From ba8ef3023f45572f9d738963092819729818d351 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Radek=20Ma=C5=88=C3=A1k?= Date: Mon, 26 Jan 2026 14:09:22 +0100 Subject: [PATCH 01/15] Serve MAO metrics with direct TLS and profile reload. Remove the kube-rbac-proxy sidecar, mount the serving cert, and restart the operator on APIServer TLS profile changes. --- cmd/machine-api-operator/start.go | 140 ++++++++++++++++-- .../0000_30_machine-api-operator_09_rbac.yaml | 2 + ...30_machine-api-operator_11_deployment.yaml | 37 +---- .../machine/machine_controller_test.go | 2 + pkg/operator/operator_test.go | 8 +- pkg/operator/sync.go | 2 + 6 files changed, 151 insertions(+), 40 deletions(-) diff --git a/cmd/machine-api-operator/start.go b/cmd/machine-api-operator/start.go index dce09c53b7..0f2fe1c651 100644 --- a/cmd/machine-api-operator/start.go +++ b/cmd/machine-api-operator/start.go @@ -2,18 +2,23 @@ package main import ( "context" + "crypto/tls" "errors" "flag" "fmt" "net/http" "os" + "reflect" "strconv" + "sync" + "sync/atomic" "github.com/prometheus/client_golang/prometheus" "github.com/prometheus/client_golang/prometheus/promhttp" "github.com/spf13/cobra" "github.com/spf13/pflag" v1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/client-go/kubernetes" coreclientsetv1 "k8s.io/client-go/kubernetes/typed/core/v1" @@ -24,16 +29,21 @@ import ( "k8s.io/utils/clock" osconfigv1 "github.com/openshift/api/config/v1" + osclientset "github.com/openshift/client-go/config/clientset/versioned" + utiltls "github.com/openshift/library-go/pkg/controllerruntime/tls" "github.com/openshift/library-go/pkg/operator/events" "github.com/openshift/machine-api-operator/pkg/metrics" "github.com/openshift/machine-api-operator/pkg/operator" "github.com/openshift/machine-api-operator/pkg/util" "github.com/openshift/machine-api-operator/pkg/version" + "sigs.k8s.io/controller-runtime/pkg/client" ) const ( // defaultMetricsPort is the default port to expose metrics. - defaultMetricsPort = 8080 + defaultMetricsPort = 8443 + metricsCertFile = "/etc/tls/private/tls.crt" + metricsKeyFile = "/etc/tls/private/tls.key" ) var ( @@ -82,10 +92,20 @@ func runStartCmd(cmd *cobra.Command, args []string) error { return fmt.Errorf("error creating clients: %v", err) } stopCh := make(chan struct{}) + leaderElectionCtx, leaderElectionCancel := context.WithCancel(context.Background()) + var shutdownOnce sync.Once + var shuttingDown atomic.Bool + shutdown := func() { + shutdownOnce.Do(func() { + shuttingDown.Store(true) + close(stopCh) + leaderElectionCancel() + }) + } le := util.GetLeaderElectionConfig(cb.config, osconfigv1.LeaderElection{}) - leaderelection.RunOrDie(context.TODO(), leaderelection.LeaderElectionConfig{ + leaderelection.RunOrDie(leaderElectionCtx, leaderelection.LeaderElectionConfig{ Lock: CreateResourceLock(cb, componentNamespace, componentName), RenewDeadline: le.RenewDeadline.Duration, RetryPeriod: le.RetryPeriod.Duration, @@ -93,6 +113,9 @@ func runStartCmd(cmd *cobra.Command, args []string) error { Callbacks: leaderelection.LeaderCallbacks{ OnStartedLeading: func(ctx context.Context) { ctrlCtx := CreateControllerContext(cb, stopCh, componentNamespace) + if err := setupTLSProfileWatcher(ctrlCtx, shutdown); err != nil { + klog.Fatalf("Unable to set up TLS profile watcher: %v", err) + } startControllersOrDie(ctrlCtx) ctrlCtx.KubeNamespacedInformerFactory.Start(ctrlCtx.Stop) ctrlCtx.ConfigInformerFactory.Start(ctrlCtx.Stop) @@ -100,15 +123,19 @@ func runStartCmd(cmd *cobra.Command, args []string) error { startMetricsCollectionAndServer(ctrlCtx) close(ctrlCtx.InformersStarted) - select {} + <-stopCh }, OnStoppedLeading: func() { + if shuttingDown.Load() { + klog.Info("Leader election stopped due to shutdown") + return + } klog.Fatalf("Leader election lost") }, }, ReleaseOnCancel: true, }) - panic("unreachable") + return nil } func initMachineAPIInformers(ctx *ControllerContext) { @@ -196,16 +223,111 @@ func startMetricsCollectionAndServer(ctx *ControllerContext) { metricsPort = v } klog.V(4).Info("Starting server to serve prometheus metrics") - go startHTTPMetricServer(fmt.Sprintf("localhost:%d", metricsPort)) + tlsConfig, err := metricsTLSConfig(ctx) + if err != nil { + klog.Fatalf("Unable to configure metrics TLS: %v", err) + } + go startHTTPSMetricServer(fmt.Sprintf(":%d", metricsPort), tlsConfig) +} + +func metricsTLSConfig(ctx *ControllerContext) (*tls.Config, error) { + scheme := runtime.NewScheme() + if err := osconfigv1.Install(scheme); err != nil { + return nil, fmt.Errorf("unable to add config.openshift.io scheme: %w", err) + } + + k8sClient, err := client.New(ctx.ClientBuilder.config, client.Options{Scheme: scheme}) + if err != nil { + return nil, fmt.Errorf("unable to create Kubernetes client: %w", err) + } + + tlsSecurityProfileSpec, err := utiltls.FetchAPIServerTLSProfile(context.Background(), k8sClient) + if err != nil { + return nil, fmt.Errorf("unable to get TLS profile from API server: %w", err) + } + + tlsConfigFn, unsupportedCiphers := utiltls.NewTLSConfigFromProfile(tlsSecurityProfileSpec) + if len(unsupportedCiphers) > 0 { + klog.Infof("TLS configuration contains unsupported ciphers that will be ignored: %v", unsupportedCiphers) + } + + tlsConfig := &tls.Config{} + tlsConfigFn(tlsConfig) + + return tlsConfig, nil +} + +func setupTLSProfileWatcher(ctx *ControllerContext, shutdown func()) error { + configClient := ctx.ClientBuilder.OpenshiftClientOrDie("tls-profile-watcher") + initialProfile, err := fetchAPIServerTLSProfileSpec(context.Background(), configClient) + if err != nil { + return err + } + + apiServerInformer := ctx.ConfigInformerFactory.Config().V1().APIServers().Informer() + apiServerInformer.AddEventHandler(cache.ResourceEventHandlerFuncs{ + AddFunc: func(obj interface{}) { + handleTLSProfileEvent(obj, initialProfile, shutdown) + }, + UpdateFunc: func(_, newObj interface{}) { + handleTLSProfileEvent(newObj, initialProfile, shutdown) + }, + }) + + return nil +} + +func fetchAPIServerTLSProfileSpec(ctx context.Context, configClient osclientset.Interface) (osconfigv1.TLSProfileSpec, error) { + apiServer, err := configClient.ConfigV1().APIServers().Get(ctx, utiltls.APIServerName, metav1.GetOptions{}) + if err != nil { + return osconfigv1.TLSProfileSpec{}, fmt.Errorf("failed to get APIServer %q: %w", utiltls.APIServerName, err) + } + + profile, err := utiltls.GetTLSProfileSpec(apiServer.Spec.TLSSecurityProfile) + if err != nil { + return osconfigv1.TLSProfileSpec{}, fmt.Errorf("failed to get TLS profile from APIServer %q: %w", utiltls.APIServerName, err) + } + + return profile, nil +} + +func handleTLSProfileEvent(obj interface{}, initialProfile osconfigv1.TLSProfileSpec, shutdown func()) { + apiServer, ok := obj.(*osconfigv1.APIServer) + if !ok { + return + } + if apiServer.Name != utiltls.APIServerName { + return + } + + currentProfile, err := utiltls.GetTLSProfileSpec(apiServer.Spec.TLSSecurityProfile) + if err != nil { + klog.Errorf("Failed to get TLS profile from APIServer %q: %v", apiServer.Name, err) + return + } + + if reflect.DeepEqual(initialProfile, currentProfile) { + klog.V(2).Info("TLS security profile unchanged") + return + } + + klog.Infof("TLS security profile has changed, initiating a shutdown to pick up the new configuration: initialMinTLSVersion=%s currentMinTLSVersion=%s initialCiphers=%v currentCiphers=%v", + initialProfile.MinTLSVersion, + currentProfile.MinTLSVersion, + initialProfile.Ciphers, + currentProfile.Ciphers, + ) + shutdown() } -func startHTTPMetricServer(metricsPort string) { +func startHTTPSMetricServer(metricsAddr string, tlsConfig *tls.Config) { mux := http.NewServeMux() mux.Handle("/metrics", promhttp.Handler()) server := &http.Server{ - Addr: metricsPort, - Handler: mux, + Addr: metricsAddr, + Handler: mux, + TLSConfig: tlsConfig, } - klog.Fatal(server.ListenAndServe()) + klog.Fatal(server.ListenAndServeTLS(metricsCertFile, metricsKeyFile)) } diff --git a/install/0000_30_machine-api-operator_09_rbac.yaml b/install/0000_30_machine-api-operator_09_rbac.yaml index ae24aa41fe..ee64f254ec 100644 --- a/install/0000_30_machine-api-operator_09_rbac.yaml +++ b/install/0000_30_machine-api-operator_09_rbac.yaml @@ -257,6 +257,7 @@ rules: - apiGroups: - config.openshift.io resources: + - apiservers - infrastructures - dnses - clusterversions @@ -426,6 +427,7 @@ rules: - apiGroups: - config.openshift.io resources: + - apiservers - featuregates - featuregates/status - proxies diff --git a/install/0000_30_machine-api-operator_11_deployment.yaml b/install/0000_30_machine-api-operator_11_deployment.yaml index 893b17f896..add4645cd6 100644 --- a/install/0000_30_machine-api-operator_11_deployment.yaml +++ b/install/0000_30_machine-api-operator_11_deployment.yaml @@ -28,31 +28,6 @@ spec: priorityClassName: system-node-critical serviceAccountName: machine-api-operator containers: - - name: kube-rbac-proxy - image: quay.io/openshift/origin-kube-rbac-proxy - args: - - "--secure-listen-address=0.0.0.0:8443" - - "--upstream=http://localhost:8080/" - - "--tls-cert-file=/etc/tls/private/tls.crt" - - "--tls-private-key-file=/etc/tls/private/tls.key" - - "--config-file=/etc/kube-rbac-proxy/config-file.yaml" - - "--tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305" - - "--logtostderr=true" - - "--v=3" - ports: - - containerPort: 8443 - name: https - protocol: TCP - resources: - requests: - memory: 20Mi - cpu: 10m - terminationMessagePolicy: FallbackToLogsOnError - volumeMounts: - - name: config - mountPath: /etc/kube-rbac-proxy - - mountPath: /etc/tls/private - name: machine-api-operator-tls - name: machine-api-operator image: quay.io/openshift/origin-machine-api-operator command: @@ -75,7 +50,11 @@ spec: fieldRef: fieldPath: metadata.name - name: METRICS_PORT - value: "8080" + value: "8443" + ports: + - containerPort: 8443 + name: https + protocol: TCP resources: requests: cpu: 10m @@ -84,6 +63,8 @@ spec: volumeMounts: - name: images mountPath: /etc/machine-api-operator-config/images + - mountPath: /etc/tls/private + name: machine-api-operator-tls nodeSelector: node-role.kubernetes.io/master: "" restartPolicy: Always @@ -100,10 +81,6 @@ spec: effect: "NoExecute" tolerationSeconds: 120 volumes: - - name: config - configMap: - name: kube-rbac-proxy - defaultMode: 420 - name: images configMap: defaultMode: 420 diff --git a/pkg/controller/machine/machine_controller_test.go b/pkg/controller/machine/machine_controller_test.go index 0de9d27e3a..86c3d546aa 100644 --- a/pkg/controller/machine/machine_controller_test.go +++ b/pkg/controller/machine/machine_controller_test.go @@ -23,6 +23,8 @@ import ( . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" + "context" + machinev1 "github.com/openshift/api/machine/v1beta1" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" diff --git a/pkg/operator/operator_test.go b/pkg/operator/operator_test.go index b08b594ae1..4f7d1b6fe2 100644 --- a/pkg/operator/operator_test.go +++ b/pkg/operator/operator_test.go @@ -213,9 +213,15 @@ func TestOperatorSync_NoOp(t *testing.T) { }, } + apiServer := &openshiftv1.APIServer{ + ObjectMeta: metav1.ObjectMeta{ + Name: "cluster", + }, + } + stopCh := make(chan struct{}) defer close(stopCh) - optr, err := newFakeOperator(nil, []runtime.Object{infra, proxy}, nil, imagesJSONFile, nil, stopCh) + optr, err := newFakeOperator(nil, []runtime.Object{infra, proxy, apiServer}, nil, imagesJSONFile, nil, stopCh) if err != nil { t.Fatal(err) } diff --git a/pkg/operator/sync.go b/pkg/operator/sync.go index de0442611b..80b841940a 100644 --- a/pkg/operator/sync.go +++ b/pkg/operator/sync.go @@ -22,6 +22,8 @@ import ( v1 "github.com/openshift/api/config/v1" machinev1beta1 "github.com/openshift/api/machine/v1beta1" + utiltls "github.com/openshift/controller-runtime-common/pkg/tls" + libgocrypto "github.com/openshift/library-go/pkg/crypto" "github.com/openshift/library-go/pkg/operator/events" "github.com/openshift/library-go/pkg/operator/resource/resourceapply" "github.com/openshift/library-go/pkg/operator/resource/resourcehash" From aaba00c1dd93b6655429a7db10f35e1881cb77bd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Radek=20Ma=C5=88=C3=A1k?= Date: Mon, 26 Jan 2026 14:09:27 +0100 Subject: [PATCH 02/15] Propagate TLS profile to controller proxies. Capture the APIServer TLS profile in operator config and use it to configure kube-rbac-proxy TLS args, with unit coverage. --- cmd/machine-api-operator/start.go | 7 ++-- pkg/operator/config.go | 1 + pkg/operator/operator.go | 12 +++++++ pkg/operator/operator_test.go | 56 +++++++++++++++++++++++++------ pkg/operator/sync.go | 41 +++++++++++++++------- pkg/operator/sync_test.go | 8 ++--- 6 files changed, 96 insertions(+), 29 deletions(-) diff --git a/cmd/machine-api-operator/start.go b/cmd/machine-api-operator/start.go index 0f2fe1c651..9cf06d5eb6 100644 --- a/cmd/machine-api-operator/start.go +++ b/cmd/machine-api-operator/start.go @@ -30,7 +30,7 @@ import ( osconfigv1 "github.com/openshift/api/config/v1" osclientset "github.com/openshift/client-go/config/clientset/versioned" - utiltls "github.com/openshift/library-go/pkg/controllerruntime/tls" + utiltls "github.com/openshift/controller-runtime-common/pkg/tls" "github.com/openshift/library-go/pkg/operator/events" "github.com/openshift/machine-api-operator/pkg/metrics" "github.com/openshift/machine-api-operator/pkg/operator" @@ -265,7 +265,7 @@ func setupTLSProfileWatcher(ctx *ControllerContext, shutdown func()) error { } apiServerInformer := ctx.ConfigInformerFactory.Config().V1().APIServers().Informer() - apiServerInformer.AddEventHandler(cache.ResourceEventHandlerFuncs{ + _, err = apiServerInformer.AddEventHandler(cache.ResourceEventHandlerFuncs{ AddFunc: func(obj interface{}) { handleTLSProfileEvent(obj, initialProfile, shutdown) }, @@ -273,6 +273,9 @@ func setupTLSProfileWatcher(ctx *ControllerContext, shutdown func()) error { handleTLSProfileEvent(newObj, initialProfile, shutdown) }, }) + if err != nil { + return fmt.Errorf("failed to add APIServer event handler: %w", err) + } return nil } diff --git a/pkg/operator/config.go b/pkg/operator/config.go index 4732def8d6..e0233ff97e 100644 --- a/pkg/operator/config.go +++ b/pkg/operator/config.go @@ -25,6 +25,7 @@ type OperatorConfig struct { Proxy *configv1.Proxy PlatformType configv1.PlatformType Features map[string]bool + TLSProfile configv1.TLSProfileSpec } type Controllers struct { diff --git a/pkg/operator/operator.go b/pkg/operator/operator.go index 8672165d9f..b6bbc90d8a 100644 --- a/pkg/operator/operator.go +++ b/pkg/operator/operator.go @@ -14,6 +14,7 @@ import ( configinformersv1 "github.com/openshift/client-go/config/informers/externalversions/config/v1" configlistersv1 "github.com/openshift/client-go/config/listers/config/v1" machineclientset "github.com/openshift/client-go/machine/clientset/versioned" + utiltls "github.com/openshift/controller-runtime-common/pkg/tls" "github.com/openshift/library-go/pkg/operator/configobserver/featuregates" "github.com/openshift/library-go/pkg/operator/events" "github.com/openshift/library-go/pkg/operator/resource/resourceapply" @@ -482,6 +483,16 @@ func (optr *Operator) maoConfigFromInfrastructure() (*OperatorConfig, error) { klog.V(2).Info("Enabling MachineAPIMigration for provider controller and machinesets") } + // Fetch TLS security profile from APIServer + apiServer, err := optr.osClient.ConfigV1().APIServers().Get(context.Background(), "cluster", metav1.GetOptions{}) + if err != nil { + return nil, fmt.Errorf("failed to fetch APIServer for TLS profile: %w", err) + } + tlsProfile, err := utiltls.GetTLSProfileSpec(apiServer.Spec.TLSSecurityProfile) + if err != nil { + return nil, fmt.Errorf("failed to get TLS profile spec: %w", err) + } + return &OperatorConfig{ TargetNamespace: optr.namespace, Proxy: clusterWideProxy, @@ -495,5 +506,6 @@ func (optr *Operator) maoConfigFromInfrastructure() (*OperatorConfig, error) { }, PlatformType: provider, Features: features, + TLSProfile: tlsProfile, }, nil } diff --git a/pkg/operator/operator_test.go b/pkg/operator/operator_test.go index 4f7d1b6fe2..71d74e3500 100644 --- a/pkg/operator/operator_test.go +++ b/pkg/operator/operator_test.go @@ -356,12 +356,20 @@ func TestMAOConfigFromInfrastructure(t *testing.T) { }, } + // Default APIServer with Intermediate TLS profile + defaultAPIServer := &openshiftv1.APIServer{ + ObjectMeta: metav1.ObjectMeta{ + Name: "cluster", + }, + } + testCases := []struct { name string platform openshiftv1.PlatformType infra *openshiftv1.Infrastructure featureGate *openshiftv1.FeatureGate proxy *openshiftv1.Proxy + apiServer *openshiftv1.APIServer imagesFile string expectedConfig *OperatorConfig expectedError error @@ -384,7 +392,8 @@ func TestMAOConfigFromInfrastructure(t *testing.T) { }, }, }, - proxy: proxy, + proxy: proxy, + apiServer: defaultAPIServer, expectedConfig: &OperatorConfig{ TargetNamespace: targetNamespace, Proxy: proxy, @@ -398,6 +407,7 @@ func TestMAOConfigFromInfrastructure(t *testing.T) { }, PlatformType: openshiftv1.AWSPlatformType, Features: enabledFeatureMap, + TLSProfile: *openshiftv1.TLSProfiles[openshiftv1.TLSProfileIntermediateType], }, }, { @@ -418,7 +428,8 @@ func TestMAOConfigFromInfrastructure(t *testing.T) { }, }, }, - proxy: proxy, + proxy: proxy, + apiServer: defaultAPIServer, expectedConfig: &OperatorConfig{ TargetNamespace: targetNamespace, Proxy: proxy, @@ -432,6 +443,7 @@ func TestMAOConfigFromInfrastructure(t *testing.T) { }, PlatformType: openshiftv1.OpenStackPlatformType, Features: enabledFeatureMap, + TLSProfile: *openshiftv1.TLSProfiles[openshiftv1.TLSProfileIntermediateType], }, }, { @@ -452,7 +464,8 @@ func TestMAOConfigFromInfrastructure(t *testing.T) { }, }, }, - proxy: proxy, + proxy: proxy, + apiServer: defaultAPIServer, expectedConfig: &OperatorConfig{ TargetNamespace: targetNamespace, Proxy: proxy, @@ -466,6 +479,7 @@ func TestMAOConfigFromInfrastructure(t *testing.T) { }, PlatformType: openshiftv1.AzurePlatformType, Features: enabledFeatureMap, + TLSProfile: *openshiftv1.TLSProfiles[openshiftv1.TLSProfileIntermediateType], }, }, { @@ -486,7 +500,8 @@ func TestMAOConfigFromInfrastructure(t *testing.T) { }, }, }, - proxy: proxy, + proxy: proxy, + apiServer: defaultAPIServer, expectedConfig: &OperatorConfig{ TargetNamespace: targetNamespace, Proxy: proxy, @@ -500,6 +515,7 @@ func TestMAOConfigFromInfrastructure(t *testing.T) { }, PlatformType: openshiftv1.BareMetalPlatformType, Features: enabledFeatureMap, + TLSProfile: *openshiftv1.TLSProfiles[openshiftv1.TLSProfileIntermediateType], }, }, { @@ -520,7 +536,8 @@ func TestMAOConfigFromInfrastructure(t *testing.T) { }, }, }, - proxy: proxy, + proxy: proxy, + apiServer: defaultAPIServer, expectedConfig: &OperatorConfig{ TargetNamespace: targetNamespace, Proxy: proxy, @@ -534,6 +551,7 @@ func TestMAOConfigFromInfrastructure(t *testing.T) { }, PlatformType: openshiftv1.GCPPlatformType, Features: enabledFeatureMap, + TLSProfile: *openshiftv1.TLSProfiles[openshiftv1.TLSProfileIntermediateType], }, }, { @@ -554,7 +572,8 @@ func TestMAOConfigFromInfrastructure(t *testing.T) { }, }, }, - proxy: proxy, + proxy: proxy, + apiServer: defaultAPIServer, expectedConfig: &OperatorConfig{ TargetNamespace: targetNamespace, Proxy: proxy, @@ -568,6 +587,7 @@ func TestMAOConfigFromInfrastructure(t *testing.T) { }, PlatformType: kubemarkPlatform, Features: enabledFeatureMap, + TLSProfile: *openshiftv1.TLSProfiles[openshiftv1.TLSProfileIntermediateType], }, }, { @@ -588,7 +608,8 @@ func TestMAOConfigFromInfrastructure(t *testing.T) { }, }, }, - proxy: proxy, + proxy: proxy, + apiServer: defaultAPIServer, expectedConfig: &OperatorConfig{ TargetNamespace: targetNamespace, Proxy: proxy, @@ -602,6 +623,7 @@ func TestMAOConfigFromInfrastructure(t *testing.T) { }, PlatformType: openshiftv1.VSpherePlatformType, Features: enabledFeatureMap, + TLSProfile: *openshiftv1.TLSProfiles[openshiftv1.TLSProfileIntermediateType], }, }, { @@ -622,7 +644,8 @@ func TestMAOConfigFromInfrastructure(t *testing.T) { }, }, }, - proxy: proxy, + proxy: proxy, + apiServer: defaultAPIServer, expectedConfig: &OperatorConfig{ TargetNamespace: targetNamespace, Proxy: proxy, @@ -636,6 +659,7 @@ func TestMAOConfigFromInfrastructure(t *testing.T) { }, PlatformType: openshiftv1.NonePlatformType, Features: enabledFeatureMap, + TLSProfile: *openshiftv1.TLSProfiles[openshiftv1.TLSProfileIntermediateType], }, }, { @@ -658,7 +682,8 @@ func TestMAOConfigFromInfrastructure(t *testing.T) { }, }, }, - proxy: proxy, + proxy: proxy, + apiServer: defaultAPIServer, expectedConfig: &OperatorConfig{ TargetNamespace: targetNamespace, Proxy: proxy, @@ -672,6 +697,7 @@ func TestMAOConfigFromInfrastructure(t *testing.T) { }, PlatformType: openshiftv1.BareMetalPlatformType, Features: enabledFeatureMap, + TLSProfile: *openshiftv1.TLSProfiles[openshiftv1.TLSProfileIntermediateType], }, }, { @@ -692,7 +718,8 @@ func TestMAOConfigFromInfrastructure(t *testing.T) { }, }, }, - proxy: proxy, + proxy: proxy, + apiServer: defaultAPIServer, expectedConfig: &OperatorConfig{ TargetNamespace: targetNamespace, Proxy: proxy, @@ -706,6 +733,7 @@ func TestMAOConfigFromInfrastructure(t *testing.T) { }, PlatformType: openshiftv1.BareMetalPlatformType, Features: enabledFeatureMap, + TLSProfile: *openshiftv1.TLSProfiles[openshiftv1.TLSProfileIntermediateType], }, }, { @@ -726,7 +754,8 @@ func TestMAOConfigFromInfrastructure(t *testing.T) { }, }, }, - proxy: proxy, + proxy: proxy, + apiServer: defaultAPIServer, expectedConfig: &OperatorConfig{ TargetNamespace: targetNamespace, Proxy: proxy, @@ -740,6 +769,7 @@ func TestMAOConfigFromInfrastructure(t *testing.T) { }, PlatformType: "bad-platform", Features: enabledFeatureMap, + TLSProfile: *openshiftv1.TLSProfiles[openshiftv1.TLSProfileIntermediateType], }, }, { @@ -800,6 +830,10 @@ func TestMAOConfigFromInfrastructure(t *testing.T) { proxy := tc.proxy.DeepCopy() objects = append(objects, proxy) } + if tc.apiServer != nil { + apiServer := tc.apiServer.DeepCopy() + objects = append(objects, apiServer) + } stopCh := make(chan struct{}) defer close(stopCh) diff --git a/pkg/operator/sync.go b/pkg/operator/sync.go index 80b841940a..1cc0d9581a 100644 --- a/pkg/operator/sync.go +++ b/pkg/operator/sync.go @@ -2,6 +2,7 @@ package operator import ( "context" + "crypto/tls" "fmt" "os" "slices" @@ -20,9 +21,9 @@ import ( "k8s.io/utils/ptr" "sigs.k8s.io/controller-runtime/pkg/reconcile" - v1 "github.com/openshift/api/config/v1" + configv1 "github.com/openshift/api/config/v1" machinev1beta1 "github.com/openshift/api/machine/v1beta1" - utiltls "github.com/openshift/controller-runtime-common/pkg/tls" + utiltls "github.com/openshift/library-go/pkg/controllerruntime/tls" libgocrypto "github.com/openshift/library-go/pkg/crypto" "github.com/openshift/library-go/pkg/operator/events" "github.com/openshift/library-go/pkg/operator/resource/resourceapply" @@ -258,7 +259,7 @@ func (optr *Operator) syncWebhookConfiguration(config *OperatorConfig) error { if err := optr.syncMachineMutatingWebhook(); err != nil { return err } - if config.PlatformType == v1.BareMetalPlatformType { + if config.PlatformType == configv1.BareMetalPlatformType { if err := optr.syncMetal3RemediationValidatingWebhook(); err != nil { return err } @@ -531,7 +532,7 @@ func newRBACConfigVolumes() []corev1.Volume { func newPodTemplateSpec(config *OperatorConfig, features map[string]bool) *corev1.PodTemplateSpec { containers := newContainers(config, features) withMHCProxy := config.Controllers.MachineHealthCheck != "" - proxyContainers := newKubeProxyContainers(config.Controllers.KubeRBACProxy, withMHCProxy) + proxyContainers := newKubeProxyContainers(config.Controllers.KubeRBACProxy, withMHCProxy, config.TLSProfile) tolerations := []corev1.Toleration{ { Key: "node-role.kubernetes.io/master", @@ -694,7 +695,7 @@ func newContainers(config *OperatorConfig, features map[string]bool) []corev1.Co machineControllerArgs := append([]string{}, featureGateArgs...) switch config.PlatformType { - case v1.AzurePlatformType, v1.GCPPlatformType: + case configv1.AzurePlatformType, configv1.GCPPlatformType: machineControllerArgs = append(machineControllerArgs, "--max-concurrent-reconciles=10") } @@ -874,20 +875,20 @@ func newContainers(config *OperatorConfig, features map[string]bool) []corev1.Co return containers } -func newKubeProxyContainers(image string, withMHCProxy bool) []corev1.Container { +func newKubeProxyContainers(image string, withMHCProxy bool, tlsProfile configv1.TLSProfileSpec) []corev1.Container { proxyContainers := []corev1.Container{ - newKubeProxyContainer(image, "machineset-mtrc", metrics.DefaultMachineSetMetricsAddress, machineSetExposeMetricsPort), - newKubeProxyContainer(image, "machine-mtrc", metrics.DefaultMachineMetricsAddress, machineExposeMetricsPort), + newKubeProxyContainer(image, "machineset-mtrc", metrics.DefaultMachineSetMetricsAddress, machineSetExposeMetricsPort, tlsProfile), + newKubeProxyContainer(image, "machine-mtrc", metrics.DefaultMachineMetricsAddress, machineExposeMetricsPort, tlsProfile), } if withMHCProxy { proxyContainers = append(proxyContainers, - newKubeProxyContainer(image, "mhc-mtrc", metrics.DefaultHealthCheckMetricsAddress, machineHealthCheckExposeMetricsPort), + newKubeProxyContainer(image, "mhc-mtrc", metrics.DefaultHealthCheckMetricsAddress, machineHealthCheckExposeMetricsPort, tlsProfile), ) } return proxyContainers } -func newKubeProxyContainer(image, portName, upstreamPort string, exposePort int32) corev1.Container { +func newKubeProxyContainer(image, portName, upstreamPort string, exposePort int32, tlsProfile configv1.TLSProfileSpec) corev1.Container { configMountPath := "/etc/kube-rbac-proxy" tlsCertMountPath := "/etc/tls/private" resources := corev1.ResourceRequirements{ @@ -896,16 +897,32 @@ func newKubeProxyContainer(image, portName, upstreamPort string, exposePort int3 corev1.ResourceCPU: resource.MustParse("10m"), }, } + + tlsConfigFn, _ := utiltls.NewTLSConfigFromProfile(tlsProfile) + + // Apply the config function to get the validated cipher codes. + tlsConf := &tls.Config{} + tlsConfigFn(tlsConf) + args := []string{ fmt.Sprintf("--secure-listen-address=0.0.0.0:%d", exposePort), fmt.Sprintf("--upstream=http://localhost%s", upstreamPort), fmt.Sprintf("--config-file=%s/config-file.yaml", configMountPath), fmt.Sprintf("--tls-cert-file=%s/tls.crt", tlsCertMountPath), fmt.Sprintf("--tls-private-key-file=%s/tls.key", tlsCertMountPath), - "--tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305", + } + + // Ciphers are empty when using TLS 1.3, so we don't need to set them. + if len(tlsConf.CipherSuites) > 0 { + ianaCiphers := libgocrypto.CipherSuitesToNamesOrDie(tlsConf.CipherSuites) + args = append(args, fmt.Sprintf("--tls-cipher-suites=%s", strings.Join(ianaCiphers, ","))) + } + + args = append(args, + fmt.Sprintf("--tls-min-version=%s", tlsProfile.MinTLSVersion), "--logtostderr=true", "--v=3", - } + ) ports := []corev1.ContainerPort{{ Name: portName, ContainerPort: exposePort, diff --git a/pkg/operator/sync_test.go b/pkg/operator/sync_test.go index 80c5c19e1d..ba8269c5c2 100644 --- a/pkg/operator/sync_test.go +++ b/pkg/operator/sync_test.go @@ -7,7 +7,7 @@ import ( "time" . "github.com/onsi/gomega" - v1 "github.com/openshift/api/config/v1" + configv1 "github.com/openshift/api/config/v1" machinev1beta1 "github.com/openshift/api/machine/v1beta1" appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" @@ -456,20 +456,20 @@ func TestSyncWebhookConfiguration(t *testing.T) { testCases := []struct { name string - platformType v1.PlatformType + platformType configv1.PlatformType expectedNrMutatingWebhooks int expectedNrValidatingWebhooks int }{ { name: "webhooks on non baremetal", // using AWS as random non baremetal platform - platformType: v1.AWSPlatformType, + platformType: configv1.AWSPlatformType, expectedNrMutatingWebhooks: 1, expectedNrValidatingWebhooks: 1, }, { name: "webhooks on baremetal", - platformType: v1.BareMetalPlatformType, + platformType: configv1.BareMetalPlatformType, expectedNrMutatingWebhooks: 2, expectedNrValidatingWebhooks: 2, }, From ac25cb8c758eb65e47897450ba2d896bf05cb8cf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Radek=20Ma=C5=88=C3=A1k?= Date: Tue, 27 Jan 2026 13:28:58 +0100 Subject: [PATCH 03/15] Fix build script --- hack/go-build.sh | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/hack/go-build.sh b/hack/go-build.sh index 728e01c0e6..86e8a88bf5 100755 --- a/hack/go-build.sh +++ b/hack/go-build.sh @@ -12,7 +12,10 @@ eval $(go env | grep -e "GOHOSTOS" -e "GOHOSTARCH") : "${GOARCH:=${GOHOSTARCH}}" # Go to the root of the repo -cd "$(git rev-parse --show-cdup)" +cdup="$(git rev-parse --show-cdup)" +if [ -n "$cdup" ]; then + cd "$cdup" +fi if [ -z ${VERSION_OVERRIDE+a} ]; then if [ -n "${BUILD_VERSION+a}" ] && [ -n "${BUILD_RELEASE+a}" ]; then From 007bb9cdf66c375b2ae182a27fbba1def7e9a8c4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Radek=20Ma=C5=88=C3=A1k?= Date: Wed, 28 Jan 2026 14:46:46 +0100 Subject: [PATCH 04/15] Add tests for newKubeProxyContainer Add unit tests to verify TLS configuration handling in newKubeProxyContainer, including tests for TLS 1.2 with cipher suites and TLS 1.3 without cipher suites. --- pkg/operator/sync_test.go | 100 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 100 insertions(+) diff --git a/pkg/operator/sync_test.go b/pkg/operator/sync_test.go index ba8269c5c2..2b44a68b7b 100644 --- a/pkg/operator/sync_test.go +++ b/pkg/operator/sync_test.go @@ -594,3 +594,103 @@ func TestCheckDaemonSetRolloutStatus(t *testing.T) { }) } } + +func TestNewKubeProxyContainer(t *testing.T) { + testCases := []struct { + name string + image string + portName string + upstreamPort string + exposePort int32 + tlsProfile configv1.TLSProfileSpec + expectedCipherSuitesInArgs bool + }{ + { + name: "TLS 1.2 Intermediate profile with cipher suites", + image: "test-image:latest", + portName: "test-mtrc", + upstreamPort: ":8080", + exposePort: 8443, + tlsProfile: configv1.TLSProfileSpec{ + Ciphers: []string{ + "TLS_AES_128_GCM_SHA256", + "TLS_AES_256_GCM_SHA384", + "TLS_CHACHA20_POLY1305_SHA256", + "ECDHE-ECDSA-AES128-GCM-SHA256", + "ECDHE-RSA-AES128-GCM-SHA256", + }, + MinTLSVersion: configv1.VersionTLS12, + }, + expectedCipherSuitesInArgs: true, + }, + { + name: "TLS 1.3 Modern profile without cipher suites", + image: "test-image:latest", + portName: "test-mtrc", + upstreamPort: ":8080", + exposePort: 8443, + tlsProfile: configv1.TLSProfileSpec{ + Ciphers: []string{ + "TLS_AES_128_GCM_SHA256", + "TLS_AES_256_GCM_SHA384", + "TLS_CHACHA20_POLY1305_SHA256", + }, + MinTLSVersion: configv1.VersionTLS13, + }, + expectedCipherSuitesInArgs: false, + }, + { + name: "Empty cipher list", + image: "test-image:latest", + portName: "test-mtrc", + upstreamPort: ":8080", + exposePort: 8443, + tlsProfile: configv1.TLSProfileSpec{ + Ciphers: []string{}, + MinTLSVersion: configv1.VersionTLS13, + }, + expectedCipherSuitesInArgs: false, + }, + } + + for _, tc := range testCases { + t.Run(tc.name, func(t *testing.T) { + g := NewWithT(t) + + container := newKubeProxyContainer(tc.image, tc.portName, tc.upstreamPort, tc.exposePort, tc.tlsProfile) + + // Verify basic container properties + g.Expect(container.Name).To(Equal("kube-rbac-proxy-" + tc.portName)) + g.Expect(container.Image).To(Equal(tc.image)) + + // Verify ports + g.Expect(container.Ports).To(HaveLen(1)) + g.Expect(container.Ports[0].Name).To(Equal(tc.portName)) + g.Expect(container.Ports[0].ContainerPort).To(Equal(tc.exposePort)) + + // Verify resource requests + g.Expect(container.Resources.Requests).To(HaveKey(corev1.ResourceMemory)) + g.Expect(container.Resources.Requests).To(HaveKey(corev1.ResourceCPU)) + + // Verify volume mounts + g.Expect(container.VolumeMounts).To(HaveLen(2)) + + // Verify args + hasCipherSuitesArg := false + hasTLSMinVersionArg := false + for _, arg := range container.Args { + if len(arg) >= len("--tls-cipher-suites=") && arg[:len("--tls-cipher-suites=")] == "--tls-cipher-suites=" { + hasCipherSuitesArg = true + } + if len(arg) >= len("--tls-min-version=") && arg[:len("--tls-min-version=")] == "--tls-min-version=" { + hasTLSMinVersionArg = true + g.Expect(arg).To(ContainSubstring(string(tc.tlsProfile.MinTLSVersion))) + } + } + + g.Expect(hasCipherSuitesArg).To(Equal(tc.expectedCipherSuitesInArgs), + "cipher suites arg presence mismatch") + g.Expect(hasTLSMinVersionArg).To(BeTrue(), "TLS min version arg should be present") + }) + } +} From 1551801492cac43731b66e64121adddd91155677 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Radek=20Ma=C5=88=C3=A1k?= Date: Wed, 18 Feb 2026 15:06:10 +0100 Subject: [PATCH 05/15] Use controller-runtime metrics server auth filter. --- cmd/machine-api-operator/start.go | 77 ++++++++++++++++++++----------- 1 file changed, 50 insertions(+), 27 deletions(-) diff --git a/cmd/machine-api-operator/start.go b/cmd/machine-api-operator/start.go index 9cf06d5eb6..cfcde08f6f 100644 --- a/cmd/machine-api-operator/start.go +++ b/cmd/machine-api-operator/start.go @@ -6,15 +6,12 @@ import ( "errors" "flag" "fmt" - "net/http" "os" "reflect" "strconv" "sync" "sync/atomic" - "github.com/prometheus/client_golang/prometheus" - "github.com/prometheus/client_golang/prometheus/promhttp" "github.com/spf13/cobra" "github.com/spf13/pflag" v1 "k8s.io/api/core/v1" @@ -22,6 +19,7 @@ import ( "k8s.io/apimachinery/pkg/runtime" "k8s.io/client-go/kubernetes" coreclientsetv1 "k8s.io/client-go/kubernetes/typed/core/v1" + "k8s.io/client-go/rest" "k8s.io/client-go/tools/cache" "k8s.io/client-go/tools/leaderelection" "k8s.io/client-go/tools/record" @@ -32,18 +30,22 @@ import ( osclientset "github.com/openshift/client-go/config/clientset/versioned" utiltls "github.com/openshift/controller-runtime-common/pkg/tls" "github.com/openshift/library-go/pkg/operator/events" - "github.com/openshift/machine-api-operator/pkg/metrics" + maometrics "github.com/openshift/machine-api-operator/pkg/metrics" "github.com/openshift/machine-api-operator/pkg/operator" "github.com/openshift/machine-api-operator/pkg/util" "github.com/openshift/machine-api-operator/pkg/version" "sigs.k8s.io/controller-runtime/pkg/client" + ctrlmetrics "sigs.k8s.io/controller-runtime/pkg/metrics" + "sigs.k8s.io/controller-runtime/pkg/metrics/filters" + metricsserver "sigs.k8s.io/controller-runtime/pkg/metrics/server" ) const ( // defaultMetricsPort is the default port to expose metrics. defaultMetricsPort = 8443 - metricsCertFile = "/etc/tls/private/tls.crt" - metricsKeyFile = "/etc/tls/private/tls.key" + metricsCertDir = "/etc/tls/private" + metricsCertFile = "tls.crt" + metricsKeyFile = "tls.key" ) var ( @@ -209,11 +211,11 @@ func startControllersOrDie(ctx *ControllerContext) { func startMetricsCollectionAndServer(ctx *ControllerContext) { machineInformer := ctx.MachineInformerFactory.Machine().V1beta1().Machines() machinesetInformer := ctx.MachineInformerFactory.Machine().V1beta1().MachineSets() - machineMetricsCollector := metrics.NewMachineCollector( + machineMetricsCollector := maometrics.NewMachineCollector( machineInformer, machinesetInformer, componentNamespace) - prometheus.MustRegister(machineMetricsCollector) + ctrlmetrics.Registry.MustRegister(machineMetricsCollector) metricsPort := defaultMetricsPort if port, ok := os.LookupEnv("METRICS_PORT"); ok { v, err := strconv.Atoi(port) @@ -222,15 +224,34 @@ func startMetricsCollectionAndServer(ctx *ControllerContext) { } metricsPort = v } - klog.V(4).Info("Starting server to serve prometheus metrics") - tlsConfig, err := metricsTLSConfig(ctx) + klog.V(4).Info("Starting secure metrics server") + tlsOpts, err := metricsTLSOptions(ctx) if err != nil { klog.Fatalf("Unable to configure metrics TLS: %v", err) } - go startHTTPSMetricServer(fmt.Sprintf(":%d", metricsPort), tlsConfig) + metricsServer, err := newSecureMetricsServer( + ctx, + fmt.Sprintf(":%d", metricsPort), + tlsOpts, + ) + if err != nil { + klog.Fatalf("Unable to initialize secure metrics server: %v", err) + } + + metricsServerCtx, cancel := context.WithCancel(context.Background()) + go func() { + <-ctx.Stop + cancel() + }() + + go func() { + if err := metricsServer.Start(metricsServerCtx); err != nil { + klog.Fatalf("Unable to start secure metrics server: %v", err) + } + }() } -func metricsTLSConfig(ctx *ControllerContext) (*tls.Config, error) { +func metricsTLSOptions(ctx *ControllerContext) ([]func(*tls.Config), error) { scheme := runtime.NewScheme() if err := osconfigv1.Install(scheme); err != nil { return nil, fmt.Errorf("unable to add config.openshift.io scheme: %w", err) @@ -251,10 +272,24 @@ func metricsTLSConfig(ctx *ControllerContext) (*tls.Config, error) { klog.Infof("TLS configuration contains unsupported ciphers that will be ignored: %v", unsupportedCiphers) } - tlsConfig := &tls.Config{} - tlsConfigFn(tlsConfig) + return []func(*tls.Config){tlsConfigFn}, nil +} + +func newSecureMetricsServer(ctx *ControllerContext, metricsAddr string, tlsOpts []func(*tls.Config)) (metricsserver.Server, error) { + httpClient, err := rest.HTTPClientFor(ctx.ClientBuilder.config) + if err != nil { + return nil, fmt.Errorf("unable to create HTTP client for metrics authn/authz: %w", err) + } - return tlsConfig, nil + return metricsserver.NewServer(metricsserver.Options{ + BindAddress: metricsAddr, + SecureServing: true, + FilterProvider: filters.WithAuthenticationAndAuthorization, + CertDir: metricsCertDir, + CertName: metricsCertFile, + KeyName: metricsKeyFile, + TLSOpts: tlsOpts, + }, ctx.ClientBuilder.config, httpClient) } func setupTLSProfileWatcher(ctx *ControllerContext, shutdown func()) error { @@ -322,15 +357,3 @@ func handleTLSProfileEvent(obj interface{}, initialProfile osconfigv1.TLSProfile ) shutdown() } - -func startHTTPSMetricServer(metricsAddr string, tlsConfig *tls.Config) { - mux := http.NewServeMux() - mux.Handle("/metrics", promhttp.Handler()) - - server := &http.Server{ - Addr: metricsAddr, - Handler: mux, - TLSConfig: tlsConfig, - } - klog.Fatal(server.ListenAndServeTLS(metricsCertFile, metricsKeyFile)) -} From 857d5dcd0342a980da4e24c58c83e106aae18679 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Radek=20Ma=C5=88=C3=A1k?= Date: Wed, 18 Feb 2026 15:54:50 +0100 Subject: [PATCH 06/15] Fix lint --- pkg/webhooks/machine_webhook.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pkg/webhooks/machine_webhook.go b/pkg/webhooks/machine_webhook.go index 089311a7be..9dc402f59e 100644 --- a/pkg/webhooks/machine_webhook.go +++ b/pkg/webhooks/machine_webhook.go @@ -13,6 +13,8 @@ import ( "k8s.io/component-base/featuregate" + "slices" + corev1 "k8s.io/api/core/v1" apierrors "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/api/resource" @@ -24,7 +26,6 @@ import ( "k8s.io/apimachinery/pkg/util/sets" "k8s.io/apimachinery/pkg/util/validation/field" "k8s.io/klog/v2" - "k8s.io/utils/strings/slices" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" From f2bfdbb12af069bd045d2e2451119ff8ca03f350 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Radek=20Ma=C5=88=C3=A1k?= Date: Mon, 23 Feb 2026 15:34:49 +0100 Subject: [PATCH 07/15] Persist TLS profile for change detection --- cmd/machine-api-operator/start.go | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/cmd/machine-api-operator/start.go b/cmd/machine-api-operator/start.go index cfcde08f6f..d04397e1b6 100644 --- a/cmd/machine-api-operator/start.go +++ b/cmd/machine-api-operator/start.go @@ -302,10 +302,13 @@ func setupTLSProfileWatcher(ctx *ControllerContext, shutdown func()) error { apiServerInformer := ctx.ConfigInformerFactory.Config().V1().APIServers().Informer() _, err = apiServerInformer.AddEventHandler(cache.ResourceEventHandlerFuncs{ AddFunc: func(obj interface{}) { - handleTLSProfileEvent(obj, initialProfile, shutdown) + handleTLSProfileEvent(obj, &initialProfile, shutdown) }, UpdateFunc: func(_, newObj interface{}) { - handleTLSProfileEvent(newObj, initialProfile, shutdown) + handleTLSProfileEvent(newObj, &initialProfile, shutdown) + }, + DeleteFunc: func(obj interface{}) { + handleTLSProfileEvent(obj, &initialProfile, shutdown) }, }) if err != nil { @@ -329,7 +332,7 @@ func fetchAPIServerTLSProfileSpec(ctx context.Context, configClient osclientset. return profile, nil } -func handleTLSProfileEvent(obj interface{}, initialProfile osconfigv1.TLSProfileSpec, shutdown func()) { +func handleTLSProfileEvent(obj interface{}, initialProfile *osconfigv1.TLSProfileSpec, shutdown func()) { apiServer, ok := obj.(*osconfigv1.APIServer) if !ok { return @@ -344,7 +347,7 @@ func handleTLSProfileEvent(obj interface{}, initialProfile osconfigv1.TLSProfile return } - if reflect.DeepEqual(initialProfile, currentProfile) { + if reflect.DeepEqual(*initialProfile, currentProfile) { klog.V(2).Info("TLS security profile unchanged") return } @@ -355,5 +358,9 @@ func handleTLSProfileEvent(obj interface{}, initialProfile osconfigv1.TLSProfile initialProfile.Ciphers, currentProfile.Ciphers, ) + + // Persist the new profile for future change detection. + *initialProfile = currentProfile + shutdown() } From f71c9cb92c348de0373f3318fbd4cccb60715b2a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Radek=20Ma=C5=88=C3=A1k?= Date: Mon, 23 Feb 2026 15:38:08 +0100 Subject: [PATCH 08/15] Compute TLS arguments once for kube-rbac-proxy containers Move TLS configuration computation from per-container to once per batch in newKubeProxyContainers. This avoids redundant processing when creating multiple kube-rbac-proxy containers with the same TLS profile. --- pkg/operator/sync.go | 37 +++++++------- pkg/operator/sync_test.go | 103 +++++++++++++++++++++----------------- 2 files changed, 77 insertions(+), 63 deletions(-) diff --git a/pkg/operator/sync.go b/pkg/operator/sync.go index 1cc0d9581a..dfedfb35d5 100644 --- a/pkg/operator/sync.go +++ b/pkg/operator/sync.go @@ -23,7 +23,7 @@ import ( configv1 "github.com/openshift/api/config/v1" machinev1beta1 "github.com/openshift/api/machine/v1beta1" - utiltls "github.com/openshift/library-go/pkg/controllerruntime/tls" + utiltls "github.com/openshift/controller-runtime-common/pkg/tls" libgocrypto "github.com/openshift/library-go/pkg/crypto" "github.com/openshift/library-go/pkg/operator/events" "github.com/openshift/library-go/pkg/operator/resource/resourceapply" @@ -876,19 +876,32 @@ func newContainers(config *OperatorConfig, features map[string]bool) []corev1.Co } func newKubeProxyContainers(image string, withMHCProxy bool, tlsProfile configv1.TLSProfileSpec) []corev1.Container { + // Compute TLS arguments once from the profile + tlsConfigFn, _ := utiltls.NewTLSConfigFromProfile(tlsProfile) + tlsConf := &tls.Config{} + tlsConfigFn(tlsConf) + + tlsArgs := []string{} + // Only set CipherSuites if they are specified. + if len(tlsConf.CipherSuites) > 0 { + ianaCiphers := libgocrypto.CipherSuitesToNamesOrDie(tlsConf.CipherSuites) + tlsArgs = append(tlsArgs, fmt.Sprintf("--tls-cipher-suites=%s", strings.Join(ianaCiphers, ","))) + } + tlsArgs = append(tlsArgs, fmt.Sprintf("--tls-min-version=%s", tlsProfile.MinTLSVersion)) + proxyContainers := []corev1.Container{ - newKubeProxyContainer(image, "machineset-mtrc", metrics.DefaultMachineSetMetricsAddress, machineSetExposeMetricsPort, tlsProfile), - newKubeProxyContainer(image, "machine-mtrc", metrics.DefaultMachineMetricsAddress, machineExposeMetricsPort, tlsProfile), + newKubeProxyContainer(image, "machineset-mtrc", metrics.DefaultMachineSetMetricsAddress, machineSetExposeMetricsPort, tlsArgs), + newKubeProxyContainer(image, "machine-mtrc", metrics.DefaultMachineMetricsAddress, machineExposeMetricsPort, tlsArgs), } if withMHCProxy { proxyContainers = append(proxyContainers, - newKubeProxyContainer(image, "mhc-mtrc", metrics.DefaultHealthCheckMetricsAddress, machineHealthCheckExposeMetricsPort, tlsProfile), + newKubeProxyContainer(image, "mhc-mtrc", metrics.DefaultHealthCheckMetricsAddress, machineHealthCheckExposeMetricsPort, tlsArgs), ) } return proxyContainers } -func newKubeProxyContainer(image, portName, upstreamPort string, exposePort int32, tlsProfile configv1.TLSProfileSpec) corev1.Container { +func newKubeProxyContainer(image, portName, upstreamPort string, exposePort int32, tlsArgs []string) corev1.Container { configMountPath := "/etc/kube-rbac-proxy" tlsCertMountPath := "/etc/tls/private" resources := corev1.ResourceRequirements{ @@ -898,12 +911,6 @@ func newKubeProxyContainer(image, portName, upstreamPort string, exposePort int3 }, } - tlsConfigFn, _ := utiltls.NewTLSConfigFromProfile(tlsProfile) - - // Apply the config function to get the validated cipher codes. - tlsConf := &tls.Config{} - tlsConfigFn(tlsConf) - args := []string{ fmt.Sprintf("--secure-listen-address=0.0.0.0:%d", exposePort), fmt.Sprintf("--upstream=http://localhost%s", upstreamPort), @@ -912,14 +919,8 @@ func newKubeProxyContainer(image, portName, upstreamPort string, exposePort int3 fmt.Sprintf("--tls-private-key-file=%s/tls.key", tlsCertMountPath), } - // Ciphers are empty when using TLS 1.3, so we don't need to set them. - if len(tlsConf.CipherSuites) > 0 { - ianaCiphers := libgocrypto.CipherSuitesToNamesOrDie(tlsConf.CipherSuites) - args = append(args, fmt.Sprintf("--tls-cipher-suites=%s", strings.Join(ianaCiphers, ","))) - } - + args = append(args, tlsArgs...) args = append(args, - fmt.Sprintf("--tls-min-version=%s", tlsProfile.MinTLSVersion), "--logtostderr=true", "--v=3", ) diff --git a/pkg/operator/sync_test.go b/pkg/operator/sync_test.go index 2b44a68b7b..94df48c171 100644 --- a/pkg/operator/sync_test.go +++ b/pkg/operator/sync_test.go @@ -3,6 +3,7 @@ package operator import ( "errors" "os" + "strings" "testing" "time" @@ -595,22 +596,19 @@ func TestCheckDaemonSetRolloutStatus(t *testing.T) { } } -func TestNewKubeProxyContainer(t *testing.T) { +func TestNewKubeProxyContainers(t *testing.T) { testCases := []struct { name string image string - portName string - upstreamPort string - exposePort int32 + withMHCProxy bool tlsProfile configv1.TLSProfileSpec expectedCipherSuitesInArgs bool + expectedPorts map[string]int32 }{ { name: "TLS 1.2 Intermediate profile with cipher suites", image: "test-image:latest", - portName: "test-mtrc", - upstreamPort: ":8080", - exposePort: 8443, + withMHCProxy: true, tlsProfile: configv1.TLSProfileSpec{ Ciphers: []string{ "TLS_AES_128_GCM_SHA256", @@ -622,13 +620,16 @@ func TestNewKubeProxyContainer(t *testing.T) { MinTLSVersion: configv1.VersionTLS12, }, expectedCipherSuitesInArgs: true, + expectedPorts: map[string]int32{ + "kube-rbac-proxy-machineset-mtrc": machineSetExposeMetricsPort, + "kube-rbac-proxy-machine-mtrc": machineExposeMetricsPort, + "kube-rbac-proxy-mhc-mtrc": machineHealthCheckExposeMetricsPort, + }, }, { name: "TLS 1.3 Modern profile without cipher suites", image: "test-image:latest", - portName: "test-mtrc", - upstreamPort: ":8080", - exposePort: 8443, + withMHCProxy: false, tlsProfile: configv1.TLSProfileSpec{ Ciphers: []string{ "TLS_AES_128_GCM_SHA256", @@ -638,18 +639,24 @@ func TestNewKubeProxyContainer(t *testing.T) { MinTLSVersion: configv1.VersionTLS13, }, expectedCipherSuitesInArgs: false, + expectedPorts: map[string]int32{ + "kube-rbac-proxy-machineset-mtrc": machineSetExposeMetricsPort, + "kube-rbac-proxy-machine-mtrc": machineExposeMetricsPort, + }, }, { name: "Empty cipher list", image: "test-image:latest", - portName: "test-mtrc", - upstreamPort: ":8080", - exposePort: 8443, + withMHCProxy: false, tlsProfile: configv1.TLSProfileSpec{ Ciphers: []string{}, MinTLSVersion: configv1.VersionTLS13, }, expectedCipherSuitesInArgs: false, + expectedPorts: map[string]int32{ + "kube-rbac-proxy-machineset-mtrc": machineSetExposeMetricsPort, + "kube-rbac-proxy-machine-mtrc": machineExposeMetricsPort, + }, }, } @@ -657,40 +664,46 @@ func TestNewKubeProxyContainer(t *testing.T) { t.Run(tc.name, func(t *testing.T) { g := NewWithT(t) - container := newKubeProxyContainer(tc.image, tc.portName, tc.upstreamPort, tc.exposePort, tc.tlsProfile) - - // Verify basic container properties - g.Expect(container.Name).To(Equal("kube-rbac-proxy-" + tc.portName)) - g.Expect(container.Image).To(Equal(tc.image)) - - // Verify ports - g.Expect(container.Ports).To(HaveLen(1)) - g.Expect(container.Ports[0].Name).To(Equal(tc.portName)) - g.Expect(container.Ports[0].ContainerPort).To(Equal(tc.exposePort)) - - // Verify resource requests - g.Expect(container.Resources.Requests).To(HaveKey(corev1.ResourceMemory)) - g.Expect(container.Resources.Requests).To(HaveKey(corev1.ResourceCPU)) - - // Verify volume mounts - g.Expect(container.VolumeMounts).To(HaveLen(2)) - - // Verify args - hasCipherSuitesArg := false - hasTLSMinVersionArg := false - for _, arg := range container.Args { - if len(arg) >= len("--tls-cipher-suites=") && arg[:len("--tls-cipher-suites=")] == "--tls-cipher-suites=" { - hasCipherSuitesArg = true - } - if len(arg) >= len("--tls-min-version=") && arg[:len("--tls-min-version=")] == "--tls-min-version=" { - hasTLSMinVersionArg = true - g.Expect(arg).To(ContainSubstring(string(tc.tlsProfile.MinTLSVersion))) + containers := newKubeProxyContainers(tc.image, tc.withMHCProxy, tc.tlsProfile) + + // Verify we get the expected number of containers + g.Expect(containers).To(HaveLen(len(tc.expectedPorts))) + + // Verify each container has the correct TLS args and specific ports + for _, container := range containers { + // Verify basic container properties + g.Expect(container.Image).To(Equal(tc.image)) + + // Verify ports + g.Expect(container.Ports).To(HaveLen(1)) + expectedPort, ok := tc.expectedPorts[container.Name] + g.Expect(ok).To(BeTrue(), "Unexpected container name: %s", container.Name) + g.Expect(container.Ports[0].ContainerPort).To(Equal(expectedPort)) + + // Verify resource requests + g.Expect(container.Resources.Requests).To(HaveKey(corev1.ResourceMemory)) + g.Expect(container.Resources.Requests).To(HaveKey(corev1.ResourceCPU)) + + // Verify volume mounts + g.Expect(container.VolumeMounts).To(HaveLen(2)) + + // Verify TLS args + hasCipherSuitesArg := false + hasTLSMinVersionArg := false + for _, arg := range container.Args { + if strings.HasPrefix(arg, "--tls-cipher-suites=") { + hasCipherSuitesArg = true + } + if strings.HasPrefix(arg, "--tls-min-version=") { + hasTLSMinVersionArg = true + g.Expect(arg).To(HavePrefix("--tls-min-version=" + string(tc.tlsProfile.MinTLSVersion))) + } } - } - g.Expect(hasCipherSuitesArg).To(Equal(tc.expectedCipherSuitesInArgs), - "cipher suites arg presence mismatch") - g.Expect(hasTLSMinVersionArg).To(BeTrue(), "TLS min version arg should be present") + g.Expect(hasCipherSuitesArg).To(Equal(tc.expectedCipherSuitesInArgs), + "cipher suites arg presence mismatch for container %s", container.Name) + g.Expect(hasTLSMinVersionArg).To(BeTrue(), "TLS min version arg should be present for container %s", container.Name) + } }) } } From f87c33ef102f63c3e321f5cca498dee7d2762120 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Radek=20Ma=C5=88=C3=A1k?= Date: Wed, 25 Feb 2026 11:30:54 +0100 Subject: [PATCH 09/15] Add TLS configuration support for machineset controller webhooks Introduce command-line flags for TLS cipher suites and minimum version in the machineset controller. Update the container creation logic to utilize these TLS settings --- cmd/machineset/main.go | 20 ++++++++- pkg/operator/sync.go | 18 +++++--- pkg/operator/sync_test.go | 90 ++++++++++++++++++++++++++++++++++++++- 3 files changed, 121 insertions(+), 7 deletions(-) diff --git a/cmd/machineset/main.go b/cmd/machineset/main.go index 0eac8e9b6d..5d13f4aa1b 100644 --- a/cmd/machineset/main.go +++ b/cmd/machineset/main.go @@ -17,6 +17,7 @@ limitations under the License. package main import ( + "crypto/tls" "flag" "fmt" "log" @@ -29,8 +30,9 @@ import ( osconfigv1 "github.com/openshift/api/config/v1" apifeatures "github.com/openshift/api/features" machinev1 "github.com/openshift/api/machine/v1beta1" - "github.com/openshift/machine-api-operator/pkg/version" + utiltls "github.com/openshift/controller-runtime-common/pkg/tls" mapiwebhooks "github.com/openshift/machine-api-operator/pkg/webhooks" + "github.com/openshift/machine-api-operator/pkg/version" "k8s.io/apiserver/pkg/util/feature" _ "k8s.io/client-go/plugin/pkg/client/auth/gcp" @@ -86,6 +88,12 @@ func main() { webhookCertdir := flag.String("webhook-cert-dir", defaultWebhookCertdir, "Webhook cert dir, only used when webhook-enabled is true.") + tlsCipherSuites := flag.String("tls-cipher-suites", "", + "Comma-separated list of TLS cipher suites.") + + tlsMinVersion := flag.String("tls-min-version", "", + "Minimum TLS version supported.") + healthAddr := flag.String( "health-addr", ":9441", @@ -166,9 +174,19 @@ func main() { } if *webhookEnabled { + tlsProfile := osconfigv1.TLSProfileSpec{ + MinTLSVersion: osconfigv1.TLSProtocolVersion(*tlsMinVersion), + } + if *tlsCipherSuites != "" { + tlsProfile.Ciphers = strings.Split(*tlsCipherSuites, ",") + } + + tlsOpts, _ := utiltls.NewTLSConfigFromProfile(tlsProfile) + opts.WebhookServer = webhook.NewServer(webhook.Options{ Port: *webhookPort, CertDir: *webhookCertdir, + TLSOpts: []func(*tls.Config){tlsOpts}, }) } diff --git a/pkg/operator/sync.go b/pkg/operator/sync.go index dfedfb35d5..df1340afbf 100644 --- a/pkg/operator/sync.go +++ b/pkg/operator/sync.go @@ -530,9 +530,10 @@ func newRBACConfigVolumes() []corev1.Volume { } func newPodTemplateSpec(config *OperatorConfig, features map[string]bool) *corev1.PodTemplateSpec { - containers := newContainers(config, features) + tlsArgs := getTLSArgs(config.TLSProfile) + containers := newContainers(config, features, tlsArgs) withMHCProxy := config.Controllers.MachineHealthCheck != "" - proxyContainers := newKubeProxyContainers(config.Controllers.KubeRBACProxy, withMHCProxy, config.TLSProfile) + proxyContainers := newKubeProxyContainers(config.Controllers.KubeRBACProxy, withMHCProxy, tlsArgs) tolerations := []corev1.Toleration{ { Key: "node-role.kubernetes.io/master", @@ -674,7 +675,7 @@ func buildFeatureGatesString(featureGates map[string]bool) string { return "--feature-gates=" + strings.Join(parts, ",") } -func newContainers(config *OperatorConfig, features map[string]bool) []corev1.Container { +func newContainers(config *OperatorConfig, features map[string]bool, tlsArgs []string) []corev1.Container { resources := corev1.ResourceRequirements{ Requests: map[corev1.ResourceName]resource.Quantity{ corev1.ResourceMemory: resource.MustParse("20Mi"), @@ -699,6 +700,9 @@ func newContainers(config *OperatorConfig, features map[string]bool) []corev1.Co machineControllerArgs = append(machineControllerArgs, "--max-concurrent-reconciles=10") } + machineSetControllerArgs := append([]string{}, featureGateArgs...) + machineSetControllerArgs = append(machineSetControllerArgs, tlsArgs...) + proxyEnvArgs := getProxyArgs(config) containers := []corev1.Container{ @@ -706,7 +710,7 @@ func newContainers(config *OperatorConfig, features map[string]bool) []corev1.Co Name: "machineset-controller", Image: config.Controllers.MachineSet, Command: []string{"/machineset-controller"}, - Args: featureGateArgs, + Args: machineSetControllerArgs, Resources: resources, Env: proxyEnvArgs, Ports: []corev1.ContainerPort{ @@ -875,7 +879,7 @@ func newContainers(config *OperatorConfig, features map[string]bool) []corev1.Co return containers } -func newKubeProxyContainers(image string, withMHCProxy bool, tlsProfile configv1.TLSProfileSpec) []corev1.Container { +func getTLSArgs(tlsProfile configv1.TLSProfileSpec) []string { // Compute TLS arguments once from the profile tlsConfigFn, _ := utiltls.NewTLSConfigFromProfile(tlsProfile) tlsConf := &tls.Config{} @@ -889,6 +893,10 @@ func newKubeProxyContainers(image string, withMHCProxy bool, tlsProfile configv1 } tlsArgs = append(tlsArgs, fmt.Sprintf("--tls-min-version=%s", tlsProfile.MinTLSVersion)) + return tlsArgs +} + +func newKubeProxyContainers(image string, withMHCProxy bool, tlsArgs []string) []corev1.Container { proxyContainers := []corev1.Container{ newKubeProxyContainer(image, "machineset-mtrc", metrics.DefaultMachineSetMetricsAddress, machineSetExposeMetricsPort, tlsArgs), newKubeProxyContainer(image, "machine-mtrc", metrics.DefaultMachineMetricsAddress, machineExposeMetricsPort, tlsArgs), diff --git a/pkg/operator/sync_test.go b/pkg/operator/sync_test.go index 94df48c171..26885930f5 100644 --- a/pkg/operator/sync_test.go +++ b/pkg/operator/sync_test.go @@ -664,7 +664,7 @@ func TestNewKubeProxyContainers(t *testing.T) { t.Run(tc.name, func(t *testing.T) { g := NewWithT(t) - containers := newKubeProxyContainers(tc.image, tc.withMHCProxy, tc.tlsProfile) + containers := newKubeProxyContainers(tc.image, tc.withMHCProxy, getTLSArgs(tc.tlsProfile)) // Verify we get the expected number of containers g.Expect(containers).To(HaveLen(len(tc.expectedPorts))) @@ -707,3 +707,91 @@ func TestNewKubeProxyContainers(t *testing.T) { }) } } + +func TestNewContainersTLSArgs(t *testing.T) { + testCases := []struct { + name string + config *OperatorConfig + tlsProfile configv1.TLSProfileSpec + }{ + { + name: "TLS 1.2 with cipher suites", + config: &OperatorConfig{ + TargetNamespace: targetNamespace, + PlatformType: configv1.AWSPlatformType, + Controllers: Controllers{ + Provider: "provider-image:latest", + MachineSet: "machineset-image:latest", + NodeLink: "nodelink-image:latest", + MachineHealthCheck: "mhc-image:latest", + }, + }, + tlsProfile: configv1.TLSProfileSpec{ + Ciphers: []string{ + "ECDHE-ECDSA-AES128-GCM-SHA256", + "ECDHE-RSA-AES128-GCM-SHA256", + }, + MinTLSVersion: configv1.VersionTLS12, + }, + }, + { + name: "TLS 1.3 without cipher suites", + config: &OperatorConfig{ + TargetNamespace: targetNamespace, + PlatformType: configv1.GCPPlatformType, + Controllers: Controllers{ + Provider: "provider-image:latest", + MachineSet: "machineset-image:latest", + NodeLink: "nodelink-image:latest", + MachineHealthCheck: "", + }, + }, + tlsProfile: configv1.TLSProfileSpec{ + Ciphers: []string{}, + MinTLSVersion: configv1.VersionTLS13, + }, + }, + } + + for _, tc := range testCases { + t.Run(tc.name, func(t *testing.T) { + g := NewWithT(t) + + tlsArgs := getTLSArgs(tc.tlsProfile) + containers := newContainers(tc.config, map[string]bool{}, tlsArgs) + + containerArgs := map[string][]string{} + for _, c := range containers { + containerArgs[c.Name] = c.Args + } + + g.Expect(containerArgs).To(HaveKey("machineset-controller")) + g.Expect(containerArgs).To(HaveKey("machine-controller")) + g.Expect(containerArgs).To(HaveKey("nodelink-controller")) + + // Only machineset-controller should receive TLS args. + machineSetJoined := strings.Join(containerArgs["machineset-controller"], " ") + g.Expect(machineSetJoined).To(ContainSubstring("--tls-min-version="+string(tc.tlsProfile.MinTLSVersion)), + "machineset-controller should have --tls-min-version") + if len(tc.tlsProfile.Ciphers) > 0 { + g.Expect(machineSetJoined).To(ContainSubstring("--tls-cipher-suites="), + "machineset-controller should have --tls-cipher-suites when ciphers are specified") + } + + for _, name := range []string{"machine-controller", "nodelink-controller"} { + joined := strings.Join(containerArgs[name], " ") + g.Expect(joined).ToNot(ContainSubstring("--tls-min-version="), + "%s should not have TLS args", name) + g.Expect(joined).ToNot(ContainSubstring("--tls-cipher-suites="), + "%s should not have TLS args", name) + } + + if tc.config.Controllers.MachineHealthCheck != "" { + g.Expect(containerArgs).To(HaveKey("machine-healthcheck-controller")) + mhcJoined := strings.Join(containerArgs["machine-healthcheck-controller"], " ") + g.Expect(mhcJoined).ToNot(ContainSubstring("--tls-min-version="), + "machine-healthcheck-controller should not have TLS args") + } + }) + } +} From 384b2f0e203c42f9fbf537b1d4d73abdc67bc4c5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Radek=20Ma=C5=88=C3=A1k?= Date: Fri, 27 Feb 2026 11:15:57 +0100 Subject: [PATCH 10/15] Pass TLS settings to baremetal machine-controller webhooks. This ensures Metal3 remediation webhooks use the configured TLS profile while keeping other controllers unchanged. --- pkg/operator/sync.go | 2 ++ pkg/operator/sync_test.go | 68 ++++++++++++++++++++++++++++++++------- 2 files changed, 58 insertions(+), 12 deletions(-) diff --git a/pkg/operator/sync.go b/pkg/operator/sync.go index df1340afbf..bb0cd8dcd0 100644 --- a/pkg/operator/sync.go +++ b/pkg/operator/sync.go @@ -698,6 +698,8 @@ func newContainers(config *OperatorConfig, features map[string]bool, tlsArgs []s switch config.PlatformType { case configv1.AzurePlatformType, configv1.GCPPlatformType: machineControllerArgs = append(machineControllerArgs, "--max-concurrent-reconciles=10") + case configv1.BareMetalPlatformType: + machineControllerArgs = append(machineControllerArgs, tlsArgs...) } machineSetControllerArgs := append([]string{}, featureGateArgs...) diff --git a/pkg/operator/sync_test.go b/pkg/operator/sync_test.go index 26885930f5..5f37c28cb5 100644 --- a/pkg/operator/sync_test.go +++ b/pkg/operator/sync_test.go @@ -710,12 +710,13 @@ func TestNewKubeProxyContainers(t *testing.T) { func TestNewContainersTLSArgs(t *testing.T) { testCases := []struct { - name string - config *OperatorConfig - tlsProfile configv1.TLSProfileSpec + name string + config *OperatorConfig + tlsProfile configv1.TLSProfileSpec + expectMachineControllerTLSArgs bool }{ { - name: "TLS 1.2 with cipher suites", + name: "AWS: TLS 1.2 with cipher suites", config: &OperatorConfig{ TargetNamespace: targetNamespace, PlatformType: configv1.AWSPlatformType, @@ -733,9 +734,10 @@ func TestNewContainersTLSArgs(t *testing.T) { }, MinTLSVersion: configv1.VersionTLS12, }, + expectMachineControllerTLSArgs: false, }, { - name: "TLS 1.3 without cipher suites", + name: "GCP: TLS 1.3 without cipher suites", config: &OperatorConfig{ TargetNamespace: targetNamespace, PlatformType: configv1.GCPPlatformType, @@ -750,6 +752,28 @@ func TestNewContainersTLSArgs(t *testing.T) { Ciphers: []string{}, MinTLSVersion: configv1.VersionTLS13, }, + expectMachineControllerTLSArgs: false, + }, + { + name: "BareMetal: TLS args passed to machine-controller for Metal3Remediation webhooks", + config: &OperatorConfig{ + TargetNamespace: targetNamespace, + PlatformType: configv1.BareMetalPlatformType, + Controllers: Controllers{ + Provider: "provider-image:latest", + MachineSet: "machineset-image:latest", + NodeLink: "nodelink-image:latest", + MachineHealthCheck: "mhc-image:latest", + }, + }, + tlsProfile: configv1.TLSProfileSpec{ + Ciphers: []string{ + "ECDHE-ECDSA-AES128-GCM-SHA256", + "ECDHE-RSA-AES128-GCM-SHA256", + }, + MinTLSVersion: configv1.VersionTLS12, + }, + expectMachineControllerTLSArgs: true, }, } @@ -769,28 +793,48 @@ func TestNewContainersTLSArgs(t *testing.T) { g.Expect(containerArgs).To(HaveKey("machine-controller")) g.Expect(containerArgs).To(HaveKey("nodelink-controller")) - // Only machineset-controller should receive TLS args. + // machineset-controller always receives TLS args. machineSetJoined := strings.Join(containerArgs["machineset-controller"], " ") g.Expect(machineSetJoined).To(ContainSubstring("--tls-min-version="+string(tc.tlsProfile.MinTLSVersion)), "machineset-controller should have --tls-min-version") if len(tc.tlsProfile.Ciphers) > 0 { g.Expect(machineSetJoined).To(ContainSubstring("--tls-cipher-suites="), "machineset-controller should have --tls-cipher-suites when ciphers are specified") + } else { + g.Expect(machineSetJoined).ToNot(ContainSubstring("--tls-cipher-suites="), + "machineset-controller should not have --tls-cipher-suites when ciphers are not specified") } - for _, name := range []string{"machine-controller", "nodelink-controller"} { - joined := strings.Join(containerArgs[name], " ") - g.Expect(joined).ToNot(ContainSubstring("--tls-min-version="), - "%s should not have TLS args", name) - g.Expect(joined).ToNot(ContainSubstring("--tls-cipher-suites="), - "%s should not have TLS args", name) + // machine-controller receives TLS args only on BareMetal as it's the only platform that serves webhooks. + machineControllerJoined := strings.Join(containerArgs["machine-controller"], " ") + if tc.expectMachineControllerTLSArgs { + g.Expect(machineControllerJoined).To(ContainSubstring("--tls-min-version="+string(tc.tlsProfile.MinTLSVersion)), + "machine-controller should have --tls-min-version on BareMetal") + if len(tc.tlsProfile.Ciphers) > 0 { + g.Expect(machineControllerJoined).To(ContainSubstring("--tls-cipher-suites="), + "machine-controller should have --tls-cipher-suites on BareMetal") + } + } else { + g.Expect(machineControllerJoined).ToNot(ContainSubstring("--tls-min-version="), + "machine-controller should not have TLS args on %s", tc.config.PlatformType) + g.Expect(machineControllerJoined).ToNot(ContainSubstring("--tls-cipher-suites="), + "machine-controller should not have TLS args on %s", tc.config.PlatformType) } + // nodelink-controller never receives TLS args. + nodelinkJoined := strings.Join(containerArgs["nodelink-controller"], " ") + g.Expect(nodelinkJoined).ToNot(ContainSubstring("--tls-min-version="), + "nodelink-controller should not have TLS args") + g.Expect(nodelinkJoined).ToNot(ContainSubstring("--tls-cipher-suites="), + "nodelink-controller should not have TLS args") + if tc.config.Controllers.MachineHealthCheck != "" { g.Expect(containerArgs).To(HaveKey("machine-healthcheck-controller")) mhcJoined := strings.Join(containerArgs["machine-healthcheck-controller"], " ") g.Expect(mhcJoined).ToNot(ContainSubstring("--tls-min-version="), "machine-healthcheck-controller should not have TLS args") + g.Expect(mhcJoined).ToNot(ContainSubstring("--tls-cipher-suites="), + "machine-healthcheck-controller should not have TLS args") } }) } From 6781d5cf3c0933dde68bcbd1cda1c1e543382b3a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Radek=20Ma=C5=88=C3=A1k?= Date: Fri, 27 Feb 2026 11:40:16 +0100 Subject: [PATCH 11/15] Log unsupported TLS ciphers for machineset webhooks. Mirror machine-api-operator logging so ignored ciphers are visible during startup. --- cmd/machineset/main.go | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/cmd/machineset/main.go b/cmd/machineset/main.go index 5d13f4aa1b..e1d7c90db9 100644 --- a/cmd/machineset/main.go +++ b/cmd/machineset/main.go @@ -181,7 +181,10 @@ func main() { tlsProfile.Ciphers = strings.Split(*tlsCipherSuites, ",") } - tlsOpts, _ := utiltls.NewTLSConfigFromProfile(tlsProfile) + tlsOpts, unsupportedCiphers := utiltls.NewTLSConfigFromProfile(tlsProfile) + if len(unsupportedCiphers) > 0 { + klog.Infof("TLS configuration contains unsupported ciphers that will be ignored: %v", unsupportedCiphers) + } opts.WebhookServer = webhook.NewServer(webhook.Options{ Port: *webhookPort, From 7474d376702d13a64ce0e5db3f51425b29754384 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Radek=20Ma=C5=88=C3=A1k?= Date: Fri, 27 Feb 2026 11:43:32 +0100 Subject: [PATCH 12/15] Handle metrics server context cancellation as graceful shutdown. --- cmd/machine-api-operator/start.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/cmd/machine-api-operator/start.go b/cmd/machine-api-operator/start.go index d04397e1b6..b034fab511 100644 --- a/cmd/machine-api-operator/start.go +++ b/cmd/machine-api-operator/start.go @@ -246,6 +246,10 @@ func startMetricsCollectionAndServer(ctx *ControllerContext) { go func() { if err := metricsServer.Start(metricsServerCtx); err != nil { + if errors.Is(err, context.Canceled) { + klog.V(2).Info("Secure metrics server shutdown complete") + return + } klog.Fatalf("Unable to start secure metrics server: %v", err) } }() From 2b4a13a7acbbb7b9b397011e967b1adddb16d31e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Radek=20Ma=C5=88=C3=A1k?= Date: Thu, 19 Mar 2026 12:40:54 +0100 Subject: [PATCH 13/15] Vendor --- go.mod | 37 +- go.sum | 66 +- .../github.com/google/pprof/profile/merge.go | 11 +- .../google/pprof/profile/profile.go | 22 +- .../github.com/google/pprof/profile/proto.go | 19 +- .../github.com/google/pprof/profile/prune.go | 9 +- vendor/github.com/onsi/gomega/CHANGELOG.md | 15 + .../github.com/onsi/gomega/format/format.go | 26 +- .../onsi/gomega/gmeasure/experiment.go | 5 +- vendor/github.com/onsi/gomega/gomega_dsl.go | 2 +- vendor/github.com/onsi/gomega/matchers.go | 22 +- .../onsi/gomega/matchers/have_key_matcher.go | 2 +- .../matchers/have_key_with_value_matcher.go | 2 +- .../matchers/match_error_strictly_matcher.go | 39 + .../matchers/support/goraph/edge/edge.go | 13 +- .../github.com/openshift/api/.coderabbit.yaml | 1 + vendor/github.com/openshift/api/Makefile | 2 +- .../api/config/v1/types_apiserver.go | 63 + .../api/config/v1/types_cluster_version.go | 26 + ...1_clusterversions-CustomNoUpgrade.crd.yaml | 17 + ...usterversions-DevPreviewNoUpgrade.crd.yaml | 17 + ...tor_01_apiservers-CustomNoUpgrade.crd.yaml | 39 + ...01_apiservers-DevPreviewNoUpgrade.crd.yaml | 39 + ...1_apiservers-TechPreviewNoUpgrade.crd.yaml | 39 + ..._generated.featuregated-crd-manifests.yaml | 2 + .../v1/zz_generated.swagger_doc_generated.go | 2 + .../openshift/api/config/v1alpha1/register.go | 4 - .../v1alpha1/types_cluster_image_policy.go | 80 - .../v1alpha1/types_cluster_monitoring.go | 1213 ++- .../api/config/v1alpha1/types_image_policy.go | 289 - .../config/v1alpha1/zz_generated.deepcopy.go | 891 ++- ..._generated.featuregated-crd-manifests.yaml | 48 - .../zz_generated.swagger_doc_generated.go | 451 +- .../openshift/api/envtest-releases.yaml | 13 + vendor/github.com/openshift/api/features.md | 18 +- .../openshift/api/features/features.go | 122 +- .../api/features/legacyfeaturegates.go | 2 - .../operator/v1/types_machineconfiguration.go | 8 +- ..._generated.featuregated-crd-manifests.yaml | 3 +- .../config/v1/apiserverspec.go | 43 + .../config/v1/prefixedclaimmapping.go | 8 + .../config/v1/tokenclaimmapping.go | 23 +- .../applyconfigurations/config/v1/update.go | 21 + .../config/v1/usernameclaimmapping.go | 21 +- .../v1alpha1/additionalalertmanagerconfig.go | 119 + .../v1alpha1/alertmanagercustomconfig.go | 6 +- .../config/v1alpha1/authorizationconfig.go | 44 + .../config/v1alpha1/basicauth.go | 38 + .../config/v1alpha1/certificateconfig.go | 29 + .../config/v1alpha1/clusterimagepolicy.go | 277 - .../config/v1alpha1/clusterimagepolicyspec.go | 53 - .../v1alpha1/clusterimagepolicystatus.go | 33 - .../config/v1alpha1/clustermonitoringspec.go | 33 + .../config/v1alpha1/custompkipolicy.go | 51 + .../v1alpha1/defaultcertificateconfig.go | 30 + .../config/v1alpha1/dropequalactionconfig.go | 29 + .../config/v1alpha1/ecdsakeyconfig.go | 40 + .../config/v1alpha1/hashmodactionconfig.go | 40 + ...imagepolicyfulciocawithrekorrootoftrust.go | 52 - .../v1alpha1/imagepolicypkirootoftrust.go | 51 - .../imagepolicypublickeyrootoftrust.go | 42 - .../config/v1alpha1/imagepolicyspec.go | 53 - .../config/v1alpha1/imagepolicystatus.go | 33 - .../imagesigstoreverificationpolicy.go | 36 - .../config/v1alpha1/keepequalactionconfig.go | 29 + .../config/v1alpha1/keyconfig.go | 59 + .../config/v1alpha1/label.go | 39 + .../config/v1alpha1/labelmapactionconfig.go | 30 + .../config/v1alpha1/lowercaseactionconfig.go | 29 + .../config/v1alpha1/metadataconfig.go | 42 + .../config/v1alpha1/metadataconfigcustom.go | 29 + .../config/v1alpha1/oauth2.go | 82 + .../config/v1alpha1/oauth2endpointparam.go | 39 + .../v1alpha1/openshiftstatemetricsconfig.go | 117 + .../v1alpha1/{imagepolicy.go => pki.go} | 111 +- .../v1alpha1/pkicertificatemanagement.go | 65 + .../config/v1alpha1/pkicertificatesubject.go | 39 - .../config/v1alpha1/pkiprofile.go | 68 + .../config/v1alpha1/pkispec.go | 28 + .../config/v1alpha1/policyfulciosubject.go | 38 - .../config/v1alpha1/policyidentity.go | 57 - .../v1alpha1/policymatchexactrepository.go | 29 - .../v1alpha1/policymatchremapidentity.go | 45 - .../config/v1alpha1/policyrootoftrust.go | 65 - .../config/v1alpha1/prometheusconfig.go | 276 + .../v1alpha1/prometheusremotewriteheader.go | 40 + .../config/v1alpha1/queueconfig.go | 129 + .../config/v1alpha1/relabelactionconfig.go | 135 + .../config/v1alpha1/relabelconfig.go | 89 + .../v1alpha1/remotewriteauthorization.go | 100 + .../config/v1alpha1/remotewritespec.go | 175 + .../config/v1alpha1/replaceactionconfig.go | 41 + .../config/v1alpha1/retention.go | 46 + .../config/v1alpha1/rsakeyconfig.go | 27 + .../config/v1alpha1/secretkeyselector.go | 40 + .../config/v1alpha1/sigv4.go | 78 + .../config/v1alpha1/tlsconfig.go | 81 + .../config/v1alpha1/uppercaseactionconfig.go | 29 + .../applyconfigurations/internal/internal.go | 6751 +++++++++-------- .../config/applyconfigurations/utils.go | 106 +- .../config/v1alpha1/clusterimagepolicy.go | 58 - .../typed/config/v1alpha1/config_client.go | 15 +- .../v1alpha1/fake/fake_clusterimagepolicy.go | 37 - .../v1alpha1/fake/fake_config_client.go | 12 +- .../config/v1alpha1/fake/fake_imagepolicy.go | 37 - .../typed/config/v1alpha1/fake/fake_pki.go | 33 + .../config/v1alpha1/generated_expansion.go | 6 +- .../typed/config/v1alpha1/imagepolicy.go | 58 - .../versioned/typed/config/v1alpha1/pki.go | 54 + .../config/v1alpha1/clusterimagepolicy.go | 85 - .../config/v1alpha1/interface.go | 21 +- .../v1alpha1/{imagepolicy.go => pki.go} | 43 +- .../informers/externalversions/generic.go | 6 +- .../config/v1alpha1/clusterimagepolicy.go | 32 - .../config/v1alpha1/expansion_generated.go | 16 +- .../listers/config/v1alpha1/imagepolicy.go | 54 - .../config/listers/config/v1alpha1/pki.go | 32 + .../applyconfigurations/internal/internal.go | 548 +- .../applyconfigurations/internal/internal.go | 5384 ++++++------- .../controller-runtime-common/LICENSE | 201 + .../pkg/tls/controller.go | 161 + .../controller-runtime-common/pkg/tls/tls.go | 168 + .../library-go/pkg/crypto/tls_adherence.go | 23 + .../pkg/operator/v1helpers/helpers.go | 11 + vendor/golang.org/x/mod/modfile/print.go | 2 +- vendor/golang.org/x/mod/modfile/read.go | 4 +- vendor/golang.org/x/mod/modfile/rule.go | 8 +- vendor/golang.org/x/mod/module/module.go | 6 +- vendor/golang.org/x/mod/semver/semver.go | 4 +- vendor/golang.org/x/net/http2/transport.go | 160 +- .../net/http2/writesched_priority_rfc9218.go | 15 + vendor/golang.org/x/net/trace/events.go | 2 +- vendor/golang.org/x/net/websocket/hybi.go | 1 + vendor/golang.org/x/sync/errgroup/errgroup.go | 4 +- vendor/golang.org/x/sys/cpu/cpu.go | 3 - vendor/golang.org/x/sys/cpu/cpu_arm64.go | 20 +- vendor/golang.org/x/sys/cpu/cpu_arm64.s | 7 - vendor/golang.org/x/sys/cpu/cpu_gc_arm64.go | 1 - .../golang.org/x/sys/cpu/cpu_gccgo_arm64.go | 1 - .../golang.org/x/sys/cpu/cpu_netbsd_arm64.go | 2 +- .../golang.org/x/sys/cpu/cpu_openbsd_arm64.go | 2 +- vendor/golang.org/x/sys/cpu/cpu_x86.go | 174 +- vendor/golang.org/x/sys/unix/mkerrors.sh | 3 +- vendor/golang.org/x/sys/unix/zerrors_linux.go | 2 + .../x/sys/unix/zerrors_linux_386.go | 2 + .../x/sys/unix/zerrors_linux_amd64.go | 2 + .../x/sys/unix/zerrors_linux_arm.go | 2 + .../x/sys/unix/zerrors_linux_arm64.go | 2 + .../x/sys/unix/zerrors_linux_loong64.go | 2 + .../x/sys/unix/zerrors_linux_mips.go | 2 + .../x/sys/unix/zerrors_linux_mips64.go | 2 + .../x/sys/unix/zerrors_linux_mips64le.go | 2 + .../x/sys/unix/zerrors_linux_mipsle.go | 2 + .../x/sys/unix/zerrors_linux_ppc.go | 2 + .../x/sys/unix/zerrors_linux_ppc64.go | 2 + .../x/sys/unix/zerrors_linux_ppc64le.go | 2 + .../x/sys/unix/zerrors_linux_riscv64.go | 2 + .../x/sys/unix/zerrors_linux_s390x.go | 2 + .../x/sys/unix/zerrors_linux_sparc64.go | 2 + .../x/sys/unix/ztypes_netbsd_arm.go | 2 +- vendor/golang.org/x/term/terminal.go | 28 +- .../x/text/encoding/japanese/eucjp.go | 6 +- .../x/text/encoding/japanese/iso2022jp.go | 6 +- .../x/text/encoding/japanese/shiftjis.go | 6 +- .../x/text/encoding/korean/euckr.go | 6 +- .../x/text/encoding/simplifiedchinese/gbk.go | 20 +- .../encoding/simplifiedchinese/hzgb2312.go | 6 +- .../text/encoding/traditionalchinese/big5.go | 6 +- .../x/text/encoding/unicode/unicode.go | 6 +- .../x/tools/go/analysis/diagnostic.go | 5 +- .../go/analysis/passes/appends/appends.go | 4 +- .../go/analysis/passes/asmdecl/asmdecl.go | 8 +- .../tools/go/analysis/passes/assign/assign.go | 35 +- .../tools/go/analysis/passes/atomic/atomic.go | 4 +- .../x/tools/go/analysis/passes/bools/bools.go | 4 +- .../go/analysis/passes/buildssa/buildssa.go | 68 +- .../go/analysis/passes/buildtag/buildtag.go | 59 +- .../go/analysis/passes/cgocall/cgocall.go | 4 +- .../go/analysis/passes/copylock/copylock.go | 4 +- .../go/analysis/passes/ctrlflow/ctrlflow.go | 125 +- .../passes/deepequalerrors/deepequalerrors.go | 4 +- .../tools/go/analysis/passes/defers/defers.go | 4 +- .../go/analysis/passes/directive/directive.go | 4 +- .../go/analysis/passes/errorsas/errorsas.go | 2 +- .../passes/fieldalignment/fieldalignment.go | 6 + .../passes/framepointer/framepointer.go | 6 +- .../passes/ifaceassert/ifaceassert.go | 4 +- .../go/analysis/passes/inspect/inspect.go | 2 +- .../passes/internal/analysisutil/util.go | 99 - .../passes/loopclosure/loopclosure.go | 43 +- .../analysis/passes/lostcancel/lostcancel.go | 8 +- .../go/analysis/passes/nilfunc/nilfunc.go | 4 +- .../go/analysis/passes/nilness/nilness.go | 4 +- .../x/tools/go/analysis/passes/printf/doc.go | 30 + .../tools/go/analysis/passes/printf/printf.go | 323 +- .../tools/go/analysis/passes/printf/types.go | 16 +- .../reflectvaluecompare.go | 4 +- .../tools/go/analysis/passes/shadow/shadow.go | 4 +- .../passes/sigchanyzer/sigchanyzer.go | 4 +- .../x/tools/go/analysis/passes/slog/slog.go | 8 +- .../analysis/passes/stdmethods/stdmethods.go | 10 +- .../analysis/passes/stdversion/stdversion.go | 7 + .../analysis/passes/stringintconv/string.go | 4 +- .../testinggoroutine/testinggoroutine.go | 4 +- .../analysis/passes/testinggoroutine/util.go | 4 +- .../x/tools/go/analysis/passes/tests/tests.go | 8 +- .../analysis/passes/timeformat/timeformat.go | 6 +- .../go/analysis/passes/unmarshal/unmarshal.go | 8 +- .../passes/unreachable/unreachable.go | 17 +- .../go/analysis/passes/unsafeptr/unsafeptr.go | 4 +- .../passes/unusedresult/unusedresult.go | 12 +- .../passes/unusedwrite/unusedwrite.go | 4 +- .../go/analysis/passes/waitgroup/waitgroup.go | 4 +- .../x/tools/go/ast/astutil/imports.go | 19 +- .../x/tools/go/ast/inspector/cursor.go | 27 +- vendor/golang.org/x/tools/go/cfg/builder.go | 16 +- vendor/golang.org/x/tools/go/cfg/cfg.go | 47 +- .../x/tools/go/packages/packages.go | 41 +- .../golang.org/x/tools/go/packages/visit.go | 2 +- vendor/golang.org/x/tools/go/ssa/builder.go | 21 +- vendor/golang.org/x/tools/go/ssa/create.go | 11 + vendor/golang.org/x/tools/go/ssa/emit.go | 23 +- vendor/golang.org/x/tools/go/ssa/func.go | 4 + .../golang.org/x/tools/go/ssa/instantiate.go | 2 +- vendor/golang.org/x/tools/go/ssa/ssa.go | 2 + .../x/tools/go/ssa/ssautil/visit.go | 4 +- vendor/golang.org/x/tools/go/ssa/subst.go | 8 +- vendor/golang.org/x/tools/go/ssa/util.go | 8 +- .../x/tools/go/types/objectpath/objectpath.go | 4 +- .../x/tools/go/types/typeutil/callee.go | 1 + .../x/tools/go/types/typeutil/map.go | 3 +- vendor/golang.org/x/tools/imports/forward.go | 6 + .../internal/analysis/analyzerutil/doc.go | 6 + .../analyzerutil}/extractdoc.go | 4 +- .../analysis/analyzerutil/readfile.go | 30 + .../internal/analysis/analyzerutil/version.go | 42 + .../typeindex/typeindex.go | 4 +- .../internal/analysisinternal/analysis.go | 295 - .../x/tools/internal/astutil/stringlit.go | 8 +- .../x/tools/internal/astutil/util.go | 154 +- .../x/tools/internal/event/core/export.go | 15 +- .../x/tools/internal/event/label/label.go | 12 +- .../x/tools/internal/gcimporter/bimport.go | 2 +- .../x/tools/internal/gcimporter/iexport.go | 36 +- .../x/tools/internal/gcimporter/iimport.go | 60 +- .../x/tools/internal/imports/sortimports.go | 23 +- .../x/tools/internal/modindex/index.go | 11 +- .../x/tools/internal/modindex/lookup.go | 8 +- .../x/tools/internal/moreiters/iters.go | 8 + .../tools/internal/packagepath/packagepath.go | 49 + .../x/tools/internal/refactor/delete.go | 341 +- .../x/tools/internal/refactor/edit.go | 15 + .../x/tools/internal/refactor/imports.go | 60 +- .../x/tools/internal/refactor/refactor.go | 8 +- .../x/tools/internal/stdlib/deps.go | 778 +- .../x/tools/internal/stdlib/import.go | 8 + .../x/tools/internal/stdlib/manifest.go | 654 +- .../x/tools/internal/stdlib/stdlib.go | 2 +- .../x/tools/internal/typeparams/normalize.go | 6 +- .../internal/typesinternal/classify_call.go | 2 +- .../x/tools/internal/typesinternal/element.go | 4 +- .../x/tools/internal/typesinternal/fx.go | 57 +- .../x/tools/internal/typesinternal/isnamed.go | 4 +- .../tools/internal/typesinternal/qualifier.go | 2 +- .../x/tools/internal/typesinternal/types.go | 4 +- .../x/tools/internal/typesinternal/varkind.go | 39 +- .../internal/typesinternal/varkind_go124.go | 39 + .../tools/internal/typesinternal/zerovalue.go | 14 +- .../x/tools/internal/versions/features.go | 7 +- .../x/tools/refactor/satisfy/find.go | 725 ++ vendor/k8s.io/utils/buffer/ring_fixed.go | 120 + vendor/k8s.io/utils/exec/exec.go | 16 + vendor/k8s.io/utils/exec/fixup_go118.go | 32 - vendor/k8s.io/utils/exec/fixup_go119.go | 40 - vendor/k8s.io/utils/strings/slices/slices.go | 82 - vendor/modules.txt | 54 +- .../pkg/metrics/filters/filters.go | 122 + 277 files changed, 16525 insertions(+), 10422 deletions(-) create mode 100644 vendor/github.com/onsi/gomega/matchers/match_error_strictly_matcher.go delete mode 100644 vendor/github.com/openshift/api/config/v1alpha1/types_cluster_image_policy.go delete mode 100644 vendor/github.com/openshift/api/config/v1alpha1/types_image_policy.go create mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/additionalalertmanagerconfig.go create mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/authorizationconfig.go create mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/basicauth.go create mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/certificateconfig.go delete mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/clusterimagepolicy.go delete mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/clusterimagepolicyspec.go delete mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/clusterimagepolicystatus.go create mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/custompkipolicy.go create mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/defaultcertificateconfig.go create mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/dropequalactionconfig.go create mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/ecdsakeyconfig.go create mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/hashmodactionconfig.go delete mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/imagepolicyfulciocawithrekorrootoftrust.go delete mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/imagepolicypkirootoftrust.go delete mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/imagepolicypublickeyrootoftrust.go delete mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/imagepolicyspec.go delete mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/imagepolicystatus.go delete mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/imagesigstoreverificationpolicy.go create mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/keepequalactionconfig.go create mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/keyconfig.go create mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/label.go create mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/labelmapactionconfig.go create mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/lowercaseactionconfig.go create mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/metadataconfig.go create mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/metadataconfigcustom.go create mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/oauth2.go create mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/oauth2endpointparam.go create mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/openshiftstatemetricsconfig.go rename vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/{imagepolicy.go => pki.go} (65%) create mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/pkicertificatemanagement.go delete mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/pkicertificatesubject.go create mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/pkiprofile.go create mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/pkispec.go delete mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/policyfulciosubject.go delete mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/policyidentity.go delete mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/policymatchexactrepository.go delete mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/policymatchremapidentity.go delete mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/policyrootoftrust.go create mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/prometheusconfig.go create mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/prometheusremotewriteheader.go create mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/queueconfig.go create mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/relabelactionconfig.go create mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/relabelconfig.go create mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/remotewriteauthorization.go create mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/remotewritespec.go create mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/replaceactionconfig.go create mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/retention.go create mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/rsakeyconfig.go create mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/secretkeyselector.go create mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/sigv4.go create mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/tlsconfig.go create mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/uppercaseactionconfig.go delete mode 100644 vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1/clusterimagepolicy.go delete mode 100644 vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1/fake/fake_clusterimagepolicy.go delete mode 100644 vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1/fake/fake_imagepolicy.go create mode 100644 vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1/fake/fake_pki.go delete mode 100644 vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1/imagepolicy.go create mode 100644 vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1/pki.go delete mode 100644 vendor/github.com/openshift/client-go/config/informers/externalversions/config/v1alpha1/clusterimagepolicy.go rename vendor/github.com/openshift/client-go/config/informers/externalversions/config/v1alpha1/{imagepolicy.go => pki.go} (51%) delete mode 100644 vendor/github.com/openshift/client-go/config/listers/config/v1alpha1/clusterimagepolicy.go delete mode 100644 vendor/github.com/openshift/client-go/config/listers/config/v1alpha1/imagepolicy.go create mode 100644 vendor/github.com/openshift/client-go/config/listers/config/v1alpha1/pki.go create mode 100644 vendor/github.com/openshift/controller-runtime-common/LICENSE create mode 100644 vendor/github.com/openshift/controller-runtime-common/pkg/tls/controller.go create mode 100644 vendor/github.com/openshift/controller-runtime-common/pkg/tls/tls.go create mode 100644 vendor/github.com/openshift/library-go/pkg/crypto/tls_adherence.go delete mode 100644 vendor/golang.org/x/tools/go/analysis/passes/internal/analysisutil/util.go create mode 100644 vendor/golang.org/x/tools/internal/analysis/analyzerutil/doc.go rename vendor/golang.org/x/tools/internal/{analysisinternal => analysis/analyzerutil}/extractdoc.go (97%) create mode 100644 vendor/golang.org/x/tools/internal/analysis/analyzerutil/readfile.go create mode 100644 vendor/golang.org/x/tools/internal/analysis/analyzerutil/version.go rename vendor/golang.org/x/tools/internal/{analysisinternal => analysis}/typeindex/typeindex.go (88%) delete mode 100644 vendor/golang.org/x/tools/internal/analysisinternal/analysis.go create mode 100644 vendor/golang.org/x/tools/internal/packagepath/packagepath.go create mode 100644 vendor/golang.org/x/tools/internal/refactor/edit.go create mode 100644 vendor/golang.org/x/tools/internal/typesinternal/varkind_go124.go create mode 100644 vendor/golang.org/x/tools/refactor/satisfy/find.go create mode 100644 vendor/k8s.io/utils/buffer/ring_fixed.go delete mode 100644 vendor/k8s.io/utils/exec/fixup_go118.go delete mode 100644 vendor/k8s.io/utils/exec/fixup_go119.go delete mode 100644 vendor/k8s.io/utils/strings/slices/slices.go create mode 100644 vendor/sigs.k8s.io/controller-runtime/pkg/metrics/filters/filters.go diff --git a/go.mod b/go.mod index 83136f48c8..2e4dabd405 100644 --- a/go.mod +++ b/go.mod @@ -17,26 +17,27 @@ require ( github.com/go-logr/logr v1.4.3 github.com/golangci/golangci-lint v1.64.8 github.com/google/uuid v1.6.0 - github.com/onsi/ginkgo/v2 v2.27.2 - github.com/onsi/gomega v1.38.2 + github.com/onsi/ginkgo/v2 v2.28.1 + github.com/onsi/gomega v1.39.1 github.com/openshift-eng/openshift-tests-extension v0.0.0-20260127124016-0fed2b824818 - github.com/openshift/api v0.0.0-20260305140000-0790d2957f54 - github.com/openshift/client-go v0.0.0-20260305144912-aba4b273812d + github.com/openshift/api v0.0.0-20260317165824-54a3998d81eb + github.com/openshift/client-go v0.0.0-20260317180604-743f664b82d1 github.com/openshift/cluster-api-actuator-pkg/testutils v0.0.0-20250910145856-21d03d30056d github.com/openshift/cluster-control-plane-machine-set-operator v0.0.0-20251029084908-344babe6a957 - github.com/openshift/library-go v0.0.0-20260303171201-5d9eb6295ff6 + github.com/openshift/controller-runtime-common v0.0.0-20260318085703-1812aed6dbd2 + github.com/openshift/library-go v0.0.0-20260318142011-72bf34f474bc github.com/prometheus/client_golang v1.23.2 github.com/spf13/cobra v1.10.1 github.com/spf13/pflag v1.0.10 github.com/stretchr/testify v1.11.1 github.com/vmware/govmomi v0.52.0 - golang.org/x/net v0.47.0 // indirect + golang.org/x/net v0.49.0 // indirect golang.org/x/time v0.14.0 gopkg.in/gcfg.v1 v1.2.3 // indirect - k8s.io/api v0.35.1 - k8s.io/apimachinery v0.35.1 + k8s.io/api v0.35.2 + k8s.io/apimachinery v0.35.2 k8s.io/apiserver v0.35.1 - k8s.io/client-go v0.35.1 + k8s.io/client-go v0.35.2 k8s.io/cloud-provider-vsphere v1.32.2 k8s.io/component-base v0.35.1 k8s.io/cri-client v0.35.1 // indirect @@ -48,7 +49,7 @@ require ( k8s.io/kubernetes v1.35.1 k8s.io/mount-utils v0.35.1 // indirect k8s.io/sample-apiserver v0.35.1 // indirect - k8s.io/utils v0.0.0-20251002143259-bc988d571ff4 + k8s.io/utils v0.0.0-20260210185600-b8788abfbbc2 sigs.k8s.io/cluster-api v1.11.3 sigs.k8s.io/controller-runtime v0.23.3 sigs.k8s.io/controller-runtime/tools/setup-envtest v0.0.0-20240923090159-236e448db12c @@ -172,7 +173,7 @@ require ( github.com/google/cel-go v0.26.0 // indirect github.com/google/gnostic-models v0.7.0 // indirect github.com/google/go-cmp v0.7.0 // indirect - github.com/google/pprof v0.0.0-20250403155104-27863c87afa6 // indirect + github.com/google/pprof v0.0.0-20260115054156-294ebfa9ad83 // indirect github.com/gordonklaus/ineffassign v0.1.0 // indirect github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674 // indirect github.com/gostaticanalysis/analysisutil v0.7.1 // indirect @@ -322,16 +323,16 @@ require ( go.uber.org/zap v1.27.0 // indirect go.yaml.in/yaml/v2 v2.4.3 // indirect go.yaml.in/yaml/v3 v3.0.4 // indirect - golang.org/x/crypto v0.45.0 // indirect + golang.org/x/crypto v0.47.0 // indirect golang.org/x/exp v0.0.0-20240909161429-701f63a606c0 // indirect golang.org/x/exp/typeparams v0.0.0-20250210185358-939b2ce775ac // indirect - golang.org/x/mod v0.29.0 // indirect + golang.org/x/mod v0.32.0 // indirect golang.org/x/oauth2 v0.30.0 // indirect - golang.org/x/sync v0.18.0 // indirect - golang.org/x/sys v0.38.0 // indirect - golang.org/x/term v0.37.0 // indirect - golang.org/x/text v0.31.0 // indirect - golang.org/x/tools v0.38.0 // indirect + golang.org/x/sync v0.19.0 // indirect + golang.org/x/sys v0.40.0 // indirect + golang.org/x/term v0.39.0 // indirect + golang.org/x/text v0.33.0 // indirect + golang.org/x/tools v0.41.0 // indirect golang.org/x/tools/go/expect v0.1.1-deprecated // indirect gomodules.xyz/jsonpatch/v2 v2.5.0 // indirect google.golang.org/genproto/googleapis/api v0.0.0-20250303144028-a0af3efb3deb // indirect diff --git a/go.sum b/go.sum index b5fc782063..fb2a5ded9c 100644 --- a/go.sum +++ b/go.sum @@ -278,8 +278,8 @@ github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/pprof v0.0.0-20250403155104-27863c87afa6 h1:BHT72Gu3keYf3ZEu2J0b1vyeLSOYI8bm5wbJM/8yDe8= -github.com/google/pprof v0.0.0-20250403155104-27863c87afa6/go.mod h1:boTsfXsheKC2y+lKOCMpSfarhxDeIzfZG1jqGcPl3cA= +github.com/google/pprof v0.0.0-20260115054156-294ebfa9ad83 h1:z2ogiKUYzX5Is6zr/vP9vJGqPwcdqsWjOt+V8J7+bTc= +github.com/google/pprof v0.0.0-20260115054156-294ebfa9ad83/go.mod h1:MxpfABSjhmINe3F1It9d+8exIHFvUqtLIRCdOGNXqiI= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/gordonklaus/ineffassign v0.1.0 h1:y2Gd/9I7MdY1oEIt+n+rowjBNDcLQq3RsH5hwJd0f9s= @@ -449,8 +449,8 @@ github.com/nunnatsa/ginkgolinter v0.19.1 h1:mjwbOlDQxZi9Cal+KfbEJTCz327OLNfwNvoZ github.com/nunnatsa/ginkgolinter v0.19.1/go.mod h1:jkQ3naZDmxaZMXPWaS9rblH+i+GWXQCaS/JFIWcOH2s= github.com/olekukonko/tablewriter v0.0.5 h1:P2Ga83D34wi1o9J6Wh1mRuqd4mF/x/lgBS7N7AbDhec= github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY= -github.com/onsi/gomega v1.38.2 h1:eZCjf2xjZAqe+LeWvKb5weQ+NcPwX84kqJ0cZNxok2A= -github.com/onsi/gomega v1.38.2/go.mod h1:W2MJcYxRGV63b418Ai34Ud0hEdTVXq9NW9+Sx6uXf3k= +github.com/onsi/gomega v1.39.1 h1:1IJLAad4zjPn2PsnhH70V4DKRFlrCzGBNrNaru+Vf28= +github.com/onsi/gomega v1.39.1/go.mod h1:hL6yVALoTOxeWudERyfppUcZXjMwIMLnuSfruD2lcfg= github.com/opencontainers/cgroups v0.0.3 h1:Jc9dWh/0YLGjdy6J/9Ln8NM5BfTA4W2BY0GMozy3aDU= github.com/opencontainers/cgroups v0.0.3/go.mod h1:s8lktyhlGUqM7OSRL5P7eAW6Wb+kWPNvt4qvVfzA5vs= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= @@ -463,14 +463,18 @@ github.com/opencontainers/selinux v1.13.0 h1:Zza88GWezyT7RLql12URvoxsbLfjFx988+L github.com/opencontainers/selinux v1.13.0/go.mod h1:XxWTed+A/s5NNq4GmYScVy+9jzXhGBVEOAyucdRUY8s= github.com/openshift-eng/openshift-tests-extension v0.0.0-20260127124016-0fed2b824818 h1:jJLE/aCAqDf8U4wc3bE1IEKgIxbb0ICjCNVFA49x/8s= github.com/openshift-eng/openshift-tests-extension v0.0.0-20260127124016-0fed2b824818/go.mod h1:6gkP5f2HL0meusT0Aim8icAspcD1cG055xxBZ9yC68M= -github.com/openshift/api v0.0.0-20260305140000-0790d2957f54 h1:9df5tA4NFWCWmqW0apC33jGAeiH5AzICaKI7XF9LCXA= -github.com/openshift/api v0.0.0-20260305140000-0790d2957f54/go.mod h1:pyVjK0nZ4sRs4fuQVQ4rubsJdahI1PB94LnQ8sGdvxo= +github.com/openshift/api v0.0.0-20260317165824-54a3998d81eb h1:iwBR3mzmyE3EMFx7R3CQ9lOccTS0dNht8TW82aGITg0= +github.com/openshift/api v0.0.0-20260317165824-54a3998d81eb/go.mod h1:pyVjK0nZ4sRs4fuQVQ4rubsJdahI1PB94LnQ8sGdvxo= github.com/openshift/client-go v0.0.0-20260305144912-aba4b273812d h1:TCwd4qbMSPfQaxrQD6e9RPw1Jc3qLGaHf8el4RNJjM0= github.com/openshift/client-go v0.0.0-20260305144912-aba4b273812d/go.mod h1:7QeQMJHhEpcMankJSrwuMALpRRM1ADtaFyURHXyPSSQ= +github.com/openshift/client-go v0.0.0-20260317180604-743f664b82d1 h1:Hr/R38eg5ZJXfbiaHumjJIN1buDZwhsm4ys4npVCXH0= +github.com/openshift/client-go v0.0.0-20260317180604-743f664b82d1/go.mod h1:Za51LlH76ALiQ/aKGBYJXmyJNkA//IDJ+I///30CA2M= github.com/openshift/cluster-api-actuator-pkg/testutils v0.0.0-20250910145856-21d03d30056d h1:+sqUThLi/lmgT5/scmmjnS6+RZFtbdxRAscNfCPyLPI= github.com/openshift/cluster-api-actuator-pkg/testutils v0.0.0-20250910145856-21d03d30056d/go.mod h1:9+FWWWLkVrnBo1eYhA/0Ehlq5JMgIAHtcB0IF+qV1AA= github.com/openshift/cluster-control-plane-machine-set-operator v0.0.0-20251029084908-344babe6a957 h1:eVnkMTFnirnoUOlAUT3Hy8WriIi1JoSrilWym3Dl8Q4= github.com/openshift/cluster-control-plane-machine-set-operator v0.0.0-20251029084908-344babe6a957/go.mod h1:TBlORAAtNZ/Tl86pO7GjNXKsH/g0QAW5GnvYstdOhYI= +github.com/openshift/controller-runtime-common v0.0.0-20260318085703-1812aed6dbd2 h1:GrZlVichOCE/lz8fg1+eNrAtkM0VSlqa9buuzN0vnb0= +github.com/openshift/controller-runtime-common v0.0.0-20260318085703-1812aed6dbd2/go.mod h1:XGabTMnNbz0M5Oa7IbscZp/jmcc7aHobvOCUWwkzKvM= github.com/openshift/kubernetes v1.30.1-0.20260305123649-d18f3f005eaa h1:/gPMWR7fdCC3S4wHALD6Em+vztl1q9/cOpdMkFZwDus= github.com/openshift/kubernetes v1.30.1-0.20260305123649-d18f3f005eaa/go.mod h1:1r2FIoYrPU0110cjYlWAwNcbiqRPLWAgmZK4d0YeEZw= github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20260305123649-d18f3f005eaa h1:PHXXIj7KPZJevTmdJd4u1NROdvSX2z5v4/1RQpBzqOA= @@ -479,6 +483,8 @@ github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20260305123649 github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20260305123649-d18f3f005eaa/go.mod h1:tVLbICv6U/B3LToFiDNSR7rsaNDV3iaPaQiN0Lph7Hc= github.com/openshift/library-go v0.0.0-20260303171201-5d9eb6295ff6 h1:xjqy0OolrFdJ+ofI/aD0+2k9+MSk5anP5dXifFt539Q= github.com/openshift/library-go v0.0.0-20260303171201-5d9eb6295ff6/go.mod h1:D797O/ssKTNglbrGchjIguFq+DbyRYdeds5w4/VTrKM= +github.com/openshift/library-go v0.0.0-20260318142011-72bf34f474bc h1:a+rVRzEdFIwgDQLTbhiG3MEVuBXjLb/6HJRikTob+nY= +github.com/openshift/library-go v0.0.0-20260318142011-72bf34f474bc/go.mod h1:3bi4pLpYRdVd1aEhsHfRTJkwxwPLfRZ+ZePn3RmJd2k= github.com/openshift/onsi-ginkgo/v2 v2.6.1-0.20260303184444-1cc650aa0565 h1:3/q8qM4HbFa+Een8wgzpwO8W6mO7Po+MwY6uxiXi/ac= github.com/openshift/onsi-ginkgo/v2 v2.6.1-0.20260303184444-1cc650aa0565/go.mod h1:ArE1D/XhNXBXCBkKOLkbsb2c81dQHCRcF5zwn/ykDRo= github.com/otiai10/copy v1.2.0/go.mod h1:rrF5dJ5F0t/EWSYODDu4j9/vEeYHMkc8jt0zJChqQWw= @@ -729,8 +735,8 @@ golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPh golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc= golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4= -golang.org/x/crypto v0.45.0 h1:jMBrvKuj23MTlT0bQEOBcAE0mjg8mK9RXFhRH6nyF3Q= -golang.org/x/crypto v0.45.0/go.mod h1:XTGrrkGJve7CYK7J8PEww4aY7gM3qMCElcJQ8n8JdX4= +golang.org/x/crypto v0.47.0 h1:V6e3FRj+n4dbpw86FJ8Fv7XVOql7TEwpHapKoMJ/GO8= +golang.org/x/crypto v0.47.0/go.mod h1:ff3Y9VzzKbwSSEzWqJsJVBnWmRwRSHt/6Op5n9bQc4A= golang.org/x/exp v0.0.0-20240909161429-701f63a606c0 h1:e66Fs6Z+fZTbFBAxKfP3PALWBtpfqks2bwGcexMxgtk= golang.org/x/exp v0.0.0-20240909161429-701f63a606c0/go.mod h1:2TbTHSBQa924w8M6Xs1QcRcFwyucIwBGpK1p2f1YFFY= golang.org/x/exp/typeparams v0.0.0-20220428152302-39d4317da171/go.mod h1:AbB0pIl9nAr9wVwH+Z2ZpaocVmF5I4GyWCDIsVjR0bk= @@ -748,8 +754,8 @@ golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.9.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.13.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= -golang.org/x/mod v0.29.0 h1:HV8lRxZC4l2cr3Zq1LvtOsi/ThTgWnUk/y64QSs8GwA= -golang.org/x/mod v0.29.0/go.mod h1:NyhrlYXJ2H4eJiRy/WDBO6HMqZQ6q9nk4JzS3NuCK+w= +golang.org/x/mod v0.32.0 h1:9F4d3PHLljb6x//jOyokMv3eX+YDeepZSEo3mFJy93c= +golang.org/x/mod v0.32.0/go.mod h1:SgipZ/3h2Ci89DlEtEXWUk/HteuRin+HHhN+WbNhguU= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= @@ -765,8 +771,8 @@ golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk= golang.org/x/net v0.16.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= -golang.org/x/net v0.47.0 h1:Mx+4dIFzqraBXUugkia1OOvlD6LemFo1ALMHjrXDOhY= -golang.org/x/net v0.47.0/go.mod h1:/jNxtkgq5yWUGYkaZGqo27cfGZ1c5Nen03aYrrKpVRU= +golang.org/x/net v0.49.0 h1:eeHFmOGUTtaaPSGNmjBKpbng9MulQsJURQUAfUwY++o= +golang.org/x/net v0.49.0/go.mod h1:/ysNB2EvaqvesRkuLAyjI1ycPZlQHM3q01F02UY/MV8= golang.org/x/oauth2 v0.30.0 h1:dnDm7JmhM45NNpd8FDDeLhK6FwqbOf4MLCM9zb1BOHI= golang.org/x/oauth2 v0.30.0/go.mod h1:B++QgG3ZKulg6sRPGD/mqlHQs5rB3Ml9erfeDY7xKlU= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -778,8 +784,8 @@ golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= golang.org/x/sync v0.4.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= -golang.org/x/sync v0.18.0 h1:kr88TuHDroi+UVf+0hZnirlk8o8T+4MrK6mr60WkH/I= -golang.org/x/sync v0.18.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI= +golang.org/x/sync v0.19.0 h1:vV+1eWNmZ5geRlYjzm2adRgW2/mcpevXNg50YZtPCE4= +golang.org/x/sync v0.19.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -802,8 +808,8 @@ golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.38.0 h1:3yZWxaJjBmCWXqhN1qh02AkOnCQ1poK6oF+a7xWL6Gc= -golang.org/x/sys v0.38.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= +golang.org/x/sys v0.40.0 h1:DBZZqJ2Rkml6QMQsZywtnjnnGvHza6BTfYFWY9kjEWQ= +golang.org/x/sys v0.40.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= @@ -812,8 +818,8 @@ golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU= golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= -golang.org/x/term v0.37.0 h1:8EGAD0qCmHYZg6J17DvsMy9/wJ7/D/4pV/wfnld5lTU= -golang.org/x/term v0.37.0/go.mod h1:5pB4lxRNYYVZuTLmy8oR2BH8dflOR+IbTYFD8fi3254= +golang.org/x/term v0.39.0 h1:RclSuaJf32jOqZz74CkPA9qFuVTX7vhLlpfj/IGWlqY= +golang.org/x/term v0.39.0/go.mod h1:yxzUCTP/U+FzoxfdKmLaA0RV1WgE0VY7hXBwKtY/4ww= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= @@ -824,8 +830,8 @@ golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= -golang.org/x/text v0.31.0 h1:aC8ghyu4JhP8VojJ2lEHBnochRno1sgL6nEi9WGFGMM= -golang.org/x/text v0.31.0/go.mod h1:tKRAlv61yKIjGGHX/4tP1LTbc13YSec1pxVEWXzfoeM= +golang.org/x/text v0.33.0 h1:B3njUFyqtHDUI5jMn1YIr5B0IE2U0qck04r6d4KPAxE= +golang.org/x/text v0.33.0/go.mod h1:LuMebE6+rBincTi9+xWTY8TztLzKHc/9C1uBCG27+q8= golang.org/x/time v0.14.0 h1:MRx4UaLrDotUKUdCIqzPC48t1Y9hANFKIRpNx+Te8PI= golang.org/x/time v0.14.0/go.mod h1:eL/Oa2bBBK0TkX57Fyni+NgnyQQN4LitPmob2Hjnqw4= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -848,8 +854,8 @@ golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= golang.org/x/tools v0.7.0/go.mod h1:4pg6aUX35JBAogB10C9AtvVL+qowtN4pT3CGSQex14s= golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58= golang.org/x/tools v0.14.0/go.mod h1:uYBEerGOWcJyEORxN+Ek8+TT266gXkNlHdJBwexUsBg= -golang.org/x/tools v0.38.0 h1:Hx2Xv8hISq8Lm16jvBZ2VQf+RLmbd7wVUsALibYI/IQ= -golang.org/x/tools v0.38.0/go.mod h1:yEsQ/d/YK8cjh0L6rZlY8tgtlKiBNTL14pGDJPJpYQs= +golang.org/x/tools v0.41.0 h1:a9b8iMweWG+S0OBnlU36rzLp20z1Rp10w+IY2czHTQc= +golang.org/x/tools v0.41.0/go.mod h1:XSY6eDqxVNiYgezAVqqCeihT4j1U2CCsqvH3WhQpnlg= golang.org/x/tools/go/expect v0.1.1-deprecated h1:jpBZDwmgPhXsKZC6WhL20P4b/wmnpsEAGHaNy0n/rJM= golang.org/x/tools/go/expect v0.1.1-deprecated/go.mod h1:eihoPOH+FgIqa3FpoTwguz/bVUSGBlGQU67vpBeOrBY= golang.org/x/tools/go/packages/packagestest v0.1.1-deprecated h1:1h2MnaIAIXISqTFKdENegdpAgUXz6NrPEsbIeWaBRvM= @@ -891,16 +897,16 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= honnef.co/go/tools v0.6.1 h1:R094WgE8K4JirYjBaOpz/AvTyUu/3wbmAoskKN/pxTI= honnef.co/go/tools v0.6.1/go.mod h1:3puzxxljPCe8RGJX7BIy1plGbxEOZni5mR2aXe3/uk4= -k8s.io/api v0.35.1 h1:0PO/1FhlK/EQNVK5+txc4FuhQibV25VLSdLMmGpDE/Q= -k8s.io/api v0.35.1/go.mod h1:28uR9xlXWml9eT0uaGo6y71xK86JBELShLy4wR1XtxM= +k8s.io/api v0.35.2 h1:tW7mWc2RpxW7HS4CoRXhtYHSzme1PN1UjGHJ1bdrtdw= +k8s.io/api v0.35.2/go.mod h1:7AJfqGoAZcwSFhOjcGM7WV05QxMMgUaChNfLTXDRE60= k8s.io/apiextensions-apiserver v0.35.1 h1:p5vvALkknlOcAqARwjS20kJffgzHqwyQRM8vHLwgU7w= k8s.io/apiextensions-apiserver v0.35.1/go.mod h1:2CN4fe1GZ3HMe4wBr25qXyJnJyZaquy4nNlNmb3R7AQ= -k8s.io/apimachinery v0.35.1 h1:yxO6gV555P1YV0SANtnTjXYfiivaTPvCTKX6w6qdDsU= -k8s.io/apimachinery v0.35.1/go.mod h1:jQCgFZFR1F4Ik7hvr2g84RTJSZegBc8yHgFWKn//hns= +k8s.io/apimachinery v0.35.2 h1:NqsM/mmZA7sHW02JZ9RTtk3wInRgbVxL8MPfzSANAK8= +k8s.io/apimachinery v0.35.2/go.mod h1:jQCgFZFR1F4Ik7hvr2g84RTJSZegBc8yHgFWKn//hns= k8s.io/cli-runtime v0.35.1 h1:uKcXFe8J7AMAM4Gm2JDK4mp198dBEq2nyeYtO+JfGJE= k8s.io/cli-runtime v0.35.1/go.mod h1:55/hiXIq1C8qIJ3WBrWxEwDLdHQYhBNRdZOz9f7yvTw= -k8s.io/client-go v0.35.1 h1:+eSfZHwuo/I19PaSxqumjqZ9l5XiTEKbIaJ+j1wLcLM= -k8s.io/client-go v0.35.1/go.mod h1:1p1KxDt3a0ruRfc/pG4qT/3oHmUj1AhSHEcxNSGg+OA= +k8s.io/client-go v0.35.2 h1:YUfPefdGJA4aljDdayAXkc98DnPkIetMl4PrKX97W9o= +k8s.io/client-go v0.35.2/go.mod h1:4QqEwh4oQpeK8AaefZ0jwTFJw/9kIjdQi0jpKeYvz7g= k8s.io/cloud-provider v0.35.1 h1:ToV1sqvKzoLJp6H+NuGt3bvTCOOY0L1MZzHAHU0/bRs= k8s.io/cloud-provider v0.35.1/go.mod h1:zGF/i9YuBODKxj7szGMMIz4DRnjsDy5mg2JU+XbbULA= k8s.io/cloud-provider-vsphere v1.32.2 h1:/OWUMXhRIDACM2j9Loj/Jh3/Z7q6o7kFbE78iCs92Zg= @@ -939,8 +945,8 @@ k8s.io/pod-security-admission v0.35.1 h1:Ra7QA/mTXVabzzgQAe36trllpQdGSvwuq9pdnXs k8s.io/pod-security-admission v0.35.1/go.mod h1:J2OnqW+rNItdl6XZeySa4m2nDqrZ+nBpk1Mr6Vf9M/U= k8s.io/sample-apiserver v0.35.1 h1:ZSvf4OQl2wEnJIXI4UZugvzhi6bL6DXvM9f5HJy/gR4= k8s.io/sample-apiserver v0.35.1/go.mod h1:bR8TIBxAheD7HTuyZmwALTWRkuW1xU6Xeve1QyZuUaw= -k8s.io/utils v0.0.0-20251002143259-bc988d571ff4 h1:SjGebBtkBqHFOli+05xYbK8YF1Dzkbzn+gDM4X9T4Ck= -k8s.io/utils v0.0.0-20251002143259-bc988d571ff4/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +k8s.io/utils v0.0.0-20260210185600-b8788abfbbc2 h1:AZYQSJemyQB5eRxqcPky+/7EdBj0xi3g0ZcxxJ7vbWU= +k8s.io/utils v0.0.0-20260210185600-b8788abfbbc2/go.mod h1:xDxuJ0whA3d0I4mf/C4ppKHxXynQ+fxnkmQH0vTHnuk= mvdan.cc/gofumpt v0.7.0 h1:bg91ttqXmi9y2xawvkuMXyvAA/1ZGJqYAEGjXuP0JXU= mvdan.cc/gofumpt v0.7.0/go.mod h1:txVFJy/Sc/mvaycET54pV8SW8gWxTlUuGHVEcncmNUo= mvdan.cc/unparam v0.0.0-20240528143540-8a5130ca722f h1:lMpcwN6GxNbWtbpI1+xzFLSW8XzX0u72NttUGVFjO3U= diff --git a/vendor/github.com/google/pprof/profile/merge.go b/vendor/github.com/google/pprof/profile/merge.go index ba4d746407..8a51690be4 100644 --- a/vendor/github.com/google/pprof/profile/merge.go +++ b/vendor/github.com/google/pprof/profile/merge.go @@ -17,6 +17,7 @@ package profile import ( "encoding/binary" "fmt" + "slices" "sort" "strconv" "strings" @@ -78,12 +79,10 @@ func Merge(srcs []*Profile) (*Profile, error) { } } - for _, s := range p.Sample { - if isZeroSample(s) { - // If there are any zero samples, re-merge the profile to GC - // them. - return Merge([]*Profile{p}) - } + if slices.ContainsFunc(p.Sample, isZeroSample) { + // If there are any zero samples, re-merge the profile to GC + // them. + return Merge([]*Profile{p}) } return p, nil diff --git a/vendor/github.com/google/pprof/profile/profile.go b/vendor/github.com/google/pprof/profile/profile.go index f47a243903..18df65a8df 100644 --- a/vendor/github.com/google/pprof/profile/profile.go +++ b/vendor/github.com/google/pprof/profile/profile.go @@ -24,6 +24,7 @@ import ( "math" "path/filepath" "regexp" + "slices" "sort" "strings" "sync" @@ -277,7 +278,7 @@ func (p *Profile) massageMappings() { // Use heuristics to identify main binary and move it to the top of the list of mappings for i, m := range p.Mapping { - file := strings.TrimSpace(strings.Replace(m.File, "(deleted)", "", -1)) + file := strings.TrimSpace(strings.ReplaceAll(m.File, "(deleted)", "")) if len(file) == 0 { continue } @@ -734,12 +735,7 @@ func (p *Profile) RemoveLabel(key string) { // HasLabel returns true if a sample has a label with indicated key and value. func (s *Sample) HasLabel(key, value string) bool { - for _, v := range s.Label[key] { - if v == value { - return true - } - } - return false + return slices.Contains(s.Label[key], value) } // SetNumLabel sets the specified key to the specified value for all samples in the @@ -852,7 +848,17 @@ func (p *Profile) HasFileLines() bool { // "[vdso]", "[vsyscall]" and some others, see the code. func (m *Mapping) Unsymbolizable() bool { name := filepath.Base(m.File) - return strings.HasPrefix(name, "[") || strings.HasPrefix(name, "linux-vdso") || strings.HasPrefix(m.File, "/dev/dri/") || m.File == "//anon" + switch { + case strings.HasPrefix(name, "["): + case strings.HasPrefix(name, "linux-vdso"): + case strings.HasPrefix(m.File, "/dev/dri/"): + case m.File == "//anon": + case m.File == "": + case strings.HasPrefix(m.File, "/memfd:"): + default: + return false + } + return true } // Copy makes a fully independent copy of a profile. diff --git a/vendor/github.com/google/pprof/profile/proto.go b/vendor/github.com/google/pprof/profile/proto.go index a15696ba16..31bf6bca63 100644 --- a/vendor/github.com/google/pprof/profile/proto.go +++ b/vendor/github.com/google/pprof/profile/proto.go @@ -36,6 +36,7 @@ package profile import ( "errors" "fmt" + "slices" ) type buffer struct { @@ -187,6 +188,16 @@ func le32(p []byte) uint32 { return uint32(p[0]) | uint32(p[1])<<8 | uint32(p[2])<<16 | uint32(p[3])<<24 } +func peekNumVarints(data []byte) (numVarints int) { + for ; len(data) > 0; numVarints++ { + var err error + if _, data, err = decodeVarint(data); err != nil { + break + } + } + return numVarints +} + func decodeVarint(data []byte) (uint64, []byte, error) { var u uint64 for i := 0; ; i++ { @@ -286,6 +297,9 @@ func decodeInt64(b *buffer, x *int64) error { func decodeInt64s(b *buffer, x *[]int64) error { if b.typ == 2 { // Packed encoding + dataLen := peekNumVarints(b.data) + *x = slices.Grow(*x, dataLen) + data := b.data for len(data) > 0 { var u uint64 @@ -316,8 +330,11 @@ func decodeUint64(b *buffer, x *uint64) error { func decodeUint64s(b *buffer, x *[]uint64) error { if b.typ == 2 { - data := b.data // Packed encoding + dataLen := peekNumVarints(b.data) + *x = slices.Grow(*x, dataLen) + + data := b.data for len(data) > 0 { var u uint64 var err error diff --git a/vendor/github.com/google/pprof/profile/prune.go b/vendor/github.com/google/pprof/profile/prune.go index b2f9fd5466..7bba31e8ce 100644 --- a/vendor/github.com/google/pprof/profile/prune.go +++ b/vendor/github.com/google/pprof/profile/prune.go @@ -19,6 +19,7 @@ package profile import ( "fmt" "regexp" + "slices" "strings" ) @@ -40,13 +41,7 @@ func simplifyFunc(f string) string { // Account for unsimplified names -- try to remove the argument list by trimming // starting from the first '(', but skipping reserved names that have '('. for _, ind := range bracketRx.FindAllStringSubmatchIndex(funcName, -1) { - foundReserved := false - for _, res := range reservedNames { - if funcName[ind[0]:ind[1]] == res { - foundReserved = true - break - } - } + foundReserved := slices.Contains(reservedNames, funcName[ind[0]:ind[1]]) if !foundReserved { funcName = funcName[:ind[0]] break diff --git a/vendor/github.com/onsi/gomega/CHANGELOG.md b/vendor/github.com/onsi/gomega/CHANGELOG.md index b7d7309f3f..91e65521b4 100644 --- a/vendor/github.com/onsi/gomega/CHANGELOG.md +++ b/vendor/github.com/onsi/gomega/CHANGELOG.md @@ -1,3 +1,18 @@ +## 1.39.1 + +Update all dependencies. This auto-updated the required version of Go to 1.24, consistent with the fact that Go 1.23 has been out of support for almost six months. + +## 1.39.0 + +### Features + +Add `MatchErrorStrictly` which only passes if `errors.Is(actual, expected)` returns true. `MatchError`, by contrast, will fallback to string comparison. + +## 1.38.3 + +### Fixes +make string formatitng more consistent for users who use format.Object directly + ## 1.38.2 - roll back to go 1.23.0 [c404969] diff --git a/vendor/github.com/onsi/gomega/format/format.go b/vendor/github.com/onsi/gomega/format/format.go index 96f04b2104..6c23ba338b 100644 --- a/vendor/github.com/onsi/gomega/format/format.go +++ b/vendor/github.com/onsi/gomega/format/format.go @@ -262,7 +262,7 @@ func Object(object any, indentation uint) string { if err, ok := object.(error); ok && !isNilValue(value) { // isNilValue check needed here to avoid nil deref due to boxed nil commonRepresentation += "\n" + IndentString(err.Error(), indentation) + "\n" + indent } - return fmt.Sprintf("%s<%s>: %s%s", indent, formatType(value), commonRepresentation, formatValue(value, indentation)) + return fmt.Sprintf("%s<%s>: %s%s", indent, formatType(value), commonRepresentation, formatValue(value, indentation, true)) } /* @@ -306,7 +306,7 @@ func formatType(v reflect.Value) string { } } -func formatValue(value reflect.Value, indentation uint) string { +func formatValue(value reflect.Value, indentation uint, isTopLevel bool) string { if indentation > MaxDepth { return "..." } @@ -367,11 +367,11 @@ func formatValue(value reflect.Value, indentation uint) string { case reflect.Func: return fmt.Sprintf("0x%x", value.Pointer()) case reflect.Ptr: - return formatValue(value.Elem(), indentation) + return formatValue(value.Elem(), indentation, isTopLevel) case reflect.Slice: return truncateLongStrings(formatSlice(value, indentation)) case reflect.String: - return truncateLongStrings(formatString(value.String(), indentation)) + return truncateLongStrings(formatString(value.String(), indentation, isTopLevel)) case reflect.Array: return truncateLongStrings(formatSlice(value, indentation)) case reflect.Map: @@ -392,8 +392,8 @@ func formatValue(value reflect.Value, indentation uint) string { } } -func formatString(object any, indentation uint) string { - if indentation == 1 { +func formatString(object any, indentation uint, isTopLevel bool) string { + if isTopLevel { s := fmt.Sprintf("%s", object) components := strings.Split(s, "\n") result := "" @@ -416,14 +416,14 @@ func formatString(object any, indentation uint) string { func formatSlice(v reflect.Value, indentation uint) string { if v.Kind() == reflect.Slice && v.Type().Elem().Kind() == reflect.Uint8 && isPrintableString(string(v.Bytes())) { - return formatString(v.Bytes(), indentation) + return formatString(v.Bytes(), indentation, false) } l := v.Len() result := make([]string, l) longest := 0 - for i := 0; i < l; i++ { - result[i] = formatValue(v.Index(i), indentation+1) + for i := range l { + result[i] = formatValue(v.Index(i), indentation+1, false) if len(result[i]) > longest { longest = len(result[i]) } @@ -443,7 +443,7 @@ func formatMap(v reflect.Value, indentation uint) string { longest := 0 for i, key := range v.MapKeys() { value := v.MapIndex(key) - result[i] = fmt.Sprintf("%s: %s", formatValue(key, indentation+1), formatValue(value, indentation+1)) + result[i] = fmt.Sprintf("%s: %s", formatValue(key, indentation+1, false), formatValue(value, indentation+1, false)) if len(result[i]) > longest { longest = len(result[i]) } @@ -462,10 +462,10 @@ func formatStruct(v reflect.Value, indentation uint) string { l := v.NumField() result := []string{} longest := 0 - for i := 0; i < l; i++ { + for i := range l { structField := t.Field(i) fieldEntry := v.Field(i) - representation := fmt.Sprintf("%s: %s", structField.Name, formatValue(fieldEntry, indentation+1)) + representation := fmt.Sprintf("%s: %s", structField.Name, formatValue(fieldEntry, indentation+1, false)) result = append(result, representation) if len(representation) > longest { longest = len(representation) @@ -479,7 +479,7 @@ func formatStruct(v reflect.Value, indentation uint) string { } func formatInterface(v reflect.Value, indentation uint) string { - return fmt.Sprintf("<%s>%s", formatType(v.Elem()), formatValue(v.Elem(), indentation)) + return fmt.Sprintf("<%s>%s", formatType(v.Elem()), formatValue(v.Elem(), indentation, false)) } func isNilValue(a reflect.Value) bool { diff --git a/vendor/github.com/onsi/gomega/gmeasure/experiment.go b/vendor/github.com/onsi/gomega/gmeasure/experiment.go index 9d1b74a78b..f4368738de 100644 --- a/vendor/github.com/onsi/gomega/gmeasure/experiment.go +++ b/vendor/github.com/onsi/gomega/gmeasure/experiment.go @@ -456,10 +456,7 @@ func (e *Experiment) Sample(callback func(idx int), samplingConfig SamplingConfi if samplingConfig.N > 0 { maxN = samplingConfig.N } - numParallel := 1 - if samplingConfig.NumParallel > numParallel { - numParallel = samplingConfig.NumParallel - } + numParallel := max(samplingConfig.NumParallel, 1) minSamplingInterval := samplingConfig.MinSamplingInterval work := make(chan int) diff --git a/vendor/github.com/onsi/gomega/gomega_dsl.go b/vendor/github.com/onsi/gomega/gomega_dsl.go index fdba34ee9d..87c70692bf 100644 --- a/vendor/github.com/onsi/gomega/gomega_dsl.go +++ b/vendor/github.com/onsi/gomega/gomega_dsl.go @@ -22,7 +22,7 @@ import ( "github.com/onsi/gomega/types" ) -const GOMEGA_VERSION = "1.38.2" +const GOMEGA_VERSION = "1.39.1" const nilGomegaPanic = `You are trying to make an assertion, but haven't registered Gomega's fail handler. If you're using Ginkgo then you probably forgot to put your assertion in an It(). diff --git a/vendor/github.com/onsi/gomega/matchers.go b/vendor/github.com/onsi/gomega/matchers.go index 10b6693fd6..16ca8f46dc 100644 --- a/vendor/github.com/onsi/gomega/matchers.go +++ b/vendor/github.com/onsi/gomega/matchers.go @@ -146,6 +146,24 @@ func MatchError(expected any, functionErrorDescription ...any) types.GomegaMatch } } +// MatchErrorStrictly succeeds iff actual is a non-nil error that matches the passed in +// expected error according to errors.Is(actual, expected). +// +// This behavior differs from MatchError where +// +// Expect(errors.New("some error")).To(MatchError(errors.New("some error"))) +// +// succeeds, but errors.Is would return false so: +// +// Expect(errors.New("some error")).To(MatchErrorStrictly(errors.New("some error"))) +// +// fails. +func MatchErrorStrictly(expected error) types.GomegaMatcher { + return &matchers.MatchErrorStrictlyMatcher{ + Expected: expected, + } +} + // BeClosed succeeds if actual is a closed channel. // It is an error to pass a non-channel to BeClosed, it is also an error to pass nil // @@ -515,8 +533,8 @@ func HaveExistingField(field string) types.GomegaMatcher { // and even interface values. // // actual := 42 -// Expect(actual).To(HaveValue(42)) -// Expect(&actual).To(HaveValue(42)) +// Expect(actual).To(HaveValue(Equal(42))) +// Expect(&actual).To(HaveValue(Equal(42))) func HaveValue(matcher types.GomegaMatcher) types.GomegaMatcher { return &matchers.HaveValueMatcher{ Matcher: matcher, diff --git a/vendor/github.com/onsi/gomega/matchers/have_key_matcher.go b/vendor/github.com/onsi/gomega/matchers/have_key_matcher.go index 9e16dcf5d6..16630c18e3 100644 --- a/vendor/github.com/onsi/gomega/matchers/have_key_matcher.go +++ b/vendor/github.com/onsi/gomega/matchers/have_key_matcher.go @@ -39,7 +39,7 @@ func (matcher *HaveKeyMatcher) Match(actual any) (success bool, err error) { } keys := reflect.ValueOf(actual).MapKeys() - for i := 0; i < len(keys); i++ { + for i := range keys { success, err := keyMatcher.Match(keys[i].Interface()) if err != nil { return false, fmt.Errorf("HaveKey's key matcher failed with:\n%s%s", format.Indent, err.Error()) diff --git a/vendor/github.com/onsi/gomega/matchers/have_key_with_value_matcher.go b/vendor/github.com/onsi/gomega/matchers/have_key_with_value_matcher.go index 1c53f1e56a..0cd7081532 100644 --- a/vendor/github.com/onsi/gomega/matchers/have_key_with_value_matcher.go +++ b/vendor/github.com/onsi/gomega/matchers/have_key_with_value_matcher.go @@ -52,7 +52,7 @@ func (matcher *HaveKeyWithValueMatcher) Match(actual any) (success bool, err err } keys := reflect.ValueOf(actual).MapKeys() - for i := 0; i < len(keys); i++ { + for i := range keys { success, err := keyMatcher.Match(keys[i].Interface()) if err != nil { return false, fmt.Errorf("HaveKeyWithValue's key matcher failed with:\n%s%s", format.Indent, err.Error()) diff --git a/vendor/github.com/onsi/gomega/matchers/match_error_strictly_matcher.go b/vendor/github.com/onsi/gomega/matchers/match_error_strictly_matcher.go new file mode 100644 index 0000000000..63969b2663 --- /dev/null +++ b/vendor/github.com/onsi/gomega/matchers/match_error_strictly_matcher.go @@ -0,0 +1,39 @@ +package matchers + +import ( + "errors" + "fmt" + + "github.com/onsi/gomega/format" +) + +type MatchErrorStrictlyMatcher struct { + Expected error +} + +func (matcher *MatchErrorStrictlyMatcher) Match(actual any) (success bool, err error) { + + if isNil(matcher.Expected) { + return false, fmt.Errorf("Expected error is nil, use \"ToNot(HaveOccurred())\" to explicitly check for nil errors") + } + + if isNil(actual) { + return false, fmt.Errorf("Expected an error, got nil") + } + + if !isError(actual) { + return false, fmt.Errorf("Expected an error. Got:\n%s", format.Object(actual, 1)) + } + + actualErr := actual.(error) + + return errors.Is(actualErr, matcher.Expected), nil +} + +func (matcher *MatchErrorStrictlyMatcher) FailureMessage(actual any) (message string) { + return format.Message(actual, "to match error", matcher.Expected) +} + +func (matcher *MatchErrorStrictlyMatcher) NegatedFailureMessage(actual any) (message string) { + return format.Message(actual, "not to match error", matcher.Expected) +} diff --git a/vendor/github.com/onsi/gomega/matchers/support/goraph/edge/edge.go b/vendor/github.com/onsi/gomega/matchers/support/goraph/edge/edge.go index 8c38411b28..72edba20f7 100644 --- a/vendor/github.com/onsi/gomega/matchers/support/goraph/edge/edge.go +++ b/vendor/github.com/onsi/gomega/matchers/support/goraph/edge/edge.go @@ -1,6 +1,9 @@ package edge -import . "github.com/onsi/gomega/matchers/support/goraph/node" +import ( + . "github.com/onsi/gomega/matchers/support/goraph/node" + "slices" +) type Edge struct { Node1 int @@ -20,13 +23,7 @@ func (ec EdgeSet) Free(node Node) bool { } func (ec EdgeSet) Contains(edge Edge) bool { - for _, e := range ec { - if e == edge { - return true - } - } - - return false + return slices.Contains(ec, edge) } func (ec EdgeSet) FindByNodes(node1, node2 Node) (Edge, bool) { diff --git a/vendor/github.com/openshift/api/.coderabbit.yaml b/vendor/github.com/openshift/api/.coderabbit.yaml index a3ee2d122e..4f015d3cb0 100644 --- a/vendor/github.com/openshift/api/.coderabbit.yaml +++ b/vendor/github.com/openshift/api/.coderabbit.yaml @@ -1,3 +1,4 @@ +inheritance: true language: en-US reviews: profile: chill diff --git a/vendor/github.com/openshift/api/Makefile b/vendor/github.com/openshift/api/Makefile index 9b32b58e43..ac20137fad 100644 --- a/vendor/github.com/openshift/api/Makefile +++ b/vendor/github.com/openshift/api/Makefile @@ -4,7 +4,7 @@ all: build update: update-non-codegen update-codegen RUNTIME ?= podman -RUNTIME_IMAGE_NAME ?= registry.ci.openshift.org/openshift/release:rhel-9-release-golang-1.24-openshift-4.20 +RUNTIME_IMAGE_NAME ?= registry.ci.openshift.org/openshift/release:rhel-9-release-golang-1.25-openshift-4.22 EXCLUDE_DIRS := _output/ dependencymagnet/ hack/ third_party/ tls/ tools/ vendor/ tests/ GO_PACKAGES :=$(addsuffix ...,$(addprefix ./,$(filter-out $(EXCLUDE_DIRS), $(wildcard */)))) diff --git a/vendor/github.com/openshift/api/config/v1/types_apiserver.go b/vendor/github.com/openshift/api/config/v1/types_apiserver.go index 31d8881858..b8a4399dbc 100644 --- a/vendor/github.com/openshift/api/config/v1/types_apiserver.go +++ b/vendor/github.com/openshift/api/config/v1/types_apiserver.go @@ -34,6 +34,7 @@ type APIServer struct { Status APIServerStatus `json:"status"` } +// +openshift:validation:FeatureGateAwareXValidation:featureGate=TLSAdherence,rule="has(oldSelf.tlsAdherence) ? has(self.tlsAdherence) : true",message="tlsAdherence may not be removed once set" type APIServerSpec struct { // servingCert is the TLS cert info for serving secure traffic. If not specified, operator managed certificates // will be used for serving secure traffic. @@ -62,6 +63,39 @@ type APIServerSpec struct { // The current default is the Intermediate profile. // +optional TLSSecurityProfile *TLSSecurityProfile `json:"tlsSecurityProfile,omitempty"` + // tlsAdherence controls if components in the cluster adhere to the TLS security profile + // configured on this APIServer resource. + // + // Valid values are "LegacyAdheringComponentsOnly" and "StrictAllComponents". + // + // When set to "LegacyAdheringComponentsOnly", components that already honor the + // cluster-wide TLS profile continue to do so. Components that do not already honor + // it continue to use their individual TLS configurations. + // + // When set to "StrictAllComponents", all components must honor the configured TLS + // profile unless they have a component-specific TLS configuration that overrides + // it. This mode is recommended for security-conscious deployments and is required + // for certain compliance frameworks. + // + // Note: Some components such as Kubelet and IngressController have their own + // dedicated TLS configuration mechanisms via KubeletConfig and IngressController + // CRs respectively. When these component-specific TLS configurations are set, + // they take precedence over the cluster-wide tlsSecurityProfile. When not set, + // these components fall back to the cluster-wide default. + // + // Components that encounter an unknown value for tlsAdherence should treat it + // as "StrictAllComponents" and log a warning to ensure forward compatibility + // while defaulting to the more secure behavior. + // + // This field is optional. + // When omitted, this means the user has no opinion and the platform is left + // to choose reasonable defaults. These defaults are subject to change over time. + // The current default is LegacyAdheringComponentsOnly. + // + // Once set, this field may be changed to a different value, but may not be removed. + // +openshift:enable:FeatureGate=TLSAdherence + // +optional + TLSAdherence TLSAdherencePolicy `json:"tlsAdherence,omitempty"` // audit specifies the settings for audit configuration to be applied to all OpenShift-provided // API servers in the cluster. // +optional @@ -237,6 +271,35 @@ const ( type APIServerStatus struct { } +// TLSAdherencePolicy defines which components adhere to the TLS security profile. +// Implementors should use the ShouldHonorClusterTLSProfile helper function from library-go +// rather than checking these values directly. +// +kubebuilder:validation:Enum=LegacyAdheringComponentsOnly;StrictAllComponents +type TLSAdherencePolicy string + +const ( + // TLSAdherencePolicyNoOpinion represents an empty/unset value for tlsAdherence. + // This value cannot be explicitly set and is only present when the field is omitted. + // When the field is omitted, the cluster defaults to LegacyAdheringComponentsOnly + // behavior. Components should treat this the same as LegacyAdheringComponentsOnly. + TLSAdherencePolicyNoOpinion TLSAdherencePolicy = "" + + // TLSAdherencePolicyLegacyAdheringComponentsOnly maintains backward-compatible behavior. + // Components that already honor the cluster-wide TLS profile (such as kube-apiserver, + // openshift-apiserver, oauth-apiserver, and others) continue to do so. Components that do + // not already honor it continue to use their individual TLS configurations (e.g., + // IngressController.spec.tlsSecurityProfile, KubeletConfig.spec.tlsSecurityProfile, + // or component defaults). No additional components are required to start honoring the + // cluster-wide profile in this mode. + TLSAdherencePolicyLegacyAdheringComponentsOnly TLSAdherencePolicy = "LegacyAdheringComponentsOnly" + + // TLSAdherencePolicyStrictAllComponents means all components must honor the configured TLS + // profile unless they have a component-specific TLS configuration that overrides it. + // This mode is recommended for security-conscious deployments and is required + // for certain compliance frameworks. + TLSAdherencePolicyStrictAllComponents TLSAdherencePolicy = "StrictAllComponents" +) + // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). diff --git a/vendor/github.com/openshift/api/config/v1/types_cluster_version.go b/vendor/github.com/openshift/api/config/v1/types_cluster_version.go index 5f36f693de..f8d45114a8 100644 --- a/vendor/github.com/openshift/api/config/v1/types_cluster_version.go +++ b/vendor/github.com/openshift/api/config/v1/types_cluster_version.go @@ -283,6 +283,16 @@ type UpdateHistory struct { // ClusterID is string RFC4122 uuid. type ClusterID string +// UpdateMode defines how an update should be processed. +// +enum +// +kubebuilder:validation:Enum=Preflight +type UpdateMode string + +const ( + // UpdateModePreflight allows an update to be checked for compatibility without committing to updating the cluster. + UpdateModePreflight UpdateMode = "Preflight" +) + // ClusterVersionArchitecture enumerates valid cluster architectures. // +kubebuilder:validation:Enum="Multi";"" type ClusterVersionArchitecture string @@ -760,6 +770,22 @@ type Update struct { // +listMapKey=name // +optional AcceptRisks []AcceptRisk `json:"acceptRisks,omitempty"` + + // mode determines how an update should be processed. + // The only valid value is "Preflight". + // When omitted, the cluster performs a normal update by applying the specified version or image to the cluster. + // This is the standard update behavior. + // When set to "Preflight", the cluster runs compatibility checks against the target release without + // performing an actual update. Compatibility results, including any detected risks, are reported + // in status.conditionalUpdates and status.conditionalUpdateRisks alongside risks from the update + // recommendation service. + // This allows administrators to assess update readiness and address issues before committing to the update. + // Preflight mode is particularly useful for skip-level updates where upgrade compatibility needs to be + // verified across multiple minor versions. + // When mode is set to "Preflight", the same rules for version, image, and architecture apply as for normal updates. + // +openshift:enable:FeatureGate=ClusterUpdatePreflight + // +optional + Mode UpdateMode `json:"mode,omitempty"` } // AcceptRisk represents a risk that is considered acceptable. diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-CustomNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-CustomNoUpgrade.crd.yaml index c89d45ddcd..0deb9ba086 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-CustomNoUpgrade.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-CustomNoUpgrade.crd.yaml @@ -218,6 +218,23 @@ spec: When image is set, architecture cannot be specified. If both version and image are set, the version extracted from the referenced image must match the specified version. type: string + mode: + description: |- + mode determines how an update should be processed. + The only valid value is "Preflight". + When omitted, the cluster performs a normal update by applying the specified version or image to the cluster. + This is the standard update behavior. + When set to "Preflight", the cluster runs compatibility checks against the target release without + performing an actual update. Compatibility results, including any detected risks, are reported + in status.conditionalUpdates and status.conditionalUpdateRisks alongside risks from the update + recommendation service. + This allows administrators to assess update readiness and address issues before committing to the update. + Preflight mode is particularly useful for skip-level updates where upgrade compatibility needs to be + verified across multiple minor versions. + When mode is set to "Preflight", the same rules for version, image, and architecture apply as for normal updates. + enum: + - Preflight + type: string version: description: |- version is a semantic version identifying the update version. diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-DevPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-DevPreviewNoUpgrade.crd.yaml index f24b2a16a1..70a09d3ff0 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-DevPreviewNoUpgrade.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-DevPreviewNoUpgrade.crd.yaml @@ -218,6 +218,23 @@ spec: When image is set, architecture cannot be specified. If both version and image are set, the version extracted from the referenced image must match the specified version. type: string + mode: + description: |- + mode determines how an update should be processed. + The only valid value is "Preflight". + When omitted, the cluster performs a normal update by applying the specified version or image to the cluster. + This is the standard update behavior. + When set to "Preflight", the cluster runs compatibility checks against the target release without + performing an actual update. Compatibility results, including any detected risks, are reported + in status.conditionalUpdates and status.conditionalUpdateRisks alongside risks from the update + recommendation service. + This allows administrators to assess update readiness and address issues before committing to the update. + Preflight mode is particularly useful for skip-level updates where upgrade compatibility needs to be + verified across multiple minor versions. + When mode is set to "Preflight", the same rules for version, image, and architecture apply as for normal updates. + enum: + - Preflight + type: string version: description: |- version is a semantic version identifying the update version. diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-CustomNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-CustomNoUpgrade.crd.yaml index 2e45da09e5..d2ba7fc325 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-CustomNoUpgrade.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-CustomNoUpgrade.crd.yaml @@ -292,6 +292,42 @@ spec: type: array x-kubernetes-list-type: atomic type: object + tlsAdherence: + description: |- + tlsAdherence controls if components in the cluster adhere to the TLS security profile + configured on this APIServer resource. + + Valid values are "LegacyAdheringComponentsOnly" and "StrictAllComponents". + + When set to "LegacyAdheringComponentsOnly", components that already honor the + cluster-wide TLS profile continue to do so. Components that do not already honor + it continue to use their individual TLS configurations. + + When set to "StrictAllComponents", all components must honor the configured TLS + profile unless they have a component-specific TLS configuration that overrides + it. This mode is recommended for security-conscious deployments and is required + for certain compliance frameworks. + + Note: Some components such as Kubelet and IngressController have their own + dedicated TLS configuration mechanisms via KubeletConfig and IngressController + CRs respectively. When these component-specific TLS configurations are set, + they take precedence over the cluster-wide tlsSecurityProfile. When not set, + these components fall back to the cluster-wide default. + + Components that encounter an unknown value for tlsAdherence should treat it + as "StrictAllComponents" and log a warning to ensure forward compatibility + while defaulting to the more secure behavior. + + This field is optional. + When omitted, this means the user has no opinion and the platform is left + to choose reasonable defaults. These defaults are subject to change over time. + The current default is LegacyAdheringComponentsOnly. + + Once set, this field may be changed to a different value, but may not be removed. + enum: + - LegacyAdheringComponentsOnly + - StrictAllComponents + type: string tlsSecurityProfile: description: |- tlsSecurityProfile specifies settings for TLS connections for externally exposed servers. @@ -427,6 +463,9 @@ spec: type: string type: object type: object + x-kubernetes-validations: + - message: tlsAdherence may not be removed once set + rule: 'has(oldSelf.tlsAdherence) ? has(self.tlsAdherence) : true' status: description: status holds observed values from the cluster. They may not be overridden. diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-DevPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-DevPreviewNoUpgrade.crd.yaml index 23c4381442..cabbd04bb7 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-DevPreviewNoUpgrade.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-DevPreviewNoUpgrade.crd.yaml @@ -292,6 +292,42 @@ spec: type: array x-kubernetes-list-type: atomic type: object + tlsAdherence: + description: |- + tlsAdherence controls if components in the cluster adhere to the TLS security profile + configured on this APIServer resource. + + Valid values are "LegacyAdheringComponentsOnly" and "StrictAllComponents". + + When set to "LegacyAdheringComponentsOnly", components that already honor the + cluster-wide TLS profile continue to do so. Components that do not already honor + it continue to use their individual TLS configurations. + + When set to "StrictAllComponents", all components must honor the configured TLS + profile unless they have a component-specific TLS configuration that overrides + it. This mode is recommended for security-conscious deployments and is required + for certain compliance frameworks. + + Note: Some components such as Kubelet and IngressController have their own + dedicated TLS configuration mechanisms via KubeletConfig and IngressController + CRs respectively. When these component-specific TLS configurations are set, + they take precedence over the cluster-wide tlsSecurityProfile. When not set, + these components fall back to the cluster-wide default. + + Components that encounter an unknown value for tlsAdherence should treat it + as "StrictAllComponents" and log a warning to ensure forward compatibility + while defaulting to the more secure behavior. + + This field is optional. + When omitted, this means the user has no opinion and the platform is left + to choose reasonable defaults. These defaults are subject to change over time. + The current default is LegacyAdheringComponentsOnly. + + Once set, this field may be changed to a different value, but may not be removed. + enum: + - LegacyAdheringComponentsOnly + - StrictAllComponents + type: string tlsSecurityProfile: description: |- tlsSecurityProfile specifies settings for TLS connections for externally exposed servers. @@ -427,6 +463,9 @@ spec: type: string type: object type: object + x-kubernetes-validations: + - message: tlsAdherence may not be removed once set + rule: 'has(oldSelf.tlsAdherence) ? has(self.tlsAdherence) : true' status: description: status holds observed values from the cluster. They may not be overridden. diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-TechPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-TechPreviewNoUpgrade.crd.yaml index 1d75d68e5a..b21c31dd43 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-TechPreviewNoUpgrade.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-TechPreviewNoUpgrade.crd.yaml @@ -224,6 +224,42 @@ spec: type: array x-kubernetes-list-type: atomic type: object + tlsAdherence: + description: |- + tlsAdherence controls if components in the cluster adhere to the TLS security profile + configured on this APIServer resource. + + Valid values are "LegacyAdheringComponentsOnly" and "StrictAllComponents". + + When set to "LegacyAdheringComponentsOnly", components that already honor the + cluster-wide TLS profile continue to do so. Components that do not already honor + it continue to use their individual TLS configurations. + + When set to "StrictAllComponents", all components must honor the configured TLS + profile unless they have a component-specific TLS configuration that overrides + it. This mode is recommended for security-conscious deployments and is required + for certain compliance frameworks. + + Note: Some components such as Kubelet and IngressController have their own + dedicated TLS configuration mechanisms via KubeletConfig and IngressController + CRs respectively. When these component-specific TLS configurations are set, + they take precedence over the cluster-wide tlsSecurityProfile. When not set, + these components fall back to the cluster-wide default. + + Components that encounter an unknown value for tlsAdherence should treat it + as "StrictAllComponents" and log a warning to ensure forward compatibility + while defaulting to the more secure behavior. + + This field is optional. + When omitted, this means the user has no opinion and the platform is left + to choose reasonable defaults. These defaults are subject to change over time. + The current default is LegacyAdheringComponentsOnly. + + Once set, this field may be changed to a different value, but may not be removed. + enum: + - LegacyAdheringComponentsOnly + - StrictAllComponents + type: string tlsSecurityProfile: description: |- tlsSecurityProfile specifies settings for TLS connections for externally exposed servers. @@ -359,6 +395,9 @@ spec: type: string type: object type: object + x-kubernetes-validations: + - message: tlsAdherence may not be removed once set + rule: 'has(oldSelf.tlsAdherence) ? has(self.tlsAdherence) : true' status: description: status holds observed values from the cluster. They may not be overridden. diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml b/vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml index eb7c485e03..4b768c3898 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml @@ -8,6 +8,7 @@ apiservers.config.openshift.io: FeatureGates: - KMSEncryption - KMSEncryptionProvider + - TLSAdherence FilenameOperatorName: config-operator FilenameOperatorOrdering: "01" FilenameRunLevel: "0000_10" @@ -144,6 +145,7 @@ clusterversions.config.openshift.io: Category: "" FeatureGates: - ClusterUpdateAcceptRisks + - ClusterUpdatePreflight - ImageStreamImportMode - SignatureStores FilenameOperatorName: cluster-version-operator diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go index 621dbbebdf..a30061c252 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go @@ -319,6 +319,7 @@ var map_APIServerSpec = map[string]string{ "additionalCORSAllowedOrigins": "additionalCORSAllowedOrigins lists additional, user-defined regular expressions describing hosts for which the API server allows access using the CORS headers. This may be needed to access the API and the integrated OAuth server from JavaScript applications. The values are regular expressions that correspond to the Golang regular expression language.", "encryption": "encryption allows the configuration of encryption of resources at the datastore layer.", "tlsSecurityProfile": "tlsSecurityProfile specifies settings for TLS connections for externally exposed servers.\n\nWhen omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is the Intermediate profile.", + "tlsAdherence": "tlsAdherence controls if components in the cluster adhere to the TLS security profile configured on this APIServer resource.\n\nValid values are \"LegacyAdheringComponentsOnly\" and \"StrictAllComponents\".\n\nWhen set to \"LegacyAdheringComponentsOnly\", components that already honor the cluster-wide TLS profile continue to do so. Components that do not already honor it continue to use their individual TLS configurations.\n\nWhen set to \"StrictAllComponents\", all components must honor the configured TLS profile unless they have a component-specific TLS configuration that overrides it. This mode is recommended for security-conscious deployments and is required for certain compliance frameworks.\n\nNote: Some components such as Kubelet and IngressController have their own dedicated TLS configuration mechanisms via KubeletConfig and IngressController CRs respectively. When these component-specific TLS configurations are set, they take precedence over the cluster-wide tlsSecurityProfile. When not set, these components fall back to the cluster-wide default.\n\nComponents that encounter an unknown value for tlsAdherence should treat it as \"StrictAllComponents\" and log a warning to ensure forward compatibility while defaulting to the more secure behavior.\n\nThis field is optional. When omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default is LegacyAdheringComponentsOnly.\n\nOnce set, this field may be changed to a different value, but may not be removed.", "audit": "audit specifies the settings for audit configuration to be applied to all OpenShift-provided API servers in the cluster.", } @@ -917,6 +918,7 @@ var map_Update = map[string]string{ "image": "image is a container image location that contains the update. image should be used when the desired version does not exist in availableUpdates or history. When image is set, architecture cannot be specified. If both version and image are set, the version extracted from the referenced image must match the specified version.", "force": "force allows an administrator to update to an image that has failed verification or upgradeable checks that are designed to keep your cluster safe. Only use this if: * you are testing unsigned release images in short-lived test clusters or * you are working around a known bug in the cluster-version\n operator and you have verified the authenticity of the provided\n image yourself.\nThe provided image will run with full administrative access to the cluster. Do not use this flag with images that come from unknown or potentially malicious sources.", "acceptRisks": "acceptRisks is an optional set of names of conditional update risks that are considered acceptable. A conditional update is performed only if all of its risks are acceptable. This list may contain entries that apply to current, previous or future updates. The entries therefore may not map directly to a risk in .status.conditionalUpdateRisks. acceptRisks must not contain more than 1000 entries. Entries in this list must be unique.", + "mode": "mode determines how an update should be processed. The only valid value is \"Preflight\". When omitted, the cluster performs a normal update by applying the specified version or image to the cluster. This is the standard update behavior. When set to \"Preflight\", the cluster runs compatibility checks against the target release without performing an actual update. Compatibility results, including any detected risks, are reported in status.conditionalUpdates and status.conditionalUpdateRisks alongside risks from the update recommendation service. This allows administrators to assess update readiness and address issues before committing to the update. Preflight mode is particularly useful for skip-level updates where upgrade compatibility needs to be verified across multiple minor versions. When mode is set to \"Preflight\", the same rules for version, image, and architecture apply as for normal updates.", } func (Update) SwaggerDoc() map[string]string { diff --git a/vendor/github.com/openshift/api/config/v1alpha1/register.go b/vendor/github.com/openshift/api/config/v1alpha1/register.go index 383d19e7e6..1d84b71079 100644 --- a/vendor/github.com/openshift/api/config/v1alpha1/register.go +++ b/vendor/github.com/openshift/api/config/v1alpha1/register.go @@ -36,10 +36,6 @@ func addKnownTypes(scheme *runtime.Scheme) error { &InsightsDataGatherList{}, &Backup{}, &BackupList{}, - &ImagePolicy{}, - &ImagePolicyList{}, - &ClusterImagePolicy{}, - &ClusterImagePolicyList{}, &CRIOCredentialProviderConfig{}, &CRIOCredentialProviderConfigList{}, &PKI{}, diff --git a/vendor/github.com/openshift/api/config/v1alpha1/types_cluster_image_policy.go b/vendor/github.com/openshift/api/config/v1alpha1/types_cluster_image_policy.go deleted file mode 100644 index e8d7603d7b..0000000000 --- a/vendor/github.com/openshift/api/config/v1alpha1/types_cluster_image_policy.go +++ /dev/null @@ -1,80 +0,0 @@ -package v1alpha1 - -import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - -// +genclient -// +genclient:nonNamespaced -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// ClusterImagePolicy holds cluster-wide configuration for image signature verification -// -// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. -// +kubebuilder:object:root=true -// +kubebuilder:resource:path=clusterimagepolicies,scope=Cluster -// +kubebuilder:subresource:status -// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/1457 -// +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=config-operator,operatorOrdering=01 -// +openshift:enable:FeatureGate=SigstoreImageVerification -// +openshift:compatibility-gen:level=4 -type ClusterImagePolicy struct { - metav1.TypeMeta `json:",inline"` - - // metadata is the standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - metav1.ObjectMeta `json:"metadata,omitempty"` - - // spec contains the configuration for the cluster image policy. - // +required - Spec ClusterImagePolicySpec `json:"spec"` - // status contains the observed state of the resource. - // +optional - Status ClusterImagePolicyStatus `json:"status,omitempty"` -} - -// CLusterImagePolicySpec is the specification of the ClusterImagePolicy custom resource. -type ClusterImagePolicySpec struct { - // scopes defines the list of image identities assigned to a policy. Each item refers to a scope in a registry implementing the "Docker Registry HTTP API V2". - // Scopes matching individual images are named Docker references in the fully expanded form, either using a tag or digest. For example, docker.io/library/busybox:latest (not busybox:latest). - // More general scopes are prefixes of individual-image scopes, and specify a repository (by omitting the tag or digest), a repository - // namespace, or a registry host (by only specifying the host name and possibly a port number) or a wildcard expression starting with `*.`, for matching all subdomains (not including a port number). - // Wildcards are only supported for subdomain matching, and may not be used in the middle of the host, i.e. *.example.com is a valid case, but example*.*.com is not. - // If multiple scopes match a given image, only the policy requirements for the most specific scope apply. The policy requirements for more general scopes are ignored. - // In addition to setting a policy appropriate for your own deployed applications, make sure that a policy on the OpenShift image repositories - // quay.io/openshift-release-dev/ocp-release, quay.io/openshift-release-dev/ocp-v4.0-art-dev (or on a more general scope) allows deployment of the OpenShift images required for cluster operation. - // If a scope is configured in both the ClusterImagePolicy and the ImagePolicy, or if the scope in ImagePolicy is nested under one of the scopes from the ClusterImagePolicy, only the policy from the ClusterImagePolicy will be applied. - // For additional details about the format, please refer to the document explaining the docker transport field, - // which can be found at: https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md#docker - // +required - // +kubebuilder:validation:MaxItems=256 - // +listType=set - Scopes []ImageScope `json:"scopes"` - // policy contains configuration to allow scopes to be verified, and defines how - // images not matching the verification policy will be treated. - // +required - Policy ImageSigstoreVerificationPolicy `json:"policy"` -} - -// +k8s:deepcopy-gen=true -type ClusterImagePolicyStatus struct { - // conditions provide details on the status of this API Resource. - // +listType=map - // +listMapKey=type - // +optional - Conditions []metav1.Condition `json:"conditions,omitempty"` -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// ClusterImagePolicyList is a list of ClusterImagePolicy resources -// -// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. -// +openshift:compatibility-gen:level=4 -type ClusterImagePolicyList struct { - metav1.TypeMeta `json:",inline"` - - // metadata is the standard list's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - metav1.ListMeta `json:"metadata"` - - Items []ClusterImagePolicy `json:"items"` -} diff --git a/vendor/github.com/openshift/api/config/v1alpha1/types_cluster_monitoring.go b/vendor/github.com/openshift/api/config/v1alpha1/types_cluster_monitoring.go index e72f537f99..48ca1aed8a 100644 --- a/vendor/github.com/openshift/api/config/v1alpha1/types_cluster_monitoring.go +++ b/vendor/github.com/openshift/api/config/v1alpha1/types_cluster_monitoring.go @@ -89,6 +89,19 @@ type ClusterMonitoringSpec struct { // The current default value is `DefaultConfig`. // +optional AlertmanagerConfig AlertmanagerConfig `json:"alertmanagerConfig,omitempty,omitzero"` + // prometheusConfig provides configuration options for the default platform Prometheus instance + // that runs in the `openshift-monitoring` namespace. This configuration applies only to the + // platform Prometheus instance; user-workload Prometheus instances are configured separately. + // + // This field allows you to customize how the platform Prometheus is deployed and operated, including: + // - Pod scheduling (node selectors, tolerations, topology spread constraints) + // - Resource allocation (CPU, memory requests/limits) + // - Retention policies (how long metrics are stored) + // - External integrations (remote write, additional alertmanagers) + // + // This field is optional. When omitted, the platform chooses reasonable defaults, which may change over time. + // +optional + PrometheusConfig PrometheusConfig `json:"prometheusConfig,omitempty,omitzero"` // metricsServerConfig is an optional field that can be used to configure the Kubernetes Metrics Server that runs in the openshift-monitoring namespace. // Specifically, it can configure how the Metrics Server instance is deployed, pod scheduling, its audit policy and log verbosity. // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. @@ -107,6 +120,85 @@ type ClusterMonitoringSpec struct { // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. // +optional PrometheusOperatorAdmissionWebhookConfig PrometheusOperatorAdmissionWebhookConfig `json:"prometheusOperatorAdmissionWebhookConfig,omitempty,omitzero"` + // openShiftStateMetricsConfig is an optional field that can be used to configure the openshift-state-metrics + // agent that runs in the openshift-monitoring namespace. The openshift-state-metrics agent generates metrics + // about the state of OpenShift-specific Kubernetes objects, such as routes, builds, and deployments. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // +optional + OpenShiftStateMetricsConfig OpenShiftStateMetricsConfig `json:"openShiftStateMetricsConfig,omitempty,omitzero"` +} + +// OpenShiftStateMetricsConfig provides configuration options for the openshift-state-metrics agent +// that runs in the `openshift-monitoring` namespace. The openshift-state-metrics agent generates +// metrics about the state of OpenShift-specific Kubernetes objects, such as routes, builds, and deployments. +// +kubebuilder:validation:MinProperties=1 +type OpenShiftStateMetricsConfig struct { + // nodeSelector defines the nodes on which the Pods are scheduled. + // nodeSelector is optional. + // + // When omitted, this means the user has no opinion and the platform is left + // to choose reasonable defaults. These defaults are subject to change over time. + // The current default value is `kubernetes.io/os: linux`. + // When specified, nodeSelector must contain at least 1 entry and must not contain more than 10 entries. + // +optional + // +kubebuilder:validation:MinProperties=1 + // +kubebuilder:validation:MaxProperties=10 + NodeSelector map[string]string `json:"nodeSelector,omitempty"` + // resources defines the compute resource requests and limits for the openshift-state-metrics container. + // This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. + // When not specified, defaults are used by the platform. Requests cannot exceed limits. + // This field is optional. + // More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + // This is a simplified API that maps to Kubernetes ResourceRequirements. + // The current default values are: + // resources: + // - name: cpu + // request: 1m + // limit: null + // - name: memory + // request: 32Mi + // limit: null + // Maximum length for this list is 10. + // Minimum length for this list is 1. + // Each resource name must be unique within this list. + // +optional + // +listType=map + // +listMapKey=name + // +kubebuilder:validation:MaxItems=10 + // +kubebuilder:validation:MinItems=1 + Resources []ContainerResource `json:"resources,omitempty"` + // tolerations defines tolerations for the pods. + // tolerations is optional. + // + // When omitted, this means the user has no opinion and the platform is left + // to choose reasonable defaults. These defaults are subject to change over time. + // Defaults are empty/unset. + // Maximum length for this list is 10. + // Minimum length for this list is 1. + // +kubebuilder:validation:MaxItems=10 + // +kubebuilder:validation:MinItems=1 + // +listType=atomic + // +optional + Tolerations []v1.Toleration `json:"tolerations,omitempty"` + // topologySpreadConstraints defines rules for how openshift-state-metrics Pods should be distributed + // across topology domains such as zones, nodes, or other user-defined labels. + // topologySpreadConstraints is optional. + // This helps improve high availability and resource efficiency by avoiding placing + // too many replicas in the same failure domain. + // + // When omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. + // This field maps directly to the `topologySpreadConstraints` field in the Pod spec. + // Default is empty list. + // Maximum length for this list is 10. + // Minimum length for this list is 1. + // Entries must have unique topologyKey and whenUnsatisfiable pairs. + // +kubebuilder:validation:MaxItems=10 + // +kubebuilder:validation:MinItems=1 + // +listType=map + // +listMapKey=topologyKey + // +listMapKey=whenUnsatisfiable + // +optional + TopologySpreadConstraints []v1.TopologySpreadConstraint `json:"topologySpreadConstraints,omitempty"` } // UserDefinedMonitoring config for user-defined projects. @@ -258,14 +350,12 @@ type AlertmanagerCustomConfig struct { // +listMapKey=whenUnsatisfiable // +optional TopologySpreadConstraints []v1.TopologySpreadConstraint `json:"topologySpreadConstraints,omitempty"` - // volumeClaimTemplate Defines persistent storage for Alertmanager. Use this setting to - // configure the persistent volume claim, including storage class, volume - // size, and name. + // volumeClaimTemplate defines persistent storage for Alertmanager. Use this setting to + // configure the persistent volume claim, including storage class and volume size. // If omitted, the Pod uses ephemeral storage and alert data will not persist // across restarts. - // This field is optional. // +optional - VolumeClaimTemplate *v1.PersistentVolumeClaim `json:"volumeClaimTemplate,omitempty"` + VolumeClaimTemplate *v1.PersistentVolumeClaim `json:"volumeClaimTemplate,omitempty,omitzero"` } // AlertManagerDeployMode defines the deployment state of the platform Alertmanager instance. @@ -286,19 +376,19 @@ const ( AlertManagerDeployModeCustomConfig AlertManagerDeployMode = "CustomConfig" ) -// logLevel defines the verbosity of logs emitted by Alertmanager. +// LogLevel defines the verbosity of logs emitted by Alertmanager. // Valid values are Error, Warn, Info and Debug. // +kubebuilder:validation:Enum=Error;Warn;Info;Debug type LogLevel string const ( - // Error only errors will be logged. + // LogLevelError only errors will be logged. LogLevelError LogLevel = "Error" - // Warn, both warnings and errors will be logged. + // LogLevelWarn, both warnings and errors will be logged. LogLevelWarn LogLevel = "Warn" - // Info, general information, warnings, and errors will all be logged. + // LogLevelInfo, general information, warnings, and errors will all be logged. LogLevelInfo LogLevel = "Info" - // Debug, detailed debugging information will be logged. + // LogLevelDebug, detailed debugging information will be logged. LogLevelDebug LogLevel = "Debug" ) @@ -322,7 +412,7 @@ type ContainerResource struct { // +kubebuilder:validation:XIntOrString // +kubebuilder:validation:MaxLength=20 // +kubebuilder:validation:MinLength=1 - // +kubebuilder:validation:XValidation:rule="isQuantity(self) && quantity(self).isGreaterThan(quantity('0'))",message="request must be a positive, non-zero quantity" + // +kubebuilder:validation:XValidation:rule="quantity(self).isGreaterThan(quantity('0'))",message="request must be a positive, non-zero quantity" Request resource.Quantity `json:"request,omitempty"` // limit is the maximum amount of the resource allowed (e.g. "2Mi", "1Gi"). @@ -333,7 +423,7 @@ type ContainerResource struct { // +kubebuilder:validation:XIntOrString // +kubebuilder:validation:MaxLength=20 // +kubebuilder:validation:MinLength=1 - // +kubebuilder:validation:XValidation:rule="isQuantity(self) && quantity(self).isGreaterThan(quantity('0'))",message="limit must be a positive, non-zero quantity" + // +kubebuilder:validation:XValidation:rule="quantity(self).isGreaterThan(quantity('0'))",message="limit must be a positive, non-zero quantity" Limit resource.Quantity `json:"limit,omitempty"` } @@ -566,6 +656,1084 @@ type PrometheusOperatorAdmissionWebhookConfig struct { TopologySpreadConstraints []v1.TopologySpreadConstraint `json:"topologySpreadConstraints,omitempty"` } +// PrometheusConfig provides configuration options for the Prometheus instance. +// Use this configuration to control +// Prometheus deployment, pod scheduling, resource allocation, retention policies, and external integrations. +// +kubebuilder:validation:MinProperties=1 +type PrometheusConfig struct { + // additionalAlertmanagerConfigs configures additional Alertmanager instances that receive alerts from + // the Prometheus component. This is useful for organizations that need to: + // - Send alerts to external monitoring systems (like PagerDuty, Slack, or custom webhooks) + // - Route different types of alerts to different teams or systems + // - Integrate with existing enterprise alerting infrastructure + // - Maintain separate alert routing for compliance or organizational requirements + // When omitted, no additional Alertmanager instances are configured (default behavior). + // When provided, at least one configuration must be specified (minimum 1, maximum 10 items). + // Entries must have unique names (name is the list key). + // +optional + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=10 + // +listType=map + // +listMapKey=name + AdditionalAlertmanagerConfigs []AdditionalAlertmanagerConfig `json:"additionalAlertmanagerConfigs,omitempty"` + // enforcedBodySizeLimitBytes enforces a body size limit (in bytes) for Prometheus scraped metrics. + // If a scraped target's body response is larger than the limit, the scrape will fail. + // This helps protect Prometheus from targets that return excessively large responses. + // The value is specified in bytes (e.g., 4194304 for 4MB, 1073741824 for 1GB). + // When omitted, the Cluster Monitoring Operator automatically calculates an appropriate + // limit based on cluster capacity. Set an explicit value to override the automatic calculation. + // Minimum value is 10240 (10kB). + // Maximum value is 1073741824 (1GB). + // +kubebuilder:validation:Minimum=10240 + // +kubebuilder:validation:Maximum=1073741824 + // +optional + EnforcedBodySizeLimitBytes int64 `json:"enforcedBodySizeLimitBytes,omitempty"` + // externalLabels defines labels to be attached to time series and alerts + // when communicating with external systems such as federation, remote storage, + // and Alertmanager. These labels are not stored with metrics on disk; they are + // only added when data leaves Prometheus (e.g., during federation queries, + // remote write, or alert notifications). + // At least 1 label must be specified when set, with a maximum of 50 labels allowed. + // Each label key must be unique within this list. + // When omitted, no external labels are applied. + // +optional + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=50 + // +listType=map + // +listMapKey=key + ExternalLabels []Label `json:"externalLabels,omitempty"` + // logLevel defines the verbosity of logs emitted by Prometheus. + // This field allows users to control the amount and severity of logs generated, which can be useful + // for debugging issues or reducing noise in production environments. + // Allowed values are Error, Warn, Info, and Debug. + // When set to Error, only errors will be logged. + // When set to Warn, both warnings and errors will be logged. + // When set to Info, general information, warnings, and errors will all be logged. + // When set to Debug, detailed debugging information will be logged. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. + // The current default value is `Info`. + // +optional + LogLevel LogLevel `json:"logLevel,omitempty"` + // nodeSelector defines the nodes on which the Pods are scheduled. + // nodeSelector is optional. + // + // When omitted, this means the user has no opinion and the platform is left + // to choose reasonable defaults. These defaults are subject to change over time. + // The current default value is `kubernetes.io/os: linux`. + // When specified, nodeSelector must contain at least one key-value pair (minimum of 1) + // and must not contain more than 10 entries. + // +optional + // +kubebuilder:validation:MinProperties=1 + // +kubebuilder:validation:MaxProperties=10 + NodeSelector map[string]string `json:"nodeSelector,omitempty"` + // queryLogFile specifies the file to which PromQL queries are logged. + // This setting can be either a filename, in which + // case the queries are saved to an `emptyDir` volume + // at `/var/log/prometheus`, or a full path to a location where + // an `emptyDir` volume will be mounted and the queries saved. + // Writing to `/dev/stderr`, `/dev/stdout` or `/dev/null` is supported, but + // writing to any other `/dev/` path is not supported. Relative paths are + // also not supported. + // By default, PromQL queries are not logged. + // Must be an absolute path starting with `/` or a simple filename without path separators. + // Must not contain consecutive slashes, end with a slash, or include '..' path traversal. + // Must contain only alphanumeric characters, '.', '_', '-', or '/'. + // Must be between 1 and 255 characters in length. + // +optional + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=255 + // +kubebuilder:validation:XValidation:rule="self.matches('^[a-zA-Z0-9._/-]+$')",message="must contain only alphanumeric characters, '.', '_', '-', or '/'" + // +kubebuilder:validation:XValidation:rule="self.startsWith('/') || !self.contains('/')",message="must be an absolute path starting with '/' or a simple filename without '/'" + // +kubebuilder:validation:XValidation:rule="!self.startsWith('/dev/') || self in ['/dev/stdout', '/dev/stderr', '/dev/null']",message="only /dev/stdout, /dev/stderr, and /dev/null are allowed as /dev/ paths" + // +kubebuilder:validation:XValidation:rule="!self.contains('//') && !self.endsWith('/') && !self.contains('..')",message="must not contain '//', end with '/', or contain '..'" + QueryLogFile string `json:"queryLogFile,omitempty"` + // remoteWrite defines the remote write configuration, including URL, authentication, and relabeling settings. + // Remote write allows Prometheus to send metrics it collects to external long-term storage systems. + // When omitted, no remote write endpoints are configured. + // When provided, at least one configuration must be specified (minimum 1, maximum 10 items). + // Entries must have unique names (name is the list key). + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=10 + // +listType=map + // +listMapKey=name + // +optional + RemoteWrite []RemoteWriteSpec `json:"remoteWrite,omitempty"` + // resources defines the compute resource requests and limits for the Prometheus container. + // This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. + // When not specified, defaults are used by the platform. Requests cannot exceed limits. + // Each entry must have a unique resource name. + // Minimum of 1 and maximum of 10 resource entries can be specified. + // The current default values are: + // resources: + // - name: cpu + // request: 4m + // - name: memory + // request: 40Mi + // +optional + // +listType=map + // +listMapKey=name + // +kubebuilder:validation:MaxItems=10 + // +kubebuilder:validation:MinItems=1 + Resources []ContainerResource `json:"resources,omitempty"` + // retention configures how long Prometheus retains metrics data and how much storage it can use. + // When omitted, the platform chooses reasonable defaults (currently 15 days retention, no size limit). + // +optional + Retention Retention `json:"retention,omitempty,omitzero"` + // tolerations defines tolerations for the pods. + // tolerations is optional. + // + // When omitted, this means the user has no opinion and the platform is left + // to choose reasonable defaults. These defaults are subject to change over time. + // Defaults are empty/unset. + // Maximum length for this list is 10 + // Minimum length for this list is 1 + // +kubebuilder:validation:MaxItems=10 + // +kubebuilder:validation:MinItems=1 + // +listType=atomic + // +optional + Tolerations []v1.Toleration `json:"tolerations,omitempty"` + // topologySpreadConstraints defines rules for how Prometheus Pods should be distributed + // across topology domains such as zones, nodes, or other user-defined labels. + // topologySpreadConstraints is optional. + // This helps improve high availability and resource efficiency by avoiding placing + // too many replicas in the same failure domain. + // + // When omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. + // This field maps directly to the `topologySpreadConstraints` field in the Pod spec. + // Default is empty list. + // Maximum length for this list is 10. + // Minimum length for this list is 1 + // Entries must have unique topologyKey and whenUnsatisfiable pairs. + // +kubebuilder:validation:MaxItems=10 + // +kubebuilder:validation:MinItems=1 + // +listType=map + // +listMapKey=topologyKey + // +listMapKey=whenUnsatisfiable + // +optional + TopologySpreadConstraints []v1.TopologySpreadConstraint `json:"topologySpreadConstraints,omitempty"` + // collectionProfile defines the metrics collection profile that Prometheus uses to collect + // metrics from the platform components. Supported values are `Full` or + // `Minimal`. In the `Full` profile (default), Prometheus collects all + // metrics that are exposed by the platform components. In the `Minimal` + // profile, Prometheus only collects metrics necessary for the default + // platform alerts, recording rules, telemetry and console dashboards. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // The default value is `Full`. + // +optional + CollectionProfile CollectionProfile `json:"collectionProfile,omitempty"` + // volumeClaimTemplate defines persistent storage for Prometheus. Use this setting to + // configure the persistent volume claim, including storage class and volume size. + // If omitted, the Pod uses ephemeral storage and Prometheus data will not persist + // across restarts. + // +optional + VolumeClaimTemplate *v1.PersistentVolumeClaim `json:"volumeClaimTemplate,omitempty,omitzero"` +} + +// AlertmanagerScheme defines the URL scheme to use when communicating with Alertmanager instances. +// +kubebuilder:validation:Enum=HTTP;HTTPS +type AlertmanagerScheme string + +const ( + AlertmanagerSchemeHTTP AlertmanagerScheme = "HTTP" + AlertmanagerSchemeHTTPS AlertmanagerScheme = "HTTPS" +) + +// AdditionalAlertmanagerConfig represents configuration for additional Alertmanager instances. +// The `AdditionalAlertmanagerConfig` resource defines settings for how a +// component communicates with additional Alertmanager instances. +type AdditionalAlertmanagerConfig struct { + // name is a unique identifier for this Alertmanager configuration entry. + // The name must be a valid DNS subdomain (RFC 1123): lowercase alphanumeric characters, + // hyphens, or periods, and must start and end with an alphanumeric character. + // Minimum length is 1 character (empty string is invalid). + // Maximum length is 253 characters. + // +kubebuilder:validation:MaxLength=253 + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:XValidation:rule="!format.dns1123Subdomain().validate(self).hasValue()",message="a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character." + // +required + Name string `json:"name,omitempty"` + // authorization configures the authentication method for Alertmanager connections. + // Supports bearer token authentication. When omitted, no authentication is used. + // +optional + Authorization AuthorizationConfig `json:"authorization,omitempty,omitzero"` + // pathPrefix defines an optional URL path prefix to prepend to the Alertmanager API endpoints. + // For example, if your Alertmanager is behind a reverse proxy at "/alertmanager/", + // set this to "/alertmanager" so requests go to "/alertmanager/api/v1/alerts" instead of "/api/v1/alerts". + // This is commonly needed when Alertmanager is deployed behind ingress controllers or load balancers. + // When no prefix is needed, omit this field; do not set it to "/" as that would produce paths with double slashes (e.g. "//api/v1/alerts"). + // Must start with "/", must not end with "/", and must not be exactly "/". + // Must not contain query strings ("?") or fragments ("#"). + // +kubebuilder:validation:MaxLength=255 + // +kubebuilder:validation:MinLength=2 + // +kubebuilder:validation:XValidation:rule="self.startsWith('/')",message="pathPrefix must start with '/'" + // +kubebuilder:validation:XValidation:rule="!self.endsWith('/')",message="pathPrefix must not end with '/'" + // +kubebuilder:validation:XValidation:rule="self != '/'",message="pathPrefix must not be '/' (would produce double slashes in request path); omit for no prefix" + // +kubebuilder:validation:XValidation:rule="!self.contains('?') && !self.contains('#')",message="pathPrefix must not contain '?' or '#'" + // +optional + PathPrefix string `json:"pathPrefix,omitempty"` + // scheme defines the URL scheme to use when communicating with Alertmanager + // instances. + // Possible values are `HTTP` or `HTTPS`. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // The current default value is `HTTP`. + // +optional + Scheme AlertmanagerScheme `json:"scheme,omitempty"` + // staticConfigs is a list of statically configured Alertmanager endpoints in the form + // of `:`. Each entry must be a valid hostname, IPv4 address, or IPv6 address + // (in brackets) followed by a colon and a valid port number (1-65535). + // Examples: "alertmanager.example.com:9093", "192.168.1.100:9093", "[::1]:9093" + // At least one endpoint must be specified (minimum 1, maximum 10 endpoints). + // Each entry must be unique and non-empty (empty string is invalid). + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=10 + // +kubebuilder:validation:items:MinLength=1 + // +kubebuilder:validation:items:MaxLength=255 + // +kubebuilder:validation:items:XValidation:rule="isURL('http://' + self) && size(url('http://' + self).getHostname()) > 0 && size(url('http://' + self).getPort()) > 0 && int(url('http://' + self).getPort()) >= 1 && int(url('http://' + self).getPort()) <= 65535",message="must be a valid 'host:port' where host is a DNS name, IPv4, or IPv6 address (in brackets), and port is 1-65535" + // +listType=set + // +required + StaticConfigs []string `json:"staticConfigs,omitempty"` + // timeoutSeconds defines the timeout in seconds for requests to Alertmanager. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // Currently the default is 10 seconds. + // Minimum value is 1 second. + // Maximum value is 600 seconds (10 minutes). + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=600 + // +optional + TimeoutSeconds int32 `json:"timeoutSeconds,omitempty"` + // tlsConfig defines the TLS settings to use for Alertmanager connections. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // +optional + TLSConfig TLSConfig `json:"tlsConfig,omitempty,omitzero"` +} + +// Label represents a key/value pair for external labels. +type Label struct { + // key is the name of the label. + // Prometheus supports UTF-8 label names, so any valid UTF-8 string is allowed. + // Must be between 1 and 128 characters in length. + // +required + // +kubebuilder:validation:MaxLength=128 + // +kubebuilder:validation:MinLength=1 + Key string `json:"key,omitempty"` + // value is the value of the label. + // Must be between 1 and 128 characters in length. + // +required + // +kubebuilder:validation:MaxLength=128 + // +kubebuilder:validation:MinLength=1 + Value string `json:"value,omitempty"` +} + +// RemoteWriteSpec represents configuration for remote write endpoints. +type RemoteWriteSpec struct { + // url is the URL of the remote write endpoint. + // Must be a valid URL with http or https scheme and a non-empty hostname. + // Query parameters, fragments, and user information (e.g. user:password@host) are not allowed. + // Empty string is invalid. Must be between 1 and 2048 characters in length. + // +required + // +kubebuilder:validation:MaxLength=2048 + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:XValidation:rule="isURL(self)",message="must be a valid URL" + // +kubebuilder:validation:XValidation:rule="!isURL(self) || url(self).getScheme() == 'http' || url(self).getScheme() == 'https'",message="must use http or https scheme" + // +kubebuilder:validation:XValidation:rule="!isURL(self) || size(url(self).getHostname()) > 0",message="must have a non-empty hostname" + // +kubebuilder:validation:XValidation:rule="!isURL(self) || url(self).getQuery().size() == 0",message="query parameters are not allowed" + // +kubebuilder:validation:XValidation:rule="!self.matches('.*#.*')",message="fragments are not allowed" + // +kubebuilder:validation:XValidation:rule="!self.matches('.*@.*')",message="user information (e.g. user:password@host) is not allowed" + URL string `json:"url,omitempty"` + // name is a required identifier for this remote write configuration (name is the list key for the remoteWrite list). + // This name is used in metrics and logging to differentiate remote write queues. + // Must contain only alphanumeric characters, hyphens, and underscores. + // Must be between 1 and 63 characters in length. + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=63 + // +kubebuilder:validation:XValidation:rule="self.matches('^[a-zA-Z0-9_-]+$')",message="must contain only alphanumeric characters, hyphens, and underscores" + Name string `json:"name,omitempty"` + // authorization defines the authorization method for the remote write endpoint. + // When omitted, no authorization is performed. + // When set, type must be one of BearerToken, BasicAuth, OAuth2, SigV4, SafeAuthorization, or ServiceAccount; the corresponding nested config must be set (ServiceAccount has no config). + // +optional + AuthorizationConfig RemoteWriteAuthorization `json:"authorization,omitzero"` + // headers specifies the custom HTTP headers to be sent along with each remote write request. + // Sending custom headers makes the configuration of a proxy in between optional and helps the + // receiver recognize the given source better. + // Clients MAY allow users to send custom HTTP headers; they MUST NOT allow users to configure + // them in such a way as to send reserved headers. Headers set by Prometheus cannot be overwritten. + // When omitted, no custom headers are sent. + // Maximum of 50 headers can be specified. Each header name must be unique. + // Each header name must contain only alphanumeric characters, hyphens, and underscores, and must not be a reserved Prometheus header (Host, Authorization, Content-Encoding, Content-Type, X-Prometheus-Remote-Write-Version, User-Agent, Connection, Keep-Alive, Proxy-Authenticate, Proxy-Authorization, WWW-Authenticate). + // +optional + // +kubebuilder:validation:MinItems=0 + // +kubebuilder:validation:MaxItems=50 + // +kubebuilder:validation:items:XValidation:rule="self.name.matches('^[a-zA-Z0-9_-]+$')",message="header name must contain only alphanumeric characters, hyphens, and underscores" + // +kubebuilder:validation:items:XValidation:rule="!self.name.matches('(?i)^(host|authorization|content-encoding|content-type|x-prometheus-remote-write-version|user-agent|connection|keep-alive|proxy-authenticate|proxy-authorization|www-authenticate)$')",message="header name must not be a reserved Prometheus header (Host, Authorization, Content-Encoding, Content-Type, X-Prometheus-Remote-Write-Version, User-Agent, Connection, Keep-Alive, Proxy-Authenticate, Proxy-Authorization, WWW-Authenticate)" + // +listType=map + // +listMapKey=name + Headers []PrometheusRemoteWriteHeader `json:"headers,omitempty"` + // metadataConfig configures the sending of series metadata to remote storage. + // When omitted, no metadata is sent. + // When set to sendPolicy: Default, metadata is sent using platform-chosen defaults (e.g. send interval 30 seconds). + // When set to sendPolicy: Custom, metadata is sent using the settings in the custom field (e.g. custom.sendIntervalSeconds). + // +optional + MetadataConfig MetadataConfig `json:"metadataConfig,omitempty,omitzero"` + // proxyUrl defines an optional proxy URL. + // If the cluster-wide proxy is enabled, it replaces the proxyUrl setting. + // The cluster-wide proxy supports both HTTP and HTTPS proxies, with HTTPS taking precedence. + // When omitted, no proxy is used. + // Must be a valid URL with http or https scheme. + // Must be between 1 and 2048 characters in length. + // +optional + // +kubebuilder:validation:MaxLength=2048 + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:XValidation:rule="isURL(self) && (url(self).getScheme() == 'http' || url(self).getScheme() == 'https')",message="must be a valid URL with http or https scheme" + ProxyURL string `json:"proxyUrl,omitempty"` + // queueConfig allows tuning configuration for remote write queue parameters. + // When omitted, default queue configuration is used. + // +optional + QueueConfig QueueConfig `json:"queueConfig,omitempty,omitzero"` + // remoteTimeoutSeconds defines the timeout in seconds for requests to the remote write endpoint. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // Minimum value is 1 second. + // Maximum value is 600 seconds (10 minutes). + // +optional + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=600 + RemoteTimeoutSeconds int32 `json:"remoteTimeoutSeconds,omitempty"` + // exemplarsMode controls whether exemplars are sent via remote write. + // Valid values are "Send", "DoNotSend" and omitted. + // When set to "Send", Prometheus is configured to store a maximum of 100,000 exemplars in memory and send them with remote write. + // Note that this setting only applies to user-defined monitoring. It is not applicable to default in-cluster monitoring. + // When omitted or set to "DoNotSend", exemplars are not sent. + // +optional + ExemplarsMode ExemplarsMode `json:"exemplarsMode,omitempty"` + // tlsConfig defines TLS authentication settings for the remote write endpoint. