From 9ca048ea66a0eb9c181bf3840039b38a267012fb Mon Sep 17 00:00:00 2001 From: Abhinav Dahiya Date: Tue, 10 Mar 2020 13:26:15 -0700 Subject: [PATCH 01/18] pkg/types/aws: add service endpoints to aws platform Adds a list of service endpoints to the AWS platform. A service endpoint entry/item consists of the service name and the endpoint url. only one service endpoint for a service can be provided, i.e duplicates are not allowed. the endpoint URL must be a hostname or a http(s) URL with no request path or requests queries. --- pkg/types/aws/platform.go | 19 ++++++ pkg/types/aws/validation/platform.go | 50 ++++++++++++++ pkg/types/aws/validation/platform_test.go | 82 +++++++++++++++++++++-- 3 files changed, 144 insertions(+), 7 deletions(-) diff --git a/pkg/types/aws/platform.go b/pkg/types/aws/platform.go index 45d0911ec51..e78533f050a 100644 --- a/pkg/types/aws/platform.go +++ b/pkg/types/aws/platform.go @@ -21,9 +21,28 @@ type Platform struct { // +optional UserTags map[string]string `json:"userTags,omitempty"` + // ServiceEndpoints list contains custom endpoints which will override default + // service endpoint of AWS Services. + // There must be only one ServiceEndpoint for a service. + // +optional + ServiceEndpoints []ServiceEndpoint `json:"serviceEndpoints,omitempty"` + // DefaultMachinePlatform is the default configuration used when // installing on AWS for machine pools which do not define their own // platform configuration. // +optional DefaultMachinePlatform *MachinePool `json:"defaultMachinePlatform,omitempty"` } + +// ServiceEndpoint store the configuration for services to +// override existing defaults of AWS Services. +type ServiceEndpoint struct { + // Name is the name of the AWS service. + // This must be provided and cannot be empty. + Name string `json:"name"` + + // URL is fully qualified URI with scheme https, that overrides the default generated + // endpoint for a client. + // This must be provided and cannot be empty. + URL string `json:"url"` +} diff --git a/pkg/types/aws/validation/platform.go b/pkg/types/aws/validation/platform.go index 183bfb13e8f..a4a1e94e621 100644 --- a/pkg/types/aws/validation/platform.go +++ b/pkg/types/aws/validation/platform.go @@ -1,6 +1,9 @@ package validation import ( + "fmt" + "net/url" + "regexp" "sort" "k8s.io/apimachinery/pkg/util/validation/field" @@ -56,8 +59,55 @@ func ValidatePlatform(p *aws.Platform, fldPath *field.Path) field.ErrorList { if _, ok := Regions[p.Region]; !ok { allErrs = append(allErrs, field.NotSupported(fldPath.Child("region"), p.Region, validRegionValues)) } + + allErrs = append(allErrs, validateServiceEndpoints(p.ServiceEndpoints, fldPath.Child("serviceEndpoints"))...) + if p.DefaultMachinePlatform != nil { allErrs = append(allErrs, ValidateMachinePool(p, p.DefaultMachinePlatform, fldPath.Child("defaultMachinePlatform"))...) } return allErrs } + +func validateServiceEndpoints(endpoints []aws.ServiceEndpoint, fldPath *field.Path) field.ErrorList { + allErrs := field.ErrorList{} + tracker := map[string]int{} + for idx, e := range endpoints { + fldp := fldPath.Index(idx) + if eidx, ok := tracker[e.Name]; ok { + allErrs = append(allErrs, field.Invalid(fldp.Child("name"), e.Name, fmt.Sprintf("duplicate service endpoint not allowed for %s, service endpoint already defined at %s", e.Name, fldPath.Index(eidx)))) + } else { + tracker[e.Name] = idx + } + + if err := validateServiceURL(e.URL); err != nil { + allErrs = append(allErrs, field.Invalid(fldp.Child("url"), e.URL, err.Error())) + } + } + return allErrs +} + +var schemeRE = regexp.MustCompile("^([^:]+)://") + +func validateServiceURL(uri string) error { + endpoint := uri + if !schemeRE.MatchString(endpoint) { + scheme := "https" + endpoint = fmt.Sprintf("%s://%s", scheme, endpoint) + } + + u, err := url.Parse(endpoint) + if err != nil { + return err + } + if u.Hostname() == "" { + return fmt.Errorf("host cannot be empty, empty host provided") + } + if s := u.Scheme; s != "https" { + return fmt.Errorf("invalid scheme %s, only https allowed", s) + } + if r := u.RequestURI(); r != "/" { + return fmt.Errorf("no path or request parameters must be provided, %q was provided", r) + } + + return nil +} diff --git a/pkg/types/aws/validation/platform_test.go b/pkg/types/aws/validation/platform_test.go index 957cc38f81e..583515567f9 100644 --- a/pkg/types/aws/validation/platform_test.go +++ b/pkg/types/aws/validation/platform_test.go @@ -13,21 +13,90 @@ func TestValidatePlatform(t *testing.T) { cases := []struct { name string platform *aws.Platform - valid bool + expected string }{ { name: "minimal", platform: &aws.Platform{ Region: "us-east-1", }, - valid: true, }, { name: "invalid region", platform: &aws.Platform{ Region: "bad-region", }, - valid: false, + expected: `^test-path\.region: Unsupported value: "bad-region": supported values: .*$`, + }, + { + name: "invalid url for service endpoint", + platform: &aws.Platform{ + Region: "us-east-1", + ServiceEndpoints: []aws.ServiceEndpoint{{ + Name: "ec2", + URL: "/path/some", + }}, + }, + expected: `^test-path\.serviceEndpoints\[0\]\.url: Invalid value: "(.*)": host cannot be empty, empty host provided$`, + }, + { + name: "invalid url for service endpoint", + platform: &aws.Platform{ + Region: "us-east-1", + ServiceEndpoints: []aws.ServiceEndpoint{{ + Name: "ec2", + URL: "https://test-ec2.random.local/path/some", + }}, + }, + expected: `^test-path\.serviceEndpoints\[0\]\.url: Invalid value: "(.*)": no path or request parameters must be provided, "/path/some" was provided$`, + }, + { + name: "invalid url for service endpoint", + platform: &aws.Platform{ + Region: "us-east-1", + ServiceEndpoints: []aws.ServiceEndpoint{{ + Name: "ec2", + URL: "https://test-ec2.random.local?foo=some", + }}, + }, + expected: `^test-path\.serviceEndpoints\[0\]\.url: Invalid value: "(.*)": no path or request parameters must be provided, "/\?foo=some" was provided$`, + }, + { + name: "valid url for service endpoint", + platform: &aws.Platform{ + Region: "us-east-1", + ServiceEndpoints: []aws.ServiceEndpoint{{ + Name: "ec2", + URL: "test-ec2.random.local", + }}, + }, + }, + { + name: "valid url for service endpoint", + platform: &aws.Platform{ + Region: "us-east-1", + ServiceEndpoints: []aws.ServiceEndpoint{{ + Name: "ec2", + URL: "https://test-ec2.random.local", + }}, + }, + }, + { + name: "duplicate service endpoints", + platform: &aws.Platform{ + Region: "us-east-1", + ServiceEndpoints: []aws.ServiceEndpoint{{ + Name: "ec2", + URL: "test-ec2.random.local", + }, { + Name: "s3", + URL: "test-ec2.random.local", + }, { + Name: "ec2", + URL: "test-ec2.random.local", + }}, + }, + expected: `^test-path\.serviceEndpoints\[2\]\.name: Invalid value: "ec2": duplicate service endpoint not allowed for ec2, service endpoint already defined at test-path\.serviceEndpoints\[0\]$`, }, { name: "valid machine pool", @@ -35,7 +104,6 @@ func TestValidatePlatform(t *testing.T) { Region: "us-east-1", DefaultMachinePlatform: &aws.MachinePool{}, }, - valid: true, }, { name: "invalid machine pool", @@ -47,16 +115,16 @@ func TestValidatePlatform(t *testing.T) { }, }, }, - valid: false, + expected: `^test-path\.defaultMachinePlatform\.iops: Invalid value: -10: Storage IOPS must be positive$`, }, } for _, tc := range cases { t.Run(tc.name, func(t *testing.T) { err := ValidatePlatform(tc.platform, field.NewPath("test-path")).ToAggregate() - if tc.valid { + if tc.expected == "" { assert.NoError(t, err) } else { - assert.Error(t, err) + assert.Regexp(t, tc.expected, err) } }) } From 6e32f0df8461789af40ddc623d83f5da1a372e7b Mon Sep 17 00:00:00 2001 From: Abhinav Dahiya Date: Tue, 10 Mar 2020 22:54:14 -0700 Subject: [PATCH 02/18] asset/installconfig/aws/session.go: allow creating session with region and service overrides Adds `GetSessionWithOptions` which allows creating aws.Session with options. Currently adds two options, `WithRegion`, this configures the aws.Session to a specific region. `WithServiceEndpoints`, this configures the aws.Session with a new service resolvers that uses the provided list of service endpoints to override the endpoints hard coded [1] into the AWS SDK for the specific service. It uses an internal `awsResolver` that can be configures with a list of service endpoints such that when AWS SDK tries to fetch the endpoint for a service in a region, it returns the configured endpoint. If no such endpoint was configured for this internal resolver, it falls back to AWS SDK's default resolver that uses the hard coded list [1]. NOTE: the internal resolver returns the same endpoint URL for all regions for a service. This is acceptable as service endpoints provided to the installer don't provide region. Also since clusters are installed to single region, one should only need the endpoint for that region or global. The aws metadata now provides consumers session initialized with region and AWS service overrides set in the install config. The clients in various assets therefore transparently use the correct endpoints without extra configuration, while also allowing them to override it if needed when initializing the client. [1]: https://github.com/aws/aws-sdk-go/blob/v1.29.31/aws/endpoints/defaults.go#L94 --- pkg/asset/installconfig/aws/metadata.go | 17 +++-- pkg/asset/installconfig/aws/session.go | 69 ++++++++++++++++++++- pkg/asset/installconfig/aws/session_test.go | 53 ++++++++++++++++ pkg/asset/installconfig/installconfig.go | 2 +- 4 files changed, 131 insertions(+), 10 deletions(-) create mode 100644 pkg/asset/installconfig/aws/session_test.go diff --git a/pkg/asset/installconfig/aws/metadata.go b/pkg/asset/installconfig/aws/metadata.go index 39b4b0abffb..47a736c7a11 100644 --- a/pkg/asset/installconfig/aws/metadata.go +++ b/pkg/asset/installconfig/aws/metadata.go @@ -6,6 +6,8 @@ import ( "github.com/aws/aws-sdk-go/aws/session" "github.com/pkg/errors" + + typesaws "github.com/openshift/installer/pkg/types/aws" ) // Metadata holds additional metadata for InstallConfig resources that @@ -16,15 +18,18 @@ type Metadata struct { availabilityZones []string privateSubnets map[string]Subnet publicSubnets map[string]Subnet - Region string `json:"region,omitempty"` - Subnets []string `json:"subnets,omitempty"` vpc string - mutex sync.Mutex + + Region string `json:"region,omitempty"` + Subnets []string `json:"subnets,omitempty"` + Services []typesaws.ServiceEndpoint `json:"services,omitempty"` + + mutex sync.Mutex } // NewMetadata initializes a new Metadata object. -func NewMetadata(region string, subnets []string) *Metadata { - return &Metadata{Region: region, Subnets: subnets} +func NewMetadata(region string, subnets []string, services []typesaws.ServiceEndpoint) *Metadata { + return &Metadata{Region: region, Subnets: subnets, Services: services} } // Session holds an AWS session which can be used for AWS API calls @@ -39,7 +44,7 @@ func (m *Metadata) Session(ctx context.Context) (*session.Session, error) { func (m *Metadata) unlockedSession(ctx context.Context) (*session.Session, error) { if m.session == nil { var err error - m.session, err = GetSession() + m.session, err = GetSessionWithOptions(WithRegion(m.Region), WithServiceEndpoints(m.Region, m.Services)) if err != nil { return nil, errors.Wrap(err, "creating AWS session") } diff --git a/pkg/asset/installconfig/aws/session.go b/pkg/asset/installconfig/aws/session.go index e695e35d104..d3ad536b671 100644 --- a/pkg/asset/installconfig/aws/session.go +++ b/pkg/asset/installconfig/aws/session.go @@ -8,6 +8,7 @@ import ( "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/aws/credentials" "github.com/aws/aws-sdk-go/aws/defaults" + "github.com/aws/aws-sdk-go/aws/endpoints" "github.com/aws/aws-sdk-go/aws/request" "github.com/aws/aws-sdk-go/aws/session" "github.com/pkg/errors" @@ -15,6 +16,7 @@ import ( survey "gopkg.in/AlecAivazis/survey.v1" ini "gopkg.in/ini.v1" + typesaws "github.com/openshift/installer/pkg/types/aws" "github.com/openshift/installer/pkg/version" ) @@ -30,12 +32,41 @@ var ( } ) +// SessionOptions is a function that modifies the provided session.Option. +type SessionOptions func(sess *session.Options) + +// WithRegion configures the session.Option to set the AWS region. +func WithRegion(region string) SessionOptions { + return func(sess *session.Options) { + cfg := aws.NewConfig().WithRegion(region) + sess.Config.MergeIn(cfg) + } +} + +// WithServiceEndpoints configures the session.Option to use provides services for AWS endpoints. +func WithServiceEndpoints(region string, services []typesaws.ServiceEndpoint) SessionOptions { + return func(sess *session.Options) { + resolver := newAWSResolver(region, services) + cfg := aws.NewConfig().WithEndpointResolver(resolver) + sess.Config.MergeIn(cfg) + } +} + // GetSession returns an AWS session by checking credentials // and, if no creds are found, asks for them and stores them on disk in a config file -func GetSession() (*session.Session, error) { - ssn := session.Must(session.NewSessionWithOptions(session.Options{ +func GetSession() (*session.Session, error) { return GetSessionWithOptions() } + +// GetSessionWithOptions returns an AWS session by checking credentials +// and, if no creds are found, asks for them and stores them on disk in a config file +func GetSessionWithOptions(optFuncs ...SessionOptions) (*session.Session, error) { + options := session.Options{ SharedConfigState: session.SharedConfigEnable, - })) + } + for _, optFunc := range optFuncs { + optFunc(&options) + } + + ssn := session.Must(session.NewSessionWithOptions(options)) sharedCredentialsProvider := &credentials.SharedCredentialsProvider{} ssn.Config.Credentials = credentials.NewChainCredentials([]credentials.Provider{ @@ -140,3 +171,35 @@ func getCredentials() error { return os.Rename(tempPath, path) } + +type awsResolver struct { + region string + services map[string]typesaws.ServiceEndpoint +} + +func newAWSResolver(region string, services []typesaws.ServiceEndpoint) *awsResolver { + resolver := &awsResolver{ + region: region, + services: make(map[string]typesaws.ServiceEndpoint), + } + for _, service := range services { + service := service + resolver.services[resolverKey(service.Name)] = service + } + return resolver +} + +func (ar *awsResolver) EndpointFor(service, region string, optFns ...func(*endpoints.Options)) (endpoints.ResolvedEndpoint, error) { + if s, ok := ar.services[resolverKey(service)]; ok { + logrus.Debugf("resolved AWS service %s (%s) to %q", service, region, s.URL) + return endpoints.ResolvedEndpoint{ + URL: s.URL, + SigningRegion: ar.region, + }, nil + } + return endpoints.DefaultResolver().EndpointFor(service, region, optFns...) +} + +func resolverKey(service string) string { + return service +} diff --git a/pkg/asset/installconfig/aws/session_test.go b/pkg/asset/installconfig/aws/session_test.go new file mode 100644 index 00000000000..b6fa704179d --- /dev/null +++ b/pkg/asset/installconfig/aws/session_test.go @@ -0,0 +1,53 @@ +package aws + +import ( + "fmt" + "testing" + + "github.com/stretchr/testify/assert" + + typesaws "github.com/openshift/installer/pkg/types/aws" +) + +func TestAWSResolver(t *testing.T) { + overrides := []typesaws.ServiceEndpoint{{ + Name: "ec2", + URL: "test-ec2.local", + }, { + Name: "s3", + URL: "https://test-s3.local", + }} + + cases := []struct { + iservice, iregion string + overrides []typesaws.ServiceEndpoint + expected string + }{{ + iservice: "ec2", + iregion: "us-east-1", + expected: "https://ec2.us-east-1.amazonaws.com", + }, { + iservice: "ec2", + iregion: "us-east-1", + overrides: overrides, + expected: "test-ec2.local", + }, { + iservice: "s3", + iregion: "us-east-1", + overrides: overrides, + expected: "https://test-s3.local", + }, { + iservice: "elasticloadbalancing", + iregion: "us-east-1", + overrides: overrides, + expected: "https://elasticloadbalancing.us-east-1.amazonaws.com", + }} + for idx, test := range cases { + t.Run(fmt.Sprintf("%d", idx), func(t *testing.T) { + resolvers := newAWSResolver(test.iregion, test.overrides) + endpoint, err := resolvers.EndpointFor(test.iservice, test.iregion) + assert.NoError(t, err) + assert.Equal(t, test.expected, endpoint.URL) + }) + } +} diff --git a/pkg/asset/installconfig/installconfig.go b/pkg/asset/installconfig/installconfig.go index b3049e005e3..76d7882bfb8 100644 --- a/pkg/asset/installconfig/installconfig.go +++ b/pkg/asset/installconfig/installconfig.go @@ -131,7 +131,7 @@ func (a *InstallConfig) finish(filename string) error { defaults.SetInstallConfigDefaults(a.Config) if a.Config.AWS != nil { - a.AWS = aws.NewMetadata(a.Config.Platform.AWS.Region, a.Config.Platform.AWS.Subnets) + a.AWS = aws.NewMetadata(a.Config.Platform.AWS.Region, a.Config.Platform.AWS.Subnets, a.Config.AWS.ServiceEndpoints) } if err := validation.ValidateInstallConfig(a.Config, icopenstack.NewValidValuesFetcher()).ToAggregate(); err != nil { From 5c621c0f4ca13f2660305dc223b7164d986f0be6 Mon Sep 17 00:00:00 2001 From: Abhinav Dahiya Date: Wed, 11 Mar 2020 09:01:36 -0700 Subject: [PATCH 03/18] asset: Use common session when fetching public zone ID for AWS Previously, while generating the DNS asset, the asset would involke the GetPublicZone function to fetch the public Route53 zone id. This functoin would create it's own AWS session instead of the already provided session from aws metadata. This is various downsides like region is not configured and also the service endpoints overrides is not handled, therefore, switching to the already initialized session allows it to reuse the setup. --- pkg/asset/installconfig/aws/basedomain.go | 9 +++------ pkg/asset/manifests/dns.go | 6 +++++- 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/pkg/asset/installconfig/aws/basedomain.go b/pkg/asset/installconfig/aws/basedomain.go index d0f764c7eaa..fb30f9803d9 100644 --- a/pkg/asset/installconfig/aws/basedomain.go +++ b/pkg/asset/installconfig/aws/basedomain.go @@ -7,6 +7,7 @@ import ( "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/aws/awserr" + "github.com/aws/aws-sdk-go/aws/session" "github.com/aws/aws-sdk-go/service/route53" "github.com/pkg/errors" "github.com/sirupsen/logrus" @@ -75,7 +76,7 @@ func GetBaseDomain() (string, error) { } // GetPublicZone returns a public route53 zone that matches the name. -func GetPublicZone(name string) (*route53.HostedZone, error) { +func GetPublicZone(sess *session.Session, name string) (*route53.HostedZone, error) { var res *route53.HostedZone f := func(resp *route53.ListHostedZonesOutput, lastPage bool) (shouldContinue bool) { for idx, zone := range resp.HostedZones { @@ -87,11 +88,7 @@ func GetPublicZone(name string) (*route53.HostedZone, error) { return !lastPage } - session, err := GetSession() - if err != nil { - return nil, errors.Wrap(err, "getting AWS session") - } - client := route53.New(session) + client := route53.New(sess) if err := client.ListHostedZonesPages(&route53.ListHostedZonesInput{}, f); err != nil { return nil, errors.Wrap(err, "listing hosted zones") } diff --git a/pkg/asset/manifests/dns.go b/pkg/asset/manifests/dns.go index 7d96b5c9672..c8407b9f847 100644 --- a/pkg/asset/manifests/dns.go +++ b/pkg/asset/manifests/dns.go @@ -81,7 +81,11 @@ func (d *DNS) Generate(dependencies asset.Parents) error { switch installConfig.Config.Platform.Name() { case awstypes.Name: if installConfig.Config.Publish == types.ExternalPublishingStrategy { - zone, err := icaws.GetPublicZone(installConfig.Config.BaseDomain) + sess, err := installConfig.AWS.Session(context.TODO()) + if err != nil { + return errors.Wrap(err, "failed to initialize session") + } + zone, err := icaws.GetPublicZone(sess, installConfig.Config.BaseDomain) if err != nil { return errors.Wrapf(err, "getting public zone for %q", installConfig.Config.BaseDomain) } From 915c773172d4ee3005d4cbcd73632751ef1b30d1 Mon Sep 17 00:00:00 2001 From: Abhinav Dahiya Date: Wed, 11 Mar 2020 09:31:03 -0700 Subject: [PATCH 04/18] aws: configure terraform with service endpoints The installer now passed on the service endpoints set in the install-config as a map of serivce name => service endpoint URL - Why the map lookup when setting endpoints for aws provider The endpoints for aws provider are a `schema.Set` [1] type and therefore an input map object cannot be directly assigned to the endpoints and therefore, we lookup the map object for specific key and set the corresponding endpoint. There are two major concerns with this, First, what if we need multiple endpoints for a service, like per region? Terraform only supports providing ONE sevice endpoint per service, and this is fine as installer uses the terraform to create resources only in one region today, if there was a case where we had to create resources across regions, we might hav to extend the installer to invoke terraform multiple times.. there is no plan/requirement for that anytime soon. Secondly, why is the list hard coded? that's not good right? Installer only creates a SPECIFIC set of resources using the terraform, and therefore the hard coded list should be fine and it can be extended when we need new types of resources. This list is hard coded today because of terraform's limitations today. [1]: https://github.com/terraform-providers/terraform-provider-aws/blob/81c55de44d67ad4515e615b9a5992a65be06bff6/aws/provider.go#L1236-L1240 --- data/data/aws/main.tf | 8 ++++++++ data/data/aws/variables-aws.tf | 13 +++++++++++++ pkg/asset/cluster/tfvars.go | 1 + pkg/tfvars/aws/aws.go | 10 ++++++++++ 4 files changed, 32 insertions(+) diff --git a/data/data/aws/main.tf b/data/data/aws/main.tf index dfee8ebf329..17544fe4af0 100644 --- a/data/data/aws/main.tf +++ b/data/data/aws/main.tf @@ -13,6 +13,14 @@ provider "aws" { # Validation of AWS Bahrain region was added in AWS TF provider v2.22 # so we skip when installing in me-south-1. skip_region_validation = var.aws_region == "me-south-1" + + endpoints { + s3 = lookup(var.custom_endpoints, "s3", null) + ec2 = lookup(var.custom_endpoints, "ec2", null) + elb = lookup(var.custom_endpoints, "elasticloadbalancing", null) + iam = lookup(var.custom_endpoints, "iam", null) + route53 = lookup(var.custom_endpoints, "route53", null) + } } module "bootstrap" { diff --git a/data/data/aws/variables-aws.tf b/data/data/aws/variables-aws.tf index faa3c2c92f8..5948a647d2e 100644 --- a/data/data/aws/variables-aws.tf +++ b/data/data/aws/variables-aws.tf @@ -7,6 +7,19 @@ EOF default = "1.0" } +variable "custom_endpoints" { + type = map(string) + + description = < Date: Wed, 11 Mar 2020 13:55:16 -0700 Subject: [PATCH 05/18] destroy/aws: use the service overrides for AWS apis Currently the destroy code-path for the isntaller is driven completely based on the `metadata.json`. This allows users to clean up the clusters as long as they possess/create a `metadata.json` for the cluster. Therefore, the service endpoints for the cluster need to be propagated to the `metadata.json` for later use. Adds a list of service endpoints similar to the install-config to the metadata.json's definition. The metadata assets uses the install-config to set the service endpoints when provided by the user. Updates the destroy/aws.New to create session using the `GetSessionWithOptions` similar