diff --git a/go.mod b/go.mod index 0d8c7b743..80d090a5f 100644 --- a/go.mod +++ b/go.mod @@ -2,6 +2,8 @@ module github.com/openshift/client-go go 1.25.0 +replace github.com/openshift/api => github.com/bhperry/openshift-api v0.0.0-20260625212444-6f322148aade + require ( github.com/openshift/api v0.0.0-20260619095050-5346161d1bf2 github.com/openshift/build-machinery-go v0.0.0-20250530140348-dc5b2804eeee diff --git a/go.sum b/go.sum index 8eea0db7f..77bfd6325 100644 --- a/go.sum +++ b/go.sum @@ -1,3 +1,5 @@ +github.com/bhperry/openshift-api v0.0.0-20260625212444-6f322148aade h1:kzBVyoobF36rblywHrEqeve/nQ0NJsySkYUEvBaQBiU= +github.com/bhperry/openshift-api v0.0.0-20260625212444-6f322148aade/go.mod h1:Jm45pE7O6/G0tYYhiLzNyZykTjmf9BfhsKYuGfLLwTE= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -71,8 +73,6 @@ github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee h1:W5t00kpgFd github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= -github.com/openshift/api v0.0.0-20260619095050-5346161d1bf2 h1:oZkYkIvQHkQV8pN0oe8AfPfc7y9+svwmsQHwbOWyJBw= -github.com/openshift/api v0.0.0-20260619095050-5346161d1bf2/go.mod h1:Jm45pE7O6/G0tYYhiLzNyZykTjmf9BfhsKYuGfLLwTE= github.com/openshift/build-machinery-go v0.0.0-20250530140348-dc5b2804eeee h1:+Sp5GGnjHDhT/a/nQ1xdp43UscBMr7G5wxsYotyhzJ4= github.com/openshift/build-machinery-go v0.0.0-20250530140348-dc5b2804eeee/go.mod h1:8jcm8UPtg2mCAsxfqKil1xrmRMI3a+XU2TZ9fF8A7TE= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= diff --git a/operator/applyconfigurations/internal/internal.go b/operator/applyconfigurations/internal/internal.go index a7f34e264..ff46a1f10 100644 --- a/operator/applyconfigurations/internal/internal.go +++ b/operator/applyconfigurations/internal/internal.go @@ -3120,6 +3120,9 @@ var schemaYAML = typed.YAMLObject(`types: type: scalar: string default: "" + - name: nodeUID + type: + scalar: string - name: targetRevision type: scalar: numeric diff --git a/operator/applyconfigurations/operator/v1/csidriverconfigspec.go b/operator/applyconfigurations/operator/v1/csidriverconfigspec.go index 215a65371..4ff829f8a 100644 --- a/operator/applyconfigurations/operator/v1/csidriverconfigspec.go +++ b/operator/applyconfigurations/operator/v1/csidriverconfigspec.go @@ -14,7 +14,7 @@ import ( type CSIDriverConfigSpecApplyConfiguration struct { // driverType indicates type of CSI driver for which the // driverConfig is being applied to. - // Valid values are: AWS, Azure, GCP, IBMCloud, vSphere and omitted. + // Valid values are: AWS, Azure, GCP, IBMCloud, vSphere, SecretsStore and omitted. // Consumers should treat unknown values as a NO-OP. DriverType *operatorv1.CSIDriverType `json:"driverType,omitempty"` // aws is used to configure the AWS CSI driver. @@ -27,6 +27,8 @@ type CSIDriverConfigSpecApplyConfiguration struct { IBMCloud *IBMCloudCSIDriverConfigSpecApplyConfiguration `json:"ibmcloud,omitempty"` // vSphere is used to configure the vsphere CSI driver. VSphere *VSphereCSIDriverConfigSpecApplyConfiguration `json:"vSphere,omitempty"` + // secretsStore is used to configure the Secrets Store CSI driver. + SecretsStore *SecretsStoreCSIDriverConfigSpecApplyConfiguration `json:"secretsStore,omitempty"` } // CSIDriverConfigSpecApplyConfiguration constructs a declarative configuration of the CSIDriverConfigSpec type for use with @@ -82,3 +84,11 @@ func (b *CSIDriverConfigSpecApplyConfiguration) WithVSphere(value *VSphereCSIDri b.VSphere = value return b } + +// WithSecretsStore sets the SecretsStore field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the SecretsStore field is set to the value of the last call. +func (b *CSIDriverConfigSpecApplyConfiguration) WithSecretsStore(value *SecretsStoreCSIDriverConfigSpecApplyConfiguration) *CSIDriverConfigSpecApplyConfiguration { + b.SecretsStore = value + return b +} diff --git a/operator/applyconfigurations/operator/v1/customsecretrotation.go b/operator/applyconfigurations/operator/v1/customsecretrotation.go new file mode 100644 index 000000000..1dd976a86 --- /dev/null +++ b/operator/applyconfigurations/operator/v1/customsecretrotation.go @@ -0,0 +1,31 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +// CustomSecretRotationApplyConfiguration represents a declarative configuration of the CustomSecretRotation type for use +// with apply. +// +// CustomSecretRotation holds configuration for custom secret rotation behavior. +type CustomSecretRotationApplyConfiguration struct { + // rotationPollIntervalSeconds is the minimum time in seconds between secret + // rotation attempts. The driver skips provider calls if less than this interval + // has elapsed since the last successful rotation. + // Must be at least 1 second and no more than 31560000 seconds (~1 year). + // When omitted, this means no opinion and the platform is left to choose a + // reasonable default, which is subject to change over time. + RotationPollIntervalSeconds *int32 `json:"rotationPollIntervalSeconds,omitempty"` +} + +// CustomSecretRotationApplyConfiguration constructs a declarative configuration of the CustomSecretRotation type for use with +// apply. +func CustomSecretRotation() *CustomSecretRotationApplyConfiguration { + return &CustomSecretRotationApplyConfiguration{} +} + +// WithRotationPollIntervalSeconds sets the RotationPollIntervalSeconds field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the RotationPollIntervalSeconds field is set to the value of the last call. +func (b *CustomSecretRotationApplyConfiguration) WithRotationPollIntervalSeconds(value int32) *CustomSecretRotationApplyConfiguration { + b.RotationPollIntervalSeconds = &value + return b +} diff --git a/operator/applyconfigurations/operator/v1/managedtokenrequests.go b/operator/applyconfigurations/operator/v1/managedtokenrequests.go new file mode 100644 index 000000000..5b65a6628 --- /dev/null +++ b/operator/applyconfigurations/operator/v1/managedtokenrequests.go @@ -0,0 +1,43 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +// ManagedTokenRequestsApplyConfiguration represents a declarative configuration of the ManagedTokenRequests type for use +// with apply. +// +// ManagedTokenRequests holds the configuration for operator-managed +// service account token requests. +type ManagedTokenRequestsApplyConfiguration struct { + // audiences specifies service account token audiences that kubelet will + // provide to the CSI driver during NodePublishVolume calls. These tokens + // enable workload identity federation (WIF) with cloud providers such as + // AWS, Azure, and GCP. + // When empty, the operator clears all tokenRequests from the CSIDriver object. + Audiences *[]SecretsStoreTokenRequestApplyConfiguration `json:"audiences,omitempty"` +} + +// ManagedTokenRequestsApplyConfiguration constructs a declarative configuration of the ManagedTokenRequests type for use with +// apply. +func ManagedTokenRequests() *ManagedTokenRequestsApplyConfiguration { + return &ManagedTokenRequestsApplyConfiguration{} +} + +func (b *ManagedTokenRequestsApplyConfiguration) ensureSecretsStoreTokenRequestApplyConfigurationExists() { + if b.Audiences == nil { + b.Audiences = &[]SecretsStoreTokenRequestApplyConfiguration{} + } +} + +// WithAudiences adds the given value to the Audiences field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Audiences field. +func (b *ManagedTokenRequestsApplyConfiguration) WithAudiences(values ...