpenStackPlatformStatus holds the current status of the OpenStack infrastructure provider. type OpenStackPlatformStatus struct { // apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used @@ -227,6 +338,10 @@ type OpenStackPlatformStatus struct { NodeDNSIP string `json:"nodeDNSIP,omitempty"` } +// OvirtPlatformSpec holds the desired state of the oVirt infrastructure provider. +// This only includes fields that can be modified in the cluster. +type OvirtPlatformSpec struct{} + // OvirtPlatformStatus holds the current status of the oVirt infrastructure provider. type OvirtPlatformStatus struct { // apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used @@ -248,6 +363,10 @@ type OvirtPlatformStatus struct { NodeDNSIP string `json:"nodeDNSIP,omitempty"` } +// VSpherePlatformSpec holds the desired state of the vSphere infrastructure provider. +// This only includes fields that can be modified in the cluster. +type VSpherePlatformSpec struct{} + // VSpherePlatformStatus holds the current status of the vSphere infrastructure provider. type VSpherePlatformStatus struct { // apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used @@ -269,6 +388,10 @@ type VSpherePlatformStatus struct { NodeDNSIP string `json:"nodeDNSIP,omitempty"` } +// IBMCloudPlatformSpec holds the desired state of the IBMCloud infrastructure provider. +// This only includes fields that can be modified in the cluster. +type IBMCloudPlatformSpec struct{} + //IBMCloudPlatformStatus holds the current status of the IBMCloud infrastructure provider. type IBMCloudPlatformStatus struct { // Location is where the cluster has been deployed diff --git a/vendor/github.com/openshift/api/config/v1/types_operatorhub.go b/vendor/github.com/openshift/api/config/v1/types_operatorhub.go index 1d998bf37d9..1b2b7f82e9e 100644 --- a/vendor/github.com/openshift/api/config/v1/types_operatorhub.go +++ b/vendor/github.com/openshift/api/config/v1/types_operatorhub.go @@ -37,6 +37,7 @@ type OperatorHubStatus struct { // the state of the default hub sources for OperatorHub on the cluster from // enabled to disabled and vice versa. // +kubebuilder:subresource:status +// +genclient // +genclient:nonNamespaced type OperatorHub struct { metav1.TypeMeta `json:",inline"` diff --git a/vendor/github.com/openshift/api/config/v1/types_tlssecurityprofile.go b/vendor/github.com/openshift/api/config/v1/types_tlssecurityprofile.go index ea788dc162d..9dbacb99668 100644 --- a/vendor/github.com/openshift/api/config/v1/types_tlssecurityprofile.go +++ b/vendor/github.com/openshift/api/config/v1/types_tlssecurityprofile.go @@ -136,6 +136,7 @@ type CustomTLSProfile struct { } // TLSProfileType defines a TLS security profile type. +// +kubebuilder:validation:Enum=Old;Intermediate;Modern;Custom type TLSProfileType string const ( @@ -180,6 +181,7 @@ type TLSProfileSpec struct { // // Note that SSLv3.0 is not a supported protocol version due to well known // vulnerabilities such as POODLE: https://en.wikipedia.org/wiki/POODLE +// +kubebuilder:validation:Enum=VersionTLS10;VersionTLS11;VersionTLS12;VersionTLS13 type TLSProtocolVersion string const ( diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go index 794c67123bf..1403ca3b26f 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go @@ -176,9 +176,35 @@ func (in *APIServerStatus) DeepCopy() *APIServerStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AWSPlatformSpec) DeepCopyInto(out *AWSPlatformSpec) { + *out = *in + if in.ServiceEndpoints != nil { + in, out := &in.ServiceEndpoints, &out.ServiceEndpoints + *out = make([]AWSServiceEndpoint, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSPlatformSpec. +func (in *AWSPlatformSpec) DeepCopy() *AWSPlatformSpec { + if in == nil { + return nil + } + out := new(AWSPlatformSpec) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *AWSPlatformStatus) DeepCopyInto(out *AWSPlatformStatus) { *out = *in + if in.ServiceEndpoints != nil { + in, out := &in.ServiceEndpoints, &out.ServiceEndpoints + *out = make([]AWSServiceEndpoint, len(*in)) + copy(*out, *in) + } return } @@ -192,6 +218,22 @@ func (in *AWSPlatformStatus) DeepCopy() *AWSPlatformStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AWSServiceEndpoint) DeepCopyInto(out *AWSServiceEndpoint) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSServiceEndpoint. +func (in *AWSServiceEndpoint) DeepCopy() *AWSServiceEndpoint { + if in == nil { + return nil + } + out := new(AWSServiceEndpoint) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *AdmissionConfig) DeepCopyInto(out *AdmissionConfig) { *out = *in @@ -359,6 +401,22 @@ func (in *AuthenticationStatus) DeepCopy() *AuthenticationStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AzurePlatformSpec) DeepCopyInto(out *AzurePlatformSpec) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzurePlatformSpec. +func (in *AzurePlatformSpec) DeepCopy() *AzurePlatformSpec { + if in == nil { + return nil + } + out := new(AzurePlatformSpec) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *AzurePlatformStatus) DeepCopyInto(out *AzurePlatformStatus) { *out = *in @@ -375,6 +433,22 @@ func (in *AzurePlatformStatus) DeepCopy() *AzurePlatformStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BareMetalPlatformSpec) DeepCopyInto(out *BareMetalPlatformSpec) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BareMetalPlatformSpec. +func (in *BareMetalPlatformSpec) DeepCopy() *BareMetalPlatformSpec { + if in == nil { + return nil + } + out := new(BareMetalPlatformSpec) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *BareMetalPlatformStatus) DeepCopyInto(out *BareMetalPlatformStatus) { *out = *in @@ -1451,6 +1525,22 @@ func (in *FeatureGateStatus) DeepCopy() *FeatureGateStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GCPPlatformSpec) DeepCopyInto(out *GCPPlatformSpec) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GCPPlatformSpec. +func (in *GCPPlatformSpec) DeepCopy() *GCPPlatformSpec { + if in == nil { + return nil + } + out := new(GCPPlatformSpec) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *GCPPlatformStatus) DeepCopyInto(out *GCPPlatformStatus) { *out = *in @@ -1643,6 +1733,22 @@ func (in *HubSourceStatus) DeepCopy() *HubSourceStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IBMCloudPlatformSpec) DeepCopyInto(out *IBMCloudPlatformSpec) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IBMCloudPlatformSpec. +func (in *IBMCloudPlatformSpec) DeepCopy() *IBMCloudPlatformSpec { + if in == nil { + return nil + } + out := new(IBMCloudPlatformSpec) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *IBMCloudPlatformStatus) DeepCopyInto(out *IBMCloudPlatformStatus) { *out = *in @@ -1868,7 +1974,7 @@ func (in *Infrastructure) DeepCopyInto(out *Infrastructure) { *out = *in out.TypeMeta = in.TypeMeta in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - out.Spec = in.Spec + in.Spec.DeepCopyInto(&out.Spec) in.Status.DeepCopyInto(&out.Status) return } @@ -1928,6 +2034,7 @@ func (in *InfrastructureList) DeepCopyObject() runtime.Object { func (in *InfrastructureSpec) DeepCopyInto(out *InfrastructureSpec) { *out = *in out.CloudConfig = in.CloudConfig + in.PlatformSpec.DeepCopyInto(&out.PlatformSpec) return } @@ -2569,6 +2676,22 @@ func (in *OpenIDIdentityProvider) DeepCopy() *OpenIDIdentityProvider { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OpenStackPlatformSpec) DeepCopyInto(out *OpenStackPlatformSpec) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OpenStackPlatformSpec. +func (in *OpenStackPlatformSpec) DeepCopy() *OpenStackPlatformSpec { + if in == nil { + return nil + } + out := new(OpenStackPlatformSpec) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *OpenStackPlatformStatus) DeepCopyInto(out *OpenStackPlatformStatus) { *out = *in @@ -2704,6 +2827,22 @@ func (in *OperatorHubStatus) DeepCopy() *OperatorHubStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OvirtPlatformSpec) DeepCopyInto(out *OvirtPlatformSpec) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OvirtPlatformSpec. +func (in *OvirtPlatformSpec) DeepCopy() *OvirtPlatformSpec { + if in == nil { + return nil + } + out := new(OvirtPlatformSpec) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *OvirtPlatformStatus) DeepCopyInto(out *OvirtPlatformStatus) { *out = *in @@ -2720,13 +2859,69 @@ func (in *OvirtPlatformStatus) DeepCopy() *OvirtPlatformStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PlatformSpec) DeepCopyInto(out *PlatformSpec) { + *out = *in + if in.AWS != nil { + in, out := &in.AWS, &out.AWS + *out = new(AWSPlatformSpec) + (*in).DeepCopyInto(*out) + } + if in.Azure != nil { + in, out := &in.Azure, &out.Azure + *out = new(AzurePlatformSpec) + **out = **in + } + if in.GCP != nil { + in, out := &in.GCP, &out.GCP + *out = new(GCPPlatformSpec) + **out = **in + } + if in.BareMetal != nil { + in, out := &in.BareMetal, &out.BareMetal + *out = new(BareMetalPlatformSpec) + **out = **in + } + if in.OpenStack != nil { + in, out := &in.OpenStack, &out.OpenStack + *out = new(OpenStackPlatformSpec) + **out = **in + } + if in.Ovirt != nil { + in, out := &in.Ovirt, &out.Ovirt + *out = new(OvirtPlatformSpec) + **out = **in + } + if in.VSphere != nil { + in, out := &in.VSphere, &out.VSphere + *out = new(VSpherePlatformSpec) + **out = **in + } + if in.IBMCloud != nil { + in, out := &in.IBMCloud, &out.IBMCloud + *out = new(IBMCloudPlatformSpec) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PlatformSpec. +func (in *PlatformSpec) DeepCopy() *PlatformSpec { + if in == nil { + return nil + } + out := new(PlatformSpec) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *PlatformStatus) DeepCopyInto(out *PlatformStatus) { *out = *in if in.AWS != nil { in, out := &in.AWS, &out.AWS *out = new(AWSPlatformStatus) - **out = **in + (*in).DeepCopyInto(*out) } if in.Azure != nil { in, out := &in.Azure, &out.Azure @@ -2758,6 +2953,11 @@ func (in *PlatformStatus) DeepCopyInto(out *PlatformStatus) { *out = new(VSpherePlatformStatus) **out = **in } + if in.IBMCloud != nil { + in, out := &in.IBMCloud, &out.IBMCloud + *out = new(IBMCloudPlatformStatus) + **out = **in + } return } @@ -3368,6 +3568,22 @@ func (in *UpdateHistory) DeepCopy() *UpdateHistory { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VSpherePlatformSpec) DeepCopyInto(out *VSpherePlatformSpec) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VSpherePlatformSpec. +func (in *VSpherePlatformSpec) DeepCopy() *VSpherePlatformSpec { + if in == nil { + return nil + } + out := new(VSpherePlatformSpec) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *VSpherePlatformStatus) DeepCopyInto(out *VSpherePlatformStatus) { *out = *in diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go index 982f11c0bc7..6b485ab441d 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go @@ -303,7 +303,7 @@ var map_AuthenticationSpec = map[string]string{ "type": "type identifies the cluster managed, user facing authentication mode in use. Specifically, it manages the component that responds to login attempts. The default is IntegratedOAuth.", "oauthMetadata": "oauthMetadata contains the discovery endpoint data for OAuth 2.0 Authorization Server Metadata for an external OAuth server. This discovery document can be viewed from its served location: oc get --raw '/.well-known/oauth-authorization-server' For further details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 If oauthMetadata.name is non-empty, this value has precedence over any metadata reference stored in status. The key \"oauthMetadata\" is used to locate the data. If specified and the config map or expected key is not found, no metadata is served. If the specified metadata is not valid, no metadata is served. The namespace for this config map is openshift-config.", "webhookTokenAuthenticators": "webhookTokenAuthenticators configures remote token reviewers. These remote authentication webhooks can be used to verify bearer tokens via the tokenreviews.authentication.k8s.io REST API. This is required to honor bearer tokens that are provisioned by an external authentication service. The namespace for these secrets is openshift-config.", - "serviceAccountIssuer": "serviceAccountIssuer is the identifier of the bound service account token issuer. The default is auth.openshift.io.", + "serviceAccountIssuer": "serviceAccountIssuer is the identifier of the bound service account token issuer. The default is https://kubernetes.default.svc", } func (AuthenticationSpec) SwaggerDoc() map[string]string { @@ -677,15 +677,43 @@ func (RegistrySources) SwaggerDoc() map[string]string { return map_RegistrySources } +var map_AWSPlatformSpec = map[string]string{ + "": "AWSPlatformSpec holds the desired state of the Amazon Web Services infrastructure provider. This only includes fields that can be modified in the cluster.", + "serviceEndpoints": "serviceEndpoints list contains custom endpoints which will override default service endpoint of AWS Services. There must be only one ServiceEndpoint for a service.", +} + +func (AWSPlatformSpec) SwaggerDoc() map[string]string { + return map_AWSPlatformSpec +} + var map_AWSPlatformStatus = map[string]string{ - "": "AWSPlatformStatus holds the current status of the Amazon Web Services infrastructure provider.", - "region": "region holds the default AWS region for new AWS resources created by the cluster.", + "": "AWSPlatformStatus holds the current status of the Amazon Web Services infrastructure provider.", + "region": "region holds the default AWS region for new AWS resources created by the cluster.", + "serviceEndpoints": "ServiceEndpoints list contains custom endpoints which will override default service endpoint of AWS Services. There must be only one ServiceEndpoint for a service.", } func (AWSPlatformStatus) SwaggerDoc() map[string]string { return map_AWSPlatformStatus } +var map_AWSServiceEndpoint = map[string]string{ + "": "AWSServiceEndpoint store the configuration of a custom url to override existing defaults of AWS Services.", + "name": "name is the name of the AWS service. The list of all the service names can be found at https://docs.aws.amazon.com/general/latest/gr/aws-service-information.html This must be provided and cannot be empty.", + "url": "url is fully qualified URI with scheme https, that overrides the default generated endpoint for a client. This must be provided and cannot be empty.", +} + +func (AWSServiceEndpoint) SwaggerDoc() map[string]string { + return map_AWSServiceEndpoint +} + +var map_AzurePlatformSpec = map[string]string{ + "": "AzurePlatformSpec holds the desired state of the Azure infrastructure provider. This only includes fields that can be modified in the cluster.", +} + +func (AzurePlatformSpec) SwaggerDoc() map[string]string { + return map_AzurePlatformSpec +} + var map_AzurePlatformStatus = map[string]string{ "": "AzurePlatformStatus holds the current status of the Azure infrastructure provider.", "resourceGroupName": "resourceGroupName is the Resource Group for new Azure resources created for the cluster.", @@ -696,6 +724,14 @@ func (AzurePlatformStatus) SwaggerDoc() map[string]string { return map_AzurePlatformStatus } +var map_BareMetalPlatformSpec = map[string]string{ + "": "BareMetalPlatformSpec holds the desired state of the BareMetal infrastructure provider. This only includes fields that can be modified in the cluster.", +} + +func (BareMetalPlatformSpec) SwaggerDoc() map[string]string { + return map_BareMetalPlatformSpec +} + var map_BareMetalPlatformStatus = map[string]string{ "": "BareMetalPlatformStatus holds the current status of the BareMetal infrastructure provider. For more information about the network architecture used with the BareMetal platform type, see: https://github.com/openshift/installer/blob/master/docs/design/baremetal/networking-infrastructure.md", "apiServerInternalIP": "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers.", @@ -707,6 +743,14 @@ func (BareMetalPlatformStatus) SwaggerDoc() map[string]string { return map_BareMetalPlatformStatus } +var map_GCPPlatformSpec = map[string]string{ + "": "GCPPlatformSpec holds the desired state of the Google Cloud Platform infrastructure provider. This only includes fields that can be modified in the cluster.", +} + +func (GCPPlatformSpec) SwaggerDoc() map[string]string { + return map_GCPPlatformSpec +} + var map_GCPPlatformStatus = map[string]string{ "": "GCPPlatformStatus holds the current status of the Google Cloud Platform infrastructure provider.", "projectID": "resourceGroupName is the Project ID for new GCP resources created for the cluster.", @@ -717,6 +761,14 @@ func (GCPPlatformStatus) SwaggerDoc() map[string]string { return map_GCPPlatformStatus } +var map_IBMCloudPlatformSpec = map[string]string{ + "": "IBMCloudPlatformSpec holds the desired state of the IBMCloud infrastructure provider. This only includes fields that can be modified in the cluster.", +} + +func (IBMCloudPlatformSpec) SwaggerDoc() map[string]string { + return map_IBMCloudPlatformSpec +} + var map_IBMCloudPlatformStatus = map[string]string{ "": "IBMCloudPlatformStatus holds the current status of the IBMCloud infrastructure provider.", "location": "Location is where the cluster has been deployed", @@ -747,8 +799,9 @@ func (InfrastructureList) SwaggerDoc() map[string]string { } var map_InfrastructureSpec = map[string]string{ - "": "InfrastructureSpec contains settings that apply to the cluster infrastructure.", - "cloudConfig": "cloudConfig is a reference to a ConfigMap containing the cloud provider configuration file. This configuration file is used to configure the Kubernetes cloud provider integration when using the built-in cloud provider integration or the external cloud controller manager. The namespace for this config map is openshift-config.", + "": "InfrastructureSpec contains settings that apply to the cluster infrastructure.", + "cloudConfig": "cloudConfig is a reference to a ConfigMap containing the cloud provider configuration file. This configuration file is used to configure the Kubernetes cloud provider integration when using the built-in cloud provider integration or the external cloud controller manager. The namespace for this config map is openshift-config.", + "platformSpec": "platformSpec holds desired information specific to the underlying infrastructure provider.", } func (InfrastructureSpec) SwaggerDoc() map[string]string { @@ -769,6 +822,14 @@ func (InfrastructureStatus) SwaggerDoc() map[string]string { return map_InfrastructureStatus } +var map_OpenStackPlatformSpec = map[string]string{ + "": "OpenStackPlatformSpec holds the desired state of the OpenStack infrastructure provider. This only includes fields that can be modified in the cluster.", +} + +func (OpenStackPlatformSpec) SwaggerDoc() map[string]string { + return map_OpenStackPlatformSpec +} + var map_OpenStackPlatformStatus = map[string]string{ "": "OpenStackPlatformStatus holds the current status of the OpenStack infrastructure provider.", "apiServerInternalIP": "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers.", @@ -781,6 +842,14 @@ func (OpenStackPlatformStatus) SwaggerDoc() map[string]string { return map_OpenStackPlatformStatus } +var map_OvirtPlatformSpec = map[string]string{ + "": "OvirtPlatformSpec holds the desired state of the oVirt infrastructure provider. This only includes fields that can be modified in the cluster.", +} + +func (OvirtPlatformSpec) SwaggerDoc() map[string]string { + return map_OvirtPlatformSpec +} + var map_OvirtPlatformStatus = map[string]string{ "": "OvirtPlatformStatus holds the current status of the oVirt infrastructure provider.", "apiServerInternalIP": "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers.", @@ -792,9 +861,26 @@ func (OvirtPlatformStatus) SwaggerDoc() map[string]string { return map_OvirtPlatformStatus } +var map_PlatformSpec = map[string]string{ + "": "PlatformSpec holds the desired state specific to the underlying infrastructure provider of the current cluster. Since these are used at spec-level for the underlying cluster, it is supposed that only one of the spec structs is set.", + "type": "type is the underlying infrastructure provider for the cluster. This value controls whether infrastructure automation such as service load balancers, dynamic volume provisioning, machine creation and deletion, and other integrations are enabled. If None, no infrastructure automation is enabled. Allowed values are \"AWS\", \"Azure\", \"BareMetal\", \"GCP\", \"Libvirt\", \"OpenStack\", \"VSphere\", \"oVirt\", and \"None\". Individual components may not support all platforms, and must handle unrecognized platforms as None if they do not support that platform.", + "aws": "AWS contains settings specific to the Amazon Web Services infrastructure provider.", + "azure": "Azure contains settings specific to the Azure infrastructure provider.", + "gcp": "GCP contains settings specific to the Google Cloud Platform infrastructure provider.", + "baremetal": "BareMetal contains settings specific to the BareMetal platform.", + "openstack": "OpenStack contains settings specific to the OpenStack infrastructure provider.", + "ovirt": "Ovirt contains settings specific to the oVirt infrastructure provider.", + "vsphere": "VSphere contains settings specific to the VSphere infrastructure provider.", + "ibmcloud": "IBMCloud contains settings specific to the IBMCloud infrastructure provider.", +} + +func (PlatformSpec) SwaggerDoc() map[string]string { + return map_PlatformSpec +} + var map_PlatformStatus = map[string]string{ "": "PlatformStatus holds the current status specific to the underlying infrastructure provider of the current cluster. Since these are used at status-level for the underlying cluster, it is supposed that only one of the status structs is set.", - "type": "type is the underlying infrastructure provider for the cluster. This value controls whether infrastructure automation such as service load balancers, dynamic volume provisioning, machine creation and deletion, and other integrations are enabled. If None, no infrastructure automation is enabled. Allowed values are \"AWS\", \"Azure\", \"BareMetal\", \"GCP\", \"Libvirt\", \"OpenStack\", \"VSphere\", \"oVirt\", and \"None\". Individual components may not support all platforms, and must handle unrecognized platforms as None if they do not support that platform.", + "type": "type is the underlying infrastructure provider for the cluster. This value controls whether infrastructure automation such as service load balancers, dynamic volume provisioning, machine creation and deletion, and other integrations are enabled. If None, no infrastructure automation is enabled. Allowed values are \"AWS\", \"Azure\", \"BareMetal\", \"GCP\", \"Libvirt\", \"OpenStack\", \"VSphere\", \"oVirt\", and \"None\". Individual components may not support all platforms, and must handle unrecognized platforms as None if they do not support that platform.