openshift/installer
1
0
Fork 0
mirror of https://github.com/openshift/installer.git synced 2026-02-05 15:47:14 +01:00
Code Issues Releases Activity

vendor

Browse Source
This commit is contained in:
Richard Vanderpool
2024-01-12 13:54:52 -05:00
parent eccd73781b
commit 9d349295f0
20 changed files with 283 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
go.mod
View File

@@ -58,7 +58,7 @@ require (
github.com/microsoftgraph/msgraph-sdk-go v0.47.0
github.com/nutanix-cloud-native/prism-go-client v0.2.1-0.20220804130801-c8a253627c64
github.com/onsi/gomega v1.29.0
github.com/openshift/api v0.0.0-20240104110125-c7a2d3b41e1f
github.com/openshift/api v0.0.0-20240115183315-0793e918179d
github.com/openshift/assisted-image-service v0.0.0-20230829160050-0b98ec74397b
github.com/openshift/assisted-service/api v0.0.0
github.com/openshift/assisted-service/client v0.0.0

4
go.sum
View File

@@ -1919,8 +1919,8 @@ github.com/opencontainers/selinux v1.10.1/go.mod h1:2i0OySw99QjzBBQByd1Gr9gSjvuh
github.com/openshift/api v0.0.0-20200326160804-ecb9283fe820/go.mod h1:RKMJ5CBnljLfnej+BJ/xnOWc3kZDvJUaIAEq2oKSPtE=
github.com/openshift/api v0.0.0-20200827090112-c05698d102cf/go.mod h1:M3xexPhgM8DISzzRpuFUy+jfPjQPIcs9yqEYj17mXV8=
github.com/openshift/api v0.0.0-20200829102639-8a3a835f1acf/go.mod h1:M3xexPhgM8DISzzRpuFUy+jfPjQPIcs9yqEYj17mXV8=
github.com/openshift/api v0.0.0-20240104110125-c7a2d3b41e1f h1:3BMVfQpz1xe8MmJprp1+NL8hrpl9I04JVP9EczdCOqE=
github.com/openshift/api v0.0.0-20240104110125-c7a2d3b41e1f/go.mod h1:CxgbWAlvu2iQB0UmKTtRu1YfepRg1/vJ64n2DlIEVz4=
github.com/openshift/api v0.0.0-20240115183315-0793e918179d h1:gtwDqGPf5QmsV8jvOUoDNbtyeby9QeLdsybNQ8mGqHQ=
github.com/openshift/api v0.0.0-20240115183315-0793e918179d/go.mod h1:CxgbWAlvu2iQB0UmKTtRu1YfepRg1/vJ64n2DlIEVz4=
github.com/openshift/assisted-image-service v0.0.0-20230829160050-0b98ec74397b h1:wLVEgmzQjs3t4Z96gZzSLF/ws6ULliAks7z1lozNJrE=
github.com/openshift/assisted-image-service v0.0.0-20230829160050-0b98ec74397b/go.mod h1:KTt/pnfs9gt0McDPrb0zVTkwd0xIFNik/ZJROIBzsbc=
github.com/openshift/assisted-service/api v0.0.0-20230831114549-1922eda29cf8 h1:+fZLKbycDo4JeLwPGVSAgf2XPaJGLM341l9ZfrrlxG0=

5
vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd-CustomNoUpgrade.yaml generated vendored
View File

@@ -216,6 +216,11 @@ spec:
type:
description: type identifies the cluster managed, user facing authentication mode in use. Specifically, it manages the component that responds to login attempts. The default is IntegratedOAuth.
type: string
enum:
- ""
- None
- IntegratedOAuth
- OIDC
webhookTokenAuthenticator:
description: "webhookTokenAuthenticator configures a remote token reviewer. These remote authentication webhooks can be used to verify bearer tokens via the tokenreviews.authentication.k8s.io REST API. This is required to honor bearer tokens that are provisioned by an external authentication service. \n Can only be set if \"Type\" is set to \"None\"."
type: object

5
vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd-TechPreviewNoUpgrade.yaml generated vendored
View File