*SecretsStoreTokenRequestApplyConfiguration) *ManagedTokenRequestsApplyConfiguration { + b.ensureSecretsStoreTokenRequestApplyConfigurationExists() + for i := range values { + if values[i] == nil { + panic("nil value passed to WithAudiences") + } + *b.Audiences = append(*b.Audiences, *values[i]) + } + return b +} diff --git a/operator/applyconfigurations/operator/v1/nodestatus.go b/operator/applyconfigurations/operator/v1/nodestatus.go index f107c370d..9a796d563 100644 --- a/operator/applyconfigurations/operator/v1/nodestatus.go +++ b/operator/applyconfigurations/operator/v1/nodestatus.go @@ -4,6 +4,7 @@ package v1 import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" ) // NodeStatusApplyConfiguration represents a declarative configuration of the NodeStatus type for use @@ -13,6 +14,10 @@ import ( type NodeStatusApplyConfiguration struct { // nodeName is the name of the node NodeName *string `json:"nodeName,omitempty"` + // nodeUID is the UID of the node. + // This field is used to detect that a node has been deleted and recreated with the same name. + // When the UID changes, it indicates the node is a new instance and the status should be reset. + NodeUID *types.UID `json:"nodeUID,omitempty"` // currentRevision is the generation of the most recently successful deployment. // Can not be set on creation of a nodeStatus. Updates must only increase the value. CurrentRevision *int32 `json:"currentRevision,omitempty"` @@ -47,6 +52,14 @@ func (b *NodeStatusApplyConfiguration) WithNodeName(value string) *NodeStatusApp return b } +// WithNodeUID sets the NodeUID field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the NodeUID field is set to the value of the last call. +func (b *NodeStatusApplyConfiguration) WithNodeUID(value types.UID) *NodeStatusApplyConfiguration { + b.NodeUID = &value + return b +} + // WithCurrentRevision sets the CurrentRevision field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the CurrentRevision field is set to the value of the last call. diff --git a/operator/applyconfigurations/operator/v1/secretsstorecsidriverconfigspec.go b/operator/applyconfigurations/operator/v1/secretsstorecsidriverconfigspec.go new file mode 100644 index 000000000..145aa9070 --- /dev/null +++ b/operator/applyconfigurations/operator/v1/secretsstorecsidriverconfigspec.go @@ -0,0 +1,40 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +// SecretsStoreCSIDriverConfigSpecApplyConfiguration represents a declarative configuration of the SecretsStoreCSIDriverConfigSpec type for use +// with apply. +// +// SecretsStoreCSIDriverConfigSpec defines properties that can be configured for the Secrets Store CSI driver. +type SecretsStoreCSIDriverConfigSpecApplyConfiguration struct { + // secretRotation controls automatic secret rotation behavior. + // When omitted, secret rotation is enabled with a default poll interval of 2 minutes. + SecretRotation *SecretsStoreSecretRotationApplyConfiguration `json:"secretRotation,omitempty"` + // tokenRequests controls service account token configuration for + // workload identity federation (WIF) with cloud providers. + // When omitted, the operator preserves any existing tokenRequests + // already configured on the CSIDriver object without modification. + TokenRequests *SecretsStoreTokenRequestsApplyConfiguration `json:"tokenRequests,omitempty"` +} + +// SecretsStoreCSIDriverConfigSpecApplyConfiguration constructs a declarative configuration of the SecretsStoreCSIDriverConfigSpec type for use with +// apply. +func SecretsStoreCSIDriverConfigSpec() *SecretsStoreCSIDriverConfigSpecApplyConfiguration { + return &SecretsStoreCSIDriverConfigSpecApplyConfiguration{} +} + +// WithSecretRotation sets the SecretRotation field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the SecretRotation field is set to the value of the last call. +func (b *SecretsStoreCSIDriverConfigSpecApplyConfiguration) WithSecretRotation(value *SecretsStoreSecretRotationApplyConfiguration) *SecretsStoreCSIDriverConfigSpecApplyConfiguration { + b.SecretRotation = value + return b +} + +// WithTokenRequests sets the TokenRequests field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the TokenRequests field is set to the value of the last call. +func (b *SecretsStoreCSIDriverConfigSpecApplyConfiguration) WithTokenRequests(value *SecretsStoreTokenRequestsApplyConfiguration) *SecretsStoreCSIDriverConfigSpecApplyConfiguration { + b.TokenRequests = value + return b +} diff --git a/operator/applyconfigurations/operator/v1/secretsstoresecretrotation.go b/operator/applyconfigurations/operator/v1/secretsstoresecretrotation.go new file mode 100644 index 000000000..0624fe9c6 --- /dev/null +++ b/operator/applyconfigurations/operator/v1/secretsstoresecretrotation.go @@ -0,0 +1,46 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +import ( + operatorv1 "github.com/openshift/api/operator/v1" +) + +// SecretsStoreSecretRotationApplyConfiguration represents a declarative configuration of the SecretsStoreSecretRotation type for use +// with apply. +// +// SecretsStoreSecretRotation configures the automatic secret rotation behavior +// for the Secrets Store CSI driver. +type SecretsStoreSecretRotationApplyConfiguration struct { + // type determines the secret rotation behavior. + // When "None", secret rotation is disabled and secrets are only fetched at + // initial pod mount time. + // When "Custom", secret rotation is enabled with the configuration specified + // in the custom field. + Type *operatorv1.SecretRotationType `json:"type,omitempty"` + // custom holds the custom rotation configuration. + // Only valid when type is "Custom". + Custom *CustomSecretRotationApplyConfiguration `json:"custom,omitempty"` +} + +// SecretsStoreSecretRotationApplyConfiguration constructs a declarative configuration of the SecretsStoreSecretRotation type for use with +// apply. +func SecretsStoreSecretRotation() *SecretsStoreSecretRotationApplyConfiguration { + return &SecretsStoreSecretRotationApplyConfiguration{} +} + +// WithType sets the Type field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Type field is set to the value of the last call. +func (b *SecretsStoreSecretRotationApplyConfiguration) WithType(value operatorv1.SecretRotationType) *SecretsStoreSecretRotationApplyConfiguration { + b.Type = &value + return b +} + +// WithCustom sets the Custom field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Custom field is set to the value of the last call. +func (b *SecretsStoreSecretRotationApplyConfiguration) WithCustom(value *CustomSecretRotationApplyConfiguration) *SecretsStoreSecretRotationApplyConfiguration { + b.Custom = value + return b +} diff --git a/operator/applyconfigurations/operator/v1/secretsstoretokenrequest.go b/operator/applyconfigurations/operator/v1/secretsstoretokenrequest.go new file mode 100644 index 000000000..b8eb7597f --- /dev/null +++ b/operator/applyconfigurations/operator/v1/secretsstoretokenrequest.go @@ -0,0 +1,41 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +// SecretsStoreTokenRequestApplyConfiguration represents a declarative configuration of the SecretsStoreTokenRequest type for use +// with apply. +// +// SecretsStoreTokenRequest specifies a service account token audience configuration +// for workload identity federation (WIF) with the Secrets Store CSI driver. +type SecretsStoreTokenRequestApplyConfiguration struct { + // audience is the intended audience of the service account token. + // An empty string means the issued token will use the kube-apiserver's default APIAudiences. + Audience *string `json:"audience,omitempty"` + // expirationSeconds is the requested duration of validity of the service account token. + // The token issuer may return a token with a different validity duration. + // When omitted, the token expiration is determined by the kube-apiserver. + // Must be at least 600 seconds (10 minutes) and no more than 315360000 seconds (~10 years). + ExpirationSeconds *int32 `json:"expirationSeconds,omitempty"` +} + +// SecretsStoreTokenRequestApplyConfiguration constructs a declarative configuration of the SecretsStoreTokenRequest type for use with +// apply. +func SecretsStoreTokenRequest() *SecretsStoreTokenRequestApplyConfiguration { + return &SecretsStoreTokenRequestApplyConfiguration{} +} + +// WithAudience sets the Audience field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Audience field is set to the value of the last call. +func (b *SecretsStoreTokenRequestApplyConfiguration) WithAudience(value string) *SecretsStoreTokenRequestApplyConfiguration { + b.Audience = &value + return b +} + +// WithExpirationSeconds sets the ExpirationSeconds field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ExpirationSeconds field is set to the value of the last call. +func (b *SecretsStoreTokenRequestApplyConfiguration) WithExpirationSeconds(value int32) *SecretsStoreTokenRequestApplyConfiguration { + b.ExpirationSeconds = &value + return b +} diff --git a/operator/applyconfigurations/operator/v1/secretsstoretokenrequests.go b/operator/applyconfigurations/operator/v1/secretsstoretokenrequests.go new file mode 100644 index 000000000..ea9ac415d --- /dev/null +++ b/operator/applyconfigurations/operator/v1/secretsstoretokenrequests.go @@ -0,0 +1,47 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +import ( + operatorv1 "github.com/openshift/api/operator/v1" +) + +// SecretsStoreTokenRequestsApplyConfiguration represents a declarative configuration of the SecretsStoreTokenRequests type for use +// with apply. +// +// SecretsStoreTokenRequests configures how service account tokens are +// provided to the Secrets Store CSI driver for workload identity federation. +type SecretsStoreTokenRequestsApplyConfiguration struct { + // type determines how the operator manages tokenRequests on the CSIDriver object. + // When "Unmanaged", existing tokenRequests on the CSIDriver are preserved + // and the managed field is not used. + // When "Managed", the operator sets tokenRequests from the audiences + // specified in the managed field, replacing any previously configured values. + // Once set to "Managed", type cannot be reverted back to "Unmanaged". + Type *operatorv1.TokenRequestsType `json:"type,omitempty"` + // managed holds configuration for operator-managed tokenRequests. + // Only valid when type is "Managed". + Managed *ManagedTokenRequestsApplyConfiguration `json:"managed,omitempty"` +} + +// SecretsStoreTokenRequestsApplyConfiguration constructs a declarative configuration of the SecretsStoreTokenRequests type for use with +// apply. +func SecretsStoreTokenRequests() *SecretsStoreTokenRequestsApplyConfiguration { + return &SecretsStoreTokenRequestsApplyConfiguration{} +} + +// WithType sets the Type field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Type field is set to the value of the last call. +func (b *SecretsStoreTokenRequestsApplyConfiguration) WithType(value operatorv1.TokenRequestsType) *SecretsStoreTokenRequestsApplyConfiguration { + b.Type = &value + return b +} + +// WithManaged sets the Managed field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Managed field is set to the value of the last call. +func (b *SecretsStoreTokenRequestsApplyConfiguration) WithManaged(value *ManagedTokenRequestsApplyConfiguration) *SecretsStoreTokenRequestsApplyConfiguration { + b.Managed = value + return b +} diff --git a/operator/applyconfigurations/utils.go b/operator/applyconfigurations/utils.go index b2c32f4cd..cd03dd84d 100644 --- a/operator/applyconfigurations/utils.go +++ b/operator/applyconfigurations/utils.go @@ -110,6 +110,8 @@ func ForKind(kind schema.GroupVersionKind) interface{} { return &operatorv1.CSISnapshotControllerSpecApplyConfiguration{} case v1.SchemeGroupVersion.WithKind("CSISnapshotControllerStatus"): return &operatorv1.CSISnapshotControllerStatusApplyConfiguration{} + case v1.SchemeGroupVersion.WithKind("CustomSecretRotation"): + return &operatorv1.CustomSecretRotationApplyConfiguration{} case v1.SchemeGroupVersion.WithKind("DefaultNetworkDefinition"): return &operatorv1.DefaultNetworkDefinitionApplyConfiguration{} case v1.SchemeGroupVersion.WithKind("DeveloperConsoleCatalogCategory"): @@ -282,6 +284,8 @@ func ForKind(kind schema.GroupVersionKind) interface{} { return &operatorv1.MachineManagerSelectorApplyConfiguration{} case v1.SchemeGroupVersion.WithKind("ManagedBootImages"): return &operatorv1.ManagedBootImagesApplyConfiguration{} + case v1.SchemeGroupVersion.WithKind("ManagedTokenRequests"): + return &operatorv1.ManagedTokenRequestsApplyConfiguration{} case v1.SchemeGroupVersion.WithKind("MTUMigration"): return &operatorv1.MTUMigrationApplyConfiguration{} case v1.SchemeGroupVersion.WithKind("MTUMigrationValues"): @@ -386,6 +390,14 @@ func ForKind(kind schema.GroupVersionKind) interface{} { return &operatorv1.RestartServiceApplyConfiguration{} case v1.SchemeGroupVersion.WithKind("RouteAdmissionPolicy"): return &operatorv1.RouteAdmissionPolicyApplyConfiguration{} + case v1.SchemeGroupVersion.WithKind("SecretsStoreCSIDriverConfigSpec"): + return &operatorv1.SecretsStoreCSIDriverConfigSpecApplyConfiguration{} + case v1.SchemeGroupVersion.WithKind("SecretsStoreSecretRotation"): + return &operatorv1.SecretsStoreSecretRotationApplyConfiguration{} + case v1.SchemeGroupVersion.WithKind("SecretsStoreTokenRequest"): + return &operatorv1.SecretsStoreTokenRequestApplyConfiguration{} + case v1.SchemeGroupVersion.WithKind("SecretsStoreTokenRequests"): + return &operatorv1.SecretsStoreTokenRequestsApplyConfiguration{} case v1.SchemeGroupVersion.WithKind("Server"): return &operatorv1.ServerApplyConfiguration{} case v1.SchemeGroupVersion.WithKind("ServiceAccountIssuerStatus"): diff --git a/vendor/github.com/openshift/api/config/v1/types_cluster_version.go b/vendor/github.com/openshift/api/config/v1/types_cluster_version.go index f8d45114a..9cb85f4c0 100644 --- a/vendor/github.com/openshift/api/config/v1/types_cluster_version.go +++ b/vendor/github.com/openshift/api/config/v1/types_cluster_version.go @@ -18,7 +18,8 @@ import ( // +kubebuilder:object:root=true // +kubebuilder:subresource:status // +kubebuilder:resource:path=clusterversions,scope=Cluster -// +kubebuilder:validation:XValidation:rule="has(self.spec.capabilities) && has(self.spec.capabilities.additionalEnabledCapabilities) && self.spec.capabilities.baselineCapabilitySet == 'None' && 'marketplace' in self.spec.capabilities.additionalEnabledCapabilities ? 