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // +optional + TLSConfig TLSConfig `json:"tlsConfig,omitempty,omitzero"` + // writeRelabelConfigs is a list of relabeling rules to apply before sending data to the remote endpoint. + // When omitted, no relabeling is performed and all metrics are sent as-is. + // Minimum of 1 and maximum of 10 relabeling rules can be specified. + // Each rule must have a unique name. + // +optional + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=10 + // +listType=map + // +listMapKey=name + WriteRelabelConfigs []RelabelConfig `json:"writeRelabelConfigs,omitempty"` +} + +// PrometheusRemoteWriteHeader defines a custom HTTP header for remote write requests. +// The header name must not be one of the reserved headers set by Prometheus (Host, Authorization, Content-Encoding, Content-Type, X-Prometheus-Remote-Write-Version, User-Agent, Connection, Keep-Alive, Proxy-Authenticate, Proxy-Authorization, WWW-Authenticate). +// Header names must contain only case-insensitive alphanumeric characters, hyphens (-), and underscores (_); other characters (e.g. emoji) are rejected by validation. +// Validation is enforced on the Headers field in RemoteWriteSpec. +type PrometheusRemoteWriteHeader struct { + // name is the HTTP header name. Must not be a reserved header (see type documentation). + // Must contain only alphanumeric characters, hyphens, and underscores; invalid characters are rejected. Must be between 1 and 256 characters. + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=256 + Name string `json:"name,omitempty"` + // value is the HTTP header value. Must be at most 4096 characters. + // +required + // +kubebuilder:validation:MinLength=0 + // +kubebuilder:validation:MaxLength=4096 + Value *string `json:"value,omitempty"` +} + +// BasicAuth defines basic authentication settings for the remote write endpoint URL. +type BasicAuth struct { + // username defines the secret reference containing the username for basic authentication. + // The secret must exist in the openshift-monitoring namespace. + // +required + Username SecretKeySelector `json:"username,omitzero,omitempty"` + // password defines the secret reference containing the password for basic authentication. + // The secret must exist in the openshift-monitoring namespace. + // +required + Password SecretKeySelector `json:"password,omitzero,omitempty"` +} + +// RemoteWriteAuthorizationType defines the authorization method for remote write endpoints. +// +kubebuilder:validation:Enum=BearerToken;BasicAuth;OAuth2;SigV4;SafeAuthorization;ServiceAccount +type RemoteWriteAuthorizationType string + +const ( + // RemoteWriteAuthorizationTypeBearerToken indicates bearer token from a secret. + RemoteWriteAuthorizationTypeBearerToken RemoteWriteAuthorizationType = "BearerToken" + // RemoteWriteAuthorizationTypeBasicAuth indicates HTTP basic authentication. + RemoteWriteAuthorizationTypeBasicAuth RemoteWriteAuthorizationType = "BasicAuth" + // RemoteWriteAuthorizationTypeOAuth2 indicates OAuth2 client credentials. + RemoteWriteAuthorizationTypeOAuth2 RemoteWriteAuthorizationType = "OAuth2" + // RemoteWriteAuthorizationTypeSigV4 indicates AWS Signature Version 4. + RemoteWriteAuthorizationTypeSigV4 RemoteWriteAuthorizationType = "SigV4" + // RemoteWriteAuthorizationTypeSafeAuthorization indicates authorization from a secret (Prometheus SafeAuthorization pattern). + // The secret key contains the credentials (e.g. a Bearer token). Use the safeAuthorization field. + RemoteWriteAuthorizationTypeSafeAuthorization RemoteWriteAuthorizationType = "SafeAuthorization" + // RemoteWriteAuthorizationTypeServiceAccount indicates use of the pod's service account token for machine identity. + // No additional field is required; the operator configures the token path. + RemoteWriteAuthorizationTypeServiceAccount RemoteWriteAuthorizationType = "ServiceAccount" +) + +// RemoteWriteAuthorization defines the authorization method for a remote write endpoint. +// Exactly one of the nested configs must be set according to the type discriminator. +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'BearerToken' ? has(self.bearerToken) : !has(self.bearerToken)",message="bearerToken is required when type is BearerToken, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'BasicAuth' ? has(self.basicAuth) : !has(self.basicAuth)",message="basicAuth is required when type is BasicAuth, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'OAuth2' ? has(self.oauth2) : !has(self.oauth2)",message="oauth2 is required when type is OAuth2, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'SigV4' ? has(self.sigv4) : !has(self.sigv4)",message="sigv4 is required when type is SigV4, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'SafeAuthorization' ? has(self.safeAuthorization) : !has(self.safeAuthorization)",message="safeAuthorization is required when type is SafeAuthorization, and forbidden otherwise" +// +union +type RemoteWriteAuthorization struct { + // type specifies the authorization method to use. + // Allowed values are BearerToken, BasicAuth, OAuth2, SigV4, SafeAuthorization, ServiceAccount. + // + // When set to BearerToken, the bearer token is read from a Secret referenced by the bearerToken field. + // + // When set to BasicAuth, HTTP basic authentication is used; the basicAuth field (username and password from Secrets) must be set. + // + // When set to OAuth2, OAuth2 client credentials flow is used; the oauth2 field (clientId, clientSecret, tokenUrl) must be set. + // + // When set to SigV4, AWS Signature Version 4 is used for authentication; the sigv4 field must be set. + // + // When set to SafeAuthorization, credentials are read from a single Secret key (Prometheus SafeAuthorization pattern). The secret key typically contains a Bearer token. Use the safeAuthorization field. + // + // When set to ServiceAccount, the pod's service account token is used for machine identity. No additional field is required; the operator configures the token path. + // +unionDiscriminator + // +required + Type RemoteWriteAuthorizationType `json:"type,omitempty"` + // safeAuthorization defines the secret reference containing the credentials for authentication (e.g. Bearer token). + // Required when type is "SafeAuthorization", and forbidden otherwise. Maps to Prometheus SafeAuthorization. The secret must exist in the openshift-monitoring namespace. + // +unionMember + // +optional + SafeAuthorization *v1.SecretKeySelector `json:"safeAuthorization,omitempty"` + // bearerToken defines the secret reference containing the bearer token. + // Required when type is "BearerToken", and forbidden otherwise. + // +unionMember + // +optional + BearerToken SecretKeySelector `json:"bearerToken,omitempty,omitzero"` + // basicAuth defines HTTP basic authentication credentials. + // Required when type is "BasicAuth", and forbidden otherwise. + // +unionMember + // +optional + BasicAuth BasicAuth `json:"basicAuth,omitempty,omitzero"` + // oauth2 defines OAuth2 client credentials authentication. + // Required when type is "OAuth2", and forbidden otherwise. + // +unionMember + // +optional + OAuth2 OAuth2 `json:"oauth2,omitempty,omitzero"` + // sigv4 defines AWS Signature Version 4 authentication. + // Required when type is "SigV4", and forbidden otherwise. + // +unionMember + // +optional + Sigv4 Sigv4 `json:"sigv4,omitempty,omitzero"` +} + +// MetadataConfigSendPolicy defines whether to send metadata with platform defaults or with custom settings. +// +kubebuilder:validation:Enum=Default;Custom +type MetadataConfigSendPolicy string + +const ( + // MetadataConfigSendPolicyDefault indicates metadata is sent using platform-chosen defaults (e.g. send interval 30 seconds). + MetadataConfigSendPolicyDefault MetadataConfigSendPolicy = "Default" + // MetadataConfigSendPolicyCustom indicates metadata is sent using the settings in the custom field. + MetadataConfigSendPolicyCustom MetadataConfigSendPolicy = "Custom" +) + +// MetadataConfig defines whether and how to send series metadata to remote write storage. +// +kubebuilder:validation:XValidation:rule="self.sendPolicy == 'Default' ? self.custom.sendIntervalSeconds == 0 : true",message="custom is forbidden when sendPolicy is Default" +type MetadataConfig struct { + // sendPolicy specifies whether to send metadata and how it is configured. + // Default: send metadata using platform-chosen defaults (e.g. send interval 30 seconds). + // Custom: send metadata using the settings in the custom field. + // +required + SendPolicy MetadataConfigSendPolicy `json:"sendPolicy,omitempty"` + // custom defines custom metadata send settings. Required when sendPolicy is Custom (must have at least one property), and forbidden when sendPolicy is Default. + // +optional + Custom MetadataConfigCustom `json:"custom,omitempty,omitzero"` +} + +// MetadataConfigCustom defines custom settings for sending series metadata when sendPolicy is Custom. +// At least one property must be set when sendPolicy is Custom (e.g. sendIntervalSeconds). +// +kubebuilder:validation:MinProperties=1 +type MetadataConfigCustom struct { + // sendIntervalSeconds is the interval in seconds at which metadata is sent. + // When omitted, the platform chooses a reasonable default (e.g. 30 seconds). + // Minimum value is 1 second. Maximum value is 86400 seconds (24 hours). + // +optional + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=86400 + SendIntervalSeconds int32 `json:"sendIntervalSeconds,omitempty"` +} + +// OAuth2 defines OAuth2 authentication settings for the remote write endpoint. +type OAuth2 struct { + // clientId defines the secret reference containing the OAuth2 client ID. + // The secret must exist in the openshift-monitoring namespace. + // +required + ClientID SecretKeySelector `json:"clientId,omitzero,omitempty"` + // clientSecret defines the secret reference containing the OAuth2 client secret. + // The secret must exist in the openshift-monitoring namespace. + // +required + ClientSecret SecretKeySelector `json:"clientSecret,omitzero,omitempty"` + // tokenUrl is the URL to fetch the token from. + // Must be a valid URL with http or https scheme. + // Must be between 1 and 2048 characters in length. + // +required + // +kubebuilder:validation:MaxLength=2048 + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:XValidation:rule="isURL(self)",message="must be a valid URL" + // +kubebuilder:validation:XValidation:rule="!isURL(self) || url(self).getScheme() == 'http' || url(self).getScheme() == 'https'",message="must use http or https scheme" + TokenURL string `json:"tokenUrl,omitempty"` + // scopes is a list of OAuth2 scopes to request. + // When omitted, no scopes are requested. + // Maximum of 20 scopes can be specified. + // Each scope must be between 1 and 256 characters. + // +optional + // +kubebuilder:validation:MinItems=0 + // +kubebuilder:validation:MaxItems=20 + // +kubebuilder:validation:items:MinLength=1 + // +kubebuilder:validation:items:MaxLength=256 + // +listType=atomic + Scopes []string `json:"scopes,omitempty"` + // endpointParams defines additional parameters to append to the token URL. + // When omitted, no additional parameters are sent. + // Maximum of 20 parameters can be specified. Entries must have unique names (name is the list key). + // +optional + // +kubebuilder:validation:MinItems=0 + // +kubebuilder:validation:MaxItems=20 + // +listType=map + // +listMapKey=name + EndpointParams []OAuth2EndpointParam `json:"endpointParams,omitempty"` +} + +// OAuth2EndpointParam defines a name/value parameter for the OAuth2 token URL. +type OAuth2EndpointParam struct { + // name is the parameter name. Must be between 1 and 256 characters. + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=256 + Name string `json:"name,omitempty"` + // value is the optional parameter value. When omitted, the query parameter is applied as ?name (no value). + // When set (including to the empty string), it is applied as ?name=value. Empty string may be used when the + // external system expects a parameter with an empty value (e.g. ?parameter=""). + // Must be between 0 and 2048 characters when present (aligned with common URL length recommendations). + // +optional + // +kubebuilder:validation:MinLength=0 + // +kubebuilder:validation:MaxLength=2048 + Value *string `json:"value,omitempty"` +} + +// QueueConfig allows tuning configuration for remote write queue parameters. +// Configure this when you need to control throughput, backpressure, or retry behavior—for example to avoid overloading the remote endpoint, to reduce memory usage, or to tune for high-cardinality workloads. Consider capacity, maxShards, and batchSendDeadlineSeconds for throughput; minBackoffMilliseconds and maxBackoffMilliseconds for retries; and rateLimitedAction when the remote returns HTTP 429. +// +kubebuilder:validation:MinProperties=1 +type QueueConfig struct { + // capacity is the number of samples to buffer per shard before we start dropping them. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // The default value is 10000. + // Minimum value is 1. + // Maximum value is 1000000. + // +optional + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=1000000 + Capacity int32 `json:"capacity,omitempty"` + // maxShards is the maximum number of shards, i.e. amount of concurrency. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // The default value is 200. + // Minimum value is 1. + // Maximum value is 10000. + // +optional + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=10000 + MaxShards int32 `json:"maxShards,omitempty"` + // minShards is the minimum number of shards, i.e. amount of concurrency. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // The default value is 1. + // Minimum value is 1. + // Maximum value is 10000. + // +optional + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=10000 + MinShards int32 `json:"minShards,omitempty"` + // maxSamplesPerSend is the maximum number of samples per send. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // The default value is 1000. + // Minimum value is 1. + // Maximum value is 100000. + // +optional + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=100000 + MaxSamplesPerSend int32 `json:"maxSamplesPerSend,omitempty"` + // batchSendDeadlineSeconds is the maximum time in seconds a sample will wait in buffer before being sent. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // Minimum value is 1 second. + // Maximum value is 3600 seconds (1 hour). + // +optional + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=3600 + BatchSendDeadlineSeconds int32 `json:"batchSendDeadlineSeconds,omitempty"` + // minBackoffMilliseconds is the minimum retry delay in milliseconds. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // Minimum value is 1 millisecond. + // Maximum value is 3600000 milliseconds (1 hour). + // +optional + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=3600000 + MinBackoffMilliseconds int32 `json:"minBackoffMilliseconds,omitempty"` + // maxBackoffMilliseconds is the maximum retry delay in milliseconds. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // Minimum value is 1 millisecond. + // Maximum value is 3600000 milliseconds (1 hour). + // +optional + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=3600000 + MaxBackoffMilliseconds int32 `json:"maxBackoffMilliseconds,omitempty"` + // rateLimitedAction controls what to do when the remote write endpoint returns HTTP 429 (Too Many Requests). + // When omitted, no retries are performed on rate limit responses. + // When set to "Retry", Prometheus will retry such requests using the backoff settings above. + // Valid value when set is "Retry". + // +optional + RateLimitedAction RateLimitedAction `json:"rateLimitedAction,omitempty"` +} + +// Sigv4 defines AWS Signature Version 4 authentication settings. +// At least one of region, accessKey/secretKey, profile, or roleArn must be set so the platform can perform authentication. +// +kubebuilder:validation:MinProperties=1 +type Sigv4 struct { + // region is the AWS region. + // When omitted, the region is derived from the environment or instance metadata. + // Must be between 1 and 128 characters. + // +optional + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=128 + Region string `json:"region,omitempty"` + // accessKey defines the secret reference containing the AWS access key ID. + // The secret must exist in the openshift-monitoring namespace. + // When omitted, the access key is derived from the environment or instance metadata. + // +optional + AccessKey SecretKeySelector `json:"accessKey,omitempty,omitzero"` + // secretKey defines the secret reference containing the AWS secret access key. + // The secret must exist in the openshift-monitoring namespace. + // When omitted, the secret key is derived from the environment or instance metadata. + // +optional + SecretKey SecretKeySelector `json:"secretKey,omitempty,omitzero"` + // profile is the named AWS profile used to authenticate. + // When omitted, the default profile is used. + // Must be between 1 and 128 characters. + // +optional + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=128 + Profile string `json:"profile,omitempty"` + // roleArn is the AWS Role ARN, an alternative to using AWS API keys. + // When omitted, API keys are used for authentication. + // Must be a valid AWS ARN format (e.g., "arn:aws:iam::123456789012:role/MyRole"). + // Must be between 1 and 512 characters. + // +optional + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=512 + // +kubebuilder:validation:XValidation:rule=`self.startsWith('arn:aws') && self.matches('^arn:aws(-[a-z]+)?:iam::[0-9]{12}:role/.+$')`,message="must be a valid AWS IAM role ARN (e.g., arn:aws:iam::123456789012:role/MyRole)" + RoleArn string `json:"roleArn,omitempty"` +} + +// RelabelConfig represents a relabeling rule. +type RelabelConfig struct { + // name is a unique identifier for this relabel configuration. + // Must contain only alphanumeric characters, hyphens, and underscores. + // Must be between 1 and 63 characters in length. + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=63 + // +kubebuilder:validation:XValidation:rule="self.matches('^[a-zA-Z0-9_-]+$')",message="must contain only alphanumeric characters, hyphens, and underscores" + Name string `json:"name,omitempty"` + + // sourceLabels specifies which label names to extract from each series for this relabeling rule. + // The values of these labels are joined together using the configured separator, + // and the resulting string is then matched against the regular expression. + // If a referenced label does not exist on a series, Prometheus substitutes an empty string. + // When omitted, the rule operates without extracting source labels (useful for actions like labelmap). + // Minimum of 1 and maximum of 10 source labels can be specified, each between 1 and 128 characters. + // Each entry must be unique. + // Label names beginning with "__" (two underscores) are reserved for internal Prometheus use and are not allowed. + // Label names SHOULD start with a letter (a-z, A-Z) or underscore (_), followed by zero or more letters, digits (0-9), or underscores for best compatibility. + // While Prometheus supports UTF-8 characters in label names (since v3.0.0), using the recommended character set + // ensures better compatibility with the wider ecosystem (tooling, third-party instrumentation, etc.). + // +optional + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=10 + // +kubebuilder:validation:items:MinLength=1 + // +kubebuilder:validation:items:MaxLength=128 + // +kubebuilder:validation:items:XValidation:rule="!self.startsWith('__')",message="label names beginning with '__' (two underscores) are reserved for internal Prometheus use and are not allowed" + // +listType=set + SourceLabels []string `json:"sourceLabels,omitempty"` + + // separator is the character sequence used to join source label values. + // Common examples: ";", ",", "::", "|||". + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // The default value is ";". + // Must be between 1 and 5 characters in length when specified. + // +optional + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=5 + Separator string `json:"separator,omitempty"` + + // regex is the regular expression to match against the concatenated source label values. + // Must be a valid RE2 regular expression (https://github.com/google/re2/wiki/Syntax). + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // The default value is "(.*)" to match everything. + // Must be between 1 and 1000 characters in length when specified. + // +optional + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=1000 + Regex string `json:"regex,omitempty"` + + // action defines the action to perform on the matched labels and its configuration. + // Exactly one action-specific configuration must be specified based on the action type. + // +required + Action RelabelActionConfig `json:"action,omitzero"` +} + +// RelabelActionConfig represents the action to perform and its configuration. +// Exactly one action-specific configuration must be specified based on the action type. +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'Replace' ? has(self.replace) : !has(self.replace)",message="replace is required when type is Replace, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'HashMod' ? has(self.hashMod) : !has(self.hashMod)",message="hashMod is required when type is HashMod, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'Lowercase' ? has(self.lowercase) : !has(self.lowercase)",message="lowercase is required when type is Lowercase, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'Uppercase' ? has(self.uppercase) : !has(self.uppercase)",message="uppercase is required when type is Uppercase, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'KeepEqual' ? has(self.keepEqual) : !has(self.keepEqual)",message="keepEqual is required when type is KeepEqual, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'DropEqual' ? has(self.dropEqual) : !has(self.dropEqual)",message="dropEqual is required when type is DropEqual, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'LabelMap' ? has(self.labelMap) : !has(self.labelMap)",message="labelMap is required when type is LabelMap, and forbidden otherwise" +// +union +type RelabelActionConfig struct { + // type specifies the action to perform on the matched labels. + // Allowed values are Replace, Lowercase, Uppercase, Keep, Drop, KeepEqual, DropEqual, HashMod, LabelMap, LabelDrop, LabelKeep. + // + // When set to Replace, regex is matched against the concatenated source_labels; target_label is set to replacement with match group references (${1}, ${2}, ...) substituted. If regex does not match, no replacement takes place. + // + // When set to Lowercase, the concatenated source_labels are mapped to their lower case. Requires Prometheus >= v2.36.0. + // + // When set to Uppercase, the concatenated source_labels are mapped to their upper case. Requires Prometheus >= v2.36.0. + // + // When set to Keep, targets for which regex does not match the concatenated source_labels are dropped. + // + // When set to Drop, targets for which regex matches the concatenated source_labels are dropped. + // + // When set to KeepEqual, targets for which the concatenated source_labels do not match target_label are dropped. Requires Prometheus >= v2.41.0. + // + // When set to DropEqual, targets for which the concatenated source_labels do match target_label are dropped. Requires Prometheus >= v2.41.0. + // + // When set to HashMod, target_label is set to the modulus of a hash of the concatenated source_labels. + // + // When set to LabelMap, regex is matched against all source label names (not just source_labels); matching label values are copied to new names given by replacement with ${1}, ${2}, ... substituted. + // + // When set to LabelDrop, regex is matched against all label names; any label that matches is removed. + // + // When set to LabelKeep, regex is matched against all label names; any label that does not match is removed. + // +required + // +unionDiscriminator + Type RelabelAction `json:"type,omitempty"` + + // replace configures the Replace action. + // Required when type is Replace, and forbidden otherwise. + // +unionMember + // +optional + Replace ReplaceActionConfig `json:"replace,omitempty,omitzero"` + + // hashMod configures the HashMod action. + // Required when type is HashMod, and forbidden otherwise. + // +unionMember + // +optional + HashMod HashModActionConfig `json:"hashMod,omitempty,omitzero"` + + // labelMap configures the LabelMap action. + // Required when type is LabelMap, and forbidden otherwise. + // +unionMember + // +optional + LabelMap LabelMapActionConfig `json:"labelMap,omitempty,omitzero"` + + // lowercase configures the Lowercase action. + // Required when type is Lowercase, and forbidden otherwise. + // Requires Prometheus >= v2.36.0. + // +unionMember + // +optional + Lowercase LowercaseActionConfig `json:"lowercase,omitempty,omitzero"` + + // uppercase configures the Uppercase action. + // Required when type is Uppercase, and forbidden otherwise. + // Requires Prometheus >= v2.36.0. + // +unionMember + // +optional + Uppercase UppercaseActionConfig `json:"uppercase,omitempty,omitzero"` + + // keepEqual configures the KeepEqual action. + // Required when type is KeepEqual, and forbidden otherwise. + // Requires Prometheus >= v2.41.0. + // +unionMember + // +optional + KeepEqual KeepEqualActionConfig `json:"keepEqual,omitempty,omitzero"` + + // dropEqual configures the DropEqual action. + // Required when type is DropEqual, and forbidden otherwise. + // Requires Prometheus >= v2.41.0. + // +unionMember + // +optional + DropEqual DropEqualActionConfig `json:"dropEqual,omitempty,omitzero"` +} + +// ReplaceActionConfig configures the Replace action. +// Regex is matched against the concatenated source_labels; target_label is set to replacement with match group references (${1}, ${2}, ...) substituted. No replacement if regex does not match. +type ReplaceActionConfig struct { + // targetLabel is the label name where the replacement result is written. + // Must be between 1 and 128 characters in length. + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=128 + TargetLabel string `json:"targetLabel,omitempty"` + + // replacement is the value written to target_label when regex matches; match group references (${1}, ${2}, ...) are substituted. + // Required when using the Replace action so the intended behavior is explicit and the platform does not need to apply defaults. + // Use "$1" for the first capture group, "$2" for the second, etc. Use an empty string ("") to explicitly clear the target label value. + // Must be between 0 and 255 characters in length. + // +required + // +kubebuilder:validation:MinLength=0 + // +kubebuilder:validation:MaxLength=255 + Replacement *string `json:"replacement,omitempty"` +} + +// HashModActionConfig configures the HashMod action. +// target_label is set to the modulus of a hash of the concatenated source_labels (target = hash % modulus). +type HashModActionConfig struct { + // targetLabel is the label name where the hash modulus result is written. + // Must be between 1 and 128 characters in length. + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=128 + TargetLabel string `json:"targetLabel,omitempty"` + + // modulus is the divisor applied to the hash of the concatenated source label values (target = hash % modulus). + // Required when using the HashMod action so the intended behavior is explicit. + // Must be between 1 and 1000000. + // +required + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=1000000 + Modulus int64 `json:"modulus,omitempty"` +} + +// LowercaseActionConfig configures the Lowercase action. +// Maps the concatenated source_labels to their lower case and writes to target_label. +// Requires Prometheus >= v2.36.0. +type LowercaseActionConfig struct { + // targetLabel is the label name where the lower-cased value is written. + // Must be between 1 and 128 characters in length. + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=128 + TargetLabel string `json:"targetLabel,omitempty"` +} + +// UppercaseActionConfig configures the Uppercase action. +// Maps the concatenated source_labels to their upper case and writes to target_label. +// Requires Prometheus >= v2.36.0. +type UppercaseActionConfig struct { + // targetLabel is the label name where the upper-cased value is written. + // Must be between 1 and 128 characters in length. + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=128 + TargetLabel string `json:"targetLabel,omitempty"` +} + +// KeepEqualActionConfig configures the KeepEqual action. +// Drops targets for which the concatenated source_labels do not match the value of target_label. +// Requires Prometheus >= v2.41.0. +type KeepEqualActionConfig struct { + // targetLabel is the label name whose value is compared to the concatenated source_labels; targets that do not match are dropped. + // Must be between 1 and 128 characters in length. + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=128 + TargetLabel string `json:"targetLabel,omitempty"` +} + +// DropEqualActionConfig configures the DropEqual action. +// Drops targets for which the concatenated source_labels do match the value of target_label. +// Requires Prometheus >= v2.41.0. +type DropEqualActionConfig struct { + // targetLabel is the label name whose value is compared to the concatenated source_labels; targets that match are dropped. + // Must be between 1 and 128 characters in length. + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=128 + TargetLabel string `json:"targetLabel,omitempty"` +} + +// LabelMapActionConfig configures the LabelMap action. +// Regex is matched against all source label names (not just source_labels). Matching label values are copied to new label names given by replacement, with match group references (${1}, ${2}, ...) substituted. +type LabelMapActionConfig struct { + // replacement is the template for new label names; match group references (${1}, ${2}, ...) are substituted from the matched label name. + // Required when using the LabelMap action so the intended behavior is explicit and the platform does not need to apply defaults. + // Use "$1" for the first capture group, "$2" for the second, etc. + // Must be between 1 and 255 characters in length. Empty string is invalid as it would produce invalid label names. + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=255 + Replacement string `json:"replacement,omitempty"` +} + +// TLSConfig represents TLS configuration for Alertmanager connections. +// At least one TLS configuration option must be specified. +// For mutual TLS (mTLS), both cert and key must be specified together, or both omitted. +// +kubebuilder:validation:MinProperties=1 +// +kubebuilder:validation:XValidation:rule="(has(self.cert) && has(self.key)) || (!has(self.cert) && !has(self.key))",message="cert and key must both be specified together for mutual TLS, or both be omitted" +type TLSConfig struct { + // ca is an optional CA certificate to use for TLS connections. + // When omitted, the system's default CA bundle is used. + // +optional + CA SecretKeySelector `json:"ca,omitempty,omitzero"` + // cert is an optional client certificate to use for mutual TLS connections. + // When omitted, no client certificate is presented. + // +optional + Cert SecretKeySelector `json:"cert,omitempty,omitzero"` + // key is an optional client key to use for mutual TLS connections. + // When omitted, no client key is used. + // +optional + Key SecretKeySelector `json:"key,omitempty,omitzero"` + // serverName is an optional server name to use for TLS connections. + // When specified, must be a valid DNS subdomain as per RFC 1123. + // When omitted, the server name is derived from the URL. + // Must be between 1 and 253 characters in length. + // +optional + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=253 + // +kubebuilder:validation:XValidation:rule="!format.dns1123Subdomain().validate(self).hasValue()",message="must be a valid DNS subdomain (lowercase alphanumeric characters, '-' or '.', start and end with alphanumeric)" + ServerName string `json:"serverName,omitempty"` + // certificateVerification determines the policy for TLS certificate verification. + // Allowed values are "Verify" (performs certificate verification, secure) and "SkipVerify" (skips verification, insecure). + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // The default value is "Verify". + // +optional + CertificateVerification CertificateVerificationType `json:"certificateVerification,omitempty"` +} + +// CertificateVerificationType defines the TLS certificate verification policy. +// +kubebuilder:validation:Enum=Verify;SkipVerify +type CertificateVerificationType string + +const ( + // CertificateVerificationVerify performs certificate verification (secure, recommended). + CertificateVerificationVerify CertificateVerificationType = "Verify" + // CertificateVerificationSkipVerify skips certificate verification (insecure, use with caution). + CertificateVerificationSkipVerify CertificateVerificationType = "SkipVerify" +) + +// AuthorizationType defines the type of authentication to use. +// +kubebuilder:validation:Enum=BearerToken +type AuthorizationType string + +const ( + // AuthorizationTypeBearerToken indicates bearer token authentication. + AuthorizationTypeBearerToken AuthorizationType = "BearerToken" +) + +// AuthorizationConfig defines the authentication method for Alertmanager connections. +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'BearerToken' ? has(self.bearerToken) : !has(self.bearerToken)",message="bearerToken is required when type is BearerToken" +// +union +type AuthorizationConfig struct { + // type specifies the authentication type to use. + // Valid value is "BearerToken" (bearer token authentication). + // When set to BearerToken, the bearerToken field must be specified. + // +unionDiscriminator + // +required + Type AuthorizationType `json:"type,omitempty"` + // bearerToken defines the secret reference containing the bearer token. + // Required when type is "BearerToken", and forbidden otherwise. + // The secret must exist in the openshift-monitoring namespace. + // +optional + BearerToken SecretKeySelector `json:"bearerToken,omitempty,omitzero"` +} + +// SecretKeySelector selects a key of a Secret in the `openshift-monitoring` namespace. +// +structType=atomic +type SecretKeySelector struct { + // name is the name of the secret in the `openshift-monitoring` namespace to select from. + // Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + // Must be between 1 and 253 characters in length. + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=253 + // +kubebuilder:validation:XValidation:rule="!format.dns1123Subdomain().validate(self).hasValue()",message="must be a valid secret name (lowercase alphanumeric characters, '-' or '.', start and end with alphanumeric)" + Name string `json:"name,omitempty"` + // key is the key of the secret to select from. + // Must consist of alphanumeric characters, '-', '_', or '.'. + // Must be between 1 and 253 characters in length. + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=253 + // +kubebuilder:validation:XValidation:rule="self.matches('^[a-zA-Z0-9._-]+$')",message="must contain only alphanumeric characters, '-', '_', or '.'" + Key string `json:"key,omitempty"` +} + +// Retention configures how long Prometheus retains metrics data and how much storage it can use. +// +kubebuilder:validation:MinProperties=1 +type Retention struct { + // durationInDays specifies how many days Prometheus will retain metrics data. + // Prometheus automatically deletes data older than this duration. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // The default value is 15. + // Minimum value is 1 day. + // Maximum value is 365 days (1 year). + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=365 + // +optional + DurationInDays int32 `json:"durationInDays,omitempty"` + // sizeInGiB specifies the maximum storage size in gibibytes (GiB) that Prometheus + // can use for data blocks and the write-ahead log (WAL). + // When the limit is reached, Prometheus will delete oldest data first. + // When omitted, no size limit is enforced and Prometheus uses available PersistentVolume capacity. + // Minimum value is 1 GiB. + // Maximum value is 16384 GiB (16 TiB). + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=16384 + // +optional + SizeInGiB int32 `json:"sizeInGiB,omitempty"` +} + +// RelabelAction defines the action to perform in a relabeling rule. +// +kubebuilder:validation:Enum=Replace;Keep;Drop;HashMod;LabelMap;LabelDrop;LabelKeep;Lowercase;Uppercase;KeepEqual;DropEqual +type RelabelAction string + +const ( + // RelabelActionReplace: match regex against concatenated source_labels; set target_label to replacement with ${1}, ${2}, ... substituted. No replacement if regex does not match. + RelabelActionReplace RelabelAction = "Replace" + // RelabelActionLowercase: map the concatenated source_labels to their lower case. + RelabelActionLowercase RelabelAction = "Lowercase" + // RelabelActionUppercase: map the concatenated source_labels to their upper case. + RelabelActionUppercase RelabelAction = "Uppercase" + // RelabelActionKeep: drop targets for which regex does not match the concatenated source_labels. + RelabelActionKeep RelabelAction = "Keep" + // RelabelActionDrop: drop targets for which regex matches the concatenated source_labels. + RelabelActionDrop RelabelAction = "Drop" + // RelabelActionKeepEqual: drop targets for which the concatenated source_labels do not match target_label. + RelabelActionKeepEqual RelabelAction = "KeepEqual" + // RelabelActionDropEqual: drop targets for which the concatenated source_labels do match target_label. + RelabelActionDropEqual RelabelAction = "DropEqual" + // RelabelActionHashMod: set target_label to the modulus of a hash of the concatenated source_labels. + RelabelActionHashMod RelabelAction = "HashMod" + // RelabelActionLabelMap: match regex against all source label names; copy matching label values to new names given by replacement with ${1}, ${2}, ... substituted. + RelabelActionLabelMap RelabelAction = "LabelMap" + // RelabelActionLabelDrop: match regex against all label names; any label that matches is removed. + RelabelActionLabelDrop RelabelAction = "LabelDrop" + // RelabelActionLabelKeep: match regex against all label names; any label that does not match is removed. + RelabelActionLabelKeep RelabelAction = "LabelKeep" +) + +// CollectionProfile defines the metrics collection profile for Prometheus. +// +kubebuilder:validation:Enum=Full;Minimal +type CollectionProfile string + +const ( + // CollectionProfileFull means Prometheus collects all metrics that are exposed by the platform components. + CollectionProfileFull CollectionProfile = "Full" + // CollectionProfileMinimal means Prometheus only collects metrics necessary for the default + // platform alerts, recording rules, telemetry and console dashboards. + CollectionProfileMinimal CollectionProfile = "Minimal" +) + // AuditProfile defines the audit log level for the Metrics Server. // +kubebuilder:validation:Enum=None;Metadata;Request;RequestResponse type AuditProfile string @@ -596,6 +1764,27 @@ const ( VerbosityLevelTraceAll VerbosityLevel = "TraceAll" ) +// ExemplarsMode defines whether exemplars are sent via remote write. +// +kubebuilder:validation:Enum=Send;DoNotSend +type ExemplarsMode string + +const ( + // ExemplarsModeSend means exemplars are sent via remote write. + ExemplarsModeSend ExemplarsMode = "Send" + // ExemplarsModeDoNotSend means exemplars are not sent via remote write. + ExemplarsModeDoNotSend ExemplarsMode = "DoNotSend" +) + +// RateLimitedAction defines what to do when the remote write endpoint returns HTTP 429 (Too Many Requests). +// Omission of this field means do not retry. When set, the only valid value is Retry. +// +kubebuilder:validation:Enum=Retry +type RateLimitedAction string + +const ( + // RateLimitedActionRetry means requests will be retried on HTTP 429 responses. + RateLimitedActionRetry RateLimitedAction = "Retry" +) + // Audit profile configurations type Audit struct { // profile is a required field for configuring the audit log level of the Kubernetes Metrics Server. diff --git a/vendor/github.com/openshift/api/config/v1alpha1/types_image_policy.go b/vendor/github.com/openshift/api/config/v1alpha1/types_image_policy.go deleted file mode 100644 index 977ca3dde3..0000000000 --- a/vendor/github.com/openshift/api/config/v1alpha1/types_image_policy.go +++ /dev/null @@ -1,289 +0,0 @@ -package v1alpha1 - -import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - -// +genclient -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// ImagePolicy holds namespace-wide configuration for image signature verification -// -// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. -// +kubebuilder:object:root=true -// +kubebuilder:resource:path=imagepolicies,scope=Namespaced -// +kubebuilder:subresource:status -// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/1457 -// +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=config-operator,operatorOrdering=01 -// +openshift:enable:FeatureGate=SigstoreImageVerification -// +openshift:compatibility-gen:level=4 -type ImagePolicy struct { - metav1.TypeMeta `json:",inline"` - - // metadata is the standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - metav1.ObjectMeta `json:"metadata,omitempty"` - - // spec holds user settable values for configuration - // +required - Spec ImagePolicySpec `json:"spec"` - // status contains the observed state of the resource. - // +optional - Status ImagePolicyStatus `json:"status,omitempty"` -} - -// ImagePolicySpec is the specification of the ImagePolicy CRD. -type ImagePolicySpec struct { - // scopes defines the list of image identities assigned to a policy. Each item refers to a scope in a registry implementing the "Docker Registry HTTP API V2". - // Scopes matching individual images are named Docker references in the fully expanded form, either using a tag or digest. For example, docker.io/library/busybox:latest (not busybox:latest). - // More general scopes are prefixes of individual-image scopes, and specify a repository (by omitting the tag or digest), a repository - // namespace, or a registry host (by only specifying the host name and possibly a port number) or a wildcard expression starting with `*.`, for matching all subdomains (not including a port number). - // Wildcards are only supported for subdomain matching, and may not be used in the middle of the host, i.e. *.example.com is a valid case, but example*.*.com is not. - // If multiple scopes match a given image, only the policy requirements for the most specific scope apply. The policy requirements for more general scopes are ignored. - // In addition to setting a policy appropriate for your own deployed applications, make sure that a policy on the OpenShift image repositories - // quay.io/openshift-release-dev/ocp-release, quay.io/openshift-release-dev/ocp-v4.0-art-dev (or on a more general scope) allows deployment of the OpenShift images required for cluster operation. - // If a scope is configured in both the ClusterImagePolicy and the ImagePolicy, or if the scope in ImagePolicy is nested under one of the scopes from the ClusterImagePolicy, only the policy from the ClusterImagePolicy will be applied. - // For additional details about the format, please refer to the document explaining the docker transport field, - // which can be found at: https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md#docker - // +required - // +kubebuilder:validation:MaxItems=256 - // +listType=set - Scopes []ImageScope `json:"scopes"` - // policy contains configuration to allow scopes to be verified, and defines how - // images not matching the verification policy will be treated. - // +required - Policy ImageSigstoreVerificationPolicy `json:"policy"` -} - -// +kubebuilder:validation:XValidation:rule="size(self.split('/')[0].split('.')) == 1 ? self.split('/')[0].split('.')[0].split(':')[0] == 'localhost' : true",message="invalid image scope format, scope must contain a fully qualified domain name or 'localhost'" -// +kubebuilder:validation:XValidation:rule=`self.contains('*') ? self.matches('^\\*(?:\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+$') : true`,message="invalid image scope with wildcard, a wildcard can only be at the start of the domain and is only supported for subdomain matching, not path matching" -// +kubebuilder:validation:XValidation:rule=`!self.contains('*') ? self.matches('^((((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+(?::[0-9]+)?)|(localhost(?::[0-9]+)?))(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?)(?::([\\w][\\w.-]{0,127}))?(?:@([A-Za-z][A-Za-z0-9]*(?:[-_+.][A-Za-z][A-Za-z0-9]*)*[:][[:xdigit:]]{32,}))?$') : true`,message="invalid repository namespace or image specification in the image scope" -// +kubebuilder:validation:MaxLength=512 -type ImageScope string - -// ImageSigstoreVerificationPolicy defines the verification policy for the items in the scopes list. -type ImageSigstoreVerificationPolicy struct { - // rootOfTrust specifies the root of trust for the policy. - // +required - RootOfTrust PolicyRootOfTrust `json:"rootOfTrust"` - // signedIdentity specifies what image identity the signature claims about the image. The required matchPolicy field specifies the approach used in the verification process to verify the identity in the signature and the actual image identity, the default matchPolicy is "MatchRepoDigestOrExact". - // +optional - SignedIdentity PolicyIdentity `json:"signedIdentity,omitempty"` -} - -// PolicyRootOfTrust defines the root of trust based on the selected policyType. -// +union -// +kubebuilder:validation:XValidation:rule="has(self.policyType) && self.policyType == 'PublicKey' ? has(self.publicKey) : !has(self.publicKey)",message="publicKey is required when policyType is PublicKey, and forbidden otherwise" -// +kubebuilder:validation:XValidation:rule="has(self.policyType) && self.policyType == 'FulcioCAWithRekor' ? has(self.fulcioCAWithRekor) : !has(self.fulcioCAWithRekor)",message="fulcioCAWithRekor is required when policyType is FulcioCAWithRekor, and forbidden otherwise" -// +openshift:validation:FeatureGateAwareXValidation:featureGate=SigstoreImageVerificationPKI,rule="has(self.policyType) && self.policyType == 'PKI' ? has(self.pki) : !has(self.pki)",message="pki is required when policyType is PKI, and forbidden otherwise" -type PolicyRootOfTrust struct { - // policyType serves as the union's discriminator. Users are required to assign a value to this field, choosing one of the policy types that define the root of trust. - // "PublicKey" indicates that the policy relies on a sigstore publicKey and may optionally use a Rekor verification. - // "FulcioCAWithRekor" indicates that the policy is based on the Fulcio certification and incorporates a Rekor verification. - // "PKI" indicates that the policy is based on the certificates from Bring Your Own Public Key Infrastructure (BYOPKI). This value is enabled by turning on the SigstoreImageVerificationPKI feature gate. - // +unionDiscriminator - // +required - PolicyType PolicyType `json:"policyType"` - // publicKey defines the root of trust based on a sigstore public key. - // +optional - PublicKey *ImagePolicyPublicKeyRootOfTrust `json:"publicKey,omitempty"` - // fulcioCAWithRekor defines the root of trust based on the Fulcio certificate and the Rekor public key. - // For more information about Fulcio and Rekor, please refer to the document at: - // https://github.com/sigstore/fulcio and https://github.com/sigstore/rekor - // +optional - FulcioCAWithRekor *ImagePolicyFulcioCAWithRekorRootOfTrust `json:"fulcioCAWithRekor,omitempty"` - // pki defines the root of trust based on Bring Your Own Public Key Infrastructure (BYOPKI) Root CA(s) and corresponding intermediate certificates. - // +optional - // +openshift:enable:FeatureGate=SigstoreImageVerificationPKI - PKI *ImagePolicyPKIRootOfTrust `json:"pki,omitempty"` -} - -// +openshift:validation:FeatureGateAwareEnum:featureGate="",enum=PublicKey;FulcioCAWithRekor -// +openshift:validation:FeatureGateAwareEnum:featureGate=SigstoreImageVerificationPKI,enum=PublicKey;FulcioCAWithRekor;PKI -type PolicyType string - -const ( - PublicKeyRootOfTrust PolicyType = "PublicKey" - FulcioCAWithRekorRootOfTrust PolicyType = "FulcioCAWithRekor" - PKIRootOfTrust PolicyType = "PKI" -) - -// ImagePolicyPublicKeyRootOfTrust defines the root of trust based on a sigstore public key. -type ImagePolicyPublicKeyRootOfTrust struct { - // keyData contains inline base64-encoded data for the PEM format public key. - // KeyData must be at most 8192 characters. - // +required - // +kubebuilder:validation:MaxLength=8192 - KeyData []byte `json:"keyData"` - // rekorKeyData contains inline base64-encoded data for the PEM format from the Rekor public key. - // rekorKeyData must be at most 8192 characters. - // +optional - // +kubebuilder:validation:MaxLength=8192 - RekorKeyData []byte `json:"rekorKeyData,omitempty"` -} - -// ImagePolicyFulcioCAWithRekorRootOfTrust defines the root of trust based on the Fulcio certificate and the Rekor public key. -type ImagePolicyFulcioCAWithRekorRootOfTrust struct { - // fulcioCAData contains inline base64-encoded data for the PEM format fulcio CA. - // fulcioCAData must be at most 8192 characters. - // +required - // +kubebuilder:validation:MaxLength=8192 - FulcioCAData []byte `json:"fulcioCAData"` - // rekorKeyData contains inline base64-encoded data for the PEM format from the Rekor public key. - // rekorKeyData must be at most 8192 characters. - // +required - // +kubebuilder:validation:MaxLength=8192 - RekorKeyData []byte `json:"rekorKeyData"` - // fulcioSubject specifies OIDC issuer and the email of the Fulcio authentication configuration. - // +required - FulcioSubject PolicyFulcioSubject `json:"fulcioSubject"` -} - -// PolicyFulcioSubject defines the OIDC issuer and the email of the Fulcio authentication configuration. -type PolicyFulcioSubject struct { - // oidcIssuer contains the expected OIDC issuer. It will be verified that the Fulcio-issued certificate contains a (Fulcio-defined) certificate extension pointing at this OIDC issuer URL. When Fulcio issues certificates, it includes a value based on an URL inside the client-provided ID token. - // Example: "https://expected.OIDC.issuer/" - // +required - // +kubebuilder:validation:XValidation:rule="isURL(self)",message="oidcIssuer must be a valid URL" - OIDCIssuer string `json:"oidcIssuer"` - // signedEmail holds the email address the the Fulcio certificate is issued for. - // Example: "expected-signing-user@example.com" - // +required - // +kubebuilder:validation:XValidation:rule=`self.matches('^\\S+@\\S+$')`,message="invalid email address" - SignedEmail string `json:"signedEmail"` -} - -// ImagePolicyPKIRootOfTrust defines the root of trust based on Root CA(s) and corresponding intermediate certificates. -type ImagePolicyPKIRootOfTrust struct { - // caRootsData contains base64-encoded data of a certificate bundle PEM file, which contains one or more CA roots in the PEM format. The total length of the data must not exceed 8192 characters. - // +required - // +kubebuilder:validation:MaxLength=8192 - // +kubebuilder:validation:XValidation:rule="string(self).startsWith('-----BEGIN CERTIFICATE-----')",message="the caRootsData must start with base64 encoding of '-----BEGIN CERTIFICATE-----'." - // +kubebuilder:validation:XValidation:rule="string(self).endsWith('-----END CERTIFICATE-----\\n') || string(self).endsWith('-----END CERTIFICATE-----')",message="the caRootsData must end with base64 encoding of '-----END CERTIFICATE-----'." - // +kubebuilder:validation:XValidation:rule="string(self).findAll('-----BEGIN CERTIFICATE-----').size() == string(self).findAll('-----END CERTIFICATE-----').size()",message="caRootsData must be base64 encoding of valid PEM format data contain the same number of '-----BEGIN CERTIFICATE-----' and '-----END CERTIFICATE-----' markers." - CertificateAuthorityRootsData []byte `json:"caRootsData"` - // caIntermediatesData contains base64-encoded data of a certificate bundle PEM file, which contains one or more intermediate certificates in the PEM format. The total length of the data must not exceed 8192 characters. - // caIntermediatesData requires caRootsData to be set. - // +optional - // +kubebuilder:validation:XValidation:rule="string(self).startsWith('-----BEGIN CERTIFICATE-----')",message="the caIntermediatesData must start with base64 encoding of '-----BEGIN CERTIFICATE-----'." - // +kubebuilder:validation:XValidation:rule="string(self).endsWith('-----END CERTIFICATE-----\\n') || string(self).endsWith('-----END CERTIFICATE-----')",message="the caIntermediatesData must end with base64 encoding of '-----END CERTIFICATE-----'." - // +kubebuilder:validation:XValidation:rule="string(self).findAll('-----BEGIN CERTIFICATE-----').size() == string(self).findAll('-----END CERTIFICATE-----').size()",message="caIntermediatesData must be base64 encoding of valid PEM format data contain the same number of '-----BEGIN CERTIFICATE-----' and '-----END CERTIFICATE-----' markers." - // +kubebuilder:validation:MaxLength=8192 - CertificateAuthorityIntermediatesData []byte `json:"caIntermediatesData,omitempty"` - - // pkiCertificateSubject defines the requirements imposed on the subject to which the certificate was issued. - // +required - PKICertificateSubject PKICertificateSubject `json:"pkiCertificateSubject"` -} - -// PKICertificateSubject defines the requirements imposed on the subject to which the certificate was issued. -// +kubebuilder:validation:XValidation:rule="has(self.email) || has(self.hostname)", message="at least one of email or hostname must be set in pkiCertificateSubject" -// +openshift:enable:FeatureGate=SigstoreImageVerificationPKI -type PKICertificateSubject struct { - // email specifies the expected email address imposed on the subject to which the certificate was issued, and must match the email address listed in the Subject Alternative Name (SAN) field of the certificate. - // The email should be a valid email address and at most 320 characters in length. - // +optional - // +kubebuilder:validation:MaxLength:=320 - // +kubebuilder:validation:XValidation:rule=`self.matches('^\\S+@\\S+$')`,message="invalid email address in pkiCertificateSubject" - Email string `json:"email,omitempty"` - // hostname specifies the expected hostname imposed on the subject to which the certificate was issued, and it must match the hostname listed in the Subject Alternative Name (SAN) DNS field of the certificate. - // The hostname should be a valid dns 1123 subdomain name, optionally prefixed by '*.', and at most 253 characters in length. - // It should consist only of lowercase alphanumeric characters, hyphens, periods and the optional preceding asterisk. - // +optional - // +kubebuilder:validation:MaxLength:=253 - // +kubebuilder:validation:XValidation:rule="self.startsWith('*.') ? !format.dns1123Subdomain().validate(self.replace('*.', '', 1)).hasValue() : !format.dns1123Subdomain().validate(self).hasValue()",message="hostname should be a valid dns 1123 subdomain name, optionally prefixed by '*.'. It should consist only of lowercase alphanumeric characters, hyphens, periods and the optional preceding asterisk." - Hostname string `json:"hostname,omitempty"` -} - -// PolicyIdentity defines image identity the signature claims about the image. When omitted, the default matchPolicy is "MatchRepoDigestOrExact". -// +kubebuilder:validation:XValidation:rule="(has(self.matchPolicy) && self.matchPolicy == 'ExactRepository') ? has(self.exactRepository) : !has(self.exactRepository)",message="exactRepository is required when matchPolicy is ExactRepository, and forbidden otherwise" -// +kubebuilder:validation:XValidation:rule="(has(self.matchPolicy) && self.matchPolicy == 'RemapIdentity') ? has(self.remapIdentity) : !has(self.remapIdentity)",message="remapIdentity is required when matchPolicy is RemapIdentity, and forbidden otherwise" -// +union -type PolicyIdentity struct { - // matchPolicy sets the type of matching to be used. - // Valid values are "MatchRepoDigestOrExact", "MatchRepository", "ExactRepository", "RemapIdentity". When omitted, the default value is "MatchRepoDigestOrExact". - // If set matchPolicy to ExactRepository, then the exactRepository must be specified. - // If set matchPolicy to RemapIdentity, then the remapIdentity must be specified. - // "MatchRepoDigestOrExact" means that the identity in the signature must be in the same repository as the image identity if the image identity is referenced by a digest. Otherwise, the identity in the signature must be the same as the image identity. - // "MatchRepository" means that the identity in the signature must be in the same repository as the image identity. - // "ExactRepository" means that the identity in the signature must be in the same repository as a specific identity specified by "repository". - // "RemapIdentity" means that the signature must be in the same as the remapped image identity. Remapped image identity is obtained by replacing the "prefix" with the specified “signedPrefix” if the the image identity matches the specified remapPrefix. - // +unionDiscriminator - // +required - MatchPolicy IdentityMatchPolicy `json:"matchPolicy"` - // exactRepository is required if matchPolicy is set to "ExactRepository". - // +optional - PolicyMatchExactRepository *PolicyMatchExactRepository `json:"exactRepository,omitempty"` - // remapIdentity is required if matchPolicy is set to "RemapIdentity". - // +optional - PolicyMatchRemapIdentity *PolicyMatchRemapIdentity `json:"remapIdentity,omitempty"` -} - -// +kubebuilder:validation:MaxLength=512 -// +kubebuilder:validation:XValidation:rule=`self.matches('.*:([\\w][\\w.-]{0,127})$')? self.matches('^(localhost:[0-9]+)$'): true`,message="invalid repository or prefix in the signedIdentity, should not include the tag or digest" -// +kubebuilder:validation:XValidation:rule=`self.matches('^(((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+(?::[0-9]+)?)|(localhost(?::[0-9]+)?))(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$')`,message="invalid repository or prefix in the signedIdentity" -type IdentityRepositoryPrefix string - -type PolicyMatchExactRepository struct { - // repository is the reference of the image identity to be matched. - // The value should be a repository name (by omitting the tag or digest) in a registry implementing the "Docker Registry HTTP API V2". For example, docker.io/library/busybox - // +required - Repository IdentityRepositoryPrefix `json:"repository"` -} - -type PolicyMatchRemapIdentity struct { - // prefix is the prefix of the image identity to be matched. - // If the image identity matches the specified prefix, that prefix is replaced by the specified “signedPrefix” (otherwise it is used as unchanged and no remapping takes place). - // This useful when verifying signatures for a mirror of some other repository namespace that preserves the vendor’s repository structure. - // The prefix and signedPrefix values can be either host[:port] values (matching exactly the same host[:port], string), repository namespaces, - // or repositories (i.e. they must not contain tags/digests), and match as prefixes of the fully expanded form. - // For example, docker.io/library/busybox (not busybox) to specify that single repository, or docker.io/library (not an empty string) to specify the parent namespace of docker.io/library/busybox. - // +required - Prefix IdentityRepositoryPrefix `json:"prefix"` - // signedPrefix is the prefix of the image identity to be matched in the signature. The format is the same as "prefix". The values can be either host[:port] values (matching exactly the same host[:port], string), repository namespaces, - // or repositories (i.e. they must not contain tags/digests), and match as prefixes of the fully expanded form. - // For example, docker.io/library/busybox (not busybox) to specify that single repository, or docker.io/library (not an empty string) to specify the parent namespace of docker.io/library/busybox. - // +required - SignedPrefix IdentityRepositoryPrefix `json:"signedPrefix"` -} - -// IdentityMatchPolicy defines the type of matching for "matchPolicy". -// +kubebuilder:validation:Enum=MatchRepoDigestOrExact;MatchRepository;ExactRepository;RemapIdentity -type IdentityMatchPolicy string - -const ( - IdentityMatchPolicyMatchRepoDigestOrExact IdentityMatchPolicy = "MatchRepoDigestOrExact" - IdentityMatchPolicyMatchRepository IdentityMatchPolicy = "MatchRepository" - IdentityMatchPolicyExactRepository IdentityMatchPolicy = "ExactRepository" - IdentityMatchPolicyRemapIdentity IdentityMatchPolicy = "RemapIdentity" -) - -// +k8s:deepcopy-gen=true -type ImagePolicyStatus struct { - // conditions provide details on the status of this API Resource. - // +listType=map - // +listMapKey=type - // +optional - Conditions []metav1.Condition `json:"conditions,omitempty"` -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// ImagePolicyList is a list of ImagePolicy resources -// -// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. -// +openshift:compatibility-gen:level=4 -type ImagePolicyList struct { - metav1.TypeMeta `json:",inline"` - - // metadata is the standard list's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - metav1.ListMeta `json:"metadata"` - - Items []ImagePolicy `json:"items"` -} - -const ( - // ImagePolicyPending indicates that the customer resource contains a policy that cannot take effect. It is either overwritten by a global policy or the image scope is not valid. - ImagePolicyPending = "Pending" - // ImagePolicyApplied indicates that the policy has been applied - ImagePolicyApplied = "Applied" -) diff --git a/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.deepcopy.go index e28a94dbef..ad6afabff9 100644 --- a/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.deepcopy.go @@ -11,6 +11,29 @@ import ( runtime "k8s.io/apimachinery/pkg/runtime" ) +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AdditionalAlertmanagerConfig) DeepCopyInto(out *AdditionalAlertmanagerConfig) { + *out = *in + out.Authorization = in.Authorization + if in.StaticConfigs != nil { + in, out := &in.StaticConfigs, &out.StaticConfigs + *out = make([]string, len(*in)) + copy(*out, *in) + } + out.TLSConfig = in.TLSConfig + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdditionalAlertmanagerConfig. +func (in *AdditionalAlertmanagerConfig) DeepCopy() *AdditionalAlertmanagerConfig { + if in == nil { + return nil + } + out := new(AdditionalAlertmanagerConfig) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *AlertmanagerConfig) DeepCopyInto(out *AlertmanagerConfig) { *out = *in @@ -98,6 +121,23 @@ func (in *Audit) DeepCopy() *Audit { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AuthorizationConfig) DeepCopyInto(out *AuthorizationConfig) { + *out = *in + out.BearerToken = in.BearerToken + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthorizationConfig. +func (in *AuthorizationConfig) DeepCopy() *AuthorizationConfig { + if in == nil { + return nil + } + out := new(AuthorizationConfig) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Backup) DeepCopyInto(out *Backup) { *out = *in @@ -192,6 +232,24 @@ func (in *BackupStatus) DeepCopy() *BackupStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BasicAuth) DeepCopyInto(out *BasicAuth) { + *out = *in + out.Username = in.Username + out.Password = in.Password + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BasicAuth. +func (in *BasicAuth) DeepCopy() *BasicAuth { + if in == nil { + return nil + } + out := new(BasicAuth) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *CRIOCredentialProviderConfig) DeepCopyInto(out *CRIOCredentialProviderConfig) { *out = *in @@ -318,112 +376,6 @@ func (in *CertificateConfig) DeepCopy() *CertificateConfig { return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ClusterImagePolicy) DeepCopyInto(out *ClusterImagePolicy) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - in.Status.DeepCopyInto(&out.Status) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterImagePolicy. -func (in *ClusterImagePolicy) DeepCopy() *ClusterImagePolicy { - if in == nil { - return nil - } - out := new(ClusterImagePolicy) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *ClusterImagePolicy) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ClusterImagePolicyList) DeepCopyInto(out *ClusterImagePolicyList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]ClusterImagePolicy, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterImagePolicyList. -func (in *ClusterImagePolicyList) DeepCopy() *ClusterImagePolicyList { - if in == nil { - return nil - } - out := new(ClusterImagePolicyList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *ClusterImagePolicyList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ClusterImagePolicySpec) DeepCopyInto(out *ClusterImagePolicySpec) { - *out = *in - if in.Scopes != nil { - in, out := &in.Scopes, &out.Scopes - *out = make([]ImageScope, len(*in)) - copy(*out, *in) - } - in.Policy.DeepCopyInto(&out.Policy) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterImagePolicySpec. -func (in *ClusterImagePolicySpec) DeepCopy() *ClusterImagePolicySpec { - if in == nil { - return nil - } - out := new(ClusterImagePolicySpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ClusterImagePolicyStatus) DeepCopyInto(out *ClusterImagePolicyStatus) { - *out = *in - if in.Conditions != nil { - in, out := &in.Conditions, &out.Conditions - *out = make([]metav1.Condition, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterImagePolicyStatus. -func (in *ClusterImagePolicyStatus) DeepCopy() *ClusterImagePolicyStatus { - if in == nil { - return nil - } - out := new(ClusterImagePolicyStatus) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ClusterMonitoring) DeepCopyInto(out *ClusterMonitoring) { *out = *in @@ -490,9 +442,11 @@ func (in *ClusterMonitoringSpec) DeepCopyInto(out *ClusterMonitoringSpec) { *out = *in out.UserDefined = in.UserDefined in.AlertmanagerConfig.DeepCopyInto(&out.AlertmanagerConfig) + in.PrometheusConfig.DeepCopyInto(&out.PrometheusConfig) in.MetricsServerConfig.DeepCopyInto(&out.MetricsServerConfig) in.PrometheusOperatorConfig.DeepCopyInto(&out.PrometheusOperatorConfig) in.PrometheusOperatorAdmissionWebhookConfig.DeepCopyInto(&out.PrometheusOperatorAdmissionWebhookConfig) + in.OpenShiftStateMetricsConfig.DeepCopyInto(&out.OpenShiftStateMetricsConfig) return } @@ -574,6 +528,22 @@ func (in *DefaultCertificateConfig) DeepCopy() *DefaultCertificateConfig { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *DropEqualActionConfig) DeepCopyInto(out *DropEqualActionConfig) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DropEqualActionConfig. +func (in *DropEqualActionConfig) DeepCopy() *DropEqualActionConfig { + if in == nil { + return nil + } + out := new(DropEqualActionConfig) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ECDSAKeyConfig) DeepCopyInto(out *ECDSAKeyConfig) { *out = *in @@ -634,68 +604,57 @@ func (in *GatherConfig) DeepCopy() *GatherConfig { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ImagePolicy) DeepCopyInto(out *ImagePolicy) { +func (in *HashModActionConfig) DeepCopyInto(out *HashModActionConfig) { *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - in.Status.DeepCopyInto(&out.Status) return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImagePolicy. -func (in *ImagePolicy) DeepCopy() *ImagePolicy { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HashModActionConfig. +func (in *HashModActionConfig) DeepCopy() *HashModActionConfig { if in == nil { return nil } - out := new(ImagePolicy) + out := new(HashModActionConfig) in.DeepCopyInto(out) return out } -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *ImagePolicy) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ImagePolicyFulcioCAWithRekorRootOfTrust) DeepCopyInto(out *ImagePolicyFulcioCAWithRekorRootOfTrust) { +func (in *InsightsDataGather) DeepCopyInto(out *InsightsDataGather) { *out = *in - if in.FulcioCAData != nil { - in, out := &in.FulcioCAData, &out.FulcioCAData - *out = make([]byte, len(*in)) - copy(*out, *in) - } - if in.RekorKeyData != nil { - in, out := &in.RekorKeyData, &out.RekorKeyData - *out = make([]byte, len(*in)) - copy(*out, *in) - } - out.FulcioSubject = in.FulcioSubject + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + out.Status = in.Status return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImagePolicyFulcioCAWithRekorRootOfTrust. -func (in *ImagePolicyFulcioCAWithRekorRootOfTrust) DeepCopy() *ImagePolicyFulcioCAWithRekorRootOfTrust { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InsightsDataGather. +func (in *InsightsDataGather) DeepCopy() *InsightsDataGather { if in == nil { return nil } - out := new(ImagePolicyFulcioCAWithRekorRootOfTrust) + out := new(InsightsDataGather) in.DeepCopyInto(out) return out } +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *InsightsDataGather) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ImagePolicyList) DeepCopyInto(out *ImagePolicyList) { +func (in *InsightsDataGatherList) DeepCopyInto(out *InsightsDataGatherList) { *out = *in out.TypeMeta = in.TypeMeta in.ListMeta.DeepCopyInto(&out.ListMeta) if in.Items != nil { in, out := &in.Items, &out.Items - *out = make([]ImagePolicy, len(*in)) + *out = make([]InsightsDataGather, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } @@ -703,18 +662,18 @@ func (in *ImagePolicyList) DeepCopyInto(out *ImagePolicyList) { return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImagePolicyList. -func (in *ImagePolicyList) DeepCopy() *ImagePolicyList { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InsightsDataGatherList. +func (in *InsightsDataGatherList) DeepCopy() *InsightsDataGatherList { if in == nil { return nil } - out := new(ImagePolicyList) + out := new(InsightsDataGatherList) in.DeepCopyInto(out) return out } // DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *ImagePolicyList) DeepCopyObject() runtime.Object { +func (in *InsightsDataGatherList) DeepCopyObject() runtime.Object { if c := in.DeepCopy(); c != nil { return c } @@ -722,237 +681,252 @@ func (in *ImagePolicyList) DeepCopyObject() runtime.Object { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ImagePolicyPKIRootOfTrust) DeepCopyInto(out *ImagePolicyPKIRootOfTrust) { +func (in *InsightsDataGatherSpec) DeepCopyInto(out *InsightsDataGatherSpec) { *out = *in - if in.CertificateAuthorityRootsData != nil { - in, out := &in.CertificateAuthorityRootsData, &out.CertificateAuthorityRootsData - *out = make([]byte, len(*in)) - copy(*out, *in) - } - if in.CertificateAuthorityIntermediatesData != nil { - in, out := &in.CertificateAuthorityIntermediatesData, &out.CertificateAuthorityIntermediatesData - *out = make([]byte, len(*in)) - copy(*out, *in) - } - out.PKICertificateSubject = in.PKICertificateSubject + in.GatherConfig.DeepCopyInto(&out.GatherConfig) return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImagePolicyPKIRootOfTrust. -func (in *ImagePolicyPKIRootOfTrust) DeepCopy() *ImagePolicyPKIRootOfTrust { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InsightsDataGatherSpec. +func (in *InsightsDataGatherSpec) DeepCopy() *InsightsDataGatherSpec { if in == nil { return nil } - out := new(ImagePolicyPKIRootOfTrust) + out := new(InsightsDataGatherSpec) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ImagePolicyPublicKeyRootOfTrust) DeepCopyInto(out *ImagePolicyPublicKeyRootOfTrust) { +func (in *InsightsDataGatherStatus) DeepCopyInto(out *InsightsDataGatherStatus) { *out = *in - if in.KeyData != nil { - in, out := &in.KeyData, &out.KeyData - *out = make([]byte, len(*in)) - copy(*out, *in) - } - if in.RekorKeyData != nil { - in, out := &in.RekorKeyData, &out.RekorKeyData - *out = make([]byte, len(*in)) - copy(*out, *in) - } return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImagePolicyPublicKeyRootOfTrust. -func (in *ImagePolicyPublicKeyRootOfTrust) DeepCopy() *ImagePolicyPublicKeyRootOfTrust { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InsightsDataGatherStatus. +func (in *InsightsDataGatherStatus) DeepCopy() *InsightsDataGatherStatus { if in == nil { return nil } - out := new(ImagePolicyPublicKeyRootOfTrust) + out := new(InsightsDataGatherStatus) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ImagePolicySpec) DeepCopyInto(out *ImagePolicySpec) { +func (in *KeepEqualActionConfig) DeepCopyInto(out *KeepEqualActionConfig) { *out = *in - if in.Scopes != nil { - in, out := &in.Scopes, &out.Scopes - *out = make([]ImageScope, len(*in)) - copy(*out, *in) - } - in.Policy.DeepCopyInto(&out.Policy) return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImagePolicySpec. -func (in *ImagePolicySpec) DeepCopy() *ImagePolicySpec { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KeepEqualActionConfig. +func (in *KeepEqualActionConfig) DeepCopy() *KeepEqualActionConfig { if in == nil { return nil } - out := new(ImagePolicySpec) + out := new(KeepEqualActionConfig) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ImagePolicyStatus) DeepCopyInto(out *ImagePolicyStatus) { +func (in *KeyConfig) DeepCopyInto(out *KeyConfig) { *out = *in - if in.Conditions != nil { - in, out := &in.Conditions, &out.Conditions - *out = make([]metav1.Condition, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } + out.RSA = in.RSA + out.ECDSA = in.ECDSA return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImagePolicyStatus. -func (in *ImagePolicyStatus) DeepCopy() *ImagePolicyStatus { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KeyConfig. +func (in *KeyConfig) DeepCopy() *KeyConfig { if in == nil { return nil } - out := new(ImagePolicyStatus) + out := new(KeyConfig) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ImageSigstoreVerificationPolicy) DeepCopyInto(out *ImageSigstoreVerificationPolicy) { +func (in *Label) DeepCopyInto(out *Label) { *out = *in - in.RootOfTrust.DeepCopyInto(&out.RootOfTrust) - in.SignedIdentity.DeepCopyInto(&out.SignedIdentity) return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImageSigstoreVerificationPolicy. -func (in *ImageSigstoreVerificationPolicy) DeepCopy() *ImageSigstoreVerificationPolicy { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Label. +func (in *Label) DeepCopy() *Label { if in == nil { return nil } - out := new(ImageSigstoreVerificationPolicy) + out := new(Label) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *InsightsDataGather) DeepCopyInto(out *InsightsDataGather) { +func (in *LabelMapActionConfig) DeepCopyInto(out *LabelMapActionConfig) { *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - out.Status = in.Status return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InsightsDataGather. -func (in *InsightsDataGather) DeepCopy() *InsightsDataGather { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LabelMapActionConfig. +func (in *LabelMapActionConfig) DeepCopy() *LabelMapActionConfig { if in == nil { return nil } - out := new(InsightsDataGather) + out := new(LabelMapActionConfig) in.DeepCopyInto(out) return out } -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *InsightsDataGather) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *InsightsDataGatherList) DeepCopyInto(out *InsightsDataGatherList) { +func (in *LowercaseActionConfig) DeepCopyInto(out *LowercaseActionConfig) { *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]InsightsDataGather, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InsightsDataGatherList. -func (in *InsightsDataGatherList) DeepCopy() *InsightsDataGatherList { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LowercaseActionConfig. +func (in *LowercaseActionConfig) DeepCopy() *LowercaseActionConfig { if in == nil { return nil } - out := new(InsightsDataGatherList) + out := new(LowercaseActionConfig) in.DeepCopyInto(out) return out } -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *InsightsDataGatherList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *InsightsDataGatherSpec) DeepCopyInto(out *InsightsDataGatherSpec) { +func (in *MetadataConfig) DeepCopyInto(out *MetadataConfig) { *out = *in - in.GatherConfig.DeepCopyInto(&out.GatherConfig) + out.Custom = in.Custom return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InsightsDataGatherSpec. -func (in *InsightsDataGatherSpec) DeepCopy() *InsightsDataGatherSpec { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MetadataConfig. +func (in *MetadataConfig) DeepCopy() *MetadataConfig { if in == nil { return nil } - out := new(InsightsDataGatherSpec) + out := new(MetadataConfig) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *InsightsDataGatherStatus) DeepCopyInto(out *InsightsDataGatherStatus) { +func (in *MetadataConfigCustom) DeepCopyInto(out *MetadataConfigCustom) { *out = *in return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InsightsDataGatherStatus. -func (in *InsightsDataGatherStatus) DeepCopy() *InsightsDataGatherStatus { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MetadataConfigCustom. +func (in *MetadataConfigCustom) DeepCopy() *MetadataConfigCustom { if in == nil { return nil } - out := new(InsightsDataGatherStatus) + out := new(MetadataConfigCustom) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *KeyConfig) DeepCopyInto(out *KeyConfig) { +func (in *MetricsServerConfig) DeepCopyInto(out *MetricsServerConfig) { *out = *in - out.RSA = in.RSA - out.ECDSA = in.ECDSA + out.Audit = in.Audit + if in.NodeSelector != nil { + in, out := &in.NodeSelector, &out.NodeSelector + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + if in.Tolerations != nil { + in, out := &in.Tolerations, &out.Tolerations + *out = make([]v1.Toleration, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Resources != nil { + in, out := &in.Resources, &out.Resources + *out = make([]ContainerResource, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.TopologySpreadConstraints != nil { + in, out := &in.TopologySpreadConstraints, &out.TopologySpreadConstraints + *out = make([]v1.TopologySpreadConstraint, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KeyConfig. -func (in *KeyConfig) DeepCopy() *KeyConfig { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MetricsServerConfig. +func (in *MetricsServerConfig) DeepCopy() *MetricsServerConfig { if in == nil { return nil } - out := new(KeyConfig) + out := new(MetricsServerConfig) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *MetricsServerConfig) DeepCopyInto(out *MetricsServerConfig) { +func (in *OAuth2) DeepCopyInto(out *OAuth2) { + *out = *in + out.ClientID = in.ClientID + out.ClientSecret = in.ClientSecret + if in.Scopes != nil { + in, out := &in.Scopes, &out.Scopes + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.EndpointParams != nil { + in, out := &in.EndpointParams, &out.EndpointParams + *out = make([]OAuth2EndpointParam, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OAuth2. +func (in *OAuth2) DeepCopy() *OAuth2 { + if in == nil { + return nil + } + out := new(OAuth2) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OAuth2EndpointParam) DeepCopyInto(out *OAuth2EndpointParam) { + *out = *in + if in.Value != nil { + in, out := &in.Value, &out.Value + *out = new(string) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OAuth2EndpointParam. +func (in *OAuth2EndpointParam) DeepCopy() *OAuth2EndpointParam { + if in == nil { + return nil + } + out := new(OAuth2EndpointParam) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OpenShiftStateMetricsConfig) DeepCopyInto(out *OpenShiftStateMetricsConfig) { *out = *in - out.Audit = in.Audit if in.NodeSelector != nil { in, out := &in.NodeSelector, &out.NodeSelector *out = make(map[string]string, len(*in)) @@ -960,16 +934,16 @@ func (in *MetricsServerConfig) DeepCopyInto(out *MetricsServerConfig) { (*out)[key] = val } } - if in.Tolerations != nil { - in, out := &in.Tolerations, &out.Tolerations - *out = make([]v1.Toleration, len(*in)) + if in.Resources != nil { + in, out := &in.Resources, &out.Resources + *out = make([]ContainerResource, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } } - if in.Resources != nil { - in, out := &in.Resources, &out.Resources - *out = make([]ContainerResource, len(*in)) + if in.Tolerations != nil { + in, out := &in.Tolerations, &out.Tolerations + *out = make([]v1.Toleration, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } @@ -984,12 +958,12 @@ func (in *MetricsServerConfig) DeepCopyInto(out *MetricsServerConfig) { return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MetricsServerConfig. -func (in *MetricsServerConfig) DeepCopy() *MetricsServerConfig { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OpenShiftStateMetricsConfig. +func (in *OpenShiftStateMetricsConfig) DeepCopy() *OpenShiftStateMetricsConfig { if in == nil { return nil } - out := new(MetricsServerConfig) + out := new(OpenShiftStateMetricsConfig) in.DeepCopyInto(out) return out } @@ -1038,22 +1012,6 @@ func (in *PKICertificateManagement) DeepCopy() *PKICertificateManagement { return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PKICertificateSubject) DeepCopyInto(out *PKICertificateSubject) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PKICertificateSubject. -func (in *PKICertificateSubject) DeepCopy() *PKICertificateSubject { - if in == nil { - return nil - } - out := new(PKICertificateSubject) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *PKIList) DeepCopyInto(out *PKIList) { *out = *in @@ -1158,123 +1116,288 @@ func (in *PersistentVolumeConfig) DeepCopy() *PersistentVolumeConfig { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PolicyFulcioSubject) DeepCopyInto(out *PolicyFulcioSubject) { +func (in *PrometheusConfig) DeepCopyInto(out *PrometheusConfig) { *out = *in + if in.AdditionalAlertmanagerConfigs != nil { + in, out := &in.AdditionalAlertmanagerConfigs, &out.AdditionalAlertmanagerConfigs + *out = make([]AdditionalAlertmanagerConfig, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.ExternalLabels != nil { + in, out := &in.ExternalLabels, &out.ExternalLabels + *out = make([]Label, len(*in)) + copy(*out, *in) + } + if in.NodeSelector != nil { + in, out := &in.NodeSelector, &out.NodeSelector + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + if in.RemoteWrite != nil { + in, out := &in.RemoteWrite, &out.RemoteWrite + *out = make([]RemoteWriteSpec, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Resources != nil { + in, out := &in.Resources, &out.Resources + *out = make([]ContainerResource, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + out.Retention = in.Retention + if in.Tolerations != nil { + in, out := &in.Tolerations, &out.Tolerations + *out = make([]v1.Toleration, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.TopologySpreadConstraints != nil { + in, out := &in.TopologySpreadConstraints, &out.TopologySpreadConstraints + *out = make([]v1.TopologySpreadConstraint, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.VolumeClaimTemplate != nil { + in, out := &in.VolumeClaimTemplate, &out.VolumeClaimTemplate + *out = new(v1.PersistentVolumeClaim) + (*in).DeepCopyInto(*out) + } return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyFulcioSubject. -func (in *PolicyFulcioSubject) DeepCopy() *PolicyFulcioSubject { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PrometheusConfig. +func (in *PrometheusConfig) DeepCopy() *PrometheusConfig { if in == nil { return nil } - out := new(PolicyFulcioSubject) + out := new(PrometheusConfig) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PolicyIdentity) DeepCopyInto(out *PolicyIdentity) { +func (in *PrometheusOperatorAdmissionWebhookConfig) DeepCopyInto(out *PrometheusOperatorAdmissionWebhookConfig) { *out = *in - if in.PolicyMatchExactRepository != nil { - in, out := &in.PolicyMatchExactRepository, &out.PolicyMatchExactRepository - *out = new(PolicyMatchExactRepository) - **out = **in + if in.Resources != nil { + in, out := &in.Resources, &out.Resources + *out = make([]ContainerResource, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } } - if in.PolicyMatchRemapIdentity != nil { - in, out := &in.PolicyMatchRemapIdentity, &out.PolicyMatchRemapIdentity - *out = new(PolicyMatchRemapIdentity) + if in.TopologySpreadConstraints != nil { + in, out := &in.TopologySpreadConstraints, &out.TopologySpreadConstraints + *out = make([]v1.TopologySpreadConstraint, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PrometheusOperatorAdmissionWebhookConfig. +func (in *PrometheusOperatorAdmissionWebhookConfig) DeepCopy() *PrometheusOperatorAdmissionWebhookConfig { + if in == nil { + return nil + } + out := new(PrometheusOperatorAdmissionWebhookConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PrometheusOperatorConfig) DeepCopyInto(out *PrometheusOperatorConfig) { + *out = *in + if in.NodeSelector != nil { + in, out := &in.NodeSelector, &out.NodeSelector + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + if in.Resources != nil { + in, out := &in.Resources, &out.Resources + *out = make([]ContainerResource, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Tolerations != nil { + in, out := &in.Tolerations, &out.Tolerations + *out = make([]v1.Toleration, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.TopologySpreadConstraints != nil { + in, out := &in.TopologySpreadConstraints, &out.TopologySpreadConstraints + *out = make([]v1.TopologySpreadConstraint, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PrometheusOperatorConfig. +func (in *PrometheusOperatorConfig) DeepCopy() *PrometheusOperatorConfig { + if in == nil { + return nil + } + out := new(PrometheusOperatorConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PrometheusRemoteWriteHeader) DeepCopyInto(out *PrometheusRemoteWriteHeader) { + *out = *in + if in.Value != nil { + in, out := &in.Value, &out.Value + *out = new(string) **out = **in } return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyIdentity. -func (in *PolicyIdentity) DeepCopy() *PolicyIdentity { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PrometheusRemoteWriteHeader. +func (in *PrometheusRemoteWriteHeader) DeepCopy() *PrometheusRemoteWriteHeader { if in == nil { return nil } - out := new(PolicyIdentity) + out := new(PrometheusRemoteWriteHeader) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PolicyMatchExactRepository) DeepCopyInto(out *PolicyMatchExactRepository) { +func (in *QueueConfig) DeepCopyInto(out *QueueConfig) { *out = *in return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyMatchExactRepository. -func (in *PolicyMatchExactRepository) DeepCopy() *PolicyMatchExactRepository { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new QueueConfig. +func (in *QueueConfig) DeepCopy() *QueueConfig { if in == nil { return nil } - out := new(PolicyMatchExactRepository) + out := new(QueueConfig) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PolicyMatchRemapIdentity) DeepCopyInto(out *PolicyMatchRemapIdentity) { +func (in *RSAKeyConfig) DeepCopyInto(out *RSAKeyConfig) { *out = *in return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyMatchRemapIdentity. -func (in *PolicyMatchRemapIdentity) DeepCopy() *PolicyMatchRemapIdentity { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RSAKeyConfig. +func (in *RSAKeyConfig) DeepCopy() *RSAKeyConfig { if in == nil { return nil } - out := new(PolicyMatchRemapIdentity) + out := new(RSAKeyConfig) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PolicyRootOfTrust) DeepCopyInto(out *PolicyRootOfTrust) { +func (in *RelabelActionConfig) DeepCopyInto(out *RelabelActionConfig) { *out = *in - if in.PublicKey != nil { - in, out := &in.PublicKey, &out.PublicKey - *out = new(ImagePolicyPublicKeyRootOfTrust) - (*in).DeepCopyInto(*out) + in.Replace.DeepCopyInto(&out.Replace) + out.HashMod = in.HashMod + out.LabelMap = in.LabelMap + out.Lowercase = in.Lowercase + out.Uppercase = in.Uppercase + out.KeepEqual = in.KeepEqual + out.DropEqual = in.DropEqual + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RelabelActionConfig. +func (in *RelabelActionConfig) DeepCopy() *RelabelActionConfig { + if in == nil { + return nil } - if in.FulcioCAWithRekor != nil { - in, out := &in.FulcioCAWithRekor, &out.FulcioCAWithRekor - *out = new(ImagePolicyFulcioCAWithRekorRootOfTrust) - (*in).DeepCopyInto(*out) + out := new(RelabelActionConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RelabelConfig) DeepCopyInto(out *RelabelConfig) { + *out = *in + if in.SourceLabels != nil { + in, out := &in.SourceLabels, &out.SourceLabels + *out = make([]string, len(*in)) + copy(*out, *in) + } + in.Action.DeepCopyInto(&out.Action) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RelabelConfig. +func (in *RelabelConfig) DeepCopy() *RelabelConfig { + if in == nil { + return nil } - if in.PKI != nil { - in, out := &in.PKI, &out.PKI - *out = new(ImagePolicyPKIRootOfTrust) + out := new(RelabelConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RemoteWriteAuthorization) DeepCopyInto(out *RemoteWriteAuthorization) { + *out = *in + if in.SafeAuthorization != nil { + in, out := &in.SafeAuthorization, &out.SafeAuthorization + *out = new(v1.SecretKeySelector) (*in).DeepCopyInto(*out) } + out.BearerToken = in.BearerToken + out.BasicAuth = in.BasicAuth + in.OAuth2.DeepCopyInto(&out.OAuth2) + out.Sigv4 = in.Sigv4 return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyRootOfTrust. -func (in *PolicyRootOfTrust) DeepCopy() *PolicyRootOfTrust { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RemoteWriteAuthorization. +func (in *RemoteWriteAuthorization) DeepCopy() *RemoteWriteAuthorization { if in == nil { return nil } - out := new(PolicyRootOfTrust) + out := new(RemoteWriteAuthorization) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PrometheusOperatorAdmissionWebhookConfig) DeepCopyInto(out *PrometheusOperatorAdmissionWebhookConfig) { +func (in *RemoteWriteSpec) DeepCopyInto(out *RemoteWriteSpec) { *out = *in - if in.Resources != nil { - in, out := &in.Resources, &out.Resources - *out = make([]ContainerResource, len(*in)) + in.AuthorizationConfig.DeepCopyInto(&out.AuthorizationConfig) + if in.Headers != nil { + in, out := &in.Headers, &out.Headers + *out = make([]PrometheusRemoteWriteHeader, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } } - if in.TopologySpreadConstraints != nil { - in, out := &in.TopologySpreadConstraints, &out.TopologySpreadConstraints - *out = make([]v1.TopologySpreadConstraint, len(*in)) + out.MetadataConfig = in.MetadataConfig + out.QueueConfig = in.QueueConfig + out.TLSConfig = in.TLSConfig + if in.WriteRelabelConfigs != nil { + in, out := &in.WriteRelabelConfigs, &out.WriteRelabelConfigs + *out = make([]RelabelConfig, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } @@ -1282,72 +1405,49 @@ func (in *PrometheusOperatorAdmissionWebhookConfig) DeepCopyInto(out *Prometheus return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PrometheusOperatorAdmissionWebhookConfig. -func (in *PrometheusOperatorAdmissionWebhookConfig) DeepCopy() *PrometheusOperatorAdmissionWebhookConfig { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RemoteWriteSpec. +func (in *RemoteWriteSpec) DeepCopy() *RemoteWriteSpec { if in == nil { return nil } - out := new(PrometheusOperatorAdmissionWebhookConfig) + out := new(RemoteWriteSpec) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PrometheusOperatorConfig) DeepCopyInto(out *PrometheusOperatorConfig) { +func (in *ReplaceActionConfig) DeepCopyInto(out *ReplaceActionConfig) { *out = *in - if in.NodeSelector != nil { - in, out := &in.NodeSelector, &out.NodeSelector - *out = make(map[string]string, len(*in)) - for key, val := range *in { - (*out)[key] = val - } - } - if in.Resources != nil { - in, out := &in.Resources, &out.Resources - *out = make([]ContainerResource, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.Tolerations != nil { - in, out := &in.Tolerations, &out.Tolerations - *out = make([]v1.Toleration, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.TopologySpreadConstraints != nil { - in, out := &in.TopologySpreadConstraints, &out.TopologySpreadConstraints - *out = make([]v1.TopologySpreadConstraint, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } + if in.Replacement != nil { + in, out := &in.Replacement, &out.Replacement + *out = new(string) + **out = **in } return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PrometheusOperatorConfig. -func (in *PrometheusOperatorConfig) DeepCopy() *PrometheusOperatorConfig { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ReplaceActionConfig. +func (in *ReplaceActionConfig) DeepCopy() *ReplaceActionConfig { if in == nil { return nil } - out := new(PrometheusOperatorConfig) + out := new(ReplaceActionConfig) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *RSAKeyConfig) DeepCopyInto(out *RSAKeyConfig) { +func (in *Retention) DeepCopyInto(out *Retention) { *out = *in return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RSAKeyConfig. -func (in *RSAKeyConfig) DeepCopy() *RSAKeyConfig { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Retention. +func (in *Retention) DeepCopy() *Retention { if in == nil { return nil } - out := new(RSAKeyConfig) + out := new(Retention) in.DeepCopyInto(out) return out } @@ -1410,6 +1510,40 @@ func (in *RetentionSizeConfig) DeepCopy() *RetentionSizeConfig { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SecretKeySelector) DeepCopyInto(out *SecretKeySelector) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretKeySelector. +func (in *SecretKeySelector) DeepCopy() *SecretKeySelector { + if in == nil { + return nil + } + out := new(SecretKeySelector) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Sigv4) DeepCopyInto(out *Sigv4) { + *out = *in + out.AccessKey = in.AccessKey + out.SecretKey = in.SecretKey + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Sigv4. +func (in *Sigv4) DeepCopy() *Sigv4 { + if in == nil { + return nil + } + out := new(Sigv4) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Storage) DeepCopyInto(out *Storage) { *out = *in @@ -1431,6 +1565,41 @@ func (in *Storage) DeepCopy() *Storage { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TLSConfig) DeepCopyInto(out *TLSConfig) { + *out = *in + out.CA = in.CA + out.Cert = in.Cert + out.Key = in.Key + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSConfig. +func (in *TLSConfig) DeepCopy() *TLSConfig { + if in == nil { + return nil + } + out := new(TLSConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *UppercaseActionConfig) DeepCopyInto(out *UppercaseActionConfig) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UppercaseActionConfig. +func (in *UppercaseActionConfig) DeepCopy() *UppercaseActionConfig { + if in == nil { + return nil + } + out := new(UppercaseActionConfig) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *UserDefinedMonitoring) DeepCopyInto(out *UserDefinedMonitoring) { *out = *in diff --git a/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.featuregated-crd-manifests.yaml b/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.featuregated-crd-manifests.yaml index dc2d249a99..b2a1241937 100644 --- a/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.featuregated-crd-manifests.yaml +++ b/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.featuregated-crd-manifests.yaml @@ -44,30 +44,6 @@ criocredentialproviderconfigs.config.openshift.io: - CRIOCredentialProviderConfig Version: v1alpha1 -clusterimagepolicies.config.openshift.io: - Annotations: {} - ApprovedPRNumber: https://github.com/openshift/api/pull/1457 - CRDName: clusterimagepolicies.config.openshift.io - Capability: "" - Category: "" - FeatureGates: - - SigstoreImageVerification - - SigstoreImageVerificationPKI - FilenameOperatorName: config-operator - FilenameOperatorOrdering: "01" - FilenameRunLevel: "0000_10" - GroupName: config.openshift.io - HasStatus: true - KindName: ClusterImagePolicy - Labels: {} - PluralName: clusterimagepolicies - PrinterColumns: [] - Scope: Cluster - ShortNames: null - TopLevelFeatureGates: - - SigstoreImageVerification - Version: v1alpha1 - clustermonitorings.config.openshift.io: Annotations: description: Cluster Monitoring Operators configuration API @@ -92,30 +68,6 @@ clustermonitorings.config.openshift.io: - ClusterMonitoringConfig Version: v1alpha1 -imagepolicies.config.openshift.io: - Annotations: {} - ApprovedPRNumber: https://github.com/openshift/api/pull/1457 - CRDName: imagepolicies.config.openshift.io - Capability: "" - Category: "" - FeatureGates: - - SigstoreImageVerification - - SigstoreImageVerificationPKI - FilenameOperatorName: config-operator - FilenameOperatorOrdering: "01" - FilenameRunLevel: "0000_10" - GroupName: config.openshift.io - HasStatus: true - KindName: ImagePolicy - Labels: {} - PluralName: imagepolicies - PrinterColumns: [] - Scope: Namespaced - ShortNames: null - TopLevelFeatureGates: - - SigstoreImageVerification - Version: v1alpha1 - insightsdatagathers.config.openshift.io: Annotations: {} ApprovedPRNumber: https://github.com/openshift/api/pull/1245 diff --git a/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.swagger_doc_generated.go index e43dc7b236..b79cbbf774 100644 --- a/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.swagger_doc_generated.go @@ -80,42 +80,19 @@ func (RetentionSizeConfig) SwaggerDoc() map[string]string { return map_RetentionSizeConfig } -var map_ClusterImagePolicy = map[string]string{ - "": "ClusterImagePolicy holds cluster-wide configuration for image signature verification\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", - "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "spec": "spec contains the configuration for the cluster image policy.", - "status": "status contains the observed state of the resource.", +var map_AdditionalAlertmanagerConfig = map[string]string{ + "": "AdditionalAlertmanagerConfig represents configuration for additional Alertmanager instances. The `AdditionalAlertmanagerConfig` resource defines settings for how a component communicates with additional Alertmanager instances.", + "name": "name is a unique identifier for this Alertmanager configuration entry. The name must be a valid DNS subdomain (RFC 1123): lowercase alphanumeric characters, hyphens, or periods, and must start and end with an alphanumeric character. Minimum length is 1 character (empty string is invalid). Maximum length is 253 characters.", + "authorization": "authorization configures the authentication method for Alertmanager connections. Supports bearer token authentication. When omitted, no authentication is used.", + "pathPrefix": "pathPrefix defines an optional URL path prefix to prepend to the Alertmanager API endpoints. For example, if your Alertmanager is behind a reverse proxy at \"/alertmanager/\", set this to \"/alertmanager\" so requests go to \"/alertmanager/api/v1/alerts\" instead of \"/api/v1/alerts\". This is commonly needed when Alertmanager is deployed behind ingress controllers or load balancers. When no prefix is needed, omit this field; do not set it to \"/\" as that would produce paths with double slashes (e.g. \"//api/v1/alerts\"). Must start with \"/\", must not end with \"/\", and must not be exactly \"/\". Must not contain query strings (\"?\") or fragments (\"#\").", + "scheme": "scheme defines the URL scheme to use when communicating with Alertmanager instances. Possible values are `HTTP` or `HTTPS`. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default value is `HTTP`.", + "staticConfigs": "staticConfigs is a list of statically configured Alertmanager endpoints in the form of `:`. Each entry must be a valid hostname, IPv4 address, or IPv6 address (in brackets) followed by a colon and a valid port number (1-65535). Examples: \"alertmanager.example.com:9093\", \"192.168.1.100:9093\", \"[::1]:9093\" At least one endpoint must be specified (minimum 1, maximum 10 endpoints). Each entry must be unique and non-empty (empty string is invalid).", + "timeoutSeconds": "timeoutSeconds defines the timeout in seconds for requests to Alertmanager. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Currently the default is 10 seconds. Minimum value is 1 second. Maximum value is 600 seconds (10 minutes).", + "tlsConfig": "tlsConfig defines the TLS settings to use for Alertmanager connections. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", } -func (ClusterImagePolicy) SwaggerDoc() map[string]string { - return map_ClusterImagePolicy -} - -var map_ClusterImagePolicyList = map[string]string{ - "": "ClusterImagePolicyList is a list of ClusterImagePolicy resources\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", - "metadata": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", -} - -func (ClusterImagePolicyList) SwaggerDoc() map[string]string { - return map_ClusterImagePolicyList -} - -var map_ClusterImagePolicySpec = map[string]string{ - "": "CLusterImagePolicySpec is the specification of the ClusterImagePolicy custom resource.", - "scopes": "scopes defines the list of image identities assigned to a policy. Each item refers to a scope in a registry implementing the \"Docker Registry HTTP API V2\". Scopes matching individual images are named Docker references in the fully expanded form, either using a tag or digest. For example, docker.io/library/busybox:latest (not busybox:latest). More general scopes are prefixes of individual-image scopes, and specify a repository (by omitting the tag or digest), a repository namespace, or a registry host (by only specifying the host name and possibly a port number) or a wildcard expression starting with `*.`, for matching all subdomains (not including a port number). Wildcards are only supported for subdomain matching, and may not be used in the middle of the host, i.e. *.example.com is a valid case, but example*.*.com is not. If multiple scopes match a given image, only the policy requirements for the most specific scope apply. The policy requirements for more general scopes are ignored. In addition to setting a policy appropriate for your own deployed applications, make sure that a policy on the OpenShift image repositories quay.io/openshift-release-dev/ocp-release, quay.io/openshift-release-dev/ocp-v4.0-art-dev (or on a more general scope) allows deployment of the OpenShift images required for cluster operation. If a scope is configured in both the ClusterImagePolicy and the ImagePolicy, or if the scope in ImagePolicy is nested under one of the scopes from the ClusterImagePolicy, only the policy from the ClusterImagePolicy will be applied. For additional details about the format, please refer to the document explaining the docker transport field, which can be found at: https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md#docker", - "policy": "policy contains configuration to allow scopes to be verified, and defines how images not matching the verification policy will be treated.", -} - -func (ClusterImagePolicySpec) SwaggerDoc() map[string]string { - return map_ClusterImagePolicySpec -} - -var map_ClusterImagePolicyStatus = map[string]string{ - "conditions": "conditions provide details on the status of this API Resource.", -} - -func (ClusterImagePolicyStatus) SwaggerDoc() map[string]string { - return map_ClusterImagePolicyStatus +func (AdditionalAlertmanagerConfig) SwaggerDoc() map[string]string { + return map_AdditionalAlertmanagerConfig } var map_AlertmanagerConfig = map[string]string{ @@ -136,7 +113,7 @@ var map_AlertmanagerCustomConfig = map[string]string{ "secrets": "secrets defines a list of secrets that need to be mounted into the Alertmanager. The secrets must reside within the same namespace as the Alertmanager object. They will be added as volumes named secret- and mounted at /etc/alertmanager/secrets/ within the 'alertmanager' container of the Alertmanager Pods.\n\nThese secrets can be used to authenticate Alertmanager with endpoint receivers. For example, you can use secrets to: - Provide certificates for TLS authentication with receivers that require private CA certificates - Store credentials for Basic HTTP authentication with receivers that require password-based auth - Store any other authentication credentials needed by your alert receivers\n\nThis field is optional. Maximum length for this list is 10. Minimum length for this list is 1. Entries in this list must be unique.", "tolerations": "tolerations defines tolerations for the pods. tolerations is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. Defaults are empty/unset. Maximum length for this list is 10. Minimum length for this list is 1.", "topologySpreadConstraints": "topologySpreadConstraints defines rules for how Alertmanager Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. Maximum length for this list is 10. Minimum length for this list is 1. Entries must have unique topologyKey and whenUnsatisfiable pairs.", - "volumeClaimTemplate": "volumeClaimTemplate Defines persistent storage for Alertmanager. Use this setting to configure the persistent volume claim, including storage class, volume size, and name. If omitted, the Pod uses ephemeral storage and alert data will not persist across restarts. This field is optional.", + "volumeClaimTemplate": "volumeClaimTemplate defines persistent storage for Alertmanager. Use this setting to configure the persistent volume claim, including storage class and volume size. If omitted, the Pod uses ephemeral storage and alert data will not persist across restarts.", } func (AlertmanagerCustomConfig) SwaggerDoc() map[string]string { @@ -152,6 +129,26 @@ func (Audit) SwaggerDoc() map[string]string { return map_Audit } +var map_AuthorizationConfig = map[string]string{ + "": "AuthorizationConfig defines the authentication method for Alertmanager connections.", + "type": "type specifies the authentication type to use. Valid value is \"BearerToken\" (bearer token authentication). When set to BearerToken, the bearerToken field must be specified.", + "bearerToken": "bearerToken defines the secret reference containing the bearer token. Required when type is \"BearerToken\", and forbidden otherwise. The secret must exist in the openshift-monitoring namespace.", +} + +func (AuthorizationConfig) SwaggerDoc() map[string]string { + return map_AuthorizationConfig +} + +var map_BasicAuth = map[string]string{ + "": "BasicAuth defines basic authentication settings for the remote write endpoint URL.", + "username": "username defines the secret reference containing the username for basic authentication. The secret must exist in the openshift-monitoring namespace.", + "password": "password defines the secret reference containing the password for basic authentication. The secret must exist in the openshift-monitoring namespace.", +} + +func (BasicAuth) SwaggerDoc() map[string]string { + return map_BasicAuth +} + var map_ClusterMonitoring = map[string]string{ "": "ClusterMonitoring is the Custom Resource object which holds the current status of Cluster Monitoring Operator. CMO is a central component of the monitoring stack.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. ClusterMonitoring is the Schema for the Cluster Monitoring Operators API", "metadata": "metadata is the standard object metadata.", @@ -177,9 +174,11 @@ var map_ClusterMonitoringSpec = map[string]string{ "": "ClusterMonitoringSpec defines the desired state of Cluster Monitoring Operator", "userDefined": "userDefined set the deployment mode for user-defined monitoring in addition to the default platform monitoring. userDefined is optional. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default value is `Disabled`.", "alertmanagerConfig": "alertmanagerConfig allows users to configure how the default Alertmanager instance should be deployed in the `openshift-monitoring` namespace. alertmanagerConfig is optional. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default value is `DefaultConfig`.", + "prometheusConfig": "prometheusConfig provides configuration options for the default platform Prometheus instance that runs in the `openshift-monitoring` namespace. This configuration applies only to the platform Prometheus instance; user-workload Prometheus instances are configured separately.\n\nThis field allows you to customize how the platform Prometheus is deployed and operated, including:\n - Pod scheduling (node selectors, tolerations, topology spread constraints)\n - Resource allocation (CPU, memory requests/limits)\n - Retention policies (how long metrics are stored)\n - External integrations (remote write, additional alertmanagers)\n\nThis field is optional. When omitted, the platform chooses reasonable defaults, which may change over time.", "metricsServerConfig": "metricsServerConfig is an optional field that can be used to configure the Kubernetes Metrics Server that runs in the openshift-monitoring namespace. Specifically, it can configure how the Metrics Server instance is deployed, pod scheduling, its audit policy and log verbosity. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", "prometheusOperatorConfig": "prometheusOperatorConfig is an optional field that can be used to configure the Prometheus Operator component. Specifically, it can configure how the Prometheus Operator instance is deployed, pod scheduling, and resource allocation. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", "prometheusOperatorAdmissionWebhookConfig": "prometheusOperatorAdmissionWebhookConfig is an optional field that can be used to configure the admission webhook component of Prometheus Operator that runs in the openshift-monitoring namespace. The admission webhook validates PrometheusRule and AlertmanagerConfig objects to ensure they are semantically valid, mutates PrometheusRule annotations, and converts AlertmanagerConfig objects between API versions. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", + "openShiftStateMetricsConfig": "openShiftStateMetricsConfig is an optional field that can be used to configure the openshift-state-metrics agent that runs in the openshift-monitoring namespace. The openshift-state-metrics agent generates metrics about the state of OpenShift-specific Kubernetes objects, such as routes, builds, and deployments. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", } func (ClusterMonitoringSpec) SwaggerDoc() map[string]string { @@ -205,6 +204,81 @@ func (ContainerResource) SwaggerDoc() map[string]string { return map_ContainerResource } +var map_DropEqualActionConfig = map[string]string{ + "": "DropEqualActionConfig configures the DropEqual action. Drops targets for which the concatenated source_labels do match the value of target_label. Requires Prometheus >= v2.41.0.", + "targetLabel": "targetLabel is the label name whose value is compared to the concatenated source_labels; targets that match are dropped. Must be between 1 and 128 characters in length.", +} + +func (DropEqualActionConfig) SwaggerDoc() map[string]string { + return map_DropEqualActionConfig +} + +var map_HashModActionConfig = map[string]string{ + "": "HashModActionConfig configures the HashMod action. target_label is set to the modulus of a hash of the concatenated source_labels (target = hash % modulus).", + "targetLabel": "targetLabel is the label name where the hash modulus result is written. Must be between 1 and 128 characters in length.", + "modulus": "modulus is the divisor applied to the hash of the concatenated source label values (target = hash % modulus). Required when using the HashMod action so the intended behavior is explicit. Must be between 1 and 1000000.", +} + +func (HashModActionConfig) SwaggerDoc() map[string]string { + return map_HashModActionConfig +} + +var map_KeepEqualActionConfig = map[string]string{ + "": "KeepEqualActionConfig configures the KeepEqual action. Drops targets for which the concatenated source_labels do not match the value of target_label. Requires Prometheus >= v2.41.0.", + "targetLabel": "targetLabel is the label name whose value is compared to the concatenated source_labels; targets that do not match are dropped. Must be between 1 and 128 characters in length.", +} + +func (KeepEqualActionConfig) SwaggerDoc() map[string]string { + return map_KeepEqualActionConfig +} + +var map_Label = map[string]string{ + "": "Label represents a key/value pair for external labels.", + "key": "key is the name of the label. Prometheus supports UTF-8 label names, so any valid UTF-8 string is allowed. Must be between 1 and 128 characters in length.", + "value": "value is the value of the label. Must be between 1 and 128 characters in length.", +} + +func (Label) SwaggerDoc() map[string]string { + return map_Label +} + +var map_LabelMapActionConfig = map[string]string{ + "": "LabelMapActionConfig configures the LabelMap action. Regex is matched against all source label names (not just source_labels). Matching label values are copied to new label names given by replacement, with match group references (${1}, ${2}, ...) substituted.", + "replacement": "replacement is the template for new label names; match group references (${1}, ${2}, ...) are substituted from the matched label name. Required when using the LabelMap action so the intended behavior is explicit and the platform does not need to apply defaults. Use \"$1\" for the first capture group, \"$2\" for the second, etc. Must be between 1 and 255 characters in length. Empty string is invalid as it would produce invalid label names.", +} + +func (LabelMapActionConfig) SwaggerDoc() map[string]string { + return map_LabelMapActionConfig +} + +var map_LowercaseActionConfig = map[string]string{ + "": "LowercaseActionConfig configures the Lowercase action. Maps the concatenated source_labels to their lower case and writes to target_label. Requires Prometheus >= v2.36.0.", + "targetLabel": "targetLabel is the label name where the lower-cased value is written. Must be between 1 and 128 characters in length.", +} + +func (LowercaseActionConfig) SwaggerDoc() map[string]string { + return map_LowercaseActionConfig +} + +var map_MetadataConfig = map[string]string{ + "": "MetadataConfig defines whether and how to send series metadata to remote write storage.", + "sendPolicy": "sendPolicy specifies whether to send metadata and how it is configured. Default: send metadata using platform-chosen defaults (e.g. send interval 30 seconds). Custom: send metadata using the settings in the custom field.", + "custom": "custom defines custom metadata send settings. Required when sendPolicy is Custom (must have at least one property), and forbidden when sendPolicy is Default.", +} + +func (MetadataConfig) SwaggerDoc() map[string]string { + return map_MetadataConfig +} + +var map_MetadataConfigCustom = map[string]string{ + "": "MetadataConfigCustom defines custom settings for sending series metadata when sendPolicy is Custom. At least one property must be set when sendPolicy is Custom (e.g. sendIntervalSeconds).", + "sendIntervalSeconds": "sendIntervalSeconds is the interval in seconds at which metadata is sent. When omitted, the platform chooses a reasonable default (e.g. 30 seconds). Minimum value is 1 second. Maximum value is 86400 seconds (24 hours).", +} + +func (MetadataConfigCustom) SwaggerDoc() map[string]string { + return map_MetadataConfigCustom +} + var map_MetricsServerConfig = map[string]string{ "": "MetricsServerConfig provides configuration options for the Metrics Server instance that runs in the `openshift-monitoring` namespace. Use this configuration to control how the Metrics Server instance is deployed, how it logs, and how its pods are scheduled.", "audit": "audit defines the audit configuration used by the Metrics Server instance. audit is optional. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default sets audit.profile to Metadata", @@ -219,6 +293,62 @@ func (MetricsServerConfig) SwaggerDoc() map[string]string { return map_MetricsServerConfig } +var map_OAuth2 = map[string]string{ + "": "OAuth2 defines OAuth2 authentication settings for the remote write endpoint.", + "clientId": "clientId defines the secret reference containing the OAuth2 client ID. The secret must exist in the openshift-monitoring namespace.", + "clientSecret": "clientSecret defines the secret reference containing the OAuth2 client secret. The secret must exist in the openshift-monitoring namespace.", + "tokenUrl": "tokenUrl is the URL to fetch the token from. Must be a valid URL with http or https scheme. Must be between 1 and 2048 characters in length.", + "scopes": "scopes is a list of OAuth2 scopes to request. When omitted, no scopes are requested. Maximum of 20 scopes can be specified. Each scope must be between 1 and 256 characters.", + "endpointParams": "endpointParams defines additional parameters to append to the token URL. When omitted, no additional parameters are sent. Maximum of 20 parameters can be specified. Entries must have unique names (name is the list key).", +} + +func (OAuth2) SwaggerDoc() map[string]string { + return map_OAuth2 +} + +var map_OAuth2EndpointParam = map[string]string{ + "": "OAuth2EndpointParam defines a name/value parameter for the OAuth2 token URL.", + "name": "name is the parameter name. Must be between 1 and 256 characters.", + "value": "value is the optional parameter value. When omitted, the query parameter is applied as ?name (no value). When set (including to the empty string), it is applied as ?name=value. Empty string may be used when the external system expects a parameter with an empty value (e.g. ?parameter=\"\"). Must be between 0 and 2048 characters when present (aligned with common URL length recommendations).", +} + +func (OAuth2EndpointParam) SwaggerDoc() map[string]string { + return map_OAuth2EndpointParam +} + +var map_OpenShiftStateMetricsConfig = map[string]string{ + "": "OpenShiftStateMetricsConfig provides configuration options for the openshift-state-metrics agent that runs in the `openshift-monitoring` namespace. The openshift-state-metrics agent generates metrics about the state of OpenShift-specific Kubernetes objects, such as routes, builds, and deployments.", + "nodeSelector": "nodeSelector defines the nodes on which the Pods are scheduled. nodeSelector is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`. When specified, nodeSelector must contain at least 1 entry and must not contain more than 10 entries.", + "resources": "resources defines the compute resource requests and limits for the openshift-state-metrics container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 1m\n limit: null\n - name: memory\n request: 32Mi\n limit: null\nMaximum length for this list is 10. Minimum length for this list is 1. Each resource name must be unique within this list.", + "tolerations": "tolerations defines tolerations for the pods. tolerations is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. Defaults are empty/unset. Maximum length for this list is 10. Minimum length for this list is 1.", + "topologySpreadConstraints": "topologySpreadConstraints defines rules for how openshift-state-metrics Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. Maximum length for this list is 10. Minimum length for this list is 1. Entries must have unique topologyKey and whenUnsatisfiable pairs.", +} + +func (OpenShiftStateMetricsConfig) SwaggerDoc() map[string]string { + return map_OpenShiftStateMetricsConfig +} + +var map_PrometheusConfig = map[string]string{ + "": "PrometheusConfig provides configuration options for the Prometheus instance. Use this configuration to control Prometheus deployment, pod scheduling, resource allocation, retention policies, and external integrations.", + "additionalAlertmanagerConfigs": "additionalAlertmanagerConfigs configures additional Alertmanager instances that receive alerts from the Prometheus component. This is useful for organizations that need to:\n - Send alerts to external monitoring systems (like PagerDuty, Slack, or custom webhooks)\n - Route different types of alerts to different teams or systems\n - Integrate with existing enterprise alerting infrastructure\n - Maintain separate alert routing for compliance or organizational requirements\nWhen omitted, no additional Alertmanager instances are configured (default behavior). When provided, at least one configuration must be specified (minimum 1, maximum 10 items). Entries must have unique names (name is the list key).", + "enforcedBodySizeLimitBytes": "enforcedBodySizeLimitBytes enforces a body size limit (in bytes) for Prometheus scraped metrics. If a scraped target's body response is larger than the limit, the scrape will fail. This helps protect Prometheus from targets that return excessively large responses. The value is specified in bytes (e.g., 4194304 for 4MB, 1073741824 for 1GB). When omitted, the Cluster Monitoring Operator automatically calculates an appropriate limit based on cluster capacity. Set an explicit value to override the automatic calculation. Minimum value is 10240 (10kB). Maximum value is 1073741824 (1GB).", + "externalLabels": "externalLabels defines labels to be attached to time series and alerts when communicating with external systems such as federation, remote storage, and Alertmanager. These labels are not stored with metrics on disk; they are only added when data leaves Prometheus (e.g., during federation queries, remote write, or alert notifications). At least 1 label must be specified when set, with a maximum of 50 labels allowed. Each label key must be unique within this list. When omitted, no external labels are applied.", + "logLevel": "logLevel defines the verbosity of logs emitted by Prometheus. This field allows users to control the amount and severity of logs generated, which can be useful for debugging issues or reducing noise in production environments. Allowed values are Error, Warn, Info, and Debug. When set to Error, only errors will be logged. When set to Warn, both warnings and errors will be logged. When set to Info, general information, warnings, and errors will all be logged. When set to Debug, detailed debugging information will be logged. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default value is `Info`.", + "nodeSelector": "nodeSelector defines the nodes on which the Pods are scheduled. nodeSelector is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`. When specified, nodeSelector must contain at least one key-value pair (minimum of 1) and must not contain more than 10 entries.", + "queryLogFile": "queryLogFile specifies the file to which PromQL queries are logged. This setting can be either a filename, in which case the queries are saved to an `emptyDir` volume at `/var/log/prometheus`, or a full path to a location where an `emptyDir` volume will be mounted and the queries saved. Writing to `/dev/stderr`, `/dev/stdout` or `/dev/null` is supported, but writing to any other `/dev/` path is not supported. Relative paths are also not supported. By default, PromQL queries are not logged. Must be an absolute path starting with `/` or a simple filename without path separators. Must not contain consecutive slashes, end with a slash, or include '..' path traversal. Must contain only alphanumeric characters, '.', '_', '-', or '/'. Must be between 1 and 255 characters in length.", + "remoteWrite": "remoteWrite defines the remote write configuration, including URL, authentication, and relabeling settings. Remote write allows Prometheus to send metrics it collects to external long-term storage systems. When omitted, no remote write endpoints are configured. When provided, at least one configuration must be specified (minimum 1, maximum 10 items). Entries must have unique names (name is the list key).", + "resources": "resources defines the compute resource requests and limits for the Prometheus container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. Each entry must have a unique resource name. Minimum of 1 and maximum of 10 resource entries can be specified. The current default values are:\n resources:\n - name: cpu\n request: 4m\n - name: memory\n request: 40Mi", + "retention": "retention configures how long Prometheus retains metrics data and how much storage it can use. When omitted, the platform chooses reasonable defaults (currently 15 days retention, no size limit).", + "tolerations": "tolerations defines tolerations for the pods. tolerations is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. Defaults are empty/unset. Maximum length for this list is 10 Minimum length for this list is 1", + "topologySpreadConstraints": "topologySpreadConstraints defines rules for how Prometheus Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. Maximum length for this list is 10. Minimum length for this list is 1 Entries must have unique topologyKey and whenUnsatisfiable pairs.", + "collectionProfile": "collectionProfile defines the metrics collection profile that Prometheus uses to collect metrics from the platform components. Supported values are `Full` or `Minimal`. In the `Full` profile (default), Prometheus collects all metrics that are exposed by the platform components. In the `Minimal` profile, Prometheus only collects metrics necessary for the default platform alerts, recording rules, telemetry and console dashboards. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is `Full`.", + "volumeClaimTemplate": "volumeClaimTemplate defines persistent storage for Prometheus. Use this setting to configure the persistent volume claim, including storage class and volume size. If omitted, the Pod uses ephemeral storage and Prometheus data will not persist across restarts.", +} + +func (PrometheusConfig) SwaggerDoc() map[string]string { + return map_PrometheusConfig +} + var map_PrometheusOperatorAdmissionWebhookConfig = map[string]string{ "": "PrometheusOperatorAdmissionWebhookConfig provides configuration options for the admission webhook component of Prometheus Operator that runs in the `openshift-monitoring` namespace. The admission webhook validates PrometheusRule and AlertmanagerConfig objects, mutates PrometheusRule annotations, and converts AlertmanagerConfig objects between API versions.", "resources": "resources defines the compute resource requests and limits for the prometheus-operator-admission-webhook container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 5m\n limit: null\n - name: memory\n request: 30Mi\n limit: null\nMaximum length for this list is 10. Minimum length for this list is 1. Each resource name must be unique within this list.", @@ -242,191 +372,204 @@ func (PrometheusOperatorConfig) SwaggerDoc() map[string]string { return map_PrometheusOperatorConfig } -var map_UserDefinedMonitoring = map[string]string{ - "": "UserDefinedMonitoring config for user-defined projects.", - "mode": "mode defines the different configurations of UserDefinedMonitoring Valid values are Disabled and NamespaceIsolated Disabled disables monitoring for user-defined projects. This restricts the default monitoring stack, installed in the openshift-monitoring project, to monitor only platform namespaces, which prevents any custom monitoring configurations or resources from being applied to user-defined namespaces. NamespaceIsolated enables monitoring for user-defined projects with namespace-scoped tenancy. This ensures that metrics, alerts, and monitoring data are isolated at the namespace level. The current default value is `Disabled`.", -} - -func (UserDefinedMonitoring) SwaggerDoc() map[string]string { - return map_UserDefinedMonitoring -} - -var map_CRIOCredentialProviderConfig = map[string]string{ - "": "CRIOCredentialProviderConfig holds cluster-wide singleton resource configurations for CRI-O credential provider, the name of this instance is \"cluster\". CRI-O credential provider is a binary shipped with CRI-O that provides a way to obtain container image pull credentials from external sources. For example, it can be used to fetch mirror registry credentials from secrets resources in the cluster within the same namespace the pod will be running in. CRIOCredentialProviderConfig configuration specifies the pod image sources registries that should trigger the CRI-O credential provider execution, which will resolve the CRI-O mirror configurations and obtain the necessary credentials for pod creation. Note: Configuration changes will only take effect after the kubelet restarts, which is automatically managed by the cluster during rollout.\n\nThe resource is a singleton named \"cluster\".\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", - "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "spec": "spec defines the desired configuration of the CRI-O Credential Provider. This field is required and must be provided when creating the resource.", - "status": "status represents the current state of the CRIOCredentialProviderConfig. When omitted or nil, it indicates that the status has not yet been set by the controller. The controller will populate this field with validation conditions and operational state.", -} - -func (CRIOCredentialProviderConfig) SwaggerDoc() map[string]string { - return map_CRIOCredentialProviderConfig +var map_PrometheusRemoteWriteHeader = map[string]string{ + "": "PrometheusRemoteWriteHeader defines a custom HTTP header for remote write requests. The header name must not be one of the reserved headers set by Prometheus (Host, Authorization, Content-Encoding, Content-Type, X-Prometheus-Remote-Write-Version, User-Agent, Connection, Keep-Alive, Proxy-Authenticate, Proxy-Authorization, WWW-Authenticate). Header names must contain only case-insensitive alphanumeric characters, hyphens (-), and underscores (_); other characters (e.g. emoji) are rejected by validation. Validation is enforced on the Headers field in RemoteWriteSpec.", + "name": "name is the HTTP header name. Must not be a reserved header (see type documentation). Must contain only alphanumeric characters, hyphens, and underscores; invalid characters are rejected. Must be between 1 and 256 characters.", + "value": "value is the HTTP header value. Must be at most 4096 characters.", } -var map_CRIOCredentialProviderConfigList = map[string]string{ - "": "CRIOCredentialProviderConfigList contains a list of CRIOCredentialProviderConfig resources\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", - "metadata": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", +func (PrometheusRemoteWriteHeader) SwaggerDoc() map[string]string { + return map_PrometheusRemoteWriteHeader } -func (CRIOCredentialProviderConfigList) SwaggerDoc() map[string]string { - return map_CRIOCredentialProviderConfigList +var map_QueueConfig = map[string]string{ + "": "QueueConfig allows tuning configuration for remote write queue parameters. Configure this when you need to control throughput, backpressure, or retry behavior—for example to avoid overloading the remote endpoint, to reduce memory usage, or to tune for high-cardinality workloads. Consider capacity, maxShards, and batchSendDeadlineSeconds for throughput; minBackoffMilliseconds and maxBackoffMilliseconds for retries; and rateLimitedAction when the remote returns HTTP 429.", + "capacity": "capacity is the number of samples to buffer per shard before we start dropping them. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is 10000. Minimum value is 1. Maximum value is 1000000.", + "maxShards": "maxShards is the maximum number of shards, i.e. amount of concurrency. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is 200. Minimum value is 1. Maximum value is 10000.", + "minShards": "minShards is the minimum number of shards, i.e. amount of concurrency. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is 1. Minimum value is 1. Maximum value is 10000.", + "maxSamplesPerSend": "maxSamplesPerSend is the maximum number of samples per send. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is 1000. Minimum value is 1. Maximum value is 100000.", + "batchSendDeadlineSeconds": "batchSendDeadlineSeconds is the maximum time in seconds a sample will wait in buffer before being sent. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Minimum value is 1 second. Maximum value is 3600 seconds (1 hour).", + "minBackoffMilliseconds": "minBackoffMilliseconds is the minimum retry delay in milliseconds. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Minimum value is 1 millisecond. Maximum value is 3600000 milliseconds (1 hour).", + "maxBackoffMilliseconds": "maxBackoffMilliseconds is the maximum retry delay in milliseconds. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Minimum value is 1 millisecond. Maximum value is 3600000 milliseconds (1 hour).", + "rateLimitedAction": "rateLimitedAction controls what to do when the remote write endpoint returns HTTP 429 (Too Many Requests). When omitted, no retries are performed on rate limit responses. When set to \"Retry\", Prometheus will retry such requests using the backoff settings above. Valid value when set is \"Retry\".", } -var map_CRIOCredentialProviderConfigSpec = map[string]string{ - "": "CRIOCredentialProviderConfigSpec defines the desired configuration of the CRI-O Credential Provider.", - "matchImages": "matchImages is a list of string patterns used to determine whether the CRI-O credential provider should be invoked for a given image. This list is passed to the kubelet CredentialProviderConfig, and if any pattern matches the requested image, CRI-O credential provider will be invoked to obtain credentials for pulling that image or its mirrors. Depending on the platform, the CRI-O credential provider may be installed alongside an existing platform specific provider. Conflicts between the existing platform specific provider image match configuration and this list will be handled by the following precedence rule: credentials from built-in kubelet providers (e.g., ECR, GCR, ACR) take precedence over those from the CRIOCredentialProviderConfig when both match the same image. To avoid uncertainty, it is recommended to avoid configuring your private image patterns to overlap with existing platform specific provider config(e.g., the entries from https://github.com/openshift/machine-config-operator/blob/main/templates/common/aws/files/etc-kubernetes-credential-providers-ecr-credential-provider.yaml). You can check the resource's Status conditions to see if any entries were ignored due to exact matches with known built-in provider patterns.\n\nThis field is optional, the items of the list must contain between 1 and 50 entries. The list is treated as a set, so duplicate entries are not allowed.\n\nFor more details, see: https://kubernetes.io/docs/tasks/administer-cluster/kubelet-credential-provider/ https://github.com/cri-o/crio-credential-provider#architecture\n\nEach entry in matchImages is a pattern which can optionally contain a port and a path. Each entry must be no longer than 512 characters. Wildcards ('*') are supported for full subdomain labels, such as '*.k8s.io' or 'k8s.*.io', and for top-level domains, such as 'k8s.*' (which matches 'k8s.io' or 'k8s.net'). A global wildcard '*' (matching any domain) is not allowed. Wildcards may replace an entire hostname label (e.g., *.example.com), but they cannot appear within a label (e.g., f*oo.example.com) and are not allowed in the port or path. For example, 'example.*.com' is valid, but 'exa*mple.*.com' is not. Each wildcard matches only a single domain label, so '*.io' does **not** match '*.k8s.io'.\n\nA match exists between an image and a matchImage when all of the below are true: Both contain the same number of domain parts and each part matches. The URL path of an matchImages must be a prefix of the target image URL path. If the matchImages contains a port, then the port must match in the image as well.\n\nExample values of matchImages: - 123456789.dkr.ecr.us-east-1.amazonaws.com - *.azurecr.io - gcr.io - *.*.registry.io - registry.io:8080/path", -} - -func (CRIOCredentialProviderConfigSpec) SwaggerDoc() map[string]string { - return map_CRIOCredentialProviderConfigSpec +func (QueueConfig) SwaggerDoc() map[string]string { + return map_QueueConfig } -var map_CRIOCredentialProviderConfigStatus = map[string]string{ - "": "CRIOCredentialProviderConfigStatus defines the observed state of CRIOCredentialProviderConfig", - "conditions": "conditions represent the latest available observations of the configuration state. When omitted, it indicates that no conditions have been reported yet. The maximum number of conditions is 16. Conditions are stored as a map keyed by condition type, ensuring uniqueness.\n\nExpected condition types include: \"Validated\": indicates whether the matchImages configuration is valid", +var map_RelabelActionConfig = map[string]string{ + "": "RelabelActionConfig represents the action to perform and its configuration. Exactly one action-specific configuration must be specified based on the action type.", + "type": "type specifies the action to perform on the matched labels. Allowed values are Replace, Lowercase, Uppercase, Keep, Drop, KeepEqual, DropEqual, HashMod, LabelMap, LabelDrop, LabelKeep.\n\nWhen set to Replace, regex is matched against the concatenated source_labels; target_label is set to replacement with match group references (${1}, ${2}, ...) substituted. If regex does not match, no replacement takes place.\n\nWhen set to Lowercase, the concatenated source_labels are mapped to their lower case. Requires Prometheus >= v2.36.0.\n\nWhen set to Uppercase, the concatenated source_labels are mapped to their upper case. Requires Prometheus >= v2.36.0.\n\nWhen set to Keep, targets for which regex does not match the concatenated source_labels are dropped.\n\nWhen set to Drop, targets for which regex matches the concatenated source_labels are dropped.\n\nWhen set to KeepEqual, targets for which the concatenated source_labels do not match target_label are dropped. Requires Prometheus >= v2.41.0.\n\nWhen set to DropEqual, targets for which the concatenated source_labels do match target_label are dropped. Requires Prometheus >= v2.41.0.\n\nWhen set to HashMod, target_label is set to the modulus of a hash of the concatenated source_labels.\n\nWhen set to LabelMap, regex is matched against all source label names (not just source_labels); matching label values are copied to new names given by replacement with ${1}, ${2}, ... substituted.\n\nWhen set to LabelDrop, regex is matched against all label names; any label that matches is removed.\n\nWhen set to LabelKeep, regex is matched against all label names; any label that does not match is removed.", + "replace": "replace configures the Replace action. Required when type is Replace, and forbidden otherwise.", + "hashMod": "hashMod configures the HashMod action. Required when type is HashMod, and forbidden otherwise.", + "labelMap": "labelMap configures the LabelMap action. Required when type is LabelMap, and forbidden otherwise.", + "lowercase": "lowercase configures the Lowercase action. Required when type is Lowercase, and forbidden otherwise. Requires Prometheus >= v2.36.0.", + "uppercase": "uppercase configures the Uppercase action. Required when type is Uppercase, and forbidden otherwise. Requires Prometheus >= v2.36.0.", + "keepEqual": "keepEqual configures the KeepEqual action. Required when type is KeepEqual, and forbidden otherwise. Requires Prometheus >= v2.41.0.", + "dropEqual": "dropEqual configures the DropEqual action. Required when type is DropEqual, and forbidden otherwise. Requires Prometheus >= v2.41.0.", } -func (CRIOCredentialProviderConfigStatus) SwaggerDoc() map[string]string { - return map_CRIOCredentialProviderConfigStatus +func (RelabelActionConfig) SwaggerDoc() map[string]string { + return map_RelabelActionConfig } -var map_ImagePolicy = map[string]string{ - "": "ImagePolicy holds namespace-wide configuration for image signature verification\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", - "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "spec": "spec holds user settable values for configuration", - "status": "status contains the observed state of the resource.", +var map_RelabelConfig = map[string]string{ + "": "RelabelConfig represents a relabeling rule.", + "name": "name is a unique identifier for this relabel configuration. Must contain only alphanumeric characters, hyphens, and underscores. Must be between 1 and 63 characters in length.", + "sourceLabels": "sourceLabels specifies which label names to extract from each series for this relabeling rule. The values of these labels are joined together using the configured separator, and the resulting string is then matched against the regular expression. If a referenced label does not exist on a series, Prometheus substitutes an empty string. When omitted, the rule operates without extracting source labels (useful for actions like labelmap). Minimum of 1 and maximum of 10 source labels can be specified, each between 1 and 128 characters. Each entry must be unique. Label names beginning with \"__\" (two underscores) are reserved for internal Prometheus use and are not allowed. Label names SHOULD start with a letter (a-z, A-Z) or underscore (_), followed by zero or more letters, digits (0-9), or underscores for best compatibility. While Prometheus supports UTF-8 characters in label names (since v3.0.0), using the recommended character set ensures better compatibility with the wider ecosystem (tooling, third-party instrumentation, etc.).", + "separator": "separator is the character sequence used to join source label values. Common examples: \";\", \",\", \"::\", \"|||\". When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is \";\". Must be between 1 and 5 characters in length when specified.", + "regex": "regex is the regular expression to match against the concatenated source label values. Must be a valid RE2 regular expression (https://github.com/google/re2/wiki/Syntax). When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is \"(.*)\" to match everything. Must be between 1 and 1000 characters in length when specified.", + "action": "action defines the action to perform on the matched labels and its configuration. Exactly one action-specific configuration must be specified based on the action type.", } -func (ImagePolicy) SwaggerDoc() map[string]string { - return map_ImagePolicy +func (RelabelConfig) SwaggerDoc() map[string]string { + return map_RelabelConfig } -var map_ImagePolicyFulcioCAWithRekorRootOfTrust = map[string]string{ - "": "ImagePolicyFulcioCAWithRekorRootOfTrust defines the root of trust based on the Fulcio certificate and the Rekor public key.", - "fulcioCAData": "fulcioCAData contains inline base64-encoded data for the PEM format fulcio CA. fulcioCAData must be at most 8192 characters.", - "rekorKeyData": "rekorKeyData contains inline base64-encoded data for the PEM format from the Rekor public key. rekorKeyData must be at most 8192 characters.", - "fulcioSubject": "fulcioSubject specifies OIDC issuer and the email of the Fulcio authentication configuration.", +var map_RemoteWriteAuthorization = map[string]string{ + "": "RemoteWriteAuthorization defines the authorization method for a remote write endpoint. Exactly one of the nested configs must be set according to the type discriminator.", + "type": "type specifies the authorization method to use. Allowed values are BearerToken, BasicAuth, OAuth2, SigV4, SafeAuthorization, ServiceAccount.\n\nWhen set to BearerToken, the bearer token is read from a Secret referenced by the bearerToken field.\n\nWhen set to BasicAuth, HTTP basic authentication is used; the basicAuth field (username and password from Secrets) must be set.\n\nWhen set to OAuth2, OAuth2 client credentials flow is used; the oauth2 field (clientId, clientSecret, tokenUrl) must be set.\n\nWhen set to SigV4, AWS Signature Version 4 is used for authentication; the sigv4 field must be set.\n\nWhen set to SafeAuthorization, credentials are read from a single Secret key (Prometheus SafeAuthorization pattern). The secret key typically contains a Bearer token. Use the safeAuthorization field.\n\nWhen set to ServiceAccount, the pod's service account token is used for machine identity. No additional field is required; the operator configures the token path.", + "safeAuthorization": "safeAuthorization defines the secret reference containing the credentials for authentication (e.g. Bearer token). Required when type is \"SafeAuthorization\", and forbidden otherwise. Maps to Prometheus SafeAuthorization. The secret must exist in the openshift-monitoring namespace.", + "bearerToken": "bearerToken defines the secret reference containing the bearer token. Required when type is \"BearerToken\", and forbidden otherwise.", + "basicAuth": "basicAuth defines HTTP basic authentication credentials. Required when type is \"BasicAuth\", and forbidden otherwise.", + "oauth2": "oauth2 defines OAuth2 client credentials authentication. Required when type is \"OAuth2\", and forbidden otherwise.", + "sigv4": "sigv4 defines AWS Signature Version 4 authentication. Required when type is \"SigV4\", and forbidden otherwise.", } -func (ImagePolicyFulcioCAWithRekorRootOfTrust) SwaggerDoc() map[string]string { - return map_ImagePolicyFulcioCAWithRekorRootOfTrust +func (RemoteWriteAuthorization) SwaggerDoc() map[string]string { + return map_RemoteWriteAuthorization } -var map_ImagePolicyList = map[string]string{ - "": "ImagePolicyList is a list of ImagePolicy resources\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", - "metadata": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", +var map_RemoteWriteSpec = map[string]string{ + "": "RemoteWriteSpec represents configuration for remote write endpoints.", + "url": "url is the URL of the remote write endpoint. Must be a valid URL with http or https scheme and a non-empty hostname. Query parameters, fragments, and user information (e.g. user:password@host) are not allowed. Empty string is invalid. Must be between 1 and 2048 characters in length.", + "name": "name is a required identifier for this remote write configuration (name is the list key for the remoteWrite list). This name is used in metrics and logging to differentiate remote write queues. Must contain only alphanumeric characters, hyphens, and underscores. Must be between 1 and 63 characters in length.", + "authorization": "authorization defines the authorization method for the remote write endpoint. When omitted, no authorization is performed. When set, type must be one of BearerToken, BasicAuth, OAuth2, SigV4, SafeAuthorization, or ServiceAccount; the corresponding nested config must be set (ServiceAccount has no config).", + "headers": "headers specifies the custom HTTP headers to be sent along with each remote write request. Sending custom headers makes the configuration of a proxy in between optional and helps the receiver recognize the given source better. Clients MAY allow users to send custom HTTP headers; they MUST NOT allow users to configure them in such a way as to send reserved headers. Headers set by Prometheus cannot be overwritten. When omitted, no custom headers are sent. Maximum of 50 headers can be specified. Each header name must be unique. Each header name must contain only alphanumeric characters, hyphens, and underscores, and must not be a reserved Prometheus header (Host, Authorization, Content-Encoding, Content-Type, X-Prometheus-Remote-Write-Version, User-Agent, Connection, Keep-Alive, Proxy-Authenticate, Proxy-Authorization, WWW-Authenticate).", + "metadataConfig": "metadataConfig configures the sending of series metadata to remote storage. When omitted, no metadata is sent. When set to sendPolicy: Default, metadata is sent using platform-chosen defaults (e.g. send interval 30 seconds). When set to sendPolicy: Custom, metadata is sent using the settings in the custom field (e.g. custom.sendIntervalSeconds).", + "proxyUrl": "proxyUrl defines an optional proxy URL. If the cluster-wide proxy is enabled, it replaces the proxyUrl setting. The cluster-wide proxy supports both HTTP and HTTPS proxies, with HTTPS taking precedence. When omitted, no proxy is used. Must be a valid URL with http or https scheme. Must be between 1 and 2048 characters in length.", + "queueConfig": "queueConfig allows tuning configuration for remote write queue parameters. When omitted, default queue configuration is used.", + "remoteTimeoutSeconds": "remoteTimeoutSeconds defines the timeout in seconds for requests to the remote write endpoint. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Minimum value is 1 second. Maximum value is 600 seconds (10 minutes).", + "exemplarsMode": "exemplarsMode controls whether exemplars are sent via remote write. Valid values are \"Send\", \"DoNotSend\" and omitted. When set to \"Send\", Prometheus is configured to store a maximum of 100,000 exemplars in memory and send them with remote write. Note that this setting only applies to user-defined monitoring. It is not applicable to default in-cluster monitoring. When omitted or set to \"DoNotSend\", exemplars are not sent.", + "tlsConfig": "tlsConfig defines TLS authentication settings for the remote write endpoint. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", + "writeRelabelConfigs": "writeRelabelConfigs is a list of relabeling rules to apply before sending data to the remote endpoint. When omitted, no relabeling is performed and all metrics are sent as-is. Minimum of 1 and maximum of 10 relabeling rules can be specified. Each rule must have a unique name.", } -func (ImagePolicyList) SwaggerDoc() map[string]string { - return map_ImagePolicyList +func (RemoteWriteSpec) SwaggerDoc() map[string]string { + return map_RemoteWriteSpec } -var map_ImagePolicyPKIRootOfTrust = map[string]string{ - "": "ImagePolicyPKIRootOfTrust defines the root of trust based on Root CA(s) and corresponding intermediate certificates.", - "caRootsData": "caRootsData contains base64-encoded data of a certificate bundle PEM file, which contains one or more CA roots in the PEM format. The total length of the data must not exceed 8192 characters. ", - "caIntermediatesData": "caIntermediatesData contains base64-encoded data of a certificate bundle PEM file, which contains one or more intermediate certificates in the PEM format. The total length of the data must not exceed 8192 characters. caIntermediatesData requires caRootsData to be set. ", - "pkiCertificateSubject": "pkiCertificateSubject defines the requirements imposed on the subject to which the certificate was issued.", +var map_ReplaceActionConfig = map[string]string{ + "": "ReplaceActionConfig configures the Replace action. Regex is matched against the concatenated source_labels; target_label is set to replacement with match group references (${1}, ${2}, ...) substituted. No replacement if regex does not match.", + "targetLabel": "targetLabel is the label name where the replacement result is written. Must be between 1 and 128 characters in length.", + "replacement": "replacement is the value written to target_label when regex matches; match group references (${1}, ${2}, ...) are substituted. Required when using the Replace action so the intended behavior is explicit and the platform does not need to apply defaults. Use \"$1\" for the first capture group, \"$2\" for the second, etc. Use an empty string (\"\") to explicitly clear the target label value. Must be between 0 and 255 characters in length.", } -func (ImagePolicyPKIRootOfTrust) SwaggerDoc() map[string]string { - return map_ImagePolicyPKIRootOfTrust +func (ReplaceActionConfig) SwaggerDoc() map[string]string { + return map_ReplaceActionConfig } -var map_ImagePolicyPublicKeyRootOfTrust = map[string]string{ - "": "ImagePolicyPublicKeyRootOfTrust defines the root of trust based on a sigstore public key.", - "keyData": "keyData contains inline base64-encoded data for the PEM format public key. KeyData must be at most 8192 characters.", - "rekorKeyData": "rekorKeyData contains inline base64-encoded data for the PEM format from the Rekor public key. rekorKeyData must be at most 8192 characters.", +var map_Retention = map[string]string{ + "": "Retention configures how long Prometheus retains metrics data and how much storage it can use.", + "durationInDays": "durationInDays specifies how many days Prometheus will retain metrics data. Prometheus automatically deletes data older than this duration. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is 15. Minimum value is 1 day. Maximum value is 365 days (1 year).", + "sizeInGiB": "sizeInGiB specifies the maximum storage size in gibibytes (GiB) that Prometheus can use for data blocks and the write-ahead log (WAL). When the limit is reached, Prometheus will delete oldest data first. When omitted, no size limit is enforced and Prometheus uses available PersistentVolume capacity. Minimum value is 1 GiB. Maximum value is 16384 GiB (16 TiB).", } -func (ImagePolicyPublicKeyRootOfTrust) SwaggerDoc() map[string]string { - return map_ImagePolicyPublicKeyRootOfTrust +func (Retention) SwaggerDoc() map[string]string { + return map_Retention } -var map_ImagePolicySpec = map[string]string{ - "": "ImagePolicySpec is the specification of the ImagePolicy CRD.", - "scopes": "scopes defines the list of image identities assigned to a policy. Each item refers to a scope in a registry implementing the \"Docker Registry HTTP API V2\". Scopes matching individual images are named Docker references in the fully expanded form, either using a tag or digest. For example, docker.io/library/busybox:latest (not busybox:latest). More general scopes are prefixes of individual-image scopes, and specify a repository (by omitting the tag or digest), a repository namespace, or a registry host (by only specifying the host name and possibly a port number) or a wildcard expression starting with `*.`, for matching all subdomains (not including a port number). Wildcards are only supported for subdomain matching, and may not be used in the middle of the host, i.e. *.example.com is a valid case, but example*.*.com is not. If multiple scopes match a given image, only the policy requirements for the most specific scope apply. The policy requirements for more general scopes are ignored. In addition to setting a policy appropriate for your own deployed applications, make sure that a policy on the OpenShift image repositories quay.io/openshift-release-dev/ocp-release, quay.io/openshift-release-dev/ocp-v4.0-art-dev (or on a more general scope) allows deployment of the OpenShift images required for cluster operation. If a scope is configured in both the ClusterImagePolicy and the ImagePolicy, or if the scope in ImagePolicy is nested under one of the scopes from the ClusterImagePolicy, only the policy from the ClusterImagePolicy will be applied. For additional details about the format, please refer to the document explaining the docker transport field, which can be found at: https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md#docker", - "policy": "policy contains configuration to allow scopes to be verified, and defines how images not matching the verification policy will be treated.", +var map_SecretKeySelector = map[string]string{ + "": "SecretKeySelector selects a key of a Secret in the `openshift-monitoring` namespace.", + "name": "name is the name of the secret in the `openshift-monitoring` namespace to select from. Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). Must be between 1 and 253 characters in length.", + "key": "key is the key of the secret to select from. Must consist of alphanumeric characters, '-', '_', or '.'. Must be between 1 and 253 characters in length.", } -func (ImagePolicySpec) SwaggerDoc() map[string]string { - return map_ImagePolicySpec +func (SecretKeySelector) SwaggerDoc() map[string]string { + return map_SecretKeySelector } -var map_ImagePolicyStatus = map[string]string{ - "conditions": "conditions provide details on the status of this API Resource.", +var map_Sigv4 = map[string]string{ + "": "Sigv4 defines AWS Signature Version 4 authentication settings. At least one of region, accessKey/secretKey, profile, or roleArn must be set so the platform can perform authentication.", + "region": "region is the AWS region. When omitted, the region is derived from the environment or instance metadata. Must be between 1 and 128 characters.", + "accessKey": "accessKey defines the secret reference containing the AWS access key ID. The secret must exist in the openshift-monitoring namespace. When omitted, the access key is derived from the environment or instance metadata.", + "secretKey": "secretKey defines the secret reference containing the AWS secret access key. The secret must exist in the openshift-monitoring namespace. When omitted, the secret key is derived from the environment or instance metadata.", + "profile": "profile is the named AWS profile used to authenticate. When omitted, the default profile is used. Must be between 1 and 128 characters.", + "roleArn": "roleArn is the AWS Role ARN, an alternative to using AWS API keys. When omitted, API keys are used for authentication. Must be a valid AWS ARN format (e.g., \"arn:aws:iam::123456789012:role/MyRole\"). Must be between 1 and 512 characters.", } -func (ImagePolicyStatus) SwaggerDoc() map[string]string { - return map_ImagePolicyStatus +func (Sigv4) SwaggerDoc() map[string]string { + return map_Sigv4 } -var map_ImageSigstoreVerificationPolicy = map[string]string{ - "": "ImageSigstoreVerificationPolicy defines the verification policy for the items in the scopes list.", - "rootOfTrust": "rootOfTrust specifies the root of trust for the policy.", - "signedIdentity": "signedIdentity specifies what image identity the signature claims about the image. The required matchPolicy field specifies the approach used in the verification process to verify the identity in the signature and the actual image identity, the default matchPolicy is \"MatchRepoDigestOrExact\".", +var map_TLSConfig = map[string]string{ + "": "TLSConfig represents TLS configuration for Alertmanager connections. At least one TLS configuration option must be specified. For mutual TLS (mTLS), both cert and key must be specified together, or both omitted.", + "ca": "ca is an optional CA certificate to use for TLS connections. When omitted, the system's default CA bundle is used.", + "cert": "cert is an optional client certificate to use for mutual TLS connections. When omitted, no client certificate is presented.", + "key": "key is an optional client key to use for mutual TLS connections. When omitted, no client key is used.", + "serverName": "serverName is an optional server name to use for TLS connections. When specified, must be a valid DNS subdomain as per RFC 1123. When omitted, the server name is derived from the URL. Must be between 1 and 253 characters in length.", + "certificateVerification": "certificateVerification determines the policy for TLS certificate verification. Allowed values are \"Verify\" (performs certificate verification, secure) and \"SkipVerify\" (skips verification, insecure). When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is \"Verify\".", } -func (ImageSigstoreVerificationPolicy) SwaggerDoc() map[string]string { - return map_ImageSigstoreVerificationPolicy +func (TLSConfig) SwaggerDoc() map[string]string { + return map_TLSConfig } -var map_PKICertificateSubject = map[string]string{ - "": "PKICertificateSubject defines the requirements imposed on the subject to which the certificate was issued.", - "email": "email specifies the expected email address imposed on the subject to which the certificate was issued, and must match the email address listed in the Subject Alternative Name (SAN) field of the certificate. The email should be a valid email address and at most 320 characters in length.", - "hostname": "hostname specifies the expected hostname imposed on the subject to which the certificate was issued, and it must match the hostname listed in the Subject Alternative Name (SAN) DNS field of the certificate. The hostname should be a valid dns 1123 subdomain name, optionally prefixed by '*.', and at most 253 characters in length. It should consist only of lowercase alphanumeric characters, hyphens, periods and the optional preceding asterisk.", +var map_UppercaseActionConfig = map[string]string{ + "": "UppercaseActionConfig configures the Uppercase action. Maps the concatenated source_labels to their upper case and writes to target_label. Requires Prometheus >= v2.36.0.", + "targetLabel": "targetLabel is the label name where the upper-cased value is written. Must be between 1 and 128 characters in length.", } -func (PKICertificateSubject) SwaggerDoc() map[string]string { - return map_PKICertificateSubject +func (UppercaseActionConfig) SwaggerDoc() map[string]string { + return map_UppercaseActionConfig } -var map_PolicyFulcioSubject = map[string]string{ - "": "PolicyFulcioSubject defines the OIDC issuer and the email of the Fulcio authentication configuration.", - "oidcIssuer": "oidcIssuer contains the expected OIDC issuer. It will be verified that the Fulcio-issued certificate contains a (Fulcio-defined) certificate extension pointing at this OIDC issuer URL. When Fulcio issues certificates, it includes a value based on an URL inside the client-provided ID token. Example: \"https://expected.OIDC.issuer/\"", - "signedEmail": "signedEmail holds the email address the the Fulcio certificate is issued for. Example: \"expected-signing-user@example.com\"", +var map_UserDefinedMonitoring = map[string]string{ + "": "UserDefinedMonitoring config for user-defined projects.", + "mode": "mode defines the different configurations of UserDefinedMonitoring Valid values are Disabled and NamespaceIsolated Disabled disables monitoring for user-defined projects. This restricts the default monitoring stack, installed in the openshift-monitoring project, to monitor only platform namespaces, which prevents any custom monitoring configurations or resources from being applied to user-defined namespaces. NamespaceIsolated enables monitoring for user-defined projects with namespace-scoped tenancy. This ensures that metrics, alerts, and monitoring data are isolated at the namespace level. The current default value is `Disabled`.", } -func (PolicyFulcioSubject) SwaggerDoc() map[string]string { - return map_PolicyFulcioSubject +func (UserDefinedMonitoring) SwaggerDoc() map[string]string { + return map_UserDefinedMonitoring } -var map_PolicyIdentity = map[string]string{ - "": "PolicyIdentity defines image identity the signature claims about the image. When omitted, the default matchPolicy is \"MatchRepoDigestOrExact\".", - "matchPolicy": "matchPolicy sets the type of matching to be used. Valid values are \"MatchRepoDigestOrExact\", \"MatchRepository\", \"ExactRepository\", \"RemapIdentity\". When omitted, the default value is \"MatchRepoDigestOrExact\". If set matchPolicy to ExactRepository, then the exactRepository must be specified. If set matchPolicy to RemapIdentity, then the remapIdentity must be specified. \"MatchRepoDigestOrExact\" means that the identity in the signature must be in the same repository as the image identity if the image identity is referenced by a digest. Otherwise, the identity in the signature must be the same as the image identity. \"MatchRepository\" means that the identity in the signature must be in the same repository as the image identity. \"ExactRepository\" means that the identity in the signature must be in the same repository as a specific identity specified by \"repository\". \"RemapIdentity\" means that the signature must be in the same as the remapped image identity. Remapped image identity is obtained by replacing the \"prefix\" with the specified “signedPrefix” if the the image identity matches the specified remapPrefix.", - "exactRepository": "exactRepository is required if matchPolicy is set to \"ExactRepository\".", - "remapIdentity": "remapIdentity is required if matchPolicy is set to \"RemapIdentity\".", +var map_CRIOCredentialProviderConfig = map[string]string{ + "": "CRIOCredentialProviderConfig holds cluster-wide singleton resource configurations for CRI-O credential provider, the name of this instance is \"cluster\". CRI-O credential provider is a binary shipped with CRI-O that provides a way to obtain container image pull credentials from external sources. For example, it can be used to fetch mirror registry credentials from secrets resources in the cluster within the same namespace the pod will be running in. CRIOCredentialProviderConfig configuration specifies the pod image sources registries that should trigger the CRI-O credential provider execution, which will resolve the CRI-O mirror configurations and obtain the necessary credentials for pod creation. Note: Configuration changes will only take effect after the kubelet restarts, which is automatically managed by the cluster during rollout.\n\nThe resource is a singleton named \"cluster\".\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "spec": "spec defines the desired configuration of the CRI-O Credential Provider. This field is required and must be provided when creating the resource.", + "status": "status represents the current state of the CRIOCredentialProviderConfig. When omitted or nil, it indicates that the status has not yet been set by the controller. The controller will populate this field with validation conditions and operational state.", } -func (PolicyIdentity) SwaggerDoc() map[string]string { - return map_PolicyIdentity +func (CRIOCredentialProviderConfig) SwaggerDoc() map[string]string { + return map_CRIOCredentialProviderConfig } -var map_PolicyMatchExactRepository = map[string]string{ - "repository": "repository is the reference of the image identity to be matched. The value should be a repository name (by omitting the tag or digest) in a registry implementing the \"Docker Registry HTTP API V2\". For example, docker.io/library/busybox", +var map_CRIOCredentialProviderConfigList = map[string]string{ + "": "CRIOCredentialProviderConfigList contains a list of CRIOCredentialProviderConfig resources\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "metadata": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", } -func (PolicyMatchExactRepository) SwaggerDoc() map[string]string { - return map_PolicyMatchExactRepository +func (CRIOCredentialProviderConfigList) SwaggerDoc() map[string]string { + return map_CRIOCredentialProviderConfigList } -var map_PolicyMatchRemapIdentity = map[string]string{ - "prefix": "prefix is the prefix of the image identity to be matched. If the image identity matches the specified prefix, that prefix is replaced by the specified “signedPrefix” (otherwise it is used as unchanged and no remapping takes place). This useful when verifying signatures for a mirror of some other repository namespace that preserves the vendor’s repository structure. The prefix and signedPrefix values can be either host[:port] values (matching exactly the same host[:port], string), repository namespaces, or repositories (i.e. they must not contain tags/digests), and match as prefixes of the fully expanded form. For example, docker.io/library/busybox (not busybox) to specify that single repository, or docker.io/library (not an empty string) to specify the parent namespace of docker.io/library/busybox.", - "signedPrefix": "signedPrefix is the prefix of the image identity to be matched in the signature. The format is the same as \"prefix\". The values can be either host[:port] values (matching exactly the same host[:port], string), repository namespaces, or repositories (i.e. they must not contain tags/digests), and match as prefixes of the fully expanded form. For example, docker.io/library/busybox (not busybox) to specify that single repository, or docker.io/library (not an empty string) to specify the parent namespace of docker.io/library/busybox.", +var map_CRIOCredentialProviderConfigSpec = map[string]string{ + "": "CRIOCredentialProviderConfigSpec defines the desired configuration of the CRI-O Credential Provider.", + "matchImages": "matchImages is a list of string patterns used to determine whether the CRI-O credential provider should be invoked for a given image. This list is passed to the kubelet CredentialProviderConfig, and if any pattern matches the requested image, CRI-O credential provider will be invoked to obtain credentials for pulling that image or its mirrors. Depending on the platform, the CRI-O credential provider may be installed alongside an existing platform specific provider. Conflicts between the existing platform specific provider image match configuration and this list will be handled by the following precedence rule: credentials from built-in kubelet providers (e.g., ECR, GCR, ACR) take precedence over those from the CRIOCredentialProviderConfig when both match the same image. To avoid uncertainty, it is recommended to avoid configuring your private image patterns to overlap with existing platform specific provider config(e.g., the entries from https://github.com/openshift/machine-config-operator/blob/main/templates/common/aws/files/etc-kubernetes-credential-providers-ecr-credential-provider.yaml). You can check the resource's Status conditions to see if any entries were ignored due to exact matches with known built-in provider patterns.\n\nThis field is optional, the items of the list must contain between 1 and 50 entries. The list is treated as a set, so duplicate entries are not allowed.\n\nFor more details, see: https://kubernetes.io/docs/tasks/administer-cluster/kubelet-credential-provider/ https://github.com/cri-o/crio-credential-provider#architecture\n\nEach entry in matchImages is a pattern which can optionally contain a port and a path. Each entry must be no longer than 512 characters. Wildcards ('*') are supported for full subdomain labels, such as '*.k8s.io' or 'k8s.*.io', and for top-level domains, such as 'k8s.*' (which matches 'k8s.io' or 'k8s.net'). A global wildcard '*' (matching any domain) is not allowed. Wildcards may replace an entire hostname label (e.g., *.example.com), but they cannot appear within a label (e.g., f*oo.example.com) and are not allowed in the port or path. For example, 'example.*.com' is valid, but 'exa*mple.*.com' is not. Each wildcard matches only a single domain label, so '*.io' does **not** match '*.k8s.io'.\n\nA match exists between an image and a matchImage when all of the below are true: Both contain the same number of domain parts and each part matches. The URL path of an matchImages must be a prefix of the target image URL path. If the matchImages contains a port, then the port must match in the image as well.\n\nExample values of matchImages: - 123456789.dkr.ecr.us-east-1.amazonaws.com - *.azurecr.io - gcr.io - *.*.registry.io - registry.io:8080/path", } -func (PolicyMatchRemapIdentity) SwaggerDoc() map[string]string { - return map_PolicyMatchRemapIdentity +func (CRIOCredentialProviderConfigSpec) SwaggerDoc() map[string]string { + return map_CRIOCredentialProviderConfigSpec } -var map_PolicyRootOfTrust = map[string]string{ - "": "PolicyRootOfTrust defines the root of trust based on the selected policyType.", - "policyType": "policyType serves as the union's discriminator. Users are required to assign a value to this field, choosing one of the policy types that define the root of trust. \"PublicKey\" indicates that the policy relies on a sigstore publicKey and may optionally use a Rekor verification. \"FulcioCAWithRekor\" indicates that the policy is based on the Fulcio certification and incorporates a Rekor verification. \"PKI\" indicates that the policy is based on the certificates from Bring Your Own Public Key Infrastructure (BYOPKI). This value is enabled by turning on the SigstoreImageVerificationPKI feature gate.", - "publicKey": "publicKey defines the root of trust based on a sigstore public key.", - "fulcioCAWithRekor": "fulcioCAWithRekor defines the root of trust based on the Fulcio certificate and the Rekor public key. For more information about Fulcio and Rekor, please refer to the document at: https://github.com/sigstore/fulcio and https://github.com/sigstore/rekor", - "pki": "pki defines the root of trust based on Bring Your Own Public Key Infrastructure (BYOPKI) Root CA(s) and corresponding intermediate certificates.", +var map_CRIOCredentialProviderConfigStatus = map[string]string{ + "": "CRIOCredentialProviderConfigStatus defines the observed state of CRIOCredentialProviderConfig", + "conditions": "conditions represent the latest available observations of the configuration state. When omitted, it indicates that no conditions have been reported yet. The maximum number of conditions is 16. Conditions are stored as a map keyed by condition type, ensuring uniqueness.\n\nExpected condition types include: \"Validated\": indicates whether the matchImages configuration is valid", } -func (PolicyRootOfTrust) SwaggerDoc() map[string]string { - return map_PolicyRootOfTrust +func (CRIOCredentialProviderConfigStatus) SwaggerDoc() map[string]string { + return map_CRIOCredentialProviderConfigStatus } var map_GatherConfig = map[string]string{ diff --git a/vendor/github.com/openshift/api/envtest-releases.yaml b/vendor/github.com/openshift/api/envtest-releases.yaml index e495e02796..9ab6d63a6f 100644 --- a/vendor/github.com/openshift/api/envtest-releases.yaml +++ b/vendor/github.com/openshift/api/envtest-releases.yaml @@ -77,3 +77,16 @@ releases: envtest-v1.34.1-linux-arm64.tar.gz: hash: e2ee7e47ceeba56624fd869922ab9851200482ef835c09fe3dd57c9806a992a7e1f56641906510ebb095514953aa8a3af68d45a82be45b94981a50e894ac6e42 selfLink: https://storage.googleapis.com/openshift-kubebuilder-tools/envtest-v1.34.1-linux-arm64.tar.gz + v1.35.1: + envtest-v1.35.1-darwin-amd64.tar.gz: + hash: 8b788ca564d0d2d49000b572b9c83a87f71978b7dcbb0c969dde5bf8923869dcb5860b8f905af9a3772431ba7e575c4215d1bcfa5d2857bd8db440272f252ddd + selfLink: https://storage.googleapis.com/openshift-kubebuilder-tools/envtest-v1.35.1-darwin-amd64.tar.gz + envtest-v1.35.1-darwin-arm64.tar.gz: + hash: d650d7a96c69efdc7321579d597b9dbd9ef71df5ea1e0f00815edb31eb0f4a40599fe223b9d0f2a114be32657ff842136a3ab65e646b08a0fce50d6871bcec71 + selfLink: https://storage.googleapis.com/openshift-kubebuilder-tools/envtest-v1.35.1-darwin-arm64.tar.gz + envtest-v1.35.1-linux-amd64.tar.gz: + hash: 70e4e66f842d53cce174a3499feb04e0493ada374148c687da4e7ddc0e20e10dd6fa5e2cd765bd80b7d3dca3cd8388460503a0335e15f71212b333386fb3c2b1 + selfLink: https://storage.googleapis.com/openshift-kubebuilder-tools/envtest-v1.35.1-linux-amd64.tar.gz + envtest-v1.35.1-linux-arm64.tar.gz: + hash: 309308f9c66f9e2e5192c65a333a388faaaa903841f26f8a96b8f13a5eb3039bcbb818ef6ddbb5803a9cfa9b25e37249a0aed5d472badb25539696569923f87f + selfLink: https://storage.googleapis.com/openshift-kubebuilder-tools/envtest-v1.35.1-linux-arm64.tar.gz diff --git a/vendor/github.com/openshift/api/features.md b/vendor/github.com/openshift/api/features.md index a64770c866..9142f62826 100644 --- a/vendor/github.com/openshift/api/features.md +++ b/vendor/github.com/openshift/api/features.md @@ -8,13 +8,16 @@ | ShortCertRotation| | | | | | | | | | ClusterAPIComputeInstall| | | Enabled | Enabled | | | | | | ClusterAPIControlPlaneInstall| | | Enabled | Enabled | | | | | +| ClusterUpdatePreflight| | | Enabled | Enabled | | | | | | Example2| | | Enabled | Enabled | | | | | +| ExternalOIDCExternalClaimsSourcing| | | Enabled | Enabled | | | | | | ExternalSnapshotMetadata| | | Enabled | Enabled | | | | | | KMSEncryptionProvider| | | Enabled | Enabled | | | | | | MachineAPIMigrationVSphere| | | Enabled | Enabled | | | | | | NetworkConnect| | | Enabled | Enabled | | | | | | NewOLMBoxCutterRuntime| | | | Enabled | | | | Enabled | | NewOLMCatalogdAPIV1Metas| | | | Enabled | | | | Enabled | +| NewOLMConfigAPI| | | | Enabled | | | | Enabled | | NewOLMPreflightPermissionChecks| | | | Enabled | | | | Enabled | | NoRegistryClusterInstall| | | | Enabled | | | | Enabled | | ProvisioningRequestAvailable| | | Enabled | Enabled | | | | | @@ -22,14 +25,13 @@ | AWSClusterHostedDNSInstall| | | Enabled | Enabled | | | Enabled | Enabled | | AWSDedicatedHosts| | | Enabled | Enabled | | | Enabled | Enabled | | AWSDualStackInstall| | | Enabled | Enabled | | | Enabled | Enabled | -| AWSServiceLBNetworkSecurityGroup| | | Enabled | Enabled | | | Enabled | Enabled | +| AWSEuropeanSovereignCloudInstall| | | Enabled | Enabled | | | Enabled | Enabled | | AdditionalStorageConfig| | | Enabled | Enabled | | | Enabled | Enabled | | AutomatedEtcdBackup| | | Enabled | Enabled | | | Enabled | Enabled | | AzureClusterHostedDNSInstall| | | Enabled | Enabled | | | Enabled | Enabled | | AzureDedicatedHosts| | | Enabled | Enabled | | | Enabled | Enabled | | AzureDualStackInstall| | | Enabled | Enabled | | | Enabled | Enabled | | AzureMultiDisk| | | Enabled | Enabled | | | Enabled | Enabled | -| BootImageSkewEnforcement| | | Enabled | Enabled | | | Enabled | Enabled | | BootcNodeManagement| | | Enabled | Enabled | | | Enabled | Enabled | | CBORServingAndStorage| | | Enabled | Enabled | | | Enabled | Enabled | | CRDCompatibilityRequirementOperator| | | Enabled | Enabled | | | Enabled | Enabled | @@ -84,34 +86,28 @@ | OnPremDNSRecords| | | Enabled | Enabled | | | Enabled | Enabled | | SELinuxMount| | | Enabled | Enabled | | | Enabled | Enabled | | SignatureStores| | | Enabled | Enabled | | | Enabled | Enabled | +| TLSAdherence| | | Enabled | Enabled | | | Enabled | Enabled | | VSphereConfigurableMaxAllowedBlockVolumesPerNode| | | Enabled | Enabled | | | Enabled | Enabled | | VSphereHostVMGroupZonal| | | Enabled | Enabled | | | Enabled | Enabled | | VSphereMixedNodeEnv| | | Enabled | Enabled | | | Enabled | Enabled | | VolumeGroupSnapshot| | | Enabled | Enabled | | | Enabled | Enabled | +| AWSServiceLBNetworkSecurityGroup| | Enabled | Enabled | Enabled | | Enabled | Enabled | Enabled | | AzureWorkloadIdentity| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | +| BootImageSkewEnforcement| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | BuildCSIVolumes| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | ConsolePluginContentSecurityPolicy| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | ExternalOIDC| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | ExternalOIDCWithUIDAndExtraClaimMappings| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | GCPClusterHostedDNSInstall| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| GatewayAPI| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| GatewayAPIController| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | HighlyAvailableArbiter| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | ImageStreamImportMode| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| ImageVolume| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | InsightsConfig| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | InsightsOnDemandDataGather| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | KMSv1| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| MachineConfigNodes| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| ManagedBootImages| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| ManagedBootImagesAWS| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| ManagedBootImagesAzure| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | ManagedBootImagesCPMS| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| ManagedBootImagesvSphere| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | MetricsCollectionProfiles| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | MutableCSINodeAllocatableCount| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | OpenShiftPodSecurityAdmission| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| PinnedImages| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | RouteExternalCertificate| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | ServiceAccountTokenNodeBinding| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | SigstoreImageVerification| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | diff --git a/vendor/github.com/openshift/api/features/features.go b/vendor/github.com/openshift/api/features/features.go index c393c51efe..ad4faf54fa 100644 --- a/vendor/github.com/openshift/api/features/features.go +++ b/vendor/github.com/openshift/api/features/features.go @@ -99,14 +99,6 @@ var ( enable(inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() - FeatureGateGatewayAPI = newFeatureGate("GatewayAPI"). - reportProblemsToJiraComponent("Routing"). - contactPerson("miciah"). - productScope(ocpSpecific). - enhancementPR(legacyFeatureGateWithoutEnhancement). - enable(inDefault(), inOKD(), inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). - mustRegister() - FeatureGateOpenShiftPodSecurityAdmission = newFeatureGate("OpenShiftPodSecurityAdmission"). reportProblemsToJiraComponent("auth"). contactPerson("ibihim"). @@ -257,14 +249,6 @@ var ( enable(inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() - FeatureGateMachineConfigNodes = newFeatureGate("MachineConfigNodes"). - reportProblemsToJiraComponent("MachineConfigOperator"). - contactPerson("ijanssen"). - productScope(ocpSpecific). - enhancementPR("https://github.com/openshift/enhancements/pull/1765"). - enable(inDefault(), inOKD(), inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). - mustRegister() - FeatureGateImageModeStatusReporting = newFeatureGate("ImageModeStatusReporting"). reportProblemsToJiraComponent("MachineConfigOperator"). contactPerson("ijanssen"). @@ -312,38 +296,6 @@ var ( enable(inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() - FeatureGateManagedBootImages = newFeatureGate("ManagedBootImages"). - reportProblemsToJiraComponent("MachineConfigOperator"). - contactPerson("djoshy"). - productScope(ocpSpecific). - enhancementPR(legacyFeatureGateWithoutEnhancement). - enable(inDefault(), inOKD(), inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). - mustRegister() - - FeatureGateManagedBootImagesAWS = newFeatureGate("ManagedBootImagesAWS"). - reportProblemsToJiraComponent("MachineConfigOperator"). - contactPerson("djoshy"). - productScope(ocpSpecific). - enhancementPR(legacyFeatureGateWithoutEnhancement). - enable(inDefault(), inOKD(), inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). - mustRegister() - - FeatureGateManagedBootImagesvSphere = newFeatureGate("ManagedBootImagesvSphere"). - reportProblemsToJiraComponent("MachineConfigOperator"). - contactPerson("rsaini"). - productScope(ocpSpecific). - enhancementPR("https://github.com/openshift/enhancements/pull/1496"). - enable(inDefault(), inOKD(), inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). - mustRegister() - - FeatureGateManagedBootImagesAzure = newFeatureGate("ManagedBootImagesAzure"). - reportProblemsToJiraComponent("MachineConfigOperator"). - contactPerson("djoshy"). - productScope(ocpSpecific). - enhancementPR("https://github.com/openshift/enhancements/pull/1761"). - enable(inDefault(), inOKD(), inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). - mustRegister() - FeatureGateManagedBootImagesCPMS = newFeatureGate("ManagedBootImagesCPMS"). reportProblemsToJiraComponent("MachineConfigOperator"). contactPerson("djoshy"). @@ -357,7 +309,7 @@ var ( contactPerson("djoshy"). productScope(ocpSpecific). enhancementPR("https://github.com/openshift/enhancements/pull/1761"). - enable(inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). + enable(inDefault(), inOKD(), inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() FeatureGateBootcNodeManagement = newFeatureGate("BootcNodeManagement"). @@ -384,14 +336,6 @@ var ( enable(inDefault(), inOKD(), inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() - FeatureGatePinnedImages = newFeatureGate("PinnedImages"). - reportProblemsToJiraComponent("MachineConfigOperator"). - contactPerson("RishabhSaini"). - productScope(ocpSpecific). - enhancementPR(legacyFeatureGateWithoutEnhancement). - enable(inDefault(), inOKD(), inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). - mustRegister() - FeatureGateAdditionalStorageConfig = newFeatureGate("AdditionalStorageConfig"). reportProblemsToJiraComponent("node"). contactPerson("saschagrunert"). @@ -448,6 +392,14 @@ var ( enable(inDevPreviewNoUpgrade(), inTechPreviewNoUpgrade()). mustRegister() + FeatureGateExternalOIDCExternalClaimsSourcing = newFeatureGate("ExternalOIDCExternalClaimsSourcing"). + reportProblemsToJiraComponent("authentication"). + contactPerson("bpalmer"). + productScope(ocpSpecific). + enhancementPR("https://github.com/openshift/enhancements/pull/1907"). + enable(inDevPreviewNoUpgrade()). + mustRegister() + FeatureGateExample = newFeatureGate("Example"). reportProblemsToJiraComponent("cluster-config"). contactPerson("deads"). @@ -512,6 +464,14 @@ var ( enable(inClusterProfile(SelfManaged), inDevPreviewNoUpgrade(), inTechPreviewNoUpgrade()). mustRegister() + FeatureGateNewOLMConfigAPI = newFeatureGate("NewOLMConfigAPI"). + reportProblemsToJiraComponent("olm"). + contactPerson("tmshort"). + productScope(ocpSpecific). + enhancementPR("https://github.com/openshift/enhancements/pull/1915"). + enable(inClusterProfile(SelfManaged), inDevPreviewNoUpgrade(), inTechPreviewNoUpgrade()). + mustRegister() + FeatureGateInsightsOnDemandDataGather = newFeatureGate("InsightsOnDemandDataGather"). reportProblemsToJiraComponent("insights"). contactPerson("tremes"). @@ -753,6 +713,14 @@ var ( enable(inDevPreviewNoUpgrade(), inTechPreviewNoUpgrade()). mustRegister() + FeatureGateClusterUpdatePreflight = newFeatureGate("ClusterUpdatePreflight"). + reportProblemsToJiraComponent("Cluster Version Operator"). + contactPerson("fao89"). + productScope(ocpSpecific). + enhancementPR("https://github.com/openshift/enhancements/pull/1930"). + enable(inDevPreviewNoUpgrade()). + mustRegister() + FeatureGateGCPCustomAPIEndpoints = newFeatureGate("GCPCustomAPIEndpoints"). reportProblemsToJiraComponent("Installer"). contactPerson("barbacbd"). @@ -785,19 +753,6 @@ var ( enable(inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() - FeatureGateGatewayAPIController = newFeatureGate("GatewayAPIController"). - reportProblemsToJiraComponent("Routing"). - contactPerson("miciah"). - productScope(ocpSpecific). - // Previously, the "GatewayAPI" feature gate managed both the GatewayAPI CRDs - // and the Gateway Controller. However, with the introduction of Gateway CRD - // lifecycle management (EP#1756), these responsibilities were separated. - // A dedicated feature gate now controls the Gateway Controller to distinguish - // its production readiness from that of the CRDs. - enhancementPR("https://github.com/openshift/enhancements/pull/1756"). - enable(inDefault(), inOKD(), inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). - mustRegister() - FeatureShortCertRotation = newFeatureGate("ShortCertRotation"). reportProblemsToJiraComponent("kube-apiserver"). contactPerson("vrutkovs"). @@ -858,17 +813,10 @@ var ( contactPerson("mtulio"). productScope(ocpSpecific). enhancementPR("https://github.com/openshift/enhancements/pull/1802"). - enable(inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). + enable(inClusterProfile(SelfManaged), inDefault(), inOKD(), inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). + enable(inClusterProfile(Hypershift), inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() - FeatureGateImageVolume = newFeatureGate("ImageVolume"). - reportProblemsToJiraComponent("Node"). - contactPerson("haircommander"). - productScope(kubernetes). - enhancementPR("https://github.com/openshift/enhancements/pull/1792"). - enable(inDefault(), inOKD(), inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). - mustRegister() - FeatureGateNoRegistryClusterInstall = newFeatureGate("NoRegistryClusterInstall"). reportProblemsToJiraComponent("Installer / Agent based installation"). contactPerson("andfasano"). @@ -1041,6 +989,14 @@ var ( enable(inDevPreviewNoUpgrade()). mustRegister() + FeatureGateAWSEuropeanSovereignCloudInstall = newFeatureGate("AWSEuropeanSovereignCloudInstall"). + reportProblemsToJiraComponent("Installer / openshift-installer"). + contactPerson("tthvo"). + productScope(ocpSpecific). + enhancementPR("https://github.com/openshift/enhancements/pull/1952"). + enable(inDevPreviewNoUpgrade(), inTechPreviewNoUpgrade()). + mustRegister() + FeatureGateGatewayAPIWithoutOLM = newFeatureGate("GatewayAPIWithoutOLM"). reportProblemsToJiraComponent("Routing"). contactPerson("miciah"). @@ -1048,4 +1004,12 @@ var ( enhancementPR("https://github.com/openshift/enhancements/pull/1933"). enable(inDevPreviewNoUpgrade(), inTechPreviewNoUpgrade()). mustRegister() + + FeatureGateTLSAdherence = newFeatureGate("TLSAdherence"). + reportProblemsToJiraComponent("HPCASE / TLS Adherence"). + contactPerson("joelanford"). + productScope(ocpSpecific). + enhancementPR("https://github.com/openshift/enhancements/pull/1910"). + enable(inDevPreviewNoUpgrade(), inTechPreviewNoUpgrade()). + mustRegister() ) diff --git a/vendor/github.com/openshift/api/features/legacyfeaturegates.go b/vendor/github.com/openshift/api/features/legacyfeaturegates.go index a92c0b9bb9..a82089b9f7 100644 --- a/vendor/github.com/openshift/api/features/legacyfeaturegates.go +++ b/vendor/github.com/openshift/api/features/legacyfeaturegates.go @@ -33,8 +33,6 @@ var legacyFeatureGates = sets.New( // never add to this list, if you think you have an exception ask @deads2k "GCPClusterHostedDNS", // never add to this list, if you think you have an exception ask @deads2k - "GatewayAPI", - // never add to this list, if you think you have an exception ask @deads2k "HardwareSpeed", // never add to this list, if you think you have an exception ask @deads2k "ImageStreamImportMode", diff --git a/vendor/github.com/openshift/api/operator/v1/types_machineconfiguration.go b/vendor/github.com/openshift/api/operator/v1/types_machineconfiguration.go index f5836af0f8..f0c1e01c78 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_machineconfiguration.go +++ b/vendor/github.com/openshift/api/operator/v1/types_machineconfiguration.go @@ -47,7 +47,6 @@ type MachineConfigurationSpec struct { // and the platform is left to choose a reasonable default, which is subject to change over time. // The default for each machine manager mode is All for GCP and AWS platforms, and None for all // other platforms. - // +openshift:enable:FeatureGate=ManagedBootImages // +optional ManagedBootImages ManagedBootImages `json:"managedBootImages"` @@ -288,7 +287,6 @@ type MachineConfigurationStatus struct { // managedBootImagesStatus reflects what the latest cluster-validated boot image configuration is // and will be used by Machine Config Controller while performing boot image updates. - // +openshift:enable:FeatureGate=ManagedBootImages // +optional ManagedBootImagesStatus ManagedBootImages `json:"managedBootImagesStatus"` @@ -367,7 +365,7 @@ type ManagedBootImages struct { // MachineManager describes a target machine resource that is registered for boot image updates. It stores identifying information // such as the resource type and the API Group of the resource. It also provides granular control via the selection field. -// +openshift:validation:FeatureGateAwareXValidation:requiredFeatureGate=ManagedBootImages;ManagedBootImagesCPMS,rule="self.resource != 'controlplanemachinesets' || self.selection.mode == 'All' || self.selection.mode == 'None'", message="Only All or None selection mode is permitted for ControlPlaneMachineSets" +// +openshift:validation:FeatureGateAwareXValidation:requiredFeatureGate=ManagedBootImagesCPMS,rule="self.resource != 'controlplanemachinesets' || self.selection.mode == 'All' || self.selection.mode == 'None'", message="Only All or None selection mode is permitted for ControlPlaneMachineSets" type MachineManager struct { // resource is the machine management resource's type. // Valid values are machinesets and controlplanemachinesets. @@ -431,8 +429,8 @@ const ( // MachineManagerManagedResourceType is a string enum used in the MachineManager type to describe the resource // type to be registered. -// +openshift:validation:FeatureGateAwareEnum:requiredFeatureGate=ManagedBootImages,enum=machinesets -// +openshift:validation:FeatureGateAwareEnum:requiredFeatureGate=ManagedBootImages;ManagedBootImagesCPMS,enum=machinesets;controlplanemachinesets +// +openshift:validation:FeatureGateAwareEnum:featureGate="",enum=machinesets +// +openshift:validation:FeatureGateAwareEnum:featureGate=ManagedBootImagesCPMS,enum=machinesets;controlplanemachinesets type MachineManagerMachineSetsResourceType string const ( diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.featuregated-crd-manifests.