\n\nThis value will be synced with to the `status.platform` and `status.platformStatus.type`. Currently this value cannot be changed once set.", "aws": "AWS contains settings specific to the Amazon Web Services infrastructure provider.", "azure": "Azure contains settings specific to the Azure infrastructure provider.", "gcp": "GCP contains settings specific to the Google Cloud Platform infrastructure provider.", @@ -802,12 +888,21 @@ var map_PlatformStatus = map[string]string{ "openstack": "OpenStack contains settings specific to the OpenStack infrastructure provider.", "ovirt": "Ovirt contains settings specific to the oVirt infrastructure provider.", "vsphere": "VSphere contains settings specific to the VSphere infrastructure provider.", + "ibmcloud": "IBMCloud contains settings specific to the IBMCloud infrastructure provider.", } func (PlatformStatus) SwaggerDoc() map[string]string { return map_PlatformStatus } +var map_VSpherePlatformSpec = map[string]string{ + "": "VSpherePlatformSpec holds the desired state of the vSphere infrastructure provider. This only includes fields that can be modified in the cluster.", +} + +func (VSpherePlatformSpec) SwaggerDoc() map[string]string { + return map_VSpherePlatformSpec +} + var map_VSpherePlatformStatus = map[string]string{ "": "VSpherePlatformStatus holds the current status of the vSphere infrastructure provider.", "apiServerInternalIP": "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers.", diff --git a/vendor/github.com/openshift/api/operator/v1/0000_50_cluster-svcat-apiserver-operator_02_config.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_10_config-operator_01_config.crd.yaml similarity index 93% rename from vendor/github.com/openshift/api/operator/v1/0000_50_cluster-svcat-apiserver-operator_02_config.crd.yaml rename to vendor/github.com/openshift/api/operator/v1/0000_10_config-operator_01_config.crd.yaml index 98322e98402..8ce9fe994e9 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_50_cluster-svcat-apiserver-operator_02_config.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_10_config-operator_01_config.crd.yaml @@ -1,24 +1,23 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: - name: servicecatalogapiservers.operator.openshift.io + name: configs.operator.openshift.io spec: scope: Cluster preserveUnknownFields: false group: operator.openshift.io version: v1 names: - kind: ServiceCatalogAPIServer - plural: servicecatalogapiservers - singular: servicecatalogapiserver + kind: Config + plural: configs + singular: config categories: - coreoperators subresources: status: {} validation: openAPIV3Schema: - description: ServiceCatalogAPIServer provides information to configure an operator - to manage Service Catalog API Server + description: Config provides information to configure the config operator. type: object required: - spec @@ -36,6 +35,8 @@ spec: metadata: type: object spec: + description: spec is the specification of the desired behavior of the Config + Operator. type: object properties: logLevel: @@ -71,6 +72,7 @@ spec: nullable: true x-kubernetes-preserve-unknown-fields: true status: + description: status defines the observed status of the Config Operator. type: object properties: conditions: diff --git a/vendor/github.com/openshift/api/operator/v1/0000_50_cluster-authentication-operator_01_config.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_50_cluster-authentication-operator_01_config.crd.yaml index b983e32adcd..87f910ff393 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_50_cluster-authentication-operator_01_config.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_50_cluster-authentication-operator_01_config.crd.yaml @@ -127,6 +127,17 @@ spec: releases, once https://github.com/openshift/enhancements/blob/master/enhancements/authentication/separate-oauth-resources.md is fully implemented type: boolean + oauthAPIServer: + description: OAuthAPIServer holds status specific only to oauth-apiserver + type: object + properties: + latestAvailableRevision: + description: LatestAvailableRevision is the latest revision used + as suffix of revisioned secrets like encryption-config. A new + revision causes a new deployment of pods. + type: integer + format: int32 + minimum: 0 observedGeneration: description: observedGeneration is the last generation change you've dealt with diff --git a/vendor/github.com/openshift/api/operator/v1/0000_50_cluster-svcat-controller-manager-operator_02_config.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_50_cluster-svcat-controller-manager-operator_02_config.crd.yaml deleted file mode 100644 index 53453298e32..00000000000 --- a/vendor/github.com/openshift/api/operator/v1/0000_50_cluster-svcat-controller-manager-operator_02_config.crd.yaml +++ /dev/null @@ -1,137 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: servicecatalogcontrollermanagers.operator.openshift.io -spec: - scope: Cluster - preserveUnknownFields: false - group: operator.openshift.io - version: v1 - names: - kind: ServiceCatalogControllerManager - plural: servicecatalogcontrollermanagers - singular: servicecatalogcontrollermanager - categories: - - coreoperators - subresources: - status: {} - validation: - openAPIV3Schema: - description: ServiceCatalogControllerManager provides information to configure - an operator to manage Service Catalog Controller Manager - type: object - required: - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - type: object - properties: - logLevel: - description: logLevel is an intent based logging for an overall component. It - does not give fine grained control, but it is a simple way to manage - coarse grained logging choices that operators have to interpret for - their operands. - type: string - managementState: - description: managementState indicates whether and how the operator - should manage the component - type: string - pattern: ^(Managed|Unmanaged|Force|Removed)$ - observedConfig: - description: observedConfig holds a sparse config that controller has - observed from the cluster state. It exists in spec because it is - an input to the level for the operator - type: object - nullable: true - x-kubernetes-preserve-unknown-fields: true - operatorLogLevel: - description: operatorLogLevel is an intent based logging for the operator - itself. It does not give fine grained control, but it is a simple - way to manage coarse grained logging choices that operators have to - interpret for themselves. - type: string - unsupportedConfigOverrides: - description: 'unsupportedConfigOverrides holds a sparse config that - will override any previously set options. It only needs to be the - fields to override it will end up overlaying in the following order: - 1. hardcoded defaults 2. observedConfig 3. unsupportedConfigOverrides' - type: object - nullable: true - x-kubernetes-preserve-unknown-fields: true - status: - type: object - properties: - conditions: - description: conditions is a list of conditions and their status - type: array - items: - description: OperatorCondition is just the standard condition fields. - type: object - properties: - lastTransitionTime: - type: string - format: date-time - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - generations: - description: generations are used to determine when an item needs to - be reconciled or has changed in a way that needs a reaction. - type: array - items: - description: GenerationStatus keeps track of the generation for a - given resource so that decisions about forced updates can be made. - type: object - properties: - group: - description: group is the group of the thing you're tracking - type: string - hash: - description: hash is an optional field set for resources without - generation that are content sensitive like secrets and configmaps - type: string - lastGeneration: - description: lastGeneration is the last generation of the workload - controller involved - type: integer - format: int64 - name: - description: name is the name of the thing you're tracking - type: string - namespace: - description: namespace is where the thing you're tracking is - type: string - resource: - description: resource is the resource type of the thing you're - tracking - type: string - observedGeneration: - description: observedGeneration is the last generation change you've - dealt with - type: integer - format: int64 - readyReplicas: - description: readyReplicas indicates how many replicas are ready and - at the desired state - type: integer - format: int32 - version: - description: version is the level this availability applies to - type: string diff --git a/vendor/github.com/openshift/api/operator/v1/0000_50_ingress-operator_00-custom-resource-definition.yaml b/vendor/github.com/openshift/api/operator/v1/0000_50_ingress-operator_00-custom-resource-definition.yaml index 64d2621deee..2d17132bebf 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_50_ingress-operator_00-custom-resource-definition.