'OperatorLifecycleManager' in self.spec.capabilities.additionalEnabledCapabilities || (has(self.status) && has(self.status.capabilities) && has(self.status.capabilities.enabledCapabilities) && 'OperatorLifecycleManager' in self.status.capabilities.enabledCapabilities) : true",message="the `marketplace` capability requires the `OperatorLifecycleManager` capability, which is neither explicitly or implicitly enabled in this cluster, please enable the `OperatorLifecycleManager` capability" +// +openshift:validation:FeatureGateAwareXValidation:featureGate="";CRDCompatibilityRequirementOperator;ClusterAPIMachineManagement,rule="has(self.spec.capabilities) && has(self.spec.capabilities.additionalEnabledCapabilities) && self.spec.capabilities.baselineCapabilitySet == 'None' && 'marketplace' in self.spec.capabilities.additionalEnabledCapabilities ? 'OperatorLifecycleManager' in self.spec.capabilities.additionalEnabledCapabilities || (has(self.status) && has(self.status.capabilities) && has(self.status.capabilities.enabledCapabilities) && 'OperatorLifecycleManager' in self.status.capabilities.enabledCapabilities) : true",message="the `marketplace` capability requires the `OperatorLifecycleManager` capability, which is neither explicitly or implicitly enabled in this cluster, please enable the `OperatorLifecycleManager` capability" +// +openshift:validation:FeatureGateAwareXValidation:requiredFeatureGate=CRDCompatibilityRequirementOperator;ClusterAPIMachineManagement,rule="has(self.spec.capabilities) && has(self.spec.capabilities.additionalEnabledCapabilities) && 'ClusterAPI' in self.spec.capabilities.additionalEnabledCapabilities ? 'CompatibilityRequirements' in self.spec.capabilities.additionalEnabledCapabilities || (has(self.status) && has(self.status.capabilities) && has(self.status.capabilities.enabledCapabilities) && 'CompatibilityRequirements' in self.status.capabilities.enabledCapabilities) : true",message="the `ClusterAPI` capability requires the `CompatibilityRequirements` capability, which is neither explicitly or implicitly enabled in this cluster, please enable the `CompatibilityRequirements` capability" // +kubebuilder:printcolumn:name=Version,JSONPath=.status.history[?(@.state=="Completed")].version,type=string // +kubebuilder:printcolumn:name=Available,JSONPath=.status.conditions[?(@.type=="Available")].status,type=string // +kubebuilder:printcolumn:name=Progressing,JSONPath=.status.conditions[?(@.type=="Progressing")].status,type=string @@ -304,7 +305,10 @@ const ( ) // ClusterVersionCapability enumerates optional, core cluster components. -// +kubebuilder:validation:Enum=openshift-samples;baremetal;marketplace;Console;Insights;Storage;CSISnapshot;NodeTuning;MachineAPI;Build;DeploymentConfig;ImageRegistry;OperatorLifecycleManager;CloudCredential;Ingress;CloudControllerManager;OperatorLifecycleManagerV1 +// +openshift:validation:FeatureGateAwareEnum:featureGate="",enum=openshift-samples;baremetal;marketplace;Console;Insights;Storage;CSISnapshot;NodeTuning;MachineAPI;Build;DeploymentConfig;ImageRegistry;OperatorLifecycleManager;CloudCredential;Ingress;CloudControllerManager;OperatorLifecycleManagerV1 +// +openshift:validation:FeatureGateAwareEnum:featureGate=CRDCompatibilityRequirementOperator,enum=openshift-samples;baremetal;marketplace;Console;Insights;Storage;CSISnapshot;NodeTuning;MachineAPI;Build;DeploymentConfig;ImageRegistry;OperatorLifecycleManager;CloudCredential;Ingress;CloudControllerManager;OperatorLifecycleManagerV1;CompatibilityRequirements +// +openshift:validation:FeatureGateAwareEnum:featureGate=ClusterAPIMachineManagement,enum=openshift-samples;baremetal;marketplace;Console;Insights;Storage;CSISnapshot;NodeTuning;MachineAPI;Build;DeploymentConfig;ImageRegistry;OperatorLifecycleManager;CloudCredential;Ingress;CloudControllerManager;OperatorLifecycleManagerV1;CompatibilityRequirements;ClusterAPI +// +openshift:validation:FeatureGateAwareEnum:requiredFeatureGate=CRDCompatibilityRequirementOperator;ClusterAPIMachineManagement,enum=openshift-samples;baremetal;marketplace;Console;Insights;Storage;CSISnapshot;NodeTuning;MachineAPI;Build;DeploymentConfig;ImageRegistry;OperatorLifecycleManager;CloudCredential;Ingress;CloudControllerManager;OperatorLifecycleManagerV1;CompatibilityRequirements;ClusterAPI type ClusterVersionCapability string const ( @@ -425,6 +429,19 @@ const ( // Managers deployed on top of OpenShift. They help you to work with cloud // provider API and embeds cloud-specific control logic. ClusterVersionCapabilityCloudControllerManager ClusterVersionCapability = "CloudControllerManager" + + // ClusterVersionCapabilityCompatibilityRequirements manages the Compatibility + // Requirements operator which enforces CRD compatibility constraints via + // validating webhooks. + ClusterVersionCapabilityCompatibilityRequirements ClusterVersionCapability = "CompatibilityRequirements" + + // ClusterVersionCapabilityClusterAPI manages the Cluster API operator and + // controllers which provide forward-compatible machine management for + // OpenShift clusters. + // + // Note that Cluster API has a hard requirement on CompatibilityRequirements. + // CompatibilityRequirements cannot be disabled while Cluster API is enabled. + ClusterVersionCapabilityClusterAPI ClusterVersionCapability = "ClusterAPI" ) // KnownClusterVersionCapabilities includes all known optional, core cluster components. @@ -446,6 +463,8 @@ var KnownClusterVersionCapabilities = []ClusterVersionCapability{ ClusterVersionCapabilityCloudCredential, ClusterVersionCapabilityIngress, ClusterVersionCapabilityCloudControllerManager, + ClusterVersionCapabilityCompatibilityRequirements, + ClusterVersionCapabilityClusterAPI, } // ClusterVersionCapabilitySet defines sets of cluster version capabilities. @@ -644,6 +663,8 @@ var ClusterVersionCapabilitySets = map[ClusterVersionCapabilitySet][]ClusterVers