to other assets to re-use the regions and service endpoints options. This makes the destroy code a lot less complicated. `destroy/aws` ClusterInstaller allows users to provide no aws session. In this case, destroy continues to create aws session using SDK defaults with specified region and no service endpoint overrides. Requiring the user to handle special session and passing it along seems sane for users using destroy code directly similar to installer's metadata.json powered code-path. --- pkg/asset/cluster/aws/aws.go | 1 + pkg/destroy/aws/aws.go | 14 +++++++------- pkg/types/aws/metadata.go | 6 ++++++ 3 files changed, 14 insertions(+), 7 deletions(-) diff --git a/pkg/asset/cluster/aws/aws.go b/pkg/asset/cluster/aws/aws.go index df5952417de..5ad02450446 100644 --- a/pkg/asset/cluster/aws/aws.go +++ b/pkg/asset/cluster/aws/aws.go @@ -23,6 +23,7 @@ func Metadata(clusterID, infraID string, config *types.InstallConfig) *awstypes. }, { "openshiftClusterID": clusterID, }}, + ServiceEndpoints: config.AWS.ServiceEndpoints, } } diff --git a/pkg/destroy/aws/aws.go b/pkg/destroy/aws/aws.go index d07de4f2063..4db05658c8f 100644 --- a/pkg/destroy/aws/aws.go +++ b/pkg/destroy/aws/aws.go @@ -74,15 +74,18 @@ func New(logger logrus.FieldLogger, metadata *types.ClusterMetadata) (providers. for _, filter := range metadata.ClusterPlatformMetadata.AWS.Identifier { filters = append(filters, filter) } - - session, err := awssession.GetSession() + region := metadata.ClusterPlatformMetadata.AWS.Region + session, err := awssession.GetSessionWithOptions( + awssession.WithRegion(region), + awssession.WithServiceEndpoints(region, metadata.ClusterPlatformMetadata.AWS.ServiceEndpoints), + ) if err != nil { return nil, err } return &ClusterUninstaller{ Filters: filters, - Region: metadata.ClusterPlatformMetadata.AWS.Region, + Region: region, Logger: logger, ClusterID: metadata.InfraID, Session: session, @@ -103,16 +106,13 @@ func (o *ClusterUninstaller) Run() error { return err } - awsConfig := &aws.Config{Region: aws.String(o.Region)} awsSession := o.Session if awsSession == nil { // Relying on appropriate AWS ENV vars (eg AWS_PROFILE, AWS_ACCESS_KEY_ID, etc) - awsSession, err = session.NewSession(awsConfig) + awsSession, err = session.NewSession(aws.NewConfig().WithRegion(o.Region)) if err != nil { return err } - } else { - awsSession = awsSession.Copy(awsConfig) } awsSession.Handlers.Build.PushBackNamed(request.NamedHandler{ Name: "openshiftInstaller.OpenshiftInstallerUserAgentHandler", diff --git a/pkg/types/aws/metadata.go b/pkg/types/aws/metadata.go index 08d18257a9f..300077f037f 100644 --- a/pkg/types/aws/metadata.go +++ b/pkg/types/aws/metadata.go @@ -4,6 +4,12 @@ package aws type Metadata struct { Region string `json:"region"` + // ServiceEndpoints list contains custom endpoints which will override default + // service endpoint of AWS Services. + // There must be only one ServiceEndpoint for a service. + // +optional + ServiceEndpoints []ServiceEndpoint `json:"serviceEndpoints,omitempty"` + // Identifier holds a slice of filter maps. The maps hold the // key/value pairs for the tags we will be matching against. A // resource matches the map if all of the key/value pairs are in its From d28c3afad887effe40ddacbf7d6fe1eb1c8ab9e1 Mon Sep 17 00:00:00 2001 From: Abhinav Dahiya Date: Wed, 11 Mar 2020 15:00:19 -0700 Subject: [PATCH 06/18] data/aws/main.tf: load sts service endpoint override terraform uses the sts service to find details about the user credentials [1]. These details are used to compute various things like the account ID, partition ID, or the DNS suffix. [1]: https://github.com/terraform-providers/terraform-provider-aws/blob/81c55de44d67ad4515e615b9a5992a65be06bff6/aws/config.go#L376 --- data/data/aws/main.tf | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/data/data/aws/main.tf b/data/data/aws/main.tf index 17544fe4af0..02a39bc81d9 100644 --- a/data/data/aws/main.tf +++ b/data/data/aws/main.tf @@ -15,11 +15,12 @@ provider "aws" { skip_region_validation = var.aws_region == "me-south-1" endpoints { - s3 = lookup(var.custom_endpoints, "s3", null) ec2 = lookup(var.custom_endpoints, "ec2", null) elb = lookup(var.custom_endpoints, "elasticloadbalancing", null) iam = lookup(var.custom_endpoints, "iam", null) route53 = lookup(var.custom_endpoints, "route53", null) + s3 = lookup(var.custom_endpoints, "s3", null) + sts = lookup(var.custom_endpoints, "sts", null) } } From 805a108ba7954b095c3210cc8fc52711d2f4ba89 Mon Sep 17 00:00:00 2001 From: Abhinav Dahiya Date: Wed, 11 Mar 2020 19:48:07 -0700 Subject: [PATCH 07/18] platformtests: drop aws as no longer required the only test defined are `TestGetDefaultInstanceClass`. That test are useful for developers of installer to make sure the default instance class used for a region is acurate and available in that region. But these tests are no longer required since the installer moved to use AWS APIs to find out the correct default instance type [1] [1]: https://github.com/openshift/installer/commit/d45e881abe1e3033b75df71fb537caa40f2834d8 --- platformtests/aws/README.md | 12 -- .../aws/default_instance_class_test.go | 180 ------------------ 2 files changed, 192 deletions(-) delete mode 100644 platformtests/aws/README.md delete mode 100644 platformtests/aws/default_instance_class_test.go diff --git a/platformtests/aws/README.md b/platformtests/aws/README.md deleted file mode 100644 index e090126a376..00000000000 --- a/platformtests/aws/README.md +++ /dev/null @@ -1,12 +0,0 @@ -# AWS Tests - -This directory contains test suites checking AWS-specific assumptions. -Run with: - -```console -$ AWS_PROFILE=your-profile go test . -``` - -or similar (it needs access to [your AWS credentials][credentials]). - -[credentials]: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html diff --git a/platformtests/aws/default_instance_class_test.go b/platformtests/aws/default_instance_class_test.go deleted file mode 100644 index 365646ead84..00000000000 --- a/platformtests/aws/default_instance_class_test.go +++ /dev/null @@ -1,180 +0,0 @@ -package aws - -import ( - "fmt" - "reflect" - "strings" - "testing" - - "github.com/aws/aws-sdk-go/aws" - "github.com/aws/aws-sdk-go/service/ec2" - "github.com/aws/aws-sdk-go/service/pricing" - awsutil "github.com/openshift/installer/pkg/asset/installconfig/aws" - "github.com/openshift/installer/pkg/types/aws/defaults" - "github.com/openshift/installer/pkg/types/aws/validation" - "github.com/stretchr/testify/assert" -) - -func TestGetDefaultInstanceClass(t *testing.T) { - preferredInstanceClasses := []string{"m4", "m5"} // decreasing precedence - - ssn, err := awsutil.GetSession() - if err != nil { - t.Fatal(err) - } - - exists := struct{}{} - pricingInstanceClasses := map[string]map[string]struct{}{} - - pricingClient := pricing.New(ssn, aws.NewConfig().WithRegion("us-east-1")) - err = pricingClient.GetProductsPages( - &pricing.GetProductsInput{ - ServiceCode: aws.String("AmazonEC2"), - Filters: []*pricing.Filter{ - { - Field: aws.String("tenancy"), - Type: aws.String("TERM_MATCH"), - Value: aws.String("Shared"), - }, - { - Field: aws.String("productFamily"), - Type: aws.String("TERM_MATCH"), - Value: aws.String("Compute Instance"), - }, - { - Field: aws.String("operatingSystem"), - Type: aws.String("TERM_MATCH"), - Value: aws.String("Linux"), - }, - { - Field: aws.String("instanceFamily"), - Type: aws.String("TERM_MATCH"), - Value: aws.String("General purpose"), - }, - }, - }, - func(result *pricing.GetProductsOutput, lastPage bool) bool { - for _, priceList := range result.PriceList { - product := priceList["product"].(map[string]interface{}) - attr := product["attributes"].(map[string]interface{}) - location := attr["location"].(string) - instanceType := attr["instanceType"].(string) - instanceClassSlice := strings.Split(instanceType, ".") - instanceClass := instanceClassSlice[0] - _, ok := pricingInstanceClasses[location] - if ok { - pricingInstanceClasses[location][instanceClass] = exists - } else { - pricingInstanceClasses[location] = map[string]struct{}{instanceClass: exists} - } - } - return !lastPage - }, - ) - if err != nil { - t.Fatal(err) - } - - regions := map[string]string{ // seed with locations that don't match AWS's usual names - "AWS GovCloud (US)": "us-gov-west-1", - "AWS GovCloud (US-East)": "us-gov-east-1", - "Asia Pacific (Hong Kong)": "ap-east-1", - "Asia Pacific (Osaka-Local)": "ap-northeast-3", - "EU (Stockholm)": "eu-north-1", - "Middle East (Bahrain)": "me-south-1", - "South America (Sao Paulo)": "sa-east-1", - } - - for location, classes := range pricingInstanceClasses { - t.Run(location, func(t *testing.T) { - region, ok := regions[location] - if !ok { - for slug, name := range validation.Regions { - if strings.Contains(location, name) { - regions[location] = slug - region = slug - break - } - } - if region == "" { - t.Fatal("not a recognized region") - } - } - - ec2Client := ec2.New(ssn, aws.NewConfig().WithRegion(region)) - zonesResponse, err := ec2Client.DescribeAvailabilityZones(nil) - if err != nil { - t.Logf("no direct access to region, assuming full support: %v", err) - - var match string - for _, instanceClass := range preferredInstanceClasses { - if _, ok := classes[instanceClass]; ok { - match = instanceClass - break - } - } - - if match == "" { - t.Fatalf("none of the preferred instance classes are priced: %v", classes) - } - - t.Log(classes) - assert.Equal(t, defaults.InstanceClass(region), match) - return - } - - zones := make(map[string]struct{}, len(zonesResponse.AvailabilityZones)) - for _, zone := range zonesResponse.AvailabilityZones { - zones[*zone.ZoneName] = exists - } - - available := make(map[string]map[string]struct{}, len(preferredInstanceClasses)) - var allowed []string - - for _, instanceClass := range preferredInstanceClasses { - if _, ok := classes[instanceClass]; !ok { - t.Logf("skip the unpriced %s", instanceClass) - continue - } - - available[instanceClass] = make(map[string]struct{}, len(zones)) - exampleInstanceType := fmt.Sprintf("%s.large", instanceClass) - err := ec2Client.DescribeReservedInstancesOfferingsPages( - &ec2.DescribeReservedInstancesOfferingsInput{ - Filters: []*ec2.Filter{ - {Name: aws.String("scope"), Values: []*string{aws.String("Availability Zone")}}, - }, - InstanceTenancy: aws.String("default"), - InstanceType: &exampleInstanceType, - ProductDescription: aws.String("Linux/UNIX"), - }, - func(results *ec2.DescribeReservedInstancesOfferingsOutput, lastPage bool) bool { - for _, offering := range results.ReservedInstancesOfferings { - if offering.AvailabilityZone == nil { - continue - } - - available[instanceClass][*offering.AvailabilityZone] = exists - } - - return !lastPage - }, - ) - if err != nil { - t.Fatal(err) - } - - if reflect.DeepEqual(available[instanceClass], zones) { - allowed = append(allowed, instanceClass) - } - } - - if len(allowed) == 0 { - t.Fatalf("none of the preferred instance classes are fully supported: %v", available) - } - - t.Log(available) - assert.Contains(t, allowed, defaults.InstanceClass(region)) - }) - } -} From ce9dd4d3d5d9075fb5b251e589ff202c7ba241e3 Mon Sep 17 00:00:00 2001 From: Abhinav Dahiya Date: Wed, 11 Mar 2020 19:50:24 -0700 Subject: [PATCH 08/18] aws: use SDK and rhcos AMIs to calculate known regions w.r.t to the installer there are four kind of regions that user can provide. First, is a commercial AWS region where the RHCOS AMIs are published and known to the installer Second, is a commercial AWS region where the RHCOS AMIS are not published or not know to the isntaller at that verion Third, is a restricted or soverign AWS region where RHCOS AMIs are not published but also these regions do not allowing traffic across the region traffic. Fourth lastly is a custom region only available to the user. For commercial regions in first, the installer is expected to use the AMI embedded in the binary. For the commercial regions in second, the installer is expected to `import` the AMI from one of the regions in first. For the restricted AWS regions, the installer cannot `import` the AMI to these regions and therefore the user is expected to provide the installer with the AMI that needs to be used. Similarly for custom regions only for users, the users are expected to provide the AMI. Now, the list of regions that fall into first vs second depends on the regions for which AMI exists in `rhcos{-amd64}.json`. Since the contents of that file are mounted into the binary at build time using `shurcooL/vfsgen` there are two ways to provide this list to the go code, - either provide an API as part of `rhcos` pkg that reads the rhcos.json from the embedded assets since the file asset is not available to `read` unless the binary is built or `OPENSHIFT_INSTALL_DATA` env is set, if we were to run unit tests using `go test` the tests would fail to run. Having the capability of running unit tests without setting any env or building a release binary severly hinders the extent of the unit tests that are capable. - check in a hard coded list of the regions based on the rhcos.json contents. This has the advantage of go tests just working fine without any extra configuration. But now there is a need to update the file to match the rhcos.json To help with automatic management, we can use go generate to create a go file that uses the rhcos.json as input and outputs a go file with a list of regions as a variable. But this file needs to be checked in the version control. and the only step when the rhcos.json is bumped or changed is running `go generate ./pkg/rhcos/...` To follow the second method, a new executable go file `ami_regions_generate.go` is added which can be executed as ``` go run ami_regions_generate.go ``` The generator provides a variable `AMIRegions` which is a string slice of all the regions that are part of `rhcos.json` The `ami.go` include a go generate tag to allow go generate to execute the generator and update the list. The installconfig asset package now provides a public function to check whether a region is `Known` i.e. regions in the first category. --- pkg/asset/installconfig/aws/regions.go | 35 +++++++++++ pkg/rhcos/ami.go | 2 + pkg/rhcos/ami_regions.go | 24 ++++++++ pkg/rhcos/ami_regions_generate.go | 83 ++++++++++++++++++++++++++ 4 files changed, 144 insertions(+) create mode 100644 pkg/asset/installconfig/aws/regions.go create mode 100644 pkg/rhcos/ami_regions.go create mode 100644 pkg/rhcos/ami_regions_generate.go diff --git a/pkg/asset/installconfig/aws/regions.go b/pkg/asset/installconfig/aws/regions.go new file mode 100644 index 00000000000..b9a866bc8dd --- /dev/null +++ b/pkg/asset/installconfig/aws/regions.go @@ -0,0 +1,35 @@ +package aws + +import ( + "github.com/aws/aws-sdk-go/aws/endpoints" + "k8s.io/apimachinery/pkg/util/sets" + + "github.com/openshift/installer/pkg/rhcos" +) + +// knownRegions is a list of AWS regions that the installer recognizes. +// This is subset of AWS regions and the regions where RHEL CoreOS images are published. +// The result is a map of region identifier to region description +func knownRegions() map[string]string { + required := sets.NewString(rhcos.AMIRegions...) + + regions := make(map[string]string) + for _, partition := range endpoints.DefaultPartitions() { + for _, partitionRegion := range partition.Regions() { + partitionRegion := partitionRegion + if required.Has(partitionRegion.ID()) { + regions[partitionRegion.ID()] = partitionRegion.Description() + } + } + } + return regions +} + +// IsKnownRegion return true is a specified region is Known to the installer. +// A known region is subset of AWS regions and the regions where RHEL CoreOS images are published. +func IsKnownRegion(region string) bool { + if _, ok := knownRegions()[region]; ok { + return true + } + return false +} diff --git a/pkg/rhcos/ami.go b/pkg/rhcos/ami.go index 625ba9e80ac..04cb15db911 100644 --- a/pkg/rhcos/ami.go +++ b/pkg/rhcos/ami.go @@ -1,3 +1,5 @@ +//go:generate go run ami_regions_generate.go rhcos ../../data/data/rhcos-amd64.json ami_regions.go + package rhcos import ( diff --git a/pkg/rhcos/ami_regions.go b/pkg/rhcos/ami_regions.go new file mode 100644 index 00000000000..aebc16fe8a0 --- /dev/null +++ b/pkg/rhcos/ami_regions.go @@ -0,0 +1,24 @@ +// Code generated by ami_regions_generate.go; DO NOT EDIT. + +package rhcos + +// AMIRegoins is a list of regions where the RHEL CoreOS is published. +var AMIRegions = []string{ + "ap-northeast-1", + "ap-northeast-2", + "ap-south-1", + "ap-southeast-1", + "ap-southeast-2", + "ca-central-1", + "eu-central-1", + "eu-north-1", + "eu-west-1", + "eu-west-2", + "eu-west-3", + "me-south-1", + "sa-east-1", + "us-east-1", + "us-east-2", + "us-west-1", + "us-west-2", +} diff --git a/pkg/rhcos/ami_regions_generate.go b/pkg/rhcos/ami_regions_generate.go new file mode 100644 index 00000000000..7495cc42002 --- /dev/null +++ b/pkg/rhcos/ami_regions_generate.go @@ -0,0 +1,83 @@ +// +build tools + +package main + +import ( + "bytes" + "encoding/json" + "fmt" + "io/ioutil" + "log" + "os" + "path/filepath" + "sort" + "text/template" +) + +func main() { + if len(os.Args) != 4 { + log.Fatalln("exactly 4 arguments must be provided") + } + argsWithoutProg := os.Args[1:] + + pkg := argsWithoutProg[0] + srcPath, err := filepath.Abs(argsWithoutProg[1]) + log.Println("srcPath: ", srcPath) + if err != nil { + log.Fatalln("failed to load absolute path for the source") + } + dstPath, err := filepath.Abs(argsWithoutProg[2]) + log.Println("dstPath: ", dstPath) + if err != nil { + log.Fatalln("failed to load absolute path for the source") + } + + srcData, err := ioutil.ReadFile(srcPath) + if err != nil { + log.Fatalln(err) + } + + var m metadata + if err := json.Unmarshal(srcData, &m); err != nil { + log.Fatalln(fmt.Errorf("failed to unmarshal source: %v", err)) + } + + regions := make([]string, 0, len(m.AMIs)) + for region := range m.AMIs { + regions = append(regions, region) + } + sort.Strings(regions) + + tinput := struct { + Pkg string + Regions []string + }{Pkg: pkg, Regions: regions} + + t := template.Must(template.New("ami_regions").Parse(tmpl)) + buf := &bytes.Buffer{} + if err := t.Execute(buf, tinput); err != nil { + log.Fatalln(fmt.Errorf("failed to execute the template: %v", err)) + } + + if err := ioutil.WriteFile(dstPath, buf.Bytes(), 0664); err != nil { + log.Fatalln(err) + } +} + +type metadata struct { + AMIs map[string]struct { + HVM string `json:"hvm"` + } `json:"amis"` +} + +var tmpl = `// Code generated by ami_regions_generate.go; DO NOT EDIT. + +package {{ .Pkg }} + +// AMIRegoins is a list of regions where the RHEL CoreOS is published. +var AMIRegions = []string{ +{{- range $region := .Regions}} + "{{ $region }}", +{{- end}} +} +` From 92cfcd790e34da3f5231eb78ceec46bfee4f2a72 Mon Sep 17 00:00:00 2001 From: Abhinav Dahiya Date: Wed, 11 Mar 2020 19:52:21 -0700 Subject: [PATCH 09/18] asset/installconfig/aws/platform.go: use the known regions for region list for tui The terminal prompts must only provide users a list of regions where the installer has a RHCOS AMI published. The terminal prompts are designed for getting started regions and unknown regions end up requiring a lot more configuration most times that the TUI can support. --- pkg/asset/installconfig/aws/platform.go | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/pkg/asset/installconfig/aws/platform.go b/pkg/asset/installconfig/aws/platform.go index adde4835137..78ffa8f3114 100644 --- a/pkg/asset/installconfig/aws/platform.go +++ b/pkg/asset/installconfig/aws/platform.go @@ -5,18 +5,19 @@ import ( "sort" "strings" - "github.com/openshift/installer/pkg/types/aws" - "github.com/openshift/installer/pkg/types/aws/validation" "github.com/pkg/errors" "github.com/sirupsen/logrus" survey "gopkg.in/AlecAivazis/survey.v1" + + "github.com/openshift/installer/pkg/types/aws" ) // Platform collects AWS-specific configuration. func Platform() (*aws.Platform, error) { - longRegions := make([]string, 0, len(validation.Regions)) - shortRegions := make([]string, 0, len(validation.Regions)) - for id, location := range validation.Regions { + regions := knownRegions() + longRegions := make([]string, 0, len(regions)) + shortRegions := make([]string, 0, len(regions)) + for id, location := range regions { longRegions = append(longRegions, fmt.Sprintf("%s (%s)", id, location)) shortRegions = append(shortRegions, id) } @@ -25,8 +26,7 @@ func Platform() (*aws.Platform, error) { }) defaultRegion := "us-east-1" - _, ok := validation.Regions[defaultRegion] - if !ok { + if !IsKnownRegion(defaultRegion) { panic(fmt.Sprintf("installer bug: invalid default AWS region %q", defaultRegion)) } @@ -37,8 +37,7 @@ func Platform() (*aws.Platform, error) { defaultRegionPointer := ssn.Config.Region if defaultRegionPointer != nil && *defaultRegionPointer != "" { - _, ok := validation.Regions[*defaultRegionPointer] - if ok { + if IsKnownRegion(*defaultRegionPointer) { defaultRegion = *defaultRegionPointer } else { logrus.Warnf("Unrecognized AWS region %q, defaulting to %s", *defaultRegionPointer, defaultRegion) @@ -54,7 +53,7 @@ func Platform() (*aws.Platform, error) { Prompt: &survey.Select{ Message: "Region", Help: "The AWS region to be used for installation.", - Default: fmt.Sprintf("%s (%s)", defaultRegion, validation.Regions[defaultRegion]), + Default: fmt.Sprintf("%s (%s)", defaultRegion, regions[defaultRegion]), Options: longRegions, }, Validate: survey.ComposeValidators(survey.Required, func(ans interface{}) error { From 3e5f4198cc1fed38d3d67357e156add9a0f94123 Mon Sep 17 00:00:00 2001 From: Abhinav Dahiya Date: Wed, 11 Mar 2020 19:53:00 -0700 Subject: [PATCH 10/18] aws/validation/platform.go: drop region validation from install-config Previously isntaller only allowed users to specify certain regions in the install-config. But now users should be allowed to specify any region in the install-config.yaml various validations can be added to make sure users provide AMIs, service endpoints for custom regions to allow installs to succeed. --- pkg/types/aws/validation/platform.go | 48 ++-------------------- pkg/types/aws/validation/platform_test.go | 4 +- pkg/types/validation/installconfig_test.go | 2 +- 3 files changed, 6 insertions(+), 48 deletions(-) diff --git a/pkg/types/aws/validation/platform.go b/pkg/types/aws/validation/platform.go index a4a1e94e621..64bdf4d11e0 100644 --- a/pkg/types/aws/validation/platform.go +++ b/pkg/types/aws/validation/platform.go @@ -4,60 +4,18 @@ import ( "fmt" "net/url" "regexp" - "sort" "k8s.io/apimachinery/pkg/util/validation/field" "github.com/openshift/installer/pkg/types/aws" ) -var ( - // Regions is a map of the known AWS regions. The key of the map is - // the short name of the region. The value of the map is the long - // name of the region. - Regions = map[string]string{ - //"ap-east-1": "Hong Kong", - "ap-northeast-1": "Tokyo", - "ap-northeast-2": "Seoul", - //"ap-northeast-3": "Osaka-Local", - "ap-south-1": "Mumbai", - "ap-southeast-1": "Singapore", - "ap-southeast-2": "Sydney", - "ca-central-1": "Central", - //"cn-north-1": "Beijing", - //"cn-northwest-1": "Ningxia", - "eu-central-1": "Frankfurt", - "eu-north-1": "Stockholm", - "eu-west-1": "Ireland", - "eu-west-2": "London", - "eu-west-3": "Paris", - "me-south-1": "Bahrain", - "sa-east-1": "São Paulo", - "us-east-1": "N. Virginia", - "us-east-2": "Ohio", - //"us-gov-east-1": "AWS GovCloud (US-East)", - //"us-gov-west-1": "AWS GovCloud (US-West)", - "us-west-1": "N. California", - "us-west-2": "Oregon", - } - - validRegionValues = func() []string { - validValues := make([]string, len(Regions)) - i := 0 - for r := range Regions { - validValues[i] = r - i++ - } - sort.Strings(validValues) - return validValues - }() -) - // ValidatePlatform checks that the specified platform is valid. func ValidatePlatform(p *aws.Platform, fldPath *field.Path) field.ErrorList { allErrs := field.ErrorList{} - if _, ok := Regions[p.Region]; !ok { - allErrs = append(allErrs, field.NotSupported(fldPath.Child("region"), p.Region, validRegionValues)) + + if p.Region == "" { + allErrs = append(allErrs, field.Required(fldPath.Child("region"), "region must be specified")) } allErrs = append(allErrs, validateServiceEndpoints(p.ServiceEndpoints, fldPath.Child("serviceEndpoints"))...) diff --git a/pkg/types/aws/validation/platform_test.go b/pkg/types/aws/validation/platform_test.go index 583515567f9..3626d7e0f36 100644 --- a/pkg/types/aws/validation/platform_test.go +++ b/pkg/types/aws/validation/platform_test.go @@ -24,9 +24,9 @@ func TestValidatePlatform(t *testing.T) { { name: "invalid region", platform: &aws.Platform{ - Region: "bad-region", + Region: "", }, - expected: `^test-path\.region: Unsupported value: "bad-region": supported values: .