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.featuregated-crd-manifests.yaml index 51a758804d..1c552b0c0e 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.featuregated-crd-manifests.yaml +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.featuregated-crd-manifests.yaml @@ -305,8 +305,7 @@ machineconfigurations.operator.openshift.io: FeatureGates: - BootImageSkewEnforcement - IrreconcilableMachineConfig - - ManagedBootImages - - ManagedBootImages+ManagedBootImagesCPMS + - ManagedBootImagesCPMS FilenameOperatorName: machine-config FilenameOperatorOrdering: "01" FilenameRunLevel: "0000_80" diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/apiserverspec.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/apiserverspec.go index 5b674ae05d..42392a353e 100644 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/apiserverspec.go +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/apiserverspec.go @@ -2,6 +2,10 @@ package v1 +import ( + configv1 "github.com/openshift/api/config/v1" +) + // APIServerSpecApplyConfiguration represents a declarative configuration of the APIServerSpec type for use // with apply. type APIServerSpecApplyConfiguration struct { @@ -26,6 +30,37 @@ type APIServerSpecApplyConfiguration struct { // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. // The current default is the Intermediate profile. TLSSecurityProfile *TLSSecurityProfileApplyConfiguration `json:"tlsSecurityProfile,omitempty"` + // tlsAdherence controls if components in the cluster adhere to the TLS security profile + // configured on this APIServer resource. + // + // Valid values are "LegacyAdheringComponentsOnly" and "StrictAllComponents". + // + // When set to "LegacyAdheringComponentsOnly", components that already honor the + // cluster-wide TLS profile continue to do so. Components that do not already honor + // it continue to use their individual TLS configurations. + // + // When set to "StrictAllComponents", all components must honor the configured TLS + // profile unless they have a component-specific TLS configuration that overrides + // it. This mode is recommended for security-conscious deployments and is required + // for certain compliance frameworks. + // + // Note: Some components such as Kubelet and IngressController have their own + // dedicated TLS configuration mechanisms via KubeletConfig and IngressController + // CRs respectively. When these component-specific TLS configurations are set, + // they take precedence over the cluster-wide tlsSecurityProfile. When not set, + // these components fall back to the cluster-wide default. + // + // Components that encounter an unknown value for tlsAdherence should treat it + // as "StrictAllComponents" and log a warning to ensure forward compatibility + // while defaulting to the more secure behavior. + // + // This field is optional. + // When omitted, this means the user has no opinion and the platform is left + // to choose reasonable defaults. These defaults are subject to change over time. + // The current default is LegacyAdheringComponentsOnly. + // + // Once set, this field may be changed to a different value, but may not be removed. + TLSAdherence *configv1.TLSAdherencePolicy `json:"tlsAdherence,omitempty"` // audit specifies the settings for audit configuration to be applied to all OpenShift-provided // API servers in the cluster. Audit *AuditApplyConfiguration `json:"audit,omitempty"` @@ -79,6 +114,14 @@ func (b *APIServerSpecApplyConfiguration) WithTLSSecurityProfile(value *TLSSecur return b } +// WithTLSAdherence sets the TLSAdherence field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the TLSAdherence field is set to the value of the last call. +func (b *APIServerSpecApplyConfiguration) WithTLSAdherence(value configv1.TLSAdherencePolicy) *APIServerSpecApplyConfiguration { + b.TLSAdherence = &value + return b +} + // WithAudit sets the Audit field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the Audit field is set to the value of the last call. diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/prefixedclaimmapping.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/prefixedclaimmapping.go index 24d8261c9c..d9b0e87914 100644 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/prefixedclaimmapping.go +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/prefixedclaimmapping.go @@ -31,6 +31,14 @@ func (b *PrefixedClaimMappingApplyConfiguration) WithClaim(value string) *Prefix return b } +// WithExpression sets the Expression field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Expression field is set to the value of the last call. +func (b *PrefixedClaimMappingApplyConfiguration) WithExpression(value string) *PrefixedClaimMappingApplyConfiguration { + b.TokenClaimMappingApplyConfiguration.Expression = &value + return b +} + // WithPrefix sets the Prefix field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the Prefix field is set to the value of the last call. diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenclaimmapping.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenclaimmapping.go index 7b1f0da780..bedd170ae4 100644 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenclaimmapping.go +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenclaimmapping.go @@ -7,8 +7,21 @@ package v1 // // TokenClaimMapping allows specifying a JWT token claim to be used when mapping claims from an authentication token to cluster identities. type TokenClaimMappingApplyConfiguration struct { - // claim is a required field that configures the JWT token claim whose value is assigned to the cluster identity field associated with this mapping. + // claim is an optional field for specifying the JWT token claim that is used in the mapping. + // The value of this claim will be assigned to the field in which this mapping is associated. + // claim must not exceed 256 characters in length. + // When set to the empty string `""`, this means that no named claim should be used for the group mapping. + // claim is required when the ExternalOIDCWithUpstreamParity feature gate is not enabled. Claim *string `json:"claim,omitempty"` + // expression is an optional CEL expression used to derive + // group values from JWT claims. + // + // CEL expressions have access to the token claims through a CEL variable, 'claims'. + // + // expression must be at least 1 character and must not exceed 1024 characters in length . + // + // When specified, claim must not be set or be explicitly set to the empty string (`""`). + Expression *string `json:"expression,omitempty"` } // TokenClaimMappingApplyConfiguration constructs a declarative configuration of the TokenClaimMapping type for use with @@ -24,3 +37,11 @@ func (b *TokenClaimMappingApplyConfiguration) WithClaim(value string) *TokenClai b.Claim = &value return b } + +// WithExpression sets the Expression field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Expression field is set to the value of the last call. +func (b *TokenClaimMappingApplyConfiguration) WithExpression(value string) *TokenClaimMappingApplyConfiguration { + b.Expression = &value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/update.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/update.go index 6151b6b13a..db1128deb5 100644 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/update.go +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/update.go @@ -47,6 +47,19 @@ type UpdateApplyConfiguration struct { // acceptRisks must not contain more than 1000 entries. // Entries in this list must be unique. AcceptRisks []AcceptRiskApplyConfiguration `json:"acceptRisks,omitempty"` + // mode determines how an update should be processed. + // The only valid value is "Preflight". + // When omitted, the cluster performs a normal update by applying the specified version or image to the cluster. + // This is the standard update behavior. + // When set to "Preflight", the cluster runs compatibility checks against the target release without + // performing an actual update. Compatibility results, including any detected risks, are reported + // in status.conditionalUpdates and status.conditionalUpdateRisks alongside risks from the update + // recommendation service. + // This allows administrators to assess update readiness and address issues before committing to the update. + // Preflight mode is particularly useful for skip-level updates where upgrade compatibility needs to be + // verified across multiple minor versions. + // When mode is set to "Preflight", the same rules for version, image, and architecture apply as for normal updates. + Mode *configv1.UpdateMode `json:"mode,omitempty"` } // UpdateApplyConfiguration constructs a declarative configuration of the Update type for use with @@ -99,3 +112,11 @@ func (b *UpdateApplyConfiguration) WithAcceptRisks(values ...*AcceptRiskApplyCon } return b } + +// WithMode sets the Mode field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Mode field is set to the value of the last call. +func (b *UpdateApplyConfiguration) WithMode(value configv1.UpdateMode) *UpdateApplyConfiguration { + b.Mode = &value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/usernameclaimmapping.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/usernameclaimmapping.go index dd359d69a6..d33d6d71d8 100644 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/usernameclaimmapping.go +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/usernameclaimmapping.go @@ -9,10 +9,21 @@ import ( // UsernameClaimMappingApplyConfiguration represents a declarative configuration of the UsernameClaimMapping type for use // with apply. type UsernameClaimMappingApplyConfiguration struct { - // claim is a required field that configures the JWT token claim whose value is assigned to the cluster identity field associated with this mapping. + // claim is an optional field that configures the JWT token claim whose value is assigned to the cluster identity field associated with this mapping. + // claim is required when the ExternalOIDCWithUpstreamParity feature gate is not enabled. + // When the ExternalOIDCWithUpstreamParity feature gate is enabled, claim must not be set when expression is set. // // claim must not be an empty string ("") and must not exceed 256 characters. Claim *string `json:"claim,omitempty"` + // expression is an optional CEL expression used to derive + // the username from JWT claims. + // + // CEL expressions have access to the token claims + // through a CEL variable, 'claims'. + // + // expression must be at least 1 character and must not exceed 1024 characters in length. + // expression must not be set when claim is set. + Expression *string `json:"expression,omitempty"` // prefixPolicy is an optional field that configures how a prefix should be applied to the value of the JWT claim specified in the 'claim' field. // // Allowed values are 'Prefix', 'NoPrefix', and omitted (not provided or an empty string). @@ -54,6 +65,14 @@ func (b *UsernameClaimMappingApplyConfiguration) WithClaim(value string) *Userna return b } +// WithExpression sets the Expression field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Expression field is set to the value of the last call. +func (b *UsernameClaimMappingApplyConfiguration) WithExpression(value string) *UsernameClaimMappingApplyConfiguration { + b.Expression = &value + return b +} + // WithPrefixPolicy sets the PrefixPolicy field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the PrefixPolicy field is set to the value of the last call. diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/additionalalertmanagerconfig.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/additionalalertmanagerconfig.go new file mode 100644 index 0000000000..6a699cd82a --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/additionalalertmanagerconfig.go @@ -0,0 +1,119 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + configv1alpha1 "github.com/openshift/api/config/v1alpha1" +) + +// AdditionalAlertmanagerConfigApplyConfiguration represents a declarative configuration of the AdditionalAlertmanagerConfig type for use +// with apply. +// +// AdditionalAlertmanagerConfig represents configuration for additional Alertmanager instances. +// The `AdditionalAlertmanagerConfig` resource defines settings for how a +// component communicates with additional Alertmanager instances. +type AdditionalAlertmanagerConfigApplyConfiguration struct { + // name is a unique identifier for this Alertmanager configuration entry. + // The name must be a valid DNS subdomain (RFC 1123): lowercase alphanumeric characters, + // hyphens, or periods, and must start and end with an alphanumeric character. + // Minimum length is 1 character (empty string is invalid). + // Maximum length is 253 characters. + Name *string `json:"name,omitempty"` + // authorization configures the authentication method for Alertmanager connections. + // Supports bearer token authentication. When omitted, no authentication is used. + Authorization *AuthorizationConfigApplyConfiguration `json:"authorization,omitempty"` + // pathPrefix defines an optional URL path prefix to prepend to the Alertmanager API endpoints. + // For example, if your Alertmanager is behind a reverse proxy at "/alertmanager/", + // set this to "/alertmanager" so requests go to "/alertmanager/api/v1/alerts" instead of "/api/v1/alerts". + // This is commonly needed when Alertmanager is deployed behind ingress controllers or load balancers. + // When no prefix is needed, omit this field; do not set it to "/" as that would produce paths with double slashes (e.g. "//api/v1/alerts"). + // Must start with "/", must not end with "/", and must not be exactly "/". + // Must not contain query strings ("?") or fragments ("#"). + PathPrefix *string `json:"pathPrefix,omitempty"` + // scheme defines the URL scheme to use when communicating with Alertmanager + // instances. + // Possible values are `HTTP` or `HTTPS`. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // The current default value is `HTTP`. + Scheme *configv1alpha1.AlertmanagerScheme `json:"scheme,omitempty"` + // staticConfigs is a list of statically configured Alertmanager endpoints in the form + // of `:`. Each entry must be a valid hostname, IPv4 address, or IPv6 address + // (in brackets) followed by a colon and a valid port number (1-65535). + // Examples: "alertmanager.example.com:9093", "192.168.1.100:9093", "[::1]:9093" + // At least one endpoint must be specified (minimum 1, maximum 10 endpoints). + // Each entry must be unique and non-empty (empty string is invalid). + StaticConfigs []string `json:"staticConfigs,omitempty"` + // timeoutSeconds defines the timeout in seconds for requests to Alertmanager. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // Currently the default is 10 seconds. + // Minimum value is 1 second. + // Maximum value is 600 seconds (10 minutes). + TimeoutSeconds *int32 `json:"timeoutSeconds,omitempty"` + // tlsConfig defines the TLS settings to use for Alertmanager connections. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + TLSConfig *TLSConfigApplyConfiguration `json:"tlsConfig,omitempty"` +} + +// AdditionalAlertmanagerConfigApplyConfiguration constructs a declarative configuration of the AdditionalAlertmanagerConfig type for use with +// apply. +func AdditionalAlertmanagerConfig() *AdditionalAlertmanagerConfigApplyConfiguration { + return &AdditionalAlertmanagerConfigApplyConfiguration{} +} + +// WithName sets the Name field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Name field is set to the value of the last call. +func (b *AdditionalAlertmanagerConfigApplyConfiguration) WithName(value string) *AdditionalAlertmanagerConfigApplyConfiguration { + b.Name = &value + return b +} + +// WithAuthorization sets the Authorization field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Authorization field is set to the value of the last call. +func (b *AdditionalAlertmanagerConfigApplyConfiguration) WithAuthorization(value *AuthorizationConfigApplyConfiguration) *AdditionalAlertmanagerConfigApplyConfiguration { + b.Authorization = value + return b +} + +// WithPathPrefix sets the PathPrefix field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the PathPrefix field is set to the value of the last call. +func (b *AdditionalAlertmanagerConfigApplyConfiguration) WithPathPrefix(value string) *AdditionalAlertmanagerConfigApplyConfiguration { + b.PathPrefix = &value + return b +} + +// WithScheme sets the Scheme field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Scheme field is set to the value of the last call. +func (b *AdditionalAlertmanagerConfigApplyConfiguration) WithScheme(value configv1alpha1.AlertmanagerScheme) *AdditionalAlertmanagerConfigApplyConfiguration { + b.Scheme = &value + return b +} + +// WithStaticConfigs adds the given value to the StaticConfigs field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the StaticConfigs field. +func (b *AdditionalAlertmanagerConfigApplyConfiguration) WithStaticConfigs(values ...string) *AdditionalAlertmanagerConfigApplyConfiguration { + for i := range values { + b.StaticConfigs = append(b.StaticConfigs, values[i]) + } + return b +} + +// WithTimeoutSeconds sets the TimeoutSeconds field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the TimeoutSeconds field is set to the value of the last call. +func (b *AdditionalAlertmanagerConfigApplyConfiguration) WithTimeoutSeconds(value int32) *AdditionalAlertmanagerConfigApplyConfiguration { + b.TimeoutSeconds = &value + return b +} + +// WithTLSConfig sets the TLSConfig field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the TLSConfig field is set to the value of the last call. +func (b *AdditionalAlertmanagerConfigApplyConfiguration) WithTLSConfig(value *TLSConfigApplyConfiguration) *AdditionalAlertmanagerConfigApplyConfiguration { + b.TLSConfig = value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/alertmanagercustomconfig.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/alertmanagercustomconfig.go index ebc4e4a6be..4e90578a18 100644 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/alertmanagercustomconfig.go +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/alertmanagercustomconfig.go @@ -90,12 +90,10 @@ type AlertmanagerCustomConfigApplyConfiguration struct { // Minimum length for this list is 1. // Entries must have unique topologyKey and whenUnsatisfiable pairs. TopologySpreadConstraints []v1.TopologySpreadConstraint `json:"topologySpreadConstraints,omitempty"` - // volumeClaimTemplate Defines persistent storage for Alertmanager. Use this setting to - // configure the persistent volume claim, including storage class, volume - // size, and name. + // volumeClaimTemplate defines persistent storage for Alertmanager. Use this setting to + // configure the persistent volume claim, including storage class and volume size. // If omitted, the Pod uses ephemeral storage and alert data will not persist // across restarts. - // This field is optional. VolumeClaimTemplate *v1.PersistentVolumeClaim `json:"volumeClaimTemplate,omitempty"` } diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/authorizationconfig.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/authorizationconfig.go new file mode 100644 index 0000000000..87d7c7eefe --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/authorizationconfig.go @@ -0,0 +1,44 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + configv1alpha1 "github.com/openshift/api/config/v1alpha1" +) + +// AuthorizationConfigApplyConfiguration represents a declarative configuration of the AuthorizationConfig type for use +// with apply. +// +// AuthorizationConfig defines the authentication method for Alertmanager connections. +type AuthorizationConfigApplyConfiguration struct { + // type specifies the authentication type to use. + // Valid value is "BearerToken" (bearer token authentication). + // When set to BearerToken, the bearerToken field must be specified. + Type *configv1alpha1.AuthorizationType `json:"type,omitempty"` + // bearerToken defines the secret reference containing the bearer token. + // Required when type is "BearerToken", and forbidden otherwise. + // The secret must exist in the openshift-monitoring namespace. + BearerToken *SecretKeySelectorApplyConfiguration `json:"bearerToken,omitempty"` +} + +// AuthorizationConfigApplyConfiguration constructs a declarative configuration of the AuthorizationConfig type for use with +// apply. +func AuthorizationConfig() *AuthorizationConfigApplyConfiguration { + return &AuthorizationConfigApplyConfiguration{} +} + +// WithType sets the Type field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Type field is set to the value of the last call. +func (b *AuthorizationConfigApplyConfiguration) WithType(value configv1alpha1.AuthorizationType) *AuthorizationConfigApplyConfiguration { + b.Type = &value + return b +} + +// WithBearerToken sets the BearerToken field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the BearerToken field is set to the value of the last call. +func (b *AuthorizationConfigApplyConfiguration) WithBearerToken(value *SecretKeySelectorApplyConfiguration) *AuthorizationConfigApplyConfiguration { + b.BearerToken = value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/basicauth.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/basicauth.go new file mode 100644 index 0000000000..efad66668a --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/basicauth.go @@ -0,0 +1,38 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +// BasicAuthApplyConfiguration represents a declarative configuration of the BasicAuth type for use +// with apply. +// +// BasicAuth defines basic authentication settings for the remote write endpoint URL. +type BasicAuthApplyConfiguration struct { + // username defines the secret reference containing the username for basic authentication. + // The secret must exist in the openshift-monitoring namespace. + Username *SecretKeySelectorApplyConfiguration `json:"username,omitempty"` + // password defines the secret reference containing the password for basic authentication. + // The secret must exist in the openshift-monitoring namespace. + Password *SecretKeySelectorApplyConfiguration `json:"password,omitempty"` +} + +// BasicAuthApplyConfiguration constructs a declarative configuration of the BasicAuth type for use with +// apply. +func BasicAuth() *BasicAuthApplyConfiguration { + return &BasicAuthApplyConfiguration{} +} + +// WithUsername sets the Username field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Username field is set to the value of the last call. +func (b *BasicAuthApplyConfiguration) WithUsername(value *SecretKeySelectorApplyConfiguration) *BasicAuthApplyConfiguration { + b.Username = value + return b +} + +// WithPassword sets the Password field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Password field is set to the value of the last call. +func (b *BasicAuthApplyConfiguration) WithPassword(value *SecretKeySelectorApplyConfiguration) *BasicAuthApplyConfiguration { + b.Password = value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/certificateconfig.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/certificateconfig.go new file mode 100644 index 0000000000..a4191ccb27 --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/certificateconfig.go @@ -0,0 +1,29 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +// CertificateConfigApplyConfiguration represents a declarative configuration of the CertificateConfig type for use +// with apply. +// +// CertificateConfig specifies configuration parameters for certificates. +// At least one property must be specified. +type CertificateConfigApplyConfiguration struct { + // key specifies the cryptographic parameters for the certificate's key pair. + // Currently this is the only configurable parameter. When omitted in an + // overrides entry, the key configuration from defaults is used. + Key *KeyConfigApplyConfiguration `json:"key,omitempty"` +} + +// CertificateConfigApplyConfiguration constructs a declarative configuration of the CertificateConfig type for use with +// apply. +func CertificateConfig() *CertificateConfigApplyConfiguration { + return &CertificateConfigApplyConfiguration{} +} + +// WithKey sets the Key field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Key field is set to the value of the last call. +func (b *CertificateConfigApplyConfiguration) WithKey(value *KeyConfigApplyConfiguration) *CertificateConfigApplyConfiguration { + b.Key = value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/clusterimagepolicy.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/clusterimagepolicy.go deleted file mode 100644 index 19a6917f99..0000000000 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/clusterimagepolicy.go +++ /dev/null @@ -1,277 +0,0 @@ -// Code generated by applyconfiguration-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - configv1alpha1 "github.com/openshift/api/config/v1alpha1" - internal "github.com/openshift/client-go/config/applyconfigurations/internal" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - types "k8s.io/apimachinery/pkg/types" - managedfields "k8s.io/apimachinery/pkg/util/managedfields" - v1 "k8s.io/client-go/applyconfigurations/meta/v1" -) - -// ClusterImagePolicyApplyConfiguration represents a declarative configuration of the ClusterImagePolicy type for use -// with apply. -// -// # ClusterImagePolicy holds cluster-wide configuration for image signature verification -// -// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. -type ClusterImagePolicyApplyConfiguration struct { - v1.TypeMetaApplyConfiguration `json:",inline"` - // metadata is the standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - *v1.ObjectMetaApplyConfiguration `json:"metadata,omitempty"` - // spec contains the configuration for the cluster image policy. - Spec *ClusterImagePolicySpecApplyConfiguration `json:"spec,omitempty"` - // status contains the observed state of the resource. - Status *ClusterImagePolicyStatusApplyConfiguration `json:"status,omitempty"` -} - -// ClusterImagePolicy constructs a declarative configuration of the ClusterImagePolicy type for use with -// apply. -func ClusterImagePolicy(name string) *ClusterImagePolicyApplyConfiguration { - b := &ClusterImagePolicyApplyConfiguration{} - b.WithName(name) - b.WithKind("ClusterImagePolicy") - b.WithAPIVersion("config.openshift.io/v1alpha1") - return b -} - -// ExtractClusterImagePolicyFrom extracts the applied configuration owned by fieldManager from -// clusterImagePolicy for the specified subresource. Pass an empty string for subresource to extract -// the main resource. Common subresources include "status", "scale", etc. -// clusterImagePolicy must be a unmodified ClusterImagePolicy API object that was retrieved from the Kubernetes API. -// ExtractClusterImagePolicyFrom provides a way to perform a extract/modify-in-place/apply workflow. -// Note that an extracted apply configuration will contain fewer fields than what the fieldManager previously -// applied if another fieldManager has updated or force applied any of the previously applied fields. -func ExtractClusterImagePolicyFrom(clusterImagePolicy *configv1alpha1.ClusterImagePolicy, fieldManager string, subresource string) (*ClusterImagePolicyApplyConfiguration, error) { - b := &ClusterImagePolicyApplyConfiguration{} - err := managedfields.ExtractInto(clusterImagePolicy, internal.Parser().Type("com.github.openshift.api.config.v1alpha1.ClusterImagePolicy"), fieldManager, b, subresource) - if err != nil { - return nil, err - } - b.WithName(clusterImagePolicy.Name) - - b.WithKind("ClusterImagePolicy") - b.WithAPIVersion("config.openshift.io/v1alpha1") - return b, nil -} - -// ExtractClusterImagePolicy extracts the applied configuration owned by fieldManager from -// clusterImagePolicy. If no managedFields are found in clusterImagePolicy for fieldManager, a -// ClusterImagePolicyApplyConfiguration is returned with only the Name, Namespace (if applicable), -// APIVersion and Kind populated. It is possible that no managed fields were found for because other -// field managers have taken ownership of all the fields previously owned by fieldManager, or because -// the fieldManager never owned fields any fields. -// clusterImagePolicy must be a unmodified ClusterImagePolicy API object that was retrieved from the Kubernetes API. -// ExtractClusterImagePolicy provides a way to perform a extract/modify-in-place/apply workflow. -// Note that an extracted apply configuration will contain fewer fields than what the fieldManager previously -// applied if another fieldManager has updated or force applied any of the previously applied fields. -func ExtractClusterImagePolicy(clusterImagePolicy *configv1alpha1.ClusterImagePolicy, fieldManager string) (*ClusterImagePolicyApplyConfiguration, error) { - return ExtractClusterImagePolicyFrom(clusterImagePolicy, fieldManager, "") -} - -// ExtractClusterImagePolicyStatus extracts the applied configuration owned by fieldManager from -// clusterImagePolicy for the status subresource. -func ExtractClusterImagePolicyStatus(clusterImagePolicy *configv1alpha1.ClusterImagePolicy, fieldManager string) (*ClusterImagePolicyApplyConfiguration, error) { - return ExtractClusterImagePolicyFrom(clusterImagePolicy, fieldManager, "status") -} - -func (b ClusterImagePolicyApplyConfiguration) IsApplyConfiguration() {} - -// WithKind sets the Kind field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the Kind field is set to the value of the last call. -func (b *ClusterImagePolicyApplyConfiguration) WithKind(value string) *ClusterImagePolicyApplyConfiguration { - b.TypeMetaApplyConfiguration.Kind = &value - return b -} - -// WithAPIVersion sets the APIVersion field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the APIVersion field is set to the value of the last call. -func (b *ClusterImagePolicyApplyConfiguration) WithAPIVersion(value string) *ClusterImagePolicyApplyConfiguration { - b.TypeMetaApplyConfiguration.APIVersion = &value - return b -} - -// WithName sets the Name field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the Name field is set to the value of the last call. -func (b *ClusterImagePolicyApplyConfiguration) WithName(value string) *ClusterImagePolicyApplyConfiguration { - b.ensureObjectMetaApplyConfigurationExists() - b.ObjectMetaApplyConfiguration.Name = &value - return b -} - -// WithGenerateName sets the GenerateName field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the GenerateName field is set to the value of the last call. -func (b *ClusterImagePolicyApplyConfiguration) WithGenerateName(value string) *ClusterImagePolicyApplyConfiguration { - b.ensureObjectMetaApplyConfigurationExists() - b.ObjectMetaApplyConfiguration.GenerateName = &value - return b -} - -// WithNamespace sets the Namespace field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the Namespace field is set to the value of the last call. -func (b *ClusterImagePolicyApplyConfiguration) WithNamespace(value string) *ClusterImagePolicyApplyConfiguration { - b.ensureObjectMetaApplyConfigurationExists() - b.ObjectMetaApplyConfiguration.Namespace = &value - return b -} - -// WithUID sets the UID field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the UID field is set to the value of the last call. -func (b *ClusterImagePolicyApplyConfiguration) WithUID(value types.UID) *ClusterImagePolicyApplyConfiguration { - b.ensureObjectMetaApplyConfigurationExists() - b.ObjectMetaApplyConfiguration.UID = &value - return b -} - -// WithResourceVersion sets the ResourceVersion field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the ResourceVersion field is set to the value of the last call. -func (b *ClusterImagePolicyApplyConfiguration) WithResourceVersion(value string) *ClusterImagePolicyApplyConfiguration { - b.ensureObjectMetaApplyConfigurationExists() - b.ObjectMetaApplyConfiguration.ResourceVersion = &value - return b -} - -// WithGeneration sets the Generation field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the Generation field is set to the value of the last call. -func (b *ClusterImagePolicyApplyConfiguration) WithGeneration(value int64) *ClusterImagePolicyApplyConfiguration { - b.ensureObjectMetaApplyConfigurationExists() - b.ObjectMetaApplyConfiguration.Generation = &value - return b -} - -// WithCreationTimestamp sets the CreationTimestamp field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the CreationTimestamp field is set to the value of the last call. -func (b *ClusterImagePolicyApplyConfiguration) WithCreationTimestamp(value metav1.Time) *ClusterImagePolicyApplyConfiguration { - b.ensureObjectMetaApplyConfigurationExists() - b.ObjectMetaApplyConfiguration.CreationTimestamp = &value - return b -} - -// WithDeletionTimestamp sets the DeletionTimestamp field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the DeletionTimestamp field is set to the value of the last call. -func (b *ClusterImagePolicyApplyConfiguration) WithDeletionTimestamp(value metav1.Time) *ClusterImagePolicyApplyConfiguration { - b.ensureObjectMetaApplyConfigurationExists() - b.ObjectMetaApplyConfiguration.DeletionTimestamp = &value - return b -} - -// WithDeletionGracePeriodSeconds sets the DeletionGracePeriodSeconds field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the DeletionGracePeriodSeconds field is set to the value of the last call. -func (b *ClusterImagePolicyApplyConfiguration) WithDeletionGracePeriodSeconds(value int64) *ClusterImagePolicyApplyConfiguration { - b.ensureObjectMetaApplyConfigurationExists() - b.ObjectMetaApplyConfiguration.DeletionGracePeriodSeconds = &value - return b -} - -// WithLabels puts the entries into the Labels field in the declarative configuration -// and returns the receiver, so that objects can be build by chaining "With" function invocations. -// If called multiple times, the entries provided by each call will be put on the Labels field, -// overwriting an existing map entries in Labels field with the same key. -func (b *ClusterImagePolicyApplyConfiguration) WithLabels(entries map[string]string) *ClusterImagePolicyApplyConfiguration { - b.ensureObjectMetaApplyConfigurationExists() - if b.ObjectMetaApplyConfiguration.Labels == nil && len(entries) > 0 { - b.ObjectMetaApplyConfiguration.Labels = make(map[string]string, len(entries)) - } - for k, v := range entries { - b.ObjectMetaApplyConfiguration.Labels[k] = v - } - return b -} - -// WithAnnotations puts the entries into the Annotations field in the declarative configuration -// and returns the receiver, so that objects can be build by chaining "With" function invocations. -// If called multiple times, the entries provided by each call will be put on the Annotations field, -// overwriting an existing map entries in Annotations field with the same key. -func (b *ClusterImagePolicyApplyConfiguration) WithAnnotations(entries map[string]string) *ClusterImagePolicyApplyConfiguration { - b.ensureObjectMetaApplyConfigurationExists() - if b.ObjectMetaApplyConfiguration.Annotations == nil && len(entries) > 0 { - b.ObjectMetaApplyConfiguration.Annotations = make(map[string]string, len(entries)) - } - for k, v := range entries { - b.ObjectMetaApplyConfiguration.Annotations[k] = v - } - return b -} - -// WithOwnerReferences adds the given value to the OwnerReferences field in the declarative configuration -// and returns the receiver, so that objects can be build by chaining "With" function invocations. -// If called multiple times, values provided by each call will be appended to the OwnerReferences field. -func (b *ClusterImagePolicyApplyConfiguration) WithOwnerReferences(values ...*v1.OwnerReferenceApplyConfiguration) *ClusterImagePolicyApplyConfiguration { - b.ensureObjectMetaApplyConfigurationExists() - for i := range values { - if values[i] == nil { - panic("nil value passed to WithOwnerReferences") - } - b.ObjectMetaApplyConfiguration.OwnerReferences = append(b.ObjectMetaApplyConfiguration.OwnerReferences, *values[i]) - } - return b -} - -// WithFinalizers adds the given value to the Finalizers field in the declarative configuration -// and returns the receiver, so that objects can be build by chaining "With" function invocations. -// If called multiple times, values provided by each call will be appended to the Finalizers field. -func (b *ClusterImagePolicyApplyConfiguration) WithFinalizers(values ...string) *ClusterImagePolicyApplyConfiguration { - b.ensureObjectMetaApplyConfigurationExists() - for i := range values { - b.ObjectMetaApplyConfiguration.Finalizers = append(b.ObjectMetaApplyConfiguration.Finalizers, values[i]) - } - return b -} - -func (b *ClusterImagePolicyApplyConfiguration) ensureObjectMetaApplyConfigurationExists() { - if b.ObjectMetaApplyConfiguration == nil { - b.ObjectMetaApplyConfiguration = &v1.ObjectMetaApplyConfiguration{} - } -} - -// WithSpec sets the Spec field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the Spec field is set to the value of the last call. -func (b *ClusterImagePolicyApplyConfiguration) WithSpec(value *ClusterImagePolicySpecApplyConfiguration) *ClusterImagePolicyApplyConfiguration { - b.Spec = value - return b -} - -// WithStatus sets the Status field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the Status field is set to the value of the last call. -func (b *ClusterImagePolicyApplyConfiguration) WithStatus(value *ClusterImagePolicyStatusApplyConfiguration) *ClusterImagePolicyApplyConfiguration { - b.Status = value - return b -} - -// GetKind retrieves the value of the Kind field in the declarative configuration. -func (b *ClusterImagePolicyApplyConfiguration) GetKind() *string { - return b.TypeMetaApplyConfiguration.Kind -} - -// GetAPIVersion retrieves the value of the APIVersion field in the declarative configuration. -func (b *ClusterImagePolicyApplyConfiguration) GetAPIVersion() *string { - return b.TypeMetaApplyConfiguration.APIVersion -} - -// GetName retrieves the value of the Name field in the declarative configuration. -func (b *ClusterImagePolicyApplyConfiguration) GetName() *string { - b.ensureObjectMetaApplyConfigurationExists() - return b.ObjectMetaApplyConfiguration.Name -} - -// GetNamespace retrieves the value of the Namespace field in the declarative configuration. -func (b *ClusterImagePolicyApplyConfiguration) GetNamespace() *string { - b.ensureObjectMetaApplyConfigurationExists() - return b.ObjectMetaApplyConfiguration.Namespace -} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/clusterimagepolicyspec.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/clusterimagepolicyspec.go deleted file mode 100644 index 135aa592aa..0000000000 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/clusterimagepolicyspec.go +++ /dev/null @@ -1,53 +0,0 @@ -// Code generated by applyconfiguration-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - configv1alpha1 "github.com/openshift/api/config/v1alpha1" -) - -// ClusterImagePolicySpecApplyConfiguration represents a declarative configuration of the ClusterImagePolicySpec type for use -// with apply. -// -// CLusterImagePolicySpec is the specification of the ClusterImagePolicy custom resource. -type ClusterImagePolicySpecApplyConfiguration struct { - // scopes defines the list of image identities assigned to a policy. Each item refers to a scope in a registry implementing the "Docker Registry HTTP API V2". - // Scopes matching individual images are named Docker references in the fully expanded form, either using a tag or digest. For example, docker.io/library/busybox:latest (not busybox:latest). - // More general scopes are prefixes of individual-image scopes, and specify a repository (by omitting the tag or digest), a repository - // namespace, or a registry host (by only specifying the host name and possibly a port number) or a wildcard expression starting with `*.`, for matching all subdomains (not including a port number). - // Wildcards are only supported for subdomain matching, and may not be used in the middle of the host, i.e. *.example.com is a valid case, but example*.*.com is not. - // If multiple scopes match a given image, only the policy requirements for the most specific scope apply. The policy requirements for more general scopes are ignored. - // In addition to setting a policy appropriate for your own deployed applications, make sure that a policy on the OpenShift image repositories - // quay.io/openshift-release-dev/ocp-release, quay.io/openshift-release-dev/ocp-v4.0-art-dev (or on a more general scope) allows deployment of the OpenShift images required for cluster operation. - // If a scope is configured in both the ClusterImagePolicy and the ImagePolicy, or if the scope in ImagePolicy is nested under one of the scopes from the ClusterImagePolicy, only the policy from the ClusterImagePolicy will be applied. - // For additional details about the format, please refer to the document explaining the docker transport field, - // which can be found at: https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md#docker - Scopes []configv1alpha1.ImageScope `json:"scopes,omitempty"` - // policy contains configuration to allow scopes to be verified, and defines how - // images not matching the verification policy will be treated. - Policy *ImageSigstoreVerificationPolicyApplyConfiguration `json:"policy,omitempty"` -} - -// ClusterImagePolicySpecApplyConfiguration constructs a declarative configuration of the ClusterImagePolicySpec type for use with -// apply. -func ClusterImagePolicySpec() *ClusterImagePolicySpecApplyConfiguration { - return &ClusterImagePolicySpecApplyConfiguration{} -} - -// WithScopes adds the given value to the Scopes field in the declarative configuration -// and returns the receiver, so that objects can be build by chaining "With" function invocations. -// If called multiple times, values provided by each call will be appended to the Scopes field. -func (b *ClusterImagePolicySpecApplyConfiguration) WithScopes(values ...configv1alpha1.ImageScope) *ClusterImagePolicySpecApplyConfiguration { - for i := range values { - b.Scopes = append(b.Scopes, values[i]) - } - return b -} - -// WithPolicy sets the Policy field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the Policy field is set to the value of the last call. -func (b *ClusterImagePolicySpecApplyConfiguration) WithPolicy(value *ImageSigstoreVerificationPolicyApplyConfiguration) *ClusterImagePolicySpecApplyConfiguration { - b.Policy = value - return b -} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/clusterimagepolicystatus.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/clusterimagepolicystatus.go deleted file mode 100644 index e01b2cac34..0000000000 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/clusterimagepolicystatus.go +++ /dev/null @@ -1,33 +0,0 @@ -// Code generated by applyconfiguration-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - v1 "k8s.io/client-go/applyconfigurations/meta/v1" -) - -// ClusterImagePolicyStatusApplyConfiguration represents a declarative configuration of the ClusterImagePolicyStatus type for use -// with apply. -type ClusterImagePolicyStatusApplyConfiguration struct { - // conditions provide details on the status of this API Resource. - Conditions []v1.ConditionApplyConfiguration `json:"conditions,omitempty"` -} - -// ClusterImagePolicyStatusApplyConfiguration constructs a declarative configuration of the ClusterImagePolicyStatus type for use with -// apply. -func ClusterImagePolicyStatus() *ClusterImagePolicyStatusApplyConfiguration { - return &ClusterImagePolicyStatusApplyConfiguration{} -} - -// WithConditions adds the given value to the Conditions field in the declarative configuration -// and returns the receiver, so that objects can be build by chaining "With" function invocations. -// If called multiple times, values provided by each call will be appended to the Conditions field. -func (b *ClusterImagePolicyStatusApplyConfiguration) WithConditions(values ...*v1.ConditionApplyConfiguration) *ClusterImagePolicyStatusApplyConfiguration { - for i := range values { - if values[i] == nil { - panic("nil value passed to WithConditions") - } - b.Conditions = append(b.Conditions, *values[i]) - } - return b -} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/clustermonitoringspec.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/clustermonitoringspec.go index 53f29c3fdc..31943fe050 100644 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/clustermonitoringspec.go +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/clustermonitoringspec.go @@ -18,6 +18,18 @@ type ClusterMonitoringSpecApplyConfiguration struct { // When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. // The current default value is `DefaultConfig`. AlertmanagerConfig *AlertmanagerConfigApplyConfiguration `json:"alertmanagerConfig,omitempty"` + // prometheusConfig provides configuration options for the default platform Prometheus instance + // that runs in the `openshift-monitoring` namespace. This configuration applies only to the + // platform Prometheus instance; user-workload Prometheus instances are configured separately. + // + // This field allows you to customize how the platform Prometheus is deployed and operated, including: + // - Pod scheduling (node selectors, tolerations, topology spread constraints) + // - Resource allocation (CPU, memory requests/limits) + // - Retention policies (how long metrics are stored) + // - External integrations (remote write, additional alertmanagers) + // + // This field is optional. When omitted, the platform chooses reasonable defaults, which may change over time. + PrometheusConfig *PrometheusConfigApplyConfiguration `json:"prometheusConfig,omitempty"` // metricsServerConfig is an optional field that can be used to configure the Kubernetes Metrics Server that runs in the openshift-monitoring namespace. // Specifically, it can configure how the Metrics Server instance is deployed, pod scheduling, its audit policy and log verbosity. // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. @@ -33,6 +45,11 @@ type ClusterMonitoringSpecApplyConfiguration struct { // between API versions. // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. PrometheusOperatorAdmissionWebhookConfig *PrometheusOperatorAdmissionWebhookConfigApplyConfiguration `json:"prometheusOperatorAdmissionWebhookConfig,omitempty"` + // openShiftStateMetricsConfig is an optional field that can be used to configure the openshift-state-metrics + // agent that runs in the openshift-monitoring namespace. The openshift-state-metrics agent generates metrics + // about the state of OpenShift-specific Kubernetes objects, such as routes, builds, and deployments. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + OpenShiftStateMetricsConfig *OpenShiftStateMetricsConfigApplyConfiguration `json:"openShiftStateMetricsConfig,omitempty"` } // ClusterMonitoringSpecApplyConfiguration constructs a declarative configuration of the ClusterMonitoringSpec type for use with @@ -57,6 +74,14 @@ func (b *ClusterMonitoringSpecApplyConfiguration) WithAlertmanagerConfig(value * return b } +// WithPrometheusConfig sets the PrometheusConfig field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the PrometheusConfig field is set to the value of the last call. +func (b *ClusterMonitoringSpecApplyConfiguration) WithPrometheusConfig(value *PrometheusConfigApplyConfiguration) *ClusterMonitoringSpecApplyConfiguration { + b.PrometheusConfig = value + return b +} + // WithMetricsServerConfig sets the MetricsServerConfig field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the MetricsServerConfig field is set to the value of the last call. @@ -80,3 +105,11 @@ func (b *ClusterMonitoringSpecApplyConfiguration) WithPrometheusOperatorAdmissio b.PrometheusOperatorAdmissionWebhookConfig = value return b } + +// WithOpenShiftStateMetricsConfig sets the OpenShiftStateMetricsConfig field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the OpenShiftStateMetricsConfig field is set to the value of the last call. +func (b *ClusterMonitoringSpecApplyConfiguration) WithOpenShiftStateMetricsConfig(value *OpenShiftStateMetricsConfigApplyConfiguration) *ClusterMonitoringSpecApplyConfiguration { + b.OpenShiftStateMetricsConfig = value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/custompkipolicy.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/custompkipolicy.go new file mode 100644 index 0000000000..5f689804ef --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/custompkipolicy.go @@ -0,0 +1,51 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +// CustomPKIPolicyApplyConfiguration represents a declarative configuration of the CustomPKIPolicy type for use +// with apply. +// +// CustomPKIPolicy contains administrator-specified cryptographic configuration. +// Administrators must specify defaults for all certificates and may optionally +// override specific categories of certificates. +type CustomPKIPolicyApplyConfiguration struct { + PKIProfileApplyConfiguration `json:",inline"` +} + +// CustomPKIPolicyApplyConfiguration constructs a declarative configuration of the CustomPKIPolicy type for use with +// apply. +func CustomPKIPolicy() *CustomPKIPolicyApplyConfiguration { + return &CustomPKIPolicyApplyConfiguration{} +} + +// WithDefaults sets the Defaults field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Defaults field is set to the value of the last call. +func (b *CustomPKIPolicyApplyConfiguration) WithDefaults(value *DefaultCertificateConfigApplyConfiguration) *CustomPKIPolicyApplyConfiguration { + b.PKIProfileApplyConfiguration.Defaults = value + return b +} + +// WithSignerCertificates sets the SignerCertificates field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the SignerCertificates field is set to the value of the last call. +func (b *CustomPKIPolicyApplyConfiguration) WithSignerCertificates(value *CertificateConfigApplyConfiguration) *CustomPKIPolicyApplyConfiguration { + b.PKIProfileApplyConfiguration.SignerCertificates = value + return b +} + +// WithServingCertificates sets the ServingCertificates field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ServingCertificates field is set to the value of the last call. +func (b *CustomPKIPolicyApplyConfiguration) WithServingCertificates(value *CertificateConfigApplyConfiguration) *CustomPKIPolicyApplyConfiguration { + b.PKIProfileApplyConfiguration.ServingCertificates = value + return b +} + +// WithClientCertificates sets the ClientCertificates field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ClientCertificates field is set to the value of the last call. +func (b *CustomPKIPolicyApplyConfiguration) WithClientCertificates(value *CertificateConfigApplyConfiguration) *CustomPKIPolicyApplyConfiguration { + b.PKIProfileApplyConfiguration.ClientCertificates = value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/defaultcertificateconfig.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/defaultcertificateconfig.go new file mode 100644 index 0000000000..3ddd6fb6a7 --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/defaultcertificateconfig.go @@ -0,0 +1,30 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +// DefaultCertificateConfigApplyConfiguration represents a declarative configuration of the DefaultCertificateConfig type for use +// with apply. +// +// DefaultCertificateConfig specifies the default certificate configuration +// parameters. All fields are required to ensure that defaults are fully +// specified for all certificates. +type DefaultCertificateConfigApplyConfiguration struct { + // key specifies the cryptographic parameters for the certificate's key pair. + // This field is required in defaults to ensure all certificates have a + // well-defined key configuration. + Key *KeyConfigApplyConfiguration `json:"key,omitempty"` +} + +// DefaultCertificateConfigApplyConfiguration constructs a declarative configuration of the DefaultCertificateConfig type for use with +// apply. +func DefaultCertificateConfig() *DefaultCertificateConfigApplyConfiguration { + return &DefaultCertificateConfigApplyConfiguration{} +} + +// WithKey sets the Key field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Key field is set to the value of the last call. +func (b *DefaultCertificateConfigApplyConfiguration) WithKey(value *KeyConfigApplyConfiguration) *DefaultCertificateConfigApplyConfiguration { + b.Key = value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/dropequalactionconfig.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/dropequalactionconfig.go new file mode 100644 index 0000000000..1e0a8e0014 --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/dropequalactionconfig.go @@ -0,0 +1,29 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +// DropEqualActionConfigApplyConfiguration represents a declarative configuration of the DropEqualActionConfig type for use +// with apply. +// +// DropEqualActionConfig configures the DropEqual action. +// Drops targets for which the concatenated source_labels do match the value of target_label. +// Requires Prometheus >= v2.41.0. +type DropEqualActionConfigApplyConfiguration struct { + // targetLabel is the label name whose value is compared to the concatenated source_labels; targets that match are dropped. + // Must be between 1 and 128 characters in length. + TargetLabel *string `json:"targetLabel,omitempty"` +} + +// DropEqualActionConfigApplyConfiguration constructs a declarative configuration of the DropEqualActionConfig type for use with +// apply. +func DropEqualActionConfig() *DropEqualActionConfigApplyConfiguration { + return &DropEqualActionConfigApplyConfiguration{} +} + +// WithTargetLabel sets the TargetLabel field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the TargetLabel field is set to the value of the last call. +func (b *DropEqualActionConfigApplyConfiguration) WithTargetLabel(value string) *DropEqualActionConfigApplyConfiguration { + b.TargetLabel = &value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/ecdsakeyconfig.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/ecdsakeyconfig.go new file mode 100644 index 0000000000..96c579a3af --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/ecdsakeyconfig.go @@ -0,0 +1,40 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + configv1alpha1 "github.com/openshift/api/config/v1alpha1" +) + +// ECDSAKeyConfigApplyConfiguration represents a declarative configuration of the ECDSAKeyConfig type for use +// with apply. +// +// ECDSAKeyConfig specifies parameters for ECDSA key generation. +type ECDSAKeyConfigApplyConfiguration struct { + // curve specifies the NIST elliptic curve for ECDSA keys. + // Valid values are "P256", "P384", and "P521". + // + // When set to P256, the NIST P-256 curve (also known as secp256r1) is used, + // providing 128-bit security. + // + // When set to P384, the NIST P-384 curve (also known as secp384r1) is used, + // providing 192-bit security. + // + // When set to P521, the NIST P-521 curve (also known as secp521r1) is used, + // providing 256-bit security. + Curve *configv1alpha1.ECDSACurve `json:"curve,omitempty"` +} + +// ECDSAKeyConfigApplyConfiguration constructs a declarative configuration of the ECDSAKeyConfig type for use with +// apply. +func ECDSAKeyConfig() *ECDSAKeyConfigApplyConfiguration { + return &ECDSAKeyConfigApplyConfiguration{} +} + +// WithCurve sets the Curve field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Curve field is set to the value of the last call. +func (b *ECDSAKeyConfigApplyConfiguration) WithCurve(value configv1alpha1.ECDSACurve) *ECDSAKeyConfigApplyConfiguration { + b.Curve = &value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/hashmodactionconfig.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/hashmodactionconfig.go new file mode 100644 index 0000000000..453795b42b --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/hashmodactionconfig.go @@ -0,0 +1,40 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +// HashModActionConfigApplyConfiguration represents a declarative configuration of the HashModActionConfig type for use +// with apply. +// +// HashModActionConfig configures the HashMod action. +// target_label is set to the modulus of a hash of the concatenated source_labels (target = hash % modulus). +type HashModActionConfigApplyConfiguration struct { + // targetLabel is the label name where the hash modulus result is written. + // Must be between 1 and 128 characters in length. + TargetLabel *string `json:"targetLabel,omitempty"` + // modulus is the divisor applied to the hash of the concatenated source label values (target = hash % modulus). + // Required when using the HashMod action so the intended behavior is explicit. + // Must be between 1 and 1000000. + Modulus *int64 `json:"modulus,omitempty"` +} + +// HashModActionConfigApplyConfiguration constructs a declarative configuration of the HashModActionConfig type for use with +// apply. +func HashModActionConfig() *HashModActionConfigApplyConfiguration { + return &HashModActionConfigApplyConfiguration{} +} + +// WithTargetLabel sets the TargetLabel field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the TargetLabel field is set to the value of the last call. +func (b *HashModActionConfigApplyConfiguration) WithTargetLabel(value string) *HashModActionConfigApplyConfiguration { + b.TargetLabel = &value + return b +} + +// WithModulus sets the Modulus field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Modulus field is set to the value of the last call. +func (b *HashModActionConfigApplyConfiguration) WithModulus(value int64) *HashModActionConfigApplyConfiguration { + b.Modulus = &value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/imagepolicyfulciocawithrekorrootoftrust.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/imagepolicyfulciocawithrekorrootoftrust.go deleted file mode 100644 index c9299e5000..0000000000 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/imagepolicyfulciocawithrekorrootoftrust.go +++ /dev/null @@ -1,52 +0,0 @@ -// Code generated by applyconfiguration-gen. DO NOT EDIT. - -package v1alpha1 - -// ImagePolicyFulcioCAWithRekorRootOfTrustApplyConfiguration represents a declarative configuration of the ImagePolicyFulcioCAWithRekorRootOfTrust type for use -// with apply. -// -// ImagePolicyFulcioCAWithRekorRootOfTrust defines the root of trust based on the Fulcio certificate and the Rekor public key. -type ImagePolicyFulcioCAWithRekorRootOfTrustApplyConfiguration struct { - // fulcioCAData contains inline base64-encoded data for the PEM format fulcio CA. - // fulcioCAData must be at most 8192 characters. - FulcioCAData []byte `json:"fulcioCAData,omitempty"` - // rekorKeyData contains inline base64-encoded data for the PEM format from the Rekor public key. - // rekorKeyData must be at most 8192 characters. - RekorKeyData []byte `json:"rekorKeyData,omitempty"` - // fulcioSubject specifies OIDC issuer and the email of the Fulcio authentication configuration. - FulcioSubject *PolicyFulcioSubjectApplyConfiguration `json:"fulcioSubject,omitempty"` -} - -// ImagePolicyFulcioCAWithRekorRootOfTrustApplyConfiguration constructs a declarative configuration of the ImagePolicyFulcioCAWithRekorRootOfTrust type for use with -// apply. -func ImagePolicyFulcioCAWithRekorRootOfTrust() *ImagePolicyFulcioCAWithRekorRootOfTrustApplyConfiguration { - return &ImagePolicyFulcioCAWithRekorRootOfTrustApplyConfiguration{} -} - -// WithFulcioCAData adds the given value to the FulcioCAData field in the declarative configuration -// and returns the receiver, so that objects can be build by chaining "With" function invocations. -// If called multiple times, values provided by each call will be appended to the FulcioCAData field. -func (b *ImagePolicyFulcioCAWithRekorRootOfTrustApplyConfiguration) WithFulcioCAData(values ...byte) *ImagePolicyFulcioCAWithRekorRootOfTrustApplyConfiguration { - for i := range values { - b.FulcioCAData = append(b.FulcioCAData, values[i]) - } - return b -} - -// WithRekorKeyData adds the given value to the RekorKeyData field in the declarative configuration -// and returns the receiver, so that objects can be build by chaining "With" function invocations. -// If called multiple times, values provided by each call will be appended to the RekorKeyData field. -func (b *ImagePolicyFulcioCAWithRekorRootOfTrustApplyConfiguration) WithRekorKeyData(values ...byte) *ImagePolicyFulcioCAWithRekorRootOfTrustApplyConfiguration { - for i := range values { - b.RekorKeyData = append(b.RekorKeyData, values[i]) - } - return b -} - -// WithFulcioSubject sets the FulcioSubject field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the FulcioSubject field is set to the value of the last call. -func (b *ImagePolicyFulcioCAWithRekorRootOfTrustApplyConfiguration) WithFulcioSubject(value *PolicyFulcioSubjectApplyConfiguration) *ImagePolicyFulcioCAWithRekorRootOfTrustApplyConfiguration { - b.FulcioSubject = value - return b -} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/imagepolicypkirootoftrust.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/imagepolicypkirootoftrust.go deleted file mode 100644 index 42c3c0aa7c..0000000000 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/imagepolicypkirootoftrust.go +++ /dev/null @@ -1,51 +0,0 @@ -// Code generated by applyconfiguration-gen. DO NOT EDIT. - -package v1alpha1 - -// ImagePolicyPKIRootOfTrustApplyConfiguration represents a declarative configuration of the ImagePolicyPKIRootOfTrust type for use -// with apply. -// -// ImagePolicyPKIRootOfTrust defines the root of trust based on Root CA(s) and corresponding intermediate certificates. -type ImagePolicyPKIRootOfTrustApplyConfiguration struct { - // caRootsData contains base64-encoded data of a certificate bundle PEM file, which contains one or more CA roots in the PEM format. The total length of the data must not exceed 8192 characters. - CertificateAuthorityRootsData []byte `json:"caRootsData,omitempty"` - // caIntermediatesData contains base64-encoded data of a certificate bundle PEM file, which contains one or more intermediate certificates in the PEM format. The total length of the data must not exceed 8192 characters. - // caIntermediatesData requires caRootsData to be set. - CertificateAuthorityIntermediatesData []byte `json:"caIntermediatesData,omitempty"` - // pkiCertificateSubject defines the requirements imposed on the subject to which the certificate was issued. - PKICertificateSubject *PKICertificateSubjectApplyConfiguration `json:"pkiCertificateSubject,omitempty"` -} - -// ImagePolicyPKIRootOfTrustApplyConfiguration constructs a declarative configuration of the ImagePolicyPKIRootOfTrust type for use with -// apply. -func ImagePolicyPKIRootOfTrust() *ImagePolicyPKIRootOfTrustApplyConfiguration { - return &ImagePolicyPKIRootOfTrustApplyConfiguration{} -} - -// WithCertificateAuthorityRootsData adds the given value to the CertificateAuthorityRootsData field in the declarative configuration -// and returns the receiver, so that objects can be build by chaining "With" function invocations. -// If called multiple times, values provided by each call will be appended to the CertificateAuthorityRootsData field. -func (b *ImagePolicyPKIRootOfTrustApplyConfiguration) WithCertificateAuthorityRootsData(values ...byte) *ImagePolicyPKIRootOfTrustApplyConfiguration { - for i := range values { - b.CertificateAuthorityRootsData = append(b.CertificateAuthorityRootsData, values[i]) - } - return b -} - -// WithCertificateAuthorityIntermediatesData adds the given value to the CertificateAuthorityIntermediatesData field in the declarative configuration -// and returns the receiver, so that objects can be build by chaining "With" function invocations. -// If called multiple times, values provided by each call will be appended to the CertificateAuthorityIntermediatesData field. -func (b *ImagePolicyPKIRootOfTrustApplyConfiguration) WithCertificateAuthorityIntermediatesData(values ...byte) *ImagePolicyPKIRootOfTrustApplyConfiguration { - for i := range values { - b.CertificateAuthorityIntermediatesData = append(b.CertificateAuthorityIntermediatesData, values[i]) - } - return b -} - -// WithPKICertificateSubject sets the PKICertificateSubject field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the PKICertificateSubject field is set to the value of the last call. -func (b *ImagePolicyPKIRootOfTrustApplyConfiguration) WithPKICertificateSubject(value *PKICertificateSubjectApplyConfiguration) *ImagePolicyPKIRootOfTrustApplyConfiguration { - b.PKICertificateSubject = value - return b -} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/imagepolicypublickeyrootoftrust.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/imagepolicypublickeyrootoftrust.go deleted file mode 100644 index 317b1be6ad..0000000000 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/imagepolicypublickeyrootoftrust.go +++ /dev/null @@ -1,42 +0,0 @@ -// Code generated by applyconfiguration-gen. DO NOT EDIT. - -package v1alpha1 - -// ImagePolicyPublicKeyRootOfTrustApplyConfiguration represents a declarative configuration of the ImagePolicyPublicKeyRootOfTrust type for use -// with apply. -// -// ImagePolicyPublicKeyRootOfTrust defines the root of trust based on a sigstore public key. -type ImagePolicyPublicKeyRootOfTrustApplyConfiguration struct { - // keyData contains inline base64-encoded data for the PEM format public key. - // KeyData must be at most 8192 characters. - KeyData []byte `json:"keyData,omitempty"` - // rekorKeyData contains inline base64-encoded data for the PEM format from the Rekor public key. - // rekorKeyData must be at most 8192 characters. - RekorKeyData []byte `json:"rekorKeyData,omitempty"` -} - -// ImagePolicyPublicKeyRootOfTrustApplyConfiguration constructs a declarative configuration of the ImagePolicyPublicKeyRootOfTrust type for use with -// apply. -func ImagePolicyPublicKeyRootOfTrust() *ImagePolicyPublicKeyRootOfTrustApplyConfiguration { - return &ImagePolicyPublicKeyRootOfTrustApplyConfiguration{} -} - -// WithKeyData adds the given value to the KeyData field in the declarative configuration -// and returns the receiver, so that objects can be build by chaining "With" function invocations. -// If called multiple times, values provided by each call will be appended to the KeyData field. -func (b *ImagePolicyPublicKeyRootOfTrustApplyConfiguration) WithKeyData(values ...byte) *ImagePolicyPublicKeyRootOfTrustApplyConfiguration { - for i := range values { - b.KeyData = append(b.KeyData, values[i]) - } - return b -} - -// WithRekorKeyData adds the given value to the RekorKeyData field in the declarative configuration -// and returns the receiver, so that objects can be build by chaining "With" function invocations. -// If called multiple times, values provided by each call will be appended to the RekorKeyData field. -func (b *ImagePolicyPublicKeyRootOfTrustApplyConfiguration) WithRekorKeyData(values ...byte) *ImagePolicyPublicKeyRootOfTrustApplyConfiguration { - for i := range values { - b.RekorKeyData = append(b.RekorKeyData, values[i]) - } - return b -} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/imagepolicyspec.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/imagepolicyspec.go deleted file mode 100644 index 0d8cbf64b7..0000000000 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/imagepolicyspec.go +++ /dev/null @@ -1,53 +0,0 @@ -// Code generated by applyconfiguration-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - configv1alpha1 "github.com/openshift/api/config/v1alpha1" -) - -// ImagePolicySpecApplyConfiguration represents a declarative configuration of the ImagePolicySpec type for use -// with apply. -// -// ImagePolicySpec is the specification of the ImagePolicy CRD. -type ImagePolicySpecApplyConfiguration struct { - // scopes defines the list of image identities assigned to a policy. Each item refers to a scope in a registry implementing the "Docker Registry HTTP API V2". - // Scopes matching individual images are named Docker references in the fully expanded form, either using a tag or digest. For example, docker.io/library/busybox:latest (not busybox:latest). - // More general scopes are prefixes of individual-image scopes, and specify a repository (by omitting the tag or digest), a repository - // namespace, or a registry host (by only specifying the host name and possibly a port number) or a wildcard expression starting with `*.`, for matching all subdomains (not including a port number). - // Wildcards are only supported for subdomain matching, and may not be used in the middle of the host, i.e. *.example.com is a valid case, but example*.*.com is not. - // If multiple scopes match a given image, only the policy requirements for the most specific scope apply. The policy requirements for more general scopes are ignored. - // In addition to setting a policy appropriate for your own deployed applications, make sure that a policy on the OpenShift image repositories - // quay.io/openshift-release-dev/ocp-release, quay.io/openshift-release-dev/ocp-v4.0-art-dev (or on a more general scope) allows deployment of the OpenShift images required for cluster operation. - // If a scope is configured in both the ClusterImagePolicy and the ImagePolicy, or if the scope in ImagePolicy is nested under one of the scopes from the ClusterImagePolicy, only the policy from the ClusterImagePolicy will be applied. - // For additional details about the format, please refer to the document explaining the docker transport field, - // which can be found at: https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md#docker - Scopes []configv1alpha1.ImageScope `json:"scopes,omitempty"` - // policy contains configuration to allow scopes to be verified, and defines how - // images not matching the verification policy will be treated. - Policy *ImageSigstoreVerificationPolicyApplyConfiguration `json:"policy,omitempty"` -} - -// ImagePolicySpecApplyConfiguration constructs a declarative configuration of the ImagePolicySpec type for use with -// apply. -func ImagePolicySpec() *ImagePolicySpecApplyConfiguration { - return &ImagePolicySpecApplyConfiguration{} -} - -// WithScopes adds the given value to the Scopes field in the declarative configuration -// and returns the receiver, so that objects can be build by chaining "With" function invocations. -// If called multiple times, values provided by each call will be appended to the Scopes field. -func (b *ImagePolicySpecApplyConfiguration) WithScopes(values ...configv1alpha1.ImageScope) *ImagePolicySpecApplyConfiguration { - for i := range values { - b.Scopes = append(b.Scopes, values[i]) - } - return b -} - -// WithPolicy sets the Policy field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the Policy field is set to the value of the last call. -func (b *ImagePolicySpecApplyConfiguration) WithPolicy(value *ImageSigstoreVerificationPolicyApplyConfiguration) *ImagePolicySpecApplyConfiguration { - b.Policy = value - return b -} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/imagepolicystatus.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/imagepolicystatus.go deleted file mode 100644 index 59fc118561..0000000000 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/imagepolicystatus.go +++ /dev/null @@ -1,33 +0,0 @@ -// Code generated by applyconfiguration-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - v1 "k8s.io/client-go/applyconfigurations/meta/v1" -) - -// ImagePolicyStatusApplyConfiguration represents a declarative configuration of the ImagePolicyStatus type for use -// with apply. -type ImagePolicyStatusApplyConfiguration struct { - // conditions provide details on the status of this API Resource. - Conditions []v1.ConditionApplyConfiguration `json:"conditions,omitempty"` -} - -// ImagePolicyStatusApplyConfiguration constructs a declarative configuration of the ImagePolicyStatus type for use with -// apply. -func ImagePolicyStatus() *ImagePolicyStatusApplyConfiguration { - return &ImagePolicyStatusApplyConfiguration{} -} - -// WithConditions adds the given value to the Conditions field in the declarative configuration -// and returns the receiver, so that objects can be build by chaining "With" function invocations. -// If called multiple times, values provided by each call will be appended to the Conditions field. -func (b *ImagePolicyStatusApplyConfiguration) WithConditions(values ...*v1.ConditionApplyConfiguration) *ImagePolicyStatusApplyConfiguration { - for i := range values { - if values[i] == nil { - panic("nil value passed to WithConditions") - } - b.Conditions = append(b.Conditions, *values[i]) - } - return b -} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/imagesigstoreverificationpolicy.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/imagesigstoreverificationpolicy.go deleted file mode 100644 index 3fa4e27478..0000000000 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/imagesigstoreverificationpolicy.go +++ /dev/null @@ -1,36 +0,0 @@ -// Code generated by applyconfiguration-gen. DO NOT EDIT. - -package v1alpha1 - -// ImageSigstoreVerificationPolicyApplyConfiguration represents a declarative configuration of the ImageSigstoreVerificationPolicy type for use -// with apply. -// -// ImageSigstoreVerificationPolicy defines the verification policy for the items in the scopes list. -type ImageSigstoreVerificationPolicyApplyConfiguration struct { - // rootOfTrust specifies the root of trust for the policy. - RootOfTrust *PolicyRootOfTrustApplyConfiguration `json:"rootOfTrust,omitempty"` - // signedIdentity specifies what image identity the signature claims about the image. The required matchPolicy field specifies the approach used in the verification process to verify the identity in the signature and the actual image identity, the default matchPolicy is "MatchRepoDigestOrExact". - SignedIdentity *PolicyIdentityApplyConfiguration `json:"signedIdentity,omitempty"` -} - -// ImageSigstoreVerificationPolicyApplyConfiguration constructs a declarative configuration of the ImageSigstoreVerificationPolicy type for use with -// apply. -func ImageSigstoreVerificationPolicy() *ImageSigstoreVerificationPolicyApplyConfiguration { - return &ImageSigstoreVerificationPolicyApplyConfiguration{} -} - -// WithRootOfTrust sets the RootOfTrust field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the RootOfTrust field is set to the value of the last call. -func (b *ImageSigstoreVerificationPolicyApplyConfiguration) WithRootOfTrust(value *PolicyRootOfTrustApplyConfiguration) *ImageSigstoreVerificationPolicyApplyConfiguration { - b.RootOfTrust = value - return b -} - -// WithSignedIdentity sets the SignedIdentity field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the SignedIdentity field is set to the value of the last call. -func (b *ImageSigstoreVerificationPolicyApplyConfiguration) WithSignedIdentity(value *PolicyIdentityApplyConfiguration) *ImageSigstoreVerificationPolicyApplyConfiguration { - b.SignedIdentity = value - return b -} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/keepequalactionconfig.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/keepequalactionconfig.go new file mode 100644 index 0000000000..a560a662a8 --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/keepequalactionconfig.go @@ -0,0 +1,29 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +// KeepEqualActionConfigApplyConfiguration represents a declarative configuration of the KeepEqualActionConfig type for use +// with apply. +// +// KeepEqualActionConfig configures the KeepEqual action. +// Drops targets for which the concatenated source_labels do not match the value of target_label. +// Requires Prometheus >= v2.41.0. +type KeepEqualActionConfigApplyConfiguration struct { + // targetLabel is the label name whose value is compared to the concatenated source_labels; targets that do not match are dropped. + // Must be between 1 and 128 characters in length. + TargetLabel *string `json:"targetLabel,omitempty"` +} + +// KeepEqualActionConfigApplyConfiguration constructs a declarative configuration of the KeepEqualActionConfig type for use with +// apply. +func KeepEqualActionConfig() *KeepEqualActionConfigApplyConfiguration { + return &KeepEqualActionConfigApplyConfiguration{} +} + +// WithTargetLabel sets the TargetLabel field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the TargetLabel field is set to the value of the last call. +func (b *KeepEqualActionConfigApplyConfiguration) WithTargetLabel(value string) *KeepEqualActionConfigApplyConfiguration { + b.TargetLabel = &value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/keyconfig.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/keyconfig.go new file mode 100644 index 0000000000..340d395cec --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/keyconfig.go @@ -0,0 +1,59 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + configv1alpha1 "github.com/openshift/api/config/v1alpha1" +) + +// KeyConfigApplyConfiguration represents a declarative configuration of the KeyConfig type for use +// with apply. +// +// KeyConfig specifies cryptographic parameters for key generation. +type KeyConfigApplyConfiguration struct { + // algorithm specifies the key generation algorithm. + // Valid values are "RSA" and "ECDSA". + // + // When set to RSA, the rsa field must be specified and the generated key + // will be an RSA key with the configured key size. + // + // When set to ECDSA, the ecdsa field must be specified and the generated key + // will be an ECDSA key using the configured elliptic curve. + Algorithm *configv1alpha1.KeyAlgorithm `json:"algorithm,omitempty"` + // rsa specifies RSA key parameters. + // Required when algorithm is RSA, and forbidden otherwise. + RSA *RSAKeyConfigApplyConfiguration `json:"rsa,omitempty"` + // ecdsa specifies ECDSA key parameters. + // Required when algorithm is ECDSA, and forbidden otherwise. + ECDSA *ECDSAKeyConfigApplyConfiguration `json:"ecdsa,omitempty"` +} + +// KeyConfigApplyConfiguration constructs a declarative configuration of the KeyConfig type for use with +// apply. +func KeyConfig() *KeyConfigApplyConfiguration { + return &KeyConfigApplyConfiguration{} +} + +// WithAlgorithm sets the Algorithm field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Algorithm field is set to the value of the last call. +func (b *KeyConfigApplyConfiguration) WithAlgorithm(value configv1alpha1.KeyAlgorithm) *KeyConfigApplyConfiguration { + b.Algorithm = &value + return b +} + +// WithRSA sets the RSA field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the RSA field is set to the value of the last call. +func (b *KeyConfigApplyConfiguration) WithRSA(value *RSAKeyConfigApplyConfiguration) *KeyConfigApplyConfiguration { + b.RSA = value + return b +} + +// WithECDSA sets the ECDSA field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ECDSA field is set to the value of the last call. +func (b *KeyConfigApplyConfiguration) WithECDSA(value *ECDSAKeyConfigApplyConfiguration) *KeyConfigApplyConfiguration { + b.ECDSA = value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/label.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/label.go new file mode 100644 index 0000000000..d1710cc9ab --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/label.go @@ -0,0 +1,39 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +// LabelApplyConfiguration represents a declarative configuration of the Label type for use +// with apply. +// +// Label represents a key/value pair for external labels. +type LabelApplyConfiguration struct { + // key is the name of the label. + // Prometheus supports UTF-8 label names, so any valid UTF-8 string is allowed. + // Must be between 1 and 128 characters in length. + Key *string `json:"key,omitempty"` + // value is the value of the label. + // Must be between 1 and 128 characters in length. + Value *string `json:"value,omitempty"` +} + +// LabelApplyConfiguration constructs a declarative configuration of the Label type for use with +// apply. +func Label() *LabelApplyConfiguration { + return &LabelApplyConfiguration{} +} + +// WithKey sets the Key field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Key field is set to the value of the last call. +func (b *LabelApplyConfiguration) WithKey(value string) *LabelApplyConfiguration { + b.Key = &value + return b +} + +// WithValue sets the Value field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Value field is set to the value of the last call. +func (b *LabelApplyConfiguration) WithValue(value string) *LabelApplyConfiguration { + b.Value = &value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/labelmapactionconfig.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/labelmapactionconfig.go new file mode 100644 index 0000000000..a16bd78779 --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/labelmapactionconfig.go @@ -0,0 +1,30 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +// LabelMapActionConfigApplyConfiguration represents a declarative configuration of the LabelMapActionConfig type for use +// with apply. +// +// LabelMapActionConfig configures the LabelMap action. +// Regex is matched against all source label names (not just source_labels). Matching label values are copied to new label names given by replacement, with match group references (${1}, ${2}, ...) substituted. +type LabelMapActionConfigApplyConfiguration struct { + // replacement is the template for new label names; match group references (${1}, ${2}, ...) are substituted from the matched label name. + // Required when using the LabelMap action so the intended behavior is explicit and the platform does not need to apply defaults. + // Use "$1" for the first capture group, "$2" for the second, etc. + // Must be between 1 and 255 characters in length. Empty string is invalid as it would produce invalid label names. + Replacement *string `json:"replacement,omitempty"` +} + +// LabelMapActionConfigApplyConfiguration constructs a declarative configuration of the LabelMapActionConfig type for use with +// apply. +func LabelMapActionConfig() *LabelMapActionConfigApplyConfiguration { + return &LabelMapActionConfigApplyConfiguration{} +} + +// WithReplacement sets the Replacement field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Replacement field is set to the value of the last call. +func (b *LabelMapActionConfigApplyConfiguration) WithReplacement(value string) *LabelMapActionConfigApplyConfiguration { + b.Replacement = &value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/lowercaseactionconfig.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/lowercaseactionconfig.go new file mode 100644 index 0000000000..17fa48139a --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/lowercaseactionconfig.go @@ -0,0 +1,29 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +// LowercaseActionConfigApplyConfiguration represents a declarative configuration of the LowercaseActionConfig type for use +// with apply. +// +// LowercaseActionConfig configures the Lowercase action. +// Maps the concatenated source_labels to their lower case and writes to target_label. +// Requires Prometheus >= v2.36.0. +type LowercaseActionConfigApplyConfiguration struct { + // targetLabel is the label name where the lower-cased value is written. + // Must be between 1 and 128 characters in length. + TargetLabel *string `json:"targetLabel,omitempty"` +} + +// LowercaseActionConfigApplyConfiguration constructs a declarative configuration of the LowercaseActionConfig type for use with +// apply. +func LowercaseActionConfig() *LowercaseActionConfigApplyConfiguration { + return &LowercaseActionConfigApplyConfiguration{} +} + +// WithTargetLabel sets the TargetLabel field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the TargetLabel field is set to the value of the last call. +func (b *LowercaseActionConfigApplyConfiguration) WithTargetLabel(value string) *LowercaseActionConfigApplyConfiguration { + b.TargetLabel = &value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/metadataconfig.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/metadataconfig.go new file mode 100644 index 0000000000..f8e1627816 --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/metadataconfig.go @@ -0,0 +1,42 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + configv1alpha1 "github.com/openshift/api/config/v1alpha1" +) + +// MetadataConfigApplyConfiguration represents a declarative configuration of the MetadataConfig type for use +// with apply. +// +// MetadataConfig defines whether and how to send series metadata to remote write storage. +type MetadataConfigApplyConfiguration struct { + // sendPolicy specifies whether to send metadata and how it is configured. + // Default: send metadata using platform-chosen defaults (e.g. send interval 30 seconds). + // Custom: send metadata using the settings in the custom field. + SendPolicy *configv1alpha1.MetadataConfigSendPolicy `json:"sendPolicy,omitempty"` + // custom defines custom metadata send settings. Required when sendPolicy is Custom (must have at least one property), and forbidden when sendPolicy is Default. + Custom *MetadataConfigCustomApplyConfiguration `json:"custom,omitempty"` +} + +// MetadataConfigApplyConfiguration constructs a declarative configuration of the MetadataConfig type for use with +// apply. +func MetadataConfig() *MetadataConfigApplyConfiguration { + return &MetadataConfigApplyConfiguration{} +} + +// WithSendPolicy sets the SendPolicy field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the SendPolicy field is set to the value of the last call. +func (b *MetadataConfigApplyConfiguration) WithSendPolicy(value configv1alpha1.MetadataConfigSendPolicy) *MetadataConfigApplyConfiguration { + b.SendPolicy = &value + return b +} + +// WithCustom sets the Custom field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Custom field is set to the value of the last call. +func (b *MetadataConfigApplyConfiguration) WithCustom(value *MetadataConfigCustomApplyConfiguration) *MetadataConfigApplyConfiguration { + b.Custom = value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/metadataconfigcustom.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/metadataconfigcustom.go new file mode 100644 index 0000000000..3f5e050697 --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/metadataconfigcustom.go @@ -0,0 +1,29 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +// MetadataConfigCustomApplyConfiguration represents a declarative configuration of the MetadataConfigCustom type for use +// with apply. +// +// MetadataConfigCustom defines custom settings for sending series metadata when sendPolicy is Custom. +// At least one property must be set when sendPolicy is Custom (e.g. sendIntervalSeconds). +type MetadataConfigCustomApplyConfiguration struct { + // sendIntervalSeconds is the interval in seconds at which metadata is sent. + // When omitted, the platform chooses a reasonable default (e.g. 30 seconds). + // Minimum value is 1 second. Maximum value is 86400 seconds (24 hours). + SendIntervalSeconds *int32 `json:"sendIntervalSeconds,omitempty"` +} + +// MetadataConfigCustomApplyConfiguration constructs a declarative configuration of the MetadataConfigCustom type for use with +// apply. +func MetadataConfigCustom() *MetadataConfigCustomApplyConfiguration { + return &MetadataConfigCustomApplyConfiguration{} +} + +// WithSendIntervalSeconds sets the SendIntervalSeconds field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the SendIntervalSeconds field is set to the value of the last call. +func (b *MetadataConfigCustomApplyConfiguration) WithSendIntervalSeconds(value int32) *MetadataConfigCustomApplyConfiguration { + b.SendIntervalSeconds = &value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/oauth2.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/oauth2.go new file mode 100644 index 0000000000..d58cc3e513 --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/oauth2.go @@ -0,0 +1,82 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +// OAuth2ApplyConfiguration represents a declarative configuration of the OAuth2 type for use +// with apply. +// +// OAuth2 defines OAuth2 authentication settings for the remote write endpoint. +type OAuth2ApplyConfiguration struct { + // clientId defines the secret reference containing the OAuth2 client ID. + // The secret must exist in the openshift-monitoring namespace. + ClientID *SecretKeySelectorApplyConfiguration `json:"clientId,omitempty"` + // clientSecret defines the secret reference containing the OAuth2 client secret. + // The secret must exist in the openshift-monitoring namespace. + ClientSecret *SecretKeySelectorApplyConfiguration `json:"clientSecret,omitempty"` + // tokenUrl is the URL to fetch the token from. + // Must be a valid URL with http or https scheme. + // Must be between 1 and 2048 characters in length. + TokenURL *string `json:"tokenUrl,omitempty"` + // scopes is a list of OAuth2 scopes to request. + // When omitted, no scopes are requested. + // Maximum of 20 scopes can be specified. + // Each scope must be between 1 and 256 characters. + Scopes []string `json:"scopes,omitempty"` + // endpointParams defines additional parameters to append to the token URL. + // When omitted, no additional parameters are sent. + // Maximum of 20 parameters can be specified. Entries must have unique names (name is the list key). + EndpointParams []OAuth2EndpointParamApplyConfiguration `json:"endpointParams,omitempty"` +} + +// OAuth2ApplyConfiguration constructs a declarative configuration of the OAuth2 type for use with +// apply. +func OAuth2() *OAuth2ApplyConfiguration { + return &OAuth2ApplyConfiguration{} +} + +// WithClientID sets the ClientID field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ClientID field is set to the value of the last call. +func (b *OAuth2ApplyConfiguration) WithClientID(value *SecretKeySelectorApplyConfiguration) *OAuth2ApplyConfiguration { + b.ClientID = value + return b +} + +// WithClientSecret sets the ClientSecret field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ClientSecret field is set to the value of the last call. +func (b *OAuth2ApplyConfiguration) WithClientSecret(value *SecretKeySelectorApplyConfiguration) *OAuth2ApplyConfiguration { + b.ClientSecret = value + return b +} + +// WithTokenURL sets the TokenURL field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the TokenURL field is set to the value of the last call. +func (b *OAuth2ApplyConfiguration) WithTokenURL(value string) *OAuth2ApplyConfiguration { + b.TokenURL = &value + return b +} + +// WithScopes adds the given value to the Scopes field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Scopes field. +func (b *OAuth2ApplyConfiguration) WithScopes(values ...string) *OAuth2ApplyConfiguration { + for i := range values { + b.Scopes = append(b.Scopes, values[i]) + } + return b +} + +// WithEndpointParams adds the given value to the EndpointParams field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the EndpointParams field. +func (b *OAuth2ApplyConfiguration) WithEndpointParams(values ...*OAuth2EndpointParamApplyConfiguration) *OAuth2ApplyConfiguration { + for i := range values { + if values[i] == nil { + panic("nil value passed to WithEndpointParams") + } + b.EndpointParams = append(b.EndpointParams, *values[i]) + } + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/oauth2endpointparam.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/oauth2endpointparam.go new file mode 100644 index 0000000000..8372d30f8c --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/oauth2endpointparam.go @@ -0,0 +1,39 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +// OAuth2EndpointParamApplyConfiguration represents a declarative configuration of the OAuth2EndpointParam type for use +// with apply. +// +// OAuth2EndpointParam defines a name/value parameter for the OAuth2 token URL. +type OAuth2EndpointParamApplyConfiguration struct { + // name is the parameter name. Must be between 1 and 256 characters. + Name *string `json:"name,omitempty"` + // value is the optional parameter value. When omitted, the query parameter is applied as ?name (no value). + // When set (including to the empty string), it is applied as ?name=value. Empty string may be used when the + // external system expects a parameter with an empty value (e.g. ?parameter=""). + // Must be between 0 and 2048 characters when present (aligned with common URL length recommendations). + Value *string `json:"value,omitempty"` +} + +// OAuth2EndpointParamApplyConfiguration constructs a declarative configuration of the OAuth2EndpointParam type for use with +// apply. +func OAuth2EndpointParam() *OAuth2EndpointParamApplyConfiguration { + return &OAuth2EndpointParamApplyConfiguration{} +} + +// WithName sets the Name field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Name field is set to the value of the last call. +func (b *OAuth2EndpointParamApplyConfiguration) WithName(value string) *OAuth2EndpointParamApplyConfiguration { + b.Name = &value + return b +} + +// WithValue sets the Value field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Value field is set to the value of the last call. +func (b *OAuth2EndpointParamApplyConfiguration) WithValue(value string) *OAuth2EndpointParamApplyConfiguration { + b.Value = &value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/openshiftstatemetricsconfig.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/openshiftstatemetricsconfig.go new file mode 100644 index 0000000000..045ef78730 --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/openshiftstatemetricsconfig.go @@ -0,0 +1,117 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + v1 "k8s.io/api/core/v1" +) + +// OpenShiftStateMetricsConfigApplyConfiguration represents a declarative configuration of the OpenShiftStateMetricsConfig type for use +// with apply. +// +// OpenShiftStateMetricsConfig provides configuration options for the openshift-state-metrics agent +// that runs in the `openshift-monitoring` namespace. The openshift-state-metrics agent generates +// metrics about the state of OpenShift-specific Kubernetes objects, such as routes, builds, and deployments. +type OpenShiftStateMetricsConfigApplyConfiguration struct { + // nodeSelector defines the nodes on which the Pods are scheduled. + // nodeSelector is optional. + // + // When omitted, this means the user has no opinion and the platform is left + // to choose reasonable defaults. These defaults are subject to change over time. + // The current default value is `kubernetes.io/os: linux`. + // When specified, nodeSelector must contain at least 1 entry and must not contain more than 10 entries. + NodeSelector map[string]string `json:"nodeSelector,omitempty"` + // resources defines the compute resource requests and limits for the openshift-state-metrics container. + // This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. + // When not specified, defaults are used by the platform. Requests cannot exceed limits. + // This field is optional. + // More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + // This is a simplified API that maps to Kubernetes ResourceRequirements. + // The current default values are: + // resources: + // - name: cpu + // request: 1m + // limit: null + // - name: memory + // request: 32Mi + // limit: null + // Maximum length for this list is 10. + // Minimum length for this list is 1. + // Each resource name must be unique within this list. + Resources []ContainerResourceApplyConfiguration `json:"resources,omitempty"` + // tolerations defines tolerations for the pods. + // tolerations is optional. + // + // When omitted, this means the user has no opinion and the platform is left + // to choose reasonable defaults. These defaults are subject to change over time. + // Defaults are empty/unset. + // Maximum length for this list is 10. + // Minimum length for this list is 1. + Tolerations []v1.Toleration `json:"tolerations,omitempty"` + // topologySpreadConstraints defines rules for how openshift-state-metrics Pods should be distributed + // across topology domains such as zones, nodes, or other user-defined labels. + // topologySpreadConstraints is optional. + // This helps improve high availability and resource efficiency by avoiding placing + // too many replicas in the same failure domain. + // + // When omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. + // This field maps directly to the `topologySpreadConstraints` field in the Pod spec. + // Default is empty list. + // Maximum length for this list is 10. + // Minimum length for this list is 1. + // Entries must have unique topologyKey and whenUnsatisfiable pairs. + TopologySpreadConstraints []v1.TopologySpreadConstraint `json:"topologySpreadConstraints,omitempty"` +} + +// OpenShiftStateMetricsConfigApplyConfiguration constructs a declarative configuration of the OpenShiftStateMetricsConfig type for use with +// apply. +func OpenShiftStateMetricsConfig() *OpenShiftStateMetricsConfigApplyConfiguration { + return &OpenShiftStateMetricsConfigApplyConfiguration{} +} + +// WithNodeSelector puts the entries into the NodeSelector field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, the entries provided by each call will be put on the NodeSelector field, +// overwriting an existing map entries in NodeSelector field with the same key. +func (b *OpenShiftStateMetricsConfigApplyConfiguration) WithNodeSelector(entries map[string]string) *OpenShiftStateMetricsConfigApplyConfiguration { + if b.NodeSelector == nil && len(entries) > 0 { + b.NodeSelector = make(map[string]string, len(entries)) + } + for k, v := range entries { + b.NodeSelector[k] = v + } + return b +} + +// WithResources adds the given value to the Resources field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Resources field. +func (b *OpenShiftStateMetricsConfigApplyConfiguration) WithResources(values ...*ContainerResourceApplyConfiguration) *OpenShiftStateMetricsConfigApplyConfiguration { + for i := range values { + if values[i] == nil { + panic("nil value passed to WithResources") + } + b.Resources = append(b.Resources, *values[i]) + } + return b +} + +// WithTolerations adds the given value to the Tolerations field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Tolerations field. +func (b *OpenShiftStateMetricsConfigApplyConfiguration) WithTolerations(values ...v1.Toleration) *OpenShiftStateMetricsConfigApplyConfiguration { + for i := range values { + b.Tolerations = append(b.Tolerations, values[i]) + } + return b +} + +// WithTopologySpreadConstraints adds the given value to the TopologySpreadConstraints field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the TopologySpreadConstraints field. +func (b *OpenShiftStateMetricsConfigApplyConfiguration) WithTopologySpreadConstraints(values ...v1.TopologySpreadConstraint) *OpenShiftStateMetricsConfigApplyConfiguration { + for i := range values { + b.TopologySpreadConstraints = append(b.TopologySpreadConstraints, values[i]) + } + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/imagepolicy.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/pki.go similarity index 65% rename from vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/imagepolicy.go rename to vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/pki.go index 68a813c1af..01a5b33266 100644 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/imagepolicy.go +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/pki.go @@ -11,81 +11,72 @@ import ( v1 "k8s.io/client-go/applyconfigurations/meta/v1" ) -// ImagePolicyApplyConfiguration represents a declarative configuration of the ImagePolicy type for use +// PKIApplyConfiguration represents a declarative configuration of the PKI type for use // with apply. // -// # ImagePolicy holds namespace-wide configuration for image signature verification +// PKI configures cryptographic parameters for certificates generated +// internally by OpenShift components. // // Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. -type ImagePolicyApplyConfiguration struct { +type PKIApplyConfiguration struct { v1.TypeMetaApplyConfiguration `json:",inline"` // metadata is the standard object's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata *v1.ObjectMetaApplyConfiguration `json:"metadata,omitempty"` // spec holds user settable values for configuration - Spec *ImagePolicySpecApplyConfiguration `json:"spec,omitempty"` - // status contains the observed state of the resource. - Status *ImagePolicyStatusApplyConfiguration `json:"status,omitempty"` + Spec *PKISpecApplyConfiguration `json:"spec,omitempty"` } -// ImagePolicy constructs a declarative configuration of the ImagePolicy type for use with +// PKI constructs a declarative configuration of the PKI type for use with // apply. -func ImagePolicy(name, namespace string) *ImagePolicyApplyConfiguration { - b := &ImagePolicyApplyConfiguration{} +func PKI(name string) *PKIApplyConfiguration { + b := &PKIApplyConfiguration{} b.WithName(name) - b.WithNamespace(namespace) - b.WithKind("ImagePolicy") + b.WithKind("PKI") b.WithAPIVersion("config.openshift.io/v1alpha1") return b } -// ExtractImagePolicyFrom extracts the applied configuration owned by fieldManager from -// imagePolicy for the specified subresource. Pass an empty string for subresource to extract +// ExtractPKIFrom extracts the applied configuration owned by fieldManager from +// pKI for the specified subresource. Pass an empty string for subresource to extract // the main resource. Common subresources include "status", "scale", etc. -// imagePolicy must be a unmodified ImagePolicy API object that was retrieved from the Kubernetes API. -// ExtractImagePolicyFrom provides a way to perform a extract/modify-in-place/apply workflow. +// pKI must be a unmodified PKI API object that was retrieved from the Kubernetes API. +// ExtractPKIFrom provides a way to perform a extract/modify-in-place/apply workflow. // Note that an extracted apply configuration will contain fewer fields than what the fieldManager previously // applied if another fieldManager has updated or force applied any of the previously applied fields. -func ExtractImagePolicyFrom(imagePolicy *configv1alpha1.ImagePolicy, fieldManager string, subresource string) (*ImagePolicyApplyConfiguration, error) { - b := &ImagePolicyApplyConfiguration{} - err := managedfields.ExtractInto(imagePolicy, internal.Parser().Type("com.github.openshift.api.config.v1alpha1.ImagePolicy"), fieldManager, b, subresource) +func ExtractPKIFrom(pKI *configv1alpha1.PKI, fieldManager string, subresource string) (*PKIApplyConfiguration, error) { + b := &PKIApplyConfiguration{} + err := managedfields.ExtractInto(pKI, internal.Parser().Type("com.github.openshift.api.config.v1alpha1.PKI"), fieldManager, b, subresource) if err != nil { return nil, err } - b.WithName(imagePolicy.Name) - b.WithNamespace(imagePolicy.Namespace) + b.WithName(pKI.Name) - b.WithKind("ImagePolicy") + b.WithKind("PKI") b.WithAPIVersion("config.openshift.io/v1alpha1") return b, nil } -// ExtractImagePolicy extracts the applied configuration owned by fieldManager from -// imagePolicy. If no managedFields are found in imagePolicy for fieldManager, a -// ImagePolicyApplyConfiguration is returned with only the Name, Namespace (if applicable), +// ExtractPKI extracts the applied configuration owned by fieldManager from +// pKI. If no managedFields are found in pKI for fieldManager, a +// PKIApplyConfiguration is returned with only the Name, Namespace (if applicable), // APIVersion and Kind populated. It is possible that no managed fields were found for because other // field managers have taken ownership of all the fields previously owned by fieldManager, or because // the fieldManager never owned fields any fields. -// imagePolicy must be a unmodified ImagePolicy API object that was retrieved from the Kubernetes API. -// ExtractImagePolicy provides a way to perform a extract/modify-in-place/apply workflow. +// pKI must be a unmodified PKI API object that was retrieved from the Kubernetes API. +// ExtractPKI provides a way to perform a extract/modify-in-place/apply workflow. // Note that an extracted apply configuration will contain fewer fields than what the fieldManager previously // applied if another fieldManager has updated or force applied any of the previously applied fields. -func ExtractImagePolicy(imagePolicy *configv1alpha1.ImagePolicy, fieldManager string) (*ImagePolicyApplyConfiguration, error) { - return ExtractImagePolicyFrom(imagePolicy, fieldManager, "") +func ExtractPKI(pKI *configv1alpha1.PKI, fieldManager string) (*PKIApplyConfiguration, error) { + return ExtractPKIFrom(pKI, fieldManager, "") } -// ExtractImagePolicyStatus extracts the applied configuration owned by fieldManager from -// imagePolicy for the status subresource. -func ExtractImagePolicyStatus(imagePolicy *configv1alpha1.ImagePolicy, fieldManager string) (*ImagePolicyApplyConfiguration, error) { - return ExtractImagePolicyFrom(imagePolicy, fieldManager, "status") -} - -func (b ImagePolicyApplyConfiguration) IsApplyConfiguration() {} +func (b PKIApplyConfiguration) IsApplyConfiguration() {} // WithKind sets the Kind field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the Kind field is set to the value of the last call. -func (b *ImagePolicyApplyConfiguration) WithKind(value string) *ImagePolicyApplyConfiguration { +func (b *PKIApplyConfiguration) WithKind(value string) *PKIApplyConfiguration { b.TypeMetaApplyConfiguration.Kind = &value return b } @@ -93,7 +84,7 @@ func (b *ImagePolicyApplyConfiguration) WithKind(value string) *ImagePolicyApply // WithAPIVersion sets the APIVersion field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the APIVersion field is set to the value of the last call. -func (b *ImagePolicyApplyConfiguration) WithAPIVersion(value string) *ImagePolicyApplyConfiguration { +func (b *PKIApplyConfiguration) WithAPIVersion(value string) *PKIApplyConfiguration { b.TypeMetaApplyConfiguration.APIVersion = &value return b } @@ -101,7 +92,7 @@ func (b *ImagePolicyApplyConfiguration) WithAPIVersion(value string) *ImagePolic // WithName sets the Name field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the Name field is set to the value of the last call. -func (b *ImagePolicyApplyConfiguration) WithName(value string) *ImagePolicyApplyConfiguration { +func (b *PKIApplyConfiguration) WithName(value string) *PKIApplyConfiguration { b.ensureObjectMetaApplyConfigurationExists() b.ObjectMetaApplyConfiguration.Name = &value return b @@ -110,7 +101,7 @@ func (b *ImagePolicyApplyConfiguration) WithName(value string) *ImagePolicyApply // WithGenerateName sets the GenerateName field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the GenerateName field is set to the value of the last call. -func (b *ImagePolicyApplyConfiguration) WithGenerateName(value string) *ImagePolicyApplyConfiguration { +func (b *PKIApplyConfiguration) WithGenerateName(value string) *PKIApplyConfiguration { b.ensureObjectMetaApplyConfigurationExists() b.ObjectMetaApplyConfiguration.GenerateName = &value return b @@ -119,7 +110,7 @@ func (b *ImagePolicyApplyConfiguration) WithGenerateName(value string) *ImagePol // WithNamespace sets the Namespace field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the Namespace field is set to the value of the last call. -func (b *ImagePolicyApplyConfiguration) WithNamespace(value string) *ImagePolicyApplyConfiguration { +func (b *PKIApplyConfiguration) WithNamespace(value string) *PKIApplyConfiguration { b.ensureObjectMetaApplyConfigurationExists() b.ObjectMetaApplyConfiguration.Namespace = &value return b @@ -128,7 +119,7 @@ func (b *ImagePolicyApplyConfiguration) WithNamespace(value string) *ImagePolicy // WithUID sets the UID field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the UID field is set to the value of the last call. -func (b *ImagePolicyApplyConfiguration) WithUID(value types.UID) *ImagePolicyApplyConfiguration { +func (b *PKIApplyConfiguration) WithUID(value types.UID) *PKIApplyConfiguration { b.ensureObjectMetaApplyConfigurationExists() b.ObjectMetaApplyConfiguration.UID = &value return b @@ -137,7 +128,7 @@ func (b *ImagePolicyApplyConfiguration) WithUID(value types.UID) *ImagePolicyApp // WithResourceVersion sets the ResourceVersion field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the ResourceVersion field is set to the value of the last call. -func (b *ImagePolicyApplyConfiguration) WithResourceVersion(value string) *ImagePolicyApplyConfiguration { +func (b *PKIApplyConfiguration) WithResourceVersion(value string) *PKIApplyConfiguration { b.ensureObjectMetaApplyConfigurationExists() b.ObjectMetaApplyConfiguration.ResourceVersion = &value return b @@ -146,7 +137,7 @@ func (b *ImagePolicyApplyConfiguration) WithResourceVersion(value string) *Image // WithGeneration sets the Generation field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the Generation field is set to the value of the last call. -func (b *ImagePolicyApplyConfiguration) WithGeneration(value int64) *ImagePolicyApplyConfiguration { +func (b *PKIApplyConfiguration) WithGeneration(value int64) *PKIApplyConfiguration { b.ensureObjectMetaApplyConfigurationExists() b.ObjectMetaApplyConfiguration.Generation = &value return b @@ -155,7 +146,7 @@ func (b *ImagePolicyApplyConfiguration) WithGeneration(value int64) *ImagePolicy // WithCreationTimestamp sets the CreationTimestamp field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the CreationTimestamp field is set to the value of the last call. -func (b *ImagePolicyApplyConfiguration) WithCreationTimestamp(value metav1.Time) *ImagePolicyApplyConfiguration { +func (b *PKIApplyConfiguration) WithCreationTimestamp(value metav1.Time) *PKIApplyConfiguration { b.ensureObjectMetaApplyConfigurationExists() b.ObjectMetaApplyConfiguration.CreationTimestamp = &value return b @@ -164,7 +155,7 @@ func (b *ImagePolicyApplyConfiguration) WithCreationTimestamp(value metav1.Time) // WithDeletionTimestamp sets the DeletionTimestamp field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the DeletionTimestamp field is set to the value of the last call. -func (b *ImagePolicyApplyConfiguration) WithDeletionTimestamp(value metav1.Time) *ImagePolicyApplyConfiguration { +func (b *PKIApplyConfiguration) WithDeletionTimestamp(value metav1.Time) *PKIApplyConfiguration { b.ensureObjectMetaApplyConfigurationExists() b.ObjectMetaApplyConfiguration.DeletionTimestamp = &value return b @@ -173,7 +164,7 @@ func (b *ImagePolicyApplyConfiguration) WithDeletionTimestamp(value metav1.Time) // WithDeletionGracePeriodSeconds sets the DeletionGracePeriodSeconds field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the DeletionGracePeriodSeconds field is set to the value of the last call. -func (b *ImagePolicyApplyConfiguration) WithDeletionGracePeriodSeconds(value int64) *ImagePolicyApplyConfiguration { +func (b *PKIApplyConfiguration) WithDeletionGracePeriodSeconds(value int64) *PKIApplyConfiguration { b.ensureObjectMetaApplyConfigurationExists() b.ObjectMetaApplyConfiguration.DeletionGracePeriodSeconds = &value return b @@ -183,7 +174,7 @@ func (b *ImagePolicyApplyConfiguration) WithDeletionGracePeriodSeconds(value int // and returns the receiver, so that objects can be build by chaining "With" function invocations. // If called multiple times, the entries provided by each call will be put on the Labels field, // overwriting an existing map entries in Labels field with the same key. -func (b *ImagePolicyApplyConfiguration) WithLabels(entries map[string]string) *ImagePolicyApplyConfiguration { +func (b *PKIApplyConfiguration) WithLabels(entries map[string]string) *PKIApplyConfiguration { b.ensureObjectMetaApplyConfigurationExists() if b.ObjectMetaApplyConfiguration.Labels == nil && len(entries) > 0 { b.ObjectMetaApplyConfiguration.Labels = make(map[string]string, len(entries)) @@ -198,7 +189,7 @@ func (b *ImagePolicyApplyConfiguration) WithLabels(entries map[string]string) *I // and returns the receiver, so that objects can be build by chaining "With" function invocations. // If called multiple times, the entries provided by each call will be put on the Annotations field, // overwriting an existing map entries in Annotations field with the same key. -func (b *ImagePolicyApplyConfiguration) WithAnnotations(entries map[string]string) *ImagePolicyApplyConfiguration { +func (b *PKIApplyConfiguration) WithAnnotations(entries map[string]string) *PKIApplyConfiguration { b.ensureObjectMetaApplyConfigurationExists() if b.ObjectMetaApplyConfiguration.Annotations == nil && len(entries) > 0 { b.ObjectMetaApplyConfiguration.Annotations = make(map[string]string, len(entries)) @@ -212,7 +203,7 @@ func (b *ImagePolicyApplyConfiguration) WithAnnotations(entries map[string]strin // WithOwnerReferences adds the given value to the OwnerReferences field in the declarative configuration // and returns the receiver, so that objects can be build by chaining "With" function invocations. // If called multiple times, values provided by each call will be appended to the OwnerReferences field. -func (b *ImagePolicyApplyConfiguration) WithOwnerReferences(values ...*v1.OwnerReferenceApplyConfiguration) *ImagePolicyApplyConfiguration { +func (b *PKIApplyConfiguration) WithOwnerReferences(values ...*v1.OwnerReferenceApplyConfiguration) *PKIApplyConfiguration { b.ensureObjectMetaApplyConfigurationExists() for i := range values { if values[i] == nil { @@ -226,7 +217,7 @@ func (b *ImagePolicyApplyConfiguration) WithOwnerReferences(values ...*v1.OwnerR // WithFinalizers adds the given value to the Finalizers field in the declarative configuration // and returns the receiver, so that objects can be build by chaining "With" function invocations. // If called multiple times, values provided by each call will be appended to the Finalizers field. -func (b *ImagePolicyApplyConfiguration) WithFinalizers(values ...string) *ImagePolicyApplyConfiguration { +func (b *PKIApplyConfiguration) WithFinalizers(values ...string) *PKIApplyConfiguration { b.ensureObjectMetaApplyConfigurationExists() for i := range values { b.ObjectMetaApplyConfiguration.Finalizers = append(b.ObjectMetaApplyConfiguration.Finalizers, values[i]) @@ -234,7 +225,7 @@ func (b *ImagePolicyApplyConfiguration) WithFinalizers(values ...string) *ImageP return b } -func (b *ImagePolicyApplyConfiguration) ensureObjectMetaApplyConfigurationExists() { +func (b *PKIApplyConfiguration) ensureObjectMetaApplyConfigurationExists() { if b.ObjectMetaApplyConfiguration == nil { b.ObjectMetaApplyConfiguration = &v1.ObjectMetaApplyConfiguration{} } @@ -243,37 +234,29 @@ func (b *ImagePolicyApplyConfiguration) ensureObjectMetaApplyConfigurationExists // WithSpec sets the Spec field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the Spec field is set to the value of the last call. -func (b *ImagePolicyApplyConfiguration) WithSpec(value *ImagePolicySpecApplyConfiguration) *ImagePolicyApplyConfiguration { +func (b *PKIApplyConfiguration) WithSpec(value *PKISpecApplyConfiguration) *PKIApplyConfiguration { b.Spec = value return b } -// WithStatus sets the Status field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the Status field is set to the value of the last call. -func (b *ImagePolicyApplyConfiguration) WithStatus(value *ImagePolicyStatusApplyConfiguration) *ImagePolicyApplyConfiguration { - b.Status = value - return b -} - // GetKind retrieves the value of the Kind field in the declarative configuration. -func (b *ImagePolicyApplyConfiguration) GetKind() *string { +func (b *PKIApplyConfiguration) GetKind() *string { return b.TypeMetaApplyConfiguration.Kind } // GetAPIVersion retrieves the value of the APIVersion field in the declarative configuration. -func (b *ImagePolicyApplyConfiguration) GetAPIVersion() *string { +func (b *PKIApplyConfiguration) GetAPIVersion() *string { return b.TypeMetaApplyConfiguration.APIVersion } // GetName retrieves the value of the Name field in the declarative configuration. -func (b *ImagePolicyApplyConfiguration) GetName() *string { +func (b *PKIApplyConfiguration) GetName() *string { b.ensureObjectMetaApplyConfigurationExists() return b.ObjectMetaApplyConfiguration.Name } // GetNamespace retrieves the value of the Namespace field in the declarative configuration. -func (b *ImagePolicyApplyConfiguration) GetNamespace() *string { +func (b *PKIApplyConfiguration) GetNamespace() *string { b.ensureObjectMetaApplyConfigurationExists() return b.ObjectMetaApplyConfiguration.Namespace } diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/pkicertificatemanagement.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/pkicertificatemanagement.go new file mode 100644 index 0000000000..203b73bb6a --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/pkicertificatemanagement.go @@ -0,0 +1,65 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + configv1alpha1 "github.com/openshift/api/config/v1alpha1" +) + +// PKICertificateManagementApplyConfiguration represents a declarative configuration of the PKICertificateManagement type for use +// with apply. +// +// PKICertificateManagement determines whether components use hardcoded defaults (Unmanaged), follow +// OpenShift best practices (Default), or use administrator-specified cryptographic parameters (Custom). +// This provides flexibility for organizations with specific compliance requirements or security policies +// while maintaining backwards compatibility for existing clusters. +type PKICertificateManagementApplyConfiguration struct { + // mode determines how PKI configuration is managed. + // Valid values are "Unmanaged", "Default", and "Custom". + // + // When set to Unmanaged, components use their existing hardcoded certificate + // generation behavior, exactly as if this feature did not exist. Each component + // generates certificates using whatever parameters it was using before this + // feature. While most components use RSA 2048, some may use different + // parameters. Use of this mode might prevent upgrading to the next major + // OpenShift release. + // + // When set to Default, OpenShift-recommended best practices for certificate + // generation are applied. The specific parameters may evolve across OpenShift + // releases to adopt improved cryptographic standards. In the initial release, + // this matches Unmanaged behavior for each component. In future releases, this + // may adopt ECDSA or larger RSA keys based on industry best practices. + // Recommended for most customers who want to benefit from security improvements + // automatically. + // + // When set to Custom, the certificate management parameters can be set + // explicitly. Use the custom field to specify certificate generation parameters. + Mode *configv1alpha1.PKICertificateManagementMode `json:"mode,omitempty"` + // custom contains administrator-specified cryptographic configuration. + // Use the defaults and category override fields + // to specify certificate generation parameters. + // Required when mode is Custom, and forbidden otherwise. + Custom *CustomPKIPolicyApplyConfiguration `json:"custom,omitempty"` +} + +// PKICertificateManagementApplyConfiguration constructs a declarative configuration of the PKICertificateManagement type for use with +// apply. +func PKICertificateManagement() *PKICertificateManagementApplyConfiguration { + return &PKICertificateManagementApplyConfiguration{} +} + +// WithMode sets the Mode field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Mode field is set to the value of the last call. +func (b *PKICertificateManagementApplyConfiguration) WithMode(value configv1alpha1.PKICertificateManagementMode) *PKICertificateManagementApplyConfiguration { + b.Mode = &value + return b +} + +// WithCustom sets the Custom field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Custom field is set to the value of the last call. +func (b *PKICertificateManagementApplyConfiguration) WithCustom(value *CustomPKIPolicyApplyConfiguration) *PKICertificateManagementApplyConfiguration { + b.Custom = value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/pkicertificatesubject.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/pkicertificatesubject.go deleted file mode 100644 index c9c93a2806..0000000000 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/pkicertificatesubject.go +++ /dev/null @@ -1,39 +0,0 @@ -// Code generated by applyconfiguration-gen. DO NOT EDIT. - -package v1alpha1 - -// PKICertificateSubjectApplyConfiguration represents a declarative configuration of the PKICertificateSubject type for use -// with apply. -// -// PKICertificateSubject defines the requirements imposed on the subject to which the certificate was issued. -type PKICertificateSubjectApplyConfiguration struct { - // email specifies the expected email address imposed on the subject to which the certificate was issued, and must match the email address listed in the Subject Alternative Name (SAN) field of the certificate. - // The email should be a valid email address and at most 320 characters in length. - Email *string `json:"email,omitempty"` - // hostname specifies the expected hostname imposed on the subject to which the certificate was issued, and it must match the hostname listed in the Subject Alternative Name (SAN) DNS field of the certificate. - // The hostname should be a valid dns 1123 subdomain name, optionally prefixed by '*.', and at most 253 characters in length. - // It should consist only of lowercase alphanumeric characters, hyphens, periods and the optional preceding asterisk. - Hostname *string `json:"hostname,omitempty"` -} - -// PKICertificateSubjectApplyConfiguration constructs a declarative configuration of the PKICertificateSubject type for use with -// apply. -func PKICertificateSubject() *PKICertificateSubjectApplyConfiguration { - return &PKICertificateSubjectApplyConfiguration{} -} - -// WithEmail sets the Email field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the Email field is set to the value of the last call. -func (b *PKICertificateSubjectApplyConfiguration) WithEmail(value string) *PKICertificateSubjectApplyConfiguration { - b.Email = &value - return b -} - -// WithHostname sets the Hostname field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the Hostname field is set to the value of the last call. -func (b *PKICertificateSubjectApplyConfiguration) WithHostname(value string) *PKICertificateSubjectApplyConfiguration { - b.Hostname = &value - return b -} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/pkiprofile.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/pkiprofile.go new file mode 100644 index 0000000000..735b7ca1d2 --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/pkiprofile.go @@ -0,0 +1,68 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +// PKIProfileApplyConfiguration represents a declarative configuration of the PKIProfile type for use +// with apply. +// +// PKIProfile defines the certificate generation parameters that OpenShift +// components use to create certificates. Category overrides take precedence +// over defaults. +type PKIProfileApplyConfiguration struct { + // defaults specifies the default certificate configuration that applies + // to all certificates unless overridden by a category override. + Defaults *DefaultCertificateConfigApplyConfiguration `json:"defaults,omitempty"` + // signerCertificates optionally overrides certificate parameters for + // certificate authority (CA) certificates that sign other certificates. + // When set, these parameters take precedence over defaults for all signer certificates. + // When omitted, the defaults are used for signer certificates. + SignerCertificates *CertificateConfigApplyConfiguration `json:"signerCertificates,omitempty"` + // servingCertificates optionally overrides certificate parameters for + // TLS server certificates used to serve HTTPS endpoints. + // When set, these parameters take precedence over defaults for all serving certificates. + // When omitted, the defaults are used for serving certificates. + ServingCertificates *CertificateConfigApplyConfiguration `json:"servingCertificates,omitempty"` + // clientCertificates optionally overrides certificate parameters for + // client authentication certificates used to authenticate to servers. + // When set, these parameters take precedence over defaults for all client certificates. + // When omitted, the defaults are used for client certificates. + ClientCertificates *CertificateConfigApplyConfiguration `json:"clientCertificates,omitempty"` +} + +// PKIProfileApplyConfiguration constructs a declarative configuration of the PKIProfile type for use with +// apply. +func PKIProfile() *PKIProfileApplyConfiguration { + return &PKIProfileApplyConfiguration{} +} + +// WithDefaults sets the Defaults field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Defaults field is set to the value of the last call. +func (b *PKIProfileApplyConfiguration) WithDefaults(value *DefaultCertificateConfigApplyConfiguration) *PKIProfileApplyConfiguration { + b.Defaults = value + return b +} + +// WithSignerCertificates sets the SignerCertificates field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the SignerCertificates field is set to the value of the last call. +func (b *PKIProfileApplyConfiguration) WithSignerCertificates(value *CertificateConfigApplyConfiguration) *PKIProfileApplyConfiguration { + b.SignerCertificates = value + return b +} + +// WithServingCertificates sets the ServingCertificates field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ServingCertificates field is set to the value of the last call. +func (b *PKIProfileApplyConfiguration) WithServingCertificates(value *CertificateConfigApplyConfiguration) *PKIProfileApplyConfiguration { + b.ServingCertificates = value + return b +} + +// WithClientCertificates sets the ClientCertificates field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ClientCertificates field is set to the value of the last call. +func (b *PKIProfileApplyConfiguration) WithClientCertificates(value *CertificateConfigApplyConfiguration) *PKIProfileApplyConfiguration { + b.ClientCertificates = value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/pkispec.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/pkispec.go new file mode 100644 index 0000000000..3158b96c7d --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/pkispec.go @@ -0,0 +1,28 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +// PKISpecApplyConfiguration represents a declarative configuration of the PKISpec type for use +// with apply. +// +// PKISpec holds the specification for PKI configuration. +type PKISpecApplyConfiguration struct { + // certificateManagement specifies how PKI configuration is managed for internally-generated certificates. + // This controls the certificate generation approach for all OpenShift components that create + // certificates internally, including certificate authorities, serving certificates, and client certificates. + CertificateManagement *PKICertificateManagementApplyConfiguration `json:"certificateManagement,omitempty"` +} + +// PKISpecApplyConfiguration constructs a declarative configuration of the PKISpec type for use with +// apply. +func PKISpec() *PKISpecApplyConfiguration { + return &PKISpecApplyConfiguration{} +} + +// WithCertificateManagement sets the CertificateManagement field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the CertificateManagement field is set to the value of the last call. +func (b *PKISpecApplyConfiguration) WithCertificateManagement(value *PKICertificateManagementApplyConfiguration) *PKISpecApplyConfiguration { + b.CertificateManagement = value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/policyfulciosubject.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/policyfulciosubject.go deleted file mode 100644 index 5c7bd5ed9e..0000000000 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/policyfulciosubject.go +++ /dev/null @@ -1,38 +0,0 @@ -// Code generated by applyconfiguration-gen. DO NOT EDIT. - -package v1alpha1 - -// PolicyFulcioSubjectApplyConfiguration represents a declarative configuration of the PolicyFulcioSubject type for use -// with apply. -// -// PolicyFulcioSubject defines the OIDC issuer and the email of the Fulcio authentication configuration. -type PolicyFulcioSubjectApplyConfiguration struct { - // oidcIssuer contains the expected OIDC issuer. It will be verified that the Fulcio-issued certificate contains a (Fulcio-defined) certificate extension pointing at this OIDC issuer URL. When Fulcio issues certificates, it includes a value based on an URL inside the client-provided ID token. - // Example: "https://expected.OIDC.issuer/" - OIDCIssuer *string `json:"oidcIssuer,omitempty"` - // signedEmail holds the email address the the Fulcio certificate is issued for. - // Example: "expected-signing-user@example.com" - SignedEmail *string `json:"signedEmail,omitempty"` -} - -// PolicyFulcioSubjectApplyConfiguration constructs a declarative configuration of the PolicyFulcioSubject type for use with -// apply. -func PolicyFulcioSubject() *PolicyFulcioSubjectApplyConfiguration { - return &PolicyFulcioSubjectApplyConfiguration{} -} - -// WithOIDCIssuer sets the OIDCIssuer field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the OIDCIssuer field is set to the value of the last call. -func (b *PolicyFulcioSubjectApplyConfiguration) WithOIDCIssuer(value string) *PolicyFulcioSubjectApplyConfiguration { - b.OIDCIssuer = &value - return b -} - -// WithSignedEmail sets the SignedEmail field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the SignedEmail field is set to the value of the last call. -func (b *PolicyFulcioSubjectApplyConfiguration) WithSignedEmail(value string) *PolicyFulcioSubjectApplyConfiguration { - b.SignedEmail = &value - return b -} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/policyidentity.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/policyidentity.go deleted file mode 100644 index 822e756774..0000000000 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/policyidentity.go +++ /dev/null @@ -1,57 +0,0 @@ -// Code generated by applyconfiguration-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - configv1alpha1 "github.com/openshift/api/config/v1alpha1" -) - -// PolicyIdentityApplyConfiguration represents a declarative configuration of the PolicyIdentity type for use -// with apply. -// -// PolicyIdentity defines image identity the signature claims about the image. When omitted, the default matchPolicy is "MatchRepoDigestOrExact". -type PolicyIdentityApplyConfiguration struct { - // matchPolicy sets the type of matching to be used. - // Valid values are "MatchRepoDigestOrExact", "MatchRepository", "ExactRepository", "RemapIdentity". When omitted, the default value is "MatchRepoDigestOrExact". - // If set matchPolicy to ExactRepository, then the exactRepository must be specified. - // If set matchPolicy to RemapIdentity, then the remapIdentity must be specified. - // "MatchRepoDigestOrExact" means that the identity in the signature must be in the same repository as the image identity if the image identity is referenced by a digest. Otherwise, the identity in the signature must be the same as the image identity. - // "MatchRepository" means that the identity in the signature must be in the same repository as the image identity. - // "ExactRepository" means that the identity in the signature must be in the same repository as a specific identity specified by "repository". - // "RemapIdentity" means that the signature must be in the same as the remapped image identity. Remapped image identity is obtained by replacing the "prefix" with the specified “signedPrefix” if the the image identity matches the specified remapPrefix. - MatchPolicy *configv1alpha1.IdentityMatchPolicy `json:"matchPolicy,omitempty"` - // exactRepository is required if matchPolicy is set to "ExactRepository". - PolicyMatchExactRepository *PolicyMatchExactRepositoryApplyConfiguration `json:"exactRepository,omitempty"` - // remapIdentity is required if matchPolicy is set to "RemapIdentity". - PolicyMatchRemapIdentity *PolicyMatchRemapIdentityApplyConfiguration `json:"remapIdentity,omitempty"` -} - -// PolicyIdentityApplyConfiguration constructs a declarative configuration of the PolicyIdentity type for use with -// apply. -func PolicyIdentity() *PolicyIdentityApplyConfiguration { - return &PolicyIdentityApplyConfiguration{} -} - -// WithMatchPolicy sets the MatchPolicy field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the MatchPolicy field is set to the value of the last call. -func (b *PolicyIdentityApplyConfiguration) WithMatchPolicy(value configv1alpha1.IdentityMatchPolicy) *PolicyIdentityApplyConfiguration { - b.MatchPolicy = &value - return b -} - -// WithPolicyMatchExactRepository sets the PolicyMatchExactRepository field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the PolicyMatchExactRepository field is set to the value of the last call. -func (b *PolicyIdentityApplyConfiguration) WithPolicyMatchExactRepository(value *PolicyMatchExactRepositoryApplyConfiguration) *PolicyIdentityApplyConfiguration { - b.PolicyMatchExactRepository = value - return b -} - -// WithPolicyMatchRemapIdentity sets the PolicyMatchRemapIdentity field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the PolicyMatchRemapIdentity field is set to the value of the last call. -func (b *PolicyIdentityApplyConfiguration) WithPolicyMatchRemapIdentity(value *PolicyMatchRemapIdentityApplyConfiguration) *PolicyIdentityApplyConfiguration { - b.PolicyMatchRemapIdentity = value - return b -} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/policymatchexactrepository.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/policymatchexactrepository.go deleted file mode 100644 index 6420b8ed9e..0000000000 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/policymatchexactrepository.go +++ /dev/null @@ -1,29 +0,0 @@ -// Code generated by applyconfiguration-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - configv1alpha1 "github.com/openshift/api/config/v1alpha1" -) - -// PolicyMatchExactRepositoryApplyConfiguration represents a declarative configuration of the PolicyMatchExactRepository type for use -// with apply. -type PolicyMatchExactRepositoryApplyConfiguration struct { - // repository is the reference of the image identity to be matched. - // The value should be a repository name (by omitting the tag or digest) in a registry implementing the "Docker Registry HTTP API V2". For example, docker.io/library/busybox - Repository *configv1alpha1.IdentityRepositoryPrefix `json:"repository,omitempty"` -} - -// PolicyMatchExactRepositoryApplyConfiguration constructs a declarative configuration of the PolicyMatchExactRepository type for use with -// apply. -func PolicyMatchExactRepository() *PolicyMatchExactRepositoryApplyConfiguration { - return &PolicyMatchExactRepositoryApplyConfiguration{} -} - -// WithRepository sets the Repository field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the Repository field is set to the value of the last call. -func (b *PolicyMatchExactRepositoryApplyConfiguration) WithRepository(value configv1alpha1.IdentityRepositoryPrefix) *PolicyMatchExactRepositoryApplyConfiguration { - b.Repository = &value - return b -} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/policymatchremapidentity.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/policymatchremapidentity.go deleted file mode 100644 index 0b1a5098fa..0000000000 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/policymatchremapidentity.go +++ /dev/null @@ -1,45 +0,0 @@ -// Code generated by applyconfiguration-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - configv1alpha1 "github.com/openshift/api/config/v1alpha1" -) - -// PolicyMatchRemapIdentityApplyConfiguration represents a declarative configuration of the PolicyMatchRemapIdentity type for use -// with apply. -type PolicyMatchRemapIdentityApplyConfiguration struct { - // prefix is the prefix of the image identity to be matched. - // If the image identity matches the specified prefix, that prefix is replaced by the specified “signedPrefix” (otherwise it is used as unchanged and no remapping takes place). - // This useful when verifying signatures for a mirror of some other repository namespace that preserves the vendor’s repository structure. - // The prefix and signedPrefix values can be either host[:port] values (matching exactly the same host[:port], string), repository namespaces, - // or repositories (i.e. they must not contain tags/digests), and match as prefixes of the fully expanded form. - // For example, docker.io/library/busybox (not busybox) to specify that single repository, or docker.io/library (not an empty string) to specify the parent namespace of docker.io/library/busybox. - Prefix *configv1alpha1.IdentityRepositoryPrefix `json:"prefix,omitempty"` - // signedPrefix is the prefix of the image identity to be matched in the signature. The format is the same as "prefix". The values can be either host[:port] values (matching exactly the same host[:port], string), repository namespaces, - // or repositories (i.e. they must not contain tags/digests), and match as prefixes of the fully expanded form. - // For example, docker.io/library/busybox (not busybox) to specify that single repository, or docker.io/library (not an empty string) to specify the parent namespace of docker.io/library/busybox. - SignedPrefix *configv1alpha1.IdentityRepositoryPrefix `json:"signedPrefix,omitempty"` -} - -// PolicyMatchRemapIdentityApplyConfiguration constructs a declarative configuration of the PolicyMatchRemapIdentity type for use with -// apply. -func PolicyMatchRemapIdentity() *PolicyMatchRemapIdentityApplyConfiguration { - return &PolicyMatchRemapIdentityApplyConfiguration{} -} - -// WithPrefix sets the Prefix field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the Prefix field is set to the value of the last call. -func (b *PolicyMatchRemapIdentityApplyConfiguration) WithPrefix(value configv1alpha1.IdentityRepositoryPrefix) *PolicyMatchRemapIdentityApplyConfiguration { - b.Prefix = &value - return b -} - -// WithSignedPrefix sets the SignedPrefix field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the SignedPrefix field is set to the value of the last call. -func (b *PolicyMatchRemapIdentityApplyConfiguration) WithSignedPrefix(value configv1alpha1.IdentityRepositoryPrefix) *PolicyMatchRemapIdentityApplyConfiguration { - b.SignedPrefix = &value - return b -} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/policyrootoftrust.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/policyrootoftrust.go deleted file mode 100644 index b7a1877fc4..0000000000 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/policyrootoftrust.go +++ /dev/null @@ -1,65 +0,0 @@ -// Code generated by applyconfiguration-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - configv1alpha1 "github.com/openshift/api/config/v1alpha1" -) - -// PolicyRootOfTrustApplyConfiguration represents a declarative configuration of the PolicyRootOfTrust type for use -// with apply. -// -// PolicyRootOfTrust defines the root of trust based on the selected policyType. -type PolicyRootOfTrustApplyConfiguration struct { - // policyType serves as the union's discriminator. Users are required to assign a value to this field, choosing one of the policy types that define the root of trust. - // "PublicKey" indicates that the policy relies on a sigstore publicKey and may optionally use a Rekor verification. - // "FulcioCAWithRekor" indicates that the policy is based on the Fulcio certification and incorporates a Rekor verification. - // "PKI" indicates that the policy is based on the certificates from Bring Your Own Public Key Infrastructure (BYOPKI). This value is enabled by turning on the SigstoreImageVerificationPKI feature gate. - PolicyType *configv1alpha1.PolicyType `json:"policyType,omitempty"` - // publicKey defines the root of trust based on a sigstore public key. - PublicKey *ImagePolicyPublicKeyRootOfTrustApplyConfiguration `json:"publicKey,omitempty"` - // fulcioCAWithRekor defines the root of trust based on the Fulcio certificate and the Rekor public key. - // For more information about Fulcio and Rekor, please refer to the document at: - // https://github.com/sigstore/fulcio and https://github.com/sigstore/rekor - FulcioCAWithRekor *ImagePolicyFulcioCAWithRekorRootOfTrustApplyConfiguration `json:"fulcioCAWithRekor,omitempty"` - // pki defines the root of trust based on Bring Your Own Public Key Infrastructure (BYOPKI) Root CA(s) and corresponding intermediate certificates. - PKI *ImagePolicyPKIRootOfTrustApplyConfiguration `json:"pki,omitempty"` -} - -// PolicyRootOfTrustApplyConfiguration constructs a declarative configuration of the PolicyRootOfTrust type for use with -// apply. -func PolicyRootOfTrust() *PolicyRootOfTrustApplyConfiguration { - return &PolicyRootOfTrustApplyConfiguration{} -} - -// WithPolicyType sets the PolicyType field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the PolicyType field is set to the value of the last call. -func (b *PolicyRootOfTrustApplyConfiguration) WithPolicyType(value configv1alpha1.PolicyType) *PolicyRootOfTrustApplyConfiguration { - b.PolicyType = &value - return b -} - -// WithPublicKey sets the PublicKey field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the PublicKey field is set to the value of the last call. -func (b *PolicyRootOfTrustApplyConfiguration) WithPublicKey(value *ImagePolicyPublicKeyRootOfTrustApplyConfiguration) *PolicyRootOfTrustApplyConfiguration { - b.PublicKey = value - return b -} - -// WithFulcioCAWithRekor sets the FulcioCAWithRekor field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the FulcioCAWithRekor field is set to the value of the last call. -func (b *PolicyRootOfTrustApplyConfiguration) WithFulcioCAWithRekor(value *ImagePolicyFulcioCAWithRekorRootOfTrustApplyConfiguration) *PolicyRootOfTrustApplyConfiguration { - b.FulcioCAWithRekor = value - return b -} - -// WithPKI sets the PKI field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the PKI field is set to the value of the last call. -func (b *PolicyRootOfTrustApplyConfiguration) WithPKI(value *ImagePolicyPKIRootOfTrustApplyConfiguration) *PolicyRootOfTrustApplyConfiguration { - b.PKI = value - return b -} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/prometheusconfig.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/prometheusconfig.go new file mode 100644 index 0000000000..cd8fcb780b --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/prometheusconfig.go @@ -0,0 +1,276 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + configv1alpha1 "github.com/openshift/api/config/v1alpha1" + v1 "k8s.io/api/core/v1" +) + +// PrometheusConfigApplyConfiguration represents a declarative configuration of the PrometheusConfig type for use +// with apply. +// +// PrometheusConfig provides configuration options for the Prometheus instance. +// Use this configuration to control +// Prometheus deployment, pod scheduling, resource allocation, retention policies, and external integrations. +type PrometheusConfigApplyConfiguration struct { + // additionalAlertmanagerConfigs configures additional Alertmanager instances that receive alerts from + // the Prometheus component. This is useful for organizations that need to: + // - Send alerts to external monitoring systems (like PagerDuty, Slack, or custom webhooks) + // - Route different types of alerts to different teams or systems + // - Integrate with existing enterprise alerting infrastructure + // - Maintain separate alert routing for compliance or organizational requirements + // When omitted, no additional Alertmanager instances are configured (default behavior). + // When provided, at least one configuration must be specified (minimum 1, maximum 10 items). + // Entries must have unique names (name is the list key). + AdditionalAlertmanagerConfigs []AdditionalAlertmanagerConfigApplyConfiguration `json:"additionalAlertmanagerConfigs,omitempty"` + // enforcedBodySizeLimitBytes enforces a body size limit (in bytes) for Prometheus scraped metrics. + // If a scraped target's body response is larger than the limit, the scrape will fail. + // This helps protect Prometheus from targets that return excessively large responses. + // The value is specified in bytes (e.g., 4194304 for 4MB, 1073741824 for 1GB). + // When omitted, the Cluster Monitoring Operator automatically calculates an appropriate + // limit based on cluster capacity. Set an explicit value to override the automatic calculation. + // Minimum value is 10240 (10kB). + // Maximum value is 1073741824 (1GB). + EnforcedBodySizeLimitBytes *int64 `json:"enforcedBodySizeLimitBytes,omitempty"` + // externalLabels defines labels to be attached to time series and alerts + // when communicating with external systems such as federation, remote storage, + // and Alertmanager. These labels are not stored with metrics on disk; they are + // only added when data leaves Prometheus (e.g., during federation queries, + // remote write, or alert notifications). + // At least 1 label must be specified when set, with a maximum of 50 labels allowed. + // Each label key must be unique within this list. + // When omitted, no external labels are applied. + ExternalLabels []LabelApplyConfiguration `json:"externalLabels,omitempty"` + // logLevel defines the verbosity of logs emitted by Prometheus. + // This field allows users to control the amount and severity of logs generated, which can be useful + // for debugging issues or reducing noise in production environments. + // Allowed values are Error, Warn, Info, and Debug. + // When set to Error, only errors will be logged. + // When set to Warn, both warnings and errors will be logged. + // When set to Info, general information, warnings, and errors will all be logged. + // When set to Debug, detailed debugging information will be logged. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. + // The current default value is `Info`. + LogLevel *configv1alpha1.LogLevel `json:"logLevel,omitempty"` + // nodeSelector defines the nodes on which the Pods are scheduled. + // nodeSelector is optional. + // + // When omitted, this means the user has no opinion and the platform is left + // to choose reasonable defaults. These defaults are subject to change over time. + // The current default value is `kubernetes.io/os: linux`. + // When specified, nodeSelector must contain at least one key-value pair (minimum of 1) + // and must not contain more than 10 entries. + NodeSelector map[string]string `json:"nodeSelector,omitempty"` + // queryLogFile specifies the file to which PromQL queries are logged. + // This setting can be either a filename, in which + // case the queries are saved to an `emptyDir` volume + // at `/var/log/prometheus`, or a full path to a location where + // an `emptyDir` volume will be mounted and the queries saved. + // Writing to `/dev/stderr`, `/dev/stdout` or `/dev/null` is supported, but + // writing to any other `/dev/` path is not supported. Relative paths are + // also not supported. + // By default, PromQL queries are not logged. + // Must be an absolute path starting with `/` or a simple filename without path separators. + // Must not contain consecutive slashes, end with a slash, or include '..' path traversal. + // Must contain only alphanumeric characters, '.', '_', '-', or '/'. + // Must be between 1 and 255 characters in length. + QueryLogFile *string `json:"queryLogFile,omitempty"` + // remoteWrite defines the remote write configuration, including URL, authentication, and relabeling settings. + // Remote write allows Prometheus to send metrics it collects to external long-term storage systems. + // When omitted, no remote write endpoints are configured. + // When provided, at least one configuration must be specified (minimum 1, maximum 10 items). + // Entries must have unique names (name is the list key). + RemoteWrite []RemoteWriteSpecApplyConfiguration `json:"remoteWrite,omitempty"` + // resources defines the compute resource requests and limits for the Prometheus container. + // This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. + // When not specified, defaults are used by the platform. Requests cannot exceed limits. + // Each entry must have a unique resource name. + // Minimum of 1 and maximum of 10 resource entries can be specified. + // The current default values are: + // resources: + // - name: cpu + // request: 4m + // - name: memory + // request: 40Mi + Resources []ContainerResourceApplyConfiguration `json:"resources,omitempty"` + // retention configures how long Prometheus retains metrics data and how much storage it can use. + // When omitted, the platform chooses reasonable defaults (currently 15 days retention, no size limit). + Retention *RetentionApplyConfiguration `json:"retention,omitempty"` + // tolerations defines tolerations for the pods. + // tolerations is optional. + // + // When omitted, this means the user has no opinion and the platform is left + // to choose reasonable defaults. These defaults are subject to change over time. + // Defaults are empty/unset. + // Maximum length for this list is 10 + // Minimum length for this list is 1 + Tolerations []v1.Toleration `json:"tolerations,omitempty"` + // topologySpreadConstraints defines rules for how Prometheus Pods should be distributed + // across topology domains such as zones, nodes, or other user-defined labels. + // topologySpreadConstraints is optional. + // This helps improve high availability and resource efficiency by avoiding placing + // too many replicas in the same failure domain. + // + // When omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. + // This field maps directly to the `topologySpreadConstraints` field in the Pod spec. + // Default is empty list. + // Maximum length for this list is 10. + // Minimum length for this list is 1 + // Entries must have unique topologyKey and whenUnsatisfiable pairs. + TopologySpreadConstraints []v1.TopologySpreadConstraint `json:"topologySpreadConstraints,omitempty"` + // collectionProfile defines the metrics collection profile that Prometheus uses to collect + // metrics from the platform components. Supported values are `Full` or + // `Minimal`. In the `Full` profile (default), Prometheus collects all + // metrics that are exposed by the platform components. In the `Minimal` + // profile, Prometheus only collects metrics necessary for the default + // platform alerts, recording rules, telemetry and console dashboards. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // The default value is `Full`. + CollectionProfile *configv1alpha1.CollectionProfile `json:"collectionProfile,omitempty"` + // volumeClaimTemplate defines persistent storage for Prometheus. Use this setting to + // configure the persistent volume claim, including storage class and volume size. + // If omitted, the Pod uses ephemeral storage and Prometheus data will not persist + // across restarts. + VolumeClaimTemplate *v1.PersistentVolumeClaim `json:"volumeClaimTemplate,omitempty"` +} + +// PrometheusConfigApplyConfiguration constructs a declarative configuration of the PrometheusConfig type for use with +// apply. +func PrometheusConfig() *PrometheusConfigApplyConfiguration { + return &PrometheusConfigApplyConfiguration{} +} + +// WithAdditionalAlertmanagerConfigs adds the given value to the AdditionalAlertmanagerConfigs field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the AdditionalAlertmanagerConfigs field. +func (b *PrometheusConfigApplyConfiguration) WithAdditionalAlertmanagerConfigs(values ...*AdditionalAlertmanagerConfigApplyConfiguration) *PrometheusConfigApplyConfiguration { + for i := range values { + if values[i] == nil { + panic("nil value passed to WithAdditionalAlertmanagerConfigs") + } + b.AdditionalAlertmanagerConfigs = append(b.AdditionalAlertmanagerConfigs, *values[i]) + } + return b +} + +// WithEnforcedBodySizeLimitBytes sets the EnforcedBodySizeLimitBytes field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the EnforcedBodySizeLimitBytes field is set to the value of the last call. +func (b *PrometheusConfigApplyConfiguration) WithEnforcedBodySizeLimitBytes(value int64) *PrometheusConfigApplyConfiguration { + b.EnforcedBodySizeLimitBytes = &value + return b +} + +// WithExternalLabels adds the given value to the ExternalLabels field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the ExternalLabels field. +func (b *PrometheusConfigApplyConfiguration) WithExternalLabels(values ...*LabelApplyConfiguration) *PrometheusConfigApplyConfiguration { + for i := range values { + if values[i] == nil { + panic("nil value passed to WithExternalLabels") + } + b.ExternalLabels = append(b.ExternalLabels, *values[i]) + } + return b +} + +// WithLogLevel sets the LogLevel field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the LogLevel field is set to the value of the last call. +func (b *PrometheusConfigApplyConfiguration) WithLogLevel(value configv1alpha1.LogLevel) *PrometheusConfigApplyConfiguration { + b.LogLevel = &value + return b +} + +// WithNodeSelector puts the entries into the NodeSelector field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, the entries provided by each call will be put on the NodeSelector field, +// overwriting an existing map entries in NodeSelector field with the same key. +func (b *PrometheusConfigApplyConfiguration) WithNodeSelector(entries map[string]string) *PrometheusConfigApplyConfiguration { + if b.NodeSelector == nil && len(entries) > 0 { + b.NodeSelector = make(map[string]string, len(entries)) + } + for k, v := range entries { + b.NodeSelector[k] = v + } + return b +} + +// WithQueryLogFile sets the QueryLogFile field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the QueryLogFile field is set to the value of the last call. +func (b *PrometheusConfigApplyConfiguration) WithQueryLogFile(value string) *PrometheusConfigApplyConfiguration { + b.QueryLogFile = &value + return b +} + +// WithRemoteWrite adds the given value to the RemoteWrite field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the RemoteWrite field. +func (b *PrometheusConfigApplyConfiguration) WithRemoteWrite(values ...*RemoteWriteSpecApplyConfiguration) *PrometheusConfigApplyConfiguration { + for i := range values { + if values[i] == nil { + panic("nil value passed to WithRemoteWrite") + } + b.RemoteWrite = append(b.RemoteWrite, *values[i]) + } + return b +} + +// WithResources adds the given value to the Resources field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Resources field. +func (b *PrometheusConfigApplyConfiguration) WithResources(values ...*ContainerResourceApplyConfiguration) *PrometheusConfigApplyConfiguration { + for i := range values { + if values[i] == nil { + panic("nil value passed to WithResources") + } + b.Resources = append(b.Resources, *values[i]) + } + return b +} + +// WithRetention sets the Retention field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Retention field is set to the value of the last call. +func (b *PrometheusConfigApplyConfiguration) WithRetention(value *RetentionApplyConfiguration) *PrometheusConfigApplyConfiguration { + b.Retention = value + return b +} + +// WithTolerations adds the given value to the Tolerations field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Tolerations field. +func (b *PrometheusConfigApplyConfiguration) WithTolerations(values ...v1.Toleration) *PrometheusConfigApplyConfiguration { + for i := range values { + b.Tolerations = append(b.Tolerations, values[i]) + } + return b +} + +// WithTopologySpreadConstraints adds the given value to the TopologySpreadConstraints field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the TopologySpreadConstraints field. +func (b *PrometheusConfigApplyConfiguration) WithTopologySpreadConstraints(values ...v1.TopologySpreadConstraint) *PrometheusConfigApplyConfiguration { + for i := range values { + b.TopologySpreadConstraints = append(b.TopologySpreadConstraints, values[i]) + } + return b +} + +// WithCollectionProfile sets the CollectionProfile field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the CollectionProfile field is set to the value of the last call. +func (b *PrometheusConfigApplyConfiguration) WithCollectionProfile(value configv1alpha1.CollectionProfile) *PrometheusConfigApplyConfiguration { + b.CollectionProfile = &value + return b +} + +// WithVolumeClaimTemplate sets the VolumeClaimTemplate field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the VolumeClaimTemplate field is set to the value of the last call. +func (b *PrometheusConfigApplyConfiguration) WithVolumeClaimTemplate(value v1.PersistentVolumeClaim) *PrometheusConfigApplyConfiguration { + b.VolumeClaimTemplate = &value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/prometheusremotewriteheader.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/prometheusremotewriteheader.go new file mode 100644 index 0000000000..53e21d1f9d --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/prometheusremotewriteheader.go @@ -0,0 +1,40 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +// PrometheusRemoteWriteHeaderApplyConfiguration represents a declarative configuration of the PrometheusRemoteWriteHeader type for use +// with apply. +// +// PrometheusRemoteWriteHeader defines a custom HTTP header for remote write requests. +// The header name must not be one of the reserved headers set by Prometheus (Host, Authorization, Content-Encoding, Content-Type, X-Prometheus-Remote-Write-Version, User-Agent, Connection, Keep-Alive, Proxy-Authenticate, Proxy-Authorization, WWW-Authenticate). +// Header names must contain only case-insensitive alphanumeric characters, hyphens (-), and underscores (_); other characters (e.g. emoji) are rejected by validation. +// Validation is enforced on the Headers field in RemoteWriteSpec. +type PrometheusRemoteWriteHeaderApplyConfiguration struct { + // name is the HTTP header name. Must not be a reserved header (see type documentation). + // Must contain only alphanumeric characters, hyphens, and underscores; invalid characters are rejected. Must be between 1 and 256 characters. + Name *string `json:"name,omitempty"` + // value is the HTTP header value. Must be at most 4096 characters. + Value *string `json:"value,omitempty"` +} + +// PrometheusRemoteWriteHeaderApplyConfiguration constructs a declarative configuration of the PrometheusRemoteWriteHeader type for use with +// apply. +func PrometheusRemoteWriteHeader() *PrometheusRemoteWriteHeaderApplyConfiguration { + return &PrometheusRemoteWriteHeaderApplyConfiguration{} +} + +// WithName sets the Name field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Name field is set to the value of the last call. +func (b *PrometheusRemoteWriteHeaderApplyConfiguration) WithName(value string) *PrometheusRemoteWriteHeaderApplyConfiguration { + b.Name = &value + return b +} + +// WithValue sets the Value field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Value field is set to the value of the last call. +func (b *PrometheusRemoteWriteHeaderApplyConfiguration) WithValue(value string) *PrometheusRemoteWriteHeaderApplyConfiguration { + b.Value = &value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/queueconfig.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/queueconfig.go new file mode 100644 index 0000000000..a24ff44ace --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/queueconfig.go @@ -0,0 +1,129 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + configv1alpha1 "github.com/openshift/api/config/v1alpha1" +) + +// QueueConfigApplyConfiguration represents a declarative configuration of the QueueConfig type for use +// with apply. +// +// QueueConfig allows tuning configuration for remote write queue parameters. +// Configure this when you need to control throughput, backpressure, or retry behavior—for example to avoid overloading the remote endpoint, to reduce memory usage, or to tune for high-cardinality workloads. Consider capacity, maxShards, and batchSendDeadlineSeconds for throughput; minBackoffMilliseconds and maxBackoffMilliseconds for retries; and rateLimitedAction when the remote returns HTTP 429. +type QueueConfigApplyConfiguration struct { + // capacity is the number of samples to buffer per shard before we start dropping them. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // The default value is 10000. + // Minimum value is 1. + // Maximum value is 1000000. + Capacity *int32 `json:"capacity,omitempty"` + // maxShards is the maximum number of shards, i.e. amount of concurrency. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // The default value is 200. + // Minimum value is 1. + // Maximum value is 10000. + MaxShards *int32 `json:"maxShards,omitempty"` + // minShards is the minimum number of shards, i.e. amount of concurrency. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // The default value is 1. + // Minimum value is 1. + // Maximum value is 10000. + MinShards *int32 `json:"minShards,omitempty"` + // maxSamplesPerSend is the maximum number of samples per send. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // The default value is 1000. + // Minimum value is 1. + // Maximum value is 100000. + MaxSamplesPerSend *int32 `json:"maxSamplesPerSend,omitempty"` + // batchSendDeadlineSeconds is the maximum time in seconds a sample will wait in buffer before being sent. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // Minimum value is 1 second. + // Maximum value is 3600 seconds (1 hour). + BatchSendDeadlineSeconds *int32 `json:"batchSendDeadlineSeconds,omitempty"` + // minBackoffMilliseconds is the minimum retry delay in milliseconds. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // Minimum value is 1 millisecond. + // Maximum value is 3600000 milliseconds (1 hour). + MinBackoffMilliseconds *int32 `json:"minBackoffMilliseconds,omitempty"` + // maxBackoffMilliseconds is the maximum retry delay in milliseconds. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // Minimum value is 1 millisecond. + // Maximum value is 3600000 milliseconds (1 hour). + MaxBackoffMilliseconds *int32 `json:"maxBackoffMilliseconds,omitempty"` + // rateLimitedAction controls what to do when the remote write endpoint returns HTTP 429 (Too Many Requests). + // When omitted, no retries are performed on rate limit responses. + // When set to "Retry", Prometheus will retry such requests using the backoff settings above. + // Valid value when set is "Retry". + RateLimitedAction *configv1alpha1.RateLimitedAction `json:"rateLimitedAction,omitempty"` +} + +// QueueConfigApplyConfiguration constructs a declarative configuration of the QueueConfig type for use with +// apply. +func QueueConfig() *QueueConfigApplyConfiguration { + return &QueueConfigApplyConfiguration{} +} + +// WithCapacity sets the Capacity field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Capacity field is set to the value of the last call. +func (b *QueueConfigApplyConfiguration) WithCapacity(value int32) *QueueConfigApplyConfiguration { + b.Capacity = &value + return b +} + +// WithMaxShards sets the MaxShards field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the MaxShards field is set to the value of the last call. +func (b *QueueConfigApplyConfiguration) WithMaxShards(value int32) *QueueConfigApplyConfiguration { + b.MaxShards = &value + return b +} + +// WithMinShards sets the MinShards field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the MinShards field is set to the value of the last call. +func (b *QueueConfigApplyConfiguration) WithMinShards(value int32) *QueueConfigApplyConfiguration { + b.MinShards = &value + return b +} + +// WithMaxSamplesPerSend sets the MaxSamplesPerSend field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the MaxSamplesPerSend field is set to the value of the last call. +func (b *QueueConfigApplyConfiguration) WithMaxSamplesPerSend(value int32) *QueueConfigApplyConfiguration { + b.MaxSamplesPerSend = &value + return b +} + +// WithBatchSendDeadlineSeconds sets the BatchSendDeadlineSeconds field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the BatchSendDeadlineSeconds field is set to the value of the last call. +func (b *QueueConfigApplyConfiguration) WithBatchSendDeadlineSeconds(value int32) *QueueConfigApplyConfiguration { + b.BatchSendDeadlineSeconds = &value + return b +} + +// WithMinBackoffMilliseconds sets the MinBackoffMilliseconds field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the MinBackoffMilliseconds field is set to the value of the last call. +func (b *QueueConfigApplyConfiguration) WithMinBackoffMilliseconds(value int32) *QueueConfigApplyConfiguration { + b.MinBackoffMilliseconds = &value + return b +} + +// WithMaxBackoffMilliseconds sets the MaxBackoffMilliseconds field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the MaxBackoffMilliseconds field is set to the value of the last call. +func (b *QueueConfigApplyConfiguration) WithMaxBackoffMilliseconds(value int32) *QueueConfigApplyConfiguration { + b.MaxBackoffMilliseconds = &value + return b +} + +// WithRateLimitedAction sets the RateLimitedAction field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the RateLimitedAction field is set to the value of the last call. +func (b *QueueConfigApplyConfiguration) WithRateLimitedAction(value configv1alpha1.RateLimitedAction) *QueueConfigApplyConfiguration { + b.RateLimitedAction = &value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/relabelactionconfig.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/relabelactionconfig.go new file mode 100644 index 0000000000..cfcfc7b5cc --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/relabelactionconfig.go @@ -0,0 +1,135 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + configv1alpha1 "github.com/openshift/api/config/v1alpha1" +) + +// RelabelActionConfigApplyConfiguration represents a declarative configuration of the RelabelActionConfig type for use +// with apply. +// +// RelabelActionConfig represents the action to perform and its configuration. +// Exactly one action-specific configuration must be specified based on the action type. +type RelabelActionConfigApplyConfiguration struct { + // type specifies the action to perform on the matched labels. + // Allowed values are Replace, Lowercase, Uppercase, Keep, Drop, KeepEqual, DropEqual, HashMod, LabelMap, LabelDrop, LabelKeep. + // + // When set to Replace, regex is matched against the concatenated source_labels; target_label is set to replacement with match group references (${1}, ${2}, ...) substituted. If regex does not match, no replacement takes place. + // + // When set to Lowercase, the concatenated source_labels are mapped to their lower case. Requires Prometheus >= v2.36.0. + // + // When set to Uppercase, the concatenated source_labels are mapped to their upper case. Requires Prometheus >= v2.36.0. + // + // When set to Keep, targets for which regex does not match the concatenated source_labels are dropped. + // + // When set to Drop, targets for which regex matches the concatenated source_labels are dropped. + // + // When set to KeepEqual, targets for which the concatenated source_labels do not match target_label are dropped. Requires Prometheus >= v2.41.0. + // + // When set to DropEqual, targets for which the concatenated source_labels do match target_label are dropped. Requires Prometheus >= v2.41.0. + // + // When set to HashMod, target_label is set to the modulus of a hash of the concatenated source_labels. + // + // When set to LabelMap, regex is matched against all source label names (not just source_labels); matching label values are copied to new names given by replacement with ${1}, ${2}, ... substituted. + // + // When set to LabelDrop, regex is matched against all label names; any label that matches is removed. + // + // When set to LabelKeep, regex is matched against all label names; any label that does not match is removed. + Type *configv1alpha1.RelabelAction `json:"type,omitempty"` + // replace configures the Replace action. + // Required when type is Replace, and forbidden otherwise. + Replace *ReplaceActionConfigApplyConfiguration `json:"replace,omitempty"` + // hashMod configures the HashMod action. + // Required when type is HashMod, and forbidden otherwise. + HashMod *HashModActionConfigApplyConfiguration `json:"hashMod,omitempty"` + // labelMap configures the LabelMap action. + // Required when type is LabelMap, and forbidden otherwise. + LabelMap *LabelMapActionConfigApplyConfiguration `json:"labelMap,omitempty"` + // lowercase configures the Lowercase action. + // Required when type is Lowercase, and forbidden otherwise. + // Requires Prometheus >= v2.36.0. + Lowercase *LowercaseActionConfigApplyConfiguration `json:"lowercase,omitempty"` + // uppercase configures the Uppercase action. + // Required when type is Uppercase, and forbidden otherwise. + // Requires Prometheus >= v2.36.0. + Uppercase *UppercaseActionConfigApplyConfiguration `json:"uppercase,omitempty"` + // keepEqual configures the KeepEqual action. + // Required when type is KeepEqual, and forbidden otherwise. + // Requires Prometheus >= v2.41.0. + KeepEqual *KeepEqualActionConfigApplyConfiguration `json:"keepEqual,omitempty"` + // dropEqual configures the DropEqual action. + // Required when type is DropEqual, and forbidden otherwise. + // Requires Prometheus >= v2.41.0. + DropEqual *DropEqualActionConfigApplyConfiguration `json:"dropEqual,omitempty"` +} + +// RelabelActionConfigApplyConfiguration constructs a declarative configuration of the RelabelActionConfig type for use with +// apply. +func RelabelActionConfig() *RelabelActionConfigApplyConfiguration { + return &RelabelActionConfigApplyConfiguration{} +} + +// WithType sets the Type field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Type field is set to the value of the last call. +func (b *RelabelActionConfigApplyConfiguration) WithType(value configv1alpha1.RelabelAction) *RelabelActionConfigApplyConfiguration { + b.Type = &value + return b +} + +// WithReplace sets the Replace field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Replace field is set to the value of the last call. +func (b *RelabelActionConfigApplyConfiguration) WithReplace(value *ReplaceActionConfigApplyConfiguration) *RelabelActionConfigApplyConfiguration { + b.Replace = value + return b +} + +// WithHashMod sets the HashMod field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the HashMod field is set to the value of the last call. +func (b *RelabelActionConfigApplyConfiguration) WithHashMod(value *HashModActionConfigApplyConfiguration) *RelabelActionConfigApplyConfiguration { + b.HashMod = value + return b +} + +// WithLabelMap sets the LabelMap field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the LabelMap field is set to the value of the last call. +func (b *RelabelActionConfigApplyConfiguration) WithLabelMap(value *LabelMapActionConfigApplyConfiguration) *RelabelActionConfigApplyConfiguration { + b.LabelMap = value + return b +} + +// WithLowercase sets the Lowercase field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Lowercase field is set to the value of the last call. +func (b *RelabelActionConfigApplyConfiguration) WithLowercase(value *LowercaseActionConfigApplyConfiguration) *RelabelActionConfigApplyConfiguration { + b.Lowercase = value + return b +} + +// WithUppercase sets the Uppercase field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Uppercase field is set to the value of the last call. +func (b *RelabelActionConfigApplyConfiguration) WithUppercase(value *UppercaseActionConfigApplyConfiguration) *RelabelActionConfigApplyConfiguration { + b.Uppercase = value + return b +} + +// WithKeepEqual sets the KeepEqual field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the KeepEqual field is set to the value of the last call. +func (b *RelabelActionConfigApplyConfiguration) WithKeepEqual(value *KeepEqualActionConfigApplyConfiguration) *RelabelActionConfigApplyConfiguration { + b.KeepEqual = value + return b +} + +// WithDropEqual sets the DropEqual field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the DropEqual field is set to the value of the last call. +func (b *RelabelActionConfigApplyConfiguration) WithDropEqual(value *DropEqualActionConfigApplyConfiguration) *RelabelActionConfigApplyConfiguration { + b.DropEqual = value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/relabelconfig.