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_50_ingress-operator_00-custom-resource-definition.yaml @@ -106,6 +106,9 @@ spec: description: scope indicates the scope at which the load balancer is exposed. Possible values are "External" and "Internal". type: string + enum: + - Internal + - External nodePort: description: nodePort holds parameters for the NodePortService endpoint publishing strategy. Present only if type is NodePortService. @@ -143,6 +146,11 @@ spec: changes to the node port field of the managed NodePort Service will preserved." type: string + enum: + - LoadBalancerService + - HostNetwork + - Private + - NodePortService namespaceSelector: description: "namespaceSelector is used to filter the set of namespaces serviced by the ingress controller. This is useful for implementing @@ -303,6 +311,24 @@ spec: different paths of the same host name across namespaces. \n If empty, the default is Strict." type: string + enum: + - InterNamespaceAllowed + - Strict + wildcardPolicy: + description: "wildcardPolicy describes how routes with wildcard + policies should be handled for the ingress controller. WildcardPolicy + controls use of routes [1] exposed by the ingress controller based + on the route's wildcard policy. \n [1] https://github.com/openshift/api/blob/master/route/v1/types.go + \n Note: Updating WildcardPolicy from WildcardsAllowed to WildcardsDisallowed + will cause admitted routes with a wildcard policy of Subdomain + to stop working. These routes must be updated to a wildcard policy + of None to be readmitted by the ingress controller. \n WildcardPolicy + supports WildcardsAllowed and WildcardsDisallowed values. \n If + empty, defaults to \"WildcardsDisallowed\"." + type: string + enum: + - WildcardsAllowed + - WildcardsDisallowed routeSelector: description: "routeSelector is used to filter the set of Routes serviced by the ingress controller. This is useful for implementing shards. @@ -386,6 +412,11 @@ spec: \n minTLSVersion: TLSv1.1 \n NOTE: currently the highest minTLSVersion allowed is VersionTLS12" type: string + enum: + - VersionTLS10 + - VersionTLS11 + - VersionTLS12 + - VersionTLS13 nullable: true intermediate: description: "intermediate is a TLS security profile based on: \n @@ -436,6 +467,11 @@ spec: profile is currently not supported because it is not yet well adopted by common software libraries." type: string + enum: + - Old + - Intermediate + - Modern + - Custom status: description: status is the most recently observed status of the IngressController. type: object @@ -504,6 +540,9 @@ spec: description: scope indicates the scope at which the load balancer is exposed. Possible values are "External" and "Internal". type: string + enum: + - Internal + - External nodePort: description: nodePort holds parameters for the NodePortService endpoint publishing strategy. Present only if type is NodePortService. @@ -541,6 +580,11 @@ spec: changes to the node port field of the managed NodePort Service will preserved." type: string + enum: + - LoadBalancerService + - HostNetwork + - Private + - NodePortService observedGeneration: description: observedGeneration is the most recent generation observed. type: integer @@ -570,6 +614,11 @@ spec: TLSv1.1 \n NOTE: currently the highest minTLSVersion allowed is VersionTLS12" type: string + enum: + - VersionTLS10 + - VersionTLS11 + - VersionTLS12 + - VersionTLS13 version: v1 versions: - name: v1 diff --git a/vendor/github.com/openshift/api/operator/v1/0000_70_console-operator.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_70_console-operator.crd.yaml index e227469c974..5cabd510747 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_70_console-operator.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_70_console-operator.crd.yaml @@ -123,6 +123,39 @@ spec: description: pageID is the unique ID assigned by Statuspage for your page. This must be a public page. type: string + route: + description: route contains hostname and secret reference that contains + the serving certificate. If a custom route is specified, a new route + will be created with the provided hostname, under which console will + be available. In case of custom hostname uses the default routing + suffix of the cluster, the Secret specification for a serving certificate + will not be needed. In case of custom hostname points to an arbitrary + domain, manual DNS configurations steps are necessary. The default + console route will be maintained to reserve the default hostname for + console if the custom route is removed. If not specified, default + route will be used. + type: object + properties: + hostname: + description: hostname is the desired custom domain under which console + will be available. + type: string + secret: + description: 'secret points to secret in the openshift-config namespace + that contains custom certificate and key and needs to be created + manually by the cluster admin. Referenced Secret is required to + contain following key value pairs: - "tls.crt" - to specifies + custom certificate - "tls.key" - to specifies private key of the + custom certificate If the custom hostname uses the default routing + suffix of the cluster, the Secret specification for a serving + certificate will not be needed.' + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced secret + type: string unsupportedConfigOverrides: description: 'unsupportedConfigOverrides holds a sparse config that will override any previously set options. It only needs to be the diff --git a/vendor/github.com/openshift/api/operator/v1/types_authentication.go b/vendor/github.com/openshift/api/operator/v1/types_authentication.go index 403028dfd07..cf60fb96398 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_authentication.go +++ b/vendor/github.com/openshift/api/operator/v1/types_authentication.go @@ -29,7 +29,20 @@ type AuthenticationStatus struct { // Note that this field will be removed in the future releases, once https://github.com/openshift/enhancements/blob/master/enhancements/authentication/separate-oauth-resources.md is fully implemented // +optional ManagingOAuthAPIServer bool `json:"managingOAuthAPIServer,omitempty"` - OperatorStatus `json:",inline"` + + // OAuthAPIServer holds status specific only to oauth-apiserver + // +optional + OAuthAPIServer OAuthAPIServerStatus `json:"oauthAPIServer,omitempty"` + + OperatorStatus `json:",inline"` +} + +type OAuthAPIServerStatus struct { + // LatestAvailableRevision is the latest revision used as suffix of revisioned + // secrets like encryption-config. A new revision causes a new deployment of pods. + // +optional + // +kubebuilder:validation:Minimum=0 + LatestAvailableRevision int32 `json:"latestAvailableRevision,omitempty"` } // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object diff --git a/vendor/github.com/openshift/api/operator/v1/types_config.go b/vendor/github.com/openshift/api/operator/v1/types_config.go new file mode 100644 index 00000000000..267f3682e8d --- /dev/null +++ b/vendor/github.com/openshift/api/operator/v1/types_config.go @@ -0,0 +1,43 @@ +package v1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// +genclient +// +genclient:nonNamespaced +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// Config provides information to configure the config operator. +type Config struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata"` + + // spec is the specification of the desired behavior of the Config Operator. + // +kubebuilder:validation:Required + // +required + Spec ConfigSpec `json:"spec"` + + // status defines