*$`, + expected: `^test-path\.region: Required value: region must be specified$`, }, { name: "invalid url for service endpoint", diff --git a/pkg/types/validation/installconfig_test.go b/pkg/types/validation/installconfig_test.go index 1465d31c3f3..18d02fc1703 100644 --- a/pkg/types/validation/installconfig_test.go +++ b/pkg/types/validation/installconfig_test.go @@ -518,7 +518,7 @@ func TestValidateInstallConfig(t *testing.T) { } return c }(), - expectedError: `^platform\.aws\.region: Unsupported value: "": supported values: "ap-northeast-1", "ap-northeast-2", "ap-south-1", "ap-southeast-1", "ap-southeast-2", "ca-central-1", "eu-central-1", "eu-north-1", "eu-west-1", "eu-west-2", "eu-west-3", "me-south-1", "sa-east-1", "us-east-1", "us-east-2", "us-west-1", "us-west-2"$`, + expectedError: `^platform\.aws\.region: Required value: region must be specified$`, }, { name: "valid libvirt platform", From cf79a75308faf38e11f758457ca40748b797e56a Mon Sep 17 00:00:00 2001 From: Abhinav Dahiya Date: Wed, 11 Mar 2020 20:57:09 -0700 Subject: [PATCH 11/18] asset/installconfig/aws: add validation to require endpoints for certain services for custom regions Since the AWS SDK has the endpoints for most of the services for it's internal region, we require that users provide service endpoints for some required services when using custom region. the required services are: "ec2", "elasticloadbalancing", "iam", "route53", "s3", "sts", and "tagging". Also the users need to specify AMI for these custom regions. --- pkg/asset/installconfig/aws/validation.go | 48 ++++++++++++ .../installconfig/aws/validation_test.go | 77 ++++++++++++++++++- 2 files changed, 124 insertions(+), 1 deletion(-) diff --git a/pkg/asset/installconfig/aws/validation.go b/pkg/asset/installconfig/aws/validation.go index 7f3bdb3ad87..d36d4adf1d5 100644 --- a/pkg/asset/installconfig/aws/validation.go +++ b/pkg/asset/installconfig/aws/validation.go @@ -6,7 +6,9 @@ import ( "net" "sort" + "github.com/aws/aws-sdk-go/aws/endpoints" "github.com/pkg/errors" + utilerrors "k8s.io/apimachinery/pkg/util/errors" "k8s.io/apimachinery/pkg/util/sets" "k8s.io/apimachinery/pkg/util/validation/field" @@ -37,9 +39,17 @@ func Validate(ctx context.Context, meta *Metadata, config *types.InstallConfig) func validatePlatform(ctx context.Context, meta *Metadata, fldPath *field.Path, platform *awstypes.Platform, networking *types.Networking, publish types.PublishingStrategy) field.ErrorList { allErrs := field.ErrorList{} + + if !isAWSSDKRegion(platform.Region) && platform.AMIID == "" { + allErrs = append(allErrs, field.Required(fldPath.Child("amiID"), "AMI must be provided")) + } + if len(platform.Subnets) > 0 { allErrs = append(allErrs, validateSubnets(ctx, meta, fldPath.Child("subnets"), platform.Subnets, networking, publish)...) } + if err := validateServiceEndpoints(fldPath.Child("serviceEndpoints"), platform.Region, platform.ServiceEndpoints); err != nil { + allErrs = append(allErrs, field.Invalid(fldPath.Child("serviceEndpoints"), platform.ServiceEndpoints, err.Error())) + } if platform.DefaultMachinePlatform != nil { allErrs = append(allErrs, validateMachinePool(ctx, meta, fldPath.Child("defaultMachinePlatform"), platform, platform.DefaultMachinePlatform)...) } @@ -165,3 +175,41 @@ func validateDuplicateSubnetZones(fldPath *field.Path, subnets map[string]Subnet } return allErrs } + +func validateServiceEndpoints(fldPath *field.Path, region string, services []awstypes.ServiceEndpoint) error { + if isAWSSDKRegion(region) { + return nil + } + + resolver := newAWSResolver(region, services) + var errs []error + for _, service := range requiredServices { + _, err := resolver.EndpointFor(service, region, endpoints.StrictMatchingOption) + if err != nil { + errs = append(errs, errors.Wrapf(err, "failed to find endpoint for service %q", service)) + } + } + return utilerrors.NewAggregate(errs) +} + +func isAWSSDKRegion(region string) bool { + for _, partition := range endpoints.DefaultPartitions() { + for _, partitionRegion := range partition.Regions() { + partitionRegion := partitionRegion + if region == partitionRegion.ID() { + return true + } + } + } + return false +} + +var requiredServices = []string{ + "ec2", + "elasticloadbalancing", + "iam", + "route53", + "s3", + "sts", + "tagging", +} diff --git a/pkg/asset/installconfig/aws/validation_test.go b/pkg/asset/installconfig/aws/validation_test.go index 6613d5b7ea8..9dbf3960db8 100644 --- a/pkg/asset/installconfig/aws/validation_test.go +++ b/pkg/asset/installconfig/aws/validation_test.go @@ -25,6 +25,7 @@ func validInstallConfig() *types.InstallConfig { Publish: types.ExternalPublishingStrategy, Platform: types.Platform{ AWS: &aws.Platform{ + Region: "us-east-1", Subnets: []string{ "valid-private-subnet-a", "valid-private-subnet-b", @@ -90,6 +91,31 @@ func validPublicSubnets() map[string]Subnet { } } +func validServiceEndpoints() []aws.ServiceEndpoint { + return []aws.ServiceEndpoint{{ + Name: "ec2", + URL: "e2e.local", + }, { + Name: "s3", + URL: "e2e.local", + }, { + Name: "iam", + URL: "e2e.local", + }, { + Name: "elasticloadbalancing", + URL: "e2e.local", + }, { + Name: "tagging", + URL: "e2e.local", + }, { + Name: "route53", + URL: "e2e.local", + }, { + Name: "sts", + URL: "e2e.local", + }} +} + func TestValidate(t *testing.T) { tests := []struct { name string @@ -102,7 +128,7 @@ func TestValidate(t *testing.T) { name: "valid no byo", installConfig: func() *types.InstallConfig { c := validInstallConfig() - c.Platform.AWS = &aws.Platform{} + c.Platform.AWS = &aws.Platform{Region: "us-east-1"} return c }(), availZones: validAvailZones(), @@ -315,6 +341,55 @@ func TestValidate(t *testing.T) { privateSubnets: validPrivateSubnets(), publicSubnets: validPublicSubnets(), exptectErr: `^\[compute\[0\]\.platform\.aws\.zones: Invalid value: \[\]string{\"a\", \"b\", \"c\", \"d\"}: No subnets provided for zones \[d\], compute\[1\]\.platform\.aws\.zones: Invalid value: \[\]string{\"a\", \"b\", \"e\"}: No subnets provided for zones \[e\]\]$`, + }, { + name: "custom region invalid service endpoints none provided", + installConfig: func() *types.InstallConfig { + c := validInstallConfig() + c.Platform.AWS.Region = "test-region" + c.Platform.AWS.AMIID = "dummy-id" + return c + }(), + availZones: validAvailZones(), + privateSubnets: validPrivateSubnets(), + publicSubnets: validPublicSubnets(), + exptectErr: `^platform\.aws\.serviceEndpoints: Invalid value: (.|\n)*: \[failed to find endpoint for service "ec2": (.|\n)*, failed to find endpoint for service "elasticloadbalancing": (.|\n)*, failed to find endpoint for service "iam": (.|\n)*, failed to find endpoint for service "route53": (.|\n)*, failed to find endpoint for service "s3": (.|\n)*, failed to find endpoint for service "sts": (.|\n)*, failed to find endpoint for service "tagging": (.|\n)*\]$`, + }, { + name: "custom region invalid service endpoints some provided", + installConfig: func() *types.InstallConfig { + c := validInstallConfig() + c.Platform.AWS.Region = "test-region" + c.Platform.AWS.AMIID = "dummy-id" + c.Platform.AWS.ServiceEndpoints = validServiceEndpoints()[:3] + return c + }(), + availZones: validAvailZones(), + privateSubnets: validPrivateSubnets(), + publicSubnets: validPublicSubnets(), + exptectErr: `^platform\.aws\.serviceEndpoints: Invalid value: (.|\n)*: \[failed to find endpoint for service "elasticloadbalancing": (.|\n)*, failed to find endpoint for service "route53": (.|\n)*, failed to find endpoint for service "sts": (.|\n)*, failed to find endpoint for service "tagging": (.|\n)*$`, + }, { + name: "custom region valid service endpoints", + installConfig: func() *types.InstallConfig { + c := validInstallConfig() + c.Platform.AWS.Region = "test-region" + c.Platform.AWS.AMIID = "dummy-id" + c.Platform.AWS.ServiceEndpoints = validServiceEndpoints() + return c + }(), + availZones: validAvailZones(), + privateSubnets: validPrivateSubnets(), + publicSubnets: validPublicSubnets(), + }, { + name: "AMI not provided for unknown region", + installConfig: func() *types.InstallConfig { + c := validInstallConfig() + c.Platform.AWS.Region = "test-region" + c.Platform.AWS.ServiceEndpoints = validServiceEndpoints() + return c + }(), + availZones: validAvailZones(), + privateSubnets: validPrivateSubnets(), + publicSubnets: validPublicSubnets(), + exptectErr: `^platform\.aws\.amiID: Required value: AMI must be provided$`, }} for _, test := range tests { From 0ac6cb11ee4006426a96d258411c7c1bbbb7ec1e Mon Sep 17 00:00:00 2001 From: Abhinav Dahiya Date: Thu, 12 Mar 2020 19:59:13 -0700 Subject: [PATCH 12/18] aws: copy AMI from us-east-1 for SDK regions when not available for the second category of the regions, commercial AWS regions that don't have RHCOS AMI published but that allow AMI import, the installer is expected to copy the AMI to the user's account from one of the RHCOS published ones. So the installer picks the AMI published for us-east-1 region and copies it to the chosen region for the cluster to use. Currently, the rhcos.Image asset's string content is extended to be `,` when the AMI to be used is different from the cluster's region. And the machinesets and machine objects are updated to use AWS tags to find the generated AMI. The user is still allowed to provide an AMI if they want to re-use one, and the installer will use the AMI as is and will not copy/import the AMI. --- data/data/aws/bootstrap/main.tf | 6 +++--- data/data/aws/main.tf | 21 ++++++++++++++++++-- data/data/aws/master/main.tf | 6 +++--- data/data/aws/variables-aws.tf | 31 +++++++++++++++++------------- pkg/asset/cluster/tfvars.go | 9 +++++++++ pkg/asset/machines/aws/machines.go | 11 +++++++++-- pkg/asset/machines/master.go | 10 +++++++++- pkg/asset/machines/worker.go | 10 +++++++++- pkg/asset/rhcos/image.go | 13 +++++++++++-- pkg/tfvars/aws/aws.go | 12 +++++++++++- 10 files changed, 101 insertions(+), 28 deletions(-) diff --git a/data/data/aws/bootstrap/main.tf b/data/data/aws/bootstrap/main.tf index c5e473ea60d..b8633d924f3 100644 --- a/data/data/aws/bootstrap/main.tf +++ b/data/data/aws/bootstrap/main.tf @@ -135,7 +135,7 @@ resource "aws_instance" "bootstrap" { tags = merge( { - "Name" = "${var.cluster_id}-bootstrap" + "Name" = "${var.cluster_id}-bootstrap" }, var.tags, ) @@ -150,7 +150,7 @@ resource "aws_instance" "bootstrap" { volume_tags = merge( { - "Name" = "${var.cluster_id}-bootstrap-vol" + "Name" = "${var.cluster_id}-bootstrap-vol" }, var.tags, ) @@ -174,7 +174,7 @@ resource "aws_security_group" "bootstrap" { tags = merge( { - "Name" = "${var.cluster_id}-bootstrap-sg" + "Name" = "${var.cluster_id}-bootstrap-sg" }, var.tags, ) diff --git a/data/data/aws/main.tf b/data/data/aws/main.tf index 02a39bc81d9..0f6d0d4b63b 100644 --- a/data/data/aws/main.tf +++ b/data/data/aws/main.tf @@ -27,7 +27,7 @@ provider "aws" { module "bootstrap" { source = "./bootstrap" - ami = var.aws_ami + ami = var.aws_region == var.aws_ami_region ? var.aws_ami : aws_ami_copy.imported[0].id instance_type = var.aws_bootstrap_instance_type cluster_id = var.cluster_id ignition = var.ignition_bootstrap @@ -62,7 +62,7 @@ module "masters" { root_volume_kms_key_id = var.aws_master_root_volume_kms_key_id target_group_arns = module.vpc.aws_lb_target_group_arns target_group_arns_length = module.vpc.aws_lb_target_group_arns_length - ec2_ami = var.aws_ami + ec2_ami = var.aws_region == var.aws_ami_region ? var.aws_ami : aws_ami_copy.imported[0].id user_data_ign = var.ignition_master publish_strategy = var.aws_publish_strategy } @@ -111,3 +111,20 @@ module "vpc" { tags = local.tags } +resource "aws_ami_copy" "imported" { + count = var.aws_region != var.aws_ami_region ? 1 : 0 + name = "${var.cluster_id}-master" + source_ami_id = var.aws_ami + source_ami_region = var.aws_ami_region + encrypted = true + + tags = merge( + { + "Name" = "${var.cluster_id}-ami-${var.aws_region}" + "sourceAMI" = var.aws_ami + "sourceRegion" = var.aws_ami_region + }, + local.tags, + ) +} + diff --git a/data/data/aws/master/main.tf b/data/data/aws/master/main.tf index 8cb2957976c..2d7cf0159e7 100644 --- a/data/data/aws/master/main.tf +++ b/data/data/aws/master/main.tf @@ -126,7 +126,7 @@ resource "aws_network_interface" "master" { tags = merge( { - "Name" = "${var.cluster_id}-master-${count.index}" + "Name" = "${var.cluster_id}-master-${count.index}" }, var.tags, ) @@ -154,7 +154,7 @@ resource "aws_instance" "master" { tags = merge( { - "Name" = "${var.cluster_id}-master-${count.index}" + "Name" = "${var.cluster_id}-master-${count.index}" }, var.tags, ) @@ -169,7 +169,7 @@ resource "aws_instance" "master" { volume_tags = merge( { - "Name" = "${var.cluster_id}-master-${count.index}-vol" + "Name" = "${var.cluster_id}-master-${count.index}-vol" }, var.tags, ) diff --git a/data/data/aws/variables-aws.tf b/data/data/aws/variables-aws.tf index 5948a647d2e..24a348adfcf 100644 --- a/data/data/aws/variables-aws.tf +++ b/data/data/aws/variables-aws.tf @@ -21,20 +21,25 @@ EOF } variable "aws_bootstrap_instance_type" { - type = string + type = string description = "Instance type for the bootstrap node. Example: `m4.large`." } variable "aws_master_instance_type" { - type = string + type = string description = "Instance type for the master node(s). Example: `m4.large`." } variable "aws_ami" { - type = string + type = string description = "AMI for all nodes. An encrypted copy of this AMI will be used. Example: `ami-foobar123`." } +variable "aws_ami_region" { + type = string + description = "Region for the AMI for all nodes. An encrypted copy of this AMI will be used. Example: `ami-foobar123`." +} + variable "aws_extra_tags" { type = map(string) @@ -89,39 +94,39 @@ EOF } variable "aws_region" { - type = string + type = string description = "The target AWS region for the cluster." } variable "aws_master_availability_zones" { - type = list(string) + type = list(string) description = "The availability zones in which to create the masters. The length of this list must match master_count." } variable "aws_worker_availability_zones" { - type = list(string) + type = list(string) description = "The availability zones to provision for workers. Worker instances are created by the machine-API operator, but this variable controls their supporting infrastructure (subnets, routing, etc.)." } variable "aws_vpc" { - type = string - default = null + type = string + default = null description = "(optional) An existing network (VPC ID) into which the cluster should be installed." } variable "aws_public_subnets" { - type = list(string) - default = null + type = list(string) + default = null description = "(optional) Existing public subnets into which the cluster should be installed." } variable "aws_private_subnets" { - type = list(string) - default = null + type = list(string) + default = null description = "(optional) Existing private subnets into which the cluster should be installed." } variable "aws_publish_strategy" { - type = string + type = string description = "The cluster publishing strategy, either Internal or External" } diff --git a/pkg/asset/cluster/tfvars.go b/pkg/asset/cluster/tfvars.go index 0a5d5f87378..0ada5e1538b 100644 --- a/pkg/asset/cluster/tfvars.go +++ b/pkg/asset/cluster/tfvars.go @@ -9,6 +9,7 @@ import ( "net" "net/url" "os" + "strings" igntypes "github.com/coreos/ignition/config/v2_2/types" gcpprovider "github.com/openshift/cluster-api-provider-gcp/pkg/apis/gcpprovider/v1beta1" @@ -214,6 +215,12 @@ func (t *TerraformVariables) Generate(parents asset.Parents) error { for i, m := range workers { workerConfigs[i] = m.Spec.Template.Spec.ProviderSpec.Value.Object.(*awsprovider.AWSMachineProviderConfig) } + osImage := strings.SplitN(string(*rhcosImage), ",", 2) + osImageID := osImage[0] + osImageRegion := installConfig.Config.AWS.Region + if len(osImage) == 2 { + osImageRegion = osImage[1] + } data, err := awstfvars.TFVars(awstfvars.TFVarsSources{ VPC: vpc, PrivateSubnets: privateSubnets, @@ -222,6 +229,8 @@ func (t *TerraformVariables) Generate(parents asset.Parents) error { Publish: installConfig.Config.Publish, MasterConfigs: masterConfigs, WorkerConfigs: workerConfigs, + AMIID: osImageID, + AMIRegion: osImageRegion, }) if err != nil { return errors.Wrapf(err, "failed to get %s Terraform variables", platform) diff --git a/pkg/asset/machines/aws/machines.go b/pkg/asset/machines/aws/machines.go index a75e1891f22..3e12865fbbb 100644 --- a/pkg/asset/machines/aws/machines.go +++ b/pkg/asset/machines/aws/machines.go @@ -79,7 +79,6 @@ func Machines(clusterID string, region string, subnets map[string]string, pool * } func provider(clusterID string, region string, subnet string, instanceType string, root *aws.EC2RootVolume, osImage string, zone, role, userDataSecret string, userTags map[string]string) (*awsprovider.AWSMachineProviderConfig, error) { - amiID := osImage tags, err := tagsFromUserTags(clusterID, userTags) if err != nil { return nil, errors.Wrap(err, "failed to create awsprovider.TagSpecifications from UserTags") @@ -102,7 +101,6 @@ func provider(clusterID string, region string, subnet string, instanceType strin }, }, }, - AMI: awsprovider.AWSResourceReference{ID: &amiID}, Tags: tags, IAMInstanceProfile: &awsprovider.AWSResourceReference{ID: pointer.StringPtr(fmt.Sprintf("%s-%s-profile", clusterID, role))}, UserDataSecret: &corev1.LocalObjectReference{Name: userDataSecret}, @@ -125,6 +123,15 @@ func provider(clusterID string, region string, subnet string, instanceType strin config.Subnet.ID = pointer.StringPtr(subnet) } + if osImage == "" { + config.AMI.Filters = []awsprovider.Filter{{ + Name: "tag:Name", + Values: []string{fmt.Sprintf("%s-ami-%s", clusterID, region)}, + }} + } else { + config.AMI.ID = pointer.StringPtr(osImage) + } + return config, nil } diff --git a/pkg/asset/machines/master.go b/pkg/asset/machines/master.go index ad1a1406b4a..4fa7f64af6e 100644 --- a/pkg/asset/machines/master.go +++ b/pkg/asset/machines/master.go @@ -5,6 +5,7 @@ import ( "fmt" "os" "path/filepath" + "strings" "github.com/ghodss/yaml" baremetalapi "github.com/metal3-io/cluster-api-provider-baremetal/pkg/apis" @@ -159,7 +160,14 @@ func (m *Master) Generate(dependencies asset.Parents) error { } mpool := defaultAWSMachinePoolPlatform() - mpool.AMIID = string(*rhcosImage) + + osImage := strings.SplitN(string(*rhcosImage), ",", 2) + osImageID := osImage[0] + if len(osImage) == 2 { + osImageID = "" // the AMI will be generated later on + } + mpool.AMIID = osImageID + mpool.Set(ic.Platform.AWS.DefaultMachinePlatform) mpool.Set(pool.Platform.AWS) if len(mpool.Zones) == 0 { diff --git a/pkg/asset/machines/worker.go b/pkg/asset/machines/worker.go index f224f37dfe4..8b9dac85c97 100644 --- a/pkg/asset/machines/worker.go +++ b/pkg/asset/machines/worker.go @@ -5,6 +5,7 @@ import ( "fmt" "os" "path/filepath" + "strings" "github.com/ghodss/yaml" baremetalapi "github.com/metal3-io/cluster-api-provider-baremetal/pkg/apis" @@ -195,7 +196,14 @@ func (w *Worker) Generate(dependencies asset.Parents) error { } mpool := defaultAWSMachinePoolPlatform() - mpool.AMIID = string(*rhcosImage) + + osImage := strings.SplitN(string(*rhcosImage), ",", 2) + osImageID := osImage[0] + if len(osImage) == 2 { + osImageID = "" // the AMI will be generated later on + } + mpool.AMIID = osImageID + mpool.Set(ic.Platform.AWS.DefaultMachinePlatform) mpool.Set(pool.Platform.AWS) if len(mpool.Zones) == 0 { diff --git a/pkg/asset/rhcos/image.go b/pkg/asset/rhcos/image.go index 926769da8cc..56dbbaa0fa4 100644 --- a/pkg/asset/rhcos/image.go +++ b/pkg/asset/rhcos/image.go @@ -3,7 +3,7 @@ package rhcos import ( "context" - "github.com/openshift/installer/pkg/types/ovirt" + "fmt" "os" "time" @@ -12,6 +12,7 @@ import ( "github.com/openshift/installer/pkg/asset" "github.com/openshift/installer/pkg/asset/installconfig" + configaws "github.com/openshift/installer/pkg/asset/installconfig/aws" "github.com/openshift/installer/pkg/rhcos" "github.com/openshift/installer/pkg/types" "github.com/openshift/installer/pkg/types/aws" @@ -21,6 +22,7 @@ import ( "github.com/openshift/installer/pkg/types/libvirt" "github.com/openshift/installer/pkg/types/none" "github.com/openshift/installer/pkg/types/openstack" + "github.com/openshift/installer/pkg/types/ovirt" "github.com/openshift/installer/pkg/types/vsphere" ) @@ -75,7 +77,14 @@ func osImage(config *types.InstallConfig) (string, error) { osimage = config.Platform.AWS.AMIID break } - osimage, err = rhcos.AMI(ctx, arch, config.Platform.AWS.Region) + region := config.Platform.AWS.Region + if !configaws.IsKnownRegion(config.Platform.AWS.Region) { + region = "us-east-1" + } + osimage, err = rhcos.AMI(ctx, arch, region) + if region != config.Platform.AWS.Region { + osimage = fmt.Sprintf("%s,%s", osimage, region) + } case gcp.Name: osimage, err = rhcos.GCP(ctx, arch) case libvirt.Name: diff --git a/pkg/tfvars/aws/aws.go b/pkg/tfvars/aws/aws.go index f2e26cade53..037ad4c7d99 100644 --- a/pkg/tfvars/aws/aws.go +++ b/pkg/tfvars/aws/aws.go @@ -15,6 +15,7 @@ import ( type config struct { AMI string `json:"aws_ami"` + AMIRegion string `json:"aws_ami_region"` CustomEndpoints map[string]string `json:"custom_endpoints,omitempty"` ExtraTags map[string]string `json:"aws_extra_tags,omitempty"` BootstrapInstanceType string `json:"aws_bootstrap_instance_type,omitempty"` @@ -41,6 +42,8 @@ type TFVarsSources struct { Publish types.PublishingStrategy + AMIID, AMIRegion string + MasterConfigs, WorkerConfigs []*v1beta1.AWSMachineProviderConfig } @@ -101,7 +104,6 @@ func TFVars(sources TFVarsSources) ([]byte, error) { CustomEndpoints: endpoints, Region: masterConfig.Placement.Region, ExtraTags: tags, - AMI: *masterConfig.AMI.ID, MasterAvailabilityZones: masterAvailabilityZones, WorkerAvailabilityZones: workerAvailabilityZones, BootstrapInstanceType: fmt.Sprintf("%s.large", instanceClass), @@ -135,5 +137,13 @@ func TFVars(sources TFVarsSources) ([]byte, error) { cfg.KMSKeyID = *rootVolume.EBS.KMSKey.ARN } + if masterConfig.AMI.ID != nil && *masterConfig.AMI.ID != "" { + cfg.AMI = *masterConfig.AMI.ID + cfg.AMIRegion = masterConfig.Placement.Region + } else { + cfg.AMI = sources.AMIID + cfg.AMIRegion = sources.AMIRegion + } + return json.MarshalIndent(cfg, "", " ") } From 982bd2fb16cff2a28f99f064d6fd08dbb169e491 Mon Sep 17 00:00:00 2001 From: Abhinav Dahiya Date: Mon, 16 Mar 2020 16:54:34 -0700 Subject: [PATCH 13/18] vendor: update the openshift/api --- go.mod | 6 +- go.sum | 31 +-- vendor/github.com/openshift/api/LICENSE | 14 +- ...0_10_config-operator_01_apiserver.crd.yaml | 10 + ...config-operator_01_authentication.crd.yaml | 2 +- ...config-operator_01_infrastructure.crd.yaml | 157 ++++++++++++- .../api/config/v1/types_authentication.go | 2 +- .../openshift/api/config/v1/types_console.go | 4 +- .../openshift/api/config/v1/types_feature.go | 1 + .../api/config/v1/types_infrastructure.go | 123 ++++++++++ .../api/config/v1/types_operatorhub.go | 1 + .../api/config/v1/types_tlssecurityprofile.go | 2 + .../api/config/v1/zz_generated.deepcopy.go | 220 +++++++++++++++++- .../v1/zz_generated.swagger_doc_generated.go | 107 ++++++++- ...000_10_config-operator_01_config.crd.yaml} | 14 +- ...authentication-operator_01_config.crd.yaml | 11 + ...roller-manager-operator_02_config.crd.yaml | 137 ----------- ...perator_00-custom-resource-definition.yaml | 49 ++++ .../v1/0000_70_console-operator.crd.yaml | 33 +++ .../api/operator/v1/types_authentication.go | 15 +- .../openshift/api/operator/v1/types_config.go | 43 ++++ .../api/operator/v1/types_console.go | 26 +++ .../api/operator/v1/types_ingress.go | 35 +++ .../v1/types_servicecatalogapiserver.go | 2 + .../types_servicecatalogcontrollermanager.go | 2 + .../api/operator/v1/zz_generated.deepcopy.go | 130 +++++++++++ .../v1/zz_generated.swagger_doc_generated.go | 48 +++- .../openshift/api/route/v1/generated.pb.go | 60 ++--- .../openshift/api/route/v1/types.go | 6 +- vendor/modules.txt | 6 +- 30 files changed, 1041 insertions(+), 256 deletions(-) rename vendor/github.com/openshift/api/operator/v1/{0000_50_cluster-svcat-apiserver-operator_02_config.crd.yaml => 0000_10_config-operator_01_config.crd.yaml} (93%) delete mode 100644 vendor/github.com/openshift/api/operator/v1/0000_50_cluster-svcat-controller-manager-operator_02_config.crd.yaml create mode 100644 vendor/github.com/openshift/api/operator/v1/types_config.go diff --git a/go.mod b/go.mod index db10a472d06..1ef2733f2b5 100644 --- a/go.mod +++ b/go.mod @@ -115,8 +115,8 @@ require ( gopkg.in/AlecAivazis/survey.v1 v1.8.9-0.20200217094205-6773bdf39b7f gopkg.in/ini.v1 v1.51.0 gopkg.in/yaml.v2 v2.2.8 - k8s.io/api v0.17.2 - k8s.io/apimachinery v0.17.3 + k8s.io/api v0.18.0 + k8s.io/apimachinery v0.18.0 k8s.io/client-go v12.0.0+incompatible k8s.io/klog v1.0.0 k8s.io/utils v0.0.0-20191217005138-9e5e9d854fcc @@ -133,7 +133,7 @@ replace ( github.com/hashicorp/terraform-plugin-sdk => github.com/openshift/hashicorp-terraform-plugin-sdk v1.6.0-openshift // Pin to fork with public rpc types github.com/metal3-io/baremetal-operator => github.com/openshift/baremetal-operator v0.0.0-20200206190020-71b826cc0f0a // Use OpenShift fork github.com/metal3-io/cluster-api-provider-baremetal => github.com/openshift/cluster-api-provider-baremetal v0.0.0-20190821174549-a2a477909c1d // Pin OpenShift fork - github.com/openshift/api => github.com/openshift/api v0.0.0-20200210091934-a0e53e94816b // Pin API + github.com/openshift/api => github.com/openshift/api v0.0.0-20200413201024-c6e8c9b6eb9a // Pin API github.com/openshift/machine-config-operator => github.com/openshift/machine-config-operator v0.0.1-0.20200130220348-e5685c0cf530 // Pin MCO so it doesn't get downgraded github.com/terraform-providers/terraform-provider-azurerm => github.com/openshift/terraform-provider-azurerm v1.41.1-openshift-3 // Pin to openshift fork with IPv6 fixes google.golang.org/api => google.golang.org/api v0.13.0 // Pin to version required by tf-provider-google diff --git a/go.sum b/go.sum index 8852792fd98..1ababf8e90f 100644 --- a/go.sum +++ b/go.sum @@ -1762,13 +1762,13 @@ github.com/opencontainers/selinux v1.3.0/go.mod h1:+BLncwf63G4dgOzykXAxcmnFlUaOl github.com/opencontainers/selinux v1.3.1-0.20190929122143-5215b1806f52/go.mod h1:+BLncwf63G4dgOzykXAxcmnFlUaOlkDdmw/CqsW6pjs= github.com/openshift-metal3/terraform-provider-ironic v0.2.0 h1:MAImxv6UaTtvf2BkPG9YS+EvIqMsXQhNQNDfV7FE2D0= github.com/openshift-metal3/terraform-provider-ironic v0.2.0/go.mod h1:G79T6t60oBpYfZK/x960DRzYsNHdz5YVCHINx6QlmtU= -github.com/openshift/api v0.0.0-20200210091934-a0e53e94816b h1:BERD6sZj7w9Tt0RBpuw87AC0+SppyxEUgUG/Of5rI+E= -github.com/openshift/api v0.0.0-20200210091934-a0e53e94816b/go.mod h1:fT6U/JfG8uZzemTRwZA2kBDJP5nWz7v05UHnty/D+pk= +github.com/openshift/api v0.0.0-20200413201024-c6e8c9b6eb9a h1:fIIKps4VKnxrXSp3lhgSatm5C1xb1qfMtJsmyr3iMXw= +github.com/openshift/api v0.0.0-20200413201024-c6e8c9b6eb9a/go.mod h1:RKMJ5CBnljLfnej+BJ/xnOWc3kZDvJUaIAEq2oKSPtE= github.com/openshift/baremetal-operator v0.0.0-20200206190020-71b826cc0f0a h1:65ZuRkPnQGh9uo0z93KosrPlwEWJNxUjxnuM9lyGBHc= github.com/openshift/baremetal-operator v0.0.0-20200206190020-71b826cc0f0a/go.mod h1:cXwn0hhgHpORjBasg0RnZwhKaJGy9+r6qgj0HCXrs/Y= github.com/openshift/build-machinery-go v0.0.0-20200205161356-ef115f5adc73/go.mod h1:1CkcsT3aVebzRBzVTSbiKSkJMsC/CASqxesfqEMfJEc= +github.com/openshift/build-machinery-go v0.0.0-20200211121458-5e3d6e570160/go.mod h1:1CkcsT3aVebzRBzVTSbiKSkJMsC/CASqxesfqEMfJEc= github.com/openshift/client-go v0.0.0-20190617165122-8892c0adc000/go.mod h1:6rzn+JTr7+WYS2E1TExP4gByoABxMznR6y2SnUIkmxk= -github.com/openshift/client-go v0.0.0-20191001081553-3b0e988f8cb0 h1:U0rtkdPj1lTC5iQwN3Ev+FgyZUTsJFg60rc0ExTGLpc= github.com/openshift/client-go v0.0.0-20191001081553-3b0e988f8cb0/go.mod h1:6rzn+JTr7+WYS2E1TExP4gByoABxMznR6y2SnUIkmxk= github.com/openshift/client-go v0.0.0-20200116152001-92a2713fa240 h1:XYfJWv2Ch+qInGLDEedHRtDsJwnxyU1L8U7SY56NcA8= github.com/openshift/client-go v0.0.0-20200116152001-92a2713fa240/go.mod h1:4riOwdj99Hd/q+iAcJZfNCsQQQMwURnZV6RL4WHYS5w= @@ -1790,8 +1790,6 @@ github.com/openshift/cluster-api-provider-gcp v0.0.1-0.20200120152131-1b09fd9e71 github.com/openshift/cluster-api-provider-gcp v0.0.1-0.20200120152131-1b09fd9e7156/go.mod h1:KCyjaBfEkifs9bqV1HEXDJUyQylgeLSqiqt2QnMn7is= github.com/openshift/cluster-api-provider-libvirt v0.2.1-0.20191219173431-2336783d4603 h1:MC6BSZYxFPoqqKj9PdlGjHGVKcMsvn6Kv1NiVzQErZ8= github.com/openshift/cluster-api-provider-libvirt v0.2.1-0.20191219173431-2336783d4603/go.mod h1:7pQ9Bzha+ug/5zd+0ufbDEcnn2OnNlPwRwYrzhXk4NM= -github.com/openshift/cluster-api-provider-openstack v0.0.0-20200221124403-d699c3611b0c h1:Rn/Ip2nbWUhvOF9/EZaorxKVcQnm427cSOJQJIFXuHQ= -github.com/openshift/cluster-api-provider-openstack v0.0.0-20200221124403-d699c3611b0c/go.mod h1:ntMRKZlv++TExGO4g2jgsVIaHKJt8kKe72BAvMPV5vA= github.com/openshift/cluster-api-provider-openstack v0.0.0-20200323110431-3311de91e078 h1:Irj9ROcWhbeH6t2DEUDIpdIJgSLBaXww6AP/FMCmGmw= github.com/openshift/cluster-api-provider-openstack v0.0.0-20200323110431-3311de91e078/go.mod h1:ntMRKZlv++TExGO4g2jgsVIaHKJt8kKe72BAvMPV5vA= github.com/openshift/cluster-api-provider-ovirt v0.1.1-0.20200128081049-840376ca5c09 h1:QJxGgIB7f5BqNPEZOCgV29NsDf1P439Bs3q0B5O3fP8= @@ -1849,7 +1847,6 @@ github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtP github.com/pelletier/go-buffruneio v0.2.0/go.mod h1:JkE26KsDizTr40EUHkXVtNPvgGtbSNq5BcowyYOWdKo= github.com/pelletier/go-toml v1.1.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= -github.com/pelletier/go-toml v1.4.0 h1:u3Z1r+oOXJIkxqw34zVhyPgjBsm6X2wn21NWs/HfSeg= github.com/pelletier/go-toml v1.4.0/go.mod h1:PN7xzY2wHTK0K9p34ErDQMlFxa51Fk0OUruD3k1mMwo= github.com/performancecopilot/speed v3.0.0+incompatible/go.mod h1:/CLtqpZ5gBg1M9iaPbIdPPGyKcA8hKdoy6hAWba7Yac= github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= @@ -1975,7 +1972,6 @@ github.com/seccomp/containers-golang v0.3.1/go.mod h1:ZUNmbYf+/7mfX5qYV07/krJnTd github.com/seccomp/libseccomp-golang v0.9.0/go.mod h1:GbW5+tmTXfcxTToHLXlScSlAvWlF4P2Ca7zGrPiEpWo= github.com/seccomp/libseccomp-golang v0.9.1/go.mod h1:GbW5+tmTXfcxTToHLXlScSlAvWlF4P2Ca7zGrPiEpWo= github.com/securego/gosec v0.0.0-20191002120514-e680875ea14d/go.mod h1:w5+eXa0mYznDkHaMCXA4XYffjlH+cy1oyKbfzJXa2Do= -github.com/securego/gosec v0.0.0-20200103095621-79fbf3af8d83 h1:AtnWoOvTioyDXFvu96MWEeE8qj4COSQnJogzLy/u41A= github.com/securego/gosec v0.0.0-20200103095621-79fbf3af8d83/go.mod h1:vvbZ2Ae7AzSq3/kywjUDxSNq2SJ27RxCz2un0H3ePqE= github.com/segmentio/kafka-go v0.1.0/go.mod h1:X6itGqS9L4jDletMsxZ7Dz+JFWxM6JHfPOCvTvk+EJo= github.com/serenize/snaker v0.0.0-20171204205717-a683aaf2d516/go.mod h1:Yow6lPLSAXx2ifx470yD/nUe22Dv5vBvxK/UK9UUTVs= @@ -2038,7 +2034,6 @@ github.com/soheilhy/cmux v0.1.4 h1:0HKaf1o97UwFjHH9o5XsHUOF+tqmdA7KEzXLpiyaw0E= github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM= github.com/sony/gobreaker v0.4.1/go.mod h1:ZKptC7FHNvhBz7dN2LGjPVBz2sZJmc0/PkyDJOjmxWY= github.com/sourcegraph/annotate v0.0.0-20160123013949-f4cad6c6324d/go.mod h1:UdhH50NIW0fCiwBSr0co2m7BnFLdv4fQTgdqdJTHFeE= -github.com/sourcegraph/go-diff v0.5.1 h1:gO6i5zugwzo1RVTvgvfwCOSVegNuvnNi6bAD1QCmkHs= github.com/sourcegraph/go-diff v0.5.1/go.mod h1:j2dHj3m8aZgQO8lMTcTnBcXkRRRqi34cd2MNlA9u1mE= github.com/sourcegraph/syntaxhighlight v0.0.0-20170531221838-bd320f5d308e/go.mod h1:HuIsMU8RRBOtsCgI77wP899iHVBQpCmg4ErYMZB+2IA= github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= @@ -2049,7 +2044,6 @@ github.com/spf13/afero v1.2.1/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTd github.com/spf13/afero v1.2.2 h1:5jhuqJyZCZf2JRofRvN/nIFgIWNzPa3/Vz8mYylgbWc= github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk= github.com/spf13/cast v1.2.0/go.mod h1:r2rcYCSwa1IExKTDiTfzaxqT2FNHs8hODu4LnUfgKEg= -github.com/spf13/cast v1.3.0 h1:oget//CVOEoFewqQxwr0Ej5yjygnqGkvggSE/gB35Q8= github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= github.com/spf13/cobra v0.0.2/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= @@ -2058,7 +2052,6 @@ github.com/spf13/cobra v0.0.5 h1:f0B+LkLX6DtmRH1isoNA9VTtNUK9K8xYd28JNNfOv/s= github.com/spf13/cobra v0.0.5/go.mod h1:3K3wKZymM7VvHMDS9+Akkh4K60UwM26emMESw8tLCHU= github.com/spf13/jwalterweatherman v0.0.0-20180109140146-7c0cea34c8ec/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= -github.com/spf13/jwalterweatherman v1.1.0 h1:ue6voC5bR5F8YxI5S67j9i582FU4Qvo2bmqnqMYADFk= github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo= github.com/spf13/pflag v0.0.0-20170130214245-9ff6c6923cff/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= github.com/spf13/pflag v1.0.1/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= @@ -2072,7 +2065,6 @@ github.com/spf13/viper v1.3.0/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DM github.com/spf13/viper v1.3.1/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DMA2s= github.com/spf13/viper v1.3.2/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DMA2s= github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/yZzE= -github.com/spf13/viper v1.6.1 h1:VPZzIkznI1YhVMRi6vNFLHSwhnhReBfgTxIPccpfdZk= github.com/spf13/viper v1.6.1/go.mod h1:t3iDnF5Jlj76alVNuyFBk5oUMCvsrkbvZK0WQdfDi5k= github.com/src-d/gcfg v1.4.0/go.mod h1:p/UMsR43ujA89BJY9duynAwIpvqEujIH/jFlfL7jWoI= github.com/stathat/go v1.0.0/go.mod h1:+9Eg2szqkcOGWv6gfheJmBBsmq9Qf5KDbzy8/aYYR0c= @@ -2084,7 +2076,6 @@ github.com/streadway/amqp v0.0.0-20190404075320-75d898a42a94/go.mod h1:AZpEONHx3 github.com/streadway/handy v0.0.0-20190108123426-d5acb3125c2a/go.mod h1:qNTQ5P5JnDBl6z3cMAg/SywNDC5ABu5ApDIw6lUbRmI= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/objx v0.2.0 h1:Hbg2NidpLE8veEBkEZTL3CvlkUIVzuU9jDplZO54c48= github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE= github.com/stretchr/testify v0.0.0-20151208002404-e3a8ff8ce365/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.2.0/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= @@ -2093,7 +2084,6 @@ github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXf github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJyk= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= -github.com/subosito/gotenv v1.2.0 h1:Slr1R9HxAlEKefgq5jn9U+DnETlIUa6HfgEzj0g5d7s= github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= github.com/svanharmelen/jsonapi v0.0.0-20180618144545-0c0828c3f16d h1:Z4EH+5EffvBEhh37F0C0DnpklTMh00JOkjW5zK3ofBI= github.com/svanharmelen/jsonapi v0.0.0-20180618144545-0c0828c3f16d/go.mod h1:BSTlc8jOjh0niykqEGVXOLXdi9o0r0kR8tCYiMvjFgw= @@ -2125,7 +2115,6 @@ github.com/terraform-providers/terraform-provider-vsphere v1.16.2/go.mod h1:yTPD github.com/thecodeteam/goscaleio v0.1.0/go.mod h1:68sdkZAsK8bvEwBlbQnlLS+xU+hvLYM/iQ8KXej1AwM= github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk= github.com/timakin/bodyclose v0.0.0-20190721030226-87058b9bfcec/go.mod h1:Qimiffbc6q9tBWlVV6x0P9sat/ao1xEkREYPPj9hphk= -github.com/timakin/bodyclose v0.0.0-20190930140734-f7f2e9bca95e h1:RumXZ56IrCj4CL+g1b9OL/oH0QnsF976bC8xQFYUD5Q= github.com/timakin/bodyclose v0.0.0-20190930140734-f7f2e9bca95e/go.mod h1:Qimiffbc6q9tBWlVV6x0P9sat/ao1xEkREYPPj9hphk= github.com/tinylib/msgp v1.1.0/go.mod h1:+d+yLhGm8mzTaHzB+wgMYrodPfmZrzkirds8fDWklFE= github.com/tj/go-elastic v0.0.0-20171221160941-36157cbbebc2/go.mod h1:WjeM0Oo1eNAjXGDx2yma7uG2XoyRZTq1uv3M/o7imD0= @@ -2137,7 +2126,6 @@ github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5 h1:LnC5Kc github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/tombuildsstuff/giovanni v0.7.1 h1:QJG5TJNIjcRbMsaQGF1HtWEpZbu8xLAOmZuMIk7wf14= github.com/tombuildsstuff/giovanni v0.7.1/go.mod h1:Xu/XU+DiRrKTDoCnJNGuh9ysD0eJyi/zU/naFh2aN9I= -github.com/tommy-muehle/go-mnd v1.1.1 h1:4D0wuPKjOTiK2garzuPGGvm4zZ/wLYDOH8TJSABC7KU= github.com/tommy-muehle/go-mnd v1.1.1/go.mod h1:dSUh0FtTP8VhvkL1S+gUR1OKd9ZnSaozuI6r3m6wOig= github.com/ttacon/chalk v0.0.0-20160626202418-22c06c80ed31/go.mod h1:onvgF043R+lC5RZ8IT9rBXDaEDnpnw/Cl+HFiw+v/7Q= github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM= @@ -2154,9 +2142,7 @@ github.com/ulikunitz/xz v0.5.5/go.mod h1:2bypXElzHzzJZwzH67Y6wb67pO62Rzfn7BSiF4A github.com/ulikunitz/xz v0.5.6 h1:jGHAfXawEGZQ3blwU5wnWKQJvAraT7Ftq9EXjnXYgt8= github.com/ulikunitz/xz v0.5.6/go.mod h1:2bypXElzHzzJZwzH67Y6wb67pO62Rzfn7BSiF4ABRW8= github.com/ultraware/funlen v0.0.1/go.mod h1:Dp4UiAus7Wdb9KUZsYWZEWiRzGuM2kXM1lPbfaF6xhA= -github.com/ultraware/funlen v0.0.2 h1:Av96YVBwwNSe4MLR7iI/BIa3VyI7/djnto/pK3Uxbdo= github.com/ultraware/funlen v0.0.2/go.mod h1:Dp4UiAus7Wdb9KUZsYWZEWiRzGuM2kXM1lPbfaF6xhA= -github.com/ultraware/whitespace v0.0.4 h1:If7Va4cM03mpgrNH9k49/VOicWpGoG70XPBFFODYDsg= github.com/ultraware/whitespace v0.0.4/go.mod h1:aVMh/gQve5Maj9hQ/hg+F75lr/X5A89uZnzAmWSineA= github.com/unrolled/secure v0.0.0-20180918153822-f340ee86eb8b/go.mod h1:mnPT77IAdsi/kV7+Es7y+pXALeV3h7G6dQF6mNYjcLA= github.com/unrolled/secure v0.0.0-20181005190816-ff9db2ff917f/go.mod h1:mnPT77IAdsi/kV7+Es7y+pXALeV3h7G6dQF6mNYjcLA= @@ -2166,7 +2152,6 @@ github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijb github.com/urfave/cli v1.21.0/go.mod h1:lxDj6qX9Q6lWQxIrbrT0nwecwUtRnhVZAJjJZrVUZZQ= github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= github.com/urfave/negroni v1.0.0/go.mod h1:Meg73S6kFm/4PpbYdq35yYWoCZ9mS/YSx+lKnmiohz4= -github.com/uudashr/gocognit v1.0.1 h1:MoG2fZ0b/Eo7NXoIwCVFLG5JED3qgQz5/NEE+rOsjPs= github.com/uudashr/gocognit v1.0.1/go.mod h1:j44Ayx2KW4+oB6SWMv8KsmHzZrOInQav7D3cQMJ5JUM= github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc= github.com/valyala/fasthttp v1.2.0/go.mod h1:4vX61m6KN+xDduDNwXrhIAVZaZaZiQ1luJk8LWSxF3s= @@ -2193,7 +2178,6 @@ github.com/vmihailenco/msgpack v4.0.4+incompatible h1:dSLoQfGFAo3F6OoNhwUmLwVgaU github.com/vmihailenco/msgpack v4.0.4+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk= github.com/vmware/govmomi v0.20.3/go.mod h1:URlwyTFZX72RmxtxuaFL2Uj3fD1JTvZdx59bHWk6aFU= github.com/vmware/govmomi v0.21.0/go.mod h1:zbnFoBQ9GIjs2RVETy8CNEpb+L+Lwkjs3XZUL0B3/m0= -github.com/vmware/govmomi v0.22.1 h1:ZIEYmBdAS2i+s7RctapqdHfbeGiUcL8LRN05uS4TfPc= github.com/vmware/govmomi v0.22.1/go.mod h1:Y+Wq4lst78L85Ge/F8+ORXIWiKYqaro1vhAulACy9Lc= github.com/vmware/govmomi v0.22.2 h1:hmLv4f+RMTTseqtJRijjOWzwELiaLMIoHv2D6H3bF4I= github.com/vmware/govmomi v0.22.2/go.mod h1:Y+Wq4lst78L85Ge/F8+ORXIWiKYqaro1vhAulACy9Lc= @@ -2348,7 +2332,6 @@ golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHl golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f h1:J5lckAjkw6qYlOZNj90mLYNTEKDvWeuc1yieZ8qUzUE= golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs= golang.org/x/lint v0.0.0-20200302205851-738671d3881b h1:Wh+f8QHJXR411sJR8/vRBTZ7YapZaRvUcLFFJhusH0k= golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= @@ -2414,7 +2397,6 @@ golang.org/x/net v0.0.0-20191004110552-13f9640d40b9/go.mod h1:z5CRVTTTmAJ677TzLL golang.org/x/net v0.0.0-20191009170851-d66e71096ffb/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20191126235420-ef20fe5d7933/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20191204025024-5ee1b9f4859a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553 h1:efeOvDhwQ29Dj3SdAV/MJf8oukgn+8D8WgaCaRMchF8= golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200202094626-16171245cfb2 h1:CCH4IOTTfewWjGOlSp+zGcjutRKlBEZQ6wTn8ozI/nI= golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= @@ -2633,10 +2615,8 @@ golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtn golang.org/x/tools v0.0.0-20191203134012-c197fd4bf371/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191204011308-9611592c72f6/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200102140908-9497f49d5709/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200115044656-831fdb1e1868 h1:6VZw2h4iwEB4GwgQU3Jvcsm8l9+yReTrErAEK1k6AC4= golang.org/x/tools v0.0.0-20200115044656-831fdb1e1868/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200204192400-7124308813f3 h1:Ms82wn6YK4ZycO6Bxyh0kxX3gFFVGo79CCuc52xgcys= golang.org/x/tools v0.0.0-20200204192400-7124308813f3/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200214201135-548b770e2dfa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200216192241-b320d3a0f5a2 h1:0sfSpGSa544Fwnbot3Oxq/U6SXqjty6Jy/3wRhVS7ig= @@ -2759,7 +2739,6 @@ gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.7 h1:VUgggvou5XRW9mHwD/yXxIYSMtY0zoKQf/v226p2nyo= gopkg.in/yaml.v2 v2.2.7/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= @@ -2838,12 +2817,9 @@ modernc.org/golex v1.0.0/go.mod h1:b/QX9oBD/LhixY6NDh+IdGv17hgB+51fET1i2kPSmvk= modernc.org/mathutil v1.0.0/go.mod h1:wU0vUrJsVWBZ4P6e7xtFJEhFSNsfRLJ8H458uRjg03k= modernc.org/strutil v1.0.0/go.mod h1:lstksw84oURvj9y3tn8lGvRxyRC1S2+g5uuIzNfIOBs= modernc.org/xc v1.0.0/go.mod h1:mRNCo0bvLjGhHO9WsyuKVU4q0ceiDDDoEeWDJHrNx8I= -mvdan.cc/interfacer v0.0.0-20180901003855-c20040233aed h1:WX1yoOaKQfddO/mLzdV4wptyWgoH/6hwLs7QHTixo0I= mvdan.cc/interfacer v0.0.0-20180901003855-c20040233aed/go.mod h1:Xkxe497xwlCKkIaQYRfC7CSLworTXY9RMqwhhCm+8Nc= -mvdan.cc/lint v0.0.0-20170908181259-adc824a0674b h1:DxJ5nJdkhDlLok9K6qO+5290kphDJbHOQO1DFFFTeBo= mvdan.cc/lint v0.0.0-20170908181259-adc824a0674b/go.mod h1:2odslEg/xrtNQqCYg2/jCoyKnw3vv5biOc3JnIcYfL4= mvdan.cc/unparam v0.0.0-20190209190245-fbb59629db34/go.mod h1:H6SUd1XjIs+qQCyskXg5OFSrilMRUkD8ePJpHKDPaeY= -mvdan.cc/unparam v0.0.0-20190720180237-d51796306d8f h1:Cq7MalBHYACRd6EesksG1Q8EoIAKOsiZviGKbOLIej4= mvdan.cc/unparam v0.0.0-20190720180237-d51796306d8f/go.mod h1:4G1h5nDURzA3bwVMZIVpwbkw+04kSxk3rAtzlimaUJw= rsc.io/binaryregexp v0.2.0 h1:HfqmD5MEmC0zvwBuF187nq9mdnXjXsSivRiXN7SmRkE= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= @@ -2871,7 +2847,6 @@ sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o= sourcegraph.com/sourcegraph/appdash v0.0.0-20190107175209-d9ea5c54f7dc/go.mod h1:hI742Nqp5OhwiqlzhgfbWU4mW4yO10fP+LoT9WOswdU= sourcegraph.com/sourcegraph/appdash-data v0.0.0-20151005221446-73f23eafcf67/go.mod h1:L5q+DGLGOQFpo1snNEkLOJT2d1YTW66rWNzatr3He1k= sourcegraph.com/sourcegraph/go-diff v0.5.0/go.mod h1:kuch7UrkMzY0X+p9CRK03kfuPQ2zzQcaEFbx8wA8rck= -sourcegraph.com/sqs/pbtypes v0.0.0-20180604144634-d3ebe8f20ae4 h1:JPJh2pk3+X4lXAkZIk2RuE/7/FoK9maXw+TNPJhVS/c= sourcegraph.com/sqs/pbtypes v0.0.0-20180604144634-d3ebe8f20ae4/go.mod h1:ketZ/q3QxT9HOBeFhu6RdvsftgpsbFHBF5Cas6cDKZ0= vbom.ml/util v0.0.0-20160121211510-db5cfe13f5cc/go.mod h1:so/NYdZXCz+E3ZpW0uAoCj6uzU2+8OWDFv/HxUSs7kI= vbom.ml/util v0.0.0-20180919145318-efcd4e0f9787/go.mod h1:so/NYdZXCz+E3ZpW0uAoCj6uzU2+8OWDFv/HxUSs7kI= diff --git a/vendor/github.com/openshift/api/LICENSE b/vendor/github.com/openshift/api/LICENSE index 8dada3edaf5..5c389317ecc 100644 --- a/vendor/github.com/openshift/api/LICENSE +++ b/vendor/github.com/openshift/api/LICENSE @@ -1,3 +1,4 @@ + Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ @@ -175,18 +176,7 @@ END OF TERMS AND CONDITIONS - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "{}" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright {yyyy} {name of copyright owner} + Copyright 2020 Red Hat, Inc. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_apiserver.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_apiserver.crd.yaml index 4e1fdac3704..ebabc900951 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_apiserver.