@@ -216,6 +216,11 @@ spec:
type:
description: type identifies the cluster managed, user facing authentication mode in use. Specifically, it manages the component that responds to login attempts. The default is IntegratedOAuth.
type: string
enum:
- ""
- None
- IntegratedOAuth
- OIDC
webhookTokenAuthenticator:
description: "webhookTokenAuthenticator configures a remote token reviewer. These remote authentication webhooks can be used to verify bearer tokens via the tokenreviews.authentication.k8s.io REST API. This is required to honor bearer tokens that are provisioned by an external authentication service. \n Can only be set if \"Type\" is set to \"None\"."
type: object

4
vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd.yaml generated vendored
View File

@@ -52,6 +52,10 @@ spec:
type:
description: type identifies the cluster managed, user facing authentication mode in use. Specifically, it manages the component that responds to login attempts. The default is IntegratedOAuth.
type: string
enum:
- ""
- None
- IntegratedOAuth
webhookTokenAuthenticator:
description: "webhookTokenAuthenticator configures a remote token reviewer. These remote authentication webhooks can be used to verify bearer tokens via the tokenreviews.authentication.k8s.io REST API. This is required to honor bearer tokens that are provisioned by an external authentication service. \n Can only be set if \"Type\" is set to \"None\"."
type: object

11
vendor/github.com/openshift/api/config/v1/custom.authentication.testsuite.yaml generated vendored
View File

@@ -12,6 +12,17 @@ tests:
apiVersion: config.openshift.io/v1
kind: Authentication
spec: {}
- name: Should be able to use the OIDC type
initial: |
apiVersion: config.openshift.io/v1
kind: Authentication
spec:
type: OIDC
expected: |
apiVersion: config.openshift.io/v1
kind: Authentication
spec:
type: OIDC
- name: Cannot set username claim prefix with policy NoPrefix
initial: |
apiVersion: config.openshift.io/v1

7
vendor/github.com/openshift/api/config/v1/stable.authentication.testsuite.yaml generated vendored
View File

@@ -12,3 +12,10 @@ tests:
apiVersion: config.openshift.io/v1
kind: Authentication
spec: {}
- name: Shouldn't be able to use the OIDC type in a stable version of the resource
initial: |
apiVersion: config.openshift.io/v1
kind: Authentication
spec:
type: OIDC
expectedError: "spec.type: Unsupported value: \"OIDC\": supported values: \"\", \"None\", \"IntegratedOAuth\""

13
vendor/github.com/openshift/api/config/v1/techpreview.authentication.testsuite.yaml generated vendored
View File

@@ -12,6 +12,17 @@ tests:
apiVersion: config.openshift.io/v1
kind: Authentication
spec: {}
- name: Should be able to use the OIDC type
initial: |
apiVersion: config.openshift.io/v1
kind: Authentication
spec:
type: OIDC
expected: |
apiVersion: config.openshift.io/v1
kind: Authentication
spec:
type: OIDC
- name: Cannot set username claim prefix with policy NoPrefix
initial: |
apiVersion: config.openshift.io/v1
@@ -284,4 +295,4 @@ tests:
componentName: name2
- componentNamespace: namespace2
componentName: name3
expected: *removeFromStatus
expected: *removeFromStatus

2
vendor/github.com/openshift/api/config/v1/types_authentication.go generated vendored
View File

@@ -130,6 +130,8 @@ type AuthenticationList struct {
Items []Authentication `json:"items"`
}
// +openshift:validation:FeatureSetAwareEnum:featureSet=Default,enum="";None;IntegratedOAuth
// +openshift:validation:FeatureSetAwareEnum:featureSet=CustomNoUpgrade;TechPreviewNoUpgrade,enum="";None;IntegratedOAuth;OIDC
type AuthenticationType string
const (

4
vendor/github.com/openshift/api/config/v1alpha1/register.go generated vendored
View File