the observed status of the Config Operator. + // +optional + Status ConfigStatus `json:"status"` +} + +type ConfigSpec struct { + OperatorSpec `json:",inline"` +} + +type ConfigStatus struct { + OperatorStatus `json:",inline"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// ConfigList is a collection of items +type ConfigList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata"` + + // Items contains the items + Items []Config `json:"items"` +} diff --git a/vendor/github.com/openshift/api/operator/v1/types_console.go b/vendor/github.com/openshift/api/operator/v1/types_console.go index f766df48f0b..1ef92853575 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_console.go +++ b/vendor/github.com/openshift/api/operator/v1/types_console.go @@ -31,6 +31,32 @@ type ConsoleSpec struct { Customization ConsoleCustomization `json:"customization"` // providers contains configuration for using specific service providers. Providers ConsoleProviders `json:"providers"` + // route contains hostname and secret reference that contains the serving certificate. + // If a custom route is specified, a new route will be created with the + // provided hostname, under which console will be available. + // In case of custom hostname uses the default routing suffix of the cluster, + // the Secret specification for a serving certificate will not be needed. + // In case of custom hostname points to an arbitrary domain, manual DNS configurations steps are necessary. + // The default console route will be maintained to reserve the default hostname + // for console if the custom route is removed. + // If not specified, default route will be used. + // +optional + Route ConsoleConfigRoute `json:"route"` +} + +// ConsoleConfigRoute holds information on external route access to console. +type ConsoleConfigRoute struct { + // hostname is the desired custom domain under which console will be available. + Hostname string `json:"hostname"` + // secret points to secret in the openshift-config namespace that contains custom + // certificate and key and needs to be created manually by the cluster admin. + // Referenced Secret is required to contain following key value pairs: + // - "tls.crt" - to specifies custom certificate + // - "tls.key" - to specifies private key of the custom certificate + // If the custom hostname uses the default routing suffix of the cluster, + // the Secret specification for a serving certificate will not be needed. + // +optional + Secret configv1.SecretNameReference `json:"secret"` } // ConsoleStatus defines the observed status of the Console. diff --git a/vendor/github.com/openshift/api/operator/v1/types_ingress.go b/vendor/github.com/openshift/api/operator/v1/types_ingress.go index 51bac135008..9ebe913df79 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_ingress.go +++ b/vendor/github.com/openshift/api/operator/v1/types_ingress.go @@ -185,6 +185,7 @@ type NodePlacement struct { } // EndpointPublishingStrategyType is a way to publish ingress controller endpoints. +// +kubebuilder:validation:Enum=LoadBalancerService;HostNetwork;Private;NodePortService type EndpointPublishingStrategyType string const ( @@ -204,6 +205,7 @@ const ( ) // LoadBalancerScope is the scope at which a load balancer is exposed. +// +kubebuilder:validation:Enum=Internal;External type LoadBalancerScope string var ( @@ -333,10 +335,43 @@ type RouteAdmissionPolicy struct { // If empty, the default is Strict. // +optional NamespaceOwnership NamespaceOwnershipCheck `json:"namespaceOwnership,omitempty"` + // wildcardPolicy describes how routes with wildcard policies should + // be handled for the ingress controller. WildcardPolicy controls use + // of routes [1] exposed by the ingress controller based on the route's + // wildcard policy. + // + // [1] https://github.com/openshift/api/blob/master/route/v1/types.go + // + // Note: Updating WildcardPolicy from WildcardsAllowed to WildcardsDisallowed + // will cause admitted routes with a wildcard policy of Subdomain to stop + // working. These routes must be updated to a wildcard policy of None to be + // readmitted by the ingress controller. + // + // WildcardPolicy supports WildcardsAllowed and WildcardsDisallowed values. + // + // If empty, defaults to "WildcardsDisallowed". + // + WildcardPolicy WildcardPolicy `json:"wildcardPolicy,omitempty"` } +// WildcardPolicy is a route admission policy component that describes how +// routes with a wildcard policy should be handled. +// +kubebuilder:validation:Enum=WildcardsAllowed;WildcardsDisallowed +type WildcardPolicy string + +const ( + // WildcardPolicyAllowed indicates routes with any wildcard policy are + // admitted by the ingress controller. + WildcardPolicyAllowed WildcardPolicy = "WildcardsAllowed" + + // WildcardPolicyDisallowed indicates only routes with a wildcard policy + // of None are admitted by the ingress controller. + WildcardPolicyDisallowed WildcardPolicy = "WildcardsDisallowed" +) + // NamespaceOwnershipCheck is a route admission policy component that describes // how host name claims across namespaces should be handled. +// +kubebuilder:validation:Enum=InterNamespaceAllowed;Strict type NamespaceOwnershipCheck string const ( diff --git a/vendor/github.com/openshift/api/operator/v1/types_servicecatalogapiserver.go b/vendor/github.com/openshift/api/operator/v1/types_servicecatalogapiserver.go index 7c1a857bb61..4dc98f4a4d0 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_servicecatalogapiserver.go +++ b/vendor/github.com/openshift/api/operator/v1/types_servicecatalogapiserver.go @@ -9,6 +9,7 @@ import ( // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // ServiceCatalogAPIServer provides information to configure an operator to manage Service Catalog API Server +// DEPRECATED: will be removed in 4.6 type ServiceCatalogAPIServer struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` @@ -31,6 +32,7 @@ type ServiceCatalogAPIServerStatus struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // ServiceCatalogAPIServerList is a collection of items +// DEPRECATED: will be removed in 4.6 type ServiceCatalogAPIServerList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata"` diff --git a/vendor/github.com/openshift/api/operator/v1/types_servicecatalogcontrollermanager.go b/vendor/github.com/openshift/api/operator/v1/types_servicecatalogcontrollermanager.go index ac3bf5898c8..f4cc3f6957f 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_servicecatalogcontrollermanager.go +++ b/vendor/github.com/openshift/api/operator/v1/types_servicecatalogcontrollermanager.go @@ -9,6 +9,7 @@ import ( // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // ServiceCatalogControllerManager provides information to configure an operator to manage Service Catalog Controller Manager +// DEPRECATED: will be removed in 4.6 type ServiceCatalogControllerManager struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata"` @@ -31,6 +32,7 @@ type ServiceCatalogControllerManagerStatus struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // ServiceCatalogControllerManagerList is a collection of items +// DEPRECATED: will be removed in 4.6 type ServiceCatalogControllerManagerList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata"` diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go index 158308a3e3a..12db4239e3b 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go @@ -113,6 +113,7 @@ func (in *AuthenticationSpec) DeepCopy() *AuthenticationSpec { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *AuthenticationStatus) DeepCopyInto(out *AuthenticationStatus) { *out = *in + out.OAuthAPIServer = in.OAuthAPIServer in.OperatorStatus.DeepCopyInto(&out.OperatorStatus) return } @@ -238,6 +239,101 @@ func (in *ClusterNetworkEntry) DeepCopy() *ClusterNetworkEntry { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Config) DeepCopyInto(out *Config) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Config. +func (in *Config) DeepCopy() *Config { + if in == nil { + return nil + } + out := new(Config) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *Config) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ConfigList) DeepCopyInto(out *ConfigList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]Config, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConfigList. +func (in *ConfigList) DeepCopy() *ConfigList { + if in == nil { + return nil + } + out := new(ConfigList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ConfigList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ConfigSpec) DeepCopyInto(out *ConfigSpec) { + *out = *in + in.OperatorSpec.DeepCopyInto(&out.OperatorSpec) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConfigSpec. +func (in *ConfigSpec) DeepCopy() *ConfigSpec { + if in == nil { + return nil + } + out := new(ConfigSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ConfigStatus) DeepCopyInto(out *ConfigStatus) { + *out = *in + in.OperatorStatus.DeepCopyInto(&out.OperatorStatus) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConfigStatus. +func (in *ConfigStatus) DeepCopy() *ConfigStatus { + if in == nil { + return nil + } + out := new(ConfigStatus) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Console) DeepCopyInto(out *Console) { *out = *in @@ -266,6 +362,23 @@ func (in *Console) DeepCopyObject() runtime.Object { return nil } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ConsoleConfigRoute) DeepCopyInto(out *ConsoleConfigRoute) { + *out = *in + out.Secret = in.Secret + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConsoleConfigRoute. +func (in *ConsoleConfigRoute) DeepCopy() *ConsoleConfigRoute { + if in == nil { + return nil + } + out := new(ConsoleConfigRoute) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ConsoleCustomization) DeepCopyInto(out *ConsoleCustomization) { *out = *in @@ -343,6 +456,7 @@ func (in *ConsoleSpec) DeepCopyInto(out *ConsoleSpec) { in.OperatorSpec.DeepCopyInto(&out.OperatorSpec) out.Customization = in.Customization in.Providers.DeepCopyInto(&out.Providers) + out.Route = in.Route return } @@ -1559,6 +1673,22 @@ func (in *NodeStatus) DeepCopy() *NodeStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OAuthAPIServerStatus) DeepCopyInto(out *OAuthAPIServerStatus) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OAuthAPIServerStatus. +func (in *OAuthAPIServerStatus) DeepCopy() *OAuthAPIServerStatus { + if in == nil { + return nil + } + out := new(OAuthAPIServerStatus) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *OVNKubernetesConfig) DeepCopyInto(out *OVNKubernetesConfig) { *out = *in diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go index d20358c23be..21ffc10c892 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go @@ -119,12 +119,40 @@ func (AuthenticationList) SwaggerDoc() map[string]string { var map_AuthenticationStatus = map[string]string{ "managingOAuthAPIServer": "ManagingOAuthAPIServer indicates whether this operator is managing OAuth related APIs. Setting this field to true will cause OAS-O to step down. Note that this field will be removed in the future releases, once https://github.com/openshift/enhancements/blob/master/enhancements/authentication/separate-oauth-resources.md is fully implemented", + "oauthAPIServer": "OAuthAPIServer holds status specific only to oauth-apiserver", } func (AuthenticationStatus) SwaggerDoc() map[string]string { return map_AuthenticationStatus } +var map_OAuthAPIServerStatus = map[string]string{ + "latestAvailableRevision": "LatestAvailableRevision is the latest revision used as suffix of revisioned secrets like encryption-config. A new revision causes a new deployment of pods.", +} + +func (OAuthAPIServerStatus) SwaggerDoc() map[string]string { + return map_OAuthAPIServerStatus +} + +var map_Config = map[string]string{ + "": "Config provides information to configure the config operator.", + "spec": "spec is the specification of the desired behavior of the Config Operator.", + "status": "status defines the observed status of the Config Operator.", +} + +func (Config) SwaggerDoc() map[string]string { + return map_Config +} + +var map_ConfigList = map[string]string{ + "": "ConfigList is a collection of items", + "items": "Items contains the items", +} + +func (ConfigList) SwaggerDoc() map[string]string { + return map_ConfigList +} + var map_Console = map[string]string{ "": "Console provides a means to configure an operator to manage the console.", } @@ -133,6 +161,16 @@ func (Console) SwaggerDoc() map[string]string { return map_Console } +var map_ConsoleConfigRoute = map[string]string{ + "": "ConsoleConfigRoute holds information on external route access to console.", + "hostname": "hostname is the desired custom domain under which console will be available.", + "secret": "secret points to secret in the openshift-config namespace that contains custom certificate and key and needs to be created manually by the cluster admin. Referenced Secret is required to contain following key value pairs: - \"tls.crt\" - to specifies custom certificate - \"tls.key\" - to specifies private key of the custom certificate If the custom hostname uses the default routing suffix of the cluster, the Secret specification for a serving certificate will not be needed.", +} + +func (ConsoleConfigRoute) SwaggerDoc() map[string]string { + return map_ConsoleConfigRoute +} + var map_ConsoleCustomization = map[string]string{ "": "ConsoleCustomization defines a list of optional configuration for the console UI.", "brand": "brand is the default branding of the web console which can be overridden by providing the brand field. There is a limited set of specific brand options. This field controls elements of the console such as the logo. Invalid value will prevent a console rollout.", @@ -158,6 +196,7 @@ var map_ConsoleSpec = map[string]string{ "": "ConsoleSpec is the specification of the desired behavior of the Console.", "customization": "customization is used to optionally provide a small set of customization options to the web console.", "providers": "providers contains configuration for using specific service providers.", + "route": "route contains hostname and secret reference that contains the serving certificate. If a custom route is specified, a new route will be created with the provided hostname, under which console will be available. In case of custom hostname uses the default routing suffix of the cluster, the Secret specification for a serving certificate will not be needed. In case of custom hostname points to an arbitrary domain, manual DNS configurations steps are necessary. The default console route will be maintained to reserve the default hostname for console if the custom route is removed. If not specified, default route will be used.", } func (ConsoleSpec) SwaggerDoc() map[string]string { @@ -399,6 +438,7 @@ func (PrivateStrategy) SwaggerDoc() map[string]string { var map_RouteAdmissionPolicy = map[string]string{ "": "RouteAdmissionPolicy is an admission policy for allowing new route claims.", "namespaceOwnership": "namespaceOwnership describes how host name claims across namespaces should be handled.\n\nValue must be one of:\n\n- Strict: Do not allow routes in different namespaces to claim the same host.\n\n- InterNamespaceAllowed: Allow routes to claim different paths of the same\n host name across namespaces.\n\nIf empty, the default is Strict.", + "wildcardPolicy": "wildcardPolicy describes how routes with wildcard policies should be handled for the ingress controller. WildcardPolicy controls use of routes [1] exposed by the ingress controller based on the route's wildcard policy.