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/relabelconfig.go new file mode 100644 index 0000000000..efe191727e --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/relabelconfig.go @@ -0,0 +1,89 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +// RelabelConfigApplyConfiguration represents a declarative configuration of the RelabelConfig type for use +// with apply. +// +// RelabelConfig represents a relabeling rule. +type RelabelConfigApplyConfiguration struct { + // name is a unique identifier for this relabel configuration. + // Must contain only alphanumeric characters, hyphens, and underscores. + // Must be between 1 and 63 characters in length. + Name *string `json:"name,omitempty"` + // sourceLabels specifies which label names to extract from each series for this relabeling rule. + // The values of these labels are joined together using the configured separator, + // and the resulting string is then matched against the regular expression. + // If a referenced label does not exist on a series, Prometheus substitutes an empty string. + // When omitted, the rule operates without extracting source labels (useful for actions like labelmap). + // Minimum of 1 and maximum of 10 source labels can be specified, each between 1 and 128 characters. + // Each entry must be unique. + // Label names beginning with "__" (two underscores) are reserved for internal Prometheus use and are not allowed. + // Label names SHOULD start with a letter (a-z, A-Z) or underscore (_), followed by zero or more letters, digits (0-9), or underscores for best compatibility. + // While Prometheus supports UTF-8 characters in label names (since v3.0.0), using the recommended character set + // ensures better compatibility with the wider ecosystem (tooling, third-party instrumentation, etc.). + SourceLabels []string `json:"sourceLabels,omitempty"` + // separator is the character sequence used to join source label values. + // Common examples: ";", ",", "::", "|||". + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // The default value is ";". + // Must be between 1 and 5 characters in length when specified. + Separator *string `json:"separator,omitempty"` + // regex is the regular expression to match against the concatenated source label values. + // Must be a valid RE2 regular expression (https://github.com/google/re2/wiki/Syntax). + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // The default value is "(.*)" to match everything. + // Must be between 1 and 1000 characters in length when specified. + Regex *string `json:"regex,omitempty"` + // action defines the action to perform on the matched labels and its configuration. + // Exactly one action-specific configuration must be specified based on the action type. + Action *RelabelActionConfigApplyConfiguration `json:"action,omitempty"` +} + +// RelabelConfigApplyConfiguration constructs a declarative configuration of the RelabelConfig type for use with +// apply. +func RelabelConfig() *RelabelConfigApplyConfiguration { + return &RelabelConfigApplyConfiguration{} +} + +// WithName sets the Name field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Name field is set to the value of the last call. +func (b *RelabelConfigApplyConfiguration) WithName(value string) *RelabelConfigApplyConfiguration { + b.Name = &value + return b +} + +// WithSourceLabels adds the given value to the SourceLabels field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the SourceLabels field. +func (b *RelabelConfigApplyConfiguration) WithSourceLabels(values ...string) *RelabelConfigApplyConfiguration { + for i := range values { + b.SourceLabels = append(b.SourceLabels, values[i]) + } + return b +} + +// WithSeparator sets the Separator field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Separator field is set to the value of the last call. +func (b *RelabelConfigApplyConfiguration) WithSeparator(value string) *RelabelConfigApplyConfiguration { + b.Separator = &value + return b +} + +// WithRegex sets the Regex field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Regex field is set to the value of the last call. +func (b *RelabelConfigApplyConfiguration) WithRegex(value string) *RelabelConfigApplyConfiguration { + b.Regex = &value + return b +} + +// WithAction sets the Action field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Action field is set to the value of the last call. +func (b *RelabelConfigApplyConfiguration) WithAction(value *RelabelActionConfigApplyConfiguration) *RelabelConfigApplyConfiguration { + b.Action = value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/remotewriteauthorization.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/remotewriteauthorization.go new file mode 100644 index 0000000000..c32870d760 --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/remotewriteauthorization.go @@ -0,0 +1,100 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + configv1alpha1 "github.com/openshift/api/config/v1alpha1" + v1 "k8s.io/api/core/v1" +) + +// RemoteWriteAuthorizationApplyConfiguration represents a declarative configuration of the RemoteWriteAuthorization type for use +// with apply. +// +// RemoteWriteAuthorization defines the authorization method for a remote write endpoint. +// Exactly one of the nested configs must be set according to the type discriminator. +type RemoteWriteAuthorizationApplyConfiguration struct { + // type specifies the authorization method to use. + // Allowed values are BearerToken, BasicAuth, OAuth2, SigV4, SafeAuthorization, ServiceAccount. + // + // When set to BearerToken, the bearer token is read from a Secret referenced by the bearerToken field. + // + // When set to BasicAuth, HTTP basic authentication is used; the basicAuth field (username and password from Secrets) must be set. + // + // When set to OAuth2, OAuth2 client credentials flow is used; the oauth2 field (clientId, clientSecret, tokenUrl) must be set. + // + // When set to SigV4, AWS Signature Version 4 is used for authentication; the sigv4 field must be set. + // + // When set to SafeAuthorization, credentials are read from a single Secret key (Prometheus SafeAuthorization pattern). The secret key typically contains a Bearer token. Use the safeAuthorization field. + // + // When set to ServiceAccount, the pod's service account token is used for machine identity. No additional field is required; the operator configures the token path. + Type *configv1alpha1.RemoteWriteAuthorizationType `json:"type,omitempty"` + // safeAuthorization defines the secret reference containing the credentials for authentication (e.g. Bearer token). + // Required when type is "SafeAuthorization", and forbidden otherwise. Maps to Prometheus SafeAuthorization. The secret must exist in the openshift-monitoring namespace. + SafeAuthorization *v1.SecretKeySelector `json:"safeAuthorization,omitempty"` + // bearerToken defines the secret reference containing the bearer token. + // Required when type is "BearerToken", and forbidden otherwise. + BearerToken *SecretKeySelectorApplyConfiguration `json:"bearerToken,omitempty"` + // basicAuth defines HTTP basic authentication credentials. + // Required when type is "BasicAuth", and forbidden otherwise. + BasicAuth *BasicAuthApplyConfiguration `json:"basicAuth,omitempty"` + // oauth2 defines OAuth2 client credentials authentication. + // Required when type is "OAuth2", and forbidden otherwise. + OAuth2 *OAuth2ApplyConfiguration `json:"oauth2,omitempty"` + // sigv4 defines AWS Signature Version 4 authentication. + // Required when type is "SigV4", and forbidden otherwise. + Sigv4 *Sigv4ApplyConfiguration `json:"sigv4,omitempty"` +} + +// RemoteWriteAuthorizationApplyConfiguration constructs a declarative configuration of the RemoteWriteAuthorization type for use with +// apply. +func RemoteWriteAuthorization() *RemoteWriteAuthorizationApplyConfiguration { + return &RemoteWriteAuthorizationApplyConfiguration{} +} + +// WithType sets the Type field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Type field is set to the value of the last call. +func (b *RemoteWriteAuthorizationApplyConfiguration) WithType(value configv1alpha1.RemoteWriteAuthorizationType) *RemoteWriteAuthorizationApplyConfiguration { + b.Type = &value + return b +} + +// WithSafeAuthorization sets the SafeAuthorization field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the SafeAuthorization field is set to the value of the last call. +func (b *RemoteWriteAuthorizationApplyConfiguration) WithSafeAuthorization(value v1.SecretKeySelector) *RemoteWriteAuthorizationApplyConfiguration { + b.SafeAuthorization = &value + return b +} + +// WithBearerToken sets the BearerToken field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the BearerToken field is set to the value of the last call. +func (b *RemoteWriteAuthorizationApplyConfiguration) WithBearerToken(value *SecretKeySelectorApplyConfiguration) *RemoteWriteAuthorizationApplyConfiguration { + b.BearerToken = value + return b +} + +// WithBasicAuth sets the BasicAuth field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the BasicAuth field is set to the value of the last call. +func (b *RemoteWriteAuthorizationApplyConfiguration) WithBasicAuth(value *BasicAuthApplyConfiguration) *RemoteWriteAuthorizationApplyConfiguration { + b.BasicAuth = value + return b +} + +// WithOAuth2 sets the OAuth2 field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the OAuth2 field is set to the value of the last call. +func (b *RemoteWriteAuthorizationApplyConfiguration) WithOAuth2(value *OAuth2ApplyConfiguration) *RemoteWriteAuthorizationApplyConfiguration { + b.OAuth2 = value + return b +} + +// WithSigv4 sets the Sigv4 field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Sigv4 field is set to the value of the last call. +func (b *RemoteWriteAuthorizationApplyConfiguration) WithSigv4(value *Sigv4ApplyConfiguration) *RemoteWriteAuthorizationApplyConfiguration { + b.Sigv4 = value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/remotewritespec.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/remotewritespec.go new file mode 100644 index 0000000000..cbb3c0dbcf --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/remotewritespec.go @@ -0,0 +1,175 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + configv1alpha1 "github.com/openshift/api/config/v1alpha1" +) + +// RemoteWriteSpecApplyConfiguration represents a declarative configuration of the RemoteWriteSpec type for use +// with apply. +// +// RemoteWriteSpec represents configuration for remote write endpoints. +type RemoteWriteSpecApplyConfiguration struct { + // url is the URL of the remote write endpoint. + // Must be a valid URL with http or https scheme and a non-empty hostname. + // Query parameters, fragments, and user information (e.g. user:password@host) are not allowed. + // Empty string is invalid. Must be between 1 and 2048 characters in length. + URL *string `json:"url,omitempty"` + // name is a required identifier for this remote write configuration (name is the list key for the remoteWrite list). + // This name is used in metrics and logging to differentiate remote write queues. + // Must contain only alphanumeric characters, hyphens, and underscores. + // Must be between 1 and 63 characters in length. + Name *string `json:"name,omitempty"` + // authorization defines the authorization method for the remote write endpoint. + // When omitted, no authorization is performed. + // When set, type must be one of BearerToken, BasicAuth, OAuth2, SigV4, SafeAuthorization, or ServiceAccount; the corresponding nested config must be set (ServiceAccount has no config). + AuthorizationConfig *RemoteWriteAuthorizationApplyConfiguration `json:"authorization,omitempty"` + // headers specifies the custom HTTP headers to be sent along with each remote write request. + // Sending custom headers makes the configuration of a proxy in between optional and helps the + // receiver recognize the given source better. + // Clients MAY allow users to send custom HTTP headers; they MUST NOT allow users to configure + // them in such a way as to send reserved headers. Headers set by Prometheus cannot be overwritten. + // When omitted, no custom headers are sent. + // Maximum of 50 headers can be specified. Each header name must be unique. + // Each header name must contain only alphanumeric characters, hyphens, and underscores, and must not be a reserved Prometheus header (Host, Authorization, Content-Encoding, Content-Type, X-Prometheus-Remote-Write-Version, User-Agent, Connection, Keep-Alive, Proxy-Authenticate, Proxy-Authorization, WWW-Authenticate). + Headers []PrometheusRemoteWriteHeaderApplyConfiguration `json:"headers,omitempty"` + // metadataConfig configures the sending of series metadata to remote storage. + // When omitted, no metadata is sent. + // When set to sendPolicy: Default, metadata is sent using platform-chosen defaults (e.g. send interval 30 seconds). + // When set to sendPolicy: Custom, metadata is sent using the settings in the custom field (e.g. custom.sendIntervalSeconds). + MetadataConfig *MetadataConfigApplyConfiguration `json:"metadataConfig,omitempty"` + // proxyUrl defines an optional proxy URL. + // If the cluster-wide proxy is enabled, it replaces the proxyUrl setting. + // The cluster-wide proxy supports both HTTP and HTTPS proxies, with HTTPS taking precedence. + // When omitted, no proxy is used. + // Must be a valid URL with http or https scheme. + // Must be between 1 and 2048 characters in length. + ProxyURL *string `json:"proxyUrl,omitempty"` + // queueConfig allows tuning configuration for remote write queue parameters. + // When omitted, default queue configuration is used. + QueueConfig *QueueConfigApplyConfiguration `json:"queueConfig,omitempty"` + // remoteTimeoutSeconds defines the timeout in seconds for requests to the remote write endpoint. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // Minimum value is 1 second. + // Maximum value is 600 seconds (10 minutes). + RemoteTimeoutSeconds *int32 `json:"remoteTimeoutSeconds,omitempty"` + // exemplarsMode controls whether exemplars are sent via remote write. + // Valid values are "Send", "DoNotSend" and omitted. + // When set to "Send", Prometheus is configured to store a maximum of 100,000 exemplars in memory and send them with remote write. + // Note that this setting only applies to user-defined monitoring. It is not applicable to default in-cluster monitoring. + // When omitted or set to "DoNotSend", exemplars are not sent. + ExemplarsMode *configv1alpha1.ExemplarsMode `json:"exemplarsMode,omitempty"` + // tlsConfig defines TLS authentication settings for the remote write endpoint. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + TLSConfig *TLSConfigApplyConfiguration `json:"tlsConfig,omitempty"` + // writeRelabelConfigs is a list of relabeling rules to apply before sending data to the remote endpoint. + // When omitted, no relabeling is performed and all metrics are sent as-is. + // Minimum of 1 and maximum of 10 relabeling rules can be specified. + // Each rule must have a unique name. + WriteRelabelConfigs []RelabelConfigApplyConfiguration `json:"writeRelabelConfigs,omitempty"` +} + +// RemoteWriteSpecApplyConfiguration constructs a declarative configuration of the RemoteWriteSpec type for use with +// apply. +func RemoteWriteSpec() *RemoteWriteSpecApplyConfiguration { + return &RemoteWriteSpecApplyConfiguration{} +} + +// WithURL sets the URL field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the URL field is set to the value of the last call. +func (b *RemoteWriteSpecApplyConfiguration) WithURL(value string) *RemoteWriteSpecApplyConfiguration { + b.URL = &value + return b +} + +// WithName sets the Name field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Name field is set to the value of the last call. +func (b *RemoteWriteSpecApplyConfiguration) WithName(value string) *RemoteWriteSpecApplyConfiguration { + b.Name = &value + return b +} + +// WithAuthorizationConfig sets the AuthorizationConfig field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the AuthorizationConfig field is set to the value of the last call. +func (b *RemoteWriteSpecApplyConfiguration) WithAuthorizationConfig(value *RemoteWriteAuthorizationApplyConfiguration) *RemoteWriteSpecApplyConfiguration { + b.AuthorizationConfig = value + return b +} + +// WithHeaders adds the given value to the Headers field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Headers field. +func (b *RemoteWriteSpecApplyConfiguration) WithHeaders(values ...*PrometheusRemoteWriteHeaderApplyConfiguration) *RemoteWriteSpecApplyConfiguration { + for i := range values { + if values[i] == nil { + panic("nil value passed to WithHeaders") + } + b.Headers = append(b.Headers, *values[i]) + } + return b +} + +// WithMetadataConfig sets the MetadataConfig field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the MetadataConfig field is set to the value of the last call. +func (b *RemoteWriteSpecApplyConfiguration) WithMetadataConfig(value *MetadataConfigApplyConfiguration) *RemoteWriteSpecApplyConfiguration { + b.MetadataConfig = value + return b +} + +// WithProxyURL sets the ProxyURL field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ProxyURL field is set to the value of the last call. +func (b *RemoteWriteSpecApplyConfiguration) WithProxyURL(value string) *RemoteWriteSpecApplyConfiguration { + b.ProxyURL = &value + return b +} + +// WithQueueConfig sets the QueueConfig field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the QueueConfig field is set to the value of the last call. +func (b *RemoteWriteSpecApplyConfiguration) WithQueueConfig(value *QueueConfigApplyConfiguration) *RemoteWriteSpecApplyConfiguration { + b.QueueConfig = value + return b +} + +// WithRemoteTimeoutSeconds sets the RemoteTimeoutSeconds field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the RemoteTimeoutSeconds field is set to the value of the last call. +func (b *RemoteWriteSpecApplyConfiguration) WithRemoteTimeoutSeconds(value int32) *RemoteWriteSpecApplyConfiguration { + b.RemoteTimeoutSeconds = &value + return b +} + +// WithExemplarsMode sets the ExemplarsMode field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ExemplarsMode field is set to the value of the last call. +func (b *RemoteWriteSpecApplyConfiguration) WithExemplarsMode(value configv1alpha1.ExemplarsMode) *RemoteWriteSpecApplyConfiguration { + b.ExemplarsMode = &value + return b +} + +// WithTLSConfig sets the TLSConfig field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the TLSConfig field is set to the value of the last call. +func (b *RemoteWriteSpecApplyConfiguration) WithTLSConfig(value *TLSConfigApplyConfiguration) *RemoteWriteSpecApplyConfiguration { + b.TLSConfig = value + return b +} + +// WithWriteRelabelConfigs adds the given value to the WriteRelabelConfigs field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the WriteRelabelConfigs field. +func (b *RemoteWriteSpecApplyConfiguration) WithWriteRelabelConfigs(values ...*RelabelConfigApplyConfiguration) *RemoteWriteSpecApplyConfiguration { + for i := range values { + if values[i] == nil { + panic("nil value passed to WithWriteRelabelConfigs") + } + b.WriteRelabelConfigs = append(b.WriteRelabelConfigs, *values[i]) + } + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/replaceactionconfig.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/replaceactionconfig.go new file mode 100644 index 0000000000..7b9766c11b --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/replaceactionconfig.go @@ -0,0 +1,41 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +// ReplaceActionConfigApplyConfiguration represents a declarative configuration of the ReplaceActionConfig type for use +// with apply. +// +// ReplaceActionConfig configures the Replace action. +// Regex is matched against the concatenated source_labels; target_label is set to replacement with match group references (${1}, ${2}, ...) substituted. No replacement if regex does not match. +type ReplaceActionConfigApplyConfiguration struct { + // targetLabel is the label name where the replacement result is written. + // Must be between 1 and 128 characters in length. + TargetLabel *string `json:"targetLabel,omitempty"` + // replacement is the value written to target_label when regex matches; match group references (${1}, ${2}, ...) are substituted. + // Required when using the Replace action so the intended behavior is explicit and the platform does not need to apply defaults. + // Use "$1" for the first capture group, "$2" for the second, etc. Use an empty string ("") to explicitly clear the target label value. + // Must be between 0 and 255 characters in length. + Replacement *string `json:"replacement,omitempty"` +} + +// ReplaceActionConfigApplyConfiguration constructs a declarative configuration of the ReplaceActionConfig type for use with +// apply. +func ReplaceActionConfig() *ReplaceActionConfigApplyConfiguration { + return &ReplaceActionConfigApplyConfiguration{} +} + +// WithTargetLabel sets the TargetLabel field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the TargetLabel field is set to the value of the last call. +func (b *ReplaceActionConfigApplyConfiguration) WithTargetLabel(value string) *ReplaceActionConfigApplyConfiguration { + b.TargetLabel = &value + return b +} + +// WithReplacement sets the Replacement field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Replacement field is set to the value of the last call. +func (b *ReplaceActionConfigApplyConfiguration) WithReplacement(value string) *ReplaceActionConfigApplyConfiguration { + b.Replacement = &value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/retention.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/retention.go new file mode 100644 index 0000000000..2ca903f21f --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/retention.go @@ -0,0 +1,46 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +// RetentionApplyConfiguration represents a declarative configuration of the Retention type for use +// with apply. +// +// Retention configures how long Prometheus retains metrics data and how much storage it can use. +type RetentionApplyConfiguration struct { + // durationInDays specifies how many days Prometheus will retain metrics data. + // Prometheus automatically deletes data older than this duration. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // The default value is 15. + // Minimum value is 1 day. + // Maximum value is 365 days (1 year). + DurationInDays *int32 `json:"durationInDays,omitempty"` + // sizeInGiB specifies the maximum storage size in gibibytes (GiB) that Prometheus + // can use for data blocks and the write-ahead log (WAL). + // When the limit is reached, Prometheus will delete oldest data first. + // When omitted, no size limit is enforced and Prometheus uses available PersistentVolume capacity. + // Minimum value is 1 GiB. + // Maximum value is 16384 GiB (16 TiB). + SizeInGiB *int32 `json:"sizeInGiB,omitempty"` +} + +// RetentionApplyConfiguration constructs a declarative configuration of the Retention type for use with +// apply. +func Retention() *RetentionApplyConfiguration { + return &RetentionApplyConfiguration{} +} + +// WithDurationInDays sets the DurationInDays field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the DurationInDays field is set to the value of the last call. +func (b *RetentionApplyConfiguration) WithDurationInDays(value int32) *RetentionApplyConfiguration { + b.DurationInDays = &value + return b +} + +// WithSizeInGiB sets the SizeInGiB field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the SizeInGiB field is set to the value of the last call. +func (b *RetentionApplyConfiguration) WithSizeInGiB(value int32) *RetentionApplyConfiguration { + b.SizeInGiB = &value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/rsakeyconfig.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/rsakeyconfig.go new file mode 100644 index 0000000000..89bccbf4fd --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/rsakeyconfig.go @@ -0,0 +1,27 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +// RSAKeyConfigApplyConfiguration represents a declarative configuration of the RSAKeyConfig type for use +// with apply. +// +// RSAKeyConfig specifies parameters for RSA key generation. +type RSAKeyConfigApplyConfiguration struct { + // keySize specifies the size of RSA keys in bits. + // Valid values are multiples of 1024 from 2048 to 8192. + KeySize *int32 `json:"keySize,omitempty"` +} + +// RSAKeyConfigApplyConfiguration constructs a declarative configuration of the RSAKeyConfig type for use with +// apply. +func RSAKeyConfig() *RSAKeyConfigApplyConfiguration { + return &RSAKeyConfigApplyConfiguration{} +} + +// WithKeySize sets the KeySize field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the KeySize field is set to the value of the last call. +func (b *RSAKeyConfigApplyConfiguration) WithKeySize(value int32) *RSAKeyConfigApplyConfiguration { + b.KeySize = &value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/secretkeyselector.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/secretkeyselector.go new file mode 100644 index 0000000000..a824180eda --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/secretkeyselector.go @@ -0,0 +1,40 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +// SecretKeySelectorApplyConfiguration represents a declarative configuration of the SecretKeySelector type for use +// with apply. +// +// SecretKeySelector selects a key of a Secret in the `openshift-monitoring` namespace. +type SecretKeySelectorApplyConfiguration struct { + // name is the name of the secret in the `openshift-monitoring` namespace to select from. + // Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + // Must be between 1 and 253 characters in length. + Name *string `json:"name,omitempty"` + // key is the key of the secret to select from. + // Must consist of alphanumeric characters, '-', '_', or '.'. + // Must be between 1 and 253 characters in length. + Key *string `json:"key,omitempty"` +} + +// SecretKeySelectorApplyConfiguration constructs a declarative configuration of the SecretKeySelector type for use with +// apply. +func SecretKeySelector() *SecretKeySelectorApplyConfiguration { + return &SecretKeySelectorApplyConfiguration{} +} + +// WithName sets the Name field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Name field is set to the value of the last call. +func (b *SecretKeySelectorApplyConfiguration) WithName(value string) *SecretKeySelectorApplyConfiguration { + b.Name = &value + return b +} + +// WithKey sets the Key field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Key field is set to the value of the last call. +func (b *SecretKeySelectorApplyConfiguration) WithKey(value string) *SecretKeySelectorApplyConfiguration { + b.Key = &value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/sigv4.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/sigv4.go new file mode 100644 index 0000000000..e0e37c4fdb --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/sigv4.go @@ -0,0 +1,78 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +// Sigv4ApplyConfiguration represents a declarative configuration of the Sigv4 type for use +// with apply. +// +// Sigv4 defines AWS Signature Version 4 authentication settings. +// At least one of region, accessKey/secretKey, profile, or roleArn must be set so the platform can perform authentication. +type Sigv4ApplyConfiguration struct { + // region is the AWS region. + // When omitted, the region is derived from the environment or instance metadata. + // Must be between 1 and 128 characters. + Region *string `json:"region,omitempty"` + // accessKey defines the secret reference containing the AWS access key ID. + // The secret must exist in the openshift-monitoring namespace. + // When omitted, the access key is derived from the environment or instance metadata. + AccessKey *SecretKeySelectorApplyConfiguration `json:"accessKey,omitempty"` + // secretKey defines the secret reference containing the AWS secret access key. + // The secret must exist in the openshift-monitoring namespace. + // When omitted, the secret key is derived from the environment or instance metadata. + SecretKey *SecretKeySelectorApplyConfiguration `json:"secretKey,omitempty"` + // profile is the named AWS profile used to authenticate. + // When omitted, the default profile is used. + // Must be between 1 and 128 characters. + Profile *string `json:"profile,omitempty"` + // roleArn is the AWS Role ARN, an alternative to using AWS API keys. + // When omitted, API keys are used for authentication. + // Must be a valid AWS ARN format (e.g., "arn:aws:iam::123456789012:role/MyRole"). + // Must be between 1 and 512 characters. + RoleArn *string `json:"roleArn,omitempty"` +} + +// Sigv4ApplyConfiguration constructs a declarative configuration of the Sigv4 type for use with +// apply. +func Sigv4() *Sigv4ApplyConfiguration { + return &Sigv4ApplyConfiguration{} +} + +// WithRegion sets the Region field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Region field is set to the value of the last call. +func (b *Sigv4ApplyConfiguration) WithRegion(value string) *Sigv4ApplyConfiguration { + b.Region = &value + return b +} + +// WithAccessKey sets the AccessKey field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the AccessKey field is set to the value of the last call. +func (b *Sigv4ApplyConfiguration) WithAccessKey(value *SecretKeySelectorApplyConfiguration) *Sigv4ApplyConfiguration { + b.AccessKey = value + return b +} + +// WithSecretKey sets the SecretKey field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the SecretKey field is set to the value of the last call. +func (b *Sigv4ApplyConfiguration) WithSecretKey(value *SecretKeySelectorApplyConfiguration) *Sigv4ApplyConfiguration { + b.SecretKey = value + return b +} + +// WithProfile sets the Profile field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Profile field is set to the value of the last call. +func (b *Sigv4ApplyConfiguration) WithProfile(value string) *Sigv4ApplyConfiguration { + b.Profile = &value + return b +} + +// WithRoleArn sets the RoleArn field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the RoleArn field is set to the value of the last call. +func (b *Sigv4ApplyConfiguration) WithRoleArn(value string) *Sigv4ApplyConfiguration { + b.RoleArn = &value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/tlsconfig.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/tlsconfig.go new file mode 100644 index 0000000000..dc74026618 --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/tlsconfig.go @@ -0,0 +1,81 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + configv1alpha1 "github.com/openshift/api/config/v1alpha1" +) + +// TLSConfigApplyConfiguration represents a declarative configuration of the TLSConfig type for use +// with apply. +// +// TLSConfig represents TLS configuration for Alertmanager connections. +// At least one TLS configuration option must be specified. +// For mutual TLS (mTLS), both cert and key must be specified together, or both omitted. +type TLSConfigApplyConfiguration struct { + // ca is an optional CA certificate to use for TLS connections. + // When omitted, the system's default CA bundle is used. + CA *SecretKeySelectorApplyConfiguration `json:"ca,omitempty"` + // cert is an optional client certificate to use for mutual TLS connections. + // When omitted, no client certificate is presented. + Cert *SecretKeySelectorApplyConfiguration `json:"cert,omitempty"` + // key is an optional client key to use for mutual TLS connections. + // When omitted, no client key is used. + Key *SecretKeySelectorApplyConfiguration `json:"key,omitempty"` + // serverName is an optional server name to use for TLS connections. + // When specified, must be a valid DNS subdomain as per RFC 1123. + // When omitted, the server name is derived from the URL. + // Must be between 1 and 253 characters in length. + ServerName *string `json:"serverName,omitempty"` + // certificateVerification determines the policy for TLS certificate verification. + // Allowed values are "Verify" (performs certificate verification, secure) and "SkipVerify" (skips verification, insecure). + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // The default value is "Verify". + CertificateVerification *configv1alpha1.CertificateVerificationType `json:"certificateVerification,omitempty"` +} + +// TLSConfigApplyConfiguration constructs a declarative configuration of the TLSConfig type for use with +// apply. +func TLSConfig() *TLSConfigApplyConfiguration { + return &TLSConfigApplyConfiguration{} +} + +// WithCA sets the CA field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the CA field is set to the value of the last call. +func (b *TLSConfigApplyConfiguration) WithCA(value *SecretKeySelectorApplyConfiguration) *TLSConfigApplyConfiguration { + b.CA = value + return b +} + +// WithCert sets the Cert field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Cert field is set to the value of the last call. +func (b *TLSConfigApplyConfiguration) WithCert(value *SecretKeySelectorApplyConfiguration) *TLSConfigApplyConfiguration { + b.Cert = value + return b +} + +// WithKey sets the Key field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Key field is set to the value of the last call. +func (b *TLSConfigApplyConfiguration) WithKey(value *SecretKeySelectorApplyConfiguration) *TLSConfigApplyConfiguration { + b.Key = value + return b +} + +// WithServerName sets the ServerName field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ServerName field is set to the value of the last call. +func (b *TLSConfigApplyConfiguration) WithServerName(value string) *TLSConfigApplyConfiguration { + b.ServerName = &value + return b +} + +// WithCertificateVerification sets the CertificateVerification field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the CertificateVerification field is set to the value of the last call. +func (b *TLSConfigApplyConfiguration) WithCertificateVerification(value configv1alpha1.CertificateVerificationType) *TLSConfigApplyConfiguration { + b.CertificateVerification = &value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/uppercaseactionconfig.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/uppercaseactionconfig.go new file mode 100644 index 0000000000..6d3a6a804a --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/uppercaseactionconfig.go @@ -0,0 +1,29 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +// UppercaseActionConfigApplyConfiguration represents a declarative configuration of the UppercaseActionConfig type for use +// with apply. +// +// UppercaseActionConfig configures the Uppercase action. +// Maps the concatenated source_labels to their upper case and writes to target_label. +// Requires Prometheus >= v2.36.0. +type UppercaseActionConfigApplyConfiguration struct { + // targetLabel is the label name where the upper-cased value is written. + // Must be between 1 and 128 characters in length. + TargetLabel *string `json:"targetLabel,omitempty"` +} + +// UppercaseActionConfigApplyConfiguration constructs a declarative configuration of the UppercaseActionConfig type for use with +// apply. +func UppercaseActionConfig() *UppercaseActionConfigApplyConfiguration { + return &UppercaseActionConfigApplyConfiguration{} +} + +// WithTargetLabel sets the TargetLabel field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the TargetLabel field is set to the value of the last call. +func (b *UppercaseActionConfigApplyConfiguration) WithTargetLabel(value string) *UppercaseActionConfigApplyConfiguration { + b.TargetLabel = &value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/internal/internal.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/internal/internal.go index 65906b80c5..199221a076 100644 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/internal/internal.go +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/internal/internal.go @@ -23,92 +23,80 @@ func Parser() *typed.Parser { var parserOnce sync.Once var parser *typed.Parser var schemaYAML = typed.YAMLObject(`types: -- name: com.github.openshift.api.config.v1.APIServer +- name: Condition.v1.meta.apis.pkg.apimachinery.k8s.io map: fields: - - name: apiVersion + - name: lastTransitionTime type: - scalar: string - - name: kind + namedType: Time.v1.meta.apis.pkg.apimachinery.k8s.io + - name: message type: scalar: string - - name: metadata + default: "" + - name: observedGeneration type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta - default: {} - - name: spec + scalar: numeric + - name: reason type: - namedType: com.github.openshift.api.config.v1.APIServerSpec - default: {} + scalar: string + default: "" - name: status type: - namedType: com.github.openshift.api.config.v1.APIServerStatus - default: {} -- name: com.github.openshift.api.config.v1.APIServerEncryption - map: - fields: - - name: kms - type: - namedType: com.github.openshift.api.config.v1.KMSConfig + scalar: string + default: "" - name: type type: scalar: string - unions: - - discriminator: type - fields: - - fieldName: kms - discriminatorValue: KMS -- name: com.github.openshift.api.config.v1.APIServerNamedServingCert + default: "" +- name: ConfigMapKeySelector.v1.core.api.k8s.io map: fields: - - name: names + - name: key type: - list: - elementType: - scalar: string - elementRelationship: atomic - - name: servingCertificate + scalar: string + default: "" + - name: name type: - namedType: com.github.openshift.api.config.v1.SecretNameReference - default: {} -- name: com.github.openshift.api.config.v1.APIServerServingCerts + scalar: string + default: "" + - name: optional + type: + scalar: boolean + elementRelationship: atomic +- name: Duration.v1.meta.apis.pkg.apimachinery.k8s.io + scalar: string +- name: EnvVar.v1.core.api.k8s.io map: fields: - - name: namedCertificates + - name: name type: - list: - elementType: - namedType: com.github.openshift.api.config.v1.APIServerNamedServingCert - elementRelationship: atomic -- name: com.github.openshift.api.config.v1.APIServerSpec + scalar: string + default: "" + - name: value + type: + scalar: string + - name: valueFrom + type: + namedType: EnvVarSource.v1.core.api.k8s.io +- name: EnvVarSource.v1.core.api.k8s.io map: fields: - - name: additionalCORSAllowedOrigins - type: - list: - elementType: - scalar: string - elementRelationship: atomic - - name: audit + - name: configMapKeyRef type: - namedType: com.github.openshift.api.config.v1.Audit - default: {} - - name: clientCA + namedType: ConfigMapKeySelector.v1.core.api.k8s.io + - name: fieldRef type: - namedType: com.github.openshift.api.config.v1.ConfigMapNameReference - default: {} - - name: encryption + namedType: ObjectFieldSelector.v1.core.api.k8s.io + - name: fileKeyRef type: - namedType: com.github.openshift.api.config.v1.APIServerEncryption - default: {} - - name: servingCerts + namedType: FileKeySelector.v1.core.api.k8s.io + - name: resourceFieldRef type: - namedType: com.github.openshift.api.config.v1.APIServerServingCerts - default: {} - - name: tlsSecurityProfile + namedType: ResourceFieldSelector.v1.core.api.k8s.io + - name: secretKeyRef type: - namedType: com.github.openshift.api.config.v1.TLSSecurityProfile -- name: com.github.openshift.api.config.v1.APIServerStatus + namedType: SecretKeySelector.v1.core.api.k8s.io +- name: FieldsV1.v1.meta.apis.pkg.apimachinery.k8s.io map: elementType: scalar: untyped @@ -120,201 +108,229 @@ var schemaYAML = typed.YAMLObject(`types: elementType: namedType: __untyped_deduced_ elementRelationship: separable -- name: com.github.openshift.api.config.v1.AWSDNSSpec +- name: FileKeySelector.v1.core.api.k8s.io map: fields: - - name: privateZoneIAMRole + - name: key type: scalar: string default: "" -- name: com.github.openshift.api.config.v1.AWSIngressSpec - map: - fields: - - name: type + - name: optional type: - scalar: string - default: "" - unions: - - discriminator: type -- name: com.github.openshift.api.config.v1.AWSKMSConfig - map: - fields: - - name: keyARN + scalar: boolean + default: false + - name: path type: scalar: string default: "" - - name: region + - name: volumeName type: scalar: string default: "" -- name: com.github.openshift.api.config.v1.AWSPlatformSpec + elementRelationship: atomic +- name: LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io map: fields: - - name: serviceEndpoints + - name: matchExpressions type: list: elementType: - namedType: com.github.openshift.api.config.v1.AWSServiceEndpoint + namedType: LabelSelectorRequirement.v1.meta.apis.pkg.apimachinery.k8s.io elementRelationship: atomic -- name: com.github.openshift.api.config.v1.AWSPlatformStatus + - name: matchLabels + type: + map: + elementType: + scalar: string + elementRelationship: atomic +- name: LabelSelectorRequirement.v1.meta.apis.pkg.apimachinery.k8s.io map: fields: - - name: cloudLoadBalancerConfig - type: - namedType: com.github.openshift.api.config.v1.CloudLoadBalancerConfig - default: - dnsType: PlatformDefault - - name: ipFamily + - name: key type: scalar: string - default: IPv4 - - name: region + default: "" + - name: operator type: scalar: string default: "" - - name: resourceTags - type: - list: - elementType: - namedType: com.github.openshift.api.config.v1.AWSResourceTag - elementRelationship: atomic - - name: serviceEndpoints + - name: values type: list: elementType: - namedType: com.github.openshift.api.config.v1.AWSServiceEndpoint + scalar: string elementRelationship: atomic -- name: com.github.openshift.api.config.v1.AWSResourceTag +- name: ManagedFieldsEntry.v1.meta.apis.pkg.apimachinery.k8s.io map: fields: - - name: key + - name: apiVersion type: scalar: string - default: "" - - name: value + - name: fieldsType type: scalar: string - default: "" -- name: com.github.openshift.api.config.v1.AWSServiceEndpoint - map: - fields: - - name: name + - name: fieldsV1 + type: + namedType: FieldsV1.v1.meta.apis.pkg.apimachinery.k8s.io + - name: manager type: scalar: string - default: "" - - name: url + - name: operation type: scalar: string - default: "" -- name: com.github.openshift.api.config.v1.AcceptRisk - map: - fields: - - name: name + - name: subresource type: scalar: string -- name: com.github.openshift.api.config.v1.AlibabaCloudPlatformSpec - map: - elementType: - scalar: untyped - list: - elementType: - namedType: __untyped_atomic_ - elementRelationship: atomic - map: - elementType: - namedType: __untyped_deduced_ - elementRelationship: separable -- name: com.github.openshift.api.config.v1.AlibabaCloudPlatformStatus + - name: time + type: + namedType: Time.v1.meta.apis.pkg.apimachinery.k8s.io +- name: ModifyVolumeStatus.v1.core.api.k8s.io map: fields: - - name: region + - name: status type: scalar: string default: "" - - name: resourceGroupID + - name: targetVolumeAttributesClassName type: scalar: string - - name: resourceTags - type: - list: - elementType: - namedType: com.github.openshift.api.config.v1.AlibabaCloudResourceTag - elementRelationship: associative - keys: - - key -- name: com.github.openshift.api.config.v1.AlibabaCloudResourceTag +- name: ObjectFieldSelector.v1.core.api.k8s.io map: fields: - - name: key + - name: apiVersion type: scalar: string - default: "" - - name: value + - name: fieldPath type: scalar: string default: "" -- name: com.github.openshift.api.config.v1.Audit + elementRelationship: atomic +- name: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io map: fields: - - name: customRules + - name: annotations + type: + map: + elementType: + scalar: string + - name: creationTimestamp + type: + namedType: Time.v1.meta.apis.pkg.apimachinery.k8s.io + - name: deletionGracePeriodSeconds + type: + scalar: numeric + - name: deletionTimestamp + type: + namedType: Time.v1.meta.apis.pkg.apimachinery.k8s.io + - name: finalizers type: list: elementType: - namedType: com.github.openshift.api.config.v1.AuditCustomRule + scalar: string elementRelationship: associative - keys: - - group - - name: profile + - name: generateName type: scalar: string -- name: com.github.openshift.api.config.v1.AuditCustomRule - map: - fields: - - name: group + - name: generation type: - scalar: string - default: "" - - name: profile + scalar: numeric + - name: labels type: - scalar: string - default: "" -- name: com.github.openshift.api.config.v1.Authentication - map: - fields: - - name: apiVersion + map: + elementType: + scalar: string + - name: managedFields + type: + list: + elementType: + namedType: ManagedFieldsEntry.v1.meta.apis.pkg.apimachinery.k8s.io + elementRelationship: atomic + - name: name type: scalar: string - - name: kind + - name: namespace type: scalar: string - - name: metadata + - name: ownerReferences type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta - default: {} + list: + elementType: + namedType: OwnerReference.v1.meta.apis.pkg.apimachinery.k8s.io + elementRelationship: associative + keys: + - uid + - name: resourceVersion + type: + scalar: string + - name: selfLink + type: + scalar: string + - name: uid + type: + scalar: string +- name: OwnerReference.v1.meta.apis.pkg.apimachinery.k8s.io + map: + fields: + - name: apiVersion + type: + scalar: string + default: "" + - name: blockOwnerDeletion + type: + scalar: boolean + - name: controller + type: + scalar: boolean + - name: kind + type: + scalar: string + default: "" + - name: name + type: + scalar: string + default: "" + - name: uid + type: + scalar: string + default: "" + elementRelationship: atomic +- name: PersistentVolumeClaim.v1.core.api.k8s.io + map: + fields: + - name: apiVersion + type: + scalar: string + - name: kind + type: + scalar: string + - name: metadata + type: + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io + default: {} - name: spec type: - namedType: com.github.openshift.api.config.v1.AuthenticationSpec + namedType: PersistentVolumeClaimSpec.v1.core.api.k8s.io default: {} - name: status type: - namedType: com.github.openshift.api.config.v1.AuthenticationStatus + namedType: PersistentVolumeClaimStatus.v1.core.api.k8s.io default: {} -- name: com.github.openshift.api.config.v1.AuthenticationSpec +- name: PersistentVolumeClaimCondition.v1.core.api.k8s.io map: fields: - - name: oauthMetadata + - name: lastProbeTime type: - namedType: com.github.openshift.api.config.v1.ConfigMapNameReference - default: {} - - name: oidcProviders + namedType: Time.v1.meta.apis.pkg.apimachinery.k8s.io + - name: lastTransitionTime type: - list: - elementType: - namedType: com.github.openshift.api.config.v1.OIDCProvider - elementRelationship: associative - keys: - - name - - name: serviceAccountIssuer + namedType: Time.v1.meta.apis.pkg.apimachinery.k8s.io + - name: message + type: + scalar: string + - name: reason + type: + scalar: string + - name: status type: scalar: string default: "" @@ -322,32 +338,85 @@ var schemaYAML = typed.YAMLObject(`types: type: scalar: string default: "" - - name: webhookTokenAuthenticator - type: - namedType: com.github.openshift.api.config.v1.WebhookTokenAuthenticator - - name: webhookTokenAuthenticators +- name: PersistentVolumeClaimSpec.v1.core.api.k8s.io + map: + fields: + - name: accessModes type: list: elementType: - namedType: com.github.openshift.api.config.v1.DeprecatedWebhookTokenAuthenticator + scalar: string elementRelationship: atomic -- name: com.github.openshift.api.config.v1.AuthenticationStatus + - name: dataSource + type: + namedType: TypedLocalObjectReference.v1.core.api.k8s.io + - name: dataSourceRef + type: + namedType: TypedObjectReference.v1.core.api.k8s.io + - name: resources + type: + namedType: VolumeResourceRequirements.v1.core.api.k8s.io + default: {} + - name: selector + type: + namedType: LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io + - name: storageClassName + type: + scalar: string + - name: volumeAttributesClassName + type: + scalar: string + - name: volumeMode + type: + scalar: string + - name: volumeName + type: + scalar: string +- name: PersistentVolumeClaimStatus.v1.core.api.k8s.io map: fields: - - name: integratedOAuthMetadata + - name: accessModes type: - namedType: com.github.openshift.api.config.v1.ConfigMapNameReference - default: {} - - name: oidcClients + list: + elementType: + scalar: string + elementRelationship: atomic + - name: allocatedResourceStatuses + type: + map: + elementType: + scalar: string + elementRelationship: separable + - name: allocatedResources + type: + map: + elementType: + namedType: Quantity.resource.api.pkg.apimachinery.k8s.io + - name: capacity + type: + map: + elementType: + namedType: Quantity.resource.api.pkg.apimachinery.k8s.io + - name: conditions type: list: elementType: - namedType: com.github.openshift.api.config.v1.OIDCClientStatus + namedType: PersistentVolumeClaimCondition.v1.core.api.k8s.io elementRelationship: associative keys: - - componentNamespace - - componentName -- name: com.github.openshift.api.config.v1.AzurePlatformSpec + - type + - name: currentVolumeAttributesClassName + type: + scalar: string + - name: modifyVolumeStatus + type: + namedType: ModifyVolumeStatus.v1.core.api.k8s.io + - name: phase + type: + scalar: string +- name: Quantity.resource.api.pkg.apimachinery.k8s.io + scalar: string +- name: RawExtension.runtime.pkg.apimachinery.k8s.io map: elementType: scalar: untyped @@ -359,136 +428,165 @@ var schemaYAML = typed.YAMLObject(`types: elementType: namedType: __untyped_deduced_ elementRelationship: separable -- name: com.github.openshift.api.config.v1.AzurePlatformStatus +- name: ResourceClaim.v1.core.api.k8s.io map: fields: - - name: armEndpoint + - name: name type: scalar: string - - name: cloudLoadBalancerConfig - type: - namedType: com.github.openshift.api.config.v1.CloudLoadBalancerConfig - default: - dnsType: PlatformDefault - - name: cloudName + default: "" + - name: request type: scalar: string - - name: ipFamily +- name: ResourceFieldSelector.v1.core.api.k8s.io + map: + fields: + - name: containerName type: scalar: string - default: IPv4 - - name: networkResourceGroupName + - name: divisor type: - scalar: string - - name: resourceGroupName + namedType: Quantity.resource.api.pkg.apimachinery.k8s.io + - name: resource type: scalar: string default: "" - - name: resourceTags + elementRelationship: atomic +- name: ResourceRequirements.v1.core.api.k8s.io + map: + fields: + - name: claims type: list: elementType: - namedType: com.github.openshift.api.config.v1.AzureResourceTag - elementRelationship: atomic -- name: com.github.openshift.api.config.v1.AzureResourceTag + namedType: ResourceClaim.v1.core.api.k8s.io + elementRelationship: associative + keys: + - name + - name: limits + type: + map: + elementType: + namedType: Quantity.resource.api.pkg.apimachinery.k8s.io + - name: requests + type: + map: + elementType: + namedType: Quantity.resource.api.pkg.apimachinery.k8s.io +- name: SecretKeySelector.v1.core.api.k8s.io map: fields: - name: key type: scalar: string default: "" - - name: value + - name: name type: scalar: string default: "" -- name: com.github.openshift.api.config.v1.BareMetalPlatformLoadBalancer + - name: optional + type: + scalar: boolean + elementRelationship: atomic +- name: Time.v1.meta.apis.pkg.apimachinery.k8s.io + scalar: untyped +- name: Toleration.v1.core.api.k8s.io map: fields: - - name: type + - name: effect type: scalar: string - default: OpenShiftManagedDefault - unions: - - discriminator: type -- name: com.github.openshift.api.config.v1.BareMetalPlatformSpec + - name: key + type: + scalar: string + - name: operator + type: + scalar: string + - name: tolerationSeconds + type: + scalar: numeric + - name: value + type: + scalar: string +- name: TopologySpreadConstraint.v1.core.api.k8s.io map: fields: - - name: apiServerInternalIPs + - name: labelSelector type: - list: - elementType: - scalar: string - elementRelationship: atomic - - name: ingressIPs + namedType: LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io + - name: matchLabelKeys type: list: elementType: scalar: string elementRelationship: atomic - - name: machineNetworks + - name: maxSkew type: - list: - elementType: - scalar: string - elementRelationship: atomic -- name: com.github.openshift.api.config.v1.BareMetalPlatformStatus - map: - fields: - - name: apiServerInternalIP + scalar: numeric + default: 0 + - name: minDomains + type: + scalar: numeric + - name: nodeAffinityPolicy type: scalar: string - - name: apiServerInternalIPs + - name: nodeTaintsPolicy type: - list: - elementType: - scalar: string - elementRelationship: atomic - - name: dnsRecordsType + scalar: string + - name: topologyKey type: scalar: string - - name: ingressIP + default: "" + - name: whenUnsatisfiable type: scalar: string - - name: ingressIPs + default: "" +- name: TypedLocalObjectReference.v1.core.api.k8s.io + map: + fields: + - name: apiGroup type: - list: - elementType: - scalar: string - elementRelationship: atomic - - name: loadBalancer + scalar: string + - name: kind type: - namedType: com.github.openshift.api.config.v1.BareMetalPlatformLoadBalancer - default: - type: OpenShiftManagedDefault - - name: machineNetworks - type: - list: - elementType: - scalar: string - elementRelationship: atomic - - name: nodeDNSIP + scalar: string + default: "" + - name: name type: scalar: string -- name: com.github.openshift.api.config.v1.BasicAuthIdentityProvider + default: "" + elementRelationship: atomic +- name: TypedObjectReference.v1.core.api.k8s.io map: fields: - - name: ca - type: - namedType: com.github.openshift.api.config.v1.ConfigMapNameReference - default: {} - - name: tlsClientCert + - name: apiGroup type: - namedType: com.github.openshift.api.config.v1.SecretNameReference - default: {} - - name: tlsClientKey + scalar: string + - name: kind type: - namedType: com.github.openshift.api.config.v1.SecretNameReference - default: {} - - name: url + scalar: string + default: "" + - name: name type: scalar: string default: "" -- name: com.github.openshift.api.config.v1.Build + - name: namespace + type: + scalar: string +- name: VolumeResourceRequirements.v1.core.api.k8s.io + map: + fields: + - name: limits + type: + map: + elementType: + namedType: Quantity.resource.api.pkg.apimachinery.k8s.io + - name: requests + type: + map: + elementType: + namedType: Quantity.resource.api.pkg.apimachinery.k8s.io +- name: com.github.openshift.api.config.v1.APIServer map: fields: - name: apiVersion @@ -499,205 +597,185 @@ var schemaYAML = typed.YAMLObject(`types: scalar: string - name: metadata type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io default: {} - name: spec type: - namedType: com.github.openshift.api.config.v1.BuildSpec + namedType: com.github.openshift.api.config.v1.APIServerSpec default: {} -- name: com.github.openshift.api.config.v1.BuildDefaults + - name: status + type: + namedType: com.github.openshift.api.config.v1.APIServerStatus + default: {} +- name: com.github.openshift.api.config.v1.APIServerEncryption map: fields: - - name: defaultProxy - type: - namedType: com.github.openshift.api.config.v1.ProxySpec - - name: env + - name: kms type: - list: - elementType: - namedType: io.k8s.api.core.v1.EnvVar - elementRelationship: atomic - - name: gitProxy + namedType: com.github.openshift.api.config.v1.KMSConfig + - name: type type: - namedType: com.github.openshift.api.config.v1.ProxySpec - - name: imageLabels + scalar: string + unions: + - discriminator: type + fields: + - fieldName: kms + discriminatorValue: KMS +- name: com.github.openshift.api.config.v1.APIServerNamedServingCert + map: + fields: + - name: names type: list: elementType: - namedType: com.github.openshift.api.config.v1.ImageLabel + scalar: string elementRelationship: atomic - - name: resources + - name: servingCertificate type: - namedType: io.k8s.api.core.v1.ResourceRequirements + namedType: com.github.openshift.api.config.v1.SecretNameReference default: {} -- name: com.github.openshift.api.config.v1.BuildOverrides +- name: com.github.openshift.api.config.v1.APIServerServingCerts map: fields: - - name: forcePull - type: - scalar: boolean - - name: imageLabels + - name: namedCertificates type: list: elementType: - namedType: com.github.openshift.api.config.v1.ImageLabel + namedType: com.github.openshift.api.config.v1.APIServerNamedServingCert elementRelationship: atomic - - name: nodeSelector - type: - map: - elementType: - scalar: string - - name: tolerations +- name: com.github.openshift.api.config.v1.APIServerSpec + map: + fields: + - name: additionalCORSAllowedOrigins type: list: elementType: - namedType: io.k8s.api.core.v1.Toleration + scalar: string elementRelationship: atomic -- name: com.github.openshift.api.config.v1.BuildSpec - map: - fields: - - name: additionalTrustedCA + - name: audit + type: + namedType: com.github.openshift.api.config.v1.Audit + default: {} + - name: clientCA type: namedType: com.github.openshift.api.config.v1.ConfigMapNameReference default: {} - - name: buildDefaults + - name: encryption type: - namedType: com.github.openshift.api.config.v1.BuildDefaults + namedType: com.github.openshift.api.config.v1.APIServerEncryption default: {} - - name: buildOverrides + - name: servingCerts type: - namedType: com.github.openshift.api.config.v1.BuildOverrides + namedType: com.github.openshift.api.config.v1.APIServerServingCerts default: {} -- name: com.github.openshift.api.config.v1.CloudControllerManagerStatus + - name: tlsSecurityProfile + type: + namedType: com.github.openshift.api.config.v1.TLSSecurityProfile +- name: com.github.openshift.api.config.v1.APIServerStatus + map: + elementType: + scalar: untyped + list: + elementType: + namedType: __untyped_atomic_ + elementRelationship: atomic + map: + elementType: + namedType: __untyped_deduced_ + elementRelationship: separable +- name: com.github.openshift.api.config.v1.AWSDNSSpec map: fields: - - name: state + - name: privateZoneIAMRole type: scalar: string default: "" -- name: com.github.openshift.api.config.v1.CloudLoadBalancerConfig +- name: com.github.openshift.api.config.v1.AWSIngressSpec map: fields: - - name: clusterHosted - type: - namedType: com.github.openshift.api.config.v1.CloudLoadBalancerIPs - - name: dnsType + - name: type type: scalar: string - default: PlatformDefault + default: "" unions: - - discriminator: dnsType - fields: - - fieldName: clusterHosted - discriminatorValue: ClusterHosted -- name: com.github.openshift.api.config.v1.CloudLoadBalancerIPs + - discriminator: type +- name: com.github.openshift.api.config.v1.AWSKMSConfig map: fields: - - name: apiIntLoadBalancerIPs + - name: keyARN type: - list: - elementType: - scalar: string - elementRelationship: associative - - name: apiLoadBalancerIPs + scalar: string + default: "" + - name: region type: - list: - elementType: - scalar: string - elementRelationship: associative - - name: ingressLoadBalancerIPs + scalar: string + default: "" +- name: com.github.openshift.api.config.v1.AWSPlatformSpec + map: + fields: + - name: serviceEndpoints type: list: elementType: - scalar: string - elementRelationship: associative -- name: com.github.openshift.api.config.v1.ClusterCondition + namedType: com.github.openshift.api.config.v1.AWSServiceEndpoint + elementRelationship: atomic +- name: com.github.openshift.api.config.v1.AWSPlatformStatus map: fields: - - name: promql - type: - namedType: com.github.openshift.api.config.v1.PromQLClusterCondition - - name: type + - name: cloudLoadBalancerConfig type: - scalar: string - default: "" -- name: com.github.openshift.api.config.v1.ClusterImagePolicy - map: - fields: - - name: apiVersion + namedType: com.github.openshift.api.config.v1.CloudLoadBalancerConfig + default: + dnsType: PlatformDefault + - name: ipFamily type: scalar: string - - name: kind + default: IPv4 + - name: region type: scalar: string - - name: metadata - type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta - default: {} - - name: spec - type: - namedType: com.github.openshift.api.config.v1.ClusterImagePolicySpec - default: {} - - name: status - type: - namedType: com.github.openshift.api.config.v1.ClusterImagePolicyStatus - default: {} -- name: com.github.openshift.api.config.v1.ClusterImagePolicySpec - map: - fields: - - name: policy - type: - namedType: com.github.openshift.api.config.v1.ImageSigstoreVerificationPolicy - default: {} - - name: scopes + default: "" + - name: resourceTags type: list: elementType: - scalar: string - elementRelationship: associative -- name: com.github.openshift.api.config.v1.ClusterImagePolicyStatus - map: - fields: - - name: conditions + namedType: com.github.openshift.api.config.v1.AWSResourceTag + elementRelationship: atomic + - name: serviceEndpoints type: list: elementType: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Condition - elementRelationship: associative - keys: - - type -- name: com.github.openshift.api.config.v1.ClusterNetworkEntry + namedType: com.github.openshift.api.config.v1.AWSServiceEndpoint + elementRelationship: atomic +- name: com.github.openshift.api.config.v1.AWSResourceTag map: fields: - - name: cidr + - name: key type: scalar: string default: "" - - name: hostPrefix + - name: value type: - scalar: numeric -- name: com.github.openshift.api.config.v1.ClusterOperator + scalar: string + default: "" +- name: com.github.openshift.api.config.v1.AWSServiceEndpoint map: fields: - - name: apiVersion + - name: name type: scalar: string - - name: kind + default: "" + - name: url type: scalar: string - - name: metadata - type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta - default: {} - - name: spec - type: - namedType: com.github.openshift.api.config.v1.ClusterOperatorSpec - default: {} - - name: status + default: "" +- name: com.github.openshift.api.config.v1.AcceptRisk + map: + fields: + - name: name type: - namedType: com.github.openshift.api.config.v1.ClusterOperatorStatus - default: {} -- name: com.github.openshift.api.config.v1.ClusterOperatorSpec + scalar: string +- name: com.github.openshift.api.config.v1.AlibabaCloudPlatformSpec map: elementType: scalar: untyped @@ -709,53 +787,61 @@ var schemaYAML = typed.YAMLObject(`types: elementType: namedType: __untyped_deduced_ elementRelationship: separable -- name: com.github.openshift.api.config.v1.ClusterOperatorStatus +- name: com.github.openshift.api.config.v1.AlibabaCloudPlatformStatus map: fields: - - name: conditions - type: - list: - elementType: - namedType: com.github.openshift.api.config.v1.ClusterOperatorStatusCondition - elementRelationship: associative - keys: - - type - - name: extension + - name: region type: - namedType: __untyped_atomic_ - - name: relatedObjects + scalar: string + default: "" + - name: resourceGroupID type: - list: - elementType: - namedType: com.github.openshift.api.config.v1.ObjectReference - elementRelationship: atomic - - name: versions + scalar: string + - name: resourceTags type: list: elementType: - namedType: com.github.openshift.api.config.v1.OperandVersion - elementRelationship: atomic -- name: com.github.openshift.api.config.v1.ClusterOperatorStatusCondition + namedType: com.github.openshift.api.config.v1.AlibabaCloudResourceTag + elementRelationship: associative + keys: + - key +- name: com.github.openshift.api.config.v1.AlibabaCloudResourceTag map: fields: - - name: lastTransitionTime + - name: key type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Time - - name: message + scalar: string + default: "" + - name: value type: scalar: string - - name: reason + default: "" +- name: com.github.openshift.api.config.v1.Audit + map: + fields: + - name: customRules + type: + list: + elementType: + namedType: com.github.openshift.api.config.v1.AuditCustomRule + elementRelationship: associative + keys: + - group + - name: profile type: scalar: string - - name: status +- name: com.github.openshift.api.config.v1.AuditCustomRule + map: + fields: + - name: group type: scalar: string default: "" - - name: type + - name: profile type: scalar: string default: "" -- name: com.github.openshift.api.config.v1.ClusterVersion +- name: com.github.openshift.api.config.v1.Authentication map: fields: - name: apiVersion @@ -766,373 +852,339 @@ var schemaYAML = typed.YAMLObject(`types: scalar: string - name: metadata type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io default: {} - name: spec type: - namedType: com.github.openshift.api.config.v1.ClusterVersionSpec + namedType: com.github.openshift.api.config.v1.AuthenticationSpec default: {} - name: status type: - namedType: com.github.openshift.api.config.v1.ClusterVersionStatus + namedType: com.github.openshift.api.config.v1.AuthenticationStatus default: {} -- name: com.github.openshift.api.config.v1.ClusterVersionCapabilitiesSpec +- name: com.github.openshift.api.config.v1.AuthenticationSpec map: fields: - - name: additionalEnabledCapabilities + - name: oauthMetadata + type: + namedType: com.github.openshift.api.config.v1.ConfigMapNameReference + default: {} + - name: oidcProviders type: list: elementType: - scalar: string - elementRelationship: atomic - - name: baselineCapabilitySet + namedType: com.github.openshift.api.config.v1.OIDCProvider + elementRelationship: associative + keys: + - name + - name: serviceAccountIssuer type: scalar: string -- name: com.github.openshift.api.config.v1.ClusterVersionCapabilitiesStatus - map: - fields: - - name: enabledCapabilities + default: "" + - name: type + type: + scalar: string + default: "" + - name: webhookTokenAuthenticator + type: + namedType: com.github.openshift.api.config.v1.WebhookTokenAuthenticator + - name: webhookTokenAuthenticators type: list: elementType: - scalar: string + namedType: com.github.openshift.api.config.v1.DeprecatedWebhookTokenAuthenticator elementRelationship: atomic - - name: knownCapabilities +- name: com.github.openshift.api.config.v1.AuthenticationStatus + map: + fields: + - name: integratedOAuthMetadata + type: + namedType: com.github.openshift.api.config.v1.ConfigMapNameReference + default: {} + - name: oidcClients type: list: elementType: - scalar: string - elementRelationship: atomic -- name: com.github.openshift.api.config.v1.ClusterVersionSpec + namedType: com.github.openshift.api.config.v1.OIDCClientStatus + elementRelationship: associative + keys: + - componentNamespace + - componentName +- name: com.github.openshift.api.config.v1.AzurePlatformSpec + map: + elementType: + scalar: untyped + list: + elementType: + namedType: __untyped_atomic_ + elementRelationship: atomic + map: + elementType: + namedType: __untyped_deduced_ + elementRelationship: separable +- name: com.github.openshift.api.config.v1.AzurePlatformStatus map: fields: - - name: capabilities + - name: armEndpoint type: - namedType: com.github.openshift.api.config.v1.ClusterVersionCapabilitiesSpec - - name: channel + scalar: string + - name: cloudLoadBalancerConfig + type: + namedType: com.github.openshift.api.config.v1.CloudLoadBalancerConfig + default: + dnsType: PlatformDefault + - name: cloudName type: scalar: string - - name: clusterID + - name: ipFamily type: scalar: string - default: "" - - name: desiredUpdate + default: IPv4 + - name: networkResourceGroupName type: - namedType: com.github.openshift.api.config.v1.Update - - name: overrides + scalar: string + - name: resourceGroupName type: - list: - elementType: - namedType: com.github.openshift.api.config.v1.ComponentOverride - elementRelationship: associative - keys: - - kind - - group - - namespace - - name - - name: signatureStores + scalar: string + default: "" + - name: resourceTags type: list: elementType: - namedType: com.github.openshift.api.config.v1.SignatureStore - elementRelationship: associative - keys: - - url - - name: upstream + namedType: com.github.openshift.api.config.v1.AzureResourceTag + elementRelationship: atomic +- name: com.github.openshift.api.config.v1.AzureResourceTag + map: + fields: + - name: key type: scalar: string -- name: com.github.openshift.api.config.v1.ClusterVersionStatus + default: "" + - name: value + type: + scalar: string + default: "" +- name: com.github.openshift.api.config.v1.BareMetalPlatformLoadBalancer map: fields: - - name: availableUpdates - type: - list: - elementType: - namedType: com.github.openshift.api.config.v1.Release - elementRelationship: atomic - - name: capabilities + - name: type type: - namedType: com.github.openshift.api.config.v1.ClusterVersionCapabilitiesStatus - default: {} - - name: conditionalUpdateRisks + scalar: string + default: OpenShiftManagedDefault + unions: + - discriminator: type +- name: com.github.openshift.api.config.v1.BareMetalPlatformSpec + map: + fields: + - name: apiServerInternalIPs type: list: elementType: - namedType: com.github.openshift.api.config.v1.ConditionalUpdateRisk - elementRelationship: associative - keys: - - name - - name: conditionalUpdates + scalar: string + elementRelationship: atomic + - name: ingressIPs type: list: elementType: - namedType: com.github.openshift.api.config.v1.ConditionalUpdate + scalar: string elementRelationship: atomic - - name: conditions + - name: machineNetworks type: list: elementType: - namedType: com.github.openshift.api.config.v1.ClusterOperatorStatusCondition - elementRelationship: associative - keys: - - type - - name: desired + scalar: string + elementRelationship: atomic +- name: com.github.openshift.api.config.v1.BareMetalPlatformStatus + map: + fields: + - name: apiServerInternalIP type: - namedType: com.github.openshift.api.config.v1.Release - default: {} - - name: history + scalar: string + - name: apiServerInternalIPs type: list: elementType: - namedType: com.github.openshift.api.config.v1.UpdateHistory + scalar: string elementRelationship: atomic - - name: observedGeneration - type: - scalar: numeric - default: 0 - - name: versionHash + - name: dnsRecordsType type: scalar: string - default: "" -- name: com.github.openshift.api.config.v1.ComponentOverride - map: - fields: - - name: group + - name: ingressIP type: scalar: string - default: "" - - name: kind + - name: ingressIPs type: - scalar: string - default: "" - - name: name + list: + elementType: + scalar: string + elementRelationship: atomic + - name: loadBalancer type: - scalar: string - default: "" - - name: namespace + namedType: com.github.openshift.api.config.v1.BareMetalPlatformLoadBalancer + default: + type: OpenShiftManagedDefault + - name: machineNetworks type: - scalar: string - default: "" - - name: unmanaged + list: + elementType: + scalar: string + elementRelationship: atomic + - name: nodeDNSIP type: - scalar: boolean - default: false -- name: com.github.openshift.api.config.v1.ComponentRouteSpec + scalar: string +- name: com.github.openshift.api.config.v1.BasicAuthIdentityProvider map: fields: - - name: hostname + - name: ca + type: + namedType: com.github.openshift.api.config.v1.ConfigMapNameReference + default: {} + - name: tlsClientCert + type: + namedType: com.github.openshift.api.config.v1.SecretNameReference + default: {} + - name: tlsClientKey + type: + namedType: com.github.openshift.api.config.v1.SecretNameReference + default: {} + - name: url type: scalar: string default: "" - - name: name +- name: com.github.openshift.api.config.v1.Build + map: + fields: + - name: apiVersion type: scalar: string - default: "" - - name: namespace + - name: kind type: scalar: string - default: "" - - name: servingCertKeyPairSecret + - name: metadata type: - namedType: com.github.openshift.api.config.v1.SecretNameReference + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io default: {} -- name: com.github.openshift.api.config.v1.ComponentRouteStatus + - name: spec + type: + namedType: com.github.openshift.api.config.v1.BuildSpec + default: {} +- name: com.github.openshift.api.config.v1.BuildDefaults map: fields: - - name: conditions - type: - list: - elementType: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Condition - elementRelationship: associative - keys: - - type - - name: consumingUsers + - name: defaultProxy type: - list: - elementType: - scalar: string - elementRelationship: atomic - - name: currentHostnames + namedType: com.github.openshift.api.config.v1.ProxySpec + - name: env type: list: elementType: - scalar: string + namedType: EnvVar.v1.core.api.k8s.io elementRelationship: atomic - - name: defaultHostname - type: - scalar: string - default: "" - - name: name - type: - scalar: string - default: "" - - name: namespace + - name: gitProxy type: - scalar: string - default: "" - - name: relatedObjects + namedType: com.github.openshift.api.config.v1.ProxySpec + - name: imageLabels type: list: elementType: - namedType: com.github.openshift.api.config.v1.ObjectReference + namedType: com.github.openshift.api.config.v1.ImageLabel elementRelationship: atomic -- name: com.github.openshift.api.config.v1.ConditionalUpdate - map: - fields: - - name: conditions - type: - list: - elementType: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Condition - elementRelationship: associative - keys: - - type - - name: release + - name: resources type: - namedType: com.github.openshift.api.config.v1.Release + namedType: ResourceRequirements.v1.core.api.k8s.io default: {} - - name: riskNames +- name: com.github.openshift.api.config.v1.BuildOverrides + map: + fields: + - name: forcePull type: - list: - elementType: - scalar: string - elementRelationship: associative - - name: risks + scalar: boolean + - name: imageLabels type: list: elementType: - namedType: com.github.openshift.api.config.v1.ConditionalUpdateRisk - elementRelationship: associative - keys: - - name -- name: com.github.openshift.api.config.v1.ConditionalUpdateRisk - map: - fields: - - name: conditions + namedType: com.github.openshift.api.config.v1.ImageLabel + elementRelationship: atomic + - name: nodeSelector type: - list: + map: elementType: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Condition - elementRelationship: associative - keys: - - type - - name: matchingRules + scalar: string + - name: tolerations type: list: elementType: - namedType: com.github.openshift.api.config.v1.ClusterCondition + namedType: Toleration.v1.core.api.k8s.io elementRelationship: atomic - - name: message - type: - scalar: string - default: "" - - name: name - type: - scalar: string - default: "" - - name: url - type: - scalar: string - default: "" -- name: com.github.openshift.api.config.v1.ConfigMapFileReference - map: - fields: - - name: key - type: - scalar: string - - name: name - type: - scalar: string - default: "" -- name: com.github.openshift.api.config.v1.ConfigMapNameReference - map: - fields: - - name: name - type: - scalar: string - default: "" -- name: com.github.openshift.api.config.v1.Console +- name: com.github.openshift.api.config.v1.BuildSpec map: fields: - - name: apiVersion - type: - scalar: string - - name: kind - type: - scalar: string - - name: metadata + - name: additionalTrustedCA type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + namedType: com.github.openshift.api.config.v1.ConfigMapNameReference default: {} - - name: spec + - name: buildDefaults type: - namedType: com.github.openshift.api.config.v1.ConsoleSpec + namedType: com.github.openshift.api.config.v1.BuildDefaults default: {} - - name: status + - name: buildOverrides type: - namedType: com.github.openshift.api.config.v1.ConsoleStatus + namedType: com.github.openshift.api.config.v1.BuildOverrides default: {} -- name: com.github.openshift.api.config.v1.ConsoleAuthentication +- name: com.github.openshift.api.config.v1.CloudControllerManagerStatus map: fields: - - name: logoutRedirect + - name: state type: scalar: string -- name: com.github.openshift.api.config.v1.ConsoleSpec + default: "" +- name: com.github.openshift.api.config.v1.CloudLoadBalancerConfig map: fields: - - name: authentication + - name: clusterHosted type: - namedType: com.github.openshift.api.config.v1.ConsoleAuthentication - default: {} -- name: com.github.openshift.api.config.v1.ConsoleStatus - map: - fields: - - name: consoleURL + namedType: com.github.openshift.api.config.v1.CloudLoadBalancerIPs + - name: dnsType type: scalar: string - default: "" -- name: com.github.openshift.api.config.v1.Custom + default: PlatformDefault + unions: + - discriminator: dnsType + fields: + - fieldName: clusterHosted + discriminatorValue: ClusterHosted +- name: com.github.openshift.api.config.v1.CloudLoadBalancerIPs map: fields: - - name: configs + - name: apiIntLoadBalancerIPs type: list: elementType: - namedType: com.github.openshift.api.config.v1.GathererConfig + scalar: string elementRelationship: associative - keys: - - name -- name: com.github.openshift.api.config.v1.CustomFeatureGates - map: - fields: - - name: disabled + - name: apiLoadBalancerIPs type: list: elementType: scalar: string - elementRelationship: atomic - - name: enabled + elementRelationship: associative + - name: ingressLoadBalancerIPs type: list: elementType: scalar: string - elementRelationship: atomic -- name: com.github.openshift.api.config.v1.CustomTLSProfile + elementRelationship: associative +- name: com.github.openshift.api.config.v1.ClusterCondition map: fields: - - name: ciphers + - name: promql type: - list: - elementType: - scalar: string - elementRelationship: atomic - - name: minTLSVersion + namedType: com.github.openshift.api.config.v1.PromQLClusterCondition + - name: type type: scalar: string default: "" -- name: com.github.openshift.api.config.v1.DNS +- name: com.github.openshift.api.config.v1.ClusterImagePolicy map: fields: - name: apiVersion @@ -1143,79 +1195,72 @@ var schemaYAML = typed.YAMLObject(`types: scalar: string - name: metadata type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io default: {} - name: spec type: - namedType: com.github.openshift.api.config.v1.DNSSpec + namedType: com.github.openshift.api.config.v1.ClusterImagePolicySpec default: {} - name: status type: - namedType: com.github.openshift.api.config.v1.DNSStatus + namedType: com.github.openshift.api.config.v1.ClusterImagePolicyStatus default: {} -- name: com.github.openshift.api.config.v1.DNSPlatformSpec +- name: com.github.openshift.api.config.v1.ClusterImagePolicySpec map: fields: - - name: aws + - name: policy type: - namedType: com.github.openshift.api.config.v1.AWSDNSSpec - - name: type + namedType: com.github.openshift.api.config.v1.ImageSigstoreVerificationPolicy + default: {} + - name: scopes type: - scalar: string - default: "" - unions: - - discriminator: type - fields: - - fieldName: aws - discriminatorValue: AWS -- name: com.github.openshift.api.config.v1.DNSSpec + list: + elementType: + scalar: string + elementRelationship: associative +- name: com.github.openshift.api.config.v1.ClusterImagePolicyStatus map: fields: - - name: baseDomain + - name: conditions + type: + list: + elementType: + namedType: Condition.v1.meta.apis.pkg.apimachinery.k8s.io + elementRelationship: associative + keys: + - type +- name: com.github.openshift.api.config.v1.ClusterNetworkEntry + map: + fields: + - name: cidr type: scalar: string default: "" - - name: platform - type: - namedType: com.github.openshift.api.config.v1.DNSPlatformSpec - default: {} - - name: privateZone - type: - namedType: com.github.openshift.api.config.v1.DNSZone - - name: publicZone + - name: hostPrefix type: - namedType: com.github.openshift.api.config.v1.DNSZone -- name: com.github.openshift.api.config.v1.DNSStatus - map: - elementType: - scalar: untyped - list: - elementType: - namedType: __untyped_atomic_ - elementRelationship: atomic - map: - elementType: - namedType: __untyped_deduced_ - elementRelationship: separable -- name: com.github.openshift.api.config.v1.DNSZone + scalar: numeric +- name: com.github.openshift.api.config.v1.ClusterOperator map: fields: - - name: id + - name: apiVersion type: scalar: string - - name: tags + - name: kind type: - map: - elementType: - scalar: string -- name: com.github.openshift.api.config.v1.DeprecatedWebhookTokenAuthenticator - map: - fields: - - name: kubeConfig + scalar: string + - name: metadata type: - namedType: com.github.openshift.api.config.v1.SecretNameReference + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io default: {} -- name: com.github.openshift.api.config.v1.EquinixMetalPlatformSpec + - name: spec + type: + namedType: com.github.openshift.api.config.v1.ClusterOperatorSpec + default: {} + - name: status + type: + namedType: com.github.openshift.api.config.v1.ClusterOperatorStatus + default: {} +- name: com.github.openshift.api.config.v1.ClusterOperatorSpec map: elementType: scalar: untyped @@ -1227,68 +1272,53 @@ var schemaYAML = typed.YAMLObject(`types: elementType: namedType: __untyped_deduced_ elementRelationship: separable -- name: com.github.openshift.api.config.v1.EquinixMetalPlatformStatus - map: - fields: - - name: apiServerInternalIP - type: - scalar: string - - name: ingressIP - type: - scalar: string -- name: com.github.openshift.api.config.v1.ExternalIPConfig +- name: com.github.openshift.api.config.v1.ClusterOperatorStatus map: fields: - - name: autoAssignCIDRs + - name: conditions type: list: elementType: - scalar: string - elementRelationship: atomic - - name: policy + namedType: com.github.openshift.api.config.v1.ClusterOperatorStatusCondition + elementRelationship: associative + keys: + - type + - name: extension type: - namedType: com.github.openshift.api.config.v1.ExternalIPPolicy -- name: com.github.openshift.api.config.v1.ExternalIPPolicy - map: - fields: - - name: allowedCIDRs + namedType: RawExtension.runtime.pkg.apimachinery.k8s.io + - name: relatedObjects type: list: elementType: - scalar: string + namedType: com.github.openshift.api.config.v1.ObjectReference elementRelationship: atomic - - name: rejectedCIDRs + - name: versions type: list: elementType: - scalar: string + namedType: com.github.openshift.api.config.v1.OperandVersion elementRelationship: atomic -- name: com.github.openshift.api.config.v1.ExternalPlatformSpec +- name: com.github.openshift.api.config.v1.ClusterOperatorStatusCondition map: fields: - - name: platformName + - name: lastTransitionTime + type: + namedType: Time.v1.meta.apis.pkg.apimachinery.k8s.io + - name: message type: scalar: string - default: Unknown -- name: com.github.openshift.api.config.v1.ExternalPlatformStatus - map: - fields: - - name: cloudControllerManager + - name: reason type: - namedType: com.github.openshift.api.config.v1.CloudControllerManagerStatus - default: {} -- name: com.github.openshift.api.config.v1.ExtraMapping - map: - fields: - - name: key + scalar: string + - name: status type: scalar: string default: "" - - name: valueExpression + - name: type type: scalar: string default: "" -- name: com.github.openshift.api.config.v1.FeatureGate +- name: com.github.openshift.api.config.v1.ClusterVersion map: fields: - name: apiVersion @@ -1299,318 +1329,267 @@ var schemaYAML = typed.YAMLObject(`types: scalar: string - name: metadata type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io default: {} - name: spec type: - namedType: com.github.openshift.api.config.v1.FeatureGateSpec + namedType: com.github.openshift.api.config.v1.ClusterVersionSpec default: {} - name: status type: - namedType: com.github.openshift.api.config.v1.FeatureGateStatus + namedType: com.github.openshift.api.config.v1.ClusterVersionStatus default: {} -- name: com.github.openshift.api.config.v1.FeatureGateAttributes +- name: com.github.openshift.api.config.v1.ClusterVersionCapabilitiesSpec map: fields: - - name: name + - name: additionalEnabledCapabilities + type: + list: + elementType: + scalar: string + elementRelationship: atomic + - name: baselineCapabilitySet type: scalar: string - default: "" -- name: com.github.openshift.api.config.v1.FeatureGateDetails +- name: com.github.openshift.api.config.v1.ClusterVersionCapabilitiesStatus map: fields: - - name: disabled + - name: enabledCapabilities type: list: elementType: - namedType: com.github.openshift.api.config.v1.FeatureGateAttributes + scalar: string elementRelationship: atomic - - name: enabled + - name: knownCapabilities type: list: elementType: - namedType: com.github.openshift.api.config.v1.FeatureGateAttributes + scalar: string elementRelationship: atomic - - name: version - type: - scalar: string - default: "" -- name: com.github.openshift.api.config.v1.FeatureGateSpec +- name: com.github.openshift.api.config.v1.ClusterVersionSpec map: fields: - - name: customNoUpgrade + - name: capabilities type: - namedType: com.github.openshift.api.config.v1.CustomFeatureGates - - name: featureSet + namedType: com.github.openshift.api.config.v1.ClusterVersionCapabilitiesSpec + - name: channel type: scalar: string - unions: - - discriminator: featureSet - fields: - - fieldName: customNoUpgrade - discriminatorValue: CustomNoUpgrade -- name: com.github.openshift.api.config.v1.FeatureGateStatus - map: - fields: - - name: conditions + - name: clusterID + type: + scalar: string + default: "" + - name: desiredUpdate + type: + namedType: com.github.openshift.api.config.v1.Update + - name: overrides type: list: elementType: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Condition + namedType: com.github.openshift.api.config.v1.ComponentOverride elementRelationship: associative keys: - - type - - name: featureGates + - kind + - group + - namespace + - name + - name: signatureStores type: list: elementType: - namedType: com.github.openshift.api.config.v1.FeatureGateDetails + namedType: com.github.openshift.api.config.v1.SignatureStore elementRelationship: associative keys: - - version -- name: com.github.openshift.api.config.v1.GCPPlatformSpec - map: - elementType: - scalar: untyped - list: - elementType: - namedType: __untyped_atomic_ - elementRelationship: atomic - map: - elementType: - namedType: __untyped_deduced_ - elementRelationship: separable -- name: com.github.openshift.api.config.v1.GCPPlatformStatus + - url + - name: upstream + type: + scalar: string +- name: com.github.openshift.api.config.v1.ClusterVersionStatus map: fields: - - name: cloudLoadBalancerConfig - type: - namedType: com.github.openshift.api.config.v1.CloudLoadBalancerConfig - default: - dnsType: PlatformDefault - - name: projectID + - name: availableUpdates type: - scalar: string - default: "" - - name: region + list: + elementType: + namedType: com.github.openshift.api.config.v1.Release + elementRelationship: atomic + - name: capabilities type: - scalar: string - default: "" - - name: resourceLabels + namedType: com.github.openshift.api.config.v1.ClusterVersionCapabilitiesStatus + default: {} + - name: conditionalUpdateRisks type: list: elementType: - namedType: com.github.openshift.api.config.v1.GCPResourceLabel + namedType: com.github.openshift.api.config.v1.ConditionalUpdateRisk elementRelationship: associative keys: - - key - - name: resourceTags + - name + - name: conditionalUpdates type: list: elementType: - namedType: com.github.openshift.api.config.v1.GCPResourceTag + namedType: com.github.openshift.api.config.v1.ConditionalUpdate + elementRelationship: atomic + - name: conditions + type: + list: + elementType: + namedType: com.github.openshift.api.config.v1.ClusterOperatorStatusCondition elementRelationship: associative keys: - - key -- name: com.github.openshift.api.config.v1.GCPResourceLabel - map: - fields: - - name: key + - type + - name: desired type: - scalar: string - default: "" - - name: value + namedType: com.github.openshift.api.config.v1.Release + default: {} + - name: history + type: + list: + elementType: + namedType: com.github.openshift.api.config.v1.UpdateHistory + elementRelationship: atomic + - name: observedGeneration + type: + scalar: numeric + default: 0 + - name: versionHash type: scalar: string default: "" -- name: com.github.openshift.api.config.v1.GCPResourceTag +- name: com.github.openshift.api.config.v1.ComponentOverride map: fields: - - name: key + - name: group type: scalar: string default: "" - - name: parentID + - name: kind type: scalar: string default: "" - - name: value + - name: name type: scalar: string default: "" -- name: com.github.openshift.api.config.v1.GatherConfig - map: - fields: - - name: dataPolicy - type: - list: - elementType: - scalar: string - elementRelationship: atomic - - name: gatherers - type: - namedType: com.github.openshift.api.config.v1.Gatherers - default: {} - - name: storage - type: - namedType: com.github.openshift.api.config.v1.Storage - default: {} -- name: com.github.openshift.api.config.v1.GathererConfig - map: - fields: - - name: name + - name: namespace type: scalar: string - - name: state + default: "" + - name: unmanaged type: - scalar: string -- name: com.github.openshift.api.config.v1.Gatherers + scalar: boolean + default: false +- name: com.github.openshift.api.config.v1.ComponentRouteSpec map: fields: - - name: custom - type: - namedType: com.github.openshift.api.config.v1.Custom - default: {} - - name: mode + - name: hostname type: scalar: string - unions: - - discriminator: mode - fields: - - fieldName: custom - discriminatorValue: Custom -- name: com.github.openshift.api.config.v1.GitHubIdentityProvider - map: - fields: - - name: ca + default: "" + - name: name type: - namedType: com.github.openshift.api.config.v1.ConfigMapNameReference - default: {} - - name: clientID + scalar: string + default: "" + - name: namespace type: scalar: string default: "" - - name: clientSecret + - name: servingCertKeyPairSecret type: namedType: com.github.openshift.api.config.v1.SecretNameReference default: {} - - name: hostname +- name: com.github.openshift.api.config.v1.ComponentRouteStatus + map: + fields: + - name: conditions type: - scalar: string - default: "" - - name: organizations + list: + elementType: + namedType: Condition.v1.meta.apis.pkg.apimachinery.k8s.io + elementRelationship: associative + keys: + - type + - name: consumingUsers type: list: elementType: scalar: string elementRelationship: atomic - - name: teams + - name: currentHostnames type: list: elementType: scalar: string elementRelationship: atomic -- name: com.github.openshift.api.config.v1.GitLabIdentityProvider - map: - fields: - - name: ca - type: - namedType: com.github.openshift.api.config.v1.ConfigMapNameReference - default: {} - - name: clientID - type: - scalar: string - default: "" - - name: clientSecret - type: - namedType: com.github.openshift.api.config.v1.SecretNameReference - default: {} - - name: url + - name: defaultHostname type: scalar: string default: "" -- name: com.github.openshift.api.config.v1.GoogleIdentityProvider - map: - fields: - - name: clientID + - name: name type: scalar: string default: "" - - name: clientSecret - type: - namedType: com.github.openshift.api.config.v1.SecretNameReference - default: {} - - name: hostedDomain + - name: namespace type: scalar: string default: "" -- name: com.github.openshift.api.config.v1.HTPasswdIdentityProvider - map: - fields: - - name: fileData + - name: relatedObjects type: - namedType: com.github.openshift.api.config.v1.SecretNameReference - default: {} -- name: com.github.openshift.api.config.v1.HubSource + list: + elementType: + namedType: com.github.openshift.api.config.v1.ObjectReference + elementRelationship: atomic +- name: com.github.openshift.api.config.v1.ConditionalUpdate map: fields: - - name: disabled - type: - scalar: boolean - default: false - - name: name + - name: conditions type: - scalar: string - default: "" -- name: com.github.openshift.api.config.v1.HubSourceStatus - map: - fields: - - name: message + list: + elementType: + namedType: Condition.v1.meta.apis.pkg.apimachinery.k8s.io + elementRelationship: associative + keys: + - type + - name: release type: - scalar: string - - name: status + namedType: com.github.openshift.api.config.v1.Release + default: {} + - name: riskNames type: - scalar: string -- name: com.github.openshift.api.config.v1.IBMCloudPlatformSpec - map: - fields: - - name: serviceEndpoints + list: + elementType: + scalar: string + elementRelationship: associative + - name: risks type: list: elementType: - namedType: com.github.openshift.api.config.v1.IBMCloudServiceEndpoint + namedType: com.github.openshift.api.config.v1.ConditionalUpdateRisk elementRelationship: associative keys: - name -- name: com.github.openshift.api.config.v1.IBMCloudPlatformStatus +- name: com.github.openshift.api.config.v1.ConditionalUpdateRisk map: fields: - - name: cisInstanceCRN - type: - scalar: string - - name: dnsInstanceCRN - type: - scalar: string - - name: location - type: - scalar: string - - name: providerType - type: - scalar: string - - name: resourceGroupName - type: - scalar: string - - name: serviceEndpoints + - name: conditions type: list: elementType: - namedType: com.github.openshift.api.config.v1.IBMCloudServiceEndpoint + namedType: Condition.v1.meta.apis.pkg.apimachinery.k8s.io elementRelationship: associative keys: - - name -- name: com.github.openshift.api.config.v1.IBMCloudServiceEndpoint - map: - fields: + - type + - name: matchingRules + type: + list: + elementType: + namedType: com.github.openshift.api.config.v1.ClusterCondition + elementRelationship: atomic + - name: message + type: + scalar: string + default: "" - name: name type: scalar: string @@ -1619,48 +1598,24 @@ var schemaYAML = typed.YAMLObject(`types: type: scalar: string default: "" -- name: com.github.openshift.api.config.v1.IdentityProvider +- name: com.github.openshift.api.config.v1.ConfigMapFileReference map: fields: - - name: basicAuth - type: - namedType: com.github.openshift.api.config.v1.BasicAuthIdentityProvider - - name: github - type: - namedType: com.github.openshift.api.config.v1.GitHubIdentityProvider - - name: gitlab - type: - namedType: com.github.openshift.api.config.v1.GitLabIdentityProvider - - name: google - type: - namedType: com.github.openshift.api.config.v1.GoogleIdentityProvider - - name: htpasswd - type: - namedType: com.github.openshift.api.config.v1.HTPasswdIdentityProvider - - name: keystone - type: - namedType: com.github.openshift.api.config.v1.KeystoneIdentityProvider - - name: ldap - type: - namedType: com.github.openshift.api.config.v1.LDAPIdentityProvider - - name: mappingMethod + - name: key type: scalar: string - name: name type: scalar: string default: "" - - name: openID - type: - namedType: com.github.openshift.api.config.v1.OpenIDIdentityProvider - - name: requestHeader - type: - namedType: com.github.openshift.api.config.v1.RequestHeaderIdentityProvider - - name: type +- name: com.github.openshift.api.config.v1.ConfigMapNameReference + map: + fields: + - name: name type: scalar: string default: "" -- name: com.github.openshift.api.config.v1.Image +- name: com.github.openshift.api.config.v1.Console map: fields: - name: apiVersion @@ -1671,113 +1626,76 @@ var schemaYAML = typed.YAMLObject(`types: scalar: string - name: metadata type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io default: {} - name: spec type: - namedType: com.github.openshift.api.config.v1.ImageSpec + namedType: com.github.openshift.api.config.v1.ConsoleSpec default: {} - name: status type: - namedType: com.github.openshift.api.config.v1.ImageStatus + namedType: com.github.openshift.api.config.v1.ConsoleStatus default: {} -- name: com.github.openshift.api.config.v1.ImageContentPolicy +- name: com.github.openshift.api.config.v1.ConsoleAuthentication map: fields: - - name: apiVersion + - name: logoutRedirect type: scalar: string - - name: kind +- name: com.github.openshift.api.config.v1.ConsoleSpec + map: + fields: + - name: authentication type: - scalar: string - - name: metadata - type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + namedType: com.github.openshift.api.config.v1.ConsoleAuthentication default: {} - - name: spec +- name: com.github.openshift.api.config.v1.ConsoleStatus + map: + fields: + - name: consoleURL type: - namedType: com.github.openshift.api.config.v1.ImageContentPolicySpec - default: {} -- name: com.github.openshift.api.config.v1.ImageContentPolicySpec + scalar: string + default: "" +- name: com.github.openshift.api.config.v1.Custom map: fields: - - name: repositoryDigestMirrors + - name: configs type: list: elementType: - namedType: com.github.openshift.api.config.v1.RepositoryDigestMirrors + namedType: com.github.openshift.api.config.v1.GathererConfig elementRelationship: associative keys: - - source -- name: com.github.openshift.api.config.v1.ImageDigestMirrorSet + - name +- name: com.github.openshift.api.config.v1.CustomFeatureGates map: fields: - - name: apiVersion - type: - scalar: string - - name: kind - type: - scalar: string - - name: metadata - type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta - default: {} - - name: spec - type: - namedType: com.github.openshift.api.config.v1.ImageDigestMirrorSetSpec - default: {} - - name: status + - name: disabled type: - namedType: com.github.openshift.api.config.v1.ImageDigestMirrorSetStatus - default: {} -- name: com.github.openshift.api.config.v1.ImageDigestMirrorSetSpec - map: - fields: - - name: imageDigestMirrors + list: + elementType: + scalar: string + elementRelationship: atomic + - name: enabled type: list: elementType: - namedType: com.github.openshift.api.config.v1.ImageDigestMirrors + scalar: string elementRelationship: atomic -- name: com.github.openshift.api.config.v1.ImageDigestMirrorSetStatus - map: - elementType: - scalar: untyped - list: - elementType: - namedType: __untyped_atomic_ - elementRelationship: atomic - map: - elementType: - namedType: __untyped_deduced_ - elementRelationship: separable -- name: com.github.openshift.api.config.v1.ImageDigestMirrors +- name: com.github.openshift.api.config.v1.CustomTLSProfile map: fields: - - name: mirrorSourcePolicy - type: - scalar: string - - name: mirrors + - name: ciphers type: list: elementType: scalar: string - elementRelationship: associative - - name: source - type: - scalar: string - default: "" -- name: com.github.openshift.api.config.v1.ImageLabel - map: - fields: - - name: name + elementRelationship: atomic + - name: minTLSVersion type: scalar: string default: "" - - name: value - type: - scalar: string -- name: com.github.openshift.api.config.v1.ImagePolicy +- name: com.github.openshift.api.config.v1.DNS map: fields: - name: apiVersion @@ -1788,128 +1706,152 @@ var schemaYAML = typed.YAMLObject(`types: scalar: string - name: metadata type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io default: {} - name: spec type: - namedType: com.github.openshift.api.config.v1.ImagePolicySpec + namedType: com.github.openshift.api.config.v1.DNSSpec default: {} - name: status type: - namedType: com.github.openshift.api.config.v1.ImagePolicyStatus + namedType: com.github.openshift.api.config.v1.DNSStatus default: {} -- name: com.github.openshift.api.config.v1.ImagePolicyFulcioCAWithRekorRootOfTrust +- name: com.github.openshift.api.config.v1.DNSPlatformSpec map: fields: - - name: fulcioCAData - type: - scalar: string - - name: fulcioSubject + - name: aws type: - namedType: com.github.openshift.api.config.v1.PolicyFulcioSubject - default: {} - - name: rekorKeyData + namedType: com.github.openshift.api.config.v1.AWSDNSSpec + - name: type type: scalar: string -- name: com.github.openshift.api.config.v1.ImagePolicyPKIRootOfTrust + default: "" + unions: + - discriminator: type + fields: + - fieldName: aws + discriminatorValue: AWS +- name: com.github.openshift.api.config.v1.DNSSpec map: fields: - - name: caIntermediatesData - type: - scalar: string - - name: caRootsData + - name: baseDomain type: scalar: string - - name: pkiCertificateSubject + default: "" + - name: platform type: - namedType: com.github.openshift.api.config.v1.PKICertificateSubject + namedType: com.github.openshift.api.config.v1.DNSPlatformSpec default: {} -- name: com.github.openshift.api.config.v1.ImagePolicyPublicKeyRootOfTrust - map: - fields: - - name: keyData + - name: privateZone type: - scalar: string - - name: rekorKeyData + namedType: com.github.openshift.api.config.v1.DNSZone + - name: publicZone type: - scalar: string -- name: com.github.openshift.api.config.v1.ImagePolicySpec + namedType: com.github.openshift.api.config.v1.DNSZone +- name: com.github.openshift.api.config.v1.DNSStatus + map: + elementType: + scalar: untyped + list: + elementType: + namedType: __untyped_atomic_ + elementRelationship: atomic + map: + elementType: + namedType: __untyped_deduced_ + elementRelationship: separable +- name: com.github.openshift.api.config.v1.DNSZone map: fields: - - name: policy + - name: id type: - namedType: com.github.openshift.api.config.v1.ImageSigstoreVerificationPolicy - default: {} - - name: scopes + scalar: string + - name: tags type: - list: + map: elementType: scalar: string - elementRelationship: associative -- name: com.github.openshift.api.config.v1.ImagePolicyStatus +- name: com.github.openshift.api.config.v1.DeprecatedWebhookTokenAuthenticator map: fields: - - name: conditions + - name: kubeConfig type: - list: - elementType: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Condition - elementRelationship: associative - keys: - - type -- name: com.github.openshift.api.config.v1.ImageSigstoreVerificationPolicy + namedType: com.github.openshift.api.config.v1.SecretNameReference + default: {} +- name: com.github.openshift.api.config.v1.EquinixMetalPlatformSpec + map: + elementType: + scalar: untyped + list: + elementType: + namedType: __untyped_atomic_ + elementRelationship: atomic + map: + elementType: + namedType: __untyped_deduced_ + elementRelationship: separable +- name: com.github.openshift.api.config.v1.EquinixMetalPlatformStatus map: fields: - - name: rootOfTrust + - name: apiServerInternalIP type: - namedType: com.github.openshift.api.config.v1.PolicyRootOfTrust - default: {} - - name: signedIdentity + scalar: string + - name: ingressIP type: - namedType: com.github.openshift.api.config.v1.PolicyIdentity -- name: com.github.openshift.api.config.v1.ImageSpec + scalar: string +- name: com.github.openshift.api.config.v1.ExternalIPConfig map: fields: - - name: additionalTrustedCA + - name: autoAssignCIDRs type: - namedType: com.github.openshift.api.config.v1.ConfigMapNameReference - default: {} - - name: allowedRegistriesForImport + list: + elementType: + scalar: string + elementRelationship: atomic + - name: policy + type: + namedType: com.github.openshift.api.config.v1.ExternalIPPolicy +- name: com.github.openshift.api.config.v1.ExternalIPPolicy + map: + fields: + - name: allowedCIDRs type: list: elementType: - namedType: com.github.openshift.api.config.v1.RegistryLocation + scalar: string elementRelationship: atomic - - name: externalRegistryHostnames + - name: rejectedCIDRs type: list: elementType: scalar: string elementRelationship: atomic - - name: imageStreamImportMode +- name: com.github.openshift.api.config.v1.ExternalPlatformSpec + map: + fields: + - name: platformName type: scalar: string - default: "" - - name: registrySources + default: Unknown +- name: com.github.openshift.api.config.v1.ExternalPlatformStatus + map: + fields: + - name: cloudControllerManager type: - namedType: com.github.openshift.api.config.v1.RegistrySources + namedType: com.github.openshift.api.config.v1.CloudControllerManagerStatus default: {} -- name: com.github.openshift.api.config.v1.ImageStatus +- name: com.github.openshift.api.config.v1.ExtraMapping map: fields: - - name: externalRegistryHostnames - type: - list: - elementType: - scalar: string - elementRelationship: atomic - - name: imageStreamImportMode + - name: key type: scalar: string - - name: internalRegistryHostname + default: "" + - name: valueExpression type: scalar: string -- name: com.github.openshift.api.config.v1.ImageTagMirrorSet + default: "" +- name: com.github.openshift.api.config.v1.FeatureGate map: fields: - name: apiVersion @@ -1920,26 +1862,76 @@ var schemaYAML = typed.YAMLObject(`types: scalar: string - name: metadata type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io default: {} - name: spec type: - namedType: com.github.openshift.api.config.v1.ImageTagMirrorSetSpec + namedType: com.github.openshift.api.config.v1.FeatureGateSpec default: {} - name: status type: - namedType: com.github.openshift.api.config.v1.ImageTagMirrorSetStatus + namedType: com.github.openshift.api.config.v1.FeatureGateStatus default: {} -- name: com.github.openshift.api.config.v1.ImageTagMirrorSetSpec +- name: com.github.openshift.api.config.v1.FeatureGateAttributes map: fields: - - name: imageTagMirrors + - name: name + type: + scalar: string + default: "" +- name: com.github.openshift.api.config.v1.FeatureGateDetails + map: + fields: + - name: disabled type: list: elementType: - namedType: com.github.openshift.api.config.v1.ImageTagMirrors + namedType: com.github.openshift.api.config.v1.FeatureGateAttributes elementRelationship: atomic -- name: com.github.openshift.api.config.v1.ImageTagMirrorSetStatus + - name: enabled + type: + list: + elementType: + namedType: com.github.openshift.api.config.v1.FeatureGateAttributes + elementRelationship: atomic + - name: version + type: + scalar: string + default: "" +- name: com.github.openshift.api.config.v1.FeatureGateSpec + map: + fields: + - name: customNoUpgrade + type: + namedType: com.github.openshift.api.config.v1.CustomFeatureGates + - name: featureSet + type: + scalar: string + unions: + - discriminator: featureSet + fields: + - fieldName: customNoUpgrade + discriminatorValue: CustomNoUpgrade +- name: com.github.openshift.api.config.v1.FeatureGateStatus + map: + fields: + - name: conditions + type: + list: + elementType: + namedType: Condition.v1.meta.apis.pkg.apimachinery.k8s.io + elementRelationship: associative + keys: + - type + - name: featureGates + type: + list: + elementType: + namedType: com.github.openshift.api.config.v1.FeatureGateDetails + elementRelationship: associative + keys: + - version +- name: com.github.openshift.api.config.v1.GCPPlatformSpec map: elementType: scalar: untyped @@ -1951,172 +1943,287 @@ var schemaYAML = typed.YAMLObject(`types: elementType: namedType: __untyped_deduced_ elementRelationship: separable -- name: com.github.openshift.api.config.v1.ImageTagMirrors +- name: com.github.openshift.api.config.v1.GCPPlatformStatus map: fields: - - name: mirrorSourcePolicy + - name: cloudLoadBalancerConfig + type: + namedType: com.github.openshift.api.config.v1.CloudLoadBalancerConfig + default: + dnsType: PlatformDefault + - name: projectID type: scalar: string - - name: mirrors + default: "" + - name: region + type: + scalar: string + default: "" + - name: resourceLabels type: list: elementType: - scalar: string + namedType: com.github.openshift.api.config.v1.GCPResourceLabel elementRelationship: associative - - name: source + keys: + - key + - name: resourceTags + type: + list: + elementType: + namedType: com.github.openshift.api.config.v1.GCPResourceTag + elementRelationship: associative + keys: + - key +- name: com.github.openshift.api.config.v1.GCPResourceLabel + map: + fields: + - name: key type: scalar: string default: "" -- name: com.github.openshift.api.config.v1.Infrastructure + - name: value + type: + scalar: string + default: "" +- name: com.github.openshift.api.config.v1.GCPResourceTag map: fields: - - name: apiVersion + - name: key type: scalar: string - - name: kind + default: "" + - name: parentID type: scalar: string - - name: metadata + default: "" + - name: value type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta - default: {} - - name: spec + scalar: string + default: "" +- name: com.github.openshift.api.config.v1.GatherConfig + map: + fields: + - name: dataPolicy type: - namedType: com.github.openshift.api.config.v1.InfrastructureSpec + list: + elementType: + scalar: string + elementRelationship: atomic + - name: gatherers + type: + namedType: com.github.openshift.api.config.v1.Gatherers default: {} - - name: status + - name: storage type: - namedType: com.github.openshift.api.config.v1.InfrastructureStatus + namedType: com.github.openshift.api.config.v1.Storage default: {} -- name: com.github.openshift.api.config.v1.InfrastructureSpec +- name: com.github.openshift.api.config.v1.GathererConfig map: fields: - - name: cloudConfig + - name: name type: - namedType: com.github.openshift.api.config.v1.ConfigMapFileReference - default: {} - - name: platformSpec + scalar: string + - name: state type: - namedType: com.github.openshift.api.config.v1.PlatformSpec - default: {} -- name: com.github.openshift.api.config.v1.InfrastructureStatus + scalar: string +- name: com.github.openshift.api.config.v1.Gatherers map: fields: - - name: apiServerInternalURI + - name: custom type: - scalar: string - default: "" - - name: apiServerURL + namedType: com.github.openshift.api.config.v1.Custom + default: {} + - name: mode type: scalar: string - default: "" - - name: controlPlaneTopology + unions: + - discriminator: mode + fields: + - fieldName: custom + discriminatorValue: Custom +- name: com.github.openshift.api.config.v1.GitHubIdentityProvider + map: + fields: + - name: ca + type: + namedType: com.github.openshift.api.config.v1.ConfigMapNameReference + default: {} + - name: clientID type: scalar: string default: "" - - name: cpuPartitioning + - name: clientSecret type: - scalar: string - default: None - - name: etcdDiscoveryDomain + namedType: com.github.openshift.api.config.v1.SecretNameReference + default: {} + - name: hostname type: scalar: string default: "" - - name: infrastructureName + - name: organizations + type: + list: + elementType: + scalar: string + elementRelationship: atomic + - name: teams + type: + list: + elementType: + scalar: string + elementRelationship: atomic +- name: com.github.openshift.api.config.v1.GitLabIdentityProvider + map: + fields: + - name: ca + type: + namedType: com.github.openshift.api.config.v1.ConfigMapNameReference + default: {} + - name: clientID type: scalar: string default: "" - - name: infrastructureTopology + - name: clientSecret type: - scalar: string - - name: platform + namedType: com.github.openshift.api.config.v1.SecretNameReference + default: {} + - name: url type: scalar: string - - name: platformStatus - type: - namedType: com.github.openshift.api.config.v1.PlatformStatus -- name: com.github.openshift.api.config.v1.Ingress + default: "" +- name: com.github.openshift.api.config.v1.GoogleIdentityProvider map: fields: - - name: apiVersion - type: - scalar: string - - name: kind + - name: clientID type: scalar: string - - name: metadata + default: "" + - name: clientSecret type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + namedType: com.github.openshift.api.config.v1.SecretNameReference default: {} - - name: spec + - name: hostedDomain type: - namedType: com.github.openshift.api.config.v1.IngressSpec - default: {} - - name: status + scalar: string + default: "" +- name: com.github.openshift.api.config.v1.HTPasswdIdentityProvider + map: + fields: + - name: fileData type: - namedType: com.github.openshift.api.config.v1.IngressStatus + namedType: com.github.openshift.api.config.v1.SecretNameReference default: {} -- name: com.github.openshift.api.config.v1.IngressPlatformSpec +- name: com.github.openshift.api.config.v1.HubSource map: fields: - - name: aws + - name: disabled type: - namedType: com.github.openshift.api.config.v1.AWSIngressSpec - - name: type + scalar: boolean + default: false + - name: name type: scalar: string default: "" - unions: - - discriminator: type - fields: - - fieldName: aws - discriminatorValue: AWS -- name: com.github.openshift.api.config.v1.IngressSpec +- name: com.github.openshift.api.config.v1.HubSourceStatus map: fields: - - name: appsDomain + - name: message type: scalar: string - - name: componentRoutes + - name: status + type: + scalar: string +- name: com.github.openshift.api.config.v1.IBMCloudPlatformSpec + map: + fields: + - name: serviceEndpoints type: list: elementType: - namedType: com.github.openshift.api.config.v1.ComponentRouteSpec + namedType: com.github.openshift.api.config.v1.IBMCloudServiceEndpoint elementRelationship: associative keys: - - namespace - name - - name: domain +- name: com.github.openshift.api.config.v1.IBMCloudPlatformStatus + map: + fields: + - name: cisInstanceCRN type: scalar: string - default: "" - - name: loadBalancer + - name: dnsInstanceCRN type: - namedType: com.github.openshift.api.config.v1.LoadBalancer - default: {} - - name: requiredHSTSPolicies + scalar: string + - name: location type: - list: - elementType: - namedType: com.github.openshift.api.config.v1.RequiredHSTSPolicy - elementRelationship: atomic -- name: com.github.openshift.api.config.v1.IngressStatus - map: - fields: - - name: componentRoutes + scalar: string + - name: providerType + type: + scalar: string + - name: resourceGroupName + type: + scalar: string + - name: serviceEndpoints type: list: elementType: - namedType: com.github.openshift.api.config.v1.ComponentRouteStatus + namedType: com.github.openshift.api.config.v1.IBMCloudServiceEndpoint elementRelationship: associative keys: - - namespace - name - - name: defaultPlacement +- name: com.github.openshift.api.config.v1.IBMCloudServiceEndpoint + map: + fields: + - name: name type: scalar: string default: "" -- name: com.github.openshift.api.config.v1.InsightsDataGather + - name: url + type: + scalar: string + default: "" +- name: com.github.openshift.api.config.v1.IdentityProvider + map: + fields: + - name: basicAuth + type: + namedType: com.github.openshift.api.config.v1.BasicAuthIdentityProvider + - name: github + type: + namedType: com.github.openshift.api.config.v1.GitHubIdentityProvider + - name: gitlab + type: + namedType: com.github.openshift.api.config.v1.GitLabIdentityProvider + - name: google + type: + namedType: com.github.openshift.api.config.v1.GoogleIdentityProvider + - name: htpasswd + type: + namedType: com.github.openshift.api.config.v1.HTPasswdIdentityProvider + - name: keystone + type: + namedType: com.github.openshift.api.config.v1.KeystoneIdentityProvider + - name: ldap + type: + namedType: com.github.openshift.api.config.v1.LDAPIdentityProvider + - name: mappingMethod + type: + scalar: string + - name: name + type: + scalar: string + default: "" + - name: openID + type: + namedType: com.github.openshift.api.config.v1.OpenIDIdentityProvider + - name: requestHeader + type: + namedType: com.github.openshift.api.config.v1.RequestHeaderIdentityProvider + - name: type + type: + scalar: string + default: "" +- name: com.github.openshift.api.config.v1.Image map: fields: - name: apiVersion @@ -2127,70 +2234,75 @@ var schemaYAML = typed.YAMLObject(`types: scalar: string - name: metadata type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io default: {} - name: spec type: - namedType: com.github.openshift.api.config.v1.InsightsDataGatherSpec + namedType: com.github.openshift.api.config.v1.ImageSpec default: {} -- name: com.github.openshift.api.config.v1.InsightsDataGatherSpec - map: - fields: - - name: gatherConfig + - name: status type: - namedType: com.github.openshift.api.config.v1.GatherConfig + namedType: com.github.openshift.api.config.v1.ImageStatus default: {} -- name: com.github.openshift.api.config.v1.IntermediateTLSProfile - map: - elementType: - scalar: untyped - list: - elementType: - namedType: __untyped_atomic_ - elementRelationship: atomic - map: - elementType: - namedType: __untyped_deduced_ - elementRelationship: separable -- name: com.github.openshift.api.config.v1.KMSConfig +- name: com.github.openshift.api.config.v1.ImageContentPolicy map: fields: - - name: aws + - name: apiVersion type: - namedType: com.github.openshift.api.config.v1.AWSKMSConfig - - name: type + scalar: string + - name: kind type: scalar: string - default: "" - unions: - - discriminator: type - fields: - - fieldName: aws - discriminatorValue: AWS -- name: com.github.openshift.api.config.v1.KeystoneIdentityProvider + - name: metadata + type: + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io + default: {} + - name: spec + type: + namedType: com.github.openshift.api.config.v1.ImageContentPolicySpec + default: {} +- name: com.github.openshift.api.config.v1.ImageContentPolicySpec map: fields: - - name: ca + - name: repositoryDigestMirrors type: - namedType: com.github.openshift.api.config.v1.ConfigMapNameReference - default: {} - - name: domainName + list: + elementType: + namedType: com.github.openshift.api.config.v1.RepositoryDigestMirrors + elementRelationship: associative + keys: + - source +- name: com.github.openshift.api.config.v1.ImageDigestMirrorSet + map: + fields: + - name: apiVersion type: scalar: string - default: "" - - name: tlsClientCert + - name: kind type: - namedType: com.github.openshift.api.config.v1.SecretNameReference + scalar: string + - name: metadata + type: + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io default: {} - - name: tlsClientKey + - name: spec type: - namedType: com.github.openshift.api.config.v1.SecretNameReference + namedType: com.github.openshift.api.config.v1.ImageDigestMirrorSetSpec default: {} - - name: url + - name: status type: - scalar: string - default: "" -- name: com.github.openshift.api.config.v1.KubevirtPlatformSpec + namedType: com.github.openshift.api.config.v1.ImageDigestMirrorSetStatus + default: {} +- name: com.github.openshift.api.config.v1.ImageDigestMirrorSetSpec + map: + fields: + - name: imageDigestMirrors + type: + list: + elementType: + namedType: com.github.openshift.api.config.v1.ImageDigestMirrors + elementRelationship: atomic +- name: com.github.openshift.api.config.v1.ImageDigestMirrorSetStatus map: elementType: scalar: untyped @@ -2202,250 +2314,223 @@ var schemaYAML = typed.YAMLObject(`types: elementType: namedType: __untyped_deduced_ elementRelationship: separable -- name: com.github.openshift.api.config.v1.KubevirtPlatformStatus +- name: com.github.openshift.api.config.v1.ImageDigestMirrors map: fields: - - name: apiServerInternalIP - type: - scalar: string - - name: ingressIP + - name: mirrorSourcePolicy type: scalar: string -- name: com.github.openshift.api.config.v1.LDAPAttributeMapping - map: - fields: - - name: email + - name: mirrors type: list: elementType: scalar: string - elementRelationship: atomic - - name: id + elementRelationship: associative + - name: source type: - list: - elementType: - scalar: string - elementRelationship: atomic + scalar: string + default: "" +- name: com.github.openshift.api.config.v1.ImageLabel + map: + fields: - name: name type: - list: - elementType: - scalar: string - elementRelationship: atomic - - name: preferredUsername + scalar: string + default: "" + - name: value type: - list: - elementType: - scalar: string - elementRelationship: atomic -- name: com.github.openshift.api.config.v1.LDAPIdentityProvider + scalar: string +- name: com.github.openshift.api.config.v1.ImagePolicy map: fields: - - name: attributes + - name: apiVersion type: - namedType: com.github.openshift.api.config.v1.LDAPAttributeMapping - default: {} - - name: bindDN + scalar: string + - name: kind type: scalar: string - default: "" - - name: bindPassword + - name: metadata type: - namedType: com.github.openshift.api.config.v1.SecretNameReference + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io default: {} - - name: ca + - name: spec type: - namedType: com.github.openshift.api.config.v1.ConfigMapNameReference + namedType: com.github.openshift.api.config.v1.ImagePolicySpec default: {} - - name: insecure + - name: status type: - scalar: boolean - default: false - - name: url + namedType: com.github.openshift.api.config.v1.ImagePolicyStatus + default: {} +- name: com.github.openshift.api.config.v1.ImagePolicyFulcioCAWithRekorRootOfTrust + map: + fields: + - name: fulcioCAData type: scalar: string - default: "" -- name: com.github.openshift.api.config.v1.LoadBalancer + - name: fulcioSubject + type: + namedType: com.github.openshift.api.config.v1.PolicyFulcioSubject + default: {} + - name: rekorKeyData + type: + scalar: string +- name: com.github.openshift.api.config.v1.ImagePolicyPKIRootOfTrust map: fields: - - name: platform + - name: caIntermediatesData type: - namedType: com.github.openshift.api.config.v1.IngressPlatformSpec + scalar: string + - name: caRootsData + type: + scalar: string + - name: pkiCertificateSubject + type: + namedType: com.github.openshift.api.config.v1.PKICertificateSubject default: {} -- name: com.github.openshift.api.config.v1.MTUMigration +- name: com.github.openshift.api.config.v1.ImagePolicyPublicKeyRootOfTrust map: fields: - - name: machine + - name: keyData type: - namedType: com.github.openshift.api.config.v1.MTUMigrationValues - - name: network + scalar: string + - name: rekorKeyData type: - namedType: com.github.openshift.api.config.v1.MTUMigrationValues -- name: com.github.openshift.api.config.v1.MTUMigrationValues + scalar: string +- name: com.github.openshift.api.config.v1.ImagePolicySpec map: fields: - - name: from + - name: policy type: - scalar: numeric - - name: to + namedType: com.github.openshift.api.config.v1.ImageSigstoreVerificationPolicy + default: {} + - name: scopes type: - scalar: numeric -- name: com.github.openshift.api.config.v1.MaxAgePolicy + list: + elementType: + scalar: string + elementRelationship: associative +- name: com.github.openshift.api.config.v1.ImagePolicyStatus map: fields: - - name: largestMaxAge - type: - scalar: numeric - - name: smallestMaxAge + - name: conditions type: - scalar: numeric -- name: com.github.openshift.api.config.v1.ModernTLSProfile - map: - elementType: - scalar: untyped - list: - elementType: - namedType: __untyped_atomic_ - elementRelationship: atomic - map: - elementType: - namedType: __untyped_deduced_ - elementRelationship: separable -- name: com.github.openshift.api.config.v1.Network + list: + elementType: + namedType: Condition.v1.meta.apis.pkg.apimachinery.k8s.io + elementRelationship: associative + keys: + - type +- name: com.github.openshift.api.config.v1.ImageSigstoreVerificationPolicy map: fields: - - name: apiVersion - type: - scalar: string - - name: kind - type: - scalar: string - - name: metadata - type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta - default: {} - - name: spec + - name: rootOfTrust type: - namedType: com.github.openshift.api.config.v1.NetworkSpec + namedType: com.github.openshift.api.config.v1.PolicyRootOfTrust default: {} - - name: status + - name: signedIdentity type: - namedType: com.github.openshift.api.config.v1.NetworkStatus - default: {} -- name: com.github.openshift.api.config.v1.NetworkDiagnostics + namedType: com.github.openshift.api.config.v1.PolicyIdentity +- name: com.github.openshift.api.config.v1.ImageSpec map: fields: - - name: mode - type: - scalar: string - default: "" - - name: sourcePlacement - type: - namedType: com.github.openshift.api.config.v1.NetworkDiagnosticsSourcePlacement - default: {} - - name: targetPlacement + - name: additionalTrustedCA type: - namedType: com.github.openshift.api.config.v1.NetworkDiagnosticsTargetPlacement + namedType: com.github.openshift.api.config.v1.ConfigMapNameReference default: {} -- name: com.github.openshift.api.config.v1.NetworkDiagnosticsSourcePlacement - map: - fields: - - name: nodeSelector + - name: allowedRegistriesForImport type: - map: + list: elementType: - scalar: string - - name: tolerations + namedType: com.github.openshift.api.config.v1.RegistryLocation + elementRelationship: atomic + - name: externalRegistryHostnames type: list: elementType: - namedType: io.k8s.api.core.v1.Toleration + scalar: string elementRelationship: atomic -- name: com.github.openshift.api.config.v1.NetworkDiagnosticsTargetPlacement + - name: imageStreamImportMode + type: + scalar: string + default: "" + - name: registrySources + type: + namedType: com.github.openshift.api.config.v1.RegistrySources + default: {} +- name: com.github.openshift.api.config.v1.ImageStatus map: fields: - - name: nodeSelector - type: - map: - elementType: - scalar: string - - name: tolerations + - name: externalRegistryHostnames type: list: elementType: - namedType: io.k8s.api.core.v1.Toleration + scalar: string elementRelationship: atomic -- name: com.github.openshift.api.config.v1.NetworkMigration - map: - fields: - - name: mtu + - name: imageStreamImportMode type: - namedType: com.github.openshift.api.config.v1.MTUMigration - - name: networkType + scalar: string + - name: internalRegistryHostname type: scalar: string -- name: com.github.openshift.api.config.v1.NetworkSpec +- name: com.github.openshift.api.config.v1.ImageTagMirrorSet map: fields: - - name: clusterNetwork + - name: apiVersion type: - list: - elementType: - namedType: com.github.openshift.api.config.v1.ClusterNetworkEntry - elementRelationship: atomic - - name: externalIP + scalar: string + - name: kind type: - namedType: com.github.openshift.api.config.v1.ExternalIPConfig - - name: networkDiagnostics + scalar: string + - name: metadata type: - namedType: com.github.openshift.api.config.v1.NetworkDiagnostics + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io default: {} - - name: networkType - type: - scalar: string - default: "" - - name: serviceNetwork + - name: spec type: - list: - elementType: - scalar: string - elementRelationship: atomic - - name: serviceNodePortRange + namedType: com.github.openshift.api.config.v1.ImageTagMirrorSetSpec + default: {} + - name: status type: - scalar: string -- name: com.github.openshift.api.config.v1.NetworkStatus + namedType: com.github.openshift.api.config.v1.ImageTagMirrorSetStatus + default: {} +- name: com.github.openshift.api.config.v1.ImageTagMirrorSetSpec map: fields: - - name: clusterNetwork + - name: imageTagMirrors type: list: elementType: - namedType: com.github.openshift.api.config.v1.ClusterNetworkEntry + namedType: com.github.openshift.api.config.v1.ImageTagMirrors elementRelationship: atomic - - name: clusterNetworkMTU +- name: com.github.openshift.api.config.v1.ImageTagMirrorSetStatus + map: + elementType: + scalar: untyped + list: + elementType: + namedType: __untyped_atomic_ + elementRelationship: atomic + map: + elementType: + namedType: __untyped_deduced_ + elementRelationship: separable +- name: com.github.openshift.api.config.v1.ImageTagMirrors + map: + fields: + - name: mirrorSourcePolicy type: - scalar: numeric - - name: conditions + scalar: string + - name: mirrors type: list: elementType: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Condition + scalar: string elementRelationship: associative - keys: - - type - - name: migration - type: - namedType: com.github.openshift.api.config.v1.NetworkMigration - - name: networkType + - name: source type: scalar: string - - name: serviceNetwork - type: - list: - elementType: - scalar: string - elementRelationship: atomic -- name: com.github.openshift.api.config.v1.Node + default: "" +- name: com.github.openshift.api.config.v1.Infrastructure map: fields: - name: apiVersion @@ -2456,161 +2541,145 @@ var schemaYAML = typed.YAMLObject(`types: scalar: string - name: metadata type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io default: {} - name: spec type: - namedType: com.github.openshift.api.config.v1.NodeSpec + namedType: com.github.openshift.api.config.v1.InfrastructureSpec default: {} - name: status type: - namedType: com.github.openshift.api.config.v1.NodeStatus + namedType: com.github.openshift.api.config.v1.InfrastructureStatus default: {} -- name: com.github.openshift.api.config.v1.NodeSpec +- name: com.github.openshift.api.config.v1.InfrastructureSpec map: fields: - - name: cgroupMode + - name: cloudConfig + type: + namedType: com.github.openshift.api.config.v1.ConfigMapFileReference + default: {} + - name: platformSpec + type: + namedType: com.github.openshift.api.config.v1.PlatformSpec + default: {} +- name: com.github.openshift.api.config.v1.InfrastructureStatus + map: + fields: + - name: apiServerInternalURI type: scalar: string - - name: minimumKubeletVersion + default: "" + - name: apiServerURL type: scalar: string default: "" - - name: workerLatencyProfile + - name: controlPlaneTopology type: scalar: string -- name: com.github.openshift.api.config.v1.NodeStatus - map: - fields: - - name: conditions + default: "" + - name: cpuPartitioning type: - list: - elementType: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Condition - elementRelationship: associative - keys: - - type -- name: com.github.openshift.api.config.v1.NutanixFailureDomain - map: - fields: - - name: cluster + scalar: string + default: None + - name: etcdDiscoveryDomain type: - namedType: com.github.openshift.api.config.v1.NutanixResourceIdentifier - default: {} - - name: name + scalar: string + default: "" + - name: infrastructureName type: scalar: string default: "" - - name: subnets + - name: infrastructureTopology type: - list: - elementType: - namedType: com.github.openshift.api.config.v1.NutanixResourceIdentifier - elementRelationship: atomic -- name: com.github.openshift.api.config.v1.NutanixPlatformLoadBalancer - map: - fields: - - name: type + scalar: string + - name: platform type: scalar: string - default: OpenShiftManagedDefault - unions: - - discriminator: type -- name: com.github.openshift.api.config.v1.NutanixPlatformSpec + - name: platformStatus + type: + namedType: com.github.openshift.api.config.v1.PlatformStatus +- name: com.github.openshift.api.config.v1.Ingress map: fields: - - name: failureDomains + - name: apiVersion type: - list: - elementType: - namedType: com.github.openshift.api.config.v1.NutanixFailureDomain - elementRelationship: associative - keys: - - name - - name: prismCentral + scalar: string + - name: kind type: - namedType: com.github.openshift.api.config.v1.NutanixPrismEndpoint + scalar: string + - name: metadata + type: + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io default: {} - - name: prismElements + - name: spec type: - list: - elementType: - namedType: com.github.openshift.api.config.v1.NutanixPrismElementEndpoint - elementRelationship: associative - keys: - - name -- name: com.github.openshift.api.config.v1.NutanixPlatformStatus + namedType: com.github.openshift.api.config.v1.IngressSpec + default: {} + - name: status + type: + namedType: com.github.openshift.api.config.v1.IngressStatus + default: {} +- name: com.github.openshift.api.config.v1.IngressPlatformSpec map: fields: - - name: apiServerInternalIP - type: - scalar: string - - name: apiServerInternalIPs + - name: aws type: - list: - elementType: - scalar: string - elementRelationship: associative - - name: dnsRecordsType + namedType: com.github.openshift.api.config.v1.AWSIngressSpec + - name: type type: scalar: string - - name: ingressIP + default: "" + unions: + - discriminator: type + fields: + - fieldName: aws + discriminatorValue: AWS +- name: com.github.openshift.api.config.v1.IngressSpec + map: + fields: + - name: appsDomain type: scalar: string - - name: ingressIPs + - name: componentRoutes type: list: elementType: - scalar: string + namedType: com.github.openshift.api.config.v1.ComponentRouteSpec elementRelationship: associative - - name: loadBalancer - type: - namedType: com.github.openshift.api.config.v1.NutanixPlatformLoadBalancer - default: - type: OpenShiftManagedDefault -- name: com.github.openshift.api.config.v1.NutanixPrismElementEndpoint - map: - fields: - - name: endpoint - type: - namedType: com.github.openshift.api.config.v1.NutanixPrismEndpoint - default: {} - - name: name + keys: + - namespace + - name + - name: domain type: scalar: string default: "" -- name: com.github.openshift.api.config.v1.NutanixPrismEndpoint - map: - fields: - - name: address + - name: loadBalancer type: - scalar: string - default: "" - - name: port + namedType: com.github.openshift.api.config.v1.LoadBalancer + default: {} + - name: requiredHSTSPolicies type: - scalar: numeric - default: 0 -- name: com.github.openshift.api.config.v1.NutanixResourceIdentifier + list: + elementType: + namedType: com.github.openshift.api.config.v1.RequiredHSTSPolicy + elementRelationship: atomic +- name: com.github.openshift.api.config.v1.IngressStatus map: fields: - - name: name + - name: componentRoutes type: - scalar: string - - name: type + list: + elementType: + namedType: com.github.openshift.api.config.v1.ComponentRouteStatus + elementRelationship: associative + keys: + - namespace + - name + - name: defaultPlacement type: scalar: string default: "" - - name: uuid - type: - scalar: string - unions: - - discriminator: type - fields: - - fieldName: name - discriminatorValue: Name - - fieldName: uuid - discriminatorValue: UUID -- name: com.github.openshift.api.config.v1.OAuth +- name: com.github.openshift.api.config.v1.InsightsDataGather map: fields: - name: apiVersion @@ -2621,34 +2690,20 @@ var schemaYAML = typed.YAMLObject(`types: scalar: string - name: metadata type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io default: {} - name: spec type: - namedType: com.github.openshift.api.config.v1.OAuthSpec - default: {} - - name: status - type: - namedType: com.github.openshift.api.config.v1.OAuthStatus + namedType: com.github.openshift.api.config.v1.InsightsDataGatherSpec default: {} -- name: com.github.openshift.api.config.v1.OAuthSpec +- name: com.github.openshift.api.config.v1.InsightsDataGatherSpec map: fields: - - name: identityProviders - type: - list: - elementType: - namedType: com.github.openshift.api.config.v1.IdentityProvider - elementRelationship: atomic - - name: templates - type: - namedType: com.github.openshift.api.config.v1.OAuthTemplates - default: {} - - name: tokenConfig + - name: gatherConfig type: - namedType: com.github.openshift.api.config.v1.TokenConfig + namedType: com.github.openshift.api.config.v1.GatherConfig default: {} -- name: com.github.openshift.api.config.v1.OAuthStatus +- name: com.github.openshift.api.config.v1.IntermediateTLSProfile map: elementType: scalar: untyped @@ -2660,152 +2715,154 @@ var schemaYAML = typed.YAMLObject(`types: elementType: namedType: __untyped_deduced_ elementRelationship: separable -- name: com.github.openshift.api.config.v1.OAuthTemplates +- name: com.github.openshift.api.config.v1.KMSConfig map: fields: - - name: error - type: - namedType: com.github.openshift.api.config.v1.SecretNameReference - default: {} - - name: login + - name: aws type: - namedType: com.github.openshift.api.config.v1.SecretNameReference - default: {} - - name: providerSelection + namedType: com.github.openshift.api.config.v1.AWSKMSConfig + - name: type type: - namedType: com.github.openshift.api.config.v1.SecretNameReference - default: {} -- name: com.github.openshift.api.config.v1.OIDCClientConfig + scalar: string + default: "" + unions: + - discriminator: type + fields: + - fieldName: aws + discriminatorValue: AWS +- name: com.github.openshift.api.config.v1.KeystoneIdentityProvider map: fields: - - name: clientID + - name: ca + type: + namedType: com.github.openshift.api.config.v1.ConfigMapNameReference + default: {} + - name: domainName type: scalar: string default: "" - - name: clientSecret + - name: tlsClientCert type: namedType: com.github.openshift.api.config.v1.SecretNameReference default: {} - - name: componentName + - name: tlsClientKey type: - scalar: string - default: "" - - name: componentNamespace + namedType: com.github.openshift.api.config.v1.SecretNameReference + default: {} + - name: url type: scalar: string default: "" - - name: extraScopes - type: - list: - elementType: - scalar: string - elementRelationship: associative -- name: com.github.openshift.api.config.v1.OIDCClientReference +- name: com.github.openshift.api.config.v1.KubevirtPlatformSpec + map: + elementType: + scalar: untyped + list: + elementType: + namedType: __untyped_atomic_ + elementRelationship: atomic + map: + elementType: + namedType: __untyped_deduced_ + elementRelationship: separable +- name: com.github.openshift.api.config.v1.KubevirtPlatformStatus map: fields: - - name: clientID - type: - scalar: string - default: "" - - name: issuerURL + - name: apiServerInternalIP type: scalar: string - default: "" - - name: oidcProviderName + - name: ingressIP type: scalar: string - default: "" -- name: com.github.openshift.api.config.v1.OIDCClientStatus +- name: com.github.openshift.api.config.v1.LDAPAttributeMapping map: fields: - - name: componentName - type: - scalar: string - default: "" - - name: componentNamespace + - name: email type: - scalar: string - default: "" - - name: conditions + list: + elementType: + scalar: string + elementRelationship: atomic + - name: id type: list: elementType: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Condition - elementRelationship: associative - keys: - - type - - name: consumingUsers + scalar: string + elementRelationship: atomic + - name: name type: list: elementType: scalar: string - elementRelationship: associative - - name: currentOIDCClients + elementRelationship: atomic + - name: preferredUsername type: list: elementType: - namedType: com.github.openshift.api.config.v1.OIDCClientReference - elementRelationship: associative - keys: - - issuerURL - - clientID -- name: com.github.openshift.api.config.v1.OIDCProvider + scalar: string + elementRelationship: atomic +- name: com.github.openshift.api.config.v1.LDAPIdentityProvider map: fields: - - name: claimMappings + - name: attributes type: - namedType: com.github.openshift.api.config.v1.TokenClaimMappings + namedType: com.github.openshift.api.config.v1.LDAPAttributeMapping default: {} - - name: claimValidationRules + - name: bindDN type: - list: - elementType: - namedType: com.github.openshift.api.config.v1.TokenClaimValidationRule - elementRelationship: atomic - - name: issuer + scalar: string + default: "" + - name: bindPassword type: - namedType: com.github.openshift.api.config.v1.TokenIssuer + namedType: com.github.openshift.api.config.v1.SecretNameReference default: {} - - name: name + - name: ca + type: + namedType: com.github.openshift.api.config.v1.ConfigMapNameReference + default: {} + - name: insecure + type: + scalar: boolean + default: false + - name: url type: scalar: string default: "" - - name: oidcClients +- name: com.github.openshift.api.config.v1.LoadBalancer + map: + fields: + - name: platform type: - list: - elementType: - namedType: com.github.openshift.api.config.v1.OIDCClientConfig - elementRelationship: associative - keys: - - componentNamespace - - componentName - - name: userValidationRules + namedType: com.github.openshift.api.config.v1.IngressPlatformSpec + default: {} +- name: com.github.openshift.api.config.v1.MTUMigration + map: + fields: + - name: machine type: - list: - elementType: - namedType: com.github.openshift.api.config.v1.TokenUserValidationRule - elementRelationship: associative - keys: - - expression -- name: com.github.openshift.api.config.v1.ObjectReference + namedType: com.github.openshift.api.config.v1.MTUMigrationValues + - name: network + type: + namedType: com.github.openshift.api.config.v1.MTUMigrationValues +- name: com.github.openshift.api.config.v1.MTUMigrationValues map: fields: - - name: group + - name: from type: - scalar: string - default: "" - - name: name + scalar: numeric + - name: to type: - scalar: string - default: "" - - name: namespace + scalar: numeric +- name: com.github.openshift.api.config.v1.MaxAgePolicy + map: + fields: + - name: largestMaxAge type: - scalar: string - - name: resource + scalar: numeric + - name: smallestMaxAge type: - scalar: string - default: "" -- name: com.github.openshift.api.config.v1.OldTLSProfile + scalar: numeric +- name: com.github.openshift.api.config.v1.ModernTLSProfile map: elementType: scalar: untyped @@ -2817,150 +2874,141 @@ var schemaYAML = typed.YAMLObject(`types: elementType: namedType: __untyped_deduced_ elementRelationship: separable -- name: com.github.openshift.api.config.v1.OpenIDClaims +- name: com.github.openshift.api.config.v1.Network map: fields: - - name: email - type: - list: - elementType: - scalar: string - elementRelationship: atomic - - name: groups + - name: apiVersion type: - list: - elementType: - scalar: string - elementRelationship: atomic - - name: name + scalar: string + - name: kind type: - list: - elementType: - scalar: string - elementRelationship: atomic - - name: preferredUsername + scalar: string + - name: metadata type: - list: - elementType: - scalar: string - elementRelationship: atomic -- name: com.github.openshift.api.config.v1.OpenIDIdentityProvider - map: - fields: - - name: ca + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io + default: {} + - name: spec type: - namedType: com.github.openshift.api.config.v1.ConfigMapNameReference + namedType: com.github.openshift.api.config.v1.NetworkSpec default: {} - - name: claims + - name: status type: - namedType: com.github.openshift.api.config.v1.OpenIDClaims + namedType: com.github.openshift.api.config.v1.NetworkStatus default: {} - - name: clientID +- name: com.github.openshift.api.config.v1.NetworkDiagnostics + map: + fields: + - name: mode type: scalar: string default: "" - - name: clientSecret + - name: sourcePlacement type: - namedType: com.github.openshift.api.config.v1.SecretNameReference + namedType: com.github.openshift.api.config.v1.NetworkDiagnosticsSourcePlacement default: {} - - name: extraAuthorizeParameters + - name: targetPlacement + type: + namedType: com.github.openshift.api.config.v1.NetworkDiagnosticsTargetPlacement + default: {} +- name: com.github.openshift.api.config.v1.NetworkDiagnosticsSourcePlacement + map: + fields: + - name: nodeSelector type: map: elementType: scalar: string - - name: extraScopes + - name: tolerations type: list: elementType: - scalar: string + namedType: Toleration.v1.core.api.k8s.io elementRelationship: atomic - - name: issuer - type: - scalar: string - default: "" -- name: com.github.openshift.api.config.v1.OpenStackPlatformLoadBalancer - map: - fields: - - name: type - type: - scalar: string - default: OpenShiftManagedDefault - unions: - - discriminator: type -- name: com.github.openshift.api.config.v1.OpenStackPlatformSpec +- name: com.github.openshift.api.config.v1.NetworkDiagnosticsTargetPlacement map: fields: - - name: apiServerInternalIPs - type: - list: - elementType: - scalar: string - elementRelationship: atomic - - name: ingressIPs + - name: nodeSelector type: - list: + map: elementType: scalar: string - elementRelationship: atomic - - name: machineNetworks + - name: tolerations type: list: elementType: - scalar: string + namedType: Toleration.v1.core.api.k8s.io elementRelationship: atomic -- name: com.github.openshift.api.config.v1.OpenStackPlatformStatus +- name: com.github.openshift.api.config.v1.NetworkMigration map: fields: - - name: apiServerInternalIP + - name: mtu + type: + namedType: com.github.openshift.api.config.v1.MTUMigration + - name: networkType type: scalar: string - - name: apiServerInternalIPs +- name: com.github.openshift.api.config.v1.NetworkSpec + map: + fields: + - name: clusterNetwork type: list: elementType: - scalar: string + namedType: com.github.openshift.api.config.v1.ClusterNetworkEntry elementRelationship: atomic - - name: cloudName + - name: externalIP type: - scalar: string - - name: dnsRecordsType + namedType: com.github.openshift.api.config.v1.ExternalIPConfig + - name: networkDiagnostics type: - scalar: string - - name: ingressIP + namedType: com.github.openshift.api.config.v1.NetworkDiagnostics + default: {} + - name: networkType type: scalar: string - - name: ingressIPs + default: "" + - name: serviceNetwork type: list: elementType: scalar: string elementRelationship: atomic - - name: loadBalancer + - name: serviceNodePortRange type: - namedType: com.github.openshift.api.config.v1.OpenStackPlatformLoadBalancer - default: - type: OpenShiftManagedDefault - - name: machineNetworks + scalar: string +- name: com.github.openshift.api.config.v1.NetworkStatus + map: + fields: + - name: clusterNetwork type: list: elementType: - scalar: string + namedType: com.github.openshift.api.config.v1.ClusterNetworkEntry elementRelationship: atomic - - name: nodeDNSIP + - name: clusterNetworkMTU type: - scalar: string -- name: com.github.openshift.api.config.v1.OperandVersion - map: - fields: - - name: name + scalar: numeric + - name: conditions type: - scalar: string - default: "" - - name: version + list: + elementType: + namedType: Condition.v1.meta.apis.pkg.apimachinery.k8s.io + elementRelationship: associative + keys: + - type + - name: migration + type: + namedType: com.github.openshift.api.config.v1.NetworkMigration + - name: networkType type: scalar: string - default: "" -- name: com.github.openshift.api.config.v1.OperatorHub + - name: serviceNetwork + type: + list: + elementType: + scalar: string + elementRelationship: atomic +- name: com.github.openshift.api.config.v1.Node map: fields: - name: apiVersion @@ -2971,38 +3019,58 @@ var schemaYAML = typed.YAMLObject(`types: scalar: string - name: metadata type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io default: {} - name: spec type: - namedType: com.github.openshift.api.config.v1.OperatorHubSpec + namedType: com.github.openshift.api.config.v1.NodeSpec default: {} - name: status type: - namedType: com.github.openshift.api.config.v1.OperatorHubStatus + namedType: com.github.openshift.api.config.v1.NodeStatus default: {} -- name: com.github.openshift.api.config.v1.OperatorHubSpec +- name: com.github.openshift.api.config.v1.NodeSpec map: fields: - - name: disableAllDefaultSources + - name: cgroupMode type: - scalar: boolean - - name: sources + scalar: string + - name: minimumKubeletVersion + type: + scalar: string + default: "" + - name: workerLatencyProfile + type: + scalar: string +- name: com.github.openshift.api.config.v1.NodeStatus + map: + fields: + - name: conditions type: list: elementType: - namedType: com.github.openshift.api.config.v1.HubSource - elementRelationship: atomic -- name: com.github.openshift.api.config.v1.OperatorHubStatus + namedType: Condition.v1.meta.apis.pkg.apimachinery.k8s.io + elementRelationship: associative + keys: + - type +- name: com.github.openshift.api.config.v1.NutanixFailureDomain map: fields: - - name: sources + - name: cluster + type: + namedType: com.github.openshift.api.config.v1.NutanixResourceIdentifier + default: {} + - name: name + type: + scalar: string + default: "" + - name: subnets type: list: elementType: - namedType: com.github.openshift.api.config.v1.HubSourceStatus + namedType: com.github.openshift.api.config.v1.NutanixResourceIdentifier elementRelationship: atomic -- name: com.github.openshift.api.config.v1.OvirtPlatformLoadBalancer +- name: com.github.openshift.api.config.v1.NutanixPlatformLoadBalancer map: fields: - name: type @@ -3011,19 +3079,30 @@ var schemaYAML = typed.YAMLObject(`types: default: OpenShiftManagedDefault unions: - discriminator: type -- name: com.github.openshift.api.config.v1.OvirtPlatformSpec +- name: com.github.openshift.api.config.v1.NutanixPlatformSpec map: - elementType: - scalar: untyped - list: - elementType: - namedType: __untyped_atomic_ - elementRelationship: atomic - map: - elementType: - namedType: __untyped_deduced_ - elementRelationship: separable -- name: com.github.openshift.api.config.v1.OvirtPlatformStatus + fields: + - name: failureDomains + type: + list: + elementType: + namedType: com.github.openshift.api.config.v1.NutanixFailureDomain + elementRelationship: associative + keys: + - name + - name: prismCentral + type: + namedType: com.github.openshift.api.config.v1.NutanixPrismEndpoint + default: {} + - name: prismElements + type: + list: + elementType: + namedType: com.github.openshift.api.config.v1.NutanixPrismElementEndpoint + elementRelationship: associative + keys: + - name +- name: com.github.openshift.api.config.v1.NutanixPlatformStatus map: fields: - name: apiServerInternalIP @@ -3049,279 +3128,402 @@ var schemaYAML = typed.YAMLObject(`types: elementRelationship: associative - name: loadBalancer type: - namedType: com.github.openshift.api.config.v1.OvirtPlatformLoadBalancer + namedType: com.github.openshift.api.config.v1.NutanixPlatformLoadBalancer default: type: OpenShiftManagedDefault - - name: nodeDNSIP +- name: com.github.openshift.api.config.v1.NutanixPrismElementEndpoint + map: + fields: + - name: endpoint + type: + namedType: com.github.openshift.api.config.v1.NutanixPrismEndpoint + default: {} + - name: name type: scalar: string -- name: com.github.openshift.api.config.v1.PKICertificateSubject + default: "" +- name: com.github.openshift.api.config.v1.NutanixPrismEndpoint map: fields: - - name: email + - name: address type: scalar: string - - name: hostname + default: "" + - name: port type: - scalar: string -- name: com.github.openshift.api.config.v1.PersistentVolumeClaimReference + scalar: numeric + default: 0 +- name: com.github.openshift.api.config.v1.NutanixResourceIdentifier map: fields: - name: name type: scalar: string -- name: com.github.openshift.api.config.v1.PersistentVolumeConfig - map: - fields: - - name: claim + - name: type type: - namedType: com.github.openshift.api.config.v1.PersistentVolumeClaimReference - default: {} - - name: mountPath + scalar: string + default: "" + - name: uuid type: scalar: string -- name: com.github.openshift.api.config.v1.PlatformSpec + unions: + - discriminator: type + fields: + - fieldName: name + discriminatorValue: Name + - fieldName: uuid + discriminatorValue: UUID +- name: com.github.openshift.api.config.v1.OAuth map: fields: - - name: alibabaCloud + - name: apiVersion type: - namedType: com.github.openshift.api.config.v1.AlibabaCloudPlatformSpec - - name: aws + scalar: string + - name: kind type: - namedType: com.github.openshift.api.config.v1.AWSPlatformSpec - - name: azure + scalar: string + - name: metadata type: - namedType: com.github.openshift.api.config.v1.AzurePlatformSpec - - name: baremetal + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io + default: {} + - name: spec type: - namedType: com.github.openshift.api.config.v1.BareMetalPlatformSpec - - name: equinixMetal + namedType: com.github.openshift.api.config.v1.OAuthSpec + default: {} + - name: status type: - namedType: com.github.openshift.api.config.v1.EquinixMetalPlatformSpec - - name: external + namedType: com.github.openshift.api.config.v1.OAuthStatus + default: {} +- name: com.github.openshift.api.config.v1.OAuthSpec + map: + fields: + - name: identityProviders type: - namedType: com.github.openshift.api.config.v1.ExternalPlatformSpec - - name: gcp + list: + elementType: + namedType: com.github.openshift.api.config.v1.IdentityProvider + elementRelationship: atomic + - name: templates type: - namedType: com.github.openshift.api.config.v1.GCPPlatformSpec - - name: ibmcloud + namedType: com.github.openshift.api.config.v1.OAuthTemplates + default: {} + - name: tokenConfig type: - namedType: com.github.openshift.api.config.v1.IBMCloudPlatformSpec - - name: kubevirt + namedType: com.github.openshift.api.config.v1.TokenConfig + default: {} +- name: com.github.openshift.api.config.v1.OAuthStatus + map: + elementType: + scalar: untyped + list: + elementType: + namedType: __untyped_atomic_ + elementRelationship: atomic + map: + elementType: + namedType: __untyped_deduced_ + elementRelationship: separable +- name: com.github.openshift.api.config.v1.OAuthTemplates + map: + fields: + - name: error type: - namedType: com.github.openshift.api.config.v1.KubevirtPlatformSpec - - name: nutanix + namedType: com.github.openshift.api.config.v1.SecretNameReference + default: {} + - name: login type: - namedType: com.github.openshift.api.config.v1.NutanixPlatformSpec - - name: openstack + namedType: com.github.openshift.api.config.v1.SecretNameReference + default: {} + - name: providerSelection type: - namedType: com.github.openshift.api.config.v1.OpenStackPlatformSpec - - name: ovirt + namedType: com.github.openshift.api.config.v1.SecretNameReference + default: {} +- name: com.github.openshift.api.config.v1.OIDCClientConfig + map: + fields: + - name: clientID type: - namedType: com.github.openshift.api.config.v1.OvirtPlatformSpec - - name: powervs + scalar: string + default: "" + - name: clientSecret type: - namedType: com.github.openshift.api.config.v1.PowerVSPlatformSpec - - name: type + namedType: com.github.openshift.api.config.v1.SecretNameReference + default: {} + - name: componentName type: scalar: string default: "" - - name: vsphere + - name: componentNamespace type: - namedType: com.github.openshift.api.config.v1.VSpherePlatformSpec -- name: com.github.openshift.api.config.v1.PlatformStatus + scalar: string + default: "" + - name: extraScopes + type: + list: + elementType: + scalar: string + elementRelationship: associative +- name: com.github.openshift.api.config.v1.OIDCClientReference map: fields: - - name: alibabaCloud - type: - namedType: com.github.openshift.api.config.v1.AlibabaCloudPlatformStatus - - name: aws - type: - namedType: com.github.openshift.api.config.v1.AWSPlatformStatus - - name: azure - type: - namedType: com.github.openshift.api.config.v1.AzurePlatformStatus - - name: baremetal - type: - namedType: com.github.openshift.api.config.v1.BareMetalPlatformStatus - - name: equinixMetal - type: - namedType: com.github.openshift.api.config.v1.EquinixMetalPlatformStatus - - name: external - type: - namedType: com.github.openshift.api.config.v1.ExternalPlatformStatus - - name: gcp - type: - namedType: com.github.openshift.api.config.v1.GCPPlatformStatus - - name: ibmcloud - type: - namedType: com.github.openshift.api.config.v1.IBMCloudPlatformStatus - - name: kubevirt - type: - namedType: com.github.openshift.api.config.v1.KubevirtPlatformStatus - - name: nutanix - type: - namedType: com.github.openshift.api.config.v1.NutanixPlatformStatus - - name: openstack - type: - namedType: com.github.openshift.api.config.v1.OpenStackPlatformStatus - - name: ovirt - type: - namedType: com.github.openshift.api.config.v1.OvirtPlatformStatus - - name: powervs + - name: clientID type: - namedType: com.github.openshift.api.config.v1.PowerVSPlatformStatus - - name: type + scalar: string + default: "" + - name: issuerURL type: scalar: string default: "" - - name: vsphere + - name: oidcProviderName type: - namedType: com.github.openshift.api.config.v1.VSpherePlatformStatus -- name: com.github.openshift.api.config.v1.PolicyFulcioSubject + scalar: string + default: "" +- name: com.github.openshift.api.config.v1.OIDCClientStatus map: fields: - - name: oidcIssuer + - name: componentName type: scalar: string default: "" - - name: signedEmail + - name: componentNamespace type: scalar: string default: "" -- name: com.github.openshift.api.config.v1.PolicyIdentity - map: + - name: conditions + type: + list: + elementType: + namedType: Condition.v1.meta.apis.pkg.apimachinery.k8s.io + elementRelationship: associative + keys: + - type + - name: consumingUsers + type: + list: + elementType: + scalar: string + elementRelationship: associative + - name: currentOIDCClients + type: + list: + elementType: + namedType: com.github.openshift.api.config.v1.OIDCClientReference + elementRelationship: associative + keys: + - issuerURL + - clientID +- name: com.github.openshift.api.config.v1.OIDCProvider + map: fields: - - name: exactRepository + - name: claimMappings type: - namedType: com.github.openshift.api.config.v1.PolicyMatchExactRepository - - name: matchPolicy + namedType: com.github.openshift.api.config.v1.TokenClaimMappings + default: {} + - name: claimValidationRules + type: + list: + elementType: + namedType: com.github.openshift.api.config.v1.TokenClaimValidationRule + elementRelationship: atomic + - name: issuer + type: + namedType: com.github.openshift.api.config.v1.TokenIssuer + default: {} + - name: name type: scalar: string default: "" - - name: remapIdentity + - name: oidcClients type: - namedType: com.github.openshift.api.config.v1.PolicyMatchRemapIdentity - unions: - - discriminator: matchPolicy - fields: - - fieldName: exactRepository - discriminatorValue: PolicyMatchExactRepository - - fieldName: remapIdentity - discriminatorValue: PolicyMatchRemapIdentity -- name: com.github.openshift.api.config.v1.PolicyMatchExactRepository + list: + elementType: + namedType: com.github.openshift.api.config.v1.OIDCClientConfig + elementRelationship: associative + keys: + - componentNamespace + - componentName + - name: userValidationRules + type: + list: + elementType: + namedType: com.github.openshift.api.config.v1.TokenUserValidationRule + elementRelationship: associative + keys: + - expression +- name: com.github.openshift.api.config.v1.ObjectReference map: fields: - - name: repository + - name: group type: scalar: string default: "" -- name: com.github.openshift.api.config.v1.PolicyMatchRemapIdentity - map: - fields: - - name: prefix + - name: name type: scalar: string default: "" - - name: signedPrefix + - name: namespace + type: + scalar: string + - name: resource type: scalar: string default: "" -- name: com.github.openshift.api.config.v1.PolicyRootOfTrust +- name: com.github.openshift.api.config.v1.OldTLSProfile + map: + elementType: + scalar: untyped + list: + elementType: + namedType: __untyped_atomic_ + elementRelationship: atomic + map: + elementType: + namedType: __untyped_deduced_ + elementRelationship: separable +- name: com.github.openshift.api.config.v1.OpenIDClaims map: fields: - - name: fulcioCAWithRekor + - name: email type: - namedType: com.github.openshift.api.config.v1.ImagePolicyFulcioCAWithRekorRootOfTrust - - name: pki + list: + elementType: + scalar: string + elementRelationship: atomic + - name: groups type: - namedType: com.github.openshift.api.config.v1.ImagePolicyPKIRootOfTrust - - name: policyType + list: + elementType: + scalar: string + elementRelationship: atomic + - name: name + type: + list: + elementType: + scalar: string + elementRelationship: atomic + - name: preferredUsername + type: + list: + elementType: + scalar: string + elementRelationship: atomic +- name: com.github.openshift.api.config.v1.OpenIDIdentityProvider + map: + fields: + - name: ca + type: + namedType: com.github.openshift.api.config.v1.ConfigMapNameReference + default: {} + - name: claims + type: + namedType: com.github.openshift.api.config.v1.OpenIDClaims + default: {} + - name: clientID type: scalar: string default: "" - - name: publicKey + - name: clientSecret type: - namedType: com.github.openshift.api.config.v1.ImagePolicyPublicKeyRootOfTrust + namedType: com.github.openshift.api.config.v1.SecretNameReference + default: {} + - name: extraAuthorizeParameters + type: + map: + elementType: + scalar: string + - name: extraScopes + type: + list: + elementType: + scalar: string + elementRelationship: atomic + - name: issuer + type: + scalar: string + default: "" +- name: com.github.openshift.api.config.v1.OpenStackPlatformLoadBalancer + map: + fields: + - name: type + type: + scalar: string + default: OpenShiftManagedDefault unions: - - discriminator: policyType - fields: - - fieldName: fulcioCAWithRekor - discriminatorValue: FulcioCAWithRekor - - fieldName: pki - discriminatorValue: PKI - - fieldName: publicKey - discriminatorValue: PublicKey -- name: com.github.openshift.api.config.v1.PowerVSPlatformSpec + - discriminator: type +- name: com.github.openshift.api.config.v1.OpenStackPlatformSpec map: fields: - - name: serviceEndpoints + - name: apiServerInternalIPs type: list: elementType: - namedType: com.github.openshift.api.config.v1.PowerVSServiceEndpoint - elementRelationship: associative - keys: - - name -- name: com.github.openshift.api.config.v1.PowerVSPlatformStatus + scalar: string + elementRelationship: atomic + - name: ingressIPs + type: + list: + elementType: + scalar: string + elementRelationship: atomic + - name: machineNetworks + type: + list: + elementType: + scalar: string + elementRelationship: atomic +- name: com.github.openshift.api.config.v1.OpenStackPlatformStatus map: fields: - - name: cisInstanceCRN + - name: apiServerInternalIP type: scalar: string - - name: dnsInstanceCRN + - name: apiServerInternalIPs + type: + list: + elementType: + scalar: string + elementRelationship: atomic + - name: cloudName type: scalar: string - - name: region + - name: dnsRecordsType type: scalar: string - default: "" - - name: resourceGroup + - name: ingressIP type: scalar: string - default: "" - - name: serviceEndpoints + - name: ingressIPs type: list: elementType: - namedType: com.github.openshift.api.config.v1.PowerVSServiceEndpoint - elementRelationship: associative - keys: - - name - - name: zone + scalar: string + elementRelationship: atomic + - name: loadBalancer type: - scalar: string - default: "" -- name: com.github.openshift.api.config.v1.PowerVSServiceEndpoint - map: - fields: - - name: name + namedType: com.github.openshift.api.config.v1.OpenStackPlatformLoadBalancer + default: + type: OpenShiftManagedDefault + - name: machineNetworks type: - scalar: string - default: "" - - name: url + list: + elementType: + scalar: string + elementRelationship: atomic + - name: nodeDNSIP type: scalar: string - default: "" -- name: com.github.openshift.api.config.v1.PrefixedClaimMapping +- name: com.github.openshift.api.config.v1.OperandVersion map: fields: - - name: claim - type: - scalar: string - default: "" - - name: prefix + - name: name type: scalar: string default: "" -- name: com.github.openshift.api.config.v1.ProfileCustomizations - map: - fields: - - name: dynamicResourceAllocation + - name: version type: scalar: string default: "" -- name: com.github.openshift.api.config.v1.Project +- name: com.github.openshift.api.config.v1.OperatorHub map: fields: - name: apiVersion @@ -3332,28 +3534,47 @@ var schemaYAML = typed.YAMLObject(`types: scalar: string - name: metadata type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io default: {} - name: spec type: - namedType: com.github.openshift.api.config.v1.ProjectSpec + namedType: com.github.openshift.api.config.v1.OperatorHubSpec default: {} - name: status type: - namedType: com.github.openshift.api.config.v1.ProjectStatus + namedType: com.github.openshift.api.config.v1.OperatorHubStatus default: {} -- name: com.github.openshift.api.config.v1.ProjectSpec +- name: com.github.openshift.api.config.v1.OperatorHubSpec map: fields: - - name: projectRequestMessage + - name: disableAllDefaultSources type: - scalar: string - default: "" - - name: projectRequestTemplate + scalar: boolean + - name: sources type: - namedType: com.github.openshift.api.config.v1.TemplateReference - default: {} -- name: com.github.openshift.api.config.v1.ProjectStatus + list: + elementType: + namedType: com.github.openshift.api.config.v1.HubSource + elementRelationship: atomic +- name: com.github.openshift.api.config.v1.OperatorHubStatus + map: + fields: + - name: sources + type: + list: + elementType: + namedType: com.github.openshift.api.config.v1.HubSourceStatus + elementRelationship: atomic +- name: com.github.openshift.api.config.v1.OvirtPlatformLoadBalancer + map: + fields: + - name: type + type: + scalar: string + default: OpenShiftManagedDefault + unions: + - discriminator: type +- name: com.github.openshift.api.config.v1.OvirtPlatformSpec map: elementType: scalar: untyped @@ -3365,212 +3586,308 @@ var schemaYAML = typed.YAMLObject(`types: elementType: namedType: __untyped_deduced_ elementRelationship: separable -- name: com.github.openshift.api.config.v1.PromQLClusterCondition +- name: com.github.openshift.api.config.v1.OvirtPlatformStatus map: fields: - - name: promql + - name: apiServerInternalIP type: scalar: string - default: "" -- name: com.github.openshift.api.config.v1.Proxy - map: - fields: - - name: apiVersion + - name: apiServerInternalIPs + type: + list: + elementType: + scalar: string + elementRelationship: associative + - name: dnsRecordsType type: scalar: string - - name: kind + - name: ingressIP type: scalar: string - - name: metadata + - name: ingressIPs type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta - default: {} - - name: spec + list: + elementType: + scalar: string + elementRelationship: associative + - name: loadBalancer type: - namedType: com.github.openshift.api.config.v1.ProxySpec - default: {} - - name: status + namedType: com.github.openshift.api.config.v1.OvirtPlatformLoadBalancer + default: + type: OpenShiftManagedDefault + - name: nodeDNSIP type: - namedType: com.github.openshift.api.config.v1.ProxyStatus - default: {} -- name: com.github.openshift.api.config.v1.ProxySpec + scalar: string +- name: com.github.openshift.api.config.v1.PKICertificateSubject map: fields: - - name: httpProxy - type: - scalar: string - - name: httpsProxy + - name: email type: scalar: string - - name: noProxy + - name: hostname type: scalar: string - - name: readinessEndpoints - type: - list: - elementType: - scalar: string - elementRelationship: atomic - - name: trustedCA - type: - namedType: com.github.openshift.api.config.v1.ConfigMapNameReference - default: {} -- name: com.github.openshift.api.config.v1.ProxyStatus +- name: com.github.openshift.api.config.v1.PersistentVolumeClaimReference map: fields: - - name: httpProxy + - name: name type: scalar: string - - name: httpsProxy +- name: com.github.openshift.api.config.v1.PersistentVolumeConfig + map: + fields: + - name: claim type: - scalar: string - - name: noProxy + namedType: com.github.openshift.api.config.v1.PersistentVolumeClaimReference + default: {} + - name: mountPath type: scalar: string -- name: com.github.openshift.api.config.v1.RegistryLocation +- name: com.github.openshift.api.config.v1.PlatformSpec map: fields: - - name: domainName + - name: alibabaCloud + type: + namedType: com.github.openshift.api.config.v1.AlibabaCloudPlatformSpec + - name: aws + type: + namedType: com.github.openshift.api.config.v1.AWSPlatformSpec + - name: azure + type: + namedType: com.github.openshift.api.config.v1.AzurePlatformSpec + - name: baremetal + type: + namedType: com.github.openshift.api.config.v1.BareMetalPlatformSpec + - name: equinixMetal + type: + namedType: com.github.openshift.api.config.v1.EquinixMetalPlatformSpec + - name: external + type: + namedType: com.github.openshift.api.config.v1.ExternalPlatformSpec + - name: gcp + type: + namedType: com.github.openshift.api.config.v1.GCPPlatformSpec + - name: ibmcloud + type: + namedType: com.github.openshift.api.config.v1.IBMCloudPlatformSpec + - name: kubevirt + type: + namedType: com.github.openshift.api.config.v1.KubevirtPlatformSpec + - name: nutanix + type: + namedType: com.github.openshift.api.config.v1.NutanixPlatformSpec + - name: openstack + type: + namedType: com.github.openshift.api.config.v1.OpenStackPlatformSpec + - name: ovirt + type: + namedType: com.github.openshift.api.config.v1.OvirtPlatformSpec + - name: powervs + type: + namedType: com.github.openshift.api.config.v1.PowerVSPlatformSpec + - name: type type: scalar: string default: "" - - name: insecure + - name: vsphere type: - scalar: boolean -- name: com.github.openshift.api.config.v1.RegistrySources + namedType: com.github.openshift.api.config.v1.VSpherePlatformSpec +- name: com.github.openshift.api.config.v1.PlatformStatus map: fields: - - name: allowedRegistries + - name: alibabaCloud type: - list: - elementType: - scalar: string - elementRelationship: atomic - - name: blockedRegistries + namedType: com.github.openshift.api.config.v1.AlibabaCloudPlatformStatus + - name: aws type: - list: - elementType: - scalar: string - elementRelationship: atomic - - name: containerRuntimeSearchRegistries + namedType: com.github.openshift.api.config.v1.AWSPlatformStatus + - name: azure type: - list: - elementType: - scalar: string - elementRelationship: associative - - name: insecureRegistries + namedType: com.github.openshift.api.config.v1.AzurePlatformStatus + - name: baremetal type: - list: - elementType: - scalar: string - elementRelationship: atomic -- name: com.github.openshift.api.config.v1.Release - map: - fields: - - name: architecture + namedType: com.github.openshift.api.config.v1.BareMetalPlatformStatus + - name: equinixMetal type: - scalar: string - - name: channels + namedType: com.github.openshift.api.config.v1.EquinixMetalPlatformStatus + - name: external type: - list: - elementType: - scalar: string - elementRelationship: associative - - name: image + namedType: com.github.openshift.api.config.v1.ExternalPlatformStatus + - name: gcp type: - scalar: string - default: "" - - name: url + namedType: com.github.openshift.api.config.v1.GCPPlatformStatus + - name: ibmcloud type: - scalar: string - - name: version + namedType: com.github.openshift.api.config.v1.IBMCloudPlatformStatus + - name: kubevirt + type: + namedType: com.github.openshift.api.config.v1.KubevirtPlatformStatus + - name: nutanix + type: + namedType: com.github.openshift.api.config.v1.NutanixPlatformStatus + - name: openstack + type: + namedType: com.github.openshift.api.config.v1.OpenStackPlatformStatus + - name: ovirt + type: + namedType: com.github.openshift.api.config.v1.OvirtPlatformStatus + - name: powervs + type: + namedType: com.github.openshift.api.config.v1.PowerVSPlatformStatus + - name: type type: scalar: string default: "" -- name: com.github.openshift.api.config.v1.RepositoryDigestMirrors + - name: vsphere + type: + namedType: com.github.openshift.api.config.v1.VSpherePlatformStatus +- name: com.github.openshift.api.config.v1.PolicyFulcioSubject map: fields: - - name: allowMirrorByTags - type: - scalar: boolean - - name: mirrors + - name: oidcIssuer type: - list: - elementType: - scalar: string - elementRelationship: associative - - name: source + scalar: string + default: "" + - name: signedEmail type: scalar: string default: "" -- name: com.github.openshift.api.config.v1.RequestHeaderIdentityProvider +- name: com.github.openshift.api.config.v1.PolicyIdentity map: fields: - - name: ca + - name: exactRepository type: - namedType: com.github.openshift.api.config.v1.ConfigMapNameReference - default: {} - - name: challengeURL + namedType: com.github.openshift.api.config.v1.PolicyMatchExactRepository + - name: matchPolicy type: scalar: string default: "" - - name: clientCommonNames + - name: remapIdentity type: - list: - elementType: - scalar: string - elementRelationship: atomic - - name: emailHeaders + namedType: com.github.openshift.api.config.v1.PolicyMatchRemapIdentity + unions: + - discriminator: matchPolicy + fields: + - fieldName: exactRepository + discriminatorValue: PolicyMatchExactRepository + - fieldName: remapIdentity + discriminatorValue: PolicyMatchRemapIdentity +- name: com.github.openshift.api.config.v1.PolicyMatchExactRepository + map: + fields: + - name: repository type: - list: - elementType: - scalar: string - elementRelationship: atomic - - name: headers + scalar: string + default: "" +- name: com.github.openshift.api.config.v1.PolicyMatchRemapIdentity + map: + fields: + - name: prefix type: - list: - elementType: - scalar: string - elementRelationship: atomic - - name: loginURL + scalar: string + default: "" + - name: signedPrefix type: scalar: string default: "" - - name: nameHeaders +- name: com.github.openshift.api.config.v1.PolicyRootOfTrust + map: + fields: + - name: fulcioCAWithRekor type: - list: - elementType: - scalar: string - elementRelationship: atomic - - name: preferredUsernameHeaders + namedType: com.github.openshift.api.config.v1.ImagePolicyFulcioCAWithRekorRootOfTrust + - name: pki + type: + namedType: com.github.openshift.api.config.v1.ImagePolicyPKIRootOfTrust + - name: policyType + type: + scalar: string + default: "" + - name: publicKey + type: + namedType: com.github.openshift.api.config.v1.ImagePolicyPublicKeyRootOfTrust + unions: + - discriminator: policyType + fields: + - fieldName: fulcioCAWithRekor + discriminatorValue: FulcioCAWithRekor + - fieldName: pki + discriminatorValue: PKI + - fieldName: publicKey + discriminatorValue: PublicKey +- name: com.github.openshift.api.config.v1.PowerVSPlatformSpec + map: + fields: + - name: serviceEndpoints type: list: elementType: - scalar: string - elementRelationship: atomic -- name: com.github.openshift.api.config.v1.RequiredHSTSPolicy + namedType: com.github.openshift.api.config.v1.PowerVSServiceEndpoint + elementRelationship: associative + keys: + - name +- name: com.github.openshift.api.config.v1.PowerVSPlatformStatus map: fields: - - name: domainPatterns + - name: cisInstanceCRN + type: + scalar: string + - name: dnsInstanceCRN + type: + scalar: string + - name: region + type: + scalar: string + default: "" + - name: resourceGroup + type: + scalar: string + default: "" + - name: serviceEndpoints type: list: elementType: - scalar: string - elementRelationship: atomic - - name: includeSubDomainsPolicy + namedType: com.github.openshift.api.config.v1.PowerVSServiceEndpoint + elementRelationship: associative + keys: + - name + - name: zone type: scalar: string - - name: maxAge + default: "" +- name: com.github.openshift.api.config.v1.PowerVSServiceEndpoint + map: + fields: + - name: name type: - namedType: com.github.openshift.api.config.v1.MaxAgePolicy - default: {} - - name: namespaceSelector + scalar: string + default: "" + - name: url type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector - - name: preloadPolicy + scalar: string + default: "" +- name: com.github.openshift.api.config.v1.PrefixedClaimMapping + map: + fields: + - name: claim type: scalar: string -- name: com.github.openshift.api.config.v1.Scheduler + default: "" + - name: expression + type: + scalar: string + - name: prefix + type: + scalar: string + default: "" +- name: com.github.openshift.api.config.v1.ProfileCustomizations + map: + fields: + - name: dynamicResourceAllocation + type: + scalar: string + default: "" +- name: com.github.openshift.api.config.v1.Project map: fields: - name: apiVersion @@ -3581,38 +3898,28 @@ var schemaYAML = typed.YAMLObject(`types: scalar: string - name: metadata type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io default: {} - name: spec type: - namedType: com.github.openshift.api.config.v1.SchedulerSpec + namedType: com.github.openshift.api.config.v1.ProjectSpec default: {} - name: status type: - namedType: com.github.openshift.api.config.v1.SchedulerStatus + namedType: com.github.openshift.api.config.v1.ProjectStatus default: {} -- name: com.github.openshift.api.config.v1.SchedulerSpec +- name: com.github.openshift.api.config.v1.ProjectSpec map: fields: - - name: defaultNodeSelector - type: - scalar: string - - name: mastersSchedulable - type: - scalar: boolean - default: false - - name: policy - type: - namedType: com.github.openshift.api.config.v1.ConfigMapNameReference - default: {} - - name: profile + - name: projectRequestMessage type: scalar: string - - name: profileCustomizations + default: "" + - name: projectRequestTemplate type: - namedType: com.github.openshift.api.config.v1.ProfileCustomizations + namedType: com.github.openshift.api.config.v1.TemplateReference default: {} -- name: com.github.openshift.api.config.v1.SchedulerStatus +- name: com.github.openshift.api.config.v1.ProjectStatus map: elementType: scalar: untyped @@ -3624,921 +3931,812 @@ var schemaYAML = typed.YAMLObject(`types: elementType: namedType: __untyped_deduced_ elementRelationship: separable -- name: com.github.openshift.api.config.v1.SecretNameReference +- name: com.github.openshift.api.config.v1.PromQLClusterCondition map: fields: - - name: name + - name: promql type: scalar: string default: "" -- name: com.github.openshift.api.config.v1.SignatureStore +- name: com.github.openshift.api.config.v1.Proxy map: fields: - - name: ca + - name: apiVersion type: - namedType: com.github.openshift.api.config.v1.ConfigMapNameReference - default: {} - - name: url + scalar: string + - name: kind type: scalar: string - default: "" -- name: com.github.openshift.api.config.v1.Storage - map: - fields: - - name: persistentVolume + - name: metadata type: - namedType: com.github.openshift.api.config.v1.PersistentVolumeConfig + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io default: {} - - name: type + - name: spec type: - scalar: string - unions: - - discriminator: type - fields: - - fieldName: persistentVolume - discriminatorValue: PersistentVolume -- name: com.github.openshift.api.config.v1.TLSSecurityProfile + namedType: com.github.openshift.api.config.v1.ProxySpec + default: {} + - name: status + type: + namedType: com.github.openshift.api.config.v1.ProxyStatus + default: {} +- name: com.github.openshift.api.config.v1.ProxySpec map: fields: - - name: custom + - name: httpProxy type: - namedType: com.github.openshift.api.config.v1.CustomTLSProfile - - name: intermediate + scalar: string + - name: httpsProxy type: - namedType: com.github.openshift.api.config.v1.IntermediateTLSProfile - - name: modern + scalar: string + - name: noProxy type: - namedType: com.github.openshift.api.config.v1.ModernTLSProfile - - name: old + scalar: string + - name: readinessEndpoints type: - namedType: com.github.openshift.api.config.v1.OldTLSProfile - - name: type + list: + elementType: + scalar: string + elementRelationship: atomic + - name: trustedCA + type: + namedType: com.github.openshift.api.config.v1.ConfigMapNameReference + default: {} +- name: com.github.openshift.api.config.v1.ProxyStatus + map: + fields: + - name: httpProxy type: scalar: string - default: "" - unions: - - discriminator: type - fields: - - fieldName: custom - discriminatorValue: Custom - - fieldName: intermediate - discriminatorValue: Intermediate - - fieldName: modern - discriminatorValue: Modern - - fieldName: old - discriminatorValue: Old -- name: com.github.openshift.api.config.v1.TemplateReference + - name: httpsProxy + type: + scalar: string + - name: noProxy + type: + scalar: string +- name: com.github.openshift.api.config.v1.RegistryLocation map: fields: - - name: name + - name: domainName type: scalar: string default: "" -- name: com.github.openshift.api.config.v1.TokenClaimMappings + - name: insecure + type: + scalar: boolean +- name: com.github.openshift.api.config.v1.RegistrySources map: fields: - - name: extra + - name: allowedRegistries type: list: elementType: - namedType: com.github.openshift.api.config.v1.ExtraMapping - elementRelationship: associative - keys: - - key - - name: groups + scalar: string + elementRelationship: atomic + - name: blockedRegistries type: - namedType: com.github.openshift.api.config.v1.PrefixedClaimMapping - default: {} - - name: uid + list: + elementType: + scalar: string + elementRelationship: atomic + - name: containerRuntimeSearchRegistries type: - namedType: com.github.openshift.api.config.v1.TokenClaimOrExpressionMapping - - name: username + list: + elementType: + scalar: string + elementRelationship: associative + - name: insecureRegistries type: - namedType: com.github.openshift.api.config.v1.UsernameClaimMapping - default: {} -- name: com.github.openshift.api.config.v1.TokenClaimOrExpressionMapping + list: + elementType: + scalar: string + elementRelationship: atomic +- name: com.github.openshift.api.config.v1.Release map: fields: - - name: claim + - name: architecture type: scalar: string - - name: expression + - name: channels type: - scalar: string -- name: com.github.openshift.api.config.v1.TokenClaimValidationCELRule - map: - fields: - - name: expression + list: + elementType: + scalar: string + elementRelationship: associative + - name: image type: scalar: string - - name: message + default: "" + - name: url type: scalar: string -- name: com.github.openshift.api.config.v1.TokenClaimValidationRule - map: - fields: - - name: cel - type: - namedType: com.github.openshift.api.config.v1.TokenClaimValidationCELRule - default: {} - - name: requiredClaim - type: - namedType: com.github.openshift.api.config.v1.TokenRequiredClaim - - name: type + - name: version type: scalar: string default: "" -- name: com.github.openshift.api.config.v1.TokenConfig +- name: com.github.openshift.api.config.v1.RepositoryDigestMirrors map: fields: - - name: accessTokenInactivityTimeout - type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Duration - - name: accessTokenInactivityTimeoutSeconds - type: - scalar: numeric - - name: accessTokenMaxAgeSeconds + - name: allowMirrorByTags type: - scalar: numeric -- name: com.github.openshift.api.config.v1.TokenIssuer - map: - fields: - - name: audiences + scalar: boolean + - name: mirrors type: list: elementType: scalar: string elementRelationship: associative - - name: discoveryURL + - name: source type: scalar: string - - name: issuerCertificateAuthority + default: "" +- name: com.github.openshift.api.config.v1.RequestHeaderIdentityProvider + map: + fields: + - name: ca type: namedType: com.github.openshift.api.config.v1.ConfigMapNameReference default: {} - - name: issuerURL + - name: challengeURL type: scalar: string default: "" -- name: com.github.openshift.api.config.v1.TokenRequiredClaim - map: - fields: - - name: claim + - name: clientCommonNames type: - scalar: string - default: "" - - name: requiredValue + list: + elementType: + scalar: string + elementRelationship: atomic + - name: emailHeaders + type: + list: + elementType: + scalar: string + elementRelationship: atomic + - name: headers + type: + list: + elementType: + scalar: string + elementRelationship: atomic + - name: loginURL type: scalar: string default: "" -- name: com.github.openshift.api.config.v1.TokenUserValidationRule - map: - fields: - - name: expression + - name: nameHeaders type: - scalar: string - - name: message + list: + elementType: + scalar: string + elementRelationship: atomic + - name: preferredUsernameHeaders type: - scalar: string -- name: com.github.openshift.api.config.v1.Update + list: + elementType: + scalar: string + elementRelationship: atomic +- name: com.github.openshift.api.config.v1.RequiredHSTSPolicy map: fields: - - name: acceptRisks + - name: domainPatterns type: list: elementType: - namedType: com.github.openshift.api.config.v1.AcceptRisk - elementRelationship: associative - keys: - - name - - name: architecture + scalar: string + elementRelationship: atomic + - name: includeSubDomainsPolicy type: scalar: string - default: "" - - name: force + - name: maxAge type: - scalar: boolean - default: false - - name: image + namedType: com.github.openshift.api.config.v1.MaxAgePolicy + default: {} + - name: namespaceSelector type: - scalar: string - default: "" - - name: version + namedType: LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io + - name: preloadPolicy type: scalar: string - default: "" -- name: com.github.openshift.api.config.v1.UpdateHistory +- name: com.github.openshift.api.config.v1.Scheduler map: fields: - - name: acceptedRisks + - name: apiVersion type: scalar: string - - name: completionTime - type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Time - - name: image + - name: kind type: scalar: string - default: "" - - name: startedTime - type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Time - - name: state + - name: metadata type: - scalar: string - default: "" - - name: verified + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io + default: {} + - name: spec type: - scalar: boolean - default: false - - name: version + namedType: com.github.openshift.api.config.v1.SchedulerSpec + default: {} + - name: status type: - scalar: string - default: "" -- name: com.github.openshift.api.config.v1.UsernameClaimMapping + namedType: com.github.openshift.api.config.v1.SchedulerStatus + default: {} +- name: com.github.openshift.api.config.v1.SchedulerSpec map: fields: - - name: claim + - name: defaultNodeSelector type: scalar: string - default: "" - - name: prefix + - name: mastersSchedulable type: - namedType: com.github.openshift.api.config.v1.UsernamePrefix - - name: prefixPolicy + scalar: boolean + default: false + - name: policy + type: + namedType: com.github.openshift.api.config.v1.ConfigMapNameReference + default: {} + - name: profile type: scalar: string - default: "" - unions: - - discriminator: prefixPolicy - fields: - - fieldName: claim - discriminatorValue: Claim - - fieldName: prefix - discriminatorValue: Prefix -- name: com.github.openshift.api.config.v1.UsernamePrefix + - name: profileCustomizations + type: + namedType: com.github.openshift.api.config.v1.ProfileCustomizations + default: {} +- name: com.github.openshift.api.config.v1.SchedulerStatus + map: + elementType: + scalar: untyped + list: + elementType: + namedType: __untyped_atomic_ + elementRelationship: atomic + map: + elementType: + namedType: __untyped_deduced_ + elementRelationship: separable +- name: com.github.openshift.api.config.v1.SecretNameReference map: fields: - - name: prefixString + - name: name type: scalar: string default: "" -- name: com.github.openshift.api.config.v1.VSphereFailureDomainHostGroup +- name: com.github.openshift.api.config.v1.SignatureStore map: fields: - - name: hostGroup - type: - scalar: string - default: "" - - name: vmGroup + - name: ca type: - scalar: string - default: "" - - name: vmHostRule + namedType: com.github.openshift.api.config.v1.ConfigMapNameReference + default: {} + - name: url type: scalar: string default: "" -- name: com.github.openshift.api.config.v1.VSphereFailureDomainRegionAffinity +- name: com.github.openshift.api.config.v1.Storage map: fields: + - name: persistentVolume + type: + namedType: com.github.openshift.api.config.v1.PersistentVolumeConfig + default: {} - name: type type: scalar: string - default: "" unions: - discriminator: type -- name: com.github.openshift.api.config.v1.VSphereFailureDomainZoneAffinity + fields: + - fieldName: persistentVolume + discriminatorValue: PersistentVolume +- name: com.github.openshift.api.config.v1.TLSSecurityProfile map: fields: - - name: hostGroup + - name: custom type: - namedType: com.github.openshift.api.config.v1.VSphereFailureDomainHostGroup - - name: type + namedType: com.github.openshift.api.config.v1.CustomTLSProfile + - name: intermediate type: - scalar: string + namedType: com.github.openshift.api.config.v1.IntermediateTLSProfile + - name: modern + type: + namedType: com.github.openshift.api.config.v1.ModernTLSProfile + - name: old + type: + namedType: com.github.openshift.api.config.v1.OldTLSProfile + - name: type + type: + scalar: string default: "" unions: - discriminator: type fields: - - fieldName: hostGroup - discriminatorValue: HostGroup -- name: com.github.openshift.api.config.v1.VSpherePlatformFailureDomainSpec + - fieldName: custom + discriminatorValue: Custom + - fieldName: intermediate + discriminatorValue: Intermediate + - fieldName: modern + discriminatorValue: Modern + - fieldName: old + discriminatorValue: Old +- name: com.github.openshift.api.config.v1.TemplateReference map: fields: - name: name type: scalar: string default: "" - - name: region +- name: com.github.openshift.api.config.v1.TokenClaimMappings + map: + fields: + - name: extra type: - scalar: string - default: "" - - name: regionAffinity + list: + elementType: + namedType: com.github.openshift.api.config.v1.ExtraMapping + elementRelationship: associative + keys: + - key + - name: groups type: - namedType: com.github.openshift.api.config.v1.VSphereFailureDomainRegionAffinity - - name: server + namedType: com.github.openshift.api.config.v1.PrefixedClaimMapping + default: {} + - name: uid type: - scalar: string - default: "" - - name: topology + namedType: com.github.openshift.api.config.v1.TokenClaimOrExpressionMapping + - name: username type: - namedType: com.github.openshift.api.config.v1.VSpherePlatformTopology + namedType: com.github.openshift.api.config.v1.UsernameClaimMapping default: {} - - name: zone +- name: com.github.openshift.api.config.v1.TokenClaimOrExpressionMapping + map: + fields: + - name: claim type: scalar: string - default: "" - - name: zoneAffinity + - name: expression type: - namedType: com.github.openshift.api.config.v1.VSphereFailureDomainZoneAffinity -- name: com.github.openshift.api.config.v1.VSpherePlatformLoadBalancer + scalar: string +- name: com.github.openshift.api.config.v1.TokenClaimValidationCELRule map: fields: - - name: type + - name: expression type: scalar: string - default: OpenShiftManagedDefault - unions: - - discriminator: type -- name: com.github.openshift.api.config.v1.VSpherePlatformNodeNetworking + - name: message + type: + scalar: string +- name: com.github.openshift.api.config.v1.TokenClaimValidationRule map: fields: - - name: external + - name: cel type: - namedType: com.github.openshift.api.config.v1.VSpherePlatformNodeNetworkingSpec + namedType: com.github.openshift.api.config.v1.TokenClaimValidationCELRule default: {} - - name: internal + - name: requiredClaim type: - namedType: com.github.openshift.api.config.v1.VSpherePlatformNodeNetworkingSpec - default: {} -- name: com.github.openshift.api.config.v1.VSpherePlatformNodeNetworkingSpec + namedType: com.github.openshift.api.config.v1.TokenRequiredClaim + - name: type + type: + scalar: string + default: "" +- name: com.github.openshift.api.config.v1.TokenConfig map: fields: - - name: excludeNetworkSubnetCidr + - name: accessTokenInactivityTimeout type: - list: - elementType: - scalar: string - elementRelationship: atomic - - name: network + namedType: Duration.v1.meta.apis.pkg.apimachinery.k8s.io + - name: accessTokenInactivityTimeoutSeconds type: - scalar: string - - name: networkSubnetCidr + scalar: numeric + - name: accessTokenMaxAgeSeconds type: - list: - elementType: - scalar: string - elementRelationship: associative -- name: com.github.openshift.api.config.v1.VSpherePlatformSpec + scalar: numeric +- name: com.github.openshift.api.config.v1.TokenIssuer map: fields: - - name: apiServerInternalIPs + - name: audiences type: list: elementType: scalar: string - elementRelationship: atomic - - name: failureDomains - type: - list: - elementType: - namedType: com.github.openshift.api.config.v1.VSpherePlatformFailureDomainSpec elementRelationship: associative - keys: - - name - - name: ingressIPs - type: - list: - elementType: - scalar: string - elementRelationship: atomic - - name: machineNetworks + - name: discoveryURL type: - list: - elementType: - scalar: string - elementRelationship: atomic - - name: nodeNetworking + scalar: string + - name: issuerCertificateAuthority type: - namedType: com.github.openshift.api.config.v1.VSpherePlatformNodeNetworking + namedType: com.github.openshift.api.config.v1.ConfigMapNameReference default: {} - - name: vcenters + - name: issuerURL type: - list: - elementType: - namedType: com.github.openshift.api.config.v1.VSpherePlatformVCenterSpec - elementRelationship: atomic -- name: com.github.openshift.api.config.v1.VSpherePlatformStatus + scalar: string + default: "" +- name: com.github.openshift.api.config.v1.TokenRequiredClaim map: fields: - - name: apiServerInternalIP + - name: claim type: scalar: string - - name: apiServerInternalIPs + default: "" + - name: requiredValue type: - list: - elementType: - scalar: string - elementRelationship: atomic - - name: dnsRecordsType + scalar: string + default: "" +- name: com.github.openshift.api.config.v1.TokenUserValidationRule + map: + fields: + - name: expression type: scalar: string - - name: ingressIP + - name: message type: scalar: string - - name: ingressIPs +- name: com.github.openshift.api.config.v1.Update + map: + fields: + - name: acceptRisks type: list: elementType: - scalar: string - elementRelationship: atomic - - name: loadBalancer + namedType: com.github.openshift.api.config.v1.AcceptRisk + elementRelationship: associative + keys: + - name + - name: architecture type: - namedType: com.github.openshift.api.config.v1.VSpherePlatformLoadBalancer - default: - type: OpenShiftManagedDefault - - name: machineNetworks + scalar: string + default: "" + - name: force type: - list: - elementType: - scalar: string - elementRelationship: atomic - - name: nodeDNSIP + scalar: boolean + default: false + - name: image type: scalar: string -- name: com.github.openshift.api.config.v1.VSpherePlatformTopology - map: - fields: - - name: computeCluster + default: "" + - name: mode type: scalar: string - default: "" - - name: datacenter + - name: version type: scalar: string default: "" - - name: datastore +- name: com.github.openshift.api.config.v1.UpdateHistory + map: + fields: + - name: acceptedRisks type: scalar: string - default: "" - - name: folder + - name: completionTime + type: + namedType: Time.v1.meta.apis.pkg.apimachinery.k8s.io + - name: image type: scalar: string - - name: networks + default: "" + - name: startedTime type: - list: - elementType: - scalar: string - elementRelationship: atomic - - name: resourcePool + namedType: Time.v1.meta.apis.pkg.apimachinery.k8s.io + - name: state type: scalar: string - - name: template + default: "" + - name: verified + type: + scalar: boolean + default: false + - name: version type: scalar: string -- name: com.github.openshift.api.config.v1.VSpherePlatformVCenterSpec + default: "" +- name: com.github.openshift.api.config.v1.UsernameClaimMapping map: fields: - - name: datacenters + - name: claim type: - list: - elementType: - scalar: string - elementRelationship: associative - - name: port + scalar: string + - name: expression type: - scalar: numeric - - name: server + scalar: string + - name: prefix + type: + namedType: com.github.openshift.api.config.v1.UsernamePrefix + - name: prefixPolicy type: scalar: string default: "" -- name: com.github.openshift.api.config.v1.WebhookTokenAuthenticator - map: - fields: - - name: kubeConfig - type: - namedType: com.github.openshift.api.config.v1.SecretNameReference - default: {} -- name: com.github.openshift.api.config.v1alpha1.AlertmanagerConfig + unions: + - discriminator: prefixPolicy + fields: + - fieldName: claim + discriminatorValue: Claim + - fieldName: expression + discriminatorValue: Expression + - fieldName: prefix + discriminatorValue: Prefix +- name: com.github.openshift.api.config.v1.UsernamePrefix map: fields: - - name: customConfig - type: - namedType: com.github.openshift.api.config.v1alpha1.AlertmanagerCustomConfig - default: {} - - name: deploymentMode + - name: prefixString type: scalar: string -- name: com.github.openshift.api.config.v1alpha1.AlertmanagerCustomConfig + default: "" +- name: com.github.openshift.api.config.v1.VSphereFailureDomainHostGroup map: fields: - - name: logLevel + - name: hostGroup type: scalar: string - - name: nodeSelector - type: - map: - elementType: - scalar: string - - name: resources - type: - list: - elementType: - namedType: com.github.openshift.api.config.v1alpha1.ContainerResource - elementRelationship: associative - keys: - - name - - name: secrets - type: - list: - elementType: - scalar: string - elementRelationship: associative - - name: tolerations - type: - list: - elementType: - namedType: io.k8s.api.core.v1.Toleration - elementRelationship: atomic - - name: topologySpreadConstraints + default: "" + - name: vmGroup type: - list: - elementType: - namedType: io.k8s.api.core.v1.TopologySpreadConstraint - elementRelationship: associative - keys: - - topologyKey - - whenUnsatisfiable - - name: volumeClaimTemplate + scalar: string + default: "" + - name: vmHostRule type: - namedType: io.k8s.api.core.v1.PersistentVolumeClaim -- name: com.github.openshift.api.config.v1alpha1.Audit + scalar: string + default: "" +- name: com.github.openshift.api.config.v1.VSphereFailureDomainRegionAffinity map: fields: - - name: profile + - name: type type: scalar: string -- name: com.github.openshift.api.config.v1alpha1.Backup + default: "" + unions: + - discriminator: type +- name: com.github.openshift.api.config.v1.VSphereFailureDomainZoneAffinity map: fields: - - name: apiVersion + - name: hostGroup type: - scalar: string - - name: kind + namedType: com.github.openshift.api.config.v1.VSphereFailureDomainHostGroup + - name: type type: scalar: string - - name: metadata - type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta - default: {} - - name: spec - type: - namedType: com.github.openshift.api.config.v1alpha1.BackupSpec - default: {} - - name: status - type: - namedType: com.github.openshift.api.config.v1alpha1.BackupStatus - default: {} -- name: com.github.openshift.api.config.v1alpha1.BackupSpec + default: "" + unions: + - discriminator: type + fields: + - fieldName: hostGroup + discriminatorValue: HostGroup +- name: com.github.openshift.api.config.v1.VSpherePlatformFailureDomainSpec map: fields: - - name: etcd + - name: name type: - namedType: com.github.openshift.api.config.v1alpha1.EtcdBackupSpec - default: {} -- name: com.github.openshift.api.config.v1alpha1.BackupStatus - map: - elementType: - scalar: untyped - list: - elementType: - namedType: __untyped_atomic_ - elementRelationship: atomic - map: - elementType: - namedType: __untyped_deduced_ - elementRelationship: separable -- name: com.github.openshift.api.config.v1alpha1.CRIOCredentialProviderConfig - map: - fields: - - name: apiVersion + scalar: string + default: "" + - name: region type: scalar: string - - name: kind + default: "" + - name: regionAffinity + type: + namedType: com.github.openshift.api.config.v1.VSphereFailureDomainRegionAffinity + - name: server type: scalar: string - - name: metadata + default: "" + - name: topology type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + namedType: com.github.openshift.api.config.v1.VSpherePlatformTopology default: {} - - name: spec - type: - namedType: com.github.openshift.api.config.v1alpha1.CRIOCredentialProviderConfigSpec - - name: status + - name: zone type: - namedType: com.github.openshift.api.config.v1alpha1.CRIOCredentialProviderConfigStatus - default: {} -- name: com.github.openshift.api.config.v1alpha1.CRIOCredentialProviderConfigSpec - map: - fields: - - name: matchImages + scalar: string + default: "" + - name: zoneAffinity type: - list: - elementType: - scalar: string - elementRelationship: associative -- name: com.github.openshift.api.config.v1alpha1.CRIOCredentialProviderConfigStatus + namedType: com.github.openshift.api.config.v1.VSphereFailureDomainZoneAffinity +- name: com.github.openshift.api.config.v1.VSpherePlatformLoadBalancer map: fields: - - name: conditions + - name: type type: - list: - elementType: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Condition - elementRelationship: associative - keys: - - type -- name: com.github.openshift.api.config.v1alpha1.ClusterImagePolicy + scalar: string + default: OpenShiftManagedDefault + unions: + - discriminator: type +- name: com.github.openshift.api.config.v1.VSpherePlatformNodeNetworking map: fields: - - name: apiVersion - type: - scalar: string - - name: kind - type: - scalar: string - - name: metadata - type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta - default: {} - - name: spec + - name: external type: - namedType: com.github.openshift.api.config.v1alpha1.ClusterImagePolicySpec + namedType: com.github.openshift.api.config.v1.VSpherePlatformNodeNetworkingSpec default: {} - - name: status + - name: internal type: - namedType: com.github.openshift.api.config.v1alpha1.ClusterImagePolicyStatus + namedType: com.github.openshift.api.config.v1.VSpherePlatformNodeNetworkingSpec default: {} -- name: com.github.openshift.api.config.v1alpha1.ClusterImagePolicySpec +- name: com.github.openshift.api.config.v1.VSpherePlatformNodeNetworkingSpec map: fields: - - name: policy + - name: excludeNetworkSubnetCidr type: - namedType: com.github.openshift.api.config.v1alpha1.ImageSigstoreVerificationPolicy - default: {} - - name: scopes + list: + elementType: + scalar: string + elementRelationship: atomic + - name: network + type: + scalar: string + - name: networkSubnetCidr type: list: elementType: scalar: string elementRelationship: associative -- name: com.github.openshift.api.config.v1alpha1.ClusterImagePolicyStatus +- name: com.github.openshift.api.config.v1.VSpherePlatformSpec map: fields: - - name: conditions + - name: apiServerInternalIPs + type: + list: + elementType: + scalar: string + elementRelationship: atomic + - name: failureDomains type: list: elementType: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Condition + namedType: com.github.openshift.api.config.v1.VSpherePlatformFailureDomainSpec elementRelationship: associative keys: - - type -- name: com.github.openshift.api.config.v1alpha1.ClusterMonitoring - map: - fields: - - name: apiVersion - type: - scalar: string - - name: kind - type: - scalar: string - - name: metadata - type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta - default: {} - - name: spec - type: - namedType: com.github.openshift.api.config.v1alpha1.ClusterMonitoringSpec - default: {} - - name: status - type: - namedType: com.github.openshift.api.config.v1alpha1.ClusterMonitoringStatus - default: {} -- name: com.github.openshift.api.config.v1alpha1.ClusterMonitoringSpec - map: - fields: - - name: alertmanagerConfig - type: - namedType: com.github.openshift.api.config.v1alpha1.AlertmanagerConfig - default: {} - - name: metricsServerConfig + - name + - name: ingressIPs type: - namedType: com.github.openshift.api.config.v1alpha1.MetricsServerConfig - default: {} - - name: prometheusOperatorConfig + list: + elementType: + scalar: string + elementRelationship: atomic + - name: machineNetworks type: - namedType: com.github.openshift.api.config.v1alpha1.PrometheusOperatorConfig - default: {} - - name: userDefined + list: + elementType: + scalar: string + elementRelationship: atomic + - name: nodeNetworking type: - namedType: com.github.openshift.api.config.v1alpha1.UserDefinedMonitoring + namedType: com.github.openshift.api.config.v1.VSpherePlatformNodeNetworking default: {} -- name: com.github.openshift.api.config.v1alpha1.ClusterMonitoringStatus - map: - elementType: - scalar: untyped - list: - elementType: - namedType: __untyped_atomic_ - elementRelationship: atomic - map: - elementType: - namedType: __untyped_deduced_ - elementRelationship: separable -- name: com.github.openshift.api.config.v1alpha1.ContainerResource - map: - fields: - - name: limit - type: - namedType: io.k8s.apimachinery.pkg.api.resource.Quantity - - name: name - type: - scalar: string - - name: request + - name: vcenters type: - namedType: io.k8s.apimachinery.pkg.api.resource.Quantity -- name: com.github.openshift.api.config.v1alpha1.EtcdBackupSpec + list: + elementType: + namedType: com.github.openshift.api.config.v1.VSpherePlatformVCenterSpec + elementRelationship: atomic +- name: com.github.openshift.api.config.v1.VSpherePlatformStatus map: fields: - - name: pvcName + - name: apiServerInternalIP type: scalar: string - default: "" - - name: retentionPolicy - type: - namedType: com.github.openshift.api.config.v1alpha1.RetentionPolicy - default: {} - - name: schedule + - name: apiServerInternalIPs type: - scalar: string - default: "" - - name: timeZone + list: + elementType: + scalar: string + elementRelationship: atomic + - name: dnsRecordsType type: scalar: string - default: "" -- name: com.github.openshift.api.config.v1alpha1.GatherConfig - map: - fields: - - name: dataPolicy + - name: ingressIP type: scalar: string - - name: disabledGatherers + - name: ingressIPs type: list: elementType: scalar: string elementRelationship: atomic - - name: storage + - name: loadBalancer type: - namedType: com.github.openshift.api.config.v1alpha1.Storage -- name: com.github.openshift.api.config.v1alpha1.ImagePolicy - map: - fields: - - name: apiVersion + namedType: com.github.openshift.api.config.v1.VSpherePlatformLoadBalancer + default: + type: OpenShiftManagedDefault + - name: machineNetworks type: - scalar: string - - name: kind + list: + elementType: + scalar: string + elementRelationship: atomic + - name: nodeDNSIP type: scalar: string - - name: metadata - type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta - default: {} - - name: spec - type: - namedType: com.github.openshift.api.config.v1alpha1.ImagePolicySpec - default: {} - - name: status - type: - namedType: com.github.openshift.api.config.v1alpha1.ImagePolicyStatus - default: {} -- name: com.github.openshift.api.config.v1alpha1.ImagePolicyFulcioCAWithRekorRootOfTrust +- name: com.github.openshift.api.config.v1.VSpherePlatformTopology map: fields: - - name: fulcioCAData + - name: computeCluster type: scalar: string - - name: fulcioSubject - type: - namedType: com.github.openshift.api.config.v1alpha1.PolicyFulcioSubject - default: {} - - name: rekorKeyData + default: "" + - name: datacenter type: scalar: string -- name: com.github.openshift.api.config.v1alpha1.ImagePolicyPKIRootOfTrust - map: - fields: - - name: caIntermediatesData + default: "" + - name: datastore type: scalar: string - - name: caRootsData + default: "" + - name: folder type: scalar: string - - name: pkiCertificateSubject + - name: networks type: - namedType: com.github.openshift.api.config.v1alpha1.PKICertificateSubject - default: {} -- name: com.github.openshift.api.config.v1alpha1.ImagePolicyPublicKeyRootOfTrust - map: - fields: - - name: keyData + list: + elementType: + scalar: string + elementRelationship: atomic + - name: resourcePool type: scalar: string - - name: rekorKeyData + - name: template type: scalar: string -- name: com.github.openshift.api.config.v1alpha1.ImagePolicySpec +- name: com.github.openshift.api.config.v1.VSpherePlatformVCenterSpec map: fields: - - name: policy - type: - namedType: com.github.openshift.api.config.v1alpha1.ImageSigstoreVerificationPolicy - default: {} - - name: scopes + - name: datacenters type: list: elementType: scalar: string elementRelationship: associative -- name: com.github.openshift.api.config.v1alpha1.ImagePolicyStatus + - name: port + type: + scalar: numeric + - name: server + type: + scalar: string + default: "" +- name: com.github.openshift.api.config.v1.WebhookTokenAuthenticator map: fields: - - name: conditions + - name: kubeConfig type: - list: - elementType: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Condition - elementRelationship: associative - keys: - - type -- name: com.github.openshift.api.config.v1alpha1.ImageSigstoreVerificationPolicy + namedType: com.github.openshift.api.config.v1.SecretNameReference + default: {} +- name: com.github.openshift.api.config.v1alpha1.AdditionalAlertmanagerConfig map: fields: - - name: rootOfTrust + - name: authorization type: - namedType: com.github.openshift.api.config.v1alpha1.PolicyRootOfTrust + namedType: com.github.openshift.api.config.v1alpha1.AuthorizationConfig default: {} - - name: signedIdentity + - name: name type: - namedType: com.github.openshift.api.config.v1alpha1.PolicyIdentity - default: {} -- name: com.github.openshift.api.config.v1alpha1.InsightsDataGather - map: - fields: - - name: apiVersion + scalar: string + - name: pathPrefix type: scalar: string - - name: kind + - name: scheme type: scalar: string - - name: metadata + - name: staticConfigs type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta - default: {} - - name: spec + list: + elementType: + scalar: string + elementRelationship: associative + - name: timeoutSeconds type: - namedType: com.github.openshift.api.config.v1alpha1.InsightsDataGatherSpec - default: {} - - name: status + scalar: numeric + - name: tlsConfig type: - namedType: com.github.openshift.api.config.v1alpha1.InsightsDataGatherStatus + namedType: com.github.openshift.api.config.v1alpha1.TLSConfig default: {} -- name: com.github.openshift.api.config.v1alpha1.InsightsDataGatherSpec +- name: com.github.openshift.api.config.v1alpha1.AlertmanagerConfig map: fields: - - name: gatherConfig + - name: customConfig type: - namedType: com.github.openshift.api.config.v1alpha1.GatherConfig + namedType: com.github.openshift.api.config.v1alpha1.AlertmanagerCustomConfig default: {} -- name: com.github.openshift.api.config.v1alpha1.InsightsDataGatherStatus - map: - elementType: - scalar: untyped - list: - elementType: - namedType: __untyped_atomic_ - elementRelationship: atomic - map: - elementType: - namedType: __untyped_deduced_ - elementRelationship: separable -- name: com.github.openshift.api.config.v1alpha1.MetricsServerConfig + - name: deploymentMode + type: + scalar: string +- name: com.github.openshift.api.config.v1alpha1.AlertmanagerCustomConfig map: fields: - - name: audit + - name: logLevel type: - namedType: com.github.openshift.api.config.v1alpha1.Audit - default: {} + scalar: string - name: nodeSelector type: map: @@ -4552,258 +4750,307 @@ var schemaYAML = typed.YAMLObject(`types: elementRelationship: associative keys: - name + - name: secrets + type: + list: + elementType: + scalar: string + elementRelationship: associative - name: tolerations type: list: elementType: - namedType: io.k8s.api.core.v1.Toleration + namedType: Toleration.v1.core.api.k8s.io elementRelationship: atomic - name: topologySpreadConstraints type: list: elementType: - namedType: io.k8s.api.core.v1.TopologySpreadConstraint + namedType: TopologySpreadConstraint.v1.core.api.k8s.io elementRelationship: associative keys: - topologyKey - whenUnsatisfiable - - name: verbosity - type: - scalar: string -- name: com.github.openshift.api.config.v1alpha1.PKICertificateSubject - map: - fields: - - name: email - type: - scalar: string - - name: hostname + - name: volumeClaimTemplate type: - scalar: string -- name: com.github.openshift.api.config.v1alpha1.PersistentVolumeClaimReference + namedType: PersistentVolumeClaim.v1.core.api.k8s.io +- name: com.github.openshift.api.config.v1alpha1.Audit map: fields: - - name: name + - name: profile type: scalar: string - default: "" -- name: com.github.openshift.api.config.v1alpha1.PersistentVolumeConfig +- name: com.github.openshift.api.config.v1alpha1.AuthorizationConfig map: fields: - - name: claim + - name: bearerToken type: - namedType: com.github.openshift.api.config.v1alpha1.PersistentVolumeClaimReference + namedType: com.github.openshift.api.config.v1alpha1.SecretKeySelector default: {} - - name: mountPath + - name: type type: scalar: string -- name: com.github.openshift.api.config.v1alpha1.PolicyFulcioSubject + unions: + - discriminator: type + fields: + - fieldName: bearerToken + discriminatorValue: BearerToken +- name: com.github.openshift.api.config.v1alpha1.Backup map: fields: - - name: oidcIssuer + - name: apiVersion type: scalar: string - default: "" - - name: signedEmail + - name: kind type: scalar: string - default: "" -- name: com.github.openshift.api.config.v1alpha1.PolicyIdentity - map: - fields: - - name: exactRepository + - name: metadata type: - namedType: com.github.openshift.api.config.v1alpha1.PolicyMatchExactRepository - - name: matchPolicy + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io + default: {} + - name: spec type: - scalar: string - default: "" - - name: remapIdentity + namedType: com.github.openshift.api.config.v1alpha1.BackupSpec + default: {} + - name: status type: - namedType: com.github.openshift.api.config.v1alpha1.PolicyMatchRemapIdentity - unions: - - discriminator: matchPolicy - fields: - - fieldName: exactRepository - discriminatorValue: PolicyMatchExactRepository - - fieldName: remapIdentity - discriminatorValue: PolicyMatchRemapIdentity -- name: com.github.openshift.api.config.v1alpha1.PolicyMatchExactRepository + namedType: com.github.openshift.api.config.v1alpha1.BackupStatus + default: {} +- name: com.github.openshift.api.config.v1alpha1.BackupSpec map: fields: - - name: repository + - name: etcd type: - scalar: string - default: "" -- name: com.github.openshift.api.config.v1alpha1.PolicyMatchRemapIdentity + namedType: com.github.openshift.api.config.v1alpha1.EtcdBackupSpec + default: {} +- name: com.github.openshift.api.config.v1alpha1.BackupStatus + map: + elementType: + scalar: untyped + list: + elementType: + namedType: __untyped_atomic_ + elementRelationship: atomic + map: + elementType: + namedType: __untyped_deduced_ + elementRelationship: separable +- name: com.github.openshift.api.config.v1alpha1.BasicAuth map: fields: - - name: prefix + - name: password type: - scalar: string - default: "" - - name: signedPrefix + namedType: com.github.openshift.api.config.v1alpha1.SecretKeySelector + default: {} + - name: username type: - scalar: string - default: "" -- name: com.github.openshift.api.config.v1alpha1.PolicyRootOfTrust + namedType: com.github.openshift.api.config.v1alpha1.SecretKeySelector + default: {} +- name: com.github.openshift.api.config.v1alpha1.CRIOCredentialProviderConfig map: fields: - - name: fulcioCAWithRekor - type: - namedType: com.github.openshift.api.config.v1alpha1.ImagePolicyFulcioCAWithRekorRootOfTrust - - name: pki + - name: apiVersion type: - namedType: com.github.openshift.api.config.v1alpha1.ImagePolicyPKIRootOfTrust - - name: policyType + scalar: string + - name: kind type: scalar: string - default: "" - - name: publicKey + - name: metadata type: - namedType: com.github.openshift.api.config.v1alpha1.ImagePolicyPublicKeyRootOfTrust - unions: - - discriminator: policyType - fields: - - fieldName: fulcioCAWithRekor - discriminatorValue: FulcioCAWithRekor - - fieldName: pki - discriminatorValue: PKI - - fieldName: publicKey - discriminatorValue: PublicKey -- name: com.github.openshift.api.config.v1alpha1.PrometheusOperatorConfig + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io + default: {} + - name: spec + type: + namedType: com.github.openshift.api.config.v1alpha1.CRIOCredentialProviderConfigSpec + - name: status + type: + namedType: com.github.openshift.api.config.v1alpha1.CRIOCredentialProviderConfigStatus + default: {} +- name: com.github.openshift.api.config.v1alpha1.CRIOCredentialProviderConfigSpec map: fields: - - name: logLevel - type: - scalar: string - - name: nodeSelector + - name: matchImages type: - map: + list: elementType: scalar: string - - name: resources + elementRelationship: associative +- name: com.github.openshift.api.config.v1alpha1.CRIOCredentialProviderConfigStatus + map: + fields: + - name: conditions type: list: elementType: - namedType: com.github.openshift.api.config.v1alpha1.ContainerResource + namedType: Condition.v1.meta.apis.pkg.apimachinery.k8s.io elementRelationship: associative keys: - - name - - name: tolerations + - type +- name: com.github.openshift.api.config.v1alpha1.CertificateConfig + map: + fields: + - name: key type: - list: - elementType: - namedType: io.k8s.api.core.v1.Toleration - elementRelationship: atomic - - name: topologySpreadConstraints + namedType: com.github.openshift.api.config.v1alpha1.KeyConfig + default: {} +- name: com.github.openshift.api.config.v1alpha1.ClusterMonitoring + map: + fields: + - name: apiVersion type: - list: - elementType: - namedType: io.k8s.api.core.v1.TopologySpreadConstraint - elementRelationship: associative - keys: - - topologyKey - - whenUnsatisfiable -- name: com.github.openshift.api.config.v1alpha1.RetentionNumberConfig + scalar: string + - name: kind + type: + scalar: string + - name: metadata + type: + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io + default: {} + - name: spec + type: + namedType: com.github.openshift.api.config.v1alpha1.ClusterMonitoringSpec + default: {} + - name: status + type: + namedType: com.github.openshift.api.config.v1alpha1.ClusterMonitoringStatus + default: {} +- name: com.github.openshift.api.config.v1alpha1.ClusterMonitoringSpec map: fields: - - name: maxNumberOfBackups + - name: alertmanagerConfig type: - scalar: numeric - default: 0 -- name: com.github.openshift.api.config.v1alpha1.RetentionPolicy + namedType: com.github.openshift.api.config.v1alpha1.AlertmanagerConfig + default: {} + - name: metricsServerConfig + type: + namedType: com.github.openshift.api.config.v1alpha1.MetricsServerConfig + default: {} + - name: openShiftStateMetricsConfig + type: + namedType: com.github.openshift.api.config.v1alpha1.OpenShiftStateMetricsConfig + default: {} + - name: prometheusConfig + type: + namedType: com.github.openshift.api.config.v1alpha1.PrometheusConfig + default: {} + - name: prometheusOperatorAdmissionWebhookConfig + type: + namedType: com.github.openshift.api.config.v1alpha1.PrometheusOperatorAdmissionWebhookConfig + default: {} + - name: prometheusOperatorConfig + type: + namedType: com.github.openshift.api.config.v1alpha1.PrometheusOperatorConfig + default: {} + - name: userDefined + type: + namedType: com.github.openshift.api.config.v1alpha1.UserDefinedMonitoring + default: {} +- name: com.github.openshift.api.config.v1alpha1.ClusterMonitoringStatus + map: + elementType: + scalar: untyped + list: + elementType: + namedType: __untyped_atomic_ + elementRelationship: atomic + map: + elementType: + namedType: __untyped_deduced_ + elementRelationship: separable +- name: com.github.openshift.api.config.v1alpha1.ContainerResource map: fields: - - name: retentionNumber - type: - namedType: com.github.openshift.api.config.v1alpha1.RetentionNumberConfig - - name: retentionSize + - name: limit type: - namedType: com.github.openshift.api.config.v1alpha1.RetentionSizeConfig - - name: retentionType + namedType: Quantity.resource.api.pkg.apimachinery.k8s.io + - name: name type: scalar: string - default: "" - unions: - - discriminator: retentionType - fields: - - fieldName: retentionNumber - discriminatorValue: RetentionNumber - - fieldName: retentionSize - discriminatorValue: RetentionSize -- name: com.github.openshift.api.config.v1alpha1.RetentionSizeConfig + - name: request + type: + namedType: Quantity.resource.api.pkg.apimachinery.k8s.io +- name: com.github.openshift.api.config.v1alpha1.CustomPKIPolicy map: fields: - - name: maxSizeOfBackupsGb + - name: clientCertificates type: - scalar: numeric - default: 0 -- name: com.github.openshift.api.config.v1alpha1.Storage + namedType: com.github.openshift.api.config.v1alpha1.CertificateConfig + default: {} + - name: defaults + type: + namedType: com.github.openshift.api.config.v1alpha1.DefaultCertificateConfig + default: {} + - name: servingCertificates + type: + namedType: com.github.openshift.api.config.v1alpha1.CertificateConfig + default: {} + - name: signerCertificates + type: + namedType: com.github.openshift.api.config.v1alpha1.CertificateConfig + default: {} +- name: com.github.openshift.api.config.v1alpha1.DefaultCertificateConfig map: fields: - - name: persistentVolume + - name: key type: - namedType: com.github.openshift.api.config.v1alpha1.PersistentVolumeConfig - - name: type + namedType: com.github.openshift.api.config.v1alpha1.KeyConfig + default: {} +- name: com.github.openshift.api.config.v1alpha1.DropEqualActionConfig + map: + fields: + - name: targetLabel type: scalar: string - default: "" -- name: com.github.openshift.api.config.v1alpha1.UserDefinedMonitoring +- name: com.github.openshift.api.config.v1alpha1.ECDSAKeyConfig map: fields: - - name: mode + - name: curve type: scalar: string - default: "" -- name: com.github.openshift.api.config.v1alpha2.Custom +- name: com.github.openshift.api.config.v1alpha1.EtcdBackupSpec map: fields: - - name: configs + - name: pvcName type: - list: - elementType: - namedType: com.github.openshift.api.config.v1alpha2.GathererConfig - elementRelationship: associative - keys: - - name -- name: com.github.openshift.api.config.v1alpha2.GatherConfig + scalar: string + default: "" + - name: retentionPolicy + type: + namedType: com.github.openshift.api.config.v1alpha1.RetentionPolicy + default: {} + - name: schedule + type: + scalar: string + default: "" + - name: timeZone + type: + scalar: string + default: "" +- name: com.github.openshift.api.config.v1alpha1.GatherConfig map: fields: - name: dataPolicy + type: + scalar: string + - name: disabledGatherers type: list: elementType: scalar: string elementRelationship: atomic - - name: gatherers - type: - namedType: com.github.openshift.api.config.v1alpha2.Gatherers - default: {} - name: storage type: - namedType: com.github.openshift.api.config.v1alpha2.Storage -- name: com.github.openshift.api.config.v1alpha2.GathererConfig - map: - fields: - - name: name - type: - scalar: string - default: "" - - name: state - type: - scalar: string - default: "" -- name: com.github.openshift.api.config.v1alpha2.Gatherers + namedType: com.github.openshift.api.config.v1alpha1.Storage +- name: com.github.openshift.api.config.v1alpha1.HashModActionConfig map: fields: - - name: custom + - name: modulus type: - namedType: com.github.openshift.api.config.v1alpha2.Custom - - name: mode + scalar: numeric + - name: targetLabel type: scalar: string - default: "" -- name: com.github.openshift.api.config.v1alpha2.InsightsDataGather +- name: com.github.openshift.api.config.v1alpha1.InsightsDataGather map: fields: - name: apiVersion @@ -4814,24 +5061,24 @@ var schemaYAML = typed.YAMLObject(`types: scalar: string - name: metadata type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io default: {} - name: spec type: - namedType: com.github.openshift.api.config.v1alpha2.InsightsDataGatherSpec + namedType: com.github.openshift.api.config.v1alpha1.InsightsDataGatherSpec default: {} - name: status type: - namedType: com.github.openshift.api.config.v1alpha2.InsightsDataGatherStatus + namedType: com.github.openshift.api.config.v1alpha1.InsightsDataGatherStatus default: {} -- name: com.github.openshift.api.config.v1alpha2.InsightsDataGatherSpec +- name: com.github.openshift.api.config.v1alpha1.InsightsDataGatherSpec map: fields: - name: gatherConfig type: - namedType: com.github.openshift.api.config.v1alpha2.GatherConfig + namedType: com.github.openshift.api.config.v1alpha1.GatherConfig default: {} -- name: com.github.openshift.api.config.v1alpha2.InsightsDataGatherStatus +- name: com.github.openshift.api.config.v1alpha1.InsightsDataGatherStatus map: elementType: scalar: untyped @@ -4843,121 +5090,177 @@ var schemaYAML = typed.YAMLObject(`types: elementType: namedType: __untyped_deduced_ elementRelationship: separable -- name: com.github.openshift.api.config.v1alpha2.PersistentVolumeClaimReference +- name: com.github.openshift.api.config.v1alpha1.KeepEqualActionConfig map: fields: - - name: name + - name: targetLabel type: scalar: string - default: "" -- name: com.github.openshift.api.config.v1alpha2.PersistentVolumeConfig +- name: com.github.openshift.api.config.v1alpha1.KeyConfig map: fields: - - name: claim + - name: algorithm type: - namedType: com.github.openshift.api.config.v1alpha2.PersistentVolumeClaimReference + scalar: string + - name: ecdsa + type: + namedType: com.github.openshift.api.config.v1alpha1.ECDSAKeyConfig default: {} - - name: mountPath + - name: rsa type: - scalar: string -- name: com.github.openshift.api.config.v1alpha2.Storage + namedType: com.github.openshift.api.config.v1alpha1.RSAKeyConfig + default: {} + unions: + - discriminator: algorithm + fields: + - fieldName: ecdsa + discriminatorValue: ECDSA + - fieldName: rsa + discriminatorValue: RSA +- name: com.github.openshift.api.config.v1alpha1.Label map: fields: - - name: persistentVolume + - name: key type: - namedType: com.github.openshift.api.config.v1alpha2.PersistentVolumeConfig - - name: type + scalar: string + - name: value type: scalar: string - default: "" -- name: io.k8s.api.core.v1.ConfigMapKeySelector +- name: com.github.openshift.api.config.v1alpha1.LabelMapActionConfig map: fields: - - name: key + - name: replacement type: scalar: string - default: "" - - name: name +- name: com.github.openshift.api.config.v1alpha1.LowercaseActionConfig + map: + fields: + - name: targetLabel type: scalar: string - default: "" - - name: optional - type: - scalar: boolean - elementRelationship: atomic -- name: io.k8s.api.core.v1.EnvVar +- name: com.github.openshift.api.config.v1alpha1.MetadataConfig map: fields: - - name: name + - name: custom type: - scalar: string - default: "" - - name: value + namedType: com.github.openshift.api.config.v1alpha1.MetadataConfigCustom + default: {} + - name: sendPolicy type: scalar: string - - name: valueFrom +- name: com.github.openshift.api.config.v1alpha1.MetadataConfigCustom + map: + fields: + - name: sendIntervalSeconds type: - namedType: io.k8s.api.core.v1.EnvVarSource -- name: io.k8s.api.core.v1.EnvVarSource + scalar: numeric +- name: com.github.openshift.api.config.v1alpha1.MetricsServerConfig map: fields: - - name: configMapKeyRef + - name: audit type: - namedType: io.k8s.api.core.v1.ConfigMapKeySelector - - name: fieldRef + namedType: com.github.openshift.api.config.v1alpha1.Audit + default: {} + - name: nodeSelector type: - namedType: io.k8s.api.core.v1.ObjectFieldSelector - - name: fileKeyRef + map: + elementType: + scalar: string + - name: resources type: - namedType: io.k8s.api.core.v1.FileKeySelector - - name: resourceFieldRef + list: + elementType: + namedType: com.github.openshift.api.config.v1alpha1.ContainerResource + elementRelationship: associative + keys: + - name + - name: tolerations type: - namedType: io.k8s.api.core.v1.ResourceFieldSelector - - name: secretKeyRef + list: + elementType: + namedType: Toleration.v1.core.api.k8s.io + elementRelationship: atomic + - name: topologySpreadConstraints + type: + list: + elementType: + namedType: TopologySpreadConstraint.v1.core.api.k8s.io + elementRelationship: associative + keys: + - topologyKey + - whenUnsatisfiable + - name: verbosity type: - namedType: io.k8s.api.core.v1.SecretKeySelector -- name: io.k8s.api.core.v1.FileKeySelector + scalar: string +- name: com.github.openshift.api.config.v1alpha1.OAuth2 map: fields: - - name: key + - name: clientId type: - scalar: string - default: "" - - name: optional + namedType: com.github.openshift.api.config.v1alpha1.SecretKeySelector + default: {} + - name: clientSecret type: - scalar: boolean - default: false - - name: path + namedType: com.github.openshift.api.config.v1alpha1.SecretKeySelector + default: {} + - name: endpointParams type: - scalar: string - default: "" - - name: volumeName + list: + elementType: + namedType: com.github.openshift.api.config.v1alpha1.OAuth2EndpointParam + elementRelationship: associative + keys: + - name + - name: scopes + type: + list: + elementType: + scalar: string + elementRelationship: atomic + - name: tokenUrl type: scalar: string - default: "" - elementRelationship: atomic -- name: io.k8s.api.core.v1.ModifyVolumeStatus +- name: com.github.openshift.api.config.v1alpha1.OAuth2EndpointParam map: fields: - - name: status + - name: name type: scalar: string - default: "" - - name: targetVolumeAttributesClassName + - name: value type: scalar: string -- name: io.k8s.api.core.v1.ObjectFieldSelector +- name: com.github.openshift.api.config.v1alpha1.OpenShiftStateMetricsConfig map: fields: - - name: apiVersion + - name: nodeSelector type: - scalar: string - - name: fieldPath + map: + elementType: + scalar: string + - name: resources type: - scalar: string - default: "" - elementRelationship: atomic -- name: io.k8s.api.core.v1.PersistentVolumeClaim + list: + elementType: + namedType: com.github.openshift.api.config.v1alpha1.ContainerResource + elementRelationship: associative + keys: + - name + - name: tolerations + type: + list: + elementType: + namedType: Toleration.v1.core.api.k8s.io + elementRelationship: atomic + - name: topologySpreadConstraints + type: + list: + elementType: + namedType: TopologySpreadConstraint.v1.core.api.k8s.io + elementRelationship: associative + keys: + - topologyKey + - whenUnsatisfiable +- name: com.github.openshift.api.config.v1alpha1.PKI map: fields: - name: apiVersion @@ -4968,460 +5271,585 @@ var schemaYAML = typed.YAMLObject(`types: scalar: string - name: metadata type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io default: {} - name: spec type: - namedType: io.k8s.api.core.v1.PersistentVolumeClaimSpec - default: {} - - name: status - type: - namedType: io.k8s.api.core.v1.PersistentVolumeClaimStatus + namedType: com.github.openshift.api.config.v1alpha1.PKISpec default: {} -- name: io.k8s.api.core.v1.PersistentVolumeClaimCondition +- name: com.github.openshift.api.config.v1alpha1.PKICertificateManagement map: fields: - - name: lastProbeTime - type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Time - - name: lastTransitionTime + - name: custom type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Time - - name: message + namedType: com.github.openshift.api.config.v1alpha1.CustomPKIPolicy + default: {} + - name: mode type: scalar: string - - name: reason + unions: + - discriminator: mode + fields: + - fieldName: custom + discriminatorValue: Custom +- name: com.github.openshift.api.config.v1alpha1.PKISpec + map: + fields: + - name: certificateManagement type: - scalar: string - - name: status + namedType: com.github.openshift.api.config.v1alpha1.PKICertificateManagement + default: {} +- name: com.github.openshift.api.config.v1alpha1.PersistentVolumeClaimReference + map: + fields: + - name: name type: scalar: string default: "" - - name: type +- name: com.github.openshift.api.config.v1alpha1.PersistentVolumeConfig + map: + fields: + - name: claim + type: + namedType: com.github.openshift.api.config.v1alpha1.PersistentVolumeClaimReference + default: {} + - name: mountPath type: scalar: string - default: "" -- name: io.k8s.api.core.v1.PersistentVolumeClaimSpec +- name: com.github.openshift.api.config.v1alpha1.PrometheusConfig map: fields: - - name: accessModes + - name: additionalAlertmanagerConfigs type: list: elementType: - scalar: string - elementRelationship: atomic - - name: dataSource - type: - namedType: io.k8s.api.core.v1.TypedLocalObjectReference - - name: dataSourceRef - type: - namedType: io.k8s.api.core.v1.TypedObjectReference - - name: resources + namedType: com.github.openshift.api.config.v1alpha1.AdditionalAlertmanagerConfig + elementRelationship: associative + keys: + - name + - name: collectionProfile type: - namedType: io.k8s.api.core.v1.VolumeResourceRequirements - default: {} - - name: selector + scalar: string + - name: enforcedBodySizeLimitBytes type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector - - name: storageClassName + scalar: numeric + - name: externalLabels type: - scalar: string - - name: volumeAttributesClassName + list: + elementType: + namedType: com.github.openshift.api.config.v1alpha1.Label + elementRelationship: associative + keys: + - key + - name: logLevel type: scalar: string - - name: volumeMode + - name: nodeSelector type: - scalar: string - - name: volumeName + map: + elementType: + scalar: string + - name: queryLogFile type: scalar: string -- name: io.k8s.api.core.v1.PersistentVolumeClaimStatus - map: - fields: - - name: accessModes + - name: remoteWrite type: list: elementType: - scalar: string - elementRelationship: atomic - - name: allocatedResourceStatuses + namedType: com.github.openshift.api.config.v1alpha1.RemoteWriteSpec + elementRelationship: associative + keys: + - name + - name: resources type: - map: + list: elementType: - scalar: string - elementRelationship: separable - - name: allocatedResources + namedType: com.github.openshift.api.config.v1alpha1.ContainerResource + elementRelationship: associative + keys: + - name + - name: retention type: - map: - elementType: - namedType: io.k8s.apimachinery.pkg.api.resource.Quantity - - name: capacity + namedType: com.github.openshift.api.config.v1alpha1.Retention + default: {} + - name: tolerations type: - map: + list: elementType: - namedType: io.k8s.apimachinery.pkg.api.resource.Quantity - - name: conditions + namedType: Toleration.v1.core.api.k8s.io + elementRelationship: atomic + - name: topologySpreadConstraints type: list: elementType: - namedType: io.k8s.api.core.v1.PersistentVolumeClaimCondition + namedType: TopologySpreadConstraint.v1.core.api.k8s.io elementRelationship: associative keys: - - type - - name: currentVolumeAttributesClassName - type: - scalar: string - - name: modifyVolumeStatus - type: - namedType: io.k8s.api.core.v1.ModifyVolumeStatus - - name: phase + - topologyKey + - whenUnsatisfiable + - name: volumeClaimTemplate type: - scalar: string -- name: io.k8s.api.core.v1.ResourceClaim + namedType: PersistentVolumeClaim.v1.core.api.k8s.io +- name: com.github.openshift.api.config.v1alpha1.PrometheusOperatorAdmissionWebhookConfig map: fields: - - name: name + - name: resources type: - scalar: string - default: "" - - name: request + list: + elementType: + namedType: com.github.openshift.api.config.v1alpha1.ContainerResource + elementRelationship: associative + keys: + - name + - name: topologySpreadConstraints type: - scalar: string -- name: io.k8s.api.core.v1.ResourceFieldSelector + list: + elementType: + namedType: TopologySpreadConstraint.v1.core.api.k8s.io + elementRelationship: associative + keys: + - topologyKey + - whenUnsatisfiable +- name: com.github.openshift.api.config.v1alpha1.PrometheusOperatorConfig map: fields: - - name: containerName + - name: logLevel type: scalar: string - - name: divisor - type: - namedType: io.k8s.apimachinery.pkg.api.resource.Quantity - - name: resource + - name: nodeSelector type: - scalar: string - default: "" - elementRelationship: atomic -- name: io.k8s.api.core.v1.ResourceRequirements - map: - fields: - - name: claims + map: + elementType: + scalar: string + - name: resources type: list: elementType: - namedType: io.k8s.api.core.v1.ResourceClaim + namedType: com.github.openshift.api.config.v1alpha1.ContainerResource elementRelationship: associative keys: - name - - name: limits + - name: tolerations type: - map: + list: elementType: - namedType: io.k8s.apimachinery.pkg.api.resource.Quantity - - name: requests + namedType: Toleration.v1.core.api.k8s.io + elementRelationship: atomic + - name: topologySpreadConstraints type: - map: + list: elementType: - namedType: io.k8s.apimachinery.pkg.api.resource.Quantity -- name: io.k8s.api.core.v1.SecretKeySelector + namedType: TopologySpreadConstraint.v1.core.api.k8s.io + elementRelationship: associative + keys: + - topologyKey + - whenUnsatisfiable +- name: com.github.openshift.api.config.v1alpha1.PrometheusRemoteWriteHeader map: fields: - - name: key - type: - scalar: string - default: "" - name: name type: scalar: string - default: "" - - name: optional + - name: value type: - scalar: boolean - elementRelationship: atomic -- name: io.k8s.api.core.v1.Toleration + scalar: string +- name: com.github.openshift.api.config.v1alpha1.QueueConfig map: fields: - - name: effect + - name: batchSendDeadlineSeconds type: - scalar: string - - name: key + scalar: numeric + - name: capacity type: - scalar: string - - name: operator + scalar: numeric + - name: maxBackoffMilliseconds type: - scalar: string - - name: tolerationSeconds + scalar: numeric + - name: maxSamplesPerSend type: scalar: numeric - - name: value + - name: maxShards + type: + scalar: numeric + - name: minBackoffMilliseconds + type: + scalar: numeric + - name: minShards + type: + scalar: numeric + - name: rateLimitedAction type: scalar: string -- name: io.k8s.api.core.v1.TopologySpreadConstraint +- name: com.github.openshift.api.config.v1alpha1.RSAKeyConfig map: fields: - - name: labelSelector + - name: keySize type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector - - name: matchLabelKeys + scalar: numeric +- name: com.github.openshift.api.config.v1alpha1.RelabelActionConfig + map: + fields: + - name: dropEqual type: - list: - elementType: - scalar: string - elementRelationship: atomic - - name: maxSkew + namedType: com.github.openshift.api.config.v1alpha1.DropEqualActionConfig + default: {} + - name: hashMod type: - scalar: numeric - default: 0 - - name: minDomains + namedType: com.github.openshift.api.config.v1alpha1.HashModActionConfig + default: {} + - name: keepEqual type: - scalar: numeric - - name: nodeAffinityPolicy + namedType: com.github.openshift.api.config.v1alpha1.KeepEqualActionConfig + default: {} + - name: labelMap + type: + namedType: com.github.openshift.api.config.v1alpha1.LabelMapActionConfig + default: {} + - name: lowercase + type: + namedType: com.github.openshift.api.config.v1alpha1.LowercaseActionConfig + default: {} + - name: replace + type: + namedType: com.github.openshift.api.config.v1alpha1.ReplaceActionConfig + default: {} + - name: type type: scalar: string - - name: nodeTaintsPolicy + - name: uppercase + type: + namedType: com.github.openshift.api.config.v1alpha1.UppercaseActionConfig + default: {} + unions: + - discriminator: type + fields: + - fieldName: dropEqual + discriminatorValue: DropEqual + - fieldName: hashMod + discriminatorValue: HashMod + - fieldName: keepEqual + discriminatorValue: KeepEqual + - fieldName: labelMap + discriminatorValue: LabelMap + - fieldName: lowercase + discriminatorValue: Lowercase + - fieldName: replace + discriminatorValue: Replace + - fieldName: uppercase + discriminatorValue: Uppercase +- name: com.github.openshift.api.config.v1alpha1.RelabelConfig + map: + fields: + - name: action + type: + namedType: com.github.openshift.api.config.v1alpha1.RelabelActionConfig + default: {} + - name: name type: scalar: string - - name: topologyKey + - name: regex type: scalar: string - default: "" - - name: whenUnsatisfiable + - name: separator type: scalar: string - default: "" -- name: io.k8s.api.core.v1.TypedLocalObjectReference + - name: sourceLabels + type: + list: + elementType: + scalar: string + elementRelationship: associative +- name: com.github.openshift.api.config.v1alpha1.RemoteWriteAuthorization map: fields: - - name: apiGroup + - name: basicAuth + type: + namedType: com.github.openshift.api.config.v1alpha1.BasicAuth + default: {} + - name: bearerToken + type: + namedType: com.github.openshift.api.config.v1alpha1.SecretKeySelector + default: {} + - name: oauth2 + type: + namedType: com.github.openshift.api.config.v1alpha1.OAuth2 + default: {} + - name: safeAuthorization + type: + namedType: SecretKeySelector.v1.core.api.k8s.io + - name: sigv4 + type: + namedType: com.github.openshift.api.config.v1alpha1.Sigv4 + default: {} + - name: type type: scalar: string - - name: kind + unions: + - discriminator: type + fields: + - fieldName: basicAuth + discriminatorValue: BasicAuth + - fieldName: bearerToken + discriminatorValue: BearerToken + - fieldName: oauth2 + discriminatorValue: OAuth2 + - fieldName: safeAuthorization + discriminatorValue: SafeAuthorization + - fieldName: sigv4 + discriminatorValue: Sigv4 +- name: com.github.openshift.api.config.v1alpha1.RemoteWriteSpec + map: + fields: + - name: authorization + type: + namedType: com.github.openshift.api.config.v1alpha1.RemoteWriteAuthorization + default: {} + - name: exemplarsMode type: scalar: string - default: "" + - name: headers + type: + list: + elementType: + namedType: com.github.openshift.api.config.v1alpha1.PrometheusRemoteWriteHeader + elementRelationship: associative + keys: + - name + - name: metadataConfig + type: + namedType: com.github.openshift.api.config.v1alpha1.MetadataConfig + default: {} - name: name type: scalar: string - default: "" - elementRelationship: atomic -- name: io.k8s.api.core.v1.TypedObjectReference - map: - fields: - - name: apiGroup + - name: proxyUrl + type: + scalar: string + - name: queueConfig + type: + namedType: com.github.openshift.api.config.v1alpha1.QueueConfig + default: {} + - name: remoteTimeoutSeconds + type: + scalar: numeric + - name: tlsConfig + type: + namedType: com.github.openshift.api.config.v1alpha1.TLSConfig + default: {} + - name: url type: scalar: string - - name: kind + - name: writeRelabelConfigs type: - scalar: string - default: "" - - name: name + list: + elementType: + namedType: com.github.openshift.api.config.v1alpha1.RelabelConfig + elementRelationship: associative + keys: + - name +- name: com.github.openshift.api.config.v1alpha1.ReplaceActionConfig + map: + fields: + - name: replacement type: scalar: string - default: "" - - name: namespace + - name: targetLabel type: scalar: string -- name: io.k8s.api.core.v1.VolumeResourceRequirements +- name: com.github.openshift.api.config.v1alpha1.Retention map: fields: - - name: limits + - name: durationInDays type: - map: - elementType: - namedType: io.k8s.apimachinery.pkg.api.resource.Quantity - - name: requests + scalar: numeric + - name: sizeInGiB type: - map: - elementType: - namedType: io.k8s.apimachinery.pkg.api.resource.Quantity -- name: io.k8s.apimachinery.pkg.api.resource.Quantity - scalar: untyped -- name: io.k8s.apimachinery.pkg.apis.meta.v1.Condition + scalar: numeric +- name: com.github.openshift.api.config.v1alpha1.RetentionNumberConfig map: fields: - - name: lastTransitionTime - type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Time - - name: message - type: - scalar: string - default: "" - - name: observedGeneration + - name: maxNumberOfBackups type: scalar: numeric - - name: reason + default: 0 +- name: com.github.openshift.api.config.v1alpha1.RetentionPolicy + map: + fields: + - name: retentionNumber type: - scalar: string - default: "" - - name: status + namedType: com.github.openshift.api.config.v1alpha1.RetentionNumberConfig + - name: retentionSize type: - scalar: string - default: "" - - name: type + namedType: com.github.openshift.api.config.v1alpha1.RetentionSizeConfig + - name: retentionType type: scalar: string default: "" -- name: io.k8s.apimachinery.pkg.apis.meta.v1.Duration - scalar: string -- name: io.k8s.apimachinery.pkg.apis.meta.v1.FieldsV1 - map: - elementType: - scalar: untyped - list: - elementType: - namedType: __untyped_atomic_ - elementRelationship: atomic - map: - elementType: - namedType: __untyped_deduced_ - elementRelationship: separable -- name: io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector + unions: + - discriminator: retentionType + fields: + - fieldName: retentionNumber + discriminatorValue: RetentionNumber + - fieldName: retentionSize + discriminatorValue: RetentionSize +- name: com.github.openshift.api.config.v1alpha1.RetentionSizeConfig map: fields: - - name: matchExpressions - type: - list: - elementType: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelectorRequirement - elementRelationship: atomic - - name: matchLabels + - name: maxSizeOfBackupsGb type: - map: - elementType: - scalar: string - elementRelationship: atomic -- name: io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelectorRequirement + scalar: numeric + default: 0 +- name: com.github.openshift.api.config.v1alpha1.SecretKeySelector map: fields: - name: key type: scalar: string - default: "" - - name: operator + - name: name type: scalar: string - default: "" - - name: values - type: - list: - elementType: - scalar: string - elementRelationship: atomic -- name: io.k8s.apimachinery.pkg.apis.meta.v1.ManagedFieldsEntry + elementRelationship: atomic +- name: com.github.openshift.api.config.v1alpha1.Sigv4 map: fields: - - name: apiVersion - type: - scalar: string - - name: fieldsType - type: - scalar: string - - name: fieldsV1 + - name: accessKey type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.FieldsV1 - - name: manager + namedType: com.github.openshift.api.config.v1alpha1.SecretKeySelector + default: {} + - name: profile type: scalar: string - - name: operation + - name: region type: scalar: string - - name: subresource + - name: roleArn type: scalar: string - - name: time + - name: secretKey type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Time -- name: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + namedType: com.github.openshift.api.config.v1alpha1.SecretKeySelector + default: {} +- name: com.github.openshift.api.config.v1alpha1.Storage map: fields: - - name: annotations - type: - map: - elementType: - scalar: string - - name: creationTimestamp + - name: persistentVolume type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Time - - name: deletionGracePeriodSeconds + namedType: com.github.openshift.api.config.v1alpha1.PersistentVolumeConfig + - name: type type: - scalar: numeric - - name: deletionTimestamp + scalar: string + default: "" +- name: com.github.openshift.api.config.v1alpha1.TLSConfig + map: + fields: + - name: ca type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Time - - name: finalizers + namedType: com.github.openshift.api.config.v1alpha1.SecretKeySelector + default: {} + - name: cert type: - list: - elementType: - scalar: string - elementRelationship: associative - - name: generateName + namedType: com.github.openshift.api.config.v1alpha1.SecretKeySelector + default: {} + - name: certificateVerification type: scalar: string - - name: generation - type: - scalar: numeric - - name: labels + - name: key type: - map: - elementType: - scalar: string - - name: managedFields + namedType: com.github.openshift.api.config.v1alpha1.SecretKeySelector + default: {} + - name: serverName type: - list: - elementType: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ManagedFieldsEntry - elementRelationship: atomic - - name: name + scalar: string +- name: com.github.openshift.api.config.v1alpha1.UppercaseActionConfig + map: + fields: + - name: targetLabel type: scalar: string - - name: namespace +- name: com.github.openshift.api.config.v1alpha1.UserDefinedMonitoring + map: + fields: + - name: mode type: scalar: string - - name: ownerReferences + default: "" +- name: com.github.openshift.api.config.v1alpha2.Custom + map: + fields: + - name: configs type: list: elementType: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.OwnerReference + namedType: com.github.openshift.api.config.v1alpha2.GathererConfig elementRelationship: associative keys: - - uid - - name: resourceVersion + - name +- name: com.github.openshift.api.config.v1alpha2.GatherConfig + map: + fields: + - name: dataPolicy type: - scalar: string - - name: selfLink + list: + elementType: + scalar: string + elementRelationship: atomic + - name: gatherers type: - scalar: string - - name: uid + namedType: com.github.openshift.api.config.v1alpha2.Gatherers + default: {} + - name: storage type: - scalar: string -- name: io.k8s.apimachinery.pkg.apis.meta.v1.OwnerReference + namedType: com.github.openshift.api.config.v1alpha2.Storage +- name: com.github.openshift.api.config.v1alpha2.GathererConfig map: fields: - - name: apiVersion + - name: name type: scalar: string default: "" - - name: blockOwnerDeletion + - name: state type: - scalar: boolean - - name: controller + scalar: string + default: "" +- name: com.github.openshift.api.config.v1alpha2.Gatherers + map: + fields: + - name: custom type: - scalar: boolean - - name: kind + namedType: com.github.openshift.api.config.v1alpha2.Custom + - name: mode type: scalar: string default: "" - - name: name +- name: com.github.openshift.api.config.v1alpha2.InsightsDataGather + map: + fields: + - name: apiVersion type: scalar: string - default: "" - - name: uid + - name: kind type: scalar: string - default: "" - elementRelationship: atomic -- name: io.k8s.apimachinery.pkg.apis.meta.v1.Time - scalar: untyped -- name: io.k8s.apimachinery.pkg.runtime.RawExtension + - name: metadata + type: + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io + default: {} + - name: spec + type: + namedType: com.github.openshift.api.config.v1alpha2.InsightsDataGatherSpec + default: {} + - name: status + type: + namedType: com.github.openshift.api.config.v1alpha2.InsightsDataGatherStatus + default: {} +- name: com.github.openshift.api.config.v1alpha2.InsightsDataGatherSpec + map: + fields: + - name: gatherConfig + type: + namedType: com.github.openshift.api.config.v1alpha2.GatherConfig + default: {} +- name: com.github.openshift.api.config.v1alpha2.InsightsDataGatherStatus map: elementType: scalar: untyped @@ -5433,6 +5861,33 @@ var schemaYAML = typed.YAMLObject(`types: elementType: namedType: __untyped_deduced_ elementRelationship: separable +- name: com.github.openshift.api.config.v1alpha2.PersistentVolumeClaimReference + map: + fields: + - name: name + type: + scalar: string + default: "" +- name: com.github.openshift.api.config.v1alpha2.PersistentVolumeConfig + map: + fields: + - name: claim + type: + namedType: com.github.openshift.api.config.v1alpha2.PersistentVolumeClaimReference + default: {} + - name: mountPath + type: + scalar: string +- name: com.github.openshift.api.config.v1alpha2.Storage + map: + fields: + - name: persistentVolume + type: + namedType: com.github.openshift.api.config.v1alpha2.PersistentVolumeConfig + - name: type + type: + scalar: string + default: "" - name: __untyped_atomic_ scalar: untyped list: diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/utils.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/utils.go index f47ef1d30e..c01072fe57 100644 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/utils.go +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/utils.go @@ -478,22 +478,24 @@ func ForKind(kind schema.GroupVersionKind) interface{} { return &configv1.WebhookTokenAuthenticatorApplyConfiguration{} // Group=config.openshift.io, Version=v1alpha1 + case v1alpha1.SchemeGroupVersion.WithKind("AdditionalAlertmanagerConfig"): + return &configv1alpha1.AdditionalAlertmanagerConfigApplyConfiguration{} case v1alpha1.SchemeGroupVersion.WithKind("AlertmanagerConfig"): return &configv1alpha1.AlertmanagerConfigApplyConfiguration{} case v1alpha1.SchemeGroupVersion.WithKind("AlertmanagerCustomConfig"): return &configv1alpha1.AlertmanagerCustomConfigApplyConfiguration{} case v1alpha1.SchemeGroupVersion.WithKind("Audit"): return &configv1alpha1.AuditApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("AuthorizationConfig"): + return &configv1alpha1.AuthorizationConfigApplyConfiguration{} case v1alpha1.SchemeGroupVersion.WithKind("Backup"): return &configv1alpha1.BackupApplyConfiguration{} case v1alpha1.SchemeGroupVersion.WithKind("BackupSpec"): return &configv1alpha1.BackupSpecApplyConfiguration{} - case v1alpha1.SchemeGroupVersion.WithKind("ClusterImagePolicy"): - return &configv1alpha1.ClusterImagePolicyApplyConfiguration{} - case v1alpha1.SchemeGroupVersion.WithKind("ClusterImagePolicySpec"): - return &configv1alpha1.ClusterImagePolicySpecApplyConfiguration{} - case v1alpha1.SchemeGroupVersion.WithKind("ClusterImagePolicyStatus"): - return &configv1alpha1.ClusterImagePolicyStatusApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("BasicAuth"): + return &configv1alpha1.BasicAuthApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("CertificateConfig"): + return &configv1alpha1.CertificateConfigApplyConfiguration{} case v1alpha1.SchemeGroupVersion.WithKind("ClusterMonitoring"): return &configv1alpha1.ClusterMonitoringApplyConfiguration{} case v1alpha1.SchemeGroupVersion.WithKind("ClusterMonitoringSpec"): @@ -506,58 +508,98 @@ func ForKind(kind schema.GroupVersionKind) interface{} { return &configv1alpha1.CRIOCredentialProviderConfigSpecApplyConfiguration{} case v1alpha1.SchemeGroupVersion.WithKind("CRIOCredentialProviderConfigStatus"): return &configv1alpha1.CRIOCredentialProviderConfigStatusApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("CustomPKIPolicy"): + return &configv1alpha1.CustomPKIPolicyApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("DefaultCertificateConfig"): + return &configv1alpha1.DefaultCertificateConfigApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("DropEqualActionConfig"): + return &configv1alpha1.DropEqualActionConfigApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("ECDSAKeyConfig"): + return &configv1alpha1.ECDSAKeyConfigApplyConfiguration{} case v1alpha1.SchemeGroupVersion.WithKind("EtcdBackupSpec"): return &configv1alpha1.EtcdBackupSpecApplyConfiguration{} case v1alpha1.SchemeGroupVersion.WithKind("GatherConfig"): return &configv1alpha1.GatherConfigApplyConfiguration{} - case v1alpha1.SchemeGroupVersion.WithKind("ImagePolicy"): - return &configv1alpha1.ImagePolicyApplyConfiguration{} - case v1alpha1.SchemeGroupVersion.WithKind("ImagePolicyFulcioCAWithRekorRootOfTrust"): - return &configv1alpha1.ImagePolicyFulcioCAWithRekorRootOfTrustApplyConfiguration{} - case v1alpha1.SchemeGroupVersion.WithKind("ImagePolicyPKIRootOfTrust"): - return &configv1alpha1.ImagePolicyPKIRootOfTrustApplyConfiguration{} - case v1alpha1.SchemeGroupVersion.WithKind("ImagePolicyPublicKeyRootOfTrust"): - return &configv1alpha1.ImagePolicyPublicKeyRootOfTrustApplyConfiguration{} - case v1alpha1.SchemeGroupVersion.WithKind("ImagePolicySpec"): - return &configv1alpha1.ImagePolicySpecApplyConfiguration{} - case v1alpha1.SchemeGroupVersion.WithKind("ImagePolicyStatus"): - return &configv1alpha1.ImagePolicyStatusApplyConfiguration{} - case v1alpha1.SchemeGroupVersion.WithKind("ImageSigstoreVerificationPolicy"): - return &configv1alpha1.ImageSigstoreVerificationPolicyApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("HashModActionConfig"): + return &configv1alpha1.HashModActionConfigApplyConfiguration{} case v1alpha1.SchemeGroupVersion.WithKind("InsightsDataGather"): return &configv1alpha1.InsightsDataGatherApplyConfiguration{} case v1alpha1.SchemeGroupVersion.WithKind("InsightsDataGatherSpec"): return &configv1alpha1.InsightsDataGatherSpecApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("KeepEqualActionConfig"): + return &configv1alpha1.KeepEqualActionConfigApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("KeyConfig"): + return &configv1alpha1.KeyConfigApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("Label"): + return &configv1alpha1.LabelApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("LabelMapActionConfig"): + return &configv1alpha1.LabelMapActionConfigApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("LowercaseActionConfig"): + return &configv1alpha1.LowercaseActionConfigApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("MetadataConfig"): + return &configv1alpha1.MetadataConfigApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("MetadataConfigCustom"): + return &configv1alpha1.MetadataConfigCustomApplyConfiguration{} case v1alpha1.SchemeGroupVersion.WithKind("MetricsServerConfig"): return &configv1alpha1.MetricsServerConfigApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("OAuth2"): + return &configv1alpha1.OAuth2ApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("OAuth2EndpointParam"): + return &configv1alpha1.OAuth2EndpointParamApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("OpenShiftStateMetricsConfig"): + return &configv1alpha1.OpenShiftStateMetricsConfigApplyConfiguration{} case v1alpha1.SchemeGroupVersion.WithKind("PersistentVolumeClaimReference"): return &configv1alpha1.PersistentVolumeClaimReferenceApplyConfiguration{} case v1alpha1.SchemeGroupVersion.WithKind("PersistentVolumeConfig"): return &configv1alpha1.PersistentVolumeConfigApplyConfiguration{} - case v1alpha1.SchemeGroupVersion.WithKind("PKICertificateSubject"): - return &configv1alpha1.PKICertificateSubjectApplyConfiguration{} - case v1alpha1.SchemeGroupVersion.WithKind("PolicyFulcioSubject"): - return &configv1alpha1.PolicyFulcioSubjectApplyConfiguration{} - case v1alpha1.SchemeGroupVersion.WithKind("PolicyIdentity"): - return &configv1alpha1.PolicyIdentityApplyConfiguration{} - case v1alpha1.SchemeGroupVersion.WithKind("PolicyMatchExactRepository"): - return &configv1alpha1.PolicyMatchExactRepositoryApplyConfiguration{} - case v1alpha1.SchemeGroupVersion.WithKind("PolicyMatchRemapIdentity"): - return &configv1alpha1.PolicyMatchRemapIdentityApplyConfiguration{} - case v1alpha1.SchemeGroupVersion.WithKind("PolicyRootOfTrust"): - return &configv1alpha1.PolicyRootOfTrustApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("PKI"): + return &configv1alpha1.PKIApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("PKICertificateManagement"): + return &configv1alpha1.PKICertificateManagementApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("PKIProfile"): + return &configv1alpha1.PKIProfileApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("PKISpec"): + return &configv1alpha1.PKISpecApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("PrometheusConfig"): + return &configv1alpha1.PrometheusConfigApplyConfiguration{} case v1alpha1.SchemeGroupVersion.WithKind("PrometheusOperatorAdmissionWebhookConfig"): return &configv1alpha1.PrometheusOperatorAdmissionWebhookConfigApplyConfiguration{} case v1alpha1.SchemeGroupVersion.WithKind("PrometheusOperatorConfig"): return &configv1alpha1.PrometheusOperatorConfigApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("PrometheusRemoteWriteHeader"): + return &configv1alpha1.PrometheusRemoteWriteHeaderApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("QueueConfig"): + return &configv1alpha1.QueueConfigApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("RelabelActionConfig"): + return &configv1alpha1.RelabelActionConfigApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("RelabelConfig"): + return &configv1alpha1.RelabelConfigApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("RemoteWriteAuthorization"): + return &configv1alpha1.RemoteWriteAuthorizationApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("RemoteWriteSpec"): + return &configv1alpha1.RemoteWriteSpecApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("ReplaceActionConfig"): + return &configv1alpha1.ReplaceActionConfigApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("Retention"): + return &configv1alpha1.RetentionApplyConfiguration{} case v1alpha1.SchemeGroupVersion.WithKind("RetentionNumberConfig"): return &configv1alpha1.RetentionNumberConfigApplyConfiguration{} case v1alpha1.SchemeGroupVersion.WithKind("RetentionPolicy"): return &configv1alpha1.RetentionPolicyApplyConfiguration{} case v1alpha1.SchemeGroupVersion.WithKind("RetentionSizeConfig"): return &configv1alpha1.RetentionSizeConfigApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("RSAKeyConfig"): + return &configv1alpha1.RSAKeyConfigApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("SecretKeySelector"): + return &configv1alpha1.SecretKeySelectorApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("Sigv4"): + return &configv1alpha1.Sigv4ApplyConfiguration{} case v1alpha1.SchemeGroupVersion.WithKind("Storage"): return &configv1alpha1.StorageApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("TLSConfig"): + return &configv1alpha1.TLSConfigApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("UppercaseActionConfig"): + return &configv1alpha1.UppercaseActionConfigApplyConfiguration{} case v1alpha1.SchemeGroupVersion.WithKind("UserDefinedMonitoring"): return &configv1alpha1.UserDefinedMonitoringApplyConfiguration{} diff --git a/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1/clusterimagepolicy.go b/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1/clusterimagepolicy.go deleted file mode 100644 index 8391f7b40e..0000000000 --- a/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1/clusterimagepolicy.go +++ /dev/null @@ -1,58 +0,0 @@ -// Code generated by client-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - context "context" - - configv1alpha1 "github.com/openshift/api/config/v1alpha1" - applyconfigurationsconfigv1alpha1 "github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1" - scheme "github.com/openshift/client-go/config/clientset/versioned/scheme" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - types "k8s.io/apimachinery/pkg/types" - watch "k8s.io/apimachinery/pkg/watch" - gentype "k8s.io/client-go/gentype" -) - -// ClusterImagePoliciesGetter has a method to return a ClusterImagePolicyInterface. -// A group's client should implement this interface. -type ClusterImagePoliciesGetter interface { - ClusterImagePolicies() ClusterImagePolicyInterface -} - -// ClusterImagePolicyInterface has methods to work with ClusterImagePolicy resources. -type ClusterImagePolicyInterface interface { - Create(ctx context.Context, clusterImagePolicy *configv1alpha1.ClusterImagePolicy, opts v1.CreateOptions) (*configv1alpha1.ClusterImagePolicy, error) - Update(ctx context.Context, clusterImagePolicy *configv1alpha1.ClusterImagePolicy, opts v1.UpdateOptions) (*configv1alpha1.ClusterImagePolicy, error) - // Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). - UpdateStatus(ctx context.Context, clusterImagePolicy *configv1alpha1.ClusterImagePolicy, opts v1.UpdateOptions) (*configv1alpha1.ClusterImagePolicy, error) - Delete(ctx context.Context, name string, opts v1.DeleteOptions) error - DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error - Get(ctx context.Context, name string, opts v1.GetOptions) (*configv1alpha1.ClusterImagePolicy, error) - List(ctx context.Context, opts v1.ListOptions) (*configv1alpha1.ClusterImagePolicyList, error) - Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) - Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *configv1alpha1.ClusterImagePolicy, err error) - Apply(ctx context.Context, clusterImagePolicy *applyconfigurationsconfigv1alpha1.ClusterImagePolicyApplyConfiguration, opts v1.ApplyOptions) (result *configv1alpha1.ClusterImagePolicy, err error) - // Add a +genclient:noStatus comment above the type to avoid generating ApplyStatus(). - ApplyStatus(ctx context.Context, clusterImagePolicy *applyconfigurationsconfigv1alpha1.ClusterImagePolicyApplyConfiguration, opts v1.ApplyOptions) (result *configv1alpha1.ClusterImagePolicy, err error) - ClusterImagePolicyExpansion -} - -// clusterImagePolicies implements ClusterImagePolicyInterface -type clusterImagePolicies struct { - *gentype.ClientWithListAndApply[*configv1alpha1.ClusterImagePolicy, *configv1alpha1.ClusterImagePolicyList, *applyconfigurationsconfigv1alpha1.ClusterImagePolicyApplyConfiguration] -} - -// newClusterImagePolicies returns a ClusterImagePolicies -func newClusterImagePolicies(c *ConfigV1alpha1Client) *clusterImagePolicies { - return &clusterImagePolicies{ - gentype.NewClientWithListAndApply[*configv1alpha1.ClusterImagePolicy, *configv1alpha1.ClusterImagePolicyList, *applyconfigurationsconfigv1alpha1.ClusterImagePolicyApplyConfiguration]( - "clusterimagepolicies", - c.RESTClient(), - scheme.ParameterCodec, - "", - func() *configv1alpha1.ClusterImagePolicy { return &configv1alpha1.ClusterImagePolicy{} }, - func() *configv1alpha1.ClusterImagePolicyList { return &configv1alpha1.ClusterImagePolicyList{} }, - ), - } -} diff --git a/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1/config_client.go b/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1/config_client.go index 58cf671dc9..23ba9a19c0 100644 --- a/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1/config_client.go +++ b/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1/config_client.go @@ -14,10 +14,9 @@ type ConfigV1alpha1Interface interface { RESTClient() rest.Interface BackupsGetter CRIOCredentialProviderConfigsGetter - ClusterImagePoliciesGetter ClusterMonitoringsGetter - ImagePoliciesGetter InsightsDataGathersGetter + PKIsGetter } // ConfigV1alpha1Client is used to interact with features provided by the config.openshift.io group. @@ -33,22 +32,18 @@ func (c *ConfigV1alpha1Client) CRIOCredentialProviderConfigs() CRIOCredentialPro return newCRIOCredentialProviderConfigs(c) } -func (c *ConfigV1alpha1Client) ClusterImagePolicies() ClusterImagePolicyInterface { - return newClusterImagePolicies(c) -} - func (c *ConfigV1alpha1Client) ClusterMonitorings() ClusterMonitoringInterface { return newClusterMonitorings(c) } -func (c *ConfigV1alpha1Client) ImagePolicies(namespace string) ImagePolicyInterface { - return newImagePolicies(c, namespace) -} - func (c *ConfigV1alpha1Client) InsightsDataGathers() InsightsDataGatherInterface { return newInsightsDataGathers(c) } +func (c *ConfigV1alpha1Client) PKIs() PKIInterface { + return newPKIs(c) +} + // NewForConfig creates a new ConfigV1alpha1Client for the given config. // NewForConfig is equivalent to NewForConfigAndClient(c, httpClient), // where httpClient was generated with rest.HTTPClientFor(c). diff --git a/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1/fake/fake_clusterimagepolicy.go b/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1/fake/fake_clusterimagepolicy.go deleted file mode 100644 index 50d94e1a91..0000000000 --- a/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1/fake/fake_clusterimagepolicy.go +++ /dev/null @@ -1,37 +0,0 @@ -// Code generated by client-gen. DO NOT EDIT. - -package fake - -import ( - v1alpha1 "github.com/openshift/api/config/v1alpha1" - configv1alpha1 "github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1" - typedconfigv1alpha1 "github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1" - gentype "k8s.io/client-go/gentype" -) - -// fakeClusterImagePolicies implements ClusterImagePolicyInterface -type fakeClusterImagePolicies struct { - *gentype.FakeClientWithListAndApply[*v1alpha1.ClusterImagePolicy, *v1alpha1.ClusterImagePolicyList, *configv1alpha1.ClusterImagePolicyApplyConfiguration] - Fake *FakeConfigV1alpha1 -} - -func newFakeClusterImagePolicies(fake *FakeConfigV1alpha1) typedconfigv1alpha1.ClusterImagePolicyInterface { - return &fakeClusterImagePolicies{ - gentype.NewFakeClientWithListAndApply[*v1alpha1.ClusterImagePolicy, *v1alpha1.ClusterImagePolicyList, *configv1alpha1.ClusterImagePolicyApplyConfiguration]( - fake.Fake, - "", - v1alpha1.SchemeGroupVersion.WithResource("clusterimagepolicies"), - v1alpha1.SchemeGroupVersion.WithKind("ClusterImagePolicy"), - func() *v1alpha1.ClusterImagePolicy { return &v1alpha1.ClusterImagePolicy{} }, - func() *v1alpha1.ClusterImagePolicyList { return &v1alpha1.ClusterImagePolicyList{} }, - func(dst, src *v1alpha1.ClusterImagePolicyList) { dst.ListMeta = src.ListMeta }, - func(list *v1alpha1.ClusterImagePolicyList) []*v1alpha1.ClusterImagePolicy { - return gentype.ToPointerSlice(list.Items) - }, - func(list *v1alpha1.ClusterImagePolicyList, items []*v1alpha1.ClusterImagePolicy) { - list.Items = gentype.FromPointerSlice(items) - }, - ), - fake, - } -} diff --git a/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1/fake/fake_config_client.go b/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1/fake/fake_config_client.go index e807c23147..381179df9c 100644 --- a/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1/fake/fake_config_client.go +++ b/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1/fake/fake_config_client.go @@ -20,22 +20,18 @@ func (c *FakeConfigV1alpha1) CRIOCredentialProviderConfigs() v1alpha1.CRIOCreden return newFakeCRIOCredentialProviderConfigs(c) } -func (c *FakeConfigV1alpha1) ClusterImagePolicies() v1alpha1.ClusterImagePolicyInterface { - return newFakeClusterImagePolicies(c) -} - func (c *FakeConfigV1alpha1) ClusterMonitorings() v1alpha1.ClusterMonitoringInterface { return newFakeClusterMonitorings(c) } -func (c *FakeConfigV1alpha1) ImagePolicies(namespace string) v1alpha1.ImagePolicyInterface { - return newFakeImagePolicies(c, namespace) -} - func (c *FakeConfigV1alpha1) InsightsDataGathers() v1alpha1.InsightsDataGatherInterface { return newFakeInsightsDataGathers(c) } +func (c *FakeConfigV1alpha1) PKIs() v1alpha1.PKIInterface { + return newFakePKIs(c) +} + // RESTClient returns a RESTClient that is used to communicate // with API server by this client implementation. func (c *FakeConfigV1alpha1) RESTClient() rest.Interface { diff --git a/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1/fake/fake_imagepolicy.go b/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1/fake/fake_imagepolicy.go deleted file mode 100644 index 9bf6cb9c04..0000000000 --- a/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1/fake/fake_imagepolicy.go +++ /dev/null @@ -1,37 +0,0 @@ -// Code generated by client-gen. DO NOT EDIT. - -package fake - -import ( - v1alpha1 "github.com/openshift/api/config/v1alpha1" - configv1alpha1 "github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1" - typedconfigv1alpha1 "github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1" - gentype "k8s.io/client-go/gentype" -) - -// fakeImagePolicies implements ImagePolicyInterface -type fakeImagePolicies struct { - *gentype.FakeClientWithListAndApply[*v1alpha1.ImagePolicy, *v1alpha1.ImagePolicyList, *configv1alpha1.ImagePolicyApplyConfiguration] - Fake *FakeConfigV1alpha1 -} - -func newFakeImagePolicies(fake *FakeConfigV1alpha1, namespace string) typedconfigv1alpha1.ImagePolicyInterface { - return &fakeImagePolicies{ - gentype.NewFakeClientWithListAndApply[*v1alpha1.ImagePolicy, *v1alpha1.ImagePolicyList, *configv1alpha1.ImagePolicyApplyConfiguration]( - fake.Fake, - namespace, - v1alpha1.SchemeGroupVersion.WithResource("imagepolicies"), - v1alpha1.SchemeGroupVersion.WithKind("ImagePolicy"), - func() *v1alpha1.ImagePolicy { return &v1alpha1.ImagePolicy{} }, - func() *v1alpha1.ImagePolicyList { return &v1alpha1.ImagePolicyList{} }, - func(dst, src *v1alpha1.ImagePolicyList) { dst.ListMeta = src.ListMeta }, - func(list *v1alpha1.ImagePolicyList) []*v1alpha1.ImagePolicy { - return gentype.ToPointerSlice(list.Items) - }, - func(list *v1alpha1.ImagePolicyList, items []*v1alpha1.ImagePolicy) { - list.Items = gentype.FromPointerSlice(items) - }, - ), - fake, - } -} diff --git a/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1/fake/fake_pki.go b/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1/fake/fake_pki.go new file mode 100644 index 0000000000..7efcece94e --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1/fake/fake_pki.go @@ -0,0 +1,33 @@ +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + v1alpha1 "github.com/openshift/api/config/v1alpha1" + configv1alpha1 "github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1" + typedconfigv1alpha1 "github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1" + gentype "k8s.io/client-go/gentype" +) + +// fakePKIs implements PKIInterface +type fakePKIs struct { + *gentype.FakeClientWithListAndApply[*v1alpha1.PKI, *v1alpha1.PKIList, *configv1alpha1.PKIApplyConfiguration] + Fake *FakeConfigV1alpha1 +} + +func newFakePKIs(fake *FakeConfigV1alpha1) typedconfigv1alpha1.PKIInterface { + return &fakePKIs{ + gentype.NewFakeClientWithListAndApply[*v1alpha1.PKI, *v1alpha1.PKIList, *configv1alpha1.PKIApplyConfiguration]( + fake.Fake, + "", + v1alpha1.SchemeGroupVersion.WithResource("pkis"), + v1alpha1.SchemeGroupVersion.WithKind("PKI"), + func() *v1alpha1.PKI { return &v1alpha1.PKI{} }, + func() *v1alpha1.PKIList { return &v1alpha1.PKIList{} }, + func(dst, src *v1alpha1.PKIList) { dst.ListMeta = src.ListMeta }, + func(list *v1alpha1.PKIList) []*v1alpha1.PKI { return gentype.ToPointerSlice(list.Items) }, + func(list *v1alpha1.PKIList, items []*v1alpha1.PKI) { list.Items = gentype.FromPointerSlice(items) }, + ), + fake, + } +} diff --git a/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1/generated_expansion.go b/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1/generated_expansion.go index 9f530ae220..bc1f603194 100644 --- a/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1/generated_expansion.go +++ b/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1/generated_expansion.go @@ -6,10 +6,8 @@ type BackupExpansion interface{} type CRIOCredentialProviderConfigExpansion interface{} -type ClusterImagePolicyExpansion interface{} - type ClusterMonitoringExpansion interface{} -type ImagePolicyExpansion interface{} - type InsightsDataGatherExpansion interface{} + +type PKIExpansion interface{} diff --git a/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1/imagepolicy.go b/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1/imagepolicy.go deleted file mode 100644 index a893efeea7..0000000000 --- a/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1/imagepolicy.go +++ /dev/null @@ -1,58 +0,0 @@ -// Code generated by client-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - context "context" - - configv1alpha1 "github.com/openshift/api/config/v1alpha1" - applyconfigurationsconfigv1alpha1 "github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1" - scheme "github.com/openshift/client-go/config/clientset/versioned/scheme" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - types "k8s.io/apimachinery/pkg/types" - watch "k8s.io/apimachinery/pkg/watch" - gentype "k8s.io/client-go/gentype" -) - -// ImagePoliciesGetter has a method to return a ImagePolicyInterface. -// A group's client should implement this interface. -type ImagePoliciesGetter interface { - ImagePolicies(namespace string) ImagePolicyInterface -} - -// ImagePolicyInterface has methods to work with ImagePolicy resources. -type ImagePolicyInterface interface { - Create(ctx context.Context, imagePolicy *configv1alpha1.ImagePolicy, opts v1.CreateOptions) (*configv1alpha1.ImagePolicy, error) - Update(ctx context.Context, imagePolicy *configv1alpha1.ImagePolicy, opts v1.UpdateOptions) (*configv1alpha1.ImagePolicy, error) - // Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). - UpdateStatus(ctx context.Context, imagePolicy *configv1alpha1.ImagePolicy, opts v1.UpdateOptions) (*configv1alpha1.ImagePolicy, error) - Delete(ctx context.Context, name string, opts v1.DeleteOptions) error - DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error - Get(ctx context.Context, name string, opts v1.GetOptions) (*configv1alpha1.ImagePolicy, error) - List(ctx context.Context, opts v1.ListOptions) (*configv1alpha1.ImagePolicyList, error) - Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) - Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *configv1alpha1.ImagePolicy, err error) - Apply(ctx context.Context, imagePolicy *applyconfigurationsconfigv1alpha1.ImagePolicyApplyConfiguration, opts v1.ApplyOptions) (result *configv1alpha1.ImagePolicy, err error) - // Add a +genclient:noStatus comment above the type to avoid generating ApplyStatus(). - ApplyStatus(ctx context.Context, imagePolicy *applyconfigurationsconfigv1alpha1.ImagePolicyApplyConfiguration, opts v1.ApplyOptions) (result *configv1alpha1.ImagePolicy, err error) - ImagePolicyExpansion -} - -// imagePolicies implements ImagePolicyInterface -type imagePolicies struct { - *gentype.ClientWithListAndApply[*configv1alpha1.ImagePolicy, *configv1alpha1.ImagePolicyList, *applyconfigurationsconfigv1alpha1.ImagePolicyApplyConfiguration] -} - -// newImagePolicies returns a ImagePolicies -func newImagePolicies(c *ConfigV1alpha1Client, namespace string) *imagePolicies { - return &imagePolicies{ - gentype.NewClientWithListAndApply[*configv1alpha1.ImagePolicy, *configv1alpha1.ImagePolicyList, *applyconfigurationsconfigv1alpha1.ImagePolicyApplyConfiguration]( - "imagepolicies", - c.RESTClient(), - scheme.ParameterCodec, - namespace, - func() *configv1alpha1.ImagePolicy { return &configv1alpha1.ImagePolicy{} }, - func() *configv1alpha1.ImagePolicyList { return &configv1alpha1.ImagePolicyList{} }, - ), - } -} diff --git a/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1/pki.go b/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1/pki.go new file mode 100644 index 0000000000..ba099fcf10 --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1/pki.go @@ -0,0 +1,54 @@ +// Code generated by client-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + context "context" + + configv1alpha1 "github.com/openshift/api/config/v1alpha1" + applyconfigurationsconfigv1alpha1 "github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1" + scheme "github.com/openshift/client-go/config/clientset/versioned/scheme" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + gentype "k8s.io/client-go/gentype" +) + +// PKIsGetter has a method to return a PKIInterface. +// A group's client should implement this interface. +type PKIsGetter interface { + PKIs() PKIInterface +} + +// PKIInterface has methods to work with PKI resources. +type PKIInterface interface { + Create(ctx context.Context, pKI *configv1alpha1.PKI, opts v1.CreateOptions) (*configv1alpha1.PKI, error) + Update(ctx context.Context, pKI *configv1alpha1.PKI, opts v1.UpdateOptions) (*configv1alpha1.PKI, error) + Delete(ctx context.Context, name string, opts v1.DeleteOptions) error + DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error + Get(ctx context.Context, name string, opts v1.GetOptions) (*configv1alpha1.PKI, error) + List(ctx context.Context, opts v1.ListOptions) (*configv1alpha1.PKIList, error) + Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) + Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *configv1alpha1.PKI, err error) + Apply(ctx context.Context, pKI *applyconfigurationsconfigv1alpha1.PKIApplyConfiguration, opts v1.ApplyOptions) (result *configv1alpha1.PKI, err error) + PKIExpansion +} + +// pKIs implements PKIInterface +type pKIs struct { + *gentype.ClientWithListAndApply[*configv1alpha1.PKI, *configv1alpha1.PKIList, *applyconfigurationsconfigv1alpha1.PKIApplyConfiguration] +} + +// newPKIs returns a PKIs +func newPKIs(c *ConfigV1alpha1Client) *pKIs { + return &pKIs{ + gentype.NewClientWithListAndApply[*configv1alpha1.PKI, *configv1alpha1.PKIList, *applyconfigurationsconfigv1alpha1.PKIApplyConfiguration]( + "pkis", + c.RESTClient(), + scheme.ParameterCodec, + "", + func() *configv1alpha1.PKI { return &configv1alpha1.PKI{} }, + func() *configv1alpha1.PKIList { return &configv1alpha1.PKIList{} }, + ), + } +} diff --git a/vendor/github.com/openshift/client-go/config/informers/externalversions/config/v1alpha1/clusterimagepolicy.go b/vendor/github.com/openshift/client-go/config/informers/externalversions/config/v1alpha1/clusterimagepolicy.go deleted file mode 100644 index af5c3e27f1..0000000000 --- a/vendor/github.com/openshift/client-go/config/informers/externalversions/config/v1alpha1/clusterimagepolicy.go +++ /dev/null @@ -1,85 +0,0 @@ -// Code generated by informer-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - context "context" - time "time" - - apiconfigv1alpha1 "github.com/openshift/api/config/v1alpha1" - versioned "github.com/openshift/client-go/config/clientset/versioned" - internalinterfaces "github.com/openshift/client-go/config/informers/externalversions/internalinterfaces" - configv1alpha1 "github.com/openshift/client-go/config/listers/config/v1alpha1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - cache "k8s.io/client-go/tools/cache" -) - -// ClusterImagePolicyInformer provides access to a shared informer and lister for -// ClusterImagePolicies. -type ClusterImagePolicyInformer interface { - Informer() cache.SharedIndexInformer - Lister() configv1alpha1.ClusterImagePolicyLister -} - -type clusterImagePolicyInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// NewClusterImagePolicyInformer constructs a new informer for ClusterImagePolicy type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewClusterImagePolicyInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredClusterImagePolicyInformer(client, resyncPeriod, indexers, nil) -} - -// NewFilteredClusterImagePolicyInformer constructs a new informer for ClusterImagePolicy type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredClusterImagePolicyInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - cache.ToListWatcherWithWatchListSemantics(&cache.ListWatch{ - ListFunc: func(options v1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.ConfigV1alpha1().ClusterImagePolicies().List(context.Background(), options) - }, - WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.ConfigV1alpha1().ClusterImagePolicies().Watch(context.Background(), options) - }, - ListWithContextFunc: func(ctx context.Context, options v1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.ConfigV1alpha1().ClusterImagePolicies().List(ctx, options) - }, - WatchFuncWithContext: func(ctx context.Context, options v1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.ConfigV1alpha1().ClusterImagePolicies().Watch(ctx, options) - }, - }, client), - &apiconfigv1alpha1.ClusterImagePolicy{}, - resyncPeriod, - indexers, - ) -} - -func (f *clusterImagePolicyInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredClusterImagePolicyInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *clusterImagePolicyInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&apiconfigv1alpha1.ClusterImagePolicy{}, f.defaultInformer) -} - -func (f *clusterImagePolicyInformer) Lister() configv1alpha1.ClusterImagePolicyLister { - return configv1alpha1.NewClusterImagePolicyLister(f.Informer().GetIndexer()) -} diff --git a/vendor/github.com/openshift/client-go/config/informers/externalversions/config/v1alpha1/interface.go b/vendor/github.com/openshift/client-go/config/informers/externalversions/config/v1alpha1/interface.go index 10cc930b8c..17b0ebcc0b 100644 --- a/vendor/github.com/openshift/client-go/config/informers/externalversions/config/v1alpha1/interface.go +++ b/vendor/github.com/openshift/client-go/config/informers/externalversions/config/v1alpha1/interface.go @@ -12,14 +12,12 @@ type Interface interface { Backups() BackupInformer // CRIOCredentialProviderConfigs returns a CRIOCredentialProviderConfigInformer. CRIOCredentialProviderConfigs() CRIOCredentialProviderConfigInformer - // ClusterImagePolicies returns a ClusterImagePolicyInformer. - ClusterImagePolicies() ClusterImagePolicyInformer // ClusterMonitorings returns a ClusterMonitoringInformer. ClusterMonitorings() ClusterMonitoringInformer - // ImagePolicies returns a ImagePolicyInformer. - ImagePolicies() ImagePolicyInformer // InsightsDataGathers returns a InsightsDataGatherInformer. InsightsDataGathers() InsightsDataGatherInformer + // PKIs returns a PKIInformer. + PKIs() PKIInformer } type version struct { @@ -43,22 +41,17 @@ func (v *version) CRIOCredentialProviderConfigs() CRIOCredentialProviderConfigIn return &cRIOCredentialProviderConfigInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} } -// ClusterImagePolicies returns a ClusterImagePolicyInformer. -func (v *version) ClusterImagePolicies() ClusterImagePolicyInformer { - return &clusterImagePolicyInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} -} - // ClusterMonitorings returns a ClusterMonitoringInformer. func (v *version) ClusterMonitorings() ClusterMonitoringInformer { return &clusterMonitoringInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} } -// ImagePolicies returns a ImagePolicyInformer. -func (v *version) ImagePolicies() ImagePolicyInformer { - return &imagePolicyInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} -} - // InsightsDataGathers returns a InsightsDataGatherInformer. func (v *version) InsightsDataGathers() InsightsDataGatherInformer { return &insightsDataGatherInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} } + +// PKIs returns a PKIInformer. +func (v *version) PKIs() PKIInformer { + return &pKIInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} +} diff --git a/vendor/github.com/openshift/client-go/config/informers/externalversions/config/v1alpha1/imagepolicy.go b/vendor/github.com/openshift/client-go/config/informers/externalversions/config/v1alpha1/pki.go similarity index 51% rename from vendor/github.com/openshift/client-go/config/informers/externalversions/config/v1alpha1/imagepolicy.go rename to vendor/github.com/openshift/client-go/config/informers/externalversions/config/v1alpha1/pki.go index d56c1e834f..3613eec8c0 100644 --- a/vendor/github.com/openshift/client-go/config/informers/externalversions/config/v1alpha1/imagepolicy.go +++ b/vendor/github.com/openshift/client-go/config/informers/externalversions/config/v1alpha1/pki.go @@ -16,71 +16,70 @@ import ( cache "k8s.io/client-go/tools/cache" ) -// ImagePolicyInformer provides access to a shared informer and lister for -// ImagePolicies. -type ImagePolicyInformer interface { +// PKIInformer provides access to a shared informer and lister for +// PKIs. +type PKIInformer interface { Informer() cache.SharedIndexInformer - Lister() configv1alpha1.ImagePolicyLister + Lister() configv1alpha1.PKILister } -type imagePolicyInformer struct { +type pKIInformer struct { factory internalinterfaces.SharedInformerFactory tweakListOptions internalinterfaces.TweakListOptionsFunc - namespace string } -// NewImagePolicyInformer constructs a new informer for ImagePolicy type. +// NewPKIInformer constructs a new informer for PKI type. // Always prefer using an informer factory to get a shared informer instead of getting an independent // one. This reduces memory footprint and number of connections to the server. -func NewImagePolicyInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredImagePolicyInformer(client, namespace, resyncPeriod, indexers, nil) +func NewPKIInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { + return NewFilteredPKIInformer(client, resyncPeriod, indexers, nil) } -// NewFilteredImagePolicyInformer constructs a new informer for ImagePolicy type. +// NewFilteredPKIInformer constructs a new informer for PKI type. // Always prefer using an informer factory to get a shared informer instead of getting an independent // one. This reduces memory footprint and number of connections to the server. -func NewFilteredImagePolicyInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { +func NewFilteredPKIInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { return cache.NewSharedIndexInformer( cache.ToListWatcherWithWatchListSemantics(&cache.ListWatch{ ListFunc: func(options v1.ListOptions) (runtime.Object, error) { if tweakListOptions != nil { tweakListOptions(&options) } - return client.ConfigV1alpha1().ImagePolicies(namespace).List(context.Background(), options) + return client.ConfigV1alpha1().PKIs().List(context.Background(), options) }, WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { if tweakListOptions != nil { tweakListOptions(&options) } - return client.ConfigV1alpha1().ImagePolicies(namespace).Watch(context.Background(), options) + return client.ConfigV1alpha1().PKIs().Watch(context.Background(), options) }, ListWithContextFunc: func(ctx context.Context, options v1.ListOptions) (runtime.Object, error) { if tweakListOptions != nil { tweakListOptions(&options) } - return client.ConfigV1alpha1().ImagePolicies(namespace).List(ctx, options) + return client.ConfigV1alpha1().PKIs().List(ctx, options) }, WatchFuncWithContext: func(ctx context.Context, options v1.ListOptions) (watch.Interface, error) { if tweakListOptions != nil { tweakListOptions(&options) } - return client.ConfigV1alpha1().ImagePolicies(namespace).Watch(ctx, options) + return client.ConfigV1alpha1().PKIs().Watch(ctx, options) }, }, client), - &apiconfigv1alpha1.ImagePolicy{}, + &apiconfigv1alpha1.PKI{}, resyncPeriod, indexers, ) } -func (f *imagePolicyInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredImagePolicyInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) +func (f *pKIInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { + return NewFilteredPKIInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) } -func (f *imagePolicyInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&apiconfigv1alpha1.ImagePolicy{}, f.defaultInformer) +func (f *pKIInformer) Informer() cache.SharedIndexInformer { + return f.factory.InformerFor(&apiconfigv1alpha1.PKI{}, f.defaultInformer) } -func (f *imagePolicyInformer) Lister() configv1alpha1.ImagePolicyLister { - return configv1alpha1.NewImagePolicyLister(f.Informer().GetIndexer()) +func (f *pKIInformer) Lister() configv1alpha1.PKILister { + return configv1alpha1.NewPKILister(f.Informer().GetIndexer()) } diff --git a/vendor/github.com/openshift/client-go/config/informers/externalversions/generic.go b/vendor/github.com/openshift/client-go/config/informers/externalversions/generic.go index ca697748ae..4c00a13f17 100644 --- a/vendor/github.com/openshift/client-go/config/informers/externalversions/generic.go +++ b/vendor/github.com/openshift/client-go/config/informers/externalversions/generic.go @@ -93,14 +93,12 @@ func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource return &genericInformer{resource: resource.GroupResource(), informer: f.Config().V1alpha1().Backups().Informer()}, nil case v1alpha1.SchemeGroupVersion.WithResource("criocredentialproviderconfigs"): return &genericInformer{resource: resource.GroupResource(), informer: f.Config().V1alpha1().CRIOCredentialProviderConfigs().Informer()}, nil - case v1alpha1.SchemeGroupVersion.WithResource("clusterimagepolicies"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Config().V1alpha1().ClusterImagePolicies().Informer()}, nil case v1alpha1.SchemeGroupVersion.WithResource("clustermonitorings"): return &genericInformer{resource: resource.GroupResource(), informer: f.Config().V1alpha1().ClusterMonitorings().Informer()}, nil - case v1alpha1.SchemeGroupVersion.WithResource("imagepolicies"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Config().V1alpha1().ImagePolicies().Informer()}, nil case v1alpha1.SchemeGroupVersion.WithResource("insightsdatagathers"): return &genericInformer{resource: resource.GroupResource(), informer: f.Config().V1alpha1().InsightsDataGathers().Informer()}, nil + case v1alpha1.SchemeGroupVersion.WithResource("pkis"): + return &genericInformer{resource: resource.GroupResource(), informer: f.Config().V1alpha1().PKIs().Informer()}, nil // Group=config.openshift.io, Version=v1alpha2 case v1alpha2.SchemeGroupVersion.WithResource("insightsdatagathers"): diff --git a/vendor/github.com/openshift/client-go/config/listers/config/v1alpha1/clusterimagepolicy.go b/vendor/github.com/openshift/client-go/config/listers/config/v1alpha1/clusterimagepolicy.go deleted file mode 100644 index 0512d3682f..0000000000 --- a/vendor/github.com/openshift/client-go/config/listers/config/v1alpha1/clusterimagepolicy.go +++ /dev/null @@ -1,32 +0,0 @@ -// Code generated by lister-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - configv1alpha1 "github.com/openshift/api/config/v1alpha1" - labels "k8s.io/apimachinery/pkg/labels" - listers "k8s.io/client-go/listers" - cache "k8s.io/client-go/tools/cache" -) - -// ClusterImagePolicyLister helps list ClusterImagePolicies. -// All objects returned here must be treated as read-only. -type ClusterImagePolicyLister interface { - // List lists all ClusterImagePolicies in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*configv1alpha1.ClusterImagePolicy, err error) - // Get retrieves the ClusterImagePolicy from the index for a given name. - // Objects returned here must be treated as read-only. - Get(name string) (*configv1alpha1.ClusterImagePolicy, error) - ClusterImagePolicyListerExpansion -} - -// clusterImagePolicyLister implements the ClusterImagePolicyLister interface. -type clusterImagePolicyLister struct { - listers.ResourceIndexer[*configv1alpha1.ClusterImagePolicy] -} - -// NewClusterImagePolicyLister returns a new ClusterImagePolicyLister. -func NewClusterImagePolicyLister(indexer cache.Indexer) ClusterImagePolicyLister { - return &clusterImagePolicyLister{listers.New[*configv1alpha1.ClusterImagePolicy](indexer, configv1alpha1.Resource("clusterimagepolicy"))} -} diff --git a/vendor/github.com/openshift/client-go/config/listers/config/v1alpha1/expansion_generated.go b/vendor/github.com/openshift/client-go/config/listers/config/v1alpha1/expansion_generated.go index 75ba32823f..3baf74bc8b 100644 --- a/vendor/github.com/openshift/client-go/config/listers/config/v1alpha1/expansion_generated.go +++ b/vendor/github.com/openshift/client-go/config/listers/config/v1alpha1/expansion_generated.go @@ -10,22 +10,14 @@ type BackupListerExpansion interface{} // CRIOCredentialProviderConfigLister. type CRIOCredentialProviderConfigListerExpansion interface{} -// ClusterImagePolicyListerExpansion allows custom methods to be added to -// ClusterImagePolicyLister. -type ClusterImagePolicyListerExpansion interface{} - // ClusterMonitoringListerExpansion allows custom methods to be added to // ClusterMonitoringLister. type ClusterMonitoringListerExpansion interface{} -// ImagePolicyListerExpansion allows custom methods to be added to -// ImagePolicyLister. -type ImagePolicyListerExpansion interface{} - -// ImagePolicyNamespaceListerExpansion allows custom methods to be added to -// ImagePolicyNamespaceLister. -type ImagePolicyNamespaceListerExpansion interface{} - // InsightsDataGatherListerExpansion allows custom methods to be added to // InsightsDataGatherLister. type InsightsDataGatherListerExpansion interface{} + +// PKIListerExpansion allows custom methods to be added to +// PKILister. +type PKIListerExpansion interface{} diff --git a/vendor/github.com/openshift/client-go/config/listers/config/v1alpha1/imagepolicy.go b/vendor/github.com/openshift/client-go/config/listers/config/v1alpha1/imagepolicy.go deleted file mode 100644 index 7050c57718..0000000000 --- a/vendor/github.com/openshift/client-go/config/listers/config/v1alpha1/imagepolicy.go +++ /dev/null @@ -1,54 +0,0 @@ -// Code generated by lister-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - configv1alpha1 "github.com/openshift/api/config/v1alpha1" - labels "k8s.io/apimachinery/pkg/labels" - listers "k8s.io/client-go/listers" - cache "k8s.io/client-go/tools/cache" -) - -// ImagePolicyLister helps list ImagePolicies. -// All objects returned here must be treated as read-only. -type ImagePolicyLister interface { - // List lists all ImagePolicies in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*configv1alpha1.ImagePolicy, err error) - // ImagePolicies returns an object that can list and get ImagePolicies. - ImagePolicies(namespace string) ImagePolicyNamespaceLister - ImagePolicyListerExpansion -} - -// imagePolicyLister implements the ImagePolicyLister interface. -type imagePolicyLister struct { - listers.ResourceIndexer[*configv1alpha1.ImagePolicy] -} - -// NewImagePolicyLister returns a new ImagePolicyLister. -func NewImagePolicyLister(indexer cache.Indexer) ImagePolicyLister { - return &imagePolicyLister{listers.New[*configv1alpha1.ImagePolicy](indexer, configv1alpha1.Resource("imagepolicy"))} -} - -// ImagePolicies returns an object that can list and get ImagePolicies. -func (s *imagePolicyLister) ImagePolicies(namespace string) ImagePolicyNamespaceLister { - return imagePolicyNamespaceLister{listers.NewNamespaced[*configv1alpha1.ImagePolicy](s.ResourceIndexer, namespace)} -} - -// ImagePolicyNamespaceLister helps list and get ImagePolicies. -// All objects returned here must be treated as read-only. -type ImagePolicyNamespaceLister interface { - // List lists all ImagePolicies in the indexer for a given namespace. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*configv1alpha1.ImagePolicy, err error) - // Get retrieves the ImagePolicy from the indexer for a given namespace and name. - // Objects returned here must be treated as read-only. - Get(name string) (*configv1alpha1.ImagePolicy, error) - ImagePolicyNamespaceListerExpansion -} - -// imagePolicyNamespaceLister implements the ImagePolicyNamespaceLister -// interface. -type imagePolicyNamespaceLister struct { - listers.ResourceIndexer[*configv1alpha1.ImagePolicy] -} diff --git a/vendor/github.com/openshift/client-go/config/listers/config/v1alpha1/pki.go b/vendor/github.com/openshift/client-go/config/listers/config/v1alpha1/pki.go new file mode 100644 index 0000000000..8e644cfeb0 --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/listers/config/v1alpha1/pki.go @@ -0,0 +1,32 @@ +// Code generated by lister-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + configv1alpha1 "github.com/openshift/api/config/v1alpha1" + labels "k8s.io/apimachinery/pkg/labels" + listers "k8s.io/client-go/listers" + cache "k8s.io/client-go/tools/cache" +) + +// PKILister helps list PKIs. +// All objects returned here must be treated as read-only. +type PKILister interface { + // List lists all PKIs in the indexer. + // Objects returned here must be treated as read-only. + List(selector labels.Selector) (ret []*configv1alpha1.PKI, err error) + // Get retrieves the PKI from the index for a given name. + // Objects returned here must be treated as read-only. + Get(name string) (*configv1alpha1.PKI, error) + PKIListerExpansion +} + +// pKILister implements the PKILister interface. +type pKILister struct { + listers.ResourceIndexer[*configv1alpha1.PKI] +} + +// NewPKILister returns a new PKILister. +func NewPKILister(indexer cache.Indexer) PKILister { + return &pKILister{listers.New[*configv1alpha1.PKI](indexer, configv1alpha1.Resource("pki"))} +} diff --git a/vendor/github.com/openshift/client-go/machine/applyconfigurations/internal/internal.go b/vendor/github.com/openshift/client-go/machine/applyconfigurations/internal/internal.go index 3dd213be79..03faec6663 100644 --- a/vendor/github.com/openshift/client-go/machine/applyconfigurations/internal/internal.go +++ b/vendor/github.com/openshift/client-go/machine/applyconfigurations/internal/internal.go @@ -23,6 +23,259 @@ func Parser() *typed.Parser { var parserOnce sync.Once var parser *typed.Parser var schemaYAML = typed.YAMLObject(`types: +- name: Condition.v1.meta.apis.pkg.apimachinery.k8s.io + map: + fields: + - name: lastTransitionTime + type: + namedType: Time.v1.meta.apis.pkg.apimachinery.k8s.io + - name: message + type: + scalar: string + default: "" + - name: observedGeneration + type: + scalar: numeric + - name: reason + type: + scalar: string + default: "" + - name: status + type: + scalar: string + default: "" + - name: type + type: + scalar: string + default: "" +- name: Duration.v1.meta.apis.pkg.apimachinery.k8s.io + scalar: string +- name: FieldsV1.v1.meta.apis.pkg.apimachinery.k8s.io + map: + elementType: + scalar: untyped + list: + elementType: + namedType: __untyped_atomic_ + elementRelationship: atomic + map: + elementType: + namedType: __untyped_deduced_ + elementRelationship: separable +- name: IntOrString.intstr.util.pkg.apimachinery.k8s.io + scalar: untyped +- name: LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io + map: + fields: + - name: matchExpressions + type: + list: + elementType: + namedType: LabelSelectorRequirement.v1.meta.apis.pkg.apimachinery.k8s.io + elementRelationship: atomic + - name: matchLabels + type: + map: + elementType: + scalar: string + elementRelationship: atomic +- name: LabelSelectorRequirement.v1.meta.apis.pkg.apimachinery.k8s.io + map: + fields: + - name: key + type: + scalar: string + default: "" + - name: operator + type: + scalar: string + default: "" + - name: values + type: + list: + elementType: + scalar: string + elementRelationship: atomic +- name: ManagedFieldsEntry.v1.meta.apis.pkg.apimachinery.k8s.io + map: + fields: + - name: apiVersion + type: + scalar: string + - name: fieldsType + type: + scalar: string + - name: fieldsV1 + type: + namedType: FieldsV1.v1.meta.apis.pkg.apimachinery.k8s.io + - name: manager + type: + scalar: string + - name: operation + type: + scalar: string + - name: subresource + type: + scalar: string + - name: time + type: + namedType: Time.v1.meta.apis.pkg.apimachinery.k8s.io +- name: NodeAddress.v1.core.api.k8s.io + map: + fields: + - name: address + type: + scalar: string + default: "" + - name: type + type: + scalar: string + default: "" +- name: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io + map: + fields: + - name: annotations + type: + map: + elementType: + scalar: string + - name: creationTimestamp + type: + namedType: Time.v1.meta.apis.pkg.apimachinery.k8s.io + - name: deletionGracePeriodSeconds + type: + scalar: numeric + - name: deletionTimestamp + type: + namedType: Time.v1.meta.apis.pkg.apimachinery.k8s.io + - name: finalizers + type: + list: + elementType: + scalar: string + elementRelationship: associative + - name: generateName + type: + scalar: string + - name: generation + type: + scalar: numeric + - name: labels + type: + map: + elementType: + scalar: string + - name: managedFields + type: + list: + elementType: + namedType: ManagedFieldsEntry.v1.meta.apis.pkg.apimachinery.k8s.io + elementRelationship: atomic + - name: name + type: + scalar: string + - name: namespace + type: + scalar: string + - name: ownerReferences + type: + list: + elementType: + namedType: OwnerReference.v1.meta.apis.pkg.apimachinery.k8s.io + elementRelationship: associative + keys: + - uid + - name: resourceVersion + type: + scalar: string + - name: selfLink + type: + scalar: string + - name: uid + type: + scalar: string +- name: ObjectReference.v1.core.api.k8s.io + map: + fields: + - name: apiVersion + type: + scalar: string + - name: fieldPath + type: + scalar: string + - name: kind + type: + scalar: string + - name: name + type: + scalar: string + - name: namespace + type: + scalar: string + - name: resourceVersion + type: + scalar: string + - name: uid + type: + scalar: string + elementRelationship: atomic +- name: OwnerReference.v1.meta.apis.pkg.apimachinery.k8s.io + map: + fields: + - name: apiVersion + type: + scalar: string + default: "" + - name: blockOwnerDeletion + type: + scalar: boolean + - name: controller + type: + scalar: boolean + - name: kind + type: + scalar: string + default: "" + - name: name + type: + scalar: string + default: "" + - name: uid + type: + scalar: string + default: "" + elementRelationship: atomic +- name: RawExtension.runtime.pkg.apimachinery.k8s.io + map: + elementType: + scalar: untyped + list: + elementType: + namedType: __untyped_atomic_ + elementRelationship: atomic + map: + elementType: + namedType: __untyped_deduced_ + elementRelationship: separable +- name: Taint.v1.core.api.k8s.io + map: + fields: + - name: effect + type: + scalar: string + default: "" + - name: key + type: + scalar: string + default: "" + - name: timeAdded + type: + namedType: Time.v1.meta.apis.pkg.apimachinery.k8s.io + - name: value + type: + scalar: string +- name: Time.v1.meta.apis.pkg.apimachinery.k8s.io + scalar: untyped - name: com.github.openshift.api.machine.v1.AWSFailureDomain map: fields: @@ -102,7 +355,7 @@ var schemaYAML = typed.YAMLObject(`types: scalar: string - name: metadata type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io default: {} - name: spec type: @@ -123,7 +376,7 @@ var schemaYAML = typed.YAMLObject(`types: scalar: numeric - name: selector type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector + namedType: LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io default: {} - name: state type: @@ -144,7 +397,7 @@ var schemaYAML = typed.YAMLObject(`types: type: list: elementType: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Condition + namedType: Condition.v1.meta.apis.pkg.apimachinery.k8s.io elementRelationship: associative keys: - type @@ -319,7 +572,7 @@ var schemaYAML = typed.YAMLObject(`types: fields: - name: lastTransitionTime type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Time + namedType: Time.v1.meta.apis.pkg.apimachinery.k8s.io - name: message type: scalar: string @@ -345,7 +598,7 @@ var schemaYAML = typed.YAMLObject(`types: scalar: string - name: lastUpdated type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Time + namedType: Time.v1.meta.apis.pkg.apimachinery.k8s.io - name: state type: scalar: string @@ -393,7 +646,7 @@ var schemaYAML = typed.YAMLObject(`types: scalar: string - name: metadata type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io default: {} - name: spec type: @@ -414,7 +667,7 @@ var schemaYAML = typed.YAMLObject(`types: scalar: string - name: metadata type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io default: {} - name: spec type: @@ -429,16 +682,16 @@ var schemaYAML = typed.YAMLObject(`types: fields: - name: maxUnhealthy type: - namedType: io.k8s.apimachinery.pkg.util.intstr.IntOrString + namedType: IntOrString.intstr.util.pkg.apimachinery.k8s.io - name: nodeStartupTimeout type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Duration + namedType: Duration.v1.meta.apis.pkg.apimachinery.k8s.io - name: remediationTemplate type: - namedType: io.k8s.api.core.v1.ObjectReference + namedType: ObjectReference.v1.core.api.k8s.io - name: selector type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector + namedType: LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io default: {} - name: unhealthyConditions type: @@ -478,7 +731,7 @@ var schemaYAML = typed.YAMLObject(`types: scalar: string - name: metadata type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io default: {} - name: spec type: @@ -506,7 +759,7 @@ var schemaYAML = typed.YAMLObject(`types: scalar: numeric - name: selector type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector + namedType: LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io default: {} - name: template type: @@ -580,7 +833,7 @@ var schemaYAML = typed.YAMLObject(`types: type: list: elementType: - namedType: io.k8s.api.core.v1.Taint + namedType: Taint.v1.core.api.k8s.io elementRelationship: atomic - name: com.github.openshift.api.machine.v1beta1.MachineStatus map: @@ -589,7 +842,7 @@ var schemaYAML = typed.YAMLObject(`types: type: list: elementType: - namedType: io.k8s.api.core.v1.NodeAddress + namedType: NodeAddress.v1.core.api.k8s.io elementRelationship: atomic - name: authoritativeAPI type: @@ -613,16 +866,16 @@ var schemaYAML = typed.YAMLObject(`types: namedType: com.github.openshift.api.machine.v1beta1.LastOperation - name: lastUpdated type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Time + namedType: Time.v1.meta.apis.pkg.apimachinery.k8s.io - name: nodeRef type: - namedType: io.k8s.api.core.v1.ObjectReference + namedType: ObjectReference.v1.core.api.k8s.io - name: phase type: scalar: string - name: providerStatus type: - namedType: __untyped_atomic_ + namedType: RawExtension.runtime.pkg.apimachinery.k8s.io - name: synchronizedAPI type: scalar: string @@ -666,7 +919,7 @@ var schemaYAML = typed.YAMLObject(`types: type: list: elementType: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.OwnerReference + namedType: OwnerReference.v1.meta.apis.pkg.apimachinery.k8s.io elementRelationship: associative keys: - uid @@ -675,7 +928,7 @@ var schemaYAML = typed.YAMLObject(`types: fields: - name: value type: - namedType: __untyped_atomic_ + namedType: RawExtension.runtime.pkg.apimachinery.k8s.io - name: com.github.openshift.api.machine.v1beta1.UnhealthyCondition map: fields: @@ -685,264 +938,11 @@ var schemaYAML = typed.YAMLObject(`types: default: "" - name: timeout type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Duration + namedType: Duration.v1.meta.apis.pkg.apimachinery.k8s.io - name: type type: scalar: string default: "" -- name: io.k8s.api.core.v1.NodeAddress - map: - fields: - - name: address - type: - scalar: string - default: "" - - name: type - type: - scalar: string - default: "" -- name: io.k8s.api.core.v1.ObjectReference - map: - fields: - - name: apiVersion - type: - scalar: string - - name: fieldPath - type: - scalar: string - - name: kind - type: - scalar: string - - name: name - type: - scalar: string - - name: namespace - type: - scalar: string - - name: resourceVersion - type: - scalar: string - - name: uid - type: - scalar: string - elementRelationship: atomic -- name: io.k8s.api.core.v1.Taint - map: - fields: - - name: effect - type: - scalar: string - default: "" - - name: key - type: - scalar: string - default: "" - - name: timeAdded - type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Time - - name: value - type: - scalar: string -- name: io.k8s.apimachinery.pkg.apis.meta.v1.Condition - map: - fields: - - name: lastTransitionTime - type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Time - - name: message - type: - scalar: string - default: "" - - name: observedGeneration - type: - scalar: numeric - - name: reason - type: - scalar: string - default: "" - - name: status - type: - scalar: string - default: "" - - name: type - type: - scalar: string - default: "" -- name: io.k8s.apimachinery.pkg.apis.meta.v1.Duration - scalar: string -- name: io.k8s.apimachinery.pkg.apis.meta.v1.FieldsV1 - map: - elementType: - scalar: untyped - list: - elementType: - namedType: __untyped_atomic_ - elementRelationship: atomic - map: - elementType: - namedType: __untyped_deduced_ - elementRelationship: separable -- name: io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector - map: - fields: - - name: matchExpressions - type: - list: - elementType: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelectorRequirement - elementRelationship: atomic - - name: matchLabels - type: - map: - elementType: - scalar: string - elementRelationship: atomic -- name: io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelectorRequirement - map: - fields: - - name: key - type: - scalar: string - default: "" - - name: operator - type: - scalar: string - default: "" - - name: values - type: - list: - elementType: - scalar: string - elementRelationship: atomic -- name: io.k8s.apimachinery.pkg.apis.meta.v1.ManagedFieldsEntry - map: - fields: - - name: apiVersion - type: - scalar: string - - name: fieldsType - type: - scalar: string - - name: fieldsV1 - type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.FieldsV1 - - name: manager - type: - scalar: string - - name: operation - type: - scalar: string - - name: subresource - type: - scalar: string - - name: time - type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Time -- name: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta - map: - fields: - - name: annotations - type: - map: - elementType: - scalar: string - - name: creationTimestamp - type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Time - - name: deletionGracePeriodSeconds - type: - scalar: numeric - - name: deletionTimestamp - type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Time - - name: finalizers - type: - list: - elementType: - scalar: string - elementRelationship: associative - - name: generateName - type: - scalar: string - - name: generation - type: - scalar: numeric - - name: labels - type: - map: - elementType: - scalar: string - - name: managedFields - type: - list: - elementType: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ManagedFieldsEntry - elementRelationship: atomic - - name: name - type: - scalar: string - - name: namespace - type: - scalar: string - - name: ownerReferences - type: - list: - elementType: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.OwnerReference - elementRelationship: associative - keys: - - uid - - name: resourceVersion - type: - scalar: string - - name: selfLink - type: - scalar: string - - name: uid - type: - scalar: string -- name: io.k8s.apimachinery.pkg.apis.meta.v1.OwnerReference - map: - fields: - - name: apiVersion - type: - scalar: string - default: "" - - name: blockOwnerDeletion - type: - scalar: boolean - - name: controller - type: - scalar: boolean - - name: kind - type: - scalar: string - default: "" - - name: name - type: - scalar: string - default: "" - - name: uid - type: - scalar: string - default: "" - elementRelationship: atomic -- name: io.k8s.apimachinery.pkg.apis.meta.v1.Time - scalar: untyped -- name: io.k8s.apimachinery.pkg.runtime.RawExtension - map: - elementType: - scalar: untyped - list: - elementType: - namedType: __untyped_atomic_ - elementRelationship: atomic - map: - elementType: - namedType: __untyped_deduced_ - elementRelationship: separable -- name: io.k8s.apimachinery.pkg.util.intstr.IntOrString - scalar: untyped - name: __untyped_atomic_ scalar: untyped list: diff --git a/vendor/github.com/openshift/client-go/operator/applyconfigurations/internal/internal.go b/vendor/github.com/openshift/client-go/operator/applyconfigurations/internal/internal.go index 51ec76686f..3d7d6e73de 100644 --- a/vendor/github.com/openshift/client-go/operator/applyconfigurations/internal/internal.go +++ b/vendor/github.com/openshift/client-go/operator/applyconfigurations/internal/internal.go @@ -23,61 +23,63 @@ func Parser() *typed.Parser { var parserOnce sync.Once var parser *typed.Parser var schemaYAML = typed.YAMLObject(`types: -- name: com.github.openshift.api.config.v1.ConfigMapFileReference +- name: Condition.v1.meta.apis.pkg.apimachinery.k8s.io map: fields: - - name: key + - name: lastTransitionTime + type: + namedType: Time.v1.meta.apis.pkg.apimachinery.k8s.io + - name: message type: scalar: string - - name: name + default: "" + - name: observedGeneration + type: + scalar: numeric + - name: reason type: scalar: string default: "" -- name: com.github.openshift.api.config.v1.ConfigMapNameReference - map: - fields: - - name: name + - name: status type: scalar: string default: "" -- name: com.github.openshift.api.config.v1.CustomTLSProfile + - name: type + type: + scalar: string + default: "" +- name: Duration.v1.meta.apis.pkg.apimachinery.k8s.io + scalar: string +- name: FieldSelectorAttributes.v1.authorization.api.k8s.io map: fields: - - name: ciphers + - name: rawSelector + type: + scalar: string + - name: requirements type: list: elementType: - scalar: string + namedType: FieldSelectorRequirement.v1.meta.apis.pkg.apimachinery.k8s.io elementRelationship: atomic - - name: minTLSVersion +- name: FieldSelectorRequirement.v1.meta.apis.pkg.apimachinery.k8s.io + map: + fields: + - name: key type: scalar: string default: "" -- name: com.github.openshift.api.config.v1.IntermediateTLSProfile - map: - elementType: - scalar: untyped - list: - elementType: - namedType: __untyped_atomic_ - elementRelationship: atomic - map: - elementType: - namedType: __untyped_deduced_ - elementRelationship: separable -- name: com.github.openshift.api.config.v1.ModernTLSProfile - map: - elementType: - scalar: untyped - list: - elementType: - namedType: __untyped_atomic_ - elementRelationship: atomic - map: - elementType: - namedType: __untyped_deduced_ - elementRelationship: separable -- name: com.github.openshift.api.config.v1.OldTLSProfile + - name: operator + type: + scalar: string + default: "" + - name: values + type: + list: + elementType: + scalar: string + elementRelationship: atomic +- name: FieldsV1.v1.meta.apis.pkg.apimachinery.k8s.io map: elementType: scalar: untyped @@ -89,1196 +91,500 @@ var schemaYAML = typed.YAMLObject(`types: elementType: namedType: __untyped_deduced_ elementRelationship: separable -- name: com.github.openshift.api.config.v1.SecretNameReference - map: - fields: - - name: name - type: - scalar: string - default: "" -- name: com.github.openshift.api.config.v1.TLSProfileSpec +- name: LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io map: fields: - - name: ciphers + - name: matchExpressions type: list: elementType: - scalar: string + namedType: LabelSelectorRequirement.v1.meta.apis.pkg.apimachinery.k8s.io elementRelationship: atomic - - name: minTLSVersion + - name: matchLabels type: - scalar: string - default: "" -- name: com.github.openshift.api.config.v1.TLSSecurityProfile + map: + elementType: + scalar: string + elementRelationship: atomic +- name: LabelSelectorAttributes.v1.authorization.api.k8s.io map: fields: - - name: custom - type: - namedType: com.github.openshift.api.config.v1.CustomTLSProfile - - name: intermediate - type: - namedType: com.github.openshift.api.config.v1.IntermediateTLSProfile - - name: modern - type: - namedType: com.github.openshift.api.config.v1.ModernTLSProfile - - name: old - type: - namedType: com.github.openshift.api.config.v1.OldTLSProfile - - name: type + - name: rawSelector type: scalar: string - default: "" - unions: - - discriminator: type - fields: - - fieldName: custom - discriminatorValue: Custom - - fieldName: intermediate - discriminatorValue: Intermediate - - fieldName: modern - discriminatorValue: Modern - - fieldName: old - discriminatorValue: Old -- name: com.github.openshift.api.operator.v1.AWSCSIDriverConfigSpec + - name: requirements + type: + list: + elementType: + namedType: LabelSelectorRequirement.v1.meta.apis.pkg.apimachinery.k8s.io + elementRelationship: atomic +- name: LabelSelectorRequirement.v1.meta.apis.pkg.apimachinery.k8s.io map: fields: - - name: efsVolumeMetrics - type: - namedType: com.github.openshift.api.operator.v1.AWSEFSVolumeMetrics - - name: kmsKeyARN + - name: key type: scalar: string -- name: com.github.openshift.api.operator.v1.AWSClassicLoadBalancerParameters - map: - fields: - - name: connectionIdleTimeout + default: "" + - name: operator type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Duration - - name: subnets + scalar: string + default: "" + - name: values type: - namedType: com.github.openshift.api.operator.v1.AWSSubnets -- name: com.github.openshift.api.operator.v1.AWSEFSVolumeMetrics + list: + elementType: + scalar: string + elementRelationship: atomic +- name: LocalObjectReference.v1.core.api.k8s.io map: fields: - - name: recursiveWalk - type: - namedType: com.github.openshift.api.operator.v1.AWSEFSVolumeMetricsRecursiveWalkConfig - - name: state + - name: name type: scalar: string default: "" - unions: - - discriminator: state - fields: - - fieldName: recursiveWalk - discriminatorValue: RecursiveWalk -- name: com.github.openshift.api.operator.v1.AWSEFSVolumeMetricsRecursiveWalkConfig + elementRelationship: atomic +- name: ManagedFieldsEntry.v1.meta.apis.pkg.apimachinery.k8s.io map: fields: - - name: fsRateLimit + - name: apiVersion type: - scalar: numeric - - name: refreshPeriodMinutes + scalar: string + - name: fieldsType type: - scalar: numeric -- name: com.github.openshift.api.operator.v1.AWSLoadBalancerParameters - map: - fields: - - name: classicLoadBalancer + scalar: string + - name: fieldsV1 type: - namedType: com.github.openshift.api.operator.v1.AWSClassicLoadBalancerParameters - - name: networkLoadBalancer + namedType: FieldsV1.v1.meta.apis.pkg.apimachinery.k8s.io + - name: manager type: - namedType: com.github.openshift.api.operator.v1.AWSNetworkLoadBalancerParameters - - name: type + scalar: string + - name: operation type: scalar: string - default: "" - unions: - - discriminator: type - fields: - - fieldName: classicLoadBalancer - discriminatorValue: ClassicLoadBalancerParameters - - fieldName: networkLoadBalancer - discriminatorValue: NetworkLoadBalancerParameters -- name: com.github.openshift.api.operator.v1.AWSNetworkLoadBalancerParameters + - name: subresource + type: + scalar: string + - name: time + type: + namedType: Time.v1.meta.apis.pkg.apimachinery.k8s.io +- name: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io map: fields: - - name: eipAllocations + - name: annotations type: - list: + map: elementType: scalar: string - elementRelationship: atomic - - name: subnets + - name: creationTimestamp type: - namedType: com.github.openshift.api.operator.v1.AWSSubnets -- name: com.github.openshift.api.operator.v1.AWSSubnets - map: - fields: - - name: ids + namedType: Time.v1.meta.apis.pkg.apimachinery.k8s.io + - name: deletionGracePeriodSeconds + type: + scalar: numeric + - name: deletionTimestamp + type: + namedType: Time.v1.meta.apis.pkg.apimachinery.k8s.io + - name: finalizers type: list: elementType: scalar: string - elementRelationship: atomic - - name: names + elementRelationship: associative + - name: generateName type: - list: + scalar: string + - name: generation + type: + scalar: numeric + - name: labels + type: + map: elementType: scalar: string - elementRelationship: atomic -- name: com.github.openshift.api.operator.v1.AccessLogging - map: - fields: - - name: destination - type: - namedType: com.github.openshift.api.operator.v1.LoggingDestination - default: {} - - name: httpCaptureCookies + - name: managedFields type: list: elementType: - namedType: com.github.openshift.api.operator.v1.IngressControllerCaptureHTTPCookie + namedType: ManagedFieldsEntry.v1.meta.apis.pkg.apimachinery.k8s.io elementRelationship: atomic - - name: httpCaptureHeaders - type: - namedType: com.github.openshift.api.operator.v1.IngressControllerCaptureHTTPHeaders - default: {} - - name: httpLogFormat + - name: name type: scalar: string - - name: logEmptyRequests + - name: namespace type: scalar: string -- name: com.github.openshift.api.operator.v1.AddPage - map: - fields: - - name: disabledActions + - name: ownerReferences type: list: elementType: - scalar: string - elementRelationship: atomic -- name: com.github.openshift.api.operator.v1.AdditionalNetworkDefinition - map: - fields: - - name: name + namedType: OwnerReference.v1.meta.apis.pkg.apimachinery.k8s.io + elementRelationship: associative + keys: + - uid + - name: resourceVersion type: scalar: string - default: "" - - name: namespace + - name: selfLink type: scalar: string - - name: rawCNIConfig + - name: uid type: scalar: string - - name: simpleMacvlanConfig - type: - namedType: com.github.openshift.api.operator.v1.SimpleMacvlanConfig - - name: type - type: - scalar: string - default: "" -- name: com.github.openshift.api.operator.v1.AdditionalRoutingCapabilities - map: - fields: - - name: providers - type: - list: - elementType: - scalar: string - elementRelationship: atomic -- name: com.github.openshift.api.operator.v1.Authentication +- name: OwnerReference.v1.meta.apis.pkg.apimachinery.k8s.io map: fields: - name: apiVersion type: scalar: string - - name: kind - type: - scalar: string - - name: metadata - type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta - default: {} - - name: spec + default: "" + - name: blockOwnerDeletion type: - namedType: com.github.openshift.api.operator.v1.AuthenticationSpec - default: {} - - name: status + scalar: boolean + - name: controller type: - namedType: com.github.openshift.api.operator.v1.AuthenticationStatus - default: {} -- name: com.github.openshift.api.operator.v1.AuthenticationSpec - map: - fields: - - name: logLevel + scalar: boolean + - name: kind type: scalar: string - - name: managementState + default: "" + - name: name type: scalar: string default: "" - - name: observedConfig - type: - namedType: __untyped_atomic_ - - name: operatorLogLevel + - name: uid type: scalar: string - - name: unsupportedConfigOverrides - type: - namedType: __untyped_atomic_ -- name: com.github.openshift.api.operator.v1.AuthenticationStatus + default: "" + elementRelationship: atomic +- name: RawExtension.runtime.pkg.apimachinery.k8s.io + map: + elementType: + scalar: untyped + list: + elementType: + namedType: __untyped_atomic_ + elementRelationship: atomic + map: + elementType: + namedType: __untyped_deduced_ + elementRelationship: separable +- name: ResourceAttributes.v1.authorization.api.k8s.io map: fields: - - name: conditions - type: - list: - elementType: - namedType: com.github.openshift.api.operator.v1.OperatorCondition - elementRelationship: associative - keys: - - type - - name: generations - type: - list: - elementType: - namedType: com.github.openshift.api.operator.v1.GenerationStatus - elementRelationship: associative - keys: - - group - - resource - - namespace - - name - - name: latestAvailableRevision - type: - scalar: numeric - - name: oauthAPIServer - type: - namedType: com.github.openshift.api.operator.v1.OAuthAPIServerStatus - default: {} - - name: observedGeneration - type: - scalar: numeric - - name: readyReplicas + - name: fieldSelector type: - scalar: numeric - default: 0 - - name: version + namedType: FieldSelectorAttributes.v1.authorization.api.k8s.io + - name: group type: scalar: string -- name: com.github.openshift.api.operator.v1.AzureCSIDriverConfigSpec - map: - fields: - - name: diskEncryptionSet + - name: labelSelector type: - namedType: com.github.openshift.api.operator.v1.AzureDiskEncryptionSet -- name: com.github.openshift.api.operator.v1.AzureDiskEncryptionSet - map: - fields: + namedType: LabelSelectorAttributes.v1.authorization.api.k8s.io - name: name type: scalar: string - default: "" - - name: resourceGroup + - name: namespace type: scalar: string - default: "" - - name: subscriptionID + - name: resource type: scalar: string - default: "" -- name: com.github.openshift.api.operator.v1.BootImageSkewEnforcementConfig - map: - fields: - - name: manual - type: - namedType: com.github.openshift.api.operator.v1.ClusterBootImageManual - default: {} - - name: mode + - name: subresource type: scalar: string - unions: - - discriminator: mode - fields: - - fieldName: manual - discriminatorValue: Manual -- name: com.github.openshift.api.operator.v1.BootImageSkewEnforcementStatus - map: - fields: - - name: automatic - type: - namedType: com.github.openshift.api.operator.v1.ClusterBootImageAutomatic - default: {} - - name: manual - type: - namedType: com.github.openshift.api.operator.v1.ClusterBootImageManual - default: {} - - name: mode + - name: verb type: scalar: string - unions: - - discriminator: mode - fields: - - fieldName: automatic - discriminatorValue: Automatic - - fieldName: manual - discriminatorValue: Manual -- name: com.github.openshift.api.operator.v1.CSIDriverConfigSpec - map: - fields: - - name: aws - type: - namedType: com.github.openshift.api.operator.v1.AWSCSIDriverConfigSpec - - name: azure - type: - namedType: com.github.openshift.api.operator.v1.AzureCSIDriverConfigSpec - - name: driverType + - name: version type: scalar: string - default: "" - - name: gcp - type: - namedType: com.github.openshift.api.operator.v1.GCPCSIDriverConfigSpec - - name: ibmcloud - type: - namedType: com.github.openshift.api.operator.v1.IBMCloudCSIDriverConfigSpec - - name: vSphere - type: - namedType: com.github.openshift.api.operator.v1.VSphereCSIDriverConfigSpec - unions: - - discriminator: driverType - fields: - - fieldName: aws - discriminatorValue: AWS - - fieldName: azure - discriminatorValue: Azure - - fieldName: gcp - discriminatorValue: GCP - - fieldName: ibmcloud - discriminatorValue: IBMCloud - - fieldName: vSphere - discriminatorValue: VSphere -- name: com.github.openshift.api.operator.v1.CSISnapshotController +- name: Time.v1.meta.apis.pkg.apimachinery.k8s.io + scalar: untyped +- name: Toleration.v1.core.api.k8s.io map: fields: - - name: apiVersion + - name: effect type: scalar: string - - name: kind + - name: key type: scalar: string - - name: metadata + - name: operator type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta - default: {} - - name: spec + scalar: string + - name: tolerationSeconds type: - namedType: com.github.openshift.api.operator.v1.CSISnapshotControllerSpec - default: {} - - name: status + scalar: numeric + - name: value type: - namedType: com.github.openshift.api.operator.v1.CSISnapshotControllerStatus - default: {} -- name: com.github.openshift.api.operator.v1.CSISnapshotControllerSpec + scalar: string +- name: com.github.openshift.api.config.v1.ConfigMapFileReference map: fields: - - name: logLevel + - name: key type: scalar: string - - name: managementState + - name: name type: scalar: string default: "" - - name: observedConfig - type: - namedType: __untyped_atomic_ - - name: operatorLogLevel +- name: com.github.openshift.api.config.v1.ConfigMapNameReference + map: + fields: + - name: name type: scalar: string - - name: unsupportedConfigOverrides - type: - namedType: __untyped_atomic_ -- name: com.github.openshift.api.operator.v1.CSISnapshotControllerStatus + default: "" +- name: com.github.openshift.api.config.v1.CustomTLSProfile map: fields: - - name: conditions - type: - list: - elementType: - namedType: com.github.openshift.api.operator.v1.OperatorCondition - elementRelationship: associative - keys: - - type - - name: generations + - name: ciphers type: list: elementType: - namedType: com.github.openshift.api.operator.v1.GenerationStatus - elementRelationship: associative - keys: - - group - - resource - - namespace - - name - - name: latestAvailableRevision - type: - scalar: numeric - - name: observedGeneration - type: - scalar: numeric - - name: readyReplicas - type: - scalar: numeric - default: 0 - - name: version - type: - scalar: string -- name: com.github.openshift.api.operator.v1.Capability - map: - fields: - - name: name + scalar: string + elementRelationship: atomic + - name: minTLSVersion type: scalar: string default: "" - - name: visibility - type: - namedType: com.github.openshift.api.operator.v1.CapabilityVisibility - default: {} -- name: com.github.openshift.api.operator.v1.CapabilityVisibility - map: - fields: - - name: state - type: - scalar: string - default: "" - unions: - - discriminator: state -- name: com.github.openshift.api.operator.v1.ClientTLS - map: - fields: - - name: allowedSubjectPatterns - type: - list: - elementType: - scalar: string - elementRelationship: atomic - - name: clientCA - type: - namedType: com.github.openshift.api.config.v1.ConfigMapNameReference - default: {} - - name: clientCertificatePolicy - type: - scalar: string - default: "" -- name: com.github.openshift.api.operator.v1.CloudCredential - map: - fields: - - name: apiVersion - type: - scalar: string - - name: kind - type: - scalar: string - - name: metadata - type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta - default: {} - - name: spec - type: - namedType: com.github.openshift.api.operator.v1.CloudCredentialSpec - default: {} - - name: status - type: - namedType: com.github.openshift.api.operator.v1.CloudCredentialStatus - default: {} -- name: com.github.openshift.api.operator.v1.CloudCredentialSpec - map: - fields: - - name: credentialsMode - type: - scalar: string - - name: logLevel - type: - scalar: string - - name: managementState - type: - scalar: string - default: "" - - name: observedConfig - type: - namedType: __untyped_atomic_ - - name: operatorLogLevel - type: - scalar: string - - name: unsupportedConfigOverrides - type: - namedType: __untyped_atomic_ -- name: com.github.openshift.api.operator.v1.CloudCredentialStatus - map: - fields: - - name: conditions - type: - list: - elementType: - namedType: com.github.openshift.api.operator.v1.OperatorCondition - elementRelationship: associative - keys: - - type - - name: generations - type: - list: - elementType: - namedType: com.github.openshift.api.operator.v1.GenerationStatus - elementRelationship: associative - keys: - - group - - resource - - namespace - - name - - name: latestAvailableRevision - type: - scalar: numeric - - name: observedGeneration - type: - scalar: numeric - - name: readyReplicas - type: - scalar: numeric - default: 0 - - name: version - type: - scalar: string -- name: com.github.openshift.api.operator.v1.ClusterBootImageAutomatic - map: - fields: - - name: ocpVersion - type: - scalar: string - - name: rhcosVersion - type: - scalar: string -- name: com.github.openshift.api.operator.v1.ClusterBootImageManual - map: - fields: - - name: mode - type: - scalar: string - - name: ocpVersion - type: - scalar: string - - name: rhcosVersion - type: - scalar: string - unions: - - discriminator: mode - fields: - - fieldName: ocpVersion - discriminatorValue: OCPVersion - - fieldName: rhcosVersion - discriminatorValue: RHCOSVersion -- name: com.github.openshift.api.operator.v1.ClusterCSIDriver - map: - fields: - - name: apiVersion - type: - scalar: string - - name: kind - type: - scalar: string - - name: metadata - type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta - default: {} - - name: spec - type: - namedType: com.github.openshift.api.operator.v1.ClusterCSIDriverSpec - default: {} - - name: status - type: - namedType: com.github.openshift.api.operator.v1.ClusterCSIDriverStatus - default: {} -- name: com.github.openshift.api.operator.v1.ClusterCSIDriverSpec - map: - fields: - - name: driverConfig - type: - namedType: com.github.openshift.api.operator.v1.CSIDriverConfigSpec - default: {} - - name: logLevel - type: - scalar: string - - name: managementState - type: - scalar: string - default: "" - - name: observedConfig - type: - namedType: __untyped_atomic_ - - name: operatorLogLevel - type: - scalar: string - - name: storageClassState - type: - scalar: string - - name: unsupportedConfigOverrides - type: - namedType: __untyped_atomic_ -- name: com.github.openshift.api.operator.v1.ClusterCSIDriverStatus - map: - fields: - - name: conditions - type: - list: - elementType: - namedType: com.github.openshift.api.operator.v1.OperatorCondition - elementRelationship: associative - keys: - - type - - name: generations - type: - list: - elementType: - namedType: com.github.openshift.api.operator.v1.GenerationStatus - elementRelationship: associative - keys: - - group - - resource - - namespace - - name - - name: latestAvailableRevision - type: - scalar: numeric - - name: observedGeneration - type: - scalar: numeric - - name: readyReplicas - type: - scalar: numeric - default: 0 - - name: version - type: - scalar: string -- name: com.github.openshift.api.operator.v1.ClusterNetworkEntry - map: - fields: - - name: cidr - type: - scalar: string - default: "" - - name: hostPrefix - type: - scalar: numeric -- name: com.github.openshift.api.operator.v1.Config - map: - fields: - - name: apiVersion - type: - scalar: string - - name: kind - type: - scalar: string - - name: metadata - type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta - default: {} - - name: spec - type: - namedType: com.github.openshift.api.operator.v1.ConfigSpec - default: {} - - name: status - type: - namedType: com.github.openshift.api.operator.v1.ConfigStatus - default: {} -- name: com.github.openshift.api.operator.v1.ConfigMapFileReference - map: - fields: - - name: key - type: - scalar: string - default: "" - - name: name - type: - scalar: string - default: "" -- name: com.github.openshift.api.operator.v1.ConfigSpec - map: - fields: - - name: logLevel - type: - scalar: string - - name: managementState - type: - scalar: string - default: "" - - name: observedConfig - type: - namedType: __untyped_atomic_ - - name: operatorLogLevel - type: - scalar: string - - name: unsupportedConfigOverrides - type: - namedType: __untyped_atomic_ -- name: com.github.openshift.api.operator.v1.ConfigStatus - map: - fields: - - name: conditions - type: - list: - elementType: - namedType: com.github.openshift.api.operator.v1.OperatorCondition - elementRelationship: associative - keys: - - type - - name: generations - type: - list: - elementType: - namedType: com.github.openshift.api.operator.v1.GenerationStatus - elementRelationship: associative - keys: - - group - - resource - - namespace - - name - - name: latestAvailableRevision - type: - scalar: numeric - - name: observedGeneration - type: - scalar: numeric - - name: readyReplicas - type: - scalar: numeric - default: 0 - - name: version - type: - scalar: string -- name: com.github.openshift.api.operator.v1.Console - map: - fields: - - name: apiVersion - type: - scalar: string - - name: kind - type: - scalar: string - - name: metadata - type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta - default: {} - - name: spec - type: - namedType: com.github.openshift.api.operator.v1.ConsoleSpec - default: {} - - name: status - type: - namedType: com.github.openshift.api.operator.v1.ConsoleStatus - default: {} -- name: com.github.openshift.api.operator.v1.ConsoleConfigRoute - map: - fields: - - name: hostname - type: - scalar: string - default: "" - - name: secret - type: - namedType: com.github.openshift.api.config.v1.SecretNameReference - default: {} -- name: com.github.openshift.api.operator.v1.ConsoleCustomization - map: - fields: - - name: addPage - type: - namedType: com.github.openshift.api.operator.v1.AddPage - default: {} - - name: brand - type: - scalar: string - - name: capabilities - type: - list: - elementType: - namedType: com.github.openshift.api.operator.v1.Capability - elementRelationship: associative - keys: - - name - - name: customLogoFile - type: - namedType: com.github.openshift.api.config.v1.ConfigMapFileReference - default: {} - - name: customProductName - type: - scalar: string - - name: developerCatalog - type: - namedType: com.github.openshift.api.operator.v1.DeveloperConsoleCatalogCustomization - default: {} - - name: documentationBaseURL - type: - scalar: string - - name: logos - type: - list: - elementType: - namedType: com.github.openshift.api.operator.v1.Logo - elementRelationship: associative - keys: - - type - - name: perspectives - type: - list: - elementType: - namedType: com.github.openshift.api.operator.v1.Perspective - elementRelationship: associative - keys: - - id - - name: projectAccess - type: - namedType: com.github.openshift.api.operator.v1.ProjectAccess - default: {} - - name: quickStarts - type: - namedType: com.github.openshift.api.operator.v1.QuickStarts - default: {} -- name: com.github.openshift.api.operator.v1.ConsoleProviders - map: - fields: - - name: statuspage - type: - namedType: com.github.openshift.api.operator.v1.StatuspageProvider -- name: com.github.openshift.api.operator.v1.ConsoleSpec +- name: com.github.openshift.api.config.v1.IntermediateTLSProfile map: - fields: - - name: customization - type: - namedType: com.github.openshift.api.operator.v1.ConsoleCustomization - default: {} - - name: ingress - type: - namedType: com.github.openshift.api.operator.v1.Ingress - default: {} - - name: logLevel - type: - scalar: string - - name: managementState - type: - scalar: string - default: "" - - name: observedConfig - type: - namedType: __untyped_atomic_ - - name: operatorLogLevel - type: - scalar: string - - name: plugins - type: - list: - elementType: - scalar: string - elementRelationship: atomic - - name: providers - type: - namedType: com.github.openshift.api.operator.v1.ConsoleProviders - default: {} - - name: route - type: - namedType: com.github.openshift.api.operator.v1.ConsoleConfigRoute - default: {} - - name: unsupportedConfigOverrides - type: - namedType: __untyped_atomic_ -- name: com.github.openshift.api.operator.v1.ConsoleStatus + elementType: + scalar: untyped + list: + elementType: + namedType: __untyped_atomic_ + elementRelationship: atomic + map: + elementType: + namedType: __untyped_deduced_ + elementRelationship: separable +- name: com.github.openshift.api.config.v1.ModernTLSProfile map: - fields: - - name: conditions - type: - list: - elementType: - namedType: com.github.openshift.api.operator.v1.OperatorCondition - elementRelationship: associative - keys: - - type - - name: generations - type: - list: - elementType: - namedType: com.github.openshift.api.operator.v1.GenerationStatus - elementRelationship: associative - keys: - - group - - resource - - namespace - - name - - name: latestAvailableRevision - type: - scalar: numeric - - name: observedGeneration - type: - scalar: numeric - - name: readyReplicas - type: - scalar: numeric - default: 0 - - name: version - type: - scalar: string -- name: com.github.openshift.api.operator.v1.ContainerLoggingDestinationParameters + elementType: + scalar: untyped + list: + elementType: + namedType: __untyped_atomic_ + elementRelationship: atomic + map: + elementType: + namedType: __untyped_deduced_ + elementRelationship: separable +- name: com.github.openshift.api.config.v1.OldTLSProfile map: - fields: - - name: maxLength - type: - scalar: numeric -- name: com.github.openshift.api.operator.v1.DNS + elementType: + scalar: untyped + list: + elementType: + namedType: __untyped_atomic_ + elementRelationship: atomic + map: + elementType: + namedType: __untyped_deduced_ + elementRelationship: separable +- name: com.github.openshift.api.config.v1.SecretNameReference map: fields: - - name: apiVersion - type: - scalar: string - - name: kind + - name: name type: scalar: string - - name: metadata - type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta - default: {} - - name: spec - type: - namedType: com.github.openshift.api.operator.v1.DNSSpec - default: {} - - name: status - type: - namedType: com.github.openshift.api.operator.v1.DNSStatus - default: {} -- name: com.github.openshift.api.operator.v1.DNSCache - map: - fields: - - name: negativeTTL - type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Duration - - name: positiveTTL - type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Duration -- name: com.github.openshift.api.operator.v1.DNSNodePlacement + default: "" +- name: com.github.openshift.api.config.v1.TLSProfileSpec map: fields: - - name: nodeSelector - type: - map: - elementType: - scalar: string - - name: tolerations + - name: ciphers type: list: elementType: - namedType: io.k8s.api.core.v1.Toleration + scalar: string elementRelationship: atomic -- name: com.github.openshift.api.operator.v1.DNSOverTLSConfig - map: - fields: - - name: caBundle - type: - namedType: com.github.openshift.api.config.v1.ConfigMapNameReference - default: {} - - name: serverName + - name: minTLSVersion type: scalar: string default: "" -- name: com.github.openshift.api.operator.v1.DNSSpec +- name: com.github.openshift.api.config.v1.TLSSecurityProfile map: fields: - - name: cache + - name: custom type: - namedType: com.github.openshift.api.operator.v1.DNSCache - default: {} - - name: logLevel + namedType: com.github.openshift.api.config.v1.CustomTLSProfile + - name: intermediate type: - scalar: string - - name: managementState + namedType: com.github.openshift.api.config.v1.IntermediateTLSProfile + - name: modern type: - scalar: string - - name: nodePlacement + namedType: com.github.openshift.api.config.v1.ModernTLSProfile + - name: old type: - namedType: com.github.openshift.api.operator.v1.DNSNodePlacement - default: {} - - name: operatorLogLevel + namedType: com.github.openshift.api.config.v1.OldTLSProfile + - name: type type: scalar: string - - name: servers - type: - list: - elementType: - namedType: com.github.openshift.api.operator.v1.Server - elementRelationship: atomic - - name: upstreamResolvers - type: - namedType: com.github.openshift.api.operator.v1.UpstreamResolvers - default: {} -- name: com.github.openshift.api.operator.v1.DNSStatus + default: "" + unions: + - discriminator: type + fields: + - fieldName: custom + discriminatorValue: Custom + - fieldName: intermediate + discriminatorValue: Intermediate + - fieldName: modern + discriminatorValue: Modern + - fieldName: old + discriminatorValue: Old +- name: com.github.openshift.api.operator.v1.AWSCSIDriverConfigSpec map: fields: - - name: clusterDomain + - name: efsVolumeMetrics type: - scalar: string - default: "" - - name: clusterIP + namedType: com.github.openshift.api.operator.v1.AWSEFSVolumeMetrics + - name: kmsKeyARN type: scalar: string - default: "" - - name: conditions +- name: com.github.openshift.api.operator.v1.AWSClassicLoadBalancerParameters + map: + fields: + - name: connectionIdleTimeout type: - list: - elementType: - namedType: com.github.openshift.api.operator.v1.OperatorCondition - elementRelationship: associative - keys: - - type -- name: com.github.openshift.api.operator.v1.DNSTransportConfig + namedType: Duration.v1.meta.apis.pkg.apimachinery.k8s.io + - name: subnets + type: + namedType: com.github.openshift.api.operator.v1.AWSSubnets +- name: com.github.openshift.api.operator.v1.AWSEFSVolumeMetrics map: fields: - - name: tls + - name: recursiveWalk type: - namedType: com.github.openshift.api.operator.v1.DNSOverTLSConfig - - name: transport + namedType: com.github.openshift.api.operator.v1.AWSEFSVolumeMetricsRecursiveWalkConfig + - name: state type: scalar: string + default: "" unions: - - discriminator: transport + - discriminator: state fields: - - fieldName: tls - discriminatorValue: TLS -- name: com.github.openshift.api.operator.v1.DefaultNetworkDefinition + - fieldName: recursiveWalk + discriminatorValue: RecursiveWalk +- name: com.github.openshift.api.operator.v1.AWSEFSVolumeMetricsRecursiveWalkConfig map: fields: - - name: openshiftSDNConfig - type: - namedType: com.github.openshift.api.operator.v1.OpenShiftSDNConfig - - name: ovnKubernetesConfig + - name: fsRateLimit type: - namedType: com.github.openshift.api.operator.v1.OVNKubernetesConfig - - name: type + scalar: numeric + - name: refreshPeriodMinutes type: - scalar: string - default: "" -- name: com.github.openshift.api.operator.v1.DeveloperConsoleCatalogCategory + scalar: numeric +- name: com.github.openshift.api.operator.v1.AWSLoadBalancerParameters map: fields: - - name: id + - name: classicLoadBalancer type: - scalar: string - default: "" - - name: label + namedType: com.github.openshift.api.operator.v1.AWSClassicLoadBalancerParameters + - name: networkLoadBalancer + type: + namedType: com.github.openshift.api.operator.v1.AWSNetworkLoadBalancerParameters + - name: type type: scalar: string default: "" - - name: subcategories + unions: + - discriminator: type + fields: + - fieldName: classicLoadBalancer + discriminatorValue: ClassicLoadBalancerParameters + - fieldName: networkLoadBalancer + discriminatorValue: NetworkLoadBalancerParameters +- name: com.github.openshift.api.operator.v1.AWSNetworkLoadBalancerParameters + map: + fields: + - name: eipAllocations type: list: elementType: - namedType: com.github.openshift.api.operator.v1.DeveloperConsoleCatalogCategoryMeta + scalar: string elementRelationship: atomic - - name: tags + - name: subnets + type: + namedType: com.github.openshift.api.operator.v1.AWSSubnets +- name: com.github.openshift.api.operator.v1.AWSSubnets + map: + fields: + - name: ids type: list: elementType: scalar: string elementRelationship: atomic -- name: com.github.openshift.api.operator.v1.DeveloperConsoleCatalogCategoryMeta - map: - fields: - - name: id - type: - scalar: string - default: "" - - name: label - type: - scalar: string - default: "" - - name: tags + - name: names type: list: elementType: scalar: string elementRelationship: atomic -- name: com.github.openshift.api.operator.v1.DeveloperConsoleCatalogCustomization +- name: com.github.openshift.api.operator.v1.AccessLogging map: fields: - - name: categories + - name: destination + type: + namedType: com.github.openshift.api.operator.v1.LoggingDestination + default: {} + - name: httpCaptureCookies type: list: elementType: - namedType: com.github.openshift.api.operator.v1.DeveloperConsoleCatalogCategory + namedType: com.github.openshift.api.operator.v1.IngressControllerCaptureHTTPCookie elementRelationship: atomic - - name: types + - name: httpCaptureHeaders type: - namedType: com.github.openshift.api.operator.v1.DeveloperConsoleCatalogTypes + namedType: com.github.openshift.api.operator.v1.IngressControllerCaptureHTTPHeaders default: {} -- name: com.github.openshift.api.operator.v1.DeveloperConsoleCatalogTypes - map: - fields: - - name: disabled - type: - list: - elementType: - scalar: string - elementRelationship: associative - - name: enabled + - name: httpLogFormat type: - list: - elementType: - scalar: string - elementRelationship: associative - - name: state + scalar: string + - name: logEmptyRequests type: scalar: string - default: Enabled - unions: - - discriminator: state - fields: - - fieldName: disabled - discriminatorValue: Disabled - - fieldName: enabled - discriminatorValue: Enabled -- name: com.github.openshift.api.operator.v1.EgressIPConfig +- name: com.github.openshift.api.operator.v1.AddPage map: fields: - - name: reachabilityTotalTimeoutSeconds + - name: disabledActions type: - scalar: numeric -- name: com.github.openshift.api.operator.v1.EndpointPublishingStrategy + list: + elementType: + scalar: string + elementRelationship: atomic +- name: com.github.openshift.api.operator.v1.AdditionalNetworkDefinition map: fields: - - name: hostNetwork + - name: name type: - namedType: com.github.openshift.api.operator.v1.HostNetworkStrategy - - name: loadBalancer + scalar: string + default: "" + - name: namespace type: - namedType: com.github.openshift.api.operator.v1.LoadBalancerStrategy - - name: nodePort + scalar: string + - name: rawCNIConfig type: - namedType: com.github.openshift.api.operator.v1.NodePortStrategy - - name: private + scalar: string + - name: simpleMacvlanConfig type: - namedType: com.github.openshift.api.operator.v1.PrivateStrategy + namedType: com.github.openshift.api.operator.v1.SimpleMacvlanConfig - name: type type: scalar: string default: "" - unions: - - discriminator: type - fields: - - fieldName: hostNetwork - discriminatorValue: HostNetwork - - fieldName: loadBalancer - discriminatorValue: LoadBalancer - - fieldName: nodePort - discriminatorValue: NodePort - - fieldName: private - discriminatorValue: Private -- name: com.github.openshift.api.operator.v1.Etcd +- name: com.github.openshift.api.operator.v1.AdditionalRoutingCapabilities + map: + fields: + - name: providers + type: + list: + elementType: + scalar: string + elementRelationship: atomic +- name: com.github.openshift.api.operator.v1.Authentication map: fields: - name: apiVersion @@ -1289,34 +595,19 @@ var schemaYAML = typed.YAMLObject(`types: scalar: string - name: metadata type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io default: {} - name: spec type: - namedType: com.github.openshift.api.operator.v1.EtcdSpec + namedType: com.github.openshift.api.operator.v1.AuthenticationSpec default: {} - name: status type: - namedType: com.github.openshift.api.operator.v1.EtcdStatus + namedType: com.github.openshift.api.operator.v1.AuthenticationStatus default: {} -- name: com.github.openshift.api.operator.v1.EtcdSpec +- name: com.github.openshift.api.operator.v1.AuthenticationSpec map: fields: - - name: backendQuotaGiB - type: - scalar: numeric - default: 8 - - name: controlPlaneHardwareSpeed - type: - scalar: string - default: "" - - name: failedRevisionLimit - type: - scalar: numeric - - name: forceRedeploymentReason - type: - scalar: string - default: "" - name: logLevel type: scalar: string @@ -1326,17 +617,14 @@ var schemaYAML = typed.YAMLObject(`types: default: "" - name: observedConfig type: - namedType: __untyped_atomic_ + namedType: RawExtension.runtime.pkg.apimachinery.k8s.io - name: operatorLogLevel type: scalar: string - - name: succeededRevisionLimit - type: - scalar: numeric - name: unsupportedConfigOverrides type: - namedType: __untyped_atomic_ -- name: com.github.openshift.api.operator.v1.EtcdStatus + namedType: RawExtension.runtime.pkg.apimachinery.k8s.io +- name: com.github.openshift.api.operator.v1.AuthenticationStatus map: fields: - name: conditions @@ -1347,10 +635,6 @@ var schemaYAML = typed.YAMLObject(`types: elementRelationship: associative keys: - type - - name: controlPlaneHardwareSpeed - type: - scalar: string - default: "" - name: generations type: list: @@ -1365,17 +649,10 @@ var schemaYAML = typed.YAMLObject(`types: - name: latestAvailableRevision type: scalar: numeric - - name: latestAvailableRevisionReason - type: - scalar: string - - name: nodeStatuses + - name: oauthAPIServer type: - list: - elementType: - namedType: com.github.openshift.api.operator.v1.NodeStatus - elementRelationship: associative - keys: - - nodeName + namedType: com.github.openshift.api.operator.v1.OAuthAPIServerStatus + default: {} - name: observedGeneration type: scalar: numeric @@ -1386,314 +663,495 @@ var schemaYAML = typed.YAMLObject(`types: - name: version type: scalar: string -- name: com.github.openshift.api.operator.v1.ExportNetworkFlows +- name: com.github.openshift.api.operator.v1.AzureCSIDriverConfigSpec map: fields: - - name: ipfix + - name: diskEncryptionSet type: - namedType: com.github.openshift.api.operator.v1.IPFIXConfig - - name: netFlow + namedType: com.github.openshift.api.operator.v1.AzureDiskEncryptionSet +- name: com.github.openshift.api.operator.v1.AzureDiskEncryptionSet + map: + fields: + - name: name type: - namedType: com.github.openshift.api.operator.v1.NetFlowConfig - - name: sFlow + scalar: string + default: "" + - name: resourceGroup type: - namedType: com.github.openshift.api.operator.v1.SFlowConfig -- name: com.github.openshift.api.operator.v1.FeaturesMigration + scalar: string + default: "" + - name: subscriptionID + type: + scalar: string + default: "" +- name: com.github.openshift.api.operator.v1.BootImageSkewEnforcementConfig map: fields: - - name: egressFirewall + - name: manual type: - scalar: boolean - - name: egressIP + namedType: com.github.openshift.api.operator.v1.ClusterBootImageManual + default: {} + - name: mode type: - scalar: boolean - - name: multicast + scalar: string + unions: + - discriminator: mode + fields: + - fieldName: manual + discriminatorValue: Manual +- name: com.github.openshift.api.operator.v1.BootImageSkewEnforcementStatus + map: + fields: + - name: automatic type: - scalar: boolean -- name: com.github.openshift.api.operator.v1.FileReferenceSource + namedType: com.github.openshift.api.operator.v1.ClusterBootImageAutomatic + default: {} + - name: manual + type: + namedType: com.github.openshift.api.operator.v1.ClusterBootImageManual + default: {} + - name: mode + type: + scalar: string + unions: + - discriminator: mode + fields: + - fieldName: automatic + discriminatorValue: Automatic + - fieldName: manual + discriminatorValue: Manual +- name: com.github.openshift.api.operator.v1.CSIDriverConfigSpec map: fields: - - name: configMap + - name: aws type: - namedType: com.github.openshift.api.operator.v1.ConfigMapFileReference - - name: from + namedType: com.github.openshift.api.operator.v1.AWSCSIDriverConfigSpec + - name: azure + type: + namedType: com.github.openshift.api.operator.v1.AzureCSIDriverConfigSpec + - name: driverType type: scalar: string default: "" -- name: com.github.openshift.api.operator.v1.ForwardPlugin + - name: gcp + type: + namedType: com.github.openshift.api.operator.v1.GCPCSIDriverConfigSpec + - name: ibmcloud + type: + namedType: com.github.openshift.api.operator.v1.IBMCloudCSIDriverConfigSpec + - name: vSphere + type: + namedType: com.github.openshift.api.operator.v1.VSphereCSIDriverConfigSpec + unions: + - discriminator: driverType + fields: + - fieldName: aws + discriminatorValue: AWS + - fieldName: azure + discriminatorValue: Azure + - fieldName: gcp + discriminatorValue: GCP + - fieldName: ibmcloud + discriminatorValue: IBMCloud + - fieldName: vSphere + discriminatorValue: VSphere +- name: com.github.openshift.api.operator.v1.CSISnapshotController map: fields: - - name: policy + - name: apiVersion type: scalar: string - - name: protocolStrategy + - name: kind type: scalar: string - default: "" - - name: transportConfig + - name: metadata type: - namedType: com.github.openshift.api.operator.v1.DNSTransportConfig + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io default: {} - - name: upstreams + - name: spec type: - list: - elementType: - scalar: string - elementRelationship: atomic -- name: com.github.openshift.api.operator.v1.GCPCSIDriverConfigSpec - map: - fields: - - name: kmsKey + namedType: com.github.openshift.api.operator.v1.CSISnapshotControllerSpec + default: {} + - name: status type: - namedType: com.github.openshift.api.operator.v1.GCPKMSKeyReference -- name: com.github.openshift.api.operator.v1.GCPKMSKeyReference + namedType: com.github.openshift.api.operator.v1.CSISnapshotControllerStatus + default: {} +- name: com.github.openshift.api.operator.v1.CSISnapshotControllerSpec map: fields: - - name: keyRing - type: - scalar: string - default: "" - - name: location + - name: logLevel type: scalar: string - - name: name + - name: managementState type: scalar: string default: "" - - name: projectID + - name: observedConfig + type: + namedType: RawExtension.runtime.pkg.apimachinery.k8s.io + - name: operatorLogLevel type: scalar: string - default: "" -- name: com.github.openshift.api.operator.v1.GCPLoadBalancerParameters + - name: unsupportedConfigOverrides + type: + namedType: RawExtension.runtime.pkg.apimachinery.k8s.io +- name: com.github.openshift.api.operator.v1.CSISnapshotControllerStatus map: fields: - - name: clientAccess + - name: conditions + type: + list: + elementType: + namedType: com.github.openshift.api.operator.v1.OperatorCondition + elementRelationship: associative + keys: + - type + - name: generations + type: + list: + elementType: + namedType: com.github.openshift.api.operator.v1.GenerationStatus + elementRelationship: associative + keys: + - group + - resource + - namespace + - name + - name: latestAvailableRevision + type: + scalar: numeric + - name: observedGeneration + type: + scalar: numeric + - name: readyReplicas + type: + scalar: numeric + default: 0 + - name: version type: scalar: string -- name: com.github.openshift.api.operator.v1.GatewayConfig +- name: com.github.openshift.api.operator.v1.Capability map: fields: - - name: ipForwarding + - name: name type: scalar: string - - name: ipv4 - type: - namedType: com.github.openshift.api.operator.v1.IPv4GatewayConfig - default: {} - - name: ipv6 + default: "" + - name: visibility type: - namedType: com.github.openshift.api.operator.v1.IPv6GatewayConfig + namedType: com.github.openshift.api.operator.v1.CapabilityVisibility default: {} - - name: routingViaHost - type: - scalar: boolean -- name: com.github.openshift.api.operator.v1.GatherStatus +- name: com.github.openshift.api.operator.v1.CapabilityVisibility map: fields: - - name: gatherers - type: - list: - elementType: - namedType: com.github.openshift.api.operator.v1.GathererStatus - elementRelationship: atomic - - name: lastGatherDuration - type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Duration - - name: lastGatherTime + - name: state type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Time -- name: com.github.openshift.api.operator.v1.GathererStatus + scalar: string + default: "" + unions: + - discriminator: state +- name: com.github.openshift.api.operator.v1.ClientTLS map: fields: - - name: conditions + - name: allowedSubjectPatterns type: list: elementType: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Condition + scalar: string elementRelationship: atomic - - name: lastGatherDuration + - name: clientCA type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Duration - - name: name + namedType: com.github.openshift.api.config.v1.ConfigMapNameReference + default: {} + - name: clientCertificatePolicy type: scalar: string default: "" -- name: com.github.openshift.api.operator.v1.GenerationStatus +- name: com.github.openshift.api.operator.v1.CloudCredential map: fields: - - name: group + - name: apiVersion type: scalar: string - default: "" - - name: hash + - name: kind type: scalar: string - default: "" - - name: lastGeneration + - name: metadata type: - scalar: numeric - default: 0 - - name: name + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io + default: {} + - name: spec + type: + namedType: com.github.openshift.api.operator.v1.CloudCredentialSpec + default: {} + - name: status + type: + namedType: com.github.openshift.api.operator.v1.CloudCredentialStatus + default: {} +- name: com.github.openshift.api.operator.v1.CloudCredentialSpec + map: + fields: + - name: credentialsMode type: scalar: string - default: "" - - name: namespace + - name: logLevel type: scalar: string - default: "" - - name: resource + - name: managementState type: scalar: string default: "" -- name: com.github.openshift.api.operator.v1.HTTPCompressionPolicy + - name: observedConfig + type: + namedType: RawExtension.runtime.pkg.apimachinery.k8s.io + - name: operatorLogLevel + type: + scalar: string + - name: unsupportedConfigOverrides + type: + namedType: RawExtension.runtime.pkg.apimachinery.k8s.io +- name: com.github.openshift.api.operator.v1.CloudCredentialStatus map: fields: - - name: mimeTypes + - name: conditions type: list: elementType: - scalar: string + namedType: com.github.openshift.api.operator.v1.OperatorCondition elementRelationship: associative -- name: com.github.openshift.api.operator.v1.HealthCheck - map: - fields: - - name: advisorURI - type: - scalar: string - default: "" - - name: description - type: - scalar: string - default: "" - - name: state + keys: + - type + - name: generations type: - scalar: string - default: "" - - name: totalRisk + list: + elementType: + namedType: com.github.openshift.api.operator.v1.GenerationStatus + elementRelationship: associative + keys: + - group + - resource + - namespace + - name + - name: latestAvailableRevision type: scalar: numeric - default: 0 -- name: com.github.openshift.api.operator.v1.HostNetworkStrategy - map: - fields: - - name: httpPort + - name: observedGeneration type: scalar: numeric - - name: httpsPort + - name: readyReplicas type: scalar: numeric - - name: protocol + default: 0 + - name: version type: scalar: string - - name: statsPort - type: - scalar: numeric -- name: com.github.openshift.api.operator.v1.HybridOverlayConfig +- name: com.github.openshift.api.operator.v1.ClusterBootImageAutomatic map: fields: - - name: hybridClusterNetwork + - name: ocpVersion type: - list: - elementType: - namedType: com.github.openshift.api.operator.v1.ClusterNetworkEntry - elementRelationship: atomic - - name: hybridOverlayVXLANPort + scalar: string + - name: rhcosVersion type: - scalar: numeric -- name: com.github.openshift.api.operator.v1.IBMCloudCSIDriverConfigSpec + scalar: string +- name: com.github.openshift.api.operator.v1.ClusterBootImageManual map: fields: - - name: encryptionKeyCRN + - name: mode type: scalar: string - default: "" -- name: com.github.openshift.api.operator.v1.IBMLoadBalancerParameters + - name: ocpVersion + type: + scalar: string + - name: rhcosVersion + type: + scalar: string + unions: + - discriminator: mode + fields: + - fieldName: ocpVersion + discriminatorValue: OCPVersion + - fieldName: rhcosVersion + discriminatorValue: RHCOSVersion +- name: com.github.openshift.api.operator.v1.ClusterCSIDriver map: fields: - - name: protocol + - name: apiVersion type: scalar: string -- name: com.github.openshift.api.operator.v1.IPAMConfig + - name: kind + type: + scalar: string + - name: metadata + type: + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io + default: {} + - name: spec + type: + namedType: com.github.openshift.api.operator.v1.ClusterCSIDriverSpec + default: {} + - name: status + type: + namedType: com.github.openshift.api.operator.v1.ClusterCSIDriverStatus + default: {} +- name: com.github.openshift.api.operator.v1.ClusterCSIDriverSpec map: fields: - - name: staticIPAMConfig + - name: driverConfig type: - namedType: com.github.openshift.api.operator.v1.StaticIPAMConfig - - name: type + namedType: com.github.openshift.api.operator.v1.CSIDriverConfigSpec + default: {} + - name: logLevel + type: + scalar: string + - name: managementState type: scalar: string default: "" -- name: com.github.openshift.api.operator.v1.IPFIXConfig + - name: observedConfig + type: + namedType: RawExtension.runtime.pkg.apimachinery.k8s.io + - name: operatorLogLevel + type: + scalar: string + - name: storageClassState + type: + scalar: string + - name: unsupportedConfigOverrides + type: + namedType: RawExtension.runtime.pkg.apimachinery.k8s.io +- name: com.github.openshift.api.operator.v1.ClusterCSIDriverStatus map: fields: - - name: collectors + - name: conditions type: list: elementType: - scalar: string - elementRelationship: atomic -- name: com.github.openshift.api.operator.v1.IPsecConfig - map: - fields: - - name: full + namedType: com.github.openshift.api.operator.v1.OperatorCondition + elementRelationship: associative + keys: + - type + - name: generations type: - namedType: com.github.openshift.api.operator.v1.IPsecFullModeConfig - - name: mode + list: + elementType: + namedType: com.github.openshift.api.operator.v1.GenerationStatus + elementRelationship: associative + keys: + - group + - resource + - namespace + - name + - name: latestAvailableRevision + type: + scalar: numeric + - name: observedGeneration + type: + scalar: numeric + - name: readyReplicas + type: + scalar: numeric + default: 0 + - name: version type: scalar: string - unions: - - discriminator: mode - fields: - - fieldName: full - discriminatorValue: Full -- name: com.github.openshift.api.operator.v1.IPsecFullModeConfig +- name: com.github.openshift.api.operator.v1.ClusterNetworkEntry map: fields: - - name: encapsulation + - name: cidr type: scalar: string -- name: com.github.openshift.api.operator.v1.IPv4GatewayConfig + default: "" + - name: hostPrefix + type: + scalar: numeric +- name: com.github.openshift.api.operator.v1.Config map: fields: - - name: internalMasqueradeSubnet + - name: apiVersion + type: + scalar: string + - name: kind type: scalar: string -- name: com.github.openshift.api.operator.v1.IPv4OVNKubernetesConfig + - name: metadata + type: + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io + default: {} + - name: spec + type: + namedType: com.github.openshift.api.operator.v1.ConfigSpec + default: {} + - name: status + type: + namedType: com.github.openshift.api.operator.v1.ConfigStatus + default: {} +- name: com.github.openshift.api.operator.v1.ConfigMapFileReference map: fields: - - name: internalJoinSubnet + - name: key type: scalar: string - - name: internalTransitSwitchSubnet + default: "" + - name: name type: scalar: string -- name: com.github.openshift.api.operator.v1.IPv6GatewayConfig + default: "" +- name: com.github.openshift.api.operator.v1.ConfigSpec map: fields: - - name: internalMasqueradeSubnet + - name: logLevel type: scalar: string -- name: com.github.openshift.api.operator.v1.IPv6OVNKubernetesConfig - map: - fields: - - name: internalJoinSubnet + - name: managementState type: scalar: string - - name: internalTransitSwitchSubnet + default: "" + - name: observedConfig + type: + namedType: RawExtension.runtime.pkg.apimachinery.k8s.io + - name: operatorLogLevel type: scalar: string -- name: com.github.openshift.api.operator.v1.Ingress + - name: unsupportedConfigOverrides + type: + namedType: RawExtension.runtime.pkg.apimachinery.k8s.io +- name: com.github.openshift.api.operator.v1.ConfigStatus map: fields: - - name: clientDownloadsURL + - name: conditions type: - scalar: string - default: "" - - name: consoleURL + list: + elementType: + namedType: com.github.openshift.api.operator.v1.OperatorCondition + elementRelationship: associative + keys: + - type + - name: generations + type: + list: + elementType: + namedType: com.github.openshift.api.operator.v1.GenerationStatus + elementRelationship: associative + keys: + - group + - resource + - namespace + - name + - name: latestAvailableRevision + type: + scalar: numeric + - name: observedGeneration + type: + scalar: numeric + - name: readyReplicas + type: + scalar: numeric + default: 0 + - name: version type: scalar: string - default: "" -- name: com.github.openshift.api.operator.v1.IngressController +- name: com.github.openshift.api.operator.v1.Console map: fields: - name: apiVersion @@ -1704,228 +1162,267 @@ var schemaYAML = typed.YAMLObject(`types: scalar: string - name: metadata type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io default: {} - name: spec type: - namedType: com.github.openshift.api.operator.v1.IngressControllerSpec + namedType: com.github.openshift.api.operator.v1.ConsoleSpec default: {} - name: status type: - namedType: com.github.openshift.api.operator.v1.IngressControllerStatus + namedType: com.github.openshift.api.operator.v1.ConsoleStatus default: {} -- name: com.github.openshift.api.operator.v1.IngressControllerCaptureHTTPCookie +- name: com.github.openshift.api.operator.v1.ConsoleConfigRoute map: fields: - - name: matchType + - name: hostname type: scalar: string default: "" - - name: maxLength + - name: secret type: - scalar: numeric - default: 0 - - name: name + namedType: com.github.openshift.api.config.v1.SecretNameReference + default: {} +- name: com.github.openshift.api.operator.v1.ConsoleCustomization + map: + fields: + - name: addPage + type: + namedType: com.github.openshift.api.operator.v1.AddPage + default: {} + - name: brand type: scalar: string - default: "" - - name: namePrefix + - name: capabilities + type: + list: + elementType: + namedType: com.github.openshift.api.operator.v1.Capability + elementRelationship: associative + keys: + - name + - name: customLogoFile + type: + namedType: com.github.openshift.api.config.v1.ConfigMapFileReference + default: {} + - name: customProductName type: scalar: string - default: "" - unions: - - discriminator: matchType - fields: - - fieldName: name - discriminatorValue: Name - - fieldName: namePrefix - discriminatorValue: NamePrefix -- name: com.github.openshift.api.operator.v1.IngressControllerCaptureHTTPHeader - map: - fields: - - name: maxLength + - name: developerCatalog type: - scalar: numeric - default: 0 - - name: name + namedType: com.github.openshift.api.operator.v1.DeveloperConsoleCatalogCustomization + default: {} + - name: documentationBaseURL type: scalar: string - default: "" -- name: com.github.openshift.api.operator.v1.IngressControllerCaptureHTTPHeaders - map: - fields: - - name: request + - name: logos type: list: elementType: - namedType: com.github.openshift.api.operator.v1.IngressControllerCaptureHTTPHeader - elementRelationship: atomic - - name: response + namedType: com.github.openshift.api.operator.v1.Logo + elementRelationship: associative + keys: + - type + - name: perspectives type: list: elementType: - namedType: com.github.openshift.api.operator.v1.IngressControllerCaptureHTTPHeader - elementRelationship: atomic -- name: com.github.openshift.api.operator.v1.IngressControllerHTTPHeader + namedType: com.github.openshift.api.operator.v1.Perspective + elementRelationship: associative + keys: + - id + - name: projectAccess + type: + namedType: com.github.openshift.api.operator.v1.ProjectAccess + default: {} + - name: quickStarts + type: + namedType: com.github.openshift.api.operator.v1.QuickStarts + default: {} +- name: com.github.openshift.api.operator.v1.ConsoleProviders map: fields: - - name: action + - name: statuspage type: - namedType: com.github.openshift.api.operator.v1.IngressControllerHTTPHeaderActionUnion + namedType: com.github.openshift.api.operator.v1.StatuspageProvider +- name: com.github.openshift.api.operator.v1.ConsoleSpec + map: + fields: + - name: customization + type: + namedType: com.github.openshift.api.operator.v1.ConsoleCustomization default: {} - - name: name + - name: ingress + type: + namedType: com.github.openshift.api.operator.v1.Ingress + default: {} + - name: logLevel + type: + scalar: string + - name: managementState type: scalar: string default: "" -- name: com.github.openshift.api.operator.v1.IngressControllerHTTPHeaderActionUnion - map: - fields: - - name: set + - name: observedConfig type: - namedType: com.github.openshift.api.operator.v1.IngressControllerSetHTTPHeader - - name: type + namedType: RawExtension.runtime.pkg.apimachinery.k8s.io + - name: operatorLogLevel type: scalar: string - default: "" - unions: - - discriminator: type - fields: - - fieldName: set - discriminatorValue: Set -- name: com.github.openshift.api.operator.v1.IngressControllerHTTPHeaderActions + - name: plugins + type: + list: + elementType: + scalar: string + elementRelationship: atomic + - name: providers + type: + namedType: com.github.openshift.api.operator.v1.ConsoleProviders + default: {} + - name: route + type: + namedType: com.github.openshift.api.operator.v1.ConsoleConfigRoute + default: {} + - name: unsupportedConfigOverrides + type: + namedType: RawExtension.runtime.pkg.apimachinery.k8s.io +- name: com.github.openshift.api.operator.v1.ConsoleStatus map: fields: - - name: request + - name: conditions type: list: elementType: - namedType: com.github.openshift.api.operator.v1.IngressControllerHTTPHeader + namedType: com.github.openshift.api.operator.v1.OperatorCondition elementRelationship: associative keys: - - name - - name: response + - type + - name: generations type: list: elementType: - namedType: com.github.openshift.api.operator.v1.IngressControllerHTTPHeader + namedType: com.github.openshift.api.operator.v1.GenerationStatus elementRelationship: associative keys: + - group + - resource + - namespace - name -- name: com.github.openshift.api.operator.v1.IngressControllerHTTPHeaders + - name: latestAvailableRevision + type: + scalar: numeric + - name: observedGeneration + type: + scalar: numeric + - name: readyReplicas + type: + scalar: numeric + default: 0 + - name: version + type: + scalar: string +- name: com.github.openshift.api.operator.v1.ContainerLoggingDestinationParameters map: fields: - - name: actions + - name: maxLength type: - namedType: com.github.openshift.api.operator.v1.IngressControllerHTTPHeaderActions - default: {} - - name: forwardedHeaderPolicy + scalar: numeric +- name: com.github.openshift.api.operator.v1.DNS + map: + fields: + - name: apiVersion + type: + scalar: string + - name: kind + type: + scalar: string + - name: metadata type: - scalar: string - - name: headerNameCaseAdjustments + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io + default: {} + - name: spec type: - list: - elementType: - scalar: string - elementRelationship: atomic - - name: uniqueId + namedType: com.github.openshift.api.operator.v1.DNSSpec + default: {} + - name: status type: - namedType: com.github.openshift.api.operator.v1.IngressControllerHTTPUniqueIdHeaderPolicy + namedType: com.github.openshift.api.operator.v1.DNSStatus default: {} -- name: com.github.openshift.api.operator.v1.IngressControllerHTTPUniqueIdHeaderPolicy +- name: com.github.openshift.api.operator.v1.DNSCache map: fields: - - name: format + - name: negativeTTL type: - scalar: string - - name: name + namedType: Duration.v1.meta.apis.pkg.apimachinery.k8s.io + - name: positiveTTL type: - scalar: string -- name: com.github.openshift.api.operator.v1.IngressControllerLogging + namedType: Duration.v1.meta.apis.pkg.apimachinery.k8s.io +- name: com.github.openshift.api.operator.v1.DNSNodePlacement map: fields: - - name: access + - name: nodeSelector type: - namedType: com.github.openshift.api.operator.v1.AccessLogging -- name: com.github.openshift.api.operator.v1.IngressControllerSetHTTPHeader + map: + elementType: + scalar: string + - name: tolerations + type: + list: + elementType: + namedType: Toleration.v1.core.api.k8s.io + elementRelationship: atomic +- name: com.github.openshift.api.operator.v1.DNSOverTLSConfig map: fields: - - name: value + - name: caBundle + type: + namedType: com.github.openshift.api.config.v1.ConfigMapNameReference + default: {} + - name: serverName type: scalar: string default: "" -- name: com.github.openshift.api.operator.v1.IngressControllerSpec +- name: com.github.openshift.api.operator.v1.DNSSpec map: fields: - - name: clientTLS + - name: cache type: - namedType: com.github.openshift.api.operator.v1.ClientTLS + namedType: com.github.openshift.api.operator.v1.DNSCache default: {} - - name: closedClientConnectionPolicy - type: - scalar: string - default: Continue - - name: defaultCertificate - type: - namedType: io.k8s.api.core.v1.LocalObjectReference - - name: domain + - name: logLevel type: scalar: string - - name: endpointPublishingStrategy - type: - namedType: com.github.openshift.api.operator.v1.EndpointPublishingStrategy - - name: httpCompression - type: - namedType: com.github.openshift.api.operator.v1.HTTPCompressionPolicy - default: {} - - name: httpEmptyRequestsPolicy + - name: managementState type: scalar: string - - name: httpErrorCodePages + - name: nodePlacement type: - namedType: com.github.openshift.api.config.v1.ConfigMapNameReference + namedType: com.github.openshift.api.operator.v1.DNSNodePlacement default: {} - - name: httpHeaders - type: - namedType: com.github.openshift.api.operator.v1.IngressControllerHTTPHeaders - - name: idleConnectionTerminationPolicy + - name: operatorLogLevel type: scalar: string - default: Immediate - - name: logging - type: - namedType: com.github.openshift.api.operator.v1.IngressControllerLogging - - name: namespaceSelector - type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector - - name: nodePlacement - type: - namedType: com.github.openshift.api.operator.v1.NodePlacement - - name: replicas - type: - scalar: numeric - - name: routeAdmission - type: - namedType: com.github.openshift.api.operator.v1.RouteAdmissionPolicy - - name: routeSelector - type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector - - name: tlsSecurityProfile + - name: servers type: - namedType: com.github.openshift.api.config.v1.TLSSecurityProfile - - name: tuningOptions + list: + elementType: + namedType: com.github.openshift.api.operator.v1.Server + elementRelationship: atomic + - name: upstreamResolvers type: - namedType: com.github.openshift.api.operator.v1.IngressControllerTuningOptions + namedType: com.github.openshift.api.operator.v1.UpstreamResolvers default: {} - - name: unsupportedConfigOverrides - type: - namedType: __untyped_atomic_ -- name: com.github.openshift.api.operator.v1.IngressControllerStatus +- name: com.github.openshift.api.operator.v1.DNSStatus map: fields: - - name: availableReplicas + - name: clusterDomain type: - scalar: numeric - default: 0 + scalar: string + default: "" + - name: clusterIP + type: + scalar: string + default: "" - name: conditions type: list: @@ -1934,75 +1431,149 @@ var schemaYAML = typed.YAMLObject(`types: elementRelationship: associative keys: - type - - name: domain +- name: com.github.openshift.api.operator.v1.DNSTransportConfig + map: + fields: + - name: tls + type: + namedType: com.github.openshift.api.operator.v1.DNSOverTLSConfig + - name: transport type: scalar: string - default: "" - - name: endpointPublishingStrategy + unions: + - discriminator: transport + fields: + - fieldName: tls + discriminatorValue: TLS +- name: com.github.openshift.api.operator.v1.DefaultNetworkDefinition + map: + fields: + - name: openshiftSDNConfig type: - namedType: com.github.openshift.api.operator.v1.EndpointPublishingStrategy - - name: namespaceSelector + namedType: com.github.openshift.api.operator.v1.OpenShiftSDNConfig + - name: ovnKubernetesConfig type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector - - name: observedGeneration + namedType: com.github.openshift.api.operator.v1.OVNKubernetesConfig + - name: type type: - scalar: numeric - - name: routeSelector + scalar: string + default: "" +- name: com.github.openshift.api.operator.v1.DeveloperConsoleCatalogCategory + map: + fields: + - name: id type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector - - name: selector + scalar: string + default: "" + - name: label type: scalar: string default: "" - - name: tlsProfile + - name: subcategories type: - namedType: com.github.openshift.api.config.v1.TLSProfileSpec -- name: com.github.openshift.api.operator.v1.IngressControllerTuningOptions + list: + elementType: + namedType: com.github.openshift.api.operator.v1.DeveloperConsoleCatalogCategoryMeta + elementRelationship: atomic + - name: tags + type: + list: + elementType: + scalar: string + elementRelationship: atomic +- name: com.github.openshift.api.operator.v1.DeveloperConsoleCatalogCategoryMeta map: fields: - - name: clientFinTimeout + - name: id type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Duration - - name: clientTimeout + scalar: string + default: "" + - name: label type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Duration - - name: connectTimeout + scalar: string + default: "" + - name: tags type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Duration - - name: headerBufferBytes + list: + elementType: + scalar: string + elementRelationship: atomic +- name: com.github.openshift.api.operator.v1.DeveloperConsoleCatalogCustomization + map: + fields: + - name: categories type: - scalar: numeric - - name: headerBufferMaxRewriteBytes + list: + elementType: + namedType: com.github.openshift.api.operator.v1.DeveloperConsoleCatalogCategory + elementRelationship: atomic + - name: types type: - scalar: numeric - - name: healthCheckInterval + namedType: com.github.openshift.api.operator.v1.DeveloperConsoleCatalogTypes + default: {} +- name: com.github.openshift.api.operator.v1.DeveloperConsoleCatalogTypes + map: + fields: + - name: disabled type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Duration - - name: httpKeepAliveTimeout + list: + elementType: + scalar: string + elementRelationship: associative + - name: enabled type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Duration - - name: maxConnections + list: + elementType: + scalar: string + elementRelationship: associative + - name: state type: - scalar: numeric - - name: reloadInterval + scalar: string + default: Enabled + unions: + - discriminator: state + fields: + - fieldName: disabled + discriminatorValue: Disabled + - fieldName: enabled + discriminatorValue: Enabled +- name: com.github.openshift.api.operator.v1.EgressIPConfig + map: + fields: + - name: reachabilityTotalTimeoutSeconds type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Duration - - name: serverFinTimeout + scalar: numeric +- name: com.github.openshift.api.operator.v1.EndpointPublishingStrategy + map: + fields: + - name: hostNetwork type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Duration - - name: serverTimeout + namedType: com.github.openshift.api.operator.v1.HostNetworkStrategy + - name: loadBalancer type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Duration - - name: threadCount + namedType: com.github.openshift.api.operator.v1.LoadBalancerStrategy + - name: nodePort type: - scalar: numeric - - name: tlsInspectDelay + namedType: com.github.openshift.api.operator.v1.NodePortStrategy + - name: private type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Duration - - name: tunnelTimeout + namedType: com.github.openshift.api.operator.v1.PrivateStrategy + - name: type type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Duration -- name: com.github.openshift.api.operator.v1.InsightsOperator + scalar: string + default: "" + unions: + - discriminator: type + fields: + - fieldName: hostNetwork + discriminatorValue: HostNetwork + - fieldName: loadBalancer + discriminatorValue: LoadBalancer + - fieldName: nodePort + discriminatorValue: NodePort + - fieldName: private + discriminatorValue: Private +- name: com.github.openshift.api.operator.v1.Etcd map: fields: - name: apiVersion @@ -2013,19 +1584,34 @@ var schemaYAML = typed.YAMLObject(`types: scalar: string - name: metadata type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io default: {} - name: spec type: - namedType: com.github.openshift.api.operator.v1.InsightsOperatorSpec + namedType: com.github.openshift.api.operator.v1.EtcdSpec default: {} - name: status type: - namedType: com.github.openshift.api.operator.v1.InsightsOperatorStatus + namedType: com.github.openshift.api.operator.v1.EtcdStatus default: {} -- name: com.github.openshift.api.operator.v1.InsightsOperatorSpec +- name: com.github.openshift.api.operator.v1.EtcdSpec map: fields: + - name: backendQuotaGiB + type: + scalar: numeric + default: 8 + - name: controlPlaneHardwareSpeed + type: + scalar: string + default: "" + - name: failedRevisionLimit + type: + scalar: numeric + - name: forceRedeploymentReason + type: + scalar: string + default: "" - name: logLevel type: scalar: string @@ -2035,14 +1621,17 @@ var schemaYAML = typed.YAMLObject(`types: default: "" - name: observedConfig type: - namedType: __untyped_atomic_ + namedType: RawExtension.runtime.pkg.apimachinery.k8s.io - name: operatorLogLevel type: scalar: string + - name: succeededRevisionLimit + type: + scalar: numeric - name: unsupportedConfigOverrides type: - namedType: __untyped_atomic_ -- name: com.github.openshift.api.operator.v1.InsightsOperatorStatus + namedType: RawExtension.runtime.pkg.apimachinery.k8s.io +- name: com.github.openshift.api.operator.v1.EtcdStatus map: fields: - name: conditions @@ -2053,10 +1642,10 @@ var schemaYAML = typed.YAMLObject(`types: elementRelationship: associative keys: - type - - name: gatherStatus + - name: controlPlaneHardwareSpeed type: - namedType: com.github.openshift.api.operator.v1.GatherStatus - default: {} + scalar: string + default: "" - name: generations type: list: @@ -2068,13 +1657,20 @@ var schemaYAML = typed.YAMLObject(`types: - resource - namespace - name - - name: insightsReport - type: - namedType: com.github.openshift.api.operator.v1.InsightsReport - default: {} - name: latestAvailableRevision type: scalar: numeric + - name: latestAvailableRevisionReason + type: + scalar: string + - name: nodeStatuses + type: + list: + elementType: + namedType: com.github.openshift.api.operator.v1.NodeStatus + elementRelationship: associative + keys: + - nodeName - name: observedGeneration type: scalar: numeric @@ -2085,329 +1681,314 @@ var schemaYAML = typed.YAMLObject(`types: - name: version type: scalar: string -- name: com.github.openshift.api.operator.v1.InsightsReport +- name: com.github.openshift.api.operator.v1.ExportNetworkFlows map: fields: - - name: downloadedAt + - name: ipfix type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Time - - name: healthChecks + namedType: com.github.openshift.api.operator.v1.IPFIXConfig + - name: netFlow type: - list: - elementType: - namedType: com.github.openshift.api.operator.v1.HealthCheck - elementRelationship: atomic -- name: com.github.openshift.api.operator.v1.IrreconcilableValidationOverrides + namedType: com.github.openshift.api.operator.v1.NetFlowConfig + - name: sFlow + type: + namedType: com.github.openshift.api.operator.v1.SFlowConfig +- name: com.github.openshift.api.operator.v1.FeaturesMigration map: fields: - - name: storage + - name: egressFirewall type: - list: - elementType: - scalar: string - elementRelationship: associative -- name: com.github.openshift.api.operator.v1.KubeAPIServer + scalar: boolean + - name: egressIP + type: + scalar: boolean + - name: multicast + type: + scalar: boolean +- name: com.github.openshift.api.operator.v1.FileReferenceSource map: fields: - - name: apiVersion + - name: configMap + type: + namedType: com.github.openshift.api.operator.v1.ConfigMapFileReference + - name: from type: scalar: string - - name: kind + default: "" +- name: com.github.openshift.api.operator.v1.ForwardPlugin + map: + fields: + - name: policy type: scalar: string - - name: metadata + - name: protocolStrategy type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta - default: {} - - name: spec + scalar: string + default: "" + - name: transportConfig type: - namedType: com.github.openshift.api.operator.v1.KubeAPIServerSpec + namedType: com.github.openshift.api.operator.v1.DNSTransportConfig default: {} - - name: status + - name: upstreams type: - namedType: com.github.openshift.api.operator.v1.KubeAPIServerStatus - default: {} -- name: com.github.openshift.api.operator.v1.KubeAPIServerSpec + list: + elementType: + scalar: string + elementRelationship: atomic +- name: com.github.openshift.api.operator.v1.GCPCSIDriverConfigSpec map: fields: - - name: eventTTLMinutes - type: - scalar: numeric - - name: failedRevisionLimit + - name: kmsKey type: - scalar: numeric - - name: forceRedeploymentReason + namedType: com.github.openshift.api.operator.v1.GCPKMSKeyReference +- name: com.github.openshift.api.operator.v1.GCPKMSKeyReference + map: + fields: + - name: keyRing type: scalar: string default: "" - - name: logLevel + - name: location type: scalar: string - - name: managementState + - name: name type: scalar: string default: "" - - name: observedConfig - type: - namedType: __untyped_atomic_ - - name: operatorLogLevel + - name: projectID type: scalar: string - - name: succeededRevisionLimit - type: - scalar: numeric - - name: unsupportedConfigOverrides + default: "" +- name: com.github.openshift.api.operator.v1.GCPLoadBalancerParameters + map: + fields: + - name: clientAccess type: - namedType: __untyped_atomic_ -- name: com.github.openshift.api.operator.v1.KubeAPIServerStatus + scalar: string +- name: com.github.openshift.api.operator.v1.GatewayConfig map: fields: - - name: conditions + - name: ipForwarding type: - list: - elementType: - namedType: com.github.openshift.api.operator.v1.OperatorCondition - elementRelationship: associative - keys: - - type - - name: generations + scalar: string + - name: ipv4 type: - list: - elementType: - namedType: com.github.openshift.api.operator.v1.GenerationStatus - elementRelationship: associative - keys: - - group - - resource - - namespace - - name - - name: latestAvailableRevision + namedType: com.github.openshift.api.operator.v1.IPv4GatewayConfig + default: {} + - name: ipv6 type: - scalar: numeric - - name: latestAvailableRevisionReason + namedType: com.github.openshift.api.operator.v1.IPv6GatewayConfig + default: {} + - name: routingViaHost type: - scalar: string - - name: nodeStatuses + scalar: boolean +- name: com.github.openshift.api.operator.v1.GatherStatus + map: + fields: + - name: gatherers type: list: elementType: - namedType: com.github.openshift.api.operator.v1.NodeStatus - elementRelationship: associative - keys: - - nodeName - - name: observedGeneration + namedType: com.github.openshift.api.operator.v1.GathererStatus + elementRelationship: atomic + - name: lastGatherDuration type: - scalar: numeric - - name: readyReplicas + namedType: Duration.v1.meta.apis.pkg.apimachinery.k8s.io + - name: lastGatherTime type: - scalar: numeric - default: 0 - - name: serviceAccountIssuers + namedType: Time.v1.meta.apis.pkg.apimachinery.k8s.io +- name: com.github.openshift.api.operator.v1.GathererStatus + map: + fields: + - name: conditions type: list: elementType: - namedType: com.github.openshift.api.operator.v1.ServiceAccountIssuerStatus + namedType: Condition.v1.meta.apis.pkg.apimachinery.k8s.io elementRelationship: atomic - - name: version + - name: lastGatherDuration + type: + namedType: Duration.v1.meta.apis.pkg.apimachinery.k8s.io + - name: name type: scalar: string -- name: com.github.openshift.api.operator.v1.KubeControllerManager + default: "" +- name: com.github.openshift.api.operator.v1.GenerationStatus map: fields: - - name: apiVersion + - name: group type: scalar: string - - name: kind + default: "" + - name: hash type: scalar: string - - name: metadata - type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta - default: {} - - name: spec + default: "" + - name: lastGeneration type: - namedType: com.github.openshift.api.operator.v1.KubeControllerManagerSpec - default: {} - - name: status + scalar: numeric + default: 0 + - name: name type: - namedType: com.github.openshift.api.operator.v1.KubeControllerManagerStatus - default: {} -- name: com.github.openshift.api.operator.v1.KubeControllerManagerSpec - map: - fields: - - name: failedRevisionLimit + scalar: string + default: "" + - name: namespace type: - scalar: numeric - - name: forceRedeploymentReason + scalar: string + default: "" + - name: resource type: scalar: string default: "" - - name: logLevel +- name: com.github.openshift.api.operator.v1.HTTPCompressionPolicy + map: + fields: + - name: mimeTypes + type: + list: + elementType: + scalar: string + elementRelationship: associative +- name: com.github.openshift.api.operator.v1.HealthCheck + map: + fields: + - name: advisorURI type: scalar: string - - name: managementState + default: "" + - name: description type: scalar: string default: "" - - name: observedConfig - type: - namedType: __untyped_atomic_ - - name: operatorLogLevel + - name: state type: scalar: string - - name: succeededRevisionLimit + default: "" + - name: totalRisk type: scalar: numeric - - name: unsupportedConfigOverrides - type: - namedType: __untyped_atomic_ - - name: useMoreSecureServiceCA - type: - scalar: boolean - default: false -- name: com.github.openshift.api.operator.v1.KubeControllerManagerStatus + default: 0 +- name: com.github.openshift.api.operator.v1.HostNetworkStrategy map: fields: - - name: conditions - type: - list: - elementType: - namedType: com.github.openshift.api.operator.v1.OperatorCondition - elementRelationship: associative - keys: - - type - - name: generations + - name: httpPort type: - list: - elementType: - namedType: com.github.openshift.api.operator.v1.GenerationStatus - elementRelationship: associative - keys: - - group - - resource - - namespace - - name - - name: latestAvailableRevision + scalar: numeric + - name: httpsPort type: scalar: numeric - - name: latestAvailableRevisionReason + - name: protocol type: scalar: string - - name: nodeStatuses + - name: statsPort + type: + scalar: numeric +- name: com.github.openshift.api.operator.v1.HybridOverlayConfig + map: + fields: + - name: hybridClusterNetwork type: list: elementType: - namedType: com.github.openshift.api.operator.v1.NodeStatus - elementRelationship: associative - keys: - - nodeName - - name: observedGeneration - type: - scalar: numeric - - name: readyReplicas + namedType: com.github.openshift.api.operator.v1.ClusterNetworkEntry + elementRelationship: atomic + - name: hybridOverlayVXLANPort type: scalar: numeric - default: 0 - - name: version - type: - scalar: string -- name: com.github.openshift.api.operator.v1.KubeScheduler +- name: com.github.openshift.api.operator.v1.IBMCloudCSIDriverConfigSpec map: fields: - - name: apiVersion + - name: encryptionKeyCRN type: scalar: string - - name: kind + default: "" +- name: com.github.openshift.api.operator.v1.IBMLoadBalancerParameters + map: + fields: + - name: protocol type: scalar: string - - name: metadata +- name: com.github.openshift.api.operator.v1.IPAMConfig + map: + fields: + - name: staticIPAMConfig type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta - default: {} - - name: spec + namedType: com.github.openshift.api.operator.v1.StaticIPAMConfig + - name: type type: - namedType: com.github.openshift.api.operator.v1.KubeSchedulerSpec - default: {} - - name: status + scalar: string + default: "" +- name: com.github.openshift.api.operator.v1.IPFIXConfig + map: + fields: + - name: collectors type: - namedType: com.github.openshift.api.operator.v1.KubeSchedulerStatus - default: {} -- name: com.github.openshift.api.operator.v1.KubeSchedulerSpec + list: + elementType: + scalar: string + elementRelationship: atomic +- name: com.github.openshift.api.operator.v1.IPsecConfig map: fields: - - name: failedRevisionLimit + - name: full type: - scalar: numeric - - name: forceRedeploymentReason + namedType: com.github.openshift.api.operator.v1.IPsecFullModeConfig + - name: mode type: scalar: string - default: "" - - name: logLevel + unions: + - discriminator: mode + fields: + - fieldName: full + discriminatorValue: Full +- name: com.github.openshift.api.operator.v1.IPsecFullModeConfig + map: + fields: + - name: encapsulation type: scalar: string - - name: managementState +- name: com.github.openshift.api.operator.v1.IPv4GatewayConfig + map: + fields: + - name: internalMasqueradeSubnet type: scalar: string - default: "" - - name: observedConfig - type: - namedType: __untyped_atomic_ - - name: operatorLogLevel +- name: com.github.openshift.api.operator.v1.IPv4OVNKubernetesConfig + map: + fields: + - name: internalJoinSubnet type: scalar: string - - name: succeededRevisionLimit - type: - scalar: numeric - - name: unsupportedConfigOverrides + - name: internalTransitSwitchSubnet type: - namedType: __untyped_atomic_ -- name: com.github.openshift.api.operator.v1.KubeSchedulerStatus + scalar: string +- name: com.github.openshift.api.operator.v1.IPv6GatewayConfig map: fields: - - name: conditions - type: - list: - elementType: - namedType: com.github.openshift.api.operator.v1.OperatorCondition - elementRelationship: associative - keys: - - type - - name: generations - type: - list: - elementType: - namedType: com.github.openshift.api.operator.v1.GenerationStatus - elementRelationship: associative - keys: - - group - - resource - - namespace - - name - - name: latestAvailableRevision - type: - scalar: numeric - - name: latestAvailableRevisionReason + - name: internalMasqueradeSubnet type: scalar: string - - name: nodeStatuses +- name: com.github.openshift.api.operator.v1.IPv6OVNKubernetesConfig + map: + fields: + - name: internalJoinSubnet type: - list: - elementType: - namedType: com.github.openshift.api.operator.v1.NodeStatus - elementRelationship: associative - keys: - - nodeName - - name: observedGeneration + scalar: string + - name: internalTransitSwitchSubnet type: - scalar: numeric - - name: readyReplicas + scalar: string +- name: com.github.openshift.api.operator.v1.Ingress + map: + fields: + - name: clientDownloadsURL type: - scalar: numeric - default: 0 - - name: version + scalar: string + default: "" + - name: consoleURL type: scalar: string -- name: com.github.openshift.api.operator.v1.KubeStorageVersionMigrator + default: "" +- name: com.github.openshift.api.operator.v1.IngressController map: fields: - name: apiVersion @@ -2418,99 +1999,85 @@ var schemaYAML = typed.YAMLObject(`types: scalar: string - name: metadata type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io default: {} - name: spec type: - namedType: com.github.openshift.api.operator.v1.KubeStorageVersionMigratorSpec + namedType: com.github.openshift.api.operator.v1.IngressControllerSpec default: {} - name: status type: - namedType: com.github.openshift.api.operator.v1.KubeStorageVersionMigratorStatus + namedType: com.github.openshift.api.operator.v1.IngressControllerStatus default: {} -- name: com.github.openshift.api.operator.v1.KubeStorageVersionMigratorSpec +- name: com.github.openshift.api.operator.v1.IngressControllerCaptureHTTPCookie map: fields: - - name: logLevel - type: - scalar: string - - name: managementState + - name: matchType type: scalar: string default: "" - - name: observedConfig + - name: maxLength type: - namedType: __untyped_atomic_ - - name: operatorLogLevel + scalar: numeric + default: 0 + - name: name type: scalar: string - - name: unsupportedConfigOverrides + default: "" + - name: namePrefix type: - namedType: __untyped_atomic_ -- name: com.github.openshift.api.operator.v1.KubeStorageVersionMigratorStatus + scalar: string + default: "" + unions: + - discriminator: matchType + fields: + - fieldName: name + discriminatorValue: Name + - fieldName: namePrefix + discriminatorValue: NamePrefix +- name: com.github.openshift.api.operator.v1.IngressControllerCaptureHTTPHeader map: fields: - - name: conditions - type: - list: - elementType: - namedType: com.github.openshift.api.operator.v1.OperatorCondition - elementRelationship: associative - keys: - - type - - name: generations - type: - list: - elementType: - namedType: com.github.openshift.api.operator.v1.GenerationStatus - elementRelationship: associative - keys: - - group - - resource - - namespace - - name - - name: latestAvailableRevision - type: - scalar: numeric - - name: observedGeneration - type: - scalar: numeric - - name: readyReplicas + - name: maxLength type: scalar: numeric default: 0 - - name: version + - name: name type: scalar: string -- name: com.github.openshift.api.operator.v1.LoadBalancerStrategy + default: "" +- name: com.github.openshift.api.operator.v1.IngressControllerCaptureHTTPHeaders map: fields: - - name: allowedSourceRanges + - name: request type: list: elementType: - scalar: string + namedType: com.github.openshift.api.operator.v1.IngressControllerCaptureHTTPHeader elementRelationship: atomic - - name: dnsManagementPolicy + - name: response type: - scalar: string - default: Managed - - name: providerParameters + list: + elementType: + namedType: com.github.openshift.api.operator.v1.IngressControllerCaptureHTTPHeader + elementRelationship: atomic +- name: com.github.openshift.api.operator.v1.IngressControllerHTTPHeader + map: + fields: + - name: action type: - namedType: com.github.openshift.api.operator.v1.ProviderLoadBalancerParameters - - name: scope + namedType: com.github.openshift.api.operator.v1.IngressControllerHTTPHeaderActionUnion + default: {} + - name: name type: scalar: string default: "" -- name: com.github.openshift.api.operator.v1.LoggingDestination +- name: com.github.openshift.api.operator.v1.IngressControllerHTTPHeaderActionUnion map: fields: - - name: container - type: - namedType: com.github.openshift.api.operator.v1.ContainerLoggingDestinationParameters - - name: syslog + - name: set type: - namedType: com.github.openshift.api.operator.v1.SyslogLoggingDestinationParameters + namedType: com.github.openshift.api.operator.v1.IngressControllerSetHTTPHeader - name: type type: scalar: string @@ -2518,187 +2085,219 @@ var schemaYAML = typed.YAMLObject(`types: unions: - discriminator: type fields: - - fieldName: container - discriminatorValue: Container - - fieldName: syslog - discriminatorValue: Syslog -- name: com.github.openshift.api.operator.v1.Logo + - fieldName: set + discriminatorValue: Set +- name: com.github.openshift.api.operator.v1.IngressControllerHTTPHeaderActions map: fields: - - name: themes + - name: request type: list: elementType: - namedType: com.github.openshift.api.operator.v1.Theme + namedType: com.github.openshift.api.operator.v1.IngressControllerHTTPHeader elementRelationship: associative keys: - - mode - - name: type + - name + - name: response type: - scalar: string - default: "" -- name: com.github.openshift.api.operator.v1.MTUMigration + list: + elementType: + namedType: com.github.openshift.api.operator.v1.IngressControllerHTTPHeader + elementRelationship: associative + keys: + - name +- name: com.github.openshift.api.operator.v1.IngressControllerHTTPHeaders map: fields: - - name: machine + - name: actions type: - namedType: com.github.openshift.api.operator.v1.MTUMigrationValues - - name: network + namedType: com.github.openshift.api.operator.v1.IngressControllerHTTPHeaderActions + default: {} + - name: forwardedHeaderPolicy type: - namedType: com.github.openshift.api.operator.v1.MTUMigrationValues -- name: com.github.openshift.api.operator.v1.MTUMigrationValues - map: - fields: - - name: from + scalar: string + - name: headerNameCaseAdjustments type: - scalar: numeric - - name: to + list: + elementType: + scalar: string + elementRelationship: atomic + - name: uniqueId type: - scalar: numeric -- name: com.github.openshift.api.operator.v1.MachineConfiguration + namedType: com.github.openshift.api.operator.v1.IngressControllerHTTPUniqueIdHeaderPolicy + default: {} +- name: com.github.openshift.api.operator.v1.IngressControllerHTTPUniqueIdHeaderPolicy map: fields: - - name: apiVersion + - name: format type: scalar: string - - name: kind + - name: name type: scalar: string - - name: metadata - type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta - default: {} - - name: spec +- name: com.github.openshift.api.operator.v1.IngressControllerLogging + map: + fields: + - name: access type: - namedType: com.github.openshift.api.operator.v1.MachineConfigurationSpec - default: {} - - name: status + namedType: com.github.openshift.api.operator.v1.AccessLogging +- name: com.github.openshift.api.operator.v1.IngressControllerSetHTTPHeader + map: + fields: + - name: value type: - namedType: com.github.openshift.api.operator.v1.MachineConfigurationStatus - default: {} -- name: com.github.openshift.api.operator.v1.MachineConfigurationSpec + scalar: string + default: "" +- name: com.github.openshift.api.operator.v1.IngressControllerSpec map: fields: - - name: bootImageSkewEnforcement + - name: clientTLS type: - namedType: com.github.openshift.api.operator.v1.BootImageSkewEnforcementConfig + namedType: com.github.openshift.api.operator.v1.ClientTLS default: {} - - name: failedRevisionLimit - type: - scalar: numeric - - name: forceRedeploymentReason + - name: closedClientConnectionPolicy type: scalar: string - default: "" - - name: irreconcilableValidationOverrides + default: Continue + - name: defaultCertificate type: - namedType: com.github.openshift.api.operator.v1.IrreconcilableValidationOverrides - default: {} - - name: logLevel + namedType: LocalObjectReference.v1.core.api.k8s.io + - name: domain type: scalar: string - - name: managedBootImages + - name: endpointPublishingStrategy type: - namedType: com.github.openshift.api.operator.v1.ManagedBootImages + namedType: com.github.openshift.api.operator.v1.EndpointPublishingStrategy + - name: httpCompression + type: + namedType: com.github.openshift.api.operator.v1.HTTPCompressionPolicy default: {} - - name: managementState + - name: httpEmptyRequestsPolicy type: scalar: string - default: "" - - name: nodeDisruptionPolicy + - name: httpErrorCodePages type: - namedType: com.github.openshift.api.operator.v1.NodeDisruptionPolicyConfig + namedType: com.github.openshift.api.config.v1.ConfigMapNameReference default: {} - - name: observedConfig + - name: httpHeaders type: - namedType: __untyped_atomic_ - - name: operatorLogLevel + namedType: com.github.openshift.api.operator.v1.IngressControllerHTTPHeaders + - name: idleConnectionTerminationPolicy type: scalar: string - - name: succeededRevisionLimit + default: Immediate + - name: logging + type: + namedType: com.github.openshift.api.operator.v1.IngressControllerLogging + - name: namespaceSelector + type: + namedType: LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io + - name: nodePlacement + type: + namedType: com.github.openshift.api.operator.v1.NodePlacement + - name: replicas type: scalar: numeric + - name: routeAdmission + type: + namedType: com.github.openshift.api.operator.v1.RouteAdmissionPolicy + - name: routeSelector + type: + namedType: LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io + - name: tlsSecurityProfile + type: + namedType: com.github.openshift.api.config.v1.TLSSecurityProfile + - name: tuningOptions + type: + namedType: com.github.openshift.api.operator.v1.IngressControllerTuningOptions + default: {} - name: unsupportedConfigOverrides type: - namedType: __untyped_atomic_ -- name: com.github.openshift.api.operator.v1.MachineConfigurationStatus + namedType: RawExtension.runtime.pkg.apimachinery.k8s.io +- name: com.github.openshift.api.operator.v1.IngressControllerStatus map: fields: - - name: bootImageSkewEnforcementStatus + - name: availableReplicas type: - namedType: com.github.openshift.api.operator.v1.BootImageSkewEnforcementStatus - default: {} + scalar: numeric + default: 0 - name: conditions type: list: elementType: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Condition + namedType: com.github.openshift.api.operator.v1.OperatorCondition elementRelationship: associative keys: - type - - name: managedBootImagesStatus + - name: domain type: - namedType: com.github.openshift.api.operator.v1.ManagedBootImages - default: {} - - name: nodeDisruptionPolicyStatus + scalar: string + default: "" + - name: endpointPublishingStrategy type: - namedType: com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatus - default: {} + namedType: com.github.openshift.api.operator.v1.EndpointPublishingStrategy + - name: namespaceSelector + type: + namedType: LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io - name: observedGeneration type: scalar: numeric -- name: com.github.openshift.api.operator.v1.MachineManager - map: - fields: - - name: apiGroup + - name: routeSelector type: - scalar: string - default: "" - - name: resource + namedType: LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io + - name: selector type: scalar: string default: "" - - name: selection + - name: tlsProfile type: - namedType: com.github.openshift.api.operator.v1.MachineManagerSelector - default: {} -- name: com.github.openshift.api.operator.v1.MachineManagerSelector + namedType: com.github.openshift.api.config.v1.TLSProfileSpec +- name: com.github.openshift.api.operator.v1.IngressControllerTuningOptions map: fields: - - name: mode + - name: clientFinTimeout type: - scalar: string - default: "" - - name: partial + namedType: Duration.v1.meta.apis.pkg.apimachinery.k8s.io + - name: clientTimeout type: - namedType: com.github.openshift.api.operator.v1.PartialSelector - unions: - - discriminator: mode - fields: - - fieldName: partial - discriminatorValue: Partial -- name: com.github.openshift.api.operator.v1.ManagedBootImages - map: - fields: - - name: machineManagers + namedType: Duration.v1.meta.apis.pkg.apimachinery.k8s.io + - name: connectTimeout type: - list: - elementType: - namedType: com.github.openshift.api.operator.v1.MachineManager - elementRelationship: associative - keys: - - resource - - apiGroup -- name: com.github.openshift.api.operator.v1.NetFlowConfig - map: - fields: - - name: collectors + namedType: Duration.v1.meta.apis.pkg.apimachinery.k8s.io + - name: headerBufferBytes + type: + scalar: numeric + - name: headerBufferMaxRewriteBytes + type: + scalar: numeric + - name: healthCheckInterval + type: + namedType: Duration.v1.meta.apis.pkg.apimachinery.k8s.io + - name: httpKeepAliveTimeout + type: + namedType: Duration.v1.meta.apis.pkg.apimachinery.k8s.io + - name: maxConnections + type: + scalar: numeric + - name: reloadInterval + type: + namedType: Duration.v1.meta.apis.pkg.apimachinery.k8s.io + - name: serverFinTimeout + type: + namedType: Duration.v1.meta.apis.pkg.apimachinery.k8s.io + - name: serverTimeout + type: + namedType: Duration.v1.meta.apis.pkg.apimachinery.k8s.io + - name: threadCount type: - list: - elementType: - scalar: string - elementRelationship: atomic -- name: com.github.openshift.api.operator.v1.Network + scalar: numeric + - name: tlsInspectDelay + type: + namedType: Duration.v1.meta.apis.pkg.apimachinery.k8s.io + - name: tunnelTimeout + type: + namedType: Duration.v1.meta.apis.pkg.apimachinery.k8s.io +- name: com.github.openshift.api.operator.v1.InsightsOperator map: fields: - name: apiVersion @@ -2709,71 +2308,19 @@ var schemaYAML = typed.YAMLObject(`types: scalar: string - name: metadata type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io default: {} - name: spec type: - namedType: com.github.openshift.api.operator.v1.NetworkSpec + namedType: com.github.openshift.api.operator.v1.InsightsOperatorSpec default: {} - name: status type: - namedType: com.github.openshift.api.operator.v1.NetworkStatus + namedType: com.github.openshift.api.operator.v1.InsightsOperatorStatus default: {} -- name: com.github.openshift.api.operator.v1.NetworkMigration - map: - fields: - - name: features - type: - namedType: com.github.openshift.api.operator.v1.FeaturesMigration - - name: mode - type: - scalar: string - - name: mtu - type: - namedType: com.github.openshift.api.operator.v1.MTUMigration - - name: networkType - type: - scalar: string -- name: com.github.openshift.api.operator.v1.NetworkSpec +- name: com.github.openshift.api.operator.v1.InsightsOperatorSpec map: fields: - - name: additionalNetworks - type: - list: - elementType: - namedType: com.github.openshift.api.operator.v1.AdditionalNetworkDefinition - elementRelationship: associative - keys: - - name - - name: additionalRoutingCapabilities - type: - namedType: com.github.openshift.api.operator.v1.AdditionalRoutingCapabilities - - name: clusterNetwork - type: - list: - elementType: - namedType: com.github.openshift.api.operator.v1.ClusterNetworkEntry - elementRelationship: atomic - - name: defaultNetwork - type: - namedType: com.github.openshift.api.operator.v1.DefaultNetworkDefinition - default: {} - - name: deployKubeProxy - type: - scalar: boolean - - name: disableMultiNetwork - type: - scalar: boolean - - name: disableNetworkDiagnostics - type: - scalar: boolean - default: false - - name: exportNetworkFlows - type: - namedType: com.github.openshift.api.operator.v1.ExportNetworkFlows - - name: kubeProxyConfig - type: - namedType: com.github.openshift.api.operator.v1.ProxyConfig - name: logLevel type: scalar: string @@ -2781,28 +2328,16 @@ var schemaYAML = typed.YAMLObject(`types: type: scalar: string default: "" - - name: migration - type: - namedType: com.github.openshift.api.operator.v1.NetworkMigration - name: observedConfig type: - namedType: __untyped_atomic_ + namedType: RawExtension.runtime.pkg.apimachinery.k8s.io - name: operatorLogLevel type: scalar: string - - name: serviceNetwork - type: - list: - elementType: - scalar: string - elementRelationship: atomic - name: unsupportedConfigOverrides type: - namedType: __untyped_atomic_ - - name: useMultiNetworkPolicy - type: - scalar: boolean -- name: com.github.openshift.api.operator.v1.NetworkStatus + namedType: RawExtension.runtime.pkg.apimachinery.k8s.io +- name: com.github.openshift.api.operator.v1.InsightsOperatorStatus map: fields: - name: conditions @@ -2813,6 +2348,10 @@ var schemaYAML = typed.YAMLObject(`types: elementRelationship: associative keys: - type + - name: gatherStatus + type: + namedType: com.github.openshift.api.operator.v1.GatherStatus + default: {} - name: generations type: list: @@ -2824,6 +2363,10 @@ var schemaYAML = typed.YAMLObject(`types: - resource - namespace - name + - name: insightsReport + type: + namedType: com.github.openshift.api.operator.v1.InsightsReport + default: {} - name: latestAvailableRevision type: scalar: numeric @@ -2837,228 +2380,329 @@ var schemaYAML = typed.YAMLObject(`types: - name: version type: scalar: string -- name: com.github.openshift.api.operator.v1.NodeDisruptionPolicyClusterStatus +- name: com.github.openshift.api.operator.v1.InsightsReport map: fields: - - name: files - type: - list: - elementType: - namedType: com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatusFile - elementRelationship: associative - keys: - - path - - name: sshkey + - name: downloadedAt type: - namedType: com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatusSSHKey - default: {} - - name: units + namedType: Time.v1.meta.apis.pkg.apimachinery.k8s.io + - name: healthChecks type: list: elementType: - namedType: com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatusUnit - elementRelationship: associative - keys: - - name -- name: com.github.openshift.api.operator.v1.NodeDisruptionPolicyConfig + namedType: com.github.openshift.api.operator.v1.HealthCheck + elementRelationship: atomic +- name: com.github.openshift.api.operator.v1.IrreconcilableValidationOverrides map: fields: - - name: files + - name: storage type: list: elementType: - namedType: com.github.openshift.api.operator.v1.NodeDisruptionPolicySpecFile + scalar: string elementRelationship: associative - keys: - - path - - name: sshkey +- name: com.github.openshift.api.operator.v1.KubeAPIServer + map: + fields: + - name: apiVersion type: - namedType: com.github.openshift.api.operator.v1.NodeDisruptionPolicySpecSSHKey + scalar: string + - name: kind + type: + scalar: string + - name: metadata + type: + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io default: {} - - name: units + - name: spec type: - list: - elementType: - namedType: com.github.openshift.api.operator.v1.NodeDisruptionPolicySpecUnit - elementRelationship: associative - keys: - - name -- name: com.github.openshift.api.operator.v1.NodeDisruptionPolicySpecAction + namedType: com.github.openshift.api.operator.v1.KubeAPIServerSpec + default: {} + - name: status + type: + namedType: com.github.openshift.api.operator.v1.KubeAPIServerStatus + default: {} +- name: com.github.openshift.api.operator.v1.KubeAPIServerSpec map: fields: - - name: reload + - name: eventTTLMinutes type: - namedType: com.github.openshift.api.operator.v1.ReloadService - - name: restart + scalar: numeric + - name: failedRevisionLimit type: - namedType: com.github.openshift.api.operator.v1.RestartService - - name: type + scalar: numeric + - name: forceRedeploymentReason type: scalar: string default: "" - unions: - - discriminator: type - fields: - - fieldName: reload - discriminatorValue: Reload - - fieldName: restart - discriminatorValue: Restart -- name: com.github.openshift.api.operator.v1.NodeDisruptionPolicySpecFile + - name: logLevel + type: + scalar: string + - name: managementState + type: + scalar: string + default: "" + - name: observedConfig + type: + namedType: RawExtension.runtime.pkg.apimachinery.k8s.io + - name: operatorLogLevel + type: + scalar: string + - name: succeededRevisionLimit + type: + scalar: numeric + - name: unsupportedConfigOverrides + type: + namedType: RawExtension.runtime.pkg.apimachinery.k8s.io +- name: com.github.openshift.api.operator.v1.KubeAPIServerStatus map: fields: - - name: actions + - name: conditions type: list: elementType: - namedType: com.github.openshift.api.operator.v1.NodeDisruptionPolicySpecAction - elementRelationship: atomic - - name: path + namedType: com.github.openshift.api.operator.v1.OperatorCondition + elementRelationship: associative + keys: + - type + - name: generations + type: + list: + elementType: + namedType: com.github.openshift.api.operator.v1.GenerationStatus + elementRelationship: associative + keys: + - group + - resource + - namespace + - name + - name: latestAvailableRevision + type: + scalar: numeric + - name: latestAvailableRevisionReason type: scalar: string - default: "" -- name: com.github.openshift.api.operator.v1.NodeDisruptionPolicySpecSSHKey - map: - fields: - - name: actions + - name: nodeStatuses type: list: elementType: - namedType: com.github.openshift.api.operator.v1.NodeDisruptionPolicySpecAction - elementRelationship: atomic -- name: com.github.openshift.api.operator.v1.NodeDisruptionPolicySpecUnit - map: - fields: - - name: actions + namedType: com.github.openshift.api.operator.v1.NodeStatus + elementRelationship: associative + keys: + - nodeName + - name: observedGeneration + type: + scalar: numeric + - name: readyReplicas + type: + scalar: numeric + default: 0 + - name: serviceAccountIssuers type: list: elementType: - namedType: com.github.openshift.api.operator.v1.NodeDisruptionPolicySpecAction + namedType: com.github.openshift.api.operator.v1.ServiceAccountIssuerStatus elementRelationship: atomic - - name: name + - name: version type: scalar: string - default: "" -- name: com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatus +- name: com.github.openshift.api.operator.v1.KubeControllerManager map: fields: - - name: clusterPolicies + - name: apiVersion type: - namedType: com.github.openshift.api.operator.v1.NodeDisruptionPolicyClusterStatus + scalar: string + - name: kind + type: + scalar: string + - name: metadata + type: + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io + default: {} + - name: spec + type: + namedType: com.github.openshift.api.operator.v1.KubeControllerManagerSpec + default: {} + - name: status + type: + namedType: com.github.openshift.api.operator.v1.KubeControllerManagerStatus default: {} -- name: com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatusAction +- name: com.github.openshift.api.operator.v1.KubeControllerManagerSpec map: fields: - - name: reload - type: - namedType: com.github.openshift.api.operator.v1.ReloadService - - name: restart + - name: failedRevisionLimit type: - namedType: com.github.openshift.api.operator.v1.RestartService - - name: type + scalar: numeric + - name: forceRedeploymentReason type: scalar: string default: "" - unions: - - discriminator: type - fields: - - fieldName: reload - discriminatorValue: Reload - - fieldName: restart - discriminatorValue: Restart -- name: com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatusFile - map: - fields: - - name: actions + - name: logLevel type: - list: - elementType: - namedType: com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatusAction - elementRelationship: atomic - - name: path + scalar: string + - name: managementState type: scalar: string default: "" -- name: com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatusSSHKey + - name: observedConfig + type: + namedType: RawExtension.runtime.pkg.apimachinery.k8s.io + - name: operatorLogLevel + type: + scalar: string + - name: succeededRevisionLimit + type: + scalar: numeric + - name: unsupportedConfigOverrides + type: + namedType: RawExtension.runtime.pkg.apimachinery.k8s.io + - name: useMoreSecureServiceCA + type: + scalar: boolean + default: false +- name: com.github.openshift.api.operator.v1.KubeControllerManagerStatus map: fields: - - name: actions + - name: conditions type: list: elementType: - namedType: com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatusAction - elementRelationship: atomic -- name: com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatusUnit - map: - fields: - - name: actions + namedType: com.github.openshift.api.operator.v1.OperatorCondition + elementRelationship: associative + keys: + - type + - name: generations type: list: elementType: - namedType: com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatusAction - elementRelationship: atomic - - name: name + namedType: com.github.openshift.api.operator.v1.GenerationStatus + elementRelationship: associative + keys: + - group + - resource + - namespace + - name + - name: latestAvailableRevision type: - scalar: string - default: "" -- name: com.github.openshift.api.operator.v1.NodePlacement - map: - fields: - - name: nodeSelector + scalar: numeric + - name: latestAvailableRevisionReason type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector - - name: tolerations + scalar: string + - name: nodeStatuses type: list: elementType: - namedType: io.k8s.api.core.v1.Toleration - elementRelationship: atomic -- name: com.github.openshift.api.operator.v1.NodePortStrategy + namedType: com.github.openshift.api.operator.v1.NodeStatus + elementRelationship: associative + keys: + - nodeName + - name: observedGeneration + type: + scalar: numeric + - name: readyReplicas + type: + scalar: numeric + default: 0 + - name: version + type: + scalar: string +- name: com.github.openshift.api.operator.v1.KubeScheduler map: fields: - - name: protocol + - name: apiVersion type: scalar: string -- name: com.github.openshift.api.operator.v1.NodeStatus + - name: kind + type: + scalar: string + - name: metadata + type: + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io + default: {} + - name: spec + type: + namedType: com.github.openshift.api.operator.v1.KubeSchedulerSpec + default: {} + - name: status + type: + namedType: com.github.openshift.api.operator.v1.KubeSchedulerStatus + default: {} +- name: com.github.openshift.api.operator.v1.KubeSchedulerSpec map: fields: - - name: currentRevision + - name: failedRevisionLimit type: scalar: numeric - - name: lastFailedCount + - name: forceRedeploymentReason type: - scalar: numeric - - name: lastFailedReason + scalar: string + default: "" + - name: logLevel type: scalar: string - - name: lastFailedRevision + - name: managementState + type: + scalar: string + default: "" + - name: observedConfig + type: + namedType: RawExtension.runtime.pkg.apimachinery.k8s.io + - name: operatorLogLevel + type: + scalar: string + - name: succeededRevisionLimit type: scalar: numeric - - name: lastFailedRevisionErrors + - name: unsupportedConfigOverrides + type: + namedType: RawExtension.runtime.pkg.apimachinery.k8s.io +- name: com.github.openshift.api.operator.v1.KubeSchedulerStatus + map: + fields: + - name: conditions type: list: elementType: - scalar: string - elementRelationship: atomic - - name: lastFailedTime + namedType: com.github.openshift.api.operator.v1.OperatorCondition + elementRelationship: associative + keys: + - type + - name: generations type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Time - - name: lastFallbackCount + list: + elementType: + namedType: com.github.openshift.api.operator.v1.GenerationStatus + elementRelationship: associative + keys: + - group + - resource + - namespace + - name + - name: latestAvailableRevision type: scalar: numeric - - name: nodeName + - name: latestAvailableRevisionReason type: scalar: string - default: "" - - name: targetRevision + - name: nodeStatuses + type: + list: + elementType: + namedType: com.github.openshift.api.operator.v1.NodeStatus + elementRelationship: associative + keys: + - nodeName + - name: observedGeneration type: scalar: numeric -- name: com.github.openshift.api.operator.v1.OAuthAPIServerStatus - map: - fields: - - name: latestAvailableRevision + - name: readyReplicas type: scalar: numeric -- name: com.github.openshift.api.operator.v1.OLM + default: 0 + - name: version + type: + scalar: string +- name: com.github.openshift.api.operator.v1.KubeStorageVersionMigrator map: fields: - name: apiVersion @@ -3069,17 +2713,17 @@ var schemaYAML = typed.YAMLObject(`types: scalar: string - name: metadata type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io default: {} - name: spec type: - namedType: com.github.openshift.api.operator.v1.OLMSpec + namedType: com.github.openshift.api.operator.v1.KubeStorageVersionMigratorSpec default: {} - name: status type: - namedType: com.github.openshift.api.operator.v1.OLMStatus + namedType: com.github.openshift.api.operator.v1.KubeStorageVersionMigratorStatus default: {} -- name: com.github.openshift.api.operator.v1.OLMSpec +- name: com.github.openshift.api.operator.v1.KubeStorageVersionMigratorSpec map: fields: - name: logLevel @@ -3091,14 +2735,14 @@ var schemaYAML = typed.YAMLObject(`types: default: "" - name: observedConfig type: - namedType: __untyped_atomic_ + namedType: RawExtension.runtime.pkg.apimachinery.k8s.io - name: operatorLogLevel type: scalar: string - name: unsupportedConfigOverrides type: - namedType: __untyped_atomic_ -- name: com.github.openshift.api.operator.v1.OLMStatus + namedType: RawExtension.runtime.pkg.apimachinery.k8s.io +- name: com.github.openshift.api.operator.v1.KubeStorageVersionMigratorStatus map: fields: - name: conditions @@ -3133,49 +2777,80 @@ var schemaYAML = typed.YAMLObject(`types: - name: version type: scalar: string -- name: com.github.openshift.api.operator.v1.OVNKubernetesConfig +- name: com.github.openshift.api.operator.v1.LoadBalancerStrategy map: fields: - - name: egressIPConfig + - name: allowedSourceRanges type: - namedType: com.github.openshift.api.operator.v1.EgressIPConfig - default: {} - - name: gatewayConfig + list: + elementType: + scalar: string + elementRelationship: atomic + - name: dnsManagementPolicy type: - namedType: com.github.openshift.api.operator.v1.GatewayConfig - - name: genevePort + scalar: string + default: Managed + - name: providerParameters type: - scalar: numeric - - name: hybridOverlayConfig + namedType: com.github.openshift.api.operator.v1.ProviderLoadBalancerParameters + - name: scope type: - namedType: com.github.openshift.api.operator.v1.HybridOverlayConfig - - name: ipsecConfig + scalar: string + default: "" +- name: com.github.openshift.api.operator.v1.LoggingDestination + map: + fields: + - name: container type: - namedType: com.github.openshift.api.operator.v1.IPsecConfig - default: - mode: Disabled - - name: ipv4 + namedType: com.github.openshift.api.operator.v1.ContainerLoggingDestinationParameters + - name: syslog type: - namedType: com.github.openshift.api.operator.v1.IPv4OVNKubernetesConfig - - name: ipv6 + namedType: com.github.openshift.api.operator.v1.SyslogLoggingDestinationParameters + - name: type type: - namedType: com.github.openshift.api.operator.v1.IPv6OVNKubernetesConfig - - name: mtu + scalar: string + default: "" + unions: + - discriminator: type + fields: + - fieldName: container + discriminatorValue: Container + - fieldName: syslog + discriminatorValue: Syslog +- name: com.github.openshift.api.operator.v1.Logo + map: + fields: + - name: themes + type: + list: + elementType: + namedType: com.github.openshift.api.operator.v1.Theme + elementRelationship: associative + keys: + - mode + - name: type type: - scalar: numeric - - name: policyAuditConfig + scalar: string + default: "" +- name: com.github.openshift.api.operator.v1.MTUMigration + map: + fields: + - name: machine type: - namedType: com.github.openshift.api.operator.v1.PolicyAuditConfig - - name: routeAdvertisements + namedType: com.github.openshift.api.operator.v1.MTUMigrationValues + - name: network type: - scalar: string - - name: v4InternalSubnet + namedType: com.github.openshift.api.operator.v1.MTUMigrationValues +- name: com.github.openshift.api.operator.v1.MTUMigrationValues + map: + fields: + - name: from type: - scalar: string - - name: v6InternalSubnet + scalar: numeric + - name: to type: - scalar: string -- name: com.github.openshift.api.operator.v1.OpenShiftAPIServer + scalar: numeric +- name: com.github.openshift.api.operator.v1.MachineConfiguration map: fields: - name: apiVersion @@ -3186,71 +2861,139 @@ var schemaYAML = typed.YAMLObject(`types: scalar: string - name: metadata type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io default: {} - name: spec type: - namedType: com.github.openshift.api.operator.v1.OpenShiftAPIServerSpec + namedType: com.github.openshift.api.operator.v1.MachineConfigurationSpec default: {} - name: status type: - namedType: com.github.openshift.api.operator.v1.OpenShiftAPIServerStatus + namedType: com.github.openshift.api.operator.v1.MachineConfigurationStatus default: {} -- name: com.github.openshift.api.operator.v1.OpenShiftAPIServerSpec +- name: com.github.openshift.api.operator.v1.MachineConfigurationSpec map: fields: + - name: bootImageSkewEnforcement + type: + namedType: com.github.openshift.api.operator.v1.BootImageSkewEnforcementConfig + default: {} + - name: failedRevisionLimit + type: + scalar: numeric + - name: forceRedeploymentReason + type: + scalar: string + default: "" + - name: irreconcilableValidationOverrides + type: + namedType: com.github.openshift.api.operator.v1.IrreconcilableValidationOverrides + default: {} - name: logLevel type: scalar: string + - name: managedBootImages + type: + namedType: com.github.openshift.api.operator.v1.ManagedBootImages + default: {} - name: managementState type: scalar: string default: "" + - name: nodeDisruptionPolicy + type: + namedType: com.github.openshift.api.operator.v1.NodeDisruptionPolicyConfig + default: {} - name: observedConfig type: - namedType: __untyped_atomic_ + namedType: RawExtension.runtime.pkg.apimachinery.k8s.io - name: operatorLogLevel type: scalar: string + - name: succeededRevisionLimit + type: + scalar: numeric - name: unsupportedConfigOverrides type: - namedType: __untyped_atomic_ -- name: com.github.openshift.api.operator.v1.OpenShiftAPIServerStatus + namedType: RawExtension.runtime.pkg.apimachinery.k8s.io +- name: com.github.openshift.api.operator.v1.MachineConfigurationStatus map: fields: + - name: bootImageSkewEnforcementStatus + type: + namedType: com.github.openshift.api.operator.v1.BootImageSkewEnforcementStatus + default: {} - name: conditions type: list: elementType: - namedType: com.github.openshift.api.operator.v1.OperatorCondition + namedType: Condition.v1.meta.apis.pkg.apimachinery.k8s.io elementRelationship: associative keys: - type - - name: generations + - name: managedBootImagesStatus type: - list: - elementType: - namedType: com.github.openshift.api.operator.v1.GenerationStatus - elementRelationship: associative - keys: - - group - - resource - - namespace - - name - - name: latestAvailableRevision + namedType: com.github.openshift.api.operator.v1.ManagedBootImages + default: {} + - name: nodeDisruptionPolicyStatus type: - scalar: numeric + namedType: com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatus + default: {} - name: observedGeneration type: scalar: numeric - - name: readyReplicas +- name: com.github.openshift.api.operator.v1.MachineManager + map: + fields: + - name: apiGroup type: - scalar: numeric - default: 0 - - name: version + scalar: string + default: "" + - name: resource type: scalar: string -- name: com.github.openshift.api.operator.v1.OpenShiftControllerManager + default: "" + - name: selection + type: + namedType: com.github.openshift.api.operator.v1.MachineManagerSelector + default: {} +- name: com.github.openshift.api.operator.v1.MachineManagerSelector + map: + fields: + - name: mode + type: + scalar: string + default: "" + - name: partial + type: + namedType: com.github.openshift.api.operator.v1.PartialSelector + unions: + - discriminator: mode + fields: + - fieldName: partial + discriminatorValue: Partial +- name: com.github.openshift.api.operator.v1.ManagedBootImages + map: + fields: + - name: machineManagers + type: + list: + elementType: + namedType: com.github.openshift.api.operator.v1.MachineManager + elementRelationship: associative + keys: + - resource + - apiGroup +- name: com.github.openshift.api.operator.v1.NetFlowConfig + map: + fields: + - name: collectors + type: + list: + elementType: + scalar: string + elementRelationship: atomic +- name: com.github.openshift.api.operator.v1.Network map: fields: - name: apiVersion @@ -3261,19 +3004,71 @@ var schemaYAML = typed.YAMLObject(`types: scalar: string - name: metadata type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io default: {} - name: spec type: - namedType: com.github.openshift.api.operator.v1.OpenShiftControllerManagerSpec + namedType: com.github.openshift.api.operator.v1.NetworkSpec default: {} - name: status type: - namedType: com.github.openshift.api.operator.v1.OpenShiftControllerManagerStatus + namedType: com.github.openshift.api.operator.v1.NetworkStatus default: {} -- name: com.github.openshift.api.operator.v1.OpenShiftControllerManagerSpec +- name: com.github.openshift.api.operator.v1.NetworkMigration + map: + fields: + - name: features + type: + namedType: com.github.openshift.api.operator.v1.FeaturesMigration + - name: mode + type: + scalar: string + - name: mtu + type: + namedType: com.github.openshift.api.operator.v1.MTUMigration + - name: networkType + type: + scalar: string +- name: com.github.openshift.api.operator.v1.NetworkSpec map: fields: + - name: additionalNetworks + type: + list: + elementType: + namedType: com.github.openshift.api.operator.v1.AdditionalNetworkDefinition + elementRelationship: associative + keys: + - name + - name: additionalRoutingCapabilities + type: + namedType: com.github.openshift.api.operator.v1.AdditionalRoutingCapabilities + - name: clusterNetwork + type: + list: + elementType: + namedType: com.github.openshift.api.operator.v1.ClusterNetworkEntry + elementRelationship: atomic + - name: defaultNetwork + type: + namedType: com.github.openshift.api.operator.v1.DefaultNetworkDefinition + default: {} + - name: deployKubeProxy + type: + scalar: boolean + - name: disableMultiNetwork + type: + scalar: boolean + - name: disableNetworkDiagnostics + type: + scalar: boolean + default: false + - name: exportNetworkFlows + type: + namedType: com.github.openshift.api.operator.v1.ExportNetworkFlows + - name: kubeProxyConfig + type: + namedType: com.github.openshift.api.operator.v1.ProxyConfig - name: logLevel type: scalar: string @@ -3281,16 +3076,28 @@ var schemaYAML = typed.YAMLObject(`types: type: scalar: string default: "" + - name: migration + type: + namedType: com.github.openshift.api.operator.v1.NetworkMigration - name: observedConfig type: - namedType: __untyped_atomic_ + namedType: RawExtension.runtime.pkg.apimachinery.k8s.io - name: operatorLogLevel type: scalar: string + - name: serviceNetwork + type: + list: + elementType: + scalar: string + elementRelationship: atomic - name: unsupportedConfigOverrides type: - namedType: __untyped_atomic_ -- name: com.github.openshift.api.operator.v1.OpenShiftControllerManagerStatus + namedType: RawExtension.runtime.pkg.apimachinery.k8s.io + - name: useMultiNetworkPolicy + type: + scalar: boolean +- name: com.github.openshift.api.operator.v1.NetworkStatus map: fields: - name: conditions @@ -3314,163 +3121,134 @@ var schemaYAML = typed.YAMLObject(`types: - name - name: latestAvailableRevision type: - scalar: numeric - - name: observedGeneration - type: - scalar: numeric - - name: readyReplicas - type: - scalar: numeric - default: 0 - - name: version - type: - scalar: string -- name: com.github.openshift.api.operator.v1.OpenShiftSDNConfig - map: - fields: - - name: enableUnidling - type: - scalar: boolean - - name: mode - type: - scalar: string - default: "" - - name: mtu - type: - scalar: numeric - - name: useExternalOpenvswitch - type: - scalar: boolean - - name: vxlanPort - type: - scalar: numeric -- name: com.github.openshift.api.operator.v1.OpenStackLoadBalancerParameters - map: - fields: - - name: floatingIP - type: - scalar: string -- name: com.github.openshift.api.operator.v1.OperatorCondition - map: - fields: - - name: lastTransitionTime - type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Time - - name: message - type: - scalar: string - - name: reason + scalar: numeric + - name: observedGeneration type: - scalar: string - - name: status + scalar: numeric + - name: readyReplicas type: - scalar: string - default: "" - - name: type + scalar: numeric + default: 0 + - name: version type: scalar: string - default: "" -- name: com.github.openshift.api.operator.v1.PartialSelector +- name: com.github.openshift.api.operator.v1.NodeDisruptionPolicyClusterStatus map: fields: - - name: machineResourceSelector + - name: files type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector -- name: com.github.openshift.api.operator.v1.Perspective + list: + elementType: + namedType: com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatusFile + elementRelationship: associative + keys: + - path + - name: sshkey + type: + namedType: com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatusSSHKey + default: {} + - name: units + type: + list: + elementType: + namedType: com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatusUnit + elementRelationship: associative + keys: + - name +- name: com.github.openshift.api.operator.v1.NodeDisruptionPolicyConfig map: fields: - - name: id - type: - scalar: string - default: "" - - name: pinnedResources + - name: files type: list: elementType: - namedType: com.github.openshift.api.operator.v1.PinnedResourceReference - elementRelationship: atomic - - name: visibility + namedType: com.github.openshift.api.operator.v1.NodeDisruptionPolicySpecFile + elementRelationship: associative + keys: + - path + - name: sshkey type: - namedType: com.github.openshift.api.operator.v1.PerspectiveVisibility + namedType: com.github.openshift.api.operator.v1.NodeDisruptionPolicySpecSSHKey default: {} -- name: com.github.openshift.api.operator.v1.PerspectiveVisibility + - name: units + type: + list: + elementType: + namedType: com.github.openshift.api.operator.v1.NodeDisruptionPolicySpecUnit + elementRelationship: associative + keys: + - name +- name: com.github.openshift.api.operator.v1.NodeDisruptionPolicySpecAction map: fields: - - name: accessReview + - name: reload type: - namedType: com.github.openshift.api.operator.v1.ResourceAttributesAccessReview - - name: state + namedType: com.github.openshift.api.operator.v1.ReloadService + - name: restart + type: + namedType: com.github.openshift.api.operator.v1.RestartService + - name: type type: scalar: string default: "" unions: - - discriminator: state + - discriminator: type fields: - - fieldName: accessReview - discriminatorValue: AccessReview -- name: com.github.openshift.api.operator.v1.PinnedResourceReference + - fieldName: reload + discriminatorValue: Reload + - fieldName: restart + discriminatorValue: Restart +- name: com.github.openshift.api.operator.v1.NodeDisruptionPolicySpecFile map: fields: - - name: group - type: - scalar: string - default: "" - - name: resource + - name: actions type: - scalar: string - default: "" - - name: version + list: + elementType: + namedType: com.github.openshift.api.operator.v1.NodeDisruptionPolicySpecAction + elementRelationship: atomic + - name: path type: scalar: string default: "" -- name: com.github.openshift.api.operator.v1.PolicyAuditConfig - map: - fields: - - name: destination - type: - scalar: string - - name: maxFileSize - type: - scalar: numeric - - name: maxLogFiles - type: - scalar: numeric - - name: rateLimit - type: - scalar: numeric - - name: syslogFacility - type: - scalar: string -- name: com.github.openshift.api.operator.v1.PrivateStrategy +- name: com.github.openshift.api.operator.v1.NodeDisruptionPolicySpecSSHKey map: fields: - - name: protocol + - name: actions type: - scalar: string -- name: com.github.openshift.api.operator.v1.ProjectAccess + list: + elementType: + namedType: com.github.openshift.api.operator.v1.NodeDisruptionPolicySpecAction + elementRelationship: atomic +- name: com.github.openshift.api.operator.v1.NodeDisruptionPolicySpecUnit map: fields: - - name: availableClusterRoles + - name: actions type: list: elementType: - scalar: string + namedType: com.github.openshift.api.operator.v1.NodeDisruptionPolicySpecAction elementRelationship: atomic -- name: com.github.openshift.api.operator.v1.ProviderLoadBalancerParameters + - name: name + type: + scalar: string + default: "" +- name: com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatus map: fields: - - name: aws - type: - namedType: com.github.openshift.api.operator.v1.AWSLoadBalancerParameters - - name: gcp + - name: clusterPolicies type: - namedType: com.github.openshift.api.operator.v1.GCPLoadBalancerParameters - - name: ibm + namedType: com.github.openshift.api.operator.v1.NodeDisruptionPolicyClusterStatus + default: {} +- name: com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatusAction + map: + fields: + - name: reload type: - namedType: com.github.openshift.api.operator.v1.IBMLoadBalancerParameters - - name: openstack + namedType: com.github.openshift.api.operator.v1.ReloadService + - name: restart type: - namedType: com.github.openshift.api.operator.v1.OpenStackLoadBalancerParameters + namedType: com.github.openshift.api.operator.v1.RestartService - name: type type: scalar: string @@ -3478,115 +3256,104 @@ var schemaYAML = typed.YAMLObject(`types: unions: - discriminator: type fields: - - fieldName: aws - discriminatorValue: AWS - - fieldName: gcp - discriminatorValue: GCP - - fieldName: ibm - discriminatorValue: IBM - - fieldName: openstack - discriminatorValue: OpenStack -- name: com.github.openshift.api.operator.v1.ProxyConfig - map: - fields: - - name: bindAddress - type: - scalar: string - - name: iptablesSyncPeriod - type: - scalar: string - - name: proxyArguments - type: - map: - elementType: - list: - elementType: - scalar: string - elementRelationship: atomic -- name: com.github.openshift.api.operator.v1.QuickStarts + - fieldName: reload + discriminatorValue: Reload + - fieldName: restart + discriminatorValue: Restart +- name: com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatusFile map: fields: - - name: disabled + - name: actions type: list: elementType: - scalar: string + namedType: com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatusAction elementRelationship: atomic -- name: com.github.openshift.api.operator.v1.ReloadService - map: - fields: - - name: serviceName + - name: path type: scalar: string default: "" -- name: com.github.openshift.api.operator.v1.ResourceAttributesAccessReview +- name: com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatusSSHKey map: fields: - - name: missing + - name: actions type: list: elementType: - namedType: io.k8s.api.authorization.v1.ResourceAttributes + namedType: com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatusAction elementRelationship: atomic - - name: required +- name: com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatusUnit + map: + fields: + - name: actions type: list: elementType: - namedType: io.k8s.api.authorization.v1.ResourceAttributes + namedType: com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatusAction elementRelationship: atomic -- name: com.github.openshift.api.operator.v1.RestartService - map: - fields: - - name: serviceName + - name: name type: scalar: string default: "" -- name: com.github.openshift.api.operator.v1.RouteAdmissionPolicy +- name: com.github.openshift.api.operator.v1.NodePlacement map: fields: - - name: namespaceOwnership - type: - scalar: string - - name: wildcardPolicy + - name: nodeSelector type: - scalar: string -- name: com.github.openshift.api.operator.v1.SFlowConfig - map: - fields: - - name: collectors + namedType: LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io + - name: tolerations type: list: elementType: - scalar: string + namedType: Toleration.v1.core.api.k8s.io elementRelationship: atomic -- name: com.github.openshift.api.operator.v1.Server +- name: com.github.openshift.api.operator.v1.NodePortStrategy map: fields: - - name: forwardPlugin + - name: protocol type: - namedType: com.github.openshift.api.operator.v1.ForwardPlugin - default: {} - - name: name + scalar: string +- name: com.github.openshift.api.operator.v1.NodeStatus + map: + fields: + - name: currentRevision + type: + scalar: numeric + - name: lastFailedCount + type: + scalar: numeric + - name: lastFailedReason type: scalar: string - default: "" - - name: zones + - name: lastFailedRevision + type: + scalar: numeric + - name: lastFailedRevisionErrors type: list: elementType: scalar: string elementRelationship: atomic -- name: com.github.openshift.api.operator.v1.ServiceAccountIssuerStatus - map: - fields: - - name: expirationTime + - name: lastFailedTime type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Time - - name: name + namedType: Time.v1.meta.apis.pkg.apimachinery.k8s.io + - name: lastFallbackCount + type: + scalar: numeric + - name: nodeName type: scalar: string default: "" -- name: com.github.openshift.api.operator.v1.ServiceCA + - name: targetRevision + type: + scalar: numeric +- name: com.github.openshift.api.operator.v1.OAuthAPIServerStatus + map: + fields: + - name: latestAvailableRevision + type: + scalar: numeric +- name: com.github.openshift.api.operator.v1.OLM map: fields: - name: apiVersion @@ -3597,17 +3364,17 @@ var schemaYAML = typed.YAMLObject(`types: scalar: string - name: metadata type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io default: {} - name: spec type: - namedType: com.github.openshift.api.operator.v1.ServiceCASpec + namedType: com.github.openshift.api.operator.v1.OLMSpec default: {} - name: status type: - namedType: com.github.openshift.api.operator.v1.ServiceCAStatus + namedType: com.github.openshift.api.operator.v1.OLMStatus default: {} -- name: com.github.openshift.api.operator.v1.ServiceCASpec +- name: com.github.openshift.api.operator.v1.OLMSpec map: fields: - name: logLevel @@ -3619,14 +3386,14 @@ var schemaYAML = typed.YAMLObject(`types: default: "" - name: observedConfig type: - namedType: __untyped_atomic_ + namedType: RawExtension.runtime.pkg.apimachinery.k8s.io - name: operatorLogLevel type: scalar: string - name: unsupportedConfigOverrides type: - namedType: __untyped_atomic_ -- name: com.github.openshift.api.operator.v1.ServiceCAStatus + namedType: RawExtension.runtime.pkg.apimachinery.k8s.io +- name: com.github.openshift.api.operator.v1.OLMStatus map: fields: - name: conditions @@ -3661,7 +3428,49 @@ var schemaYAML = typed.YAMLObject(`types: - name: version type: scalar: string -- name: com.github.openshift.api.operator.v1.ServiceCatalogAPIServer +- name: com.github.openshift.api.operator.v1.OVNKubernetesConfig + map: + fields: + - name: egressIPConfig + type: + namedType: com.github.openshift.api.operator.v1.EgressIPConfig + default: {} + - name: gatewayConfig + type: + namedType: com.github.openshift.api.operator.v1.GatewayConfig + - name: genevePort + type: + scalar: numeric + - name: hybridOverlayConfig + type: + namedType: com.github.openshift.api.operator.v1.HybridOverlayConfig + - name: ipsecConfig + type: + namedType: com.github.openshift.api.operator.v1.IPsecConfig + default: + mode: Disabled + - name: ipv4 + type: + namedType: com.github.openshift.api.operator.v1.IPv4OVNKubernetesConfig + - name: ipv6 + type: + namedType: com.github.openshift.api.operator.v1.IPv6OVNKubernetesConfig + - name: mtu + type: + scalar: numeric + - name: policyAuditConfig + type: + namedType: com.github.openshift.api.operator.v1.PolicyAuditConfig + - name: routeAdvertisements + type: + scalar: string + - name: v4InternalSubnet + type: + scalar: string + - name: v6InternalSubnet + type: + scalar: string +- name: com.github.openshift.api.operator.v1.OpenShiftAPIServer map: fields: - name: apiVersion @@ -3672,17 +3481,17 @@ var schemaYAML = typed.YAMLObject(`types: scalar: string - name: metadata type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io default: {} - name: spec type: - namedType: com.github.openshift.api.operator.v1.ServiceCatalogAPIServerSpec + namedType: com.github.openshift.api.operator.v1.OpenShiftAPIServerSpec default: {} - name: status type: - namedType: com.github.openshift.api.operator.v1.ServiceCatalogAPIServerStatus + namedType: com.github.openshift.api.operator.v1.OpenShiftAPIServerStatus default: {} -- name: com.github.openshift.api.operator.v1.ServiceCatalogAPIServerSpec +- name: com.github.openshift.api.operator.v1.OpenShiftAPIServerSpec map: fields: - name: logLevel @@ -3694,14 +3503,14 @@ var schemaYAML = typed.YAMLObject(`types: default: "" - name: observedConfig type: - namedType: __untyped_atomic_ + namedType: RawExtension.runtime.pkg.apimachinery.k8s.io - name: operatorLogLevel type: scalar: string - name: unsupportedConfigOverrides type: - namedType: __untyped_atomic_ -- name: com.github.openshift.api.operator.v1.ServiceCatalogAPIServerStatus + namedType: RawExtension.runtime.pkg.apimachinery.k8s.io +- name: com.github.openshift.api.operator.v1.OpenShiftAPIServerStatus map: fields: - name: conditions @@ -3736,7 +3545,7 @@ var schemaYAML = typed.YAMLObject(`types: - name: version type: scalar: string -- name: com.github.openshift.api.operator.v1.ServiceCatalogControllerManager +- name: com.github.openshift.api.operator.v1.OpenShiftControllerManager map: fields: - name: apiVersion @@ -3747,17 +3556,17 @@ var schemaYAML = typed.YAMLObject(`types: scalar: string - name: metadata type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io default: {} - name: spec type: - namedType: com.github.openshift.api.operator.v1.ServiceCatalogControllerManagerSpec + namedType: com.github.openshift.api.operator.v1.OpenShiftControllerManagerSpec default: {} - name: status type: - namedType: com.github.openshift.api.operator.v1.ServiceCatalogControllerManagerStatus + namedType: com.github.openshift.api.operator.v1.OpenShiftControllerManagerStatus default: {} -- name: com.github.openshift.api.operator.v1.ServiceCatalogControllerManagerSpec +- name: com.github.openshift.api.operator.v1.OpenShiftControllerManagerSpec map: fields: - name: logLevel @@ -3769,14 +3578,14 @@ var schemaYAML = typed.YAMLObject(`types: default: "" - name: observedConfig type: - namedType: __untyped_atomic_ + namedType: RawExtension.runtime.pkg.apimachinery.k8s.io - name: operatorLogLevel type: scalar: string - name: unsupportedConfigOverrides type: - namedType: __untyped_atomic_ -- name: com.github.openshift.api.operator.v1.ServiceCatalogControllerManagerStatus + namedType: RawExtension.runtime.pkg.apimachinery.k8s.io +- name: com.github.openshift.api.operator.v1.OpenShiftControllerManagerStatus map: fields: - name: conditions @@ -3811,85 +3620,268 @@ var schemaYAML = typed.YAMLObject(`types: - name: version type: scalar: string -- name: com.github.openshift.api.operator.v1.SimpleMacvlanConfig +- name: com.github.openshift.api.operator.v1.OpenShiftSDNConfig map: fields: - - name: ipamConfig - type: - namedType: com.github.openshift.api.operator.v1.IPAMConfig - - name: master + - name: enableUnidling type: - scalar: string + scalar: boolean - name: mode type: scalar: string + default: "" - name: mtu type: - scalar: numeric -- name: com.github.openshift.api.operator.v1.StaticIPAMAddresses + scalar: numeric + - name: useExternalOpenvswitch + type: + scalar: boolean + - name: vxlanPort + type: + scalar: numeric +- name: com.github.openshift.api.operator.v1.OpenStackLoadBalancerParameters + map: + fields: + - name: floatingIP + type: + scalar: string +- name: com.github.openshift.api.operator.v1.OperatorCondition + map: + fields: + - name: lastTransitionTime + type: + namedType: Time.v1.meta.apis.pkg.apimachinery.k8s.io + - name: message + type: + scalar: string + - name: reason + type: + scalar: string + - name: status + type: + scalar: string + default: "" + - name: type + type: + scalar: string + default: "" +- name: com.github.openshift.api.operator.v1.PartialSelector + map: + fields: + - name: machineResourceSelector + type: + namedType: LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io +- name: com.github.openshift.api.operator.v1.Perspective + map: + fields: + - name: id + type: + scalar: string + default: "" + - name: pinnedResources + type: + list: + elementType: + namedType: com.github.openshift.api.operator.v1.PinnedResourceReference + elementRelationship: atomic + - name: visibility + type: + namedType: com.github.openshift.api.operator.v1.PerspectiveVisibility + default: {} +- name: com.github.openshift.api.operator.v1.PerspectiveVisibility + map: + fields: + - name: accessReview + type: + namedType: com.github.openshift.api.operator.v1.ResourceAttributesAccessReview + - name: state + type: + scalar: string + default: "" + unions: + - discriminator: state + fields: + - fieldName: accessReview + discriminatorValue: AccessReview +- name: com.github.openshift.api.operator.v1.PinnedResourceReference + map: + fields: + - name: group + type: + scalar: string + default: "" + - name: resource + type: + scalar: string + default: "" + - name: version + type: + scalar: string + default: "" +- name: com.github.openshift.api.operator.v1.PolicyAuditConfig + map: + fields: + - name: destination + type: + scalar: string + - name: maxFileSize + type: + scalar: numeric + - name: maxLogFiles + type: + scalar: numeric + - name: rateLimit + type: + scalar: numeric + - name: syslogFacility + type: + scalar: string +- name: com.github.openshift.api.operator.v1.PrivateStrategy + map: + fields: + - name: protocol + type: + scalar: string +- name: com.github.openshift.api.operator.v1.ProjectAccess + map: + fields: + - name: availableClusterRoles + type: + list: + elementType: + scalar: string + elementRelationship: atomic +- name: com.github.openshift.api.operator.v1.ProviderLoadBalancerParameters + map: + fields: + - name: aws + type: + namedType: com.github.openshift.api.operator.v1.AWSLoadBalancerParameters + - name: gcp + type: + namedType: com.github.openshift.api.operator.v1.GCPLoadBalancerParameters + - name: ibm + type: + namedType: com.github.openshift.api.operator.v1.IBMLoadBalancerParameters + - name: openstack + type: + namedType: com.github.openshift.api.operator.v1.OpenStackLoadBalancerParameters + - name: type + type: + scalar: string + default: "" + unions: + - discriminator: type + fields: + - fieldName: aws + discriminatorValue: AWS + - fieldName: gcp + discriminatorValue: GCP + - fieldName: ibm + discriminatorValue: IBM + - fieldName: openstack + discriminatorValue: OpenStack +- name: com.github.openshift.api.operator.v1.ProxyConfig + map: + fields: + - name: bindAddress + type: + scalar: string + - name: iptablesSyncPeriod + type: + scalar: string + - name: proxyArguments + type: + map: + elementType: + list: + elementType: + scalar: string + elementRelationship: atomic +- name: com.github.openshift.api.operator.v1.QuickStarts + map: + fields: + - name: disabled + type: + list: + elementType: + scalar: string + elementRelationship: atomic +- name: com.github.openshift.api.operator.v1.ReloadService map: fields: - - name: address + - name: serviceName type: scalar: string default: "" - - name: gateway - type: - scalar: string -- name: com.github.openshift.api.operator.v1.StaticIPAMConfig +- name: com.github.openshift.api.operator.v1.ResourceAttributesAccessReview map: fields: - - name: addresses + - name: missing type: list: elementType: - namedType: com.github.openshift.api.operator.v1.StaticIPAMAddresses + namedType: ResourceAttributes.v1.authorization.api.k8s.io elementRelationship: atomic - - name: dns - type: - namedType: com.github.openshift.api.operator.v1.StaticIPAMDNS - - name: routes + - name: required type: list: elementType: - namedType: com.github.openshift.api.operator.v1.StaticIPAMRoutes + namedType: ResourceAttributes.v1.authorization.api.k8s.io elementRelationship: atomic -- name: com.github.openshift.api.operator.v1.StaticIPAMDNS +- name: com.github.openshift.api.operator.v1.RestartService map: fields: - - name: domain + - name: serviceName type: scalar: string - - name: nameservers + default: "" +- name: com.github.openshift.api.operator.v1.RouteAdmissionPolicy + map: + fields: + - name: namespaceOwnership type: - list: - elementType: - scalar: string - elementRelationship: atomic - - name: search + scalar: string + - name: wildcardPolicy + type: + scalar: string +- name: com.github.openshift.api.operator.v1.SFlowConfig + map: + fields: + - name: collectors type: list: elementType: scalar: string elementRelationship: atomic -- name: com.github.openshift.api.operator.v1.StaticIPAMRoutes +- name: com.github.openshift.api.operator.v1.Server map: fields: - - name: destination + - name: forwardPlugin + type: + namedType: com.github.openshift.api.operator.v1.ForwardPlugin + default: {} + - name: name type: scalar: string default: "" - - name: gateway + - name: zones type: - scalar: string -- name: com.github.openshift.api.operator.v1.StatuspageProvider + list: + elementType: + scalar: string + elementRelationship: atomic +- name: com.github.openshift.api.operator.v1.ServiceAccountIssuerStatus map: fields: - - name: pageID + - name: expirationTime + type: + namedType: Time.v1.meta.apis.pkg.apimachinery.k8s.io + - name: name type: scalar: string default: "" -- name: com.github.openshift.api.operator.v1.Storage +- name: com.github.openshift.api.operator.v1.ServiceCA map: fields: - name: apiVersion @@ -3900,17 +3892,17 @@ var schemaYAML = typed.YAMLObject(`types: scalar: string - name: metadata type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io default: {} - name: spec type: - namedType: com.github.openshift.api.operator.v1.StorageSpec + namedType: com.github.openshift.api.operator.v1.ServiceCASpec default: {} - name: status type: - namedType: com.github.openshift.api.operator.v1.StorageStatus + namedType: com.github.openshift.api.operator.v1.ServiceCAStatus default: {} -- name: com.github.openshift.api.operator.v1.StorageSpec +- name: com.github.openshift.api.operator.v1.ServiceCASpec map: fields: - name: logLevel @@ -3922,18 +3914,14 @@ var schemaYAML = typed.YAMLObject(`types: default: "" - name: observedConfig type: - namedType: __untyped_atomic_ + namedType: RawExtension.runtime.pkg.apimachinery.k8s.io - name: operatorLogLevel type: scalar: string - name: unsupportedConfigOverrides type: - namedType: __untyped_atomic_ - - name: vsphereStorageDriver - type: - scalar: string - default: "" -- name: com.github.openshift.api.operator.v1.StorageStatus + namedType: RawExtension.runtime.pkg.apimachinery.k8s.io +- name: com.github.openshift.api.operator.v1.ServiceCAStatus map: fields: - name: conditions @@ -3968,178 +3956,82 @@ var schemaYAML = typed.YAMLObject(`types: - name: version type: scalar: string -- name: com.github.openshift.api.operator.v1.SyslogLoggingDestinationParameters +- name: com.github.openshift.api.operator.v1.ServiceCatalogAPIServer map: fields: - - name: address - type: - scalar: string - default: "" - - name: facility + - name: apiVersion type: scalar: string - - name: maxLength - type: - scalar: numeric - - name: port - type: - scalar: numeric - default: 0 -- name: com.github.openshift.api.operator.v1.Theme - map: - fields: - - name: mode + - name: kind type: scalar: string - default: "" - - name: source + - name: metadata type: - namedType: com.github.openshift.api.operator.v1.FileReferenceSource + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io default: {} -- name: com.github.openshift.api.operator.v1.Upstream - map: - fields: - - name: address - type: - scalar: string - - name: port - type: - scalar: numeric - - name: type - type: - scalar: string - default: "" -- name: com.github.openshift.api.operator.v1.UpstreamResolvers - map: - fields: - - name: policy - type: - scalar: string - - name: protocolStrategy - type: - scalar: string - default: "" - - name: transportConfig + - name: spec type: - namedType: com.github.openshift.api.operator.v1.DNSTransportConfig + namedType: com.github.openshift.api.operator.v1.ServiceCatalogAPIServerSpec default: {} - - name: upstreams - type: - list: - elementType: - namedType: com.github.openshift.api.operator.v1.Upstream - elementRelationship: atomic -- name: com.github.openshift.api.operator.v1.VSphereCSIDriverConfigSpec - map: - fields: - - name: globalMaxSnapshotsPerBlockVolume - type: - scalar: numeric - - name: granularMaxSnapshotsPerBlockVolumeInVSAN - type: - scalar: numeric - - name: granularMaxSnapshotsPerBlockVolumeInVVOL - type: - scalar: numeric - - name: maxAllowedBlockVolumesPerNode - type: - scalar: numeric - - name: topologyCategories + - name: status type: - list: - elementType: - scalar: string - elementRelationship: atomic -- name: com.github.openshift.api.operator.v1alpha1.BackupJobReference + namedType: com.github.openshift.api.operator.v1.ServiceCatalogAPIServerStatus + default: {} +- name: com.github.openshift.api.operator.v1.ServiceCatalogAPIServerSpec map: fields: - - name: name + - name: logLevel type: scalar: string - default: "" - - name: namespace + - name: managementState type: scalar: string default: "" -- name: com.github.openshift.api.operator.v1alpha1.ClusterAPI - map: - fields: - - name: apiVersion + - name: observedConfig type: - scalar: string - - name: kind + namedType: RawExtension.runtime.pkg.apimachinery.k8s.io + - name: operatorLogLevel type: scalar: string - - name: metadata - type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta - default: {} - - name: spec - type: - namedType: com.github.openshift.api.operator.v1alpha1.ClusterAPISpec - default: {} - - name: status + - name: unsupportedConfigOverrides type: - namedType: com.github.openshift.api.operator.v1alpha1.ClusterAPIStatus - default: {} -- name: com.github.openshift.api.operator.v1alpha1.ClusterAPISpec + namedType: RawExtension.runtime.pkg.apimachinery.k8s.io +- name: com.github.openshift.api.operator.v1.ServiceCatalogAPIServerStatus map: fields: - - name: unmanagedCustomResourceDefinitions + - name: conditions type: list: elementType: - scalar: string + namedType: com.github.openshift.api.operator.v1.OperatorCondition elementRelationship: associative -- name: com.github.openshift.api.operator.v1alpha1.ClusterAPIStatus - map: - fields: - - name: activeConfigMaps - type: - list: - elementType: - scalar: string - elementRelationship: atomic - - name: targetConfigMaps + keys: + - type + - name: generations type: list: elementType: - scalar: string - elementRelationship: atomic -- name: com.github.openshift.api.operator.v1alpha1.ClusterVersionOperator - map: - fields: - - name: apiVersion - type: - scalar: string - - name: kind - type: - scalar: string - - name: metadata - type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta - default: {} - - name: spec - type: - namedType: com.github.openshift.api.operator.v1alpha1.ClusterVersionOperatorSpec - default: {} - - name: status - type: - namedType: com.github.openshift.api.operator.v1alpha1.ClusterVersionOperatorStatus - default: {} -- name: com.github.openshift.api.operator.v1alpha1.ClusterVersionOperatorSpec - map: - fields: - - name: operatorLogLevel + namedType: com.github.openshift.api.operator.v1.GenerationStatus + elementRelationship: associative + keys: + - group + - resource + - namespace + - name + - name: latestAvailableRevision type: - scalar: string -- name: com.github.openshift.api.operator.v1alpha1.ClusterVersionOperatorStatus - map: - fields: + scalar: numeric - name: observedGeneration type: scalar: numeric -- name: com.github.openshift.api.operator.v1alpha1.EtcdBackup + - name: readyReplicas + type: + scalar: numeric + default: 0 + - name: version + type: + scalar: string +- name: com.github.openshift.api.operator.v1.ServiceCatalogControllerManager map: fields: - name: apiVersion @@ -4150,64 +4042,149 @@ var schemaYAML = typed.YAMLObject(`types: scalar: string - name: metadata type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io default: {} - name: spec type: - namedType: com.github.openshift.api.operator.v1alpha1.EtcdBackupSpec + namedType: com.github.openshift.api.operator.v1.ServiceCatalogControllerManagerSpec default: {} - name: status type: - namedType: com.github.openshift.api.operator.v1alpha1.EtcdBackupStatus + namedType: com.github.openshift.api.operator.v1.ServiceCatalogControllerManagerStatus default: {} -- name: com.github.openshift.api.operator.v1alpha1.EtcdBackupSpec +- name: com.github.openshift.api.operator.v1.ServiceCatalogControllerManagerSpec map: fields: - - name: pvcName + - name: logLevel + type: + scalar: string + - name: managementState type: scalar: string default: "" -- name: com.github.openshift.api.operator.v1alpha1.EtcdBackupStatus + - name: observedConfig + type: + namedType: RawExtension.runtime.pkg.apimachinery.k8s.io + - name: operatorLogLevel + type: + scalar: string + - name: unsupportedConfigOverrides + type: + namedType: RawExtension.runtime.pkg.apimachinery.k8s.io +- name: com.github.openshift.api.operator.v1.ServiceCatalogControllerManagerStatus map: fields: - - name: backupJob - type: - namedType: com.github.openshift.api.operator.v1alpha1.BackupJobReference - name: conditions type: list: elementType: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Condition + namedType: com.github.openshift.api.operator.v1.OperatorCondition elementRelationship: associative keys: - type -- name: com.github.openshift.api.operator.v1alpha1.ImageContentSourcePolicy + - name: generations + type: + list: + elementType: + namedType: com.github.openshift.api.operator.v1.GenerationStatus + elementRelationship: associative + keys: + - group + - resource + - namespace + - name + - name: latestAvailableRevision + type: + scalar: numeric + - name: observedGeneration + type: + scalar: numeric + - name: readyReplicas + type: + scalar: numeric + default: 0 + - name: version + type: + scalar: string +- name: com.github.openshift.api.operator.v1.SimpleMacvlanConfig map: fields: - - name: apiVersion + - name: ipamConfig + type: + namedType: com.github.openshift.api.operator.v1.IPAMConfig + - name: master type: scalar: string - - name: kind + - name: mode type: scalar: string - - name: metadata + - name: mtu type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta - default: {} - - name: spec + scalar: numeric +- name: com.github.openshift.api.operator.v1.StaticIPAMAddresses + map: + fields: + - name: address type: - namedType: com.github.openshift.api.operator.v1alpha1.ImageContentSourcePolicySpec - default: {} -- name: com.github.openshift.api.operator.v1alpha1.ImageContentSourcePolicySpec + scalar: string + default: "" + - name: gateway + type: + scalar: string +- name: com.github.openshift.api.operator.v1.StaticIPAMConfig map: fields: - - name: repositoryDigestMirrors + - name: addresses type: list: elementType: - namedType: com.github.openshift.api.operator.v1alpha1.RepositoryDigestMirrors + namedType: com.github.openshift.api.operator.v1.StaticIPAMAddresses elementRelationship: atomic -- name: com.github.openshift.api.operator.v1alpha1.OLM + - name: dns + type: + namedType: com.github.openshift.api.operator.v1.StaticIPAMDNS + - name: routes + type: + list: + elementType: + namedType: com.github.openshift.api.operator.v1.StaticIPAMRoutes + elementRelationship: atomic +- name: com.github.openshift.api.operator.v1.StaticIPAMDNS + map: + fields: + - name: domain + type: + scalar: string + - name: nameservers + type: + list: + elementType: + scalar: string + elementRelationship: atomic + - name: search + type: + list: + elementType: + scalar: string + elementRelationship: atomic +- name: com.github.openshift.api.operator.v1.StaticIPAMRoutes + map: + fields: + - name: destination + type: + scalar: string + default: "" + - name: gateway + type: + scalar: string +- name: com.github.openshift.api.operator.v1.StatuspageProvider + map: + fields: + - name: pageID + type: + scalar: string + default: "" +- name: com.github.openshift.api.operator.v1.Storage map: fields: - name: apiVersion @@ -4218,17 +4195,17 @@ var schemaYAML = typed.YAMLObject(`types: scalar: string - name: metadata type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io default: {} - name: spec type: - namedType: com.github.openshift.api.operator.v1alpha1.OLMSpec + namedType: com.github.openshift.api.operator.v1.StorageSpec default: {} - name: status type: - namedType: com.github.openshift.api.operator.v1alpha1.OLMStatus + namedType: com.github.openshift.api.operator.v1.StorageStatus default: {} -- name: com.github.openshift.api.operator.v1alpha1.OLMSpec +- name: com.github.openshift.api.operator.v1.StorageSpec map: fields: - name: logLevel @@ -4240,14 +4217,18 @@ var schemaYAML = typed.YAMLObject(`types: default: "" - name: observedConfig type: - namedType: __untyped_atomic_ + namedType: RawExtension.runtime.pkg.apimachinery.k8s.io - name: operatorLogLevel type: scalar: string - name: unsupportedConfigOverrides type: - namedType: __untyped_atomic_ -- name: com.github.openshift.api.operator.v1alpha1.OLMStatus + namedType: RawExtension.runtime.pkg.apimachinery.k8s.io + - name: vsphereStorageDriver + type: + scalar: string + default: "" +- name: com.github.openshift.api.operator.v1.StorageStatus map: fields: - name: conditions @@ -4282,314 +4263,381 @@ var schemaYAML = typed.YAMLObject(`types: - name: version type: scalar: string -- name: com.github.openshift.api.operator.v1alpha1.RepositoryDigestMirrors +- name: com.github.openshift.api.operator.v1.SyslogLoggingDestinationParameters map: fields: - - name: mirrors - type: - list: - elementType: - scalar: string - elementRelationship: atomic - - name: source + - name: address type: scalar: string default: "" -- name: io.k8s.api.authorization.v1.FieldSelectorAttributes - map: - fields: - - name: rawSelector + - name: facility type: scalar: string - - name: requirements + - name: maxLength type: - list: - elementType: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.FieldSelectorRequirement - elementRelationship: atomic -- name: io.k8s.api.authorization.v1.LabelSelectorAttributes + scalar: numeric + - name: port + type: + scalar: numeric + default: 0 +- name: com.github.openshift.api.operator.v1.Theme map: fields: - - name: rawSelector + - name: mode type: scalar: string - - name: requirements + default: "" + - name: source type: - list: - elementType: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelectorRequirement - elementRelationship: atomic -- name: io.k8s.api.authorization.v1.ResourceAttributes + namedType: com.github.openshift.api.operator.v1.FileReferenceSource + default: {} +- name: com.github.openshift.api.operator.v1.Upstream map: fields: - - name: fieldSelector - type: - namedType: io.k8s.api.authorization.v1.FieldSelectorAttributes - - name: group + - name: address type: scalar: string - - name: labelSelector + - name: port type: - namedType: io.k8s.api.authorization.v1.LabelSelectorAttributes - - name: name + scalar: numeric + - name: type type: scalar: string - - name: namespace + default: "" +- name: com.github.openshift.api.operator.v1.UpstreamResolvers + map: + fields: + - name: policy type: scalar: string - - name: resource + - name: protocolStrategy type: scalar: string - - name: subresource + default: "" + - name: transportConfig type: - scalar: string - - name: verb + namedType: com.github.openshift.api.operator.v1.DNSTransportConfig + default: {} + - name: upstreams type: - scalar: string - - name: version + list: + elementType: + namedType: com.github.openshift.api.operator.v1.Upstream + elementRelationship: atomic +- name: com.github.openshift.api.operator.v1.VSphereCSIDriverConfigSpec + map: + fields: + - name: globalMaxSnapshotsPerBlockVolume type: - scalar: string -- name: io.k8s.api.core.v1.LocalObjectReference + scalar: numeric + - name: granularMaxSnapshotsPerBlockVolumeInVSAN + type: + scalar: numeric + - name: granularMaxSnapshotsPerBlockVolumeInVVOL + type: + scalar: numeric + - name: maxAllowedBlockVolumesPerNode + type: + scalar: numeric + - name: topologyCategories + type: + list: + elementType: + scalar: string + elementRelationship: atomic +- name: com.github.openshift.api.operator.v1alpha1.BackupJobReference map: fields: - name: name type: scalar: string default: "" - elementRelationship: atomic -- name: io.k8s.api.core.v1.Toleration + - name: namespace + type: + scalar: string + default: "" +- name: com.github.openshift.api.operator.v1alpha1.ClusterAPI map: fields: - - name: effect + - name: apiVersion type: scalar: string - - name: key + - name: kind type: scalar: string - - name: operator + - name: metadata type: - scalar: string - - name: tolerationSeconds + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io + default: {} + - name: spec type: - scalar: numeric - - name: value + namedType: com.github.openshift.api.operator.v1alpha1.ClusterAPISpec + - name: status + type: + namedType: com.github.openshift.api.operator.v1alpha1.ClusterAPIStatus + default: {} +- name: com.github.openshift.api.operator.v1alpha1.ClusterAPIInstallerComponent + map: + fields: + - name: image + type: + namedType: com.github.openshift.api.operator.v1alpha1.ClusterAPIInstallerComponentImage + default: {} + - name: type type: scalar: string -- name: io.k8s.apimachinery.pkg.apis.meta.v1.Condition + unions: + - discriminator: type + fields: + - fieldName: image + discriminatorValue: Image +- name: com.github.openshift.api.operator.v1alpha1.ClusterAPIInstallerComponentImage map: fields: - - name: lastTransitionTime - type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Time - - name: message - type: - scalar: string - default: "" - - name: observedGeneration - type: - scalar: numeric - - name: reason - type: - scalar: string - default: "" - - name: status + - name: profile type: scalar: string - default: "" - - name: type + - name: ref type: scalar: string - default: "" -- name: io.k8s.apimachinery.pkg.apis.meta.v1.Duration - scalar: string -- name: io.k8s.apimachinery.pkg.apis.meta.v1.FieldSelectorRequirement +- name: com.github.openshift.api.operator.v1alpha1.ClusterAPIInstallerRevision map: fields: - - name: key + - name: components + type: + list: + elementType: + namedType: com.github.openshift.api.operator.v1alpha1.ClusterAPIInstallerComponent + elementRelationship: atomic + - name: contentID type: scalar: string - default: "" - - name: operator + - name: name type: scalar: string - default: "" - - name: values + - name: revision + type: + scalar: numeric + - name: unmanagedCustomResourceDefinitions type: list: elementType: scalar: string elementRelationship: atomic -- name: io.k8s.apimachinery.pkg.apis.meta.v1.FieldsV1 - map: - elementType: - scalar: untyped - list: - elementType: - namedType: __untyped_atomic_ - elementRelationship: atomic - map: - elementType: - namedType: __untyped_deduced_ - elementRelationship: separable -- name: io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector + elementRelationship: atomic +- name: com.github.openshift.api.operator.v1alpha1.ClusterAPISpec map: fields: - - name: matchExpressions + - name: unmanagedCustomResourceDefinitions type: list: - elementType: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelectorRequirement - elementRelationship: atomic - - name: matchLabels - type: - map: elementType: scalar: string - elementRelationship: atomic -- name: io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelectorRequirement + elementRelationship: associative +- name: com.github.openshift.api.operator.v1alpha1.ClusterAPIStatus map: fields: - - name: key + - name: currentRevision type: scalar: string - default: "" - - name: operator + - name: desiredRevision type: scalar: string - default: "" - - name: values + - name: revisions type: list: elementType: - scalar: string + namedType: com.github.openshift.api.operator.v1alpha1.ClusterAPIInstallerRevision elementRelationship: atomic -- name: io.k8s.apimachinery.pkg.apis.meta.v1.ManagedFieldsEntry +- name: com.github.openshift.api.operator.v1alpha1.ClusterVersionOperator map: fields: - name: apiVersion type: scalar: string - - name: fieldsType + - name: kind type: scalar: string - - name: fieldsV1 + - name: metadata type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.FieldsV1 - - name: manager + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io + default: {} + - name: spec type: - scalar: string - - name: operation + namedType: com.github.openshift.api.operator.v1alpha1.ClusterVersionOperatorSpec + default: {} + - name: status type: - scalar: string - - name: subresource + namedType: com.github.openshift.api.operator.v1alpha1.ClusterVersionOperatorStatus + default: {} +- name: com.github.openshift.api.operator.v1alpha1.ClusterVersionOperatorSpec + map: + fields: + - name: operatorLogLevel type: scalar: string - - name: time +- name: com.github.openshift.api.operator.v1alpha1.ClusterVersionOperatorStatus + map: + fields: + - name: observedGeneration type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Time -- name: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + scalar: numeric +- name: com.github.openshift.api.operator.v1alpha1.EtcdBackup map: fields: - - name: annotations + - name: apiVersion type: - map: - elementType: - scalar: string - - name: creationTimestamp + scalar: string + - name: kind type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Time - - name: deletionGracePeriodSeconds + scalar: string + - name: metadata type: - scalar: numeric - - name: deletionTimestamp + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io + default: {} + - name: spec type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Time - - name: finalizers + namedType: com.github.openshift.api.operator.v1alpha1.EtcdBackupSpec + default: {} + - name: status + type: + namedType: com.github.openshift.api.operator.v1alpha1.EtcdBackupStatus + default: {} +- name: com.github.openshift.api.operator.v1alpha1.EtcdBackupSpec + map: + fields: + - name: pvcName + type: + scalar: string + default: "" +- name: com.github.openshift.api.operator.v1alpha1.EtcdBackupStatus + map: + fields: + - name: backupJob + type: + namedType: com.github.openshift.api.operator.v1alpha1.BackupJobReference + - name: conditions type: list: elementType: - scalar: string + namedType: Condition.v1.meta.apis.pkg.apimachinery.k8s.io elementRelationship: associative - - name: generateName + keys: + - type +- name: com.github.openshift.api.operator.v1alpha1.ImageContentSourcePolicy + map: + fields: + - name: apiVersion type: scalar: string - - name: generation + - name: kind type: - scalar: numeric - - name: labels + scalar: string + - name: metadata type: - map: - elementType: - scalar: string - - name: managedFields + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io + default: {} + - name: spec + type: + namedType: com.github.openshift.api.operator.v1alpha1.ImageContentSourcePolicySpec + default: {} +- name: com.github.openshift.api.operator.v1alpha1.ImageContentSourcePolicySpec + map: + fields: + - name: repositoryDigestMirrors type: list: elementType: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ManagedFieldsEntry + namedType: com.github.openshift.api.operator.v1alpha1.RepositoryDigestMirrors elementRelationship: atomic - - name: name +- name: com.github.openshift.api.operator.v1alpha1.OLM + map: + fields: + - name: apiVersion type: scalar: string - - name: namespace + - name: kind type: scalar: string - - name: ownerReferences + - name: metadata type: - list: - elementType: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.OwnerReference - elementRelationship: associative - keys: - - uid - - name: resourceVersion + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io + default: {} + - name: spec + type: + namedType: com.github.openshift.api.operator.v1alpha1.OLMSpec + default: {} + - name: status + type: + namedType: com.github.openshift.api.operator.v1alpha1.OLMStatus + default: {} +- name: com.github.openshift.api.operator.v1alpha1.OLMSpec + map: + fields: + - name: logLevel type: scalar: string - - name: selfLink + - name: managementState type: scalar: string - - name: uid + default: "" + - name: observedConfig + type: + namedType: RawExtension.runtime.pkg.apimachinery.k8s.io + - name: operatorLogLevel type: scalar: string -- name: io.k8s.apimachinery.pkg.apis.meta.v1.OwnerReference + - name: unsupportedConfigOverrides + type: + namedType: RawExtension.runtime.pkg.apimachinery.k8s.io +- name: com.github.openshift.api.operator.v1alpha1.OLMStatus map: fields: - - name: apiVersion + - name: conditions type: - scalar: string - default: "" - - name: blockOwnerDeletion + list: + elementType: + namedType: com.github.openshift.api.operator.v1.OperatorCondition + elementRelationship: associative + keys: + - type + - name: generations type: - scalar: boolean - - name: controller + list: + elementType: + namedType: com.github.openshift.api.operator.v1.GenerationStatus + elementRelationship: associative + keys: + - group + - resource + - namespace + - name + - name: latestAvailableRevision type: - scalar: boolean - - name: kind + scalar: numeric + - name: observedGeneration type: - scalar: string - default: "" - - name: name + scalar: numeric + - name: readyReplicas + type: + scalar: numeric + default: 0 + - name: version type: scalar: string - default: "" - - name: uid +- name: com.github.openshift.api.operator.v1alpha1.RepositoryDigestMirrors + map: + fields: + - name: mirrors + type: + list: + elementType: + scalar: string + elementRelationship: atomic + - name: source type: scalar: string default: "" - elementRelationship: atomic -- name: io.k8s.apimachinery.pkg.apis.meta.v1.Time - scalar: untyped -- name: io.k8s.apimachinery.pkg.runtime.RawExtension - map: - elementType: - scalar: untyped - list: - elementType: - namedType: __untyped_atomic_ - elementRelationship: atomic - map: - elementType: - namedType: __untyped_deduced_ - elementRelationship: separable - name: __untyped_atomic_ scalar: untyped list: diff --git a/vendor/github.com/openshift/controller-runtime-common/LICENSE b/vendor/github.com/openshift/controller-runtime-common/LICENSE new file mode 100644 index 0000000000..261eeb9e9f --- /dev/null +++ b/vendor/github.com/openshift/controller-runtime-common/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/vendor/github.com/openshift/controller-runtime-common/pkg/tls/controller.go b/vendor/github.com/openshift/controller-runtime-common/pkg/tls/controller.go new file mode 100644 index 0000000000..788634fa9a --- /dev/null +++ b/vendor/github.com/openshift/controller-runtime-common/pkg/tls/controller.go @@ -0,0 +1,161 @@ +/* +Copyright 2026 Red Hat, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package tls + +import ( + "context" + "fmt" + "reflect" + + "github.com/go-logr/logr" + configv1 "github.com/openshift/api/config/v1" + apierrors "k8s.io/apimachinery/pkg/api/errors" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/builder" + "sigs.k8s.io/controller-runtime/pkg/client" + "sigs.k8s.io/controller-runtime/pkg/event" + "sigs.k8s.io/controller-runtime/pkg/log" + "sigs.k8s.io/controller-runtime/pkg/predicate" + "sigs.k8s.io/controller-runtime/pkg/reconcile" +) + +// SecurityProfileWatcher watches the APIServer object for TLS profile changes +// and triggers a graceful shutdown when the profile changes. +type SecurityProfileWatcher struct { + client.Client + + // InitialTLSProfileSpec is the TLS profile spec that was configured when the operator started. + InitialTLSProfileSpec configv1.TLSProfileSpec + + // InitialTLSAdherencePolicy is the TLS adherence policy that was configured when the operator started. + InitialTLSAdherencePolicy configv1.TLSAdherencePolicy + + // OnProfileChange is a function that will be called when the TLS profile changes. + // It receives the reconcile context, old and new TLS profile specs. + // This allows the caller to make decisions based on the actual profile changes. + // + // The most common use case for this callback is + // to trigger a graceful shutdown of the operator + // to make it pick up the new configuration. + // + // Example: + // + // // Create a context that can be cancelled when there is a need to shut down the manager. + // ctx, cancel := context.WithCancel(ctrl.SetupSignalHandler()) + // defer cancel() + // + // watcher := &SecurityProfileWatcher{ + // OnProfileChange: func(ctx context.Context, old, new configv1.TLSProfileSpec) { + // logger.Infof("TLS profile has changed, initiating a shutdown to reload it. %q: %+v, %q: %+v", + // "old profile", old, + // "new profile", new, + // ) + // // Cancel the outer context to trigger a graceful shutdown of the manager. + // cancel() + // }, + // } + OnProfileChange func(ctx context.Context, oldTLSProfileSpec, newTLSProfileSpec configv1.TLSProfileSpec) + + // OnAdherencePolicyChange is a function that will be called when the TLS adherence policy changes. + OnAdherencePolicyChange func(ctx context.Context, oldTLSAdherencePolicy, newTLSAdherencePolicy configv1.TLSAdherencePolicy) +} + +// SetupWithManager sets up the controller with the Manager. +func (r *SecurityProfileWatcher) SetupWithManager(mgr ctrl.Manager) error { + if err := ctrl.NewControllerManagedBy(mgr). + Named("tlssecurityprofilewatcher"). + For(&configv1.APIServer{}, builder.WithPredicates( + predicate.Funcs{ + // Only watch the "cluster" APIServer object. + CreateFunc: func(e event.CreateEvent) bool { + return e.Object.GetName() == APIServerName + }, + UpdateFunc: func(e event.UpdateEvent) bool { + return e.ObjectNew.GetName() == APIServerName + }, + DeleteFunc: func(e event.DeleteEvent) bool { + return e.Object.GetName() == APIServerName + }, + GenericFunc: func(e event.GenericEvent) bool { + return e.Object.GetName() == APIServerName + }, + }, + )). + // Override the default log constructor as it makes the logs very chatty. + WithLogConstructor(func(_ *reconcile.Request) logr.Logger { + return mgr.GetLogger().WithValues( + "controller", "tlssecurityprofilewatcher", + ) + }). + Complete(r); err != nil { + return fmt.Errorf("could not set up controller for TLS security profile watcher: %w", err) + } + + return nil +} + +// Reconcile watches for changes to the APIServer TLS profile and triggers a shutdown +// when the profile changes from the initial configuration. +func (r *SecurityProfileWatcher) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) { + logger := log.FromContext(ctx, "name", req.Name) + + logger.V(1).Info("Reconciling APIServer TLS profile") + defer logger.V(1).Info("Finished reconciling APIServer TLS profile") + + // Fetch the APIServer object. + apiServer := &configv1.APIServer{} + if err := r.Get(ctx, req.NamespacedName, apiServer); err != nil { + if apierrors.IsNotFound(err) { + // If the APIServer object is not found, we don't need to do anything. + // This could happen if the object was deleted. + return ctrl.Result{}, nil + } + + return ctrl.Result{}, fmt.Errorf("failed to get APIServer %s: %w", req.NamespacedName.String(), err) + } + + // Get the current TLS profile spec. + currentTLSProfileSpec, err := GetTLSProfileSpec(apiServer.Spec.TLSSecurityProfile) + if err != nil { + return ctrl.Result{}, fmt.Errorf("failed to get TLS profile from APIServer %s: %w", req.NamespacedName.String(), err) + } + + // Compare the current TLS profile spec with the initial one. + if tlsProfileChanged := !reflect.DeepEqual(r.InitialTLSProfileSpec, currentTLSProfileSpec); tlsProfileChanged { + // TLS profile has changed, invoke the callback if it is set. + if r.OnProfileChange != nil { + r.OnProfileChange(ctx, r.InitialTLSProfileSpec, currentTLSProfileSpec) + } + + // Persist the new profile for future change detection. + r.InitialTLSProfileSpec = currentTLSProfileSpec + } + + // Compare the current TLS adherence policy with the initial one. + if tlsAdherencePolicyChanged := r.InitialTLSAdherencePolicy != apiServer.Spec.TLSAdherence; tlsAdherencePolicyChanged { + // TLS adherence policy has changed, invoke the callback if it is set. + if r.OnAdherencePolicyChange != nil { + r.OnAdherencePolicyChange(ctx, r.InitialTLSAdherencePolicy, apiServer.Spec.TLSAdherence) + } + + // Persist the new adherence policy for future change detection. + r.InitialTLSAdherencePolicy = apiServer.Spec.TLSAdherence + } + + // No need to requeue, as the callback will handle further actions. + return ctrl.Result{}, nil +} diff --git a/vendor/github.com/openshift/controller-runtime-common/pkg/tls/tls.go b/vendor/github.com/openshift/controller-runtime-common/pkg/tls/tls.go new file mode 100644 index 0000000000..ce1e8c7d9f --- /dev/null +++ b/vendor/github.com/openshift/controller-runtime-common/pkg/tls/tls.go @@ -0,0 +1,168 @@ +/* +Copyright 2026 Red Hat, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Package tls provides utilities for working with OpenShift TLS profiles. +package tls + +import ( + "context" + "crypto/tls" + "errors" + "fmt" + + configv1 "github.com/openshift/api/config/v1" + libgocrypto "github.com/openshift/library-go/pkg/crypto" + "sigs.k8s.io/controller-runtime/pkg/client" +) + +const ( + // APIServerName is the name of the APIServer resource in the cluster. + APIServerName = "cluster" +) + +var ( + // ErrCustomProfileNil is returned when a custom TLS profile is specified but the Custom field is nil. + ErrCustomProfileNil = errors.New("custom TLS profile specified but Custom field is nil") + + // DefaultTLSCiphers are the default TLS ciphers for API servers. + DefaultTLSCiphers = configv1.TLSProfiles[configv1.TLSProfileIntermediateType].Ciphers //nolint:gochecknoglobals + // DefaultMinTLSVersion is the default minimum TLS version for API servers. + DefaultMinTLSVersion = configv1.TLSProfiles[configv1.TLSProfileIntermediateType].MinTLSVersion //nolint:gochecknoglobals +) + +// FetchAPIServerTLSProfile fetches the TLS profile spec configured in APIServer. +// If no profile is configured, the default profile is returned. +func FetchAPIServerTLSProfile(ctx context.Context, k8sClient client.Client) (configv1.TLSProfileSpec, error) { + apiServer := &configv1.APIServer{} + key := client.ObjectKey{Name: APIServerName} + + if err := k8sClient.Get(ctx, key, apiServer); err != nil { + return configv1.TLSProfileSpec{}, fmt.Errorf("failed to get APIServer %q: %w", key.String(), err) + } + + profile, err := GetTLSProfileSpec(apiServer.Spec.TLSSecurityProfile) + if err != nil { + return configv1.TLSProfileSpec{}, fmt.Errorf("failed to get TLS profile from APIServer %q: %w", key.String(), err) + } + + return profile, nil +} + +// FetchAPIServerTLSAdherencePolicy fetches the TLS adherence policy configured in APIServer. +// If no policy is configured, the default policy is returned. +func FetchAPIServerTLSAdherencePolicy(ctx context.Context, k8sClient client.Client) (configv1.TLSAdherencePolicy, error) { + apiServer := &configv1.APIServer{} + key := client.ObjectKey{Name: APIServerName} + + if err := k8sClient.Get(ctx, key, apiServer); err != nil { + return configv1.TLSAdherencePolicyNoOpinion, fmt.Errorf("failed to get APIServer %q: %w", key.String(), err) + } + + return apiServer.Spec.TLSAdherence, nil +} + +// GetTLSProfileSpec returns TLSProfileSpec for the given profile. +// If no profile is configured, the default profile is returned. +func GetTLSProfileSpec(profile *configv1.TLSSecurityProfile) (configv1.TLSProfileSpec, error) { + // Define the default profile (at the time of writing, this is the intermediate profile). + defaultProfile := *configv1.TLSProfiles[configv1.TLSProfileIntermediateType] + // If the profile is nil or the type is empty, return the default profile. + if profile == nil || profile.Type == "" { + return defaultProfile, nil + } + + // Get the profile type. + profileType := profile.Type + + // If the profile type is not custom, return the profile from the map. + if profileType != configv1.TLSProfileCustomType { + if tlsConfig, ok := configv1.TLSProfiles[profileType]; ok { + return *tlsConfig, nil + } + + // If the profile type is not found, return the default profile. + return defaultProfile, nil + } + + if profile.Custom == nil { + // If the custom profile is nil, return an error. + return configv1.TLSProfileSpec{}, ErrCustomProfileNil + } + + // Return the custom profile spec. + return profile.Custom.TLSProfileSpec, nil +} + +// NewTLSConfigFromProfile returns a function that configures a tls.Config based on the provided TLSProfileSpec, +// along with any cipher names from the profile that are not supported by the library-go crypto package. +// The returned function is intended to be used with controller-runtime's TLSOpts. +// +// Note: CipherSuites are only set when MinVersion is below TLS 1.3, as Go's TLS 1.3 implementation +// does not allow configuring cipher suites - all TLS 1.3 ciphers are always enabled. +// See: https://github.com/golang/go/issues/29349 +func NewTLSConfigFromProfile(profile configv1.TLSProfileSpec) (tlsConfig func(*tls.Config), unsupportedCiphers []string) { + minVersion := libgocrypto.TLSVersionOrDie(string(profile.MinTLSVersion)) + cipherSuites, unsupportedCiphers := cipherCodes(profile.Ciphers) + + return func(tlsConf *tls.Config) { + tlsConf.MinVersion = minVersion + // TODO: add curve preferences from profile once https://github.com/openshift/api/pull/2583 merges. + // tlsConf.CurvePreferences <<<<<< profile.Curves + + // TLS 1.3 cipher suites are not configurable in Go (https://github.com/golang/go/issues/29349), so only set CipherSuites accordingly. + // TODO: revisit this once we get an answer on the best way to handle this here: + // https://docs.google.com/document/d/1cMc9E8psHfnoK06ntR8kHSWB8d3rMtmldhnmM4nImjs/edit?disco=AAABu_nPcYg + if minVersion != tls.VersionTLS13 { + tlsConf.CipherSuites = cipherSuites + } + }, unsupportedCiphers +} + +// cipherCode returns the TLS cipher code for an OpenSSL or IANA cipher name. +// Returns 0 if the cipher is not supported. +func cipherCode(cipher string) uint16 { + // First try as IANA name directly. + if code, err := libgocrypto.CipherSuite(cipher); err == nil { + return code + } + + // Try converting from OpenSSL name to IANA name. + ianaCiphers := libgocrypto.OpenSSLToIANACipherSuites([]string{cipher}) + if len(ianaCiphers) == 1 { + if code, err := libgocrypto.CipherSuite(ianaCiphers[0]); err == nil { + return code + } + } + + // Return 0 if the cipher is not supported. + return 0 +} + +// cipherCodes converts a list of cipher names (OpenSSL or IANA format) to their uint16 codes. +// Returns the converted codes and a list of any unsupported cipher names. +func cipherCodes(ciphers []string) (codes []uint16, unsupportedCiphers []string) { + for _, cipher := range ciphers { + code := cipherCode(cipher) + if code == 0 { + unsupportedCiphers = append(unsupportedCiphers, cipher) + continue + } + + codes = append(codes, code) + } + + return codes, unsupportedCiphers +} diff --git a/vendor/github.com/openshift/library-go/pkg/crypto/tls_adherence.go b/vendor/github.com/openshift/library-go/pkg/crypto/tls_adherence.go new file mode 100644 index 0000000000..ef0e1af51a --- /dev/null +++ b/vendor/github.com/openshift/library-go/pkg/crypto/tls_adherence.go @@ -0,0 +1,23 @@ +package crypto + +import ( + configv1 "github.com/openshift/api/config/v1" +) + +// ShouldHonorClusterTLSProfile returns true if the component should honor the +// cluster-wide TLS security profile settings from apiserver.config.openshift.io/cluster. +// +// When this returns true (StrictAllComponents mode), components must honor the +// cluster-wide TLS profile unless they have a component-specific TLS configuration +// that overrides it. +// +// Unknown enum values are treated as StrictAllComponents for forward compatibility +// and to default to the more secure behavior. +func ShouldHonorClusterTLSProfile(tlsAdherence configv1.TLSAdherencePolicy) bool { + switch tlsAdherence { + case configv1.TLSAdherencePolicyNoOpinion, configv1.TLSAdherencePolicyLegacyAdheringComponentsOnly: + return false + default: + return true + } +} diff --git a/vendor/github.com/openshift/library-go/pkg/operator/v1helpers/helpers.go b/vendor/github.com/openshift/library-go/pkg/operator/v1helpers/helpers.go index fd34ec6201..f4a0943e51 100644 --- a/vendor/github.com/openshift/library-go/pkg/operator/v1helpers/helpers.go +++ b/vendor/github.com/openshift/library-go/pkg/operator/v1helpers/helpers.go @@ -123,11 +123,22 @@ type UpdateOperatorSpecFunc func(spec *operatorv1.OperatorSpec) error func UpdateSpec(ctx context.Context, client OperatorClient, updateFuncs ...UpdateOperatorSpecFunc) (*operatorv1.OperatorSpec, bool, error) { updated := false var operatorSpec *operatorv1.OperatorSpec + previousResourceVersion := "" err := retry.RetryOnConflict(retry.DefaultBackoff, func() error { oldSpec, _, resourceVersion, err := client.GetOperatorState() if err != nil { return err } + if resourceVersion == previousResourceVersion { + // Lister is stale (e.g. after a conflict or restart); do a live GET to get the current resourceVersion. + listerResourceVersion := resourceVersion + oldSpec, _, resourceVersion, err = client.GetOperatorStateWithQuorum(ctx) + if err != nil { + return err + } + klog.V(2).Infof("lister was stale at resourceVersion=%v, live get showed resourceVersion=%v", listerResourceVersion, resourceVersion) + } + previousResourceVersion = resourceVersion newSpec := oldSpec.DeepCopy() for _, update := range updateFuncs { diff --git a/vendor/golang.org/x/mod/modfile/print.go b/vendor/golang.org/x/mod/modfile/print.go index 2a0123d4b9..48dbd82aec 100644 --- a/vendor/golang.org/x/mod/modfile/print.go +++ b/vendor/golang.org/x/mod/modfile/print.go @@ -33,7 +33,7 @@ type printer struct { } // printf prints to the buffer. -func (p *printer) printf(format string, args ...interface{}) { +func (p *printer) printf(format string, args ...any) { fmt.Fprintf(p, format, args...) } diff --git a/vendor/golang.org/x/mod/modfile/read.go b/vendor/golang.org/x/mod/modfile/read.go index 2d7486804f..504a2f1df6 100644 --- a/vendor/golang.org/x/mod/modfile/read.go +++ b/vendor/golang.org/x/mod/modfile/read.go @@ -94,7 +94,7 @@ func (x *FileSyntax) Span() (start, end Position) { // line, the new line is added at the end of the block containing hint, // extracting hint into a new block if it is not yet in one. // -// If the hint is non-nil buts its first token does not match, +// If the hint is non-nil but its first token does not match, // the new line is added after the block containing hint // (or hint itself, if not in a block). // @@ -600,7 +600,7 @@ func (in *input) readToken() { // Checked all punctuation. Must be identifier token. if c := in.peekRune(); !isIdent(c) { - in.Error(fmt.Sprintf("unexpected input character %#q", c)) + in.Error(fmt.Sprintf("unexpected input character %#q", rune(c))) } // Scan over identifier. diff --git a/vendor/golang.org/x/mod/modfile/rule.go b/vendor/golang.org/x/mod/modfile/rule.go index a86ee4fd82..c5b8305de7 100644 --- a/vendor/golang.org/x/mod/modfile/rule.go +++ b/vendor/golang.org/x/mod/modfile/rule.go @@ -368,7 +368,7 @@ func (f *File) add(errs *ErrorList, block *LineBlock, line *Line, verb string, a Err: err, }) } - errorf := func(format string, args ...interface{}) { + errorf := func(format string, args ...any) { wrapError(fmt.Errorf(format, args...)) } @@ -574,7 +574,7 @@ func parseReplace(filename string, line *Line, verb string, args []string, fix V Err: err, } } - errorf := func(format string, args ...interface{}) *Error { + errorf := func(format string, args ...any) *Error { return wrapError(fmt.Errorf(format, args...)) } @@ -685,7 +685,7 @@ func (f *WorkFile) add(errs *ErrorList, line *Line, verb string, args []string, Err: err, }) } - errorf := func(format string, args ...interface{}) { + errorf := func(format string, args ...any) { wrapError(fmt.Errorf(format, args...)) } @@ -1594,7 +1594,7 @@ func (f *File) AddRetract(vi VersionInterval, rationale string) error { r.Syntax = f.Syntax.addLine(nil, "retract", "[", AutoQuote(vi.Low), ",", AutoQuote(vi.High), "]") } if rationale != "" { - for _, line := range strings.Split(rationale, "\n") { + for line := range strings.SplitSeq(rationale, "\n") { com := Comment{Token: "// " + line} r.Syntax.Comment().Before = append(r.Syntax.Comment().Before, com) } diff --git a/vendor/golang.org/x/mod/module/module.go b/vendor/golang.org/x/mod/module/module.go index 16e1aa7ab4..739c13f48f 100644 --- a/vendor/golang.org/x/mod/module/module.go +++ b/vendor/golang.org/x/mod/module/module.go @@ -261,7 +261,7 @@ func modPathOK(r rune) bool { // importPathOK reports whether r can appear in a package import path element. // -// Import paths are intermediate between module paths and file paths: we allow +// Import paths are intermediate between module paths and file paths: we // disallow characters that would be confusing or ambiguous as arguments to // 'go get' (such as '@' and ' ' ), but allow certain characters that are // otherwise-unambiguous on the command line and historically used for some @@ -802,8 +802,8 @@ func MatchPrefixPatterns(globs, target string) bool { for globs != "" { // Extract next non-empty glob in comma-separated list. var glob string - if i := strings.Index(globs, ","); i >= 0 { - glob, globs = globs[:i], globs[i+1:] + if before, after, ok := strings.Cut(globs, ","); ok { + glob, globs = before, after } else { glob, globs = globs, "" } diff --git a/vendor/golang.org/x/mod/semver/semver.go b/vendor/golang.org/x/mod/semver/semver.go index 628f8fd687..824b282c83 100644 --- a/vendor/golang.org/x/mod/semver/semver.go +++ b/vendor/golang.org/x/mod/semver/semver.go @@ -45,8 +45,8 @@ func IsValid(v string) bool { // Canonical returns the canonical formatting of the semantic version v. // It fills in any missing .MINOR or .PATCH and discards build metadata. -// Two semantic versions compare equal only if their canonical formattings -// are identical strings. +// Two semantic versions compare equal only if their canonical formatting +// is an identical string. // The canonical invalid semantic version is the empty string. func Canonical(v string) string { p, ok := parse(v) diff --git a/vendor/golang.org/x/net/http2/transport.go b/vendor/golang.org/x/net/http2/transport.go index 1965913e54..ccb87e6da3 100644 --- a/vendor/golang.org/x/net/http2/transport.go +++ b/vendor/golang.org/x/net/http2/transport.go @@ -376,11 +376,24 @@ type ClientConn struct { // completely unresponsive connection. pendingResets int + // readBeforeStreamID is the smallest stream ID that has not been followed by + // a frame read from the peer. We use this to determine when a request may + // have been sent to a completely unresponsive connection: + // If the request ID is less than readBeforeStreamID, then we have had some + // indication of life on the connection since sending the request. + readBeforeStreamID uint32 + // reqHeaderMu is a 1-element semaphore channel controlling access to sending new requests. // Write to reqHeaderMu to lock it, read from it to unlock. // Lock reqmu BEFORE mu or wmu. reqHeaderMu chan struct{} + // internalStateHook reports state changes back to the net/http.ClientConn. + // Note that this is different from the user state hook registered by + // net/http.ClientConn.SetStateHook: The internal hook calls ClientConn, + // which calls the user hook. + internalStateHook func() + // wmu is held while writing. // Acquire BEFORE mu when holding both, to avoid blocking mu on network writes. // Only acquire both at the same time when changing peer settings. @@ -710,7 +723,7 @@ func canRetryError(err error) bool { func (t *Transport) dialClientConn(ctx context.Context, addr string, singleUse bool) (*ClientConn, error) { if t.transportTestHooks != nil { - return t.newClientConn(nil, singleUse) + return t.newClientConn(nil, singleUse, nil) } host, _, err := net.SplitHostPort(addr) if err != nil { @@ -720,7 +733,7 @@ func (t *Transport) dialClientConn(ctx context.Context, addr string, singleUse b if err != nil { return nil, err } - return t.newClientConn(tconn, singleUse) + return t.newClientConn(tconn, singleUse, nil) } func (t *Transport) newTLSConfig(host string) *tls.Config { @@ -772,10 +785,10 @@ func (t *Transport) expectContinueTimeout() time.Duration { } func (t *Transport) NewClientConn(c net.Conn) (*ClientConn, error) { - return t.newClientConn(c, t.disableKeepAlives()) + return t.newClientConn(c, t.disableKeepAlives(), nil) } -func (t *Transport) newClientConn(c net.Conn, singleUse bool) (*ClientConn, error) { +func (t *Transport) newClientConn(c net.Conn, singleUse bool, internalStateHook func()) (*ClientConn, error) { conf := configFromTransport(t) cc := &ClientConn{ t: t, @@ -797,6 +810,7 @@ func (t *Transport) newClientConn(c net.Conn, singleUse bool) (*ClientConn, erro pings: make(map[[8]byte]chan struct{}), reqHeaderMu: make(chan struct{}, 1), lastActive: time.Now(), + internalStateHook: internalStateHook, } if t.transportTestHooks != nil { t.transportTestHooks.newclientconn(cc) @@ -1037,10 +1051,7 @@ func (cc *ClientConn) idleStateLocked() (st clientConnIdleState) { maxConcurrentOkay = cc.currentRequestCountLocked() < int(cc.maxConcurrentStreams) } - st.canTakeNewRequest = cc.goAway == nil && !cc.closed && !cc.closing && maxConcurrentOkay && - !cc.doNotReuse && - int64(cc.nextStreamID)+2*int64(cc.pendingRequests) < math.MaxInt32 && - !cc.tooIdleLocked() + st.canTakeNewRequest = maxConcurrentOkay && cc.isUsableLocked() // If this connection has never been used for a request and is closed, // then let it take a request (which will fail). @@ -1056,6 +1067,31 @@ func (cc *ClientConn) idleStateLocked() (st clientConnIdleState) { return } +func (cc *ClientConn) isUsableLocked() bool { + return cc.goAway == nil && + !cc.closed && + !cc.closing && + !cc.doNotReuse && + int64(cc.nextStreamID)+2*int64(cc.pendingRequests) < math.MaxInt32 && + !cc.tooIdleLocked() +} + +// canReserveLocked reports whether a net/http.ClientConn can reserve a slot on this conn. +// +// This follows slightly different rules than clientConnIdleState.canTakeNewRequest. +// We only permit reservations up to the conn's concurrency limit. +// This differs from ClientConn.ReserveNewRequest, which permits reservations +// past the limit when StrictMaxConcurrentStreams is set. +func (cc *ClientConn) canReserveLocked() bool { + if cc.currentRequestCountLocked() >= int(cc.maxConcurrentStreams) { + return false + } + if !cc.isUsableLocked() { + return false + } + return true +} + // currentRequestCountLocked reports the number of concurrency slots currently in use, // including active streams, reserved slots, and reset streams waiting for acknowledgement. func (cc *ClientConn) currentRequestCountLocked() int { @@ -1067,6 +1103,14 @@ func (cc *ClientConn) canTakeNewRequestLocked() bool { return st.canTakeNewRequest } +// availableLocked reports the number of concurrency slots available. +func (cc *ClientConn) availableLocked() int { + if !cc.canTakeNewRequestLocked() { + return 0 + } + return max(0, int(cc.maxConcurrentStreams)-cc.currentRequestCountLocked()) +} + // tooIdleLocked reports whether this connection has been been sitting idle // for too much wall time. func (cc *ClientConn) tooIdleLocked() bool { @@ -1091,6 +1135,7 @@ func (cc *ClientConn) closeConn() { t := time.AfterFunc(250*time.Millisecond, cc.forceCloseConn) defer t.Stop() cc.tconn.Close() + cc.maybeCallStateHook() } // A tls.Conn.Close can hang for a long time if the peer is unresponsive. @@ -1616,6 +1661,8 @@ func (cs *clientStream) cleanupWriteRequest(err error) { } bodyClosed := cs.reqBodyClosed closeOnIdle := cc.singleUse || cc.doNotReuse || cc.t.disableKeepAlives() || cc.goAway != nil + // Have we read any frames from the connection since sending this request? + readSinceStream := cc.readBeforeStreamID > cs.ID cc.mu.Unlock() if mustCloseBody { cs.reqBody.Close() @@ -1647,8 +1694,10 @@ func (cs *clientStream) cleanupWriteRequest(err error) { // // This could be due to the server becoming unresponsive. // To avoid sending too many requests on a dead connection, - // we let the request continue to consume a concurrency slot - // until we can confirm the server is still responding. + // if we haven't read any frames from the connection since + // sending this request, we let it continue to consume + // a concurrency slot until we can confirm the server is + // still responding. // We do this by sending a PING frame along with the RST_STREAM // (unless a ping is already in flight). // @@ -1659,7 +1708,7 @@ func (cs *clientStream) cleanupWriteRequest(err error) { // because it's short lived and will probably be closed before // we get the ping response. ping := false - if !closeOnIdle { + if !closeOnIdle && !readSinceStream { cc.mu.Lock() // rstStreamPingsBlocked works around a gRPC behavior: // see comment on the field for details. @@ -1693,6 +1742,7 @@ func (cs *clientStream) cleanupWriteRequest(err error) { } close(cs.donec) + cc.maybeCallStateHook() } // awaitOpenSlotForStreamLocked waits until len(streams) < maxConcurrentStreams. @@ -2745,6 +2795,7 @@ func (rl *clientConnReadLoop) streamByID(id uint32, headerOrData bool) *clientSt // See comment on ClientConn.rstStreamPingsBlocked for details. rl.cc.rstStreamPingsBlocked = false } + rl.cc.readBeforeStreamID = rl.cc.nextStreamID cs := rl.cc.streams[id] if cs != nil && !cs.readAborted { return cs @@ -2795,6 +2846,7 @@ func (rl *clientConnReadLoop) processSettings(f *SettingsFrame) error { func (rl *clientConnReadLoop) processSettingsNoWrite(f *SettingsFrame) error { cc := rl.cc + defer cc.maybeCallStateHook() cc.mu.Lock() defer cc.mu.Unlock() @@ -2975,6 +3027,7 @@ func (cc *ClientConn) Ping(ctx context.Context) error { func (rl *clientConnReadLoop) processPing(f *PingFrame) error { if f.IsAck() { cc := rl.cc + defer cc.maybeCallStateHook() cc.mu.Lock() defer cc.mu.Unlock() // If ack, notify listener if any @@ -3198,9 +3251,13 @@ func registerHTTPSProtocol(t *http.Transport, rt noDialH2RoundTripper) (err erro } // noDialH2RoundTripper is a RoundTripper which only tries to complete the request -// if there's already has a cached connection to the host. +// if there's already a cached connection to the host. // (The field is exported so it can be accessed via reflect from net/http; tested // by TestNoDialH2RoundTripperType) +// +// A noDialH2RoundTripper is registered with http1.Transport.RegisterProtocol, +// and the http1.Transport can use type assertions to call non-RoundTrip methods on it. +// This lets us expose, for example, NewClientConn to net/http. type noDialH2RoundTripper struct{ *Transport } func (rt noDialH2RoundTripper) RoundTrip(req *http.Request) (*http.Response, error) { @@ -3211,6 +3268,85 @@ func (rt noDialH2RoundTripper) RoundTrip(req *http.Request) (*http.Response, err return res, err } +func (rt noDialH2RoundTripper) NewClientConn(conn net.Conn, internalStateHook func()) (http.RoundTripper, error) { + tr := rt.Transport + cc, err := tr.newClientConn(conn, tr.disableKeepAlives(), internalStateHook) + if err != nil { + return nil, err + } + + // RoundTrip should block when the conn is at its concurrency limit, + // not return an error. Setting strictMaxConcurrentStreams enables this. + cc.strictMaxConcurrentStreams = true + + return netHTTPClientConn{cc}, nil +} + +// netHTTPClientConn wraps ClientConn and implements the interface net/http expects from +// the RoundTripper returned by NewClientConn. +type netHTTPClientConn struct { + cc *ClientConn +} + +func (cc netHTTPClientConn) RoundTrip(req *http.Request) (*http.Response, error) { + return cc.cc.RoundTrip(req) +} + +func (cc netHTTPClientConn) Close() error { + return cc.cc.Close() +} + +func (cc netHTTPClientConn) Err() error { + cc.cc.mu.Lock() + defer cc.cc.mu.Unlock() + if cc.cc.closed { + return errors.New("connection closed") + } + return nil +} + +func (cc netHTTPClientConn) Reserve() error { + defer cc.cc.maybeCallStateHook() + cc.cc.mu.Lock() + defer cc.cc.mu.Unlock() + if !cc.cc.canReserveLocked() { + return errors.New("connection is unavailable") + } + cc.cc.streamsReserved++ + return nil +} + +func (cc netHTTPClientConn) Release() { + defer cc.cc.maybeCallStateHook() + cc.cc.mu.Lock() + defer cc.cc.mu.Unlock() + // We don't complain if streamsReserved is 0. + // + // This is consistent with RoundTrip: both Release and RoundTrip will + // consume a reservation iff one exists. + if cc.cc.streamsReserved > 0 { + cc.cc.streamsReserved-- + } +} + +func (cc netHTTPClientConn) Available() int { + cc.cc.mu.Lock() + defer cc.cc.mu.Unlock() + return cc.cc.availableLocked() +} + +func (cc netHTTPClientConn) InFlight() int { + cc.cc.mu.Lock() + defer cc.cc.mu.Unlock() + return cc.cc.currentRequestCountLocked() +} + +func (cc *ClientConn) maybeCallStateHook() { + if cc.internalStateHook != nil { + cc.internalStateHook() + } +} + func (t *Transport) idleConnTimeout() time.Duration { // to keep things backwards compatible, we use non-zero values of // IdleConnTimeout, followed by using the IdleConnTimeout on the underlying diff --git a/vendor/golang.org/x/net/http2/writesched_priority_rfc9218.go b/vendor/golang.org/x/net/http2/writesched_priority_rfc9218.go index cb4cadc32d..dfbfc1eb34 100644 --- a/vendor/golang.org/x/net/http2/writesched_priority_rfc9218.go +++ b/vendor/golang.org/x/net/http2/writesched_priority_rfc9218.go @@ -37,6 +37,15 @@ type priorityWriteSchedulerRFC9218 struct { // incremental streams or not, when urgency is the same in a given Pop() // call. prioritizeIncremental bool + + // priorityUpdateBuf is used to buffer the most recent PRIORITY_UPDATE we + // receive per https://www.rfc-editor.org/rfc/rfc9218.html#name-the-priority_update-frame. + priorityUpdateBuf struct { + // streamID being 0 means that the buffer is empty. This is a safe + // assumption as PRIORITY_UPDATE for stream 0 is a PROTOCOL_ERROR. + streamID uint32 + priority PriorityParam + } } func newPriorityWriteSchedulerRFC9218() WriteScheduler { @@ -50,6 +59,10 @@ func (ws *priorityWriteSchedulerRFC9218) OpenStream(streamID uint32, opt OpenStr if ws.streams[streamID].location != nil { panic(fmt.Errorf("stream %d already opened", streamID)) } + if streamID == ws.priorityUpdateBuf.streamID { + ws.priorityUpdateBuf.streamID = 0 + opt.priority = ws.priorityUpdateBuf.priority + } q := ws.queuePool.get() ws.streams[streamID] = streamMetadata{ location: q, @@ -95,6 +108,8 @@ func (ws *priorityWriteSchedulerRFC9218) AdjustStream(streamID uint32, priority metadata := ws.streams[streamID] q, u, i := metadata.location, metadata.priority.urgency, metadata.priority.incremental if q == nil { + ws.priorityUpdateBuf.streamID = streamID + ws.priorityUpdateBuf.priority = priority return } diff --git a/vendor/golang.org/x/net/trace/events.go b/vendor/golang.org/x/net/trace/events.go index 3aaffdd1f7..c2b3c00980 100644 --- a/vendor/golang.org/x/net/trace/events.go +++ b/vendor/golang.org/x/net/trace/events.go @@ -58,8 +58,8 @@ func RenderEvents(w http.ResponseWriter, req *http.Request, sensitive bool) { Buckets: buckets, } - data.Families = make([]string, 0, len(families)) famMu.RLock() + data.Families = make([]string, 0, len(families)) for name := range families { data.Families = append(data.Families, name) } diff --git a/vendor/golang.org/x/net/websocket/hybi.go b/vendor/golang.org/x/net/websocket/hybi.go index dda7434666..c7e76cd91b 100644 --- a/vendor/golang.org/x/net/websocket/hybi.go +++ b/vendor/golang.org/x/net/websocket/hybi.go @@ -440,6 +440,7 @@ func hybiClientHandshake(config *Config, br *bufio.Reader, bw *bufio.Writer) (er if err != nil { return err } + defer resp.Body.Close() if resp.StatusCode != 101 { return ErrBadStatus } diff --git a/vendor/golang.org/x/sync/errgroup/errgroup.go b/vendor/golang.org/x/sync/errgroup/errgroup.go index 2f45dbc86e..f69fd75468 100644 --- a/vendor/golang.org/x/sync/errgroup/errgroup.go +++ b/vendor/golang.org/x/sync/errgroup/errgroup.go @@ -144,8 +144,8 @@ func (g *Group) SetLimit(n int) { g.sem = nil return } - if len(g.sem) != 0 { - panic(fmt.Errorf("errgroup: modify limit while %v goroutines in the group are still active", len(g.sem))) + if active := len(g.sem); active != 0 { + panic(fmt.Errorf("errgroup: modify limit while %v goroutines in the group are still active", active)) } g.sem = make(chan token, n) } diff --git a/vendor/golang.org/x/sys/cpu/cpu.go b/vendor/golang.org/x/sys/cpu/cpu.go index 34c9ae76ef..63541994ef 100644 --- a/vendor/golang.org/x/sys/cpu/cpu.go +++ b/vendor/golang.org/x/sys/cpu/cpu.go @@ -92,9 +92,6 @@ var ARM64 struct { HasSHA2 bool // SHA2 hardware implementation HasCRC32 bool // CRC32 hardware implementation HasATOMICS bool // Atomic memory operation instruction set - HasHPDS bool // Hierarchical permission disables in translations tables - HasLOR bool // Limited ordering regions - HasPAN bool // Privileged access never HasFPHP bool // Half precision floating-point instruction set HasASIMDHP bool // Advanced SIMD half precision instruction set HasCPUID bool // CPUID identification scheme registers diff --git a/vendor/golang.org/x/sys/cpu/cpu_arm64.go b/vendor/golang.org/x/sys/cpu/cpu_arm64.go index f449c679fe..af2aa99f9f 100644 --- a/vendor/golang.org/x/sys/cpu/cpu_arm64.go +++ b/vendor/golang.org/x/sys/cpu/cpu_arm64.go @@ -65,10 +65,10 @@ func setMinimalFeatures() { func readARM64Registers() { Initialized = true - parseARM64SystemRegisters(getisar0(), getisar1(), getmmfr1(), getpfr0()) + parseARM64SystemRegisters(getisar0(), getisar1(), getpfr0()) } -func parseARM64SystemRegisters(isar0, isar1, mmfr1, pfr0 uint64) { +func parseARM64SystemRegisters(isar0, isar1, pfr0 uint64) { // ID_AA64ISAR0_EL1 switch extractBits(isar0, 4, 7) { case 1: @@ -152,22 +152,6 @@ func parseARM64SystemRegisters(isar0, isar1, mmfr1, pfr0 uint64) { ARM64.HasI8MM = true } - // ID_AA64MMFR1_EL1 - switch extractBits(mmfr1, 12, 15) { - case 1, 2: - ARM64.HasHPDS = true - } - - switch extractBits(mmfr1, 16, 19) { - case 1: - ARM64.HasLOR = true - } - - switch extractBits(mmfr1, 20, 23) { - case 1, 2, 3: - ARM64.HasPAN = true - } - // ID_AA64PFR0_EL1 switch extractBits(pfr0, 16, 19) { case 0: diff --git a/vendor/golang.org/x/sys/cpu/cpu_arm64.s b/vendor/golang.org/x/sys/cpu/cpu_arm64.s index a4f24b3b0c..3b0450a06a 100644 --- a/vendor/golang.org/x/sys/cpu/cpu_arm64.s +++ b/vendor/golang.org/x/sys/cpu/cpu_arm64.s @@ -20,13 +20,6 @@ TEXT ·getisar1(SB),NOSPLIT,$0-8 MOVD R0, ret+0(FP) RET -// func getmmfr1() uint64 -TEXT ·getmmfr1(SB),NOSPLIT,$0-8 - // get Memory Model Feature Register 1 into x0 - MRS ID_AA64MMFR1_EL1, R0 - MOVD R0, ret+0(FP) - RET - // func getpfr0() uint64 TEXT ·getpfr0(SB),NOSPLIT,$0-8 // get Processor Feature Register 0 into x0 diff --git a/vendor/golang.org/x/sys/cpu/cpu_gc_arm64.go b/vendor/golang.org/x/sys/cpu/cpu_gc_arm64.go index e3fc5a8d31..6ac6e1efb2 100644 --- a/vendor/golang.org/x/sys/cpu/cpu_gc_arm64.go +++ b/vendor/golang.org/x/sys/cpu/cpu_gc_arm64.go @@ -8,6 +8,5 @@ package cpu func getisar0() uint64 func getisar1() uint64 -func getmmfr1() uint64 func getpfr0() uint64 func getzfr0() uint64 diff --git a/vendor/golang.org/x/sys/cpu/cpu_gccgo_arm64.go b/vendor/golang.org/x/sys/cpu/cpu_gccgo_arm64.go index 8df2079e15..7f1946780b 100644 --- a/vendor/golang.org/x/sys/cpu/cpu_gccgo_arm64.go +++ b/vendor/golang.org/x/sys/cpu/cpu_gccgo_arm64.go @@ -8,5 +8,4 @@ package cpu func getisar0() uint64 { return 0 } func getisar1() uint64 { return 0 } -func getmmfr1() uint64 { return 0 } func getpfr0() uint64 { return 0 } diff --git a/vendor/golang.org/x/sys/cpu/cpu_netbsd_arm64.go b/vendor/golang.org/x/sys/cpu/cpu_netbsd_arm64.go index 19aea0633e..ebfb3fc8e7 100644 --- a/vendor/golang.org/x/sys/cpu/cpu_netbsd_arm64.go +++ b/vendor/golang.org/x/sys/cpu/cpu_netbsd_arm64.go @@ -167,7 +167,7 @@ func doinit() { setMinimalFeatures() return } - parseARM64SystemRegisters(cpuid.aa64isar0, cpuid.aa64isar1, cpuid.aa64mmfr1, cpuid.aa64pfr0) + parseARM64SystemRegisters(cpuid.aa64isar0, cpuid.aa64isar1, cpuid.aa64pfr0) Initialized = true } diff --git a/vendor/golang.org/x/sys/cpu/cpu_openbsd_arm64.go b/vendor/golang.org/x/sys/cpu/cpu_openbsd_arm64.go index 87fd3a7780..85b64d5ccb 100644 --- a/vendor/golang.org/x/sys/cpu/cpu_openbsd_arm64.go +++ b/vendor/golang.org/x/sys/cpu/cpu_openbsd_arm64.go @@ -59,7 +59,7 @@ func doinit() { if !ok { return } - parseARM64SystemRegisters(isar0, isar1, 0, 0) + parseARM64SystemRegisters(isar0, isar1, 0) Initialized = true } diff --git a/vendor/golang.org/x/sys/cpu/cpu_x86.go b/vendor/golang.org/x/sys/cpu/cpu_x86.go index 1e642f3304..f5723d4f7e 100644 --- a/vendor/golang.org/x/sys/cpu/cpu_x86.go +++ b/vendor/golang.org/x/sys/cpu/cpu_x86.go @@ -64,6 +64,80 @@ func initOptions() { func archInit() { + // From internal/cpu + const ( + // eax bits + cpuid_AVXVNNI = 1 << 4 + + // ecx bits + cpuid_SSE3 = 1 << 0 + cpuid_PCLMULQDQ = 1 << 1 + cpuid_AVX512VBMI = 1 << 1 + cpuid_AVX512VBMI2 = 1 << 6 + cpuid_SSSE3 = 1 << 9 + cpuid_AVX512GFNI = 1 << 8 + cpuid_AVX512VAES = 1 << 9 + cpuid_AVX512VNNI = 1 << 11 + cpuid_AVX512BITALG = 1 << 12 + cpuid_FMA = 1 << 12 + cpuid_AVX512VPOPCNTDQ = 1 << 14 + cpuid_SSE41 = 1 << 19 + cpuid_SSE42 = 1 << 20 + cpuid_POPCNT = 1 << 23 + cpuid_AES = 1 << 25 + cpuid_OSXSAVE = 1 << 27 + cpuid_AVX = 1 << 28 + + // "Extended Feature Flag" bits returned in EBX for CPUID EAX=0x7 ECX=0x0 + cpuid_BMI1 = 1 << 3 + cpuid_AVX2 = 1 << 5 + cpuid_BMI2 = 1 << 8 + cpuid_ERMS = 1 << 9 + cpuid_AVX512F = 1 << 16 + cpuid_AVX512DQ = 1 << 17 + cpuid_ADX = 1 << 19 + cpuid_AVX512CD = 1 << 28 + cpuid_SHA = 1 << 29 + cpuid_AVX512BW = 1 << 30 + cpuid_AVX512VL = 1 << 31 + + // "Extended Feature Flag" bits returned in ECX for CPUID EAX=0x7 ECX=0x0 + cpuid_AVX512_VBMI = 1 << 1 + cpuid_AVX512_VBMI2 = 1 << 6 + cpuid_GFNI = 1 << 8 + cpuid_AVX512VPCLMULQDQ = 1 << 10 + cpuid_AVX512_BITALG = 1 << 12 + + // edx bits + cpuid_FSRM = 1 << 4 + // edx bits for CPUID 0x80000001 + cpuid_RDTSCP = 1 << 27 + ) + // Additional constants not in internal/cpu + const ( + // eax=1: edx + cpuid_SSE2 = 1 << 26 + // eax=1: ecx + cpuid_CX16 = 1 << 13 + cpuid_RDRAND = 1 << 30 + // eax=7,ecx=0: ebx + cpuid_RDSEED = 1 << 18 + cpuid_AVX512IFMA = 1 << 21 + cpuid_AVX512PF = 1 << 26 + cpuid_AVX512ER = 1 << 27 + // eax=7,ecx=0: edx + cpuid_AVX5124VNNIW = 1 << 2 + cpuid_AVX5124FMAPS = 1 << 3 + cpuid_AMXBF16 = 1 << 22 + cpuid_AMXTile = 1 << 24 + cpuid_AMXInt8 = 1 << 25 + // eax=7,ecx=1: eax + cpuid_AVX512BF16 = 1 << 5 + cpuid_AVXIFMA = 1 << 23 + // eax=7,ecx=1: edx + cpuid_AVXVNNIInt8 = 1 << 4 + ) + Initialized = true maxID, _, _, _ := cpuid(0, 0) @@ -73,90 +147,90 @@ func archInit() { } _, _, ecx1, edx1 := cpuid(1, 0) - X86.HasSSE2 = isSet(26, edx1) - - X86.HasSSE3 = isSet(0, ecx1) - X86.HasPCLMULQDQ = isSet(1, ecx1) - X86.HasSSSE3 = isSet(9, ecx1) - X86.HasFMA = isSet(12, ecx1) - X86.HasCX16 = isSet(13, ecx1) - X86.HasSSE41 = isSet(19, ecx1) - X86.HasSSE42 = isSet(20, ecx1) - X86.HasPOPCNT = isSet(23, ecx1) - X86.HasAES = isSet(25, ecx1) - X86.HasOSXSAVE = isSet(27, ecx1) - X86.HasRDRAND = isSet(30, ecx1) + X86.HasSSE2 = isSet(edx1, cpuid_SSE2) + + X86.HasSSE3 = isSet(ecx1, cpuid_SSE3) + X86.HasPCLMULQDQ = isSet(ecx1, cpuid_PCLMULQDQ) + X86.HasSSSE3 = isSet(ecx1, cpuid_SSSE3) + X86.HasFMA = isSet(ecx1, cpuid_FMA) + X86.HasCX16 = isSet(ecx1, cpuid_CX16) + X86.HasSSE41 = isSet(ecx1, cpuid_SSE41) + X86.HasSSE42 = isSet(ecx1, cpuid_SSE42) + X86.HasPOPCNT = isSet(ecx1, cpuid_POPCNT) + X86.HasAES = isSet(ecx1, cpuid_AES) + X86.HasOSXSAVE = isSet(ecx1, cpuid_OSXSAVE) + X86.HasRDRAND = isSet(ecx1, cpuid_RDRAND) var osSupportsAVX, osSupportsAVX512 bool // For XGETBV, OSXSAVE bit is required and sufficient. if X86.HasOSXSAVE { eax, _ := xgetbv() // Check if XMM and YMM registers have OS support. - osSupportsAVX = isSet(1, eax) && isSet(2, eax) + osSupportsAVX = isSet(eax, 1<<1) && isSet(eax, 1<<2) if runtime.GOOS == "darwin" { // Darwin requires special AVX512 checks, see cpu_darwin_x86.go osSupportsAVX512 = osSupportsAVX && darwinSupportsAVX512() } else { // Check if OPMASK and ZMM registers have OS support. - osSupportsAVX512 = osSupportsAVX && isSet(5, eax) && isSet(6, eax) && isSet(7, eax) + osSupportsAVX512 = osSupportsAVX && isSet(eax, 1<<5) && isSet(eax, 1<<6) && isSet(eax, 1<<7) } } - X86.HasAVX = isSet(28, ecx1) && osSupportsAVX + X86.HasAVX = isSet(ecx1, cpuid_AVX) && osSupportsAVX if maxID < 7 { return } eax7, ebx7, ecx7, edx7 := cpuid(7, 0) - X86.HasBMI1 = isSet(3, ebx7) - X86.HasAVX2 = isSet(5, ebx7) && osSupportsAVX - X86.HasBMI2 = isSet(8, ebx7) - X86.HasERMS = isSet(9, ebx7) - X86.HasRDSEED = isSet(18, ebx7) - X86.HasADX = isSet(19, ebx7) - - X86.HasAVX512 = isSet(16, ebx7) && osSupportsAVX512 // Because avx-512 foundation is the core required extension + X86.HasBMI1 = isSet(ebx7, cpuid_BMI1) + X86.HasAVX2 = isSet(ebx7, cpuid_AVX2) && osSupportsAVX + X86.HasBMI2 = isSet(ebx7, cpuid_BMI2) + X86.HasERMS = isSet(ebx7, cpuid_ERMS) + X86.HasRDSEED = isSet(ebx7, cpuid_RDSEED) + X86.HasADX = isSet(ebx7, cpuid_ADX) + + X86.HasAVX512 = isSet(ebx7, cpuid_AVX512F) && osSupportsAVX512 // Because avx-512 foundation is the core required extension if X86.HasAVX512 { X86.HasAVX512F = true - X86.HasAVX512CD = isSet(28, ebx7) - X86.HasAVX512ER = isSet(27, ebx7) - X86.HasAVX512PF = isSet(26, ebx7) - X86.HasAVX512VL = isSet(31, ebx7) - X86.HasAVX512BW = isSet(30, ebx7) - X86.HasAVX512DQ = isSet(17, ebx7) - X86.HasAVX512IFMA = isSet(21, ebx7) - X86.HasAVX512VBMI = isSet(1, ecx7) - X86.HasAVX5124VNNIW = isSet(2, edx7) - X86.HasAVX5124FMAPS = isSet(3, edx7) - X86.HasAVX512VPOPCNTDQ = isSet(14, ecx7) - X86.HasAVX512VPCLMULQDQ = isSet(10, ecx7) - X86.HasAVX512VNNI = isSet(11, ecx7) - X86.HasAVX512GFNI = isSet(8, ecx7) - X86.HasAVX512VAES = isSet(9, ecx7) - X86.HasAVX512VBMI2 = isSet(6, ecx7) - X86.HasAVX512BITALG = isSet(12, ecx7) + X86.HasAVX512CD = isSet(ebx7, cpuid_AVX512CD) + X86.HasAVX512ER = isSet(ebx7, cpuid_AVX512ER) + X86.HasAVX512PF = isSet(ebx7, cpuid_AVX512PF) + X86.HasAVX512VL = isSet(ebx7, cpuid_AVX512VL) + X86.HasAVX512BW = isSet(ebx7, cpuid_AVX512BW) + X86.HasAVX512DQ = isSet(ebx7, cpuid_AVX512DQ) + X86.HasAVX512IFMA = isSet(ebx7, cpuid_AVX512IFMA) + X86.HasAVX512VBMI = isSet(ecx7, cpuid_AVX512_VBMI) + X86.HasAVX5124VNNIW = isSet(edx7, cpuid_AVX5124VNNIW) + X86.HasAVX5124FMAPS = isSet(edx7, cpuid_AVX5124FMAPS) + X86.HasAVX512VPOPCNTDQ = isSet(ecx7, cpuid_AVX512VPOPCNTDQ) + X86.HasAVX512VPCLMULQDQ = isSet(ecx7, cpuid_AVX512VPCLMULQDQ) + X86.HasAVX512VNNI = isSet(ecx7, cpuid_AVX512VNNI) + X86.HasAVX512GFNI = isSet(ecx7, cpuid_AVX512GFNI) + X86.HasAVX512VAES = isSet(ecx7, cpuid_AVX512VAES) + X86.HasAVX512VBMI2 = isSet(ecx7, cpuid_AVX512VBMI2) + X86.HasAVX512BITALG = isSet(ecx7, cpuid_AVX512BITALG) } - X86.HasAMXTile = isSet(24, edx7) - X86.HasAMXInt8 = isSet(25, edx7) - X86.HasAMXBF16 = isSet(22, edx7) + X86.HasAMXTile = isSet(edx7, cpuid_AMXTile) + X86.HasAMXInt8 = isSet(edx7, cpuid_AMXInt8) + X86.HasAMXBF16 = isSet(edx7, cpuid_AMXBF16) // These features depend on the second level of extended features. if eax7 >= 1 { eax71, _, _, edx71 := cpuid(7, 1) if X86.HasAVX512 { - X86.HasAVX512BF16 = isSet(5, eax71) + X86.HasAVX512BF16 = isSet(eax71, cpuid_AVX512BF16) } if X86.HasAVX { - X86.HasAVXIFMA = isSet(23, eax71) - X86.HasAVXVNNI = isSet(4, eax71) - X86.HasAVXVNNIInt8 = isSet(4, edx71) + X86.HasAVXIFMA = isSet(eax71, cpuid_AVXIFMA) + X86.HasAVXVNNI = isSet(eax71, cpuid_AVXVNNI) + X86.HasAVXVNNIInt8 = isSet(edx71, cpuid_AVXVNNIInt8) } } } -func isSet(bitpos uint, value uint32) bool { - return value&(1< #include #include +#include #include #include #include @@ -613,7 +614,7 @@ ccflags="$@" $2 !~ /IOC_MAGIC/ && $2 ~ /^[A-Z][A-Z0-9_]+_MAGIC2?$/ || $2 ~ /^(VM|VMADDR)_/ || - $2 ~ /^IOCTL_VM_SOCKETS_/ || + $2 ~ /^(IOCTL_VM_SOCKETS_|IOCTL_MEI_)/ || $2 ~ /^(TASKSTATS|TS)_/ || $2 ~ /^CGROUPSTATS_/ || $2 ~ /^GENL_/ || diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux.go b/vendor/golang.org/x/sys/unix/zerrors_linux.go index d0a75da572..120a7b35d1 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux.go @@ -1615,6 +1615,8 @@ const ( IN_OPEN = 0x20 IN_Q_OVERFLOW = 0x4000 IN_UNMOUNT = 0x2000 + IOCTL_MEI_CONNECT_CLIENT = 0xc0104801 + IOCTL_MEI_CONNECT_CLIENT_VTAG = 0xc0144804 IPPROTO_AH = 0x33 IPPROTO_BEETPH = 0x5e IPPROTO_COMP = 0x6c diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_386.go b/vendor/golang.org/x/sys/unix/zerrors_linux_386.go index 1c37f9fbc4..97a61fc5b8 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_386.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_386.go @@ -116,6 +116,8 @@ const ( IEXTEN = 0x8000 IN_CLOEXEC = 0x80000 IN_NONBLOCK = 0x800 + IOCTL_MEI_NOTIFY_GET = 0x80044803 + IOCTL_MEI_NOTIFY_SET = 0x40044802 IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x7b9 IPV6_FLOWINFO_MASK = 0xffffff0f IPV6_FLOWLABEL_MASK = 0xffff0f00 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go index 6f54d34aef..a0d6d498c4 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go @@ -116,6 +116,8 @@ const ( IEXTEN = 0x8000 IN_CLOEXEC = 0x80000 IN_NONBLOCK = 0x800 + IOCTL_MEI_NOTIFY_GET = 0x80044803 + IOCTL_MEI_NOTIFY_SET = 0x40044802 IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x7b9 IPV6_FLOWINFO_MASK = 0xffffff0f IPV6_FLOWLABEL_MASK = 0xffff0f00 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go b/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go index 783ec5c126..dd9c903f9a 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go @@ -115,6 +115,8 @@ const ( IEXTEN = 0x8000 IN_CLOEXEC = 0x80000 IN_NONBLOCK = 0x800 + IOCTL_MEI_NOTIFY_GET = 0x80044803 + IOCTL_MEI_NOTIFY_SET = 0x40044802 IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x7b9 IPV6_FLOWINFO_MASK = 0xffffff0f IPV6_FLOWLABEL_MASK = 0xffff0f00 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go index ca83d3ba16..384c61ca3a 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go @@ -120,6 +120,8 @@ const ( IEXTEN = 0x8000 IN_CLOEXEC = 0x80000 IN_NONBLOCK = 0x800 + IOCTL_MEI_NOTIFY_GET = 0x80044803 + IOCTL_MEI_NOTIFY_SET = 0x40044802 IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x7b9 IPV6_FLOWINFO_MASK = 0xffffff0f IPV6_FLOWLABEL_MASK = 0xffff0f00 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go index 607e611c0c..6384c9831f 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go @@ -116,6 +116,8 @@ const ( IEXTEN = 0x8000 IN_CLOEXEC = 0x80000 IN_NONBLOCK = 0x800 + IOCTL_MEI_NOTIFY_GET = 0x80044803 + IOCTL_MEI_NOTIFY_SET = 0x40044802 IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x7b9 IPV6_FLOWINFO_MASK = 0xffffff0f IPV6_FLOWLABEL_MASK = 0xffff0f00 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go index b9cb5bd3c0..553c1c6f15 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go @@ -115,6 +115,8 @@ const ( IEXTEN = 0x100 IN_CLOEXEC = 0x80000 IN_NONBLOCK = 0x80 + IOCTL_MEI_NOTIFY_GET = 0x40044803 + IOCTL_MEI_NOTIFY_SET = 0x80044802 IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x200007b9 IPV6_FLOWINFO_MASK = 0xfffffff IPV6_FLOWLABEL_MASK = 0xfffff diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go index 65b078a638..b3339f2099 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go @@ -115,6 +115,8 @@ const ( IEXTEN = 0x100 IN_CLOEXEC = 0x80000 IN_NONBLOCK = 0x80 + IOCTL_MEI_NOTIFY_GET = 0x40044803 + IOCTL_MEI_NOTIFY_SET = 0x80044802 IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x200007b9 IPV6_FLOWINFO_MASK = 0xfffffff IPV6_FLOWLABEL_MASK = 0xfffff diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go index 5298a3033d..177091d2bc 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go @@ -115,6 +115,8 @@ const ( IEXTEN = 0x100 IN_CLOEXEC = 0x80000 IN_NONBLOCK = 0x80 + IOCTL_MEI_NOTIFY_GET = 0x40044803 + IOCTL_MEI_NOTIFY_SET = 0x80044802 IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x200007b9 IPV6_FLOWINFO_MASK = 0xffffff0f IPV6_FLOWLABEL_MASK = 0xffff0f00 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go index 7bc557c876..c5abf156d0 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go @@ -115,6 +115,8 @@ const ( IEXTEN = 0x100 IN_CLOEXEC = 0x80000 IN_NONBLOCK = 0x80 + IOCTL_MEI_NOTIFY_GET = 0x40044803 + IOCTL_MEI_NOTIFY_SET = 0x80044802 IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x200007b9 IPV6_FLOWINFO_MASK = 0xffffff0f IPV6_FLOWLABEL_MASK = 0xffff0f00 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go index 152399bb04..f1f3fadf57 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go @@ -115,6 +115,8 @@ const ( IEXTEN = 0x400 IN_CLOEXEC = 0x80000 IN_NONBLOCK = 0x800 + IOCTL_MEI_NOTIFY_GET = 0x40044803 + IOCTL_MEI_NOTIFY_SET = 0x80044802 IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x200007b9 IPV6_FLOWINFO_MASK = 0xfffffff IPV6_FLOWLABEL_MASK = 0xfffff diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go index 1a1ce2409c..203ad9c54a 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go @@ -115,6 +115,8 @@ const ( IEXTEN = 0x400 IN_CLOEXEC = 0x80000 IN_NONBLOCK = 0x800 + IOCTL_MEI_NOTIFY_GET = 0x40044803 + IOCTL_MEI_NOTIFY_SET = 0x80044802 IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x200007b9 IPV6_FLOWINFO_MASK = 0xfffffff IPV6_FLOWLABEL_MASK = 0xfffff diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go index 4231a1fb57..4b9abcb21a 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go @@ -115,6 +115,8 @@ const ( IEXTEN = 0x400 IN_CLOEXEC = 0x80000 IN_NONBLOCK = 0x800 + IOCTL_MEI_NOTIFY_GET = 0x40044803 + IOCTL_MEI_NOTIFY_SET = 0x80044802 IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x200007b9 IPV6_FLOWINFO_MASK = 0xffffff0f IPV6_FLOWLABEL_MASK = 0xffff0f00 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go index 21c0e95266..f87983037d 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go @@ -115,6 +115,8 @@ const ( IEXTEN = 0x8000 IN_CLOEXEC = 0x80000 IN_NONBLOCK = 0x800 + IOCTL_MEI_NOTIFY_GET = 0x80044803 + IOCTL_MEI_NOTIFY_SET = 0x40044802 IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x7b9 IPV6_FLOWINFO_MASK = 0xffffff0f IPV6_FLOWLABEL_MASK = 0xffff0f00 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go b/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go index f00d1cd7cf..64347eb354 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go @@ -115,6 +115,8 @@ const ( IEXTEN = 0x8000 IN_CLOEXEC = 0x80000 IN_NONBLOCK = 0x800 + IOCTL_MEI_NOTIFY_GET = 0x80044803 + IOCTL_MEI_NOTIFY_SET = 0x40044802 IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x7b9 IPV6_FLOWINFO_MASK = 0xfffffff IPV6_FLOWLABEL_MASK = 0xfffff diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go index bc8d539e6a..7d71911718 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go @@ -119,6 +119,8 @@ const ( IEXTEN = 0x8000 IN_CLOEXEC = 0x400000 IN_NONBLOCK = 0x4000 + IOCTL_MEI_NOTIFY_GET = 0x40044803 + IOCTL_MEI_NOTIFY_SET = 0x80044802 IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x200007b9 IPV6_FLOWINFO_MASK = 0xfffffff IPV6_FLOWLABEL_MASK = 0xfffff diff --git a/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm.go b/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm.go index 439548ec9a..50e8e64497 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm.go +++ b/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm.go @@ -104,7 +104,7 @@ type Statvfs_t struct { Fsid uint32 Namemax uint32 Owner uint32 - Spare [4]uint32 + Spare [4]uint64 Fstypename [32]byte Mntonname [1024]byte Mntfromname [1024]byte diff --git a/vendor/golang.org/x/term/terminal.go b/vendor/golang.org/x/term/terminal.go index 9255449b9b..6ec537cdc1 100644 --- a/vendor/golang.org/x/term/terminal.go +++ b/vendor/golang.org/x/term/terminal.go @@ -160,7 +160,9 @@ const ( keyEnd keyDeleteWord keyDeleteLine + keyDelete keyClearScreen + keyTranspose keyPasteStart keyPasteEnd ) @@ -194,6 +196,8 @@ func bytesToKey(b []byte, pasteActive bool) (rune, []byte) { return keyDeleteLine, b[1:] case 12: // ^L return keyClearScreen, b[1:] + case 20: // ^T + return keyTranspose, b[1:] case 23: // ^W return keyDeleteWord, b[1:] case 14: // ^N @@ -228,6 +232,10 @@ func bytesToKey(b []byte, pasteActive bool) (rune, []byte) { } } + if !pasteActive && len(b) >= 4 && b[0] == keyEscape && b[1] == '[' && b[2] == '3' && b[3] == '~' { + return keyDelete, b[4:] + } + if !pasteActive && len(b) >= 6 && b[0] == keyEscape && b[1] == '[' && b[2] == '1' && b[3] == ';' && b[4] == '3' { switch b[5] { case 'C': @@ -590,7 +598,7 @@ func (t *Terminal) handleKey(key rune) (line string, ok bool) { } t.line = t.line[:t.pos] t.moveCursorToPos(t.pos) - case keyCtrlD: + case keyCtrlD, keyDelete: // Erase the character under the current position. // The EOF case when the line is empty is handled in // readLine(). @@ -600,6 +608,24 @@ func (t *Terminal) handleKey(key rune) (line string, ok bool) { } case keyCtrlU: t.eraseNPreviousChars(t.pos) + case keyTranspose: + // This transposes the two characters around the cursor and advances the cursor. Best-effort. + if len(t.line) < 2 || t.pos < 1 { + return + } + swap := t.pos + if swap == len(t.line) { + swap-- // special: at end of line, swap previous two chars + } + t.line[swap-1], t.line[swap] = t.line[swap], t.line[swap-1] + if t.pos < len(t.line) { + t.pos++ + } + if t.echo { + t.moveCursorToPos(swap - 1) + t.writeLine(t.line[swap-1:]) + t.moveCursorToPos(t.pos) + } case keyClearScreen: // Erases the screen and moves the cursor to the home position. t.queue([]rune("\x1b[2J\x1b[H")) diff --git a/vendor/golang.org/x/text/encoding/japanese/eucjp.go b/vendor/golang.org/x/text/encoding/japanese/eucjp.go index 79313fa589..6fce8c5f52 100644 --- a/vendor/golang.org/x/text/encoding/japanese/eucjp.go +++ b/vendor/golang.org/x/text/encoding/japanese/eucjp.go @@ -17,9 +17,9 @@ import ( var EUCJP encoding.Encoding = &eucJP var eucJP = internal.Encoding{ - &internal.SimpleEncoding{eucJPDecoder{}, eucJPEncoder{}}, - "EUC-JP", - identifier.EUCPkdFmtJapanese, + Encoding: &internal.SimpleEncoding{Decoder: eucJPDecoder{}, Encoder: eucJPEncoder{}}, + Name: "EUC-JP", + MIB: identifier.EUCPkdFmtJapanese, } type eucJPDecoder struct{ transform.NopResetter } diff --git a/vendor/golang.org/x/text/encoding/japanese/iso2022jp.go b/vendor/golang.org/x/text/encoding/japanese/iso2022jp.go index 613226df5e..6f7bd460a6 100644 --- a/vendor/golang.org/x/text/encoding/japanese/iso2022jp.go +++ b/vendor/golang.org/x/text/encoding/japanese/iso2022jp.go @@ -17,9 +17,9 @@ import ( var ISO2022JP encoding.Encoding = &iso2022JP var iso2022JP = internal.Encoding{ - internal.FuncEncoding{iso2022JPNewDecoder, iso2022JPNewEncoder}, - "ISO-2022-JP", - identifier.ISO2022JP, + Encoding: internal.FuncEncoding{Decoder: iso2022JPNewDecoder, Encoder: iso2022JPNewEncoder}, + Name: "ISO-2022-JP", + MIB: identifier.ISO2022JP, } func iso2022JPNewDecoder() transform.Transformer { diff --git a/vendor/golang.org/x/text/encoding/japanese/shiftjis.go b/vendor/golang.org/x/text/encoding/japanese/shiftjis.go index 16fd8a6e3e..af65d43d95 100644 --- a/vendor/golang.org/x/text/encoding/japanese/shiftjis.go +++ b/vendor/golang.org/x/text/encoding/japanese/shiftjis.go @@ -18,9 +18,9 @@ import ( var ShiftJIS encoding.Encoding = &shiftJIS var shiftJIS = internal.Encoding{ - &internal.SimpleEncoding{shiftJISDecoder{}, shiftJISEncoder{}}, - "Shift JIS", - identifier.ShiftJIS, + Encoding: &internal.SimpleEncoding{Decoder: shiftJISDecoder{}, Encoder: shiftJISEncoder{}}, + Name: "Shift JIS", + MIB: identifier.ShiftJIS, } type shiftJISDecoder struct{ transform.NopResetter } diff --git a/vendor/golang.org/x/text/encoding/korean/euckr.go b/vendor/golang.org/x/text/encoding/korean/euckr.go index 034337f5df..81c834730c 100644 --- a/vendor/golang.org/x/text/encoding/korean/euckr.go +++ b/vendor/golang.org/x/text/encoding/korean/euckr.go @@ -20,9 +20,9 @@ var All = []encoding.Encoding{EUCKR} var EUCKR encoding.Encoding = &eucKR var eucKR = internal.Encoding{ - &internal.SimpleEncoding{eucKRDecoder{}, eucKREncoder{}}, - "EUC-KR", - identifier.EUCKR, + Encoding: &internal.SimpleEncoding{Decoder: eucKRDecoder{}, Encoder: eucKREncoder{}}, + Name: "EUC-KR", + MIB: identifier.EUCKR, } type eucKRDecoder struct{ transform.NopResetter } diff --git a/vendor/golang.org/x/text/encoding/simplifiedchinese/gbk.go b/vendor/golang.org/x/text/encoding/simplifiedchinese/gbk.go index 0e0fabfd6b..2f2fd5d449 100644 --- a/vendor/golang.org/x/text/encoding/simplifiedchinese/gbk.go +++ b/vendor/golang.org/x/text/encoding/simplifiedchinese/gbk.go @@ -22,21 +22,21 @@ var ( ) var gbk = internal.Encoding{ - &internal.SimpleEncoding{ - gbkDecoder{gb18030: false}, - gbkEncoder{gb18030: false}, + Encoding: &internal.SimpleEncoding{ + Decoder: gbkDecoder{gb18030: false}, + Encoder: gbkEncoder{gb18030: false}, }, - "GBK", - identifier.GBK, + Name: "GBK", + MIB: identifier.GBK, } var gbk18030 = internal.Encoding{ - &internal.SimpleEncoding{ - gbkDecoder{gb18030: true}, - gbkEncoder{gb18030: true}, + Encoding: &internal.SimpleEncoding{ + Decoder: gbkDecoder{gb18030: true}, + Encoder: gbkEncoder{gb18030: true}, }, - "GB18030", - identifier.GB18030, + Name: "GB18030", + MIB: identifier.GB18030, } type gbkDecoder struct { diff --git a/vendor/golang.org/x/text/encoding/simplifiedchinese/hzgb2312.go b/vendor/golang.org/x/text/encoding/simplifiedchinese/hzgb2312.go index e15b7bf6a7..351750e60e 100644 --- a/vendor/golang.org/x/text/encoding/simplifiedchinese/hzgb2312.go +++ b/vendor/golang.org/x/text/encoding/simplifiedchinese/hzgb2312.go @@ -17,9 +17,9 @@ import ( var HZGB2312 encoding.Encoding = &hzGB2312 var hzGB2312 = internal.Encoding{ - internal.FuncEncoding{hzGB2312NewDecoder, hzGB2312NewEncoder}, - "HZ-GB2312", - identifier.HZGB2312, + Encoding: internal.FuncEncoding{Decoder: hzGB2312NewDecoder, Encoder: hzGB2312NewEncoder}, + Name: "HZ-GB2312", + MIB: identifier.HZGB2312, } func hzGB2312NewDecoder() transform.Transformer { diff --git a/vendor/golang.org/x/text/encoding/traditionalchinese/big5.go b/vendor/golang.org/x/text/encoding/traditionalchinese/big5.go index 1fcddde082..5046920ee0 100644 --- a/vendor/golang.org/x/text/encoding/traditionalchinese/big5.go +++ b/vendor/golang.org/x/text/encoding/traditionalchinese/big5.go @@ -20,9 +20,9 @@ var All = []encoding.Encoding{Big5} var Big5 encoding.Encoding = &big5 var big5 = internal.Encoding{ - &internal.SimpleEncoding{big5Decoder{}, big5Encoder{}}, - "Big5", - identifier.Big5, + Encoding: &internal.SimpleEncoding{Decoder: big5Decoder{}, Encoder: big5Encoder{}}, + Name: "Big5", + MIB: identifier.Big5, } type big5Decoder struct{ transform.NopResetter } diff --git a/vendor/golang.org/x/text/encoding/unicode/unicode.go b/vendor/golang.org/x/text/encoding/unicode/unicode.go index dd99ad14d3..ce28c90628 100644 --- a/vendor/golang.org/x/text/encoding/unicode/unicode.go +++ b/vendor/golang.org/x/text/encoding/unicode/unicode.go @@ -60,9 +60,9 @@ func (utf8bomEncoding) NewDecoder() *encoding.Decoder { } var utf8enc = &internal.Encoding{ - &internal.SimpleEncoding{utf8Decoder{}, runes.ReplaceIllFormed()}, - "UTF-8", - identifier.UTF8, + Encoding: &internal.SimpleEncoding{Decoder: utf8Decoder{}, Encoder: runes.ReplaceIllFormed()}, + Name: "UTF-8", + MIB: identifier.UTF8, } type utf8bomDecoder struct { diff --git a/vendor/golang.org/x/tools/go/analysis/diagnostic.go b/vendor/golang.org/x/tools/go/analysis/diagnostic.go index f6118bec64..527540c62c 100644 --- a/vendor/golang.org/x/tools/go/analysis/diagnostic.go +++ b/vendor/golang.org/x/tools/go/analysis/diagnostic.go @@ -33,8 +33,9 @@ type Diagnostic struct { URL string // SuggestedFixes is an optional list of fixes to address the - // problem described by the diagnostic. Each one represents - // an alternative strategy; at most one may be applied. + // problem described by the diagnostic. Each one represents an + // alternative strategy, and should have a distinct and + // descriptive message; at most one may be applied. // // Fixes for different diagnostics should be treated as // independent changes to the same baseline file state, diff --git a/vendor/golang.org/x/tools/go/analysis/passes/appends/appends.go b/vendor/golang.org/x/tools/go/analysis/passes/appends/appends.go index e554c3cc90..8ccf982d23 100644 --- a/vendor/golang.org/x/tools/go/analysis/passes/appends/appends.go +++ b/vendor/golang.org/x/tools/go/analysis/passes/appends/appends.go @@ -13,9 +13,9 @@ import ( "golang.org/x/tools/go/analysis" "golang.org/x/tools/go/analysis/passes/inspect" - "golang.org/x/tools/go/analysis/passes/internal/analysisutil" "golang.org/x/tools/go/ast/inspector" "golang.org/x/tools/go/types/typeutil" + "golang.org/x/tools/internal/analysis/analyzerutil" ) //go:embed doc.go @@ -23,7 +23,7 @@ var doc string var Analyzer = &analysis.Analyzer{ Name: "appends", - Doc: analysisutil.MustExtractDoc(doc, "appends"), + Doc: analyzerutil.MustExtractDoc(doc, "appends"), URL: "https://pkg.go.dev/golang.org/x/tools/go/analysis/passes/appends", Requires: []*analysis.Analyzer{inspect.Analyzer}, Run: run, diff --git a/vendor/golang.org/x/tools/go/analysis/passes/asmdecl/asmdecl.go b/vendor/golang.org/x/tools/go/analysis/passes/asmdecl/asmdecl.go index efbf05d596..ba9ca38a81 100644 --- a/vendor/golang.org/x/tools/go/analysis/passes/asmdecl/asmdecl.go +++ b/vendor/golang.org/x/tools/go/analysis/passes/asmdecl/asmdecl.go @@ -19,7 +19,7 @@ import ( "strings" "golang.org/x/tools/go/analysis" - "golang.org/x/tools/go/analysis/passes/internal/analysisutil" + "golang.org/x/tools/internal/analysis/analyzerutil" ) const Doc = "report mismatches between assembly files and Go declarations" @@ -175,7 +175,7 @@ func run(pass *analysis.Pass) (any, error) { Files: for _, fname := range sfiles { - content, tf, err := analysisutil.ReadFile(pass, fname) + content, tf, err := analyzerutil.ReadFile(pass, fname) if err != nil { return nil, err } @@ -211,7 +211,7 @@ Files: resultStr = "result register" } for _, line := range retLine { - pass.Reportf(analysisutil.LineStart(tf, line), "[%s] %s: RET without writing to %s", arch, fnName, resultStr) + pass.Reportf(tf.LineStart(line), "[%s] %s: RET without writing to %s", arch, fnName, resultStr) } } retLine = nil @@ -227,7 +227,7 @@ Files: lineno++ badf := func(format string, args ...any) { - pass.Reportf(analysisutil.LineStart(tf, lineno), "[%s] %s: %s", arch, fnName, fmt.Sprintf(format, args...)) + pass.Reportf(tf.LineStart(lineno), "[%s] %s: %s", arch, fnName, fmt.Sprintf(format, args...)) } if arch == "" { diff --git a/vendor/golang.org/x/tools/go/analysis/passes/assign/assign.go b/vendor/golang.org/x/tools/go/analysis/passes/assign/assign.go index dfe68d9b15..69734df825 100644 --- a/vendor/golang.org/x/tools/go/analysis/passes/assign/assign.go +++ b/vendor/golang.org/x/tools/go/analysis/passes/assign/assign.go @@ -17,9 +17,11 @@ import ( "golang.org/x/tools/go/analysis" "golang.org/x/tools/go/analysis/passes/inspect" - "golang.org/x/tools/go/analysis/passes/internal/analysisutil" "golang.org/x/tools/go/ast/inspector" + "golang.org/x/tools/internal/analysis/analyzerutil" "golang.org/x/tools/internal/astutil" + "golang.org/x/tools/internal/refactor" + "golang.org/x/tools/internal/typesinternal" ) //go:embed doc.go @@ -27,26 +29,26 @@ var doc string var Analyzer = &analysis.Analyzer{ Name: "assign", - Doc: analysisutil.MustExtractDoc(doc, "assign"), + Doc: analyzerutil.MustExtractDoc(doc, "assign"), URL: "https://pkg.go.dev/golang.org/x/tools/go/analysis/passes/assign", Requires: []*analysis.Analyzer{inspect.Analyzer}, Run: run, } func run(pass *analysis.Pass) (any, error) { - inspect := pass.ResultOf[inspect.Analyzer].(*inspector.Inspector) + var ( + inspect = pass.ResultOf[inspect.Analyzer].(*inspector.Inspector) + info = pass.TypesInfo + ) - nodeFilter := []ast.Node{ - (*ast.AssignStmt)(nil), - } - inspect.Preorder(nodeFilter, func(n ast.Node) { - stmt := n.(*ast.AssignStmt) + for curAssign := range inspect.Root().Preorder((*ast.AssignStmt)(nil)) { + stmt := curAssign.Node().(*ast.AssignStmt) if stmt.Tok != token.ASSIGN { - return // ignore := + continue // ignore := } if len(stmt.Lhs) != len(stmt.Rhs) { // If LHS and RHS have different cardinality, they can't be the same. - return + continue } // Delete redundant LHS, RHS pairs, taking care @@ -61,9 +63,9 @@ func run(pass *analysis.Pass) (any, error) { isSelfAssign := false var le string - if !analysisutil.HasSideEffects(pass.TypesInfo, lhs) && - !analysisutil.HasSideEffects(pass.TypesInfo, rhs) && - !isMapIndex(pass.TypesInfo, lhs) && + if typesinternal.NoEffects(info, lhs) && + typesinternal.NoEffects(info, rhs) && + !isMapIndex(info, lhs) && reflect.TypeOf(lhs) == reflect.TypeOf(rhs) { // short-circuit the heavy-weight gofmt check le = astutil.Format(pass.Fset, lhs) @@ -109,13 +111,14 @@ func run(pass *analysis.Pass) (any, error) { } if len(exprs) == 0 { - return + continue } if len(exprs) == len(stmt.Lhs) { // If every part of the statement is a self-assignment, // remove the whole statement. - edits = []analysis.TextEdit{{Pos: stmt.Pos(), End: stmt.End()}} + tokFile := pass.Fset.File(stmt.Pos()) + edits = refactor.DeleteStmt(tokFile, curAssign) } pass.Report(analysis.Diagnostic{ @@ -126,7 +129,7 @@ func run(pass *analysis.Pass) (any, error) { TextEdits: edits, }}, }) - }) + } return nil, nil } diff --git a/vendor/golang.org/x/tools/go/analysis/passes/atomic/atomic.go b/vendor/golang.org/x/tools/go/analysis/passes/atomic/atomic.go index ddd875b23b..c6ab7ff7a2 100644 --- a/vendor/golang.org/x/tools/go/analysis/passes/atomic/atomic.go +++ b/vendor/golang.org/x/tools/go/analysis/passes/atomic/atomic.go @@ -11,9 +11,9 @@ import ( "golang.org/x/tools/go/analysis" "golang.org/x/tools/go/analysis/passes/inspect" - "golang.org/x/tools/go/analysis/passes/internal/analysisutil" "golang.org/x/tools/go/ast/inspector" "golang.org/x/tools/go/types/typeutil" + "golang.org/x/tools/internal/analysis/analyzerutil" "golang.org/x/tools/internal/astutil" "golang.org/x/tools/internal/typesinternal" ) @@ -23,7 +23,7 @@ var doc string var Analyzer = &analysis.Analyzer{ Name: "atomic", - Doc: analysisutil.MustExtractDoc(doc, "atomic"), + Doc: analyzerutil.MustExtractDoc(doc, "atomic"), URL: "https://pkg.go.dev/golang.org/x/tools/go/analysis/passes/atomic", Requires: []*analysis.Analyzer{inspect.Analyzer}, RunDespiteErrors: true, diff --git a/vendor/golang.org/x/tools/go/analysis/passes/bools/bools.go b/vendor/golang.org/x/tools/go/analysis/passes/bools/bools.go index 3c2a82dce3..574fafaa95 100644 --- a/vendor/golang.org/x/tools/go/analysis/passes/bools/bools.go +++ b/vendor/golang.org/x/tools/go/analysis/passes/bools/bools.go @@ -13,9 +13,9 @@ import ( "golang.org/x/tools/go/analysis" "golang.org/x/tools/go/analysis/passes/inspect" - "golang.org/x/tools/go/analysis/passes/internal/analysisutil" "golang.org/x/tools/go/ast/inspector" "golang.org/x/tools/internal/astutil" + "golang.org/x/tools/internal/typesinternal" ) const Doc = "check for common mistakes involving boolean operators" @@ -84,7 +84,7 @@ func (op boolOp) commutativeSets(info *types.Info, e *ast.BinaryExpr, seen map[* i := 0 var sets [][]ast.Expr for j := 0; j <= len(exprs); j++ { - if j == len(exprs) || analysisutil.HasSideEffects(info, exprs[j]) { + if j == len(exprs) || !typesinternal.NoEffects(info, exprs[j]) { if i < j { sets = append(sets, exprs[i:j]) } diff --git a/vendor/golang.org/x/tools/go/analysis/passes/buildssa/buildssa.go b/vendor/golang.org/x/tools/go/analysis/passes/buildssa/buildssa.go index f49fea5176..017415f91b 100644 --- a/vendor/golang.org/x/tools/go/analysis/passes/buildssa/buildssa.go +++ b/vendor/golang.org/x/tools/go/analysis/passes/buildssa/buildssa.go @@ -11,9 +11,11 @@ package buildssa import ( "go/ast" "go/types" + "iter" "reflect" "golang.org/x/tools/go/analysis" + "golang.org/x/tools/go/analysis/passes/ctrlflow" "golang.org/x/tools/go/ssa" ) @@ -22,7 +24,13 @@ var Analyzer = &analysis.Analyzer{ Doc: "build SSA-form IR for later passes", URL: "https://pkg.go.dev/golang.org/x/tools/go/analysis/passes/buildssa", Run: run, - ResultType: reflect.TypeOf(new(SSA)), + Requires: []*analysis.Analyzer{ctrlflow.Analyzer}, + ResultType: reflect.TypeFor[*SSA](), + // Do not add FactTypes here: SSA construction of P must not + // require SSA construction of all of P's dependencies. + // (That's why we enlist the cheaper ctrlflow pass to compute + // noreturn instead of having go/ssa + buildssa do it.) + FactTypes: nil, } // SSA provides SSA-form intermediate representation for all the @@ -33,6 +41,8 @@ type SSA struct { } func run(pass *analysis.Pass) (any, error) { + cfgs := pass.ResultOf[ctrlflow.Analyzer].