@@ -34,6 +34,10 @@ func addKnownTypes(scheme *runtime.Scheme) error {
&InsightsDataGatherList{},
&Backup{},
&BackupList{},
&ImagePolicy{},
&ImagePolicyList{},
&ClusterImagePolicy{},
&ClusterImagePolicyList{},
)
metav1.AddToGroupVersion(scheme, GroupVersion)
return nil

6
vendor/github.com/openshift/api/machine/v1beta1/types_vsphereprovider.go generated vendored
View File

@@ -51,6 +51,12 @@ type VSphereMachineProviderSpec struct {
// This parameter will be ignored if 'LinkedClone' CloneMode is set.
// +optional
DiskGiB int32 `json:"diskGiB,omitempty"`
// tagIDs is an optional set of tags to add to an instance. Specified tagIDs
// must use URN-notation instead of display names. A maximum of 10 tag IDs may be specified.
// +kubebuilder:validation:Pattern:="^(urn):(vmomi):(InventoryServiceTag):([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}):([^:]+)$"
// +kubebuilder:example=urn:vmomi:InventoryServiceTag:5736bf56-49f5-4667-b38c-b97e09dc9578:GLOBAL
// +optional
TagIDs []string `json:"tagIDs,omitempty"`
// Snapshot is the name of the snapshot from which the VM was cloned
// +optional
Snapshot string `json:"snapshot"`

5
vendor/github.com/openshift/api/machine/v1beta1/zz_generated.deepcopy.go generated vendored
View File

@@ -1784,6 +1784,11 @@ func (in *VSphereMachineProviderSpec) DeepCopyInto(out *VSphereMachineProviderSp
**out = **in
}
in.Network.DeepCopyInto(&out.Network)
if in.TagIDs != nil {
in, out := &in.TagIDs, &out.TagIDs
*out = make([]string, len(*in))
copy(*out, *in)
}
return
}

1
vendor/github.com/openshift/api/machine/v1beta1/zz_generated.swagger_doc_generated.go generated vendored
View File

@@ -772,6 +772,7 @@ var map_VSphereMachineProviderSpec = map[string]string{
"numCoresPerSocket": "NumCPUs is the number of cores among which to distribute CPUs in this virtual machine. Defaults to the analogue property value in the template from which this machine is cloned.",
"memoryMiB": "MemoryMiB is the size of a virtual machine's memory, in MiB. Defaults to the analogue property value in the template from which this machine is cloned.",
"diskGiB": "DiskGiB is the size of a virtual machine's disk, in GiB. Defaults to the analogue property value in the template from which this machine is cloned. This parameter will be ignored if 'LinkedClone' CloneMode is set.",
"tagIDs": "tagIDs is an optional set of tags to add to an instance. Specified tagIDs must use URN-notation instead of display names. A maximum of 10 tag IDs may be specified.",
"snapshot": "Snapshot is the name of the snapshot from which the VM was cloned",
"cloneMode": "CloneMode specifies the type of clone operation. The LinkedClone mode is only support for templates that have at least one snapshot. If the template has no snapshots, then CloneMode defaults to FullClone. When LinkedClone mode is enabled the DiskGiB field is ignored as it is not possible to expand disks of linked clones. Defaults to FullClone. When using LinkedClone, if no snapshots exist for the source template, falls back to FullClone.",
}

13
vendor/github.com/openshift/api/operator/v1/0000_70_cluster-network-operator_01-CustomNoUpgrade.crd.yaml generated vendored
View File

@@ -269,6 +269,19 @@ spec:
ipsecConfig:
description: ipsecConfig enables and configures IPsec for pods on the pod network within the cluster.
type: object
default:
mode: Disabled
properties:
mode:
description: mode defines the behaviour of the ipsec configuration within the platform. Valid values are `Disabled`, `External` and `Full`. When 'Disabled', ipsec will not be enabled at the node level. When 'External', ipsec is enabled on the node level but requires the user to configure the secure communication parameters. This mode is for external secure communications and the configuration can be done using the k8s-nmstate operator. When 'Full', ipsec is configured on the node level and inter-pod secure communication within the cluster is configured. Note with `Full`, if ipsec is desired for communication with external (to the cluster) entities (such as storage arrays), this is left to the user to configure.
type: string
enum:
- Disabled
- External
- Full
x-kubernetes-validations:
- rule: self == oldSelf || has(self.mode)
message: ipsecConfig.mode is required
mtu:
description: mtu is the MTU to use for the tunnel interface. This must be 100 bytes smaller than the uplink mtu. Default is 1400
type: integer