ClusterVersionCapabilityCloudCredential, ClusterVersionCapabilityIngress, ClusterVersionCapabilityCloudControllerManager, + ClusterVersionCapabilityCompatibilityRequirements, + ClusterVersionCapabilityClusterAPI, }, } diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml b/vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml index 13635bff4..a065c1cf2 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml @@ -145,6 +145,9 @@ clusterversions.config.openshift.io: Capability: "" Category: "" FeatureGates: + - CRDCompatibilityRequirementOperator + - CRDCompatibilityRequirementOperator+ClusterAPIMachineManagement + - ClusterAPIMachineManagement - ClusterUpdateAcceptRisks - ClusterUpdatePreflight - ImageStreamImportMode diff --git a/vendor/github.com/openshift/api/openapi/openapi.json b/vendor/github.com/openshift/api/openapi/openapi.json index cb93e4c72..747379812 100644 --- a/vendor/github.com/openshift/api/openapi/openapi.json +++ b/vendor/github.com/openshift/api/openapi/openapi.json @@ -35631,6 +35631,10 @@ "type": "string", "default": "" }, + "nodeUID": { + "description": "nodeUID is the UID of the node. This field is used to detect that a node has been deleted and recreated with the same name. When the UID changes, it indicates the node is a new instance and the status should be reset.", + "type": "string" + }, "targetRevision": { "description": "targetRevision is the generation of the deployment we're trying to apply. Can not be set on creation of a nodeStatus.", "type": "integer", diff --git a/vendor/github.com/openshift/api/operator/v1/types.go b/vendor/github.com/openshift/api/operator/v1/types.go index 3a2141abb..5e4e49daf 100644 --- a/vendor/github.com/openshift/api/operator/v1/types.go +++ b/vendor/github.com/openshift/api/operator/v1/types.go @@ -3,6 +3,7 @@ package v1 import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/types" ) // MyOperatorResource is an example operator configuration type @@ -266,6 +267,12 @@ type NodeStatus struct { // +required NodeName string `json:"nodeName"` + // nodeUID is the UID of the node. + // This field is used to detect that a node has been deleted and recreated with the same name. + // When the UID changes, it indicates the node is a new instance and the status should be reset. + // +optional + NodeUID types.UID `json:"nodeUID,omitempty"` + // currentRevision is the generation of the most recently successful deployment. // Can not be set on creation of a nodeStatus. Updates must only increase the value. // +kubebuilder:validation:XValidation:rule="self >= oldSelf",message="must only increase" diff --git a/vendor/github.com/openshift/api/operator/v1/types_csi_cluster_driver.go b/vendor/github.com/openshift/api/operator/v1/types_csi_cluster_driver.go index 52f5db78d..51ecab70c 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_csi_cluster_driver.go +++ b/vendor/github.com/openshift/api/operator/v1/types_csi_cluster_driver.go @@ -21,6 +21,9 @@ import ( // +kubebuilder:subresource:status // +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/701 // +openshift:file-pattern=cvoRunLevel=0000_50,operatorName=csi-driver,operatorOrdering=01 +// +kubebuilder:validation:XValidation:rule="self.spec.?driverConfig.driverType.orValue('') == 'SecretsStore' ? self.metadata.name == 'secrets-store.csi.k8s.io' : true",message="driverType 'SecretsStore' requires metadata.name 'secrets-store.csi.k8s.io'" +// +kubebuilder:validation:XValidation:rule="self.metadata.name == 'secrets-store.csi.k8s.io' ? (!has(self.spec.driverConfig) || self.spec.driverConfig.driverType == 'SecretsStore') : true",message="metadata.name 'secrets-store.csi.k8s.io' requires driverType 'SecretsStore'" +// +kubebuilder:validation:XValidation:rule="oldSelf.spec.?driverConfig.?secretsStore.?tokenRequests.?type.orValue('') != 'Managed' || self.spec.?driverConfig.?secretsStore.?tokenRequests.?type.orValue('') == 'Managed'",message="tokenRequests type cannot be changed from Managed" // ClusterCSIDriver object allows management and configuration of a CSI driver operator // installed by default in OpenShift. Name of the object must be name of the CSI driver @@ -113,25 +116,27 @@ type ClusterCSIDriverSpec struct { } // CSIDriverType indicates type of CSI driver being configured. -// +kubebuilder:validation:Enum="";AWS;Azure;GCP;IBMCloud;vSphere +// +kubebuilder:validation:Enum="";AWS;Azure;GCP;IBMCloud;vSphere;SecretsStore type CSIDriverType string const ( - AWSDriverType CSIDriverType = "AWS" - AzureDriverType CSIDriverType = "Azure" - GCPDriverType CSIDriverType = "GCP" - IBMCloudDriverType CSIDriverType = "IBMCloud" - VSphereDriverType CSIDriverType = "vSphere" + AWSDriverType CSIDriverType = "AWS" + AzureDriverType CSIDriverType = "Azure" + GCPDriverType CSIDriverType = "GCP" + IBMCloudDriverType CSIDriverType = "IBMCloud" + VSphereDriverType CSIDriverType = "vSphere" + SecretsStoreDriverType CSIDriverType = "SecretsStore" ) // CSIDriverConfigSpec defines configuration spec that can be // used to optionally configure a specific CSI Driver. // +kubebuilder:validation:XValidation:rule="has(self.driverType) && self.driverType == 'IBMCloud' ? has(self.ibmcloud) : !has(self.ibmcloud)",message="ibmcloud must be set if driverType is 'IBMCloud', but remain unset otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.driverType) && self.driverType == 'SecretsStore' ? has(self.secretsStore) : !has(self.secretsStore)",message="secretsStore must be set if driverType is 'SecretsStore', but remain unset otherwise" // +union type CSIDriverConfigSpec struct { // driverType indicates type of CSI driver for which the // driverConfig is being applied to. - // Valid values are: AWS, Azure, GCP, IBMCloud, vSphere and omitted. + // Valid values are: AWS, Azure, GCP, IBMCloud, vSphere, SecretsStore and omitted. // Consumers should treat unknown values as a NO-OP. // +required // +unionDiscriminator @@ -156,6 +161,10 @@ type CSIDriverConfigSpec struct { // vSphere is used to configure the vsphere CSI driver. // +optional VSphere *VSphereCSIDriverConfigSpec `json:"vSphere,omitempty"` + + // secretsStore is used to configure the Secrets Store CSI driver. + // +optional + SecretsStore SecretsStoreCSIDriverConfigSpec `json:"secretsStore,omitzero"` } // AWSCSIDriverConfigSpec defines properties that can be configured for the AWS CSI driver. @@ -389,6 +398,146 @@ type VSphereCSIDriverConfigSpec struct { MaxAllowedBlockVolumesPerNode int32 `json:"maxAllowedBlockVolumesPerNode,omitempty"` } +// SecretsStoreCSIDriverConfigSpec defines properties that can be configured for the Secrets Store CSI driver. +// +kubebuilder:validation:MinProperties=1 +type SecretsStoreCSIDriverConfigSpec struct { + // secretRotation controls automatic secret rotation behavior. + // When omitted, secret rotation is enabled with a default poll interval of 2 minutes. + // +optional + SecretRotation SecretsStoreSecretRotation `json:"secretRotation,omitzero"` + + // tokenRequests