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_apiserver.crd.yaml @@ -165,6 +165,11 @@ spec: \n minTLSVersion: TLSv1.1 \n NOTE: currently the highest minTLSVersion allowed is VersionTLS12" type: string + enum: + - VersionTLS10 + - VersionTLS11 + - VersionTLS12 + - VersionTLS13 nullable: true intermediate: description: "intermediate is a TLS security profile based on: \n @@ -215,5 +220,10 @@ spec: profile is currently not supported because it is not yet well adopted by common software libraries." type: string + enum: + - Old + - Intermediate + - Modern + - Custom status: type: object diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd.yaml index bb95918d9da..0fbf020bd81 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd.yaml @@ -64,7 +64,7 @@ spec: type: string serviceAccountIssuer: description: serviceAccountIssuer is the identifier of the bound service - account token issuer. The default is auth.openshift.io. + account token issuer. The default is https://kubernetes.default.svc type: string type: description: type identifies the cluster managed, user facing authentication diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure.crd.yaml index 8da8bb45ad4..80e2de3b803 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure.crd.yaml @@ -53,6 +53,89 @@ spec: type: string name: type: string + platformSpec: + description: platformSpec holds desired information specific to the + underlying infrastructure provider. + type: object + properties: + aws: + description: AWS contains settings specific to the Amazon Web Services + infrastructure provider. + type: object + properties: + serviceEndpoints: + description: serviceEndpoints list contains custom endpoints + which will override default service endpoint of AWS Services. + There must be only one ServiceEndpoint for a service. + type: array + items: + description: AWSServiceEndpoint store the configuration of + a custom url to override existing defaults of AWS Services. + type: object + properties: + name: + description: name is the name of the AWS service. The + list of all the service names can be found at https://docs.aws.amazon.com/general/latest/gr/aws-service-information.html + This must be provided and cannot be empty. + type: string + pattern: ^[a-z0-9-]+$ + url: + description: url is fully qualified URI with scheme https, + that overrides the default generated endpoint for a + client. This must be provided and cannot be empty. + type: string + pattern: ^https:// + azure: + description: Azure contains settings specific to the Azure infrastructure + provider. + type: object + baremetal: + description: BareMetal contains settings specific to the BareMetal + platform. + type: object + gcp: + description: GCP contains settings specific to the Google Cloud + Platform infrastructure provider. + type: object + ibmcloud: + description: IBMCloud contains settings specific to the IBMCloud + infrastructure provider. + type: object + openstack: + description: OpenStack contains settings specific to the OpenStack + infrastructure provider. + type: object + ovirt: + description: Ovirt contains settings specific to the oVirt infrastructure + provider. + type: object + type: + description: type is the underlying infrastructure provider for + the cluster. This value controls whether infrastructure automation + such as service load balancers, dynamic volume provisioning, machine + creation and deletion, and other integrations are enabled. If + None, no infrastructure automation is enabled. Allowed values + are "AWS", "Azure", "BareMetal", "GCP", "Libvirt", "OpenStack", + "VSphere", "oVirt", and "None". Individual components may not + support all platforms, and must handle unrecognized platforms + as None if they do not support that platform. + type: string + enum: + - "" + - AWS + - Azure + - BareMetal + - GCP + - Libvirt + - OpenStack + - None + - VSphere + - oVirt + - IBMCloud + vsphere: + description: VSphere contains settings specific to the VSphere infrastructure + provider. + type: object status: description: status holds observed values from the cluster. They may not be overridden. @@ -82,6 +165,18 @@ spec: description: "platform is the underlying infrastructure provider for the cluster. \n Deprecated: Use platformStatus.type instead." type: string + enum: + - "" + - AWS + - Azure + - BareMetal + - GCP + - Libvirt + - OpenStack + - None + - VSphere + - oVirt + - IBMCloud platformStatus: description: platformStatus holds status information specific to the underlying infrastructure provider. @@ -96,6 +191,28 @@ spec: description: region holds the default AWS region for new AWS resources created by the cluster. type: string + serviceEndpoints: + description: ServiceEndpoints list contains custom endpoints + which will override default service endpoint of AWS Services. + There must be only one ServiceEndpoint for a service. + type: array + items: + description: AWSServiceEndpoint store the configuration of + a custom url to override existing defaults of AWS Services. + type: object + properties: + name: + description: name is the name of the AWS service. The + list of all the service names can be found at https://docs.aws.amazon.com/general/latest/gr/aws-service-information.html + This must be provided and cannot be empty. + type: string + pattern: ^[a-z0-9-]+$ + url: + description: url is fully qualified URI with scheme https, + that overrides the default generated endpoint for a + client. This must be provided and cannot be empty. + type: string + pattern: ^https:// azure: description: Azure contains settings specific to the Azure infrastructure provider. @@ -150,6 +267,22 @@ spec: description: region holds the region for new GCP resources created for the cluster. type: string + ibmcloud: + description: IBMCloud contains settings specific to the IBMCloud + infrastructure provider. + type: object + properties: + location: + description: Location is where the cluster has been deployed + type: string + providerType: + description: ProviderType indicates the type of cluster that + was created + type: string + resourceGroupName: + description: ResourceGroupName is the Resource Group for new + IBMCloud resources created for the cluster. + type: string openstack: description: OpenStack contains settings specific to the OpenStack infrastructure provider. @@ -209,16 +342,30 @@ spec: to the nodes in the cluster. type: string type: - description: type is the underlying infrastructure provider for + description: "type is the underlying infrastructure provider for the cluster. This value controls whether infrastructure automation such as service load balancers, dynamic volume provisioning, machine creation and deletion, and other integrations are enabled. If None, no infrastructure automation is enabled. Allowed values - are "AWS", "Azure", "BareMetal", "GCP", "Libvirt", "OpenStack", - "VSphere", "oVirt", and "None". Individual components may not - support all platforms, and must handle unrecognized platforms - as None if they do not support that platform. + are \"AWS\", \"Azure\", \"BareMetal\", \"GCP\", \"Libvirt\", \"OpenStack\", + \"VSphere\", \"oVirt\", and \"None\". Individual components may + not support all platforms, and must handle unrecognized platforms + as None if they do not support that platform. \n This value will + be synced with to the `status.platform` and `status.platformStatus.type`. + Currently this value cannot be changed once set." type: string + enum: + - "" + - AWS + - Azure + - BareMetal + - GCP + - Libvirt + - OpenStack + - None + - VSphere + - oVirt + - IBMCloud vsphere: description: VSphere contains settings specific to the VSphere infrastructure provider. diff --git a/vendor/github.com/openshift/api/config/v1/types_authentication.go b/vendor/github.com/openshift/api/config/v1/types_authentication.go index df2cdf2b9ae..4f87bd5219d 100644 --- a/vendor/github.com/openshift/api/config/v1/types_authentication.go +++ b/vendor/github.com/openshift/api/config/v1/types_authentication.go @@ -53,7 +53,7 @@ type AuthenticationSpec struct { // serviceAccountIssuer is the identifier of the bound service account token // issuer. - // The default is auth.openshift.io. + // The default is https://kubernetes.default.svc // +optional ServiceAccountIssuer string `json:"serviceAccountIssuer"` } diff --git a/vendor/github.com/openshift/api/config/v1/types_console.go b/vendor/github.com/openshift/api/config/v1/types_console.go index 22b0b5160ae..d64219300dd 100644 --- a/vendor/github.com/openshift/api/config/v1/types_console.go +++ b/vendor/github.com/openshift/api/config/v1/types_console.go @@ -1,6 +1,8 @@ package v1 -import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) // +genclient // +genclient:nonNamespaced diff --git a/vendor/github.com/openshift/api/config/v1/types_feature.go b/vendor/github.com/openshift/api/config/v1/types_feature.go index ce901262729..8bbed607774 100644 --- a/vendor/github.com/openshift/api/config/v1/types_feature.go +++ b/vendor/github.com/openshift/api/config/v1/types_feature.go @@ -112,6 +112,7 @@ var FeatureSets = map[FeatureSet]*FeatureGateEnabledDisabled{ var defaultFeatures = &FeatureGateEnabledDisabled{ Enabled: []string{ + "APIPriorityAndFairness", // sig-apimachinery, deads2k "RotateKubeletServerCertificate", // sig-pod, sjenning "SupportPodPidsLimit", // sig-pod, sjenning "NodeDisruptionExclusion", // sig-scheduling, ccoleman diff --git a/vendor/github.com/openshift/api/config/v1/types_infrastructure.go b/vendor/github.com/openshift/api/config/v1/types_infrastructure.go index 02e38beb057..ece13868b7a 100644 --- a/vendor/github.com/openshift/api/config/v1/types_infrastructure.go +++ b/vendor/github.com/openshift/api/config/v1/types_infrastructure.go @@ -28,6 +28,10 @@ type InfrastructureSpec struct { // The namespace for this config map is openshift-config. // +optional CloudConfig ConfigMapFileReference `json:"cloudConfig"` + + // platformSpec holds desired information specific to the underlying + // infrastructure provider. + PlatformSpec PlatformSpec `json:"platformSpec,omitempty"` } // InfrastructureStatus describes the infrastructure the cluster is leveraging. @@ -65,6 +69,7 @@ type InfrastructureStatus struct { } // PlatformType is a specific supported infrastructure provider. +// +kubebuilder:validation:Enum="";AWS;Azure;BareMetal;GCP;Libvirt;OpenStack;None;VSphere;oVirt;IBMCloud type PlatformType string const ( @@ -110,6 +115,55 @@ const ( IBMCloudProviderTypeVPC IBMCloudProviderType = "VPC" ) +// PlatformSpec holds the desired state specific to the underlying infrastructure provider +// of the current cluster. Since these are used at spec-level for the underlying cluster, it +// is supposed that only one of the spec structs is set. +type PlatformSpec struct { + // type is the underlying infrastructure provider for the cluster. This + // value controls whether infrastructure automation such as service load + // balancers, dynamic volume provisioning, machine creation and deletion, and + // other integrations are enabled. If None, no infrastructure automation is + // enabled. Allowed values are "AWS", "Azure", "BareMetal", "GCP", "Libvirt", + // "OpenStack", "VSphere", "oVirt", and "None". Individual components may not support + // all platforms, and must handle unrecognized platforms as None if they do + // not support that platform. + // + // +unionDiscriminator + Type PlatformType `json:"type"` + + // AWS contains settings specific to the Amazon Web Services infrastructure provider. + // +optional + AWS *AWSPlatformSpec `json:"aws,omitempty"` + + // Azure contains settings specific to the Azure infrastructure provider. + // +optional + Azure *AzurePlatformSpec `json:"azure,omitempty"` + + // GCP contains settings specific to the Google Cloud Platform infrastructure provider. + // +optional + GCP *GCPPlatformSpec `json:"gcp,omitempty"` + + // BareMetal contains settings specific to the BareMetal platform. + // +optional + BareMetal *BareMetalPlatformSpec `json:"baremetal,omitempty"` + + // OpenStack contains settings specific to the OpenStack infrastructure provider. + // +optional + OpenStack *OpenStackPlatformSpec `json:"openstack,omitempty"` + + // Ovirt contains settings specific to the oVirt infrastructure provider. + // +optional + Ovirt *OvirtPlatformSpec `json:"ovirt,omitempty"` + + // VSphere contains settings specific to the VSphere infrastructure provider. + // +optional + VSphere *VSpherePlatformSpec `json:"vsphere,omitempty"` + + // IBMCloud contains settings specific to the IBMCloud infrastructure provider. + // +optional + IBMCloud *IBMCloudPlatformSpec `json:"ibmcloud,omitempty"` +} + // PlatformStatus holds the current status specific to the underlying infrastructure provider // of the current cluster. Since these are used at status-level for the underlying cluster, it // is supposed that only one of the status structs is set. @@ -122,6 +176,9 @@ type PlatformStatus struct { // "OpenStack", "VSphere", "oVirt", and "None". Individual components may not support // all platforms, and must handle unrecognized platforms as None if they do // not support that platform. + // + // This value will be synced with to the `status.platform` and `status.platformStatus.type`. + // Currently this value cannot be changed once set. Type PlatformType `json:"type"` // AWS contains settings specific to the Amazon Web Services infrastructure provider. @@ -151,14 +208,56 @@ type PlatformStatus struct { // VSphere contains settings specific to the VSphere infrastructure provider. // +optional VSphere *VSpherePlatformStatus `json:"vsphere,omitempty"` + + // IBMCloud contains settings specific to the IBMCloud infrastructure provider. + // +optional + IBMCloud *IBMCloudPlatformStatus `json:"ibmcloud,omitempty"` +} + +// AWSServiceEndpoint store the configuration of a custom url to +// override existing defaults of AWS Services. +type AWSServiceEndpoint struct { + // name is the name of the AWS service. + // The list of all the service names can be found at https://docs.aws.amazon.com/general/latest/gr/aws-service-information.html + // This must be provided and cannot be empty. + // + // +kubebuilder:validation:Pattern=`^[a-z0-9-]+$` + Name string `json:"name"` + + // url is fully qualified URI with scheme https, that overrides the default generated + // endpoint for a client. + // This must be provided and cannot be empty. + // + // +kubebuilder:validation:Pattern=`^https://` + URL string `json:"url"` +} + +// AWSPlatformSpec holds the desired state of the Amazon Web Services infrastructure provider. +// This only includes fields that can be modified in the cluster. +type AWSPlatformSpec struct { + // serviceEndpoints list contains custom endpoints which will override default + // service endpoint of AWS Services. + // There must be only one ServiceEndpoint for a service. + // +optional + ServiceEndpoints []AWSServiceEndpoint `json:"serviceEndpoints,omitempty"` } // AWSPlatformStatus holds the current status of the Amazon Web Services infrastructure provider. type AWSPlatformStatus struct { // region holds the default AWS region for new AWS resources created by the cluster. Region string `json:"region"` + + // ServiceEndpoints list contains custom endpoints which will override default + // service endpoint of AWS Services. + // There must be only one ServiceEndpoint for a service. + // +optional + ServiceEndpoints []AWSServiceEndpoint `json:"serviceEndpoints,omitempty"` } +// AzurePlatformSpec holds the desired state of the Azure infrastructure provider. +// This only includes fields that can be modified in the cluster. +type AzurePlatformSpec struct{} + // AzurePlatformStatus holds the current status of the Azure infrastructure provider. type AzurePlatformStatus struct { // resourceGroupName is the Resource Group for new Azure resources created for the cluster. @@ -170,6 +269,10 @@ type AzurePlatformStatus struct { NetworkResourceGroupName string `json:"networkResourceGroupName,omitempty"` } +// GCPPlatformSpec holds the desired state of the Google Cloud Platform infrastructure provider. +// This only includes fields that can be modified in the cluster. +type GCPPlatformSpec struct{} + // GCPPlatformStatus holds the current status of the Google Cloud Platform infrastructure provider. type GCPPlatformStatus struct { // resourceGroupName is the Project ID for new GCP resources created for the cluster. @@ -179,6 +282,10 @@ type GCPPlatformStatus struct { Region string `json:"region"` } +// BareMetalPlatformSpec holds the desired state of the BareMetal infrastructure provider. +// This only includes fields that can be modified in the cluster. +type BareMetalPlatformSpec struct{} + // BareMetalPlatformStatus holds the current status of the BareMetal infrastructure provider. // For more information about the network architecture used with the BareMetal platform type, see: // https://github.com/openshift/installer/blob/master/docs/design/baremetal/networking-infrastructure.md @@ -202,6 +309,10 @@ type BareMetalPlatformStatus struct { NodeDNSIP string `json:"nodeDNSIP,omitempty"` } +// OpenStackPlatformSpec holds the desired state of the OpenStack infrastructure provider. +// This only includes fields that can be modified in the cluster. +type OpenStackPlatformSpec struct{} + // OpenStackPlatformStatus holds the current status of the OpenStack infrastructure provider. type OpenStackPlatformStatus struct { // apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used @@ -227,6 +338,10 @@ type OpenStackPlatformStatus struct { NodeDNSIP string `json:"nodeDNSIP,omitempty"` } +// OvirtPlatformSpec holds the desired state of the oVirt infrastructure provider. +// This only includes fields that can be modified in the cluster. +type OvirtPlatformSpec struct{} + // OvirtPlatformStatus holds the current status of the oVirt infrastructure provider. type OvirtPlatformStatus struct { // apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used @@ -248,6 +363,10 @@ type OvirtPlatformStatus struct { NodeDNSIP string `json:"nodeDNSIP,omitempty"` } +// VSpherePlatformSpec holds the desired state of the vSphere infrastructure provider. +// This only includes fields that can be modified in the cluster. +type VSpherePlatformSpec struct{} + // VSpherePlatformStatus holds the current status of the vSphere infrastructure provider. type VSpherePlatformStatus struct { // apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used @@ -269,6 +388,10 @@ type VSpherePlatformStatus struct { NodeDNSIP string `json:"nodeDNSIP,omitempty"` } +// IBMCloudPlatformSpec holds the desired state of the IBMCloud infrastructure provider. +// This only includes fields that can be modified in the cluster. +type IBMCloudPlatformSpec struct{} + //IBMCloudPlatformStatus holds the current status of the IBMCloud infrastructure provider. type IBMCloudPlatformStatus struct { // Location is where the cluster has been deployed diff --git a/vendor/github.com/openshift/api/config/v1/types_operatorhub.go b/vendor/github.com/openshift/api/config/v1/types_operatorhub.go index 1d998bf37d9..1b2b7f82e9e 100644 --- a/vendor/github.com/openshift/api/config/v1/types_operatorhub.go +++ b/vendor/github.com/openshift/api/config/v1/types_operatorhub.go @@ -37,6 +37,7 @@ type OperatorHubStatus struct { // the state of the default hub sources for OperatorHub on the cluster from // enabled to disabled and vice versa. // +kubebuilder:subresource:status +// +genclient // +genclient:nonNamespaced type OperatorHub struct { metav1.TypeMeta `json:",inline"` diff --git a/vendor/github.com/openshift/api/config/v1/types_tlssecurityprofile.go b/vendor/github.com/openshift/api/config/v1/types_tlssecurityprofile.go index ea788dc162d..9dbacb99668 100644 --- a/vendor/github.com/openshift/api/config/v1/types_tlssecurityprofile.go +++ b/vendor/github.com/openshift/api/config/v1/types_tlssecurityprofile.go @@ -136,6 +136,7 @@ type CustomTLSProfile struct { } // TLSProfileType defines a TLS security profile type. +// +kubebuilder:validation:Enum=Old;Intermediate;Modern;Custom type TLSProfileType string const ( @@ -180,6 +181,7 @@ type TLSProfileSpec struct { // // Note that SSLv3.0 is not a supported protocol version due to well known // vulnerabilities such as POODLE: https://en.wikipedia.org/wiki/POODLE +// +kubebuilder:validation:Enum=VersionTLS10;VersionTLS11;VersionTLS12;VersionTLS13 type TLSProtocolVersion string const ( diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go index 794c67123bf..1403ca3b26f 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go @@ -176,9 +176,35 @@ func (in *APIServerStatus) DeepCopy() *APIServerStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AWSPlatformSpec) DeepCopyInto(out *AWSPlatformSpec) { + *out = *in + if in.ServiceEndpoints != nil { + in, out := &in.ServiceEndpoints, &out.ServiceEndpoints + *out = make([]AWSServiceEndpoint, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSPlatformSpec. +func (in *AWSPlatformSpec) DeepCopy() *AWSPlatformSpec { + if in == nil { + return nil + } + out := new(AWSPlatformSpec) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *AWSPlatformStatus) DeepCopyInto(out *AWSPlatformStatus) { *out = *in + if in.ServiceEndpoints != nil { + in, out := &in.ServiceEndpoints, &out.ServiceEndpoints + *out = make([]AWSServiceEndpoint, len(*in)) + copy(*out, *in) + } return } @@ -192,6 +218,22 @@ func (in *AWSPlatformStatus) DeepCopy() *AWSPlatformStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AWSServiceEndpoint) DeepCopyInto(out *AWSServiceEndpoint) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSServiceEndpoint. +func (in *AWSServiceEndpoint) DeepCopy() *AWSServiceEndpoint { + if in == nil { + return nil + } + out := new(AWSServiceEndpoint) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *AdmissionConfig) DeepCopyInto(out *AdmissionConfig) { *out = *in @@ -359,6 +401,22 @@ func (in *AuthenticationStatus) DeepCopy() *AuthenticationStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AzurePlatformSpec) DeepCopyInto(out *AzurePlatformSpec) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzurePlatformSpec. +func (in *AzurePlatformSpec) DeepCopy() *AzurePlatformSpec { + if in == nil { + return nil + } + out := new(AzurePlatformSpec) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *AzurePlatformStatus) DeepCopyInto(out *AzurePlatformStatus) { *out = *in @@ -375,6 +433,22 @@ func (in *AzurePlatformStatus) DeepCopy() *AzurePlatformStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BareMetalPlatformSpec) DeepCopyInto(out *BareMetalPlatformSpec) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BareMetalPlatformSpec. +func (in *BareMetalPlatformSpec) DeepCopy() *BareMetalPlatformSpec { + if in == nil { + return nil + } + out := new(BareMetalPlatformSpec) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *BareMetalPlatformStatus) DeepCopyInto(out *BareMetalPlatformStatus) { *out = *in @@ -1451,6 +1525,22 @@ func (in *FeatureGateStatus) DeepCopy() *FeatureGateStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GCPPlatformSpec) DeepCopyInto(out *GCPPlatformSpec) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GCPPlatformSpec. +func (in *GCPPlatformSpec) DeepCopy() *GCPPlatformSpec { + if in == nil { + return nil + } + out := new(GCPPlatformSpec) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *GCPPlatformStatus) DeepCopyInto(out *GCPPlatformStatus) { *out = *in @@ -1643,6 +1733,22 @@ func (in *HubSourceStatus) DeepCopy() *HubSourceStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IBMCloudPlatformSpec) DeepCopyInto(out *IBMCloudPlatformSpec) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IBMCloudPlatformSpec. +func (in *IBMCloudPlatformSpec) DeepCopy() *IBMCloudPlatformSpec { + if in == nil { + return nil + } + out := new(IBMCloudPlatformSpec) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *IBMCloudPlatformStatus) DeepCopyInto(out *IBMCloudPlatformStatus) { *out = *in @@ -1868,7 +1974,7 @@ func (in *Infrastructure) DeepCopyInto(out *Infrastructure) { *out = *in out.TypeMeta = in.TypeMeta in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - out.Spec = in.Spec + in.Spec.DeepCopyInto(&out.Spec) in.Status.DeepCopyInto(&out.Status) return } @@ -1928,6 +2034,7 @@ func (in *InfrastructureList) DeepCopyObject() runtime.Object { func (in *InfrastructureSpec) DeepCopyInto(out *InfrastructureSpec) { *out = *in out.CloudConfig = in.CloudConfig + in.PlatformSpec.DeepCopyInto(&out.PlatformSpec) return } @@ -2569,6 +2676,22 @@ func (in *OpenIDIdentityProvider) DeepCopy() *OpenIDIdentityProvider { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OpenStackPlatformSpec) DeepCopyInto(out *OpenStackPlatformSpec) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OpenStackPlatformSpec. +func (in *OpenStackPlatformSpec) DeepCopy() *OpenStackPlatformSpec { + if in == nil { + return nil + } + out := new(OpenStackPlatformSpec) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *OpenStackPlatformStatus) DeepCopyInto(out *OpenStackPlatformStatus) { *out = *in @@ -2704,6 +2827,22 @@ func (in *OperatorHubStatus) DeepCopy() *OperatorHubStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OvirtPlatformSpec) DeepCopyInto(out *OvirtPlatformSpec) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OvirtPlatformSpec. +func (in *OvirtPlatformSpec) DeepCopy() *OvirtPlatformSpec { + if in == nil { + return nil + } + out := new(OvirtPlatformSpec) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *OvirtPlatformStatus) DeepCopyInto(out *OvirtPlatformStatus) { *out = *in @@ -2720,13 +2859,69 @@ func (in *OvirtPlatformStatus) DeepCopy() *OvirtPlatformStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PlatformSpec) DeepCopyInto(out *PlatformSpec) { + *out = *in + if in.AWS != nil { + in, out := &in.AWS, &out.AWS + *out = new(AWSPlatformSpec) + (*in).DeepCopyInto(*out) + } + if in.Azure != nil { + in, out := &in.Azure, &out.Azure + *out = new(AzurePlatformSpec) + **out = **in + } + if in.GCP != nil { + in, out := &in.GCP, &out.GCP + *out = new(GCPPlatformSpec) + **out = **in + } + if in.BareMetal != nil { + in, out := &in.BareMetal, &out.BareMetal + *out = new(BareMetalPlatformSpec) + **out = **in + } + if in.OpenStack != nil { + in, out := &in.OpenStack, &out.OpenStack + *out = new(OpenStackPlatformSpec) + **out = **in + } + if in.Ovirt != nil { + in, out := &in.Ovirt, &out.Ovirt + *out = new(OvirtPlatformSpec) + **out = **in + } + if in.VSphere != nil { + in, out := &in.VSphere, &out.VSphere + *out = new(VSpherePlatformSpec) + **out = **in + } + if in.IBMCloud != nil { + in, out := &in.IBMCloud, &out.IBMCloud + *out = new(IBMCloudPlatformSpec) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PlatformSpec. +func (in *PlatformSpec) DeepCopy() *PlatformSpec { + if in == nil { + return nil + } + out := new(PlatformSpec) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *PlatformStatus) DeepCopyInto(out *PlatformStatus) { *out = *in if in.AWS != nil { in, out := &in.AWS, &out.AWS *out = new(AWSPlatformStatus) - **out = **in + (*in).DeepCopyInto(*out) } if in.Azure != nil { in, out := &in.Azure, &out.Azure @@ -2758,6 +2953,11 @@ func (in *PlatformStatus) DeepCopyInto(out *PlatformStatus) { *out = new(VSpherePlatformStatus) **out = **in } + if in.IBMCloud != nil { + in, out := &in.IBMCloud, &out.IBMCloud + *out = new(IBMCloudPlatformStatus) + **out = **in + } return } @@ -3368,6 +3568,22 @@ func (in *UpdateHistory) DeepCopy() *UpdateHistory { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VSpherePlatformSpec) DeepCopyInto(out *VSpherePlatformSpec) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VSpherePlatformSpec. +func (in *VSpherePlatformSpec) DeepCopy() *VSpherePlatformSpec { + if in == nil { + return nil + } + out := new(VSpherePlatformSpec) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *VSpherePlatformStatus) DeepCopyInto(out *VSpherePlatformStatus) { *out = *in diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go index 982f11c0bc7..6b485ab441d 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go @@ -303,7 +303,7 @@ var map_AuthenticationSpec = map[string]string{ "type": "type identifies the cluster managed, user facing authentication mode in use. Specifically, it manages the component that responds to login attempts. The default is IntegratedOAuth.", "oauthMetadata": "oauthMetadata contains the discovery endpoint data for OAuth 2.0 Authorization Server Metadata for an external OAuth server. This discovery document can be viewed from its served location: oc get --raw '/.well-known/oauth-authorization-server' For further details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 If oauthMetadata.name is non-empty, this value has precedence over any metadata reference stored in status. The key \"oauthMetadata\" is used to locate the data. If specified and the config map or expected key is not found, no metadata is served. If the specified metadata is not valid, no metadata is served. The namespace for this config map is openshift-config.", "webhookTokenAuthenticators": "webhookTokenAuthenticators configures remote token reviewers. These remote authentication webhooks can be used to verify bearer tokens via the tokenreviews.authentication.k8s.io REST API. This is required to honor bearer tokens that are provisioned by an external authentication service. The namespace for these secrets is openshift-config.", - "serviceAccountIssuer": "serviceAccountIssuer is the identifier of the bound service account token issuer. The default is auth.openshift.io.", + "serviceAccountIssuer": "serviceAccountIssuer is the identifier of the bound service account token issuer. The default is https://kubernetes.default.svc", } func (AuthenticationSpec) SwaggerDoc() map[string]string { @@ -677,15 +677,43 @@ func (RegistrySources) SwaggerDoc() map[string]string { return map_RegistrySources } +var map_AWSPlatformSpec = map[string]string{ + "": "AWSPlatformSpec holds the desired state of the Amazon Web Services infrastructure provider. This only includes fields that can be modified in the cluster.", + "serviceEndpoints": "serviceEndpoints list contains custom endpoints which will override default service endpoint of AWS Services. There must be only one ServiceEndpoint for a service.", +} + +func (AWSPlatformSpec) SwaggerDoc() map[string]string { + return map_AWSPlatformSpec +} + var map_AWSPlatformStatus = map[string]string{ - "": "AWSPlatformStatus holds the current status of the Amazon Web Services infrastructure provider.", - "region": "region holds the default AWS region for new AWS resources created by the cluster.", + "": "AWSPlatformStatus holds the current status of the Amazon Web Services infrastructure provider.", + "region": "region holds the default AWS region for new AWS resources created by the cluster.", + "serviceEndpoints": "ServiceEndpoints list contains custom endpoints which will override default service endpoint of AWS Services. There must be only one ServiceEndpoint for a service.", } func (AWSPlatformStatus) SwaggerDoc() map[string]string { return map_AWSPlatformStatus } +var map_AWSServiceEndpoint = map[string]string{ + "": "AWSServiceEndpoint store the configuration of a custom url to override existing defaults of AWS Services.", + "name": "name is the name of the AWS service. The list of all the service names can be found at https://docs.aws.amazon.com/general/latest/gr/aws-service-information.html This must be provided and cannot be empty.", + "url": "url is fully qualified URI with scheme https, that overrides the default generated endpoint for a client. This must be provided and cannot be empty.", +} + +func (AWSServiceEndpoint) SwaggerDoc() map[string]string { + return map_AWSServiceEndpoint +} + +var map_AzurePlatformSpec = map[string]string{ + "": "AzurePlatformSpec holds the desired state of the Azure infrastructure provider. This only includes fields that can be modified in the cluster.", +} + +func (AzurePlatformSpec) SwaggerDoc() map[string]string { + return map_AzurePlatformSpec +} + var map_AzurePlatformStatus = map[string]string{ "": "AzurePlatformStatus holds the current status of the Azure infrastructure provider.", "resourceGroupName": "resourceGroupName is the Resource Group for new Azure resources created for the cluster.", @@ -696,6 +724,14 @@ func (AzurePlatformStatus) SwaggerDoc() map[string]string { return map_AzurePlatformStatus } +var map_BareMetalPlatformSpec = map[string]string{ + "": "BareMetalPlatformSpec holds the desired state of the BareMetal infrastructure provider. This only includes fields that can be modified in the cluster.", +} + +func (BareMetalPlatformSpec) SwaggerDoc() map[string]string { + return map_BareMetalPlatformSpec +} + var map_BareMetalPlatformStatus = map[string]string{ "": "BareMetalPlatformStatus holds the current status of the BareMetal infrastructure provider. For more information about the network architecture used with the BareMetal platform type, see: https://github.com/openshift/installer/blob/master/docs/design/baremetal/networking-infrastructure.md", "apiServerInternalIP": "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers.", @@ -707,6 +743,14 @@ func (BareMetalPlatformStatus) SwaggerDoc() map[string]string { return map_BareMetalPlatformStatus } +var map_GCPPlatformSpec = map[string]string{ + "": "GCPPlatformSpec holds the desired state of the Google Cloud Platform infrastructure provider. This only includes fields that can be modified in the cluster.", +} + +func (GCPPlatformSpec) SwaggerDoc() map[string]string { + return map_GCPPlatformSpec +} + var map_GCPPlatformStatus = map[string]string{ "": "GCPPlatformStatus holds the current status of the Google Cloud Platform infrastructure provider.", "projectID": "resourceGroupName is the Project ID for new GCP resources created for the cluster.", @@ -717,6 +761,14 @@ func (GCPPlatformStatus) SwaggerDoc() map[string]string { return map_GCPPlatformStatus } +var map_IBMCloudPlatformSpec = map[string]string{ + "": "IBMCloudPlatformSpec holds the desired state of the IBMCloud infrastructure provider. This only includes fields that can be modified in the cluster.", +} + +func (IBMCloudPlatformSpec) SwaggerDoc() map[string]string { + return map_IBMCloudPlatformSpec +} + var map_IBMCloudPlatformStatus = map[string]string{ "": "IBMCloudPlatformStatus holds the current status of the IBMCloud infrastructure provider.", "location": "Location is where the cluster has been deployed", @@ -747,8 +799,9 @@ func (InfrastructureList) SwaggerDoc() map[string]string { } var map_InfrastructureSpec = map[string]string{ - "": "InfrastructureSpec contains settings that apply to the cluster infrastructure.", - "cloudConfig": "cloudConfig is a reference to a ConfigMap containing the cloud provider configuration file. This configuration file is used to configure the Kubernetes cloud provider integration when using the built-in cloud provider integration or the external cloud controller manager. The namespace for this config map is openshift-config.", + "": "InfrastructureSpec contains settings that apply to the cluster infrastructure.", + "cloudConfig": "cloudConfig is a reference to a ConfigMap containing the cloud provider configuration file. This configuration file is used to configure the Kubernetes cloud provider integration when using the built-in cloud provider integration or the external cloud controller manager. The namespace for this config map is openshift-config.", + "platformSpec": "platformSpec holds desired information specific to the underlying infrastructure provider.", } func (InfrastructureSpec) SwaggerDoc() map[string]string { @@ -769,6 +822,14 @@ func (InfrastructureStatus) SwaggerDoc() map[string]string { return map_InfrastructureStatus } +var map_OpenStackPlatformSpec = map[string]string{ + "": "OpenStackPlatformSpec holds the desired state of the OpenStack infrastructure provider. This only includes fields that can be modified in the cluster.", +} + +func (OpenStackPlatformSpec) SwaggerDoc() map[string]string { + return map_OpenStackPlatformSpec +} + var map_OpenStackPlatformStatus = map[string]string{ "": "OpenStackPlatformStatus holds the current status of the OpenStack infrastructure provider.", "apiServerInternalIP": "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers.", @@ -781,6 +842,14 @@ func (OpenStackPlatformStatus) SwaggerDoc() map[string]string { return map_OpenStackPlatformStatus } +var map_OvirtPlatformSpec = map[string]string{ + "": "OvirtPlatformSpec holds the desired state of the oVirt infrastructure provider. This only includes fields that can be modified in the cluster.", +} + +func (OvirtPlatformSpec) SwaggerDoc() map[string]string { + return map_OvirtPlatformSpec +} + var map_OvirtPlatformStatus = map[string]string{ "": "OvirtPlatformStatus holds the current status of the oVirt infrastructure provider.", "apiServerInternalIP": "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers.", @@ -792,9 +861,26 @@ func (OvirtPlatformStatus) SwaggerDoc() map[string]string { return map_OvirtPlatformStatus } +var map_PlatformSpec = map[string]string{ + "": "PlatformSpec holds the desired state specific to the underlying infrastructure provider of the current cluster. Since these are used at spec-level for the underlying cluster, it is supposed that only one of the spec structs is set.", + "type": "type is the underlying infrastructure provider for the cluster. This value controls whether infrastructure automation such as service load balancers, dynamic volume provisioning, machine creation and deletion, and other integrations are enabled. If None, no infrastructure automation is enabled. Allowed values are \"AWS\", \"Azure\", \"BareMetal\", \"GCP\", \"Libvirt\", \"OpenStack\", \"VSphere\", \"oVirt\", and \"None\". Individual components may not support all platforms, and must handle unrecognized platforms as None if they do not support that platform.", + "aws": "AWS contains settings specific to the Amazon Web Services infrastructure provider.", + "azure": "Azure contains settings specific to the Azure infrastructure provider.", + "gcp": "GCP contains settings specific to the Google Cloud Platform infrastructure provider.", + "baremetal": "BareMetal contains settings specific to the BareMetal platform.", + "openstack": "OpenStack contains settings specific to the OpenStack infrastructure provider.", + "ovirt": "Ovirt contains settings specific to the oVirt infrastructure provider.", + "vsphere": "VSphere contains settings specific to the VSphere infrastructure provider.", + "ibmcloud": "IBMCloud contains settings specific to the IBMCloud infrastructure provider.", +} + +func (PlatformSpec) SwaggerDoc() map[string]string { + return map_PlatformSpec +} + var map_PlatformStatus = map[string]string{ "": "PlatformStatus holds the current status specific to the underlying infrastructure provider of the current cluster. Since these are used at status-level for the underlying cluster, it is supposed that only one of the status structs is set.", - "type": "type is the underlying infrastructure provider for the cluster. This value controls whether infrastructure automation such as service load balancers, dynamic volume provisioning, machine creation and deletion, and other integrations are enabled. If None, no infrastructure automation is enabled. Allowed values are \"AWS\", \"Azure\", \"BareMetal\", \"GCP\", \"Libvirt\", \"OpenStack\", \"VSphere\", \"oVirt\", and \"None\". Individual components may not support all platforms, and must handle unrecognized platforms as None if they do not support that platform.", + "type": "type is the underlying infrastructure provider for the cluster. This value controls whether infrastructure automation such as service load balancers, dynamic volume provisioning, machine creation and deletion, and other integrations are enabled. If None, no infrastructure automation is enabled. Allowed values are \"AWS\", \"Azure\", \"BareMetal\", \"GCP\", \"Libvirt\", \"OpenStack\", \"VSphere\", \"oVirt\", and \"None\". Individual components may not support all platforms, and must handle unrecognized platforms as None if they do not support that platform.\n\nThis value will be synced with to the `status.platform` and `status.platformStatus.type`. Currently this value cannot be changed once set.", "aws": "AWS contains settings specific to the Amazon Web Services infrastructure provider.", "azure": "Azure contains settings specific to the Azure infrastructure provider.", "gcp": "GCP contains settings specific to the Google Cloud Platform infrastructure provider.", @@ -802,12 +888,21 @@ var map_PlatformStatus = map[string]string{ "openstack": "OpenStack contains settings specific to the OpenStack infrastructure provider.", "ovirt": "Ovirt contains settings specific to the oVirt infrastructure provider.", "vsphere": "VSphere contains settings specific to the VSphere infrastructure provider.", + "ibmcloud": "IBMCloud contains settings specific to the IBMCloud infrastructure provider.", } func (PlatformStatus) SwaggerDoc() map[string]string { return map_PlatformStatus } +var map_VSpherePlatformSpec = map[string]string{ + "": "VSpherePlatformSpec holds the desired state of the vSphere infrastructure provider. This only includes fields that can be modified in the cluster.", +} + +func (VSpherePlatformSpec) SwaggerDoc() map[string]string { + return map_VSpherePlatformSpec +} + var map_VSpherePlatformStatus = map[string]string{ "": "VSpherePlatformStatus holds the current status of the vSphere infrastructure provider.", "apiServerInternalIP": "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers.", diff --git a/vendor/github.com/openshift/api/operator/v1/0000_50_cluster-svcat-apiserver-operator_02_config.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_10_config-operator_01_config.crd.yaml similarity index 93% rename from vendor/github.com/openshift/api/operator/v1/0000_50_cluster-svcat-apiserver-operator_02_config.crd.yaml rename to vendor/github.com/openshift/api/operator/v1/0000_10_config-operator_01_config.crd.yaml index 98322e98402..8ce9fe994e9 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_50_cluster-svcat-apiserver-operator_02_config.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_10_config-operator_01_config.crd.yaml @@ -1,24 +1,23 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: - name: servicecatalogapiservers.operator.openshift.io + name: configs.operator.openshift.io spec: scope: Cluster preserveUnknownFields: false group: operator.openshift.io version: v1 names: - kind: ServiceCatalogAPIServer - plural: servicecatalogapiservers - singular: servicecatalogapiserver + kind: Config + plural: configs + singular: config categories: - coreoperators subresources: status: {} validation: openAPIV3Schema: - description: ServiceCatalogAPIServer provides information to configure an operator - to manage Service Catalog API Server + description: Config provides information to configure the config operator. type: object required: - spec @@ -36,6 +35,8 @@ spec: metadata: type: object spec: + description: spec is the specification of the desired behavior of the Config + Operator. type: object properties: logLevel: @@ -71,6 +72,7 @@ spec: nullable: true x-kubernetes-preserve-unknown-fields: true status: + description: status defines the observed status of the Config Operator. type: object properties: conditions: diff --git a/vendor/github.com/openshift/api/operator/v1/0000_50_cluster-authentication-operator_01_config.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_50_cluster-authentication-operator_01_config.crd.yaml index b983e32adcd..87f910ff393 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_50_cluster-authentication-operator_01_config.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_50_cluster-authentication-operator_01_config.crd.yaml @@ -127,6 +127,17 @@ spec: releases, once https://github.com/openshift/enhancements/blob/master/enhancements/authentication/separate-oauth-resources.md is fully implemented type: boolean + oauthAPIServer: + description: OAuthAPIServer holds status specific only to oauth-apiserver + type: object + properties: + latestAvailableRevision: + description: LatestAvailableRevision is the latest revision used + as suffix of revisioned secrets like encryption-config. A new + revision causes a new deployment of pods. + type: integer + format: int32 + minimum: 0 observedGeneration: description: observedGeneration is the last generation change you've dealt with diff --git a/vendor/github.com/openshift/api/operator/v1/0000_50_cluster-svcat-controller-manager-operator_02_config.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_50_cluster-svcat-controller-manager-operator_02_config.crd.yaml deleted file mode 100644 index 53453298e32..00000000000 --- a/vendor/github.com/openshift/api/operator/v1/0000_50_cluster-svcat-controller-manager-operator_02_config.crd.yaml +++ /dev/null @@ -1,137 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: servicecatalogcontrollermanagers.operator.openshift.io -spec: - scope: Cluster - preserveUnknownFields: false - group: operator.openshift.io - version: v1 - names: - kind: ServiceCatalogControllerManager - plural: servicecatalogcontrollermanagers - singular: servicecatalogcontrollermanager - categories: - - coreoperators - subresources: - status: {} - validation: - openAPIV3Schema: - description: ServiceCatalogControllerManager provides information to configure - an operator to manage Service Catalog Controller Manager - type: object - required: - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - type: object - properties: - logLevel: - description: logLevel is an intent based logging for an overall component. It - does not give fine grained control, but it is a simple way to manage - coarse grained logging choices that operators have to interpret for - their operands. - type: string - managementState: - description: managementState indicates whether and how the operator - should manage the component - type: string - pattern: ^(Managed|Unmanaged|Force|Removed)$ - observedConfig: - description: observedConfig holds a sparse config that controller has - observed from the cluster state. It exists in spec because it is - an input to the level for the operator - type: object - nullable: true - x-kubernetes-preserve-unknown-fields: true - operatorLogLevel: - description: operatorLogLevel is an intent based logging for the operator - itself. It does not give fine grained control, but it is a simple - way to manage coarse grained logging choices that operators have to - interpret for themselves. - type: string - unsupportedConfigOverrides: - description: 'unsupportedConfigOverrides holds a sparse config that - will override any previously set options. It only needs to be the - fields to override it will end up overlaying in the following order: - 1. hardcoded defaults 2. observedConfig 3. unsupportedConfigOverrides' - type: object - nullable: true - x-kubernetes-preserve-unknown-fields: true - status: - type: object - properties: - conditions: - description: conditions is a list of conditions and their status - type: array - items: - description: OperatorCondition is just the standard condition fields. - type: object - properties: - lastTransitionTime: - type: string - format: date-time - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - generations: - description: generations are used to determine when an item needs to - be reconciled or has changed in a way that needs a reaction. - type: array - items: - description: GenerationStatus keeps track of the generation for a - given resource so that decisions about forced updates can be made. - type: object - properties: - group: - description: group is the group of the thing you're tracking - type: string - hash: - description: hash is an optional field set for resources without - generation that are content sensitive like secrets and configmaps - type: string - lastGeneration: - description: lastGeneration is the last generation of the workload - controller involved - type: integer - format: int64 - name: - description: name is the name of the thing you're tracking - type: string - namespace: - description: namespace is where the thing you're tracking is - type: string - resource: - description: resource is the resource type of the thing you're - tracking - type: string - observedGeneration: - description: observedGeneration is the last generation change you've - dealt with - type: integer - format: int64 - readyReplicas: - description: readyReplicas indicates how many replicas are ready and - at the desired state - type: integer - format: int32 - version: - description: version is the level this availability applies to - type: string diff --git a/vendor/github.com/openshift/api/operator/v1/0000_50_ingress-operator_00-custom-resource-definition.yaml b/vendor/github.com/openshift/api/operator/v1/0000_50_ingress-operator_00-custom-resource-definition.yaml index 64d2621deee..2d17132bebf 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_50_ingress-operator_00-custom-resource-definition.