13
vendor/github.com/openshift/api/operator/v1/0000_70_cluster-network-operator_01-Default.crd.yaml generated vendored
View File

@@ -269,6 +269,19 @@ spec:
ipsecConfig:
description: ipsecConfig enables and configures IPsec for pods on the pod network within the cluster.
type: object
default:
mode: Disabled
properties:
mode:
description: mode defines the behaviour of the ipsec configuration within the platform. Valid values are `Disabled`, `External` and `Full`. When 'Disabled', ipsec will not be enabled at the node level. When 'External', ipsec is enabled on the node level but requires the user to configure the secure communication parameters. This mode is for external secure communications and the configuration can be done using the k8s-nmstate operator. When 'Full', ipsec is configured on the node level and inter-pod secure communication within the cluster is configured. Note with `Full`, if ipsec is desired for communication with external (to the cluster) entities (such as storage arrays), this is left to the user to configure.
type: string
enum:
- Disabled
- External
- Full
x-kubernetes-validations:
- rule: self == oldSelf || has(self.mode)
message: ipsecConfig.mode is required
mtu:
description: mtu is the MTU to use for the tunnel interface. This must be 100 bytes smaller than the uplink mtu. Default is 1400
type: integer

13
vendor/github.com/openshift/api/operator/v1/0000_70_cluster-network-operator_01-TechPreviewNoUpgrade.crd.yaml generated vendored
View File

@@ -269,6 +269,19 @@ spec:
ipsecConfig:
description: ipsecConfig enables and configures IPsec for pods on the pod network within the cluster.
type: object
default:
mode: Disabled
properties:
mode:
description: mode defines the behaviour of the ipsec configuration within the platform. Valid values are `Disabled`, `External` and `Full`. When 'Disabled', ipsec will not be enabled at the node level. When 'External', ipsec is enabled on the node level but requires the user to configure the secure communication parameters. This mode is for external secure communications and the configuration can be done using the k8s-nmstate operator. When 'Full', ipsec is configured on the node level and inter-pod secure communication within the cluster is configured. Note with `Full`, if ipsec is desired for communication with external (to the cluster) entities (such as storage arrays), this is left to the user to configure.
type: string
enum:
- Disabled
- External
- Full
x-kubernetes-validations:
- rule: self == oldSelf || has(self.mode)
message: ipsecConfig.mode is required
mtu:
description: mtu is the MTU to use for the tunnel interface. This must be 100 bytes smaller than the uplink mtu. Default is 1400
type: integer

142
vendor/github.com/openshift/api/operator/v1/stable.network.testsuite.yaml generated vendored
View File