controls service account token configuration for + // workload identity federation (WIF) with cloud providers. + // When omitted, the operator preserves any existing tokenRequests + // already configured on the CSIDriver object without modification. + // +optional + TokenRequests SecretsStoreTokenRequests `json:"tokenRequests,omitzero"` +} + +// TokenRequestsType determines how the operator manages the tokenRequests +// field on the storage.k8s.io CSIDriver object. +// +kubebuilder:validation:Enum=Managed;Unmanaged +type TokenRequestsType string + +const ( + // TokenRequestsManaged means the operator uses the audiences list + // as the sole source of truth for the CSIDriver.spec.tokenRequests field. + TokenRequestsManaged TokenRequestsType = "Managed" + + // TokenRequestsUnmanaged means the operator preserves any existing + // tokenRequests already configured on the CSIDriver object and does not + // overwrite them. + TokenRequestsUnmanaged TokenRequestsType = "Unmanaged" +) + +// SecretsStoreTokenRequests configures how service account tokens are +// provided to the Secrets Store CSI driver for workload identity federation. +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'Managed' ? has(self.managed) : !has(self.managed)",message="managed must be set when type is 'Managed', and must not be set otherwise" +// +union +type SecretsStoreTokenRequests struct { + // type determines how the operator manages tokenRequests on the CSIDriver object. + // When "Unmanaged", existing tokenRequests on the CSIDriver are preserved + // and the managed field is not used. + // When "Managed", the operator sets tokenRequests from the audiences + // specified in the managed field, replacing any previously configured values. + // Once set to "Managed", type cannot be reverted back to "Unmanaged". + // +unionDiscriminator + // +required + Type TokenRequestsType `json:"type,omitempty"` + + // managed holds configuration for operator-managed tokenRequests. + // Only valid when type is "Managed". + // +optional + Managed ManagedTokenRequests `json:"managed,omitzero"` +} + +// ManagedTokenRequests holds the configuration for operator-managed +// service account token requests. +// +kubebuilder:validation:MinProperties=1 +type ManagedTokenRequests struct { + // audiences specifies service account token audiences that kubelet will + // provide to the CSI driver during NodePublishVolume calls. These tokens + // enable workload identity federation (WIF) with cloud providers such as + // AWS, Azure, and GCP. + // When empty, the operator clears all tokenRequests from the CSIDriver object. + // +optional + // +listType=map + // +listMapKey=audience + // +kubebuilder:validation:MinItems=0 + // +kubebuilder:validation:MaxItems=10 + Audiences *[]SecretsStoreTokenRequest `json:"audiences,omitempty"` +} + +// SecretRotationType determines the secret rotation behavior for the +// Secrets Store CSI driver. +// +kubebuilder:validation:Enum=None;Custom +type SecretRotationType string + +const ( + // SecretRotationNone disables automatic secret rotation. Secrets are only + // fetched at initial pod mount time. + SecretRotationNone SecretRotationType = "None" + + // SecretRotationCustom enables automatic secret rotation with the + // configuration specified in the custom field. + SecretRotationCustom SecretRotationType = "Custom" +) + +// SecretsStoreSecretRotation configures the automatic secret rotation behavior +// for the Secrets Store CSI driver. +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'Custom' ? has(self.custom) : !has(self.custom)",message="custom must be set when type is 'Custom', and must not be set otherwise" +// +union +type SecretsStoreSecretRotation struct { + // type determines the secret rotation behavior. + // When "None", secret rotation is disabled and secrets are only fetched at + // initial pod mount time. + // When "Custom", secret rotation is enabled with the configuration specified + // in the custom field. + // +unionDiscriminator + // +required + Type SecretRotationType `json:"type,omitempty"` + + // custom holds the custom rotation configuration. + // Only valid when type is "Custom". + // +optional + Custom CustomSecretRotation `json:"custom,omitzero"` +} + +// CustomSecretRotation holds configuration for custom secret rotation behavior. +// +kubebuilder:validation:MinProperties=1 +type CustomSecretRotation struct { + // rotationPollIntervalSeconds is the minimum time in seconds between secret + // rotation attempts. The driver skips provider calls if less than this interval + // has elapsed since the last successful rotation. + // Must be at least 1 second and no more than 31560000 seconds (~1 year). + // When omitted, this means no opinion and the platform is left to choose a + // reasonable default, which is subject to change over time. + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=31560000 + // +optional + RotationPollIntervalSeconds int32 `json:"rotationPollIntervalSeconds,omitempty"` +} + +// SecretsStoreTokenRequest specifies a service account token audience configuration +// for workload identity federation (WIF) with the Secrets Store CSI driver. +type SecretsStoreTokenRequest struct { + // audience is the intended audience of the service account token. + // An empty string means the issued token will use the kube-apiserver's default APIAudiences. + // +kubebuilder:validation:MinLength=0 + // +kubebuilder:validation:MaxLength=253 + // +required + Audience *string `json:"audience,omitempty"` + + // expirationSeconds is the requested duration of validity of the service account token. + // The token issuer may return a token with a different validity duration. + // When omitted, the token expiration is determined by the kube-apiserver. + // Must be at least 600 seconds (10 minutes) and no more than 315360000 seconds (~10 years). + // +kubebuilder:validation:Minimum=600 + // +kubebuilder:validation:Maximum=315360000 + // +optional + ExpirationSeconds int32 `json:"expirationSeconds,omitempty"` +} + // ClusterCSIDriverStatus is the observed status of CSI driver operator type ClusterCSIDriverStatus struct { OperatorStatus `json:",inline"` diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go index b39071949..0a6726b19 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go @@ -469,6 +469,7 @@ func (in *CSIDriverConfigSpec) DeepCopyInto(out *CSIDriverConfigSpec) { *out = new(VSphereCSIDriverConfigSpec) (*in).DeepCopyInto(*out) } + in.SecretsStore.DeepCopyInto(&out.SecretsStore) return } @@ -1180,6 +1181,22 @@ func (in *ContainerLoggingDestinationParameters) DeepCopy() *ContainerLoggingDes return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CustomSecretRotation) DeepCopyInto(out *CustomSecretRotation) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CustomSecretRotation. +func (in *CustomSecretRotation) DeepCopy() *CustomSecretRotation { + if in == nil { + return nil + } + out := new(CustomSecretRotation) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *DNS) DeepCopyInto(out *DNS) { *out = *in @@ -3473,6 +3490,33 @@ func (in *ManagedBootImages) DeepCopy() *ManagedBootImages { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ManagedTokenRequests) DeepCopyInto(out *ManagedTokenRequests) { + *out = *in + if in.Audiences != nil { + in, out := &in.Audiences, &out.Audiences + *out = new([]SecretsStoreTokenRequest) + if **in != nil { + in, out := *in, *out + *out = make([]SecretsStoreTokenRequest, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagedTokenRequests. +func (in *ManagedTokenRequests) DeepCopy() *ManagedTokenRequests { + if in == nil { + return nil + } + out := new(ManagedTokenRequests) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *MyOperatorResource) DeepCopyInto(out *MyOperatorResource) { *out = *in @@ -4912,6 +4956,79 @@ func (in *SFlowConfig) DeepCopy() *SFlowConfig { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SecretsStoreCSIDriverConfigSpec) DeepCopyInto(out *SecretsStoreCSIDriverConfigSpec) { + *out = *in + out.SecretRotation = in.SecretRotation + in.TokenRequests.DeepCopyInto(&out.TokenRequests) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretsStoreCSIDriverConfigSpec. +func (in *SecretsStoreCSIDriverConfigSpec) DeepCopy() *SecretsStoreCSIDriverConfigSpec { + if in == nil { + return nil + } + out := new(SecretsStoreCSIDriverConfigSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SecretsStoreSecretRotation) DeepCopyInto(out *SecretsStoreSecretRotation) { + *out = *in + out.Custom = in.Custom + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretsStoreSecretRotation. +func (in *SecretsStoreSecretRotation) DeepCopy() *SecretsStoreSecretRotation { + if in == nil { + return nil + } + out := new(SecretsStoreSecretRotation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SecretsStoreTokenRequest) DeepCopyInto(out *SecretsStoreTokenRequest) { + *out = *in + if in.Audience != nil { + in, out := &in.Audience, &out.Audience + *out = new(string) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretsStoreTokenRequest. +func (in *SecretsStoreTokenRequest) DeepCopy() *SecretsStoreTokenRequest { + if in == nil { + return nil + } + out := new(SecretsStoreTokenRequest) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SecretsStoreTokenRequests) DeepCopyInto(out *SecretsStoreTokenRequests) { + *out = *in + in.Managed.DeepCopyInto(&out.Managed) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretsStoreTokenRequests. +func (in *SecretsStoreTokenRequests) DeepCopy() *SecretsStoreTokenRequests { + if in == nil { + return nil + } + out := new(SecretsStoreTokenRequests) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Server) DeepCopyInto(out *Server) { *out = *in diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.model_name.go b/vendor/github.com/openshift/api/operator/v1/zz_generated.model_name.go index 8c48ad4bc..c6a047d2c 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.model_name.go +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.model_name.go @@ -265,6 +265,11 @@ func (in ContainerLoggingDestinationParameters) OpenAPIModelName() string { return "com.github.openshift.api.operator.v1.ContainerLoggingDestinationParameters" } +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in CustomSecretRotation) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.CustomSecretRotation" +} + // OpenAPIModelName returns the OpenAPI model name for this type. func (in DNS) OpenAPIModelName() string { return "com.github.openshift.api.operator.v1.DNS" @@ -750,6 +755,11 @@ func (in ManagedBootImages) OpenAPIModelName() string { return "com.github.openshift.api.operator.v1.ManagedBootImages" } +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ManagedTokenRequests) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.ManagedTokenRequests" +} + // OpenAPIModelName returns the OpenAPI model name for this type. func (in MyOperatorResource) OpenAPIModelName() string { return "com.github.openshift.api.operator.v1.MyOperatorResource" @@ -1040,6 +1050,26 @@ func (in SFlowConfig) OpenAPIModelName() string { return "com.github.openshift.api.operator.v1.SFlowConfig" } +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in SecretsStoreCSIDriverConfigSpec) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.SecretsStoreCSIDriverConfigSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in SecretsStoreSecretRotation) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.SecretsStoreSecretRotation" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in SecretsStoreTokenRequest) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.SecretsStoreTokenRequest" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in SecretsStoreTokenRequests) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.SecretsStoreTokenRequests" +} + // OpenAPIModelName returns the OpenAPI model name for this type. func (in Server) OpenAPIModelName() string { return "com.github.openshift.api.operator.v1.Server" diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go index 038638551..e03d23913 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go @@ -37,6 +37,7 @@ func (MyOperatorResource) SwaggerDoc() map[string]string { var map_NodeStatus = map[string]string{ "": "NodeStatus provides information about the current state of a particular node managed by this operator.", "nodeName": "nodeName is the name of the node", + "nodeUID": "nodeUID is the UID of the node. This field is used to detect that a node has been deleted and recreated with the same name. When the UID changes, it indicates the node is a new instance and the status should be reset.", "currentRevision": "currentRevision is the generation of the most recently successful deployment. Can not be set on creation of a nodeStatus. Updates must only increase the value.", "targetRevision": "targetRevision is the generation of the deployment we're trying to apply. Can not be set on creation of a nodeStatus.", "lastFailedRevision": "lastFailedRevision is the generation of the deployment we tried and failed to deploy.", @@ -516,13 +517,14 @@ func (AzureDiskEncryptionSet) SwaggerDoc() map[string]string { } var map_CSIDriverConfigSpec = map[string]string{ - "": "CSIDriverConfigSpec defines configuration spec that can be used to optionally configure a specific CSI Driver.", - "driverType": "driverType indicates type of CSI driver for which the driverConfig is being applied to. Valid values are: AWS, Azure, GCP, IBMCloud, vSphere and omitted. Consumers should treat unknown values as a NO-OP.", - "aws": "aws is used to configure the AWS CSI driver.", - "azure": "azure is used to configure the Azure CSI driver.", - "gcp": "gcp is used to configure the GCP CSI driver.", - "ibmcloud": "ibmcloud is used to configure the IBM Cloud CSI driver.", - "vSphere": "vSphere is used to configure the vsphere CSI driver.", + "": "CSIDriverConfigSpec