(*ctrlflow.CFGs) + // We must create a new Program for each Package because the // analysis API provides no place to hang a Program shared by // all Packages. Consequently, SSA Packages and Functions do not @@ -49,6 +59,9 @@ func run(pass *analysis.Pass) (any, error) { prog := ssa.NewProgram(pass.Fset, mode) + // Use the result of the ctrlflow analysis to improve the SSA CFG. + prog.SetNoReturn(cfgs.NoReturn) + // Create SSA packages for direct imports. for _, p := range pass.Pkg.Imports() { prog.CreatePackage(p, nil, nil, true) @@ -61,34 +74,41 @@ func run(pass *analysis.Pass) (any, error) { // Compute list of source functions, including literals, // in source order. var funcs []*ssa.Function - for _, f := range pass.Files { - for _, decl := range f.Decls { - if fdecl, ok := decl.(*ast.FuncDecl); ok { - // (init functions have distinct Func - // objects named "init" and distinct - // ssa.Functions named "init#1", ...) - - fn := pass.TypesInfo.Defs[fdecl.Name].(*types.Func) - if fn == nil { - panic(fn) - } + for _, fn := range allFunctions(pass) { + // (init functions have distinct Func + // objects named "init" and distinct + // ssa.Functions named "init#1", ...) - f := ssapkg.Prog.FuncValue(fn) - if f == nil { - panic(fn) - } + f := ssapkg.Prog.FuncValue(fn) + if f == nil { + panic(fn) + } - var addAnons func(f *ssa.Function) - addAnons = func(f *ssa.Function) { - funcs = append(funcs, f) - for _, anon := range f.AnonFuncs { - addAnons(anon) - } - } - addAnons(f) + var addAnons func(f *ssa.Function) + addAnons = func(f *ssa.Function) { + funcs = append(funcs, f) + for _, anon := range f.AnonFuncs { + addAnons(anon) } } + addAnons(f) } return &SSA{Pkg: ssapkg, SrcFuncs: funcs}, nil } + +// allFunctions returns an iterator over all named functions. +func allFunctions(pass *analysis.Pass) iter.Seq2[*ast.FuncDecl, *types.Func] { + return func(yield func(*ast.FuncDecl, *types.Func) bool) { + for _, file := range pass.Files { + for _, decl := range file.Decls { + if decl, ok := decl.(*ast.FuncDecl); ok { + fn := pass.TypesInfo.Defs[decl.Name].(*types.Func) + if !yield(decl, fn) { + return + } + } + } + } + } +} diff --git a/vendor/golang.org/x/tools/go/analysis/passes/buildtag/buildtag.go b/vendor/golang.org/x/tools/go/analysis/passes/buildtag/buildtag.go index 91aac67625..d0b28e5b84 100644 --- a/vendor/golang.org/x/tools/go/analysis/passes/buildtag/buildtag.go +++ b/vendor/golang.org/x/tools/go/analysis/passes/buildtag/buildtag.go @@ -14,9 +14,7 @@ import ( "unicode" "golang.org/x/tools/go/analysis" - "golang.org/x/tools/go/analysis/passes/internal/analysisutil" - "golang.org/x/tools/internal/analysisinternal" - "golang.org/x/tools/internal/versions" + "golang.org/x/tools/internal/analysis/analyzerutil" ) const Doc = "check //go:build and // +build directives" @@ -57,6 +55,7 @@ func runBuildTag(pass *analysis.Pass) (any, error) { func checkGoFile(pass *analysis.Pass, f *ast.File) { var check checker check.init(pass) + defer check.finish() for _, group := range f.Comments { // A +build comment is ignored after or adjoining the package declaration. @@ -78,27 +77,6 @@ func checkGoFile(pass *analysis.Pass, f *ast.File) { check.comment(c.Slash, c.Text) } } - - check.finish() - - // For Go 1.18+ files, offer a fix to remove the +build lines - // if they passed all consistency checks. - if check.crossCheck && !versions.Before(pass.TypesInfo.FileVersions[f], "go1.18") { - for _, rng := range check.plusBuildRanges { - check.pass.Report(analysis.Diagnostic{ - Pos: rng.Pos(), - End: rng.End(), - Message: "+build line is no longer needed", - SuggestedFixes: []analysis.SuggestedFix{{ - Message: "Remove obsolete +build line", - TextEdits: []analysis.TextEdit{{ - Pos: rng.Pos(), - End: rng.End(), - }}, - }}, - }) - } - } } func checkOtherFile(pass *analysis.Pass, filename string) error { @@ -108,7 +86,7 @@ func checkOtherFile(pass *analysis.Pass, filename string) error { // We cannot use the Go parser, since this may not be a Go source file. // Read the raw bytes instead. - content, tf, err := analysisutil.ReadFile(pass, filename) + content, tf, err := analyzerutil.ReadFile(pass, filename) if err != nil { return err } @@ -118,15 +96,15 @@ func checkOtherFile(pass *analysis.Pass, filename string) error { } type checker struct { - pass *analysis.Pass - plusBuildOK bool // "+build" lines still OK - goBuildOK bool // "go:build" lines still OK - crossCheck bool // cross-check go:build and +build lines when done reading file - inStar bool // currently in a /* */ comment - goBuildPos token.Pos // position of first go:build line found - plusBuildRanges []analysis.Range // range of each "+build" line found - goBuild constraint.Expr // go:build constraint found - plusBuild constraint.Expr // AND of +build constraints found + pass *analysis.Pass + plusBuildOK bool // "+build" lines still OK + goBuildOK bool // "go:build" lines still OK + crossCheck bool // cross-check go:build and +build lines when done reading file + inStar bool // currently in a /* */ comment + goBuildPos token.Pos // position of first go:build line found + plusBuildPos token.Pos // position of first "+build" line found + goBuild constraint.Expr // go:build constraint found + plusBuild constraint.Expr // AND of +build constraints found } func (check *checker) init(pass *analysis.Pass) { @@ -294,8 +272,6 @@ func (check *checker) goBuildLine(pos token.Pos, line string) { } func (check *checker) plusBuildLine(pos token.Pos, line string) { - plusBuildRange := analysisinternal.Range(pos, pos+token.Pos(len(line))) - line = strings.TrimSpace(line) if !constraint.IsPlusBuild(line) { // Comment with +build but not at beginning. @@ -310,7 +286,9 @@ func (check *checker) plusBuildLine(pos token.Pos, line string) { check.crossCheck = false } - check.plusBuildRanges = append(check.plusBuildRanges, plusBuildRange) + if check.plusBuildPos == token.NoPos { + check.plusBuildPos = pos + } // testing hack: stop at // ERROR if i := strings.Index(line, " // ERROR "); i >= 0 { @@ -358,19 +336,19 @@ func (check *checker) plusBuildLine(pos token.Pos, line string) { } func (check *checker) finish() { - if !check.crossCheck || len(check.plusBuildRanges) == 0 || check.goBuildPos == token.NoPos { + if !check.crossCheck || check.plusBuildPos == token.NoPos || check.goBuildPos == token.NoPos { return } // Have both //go:build and // +build, // with no errors found (crossCheck still true). // Check they match. + var want constraint.Expr lines, err := constraint.PlusBuildLines(check.goBuild) if err != nil { check.pass.Reportf(check.goBuildPos, "%v", err) return } - var want constraint.Expr for _, line := range lines { y, err := constraint.Parse(line) if err != nil { @@ -385,8 +363,7 @@ func (check *checker) finish() { } } if want.String() != check.plusBuild.String() { - check.pass.ReportRangef(check.plusBuildRanges[0], "+build lines do not match //go:build condition") - check.crossCheck = false // don't offer fix to remove +build + check.pass.Reportf(check.plusBuildPos, "+build lines do not match //go:build condition") return } } diff --git a/vendor/golang.org/x/tools/go/analysis/passes/cgocall/cgocall.go b/vendor/golang.org/x/tools/go/analysis/passes/cgocall/cgocall.go index bf1202b92b..54b8062cc0 100644 --- a/vendor/golang.org/x/tools/go/analysis/passes/cgocall/cgocall.go +++ b/vendor/golang.org/x/tools/go/analysis/passes/cgocall/cgocall.go @@ -350,8 +350,8 @@ func typeOKForCgoCall(t types.Type, m map[types.Type]bool) bool { case *types.Array: return typeOKForCgoCall(t.Elem(), m) case *types.Struct: - for i := 0; i < t.NumFields(); i++ { - if !typeOKForCgoCall(t.Field(i).Type(), m) { + for field := range t.Fields() { + if !typeOKForCgoCall(field.Type(), m) { return false } } diff --git a/vendor/golang.org/x/tools/go/analysis/passes/copylock/copylock.go b/vendor/golang.org/x/tools/go/analysis/passes/copylock/copylock.go index 4190cc5900..208602f486 100644 --- a/vendor/golang.org/x/tools/go/analysis/passes/copylock/copylock.go +++ b/vendor/golang.org/x/tools/go/analysis/passes/copylock/copylock.go @@ -328,8 +328,8 @@ func lockPath(tpkg *types.Package, typ types.Type, seen map[types.Type]bool) typ ttyp, ok := typ.Underlying().(*types.Tuple) if ok { - for i := 0; i < ttyp.Len(); i++ { - subpath := lockPath(tpkg, ttyp.At(i).Type(), seen) + for v := range ttyp.Variables() { + subpath := lockPath(tpkg, v.Type(), seen) if subpath != nil { return append(subpath, typ.String()) } diff --git a/vendor/golang.org/x/tools/go/analysis/passes/ctrlflow/ctrlflow.go b/vendor/golang.org/x/tools/go/analysis/passes/ctrlflow/ctrlflow.go index 951aaed00f..4e6ea9d67f 100644 --- a/vendor/golang.org/x/tools/go/analysis/passes/ctrlflow/ctrlflow.go +++ b/vendor/golang.org/x/tools/go/analysis/passes/ctrlflow/ctrlflow.go @@ -19,6 +19,7 @@ import ( "golang.org/x/tools/go/ast/inspector" "golang.org/x/tools/go/cfg" "golang.org/x/tools/go/types/typeutil" + "golang.org/x/tools/internal/typesinternal" ) var Analyzer = &analysis.Analyzer{ @@ -26,7 +27,7 @@ var Analyzer = &analysis.Analyzer{ Doc: "build a control-flow graph", URL: "https://pkg.go.dev/golang.org/x/tools/go/analysis/passes/ctrlflow", Run: run, - ResultType: reflect.TypeOf(new(CFGs)), + ResultType: reflect.TypeFor[*CFGs](), FactTypes: []analysis.Fact{new(noReturn)}, Requires: []*analysis.Analyzer{inspect.Analyzer}, } @@ -44,7 +45,21 @@ type CFGs struct { defs map[*ast.Ident]types.Object // from Pass.TypesInfo.Defs funcDecls map[*types.Func]*declInfo funcLits map[*ast.FuncLit]*litInfo - pass *analysis.Pass // transient; nil after construction + noReturn map[*types.Func]bool // functions lacking a reachable return statement + pass *analysis.Pass // transient; nil after construction +} + +// NoReturn reports whether the specified control-flow graph cannot return normally. +// +// It is defined for at least all function symbols that appear as the static callee of a +// CallExpr in the current package, even if the callee was imported from a dependency. +// +// The result may incorporate interprocedural information based on induction of +// the "no return" property over the static call graph within the package. +// For example, if f simply calls g and g always calls os.Exit, then both f and g may +// be deemed never to return. +func (c *CFGs) NoReturn(fn *types.Func) bool { + return c.noReturn[fn] } // CFGs has two maps: funcDecls for named functions and funcLits for @@ -54,15 +69,14 @@ type CFGs struct { // *types.Func but not the other way. type declInfo struct { - decl *ast.FuncDecl - cfg *cfg.CFG // iff decl.Body != nil - started bool // to break cycles - noReturn bool + decl *ast.FuncDecl + cfg *cfg.CFG // iff decl.Body != nil + started bool // to break cycles } type litInfo struct { cfg *cfg.CFG - noReturn bool + noReturn bool // (currently unused) } // FuncDecl returns the control-flow graph for a named function. @@ -118,6 +132,7 @@ func run(pass *analysis.Pass) (any, error) { defs: pass.TypesInfo.Defs, funcDecls: funcDecls, funcLits: funcLits, + noReturn: make(map[*types.Func]bool), pass: pass, } @@ -138,7 +153,7 @@ func run(pass *analysis.Pass) (any, error) { li := funcLits[lit] if li.cfg == nil { li.cfg = cfg.New(lit.Body, c.callMayReturn) - if !hasReachableReturn(li.cfg) { + if li.cfg.NoReturn() { li.noReturn = true } } @@ -158,26 +173,28 @@ func (c *CFGs) buildDecl(fn *types.Func, di *declInfo) { // The buildDecl call tree thus resembles the static call graph. // We mark each node when we start working on it to break cycles. - if !di.started { // break cycle - di.started = true + if di.started { + return // break cycle + } + di.started = true - if isIntrinsicNoReturn(fn) { - di.noReturn = true - } + noreturn, known := knownIntrinsic(fn) + if !known { if di.decl.Body != nil { di.cfg = cfg.New(di.decl.Body, c.callMayReturn) - if !hasReachableReturn(di.cfg) { - di.noReturn = true + if di.cfg.NoReturn() { + noreturn = true } } - if di.noReturn { - c.pass.ExportObjectFact(fn, new(noReturn)) - } + } + if noreturn { + c.pass.ExportObjectFact(fn, new(noReturn)) + c.noReturn[fn] = true + } - // debugging - if false { - log.Printf("CFG for %s:\n%s (noreturn=%t)\n", fn, di.cfg.Format(c.pass.Fset), di.noReturn) - } + // debugging + if false { + log.Printf("CFG for %s:\n%s (noreturn=%t)\n", fn, di.cfg.Format(c.pass.Fset), noreturn) } } @@ -201,31 +218,61 @@ func (c *CFGs) callMayReturn(call *ast.CallExpr) (r bool) { // Function or method declared in this package? if di, ok := c.funcDecls[fn]; ok { c.buildDecl(fn, di) - return !di.noReturn + return !c.noReturn[fn] } // Not declared in this package. // Is there a fact from another package? - return !c.pass.ImportObjectFact(fn, new(noReturn)) + if c.pass.ImportObjectFact(fn, new(noReturn)) { + c.noReturn[fn] = true + return false + } + + return true } var panicBuiltin = types.Universe.Lookup("panic").(*types.Builtin) -func hasReachableReturn(g *cfg.CFG) bool { - for _, b := range g.Blocks { - if b.Live && b.Return() != nil { - return true - } - } - return false -} - -// isIntrinsicNoReturn reports whether a function intrinsically never -// returns because it stops execution of the calling thread. +// knownIntrinsic reports whether a function intrinsically never +// returns because it stops execution of the calling thread, or does +// in fact return, contrary to its apparent body, because it is +// handled specially by the compiler. +// // It is the base case in the recursion. -func isIntrinsicNoReturn(fn *types.Func) bool { +func knownIntrinsic(fn *types.Func) (noreturn, known bool) { // Add functions here as the need arises, but don't allocate memory. - path, name := fn.Pkg().Path(), fn.Name() - return path == "syscall" && (name == "Exit" || name == "ExitProcess" || name == "ExitThread") || - path == "runtime" && name == "Goexit" + + // Functions known intrinsically never to return. + if typesinternal.IsFunctionNamed(fn, "syscall", "Exit", "ExitProcess", "ExitThread") || + typesinternal.IsFunctionNamed(fn, "runtime", "Goexit", "fatalthrow", "fatalpanic", "exit") || + // Following staticcheck (see go/ir/exits.go) we include functions + // in several popular logging packages whose no-return status is + // beyond the analysis to infer. + // TODO(adonovan): make this list extensible. + typesinternal.IsMethodNamed(fn, "go.uber.org/zap", "Logger", "Fatal", "Panic") || + typesinternal.IsMethodNamed(fn, "go.uber.org/zap", "SugaredLogger", "Fatal", "Fatalw", "Fatalf", "Panic", "Panicw", "Panicf") || + typesinternal.IsMethodNamed(fn, "github.com/sirupsen/logrus", "Logger", "Exit", "Panic", "Panicf", "Panicln") || + typesinternal.IsMethodNamed(fn, "github.com/sirupsen/logrus", "Entry", "Panicf", "Panicln") || + typesinternal.IsFunctionNamed(fn, "k8s.io/klog", "Exit", "ExitDepth", "Exitf", "Exitln", "Fatal", "FatalDepth", "Fatalf", "Fatalln") || + typesinternal.IsFunctionNamed(fn, "k8s.io/klog/v2", "Exit", "ExitDepth", "Exitf", "Exitln", "Fatal", "FatalDepth", "Fatalf", "Fatalln") { + return true, true + } + + // Compiler intrinsics known to return, contrary to + // what analysis of the function body would conclude. + // + // Not all such intrinsics must be listed here: ctrlflow + // considers any function called for its value--such as + // crypto/internal/constanttime.bool2Uint8--to potentially + // return; only functions called as a statement, for effects, + // are no-return candidates. + // + // Unfortunately this does sometimes mean peering into internals. + // Where possible, use the nearest enclosing public API function. + if typesinternal.IsFunctionNamed(fn, "internal/abi", "EscapeNonString") || + typesinternal.IsFunctionNamed(fn, "hash/maphash", "Comparable") { + return false, true + } + + return // unknown } diff --git a/vendor/golang.org/x/tools/go/analysis/passes/deepequalerrors/deepequalerrors.go b/vendor/golang.org/x/tools/go/analysis/passes/deepequalerrors/deepequalerrors.go index 5e3d1a3535..32087cd71a 100644 --- a/vendor/golang.org/x/tools/go/analysis/passes/deepequalerrors/deepequalerrors.go +++ b/vendor/golang.org/x/tools/go/analysis/passes/deepequalerrors/deepequalerrors.go @@ -96,8 +96,8 @@ func containsError(typ types.Type) bool { case *types.Map: return check(t.Key()) || check(t.Elem()) case *types.Struct: - for i := 0; i < t.NumFields(); i++ { - if check(t.Field(i).Type()) { + for field := range t.Fields() { + if check(field.Type()) { return true } } diff --git a/vendor/golang.org/x/tools/go/analysis/passes/defers/defers.go b/vendor/golang.org/x/tools/go/analysis/passes/defers/defers.go index bf62d327d9..af93407cae 100644 --- a/vendor/golang.org/x/tools/go/analysis/passes/defers/defers.go +++ b/vendor/golang.org/x/tools/go/analysis/passes/defers/defers.go @@ -10,9 +10,9 @@ import ( "golang.org/x/tools/go/analysis" "golang.org/x/tools/go/analysis/passes/inspect" - "golang.org/x/tools/go/analysis/passes/internal/analysisutil" "golang.org/x/tools/go/ast/inspector" "golang.org/x/tools/go/types/typeutil" + "golang.org/x/tools/internal/analysis/analyzerutil" "golang.org/x/tools/internal/typesinternal" ) @@ -23,8 +23,8 @@ var doc string var Analyzer = &analysis.Analyzer{ Name: "defers", Requires: []*analysis.Analyzer{inspect.Analyzer}, + Doc: analyzerutil.MustExtractDoc(doc, "defers"), URL: "https://pkg.go.dev/golang.org/x/tools/go/analysis/passes/defers", - Doc: analysisutil.MustExtractDoc(doc, "defers"), Run: run, } diff --git a/vendor/golang.org/x/tools/go/analysis/passes/directive/directive.go b/vendor/golang.org/x/tools/go/analysis/passes/directive/directive.go index bebec89140..5fa28861e5 100644 --- a/vendor/golang.org/x/tools/go/analysis/passes/directive/directive.go +++ b/vendor/golang.org/x/tools/go/analysis/passes/directive/directive.go @@ -14,7 +14,7 @@ import ( "unicode/utf8" "golang.org/x/tools/go/analysis" - "golang.org/x/tools/go/analysis/passes/internal/analysisutil" + "golang.org/x/tools/internal/analysis/analyzerutil" ) const Doc = `check Go toolchain directives such as //go:debug @@ -86,7 +86,7 @@ func checkGoFile(pass *analysis.Pass, f *ast.File) { func checkOtherFile(pass *analysis.Pass, filename string) error { // We cannot use the Go parser, since is not a Go source file. // Read the raw bytes instead. - content, tf, err := analysisutil.ReadFile(pass, filename) + content, tf, err := analyzerutil.ReadFile(pass, filename) if err != nil { return err } diff --git a/vendor/golang.org/x/tools/go/analysis/passes/errorsas/errorsas.go b/vendor/golang.org/x/tools/go/analysis/passes/errorsas/errorsas.go index b3df99929d..f1465f7343 100644 --- a/vendor/golang.org/x/tools/go/analysis/passes/errorsas/errorsas.go +++ b/vendor/golang.org/x/tools/go/analysis/passes/errorsas/errorsas.go @@ -12,7 +12,7 @@ import ( "go/types" "golang.org/x/tools/go/analysis" - typeindexanalyzer "golang.org/x/tools/internal/analysisinternal/typeindex" + typeindexanalyzer "golang.org/x/tools/internal/analysis/typeindex" "golang.org/x/tools/internal/typesinternal/typeindex" ) diff --git a/vendor/golang.org/x/tools/go/analysis/passes/fieldalignment/fieldalignment.go b/vendor/golang.org/x/tools/go/analysis/passes/fieldalignment/fieldalignment.go index 4987ec5afd..235fa4f01f 100644 --- a/vendor/golang.org/x/tools/go/analysis/passes/fieldalignment/fieldalignment.go +++ b/vendor/golang.org/x/tools/go/analysis/passes/fieldalignment/fieldalignment.go @@ -18,6 +18,7 @@ import ( "golang.org/x/tools/go/analysis" "golang.org/x/tools/go/analysis/passes/inspect" "golang.org/x/tools/go/ast/inspector" + "golang.org/x/tools/internal/astutil" ) const Doc = `find structs that would use less memory if their fields were sorted @@ -103,6 +104,11 @@ func fieldalignment(pass *analysis.Pass, node *ast.StructType, typ *types.Struct return } + // Analyzers borrow syntax tree; they do not own them and must modify them. + // This Clone operation is a quick fix to the data race introduced + // in CL 278872 by the clearing of the Comment and Doc fields below. + node = astutil.CloneNode(node) + // Flatten the ast node since it could have multiple field names per list item while // *types.Struct only have one item per field. // TODO: Preserve multi-named fields instead of flattening. diff --git a/vendor/golang.org/x/tools/go/analysis/passes/framepointer/framepointer.go b/vendor/golang.org/x/tools/go/analysis/passes/framepointer/framepointer.go index ff9c8b4f81..a7d558103a 100644 --- a/vendor/golang.org/x/tools/go/analysis/passes/framepointer/framepointer.go +++ b/vendor/golang.org/x/tools/go/analysis/passes/framepointer/framepointer.go @@ -13,7 +13,7 @@ import ( "unicode" "golang.org/x/tools/go/analysis" - "golang.org/x/tools/go/analysis/passes/internal/analysisutil" + "golang.org/x/tools/internal/analysis/analyzerutil" ) const Doc = "report assembly that clobbers the frame pointer before saving it" @@ -98,7 +98,7 @@ func run(pass *analysis.Pass) (any, error) { } for _, fname := range sfiles { - content, tf, err := analysisutil.ReadFile(pass, fname) + content, tf, err := analyzerutil.ReadFile(pass, fname) if err != nil { return nil, err } @@ -127,7 +127,7 @@ func run(pass *analysis.Pass) (any, error) { } if arch.isFPWrite(line) { - pass.Reportf(analysisutil.LineStart(tf, lineno), "frame pointer is clobbered before saving") + pass.Reportf(tf.LineStart(lineno), "frame pointer is clobbered before saving") active = false continue } diff --git a/vendor/golang.org/x/tools/go/analysis/passes/ifaceassert/ifaceassert.go b/vendor/golang.org/x/tools/go/analysis/passes/ifaceassert/ifaceassert.go index 4022dbe7c2..da0acbd8e2 100644 --- a/vendor/golang.org/x/tools/go/analysis/passes/ifaceassert/ifaceassert.go +++ b/vendor/golang.org/x/tools/go/analysis/passes/ifaceassert/ifaceassert.go @@ -11,8 +11,8 @@ import ( "golang.org/x/tools/go/analysis" "golang.org/x/tools/go/analysis/passes/inspect" - "golang.org/x/tools/go/analysis/passes/internal/analysisutil" "golang.org/x/tools/go/ast/inspector" + "golang.org/x/tools/internal/analysis/analyzerutil" "golang.org/x/tools/internal/typeparams" ) @@ -21,7 +21,7 @@ var doc string var Analyzer = &analysis.Analyzer{ Name: "ifaceassert", - Doc: analysisutil.MustExtractDoc(doc, "ifaceassert"), + Doc: analyzerutil.MustExtractDoc(doc, "ifaceassert"), URL: "https://pkg.go.dev/golang.org/x/tools/go/analysis/passes/ifaceassert", Requires: []*analysis.Analyzer{inspect.Analyzer}, Run: run, diff --git a/vendor/golang.org/x/tools/go/analysis/passes/inspect/inspect.go b/vendor/golang.org/x/tools/go/analysis/passes/inspect/inspect.go index ee1972f56d..aae5d255f9 100644 --- a/vendor/golang.org/x/tools/go/analysis/passes/inspect/inspect.go +++ b/vendor/golang.org/x/tools/go/analysis/passes/inspect/inspect.go @@ -41,7 +41,7 @@ var Analyzer = &analysis.Analyzer{ URL: "https://pkg.go.dev/golang.org/x/tools/go/analysis/passes/inspect", Run: run, RunDespiteErrors: true, - ResultType: reflect.TypeOf(new(inspector.Inspector)), + ResultType: reflect.TypeFor[*inspector.Inspector](), } func run(pass *analysis.Pass) (any, error) { diff --git a/vendor/golang.org/x/tools/go/analysis/passes/internal/analysisutil/util.go b/vendor/golang.org/x/tools/go/analysis/passes/internal/analysisutil/util.go deleted file mode 100644 index d3df898d30..0000000000 --- a/vendor/golang.org/x/tools/go/analysis/passes/internal/analysisutil/util.go +++ /dev/null @@ -1,99 +0,0 @@ -// Copyright 2018 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// Package analysisutil defines various helper functions -// used by two or more packages beneath go/analysis. -package analysisutil - -import ( - "go/ast" - "go/token" - "go/types" - "os" - - "golang.org/x/tools/go/analysis" - "golang.org/x/tools/internal/analysisinternal" -) - -// HasSideEffects reports whether evaluation of e has side effects. -func HasSideEffects(info *types.Info, e ast.Expr) bool { - safe := true - ast.Inspect(e, func(node ast.Node) bool { - switch n := node.(type) { - case *ast.CallExpr: - typVal := info.Types[n.Fun] - switch { - case typVal.IsType(): - // Type conversion, which is safe. - case typVal.IsBuiltin(): - // Builtin func, conservatively assumed to not - // be safe for now. - safe = false - return false - default: - // A non-builtin func or method call. - // Conservatively assume that all of them have - // side effects for now. - safe = false - return false - } - case *ast.UnaryExpr: - if n.Op == token.ARROW { - safe = false - return false - } - } - return true - }) - return !safe -} - -// ReadFile reads a file and adds it to the FileSet -// so that we can report errors against it using lineStart. -func ReadFile(pass *analysis.Pass, filename string) ([]byte, *token.File, error) { - readFile := pass.ReadFile - if readFile == nil { - readFile = os.ReadFile - } - content, err := readFile(filename) - if err != nil { - return nil, nil, err - } - tf := pass.Fset.AddFile(filename, -1, len(content)) - tf.SetLinesForContent(content) - return content, tf, nil -} - -// LineStart returns the position of the start of the specified line -// within file f, or NoPos if there is no line of that number. -func LineStart(f *token.File, line int) token.Pos { - // Use binary search to find the start offset of this line. - // - // TODO(adonovan): eventually replace this function with the - // simpler and more efficient (*go/token.File).LineStart, added - // in go1.12. - - min := 0 // inclusive - max := f.Size() // exclusive - for { - offset := (min + max) / 2 - pos := f.Pos(offset) - posn := f.Position(pos) - if posn.Line == line { - return pos - (token.Pos(posn.Column) - 1) - } - - if min+1 >= max { - return token.NoPos - } - - if posn.Line < line { - min = offset - } else { - max = offset - } - } -} - -var MustExtractDoc = analysisinternal.MustExtractDoc diff --git a/vendor/golang.org/x/tools/go/analysis/passes/loopclosure/loopclosure.go b/vendor/golang.org/x/tools/go/analysis/passes/loopclosure/loopclosure.go index 8432e963c6..41b19d7933 100644 --- a/vendor/golang.org/x/tools/go/analysis/passes/loopclosure/loopclosure.go +++ b/vendor/golang.org/x/tools/go/analysis/passes/loopclosure/loopclosure.go @@ -11,9 +11,9 @@ import ( "golang.org/x/tools/go/analysis" "golang.org/x/tools/go/analysis/passes/inspect" - "golang.org/x/tools/go/analysis/passes/internal/analysisutil" "golang.org/x/tools/go/ast/inspector" "golang.org/x/tools/go/types/typeutil" + "golang.org/x/tools/internal/analysis/analyzerutil" "golang.org/x/tools/internal/typesinternal" "golang.org/x/tools/internal/versions" ) @@ -23,7 +23,7 @@ var doc string var Analyzer = &analysis.Analyzer{ Name: "loopclosure", - Doc: analysisutil.MustExtractDoc(doc, "loopclosure"), + Doc: analyzerutil.MustExtractDoc(doc, "loopclosure"), URL: "https://pkg.go.dev/golang.org/x/tools/go/analysis/passes/loopclosure", Requires: []*analysis.Analyzer{inspect.Analyzer}, Run: run, @@ -55,8 +55,8 @@ func run(pass *analysis.Pass) (any, error) { switch n := n.(type) { case *ast.File: // Only traverse the file if its goversion is strictly before go1.22. - goversion := versions.FileVersion(pass.TypesInfo, n) - return versions.Before(goversion, versions.Go1_22) + return !analyzerutil.FileUsesGoVersion(pass, n, versions.Go1_22) + case *ast.RangeStmt: body = n.Body addVar(n.Key) @@ -308,12 +308,11 @@ func parallelSubtest(info *types.Info, call *ast.CallExpr) []ast.Stmt { if !ok { continue } - expr := exprStmt.X - if isMethodCall(info, expr, "testing", "T", "Parallel") { - call, _ := expr.(*ast.CallExpr) - if call == nil { - continue - } + call, ok := exprStmt.X.(*ast.CallExpr) + if !ok { + continue + } + if isMethodCall(info, call, "testing", "T", "Parallel") { x, _ := call.Fun.(*ast.SelectorExpr) if x == nil { continue @@ -347,26 +346,6 @@ func unlabel(stmt ast.Stmt) (ast.Stmt, bool) { } } -// isMethodCall reports whether expr is a method call of -// ... -func isMethodCall(info *types.Info, expr ast.Expr, pkgPath, typeName, method string) bool { - call, ok := expr.(*ast.CallExpr) - if !ok { - return false - } - - // Check that we are calling a method - f := typeutil.StaticCallee(info, call) - if f == nil || f.Name() != method { - return false - } - recv := f.Type().(*types.Signature).Recv() - if recv == nil { - return false - } - - // Check that the receiver is a . or - // *.. - _, named := typesinternal.ReceiverNamed(recv) - return typesinternal.IsTypeNamed(named, pkgPath, typeName) +func isMethodCall(info *types.Info, call *ast.CallExpr, pkgPath, typeName, method string) bool { + return typesinternal.IsMethodNamed(typeutil.Callee(info, call), pkgPath, typeName, method) } diff --git a/vendor/golang.org/x/tools/go/analysis/passes/lostcancel/lostcancel.go b/vendor/golang.org/x/tools/go/analysis/passes/lostcancel/lostcancel.go index cc0bf0fd31..28a5f6cd93 100644 --- a/vendor/golang.org/x/tools/go/analysis/passes/lostcancel/lostcancel.go +++ b/vendor/golang.org/x/tools/go/analysis/passes/lostcancel/lostcancel.go @@ -13,9 +13,9 @@ import ( "golang.org/x/tools/go/analysis" "golang.org/x/tools/go/analysis/passes/ctrlflow" "golang.org/x/tools/go/analysis/passes/inspect" - "golang.org/x/tools/go/analysis/passes/internal/analysisutil" "golang.org/x/tools/go/ast/inspector" "golang.org/x/tools/go/cfg" + "golang.org/x/tools/internal/analysis/analyzerutil" "golang.org/x/tools/internal/astutil" "golang.org/x/tools/internal/typesinternal" ) @@ -25,7 +25,7 @@ var doc string var Analyzer = &analysis.Analyzer{ Name: "lostcancel", - Doc: analysisutil.MustExtractDoc(doc, "lostcancel"), + Doc: analyzerutil.MustExtractDoc(doc, "lostcancel"), URL: "https://pkg.go.dev/golang.org/x/tools/go/analysis/passes/lostcancel", Run: run, Requires: []*analysis.Analyzer{ @@ -316,8 +316,8 @@ outer: } func tupleContains(tuple *types.Tuple, v *types.Var) bool { - for i := 0; i < tuple.Len(); i++ { - if tuple.At(i) == v { + for v0 := range tuple.Variables() { + if v0 == v { return true } } diff --git a/vendor/golang.org/x/tools/go/analysis/passes/nilfunc/nilfunc.go b/vendor/golang.org/x/tools/go/analysis/passes/nilfunc/nilfunc.go index fa1883b0c3..6b37295187 100644 --- a/vendor/golang.org/x/tools/go/analysis/passes/nilfunc/nilfunc.go +++ b/vendor/golang.org/x/tools/go/analysis/passes/nilfunc/nilfunc.go @@ -14,8 +14,8 @@ import ( "golang.org/x/tools/go/analysis" "golang.org/x/tools/go/analysis/passes/inspect" - "golang.org/x/tools/go/analysis/passes/internal/analysisutil" "golang.org/x/tools/go/ast/inspector" + "golang.org/x/tools/internal/analysis/analyzerutil" "golang.org/x/tools/internal/typesinternal" ) @@ -24,7 +24,7 @@ var doc string var Analyzer = &analysis.Analyzer{ Name: "nilfunc", - Doc: analysisutil.MustExtractDoc(doc, "nilfunc"), + Doc: analyzerutil.MustExtractDoc(doc, "nilfunc"), URL: "https://pkg.go.dev/golang.org/x/tools/go/analysis/passes/nilfunc", Requires: []*analysis.Analyzer{inspect.Analyzer}, Run: run, diff --git a/vendor/golang.org/x/tools/go/analysis/passes/nilness/nilness.go b/vendor/golang.org/x/tools/go/analysis/passes/nilness/nilness.go index 8f1cca8f12..6f353968f2 100644 --- a/vendor/golang.org/x/tools/go/analysis/passes/nilness/nilness.go +++ b/vendor/golang.org/x/tools/go/analysis/passes/nilness/nilness.go @@ -12,8 +12,8 @@ import ( "golang.org/x/tools/go/analysis" "golang.org/x/tools/go/analysis/passes/buildssa" - "golang.org/x/tools/go/analysis/passes/internal/analysisutil" "golang.org/x/tools/go/ssa" + "golang.org/x/tools/internal/analysis/analyzerutil" "golang.org/x/tools/internal/typeparams" ) @@ -22,7 +22,7 @@ var doc string var Analyzer = &analysis.Analyzer{ Name: "nilness", - Doc: analysisutil.MustExtractDoc(doc, "nilness"), + Doc: analyzerutil.MustExtractDoc(doc, "nilness"), URL: "https://pkg.go.dev/golang.org/x/tools/go/analysis/passes/nilness", Run: run, Requires: []*analysis.Analyzer{buildssa.Analyzer}, diff --git a/vendor/golang.org/x/tools/go/analysis/passes/printf/doc.go b/vendor/golang.org/x/tools/go/analysis/passes/printf/doc.go index f04e441434..a09bfd1c6c 100644 --- a/vendor/golang.org/x/tools/go/analysis/passes/printf/doc.go +++ b/vendor/golang.org/x/tools/go/analysis/passes/printf/doc.go @@ -92,6 +92,36 @@ // } // logf("%s", 123) // logf format %s has arg 123 of wrong type int // +// Interface methods may also be analyzed as printf wrappers, if +// within the interface's package there is an assignment from a +// implementation type whose corresponding method is a printf wrapper. +// +// For example, the var declaration below causes a *myLoggerImpl value +// to be assigned to a Logger variable: +// +// type Logger interface { +// Logf(format string, args ...any) +// } +// +// type myLoggerImpl struct{ ... } +// +// var _ Logger = (*myLoggerImpl)(nil) +// +// func (*myLoggerImpl) Logf(format string, args ...any) { +// println(fmt.Sprintf(format, args...)) +// } +// +// Since myLoggerImpl's Logf method is a printf wrapper, this +// establishes that Logger.Logf is a printf wrapper too, causing +// dynamic calls through the interface to be checked: +// +// func f(log Logger) { +// log.Logf("%s", 123) // Logger.Logf format %s has arg 123 of wrong type int +// } +// +// This feature applies only to interface methods declared in files +// using at least Go 1.26. +// // # Specifying printf wrappers by flag // // The -funcs flag specifies a comma-separated list of names of diff --git a/vendor/golang.org/x/tools/go/analysis/passes/printf/printf.go b/vendor/golang.org/x/tools/go/analysis/passes/printf/printf.go index d94e592cf1..1afb07c452 100644 --- a/vendor/golang.org/x/tools/go/analysis/passes/printf/printf.go +++ b/vendor/golang.org/x/tools/go/analysis/passes/printf/printf.go @@ -18,16 +18,16 @@ import ( "golang.org/x/tools/go/analysis" "golang.org/x/tools/go/analysis/passes/inspect" - "golang.org/x/tools/go/analysis/passes/internal/analysisutil" "golang.org/x/tools/go/ast/edge" "golang.org/x/tools/go/ast/inspector" "golang.org/x/tools/go/types/typeutil" - "golang.org/x/tools/internal/analysisinternal" + "golang.org/x/tools/internal/analysis/analyzerutil" "golang.org/x/tools/internal/astutil" "golang.org/x/tools/internal/fmtstr" "golang.org/x/tools/internal/typeparams" "golang.org/x/tools/internal/typesinternal" "golang.org/x/tools/internal/versions" + "golang.org/x/tools/refactor/satisfy" ) func init() { @@ -39,7 +39,7 @@ var doc string var Analyzer = &analysis.Analyzer{ Name: "printf", - Doc: analysisutil.MustExtractDoc(doc, "printf"), + Doc: analyzerutil.MustExtractDoc(doc, "printf"), URL: "https://pkg.go.dev/golang.org/x/tools/go/analysis/passes/printf", Requires: []*analysis.Analyzer{inspect.Analyzer}, Run: run, @@ -66,7 +66,7 @@ func (kind Kind) String() string { case KindErrorf: return "errorf" } - return "" + return "(none)" } // Result is the printf analyzer's result type. Clients may query the result @@ -137,9 +137,10 @@ type wrapper struct { callers []printfCaller } +// printfCaller is a candidate print{,f} forwarding call from candidate wrapper w. type printfCaller struct { w *wrapper - call *ast.CallExpr + call *ast.CallExpr // forwarding call (nil for implicit interface method -> impl calls) } // formatArgsParams returns the "format string" and "args ...any" @@ -184,21 +185,42 @@ func findPrintLike(pass *analysis.Pass, res *Result) { wrappers []*wrapper byObj = make(map[types.Object]*wrapper) ) - for cur := range inspect.Root().Preorder((*ast.FuncDecl)(nil), (*ast.FuncLit)(nil)) { - var ( - curBody inspector.Cursor // for *ast.BlockStmt - sig *types.Signature - obj types.Object - ) + for cur := range inspect.Root().Preorder((*ast.FuncDecl)(nil), (*ast.FuncLit)(nil), (*ast.InterfaceType)(nil)) { + + // addWrapper records that a func (or var representing + // a FuncLit) is a potential print{,f} wrapper. + // curBody is its *ast.BlockStmt, if any. + addWrapper := func(obj types.Object, sig *types.Signature, curBody inspector.Cursor) *wrapper { + format, args := formatArgsParams(sig) + if args != nil { + // obj (the symbol for a function/method, or variable + // assigned to an anonymous function) is a potential + // print or printf wrapper. + // + // Later processing will analyze the graph of potential + // wrappers and their function bodies to pick out the + // ones that are true wrappers. + w := &wrapper{ + obj: obj, + curBody: curBody, + format: format, // non-nil => printf + args: args, + } + byObj[w.obj] = w + wrappers = append(wrappers, w) + return w + } + return nil + } + switch f := cur.Node().(type) { case *ast.FuncDecl: // named function or method: // // func wrapf(format string, args ...any) {...} if f.Body != nil { - curBody = cur.ChildAt(edge.FuncDecl_Body, -1) - obj = info.Defs[f.Name] - sig = obj.Type().(*types.Signature) + fn := info.Defs[f.Name].(*types.Func) + addWrapper(fn, fn.Signature(), cur.ChildAt(edge.FuncDecl_Body, -1)) } case *ast.FuncLit: @@ -211,8 +233,6 @@ func findPrintLike(pass *analysis.Pass, res *Result) { // The LHS may also be a struct field x.wrapf or // an imported var pkg.Wrapf. // - sig = info.TypeOf(f).(*types.Signature) - curBody = cur.ChildAt(edge.FuncLit_Body, -1) var lhs ast.Expr switch ek, idx := cur.ParentEdge(); ek { case edge.ValueSpec_Values: @@ -223,49 +243,89 @@ func findPrintLike(pass *analysis.Pass, res *Result) { lhs = curLhs.Node().(ast.Expr) } + var v *types.Var switch lhs := lhs.(type) { case *ast.Ident: // variable: wrapf = func(...) - obj = info.ObjectOf(lhs).(*types.Var) + v, _ = info.ObjectOf(lhs).(*types.Var) case *ast.SelectorExpr: if sel, ok := info.Selections[lhs]; ok { // struct field: x.wrapf = func(...) - obj = sel.Obj().(*types.Var) + v = sel.Obj().(*types.Var) } else { // imported var: pkg.Wrapf = func(...) - obj = info.Uses[lhs.Sel].(*types.Var) + v = info.Uses[lhs.Sel].(*types.Var) } } - } - if obj != nil { - format, args := formatArgsParams(sig) - if args != nil { - // obj (the symbol for a function/method, or variable - // assigned to an anonymous function) is a potential - // print or printf wrapper. - // - // Later processing will analyze the graph of potential - // wrappers and their function bodies to pick out the - // ones that are true wrappers. - w := &wrapper{ - obj: obj, - curBody: curBody, - format: format, // non-nil => printf - args: args, + if v != nil { + sig := info.TypeOf(f).(*types.Signature) + curBody := cur.ChildAt(edge.FuncLit_Body, -1) + addWrapper(v, sig, curBody) + } + + case *ast.InterfaceType: + // Induction through interface methods is gated as + // if it were a go1.26 language feature, to avoid + // surprises when go test's vet suite gets stricter. + if analyzerutil.FileUsesGoVersion(pass, astutil.EnclosingFile(cur), versions.Go1_26) { + for imeth := range info.TypeOf(f).(*types.Interface).Methods() { + addWrapper(imeth, imeth.Signature(), inspector.Cursor{}) } - byObj[w.obj] = w - wrappers = append(wrappers, w) } } } + // impls maps abstract methods to implementations. + // + // Interface methods are modelled as if they have a body + // that calls each implementing method. + // + // In the code below, impls maps Logger.Logf to + // [myLogger.Logf], and if myLogger.Logf is discovered to be + // printf-like, then so will be Logger.Logf. + // + // type Logger interface { + // Logf(format string, args ...any) + // } + // type myLogger struct{ ... } + // func (myLogger) Logf(format string, args ...any) {...} + // var _ Logger = myLogger{} + impls := methodImplementations(pass) + + // doCall records a call from one wrapper to another. + doCall := func(w *wrapper, callee types.Object, call *ast.CallExpr) { + // Call from one wrapper candidate to another? + // Record the edge so that if callee is found to be + // a true wrapper, w will be too. + if w2, ok := byObj[callee]; ok { + w2.callers = append(w2.callers, printfCaller{w, call}) + } + + // Is the candidate a true wrapper, because it calls + // a known print{,f}-like function from the allowlist + // or an imported fact, or another wrapper found + // to be a true wrapper? + // If so, convert all w's callers to kind. + kind := callKind(pass, callee, res) + if kind != KindNone { + propagate(pass, w, call, kind, res) + } + } + // Pass 2: scan the body of each wrapper function // for calls to other printf-like functions. - // - // Also, reject tricky cases where the parameters - // are potentially mutated by AssignStmt or UnaryExpr. - // TODO: Relax these checks; issue 26555. for _, w := range wrappers { + + // An interface method has no body, but acts + // like an implicit call to each implementing method. + if w.curBody.Inspector() == nil { + for impl := range impls[w.obj.(*types.Func)] { + doCall(w, impl, nil) + } + continue // (no body) + } + + // Process all calls in the wrapper function's body. scan: for cur := range w.curBody.Preorder( (*ast.AssignStmt)(nil), @@ -273,6 +333,12 @@ func findPrintLike(pass *analysis.Pass, res *Result) { (*ast.CallExpr)(nil), ) { switch n := cur.Node().(type) { + + // Reject tricky cases where the parameters + // are potentially mutated by AssignStmt or UnaryExpr. + // (This logic checks for mutation only before the call.) + // TODO: Relax these checks; issue 26555. + case *ast.AssignStmt: // If the wrapper updates format or args // it is not a simple wrapper. @@ -295,23 +361,7 @@ func findPrintLike(pass *analysis.Pass, res *Result) { case *ast.CallExpr: if len(n.Args) > 0 && match(info, n.Args[len(n.Args)-1], w.args) { if callee := typeutil.Callee(pass.TypesInfo, n); callee != nil { - - // Call from one wrapper candidate to another? - // Record the edge so that if callee is found to be - // a true wrapper, w will be too. - if w2, ok := byObj[callee]; ok { - w2.callers = append(w2.callers, printfCaller{w, n}) - } - - // Is the candidate a true wrapper, because it calls - // a known print{,f}-like function from the allowlist - // or an imported fact, or another wrapper found - // to be a true wrapper? - // If so, convert all w's callers to kind. - kind := callKind(pass, callee, res) - if kind != KindNone { - checkForward(pass, w, n, kind, res) - } + doCall(w, callee, n) } } } @@ -319,40 +369,60 @@ func findPrintLike(pass *analysis.Pass, res *Result) { } } +// methodImplementations returns the mapping from interface methods +// declared in this package to their corresponding implementing +// methods (which may also be interface methods), according to the set +// of assignments to interface types that appear within this package. +func methodImplementations(pass *analysis.Pass) map[*types.Func]map[*types.Func]bool { + impls := make(map[*types.Func]map[*types.Func]bool) + + // To find interface/implementation relations, + // we use the 'satisfy' pass, but proposal #70638 + // provides a better way. + // + // This pass over the syntax could be factored out as + // a separate analysis pass if it is needed by other + // analyzers. + var f satisfy.Finder + f.Find(pass.TypesInfo, pass.Files) + for assign := range f.Result { + // Have: LHS = RHS, where LHS is an interface type. + for imeth := range assign.LHS.Underlying().(*types.Interface).Methods() { + // Limit to interface methods of current package. + if imeth.Pkg() != pass.Pkg { + continue + } + + if _, args := formatArgsParams(imeth.Signature()); args == nil { + continue // not print{,f}-like + } + + // Add implementing method to the set. + impl, _, _ := types.LookupFieldOrMethod(assign.RHS, false, pass.Pkg, imeth.Name()) // can't fail + set, ok := impls[imeth] + if !ok { + set = make(map[*types.Func]bool) + impls[imeth] = set + } + set[impl.(*types.Func)] = true + } + } + return impls +} + func match(info *types.Info, arg ast.Expr, param *types.Var) bool { id, ok := arg.(*ast.Ident) return ok && info.ObjectOf(id) == param } -// checkForward checks that a forwarding wrapper is forwarding correctly. -// It diagnoses writing fmt.Printf(format, args) instead of fmt.Printf(format, args...). -func checkForward(pass *analysis.Pass, w *wrapper, call *ast.CallExpr, kind Kind, res *Result) { - matched := kind == KindPrint || - kind != KindNone && len(call.Args) >= 2 && match(pass.TypesInfo, call.Args[len(call.Args)-2], w.format) - if !matched { - return - } - - if !call.Ellipsis.IsValid() { - typ, ok := pass.TypesInfo.Types[call.Fun].Type.(*types.Signature) - if !ok { - return - } - if len(call.Args) > typ.Params().Len() { - // If we're passing more arguments than what the - // print/printf function can take, adding an ellipsis - // would break the program. For example: - // - // func foo(arg1 string, arg2 ...interface{}) { - // fmt.Printf("%s %v", arg1, arg2) - // } - return - } - desc := "printf" - if kind == KindPrint { - desc = "print" - } - pass.ReportRangef(call, "missing ... in args forwarded to %s-like function", desc) +// propagate propagates changes in wrapper (non-None) kind information backwards +// through through the wrapper.callers graph of well-formed forwarding calls. +func propagate(pass *analysis.Pass, w *wrapper, call *ast.CallExpr, kind Kind, res *Result) { + // Check correct call forwarding. + // + // Interface methods (call==nil) forward + // correctly by construction. + if call != nil && !checkForward(pass, w, call, kind) { return } @@ -373,11 +443,50 @@ func checkForward(pass *analysis.Pass, w *wrapper, call *ast.CallExpr, kind Kind // Propagate kind back to known callers. for _, caller := range w.callers { - checkForward(pass, caller.w, caller.call, kind, res) + propagate(pass, caller.w, caller.call, kind, res) } } } +// checkForward checks whether a call from wrapper w is a well-formed +// forwarding call of the specified (non-None) kind. +// +// If not, it reports a diagnostic that the user wrote +// fmt.Printf(format, args) instead of fmt.Printf(format, args...). +func checkForward(pass *analysis.Pass, w *wrapper, call *ast.CallExpr, kind Kind) bool { + // Printf/Errorf calls must delegate the format string. + switch kind { + case KindPrintf, KindErrorf: + if len(call.Args) < 2 || !match(pass.TypesInfo, call.Args[len(call.Args)-2], w.format) { + return false + } + } + + // The args... delegation must be variadic. + // (That args is actually delegated was + // established before the root call to doCall.) + if !call.Ellipsis.IsValid() { + typ, ok := pass.TypesInfo.Types[call.Fun].Type.(*types.Signature) + if !ok { + return false + } + if len(call.Args) > typ.Params().Len() { + // If we're passing more arguments than what the + // print/printf function can take, adding an ellipsis + // would break the program. For example: + // + // func foo(arg1 string, arg2 ...interface{}) { + // fmt.Printf("%s %v", arg1, arg2) + // } + return false + } + pass.ReportRangef(call, "missing ... in args forwarded to %s-like function", kind) + return false + } + + return true +} + func origin(obj types.Object) types.Object { switch obj := obj.(type) { case *types.Func: @@ -445,16 +554,14 @@ var isPrint = stringSet{ "(*testing.common).Logf": true, "(*testing.common).Skip": true, "(*testing.common).Skipf": true, - // *testing.T and B are detected by induction, but testing.TB is - // an interface and the inference can't follow dynamic calls. - "(testing.TB).Error": true, - "(testing.TB).Errorf": true, - "(testing.TB).Fatal": true, - "(testing.TB).Fatalf": true, - "(testing.TB).Log": true, - "(testing.TB).Logf": true, - "(testing.TB).Skip": true, - "(testing.TB).Skipf": true, + "(testing.TB).Error": true, + "(testing.TB).Errorf": true, + "(testing.TB).Fatal": true, + "(testing.TB).Fatalf": true, + "(testing.TB).Log": true, + "(testing.TB).Logf": true, + "(testing.TB).Skip": true, + "(testing.TB).Skipf": true, } // formatStringIndex returns the index of the format string (the last @@ -613,7 +720,7 @@ func checkPrintf(pass *analysis.Pass, fileVersion string, kind Kind, call *ast.C // breaking existing tests and CI scripts. if idx == len(call.Args)-1 && fileVersion != "" && // fail open - versions.AtLeast(fileVersion, "go1.24") { + versions.AtLeast(fileVersion, versions.Go1_24) { pass.Report(analysis.Diagnostic{ Pos: formatArg.Pos(), @@ -663,7 +770,7 @@ func checkPrintf(pass *analysis.Pass, fileVersion string, kind Kind, call *ast.C anyIndex = true } rng := opRange(formatArg, op) - if !okPrintfArg(pass, call, rng, &maxArgIndex, firstArg, name, op) { + if !okPrintfArg(pass, fileVersion, call, rng, &maxArgIndex, firstArg, name, op) { // One error per format is enough. return } @@ -695,9 +802,9 @@ func checkPrintf(pass *analysis.Pass, fileVersion string, kind Kind, call *ast.C // such as the position of the %v substring of "...%v...". func opRange(formatArg ast.Expr, op *fmtstr.Operation) analysis.Range { if lit, ok := formatArg.(*ast.BasicLit); ok { - start, end, err := astutil.RangeInStringLiteral(lit, op.Range.Start, op.Range.End) + rng, err := astutil.RangeInStringLiteral(lit, op.Range.Start, op.Range.End) if err == nil { - return analysisinternal.Range(start, end) // position of "%v" + return rng // position of "%v" } } return formatArg // entire format string @@ -708,6 +815,7 @@ type printfArgType int const ( argBool printfArgType = 1 << iota + argByte argInt argRune argString @@ -752,7 +860,7 @@ var printVerbs = []printVerb{ {'o', sharpNumFlag, argInt | argPointer}, {'O', sharpNumFlag, argInt | argPointer}, {'p', "-#", argPointer}, - {'q', " -+.0#", argRune | argInt | argString}, + {'q', " -+.0#", argRune | argInt | argString}, // note: when analyzing go1.26 code, argInt => argByte {'s', " -+.0", argString}, {'t', "-", argBool}, {'T', "-", anyType}, @@ -766,7 +874,7 @@ var printVerbs = []printVerb{ // okPrintfArg compares the operation to the arguments actually present, // reporting any discrepancies it can discern, maxArgIndex was the index of the highest used index. // If the final argument is ellipsissed, there's little it can do for that. -func okPrintfArg(pass *analysis.Pass, call *ast.CallExpr, rng analysis.Range, maxArgIndex *int, firstArg int, name string, operation *fmtstr.Operation) (ok bool) { +func okPrintfArg(pass *analysis.Pass, fileVersion string, call *ast.CallExpr, rng analysis.Range, maxArgIndex *int, firstArg int, name string, operation *fmtstr.Operation) (ok bool) { verb := operation.Verb.Verb var v printVerb found := false @@ -778,6 +886,13 @@ func okPrintfArg(pass *analysis.Pass, call *ast.CallExpr, rng analysis.Range, ma } } + // When analyzing go1.26 code, rune and byte are the only %q integers (#72850). + if verb == 'q' && + fileVersion != "" && // fail open + versions.AtLeast(fileVersion, versions.Go1_26) { + v.typ = argRune | argByte | argString + } + // Could verb's arg implement fmt.Formatter? // Skip check for the %w verb, which requires an error. formatter := false diff --git a/vendor/golang.org/x/tools/go/analysis/passes/printf/types.go b/vendor/golang.org/x/tools/go/analysis/passes/printf/types.go index f7e50f98a9..2cc5c23f12 100644 --- a/vendor/golang.org/x/tools/go/analysis/passes/printf/types.go +++ b/vendor/golang.org/x/tools/go/analysis/passes/printf/types.go @@ -204,8 +204,7 @@ func (m *argMatcher) match(typ types.Type, topLevel bool) bool { case *types.Struct: // report whether all the elements of the struct match the expected type. For // instance, with "%d" all the elements must be printable with the "%d" format. - for i := 0; i < typ.NumFields(); i++ { - typf := typ.Field(i) + for typf := range typ.Fields() { if !m.match(typf.Type(), false) { return false } @@ -228,14 +227,20 @@ func (m *argMatcher) match(typ types.Type, topLevel bool) bool { types.Bool: return m.t&argBool != 0 + case types.Byte: + return m.t&(argInt|argByte) != 0 + + case types.Rune, types.UntypedRune: + return m.t&(argInt|argRune) != 0 + case types.UntypedInt, types.Int, types.Int8, types.Int16, - types.Int32, + // see case Rune for int32 types.Int64, types.Uint, - types.Uint8, + // see case Byte for uint8 types.Uint16, types.Uint32, types.Uint64, @@ -259,9 +264,6 @@ func (m *argMatcher) match(typ types.Type, topLevel bool) bool { case types.UnsafePointer: return m.t&(argPointer|argInt) != 0 - case types.UntypedRune: - return m.t&(argInt|argRune) != 0 - case types.UntypedNil: return false diff --git a/vendor/golang.org/x/tools/go/analysis/passes/reflectvaluecompare/reflectvaluecompare.go b/vendor/golang.org/x/tools/go/analysis/passes/reflectvaluecompare/reflectvaluecompare.go index 5626ac1c12..5ce3574984 100644 --- a/vendor/golang.org/x/tools/go/analysis/passes/reflectvaluecompare/reflectvaluecompare.go +++ b/vendor/golang.org/x/tools/go/analysis/passes/reflectvaluecompare/reflectvaluecompare.go @@ -11,9 +11,9 @@ import ( "golang.org/x/tools/go/analysis" "golang.org/x/tools/go/analysis/passes/inspect" - "golang.org/x/tools/go/analysis/passes/internal/analysisutil" "golang.org/x/tools/go/ast/inspector" "golang.org/x/tools/go/types/typeutil" + "golang.org/x/tools/internal/analysis/analyzerutil" "golang.org/x/tools/internal/typesinternal" ) @@ -22,7 +22,7 @@ var doc string var Analyzer = &analysis.Analyzer{ Name: "reflectvaluecompare", - Doc: analysisutil.MustExtractDoc(doc, "reflectvaluecompare"), + Doc: analyzerutil.MustExtractDoc(doc, "reflectvaluecompare"), URL: "https://pkg.go.dev/golang.org/x/tools/go/analysis/passes/reflectvaluecompare", Requires: []*analysis.Analyzer{inspect.Analyzer}, Run: run, diff --git a/vendor/golang.org/x/tools/go/analysis/passes/shadow/shadow.go b/vendor/golang.org/x/tools/go/analysis/passes/shadow/shadow.go index 8f768bb76c..8e60e38942 100644 --- a/vendor/golang.org/x/tools/go/analysis/passes/shadow/shadow.go +++ b/vendor/golang.org/x/tools/go/analysis/passes/shadow/shadow.go @@ -12,8 +12,8 @@ import ( "golang.org/x/tools/go/analysis" "golang.org/x/tools/go/analysis/passes/inspect" - "golang.org/x/tools/go/analysis/passes/internal/analysisutil" "golang.org/x/tools/go/ast/inspector" + "golang.org/x/tools/internal/analysis/analyzerutil" ) // NOTE: Experimental. Not part of the vet suite. @@ -23,7 +23,7 @@ var doc string var Analyzer = &analysis.Analyzer{ Name: "shadow", - Doc: analysisutil.MustExtractDoc(doc, "shadow"), + Doc: analyzerutil.MustExtractDoc(doc, "shadow"), URL: "https://pkg.go.dev/golang.org/x/tools/go/analysis/passes/shadow", Requires: []*analysis.Analyzer{inspect.Analyzer}, Run: run, diff --git a/vendor/golang.org/x/tools/go/analysis/passes/sigchanyzer/sigchanyzer.go b/vendor/golang.org/x/tools/go/analysis/passes/sigchanyzer/sigchanyzer.go index c339fa064d..174c27109e 100644 --- a/vendor/golang.org/x/tools/go/analysis/passes/sigchanyzer/sigchanyzer.go +++ b/vendor/golang.org/x/tools/go/analysis/passes/sigchanyzer/sigchanyzer.go @@ -18,8 +18,8 @@ import ( "golang.org/x/tools/go/analysis" "golang.org/x/tools/go/analysis/passes/inspect" - "golang.org/x/tools/go/analysis/passes/internal/analysisutil" "golang.org/x/tools/go/ast/inspector" + "golang.org/x/tools/internal/analysis/analyzerutil" "golang.org/x/tools/internal/typesinternal" ) @@ -29,7 +29,7 @@ var doc string // Analyzer describes sigchanyzer analysis function detector. var Analyzer = &analysis.Analyzer{ Name: "sigchanyzer", - Doc: analysisutil.MustExtractDoc(doc, "sigchanyzer"), + Doc: analyzerutil.MustExtractDoc(doc, "sigchanyzer"), URL: "https://pkg.go.dev/golang.org/x/tools/go/analysis/passes/sigchanyzer", Requires: []*analysis.Analyzer{inspect.Analyzer}, Run: run, diff --git a/vendor/golang.org/x/tools/go/analysis/passes/slog/slog.go b/vendor/golang.org/x/tools/go/analysis/passes/slog/slog.go index cc58396a02..4afbe04684 100644 --- a/vendor/golang.org/x/tools/go/analysis/passes/slog/slog.go +++ b/vendor/golang.org/x/tools/go/analysis/passes/slog/slog.go @@ -17,9 +17,9 @@ import ( "golang.org/x/tools/go/analysis" "golang.org/x/tools/go/analysis/passes/inspect" - "golang.org/x/tools/go/analysis/passes/internal/analysisutil" "golang.org/x/tools/go/ast/inspector" "golang.org/x/tools/go/types/typeutil" + "golang.org/x/tools/internal/analysis/analyzerutil" "golang.org/x/tools/internal/astutil" "golang.org/x/tools/internal/typesinternal" ) @@ -29,7 +29,7 @@ var doc string var Analyzer = &analysis.Analyzer{ Name: "slog", - Doc: analysisutil.MustExtractDoc(doc, "slog"), + Doc: analyzerutil.MustExtractDoc(doc, "slog"), URL: "https://pkg.go.dev/golang.org/x/tools/go/analysis/passes/slog", Requires: []*analysis.Analyzer{inspect.Analyzer}, Run: run, @@ -168,7 +168,7 @@ func isAttr(t types.Type) bool { // "slog.Logger.With" (instead of "(*log/slog.Logger).With") func shortName(fn *types.Func) string { var r string - if recv := fn.Type().(*types.Signature).Recv(); recv != nil { + if recv := fn.Signature().Recv(); recv != nil { if _, named := typesinternal.ReceiverNamed(recv); named != nil { r = named.Obj().Name() } else { @@ -188,7 +188,7 @@ func kvFuncSkipArgs(fn *types.Func) (int, bool) { return 0, false } var recvName string // by default a slog package function - if recv := fn.Type().(*types.Signature).Recv(); recv != nil { + if recv := fn.Signature().Recv(); recv != nil { _, named := typesinternal.ReceiverNamed(recv) if named == nil { return 0, false // anon struct/interface diff --git a/vendor/golang.org/x/tools/go/analysis/passes/stdmethods/stdmethods.go b/vendor/golang.org/x/tools/go/analysis/passes/stdmethods/stdmethods.go index a0bdf001ab..b68385b242 100644 --- a/vendor/golang.org/x/tools/go/analysis/passes/stdmethods/stdmethods.go +++ b/vendor/golang.org/x/tools/go/analysis/passes/stdmethods/stdmethods.go @@ -12,8 +12,8 @@ import ( "golang.org/x/tools/go/analysis" "golang.org/x/tools/go/analysis/passes/inspect" - "golang.org/x/tools/go/analysis/passes/internal/analysisutil" "golang.org/x/tools/go/ast/inspector" + "golang.org/x/tools/internal/analysis/analyzerutil" ) //go:embed doc.go @@ -21,7 +21,7 @@ var doc string var Analyzer = &analysis.Analyzer{ Name: "stdmethods", - Doc: analysisutil.MustExtractDoc(doc, "stdmethods"), + Doc: analyzerutil.MustExtractDoc(doc, "stdmethods"), URL: "https://pkg.go.dev/golang.org/x/tools/go/analysis/passes/stdmethods", Requires: []*analysis.Analyzer{inspect.Analyzer}, Run: run, @@ -131,12 +131,12 @@ func canonicalMethod(pass *analysis.Pass, id *ast.Ident) { } // Do the =s (if any) all match? - if !matchParams(pass, expect.args, args, "=") || !matchParams(pass, expect.results, results, "=") { + if !matchParams(expect.args, args, "=") || !matchParams(expect.results, results, "=") { return } // Everything must match. - if !matchParams(pass, expect.args, args, "") || !matchParams(pass, expect.results, results, "") { + if !matchParams(expect.args, args, "") || !matchParams(expect.results, results, "") { expectFmt := id.Name + "(" + argjoin(expect.args) + ")" if len(expect.results) == 1 { expectFmt += " " + argjoin(expect.results) @@ -168,7 +168,7 @@ func argjoin(x []string) string { } // Does each type in expect with the given prefix match the corresponding type in actual? -func matchParams(pass *analysis.Pass, expect []string, actual *types.Tuple, prefix string) bool { +func matchParams(expect []string, actual *types.Tuple, prefix string) bool { for i, x := range expect { if !strings.HasPrefix(x, prefix) { continue diff --git a/vendor/golang.org/x/tools/go/analysis/passes/stdversion/stdversion.go b/vendor/golang.org/x/tools/go/analysis/passes/stdversion/stdversion.go index 3147219561..d1fda880e8 100644 --- a/vendor/golang.org/x/tools/go/analysis/passes/stdversion/stdversion.go +++ b/vendor/golang.org/x/tools/go/analysis/passes/stdversion/stdversion.go @@ -99,6 +99,13 @@ func run(pass *analysis.Pass) (any, error) { if obj, ok := pass.TypesInfo.Uses[n]; ok && obj.Pkg() != nil { disallowed := disallowedSymbols(obj.Pkg(), fileVersion) if minVersion, ok := disallowed[origin(obj)]; ok { + // Some symbols are accessible before their release but + // only with specific build tags unknown to us here. + // Avoid false positives in such cases. + // TODO(mkalil): move this check into typesinternal.TooNewStdSymbols. + if obj.Pkg().Path() == "testing/synctest" && versions.AtLeast(fileVersion, "go1.24") { + break // requires go1.24 && goexperiment.synctest || go1.25 + } noun := "module" if fileVersion != pkgVersion { noun = "file" diff --git a/vendor/golang.org/x/tools/go/analysis/passes/stringintconv/string.go b/vendor/golang.org/x/tools/go/analysis/passes/stringintconv/string.go index 7a02d85ce7..0cbae68898 100644 --- a/vendor/golang.org/x/tools/go/analysis/passes/stringintconv/string.go +++ b/vendor/golang.org/x/tools/go/analysis/passes/stringintconv/string.go @@ -13,8 +13,8 @@ import ( "golang.org/x/tools/go/analysis" "golang.org/x/tools/go/analysis/passes/inspect" - "golang.org/x/tools/go/analysis/passes/internal/analysisutil" "golang.org/x/tools/go/ast/inspector" + "golang.org/x/tools/internal/analysis/analyzerutil" "golang.org/x/tools/internal/refactor" "golang.org/x/tools/internal/typeparams" "golang.org/x/tools/internal/typesinternal" @@ -25,7 +25,7 @@ var doc string var Analyzer = &analysis.Analyzer{ Name: "stringintconv", - Doc: analysisutil.MustExtractDoc(doc, "stringintconv"), + Doc: analyzerutil.MustExtractDoc(doc, "stringintconv"), URL: "https://pkg.go.dev/golang.org/x/tools/go/analysis/passes/stringintconv", Requires: []*analysis.Analyzer{inspect.Analyzer}, Run: run, diff --git a/vendor/golang.org/x/tools/go/analysis/passes/testinggoroutine/testinggoroutine.go b/vendor/golang.org/x/tools/go/analysis/passes/testinggoroutine/testinggoroutine.go index 400a6960c6..e38c266afe 100644 --- a/vendor/golang.org/x/tools/go/analysis/passes/testinggoroutine/testinggoroutine.go +++ b/vendor/golang.org/x/tools/go/analysis/passes/testinggoroutine/testinggoroutine.go @@ -13,9 +13,9 @@ import ( "golang.org/x/tools/go/analysis" "golang.org/x/tools/go/analysis/passes/inspect" - "golang.org/x/tools/go/analysis/passes/internal/analysisutil" "golang.org/x/tools/go/ast/inspector" "golang.org/x/tools/go/types/typeutil" + "golang.org/x/tools/internal/analysis/analyzerutil" "golang.org/x/tools/internal/typesinternal" ) @@ -30,7 +30,7 @@ func init() { var Analyzer = &analysis.Analyzer{ Name: "testinggoroutine", - Doc: analysisutil.MustExtractDoc(doc, "testinggoroutine"), + Doc: analyzerutil.MustExtractDoc(doc, "testinggoroutine"), URL: "https://pkg.go.dev/golang.org/x/tools/go/analysis/passes/testinggoroutine", Requires: []*analysis.Analyzer{inspect.Analyzer}, Run: run, diff --git a/vendor/golang.org/x/tools/go/analysis/passes/testinggoroutine/util.go b/vendor/golang.org/x/tools/go/analysis/passes/testinggoroutine/util.go index db2e5f76d1..4b68a789cf 100644 --- a/vendor/golang.org/x/tools/go/analysis/passes/testinggoroutine/util.go +++ b/vendor/golang.org/x/tools/go/analysis/passes/testinggoroutine/util.go @@ -36,7 +36,7 @@ func localFunctionDecls(info *types.Info, files []*ast.File) func(*types.Func) * // isMethodNamed returns true if f is a method defined // in package with the path pkgPath with a name in names. // -// (Unlike [analysisinternal.IsMethodNamed], it ignores the receiver type name.) +// (Unlike [analysis.IsMethodNamed], it ignores the receiver type name.) func isMethodNamed(f *types.Func, pkgPath string, names ...string) bool { if f == nil { return false @@ -44,7 +44,7 @@ func isMethodNamed(f *types.Func, pkgPath string, names ...string) bool { if f.Pkg() == nil || f.Pkg().Path() != pkgPath { return false } - if f.Type().(*types.Signature).Recv() == nil { + if f.Signature().Recv() == nil { return false } return slices.Contains(names, f.Name()) diff --git a/vendor/golang.org/x/tools/go/analysis/passes/tests/tests.go b/vendor/golang.org/x/tools/go/analysis/passes/tests/tests.go index 1c0e92d01d..1f33df8403 100644 --- a/vendor/golang.org/x/tools/go/analysis/passes/tests/tests.go +++ b/vendor/golang.org/x/tools/go/analysis/passes/tests/tests.go @@ -15,8 +15,8 @@ import ( "unicode/utf8" "golang.org/x/tools/go/analysis" - "golang.org/x/tools/go/analysis/passes/internal/analysisutil" - "golang.org/x/tools/internal/analysisinternal" + "golang.org/x/tools/internal/analysis/analyzerutil" + "golang.org/x/tools/internal/astutil" "golang.org/x/tools/internal/typesinternal" ) @@ -25,7 +25,7 @@ var doc string var Analyzer = &analysis.Analyzer{ Name: "tests", - Doc: analysisutil.MustExtractDoc(doc, "tests"), + Doc: analyzerutil.MustExtractDoc(doc, "tests"), URL: "https://pkg.go.dev/golang.org/x/tools/go/analysis/passes/tests", Run: run, } @@ -465,7 +465,7 @@ func checkTest(pass *analysis.Pass, fn *ast.FuncDecl, prefix string) { if tparams := fn.Type.TypeParams; tparams != nil && len(tparams.List) > 0 { // Note: cmd/go/internal/load also errors about TestXXX and BenchmarkXXX functions with type parameters. // We have currently decided to also warn before compilation/package loading. This can help users in IDEs. - pass.ReportRangef(analysisinternal.Range(tparams.Opening, tparams.Closing), + pass.ReportRangef(astutil.RangeOf(tparams.Opening, tparams.Closing), "%s has type parameters: it will not be run by go test as a %sXXX function", fn.Name.Name, prefix) } diff --git a/vendor/golang.org/x/tools/go/analysis/passes/timeformat/timeformat.go b/vendor/golang.org/x/tools/go/analysis/passes/timeformat/timeformat.go index db91d37c12..8353c1efa9 100644 --- a/vendor/golang.org/x/tools/go/analysis/passes/timeformat/timeformat.go +++ b/vendor/golang.org/x/tools/go/analysis/passes/timeformat/timeformat.go @@ -16,9 +16,9 @@ import ( "golang.org/x/tools/go/analysis" "golang.org/x/tools/go/analysis/passes/inspect" - "golang.org/x/tools/go/analysis/passes/internal/analysisutil" "golang.org/x/tools/go/ast/inspector" "golang.org/x/tools/go/types/typeutil" + "golang.org/x/tools/internal/analysis/analyzerutil" "golang.org/x/tools/internal/typesinternal" ) @@ -30,7 +30,7 @@ var doc string var Analyzer = &analysis.Analyzer{ Name: "timeformat", - Doc: analysisutil.MustExtractDoc(doc, "timeformat"), + Doc: analyzerutil.MustExtractDoc(doc, "timeformat"), URL: "https://pkg.go.dev/golang.org/x/tools/go/analysis/passes/timeformat", Requires: []*analysis.Analyzer{inspect.Analyzer}, Run: run, @@ -39,7 +39,7 @@ var Analyzer = &analysis.Analyzer{ func run(pass *analysis.Pass) (any, error) { // Note: (time.Time).Format is a method and can be a typeutil.Callee // without directly importing "time". So we cannot just skip this package - // when !analysisutil.Imports(pass.Pkg, "time"). + // when !analysis.Imports(pass.Pkg, "time"). // TODO(taking): Consider using a prepass to collect typeutil.Callees. inspect := pass.ResultOf[inspect.Analyzer].(*inspector.Inspector) diff --git a/vendor/golang.org/x/tools/go/analysis/passes/unmarshal/unmarshal.go b/vendor/golang.org/x/tools/go/analysis/passes/unmarshal/unmarshal.go index 26e894bd40..38eb0b1063 100644 --- a/vendor/golang.org/x/tools/go/analysis/passes/unmarshal/unmarshal.go +++ b/vendor/golang.org/x/tools/go/analysis/passes/unmarshal/unmarshal.go @@ -11,9 +11,9 @@ import ( "golang.org/x/tools/go/analysis" "golang.org/x/tools/go/analysis/passes/inspect" - "golang.org/x/tools/go/analysis/passes/internal/analysisutil" "golang.org/x/tools/go/ast/inspector" "golang.org/x/tools/go/types/typeutil" + "golang.org/x/tools/internal/analysis/analyzerutil" "golang.org/x/tools/internal/typesinternal" ) @@ -22,7 +22,7 @@ var doc string var Analyzer = &analysis.Analyzer{ Name: "unmarshal", - Doc: analysisutil.MustExtractDoc(doc, "unmarshal"), + Doc: analyzerutil.MustExtractDoc(doc, "unmarshal"), URL: "https://pkg.go.dev/golang.org/x/tools/go/analysis/passes/unmarshal", Requires: []*analysis.Analyzer{inspect.Analyzer}, Run: run, @@ -39,7 +39,7 @@ func run(pass *analysis.Pass) (any, error) { // Note: (*"encoding/json".Decoder).Decode, (* "encoding/gob".Decoder).Decode // and (* "encoding/xml".Decoder).Decode are methods and can be a typeutil.Callee // without directly importing their packages. So we cannot just skip this package - // when !analysisutil.Imports(pass.Pkg, "encoding/..."). + // when !analysis.Imports(pass.Pkg, "encoding/..."). // TODO(taking): Consider using a prepass to collect typeutil.Callees. inspect := pass.ResultOf[inspect.Analyzer].(*inspector.Inspector) @@ -57,7 +57,7 @@ func run(pass *analysis.Pass) (any, error) { // Classify the callee (without allocating memory). argidx := -1 - recv := fn.Type().(*types.Signature).Recv() + recv := fn.Signature().Recv() if fn.Name() == "Unmarshal" && recv == nil { // "encoding/json".Unmarshal // "encoding/xml".Unmarshal diff --git a/vendor/golang.org/x/tools/go/analysis/passes/unreachable/unreachable.go b/vendor/golang.org/x/tools/go/analysis/passes/unreachable/unreachable.go index 317f034992..532f38fe91 100644 --- a/vendor/golang.org/x/tools/go/analysis/passes/unreachable/unreachable.go +++ b/vendor/golang.org/x/tools/go/analysis/passes/unreachable/unreachable.go @@ -14,8 +14,9 @@ import ( "golang.org/x/tools/go/analysis" "golang.org/x/tools/go/analysis/passes/inspect" - "golang.org/x/tools/go/analysis/passes/internal/analysisutil" "golang.org/x/tools/go/ast/inspector" + "golang.org/x/tools/internal/analysis/analyzerutil" + "golang.org/x/tools/internal/refactor" ) //go:embed doc.go @@ -23,7 +24,7 @@ var doc string var Analyzer = &analysis.Analyzer{ Name: "unreachable", - Doc: analysisutil.MustExtractDoc(doc, "unreachable"), + Doc: analyzerutil.MustExtractDoc(doc, "unreachable"), URL: "https://pkg.go.dev/golang.org/x/tools/go/analysis/passes/unreachable", Requires: []*analysis.Analyzer{inspect.Analyzer}, RunDespiteErrors: true, @@ -188,6 +189,11 @@ func (d *deadState) findDead(stmt ast.Stmt) { case *ast.EmptyStmt: // do not warn about unreachable empty statements default: + var ( + inspect = d.pass.ResultOf[inspect.Analyzer].(*inspector.Inspector) + curStmt, _ = inspect.Root().FindNode(stmt) + tokFile = d.pass.Fset.File(stmt.Pos()) + ) // (This call to pass.Report is a frequent source // of diagnostics beyond EOF in a truncated file; // see #71659.) @@ -196,11 +202,8 @@ func (d *deadState) findDead(stmt ast.Stmt) { End: stmt.End(), Message: "unreachable code", SuggestedFixes: []analysis.SuggestedFix{{ - Message: "Remove", - TextEdits: []analysis.TextEdit{{ - Pos: stmt.Pos(), - End: stmt.End(), - }}, + Message: "Remove", + TextEdits: refactor.DeleteStmt(tokFile, curStmt), }}, }) d.reachable = true // silence error about next statement diff --git a/vendor/golang.org/x/tools/go/analysis/passes/unsafeptr/unsafeptr.go b/vendor/golang.org/x/tools/go/analysis/passes/unsafeptr/unsafeptr.go index 778010bc0d..ce785725e3 100644 --- a/vendor/golang.org/x/tools/go/analysis/passes/unsafeptr/unsafeptr.go +++ b/vendor/golang.org/x/tools/go/analysis/passes/unsafeptr/unsafeptr.go @@ -14,8 +14,8 @@ import ( "golang.org/x/tools/go/analysis" "golang.org/x/tools/go/analysis/passes/inspect" - "golang.org/x/tools/go/analysis/passes/internal/analysisutil" "golang.org/x/tools/go/ast/inspector" + "golang.org/x/tools/internal/analysis/analyzerutil" "golang.org/x/tools/internal/typesinternal" ) @@ -24,7 +24,7 @@ var doc string var Analyzer = &analysis.Analyzer{ Name: "unsafeptr", - Doc: analysisutil.MustExtractDoc(doc, "unsafeptr"), + Doc: analyzerutil.MustExtractDoc(doc, "unsafeptr"), URL: "https://pkg.go.dev/golang.org/x/tools/go/analysis/passes/unsafeptr", Requires: []*analysis.Analyzer{inspect.Analyzer}, Run: run, diff --git a/vendor/golang.org/x/tools/go/analysis/passes/unusedresult/unusedresult.go b/vendor/golang.org/x/tools/go/analysis/passes/unusedresult/unusedresult.go index ed4cf7ae0b..bd32d58690 100644 --- a/vendor/golang.org/x/tools/go/analysis/passes/unusedresult/unusedresult.go +++ b/vendor/golang.org/x/tools/go/analysis/passes/unusedresult/unusedresult.go @@ -23,10 +23,10 @@ import ( "golang.org/x/tools/go/analysis" "golang.org/x/tools/go/analysis/passes/inspect" - "golang.org/x/tools/go/analysis/passes/internal/analysisutil" "golang.org/x/tools/go/ast/inspector" "golang.org/x/tools/go/types/typeutil" - "golang.org/x/tools/internal/analysisinternal" + "golang.org/x/tools/internal/analysis/analyzerutil" + "golang.org/x/tools/internal/astutil" ) //go:embed doc.go @@ -34,7 +34,7 @@ var doc string var Analyzer = &analysis.Analyzer{ Name: "unusedresult", - Doc: analysisutil.MustExtractDoc(doc, "unusedresult"), + Doc: analyzerutil.MustExtractDoc(doc, "unusedresult"), URL: "https://pkg.go.dev/golang.org/x/tools/go/analysis/passes/unusedresult", Requires: []*analysis.Analyzer{inspect.Analyzer}, Run: run, @@ -150,11 +150,11 @@ func run(pass *analysis.Pass) (any, error) { if !ok { return // e.g. var or builtin } - if sig := fn.Type().(*types.Signature); sig.Recv() != nil { + if sig := fn.Signature(); sig.Recv() != nil { // method (e.g. foo.String()) if types.Identical(sig, sigNoArgsStringResult) { if stringMethods[fn.Name()] { - pass.ReportRangef(analysisinternal.Range(call.Pos(), call.Lparen), + pass.ReportRangef(astutil.RangeOf(call.Pos(), call.Lparen), "result of (%s).%s call not used", sig.Recv().Type(), fn.Name()) } @@ -162,7 +162,7 @@ func run(pass *analysis.Pass) (any, error) { } else { // package-level function (e.g. fmt.Errorf) if pkgFuncs[[2]string{fn.Pkg().Path(), fn.Name()}] { - pass.ReportRangef(analysisinternal.Range(call.Pos(), call.Lparen), + pass.ReportRangef(astutil.RangeOf(call.Pos(), call.Lparen), "result of %s.%s call not used", fn.Pkg().Path(), fn.Name()) } diff --git a/vendor/golang.org/x/tools/go/analysis/passes/unusedwrite/unusedwrite.go b/vendor/golang.org/x/tools/go/analysis/passes/unusedwrite/unusedwrite.go index 2e209c8a6c..9bf9f5455f 100644 --- a/vendor/golang.org/x/tools/go/analysis/passes/unusedwrite/unusedwrite.go +++ b/vendor/golang.org/x/tools/go/analysis/passes/unusedwrite/unusedwrite.go @@ -10,8 +10,8 @@ import ( "golang.org/x/tools/go/analysis" "golang.org/x/tools/go/analysis/passes/buildssa" - "golang.org/x/tools/go/analysis/passes/internal/analysisutil" "golang.org/x/tools/go/ssa" + "golang.org/x/tools/internal/analysis/analyzerutil" "golang.org/x/tools/internal/typeparams" ) @@ -22,7 +22,7 @@ var doc string // that are never read. var Analyzer = &analysis.Analyzer{ Name: "unusedwrite", - Doc: analysisutil.MustExtractDoc(doc, "unusedwrite"), + Doc: analyzerutil.MustExtractDoc(doc, "unusedwrite"), URL: "https://pkg.go.dev/golang.org/x/tools/go/analysis/passes/unusedwrite", Requires: []*analysis.Analyzer{buildssa.Analyzer}, Run: run, diff --git a/vendor/golang.org/x/tools/go/analysis/passes/waitgroup/waitgroup.go b/vendor/golang.org/x/tools/go/analysis/passes/waitgroup/waitgroup.go index 5ed1814f77..c2e20521e9 100644 --- a/vendor/golang.org/x/tools/go/analysis/passes/waitgroup/waitgroup.go +++ b/vendor/golang.org/x/tools/go/analysis/passes/waitgroup/waitgroup.go @@ -13,9 +13,9 @@ import ( "golang.org/x/tools/go/analysis" "golang.org/x/tools/go/analysis/passes/inspect" - "golang.org/x/tools/go/analysis/passes/internal/analysisutil" "golang.org/x/tools/go/ast/inspector" "golang.org/x/tools/go/types/typeutil" + "golang.org/x/tools/internal/analysis/analyzerutil" "golang.org/x/tools/internal/typesinternal" ) @@ -24,7 +24,7 @@ var doc string var Analyzer = &analysis.Analyzer{ Name: "waitgroup", - Doc: analysisutil.MustExtractDoc(doc, "waitgroup"), + Doc: analyzerutil.MustExtractDoc(doc, "waitgroup"), URL: "https://pkg.go.dev/golang.org/x/tools/go/analysis/passes/waitgroup", Requires: []*analysis.Analyzer{inspect.Analyzer}, Run: run, diff --git a/vendor/golang.org/x/tools/go/ast/astutil/imports.go b/vendor/golang.org/x/tools/go/ast/astutil/imports.go index 5bacc0fa49..adb4711019 100644 --- a/vendor/golang.org/x/tools/go/ast/astutil/imports.go +++ b/vendor/golang.org/x/tools/go/ast/astutil/imports.go @@ -9,6 +9,7 @@ import ( "fmt" "go/ast" "go/token" + "reflect" "slices" "strconv" "strings" @@ -149,7 +150,7 @@ func AddNamedImport(fset *token.FileSet, f *ast.File, name, path string) (added if newImport.Name != nil { newImport.Name.NamePos = pos } - newImport.Path.ValuePos = pos + updateBasicLitPos(newImport.Path, pos) newImport.EndPos = pos // Clean up parens. impDecl contains at least one spec. @@ -184,7 +185,7 @@ func AddNamedImport(fset *token.FileSet, f *ast.File, name, path string) (added first.Lparen = first.Pos() // Move the imports of the other import declaration to the first one. for _, spec := range gen.Specs { - spec.(*ast.ImportSpec).Path.ValuePos = first.Pos() + updateBasicLitPos(spec.(*ast.ImportSpec).Path, first.Pos()) first.Specs = append(first.Specs, spec) } f.Decls = slices.Delete(f.Decls, i, i+1) @@ -470,3 +471,17 @@ func Imports(fset *token.FileSet, f *ast.File) [][]*ast.ImportSpec { return groups } + +// updateBasicLitPos updates lit.Pos, +// ensuring that lit.End (if set) is displaced by the same amount. +// (See https://go.dev/issue/76395.) +func updateBasicLitPos(lit *ast.BasicLit, pos token.Pos) { + len := lit.End() - lit.Pos() + lit.ValuePos = pos + // TODO(adonovan): after go1.26, simplify to: + // lit.ValueEnd = pos + len + v := reflect.ValueOf(lit).Elem().FieldByName("ValueEnd") + if v.IsValid() && v.Int() != 0 { + v.SetInt(int64(pos + len)) + } +} diff --git a/vendor/golang.org/x/tools/go/ast/inspector/cursor.go b/vendor/golang.org/x/tools/go/ast/inspector/cursor.go index 7e72d3c284..60ad425f34 100644 --- a/vendor/golang.org/x/tools/go/ast/inspector/cursor.go +++ b/vendor/golang.org/x/tools/go/ast/inspector/cursor.go @@ -453,6 +453,9 @@ func (c Cursor) FindNode(n ast.Node) (Cursor, bool) { // rooted at c such that n.Pos() <= start && end <= n.End(). // (For an *ast.File, it uses the bounds n.FileStart-n.FileEnd.) // +// An empty range (start == end) between two adjacent nodes is +// considered to belong to the first node. +// // It returns zero if none is found. // Precondition: start <= end. // @@ -467,7 +470,9 @@ func (c Cursor) FindByPos(start, end token.Pos) (Cursor, bool) { // This algorithm could be implemented using c.Inspect, // but it is about 2.5x slower. - best := int32(-1) // push index of latest (=innermost) node containing range + // best is the push-index of the latest (=innermost) node containing range. + // (Beware: latest is not always innermost because FuncDecl.{Name,Type} overlap.) + best := int32(-1) for i, limit := c.indices(); i < limit; i++ { ev := events[i] if ev.index > i { // push? @@ -481,15 +486,35 @@ func (c Cursor) FindByPos(start, end token.Pos) (Cursor, bool) { continue } } else { + // Edge case: FuncDecl.Name and .Type overlap: + // Don't update best from Name to FuncDecl.Type. + // + // The condition can be read as: + // - n is FuncType + // - n.parent is FuncDecl + // - best is strictly beneath the FuncDecl + if ev.typ == 1< ev.parent { + continue + } + nodeEnd = n.End() if n.Pos() > start { break // disjoint, after; stop } } + // Inv: node.{Pos,FileStart} <= start if end <= nodeEnd { // node fully contains target range best = i + + // Don't search beyond end of the first match. + // This is important only for an empty range (start=end) + // between two adjoining nodes, which would otherwise + // match both nodes; we want to match only the first. + limit = ev.index } else if nodeEnd < start { i = ev.index // disjoint, before; skip forward } diff --git a/vendor/golang.org/x/tools/go/cfg/builder.go b/vendor/golang.org/x/tools/go/cfg/builder.go index ac4d63c400..f16cd42309 100644 --- a/vendor/golang.org/x/tools/go/cfg/builder.go +++ b/vendor/golang.org/x/tools/go/cfg/builder.go @@ -13,7 +13,7 @@ import ( ) type builder struct { - cfg *CFG + blocks []*Block mayReturn func(*ast.CallExpr) bool current *Block lblocks map[string]*lblock // labeled blocks @@ -32,12 +32,18 @@ start: *ast.SendStmt, *ast.IncDecStmt, *ast.GoStmt, - *ast.DeferStmt, *ast.EmptyStmt, *ast.AssignStmt: // No effect on control flow. b.add(s) + case *ast.DeferStmt: + b.add(s) + // Assume conservatively that this behaves like: + // defer func() { recover() } + // so any subsequent panic may act like a return. + b.current.returns = true + case *ast.ExprStmt: b.add(s) if call, ok := s.X.(*ast.CallExpr); ok && !b.mayReturn(call) { @@ -64,6 +70,7 @@ start: goto start // effectively: tailcall stmt(g, s.Stmt, label) case *ast.ReturnStmt: + b.current.returns = true b.add(s) b.current = b.newBlock(KindUnreachable, s) @@ -483,14 +490,13 @@ func (b *builder) labeledBlock(label *ast.Ident, stmt *ast.LabeledStmt) *lblock // It does not automatically become the current block. // comment is an optional string for more readable debugging output. func (b *builder) newBlock(kind BlockKind, stmt ast.Stmt) *Block { - g := b.cfg block := &Block{ - Index: int32(len(g.Blocks)), + Index: int32(len(b.blocks)), Kind: kind, Stmt: stmt, } block.Succs = block.succs2[:0] - g.Blocks = append(g.Blocks, block) + b.blocks = append(b.blocks, block) return block } diff --git a/vendor/golang.org/x/tools/go/cfg/cfg.go b/vendor/golang.org/x/tools/go/cfg/cfg.go index 29a39f698c..f69912c800 100644 --- a/vendor/golang.org/x/tools/go/cfg/cfg.go +++ b/vendor/golang.org/x/tools/go/cfg/cfg.go @@ -53,9 +53,13 @@ import ( // // The entry point is Blocks[0]; there may be multiple return blocks. type CFG struct { - Blocks []*Block // block[0] is entry; order otherwise undefined + Blocks []*Block // block[0] is entry; order otherwise undefined + noreturn bool // function body lacks a reachable return statement } +// NoReturn reports whether the function has no reachable return. +func (cfg *CFG) NoReturn() bool { return cfg.noreturn } + // A Block represents a basic block: a list of statements and // expressions that are always evaluated sequentially. // @@ -67,12 +71,13 @@ type CFG struct { // an [ast.Expr], Succs[0] is the successor if the condition is true, and // Succs[1] is the successor if the condition is false. type Block struct { - Nodes []ast.Node // statements, expressions, and ValueSpecs - Succs []*Block // successor nodes in the graph - Index int32 // index within CFG.Blocks - Live bool // block is reachable from entry - Kind BlockKind // block kind - Stmt ast.Stmt // statement that gave rise to this block (see BlockKind for details) + Nodes []ast.Node // statements, expressions, and ValueSpecs + Succs []*Block // successor nodes in the graph + Index int32 // index within CFG.Blocks + Live bool // block is reachable from entry + returns bool // block contains return or defer (which may recover and return) + Kind BlockKind // block kind + Stmt ast.Stmt // statement that gave rise to this block (see BlockKind for details) succs2 [2]*Block // underlying array for Succs } @@ -141,14 +146,14 @@ func (kind BlockKind) String() string { func New(body *ast.BlockStmt, mayReturn func(*ast.CallExpr) bool) *CFG { b := builder{ mayReturn: mayReturn, - cfg: new(CFG), } b.current = b.newBlock(KindBody, body) b.stmt(body) - // Compute liveness (reachability from entry point), breadth-first. - q := make([]*Block, 0, len(b.cfg.Blocks)) - q = append(q, b.cfg.Blocks[0]) // entry point + // Compute liveness (reachability from entry point), + // breadth-first, marking Block.Live flags. + q := make([]*Block, 0, len(b.blocks)) + q = append(q, b.blocks[0]) // entry point for len(q) > 0 { b := q[len(q)-1] q = q[:len(q)-1] @@ -162,12 +167,22 @@ func New(body *ast.BlockStmt, mayReturn func(*ast.CallExpr) bool) *CFG { // Does control fall off the end of the function's body? // Make implicit return explicit. if b.current != nil && b.current.Live { + b.current.returns = true b.add(&ast.ReturnStmt{ Return: body.End() - 1, }) } - return b.cfg + // Is any return (or defer+recover) block reachable? + noreturn := true + for _, bl := range b.blocks { + if bl.Live && bl.returns { + noreturn = false + break + } + } + + return &CFG{Blocks: b.blocks, noreturn: noreturn} } func (b *Block) String() string { @@ -187,6 +202,14 @@ func (b *Block) comment(fset *token.FileSet) string { // // When control falls off the end of the function, the ReturnStmt is synthetic // and its [ast.Node.End] position may be beyond the end of the file. +// +// A function that contains no return statement (explicit or implied) +// may yet return normally, and may even return a nonzero value. For example: +// +// func() (res any) { +// defer func() { res = recover() }() +// panic(123) +// } func (b *Block) Return() (ret *ast.ReturnStmt) { if len(b.Nodes) > 0 { ret, _ = b.Nodes[len(b.Nodes)-1].(*ast.ReturnStmt) diff --git a/vendor/golang.org/x/tools/go/packages/packages.go b/vendor/golang.org/x/tools/go/packages/packages.go index 060ab08efb..ff607389da 100644 --- a/vendor/golang.org/x/tools/go/packages/packages.go +++ b/vendor/golang.org/x/tools/go/packages/packages.go @@ -1027,11 +1027,15 @@ func (ld *loader) refine(response *DriverResponse) ([]*Package, error) { // Precondition: ld.Mode&(NeedSyntax|NeedTypes|NeedTypesInfo) != 0. func (ld *loader) loadPackage(lpkg *loaderPackage) { if lpkg.PkgPath == "unsafe" { - // Fill in the blanks to avoid surprises. + // To avoid surprises, fill in the blanks consistent + // with other packages. (For example, some analyzers + // assert that each needed types.Info map is non-nil + // even when there is no syntax that would cause them + // to consult the map.) lpkg.Types = types.Unsafe lpkg.Fset = ld.Fset lpkg.Syntax = []*ast.File{} - lpkg.TypesInfo = new(types.Info) + lpkg.TypesInfo = ld.newTypesInfo() lpkg.TypesSizes = ld.sizes return } @@ -1180,20 +1184,7 @@ func (ld *loader) loadPackage(lpkg *loaderPackage) { return } - // Populate TypesInfo only if needed, as it - // causes the type checker to work much harder. - if ld.Config.Mode&NeedTypesInfo != 0 { - lpkg.TypesInfo = &types.Info{ - Types: make(map[ast.Expr]types.TypeAndValue), - Defs: make(map[*ast.Ident]types.Object), - Uses: make(map[*ast.Ident]types.Object), - Implicits: make(map[ast.Node]types.Object), - Instances: make(map[*ast.Ident]types.Instance), - Scopes: make(map[ast.Node]*types.Scope), - Selections: make(map[*ast.SelectorExpr]*types.Selection), - FileVersions: make(map[*ast.File]string), - } - } + lpkg.TypesInfo = ld.newTypesInfo() lpkg.TypesSizes = ld.sizes importer := importerFunc(func(path string) (*types.Package, error) { @@ -1307,6 +1298,24 @@ func (ld *loader) loadPackage(lpkg *loaderPackage) { lpkg.IllTyped = illTyped } +func (ld *loader) newTypesInfo() *types.Info { + // Populate TypesInfo only if needed, as it + // causes the type checker to work much harder. + if ld.Config.Mode&NeedTypesInfo == 0 { + return nil + } + return &types.Info{ + Types: make(map[ast.Expr]types.TypeAndValue), + Defs: make(map[*ast.Ident]types.Object), + Uses: make(map[*ast.Ident]types.Object), + Implicits: make(map[ast.Node]types.Object), + Instances: make(map[*ast.Ident]types.Instance), + Scopes: make(map[ast.Node]*types.Scope), + Selections: make(map[*ast.SelectorExpr]*types.Selection), + FileVersions: make(map[*ast.File]string), + } +} + // An importFunc is an implementation of the single-method // types.Importer interface based on a function value. type importerFunc func(path string) (*types.Package, error) diff --git a/vendor/golang.org/x/tools/go/packages/visit.go b/vendor/golang.org/x/tools/go/packages/visit.go index af6a60d75f..c546b1b63e 100644 --- a/vendor/golang.org/x/tools/go/packages/visit.go +++ b/vendor/golang.org/x/tools/go/packages/visit.go @@ -78,7 +78,7 @@ func PrintErrors(pkgs []*Package) int { return n } -// Postorder returns an iterator over the the packages in +// Postorder returns an iterator over the packages in // the import graph whose roots are pkg. // Packages are enumerated in dependencies-first order. func Postorder(pkgs []*Package) iter.Seq[*Package] { diff --git a/vendor/golang.org/x/tools/go/ssa/builder.go b/vendor/golang.org/x/tools/go/ssa/builder.go index 41857ffbb9..a75257c8b1 100644 --- a/vendor/golang.org/x/tools/go/ssa/builder.go +++ b/vendor/golang.org/x/tools/go/ssa/builder.go @@ -110,10 +110,11 @@ var ( tEface = types.NewInterfaceType(nil, nil).Complete() // SSA Value constants. - vZero = intConst(0) - vOne = intConst(1) - vTrue = NewConst(constant.MakeBool(true), tBool) - vFalse = NewConst(constant.MakeBool(false), tBool) + vZero = intConst(0) + vOne = intConst(1) + vTrue = NewConst(constant.MakeBool(true), tBool) + vFalse = NewConst(constant.MakeBool(false), tBool) + vNoReturn = NewConst(constant.MakeString("noreturn"), tString) jReady = intConst(0) // range-over-func jump is READY jBusy = intConst(-1) // range-over-func jump is BUSY @@ -291,7 +292,7 @@ func (b *builder) exprN(fn *Function, e ast.Expr) Value { var c Call b.setCall(fn, e, &c.Call) c.typ = typ - return fn.emit(&c) + return emitCall(fn, &c) case *ast.IndexExpr: mapt := typeparams.CoreType(fn.typeOf(e.X)).(*types.Map) // ,ok must be a map. @@ -723,7 +724,7 @@ func (b *builder) expr0(fn *Function, e ast.Expr, tv types.TypeAndValue) Value { var v Call b.setCall(fn, e, &v.Call) v.setType(fn.typ(tv.Type)) - return fn.emit(&v) + return emitCall(fn, &v) case *ast.UnaryExpr: switch e.Op { @@ -2343,7 +2344,7 @@ func (b *builder) rangeStmt(fn *Function, s *ast.RangeStmt, label *lblock) { // for x := range f { ... } // into // f(func(x T) bool { ... }) - b.rangeFunc(fn, x, tk, tv, s, label) + b.rangeFunc(fn, x, s, label) return default: @@ -2389,7 +2390,7 @@ func (b *builder) rangeStmt(fn *Function, s *ast.RangeStmt, label *lblock) { // rangeFunc emits to fn code for the range-over-func rng.Body of the iterator // function x, optionally labelled by label. It creates a new anonymous function // yield for rng and builds the function. -func (b *builder) rangeFunc(fn *Function, x Value, tk, tv types.Type, rng *ast.RangeStmt, label *lblock) { +func (b *builder) rangeFunc(fn *Function, x Value, rng *ast.RangeStmt, label *lblock) { // Consider the SSA code for the outermost range-over-func in fn: // // func fn(...) (ret R) { @@ -2993,8 +2994,8 @@ func (b *builder) buildYieldFunc(fn *Function) { fn.source = fn.parent.source fn.startBody() params := fn.Signature.Params() - for i := 0; i < params.Len(); i++ { - fn.addParamVar(params.At(i)) + for v := range params.Variables() { + fn.addParamVar(v) } // Initial targets diff --git a/vendor/golang.org/x/tools/go/ssa/create.go b/vendor/golang.org/x/tools/go/ssa/create.go index 2fa3d0757a..d94cb6fb7d 100644 --- a/vendor/golang.org/x/tools/go/ssa/create.go +++ b/vendor/golang.org/x/tools/go/ssa/create.go @@ -312,3 +312,14 @@ func (prog *Program) AllPackages() []*Package { func (prog *Program) ImportedPackage(path string) *Package { return prog.imported[path] } + +// SetNoReturn sets the predicate used when building the ssa.Program +// prog that reports whether a given function cannot return. +// This may be used to prune spurious control flow edges +// after (e.g.) log.Fatal, improving the precision of analyses. +// +// A typical implementation is the [ctrlflow.CFGs.NoReturn] method from +// [golang.org/x/tools/go/analysis/passes/ctrlflow]. +func (prog *Program) SetNoReturn(noReturn func(*types.Func) bool) { + prog.noReturn = noReturn +} diff --git a/vendor/golang.org/x/tools/go/ssa/emit.go b/vendor/golang.org/x/tools/go/ssa/emit.go index e53ebf5a7f..31aa5de8d7 100644 --- a/vendor/golang.org/x/tools/go/ssa/emit.go +++ b/vendor/golang.org/x/tools/go/ssa/emit.go @@ -488,7 +488,7 @@ func emitTailCall(f *Function, call *Call) { } else { call.typ = tresults } - tuple := f.emit(call) + tuple := emitCall(f, call) var ret Return switch nr { case 0: @@ -509,6 +509,27 @@ func emitTailCall(f *Function, call *Call) { f.currentBlock = nil } +// emitCall emits a call instruction. If the callee is "no return", +// it also emits a panic to eliminate infeasible CFG edges. +func emitCall(fn *Function, call *Call) Value { + res := fn.emit(call) + + callee := call.Call.StaticCallee() + if callee != nil && + callee.object != nil && + fn.Prog.noReturn != nil && + fn.Prog.noReturn(callee.object) { + // Call cannot return. Insert a panic after it. + fn.emit(&Panic{ + X: emitConv(fn, vNoReturn, tEface), + pos: call.Pos(), + }) + fn.currentBlock = fn.newBasicBlock("unreachable.noreturn") + } + + return res +} + // emitImplicitSelections emits to f code to apply the sequence of // implicit field selections specified by indices to base value v, and // returns the selected value. diff --git a/vendor/golang.org/x/tools/go/ssa/func.go b/vendor/golang.org/x/tools/go/ssa/func.go index f48bd7184a..33a12444d5 100644 --- a/vendor/golang.org/x/tools/go/ssa/func.go +++ b/vendor/golang.org/x/tools/go/ssa/func.go @@ -668,7 +668,11 @@ func WriteFunction(buf *bytes.Buffer, f *Function) { continue } n, _ := fmt.Fprintf(buf, "%d:", b.Index) + // (|predecessors|, |successors|, immediate dominator) bmsg := fmt.Sprintf("%s P:%d S:%d", b.Comment, len(b.Preds), len(b.Succs)) + if b.Idom() != nil { + bmsg = fmt.Sprintf("%s idom:%d", bmsg, b.Idom().Index) + } fmt.Fprintf(buf, "%*s%s\n", punchcard-1-n-len(bmsg), "", bmsg) if false { // CFG debugging diff --git a/vendor/golang.org/x/tools/go/ssa/instantiate.go b/vendor/golang.org/x/tools/go/ssa/instantiate.go index 20a0986e6d..5862440a65 100644 --- a/vendor/golang.org/x/tools/go/ssa/instantiate.go +++ b/vendor/golang.org/x/tools/go/ssa/instantiate.go @@ -83,7 +83,7 @@ func createInstance(fn *Function, targs []types.Type) *Function { if prog.mode&InstantiateGenerics != 0 && !prog.isParameterized(targs...) { synthetic = fmt.Sprintf("instance of %s", fn.Name()) if fn.syntax != nil { - subst = makeSubster(prog.ctxt, obj, fn.typeparams, targs, false) + subst = makeSubster(prog.ctxt, obj, fn.typeparams, targs) build = (*builder).buildFromSyntax } else { build = (*builder).buildParamsOnly diff --git a/vendor/golang.org/x/tools/go/ssa/ssa.go b/vendor/golang.org/x/tools/go/ssa/ssa.go index ecad99d034..7c84494c32 100644 --- a/vendor/golang.org/x/tools/go/ssa/ssa.go +++ b/vendor/golang.org/x/tools/go/ssa/ssa.go @@ -45,6 +45,8 @@ type Program struct { // to avoid creation of duplicate methods from type information. objectMethodsMu sync.Mutex objectMethods map[*types.Func]*Function + + noReturn func(*types.Func) bool // (optional) predicate that decides whether a given call cannot return } // A Package is a single analyzed Go package containing Members for diff --git a/vendor/golang.org/x/tools/go/ssa/ssautil/visit.go b/vendor/golang.org/x/tools/go/ssa/ssautil/visit.go index b4feb42cb3..7300d2bf37 100644 --- a/vendor/golang.org/x/tools/go/ssa/ssautil/visit.go +++ b/vendor/golang.org/x/tools/go/ssa/ssautil/visit.go @@ -74,8 +74,8 @@ func AllFunctions(prog *ssa.Program) map[*ssa.Function]bool { methodsOf := func(T types.Type) { if !types.IsInterface(T) { mset := prog.MethodSets.MethodSet(T) - for i := 0; i < mset.Len(); i++ { - function(prog.MethodValue(mset.At(i))) + for method := range mset.Methods() { + function(prog.MethodValue(method)) } } } diff --git a/vendor/golang.org/x/tools/go/ssa/subst.go b/vendor/golang.org/x/tools/go/ssa/subst.go index 2c465ec0ae..5799a07802 100644 --- a/vendor/golang.org/x/tools/go/ssa/subst.go +++ b/vendor/golang.org/x/tools/go/ssa/subst.go @@ -59,7 +59,7 @@ type subster struct { // Returns a subster that replaces tparams[i] with targs[i]. Uses ctxt as a cache. // targs should not contain any types in tparams. // fn is the generic function for which we are substituting. -func makeSubster(ctxt *types.Context, fn *types.Func, tparams *types.TypeParamList, targs []types.Type, debug bool) *subster { +func makeSubster(ctxt *types.Context, fn *types.Func, tparams *types.TypeParamList, targs []types.Type) *subster { assert(tparams.Len() == len(targs), "makeSubster argument count must match") subst := &subster{ @@ -352,8 +352,7 @@ func (subst *subster) alias(t *types.Alias) types.Type { // Copy and substitute type params. var newTParams []*types.TypeParam - for i := 0; i < tparams.Len(); i++ { - cur := tparams.At(i) + for cur := range tparams.TypeParams() { cobj := cur.Obj() cname := types.NewTypeName(cobj.Pos(), cobj.Pkg(), cobj.Name(), nil) ntp := types.NewTypeParam(cname, nil) @@ -488,8 +487,7 @@ func (subst *subster) named(t *types.Named) types.Type { obj := types.NewTypeName(tname.Pos(), tname.Pkg(), tname.Name(), nil) fresh := types.NewNamed(obj, nil, nil) var newTParams []*types.TypeParam - for i := 0; i < tparams.Len(); i++ { - cur := tparams.At(i) + for cur := range tparams.TypeParams() { cobj := cur.Obj() cname := types.NewTypeName(cobj.Pos(), cobj.Pkg(), cobj.Name(), nil) ntp := types.NewTypeParam(cname, nil) diff --git a/vendor/golang.org/x/tools/go/ssa/util.go b/vendor/golang.org/x/tools/go/ssa/util.go index 932eb6cb0e..42f9621c3f 100644 --- a/vendor/golang.org/x/tools/go/ssa/util.go +++ b/vendor/golang.org/x/tools/go/ssa/util.go @@ -121,7 +121,7 @@ func is[T any](x any) bool { // recvType returns the receiver type of method obj. func recvType(obj *types.Func) types.Type { - return obj.Type().(*types.Signature).Recv().Type() + return obj.Signature().Recv().Type() } // fieldOf returns the index'th field of the (core type of) a struct type; @@ -200,7 +200,7 @@ func makeLen(T types.Type) *Builtin { // receiverTypeArgs returns the type arguments to a method's receiver. // Returns an empty list if the receiver does not have type arguments. func receiverTypeArgs(method *types.Func) []types.Type { - recv := method.Type().(*types.Signature).Recv() + recv := method.Signature().Recv() _, named := typesinternal.ReceiverNamed(recv) if named == nil { return nil // recv is anonymous struct/interface @@ -221,8 +221,8 @@ func receiverTypeArgs(method *types.Func) []types.Type { func recvAsFirstArg(sig *types.Signature) *types.Signature { params := make([]*types.Var, 0, 1+sig.Params().Len()) params = append(params, sig.Recv()) - for i := 0; i < sig.Params().Len(); i++ { - params = append(params, sig.Params().At(i)) + for v := range sig.Params().Variables() { + params = append(params, v) } return types.NewSignatureType(nil, nil, nil, types.NewTuple(params...), sig.Results(), sig.Variadic()) } diff --git a/vendor/golang.org/x/tools/go/types/objectpath/objectpath.go b/vendor/golang.org/x/tools/go/types/objectpath/objectpath.go index 6c0c74968f..6646bf5508 100644 --- a/vendor/golang.org/x/tools/go/types/objectpath/objectpath.go +++ b/vendor/golang.org/x/tools/go/types/objectpath/objectpath.go @@ -249,7 +249,7 @@ func (enc *Encoder) For(obj types.Object) (Path, error) { case *types.Func: // A func, if not package-level, must be a method. - if recv := obj.Type().(*types.Signature).Recv(); recv == nil { + if recv := obj.Signature().Recv(); recv == nil { return "", fmt.Errorf("func is not a method: %v", obj) } @@ -405,7 +405,7 @@ func (enc *Encoder) concreteMethod(meth *types.Func) (Path, bool) { return "", false } - _, named := typesinternal.ReceiverNamed(meth.Type().(*types.Signature).Recv()) + _, named := typesinternal.ReceiverNamed(meth.Signature().Recv()) if named == nil { return "", false } diff --git a/vendor/golang.org/x/tools/go/types/typeutil/callee.go b/vendor/golang.org/x/tools/go/types/typeutil/callee.go index 5f10f56cba..3d24a8c637 100644 --- a/vendor/golang.org/x/tools/go/types/typeutil/callee.go +++ b/vendor/golang.org/x/tools/go/types/typeutil/callee.go @@ -12,6 +12,7 @@ import ( // Callee returns the named target of a function call, if any: // a function, method, builtin, or variable. +// It returns nil for a T(x) conversion. // // Functions and methods may potentially have type parameters. // diff --git a/vendor/golang.org/x/tools/go/types/typeutil/map.go b/vendor/golang.org/x/tools/go/types/typeutil/map.go index f035a0b6be..36624572a6 100644 --- a/vendor/golang.org/x/tools/go/types/typeutil/map.go +++ b/vendor/golang.org/x/tools/go/types/typeutil/map.go @@ -304,8 +304,7 @@ func (h hasher) hash(t types.Type) uint32 { case *types.Named: hash := h.hashTypeName(t.Obj()) targs := t.TypeArgs() - for i := 0; i < targs.Len(); i++ { - targ := targs.At(i) + for targ := range targs.Types() { hash += 2 * h.hash(targ) } return hash diff --git a/vendor/golang.org/x/tools/imports/forward.go b/vendor/golang.org/x/tools/imports/forward.go index 22ae777726..5d120d077c 100644 --- a/vendor/golang.org/x/tools/imports/forward.go +++ b/vendor/golang.org/x/tools/imports/forward.go @@ -69,3 +69,9 @@ func Process(filename string, src []byte, opt *Options) ([]byte, error) { } return intimp.Process(filename, src, intopt) } + +// VendorlessPath returns the devendorized version of the import path ipath. +// For example, VendorlessPath("foo/barbendor/a/b") return "a/b". +func VendorlessPath(ipath string) string { + return intimp.VendorlessPath(ipath) +} diff --git a/vendor/golang.org/x/tools/internal/analysis/analyzerutil/doc.go b/vendor/golang.org/x/tools/internal/analysis/analyzerutil/doc.go new file mode 100644 index 0000000000..74a2a1c815 --- /dev/null +++ b/vendor/golang.org/x/tools/internal/analysis/analyzerutil/doc.go @@ -0,0 +1,6 @@ +// Copyright 2025 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// Package analyzerutil provides implementation helpers for analyzers. +package analyzerutil diff --git a/vendor/golang.org/x/tools/internal/analysisinternal/extractdoc.go b/vendor/golang.org/x/tools/internal/analysis/analyzerutil/extractdoc.go similarity index 97% rename from vendor/golang.org/x/tools/internal/analysisinternal/extractdoc.go rename to vendor/golang.org/x/tools/internal/analysis/analyzerutil/extractdoc.go index bfb5900f1b..772a0300da 100644 --- a/vendor/golang.org/x/tools/internal/analysisinternal/extractdoc.go +++ b/vendor/golang.org/x/tools/internal/analysis/analyzerutil/extractdoc.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -package analysisinternal +package analyzerutil import ( "fmt" @@ -35,7 +35,7 @@ import ( // // var Analyzer = &analysis.Analyzer{ // Name: "halting", -// Doc: analysisutil.MustExtractDoc(doc, "halting"), +// Doc: analyzerutil.MustExtractDoc(doc, "halting"), // ... // } func MustExtractDoc(content, name string) string { diff --git a/vendor/golang.org/x/tools/internal/analysis/analyzerutil/readfile.go b/vendor/golang.org/x/tools/internal/analysis/analyzerutil/readfile.go new file mode 100644 index 0000000000..ecc30cae04 --- /dev/null +++ b/vendor/golang.org/x/tools/internal/analysis/analyzerutil/readfile.go @@ -0,0 +1,30 @@ +// Copyright 2025 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package analyzerutil + +// This file defines helpers for calling [analysis.Pass.ReadFile]. + +import ( + "go/token" + "os" + + "golang.org/x/tools/go/analysis" +) + +// ReadFile reads a file and adds it to the FileSet in pass +// so that we can report errors against it using lineStart. +func ReadFile(pass *analysis.Pass, filename string) ([]byte, *token.File, error) { + readFile := pass.ReadFile + if readFile == nil { + readFile = os.ReadFile + } + content, err := readFile(filename) + if err != nil { + return nil, nil, err + } + tf := pass.Fset.AddFile(filename, -1, len(content)) + tf.SetLinesForContent(content) + return content, tf, nil +} diff --git a/vendor/golang.org/x/tools/internal/analysis/analyzerutil/version.go b/vendor/golang.org/x/tools/internal/analysis/analyzerutil/version.go new file mode 100644 index 0000000000..0b9bcc37b6 --- /dev/null +++ b/vendor/golang.org/x/tools/internal/analysis/analyzerutil/version.go @@ -0,0 +1,42 @@ +// Copyright 2025 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package analyzerutil + +import ( + "go/ast" + "strings" + + "golang.org/x/tools/go/analysis" + "golang.org/x/tools/internal/packagepath" + "golang.org/x/tools/internal/stdlib" + "golang.org/x/tools/internal/versions" +) + +// FileUsesGoVersion reports whether the specified file may use features of the +// specified version of Go (e.g. "go1.24"). +// +// Tip: we recommend using this check "late", just before calling +// pass.Report, rather than "early" (when entering each ast.File, or +// each candidate node of interest, during the traversal), because the +// operation is not free, yet is not a highly selective filter: the +// fraction of files that pass most version checks is high and +// increases over time. +func FileUsesGoVersion(pass *analysis.Pass, file *ast.File, version string) (_res bool) { + fileVersion := pass.TypesInfo.FileVersions[file] + + // Standard packages that are part of toolchain bootstrapping + // are not considered to use a version of Go later than the + // current bootstrap toolchain version. + // The bootstrap rule does not cover tests, + // and some tests (e.g. debug/elf/file_test.go) rely on this. + pkgpath := pass.Pkg.Path() + if packagepath.IsStdPackage(pkgpath) && + stdlib.IsBootstrapPackage(pkgpath) && // (excludes "*_test" external test packages) + !strings.HasSuffix(pass.Fset.File(file.Pos()).Name(), "_test.go") { // (excludes all tests) + fileVersion = stdlib.BootstrapVersion.String() // package must bootstrap + } + + return !versions.Before(fileVersion, version) +} diff --git a/vendor/golang.org/x/tools/internal/analysisinternal/typeindex/typeindex.go b/vendor/golang.org/x/tools/internal/analysis/typeindex/typeindex.go similarity index 88% rename from vendor/golang.org/x/tools/internal/analysisinternal/typeindex/typeindex.go rename to vendor/golang.org/x/tools/internal/analysis/typeindex/typeindex.go index bba21c6ea0..41146d9abb 100644 --- a/vendor/golang.org/x/tools/internal/analysisinternal/typeindex/typeindex.go +++ b/vendor/golang.org/x/tools/internal/analysis/typeindex/typeindex.go @@ -22,12 +22,12 @@ import ( var Analyzer = &analysis.Analyzer{ Name: "typeindex", Doc: "indexes of type information for later passes", - URL: "https://pkg.go.dev/golang.org/x/tools/internal/analysisinternal/typeindex", + URL: "https://pkg.go.dev/golang.org/x/tools/internal/analysis/typeindex", Run: func(pass *analysis.Pass) (any, error) { inspect := pass.ResultOf[inspect.Analyzer].(*inspector.Inspector) return typeindex.New(inspect, pass.Pkg, pass.TypesInfo), nil }, RunDespiteErrors: true, Requires: []*analysis.Analyzer{inspect.Analyzer}, - ResultType: reflect.TypeOf(new(typeindex.Index)), + ResultType: reflect.TypeFor[*typeindex.Index](), } diff --git a/vendor/golang.org/x/tools/internal/analysisinternal/analysis.go b/vendor/golang.org/x/tools/internal/analysisinternal/analysis.go deleted file mode 100644 index 2b4a8ebb6e..0000000000 --- a/vendor/golang.org/x/tools/internal/analysisinternal/analysis.go +++ /dev/null @@ -1,295 +0,0 @@ -// Copyright 2020 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// Package analysisinternal provides gopls' internal analyses with a -// number of helper functions that operate on typed syntax trees. -package analysisinternal - -import ( - "cmp" - "fmt" - "go/ast" - "go/token" - "go/types" - "slices" - "strings" - - "golang.org/x/tools/go/analysis" -) - -// MatchingIdents finds the names of all identifiers in 'node' that match any of the given types. -// 'pos' represents the position at which the identifiers may be inserted. 'pos' must be within -// the scope of each of identifier we select. Otherwise, we will insert a variable at 'pos' that -// is unrecognized. -// -// TODO(adonovan): this is only used by gopls/internal/analysis/fill{returns,struct}. Move closer. -func MatchingIdents(typs []types.Type, node ast.Node, pos token.Pos, info *types.Info, pkg *types.Package) map[types.Type][]string { - - // Initialize matches to contain the variable types we are searching for. - matches := make(map[types.Type][]string) - for _, typ := range typs { - if typ == nil { - continue // TODO(adonovan): is this reachable? - } - matches[typ] = nil // create entry - } - - seen := map[types.Object]struct{}{} - ast.Inspect(node, func(n ast.Node) bool { - if n == nil { - return false - } - // Prevent circular definitions. If 'pos' is within an assignment statement, do not - // allow any identifiers in that assignment statement to be selected. Otherwise, - // we could do the following, where 'x' satisfies the type of 'f0': - // - // x := fakeStruct{f0: x} - // - if assign, ok := n.(*ast.AssignStmt); ok && pos > assign.Pos() && pos <= assign.End() { - return false - } - if n.End() > pos { - return n.Pos() <= pos - } - ident, ok := n.(*ast.Ident) - if !ok || ident.Name == "_" { - return true - } - obj := info.Defs[ident] - if obj == nil || obj.Type() == nil { - return true - } - if _, ok := obj.(*types.TypeName); ok { - return true - } - // Prevent duplicates in matches' values. - if _, ok = seen[obj]; ok { - return true - } - seen[obj] = struct{}{} - // Find the scope for the given position. Then, check whether the object - // exists within the scope. - innerScope := pkg.Scope().Innermost(pos) - if innerScope == nil { - return true - } - _, foundObj := innerScope.LookupParent(ident.Name, pos) - if foundObj != obj { - return true - } - // The object must match one of the types that we are searching for. - // TODO(adonovan): opt: use typeutil.Map? - if names, ok := matches[obj.Type()]; ok { - matches[obj.Type()] = append(names, ident.Name) - } else { - // If the object type does not exactly match - // any of the target types, greedily find the first - // target type that the object type can satisfy. - for typ := range matches { - if equivalentTypes(obj.Type(), typ) { - matches[typ] = append(matches[typ], ident.Name) - } - } - } - return true - }) - return matches -} - -func equivalentTypes(want, got types.Type) bool { - if types.Identical(want, got) { - return true - } - // Code segment to help check for untyped equality from (golang/go#32146). - if rhs, ok := want.(*types.Basic); ok && rhs.Info()&types.IsUntyped > 0 { - if lhs, ok := got.Underlying().(*types.Basic); ok { - return rhs.Info()&types.IsConstType == lhs.Info()&types.IsConstType - } - } - return types.AssignableTo(want, got) -} - -// A ReadFileFunc is a function that returns the -// contents of a file, such as [os.ReadFile]. -type ReadFileFunc = func(filename string) ([]byte, error) - -// CheckedReadFile returns a wrapper around a Pass.ReadFile -// function that performs the appropriate checks. -func CheckedReadFile(pass *analysis.Pass, readFile ReadFileFunc) ReadFileFunc { - return func(filename string) ([]byte, error) { - if err := CheckReadable(pass, filename); err != nil { - return nil, err - } - return readFile(filename) - } -} - -// CheckReadable enforces the access policy defined by the ReadFile field of [analysis.Pass]. -func CheckReadable(pass *analysis.Pass, filename string) error { - if slices.Contains(pass.OtherFiles, filename) || - slices.Contains(pass.IgnoredFiles, filename) { - return nil - } - for _, f := range pass.Files { - if pass.Fset.File(f.FileStart).Name() == filename { - return nil - } - } - return fmt.Errorf("Pass.ReadFile: %s is not among OtherFiles, IgnoredFiles, or names of Files", filename) -} - -// ValidateFixes validates the set of fixes for a single diagnostic. -// Any error indicates a bug in the originating analyzer. -// -// It updates fixes so that fixes[*].End.IsValid(). -// -// It may be used as part of an analysis driver implementation. -func ValidateFixes(fset *token.FileSet, a *analysis.Analyzer, fixes []analysis.SuggestedFix) error { - fixMessages := make(map[string]bool) - for i := range fixes { - fix := &fixes[i] - if fixMessages[fix.Message] { - return fmt.Errorf("analyzer %q suggests two fixes with same Message (%s)", a.Name, fix.Message) - } - fixMessages[fix.Message] = true - if err := validateFix(fset, fix); err != nil { - return fmt.Errorf("analyzer %q suggests invalid fix (%s): %v", a.Name, fix.Message, err) - } - } - return nil -} - -// validateFix validates a single fix. -// Any error indicates a bug in the originating analyzer. -// -// It updates fix so that fix.End.IsValid(). -func validateFix(fset *token.FileSet, fix *analysis.SuggestedFix) error { - - // Stably sort edits by Pos. This ordering puts insertions - // (end = start) before deletions (end > start) at the same - // point, but uses a stable sort to preserve the order of - // multiple insertions at the same point. - slices.SortStableFunc(fix.TextEdits, func(x, y analysis.TextEdit) int { - if sign := cmp.Compare(x.Pos, y.Pos); sign != 0 { - return sign - } - return cmp.Compare(x.End, y.End) - }) - - var prev *analysis.TextEdit - for i := range fix.TextEdits { - edit := &fix.TextEdits[i] - - // Validate edit individually. - start := edit.Pos - file := fset.File(start) - if file == nil { - return fmt.Errorf("no token.File for TextEdit.Pos (%v)", edit.Pos) - } - fileEnd := token.Pos(file.Base() + file.Size()) - if end := edit.End; end.IsValid() { - if end < start { - return fmt.Errorf("TextEdit.Pos (%v) > TextEdit.End (%v)", edit.Pos, edit.End) - } - endFile := fset.File(end) - if endFile != file && end < fileEnd+10 { - // Relax the checks below in the special case when the end position - // is only slightly beyond EOF, as happens when End is computed - // (as in ast.{Struct,Interface}Type) rather than based on - // actual token positions. In such cases, truncate end to EOF. - // - // This is a workaround for #71659; see: - // https://github.com/golang/go/issues/71659#issuecomment-2651606031 - // A better fix would be more faithful recording of token - // positions (or their absence) in the AST. - edit.End = fileEnd - continue - } - if endFile == nil { - return fmt.Errorf("no token.File for TextEdit.End (%v; File(start).FileEnd is %d)", end, file.Base()+file.Size()) - } - if endFile != file { - return fmt.Errorf("edit #%d spans files (%v and %v)", - i, file.Position(edit.Pos), endFile.Position(edit.End)) - } - } else { - edit.End = start // update the SuggestedFix - } - if eof := fileEnd; edit.End > eof { - return fmt.Errorf("end is (%v) beyond end of file (%v)", edit.End, eof) - } - - // Validate the sequence of edits: - // properly ordered, no overlapping deletions - if prev != nil && edit.Pos < prev.End { - xpos := fset.Position(prev.Pos) - xend := fset.Position(prev.End) - ypos := fset.Position(edit.Pos) - yend := fset.Position(edit.End) - return fmt.Errorf("overlapping edits to %s (%d:%d-%d:%d and %d:%d-%d:%d)", - xpos.Filename, - xpos.Line, xpos.Column, - xend.Line, xend.Column, - ypos.Line, ypos.Column, - yend.Line, yend.Column, - ) - } - prev = edit - } - - return nil -} - -// Range returns an [analysis.Range] for the specified start and end positions. -func Range(pos, end token.Pos) analysis.Range { - return tokenRange{pos, end} -} - -// tokenRange is an implementation of the [analysis.Range] interface. -type tokenRange struct{ StartPos, EndPos token.Pos } - -func (r tokenRange) Pos() token.Pos { return r.StartPos } -func (r tokenRange) End() token.Pos { return r.EndPos } - -// TODO(adonovan): the import-related functions below don't depend on -// analysis (or even on go/types or go/ast). Move somewhere more logical. - -// CanImport reports whether one package is allowed to import another. -// -// TODO(adonovan): allow customization of the accessibility relation -// (e.g. for Bazel). -func CanImport(from, to string) bool { - // TODO(adonovan): better segment hygiene. - if to == "internal" || strings.HasPrefix(to, "internal/") { - // Special case: only std packages may import internal/... - // We can't reliably know whether we're in std, so we - // use a heuristic on the first segment. - first, _, _ := strings.Cut(from, "/") - if strings.Contains(first, ".") { - return false // example.com/foo ∉ std - } - if first == "testdata" { - return false // testdata/foo ∉ std - } - } - if strings.HasSuffix(to, "/internal") { - return strings.HasPrefix(from, to[:len(to)-len("/internal")]) - } - if i := strings.LastIndex(to, "/internal/"); i >= 0 { - return strings.HasPrefix(from, to[:i]) - } - return true -} - -// IsStdPackage reports whether the specified package path belongs to a -// package in the standard library (including internal dependencies). -func IsStdPackage(path string) bool { - // A standard package has no dot in its first segment. - // (It may yet have a dot, e.g. "vendor/golang.org/x/foo".) - slash := strings.IndexByte(path, '/') - if slash < 0 { - slash = len(path) - } - return !strings.Contains(path[:slash], ".") && path != "testdata" -} diff --git a/vendor/golang.org/x/tools/internal/astutil/stringlit.go b/vendor/golang.org/x/tools/internal/astutil/stringlit.go index 849d45d853..ce1e7de882 100644 --- a/vendor/golang.org/x/tools/internal/astutil/stringlit.go +++ b/vendor/golang.org/x/tools/internal/astutil/stringlit.go @@ -14,16 +14,16 @@ import ( // RangeInStringLiteral calculates the positional range within a string literal // corresponding to the specified start and end byte offsets within the logical string. -func RangeInStringLiteral(lit *ast.BasicLit, start, end int) (token.Pos, token.Pos, error) { +func RangeInStringLiteral(lit *ast.BasicLit, start, end int) (Range, error) { startPos, err := PosInStringLiteral(lit, start) if err != nil { - return 0, 0, fmt.Errorf("start: %v", err) + return Range{}, fmt.Errorf("start: %v", err) } endPos, err := PosInStringLiteral(lit, end) if err != nil { - return 0, 0, fmt.Errorf("end: %v", err) + return Range{}, fmt.Errorf("end: %v", err) } - return startPos, endPos, nil + return Range{startPos, endPos}, nil } // PosInStringLiteral returns the position within a string literal diff --git a/vendor/golang.org/x/tools/internal/astutil/util.go b/vendor/golang.org/x/tools/internal/astutil/util.go index a1c0983504..6820ba4cda 100644 --- a/vendor/golang.org/x/tools/internal/astutil/util.go +++ b/vendor/golang.org/x/tools/internal/astutil/util.go @@ -5,6 +5,7 @@ package astutil import ( + "fmt" "go/ast" "go/printer" "go/token" @@ -50,28 +51,26 @@ func PreorderStack(root ast.Node, stack []ast.Node, f func(n ast.Node, stack []a } // NodeContains reports whether the Pos/End range of node n encloses -// the given position pos. +// the given range. // // It is inclusive of both end points, to allow hovering (etc) when // the cursor is immediately after a node. // -// For unfortunate historical reasons, the Pos/End extent of an -// ast.File runs from the start of its package declaration---excluding -// copyright comments, build tags, and package documentation---to the -// end of its last declaration, excluding any trailing comments. So, -// as a special case, if n is an [ast.File], NodeContains uses -// n.FileStart <= pos && pos <= n.FileEnd to report whether the -// position lies anywhere within the file. +// Like [NodeRange], it treats the range of an [ast.File] as the +// file's complete extent. // // Precondition: n must not be nil. -func NodeContains(n ast.Node, pos token.Pos) bool { - var start, end token.Pos - if file, ok := n.(*ast.File); ok { - start, end = file.FileStart, file.FileEnd // entire file - } else { - start, end = n.Pos(), n.End() - } - return start <= pos && pos <= end +func NodeContains(n ast.Node, rng Range) bool { + return NodeRange(n).Contains(rng) +} + +// NodeContainsPos reports whether the Pos/End range of node n encloses +// the given pos. +// +// Like [NodeRange], it treats the range of an [ast.File] as the +// file's complete extent. +func NodeContainsPos(n ast.Node, pos token.Pos) bool { + return NodeRange(n).ContainsPos(pos) } // IsChildOf reports whether cur.ParentEdge is ek. @@ -117,3 +116,126 @@ func Format(fset *token.FileSet, n ast.Node) string { printer.Fprint(&buf, fset, n) // ignore errors return buf.String() } + +// -- Range -- + +// Range is a Pos interval. +// It implements [analysis.Range] and [ast.Node]. +type Range struct{ Start, EndPos token.Pos } + +// RangeOf constructs a Range. +// +// RangeOf exists to pacify the "unkeyed literal" (composites) vet +// check. It would be nice if there were a way for a type to add +// itself to the allowlist. +func RangeOf(start, end token.Pos) Range { return Range{start, end} } + +// NodeRange returns the extent of node n as a Range. +// +// For unfortunate historical reasons, the Pos/End extent of an +// ast.File runs from the start of its package declaration---excluding +// copyright comments, build tags, and package documentation---to the +// end of its last declaration, excluding any trailing comments. So, +// as a special case, if n is an [ast.File], NodeContains uses +// n.FileStart <= pos && pos <= n.FileEnd to report whether the +// position lies anywhere within the file. +func NodeRange(n ast.Node) Range { + if file, ok := n.(*ast.File); ok { + return Range{file.FileStart, file.FileEnd} // entire file + } + return Range{n.Pos(), n.End()} +} + +func (r Range) Pos() token.Pos { return r.Start } +func (r Range) End() token.Pos { return r.EndPos } + +// ContainsPos reports whether the range (inclusive of both end points) +// includes the specified position. +func (r Range) ContainsPos(pos token.Pos) bool { + return r.Contains(RangeOf(pos, pos)) +} + +// Contains reports whether the range (inclusive of both end points) +// includes the specified range. +func (r Range) Contains(rng Range) bool { + return r.Start <= rng.Start && rng.EndPos <= r.EndPos +} + +// IsValid reports whether the range is valid. +func (r Range) IsValid() bool { return r.Start.IsValid() && r.Start <= r.EndPos } + +// -- + +// Select returns the syntax nodes identified by a user's text +// selection. It returns three nodes: the innermost node that wholly +// encloses the selection; and the first and last nodes that are +// wholly enclosed by the selection. +// +// For example, given this selection: +// +// { f(); g(); /* comment */ } +// ~~~~~~~~~~~ +// +// Select returns the enclosing BlockStmt, the f() CallExpr, and the g() CallExpr. +// +// If the selection does not wholly enclose any nodes, Select returns an error +// and invalid start/end nodes, but it may return a valid enclosing node. +// +// Callers that require exactly one syntax tree (e.g. just f() or just +// g()) should check that the returned start and end nodes are +// identical. +// +// This function is intended to be called early in the handling of a +// user's request, since it is tolerant of sloppy selection including +// extraneous whitespace and comments. Use it in new code instead of +// PathEnclosingInterval. When the exact extent of a node is known, +// use [Cursor.FindByPos] instead. +func Select(curFile inspector.Cursor, start, end token.Pos) (_enclosing, _start, _end inspector.Cursor, _ error) { + curEnclosing, ok := curFile.FindByPos(start, end) + if !ok { + return noCursor, noCursor, noCursor, fmt.Errorf("invalid selection") + } + + // Find the first and last node wholly within the (start, end) range. + // We'll narrow the effective selection to them, to exclude whitespace. + // (This matches the functionality of PathEnclosingInterval.) + var curStart, curEnd inspector.Cursor + rng := RangeOf(start, end) + for cur := range curEnclosing.Preorder() { + if rng.Contains(NodeRange(cur.Node())) { + // The start node has the least Pos. + if !CursorValid(curStart) { + curStart = cur + } + // The end node has the greatest End. + // End positions do not change monotonically, + // so we must compute the max. + if !CursorValid(curEnd) || + cur.Node().End() > curEnd.Node().End() { + curEnd = cur + } + } + } + if !CursorValid(curStart) { + // The selection is valid (inside curEnclosing) but contains no + // complete nodes. This happens for point selections (start == end), + // or selections covering only only spaces, comments, and punctuation + // tokens. + // Return the enclosing node so the caller can still use the context. + return curEnclosing, noCursor, noCursor, fmt.Errorf("invalid selection") + } + return curEnclosing, curStart, curEnd, nil +} + +// CursorValid reports whether the cursor is valid. +// +// A valid cursor may yet be the virtual root node, +// cur.Inspector.Root(), which has no [Cursor.Node]. +// +// TODO(adonovan): move to cursorutil package, and move that package into x/tools. +// Ultimately, make this a method of Cursor. Needs a proposal. +func CursorValid(cur inspector.Cursor) bool { + return cur.Inspector() != nil +} + +var noCursor inspector.Cursor diff --git a/vendor/golang.org/x/tools/internal/event/core/export.go b/vendor/golang.org/x/tools/internal/event/core/export.go index 05f3a9a579..16ae6bb021 100644 --- a/vendor/golang.org/x/tools/internal/event/core/export.go +++ b/vendor/golang.org/x/tools/internal/event/core/export.go @@ -8,7 +8,6 @@ import ( "context" "sync/atomic" "time" - "unsafe" "golang.org/x/tools/internal/event/label" ) @@ -17,23 +16,21 @@ import ( // It may return a modified context and event. type Exporter func(context.Context, Event, label.Map) context.Context -var ( - exporter unsafe.Pointer -) +var exporter atomic.Pointer[Exporter] // SetExporter sets the global exporter function that handles all events. // The exporter is called synchronously from the event call site, so it should // return quickly so as not to hold up user code. func SetExporter(e Exporter) { - p := unsafe.Pointer(&e) if e == nil { // &e is always valid, and so p is always valid, but for the early abort // of ProcessEvent to be efficient it needs to make the nil check on the // pointer without having to dereference it, so we make the nil function // also a nil pointer - p = nil + exporter.Store(nil) + } else { + exporter.Store(&e) } - atomic.StorePointer(&exporter, p) } // deliver is called to deliver an event to the supplied exporter. @@ -48,7 +45,7 @@ func deliver(ctx context.Context, exporter Exporter, ev Event) context.Context { // Export is called to deliver an event to the global exporter if set. func Export(ctx context.Context, ev Event) context.Context { // get the global exporter and abort early if there is not one - exporterPtr := (*Exporter)(atomic.LoadPointer(&exporter)) + exporterPtr := exporter.Load() if exporterPtr == nil { return ctx } @@ -61,7 +58,7 @@ func Export(ctx context.Context, ev Event) context.Context { // It will fill in the time. func ExportPair(ctx context.Context, begin, end Event) (context.Context, func()) { // get the global exporter and abort early if there is not one - exporterPtr := (*Exporter)(atomic.LoadPointer(&exporter)) + exporterPtr := exporter.Load() if exporterPtr == nil { return ctx, func() {} } diff --git a/vendor/golang.org/x/tools/internal/event/label/label.go b/vendor/golang.org/x/tools/internal/event/label/label.go index 92a3910573..c37584af94 100644 --- a/vendor/golang.org/x/tools/internal/event/label/label.go +++ b/vendor/golang.org/x/tools/internal/event/label/label.go @@ -7,7 +7,6 @@ package label import ( "fmt" "io" - "reflect" "slices" "unsafe" ) @@ -103,11 +102,10 @@ type stringptr unsafe.Pointer // This method is for implementing new key types, label creation should // normally be done with the Of method of the key. func OfString(k Key, v string) Label { - hdr := (*reflect.StringHeader)(unsafe.Pointer(&v)) return Label{ key: k, - packed: uint64(hdr.Len), - untyped: stringptr(hdr.Data), + packed: uint64(len(v)), + untyped: stringptr(unsafe.StringData(v)), } } @@ -116,11 +114,7 @@ func OfString(k Key, v string) Label { // This method is for implementing new key types, for type safety normal // access should be done with the From method of the key. func (t Label) UnpackString() string { - var v string - hdr := (*reflect.StringHeader)(unsafe.Pointer(&v)) - hdr.Data = uintptr(t.untyped.(stringptr)) - hdr.Len = int(t.packed) - return v + return unsafe.String((*byte)(t.untyped.(stringptr)), int(t.packed)) } // Valid returns true if the Label is a valid one (it has a key). diff --git a/vendor/golang.org/x/tools/internal/gcimporter/bimport.go b/vendor/golang.org/x/tools/internal/gcimporter/bimport.go index 734c46198d..555ef626c0 100644 --- a/vendor/golang.org/x/tools/internal/gcimporter/bimport.go +++ b/vendor/golang.org/x/tools/internal/gcimporter/bimport.go @@ -34,7 +34,7 @@ type fileInfo struct { const maxlines = 64 * 1024 func (s *fakeFileSet) pos(file string, line, column int) token.Pos { - // TODO(mdempsky): Make use of column. + _ = column // TODO(mdempsky): Make use of column. // Since we don't know the set of needed file positions, we reserve maxlines // positions per file. We delay calling token.File.SetLines until all diff --git a/vendor/golang.org/x/tools/internal/gcimporter/iexport.go b/vendor/golang.org/x/tools/internal/gcimporter/iexport.go index 4a4357d2bd..2bef2b058b 100644 --- a/vendor/golang.org/x/tools/internal/gcimporter/iexport.go +++ b/vendor/golang.org/x/tools/internal/gcimporter/iexport.go @@ -829,8 +829,7 @@ func (p *iexporter) doDecl(obj types.Object) { // their name must be qualified before exporting recv. if rparams := sig.RecvTypeParams(); rparams.Len() > 0 { prefix := obj.Name() + "." + m.Name() - for i := 0; i < rparams.Len(); i++ { - rparam := rparams.At(i) + for rparam := range rparams.TypeParams() { name := tparamExportName(prefix, rparam) w.p.tparamNames[rparam.Obj()] = name } @@ -944,6 +943,13 @@ func (w *exportWriter) posV0(pos token.Pos) { } func (w *exportWriter) pkg(pkg *types.Package) { + if pkg == nil { + // [exportWriter.typ] accepts a nil pkg only for types + // of constants, which cannot contain named objects + // such as fields or methods and thus should never + // reach this method (#76222). + panic("nil package") + } // Ensure any referenced packages are declared in the main index. w.p.allPkgs[pkg] = true @@ -959,9 +965,11 @@ func (w *exportWriter) qualifiedType(obj *types.TypeName) { w.pkg(obj.Pkg()) } -// TODO(rfindley): what does 'pkg' even mean here? It would be better to pass -// it in explicitly into signatures and structs that may use it for -// constructing fields. +// typ emits the specified type. +// +// Objects within the type (struct fields and interface methods) are +// qualified by pkg. It may be nil if the type cannot contain objects, +// such as the type of a constant. func (w *exportWriter) typ(t types.Type, pkg *types.Package) { w.data.uint64(w.p.typOff(t, pkg)) } @@ -991,6 +999,7 @@ func (w *exportWriter) startType(k itag) { w.data.uint64(uint64(k)) } +// doTyp is the implementation of [exportWriter.typ]. func (w *exportWriter) doTyp(t types.Type, pkg *types.Package) { if trace { w.p.trace("exporting type %s (%T)", t, t) @@ -1064,7 +1073,7 @@ func (w *exportWriter) doTyp(t types.Type, pkg *types.Package) { case *types.Signature: w.startType(signatureType) - w.pkg(pkg) + w.pkg(pkg) // qualifies param/result vars w.signature(t) case *types.Struct: @@ -1110,19 +1119,19 @@ func (w *exportWriter) doTyp(t types.Type, pkg *types.Package) { case *types.Interface: w.startType(interfaceType) - w.pkg(pkg) + w.pkg(pkg) // qualifies unexported method funcs n := t.NumEmbeddeds() w.uint64(uint64(n)) for i := 0; i < n; i++ { ft := t.EmbeddedType(i) - tPkg := pkg if named, _ := types.Unalias(ft).(*types.Named); named != nil { w.pos(named.Obj().Pos()) } else { + // e.g. ~int w.pos(token.NoPos) } - w.typ(ft, tPkg) + w.typ(ft, pkg) } // See comment for struct fields. In shallow mode we change the encoding @@ -1223,20 +1232,19 @@ func (w *exportWriter) signature(sig *types.Signature) { func (w *exportWriter) typeList(ts *types.TypeList, pkg *types.Package) { w.uint64(uint64(ts.Len())) - for i := 0; i < ts.Len(); i++ { - w.typ(ts.At(i), pkg) + for t := range ts.Types() { + w.typ(t, pkg) } } func (w *exportWriter) tparamList(prefix string, list *types.TypeParamList, pkg *types.Package) { ll := uint64(list.Len()) w.uint64(ll) - for i := 0; i < list.Len(); i++ { - tparam := list.At(i) + for tparam := range list.TypeParams() { // Set the type parameter exportName before exporting its type. exportName := tparamExportName(prefix, tparam) w.p.tparamNames[tparam.Obj()] = exportName - w.typ(list.At(i), pkg) + w.typ(tparam, pkg) } } diff --git a/vendor/golang.org/x/tools/internal/gcimporter/iimport.go b/vendor/golang.org/x/tools/internal/gcimporter/iimport.go index 82e6c9d2dc..4d6d50094a 100644 --- a/vendor/golang.org/x/tools/internal/gcimporter/iimport.go +++ b/vendor/golang.org/x/tools/internal/gcimporter/iimport.go @@ -432,10 +432,10 @@ func (p *iimporter) doDecl(pkg *types.Package, name string) { errorf("%v.%v not in index", pkg, name) } - r := &importReader{p: p, currPkg: pkg} + r := &importReader{p: p} r.declReader.Reset(p.declData[off:]) - r.obj(name) + r.obj(pkg, name) } func (p *iimporter) stringAt(off uint64) string { @@ -551,7 +551,6 @@ func canReuse(def *types.Named, rhs types.Type) bool { type importReader struct { p *iimporter declReader bytes.Reader - currPkg *types.Package prevFile string prevLine int64 prevColumn int64 @@ -565,7 +564,8 @@ type importReader struct { // for 1.24, but the fix was not worth back-porting). var markBlack = func(name *types.TypeName) {} -func (r *importReader) obj(name string) { +// obj decodes and declares the package-level object denoted by (pkg, name). +func (r *importReader) obj(pkg *types.Package, name string) { tag := r.byte() pos := r.pos() @@ -576,27 +576,27 @@ func (r *importReader) obj(name string) { tparams = r.tparamList() } typ := r.typ() - obj := aliases.NewAlias(r.p.aliases, pos, r.currPkg, name, typ, tparams) + obj := aliases.NewAlias(r.p.aliases, pos, pkg, name, typ, tparams) markBlack(obj) // workaround for golang/go#69912 r.declare(obj) case constTag: typ, val := r.value() - r.declare(types.NewConst(pos, r.currPkg, name, typ, val)) + r.declare(types.NewConst(pos, pkg, name, typ, val)) case funcTag, genericFuncTag: var tparams []*types.TypeParam if tag == genericFuncTag { tparams = r.tparamList() } - sig := r.signature(nil, nil, tparams) - r.declare(types.NewFunc(pos, r.currPkg, name, sig)) + sig := r.signature(pkg, nil, nil, tparams) + r.declare(types.NewFunc(pos, pkg, name, sig)) case typeTag, genericTypeTag: // Types can be recursive. We need to setup a stub // declaration before recursing. - obj := types.NewTypeName(pos, r.currPkg, name, nil) + obj := types.NewTypeName(pos, pkg, name, nil) named := types.NewNamed(obj, nil, nil) markBlack(obj) // workaround for golang/go#69912 @@ -616,7 +616,7 @@ func (r *importReader) obj(name string) { for n := r.uint64(); n > 0; n-- { mpos := r.pos() mname := r.ident() - recv := r.param() + recv := r.param(pkg) // If the receiver has any targs, set those as the // rparams of the method (since those are the @@ -630,9 +630,9 @@ func (r *importReader) obj(name string) { rparams[i] = types.Unalias(targs.At(i)).(*types.TypeParam) } } - msig := r.signature(recv, rparams, nil) + msig := r.signature(pkg, recv, rparams, nil) - named.AddMethod(types.NewFunc(mpos, r.currPkg, mname, msig)) + named.AddMethod(types.NewFunc(mpos, pkg, mname, msig)) } } @@ -644,12 +644,12 @@ func (r *importReader) obj(name string) { errorf("unexpected type param type") } name0 := tparamName(name) - tn := types.NewTypeName(pos, r.currPkg, name0, nil) + tn := types.NewTypeName(pos, pkg, name0, nil) t := types.NewTypeParam(tn, nil) // To handle recursive references to the typeparam within its // bound, save the partial type in tparamIndex before reading the bounds. - id := ident{r.currPkg, name} + id := ident{pkg, name} r.p.tparamIndex[id] = t var implicit bool if r.p.version >= iexportVersionGo1_18 { @@ -672,7 +672,7 @@ func (r *importReader) obj(name string) { case varTag: typ := r.typ() - v := types.NewVar(pos, r.currPkg, name, typ) + v := types.NewVar(pos, pkg, name, typ) typesinternal.SetVarKind(v, typesinternal.PackageVar) r.declare(v) @@ -905,11 +905,11 @@ func (r *importReader) doType(base *types.Named) (res types.Type) { case mapType: return types.NewMap(r.typ(), r.typ()) case signatureType: - r.currPkg = r.pkg() - return r.signature(nil, nil, nil) + paramPkg := r.pkg() + return r.signature(paramPkg, nil, nil, nil) case structType: - r.currPkg = r.pkg() + fieldPkg := r.pkg() fields := make([]*types.Var, r.uint64()) tags := make([]string, len(fields)) @@ -932,7 +932,7 @@ func (r *importReader) doType(base *types.Named) (res types.Type) { // discussed in iexport.go, this is not correct, but mostly works and is // preferable to failing (for now at least). if field == nil { - field = types.NewField(fpos, r.currPkg, fname, ftyp, emb) + field = types.NewField(fpos, fieldPkg, fname, ftyp, emb) } fields[i] = field @@ -941,7 +941,7 @@ func (r *importReader) doType(base *types.Named) (res types.Type) { return types.NewStruct(fields, tags) case interfaceType: - r.currPkg = r.pkg() + methodPkg := r.pkg() // qualifies methods and their param/result vars embeddeds := make([]types.Type, r.uint64()) for i := range embeddeds { @@ -963,12 +963,12 @@ func (r *importReader) doType(base *types.Named) (res types.Type) { // don't agree with this. var recv *types.Var if base != nil { - recv = types.NewVar(token.NoPos, r.currPkg, "", base) + recv = types.NewVar(token.NoPos, methodPkg, "", base) } - msig := r.signature(recv, nil, nil) + msig := r.signature(methodPkg, recv, nil, nil) if method == nil { - method = types.NewFunc(mpos, r.currPkg, mname, msig) + method = types.NewFunc(mpos, methodPkg, mname, msig) } methods[i] = method } @@ -1049,9 +1049,9 @@ func (r *importReader) objectPathObject() types.Object { return obj } -func (r *importReader) signature(recv *types.Var, rparams []*types.TypeParam, tparams []*types.TypeParam) *types.Signature { - params := r.paramList() - results := r.paramList() +func (r *importReader) signature(paramPkg *types.Package, recv *types.Var, rparams []*types.TypeParam, tparams []*types.TypeParam) *types.Signature { + params := r.paramList(paramPkg) + results := r.paramList(paramPkg) variadic := params.Len() > 0 && r.bool() return types.NewSignatureType(recv, rparams, tparams, params, results, variadic) } @@ -1070,19 +1070,19 @@ func (r *importReader) tparamList() []*types.TypeParam { return xs } -func (r *importReader) paramList() *types.Tuple { +func (r *importReader) paramList(pkg *types.Package) *types.Tuple { xs := make([]*types.Var, r.uint64()) for i := range xs { - xs[i] = r.param() + xs[i] = r.param(pkg) } return types.NewTuple(xs...) } -func (r *importReader) param() *types.Var { +func (r *importReader) param(pkg *types.Package) *types.Var { pos := r.pos() name := r.ident() typ := r.typ() - return types.NewParam(pos, r.currPkg, name, typ) + return types.NewParam(pos, pkg, name, typ) } func (r *importReader) bool() bool { diff --git a/vendor/golang.org/x/tools/internal/imports/sortimports.go b/vendor/golang.org/x/tools/internal/imports/sortimports.go index 67c17bc431..f390be90f1 100644 --- a/vendor/golang.org/x/tools/internal/imports/sortimports.go +++ b/vendor/golang.org/x/tools/internal/imports/sortimports.go @@ -11,6 +11,7 @@ import ( "go/ast" "go/token" "log" + "reflect" "slices" "sort" "strconv" @@ -65,7 +66,7 @@ func sortImports(localPrefix string, tokFile *token.File, f *ast.File) { } // mergeImports merges all the import declarations into the first one. -// Taken from golang.org/x/tools/ast/astutil. +// Taken from golang.org/x/tools/go/ast/astutil. // This does not adjust line numbers properly func mergeImports(f *ast.File) { if len(f.Decls) <= 1 { @@ -89,7 +90,7 @@ func mergeImports(f *ast.File) { first.Lparen = first.Pos() // Move the imports of the other import declaration to the first one. for _, spec := range gen.Specs { - spec.(*ast.ImportSpec).Path.ValuePos = first.Pos() + updateBasicLitPos(spec.(*ast.ImportSpec).Path, first.Pos()) first.Specs = append(first.Specs, spec) } f.Decls = slices.Delete(f.Decls, i, i+1) @@ -98,7 +99,7 @@ func mergeImports(f *ast.File) { } // declImports reports whether gen contains an import of path. -// Taken from golang.org/x/tools/ast/astutil. +// Taken from golang.org/x/tools/go/ast/astutil. func declImports(gen *ast.GenDecl, path string) bool { if gen.Tok != token.IMPORT { return false @@ -221,7 +222,7 @@ func sortSpecs(localPrefix string, tokFile *token.File, f *ast.File, specs []ast if s.Name != nil { s.Name.NamePos = pos[i].Start } - s.Path.ValuePos = pos[i].Start + updateBasicLitPos(s.Path, pos[i].Start) s.EndPos = pos[i].End nextSpecPos := pos[i].End @@ -296,3 +297,17 @@ type byCommentPos []*ast.CommentGroup func (x byCommentPos) Len() int { return len(x) } func (x byCommentPos) Swap(i, j int) { x[i], x[j] = x[j], x[i] } func (x byCommentPos) Less(i, j int) bool { return x[i].Pos() < x[j].Pos() } + +// updateBasicLitPos updates lit.Pos, +// ensuring that lit.End (if set) is displaced by the same amount. +// (See https://go.dev/issue/76395.) +func updateBasicLitPos(lit *ast.BasicLit, pos token.Pos) { + len := lit.End() - lit.Pos() + lit.ValuePos = pos + // TODO(adonovan): after go1.26, simplify to: + // lit.ValueEnd = pos + len + v := reflect.ValueOf(lit).Elem().FieldByName("ValueEnd") + if v.IsValid() && v.Int() != 0 { + v.SetInt(int64(pos + len)) + } +} diff --git a/vendor/golang.org/x/tools/internal/modindex/index.go b/vendor/golang.org/x/tools/internal/modindex/index.go index c41d1dd903..c7ef97dcd7 100644 --- a/vendor/golang.org/x/tools/internal/modindex/index.go +++ b/vendor/golang.org/x/tools/internal/modindex/index.go @@ -10,7 +10,6 @@ import ( "encoding/csv" "fmt" "io" - "log" "os" "path/filepath" "strconv" @@ -107,14 +106,14 @@ var IndexDir string = func() string { var err error dir, err = os.UserCacheDir() // shouldn't happen, but TempDir is better than - // creating ./go/imports + // creating ./goimports if err != nil { dir = os.TempDir() } } dir = filepath.Join(dir, "goimports") if err := os.MkdirAll(dir, 0777); err != nil { - log.Printf("failed to create modcache index dir: %v", err) + dir = "" // #75505, people complain about the error message } return dir }() @@ -127,6 +126,9 @@ func Read(gomodcache string) (*Index, error) { if err != nil { return nil, err } + if IndexDir == "" { + return nil, os.ErrNotExist + } // Read the "link" file for the specified gomodcache directory. // It names the payload file. @@ -227,6 +229,9 @@ func readIndexFrom(gomodcache string, r io.Reader) (*Index, error) { // write writes the index file and updates the index directory to refer to it. func write(gomodcache string, ix *Index) error { + if IndexDir == "" { + return os.ErrNotExist + } // Write the index into a payload file with a fresh name. f, err := os.CreateTemp(IndexDir, fmt.Sprintf("index-%d-*", CurrentVersion)) if err != nil { diff --git a/vendor/golang.org/x/tools/internal/modindex/lookup.go b/vendor/golang.org/x/tools/internal/modindex/lookup.go index 0c011a99b3..83bd49cd4b 100644 --- a/vendor/golang.org/x/tools/internal/modindex/lookup.go +++ b/vendor/golang.org/x/tools/internal/modindex/lookup.go @@ -8,6 +8,8 @@ import ( "slices" "strconv" "strings" + + "golang.org/x/mod/module" ) type Candidate struct { @@ -104,11 +106,15 @@ func (ix *Index) Lookup(pkgName, name string, prefix bool) []Candidate { if len(flds) < 2 { continue // should never happen } + impPath, err := module.UnescapePath(e.ImportPath) + if err != nil { + continue + } px := Candidate{ PkgName: pkgName, Name: flds[0], Dir: string(e.Dir), - ImportPath: e.ImportPath, + ImportPath: impPath, Type: asLexType(flds[1][0]), Deprecated: len(flds[1]) > 1 && flds[1][1] == 'D', } diff --git a/vendor/golang.org/x/tools/internal/moreiters/iters.go b/vendor/golang.org/x/tools/internal/moreiters/iters.go index 69c76ccb9b..9e4aaf9485 100644 --- a/vendor/golang.org/x/tools/internal/moreiters/iters.go +++ b/vendor/golang.org/x/tools/internal/moreiters/iters.go @@ -45,3 +45,11 @@ func Any[T any](seq iter.Seq[T], pred func(T) bool) bool { } return false } + +// Len returns the number of elements in the sequence (by iterating). +func Len[T any](seq iter.Seq[T]) (n int) { + for range seq { + n++ + } + return +} diff --git a/vendor/golang.org/x/tools/internal/packagepath/packagepath.go b/vendor/golang.org/x/tools/internal/packagepath/packagepath.go new file mode 100644 index 0000000000..fa39a13f9e --- /dev/null +++ b/vendor/golang.org/x/tools/internal/packagepath/packagepath.go @@ -0,0 +1,49 @@ +// Copyright 2025 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// Package packagepath provides metadata operations on package path +// strings. +package packagepath + +// (This package should not depend on go/ast.) +import "strings" + +// CanImport reports whether one package is allowed to import another. +// +// TODO(adonovan): allow customization of the accessibility relation +// (e.g. for Bazel). +func CanImport(from, to string) bool { + // TODO(adonovan): better segment hygiene. + if to == "internal" || strings.HasPrefix(to, "internal/") { + // Special case: only std packages may import internal/... + // We can't reliably know whether we're in std, so we + // use a heuristic on the first segment. + first, _, _ := strings.Cut(from, "/") + if strings.Contains(first, ".") { + return false // example.com/foo ∉ std + } + if first == "testdata" { + return false // testdata/foo ∉ std + } + } + if strings.HasSuffix(to, "/internal") { + return strings.HasPrefix(from, to[:len(to)-len("/internal")]) + } + if i := strings.LastIndex(to, "/internal/"); i >= 0 { + return strings.HasPrefix(from, to[:i]) + } + return true +} + +// IsStdPackage reports whether the specified package path belongs to a +// package in the standard library (including internal dependencies). +func IsStdPackage(path string) bool { + // A standard package has no dot in its first segment. + // (It may yet have a dot, e.g. "vendor/golang.org/x/foo".) + slash := strings.IndexByte(path, '/') + if slash < 0 { + slash = len(path) + } + return !strings.Contains(path[:slash], ".") && path != "testdata" +} diff --git a/vendor/golang.org/x/tools/internal/refactor/delete.go b/vendor/golang.org/x/tools/internal/refactor/delete.go index aa8ba5af4c..54d0b5f038 100644 --- a/vendor/golang.org/x/tools/internal/refactor/delete.go +++ b/vendor/golang.org/x/tools/internal/refactor/delete.go @@ -13,15 +13,15 @@ import ( "go/types" "slices" - "golang.org/x/tools/go/analysis" "golang.org/x/tools/go/ast/edge" "golang.org/x/tools/go/ast/inspector" "golang.org/x/tools/internal/astutil" "golang.org/x/tools/internal/typesinternal" + "golang.org/x/tools/internal/typesinternal/typeindex" ) -// DeleteVar returns edits to delete the declaration of a variable -// whose defining identifier is curId. +// DeleteVar returns edits to delete the declaration of a variable or +// constant whose defining identifier is curId. // // It handles variants including: // - GenDecl > ValueSpec versus AssignStmt; @@ -31,7 +31,7 @@ import ( // // If it cannot make the necessary edits, such as for a function // parameter or result, it returns nil. -func DeleteVar(tokFile *token.File, info *types.Info, curId inspector.Cursor) []analysis.TextEdit { +func DeleteVar(tokFile *token.File, info *types.Info, curId inspector.Cursor) []Edit { switch ek, _ := curId.ParentEdge(); ek { case edge.ValueSpec_Names: return deleteVarFromValueSpec(tokFile, info, curId) @@ -45,10 +45,13 @@ func DeleteVar(tokFile *token.File, info *types.Info, curId inspector.Cursor) [] return nil } +// deleteVarFromValueSpec returns edits to delete the declaration of a +// variable or constant within a ValueSpec. +// // Precondition: curId is Ident beneath ValueSpec.Names beneath GenDecl. // // See also [deleteVarFromAssignStmt], which has parallel structure. -func deleteVarFromValueSpec(tokFile *token.File, info *types.Info, curIdent inspector.Cursor) []analysis.TextEdit { +func deleteVarFromValueSpec(tokFile *token.File, info *types.Info, curIdent inspector.Cursor) []Edit { var ( id = curIdent.Node().(*ast.Ident) curSpec = curIdent.Parent() @@ -91,13 +94,13 @@ func deleteVarFromValueSpec(tokFile *token.File, info *types.Info, curIdent insp pos = spec.Names[index].Pos() end = spec.Names[index+1].Pos() } - return []analysis.TextEdit{{ + return []Edit{{ Pos: pos, End: end, }} } - // If the assignment is 1:1 and the RHS has no effects, + // If the assignment is n:n and the RHS has no effects, // we can delete the LHS and its corresponding RHS. if len(spec.Names) == len(spec.Values) && typesinternal.NoEffects(info, spec.Values[index]) { @@ -107,7 +110,7 @@ func deleteVarFromValueSpec(tokFile *token.File, info *types.Info, curIdent insp // // var _, lhs1 = rhs0, rhs1 // ------ ------ - return []analysis.TextEdit{ + return []Edit{ { Pos: spec.Names[index-1].End(), End: spec.Names[index].End(), @@ -122,7 +125,7 @@ func deleteVarFromValueSpec(tokFile *token.File, info *types.Info, curIdent insp // // var lhs0, _ = rhs0, rhs1 // ------ ------ - return []analysis.TextEdit{ + return []Edit{ { Pos: spec.Names[index].Pos(), End: spec.Names[index+1].Pos(), @@ -137,7 +140,7 @@ func deleteVarFromValueSpec(tokFile *token.File, info *types.Info, curIdent insp // We cannot delete the RHS. // Blank out the LHS. - return []analysis.TextEdit{{ + return []Edit{{ Pos: id.Pos(), End: id.End(), NewText: []byte("_"), @@ -147,7 +150,7 @@ func deleteVarFromValueSpec(tokFile *token.File, info *types.Info, curIdent insp // Precondition: curId is Ident beneath AssignStmt.Lhs. // // See also [deleteVarFromValueSpec], which has parallel structure. -func deleteVarFromAssignStmt(tokFile *token.File, info *types.Info, curIdent inspector.Cursor) []analysis.TextEdit { +func deleteVarFromAssignStmt(tokFile *token.File, info *types.Info, curIdent inspector.Cursor) []Edit { var ( id = curIdent.Node().(*ast.Ident) curStmt = curIdent.Parent() @@ -188,7 +191,7 @@ func deleteVarFromAssignStmt(tokFile *token.File, info *types.Info, curIdent ins // // _, lhs1 := rhs0, rhs1 // ------ ------ - return []analysis.TextEdit{ + return []Edit{ { Pos: assign.Lhs[index-1].End(), End: assign.Lhs[index].End(), @@ -203,7 +206,7 @@ func deleteVarFromAssignStmt(tokFile *token.File, info *types.Info, curIdent ins // // lhs0, _ := rhs0, rhs1 // ------ ------ - return []analysis.TextEdit{ + return []Edit{ { Pos: assign.Lhs[index].Pos(), End: assign.Lhs[index+1].Pos(), @@ -218,7 +221,7 @@ func deleteVarFromAssignStmt(tokFile *token.File, info *types.Info, curIdent ins // We cannot delete the RHS. // Blank out the LHS. - edits := []analysis.TextEdit{{ + edits := []Edit{{ Pos: id.Pos(), End: id.End(), NewText: []byte("_"), @@ -229,7 +232,7 @@ func deleteVarFromAssignStmt(tokFile *token.File, info *types.Info, curIdent ins // assignment to avoid a "no new variables on left // side of :=" error. if !declaresOtherNames { - edits = append(edits, analysis.TextEdit{ + edits = append(edits, Edit{ Pos: assign.TokPos, End: assign.TokPos + token.Pos(len(":=")), NewText: []byte("="), @@ -239,12 +242,12 @@ func deleteVarFromAssignStmt(tokFile *token.File, info *types.Info, curIdent ins return edits } -// DeleteSpec returns edits to delete the ValueSpec identified by curSpec. +// DeleteSpec returns edits to delete the {Type,Value}Spec identified by curSpec. // // TODO(adonovan): add test suite. Test for consts as well. -func DeleteSpec(tokFile *token.File, curSpec inspector.Cursor) []analysis.TextEdit { +func DeleteSpec(tokFile *token.File, curSpec inspector.Cursor) []Edit { var ( - spec = curSpec.Node().(*ast.ValueSpec) + spec = curSpec.Node().(ast.Spec) curDecl = curSpec.Parent() decl = curDecl.Node().(*ast.GenDecl) ) @@ -258,14 +261,14 @@ func DeleteSpec(tokFile *token.File, curSpec inspector.Cursor) []analysis.TextEd // Delete the spec and its comments. _, index := curSpec.ParentEdge() // index of ValueSpec within GenDecl.Specs pos, end := spec.Pos(), spec.End() - if spec.Doc != nil { - pos = spec.Doc.Pos() // leading comment + if doc := astutil.DocComment(spec); doc != nil { + pos = doc.Pos() // leading comment } if index == len(decl.Specs)-1 { // Delete final spec. - if spec.Comment != nil { + if c := eolComment(spec); c != nil { // var (v int // comment \n) - end = spec.Comment.End() + end = c.End() } } else { // Delete non-final spec. @@ -273,7 +276,7 @@ func DeleteSpec(tokFile *token.File, curSpec inspector.Cursor) []analysis.TextEd // ----- end = decl.Specs[index+1].Pos() } - return []analysis.TextEdit{{ + return []Edit{{ Pos: pos, End: end, }} @@ -282,7 +285,7 @@ func DeleteSpec(tokFile *token.File, curSpec inspector.Cursor) []analysis.TextEd // DeleteDecl returns edits to delete the ast.Decl identified by curDecl. // // TODO(adonovan): add test suite. -func DeleteDecl(tokFile *token.File, curDecl inspector.Cursor) []analysis.TextEdit { +func DeleteDecl(tokFile *token.File, curDecl inspector.Cursor) []Edit { decl := curDecl.Node().(ast.Decl) ek, _ := curDecl.ParentEdge() @@ -317,7 +320,7 @@ func DeleteDecl(tokFile *token.File, curDecl inspector.Cursor) []analysis.TextEd } } - return []analysis.TextEdit{{ + return []Edit{{ Pos: pos, End: end, }} @@ -327,107 +330,237 @@ func DeleteDecl(tokFile *token.File, curDecl inspector.Cursor) []analysis.TextEd } } +// find leftmost Pos bigger than start and rightmost less than end +func filterPos(nds []*ast.Comment, start, end token.Pos) (token.Pos, token.Pos, bool) { + l, r := end, token.NoPos + ok := false + for _, n := range nds { + if n.Pos() > start && n.Pos() < l { + l = n.Pos() + ok = true + } + if n.End() <= end && n.End() > r { + r = n.End() + ok = true + } + } + return l, r, ok +} + // DeleteStmt returns the edits to remove the [ast.Stmt] identified by -// curStmt, if it is contained within a BlockStmt, CaseClause, -// CommClause, or is the STMT in switch STMT; ... {...}. It returns nil otherwise. -func DeleteStmt(tokFile *token.File, curStmt inspector.Cursor) []analysis.TextEdit { - stmt := curStmt.Node().(ast.Stmt) - // if the stmt is on a line by itself delete the whole line - // otherwise just delete the statement. - - // this logic would be a lot simpler with the file contents, and somewhat simpler - // if the cursors included the comments. - - lineOf := tokFile.Line - stmtStartLine, stmtEndLine := lineOf(stmt.Pos()), lineOf(stmt.End()) - - var from, to token.Pos - // bounds of adjacent syntax/comments on same line, if any - limits := func(left, right token.Pos) { +// curStmt if it recognizes the context. It returns nil otherwise. +// TODO(pjw, adonovan): it should not return nil, it should return an error +// +// DeleteStmt is called with just the AST so it has trouble deciding if +// a comment is associated with the statement to be deleted. For instance, +// +// for /*A*/ init()/*B*/;/*C/cond()/*D/;/*E*/post() /*F*/ { /*G*/} +// +// comment B and C are indistinguishable, as are D and E. That is, as the +// AST does not say where the semicolons are, B and C could go either +// with the init() or the cond(), so cannot be removed safely. The same +// is true for D, E, and the post(). (And there are other similar cases.) +// But the other comments can be removed as they are unambiguously +// associated with the statement being deleted. In particular, +// it removes whole lines like +// +// stmt // comment +func DeleteStmt(file *token.File, curStmt inspector.Cursor) []Edit { + // if the stmt is on a line by itself, or a range of lines, delete the whole thing + // including comments. Except for the heads of switches, type + // switches, and for-statements that's the usual case. Complexity occurs where + // there are multiple statements on the same line, and adjacent comments. + + // In that case we remove some adjacent comments: + // In me()/*A*/;b(), comment A cannot be removed, because the ast + // is indistinguishable from me();/*A*/b() + // and the same for cases like switch me()/*A*/; x.(type) { + + // this would be more precise with the file contents, or if the ast + // contained the location of semicolons + var ( + stmt = curStmt.Node().(ast.Stmt) + tokFile = file + lineOf = tokFile.Line + stmtStartLine = lineOf(stmt.Pos()) + stmtEndLine = lineOf(stmt.End()) + + leftSyntax, rightSyntax token.Pos // pieces of parent node on stmt{Start,End}Line + leftComments, rightComments []*ast.Comment // comments before/after stmt on the same line + ) + + // remember the Pos that are on the same line as stmt + use := func(left, right token.Pos) { if lineOf(left) == stmtStartLine { - from = left + leftSyntax = left } if lineOf(right) == stmtEndLine { - to = right + rightSyntax = right } } - // TODO(pjw): there are other places a statement might be removed: - // IfStmt = "if" [ SimpleStmt ";" ] Expression Block [ "else" ( IfStmt | Block ) ] . - // (removing the blocks requires more rewriting than this routine would do) - // CommCase = "case" ( SendStmt | RecvStmt ) | "default" . - // (removing the stmt requires more rewriting, and it's unclear what the user means) - switch parent := curStmt.Parent().Node().(type) { - case *ast.SwitchStmt: - limits(parent.Switch, parent.Body.Lbrace) - case *ast.TypeSwitchStmt: - limits(parent.Switch, parent.Body.Lbrace) - if parent.Assign == stmt { - return nil // don't let the user break the type switch + + // find the comments, if any, on the same line +Big: + for _, cg := range astutil.EnclosingFile(curStmt).Comments { + for _, co := range cg.List { + if lineOf(co.End()) < stmtStartLine { + continue + } else if lineOf(co.Pos()) > stmtEndLine { + break Big // no more are possible + } + if lineOf(co.End()) == stmtStartLine && co.End() <= stmt.Pos() { + // comment is before the statement + leftComments = append(leftComments, co) + } else if lineOf(co.Pos()) == stmtEndLine && co.Pos() >= stmt.End() { + // comment is after the statement + rightComments = append(rightComments, co) + } } + } + + // find any other syntax on the same line + var ( + leftStmt, rightStmt token.Pos // end/start positions of sibling statements in a []Stmt list + inStmtList = false + curParent = curStmt.Parent() + ) + switch parent := curParent.Node().(type) { case *ast.BlockStmt: - limits(parent.Lbrace, parent.Rbrace) + use(parent.Lbrace, parent.Rbrace) + inStmtList = true + case *ast.CaseClause: + use(parent.Colon, curStmt.Parent().Parent().Node().(*ast.BlockStmt).Rbrace) + inStmtList = true case *ast.CommClause: - limits(parent.Colon, curStmt.Parent().Parent().Node().(*ast.BlockStmt).Rbrace) if parent.Comm == stmt { return nil // maybe the user meant to remove the entire CommClause? } - case *ast.CaseClause: - limits(parent.Colon, curStmt.Parent().Parent().Node().(*ast.BlockStmt).Rbrace) + use(parent.Colon, curStmt.Parent().Parent().Node().(*ast.BlockStmt).Rbrace) + inStmtList = true case *ast.ForStmt: - limits(parent.For, parent.Body.Lbrace) - + use(parent.For, parent.Body.Lbrace) + // special handling, as init;cond;post BlockStmt is not a statment list + if parent.Init != nil && parent.Cond != nil && stmt == parent.Init && lineOf(parent.Cond.Pos()) == lineOf(stmt.End()) { + rightStmt = parent.Cond.Pos() + } else if parent.Post != nil && parent.Cond != nil && stmt == parent.Post && lineOf(parent.Cond.End()) == lineOf(stmt.Pos()) { + leftStmt = parent.Cond.End() + } + case *ast.IfStmt: + switch stmt { + case parent.Init: + use(parent.If, parent.Body.Lbrace) + case parent.Else: + // stmt is the {...} in "if cond {} else {...}" and removing + // it would require removing the 'else' keyword, but the ast + // does not contain its position. + return nil + } + case *ast.SwitchStmt: + use(parent.Switch, parent.Body.Lbrace) + case *ast.TypeSwitchStmt: + if stmt == parent.Assign { + return nil // don't remove .(type) + } + use(parent.Switch, parent.Body.Lbrace) default: return nil // not one of ours } - if prev, found := curStmt.PrevSibling(); found && lineOf(prev.Node().End()) == stmtStartLine { - from = prev.Node().End() // preceding statement ends on same line + if inStmtList { + // find the siblings, if any, on the same line + if prev, found := curStmt.PrevSibling(); found && lineOf(prev.Node().End()) == stmtStartLine { + if _, ok := prev.Node().(ast.Stmt); ok { + leftStmt = prev.Node().End() // preceding statement ends on same line + } + } + if next, found := curStmt.NextSibling(); found && lineOf(next.Node().Pos()) == stmtEndLine { + rightStmt = next.Node().Pos() // following statement begins on same line + } } - if next, found := curStmt.NextSibling(); found && lineOf(next.Node().Pos()) == stmtEndLine { - to = next.Node().Pos() // following statement begins on same line + + // compute the left and right limits of the edit + var leftEdit, rightEdit token.Pos + if leftStmt.IsValid() { + leftEdit = stmt.Pos() // can't remove preceding comments: a()/*A*/; me() + } else if leftSyntax.IsValid() { + // remove intervening leftComments + if a, _, ok := filterPos(leftComments, leftSyntax, stmt.Pos()); ok { + leftEdit = a + } else { + leftEdit = stmt.Pos() + } + } else { // remove whole line + for leftEdit = stmt.Pos(); lineOf(leftEdit) == stmtStartLine; leftEdit-- { + } + if leftEdit < stmt.Pos() { + leftEdit++ // beginning of line + } } - // and now for the comments -Outer: - for _, cg := range astutil.EnclosingFile(curStmt).Comments { - for _, co := range cg.List { - if lineOf(co.End()) < stmtStartLine { - continue - } else if lineOf(co.Pos()) > stmtEndLine { - break Outer // no more are possible - } - if lineOf(co.End()) == stmtStartLine && co.End() < stmt.Pos() { - if !from.IsValid() || co.End() > from { - from = co.End() - continue // maybe there are more - } - } - if lineOf(co.Pos()) == stmtEndLine && co.Pos() > stmt.End() { - if !to.IsValid() || co.Pos() < to { - to = co.Pos() - continue // maybe there are more - } - } + if rightStmt.IsValid() { + rightEdit = stmt.End() // can't remove following comments + } else if rightSyntax.IsValid() { + // remove intervening rightComments + if _, b, ok := filterPos(rightComments, stmt.End(), rightSyntax); ok { + rightEdit = b + } else { + rightEdit = stmt.End() + } + } else { // remove whole line + fend := token.Pos(file.Base()) + token.Pos(file.Size()) + for rightEdit = stmt.End(); fend >= rightEdit && lineOf(rightEdit) == stmtEndLine; rightEdit++ { + } + // don't remove \n if there was other stuff earlier + if leftSyntax.IsValid() || leftStmt.IsValid() { + rightEdit-- } } - // if either from or to is valid, just remove the statement - // otherwise remove the line - edit := analysis.TextEdit{Pos: stmt.Pos(), End: stmt.End()} - if from.IsValid() || to.IsValid() { - // remove just the statement. - // we can't tell if there is a ; or whitespace right after the statement - // ideally we'd like to remove the former and leave the latter - // (if gofmt has run, there likely won't be a ;) - // In type switches we know there's a semicolon somewhere after the statement, - // but the extra work for this special case is not worth it, as gofmt will fix it. - return []analysis.TextEdit{edit} + + return []Edit{{Pos: leftEdit, End: rightEdit}} +} + +// DeleteUnusedVars computes the edits required to delete the +// declarations of any local variables whose last uses are in the +// curDelend subtree, which is about to be deleted. +func DeleteUnusedVars(index *typeindex.Index, info *types.Info, tokFile *token.File, curDelend inspector.Cursor) []Edit { + // TODO(adonovan): we might want to generalize this by + // splitting the two phases below, so that we can gather + // across a whole sequence of deletions then finally compute the + // set of variables that are no longer wanted. + + // Count number of deletions of each var. + delcount := make(map[*types.Var]int) + for curId := range curDelend.Preorder((*ast.Ident)(nil)) { + id := curId.Node().(*ast.Ident) + if v, ok := info.Uses[id].(*types.Var); ok && + typesinternal.GetVarKind(v) == typesinternal.LocalVar { // always false before go1.25 + delcount[v]++ + } } - // remove the whole line - for lineOf(edit.Pos) == stmtStartLine { - edit.Pos-- + + // Delete declaration of each var that became unused. + var edits []Edit + for v, count := range delcount { + if len(slices.Collect(index.Uses(v))) == count { + if curDefId, ok := index.Def(v); ok { + edits = append(edits, DeleteVar(tokFile, info, curDefId)...) + } + } } - edit.Pos++ // get back tostmtStartLine - for lineOf(edit.End) == stmtEndLine { - edit.End++ + return edits +} + +func eolComment(n ast.Node) *ast.CommentGroup { + // TODO(adonovan): support: + // func f() {...} // comment + switch n := n.(type) { + case *ast.GenDecl: + if !n.TokPos.IsValid() && len(n.Specs) == 1 { + return eolComment(n.Specs[0]) + } + case *ast.ValueSpec: + return n.Comment + case *ast.TypeSpec: + return n.Comment } - return []analysis.TextEdit{edit} + return nil } diff --git a/vendor/golang.org/x/tools/internal/refactor/edit.go b/vendor/golang.org/x/tools/internal/refactor/edit.go new file mode 100644 index 0000000000..42be9a54b4 --- /dev/null +++ b/vendor/golang.org/x/tools/internal/refactor/edit.go @@ -0,0 +1,15 @@ +// Copyright 2025 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file.p + +package refactor + +// This is the only file in this package that should import analysis. +// +// TODO(adonovan): consider unaliasing the type to break the +// dependency. (The ergonomics of slice append are unfortunate.) + +import "golang.org/x/tools/go/analysis" + +// An Edit describes a deletion and/or an insertion. +type Edit = analysis.TextEdit diff --git a/vendor/golang.org/x/tools/internal/refactor/imports.go b/vendor/golang.org/x/tools/internal/refactor/imports.go index 1ba3a9609f..e1860ab065 100644 --- a/vendor/golang.org/x/tools/internal/refactor/imports.go +++ b/vendor/golang.org/x/tools/internal/refactor/imports.go @@ -7,14 +7,13 @@ package refactor // This file defines operations for computing edits to imports. import ( - "fmt" "go/ast" "go/token" "go/types" pathpkg "path" + "strconv" - "golang.org/x/tools/go/analysis" - "golang.org/x/tools/internal/analysisinternal" + "golang.org/x/tools/internal/packagepath" ) // AddImport returns the prefix (either "pkg." or "") that should be @@ -35,7 +34,7 @@ import ( // package declares member. // // AddImport does not mutate its arguments. -func AddImport(info *types.Info, file *ast.File, preferredName, pkgpath, member string, pos token.Pos) (prefix string, edits []analysis.TextEdit) { +func AddImport(info *types.Info, file *ast.File, preferredName, pkgpath, member string, pos token.Pos) (prefix string, edits []Edit) { // Find innermost enclosing lexical block. scope := info.Scopes[file].Innermost(pos) if scope == nil { @@ -69,41 +68,61 @@ func AddImport(info *types.Info, file *ast.File, preferredName, pkgpath, member newName := preferredName if preferredName != "_" { newName = FreshName(scope, pos, preferredName) + prefix = newName + "." } - // Create a new import declaration either before the first existing - // declaration (which must exist), including its comments; or - // inside the declaration, if it is an import group. - // // Use a renaming import whenever the preferred name is not // available, or the chosen name does not match the last // segment of its path. - newText := fmt.Sprintf("%q", pkgpath) - if newName != preferredName || newName != pathpkg.Base(pkgpath) { - newText = fmt.Sprintf("%s %q", newName, pkgpath) + if newName == preferredName && newName == pathpkg.Base(pkgpath) { + newName = "" + } + + return prefix, AddImportEdits(file, newName, pkgpath) +} + +// AddImportEdits returns the edits to add an import of the specified +// package, without any analysis of whether this is necessary or safe. +// If name is nonempty, it is used as an explicit [ImportSpec.Name]. +// +// A sequence of calls to AddImportEdits that each add the file's +// first import (or in a file that does not have a grouped import) may +// result in multiple import declarations, rather than a single one +// with multiple ImportSpecs. However, a subsequent run of +// x/tools/cmd/goimports ([imports.Process]) will combine them. +// +// AddImportEdits does not mutate the AST. +func AddImportEdits(file *ast.File, name, pkgpath string) []Edit { + newText := strconv.Quote(pkgpath) + if name != "" { + newText = name + " " + newText } + // Create a new import declaration either before the first existing + // declaration (which must exist), including its comments; or + // inside the declaration, if it is an import group. decl0 := file.Decls[0] - var before ast.Node = decl0 + before := decl0.Pos() switch decl0 := decl0.(type) { case *ast.GenDecl: if decl0.Doc != nil { - before = decl0.Doc + before = decl0.Doc.Pos() } case *ast.FuncDecl: if decl0.Doc != nil { - before = decl0.Doc + before = decl0.Doc.Pos() } } - if gd, ok := before.(*ast.GenDecl); ok && gd.Tok == token.IMPORT && gd.Rparen.IsValid() { + var pos token.Pos + if gd, ok := decl0.(*ast.GenDecl); ok && gd.Tok == token.IMPORT && gd.Rparen.IsValid() { // Have existing grouped import ( ... ) decl. - if analysisinternal.IsStdPackage(pkgpath) && len(gd.Specs) > 0 { + if packagepath.IsStdPackage(pkgpath) && len(gd.Specs) > 0 { // Add spec for a std package before // first existing spec, followed by // a blank line if the next one is non-std. first := gd.Specs[0].(*ast.ImportSpec) pos = first.Pos() - if !analysisinternal.IsStdPackage(first.Path.Value) { + if !packagepath.IsStdPackage(first.Path.Value) { newText += "\n" } newText += "\n\t" @@ -116,10 +135,13 @@ func AddImport(info *types.Info, file *ast.File, preferredName, pkgpath, member // No import decl, or non-grouped import. // Add a new import decl before first decl. // (gofmt will merge multiple import decls.) - pos = before.Pos() + // + // TODO(adonovan): do better here; plunder the + // mergeImports logic from [imports.Process]. + pos = before newText = "import " + newText + "\n\n" } - return newName + ".", []analysis.TextEdit{{ + return []Edit{{ Pos: pos, End: pos, NewText: []byte(newText), diff --git a/vendor/golang.org/x/tools/internal/refactor/refactor.go b/vendor/golang.org/x/tools/internal/refactor/refactor.go index 27b9750896..8664377f85 100644 --- a/vendor/golang.org/x/tools/internal/refactor/refactor.go +++ b/vendor/golang.org/x/tools/internal/refactor/refactor.go @@ -5,8 +5,7 @@ // Package refactor provides operators to compute common textual edits // for refactoring tools. // -// This package should not use features of the analysis API -// other than [analysis.TextEdit]. +// This package should not use features of the analysis API other than [Edit]. package refactor import ( @@ -17,6 +16,11 @@ import ( // FreshName returns the name of an identifier that is undefined // at the specified position, based on the preferred name. +// +// TODO(adonovan): refine this to choose a fresh name only when there +// would be a conflict with the existing declaration: it's fine to +// redeclare a name in a narrower scope so long as there are no free +// references to the outer name from within the narrower scope. func FreshName(scope *types.Scope, pos token.Pos, preferred string) string { newName := preferred for i := 0; ; i++ { diff --git a/vendor/golang.org/x/tools/internal/stdlib/deps.go b/vendor/golang.org/x/tools/internal/stdlib/deps.go index 96ad6c5821..f41431c949 100644 --- a/vendor/golang.org/x/tools/internal/stdlib/deps.go +++ b/vendor/golang.org/x/tools/internal/stdlib/deps.go @@ -12,354 +12,516 @@ type pkginfo struct { } var deps = [...]pkginfo{ - {"archive/tar", "\x03k\x03E;\x01\n\x01$\x01\x01\x02\x05\b\x02\x01\x02\x02\f"}, - {"archive/zip", "\x02\x04a\a\x03\x12\x021;\x01+\x05\x01\x0f\x03\x02\x0e\x04"}, - {"bufio", "\x03k\x83\x01D\x14"}, - {"bytes", "n*Y\x03\fG\x02\x02"}, + {"archive/tar", "\x03q\x03F=\x01\n\x01$\x01\x01\x02\x05\b\x02\x01\x02\x02\r"}, + {"archive/zip", "\x02\x04g\a\x03\x13\x021=\x01+\x05\x01\x0f\x03\x02\x0f\x04"}, + {"bufio", "\x03q\x86\x01D\x15"}, + {"bytes", "t+[\x03\fH\x02\x02"}, {"cmp", ""}, - {"compress/bzip2", "\x02\x02\xed\x01A"}, - {"compress/flate", "\x02l\x03\x80\x01\f\x033\x01\x03"}, - {"compress/gzip", "\x02\x04a\a\x03\x14lT"}, - {"compress/lzw", "\x02l\x03\x80\x01"}, - {"compress/zlib", "\x02\x04a\a\x03\x12\x01m"}, - {"container/heap", "\xb3\x02"}, + {"compress/bzip2", "\x02\x02\xf6\x01A"}, + {"compress/flate", "\x02r\x03\x83\x01\f\x033\x01\x03"}, + {"compress/gzip", "\x02\x04g\a\x03\x15nU"}, + {"compress/lzw", "\x02r\x03\x83\x01"}, + {"compress/zlib", "\x02\x04g\a\x03\x13\x01o"}, + {"container/heap", "\xbc\x02"}, {"container/list", ""}, {"container/ring", ""}, - {"context", "n\\m\x01\r"}, - {"crypto", "\x83\x01nC"}, - {"crypto/aes", "\x10\n\a\x93\x02"}, - {"crypto/cipher", "\x03\x1e\x01\x01\x1e\x11\x1c+X"}, - {"crypto/des", "\x10\x13\x1e-+\x9b\x01\x03"}, - {"crypto/dsa", "A\x04)\x83\x01\r"}, - {"crypto/ecdh", "\x03\v\f\x0e\x04\x15\x04\r\x1c\x83\x01"}, - {"crypto/ecdsa", "\x0e\x05\x03\x04\x01\x0e\a\v\x05\x01\x04\f\x01\x1c\x83\x01\r\x05K\x01"}, - {"crypto/ed25519", "\x0e\x1c\x11\x06\n\a\x1c\x83\x01C"}, - {"crypto/elliptic", "0>\x83\x01\r9"}, - {"crypto/fips140", " \x05"}, - {"crypto/hkdf", "-\x13\x01-\x15"}, - {"crypto/hmac", "\x1a\x14\x12\x01\x111"}, - {"crypto/internal/boring", "\x0e\x02\rf"}, - {"crypto/internal/boring/bbig", "\x1a\xe4\x01M"}, - {"crypto/internal/boring/bcache", "\xb8\x02\x13"}, + {"context", "t\\p\x01\x0e"}, + {"crypto", "\x8a\x01pC"}, + {"crypto/aes", "\x10\v\t\x99\x02"}, + {"crypto/cipher", "\x03!\x01\x01 \x12\x1c,Z"}, + {"crypto/des", "\x10\x16 .,\x9d\x01\x03"}, + {"crypto/dsa", "F\x03+\x86\x01\r"}, + {"crypto/ecdh", "\x03\v\r\x10\x04\x17\x03\x0f\x1c\x86\x01"}, + {"crypto/ecdsa", "\x0e\x05\x03\x05\x01\x10\b\v\x06\x01\x03\x0e\x01\x1c\x86\x01\r\x05L\x01"}, + {"crypto/ed25519", "\x0e\x1f\x12\a\x03\b\a\x1cI=C"}, + {"crypto/elliptic", "4@\x86\x01\r9"}, + {"crypto/fips140", "#\x05\x95\x01\x98\x01"}, + {"crypto/hkdf", "0\x15\x01.\x16"}, + {"crypto/hmac", "\x1b\x16\x14\x01\x122"}, + {"crypto/hpke", "\x03\v\x02\x03\x04\x01\f\x01\x05\x1f\x05\a\x01\x01\x1d\x03\x13\x16\x9b\x01\x1c"}, + {"crypto/internal/boring", "\x0e\x02\x0el"}, + {"crypto/internal/boring/bbig", "\x1b\xec\x01N"}, + {"crypto/internal/boring/bcache", "\xc1\x02\x14"}, {"crypto/internal/boring/sig", ""}, - {"crypto/internal/cryptotest", "\x03\r\n\x06$\x0e\x19\x06\x12\x12 \x04\a\t\x16\x01\x11\x11\x1b\x01\a\x05\b\x03\x05\v"}, - {"crypto/internal/entropy", "F"}, - {"crypto/internal/fips140", "?/\x15\xa7\x01\v\x16"}, - {"crypto/internal/fips140/aes", "\x03\x1d\x03\x02\x13\x05\x01\x01\x05*\x92\x014"}, - {"crypto/internal/fips140/aes/gcm", " \x01\x02\x02\x02\x11\x05\x01\x06*\x8f\x01"}, - {"crypto/internal/fips140/alias", "\xcb\x02"}, - {"crypto/internal/fips140/bigmod", "%\x18\x01\x06*\x92\x01"}, - {"crypto/internal/fips140/check", " \x0e\x06\t\x02\xb2\x01Z"}, - {"crypto/internal/fips140/check/checktest", "%\x85\x02!"}, - {"crypto/internal/fips140/drbg", "\x03\x1c\x01\x01\x04\x13\x05\b\x01(\x83\x01\x0f7"}, - {"crypto/internal/fips140/ecdh", "\x03\x1d\x05\x02\t\r1\x83\x01\x0f7"}, - {"crypto/internal/fips140/ecdsa", "\x03\x1d\x04\x01\x02\a\x02\x068\x15nF"}, - {"crypto/internal/fips140/ed25519", "\x03\x1d\x05\x02\x04\v8\xc6\x01\x03"}, - {"crypto/internal/fips140/edwards25519", "%\a\f\x051\x92\x017"}, - {"crypto/internal/fips140/edwards25519/field", "%\x13\x051\x92\x01"}, - {"crypto/internal/fips140/hkdf", "\x03\x1d\x05\t\x06:\x15"}, - {"crypto/internal/fips140/hmac", "\x03\x1d\x14\x01\x018\x15"}, - {"crypto/internal/fips140/mlkem", "\x03\x1d\x05\x02\x0e\x03\x051"}, - {"crypto/internal/fips140/nistec", "%\f\a\x051\x92\x01*\r\x14"}, - {"crypto/internal/fips140/nistec/fiat", "%\x136\x92\x01"}, - {"crypto/internal/fips140/pbkdf2", "\x03\x1d\x05\t\x06:\x15"}, - {"crypto/internal/fips140/rsa", "\x03\x1d\x04\x01\x02\r\x01\x01\x026\x15nF"}, - {"crypto/internal/fips140/sha256", "\x03\x1d\x1d\x01\x06*\x15}"}, - {"crypto/internal/fips140/sha3", "\x03\x1d\x18\x05\x010\x92\x01K"}, - {"crypto/internal/fips140/sha512", "\x03\x1d\x1d\x01\x06*\x15}"}, - {"crypto/internal/fips140/ssh", "%^"}, - {"crypto/internal/fips140/subtle", "#\x1a\xc3\x01"}, - {"crypto/internal/fips140/tls12", "\x03\x1d\x05\t\x06\x028\x15"}, - {"crypto/internal/fips140/tls13", "\x03\x1d\x05\b\a\t1\x15"}, - {"crypto/internal/fips140cache", "\xaa\x02\r&"}, + {"crypto/internal/constanttime", ""}, + {"crypto/internal/cryptotest", "\x03\r\v\b%\x10\x19\x06\x13\x12 \x04\x06\t\x19\x01\x11\x11\x1b\x01\a\x05\b\x03\x05\f"}, + {"crypto/internal/entropy", "K"}, + {"crypto/internal/entropy/v1.0.0", "D0\x95\x018\x14"}, + {"crypto/internal/fips140", "C1\xbf\x01\v\x17"}, + {"crypto/internal/fips140/aes", "\x03 \x03\x02\x14\x05\x01\x01\x05,\x95\x014"}, + {"crypto/internal/fips140/aes/gcm", "#\x01\x02\x02\x02\x12\x05\x01\x06,\x92\x01"}, + {"crypto/internal/fips140/alias", "\xd5\x02"}, + {"crypto/internal/fips140/bigmod", "(\x19\x01\x06,\x95\x01"}, + {"crypto/internal/fips140/check", "#\x0e\a\t\x02\xb7\x01["}, + {"crypto/internal/fips140/check/checktest", "(\x8b\x02\""}, + {"crypto/internal/fips140/drbg", "\x03\x1f\x01\x01\x04\x14\x05\n)\x86\x01\x0f7\x01"}, + {"crypto/internal/fips140/ecdh", "\x03 \x05\x02\n\r3\x86\x01\x0f7"}, + {"crypto/internal/fips140/ecdsa", "\x03 \x04\x01\x02\a\x03\x06:\x16pF"}, + {"crypto/internal/fips140/ed25519", "\x03 \x05\x02\x04\f:\xc9\x01\x03"}, + {"crypto/internal/fips140/edwards25519", "\x1f\t\a\x123\x95\x017"}, + {"crypto/internal/fips140/edwards25519/field", "(\x14\x053\x95\x01"}, + {"crypto/internal/fips140/hkdf", "\x03 \x05\t\a<\x16"}, + {"crypto/internal/fips140/hmac", "\x03 \x15\x01\x01:\x16"}, + {"crypto/internal/fips140/mldsa", "\x03\x1c\x04\x05\x02\x0e\x01\x03\x053\x95\x017"}, + {"crypto/internal/fips140/mlkem", "\x03 \x05\x02\x0f\x03\x053\xcc\x01"}, + {"crypto/internal/fips140/nistec", "\x1f\t\r\f3\x95\x01*\r\x15"}, + {"crypto/internal/fips140/nistec/fiat", "(\x148\x95\x01"}, + {"crypto/internal/fips140/pbkdf2", "\x03 \x05\t\a<\x16"}, + {"crypto/internal/fips140/rsa", "\x03\x1c\x04\x04\x01\x02\x0e\x01\x01\x028\x16pF"}, + {"crypto/internal/fips140/sha256", "\x03 \x1e\x01\x06,\x16\x7f"}, + {"crypto/internal/fips140/sha3", "\x03 \x19\x05\x012\x95\x01L"}, + {"crypto/internal/fips140/sha512", "\x03 \x1e\x01\x06,\x16\x7f"}, + {"crypto/internal/fips140/ssh", "(b"}, + {"crypto/internal/fips140/subtle", "\x1f\a\x1b\xc8\x01"}, + {"crypto/internal/fips140/tls12", "\x03 \x05\t\a\x02:\x16"}, + {"crypto/internal/fips140/tls13", "\x03 \x05\b\b\t3\x16"}, + {"crypto/internal/fips140cache", "\xb3\x02\r'"}, {"crypto/internal/fips140deps", ""}, - {"crypto/internal/fips140deps/byteorder", "\x99\x01"}, - {"crypto/internal/fips140deps/cpu", "\xae\x01\a"}, - {"crypto/internal/fips140deps/godebug", "\xb6\x01"}, - {"crypto/internal/fips140hash", "5\x1b3\xc8\x01"}, - {"crypto/internal/fips140only", "'\r\x01\x01M3;"}, + {"crypto/internal/fips140deps/byteorder", "\xa0\x01"}, + {"crypto/internal/fips140deps/cpu", "\xb5\x01\a"}, + {"crypto/internal/fips140deps/godebug", "\xbd\x01"}, + {"crypto/internal/fips140deps/time", "\xcf\x02"}, + {"crypto/internal/fips140hash", "9\x1d4\xcb\x01"}, + {"crypto/internal/fips140only", "\x17\x13\x0e\x01\x01Pp"}, {"crypto/internal/fips140test", ""}, - {"crypto/internal/hpke", "\x0e\x01\x01\x03\x053#+gM"}, - {"crypto/internal/impl", "\xb5\x02"}, - {"crypto/internal/randutil", "\xf1\x01\x12"}, - {"crypto/internal/sysrand", "nn! \r\r\x01\x01\f\x06"}, - {"crypto/internal/sysrand/internal/seccomp", "n"}, - {"crypto/md5", "\x0e3-\x15\x16g"}, - {"crypto/mlkem", "/"}, - {"crypto/pbkdf2", "2\x0e\x01-\x15"}, - {"crypto/rand", "\x1a\x06\a\x1a\x04\x01(\x83\x01\rM"}, - {"crypto/rc4", "#\x1e-\xc6\x01"}, - {"crypto/rsa", "\x0e\f\x01\t\x0f\r\x01\x04\x06\a\x1c\x03\x123;\f\x01"}, - {"crypto/sha1", "\x0e\f'\x03*\x15\x16\x15R"}, - {"crypto/sha256", "\x0e\f\x1aO"}, - {"crypto/sha3", "\x0e'N\xc8\x01"}, - {"crypto/sha512", "\x0e\f\x1cM"}, - {"crypto/subtle", "8\x9b\x01W"}, - {"crypto/tls", "\x03\b\x02\x01\x01\x01\x01\x02\x01\x01\x01\x02\x01\x01\a\x01\r\n\x01\t\x05\x03\x01\x01\x01\x01\x02\x01\x02\x01\x17\x02\x03\x12\x16\x15\b;\x16\x16\r\b\x01\x01\x01\x02\x01\r\x06\x02\x01\x0f"}, - {"crypto/tls/internal/fips140tls", "\x17\xa1\x02"}, - {"crypto/x509", "\x03\v\x01\x01\x01\x01\x01\x01\x01\x012\x05\x01\x01\x02\x05\x0e\x06\x02\x02\x03E\x038\x01\x02\b\x01\x01\x02\a\x10\x05\x01\x06\x02\x05\n\x01\x02\x0e\x02\x01\x01\x02\x03\x01"}, - {"crypto/x509/pkix", "d\x06\a\x8d\x01G"}, - {"database/sql", "\x03\nK\x16\x03\x80\x01\v\a\"\x05\b\x02\x03\x01\r\x02\x02\x02"}, - {"database/sql/driver", "\ra\x03\xb4\x01\x0f\x11"}, - {"debug/buildinfo", "\x03X\x02\x01\x01\b\a\x03e\x19\x02\x01+\x0f\x1f"}, - {"debug/dwarf", "\x03d\a\x03\x80\x011\x11\x01\x01"}, - {"debug/elf", "\x03\x06Q\r\a\x03e\x1a\x01,\x17\x01\x16"}, - {"debug/gosym", "\x03d\n\xc2\x01\x01\x01\x02"}, - {"debug/macho", "\x03\x06Q\r\ne\x1b,\x17\x01"}, - {"debug/pe", "\x03\x06Q\r\a\x03e\x1b,\x17\x01\x16"}, - {"debug/plan9obj", "g\a\x03e\x1b,"}, - {"embed", "n*@\x19\x01S"}, + {"crypto/internal/impl", "\xbe\x02"}, + {"crypto/internal/rand", "\x1b\x0f s=["}, + {"crypto/internal/randutil", "\xfa\x01\x12"}, + {"crypto/internal/sysrand", "tq! \r\r\x01\x01\r\x06"}, + {"crypto/internal/sysrand/internal/seccomp", "t"}, + {"crypto/md5", "\x0e8.\x16\x16i"}, + {"crypto/mlkem", "\x0e%"}, + {"crypto/mlkem/mlkemtest", "3\x13\b&"}, + {"crypto/pbkdf2", "6\x0f\x01.\x16"}, + {"crypto/rand", "\x1b\x0f\x1c\x03+\x86\x01\rN"}, + {"crypto/rc4", "& .\xc9\x01"}, + {"crypto/rsa", "\x0e\r\x01\v\x10\x0e\x01\x03\b\a\x1c\x03\x133=\f\x01"}, + {"crypto/sha1", "\x0e\r+\x02,\x16\x16\x15T"}, + {"crypto/sha256", "\x0e\r\x1dR"}, + {"crypto/sha3", "\x0e+Q\xcb\x01"}, + {"crypto/sha512", "\x0e\r\x1fP"}, + {"crypto/subtle", "\x1f\x1d\x9f\x01z"}, + {"crypto/tls", "\x03\b\x02\x01\x01\x01\x01\x02\x01\x01\x01\x02\x01\x01\x01\t\x01\x18\x01\x0f\x01\x03\x01\x01\x01\x01\x02\x01\x02\x01\x17\x02\x03\x13\x16\x15\b=\x16\x16\r\b\x01\x01\x01\x02\x01\x0e\x06\x02\x01\x0f"}, + {"crypto/tls/internal/fips140tls", "\x17\xaa\x02"}, + {"crypto/x509", "\x03\v\x01\x01\x01\x01\x01\x01\x01\x017\x06\x01\x01\x02\x05\x0e\x06\x02\x02\x03F\x03:\x01\x02\b\x01\x01\x02\a\x10\x05\x01\x06\a\b\x02\x01\x02\x0f\x02\x01\x01\x02\x03\x01"}, + {"crypto/x509/pkix", "j\x06\a\x90\x01H"}, + {"database/sql", "\x03\nQ\x16\x03\x83\x01\v\a\"\x05\b\x02\x03\x01\x0e\x02\x02\x02"}, + {"database/sql/driver", "\rg\x03\xb7\x01\x0f\x12"}, + {"debug/buildinfo", "\x03^\x02\x01\x01\b\a\x03g\x1a\x02\x01+\x0f "}, + {"debug/dwarf", "\x03j\a\x03\x83\x011\x11\x01\x01"}, + {"debug/elf", "\x03\x06W\r\a\x03g\x1b\x01\f \x17\x01\x17"}, + {"debug/gosym", "\x03j\n$\xa1\x01\x01\x01\x02"}, + {"debug/macho", "\x03\x06W\r\ng\x1c,\x17\x01"}, + {"debug/pe", "\x03\x06W\r\a\x03g\x1c,\x17\x01\x17"}, + {"debug/plan9obj", "m\a\x03g\x1c,"}, + {"embed", "t+B\x19\x01T"}, {"embed/internal/embedtest", ""}, {"encoding", ""}, - {"encoding/ascii85", "\xf1\x01C"}, - {"encoding/asn1", "\x03k\x03\x8c\x01\x01'\r\x02\x01\x10\x03\x01"}, - {"encoding/base32", "\xf1\x01A\x02"}, - {"encoding/base64", "\x99\x01XA\x02"}, - {"encoding/binary", "n\x83\x01\f(\r\x05"}, - {"encoding/csv", "\x02\x01k\x03\x80\x01D\x12\x02"}, - {"encoding/gob", "\x02`\x05\a\x03e\x1b\v\x01\x03\x1d\b\x12\x01\x0f\x02"}, - {"encoding/hex", "n\x03\x80\x01A\x03"}, - {"encoding/json", "\x03\x01^\x04\b\x03\x80\x01\f(\r\x02\x01\x02\x10\x01\x01\x02"}, - {"encoding/pem", "\x03c\b\x83\x01A\x03"}, - {"encoding/xml", "\x02\x01_\f\x03\x80\x014\x05\n\x01\x02\x10\x02"}, - {"errors", "\xca\x01\x81\x01"}, - {"expvar", "kK?