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_50_ingress-operator_00-custom-resource-definition.yaml @@ -106,6 +106,9 @@ spec: description: scope indicates the scope at which the load balancer is exposed. Possible values are "External" and "Internal". type: string + enum: + - Internal + - External nodePort: description: nodePort holds parameters for the NodePortService endpoint publishing strategy. Present only if type is NodePortService. @@ -143,6 +146,11 @@ spec: changes to the node port field of the managed NodePort Service will preserved." type: string + enum: + - LoadBalancerService + - HostNetwork + - Private + - NodePortService namespaceSelector: description: "namespaceSelector is used to filter the set of namespaces serviced by the ingress controller. This is useful for implementing @@ -303,6 +311,24 @@ spec: different paths of the same host name across namespaces. \n If empty, the default is Strict." type: string + enum: + - InterNamespaceAllowed + - Strict + wildcardPolicy: + description: "wildcardPolicy describes how routes with wildcard + policies should be handled for the ingress controller. WildcardPolicy + controls use of routes [1] exposed by the ingress controller based + on the route's wildcard policy. \n [1] https://github.com/openshift/api/blob/master/route/v1/types.go + \n Note: Updating WildcardPolicy from WildcardsAllowed to WildcardsDisallowed + will cause admitted routes with a wildcard policy of Subdomain + to stop working. These routes must be updated to a wildcard policy + of None to be readmitted by the ingress controller. \n WildcardPolicy + supports WildcardsAllowed and WildcardsDisallowed values. \n If + empty, defaults to \"WildcardsDisallowed\"." + type: string + enum: + - WildcardsAllowed + - WildcardsDisallowed routeSelector: description: "routeSelector is used to filter the set of Routes serviced by the ingress controller. This is useful for implementing shards. @@ -386,6 +412,11 @@ spec: \n minTLSVersion: TLSv1.1 \n NOTE: currently the highest minTLSVersion allowed is VersionTLS12" type: string + enum: + - VersionTLS10 + - VersionTLS11 + - VersionTLS12 + - VersionTLS13 nullable: true intermediate: description: "intermediate is a TLS security profile based on: \n @@ -436,6 +467,11 @@ spec: profile is currently not supported because it is not yet well adopted by common software libraries." type: string + enum: + - Old + - Intermediate + - Modern + - Custom status: description: status is the most recently observed status of the IngressController. type: object @@ -504,6 +540,9 @@ spec: description: scope indicates the scope at which the load balancer is exposed. Possible values are "External" and "Internal". type: string + enum: + - Internal + - External nodePort: description: nodePort holds parameters for the NodePortService endpoint publishing strategy. Present only if type is NodePortService. @@ -541,6 +580,11 @@ spec: changes to the node port field of the managed NodePort Service will preserved." type: string + enum: + - LoadBalancerService + - HostNetwork + - Private + - NodePortService observedGeneration: description: observedGeneration is the most recent generation observed. type: integer @@ -570,6 +614,11 @@ spec: TLSv1.1 \n NOTE: currently the highest minTLSVersion allowed is VersionTLS12" type: string + enum: + - VersionTLS10 + - VersionTLS11 + - VersionTLS12 + - VersionTLS13 version: v1 versions: - name: v1 diff --git a/vendor/github.com/openshift/api/operator/v1/0000_70_console-operator.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_70_console-operator.crd.yaml index e227469c974..5cabd510747 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_70_console-operator.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_70_console-operator.crd.yaml @@ -123,6 +123,39 @@ spec: description: pageID is the unique ID assigned by Statuspage for your page. This must be a public page. type: string + route: + description: route contains hostname and secret reference that contains + the serving certificate. If a custom route is specified, a new route + will be created with the provided hostname, under which console will + be available. In case of custom hostname uses the default routing + suffix of the cluster, the Secret specification for a serving certificate + will not be needed. In case of custom hostname points to an arbitrary + domain, manual DNS configurations steps are necessary. The default + console route will be maintained to reserve the default hostname for + console if the custom route is removed. If not specified, default + route will be used. + type: object + properties: + hostname: + description: hostname is the desired custom domain under which console + will be available. + type: string + secret: + description: 'secret points to secret in the openshift-config namespace + that contains custom certificate and key and needs to be created + manually by the cluster admin. Referenced Secret is required to + contain following key value pairs: - "tls.crt" - to specifies + custom certificate - "tls.key" - to specifies private key of the + custom certificate If the custom hostname uses the default routing + suffix of the cluster, the Secret specification for a serving + certificate will not be needed.' + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced secret + type: string unsupportedConfigOverrides: description: 'unsupportedConfigOverrides holds a sparse config that will override any previously set options. It only needs to be the diff --git a/vendor/github.com/openshift/api/operator/v1/types_authentication.go b/vendor/github.com/openshift/api/operator/v1/types_authentication.go index 403028dfd07..cf60fb96398 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_authentication.go +++ b/vendor/github.com/openshift/api/operator/v1/types_authentication.go @@ -29,7 +29,20 @@ type AuthenticationStatus struct { // Note that this field will be removed in the future releases, once https://github.com/openshift/enhancements/blob/master/enhancements/authentication/separate-oauth-resources.md is fully implemented // +optional ManagingOAuthAPIServer bool `json:"managingOAuthAPIServer,omitempty"` - OperatorStatus `json:",inline"` + + // OAuthAPIServer holds status specific only to oauth-apiserver + // +optional + OAuthAPIServer OAuthAPIServerStatus `json:"oauthAPIServer,omitempty"` + + OperatorStatus `json:",inline"` +} + +type OAuthAPIServerStatus struct { + // LatestAvailableRevision is the latest revision used as suffix of revisioned + // secrets like encryption-config. A new revision causes a new deployment of pods. + // +optional + // +kubebuilder:validation:Minimum=0 + LatestAvailableRevision int32 `json:"latestAvailableRevision,omitempty"` } // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object diff --git a/vendor/github.com/openshift/api/operator/v1/types_config.go b/vendor/github.com/openshift/api/operator/v1/types_config.go new file mode 100644 index 00000000000..267f3682e8d --- /dev/null +++ b/vendor/github.com/openshift/api/operator/v1/types_config.go @@ -0,0 +1,43 @@ +package v1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// +genclient +// +genclient:nonNamespaced +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// Config provides information to configure the config operator. +type Config struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata"` + + // spec is the specification of the desired behavior of the Config Operator. + // +kubebuilder:validation:Required + // +required + Spec ConfigSpec `json:"spec"` + + // status defines the observed status of the Config Operator. + // +optional + Status ConfigStatus `json:"status"` +} + +type ConfigSpec struct { + OperatorSpec `json:",inline"` +} + +type ConfigStatus struct { + OperatorStatus `json:",inline"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// ConfigList is a collection of items +type ConfigList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata"` + + // Items contains the items + Items []Config `json:"items"` +} diff --git a/vendor/github.com/openshift/api/operator/v1/types_console.go b/vendor/github.com/openshift/api/operator/v1/types_console.go index f766df48f0b..1ef92853575 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_console.go +++ b/vendor/github.com/openshift/api/operator/v1/types_console.go @@ -31,6 +31,32 @@ type ConsoleSpec struct { Customization ConsoleCustomization `json:"customization"` // providers contains configuration for using specific service providers. Providers ConsoleProviders `json:"providers"` + // route contains hostname and secret reference that contains the serving certificate. + // If a custom route is specified, a new route will be created with the + // provided hostname, under which console will be available. + // In case of custom hostname uses the default routing suffix of the cluster, + // the Secret specification for a serving certificate will not be needed. + // In case of custom hostname points to an arbitrary domain, manual DNS configurations steps are necessary. + // The default console route will be maintained to reserve the default hostname + // for console if the custom route is removed. + // If not specified, default route will be used. + // +optional + Route ConsoleConfigRoute `json:"route"` +} + +// ConsoleConfigRoute holds information on external route access to console. +type ConsoleConfigRoute struct { + // hostname is the desired custom domain under which console will be available. + Hostname string `json:"hostname"` + // secret points to secret in the openshift-config namespace that contains custom + // certificate and key and needs to be created manually by the cluster admin. + // Referenced Secret is required to contain following key value pairs: + // - "tls.crt" - to specifies custom certificate + // - "tls.key" - to specifies private key of the custom certificate + // If the custom hostname uses the default routing suffix of the cluster, + // the Secret specification for a serving certificate will not be needed. + // +optional + Secret configv1.SecretNameReference `json:"secret"` } // ConsoleStatus defines the observed status of the Console. diff --git a/vendor/github.com/openshift/api/operator/v1/types_ingress.go b/vendor/github.com/openshift/api/operator/v1/types_ingress.go index 51bac135008..9ebe913df79 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_ingress.go +++ b/vendor/github.com/openshift/api/operator/v1/types_ingress.go @@ -185,6 +185,7 @@ type NodePlacement struct { } // EndpointPublishingStrategyType is a way to publish ingress controller endpoints. +// +kubebuilder:validation:Enum=LoadBalancerService;HostNetwork;Private;NodePortService type EndpointPublishingStrategyType string const ( @@ -204,6 +205,7 @@ const ( ) // LoadBalancerScope is the scope at which a load balancer is exposed. +// +kubebuilder:validation:Enum=Internal;External type LoadBalancerScope string var ( @@ -333,10 +335,43 @@ type RouteAdmissionPolicy struct { // If empty, the default is Strict. // +optional NamespaceOwnership NamespaceOwnershipCheck `json:"namespaceOwnership,omitempty"` + // wildcardPolicy describes how routes with wildcard policies should + // be handled for the ingress controller. WildcardPolicy controls use + // of routes [1] exposed by the ingress controller based on the route's + // wildcard policy. + // + // [1] https://github.com/openshift/api/blob/master/route/v1/types.go + // + // Note: Updating WildcardPolicy from WildcardsAllowed to WildcardsDisallowed + // will cause admitted routes with a wildcard policy of Subdomain to stop + // working. These routes must be updated to a wildcard policy of None to be + // readmitted by the ingress controller. + // + // WildcardPolicy supports WildcardsAllowed and WildcardsDisallowed values. + // + // If empty, defaults to "WildcardsDisallowed". + // + WildcardPolicy WildcardPolicy `json:"wildcardPolicy,omitempty"` } +// WildcardPolicy is a route admission policy component that describes how +// routes with a wildcard policy should be handled. +// +kubebuilder:validation:Enum=WildcardsAllowed;WildcardsDisallowed +type WildcardPolicy string + +const ( + // WildcardPolicyAllowed indicates routes with any wildcard policy are + // admitted by the ingress controller. + WildcardPolicyAllowed WildcardPolicy = "WildcardsAllowed" + + // WildcardPolicyDisallowed indicates only routes with a wildcard policy + // of None are admitted by the ingress controller. + WildcardPolicyDisallowed WildcardPolicy = "WildcardsDisallowed" +) + // NamespaceOwnershipCheck is a route admission policy component that describes // how host name claims across namespaces should be handled. +// +kubebuilder:validation:Enum=InterNamespaceAllowed;Strict type NamespaceOwnershipCheck string const ( diff --git a/vendor/github.com/openshift/api/operator/v1/types_servicecatalogapiserver.go b/vendor/github.com/openshift/api/operator/v1/types_servicecatalogapiserver.go index 7c1a857bb61..4dc98f4a4d0 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_servicecatalogapiserver.go +++ b/vendor/github.com/openshift/api/operator/v1/types_servicecatalogapiserver.go @@ -9,6 +9,7 @@ import ( // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // ServiceCatalogAPIServer provides information to configure an operator to manage Service Catalog API Server +// DEPRECATED: will be removed in 4.6 type ServiceCatalogAPIServer struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` @@ -31,6 +32,7 @@ type ServiceCatalogAPIServerStatus struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // ServiceCatalogAPIServerList is a collection of items +// DEPRECATED: will be removed in 4.6 type ServiceCatalogAPIServerList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata"` diff --git a/vendor/github.com/openshift/api/operator/v1/types_servicecatalogcontrollermanager.go b/vendor/github.com/openshift/api/operator/v1/types_servicecatalogcontrollermanager.go index ac3bf5898c8..f4cc3f6957f 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_servicecatalogcontrollermanager.go +++ b/vendor/github.com/openshift/api/operator/v1/types_servicecatalogcontrollermanager.go @@ -9,6 +9,7 @@ import ( // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // ServiceCatalogControllerManager provides information to configure an operator to manage Service Catalog Controller Manager +// DEPRECATED: will be removed in 4.6 type ServiceCatalogControllerManager struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata"` @@ -31,6 +32,7 @@ type ServiceCatalogControllerManagerStatus struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // ServiceCatalogControllerManagerList is a collection of items +// DEPRECATED: will be removed in 4.6 type ServiceCatalogControllerManagerList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata"` diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go index 158308a3e3a..12db4239e3b 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go @@ -113,6 +113,7 @@ func (in *AuthenticationSpec) DeepCopy() *AuthenticationSpec { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *AuthenticationStatus) DeepCopyInto(out *AuthenticationStatus) { *out = *in + out.OAuthAPIServer = in.OAuthAPIServer in.OperatorStatus.DeepCopyInto(&out.OperatorStatus) return } @@ -238,6 +239,101 @@ func (in *ClusterNetworkEntry) DeepCopy() *ClusterNetworkEntry { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Config) DeepCopyInto(out *Config) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Config. +func (in *Config) DeepCopy() *Config { + if in == nil { + return nil + } + out := new(Config) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *Config) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ConfigList) DeepCopyInto(out *ConfigList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]Config, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConfigList. +func (in *ConfigList) DeepCopy() *ConfigList { + if in == nil { + return nil + } + out := new(ConfigList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ConfigList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ConfigSpec) DeepCopyInto(out *ConfigSpec) { + *out = *in + in.OperatorSpec.DeepCopyInto(&out.OperatorSpec) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConfigSpec. +func (in *ConfigSpec) DeepCopy() *ConfigSpec { + if in == nil { + return nil + } + out := new(ConfigSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ConfigStatus) DeepCopyInto(out *ConfigStatus) { + *out = *in + in.OperatorStatus.DeepCopyInto(&out.OperatorStatus) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConfigStatus. +func (in *ConfigStatus) DeepCopy() *ConfigStatus { + if in == nil { + return nil + } + out := new(ConfigStatus) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Console) DeepCopyInto(out *Console) { *out = *in @@ -266,6 +362,23 @@ func (in *Console) DeepCopyObject() runtime.Object { return nil } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ConsoleConfigRoute) DeepCopyInto(out *ConsoleConfigRoute) { + *out = *in + out.Secret = in.Secret + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConsoleConfigRoute. +func (in *ConsoleConfigRoute) DeepCopy() *ConsoleConfigRoute { + if in == nil { + return nil + } + out := new(ConsoleConfigRoute) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ConsoleCustomization) DeepCopyInto(out *ConsoleCustomization) { *out = *in @@ -343,6 +456,7 @@ func (in *ConsoleSpec) DeepCopyInto(out *ConsoleSpec) { in.OperatorSpec.DeepCopyInto(&out.OperatorSpec) out.Customization = in.Customization in.Providers.DeepCopyInto(&out.Providers) + out.Route = in.Route return } @@ -1559,6 +1673,22 @@ func (in *NodeStatus) DeepCopy() *NodeStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OAuthAPIServerStatus) DeepCopyInto(out *OAuthAPIServerStatus) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OAuthAPIServerStatus. +func (in *OAuthAPIServerStatus) DeepCopy() *OAuthAPIServerStatus { + if in == nil { + return nil + } + out := new(OAuthAPIServerStatus) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *OVNKubernetesConfig) DeepCopyInto(out *OVNKubernetesConfig) { *out = *in diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go index d20358c23be..21ffc10c892 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go @@ -119,12 +119,40 @@ func (AuthenticationList) SwaggerDoc() map[string]string { var map_AuthenticationStatus = map[string]string{ "managingOAuthAPIServer": "ManagingOAuthAPIServer indicates whether this operator is managing OAuth related APIs. Setting this field to true will cause OAS-O to step down. Note that this field will be removed in the future releases, once https://github.com/openshift/enhancements/blob/master/enhancements/authentication/separate-oauth-resources.md is fully implemented", + "oauthAPIServer": "OAuthAPIServer holds status specific only to oauth-apiserver", } func (AuthenticationStatus) SwaggerDoc() map[string]string { return map_AuthenticationStatus } +var map_OAuthAPIServerStatus = map[string]string{ + "latestAvailableRevision": "LatestAvailableRevision is the latest revision used as suffix of revisioned secrets like encryption-config. A new revision causes a new deployment of pods.", +} + +func (OAuthAPIServerStatus) SwaggerDoc() map[string]string { + return map_OAuthAPIServerStatus +} + +var map_Config = map[string]string{ + "": "Config provides information to configure the config operator.", + "spec": "spec is the specification of the desired behavior of the Config Operator.", + "status": "status defines the observed status of the Config Operator.", +} + +func (Config) SwaggerDoc() map[string]string { + return map_Config +} + +var map_ConfigList = map[string]string{ + "": "ConfigList is a collection of items", + "items": "Items contains the items", +} + +func (ConfigList) SwaggerDoc() map[string]string { + return map_ConfigList +} + var map_Console = map[string]string{ "": "Console provides a means to configure an operator to manage the console.", } @@ -133,6 +161,16 @@ func (Console) SwaggerDoc() map[string]string { return map_Console } +var map_ConsoleConfigRoute = map[string]string{ + "": "ConsoleConfigRoute holds information on external route access to console.", + "hostname": "hostname is the desired custom domain under which console will be available.", + "secret": "secret points to secret in the openshift-config namespace that contains custom certificate and key and needs to be created manually by the cluster admin. Referenced Secret is required to contain following key value pairs: - \"tls.crt\" - to specifies custom certificate - \"tls.key\" - to specifies private key of the custom certificate If the custom hostname uses the default routing suffix of the cluster, the Secret specification for a serving certificate will not be needed.", +} + +func (ConsoleConfigRoute) SwaggerDoc() map[string]string { + return map_ConsoleConfigRoute +} + var map_ConsoleCustomization = map[string]string{ "": "ConsoleCustomization defines a list of optional configuration for the console UI.", "brand": "brand is the default branding of the web console which can be overridden by providing the brand field. There is a limited set of specific brand options. This field controls elements of the console such as the logo. Invalid value will prevent a console rollout.", @@ -158,6 +196,7 @@ var map_ConsoleSpec = map[string]string{ "": "ConsoleSpec is the specification of the desired behavior of the Console.", "customization": "customization is used to optionally provide a small set of customization options to the web console.", "providers": "providers contains configuration for using specific service providers.", + "route": "route contains hostname and secret reference that contains the serving certificate. If a custom route is specified, a new route will be created with the provided hostname, under which console will be available. In case of custom hostname uses the default routing suffix of the cluster, the Secret specification for a serving certificate will not be needed. In case of custom hostname points to an arbitrary domain, manual DNS configurations steps are necessary. The default console route will be maintained to reserve the default hostname for console if the custom route is removed. If not specified, default route will be used.", } func (ConsoleSpec) SwaggerDoc() map[string]string { @@ -399,6 +438,7 @@ func (PrivateStrategy) SwaggerDoc() map[string]string { var map_RouteAdmissionPolicy = map[string]string{ "": "RouteAdmissionPolicy is an admission policy for allowing new route claims.", "namespaceOwnership": "namespaceOwnership describes how host name claims across namespaces should be handled.