defines configuration spec that can be used to optionally configure a specific CSI Driver.", + "driverType": "driverType indicates type of CSI driver for which the driverConfig is being applied to. Valid values are: AWS, Azure, GCP, IBMCloud, vSphere, SecretsStore and omitted. Consumers should treat unknown values as a NO-OP.", + "aws": "aws is used to configure the AWS CSI driver.", + "azure": "azure is used to configure the Azure CSI driver.", + "gcp": "gcp is used to configure the GCP CSI driver.", + "ibmcloud": "ibmcloud is used to configure the IBM Cloud CSI driver.", + "vSphere": "vSphere is used to configure the vsphere CSI driver.", + "secretsStore": "secretsStore is used to configure the Secrets Store CSI driver.", } func (CSIDriverConfigSpec) SwaggerDoc() map[string]string { @@ -567,6 +569,15 @@ func (ClusterCSIDriverStatus) SwaggerDoc() map[string]string { return map_ClusterCSIDriverStatus } +var map_CustomSecretRotation = map[string]string{ + "": "CustomSecretRotation holds configuration for custom secret rotation behavior.", + "rotationPollIntervalSeconds": "rotationPollIntervalSeconds is the minimum time in seconds between secret rotation attempts. The driver skips provider calls if less than this interval has elapsed since the last successful rotation. Must be at least 1 second and no more than 31560000 seconds (~1 year). When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", +} + +func (CustomSecretRotation) SwaggerDoc() map[string]string { + return map_CustomSecretRotation +} + var map_GCPCSIDriverConfigSpec = map[string]string{ "": "GCPCSIDriverConfigSpec defines properties that can be configured for the GCP CSI driver.", "kmsKey": "kmsKey sets the cluster default storage class to encrypt volumes with customer-supplied encryption keys, rather than the default keys managed by GCP.", @@ -597,6 +608,55 @@ func (IBMCloudCSIDriverConfigSpec) SwaggerDoc() map[string]string { return map_IBMCloudCSIDriverConfigSpec } +var map_ManagedTokenRequests = map[string]string{ + "": "ManagedTokenRequests holds the configuration for operator-managed service account token requests.", + "audiences": "audiences specifies service account token audiences that kubelet will provide to the CSI driver during NodePublishVolume calls. These tokens enable workload identity federation (WIF) with cloud providers such as AWS, Azure, and GCP. When empty, the operator clears all tokenRequests from the CSIDriver object.", +} + +func (ManagedTokenRequests) SwaggerDoc() map[string]string { + return map_ManagedTokenRequests +} + +var map_SecretsStoreCSIDriverConfigSpec = map[string]string{ + "": "SecretsStoreCSIDriverConfigSpec defines properties that can be configured for the Secrets Store CSI driver.", + "secretRotation": "secretRotation controls automatic secret rotation behavior. When omitted, secret rotation is enabled with a default poll interval of 2 minutes.", + "tokenRequests": "tokenRequests controls service account token configuration for workload identity federation (WIF) with cloud providers. When omitted, the operator preserves any existing tokenRequests already configured on the CSIDriver object without modification.", +} + +func (SecretsStoreCSIDriverConfigSpec) SwaggerDoc() map[string]string { + return map_SecretsStoreCSIDriverConfigSpec +} + +var map_SecretsStoreSecretRotation = map[string]string{ + "": "SecretsStoreSecretRotation configures the automatic secret rotation behavior for the Secrets Store CSI driver.", + "type": "type determines the secret rotation behavior. When \"None\", secret rotation is disabled and secrets are only fetched at initial pod mount time. When \"Custom\", secret rotation is enabled with the configuration specified in the custom field.", + "custom": "custom holds the custom rotation configuration. Only valid when type is \"Custom\".", +} + +func (SecretsStoreSecretRotation) SwaggerDoc() map[string]string { + return map_SecretsStoreSecretRotation +} + +var map_SecretsStoreTokenRequest = map[string]string{ + "": "SecretsStoreTokenRequest specifies a service account token audience configuration for workload identity federation (WIF) with the Secrets Store CSI driver.", + "audience": "audience is the intended audience of the service account token. An empty string means the issued token will use the kube-apiserver's default APIAudiences.", + "expirationSeconds": "expirationSeconds is the requested duration of validity of the service account token. The token issuer may return a token with a different validity duration. When omitted, the token expiration is determined by the kube-apiserver. Must be at least 600 seconds (10 minutes) and no more than 315360000 seconds (~10 years).", +} + +func (SecretsStoreTokenRequest) SwaggerDoc() map[string]string { + return map_SecretsStoreTokenRequest +} + +var map_SecretsStoreTokenRequests = map[string]string{ + "": "SecretsStoreTokenRequests configures how service account tokens are provided to the Secrets Store CSI driver for workload identity federation.", + "type": "type determines how the operator manages tokenRequests on the CSIDriver object. When \"Unmanaged\", existing tokenRequests on the CSIDriver are preserved and the managed field is not used. When \"Managed\", the operator sets tokenRequests from the audiences specified in the managed field, replacing any previously configured values. Once set to \"Managed\", type cannot be reverted back to \"Unmanaged\".", + "managed": "managed holds configuration for operator-managed tokenRequests. Only valid when type is \"Managed\".", +} + +func (SecretsStoreTokenRequests) SwaggerDoc() map[string]string { + return map_SecretsStoreTokenRequests +} + var map_VSphereCSIDriverConfigSpec = map[string]string{ "": "VSphereCSIDriverConfigSpec defines properties that can be configured for vsphere CSI driver.", "topologyCategories": "topologyCategories indicates tag categories with which vcenter resources such as hostcluster or datacenter were tagged with. If cluster Infrastructure object has a topology, values specified in Infrastructure object will be used and modifications to topologyCategories will be rejected.", diff --git a/vendor/modules.txt b/vendor/modules.txt index 6ab58fd09..156491ca2 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -86,7 +86,7 @@ github.com/modern-go/reflect2 # github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 ## explicit github.com/munnerz/goautoneg -# github.com/openshift/api v0.0.0-20260619095050-5346161d1bf2 +# github.com/openshift/api v0.0.0-20260619095050-5346161d1bf2 => github.com/bhperry/openshift-api v0.0.0-20260625212444-6f322148aade ## explicit; go 1.25.0 github.com/openshift/api github.com/openshift/api/apiextensions @@ -564,3 +564,4 @@ sigs.k8s.io/structured-merge-diff/v6/value # sigs.k8s.io/yaml v1.6.0 ## explicit; go 1.22 sigs.k8s.io/yaml +# github.com/openshift/api => github.com/bhperry/openshift-api v0.0.0-20260625212444-6f322148aade