@@ -35,6 +35,8 @@ tests:
routingViaHost: false
ipv4:
internalMasqueradeSubnet: "169.254.168.0/29"
ipsecConfig:
mode: Disabled
disableNetworkDiagnostics: false
logLevel: Normal
operatorLogLevel: Normal
@@ -124,6 +126,8 @@ tests:
ipv6:
internalMasqueradeSubnet: "abcd:ef01:2345:6789:abcd:ef01:2345:6789/125"
routingViaHost: false
ipsecConfig:
mode: Disabled
disableNetworkDiagnostics: false
logLevel: Normal
operatorLogLevel: Normal
@@ -147,6 +151,8 @@ tests:
routingViaHost: false
ipv6:
internalMasqueradeSubnet: "abcd:ef01:2345:6789::2345:6789/20"
ipsecConfig:
mode: Disabled
disableNetworkDiagnostics: false
logLevel: Normal
operatorLogLevel: Normal
@@ -264,3 +270,139 @@ tests:
logLevel: Normal
operatorLogLevel: Normal
migration: {}
- name: "IPsec - Empty ipsecConfig is allowed in initial state"
initial: |
apiVersion: operator.openshift.io/v1
kind: Network
spec:
defaultNetwork:
ovnKubernetesConfig:
ipsecConfig: {}
expected: |
apiVersion: operator.openshift.io/v1
kind: Network
spec:
defaultNetwork:
ovnKubernetesConfig:
ipsecConfig: {}
disableNetworkDiagnostics: false
logLevel: Normal
operatorLogLevel: Normal
- name: "IPsec - Populated ipsecConfig is allowed"
initial: |
apiVersion: operator.openshift.io/v1
kind: Network
spec:
defaultNetwork:
ovnKubernetesConfig:
ipsecConfig:
mode: Full
expected: |
apiVersion: operator.openshift.io/v1
kind: Network
spec:
defaultNetwork:
ovnKubernetesConfig:
ipsecConfig:
mode: Full
disableNetworkDiagnostics: false
logLevel: Normal
operatorLogLevel: Normal
- name: "IPsec - Start without setting ipsecConfig"
initial: |
apiVersion: operator.openshift.io/v1
kind: Network
spec:
defaultNetwork:
ovnKubernetesConfig:
expected: |
apiVersion: operator.openshift.io/v1
kind: Network
spec:
defaultNetwork: {}
disableNetworkDiagnostics: false
logLevel: Normal
operatorLogLevel: Normal
- name: "IPsec - empty string is not allowed"
initial: |
apiVersion: operator.openshift.io/v1
kind: Network
spec:
defaultNetwork:
ovnKubernetesConfig:
ipsecConfig:
mode: ""
expectedError: "Unsupported value: \"\": supported values: \"Disabled\", \"External\", \"Full\""
onUpdate:
- name: "IPsec - Removing ipsecConfig.mode is not allowed"
initial: |
apiVersion: operator.openshift.io/v1
kind: Network
spec:
defaultNetwork:
ovnKubernetesConfig:
ipsecConfig:
mode: Full
updated: |
apiVersion: operator.openshift.io/v1
kind: Network
spec:
defaultNetwork:
ovnKubernetesConfig:
ipsecConfig: {}
expectedError: "ipsecConfig.mode is required"
- name: "IPsec - Disabling IPsec"
initial: |
apiVersion: operator.openshift.io/v1
kind: Network
spec:
defaultNetwork:
ovnKubernetesConfig:
ipsecConfig:
mode: Full
updated: |
apiVersion: operator.openshift.io/v1
kind: Network
spec:
defaultNetwork:
ovnKubernetesConfig:
ipsecConfig:
mode: Disabled
expected: |
apiVersion: operator.openshift.io/v1
kind: Network
spec:
defaultNetwork:
ovnKubernetesConfig:
ipsecConfig:
mode: Disabled
disableNetworkDiagnostics: false
logLevel: Normal
operatorLogLevel: Normal
- name: "IPsec - Empty ipsecConfig when changing other parameters"
initial: |
apiVersion: operator.openshift.io/v1
kind: Network
spec:
defaultNetwork:
ovnKubernetesConfig:
ipsecConfig: {}
updated: |
apiVersion: operator.openshift.io/v1
kind: Network
spec:
defaultNetwork:
ovnKubernetesConfig:
ipsecConfig: {}
mtu: 5888
expected: |
apiVersion: operator.openshift.io/v1
kind: Network
spec:
defaultNetwork:
ovnKubernetesConfig:
ipsecConfig: {}
mtu: 5888
disableNetworkDiagnostics: false
logLevel: Normal
operatorLogLevel: Normal

28
vendor/github.com/openshift/api/operator/v1/types_network.go generated vendored
View File