\b\v\x15\r\b\x02\x03\x01\x11"}, - {"flag", "b\f\x03\x80\x01,\b\x05\b\x02\x01\x10"}, - {"fmt", "nE>\f \b\r\x02\x03\x12"}, - {"go/ast", "\x03\x01m\x0e\x01q\x03)\b\r\x02\x01"}, - {"go/build", "\x02\x01k\x03\x01\x02\x02\a\x02\x01\x17\x1f\x04\x02\t\x19\x13\x01+\x01\x04\x01\a\b\x02\x01\x12\x02\x02"}, - {"go/build/constraint", "n\xc6\x01\x01\x12\x02"}, - {"go/constant", "q\x0f}\x01\x024\x01\x02\x12"}, - {"go/doc", "\x04m\x01\x05\t>31\x10\x02\x01\x12\x02"}, - {"go/doc/comment", "\x03n\xc1\x01\x01\x01\x01\x12\x02"}, - {"go/format", "\x03n\x01\v\x01\x02qD"}, - {"go/importer", "s\a\x01\x01\x04\x01p9"}, - {"go/internal/gccgoimporter", "\x02\x01X\x13\x03\x04\v\x01n\x02,\x01\x05\x11\x01\f\b"}, - {"go/internal/gcimporter", "\x02o\x0f\x010\x05\x0e-,\x15\x03\x02"}, - {"go/internal/srcimporter", "q\x01\x01\n\x03\x01p,\x01\x05\x12\x02\x14"}, - {"go/parser", "\x03k\x03\x01\x02\v\x01q\x01+\x06\x12"}, - {"go/printer", "q\x01\x02\x03\tq\f \x15\x02\x01\x02\v\x05\x02"}, - {"go/scanner", "\x03n\x0fq2\x10\x01\x13\x02"}, - {"go/token", "\x04m\x83\x01>\x02\x03\x01\x0f\x02"}, - {"go/types", "\x03\x01\x06d\x03\x01\x03\b\x03\x02\x15\x1f\x061\x04\x03\t \x06\a\b\x01\x01\x01\x02\x01\x0f\x02\x02"}, - {"go/version", "\xbb\x01z"}, - {"hash", "\xf1\x01"}, - {"hash/adler32", "n\x15\x16"}, - {"hash/crc32", "n\x15\x16\x15\x89\x01\x01\x13"}, - {"hash/crc64", "n\x15\x16\x9e\x01"}, - {"hash/fnv", "n\x15\x16g"}, - {"hash/maphash", "\x83\x01\x11!\x03\x93\x01"}, - {"html", "\xb5\x02\x02\x12"}, - {"html/template", "\x03h\x06\x18-;\x01\n!\x05\x01\x02\x03\f\x01\x02\f\x01\x03\x02"}, - {"image", "\x02l\x1ee\x0f4\x03\x01"}, + {"encoding/ascii85", "\xfa\x01C"}, + {"encoding/asn1", "\x03q\x03g(\x01'\r\x02\x01\x11\x03\x01"}, + {"encoding/base32", "\xfa\x01A\x02"}, + {"encoding/base64", "\xa0\x01ZA\x02"}, + {"encoding/binary", "t\x86\x01\f(\r\x05"}, + {"encoding/csv", "\x02\x01q\x03\x83\x01D\x13\x02"}, + {"encoding/gob", "\x02f\x05\a\x03g\x1c\v\x01\x03\x1d\b\x12\x01\x10\x02"}, + {"encoding/hex", "t\x03\x83\x01A\x03"}, + {"encoding/json", "\x03\x01d\x04\b\x03\x83\x01\f(\r\x02\x01\x02\x11\x01\x01\x02"}, + {"encoding/pem", "\x03i\b\x86\x01A\x03"}, + {"encoding/xml", "\x02\x01e\f\x03\x83\x014\x05\n\x01\x02\x11\x02"}, + {"errors", "\xd0\x01\x85\x01"}, + {"expvar", "qLA\b\v\x15\r\b\x02\x03\x01\x12"}, + {"flag", "h\f\x03\x83\x01,\b\x05\b\x02\x01\x11"}, + {"fmt", "tF'\x19\f \b\r\x02\x03\x13"}, + {"go/ast", "\x03\x01s\x0f\x01s\x03)\b\r\x02\x01\x13\x02"}, + {"go/build", "\x02\x01q\x03\x01\x02\x02\b\x02\x01\x17\x1f\x04\x02\b\x1c\x13\x01+\x01\x04\x01\a\b\x02\x01\x13\x02\x02"}, + {"go/build/constraint", "t\xc9\x01\x01\x13\x02"}, + {"go/constant", "w\x10\x7f\x01\x024\x01\x02\x13"}, + {"go/doc", "\x04s\x01\x05\n=61\x10\x02\x01\x13\x02"}, + {"go/doc/comment", "\x03t\xc4\x01\x01\x01\x01\x13\x02"}, + {"go/format", "\x03t\x01\f\x01\x02sD"}, + {"go/importer", "y\a\x01\x02\x04\x01r9"}, + {"go/internal/gccgoimporter", "\x02\x01^\x13\x03\x04\f\x01p\x02,\x01\x05\x11\x01\r\b"}, + {"go/internal/gcimporter", "\x02u\x10\x010\x05\r0,\x15\x03\x02"}, + {"go/internal/scannerhooks", "\x87\x01"}, + {"go/internal/srcimporter", "w\x01\x01\v\x03\x01r,\x01\x05\x12\x02\x15"}, + {"go/parser", "\x03q\x03\x01\x02\b\x04\x01s\x01+\x06\x12"}, + {"go/printer", "w\x01\x02\x03\ns\f \x15\x02\x01\x02\f\x05\x02"}, + {"go/scanner", "\x03t\v\x05s2\x10\x01\x14\x02"}, + {"go/token", "\x04s\x86\x01>\x02\x03\x01\x10\x02"}, + {"go/types", "\x03\x01\x06j\x03\x01\x03\t\x03\x024\x063\x04\x03\t \x06\a\b\x01\x01\x01\x02\x01\x10\x02\x02"}, + {"go/version", "\xc2\x01|"}, + {"hash", "\xfa\x01"}, + {"hash/adler32", "t\x16\x16"}, + {"hash/crc32", "t\x16\x16\x15\x8b\x01\x01\x14"}, + {"hash/crc64", "t\x16\x16\xa0\x01"}, + {"hash/fnv", "t\x16\x16i"}, + {"hash/maphash", "\x8a\x01\x11<~"}, + {"html", "\xbe\x02\x02\x13"}, + {"html/template", "\x03n\x06\x19-=\x01\n!\x05\x01\x02\x03\f\x01\x02\r\x01\x03\x02"}, + {"image", "\x02r\x1fg\x0f4\x03\x01"}, {"image/color", ""}, - {"image/color/palette", "\x8c\x01"}, - {"image/draw", "\x8b\x01\x01\x04"}, - {"image/gif", "\x02\x01\x05f\x03\x1a\x01\x01\x01\vX"}, - {"image/internal/imageutil", "\x8b\x01"}, - {"image/jpeg", "\x02l\x1d\x01\x04a"}, - {"image/png", "\x02\a^\n\x12\x02\x06\x01eC"}, - {"index/suffixarray", "\x03d\a\x83\x01\f+\n\x01"}, - {"internal/abi", "\xb5\x01\x96\x01"}, - {"internal/asan", "\xcb\x02"}, - {"internal/bisect", "\xaa\x02\r\x01"}, - {"internal/buildcfg", "qGe\x06\x02\x05\n\x01"}, - {"internal/bytealg", "\xae\x01\x9d\x01"}, + {"image/color/palette", "\x93\x01"}, + {"image/draw", "\x92\x01\x01\x04"}, + {"image/gif", "\x02\x01\x05l\x03\x1b\x01\x01\x01\vZ\x0f"}, + {"image/internal/imageutil", "\x92\x01"}, + {"image/jpeg", "\x02r\x1e\x01\x04c"}, + {"image/png", "\x02\ad\n\x13\x02\x06\x01gC"}, + {"index/suffixarray", "\x03j\a\x86\x01\f+\n\x01"}, + {"internal/abi", "\xbc\x01\x99\x01"}, + {"internal/asan", "\xd5\x02"}, + {"internal/bisect", "\xb3\x02\r\x01"}, + {"internal/buildcfg", "wHg\x06\x02\x05\n\x01"}, + {"internal/bytealg", "\xb5\x01\xa0\x01"}, {"internal/byteorder", ""}, {"internal/cfg", ""}, - {"internal/cgrouptest", "q[Q\x06\x0f\x02\x01\x04\x01"}, - {"internal/chacha8rand", "\x99\x01\x15\a\x96\x01"}, + {"internal/cgrouptest", "w[T\x06\x0f\x02\x01\x04\x01"}, + {"internal/chacha8rand", "\xa0\x01\x15\a\x99\x01"}, {"internal/copyright", ""}, {"internal/coverage", ""}, {"internal/coverage/calloc", ""}, - {"internal/coverage/cfile", "k\x06\x16\x17\x01\x02\x01\x01\x01\x01\x01\x01\x01#\x02$,\x06\a\n\x01\x03\r\x06"}, - {"internal/coverage/cformat", "\x04m-\x04O\v6\x01\x02\r"}, - {"internal/coverage/cmerge", "q-_"}, - {"internal/coverage/decodecounter", "g\n-\v\x02F,\x17\x17"}, - {"internal/coverage/decodemeta", "\x02e\n\x16\x17\v\x02F,"}, - {"internal/coverage/encodecounter", "\x02e\n-\f\x01\x02D\v!\x15"}, - {"internal/coverage/encodemeta", "\x02\x01d\n\x12\x04\x17\r\x02D,."}, - {"internal/coverage/pods", "\x04m-\x7f\x06\x05\n\x02\x01"}, - {"internal/coverage/rtcov", "\xcb\x02"}, - {"internal/coverage/slicereader", "g\n\x80\x01Z"}, - {"internal/coverage/slicewriter", "q\x80\x01"}, - {"internal/coverage/stringtab", "q8\x04D"}, + {"internal/coverage/cfile", "q\x06\x17\x17\x01\x02\x01\x01\x01\x01\x01\x01\x01\"\x02',\x06\a\n\x01\x03\x0e\x06"}, + {"internal/coverage/cformat", "\x04s.\x04Q\v6\x01\x02\x0e"}, + {"internal/coverage/cmerge", "w.a"}, + {"internal/coverage/decodecounter", "m\n.\v\x02H,\x17\x18"}, + {"internal/coverage/decodemeta", "\x02k\n\x17\x17\v\x02H,"}, + {"internal/coverage/encodecounter", "\x02k\n.\f\x01\x02F\v!\x15"}, + {"internal/coverage/encodemeta", "\x02\x01j\n\x13\x04\x17\r\x02F,/"}, + {"internal/coverage/pods", "\x04s.\x81\x01\x06\x05\n\x02\x01"}, + {"internal/coverage/rtcov", "\xd5\x02"}, + {"internal/coverage/slicereader", "m\n\x83\x01["}, + {"internal/coverage/slicewriter", "w\x83\x01"}, + {"internal/coverage/stringtab", "w9\x04F"}, {"internal/coverage/test", ""}, {"internal/coverage/uleb128", ""}, - {"internal/cpu", "\xcb\x02"}, - {"internal/dag", "\x04m\xc1\x01\x03"}, - {"internal/diff", "\x03n\xc2\x01\x02"}, - {"internal/exportdata", "\x02\x01k\x03\x02c\x1b,\x01\x05\x11\x01\x02"}, - {"internal/filepathlite", "n*@\x1a@"}, - {"internal/fmtsort", "\x04\xa1\x02\r"}, - {"internal/fuzz", "\x03\nB\x18\x04\x03\x03\x01\v\x036;\f\x03\x1d\x01\x05\x02\x05\n\x01\x02\x01\x01\f\x04\x02"}, + {"internal/cpu", "\xd5\x02"}, + {"internal/dag", "\x04s\xc4\x01\x03"}, + {"internal/diff", "\x03t\xc5\x01\x02"}, + {"internal/exportdata", "\x02\x01q\x03\x02e\x1c,\x01\x05\x11\x01\x02"}, + {"internal/filepathlite", "t+B\x1a@"}, + {"internal/fmtsort", "\x04\xaa\x02\r"}, + {"internal/fuzz", "\x03\nH\x18\x04\x03\x03\x01\f\x036=\f\x03\x1d\x01\x05\x02\x05\n\x01\x02\x01\x01\r\x04\x02"}, {"internal/goarch", ""}, - {"internal/godebug", "\x96\x01!\x80\x01\x01\x13"}, + {"internal/godebug", "\x9d\x01!\x82\x01\x01\x14"}, {"internal/godebugs", ""}, {"internal/goexperiment", ""}, {"internal/goos", ""}, - {"internal/goroot", "\x9d\x02\x01\x05\x12\x02"}, + {"internal/goroot", "\xa6\x02\x01\x05\x12\x02"}, {"internal/gover", "\x04"}, {"internal/goversion", ""}, - {"internal/itoa", ""}, - {"internal/lazyregexp", "\x9d\x02\v\r\x02"}, - {"internal/lazytemplate", "\xf1\x01,\x18\x02\f"}, - {"internal/msan", "\xcb\x02"}, + {"internal/lazyregexp", "\xa6\x02\v\r\x02"}, + {"internal/lazytemplate", "\xfa\x01,\x18\x02\r"}, + {"internal/msan", "\xd5\x02"}, {"internal/nettrace", ""}, - {"internal/obscuretestdata", "f\x8b\x01,"}, - {"internal/oserror", "n"}, - {"internal/pkgbits", "\x03L\x18\a\x03\x04\vq\r\x1f\r\n\x01"}, + {"internal/obscuretestdata", "l\x8e\x01,"}, + {"internal/oserror", "t"}, + {"internal/pkgbits", "\x03R\x18\a\x03\x04\fs\r\x1f\r\n\x01"}, {"internal/platform", ""}, - {"internal/poll", "nO\x1f\x159\r\x01\x01\f\x06"}, - {"internal/profile", "\x03\x04g\x03\x80\x017\v\x01\x01\x10"}, + {"internal/poll", "tl\x05\x159\r\x01\x01\r\x06"}, + {"internal/profile", "\x03\x04m\x03\x83\x017\n\x01\x01\x01\x11"}, {"internal/profilerecord", ""}, - {"internal/race", "\x94\x01\xb7\x01"}, - {"internal/reflectlite", "\x94\x01!9\b\x13\x01\a\x03E;\x01\x03\a\x01\x03\x02\x02\x01\x02\x06\x02\x01\x01\n\x01\x01\x05\x01\x02\x05\b\x01\x01\x01\x02\x01\r\x02\x02\x02\b\x01\x01\x01"}, - {"net/http/cgi", "\x02Q\x1b\x03\x80\x01\x04\a\v\x01\x13\x01\x01\x01\x04\x01\x05\x02\b\x02\x01\x10\x0e"}, - {"net/http/cookiejar", "\x04j\x03\x96\x01\x01\b\f\x16\x03\x02\x0e\x04"}, - {"net/http/fcgi", "\x02\x01\nZ\a\x03\x80\x01\x16\x01\x01\x14\x18\x02\x0e"}, - {"net/http/httptest", "\x02\x01\nF\x02\x1b\x01\x80\x01\x04\x12\x01\n\t\x02\x17\x01\x02\x0e\x0e"}, - {"net/http/httptrace", "\rFnF\x14\n "}, - {"net/http/httputil", "\x02\x01\na\x03\x80\x01\x04\x0f\x03\x01\x05\x02\x01\v\x01\x19\x02\x0e\x0e"}, - {"net/http/internal", "\x02\x01k\x03\x80\x01"}, - {"net/http/internal/ascii", "\xb5\x02\x12"}, - {"net/http/internal/httpcommon", "\ra\x03\x9c\x01\x0e\x01\x17\x01\x01\x02\x1c\x02"}, - {"net/http/internal/testcert", "\xb5\x02"}, - {"net/http/pprof", "\x02\x01\nd\x18-\x11*\x04\x13\x14\x01\r\x04\x03\x01\x02\x01\x10"}, + {"log/slog/internal/benchmarks", "\rg\x03\x83\x01\x06\x03:\x12"}, + {"log/slog/internal/buffer", "\xc0\x02"}, + {"log/syslog", "t\x03\x87\x01\x12\x16\x18\x02\x0f"}, + {"maps", "\xfd\x01X"}, + {"math", "\xb5\x01TL"}, + {"math/big", "\x03q\x03)\x15E\f\x03\x020\x02\x01\x02\x15"}, + {"math/big/internal/asmgen", "\x03\x01s\x92\x012\x03"}, + {"math/bits", "\xd5\x02"}, + {"math/cmplx", "\x86\x02\x03"}, + {"math/rand", "\xbd\x01I:\x01\x14"}, + {"math/rand/v2", "t,\x03c\x03L"}, + {"mime", "\x02\x01i\b\x03\x83\x01\v!\x15\x03\x02\x11\x02"}, + {"mime/multipart", "\x02\x01N#\x03F=\v\x01\a\x02\x15\x02\x06\x0f\x02\x01\x17"}, + {"mime/quotedprintable", "\x02\x01t\x83\x01"}, + {"net", "\x04\tg+\x1e\n\x05\x13\x01\x01\x04\x15\x01%\x06\r\b\x05\x01\x01\r\x06\a"}, + {"net/http", "\x02\x01\x03\x01\x04\x02D\b\x13\x01\a\x03F=\x01\x03\a\x01\x03\x02\x02\x01\x02\x06\x02\x01\x01\n\x01\x01\x05\x01\x02\x05\b\x01\x01\x01\x02\x01\x0e\x02\x02\x02\b\x01\x01\x01"}, + {"net/http/cgi", "\x02W\x1b\x03\x83\x01\x04\a\v\x01\x13\x01\x01\x01\x04\x01\x05\x02\b\x02\x01\x11\x0e"}, + {"net/http/cookiejar", "\x04p\x03\x99\x01\x01\b\a\x05\x16\x03\x02\x0f\x04"}, + {"net/http/fcgi", "\x02\x01\n`\a\x03\x83\x01\x16\x01\x01\x14\x18\x02\x0f"}, + {"net/http/httptest", "\x02\x01\nL\x02\x1b\x01\x83\x01\x04\x12\x01\n\t\x02\x17\x01\x02\x0f\x0e"}, + {"net/http/httptrace", "\rLnI\x14\n!"}, + {"net/http/httputil", "\x02\x01\ng\x03\x83\x01\x04\x0f\x03\x01\x05\x02\x01\v\x01\x19\x02\x01\x0e\x0e"}, + {"net/http/internal", "\x02\x01q\x03\x83\x01"}, + {"net/http/internal/ascii", "\xbe\x02\x13"}, + {"net/http/internal/httpcommon", "\rg\x03\x9f\x01\x0e\x01\x17\x01\x01\x02\x1d\x02"}, + {"net/http/internal/testcert", "\xbe\x02"}, + {"net/http/pprof", "\x02\x01\nj\x19-\x02\x0e-\x04\x13\x14\x01\r\x04\x03\x01\x02\x01\x11"}, {"net/internal/cgotest", ""}, - {"net/internal/socktest", "q\xc6\x01\x02"}, - {"net/mail", "\x02l\x03\x80\x01\x04\x0f\x03\x14\x1a\x02\x0e\x04"}, - {"net/netip", "\x04j*\x01$@\x034\x16"}, - {"net/rpc", "\x02g\x05\x03\x0f\ng\x04\x12\x01\x1d\r\x03\x02"}, - {"net/rpc/jsonrpc", "k\x03\x03\x80\x01\x16\x11\x1f"}, - {"net/smtp", "\x19/\v\x13\b\x03\x80\x01\x16\x14\x1a"}, - {"net/textproto", "\x02\x01k\x03\x80\x01\f\n-\x01\x02\x14"}, - {"net/url", "n\x03\x8b\x01&\x10\x02\x01\x16"}, - {"os", "n*\x01\x19\x03\b\t\x12\x03\x01\x05\x10\x018\b\x05\x01\x01\f\x06"}, - {"os/exec", "\x03\naH%\x01\x15\x01+\x06\a\n\x01\x04\f"}, - {"os/exec/internal/fdtest", "\xb9\x02"}, - {"os/signal", "\r\x90\x02\x15\x05\x02"}, - {"os/user", "\x02\x01k\x03\x80\x01,\r\n\x01\x02"}, - {"path", "n*\xb1\x01"}, - {"path/filepath", "n*\x1a@+\r\b\x03\x04\x10"}, - {"plugin", "n"}, - {"reflect", "n&\x04\x1d\b\f\x06\x04\x1b\x06\t-\n\x03\x10\x02\x02"}, + {"net/internal/socktest", "w\xc9\x01\x02"}, + {"net/mail", "\x02r\x03\x83\x01\x04\x0f\x03\x14\x1a\x02\x0f\x04"}, + {"net/netip", "\x04p+\x01f\x034\x17"}, + {"net/rpc", "\x02m\x05\x03\x10\ni\x04\x12\x01\x1d\r\x03\x02"}, + {"net/rpc/jsonrpc", "q\x03\x03\x83\x01\x16\x11\x1f"}, + {"net/smtp", "\x194\f\x13\b\x03\x83\x01\x16\x14\x1a"}, + {"net/textproto", "\x02\x01q\x03\x83\x01\f\n-\x01\x02\x15"}, + {"net/url", "t\x03Fc\v\x10\x02\x01\x17"}, + {"os", "t+\x01\x19\x03\x10\x14\x01\x03\x01\x05\x10\x018\b\x05\x01\x01\r\x06"}, + {"os/exec", "\x03\ngI'\x01\x15\x01+\x06\a\n\x01\x04\r"}, + {"os/exec/internal/fdtest", "\xc2\x02"}, + {"os/signal", "\r\x99\x02\x15\x05\x02"}, + {"os/user", "\x02\x01q\x03\x83\x01,\r\n\x01\x02"}, + {"path", "t+\xb4\x01"}, + {"path/filepath", "t+\x1aB+\r\b\x03\x04\x11"}, + {"plugin", "t"}, + {"reflect", "t'\x04\x1d\x13\b\x04\x05\x17\x06\t-\n\x03\x11\x02\x02"}, {"reflect/internal/example1", ""}, {"reflect/internal/example2", ""}, - {"regexp", "\x03\xee\x018\t\x02\x01\x02\x10\x02"}, - {"regexp/syntax", "\xb2\x02\x01\x01\x01\x02\x10\x02"}, - {"runtime", "\x94\x01\x04\x01\x03\f\x06\a\x02\x01\x01\x0f\x03\x01\x01\x01\x01\x01\x02\x01\x01\x04\x10c"}, - {"runtime/coverage", "\xa0\x01Q"}, - {"runtime/debug", "qUW\r\b\x02\x01\x10\x06"}, - {"runtime/metrics", "\xb7\x01F-!"}, - {"runtime/pprof", "\x02\x01\x01\x03\x06Z\a\x03#4)\f \r\b\x01\x01\x01\x02\x02\t\x03\x06"}, - {"runtime/race", "\xb0\x02"}, + {"regexp", "\x03\xf7\x018\t\x02\x01\x02\x11\x02"}, + {"regexp/syntax", "\xbb\x02\x01\x01\x01\x02\x11\x02"}, + {"runtime", "\x9b\x01\x04\x01\x03\f\x06\a\x02\x01\x01\x0e\x03\x01\x01\x01\x02\x01\x01\x01\x02\x01\x04\x01\x10\x18L"}, + {"runtime/coverage", "\xa7\x01S"}, + {"runtime/debug", "wUZ\r\b\x02\x01\x11\x06"}, + {"runtime/metrics", "\xbe\x01H-\""}, + {"runtime/pprof", "\x02\x01\x01\x03\x06`\a\x03$$\x0f\v!\f \r\b\x01\x01\x01\x02\x02\n\x03\x06"}, + {"runtime/race", "\xb9\x02"}, {"runtime/race/internal/amd64v1", ""}, - {"runtime/trace", "\ra\x03w\t9\b\x05\x01\r\x06"}, - {"slices", "\x04\xf0\x01\fK"}, - {"sort", "\xca\x0162"}, - {"strconv", "n*@%\x03I"}, - {"strings", "n&\x04@\x19\x03\f7\x10\x02\x02"}, + {"runtime/trace", "\rg\x03z\t9\b\x05\x01\x0e\x06"}, + {"slices", "\x04\xf9\x01\fL"}, + {"sort", "\xd0\x0192"}, + {"strconv", "t+A\x01r"}, + {"strings", "t'\x04B\x19\x03\f7\x11\x02\x02"}, {"structs", ""}, - {"sync", "\xc9\x01\x10\x01P\x0e\x13"}, - {"sync/atomic", "\xcb\x02"}, - {"syscall", "n'\x03\x01\x1c\b\x03\x03\x06\vV\b\x05\x01\x13"}, - {"testing", "\x03\na\x02\x01X\x14\x14\f\x05\x1b\x06\x02\x05\x02\x05\x01\x02\x01\x02\x01\r\x02\x02\x02"}, - {"testing/fstest", "n\x03\x80\x01\x01\n&\x10\x03\b\b"}, - {"testing/internal/testdeps", "\x02\v\xa7\x01-\x10,\x03\x05\x03\x06\a\x02\x0e"}, - {"testing/iotest", "\x03k\x03\x80\x01\x04"}, - {"testing/quick", "p\x01\x8c\x01\x05#\x10\x10"}, - {"testing/slogtest", "\ra\x03\x86\x01.\x05\x10\v"}, - {"testing/synctest", "\xda\x01`\x11"}, - {"text/scanner", "\x03n\x80\x01,*\x02"}, - {"text/tabwriter", "q\x80\x01X"}, - {"text/template", "n\x03B>\x01\n \x01\x05\x01\x02\x05\v\x02\r\x03\x02"}, - {"text/template/parse", "\x03n\xb9\x01\n\x01\x12\x02"}, - {"time", "n*\x1e\"(*\r\x02\x12"}, - {"time/tzdata", "n\xcb\x01\x12"}, + {"sync", "\xcf\x01\x13\x01P\x0e\x14"}, + {"sync/atomic", "\xd5\x02"}, + {"syscall", "t(\x03\x01\x1c\n\x03\x06\r\x04S\b\x05\x01\x14"}, + {"testing", "\x03\ng\x02\x01X\x17\x14\f\x05\x1b\x06\x02\x05\x02\x05\x01\x02\x01\x02\x01\x0e\x02\x04"}, + {"testing/cryptotest", "QOZ\x124\x03\x12"}, + {"testing/fstest", "t\x03\x83\x01\x01\n&\x10\x03\t\b"}, + {"testing/internal/testdeps", "\x02\v\xae\x01/\x10,\x03\x05\x03\x06\a\x02\x0f"}, + {"testing/iotest", "\x03q\x03\x83\x01\x04"}, + {"testing/quick", "v\x01\x8f\x01\x05#\x10\x11"}, + {"testing/slogtest", "\rg\x03\x89\x01.\x05\x10\f"}, + {"testing/synctest", "\xe3\x01`\x12"}, + {"text/scanner", "\x03t\x83\x01,+\x02"}, + {"text/tabwriter", "w\x83\x01Y"}, + {"text/template", "t\x03C@\x01\n \x01\x05\x01\x02\x05\v\x02\x0e\x03\x02"}, + {"text/template/parse", "\x03t\xbc\x01\n\x01\x13\x02"}, + {"time", "t+\x1e$(*\r\x02\x13"}, + {"time/tzdata", "t\xce\x01\x13"}, {"unicode", ""}, {"unicode/utf16", ""}, {"unicode/utf8", ""}, - {"unique", "\x94\x01!#\x01Q\r\x01\x13\x12"}, + {"unique", "\x9b\x01!%\x01Q\r\x01\x14\x12"}, {"unsafe", ""}, - {"vendor/golang.org/x/crypto/chacha20", "\x10W\a\x92\x01*&"}, - {"vendor/golang.org/x/crypto/chacha20poly1305", "\x10W\a\xde\x01\x04\x01\a"}, - {"vendor/golang.org/x/crypto/cryptobyte", "d\n\x03\x8d\x01' \n"}, + {"vendor/golang.org/x/crypto/chacha20", "\x10]\a\x95\x01*'"}, + {"vendor/golang.org/x/crypto/chacha20poly1305", "\x10\aV\a\xe2\x01\x04\x01\a"}, + {"vendor/golang.org/x/crypto/cryptobyte", "j\n\x03\x90\x01'!\n"}, {"vendor/golang.org/x/crypto/cryptobyte/asn1", ""}, - {"vendor/golang.org/x/crypto/internal/alias", "\xcb\x02"}, - {"vendor/golang.org/x/crypto/internal/poly1305", "R\x15\x99\x01"}, - {"vendor/golang.org/x/net/dns/dnsmessage", "n"}, - {"vendor/golang.org/x/net/http/httpguts", "\x87\x02\x14\x1a\x14\r"}, - {"vendor/golang.org/x/net/http/httpproxy", "n\x03\x96\x01\x10\x05\x01\x18\x14\r"}, - {"vendor/golang.org/x/net/http2/hpack", "\x03k\x03\x80\x01F"}, - {"vendor/golang.org/x/net/idna", "q\x8c\x018\x14\x10\x02\x01"}, - {"vendor/golang.org/x/net/nettest", "\x03d\a\x03\x80\x01\x11\x05\x16\x01\f\n\x01\x02\x02\x01\v"}, - {"vendor/golang.org/x/sys/cpu", "\x9d\x02\r\n\x01\x16"}, - {"vendor/golang.org/x/text/secure/bidirule", "n\xdb\x01\x11\x01"}, - {"vendor/golang.org/x/text/transform", "\x03k\x83\x01X"}, - {"vendor/golang.org/x/text/unicode/bidi", "\x03\bf\x84\x01>\x16"}, - {"vendor/golang.org/x/text/unicode/norm", "g\n\x80\x01F\x12\x11"}, - {"weak", "\x94\x01\x96\x01!"}, + {"vendor/golang.org/x/crypto/internal/alias", "\xd5\x02"}, + {"vendor/golang.org/x/crypto/internal/poly1305", "X\x15\x9c\x01"}, + {"vendor/golang.org/x/net/dns/dnsmessage", "t\xc7\x01"}, + {"vendor/golang.org/x/net/http/httpguts", "\x90\x02\x14\x1a\x15\r"}, + {"vendor/golang.org/x/net/http/httpproxy", "t\x03\x99\x01\x10\x05\x01\x18\x15\r"}, + {"vendor/golang.org/x/net/http2/hpack", "\x03q\x03\x83\x01F"}, + {"vendor/golang.org/x/net/idna", "w\x8f\x018\x15\x10\x02\x01"}, + {"vendor/golang.org/x/net/nettest", "\x03j\a\x03\x83\x01\x11\x05\x16\x01\f\n\x01\x02\x02\x01\f"}, + {"vendor/golang.org/x/sys/cpu", "\xa6\x02\r\n\x01\x17"}, + {"vendor/golang.org/x/text/secure/bidirule", "t\xdf\x01\x11\x01"}, + {"vendor/golang.org/x/text/transform", "\x03q\x86\x01Y"}, + {"vendor/golang.org/x/text/unicode/bidi", "\x03\bl\x87\x01>\x17"}, + {"vendor/golang.org/x/text/unicode/norm", "m\n\x83\x01F\x13\x11"}, + {"weak", "\x9b\x01\x98\x01\""}, } + +// bootstrap is the list of bootstrap packages extracted from cmd/dist. +var bootstrap = map[string]bool{ + "cmp": true, + "cmd/asm": true, + "cmd/asm/internal/arch": true, + "cmd/asm/internal/asm": true, + "cmd/asm/internal/flags": true, + "cmd/asm/internal/lex": true, + "cmd/cgo": true, + "cmd/compile": true, + "cmd/compile/internal/abi": true, + "cmd/compile/internal/abt": true, + "cmd/compile/internal/amd64": true, + "cmd/compile/internal/arm": true, + "cmd/compile/internal/arm64": true, + "cmd/compile/internal/base": true, + "cmd/compile/internal/bitvec": true, + "cmd/compile/internal/bloop": true, + "cmd/compile/internal/compare": true, + "cmd/compile/internal/coverage": true, + "cmd/compile/internal/deadlocals": true, + "cmd/compile/internal/devirtualize": true, + "cmd/compile/internal/dwarfgen": true, + "cmd/compile/internal/escape": true, + "cmd/compile/internal/gc": true, + "cmd/compile/internal/importer": true, + "cmd/compile/internal/inline": true, + "cmd/compile/internal/inline/inlheur": true, + "cmd/compile/internal/inline/interleaved": true, + "cmd/compile/internal/ir": true, + "cmd/compile/internal/liveness": true, + "cmd/compile/internal/logopt": true, + "cmd/compile/internal/loong64": true, + "cmd/compile/internal/loopvar": true, + "cmd/compile/internal/mips": true, + "cmd/compile/internal/mips64": true, + "cmd/compile/internal/noder": true, + "cmd/compile/internal/objw": true, + "cmd/compile/internal/pgoir": true, + "cmd/compile/internal/pkginit": true, + "cmd/compile/internal/ppc64": true, + "cmd/compile/internal/rangefunc": true, + "cmd/compile/internal/reflectdata": true, + "cmd/compile/internal/riscv64": true, + "cmd/compile/internal/rttype": true, + "cmd/compile/internal/s390x": true, + "cmd/compile/internal/slice": true, + "cmd/compile/internal/ssa": true, + "cmd/compile/internal/ssagen": true, + "cmd/compile/internal/staticdata": true, + "cmd/compile/internal/staticinit": true, + "cmd/compile/internal/syntax": true, + "cmd/compile/internal/test": true, + "cmd/compile/internal/typebits": true, + "cmd/compile/internal/typecheck": true, + "cmd/compile/internal/types": true, + "cmd/compile/internal/types2": true, + "cmd/compile/internal/walk": true, + "cmd/compile/internal/wasm": true, + "cmd/compile/internal/x86": true, + "cmd/internal/archive": true, + "cmd/internal/bio": true, + "cmd/internal/codesign": true, + "cmd/internal/dwarf": true, + "cmd/internal/edit": true, + "cmd/internal/gcprog": true, + "cmd/internal/goobj": true, + "cmd/internal/hash": true, + "cmd/internal/macho": true, + "cmd/internal/obj": true, + "cmd/internal/obj/arm": true, + "cmd/internal/obj/arm64": true, + "cmd/internal/obj/loong64": true, + "cmd/internal/obj/mips": true, + "cmd/internal/obj/ppc64": true, + "cmd/internal/obj/riscv": true, + "cmd/internal/obj/s390x": true, + "cmd/internal/obj/wasm": true, + "cmd/internal/obj/x86": true, + "cmd/internal/objabi": true, + "cmd/internal/par": true, + "cmd/internal/pgo": true, + "cmd/internal/pkgpath": true, + "cmd/internal/quoted": true, + "cmd/internal/src": true, + "cmd/internal/sys": true, + "cmd/internal/telemetry": true, + "cmd/internal/telemetry/counter": true, + "cmd/link": true, + "cmd/link/internal/amd64": true, + "cmd/link/internal/arm": true, + "cmd/link/internal/arm64": true, + "cmd/link/internal/benchmark": true, + "cmd/link/internal/dwtest": true, + "cmd/link/internal/ld": true, + "cmd/link/internal/loadelf": true, + "cmd/link/internal/loader": true, + "cmd/link/internal/loadmacho": true, + "cmd/link/internal/loadpe": true, + "cmd/link/internal/loadxcoff": true, + "cmd/link/internal/loong64": true, + "cmd/link/internal/mips": true, + "cmd/link/internal/mips64": true, + "cmd/link/internal/ppc64": true, + "cmd/link/internal/riscv64": true, + "cmd/link/internal/s390x": true, + "cmd/link/internal/sym": true, + "cmd/link/internal/wasm": true, + "cmd/link/internal/x86": true, + "compress/flate": true, + "compress/zlib": true, + "container/heap": true, + "debug/dwarf": true, + "debug/elf": true, + "debug/macho": true, + "debug/pe": true, + "go/build/constraint": true, + "go/constant": true, + "go/version": true, + "internal/abi": true, + "internal/coverage": true, + "cmd/internal/cov/covcmd": true, + "internal/bisect": true, + "internal/buildcfg": true, + "internal/exportdata": true, + "internal/goarch": true, + "internal/godebugs": true, + "internal/goexperiment": true, + "internal/goroot": true, + "internal/gover": true, + "internal/goversion": true, + "internal/lazyregexp": true, + "internal/pkgbits": true, + "internal/platform": true, + "internal/profile": true, + "internal/race": true, + "internal/runtime/gc": true, + "internal/saferio": true, + "internal/syscall/unix": true, + "internal/types/errors": true, + "internal/unsafeheader": true, + "internal/xcoff": true, + "internal/zstd": true, + "math/bits": true, + "sort": true, +} + +// BootstrapVersion is the minor version of Go used during toolchain +// bootstrapping. Packages for which [IsBootstrapPackage] must not use +// features of Go newer than this version. +const BootstrapVersion = Version(24) // go1.24.6 diff --git a/vendor/golang.org/x/tools/internal/stdlib/import.go b/vendor/golang.org/x/tools/internal/stdlib/import.go index f6909878a8..8ecc672b8b 100644 --- a/vendor/golang.org/x/tools/internal/stdlib/import.go +++ b/vendor/golang.org/x/tools/internal/stdlib/import.go @@ -87,3 +87,11 @@ func find(pkg string) (int, bool) { return strings.Compare(p.name, n) }) } + +// IsBootstrapPackage reports whether pkg is one of the low-level +// packages in the Go distribution that must compile with the older +// language version specified by [BootstrapVersion] during toolchain +// bootstrapping; see golang.org/s/go15bootstrap. +func IsBootstrapPackage(pkg string) bool { + return bootstrap[pkg] +} diff --git a/vendor/golang.org/x/tools/internal/stdlib/manifest.go b/vendor/golang.org/x/tools/internal/stdlib/manifest.go index c1faa50d36..33e4f505f3 100644 --- a/vendor/golang.org/x/tools/internal/stdlib/manifest.go +++ b/vendor/golang.org/x/tools/internal/stdlib/manifest.go @@ -16,6 +16,14 @@ var PackageSymbols = map[string][]Symbol{ {"(*Writer).Flush", Method, 0, ""}, {"(*Writer).Write", Method, 0, ""}, {"(*Writer).WriteHeader", Method, 0, ""}, + {"(FileInfoNames).Gname", Method, 23, ""}, + {"(FileInfoNames).IsDir", Method, 23, ""}, + {"(FileInfoNames).ModTime", Method, 23, ""}, + {"(FileInfoNames).Mode", Method, 23, ""}, + {"(FileInfoNames).Name", Method, 23, ""}, + {"(FileInfoNames).Size", Method, 23, ""}, + {"(FileInfoNames).Sys", Method, 23, ""}, + {"(FileInfoNames).Uname", Method, 23, ""}, {"(Format).String", Method, 10, ""}, {"ErrFieldTooLong", Var, 0, ""}, {"ErrHeader", Var, 0, ""}, @@ -225,6 +233,7 @@ var PackageSymbols = map[string][]Symbol{ {"(*Buffer).Grow", Method, 1, ""}, {"(*Buffer).Len", Method, 0, ""}, {"(*Buffer).Next", Method, 0, ""}, + {"(*Buffer).Peek", Method, 26, ""}, {"(*Buffer).Read", Method, 0, ""}, {"(*Buffer).ReadByte", Method, 0, ""}, {"(*Buffer).ReadBytes", Method, 0, ""}, @@ -337,6 +346,9 @@ var PackageSymbols = map[string][]Symbol{ {"(*Writer).Write", Method, 0, ""}, {"(CorruptInputError).Error", Method, 0, ""}, {"(InternalError).Error", Method, 0, ""}, + {"(Reader).Read", Method, 0, ""}, + {"(Reader).ReadByte", Method, 0, ""}, + {"(Resetter).Reset", Method, 4, ""}, {"BestCompression", Const, 0, ""}, {"BestSpeed", Const, 0, ""}, {"CorruptInputError", Type, 0, ""}, @@ -408,6 +420,7 @@ var PackageSymbols = map[string][]Symbol{ {"(*Writer).Flush", Method, 0, ""}, {"(*Writer).Reset", Method, 2, ""}, {"(*Writer).Write", Method, 0, ""}, + {"(Resetter).Reset", Method, 4, ""}, {"BestCompression", Const, 0, ""}, {"BestSpeed", Const, 0, ""}, {"DefaultCompression", Const, 0, ""}, @@ -425,6 +438,11 @@ var PackageSymbols = map[string][]Symbol{ {"Writer", Type, 0, ""}, }, "container/heap": { + {"(Interface).Len", Method, 0, ""}, + {"(Interface).Less", Method, 0, ""}, + {"(Interface).Pop", Method, 0, ""}, + {"(Interface).Push", Method, 0, ""}, + {"(Interface).Swap", Method, 0, ""}, {"Fix", Func, 2, "func(h Interface, i int)"}, {"Init", Func, 0, "func(h Interface)"}, {"Interface", Type, 0, ""}, @@ -468,6 +486,10 @@ var PackageSymbols = map[string][]Symbol{ {"Ring.Value", Field, 0, ""}, }, "context": { + {"(Context).Deadline", Method, 7, ""}, + {"(Context).Done", Method, 7, ""}, + {"(Context).Err", Method, 7, ""}, + {"(Context).Value", Method, 7, ""}, {"AfterFunc", Func, 21, "func(ctx Context, f func()) (stop func() bool)"}, {"Background", Func, 7, "func() Context"}, {"CancelCauseFunc", Type, 20, ""}, @@ -487,17 +509,31 @@ var PackageSymbols = map[string][]Symbol{ {"WithoutCancel", Func, 21, "func(parent Context) Context"}, }, "crypto": { + {"(Decapsulator).Decapsulate", Method, 26, ""}, + {"(Decapsulator).Encapsulator", Method, 26, ""}, + {"(Decrypter).Decrypt", Method, 5, ""}, + {"(Decrypter).Public", Method, 5, ""}, + {"(Encapsulator).Bytes", Method, 26, ""}, + {"(Encapsulator).Encapsulate", Method, 26, ""}, {"(Hash).Available", Method, 0, ""}, {"(Hash).HashFunc", Method, 4, ""}, {"(Hash).New", Method, 0, ""}, {"(Hash).Size", Method, 0, ""}, {"(Hash).String", Method, 15, ""}, + {"(MessageSigner).Public", Method, 25, ""}, + {"(MessageSigner).Sign", Method, 25, ""}, + {"(MessageSigner).SignMessage", Method, 25, ""}, + {"(Signer).Public", Method, 4, ""}, + {"(Signer).Sign", Method, 4, ""}, + {"(SignerOpts).HashFunc", Method, 4, ""}, {"BLAKE2b_256", Const, 9, ""}, {"BLAKE2b_384", Const, 9, ""}, {"BLAKE2b_512", Const, 9, ""}, {"BLAKE2s_256", Const, 9, ""}, + {"Decapsulator", Type, 26, ""}, {"Decrypter", Type, 5, ""}, {"DecrypterOpts", Type, 5, ""}, + {"Encapsulator", Type, 26, ""}, {"Hash", Type, 0, ""}, {"MD4", Const, 0, ""}, {"MD5", Const, 0, ""}, @@ -529,6 +565,16 @@ var PackageSymbols = map[string][]Symbol{ {"NewCipher", Func, 0, "func(key []byte) (cipher.Block, error)"}, }, "crypto/cipher": { + {"(AEAD).NonceSize", Method, 2, ""}, + {"(AEAD).Open", Method, 2, ""}, + {"(AEAD).Overhead", Method, 2, ""}, + {"(AEAD).Seal", Method, 2, ""}, + {"(Block).BlockSize", Method, 0, ""}, + {"(Block).Decrypt", Method, 0, ""}, + {"(Block).Encrypt", Method, 0, ""}, + {"(BlockMode).BlockSize", Method, 0, ""}, + {"(BlockMode).CryptBlocks", Method, 0, ""}, + {"(Stream).XORKeyStream", Method, 0, ""}, {"(StreamReader).Read", Method, 0, ""}, {"(StreamWriter).Close", Method, 0, ""}, {"(StreamWriter).Write", Method, 0, ""}, @@ -580,7 +626,7 @@ var PackageSymbols = map[string][]Symbol{ {"PublicKey", Type, 0, ""}, {"PublicKey.Parameters", Field, 0, ""}, {"PublicKey.Y", Field, 0, ""}, - {"Sign", Func, 0, "func(rand io.Reader, priv *PrivateKey, hash []byte) (r *big.Int, s *big.Int, err error)"}, + {"Sign", Func, 0, "func(random io.Reader, priv *PrivateKey, hash []byte) (r *big.Int, s *big.Int, err error)"}, {"Verify", Func, 0, "func(pub *PublicKey, hash []byte, r *big.Int, s *big.Int) bool"}, }, "crypto/ecdh": { @@ -593,7 +639,13 @@ var PackageSymbols = map[string][]Symbol{ {"(*PublicKey).Bytes", Method, 20, ""}, {"(*PublicKey).Curve", Method, 20, ""}, {"(*PublicKey).Equal", Method, 20, ""}, - {"Curve", Type, 20, ""}, + {"(Curve).GenerateKey", Method, 20, ""}, + {"(Curve).NewPrivateKey", Method, 20, ""}, + {"(Curve).NewPublicKey", Method, 20, ""}, + {"(KeyExchanger).Curve", Method, 26, ""}, + {"(KeyExchanger).ECDH", Method, 26, ""}, + {"(KeyExchanger).PublicKey", Method, 26, ""}, + {"KeyExchanger", Type, 26, ""}, {"P256", Func, 20, "func() Curve"}, {"P384", Func, 20, "func() Curve"}, {"P521", Func, 20, "func() Curve"}, @@ -622,7 +674,7 @@ var PackageSymbols = map[string][]Symbol{ {"(PublicKey).Params", Method, 0, ""}, {"(PublicKey).ScalarBaseMult", Method, 0, ""}, {"(PublicKey).ScalarMult", Method, 0, ""}, - {"GenerateKey", Func, 0, "func(c elliptic.Curve, rand io.Reader) (*PrivateKey, error)"}, + {"GenerateKey", Func, 0, "func(c elliptic.Curve, r io.Reader) (*PrivateKey, error)"}, {"ParseRawPrivateKey", Func, 25, "func(curve elliptic.Curve, data []byte) (*PrivateKey, error)"}, {"ParseUncompressedPublicKey", Func, 25, "func(curve elliptic.Curve, data []byte) (*PublicKey, error)"}, {"PrivateKey", Type, 0, ""}, @@ -633,7 +685,7 @@ var PackageSymbols = map[string][]Symbol{ {"PublicKey.X", Field, 0, ""}, {"PublicKey.Y", Field, 0, ""}, {"Sign", Func, 0, "func(rand io.Reader, priv *PrivateKey, hash []byte) (r *big.Int, s *big.Int, err error)"}, - {"SignASN1", Func, 15, "func(rand io.Reader, priv *PrivateKey, hash []byte) ([]byte, error)"}, + {"SignASN1", Func, 15, "func(r io.Reader, priv *PrivateKey, hash []byte) ([]byte, error)"}, {"Verify", Func, 0, "func(pub *PublicKey, hash []byte, r *big.Int, s *big.Int) bool"}, {"VerifyASN1", Func, 15, "func(pub *PublicKey, hash []byte, sig []byte) bool"}, }, @@ -644,7 +696,7 @@ var PackageSymbols = map[string][]Symbol{ {"(PrivateKey).Seed", Method, 13, ""}, {"(PrivateKey).Sign", Method, 13, ""}, {"(PublicKey).Equal", Method, 15, ""}, - {"GenerateKey", Func, 13, "func(rand io.Reader) (PublicKey, PrivateKey, error)"}, + {"GenerateKey", Func, 13, "func(random io.Reader) (PublicKey, PrivateKey, error)"}, {"NewKeyFromSeed", Func, 13, "func(seed []byte) PrivateKey"}, {"Options", Type, 20, ""}, {"Options.Context", Field, 20, ""}, @@ -666,6 +718,12 @@ var PackageSymbols = map[string][]Symbol{ {"(*CurveParams).Params", Method, 0, ""}, {"(*CurveParams).ScalarBaseMult", Method, 0, ""}, {"(*CurveParams).ScalarMult", Method, 0, ""}, + {"(Curve).Add", Method, 0, ""}, + {"(Curve).Double", Method, 0, ""}, + {"(Curve).IsOnCurve", Method, 0, ""}, + {"(Curve).Params", Method, 0, ""}, + {"(Curve).ScalarBaseMult", Method, 0, ""}, + {"(Curve).ScalarMult", Method, 0, ""}, {"Curve", Type, 0, ""}, {"CurveParams", Type, 0, ""}, {"CurveParams.B", Field, 0, ""}, @@ -687,6 +745,9 @@ var PackageSymbols = map[string][]Symbol{ }, "crypto/fips140": { {"Enabled", Func, 24, "func() bool"}, + {"Enforced", Func, 26, "func() bool"}, + {"Version", Func, 26, "func() string"}, + {"WithoutEnforcement", Func, 26, "func(f func())"}, }, "crypto/hkdf": { {"Expand", Func, 24, "func[H hash.Hash](h func() H, pseudorandomKey []byte, info string, keyLength int) ([]byte, error)"}, @@ -697,6 +758,54 @@ var PackageSymbols = map[string][]Symbol{ {"Equal", Func, 1, "func(mac1 []byte, mac2 []byte) bool"}, {"New", Func, 0, "func(h func() hash.Hash, key []byte) hash.Hash"}, }, + "crypto/hpke": { + {"(*Recipient).Export", Method, 26, ""}, + {"(*Recipient).Open", Method, 26, ""}, + {"(*Sender).Export", Method, 26, ""}, + {"(*Sender).Seal", Method, 26, ""}, + {"(AEAD).ID", Method, 26, ""}, + {"(KDF).ID", Method, 26, ""}, + {"(KEM).DeriveKeyPair", Method, 26, ""}, + {"(KEM).GenerateKey", Method, 26, ""}, + {"(KEM).ID", Method, 26, ""}, + {"(KEM).NewPrivateKey", Method, 26, ""}, + {"(KEM).NewPublicKey", Method, 26, ""}, + {"(PrivateKey).Bytes", Method, 26, ""}, + {"(PrivateKey).KEM", Method, 26, ""}, + {"(PrivateKey).PublicKey", Method, 26, ""}, + {"(PublicKey).Bytes", Method, 26, ""}, + {"(PublicKey).KEM", Method, 26, ""}, + {"AES128GCM", Func, 26, "func() AEAD"}, + {"AES256GCM", Func, 26, "func() AEAD"}, + {"ChaCha20Poly1305", Func, 26, "func() AEAD"}, + {"DHKEM", Func, 26, "func(curve ecdh.Curve) KEM"}, + {"ExportOnly", Func, 26, "func() AEAD"}, + {"HKDFSHA256", Func, 26, "func() KDF"}, + {"HKDFSHA384", Func, 26, "func() KDF"}, + {"HKDFSHA512", Func, 26, "func() KDF"}, + {"MLKEM1024", Func, 26, "func() KEM"}, + {"MLKEM1024P384", Func, 26, "func() KEM"}, + {"MLKEM768", Func, 26, "func() KEM"}, + {"MLKEM768P256", Func, 26, "func() KEM"}, + {"MLKEM768X25519", Func, 26, "func() KEM"}, + {"NewAEAD", Func, 26, "func(id uint16) (AEAD, error)"}, + {"NewDHKEMPrivateKey", Func, 26, "func(priv ecdh.KeyExchanger) (PrivateKey, error)"}, + {"NewDHKEMPublicKey", Func, 26, "func(pub *ecdh.PublicKey) (PublicKey, error)"}, + {"NewHybridPrivateKey", Func, 26, "func(pq crypto.Decapsulator, t ecdh.KeyExchanger) (PrivateKey, error)"}, + {"NewHybridPublicKey", Func, 26, "func(pq crypto.Encapsulator, t *ecdh.PublicKey) (PublicKey, error)"}, + {"NewKDF", Func, 26, "func(id uint16) (KDF, error)"}, + {"NewKEM", Func, 26, "func(id uint16) (KEM, error)"}, + {"NewMLKEMPrivateKey", Func, 26, "func(priv crypto.Decapsulator) (PrivateKey, error)"}, + {"NewMLKEMPublicKey", Func, 26, "func(pub crypto.Encapsulator) (PublicKey, error)"}, + {"NewRecipient", Func, 26, "func(enc []byte, k PrivateKey, kdf KDF, aead AEAD, info []byte) (*Recipient, error)"}, + {"NewSender", Func, 26, "func(pk PublicKey, kdf KDF, aead AEAD, info []byte) (enc []byte, s *Sender, err error)"}, + {"Open", Func, 26, "func(k PrivateKey, kdf KDF, aead AEAD, info []byte, ciphertext []byte) ([]byte, error)"}, + {"Recipient", Type, 26, ""}, + {"SHAKE128", Func, 26, "func() KDF"}, + {"SHAKE256", Func, 26, "func() KDF"}, + {"Seal", Func, 26, "func(pk PublicKey, kdf KDF, aead AEAD, info []byte, plaintext []byte) ([]byte, error)"}, + {"Sender", Type, 26, ""}, + }, "crypto/md5": { {"BlockSize", Const, 0, ""}, {"New", Func, 0, "func() hash.Hash"}, @@ -707,9 +816,11 @@ var PackageSymbols = map[string][]Symbol{ {"(*DecapsulationKey1024).Bytes", Method, 24, ""}, {"(*DecapsulationKey1024).Decapsulate", Method, 24, ""}, {"(*DecapsulationKey1024).EncapsulationKey", Method, 24, ""}, + {"(*DecapsulationKey1024).Encapsulator", Method, 26, ""}, {"(*DecapsulationKey768).Bytes", Method, 24, ""}, {"(*DecapsulationKey768).Decapsulate", Method, 24, ""}, {"(*DecapsulationKey768).EncapsulationKey", Method, 24, ""}, + {"(*DecapsulationKey768).Encapsulator", Method, 26, ""}, {"(*EncapsulationKey1024).Bytes", Method, 24, ""}, {"(*EncapsulationKey1024).Encapsulate", Method, 24, ""}, {"(*EncapsulationKey768).Bytes", Method, 24, ""}, @@ -731,12 +842,16 @@ var PackageSymbols = map[string][]Symbol{ {"SeedSize", Const, 24, ""}, {"SharedKeySize", Const, 24, ""}, }, + "crypto/mlkem/mlkemtest": { + {"Encapsulate1024", Func, 26, "func(ek *mlkem.EncapsulationKey1024, random []byte) (sharedKey []byte, ciphertext []byte, err error)"}, + {"Encapsulate768", Func, 26, "func(ek *mlkem.EncapsulationKey768, random []byte) (sharedKey []byte, ciphertext []byte, err error)"}, + }, "crypto/pbkdf2": { {"Key", Func, 24, "func[Hash hash.Hash](h func() Hash, password string, salt []byte, iter int, keyLength int) ([]byte, error)"}, }, "crypto/rand": { {"Int", Func, 0, "func(rand io.Reader, max *big.Int) (n *big.Int, err error)"}, - {"Prime", Func, 0, "func(rand io.Reader, bits int) (*big.Int, error)"}, + {"Prime", Func, 0, "func(r io.Reader, bits int) (*big.Int, error)"}, {"Read", Func, 0, "func(b []byte) (n int, err error)"}, {"Reader", Var, 0, ""}, {"Text", Func, 24, "func() string"}, @@ -768,6 +883,7 @@ var PackageSymbols = map[string][]Symbol{ {"DecryptPKCS1v15", Func, 0, "func(random io.Reader, priv *PrivateKey, ciphertext []byte) ([]byte, error)"}, {"DecryptPKCS1v15SessionKey", Func, 0, "func(random io.Reader, priv *PrivateKey, ciphertext []byte, key []byte) error"}, {"EncryptOAEP", Func, 0, "func(hash hash.Hash, random io.Reader, pub *PublicKey, msg []byte, label []byte) ([]byte, error)"}, + {"EncryptOAEPWithOptions", Func, 26, "func(random io.Reader, pub *PublicKey, msg []byte, opts *OAEPOptions) ([]byte, error)"}, {"EncryptPKCS1v15", Func, 0, "func(random io.Reader, pub *PublicKey, msg []byte) ([]byte, error)"}, {"ErrDecryption", Var, 0, ""}, {"ErrMessageTooLong", Var, 0, ""}, @@ -799,7 +915,7 @@ var PackageSymbols = map[string][]Symbol{ {"PublicKey.E", Field, 0, ""}, {"PublicKey.N", Field, 0, ""}, {"SignPKCS1v15", Func, 0, "func(random io.Reader, priv *PrivateKey, hash crypto.Hash, hashed []byte) ([]byte, error)"}, - {"SignPSS", Func, 2, "func(rand io.Reader, priv *PrivateKey, hash crypto.Hash, digest []byte, opts *PSSOptions) ([]byte, error)"}, + {"SignPSS", Func, 2, "func(random io.Reader, priv *PrivateKey, hash crypto.Hash, digest []byte, opts *PSSOptions) ([]byte, error)"}, {"VerifyPKCS1v15", Func, 0, "func(pub *PublicKey, hash crypto.Hash, hashed []byte, sig []byte) error"}, {"VerifyPSS", Func, 2, "func(pub *PublicKey, hash crypto.Hash, digest []byte, sig []byte, opts *PSSOptions) error"}, }, @@ -920,6 +1036,8 @@ var PackageSymbols = map[string][]Symbol{ {"(*SessionState).Bytes", Method, 21, ""}, {"(AlertError).Error", Method, 21, ""}, {"(ClientAuthType).String", Method, 15, ""}, + {"(ClientSessionCache).Get", Method, 3, ""}, + {"(ClientSessionCache).Put", Method, 3, ""}, {"(CurveID).String", Method, 15, ""}, {"(QUICEncryptionLevel).String", Method, 21, ""}, {"(RecordHeaderError).Error", Method, 6, ""}, @@ -952,6 +1070,7 @@ var PackageSymbols = map[string][]Symbol{ {"ClientHelloInfo.CipherSuites", Field, 4, ""}, {"ClientHelloInfo.Conn", Field, 8, ""}, {"ClientHelloInfo.Extensions", Field, 24, ""}, + {"ClientHelloInfo.HelloRetryRequest", Field, 26, ""}, {"ClientHelloInfo.ServerName", Field, 4, ""}, {"ClientHelloInfo.SignatureSchemes", Field, 8, ""}, {"ClientHelloInfo.SupportedCurves", Field, 4, ""}, @@ -1000,6 +1119,7 @@ var PackageSymbols = map[string][]Symbol{ {"ConnectionState.DidResume", Field, 1, ""}, {"ConnectionState.ECHAccepted", Field, 23, ""}, {"ConnectionState.HandshakeComplete", Field, 0, ""}, + {"ConnectionState.HelloRetryRequest", Field, 26, ""}, {"ConnectionState.NegotiatedProtocol", Field, 0, ""}, {"ConnectionState.NegotiatedProtocolIsMutual", Field, 0, ""}, {"ConnectionState.OCSPResponse", Field, 5, ""}, @@ -1054,8 +1174,10 @@ var PackageSymbols = map[string][]Symbol{ {"QUICEncryptionLevelEarly", Const, 21, ""}, {"QUICEncryptionLevelHandshake", Const, 21, ""}, {"QUICEncryptionLevelInitial", Const, 21, ""}, + {"QUICErrorEvent", Const, 26, ""}, {"QUICEvent", Type, 21, ""}, {"QUICEvent.Data", Field, 21, ""}, + {"QUICEvent.Err", Field, 26, ""}, {"QUICEvent.Kind", Field, 21, ""}, {"QUICEvent.Level", Field, 21, ""}, {"QUICEvent.SessionState", Field, 23, ""}, @@ -1086,6 +1208,8 @@ var PackageSymbols = map[string][]Symbol{ {"RequestClientCert", Const, 0, ""}, {"RequireAndVerifyClientCert", Const, 0, ""}, {"RequireAnyClientCert", Const, 0, ""}, + {"SecP256r1MLKEM768", Const, 26, ""}, + {"SecP384r1MLKEM1024", Const, 26, ""}, {"Server", Func, 0, "func(conn net.Conn, config *Config) *Conn"}, {"SessionState", Type, 21, ""}, {"SessionState.EarlyData", Field, 21, ""}, @@ -1150,8 +1274,11 @@ var PackageSymbols = map[string][]Symbol{ {"(*RevocationList).CheckSignatureFrom", Method, 19, ""}, {"(CertificateInvalidError).Error", Method, 0, ""}, {"(ConstraintViolationError).Error", Method, 0, ""}, + {"(ExtKeyUsage).OID", Method, 26, ""}, + {"(ExtKeyUsage).String", Method, 26, ""}, {"(HostnameError).Error", Method, 0, ""}, {"(InsecureAlgorithmError).Error", Method, 6, ""}, + {"(KeyUsage).String", Method, 26, ""}, {"(OID).AppendBinary", Method, 24, ""}, {"(OID).AppendText", Method, 24, ""}, {"(OID).Equal", Method, 22, ""}, @@ -1306,6 +1433,7 @@ var PackageSymbols = map[string][]Symbol{ {"NoValidChains", Const, 24, ""}, {"NotAuthorizedToSign", Const, 0, ""}, {"OID", Type, 22, ""}, + {"OIDFromASN1OID", Func, 26, "func(asn1OID asn1.ObjectIdentifier) (OID, error)"}, {"OIDFromInts", Func, 22, "func(oid []uint64) (OID, error)"}, {"PEMCipher", Type, 1, ""}, {"PEMCipher3DES", Const, 1, ""}, @@ -1515,6 +1643,9 @@ var PackageSymbols = map[string][]Symbol{ {"(NullInt64).Value", Method, 0, ""}, {"(NullString).Value", Method, 0, ""}, {"(NullTime).Value", Method, 13, ""}, + {"(Result).LastInsertId", Method, 0, ""}, + {"(Result).RowsAffected", Method, 0, ""}, + {"(Scanner).Scan", Method, 0, ""}, {"ColumnType", Type, 8, ""}, {"Conn", Type, 9, ""}, {"DB", Type, 0, ""}, @@ -1546,8 +1677,6 @@ var PackageSymbols = map[string][]Symbol{ {"NamedArg.Name", Field, 8, ""}, {"NamedArg.Value", Field, 8, ""}, {"Null", Type, 22, ""}, - {"Null.V", Field, 22, ""}, - {"Null.Valid", Field, 22, ""}, {"NullBool", Type, 0, ""}, {"NullBool.Bool", Field, 0, ""}, {"NullBool.Valid", Field, 0, ""}, @@ -1590,10 +1719,68 @@ var PackageSymbols = map[string][]Symbol{ {"TxOptions.ReadOnly", Field, 8, ""}, }, "database/sql/driver": { + {"(ColumnConverter).ColumnConverter", Method, 0, ""}, + {"(Conn).Begin", Method, 0, ""}, + {"(Conn).Close", Method, 0, ""}, + {"(Conn).Prepare", Method, 0, ""}, + {"(ConnBeginTx).BeginTx", Method, 8, ""}, + {"(ConnPrepareContext).PrepareContext", Method, 8, ""}, + {"(Connector).Connect", Method, 10, ""}, + {"(Connector).Driver", Method, 10, ""}, + {"(Driver).Open", Method, 0, ""}, + {"(DriverContext).OpenConnector", Method, 10, ""}, + {"(Execer).Exec", Method, 0, ""}, + {"(ExecerContext).ExecContext", Method, 8, ""}, + {"(NamedValueChecker).CheckNamedValue", Method, 9, ""}, {"(NotNull).ConvertValue", Method, 0, ""}, {"(Null).ConvertValue", Method, 0, ""}, + {"(Pinger).Ping", Method, 8, ""}, + {"(Queryer).Query", Method, 1, ""}, + {"(QueryerContext).QueryContext", Method, 8, ""}, + {"(Result).LastInsertId", Method, 0, ""}, + {"(Result).RowsAffected", Method, 0, ""}, + {"(Rows).Close", Method, 0, ""}, + {"(Rows).Columns", Method, 0, ""}, + {"(Rows).Next", Method, 0, ""}, {"(RowsAffected).LastInsertId", Method, 0, ""}, {"(RowsAffected).RowsAffected", Method, 0, ""}, + {"(RowsColumnTypeDatabaseTypeName).Close", Method, 8, ""}, + {"(RowsColumnTypeDatabaseTypeName).ColumnTypeDatabaseTypeName", Method, 8, ""}, + {"(RowsColumnTypeDatabaseTypeName).Columns", Method, 8, ""}, + {"(RowsColumnTypeDatabaseTypeName).Next", Method, 8, ""}, + {"(RowsColumnTypeLength).Close", Method, 8, ""}, + {"(RowsColumnTypeLength).ColumnTypeLength", Method, 8, ""}, + {"(RowsColumnTypeLength).Columns", Method, 8, ""}, + {"(RowsColumnTypeLength).Next", Method, 8, ""}, + {"(RowsColumnTypeNullable).Close", Method, 8, ""}, + {"(RowsColumnTypeNullable).ColumnTypeNullable", Method, 8, ""}, + {"(RowsColumnTypeNullable).Columns", Method, 8, ""}, + {"(RowsColumnTypeNullable).Next", Method, 8, ""}, + {"(RowsColumnTypePrecisionScale).Close", Method, 8, ""}, + {"(RowsColumnTypePrecisionScale).ColumnTypePrecisionScale", Method, 8, ""}, + {"(RowsColumnTypePrecisionScale).Columns", Method, 8, ""}, + {"(RowsColumnTypePrecisionScale).Next", Method, 8, ""}, + {"(RowsColumnTypeScanType).Close", Method, 8, ""}, + {"(RowsColumnTypeScanType).ColumnTypeScanType", Method, 8, ""}, + {"(RowsColumnTypeScanType).Columns", Method, 8, ""}, + {"(RowsColumnTypeScanType).Next", Method, 8, ""}, + {"(RowsNextResultSet).Close", Method, 8, ""}, + {"(RowsNextResultSet).Columns", Method, 8, ""}, + {"(RowsNextResultSet).HasNextResultSet", Method, 8, ""}, + {"(RowsNextResultSet).Next", Method, 8, ""}, + {"(RowsNextResultSet).NextResultSet", Method, 8, ""}, + {"(SessionResetter).ResetSession", Method, 10, ""}, + {"(Stmt).Close", Method, 0, ""}, + {"(Stmt).Exec", Method, 0, ""}, + {"(Stmt).NumInput", Method, 0, ""}, + {"(Stmt).Query", Method, 0, ""}, + {"(StmtExecContext).ExecContext", Method, 8, ""}, + {"(StmtQueryContext).QueryContext", Method, 8, ""}, + {"(Tx).Commit", Method, 0, ""}, + {"(Tx).Rollback", Method, 0, ""}, + {"(Validator).IsValid", Method, 15, ""}, + {"(ValueConverter).ConvertValue", Method, 0, ""}, + {"(Valuer).Value", Method, 0, ""}, {"Bool", Var, 0, ""}, {"ColumnConverter", Type, 0, ""}, {"Conn", Type, 0, ""}, @@ -1754,6 +1941,9 @@ var PackageSymbols = map[string][]Symbol{ {"(DecodeError).Error", Method, 0, ""}, {"(Tag).GoString", Method, 0, ""}, {"(Tag).String", Method, 0, ""}, + {"(Type).Common", Method, 0, ""}, + {"(Type).Size", Method, 0, ""}, + {"(Type).String", Method, 0, ""}, {"AddrType", Type, 0, ""}, {"AddrType.BasicType", Field, 0, ""}, {"ArrayType", Type, 0, ""}, @@ -3161,6 +3351,7 @@ var PackageSymbols = map[string][]Symbol{ {"R_LARCH_B16", Const, 20, ""}, {"R_LARCH_B21", Const, 20, ""}, {"R_LARCH_B26", Const, 20, ""}, + {"R_LARCH_CALL36", Const, 26, ""}, {"R_LARCH_CFA", Const, 22, ""}, {"R_LARCH_COPY", Const, 19, ""}, {"R_LARCH_DELETE", Const, 22, ""}, @@ -3218,11 +3409,25 @@ var PackageSymbols = map[string][]Symbol{ {"R_LARCH_SUB64", Const, 19, ""}, {"R_LARCH_SUB8", Const, 19, ""}, {"R_LARCH_SUB_ULEB128", Const, 22, ""}, + {"R_LARCH_TLS_DESC32", Const, 26, ""}, + {"R_LARCH_TLS_DESC64", Const, 26, ""}, + {"R_LARCH_TLS_DESC64_HI12", Const, 26, ""}, + {"R_LARCH_TLS_DESC64_LO20", Const, 26, ""}, + {"R_LARCH_TLS_DESC64_PC_HI12", Const, 26, ""}, + {"R_LARCH_TLS_DESC64_PC_LO20", Const, 26, ""}, + {"R_LARCH_TLS_DESC_CALL", Const, 26, ""}, + {"R_LARCH_TLS_DESC_HI20", Const, 26, ""}, + {"R_LARCH_TLS_DESC_LD", Const, 26, ""}, + {"R_LARCH_TLS_DESC_LO12", Const, 26, ""}, + {"R_LARCH_TLS_DESC_PCREL20_S2", Const, 26, ""}, + {"R_LARCH_TLS_DESC_PC_HI20", Const, 26, ""}, + {"R_LARCH_TLS_DESC_PC_LO12", Const, 26, ""}, {"R_LARCH_TLS_DTPMOD32", Const, 19, ""}, {"R_LARCH_TLS_DTPMOD64", Const, 19, ""}, {"R_LARCH_TLS_DTPREL32", Const, 19, ""}, {"R_LARCH_TLS_DTPREL64", Const, 19, ""}, {"R_LARCH_TLS_GD_HI20", Const, 20, ""}, + {"R_LARCH_TLS_GD_PCREL20_S2", Const, 26, ""}, {"R_LARCH_TLS_GD_PC_HI20", Const, 20, ""}, {"R_LARCH_TLS_IE64_HI12", Const, 20, ""}, {"R_LARCH_TLS_IE64_LO20", Const, 20, ""}, @@ -3233,11 +3438,15 @@ var PackageSymbols = map[string][]Symbol{ {"R_LARCH_TLS_IE_PC_HI20", Const, 20, ""}, {"R_LARCH_TLS_IE_PC_LO12", Const, 20, ""}, {"R_LARCH_TLS_LD_HI20", Const, 20, ""}, + {"R_LARCH_TLS_LD_PCREL20_S2", Const, 26, ""}, {"R_LARCH_TLS_LD_PC_HI20", Const, 20, ""}, {"R_LARCH_TLS_LE64_HI12", Const, 20, ""}, {"R_LARCH_TLS_LE64_LO20", Const, 20, ""}, + {"R_LARCH_TLS_LE_ADD_R", Const, 26, ""}, {"R_LARCH_TLS_LE_HI20", Const, 20, ""}, + {"R_LARCH_TLS_LE_HI20_R", Const, 26, ""}, {"R_LARCH_TLS_LE_LO12", Const, 20, ""}, + {"R_LARCH_TLS_LE_LO12_R", Const, 26, ""}, {"R_LARCH_TLS_TPREL32", Const, 19, ""}, {"R_LARCH_TLS_TPREL64", Const, 19, ""}, {"R_MIPS", Type, 6, ""}, @@ -3942,6 +4151,7 @@ var PackageSymbols = map[string][]Symbol{ {"(FatArch).ImportedSymbols", Method, 3, ""}, {"(FatArch).Section", Method, 3, ""}, {"(FatArch).Segment", Method, 3, ""}, + {"(Load).Raw", Method, 0, ""}, {"(LoadBytes).Raw", Method, 0, ""}, {"(LoadCmd).GoString", Method, 0, ""}, {"(LoadCmd).String", Method, 0, ""}, @@ -4588,6 +4798,12 @@ var PackageSymbols = map[string][]Symbol{ {"FS", Type, 16, ""}, }, "encoding": { + {"(BinaryAppender).AppendBinary", Method, 24, ""}, + {"(BinaryMarshaler).MarshalBinary", Method, 2, ""}, + {"(BinaryUnmarshaler).UnmarshalBinary", Method, 2, ""}, + {"(TextAppender).AppendText", Method, 24, ""}, + {"(TextMarshaler).MarshalText", Method, 2, ""}, + {"(TextUnmarshaler).UnmarshalText", Method, 2, ""}, {"BinaryAppender", Type, 24, ""}, {"BinaryMarshaler", Type, 2, ""}, {"BinaryUnmarshaler", Type, 2, ""}, @@ -4703,6 +4919,17 @@ var PackageSymbols = map[string][]Symbol{ {"URLEncoding", Var, 0, ""}, }, "encoding/binary": { + {"(AppendByteOrder).AppendUint16", Method, 19, ""}, + {"(AppendByteOrder).AppendUint32", Method, 19, ""}, + {"(AppendByteOrder).AppendUint64", Method, 19, ""}, + {"(AppendByteOrder).String", Method, 19, ""}, + {"(ByteOrder).PutUint16", Method, 0, ""}, + {"(ByteOrder).PutUint32", Method, 0, ""}, + {"(ByteOrder).PutUint64", Method, 0, ""}, + {"(ByteOrder).String", Method, 0, ""}, + {"(ByteOrder).Uint16", Method, 0, ""}, + {"(ByteOrder).Uint32", Method, 0, ""}, + {"(ByteOrder).Uint64", Method, 0, ""}, {"Append", Func, 23, "func(buf []byte, order ByteOrder, data any) ([]byte, error)"}, {"AppendByteOrder", Type, 19, ""}, {"AppendUvarint", Func, 19, "func(buf []byte, x uint64) []byte"}, @@ -4765,6 +4992,8 @@ var PackageSymbols = map[string][]Symbol{ {"(*Decoder).DecodeValue", Method, 0, ""}, {"(*Encoder).Encode", Method, 0, ""}, {"(*Encoder).EncodeValue", Method, 0, ""}, + {"(GobDecoder).GobDecode", Method, 0, ""}, + {"(GobEncoder).GobEncode", Method, 0, ""}, {"CommonType", Type, 0, ""}, {"CommonType.Id", Field, 0, ""}, {"CommonType.Name", Field, 0, ""}, @@ -4817,10 +5046,12 @@ var PackageSymbols = map[string][]Symbol{ {"(*UnsupportedTypeError).Error", Method, 0, ""}, {"(*UnsupportedValueError).Error", Method, 0, ""}, {"(Delim).String", Method, 5, ""}, + {"(Marshaler).MarshalJSON", Method, 0, ""}, {"(Number).Float64", Method, 1, ""}, {"(Number).Int64", Method, 1, ""}, {"(Number).String", Method, 1, ""}, {"(RawMessage).MarshalJSON", Method, 8, ""}, + {"(Unmarshaler).UnmarshalJSON", Method, 0, ""}, {"Compact", Func, 0, "func(dst *bytes.Buffer, src []byte) error"}, {"Decoder", Type, 0, ""}, {"Delim", Type, 5, ""}, @@ -4892,10 +5123,15 @@ var PackageSymbols = map[string][]Symbol{ {"(CharData).Copy", Method, 0, ""}, {"(Comment).Copy", Method, 0, ""}, {"(Directive).Copy", Method, 0, ""}, + {"(Marshaler).MarshalXML", Method, 2, ""}, + {"(MarshalerAttr).MarshalXMLAttr", Method, 2, ""}, {"(ProcInst).Copy", Method, 0, ""}, {"(StartElement).Copy", Method, 0, ""}, {"(StartElement).End", Method, 2, ""}, + {"(TokenReader).Token", Method, 10, ""}, {"(UnmarshalError).Error", Method, 0, ""}, + {"(Unmarshaler).UnmarshalXML", Method, 2, ""}, + {"(UnmarshalerAttr).UnmarshalXMLAttr", Method, 2, ""}, {"Attr", Type, 0, ""}, {"Attr.Name", Field, 0, ""}, {"Attr.Value", Field, 0, ""}, @@ -4953,6 +5189,7 @@ var PackageSymbols = map[string][]Symbol{ }, "errors": { {"As", Func, 13, "func(err error, target any) bool"}, + {"AsType", Func, 26, "func[E error](err error) (E, bool)"}, {"ErrUnsupported", Var, 21, ""}, {"Is", Func, 13, "func(err error, target error) bool"}, {"Join", Func, 20, "func(errs ...error) error"}, @@ -4981,6 +5218,7 @@ var PackageSymbols = map[string][]Symbol{ {"(*String).Value", Method, 8, ""}, {"(Func).String", Method, 0, ""}, {"(Func).Value", Method, 8, ""}, + {"(Var).String", Method, 0, ""}, {"Do", Func, 0, "func(f func(KeyValue))"}, {"Float", Type, 0, ""}, {"Func", Type, 0, ""}, @@ -5036,6 +5274,11 @@ var PackageSymbols = map[string][]Symbol{ {"(*FlagSet).Var", Method, 0, ""}, {"(*FlagSet).Visit", Method, 0, ""}, {"(*FlagSet).VisitAll", Method, 0, ""}, + {"(Getter).Get", Method, 2, ""}, + {"(Getter).Set", Method, 2, ""}, + {"(Getter).String", Method, 2, ""}, + {"(Value).Set", Method, 0, ""}, + {"(Value).String", Method, 0, ""}, {"Arg", Func, 0, "func(i int) string"}, {"Args", Func, 0, "func() []string"}, {"Bool", Func, 0, "func(name string, value bool, usage string) *bool"}, @@ -5087,10 +5330,24 @@ var PackageSymbols = map[string][]Symbol{ {"VisitAll", Func, 0, "func(fn func(*Flag))"}, }, "fmt": { + {"(Formatter).Format", Method, 0, ""}, + {"(GoStringer).GoString", Method, 0, ""}, + {"(ScanState).Read", Method, 0, ""}, + {"(ScanState).ReadRune", Method, 0, ""}, + {"(ScanState).SkipSpace", Method, 0, ""}, + {"(ScanState).Token", Method, 0, ""}, + {"(ScanState).UnreadRune", Method, 0, ""}, + {"(ScanState).Width", Method, 0, ""}, + {"(Scanner).Scan", Method, 0, ""}, + {"(State).Flag", Method, 0, ""}, + {"(State).Precision", Method, 0, ""}, + {"(State).Width", Method, 0, ""}, + {"(State).Write", Method, 0, ""}, + {"(Stringer).String", Method, 0, ""}, {"Append", Func, 19, "func(b []byte, a ...any) []byte"}, {"Appendf", Func, 19, "func(b []byte, format string, a ...any) []byte"}, {"Appendln", Func, 19, "func(b []byte, a ...any) []byte"}, - {"Errorf", Func, 0, "func(format string, a ...any) error"}, + {"Errorf", Func, 0, "func(format string, a ...any) (err error)"}, {"FormatString", Func, 20, "func(state State, verb rune) string"}, {"Formatter", Type, 0, ""}, {"Fprint", Func, 0, "func(w io.Writer, a ...any) (n int, err error)"}, @@ -5155,6 +5412,9 @@ var PackageSymbols = map[string][]Symbol{ {"(*DeclStmt).Pos", Method, 0, ""}, {"(*DeferStmt).End", Method, 0, ""}, {"(*DeferStmt).Pos", Method, 0, ""}, + {"(*Directive).End", Method, 26, ""}, + {"(*Directive).ParseArgs", Method, 26, ""}, + {"(*Directive).Pos", Method, 26, ""}, {"(*Ellipsis).End", Method, 0, ""}, {"(*Ellipsis).Pos", Method, 0, ""}, {"(*EmptyStmt).End", Method, 0, ""}, @@ -5242,7 +5502,18 @@ var PackageSymbols = map[string][]Symbol{ {"(CommentMap).Filter", Method, 1, ""}, {"(CommentMap).String", Method, 1, ""}, {"(CommentMap).Update", Method, 1, ""}, + {"(Decl).End", Method, 0, ""}, + {"(Decl).Pos", Method, 0, ""}, + {"(Expr).End", Method, 0, ""}, + {"(Expr).Pos", Method, 0, ""}, + {"(Node).End", Method, 0, ""}, + {"(Node).Pos", Method, 0, ""}, {"(ObjKind).String", Method, 0, ""}, + {"(Spec).End", Method, 0, ""}, + {"(Spec).Pos", Method, 0, ""}, + {"(Stmt).End", Method, 0, ""}, + {"(Stmt).Pos", Method, 0, ""}, + {"(Visitor).Visit", Method, 0, ""}, {"ArrayType", Type, 0, ""}, {"ArrayType.Elt", Field, 0, ""}, {"ArrayType.Lbrack", Field, 0, ""}, @@ -5265,6 +5536,7 @@ var PackageSymbols = map[string][]Symbol{ {"BasicLit", Type, 0, ""}, {"BasicLit.Kind", Field, 0, ""}, {"BasicLit.Value", Field, 0, ""}, + {"BasicLit.ValueEnd", Field, 26, ""}, {"BasicLit.ValuePos", Field, 0, ""}, {"BinaryExpr", Type, 0, ""}, {"BinaryExpr.Op", Field, 0, ""}, @@ -5314,19 +5586,26 @@ var PackageSymbols = map[string][]Symbol{ {"CompositeLit.Rbrace", Field, 0, ""}, {"CompositeLit.Type", Field, 0, ""}, {"Con", Const, 0, ""}, - {"Decl", Type, 0, ""}, {"DeclStmt", Type, 0, ""}, {"DeclStmt.Decl", Field, 0, ""}, {"DeferStmt", Type, 0, ""}, {"DeferStmt.Call", Field, 0, ""}, {"DeferStmt.Defer", Field, 0, ""}, + {"Directive", Type, 26, ""}, + {"Directive.Args", Field, 26, ""}, + {"Directive.ArgsPos", Field, 26, ""}, + {"Directive.Name", Field, 26, ""}, + {"Directive.Slash", Field, 26, ""}, + {"Directive.Tool", Field, 26, ""}, + {"DirectiveArg", Type, 26, ""}, + {"DirectiveArg.Arg", Field, 26, ""}, + {"DirectiveArg.Pos", Field, 26, ""}, {"Ellipsis", Type, 0, ""}, {"Ellipsis.Ellipsis", Field, 0, ""}, {"Ellipsis.Elt", Field, 0, ""}, {"EmptyStmt", Type, 0, ""}, {"EmptyStmt.Implicit", Field, 5, ""}, {"EmptyStmt.Semicolon", Field, 0, ""}, - {"Expr", Type, 0, ""}, {"ExprStmt", Type, 0, ""}, {"ExprStmt.X", Field, 0, ""}, {"Field", Type, 0, ""}, @@ -5469,6 +5748,7 @@ var PackageSymbols = map[string][]Symbol{ {"ParenExpr.Lparen", Field, 0, ""}, {"ParenExpr.Rparen", Field, 0, ""}, {"ParenExpr.X", Field, 0, ""}, + {"ParseDirective", Func, 26, "func(pos token.Pos, c string) (Directive, bool)"}, {"Pkg", Const, 0, ""}, {"Preorder", Func, 23, "func(root Node) iter.Seq[Node]"}, {"PreorderStack", Func, 25, "func(root Node, stack []Node, f func(n Node, stack []Node) bool)"}, @@ -5509,11 +5789,9 @@ var PackageSymbols = map[string][]Symbol{ {"SliceExpr.Slice3", Field, 2, ""}, {"SliceExpr.X", Field, 0, ""}, {"SortImports", Func, 0, "func(fset *token.FileSet, f *File)"}, - {"Spec", Type, 0, ""}, {"StarExpr", Type, 0, ""}, {"StarExpr.Star", Field, 0, ""}, {"StarExpr.X", Field, 0, ""}, - {"Stmt", Type, 0, ""}, {"StructType", Type, 0, ""}, {"StructType.Fields", Field, 0, ""}, {"StructType.Incomplete", Field, 0, ""}, @@ -5668,10 +5946,11 @@ var PackageSymbols = map[string][]Symbol{ {"(*SyntaxError).Error", Method, 16, ""}, {"(*TagExpr).Eval", Method, 16, ""}, {"(*TagExpr).String", Method, 16, ""}, + {"(Expr).Eval", Method, 16, ""}, + {"(Expr).String", Method, 16, ""}, {"AndExpr", Type, 16, ""}, {"AndExpr.X", Field, 16, ""}, {"AndExpr.Y", Field, 16, ""}, - {"Expr", Type, 16, ""}, {"GoVersion", Func, 21, "func(x Expr) string"}, {"IsGoBuild", Func, 16, "func(line string) bool"}, {"IsPlusBuild", Func, 16, "func(line string) bool"}, @@ -5690,6 +5969,9 @@ var PackageSymbols = map[string][]Symbol{ }, "go/constant": { {"(Kind).String", Method, 18, ""}, + {"(Value).ExactString", Method, 6, ""}, + {"(Value).Kind", Method, 5, ""}, + {"(Value).String", Method, 5, ""}, {"BinaryOp", Func, 5, "func(x_ Value, op token.Token, y_ Value) Value"}, {"BitLen", Func, 5, "func(x Value) int"}, {"Bool", Const, 5, ""}, @@ -5728,7 +6010,6 @@ var PackageSymbols = map[string][]Symbol{ {"UnaryOp", Func, 5, "func(op token.Token, y Value, prec uint) Value"}, {"Unknown", Const, 5, ""}, {"Val", Func, 13, "func(x Value) any"}, - {"Value", Type, 5, ""}, }, "go/doc": { {"(*Package).Filter", Method, 0, ""}, @@ -5812,7 +6093,6 @@ var PackageSymbols = map[string][]Symbol{ {"(*Printer).HTML", Method, 19, ""}, {"(*Printer).Markdown", Method, 19, ""}, {"(*Printer).Text", Method, 19, ""}, - {"Block", Type, 19, ""}, {"Code", Type, 19, ""}, {"Code.Text", Field, 19, ""}, {"DefaultLookupPackage", Func, 19, "func(name string) (importPath string, ok bool)"}, @@ -5857,7 +6137,6 @@ var PackageSymbols = map[string][]Symbol{ {"Printer.TextCodePrefix", Field, 19, ""}, {"Printer.TextPrefix", Field, 19, ""}, {"Printer.TextWidth", Field, 19, ""}, - {"Text", Type, 19, ""}, }, "go/format": { {"Node", Func, 1, "func(dst io.Writer, fset *token.FileSet, node any) error"}, @@ -5929,6 +6208,7 @@ var PackageSymbols = map[string][]Symbol{ {"(*File).AddLineColumnInfo", Method, 11, ""}, {"(*File).AddLineInfo", Method, 0, ""}, {"(*File).Base", Method, 0, ""}, + {"(*File).End", Method, 26, ""}, {"(*File).Line", Method, 0, ""}, {"(*File).LineCount", Method, 0, ""}, {"(*File).LineStart", Method, 12, ""}, @@ -6291,6 +6571,22 @@ var PackageSymbols = map[string][]Symbol{ {"(Checker).PkgNameOf", Method, 22, ""}, {"(Checker).TypeOf", Method, 5, ""}, {"(Error).Error", Method, 5, ""}, + {"(Importer).Import", Method, 5, ""}, + {"(ImporterFrom).Import", Method, 6, ""}, + {"(ImporterFrom).ImportFrom", Method, 6, ""}, + {"(Object).Exported", Method, 5, ""}, + {"(Object).Id", Method, 5, ""}, + {"(Object).Name", Method, 5, ""}, + {"(Object).Parent", Method, 5, ""}, + {"(Object).Pkg", Method, 5, ""}, + {"(Object).Pos", Method, 5, ""}, + {"(Object).String", Method, 5, ""}, + {"(Object).Type", Method, 5, ""}, + {"(Sizes).Alignof", Method, 5, ""}, + {"(Sizes).Offsetsof", Method, 5, ""}, + {"(Sizes).Sizeof", Method, 5, ""}, + {"(Type).String", Method, 5, ""}, + {"(Type).Underlying", Method, 5, ""}, {"(TypeAndValue).Addressable", Method, 5, ""}, {"(TypeAndValue).Assignable", Method, 5, ""}, {"(TypeAndValue).HasOk", Method, 5, ""}, @@ -6429,7 +6725,6 @@ var PackageSymbols = map[string][]Symbol{ {"NewUnion", Func, 18, "func(terms []*Term) *Union"}, {"NewVar", Func, 5, "func(pos token.Pos, pkg *Package, name string, typ Type) *Var"}, {"Nil", Type, 5, ""}, - {"Object", Type, 5, ""}, {"ObjectString", Func, 5, "func(obj Object, qf Qualifier) string"}, {"Package", Type, 5, ""}, {"PackageVar", Const, 25, ""}, @@ -6500,6 +6795,33 @@ var PackageSymbols = map[string][]Symbol{ {"Lang", Func, 22, "func(x string) string"}, }, "hash": { + {"(Cloner).BlockSize", Method, 25, ""}, + {"(Cloner).Clone", Method, 25, ""}, + {"(Cloner).Reset", Method, 25, ""}, + {"(Cloner).Size", Method, 25, ""}, + {"(Cloner).Sum", Method, 25, ""}, + {"(Cloner).Write", Method, 25, ""}, + {"(Hash).BlockSize", Method, 0, ""}, + {"(Hash).Reset", Method, 0, ""}, + {"(Hash).Size", Method, 0, ""}, + {"(Hash).Sum", Method, 0, ""}, + {"(Hash).Write", Method, 0, ""}, + {"(Hash32).BlockSize", Method, 0, ""}, + {"(Hash32).Reset", Method, 0, ""}, + {"(Hash32).Size", Method, 0, ""}, + {"(Hash32).Sum", Method, 0, ""}, + {"(Hash32).Sum32", Method, 0, ""}, + {"(Hash32).Write", Method, 0, ""}, + {"(Hash64).BlockSize", Method, 0, ""}, + {"(Hash64).Reset", Method, 0, ""}, + {"(Hash64).Size", Method, 0, ""}, + {"(Hash64).Sum", Method, 0, ""}, + {"(Hash64).Sum64", Method, 0, ""}, + {"(Hash64).Write", Method, 0, ""}, + {"(XOF).BlockSize", Method, 25, ""}, + {"(XOF).Read", Method, 25, ""}, + {"(XOF).Reset", Method, 25, ""}, + {"(XOF).Write", Method, 25, ""}, {"Cloner", Type, 25, ""}, {"Hash", Type, 0, ""}, {"Hash32", Type, 0, ""}, @@ -6765,6 +7087,13 @@ var PackageSymbols = map[string][]Symbol{ {"(*YCbCr).SubImage", Method, 0, ""}, {"(*YCbCr).YCbCrAt", Method, 4, ""}, {"(*YCbCr).YOffset", Method, 0, ""}, + {"(Image).At", Method, 0, ""}, + {"(Image).Bounds", Method, 0, ""}, + {"(Image).ColorModel", Method, 0, ""}, + {"(PalettedImage).At", Method, 0, ""}, + {"(PalettedImage).Bounds", Method, 0, ""}, + {"(PalettedImage).ColorIndexAt", Method, 0, ""}, + {"(PalettedImage).ColorModel", Method, 0, ""}, {"(Point).Add", Method, 0, ""}, {"(Point).Div", Method, 0, ""}, {"(Point).Eq", Method, 0, ""}, @@ -6773,6 +7102,10 @@ var PackageSymbols = map[string][]Symbol{ {"(Point).Mul", Method, 0, ""}, {"(Point).String", Method, 0, ""}, {"(Point).Sub", Method, 0, ""}, + {"(RGBA64Image).At", Method, 17, ""}, + {"(RGBA64Image).Bounds", Method, 17, ""}, + {"(RGBA64Image).ColorModel", Method, 17, ""}, + {"(RGBA64Image).RGBA64At", Method, 17, ""}, {"(Rectangle).Add", Method, 0, ""}, {"(Rectangle).At", Method, 5, ""}, {"(Rectangle).Bounds", Method, 5, ""}, @@ -6897,8 +7230,10 @@ var PackageSymbols = map[string][]Symbol{ {"(Alpha).RGBA", Method, 0, ""}, {"(Alpha16).RGBA", Method, 0, ""}, {"(CMYK).RGBA", Method, 5, ""}, + {"(Color).RGBA", Method, 0, ""}, {"(Gray).RGBA", Method, 0, ""}, {"(Gray16).RGBA", Method, 0, ""}, + {"(Model).Convert", Method, 0, ""}, {"(NRGBA).RGBA", Method, 0, ""}, {"(NRGBA64).RGBA", Method, 0, ""}, {"(NYCbCrA).RGBA", Method, 6, ""}, @@ -6976,7 +7311,19 @@ var PackageSymbols = map[string][]Symbol{ {"WebSafe", Var, 2, ""}, }, "image/draw": { + {"(Drawer).Draw", Method, 2, ""}, + {"(Image).At", Method, 0, ""}, + {"(Image).Bounds", Method, 0, ""}, + {"(Image).ColorModel", Method, 0, ""}, + {"(Image).Set", Method, 0, ""}, {"(Op).Draw", Method, 2, ""}, + {"(Quantizer).Quantize", Method, 2, ""}, + {"(RGBA64Image).At", Method, 17, ""}, + {"(RGBA64Image).Bounds", Method, 17, ""}, + {"(RGBA64Image).ColorModel", Method, 17, ""}, + {"(RGBA64Image).RGBA64At", Method, 17, ""}, + {"(RGBA64Image).Set", Method, 17, ""}, + {"(RGBA64Image).SetRGBA64", Method, 17, ""}, {"Draw", Func, 0, "func(dst Image, r image.Rectangle, src image.Image, sp image.Point, op Op)"}, {"DrawMask", Func, 0, "func(dst Image, r image.Rectangle, src image.Image, sp image.Point, mask image.Image, mp image.Point, op Op)"}, {"Drawer", Type, 2, ""}, @@ -7011,6 +7358,8 @@ var PackageSymbols = map[string][]Symbol{ }, "image/jpeg": { {"(FormatError).Error", Method, 0, ""}, + {"(Reader).Read", Method, 0, ""}, + {"(Reader).ReadByte", Method, 0, ""}, {"(UnsupportedError).Error", Method, 0, ""}, {"Decode", Func, 0, "func(r io.Reader) (image.Image, error)"}, {"DecodeConfig", Func, 0, "func(r io.Reader) (image.Config, error)"}, @@ -7024,6 +7373,8 @@ var PackageSymbols = map[string][]Symbol{ }, "image/png": { {"(*Encoder).Encode", Method, 4, ""}, + {"(EncoderBufferPool).Get", Method, 9, ""}, + {"(EncoderBufferPool).Put", Method, 9, ""}, {"(FormatError).Error", Method, 0, ""}, {"(UnsupportedError).Error", Method, 0, ""}, {"BestCompression", Const, 4, ""}, @@ -7067,6 +7418,41 @@ var PackageSymbols = map[string][]Symbol{ {"(*SectionReader).ReadAt", Method, 0, ""}, {"(*SectionReader).Seek", Method, 0, ""}, {"(*SectionReader).Size", Method, 0, ""}, + {"(ByteReader).ReadByte", Method, 0, ""}, + {"(ByteScanner).ReadByte", Method, 0, ""}, + {"(ByteScanner).UnreadByte", Method, 0, ""}, + {"(ByteWriter).WriteByte", Method, 1, ""}, + {"(Closer).Close", Method, 0, ""}, + {"(ReadCloser).Close", Method, 0, ""}, + {"(ReadCloser).Read", Method, 0, ""}, + {"(ReadSeekCloser).Close", Method, 16, ""}, + {"(ReadSeekCloser).Read", Method, 16, ""}, + {"(ReadSeekCloser).Seek", Method, 16, ""}, + {"(ReadSeeker).Read", Method, 0, ""}, + {"(ReadSeeker).Seek", Method, 0, ""}, + {"(ReadWriteCloser).Close", Method, 0, ""}, + {"(ReadWriteCloser).Read", Method, 0, ""}, + {"(ReadWriteCloser).Write", Method, 0, ""}, + {"(ReadWriteSeeker).Read", Method, 0, ""}, + {"(ReadWriteSeeker).Seek", Method, 0, ""}, + {"(ReadWriteSeeker).Write", Method, 0, ""}, + {"(ReadWriter).Read", Method, 0, ""}, + {"(ReadWriter).Write", Method, 0, ""}, + {"(Reader).Read", Method, 0, ""}, + {"(ReaderAt).ReadAt", Method, 0, ""}, + {"(ReaderFrom).ReadFrom", Method, 0, ""}, + {"(RuneReader).ReadRune", Method, 0, ""}, + {"(RuneScanner).ReadRune", Method, 0, ""}, + {"(RuneScanner).UnreadRune", Method, 0, ""}, + {"(Seeker).Seek", Method, 0, ""}, + {"(StringWriter).WriteString", Method, 12, ""}, + {"(WriteCloser).Close", Method, 0, ""}, + {"(WriteCloser).Write", Method, 0, ""}, + {"(WriteSeeker).Seek", Method, 0, ""}, + {"(WriteSeeker).Write", Method, 0, ""}, + {"(Writer).Write", Method, 0, ""}, + {"(WriterAt).WriteAt", Method, 0, ""}, + {"(WriterTo).WriteTo", Method, 0, ""}, {"ByteReader", Type, 0, ""}, {"ByteScanner", Type, 0, ""}, {"ByteWriter", Type, 1, ""}, @@ -7126,11 +7512,42 @@ var PackageSymbols = map[string][]Symbol{ {"(*PathError).Error", Method, 16, ""}, {"(*PathError).Timeout", Method, 16, ""}, {"(*PathError).Unwrap", Method, 16, ""}, + {"(DirEntry).Info", Method, 16, ""}, + {"(DirEntry).IsDir", Method, 16, ""}, + {"(DirEntry).Name", Method, 16, ""}, + {"(DirEntry).Type", Method, 16, ""}, + {"(FS).Open", Method, 16, ""}, + {"(File).Close", Method, 16, ""}, + {"(File).Read", Method, 16, ""}, + {"(File).Stat", Method, 16, ""}, + {"(FileInfo).IsDir", Method, 16, ""}, + {"(FileInfo).ModTime", Method, 16, ""}, + {"(FileInfo).Mode", Method, 16, ""}, + {"(FileInfo).Name", Method, 16, ""}, + {"(FileInfo).Size", Method, 16, ""}, + {"(FileInfo).Sys", Method, 16, ""}, {"(FileMode).IsDir", Method, 16, ""}, {"(FileMode).IsRegular", Method, 16, ""}, {"(FileMode).Perm", Method, 16, ""}, {"(FileMode).String", Method, 16, ""}, {"(FileMode).Type", Method, 16, ""}, + {"(GlobFS).Glob", Method, 16, ""}, + {"(GlobFS).Open", Method, 16, ""}, + {"(ReadDirFS).Open", Method, 16, ""}, + {"(ReadDirFS).ReadDir", Method, 16, ""}, + {"(ReadDirFile).Close", Method, 16, ""}, + {"(ReadDirFile).Read", Method, 16, ""}, + {"(ReadDirFile).ReadDir", Method, 16, ""}, + {"(ReadDirFile).Stat", Method, 16, ""}, + {"(ReadFileFS).Open", Method, 16, ""}, + {"(ReadFileFS).ReadFile", Method, 16, ""}, + {"(ReadLinkFS).Lstat", Method, 25, ""}, + {"(ReadLinkFS).Open", Method, 25, ""}, + {"(ReadLinkFS).ReadLink", Method, 25, ""}, + {"(StatFS).Open", Method, 16, ""}, + {"(StatFS).Stat", Method, 16, ""}, + {"(SubFS).Open", Method, 16, ""}, + {"(SubFS).Sub", Method, 16, ""}, {"DirEntry", Type, 16, ""}, {"ErrClosed", Var, 16, ""}, {"ErrExist", Var, 16, ""}, @@ -7271,6 +7688,10 @@ var PackageSymbols = map[string][]Symbol{ {"(*Logger).WarnContext", Method, 21, ""}, {"(*Logger).With", Method, 21, ""}, {"(*Logger).WithGroup", Method, 21, ""}, + {"(*MultiHandler).Enabled", Method, 26, ""}, + {"(*MultiHandler).Handle", Method, 26, ""}, + {"(*MultiHandler).WithAttrs", Method, 26, ""}, + {"(*MultiHandler).WithGroup", Method, 26, ""}, {"(*Record).Add", Method, 21, ""}, {"(*Record).AddAttrs", Method, 21, ""}, {"(*TextHandler).Enabled", Method, 21, ""}, @@ -7279,12 +7700,18 @@ var PackageSymbols = map[string][]Symbol{ {"(*TextHandler).WithGroup", Method, 21, ""}, {"(Attr).Equal", Method, 21, ""}, {"(Attr).String", Method, 21, ""}, + {"(Handler).Enabled", Method, 21, ""}, + {"(Handler).Handle", Method, 21, ""}, + {"(Handler).WithAttrs", Method, 21, ""}, + {"(Handler).WithGroup", Method, 21, ""}, {"(Kind).String", Method, 21, ""}, {"(Level).AppendText", Method, 24, ""}, {"(Level).Level", Method, 21, ""}, {"(Level).MarshalJSON", Method, 21, ""}, {"(Level).MarshalText", Method, 21, ""}, {"(Level).String", Method, 21, ""}, + {"(Leveler).Level", Method, 21, ""}, + {"(LogValuer).LogValue", Method, 21, ""}, {"(Record).Attrs", Method, 21, ""}, {"(Record).Clone", Method, 21, ""}, {"(Record).NumAttrs", Method, 21, ""}, @@ -7358,9 +7785,11 @@ var PackageSymbols = map[string][]Symbol{ {"LogValuer", Type, 21, ""}, {"Logger", Type, 21, ""}, {"MessageKey", Const, 21, ""}, + {"MultiHandler", Type, 26, ""}, {"New", Func, 21, "func(h Handler) *Logger"}, {"NewJSONHandler", Func, 21, "func(w io.Writer, opts *HandlerOptions) *JSONHandler"}, {"NewLogLogger", Func, 21, "func(h Handler, level Level) *log.Logger"}, + {"NewMultiHandler", Func, 26, "func(handlers ...Handler) *MultiHandler"}, {"NewRecord", Func, 21, "func(t time.Time, level Level, msg string, pc uintptr) Record"}, {"NewTextHandler", Func, 21, "func(w io.Writer, opts *HandlerOptions) *TextHandler"}, {"Record", Type, 21, ""}, @@ -7515,7 +7944,7 @@ var PackageSymbols = map[string][]Symbol{ {"MinInt64", Const, 0, ""}, {"MinInt8", Const, 0, ""}, {"Mod", Func, 0, "func(x float64, y float64) float64"}, - {"Modf", Func, 0, "func(f float64) (int float64, frac float64)"}, + {"Modf", Func, 0, "func(f float64) (integer float64, fractional float64)"}, {"NaN", Func, 0, "func() float64"}, {"Nextafter", Func, 0, "func(x float64, y float64) (r float64)"}, {"Nextafter32", Func, 4, "func(x float32, y float32) (r float32)"}, @@ -7811,6 +8240,11 @@ var PackageSymbols = map[string][]Symbol{ {"(*Rand).Uint32", Method, 0, ""}, {"(*Rand).Uint64", Method, 8, ""}, {"(*Zipf).Uint64", Method, 0, ""}, + {"(Source).Int63", Method, 0, ""}, + {"(Source).Seed", Method, 0, ""}, + {"(Source64).Int63", Method, 8, ""}, + {"(Source64).Seed", Method, 8, ""}, + {"(Source64).Uint64", Method, 8, ""}, {"ExpFloat64", Func, 0, "func() float64"}, {"Float32", Func, 0, "func() float32"}, {"Float64", Func, 0, "func() float64"}, @@ -7866,6 +8300,7 @@ var PackageSymbols = map[string][]Symbol{ {"(*Rand).Uint64N", Method, 22, ""}, {"(*Rand).UintN", Method, 22, ""}, {"(*Zipf).Uint64", Method, 22, ""}, + {"(Source).Uint64", Method, 22, ""}, {"ChaCha8", Type, 22, ""}, {"ExpFloat64", Func, 22, "func() float64"}, {"Float32", Func, 22, "func() float32"}, @@ -7929,6 +8364,10 @@ var PackageSymbols = map[string][]Symbol{ {"(*Writer).FormDataContentType", Method, 0, ""}, {"(*Writer).SetBoundary", Method, 1, ""}, {"(*Writer).WriteField", Method, 0, ""}, + {"(File).Close", Method, 0, ""}, + {"(File).Read", Method, 0, ""}, + {"(File).ReadAt", Method, 0, ""}, + {"(File).Seek", Method, 0, ""}, {"ErrMessageTooLarge", Var, 9, ""}, {"File", Type, 0, ""}, {"FileContentDisposition", Func, 25, "func(fieldname string, filename string) string"}, @@ -7972,6 +8411,10 @@ var PackageSymbols = map[string][]Symbol{ {"(*DNSError).Unwrap", Method, 23, ""}, {"(*Dialer).Dial", Method, 1, ""}, {"(*Dialer).DialContext", Method, 7, ""}, + {"(*Dialer).DialIP", Method, 26, ""}, + {"(*Dialer).DialTCP", Method, 26, ""}, + {"(*Dialer).DialUDP", Method, 26, ""}, + {"(*Dialer).DialUnix", Method, 26, ""}, {"(*Dialer).MultipathTCP", Method, 21, ""}, {"(*Dialer).SetMultipathTCP", Method, 21, ""}, {"(*IP).UnmarshalText", Method, 2, ""}, @@ -8109,6 +8552,19 @@ var PackageSymbols = map[string][]Symbol{ {"(*UnixListener).SetDeadline", Method, 0, ""}, {"(*UnixListener).SetUnlinkOnClose", Method, 8, ""}, {"(*UnixListener).SyscallConn", Method, 10, ""}, + {"(Addr).Network", Method, 0, ""}, + {"(Addr).String", Method, 0, ""}, + {"(Conn).Close", Method, 0, ""}, + {"(Conn).LocalAddr", Method, 0, ""}, + {"(Conn).Read", Method, 0, ""}, + {"(Conn).RemoteAddr", Method, 0, ""}, + {"(Conn).SetDeadline", Method, 0, ""}, + {"(Conn).SetReadDeadline", Method, 0, ""}, + {"(Conn).SetWriteDeadline", Method, 0, ""}, + {"(Conn).Write", Method, 0, ""}, + {"(Error).Error", Method, 0, ""}, + {"(Error).Temporary", Method, 0, ""}, + {"(Error).Timeout", Method, 0, ""}, {"(Flags).String", Method, 0, ""}, {"(HardwareAddr).String", Method, 0, ""}, {"(IP).AppendText", Method, 24, ""}, @@ -8132,6 +8588,16 @@ var PackageSymbols = map[string][]Symbol{ {"(InvalidAddrError).Error", Method, 0, ""}, {"(InvalidAddrError).Temporary", Method, 0, ""}, {"(InvalidAddrError).Timeout", Method, 0, ""}, + {"(Listener).Accept", Method, 0, ""}, + {"(Listener).Addr", Method, 0, ""}, + {"(Listener).Close", Method, 0, ""}, + {"(PacketConn).Close", Method, 0, ""}, + {"(PacketConn).LocalAddr", Method, 0, ""}, + {"(PacketConn).ReadFrom", Method, 0, ""}, + {"(PacketConn).SetDeadline", Method, 0, ""}, + {"(PacketConn).SetReadDeadline", Method, 0, ""}, + {"(PacketConn).SetWriteDeadline", Method, 0, ""}, + {"(PacketConn).WriteTo", Method, 0, ""}, {"(UnknownNetworkError).Error", Method, 0, ""}, {"(UnknownNetworkError).Temporary", Method, 0, ""}, {"(UnknownNetworkError).Timeout", Method, 0, ""}, @@ -8307,6 +8773,14 @@ var PackageSymbols = map[string][]Symbol{ {"(*Client).Head", Method, 0, ""}, {"(*Client).Post", Method, 0, ""}, {"(*Client).PostForm", Method, 0, ""}, + {"(*ClientConn).Available", Method, 26, ""}, + {"(*ClientConn).Close", Method, 26, ""}, + {"(*ClientConn).Err", Method, 26, ""}, + {"(*ClientConn).InFlight", Method, 26, ""}, + {"(*ClientConn).Release", Method, 26, ""}, + {"(*ClientConn).Reserve", Method, 26, ""}, + {"(*ClientConn).RoundTrip", Method, 26, ""}, + {"(*ClientConn).SetStateHook", Method, 26, ""}, {"(*Cookie).String", Method, 0, ""}, {"(*Cookie).Valid", Method, 18, ""}, {"(*CrossOriginProtection).AddInsecureBypassPattern", Method, 25, ""}, @@ -8366,10 +8840,22 @@ var PackageSymbols = map[string][]Symbol{ {"(*Transport).CancelRequest", Method, 1, ""}, {"(*Transport).Clone", Method, 13, ""}, {"(*Transport).CloseIdleConnections", Method, 0, ""}, + {"(*Transport).NewClientConn", Method, 26, ""}, {"(*Transport).RegisterProtocol", Method, 0, ""}, {"(*Transport).RoundTrip", Method, 0, ""}, + {"(CloseNotifier).CloseNotify", Method, 1, ""}, {"(ConnState).String", Method, 3, ""}, + {"(CookieJar).Cookies", Method, 0, ""}, + {"(CookieJar).SetCookies", Method, 0, ""}, {"(Dir).Open", Method, 0, ""}, + {"(File).Close", Method, 0, ""}, + {"(File).Read", Method, 0, ""}, + {"(File).Readdir", Method, 0, ""}, + {"(File).Seek", Method, 0, ""}, + {"(File).Stat", Method, 0, ""}, + {"(FileSystem).Open", Method, 0, ""}, + {"(Flusher).Flush", Method, 0, ""}, + {"(Handler).ServeHTTP", Method, 0, ""}, {"(HandlerFunc).ServeHTTP", Method, 0, ""}, {"(Header).Add", Method, 0, ""}, {"(Header).Clone", Method, 13, ""}, @@ -8379,10 +8865,16 @@ var PackageSymbols = map[string][]Symbol{ {"(Header).Values", Method, 14, ""}, {"(Header).Write", Method, 0, ""}, {"(Header).WriteSubset", Method, 0, ""}, + {"(Hijacker).Hijack", Method, 0, ""}, {"(Protocols).HTTP1", Method, 24, ""}, {"(Protocols).HTTP2", Method, 24, ""}, {"(Protocols).String", Method, 24, ""}, {"(Protocols).UnencryptedHTTP2", Method, 24, ""}, + {"(Pusher).Push", Method, 8, ""}, + {"(ResponseWriter).Header", Method, 0, ""}, + {"(ResponseWriter).Write", Method, 0, ""}, + {"(ResponseWriter).WriteHeader", Method, 0, ""}, + {"(RoundTripper).RoundTrip", Method, 0, ""}, {"AllowQuerySemicolons", Func, 17, "func(h Handler) Handler"}, {"CanonicalHeaderKey", Func, 0, "func(s string) string"}, {"Client", Type, 0, ""}, @@ -8390,6 +8882,7 @@ var PackageSymbols = map[string][]Symbol{ {"Client.Jar", Field, 0, ""}, {"Client.Timeout", Field, 3, ""}, {"Client.Transport", Field, 0, ""}, + {"ClientConn", Type, 26, ""}, {"CloseNotifier", Type, 1, ""}, {"ConnState", Type, 3, ""}, {"Cookie", Type, 0, ""}, @@ -8457,6 +8950,7 @@ var PackageSymbols = map[string][]Symbol{ {"HTTP2Config.PermitProhibitedCipherSuites", Field, 24, ""}, {"HTTP2Config.PingTimeout", Field, 24, ""}, {"HTTP2Config.SendPingTimeout", Field, 24, ""}, + {"HTTP2Config.StrictMaxConcurrentRequests", Field, 26, ""}, {"HTTP2Config.WriteByteTimeout", Field, 24, ""}, {"Handle", Func, 0, "func(pattern string, handler Handler)"}, {"HandleFunc", Func, 0, "func(pattern string, handler func(ResponseWriter, *Request))"}, @@ -8699,6 +9193,8 @@ var PackageSymbols = map[string][]Symbol{ "net/http/cookiejar": { {"(*Jar).Cookies", Method, 1, ""}, {"(*Jar).SetCookies", Method, 1, ""}, + {"(PublicSuffixList).PublicSuffix", Method, 1, ""}, + {"(PublicSuffixList).String", Method, 1, ""}, {"Jar", Type, 1, ""}, {"New", Func, 1, "func(o *Options) (*Jar, error)"}, {"Options", Type, 1, ""}, @@ -8792,6 +9288,8 @@ var PackageSymbols = map[string][]Symbol{ {"(*ServerConn).Pending", Method, 0, ""}, {"(*ServerConn).Read", Method, 0, ""}, {"(*ServerConn).Write", Method, 0, ""}, + {"(BufferPool).Get", Method, 6, ""}, + {"(BufferPool).Put", Method, 6, ""}, {"BufferPool", Type, 6, ""}, {"ClientConn", Type, 0, ""}, {"DumpRequest", Func, 0, "func(req *http.Request, body bool) ([]byte, error)"}, @@ -8904,6 +9402,7 @@ var PackageSymbols = map[string][]Symbol{ {"(Prefix).AppendText", Method, 24, ""}, {"(Prefix).AppendTo", Method, 18, ""}, {"(Prefix).Bits", Method, 18, ""}, + {"(Prefix).Compare", Method, 26, ""}, {"(Prefix).Contains", Method, 18, ""}, {"(Prefix).IsSingleIP", Method, 18, ""}, {"(Prefix).IsValid", Method, 18, ""}, @@ -8944,6 +9443,14 @@ var PackageSymbols = map[string][]Symbol{ {"(*Server).ServeConn", Method, 0, ""}, {"(*Server).ServeHTTP", Method, 0, ""}, {"(*Server).ServeRequest", Method, 0, ""}, + {"(ClientCodec).Close", Method, 0, ""}, + {"(ClientCodec).ReadResponseBody", Method, 0, ""}, + {"(ClientCodec).ReadResponseHeader", Method, 0, ""}, + {"(ClientCodec).WriteRequest", Method, 0, ""}, + {"(ServerCodec).Close", Method, 0, ""}, + {"(ServerCodec).ReadRequestBody", Method, 0, ""}, + {"(ServerCodec).ReadRequestHeader", Method, 0, ""}, + {"(ServerCodec).WriteResponse", Method, 0, ""}, {"(ServerError).Error", Method, 0, ""}, {"Accept", Func, 0, "func(lis net.Listener)"}, {"Call", Type, 0, ""}, @@ -9002,6 +9509,8 @@ var PackageSymbols = map[string][]Symbol{ {"(*Client).StartTLS", Method, 0, ""}, {"(*Client).TLSConnectionState", Method, 5, ""}, {"(*Client).Verify", Method, 0, ""}, + {"(Auth).Next", Method, 0, ""}, + {"(Auth).Start", Method, 0, ""}, {"Auth", Type, 0, ""}, {"CRAMMD5Auth", Func, 0, "func(username string, secret string) Auth"}, {"Client", Type, 0, ""}, @@ -9177,6 +9686,7 @@ var PackageSymbols = map[string][]Symbol{ {"(*Process).Release", Method, 0, ""}, {"(*Process).Signal", Method, 0, ""}, {"(*Process).Wait", Method, 0, ""}, + {"(*Process).WithHandle", Method, 26, ""}, {"(*ProcessState).ExitCode", Method, 12, ""}, {"(*ProcessState).Exited", Method, 0, ""}, {"(*ProcessState).Pid", Method, 0, ""}, @@ -9212,10 +9722,18 @@ var PackageSymbols = map[string][]Symbol{ {"(*SyscallError).Error", Method, 0, ""}, {"(*SyscallError).Timeout", Method, 10, ""}, {"(*SyscallError).Unwrap", Method, 13, ""}, + {"(FileInfo).IsDir", Method, 0, ""}, + {"(FileInfo).ModTime", Method, 0, ""}, + {"(FileInfo).Mode", Method, 0, ""}, + {"(FileInfo).Name", Method, 0, ""}, + {"(FileInfo).Size", Method, 0, ""}, + {"(FileInfo).Sys", Method, 0, ""}, {"(FileMode).IsDir", Method, 0, ""}, {"(FileMode).IsRegular", Method, 1, ""}, {"(FileMode).Perm", Method, 0, ""}, {"(FileMode).String", Method, 0, ""}, + {"(Signal).Signal", Method, 0, ""}, + {"(Signal).String", Method, 0, ""}, {"Args", Var, 0, ""}, {"Chdir", Func, 0, "func(dir string) error"}, {"Chmod", Func, 0, "func(name string, mode FileMode) error"}, @@ -9234,6 +9752,7 @@ var PackageSymbols = map[string][]Symbol{ {"ErrExist", Var, 0, ""}, {"ErrInvalid", Var, 0, ""}, {"ErrNoDeadline", Var, 10, ""}, + {"ErrNoHandle", Var, 26, ""}, {"ErrNotExist", Var, 0, ""}, {"ErrPermission", Var, 0, ""}, {"ErrProcessDone", Var, 16, ""}, @@ -9461,7 +9980,7 @@ var PackageSymbols = map[string][]Symbol{ {"ListSeparator", Const, 0, ""}, {"Localize", Func, 23, "func(path string) (string, error)"}, {"Match", Func, 0, "func(pattern string, name string) (matched bool, err error)"}, - {"Rel", Func, 0, "func(basepath string, targpath string) (string, error)"}, + {"Rel", Func, 0, "func(basePath string, targPath string) (string, error)"}, {"Separator", Const, 0, ""}, {"SkipAll", Var, 20, ""}, {"SkipDir", Var, 0, ""}, @@ -9491,6 +10010,45 @@ var PackageSymbols = map[string][]Symbol{ {"(StructField).IsExported", Method, 17, ""}, {"(StructTag).Get", Method, 0, ""}, {"(StructTag).Lookup", Method, 7, ""}, + {"(Type).Align", Method, 0, ""}, + {"(Type).AssignableTo", Method, 0, ""}, + {"(Type).Bits", Method, 0, ""}, + {"(Type).CanSeq", Method, 23, ""}, + {"(Type).CanSeq2", Method, 23, ""}, + {"(Type).ChanDir", Method, 0, ""}, + {"(Type).Comparable", Method, 4, ""}, + {"(Type).ConvertibleTo", Method, 1, ""}, + {"(Type).Elem", Method, 0, ""}, + {"(Type).Field", Method, 0, ""}, + {"(Type).FieldAlign", Method, 0, ""}, + {"(Type).FieldByIndex", Method, 0, ""}, + {"(Type).FieldByName", Method, 0, ""}, + {"(Type).FieldByNameFunc", Method, 0, ""}, + {"(Type).Fields", Method, 26, ""}, + {"(Type).Implements", Method, 0, ""}, + {"(Type).In", Method, 0, ""}, + {"(Type).Ins", Method, 26, ""}, + {"(Type).IsVariadic", Method, 0, ""}, + {"(Type).Key", Method, 0, ""}, + {"(Type).Kind", Method, 0, ""}, + {"(Type).Len", Method, 0, ""}, + {"(Type).Method", Method, 0, ""}, + {"(Type).MethodByName", Method, 0, ""}, + {"(Type).Methods", Method, 26, ""}, + {"(Type).Name", Method, 0, ""}, + {"(Type).NumField", Method, 0, ""}, + {"(Type).NumIn", Method, 0, ""}, + {"(Type).NumMethod", Method, 0, ""}, + {"(Type).NumOut", Method, 0, ""}, + {"(Type).Out", Method, 0, ""}, + {"(Type).Outs", Method, 26, ""}, + {"(Type).OverflowComplex", Method, 23, ""}, + {"(Type).OverflowFloat", Method, 23, ""}, + {"(Type).OverflowInt", Method, 23, ""}, + {"(Type).OverflowUint", Method, 23, ""}, + {"(Type).PkgPath", Method, 0, ""}, + {"(Type).Size", Method, 0, ""}, + {"(Type).String", Method, 0, ""}, {"(Value).Addr", Method, 0, ""}, {"(Value).Bool", Method, 0, ""}, {"(Value).Bytes", Method, 0, ""}, @@ -9517,6 +10075,7 @@ var PackageSymbols = map[string][]Symbol{ {"(Value).FieldByIndexErr", Method, 18, ""}, {"(Value).FieldByName", Method, 0, ""}, {"(Value).FieldByNameFunc", Method, 0, ""}, + {"(Value).Fields", Method, 26, ""}, {"(Value).Float", Method, 0, ""}, {"(Value).Grow", Method, 20, ""}, {"(Value).Index", Method, 0, ""}, @@ -9533,6 +10092,7 @@ var PackageSymbols = map[string][]Symbol{ {"(Value).MapRange", Method, 12, ""}, {"(Value).Method", Method, 0, ""}, {"(Value).MethodByName", Method, 0, ""}, + {"(Value).Methods", Method, 26, ""}, {"(Value).NumField", Method, 0, ""}, {"(Value).NumMethod", Method, 0, ""}, {"(Value).OverflowComplex", Method, 0, ""}, @@ -9648,7 +10208,6 @@ var PackageSymbols = map[string][]Symbol{ {"StructOf", Func, 7, "func(fields []StructField) Type"}, {"StructTag", Type, 0, ""}, {"Swapper", Func, 8, "func(slice any) func(i int, j int)"}, - {"Type", Type, 0, ""}, {"TypeAssert", Func, 25, "func[T any](v Value) (T, bool)"}, {"TypeFor", Func, 22, "func[T any]() Type"}, {"TypeOf", Func, 0, "func(i any) Type"}, @@ -9850,6 +10409,8 @@ var PackageSymbols = map[string][]Symbol{ {"(*TypeAssertionError).Error", Method, 0, ""}, {"(*TypeAssertionError).RuntimeError", Method, 0, ""}, {"(Cleanup).Stop", Method, 24, ""}, + {"(Error).Error", Method, 0, ""}, + {"(Error).RuntimeError", Method, 0, ""}, {"AddCleanup", Func, 24, "func[T, S any](ptr *T, cleanup func(S), arg S) Cleanup"}, {"BlockProfile", Func, 1, "func(p []BlockProfileRecord) (n int, ok bool)"}, {"BlockProfileRecord", Type, 1, ""}, @@ -9932,7 +10493,7 @@ var PackageSymbols = map[string][]Symbol{ {"PanicNilError", Type, 21, ""}, {"Pinner", Type, 21, ""}, {"ReadMemStats", Func, 0, "func(m *MemStats)"}, - {"ReadTrace", Func, 5, "func() []byte"}, + {"ReadTrace", Func, 5, "func() (buf []byte)"}, {"SetBlockProfileRate", Func, 1, "func(rate int)"}, {"SetCPUProfileRate", Func, 0, "func(hz int)"}, {"SetCgoTraceback", Func, 7, "func(version int, traceback unsafe.Pointer, context unsafe.Pointer, symbolizer unsafe.Pointer)"}, @@ -10124,6 +10685,9 @@ var PackageSymbols = map[string][]Symbol{ {"(IntSlice).Search", Method, 0, ""}, {"(IntSlice).Sort", Method, 0, ""}, {"(IntSlice).Swap", Method, 0, ""}, + {"(Interface).Len", Method, 0, ""}, + {"(Interface).Less", Method, 0, ""}, + {"(Interface).Swap", Method, 0, ""}, {"(StringSlice).Len", Method, 0, ""}, {"(StringSlice).Less", Method, 0, ""}, {"(StringSlice).Search", Method, 0, ""}, @@ -10315,6 +10879,8 @@ var PackageSymbols = map[string][]Symbol{ {"(*WaitGroup).Done", Method, 0, ""}, {"(*WaitGroup).Go", Method, 25, ""}, {"(*WaitGroup).Wait", Method, 0, ""}, + {"(Locker).Lock", Method, 0, ""}, + {"(Locker).Unlock", Method, 0, ""}, {"Cond", Type, 0, ""}, {"Cond.L", Field, 0, ""}, {"Locker", Type, 0, ""}, @@ -10456,10 +11022,14 @@ var PackageSymbols = map[string][]Symbol{ {"(*Timeval).Nano", Method, 0, ""}, {"(*Timeval).Nanoseconds", Method, 0, ""}, {"(*Timeval).Unix", Method, 0, ""}, + {"(Conn).SyscallConn", Method, 9, ""}, {"(Errno).Error", Method, 0, ""}, {"(Errno).Is", Method, 13, ""}, {"(Errno).Temporary", Method, 0, ""}, {"(Errno).Timeout", Method, 0, ""}, + {"(RawConn).Control", Method, 9, ""}, + {"(RawConn).Read", Method, 9, ""}, + {"(RawConn).Write", Method, 9, ""}, {"(Signal).Signal", Method, 0, ""}, {"(Signal).String", Method, 0, ""}, {"(Token).Close", Method, 0, ""}, @@ -14379,7 +14949,7 @@ var PackageSymbols = map[string][]Symbol{ {"RouteMessage.Data", Field, 0, ""}, {"RouteMessage.Header", Field, 0, ""}, {"RouteRIB", Func, 0, ""}, - {"RoutingMessage", Type, 0, ""}, + {"RoutingMessage", Type, 14, ""}, {"RtAttr", Type, 0, ""}, {"RtAttr.Len", Field, 0, ""}, {"RtAttr.Type", Field, 0, ""}, @@ -15865,7 +16435,6 @@ var PackageSymbols = map[string][]Symbol{ {"SockFprog.Filter", Field, 0, ""}, {"SockFprog.Len", Field, 0, ""}, {"SockFprog.Pad_cgo_0", Field, 0, ""}, - {"Sockaddr", Type, 0, ""}, {"SockaddrDatalink", Type, 0, ""}, {"SockaddrDatalink.Alen", Field, 0, ""}, {"SockaddrDatalink.Data", Field, 0, ""}, @@ -16679,6 +17248,7 @@ var PackageSymbols = map[string][]Symbol{ {"ValueOf", Func, 0, ""}, }, "testing": { + {"(*B).ArtifactDir", Method, 26, ""}, {"(*B).Attr", Method, 25, ""}, {"(*B).Chdir", Method, 24, ""}, {"(*B).Cleanup", Method, 14, ""}, @@ -16713,6 +17283,7 @@ var PackageSymbols = map[string][]Symbol{ {"(*B).StopTimer", Method, 0, ""}, {"(*B).TempDir", Method, 15, ""}, {"(*F).Add", Method, 18, ""}, + {"(*F).ArtifactDir", Method, 26, ""}, {"(*F).Attr", Method, 25, ""}, {"(*F).Chdir", Method, 24, ""}, {"(*F).Cleanup", Method, 18, ""}, @@ -16738,6 +17309,7 @@ var PackageSymbols = map[string][]Symbol{ {"(*F).TempDir", Method, 18, ""}, {"(*M).Run", Method, 4, ""}, {"(*PB).Next", Method, 3, ""}, + {"(*T).ArtifactDir", Method, 26, ""}, {"(*T).Attr", Method, 25, ""}, {"(*T).Chdir", Method, 24, ""}, {"(*T).Cleanup", Method, 14, ""}, @@ -16768,6 +17340,29 @@ var PackageSymbols = map[string][]Symbol{ {"(BenchmarkResult).MemString", Method, 1, ""}, {"(BenchmarkResult).NsPerOp", Method, 0, ""}, {"(BenchmarkResult).String", Method, 0, ""}, + {"(TB).ArtifactDir", Method, 26, ""}, + {"(TB).Attr", Method, 25, ""}, + {"(TB).Chdir", Method, 24, ""}, + {"(TB).Cleanup", Method, 14, ""}, + {"(TB).Context", Method, 24, ""}, + {"(TB).Error", Method, 2, ""}, + {"(TB).Errorf", Method, 2, ""}, + {"(TB).Fail", Method, 2, ""}, + {"(TB).FailNow", Method, 2, ""}, + {"(TB).Failed", Method, 2, ""}, + {"(TB).Fatal", Method, 2, ""}, + {"(TB).Fatalf", Method, 2, ""}, + {"(TB).Helper", Method, 9, ""}, + {"(TB).Log", Method, 2, ""}, + {"(TB).Logf", Method, 2, ""}, + {"(TB).Name", Method, 8, ""}, + {"(TB).Output", Method, 25, ""}, + {"(TB).Setenv", Method, 17, ""}, + {"(TB).Skip", Method, 2, ""}, + {"(TB).SkipNow", Method, 2, ""}, + {"(TB).Skipf", Method, 2, ""}, + {"(TB).Skipped", Method, 2, ""}, + {"(TB).TempDir", Method, 15, ""}, {"AllocsPerRun", Func, 1, "func(runs int, f func()) (avg float64)"}, {"B", Type, 0, ""}, {"B.N", Field, 0, ""}, @@ -16818,10 +17413,12 @@ var PackageSymbols = map[string][]Symbol{ {"RunTests", Func, 0, "func(matchString func(pat string, str string) (bool, error), tests []InternalTest) (ok bool)"}, {"Short", Func, 0, "func() bool"}, {"T", Type, 0, ""}, - {"TB", Type, 2, ""}, {"Testing", Func, 21, "func() bool"}, {"Verbose", Func, 1, "func() bool"}, }, + "testing/cryptotest": { + {"SetGlobalRandom", Func, 26, "func(t *testing.T, seed uint64)"}, + }, "testing/fstest": { {"(MapFS).Glob", Method, 16, ""}, {"(MapFS).Lstat", Method, 25, ""}, @@ -16854,6 +17451,7 @@ var PackageSymbols = map[string][]Symbol{ "testing/quick": { {"(*CheckEqualError).Error", Method, 0, ""}, {"(*CheckError).Error", Method, 0, ""}, + {"(Generator).Generate", Method, 0, ""}, {"(SetupError).Error", Method, 0, ""}, {"Check", Func, 0, "func(f any, config *Config) error"}, {"CheckEqual", Func, 0, "func(f any, g any, config *Config) error"}, @@ -17060,6 +17658,10 @@ var PackageSymbols = map[string][]Symbol{ {"(ListNode).Position", Method, 1, ""}, {"(ListNode).Type", Method, 0, ""}, {"(NilNode).Position", Method, 1, ""}, + {"(Node).Copy", Method, 0, ""}, + {"(Node).Position", Method, 1, ""}, + {"(Node).String", Method, 0, ""}, + {"(Node).Type", Method, 0, ""}, {"(NodeType).Type", Method, 0, ""}, {"(NumberNode).Position", Method, 1, ""}, {"(NumberNode).Type", Method, 0, ""}, diff --git a/vendor/golang.org/x/tools/internal/stdlib/stdlib.go b/vendor/golang.org/x/tools/internal/stdlib/stdlib.go index e223e0f340..59a5de36a2 100644 --- a/vendor/golang.org/x/tools/internal/stdlib/stdlib.go +++ b/vendor/golang.org/x/tools/internal/stdlib/stdlib.go @@ -39,7 +39,7 @@ const ( Var // "EOF" Const // "Pi" Field // "Point.X" - Method // "(*Buffer).Grow" + Method // "(*Buffer).Grow" or "(Reader).Read" ) func (kind Kind) String() string { diff --git a/vendor/golang.org/x/tools/internal/typeparams/normalize.go b/vendor/golang.org/x/tools/internal/typeparams/normalize.go index f49802b8ef..8d13f12147 100644 --- a/vendor/golang.org/x/tools/internal/typeparams/normalize.go +++ b/vendor/golang.org/x/tools/internal/typeparams/normalize.go @@ -160,8 +160,7 @@ func computeTermSetInternal(t types.Type, seen map[types.Type]*termSet, depth in // The term set of an interface is the intersection of the term sets of its // embedded types. tset.terms = allTermlist - for i := 0; i < u.NumEmbeddeds(); i++ { - embedded := u.EmbeddedType(i) + for embedded := range u.EmbeddedTypes() { if _, ok := embedded.Underlying().(*types.TypeParam); ok { return nil, fmt.Errorf("invalid embedded type %T", embedded) } @@ -174,8 +173,7 @@ func computeTermSetInternal(t types.Type, seen map[types.Type]*termSet, depth in case *types.Union: // The term set of a union is the union of term sets of its terms. tset.terms = nil - for i := 0; i < u.Len(); i++ { - t := u.Term(i) + for t := range u.Terms() { var terms termlist switch t.Type().Underlying().(type) { case *types.Interface: diff --git a/vendor/golang.org/x/tools/internal/typesinternal/classify_call.go b/vendor/golang.org/x/tools/internal/typesinternal/classify_call.go index 3db2a135b9..7ebe9768bc 100644 --- a/vendor/golang.org/x/tools/internal/typesinternal/classify_call.go +++ b/vendor/golang.org/x/tools/internal/typesinternal/classify_call.go @@ -8,7 +8,7 @@ import ( "fmt" "go/ast" "go/types" - _ "unsafe" + _ "unsafe" // for go:linkname hack ) // CallKind describes the function position of an [*ast.CallExpr]. diff --git a/vendor/golang.org/x/tools/internal/typesinternal/element.go b/vendor/golang.org/x/tools/internal/typesinternal/element.go index 4957f02164..5fe4d8abcb 100644 --- a/vendor/golang.org/x/tools/internal/typesinternal/element.go +++ b/vendor/golang.org/x/tools/internal/typesinternal/element.go @@ -35,8 +35,8 @@ func ForEachElement(rtypes *typeutil.Map, msets *typeutil.MethodSetCache, T type // Recursion over signatures of each method. tmset := msets.MethodSet(T) - for i := 0; i < tmset.Len(); i++ { - sig := tmset.At(i).Type().(*types.Signature) + for method := range tmset.Methods() { + sig := method.Type().(*types.Signature) // It is tempting to call visit(sig, false) // but, as noted in golang.org/cl/65450043, // the Signature.Recv field is ignored by diff --git a/vendor/golang.org/x/tools/internal/typesinternal/fx.go b/vendor/golang.org/x/tools/internal/typesinternal/fx.go index 93acff2170..c846a53d5f 100644 --- a/vendor/golang.org/x/tools/internal/typesinternal/fx.go +++ b/vendor/golang.org/x/tools/internal/typesinternal/fx.go @@ -19,25 +19,46 @@ func NoEffects(info *types.Info, expr ast.Expr) bool { switch v := n.(type) { case nil, *ast.Ident, *ast.BasicLit, *ast.BinaryExpr, *ast.ParenExpr, *ast.SelectorExpr, *ast.IndexExpr, *ast.SliceExpr, *ast.TypeAssertExpr, - *ast.StarExpr, *ast.CompositeLit, *ast.ArrayType, *ast.StructType, - *ast.MapType, *ast.InterfaceType, *ast.KeyValueExpr: - // No effect + *ast.StarExpr, *ast.CompositeLit, + // non-expressions that may appear within expressions + *ast.KeyValueExpr, + *ast.FieldList, + *ast.Field, + *ast.Ellipsis, + *ast.IndexListExpr: + // No effect. + + case *ast.ArrayType, + *ast.StructType, + *ast.ChanType, + *ast.FuncType, + *ast.MapType, + *ast.InterfaceType: + // Type syntax: no effects, recursively. + // Prune descent. + return false + case *ast.UnaryExpr: - // Channel send <-ch has effects + // Channel send <-ch has effects. if v.Op == token.ARROW { noEffects = false } + case *ast.CallExpr: - // Type conversion has no effects + // Type conversion has no effects. if !info.Types[v.Fun].IsType() { - // TODO(adonovan): Add a case for built-in functions without side - // effects (by using callsPureBuiltin from tools/internal/refactor/inline) - - noEffects = false + if CallsPureBuiltin(info, v) { + // A call such as len(e) has no effects of its + // own, though the subexpression e might. + } else { + noEffects = false + } } + case *ast.FuncLit: // A FuncLit has no effects, but do not descend into it. return false + default: // All other expressions have effects noEffects = false @@ -47,3 +68,21 @@ func NoEffects(info *types.Info, expr ast.Expr) bool { }) return noEffects } + +// CallsPureBuiltin reports whether call is a call of a built-in +// function that is a pure computation over its operands (analogous to +// a + operator). Because it does not depend on program state, it may +// be evaluated at any point--though not necessarily at multiple +// points (consider new, make). +func CallsPureBuiltin(info *types.Info, call *ast.CallExpr) bool { + if id, ok := ast.Unparen(call.Fun).(*ast.Ident); ok { + if b, ok := info.ObjectOf(id).(*types.Builtin); ok { + switch b.Name() { + case "len", "cap", "complex", "imag", "real", "make", "new", "max", "min": + return true + } + // Not: append clear close copy delete panic print println recover + } + } + return false +} diff --git a/vendor/golang.org/x/tools/internal/typesinternal/isnamed.go b/vendor/golang.org/x/tools/internal/typesinternal/isnamed.go index f2affec4fb..e0d63c46c6 100644 --- a/vendor/golang.org/x/tools/internal/typesinternal/isnamed.go +++ b/vendor/golang.org/x/tools/internal/typesinternal/isnamed.go @@ -48,7 +48,7 @@ func IsFunctionNamed(obj types.Object, pkgPath string, names ...string) bool { return ok && IsPackageLevel(obj) && f.Pkg().Path() == pkgPath && - f.Type().(*types.Signature).Recv() == nil && + f.Signature().Recv() == nil && slices.Contains(names, f.Name()) } @@ -60,7 +60,7 @@ func IsFunctionNamed(obj types.Object, pkgPath string, names ...string) bool { // which is important for the performance of syntax matching. func IsMethodNamed(obj types.Object, pkgPath string, typeName string, names ...string) bool { if fn, ok := obj.(*types.Func); ok { - if recv := fn.Type().(*types.Signature).Recv(); recv != nil { + if recv := fn.Signature().Recv(); recv != nil { _, T := ReceiverNamed(recv) return T != nil && IsTypeNamed(T, pkgPath, typeName) && diff --git a/vendor/golang.org/x/tools/internal/typesinternal/qualifier.go b/vendor/golang.org/x/tools/internal/typesinternal/qualifier.go index 64f47919f0..4e2756fc49 100644 --- a/vendor/golang.org/x/tools/internal/typesinternal/qualifier.go +++ b/vendor/golang.org/x/tools/internal/typesinternal/qualifier.go @@ -19,7 +19,7 @@ import ( // TODO(adonovan): this function ignores the effect of shadowing. It // should accept a [token.Pos] and a [types.Info] and compute only the // set of imports that are not shadowed at that point, analogous to -// [analysisinternal.AddImport]. It could also compute (as a side +// [analysis.AddImport]. It could also compute (as a side // effect) the set of additional imports required to ensure that there // is an accessible import for each necessary package, making it // converge even more closely with AddImport. diff --git a/vendor/golang.org/x/tools/internal/typesinternal/types.go b/vendor/golang.org/x/tools/internal/typesinternal/types.go index fef74a7856..51001666ef 100644 --- a/vendor/golang.org/x/tools/internal/typesinternal/types.go +++ b/vendor/golang.org/x/tools/internal/typesinternal/types.go @@ -23,7 +23,6 @@ import ( "go/token" "go/types" "reflect" - "unsafe" "golang.org/x/tools/go/ast/inspector" "golang.org/x/tools/internal/aliases" @@ -40,8 +39,7 @@ func SetUsesCgo(conf *types.Config) bool { } } - addr := unsafe.Pointer(f.UnsafeAddr()) - *(*bool)(addr) = true + *(*bool)(f.Addr().UnsafePointer()) = true return true } diff --git a/vendor/golang.org/x/tools/internal/typesinternal/varkind.go b/vendor/golang.org/x/tools/internal/typesinternal/varkind.go index e5da049511..26499cdd2e 100644 --- a/vendor/golang.org/x/tools/internal/typesinternal/varkind.go +++ b/vendor/golang.org/x/tools/internal/typesinternal/varkind.go @@ -2,39 +2,22 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -package typesinternal +//go:build go1.25 -// TODO(adonovan): when CL 645115 lands, define the go1.25 version of -// this API that actually does something. +package typesinternal import "go/types" -type VarKind uint8 +type VarKind = types.VarKind const ( - _ VarKind = iota // (not meaningful) - PackageVar // a package-level variable - LocalVar // a local variable - RecvVar // a method receiver variable - ParamVar // a function parameter variable - ResultVar // a function result variable - FieldVar // a struct field + PackageVar = types.PackageVar + LocalVar = types.LocalVar + RecvVar = types.RecvVar + ParamVar = types.ParamVar + ResultVar = types.ResultVar + FieldVar = types.FieldVar ) -func (kind VarKind) String() string { - return [...]string{ - 0: "VarKind(0)", - PackageVar: "PackageVar", - LocalVar: "LocalVar", - RecvVar: "RecvVar", - ParamVar: "ParamVar", - ResultVar: "ResultVar", - FieldVar: "FieldVar", - }[kind] -} - -// GetVarKind returns an invalid VarKind. -func GetVarKind(v *types.Var) VarKind { return 0 } - -// SetVarKind has no effect. -func SetVarKind(v *types.Var, kind VarKind) {} +func GetVarKind(v *types.Var) VarKind { return v.Kind() } +func SetVarKind(v *types.Var, kind VarKind) { v.SetKind(kind) } diff --git a/vendor/golang.org/x/tools/internal/typesinternal/varkind_go124.go b/vendor/golang.org/x/tools/internal/typesinternal/varkind_go124.go new file mode 100644 index 0000000000..17b1804b4e --- /dev/null +++ b/vendor/golang.org/x/tools/internal/typesinternal/varkind_go124.go @@ -0,0 +1,39 @@ +// Copyright 2024 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +//go:build !go1.25 + +package typesinternal + +import "go/types" + +type VarKind uint8 + +const ( + _ VarKind = iota // (not meaningful) + PackageVar // a package-level variable + LocalVar // a local variable + RecvVar // a method receiver variable + ParamVar // a function parameter variable + ResultVar // a function result variable + FieldVar // a struct field +) + +func (kind VarKind) String() string { + return [...]string{ + 0: "VarKind(0)", + PackageVar: "PackageVar", + LocalVar: "LocalVar", + RecvVar: "RecvVar", + ParamVar: "ParamVar", + ResultVar: "ResultVar", + FieldVar: "FieldVar", + }[kind] +} + +// GetVarKind returns an invalid VarKind. +func GetVarKind(v *types.Var) VarKind { return 0 } + +// SetVarKind has no effect. +func SetVarKind(v *types.Var, kind VarKind) {} diff --git a/vendor/golang.org/x/tools/internal/typesinternal/zerovalue.go b/vendor/golang.org/x/tools/internal/typesinternal/zerovalue.go index 453bba2ad5..d612a71029 100644 --- a/vendor/golang.org/x/tools/internal/typesinternal/zerovalue.go +++ b/vendor/golang.org/x/tools/internal/typesinternal/zerovalue.go @@ -258,12 +258,12 @@ func TypeExpr(t types.Type, qual types.Qualifier) ast.Expr { case *types.Signature: var params []*ast.Field - for i := 0; i < t.Params().Len(); i++ { + for v := range t.Params().Variables() { params = append(params, &ast.Field{ - Type: TypeExpr(t.Params().At(i).Type(), qual), + Type: TypeExpr(v.Type(), qual), Names: []*ast.Ident{ { - Name: t.Params().At(i).Name(), + Name: v.Name(), }, }, }) @@ -273,9 +273,9 @@ func TypeExpr(t types.Type, qual types.Qualifier) ast.Expr { last.Type = &ast.Ellipsis{Elt: last.Type.(*ast.ArrayType).Elt} } var returns []*ast.Field - for i := 0; i < t.Results().Len(); i++ { + for v := range t.Results().Variables() { returns = append(returns, &ast.Field{ - Type: TypeExpr(t.Results().At(i).Type(), qual), + Type: TypeExpr(v.Type(), qual), }) } return &ast.FuncType{ @@ -315,8 +315,8 @@ func TypeExpr(t types.Type, qual types.Qualifier) ast.Expr { if hasTypeArgs, ok := t.(interface{ TypeArgs() *types.TypeList }); ok { if typeArgs := hasTypeArgs.TypeArgs(); typeArgs != nil && typeArgs.Len() > 0 { var indices []ast.Expr - for i := range typeArgs.Len() { - indices = append(indices, TypeExpr(typeArgs.At(i), qual)) + for t0 := range typeArgs.Types() { + indices = append(indices, TypeExpr(t0, qual)) } expr = &ast.IndexListExpr{ X: expr, diff --git a/vendor/golang.org/x/tools/internal/versions/features.go b/vendor/golang.org/x/tools/internal/versions/features.go index b53f178616..cdd36c388a 100644 --- a/vendor/golang.org/x/tools/internal/versions/features.go +++ b/vendor/golang.org/x/tools/internal/versions/features.go @@ -7,13 +7,18 @@ package versions // This file contains predicates for working with file versions to // decide when a tool should consider a language feature enabled. -// GoVersions that features in x/tools can be gated to. +// named constants, to avoid misspelling const ( + Go1_17 = "go1.17" Go1_18 = "go1.18" Go1_19 = "go1.19" Go1_20 = "go1.20" Go1_21 = "go1.21" Go1_22 = "go1.22" + Go1_23 = "go1.23" + Go1_24 = "go1.24" + Go1_25 = "go1.25" + Go1_26 = "go1.26" ) // Future is an invalid unknown Go version sometime in the future. diff --git a/vendor/golang.org/x/tools/refactor/satisfy/find.go b/vendor/golang.org/x/tools/refactor/satisfy/find.go new file mode 100644 index 0000000000..bb38375531 --- /dev/null +++ b/vendor/golang.org/x/tools/refactor/satisfy/find.go @@ -0,0 +1,725 @@ +// Copyright 2014 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// Package satisfy inspects the type-checked ASTs of Go packages and +// reports the set of discovered type constraints of the form (lhs, rhs +// Type) where lhs is a non-trivial interface, rhs satisfies this +// interface, and this fact is necessary for the package to be +// well-typed. +// +// It requires well-typed inputs. +package satisfy // import "golang.org/x/tools/refactor/satisfy" + +// NOTES: +// +// We don't care about numeric conversions, so we don't descend into +// types or constant expressions. This is unsound because +// constant expressions can contain arbitrary statements, e.g. +// const x = len([1]func(){func() { +// ... +// }}) +// +// Assignability conversions are possible in the following places: +// - in assignments y = x, y := x, var y = x. +// - from call argument types to formal parameter types +// - in append and delete calls +// - from return operands to result parameter types +// - in composite literal T{k:v}, from k and v to T's field/element/key type +// - in map[key] from key to the map's key type +// - in comparisons x==y and switch x { case y: }. +// - in explicit conversions T(x) +// - in sends ch <- x, from x to the channel element type +// - in type assertions x.(T) and switch x.(type) { case T: } +// +// The results of this pass provide information equivalent to the +// ssa.MakeInterface and ssa.ChangeInterface instructions. + +import ( + "fmt" + "go/ast" + "go/token" + "go/types" + + "golang.org/x/tools/go/types/typeutil" + "golang.org/x/tools/internal/typeparams" +) + +// A Constraint records the fact that the RHS type does and must +// satisfy the LHS type, which is an interface. +// The names are suggestive of an assignment statement LHS = RHS. +// +// The constraint is implicitly universally quantified over any type +// parameters appearing within the two types. +type Constraint struct { + LHS, RHS types.Type +} + +// A Finder inspects the type-checked ASTs of Go packages and +// accumulates the set of type constraints (x, y) such that x is +// assignable to y, y is an interface, and both x and y have methods. +// +// In other words, it returns the subset of the "implements" relation +// that is checked during compilation of a package. Refactoring tools +// will need to preserve at least this part of the relation to ensure +// continued compilation. +type Finder struct { + Result map[Constraint]bool + msetcache typeutil.MethodSetCache + + // per-Find state + info *types.Info + sig *types.Signature +} + +// Find inspects a single package, populating Result with its pairs of +// constrained types. +// +// The result is non-canonical and thus may contain duplicates (but this +// tends to preserves names of interface types better). +// +// The package must be free of type errors, and +// info.{Defs,Uses,Selections,Types} must have been populated by the +// type-checker. +func (f *Finder) Find(info *types.Info, files []*ast.File) { + if info.Defs == nil || info.Uses == nil || info.Selections == nil || info.Types == nil { + panic("Finder.Find: one of info.{Defs,Uses,Selections.Types} is not populated") + } + if f.Result == nil { + f.Result = make(map[Constraint]bool) + } + + f.info = info + for _, file := range files { + for _, d := range file.Decls { + switch d := d.(type) { + case *ast.GenDecl: + if d.Tok == token.VAR { // ignore consts + for _, spec := range d.Specs { + f.valueSpec(spec.(*ast.ValueSpec)) + } + } + + case *ast.FuncDecl: + if d.Body != nil { + f.sig = f.info.Defs[d.Name].Type().(*types.Signature) + f.stmt(d.Body) + f.sig = nil + } + } + } + } + f.info = nil +} + +var ( + tInvalid = types.Typ[types.Invalid] + tUntypedBool = types.Typ[types.UntypedBool] + tUntypedNil = types.Typ[types.UntypedNil] +) + +// exprN visits an expression in a multi-value context. +func (f *Finder) exprN(e ast.Expr) types.Type { + typ := f.info.Types[e].Type.(*types.Tuple) + switch e := e.(type) { + case *ast.ParenExpr: + return f.exprN(e.X) + + case *ast.CallExpr: + // x, err := f(args) + sig := typeparams.CoreType(f.expr(e.Fun)).(*types.Signature) + f.call(sig, e.Args) + + case *ast.IndexExpr: + // y, ok := x[i] + x := f.expr(e.X) + f.assign(f.expr(e.Index), typeparams.CoreType(x).(*types.Map).Key()) + + case *ast.TypeAssertExpr: + // y, ok := x.(T) + f.typeAssert(f.expr(e.X), typ.At(0).Type()) + + case *ast.UnaryExpr: // must be receive <- + // y, ok := <-x + f.expr(e.X) + + default: + panic(e) + } + return typ +} + +func (f *Finder) call(sig *types.Signature, args []ast.Expr) { + if len(args) == 0 { + return + } + + // Ellipsis call? e.g. f(x, y, z...) + if _, ok := args[len(args)-1].(*ast.Ellipsis); ok { + for i, arg := range args { + // The final arg is a slice, and so is the final param. + f.assign(sig.Params().At(i).Type(), f.expr(arg)) + } + return + } + + var argtypes []types.Type + + // Gather the effective actual parameter types. + if tuple, ok := f.info.Types[args[0]].Type.(*types.Tuple); ok { + // f(g()) call where g has multiple results? + f.expr(args[0]) + // unpack the tuple + for v := range tuple.Variables() { + argtypes = append(argtypes, v.Type()) + } + } else { + for _, arg := range args { + argtypes = append(argtypes, f.expr(arg)) + } + } + + // Assign the actuals to the formals. + if !sig.Variadic() { + for i, argtype := range argtypes { + f.assign(sig.Params().At(i).Type(), argtype) + } + } else { + // The first n-1 parameters are assigned normally. + nnormals := sig.Params().Len() - 1 + for i, argtype := range argtypes[:nnormals] { + f.assign(sig.Params().At(i).Type(), argtype) + } + // Remaining args are assigned to elements of varargs slice. + tElem := sig.Params().At(nnormals).Type().(*types.Slice).Elem() + for i := nnormals; i < len(argtypes); i++ { + f.assign(tElem, argtypes[i]) + } + } +} + +// builtin visits the arguments of a builtin type with signature sig. +func (f *Finder) builtin(obj *types.Builtin, sig *types.Signature, args []ast.Expr) { + switch obj.Name() { + case "make", "new": + for i, arg := range args { + if i == 0 && f.info.Types[arg].IsType() { + continue // skip the type operand + } + f.expr(arg) + } + + case "append": + s := f.expr(args[0]) + if _, ok := args[len(args)-1].(*ast.Ellipsis); ok && len(args) == 2 { + // append(x, y...) including append([]byte, "foo"...) + f.expr(args[1]) + } else { + // append(x, y, z) + tElem := typeparams.CoreType(s).(*types.Slice).Elem() + for _, arg := range args[1:] { + f.assign(tElem, f.expr(arg)) + } + } + + case "delete": + m := f.expr(args[0]) + k := f.expr(args[1]) + f.assign(typeparams.CoreType(m).(*types.Map).Key(), k) + + default: + // ordinary call + f.call(sig, args) + } +} + +func (f *Finder) extract(tuple types.Type, i int) types.Type { + if tuple, ok := tuple.(*types.Tuple); ok && i < tuple.Len() { + return tuple.At(i).Type() + } + return tInvalid +} + +func (f *Finder) valueSpec(spec *ast.ValueSpec) { + var T types.Type + if spec.Type != nil { + T = f.info.Types[spec.Type].Type + } + switch len(spec.Values) { + case len(spec.Names): // e.g. var x, y = f(), g() + for _, value := range spec.Values { + v := f.expr(value) + if T != nil { + f.assign(T, v) + } + } + + case 1: // e.g. var x, y = f() + tuple := f.exprN(spec.Values[0]) + for i := range spec.Names { + if T != nil { + f.assign(T, f.extract(tuple, i)) + } + } + } +} + +// assign records pairs of distinct types that are related by +// assignability, where the left-hand side is an interface and both +// sides have methods. +// +// It should be called for all assignability checks, type assertions, +// explicit conversions and comparisons between two types, unless the +// types are uninteresting (e.g. lhs is a concrete type, or the empty +// interface; rhs has no methods). +func (f *Finder) assign(lhs, rhs types.Type) { + if types.Identical(lhs, rhs) { + return + } + if !types.IsInterface(lhs) { + return + } + + if f.msetcache.MethodSet(lhs).Len() == 0 { + return + } + if f.msetcache.MethodSet(rhs).Len() == 0 { + return + } + // record the pair + f.Result[Constraint{lhs, rhs}] = true +} + +// typeAssert must be called for each type assertion x.(T) where x has +// interface type I. +func (f *Finder) typeAssert(I, T types.Type) { + // Type assertions are slightly subtle, because they are allowed + // to be "impossible", e.g. + // + // var x interface{f()} + // _ = x.(interface{f()int}) // legal + // + // (In hindsight, the language spec should probably not have + // allowed this, but it's too late to fix now.) + // + // This means that a type assert from I to T isn't exactly a + // constraint that T is assignable to I, but for a refactoring + // tool it is a conditional constraint that, if T is assignable + // to I before a refactoring, it should remain so after. + + if types.AssignableTo(T, I) { + f.assign(I, T) + } +} + +// compare must be called for each comparison x==y. +func (f *Finder) compare(x, y types.Type) { + if types.AssignableTo(x, y) { + f.assign(y, x) + } else if types.AssignableTo(y, x) { + f.assign(x, y) + } +} + +// expr visits a true expression (not a type or defining ident) +// and returns its type. +func (f *Finder) expr(e ast.Expr) types.Type { + tv := f.info.Types[e] + if tv.Value != nil { + return tv.Type // prune the descent for constants + } + + // tv.Type may be nil for an ast.Ident. + + switch e := e.(type) { + case *ast.BadExpr, *ast.BasicLit: + // no-op + + case *ast.Ident: + // (referring idents only) + if obj, ok := f.info.Uses[e]; ok { + return obj.Type() + } + if e.Name == "_" { // e.g. "for _ = range x" + return tInvalid + } + panic("undefined ident: " + e.Name) + + case *ast.Ellipsis: + if e.Elt != nil { + f.expr(e.Elt) + } + + case *ast.FuncLit: + saved := f.sig + f.sig = tv.Type.(*types.Signature) + f.stmt(e.Body) + f.sig = saved + + case *ast.CompositeLit: + switch T := typeparams.CoreType(typeparams.Deref(tv.Type)).(type) { + case *types.Struct: + for i, elem := range e.Elts { + if kv, ok := elem.(*ast.KeyValueExpr); ok { + f.assign(f.info.Uses[kv.Key.(*ast.Ident)].Type(), f.expr(kv.Value)) + } else { + f.assign(T.Field(i).Type(), f.expr(elem)) + } + } + + case *types.Map: + for _, elem := range e.Elts { + elem := elem.(*ast.KeyValueExpr) + f.assign(T.Key(), f.expr(elem.Key)) + f.assign(T.Elem(), f.expr(elem.Value)) + } + + case *types.Array, *types.Slice: + tElem := T.(interface { + Elem() types.Type + }).Elem() + for _, elem := range e.Elts { + if kv, ok := elem.(*ast.KeyValueExpr); ok { + // ignore the key + f.assign(tElem, f.expr(kv.Value)) + } else { + f.assign(tElem, f.expr(elem)) + } + } + + default: + panic(fmt.Sprintf("unexpected composite literal type %T: %v", tv.Type, tv.Type.String())) + } + + case *ast.ParenExpr: + f.expr(e.X) + + case *ast.SelectorExpr: + if _, ok := f.info.Selections[e]; ok { + f.expr(e.X) // selection + } else { + return f.info.Uses[e.Sel].Type() // qualified identifier + } + + case *ast.IndexExpr: + if instance(f.info, e.X) { + // f[T] or C[T] -- generic instantiation + } else { + // x[i] or m[k] -- index or lookup operation + x := f.expr(e.X) + i := f.expr(e.Index) + if ux, ok := typeparams.CoreType(x).(*types.Map); ok { + f.assign(ux.Key(), i) + } + } + + case *ast.IndexListExpr: + // f[X, Y] -- generic instantiation + + case *ast.SliceExpr: + f.expr(e.X) + if e.Low != nil { + f.expr(e.Low) + } + if e.High != nil { + f.expr(e.High) + } + if e.Max != nil { + f.expr(e.Max) + } + + case *ast.TypeAssertExpr: + x := f.expr(e.X) + f.typeAssert(x, f.info.Types[e.Type].Type) + + case *ast.CallExpr: + if tvFun := f.info.Types[e.Fun]; tvFun.IsType() { + // conversion + arg0 := f.expr(e.Args[0]) + f.assign(tvFun.Type, arg0) + } else { + // function call + + // unsafe call. Treat calls to functions in unsafe like ordinary calls, + // except that their signature cannot be determined by their func obj. + // Without this special handling, f.expr(e.Fun) would fail below. + if s, ok := ast.Unparen(e.Fun).(*ast.SelectorExpr); ok { + if obj, ok := f.info.Uses[s.Sel].(*types.Builtin); ok && obj.Pkg().Path() == "unsafe" { + sig := f.info.Types[e.Fun].Type.(*types.Signature) + f.call(sig, e.Args) + return tv.Type + } + } + + // builtin call + if id, ok := ast.Unparen(e.Fun).(*ast.Ident); ok { + if obj, ok := f.info.Uses[id].(*types.Builtin); ok { + sig := f.info.Types[id].Type.(*types.Signature) + f.builtin(obj, sig, e.Args) + return tv.Type + } + } + + // ordinary call + f.call(typeparams.CoreType(f.expr(e.Fun)).(*types.Signature), e.Args) + } + + case *ast.StarExpr: + f.expr(e.X) + + case *ast.UnaryExpr: + f.expr(e.X) + + case *ast.BinaryExpr: + x := f.expr(e.X) + y := f.expr(e.Y) + if e.Op == token.EQL || e.Op == token.NEQ { + f.compare(x, y) + } + + case *ast.KeyValueExpr: + f.expr(e.Key) + f.expr(e.Value) + + case *ast.ArrayType, + *ast.StructType, + *ast.FuncType, + *ast.InterfaceType, + *ast.MapType, + *ast.ChanType: + panic(e) + } + + if tv.Type == nil { + panic(fmt.Sprintf("no type for %T", e)) + } + + return tv.Type +} + +func (f *Finder) stmt(s ast.Stmt) { + switch s := s.(type) { + case *ast.BadStmt, + *ast.EmptyStmt, + *ast.BranchStmt: + // no-op + + case *ast.DeclStmt: + d := s.Decl.(*ast.GenDecl) + if d.Tok == token.VAR { // ignore consts + for _, spec := range d.Specs { + f.valueSpec(spec.(*ast.ValueSpec)) + } + } + + case *ast.LabeledStmt: + f.stmt(s.Stmt) + + case *ast.ExprStmt: + f.expr(s.X) + + case *ast.SendStmt: + ch := f.expr(s.Chan) + val := f.expr(s.Value) + f.assign(typeparams.CoreType(ch).(*types.Chan).Elem(), val) + + case *ast.IncDecStmt: + f.expr(s.X) + + case *ast.AssignStmt: + switch s.Tok { + case token.ASSIGN, token.DEFINE: + // y := x or y = x + var rhsTuple types.Type + if len(s.Lhs) != len(s.Rhs) { + rhsTuple = f.exprN(s.Rhs[0]) + } + for i := range s.Lhs { + var lhs, rhs types.Type + if rhsTuple == nil { + rhs = f.expr(s.Rhs[i]) // 1:1 assignment + } else { + rhs = f.extract(rhsTuple, i) // n:1 assignment + } + + if id, ok := s.Lhs[i].(*ast.Ident); ok { + if id.Name != "_" { + if obj, ok := f.info.Defs[id]; ok { + lhs = obj.Type() // definition + } + } + } + if lhs == nil { + lhs = f.expr(s.Lhs[i]) // assignment + } + f.assign(lhs, rhs) + } + + default: + // y op= x + f.expr(s.Lhs[0]) + f.expr(s.Rhs[0]) + } + + case *ast.GoStmt: + f.expr(s.Call) + + case *ast.DeferStmt: + f.expr(s.Call) + + case *ast.ReturnStmt: + formals := f.sig.Results() + switch len(s.Results) { + case formals.Len(): // 1:1 + for i, result := range s.Results { + f.assign(formals.At(i).Type(), f.expr(result)) + } + + case 1: // n:1 + tuple := f.exprN(s.Results[0]) + for i := 0; i < formals.Len(); i++ { + f.assign(formals.At(i).Type(), f.extract(tuple, i)) + } + } + + case *ast.SelectStmt: + f.stmt(s.Body) + + case *ast.BlockStmt: + for _, s := range s.List { + f.stmt(s) + } + + case *ast.IfStmt: + if s.Init != nil { + f.stmt(s.Init) + } + f.expr(s.Cond) + f.stmt(s.Body) + if s.Else != nil { + f.stmt(s.Else) + } + + case *ast.SwitchStmt: + if s.Init != nil { + f.stmt(s.Init) + } + var tag types.Type = tUntypedBool + if s.Tag != nil { + tag = f.expr(s.Tag) + } + for _, cc := range s.Body.List { + cc := cc.(*ast.CaseClause) + for _, cond := range cc.List { + f.compare(tag, f.info.Types[cond].Type) + } + for _, s := range cc.Body { + f.stmt(s) + } + } + + case *ast.TypeSwitchStmt: + if s.Init != nil { + f.stmt(s.Init) + } + var I types.Type + switch ass := s.Assign.(type) { + case *ast.ExprStmt: // x.(type) + I = f.expr(ast.Unparen(ass.X).(*ast.TypeAssertExpr).X) + case *ast.AssignStmt: // y := x.(type) + I = f.expr(ast.Unparen(ass.Rhs[0]).(*ast.TypeAssertExpr).X) + } + for _, cc := range s.Body.List { + cc := cc.(*ast.CaseClause) + for _, cond := range cc.List { + tCase := f.info.Types[cond].Type + if tCase != tUntypedNil { + f.typeAssert(I, tCase) + } + } + for _, s := range cc.Body { + f.stmt(s) + } + } + + case *ast.CommClause: + if s.Comm != nil { + f.stmt(s.Comm) + } + for _, s := range s.Body { + f.stmt(s) + } + + case *ast.ForStmt: + if s.Init != nil { + f.stmt(s.Init) + } + if s.Cond != nil { + f.expr(s.Cond) + } + if s.Post != nil { + f.stmt(s.Post) + } + f.stmt(s.Body) + + case *ast.RangeStmt: + x := f.expr(s.X) + // No conversions are involved when Tok==DEFINE. + if s.Tok == token.ASSIGN { + if s.Key != nil { + k := f.expr(s.Key) + var xelem types.Type + // Keys of array, *array, slice, string aren't interesting + // since the RHS key type is just an int. + switch ux := typeparams.CoreType(x).(type) { + case *types.Chan: + xelem = ux.Elem() + case *types.Map: + xelem = ux.Key() + } + if xelem != nil { + f.assign(k, xelem) + } + } + if s.Value != nil { + val := f.expr(s.Value) + var xelem types.Type + // Values of type strings aren't interesting because + // the RHS value type is just a rune. + switch ux := typeparams.CoreType(x).(type) { + case *types.Array: + xelem = ux.Elem() + case *types.Map: + xelem = ux.Elem() + case *types.Pointer: // *array + xelem = typeparams.CoreType(typeparams.Deref(ux)).(*types.Array).Elem() + case *types.Slice: + xelem = ux.Elem() + } + if xelem != nil { + f.assign(val, xelem) + } + } + } + f.stmt(s.Body) + + default: + panic(s) + } +} + +// -- Plundered from golang.org/x/tools/go/ssa ----------------- + +func instance(info *types.Info, expr ast.Expr) bool { + var id *ast.Ident + switch x := expr.(type) { + case *ast.Ident: + id = x + case *ast.SelectorExpr: + id = x.Sel + default: + return false + } + _, ok := info.Instances[id] + return ok +} diff --git a/vendor/k8s.io/utils/buffer/ring_fixed.go b/vendor/k8s.io/utils/buffer/ring_fixed.go new file mode 100644 index 0000000000..a104e12a38 --- /dev/null +++ b/vendor/k8s.io/utils/buffer/ring_fixed.go @@ -0,0 +1,120 @@ +/* +Copyright 2025 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package buffer + +import ( + "errors" + "io" +) + +// Compile-time check that *TypedRingFixed[byte] implements io.Writer. +var _ io.Writer = (*TypedRingFixed[byte])(nil) + +// ErrInvalidSize indicates size must be > 0 +var ErrInvalidSize = errors.New("size must be positive") + +// TypedRingFixed is a fixed-size circular buffer for elements of type T. +// Writes overwrite older data, keeping only the last N elements. +// Not thread safe. +type TypedRingFixed[T any] struct { + data []T + size int + writeCursor int + written int64 +} + +// NewTypedRingFixed creates a circular buffer with the given capacity (must be > 0). +func NewTypedRingFixed[T any](size int) (*TypedRingFixed[T], error) { + if size <= 0 { + return nil, ErrInvalidSize + } + return &TypedRingFixed[T]{ + data: make([]T, size), + size: size, + }, nil +} + +// Write writes p to the buffer, overwriting old data if needed. +func (r *TypedRingFixed[T]) Write(p []T) (int, error) { + originalLen := len(p) + r.written += int64(originalLen) + + // If the input is larger than our buffer, only keep the last 'size' elements + if originalLen > r.size { + p = p[originalLen-r.size:] + } + + // Copy data, handling wrap-around + n := len(p) + remain := r.size - r.writeCursor + if n <= remain { + copy(r.data[r.writeCursor:], p) + } else { + copy(r.data[r.writeCursor:], p[:remain]) + copy(r.data, p[remain:]) + } + + r.writeCursor = (r.writeCursor + n) % r.size + return originalLen, nil +} + +// Slice returns buffer contents in write order. Don't modify the returned slice. +func (r *TypedRingFixed[T]) Slice() []T { + if r.written == 0 { + return nil + } + + // Buffer hasn't wrapped yet + if r.written < int64(r.size) { + return r.data[:r.writeCursor] + } + + // Buffer has wrapped - need to return data in correct order + // Data from writeCursor to end is oldest, data from 0 to writeCursor is newest + if r.writeCursor == 0 { + return r.data + } + + out := make([]T, r.size) + copy(out, r.data[r.writeCursor:]) + copy(out[r.size-r.writeCursor:], r.data[:r.writeCursor]) + return out +} + +// Size returns the buffer capacity. +func (r *TypedRingFixed[T]) Size() int { + return r.size +} + +// Len returns how many elements are currently in the buffer. +func (r *TypedRingFixed[T]) Len() int { + if r.written < int64(r.size) { + return int(r.written) + } + return r.size +} + +// TotalWritten returns total elements ever written (including overwritten ones). +func (r *TypedRingFixed[T]) TotalWritten() int64 { + return r.written +} + +// Reset clears the buffer. +func (r *TypedRingFixed[T]) Reset() { + r.writeCursor = 0 + r.written = 0 +} diff --git a/vendor/k8s.io/utils/exec/exec.go b/vendor/k8s.io/utils/exec/exec.go index d9c91e3ca3..b7cde7fd83 100644 --- a/vendor/k8s.io/utils/exec/exec.go +++ b/vendor/k8s.io/utils/exec/exec.go @@ -18,6 +18,7 @@ package exec import ( "context" + "errors" "io" "io/fs" osexec "os/exec" @@ -97,6 +98,21 @@ func New() Interface { return &executor{} } +// maskErrDotCmd reverts the behavior of osexec.Cmd to what it was before go1.19 +// specifically set the Err field to nil (LookPath returns a new error when the file +// is resolved to the current directory. +func maskErrDotCmd(cmd *osexec.Cmd) *osexec.Cmd { + cmd.Err = maskErrDot(cmd.Err) + return cmd +} + +func maskErrDot(err error) error { + if err != nil && errors.Is(err, osexec.ErrDot) { + return nil + } + return err +} + // Command is part of the Interface interface. func (executor *executor) Command(cmd string, args ...string) Cmd { return (*cmdWrapper)(maskErrDotCmd(osexec.Command(cmd, args...))) diff --git a/vendor/k8s.io/utils/exec/fixup_go118.go b/vendor/k8s.io/utils/exec/fixup_go118.go deleted file mode 100644 index acf45f1cd5..0000000000 --- a/vendor/k8s.io/utils/exec/fixup_go118.go +++ /dev/null @@ -1,32 +0,0 @@ -//go:build !go1.19 -// +build !go1.19 - -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package exec - -import ( - osexec "os/exec" -) - -func maskErrDotCmd(cmd *osexec.Cmd) *osexec.Cmd { - return cmd -} - -func maskErrDot(err error) error { - return err -} diff --git a/vendor/k8s.io/utils/exec/fixup_go119.go b/vendor/k8s.io/utils/exec/fixup_go119.go deleted file mode 100644 index 55874c9297..0000000000 --- a/vendor/k8s.io/utils/exec/fixup_go119.go +++ /dev/null @@ -1,40 +0,0 @@ -//go:build go1.19 -// +build go1.19 - -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package exec - -import ( - "errors" - osexec "os/exec" -) - -// maskErrDotCmd reverts the behavior of osexec.Cmd to what it was before go1.19 -// specifically set the Err field to nil (LookPath returns a new error when the file -// is resolved to the current directory. -func maskErrDotCmd(cmd *osexec.Cmd) *osexec.Cmd { - cmd.Err = maskErrDot(cmd.Err) - return cmd -} - -func maskErrDot(err error) error { - if err != nil && errors.Is(err, osexec.ErrDot) { - return nil - } - return err -} diff --git a/vendor/k8s.io/utils/strings/slices/slices.go b/vendor/k8s.io/utils/strings/slices/slices.go deleted file mode 100644 index 8e21838f24..0000000000 --- a/vendor/k8s.io/utils/strings/slices/slices.go +++ /dev/null @@ -1,82 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package slices defines various functions useful with slices of string type. -// The goal is to be as close as possible to -// https://github.com/golang/go/issues/45955. Ideal would be if we can just -// replace "stringslices" if the "slices" package becomes standard. -package slices - -// Equal reports whether two slices are equal: the same length and all -// elements equal. If the lengths are different, Equal returns false. -// Otherwise, the elements are compared in index order, and the -// comparison stops at the first unequal pair. -func Equal(s1, s2 []string) bool { - if len(s1) != len(s2) { - return false - } - for i, n := range s1 { - if n != s2[i] { - return false - } - } - return true -} - -// Filter appends to d each element e of s for which keep(e) returns true. -// It returns the modified d. d may be s[:0], in which case the kept -// elements will be stored in the same slice. -// if the slices overlap in some other way, the results are unspecified. -// To create a new slice with the filtered results, pass nil for d. -func Filter(d, s []string, keep func(string) bool) []string { - for _, n := range s { - if keep(n) { - d = append(d, n) - } - } - return d -} - -// Contains reports whether v is present in s. -func Contains(s []string, v string) bool { - return Index(s, v) >= 0 -} - -// Index returns the index of the first occurrence of v in s, or -1 if -// not present. -func Index(s []string, v string) int { - // "Contains" may be replaced with "Index(s, v) >= 0": - // https://github.com/golang/go/issues/45955#issuecomment-873377947 - for i, n := range s { - if n == v { - return i - } - } - return -1 -} - -// Functions below are not in https://github.com/golang/go/issues/45955 - -// Clone returns a new clone of s. -func Clone(s []string) []string { - // https://github.com/go101/go101/wiki/There-is-not-a-perfect-way-to-clone-slices-in-Go - if s == nil { - return nil - } - c := make([]string, len(s)) - copy(c, s) - return c -} diff --git a/vendor/modules.txt b/vendor/modules.txt index f08aa4ccaa..6d49944c0d 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -654,8 +654,8 @@ github.com/google/go-cmp/cmp/internal/diff github.com/google/go-cmp/cmp/internal/flags github.com/google/go-cmp/cmp/internal/function github.com/google/go-cmp/cmp/internal/value -# github.com/google/pprof v0.0.0-20250403155104-27863c87afa6 -## explicit; go 1.23 +# github.com/google/pprof v0.0.0-20260115054156-294ebfa9ad83 +## explicit; go 1.24.0 github.com/google/pprof/profile # github.com/google/uuid v1.6.0 ## explicit @@ -903,7 +903,7 @@ github.com/nunnatsa/ginkgolinter/version # github.com/olekukonko/tablewriter v0.0.5 ## explicit; go 1.12 github.com/olekukonko/tablewriter -# github.com/onsi/ginkgo/v2 v2.27.2 => github.com/openshift/onsi-ginkgo/v2 v2.6.1-0.20260303184444-1cc650aa0565 +# github.com/onsi/ginkgo/v2 v2.28.1 => github.com/openshift/onsi-ginkgo/v2 v2.6.1-0.20260303184444-1cc650aa0565 ## explicit; go 1.23.0 github.com/onsi/ginkgo/v2 github.com/onsi/ginkgo/v2/config @@ -927,8 +927,8 @@ github.com/onsi/ginkgo/v2/internal/reporters github.com/onsi/ginkgo/v2/internal/testingtproxy github.com/onsi/ginkgo/v2/reporters github.com/onsi/ginkgo/v2/types -# github.com/onsi/gomega v1.38.2 -## explicit; go 1.23.0 +# github.com/onsi/gomega v1.39.1 +## explicit; go 1.24.0 github.com/onsi/gomega github.com/onsi/gomega/format github.com/onsi/gomega/gcustom @@ -986,7 +986,7 @@ github.com/openshift-eng/openshift-tests-extension/pkg/ginkgo github.com/openshift-eng/openshift-tests-extension/pkg/junit github.com/openshift-eng/openshift-tests-extension/pkg/util/sets github.com/openshift-eng/openshift-tests-extension/pkg/version -# github.com/openshift/api v0.0.0-20260305140000-0790d2957f54 +# github.com/openshift/api v0.0.0-20260317165824-54a3998d81eb ## explicit; go 1.25.0 github.com/openshift/api github.com/openshift/api/annotations @@ -1065,7 +1065,7 @@ github.com/openshift/api/template github.com/openshift/api/template/v1 github.com/openshift/api/user github.com/openshift/api/user/v1 -# github.com/openshift/client-go v0.0.0-20260305144912-aba4b273812d +# github.com/openshift/client-go v0.0.0-20260317180604-743f664b82d1 ## explicit; go 1.25.0 github.com/openshift/client-go/config/applyconfigurations github.com/openshift/client-go/config/applyconfigurations/config/v1 @@ -1122,7 +1122,10 @@ github.com/openshift/cluster-api-actuator-pkg/testutils/resourcebuilder/machine/ github.com/openshift/cluster-control-plane-machine-set-operator/pkg/machineproviders/providers/openshift/machine/v1beta1/failuredomain github.com/openshift/cluster-control-plane-machine-set-operator/pkg/machineproviders/providers/openshift/machine/v1beta1/providerconfig github.com/openshift/cluster-control-plane-machine-set-operator/test/e2e/framework -# github.com/openshift/library-go v0.0.0-20260303171201-5d9eb6295ff6 +# github.com/openshift/controller-runtime-common v0.0.0-20260318085703-1812aed6dbd2 +## explicit; go 1.25.0 +github.com/openshift/controller-runtime-common/pkg/tls +# github.com/openshift/library-go v0.0.0-20260318142011-72bf34f474bc ## explicit; go 1.25.0 github.com/openshift/library-go/pkg/apiserver/jsonpatch github.com/openshift/library-go/pkg/authorization/hardcodedauthorizer @@ -1577,7 +1580,7 @@ go.yaml.in/yaml/v2 # go.yaml.in/yaml/v3 v3.0.4 ## explicit; go 1.16 go.yaml.in/yaml/v3 -# golang.org/x/crypto v0.45.0 +# golang.org/x/crypto v0.47.0 ## explicit; go 1.24.0 golang.org/x/crypto/blowfish golang.org/x/crypto/chacha20 @@ -1600,13 +1603,13 @@ golang.org/x/exp/slices # golang.org/x/exp/typeparams v0.0.0-20250210185358-939b2ce775ac ## explicit; go 1.18 golang.org/x/exp/typeparams -# golang.org/x/mod v0.29.0 +# golang.org/x/mod v0.32.0 ## explicit; go 1.24.0 golang.org/x/mod/internal/lazyregexp golang.org/x/mod/modfile golang.org/x/mod/module golang.org/x/mod/semver -# golang.org/x/net v0.47.0 +# golang.org/x/net v0.49.0 ## explicit; go 1.24.0 golang.org/x/net/context golang.org/x/net/html @@ -1626,12 +1629,12 @@ golang.org/x/net/websocket ## explicit; go 1.23.0 golang.org/x/oauth2 golang.org/x/oauth2/internal -# golang.org/x/sync v0.18.0 +# golang.org/x/sync v0.19.0 ## explicit; go 1.24.0 golang.org/x/sync/errgroup golang.org/x/sync/semaphore golang.org/x/sync/singleflight -# golang.org/x/sys v0.38.0 +# golang.org/x/sys v0.40.0 ## explicit; go 1.24.0 golang.org/x/sys/cpu golang.org/x/sys/plan9 @@ -1640,10 +1643,10 @@ golang.org/x/sys/windows golang.org/x/sys/windows/registry golang.org/x/sys/windows/svc golang.org/x/sys/windows/svc/mgr -# golang.org/x/term v0.37.0 +# golang.org/x/term v0.39.0 ## explicit; go 1.24.0 golang.org/x/term -# golang.org/x/text v0.31.0 +# golang.org/x/text v0.33.0 ## explicit; go 1.24.0 golang.org/x/text/cases golang.org/x/text/encoding @@ -1678,7 +1681,7 @@ golang.org/x/text/width # golang.org/x/time v0.14.0 ## explicit; go 1.24.0 golang.org/x/time/rate -# golang.org/x/tools v0.38.0 +# golang.org/x/tools v0.41.0 ## explicit; go 1.24.0 golang.org/x/tools/cover golang.org/x/tools/go/analysis @@ -1704,7 +1707,6 @@ golang.org/x/tools/go/analysis/passes/framepointer golang.org/x/tools/go/analysis/passes/httpresponse golang.org/x/tools/go/analysis/passes/ifaceassert golang.org/x/tools/go/analysis/passes/inspect -golang.org/x/tools/go/analysis/passes/internal/analysisutil golang.org/x/tools/go/analysis/passes/loopclosure golang.org/x/tools/go/analysis/passes/lostcancel golang.org/x/tools/go/analysis/passes/nilfunc @@ -1745,8 +1747,8 @@ golang.org/x/tools/go/types/objectpath golang.org/x/tools/go/types/typeutil golang.org/x/tools/imports golang.org/x/tools/internal/aliases -golang.org/x/tools/internal/analysisinternal -golang.org/x/tools/internal/analysisinternal/typeindex +golang.org/x/tools/internal/analysis/analyzerutil +golang.org/x/tools/internal/analysis/typeindex golang.org/x/tools/internal/astutil golang.org/x/tools/internal/event golang.org/x/tools/internal/event/core @@ -1759,6 +1761,7 @@ golang.org/x/tools/internal/gopathwalk golang.org/x/tools/internal/imports golang.org/x/tools/internal/modindex golang.org/x/tools/internal/moreiters +golang.org/x/tools/internal/packagepath golang.org/x/tools/internal/packagesinternal golang.org/x/tools/internal/pkgbits golang.org/x/tools/internal/refactor @@ -1767,6 +1770,7 @@ golang.org/x/tools/internal/typeparams golang.org/x/tools/internal/typesinternal golang.org/x/tools/internal/typesinternal/typeindex golang.org/x/tools/internal/versions +golang.org/x/tools/refactor/satisfy # golang.org/x/tools/go/expect v0.1.1-deprecated ## explicit; go 1.23.0 # gomodules.xyz/jsonpatch/v2 v2.5.0 @@ -2101,7 +2105,7 @@ honnef.co/go/tools/stylecheck/st1021 honnef.co/go/tools/stylecheck/st1022 honnef.co/go/tools/stylecheck/st1023 honnef.co/go/tools/unused -# k8s.io/api v0.35.1 +# k8s.io/api v0.35.2 ## explicit; go 1.25.0 k8s.io/api/admission/v1 k8s.io/api/admission/v1beta1 @@ -2213,7 +2217,7 @@ k8s.io/apiextensions-apiserver/pkg/registry/customresource/tableconvertor k8s.io/apiextensions-apiserver/pkg/registry/customresourcedefinition k8s.io/apiextensions-apiserver/test/integration k8s.io/apiextensions-apiserver/test/integration/fixtures -# k8s.io/apimachinery v0.35.1 +# k8s.io/apimachinery v0.35.2 ## explicit; go 1.25.0 k8s.io/apimachinery/pkg/api/apitesting k8s.io/apimachinery/pkg/api/apitesting/fuzzer @@ -2477,7 +2481,7 @@ k8s.io/cli-runtime/pkg/genericclioptions k8s.io/cli-runtime/pkg/genericiooptions k8s.io/cli-runtime/pkg/printers k8s.io/cli-runtime/pkg/resource -# k8s.io/client-go v0.35.1 +# k8s.io/client-go v0.35.2 ## explicit; go 1.25.0 k8s.io/client-go/applyconfigurations k8s.io/client-go/applyconfigurations/admissionregistration/v1 @@ -3489,8 +3493,8 @@ k8s.io/sample-apiserver/pkg/apis/wardle/v1beta1 k8s.io/sample-apiserver/pkg/generated/applyconfiguration/wardle/v1alpha1 k8s.io/sample-apiserver/pkg/generated/clientset/versioned/scheme k8s.io/sample-apiserver/pkg/generated/clientset/versioned/typed/wardle/v1alpha1 -# k8s.io/utils v0.0.0-20251002143259-bc988d571ff4 -## explicit; go 1.18 +# k8s.io/utils v0.0.0-20260210185600-b8788abfbbc2 +## explicit; go 1.23 k8s.io/utils/buffer k8s.io/utils/clock k8s.io/utils/cpuset @@ -3506,7 +3510,6 @@ k8s.io/utils/net k8s.io/utils/path k8s.io/utils/ptr k8s.io/utils/strings -k8s.io/utils/strings/slices k8s.io/utils/trace # mvdan.cc/gofumpt v0.7.0 ## explicit; go 1.22 @@ -3576,6 +3579,7 @@ sigs.k8s.io/controller-runtime/pkg/log sigs.k8s.io/controller-runtime/pkg/manager sigs.k8s.io/controller-runtime/pkg/manager/signals sigs.k8s.io/controller-runtime/pkg/metrics +sigs.k8s.io/controller-runtime/pkg/metrics/filters sigs.k8s.io/controller-runtime/pkg/metrics/server sigs.k8s.io/controller-runtime/pkg/predicate sigs.k8s.io/controller-runtime/pkg/reconcile diff --git a/vendor/sigs.k8s.io/controller-runtime/pkg/metrics/filters/filters.go b/vendor/sigs.k8s.io/controller-runtime/pkg/metrics/filters/filters.go new file mode 100644 index 0000000000..1659502bcf --- /dev/null +++ b/vendor/sigs.k8s.io/controller-runtime/pkg/metrics/filters/filters.go @@ -0,0 +1,122 @@ +package filters + +import ( + "fmt" + "net/http" + "strings" + "time" + + "github.com/go-logr/logr" + "k8s.io/apimachinery/pkg/util/wait" + "k8s.io/apiserver/pkg/apis/apiserver" + "k8s.io/apiserver/pkg/authentication/authenticatorfactory" + "k8s.io/apiserver/pkg/authorization/authorizer" + "k8s.io/apiserver/pkg/authorization/authorizerfactory" + authenticationv1 "k8s.io/client-go/kubernetes/typed/authentication/v1" + authorizationv1 "k8s.io/client-go/kubernetes/typed/authorization/v1" + "k8s.io/client-go/rest" + + metricsserver "sigs.k8s.io/controller-runtime/pkg/metrics/server" +) + +// WithAuthenticationAndAuthorization provides a metrics.Filter for authentication and authorization. +// Metrics will be authenticated (via TokenReviews) and authorized (via SubjectAccessReviews) with the +// kube-apiserver. +// For the authentication and authorization the controller needs a ClusterRole +// with the following rules: +// * apiGroups: authentication.k8s.io, resources: tokenreviews, verbs: create +// * apiGroups: authorization.k8s.io, resources: subjectaccessreviews, verbs: create +// +// To scrape metrics e.g. via Prometheus the client needs a ClusterRole +// with the following rule: +// * nonResourceURLs: "/metrics", verbs: get +// +// Note: Please note that configuring this metrics provider will introduce a dependency to "k8s.io/apiserver" +// to your go module. +func WithAuthenticationAndAuthorization(config *rest.Config, httpClient *http.Client) (metricsserver.Filter, error) { + authenticationV1Client, err := authenticationv1.NewForConfigAndClient(config, httpClient) + if err != nil { + return nil, err + } + authorizationV1Client, err := authorizationv1.NewForConfigAndClient(config, httpClient) + if err != nil { + return nil, err + } + + authenticatorConfig := authenticatorfactory.DelegatingAuthenticatorConfig{ + Anonymous: &apiserver.AnonymousAuthConfig{Enabled: false}, // Require authentication. + CacheTTL: 1 * time.Minute, + TokenAccessReviewClient: authenticationV1Client, + TokenAccessReviewTimeout: 10 * time.Second, + // wait.Backoff is copied from: https://github.com/kubernetes/apiserver/blob/v0.29.0/pkg/server/options/authentication.go#L43-L50 + // options.DefaultAuthWebhookRetryBackoff is not used to avoid a dependency on "k8s.io/apiserver/pkg/server/options". + WebhookRetryBackoff: &wait.Backoff{ + Duration: 500 * time.Millisecond, + Factor: 1.5, + Jitter: 0.2, + Steps: 5, + }, + } + delegatingAuthenticator, _, err := authenticatorConfig.New() + if err != nil { + return nil, fmt.Errorf("failed to create authenticator: %w", err) + } + + authorizerConfig := authorizerfactory.DelegatingAuthorizerConfig{ + SubjectAccessReviewClient: authorizationV1Client, + AllowCacheTTL: 5 * time.Minute, + DenyCacheTTL: 30 * time.Second, + // wait.Backoff is copied from: https://github.com/kubernetes/apiserver/blob/v0.29.0/pkg/server/options/authentication.go#L43-L50 + // options.DefaultAuthWebhookRetryBackoff is not used to avoid a dependency on "k8s.io/apiserver/pkg/server/options". + WebhookRetryBackoff: &wait.Backoff{ + Duration: 500 * time.Millisecond, + Factor: 1.5, + Jitter: 0.2, + Steps: 5, + }, + } + delegatingAuthorizer, err := authorizerConfig.New() + if err != nil { + return nil, fmt.Errorf("failed to create authorizer: %w", err) + } + + return func(log logr.Logger, handler http.Handler) (http.Handler, error) { + return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) { + ctx := req.Context() + + res, ok, err := delegatingAuthenticator.AuthenticateRequest(req) + if err != nil { + log.Error(err, "Authentication failed") + http.Error(w, "Authentication failed", http.StatusInternalServerError) + return + } + if !ok { + log.V(4).Info("Authentication failed") + http.Error(w, "Unauthorized", http.StatusUnauthorized) + return + } + + attributes := authorizer.AttributesRecord{ + User: res.User, + Verb: strings.ToLower(req.Method), + Path: req.URL.Path, + } + + authorized, reason, err := delegatingAuthorizer.Authorize(ctx, attributes) + if err != nil { + msg := fmt.Sprintf("Authorization for user %s failed", attributes.User.GetName()) + log.Error(err, msg) + http.Error(w, msg, http.StatusInternalServerError) + return + } + if authorized != authorizer.DecisionAllow { + msg := fmt.Sprintf("Authorization denied for user %s", attributes.User.GetName()) + log.V(4).Info(fmt.Sprintf("%s: %s", msg, reason)) + http.Error(w, msg, http.StatusForbidden) + return + } + + handler.ServeHTTP(w, req) + }), nil + }, nil +} From 140084f5b545b1e344669232f5831a9181bd12ce Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Radek=20Ma=C5=88=C3=A1k?= Date: Fri, 20 Mar 2026 12:19:05 +0100 Subject: [PATCH 14/15] Honor API server TLS adherence policy for TLS args. Only apply cluster TLS profile arguments when adherence requires it, and restart on either TLS profile or adherence-policy changes. --- AGENTS.md | 3 +- cmd/machine-api-operator/start.go | 76 +++++++---- cmd/machineset/main.go | 2 +- cmd/vsphere/main.go | 2 +- pkg/controller/machine/controller.go | 2 +- pkg/controller/machine/drain_controller.go | 2 +- .../machine/machine_controller_test.go | 2 - .../machinehealthcheck_controller.go | 2 +- pkg/controller/machineset/controller.go | 2 +- pkg/controller/vsphere/actuator_test.go | 2 +- .../vsphere/machineset/controller.go | 2 +- pkg/operator/config.go | 13 +- pkg/operator/operator.go | 7 +- pkg/operator/sync.go | 6 +- pkg/operator/sync_test.go | 124 +++++++++++------- 15 files changed, 153 insertions(+), 94 deletions(-) diff --git a/AGENTS.md b/AGENTS.md index ed677b30ce..175344698e 100644 --- a/AGENTS.md +++ b/AGENTS.md @@ -66,8 +66,7 @@ make test-e2e # E2E tests (requires KUBECONFIG) ### Running Specific Package Tests ```bash -KUBEBUILDER_ASSETS="$(go run ./vendor/sigs.k8s.io/controller-runtime/tools/setup-envtest use 1.34.1 -p path --bin-dir ./bin --index https://raw.githubusercontent.com/openshift/api/master/envtest-releases.yaml)" \ -go run ./vendor/github.com/onsi/ginkgo/v2/ginkgo -v ./pkg/controller/machine/... +TEST_PACKAGES="$(go list -f '{{ .Dir }}' ./pkg/controller/machine/...)" make unit ``` ### Ginkgo Configuration diff --git a/cmd/machine-api-operator/start.go b/cmd/machine-api-operator/start.go index b034fab511..da41129f2f 100644 --- a/cmd/machine-api-operator/start.go +++ b/cmd/machine-api-operator/start.go @@ -29,6 +29,7 @@ import ( osconfigv1 "github.com/openshift/api/config/v1" osclientset "github.com/openshift/client-go/config/clientset/versioned" utiltls "github.com/openshift/controller-runtime-common/pkg/tls" + libgocrypto "github.com/openshift/library-go/pkg/crypto" "github.com/openshift/library-go/pkg/operator/events" maometrics "github.com/openshift/machine-api-operator/pkg/metrics" "github.com/openshift/machine-api-operator/pkg/operator" @@ -266,14 +267,23 @@ func metricsTLSOptions(ctx *ControllerContext) ([]func(*tls.Config), error) { return nil, fmt.Errorf("unable to create Kubernetes client: %w", err) } - tlsSecurityProfileSpec, err := utiltls.FetchAPIServerTLSProfile(context.Background(), k8sClient) + tlsAdherencePolicy, err := utiltls.FetchAPIServerTLSAdherencePolicy(context.Background(), k8sClient) if err != nil { - return nil, fmt.Errorf("unable to get TLS profile from API server: %w", err) + return nil, fmt.Errorf("unable to get TLS adherence policy from API server: %w", err) } - tlsConfigFn, unsupportedCiphers := utiltls.NewTLSConfigFromProfile(tlsSecurityProfileSpec) - if len(unsupportedCiphers) > 0 { - klog.Infof("TLS configuration contains unsupported ciphers that will be ignored: %v", unsupportedCiphers) + tlsConfigFn := func(*tls.Config) {} + if libgocrypto.ShouldHonorClusterTLSProfile(tlsAdherencePolicy) { + tlsSecurityProfileSpec, err := utiltls.FetchAPIServerTLSProfile(context.Background(), k8sClient) + if err != nil { + return nil, fmt.Errorf("unable to get TLS profile from API server: %w", err) + } + + var unsupportedCiphers []string + tlsConfigFn, unsupportedCiphers = utiltls.NewTLSConfigFromProfile(tlsSecurityProfileSpec) + if len(unsupportedCiphers) > 0 { + klog.Infof("TLS configuration contains unsupported ciphers that will be ignored: %v", unsupportedCiphers) + } } return []func(*tls.Config){tlsConfigFn}, nil @@ -298,7 +308,7 @@ func newSecureMetricsServer(ctx *ControllerContext, metricsAddr string, tlsOpts func setupTLSProfileWatcher(ctx *ControllerContext, shutdown func()) error { configClient := ctx.ClientBuilder.OpenshiftClientOrDie("tls-profile-watcher") - initialProfile, err := fetchAPIServerTLSProfileSpec(context.Background(), configClient) + initialProfile, initialAdherencePolicy, err := fetchAPIServerTLSSettings(context.Background(), configClient) if err != nil { return err } @@ -306,13 +316,13 @@ func setupTLSProfileWatcher(ctx *ControllerContext, shutdown func()) error { apiServerInformer := ctx.ConfigInformerFactory.Config().V1().APIServers().Informer() _, err = apiServerInformer.AddEventHandler(cache.ResourceEventHandlerFuncs{ AddFunc: func(obj interface{}) { - handleTLSProfileEvent(obj, &initialProfile, shutdown) + handleTLSProfileEvent(obj, &initialProfile, &initialAdherencePolicy, shutdown) }, UpdateFunc: func(_, newObj interface{}) { - handleTLSProfileEvent(newObj, &initialProfile, shutdown) + handleTLSProfileEvent(newObj, &initialProfile, &initialAdherencePolicy, shutdown) }, DeleteFunc: func(obj interface{}) { - handleTLSProfileEvent(obj, &initialProfile, shutdown) + handleTLSProfileEvent(obj, &initialProfile, &initialAdherencePolicy, shutdown) }, }) if err != nil { @@ -322,21 +332,26 @@ func setupTLSProfileWatcher(ctx *ControllerContext, shutdown func()) error { return nil } -func fetchAPIServerTLSProfileSpec(ctx context.Context, configClient osclientset.Interface) (osconfigv1.TLSProfileSpec, error) { +func fetchAPIServerTLSSettings(ctx context.Context, configClient osclientset.Interface) (osconfigv1.TLSProfileSpec, osconfigv1.TLSAdherencePolicy, error) { apiServer, err := configClient.ConfigV1().APIServers().Get(ctx, utiltls.APIServerName, metav1.GetOptions{}) if err != nil { - return osconfigv1.TLSProfileSpec{}, fmt.Errorf("failed to get APIServer %q: %w", utiltls.APIServerName, err) + return osconfigv1.TLSProfileSpec{}, osconfigv1.TLSAdherencePolicyNoOpinion, fmt.Errorf("failed to get APIServer %q: %w", utiltls.APIServerName, err) } profile, err := utiltls.GetTLSProfileSpec(apiServer.Spec.TLSSecurityProfile) if err != nil { - return osconfigv1.TLSProfileSpec{}, fmt.Errorf("failed to get TLS profile from APIServer %q: %w", utiltls.APIServerName, err) + return osconfigv1.TLSProfileSpec{}, osconfigv1.TLSAdherencePolicyNoOpinion, fmt.Errorf("failed to get TLS profile from APIServer %q: %w", utiltls.APIServerName, err) } - return profile, nil + return profile, apiServer.Spec.TLSAdherence, nil } -func handleTLSProfileEvent(obj interface{}, initialProfile *osconfigv1.TLSProfileSpec, shutdown func()) { +func handleTLSProfileEvent( + obj interface{}, + initialProfile *osconfigv1.TLSProfileSpec, + initialAdherencePolicy *osconfigv1.TLSAdherencePolicy, + shutdown func(), +) { apiServer, ok := obj.(*osconfigv1.APIServer) if !ok { return @@ -351,20 +366,31 @@ func handleTLSProfileEvent(obj interface{}, initialProfile *osconfigv1.TLSProfil return } - if reflect.DeepEqual(*initialProfile, currentProfile) { - klog.V(2).Info("TLS security profile unchanged") + profileChanged := !reflect.DeepEqual(*initialProfile, currentProfile) + adherencePolicyChanged := *initialAdherencePolicy != apiServer.Spec.TLSAdherence + if !profileChanged && !adherencePolicyChanged { + klog.V(2).Info("TLS settings unchanged") return } - klog.Infof("TLS security profile has changed, initiating a shutdown to pick up the new configuration: initialMinTLSVersion=%s currentMinTLSVersion=%s initialCiphers=%v currentCiphers=%v", - initialProfile.MinTLSVersion, - currentProfile.MinTLSVersion, - initialProfile.Ciphers, - currentProfile.Ciphers, - ) - - // Persist the new profile for future change detection. - *initialProfile = currentProfile + if profileChanged { + klog.Infof("TLS security profile has changed, initiating a shutdown to pick up the new configuration: initialMinTLSVersion=%s currentMinTLSVersion=%s initialCiphers=%v currentCiphers=%v", + initialProfile.MinTLSVersion, + currentProfile.MinTLSVersion, + initialProfile.Ciphers, + currentProfile.Ciphers, + ) + // Persist the new profile for future change detection. + *initialProfile = currentProfile + } + if adherencePolicyChanged { + klog.Infof("TLS adherence policy has changed, initiating a shutdown to pick up the new configuration: initialTLSAdherencePolicy=%s currentTLSAdherencePolicy=%s", + *initialAdherencePolicy, + apiServer.Spec.TLSAdherence, + ) + // Persist the new policy for future change detection. + *initialAdherencePolicy = apiServer.Spec.TLSAdherence + } shutdown() } diff --git a/cmd/machineset/main.go b/cmd/machineset/main.go index e1d7c90db9..4587b77f2f 100644 --- a/cmd/machineset/main.go +++ b/cmd/machineset/main.go @@ -31,8 +31,8 @@ import ( apifeatures "github.com/openshift/api/features" machinev1 "github.com/openshift/api/machine/v1beta1" utiltls "github.com/openshift/controller-runtime-common/pkg/tls" - mapiwebhooks "github.com/openshift/machine-api-operator/pkg/webhooks" "github.com/openshift/machine-api-operator/pkg/version" + mapiwebhooks "github.com/openshift/machine-api-operator/pkg/webhooks" "k8s.io/apiserver/pkg/util/feature" _ "k8s.io/client-go/plugin/pkg/client/auth/gcp" diff --git a/cmd/vsphere/main.go b/cmd/vsphere/main.go index 92dcfce10e..e67275ce23 100644 --- a/cmd/vsphere/main.go +++ b/cmd/vsphere/main.go @@ -176,7 +176,7 @@ func main() { machineActuator := machine.NewActuator(machine.ActuatorParams{ Client: mgr.GetClient(), APIReader: mgr.GetAPIReader(), - EventRecorder: mgr.GetEventRecorderFor("vspherecontroller"), //nolint:staticcheck + EventRecorder: mgr.GetEventRecorderFor("vspherecontroller"), TaskIDCache: taskIDCache, FeatureGates: defaultMutableGate, OpenshiftConfigNamespace: vsphere.OpenshiftConfigNamespace, diff --git a/pkg/controller/machine/controller.go b/pkg/controller/machine/controller.go index 479570737c..38e4b497a0 100644 --- a/pkg/controller/machine/controller.go +++ b/pkg/controller/machine/controller.go @@ -112,7 +112,7 @@ func AddWithActuatorOpts(mgr manager.Manager, actuator Actuator, opts controller func newReconciler(mgr manager.Manager, actuator Actuator, gate featuregate.MutableFeatureGate) reconcile.Reconciler { r := &ReconcileMachine{ Client: mgr.GetClient(), - eventRecorder: mgr.GetEventRecorderFor("machine-controller"), //nolint:staticcheck + eventRecorder: mgr.GetEventRecorderFor("machine-controller"), config: mgr.GetConfig(), scheme: mgr.GetScheme(), actuator: actuator, diff --git a/pkg/controller/machine/drain_controller.go b/pkg/controller/machine/drain_controller.go index 21ca685326..5ada1b3c59 100644 --- a/pkg/controller/machine/drain_controller.go +++ b/pkg/controller/machine/drain_controller.go @@ -44,7 +44,7 @@ type machineDrainController struct { func newDrainController(mgr manager.Manager) reconcile.Reconciler { d := &machineDrainController{ Client: mgr.GetClient(), - eventRecorder: mgr.GetEventRecorderFor("machine-drain-controller"), //nolint:staticcheck + eventRecorder: mgr.GetEventRecorderFor("machine-drain-controller"), config: mgr.GetConfig(), scheme: mgr.GetScheme(), } diff --git a/pkg/controller/machine/machine_controller_test.go b/pkg/controller/machine/machine_controller_test.go index 86c3d546aa..0de9d27e3a 100644 --- a/pkg/controller/machine/machine_controller_test.go +++ b/pkg/controller/machine/machine_controller_test.go @@ -23,8 +23,6 @@ import ( . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" - "context" - machinev1 "github.com/openshift/api/machine/v1beta1" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" diff --git a/pkg/controller/machinehealthcheck/machinehealthcheck_controller.go b/pkg/controller/machinehealthcheck/machinehealthcheck_controller.go index f2086d6aa2..83d8369f6a 100644 --- a/pkg/controller/machinehealthcheck/machinehealthcheck_controller.go +++ b/pkg/controller/machinehealthcheck/machinehealthcheck_controller.go @@ -103,7 +103,7 @@ func newReconciler(mgr manager.Manager, opts manager.Options) (*ReconcileMachine return &ReconcileMachineHealthCheck{ client: mgr.GetClient(), scheme: mgr.GetScheme(), - recorder: mgr.GetEventRecorderFor(controllerName), //nolint:staticcheck + recorder: mgr.GetEventRecorderFor(controllerName), }, nil } diff --git a/pkg/controller/machineset/controller.go b/pkg/controller/machineset/controller.go index 6982bb4965..5d72fac832 100644 --- a/pkg/controller/machineset/controller.go +++ b/pkg/controller/machineset/controller.go @@ -73,7 +73,7 @@ func Add(mgr manager.Manager, opts manager.Options, gate featuregate.MutableFeat func newReconciler(mgr manager.Manager, gate featuregate.MutableFeatureGate) *ReconcileMachineSet { return &ReconcileMachineSet{ Client: mgr.GetClient(), scheme: mgr.GetScheme(), - recorder: mgr.GetEventRecorderFor(controllerName), //nolint:staticcheck + recorder: mgr.GetEventRecorderFor(controllerName), gate: gate, } } diff --git a/pkg/controller/vsphere/actuator_test.go b/pkg/controller/vsphere/actuator_test.go index 32bc9eec4e..8193dad593 100644 --- a/pkg/controller/vsphere/actuator_test.go +++ b/pkg/controller/vsphere/actuator_test.go @@ -94,7 +94,7 @@ func TestMachineEvents(t *testing.T) { defer cancel() k8sClient := mgr.GetClient() - eventRecorder := mgr.GetEventRecorderFor("vspherecontroller") //nolint:staticcheck + eventRecorder := mgr.GetEventRecorderFor("vspherecontroller") configNamespace := &corev1.Namespace{ ObjectMeta: metav1.ObjectMeta{ Name: openshiftConfigNamespaceForTest, diff --git a/pkg/controller/vsphere/machineset/controller.go b/pkg/controller/vsphere/machineset/controller.go index b1468daa38..27e875322b 100644 --- a/pkg/controller/vsphere/machineset/controller.go +++ b/pkg/controller/vsphere/machineset/controller.go @@ -46,7 +46,7 @@ func (r *Reconciler) SetupWithManager(mgr ctrl.Manager, options controller.Optio return fmt.Errorf("failed setting up with a controller manager: %w", err) } - r.recorder = mgr.GetEventRecorderFor("machineset-controller") //nolint:staticcheck + r.recorder = mgr.GetEventRecorderFor("machineset-controller") r.scheme = mgr.GetScheme() return nil } diff --git a/pkg/operator/config.go b/pkg/operator/config.go index e0233ff97e..cf36ac3951 100644 --- a/pkg/operator/config.go +++ b/pkg/operator/config.go @@ -20,12 +20,13 @@ type Provider string // OperatorConfig contains configuration for MAO type OperatorConfig struct { - TargetNamespace string `json:"targetNamespace"` - Controllers Controllers - Proxy *configv1.Proxy - PlatformType configv1.PlatformType - Features map[string]bool - TLSProfile configv1.TLSProfileSpec + TargetNamespace string `json:"targetNamespace"` + Controllers Controllers + Proxy *configv1.Proxy + PlatformType configv1.PlatformType + Features map[string]bool + TLSProfile configv1.TLSProfileSpec + TLSAdherencePolicy configv1.TLSAdherencePolicy } type Controllers struct { diff --git a/pkg/operator/operator.go b/pkg/operator/operator.go index b6bbc90d8a..f5886a08d7 100644 --- a/pkg/operator/operator.go +++ b/pkg/operator/operator.go @@ -504,8 +504,9 @@ func (optr *Operator) maoConfigFromInfrastructure() (*OperatorConfig, error) { KubeRBACProxy: kubeRBACProxy, TerminationHandler: terminationHandlerImage, }, - PlatformType: provider, - Features: features, - TLSProfile: tlsProfile, + PlatformType: provider, + Features: features, + TLSProfile: tlsProfile, + TLSAdherencePolicy: apiServer.Spec.TLSAdherence, }, nil } diff --git a/pkg/operator/sync.go b/pkg/operator/sync.go index bb0cd8dcd0..6a626f377b 100644 --- a/pkg/operator/sync.go +++ b/pkg/operator/sync.go @@ -530,7 +530,11 @@ func newRBACConfigVolumes() []corev1.Volume { } func newPodTemplateSpec(config *OperatorConfig, features map[string]bool) *corev1.PodTemplateSpec { - tlsArgs := getTLSArgs(config.TLSProfile) + tlsArgs := []string{} + if libgocrypto.ShouldHonorClusterTLSProfile(config.TLSAdherencePolicy) { + tlsArgs = getTLSArgs(config.TLSProfile) + } + containers := newContainers(config, features, tlsArgs) withMHCProxy := config.Controllers.MachineHealthCheck != "" proxyContainers := newKubeProxyContainers(config.Controllers.KubeRBACProxy, withMHCProxy, tlsArgs) diff --git a/pkg/operator/sync_test.go b/pkg/operator/sync_test.go index 5f37c28cb5..67592bb805 100644 --- a/pkg/operator/sync_test.go +++ b/pkg/operator/sync_test.go @@ -708,12 +708,14 @@ func TestNewKubeProxyContainers(t *testing.T) { } } -func TestNewContainersTLSArgs(t *testing.T) { +func TestNewPodTemplateSpecTLSArgs(t *testing.T) { testCases := []struct { - name string - config *OperatorConfig - tlsProfile configv1.TLSProfileSpec - expectMachineControllerTLSArgs bool + name string + config *OperatorConfig + tlsProfile configv1.TLSProfileSpec + tlsAdherencePolicy configv1.TLSAdherencePolicy + expectMachineControllerTLSOnBareMetal bool + expectTLSArgsFromAdherence bool }{ { name: "AWS: TLS 1.2 with cipher suites", @@ -725,6 +727,7 @@ func TestNewContainersTLSArgs(t *testing.T) { MachineSet: "machineset-image:latest", NodeLink: "nodelink-image:latest", MachineHealthCheck: "mhc-image:latest", + KubeRBACProxy: "kube-rbac-proxy-image:latest", }, }, tlsProfile: configv1.TLSProfileSpec{ @@ -734,7 +737,9 @@ func TestNewContainersTLSArgs(t *testing.T) { }, MinTLSVersion: configv1.VersionTLS12, }, - expectMachineControllerTLSArgs: false, + expectMachineControllerTLSOnBareMetal: false, + tlsAdherencePolicy: configv1.TLSAdherencePolicyStrictAllComponents, + expectTLSArgsFromAdherence: true, }, { name: "GCP: TLS 1.3 without cipher suites", @@ -746,13 +751,16 @@ func TestNewContainersTLSArgs(t *testing.T) { MachineSet: "machineset-image:latest", NodeLink: "nodelink-image:latest", MachineHealthCheck: "", + KubeRBACProxy: "kube-rbac-proxy-image:latest", }, }, tlsProfile: configv1.TLSProfileSpec{ Ciphers: []string{}, MinTLSVersion: configv1.VersionTLS13, }, - expectMachineControllerTLSArgs: false, + expectMachineControllerTLSOnBareMetal: false, + tlsAdherencePolicy: configv1.TLSAdherencePolicyLegacyAdheringComponentsOnly, + expectTLSArgsFromAdherence: false, }, { name: "BareMetal: TLS args passed to machine-controller for Metal3Remediation webhooks", @@ -764,6 +772,7 @@ func TestNewContainersTLSArgs(t *testing.T) { MachineSet: "machineset-image:latest", NodeLink: "nodelink-image:latest", MachineHealthCheck: "mhc-image:latest", + KubeRBACProxy: "kube-rbac-proxy-image:latest", }, }, tlsProfile: configv1.TLSProfileSpec{ @@ -773,7 +782,33 @@ func TestNewContainersTLSArgs(t *testing.T) { }, MinTLSVersion: configv1.VersionTLS12, }, - expectMachineControllerTLSArgs: true, + expectMachineControllerTLSOnBareMetal: true, + tlsAdherencePolicy: configv1.TLSAdherencePolicyStrictAllComponents, + expectTLSArgsFromAdherence: true, + }, + { + name: "AWS: no opinion does not apply TLS args through pod template", + config: &OperatorConfig{ + TargetNamespace: targetNamespace, + PlatformType: configv1.AWSPlatformType, + Controllers: Controllers{ + Provider: "provider-image:latest", + MachineSet: "machineset-image:latest", + NodeLink: "nodelink-image:latest", + MachineHealthCheck: "mhc-image:latest", + KubeRBACProxy: "kube-rbac-proxy-image:latest", + }, + }, + tlsProfile: configv1.TLSProfileSpec{ + Ciphers: []string{ + "ECDHE-ECDSA-AES128-GCM-SHA256", + "ECDHE-RSA-AES128-GCM-SHA256", + }, + MinTLSVersion: configv1.VersionTLS12, + }, + expectMachineControllerTLSOnBareMetal: false, + tlsAdherencePolicy: configv1.TLSAdherencePolicyNoOpinion, + expectTLSArgsFromAdherence: false, }, } @@ -781,60 +816,55 @@ func TestNewContainersTLSArgs(t *testing.T) { t.Run(tc.name, func(t *testing.T) { g := NewWithT(t) - tlsArgs := getTLSArgs(tc.tlsProfile) - containers := newContainers(tc.config, map[string]bool{}, tlsArgs) + configForPodTemplate := *tc.config + configForPodTemplate.TLSProfile = tc.tlsProfile + configForPodTemplate.TLSAdherencePolicy = tc.tlsAdherencePolicy + podTemplate := newPodTemplateSpec(&configForPodTemplate, map[string]bool{}) containerArgs := map[string][]string{} - for _, c := range containers { - containerArgs[c.Name] = c.Args + for _, container := range podTemplate.Spec.Containers { + containerArgs[container.Name] = container.Args } g.Expect(containerArgs).To(HaveKey("machineset-controller")) g.Expect(containerArgs).To(HaveKey("machine-controller")) g.Expect(containerArgs).To(HaveKey("nodelink-controller")) + g.Expect(containerArgs).To(HaveKey("kube-rbac-proxy-machineset-mtrc")) + g.Expect(containerArgs).To(HaveKey("kube-rbac-proxy-machine-mtrc")) - // machineset-controller always receives TLS args. - machineSetJoined := strings.Join(containerArgs["machineset-controller"], " ") - g.Expect(machineSetJoined).To(ContainSubstring("--tls-min-version="+string(tc.tlsProfile.MinTLSVersion)), - "machineset-controller should have --tls-min-version") - if len(tc.tlsProfile.Ciphers) > 0 { - g.Expect(machineSetJoined).To(ContainSubstring("--tls-cipher-suites="), - "machineset-controller should have --tls-cipher-suites when ciphers are specified") - } else { - g.Expect(machineSetJoined).ToNot(ContainSubstring("--tls-cipher-suites="), - "machineset-controller should not have --tls-cipher-suites when ciphers are not specified") + if tc.config.Controllers.MachineHealthCheck != "" { + g.Expect(containerArgs).To(HaveKey("machine-healthcheck-controller")) + g.Expect(containerArgs).To(HaveKey("kube-rbac-proxy-mhc-mtrc")) } - // machine-controller receives TLS args only on BareMetal as it's the only platform that serves webhooks. - machineControllerJoined := strings.Join(containerArgs["machine-controller"], " ") - if tc.expectMachineControllerTLSArgs { - g.Expect(machineControllerJoined).To(ContainSubstring("--tls-min-version="+string(tc.tlsProfile.MinTLSVersion)), - "machine-controller should have --tls-min-version on BareMetal") - if len(tc.tlsProfile.Ciphers) > 0 { - g.Expect(machineControllerJoined).To(ContainSubstring("--tls-cipher-suites="), - "machine-controller should have --tls-cipher-suites on BareMetal") + expectedTLSArgs := getTLSArgs(tc.tlsProfile) + assertTLSArgs := func(args []string, shouldContain bool) { + joined := strings.Join(args, " ") + for _, expectedTLSArg := range expectedTLSArgs { + if shouldContain { + g.Expect(joined).To(ContainSubstring(expectedTLSArg)) + } else { + g.Expect(joined).ToNot(ContainSubstring(expectedTLSArg)) + } } - } else { - g.Expect(machineControllerJoined).ToNot(ContainSubstring("--tls-min-version="), - "machine-controller should not have TLS args on %s", tc.config.PlatformType) - g.Expect(machineControllerJoined).ToNot(ContainSubstring("--tls-cipher-suites="), - "machine-controller should not have TLS args on %s", tc.config.PlatformType) } - // nodelink-controller never receives TLS args. - nodelinkJoined := strings.Join(containerArgs["nodelink-controller"], " ") - g.Expect(nodelinkJoined).ToNot(ContainSubstring("--tls-min-version="), - "nodelink-controller should not have TLS args") - g.Expect(nodelinkJoined).ToNot(ContainSubstring("--tls-cipher-suites="), - "nodelink-controller should not have TLS args") + // machineset-controller and kube-rbac-proxy containers honor TLSAdherencePolicy. + assertTLSArgs(containerArgs["machineset-controller"], tc.expectTLSArgsFromAdherence) + assertTLSArgs(containerArgs["kube-rbac-proxy-machineset-mtrc"], tc.expectTLSArgsFromAdherence) + assertTLSArgs(containerArgs["kube-rbac-proxy-machine-mtrc"], tc.expectTLSArgsFromAdherence) + if tc.config.Controllers.MachineHealthCheck != "" { + assertTLSArgs(containerArgs["kube-rbac-proxy-mhc-mtrc"], tc.expectTLSArgsFromAdherence) + } + + // machine-controller gets TLS args only on BareMetal, and only when adherence enables TLS args. + expectMachineControllerTLSArgs := tc.expectTLSArgsFromAdherence && tc.expectMachineControllerTLSOnBareMetal + assertTLSArgs(containerArgs["machine-controller"], expectMachineControllerTLSArgs) + // nodelink-controller and machine-healthcheck-controller never receive TLS args. + assertTLSArgs(containerArgs["nodelink-controller"], false) if tc.config.Controllers.MachineHealthCheck != "" { - g.Expect(containerArgs).To(HaveKey("machine-healthcheck-controller")) - mhcJoined := strings.Join(containerArgs["machine-healthcheck-controller"], " ") - g.Expect(mhcJoined).ToNot(ContainSubstring("--tls-min-version="), - "machine-healthcheck-controller should not have TLS args") - g.Expect(mhcJoined).ToNot(ContainSubstring("--tls-cipher-suites="), - "machine-healthcheck-controller should not have TLS args") + assertTLSArgs(containerArgs["machine-healthcheck-controller"], false) } }) } From 8048f7010503a7b02ac0b94ae61dabf467451cc2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Radek=20Ma=C5=88=C3=A1k?= Date: Fri, 20 Mar 2026 16:55:36 +0100 Subject: [PATCH 15/15] Fix lint --- pkg/controller/machine/controller.go | 8 ++--- pkg/controller/machine/drain_controller.go | 18 +++++------ .../machine/drain_controller_test.go | 2 +- .../machinehealthcheck_controller.go | 20 +++++++++++-- .../machinehealthcheck_controller_test.go | 30 ++++++++++++------- pkg/controller/machineset/controller.go | 8 ++--- pkg/controller/machineset/controller_test.go | 2 +- 7 files changed, 56 insertions(+), 32 deletions(-) diff --git a/pkg/controller/machine/controller.go b/pkg/controller/machine/controller.go index 38e4b497a0..ab2cd5c633 100644 --- a/pkg/controller/machine/controller.go +++ b/pkg/controller/machine/controller.go @@ -35,7 +35,7 @@ import ( "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/util/validation/field" "k8s.io/client-go/rest" - "k8s.io/client-go/tools/record" + "k8s.io/client-go/tools/events" "k8s.io/component-base/featuregate" "k8s.io/klog/v2" "k8s.io/utils/ptr" @@ -112,7 +112,7 @@ func AddWithActuatorOpts(mgr manager.Manager, actuator Actuator, opts controller func newReconciler(mgr manager.Manager, actuator Actuator, gate featuregate.MutableFeatureGate) reconcile.Reconciler { r := &ReconcileMachine{ Client: mgr.GetClient(), - eventRecorder: mgr.GetEventRecorderFor("machine-controller"), + eventRecorder: mgr.GetEventRecorder("machine-controller"), config: mgr.GetConfig(), scheme: mgr.GetScheme(), actuator: actuator, @@ -142,7 +142,7 @@ type ReconcileMachine struct { config *rest.Config scheme *runtime.Scheme - eventRecorder record.EventRecorder + eventRecorder events.EventRecorder actuator Actuator gate featuregate.MutableFeatureGate @@ -237,7 +237,7 @@ func (r *ReconcileMachine) Reconcile(ctx context.Context, request reconcile.Requ if errList := validateMachine(m); len(errList) > 0 { err := fmt.Errorf("%v: machine validation failed: %v", machineName, errList.ToAggregate().Error()) klog.Error(err) - r.eventRecorder.Eventf(m, corev1.EventTypeWarning, "FailedValidate", err.Error()) + r.eventRecorder.Eventf(m, nil, corev1.EventTypeWarning, "FailedValidate", "Validate", err.Error()) return reconcile.Result{}, err } diff --git a/pkg/controller/machine/drain_controller.go b/pkg/controller/machine/drain_controller.go index 5ada1b3c59..60b2300d54 100644 --- a/pkg/controller/machine/drain_controller.go +++ b/pkg/controller/machine/drain_controller.go @@ -12,7 +12,7 @@ import ( "k8s.io/apimachinery/pkg/runtime" "k8s.io/client-go/kubernetes" "k8s.io/client-go/rest" - "k8s.io/client-go/tools/record" + "k8s.io/client-go/tools/events" "k8s.io/client-go/util/workqueue" "k8s.io/klog/v2" "k8s.io/kubectl/pkg/drain" @@ -37,14 +37,14 @@ type machineDrainController struct { config *rest.Config scheme *runtime.Scheme - eventRecorder record.EventRecorder + eventRecorder events.EventRecorder } // newDrainController returns a new reconcile.Reconciler for machine-drain-controller func newDrainController(mgr manager.Manager) reconcile.Reconciler { d := &machineDrainController{ Client: mgr.GetClient(), - eventRecorder: mgr.GetEventRecorderFor("machine-drain-controller"), + eventRecorder: mgr.GetEventRecorder("machine-drain-controller"), config: mgr.GetConfig(), scheme: mgr.GetScheme(), } @@ -88,10 +88,10 @@ func (d *machineDrainController) Reconcile(ctx context.Context, request reconcil // Return early without error, will requeue if/when the hook owner removes the annotation. if len(m.Spec.LifecycleHooks.PreDrain) > 0 { klog.Infof("%v: not draining machine: lifecycle blocked by pre-drain hook", m.Name) - d.eventRecorder.Eventf(m, corev1.EventTypeNormal, "DrainBlocked", "Drain blocked by pre-drain hook") + d.eventRecorder.Eventf(m, nil, corev1.EventTypeNormal, "DrainBlocked", "DrainBlocked", "Drain blocked by pre-drain hook") return reconcile.Result{}, nil } - d.eventRecorder.Eventf(m, corev1.EventTypeNormal, "DrainProceeds", "Node drain proceeds") + d.eventRecorder.Eventf(m, nil, corev1.EventTypeNormal, "DrainProceeds", "DrainProceeds", "Node drain proceeds") if err := d.drainNode(ctx, m); err != nil { klog.Errorf("%v: failed to drain node for machine: %v", m.Name, err) conditions.Set(m, conditions.FalseCondition( @@ -100,13 +100,13 @@ func (d *machineDrainController) Reconcile(ctx context.Context, request reconcil machinev1.ConditionSeverityWarning, "could not drain machine: %v", err, )) - d.eventRecorder.Eventf(m, corev1.EventTypeNormal, "DrainRequeued", "Node drain requeued: %v", err.Error()) + d.eventRecorder.Eventf(m, nil, corev1.EventTypeNormal, "DrainRequeued", "DrainRequeued", "Node drain requeued: %v", err.Error()) return delayIfRequeueAfterError(err) } - d.eventRecorder.Eventf(m, corev1.EventTypeNormal, "DrainSucceeded", "Node drain succeeded") + d.eventRecorder.Eventf(m, nil, corev1.EventTypeNormal, "DrainSucceeded", "DrainSucceeded", "Node drain succeeded") drainFinishedCondition.Message = "Drain finished successfully" } else { - d.eventRecorder.Eventf(m, corev1.EventTypeNormal, "DrainSkipped", "Node drain skipped") + d.eventRecorder.Eventf(m, nil, corev1.EventTypeNormal, "DrainSkipped", "DrainSkipped", "Node drain skipped") drainFinishedCondition.Message = "Node drain skipped" } @@ -189,7 +189,7 @@ func (d *machineDrainController) drainNode(ctx context.Context, machine *machine } klog.Infof("drain successful for machine %q", machine.Name) - d.eventRecorder.Eventf(machine, corev1.EventTypeNormal, "Deleted", "Node %q drained", node.Name) + d.eventRecorder.Eventf(machine, nil, corev1.EventTypeNormal, "Deleted", "Deleted", "Node %q drained", node.Name) return nil } diff --git a/pkg/controller/machine/drain_controller_test.go b/pkg/controller/machine/drain_controller_test.go index e00df049a8..256ec16b91 100644 --- a/pkg/controller/machine/drain_controller_test.go +++ b/pkg/controller/machine/drain_controller_test.go @@ -65,7 +65,7 @@ func TestDrainControllerReconcileRequest(t *testing.T) { return &machineDrainController{ Client: fake.NewClientBuilder().WithScheme(scheme.Scheme).WithRuntimeObjects(fakeObjs...).WithStatusSubresource(&machinev1.Machine{}).Build(), scheme: scheme.Scheme, - eventRecorder: recorder, + eventRecorder: record.NewEventRecorderAdapter(recorder), }, recorder } diff --git a/pkg/controller/machinehealthcheck/machinehealthcheck_controller.go b/pkg/controller/machinehealthcheck/machinehealthcheck_controller.go index 83d8369f6a..ab2ccfd39d 100644 --- a/pkg/controller/machinehealthcheck/machinehealthcheck_controller.go +++ b/pkg/controller/machinehealthcheck/machinehealthcheck_controller.go @@ -23,7 +23,7 @@ import ( "k8s.io/apimachinery/pkg/types" apimachineryutilerrors "k8s.io/apimachinery/pkg/util/errors" "k8s.io/apimachinery/pkg/util/intstr" - "k8s.io/client-go/tools/record" + "k8s.io/client-go/tools/events" "k8s.io/klog/v2" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/client" @@ -103,7 +103,7 @@ func newReconciler(mgr manager.Manager, opts manager.Options) (*ReconcileMachine return &ReconcileMachineHealthCheck{ client: mgr.GetClient(), scheme: mgr.GetScheme(), - recorder: mgr.GetEventRecorderFor(controllerName), + recorder: mgr.GetEventRecorder(controllerName), }, nil } @@ -149,7 +149,7 @@ type ReconcileMachineHealthCheck struct { // that reads objects from the cache and writes to the apiserver client client.Client scheme *runtime.Scheme - recorder record.EventRecorder + recorder events.EventRecorder } type target struct { @@ -239,8 +239,10 @@ func (r *ReconcileMachineHealthCheck) Reconcile(ctx context.Context, request rec r.recorder.Eventf( mhc, + nil, corev1.EventTypeWarning, EventRemediationRestricted, + EventRemediationRestricted, "Remediation restricted due to exceeded number of unhealthy machines (total: %v, unhealthy: %v, maxUnhealthy: %v)", totalTargets, unhealthyCount, @@ -480,8 +482,10 @@ func (r *ReconcileMachineHealthCheck) healthCheckTargets(targets []target, timeo klog.V(3).Infof("Reconciling %s: is likely to go unhealthy in %v", t.string(), nextCheck) r.recorder.Eventf( &t.Machine, + nil, corev1.EventTypeNormal, EventDetectedUnhealthy, + EventDetectedUnhealthy, "Machine %v has unhealthy node %v", t.string(), t.nodeName(), @@ -638,8 +642,10 @@ func (r *ReconcileMachineHealthCheck) internalRemediation(t target) error { if !t.hasControllerOwner() { r.recorder.Eventf( &t.Machine, + nil, corev1.EventTypeNormal, EventSkippedNoController, + EventSkippedNoController, "Machine %v has no controller owner, skipping remediation", t.string(), ) @@ -666,8 +672,10 @@ func (r *ReconcileMachineHealthCheck) internalRemediation(t target) error { if err := r.client.Delete(context.TODO(), &t.Machine); err != nil { r.recorder.Eventf( &t.Machine, + nil, corev1.EventTypeWarning, EventMachineDeletionFailed, + EventMachineDeletionFailed, "Machine %v remediation failed: unable to delete Machine object: %v", t.string(), err, @@ -676,8 +684,10 @@ func (r *ReconcileMachineHealthCheck) internalRemediation(t target) error { } r.recorder.Eventf( &t.Machine, + nil, corev1.EventTypeNormal, EventMachineDeleted, + EventMachineDeleted, "Machine %v has been remediated by requesting to delete Machine object", t.string(), ) @@ -701,8 +711,10 @@ func (t *target) remediationStrategyExternal(r *ReconcileMachineHealthCheck) err if err := r.client.Update(context.TODO(), &t.Machine); err != nil { r.recorder.Eventf( &t.Machine, + nil, corev1.EventTypeWarning, EventExternalAnnotationFailed, + EventExternalAnnotationFailed, "Requesting external remediation of node associated with machine %v failed: %v", t.string(), err, @@ -711,8 +723,10 @@ func (t *target) remediationStrategyExternal(r *ReconcileMachineHealthCheck) err } r.recorder.Eventf( &t.Machine, + nil, corev1.EventTypeNormal, EventExternalAnnotationAdded, + EventExternalAnnotationAdded, "Requesting external remediation of node associated with machine %v", t.string(), ) diff --git a/pkg/controller/machinehealthcheck/machinehealthcheck_controller_test.go b/pkg/controller/machinehealthcheck/machinehealthcheck_controller_test.go index 66e11c0e54..7a1171ef72 100644 --- a/pkg/controller/machinehealthcheck/machinehealthcheck_controller_test.go +++ b/pkg/controller/machinehealthcheck/machinehealthcheck_controller_test.go @@ -25,6 +25,7 @@ import ( "k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/util/intstr" "k8s.io/client-go/kubernetes/scheme" + "k8s.io/client-go/tools/events" "k8s.io/client-go/tools/record" "k8s.io/utils/ptr" "sigs.k8s.io/controller-runtime/pkg/client" @@ -499,7 +500,7 @@ func TestReconcile(t *testing.T) { } recorder := record.NewFakeRecorder(2) r := newFakeReconcilerWithCustomRecorder(recorder, buildRunTimeObjects(tc)...) - assertBaseReconcile(t, tc, ctx, r) + assertBaseReconcile(t, tc, ctx, r, recorder) }) } } @@ -591,7 +592,7 @@ func TestReconcileExternalRemediationTemplate(t *testing.T) { t.Run(tc.name, func(t *testing.T) { recorder := record.NewFakeRecorder(2) r := newFakeReconcilerWithCustomRecorder(recorder, buildRunTimeObjects(tc)...) - assertBaseReconcile(t, tc, ctx, r) + assertBaseReconcile(t, tc, ctx, r, recorder) assertExternalRemediation(t, tc, ctx, r) }) @@ -3009,7 +3010,7 @@ type fakeReconcilerBuilder struct { fakeClientBuilder *fake.ClientBuilder scheme *runtime.Scheme namespace string - recorder record.EventRecorder + recorder events.EventRecorder } func newFakeReconcilerBuilder() fakeReconcilerBuilder { @@ -3026,8 +3027,13 @@ func (f fakeReconcilerBuilder) WithFakeClientBuilder(fakeClientBuilder *fake.Cli return f } -func (f fakeReconcilerBuilder) WithRecorder(recorder record.EventRecorder) fakeReconcilerBuilder { - f.recorder = recorder +func (f fakeReconcilerBuilder) WithRecorder(recorder record.EventRecorderLogger) fakeReconcilerBuilder { + if recorder == nil { + f.recorder = nil + return f + } + + f.recorder = record.NewEventRecorderAdapter(recorder) return f } @@ -3049,22 +3055,26 @@ func (f fakeReconcilerBuilder) Build() *ReconcileMachineHealthCheck { } } -func newFakeReconcilerWithCustomRecorder(recorder record.EventRecorder, initObjects ...runtime.Object) *ReconcileMachineHealthCheck { +func newFakeReconcilerWithCustomRecorder(recorder record.EventRecorderLogger, initObjects ...runtime.Object) *ReconcileMachineHealthCheck { fakeClient := fake.NewClientBuilder(). WithIndex(&machinev1.Machine{}, machineNodeNameIndex, indexMachineByNodeName). WithRuntimeObjects(initObjects...). WithStatusSubresource(&machinev1.MachineHealthCheck{}). Build() + + var eventRecorder events.EventRecorder + if recorder != nil { + eventRecorder = record.NewEventRecorderAdapter(recorder) + } + return &ReconcileMachineHealthCheck{ client: fakeClient, scheme: scheme.Scheme, - recorder: recorder, + recorder: eventRecorder, } } -func assertBaseReconcile(t *testing.T, tc testCase, ctx context.Context, r *ReconcileMachineHealthCheck) { - recorder := r.recorder.(*record.FakeRecorder) - +func assertBaseReconcile(t *testing.T, tc testCase, ctx context.Context, r *ReconcileMachineHealthCheck, recorder *record.FakeRecorder) { request := reconcile.Request{ NamespacedName: types.NamespacedName{ Namespace: tc.mhc.GetNamespace(), diff --git a/pkg/controller/machineset/controller.go b/pkg/controller/machineset/controller.go index 5d72fac832..8d4d2ba6ec 100644 --- a/pkg/controller/machineset/controller.go +++ b/pkg/controller/machineset/controller.go @@ -37,7 +37,7 @@ import ( "k8s.io/apimachinery/pkg/labels" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/util/validation/field" - "k8s.io/client-go/tools/record" + "k8s.io/client-go/tools/events" "k8s.io/component-base/featuregate" "k8s.io/klog/v2" "sigs.k8s.io/controller-runtime/pkg/client" @@ -73,7 +73,7 @@ func Add(mgr manager.Manager, opts manager.Options, gate featuregate.MutableFeat func newReconciler(mgr manager.Manager, gate featuregate.MutableFeatureGate) *ReconcileMachineSet { return &ReconcileMachineSet{ Client: mgr.GetClient(), scheme: mgr.GetScheme(), - recorder: mgr.GetEventRecorderFor(controllerName), + recorder: mgr.GetEventRecorder(controllerName), gate: gate, } } @@ -115,7 +115,7 @@ func addWithOpts(mgr manager.Manager, opts controller.Options, mapFn handler.Typ type ReconcileMachineSet struct { client.Client scheme *runtime.Scheme - recorder record.EventRecorder + recorder events.EventRecorder gate featuregate.MutableFeatureGate } @@ -234,7 +234,7 @@ func (r *ReconcileMachineSet) Reconcile(ctx context.Context, request reconcile.R result, err := r.reconcile(ctx, machineSet) if err != nil { klog.Errorf("Failed to reconcile MachineSet %q: %v", request.NamespacedName, err) - r.recorder.Eventf(machineSet, corev1.EventTypeWarning, "ReconcileError", "%v", err) + r.recorder.Eventf(machineSet, nil, corev1.EventTypeWarning, "ReconcileError", "ReconcileError", "%v", err) } return result, err } diff --git a/pkg/controller/machineset/controller_test.go b/pkg/controller/machineset/controller_test.go index 481c5c535f..37074654e5 100644 --- a/pkg/controller/machineset/controller_test.go +++ b/pkg/controller/machineset/controller_test.go @@ -296,7 +296,7 @@ var _ = Describe("MachineSet Reconcile", func() { r = &ReconcileMachineSet{ scheme: scheme.Scheme, - recorder: rec, + recorder: record.NewEventRecorderAdapter(rec), gate: gate, } })