\n\n[1] https://github.com/openshift/api/blob/master/route/v1/types.go\n\nNote: Updating WildcardPolicy from WildcardsAllowed to WildcardsDisallowed will cause admitted routes with a wildcard policy of Subdomain to stop working. These routes must be updated to a wildcard policy of None to be readmitted by the ingress controller.\n\nWildcardPolicy supports WildcardsAllowed and WildcardsDisallowed values.\n\nIf empty, defaults to \"WildcardsDisallowed\".", } func (RouteAdmissionPolicy) SwaggerDoc() map[string]string { @@ -738,7 +778,7 @@ func (ServiceCAList) SwaggerDoc() map[string]string { } var map_ServiceCatalogAPIServer = map[string]string{ - "": "ServiceCatalogAPIServer provides information to configure an operator to manage Service Catalog API Server", + "": "ServiceCatalogAPIServer provides information to configure an operator to manage Service Catalog API Server DEPRECATED: will be removed in 4.6", } func (ServiceCatalogAPIServer) SwaggerDoc() map[string]string { @@ -746,7 +786,7 @@ func (ServiceCatalogAPIServer) SwaggerDoc() map[string]string { } var map_ServiceCatalogAPIServerList = map[string]string{ - "": "ServiceCatalogAPIServerList is a collection of items", + "": "ServiceCatalogAPIServerList is a collection of items DEPRECATED: will be removed in 4.6", "items": "Items contains the items", } @@ -755,7 +795,7 @@ func (ServiceCatalogAPIServerList) SwaggerDoc() map[string]string { } var map_ServiceCatalogControllerManager = map[string]string{ - "": "ServiceCatalogControllerManager provides information to configure an operator to manage Service Catalog Controller Manager", + "": "ServiceCatalogControllerManager provides information to configure an operator to manage Service Catalog Controller Manager DEPRECATED: will be removed in 4.6", } func (ServiceCatalogControllerManager) SwaggerDoc() map[string]string { @@ -763,7 +803,7 @@ func (ServiceCatalogControllerManager) SwaggerDoc() map[string]string { } var map_ServiceCatalogControllerManagerList = map[string]string{ - "": "ServiceCatalogControllerManagerList is a collection of items", + "": "ServiceCatalogControllerManagerList is a collection of items DEPRECATED: will be removed in 4.6", "items": "Items contains the items", } diff --git a/vendor/github.com/openshift/api/route/v1/generated.pb.go b/vendor/github.com/openshift/api/route/v1/generated.pb.go index 38543a90fdc..977fa2618d5 100644 --- a/vendor/github.com/openshift/api/route/v1/generated.pb.go +++ b/vendor/github.com/openshift/api/route/v1/generated.pb.go @@ -28,7 +28,7 @@ var _ = math.Inf // is compatible with the proto package it is being compiled against. // A compilation error at this line likely means your copy of the // proto package needs to be updated. -const _ = proto.GoGoProtoPackageIsVersion2 // please upgrade the proto package +const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package func (m *Route) Reset() { *m = Route{} } func (*Route) ProtoMessage() {} @@ -2956,6 +2956,7 @@ func (m *TLSConfig) Unmarshal(dAtA []byte) error { func skipGenerated(dAtA []byte) (n int, err error) { l := len(dAtA) iNdEx := 0 + depth := 0 for iNdEx < l { var wire uint64 for shift := uint(0); ; shift += 7 { @@ -2987,10 +2988,8 @@ func skipGenerated(dAtA []byte) (n int, err error) { break } } - return iNdEx, nil case 1: iNdEx += 8 - return iNdEx, nil case 2: var length int for shift := uint(0); ; shift += 7 { @@ -3011,55 +3010,30 @@ func skipGenerated(dAtA []byte) (n int, err error) { return 0, ErrInvalidLengthGenerated } iNdEx += length - if iNdEx < 0 { - return 0, ErrInvalidLengthGenerated - } - return iNdEx, nil case 3: - for { - var innerWire uint64 - var start int = iNdEx - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return 0, ErrIntOverflowGenerated - } - if iNdEx >= l { - return 0, io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - innerWire |= (uint64(b) & 0x7F) << shift - if b < 0x80 { - break - } - } - innerWireType := int(innerWire & 0x7) - if innerWireType == 4 { - break - } - next, err := skipGenerated(dAtA[start:]) - if err != nil { - return 0, err - } - iNdEx = start + next - if iNdEx < 0 { - return 0, ErrInvalidLengthGenerated - } - } - return iNdEx, nil + depth++ case 4: - return iNdEx, nil + if depth == 0 { + return 0, ErrUnexpectedEndOfGroupGenerated + } + depth-- case 5: iNdEx += 4 - return iNdEx, nil default: return 0, fmt.Errorf("proto: illegal wireType %d", wireType) } + if iNdEx < 0 { + return 0, ErrInvalidLengthGenerated + } + if depth == 0 { + return iNdEx, nil + } } - panic("unreachable") + return 0, io.ErrUnexpectedEOF } var ( - ErrInvalidLengthGenerated = fmt.Errorf("proto: negative length found during unmarshaling") - ErrIntOverflowGenerated = fmt.Errorf("proto: integer overflow") + ErrInvalidLengthGenerated = fmt.Errorf("proto: negative length found during unmarshaling") + ErrIntOverflowGenerated = fmt.Errorf("proto: integer overflow") + ErrUnexpectedEndOfGroupGenerated = fmt.Errorf("proto: unexpected end of group") ) diff --git a/vendor/github.com/openshift/api/route/v1/types.go b/vendor/github.com/openshift/api/route/v1/types.go index 9c59fd413e1..6c9d80b98a5 100644 --- a/vendor/github.com/openshift/api/route/v1/types.go +++ b/vendor/github.com/openshift/api/route/v1/types.go @@ -34,7 +34,7 @@ type Route struct { Spec RouteSpec `json:"spec" protobuf:"bytes,2,opt,name=spec"` // status is the current state of the route // +optional - Status RouteStatus `json:"status" protobuf:"bytes,3,opt,name=status"` + Status RouteStatus `json:"status,omitempty" protobuf:"bytes,3,opt,name=status"` } // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object @@ -69,7 +69,7 @@ type RouteSpec struct { // chosen. // Must follow DNS952 subdomain conventions. // +optional - Host string `json:"host" protobuf:"bytes,1,opt,name=host"` + Host string `json:"host,omitempty" protobuf:"bytes,1,opt,name=host"` // subdomain is a DNS subdomain that is requested within the ingress controller's // domain (as a subdomain). If host is set this field is ignored. An ingress // controller may choose to ignore this suggested name, in which case the controller @@ -141,7 +141,7 @@ type RouteStatus struct { // ingress describes the places where the route may be exposed. The list of // ingress points may contain duplicate Host or RouterName values. Routes // are considered live once they are `Ready` - Ingress []RouteIngress `json:"ingress" protobuf:"bytes,1,rep,name=ingress"` + Ingress []RouteIngress `json:"ingress,omitempty" protobuf:"bytes,1,rep,name=ingress"` } // RouteIngress holds information about the places where a route is exposed. diff --git a/vendor/modules.txt b/vendor/modules.txt index a30a49fa465..a2603ac8635 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -1003,7 +1003,7 @@ github.com/opencontainers/image-spec/specs-go github.com/opencontainers/image-spec/specs-go/v1 # github.com/openshift-metal3/terraform-provider-ironic v0.2.0 github.com/openshift-metal3/terraform-provider-ironic/ironic -# github.com/openshift/api v3.9.1-0.20191111211345-a27ff30ebf09+incompatible => github.com/openshift/api v0.0.0-20200210091934-a0e53e94816b +# github.com/openshift/api v3.9.1-0.20191111211345-a27ff30ebf09+incompatible => github.com/openshift/api v0.0.0-20200413201024-c6e8c9b6eb9a github.com/openshift/api/config/v1 github.com/openshift/api/operator/v1 github.com/openshift/api/operator/v1alpha1 @@ -1640,7 +1640,7 @@ honnef.co/go/tools/staticcheck/vrp honnef.co/go/tools/stylecheck honnef.co/go/tools/unused honnef.co/go/tools/version -# k8s.io/api v0.17.2 => k8s.io/api v0.17.1 +# k8s.io/api v0.18.0 => k8s.io/api v0.17.1 k8s.io/api/admissionregistration/v1 k8s.io/api/admissionregistration/v1beta1 k8s.io/api/apps/v1 @@ -1681,7 +1681,7 @@ k8s.io/api/settings/v1alpha1 k8s.io/api/storage/v1 k8s.io/api/storage/v1alpha1 k8s.io/api/storage/v1beta1 -# k8s.io/apimachinery v0.17.3 => k8s.io/apimachinery v0.17.1 +# k8s.io/apimachinery v0.18.0 => k8s.io/apimachinery v0.17.1 k8s.io/apimachinery/pkg/api/equality k8s.io/apimachinery/pkg/api/errors k8s.io/apimachinery/pkg/api/meta