@@ -390,6 +390,8 @@ type OVNKubernetesConfig struct {
// ipsecConfig enables and configures IPsec for pods on the pod network within the
// cluster.
// +optional
// +kubebuilder:default={"mode": "Disabled"}
// +default={"mode": "Disabled"}
IPsecConfig *IPsecConfig `json:"ipsecConfig,omitempty"`
// policyAuditConfig is the configuration for network policy audit events. If unset,
// reported defaults are used.
@@ -428,7 +430,19 @@ type HybridOverlayConfig struct {
HybridOverlayVXLANPort *uint32 `json:"hybridOverlayVXLANPort,omitempty"`
}
// +kubebuilder:validation:XValidation:rule="self == oldSelf || has(self.mode)",message="ipsecConfig.mode is required"
type IPsecConfig struct {
// mode defines the behaviour of the ipsec configuration within the platform.
// Valid values are `Disabled`, `External` and `Full`.
// When 'Disabled', ipsec will not be enabled at the node level.
// When 'External', ipsec is enabled on the node level but requires the user to configure the secure communication parameters.
// This mode is for external secure communications and the configuration can be done using the k8s-nmstate operator.
// When 'Full', ipsec is configured on the node level and inter-pod secure communication within the cluster is configured.
// Note with `Full`, if ipsec is desired for communication with external (to the cluster) entities (such as storage arrays),
// this is left to the user to configure.
// +kubebuilder:validation:Enum=Disabled;External;Full
// +optional
Mode IPsecMode `json:"mode,omitempty"`
}
type IPForwardingMode string
@@ -691,3 +705,17 @@ const (
// IPAMTypeStatic uses static IP
IPAMTypeStatic IPAMType = "Static"
)
// IPsecMode enumerates the modes for IPsec configuration
type IPsecMode string
const (
// IPsecModeDisabled disables IPsec altogether
IPsecModeDisabled IPsecMode = "Disabled"
// IPsecModeExternal enables IPsec on the node level, but expects the user to configure it using k8s-nmstate or
// other means - it is most useful for secure communication from the cluster to external endpoints
IPsecModeExternal IPsecMode = "External"
// IPsecModeFull enables IPsec on the node level (the same as IPsecModeExternal), and configures it to secure communication
// between pods on the cluster network.
IPsecModeFull IPsecMode = "Full"
)

8
vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go generated vendored
View File

@@ -1374,6 +1374,14 @@ func (IPFIXConfig) SwaggerDoc() map[string]string {
return map_IPFIXConfig
}
var map_IPsecConfig = map[string]string{
"mode": "mode defines the behaviour of the ipsec configuration within the platform. Valid values are `Disabled`, `External` and `Full`. When 'Disabled', ipsec will not be enabled at the node level. When 'External', ipsec is enabled on the node level but requires the user to configure the secure communication parameters. This mode is for external secure communications and the configuration can be done using the k8s-nmstate operator. When 'Full', ipsec is configured on the node level and inter-pod secure communication within the cluster is configured. Note with `Full`, if ipsec is desired for communication with external (to the cluster) entities (such as storage arrays), this is left to the user to configure.",
}
func (IPsecConfig) SwaggerDoc() map[string]string {
return map_IPsecConfig
}
var map_IPv4GatewayConfig = map[string]string{
"": "IPV4GatewayConfig holds the configuration paramaters for IPV4 connections in the GatewayConfig for OVN-Kubernetes",
"internalMasqueradeSubnet": "internalMasqueradeSubnet contains the masquerade addresses in IPV4 CIDR format used internally by ovn-kubernetes to enable host to service traffic. Each host in the cluster is configured with these addresses, as well as the shared gateway bridge interface. The values can be changed after installation. The subnet chosen should not overlap with other networks specified for OVN-Kubernetes as well as other networks used on the host. Additionally the subnet must be large enough to accommodate 6 IPs (maximum prefix length /29). When omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. The current default subnet is 169.254.169.0/29 The value must be in proper IPV4 CIDR format",

2
vendor/modules.txt vendored
View File

@@ -8801,7 +8801,7 @@ github.com/opencontainers/go-digest
## explicit; go 1.17
github.com/opencontainers/image-spec/specs-go
github.com/opencontainers/image-spec/specs-go/v1
# github.com/openshift/api v0.0.0-20240104110125-c7a2d3b41e1f
# github.com/openshift/api v0.0.0-20240115183315-0793e918179d
## explicit; go 1.21
github.com/openshift/api/annotations
github.com/openshift/api/config/v1