\n\nValue must be one of:\n\n- Strict: Do not allow routes in different namespaces to claim the same host.\n\n- InterNamespaceAllowed: Allow routes to claim different paths of the same\n host name across namespaces.\n\nIf empty, the default is Strict.", + "wildcardPolicy": "wildcardPolicy describes how routes with wildcard policies should be handled for the ingress controller. WildcardPolicy controls use of routes [1] exposed by the ingress controller based on the route's wildcard policy.\n\n[1] https://github.com/openshift/api/blob/master/route/v1/types.go\n\nNote: Updating WildcardPolicy from WildcardsAllowed to WildcardsDisallowed will cause admitted routes with a wildcard policy of Subdomain to stop working. These routes must be updated to a wildcard policy of None to be readmitted by the ingress controller.\n\nWildcardPolicy supports WildcardsAllowed and WildcardsDisallowed values.\n\nIf empty, defaults to \"WildcardsDisallowed\".", } func (RouteAdmissionPolicy) SwaggerDoc() map[string]string { @@ -738,7 +778,7 @@ func (ServiceCAList) SwaggerDoc() map[string]string { } var map_ServiceCatalogAPIServer = map[string]string{ - "": "ServiceCatalogAPIServer provides information to configure an operator to manage Service Catalog API Server", + "": "ServiceCatalogAPIServer provides information to configure an operator to manage Service Catalog API Server DEPRECATED: will be removed in 4.6", } func (ServiceCatalogAPIServer) SwaggerDoc() map[string]string { @@ -746,7 +786,7 @@ func (ServiceCatalogAPIServer) SwaggerDoc() map[string]string { } var map_ServiceCatalogAPIServerList = map[string]string{ - "": "ServiceCatalogAPIServerList is a collection of items", + "": "ServiceCatalogAPIServerList is a collection of items DEPRECATED: will be removed in 4.6", "items": "Items contains the items", } @@ -755,7 +795,7 @@ func (ServiceCatalogAPIServerList) SwaggerDoc() map[string]string { } var map_ServiceCatalogControllerManager = map[string]string{ - "": "ServiceCatalogControllerManager provides information to configure an operator to manage Service Catalog Controller Manager", + "": "ServiceCatalogControllerManager provides information to configure an operator to manage Service Catalog Controller Manager DEPRECATED: will be removed in 4.6", } func (ServiceCatalogControllerManager) SwaggerDoc() map[string]string { @@ -763,7 +803,7 @@ func (ServiceCatalogControllerManager) SwaggerDoc() map[string]string { } var map_ServiceCatalogControllerManagerList = map[string]string{ - "": "ServiceCatalogControllerManagerList is a collection of items", + "": "ServiceCatalogControllerManagerList is a collection of items DEPRECATED: will be removed in 4.6", "items": "Items contains the items", } diff --git a/vendor/github.com/openshift/api/route/v1/generated.pb.go b/vendor/github.com/openshift/api/route/v1/generated.pb.go index 38543a90fdc..977fa2618d5 100644 --- a/vendor/github.com/openshift/api/route/v1/generated.pb.go +++ b/vendor/github.com/openshift/api/route/v1/generated.pb.go @@ -28,7 +28,7 @@ var _ = math.Inf // is compatible with the proto package it is being compiled against. // A compilation error at this line likely means your copy of the // proto package needs to be updated. -const _ = proto.GoGoProtoPackageIsVersion2 // please upgrade the proto package +const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package func (m *Route) Reset() { *m = Route{} } func (*Route) ProtoMessage() {} @@ -2956,6 +2956,7 @@ func (m *TLSConfig) Unmarshal(dAtA []byte) error { func skipGenerated(dAtA []byte) (n int, err error) { l := len(dAtA) iNdEx := 0 + depth := 0 for iNdEx < l { var wire uint64 for shift := uint(0); ; shift += 7 { @@ -2987,10 +2988,8 @@ func skipGenerated(dAtA []byte) (n int, err error) { break } } - return iNdEx, nil case 1: iNdEx += 8 - return iNdEx, nil case 2: var length int for shift := uint(0); ; shift += 7 { @@ -3011,55 +3010,30 @@ func skipGenerated(dAtA []byte) (n int, err error) { return 0, ErrInvalidLengthGenerated } iNdEx += length - if iNdEx < 0 { - return 0, ErrInvalidLengthGenerated - } - return iNdEx, nil case 3: - for { - var innerWire uint64 - var start int = iNdEx - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return 0, ErrIntOverflowGenerated - } - if iNdEx >= l { - return 0, io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - innerWire |= (uint64(b) & 0x7F) << shift - if b < 0x80 { - break - } - } - innerWireType := int(innerWire & 0x7) - if innerWireType == 4 { - break - } - next, err := skipGenerated(dAtA[start:]) - if err != nil { - return 0, err - } - iNdEx = start + next - if iNdEx < 0 { - return 0, ErrInvalidLengthGenerated - } - } - return iNdEx, nil + depth++ case 4: - return iNdEx, nil + if depth == 0 { + return 0, ErrUnexpectedEndOfGroupGenerated + } + depth-- case 5: iNdEx += 4 - return iNdEx, nil default: return 0, fmt.Errorf("proto: illegal wireType %d", wireType) } + if iNdEx < 0 { + return 0, ErrInvalidLengthGenerated + } + if depth == 0 { + return iNdEx, nil + } } - panic("unreachable") + return 0, io.ErrUnexpectedEOF } var ( - ErrInvalidLengthGenerated = fmt.Errorf("proto: negative length found during unmarshaling") - ErrIntOverflowGenerated = fmt.Errorf("proto: integer overflow") + ErrInvalidLengthGenerated = fmt.Errorf("proto: negative length found during unmarshaling") + ErrIntOverflowGenerated = fmt.Errorf("proto: integer overflow") + ErrUnexpectedEndOfGroupGenerated = fmt.Errorf("proto: unexpected end of group") ) diff --git a/vendor/github.com/openshift/api/route/v1/types.go b/vendor/github.com/openshift/api/route/v1/types.go index 9c59fd413e1..6c9d80b98a5 100644 --- a/vendor/github.com/openshift/api/route/v1/types.go +++ b/vendor/github.com/openshift/api/route/v1/types.go @@ -34,7 +34,7 @@ type Route struct { Spec RouteSpec `json:"spec" protobuf:"bytes,2,opt,name=spec"` // status is the current state of the route // +optional - Status RouteStatus `json:"status" protobuf:"bytes,3,opt,name=status"` + Status RouteStatus `json:"status,omitempty" protobuf:"bytes,3,opt,name=status"` } // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object @@ -69,7 +69,7 @@ type RouteSpec struct { // chosen. // Must follow DNS952 subdomain conventions. // +optional - Host string `json:"host" protobuf:"bytes,1,opt,name=host"` + Host string `json:"host,omitempty" protobuf:"bytes,1,opt,name=host"` // subdomain is a DNS subdomain that is requested within the ingress controller's // domain (as a subdomain). If host is set this field is ignored. An ingress // controller may choose to ignore this suggested name, in which case the controller @@ -141,7 +141,7 @@ type RouteStatus struct { // ingress describes the places where the route may be exposed. The list of // ingress points may contain duplicate Host or RouterName values. Routes // are considered live once they are `Ready` - Ingress []RouteIngress `json:"ingress" protobuf:"bytes,1,rep,name=ingress"` + Ingress []RouteIngress `json:"ingress,omitempty" protobuf:"bytes,1,rep,name=ingress"` } // RouteIngress holds information about the places where a route is exposed. diff --git a/vendor/modules.txt b/vendor/modules.txt index a30a49fa465..a2603ac8635 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -1003,7 +1003,7 @@ github.com/opencontainers/image-spec/specs-go github.com/opencontainers/image-spec/specs-go/v1 # github.com/openshift-metal3/terraform-provider-ironic v0.2.0 github.com/openshift-metal3/terraform-provider-ironic/ironic -# github.com/openshift/api v3.9.1-0.20191111211345-a27ff30ebf09+incompatible => github.com/openshift/api v0.0.0-20200210091934-a0e53e94816b +# github.com/openshift/api v3.9.1-0.20191111211345-a27ff30ebf09+incompatible => github.com/openshift/api v0.0.0-20200413201024-c6e8c9b6eb9a github.com/openshift/api/config/v1 github.com/openshift/api/operator/v1 github.com/openshift/api/operator/v1alpha1 @@ -1640,7 +1640,7 @@ honnef.co/go/tools/staticcheck/vrp honnef.co/go/tools/stylecheck honnef.co/go/tools/unused honnef.co/go/tools/version -# k8s.io/api v0.17.2 => k8s.io/api v0.17.1 +# k8s.io/api v0.18.0 => k8s.io/api v0.17.1 k8s.io/api/admissionregistration/v1 k8s.io/api/admissionregistration/v1beta1 k8s.io/api/apps/v1 @@ -1681,7 +1681,7 @@ k8s.io/api/settings/v1alpha1 k8s.io/api/storage/v1 k8s.io/api/storage/v1alpha1 k8s.io/api/storage/v1beta1 -# k8s.io/apimachinery v0.17.3 => k8s.io/apimachinery v0.17.1 +# k8s.io/apimachinery v0.18.0 => k8s.io/apimachinery v0.17.1 k8s.io/apimachinery/pkg/api/equality k8s.io/apimachinery/pkg/api/errors k8s.io/apimachinery/pkg/api/meta From 204413d3e06dd60db8afa264b7a197ee3e6311f0 Mon Sep 17 00:00:00 2001 From: Abhinav Dahiya Date: Mon, 16 Mar 2020 17:02:18 -0700 Subject: [PATCH 14/18] manifests/infrastructure.go: aws: update the config/v1 Infra with service endpoints --- pkg/asset/manifests/infrastructure.go | 43 ++++++++++++++++++++------- 1 file changed, 32 insertions(+), 11 deletions(-) diff --git a/pkg/asset/manifests/infrastructure.go b/pkg/asset/manifests/infrastructure.go index cef81a46a8d..1711386c574 100644 --- a/pkg/asset/manifests/infrastructure.go +++ b/pkg/asset/manifests/infrastructure.go @@ -3,6 +3,7 @@ package manifests import ( "fmt" "path/filepath" + "sort" "github.com/ghodss/yaml" "github.com/pkg/errors" @@ -70,6 +71,9 @@ func (i *Infrastructure) Generate(dependencies asset.Parents) error { Name: "cluster", // not namespaced }, + Spec: configv1.InfrastructureSpec{ + PlatformSpec: configv1.PlatformSpec{}, + }, Status: configv1.InfrastructureStatus{ InfrastructureName: clusterID.InfraID, APIServerURL: getAPIServerURL(installConfig.Config), @@ -81,12 +85,28 @@ func (i *Infrastructure) Generate(dependencies asset.Parents) error { switch installConfig.Config.Platform.Name() { case aws.Name: - config.Status.PlatformStatus.Type = configv1.AWSPlatformType + config.Spec.PlatformSpec.Type = configv1.AWSPlatformType + config.Spec.PlatformSpec.AWS = &configv1.AWSPlatformSpec{} config.Status.PlatformStatus.AWS = &configv1.AWSPlatformStatus{ Region: installConfig.Config.Platform.AWS.Region, } + + for _, service := range installConfig.Config.Platform.AWS.ServiceEndpoints { + config.Spec.PlatformSpec.AWS.ServiceEndpoints = append(config.Spec.PlatformSpec.AWS.ServiceEndpoints, configv1.AWSServiceEndpoint{ + Name: service.Name, + URL: service.URL, + }) + config.Status.PlatformStatus.AWS.ServiceEndpoints = append(config.Status.PlatformStatus.AWS.ServiceEndpoints, configv1.AWSServiceEndpoint{ + Name: service.Name, + URL: service.URL, + }) + sort.Slice(config.Status.PlatformStatus.AWS.ServiceEndpoints, func(i, j int) bool { + return config.Status.PlatformStatus.AWS.ServiceEndpoints[i].Name < + config.Status.PlatformStatus.AWS.ServiceEndpoints[j].Name + }) + } case azure.Name: - config.Status.PlatformStatus.Type = configv1.AzurePlatformType + config.Spec.PlatformSpec.Type = configv1.AzurePlatformType rg := fmt.Sprintf("%s-rg", clusterID.InfraID) config.Status.PlatformStatus.Azure = &configv1.AzurePlatformStatus{ @@ -97,14 +117,14 @@ func (i *Infrastructure) Generate(dependencies asset.Parents) error { config.Status.PlatformStatus.Azure.NetworkResourceGroupName = nrg } case baremetal.Name: - config.Status.PlatformStatus.Type = configv1.BareMetalPlatformType + config.Spec.PlatformSpec.Type = configv1.BareMetalPlatformType config.Status.PlatformStatus.BareMetal = &configv1.BareMetalPlatformStatus{ APIServerInternalIP: installConfig.Config.Platform.BareMetal.APIVIP, NodeDNSIP: installConfig.Config.Platform.BareMetal.DNSVIP, IngressIP: installConfig.Config.Platform.BareMetal.IngressVIP, } case gcp.Name: - config.Status.PlatformStatus.Type = configv1.GCPPlatformType + config.Spec.PlatformSpec.Type = configv1.GCPPlatformType config.Status.PlatformStatus.GCP = &configv1.GCPPlatformStatus{ ProjectID: installConfig.Config.Platform.GCP.ProjectID, Region: installConfig.Config.Platform.GCP.Region, @@ -119,11 +139,11 @@ func (i *Infrastructure) Generate(dependencies asset.Parents) error { Data: content, }) case libvirt.Name: - config.Status.PlatformStatus.Type = configv1.LibvirtPlatformType + config.Spec.PlatformSpec.Type = configv1.LibvirtPlatformType case none.Name: - config.Status.PlatformStatus.Type = configv1.NonePlatformType + config.Spec.PlatformSpec.Type = configv1.NonePlatformType case openstack.Name: - config.Status.PlatformStatus.Type = configv1.OpenStackPlatformType + config.Spec.PlatformSpec.Type = configv1.OpenStackPlatformType dnsVIP, err := openstackdefaults.DNSVIP(installConfig.Config.Networking) if err != nil { return err @@ -134,7 +154,7 @@ func (i *Infrastructure) Generate(dependencies asset.Parents) error { IngressIP: installConfig.Config.OpenStack.IngressVIP, } case vsphere.Name: - config.Status.PlatformStatus.Type = configv1.VSpherePlatformType + config.Spec.PlatformSpec.Type = configv1.VSpherePlatformType if installConfig.Config.VSphere.APIVIP != "" { config.Status.PlatformStatus.VSphere = &configv1.VSpherePlatformStatus{ APIServerInternalIP: installConfig.Config.VSphere.APIVIP, @@ -143,16 +163,17 @@ func (i *Infrastructure) Generate(dependencies asset.Parents) error { } } case ovirt.Name: - config.Status.PlatformStatus.Type = configv1.OvirtPlatformType + config.Spec.PlatformSpec.Type = configv1.OvirtPlatformType config.Status.PlatformStatus.Ovirt = &configv1.OvirtPlatformStatus{ APIServerInternalIP: installConfig.Config.Ovirt.APIVIP, NodeDNSIP: installConfig.Config.Ovirt.DNSVIP, IngressIP: installConfig.Config.Ovirt.IngressVIP, } default: - config.Status.PlatformStatus.Type = configv1.NonePlatformType + config.Spec.PlatformSpec.Type = configv1.NonePlatformType } - config.Status.Platform = config.Status.PlatformStatus.Type + config.Status.Platform = config.Spec.PlatformSpec.Type + config.Status.PlatformStatus.Type = config.Spec.PlatformSpec.Type if cloudproviderconfig.ConfigMap != nil { // set the configmap reference. From 2b4fed0af4b75ee5ad014b9e37e3b0fb95e3c593 Mon Sep 17 00:00:00 2001 From: Abhinav Dahiya Date: Wed, 15 Apr 2020 18:16:45 -0700 Subject: [PATCH 15/18] data/data/aws: skip region validation for custom regions --- data/data/aws/main.tf | 4 +--- data/data/aws/variables-aws.tf | 4 ++++ pkg/tfvars/aws/aws.go | 3 +++ 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/data/data/aws/main.tf b/data/data/aws/main.tf index 0f6d0d4b63b..755793d5940 100644 --- a/data/data/aws/main.tf +++ b/data/data/aws/main.tf @@ -10,9 +10,7 @@ locals { provider "aws" { region = var.aws_region - # Validation of AWS Bahrain region was added in AWS TF provider v2.22 - # so we skip when installing in me-south-1. - skip_region_validation = var.aws_region == "me-south-1" + skip_region_validation = var.aws_skip_region_validation endpoints { ec2 = lookup(var.custom_endpoints, "ec2", null) diff --git a/data/data/aws/variables-aws.tf b/data/data/aws/variables-aws.tf index 24a348adfcf..36e1028f7a7 100644 --- a/data/data/aws/variables-aws.tf +++ b/data/data/aws/variables-aws.tf @@ -130,3 +130,7 @@ variable "aws_publish_strategy" { type = string description = "The cluster publishing strategy, either Internal or External" } +variable "aws_skip_region_validation" { + type = bool + description = "This decides if the AWS provider should validate if the region is known." +} diff --git a/pkg/tfvars/aws/aws.go b/pkg/tfvars/aws/aws.go index 037ad4c7d99..04de2b5a202 100644 --- a/pkg/tfvars/aws/aws.go +++ b/pkg/tfvars/aws/aws.go @@ -8,6 +8,7 @@ import ( "github.com/pkg/errors" "sigs.k8s.io/cluster-api-provider-aws/pkg/apis/awsproviderconfig/v1beta1" + configaws "github.com/openshift/installer/pkg/asset/installconfig/aws" "github.com/openshift/installer/pkg/types" typesaws "github.com/openshift/installer/pkg/types/aws" "github.com/openshift/installer/pkg/types/aws/defaults" @@ -32,6 +33,7 @@ type config struct { PrivateSubnets []string `json:"aws_private_subnets,omitempty"` PublicSubnets *[]string `json:"aws_public_subnets,omitempty"` PublishStrategy string `json:"aws_publish_strategy,omitempty"` + SkipRegionCheck bool `json:"aws_skip_region_validation"` } // TFVarsSources contains the parameters to be converted into Terraform variables @@ -113,6 +115,7 @@ func TFVars(sources TFVarsSources) ([]byte, error) { VPC: sources.VPC, PrivateSubnets: sources.PrivateSubnets, PublishStrategy: string(sources.Publish), + SkipRegionCheck: !configaws.IsKnownRegion(masterConfig.Placement.Region), } if len(sources.PublicSubnets) == 0 { From 2ef70a98679f62dc6fe9965ac7ca79b1c7dd09c6 Mon Sep 17 00:00:00 2001 From: Abhinav Dahiya Date: Thu, 16 Apr 2020 07:30:29 -0700 Subject: [PATCH 16/18] aws: add missing endpoints for aws china route53 since, AWS SDK is missing the route53 endpoints for AWS China regions, the users will be forced to add the service endpoint. But it seems like there is a known endpoint for that service already and the sdk is trailing for a bit, also the terraform aws provider is using this same endpoint already. So adding the endpoint as default known, should help our users a little bit... Also the destroy code needs to perform the same switching for AWS china partition like we go for AWS commercial regions for resource tagging api wrt. route53 object from [1] [1]: https://github.com/openshift/installer/commit/e24c7dc419706b67f9ee2c0bc21f01ebeafc4833 --- pkg/asset/installconfig/aws/session.go | 37 ++++++++++++++++++++++++-- pkg/destroy/aws/aws.go | 21 ++++++++++----- 2 files changed, 50 insertions(+), 8 deletions(-) diff --git a/pkg/asset/installconfig/aws/session.go b/pkg/asset/installconfig/aws/session.go index d3ad536b671..aa7d17e37ce 100644 --- a/pkg/asset/installconfig/aws/session.go +++ b/pkg/asset/installconfig/aws/session.go @@ -175,12 +175,19 @@ func getCredentials() error { type awsResolver struct { region string services map[string]typesaws.ServiceEndpoint + + // this is a list of known default endpoints for specific regions that would + // otherwise require user to set the service overrides. + // it's a map of region => service => resolved endpoint + // this is only used when the user hasn't specified a override for the service in that region. + defaultEndpoints map[string]map[string]endpoints.ResolvedEndpoint } func newAWSResolver(region string, services []typesaws.ServiceEndpoint) *awsResolver { resolver := &awsResolver{ - region: region, - services: make(map[string]typesaws.ServiceEndpoint), + region: region, + services: make(map[string]typesaws.ServiceEndpoint), + defaultEndpoints: defaultEndpoints(), } for _, service := range services { service := service @@ -197,9 +204,35 @@ func (ar *awsResolver) EndpointFor(service, region string, optFns ...func(*endpo SigningRegion: ar.region, }, nil } + if rv, ok := ar.defaultEndpoints[region]; ok { + if v, ok := rv[service]; ok { + return v, nil + } + } return endpoints.DefaultResolver().EndpointFor(service, region, optFns...) } func resolverKey(service string) string { return service } + +// this is a list of known default endpoints for specific regions that would +// otherwise require user to set the service overrides. +// it's a map of region => service => resolved endpoint +// this is only used when the user hasn't specified a override for the service in that region. +func defaultEndpoints() map[string]map[string]endpoints.ResolvedEndpoint { + return map[string]map[string]endpoints.ResolvedEndpoint{ + endpoints.CnNorth1RegionID: { + "route53": { + URL: "https://route53.amazonaws.com.cn", + SigningRegion: endpoints.CnNorthwest1RegionID, + }, + }, + endpoints.CnNorthwest1RegionID: { + "route53": { + URL: "https://route53.amazonaws.com.cn", + SigningRegion: endpoints.CnNorthwest1RegionID, + }, + }, + } +} diff --git a/pkg/destroy/aws/aws.go b/pkg/destroy/aws/aws.go index 4db05658c8f..db472a12de9 100644 --- a/pkg/destroy/aws/aws.go +++ b/pkg/destroy/aws/aws.go @@ -125,12 +125,21 @@ func (o *ClusterUninstaller) Run() error { tagClientNames := map[*resourcegroupstaggingapi.ResourceGroupsTaggingAPI]string{ tagClients[0]: o.Region, } - if o.Region != "us-east-1" { - tagClient := resourcegroupstaggingapi.New( - awsSession, aws.NewConfig().WithRegion("us-east-1"), - ) - tagClients = append(tagClients, tagClient) - tagClientNames[tagClient] = "us-east-1" + + switch o.Region { + case endpoints.CnNorth1RegionID, endpoints.CnNorthwest1RegionID: + if o.Region != endpoints.CnNorthwest1RegionID { + tagClient := resourcegroupstaggingapi.New(awsSession, aws.NewConfig().WithRegion(endpoints.CnNorthwest1RegionID)) + tagClients = append(tagClients, tagClient) + tagClientNames[tagClient] = endpoints.CnNorthwest1RegionID + } + + default: + if o.Region != endpoints.UsEast1RegionID { + tagClient := resourcegroupstaggingapi.New(awsSession, aws.NewConfig().WithRegion(endpoints.UsEast1RegionID)) + tagClients = append(tagClients, tagClient) + tagClientNames[tagClient] = endpoints.UsEast1RegionID + } } iamClient := iam.New(awsSession) From 61ea70e71d9c94dc77f136059672faac32ef0e11 Mon Sep 17 00:00:00 2001 From: Abhinav Dahiya Date: Fri, 17 Apr 2020 08:15:46 -0700 Subject: [PATCH 17/18] FIXUP: terraform formatting --- data/data/aws/variables-aws.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/data/data/aws/variables-aws.tf b/data/data/aws/variables-aws.tf index 36e1028f7a7..859c4f4972b 100644 --- a/data/data/aws/variables-aws.tf +++ b/data/data/aws/variables-aws.tf @@ -53,12 +53,12 @@ EOF } variable "aws_master_root_volume_type" { - type = string + type = string description = "The type of volume for the root block device of master nodes." } variable "aws_master_root_volume_size" { - type = string + type = string description = "The size of the volume in gigabytes for the root block device of master nodes." } From 6ced6ad35d604cc6d81522c2b40fecd1fa944bad Mon Sep 17 00:00:00 2001 From: Abhinav Dahiya Date: Fri, 17 Apr 2020 08:24:43 -0700 Subject: [PATCH 18/18] FIXUP: drop shadowing withing range in isAWSRegion --- pkg/asset/installconfig/aws/validation.go | 1 - 1 file changed, 1 deletion(-) diff --git a/pkg/asset/installconfig/aws/validation.go b/pkg/asset/installconfig/aws/validation.go index d36d4adf1d5..be8fc9d0a13 100644 --- a/pkg/asset/installconfig/aws/validation.go +++ b/pkg/asset/installconfig/aws/validation.go @@ -195,7 +195,6 @@ func validateServiceEndpoints(fldPath *field.Path, region string, services []aws func isAWSSDKRegion(region string) bool { for _, partition := range endpoints.DefaultPartitions() { for _, partitionRegion := range partition.Regions() { - partitionRegion := partitionRegion if region == partitionRegion.ID() { return true }